FIPS Product: YES FIPS Kernel: NO FIPS Mode: NO NSS DB directory: sql:/etc/ipsec.d Initializing NSS Opening NSS database "sql:/etc/ipsec.d" read-only NSS initialized NSS crypto library initialized FIPS HMAC integrity support [enabled] FIPS mode disabled for pluto daemon FIPS HMAC integrity verification self-test FAILED libcap-ng support [enabled] Linux audit support [enabled] Linux audit activated Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:8754 core dump dir: /tmp secrets file: /etc/ipsec.secrets leak-detective disabled NSS crypto [enabled] XAUTH PAM support [enabled] | libevent is using pluto's memory allocator Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) | libevent_malloc: new ptr-libevent@0x557c468ca4f0 size 40 | libevent_malloc: new ptr-libevent@0x557c468ca520 size 40 | libevent_malloc: new ptr-libevent@0x557c468cb7f0 size 40 | creating event base | libevent_malloc: new ptr-libevent@0x557c468cb7b0 size 56 | libevent_malloc: new ptr-libevent@0x557c468cb820 size 664 | libevent_malloc: new ptr-libevent@0x557c468cbac0 size 24 | libevent_malloc: new ptr-libevent@0x557c468be240 size 384 | libevent_malloc: new ptr-libevent@0x557c468cbae0 size 16 | libevent_malloc: new ptr-libevent@0x557c468cbb00 size 40 | libevent_malloc: new ptr-libevent@0x557c468cbb30 size 48 | libevent_realloc: new ptr-libevent@0x557c4684d370 size 256 | libevent_malloc: new ptr-libevent@0x557c468cbb70 size 16 | libevent_free: release ptr-libevent@0x557c468cb7b0 | libevent initialized | libevent_realloc: new ptr-libevent@0x557c468cbb90 size 64 | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds | init_nat_traversal() initialized with keep_alive=0s NAT-Traversal support [enabled] | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized | global one-shot timer EVENT_FREE_ROOT_CERTS initialized | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds | global one-shot timer EVENT_REVIVE_CONNS initialized | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds | encryption algorithm assertion checks | encryption algorithm AES_CCM_16, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 16, IKEv2 id: 16 | IKEv1 ESP ID id: 16 enum name: AES_CCM_C | IKEv2 ID id: 16 enum name: AES_CCM_C | encryption algorithm AES_CCM_12, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 15, IKEv2 id: 15 | IKEv1 ESP ID id: 15 enum name: AES_CCM_B | IKEv2 ID id: 15 enum name: AES_CCM_B | encryption algorithm AES_CCM_8, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 14, IKEv2 id: 14 | IKEv1 ESP ID id: 14 enum name: AES_CCM_A | IKEv2 ID id: 14 enum name: AES_CCM_A | encryption algorithm 3DES_CBC, IKEv1 OAKLEY id: 5, IKEv1 ESP_INFO id: 3, IKEv2 id: 3 | IKEv1 OAKLEY ID id: 5 enum name: 3DES_CBC | IKEv1 ESP ID id: 3 enum name: 3DES | IKEv2 ID id: 3 enum name: 3DES | encryption algorithm CAMELLIA_CTR, IKEv1 OAKLEY id: 24, IKEv1 ESP_INFO id: 24, IKEv2 id: 24 | IKEv1 OAKLEY ID id: 24 enum name: CAMELLIA_CTR | IKEv1 ESP ID id: 24 enum name: CAMELLIA_CTR | IKEv2 ID id: 24 enum name: CAMELLIA_CTR | encryption algorithm CAMELLIA_CBC, IKEv1 OAKLEY id: 8, IKEv1 ESP_INFO id: 22, IKEv2 id: 23 | IKEv1 OAKLEY ID id: 8 enum name: CAMELLIA_CBC | IKEv1 ESP ID id: 22 enum name: CAMELLIA | IKEv2 ID id: 23 enum name: CAMELLIA_CBC | encryption algorithm AES_GCM_16, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 20, IKEv2 id: 20 | IKEv1 ESP ID id: 20 enum name: AES_GCM_C | IKEv2 ID id: 20 enum name: AES_GCM_C | encryption algorithm AES_GCM_12, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 19, IKEv2 id: 19 | IKEv1 ESP ID id: 19 enum name: AES_GCM_B | IKEv2 ID id: 19 enum name: AES_GCM_B | encryption algorithm AES_GCM_8, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 18, IKEv2 id: 18 | IKEv1 ESP ID id: 18 enum name: AES_GCM_A | IKEv2 ID id: 18 enum name: AES_GCM_A | encryption algorithm AES_CTR, IKEv1 OAKLEY id: 13, IKEv1 ESP_INFO id: 13, IKEv2 id: 13 | IKEv1 OAKLEY ID id: 13 enum name: AES_CTR | IKEv1 ESP ID id: 13 enum name: AES_CTR | IKEv2 ID id: 13 enum name: AES_CTR | encryption algorithm AES_CBC, IKEv1 OAKLEY id: 7, IKEv1 ESP_INFO id: 12, IKEv2 id: 12 | IKEv1 OAKLEY ID id: 7 enum name: AES_CBC | IKEv1 ESP ID id: 12 enum name: AES | IKEv2 ID id: 12 enum name: AES_CBC | encryption algorithm SERPENT_CBC, IKEv1 OAKLEY id: 65004, IKEv1 ESP_INFO id: 252, IKEv2 id: 65004 | IKEv1 OAKLEY ID id: 65004 enum name: SERPENT_CBC | IKEv1 ESP ID id: 252 enum name: SERPENT | IKEv2 ID id: 65004 enum name: SERPENT_CBC | encryption algorithm TWOFISH_CBC, IKEv1 OAKLEY id: 65005, IKEv1 ESP_INFO id: 253, IKEv2 id: 65005 | IKEv1 OAKLEY ID id: 65005 enum name: TWOFISH_CBC | IKEv1 ESP ID id: 253 enum name: TWOFISH | IKEv2 ID id: 65005 enum name: TWOFISH_CBC | encryption algorithm TWOFISH_SSH, IKEv1 OAKLEY id: 65289, IKEv1 ESP_INFO id: -1, IKEv2 id: 65289 | IKEv1 OAKLEY ID id: 65289 enum name: TWOFISH_CBC_SSH | IKEv2 ID id: 65289 enum name: TWOFISH_CBC_SSH | encryption algorithm NULL_AUTH_AES_GMAC, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 23, IKEv2 id: 21 | IKEv1 ESP ID id: 23 enum name: NULL_AUTH_AES_GMAC | IKEv2 ID id: 21 enum name: NULL_AUTH_AES_GMAC | encryption algorithm NULL, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 11, IKEv2 id: 11 | IKEv1 ESP ID id: 11 enum name: NULL | IKEv2 ID id: 11 enum name: NULL | encryption algorithm CHACHA20_POLY1305, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: -1, IKEv2 id: 28 | IKEv2 ID id: 28 enum name: CHACHA20_POLY1305 Encryption algorithms: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac NULL IKEv1: ESP IKEv2: ESP [] CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 | hash algorithm assertion checks | hash algorithm MD5, IKEv1 OAKLEY id: 1, IKEv1 ESP_INFO id: -1, IKEv2 id: -1 | IKEv1 OAKLEY ID id: 1 enum name: MD5 | hash algorithm SHA1, IKEv1 OAKLEY id: 2, IKEv1 ESP_INFO id: -1, IKEv2 id: -1 | IKEv1 OAKLEY ID id: 2 enum name: SHA1 | hash algorithm SHA2_256, IKEv1 OAKLEY id: 4, IKEv1 ESP_INFO id: -1, IKEv2 id: -1 | IKEv1 OAKLEY ID id: 4 enum name: SHA2_256 | hash algorithm SHA2_384, IKEv1 OAKLEY id: 5, IKEv1 ESP_INFO id: -1, IKEv2 id: -1 | IKEv1 OAKLEY ID id: 5 enum name: SHA2_384 | hash algorithm SHA2_512, IKEv1 OAKLEY id: 6, IKEv1 ESP_INFO id: -1, IKEv2 id: -1 | IKEv1 OAKLEY ID id: 6 enum name: SHA2_512 Hash algorithms: MD5 IKEv1: IKE IKEv2: SHA1 IKEv1: IKE IKEv2: FIPS sha SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 | PRF algorithm assertion checks | PRF algorithm HMAC_MD5, IKEv1 OAKLEY id: 1, IKEv1 ESP_INFO id: -1, IKEv2 id: 1 | IKEv1 OAKLEY ID id: 1 enum name: MD5 | IKEv2 ID id: 1 enum name: HMAC_MD5 | PRF algorithm HMAC_SHA1, IKEv1 OAKLEY id: 2, IKEv1 ESP_INFO id: -1, IKEv2 id: 2 | IKEv1 OAKLEY ID id: 2 enum name: SHA1 | IKEv2 ID id: 2 enum name: HMAC_SHA1 | PRF algorithm HMAC_SHA2_256, IKEv1 OAKLEY id: 4, IKEv1 ESP_INFO id: -1, IKEv2 id: 5 | IKEv1 OAKLEY ID id: 4 enum name: SHA2_256 | IKEv2 ID id: 5 enum name: HMAC_SHA2_256 | PRF algorithm HMAC_SHA2_384, IKEv1 OAKLEY id: 5, IKEv1 ESP_INFO id: -1, IKEv2 id: 6 | IKEv1 OAKLEY ID id: 5 enum name: SHA2_384 | IKEv2 ID id: 6 enum name: HMAC_SHA2_384 | PRF algorithm HMAC_SHA2_512, IKEv1 OAKLEY id: 6, IKEv1 ESP_INFO id: -1, IKEv2 id: 7 | IKEv1 OAKLEY ID id: 6 enum name: SHA2_512 | IKEv2 ID id: 7 enum name: HMAC_SHA2_512 | PRF algorithm AES_XCBC, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: -1, IKEv2 id: 4 | IKEv2 ID id: 4 enum name: AES128_XCBC PRF algorithms: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc | integrity algorithm assertion checks | integrity algorithm HMAC_MD5_96, IKEv1 OAKLEY id: 1, IKEv1 ESP_INFO id: 1, IKEv2 id: 1 | IKEv1 OAKLEY ID id: 1 enum name: MD5 | IKEv1 ESP ID id: 1 enum name: HMAC_MD5 | IKEv2 ID id: 1 enum name: HMAC_MD5_96 | integrity algorithm HMAC_SHA1_96, IKEv1 OAKLEY id: 2, IKEv1 ESP_INFO id: 2, IKEv2 id: 2 | IKEv1 OAKLEY ID id: 2 enum name: SHA1 | IKEv1 ESP ID id: 2 enum name: HMAC_SHA1 | IKEv2 ID id: 2 enum name: HMAC_SHA1_96 | integrity algorithm HMAC_SHA2_512_256, IKEv1 OAKLEY id: 6, IKEv1 ESP_INFO id: 7, IKEv2 id: 14 | IKEv1 OAKLEY ID id: 6 enum name: SHA2_512 | IKEv1 ESP ID id: 7 enum name: HMAC_SHA2_512 | IKEv2 ID id: 14 enum name: HMAC_SHA2_512_256 | integrity algorithm HMAC_SHA2_384_192, IKEv1 OAKLEY id: 5, IKEv1 ESP_INFO id: 6, IKEv2 id: 13 | IKEv1 OAKLEY ID id: 5 enum name: SHA2_384 | IKEv1 ESP ID id: 6 enum name: HMAC_SHA2_384 | IKEv2 ID id: 13 enum name: HMAC_SHA2_384_192 | integrity algorithm HMAC_SHA2_256_128, IKEv1 OAKLEY id: 4, IKEv1 ESP_INFO id: 5, IKEv2 id: 12 | IKEv1 OAKLEY ID id: 4 enum name: SHA2_256 | IKEv1 ESP ID id: 5 enum name: HMAC_SHA2_256 | IKEv2 ID id: 12 enum name: HMAC_SHA2_256_128 | integrity algorithm HMAC_SHA2_256_TRUNCBUG, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 252, IKEv2 id: -1 | IKEv1 ESP ID id: 252 enum name: HMAC_SHA2_256_TRUNCBUG | integrity algorithm AES_XCBC_96, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 9, IKEv2 id: 5 | IKEv1 ESP ID id: 9 enum name: AES_XCBC | IKEv2 ID id: 5 enum name: AES_XCBC_96 | integrity algorithm AES_CMAC_96, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 250, IKEv2 id: 8 | IKEv1 ESP ID id: 250 enum name: AES_CMAC_96 | IKEv2 ID id: 8 enum name: AES_CMAC_96 | integrity algorithm NONE, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 0, IKEv2 id: 0 | IKEv1 ESP ID id: 0 enum name: NONE | IKEv2 ID id: 0 enum name: NONE Integrity algorithms: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac NONE IKEv1: ESP IKEv2: IKE ESP FIPS null | DH algorithm assertion checks | DH algorithm NONE, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: -1, IKEv2 id: 0 | IKEv2 ID id: 0 enum name: NONE | DH algorithm MODP1536, IKEv1 OAKLEY id: 5, IKEv1 ESP_INFO id: 5, IKEv2 id: 5 | IKEv1 OAKLEY ID id: 5 enum name: MODP1536 | IKEv1 ESP ID id: 5 enum name: MODP1536 | IKEv2 ID id: 5 enum name: MODP1536 | DH algorithm MODP2048, IKEv1 OAKLEY id: 14, IKEv1 ESP_INFO id: 14, IKEv2 id: 14 | IKEv1 OAKLEY ID id: 14 enum name: MODP2048 | IKEv1 ESP ID id: 14 enum name: MODP2048 | IKEv2 ID id: 14 enum name: MODP2048 | DH algorithm MODP3072, IKEv1 OAKLEY id: 15, IKEv1 ESP_INFO id: 15, IKEv2 id: 15 | IKEv1 OAKLEY ID id: 15 enum name: MODP3072 | IKEv1 ESP ID id: 15 enum name: MODP3072 | IKEv2 ID id: 15 enum name: MODP3072 | DH algorithm MODP4096, IKEv1 OAKLEY id: 16, IKEv1 ESP_INFO id: 16, IKEv2 id: 16 | IKEv1 OAKLEY ID id: 16 enum name: MODP4096 | IKEv1 ESP ID id: 16 enum name: MODP4096 | IKEv2 ID id: 16 enum name: MODP4096 | DH algorithm MODP6144, IKEv1 OAKLEY id: 17, IKEv1 ESP_INFO id: 17, IKEv2 id: 17 | IKEv1 OAKLEY ID id: 17 enum name: MODP6144 | IKEv1 ESP ID id: 17 enum name: MODP6144 | IKEv2 ID id: 17 enum name: MODP6144 | DH algorithm MODP8192, IKEv1 OAKLEY id: 18, IKEv1 ESP_INFO id: 18, IKEv2 id: 18 | IKEv1 OAKLEY ID id: 18 enum name: MODP8192 | IKEv1 ESP ID id: 18 enum name: MODP8192 | IKEv2 ID id: 18 enum name: MODP8192 | DH algorithm DH19, IKEv1 OAKLEY id: 19, IKEv1 ESP_INFO id: -1, IKEv2 id: 19 | IKEv1 OAKLEY ID id: 19 enum name: ECP_256 | IKEv2 ID id: 19 enum name: ECP_256 | DH algorithm DH20, IKEv1 OAKLEY id: 20, IKEv1 ESP_INFO id: -1, IKEv2 id: 20 | IKEv1 OAKLEY ID id: 20 enum name: ECP_384 | IKEv2 ID id: 20 enum name: ECP_384 | DH algorithm DH21, IKEv1 OAKLEY id: 21, IKEv1 ESP_INFO id: -1, IKEv2 id: 21 | IKEv1 OAKLEY ID id: 21 enum name: ECP_521 | IKEv2 ID id: 21 enum name: ECP_521 | DH algorithm DH31, IKEv1 OAKLEY id: 31, IKEv1 ESP_INFO id: -1, IKEv2 id: 31 | IKEv1 OAKLEY ID id: 31 enum name: CURVE25519 | IKEv2 ID id: 31 enum name: CURVE25519 DH algorithms: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 testing CAMELLIA_CBC: Camellia: 16 bytes with 128-bit key | decode_to_chunk: raw_key: input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5aa30 | result: symkey-key@0x557c468cec90 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: CAMELLIA_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x557c468cec90 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5aa18 | result: symkey-key@0x557c468cd410 (16-bytes, CAMELLIA_CBC) | symkey: release tmp-key@0x557c468cec90 | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0x07 92 3A 39 EB 0A 81 7D 1C 4D 87 BD B8 2D 1F 1C" | decode_to_chunk: output: | 07 92 3a 39 eb 0a 81 7d 1c 4d 87 bd b8 2d 1f 1c | decode_to_chunk: plaintext: : input "0x80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: ciphertext: : input "0x07 92 3A 39 EB 0A 81 7D 1C 4D 87 BD B8 2D 1F 1C" | decode_to_chunk: output: | 07 92 3a 39 eb 0a 81 7d 1c 4d 87 bd b8 2d 1f 1c | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0x07 92 3A 39 EB 0A 81 7D 1C 4D 87 BD B8 2D 1F 1C" | decode_to_chunk: output: | 07 92 3a 39 eb 0a 81 7d 1c 4d 87 bd b8 2d 1f 1c | decode_to_chunk: cipertext: : input "0x07 92 3A 39 EB 0A 81 7D 1C 4D 87 BD B8 2D 1F 1C" | decode_to_chunk: output: | 07 92 3a 39 eb 0a 81 7d 1c 4d 87 bd b8 2d 1f 1c | decode_to_chunk: plaintext: : input "0x80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x557c468cd410 | test_ctr_vector: Camellia: 16 bytes with 128-bit key passed Camellia: 16 bytes with 128-bit key | decode_to_chunk: raw_key: input "0x00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF" | decode_to_chunk: output: | 00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5aa30 | result: symkey-key@0x557c468cec90 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: CAMELLIA_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x557c468cec90 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5aa18 | result: symkey-key@0x557c468cd410 (16-bytes, CAMELLIA_CBC) | symkey: release tmp-key@0x557c468cec90 | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0x14 4D 2B 0F 50 0C 27 B7 EC 2C D1 2D 91 59 6F 37" | decode_to_chunk: output: | 14 4d 2b 0f 50 0c 27 b7 ec 2c d1 2d 91 59 6f 37 | decode_to_chunk: plaintext: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 " | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 | decode_to_chunk: ciphertext: : input "0x14 4D 2B 0F 50 0C 27 B7 EC 2C D1 2D 91 59 6F 37" | decode_to_chunk: output: | 14 4d 2b 0f 50 0c 27 b7 ec 2c d1 2d 91 59 6f 37 | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0x14 4D 2B 0F 50 0C 27 B7 EC 2C D1 2D 91 59 6F 37" | decode_to_chunk: output: | 14 4d 2b 0f 50 0c 27 b7 ec 2c d1 2d 91 59 6f 37 | decode_to_chunk: cipertext: : input "0x14 4D 2B 0F 50 0C 27 B7 EC 2C D1 2D 91 59 6F 37" | decode_to_chunk: output: | 14 4d 2b 0f 50 0c 27 b7 ec 2c d1 2d 91 59 6f 37 | decode_to_chunk: plaintext: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 " | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x557c468cd410 | test_ctr_vector: Camellia: 16 bytes with 128-bit key passed Camellia: 16 bytes with 256-bit key | decode_to_chunk: raw_key: input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5aa30 | result: symkey-key@0x557c468cec90 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: CAMELLIA_CBC | flags: ENCRYPT+DECRYPT | key_size: 32-bytes | base: base-key@0x557c468cec90 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5aa18 | result: symkey-key@0x557c468cd410 (32-bytes, CAMELLIA_CBC) | symkey: release tmp-key@0x557c468cec90 | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0xB0 C6 B8 8A EA 51 8A B0 9E 84 72 48 E9 1B 1B 9D" | decode_to_chunk: output: | b0 c6 b8 8a ea 51 8a b0 9e 84 72 48 e9 1b 1b 9d | decode_to_chunk: plaintext: : input "0x80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: ciphertext: : input "0xB0 C6 B8 8A EA 51 8A B0 9E 84 72 48 E9 1B 1B 9D" | decode_to_chunk: output: | b0 c6 b8 8a ea 51 8a b0 9e 84 72 48 e9 1b 1b 9d | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0xB0 C6 B8 8A EA 51 8A B0 9E 84 72 48 E9 1B 1B 9D" | decode_to_chunk: output: | b0 c6 b8 8a ea 51 8a b0 9e 84 72 48 e9 1b 1b 9d | decode_to_chunk: cipertext: : input "0xB0 C6 B8 8A EA 51 8A B0 9E 84 72 48 E9 1B 1B 9D" | decode_to_chunk: output: | b0 c6 b8 8a ea 51 8a b0 9e 84 72 48 e9 1b 1b 9d | decode_to_chunk: plaintext: : input "0x80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x557c468cd410 | test_ctr_vector: Camellia: 16 bytes with 256-bit key passed Camellia: 16 bytes with 256-bit key | decode_to_chunk: raw_key: input "0x00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF FF EE DD CC BB AA 99 88 77 66 55 44 33 22 11 00" | decode_to_chunk: output: | 00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff | ff ee dd cc bb aa 99 88 77 66 55 44 33 22 11 00 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5aa30 | result: symkey-key@0x557c468cec90 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: CAMELLIA_CBC | flags: ENCRYPT+DECRYPT | key_size: 32-bytes | base: base-key@0x557c468cec90 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5aa18 | result: symkey-key@0x557c468cd410 (32-bytes, CAMELLIA_CBC) | symkey: release tmp-key@0x557c468cec90 | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0xCC 39 FF EE 18 56 D3 EB 61 02 5E 93 21 9B 65 23 " | decode_to_chunk: output: | cc 39 ff ee 18 56 d3 eb 61 02 5e 93 21 9b 65 23 | decode_to_chunk: plaintext: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 | decode_to_chunk: ciphertext: : input "0xCC 39 FF EE 18 56 D3 EB 61 02 5E 93 21 9B 65 23 " | decode_to_chunk: output: | cc 39 ff ee 18 56 d3 eb 61 02 5e 93 21 9b 65 23 | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0xCC 39 FF EE 18 56 D3 EB 61 02 5E 93 21 9B 65 23 " | decode_to_chunk: output: | cc 39 ff ee 18 56 d3 eb 61 02 5e 93 21 9b 65 23 | decode_to_chunk: cipertext: : input "0xCC 39 FF EE 18 56 D3 EB 61 02 5E 93 21 9B 65 23 " | decode_to_chunk: output: | cc 39 ff ee 18 56 d3 eb 61 02 5e 93 21 9b 65 23 | decode_to_chunk: plaintext: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x557c468cd410 | test_ctr_vector: Camellia: 16 bytes with 256-bit key passed testing AES_GCM_16: empty string | decode_to_chunk: raw_key: input "0xcf063a34d4a9a76c2c86787d3f96db71" | decode_to_chunk: output: | cf 06 3a 34 d4 a9 a7 6c 2c 86 78 7d 3f 96 db 71 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a9d0 | result: symkey-key@0x557c468cec90 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_GCM | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x557c468cec90 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a9b8 | result: symkey-key@0x557c468cd410 (16-bytes, AES_GCM) | symkey: release tmp-key@0x557c468cec90 | decode_to_chunk: salted IV: input "0x113b9785971864c83b01c787" | decode_to_chunk: output: | 11 3b 97 85 97 18 64 c8 3b 01 c7 87 | decode_to_chunk: AAD: input "" | decode_to_chunk: output: | | decode_to_chunk: plaintext: input "" | decode_to_chunk: output: | | decode_to_chunk: ciphertext: input "" | decode_to_chunk: output: | | decode_to_chunk: tag: input "0x72ac8493e3a5228b5d130a69d2510e42" | decode_to_chunk: output: | 72 ac 84 93 e3 a5 22 8b 5d 13 0a 69 d2 51 0e 42 | test_gcm_vector: decrypt: aad-size=0 salt-size=4 wire-IV-size=8 text-size=0 tag-size=16 | test_gcm_vector: text+tag on call | 72 ac 84 93 e3 a5 22 8b 5d 13 0a 69 d2 51 0e 42 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | 72 ac 84 93 e3 a5 22 8b 5d 13 0a 69 d2 51 0e 42 | test_gcm_vector: encrypt: aad-size=0 salt-size=4 wire-IV-size=8 text-size=0 tag-size=16 | test_gcm_vector: text+tag on call | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | 72 ac 84 93 e3 a5 22 8b 5d 13 0a 69 d2 51 0e 42 | test_gcm_vector: release sym_key-key@0x557c468cd410 | test_gcm_vector: passed one block | decode_to_chunk: raw_key: input "0xe98b72a9881a84ca6b76e0f43e68647a" | decode_to_chunk: output: | e9 8b 72 a9 88 1a 84 ca 6b 76 e0 f4 3e 68 64 7a | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a9d0 | result: symkey-key@0x557c468cec90 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_GCM | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x557c468cec90 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a9b8 | result: symkey-key@0x557c468cd410 (16-bytes, AES_GCM) | symkey: release tmp-key@0x557c468cec90 | decode_to_chunk: salted IV: input "0x8b23299fde174053f3d652ba" | decode_to_chunk: output: | 8b 23 29 9f de 17 40 53 f3 d6 52 ba | decode_to_chunk: AAD: input "" | decode_to_chunk: output: | | decode_to_chunk: plaintext: input "0x28286a321293253c3e0aa2704a278032" | decode_to_chunk: output: | 28 28 6a 32 12 93 25 3c 3e 0a a2 70 4a 27 80 32 | decode_to_chunk: ciphertext: input "0x5a3c1cf1985dbb8bed818036fdd5ab42" | decode_to_chunk: output: | 5a 3c 1c f1 98 5d bb 8b ed 81 80 36 fd d5 ab 42 | decode_to_chunk: tag: input "0x23c7ab0f952b7091cd324835043b5eb5" | decode_to_chunk: output: | 23 c7 ab 0f 95 2b 70 91 cd 32 48 35 04 3b 5e b5 | test_gcm_vector: decrypt: aad-size=0 salt-size=4 wire-IV-size=8 text-size=16 tag-size=16 | test_gcm_vector: text+tag on call | 5a 3c 1c f1 98 5d bb 8b ed 81 80 36 fd d5 ab 42 | 23 c7 ab 0f 95 2b 70 91 cd 32 48 35 04 3b 5e b5 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | 28 28 6a 32 12 93 25 3c 3e 0a a2 70 4a 27 80 32 | 23 c7 ab 0f 95 2b 70 91 cd 32 48 35 04 3b 5e b5 | test_gcm_vector: encrypt: aad-size=0 salt-size=4 wire-IV-size=8 text-size=16 tag-size=16 | test_gcm_vector: text+tag on call | 28 28 6a 32 12 93 25 3c 3e 0a a2 70 4a 27 80 32 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | 5a 3c 1c f1 98 5d bb 8b ed 81 80 36 fd d5 ab 42 | 23 c7 ab 0f 95 2b 70 91 cd 32 48 35 04 3b 5e b5 | test_gcm_vector: release sym_key-key@0x557c468cd410 | test_gcm_vector: passed two blocks | decode_to_chunk: raw_key: input "0xbfd414a6212958a607a0f5d3ab48471d" | decode_to_chunk: output: | bf d4 14 a6 21 29 58 a6 07 a0 f5 d3 ab 48 47 1d | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a9d0 | result: symkey-key@0x557c468cec90 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_GCM | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x557c468cec90 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a9b8 | result: symkey-key@0x557c468cd410 (16-bytes, AES_GCM) | symkey: release tmp-key@0x557c468cec90 | decode_to_chunk: salted IV: input "0x86d8ea0ab8e40dcc481cd0e2" | decode_to_chunk: output: | 86 d8 ea 0a b8 e4 0d cc 48 1c d0 e2 | decode_to_chunk: AAD: input "" | decode_to_chunk: output: | | decode_to_chunk: plaintext: input "0xa6b76a066e63392c9443e60272ceaeb9d25c991b0f2e55e2804e168c05ea591a" | decode_to_chunk: output: | a6 b7 6a 06 6e 63 39 2c 94 43 e6 02 72 ce ae b9 | d2 5c 99 1b 0f 2e 55 e2 80 4e 16 8c 05 ea 59 1a | decode_to_chunk: ciphertext: input "0x62171db33193292d930bf6647347652c1ef33316d7feca99d54f1db4fcf513f8" | decode_to_chunk: output: | 62 17 1d b3 31 93 29 2d 93 0b f6 64 73 47 65 2c | 1e f3 33 16 d7 fe ca 99 d5 4f 1d b4 fc f5 13 f8 | decode_to_chunk: tag: input "0xc28280aa5c6c7a8bd366f28c1cfd1f6e" | decode_to_chunk: output: | c2 82 80 aa 5c 6c 7a 8b d3 66 f2 8c 1c fd 1f 6e | test_gcm_vector: decrypt: aad-size=0 salt-size=4 wire-IV-size=8 text-size=32 tag-size=16 | test_gcm_vector: text+tag on call | 62 17 1d b3 31 93 29 2d 93 0b f6 64 73 47 65 2c | 1e f3 33 16 d7 fe ca 99 d5 4f 1d b4 fc f5 13 f8 | c2 82 80 aa 5c 6c 7a 8b d3 66 f2 8c 1c fd 1f 6e | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | a6 b7 6a 06 6e 63 39 2c 94 43 e6 02 72 ce ae b9 | d2 5c 99 1b 0f 2e 55 e2 80 4e 16 8c 05 ea 59 1a | c2 82 80 aa 5c 6c 7a 8b d3 66 f2 8c 1c fd 1f 6e | test_gcm_vector: encrypt: aad-size=0 salt-size=4 wire-IV-size=8 text-size=32 tag-size=16 | test_gcm_vector: text+tag on call | a6 b7 6a 06 6e 63 39 2c 94 43 e6 02 72 ce ae b9 | d2 5c 99 1b 0f 2e 55 e2 80 4e 16 8c 05 ea 59 1a | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | 62 17 1d b3 31 93 29 2d 93 0b f6 64 73 47 65 2c | 1e f3 33 16 d7 fe ca 99 d5 4f 1d b4 fc f5 13 f8 | c2 82 80 aa 5c 6c 7a 8b d3 66 f2 8c 1c fd 1f 6e | test_gcm_vector: release sym_key-key@0x557c468cd410 | test_gcm_vector: passed two blocks with associated data | decode_to_chunk: raw_key: input "0x006c458100fc5f4d62949d2c833b82d1" | decode_to_chunk: output: | 00 6c 45 81 00 fc 5f 4d 62 94 9d 2c 83 3b 82 d1 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a9d0 | result: symkey-key@0x557c468cec90 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_GCM | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x557c468cec90 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a9b8 | result: symkey-key@0x557c468cd410 (16-bytes, AES_GCM) | symkey: release tmp-key@0x557c468cec90 | decode_to_chunk: salted IV: input "0xa4e9c4bc5725a21ff42c82b2" | decode_to_chunk: output: | a4 e9 c4 bc 57 25 a2 1f f4 2c 82 b2 | decode_to_chunk: AAD: input "0x2efb14fb3657cdd6b9a8ff1a5f5a39b9" | decode_to_chunk: output: | 2e fb 14 fb 36 57 cd d6 b9 a8 ff 1a 5f 5a 39 b9 | decode_to_chunk: plaintext: input "0xf381d3bfbee0a879f7a4e17b623278cedd6978053dd313530a18f1a836100950" | decode_to_chunk: output: | f3 81 d3 bf be e0 a8 79 f7 a4 e1 7b 62 32 78 ce | dd 69 78 05 3d d3 13 53 0a 18 f1 a8 36 10 09 50 | decode_to_chunk: ciphertext: input "0xf39b4db3542d8542fb73fd2d66be568f26d7f814b3f87d1eceac3dd09a8d697e" | decode_to_chunk: output: | f3 9b 4d b3 54 2d 85 42 fb 73 fd 2d 66 be 56 8f | 26 d7 f8 14 b3 f8 7d 1e ce ac 3d d0 9a 8d 69 7e | decode_to_chunk: tag: input "0x39f045cb23b698c925db134d56c5" | decode_to_chunk: output: | 39 f0 45 cb 23 b6 98 c9 25 db 13 4d 56 c5 | test_gcm_vector: decrypt: aad-size=16 salt-size=4 wire-IV-size=8 text-size=32 tag-size=14 | test_gcm_vector: text+tag on call | f3 9b 4d b3 54 2d 85 42 fb 73 fd 2d 66 be 56 8f | 26 d7 f8 14 b3 f8 7d 1e ce ac 3d d0 9a 8d 69 7e | 39 f0 45 cb 23 b6 98 c9 25 db 13 4d 56 c5 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | f3 81 d3 bf be e0 a8 79 f7 a4 e1 7b 62 32 78 ce | dd 69 78 05 3d d3 13 53 0a 18 f1 a8 36 10 09 50 | 39 f0 45 cb 23 b6 98 c9 25 db 13 4d 56 c5 | test_gcm_vector: encrypt: aad-size=16 salt-size=4 wire-IV-size=8 text-size=32 tag-size=14 | test_gcm_vector: text+tag on call | f3 81 d3 bf be e0 a8 79 f7 a4 e1 7b 62 32 78 ce | dd 69 78 05 3d d3 13 53 0a 18 f1 a8 36 10 09 50 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | f3 9b 4d b3 54 2d 85 42 fb 73 fd 2d 66 be 56 8f | 26 d7 f8 14 b3 f8 7d 1e ce ac 3d d0 9a 8d 69 7e | 39 f0 45 cb 23 b6 98 c9 25 db 13 4d 56 c5 | test_gcm_vector: release sym_key-key@0x557c468cd410 | test_gcm_vector: passed testing AES_CTR: Encrypting 16 octets using AES-CTR with 128-bit key | decode_to_chunk: raw_key: input "0x AE 68 52 F8 12 10 67 CC 4B F7 A5 76 55 77 F3 9E" | decode_to_chunk: output: | ae 68 52 f8 12 10 67 cc 4b f7 a5 76 55 77 f3 9e | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5aa30 | result: symkey-key@0x557c468cec90 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x557c468cec90 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5aa18 | result: symkey-key@0x557c468cd410 (16-bytes, AES_CTR) | symkey: release tmp-key@0x557c468cec90 | decode_to_chunk: input counter-block: : input "0x 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 01" | decode_to_chunk: output: | 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 01 | decode_to_chunk: Plaintext: input "0x 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: Ciphertext: input "0x E4 09 5D 4F B7 A7 B3 79 2D 61 75 A3 26 13 11 B8" | decode_to_chunk: output: | e4 09 5d 4f b7 a7 b3 79 2d 61 75 a3 26 13 11 b8 | decode_to_chunk: expected counter-block: : input "0x 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 02" | decode_to_chunk: output: | 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 02 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x2 for 16 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 01" | decode_to_chunk: output: | 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 01 | decode_to_chunk: Ciphertext: input "0x E4 09 5D 4F B7 A7 B3 79 2D 61 75 A3 26 13 11 B8" | decode_to_chunk: output: | e4 09 5d 4f b7 a7 b3 79 2d 61 75 a3 26 13 11 b8 | decode_to_chunk: Plaintext: input "0x 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: expected counter-block: : input "0x 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 02" | decode_to_chunk: output: | 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 02 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x2 for 16 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x557c468cd410 | test_ctr_vector: Encrypting 16 octets using AES-CTR with 128-bit key passed Encrypting 32 octets using AES-CTR with 128-bit key | decode_to_chunk: raw_key: input "0x 7E 24 06 78 17 FA E0 D7 43 D6 CE 1F 32 53 91 63" | decode_to_chunk: output: | 7e 24 06 78 17 fa e0 d7 43 d6 ce 1f 32 53 91 63 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5aa30 | result: symkey-key@0x557c468cec90 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x557c468cec90 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5aa18 | result: symkey-key@0x557c468cd410 (16-bytes, AES_CTR) | symkey: release tmp-key@0x557c468cec90 | decode_to_chunk: input counter-block: : input "0x 00 6C B6 DB C0 54 3B 59 DA 48 D9 0B 00 00 00 01" | decode_to_chunk: output: | 00 6c b6 db c0 54 3b 59 da 48 d9 0b 00 00 00 01 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: Ciphertext: input "0x51 04 A1 06 16 8A 72 D9 79 0D 41 EE 8E DA D3 88EB 2E 1E FC 46 DA 57 C8 FC E6 30 DF 91 41 BE 28" | decode_to_chunk: output: | 51 04 a1 06 16 8a 72 d9 79 0d 41 ee 8e da d3 88 | eb 2e 1e fc 46 da 57 c8 fc e6 30 df 91 41 be 28 | decode_to_chunk: expected counter-block: : input "0x 00 6C B6 DB C0 54 3B 59 DA 48 D9 0B 00 00 00 03" | decode_to_chunk: output: | 00 6c b6 db c0 54 3b 59 da 48 d9 0b 00 00 00 03 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x3 for 32 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 6C B6 DB C0 54 3B 59 DA 48 D9 0B 00 00 00 01" | decode_to_chunk: output: | 00 6c b6 db c0 54 3b 59 da 48 d9 0b 00 00 00 01 | decode_to_chunk: Ciphertext: input "0x51 04 A1 06 16 8A 72 D9 79 0D 41 EE 8E DA D3 88EB 2E 1E FC 46 DA 57 C8 FC E6 30 DF 91 41 BE 28" | decode_to_chunk: output: | 51 04 a1 06 16 8a 72 d9 79 0d 41 ee 8e da d3 88 | eb 2e 1e fc 46 da 57 c8 fc e6 30 df 91 41 be 28 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: expected counter-block: : input "0x 00 6C B6 DB C0 54 3B 59 DA 48 D9 0B 00 00 00 03" | decode_to_chunk: output: | 00 6c b6 db c0 54 3b 59 da 48 d9 0b 00 00 00 03 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x3 for 32 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x557c468cd410 | test_ctr_vector: Encrypting 32 octets using AES-CTR with 128-bit key passed Encrypting 36 octets using AES-CTR with 128-bit key | decode_to_chunk: raw_key: input "0x 76 91 BE 03 5E 50 20 A8 AC 6E 61 85 29 F9 A0 DC" | decode_to_chunk: output: | 76 91 be 03 5e 50 20 a8 ac 6e 61 85 29 f9 a0 dc | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5aa30 | result: symkey-key@0x557c468cec90 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x557c468cec90 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5aa18 | result: symkey-key@0x557c468cd410 (16-bytes, AES_CTR) | symkey: release tmp-key@0x557c468cec90 | decode_to_chunk: input counter-block: : input "0x 00 E0 01 7B 27 77 7F 3F 4A 17 86 F0 00 00 00 01" | decode_to_chunk: output: | 00 e0 01 7b 27 77 7f 3f 4a 17 86 f0 00 00 00 01 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F20 21 22 23" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 22 23 | decode_to_chunk: Ciphertext: input "0xC1 CF 48 A8 9F 2F FD D9 CF 46 52 E9 EF DB 72 D745 40 A4 2B DE 6D 78 36 D5 9A 5C EA AE F3 10 5325 B2 07 2F" | decode_to_chunk: output: | c1 cf 48 a8 9f 2f fd d9 cf 46 52 e9 ef db 72 d7 | 45 40 a4 2b de 6d 78 36 d5 9a 5c ea ae f3 10 53 | 25 b2 07 2f | decode_to_chunk: expected counter-block: : input "0x 00 E0 01 7B 27 77 7F 3F 4A 17 86 F0 00 00 00 04" | decode_to_chunk: output: | 00 e0 01 7b 27 77 7f 3f 4a 17 86 f0 00 00 00 04 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x4 for 36 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 E0 01 7B 27 77 7F 3F 4A 17 86 F0 00 00 00 01" | decode_to_chunk: output: | 00 e0 01 7b 27 77 7f 3f 4a 17 86 f0 00 00 00 01 | decode_to_chunk: Ciphertext: input "0xC1 CF 48 A8 9F 2F FD D9 CF 46 52 E9 EF DB 72 D745 40 A4 2B DE 6D 78 36 D5 9A 5C EA AE F3 10 5325 B2 07 2F" | decode_to_chunk: output: | c1 cf 48 a8 9f 2f fd d9 cf 46 52 e9 ef db 72 d7 | 45 40 a4 2b de 6d 78 36 d5 9a 5c ea ae f3 10 53 | 25 b2 07 2f | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F20 21 22 23" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 22 23 | decode_to_chunk: expected counter-block: : input "0x 00 E0 01 7B 27 77 7F 3F 4A 17 86 F0 00 00 00 04" | decode_to_chunk: output: | 00 e0 01 7b 27 77 7f 3f 4a 17 86 f0 00 00 00 04 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x4 for 36 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x557c468cd410 | test_ctr_vector: Encrypting 36 octets using AES-CTR with 128-bit key passed Encrypting 16 octets using AES-CTR with 192-bit key | decode_to_chunk: raw_key: input "0x16 AF 5B 14 5F C9 F5 79 C1 75 F9 3E 3B FB 0E ED86 3D 06 CC FD B7 85 15" | decode_to_chunk: output: | 16 af 5b 14 5f c9 f5 79 c1 75 f9 3e 3b fb 0e ed | 86 3d 06 cc fd b7 85 15 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5aa30 | result: symkey-key@0x557c468cec90 (40-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x557c468cec90 (40-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5aa18 | result: symkey-key@0x557c468cd410 (24-bytes, AES_CTR) | symkey: release tmp-key@0x557c468cec90 | decode_to_chunk: input counter-block: : input "0x 00 00 00 48 36 73 3C 14 7D 6D 93 CB 00 00 00 01" | decode_to_chunk: output: | 00 00 00 48 36 73 3c 14 7d 6d 93 cb 00 00 00 01 | decode_to_chunk: Plaintext: input "0x 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: Ciphertext: input "0x 4B 55 38 4F E2 59 C9 C8 4E 79 35 A0 03 CB E9 28" | decode_to_chunk: output: | 4b 55 38 4f e2 59 c9 c8 4e 79 35 a0 03 cb e9 28 | decode_to_chunk: expected counter-block: : input "0x 00 00 00 48 36 73 3C 14 7D 6D 93 CB 00 00 00 02" | decode_to_chunk: output: | 00 00 00 48 36 73 3c 14 7d 6d 93 cb 00 00 00 02 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x2 for 16 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 00 00 48 36 73 3C 14 7D 6D 93 CB 00 00 00 01" | decode_to_chunk: output: | 00 00 00 48 36 73 3c 14 7d 6d 93 cb 00 00 00 01 | decode_to_chunk: Ciphertext: input "0x 4B 55 38 4F E2 59 C9 C8 4E 79 35 A0 03 CB E9 28" | decode_to_chunk: output: | 4b 55 38 4f e2 59 c9 c8 4e 79 35 a0 03 cb e9 28 | decode_to_chunk: Plaintext: input "0x 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: expected counter-block: : input "0x 00 00 00 48 36 73 3C 14 7D 6D 93 CB 00 00 00 02" | decode_to_chunk: output: | 00 00 00 48 36 73 3c 14 7d 6d 93 cb 00 00 00 02 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x2 for 16 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x557c468cd410 | test_ctr_vector: Encrypting 16 octets using AES-CTR with 192-bit key passed Encrypting 32 octets using AES-CTR with 192-bit key | decode_to_chunk: raw_key: input "0x7C 5C B2 40 1B 3D C3 3C 19 E7 34 08 19 E0 F6 9C67 8C 3D B8 E6 F6 A9 1A" | decode_to_chunk: output: | 7c 5c b2 40 1b 3d c3 3c 19 e7 34 08 19 e0 f6 9c | 67 8c 3d b8 e6 f6 a9 1a | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5aa30 | result: symkey-key@0x557c468cec90 (40-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x557c468cec90 (40-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5aa18 | result: symkey-key@0x557c468cd410 (24-bytes, AES_CTR) | symkey: release tmp-key@0x557c468cec90 | decode_to_chunk: input counter-block: : input "0x 00 96 B0 3B 02 0C 6E AD C2 CB 50 0D 00 00 00 01" | decode_to_chunk: output: | 00 96 b0 3b 02 0c 6e ad c2 cb 50 0d 00 00 00 01 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: Ciphertext: input "0x45 32 43 FC 60 9B 23 32 7E DF AA FA 71 31 CD 9F84 90 70 1C 5A D4 A7 9C FC 1F E0 FF 42 F4 FB 00" | decode_to_chunk: output: | 45 32 43 fc 60 9b 23 32 7e df aa fa 71 31 cd 9f | 84 90 70 1c 5a d4 a7 9c fc 1f e0 ff 42 f4 fb 00 | decode_to_chunk: expected counter-block: : input "0x 00 96 B0 3B 02 0C 6E AD C2 CB 50 0D 00 00 00 03" | decode_to_chunk: output: | 00 96 b0 3b 02 0c 6e ad c2 cb 50 0d 00 00 00 03 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x3 for 32 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 96 B0 3B 02 0C 6E AD C2 CB 50 0D 00 00 00 01" | decode_to_chunk: output: | 00 96 b0 3b 02 0c 6e ad c2 cb 50 0d 00 00 00 01 | decode_to_chunk: Ciphertext: input "0x45 32 43 FC 60 9B 23 32 7E DF AA FA 71 31 CD 9F84 90 70 1C 5A D4 A7 9C FC 1F E0 FF 42 F4 FB 00" | decode_to_chunk: output: | 45 32 43 fc 60 9b 23 32 7e df aa fa 71 31 cd 9f | 84 90 70 1c 5a d4 a7 9c fc 1f e0 ff 42 f4 fb 00 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: expected counter-block: : input "0x 00 96 B0 3B 02 0C 6E AD C2 CB 50 0D 00 00 00 03" | decode_to_chunk: output: | 00 96 b0 3b 02 0c 6e ad c2 cb 50 0d 00 00 00 03 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x3 for 32 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x557c468cd410 | test_ctr_vector: Encrypting 32 octets using AES-CTR with 192-bit key passed Encrypting 36 octets using AES-CTR with 192-bit key | decode_to_chunk: raw_key: input "0x02 BF 39 1E E8 EC B1 59 B9 59 61 7B 09 65 27 9BF5 9B 60 A7 86 D3 E0 FE" | decode_to_chunk: output: | 02 bf 39 1e e8 ec b1 59 b9 59 61 7b 09 65 27 9b | f5 9b 60 a7 86 d3 e0 fe | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5aa30 | result: symkey-key@0x557c468cec90 (40-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x557c468cec90 (40-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5aa18 | result: symkey-key@0x557c468cd410 (24-bytes, AES_CTR) | symkey: release tmp-key@0x557c468cec90 | decode_to_chunk: input counter-block: : input "0x 00 07 BD FD 5C BD 60 27 8D CC 09 12 00 00 00 01" | decode_to_chunk: output: | 00 07 bd fd 5c bd 60 27 8d cc 09 12 00 00 00 01 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F20 21 22 23" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 22 23 | decode_to_chunk: Ciphertext: input "0x96 89 3F C5 5E 5C 72 2F 54 0B 7D D1 DD F7 E7 58D2 88 BC 95 C6 91 65 88 45 36 C8 11 66 2F 21 88AB EE 09 35" | decode_to_chunk: output: | 96 89 3f c5 5e 5c 72 2f 54 0b 7d d1 dd f7 e7 58 | d2 88 bc 95 c6 91 65 88 45 36 c8 11 66 2f 21 88 | ab ee 09 35 | decode_to_chunk: expected counter-block: : input "0x 00 07 BD FD 5C BD 60 27 8D CC 09 12 00 00 00 04" | decode_to_chunk: output: | 00 07 bd fd 5c bd 60 27 8d cc 09 12 00 00 00 04 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x4 for 36 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 07 BD FD 5C BD 60 27 8D CC 09 12 00 00 00 01" | decode_to_chunk: output: | 00 07 bd fd 5c bd 60 27 8d cc 09 12 00 00 00 01 | decode_to_chunk: Ciphertext: input "0x96 89 3F C5 5E 5C 72 2F 54 0B 7D D1 DD F7 E7 58D2 88 BC 95 C6 91 65 88 45 36 C8 11 66 2F 21 88AB EE 09 35" | decode_to_chunk: output: | 96 89 3f c5 5e 5c 72 2f 54 0b 7d d1 dd f7 e7 58 | d2 88 bc 95 c6 91 65 88 45 36 c8 11 66 2f 21 88 | ab ee 09 35 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F20 21 22 23" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 22 23 | decode_to_chunk: expected counter-block: : input "0x 00 07 BD FD 5C BD 60 27 8D CC 09 12 00 00 00 04" | decode_to_chunk: output: | 00 07 bd fd 5c bd 60 27 8d cc 09 12 00 00 00 04 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x4 for 36 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x557c468cd410 | test_ctr_vector: Encrypting 36 octets using AES-CTR with 192-bit key passed Encrypting 16 octets using AES-CTR with 256-bit key | decode_to_chunk: raw_key: input "0x77 6B EF F2 85 1D B0 6F 4C 8A 05 42 C8 69 6F 6C6A 81 AF 1E EC 96 B4 D3 7F C1 D6 89 E6 C1 C1 04" | decode_to_chunk: output: | 77 6b ef f2 85 1d b0 6f 4c 8a 05 42 c8 69 6f 6c | 6a 81 af 1e ec 96 b4 d3 7f c1 d6 89 e6 c1 c1 04 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5aa30 | result: symkey-key@0x557c468cec90 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 32-bytes | base: base-key@0x557c468cec90 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5aa18 | result: symkey-key@0x557c468cd410 (32-bytes, AES_CTR) | symkey: release tmp-key@0x557c468cec90 | decode_to_chunk: input counter-block: : input "0x 00 00 00 60 DB 56 72 C9 7A A8 F0 B2 00 00 00 01" | decode_to_chunk: output: | 00 00 00 60 db 56 72 c9 7a a8 f0 b2 00 00 00 01 | decode_to_chunk: Plaintext: input "0x 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: Ciphertext: input "0x 14 5A D0 1D BF 82 4E C7 56 08 63 DC 71 E3 E0 C0" | decode_to_chunk: output: | 14 5a d0 1d bf 82 4e c7 56 08 63 dc 71 e3 e0 c0 | decode_to_chunk: expected counter-block: : input "0x 00 00 00 60 DB 56 72 C9 7A A8 F0 B2 00 00 00 02" | decode_to_chunk: output: | 00 00 00 60 db 56 72 c9 7a a8 f0 b2 00 00 00 02 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x2 for 16 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 00 00 60 DB 56 72 C9 7A A8 F0 B2 00 00 00 01" | decode_to_chunk: output: | 00 00 00 60 db 56 72 c9 7a a8 f0 b2 00 00 00 01 | decode_to_chunk: Ciphertext: input "0x 14 5A D0 1D BF 82 4E C7 56 08 63 DC 71 E3 E0 C0" | decode_to_chunk: output: | 14 5a d0 1d bf 82 4e c7 56 08 63 dc 71 e3 e0 c0 | decode_to_chunk: Plaintext: input "0x 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: expected counter-block: : input "0x 00 00 00 60 DB 56 72 C9 7A A8 F0 B2 00 00 00 02" | decode_to_chunk: output: | 00 00 00 60 db 56 72 c9 7a a8 f0 b2 00 00 00 02 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x2 for 16 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x557c468cd410 | test_ctr_vector: Encrypting 16 octets using AES-CTR with 256-bit key passed Encrypting 32 octets using AES-CTR with 256-bit key | decode_to_chunk: raw_key: input "0xF6 D6 6D 6B D5 2D 59 BB 07 96 36 58 79 EF F8 86C6 6D D5 1A 5B 6A 99 74 4B 50 59 0C 87 A2 38 84" | decode_to_chunk: output: | f6 d6 6d 6b d5 2d 59 bb 07 96 36 58 79 ef f8 86 | c6 6d d5 1a 5b 6a 99 74 4b 50 59 0c 87 a2 38 84 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5aa30 | result: symkey-key@0x557c468cec90 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 32-bytes | base: base-key@0x557c468cec90 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5aa18 | result: symkey-key@0x557c468cd410 (32-bytes, AES_CTR) | symkey: release tmp-key@0x557c468cec90 | decode_to_chunk: input counter-block: : input "0x 00 FA AC 24 C1 58 5E F1 5A 43 D8 75 00 00 00 01" | decode_to_chunk: output: | 00 fa ac 24 c1 58 5e f1 5a 43 d8 75 00 00 00 01 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: Ciphertext: input "0xF0 5E 23 1B 38 94 61 2C 49 EE 00 0B 80 4E B2 A9B8 30 6B 50 8F 83 9D 6A 55 30 83 1D 93 44 AF 1C" | decode_to_chunk: output: | f0 5e 23 1b 38 94 61 2c 49 ee 00 0b 80 4e b2 a9 | b8 30 6b 50 8f 83 9d 6a 55 30 83 1d 93 44 af 1c | decode_to_chunk: expected counter-block: : input "0x 00 FA AC 24 C1 58 5E F1 5A 43 D8 75 00 00 00 03" | decode_to_chunk: output: | 00 fa ac 24 c1 58 5e f1 5a 43 d8 75 00 00 00 03 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x3 for 32 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 FA AC 24 C1 58 5E F1 5A 43 D8 75 00 00 00 01" | decode_to_chunk: output: | 00 fa ac 24 c1 58 5e f1 5a 43 d8 75 00 00 00 01 | decode_to_chunk: Ciphertext: input "0xF0 5E 23 1B 38 94 61 2C 49 EE 00 0B 80 4E B2 A9B8 30 6B 50 8F 83 9D 6A 55 30 83 1D 93 44 AF 1C" | decode_to_chunk: output: | f0 5e 23 1b 38 94 61 2c 49 ee 00 0b 80 4e b2 a9 | b8 30 6b 50 8f 83 9d 6a 55 30 83 1d 93 44 af 1c | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: expected counter-block: : input "0x 00 FA AC 24 C1 58 5E F1 5A 43 D8 75 00 00 00 03" | decode_to_chunk: output: | 00 fa ac 24 c1 58 5e f1 5a 43 d8 75 00 00 00 03 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x3 for 32 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x557c468cd410 | test_ctr_vector: Encrypting 32 octets using AES-CTR with 256-bit key passed Encrypting 36 octets using AES-CTR with 256-bit key | decode_to_chunk: raw_key: input "0xFF 7A 61 7C E6 91 48 E4 F1 72 6E 2F 43 58 1D E2AA 62 D9 F8 05 53 2E DF F1 EE D6 87 FB 54 15 3D" | decode_to_chunk: output: | ff 7a 61 7c e6 91 48 e4 f1 72 6e 2f 43 58 1d e2 | aa 62 d9 f8 05 53 2e df f1 ee d6 87 fb 54 15 3d | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5aa30 | result: symkey-key@0x557c468cec90 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 32-bytes | base: base-key@0x557c468cec90 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5aa18 | result: symkey-key@0x557c468cd410 (32-bytes, AES_CTR) | symkey: release tmp-key@0x557c468cec90 | decode_to_chunk: input counter-block: : input "0x 00 1C C5 B7 51 A5 1D 70 A1 C1 11 48 00 00 00 01" | decode_to_chunk: output: | 00 1c c5 b7 51 a5 1d 70 a1 c1 11 48 00 00 00 01 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F20 21 22 23" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 22 23 | decode_to_chunk: Ciphertext: input "0xEB 6C 52 82 1D 0B BB F7 CE 75 94 46 2A CA 4F AAB4 07 DF 86 65 69 FD 07 F4 8C C0 B5 83 D6 07 1F1E C0 E6 B8" | decode_to_chunk: output: | eb 6c 52 82 1d 0b bb f7 ce 75 94 46 2a ca 4f aa | b4 07 df 86 65 69 fd 07 f4 8c c0 b5 83 d6 07 1f | 1e c0 e6 b8 | decode_to_chunk: expected counter-block: : input "0x 00 1C C5 B7 51 A5 1D 70 A1 C1 11 48 00 00 00 04" | decode_to_chunk: output: | 00 1c c5 b7 51 a5 1d 70 a1 c1 11 48 00 00 00 04 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x4 for 36 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 1C C5 B7 51 A5 1D 70 A1 C1 11 48 00 00 00 01" | decode_to_chunk: output: | 00 1c c5 b7 51 a5 1d 70 a1 c1 11 48 00 00 00 01 | decode_to_chunk: Ciphertext: input "0xEB 6C 52 82 1D 0B BB F7 CE 75 94 46 2A CA 4F AAB4 07 DF 86 65 69 FD 07 F4 8C C0 B5 83 D6 07 1F1E C0 E6 B8" | decode_to_chunk: output: | eb 6c 52 82 1d 0b bb f7 ce 75 94 46 2a ca 4f aa | b4 07 df 86 65 69 fd 07 f4 8c c0 b5 83 d6 07 1f | 1e c0 e6 b8 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F20 21 22 23" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 22 23 | decode_to_chunk: expected counter-block: : input "0x 00 1C C5 B7 51 A5 1D 70 A1 C1 11 48 00 00 00 04" | decode_to_chunk: output: | 00 1c c5 b7 51 a5 1d 70 a1 c1 11 48 00 00 00 04 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x4 for 36 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x557c468cd410 | test_ctr_vector: Encrypting 36 octets using AES-CTR with 256-bit key passed testing AES_CBC: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key | decode_to_chunk: raw_key: input "0x06a9214036b8a15b512e03d534120006" | decode_to_chunk: output: | 06 a9 21 40 36 b8 a1 5b 51 2e 03 d5 34 12 00 06 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5aa30 | result: symkey-key@0x557c468cec90 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x557c468cec90 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5aa18 | result: symkey-key@0x557c468cd410 (16-bytes, AES_CBC) | symkey: release tmp-key@0x557c468cec90 | decode_to_chunk: IV: : input "0x3dafba429d9eb430b422da802c9fac41" | decode_to_chunk: output: | 3d af ba 42 9d 9e b4 30 b4 22 da 80 2c 9f ac 41 | decode_to_chunk: new IV: : input "0xe353779c1079aeb82708942dbe77181a" | decode_to_chunk: output: | e3 53 77 9c 10 79 ae b8 27 08 94 2d be 77 18 1a | decode_to_chunk: plaintext: : input "Single block msg" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: ciphertext: : input "0xe353779c1079aeb82708942dbe77181a" | decode_to_chunk: output: | e3 53 77 9c 10 79 ae b8 27 08 94 2d be 77 18 1a | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x3dafba429d9eb430b422da802c9fac41" | decode_to_chunk: output: | 3d af ba 42 9d 9e b4 30 b4 22 da 80 2c 9f ac 41 | decode_to_chunk: new IV: : input "0xe353779c1079aeb82708942dbe77181a" | decode_to_chunk: output: | e3 53 77 9c 10 79 ae b8 27 08 94 2d be 77 18 1a | decode_to_chunk: cipertext: : input "0xe353779c1079aeb82708942dbe77181a" | decode_to_chunk: output: | e3 53 77 9c 10 79 ae b8 27 08 94 2d be 77 18 1a | decode_to_chunk: plaintext: : input "Single block msg" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x557c468cd410 | test_ctr_vector: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key passed Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key | decode_to_chunk: raw_key: input "0xc286696d887c9aa0611bbb3e2025a45a" | decode_to_chunk: output: | c2 86 69 6d 88 7c 9a a0 61 1b bb 3e 20 25 a4 5a | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5aa30 | result: symkey-key@0x557c468cec90 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x557c468cec90 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5aa18 | result: symkey-key@0x557c468cd410 (16-bytes, AES_CBC) | symkey: release tmp-key@0x557c468cec90 | decode_to_chunk: IV: : input "0x562e17996d093d28ddb3ba695a2e6f58" | decode_to_chunk: output: | 56 2e 17 99 6d 09 3d 28 dd b3 ba 69 5a 2e 6f 58 | decode_to_chunk: new IV: : input "0xd296cd94c2cccf8a3a863028b5e1dc0a7586602d253cfff91b8266bea6d61ab1" | decode_to_chunk: output: | d2 96 cd 94 c2 cc cf 8a 3a 86 30 28 b5 e1 dc 0a | 75 86 60 2d 25 3c ff f9 1b 82 66 be a6 d6 1a b1 | decode_to_chunk: plaintext: : input "0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: ciphertext: : input "0xd296cd94c2cccf8a3a863028b5e1dc0a7586602d253cfff91b8266bea6d61ab1" | decode_to_chunk: output: | d2 96 cd 94 c2 cc cf 8a 3a 86 30 28 b5 e1 dc 0a | 75 86 60 2d 25 3c ff f9 1b 82 66 be a6 d6 1a b1 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x562e17996d093d28ddb3ba695a2e6f58" | decode_to_chunk: output: | 56 2e 17 99 6d 09 3d 28 dd b3 ba 69 5a 2e 6f 58 | decode_to_chunk: new IV: : input "0xd296cd94c2cccf8a3a863028b5e1dc0a7586602d253cfff91b8266bea6d61ab1" | decode_to_chunk: output: | d2 96 cd 94 c2 cc cf 8a 3a 86 30 28 b5 e1 dc 0a | 75 86 60 2d 25 3c ff f9 1b 82 66 be a6 d6 1a b1 | decode_to_chunk: cipertext: : input "0xd296cd94c2cccf8a3a863028b5e1dc0a7586602d253cfff91b8266bea6d61ab1" | decode_to_chunk: output: | d2 96 cd 94 c2 cc cf 8a 3a 86 30 28 b5 e1 dc 0a | 75 86 60 2d 25 3c ff f9 1b 82 66 be a6 d6 1a b1 | decode_to_chunk: plaintext: : input "0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x557c468cd410 | test_ctr_vector: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key passed Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key | decode_to_chunk: raw_key: input "0x6c3ea0477630ce21a2ce334aa746c2cd" | decode_to_chunk: output: | 6c 3e a0 47 76 30 ce 21 a2 ce 33 4a a7 46 c2 cd | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5aa30 | result: symkey-key@0x557c468cec90 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x557c468cec90 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5aa18 | result: symkey-key@0x557c468cd410 (16-bytes, AES_CBC) | symkey: release tmp-key@0x557c468cec90 | decode_to_chunk: IV: : input "0xc782dc4c098c66cbd9cd27d825682c81" | decode_to_chunk: output: | c7 82 dc 4c 09 8c 66 cb d9 cd 27 d8 25 68 2c 81 | decode_to_chunk: new IV: : input "0xd0a02b3836451753d493665d33f0e8862dea54cdb293abc7506939276772f8d5021c19216bad525c8579695d83ba2684" | decode_to_chunk: output: | d0 a0 2b 38 36 45 17 53 d4 93 66 5d 33 f0 e8 86 | 2d ea 54 cd b2 93 ab c7 50 69 39 27 67 72 f8 d5 | 02 1c 19 21 6b ad 52 5c 85 79 69 5d 83 ba 26 84 | decode_to_chunk: plaintext: : input "This is a 48-byte message (exactly 3 AES blocks)" | decode_to_chunk: output: | 54 68 69 73 20 69 73 20 61 20 34 38 2d 62 79 74 | 65 20 6d 65 73 73 61 67 65 20 28 65 78 61 63 74 | 6c 79 20 33 20 41 45 53 20 62 6c 6f 63 6b 73 29 | decode_to_chunk: ciphertext: : input "0xd0a02b3836451753d493665d33f0e8862dea54cdb293abc7506939276772f8d5021c19216bad525c8579695d83ba2684" | decode_to_chunk: output: | d0 a0 2b 38 36 45 17 53 d4 93 66 5d 33 f0 e8 86 | 2d ea 54 cd b2 93 ab c7 50 69 39 27 67 72 f8 d5 | 02 1c 19 21 6b ad 52 5c 85 79 69 5d 83 ba 26 84 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0xc782dc4c098c66cbd9cd27d825682c81" | decode_to_chunk: output: | c7 82 dc 4c 09 8c 66 cb d9 cd 27 d8 25 68 2c 81 | decode_to_chunk: new IV: : input "0xd0a02b3836451753d493665d33f0e8862dea54cdb293abc7506939276772f8d5021c19216bad525c8579695d83ba2684" | decode_to_chunk: output: | d0 a0 2b 38 36 45 17 53 d4 93 66 5d 33 f0 e8 86 | 2d ea 54 cd b2 93 ab c7 50 69 39 27 67 72 f8 d5 | 02 1c 19 21 6b ad 52 5c 85 79 69 5d 83 ba 26 84 | decode_to_chunk: cipertext: : input "0xd0a02b3836451753d493665d33f0e8862dea54cdb293abc7506939276772f8d5021c19216bad525c8579695d83ba2684" | decode_to_chunk: output: | d0 a0 2b 38 36 45 17 53 d4 93 66 5d 33 f0 e8 86 | 2d ea 54 cd b2 93 ab c7 50 69 39 27 67 72 f8 d5 | 02 1c 19 21 6b ad 52 5c 85 79 69 5d 83 ba 26 84 | decode_to_chunk: plaintext: : input "This is a 48-byte message (exactly 3 AES blocks)" | decode_to_chunk: output: | 54 68 69 73 20 69 73 20 61 20 34 38 2d 62 79 74 | 65 20 6d 65 73 73 61 67 65 20 28 65 78 61 63 74 | 6c 79 20 33 20 41 45 53 20 62 6c 6f 63 6b 73 29 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x557c468cd410 | test_ctr_vector: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key passed Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key | decode_to_chunk: raw_key: input "0x56e47a38c5598974bc46903dba290349" | decode_to_chunk: output: | 56 e4 7a 38 c5 59 89 74 bc 46 90 3d ba 29 03 49 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5aa30 | result: symkey-key@0x557c468cec90 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x557c468cec90 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5aa18 | result: symkey-key@0x557c468cd410 (16-bytes, AES_CBC) | symkey: release tmp-key@0x557c468cec90 | decode_to_chunk: IV: : input "0x8ce82eefbea0da3c44699ed7db51b7d9" | decode_to_chunk: output: | 8c e8 2e ef be a0 da 3c 44 69 9e d7 db 51 b7 d9 | decode_to_chunk: new IV: : input "0xc30e32ffedc0774e6aff6af0869f71aa0f3af07a9a31a9c684db207eb0ef8e4e35907aa632c3ffdf868bb7b29d3d46ad83ce9f9a102ee99d49a53e87f4c3da55" | decode_to_chunk: output: | c3 0e 32 ff ed c0 77 4e 6a ff 6a f0 86 9f 71 aa | 0f 3a f0 7a 9a 31 a9 c6 84 db 20 7e b0 ef 8e 4e | 35 90 7a a6 32 c3 ff df 86 8b b7 b2 9d 3d 46 ad | 83 ce 9f 9a 10 2e e9 9d 49 a5 3e 87 f4 c3 da 55 | decode_to_chunk: plaintext: : input "0xa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedf" | decode_to_chunk: output: | a0 a1 a2 a3 a4 a5 a6 a7 a8 a9 aa ab ac ad ae af | b0 b1 b2 b3 b4 b5 b6 b7 b8 b9 ba bb bc bd be bf | c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf | d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 da db dc dd de df | decode_to_chunk: ciphertext: : input "0xc30e32ffedc0774e6aff6af0869f71aa0f3af07a9a31a9c684db207eb0ef8e4e35907aa632c3ffdf868bb7b29d3d46ad83ce9f9a102ee99d49a53e87f4c3da55" | decode_to_chunk: output: | c3 0e 32 ff ed c0 77 4e 6a ff 6a f0 86 9f 71 aa | 0f 3a f0 7a 9a 31 a9 c6 84 db 20 7e b0 ef 8e 4e | 35 90 7a a6 32 c3 ff df 86 8b b7 b2 9d 3d 46 ad | 83 ce 9f 9a 10 2e e9 9d 49 a5 3e 87 f4 c3 da 55 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x8ce82eefbea0da3c44699ed7db51b7d9" | decode_to_chunk: output: | 8c e8 2e ef be a0 da 3c 44 69 9e d7 db 51 b7 d9 | decode_to_chunk: new IV: : input "0xc30e32ffedc0774e6aff6af0869f71aa0f3af07a9a31a9c684db207eb0ef8e4e35907aa632c3ffdf868bb7b29d3d46ad83ce9f9a102ee99d49a53e87f4c3da55" | decode_to_chunk: output: | c3 0e 32 ff ed c0 77 4e 6a ff 6a f0 86 9f 71 aa | 0f 3a f0 7a 9a 31 a9 c6 84 db 20 7e b0 ef 8e 4e | 35 90 7a a6 32 c3 ff df 86 8b b7 b2 9d 3d 46 ad | 83 ce 9f 9a 10 2e e9 9d 49 a5 3e 87 f4 c3 da 55 | decode_to_chunk: cipertext: : input "0xc30e32ffedc0774e6aff6af0869f71aa0f3af07a9a31a9c684db207eb0ef8e4e35907aa632c3ffdf868bb7b29d3d46ad83ce9f9a102ee99d49a53e87f4c3da55" | decode_to_chunk: output: | c3 0e 32 ff ed c0 77 4e 6a ff 6a f0 86 9f 71 aa | 0f 3a f0 7a 9a 31 a9 c6 84 db 20 7e b0 ef 8e 4e | 35 90 7a a6 32 c3 ff df 86 8b b7 b2 9d 3d 46 ad | 83 ce 9f 9a 10 2e e9 9d 49 a5 3e 87 f4 c3 da 55 | decode_to_chunk: plaintext: : input "0xa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedf" | decode_to_chunk: output: | a0 a1 a2 a3 a4 a5 a6 a7 a8 a9 aa ab ac ad ae af | b0 b1 b2 b3 b4 b5 b6 b7 b8 b9 ba bb bc bd be bf | c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf | d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 da db dc dd de df | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x557c468cd410 | test_ctr_vector: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key passed testing AES_XCBC: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "" | decode_to_chunk: output: | | decode_to_chunk: test_prf_vector: input "0x75f0251d528ac01c4573dfd584d79f29" | decode_to_chunk: output: | 75 f0 25 1d 52 8a c0 1c 45 73 df d5 84 d7 9f 29 | PRF chunk interface PRF aes_xcbc init key-chunk@0x557c468d0730 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a9b0 | result: key-key@0x557c468cec90 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x557c468cec90 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a998 | result: key-key@0x557c468cd410 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x557c468cec90 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x557c468cd410 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a978 | result: key-key@0x557c468cec90 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x557c468cd410 | PRF chunk interface PRF aes_xcbc crypt-prf@0x557c468d0530 | PRF chunk interface PRF aes_xcbc update message-bytes@0x557c468cbbe0 (length 0) | | XCBC: data | K extracting all 16 bytes of key@0x557c468cec90 | K: symkey-key@0x557c468cec90 (16-bytes, AES_ECB) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x557c468d1160 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1928701232: 0c 43 ffffffd6 31 ffffffd8 ffffffb4 65 ffffff82 48 fffffff0 ffffff96 ffffff8e 3d ffffff8b ffffffbb 3e | K: release slot-key-key@0x557c468d1160 | K extracted len 16 bytes at 0x557c468d0800 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a910 | result: k1-key@0x557c468d13f0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x557c468d13f0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a8f8 | result: k1-key@0x557c468cd410 (16-bytes, AES_ECB) | k1: release tmp-key@0x557c468d13f0 | Computing E[0] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: M[n] | XCBC: M[n] | XCBC: M[n]:80...^E[n-1]^K3 | 41 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: MAC 75 f0 25 1d 52 8a c0 1c 45 73 df d5 84 d7 9f 29 | xcbc: release k1-key@0x557c468cd410 | PRF chunk interface: release key-key@0x557c468cec90 | PRF chunk interface PRF aes_xcbc final-chunk@0x557c468d0550 (length 16) | 75 f0 25 1d 52 8a c0 1c 45 73 df d5 84 d7 9f 29 | chunk output 75 f0 25 1d 52 8a c0 1c 45 73 df d5 84 d7 9f 29 | verify_chunk_data: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input: ok | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5aa20 | result: key symkey-key@0x557c468cd410 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x557c468cd410 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5aa08 | result: key symkey-key@0x557c468cec90 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x557c468cd410 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x557c468cec90 (size 16) | PRF symkey interface: key symkey-key@0x557c468cec90 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x557c468cec90 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a9a8 | result: key symkey-key@0x557c468cd410 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x557c468d0530 | PRF symkey interface PRF aes_xcbc update symkey message-key@(nil) (size 0) | PRF symkey interface: symkey message-key@NULL | symkey message NULL key has no bytes | XCBC: data | K extracting all 16 bytes of key@0x557c468cd410 | K: symkey-key@0x557c468cd410 (16-bytes, AES_ECB) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x557c468d1160 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1023: 0c 43 ffffffd6 31 ffffffd8 ffffffb4 65 ffffff82 48 fffffff0 ffffff96 ffffff8e 3d ffffff8b ffffffbb 3e | K: release slot-key-key@0x557c468d1160 | K extracted len 16 bytes at 0x557c468d11f0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a930 | result: k1-key@0x557c468d2ce0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x557c468d2ce0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a918 | result: k1-key@0x557c468d13f0 (16-bytes, AES_ECB) | k1: release tmp-key@0x557c468d2ce0 | Computing E[0] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: M[n] | XCBC: M[n] | XCBC: M[n]:80...^E[n-1]^K3 | 41 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: MAC 75 f0 25 1d 52 8a c0 1c 45 73 df d5 84 d7 9f 29 | xcbc: release k1-key@0x557c468d13f0 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a9c0 | result: xcbc-key@0x557c468d2ce0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x557c468d2ce0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a9a8 | result: xcbc-key@0x557c468d13f0 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x557c468d2ce0 | PRF symkey interface: release key-key@0x557c468cd410 | PRF symkey interface PRF aes_xcbc final-key@0x557c468d13f0 (size 16) | PRF symkey interface: key-key@0x557c468d13f0 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x557c468d13f0 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input extracting all 16 bytes of key@0x557c468d13f0 | RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input: symkey-key@0x557c468d13f0 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input: new slot-key@0x557c468d1160 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1149555161: 4d ffffff9f 2e 64 26 ffffff8f 63 3c ffffff8d 4e 1a 60 20 67 2c ffffff8d | RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input: release slot-key-key@0x557c468d1160 | RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input extracted len 16 bytes at 0x557c468d0750 | unwrapped: 75 f0 25 1d 52 8a c0 1c 45 73 df d5 84 d7 9f 29 | verify_chunk_data: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input: ok | test_prf_vector: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input passed | test_prf_vector: release symkey-key@0x557c468d13f0 | test_prf_vector: release message-key@NULL | test_prf_vector: release key-key@0x557c468cec90 | test_prf_vector: release output-key@NULL RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0x000102" | decode_to_chunk: output: | 00 01 02 | decode_to_chunk: test_prf_vector: input "0x5b376580ae2f19afe7219ceef172756f" | decode_to_chunk: output: | 5b 37 65 80 ae 2f 19 af e7 21 9c ee f1 72 75 6f | PRF chunk interface PRF aes_xcbc init key-chunk@0x557c468d0530 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a9b0 | result: key-key@0x557c468d13f0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x557c468d13f0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a998 | result: key-key@0x557c468cec90 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x557c468d13f0 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x557c468cec90 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a978 | result: key-key@0x557c468d13f0 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x557c468cec90 | PRF chunk interface PRF aes_xcbc crypt-prf@0x557c468d0960 | PRF chunk interface PRF aes_xcbc update message-bytes@0x557c468d0750 (length 3) | 00 01 02 | XCBC: data 00 01 02 | K extracting all 16 bytes of key@0x557c468d13f0 | K: symkey-key@0x557c468d13f0 (16-bytes, AES_ECB) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x557c468d1160 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1928701232: 0c 43 ffffffd6 31 ffffffd8 ffffffb4 65 ffffff82 48 fffffff0 ffffff96 ffffff8e 3d ffffff8b ffffffbb 3e | K: release slot-key-key@0x557c468d1160 | K extracted len 16 bytes at 0x557c468d0730 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a910 | result: k1-key@0x557c468cd410 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x557c468cd410 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a8f8 | result: k1-key@0x557c468cec90 (16-bytes, AES_ECB) | k1: release tmp-key@0x557c468cd410 | Computing E[1] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: M[n] 00 01 02 | XCBC: M[n] 00 01 02 | XCBC: M[n]:80...^E[n-1]^K3 | c1 a6 a9 21 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: MAC 5b 37 65 80 ae 2f 19 af e7 21 9c ee f1 72 75 6f | xcbc: release k1-key@0x557c468cec90 | PRF chunk interface: release key-key@0x557c468d13f0 | PRF chunk interface PRF aes_xcbc final-chunk@0x557c468d0510 (length 16) | 5b 37 65 80 ae 2f 19 af e7 21 9c ee f1 72 75 6f | chunk output 5b 37 65 80 ae 2f 19 af e7 21 9c ee f1 72 75 6f | verify_chunk_data: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input: ok | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5aa20 | result: key symkey-key@0x557c468cec90 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x557c468cec90 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5aa08 | result: key symkey-key@0x557c468d13f0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x557c468cec90 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x557c468d13f0 (size 16) | PRF symkey interface: key symkey-key@0x557c468d13f0 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x557c468d13f0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a9a8 | result: key symkey-key@0x557c468cec90 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x557c468d0800 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5aa20 | result: message symkey-key@0x557c468d2ce0 (19-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 3 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 3-bytes | base: base-key@0x557c468d2ce0 (19-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5aa08 | result: message symkey-key@0x557c468cd410 (3-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x557c468d2ce0 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x557c468cd410 (size 3) | PRF symkey interface: symkey message-key@0x557c468cd410 (3-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 3 bytes of key@0x557c468cd410 | symkey message: symkey-key@0x557c468cd410 (3-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x557c468d1160 (3-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1928701440: ffffff86 ffffff9f ffffff97 65 ffffffbb ffffffec 0a ffffffef 74 ffffffa4 ffffffd2 3a ffffffa3 ffffffcf 0f ffffffd9 | symkey message: release slot-key-key@0x557c468d1160 | symkey message extracted len 16 bytes at 0x557c468d1480 | unwrapped: 00 01 02 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 | K extracting all 16 bytes of key@0x557c468cec90 | K: symkey-key@0x557c468cec90 (16-bytes, AES_ECB) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x557c468d1160 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: 0c 43 ffffffd6 31 ffffffd8 ffffffb4 65 ffffff82 48 fffffff0 ffffff96 ffffff8e 3d ffffff8b ffffffbb 3e | K: release slot-key-key@0x557c468d1160 | K extracted len 16 bytes at 0x557c468d0960 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a930 | result: k1-key@0x557c468d4560 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x557c468d4560 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a918 | result: k1-key@0x557c468d2ce0 (16-bytes, AES_ECB) | k1: release tmp-key@0x557c468d4560 | Computing E[1] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: M[n] 00 01 02 | XCBC: M[n] 00 01 02 | XCBC: M[n]:80...^E[n-1]^K3 | c1 a6 a9 21 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: MAC 5b 37 65 80 ae 2f 19 af e7 21 9c ee f1 72 75 6f | xcbc: release k1-key@0x557c468d2ce0 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a9c0 | result: xcbc-key@0x557c468d4560 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x557c468d4560 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a9a8 | result: xcbc-key@0x557c468d2ce0 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x557c468d4560 | PRF symkey interface: release key-key@0x557c468cec90 | PRF symkey interface PRF aes_xcbc final-key@0x557c468d2ce0 (size 16) | PRF symkey interface: key-key@0x557c468d2ce0 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x557c468d2ce0 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input extracting all 16 bytes of key@0x557c468d2ce0 | RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input: symkey-key@0x557c468d2ce0 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input: new slot-key@0x557c468d1160 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1149555161: ffffffd1 70 ffffffa1 ffffffea ffffffb7 ffffff85 ffffffeb ffffffcd fffffff1 7a 7d 56 67 29 48 ffffff98 | RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input: release slot-key-key@0x557c468d1160 | RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input extracted len 16 bytes at 0x557c468d0960 | unwrapped: 5b 37 65 80 ae 2f 19 af e7 21 9c ee f1 72 75 6f | verify_chunk_data: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input: ok | test_prf_vector: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input passed | test_prf_vector: release symkey-key@0x557c468d2ce0 | test_prf_vector: release message-key@0x557c468cd410 | test_prf_vector: release key-key@0x557c468d13f0 | test_prf_vector: release output-key@NULL RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0xd2a246fa349b68a79998a4394ff7a263" | decode_to_chunk: output: | d2 a2 46 fa 34 9b 68 a7 99 98 a4 39 4f f7 a2 63 | PRF chunk interface PRF aes_xcbc init key-chunk@0x557c468d1480 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a9b0 | result: key-key@0x557c468cd410 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x557c468cd410 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a998 | result: key-key@0x557c468d13f0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x557c468cd410 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x557c468d13f0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a978 | result: key-key@0x557c468cd410 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x557c468d13f0 | PRF chunk interface PRF aes_xcbc crypt-prf@0x557c468d0730 | PRF chunk interface PRF aes_xcbc update message-bytes@0x557c468d0960 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | K extracting all 16 bytes of key@0x557c468cd410 | K: symkey-key@0x557c468cd410 (16-bytes, AES_ECB) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x557c468d1160 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540618784: 0c 43 ffffffd6 31 ffffffd8 ffffffb4 65 ffffff82 48 fffffff0 ffffff96 ffffff8e 3d ffffff8b ffffffbb 3e | K: release slot-key-key@0x557c468d1160 | K extracted len 16 bytes at 0x557c468d0750 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a910 | result: k1-key@0x557c468d2ce0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x557c468d2ce0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a8f8 | result: k1-key@0x557c468d13f0 (16-bytes, AES_ECB) | k1: release tmp-key@0x557c468d2ce0 | XCBC: Computing E[1] using K2 | XCBC: K2 bd 86 2f fb 97 ad 2f b8 f8 b8 91 f6 03 2f 36 cb | XCBC: E[n-1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: M[n] 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: M[n]^E[n-1]^K2 | bd 87 2d f8 93 a8 29 bf f0 b1 9b fd 0f 22 38 c4 | XCBC: MAC d2 a2 46 fa 34 9b 68 a7 99 98 a4 39 4f f7 a2 63 | xcbc: release k1-key@0x557c468d13f0 | PRF chunk interface: release key-key@0x557c468cd410 | PRF chunk interface PRF aes_xcbc final-chunk@0x557c468d0510 (length 16) | d2 a2 46 fa 34 9b 68 a7 99 98 a4 39 4f f7 a2 63 | chunk output d2 a2 46 fa 34 9b 68 a7 99 98 a4 39 4f f7 a2 63 | verify_chunk_data: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input: ok | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5aa20 | result: key symkey-key@0x557c468d13f0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x557c468d13f0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5aa08 | result: key symkey-key@0x557c468cd410 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x557c468d13f0 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x557c468cd410 (size 16) | PRF symkey interface: key symkey-key@0x557c468cd410 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x557c468cd410 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a9a8 | result: key symkey-key@0x557c468d13f0 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x557c468d0550 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5aa20 | result: message symkey-key@0x557c468cec90 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x557c468cec90 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5aa08 | result: message symkey-key@0x557c468d2ce0 (16-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x557c468cec90 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x557c468d2ce0 (size 16) | PRF symkey interface: symkey message-key@0x557c468d2ce0 (16-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 16 bytes of key@0x557c468d2ce0 | symkey message: symkey-key@0x557c468d2ce0 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x557c468d1160 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1928701440: 0c 43 ffffffd6 31 ffffffd8 ffffffb4 65 ffffff82 48 fffffff0 ffffff96 ffffff8e 3d ffffff8b ffffffbb 3e | symkey message: release slot-key-key@0x557c468d1160 | symkey message extracted len 16 bytes at 0x557c468d0530 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | K extracting all 16 bytes of key@0x557c468d13f0 | K: symkey-key@0x557c468d13f0 (16-bytes, AES_ECB) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x557c468d1160 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: 0c 43 ffffffd6 31 ffffffd8 ffffffb4 65 ffffff82 48 fffffff0 ffffff96 ffffff8e 3d ffffff8b ffffffbb 3e | K: release slot-key-key@0x557c468d1160 | K extracted len 16 bytes at 0x557c468d11f0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a930 | result: k1-key@0x557c468d4560 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x557c468d4560 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a918 | result: k1-key@0x557c468cec90 (16-bytes, AES_ECB) | k1: release tmp-key@0x557c468d4560 | XCBC: Computing E[1] using K2 | XCBC: K2 bd 86 2f fb 97 ad 2f b8 f8 b8 91 f6 03 2f 36 cb | XCBC: E[n-1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: M[n] 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: M[n]^E[n-1]^K2 | bd 87 2d f8 93 a8 29 bf f0 b1 9b fd 0f 22 38 c4 | XCBC: MAC d2 a2 46 fa 34 9b 68 a7 99 98 a4 39 4f f7 a2 63 | xcbc: release k1-key@0x557c468cec90 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a9c0 | result: xcbc-key@0x557c468d4560 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x557c468d4560 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a9a8 | result: xcbc-key@0x557c468cec90 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x557c468d4560 | PRF symkey interface: release key-key@0x557c468d13f0 | PRF symkey interface PRF aes_xcbc final-key@0x557c468cec90 (size 16) | PRF symkey interface: key-key@0x557c468cec90 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x557c468cec90 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input extracting all 16 bytes of key@0x557c468cec90 | RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input: symkey-key@0x557c468cec90 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input: new slot-key@0x557c468d1160 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1149555161: 54 ffffffc5 ffffffdb ffffff9e ffffffed ffffff9d 25 ffffffa6 4a 53 0c ffffff9b 7d 65 fffffff5 7e | RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input: release slot-key-key@0x557c468d1160 | RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input extracted len 16 bytes at 0x557c468d11f0 | unwrapped: d2 a2 46 fa 34 9b 68 a7 99 98 a4 39 4f f7 a2 63 | verify_chunk_data: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input: ok | test_prf_vector: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input passed | test_prf_vector: release symkey-key@0x557c468cec90 | test_prf_vector: release message-key@0x557c468d2ce0 | test_prf_vector: release key-key@0x557c468cd410 | test_prf_vector: release output-key@NULL RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f10111213" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | decode_to_chunk: test_prf_vector: input "0x47f51b4564966215b8985c63055ed308" | decode_to_chunk: output: | 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | PRF chunk interface PRF aes_xcbc init key-chunk@0x557c468d0530 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a9b0 | result: key-key@0x557c468d2ce0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x557c468d2ce0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a998 | result: key-key@0x557c468cd410 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x557c468d2ce0 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x557c468cd410 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a978 | result: key-key@0x557c468d2ce0 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x557c468cd410 | PRF chunk interface PRF aes_xcbc crypt-prf@0x557c468d0750 | PRF chunk interface PRF aes_xcbc update message-bytes@0x557c468d11f0 (length 20) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x557c468d2ce0 | K: symkey-key@0x557c468d2ce0 (16-bytes, AES_ECB) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x557c468d1160 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540618784: 0c 43 ffffffd6 31 ffffffd8 ffffffb4 65 ffffff82 48 fffffff0 ffffff96 ffffff8e 3d ffffff8b ffffffbb 3e | K: release slot-key-key@0x557c468d1160 | K extracted len 16 bytes at 0x557c468d0960 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a910 | result: k1-key@0x557c468cec90 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x557c468cec90 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a8f8 | result: k1-key@0x557c468cd410 (16-bytes, AES_ECB) | k1: release tmp-key@0x557c468cec90 | Computing E[2] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 1d 04 48 fa cf 4d 9c 6f 55 b9 93 da 09 80 3d b3 | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | cc b2 f1 48 ed 77 08 69 0d be 33 56 c1 6e ed dd | XCBC: MAC 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | xcbc: release k1-key@0x557c468cd410 | PRF chunk interface: release key-key@0x557c468d2ce0 | PRF chunk interface PRF aes_xcbc final-chunk@0x557c468d0800 (length 16) | 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | chunk output 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | verify_chunk_data: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input: ok | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5aa20 | result: key symkey-key@0x557c468cd410 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x557c468cd410 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5aa08 | result: key symkey-key@0x557c468d2ce0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x557c468cd410 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x557c468d2ce0 (size 16) | PRF symkey interface: key symkey-key@0x557c468d2ce0 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x557c468d2ce0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a9a8 | result: key symkey-key@0x557c468cd410 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x557c468d0730 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5aa20 | result: message symkey-key@0x557c468d13f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x557c468d13f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5aa08 | result: message symkey-key@0x557c468cec90 (20-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x557c468d13f0 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x557c468cec90 (size 20) | PRF symkey interface: symkey message-key@0x557c468cec90 (20-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 20 bytes of key@0x557c468cec90 | symkey message: symkey-key@0x557c468cec90 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1928701440: 0c 43 ffffffd6 31 ffffffd8 ffffffb4 65 ffffff82 48 fffffff0 ffffff96 ffffff8e 3d ffffff8b ffffffbb 3e ffffffe0 3b 59 fffffffd ffffff95 0d 57 6c ffffff90 ffffffb0 ffffff9d 05 ffffffbb ffffffd0 63 00 | symkey message: release slot-key-key@0x557c468d1160 | symkey message extracted len 32 bytes at 0x557c468d0dc0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: 10 11 12 13 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x557c468cd410 | K: symkey-key@0x557c468cd410 (16-bytes, AES_ECB) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x557c468d1160 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: 0c 43 ffffffd6 31 ffffffd8 ffffffb4 65 ffffff82 48 fffffff0 ffffff96 ffffff8e 3d ffffff8b ffffffbb 3e | K: release slot-key-key@0x557c468d1160 | K extracted len 16 bytes at 0x557c468cbbe0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a930 | result: k1-key@0x557c468d4560 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x557c468d4560 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a918 | result: k1-key@0x557c468d13f0 (16-bytes, AES_ECB) | k1: release tmp-key@0x557c468d4560 | Computing E[2] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 1d 04 48 fa cf 4d 9c 6f 55 b9 93 da 09 80 3d b3 | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | cc b2 f1 48 ed 77 08 69 0d be 33 56 c1 6e ed dd | XCBC: MAC 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | xcbc: release k1-key@0x557c468d13f0 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a9c0 | result: xcbc-key@0x557c468d4560 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x557c468d4560 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a9a8 | result: xcbc-key@0x557c468d13f0 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x557c468d4560 | PRF symkey interface: release key-key@0x557c468cd410 | PRF symkey interface PRF aes_xcbc final-key@0x557c468d13f0 (size 16) | PRF symkey interface: key-key@0x557c468d13f0 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x557c468d13f0 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input extracting all 16 bytes of key@0x557c468d13f0 | RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input: symkey-key@0x557c468d13f0 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input: new slot-key@0x557c468d1160 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1149555161: ffffffb8 ffffffe1 ffffff8a 5f ffffffd4 fffffff9 3f 48 ffffffad ffffffe2 1c 51 6c 48 7a 27 | RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input: release slot-key-key@0x557c468d1160 | RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input extracted len 16 bytes at 0x557c468cbbe0 | unwrapped: 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | verify_chunk_data: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input: ok | test_prf_vector: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input passed | test_prf_vector: release symkey-key@0x557c468d13f0 | test_prf_vector: release message-key@0x557c468cec90 | test_prf_vector: release key-key@0x557c468d2ce0 | test_prf_vector: release output-key@NULL RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: test_prf_vector: input "0xf54f0ec8d2b9f3d36807734bd5283fd4" | decode_to_chunk: output: | f5 4f 0e c8 d2 b9 f3 d3 68 07 73 4b d5 28 3f d4 | PRF chunk interface PRF aes_xcbc init key-chunk@0x557c468d0960 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a9b0 | result: key-key@0x557c468cec90 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x557c468cec90 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a998 | result: key-key@0x557c468d2ce0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x557c468cec90 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x557c468d2ce0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a978 | result: key-key@0x557c468cec90 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x557c468d2ce0 | PRF chunk interface PRF aes_xcbc crypt-prf@0x557c468cbda0 | PRF chunk interface PRF aes_xcbc update message-bytes@0x557c468cbe70 (length 32) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | K extracting all 16 bytes of key@0x557c468cec90 | K: symkey-key@0x557c468cec90 (16-bytes, AES_ECB) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x557c468d1160 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540619040: 0c 43 ffffffd6 31 ffffffd8 ffffffb4 65 ffffff82 48 fffffff0 ffffff96 ffffff8e 3d ffffff8b ffffffbb 3e | K: release slot-key-key@0x557c468d1160 | K extracted len 16 bytes at 0x557c468cbcd0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a910 | result: k1-key@0x557c468d13f0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x557c468d13f0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a8f8 | result: k1-key@0x557c468d2ce0 (16-bytes, AES_ECB) | k1: release tmp-key@0x557c468d13f0 | XCBC: Computing E[2] using K2 | XCBC: K2 bd 86 2f fb 97 ad 2f b8 f8 b8 91 f6 03 2f 36 cb | XCBC: E[n-1] 1d 04 48 fa cf 4d 9c 6f 55 b9 93 da 09 80 3d b3 | XCBC: M[n] 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | XCBC: M[n]^E[n-1]^K2 | b0 93 75 12 4c f5 a5 c0 b5 18 18 37 16 b2 15 67 | XCBC: MAC f5 4f 0e c8 d2 b9 f3 d3 68 07 73 4b d5 28 3f d4 | xcbc: release k1-key@0x557c468d2ce0 | PRF chunk interface: release key-key@0x557c468cec90 | PRF chunk interface PRF aes_xcbc final-chunk@0x557c468d1480 (length 16) | f5 4f 0e c8 d2 b9 f3 d3 68 07 73 4b d5 28 3f d4 | chunk output f5 4f 0e c8 d2 b9 f3 d3 68 07 73 4b d5 28 3f d4 | verify_chunk_data: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input: ok | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5aa20 | result: key symkey-key@0x557c468d2ce0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x557c468d2ce0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5aa08 | result: key symkey-key@0x557c468cec90 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x557c468d2ce0 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x557c468cec90 (size 16) | PRF symkey interface: key symkey-key@0x557c468cec90 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x557c468cec90 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a9a8 | result: key symkey-key@0x557c468d2ce0 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x557c468d0550 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5aa20 | result: message symkey-key@0x557c468cd410 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x557c468cd410 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5aa08 | result: message symkey-key@0x557c468d13f0 (32-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x557c468cd410 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x557c468d13f0 (size 32) | PRF symkey interface: symkey message-key@0x557c468d13f0 (32-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 32 bytes of key@0x557c468d13f0 | symkey message: symkey-key@0x557c468d13f0 (32-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x557c468d1160 (32-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1928701440: 0c 43 ffffffd6 31 ffffffd8 ffffffb4 65 ffffff82 48 fffffff0 ffffff96 ffffff8e 3d ffffff8b ffffffbb 3e ffffff8d ffffffba 1e 0a 5f 06 4b 07 2b ffffff9d 50 ffffff8e ffffff94 fffffff0 58 2c | symkey message: release slot-key-key@0x557c468d1160 | symkey message extracted len 32 bytes at 0x557c468d1210 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | K extracting all 16 bytes of key@0x557c468d2ce0 | K: symkey-key@0x557c468d2ce0 (16-bytes, AES_ECB) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x557c468d1160 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: 0c 43 ffffffd6 31 ffffffd8 ffffffb4 65 ffffff82 48 fffffff0 ffffff96 ffffff8e 3d ffffff8b ffffffbb 3e | K: release slot-key-key@0x557c468d1160 | K extracted len 16 bytes at 0x557c468d11f0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a930 | result: k1-key@0x557c468d4560 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x557c468d4560 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a918 | result: k1-key@0x557c468cd410 (16-bytes, AES_ECB) | k1: release tmp-key@0x557c468d4560 | XCBC: Computing E[2] using K2 | XCBC: K2 bd 86 2f fb 97 ad 2f b8 f8 b8 91 f6 03 2f 36 cb | XCBC: E[n-1] 1d 04 48 fa cf 4d 9c 6f 55 b9 93 da 09 80 3d b3 | XCBC: M[n] 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | XCBC: M[n]^E[n-1]^K2 | b0 93 75 12 4c f5 a5 c0 b5 18 18 37 16 b2 15 67 | XCBC: MAC f5 4f 0e c8 d2 b9 f3 d3 68 07 73 4b d5 28 3f d4 | xcbc: release k1-key@0x557c468cd410 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a9c0 | result: xcbc-key@0x557c468d4560 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x557c468d4560 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a9a8 | result: xcbc-key@0x557c468cd410 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x557c468d4560 | PRF symkey interface: release key-key@0x557c468d2ce0 | PRF symkey interface PRF aes_xcbc final-key@0x557c468cd410 (size 16) | PRF symkey interface: key-key@0x557c468cd410 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x557c468cd410 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input extracting all 16 bytes of key@0x557c468cd410 | RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input: symkey-key@0x557c468cd410 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input: new slot-key@0x557c468d1160 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1149555161: ffffffcf ffffff84 3f 41 ffffffeb ffffffbc 4d 5e ffffffea ffffff81 59 7e ffffffd1 10 2a 66 | RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input: release slot-key-key@0x557c468d1160 | RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input extracted len 16 bytes at 0x557c468d11f0 | unwrapped: f5 4f 0e c8 d2 b9 f3 d3 68 07 73 4b d5 28 3f d4 | verify_chunk_data: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input: ok | test_prf_vector: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input passed | test_prf_vector: release symkey-key@0x557c468cd410 | test_prf_vector: release message-key@0x557c468d13f0 | test_prf_vector: release key-key@0x557c468cec90 | test_prf_vector: release output-key@NULL RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f2021" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 | decode_to_chunk: test_prf_vector: input "0xbecbb3bccdb518a30677d5481fb6b4d8" | decode_to_chunk: output: | be cb b3 bc cd b5 18 a3 06 77 d5 48 1f b6 b4 d8 | PRF chunk interface PRF aes_xcbc init key-chunk@0x557c468d0550 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a9b0 | result: key-key@0x557c468d13f0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x557c468d13f0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a998 | result: key-key@0x557c468cec90 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x557c468d13f0 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x557c468cec90 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a978 | result: key-key@0x557c468d13f0 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x557c468cec90 | PRF chunk interface PRF aes_xcbc crypt-prf@0x557c468cbcd0 | PRF chunk interface PRF aes_xcbc update message-bytes@0x557c468cbea0 (length 34) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | XCBC: data 20 21 | K extracting all 16 bytes of key@0x557c468d13f0 | K: symkey-key@0x557c468d13f0 (16-bytes, AES_ECB) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x557c468d1160 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540619040: 0c 43 ffffffd6 31 ffffffd8 ffffffb4 65 ffffff82 48 fffffff0 ffffff96 ffffff8e 3d ffffff8b ffffffbb 3e | K: release slot-key-key@0x557c468d1160 | K extracted len 16 bytes at 0x557c468cbbe0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a910 | result: k1-key@0x557c468cd410 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x557c468cd410 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a8f8 | result: k1-key@0x557c468cec90 (16-bytes, AES_ECB) | k1: release tmp-key@0x557c468cd410 | Computing E[3] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 09 02 5e 5a 67 25 20 72 44 14 5c 6b 80 66 85 79 | XCBC: M[n] 20 21 | XCBC: M[n] 20 21 | XCBC: M[n]:80...^E[n-1]^K3 | e8 84 75 fb c5 1f b4 74 1c 13 fc e7 48 88 55 17 | XCBC: MAC be cb b3 bc cd b5 18 a3 06 77 d5 48 1f b6 b4 d8 | xcbc: release k1-key@0x557c468cec90 | PRF chunk interface: release key-key@0x557c468d13f0 | PRF chunk interface PRF aes_xcbc final-chunk@0x557c468d0730 (length 16) | be cb b3 bc cd b5 18 a3 06 77 d5 48 1f b6 b4 d8 | chunk output be cb b3 bc cd b5 18 a3 06 77 d5 48 1f b6 b4 d8 | verify_chunk_data: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input: ok | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5aa20 | result: key symkey-key@0x557c468cec90 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x557c468cec90 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5aa08 | result: key symkey-key@0x557c468d13f0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x557c468cec90 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x557c468d13f0 (size 16) | PRF symkey interface: key symkey-key@0x557c468d13f0 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x557c468d13f0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a9a8 | result: key symkey-key@0x557c468cec90 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x557c468d0750 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5aa20 | result: message symkey-key@0x557c468d2ce0 (50-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 34 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 34-bytes | base: base-key@0x557c468d2ce0 (50-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5aa08 | result: message symkey-key@0x557c468cd410 (34-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x557c468d2ce0 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x557c468cd410 (size 34) | PRF symkey interface: symkey message-key@0x557c468cd410 (34-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 34 bytes of key@0x557c468cd410 | symkey message: symkey-key@0x557c468cd410 (34-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x557c468d1160 (34-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)1928701440: 0c 43 ffffffd6 31 ffffffd8 ffffffb4 65 ffffff82 48 fffffff0 ffffff96 ffffff8e 3d ffffff8b ffffffbb 3e ffffff8d ffffffba 1e 0a 5f 06 4b 07 2b ffffff9d 50 ffffff8e ffffff94 fffffff0 58 2c ffffffd1 ffffffa4 ffffffed 1a 1f 52 ffffffdf 62 ffffffed 3b 70 ffffffb5 ffffffb6 ffffffac 12 ffffffd1 | symkey message: release slot-key-key@0x557c468d1160 | symkey message extracted len 48 bytes at 0x557c468d0770 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | unwrapped: 20 21 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | XCBC: data 20 21 | K extracting all 16 bytes of key@0x557c468cec90 | K: symkey-key@0x557c468cec90 (16-bytes, AES_ECB) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x557c468d1160 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: 0c 43 ffffffd6 31 ffffffd8 ffffffb4 65 ffffff82 48 fffffff0 ffffff96 ffffff8e 3d ffffff8b ffffffbb 3e | K: release slot-key-key@0x557c468d1160 | K extracted len 16 bytes at 0x557c468cbda0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a930 | result: k1-key@0x557c468d4560 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x557c468d4560 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a918 | result: k1-key@0x557c468d2ce0 (16-bytes, AES_ECB) | k1: release tmp-key@0x557c468d4560 | Computing E[3] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 09 02 5e 5a 67 25 20 72 44 14 5c 6b 80 66 85 79 | XCBC: M[n] 20 21 | XCBC: M[n] 20 21 | XCBC: M[n]:80...^E[n-1]^K3 | e8 84 75 fb c5 1f b4 74 1c 13 fc e7 48 88 55 17 | XCBC: MAC be cb b3 bc cd b5 18 a3 06 77 d5 48 1f b6 b4 d8 | xcbc: release k1-key@0x557c468d2ce0 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a9c0 | result: xcbc-key@0x557c468d4560 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x557c468d4560 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a9a8 | result: xcbc-key@0x557c468d2ce0 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x557c468d4560 | PRF symkey interface: release key-key@0x557c468cec90 | PRF symkey interface PRF aes_xcbc final-key@0x557c468d2ce0 (size 16) | PRF symkey interface: key-key@0x557c468d2ce0 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x557c468d2ce0 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input extracting all 16 bytes of key@0x557c468d2ce0 | RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input: symkey-key@0x557c468d2ce0 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input: new slot-key@0x557c468d1160 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1149555161: 02 5f ffffffb3 ffffffb5 5b ffffffe2 6a 72 ffffffec 25 57 ffffff96 79 38 38 4f | RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input: release slot-key-key@0x557c468d1160 | RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input extracted len 16 bytes at 0x557c468cbda0 | unwrapped: be cb b3 bc cd b5 18 a3 06 77 d5 48 1f b6 b4 d8 | verify_chunk_data: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input: ok | test_prf_vector: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input passed | test_prf_vector: release symkey-key@0x557c468d2ce0 | test_prf_vector: release message-key@0x557c468cd410 | test_prf_vector: release key-key@0x557c468d13f0 | test_prf_vector: release output-key@NULL RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0xf0dafee895db30253761103b5d84528f" | decode_to_chunk: output: | f0 da fe e8 95 db 30 25 37 61 10 3b 5d 84 52 8f | PRF chunk interface PRF aes_xcbc init key-chunk@0x557c468d0750 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a9b0 | result: key-key@0x557c468cd410 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x557c468cd410 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a998 | result: key-key@0x557c468d13f0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x557c468cd410 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x557c468d13f0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a978 | result: key-key@0x557c468cd410 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x557c468d13f0 | PRF chunk interface PRF aes_xcbc crypt-prf@0x557c468cbbe0 | PRF chunk interface PRF aes_xcbc update message-bytes@0x557c468d5de0 (length 1000) | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 | K extracting all 16 bytes of key@0x557c468cd410 | K: symkey-key@0x557c468cd410 (16-bytes, AES_ECB) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x557c468d1160 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540028960: 0c 43 ffffffd6 31 ffffffd8 ffffffb4 65 ffffff82 48 fffffff0 ffffff96 ffffff8e 3d ffffff8b ffffffbb 3e | K: release slot-key-key@0x557c468d1160 | K extracted len 16 bytes at 0x557c468d11f0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a910 | result: k1-key@0x557c468d2ce0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x557c468d2ce0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a8f8 | result: k1-key@0x557c468d13f0 (16-bytes, AES_ECB) | k1: release tmp-key@0x557c468d2ce0 | Computing E[63] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 5c 88 af cc 1e 1e 83 fc c4 2c 0c e4 12 12 f5 17 | XCBC: M[n] 00 00 00 00 00 00 00 00 | XCBC: M[n] 00 00 00 00 00 00 00 00 | XCBC: M[n]:80...^E[n-1]^K3 | 9d 2f 04 6d bc 24 17 fa 1c 2b ac 68 da fc 25 79 | XCBC: MAC f0 da fe e8 95 db 30 25 37 61 10 3b 5d 84 52 8f | xcbc: release k1-key@0x557c468d13f0 | PRF chunk interface: release key-key@0x557c468cd410 | PRF chunk interface PRF aes_xcbc final-chunk@0x557c468d0800 (length 16) | f0 da fe e8 95 db 30 25 37 61 10 3b 5d 84 52 8f | chunk output f0 da fe e8 95 db 30 25 37 61 10 3b 5d 84 52 8f | verify_chunk_data: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input: ok | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5aa20 | result: key symkey-key@0x557c468d13f0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x557c468d13f0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5aa08 | result: key symkey-key@0x557c468cd410 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x557c468d13f0 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x557c468cd410 (size 16) | PRF symkey interface: key symkey-key@0x557c468cd410 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x557c468cd410 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a9a8 | result: key symkey-key@0x557c468d13f0 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x557c468d0510 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5aa20 | result: message symkey-key@0x557c468cec90 (1016-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 1000 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 1000-bytes | base: base-key@0x557c468cec90 (1016-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5aa08 | result: message symkey-key@0x557c468d2ce0 (1000-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x557c468cec90 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x557c468d2ce0 (size 1000) | PRF symkey interface: symkey message-key@0x557c468d2ce0 (1000-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 1000 bytes of key@0x557c468d2ce0 | symkey message: symkey-key@0x557c468d2ce0 (1000-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x557c468d1160 (1000-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 1008 | wrapper: (SECItemType)1928701440: ffffff85 ffffffcb ffffffb3 71 fffffff4 75 00 ffffffe4 11 ffffffdb ffffffbb ffffff84 4b 36 ffffffc2 ffffffc2 ffffff85 ffffffcb ffffffb3 71 fffffff4 75 00 ffffffe4 11 ffffffdb ffffffbb ffffff84 4b 36 ffffffc2 ffffffc2 ffffff85 ffffffcb ffffffb3 71 fffffff4 75 00 ffffffe4 11 ffffffdb ffffffbb ffffff84 4b 36 ffffffc2 ffffffc2 ffffff85 ffffffcb ffffffb3 71 fffffff4 75 00 ffffffe4 11 ffffffdb ffffffbb ffffff84 4b 36 ffffffc2 ffffffc2 ffffff85 ffffffcb ffffffb3 71 fffffff4 75 00 ffffffe4 11 ffffffdb ffffffbb ffffff84 4b 36 ffffffc2 ffffffc2 ffffff85 ffffffcb ffffffb3 71 fffffff4 75 00 ffffffe4 11 ffffffdb ffffffbb ffffff84 4b 36 ffffffc2 ffffffc2 ffffff85 ffffffcb ffffffb3 71 fffffff4 75 00 ffffffe4 11 ffffffdb ffffffbb ffffff84 4b 36 ffffffc2 ffffffc2 ffffff85 ffffffcb ffffffb3 71 fffffff4 75 00 ffffffe4 11 ffffffdb ffffffbb ffffff84 4b 36 ffffffc2 ffffffc2 ffffff85 ffffffcb ffffffb3 71 fffffff4 75 00 ffffffe4 11 ffffffdb ffffffbb ffffff84 | symkey message: release slot-key-key@0x557c468d1160 | symkey message extracted len 1008 bytes at 0x557c468d7b90 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 | K extracting all 16 bytes of key@0x557c468d13f0 | K: symkey-key@0x557c468d13f0 (16-bytes, AES_ECB) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x557c468d1160 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: 0c 43 ffffffd6 31 ffffffd8 ffffffb4 65 ffffff82 48 fffffff0 ffffff96 ffffff8e 3d ffffff8b ffffffbb 3e | K: release slot-key-key@0x557c468d1160 | K extracted len 16 bytes at 0x557c468cbcd0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a930 | result: k1-key@0x557c468d4560 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x557c468d4560 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a918 | result: k1-key@0x557c468cec90 (16-bytes, AES_ECB) | k1: release tmp-key@0x557c468d4560 | Computing E[63] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 5c 88 af cc 1e 1e 83 fc c4 2c 0c e4 12 12 f5 17 | XCBC: M[n] 00 00 00 00 00 00 00 00 | XCBC: M[n] 00 00 00 00 00 00 00 00 | XCBC: M[n]:80...^E[n-1]^K3 | 9d 2f 04 6d bc 24 17 fa 1c 2b ac 68 da fc 25 79 | XCBC: MAC f0 da fe e8 95 db 30 25 37 61 10 3b 5d 84 52 8f | xcbc: release k1-key@0x557c468cec90 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a9c0 | result: xcbc-key@0x557c468d4560 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x557c468d4560 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a9a8 | result: xcbc-key@0x557c468cec90 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x557c468d4560 | PRF symkey interface: release key-key@0x557c468d13f0 | PRF symkey interface PRF aes_xcbc final-key@0x557c468cec90 (size 16) | PRF symkey interface: key-key@0x557c468cec90 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x557c468cec90 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input extracting all 16 bytes of key@0x557c468cec90 | RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input: symkey-key@0x557c468cec90 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input: new slot-key@0x557c468d1160 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1149555161: ffffff80 ffffffcc 50 ffffffa9 ffffffb4 12 1e ffffffe5 64 ffffffa5 7a 42 ffffff88 4e ffffffba ffffffc6 | RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input: release slot-key-key@0x557c468d1160 | RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input extracted len 16 bytes at 0x557c468cbcd0 | unwrapped: f0 da fe e8 95 db 30 25 37 61 10 3b 5d 84 52 8f | verify_chunk_data: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input: ok | test_prf_vector: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input passed | test_prf_vector: release symkey-key@0x557c468cec90 | test_prf_vector: release message-key@0x557c468d2ce0 | test_prf_vector: release key-key@0x557c468cd410 | test_prf_vector: release output-key@NULL RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f10111213" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | decode_to_chunk: test_prf_vector: input "0x47f51b4564966215b8985c63055ed308" | decode_to_chunk: output: | 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | PRF chunk interface PRF aes_xcbc init key-chunk@0x557c468d0510 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a9b0 | result: key-key@0x557c468d2ce0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x557c468d2ce0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a998 | result: key-key@0x557c468cd410 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x557c468d2ce0 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x557c468cd410 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a978 | result: key-key@0x557c468d2ce0 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x557c468cd410 | PRF chunk interface PRF aes_xcbc crypt-prf@0x557c468d0530 | PRF chunk interface PRF aes_xcbc update message-bytes@0x557c468cbcd0 (length 20) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x557c468d2ce0 | K: symkey-key@0x557c468d2ce0 (16-bytes, AES_ECB) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x557c468d1160 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540618784: 0c 43 ffffffd6 31 ffffffd8 ffffffb4 65 ffffff82 48 fffffff0 ffffff96 ffffff8e 3d ffffff8b ffffffbb 3e | K: release slot-key-key@0x557c468d1160 | K extracted len 16 bytes at 0x557c468d07b0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a910 | result: k1-key@0x557c468cec90 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x557c468cec90 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a8f8 | result: k1-key@0x557c468cd410 (16-bytes, AES_ECB) | k1: release tmp-key@0x557c468cec90 | Computing E[2] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 1d 04 48 fa cf 4d 9c 6f 55 b9 93 da 09 80 3d b3 | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | cc b2 f1 48 ed 77 08 69 0d be 33 56 c1 6e ed dd | XCBC: MAC 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | xcbc: release k1-key@0x557c468cd410 | PRF chunk interface: release key-key@0x557c468d2ce0 | PRF chunk interface PRF aes_xcbc final-chunk@0x557c468d0960 (length 16) | 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | chunk output 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | verify_chunk_data: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16): ok | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5aa20 | result: key symkey-key@0x557c468cd410 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x557c468cd410 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5aa08 | result: key symkey-key@0x557c468d2ce0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x557c468cd410 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x557c468d2ce0 (size 16) | PRF symkey interface: key symkey-key@0x557c468d2ce0 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x557c468d2ce0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a9a8 | result: key symkey-key@0x557c468cd410 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x557c468d0730 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5aa20 | result: message symkey-key@0x557c468d13f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x557c468d13f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5aa08 | result: message symkey-key@0x557c468cec90 (20-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x557c468d13f0 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x557c468cec90 (size 20) | PRF symkey interface: symkey message-key@0x557c468cec90 (20-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 20 bytes of key@0x557c468cec90 | symkey message: symkey-key@0x557c468cec90 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1928701440: 0c 43 ffffffd6 31 ffffffd8 ffffffb4 65 ffffff82 48 fffffff0 ffffff96 ffffff8e 3d ffffff8b ffffffbb 3e ffffffe0 3b 59 fffffffd ffffff95 0d 57 6c ffffff90 ffffffb0 ffffff9d 05 ffffffbb ffffffd0 63 00 | symkey message: release slot-key-key@0x557c468d1160 | symkey message extracted len 32 bytes at 0x557c468d1240 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: 10 11 12 13 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x557c468cd410 | K: symkey-key@0x557c468cd410 (16-bytes, AES_ECB) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x557c468d1160 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: 0c 43 ffffffd6 31 ffffffd8 ffffffb4 65 ffffff82 48 fffffff0 ffffff96 ffffff8e 3d ffffff8b ffffffbb 3e | K: release slot-key-key@0x557c468d1160 | K extracted len 16 bytes at 0x557c468d0800 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a930 | result: k1-key@0x557c468d4560 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x557c468d4560 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a918 | result: k1-key@0x557c468d13f0 (16-bytes, AES_ECB) | k1: release tmp-key@0x557c468d4560 | Computing E[2] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 1d 04 48 fa cf 4d 9c 6f 55 b9 93 da 09 80 3d b3 | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | cc b2 f1 48 ed 77 08 69 0d be 33 56 c1 6e ed dd | XCBC: MAC 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | xcbc: release k1-key@0x557c468d13f0 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a9c0 | result: xcbc-key@0x557c468d4560 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x557c468d4560 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a9a8 | result: xcbc-key@0x557c468d13f0 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x557c468d4560 | PRF symkey interface: release key-key@0x557c468cd410 | PRF symkey interface PRF aes_xcbc final-key@0x557c468d13f0 (size 16) | PRF symkey interface: key-key@0x557c468d13f0 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x557c468d13f0 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) extracting all 16 bytes of key@0x557c468d13f0 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16): symkey-key@0x557c468d13f0 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16): new slot-key@0x557c468d1160 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1149555161: ffffffb8 ffffffe1 ffffff8a 5f ffffffd4 fffffff9 3f 48 ffffffad ffffffe2 1c 51 6c 48 7a 27 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16): release slot-key-key@0x557c468d1160 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) extracted len 16 bytes at 0x557c468d0960 | unwrapped: 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | verify_chunk_data: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16): ok | test_prf_vector: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) passed | test_prf_vector: release symkey-key@0x557c468d13f0 | test_prf_vector: release message-key@0x557c468cec90 | test_prf_vector: release key-key@0x557c468d2ce0 | test_prf_vector: release output-key@NULL RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) | decode_to_chunk: test_prf_vector: input "0x00010203040506070809" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f10111213" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | decode_to_chunk: test_prf_vector: input "0x0fa087af7d866e7653434e602fdde835" | decode_to_chunk: output: | 0f a0 87 af 7d 86 6e 76 53 43 4e 60 2f dd e8 35 | PRF chunk interface PRF aes_xcbc init key-chunk@0x557c468d07b0 (length 10) | 00 01 02 03 04 05 06 07 08 09 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a9b0 | result: key-key@0x557c468cec90 (26-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 10 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 10-bytes | base: base-key@0x557c468cec90 (26-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a998 | result: key-key@0x557c468d2ce0 (10-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x557c468cec90 | XCBC: Key 10<16 too small, padding with zeros | xcbc: reference tmp-key@0x557c468d2ce0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c468d2ce0 (10-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff72f5a950 | result: tmp+=0-key@0x557c468cec90 (16-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x557c468d2ce0 | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x557c468cec90 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a978 | result: PRF chunk interface-key@0x557c468d13f0 (16-bytes, AES_ECB) | PRF chunk interface: release tmp-key@0x557c468cec90 | PRF chunk interface: release clone-key@0x557c468d2ce0 | PRF chunk interface PRF aes_xcbc crypt-prf@0x557c468cbbe0 | PRF chunk interface PRF aes_xcbc update message-bytes@0x557c468d0960 (length 20) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x557c468d13f0 | K: symkey-key@0x557c468d13f0 (16-bytes, AES_ECB) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x557c468d1160 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540618784: 22 ffffff81 ffffffe8 ffffff97 08 ffffffdf ffffff99 ffffff81 ffffffb8 ffffff88 ffffffa4 0c ffffffa0 0b 4a 5f | K: release slot-key-key@0x557c468d1160 | K extracted len 16 bytes at 0x557c468d0730 | unwrapped: 00 01 02 03 04 05 06 07 08 09 00 00 00 00 00 00 | XCBC: K: 00 01 02 03 04 05 06 07 08 09 00 00 00 00 00 00 | XCBC: K1 50 ca b2 4d 03 34 45 5e 40 7b 25 0f dd 7c f8 d5 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a910 | result: k1-key@0x557c468cec90 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x557c468cec90 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a8f8 | result: k1-key@0x557c468d2ce0 (16-bytes, AES_ECB) | k1: release tmp-key@0x557c468cec90 | Computing E[2] using K3 | XCBC: K3 8e f7 48 db 56 f1 f7 26 24 72 f2 c5 63 b0 3f 88 | XCBC: E[n-1] fe 1f 63 e9 65 1a 4b bb 3c cc cd 0d cc 83 e4 30 | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | 60 f9 39 21 b3 eb bc 9d 18 be 3f c8 af 33 db b8 | XCBC: MAC 0f a0 87 af 7d 86 6e 76 53 43 4e 60 2f dd e8 35 | xcbc: release k1-key@0x557c468d2ce0 | PRF chunk interface: release key-key@0x557c468d13f0 | PRF chunk interface PRF aes_xcbc final-chunk@0x557c468d0550 (length 16) | 0f a0 87 af 7d 86 6e 76 53 43 4e 60 2f dd e8 35 | chunk output 0f a0 87 af 7d 86 6e 76 53 43 4e 60 2f dd e8 35 | verify_chunk_data: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10): ok | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5aa20 | result: key symkey-key@0x557c468d2ce0 (26-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 10 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 10-bytes | base: base-key@0x557c468d2ce0 (26-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5aa08 | result: key symkey-key@0x557c468d13f0 (10-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x557c468d2ce0 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x557c468d13f0 (size 10) | PRF symkey interface: key symkey-key@0x557c468d13f0 (10-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 10<16 too small, padding with zeros | xcbc: reference tmp-key@0x557c468d13f0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c468d13f0 (10-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff72f5a980 | result: tmp+=0-key@0x557c468d2ce0 (16-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x557c468d13f0 | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x557c468d2ce0 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a9a8 | result: PRF symkey interface-key@0x557c468cec90 (16-bytes, AES_ECB) | PRF symkey interface: release tmp-key@0x557c468d2ce0 | PRF symkey interface PRF aes_xcbc crypt-prf@0x557c468d11f0 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5aa20 | result: message symkey-key@0x557c468cd410 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x557c468cd410 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5aa08 | result: message symkey-key@0x557c468d2ce0 (20-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x557c468cd410 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x557c468d2ce0 (size 20) | PRF symkey interface: symkey message-key@0x557c468d2ce0 (20-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 20 bytes of key@0x557c468d2ce0 | symkey message: symkey-key@0x557c468d2ce0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1928701440: 0c 43 ffffffd6 31 ffffffd8 ffffffb4 65 ffffff82 48 fffffff0 ffffff96 ffffff8e 3d ffffff8b ffffffbb 3e ffffffe0 3b 59 fffffffd ffffff95 0d 57 6c ffffff90 ffffffb0 ffffff9d 05 ffffffbb ffffffd0 63 00 | symkey message: release slot-key-key@0x557c468d1160 | symkey message extracted len 32 bytes at 0x557c468d7f90 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: 10 11 12 13 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x557c468cec90 | K: symkey-key@0x557c468cec90 (16-bytes, AES_ECB) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x557c468d1160 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: 22 ffffff81 ffffffe8 ffffff97 08 ffffffdf ffffff99 ffffff81 ffffffb8 ffffff88 ffffffa4 0c ffffffa0 0b 4a 5f | K: release slot-key-key@0x557c468d1160 | K extracted len 16 bytes at 0x557c468cbda0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 00 00 00 00 00 00 | XCBC: K: 00 01 02 03 04 05 06 07 08 09 00 00 00 00 00 00 | XCBC: K1 50 ca b2 4d 03 34 45 5e 40 7b 25 0f dd 7c f8 d5 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a930 | result: k1-key@0x557c468d4560 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x557c468d4560 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a918 | result: k1-key@0x557c468cd410 (16-bytes, AES_ECB) | k1: release tmp-key@0x557c468d4560 | Computing E[2] using K3 | XCBC: K3 8e f7 48 db 56 f1 f7 26 24 72 f2 c5 63 b0 3f 88 | XCBC: E[n-1] fe 1f 63 e9 65 1a 4b bb 3c cc cd 0d cc 83 e4 30 | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | 60 f9 39 21 b3 eb bc 9d 18 be 3f c8 af 33 db b8 | XCBC: MAC 0f a0 87 af 7d 86 6e 76 53 43 4e 60 2f dd e8 35 | xcbc: release k1-key@0x557c468cd410 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a9c0 | result: xcbc-key@0x557c468d4560 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x557c468d4560 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a9a8 | result: xcbc-key@0x557c468cd410 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x557c468d4560 | PRF symkey interface: release key-key@0x557c468cec90 | PRF symkey interface PRF aes_xcbc final-key@0x557c468cd410 (size 16) | PRF symkey interface: key-key@0x557c468cd410 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x557c468cd410 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) extracting all 16 bytes of key@0x557c468cd410 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10): symkey-key@0x557c468cd410 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10): new slot-key@0x557c468d1160 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1149555161: ffffffc7 51 44 ffffffa6 58 38 17 ffffff81 ffffff92 74 00 ffffffc5 75 06 ffffffc7 43 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10): release slot-key-key@0x557c468d1160 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) extracted len 16 bytes at 0x557c468d0550 | unwrapped: 0f a0 87 af 7d 86 6e 76 53 43 4e 60 2f dd e8 35 | verify_chunk_data: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10): ok | test_prf_vector: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) passed | test_prf_vector: release symkey-key@0x557c468cd410 | test_prf_vector: release message-key@0x557c468d2ce0 | test_prf_vector: release key-key@0x557c468d13f0 | test_prf_vector: release output-key@NULL RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0fedcb" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | ed cb | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f10111213" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | decode_to_chunk: test_prf_vector: input "0x8cd3c93ae598a9803006ffb67c40e9e4" | decode_to_chunk: output: | 8c d3 c9 3a e5 98 a9 80 30 06 ff b6 7c 40 e9 e4 | PRF chunk interface PRF aes_xcbc init key-chunk@0x557c468d0730 (length 18) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | ed cb | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a9b0 | result: key-key@0x557c468d2ce0 (34-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 18 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 18-bytes | base: base-key@0x557c468d2ce0 (34-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a998 | result: key-key@0x557c468d13f0 (18-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x557c468d2ce0 | XCBC: Key 18>16 too big, rehashing to size | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a950 | result: key-key@0x557c468cd410 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x557c468cd410 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a938 | result: key-key@0x557c468d2ce0 (16-bytes, AES_ECB) | key: release tmp-key@0x557c468cd410 | key extracting all 18 bytes of key@0x557c468d13f0 | key: symkey-key@0x557c468d13f0 (18-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | key: new slot-key@0x557c468d1160 (18-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1701522796: 0c 43 ffffffd6 31 ffffffd8 ffffffb4 65 ffffff82 48 fffffff0 ffffff96 ffffff8e 3d ffffff8b ffffffbb 3e 5a ffffffd8 ffffff9b 7a ffffff96 ffffffef ffffffe0 ffffff84 ffffffdb 23 2b ffffff9b 01 2b 66 73 | key: release slot-key-key@0x557c468d1160 | key extracted len 32 bytes at 0x557c468d0dc0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: ed cb 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data ed cb | K extracting all 16 bytes of key@0x557c468d2ce0 | K: symkey-key@0x557c468d2ce0 (16-bytes, AES_ECB) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x557c468d1160 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)808460336: ffffff85 ffffffcb ffffffb3 71 fffffff4 75 00 ffffffe4 11 ffffffdb ffffffbb ffffff84 4b 36 ffffffc2 ffffffc2 | K: release slot-key-key@0x557c468d1160 | K extracted len 16 bytes at 0x557c468d0750 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: K: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: K1 e1 4d 5d 0e e2 77 15 df 08 b4 15 2b a2 3d a8 e0 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a8d0 | result: k1-key@0x557c468cec90 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x557c468cec90 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a8b8 | result: k1-key@0x557c468cd410 (16-bytes, AES_ECB) | k1: release tmp-key@0x557c468cec90 | Computing E[2] using K3 | XCBC: K3 8d 34 ef cb 3b d5 45 ca 06 2a ec df ef 7c 0b fa | XCBC: E[n-1] 0b 72 b2 ae 0a 37 79 81 75 6a d5 9c 79 c0 e6 96 | XCBC: M[n] ed cb | XCBC: M[n] ed cb | XCBC: M[n]:80...^E[n-1]^K3 | 6b 8d dd 65 31 e2 3c 4b 73 40 39 43 96 bc ed 6c | XCBC: MAC 5d 93 a5 3b 80 a3 e4 06 90 d2 4c ea e1 44 9c 0e | xcbc: release k1-key@0x557c468cd410 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a950 | result: key-key@0x557c468cec90 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x557c468cec90 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a938 | result: key-key@0x557c468cd410 (16-bytes, AES_ECB) | key: release tmp-key@0x557c468cec90 | PRF chunk interface: release clone-key@0x557c468d13f0 | PRF chunk interface PRF aes_xcbc crypt-prf@0x557c468cbbe0 | PRF chunk interface PRF aes_xcbc update message-bytes@0x557c468d0550 (length 20) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x557c468cd410 | K: symkey-key@0x557c468cd410 (16-bytes, AES_ECB) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x557c468d1160 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540618784: 57 fffffff0 69 ffffffa2 16 ffffff88 66 59 ffffffb2 5e 55 ffffffc3 40 ffffffa3 ffffffb2 01 | K: release slot-key-key@0x557c468d1160 | K extracted len 16 bytes at 0x557c468d0800 | unwrapped: 5d 93 a5 3b 80 a3 e4 06 90 d2 4c ea e1 44 9c 0e | XCBC: K: 5d 93 a5 3b 80 a3 e4 06 90 d2 4c ea e1 44 9c 0e | XCBC: K1 27 f3 88 2f b7 b9 4b a4 16 36 09 d5 d2 39 c5 7f | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a910 | result: k1-key@0x557c468cec90 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x557c468cec90 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a8f8 | result: k1-key@0x557c468d13f0 (16-bytes, AES_ECB) | k1: release tmp-key@0x557c468cec90 | Computing E[2] using K3 | XCBC: K3 50 9e d8 ae 74 5a 75 4c 93 4d 6c 91 98 fe e2 1b | XCBC: E[n-1] ec 26 f6 dd e8 bb 1b d1 ec 76 c4 91 78 37 ca 4b | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | ac a9 3c 60 1c e1 6e 9d 7f 3b a8 00 e0 c9 28 50 | XCBC: MAC 8c d3 c9 3a e5 98 a9 80 30 06 ff b6 7c 40 e9 e4 | xcbc: release k1-key@0x557c468d13f0 | PRF chunk interface: release key-key@0x557c468cd410 | PRF chunk interface PRF aes_xcbc final-chunk@0x557c468d11f0 (length 16) | 8c d3 c9 3a e5 98 a9 80 30 06 ff b6 7c 40 e9 e4 | chunk output 8c d3 c9 3a e5 98 a9 80 30 06 ff b6 7c 40 e9 e4 | verify_chunk_data: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18): ok | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5aa20 | result: key symkey-key@0x557c468d13f0 (34-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 18 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 18-bytes | base: base-key@0x557c468d13f0 (34-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5aa08 | result: key symkey-key@0x557c468cd410 (18-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x557c468d13f0 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x557c468cd410 (size 18) | PRF symkey interface: key symkey-key@0x557c468cd410 (18-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 18>16 too big, rehashing to size | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a980 | result: key symkey-key@0x557c468cec90 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x557c468cec90 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a968 | result: key symkey-key@0x557c468d13f0 (16-bytes, AES_ECB) | key symkey: release tmp-key@0x557c468cec90 | key symkey extracting all 18 bytes of key@0x557c468cd410 | key symkey: symkey-key@0x557c468cd410 (18-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | key symkey: new slot-key@0x557c468d1160 (18-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1701522796: 0c 43 ffffffd6 31 ffffffd8 ffffffb4 65 ffffff82 48 fffffff0 ffffff96 ffffff8e 3d ffffff8b ffffffbb 3e 5a ffffffd8 ffffff9b 7a ffffff96 ffffffef ffffffe0 ffffff84 ffffffdb 23 2b ffffff9b 01 2b 66 73 | key symkey: release slot-key-key@0x557c468d1160 | key symkey extracted len 32 bytes at 0x557c468d0dc0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: ed cb 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data ed cb | K extracting all 16 bytes of key@0x557c468d13f0 | K: symkey-key@0x557c468d13f0 (16-bytes, AES_ECB) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x557c468d1160 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)808460336: ffffff85 ffffffcb ffffffb3 71 fffffff4 75 00 ffffffe4 11 ffffffdb ffffffbb ffffff84 4b 36 ffffffc2 ffffffc2 | K: release slot-key-key@0x557c468d1160 | K extracted len 16 bytes at 0x557c468cbda0 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: K: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: K1 e1 4d 5d 0e e2 77 15 df 08 b4 15 2b a2 3d a8 e0 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a900 | result: k1-key@0x557c468d4560 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x557c468d4560 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a8e8 | result: k1-key@0x557c468cec90 (16-bytes, AES_ECB) | k1: release tmp-key@0x557c468d4560 | Computing E[2] using K3 | XCBC: K3 8d 34 ef cb 3b d5 45 ca 06 2a ec df ef 7c 0b fa | XCBC: E[n-1] 0b 72 b2 ae 0a 37 79 81 75 6a d5 9c 79 c0 e6 96 | XCBC: M[n] ed cb | XCBC: M[n] ed cb | XCBC: M[n]:80...^E[n-1]^K3 | 6b 8d dd 65 31 e2 3c 4b 73 40 39 43 96 bc ed 6c | XCBC: MAC 5d 93 a5 3b 80 a3 e4 06 90 d2 4c ea e1 44 9c 0e | xcbc: release k1-key@0x557c468cec90 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a980 | result: key symkey-key@0x557c468d4560 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x557c468d4560 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a968 | result: key symkey-key@0x557c468cec90 (16-bytes, AES_ECB) | key symkey: release tmp-key@0x557c468d4560 | PRF symkey interface PRF aes_xcbc crypt-prf@0x557c468d0960 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5aa20 | result: message symkey-key@0x557c468d7990 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x557c468d7990 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5aa08 | result: message symkey-key@0x557c468d4560 (20-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x557c468d7990 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x557c468d4560 (size 20) | PRF symkey interface: symkey message-key@0x557c468d4560 (20-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 20 bytes of key@0x557c468d4560 | symkey message: symkey-key@0x557c468d4560 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1928701440: 0c 43 ffffffd6 31 ffffffd8 ffffffb4 65 ffffff82 48 fffffff0 ffffff96 ffffff8e 3d ffffff8b ffffffbb 3e ffffffe0 3b 59 fffffffd ffffff95 0d 57 6c ffffff90 ffffffb0 ffffff9d 05 ffffffbb ffffffd0 63 00 | symkey message: release slot-key-key@0x557c468d1160 | symkey message extracted len 32 bytes at 0x557c468d0dc0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: 10 11 12 13 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x557c468cec90 | K: symkey-key@0x557c468cec90 (16-bytes, AES_ECB) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x557c468d1160 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: 57 fffffff0 69 ffffffa2 16 ffffff88 66 59 ffffffb2 5e 55 ffffffc3 40 ffffffa3 ffffffb2 01 | K: release slot-key-key@0x557c468d1160 | K extracted len 16 bytes at 0x557c468cbbe0 | unwrapped: 5d 93 a5 3b 80 a3 e4 06 90 d2 4c ea e1 44 9c 0e | XCBC: K: 5d 93 a5 3b 80 a3 e4 06 90 d2 4c ea e1 44 9c 0e | XCBC: K1 27 f3 88 2f b7 b9 4b a4 16 36 09 d5 d2 39 c5 7f | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a930 | result: k1-key@0x557c468d9650 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x557c468d9650 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a918 | result: k1-key@0x557c468d7990 (16-bytes, AES_ECB) | k1: release tmp-key@0x557c468d9650 | Computing E[2] using K3 | XCBC: K3 50 9e d8 ae 74 5a 75 4c 93 4d 6c 91 98 fe e2 1b | XCBC: E[n-1] ec 26 f6 dd e8 bb 1b d1 ec 76 c4 91 78 37 ca 4b | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | ac a9 3c 60 1c e1 6e 9d 7f 3b a8 00 e0 c9 28 50 | XCBC: MAC 8c d3 c9 3a e5 98 a9 80 30 06 ff b6 7c 40 e9 e4 | xcbc: release k1-key@0x557c468d7990 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a9c0 | result: xcbc-key@0x557c468d9650 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x557c468d9650 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a9a8 | result: xcbc-key@0x557c468d7990 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x557c468d9650 | PRF symkey interface: release key-key@0x557c468cec90 | PRF symkey interface PRF aes_xcbc final-key@0x557c468d7990 (size 16) | PRF symkey interface: key-key@0x557c468d7990 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x557c468d7990 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) extracting all 16 bytes of key@0x557c468d7990 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18): symkey-key@0x557c468d7990 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18): new slot-key@0x557c468d1160 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1149555161: 7e 26 ffffff9a ffffffa0 43 4b ffffffa5 ffffffb8 ffffffac 38 ffffff94 fffffff5 fffffff0 ffffffbe 28 39 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18): release slot-key-key@0x557c468d1160 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) extracted len 16 bytes at 0x557c468d0750 | unwrapped: 8c d3 c9 3a e5 98 a9 80 30 06 ff b6 7c 40 e9 e4 | verify_chunk_data: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18): ok | test_prf_vector: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) passed | test_prf_vector: release symkey-key@0x557c468d7990 | test_prf_vector: release message-key@0x557c468d4560 | test_prf_vector: release key-key@0x557c468cd410 | test_prf_vector: release output-key@NULL testing HMAC_MD5: RFC 2104: MD5_HMAC test 1 | decode_to_chunk: test_prf_vector: input "0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b" | decode_to_chunk: output: | 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b | decode_to_chunk: test_prf_vector: input "Hi There" | decode_to_chunk: output: | 48 69 20 54 68 65 72 65 | decode_to_chunk: test_prf_vector: input "0x9294727a3638bb1c13f48ef8158bfc9d" | decode_to_chunk: output: | 92 94 72 7a 36 38 bb 1c 13 f4 8e f8 15 8b fc 9d | PRF chunk interface PRF md5 init key-chunk@0x557c468d0960 (length 16) | 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a9a0 | result: PRF chunk interface-key@0x557c468d4560 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x557c468d4560 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a988 | result: PRF chunk interface-key@0x557c468cd410 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF chunk interface: release tmp-key@0x557c468d4560 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c468cd410 (16-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff72f5a8e0 | result: trimed key-key@0x557c468d4560 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x557c468cd410 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x557c468d4560 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff72f5a920 | result: result-key@0x557c468cd410 (64-bytes, CONCATENATE_BASE_AND_DATA) | PRF chunk interface PRF md5 crypt-prf@0x557c468d07b0 | PRF chunk interface PRF md5 update message-bytes@0x557c468d0750 (length 8) | 48 69 20 54 68 65 72 65 | CONCATENATE_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x557c468cd410 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 16-bytes@0x7fff72f5aa10 | result: message-key@0x557c468d7990 (72-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_bytes: release lhs-key@0x557c468cd410 | PRF HMAC inner hash hash md5 inner-key@0x557c468d7990 (size 72) | PRF HMAC inner hash hash md5 init | PRF HMAC inner hash hash md5 digest inner-key@0x557c468d7990 (size 72) | PRF HMAC inner hash: inner-key@0x557c468d7990 (72-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC inner hash hash md5 final chunk@0x557c468d1480 (length 16) | 90 1d 23 73 2e dc c0 f1 a1 06 53 2f 6b e5 ec eb | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a8a0 | result: PRF HMAC inner hash-key@0x557c468cec90 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x557c468cec90 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a888 | result: PRF HMAC inner hash-key@0x557c468cd410 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC inner hash: release tmp-key@0x557c468cec90 | PRF chunk interface: release inner-key@0x557c468d7990 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x557c468d4560 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff72f5a910 | result: result-key@0x557c468d7990 (64-bytes, CONCATENATE_BASE_AND_DATA) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x557c468d7990 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7fff72f5a8f8 | result: result-key@0x557c468cec90 (80-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x557c468d7990 | PRF chunk interface: release hashed-inner-key@0x557c468cd410 | PRF chunk interface: release key-key@0x557c468d4560 | PRF HMAC outer hash hash md5 init | PRF HMAC outer hash hash md5 digest outer-key@0x557c468cec90 (size 80) | PRF HMAC outer hash: outer-key@0x557c468cec90 (80-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC outer hash hash md5 final bytes@0x557c468cbbe0 (length 16) | 92 94 72 7a 36 38 bb 1c 13 f4 8e f8 15 8b fc 9d | PRF chunk interface: release outer-key@0x557c468cec90 | PRF chunk interface PRF md5 final-chunk@0x557c468cbbe0 (length 16) | 92 94 72 7a 36 38 bb 1c 13 f4 8e f8 15 8b fc 9d | chunk output 92 94 72 7a 36 38 bb 1c 13 f4 8e f8 15 8b fc 9d | verify_chunk_data: RFC 2104: MD5_HMAC test 1: ok | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5aa20 | result: key symkey-key@0x557c468d4560 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x557c468d4560 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5aa08 | result: key symkey-key@0x557c468cec90 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x557c468d4560 | PRF symkey interface PRF md5 init key symkey-key@0x557c468cec90 (size 16) | PRF symkey interface: key symkey-key@0x557c468cec90 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF symkey interface: reference key-key@0x557c468cec90 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c468cec90 (16-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff72f5a8e0 | result: trimed key-key@0x557c468d4560 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x557c468cec90 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x557c468d4560 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff72f5a920 | result: result-key@0x557c468cd410 (64-bytes, CONCATENATE_BASE_AND_DATA) | PRF symkey interface PRF md5 crypt-prf@0x557c468d11f0 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5aa20 | result: message symkey-key@0x557c468d9650 (24-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 8 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 8-bytes | base: base-key@0x557c468d9650 (24-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5aa08 | result: message symkey-key@0x557c468d7990 (8-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x557c468d9650 | PRF symkey interface PRF md5 update symkey message-key@0x557c468d7990 (size 8) | PRF symkey interface: symkey message-key@0x557c468d7990 (8-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x557c468cd410 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7fff72f5aa38 | result: result-key@0x557c468d9650 (72-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x557c468cd410 | PRF HMAC inner hash hash md5 inner-key@0x557c468d9650 (size 72) | PRF HMAC inner hash hash md5 init | PRF HMAC inner hash hash md5 digest inner-key@0x557c468d9650 (size 72) | PRF HMAC inner hash: inner-key@0x557c468d9650 (72-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC inner hash hash md5 final chunk@0x557c468d0550 (length 16) | 90 1d 23 73 2e dc c0 f1 a1 06 53 2f 6b e5 ec eb | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a8c0 | result: PRF HMAC inner hash-key@0x557c468dafb0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x557c468dafb0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a8a8 | result: PRF HMAC inner hash-key@0x557c468cd410 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC inner hash: release tmp-key@0x557c468dafb0 | PRF symkey interface: release inner-key@0x557c468d9650 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x557c468d4560 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff72f5a930 | result: result-key@0x557c468d9650 (64-bytes, CONCATENATE_BASE_AND_DATA) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x557c468d9650 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7fff72f5a918 | result: result-key@0x557c468dafb0 (80-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x557c468d9650 | PRF symkey interface: release hashed-inner-key@0x557c468cd410 | PRF symkey interface: release key-key@0x557c468d4560 | PRF HMAC outer hash hash md5 outer-key@0x557c468dafb0 (size 80) | PRF HMAC outer hash hash md5 init | PRF HMAC outer hash hash md5 digest outer-key@0x557c468dafb0 (size 80) | PRF HMAC outer hash: outer-key@0x557c468dafb0 (80-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC outer hash hash md5 final chunk@0x557c468d1480 (length 16) | 92 94 72 7a 36 38 bb 1c 13 f4 8e f8 15 8b fc 9d | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a980 | result: PRF HMAC outer hash-key@0x557c468cd410 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x557c468cd410 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a968 | result: PRF HMAC outer hash-key@0x557c468d4560 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC outer hash: release tmp-key@0x557c468cd410 | PRF symkey interface: release outer-key@0x557c468dafb0 | : hashed-outer-key@0x557c468d4560 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF symkey interface PRF md5 final-key@0x557c468d4560 (size 16) | PRF symkey interface: key-key@0x557c468d4560 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x557c468d4560 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 2104: MD5_HMAC test 1 extracting all 16 bytes of key@0x557c468d4560 | RFC 2104: MD5_HMAC test 1: symkey-key@0x557c468d4560 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | RFC 2104: MD5_HMAC test 1: new slot-key@0x557c468d1160 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1149555161: ffffffae ffffffde ffffffcd ffffff8f 2e ffffffc1 58 4e 05 ffffff81 ffffffd9 fffffffc ffffffde 7c 01 fffffff1 | RFC 2104: MD5_HMAC test 1: release slot-key-key@0x557c468d1160 | RFC 2104: MD5_HMAC test 1 extracted len 16 bytes at 0x557c468d0550 | unwrapped: 92 94 72 7a 36 38 bb 1c 13 f4 8e f8 15 8b fc 9d | verify_chunk_data: RFC 2104: MD5_HMAC test 1: ok | test_prf_vector: RFC 2104: MD5_HMAC test 1 passed | test_prf_vector: release symkey-key@0x557c468d4560 | test_prf_vector: release message-key@0x557c468d7990 | test_prf_vector: release key-key@0x557c468cec90 | test_prf_vector: release output-key@NULL RFC 2104: MD5_HMAC test 2 | decode_to_chunk: test_prf_vector: input "Jefe" | decode_to_chunk: output: | 4a 65 66 65 | decode_to_chunk: test_prf_vector: input "what do ya want for nothing?" | decode_to_chunk: output: | 77 68 61 74 20 64 6f 20 79 61 20 77 61 6e 74 20 | 66 6f 72 20 6e 6f 74 68 69 6e 67 3f | decode_to_chunk: test_prf_vector: input "0x750c783e6ab0b503eaa86e310a5db738" | decode_to_chunk: output: | 75 0c 78 3e 6a b0 b5 03 ea a8 6e 31 0a 5d b7 38 | PRF chunk interface PRF md5 init key-chunk@0x557c468d11f0 (length 4) | 4a 65 66 65 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a9a0 | result: PRF chunk interface-key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 4 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 4-bytes | base: base-key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a988 | result: PRF chunk interface-key@0x557c468cec90 (4-bytes, EXTRACT_KEY_FROM_KEY) | PRF chunk interface: release tmp-key@0x557c468d7990 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c468cec90 (4-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff72f5a8e0 | result: trimed key-key@0x557c468d7990 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x557c468cec90 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x557c468d7990 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff72f5a920 | result: result-key@0x557c468cec90 (64-bytes, CONCATENATE_BASE_AND_DATA) | PRF chunk interface PRF md5 crypt-prf@0x557c468d1480 | PRF chunk interface PRF md5 update message-bytes@0x557c468d0dc0 (length 28) | 77 68 61 74 20 64 6f 20 79 61 20 77 61 6e 74 20 | 66 6f 72 20 6e 6f 74 68 69 6e 67 3f | CONCATENATE_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x557c468cec90 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 16-bytes@0x7fff72f5aa10 | result: message-key@0x557c468d4560 (92-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_bytes: release lhs-key@0x557c468cec90 | PRF HMAC inner hash hash md5 inner-key@0x557c468d4560 (size 92) | PRF HMAC inner hash hash md5 init | PRF HMAC inner hash hash md5 digest inner-key@0x557c468d4560 (size 92) | PRF HMAC inner hash: inner-key@0x557c468d4560 (92-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC inner hash hash md5 final chunk@0x557c468cbcd0 (length 16) | c3 db 14 c0 65 f5 52 03 b0 33 c8 1a 69 7b 97 c5 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a8a0 | result: PRF HMAC inner hash-key@0x557c468dafb0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x557c468dafb0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a888 | result: PRF HMAC inner hash-key@0x557c468cec90 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC inner hash: release tmp-key@0x557c468dafb0 | PRF chunk interface: release inner-key@0x557c468d4560 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x557c468d7990 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff72f5a910 | result: result-key@0x557c468d4560 (64-bytes, CONCATENATE_BASE_AND_DATA) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x557c468d4560 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7fff72f5a8f8 | result: result-key@0x557c468dafb0 (80-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x557c468d4560 | PRF chunk interface: release hashed-inner-key@0x557c468cec90 | PRF chunk interface: release key-key@0x557c468d7990 | PRF HMAC outer hash hash md5 init | PRF HMAC outer hash hash md5 digest outer-key@0x557c468dafb0 (size 80) | PRF HMAC outer hash: outer-key@0x557c468dafb0 (80-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC outer hash hash md5 final bytes@0x557c468d97b0 (length 16) | 75 0c 78 3e 6a b0 b5 03 ea a8 6e 31 0a 5d b7 38 | PRF chunk interface: release outer-key@0x557c468dafb0 | PRF chunk interface PRF md5 final-chunk@0x557c468d97b0 (length 16) | 75 0c 78 3e 6a b0 b5 03 ea a8 6e 31 0a 5d b7 38 | chunk output 75 0c 78 3e 6a b0 b5 03 ea a8 6e 31 0a 5d b7 38 | verify_chunk_data: RFC 2104: MD5_HMAC test 2: ok | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5aa20 | result: key symkey-key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 4 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 4-bytes | base: base-key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5aa08 | result: key symkey-key@0x557c468dafb0 (4-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x557c468d7990 | PRF symkey interface PRF md5 init key symkey-key@0x557c468dafb0 (size 4) | PRF symkey interface: key symkey-key@0x557c468dafb0 (4-bytes, EXTRACT_KEY_FROM_KEY) | PRF symkey interface: reference key-key@0x557c468dafb0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c468dafb0 (4-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff72f5a8e0 | result: trimed key-key@0x557c468d7990 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x557c468dafb0 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x557c468d7990 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff72f5a920 | result: result-key@0x557c468cec90 (64-bytes, CONCATENATE_BASE_AND_DATA) | PRF symkey interface PRF md5 crypt-prf@0x557c468d1480 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5aa20 | result: message symkey-key@0x557c468cd410 (44-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 28 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 28-bytes | base: base-key@0x557c468cd410 (44-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5aa08 | result: message symkey-key@0x557c468d4560 (28-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x557c468cd410 | PRF symkey interface PRF md5 update symkey message-key@0x557c468d4560 (size 28) | PRF symkey interface: symkey message-key@0x557c468d4560 (28-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x557c468cec90 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7fff72f5aa38 | result: result-key@0x557c468cd410 (92-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x557c468cec90 | PRF HMAC inner hash hash md5 inner-key@0x557c468cd410 (size 92) | PRF HMAC inner hash hash md5 init | PRF HMAC inner hash hash md5 digest inner-key@0x557c468cd410 (size 92) | PRF HMAC inner hash: inner-key@0x557c468cd410 (92-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC inner hash hash md5 final chunk@0x557c468d0730 (length 16) | c3 db 14 c0 65 f5 52 03 b0 33 c8 1a 69 7b 97 c5 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a8c0 | result: PRF HMAC inner hash-key@0x557c468d9650 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x557c468d9650 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a8a8 | result: PRF HMAC inner hash-key@0x557c468cec90 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC inner hash: release tmp-key@0x557c468d9650 | PRF symkey interface: release inner-key@0x557c468cd410 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x557c468d7990 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff72f5a930 | result: result-key@0x557c468cd410 (64-bytes, CONCATENATE_BASE_AND_DATA) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x557c468cd410 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7fff72f5a918 | result: result-key@0x557c468d9650 (80-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x557c468cd410 | PRF symkey interface: release hashed-inner-key@0x557c468cec90 | PRF symkey interface: release key-key@0x557c468d7990 | PRF HMAC outer hash hash md5 outer-key@0x557c468d9650 (size 80) | PRF HMAC outer hash hash md5 init | PRF HMAC outer hash hash md5 digest outer-key@0x557c468d9650 (size 80) | PRF HMAC outer hash: outer-key@0x557c468d9650 (80-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC outer hash hash md5 final chunk@0x557c468cbda0 (length 16) | 75 0c 78 3e 6a b0 b5 03 ea a8 6e 31 0a 5d b7 38 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a980 | result: PRF HMAC outer hash-key@0x557c468cec90 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x557c468cec90 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a968 | result: PRF HMAC outer hash-key@0x557c468d7990 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC outer hash: release tmp-key@0x557c468cec90 | PRF symkey interface: release outer-key@0x557c468d9650 | : hashed-outer-key@0x557c468d7990 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF symkey interface PRF md5 final-key@0x557c468d7990 (size 16) | PRF symkey interface: key-key@0x557c468d7990 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x557c468d7990 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 2104: MD5_HMAC test 2 extracting all 16 bytes of key@0x557c468d7990 | RFC 2104: MD5_HMAC test 2: symkey-key@0x557c468d7990 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | RFC 2104: MD5_HMAC test 2: new slot-key@0x557c468d1160 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1149555161: 69 21 52 ffffffa5 7a 0e ffffffef 07 ffffff92 ffffff98 ffffffb9 ffffffa2 67 ffffffd9 5c ffffffcb | RFC 2104: MD5_HMAC test 2: release slot-key-key@0x557c468d1160 | RFC 2104: MD5_HMAC test 2 extracted len 16 bytes at 0x557c468d0730 | unwrapped: 75 0c 78 3e 6a b0 b5 03 ea a8 6e 31 0a 5d b7 38 | verify_chunk_data: RFC 2104: MD5_HMAC test 2: ok | test_prf_vector: RFC 2104: MD5_HMAC test 2 passed | test_prf_vector: release symkey-key@0x557c468d7990 | test_prf_vector: release message-key@0x557c468d4560 | test_prf_vector: release key-key@0x557c468dafb0 | test_prf_vector: release output-key@NULL RFC 2104: MD5_HMAC test 3 | decode_to_chunk: test_prf_vector: input "0xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" | decode_to_chunk: output: | aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa | decode_to_chunk: test_prf_vector: input "0xDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD" | decode_to_chunk: output: | dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd | dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd | dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd | dd dd | decode_to_chunk: test_prf_vector: input "0x56be34521d144c88dbb8c733f0e8b3f6" | decode_to_chunk: output: | 56 be 34 52 1d 14 4c 88 db b8 c7 33 f0 e8 b3 f6 | PRF chunk interface PRF md5 init key-chunk@0x557c468d1480 (length 16) | aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a9a0 | result: PRF chunk interface-key@0x557c468d4560 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x557c468d4560 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a988 | result: PRF chunk interface-key@0x557c468dafb0 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF chunk interface: release tmp-key@0x557c468d4560 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c468dafb0 (16-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff72f5a8e0 | result: trimed key-key@0x557c468d4560 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x557c468dafb0 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x557c468d4560 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff72f5a920 | result: result-key@0x557c468dafb0 (64-bytes, CONCATENATE_BASE_AND_DATA) | PRF chunk interface PRF md5 crypt-prf@0x557c468cbda0 | PRF chunk interface PRF md5 update message-bytes@0x557c468d0770 (length 50) | dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd | dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd | dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd | dd dd | CONCATENATE_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x557c468dafb0 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 16-bytes@0x7fff72f5aa10 | result: message-key@0x557c468d7990 (114-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_bytes: release lhs-key@0x557c468dafb0 | PRF HMAC inner hash hash md5 inner-key@0x557c468d7990 (size 114) | PRF HMAC inner hash hash md5 init | PRF HMAC inner hash hash md5 digest inner-key@0x557c468d7990 (size 114) | PRF HMAC inner hash: inner-key@0x557c468d7990 (114-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC inner hash hash md5 final chunk@0x557c468d0960 (length 16) | 82 0a 6b 33 5d 18 7b 90 dc ba b1 7e f5 b4 26 ff | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a8a0 | result: PRF HMAC inner hash-key@0x557c468d9650 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x557c468d9650 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a888 | result: PRF HMAC inner hash-key@0x557c468dafb0 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC inner hash: release tmp-key@0x557c468d9650 | PRF chunk interface: release inner-key@0x557c468d7990 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x557c468d4560 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff72f5a910 | result: result-key@0x557c468d7990 (64-bytes, CONCATENATE_BASE_AND_DATA) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x557c468d7990 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7fff72f5a8f8 | result: result-key@0x557c468d9650 (80-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x557c468d7990 | PRF chunk interface: release hashed-inner-key@0x557c468dafb0 | PRF chunk interface: release key-key@0x557c468d4560 | PRF HMAC outer hash hash md5 init | PRF HMAC outer hash hash md5 digest outer-key@0x557c468d9650 (size 80) | PRF HMAC outer hash: outer-key@0x557c468d9650 (80-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC outer hash hash md5 final bytes@0x557c468cbcd0 (length 16) | 56 be 34 52 1d 14 4c 88 db b8 c7 33 f0 e8 b3 f6 | PRF chunk interface: release outer-key@0x557c468d9650 | PRF chunk interface PRF md5 final-chunk@0x557c468cbcd0 (length 16) | 56 be 34 52 1d 14 4c 88 db b8 c7 33 f0 e8 b3 f6 | chunk output 56 be 34 52 1d 14 4c 88 db b8 c7 33 f0 e8 b3 f6 | verify_chunk_data: RFC 2104: MD5_HMAC test 3: ok | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5aa20 | result: key symkey-key@0x557c468d4560 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x557c468d4560 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5aa08 | result: key symkey-key@0x557c468d9650 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x557c468d4560 | PRF symkey interface PRF md5 init key symkey-key@0x557c468d9650 (size 16) | PRF symkey interface: key symkey-key@0x557c468d9650 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF symkey interface: reference key-key@0x557c468d9650 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c468d9650 (16-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff72f5a8e0 | result: trimed key-key@0x557c468d4560 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x557c468d9650 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x557c468d4560 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff72f5a920 | result: result-key@0x557c468dafb0 (64-bytes, CONCATENATE_BASE_AND_DATA) | PRF symkey interface PRF md5 crypt-prf@0x557c468cbda0 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5aa20 | result: message symkey-key@0x557c468cec90 (66-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 50 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 50-bytes | base: base-key@0x557c468cec90 (66-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5aa08 | result: message symkey-key@0x557c468d7990 (50-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x557c468cec90 | PRF symkey interface PRF md5 update symkey message-key@0x557c468d7990 (size 50) | PRF symkey interface: symkey message-key@0x557c468d7990 (50-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x557c468dafb0 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7fff72f5aa38 | result: result-key@0x557c468cec90 (114-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x557c468dafb0 | PRF HMAC inner hash hash md5 inner-key@0x557c468cec90 (size 114) | PRF HMAC inner hash hash md5 init | PRF HMAC inner hash hash md5 digest inner-key@0x557c468cec90 (size 114) | PRF HMAC inner hash: inner-key@0x557c468cec90 (114-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC inner hash hash md5 final chunk@0x557c468d0800 (length 16) | 82 0a 6b 33 5d 18 7b 90 dc ba b1 7e f5 b4 26 ff | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a8c0 | result: PRF HMAC inner hash-key@0x557c468cd410 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x557c468cd410 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a8a8 | result: PRF HMAC inner hash-key@0x557c468dafb0 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC inner hash: release tmp-key@0x557c468cd410 | PRF symkey interface: release inner-key@0x557c468cec90 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x557c468d4560 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff72f5a930 | result: result-key@0x557c468cec90 (64-bytes, CONCATENATE_BASE_AND_DATA) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x557c468cec90 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7fff72f5a918 | result: result-key@0x557c468cd410 (80-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x557c468cec90 | PRF symkey interface: release hashed-inner-key@0x557c468dafb0 | PRF symkey interface: release key-key@0x557c468d4560 | PRF HMAC outer hash hash md5 outer-key@0x557c468cd410 (size 80) | PRF HMAC outer hash hash md5 init | PRF HMAC outer hash hash md5 digest outer-key@0x557c468cd410 (size 80) | PRF HMAC outer hash: outer-key@0x557c468cd410 (80-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC outer hash hash md5 final chunk@0x557c468d0750 (length 16) | 56 be 34 52 1d 14 4c 88 db b8 c7 33 f0 e8 b3 f6 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f5a980 | result: PRF HMAC outer hash-key@0x557c468dafb0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x557c468dafb0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f5a968 | result: PRF HMAC outer hash-key@0x557c468d4560 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC outer hash: release tmp-key@0x557c468dafb0 | PRF symkey interface: release outer-key@0x557c468cd410 | : hashed-outer-key@0x557c468d4560 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF symkey interface PRF md5 final-key@0x557c468d4560 (size 16) | PRF symkey interface: key-key@0x557c468d4560 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x557c468d4560 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 2104: MD5_HMAC test 3 extracting all 16 bytes of key@0x557c468d4560 | RFC 2104: MD5_HMAC test 3: symkey-key@0x557c468d4560 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | RFC 2104: MD5_HMAC test 3: new slot-key@0x557c468d1160 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1149555161: ffffff9c ffffffed 1a ffffffdd 1f ffffff9e 7a 4b ffffffbf 5b 00 63 ffffff84 fffffff8 ffffff9a 03 | RFC 2104: MD5_HMAC test 3: release slot-key-key@0x557c468d1160 | RFC 2104: MD5_HMAC test 3 extracted len 16 bytes at 0x557c468d0800 | unwrapped: 56 be 34 52 1d 14 4c 88 db b8 c7 33 f0 e8 b3 f6 | verify_chunk_data: RFC 2104: MD5_HMAC test 3: ok | test_prf_vector: RFC 2104: MD5_HMAC test 3 passed | test_prf_vector: release symkey-key@0x557c468d4560 | test_prf_vector: release message-key@0x557c468d7990 | test_prf_vector: release key-key@0x557c468d9650 | test_prf_vector: release output-key@NULL 8 CPU cores online starting up 7 crypto helpers started thread for crypto helper 0 started thread for crypto helper 1 started thread for crypto helper 2 started thread for crypto helper 3 started thread for crypto helper 4 started thread for crypto helper 5 started thread for crypto helper 6 | checking IKEv1 state table | MAIN_R0: category: half-open IKE SA flags: 0: | -> MAIN_R1 EVENT_SO_DISCARD | MAIN_I1: category: half-open IKE SA flags: 0: | -> MAIN_I2 EVENT_RETRANSMIT | MAIN_R1: category: open IKE SA flags: 200: | -> MAIN_R2 EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | MAIN_I2: category: open IKE SA flags: 0: | -> MAIN_I3 EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | MAIN_R2: category: open IKE SA flags: 0: | -> MAIN_R3 EVENT_SA_REPLACE | -> MAIN_R3 EVENT_SA_REPLACE | -> UNDEFINED EVENT_SA_REPLACE | MAIN_I3: category: open IKE SA flags: 0: | -> MAIN_I4 EVENT_SA_REPLACE | -> MAIN_I4 EVENT_SA_REPLACE | -> UNDEFINED EVENT_SA_REPLACE | MAIN_R3: category: established IKE SA flags: 200: | -> UNDEFINED EVENT_NULL | MAIN_I4: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | AGGR_R0: category: half-open IKE SA flags: 0: | -> AGGR_R1 EVENT_SO_DISCARD | AGGR_I1: category: half-open IKE SA flags: 0: | -> AGGR_I2 EVENT_SA_REPLACE | -> AGGR_I2 EVENT_SA_REPLACE | AGGR_R1: category: open IKE SA flags: 200: | -> AGGR_R2 EVENT_SA_REPLACE | -> AGGR_R2 EVENT_SA_REPLACE | AGGR_I2: category: established IKE SA flags: 200: | -> UNDEFINED EVENT_NULL | AGGR_R2: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | QUICK_R0: category: established CHILD SA flags: 0: | -> QUICK_R1 EVENT_RETRANSMIT | QUICK_I1: category: established CHILD SA flags: 0: | -> QUICK_I2 EVENT_SA_REPLACE | QUICK_R1: category: established CHILD SA flags: 0: | -> QUICK_R2 EVENT_SA_REPLACE | QUICK_I2: category: established CHILD SA flags: 200: | -> UNDEFINED EVENT_NULL | QUICK_R2: category: established CHILD SA flags: 0: | -> UNDEFINED EVENT_NULL | INFO: category: informational flags: 0: | -> UNDEFINED EVENT_NULL | INFO_PROTECTED: category: informational flags: 0: | -> UNDEFINED EVENT_NULL | XAUTH_R0: category: established IKE SA flags: 0: | -> XAUTH_R1 EVENT_NULL | XAUTH_R1: category: established IKE SA flags: 0: | -> MAIN_R3 EVENT_SA_REPLACE | MODE_CFG_R0: category: informational flags: 0: | -> MODE_CFG_R1 EVENT_SA_REPLACE | MODE_CFG_R1: category: established IKE SA flags: 0: | -> MODE_CFG_R2 EVENT_SA_REPLACE | MODE_CFG_R2: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | MODE_CFG_I1: category: established IKE SA flags: 0: | -> MAIN_I4 EVENT_SA_REPLACE | XAUTH_I0: category: established IKE SA flags: 0: | -> XAUTH_I1 EVENT_RETRANSMIT | XAUTH_I1: category: established IKE SA flags: 0: | -> MAIN_I4 EVENT_RETRANSMIT | checking IKEv2 state table | PARENT_I0: category: ignore flags: 0: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) | PARENT_I1: category: half-open IKE SA flags: 0: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) | PARENT_I2: category: open IKE SA flags: 0: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) | PARENT_I3: category: established IKE SA flags: 0: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) | PARENT_R0: category: half-open IKE SA flags: 0: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) | PARENT_R1: category: half-open IKE SA flags: 0: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) | PARENT_R2: category: established IKE SA flags: 0: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) | V2_CREATE_I0: category: established IKE SA flags: 0: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) | V2_CREATE_I: category: established IKE SA flags: 0: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) | V2_REKEY_IKE_I: category: established IKE SA flags: 0: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: | V2_CREATE_R: category: established IKE SA flags: 0: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) | V2_REKEY_IKE_R: category: established IKE SA flags: 0: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: | V2_IPSEC_I: category: established CHILD SA flags: 0: | V2_IPSEC_R: category: established CHILD SA flags: 0: | IKESA_DEL: category: established IKE SA flags: 0: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) | CHILDSA_DEL: category: informational flags: 0: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+ | Hard-wiring algorithms | adding AES_CCM_16 to kernel algorithm db | adding AES_CCM_12 to kernel algorithm db | adding AES_CCM_8 to kernel algorithm db | adding 3DES_CBC to kernel algorithm db | adding CAMELLIA_CBC to kernel algorithm db | adding AES_GCM_16 to kernel algorithm db | adding AES_GCM_12 to kernel algorithm db | adding AES_GCM_8 to kernel algorithm db | adding AES_CTR to kernel algorithm db | adding AES_CBC to kernel algorithm db | adding SERPENT_CBC to kernel algorithm db | adding TWOFISH_CBC to kernel algorithm db | adding NULL_AUTH_AES_GMAC to kernel algorithm db | adding NULL to kernel algorithm db | adding CHACHA20_POLY1305 to kernel algorithm db | adding HMAC_MD5_96 to kernel algorithm db | adding HMAC_SHA1_96 to kernel algorithm db | adding HMAC_SHA2_512_256 to kernel algorithm db | adding HMAC_SHA2_384_192 to kernel algorithm db | adding HMAC_SHA2_256_128 to kernel algorithm db | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db | adding AES_XCBC_96 to kernel algorithm db | adding AES_CMAC_96 to kernel algorithm db | adding NONE to kernel algorithm db | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds | setup kernel fd callback | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x557c468d0770 | libevent_malloc: new ptr-libevent@0x557c468dd400 size 128 | libevent_malloc: new ptr-libevent@0x557c468cbda0 size 16 | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x557c468cb7b0 | libevent_malloc: new ptr-libevent@0x557c468dd490 size 128 | libevent_malloc: new ptr-libevent@0x557c468d0800 size 16 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c4487146b (length 11) | 4b 41 4d 45 2f 72 61 63 6f 6f 6e | vendor id hash md5 final bytes@0x557c468d0550 (length 16) | 70 03 cb c1 09 7d be 9c 26 00 ba 69 83 bc 8b 35 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44872260 (length 46) | 4e 4c 42 53 5f 50 52 45 53 45 4e 54 28 4e 4c 42 | 2f 4d 53 43 53 20 66 61 73 74 20 66 61 69 6c 6f | 76 65 72 20 73 75 70 70 6f 72 74 65 64 29 | vendor id hash md5 final bytes@0x557c468d11f0 (length 16) | ec 22 62 b5 12 32 63 83 67 12 3b ce 3d 37 3c 5e | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44872290 (length 32) | 4d 53 2d 4d 61 6d 69 65 45 78 69 73 74 73 28 41 | 75 74 68 49 50 20 73 75 70 70 6f 72 74 65 64 29 | vendor id hash md5 final bytes@0x557c468d0730 (length 16) | 6f fe a4 ae ec 37 f4 9a 02 6f 97 cf b5 53 30 6d | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c448715ee (length 17) | 49 4b 45 20 43 47 41 20 76 65 72 73 69 6f 6e 20 | 31 | vendor id hash md5 final bytes@0x557c468cbcd0 (length 16) | e3 a5 96 6a 76 37 9f e7 07 22 82 31 e5 ce 86 52 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c448722b8 (length 32) | 4d 53 2d 4e 65 67 6f 74 69 61 74 69 6f 6e 20 44 | 69 73 63 6f 76 65 72 79 20 43 61 70 61 62 6c 65 | vendor id hash md5 final bytes@0x557c468d1480 (length 16) | fb 1d e3 cd f3 41 b7 ea 16 b7 e5 be 08 55 f1 20 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871600 (length 23) | 4d 69 63 72 6f 73 6f 66 74 20 58 62 6f 78 20 4f | 6e 65 20 32 30 31 33 | vendor id hash md5 final bytes@0x557c468d9790 (length 16) | 8a a3 94 cf 8a 55 77 dc 31 10 c1 13 b0 27 a4 f2 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871618 (length 22) | 58 62 6f 78 20 49 4b 45 76 32 20 4e 65 67 6f 74 | 69 61 74 69 6f 6e | vendor id hash md5 final bytes@0x557c468d07b0 (length 16) | aa 28 1f cc d6 8c f8 a8 dc b8 5c c0 a7 10 40 2a | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c4487162f (length 28) | 4d 53 46 54 20 49 50 73 65 63 20 53 65 63 75 72 | 69 74 79 20 52 65 61 6c 6d 20 49 64 | vendor id hash md5 final bytes@0x557c468cbbe0 (length 16) | 68 6a 8c bd fe 63 4b 40 51 46 fb 2b af 33 e9 e8 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c448722e0 (length 39) | 41 20 47 53 53 2d 41 50 49 20 41 75 74 68 65 6e | 74 69 63 61 74 69 6f 6e 20 4d 65 74 68 6f 64 20 | 66 6f 72 20 49 4b 45 | vendor id hash md5 final bytes@0x557c468d97b0 (length 16) | ad 2c 0d d0 b9 c3 20 83 cc ba 25 b8 86 1e c4 55 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c4487164c (length 6) | 47 53 53 41 50 49 | vendor id hash md5 final bytes@0x557c468dd6a0 (length 16) | 62 1b 04 bb 09 88 2a c1 e1 59 35 fe fa 24 ae ee | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871653 (length 12) | 53 53 48 20 53 65 6e 74 69 6e 65 6c | vendor id hash md5 final bytes@0x557c468dd6c0 (length 16) | 05 41 82 a0 7c 7a e2 06 f9 d2 cf 9d 24 32 c4 82 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871660 (length 16) | 53 53 48 20 53 65 6e 74 69 6e 65 6c 20 31 2e 31 | vendor id hash md5 final bytes@0x557c468dd6e0 (length 16) | b9 16 23 e6 93 ca 18 a5 4c 6a 27 78 55 23 05 e8 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871671 (length 16) | 53 53 48 20 53 65 6e 74 69 6e 65 6c 20 31 2e 32 | vendor id hash md5 final bytes@0x557c468dd700 (length 16) | 54 30 88 8d e0 1a 31 a6 fa 8f 60 22 4e 44 99 58 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871682 (length 16) | 53 53 48 20 53 65 6e 74 69 6e 65 6c 20 31 2e 33 | vendor id hash md5 final bytes@0x557c468dd720 (length 16) | 7e e5 cb 85 f7 1c e2 59 c9 4a 5c 73 1e e4 e7 52 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871693 (length 16) | 53 53 48 20 53 65 6e 74 69 6e 65 6c 20 31 2e 34 | vendor id hash md5 final bytes@0x557c468dd740 (length 16) | 63 d9 a1 a7 00 94 91 b5 a0 a6 fd eb 2a 82 84 f0 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c448716a4 (length 18) | 53 53 48 20 53 65 6e 74 69 6e 65 6c 20 31 2e 34 | 2e 31 | vendor id hash md5 final bytes@0x557c468dd760 (length 16) | eb 4b 0d 96 27 6b 4e 22 0a d1 62 21 a7 b2 a5 e6 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44872308 (length 55) | 53 73 68 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 31 2e 31 2e 30 | vendor id hash md5 final bytes@0x557c468dd780 (length 16) | fb f4 76 14 98 40 31 fa 8e 3b b6 19 80 89 b2 23 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44872340 (length 55) | 53 73 68 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 31 2e 31 2e 31 | vendor id hash md5 final bytes@0x557c468dd7a0 (length 16) | 19 52 dc 91 ac 20 f6 46 fb 01 cf 42 a3 3a ee 30 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44872378 (length 55) | 53 73 68 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 31 2e 31 2e 32 | vendor id hash md5 final bytes@0x557c468dd7c0 (length 16) | e8 bf fa 64 3e 5c 8f 2c d1 0f da 73 70 b6 eb e5 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c448723b0 (length 55) | 53 73 68 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 31 2e 32 2e 31 | vendor id hash md5 final bytes@0x557c468dd7e0 (length 16) | c1 11 1b 2d ee 8c bc 3d 62 05 73 ec 57 aa b9 cb | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c448723e8 (length 55) | 53 73 68 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 31 2e 32 2e 32 | vendor id hash md5 final bytes@0x557c468dd800 (length 16) | 09 ec 27 bf bc 09 c7 58 23 cf ec bf fe 56 5a 2e | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44872420 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 32 2e 30 2e 30 | vendor id hash md5 final bytes@0x557c468dd820 (length 16) | 7f 21 a5 96 e4 e3 18 f0 b2 f4 94 4c 23 84 cb 84 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44872458 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 32 2e 31 2e 30 | vendor id hash md5 final bytes@0x557c468dd840 (length 16) | 28 36 d1 fd 28 07 bc 9e 5a e3 07 86 32 04 51 ec | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44872490 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 32 2e 31 2e 31 | vendor id hash md5 final bytes@0x557c468dd860 (length 16) | a6 8d e7 56 a9 c5 22 9b ae 66 49 80 40 95 1a d5 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c448724c8 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 32 2e 31 2e 32 | vendor id hash md5 final bytes@0x557c468dd880 (length 16) | 3f 23 72 86 7e 23 7c 1c d8 25 0a 75 55 9c ae 20 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44872500 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 33 2e 30 2e 30 | vendor id hash md5 final bytes@0x557c468dd8a0 (length 16) | 0e 58 d5 77 4d f6 02 00 7d 0b 02 44 36 60 f7 eb | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44872538 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 33 2e 30 2e 31 | vendor id hash md5 final bytes@0x557c468dd8c0 (length 16) | f5 ce 31 eb c2 10 f4 43 50 cf 71 26 5b 57 38 0f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44872570 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 34 2e 30 2e 30 | vendor id hash md5 final bytes@0x557c468dd8e0 (length 16) | f6 42 60 af 2e 27 42 da dd d5 69 87 06 8a 99 a0 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c448725a8 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 34 2e 30 2e 31 | vendor id hash md5 final bytes@0x557c468dd900 (length 16) | 7a 54 d3 bd b3 b1 e6 d9 23 89 20 64 be 2d 98 1c | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c448725e0 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 34 2e 31 2e 30 | vendor id hash md5 final bytes@0x557c468dd920 (length 16) | 9a a1 f3 b4 34 72 a4 5d 5f 50 6a eb 26 0c f2 14 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44872618 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 34 2e 32 2e 30 | vendor id hash md5 final bytes@0x557c468dd940 (length 16) | 68 80 c7 d0 26 09 91 14 e4 86 c5 54 30 e7 ab ee | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44872650 (length 41) | 4c 69 6e 75 78 20 46 72 65 65 53 2f 57 41 4e 20 | 32 2e 30 30 20 50 4c 55 54 4f 5f 53 45 4e 44 53 | 5f 56 45 4e 44 4f 52 49 44 | vendor id hash md5 final bytes@0x7fff72f5ab10 (length 16) | 44 76 1b d7 6b 80 85 41 74 87 ee 8a 51 cf fc f3 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44872680 (length 53) | 4c 69 6e 75 78 20 46 72 65 65 53 2f 57 41 4e 20 | 32 2e 30 30 20 58 2e 35 30 39 2d 31 2e 33 2e 31 | 20 50 4c 55 54 4f 5f 53 45 4e 44 53 5f 56 45 4e | 44 4f 52 49 44 | vendor id hash md5 final bytes@0x7fff72f5ab10 (length 16) | b7 0e 8a c3 92 b1 6e 05 48 2f c4 dc 36 10 91 68 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c448726b8 (length 58) | 4c 69 6e 75 78 20 46 72 65 65 53 2f 57 41 4e 20 | 32 2e 30 30 20 58 2e 35 30 39 2d 31 2e 33 2e 31 | 20 4c 44 41 50 20 50 4c 55 54 4f 5f 53 45 4e 44 | 53 5f 56 45 4e 44 4f 52 49 44 | vendor id hash md5 final bytes@0x7fff72f5ab10 (length 16) | 97 1d ea 93 c3 c2 06 74 f9 ae 35 40 83 de 3e 2f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871791 (length 14) | 4f 70 65 6e 73 77 61 6e 20 32 2e 32 2e 30 | vendor id hash md5 final bytes@0x7fff72f5ab10 (length 16) | 08 72 0b ee 9e 28 95 3c e0 8f 0a 18 b6 e2 9d da | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44872720 (length 37) | 64 72 61 66 74 2d 73 74 65 6e 62 65 72 67 2d 69 | 70 73 65 63 2d 6e 61 74 2d 74 72 61 76 65 72 73 | 61 6c 2d 30 31 | vendor id hash md5 final bytes@0x557c468ddb40 (length 16) | 27 ba b5 dc 01 ea 07 60 ea 4e 31 90 ac 27 c0 d0 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44872748 (length 37) | 64 72 61 66 74 2d 73 74 65 6e 62 65 72 67 2d 69 | 70 73 65 63 2d 6e 61 74 2d 74 72 61 76 65 72 73 | 61 6c 2d 30 32 | vendor id hash md5 final bytes@0x557c468ddb60 (length 16) | 61 05 c4 22 e7 68 47 e4 3f 96 84 80 12 92 ae cd | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c448717b9 (length 10) | 45 53 50 54 68 72 75 4e 41 54 | vendor id hash md5 final bytes@0x557c468ddb80 (length 16) | 50 76 0f 62 4c 63 e5 c5 3e ea 38 6c 68 5c a0 83 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44872770 (length 38) | 64 72 61 66 74 2d 68 75 74 74 75 6e 65 6e 2d 69 | 70 73 65 63 2d 65 73 70 2d 69 6e 2d 75 64 70 2d | 30 30 2e 74 78 74 | vendor id hash md5 final bytes@0x557c468ddba0 (length 16) | 6a 74 34 c1 9d 7e 36 34 80 90 a0 23 34 c9 c8 05 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c448717c4 (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 30 | vendor id hash md5 final bytes@0x557c468ddbc0 (length 16) | 44 85 15 2d 18 b6 bb cd 0b e8 a8 46 95 79 dd cc | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c448717e2 (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 31 | vendor id hash md5 final bytes@0x557c468ddbe0 (length 16) | 16 f6 ca 16 e4 a4 06 6d 83 82 1a 0f 0a ea a8 62 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871800 (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 32 | vendor id hash md5 final bytes@0x557c468ddc00 (length 16) | cd 60 46 43 35 df 21 f8 7c fd b2 fc 68 b6 a4 48 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44872798 (length 30) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 32 0a | vendor id hash md5 final bytes@0x557c468ddc20 (length 16) | 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c4487181e (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 33 | vendor id hash md5 final bytes@0x557c468ddc40 (length 16) | 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c4487183c (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 34 | vendor id hash md5 final bytes@0x557c468ddc60 (length 16) | 99 09 b6 4e ed 93 7c 65 73 de 52 ac e9 52 fa 6b | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c4487185a (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 35 | vendor id hash md5 final bytes@0x557c468ddc80 (length 16) | 80 d0 bb 3d ef 54 56 5e e8 46 45 d4 c8 5c e3 ee | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871878 (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 36 | vendor id hash md5 final bytes@0x557c468ddca0 (length 16) | 4d 1e 0e 13 6d ea fa 34 c4 f3 ea 9f 02 ec 72 85 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871896 (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 37 | vendor id hash md5 final bytes@0x557c468ddcc0 (length 16) | 43 9b 59 f8 ba 67 6c 4c 77 37 ae 22 ea b8 f5 82 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c448718b4 (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 38 | vendor id hash md5 final bytes@0x557c468ddce0 (length 16) | 8f 8d 83 82 6d 24 6b 6f c7 a8 a6 a4 28 c1 1d e8 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c448718d2 (length 26) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 | vendor id hash md5 final bytes@0x557c468ddd00 (length 16) | 4d f3 79 28 e9 fc 4f d1 b3 26 21 70 d5 15 c6 62 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c448718ed (length 8) | 52 46 43 20 33 39 34 37 | vendor id hash md5 final bytes@0x557c468ddd20 (length 16) | 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c4487a707 (length 13) | 46 52 41 47 4d 45 4e 54 41 54 49 4f 4e | vendor id hash md5 final bytes@0x557c468dd9a0 (length 16) | 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c4487199d (length 19) | 56 69 64 2d 49 6e 69 74 69 61 6c 2d 43 6f 6e 74 | 61 63 74 | vendor id hash md5 final bytes@0x557c468dd9e0 (length 16) | 26 24 4d 38 ed db 61 b3 17 2a 36 e3 d0 cf b8 19 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c448722b8 (length 32) | 4d 53 2d 4e 65 67 6f 74 69 61 74 69 6f 6e 20 44 | 69 73 63 6f 76 65 72 79 20 43 61 70 61 62 6c 65 | vendor id hash md5 final bytes@0x557c468dd9c0 (length 16) | fb 1d e3 cd f3 41 b7 ea 16 b7 e5 be 08 55 f1 20 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c448715ee (length 17) | 49 4b 45 20 43 47 41 20 76 65 72 73 69 6f 6e 20 | 31 | vendor id hash md5 final bytes@0x557c468dda70 (length 16) | e3 a5 96 6a 76 37 9f e7 07 22 82 31 e5 ce 86 52 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c448719b1 (length 14) | 4d 53 2d 4d 61 6d 69 65 45 78 69 73 74 73 | vendor id hash md5 final bytes@0x557c468dda90 (length 16) | 21 4c a4 fa ff a7 f3 2d 67 48 e5 30 33 95 ae 83 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44860bfd (length 10) | 73 74 72 6f 6e 67 53 77 61 6e | vendor id hash md5 final bytes@0x557c468ddab0 (length 16) | 88 2f e5 6d 6f d2 0d bc 22 51 61 3b 2e be 5b eb | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c448719c0 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 30 | vendor id hash md5 final bytes@0x557c468dda50 (length 16) | 2c e9 c9 46 a4 c8 79 bf 11 b5 0b 76 cc 56 92 cb | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c448719d1 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 31 | vendor id hash md5 final bytes@0x557c468ddee0 (length 16) | 9d bb af cf 1d b0 dd 59 5a e0 65 29 40 03 ad 3e | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c448719e2 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 32 | vendor id hash md5 final bytes@0x557c468ddf00 (length 16) | 77 e8 ee a6 f5 56 a4 99 de 3f fe 7f 7f 95 66 1c | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c448719f3 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 33 | vendor id hash md5 final bytes@0x557c468ddf20 (length 16) | b1 81 b1 8e 11 4f c2 09 b3 c6 e2 6c 3a 80 71 8e | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871a04 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 34 | vendor id hash md5 final bytes@0x557c468ddf40 (length 16) | 1e f2 83 f8 35 49 b5 ff 96 08 b6 d6 34 f8 4d 75 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871a15 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 35 | vendor id hash md5 final bytes@0x557c468ddf60 (length 16) | dd 18 0d 21 e5 ce 65 5a 76 8b a3 22 11 dd 8a d9 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871a26 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 36 | vendor id hash md5 final bytes@0x557c468ddf80 (length 16) | 4c 90 13 69 46 57 7b 51 91 9d 8d 9a 6b 8e 4a 9f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871a37 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 37 | vendor id hash md5 final bytes@0x557c468ddfa0 (length 16) | ab 07 46 22 1c c8 fd 0d 52 38 f7 3a 9b 3d a5 57 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871a48 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 30 | vendor id hash md5 final bytes@0x557c468ddfc0 (length 16) | 47 94 ce f6 84 34 22 98 0d 1a 3d 06 af 41 c5 cd | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871a59 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 31 | vendor id hash md5 final bytes@0x557c468ddfe0 (length 16) | d3 f1 c4 88 c3 68 17 5d 5f 40 a8 f5 ca 5f 5e 12 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871a6a (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 32 | vendor id hash md5 final bytes@0x557c468de000 (length 16) | 15 a1 ac e7 ee 52 fd df ef 04 f9 28 db 2d d1 34 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871a7b (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 33 | vendor id hash md5 final bytes@0x557c468de020 (length 16) | 58 49 ab 6d 8b ea bd 6e 4d 09 e5 a3 b8 8c 08 9a | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871a8c (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 34 | vendor id hash md5 final bytes@0x557c468de040 (length 16) | 31 2f 9c b1 a6 b9 0e 19 de 75 28 c9 04 ac 30 87 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871a9d (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 35 | vendor id hash md5 final bytes@0x557c468de060 (length 16) | bf 0f bf 73 06 eb b7 82 70 42 d8 93 53 98 86 e2 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871aae (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 36 | vendor id hash md5 final bytes@0x557c468de080 (length 16) | d1 96 83 36 8a f4 b0 ed c2 1c cd e9 82 b1 d1 b0 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871abf (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 37 | vendor id hash md5 final bytes@0x557c468de0a0 (length 16) | ea 84 0a a4 df c9 71 2d 6c 32 b5 a1 6e b3 29 a3 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871ad0 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 38 | vendor id hash md5 final bytes@0x557c468de0c0 (length 16) | 66 a2 04 55 07 c1 19 da 78 a4 66 62 59 cd ea 48 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871ae1 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 39 | vendor id hash md5 final bytes@0x557c468de0e0 (length 16) | 78 fd d2 87 de f0 1a 3f 07 4b 53 69 ea b4 fd 1c | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871af2 (length 17) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 31 | 30 | vendor id hash md5 final bytes@0x557c468de100 (length 16) | bf 3a 89 ae 5b ef 8e 72 d4 4d ac 8b b8 8d 7d 5f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871b04 (length 17) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 31 | 31 | vendor id hash md5 final bytes@0x557c468de120 (length 16) | b7 bd 9f 2f 97 8e 32 59 a7 aa 9f 7a 13 96 ad 6c | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871b16 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 32 2e 30 | vendor id hash md5 final bytes@0x557c468de140 (length 16) | 9f 68 90 13 25 a9 72 89 43 35 30 2a 95 31 ab 9f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871b27 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 32 2e 31 | vendor id hash md5 final bytes@0x557c468de160 (length 16) | ba b2 53 f4 cb 10 a8 10 8a 7c 92 7c 56 c8 78 86 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871b38 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 32 2e 32 | vendor id hash md5 final bytes@0x557c468de180 (length 16) | 2a 51 7d 0d 23 c3 7d 08 bc e7 c2 92 a0 21 7b 39 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871b49 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 32 2e 33 | vendor id hash md5 final bytes@0x557c468de1a0 (length 16) | 2d 1f 40 61 18 fb d5 d2 84 74 79 1f fa 00 48 8a | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871b5a (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 38 | vendor id hash md5 final bytes@0x557c468de1c0 (length 16) | 8c 4a 3b cb 72 9b 11 f7 03 d2 2a 5b 39 64 0c a8 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871b6b (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 37 | vendor id hash md5 final bytes@0x557c468de1e0 (length 16) | 3a 0d 4e 7c a4 e4 92 ed 4d fe 47 6d 1a c6 01 8b | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871b7c (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 36 | vendor id hash md5 final bytes@0x557c468de200 (length 16) | fe 3f 49 70 6e 26 a9 fb 36 a8 7b fc e9 ea 36 ce | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871b8d (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 35 | vendor id hash md5 final bytes@0x557c468de220 (length 16) | 4c 7e fa 31 b3 9e 51 04 32 a3 17 57 0d 97 bb b9 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871b9e (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 34 | vendor id hash md5 final bytes@0x557c468de240 (length 16) | 76 c7 2b fd 39 84 24 dd 00 1b 86 d0 01 2f e0 61 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871baf (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 33 | vendor id hash md5 final bytes@0x557c468de260 (length 16) | fb 46 41 ad 0e eb 2a 34 49 1d 15 f4 ef f5 10 63 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871bc0 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 32 | vendor id hash md5 final bytes@0x557c468de280 (length 16) | 29 99 32 27 7b 7d fe 38 2c e2 34 65 33 3a 7d 23 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871bd1 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 31 | vendor id hash md5 final bytes@0x557c468de2a0 (length 16) | e3 7f 2d 5b a8 9a 62 cd 20 2e e2 7d ac 06 c8 a8 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871be2 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 30 | vendor id hash md5 final bytes@0x557c468de2c0 (length 16) | 32 f0 e9 b9 c0 6d fe 8c 9a d5 59 9a 63 69 71 a1 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871bf3 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 37 2e 33 | vendor id hash md5 final bytes@0x557c468de2e0 (length 16) | 7f 50 cc 4e bf 04 c2 d9 da 73 ab fd 69 b7 7a a2 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871c04 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 37 2e 32 | vendor id hash md5 final bytes@0x557c468de300 (length 16) | a1 94 e2 aa dd d0 ba fb 95 25 3d d9 6d c7 33 eb | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871c15 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 37 2e 31 | vendor id hash md5 final bytes@0x557c468de320 (length 16) | 81 34 87 85 82 12 17 85 ba 65 ea 34 5d 6b a7 24 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871c26 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 37 2e 30 | vendor id hash md5 final bytes@0x557c468de340 (length 16) | 07 fa 12 8e 47 54 f9 44 7b 1d d4 63 74 ee f3 60 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871c37 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 36 2e 34 | vendor id hash md5 final bytes@0x557c468de360 (length 16) | b9 27 f9 52 19 a0 fe 36 00 db a3 c1 18 2a e5 5f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871c48 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 36 2e 33 | vendor id hash md5 final bytes@0x557c468de380 (length 16) | b2 86 0e 78 37 f7 11 be f3 d0 ee b1 06 87 2d ed | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871c59 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 36 2e 32 | vendor id hash md5 final bytes@0x557c468de3a0 (length 16) | 5b 1c d6 fe 7d 05 0e da 6c 93 87 1c 10 7d b3 d2 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871c6a (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 36 2e 31 | vendor id hash md5 final bytes@0x557c468de3c0 (length 16) | 66 af bc 12 bb fe 6c e1 08 b1 f6 9f 4b c9 17 b7 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871c7b (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 36 2e 30 | vendor id hash md5 final bytes@0x557c468de3e0 (length 16) | 3f 32 66 49 9f fd bd 85 95 0e 70 22 98 06 28 44 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871c8c (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 37 | vendor id hash md5 final bytes@0x557c468de400 (length 16) | 1f 44 42 29 6b 83 d7 e3 3a 8b 45 20 9b a0 e5 90 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871c9d (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 36 | vendor id hash md5 final bytes@0x557c468de420 (length 16) | 3c 5e ba 3d 85 64 92 8e 32 ae 43 c3 d9 92 4d ee | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871cae (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 35 | vendor id hash md5 final bytes@0x557c468de440 (length 16) | 3f 26 7e d6 21 ad a7 ee 6c 7d 88 93 cc b0 b1 4b | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871cbf (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 34 | vendor id hash md5 final bytes@0x557c468de460 (length 16) | 7a 6b f5 b7 df 89 64 2a 75 a7 8e f7 d6 57 c1 c0 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871cd0 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 33 | vendor id hash md5 final bytes@0x557c468de480 (length 16) | df 5b 1f 0f 1d 56 79 d9 f8 51 2b 16 c5 5a 60 65 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871ce1 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 32 | vendor id hash md5 final bytes@0x557c468de4a0 (length 16) | 86 1c e5 eb 72 16 4b 19 0e 9e 62 9a 31 cf 49 01 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871cf2 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 31 | vendor id hash md5 final bytes@0x557c468de4c0 (length 16) | 9a 4a 46 48 f6 0f 8e da 7c fc bf e2 71 ee 5b 7d | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871d03 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 30 | vendor id hash md5 final bytes@0x557c468de4e0 (length 16) | 9e b3 d9 07 ed 7a da 4e 3c bc ac b9 17 ab c8 e4 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871d14 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 34 2e 34 | vendor id hash md5 final bytes@0x557c468de500 (length 16) | 48 5a 70 36 1b 44 33 b3 1d ea 1c 6b e0 df 24 3e | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871d25 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 34 2e 33 | vendor id hash md5 final bytes@0x557c468de520 (length 16) | 98 2b 7a 06 3a 33 c1 43 a8 ea dc 88 24 9f 6b cc | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871d36 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 34 2e 32 | vendor id hash md5 final bytes@0x557c468de540 (length 16) | e7 a3 fd 0c 6d 77 1a 8f 1b 8a 86 a4 16 9c 9e a4 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871d47 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 34 2e 31 | vendor id hash md5 final bytes@0x557c468de560 (length 16) | 75 b0 65 3c b2 81 eb 26 d3 1e de 38 c8 e1 e2 28 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871d58 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 34 2e 30 | vendor id hash md5 final bytes@0x557c468de580 (length 16) | e8 29 c8 81 49 ba b3 c0 ce e8 5d a6 0e 18 ae 9b | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871d69 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 33 2e 32 | vendor id hash md5 final bytes@0x557c468de5a0 (length 16) | 42 a4 83 4c 92 ab 9a 77 77 06 3a fa 25 4b cb 69 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871d7a (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 33 2e 31 | vendor id hash md5 final bytes@0x557c468de5c0 (length 16) | f6 97 c1 af cc 2e c8 dd cd f9 9d c7 af 03 a6 7f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871d8b (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 33 2e 30 | vendor id hash md5 final bytes@0x557c468de5e0 (length 16) | b8 f9 2b 2f a2 d3 fe 5f e1 58 34 4b da 1c c6 ae | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871d9c (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 32 2e 32 | vendor id hash md5 final bytes@0x557c468de600 (length 16) | 99 dc 7c c8 23 37 6b 3b 33 d0 43 57 89 6a e0 7b | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871dad (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 32 2e 31 | vendor id hash md5 final bytes@0x557c468de620 (length 16) | d9 11 8b 1e 9d e5 ef ce d9 cc 9d 88 3f 21 68 ff | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c44871dbe (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 32 2e 30 | vendor id hash md5 final bytes@0x557c468de640 (length 16) | 85 b6 cb ec 48 0d 5c 8c d9 88 2c 82 5a c2 c2 44 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x557c4487a707 (length 13) | 46 52 41 47 4d 45 4e 54 41 54 49 4f 4e | vendor id hash md5 final bytes@0x557c468de660 (length 16) | 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 | global one-shot timer EVENT_CHECK_CRLS initialized selinux support is enabled. systemd watchdog not enabled - not sending watchdog keepalives | unbound context created - setting debug level to 5 | /etc/hosts lookups activated | /etc/resolv.conf usage activated | outgoing-port-avoid set 0-65535 | outgoing-port-permit set 32768-60999 | Loading dnssec root key from:/var/lib/unbound/root.key | No additional dnssec trust anchors defined via dnssec-trusted= option | Setting up events, loop start | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x557c468d0680 | libevent_malloc: new ptr-libevent@0x557c468e7940 size 128 | libevent_malloc: new ptr-libevent@0x557c468e79d0 size 16 | libevent_realloc: new ptr-libevent@0x557c4684b6c0 size 256 | libevent_malloc: new ptr-libevent@0x557c468e79f0 size 8 | libevent_realloc: new ptr-libevent@0x557c468dc790 size 144 | libevent_malloc: new ptr-libevent@0x557c468e7a10 size 152 | libevent_malloc: new ptr-libevent@0x557c468e7ab0 size 16 | signal event handler PLUTO_SIGCHLD installed | libevent_malloc: new ptr-libevent@0x557c468e7ad0 size 8 | libevent_malloc: new ptr-libevent@0x557c468e7af0 size 152 | signal event handler PLUTO_SIGTERM installed | libevent_malloc: new ptr-libevent@0x557c468e7b90 size 8 | libevent_malloc: new ptr-libevent@0x557c468e7bb0 size 152 | signal event handler PLUTO_SIGHUP installed | libevent_malloc: new ptr-libevent@0x557c468e7c50 size 8 | libevent_realloc: release ptr-libevent@0x557c468dc790 | libevent_realloc: new ptr-libevent@0x557c468e7c70 size 256 | libevent_malloc: new ptr-libevent@0x557c468dc790 size 152 | signal event handler PLUTO_SIGSYS installed | created addconn helper (pid:8950) using fork+execve | forked child 8950 | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | pluto_sd: executing action action: reloading(4), status 0 listening for IKE messages | Inspecting interface lo | found lo with address 127.0.0.1 | Inspecting interface eth0 | found eth0 with address 192.0.2.254 | Inspecting interface eth1 | found eth1 with address 192.1.2.23 Kernel supports NIC esp-hw-offload adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface eth1/eth1 192.1.2.23:4500 adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.254:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface eth0/eth0 192.0.2.254:4500 adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface lo/lo 127.0.0.1:4500 | no interfaces to sort | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations | add_fd_read_event_handler: new ethX-pe@0x557c468e8020 | libevent_malloc: new ptr-libevent@0x557c468e8060 size 128 | libevent_malloc: new ptr-libevent@0x557c468e80f0 size 16 | setup callback for interface lo 127.0.0.1:4500 fd 22 | add_fd_read_event_handler: new ethX-pe@0x557c468e8110 | libevent_malloc: new ptr-libevent@0x557c468e8150 size 128 | libevent_malloc: new ptr-libevent@0x557c468e81e0 size 16 | setup callback for interface lo 127.0.0.1:500 fd 21 | add_fd_read_event_handler: new ethX-pe@0x557c468e8200 | libevent_malloc: new ptr-libevent@0x557c468e8240 size 128 | libevent_malloc: new ptr-libevent@0x557c468e82d0 size 16 | setup callback for interface eth0 192.0.2.254:4500 fd 20 | add_fd_read_event_handler: new ethX-pe@0x557c468e82f0 | libevent_malloc: new ptr-libevent@0x557c468e8330 size 128 | libevent_malloc: new ptr-libevent@0x557c468e83c0 size 16 | setup callback for interface eth0 192.0.2.254:500 fd 19 | add_fd_read_event_handler: new ethX-pe@0x557c468e83e0 | libevent_malloc: new ptr-libevent@0x557c468e8420 size 128 | libevent_malloc: new ptr-libevent@0x557c468e84b0 size 16 | setup callback for interface eth1 192.1.2.23:4500 fd 18 | add_fd_read_event_handler: new ethX-pe@0x557c468e84d0 | libevent_malloc: new ptr-libevent@0x557c468e8510 size 128 | libevent_malloc: new ptr-libevent@0x557c468e85a0 size 16 | setup callback for interface eth1 192.1.2.23:500 fd 17 | certs and keys locked by 'free_preshared_secrets' | certs and keys unlocked by 'free_preshared_secrets' loading secrets from "/etc/ipsec.secrets" | id type added to secret(0x557c468dd5e0) PKK_PSK: @east | id type added to secret(0x557c468dd5e0) PKK_PSK: @west | Processing PSK at line 1: passed | certs and keys locked by 'process_secret' | certs and keys unlocked by 'process_secret' | pluto_sd: executing action action: ready(5), status 0 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.575 milliseconds in whack | starting up helper thread 1 | status value returned by setting the priority of this thread (crypto helper 1) 22 | crypto helper 1 waiting (nothing to do) | starting up helper thread 2 | status value returned by setting the priority of this thread (crypto helper 2) 22 | crypto helper 2 waiting (nothing to do) | starting up helper thread 0 | status value returned by setting the priority of this thread (crypto helper 0) 22 | crypto helper 0 waiting (nothing to do) | starting up helper thread 3 | status value returned by setting the priority of this thread (crypto helper 3) 22 | crypto helper 3 waiting (nothing to do) | starting up helper thread 4 | status value returned by setting the priority of this thread (crypto helper 4) 22 | crypto helper 4 waiting (nothing to do) | starting up helper thread 5 | status value returned by setting the priority of this thread (crypto helper 5) 22 | crypto helper 5 waiting (nothing to do) | starting up helper thread 6 | status value returned by setting the priority of this thread (crypto helper 6) 22 | crypto helper 6 waiting (nothing to do) | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | pluto_sd: executing action action: reloading(4), status 0 listening for IKE messages | Inspecting interface lo | found lo with address 127.0.0.1 | Inspecting interface eth0 | found eth0 with address 192.0.2.254 | Inspecting interface eth1 | found eth1 with address 192.1.2.23 | no interfaces to sort | libevent_free: release ptr-libevent@0x557c468e8060 | free_event_entry: release EVENT_NULL-pe@0x557c468e8020 | add_fd_read_event_handler: new ethX-pe@0x557c468e8020 | libevent_malloc: new ptr-libevent@0x557c468e8060 size 128 | setup callback for interface lo 127.0.0.1:4500 fd 22 | libevent_free: release ptr-libevent@0x557c468e8150 | free_event_entry: release EVENT_NULL-pe@0x557c468e8110 | add_fd_read_event_handler: new ethX-pe@0x557c468e8110 | libevent_malloc: new ptr-libevent@0x557c468e8150 size 128 | setup callback for interface lo 127.0.0.1:500 fd 21 | libevent_free: release ptr-libevent@0x557c468e8240 | free_event_entry: release EVENT_NULL-pe@0x557c468e8200 | add_fd_read_event_handler: new ethX-pe@0x557c468e8200 | libevent_malloc: new ptr-libevent@0x557c468e8240 size 128 | setup callback for interface eth0 192.0.2.254:4500 fd 20 | libevent_free: release ptr-libevent@0x557c468e8330 | free_event_entry: release EVENT_NULL-pe@0x557c468e82f0 | add_fd_read_event_handler: new ethX-pe@0x557c468e82f0 | libevent_malloc: new ptr-libevent@0x557c468e8330 size 128 | setup callback for interface eth0 192.0.2.254:500 fd 19 | libevent_free: release ptr-libevent@0x557c468e8420 | free_event_entry: release EVENT_NULL-pe@0x557c468e83e0 | add_fd_read_event_handler: new ethX-pe@0x557c468e83e0 | libevent_malloc: new ptr-libevent@0x557c468e8420 size 128 | setup callback for interface eth1 192.1.2.23:4500 fd 18 | libevent_free: release ptr-libevent@0x557c468e8510 | free_event_entry: release EVENT_NULL-pe@0x557c468e84d0 | add_fd_read_event_handler: new ethX-pe@0x557c468e84d0 | libevent_malloc: new ptr-libevent@0x557c468e8510 size 128 | setup callback for interface eth1 192.1.2.23:500 fd 17 | certs and keys locked by 'free_preshared_secrets' forgetting secrets | certs and keys unlocked by 'free_preshared_secrets' loading secrets from "/etc/ipsec.secrets" | id type added to secret(0x557c468dd5e0) PKK_PSK: @east | id type added to secret(0x557c468dd5e0) PKK_PSK: @west | Processing PSK at line 1: passed | certs and keys locked by 'process_secret' | certs and keys unlocked by 'process_secret' | pluto_sd: executing action action: ready(5), status 0 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.284 milliseconds in whack | processing signal PLUTO_SIGCHLD | waitpid returned pid 8950 (exited with status 0) | reaped addconn helper child (status 0) | waitpid returned ECHILD (no child processes left) | spent 0.0143 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection east with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_CBC_128-HMAC_SHA1-MODP2048, 3DES_CBC-HMAC_SHA1-MODP2048 | from whack: got --esp=aes128-sha1;modp2048,3des-sha1;modp2048 | ESP/AH string values: AES_CBC_128-HMAC_SHA1_96-MODP2048, 3DES_CBC-HMAC_SHA1_96-MODP2048 | counting wild cards for @west is 0 | counting wild cards for @east is 0 | connect_to_host_pair: 192.1.2.23:500 192.1.2.45:500 -> hp@(nil): none | new hp@0x557c468b49f0 added connection description "east" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.2.0/24===192.1.2.23<192.1.2.23>[@east]...192.1.2.45<192.1.2.45>[@west]===192.0.1.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.143 milliseconds in whack | spent 0.00299 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 39 8e 7c f7 c4 ba 85 ba 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 45 ad 5c 1c 07 fa b3 b7 ed 12 9f a0 | bf 27 a5 3e fb cf f2 41 4a eb 76 f6 1d c4 cf 69 | e4 95 d5 90 ed 02 a5 61 75 d5 6d 76 f2 da 92 1d | ac 57 b4 1f 22 bc 97 c0 ac 3d 48 43 0d b6 44 f9 | 62 61 3e 8a a4 ac 9a f7 03 4d 68 47 3d d7 c9 81 | 3a a6 44 26 b2 4a 74 ef e9 19 a7 ee b0 cb 08 fd | aa 65 c5 71 a8 5a ca 30 bb 63 69 e6 b1 6d c2 f7 | 4f 0b 5c 39 40 39 8e 22 2c e0 a5 ea f7 cb 5b 65 | aa f6 3e 98 c1 5b 3a 9f 84 8c b3 d2 92 2c bd d4 | 7a 7f 64 7f a7 c5 28 4a fb d0 1e 1d d0 4b 84 2e | 8e 27 57 68 75 30 4f 53 2c 5e 4c 5f ef c1 1e a1 | 87 c2 9e 16 95 97 be 4f bd 01 c3 11 09 6f d2 58 | 18 26 d0 47 a9 a5 88 ba 2b 48 03 c4 2d 32 60 f7 | 71 9c 10 41 dc 68 69 b9 24 8d 78 48 db cf be 9f | 20 4e 59 93 f2 d0 d6 cb d9 ee 0a 61 01 e2 c9 fa | 95 84 ab d2 5b 42 f7 1e cf 19 04 a3 b9 f0 90 38 | db fe 61 02 29 00 00 24 b7 cd 8a 86 f0 01 6d 5a | c6 31 bf 73 c2 a1 9f f2 9e 4d 11 62 f6 6b 97 cf | c6 be bf e4 57 7a ad d1 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 96 22 89 1d 49 b2 3b df | 8b 3e fa 3e e5 2b e2 0d ee 3a b4 a8 00 00 00 1c | 00 00 40 05 04 03 d7 1e 1f ac 4c 62 a7 2f 76 46 | 69 6a 75 33 a2 b7 6a d7 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 39 8e 7c f7 c4 ba 85 ba | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | find_next_host_connection policy=PSK+IKEV2_ALLOW | find_next_host_connection returns empty | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x557c468e9610 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x557c448e7700 (length 32) | b3 4d 7f 00 5e 96 ec 2b 24 17 98 2c 30 c4 0b 6f | 32 2a a8 67 4e 25 c8 f6 c6 25 a4 e9 5e fb 8a 57 | IKE SPIr hash sha2_256 digest counter-bytes@0x557c448e76e0 (length 4) | 01 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7fff72f59390 (length 32) | ca d8 bc 42 bd 8c 6a 15 97 93 6e 5a c4 bc 7b dc | 08 42 22 c0 89 b6 6c 0e a5 f9 e9 44 78 16 1e 3c | creating state object #1 at 0x557c468eac10 | State DB: adding IKEv2 state #1 in UNDEFINED | pstats #1 ikev2.ike started | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #1: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #1 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #1 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) | constructing local IKE proposals for east (IKE SA responder matching remote proposals) | converting ike_info AES_CBC_128-HMAC_SHA1-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | converting ike_info 3DES_CBC-HMAC_SHA1-MODP2048 to ikev2 ... | omitting IKEv2 PROTO_v2_IKE 3des_cbc ENCRYPT transform key-length | ... ikev2_proposal: 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "east": constructed local IKE proposals for east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 2 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH | remote proposal 1 matches local proposal 1 "east" #1: proposal 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048[first-match] | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | PRF ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1 | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | DH public value received: | 45 ad 5c 1c 07 fa b3 b7 ed 12 9f a0 bf 27 a5 3e | fb cf f2 41 4a eb 76 f6 1d c4 cf 69 e4 95 d5 90 | ed 02 a5 61 75 d5 6d 76 f2 da 92 1d ac 57 b4 1f | 22 bc 97 c0 ac 3d 48 43 0d b6 44 f9 62 61 3e 8a | a4 ac 9a f7 03 4d 68 47 3d d7 c9 81 3a a6 44 26 | b2 4a 74 ef e9 19 a7 ee b0 cb 08 fd aa 65 c5 71 | a8 5a ca 30 bb 63 69 e6 b1 6d c2 f7 4f 0b 5c 39 | 40 39 8e 22 2c e0 a5 ea f7 cb 5b 65 aa f6 3e 98 | c1 5b 3a 9f 84 8c b3 d2 92 2c bd d4 7a 7f 64 7f | a7 c5 28 4a fb d0 1e 1d d0 4b 84 2e 8e 27 57 68 | 75 30 4f 53 2c 5e 4c 5f ef c1 1e a1 87 c2 9e 16 | 95 97 be 4f bd 01 c3 11 09 6f d2 58 18 26 d0 47 | a9 a5 88 ba 2b 48 03 c4 2d 32 60 f7 71 9c 10 41 | dc 68 69 b9 24 8d 78 48 db cf be 9f 20 4e 59 93 | f2 d0 d6 cb d9 ee 0a 61 01 e2 c9 fa 95 84 ab d2 | 5b 42 f7 1e cf 19 04 a3 b9 f0 90 38 db fe 61 02 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff72f58d90 (length 8) | 39 8e 7c f7 c4 ba 85 ba | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff72f58d98 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff72f58d24 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff72f58d16 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff72f58da0 (length 20) | 04 03 d7 1e 1f ac 4c 62 a7 2f 76 46 69 6a 75 33 | a2 b7 6a d7 | natd_hash: hasher=0x557c448ca7a0(20) | natd_hash: icookie= 39 8e 7c f7 c4 ba 85 ba | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 04 03 d7 1e 1f ac 4c 62 a7 2f 76 46 69 6a 75 33 | natd_hash: hash= a2 b7 6a d7 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff72f58d90 (length 8) | 39 8e 7c f7 c4 ba 85 ba | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff72f58d98 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff72f58d24 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff72f58d16 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff72f58dc0 (length 20) | 96 22 89 1d 49 b2 3b df 8b 3e fa 3e e5 2b e2 0d | ee 3a b4 a8 | natd_hash: hasher=0x557c448ca7a0(20) | natd_hash: icookie= 39 8e 7c f7 c4 ba 85 ba | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 96 22 89 1d 49 b2 3b df 8b 3e fa 3e e5 2b e2 0d | natd_hash: hash= ee 3a b4 a8 | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.45 | adding ikev2_inI1outR1 KE work-order 1 for state #1 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x557c468eab40 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x557c468ec630 size 128 | #1 spent 0.311 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND | suspending state #1 and saving MD | #1 is busy; has a suspended MD | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3266) | "east" #1 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | stop processing: state #1 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #1 spent 0.705 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.715 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 1 resuming | crypto helper 1 starting work-order 1 for state #1 | crypto helper 1 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 1 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7efeb4000d60: created | NSS: Local DH MODP2048 secret (pointer): 0x7efeb4000d60 | NSS: Public DH wire value: | a3 f6 ac 2c 72 e6 34 da ce cb 9f cf ed e3 d7 95 | 5d bd 1f e3 90 10 5b b1 bc 90 14 2e fb 5a 7a 26 | d6 94 b3 97 70 40 56 5c 7c 76 ee d1 61 1b 64 29 | 03 14 1f ed 0f c1 ac f4 69 c0 00 17 15 f4 34 a1 | 9e e2 c8 f4 6a b4 bb 79 f0 84 fe 7b 4b df d2 9f | fc a0 b5 82 69 c7 4d 14 1f 51 6d 0e 34 b7 c2 33 | a9 93 e3 c6 5f 54 cf 37 ff ac 1a 45 1b e3 8c 5a | 28 e6 20 fa f8 17 64 ae bb 3e b6 82 f9 3c a8 7f | 2d e6 33 c0 cf 9a bd 9d aa 3e 82 1a 4c 7a 61 5f | 90 f8 56 3e 40 35 28 4b 8a 63 e9 56 0e 7a 4c b2 | 0d 63 63 f2 b6 cc 7d 7a d5 b7 b3 82 8c 5f 1b f6 | 63 d1 78 1f 67 68 cb 7d 1a 6e bb 71 e9 17 87 ac | 7d 97 6d 64 71 21 7d 6d 7c a2 d2 fe 08 ac 89 28 | 63 de 9e 7c 7e 84 f6 13 9d 47 f9 3d 89 b0 64 ff | 5b c1 46 c0 4e e7 de 4f 65 07 29 3e 85 be f0 61 | 96 8a f1 e5 ab ed 73 06 3b 2c aa 81 61 30 04 92 | Generated nonce: 3f 9b e3 5c 66 a1 00 89 b9 63 c0 be 47 a6 20 17 | Generated nonce: 16 81 86 ad 51 d3 62 1d a3 d7 61 ff 7c 32 a0 1b | crypto helper 1 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 1 time elapsed 0.001122 seconds | (#1) spent 1.12 milliseconds in crypto helper computing work-order 1: ikev2_inI1outR1 KE (pcr) | crypto helper 1 sending results from work-order 1 for state #1 to event queue | scheduling resume sending helper answer for #1 | libevent_malloc: new ptr-libevent@0x7efeb4006900 size 128 | crypto helper 1 waiting (nothing to do) | processing resume sending helper answer for #1 | start processing: state #1 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 1 replies to request ID 1 | calling continuation function 0x557c447f4630 | ikev2_parent_inI1outR1_continue for #1: calculated ke+nonce, sending R1 | **emit ISAKMP Message: | initiator cookie: | 39 8e 7c f7 c4 ba 85 ba | responder cookie: | ca d8 bc 42 bd 8c 6a 15 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Emitting ikev2_proposal ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7efeb4000d60: transferring ownership from helper KE to state #1 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x a3 f6 ac 2c 72 e6 34 da ce cb 9f cf ed e3 d7 95 | ikev2 g^x 5d bd 1f e3 90 10 5b b1 bc 90 14 2e fb 5a 7a 26 | ikev2 g^x d6 94 b3 97 70 40 56 5c 7c 76 ee d1 61 1b 64 29 | ikev2 g^x 03 14 1f ed 0f c1 ac f4 69 c0 00 17 15 f4 34 a1 | ikev2 g^x 9e e2 c8 f4 6a b4 bb 79 f0 84 fe 7b 4b df d2 9f | ikev2 g^x fc a0 b5 82 69 c7 4d 14 1f 51 6d 0e 34 b7 c2 33 | ikev2 g^x a9 93 e3 c6 5f 54 cf 37 ff ac 1a 45 1b e3 8c 5a | ikev2 g^x 28 e6 20 fa f8 17 64 ae bb 3e b6 82 f9 3c a8 7f | ikev2 g^x 2d e6 33 c0 cf 9a bd 9d aa 3e 82 1a 4c 7a 61 5f | ikev2 g^x 90 f8 56 3e 40 35 28 4b 8a 63 e9 56 0e 7a 4c b2 | ikev2 g^x 0d 63 63 f2 b6 cc 7d 7a d5 b7 b3 82 8c 5f 1b f6 | ikev2 g^x 63 d1 78 1f 67 68 cb 7d 1a 6e bb 71 e9 17 87 ac | ikev2 g^x 7d 97 6d 64 71 21 7d 6d 7c a2 d2 fe 08 ac 89 28 | ikev2 g^x 63 de 9e 7c 7e 84 f6 13 9d 47 f9 3d 89 b0 64 ff | ikev2 g^x 5b c1 46 c0 4e e7 de 4f 65 07 29 3e 85 be f0 61 | ikev2 g^x 96 8a f1 e5 ab ed 73 06 3b 2c aa 81 61 30 04 92 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 3f 9b e3 5c 66 a1 00 89 b9 63 c0 be 47 a6 20 17 | IKEv2 nonce 16 81 86 ad 51 d3 62 1d a3 d7 61 ff 7c 32 a0 1b | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff72f592e0 (length 8) | 39 8e 7c f7 c4 ba 85 ba | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff72f592e8 (length 8) | ca d8 bc 42 bd 8c 6a 15 | NATD hash sha digest IP addr-bytes@0x7fff72f59214 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff72f59206 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff72f59290 (length 20) | 29 5d 28 e9 37 37 db b6 bc 59 bf 7c 56 0f 90 86 | 99 66 1d f4 | natd_hash: hasher=0x557c448ca7a0(20) | natd_hash: icookie= 39 8e 7c f7 c4 ba 85 ba | natd_hash: rcookie= ca d8 bc 42 bd 8c 6a 15 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 29 5d 28 e9 37 37 db b6 bc 59 bf 7c 56 0f 90 86 | natd_hash: hash= 99 66 1d f4 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 29 5d 28 e9 37 37 db b6 bc 59 bf 7c 56 0f 90 86 | Notify data 99 66 1d f4 | emitting length of IKEv2 Notify Payload: 28 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff72f592e0 (length 8) | 39 8e 7c f7 c4 ba 85 ba | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff72f592e8 (length 8) | ca d8 bc 42 bd 8c 6a 15 | NATD hash sha digest IP addr-bytes@0x7fff72f59214 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff72f59206 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff72f59290 (length 20) | 15 86 98 fc 21 7a 01 4c 16 fd 61 19 90 68 46 b1 | 04 2b f0 90 | natd_hash: hasher=0x557c448ca7a0(20) | natd_hash: icookie= 39 8e 7c f7 c4 ba 85 ba | natd_hash: rcookie= ca d8 bc 42 bd 8c 6a 15 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 15 86 98 fc 21 7a 01 4c 16 fd 61 19 90 68 46 b1 | natd_hash: hash= 04 2b f0 90 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 15 86 98 fc 21 7a 01 4c 16 fd 61 19 90 68 46 b1 | Notify data 04 2b f0 90 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 | parent state #1: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) | Message ID: updating counters for #1 to 0 after switching state | Message ID: recv #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 | Message ID: sent #1 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 "east" #1: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_CBC_128 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP2048} | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) | sending 440 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) | 39 8e 7c f7 c4 ba 85 ba ca d8 bc 42 bd 8c 6a 15 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 a3 f6 ac 2c 72 e6 34 da ce cb 9f cf | ed e3 d7 95 5d bd 1f e3 90 10 5b b1 bc 90 14 2e | fb 5a 7a 26 d6 94 b3 97 70 40 56 5c 7c 76 ee d1 | 61 1b 64 29 03 14 1f ed 0f c1 ac f4 69 c0 00 17 | 15 f4 34 a1 9e e2 c8 f4 6a b4 bb 79 f0 84 fe 7b | 4b df d2 9f fc a0 b5 82 69 c7 4d 14 1f 51 6d 0e | 34 b7 c2 33 a9 93 e3 c6 5f 54 cf 37 ff ac 1a 45 | 1b e3 8c 5a 28 e6 20 fa f8 17 64 ae bb 3e b6 82 | f9 3c a8 7f 2d e6 33 c0 cf 9a bd 9d aa 3e 82 1a | 4c 7a 61 5f 90 f8 56 3e 40 35 28 4b 8a 63 e9 56 | 0e 7a 4c b2 0d 63 63 f2 b6 cc 7d 7a d5 b7 b3 82 | 8c 5f 1b f6 63 d1 78 1f 67 68 cb 7d 1a 6e bb 71 | e9 17 87 ac 7d 97 6d 64 71 21 7d 6d 7c a2 d2 fe | 08 ac 89 28 63 de 9e 7c 7e 84 f6 13 9d 47 f9 3d | 89 b0 64 ff 5b c1 46 c0 4e e7 de 4f 65 07 29 3e | 85 be f0 61 96 8a f1 e5 ab ed 73 06 3b 2c aa 81 | 61 30 04 92 29 00 00 24 3f 9b e3 5c 66 a1 00 89 | b9 63 c0 be 47 a6 20 17 16 81 86 ad 51 d3 62 1d | a3 d7 61 ff 7c 32 a0 1b 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 29 5d 28 e9 37 37 db b6 | bc 59 bf 7c 56 0f 90 86 99 66 1d f4 00 00 00 1c | 00 00 40 05 15 86 98 fc 21 7a 01 4c 16 fd 61 19 | 90 68 46 b1 04 2b f0 90 | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x557c468ec630 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x557c468eab40 | event_schedule: new EVENT_SO_DISCARD-pe@0x557c468eab40 | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #1 | libevent_malloc: new ptr-libevent@0x557c468ec630 size 128 | resume sending helper answer for #1 suppresed complete_v2_state_transition() | #1 spent 0.513 milliseconds in resume sending helper answer | stop processing: state #1 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7efeb4006900 | spent 0.00276 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 220 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 39 8e 7c f7 c4 ba 85 ba ca d8 bc 42 bd 8c 6a 15 | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | 84 14 c4 32 bc 77 9f 53 68 7c cd 14 3b 1c 37 f7 | 06 2b be 24 9f 77 ef 78 55 d8 e2 d9 e7 39 ed 56 | 86 90 d8 16 00 37 68 4b 3c 6a c1 03 da 4d 9f cf | b5 7b f2 5f 5f 09 60 70 51 63 f2 8e 0c 29 5c cc | ba 2c db 7e 3e 8f 27 b4 41 82 3c a2 2e 69 26 37 | eb 13 53 17 a4 01 d6 39 87 71 1f a9 4f 08 1b ae | bd 98 44 09 18 0d ec 09 01 62 e5 1f 98 36 aa 1c | cf 58 66 0a c3 53 6e b6 5b 0e 91 de 28 62 e7 c5 | e5 e4 9d 26 23 5d 4b 5b 2a 96 97 1d a5 8b e1 e7 | 49 66 b0 0f 00 20 70 47 c3 9b 68 ec c6 51 a8 25 | e5 2a fa 84 3d ab 26 55 4f 7f b5 5e 92 4d b9 a1 | 78 cc da 6a 78 7e 85 2a 16 d7 18 64 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 39 8e 7c f7 c4 ba 85 ba | responder cookie: | ca d8 bc 42 bd 8c 6a 15 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | length: 220 (0xdc) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) | start processing: state #1 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | length: 192 (0xc0) | processing payload: ISAKMP_NEXT_v2SK (len=188) | Message ID: start-responder #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 | #1 in state PARENT_R1: received v2I1, sent v2R1 | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) | Now let's proceed with state specific processing | calling processor Responder: process IKE_AUTH request (no SKEYSEED) | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA1 integ=HMAC_SHA1_96 cipherkey=AES_CBC | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7efeb4000d60: transferring ownership from state #1 to helper IKEv2 DH | adding ikev2_inI2outR2 KE work-order 2 for state #1 | state #1 requesting EVENT_SO_DISCARD to be deleted | libevent_free: release ptr-libevent@0x557c468ec630 | free_event_entry: release EVENT_SO_DISCARD-pe@0x557c468eab40 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x557c468eab40 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x557c468ec630 size 128 | #1 spent 0.0323 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet() | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #1 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND | suspending state #1 and saving MD | #1 is busy; has a suspended MD | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3266) | "east" #1 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | stop processing: state #1 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #1 spent 0.178 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.188 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 2 resuming | crypto helper 2 starting work-order 2 for state #1 | crypto helper 2 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 | peer's g: 45 ad 5c 1c 07 fa b3 b7 ed 12 9f a0 bf 27 a5 3e | peer's g: fb cf f2 41 4a eb 76 f6 1d c4 cf 69 e4 95 d5 90 | peer's g: ed 02 a5 61 75 d5 6d 76 f2 da 92 1d ac 57 b4 1f | peer's g: 22 bc 97 c0 ac 3d 48 43 0d b6 44 f9 62 61 3e 8a | peer's g: a4 ac 9a f7 03 4d 68 47 3d d7 c9 81 3a a6 44 26 | peer's g: b2 4a 74 ef e9 19 a7 ee b0 cb 08 fd aa 65 c5 71 | peer's g: a8 5a ca 30 bb 63 69 e6 b1 6d c2 f7 4f 0b 5c 39 | peer's g: 40 39 8e 22 2c e0 a5 ea f7 cb 5b 65 aa f6 3e 98 | peer's g: c1 5b 3a 9f 84 8c b3 d2 92 2c bd d4 7a 7f 64 7f | peer's g: a7 c5 28 4a fb d0 1e 1d d0 4b 84 2e 8e 27 57 68 | peer's g: 75 30 4f 53 2c 5e 4c 5f ef c1 1e a1 87 c2 9e 16 | peer's g: 95 97 be 4f bd 01 c3 11 09 6f d2 58 18 26 d0 47 | peer's g: a9 a5 88 ba 2b 48 03 c4 2d 32 60 f7 71 9c 10 41 | peer's g: dc 68 69 b9 24 8d 78 48 db cf be 9f 20 4e 59 93 | peer's g: f2 d0 d6 cb d9 ee 0a 61 01 e2 c9 fa 95 84 ab d2 | peer's g: 5b 42 f7 1e cf 19 04 a3 b9 f0 90 38 db fe 61 02 | Started DH shared-secret computation in NSS: | new : g_ir-key@0x557c468d9650 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7efeb4000d60: computed shared DH secret key@0x557c468d9650 | dh-shared : g^ir-key@0x557c468d9650 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha integ=sha cipherkey-size=16 salt-size=0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha init Ni | Nr-chunk@0x7efeac001ef0 (length 64) | b7 cd 8a 86 f0 01 6d 5a c6 31 bf 73 c2 a1 9f f2 | 9e 4d 11 62 f6 6b 97 cf c6 be bf e4 57 7a ad d1 | 3f 9b e3 5c 66 a1 00 89 b9 63 c0 be 47 a6 20 17 | 16 81 86 ad 51 d3 62 1d a3 d7 61 ff 7c 32 a0 1b | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efebb8a7670 | result: Ni | Nr-key@0x557c468d4560 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x557c468d4560 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebb8a7658 | result: Ni | Nr-key@0x557c468d7990 (64-bytes, SHA_1_HMAC) | Ni | Nr: release tmp-key@0x557c468d4560 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha context 0x7efeac002e80 from Ni | Nr-key@0x557c468d7990 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha with context 0x7efeac002e80 from Ni | Nr-key@0x557c468d7990 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x557c468d7990 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha crypt-prf@0x7efeac0016b0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha update g^ir-key@0x557c468d9650 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x557c468d9650 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x557c468d9650 | nss hmac digest hack: symkey-key@0x557c468d9650 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)-1148554544: fffffff0 2c 0e 11 ffffffc8 5a ffffffd4 05 ffffffa0 4a ffffff8d ffffffa7 57 ffffffe0 fffffff0 5e 20 01 30 2f ffffffee ffffffe3 57 ffffffc0 4f ffffff83 6b ffffff8c 0f 73 6b ffffffd4 ffffffe9 3c 48 ffffffc7 ffffffa7 53 00 5b ffffffff 2b 52 ffffffa5 3f 22 fffffffd ffffffae 69 72 52 ffffff95 ffffff84 ffffffeb 7c ffffffa3 ffffffda 57 ffffffb1 ffffffc2 60 ffffff92 fffffffb 18 ffffffe8 ffffffca fffffff0 7a ffffff89 73 1e ffffffeb 0c 2c 79 ffffffaf ffffffd7 49 ffffffe1 ffffff88 3d ffffffd4 ffffffb0 33 28 50 ffffffce ffffffaa 70 62 4b 70 ffffff9c ffffffd6 3f 79 ffffffff 72 14 4e 2a ffffffcd 00 ffffffa5 6f ffffffb9 35 ffffffa0 14 2f ffffffd6 ffffffaf ffffffd3 ffffffb5 09 ffffff83 47 ffffff90 ffffffbf 4d ffffff89 ffffff84 00 ffffffbd 70 59 4f 4b 18 ffffffee 1e ffffffe2 12 ffffffd6 73 48 ffffffaf ffffffac ffffff97 ffffffd9 3c 00 37 51 ffffffb3 63 ffffffa6 ffffffec 25 6d 75 15 fffffff0 66 2a 7e 1f 40 fffffffc 66 52 ffffff97 ffffffd2 ffffffc2 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 256 bytes at 0x7efeac003dd0 | unwrapped: a5 6d 2c 51 6c 8c de 22 2d ca f4 ae de 99 3c 2b | unwrapped: 8e 0c e9 b3 f8 5a 37 fe b1 f2 12 6e 7e e6 aa bd | unwrapped: 13 38 67 ed 6c 9b 8e 19 90 24 92 04 7d fd 4f 16 | unwrapped: 4b e5 b7 1f 36 24 48 35 06 84 bb 01 42 03 c8 0c | unwrapped: e8 d9 49 78 57 9d 55 ca c1 30 e4 47 a6 fa f1 6a | unwrapped: 34 1c c4 e5 6e 5e 9e 88 5d f0 82 12 f0 b1 12 2c | unwrapped: 5d f4 a9 b3 36 cb 0d b9 5f 17 7a 8b 46 60 53 37 | unwrapped: e8 b1 cf fe 76 10 8f 72 bb 52 88 c3 56 47 57 b7 | unwrapped: 16 eb 37 69 6d 7e 41 54 7f ab 5a 0e a2 d7 c0 fe | unwrapped: b1 3d d8 3a 1e 8c 01 10 ba c4 c7 d5 1b 0e b8 d1 | unwrapped: 2d 8c b1 a3 49 1c 33 9b cc 5a 7c f7 23 d2 3d 6f | unwrapped: 1d a2 4b f2 69 ea b9 a0 3c 51 8d 02 4f 7a 75 42 | unwrapped: c7 23 78 95 cf 44 51 10 6c b2 a1 cf 8a 5e e2 82 | unwrapped: 5b c0 df d2 83 7a 2b 65 b5 6a 9d c4 14 ce be 36 | unwrapped: f5 36 24 17 eb c3 3f c1 dc a1 b6 56 d7 c6 aa 0d | unwrapped: 00 7c bc cf 66 d0 4e d7 21 15 80 a3 6b af 8e 2b | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efebb8a7690 | result: final-key@0x557c468d4560 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x557c468d4560 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebb8a7678 | result: final-key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x557c468d4560 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha final-key@0x557c468d7990 (size 20) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efebb8a7600 | result: data=Ni-key@0x557c468cd410 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x557c468cd410 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebb8a75e8 | result: data=Ni-key@0x557c468d4560 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x557c468cd410 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c468d4560 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7efebb8a75f0 | result: data+=Nr-key@0x557c468cd410 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x557c468d4560 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c468cd410 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7efebb8a75f0 | result: data+=SPIi-key@0x557c468d4560 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x557c468cd410 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c468d4560 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7efebb8a75f0 | result: data+=SPIr-key@0x557c468cd410 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x557c468d4560 | prf+0 PRF sha init key-key@0x557c468d7990 (size 20) | prf+0: key-key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebb8a7518 | result: clone-key@0x557c468d4560 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7efeac002e80 from key-key@0x557c468d4560 | prf+0 prf: begin sha with context 0x7efeac002e80 from key-key@0x557c468d4560 | prf+0: release clone-key@0x557c468d4560 | prf+0 PRF sha crypt-prf@0x7efeac0018a0 | prf+0 PRF sha update seed-key@0x557c468cd410 (size 80) | prf+0: seed-key@0x557c468cd410 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x557c468cd410 | nss hmac digest hack: symkey-key@0x557c468cd410 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1148554912: ffffffcf ffffff8e ffffffbe fffffff4 1a 3e ffffffd4 46 62 ffffffed ffffffd1 ffffffb9 12 ffffffa1 4c 30 55 6b 1f 06 1d 33 39 ffffffea 37 48 0f ffffffa8 ffffffbf ffffffc6 ffffffaf ffffff97 ffffffbc 43 56 37 fffffffb fffffff0 49 01 47 2d 7c 41 1a ffffff82 4f fffffffb ffffffe9 22 ffffffe1 ffffffbe ffffffc6 ffffffbf ffffffb4 ffffffb3 ffffffe5 70 ffffffd2 ffffff82 6c ffffffd6 ffffffd1 19 7b ffffff8c ffffffbd 5b ffffff81 66 25 ffffffeb ffffff96 ffffffd7 ffffffcb 6d ffffffbd 6e 2e 23 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 80 bytes at 0x7efeac0067f0 | unwrapped: b7 cd 8a 86 f0 01 6d 5a c6 31 bf 73 c2 a1 9f f2 | unwrapped: 9e 4d 11 62 f6 6b 97 cf c6 be bf e4 57 7a ad d1 | unwrapped: 3f 9b e3 5c 66 a1 00 89 b9 63 c0 be 47 a6 20 17 | unwrapped: 16 81 86 ad 51 d3 62 1d a3 d7 61 ff 7c 32 a0 1b | unwrapped: 39 8e 7c f7 c4 ba 85 ba ca d8 bc 42 bd 8c 6a 15 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efebb8a7520 | result: final-key@0x557c468dafb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x557c468dafb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebb8a7508 | result: final-key@0x557c468d4560 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x557c468dafb0 | prf+0 PRF sha final-key@0x557c468d4560 (size 20) | prf+0: key-key@0x557c468d4560 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x557c468d4560 | prf+N PRF sha init key-key@0x557c468d7990 (size 20) | prf+N: key-key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebb8a7518 | result: clone-key@0x557c468dafb0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7efeac002e80 from key-key@0x557c468dafb0 | prf+N prf: begin sha with context 0x7efeac002e80 from key-key@0x557c468dafb0 | prf+N: release clone-key@0x557c468dafb0 | prf+N PRF sha crypt-prf@0x7efeac001f40 | prf+N PRF sha update old_t-key@0x557c468d4560 (size 20) | prf+N: old_t-key@0x557c468d4560 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x557c468d4560 | nss hmac digest hack: symkey-key@0x557c468d4560 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1148554912: fffffff4 2a 67 fffffffc 08 ffffffc6 ffffffb4 76 ffffff85 24 ffffffa9 ffffffbe 4d 02 ffffffd9 ffffffa3 ffffffd8 ffffffd3 4a ffffffb3 07 ffffffc8 13 33 1c 77 ffffffa2 0a 5d ffffff8d ffffffa0 fffffff4 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x7efeac006850 | unwrapped: 76 d5 fe 4d 5e 4e d0 1b 0e 2e a4 c4 ed eb b3 d0 | unwrapped: 65 87 ee af 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x557c468cd410 (size 80) | prf+N: seed-key@0x557c468cd410 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x557c468cd410 | nss hmac digest hack: symkey-key@0x557c468cd410 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1148554912: ffffffcf ffffff8e ffffffbe fffffff4 1a 3e ffffffd4 46 62 ffffffed ffffffd1 ffffffb9 12 ffffffa1 4c 30 55 6b 1f 06 1d 33 39 ffffffea 37 48 0f ffffffa8 ffffffbf ffffffc6 ffffffaf ffffff97 ffffffbc 43 56 37 fffffffb fffffff0 49 01 47 2d 7c 41 1a ffffff82 4f fffffffb ffffffe9 22 ffffffe1 ffffffbe ffffffc6 ffffffbf ffffffb4 ffffffb3 ffffffe5 70 ffffffd2 ffffff82 6c ffffffd6 ffffffd1 19 7b ffffff8c ffffffbd 5b ffffff81 66 25 ffffffeb ffffff96 ffffffd7 ffffffcb 6d ffffffbd 6e 2e 23 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 80 bytes at 0x7efeac006790 | unwrapped: b7 cd 8a 86 f0 01 6d 5a c6 31 bf 73 c2 a1 9f f2 | unwrapped: 9e 4d 11 62 f6 6b 97 cf c6 be bf e4 57 7a ad d1 | unwrapped: 3f 9b e3 5c 66 a1 00 89 b9 63 c0 be 47 a6 20 17 | unwrapped: 16 81 86 ad 51 d3 62 1d a3 d7 61 ff 7c 32 a0 1b | unwrapped: 39 8e 7c f7 c4 ba 85 ba ca d8 bc 42 bd 8c 6a 15 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efebb8a7520 | result: final-key@0x557c468cec90 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x557c468cec90 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebb8a7508 | result: final-key@0x557c468dafb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x557c468cec90 | prf+N PRF sha final-key@0x557c468dafb0 (size 20) | prf+N: key-key@0x557c468dafb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c468d4560 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7efebb8a7598 | result: result-key@0x557c468cec90 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x557c468d4560 | prfplus: release old_t[N]-key@0x557c468d4560 | prf+N PRF sha init key-key@0x557c468d7990 (size 20) | prf+N: key-key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebb8a7518 | result: clone-key@0x557c468d4560 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7efeac002e80 from key-key@0x557c468d4560 | prf+N prf: begin sha with context 0x7efeac002e80 from key-key@0x557c468d4560 | prf+N: release clone-key@0x557c468d4560 | prf+N PRF sha crypt-prf@0x7efeac001270 | prf+N PRF sha update old_t-key@0x557c468dafb0 (size 20) | prf+N: old_t-key@0x557c468dafb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x557c468dafb0 | nss hmac digest hack: symkey-key@0x557c468dafb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1148554912: ffffffbf ffffff94 3a 41 4b 52 56 ffffffe9 ffffffb3 ffffffec ffffff8a ffffffea 4a 06 ffffffd2 ffffff82 49 ffffffb9 6e fffffff9 4c 6a 2f 64 4b ffffffbb 46 ffffffbe ffffff9d 40 ffffffd9 ffffffb9 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x7efeac00a0b0 | unwrapped: 26 b8 28 d8 d2 a4 18 2f 5f aa ca 60 49 5e 0c 19 | unwrapped: e7 60 a7 90 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x557c468cd410 (size 80) | prf+N: seed-key@0x557c468cd410 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x557c468cd410 | nss hmac digest hack: symkey-key@0x557c468cd410 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1148554912: ffffffcf ffffff8e ffffffbe fffffff4 1a 3e ffffffd4 46 62 ffffffed ffffffd1 ffffffb9 12 ffffffa1 4c 30 55 6b 1f 06 1d 33 39 ffffffea 37 48 0f ffffffa8 ffffffbf ffffffc6 ffffffaf ffffff97 ffffffbc 43 56 37 fffffffb fffffff0 49 01 47 2d 7c 41 1a ffffff82 4f fffffffb ffffffe9 22 ffffffe1 ffffffbe ffffffc6 ffffffbf ffffffb4 ffffffb3 ffffffe5 70 ffffffd2 ffffff82 6c ffffffd6 ffffffd1 19 7b ffffff8c ffffffbd 5b ffffff81 66 25 ffffffeb ffffff96 ffffffd7 ffffffcb 6d ffffffbd 6e 2e 23 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 80 bytes at 0x7efeac006730 | unwrapped: b7 cd 8a 86 f0 01 6d 5a c6 31 bf 73 c2 a1 9f f2 | unwrapped: 9e 4d 11 62 f6 6b 97 cf c6 be bf e4 57 7a ad d1 | unwrapped: 3f 9b e3 5c 66 a1 00 89 b9 63 c0 be 47 a6 20 17 | unwrapped: 16 81 86 ad 51 d3 62 1d a3 d7 61 ff 7c 32 a0 1b | unwrapped: 39 8e 7c f7 c4 ba 85 ba ca d8 bc 42 bd 8c 6a 15 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efebb8a7520 | result: final-key@0x7efeac0069f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efeac0069f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebb8a7508 | result: final-key@0x557c468d4560 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efeac0069f0 | prf+N PRF sha final-key@0x557c468d4560 (size 20) | prf+N: key-key@0x557c468d4560 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c468cec90 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7efebb8a7598 | result: result-key@0x7efeac0069f0 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x557c468cec90 | prfplus: release old_t[N]-key@0x557c468dafb0 | prf+N PRF sha init key-key@0x557c468d7990 (size 20) | prf+N: key-key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebb8a7518 | result: clone-key@0x557c468dafb0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7efeac002e80 from key-key@0x557c468dafb0 | prf+N prf: begin sha with context 0x7efeac002e80 from key-key@0x557c468dafb0 | prf+N: release clone-key@0x557c468dafb0 | prf+N PRF sha crypt-prf@0x7efeac002010 | prf+N PRF sha update old_t-key@0x557c468d4560 (size 20) | prf+N: old_t-key@0x557c468d4560 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x557c468d4560 | nss hmac digest hack: symkey-key@0x557c468d4560 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1148554912: ffffff9c ffffff9d 18 ffffffd7 fffffff5 2d ffffffcd 73 3b ffffffc1 ffffffe0 ffffffa7 ffffff9b ffffffd8 ffffffd5 ffffff9d ffffffeb ffffffa7 43 52 4b fffffff8 fffffff1 fffffff2 26 ffffffb1 ffffffc4 1a ffffff82 2f 15 fffffff5 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x7efeac00a400 | unwrapped: 41 ba 57 f1 0c 61 ce 4a b0 b7 55 dd 55 52 ad 41 | unwrapped: 63 24 52 9e 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x557c468cd410 (size 80) | prf+N: seed-key@0x557c468cd410 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x557c468cd410 | nss hmac digest hack: symkey-key@0x557c468cd410 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1148554912: ffffffcf ffffff8e ffffffbe fffffff4 1a 3e ffffffd4 46 62 ffffffed ffffffd1 ffffffb9 12 ffffffa1 4c 30 55 6b 1f 06 1d 33 39 ffffffea 37 48 0f ffffffa8 ffffffbf ffffffc6 ffffffaf ffffff97 ffffffbc 43 56 37 fffffffb fffffff0 49 01 47 2d 7c 41 1a ffffff82 4f fffffffb ffffffe9 22 ffffffe1 ffffffbe ffffffc6 ffffffbf ffffffb4 ffffffb3 ffffffe5 70 ffffffd2 ffffff82 6c ffffffd6 ffffffd1 19 7b ffffff8c ffffffbd 5b ffffff81 66 25 ffffffeb ffffff96 ffffffd7 ffffffcb 6d ffffffbd 6e 2e 23 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 80 bytes at 0x7efeac005030 | unwrapped: b7 cd 8a 86 f0 01 6d 5a c6 31 bf 73 c2 a1 9f f2 | unwrapped: 9e 4d 11 62 f6 6b 97 cf c6 be bf e4 57 7a ad d1 | unwrapped: 3f 9b e3 5c 66 a1 00 89 b9 63 c0 be 47 a6 20 17 | unwrapped: 16 81 86 ad 51 d3 62 1d a3 d7 61 ff 7c 32 a0 1b | unwrapped: 39 8e 7c f7 c4 ba 85 ba ca d8 bc 42 bd 8c 6a 15 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efebb8a7520 | result: final-key@0x557c468cec90 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x557c468cec90 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebb8a7508 | result: final-key@0x557c468dafb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x557c468cec90 | prf+N PRF sha final-key@0x557c468dafb0 (size 20) | prf+N: key-key@0x557c468dafb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7efeac0069f0 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7efebb8a7598 | result: result-key@0x557c468cec90 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7efeac0069f0 | prfplus: release old_t[N]-key@0x557c468d4560 | prf+N PRF sha init key-key@0x557c468d7990 (size 20) | prf+N: key-key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebb8a7518 | result: clone-key@0x557c468d4560 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7efeac002e80 from key-key@0x557c468d4560 | prf+N prf: begin sha with context 0x7efeac002e80 from key-key@0x557c468d4560 | prf+N: release clone-key@0x557c468d4560 | prf+N PRF sha crypt-prf@0x7efeac001270 | prf+N PRF sha update old_t-key@0x557c468dafb0 (size 20) | prf+N: old_t-key@0x557c468dafb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x557c468dafb0 | nss hmac digest hack: symkey-key@0x557c468dafb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1148554912: ffffffcc 77 ffffffb0 0b ffffffc3 fffffff8 5b 77 0c 04 57 62 ffffffc7 55 5b 03 fffffffb 28 01 57 37 05 00 3e 19 fffffffd 55 ffffffa0 57 ffffffc6 ffffff88 ffffffb6 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x7efeac00a3d0 | unwrapped: 86 b0 a4 e3 d8 95 79 4d 8c 09 92 b1 93 19 4a df | unwrapped: 78 bc 8d ac 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x557c468cd410 (size 80) | prf+N: seed-key@0x557c468cd410 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x557c468cd410 | nss hmac digest hack: symkey-key@0x557c468cd410 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1148554912: ffffffcf ffffff8e ffffffbe fffffff4 1a 3e ffffffd4 46 62 ffffffed ffffffd1 ffffffb9 12 ffffffa1 4c 30 55 6b 1f 06 1d 33 39 ffffffea 37 48 0f ffffffa8 ffffffbf ffffffc6 ffffffaf ffffff97 ffffffbc 43 56 37 fffffffb fffffff0 49 01 47 2d 7c 41 1a ffffff82 4f fffffffb ffffffe9 22 ffffffe1 ffffffbe ffffffc6 ffffffbf ffffffb4 ffffffb3 ffffffe5 70 ffffffd2 ffffff82 6c ffffffd6 ffffffd1 19 7b ffffff8c ffffffbd 5b ffffff81 66 25 ffffffeb ffffff96 ffffffd7 ffffffcb 6d ffffffbd 6e 2e 23 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 80 bytes at 0x7efeac00a430 | unwrapped: b7 cd 8a 86 f0 01 6d 5a c6 31 bf 73 c2 a1 9f f2 | unwrapped: 9e 4d 11 62 f6 6b 97 cf c6 be bf e4 57 7a ad d1 | unwrapped: 3f 9b e3 5c 66 a1 00 89 b9 63 c0 be 47 a6 20 17 | unwrapped: 16 81 86 ad 51 d3 62 1d a3 d7 61 ff 7c 32 a0 1b | unwrapped: 39 8e 7c f7 c4 ba 85 ba ca d8 bc 42 bd 8c 6a 15 | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efebb8a7520 | result: final-key@0x7efeac0069f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efeac0069f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebb8a7508 | result: final-key@0x557c468d4560 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efeac0069f0 | prf+N PRF sha final-key@0x557c468d4560 (size 20) | prf+N: key-key@0x557c468d4560 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c468cec90 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7efebb8a7598 | result: result-key@0x7efeac0069f0 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x557c468cec90 | prfplus: release old_t[N]-key@0x557c468dafb0 | prf+N PRF sha init key-key@0x557c468d7990 (size 20) | prf+N: key-key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebb8a7518 | result: clone-key@0x557c468dafb0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7efeac009f20 from key-key@0x557c468dafb0 | prf+N prf: begin sha with context 0x7efeac009f20 from key-key@0x557c468dafb0 | prf+N: release clone-key@0x557c468dafb0 | prf+N PRF sha crypt-prf@0x7efeac002010 | prf+N PRF sha update old_t-key@0x557c468d4560 (size 20) | prf+N: old_t-key@0x557c468d4560 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x557c468d4560 | nss hmac digest hack: symkey-key@0x557c468d4560 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1148554912: ffffffda 23 35 ffffffbf 04 ffffff82 0a ffffff9b 4f 5f 3d 16 ffffff99 3f 43 72 63 60 ffffffa4 ffffffd9 4e 53 ffffff9d 7f ffffffe4 11 ffffffca ffffffa5 ffffffcc ffffffd0 79 ffffff9f | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x7efeac00a380 | unwrapped: d0 b7 c1 82 7a e8 61 45 c2 97 ac b9 6b d8 e6 30 | unwrapped: 05 42 67 ba 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x557c468cd410 (size 80) | prf+N: seed-key@0x557c468cd410 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x557c468cd410 | nss hmac digest hack: symkey-key@0x557c468cd410 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1148554912: ffffffcf ffffff8e ffffffbe fffffff4 1a 3e ffffffd4 46 62 ffffffed ffffffd1 ffffffb9 12 ffffffa1 4c 30 55 6b 1f 06 1d 33 39 ffffffea 37 48 0f ffffffa8 ffffffbf ffffffc6 ffffffaf ffffff97 ffffffbc 43 56 37 fffffffb fffffff0 49 01 47 2d 7c 41 1a ffffff82 4f fffffffb ffffffe9 22 ffffffe1 ffffffbe ffffffc6 ffffffbf ffffffb4 ffffffb3 ffffffe5 70 ffffffd2 ffffff82 6c ffffffd6 ffffffd1 19 7b ffffff8c ffffffbd 5b ffffff81 66 25 ffffffeb ffffff96 ffffffd7 ffffffcb 6d ffffffbd 6e 2e 23 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 80 bytes at 0x7efeac006790 | unwrapped: b7 cd 8a 86 f0 01 6d 5a c6 31 bf 73 c2 a1 9f f2 | unwrapped: 9e 4d 11 62 f6 6b 97 cf c6 be bf e4 57 7a ad d1 | unwrapped: 3f 9b e3 5c 66 a1 00 89 b9 63 c0 be 47 a6 20 17 | unwrapped: 16 81 86 ad 51 d3 62 1d a3 d7 61 ff 7c 32 a0 1b | unwrapped: 39 8e 7c f7 c4 ba 85 ba ca d8 bc 42 bd 8c 6a 15 | prf+N PRF sha update N++-byte@0x6 (6) | 06 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efebb8a7520 | result: final-key@0x557c468cec90 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x557c468cec90 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebb8a7508 | result: final-key@0x557c468dafb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x557c468cec90 | prf+N PRF sha final-key@0x557c468dafb0 (size 20) | prf+N: key-key@0x557c468dafb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7efeac0069f0 (100-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7efebb8a7598 | result: result-key@0x557c468cec90 (120-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7efeac0069f0 | prfplus: release old_t[N]-key@0x557c468d4560 | prf+N PRF sha init key-key@0x557c468d7990 (size 20) | prf+N: key-key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebb8a7518 | result: clone-key@0x557c468d4560 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7efeac002e80 from key-key@0x557c468d4560 | prf+N prf: begin sha with context 0x7efeac002e80 from key-key@0x557c468d4560 | prf+N: release clone-key@0x557c468d4560 | prf+N PRF sha crypt-prf@0x7efeac001270 | prf+N PRF sha update old_t-key@0x557c468dafb0 (size 20) | prf+N: old_t-key@0x557c468dafb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x557c468dafb0 | nss hmac digest hack: symkey-key@0x557c468dafb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1148554912: ffffffd8 ffffffb8 47 ffffffed 4e ffffffb5 ffffffd8 ffffff8e ffffffbf 45 70 fffffffb ffffffec 69 ffffffd6 ffffffe4 fffffffa 07 5a 4b 11 09 fffffff2 22 2c ffffffca 28 36 0f 14 34 69 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x7efeac00a5c0 | unwrapped: 4c 45 0c 57 d2 db ec 03 a1 86 49 41 35 9c 14 2a | unwrapped: 77 77 49 59 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x557c468cd410 (size 80) | prf+N: seed-key@0x557c468cd410 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x557c468cd410 | nss hmac digest hack: symkey-key@0x557c468cd410 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1148554912: ffffffcf ffffff8e ffffffbe fffffff4 1a 3e ffffffd4 46 62 ffffffed ffffffd1 ffffffb9 12 ffffffa1 4c 30 55 6b 1f 06 1d 33 39 ffffffea 37 48 0f ffffffa8 ffffffbf ffffffc6 ffffffaf ffffff97 ffffffbc 43 56 37 fffffffb fffffff0 49 01 47 2d 7c 41 1a ffffff82 4f fffffffb ffffffe9 22 ffffffe1 ffffffbe ffffffc6 ffffffbf ffffffb4 ffffffb3 ffffffe5 70 ffffffd2 ffffff82 6c ffffffd6 ffffffd1 19 7b ffffff8c ffffffbd 5b ffffff81 66 25 ffffffeb ffffff96 ffffffd7 ffffffcb 6d ffffffbd 6e 2e 23 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 80 bytes at 0x7efeac00a430 | unwrapped: b7 cd 8a 86 f0 01 6d 5a c6 31 bf 73 c2 a1 9f f2 | unwrapped: 9e 4d 11 62 f6 6b 97 cf c6 be bf e4 57 7a ad d1 | unwrapped: 3f 9b e3 5c 66 a1 00 89 b9 63 c0 be 47 a6 20 17 | unwrapped: 16 81 86 ad 51 d3 62 1d a3 d7 61 ff 7c 32 a0 1b | unwrapped: 39 8e 7c f7 c4 ba 85 ba ca d8 bc 42 bd 8c 6a 15 | prf+N PRF sha update N++-byte@0x7 (7) | 07 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efebb8a7520 | result: final-key@0x7efeac0069f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efeac0069f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebb8a7508 | result: final-key@0x557c468d4560 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efeac0069f0 | prf+N PRF sha final-key@0x557c468d4560 (size 20) | prf+N: key-key@0x557c468d4560 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c468cec90 (120-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7efebb8a7598 | result: result-key@0x7efeac0069f0 (140-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x557c468cec90 | prfplus: release old_t[N]-key@0x557c468dafb0 | prfplus: release old_t[final]-key@0x557c468d4560 | ike_sa_keymat: release data-key@0x557c468cd410 | calc_skeyseed_v2: release skeyseed_k-key@0x557c468d7990 | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efeac0069f0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebb8a7738 | result: result-key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 20, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efeac0069f0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebb8a7738 | result: result-key@0x557c468cd410 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 40, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efeac0069f0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebb8a7738 | result: result-key@0x557c468d4560 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 60, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x7efeac0069f0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebb8a7748 | result: SK_ei_k-key@0x557c468dafb0 (16-bytes, AES_CBC) | initiator salt NULL key has no bytes | calc_skeyseed_v2: release initiator-salt-key-key@NULL | key-offset: 76, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x7efeac0069f0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebb8a7748 | result: SK_er_k-key@0x557c468cec90 (16-bytes, AES_CBC) | responder salt NULL key has no bytes | calc_skeyseed_v2: release responder-salt-key-key@NULL | key-offset: 92, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efeac0069f0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebb8a7748 | result: result-key@0x7efeac00a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 20 bytes of key@0x7efeac00a510 | chunk_SK_pi: symkey-key@0x7efeac00a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1717986918: 25 ffffffc1 ffffff9f ffffffde fffffff2 fffffff0 1e 03 65 ffffffd5 62 5f 67 fffffff2 ffffffa1 18 ffffffd2 39 ffffffc8 6d 73 4c 3d ffffff82 ffffffe8 68 ffffffe9 48 ffffffb4 ffffffbc 26 0a | chunk_SK_pi: release slot-key-key@0x557c468d1160 | chunk_SK_pi extracted len 32 bytes at 0x7efeac002d20 | unwrapped: 6b d8 e6 30 05 42 67 ba 4c 45 0c 57 d2 db ec 03 | unwrapped: a1 86 49 41 00 00 00 00 00 00 00 00 00 00 00 00 | key-offset: 112, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efeac0069f0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebb8a7748 | result: result-key@0x7efeac00d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 20 bytes of key@0x7efeac00d640 | chunk_SK_pr: symkey-key@0x7efeac00d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1717986918: ffffff8d 5c ffffffdd ffffffca ffffff85 ffffff8e 67 2b ffffffc8 37 59 ffffff97 1c 4b 66 ffffff9d ffffffde 0f ffffffa2 ffffffbb ffffff95 ffffffb1 fffffff0 0a 6d 23 ffffff9c 5a 5e ffffffb4 7b 72 | chunk_SK_pr: release slot-key-key@0x557c468d1160 | chunk_SK_pr extracted len 32 bytes at 0x7efeac002d50 | unwrapped: 35 9c 14 2a 77 77 49 59 fe 9a 1a bf f8 38 b4 c2 | unwrapped: 12 5b 80 cf 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x7efeac0069f0 | calc_skeyseed_v2 pointers: shared-key@0x557c468d9650, SK_d-key@0x557c468d7990, SK_ai-key@0x557c468cd410, SK_ar-key@0x557c468d4560, SK_ei-key@0x557c468dafb0, SK_er-key@0x557c468cec90, SK_pi-key@0x7efeac00a510, SK_pr-key@0x7efeac00d640 | calc_skeyseed_v2 initiator salt | | calc_skeyseed_v2 responder salt | | calc_skeyseed_v2 SK_pi | 6b d8 e6 30 05 42 67 ba 4c 45 0c 57 d2 db ec 03 | a1 86 49 41 | calc_skeyseed_v2 SK_pr | 35 9c 14 2a 77 77 49 59 fe 9a 1a bf f8 38 b4 c2 | 12 5b 80 cf | crypto helper 2 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 time elapsed 0.003099 seconds | (#1) spent 3.1 milliseconds in crypto helper computing work-order 2: ikev2_inI2outR2 KE (pcr) | crypto helper 2 sending results from work-order 2 for state #1 to event queue | scheduling resume sending helper answer for #1 | libevent_malloc: new ptr-libevent@0x7efeac00eec0 size 128 | crypto helper 2 waiting (nothing to do) | processing resume sending helper answer for #1 | start processing: state #1 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 2 replies to request ID 2 | calling continuation function 0x557c447f4630 | ikev2_parent_inI2outR2_continue for #1: calculating g^{xy}, sending R2 | DH secret MODP2048@0x7efeb4000d60: transferring ownership from helper IKEv2 DH to state #1 | finish_dh_v2: release st_shared_nss-key@NULL | #1 in state PARENT_R1: received v2I1, sent v2R1 | hmac PRF sha init symkey-key@0x557c468cd410 (size 20) | hmac: symkey-key@0x557c468cd410 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x557c468cd410 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f58c28 | result: clone-key@0x7efeac0069f0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x557c468d06c0 from symkey-key@0x7efeac0069f0 | hmac prf: begin sha with context 0x557c468d06c0 from symkey-key@0x7efeac0069f0 | hmac: release clone-key@0x7efeac0069f0 | hmac PRF sha crypt-prf@0x557c468eabb0 | hmac PRF sha update data-bytes@0x557c46842c20 (length 208) | 39 8e 7c f7 c4 ba 85 ba ca d8 bc 42 bd 8c 6a 15 | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | 84 14 c4 32 bc 77 9f 53 68 7c cd 14 3b 1c 37 f7 | 06 2b be 24 9f 77 ef 78 55 d8 e2 d9 e7 39 ed 56 | 86 90 d8 16 00 37 68 4b 3c 6a c1 03 da 4d 9f cf | b5 7b f2 5f 5f 09 60 70 51 63 f2 8e 0c 29 5c cc | ba 2c db 7e 3e 8f 27 b4 41 82 3c a2 2e 69 26 37 | eb 13 53 17 a4 01 d6 39 87 71 1f a9 4f 08 1b ae | bd 98 44 09 18 0d ec 09 01 62 e5 1f 98 36 aa 1c | cf 58 66 0a c3 53 6e b6 5b 0e 91 de 28 62 e7 c5 | e5 e4 9d 26 23 5d 4b 5b 2a 96 97 1d a5 8b e1 e7 | 49 66 b0 0f 00 20 70 47 c3 9b 68 ec c6 51 a8 25 | e5 2a fa 84 3d ab 26 55 4f 7f b5 5e 92 4d b9 a1 | hmac PRF sha final-bytes@0x7fff72f58df0 (length 20) | 78 cc da 6a 78 7e 85 2a 16 d7 18 64 d5 2c fc cc | 14 24 66 79 | data for hmac: 39 8e 7c f7 c4 ba 85 ba ca d8 bc 42 bd 8c 6a 15 | data for hmac: 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | data for hmac: 84 14 c4 32 bc 77 9f 53 68 7c cd 14 3b 1c 37 f7 | data for hmac: 06 2b be 24 9f 77 ef 78 55 d8 e2 d9 e7 39 ed 56 | data for hmac: 86 90 d8 16 00 37 68 4b 3c 6a c1 03 da 4d 9f cf | data for hmac: b5 7b f2 5f 5f 09 60 70 51 63 f2 8e 0c 29 5c cc | data for hmac: ba 2c db 7e 3e 8f 27 b4 41 82 3c a2 2e 69 26 37 | data for hmac: eb 13 53 17 a4 01 d6 39 87 71 1f a9 4f 08 1b ae | data for hmac: bd 98 44 09 18 0d ec 09 01 62 e5 1f 98 36 aa 1c | data for hmac: cf 58 66 0a c3 53 6e b6 5b 0e 91 de 28 62 e7 c5 | data for hmac: e5 e4 9d 26 23 5d 4b 5b 2a 96 97 1d a5 8b e1 e7 | data for hmac: 49 66 b0 0f 00 20 70 47 c3 9b 68 ec c6 51 a8 25 | data for hmac: e5 2a fa 84 3d ab 26 55 4f 7f b5 5e 92 4d b9 a1 | calculated auth: 78 cc da 6a 78 7e 85 2a 16 d7 18 64 | provided auth: 78 cc da 6a 78 7e 85 2a 16 d7 18 64 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 84 14 c4 32 bc 77 9f 53 68 7c cd 14 3b 1c 37 f7 | payload before decryption: | 06 2b be 24 9f 77 ef 78 55 d8 e2 d9 e7 39 ed 56 | 86 90 d8 16 00 37 68 4b 3c 6a c1 03 da 4d 9f cf | b5 7b f2 5f 5f 09 60 70 51 63 f2 8e 0c 29 5c cc | ba 2c db 7e 3e 8f 27 b4 41 82 3c a2 2e 69 26 37 | eb 13 53 17 a4 01 d6 39 87 71 1f a9 4f 08 1b ae | bd 98 44 09 18 0d ec 09 01 62 e5 1f 98 36 aa 1c | cf 58 66 0a c3 53 6e b6 5b 0e 91 de 28 62 e7 c5 | e5 e4 9d 26 23 5d 4b 5b 2a 96 97 1d a5 8b e1 e7 | 49 66 b0 0f 00 20 70 47 c3 9b 68 ec c6 51 a8 25 | e5 2a fa 84 3d ab 26 55 4f 7f b5 5e 92 4d b9 a1 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c | 02 00 00 00 65 61 73 74 21 00 00 1c 02 00 00 00 | 2c 93 e4 27 f2 7c 2c 04 17 a3 e4 9c 22 8f 00 10 | 83 8a f8 44 2c 00 00 2c 00 00 00 28 01 03 04 03 | 3a be 55 45 03 00 00 0c 01 00 00 0c 80 0e 00 80 | 03 00 00 08 03 00 00 02 00 00 00 08 05 00 00 00 | 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff | c0 00 01 00 c0 00 01 ff 00 00 00 18 01 00 00 00 | 07 00 00 10 00 00 ff ff c0 00 02 00 c0 00 02 ff | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | stripping 16 octets as pad | #1 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) | **parse IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2IDr (0x24) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDi (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) | **parse IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDr (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) | **parse IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | length: 28 (0x1c) | auth method: IKEv2_AUTH_SHARED (0x2) | processing payload: ISAKMP_NEXT_v2AUTH (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | **parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) | flags: none (0x0) | length: 44 (0x2c) | processing payload: ISAKMP_NEXT_v2SA (len=40) | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) | **parse IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSi (len=16) | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) | **parse IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSr (len=16) | selected state microcode Responder: process IKE_AUTH request | Now let's proceed with state specific processing | calling processor Responder: process IKE_AUTH request "east" #1: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr} | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) | received IDr payload - extracting our alleged ID | refine_host_connection for IKEv2: starting with "east" | match_id a=@west | b=@west | results matched | refine_host_connection: checking "east" against "east", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0)) | Warning: not switching back to template of current instance | Peer expects us to be @east (ID_FQDN) according to its IDr payload | This connection's local id is @east (ID_FQDN) | refine_host_connection: checked east against east, now for see if best | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x557c468dd5e0 (line=1) | concluding with best_match=014 best=0x557c468dd5e0 (lineno=1) | returning because exact peer id match | offered CA: '%none' "east" #1: IKEv2 mode peer ID is ID_FQDN: '@west' | hmac PRF sha init symkey-key@0x7efeac00a510 (size 20) | hmac: symkey-key@0x7efeac00a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efeac00a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f58698 | result: clone-key@0x7efeac0069f0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x557c468d06c0 from symkey-key@0x7efeac0069f0 | hmac prf: begin sha with context 0x557c468d06c0 from symkey-key@0x7efeac0069f0 | hmac: release clone-key@0x7efeac0069f0 | hmac PRF sha crypt-prf@0x557c468ec6e0 | idhash verify I2 02 00 00 00 77 65 73 74 | hmac PRF sha update data-bytes@0x557c46842c54 (length 8) | 02 00 00 00 77 65 73 74 | hmac PRF sha final-bytes@0x7fff72f58850 (length 20) | 00 a0 13 67 0b 42 a5 af 34 00 4b 20 19 a1 40 81 | 1f 8a d8 b4 | verifying AUTH payload | ikev2_calculate_psk_sighash() called from STATE_PARENT_R1 to verify PSK with authby=secret | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x557c468dd5e0 (line=1) | concluding with best_match=014 best=0x557c468dd5e0 (lineno=1) | inputs to hash1 (first packet) | 39 8e 7c f7 c4 ba 85 ba 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 45 ad 5c 1c 07 fa b3 b7 ed 12 9f a0 | bf 27 a5 3e fb cf f2 41 4a eb 76 f6 1d c4 cf 69 | e4 95 d5 90 ed 02 a5 61 75 d5 6d 76 f2 da 92 1d | ac 57 b4 1f 22 bc 97 c0 ac 3d 48 43 0d b6 44 f9 | 62 61 3e 8a a4 ac 9a f7 03 4d 68 47 3d d7 c9 81 | 3a a6 44 26 b2 4a 74 ef e9 19 a7 ee b0 cb 08 fd | aa 65 c5 71 a8 5a ca 30 bb 63 69 e6 b1 6d c2 f7 | 4f 0b 5c 39 40 39 8e 22 2c e0 a5 ea f7 cb 5b 65 | aa f6 3e 98 c1 5b 3a 9f 84 8c b3 d2 92 2c bd d4 | 7a 7f 64 7f a7 c5 28 4a fb d0 1e 1d d0 4b 84 2e | 8e 27 57 68 75 30 4f 53 2c 5e 4c 5f ef c1 1e a1 | 87 c2 9e 16 95 97 be 4f bd 01 c3 11 09 6f d2 58 | 18 26 d0 47 a9 a5 88 ba 2b 48 03 c4 2d 32 60 f7 | 71 9c 10 41 dc 68 69 b9 24 8d 78 48 db cf be 9f | 20 4e 59 93 f2 d0 d6 cb d9 ee 0a 61 01 e2 c9 fa | 95 84 ab d2 5b 42 f7 1e cf 19 04 a3 b9 f0 90 38 | db fe 61 02 29 00 00 24 b7 cd 8a 86 f0 01 6d 5a | c6 31 bf 73 c2 a1 9f f2 9e 4d 11 62 f6 6b 97 cf | c6 be bf e4 57 7a ad d1 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 96 22 89 1d 49 b2 3b df | 8b 3e fa 3e e5 2b e2 0d ee 3a b4 a8 00 00 00 1c | 00 00 40 05 04 03 d7 1e 1f ac 4c 62 a7 2f 76 46 | 69 6a 75 33 a2 b7 6a d7 | verify: initiator inputs to hash2 (responder nonce) | 3f 9b e3 5c 66 a1 00 89 b9 63 c0 be 47 a6 20 17 | 16 81 86 ad 51 d3 62 1d a3 d7 61 ff 7c 32 a0 1b | idhash 00 a0 13 67 0b 42 a5 af 34 00 4b 20 19 a1 40 81 | idhash 1f 8a d8 b4 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x557c468e7dc0 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f584a0 | result: shared secret-key@0x7efeb4006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x7efeb4006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f58488 | result: shared secret-key@0x7efeac0069f0 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x7efeb4006900 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x557c468d06c0 from shared secret-key@0x7efeac0069f0 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x557c468d06c0 from shared secret-key@0x7efeac0069f0 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7efeac0069f0 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x557c468eabb0 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x557c44887bb0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f584c0 | result: final-key@0x7efeb4006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efeb4006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f584a8 | result: final-key@0x7efeac0069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efeb4006900 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7efeac0069f0 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7efeac0069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7efeac0069f0 (size 20) | = prf(, ): -key@0x7efeac0069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efeac0069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f584b8 | result: clone-key@0x7efeb4006900 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x557c468d06c0 from -key@0x7efeb4006900 | = prf(, ) prf: begin sha with context 0x557c468d06c0 from -key@0x7efeb4006900 | = prf(, ): release clone-key@0x7efeb4006900 | = prf(, ) PRF sha crypt-prf@0x557c468eabd0 | = prf(, ) PRF sha update first-packet-bytes@0x557c468ed2b0 (length 440) | 39 8e 7c f7 c4 ba 85 ba 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 45 ad 5c 1c 07 fa b3 b7 ed 12 9f a0 | bf 27 a5 3e fb cf f2 41 4a eb 76 f6 1d c4 cf 69 | e4 95 d5 90 ed 02 a5 61 75 d5 6d 76 f2 da 92 1d | ac 57 b4 1f 22 bc 97 c0 ac 3d 48 43 0d b6 44 f9 | 62 61 3e 8a a4 ac 9a f7 03 4d 68 47 3d d7 c9 81 | 3a a6 44 26 b2 4a 74 ef e9 19 a7 ee b0 cb 08 fd | aa 65 c5 71 a8 5a ca 30 bb 63 69 e6 b1 6d c2 f7 | 4f 0b 5c 39 40 39 8e 22 2c e0 a5 ea f7 cb 5b 65 | aa f6 3e 98 c1 5b 3a 9f 84 8c b3 d2 92 2c bd d4 | 7a 7f 64 7f a7 c5 28 4a fb d0 1e 1d d0 4b 84 2e | 8e 27 57 68 75 30 4f 53 2c 5e 4c 5f ef c1 1e a1 | 87 c2 9e 16 95 97 be 4f bd 01 c3 11 09 6f d2 58 | 18 26 d0 47 a9 a5 88 ba 2b 48 03 c4 2d 32 60 f7 | 71 9c 10 41 dc 68 69 b9 24 8d 78 48 db cf be 9f | 20 4e 59 93 f2 d0 d6 cb d9 ee 0a 61 01 e2 c9 fa | 95 84 ab d2 5b 42 f7 1e cf 19 04 a3 b9 f0 90 38 | db fe 61 02 29 00 00 24 b7 cd 8a 86 f0 01 6d 5a | c6 31 bf 73 c2 a1 9f f2 9e 4d 11 62 f6 6b 97 cf | c6 be bf e4 57 7a ad d1 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 96 22 89 1d 49 b2 3b df | 8b 3e fa 3e e5 2b e2 0d ee 3a b4 a8 00 00 00 1c | 00 00 40 05 04 03 d7 1e 1f ac 4c 62 a7 2f 76 46 | 69 6a 75 33 a2 b7 6a d7 | = prf(, ) PRF sha update nonce-bytes@0x7efeb4002af0 (length 32) | 3f 9b e3 5c 66 a1 00 89 b9 63 c0 be 47 a6 20 17 | 16 81 86 ad 51 d3 62 1d a3 d7 61 ff 7c 32 a0 1b | = prf(, ) PRF sha update hash-bytes@0x7fff72f58850 (length 20) | 00 a0 13 67 0b 42 a5 af 34 00 4b 20 19 a1 40 81 | 1f 8a d8 b4 | = prf(, ) PRF sha final-chunk@0x557c468ec6e0 (length 20) | 2c 93 e4 27 f2 7c 2c 04 17 a3 e4 9c 22 8f 00 10 | 83 8a f8 44 | psk_auth: release prf-psk-key@0x7efeac0069f0 | Received PSK auth octets | 2c 93 e4 27 f2 7c 2c 04 17 a3 e4 9c 22 8f 00 10 | 83 8a f8 44 | Calculated PSK auth octets | 2c 93 e4 27 f2 7c 2c 04 17 a3 e4 9c 22 8f 00 10 | 83 8a f8 44 "east" #1: Authenticated using authby=secret | parent state #1: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA) | #1 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x557c468ec630 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x557c468eab40 | event_schedule: new EVENT_SA_REKEY-pe@0x557c468eab40 | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #1 | libevent_malloc: new ptr-libevent@0x557c468ec630 size 128 | pstats #1 ikev2.ike established | **emit ISAKMP Message: | initiator cookie: | 39 8e 7c f7 c4 ba 85 ba | responder cookie: | ca d8 bc 42 bd 8c 6a 15 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | hmac PRF sha init symkey-key@0x7efeac00d640 (size 20) | hmac: symkey-key@0x7efeac00d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efeac00d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f58008 | result: clone-key@0x7efeac0069f0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x557c468d06c0 from symkey-key@0x7efeac0069f0 | hmac prf: begin sha with context 0x557c468d06c0 from symkey-key@0x7efeac0069f0 | hmac: release clone-key@0x7efeac0069f0 | hmac PRF sha crypt-prf@0x557c468ec6c0 | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload | my identity 65 61 73 74 | emitting length of IKEv2 Identification - Responder - Payload: 12 | idhash calc R2 02 00 00 00 65 61 73 74 | hmac PRF sha update data-bytes@0x557c448f3974 (length 8) | 02 00 00 00 65 61 73 74 | hmac PRF sha final-bytes@0x7fff72f58310 (length 20) | 09 77 d9 d8 ea 81 25 7b 5a 0f d1 c3 fa f2 6f 01 | 51 66 c3 f3 | assembled IDr payload | CHILD SA proposals received | going to assemble AUTH payload | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | auth method: IKEv2_AUTH_SHARED (0x2) | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_R2 to create PSK with authby=secret | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x557c468dd5e0 (line=1) | concluding with best_match=014 best=0x557c468dd5e0 (lineno=1) | inputs to hash1 (first packet) | 39 8e 7c f7 c4 ba 85 ba ca d8 bc 42 bd 8c 6a 15 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 a3 f6 ac 2c 72 e6 34 da ce cb 9f cf | ed e3 d7 95 5d bd 1f e3 90 10 5b b1 bc 90 14 2e | fb 5a 7a 26 d6 94 b3 97 70 40 56 5c 7c 76 ee d1 | 61 1b 64 29 03 14 1f ed 0f c1 ac f4 69 c0 00 17 | 15 f4 34 a1 9e e2 c8 f4 6a b4 bb 79 f0 84 fe 7b | 4b df d2 9f fc a0 b5 82 69 c7 4d 14 1f 51 6d 0e | 34 b7 c2 33 a9 93 e3 c6 5f 54 cf 37 ff ac 1a 45 | 1b e3 8c 5a 28 e6 20 fa f8 17 64 ae bb 3e b6 82 | f9 3c a8 7f 2d e6 33 c0 cf 9a bd 9d aa 3e 82 1a | 4c 7a 61 5f 90 f8 56 3e 40 35 28 4b 8a 63 e9 56 | 0e 7a 4c b2 0d 63 63 f2 b6 cc 7d 7a d5 b7 b3 82 | 8c 5f 1b f6 63 d1 78 1f 67 68 cb 7d 1a 6e bb 71 | e9 17 87 ac 7d 97 6d 64 71 21 7d 6d 7c a2 d2 fe | 08 ac 89 28 63 de 9e 7c 7e 84 f6 13 9d 47 f9 3d | 89 b0 64 ff 5b c1 46 c0 4e e7 de 4f 65 07 29 3e | 85 be f0 61 96 8a f1 e5 ab ed 73 06 3b 2c aa 81 | 61 30 04 92 29 00 00 24 3f 9b e3 5c 66 a1 00 89 | b9 63 c0 be 47 a6 20 17 16 81 86 ad 51 d3 62 1d | a3 d7 61 ff 7c 32 a0 1b 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 29 5d 28 e9 37 37 db b6 | bc 59 bf 7c 56 0f 90 86 99 66 1d f4 00 00 00 1c | 00 00 40 05 15 86 98 fc 21 7a 01 4c 16 fd 61 19 | 90 68 46 b1 04 2b f0 90 | create: responder inputs to hash2 (initiator nonce) | b7 cd 8a 86 f0 01 6d 5a c6 31 bf 73 c2 a1 9f f2 | 9e 4d 11 62 f6 6b 97 cf c6 be bf e4 57 7a ad d1 | idhash 09 77 d9 d8 ea 81 25 7b 5a 0f d1 c3 fa f2 6f 01 | idhash 51 66 c3 f3 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x557c468e7dc0 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f57e00 | result: shared secret-key@0x7efeb4006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x7efeb4006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57de8 | result: shared secret-key@0x7efeac0069f0 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x7efeb4006900 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x557c468d06c0 from shared secret-key@0x7efeac0069f0 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x557c468d06c0 from shared secret-key@0x7efeac0069f0 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7efeac0069f0 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x557c468ec6e0 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x557c44887bb0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f57e20 | result: final-key@0x7efeb4006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efeb4006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57e08 | result: final-key@0x7efeac0069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efeb4006900 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7efeac0069f0 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7efeac0069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7efeac0069f0 (size 20) | = prf(, ): -key@0x7efeac0069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efeac0069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57e18 | result: clone-key@0x7efeb4006900 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x557c468d06c0 from -key@0x7efeb4006900 | = prf(, ) prf: begin sha with context 0x557c468d06c0 from -key@0x7efeb4006900 | = prf(, ): release clone-key@0x7efeb4006900 | = prf(, ) PRF sha crypt-prf@0x557c468eabb0 | = prf(, ) PRF sha update first-packet-bytes@0x557c468ed630 (length 440) | 39 8e 7c f7 c4 ba 85 ba ca d8 bc 42 bd 8c 6a 15 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 a3 f6 ac 2c 72 e6 34 da ce cb 9f cf | ed e3 d7 95 5d bd 1f e3 90 10 5b b1 bc 90 14 2e | fb 5a 7a 26 d6 94 b3 97 70 40 56 5c 7c 76 ee d1 | 61 1b 64 29 03 14 1f ed 0f c1 ac f4 69 c0 00 17 | 15 f4 34 a1 9e e2 c8 f4 6a b4 bb 79 f0 84 fe 7b | 4b df d2 9f fc a0 b5 82 69 c7 4d 14 1f 51 6d 0e | 34 b7 c2 33 a9 93 e3 c6 5f 54 cf 37 ff ac 1a 45 | 1b e3 8c 5a 28 e6 20 fa f8 17 64 ae bb 3e b6 82 | f9 3c a8 7f 2d e6 33 c0 cf 9a bd 9d aa 3e 82 1a | 4c 7a 61 5f 90 f8 56 3e 40 35 28 4b 8a 63 e9 56 | 0e 7a 4c b2 0d 63 63 f2 b6 cc 7d 7a d5 b7 b3 82 | 8c 5f 1b f6 63 d1 78 1f 67 68 cb 7d 1a 6e bb 71 | e9 17 87 ac 7d 97 6d 64 71 21 7d 6d 7c a2 d2 fe | 08 ac 89 28 63 de 9e 7c 7e 84 f6 13 9d 47 f9 3d | 89 b0 64 ff 5b c1 46 c0 4e e7 de 4f 65 07 29 3e | 85 be f0 61 96 8a f1 e5 ab ed 73 06 3b 2c aa 81 | 61 30 04 92 29 00 00 24 3f 9b e3 5c 66 a1 00 89 | b9 63 c0 be 47 a6 20 17 16 81 86 ad 51 d3 62 1d | a3 d7 61 ff 7c 32 a0 1b 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 29 5d 28 e9 37 37 db b6 | bc 59 bf 7c 56 0f 90 86 99 66 1d f4 00 00 00 1c | 00 00 40 05 15 86 98 fc 21 7a 01 4c 16 fd 61 19 | 90 68 46 b1 04 2b f0 90 | = prf(, ) PRF sha update nonce-bytes@0x557c468eab80 (length 32) | b7 cd 8a 86 f0 01 6d 5a c6 31 bf 73 c2 a1 9f f2 | 9e 4d 11 62 f6 6b 97 cf c6 be bf e4 57 7a ad d1 | = prf(, ) PRF sha update hash-bytes@0x7fff72f58310 (length 20) | 09 77 d9 d8 ea 81 25 7b 5a 0f d1 c3 fa f2 6f 01 | 51 66 c3 f3 | = prf(, ) PRF sha final-chunk@0x557c468ec6c0 (length 20) | 82 ee cc 45 bd 25 5a 0d 9b bd 0a 0f de cc 85 3b | 30 13 a8 47 | psk_auth: release prf-psk-key@0x7efeac0069f0 | PSK auth octets 82 ee cc 45 bd 25 5a 0d 9b bd 0a 0f de cc 85 3b | PSK auth octets 30 13 a8 47 | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth 82 ee cc 45 bd 25 5a 0d 9b bd 0a 0f de cc 85 3b | PSK auth 30 13 a8 47 | emitting length of IKEv2 Authentication Payload: 28 | creating state object #2 at 0x557c468eda30 | State DB: adding IKEv2 state #2 in UNDEFINED | pstats #2 ikev2.child started | duplicating state object #1 "east" as #2 for IPSEC SA | #2 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1481) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x557c468d7990 | duplicate_state: reference st_skey_ai_nss-key@0x557c468cd410 | duplicate_state: reference st_skey_ar_nss-key@0x557c468d4560 | duplicate_state: reference st_skey_ei_nss-key@0x557c468dafb0 | duplicate_state: reference st_skey_er_nss-key@0x557c468cec90 | duplicate_state: reference st_skey_pi_nss-key@0x7efeac00a510 | duplicate_state: reference st_skey_pr_nss-key@0x7efeac00d640 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #1.#2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1 | Message ID: switch-to #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1 | Child SA TS Request has ike->sa == md->st; so using parent connection | TSi: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 01 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 01 ff | TSi: parsed 1 traffic selectors | TSr: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 02 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 02 ff | TSr: parsed 1 traffic selectors | looking for best SPD in current connection | evaluating our conn="east" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | found better spd route for TSi[0],TSr[0] | looking for better host pair | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | checking hostpair 192.0.2.0/24:0 -> 192.0.1.0/24:0 is found | investigating connection "east" as a better match | match_id a=@west | b=@west | results matched | evaluating our conn="east" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | did not find a better connection using host pair | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV4_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.2.0-192.0.2.255 | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV4_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.1.0-192.0.1.255 | constructing ESP/AH proposals with all DH removed for east (IKE_AUTH responder matching remote ESP/AH proposals) | converting proposal AES_CBC_128-HMAC_SHA1_96-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | converting proposal 3DES_CBC-HMAC_SHA1_96-MODP2048 to ikev2 ... | omitting IKEv2 PROTO_v2_ESP 3des_cbc ENCRYPT transform key-length | ... ikev2_proposal: 2:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED "east": constructed local ESP/AH proposals for east (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED 2:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 0 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 1 transforms | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 0 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 1 transforms | local proposal 2 transforms: required: ENCR+INTEG+ESN; optional: DH | ***parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 40 (0x28) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI | remote SPI 3a be 55 45 | Comparing remote proposal 1 containing 3 transforms against local proposal [1..2] of 2 local proposals | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | *****parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN | remote proposal 1 matches local proposal 1 "east" #1: proposal 1:ESP:SPI=3abe5545;ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED[first-match] | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=3abe5545;ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: NONE=0, found NONE | netlink_get_spi: allocated 0xb11e20e2 for esp.0@192.1.2.23 | Emitting ikev2_proposal ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi b1 1e 20 e2 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 40 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 44 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 00 01 00 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 00 01 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 00 02 00 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 00 02 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | integ=sha: .key_size=20 encrypt=aes: .key_size=16 .salt_size=0 keymat_len=36 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f57e90 | result: data=Ni-key@0x7efeb4006900 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x7efeb4006900 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57e78 | result: data=Ni-key@0x7efeac0069f0 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x7efeb4006900 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7efeac0069f0 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff72f57e80 | result: data+=Nr-key@0x7efeb4006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x7efeac0069f0 | prf+0 PRF sha init key-key@0x557c468d7990 (size 20) | prf+0: key-key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57da8 | result: clone-key@0x7efeac0069f0 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x557c468d06c0 from key-key@0x7efeac0069f0 | prf+0 prf: begin sha with context 0x557c468d06c0 from key-key@0x7efeac0069f0 | prf+0: release clone-key@0x7efeac0069f0 | prf+0 PRF sha crypt-prf@0x557c468ec6e0 | prf+0 PRF sha update seed-key@0x7efeb4006900 (size 64) | prf+0: seed-key@0x7efeb4006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7efeb4006900 | nss hmac digest hack: symkey-key@0x7efeb4006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1928690160: ffffffcf ffffff8e ffffffbe fffffff4 1a 3e ffffffd4 46 62 ffffffed ffffffd1 ffffffb9 12 ffffffa1 4c 30 55 6b 1f 06 1d 33 39 ffffffea 37 48 0f ffffffa8 ffffffbf ffffffc6 ffffffaf ffffff97 ffffffbc 43 56 37 fffffffb fffffff0 49 01 47 2d 7c 41 1a ffffff82 4f fffffffb ffffffe9 22 ffffffe1 ffffffbe ffffffc6 ffffffbf ffffffb4 ffffffb3 ffffffe5 70 ffffffd2 ffffff82 6c ffffffd6 ffffffd1 19 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 64 bytes at 0x557c468f0c60 | unwrapped: b7 cd 8a 86 f0 01 6d 5a c6 31 bf 73 c2 a1 9f f2 | unwrapped: 9e 4d 11 62 f6 6b 97 cf c6 be bf e4 57 7a ad d1 | unwrapped: 3f 9b e3 5c 66 a1 00 89 b9 63 c0 be 47 a6 20 17 | unwrapped: 16 81 86 ad 51 d3 62 1d a3 d7 61 ff 7c 32 a0 1b | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f57db0 | result: final-key@0x557c468ef2a0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x557c468ef2a0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57d98 | result: final-key@0x7efeac0069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x557c468ef2a0 | prf+0 PRF sha final-key@0x7efeac0069f0 (size 20) | prf+0: key-key@0x7efeac0069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x7efeac0069f0 | prf+N PRF sha init key-key@0x557c468d7990 (size 20) | prf+N: key-key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57da8 | result: clone-key@0x557c468ef2a0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x557c468d06c0 from key-key@0x557c468ef2a0 | prf+N prf: begin sha with context 0x557c468d06c0 from key-key@0x557c468ef2a0 | prf+N: release clone-key@0x557c468ef2a0 | prf+N PRF sha crypt-prf@0x557c468ed980 | prf+N PRF sha update old_t-key@0x7efeac0069f0 (size 20) | prf+N: old_t-key@0x7efeac0069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7efeac0069f0 | nss hmac digest hack: symkey-key@0x7efeac0069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1928690160: ffffffbd 67 45 ffffffbd 0e 1a 05 ffffff99 69 ffffffac 47 45 45 4a fffffff2 66 ffffffea ffffffdf 1b 34 28 11 ffffffde 49 1e 44 5d 54 5b 4d ffffffde ffffffe5 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x557c468f0cb0 | unwrapped: b0 60 b7 4c 02 b8 a0 6a 4f d2 25 67 06 d7 75 8c | unwrapped: 7d af 12 da 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7efeb4006900 (size 64) | prf+N: seed-key@0x7efeb4006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7efeb4006900 | nss hmac digest hack: symkey-key@0x7efeb4006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1928690160: ffffffcf ffffff8e ffffffbe fffffff4 1a 3e ffffffd4 46 62 ffffffed ffffffd1 ffffffb9 12 ffffffa1 4c 30 55 6b 1f 06 1d 33 39 ffffffea 37 48 0f ffffffa8 ffffffbf ffffffc6 ffffffaf ffffff97 ffffffbc 43 56 37 fffffffb fffffff0 49 01 47 2d 7c 41 1a ffffff82 4f fffffffb ffffffe9 22 ffffffe1 ffffffbe ffffffc6 ffffffbf ffffffb4 ffffffb3 ffffffe5 70 ffffffd2 ffffff82 6c ffffffd6 ffffffd1 19 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 64 bytes at 0x557c468f0b70 | unwrapped: b7 cd 8a 86 f0 01 6d 5a c6 31 bf 73 c2 a1 9f f2 | unwrapped: 9e 4d 11 62 f6 6b 97 cf c6 be bf e4 57 7a ad d1 | unwrapped: 3f 9b e3 5c 66 a1 00 89 b9 63 c0 be 47 a6 20 17 | unwrapped: 16 81 86 ad 51 d3 62 1d a3 d7 61 ff 7c 32 a0 1b | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f57db0 | result: final-key@0x557c468f0de0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x557c468f0de0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57d98 | result: final-key@0x557c468ef2a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x557c468f0de0 | prf+N PRF sha final-key@0x557c468ef2a0 (size 20) | prf+N: key-key@0x557c468ef2a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7efeac0069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff72f57e28 | result: result-key@0x557c468f0de0 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7efeac0069f0 | prfplus: release old_t[N]-key@0x7efeac0069f0 | prf+N PRF sha init key-key@0x557c468d7990 (size 20) | prf+N: key-key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57da8 | result: clone-key@0x7efeac0069f0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x557c468d06c0 from key-key@0x7efeac0069f0 | prf+N prf: begin sha with context 0x557c468d06c0 from key-key@0x7efeac0069f0 | prf+N: release clone-key@0x7efeac0069f0 | prf+N PRF sha crypt-prf@0x557c468eabd0 | prf+N PRF sha update old_t-key@0x557c468ef2a0 (size 20) | prf+N: old_t-key@0x557c468ef2a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x557c468ef2a0 | nss hmac digest hack: symkey-key@0x557c468ef2a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1928690160: ffffffd7 70 67 21 ffffff98 ffffffc6 6f 4d 7d ffffffbd 4f ffffffd4 ffffff9c ffffffb5 4a ffffffe7 61 fffffff1 ffffff96 27 ffffffd5 fffffffa ffffffc0 ffffffd7 ffffffba 08 ffffffb0 60 77 ffffffc0 72 ffffff83 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x557c468f0ce0 | unwrapped: ba f9 a3 07 a3 e2 41 0a ac 37 cc dd b3 a5 ae bf | unwrapped: 0c 68 36 94 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7efeb4006900 (size 64) | prf+N: seed-key@0x7efeb4006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7efeb4006900 | nss hmac digest hack: symkey-key@0x7efeb4006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1928690160: ffffffcf ffffff8e ffffffbe fffffff4 1a 3e ffffffd4 46 62 ffffffed ffffffd1 ffffffb9 12 ffffffa1 4c 30 55 6b 1f 06 1d 33 39 ffffffea 37 48 0f ffffffa8 ffffffbf ffffffc6 ffffffaf ffffff97 ffffffbc 43 56 37 fffffffb fffffff0 49 01 47 2d 7c 41 1a ffffff82 4f fffffffb ffffffe9 22 ffffffe1 ffffffbe ffffffc6 ffffffbf ffffffb4 ffffffb3 ffffffe5 70 ffffffd2 ffffff82 6c ffffffd6 ffffffd1 19 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 64 bytes at 0x557c468f0b20 | unwrapped: b7 cd 8a 86 f0 01 6d 5a c6 31 bf 73 c2 a1 9f f2 | unwrapped: 9e 4d 11 62 f6 6b 97 cf c6 be bf e4 57 7a ad d1 | unwrapped: 3f 9b e3 5c 66 a1 00 89 b9 63 c0 be 47 a6 20 17 | unwrapped: 16 81 86 ad 51 d3 62 1d a3 d7 61 ff 7c 32 a0 1b | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f57db0 | result: final-key@0x557c468ef410 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x557c468ef410 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57d98 | result: final-key@0x7efeac0069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x557c468ef410 | prf+N PRF sha final-key@0x7efeac0069f0 (size 20) | prf+N: key-key@0x7efeac0069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c468f0de0 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff72f57e28 | result: result-key@0x557c468ef410 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x557c468f0de0 | prfplus: release old_t[N]-key@0x557c468ef2a0 | prf+N PRF sha init key-key@0x557c468d7990 (size 20) | prf+N: key-key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57da8 | result: clone-key@0x557c468ef2a0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x557c468d06c0 from key-key@0x557c468ef2a0 | prf+N prf: begin sha with context 0x557c468d06c0 from key-key@0x557c468ef2a0 | prf+N: release clone-key@0x557c468ef2a0 | prf+N PRF sha crypt-prf@0x557c468ed980 | prf+N PRF sha update old_t-key@0x7efeac0069f0 (size 20) | prf+N: old_t-key@0x7efeac0069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7efeac0069f0 | nss hmac digest hack: symkey-key@0x7efeac0069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1928690160: 1a ffffffdf 68 ffffff80 67 ffffffde ffffffec ffffff81 4b ffffff8c ffffff8f ffffffa3 fffffff7 5e fffffff7 ffffffe6 ffffffff 7a 4a 2d ffffff88 41 1a ffffff86 ffffff86 5f 58 fffffffd 17 ffffffb8 75 ffffffde | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x557c468f0f60 | unwrapped: c3 64 43 9c 21 93 3c 28 c2 e4 d4 a4 de 72 26 f1 | unwrapped: 4d ef d5 a8 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7efeb4006900 (size 64) | prf+N: seed-key@0x7efeb4006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7efeb4006900 | nss hmac digest hack: symkey-key@0x7efeb4006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1928690160: ffffffcf ffffff8e ffffffbe fffffff4 1a 3e ffffffd4 46 62 ffffffed ffffffd1 ffffffb9 12 ffffffa1 4c 30 55 6b 1f 06 1d 33 39 ffffffea 37 48 0f ffffffa8 ffffffbf ffffffc6 ffffffaf ffffff97 ffffffbc 43 56 37 fffffffb fffffff0 49 01 47 2d 7c 41 1a ffffff82 4f fffffffb ffffffe9 22 ffffffe1 ffffffbe ffffffc6 ffffffbf ffffffb4 ffffffb3 ffffffe5 70 ffffffd2 ffffff82 6c ffffffd6 ffffffd1 19 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 64 bytes at 0x557c468ef4a0 | unwrapped: b7 cd 8a 86 f0 01 6d 5a c6 31 bf 73 c2 a1 9f f2 | unwrapped: 9e 4d 11 62 f6 6b 97 cf c6 be bf e4 57 7a ad d1 | unwrapped: 3f 9b e3 5c 66 a1 00 89 b9 63 c0 be 47 a6 20 17 | unwrapped: 16 81 86 ad 51 d3 62 1d a3 d7 61 ff 7c 32 a0 1b | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f57db0 | result: final-key@0x557c468f0de0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x557c468f0de0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57d98 | result: final-key@0x557c468ef2a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x557c468f0de0 | prf+N PRF sha final-key@0x557c468ef2a0 (size 20) | prf+N: key-key@0x557c468ef2a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c468ef410 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff72f57e28 | result: result-key@0x557c468f0de0 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x557c468ef410 | prfplus: release old_t[N]-key@0x7efeac0069f0 | prfplus: release old_t[final]-key@0x557c468ef2a0 | child_sa_keymat: release data-key@0x7efeb4006900 | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 36-bytes | base: base-key@0x557c468f0de0 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57f08 | result: result-key@0x7efeb4006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | initiator to responder keys extracting all 36 bytes of key@0x7efeb4006900 | initiator to responder keys: symkey-key@0x7efeb4006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | initiator to responder keys: new slot-key@0x557c468d1160 (36-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)1713387107: ffffffbd 67 45 ffffffbd 0e 1a 05 ffffff99 69 ffffffac 47 45 45 4a fffffff2 66 24 ffffffc6 26 fffffffd 1a ffffffe8 ffffffda ffffffe3 07 49 ffffff83 fffffffa 55 14 ffffffc7 1d ffffff9b ffffffcf 0a 16 ffffffc7 ffffffec 55 72 09 0f fffffff5 18 ffffffc8 ffffffa2 64 ffffffb2 | initiator to responder keys: release slot-key-key@0x557c468d1160 | initiator to responder keys extracted len 48 bytes at 0x557c468ef4f0 | unwrapped: b0 60 b7 4c 02 b8 a0 6a 4f d2 25 67 06 d7 75 8c | unwrapped: 7d af 12 da ba f9 a3 07 a3 e2 41 0a ac 37 cc dd | unwrapped: b3 a5 ae bf 00 00 00 00 00 00 00 00 00 00 00 00 | ikev2_derive_child_keys: release ikey-key@0x7efeb4006900 | key-offset: 36, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 36-bytes | base: base-key@0x557c468f0de0 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57f08 | result: result-key@0x7efeb4006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | responder to initiator keys: extracting all 36 bytes of key@0x7efeb4006900 | responder to initiator keys:: symkey-key@0x7efeb4006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | responder to initiator keys:: new slot-key@0x557c468d1160 (36-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)1713387107: 2c ffffff84 0a ffffff93 ffffffb5 fffffff5 28 fffffff0 ffffffb1 4f ffffff9f 72 ffffffd4 ffffffc9 4b ffffffe6 ffffffc3 ffffffed ffffff94 5e ffffffac 7c 32 ffffff94 ffffffb5 06 54 ffffffdf 03 57 5d ffffffef 3a 27 2c 5f 19 4c 0a 37 39 ffffffcf 37 00 ffffffe3 fffffff5 fffffffe 10 | responder to initiator keys:: release slot-key-key@0x557c468d1160 | responder to initiator keys: extracted len 48 bytes at 0x557c468f4150 | unwrapped: 0c 68 36 94 c3 64 43 9c 21 93 3c 28 c2 e4 d4 a4 | unwrapped: de 72 26 f1 4d ef d5 a8 58 b7 8f 5f a9 18 33 e3 | unwrapped: 03 ea b8 d3 00 00 00 00 00 00 00 00 00 00 00 00 | ikev2_derive_child_keys: release rkey-key@0x7efeb4006900 | ikev2_derive_child_keys: release keymat-key@0x557c468f0de0 | FOR_EACH_CONNECTION_... in ISAKMP_SA_established | #1 spent 2.56 milliseconds | install_ipsec_sa() for #2: inbound and outbound | could_route called for east (kind=CK_PERMANENT) | FOR_EACH_CONNECTION_... in route_owner | conn east mark 0/00000000, 0/00000000 vs | conn east mark 0/00000000, 0/00000000 | route owner of "east" unrouted: NULL; eroute owner: NULL | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'east' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.3abe5545@192.1.2.45 included non-error error | set up outgoing SA, ref=0/0 | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'east' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.b11e20e2@192.1.2.23 included non-error error | priority calculation of connection "east" is 0xfe7e7 | add inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | set up incoming SA, ref=0/0 | sr for #2: unrouted | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn east mark 0/00000000, 0/00000000 vs | conn east mark 0/00000000, 0/00000000 | route owner of "east" unrouted: NULL; eroute owner: NULL | route_and_eroute with c: east (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 | priority calculation of connection "east" is 0xfe7e7 | eroute_connection add eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.0@192.1.2.45 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | running updown command "ipsec _updown" for verb up | command executing up-client | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x3abe5545 SPI_OUT=0xb11 | popen cmd is 1020 chars long | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFA: | cmd( 80):CE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' : | cmd( 160):PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_M: | cmd( 240):ASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1638: | cmd( 320):8' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_: | cmd( 400):CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK=': | cmd( 480):255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUT: | cmd( 560):O_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKE: | cmd( 640):V2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO: | cmd( 720):_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_IN: | cmd( 800):FO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_: | cmd( 880):CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED=: | cmd( 960):'no' SPI_IN=0x3abe5545 SPI_OUT=0xb11e20e2 ipsec _updown 2>&1: | route_and_eroute: firewall_notified: true | running updown command "ipsec _updown" for verb prepare | command executing prepare-client | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x3abe5545 SPI | popen cmd is 1025 chars long | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_IN: | cmd( 80):TERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@e: | cmd( 160):ast' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLI: | cmd( 240):ENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=: | cmd( 320):'16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_: | cmd( 400):PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_M: | cmd( 480):ASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='': | cmd( 560): PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PF: | cmd( 640):S+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' : | cmd( 720):PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_D: | cmd( 800):NS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' P: | cmd( 880):LUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SH: | cmd( 960):ARED='no' SPI_IN=0x3abe5545 SPI_OUT=0xb11e20e2 ipsec _updown 2>&1: | running updown command "ipsec _updown" for verb route | command executing route-client | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x3abe5545 SPI_OUT | popen cmd is 1023 chars long | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTE: | cmd( 80):RFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@eas: | cmd( 160):t' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIEN: | cmd( 240):T_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1: | cmd( 320):6388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PE: | cmd( 400):ER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MAS: | cmd( 480):K='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' P: | cmd( 560):LUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+: | cmd( 640):IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PL: | cmd( 720):UTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS: | cmd( 800):_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLU: | cmd( 880):TO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHAR: | cmd( 960):ED='no' SPI_IN=0x3abe5545 SPI_OUT=0xb11e20e2 ipsec _updown 2>&1: | route_and_eroute: instance "east", setting eroute_owner {spd=0x557c468e8eb0,sr=0x557c468e8eb0} to #2 (was #0) (newest_ipsec_sa=#0) | #1 spent 0.826 milliseconds in install_ipsec_sa() | ISAKMP_v2_IKE_AUTH: instance east[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 | adding 12 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 176 | emitting length of ISAKMP Message: 204 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 13 56 91 c7 68 1d 4d f5 a5 e5 25 39 32 a9 07 b7 | data before encryption: | 27 00 00 0c 02 00 00 00 65 61 73 74 21 00 00 1c | 02 00 00 00 82 ee cc 45 bd 25 5a 0d 9b bd 0a 0f | de cc 85 3b 30 13 a8 47 2c 00 00 2c 00 00 00 28 | 01 03 04 03 b1 1e 20 e2 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 03 00 00 02 00 00 00 08 | 05 00 00 00 2d 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 01 00 c0 00 01 ff 00 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 02 00 | c0 00 02 ff 00 01 02 03 04 05 06 07 08 09 0a 0b | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 1d 46 40 ea be 5c 2f b7 0f 90 d2 6f 8a 04 44 40 | 6c ef 0a e7 a3 08 a0 e3 b0 f2 41 ac 8c 0c 47 1f | 47 56 02 02 69 bf 18 13 bd d7 c5 34 df ed af 6c | 76 16 66 72 b6 8b 39 25 c9 88 b9 a2 49 19 8e ea | ff fc 83 11 fb 5a ed a5 5a 2e 2b 86 16 2c c6 50 | 1b af 5a c4 7e 4e 8c 36 e2 8b f4 4a 5f 1d eb fd | d3 61 78 89 4e 32 04 d4 8e 79 bd 7f a1 86 26 eb | 01 29 83 3d 4c 52 9a 26 54 bb ce 8a 10 92 0c e2 | ec 7b 11 eb 6f 12 ef 4c 9f 1c 75 58 48 ee ff 89 | hmac PRF sha init symkey-key@0x557c468d4560 (size 20) | hmac: symkey-key@0x557c468d4560 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x557c468d4560 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57f18 | result: clone-key@0x557c468f0de0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x557c468d06c0 from symkey-key@0x557c468f0de0 | hmac prf: begin sha with context 0x557c468d06c0 from symkey-key@0x557c468f0de0 | hmac: release clone-key@0x557c468f0de0 | hmac PRF sha crypt-prf@0x557c468eabd0 | hmac PRF sha update data-bytes@0x557c448f3940 (length 192) | 39 8e 7c f7 c4 ba 85 ba ca d8 bc 42 bd 8c 6a 15 | 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | 13 56 91 c7 68 1d 4d f5 a5 e5 25 39 32 a9 07 b7 | 1d 46 40 ea be 5c 2f b7 0f 90 d2 6f 8a 04 44 40 | 6c ef 0a e7 a3 08 a0 e3 b0 f2 41 ac 8c 0c 47 1f | 47 56 02 02 69 bf 18 13 bd d7 c5 34 df ed af 6c | 76 16 66 72 b6 8b 39 25 c9 88 b9 a2 49 19 8e ea | ff fc 83 11 fb 5a ed a5 5a 2e 2b 86 16 2c c6 50 | 1b af 5a c4 7e 4e 8c 36 e2 8b f4 4a 5f 1d eb fd | d3 61 78 89 4e 32 04 d4 8e 79 bd 7f a1 86 26 eb | 01 29 83 3d 4c 52 9a 26 54 bb ce 8a 10 92 0c e2 | ec 7b 11 eb 6f 12 ef 4c 9f 1c 75 58 48 ee ff 89 | hmac PRF sha final-bytes@0x557c448f3a00 (length 20) | 38 83 40 c4 8b 3e 0b 79 80 22 4a e9 12 94 29 0d | a7 bf 92 bb | data being hmac: 39 8e 7c f7 c4 ba 85 ba ca d8 bc 42 bd 8c 6a 15 | data being hmac: 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | data being hmac: 13 56 91 c7 68 1d 4d f5 a5 e5 25 39 32 a9 07 b7 | data being hmac: 1d 46 40 ea be 5c 2f b7 0f 90 d2 6f 8a 04 44 40 | data being hmac: 6c ef 0a e7 a3 08 a0 e3 b0 f2 41 ac 8c 0c 47 1f | data being hmac: 47 56 02 02 69 bf 18 13 bd d7 c5 34 df ed af 6c | data being hmac: 76 16 66 72 b6 8b 39 25 c9 88 b9 a2 49 19 8e ea | data being hmac: ff fc 83 11 fb 5a ed a5 5a 2e 2b 86 16 2c c6 50 | data being hmac: 1b af 5a c4 7e 4e 8c 36 e2 8b f4 4a 5f 1d eb fd | data being hmac: d3 61 78 89 4e 32 04 d4 8e 79 bd 7f a1 86 26 eb | data being hmac: 01 29 83 3d 4c 52 9a 26 54 bb ce 8a 10 92 0c e2 | data being hmac: ec 7b 11 eb 6f 12 ef 4c 9f 1c 75 58 48 ee ff 89 | out calculated auth: | 38 83 40 c4 8b 3e 0b 79 80 22 4a e9 | ikev2_parent_inI2outR2_continue_tail returned STF_OK | #1 spent 3.6 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet() | suspend processing: state #1 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | start processing: state #2 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #2 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_OK | IKEv2: transition from state STATE_PARENT_R1 to state STATE_V2_IPSEC_R | child state #2: UNDEFINED(ignore) => V2_IPSEC_R(established CHILD SA) | Message ID: updating counters for #2 to 1 after switching state | Message ID: recv #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0->1; child: wip.initiator=-1 wip.responder=1->-1 | Message ID: sent #1.#2 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1 | pstats #2 ikev2.child established "east" #2: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.1.0-192.0.1.255:0-65535 0] | NAT-T: encaps is 'auto' "east" #2: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0x3abe5545 <0xb11e20e2 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) | sending 204 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) | 39 8e 7c f7 c4 ba 85 ba ca d8 bc 42 bd 8c 6a 15 | 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | 13 56 91 c7 68 1d 4d f5 a5 e5 25 39 32 a9 07 b7 | 1d 46 40 ea be 5c 2f b7 0f 90 d2 6f 8a 04 44 40 | 6c ef 0a e7 a3 08 a0 e3 b0 f2 41 ac 8c 0c 47 1f | 47 56 02 02 69 bf 18 13 bd d7 c5 34 df ed af 6c | 76 16 66 72 b6 8b 39 25 c9 88 b9 a2 49 19 8e ea | ff fc 83 11 fb 5a ed a5 5a 2e 2b 86 16 2c c6 50 | 1b af 5a c4 7e 4e 8c 36 e2 8b f4 4a 5f 1d eb fd | d3 61 78 89 4e 32 04 d4 8e 79 bd 7f a1 86 26 eb | 01 29 83 3d 4c 52 9a 26 54 bb ce 8a 10 92 0c e2 | ec 7b 11 eb 6f 12 ef 4c 9f 1c 75 58 48 ee ff 89 | 38 83 40 c4 8b 3e 0b 79 80 22 4a e9 | releasing whack for #2 (sock=fd@-1) | releasing whack and unpending for parent #1 | unpending state #1 connection "east" | #2 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) | event_schedule: new EVENT_SA_REKEY-pe@0x7efeb4002b20 | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #2 | libevent_malloc: new ptr-libevent@0x557c468f27a0 size 128 | resume sending helper answer for #1 suppresed complete_v2_state_transition() | #1 spent 3.99 milliseconds in resume sending helper answer | stop processing: state #2 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7efeac00eec0 | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00488 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00299 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00271 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00293 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 39 8e 7c f7 c4 ba 85 ba ca d8 bc 42 bd 8c 6a 15 | 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | 18 27 21 d0 b1 c6 10 98 c4 8c df 78 4c 49 02 cd | 7e b6 22 59 ad bd 92 f3 5a b5 c1 4f c6 97 e6 df | 77 0e e5 3c e9 56 3b 44 34 5b f8 a7 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 39 8e 7c f7 c4 ba 85 ba | responder cookie: | ca d8 bc 42 bd 8c 6a 15 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 2 (0x2) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request | State DB: found IKEv2 state #1 in PARENT_R2 (find_v2_ike_sa) | start processing: state #1 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #1 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2D (0x2a) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SK (len=44) | Message ID: start-responder #1 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1->2 | #1 in state PARENT_R2: received v2I2, PARENT SA established | hmac PRF sha init symkey-key@0x557c468cd410 (size 20) | hmac: symkey-key@0x557c468cd410 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x557c468cd410 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f58b68 | result: clone-key@0x557c468f0de0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x557c468d06c0 from symkey-key@0x557c468f0de0 | hmac prf: begin sha with context 0x557c468d06c0 from symkey-key@0x557c468f0de0 | hmac: release clone-key@0x557c468f0de0 | hmac PRF sha crypt-prf@0x557c468ec6e0 | hmac PRF sha update data-bytes@0x557c46868320 (length 64) | 39 8e 7c f7 c4 ba 85 ba ca d8 bc 42 bd 8c 6a 15 | 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | 18 27 21 d0 b1 c6 10 98 c4 8c df 78 4c 49 02 cd | 7e b6 22 59 ad bd 92 f3 5a b5 c1 4f c6 97 e6 df | hmac PRF sha final-bytes@0x7fff72f58d30 (length 20) | 77 0e e5 3c e9 56 3b 44 34 5b f8 a7 28 c9 d4 0a | 8b cb 4f 1e | data for hmac: 39 8e 7c f7 c4 ba 85 ba ca d8 bc 42 bd 8c 6a 15 | data for hmac: 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | data for hmac: 18 27 21 d0 b1 c6 10 98 c4 8c df 78 4c 49 02 cd | data for hmac: 7e b6 22 59 ad bd 92 f3 5a b5 c1 4f c6 97 e6 df | calculated auth: 77 0e e5 3c e9 56 3b 44 34 5b f8 a7 | provided auth: 77 0e e5 3c e9 56 3b 44 34 5b f8 a7 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 18 27 21 d0 b1 c6 10 98 c4 8c df 78 4c 49 02 cd | payload before decryption: | 7e b6 22 59 ad bd 92 f3 5a b5 c1 4f c6 97 e6 df | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 00 00 00 0c 03 04 00 01 3a be 55 45 00 01 02 03 | stripping 4 octets as pad | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2D) | **parse IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 12 (0xc) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | processing payload: ISAKMP_NEXT_v2D (len=4) | selected state microcode R2: process INFORMATIONAL Request | Now let's proceed with state specific processing | calling processor R2: process INFORMATIONAL Request | an informational request should send a response | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness | **emit ISAKMP Message: | initiator cookie: | 39 8e 7c f7 c4 ba 85 ba | responder cookie: | ca d8 bc 42 bd 8c 6a 15 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 2 (0x2) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | parsing 4 raw bytes of IKEv2 Delete Payload into SPI | SPI 3a be 55 45 | delete PROTO_v2_ESP SA(0x3abe5545) | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_R | State DB: found IKEv2 state #2 in V2_IPSEC_R (find_v2_child_sa_by_outbound_spi) | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0x3abe5545) "east" #1: received Delete SA payload: delete IPsec State #2 now | pstats #2 ikev2.child deleted completed | suspend processing: state #1 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) | start processing: state #2 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #2: deleting other state #2 (STATE_V2_IPSEC_R) aged 0.536s and NOT sending notification | child state #2: V2_IPSEC_R(established CHILD SA) => delete | get_sa_info esp.3abe5545@192.1.2.45 | get_sa_info esp.b11e20e2@192.1.2.23 "east" #2: ESP traffic information: in=84B out=84B | child state #2: V2_IPSEC_R(established CHILD SA) => CHILDSA_DEL(informational) | state #2 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x557c468f27a0 | free_event_entry: release EVENT_SA_REKEY-pe@0x7efeb4002b20 | running updown command "ipsec _updown" for verb down | command executing down-client | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050843' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x3abe5545 | popen cmd is 1031 chars long | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTER: | cmd( 80):FACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east: | cmd( 160):' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT: | cmd( 240):_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16: | cmd( 320):388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEE: | cmd( 400):R_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK: | cmd( 480):='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PL: | cmd( 560):UTO_STACK='netkey' PLUTO_ADDTIME='1569050843' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUN: | cmd( 640):NEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMA: | cmd( 720):NENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_: | cmd( 800):PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER: | cmd( 880):='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' : | cmd( 960):VTI_SHARED='no' SPI_IN=0x3abe5545 SPI_OUT=0xb11e20e2 ipsec _updown 2>&1: | shunt_eroute() called for connection 'east' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.2.0/24:0 --0->- 192.0.1.0/24:0 | netlink_shunt_eroute for proto 0, and source 192.0.2.0/24:0 dest 192.0.1.0/24:0 | priority calculation of connection "east" is 0xfe7e7 | IPsec Sa SPD priority set to 1042407 | delete esp.3abe5545@192.1.2.45 | netlink response for Del SA esp.3abe5545@192.1.2.45 included non-error error | priority calculation of connection "east" is 0xfe7e7 | delete inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) | raw_eroute result=success | delete esp.b11e20e2@192.1.2.23 | netlink response for Del SA esp.b11e20e2@192.1.2.23 included non-error error | in connection_discard for connection east | State DB: deleting IKEv2 state #2 in CHILDSA_DEL | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #2 from 192.1.2.45:500 (in delete_state() at state.c:1143) | resume processing: state #1 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x557c468d7990 | delete_state: release st->st_skey_ai_nss-key@0x557c468cd410 | delete_state: release st->st_skey_ar_nss-key@0x557c468d4560 | delete_state: release st->st_skey_ei_nss-key@0x557c468dafb0 | delete_state: release st->st_skey_er_nss-key@0x557c468cec90 | delete_state: release st->st_skey_pi_nss-key@0x7efeac00a510 | delete_state: release st->st_skey_pr_nss-key@0x7efeac00d640 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload | local SPIs b1 1e 20 e2 | emitting length of IKEv2 Delete Payload: 12 | adding 4 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 59 11 62 62 1e f2 2f be 96 a4 f7 b9 7d 14 93 97 | data before encryption: | 00 00 00 0c 03 04 00 01 b1 1e 20 e2 00 01 02 03 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 4f f8 89 18 6a 83 b7 f9 70 b3 7f e2 49 8e 77 4b | hmac PRF sha init symkey-key@0x557c468d4560 (size 20) | hmac: symkey-key@0x557c468d4560 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x557c468d4560 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f58728 | result: clone-key@0x557c468f0de0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x557c468d06c0 from symkey-key@0x557c468f0de0 | hmac prf: begin sha with context 0x557c468d06c0 from symkey-key@0x557c468f0de0 | hmac: release clone-key@0x557c468f0de0 | hmac PRF sha crypt-prf@0x557c468eabb0 | hmac PRF sha update data-bytes@0x557c448f3940 (length 64) | 39 8e 7c f7 c4 ba 85 ba ca d8 bc 42 bd 8c 6a 15 | 2e 20 25 20 00 00 00 02 00 00 00 4c 2a 00 00 30 | 59 11 62 62 1e f2 2f be 96 a4 f7 b9 7d 14 93 97 | 4f f8 89 18 6a 83 b7 f9 70 b3 7f e2 49 8e 77 4b | hmac PRF sha final-bytes@0x557c448f3980 (length 20) | d0 b8 25 06 b8 69 bf 19 10 c9 8b 42 2d 9f 3e 30 | 45 35 0e a8 | data being hmac: 39 8e 7c f7 c4 ba 85 ba ca d8 bc 42 bd 8c 6a 15 | data being hmac: 2e 20 25 20 00 00 00 02 00 00 00 4c 2a 00 00 30 | data being hmac: 59 11 62 62 1e f2 2f be 96 a4 f7 b9 7d 14 93 97 | data being hmac: 4f f8 89 18 6a 83 b7 f9 70 b3 7f e2 49 8e 77 4b | out calculated auth: | d0 b8 25 06 b8 69 bf 19 10 c9 8b 42 | sending 76 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) | 39 8e 7c f7 c4 ba 85 ba ca d8 bc 42 bd 8c 6a 15 | 2e 20 25 20 00 00 00 02 00 00 00 4c 2a 00 00 30 | 59 11 62 62 1e f2 2f be 96 a4 f7 b9 7d 14 93 97 | 4f f8 89 18 6a 83 b7 f9 70 b3 7f e2 49 8e 77 4b | d0 b8 25 06 b8 69 bf 19 10 c9 8b 42 | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=2 | Message ID: sent #1 response 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1->2 responder.recv=1 wip.initiator=-1 wip.responder=2 | #1 spent 0.798 milliseconds in processing: R2: process INFORMATIONAL Request in ikev2_process_state_packet() | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #1 complete_v2_state_transition() PARENT_R2->PARENT_R2 with status STF_OK | Message ID: updating counters for #1 to 2 after switching state | Message ID: recv #1 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=1->2 wip.initiator=-1 wip.responder=2->-1 | Message ID: #1 skipping update_send as nothing to send; initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=-1 "east" #1: STATE_PARENT_R2: received v2I2, PARENT SA established | stop processing: state #1 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #1 spent 1.06 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 1.07 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00157 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 39 8e 7c f7 c4 ba 85 ba ca d8 bc 42 bd 8c 6a 15 | 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | cb b8 16 f0 44 6b 20 f2 ab 57 79 70 5e 64 36 49 | 28 2f 8b 76 e7 80 e1 6e a1 74 ae c1 5d 86 70 03 | be 33 03 a9 e5 7c 83 1b 5e dc 2d 47 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 39 8e 7c f7 c4 ba 85 ba | responder cookie: | ca d8 bc 42 bd 8c 6a 15 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 3 (0x3) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request | State DB: found IKEv2 state #1 in PARENT_R2 (find_v2_ike_sa) | start processing: state #1 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #1 st.st_msgid_lastrecv 2 md.hdr.isa_msgid 00000003 | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2D (0x2a) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SK (len=44) | Message ID: start-responder #1 request 3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=-1->3 | #1 in state PARENT_R2: received v2I2, PARENT SA established | hmac PRF sha init symkey-key@0x557c468cd410 (size 20) | hmac: symkey-key@0x557c468cd410 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x557c468cd410 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f58b68 | result: clone-key@0x557c468f0de0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x557c468d06c0 from symkey-key@0x557c468f0de0 | hmac prf: begin sha with context 0x557c468d06c0 from symkey-key@0x557c468f0de0 | hmac: release clone-key@0x557c468f0de0 | hmac PRF sha crypt-prf@0x557c468ec6e0 | hmac PRF sha update data-bytes@0x557c46868320 (length 64) | 39 8e 7c f7 c4 ba 85 ba ca d8 bc 42 bd 8c 6a 15 | 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | cb b8 16 f0 44 6b 20 f2 ab 57 79 70 5e 64 36 49 | 28 2f 8b 76 e7 80 e1 6e a1 74 ae c1 5d 86 70 03 | hmac PRF sha final-bytes@0x7fff72f58d30 (length 20) | be 33 03 a9 e5 7c 83 1b 5e dc 2d 47 7c b2 c0 1a | 8d 4b 37 36 | data for hmac: 39 8e 7c f7 c4 ba 85 ba ca d8 bc 42 bd 8c 6a 15 | data for hmac: 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | data for hmac: cb b8 16 f0 44 6b 20 f2 ab 57 79 70 5e 64 36 49 | data for hmac: 28 2f 8b 76 e7 80 e1 6e a1 74 ae c1 5d 86 70 03 | calculated auth: be 33 03 a9 e5 7c 83 1b 5e dc 2d 47 | provided auth: be 33 03 a9 e5 7c 83 1b 5e dc 2d 47 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | cb b8 16 f0 44 6b 20 f2 ab 57 79 70 5e 64 36 49 | payload before decryption: | 28 2f 8b 76 e7 80 e1 6e a1 74 ae c1 5d 86 70 03 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 00 00 00 08 01 00 00 00 00 01 02 03 04 05 06 07 | stripping 8 octets as pad | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2D) | **parse IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | protocol ID: PROTO_v2_IKE (0x1) | SPI size: 0 (0x0) | number of SPIs: 0 (0x0) | processing payload: ISAKMP_NEXT_v2D (len=0) | selected state microcode R2: process INFORMATIONAL Request | Now let's proceed with state specific processing | calling processor R2: process INFORMATIONAL Request | an informational request should send a response | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness | **emit ISAKMP Message: | initiator cookie: | 39 8e 7c f7 c4 ba 85 ba | responder cookie: | ca d8 bc 42 bd 8c 6a 15 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 3 (0x3) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | adding 16 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0c repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0d repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0e repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0f repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 14 41 a1 40 66 17 01 e8 e5 09 dc 04 99 87 7f 81 | data before encryption: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 6d 1c be 93 fe c9 43 9b 9e 57 e5 ee a8 e8 9e a3 | hmac PRF sha init symkey-key@0x557c468d4560 (size 20) | hmac: symkey-key@0x557c468d4560 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x557c468d4560 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f58728 | result: clone-key@0x557c468f0de0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x557c468d06c0 from symkey-key@0x557c468f0de0 | hmac prf: begin sha with context 0x557c468d06c0 from symkey-key@0x557c468f0de0 | hmac: release clone-key@0x557c468f0de0 | hmac PRF sha crypt-prf@0x557c468ed9a0 | hmac PRF sha update data-bytes@0x557c448f3940 (length 64) | 39 8e 7c f7 c4 ba 85 ba ca d8 bc 42 bd 8c 6a 15 | 2e 20 25 20 00 00 00 03 00 00 00 4c 00 00 00 30 | 14 41 a1 40 66 17 01 e8 e5 09 dc 04 99 87 7f 81 | 6d 1c be 93 fe c9 43 9b 9e 57 e5 ee a8 e8 9e a3 | hmac PRF sha final-bytes@0x557c448f3980 (length 20) | a4 31 49 39 80 c1 39 3a e4 52 f7 6d 61 04 90 48 | 71 c7 b0 b8 | data being hmac: 39 8e 7c f7 c4 ba 85 ba ca d8 bc 42 bd 8c 6a 15 | data being hmac: 2e 20 25 20 00 00 00 03 00 00 00 4c 00 00 00 30 | data being hmac: 14 41 a1 40 66 17 01 e8 e5 09 dc 04 99 87 7f 81 | data being hmac: 6d 1c be 93 fe c9 43 9b 9e 57 e5 ee a8 e8 9e a3 | out calculated auth: | a4 31 49 39 80 c1 39 3a e4 52 f7 6d | sending 76 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) | 39 8e 7c f7 c4 ba 85 ba ca d8 bc 42 bd 8c 6a 15 | 2e 20 25 20 00 00 00 03 00 00 00 4c 00 00 00 30 | 14 41 a1 40 66 17 01 e8 e5 09 dc 04 99 87 7f 81 | 6d 1c be 93 fe c9 43 9b 9e 57 e5 ee a8 e8 9e a3 | a4 31 49 39 80 c1 39 3a e4 52 f7 6d | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=3 | Message ID: sent #1 response 3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2->3 responder.recv=2 wip.initiator=-1 wip.responder=3 | State DB: IKEv2 state not found (delete_my_family) | parent state #1: PARENT_R2(established IKE SA) => IKESA_DEL(established IKE SA) | pstats #1 ikev2.ike deleted completed | #1 spent 10.7 milliseconds in total | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #1: deleting state (STATE_IKESA_DEL) aged 0.612s and NOT sending notification | parent state #1: IKESA_DEL(established IKE SA) => delete | state #1 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x557c468ec630 | free_event_entry: release EVENT_SA_REKEY-pe@0x557c468eab40 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #1 in IKESA_DEL | parent state #1: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7efeb4000d60: destroyed | stop processing: state #1 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x557c468d9650 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x557c468d7990 | delete_state: release st->st_skey_ai_nss-key@0x557c468cd410 | delete_state: release st->st_skey_ar_nss-key@0x557c468d4560 | delete_state: release st->st_skey_ei_nss-key@0x557c468dafb0 | delete_state: release st->st_skey_er_nss-key@0x557c468cec90 | delete_state: release st->st_skey_pi_nss-key@0x7efeac00a510 | delete_state: release st->st_skey_pr_nss-key@0x7efeac00d640 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | in statetime_stop() and could not find #1 | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3376) | #0 complete_v2_state_transition() md.from_state=PARENT_R2 md.svm.state[from]=PARENT_R2 UNDEFINED->PARENT_R2 with status STF_OK | STF_OK but no state object remains | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #1 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.621 milliseconds in comm_handle_cb() reading and processing packet | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.0041 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00262 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 0e 53 4c 5a 08 50 2d f0 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 bc b4 55 a2 36 13 8d fc 3f a6 5b 02 | e6 83 84 e4 d8 33 0d 03 dd a8 a7 57 ad 1d 63 f4 | 80 a2 27 9a b2 61 ea f7 df 09 3f 89 c1 ed 99 3c | b0 9d dc 1d 0a 95 55 6d 13 6c 7e 4a 64 b9 f0 e4 | 20 02 f1 07 5a f3 3e 2f 85 5b a4 5c eb 7d e3 56 | a1 cc 4a 02 e1 19 5f be f2 aa 3f 8d 94 86 7d 94 | 08 6e 97 82 6d d6 75 90 83 75 ce f6 58 0e 36 23 | 3b 4d 7f 63 e8 45 0f e4 7f 38 85 e3 9b 88 89 f2 | e2 42 57 fa 7d 53 ee 70 3c 0d 21 ce ee ff b8 77 | f7 1c dc 46 46 19 42 08 2b ed 00 ae 60 64 76 9d | c9 bf 34 8c 2d d6 b1 b5 60 71 cf af fa b7 ca 0b | 4c 7d f2 49 c3 5b 53 63 24 24 cf ce 8e 5e 3b 1e | 3c 81 ba 84 60 28 79 ed b6 53 4c 9c 7d 1a 69 9c | fe 0f 2a e6 86 17 a3 8f 14 f0 79 74 70 37 29 29 | 53 71 b6 e6 a2 05 cc 6f 53 20 76 d3 89 42 4c b2 | 5a 24 b8 75 93 22 47 3d 4f 07 e5 46 df ca 72 da | 6d 39 47 4c 29 00 00 24 a2 f4 7d 57 ef 77 08 c0 | 6f 8d 24 dd 35 3e 8a 76 ed 9a 20 c3 4f 7e 73 1f | 79 86 22 cc a5 d4 23 2b 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 85 7b cc d8 ac 7f a1 da | 58 b0 66 b0 df fa a8 f1 22 88 9f 1d 00 00 00 1c | 00 00 40 05 ba e9 4c 3f 22 3e 21 2f 0b 9f 1a 7a | 3e dc 00 32 e5 9c b5 54 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 0e 53 4c 5a 08 50 2d f0 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | find_next_host_connection policy=PSK+IKEV2_ALLOW | find_next_host_connection returns empty | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x557c468e9610 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x557c448e7700 (length 32) | b3 4d 7f 00 5e 96 ec 2b 24 17 98 2c 30 c4 0b 6f | 32 2a a8 67 4e 25 c8 f6 c6 25 a4 e9 5e fb 8a 57 | IKE SPIr hash sha2_256 digest counter-bytes@0x557c448e76e0 (length 4) | 02 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7fff72f59390 (length 32) | 5f 9c f9 0b 93 9c 87 e3 67 41 e3 64 31 70 45 d4 | ef c6 3e b2 e7 bd a8 cf 56 05 4d f8 67 b3 d0 2e | creating state object #3 at 0x557c468eac10 | State DB: adding IKEv2 state #3 in UNDEFINED | pstats #3 ikev2.ike started | Message ID: init #3: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #3: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #3; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #3 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #3 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #3 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #3 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #3 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #3 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #3 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 0 (0x0) | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 2 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: PRF+INTEG+DH; unmatched: ENCR | remote proposal 1 does not match; unmatched remote transforms: ENCR "east" #3: no local proposal matches remote proposals 1:IKE:ENCR=AES_CBC;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "east" #3: responding to IKE_SA_INIT (34) message (Message ID 0) from 192.1.2.45:500 with unencrypted notification NO_PROPOSAL_CHOSEN | Opening output PBS unencrypted notification | **emit ISAKMP Message: | initiator cookie: | 0e 53 4c 5a 08 50 2d f0 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'unencrypted notification' | emitting length of IKEv2 Notify Payload: 8 | emitting length of ISAKMP Message: 36 | sending 36 bytes for v2 notify through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #0) | 0e 53 4c 5a 08 50 2d f0 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 0e | #3 spent 0.207 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #3 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #3 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_FATAL | release_pending_whacks: state #3 has no whack fd | pstats #3 ikev2.ike deleted other | [RE]START processing: state #3 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #3: deleting state (STATE_PARENT_R0) aged 0.000s and NOT sending notification | parent state #3: PARENT_R0(half-open IKE SA) => delete | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #3 in PARENT_R0 | parent state #3: PARENT_R0(half-open IKE SA) => UNDEFINED(ignore) | stop processing: state #3 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #3 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.707 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00315 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 1b f6 c4 67 0a cb ce fa 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 60 b9 5b 15 e1 7b 66 fd 1a d3 2c db | b2 a9 a0 b7 2d 25 27 5e 1e 42 82 ca cd 78 29 6e | ad c9 c1 f5 6e 91 65 68 88 c2 88 32 a0 24 e2 4e | 46 f7 38 e3 6c ca f6 c0 f7 a0 50 eb 3a f9 3c e4 | 92 c2 aa 64 6b 8a 94 cf fd 04 0a 09 d4 7a c5 25 | 09 22 36 c5 15 1a 36 42 5a e6 1d 56 c2 55 bc e8 | 20 1a d4 57 88 81 f1 d2 1d 38 d0 2e 77 bc 8a 6d | 60 8b e7 08 d4 7a 98 dc d5 ea 72 58 2f 54 1e fe | 70 83 0e cc 9c e3 9c 20 b0 95 5d 93 38 da f3 fc | da a5 a0 be 39 d1 3b cc af 9f f9 32 aa 42 f6 3d | 33 2a 3c 2b 07 44 2c 4f 3e eb 77 25 45 a1 8b 8f | 94 7f c1 38 e3 63 76 44 0c ee 6b 2e 44 49 1f 3e | 82 25 fb 60 e7 9d d3 a2 9d 70 b5 a9 fa 11 bf 3f | 4b 7a c8 d7 91 b9 e2 c7 5f 2d a1 c8 31 54 23 65 | a5 c1 2f 19 98 9f fc 03 bd 25 74 c3 a1 3a a7 87 | af 26 af 68 10 7b 36 12 e4 4a 1b 94 d1 43 da 69 | 84 c4 a6 87 29 00 00 24 fb 50 d3 24 a2 b4 c5 53 | 84 da 8b 3d e9 b5 43 60 ce a9 5b 30 8f 31 5f 18 | 1d b5 ab 14 90 23 ef 5e 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 7b ec 06 e1 6d 75 dc d7 | c8 f0 51 94 58 f6 59 9f 9e 6d 1c af 00 00 00 1c | 00 00 40 05 a8 ba be 54 b3 e8 68 99 4a bd 86 97 | 12 84 11 bc 63 c9 7f 04 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 1b f6 c4 67 0a cb ce fa | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | find_next_host_connection policy=PSK+IKEV2_ALLOW | find_next_host_connection returns empty | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x557c468e9610 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x557c448e7700 (length 32) | b3 4d 7f 00 5e 96 ec 2b 24 17 98 2c 30 c4 0b 6f | 32 2a a8 67 4e 25 c8 f6 c6 25 a4 e9 5e fb 8a 57 | IKE SPIr hash sha2_256 digest counter-bytes@0x557c448e76e0 (length 4) | 03 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7fff72f59390 (length 32) | 1c c6 f4 ba 2f 56 a7 89 ac 0d 75 56 2b 2a e3 e2 | 5f d2 58 ad ed 8f 15 88 a1 10 34 a1 2a 3d b1 58 | creating state object #4 at 0x557c468eac10 | State DB: adding IKEv2 state #4 in UNDEFINED | pstats #4 ikev2.ike started | Message ID: init #4: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #4: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #4; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #4 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #4 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #4 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #4 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #4 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #4 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #4 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 0 (0x0) | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 2 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: PRF+INTEG+DH; unmatched: ENCR | remote proposal 1 does not match; unmatched remote transforms: ENCR "east" #4: no local proposal matches remote proposals 1:IKE:ENCR=AES_CBC;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "east" #4: responding to IKE_SA_INIT (34) message (Message ID 0) from 192.1.2.45:500 with unencrypted notification NO_PROPOSAL_CHOSEN | Opening output PBS unencrypted notification | **emit ISAKMP Message: | initiator cookie: | 1b f6 c4 67 0a cb ce fa | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'unencrypted notification' | emitting length of IKEv2 Notify Payload: 8 | emitting length of ISAKMP Message: 36 | sending 36 bytes for v2 notify through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #0) | 1b f6 c4 67 0a cb ce fa 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 0e | #4 spent 0.197 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #4 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #4 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_FATAL | release_pending_whacks: state #4 has no whack fd | pstats #4 ikev2.ike deleted other | [RE]START processing: state #4 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #4: deleting state (STATE_PARENT_R0) aged 0.000s and NOT sending notification | parent state #4: PARENT_R0(half-open IKE SA) => delete | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #4 in PARENT_R0 | parent state #4: PARENT_R0(half-open IKE SA) => UNDEFINED(ignore) | stop processing: state #4 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #4 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.689 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00378 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 6d 52 27 e4 2d 1d 3b 0e 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 a7 21 c3 b3 99 7e 93 8d ce 6f d9 a9 | ea af 33 d5 16 35 97 d2 60 d6 fa 7d 52 cf b9 df | 6f 9b 84 e3 02 14 79 53 9d d6 45 67 1e 78 25 af | fb 9e c5 2e 55 75 02 67 5c bd d8 1d f4 58 9a 11 | b2 22 9f 66 86 ea c4 ed c9 19 32 b1 c5 b8 02 89 | 79 1a b5 07 db 37 d2 e5 72 b4 24 9d f0 26 2b 6b | 65 63 ca 4b de 92 e0 89 3a 61 61 04 6d 31 c5 66 | 5a c8 17 a6 ea 7f bc 2e cf 4b 47 0b bb 18 5f 4e | 5a 48 5e bf c0 77 d8 3c 41 94 57 31 63 76 de 20 | 06 6f 09 d0 62 10 a3 a2 60 c9 7d da b2 e9 d5 d3 | d8 2b c7 03 cd 8a 6d ac 3b 12 d1 7c 5e d1 00 13 | 38 ae 86 7b e4 0d 3d b1 1d cb e0 b0 15 51 4a 62 | 65 b5 90 e7 99 7e ab 58 4c d3 63 4c 5c 41 39 37 | 1b d9 54 2a 52 2c 7a b3 45 aa 6b 82 55 7b ae 44 | ef 9b 9f 7d 22 d9 dc a6 85 65 63 b2 52 11 e7 d9 | 32 94 b8 86 a0 e7 02 e9 f9 00 25 d8 5a c5 b9 a9 | 9d 20 07 38 29 00 00 24 0b c6 33 0a 67 ff b3 97 | 33 e1 32 d0 51 5b 91 7c 57 e3 82 54 5c 1d eb fd | 81 54 66 53 d3 24 6e 90 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 77 27 1a 46 f7 9f e8 82 | 72 8b 8a 4e 6c c1 bf c1 a5 08 de 68 00 00 00 1c | 00 00 40 05 d7 f1 b2 2c cf 66 77 b7 51 d2 70 ad | e6 1f ed 4c e7 fc c1 e7 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 6d 52 27 e4 2d 1d 3b 0e | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | find_next_host_connection policy=PSK+IKEV2_ALLOW | find_next_host_connection returns empty | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x557c468e9610 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x557c448e7700 (length 32) | b3 4d 7f 00 5e 96 ec 2b 24 17 98 2c 30 c4 0b 6f | 32 2a a8 67 4e 25 c8 f6 c6 25 a4 e9 5e fb 8a 57 | IKE SPIr hash sha2_256 digest counter-bytes@0x557c448e76e0 (length 4) | 04 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7fff72f59390 (length 32) | 61 91 89 8f 29 8a 8c 00 b2 a6 56 53 b8 73 ca fe | b4 d7 43 d0 db 9a 3a 18 17 c8 13 3f 43 7a 6a a8 | creating state object #5 at 0x557c468eac10 | State DB: adding IKEv2 state #5 in UNDEFINED | pstats #5 ikev2.ike started | Message ID: init #5: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #5: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #5; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #5 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #5 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #5 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #5 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #5 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #5 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #5 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 2 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH | remote proposal 1 matches local proposal 1 "east" #5: proposal 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048[first-match] | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | PRF ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1 | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | DH public value received: | a7 21 c3 b3 99 7e 93 8d ce 6f d9 a9 ea af 33 d5 | 16 35 97 d2 60 d6 fa 7d 52 cf b9 df 6f 9b 84 e3 | 02 14 79 53 9d d6 45 67 1e 78 25 af fb 9e c5 2e | 55 75 02 67 5c bd d8 1d f4 58 9a 11 b2 22 9f 66 | 86 ea c4 ed c9 19 32 b1 c5 b8 02 89 79 1a b5 07 | db 37 d2 e5 72 b4 24 9d f0 26 2b 6b 65 63 ca 4b | de 92 e0 89 3a 61 61 04 6d 31 c5 66 5a c8 17 a6 | ea 7f bc 2e cf 4b 47 0b bb 18 5f 4e 5a 48 5e bf | c0 77 d8 3c 41 94 57 31 63 76 de 20 06 6f 09 d0 | 62 10 a3 a2 60 c9 7d da b2 e9 d5 d3 d8 2b c7 03 | cd 8a 6d ac 3b 12 d1 7c 5e d1 00 13 38 ae 86 7b | e4 0d 3d b1 1d cb e0 b0 15 51 4a 62 65 b5 90 e7 | 99 7e ab 58 4c d3 63 4c 5c 41 39 37 1b d9 54 2a | 52 2c 7a b3 45 aa 6b 82 55 7b ae 44 ef 9b 9f 7d | 22 d9 dc a6 85 65 63 b2 52 11 e7 d9 32 94 b8 86 | a0 e7 02 e9 f9 00 25 d8 5a c5 b9 a9 9d 20 07 38 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff72f58d90 (length 8) | 6d 52 27 e4 2d 1d 3b 0e | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff72f58d98 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff72f58d24 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff72f58d16 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff72f58da0 (length 20) | d7 f1 b2 2c cf 66 77 b7 51 d2 70 ad e6 1f ed 4c | e7 fc c1 e7 | natd_hash: hasher=0x557c448ca7a0(20) | natd_hash: icookie= 6d 52 27 e4 2d 1d 3b 0e | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= d7 f1 b2 2c cf 66 77 b7 51 d2 70 ad e6 1f ed 4c | natd_hash: hash= e7 fc c1 e7 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff72f58d90 (length 8) | 6d 52 27 e4 2d 1d 3b 0e | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff72f58d98 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff72f58d24 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff72f58d16 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff72f58dc0 (length 20) | 77 27 1a 46 f7 9f e8 82 72 8b 8a 4e 6c c1 bf c1 | a5 08 de 68 | natd_hash: hasher=0x557c448ca7a0(20) | natd_hash: icookie= 6d 52 27 e4 2d 1d 3b 0e | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 77 27 1a 46 f7 9f e8 82 72 8b 8a 4e 6c c1 bf c1 | natd_hash: hash= a5 08 de 68 | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.45 | adding ikev2_inI1outR1 KE work-order 3 for state #5 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x557c468eab40 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 | libevent_malloc: new ptr-libevent@0x557c468ec630 size 128 | #5 spent 0.399 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #5 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #5 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND | suspending state #5 and saving MD | #5 is busy; has a suspended MD | [RE]START processing: state #5 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3266) | "east" #5 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | stop processing: state #5 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #5 spent 0.94 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.955 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 0 resuming | crypto helper 0 starting work-order 3 for state #5 | crypto helper 0 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 3 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7efeb0000d60: created | NSS: Local DH MODP2048 secret (pointer): 0x7efeb0000d60 | NSS: Public DH wire value: | 78 9a 89 f6 1c 11 1c 2a 18 15 5f f0 be a1 9a 53 | 47 a4 12 ef 4e 75 00 e8 b2 0b 7b 38 f8 04 ab 5f | 98 d0 59 3d 8b 88 e0 f4 e1 a5 4c 18 fa 18 c8 c7 | 29 3d c2 de 28 b2 d7 d2 e7 46 72 08 0f 39 d5 ed | af 88 6b 39 fd fc 83 69 fe e9 c3 ad 9e 1e b2 ff | 14 42 18 e6 57 a1 31 4a 6f a3 b7 4e 3a 5b ab 9e | f2 7f ad 36 33 b0 db 01 69 66 12 07 ba 36 06 a1 | 90 44 48 91 72 a9 9d 0d 2e 8f 3e fa 27 f0 1c 21 | 83 8d c9 e6 fd 8f 44 b2 fc 35 0e c2 9a c9 bc c5 | a8 0f 1a 62 65 e9 7a d0 02 11 4f a9 2a bd 6f 93 | 99 7b bf 50 7c e6 42 e1 14 e4 d5 c2 a0 f5 3a 75 | d4 bd 41 30 22 b8 be ea ca c1 5e 6d 4f 5a 19 47 | 39 bf 00 37 d5 52 f2 9f 42 f9 3b e7 e7 bc b3 86 | 89 ec be 9c 4e e8 f7 8b 71 a1 77 ea 4c db 53 72 | e0 6e 08 0b 55 f8 1d d8 7f 89 34 08 7c c7 36 32 | c9 97 4c 66 ec b9 29 69 fc 6b 01 e2 b2 56 10 c0 | Generated nonce: 0c 24 3f 43 95 79 67 e6 fa 6c f3 35 b2 66 bf 6e | Generated nonce: b0 09 e6 75 e4 c1 1c 0c cb c7 d5 27 b5 6a 1b 00 | crypto helper 0 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 3 time elapsed 0.001352 seconds | (#5) spent 1.35 milliseconds in crypto helper computing work-order 3: ikev2_inI1outR1 KE (pcr) | crypto helper 0 sending results from work-order 3 for state #5 to event queue | scheduling resume sending helper answer for #5 | libevent_malloc: new ptr-libevent@0x7efeb0006900 size 128 | crypto helper 0 waiting (nothing to do) | processing resume sending helper answer for #5 | start processing: state #5 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 0 replies to request ID 3 | calling continuation function 0x557c447f4630 | ikev2_parent_inI1outR1_continue for #5: calculated ke+nonce, sending R1 | **emit ISAKMP Message: | initiator cookie: | 6d 52 27 e4 2d 1d 3b 0e | responder cookie: | 61 91 89 8f 29 8a 8c 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Emitting ikev2_proposal ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7efeb0000d60: transferring ownership from helper KE to state #5 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 78 9a 89 f6 1c 11 1c 2a 18 15 5f f0 be a1 9a 53 | ikev2 g^x 47 a4 12 ef 4e 75 00 e8 b2 0b 7b 38 f8 04 ab 5f | ikev2 g^x 98 d0 59 3d 8b 88 e0 f4 e1 a5 4c 18 fa 18 c8 c7 | ikev2 g^x 29 3d c2 de 28 b2 d7 d2 e7 46 72 08 0f 39 d5 ed | ikev2 g^x af 88 6b 39 fd fc 83 69 fe e9 c3 ad 9e 1e b2 ff | ikev2 g^x 14 42 18 e6 57 a1 31 4a 6f a3 b7 4e 3a 5b ab 9e | ikev2 g^x f2 7f ad 36 33 b0 db 01 69 66 12 07 ba 36 06 a1 | ikev2 g^x 90 44 48 91 72 a9 9d 0d 2e 8f 3e fa 27 f0 1c 21 | ikev2 g^x 83 8d c9 e6 fd 8f 44 b2 fc 35 0e c2 9a c9 bc c5 | ikev2 g^x a8 0f 1a 62 65 e9 7a d0 02 11 4f a9 2a bd 6f 93 | ikev2 g^x 99 7b bf 50 7c e6 42 e1 14 e4 d5 c2 a0 f5 3a 75 | ikev2 g^x d4 bd 41 30 22 b8 be ea ca c1 5e 6d 4f 5a 19 47 | ikev2 g^x 39 bf 00 37 d5 52 f2 9f 42 f9 3b e7 e7 bc b3 86 | ikev2 g^x 89 ec be 9c 4e e8 f7 8b 71 a1 77 ea 4c db 53 72 | ikev2 g^x e0 6e 08 0b 55 f8 1d d8 7f 89 34 08 7c c7 36 32 | ikev2 g^x c9 97 4c 66 ec b9 29 69 fc 6b 01 e2 b2 56 10 c0 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 0c 24 3f 43 95 79 67 e6 fa 6c f3 35 b2 66 bf 6e | IKEv2 nonce b0 09 e6 75 e4 c1 1c 0c cb c7 d5 27 b5 6a 1b 00 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff72f592e0 (length 8) | 6d 52 27 e4 2d 1d 3b 0e | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff72f592e8 (length 8) | 61 91 89 8f 29 8a 8c 00 | NATD hash sha digest IP addr-bytes@0x7fff72f59214 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff72f59206 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff72f59290 (length 20) | 76 44 35 2b 7d 76 7a 21 43 e3 e3 2b e0 97 d5 6c | 4b 0a 62 9e | natd_hash: hasher=0x557c448ca7a0(20) | natd_hash: icookie= 6d 52 27 e4 2d 1d 3b 0e | natd_hash: rcookie= 61 91 89 8f 29 8a 8c 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 76 44 35 2b 7d 76 7a 21 43 e3 e3 2b e0 97 d5 6c | natd_hash: hash= 4b 0a 62 9e | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 76 44 35 2b 7d 76 7a 21 43 e3 e3 2b e0 97 d5 6c | Notify data 4b 0a 62 9e | emitting length of IKEv2 Notify Payload: 28 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff72f592e0 (length 8) | 6d 52 27 e4 2d 1d 3b 0e | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff72f592e8 (length 8) | 61 91 89 8f 29 8a 8c 00 | NATD hash sha digest IP addr-bytes@0x7fff72f59214 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff72f59206 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff72f59290 (length 20) | 46 b5 af 11 56 78 c0 16 85 91 65 72 f0 39 79 0f | 9d 60 17 85 | natd_hash: hasher=0x557c448ca7a0(20) | natd_hash: icookie= 6d 52 27 e4 2d 1d 3b 0e | natd_hash: rcookie= 61 91 89 8f 29 8a 8c 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 46 b5 af 11 56 78 c0 16 85 91 65 72 f0 39 79 0f | natd_hash: hash= 9d 60 17 85 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 46 b5 af 11 56 78 c0 16 85 91 65 72 f0 39 79 0f | Notify data 9d 60 17 85 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | [RE]START processing: state #5 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #5 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 | parent state #5: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) | Message ID: updating counters for #5 to 0 after switching state | Message ID: recv #5 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 | Message ID: sent #5 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 "east" #5: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_CBC_128 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP2048} | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) | sending 440 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #5) | 6d 52 27 e4 2d 1d 3b 0e 61 91 89 8f 29 8a 8c 00 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 78 9a 89 f6 1c 11 1c 2a 18 15 5f f0 | be a1 9a 53 47 a4 12 ef 4e 75 00 e8 b2 0b 7b 38 | f8 04 ab 5f 98 d0 59 3d 8b 88 e0 f4 e1 a5 4c 18 | fa 18 c8 c7 29 3d c2 de 28 b2 d7 d2 e7 46 72 08 | 0f 39 d5 ed af 88 6b 39 fd fc 83 69 fe e9 c3 ad | 9e 1e b2 ff 14 42 18 e6 57 a1 31 4a 6f a3 b7 4e | 3a 5b ab 9e f2 7f ad 36 33 b0 db 01 69 66 12 07 | ba 36 06 a1 90 44 48 91 72 a9 9d 0d 2e 8f 3e fa | 27 f0 1c 21 83 8d c9 e6 fd 8f 44 b2 fc 35 0e c2 | 9a c9 bc c5 a8 0f 1a 62 65 e9 7a d0 02 11 4f a9 | 2a bd 6f 93 99 7b bf 50 7c e6 42 e1 14 e4 d5 c2 | a0 f5 3a 75 d4 bd 41 30 22 b8 be ea ca c1 5e 6d | 4f 5a 19 47 39 bf 00 37 d5 52 f2 9f 42 f9 3b e7 | e7 bc b3 86 89 ec be 9c 4e e8 f7 8b 71 a1 77 ea | 4c db 53 72 e0 6e 08 0b 55 f8 1d d8 7f 89 34 08 | 7c c7 36 32 c9 97 4c 66 ec b9 29 69 fc 6b 01 e2 | b2 56 10 c0 29 00 00 24 0c 24 3f 43 95 79 67 e6 | fa 6c f3 35 b2 66 bf 6e b0 09 e6 75 e4 c1 1c 0c | cb c7 d5 27 b5 6a 1b 00 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 76 44 35 2b 7d 76 7a 21 | 43 e3 e3 2b e0 97 d5 6c 4b 0a 62 9e 00 00 00 1c | 00 00 40 05 46 b5 af 11 56 78 c0 16 85 91 65 72 | f0 39 79 0f 9d 60 17 85 | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x557c468ec630 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x557c468eab40 | event_schedule: new EVENT_SO_DISCARD-pe@0x557c468eab40 | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #5 | libevent_malloc: new ptr-libevent@0x557c468ec630 size 128 | resume sending helper answer for #5 suppresed complete_v2_state_transition() | #5 spent 0.646 milliseconds in resume sending helper answer | stop processing: state #5 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7efeb0006900 | spent 0.00348 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 220 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 6d 52 27 e4 2d 1d 3b 0e 61 91 89 8f 29 8a 8c 00 | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | 33 6e 4c 50 63 bf 0a ec 52 07 af 78 37 0d 1b 67 | 7a b5 42 43 39 cd d6 cc ae 82 4e b5 64 83 72 9a | ba a3 c9 21 29 ba 36 69 85 86 c6 73 1b 59 3b f0 | 1a 5c fa 1b 7b e2 05 ea 54 5e dc 3f 9f 48 25 3e | 1f 9f 7d 5c bc f2 a1 b1 d2 ee 59 cf fe f8 61 4a | 0e 8c c3 68 80 ff 82 e4 a0 be 89 4f df 2c e1 47 | 45 1f bc 73 bd 7f 10 9b 43 41 46 5b 84 f1 7f 41 | 99 c2 ea 8e 46 dc 7c ea be 35 5a 6a 1d cd f7 56 | fb f5 d1 e4 8f 7f 70 7b a2 5f c9 06 a2 6f 65 25 | b4 fa a3 cb 88 d8 9e 05 f3 87 88 25 d4 84 04 4d | db 85 e1 bf 94 6c d2 90 cd 6c 1f a3 29 c8 56 a9 | 79 9e 98 05 88 b5 e5 28 c4 90 4b 1b | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 6d 52 27 e4 2d 1d 3b 0e | responder cookie: | 61 91 89 8f 29 8a 8c 00 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | length: 220 (0xdc) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request | State DB: found IKEv2 state #5 in PARENT_R1 (find_v2_ike_sa) | start processing: state #5 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #5 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #5 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 | Message ID: #5 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | length: 192 (0xc0) | processing payload: ISAKMP_NEXT_v2SK (len=188) | Message ID: start-responder #5 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 | #5 in state PARENT_R1: received v2I1, sent v2R1 | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) | Now let's proceed with state specific processing | calling processor Responder: process IKE_AUTH request (no SKEYSEED) | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA1 integ=HMAC_SHA1_96 cipherkey=AES_CBC | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7efeb0000d60: transferring ownership from state #5 to helper IKEv2 DH | adding ikev2_inI2outR2 KE work-order 4 for state #5 | state #5 requesting EVENT_SO_DISCARD to be deleted | libevent_free: release ptr-libevent@0x557c468ec630 | free_event_entry: release EVENT_SO_DISCARD-pe@0x557c468eab40 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x557c468eab40 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 | libevent_malloc: new ptr-libevent@0x557c468ec630 size 128 | #5 spent 0.0523 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet() | [RE]START processing: state #5 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #5 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND | suspending state #5 and saving MD | #5 is busy; has a suspended MD | [RE]START processing: state #5 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3266) | "east" #5 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | stop processing: state #5 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #5 spent 0.24 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.256 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 3 resuming | crypto helper 3 starting work-order 4 for state #5 | crypto helper 3 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 4 | peer's g: a7 21 c3 b3 99 7e 93 8d ce 6f d9 a9 ea af 33 d5 | peer's g: 16 35 97 d2 60 d6 fa 7d 52 cf b9 df 6f 9b 84 e3 | peer's g: 02 14 79 53 9d d6 45 67 1e 78 25 af fb 9e c5 2e | peer's g: 55 75 02 67 5c bd d8 1d f4 58 9a 11 b2 22 9f 66 | peer's g: 86 ea c4 ed c9 19 32 b1 c5 b8 02 89 79 1a b5 07 | peer's g: db 37 d2 e5 72 b4 24 9d f0 26 2b 6b 65 63 ca 4b | peer's g: de 92 e0 89 3a 61 61 04 6d 31 c5 66 5a c8 17 a6 | peer's g: ea 7f bc 2e cf 4b 47 0b bb 18 5f 4e 5a 48 5e bf | peer's g: c0 77 d8 3c 41 94 57 31 63 76 de 20 06 6f 09 d0 | peer's g: 62 10 a3 a2 60 c9 7d da b2 e9 d5 d3 d8 2b c7 03 | peer's g: cd 8a 6d ac 3b 12 d1 7c 5e d1 00 13 38 ae 86 7b | peer's g: e4 0d 3d b1 1d cb e0 b0 15 51 4a 62 65 b5 90 e7 | peer's g: 99 7e ab 58 4c d3 63 4c 5c 41 39 37 1b d9 54 2a | peer's g: 52 2c 7a b3 45 aa 6b 82 55 7b ae 44 ef 9b 9f 7d | peer's g: 22 d9 dc a6 85 65 63 b2 52 11 e7 d9 32 94 b8 86 | peer's g: a0 e7 02 e9 f9 00 25 d8 5a c5 b9 a9 9d 20 07 38 | Started DH shared-secret computation in NSS: | new : g_ir-key@0x7efeac00d640 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7efeb0000d60: computed shared DH secret key@0x7efeac00d640 | dh-shared : g^ir-key@0x7efeac00d640 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha integ=sha cipherkey-size=16 salt-size=0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha init Ni | Nr-chunk@0x7efea4001ef0 (length 64) | 0b c6 33 0a 67 ff b3 97 33 e1 32 d0 51 5b 91 7c | 57 e3 82 54 5c 1d eb fd 81 54 66 53 d3 24 6e 90 | 0c 24 3f 43 95 79 67 e6 fa 6c f3 35 b2 66 bf 6e | b0 09 e6 75 e4 c1 1c 0c cb c7 d5 27 b5 6a 1b 00 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efebb0a6670 | result: Ni | Nr-key@0x557c468cec90 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x557c468cec90 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebb0a6658 | result: Ni | Nr-key@0x7efeac00a510 (64-bytes, SHA_1_HMAC) | Ni | Nr: release tmp-key@0x557c468cec90 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha context 0x7efea4002e80 from Ni | Nr-key@0x7efeac00a510 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha with context 0x7efea4002e80 from Ni | Nr-key@0x7efeac00a510 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x7efeac00a510 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha crypt-prf@0x7efea40016b0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha update g^ir-key@0x7efeac00d640 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x7efeac00d640 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x7efeac00d640 | nss hmac digest hack: symkey-key@0x7efeac00d640 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)-1156947248: 1b ffffffc6 ffffffcc 3a ffffffbb ffffffb3 1d ffffff90 0c fffffff3 28 61 fffffff6 16 ffffffae 04 0e ffffffb5 7c 42 ffffffa0 7f ffffffa6 ffffffa3 ffffffd3 ffffff94 29 ffffffbd ffffff8c ffffffe3 ffffffa5 5d ffffff91 08 ffffff97 ffffffb0 ffffffe3 25 ffffffd7 75 fffffff6 45 ffffffb8 6b fffffff5 13 ffffff8b 40 ffffffa0 6f ffffffe6 ffffffd6 ffffff98 ffffffe9 79 3d ffffffb6 ffffff86 62 ffffffdb ffffffff 74 0f fffffff5 54 38 ffffff83 ffffffb8 60 ffffffee fffffff5 ffffffbc ffffffa7 ffffffa0 79 ffffffb0 23 ffffffb2 ffffffb8 75 00 fffffff2 53 02 3b ffffffae ffffffc0 36 51 ffffffb9 00 64 1a ffffffbd 3d ffffffaa 25 5f 3a ffffffa9 5c 45 ffffffdb ffffffbd ffffffb4 70 43 52 6e 06 75 02 02 7f ffffffba 0b ffffff9f 04 ffffff93 3d ffffffb8 5e 3a ffffff97 4b ffffffc9 ffffffc2 ffffffc2 36 fffffffb 06 ffffffb9 53 55 ffffffc8 5c 3d 05 fffffff7 ffffffc9 4d 55 7c 27 24 22 ffffffcb ffffffaf 09 ffffffbc ffffffc7 ffffff97 ffffff9c fffffffb fffffff0 5f fffffff | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 256 bytes at 0x7efea4003dd0 | unwrapped: 77 2d 6c 28 4c 5d 4a 36 0d 48 fc e4 6e 0a df 3a | unwrapped: b9 57 d3 38 0f 52 ad 25 f8 8c e6 4a bc 16 51 4c | unwrapped: bb 91 fd d0 a4 cd cd 73 9b 0a dc 39 13 98 13 2a | unwrapped: 7f ee f0 3f 14 6f 3e b5 b0 27 0f 73 80 ee f0 3b | unwrapped: 24 52 b7 c0 a7 a8 39 a9 21 83 dc 9f 60 2a 90 d1 | unwrapped: a5 7a 92 cc a6 f7 d2 f6 81 e0 c6 e9 bc 4e 81 b0 | unwrapped: 1c 0a dc 24 09 28 cc 8d 1c d5 b2 d6 3a ab 86 e3 | unwrapped: 83 5a f4 7b d0 c8 df 0f 54 c3 08 b5 4d 3d 52 0a | unwrapped: 3f be a5 2f a2 01 2e eb 2b 9e 8b 99 c5 09 c7 23 | unwrapped: e3 8e e2 4c 91 68 1e b1 64 fa f6 04 f8 e0 03 9a | unwrapped: aa 8f 79 6a 71 d4 e1 6b ea 01 12 67 a3 f6 92 08 | unwrapped: 6b 9b 3f 37 bb b8 a1 20 cf 21 9b 86 01 37 de 58 | unwrapped: 06 96 5a 00 70 d4 48 cb 1f 2c dc fc 1a 85 2f 84 | unwrapped: 65 f8 6f f1 71 27 e8 92 9e b0 b8 f3 af 50 4f 48 | unwrapped: 40 b0 8a 5e 31 0a f5 8c d0 3d b9 ed b1 79 ac 00 | unwrapped: f4 95 b4 58 c9 c9 70 e4 c4 66 e1 be c5 ce 4d 27 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efebb0a6690 | result: final-key@0x557c468cec90 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x557c468cec90 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebb0a6678 | result: final-key@0x7efeac00a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x557c468cec90 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha final-key@0x7efeac00a510 (size 20) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x7efeac00a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efebb0a6600 | result: data=Ni-key@0x557c468dafb0 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x557c468dafb0 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebb0a65e8 | result: data=Ni-key@0x557c468cec90 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x557c468dafb0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c468cec90 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7efebb0a65f0 | result: data+=Nr-key@0x557c468dafb0 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x557c468cec90 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c468dafb0 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7efebb0a65f0 | result: data+=SPIi-key@0x557c468cec90 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x557c468dafb0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c468cec90 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7efebb0a65f0 | result: data+=SPIr-key@0x557c468dafb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x557c468cec90 | prf+0 PRF sha init key-key@0x7efeac00a510 (size 20) | prf+0: key-key@0x7efeac00a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efeac00a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebb0a6518 | result: clone-key@0x557c468cec90 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7efea4002e80 from key-key@0x557c468cec90 | prf+0 prf: begin sha with context 0x7efea4002e80 from key-key@0x557c468cec90 | prf+0: release clone-key@0x557c468cec90 | prf+0 PRF sha crypt-prf@0x7efea40018a0 | prf+0 PRF sha update seed-key@0x557c468dafb0 (size 80) | prf+0: seed-key@0x557c468dafb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x557c468dafb0 | nss hmac digest hack: symkey-key@0x557c468dafb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1156947616: 56 40 3c ffffffa0 ffffffa6 09 ffffffac 0b 7f ffffffa9 ffffffb7 6f 7e 7b ffffffd4 ffffffb4 1b ffffffaa ffffffac 56 ffffffb7 fffffff7 65 42 48 3a ffffffd3 15 24 ffffffa6 ffffffc5 fffffff5 50 7b 7e 1a 40 ffffffdb ffffff82 62 0b ffffff95 ffffffdb 00 36 33 ffffffb6 ffffffe2 ffffffca 5b 19 27 ffffff97 ffffff8f 08 26 62 25 00 ffffffe6 ffffffda 35 ffffff85 ffffffc1 73 ffffffb5 0f 3e 54 ffffffd3 ffffffce 1b ffffff8b 70 ffffffb6 4c 31 0a ffffffe8 3e | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 80 bytes at 0x7efea4005150 | unwrapped: 0b c6 33 0a 67 ff b3 97 33 e1 32 d0 51 5b 91 7c | unwrapped: 57 e3 82 54 5c 1d eb fd 81 54 66 53 d3 24 6e 90 | unwrapped: 0c 24 3f 43 95 79 67 e6 fa 6c f3 35 b2 66 bf 6e | unwrapped: b0 09 e6 75 e4 c1 1c 0c cb c7 d5 27 b5 6a 1b 00 | unwrapped: 6d 52 27 e4 2d 1d 3b 0e 61 91 89 8f 29 8a 8c 00 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efebb0a6520 | result: final-key@0x557c468d4560 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x557c468d4560 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebb0a6508 | result: final-key@0x557c468cec90 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x557c468d4560 | prf+0 PRF sha final-key@0x557c468cec90 (size 20) | prf+0: key-key@0x557c468cec90 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x557c468cec90 | prf+N PRF sha init key-key@0x7efeac00a510 (size 20) | prf+N: key-key@0x7efeac00a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efeac00a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebb0a6518 | result: clone-key@0x557c468d4560 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7efea4002e80 from key-key@0x557c468d4560 | prf+N prf: begin sha with context 0x7efea4002e80 from key-key@0x557c468d4560 | prf+N: release clone-key@0x557c468d4560 | prf+N PRF sha crypt-prf@0x7efea4001f40 | prf+N PRF sha update old_t-key@0x557c468cec90 (size 20) | prf+N: old_t-key@0x557c468cec90 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x557c468cec90 | nss hmac digest hack: symkey-key@0x557c468cec90 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1156947616: 3f 2e 1b fffffff6 ffffffd5 43 15 6d 54 ffffffb5 ffffff80 7f ffffffcd ffffffd1 ffffffe9 51 ffffffd3 ffffffac ffffffaa 1e 66 20 6b ffffffb8 0c 36 ffffffc6 09 11 18 59 fffffffc | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x7efea40051b0 | unwrapped: 34 1c fb 10 66 72 c7 aa 43 d7 bd e2 92 45 49 47 | unwrapped: 54 00 f0 b6 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x557c468dafb0 (size 80) | prf+N: seed-key@0x557c468dafb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x557c468dafb0 | nss hmac digest hack: symkey-key@0x557c468dafb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1156947616: 56 40 3c ffffffa0 ffffffa6 09 ffffffac 0b 7f ffffffa9 ffffffb7 6f 7e 7b ffffffd4 ffffffb4 1b ffffffaa ffffffac 56 ffffffb7 fffffff7 65 42 48 3a ffffffd3 15 24 ffffffa6 ffffffc5 fffffff5 50 7b 7e 1a 40 ffffffdb ffffff82 62 0b ffffff95 ffffffdb 00 36 33 ffffffb6 ffffffe2 ffffffca 5b 19 27 ffffff97 ffffff8f 08 26 62 25 00 ffffffe6 ffffffda 35 ffffff85 ffffffc1 73 ffffffb5 0f 3e 54 ffffffd3 ffffffce 1b ffffff8b 70 ffffffb6 4c 31 0a ffffffe8 3e | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 80 bytes at 0x7efea40050f0 | unwrapped: 0b c6 33 0a 67 ff b3 97 33 e1 32 d0 51 5b 91 7c | unwrapped: 57 e3 82 54 5c 1d eb fd 81 54 66 53 d3 24 6e 90 | unwrapped: 0c 24 3f 43 95 79 67 e6 fa 6c f3 35 b2 66 bf 6e | unwrapped: b0 09 e6 75 e4 c1 1c 0c cb c7 d5 27 b5 6a 1b 00 | unwrapped: 6d 52 27 e4 2d 1d 3b 0e 61 91 89 8f 29 8a 8c 00 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efebb0a6520 | result: final-key@0x557c468cd410 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x557c468cd410 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebb0a6508 | result: final-key@0x557c468d4560 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x557c468cd410 | prf+N PRF sha final-key@0x557c468d4560 (size 20) | prf+N: key-key@0x557c468d4560 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c468cec90 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7efebb0a6598 | result: result-key@0x557c468cd410 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x557c468cec90 | prfplus: release old_t[N]-key@0x557c468cec90 | prf+N PRF sha init key-key@0x7efeac00a510 (size 20) | prf+N: key-key@0x7efeac00a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efeac00a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebb0a6518 | result: clone-key@0x557c468cec90 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7efea4002e80 from key-key@0x557c468cec90 | prf+N prf: begin sha with context 0x7efea4002e80 from key-key@0x557c468cec90 | prf+N: release clone-key@0x557c468cec90 | prf+N PRF sha crypt-prf@0x7efea4001270 | prf+N PRF sha update old_t-key@0x557c468d4560 (size 20) | prf+N: old_t-key@0x557c468d4560 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x557c468d4560 | nss hmac digest hack: symkey-key@0x557c468d4560 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1156947616: ffffff82 ffffffc3 ffffffcf 7a ffffffb1 ffffff8d 29 6f 32 ffffffbf ffffffbb ffffffec ffffffd7 7f ffffffe8 ffffffca 26 ffffffbc fffffff0 ffffffca fffffff9 7e 26 61 37 31 37 ffffffe5 ffffffdd ffffffa3 1d fffffff2 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x7efea4005cd0 | unwrapped: 23 88 ba 01 5c 0c 0c d6 83 44 02 6a b8 e4 0f 4e | unwrapped: 17 9f bc 36 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x557c468dafb0 (size 80) | prf+N: seed-key@0x557c468dafb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x557c468dafb0 | nss hmac digest hack: symkey-key@0x557c468dafb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1156947616: 56 40 3c ffffffa0 ffffffa6 09 ffffffac 0b 7f ffffffa9 ffffffb7 6f 7e 7b ffffffd4 ffffffb4 1b ffffffaa ffffffac 56 ffffffb7 fffffff7 65 42 48 3a ffffffd3 15 24 ffffffa6 ffffffc5 fffffff5 50 7b 7e 1a 40 ffffffdb ffffff82 62 0b ffffff95 ffffffdb 00 36 33 ffffffb6 ffffffe2 ffffffca 5b 19 27 ffffff97 ffffff8f 08 26 62 25 00 ffffffe6 ffffffda 35 ffffff85 ffffffc1 73 ffffffb5 0f 3e 54 ffffffd3 ffffffce 1b ffffff8b 70 ffffffb6 4c 31 0a ffffffe8 3e | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 80 bytes at 0x7efea4005090 | unwrapped: 0b c6 33 0a 67 ff b3 97 33 e1 32 d0 51 5b 91 7c | unwrapped: 57 e3 82 54 5c 1d eb fd 81 54 66 53 d3 24 6e 90 | unwrapped: 0c 24 3f 43 95 79 67 e6 fa 6c f3 35 b2 66 bf 6e | unwrapped: b0 09 e6 75 e4 c1 1c 0c cb c7 d5 27 b5 6a 1b 00 | unwrapped: 6d 52 27 e4 2d 1d 3b 0e 61 91 89 8f 29 8a 8c 00 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efebb0a6520 | result: final-key@0x557c468d7990 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x557c468d7990 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebb0a6508 | result: final-key@0x557c468cec90 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x557c468d7990 | prf+N PRF sha final-key@0x557c468cec90 (size 20) | prf+N: key-key@0x557c468cec90 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c468cd410 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7efebb0a6598 | result: result-key@0x557c468d7990 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x557c468cd410 | prfplus: release old_t[N]-key@0x557c468d4560 | prf+N PRF sha init key-key@0x7efeac00a510 (size 20) | prf+N: key-key@0x7efeac00a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efeac00a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebb0a6518 | result: clone-key@0x557c468d4560 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7efea4002e80 from key-key@0x557c468d4560 | prf+N prf: begin sha with context 0x7efea4002e80 from key-key@0x557c468d4560 | prf+N: release clone-key@0x557c468d4560 | prf+N PRF sha crypt-prf@0x7efea4002010 | prf+N PRF sha update old_t-key@0x557c468cec90 (size 20) | prf+N: old_t-key@0x557c468cec90 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x557c468cec90 | nss hmac digest hack: symkey-key@0x557c468cec90 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1156947616: 3b ffffff8e fffffffe ffffffde ffffffd0 0b ffffffb6 ffffffc7 2f 5d ffffff8c ffffffc4 79 56 ffffff8c fffffffc ffffff8b 5d ffffffa7 47 7e ffffffd1 ffffff9c ffffffc2 36 5a 00 ffffffc5 ffffff99 ffffff94 ffffffb3 fffffff1 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x7efea4005cd0 | unwrapped: 82 b7 84 9f ee 71 66 56 6b f6 fd 87 31 ed a7 38 | unwrapped: 42 19 9b 5f 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x557c468dafb0 (size 80) | prf+N: seed-key@0x557c468dafb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x557c468dafb0 | nss hmac digest hack: symkey-key@0x557c468dafb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1156947616: 56 40 3c ffffffa0 ffffffa6 09 ffffffac 0b 7f ffffffa9 ffffffb7 6f 7e 7b ffffffd4 ffffffb4 1b ffffffaa ffffffac 56 ffffffb7 fffffff7 65 42 48 3a ffffffd3 15 24 ffffffa6 ffffffc5 fffffff5 50 7b 7e 1a 40 ffffffdb ffffff82 62 0b ffffff95 ffffffdb 00 36 33 ffffffb6 ffffffe2 ffffffca 5b 19 27 ffffff97 ffffff8f 08 26 62 25 00 ffffffe6 ffffffda 35 ffffff85 ffffffc1 73 ffffffb5 0f 3e 54 ffffffd3 ffffffce 1b ffffff8b 70 ffffffb6 4c 31 0a ffffffe8 3e | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 80 bytes at 0x7efea4005030 | unwrapped: 0b c6 33 0a 67 ff b3 97 33 e1 32 d0 51 5b 91 7c | unwrapped: 57 e3 82 54 5c 1d eb fd 81 54 66 53 d3 24 6e 90 | unwrapped: 0c 24 3f 43 95 79 67 e6 fa 6c f3 35 b2 66 bf 6e | unwrapped: b0 09 e6 75 e4 c1 1c 0c cb c7 d5 27 b5 6a 1b 00 | unwrapped: 6d 52 27 e4 2d 1d 3b 0e 61 91 89 8f 29 8a 8c 00 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efebb0a6520 | result: final-key@0x557c468cd410 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x557c468cd410 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebb0a6508 | result: final-key@0x557c468d4560 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x557c468cd410 | prf+N PRF sha final-key@0x557c468d4560 (size 20) | prf+N: key-key@0x557c468d4560 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c468d7990 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7efebb0a6598 | result: result-key@0x557c468cd410 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x557c468d7990 | prfplus: release old_t[N]-key@0x557c468cec90 | prf+N PRF sha init key-key@0x7efeac00a510 (size 20) | prf+N: key-key@0x7efeac00a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efeac00a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebb0a6518 | result: clone-key@0x557c468cec90 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7efea4002e80 from key-key@0x557c468cec90 | prf+N prf: begin sha with context 0x7efea4002e80 from key-key@0x557c468cec90 | prf+N: release clone-key@0x557c468cec90 | prf+N PRF sha crypt-prf@0x7efea4001270 | prf+N PRF sha update old_t-key@0x557c468d4560 (size 20) | prf+N: old_t-key@0x557c468d4560 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x557c468d4560 | nss hmac digest hack: symkey-key@0x557c468d4560 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1156947616: ffffff9b 09 1a ffffffeb ffffff80 ffffff8c ffffffd5 ffffffd5 ffffffd5 38 78 ffffffd6 ffffffe7 1b 08 78 ffffffb6 fffffffa ffffffe7 ffffffc6 34 fffffff4 fffffffe 0d ffffffad 45 03 6b ffffffa8 1d ffffffd4 16 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x7efea4005c30 | unwrapped: b1 97 33 83 f6 f1 ab 44 89 03 f3 95 f9 a2 a1 0f | unwrapped: 7f 87 33 9c 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x557c468dafb0 (size 80) | prf+N: seed-key@0x557c468dafb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x557c468dafb0 | nss hmac digest hack: symkey-key@0x557c468dafb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1156947616: 56 40 3c ffffffa0 ffffffa6 09 ffffffac 0b 7f ffffffa9 ffffffb7 6f 7e 7b ffffffd4 ffffffb4 1b ffffffaa ffffffac 56 ffffffb7 fffffff7 65 42 48 3a ffffffd3 15 24 ffffffa6 ffffffc5 fffffff5 50 7b 7e 1a 40 ffffffdb ffffff82 62 0b ffffff95 ffffffdb 00 36 33 ffffffb6 ffffffe2 ffffffca 5b 19 27 ffffff97 ffffff8f 08 26 62 25 00 ffffffe6 ffffffda 35 ffffff85 ffffffc1 73 ffffffb5 0f 3e 54 ffffffd3 ffffffce 1b ffffff8b 70 ffffffb6 4c 31 0a ffffffe8 3e | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 80 bytes at 0x7efea4005e20 | unwrapped: 0b c6 33 0a 67 ff b3 97 33 e1 32 d0 51 5b 91 7c | unwrapped: 57 e3 82 54 5c 1d eb fd 81 54 66 53 d3 24 6e 90 | unwrapped: 0c 24 3f 43 95 79 67 e6 fa 6c f3 35 b2 66 bf 6e | unwrapped: b0 09 e6 75 e4 c1 1c 0c cb c7 d5 27 b5 6a 1b 00 | unwrapped: 6d 52 27 e4 2d 1d 3b 0e 61 91 89 8f 29 8a 8c 00 | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efebb0a6520 | result: final-key@0x557c468d7990 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x557c468d7990 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebb0a6508 | result: final-key@0x557c468cec90 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x557c468d7990 | prf+N PRF sha final-key@0x557c468cec90 (size 20) | prf+N: key-key@0x557c468cec90 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c468cd410 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7efebb0a6598 | result: result-key@0x557c468d7990 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x557c468cd410 | prfplus: release old_t[N]-key@0x557c468d4560 | prf+N PRF sha init key-key@0x7efeac00a510 (size 20) | prf+N: key-key@0x7efeac00a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efeac00a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebb0a6518 | result: clone-key@0x557c468d4560 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7efea4005b80 from key-key@0x557c468d4560 | prf+N prf: begin sha with context 0x7efea4005b80 from key-key@0x557c468d4560 | prf+N: release clone-key@0x557c468d4560 | prf+N PRF sha crypt-prf@0x7efea4002010 | prf+N PRF sha update old_t-key@0x557c468cec90 (size 20) | prf+N: old_t-key@0x557c468cec90 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x557c468cec90 | nss hmac digest hack: symkey-key@0x557c468cec90 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1156947616: 31 1c ffffff86 4f 41 ffffff92 ffffff99 ffffffa4 ffffffe0 ffffff8b ffffff96 17 22 69 5c 40 fffffffd ffffffb7 ffffffb3 10 5d 5a 52 ffffffd4 7a 6e 05 ffffffa4 fffffff0 12 0b 70 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x7efea4005cd0 | unwrapped: 21 44 a8 99 11 9f cf b0 dd 2d b1 79 cc 77 7d 89 | unwrapped: 7c 15 1e 13 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x557c468dafb0 (size 80) | prf+N: seed-key@0x557c468dafb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x557c468dafb0 | nss hmac digest hack: symkey-key@0x557c468dafb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1156947616: 56 40 3c ffffffa0 ffffffa6 09 ffffffac 0b 7f ffffffa9 ffffffb7 6f 7e 7b ffffffd4 ffffffb4 1b ffffffaa ffffffac 56 ffffffb7 fffffff7 65 42 48 3a ffffffd3 15 24 ffffffa6 ffffffc5 fffffff5 50 7b 7e 1a 40 ffffffdb ffffff82 62 0b ffffff95 ffffffdb 00 36 33 ffffffb6 ffffffe2 ffffffca 5b 19 27 ffffff97 ffffff8f 08 26 62 25 00 ffffffe6 ffffffda 35 ffffff85 ffffffc1 73 ffffffb5 0f 3e 54 ffffffd3 ffffffce 1b ffffff8b 70 ffffffb6 4c 31 0a ffffffe8 3e | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 80 bytes at 0x7efea40050f0 | unwrapped: 0b c6 33 0a 67 ff b3 97 33 e1 32 d0 51 5b 91 7c | unwrapped: 57 e3 82 54 5c 1d eb fd 81 54 66 53 d3 24 6e 90 | unwrapped: 0c 24 3f 43 95 79 67 e6 fa 6c f3 35 b2 66 bf 6e | unwrapped: b0 09 e6 75 e4 c1 1c 0c cb c7 d5 27 b5 6a 1b 00 | unwrapped: 6d 52 27 e4 2d 1d 3b 0e 61 91 89 8f 29 8a 8c 00 | prf+N PRF sha update N++-byte@0x6 (6) | 06 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efebb0a6520 | result: final-key@0x557c468cd410 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x557c468cd410 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebb0a6508 | result: final-key@0x557c468d4560 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x557c468cd410 | prf+N PRF sha final-key@0x557c468d4560 (size 20) | prf+N: key-key@0x557c468d4560 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c468d7990 (100-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7efebb0a6598 | result: result-key@0x557c468cd410 (120-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x557c468d7990 | prfplus: release old_t[N]-key@0x557c468cec90 | prf+N PRF sha init key-key@0x7efeac00a510 (size 20) | prf+N: key-key@0x7efeac00a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efeac00a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebb0a6518 | result: clone-key@0x557c468cec90 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7efea4002e80 from key-key@0x557c468cec90 | prf+N prf: begin sha with context 0x7efea4002e80 from key-key@0x557c468cec90 | prf+N: release clone-key@0x557c468cec90 | prf+N PRF sha crypt-prf@0x7efea4001270 | prf+N PRF sha update old_t-key@0x557c468d4560 (size 20) | prf+N: old_t-key@0x557c468d4560 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x557c468d4560 | nss hmac digest hack: symkey-key@0x557c468d4560 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1156947616: ffffffcc ffffffaf 2d 65 ffffffab 7f ffffffba ffffff94 6a 69 51 1f 47 5e 74 71 37 00 17 ffffffb6 7e ffffffbd 67 26 ffffffe3 ffffff9f ffffffec 19 0c 67 39 08 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x7efea4005f00 | unwrapped: c5 35 8e f7 b7 14 8c ba fa 64 fc 27 70 32 3e 0e | unwrapped: 3c a0 8e 52 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x557c468dafb0 (size 80) | prf+N: seed-key@0x557c468dafb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x557c468dafb0 | nss hmac digest hack: symkey-key@0x557c468dafb0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1156947616: 56 40 3c ffffffa0 ffffffa6 09 ffffffac 0b 7f ffffffa9 ffffffb7 6f 7e 7b ffffffd4 ffffffb4 1b ffffffaa ffffffac 56 ffffffb7 fffffff7 65 42 48 3a ffffffd3 15 24 ffffffa6 ffffffc5 fffffff5 50 7b 7e 1a 40 ffffffdb ffffff82 62 0b ffffff95 ffffffdb 00 36 33 ffffffb6 ffffffe2 ffffffca 5b 19 27 ffffff97 ffffff8f 08 26 62 25 00 ffffffe6 ffffffda 35 ffffff85 ffffffc1 73 ffffffb5 0f 3e 54 ffffffd3 ffffffce 1b ffffff8b 70 ffffffb6 4c 31 0a ffffffe8 3e | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 80 bytes at 0x7efea4005e20 | unwrapped: 0b c6 33 0a 67 ff b3 97 33 e1 32 d0 51 5b 91 7c | unwrapped: 57 e3 82 54 5c 1d eb fd 81 54 66 53 d3 24 6e 90 | unwrapped: 0c 24 3f 43 95 79 67 e6 fa 6c f3 35 b2 66 bf 6e | unwrapped: b0 09 e6 75 e4 c1 1c 0c cb c7 d5 27 b5 6a 1b 00 | unwrapped: 6d 52 27 e4 2d 1d 3b 0e 61 91 89 8f 29 8a 8c 00 | prf+N PRF sha update N++-byte@0x7 (7) | 07 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efebb0a6520 | result: final-key@0x557c468d7990 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x557c468d7990 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebb0a6508 | result: final-key@0x557c468cec90 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x557c468d7990 | prf+N PRF sha final-key@0x557c468cec90 (size 20) | prf+N: key-key@0x557c468cec90 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c468cd410 (120-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7efebb0a6598 | result: result-key@0x557c468d7990 (140-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x557c468cd410 | prfplus: release old_t[N]-key@0x557c468d4560 | prfplus: release old_t[final]-key@0x557c468cec90 | ike_sa_keymat: release data-key@0x557c468dafb0 | calc_skeyseed_v2: release skeyseed_k-key@0x7efeac00a510 | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x557c468d7990 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebb0a6738 | result: result-key@0x7efeac00a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 20, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x557c468d7990 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebb0a6738 | result: result-key@0x557c468dafb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 40, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x557c468d7990 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebb0a6738 | result: result-key@0x557c468cec90 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 60, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x557c468d7990 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebb0a6748 | result: SK_ei_k-key@0x557c468d4560 (16-bytes, AES_CBC) | initiator salt NULL key has no bytes | calc_skeyseed_v2: release initiator-salt-key-key@NULL | key-offset: 76, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x557c468d7990 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebb0a6748 | result: SK_er_k-key@0x557c468cd410 (16-bytes, AES_CBC) | responder salt NULL key has no bytes | calc_skeyseed_v2: release responder-salt-key-key@NULL | key-offset: 92, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x557c468d7990 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebb0a6748 | result: result-key@0x557c468d9650 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 20 bytes of key@0x557c468d9650 | chunk_SK_pi: symkey-key@0x557c468d9650 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1717986918: 3a ffffffa6 fffffff5 ffffff8e 4e ffffff97 26 ffffff89 ffffffed 67 fffffffb 39 4b ffffffa3 7e ffffffec 15 31 ffffff85 54 41 ffffffd3 6a 03 3c ffffffbd ffffff89 3c 3d 47 ffffffc7 3b | chunk_SK_pi: release slot-key-key@0x557c468d1160 | chunk_SK_pi extracted len 32 bytes at 0x7efea40062f0 | unwrapped: cc 77 7d 89 7c 15 1e 13 c5 35 8e f7 b7 14 8c ba | unwrapped: fa 64 fc 27 00 00 00 00 00 00 00 00 00 00 00 00 | key-offset: 112, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x557c468d7990 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebb0a6748 | result: result-key@0x557c468f0de0 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 20 bytes of key@0x557c468f0de0 | chunk_SK_pr: symkey-key@0x557c468f0de0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1717986918: ffffffaa ffffff93 ffffffef fffffff6 2f 49 63 ffffffdf ffffffca ffffffbb 47 ffffffe1 13 6e 48 11 ffffff88 ffffffed ffffffa7 fffffffb ffffffb8 ffffffd8 ffffffb9 fffffff9 3e ffffff92 6b ffffffc9 1c 25 ffffffbe ffffff92 | chunk_SK_pr: release slot-key-key@0x557c468d1160 | chunk_SK_pr extracted len 32 bytes at 0x7efea4006320 | unwrapped: 70 32 3e 0e 3c a0 8e 52 07 4f 53 5d d8 30 ea 3d | unwrapped: 79 e7 e5 8f 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x557c468d7990 | calc_skeyseed_v2 pointers: shared-key@0x7efeac00d640, SK_d-key@0x7efeac00a510, SK_ai-key@0x557c468dafb0, SK_ar-key@0x557c468cec90, SK_ei-key@0x557c468d4560, SK_er-key@0x557c468cd410, SK_pi-key@0x557c468d9650, SK_pr-key@0x557c468f0de0 | calc_skeyseed_v2 initiator salt | | calc_skeyseed_v2 responder salt | | calc_skeyseed_v2 SK_pi | cc 77 7d 89 7c 15 1e 13 c5 35 8e f7 b7 14 8c ba | fa 64 fc 27 | calc_skeyseed_v2 SK_pr | 70 32 3e 0e 3c a0 8e 52 07 4f 53 5d d8 30 ea 3d | 79 e7 e5 8f | crypto helper 3 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 4 time elapsed 0.012158 seconds | (#5) spent 3.13 milliseconds in crypto helper computing work-order 4: ikev2_inI2outR2 KE (pcr) | crypto helper 3 sending results from work-order 4 for state #5 to event queue | scheduling resume sending helper answer for #5 | libevent_malloc: new ptr-libevent@0x7efea40060f0 size 128 | crypto helper 3 waiting (nothing to do) | processing resume sending helper answer for #5 | start processing: state #5 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 3 replies to request ID 4 | calling continuation function 0x557c447f4630 | ikev2_parent_inI2outR2_continue for #5: calculating g^{xy}, sending R2 | DH secret MODP2048@0x7efeb0000d60: transferring ownership from helper IKEv2 DH to state #5 | finish_dh_v2: release st_shared_nss-key@NULL | #5 in state PARENT_R1: received v2I1, sent v2R1 | hmac PRF sha init symkey-key@0x557c468dafb0 (size 20) | hmac: symkey-key@0x557c468dafb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x557c468dafb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f58c28 | result: clone-key@0x557c468d7990 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x557c468d06c0 from symkey-key@0x557c468d7990 | hmac prf: begin sha with context 0x557c468d06c0 from symkey-key@0x557c468d7990 | hmac: release clone-key@0x557c468d7990 | hmac PRF sha crypt-prf@0x557c468eabd0 | hmac PRF sha update data-bytes@0x557c46842c20 (length 208) | 6d 52 27 e4 2d 1d 3b 0e 61 91 89 8f 29 8a 8c 00 | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | 33 6e 4c 50 63 bf 0a ec 52 07 af 78 37 0d 1b 67 | 7a b5 42 43 39 cd d6 cc ae 82 4e b5 64 83 72 9a | ba a3 c9 21 29 ba 36 69 85 86 c6 73 1b 59 3b f0 | 1a 5c fa 1b 7b e2 05 ea 54 5e dc 3f 9f 48 25 3e | 1f 9f 7d 5c bc f2 a1 b1 d2 ee 59 cf fe f8 61 4a | 0e 8c c3 68 80 ff 82 e4 a0 be 89 4f df 2c e1 47 | 45 1f bc 73 bd 7f 10 9b 43 41 46 5b 84 f1 7f 41 | 99 c2 ea 8e 46 dc 7c ea be 35 5a 6a 1d cd f7 56 | fb f5 d1 e4 8f 7f 70 7b a2 5f c9 06 a2 6f 65 25 | b4 fa a3 cb 88 d8 9e 05 f3 87 88 25 d4 84 04 4d | db 85 e1 bf 94 6c d2 90 cd 6c 1f a3 29 c8 56 a9 | hmac PRF sha final-bytes@0x7fff72f58df0 (length 20) | 79 9e 98 05 88 b5 e5 28 c4 90 4b 1b 7e 81 92 30 | fe 33 ba 83 | data for hmac: 6d 52 27 e4 2d 1d 3b 0e 61 91 89 8f 29 8a 8c 00 | data for hmac: 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | data for hmac: 33 6e 4c 50 63 bf 0a ec 52 07 af 78 37 0d 1b 67 | data for hmac: 7a b5 42 43 39 cd d6 cc ae 82 4e b5 64 83 72 9a | data for hmac: ba a3 c9 21 29 ba 36 69 85 86 c6 73 1b 59 3b f0 | data for hmac: 1a 5c fa 1b 7b e2 05 ea 54 5e dc 3f 9f 48 25 3e | data for hmac: 1f 9f 7d 5c bc f2 a1 b1 d2 ee 59 cf fe f8 61 4a | data for hmac: 0e 8c c3 68 80 ff 82 e4 a0 be 89 4f df 2c e1 47 | data for hmac: 45 1f bc 73 bd 7f 10 9b 43 41 46 5b 84 f1 7f 41 | data for hmac: 99 c2 ea 8e 46 dc 7c ea be 35 5a 6a 1d cd f7 56 | data for hmac: fb f5 d1 e4 8f 7f 70 7b a2 5f c9 06 a2 6f 65 25 | data for hmac: b4 fa a3 cb 88 d8 9e 05 f3 87 88 25 d4 84 04 4d | data for hmac: db 85 e1 bf 94 6c d2 90 cd 6c 1f a3 29 c8 56 a9 | calculated auth: 79 9e 98 05 88 b5 e5 28 c4 90 4b 1b | provided auth: 79 9e 98 05 88 b5 e5 28 c4 90 4b 1b | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 33 6e 4c 50 63 bf 0a ec 52 07 af 78 37 0d 1b 67 | payload before decryption: | 7a b5 42 43 39 cd d6 cc ae 82 4e b5 64 83 72 9a | ba a3 c9 21 29 ba 36 69 85 86 c6 73 1b 59 3b f0 | 1a 5c fa 1b 7b e2 05 ea 54 5e dc 3f 9f 48 25 3e | 1f 9f 7d 5c bc f2 a1 b1 d2 ee 59 cf fe f8 61 4a | 0e 8c c3 68 80 ff 82 e4 a0 be 89 4f df 2c e1 47 | 45 1f bc 73 bd 7f 10 9b 43 41 46 5b 84 f1 7f 41 | 99 c2 ea 8e 46 dc 7c ea be 35 5a 6a 1d cd f7 56 | fb f5 d1 e4 8f 7f 70 7b a2 5f c9 06 a2 6f 65 25 | b4 fa a3 cb 88 d8 9e 05 f3 87 88 25 d4 84 04 4d | db 85 e1 bf 94 6c d2 90 cd 6c 1f a3 29 c8 56 a9 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c | 02 00 00 00 65 61 73 74 21 00 00 1c 02 00 00 00 | ee 02 c5 7f cd 3d ad a3 cb ae 18 8d 2f 1b 57 59 | 82 b7 dc f4 2c 00 00 2c 00 00 00 28 01 03 04 03 | 87 4b d2 5c 03 00 00 0c 01 00 00 0c 80 0e 00 00 | 03 00 00 08 03 00 00 02 00 00 00 08 05 00 00 00 | 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff | c0 00 01 00 c0 00 01 ff 00 00 00 18 01 00 00 00 | 07 00 00 10 00 00 ff ff c0 00 02 00 c0 00 02 ff | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | stripping 16 octets as pad | #5 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) | **parse IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2IDr (0x24) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDi (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) | **parse IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDr (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) | **parse IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | length: 28 (0x1c) | auth method: IKEv2_AUTH_SHARED (0x2) | processing payload: ISAKMP_NEXT_v2AUTH (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | **parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) | flags: none (0x0) | length: 44 (0x2c) | processing payload: ISAKMP_NEXT_v2SA (len=40) | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) | **parse IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSi (len=16) | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) | **parse IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSr (len=16) | selected state microcode Responder: process IKE_AUTH request | Now let's proceed with state specific processing | calling processor Responder: process IKE_AUTH request "east" #5: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr} | #5 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) | received IDr payload - extracting our alleged ID | refine_host_connection for IKEv2: starting with "east" | match_id a=@west | b=@west | results matched | refine_host_connection: checking "east" against "east", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0)) | Warning: not switching back to template of current instance | Peer expects us to be @east (ID_FQDN) according to its IDr payload | This connection's local id is @east (ID_FQDN) | refine_host_connection: checked east against east, now for see if best | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x557c468dd5e0 (line=1) | concluding with best_match=014 best=0x557c468dd5e0 (lineno=1) | returning because exact peer id match | offered CA: '%none' "east" #5: IKEv2 mode peer ID is ID_FQDN: '@west' | hmac PRF sha init symkey-key@0x557c468d9650 (size 20) | hmac: symkey-key@0x557c468d9650 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x557c468d9650 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f58698 | result: clone-key@0x557c468d7990 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x557c468d06c0 from symkey-key@0x557c468d7990 | hmac prf: begin sha with context 0x557c468d06c0 from symkey-key@0x557c468d7990 | hmac: release clone-key@0x557c468d7990 | hmac PRF sha crypt-prf@0x557c468ed9a0 | idhash verify I2 02 00 00 00 77 65 73 74 | hmac PRF sha update data-bytes@0x557c46842c54 (length 8) | 02 00 00 00 77 65 73 74 | hmac PRF sha final-bytes@0x7fff72f58850 (length 20) | e5 db 7b 48 4e 5f c4 0c d3 53 5d f6 15 62 c8 b4 | ef 39 36 ab | verifying AUTH payload | ikev2_calculate_psk_sighash() called from STATE_PARENT_R1 to verify PSK with authby=secret | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x557c468dd5e0 (line=1) | concluding with best_match=014 best=0x557c468dd5e0 (lineno=1) | inputs to hash1 (first packet) | 6d 52 27 e4 2d 1d 3b 0e 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 a7 21 c3 b3 99 7e 93 8d ce 6f d9 a9 | ea af 33 d5 16 35 97 d2 60 d6 fa 7d 52 cf b9 df | 6f 9b 84 e3 02 14 79 53 9d d6 45 67 1e 78 25 af | fb 9e c5 2e 55 75 02 67 5c bd d8 1d f4 58 9a 11 | b2 22 9f 66 86 ea c4 ed c9 19 32 b1 c5 b8 02 89 | 79 1a b5 07 db 37 d2 e5 72 b4 24 9d f0 26 2b 6b | 65 63 ca 4b de 92 e0 89 3a 61 61 04 6d 31 c5 66 | 5a c8 17 a6 ea 7f bc 2e cf 4b 47 0b bb 18 5f 4e | 5a 48 5e bf c0 77 d8 3c 41 94 57 31 63 76 de 20 | 06 6f 09 d0 62 10 a3 a2 60 c9 7d da b2 e9 d5 d3 | d8 2b c7 03 cd 8a 6d ac 3b 12 d1 7c 5e d1 00 13 | 38 ae 86 7b e4 0d 3d b1 1d cb e0 b0 15 51 4a 62 | 65 b5 90 e7 99 7e ab 58 4c d3 63 4c 5c 41 39 37 | 1b d9 54 2a 52 2c 7a b3 45 aa 6b 82 55 7b ae 44 | ef 9b 9f 7d 22 d9 dc a6 85 65 63 b2 52 11 e7 d9 | 32 94 b8 86 a0 e7 02 e9 f9 00 25 d8 5a c5 b9 a9 | 9d 20 07 38 29 00 00 24 0b c6 33 0a 67 ff b3 97 | 33 e1 32 d0 51 5b 91 7c 57 e3 82 54 5c 1d eb fd | 81 54 66 53 d3 24 6e 90 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 77 27 1a 46 f7 9f e8 82 | 72 8b 8a 4e 6c c1 bf c1 a5 08 de 68 00 00 00 1c | 00 00 40 05 d7 f1 b2 2c cf 66 77 b7 51 d2 70 ad | e6 1f ed 4c e7 fc c1 e7 | verify: initiator inputs to hash2 (responder nonce) | 0c 24 3f 43 95 79 67 e6 fa 6c f3 35 b2 66 bf 6e | b0 09 e6 75 e4 c1 1c 0c cb c7 d5 27 b5 6a 1b 00 | idhash e5 db 7b 48 4e 5f c4 0c d3 53 5d f6 15 62 c8 b4 | idhash ef 39 36 ab | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x557c468e7dc0 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f584a0 | result: shared secret-key@0x7efeb4006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x7efeb4006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f58488 | result: shared secret-key@0x557c468d7990 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x7efeb4006900 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x557c468d06c0 from shared secret-key@0x557c468d7990 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x557c468d06c0 from shared secret-key@0x557c468d7990 | = prf(,"Key Pad for IKEv2"): release clone-key@0x557c468d7990 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x557c468eabd0 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x557c44887bb0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f584c0 | result: final-key@0x7efeb4006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efeb4006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f584a8 | result: final-key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efeb4006900 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x557c468d7990 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x557c468d7990 (size 20) | = prf(, ): -key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f584b8 | result: clone-key@0x7efeb4006900 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x557c468d06c0 from -key@0x7efeb4006900 | = prf(, ) prf: begin sha with context 0x557c468d06c0 from -key@0x7efeb4006900 | = prf(, ): release clone-key@0x7efeb4006900 | = prf(, ) PRF sha crypt-prf@0x557c468eabb0 | = prf(, ) PRF sha update first-packet-bytes@0x557c468ed630 (length 440) | 6d 52 27 e4 2d 1d 3b 0e 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 a7 21 c3 b3 99 7e 93 8d ce 6f d9 a9 | ea af 33 d5 16 35 97 d2 60 d6 fa 7d 52 cf b9 df | 6f 9b 84 e3 02 14 79 53 9d d6 45 67 1e 78 25 af | fb 9e c5 2e 55 75 02 67 5c bd d8 1d f4 58 9a 11 | b2 22 9f 66 86 ea c4 ed c9 19 32 b1 c5 b8 02 89 | 79 1a b5 07 db 37 d2 e5 72 b4 24 9d f0 26 2b 6b | 65 63 ca 4b de 92 e0 89 3a 61 61 04 6d 31 c5 66 | 5a c8 17 a6 ea 7f bc 2e cf 4b 47 0b bb 18 5f 4e | 5a 48 5e bf c0 77 d8 3c 41 94 57 31 63 76 de 20 | 06 6f 09 d0 62 10 a3 a2 60 c9 7d da b2 e9 d5 d3 | d8 2b c7 03 cd 8a 6d ac 3b 12 d1 7c 5e d1 00 13 | 38 ae 86 7b e4 0d 3d b1 1d cb e0 b0 15 51 4a 62 | 65 b5 90 e7 99 7e ab 58 4c d3 63 4c 5c 41 39 37 | 1b d9 54 2a 52 2c 7a b3 45 aa 6b 82 55 7b ae 44 | ef 9b 9f 7d 22 d9 dc a6 85 65 63 b2 52 11 e7 d9 | 32 94 b8 86 a0 e7 02 e9 f9 00 25 d8 5a c5 b9 a9 | 9d 20 07 38 29 00 00 24 0b c6 33 0a 67 ff b3 97 | 33 e1 32 d0 51 5b 91 7c 57 e3 82 54 5c 1d eb fd | 81 54 66 53 d3 24 6e 90 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 77 27 1a 46 f7 9f e8 82 | 72 8b 8a 4e 6c c1 bf c1 a5 08 de 68 00 00 00 1c | 00 00 40 05 d7 f1 b2 2c cf 66 77 b7 51 d2 70 ad | e6 1f ed 4c e7 fc c1 e7 | = prf(, ) PRF sha update nonce-bytes@0x7efeb0002af0 (length 32) | 0c 24 3f 43 95 79 67 e6 fa 6c f3 35 b2 66 bf 6e | b0 09 e6 75 e4 c1 1c 0c cb c7 d5 27 b5 6a 1b 00 | = prf(, ) PRF sha update hash-bytes@0x7fff72f58850 (length 20) | e5 db 7b 48 4e 5f c4 0c d3 53 5d f6 15 62 c8 b4 | ef 39 36 ab | = prf(, ) PRF sha final-chunk@0x557c468ed9a0 (length 20) | ee 02 c5 7f cd 3d ad a3 cb ae 18 8d 2f 1b 57 59 | 82 b7 dc f4 | psk_auth: release prf-psk-key@0x557c468d7990 | Received PSK auth octets | ee 02 c5 7f cd 3d ad a3 cb ae 18 8d 2f 1b 57 59 | 82 b7 dc f4 | Calculated PSK auth octets | ee 02 c5 7f cd 3d ad a3 cb ae 18 8d 2f 1b 57 59 | 82 b7 dc f4 "east" #5: Authenticated using authby=secret | parent state #5: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA) | #5 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x557c468ec630 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x557c468eab40 | event_schedule: new EVENT_SA_REKEY-pe@0x557c468eab40 | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #5 | libevent_malloc: new ptr-libevent@0x557c468ec630 size 128 | pstats #5 ikev2.ike established | **emit ISAKMP Message: | initiator cookie: | 6d 52 27 e4 2d 1d 3b 0e | responder cookie: | 61 91 89 8f 29 8a 8c 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | hmac PRF sha init symkey-key@0x557c468f0de0 (size 20) | hmac: symkey-key@0x557c468f0de0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x557c468f0de0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f58008 | result: clone-key@0x557c468d7990 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x557c468d06c0 from symkey-key@0x557c468d7990 | hmac prf: begin sha with context 0x557c468d06c0 from symkey-key@0x557c468d7990 | hmac: release clone-key@0x557c468d7990 | hmac PRF sha crypt-prf@0x557c468ec6e0 | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload | my identity 65 61 73 74 | emitting length of IKEv2 Identification - Responder - Payload: 12 | idhash calc R2 02 00 00 00 65 61 73 74 | hmac PRF sha update data-bytes@0x557c448f3974 (length 8) | 02 00 00 00 65 61 73 74 | hmac PRF sha final-bytes@0x7fff72f58310 (length 20) | 7a a5 72 89 12 1d 84 0f 71 3a 03 7f 6f 00 d4 0c | 2d 0d 91 96 | assembled IDr payload | CHILD SA proposals received | going to assemble AUTH payload | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | auth method: IKEv2_AUTH_SHARED (0x2) | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_R2 to create PSK with authby=secret | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x557c468dd5e0 (line=1) | concluding with best_match=014 best=0x557c468dd5e0 (lineno=1) | inputs to hash1 (first packet) | 6d 52 27 e4 2d 1d 3b 0e 61 91 89 8f 29 8a 8c 00 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 78 9a 89 f6 1c 11 1c 2a 18 15 5f f0 | be a1 9a 53 47 a4 12 ef 4e 75 00 e8 b2 0b 7b 38 | f8 04 ab 5f 98 d0 59 3d 8b 88 e0 f4 e1 a5 4c 18 | fa 18 c8 c7 29 3d c2 de 28 b2 d7 d2 e7 46 72 08 | 0f 39 d5 ed af 88 6b 39 fd fc 83 69 fe e9 c3 ad | 9e 1e b2 ff 14 42 18 e6 57 a1 31 4a 6f a3 b7 4e | 3a 5b ab 9e f2 7f ad 36 33 b0 db 01 69 66 12 07 | ba 36 06 a1 90 44 48 91 72 a9 9d 0d 2e 8f 3e fa | 27 f0 1c 21 83 8d c9 e6 fd 8f 44 b2 fc 35 0e c2 | 9a c9 bc c5 a8 0f 1a 62 65 e9 7a d0 02 11 4f a9 | 2a bd 6f 93 99 7b bf 50 7c e6 42 e1 14 e4 d5 c2 | a0 f5 3a 75 d4 bd 41 30 22 b8 be ea ca c1 5e 6d | 4f 5a 19 47 39 bf 00 37 d5 52 f2 9f 42 f9 3b e7 | e7 bc b3 86 89 ec be 9c 4e e8 f7 8b 71 a1 77 ea | 4c db 53 72 e0 6e 08 0b 55 f8 1d d8 7f 89 34 08 | 7c c7 36 32 c9 97 4c 66 ec b9 29 69 fc 6b 01 e2 | b2 56 10 c0 29 00 00 24 0c 24 3f 43 95 79 67 e6 | fa 6c f3 35 b2 66 bf 6e b0 09 e6 75 e4 c1 1c 0c | cb c7 d5 27 b5 6a 1b 00 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 76 44 35 2b 7d 76 7a 21 | 43 e3 e3 2b e0 97 d5 6c 4b 0a 62 9e 00 00 00 1c | 00 00 40 05 46 b5 af 11 56 78 c0 16 85 91 65 72 | f0 39 79 0f 9d 60 17 85 | create: responder inputs to hash2 (initiator nonce) | 0b c6 33 0a 67 ff b3 97 33 e1 32 d0 51 5b 91 7c | 57 e3 82 54 5c 1d eb fd 81 54 66 53 d3 24 6e 90 | idhash 7a a5 72 89 12 1d 84 0f 71 3a 03 7f 6f 00 d4 0c | idhash 2d 0d 91 96 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x557c468e7dc0 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f57e00 | result: shared secret-key@0x7efeb4006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x7efeb4006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57de8 | result: shared secret-key@0x557c468d7990 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x7efeb4006900 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x557c468d06c0 from shared secret-key@0x557c468d7990 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x557c468d06c0 from shared secret-key@0x557c468d7990 | = prf(,"Key Pad for IKEv2"): release clone-key@0x557c468d7990 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x557c468ed9a0 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x557c44887bb0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f57e20 | result: final-key@0x7efeb4006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efeb4006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57e08 | result: final-key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efeb4006900 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x557c468d7990 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x557c468d7990 (size 20) | = prf(, ): -key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57e18 | result: clone-key@0x7efeb4006900 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x557c468d06c0 from -key@0x7efeb4006900 | = prf(, ) prf: begin sha with context 0x557c468d06c0 from -key@0x7efeb4006900 | = prf(, ): release clone-key@0x7efeb4006900 | = prf(, ) PRF sha crypt-prf@0x557c468eabd0 | = prf(, ) PRF sha update first-packet-bytes@0x557c4687c650 (length 440) | 6d 52 27 e4 2d 1d 3b 0e 61 91 89 8f 29 8a 8c 00 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 78 9a 89 f6 1c 11 1c 2a 18 15 5f f0 | be a1 9a 53 47 a4 12 ef 4e 75 00 e8 b2 0b 7b 38 | f8 04 ab 5f 98 d0 59 3d 8b 88 e0 f4 e1 a5 4c 18 | fa 18 c8 c7 29 3d c2 de 28 b2 d7 d2 e7 46 72 08 | 0f 39 d5 ed af 88 6b 39 fd fc 83 69 fe e9 c3 ad | 9e 1e b2 ff 14 42 18 e6 57 a1 31 4a 6f a3 b7 4e | 3a 5b ab 9e f2 7f ad 36 33 b0 db 01 69 66 12 07 | ba 36 06 a1 90 44 48 91 72 a9 9d 0d 2e 8f 3e fa | 27 f0 1c 21 83 8d c9 e6 fd 8f 44 b2 fc 35 0e c2 | 9a c9 bc c5 a8 0f 1a 62 65 e9 7a d0 02 11 4f a9 | 2a bd 6f 93 99 7b bf 50 7c e6 42 e1 14 e4 d5 c2 | a0 f5 3a 75 d4 bd 41 30 22 b8 be ea ca c1 5e 6d | 4f 5a 19 47 39 bf 00 37 d5 52 f2 9f 42 f9 3b e7 | e7 bc b3 86 89 ec be 9c 4e e8 f7 8b 71 a1 77 ea | 4c db 53 72 e0 6e 08 0b 55 f8 1d d8 7f 89 34 08 | 7c c7 36 32 c9 97 4c 66 ec b9 29 69 fc 6b 01 e2 | b2 56 10 c0 29 00 00 24 0c 24 3f 43 95 79 67 e6 | fa 6c f3 35 b2 66 bf 6e b0 09 e6 75 e4 c1 1c 0c | cb c7 d5 27 b5 6a 1b 00 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 76 44 35 2b 7d 76 7a 21 | 43 e3 e3 2b e0 97 d5 6c 4b 0a 62 9e 00 00 00 1c | 00 00 40 05 46 b5 af 11 56 78 c0 16 85 91 65 72 | f0 39 79 0f 9d 60 17 85 | = prf(, ) PRF sha update nonce-bytes@0x557c468eab80 (length 32) | 0b c6 33 0a 67 ff b3 97 33 e1 32 d0 51 5b 91 7c | 57 e3 82 54 5c 1d eb fd 81 54 66 53 d3 24 6e 90 | = prf(, ) PRF sha update hash-bytes@0x7fff72f58310 (length 20) | 7a a5 72 89 12 1d 84 0f 71 3a 03 7f 6f 00 d4 0c | 2d 0d 91 96 | = prf(, ) PRF sha final-chunk@0x557c468ec6e0 (length 20) | 3d 8b e8 c3 e7 5e be db 51 fa 41 98 4d cc 54 c8 | b5 bd 39 8a | psk_auth: release prf-psk-key@0x557c468d7990 | PSK auth octets 3d 8b e8 c3 e7 5e be db 51 fa 41 98 4d cc 54 c8 | PSK auth octets b5 bd 39 8a | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth 3d 8b e8 c3 e7 5e be db 51 fa 41 98 4d cc 54 c8 | PSK auth b5 bd 39 8a | emitting length of IKEv2 Authentication Payload: 28 | creating state object #6 at 0x557c468f4460 | State DB: adding IKEv2 state #6 in UNDEFINED | pstats #6 ikev2.child started | duplicating state object #5 "east" as #6 for IPSEC SA | #6 setting local endpoint to 192.1.2.23:500 from #5.st_localport (in duplicate_state() at state.c:1481) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x7efeac00a510 | duplicate_state: reference st_skey_ai_nss-key@0x557c468dafb0 | duplicate_state: reference st_skey_ar_nss-key@0x557c468cec90 | duplicate_state: reference st_skey_ei_nss-key@0x557c468d4560 | duplicate_state: reference st_skey_er_nss-key@0x557c468cd410 | duplicate_state: reference st_skey_pi_nss-key@0x557c468d9650 | duplicate_state: reference st_skey_pr_nss-key@0x557c468f0de0 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #5.#6; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #5 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1 | Message ID: switch-to #5.#6 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1 | Child SA TS Request has ike->sa == md->st; so using parent connection | TSi: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 01 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 01 ff | TSi: parsed 1 traffic selectors | TSr: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 02 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 02 ff | TSr: parsed 1 traffic selectors | looking for best SPD in current connection | evaluating our conn="east" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | found better spd route for TSi[0],TSr[0] | looking for better host pair | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | checking hostpair 192.0.2.0/24:0 -> 192.0.1.0/24:0 is found | investigating connection "east" as a better match | match_id a=@west | b=@west | results matched | evaluating our conn="east" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | did not find a better connection using host pair | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV4_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.2.0-192.0.2.255 | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV4_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.1.0-192.0.1.255 | using existing local ESP/AH proposals for east (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED 2:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 0 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 1 transforms | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 0 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 1 transforms | local proposal 2 transforms: required: ENCR+INTEG+ESN; optional: DH | ***parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 40 (0x28) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI | remote SPI 87 4b d2 5c | Comparing remote proposal 1 containing 3 transforms against local proposal [1..2] of 2 local proposals | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | *****parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 0 (0x0) | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: INTEG+ESN; unmatched: ENCR | remote proposal 1 does not match; unmatched remote transforms: ENCR "east" #5: no local proposal matches remote proposals 1:ESP:ENCR=AES_CBC;INTEG=HMAC_SHA1_96;ESN=DISABLED "east" #5: IKE_AUTH responder matching remote ESP/AH proposals failed, responder SA processing returned STF_FAIL+v2N_NO_PROPOSAL_CHOSEN | ikev2_child_sa_respond returned STF_FAIL+v2N_NO_PROPOSAL_CHOSEN | ikev2_parent_inI2outR2_continue_tail returned STF_FAIL+v2N_NO_PROPOSAL_CHOSEN | #5 spent 1.44 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet() | suspend processing: state #5 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | start processing: state #6 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #6 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_FAIL+v2N_NO_PROPOSAL_CHOSEN | sending a notification reply "east" #6: responding to IKE_AUTH message (ID 1) from 192.1.2.45:500 with encrypted notification NO_PROPOSAL_CHOSEN | Opening output PBS encrypted notification | **emit ISAKMP Message: | initiator cookie: | 6d 52 27 e4 2d 1d 3b 0e | responder cookie: | 61 91 89 8f 29 8a 8c 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'encrypted notification' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | Adding a v2N Payload | ****emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'encrypted notification' | emitting length of IKEv2 Notify Payload: 8 | adding 8 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | ec 3c 39 3d 94 40 60 7f 3b 31 a2 af b8 30 89 45 | data before encryption: | 00 00 00 08 00 00 00 0e 00 01 02 03 04 05 06 07 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 16 a5 7e 56 5c 6e c2 75 cd 3f a4 fe d3 77 d1 b6 | hmac PRF sha init symkey-key@0x557c468cec90 (size 20) | hmac: symkey-key@0x557c468cec90 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x557c468cec90 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f580d8 | result: clone-key@0x557c468d7990 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x557c468d06c0 from symkey-key@0x557c468d7990 | hmac prf: begin sha with context 0x557c468d06c0 from symkey-key@0x557c468d7990 | hmac: release clone-key@0x557c468d7990 | hmac PRF sha crypt-prf@0x557c468ef280 | hmac PRF sha update data-bytes@0x7fff72f58510 (length 64) | 6d 52 27 e4 2d 1d 3b 0e 61 91 89 8f 29 8a 8c 00 | 2e 20 23 20 00 00 00 01 00 00 00 4c 29 00 00 30 | ec 3c 39 3d 94 40 60 7f 3b 31 a2 af b8 30 89 45 | 16 a5 7e 56 5c 6e c2 75 cd 3f a4 fe d3 77 d1 b6 | hmac PRF sha final-bytes@0x7fff72f58550 (length 20) | 7f ce 48 77 4a 07 e9 4e 39 7e 0c a7 12 d5 15 c4 | 64 27 ee 90 | data being hmac: 6d 52 27 e4 2d 1d 3b 0e 61 91 89 8f 29 8a 8c 00 | data being hmac: 2e 20 23 20 00 00 00 01 00 00 00 4c 29 00 00 30 | data being hmac: ec 3c 39 3d 94 40 60 7f 3b 31 a2 af b8 30 89 45 | data being hmac: 16 a5 7e 56 5c 6e c2 75 cd 3f a4 fe d3 77 d1 b6 | out calculated auth: | 7f ce 48 77 4a 07 e9 4e 39 7e 0c a7 | sending 76 bytes for v2 notify through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #5) | 6d 52 27 e4 2d 1d 3b 0e 61 91 89 8f 29 8a 8c 00 | 2e 20 23 20 00 00 00 01 00 00 00 4c 29 00 00 30 | ec 3c 39 3d 94 40 60 7f 3b 31 a2 af b8 30 89 45 | 16 a5 7e 56 5c 6e c2 75 cd 3f a4 fe d3 77 d1 b6 | 7f ce 48 77 4a 07 e9 4e 39 7e 0c a7 | forcing #6 to a discard event | event_schedule: new EVENT_SO_DISCARD-pe@0x7efeb0002b20 | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #6 | libevent_malloc: new ptr-libevent@0x7efeb0006900 size 128 | state transition function for STATE_UNDEFINED failed: v2N_NO_PROPOSAL_CHOSEN | resume sending helper answer for #5 suppresed complete_v2_state_transition() | #5 spent 2.02 milliseconds in resume sending helper answer | stop processing: state #6 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7efea40060f0 | spent 0.00257 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 444 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | d7 a7 50 22 b2 e6 a3 46 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 bc 22 00 00 34 | 00 00 00 30 01 01 00 04 03 00 00 10 01 00 00 0c | 80 0e 00 80 80 0e 00 80 03 00 00 08 02 00 00 02 | 03 00 00 08 03 00 00 02 00 00 00 08 04 00 00 0e | 28 00 01 08 00 0e 00 00 82 f8 07 85 6c 3b ee 6b | f9 9e d9 3f b2 9c 05 e5 81 47 60 da 10 52 ac 82 | 42 5b 88 b1 30 09 3c 49 79 79 eb 53 93 cf ff 34 | 7e f2 fd 20 63 34 b1 77 61 3f 5b 9b c5 3f ba 2a | b2 8f 12 3d 4b e8 17 41 66 ae c8 dc 58 40 d8 46 | 2f 1d 23 01 a2 f1 05 f4 2c c1 fb cc 0e 73 36 19 | 8c b1 55 f0 04 c1 8c e3 46 a4 25 67 2f 45 fe 6a | 2e 19 29 3d b8 b6 6b 3a 68 fe 32 d1 51 49 4c 9d | 5c 72 bd 0e bd 5f e4 9a 09 c7 4e 3d 76 a9 9b ce | 65 e1 52 22 df ee 79 80 3a 06 63 a4 c6 1b 96 7b | c1 f5 b6 7a 71 60 d9 c3 62 fc 56 dc c1 e7 e7 05 | c7 40 95 f4 e9 9d 1b af 30 2f 1a 68 2b 94 ad 14 | 8a 18 de df 8f 9b 8e b3 38 2f 5d 7f 91 29 01 a4 | 6f b8 88 51 b8 6b 92 86 ce b6 43 9c 75 4f fe e1 | ca 1f fb 31 9d d4 aa 3b 11 22 95 b5 0a 4e 7c f0 | 39 59 1d 5e 3a ad 75 30 3d 56 e2 ad f7 48 8a 2e | 85 e0 35 4f af 2d e5 4d 29 00 00 24 82 1e 39 68 | ce 24 fd ef 02 2c 26 2a 5d 06 d3 54 09 ff 0d 94 | ff b3 37 1f 0f 56 04 2f dc 7c ff 71 29 00 00 08 | 00 00 40 2e 29 00 00 1c 00 00 40 04 5c a4 70 98 | e4 3b 8f f3 8b 26 84 ce da 97 a3 8f 00 14 0a ac | 00 00 00 1c 00 00 40 05 a6 9a 48 8b 83 1a f6 b9 | fa d7 5c f0 30 ab 4f 31 25 39 12 bc | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | d7 a7 50 22 b2 e6 a3 46 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 444 (0x1bc) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 52 (0x34) | processing payload: ISAKMP_NEXT_v2SA (len=48) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x557c468e9610 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x557c448e7700 (length 32) | b3 4d 7f 00 5e 96 ec 2b 24 17 98 2c 30 c4 0b 6f | 32 2a a8 67 4e 25 c8 f6 c6 25 a4 e9 5e fb 8a 57 | IKE SPIr hash sha2_256 digest counter-bytes@0x557c448e76e0 (length 4) | 05 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7fff72f59390 (length 32) | 87 47 c3 68 a9 be 6f 68 00 c0 de 96 e7 70 c1 a4 | 47 1e 44 68 b7 83 8e 3b c0 74 9f 50 bd 65 2c 8a | creating state object #7 at 0x557c468ec700 | State DB: adding IKEv2 state #7 in UNDEFINED | pstats #7 ikev2.ike started | Message ID: init #7: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #7: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #7; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #7 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #7 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #7 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #7 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #7 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #7 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #7 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 48 (0x30) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 16 (0x10) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 2 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH | remote proposal 1 matches local proposal 1 "east" #7: proposal 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048[first-match] | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | PRF ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1 | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | DH public value received: | 82 f8 07 85 6c 3b ee 6b f9 9e d9 3f b2 9c 05 e5 | 81 47 60 da 10 52 ac 82 42 5b 88 b1 30 09 3c 49 | 79 79 eb 53 93 cf ff 34 7e f2 fd 20 63 34 b1 77 | 61 3f 5b 9b c5 3f ba 2a b2 8f 12 3d 4b e8 17 41 | 66 ae c8 dc 58 40 d8 46 2f 1d 23 01 a2 f1 05 f4 | 2c c1 fb cc 0e 73 36 19 8c b1 55 f0 04 c1 8c e3 | 46 a4 25 67 2f 45 fe 6a 2e 19 29 3d b8 b6 6b 3a | 68 fe 32 d1 51 49 4c 9d 5c 72 bd 0e bd 5f e4 9a | 09 c7 4e 3d 76 a9 9b ce 65 e1 52 22 df ee 79 80 | 3a 06 63 a4 c6 1b 96 7b c1 f5 b6 7a 71 60 d9 c3 | 62 fc 56 dc c1 e7 e7 05 c7 40 95 f4 e9 9d 1b af | 30 2f 1a 68 2b 94 ad 14 8a 18 de df 8f 9b 8e b3 | 38 2f 5d 7f 91 29 01 a4 6f b8 88 51 b8 6b 92 86 | ce b6 43 9c 75 4f fe e1 ca 1f fb 31 9d d4 aa 3b | 11 22 95 b5 0a 4e 7c f0 39 59 1d 5e 3a ad 75 30 | 3d 56 e2 ad f7 48 8a 2e 85 e0 35 4f af 2d e5 4d | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff72f58d90 (length 8) | d7 a7 50 22 b2 e6 a3 46 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff72f58d98 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff72f58d24 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff72f58d16 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff72f58da0 (length 20) | a6 9a 48 8b 83 1a f6 b9 fa d7 5c f0 30 ab 4f 31 | 25 39 12 bc | natd_hash: hasher=0x557c448ca7a0(20) | natd_hash: icookie= d7 a7 50 22 b2 e6 a3 46 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= a6 9a 48 8b 83 1a f6 b9 fa d7 5c f0 30 ab 4f 31 | natd_hash: hash= 25 39 12 bc | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff72f58d90 (length 8) | d7 a7 50 22 b2 e6 a3 46 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff72f58d98 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff72f58d24 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff72f58d16 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff72f58dc0 (length 20) | 5c a4 70 98 e4 3b 8f f3 8b 26 84 ce da 97 a3 8f | 00 14 0a ac | natd_hash: hasher=0x557c448ca7a0(20) | natd_hash: icookie= d7 a7 50 22 b2 e6 a3 46 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 5c a4 70 98 e4 3b 8f f3 8b 26 84 ce da 97 a3 8f | natd_hash: hash= 00 14 0a ac | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.45 | adding ikev2_inI1outR1 KE work-order 5 for state #7 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x557c468f4150 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #7 | libevent_malloc: new ptr-libevent@0x7efea40060f0 size 128 | #7 spent 0.283 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | crypto helper 4 resuming | [RE]START processing: state #7 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | crypto helper 4 starting work-order 5 for state #7 | #7 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND | crypto helper 4 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 5 | suspending state #7 and saving MD | #7 is busy; has a suspended MD | [RE]START processing: state #7 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3266) | "east" #7 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | stop processing: state #7 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #7 spent 0.667 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | processing: STOP connection NULL (in process_md() at demux.c:383) | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | spent 0.691 milliseconds in comm_handle_cb() reading and processing packet | DH secret MODP2048@0x7efea8000d60: created | NSS: Local DH MODP2048 secret (pointer): 0x7efea8000d60 | NSS: Public DH wire value: | fd 71 14 f4 f5 97 ed 3c b7 91 a1 6c 6f e9 1e bb | da bb d2 f2 a6 e6 60 82 c4 04 1c 2d 8f b7 54 4d | d9 b1 a8 5b 30 6c 05 9e a8 56 5e a7 e0 66 ac e3 | 6b 8a 9f a2 e4 f6 8e d4 ac 4e 7c 47 ab 17 c4 7e | f9 74 21 d8 98 ba 34 43 f5 fe c4 5f 5f f6 12 bc | e5 c4 7e a0 ff 76 c7 8c 0e b4 a8 21 e1 8b 72 cb | 08 53 d6 91 e0 37 d9 6f 01 b2 7a 7b 1b 6c b2 52 | de 88 cb 92 e3 98 68 e8 c0 14 3b 0f f9 04 f4 04 | a4 6d a4 75 10 98 75 18 43 78 e4 95 cf 20 9d 91 | 59 ad c3 fd 17 9f 6a 57 3a ce d3 53 40 ff 80 cd | 2f 45 20 0b 35 18 98 3e fd d4 f1 c2 5b 24 a6 b4 | d3 85 ab 50 66 2f 6e e1 c7 2b 8d 80 af 44 09 c2 | 2e e2 62 9c 13 02 df 29 e8 3f 25 ff 6e cd 77 82 | b9 fb 29 ee fb 56 a7 1b 5f 87 17 56 10 02 52 9e | e1 da 85 62 de 49 8b 3f 6f b5 87 b7 0e 34 41 d8 | ab 6f 86 6e 66 c3 a5 6c 25 ee bc 3b 8c ed 35 76 | Generated nonce: b5 85 f8 15 14 10 09 cd 00 16 33 6f 47 2b e8 01 | Generated nonce: 24 4f dc 01 63 46 6c 18 09 d0 a6 8b db 44 09 73 | crypto helper 4 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 5 time elapsed 0.00097 seconds | (#7) spent 0.912 milliseconds in crypto helper computing work-order 5: ikev2_inI1outR1 KE (pcr) | crypto helper 4 sending results from work-order 5 for state #7 to event queue | scheduling resume sending helper answer for #7 | libevent_malloc: new ptr-libevent@0x7efea8006900 size 128 | libevent_realloc: release ptr-libevent@0x557c468cbb90 | libevent_realloc: new ptr-libevent@0x557c468ed7f0 size 128 | crypto helper 4 waiting (nothing to do) | processing resume sending helper answer for #7 | start processing: state #7 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 4 replies to request ID 5 | calling continuation function 0x557c447f4630 | ikev2_parent_inI1outR1_continue for #7: calculated ke+nonce, sending R1 | **emit ISAKMP Message: | initiator cookie: | d7 a7 50 22 b2 e6 a3 46 | responder cookie: | 87 47 c3 68 a9 be 6f 68 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Emitting ikev2_proposal ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7efea8000d60: transferring ownership from helper KE to state #7 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x fd 71 14 f4 f5 97 ed 3c b7 91 a1 6c 6f e9 1e bb | ikev2 g^x da bb d2 f2 a6 e6 60 82 c4 04 1c 2d 8f b7 54 4d | ikev2 g^x d9 b1 a8 5b 30 6c 05 9e a8 56 5e a7 e0 66 ac e3 | ikev2 g^x 6b 8a 9f a2 e4 f6 8e d4 ac 4e 7c 47 ab 17 c4 7e | ikev2 g^x f9 74 21 d8 98 ba 34 43 f5 fe c4 5f 5f f6 12 bc | ikev2 g^x e5 c4 7e a0 ff 76 c7 8c 0e b4 a8 21 e1 8b 72 cb | ikev2 g^x 08 53 d6 91 e0 37 d9 6f 01 b2 7a 7b 1b 6c b2 52 | ikev2 g^x de 88 cb 92 e3 98 68 e8 c0 14 3b 0f f9 04 f4 04 | ikev2 g^x a4 6d a4 75 10 98 75 18 43 78 e4 95 cf 20 9d 91 | ikev2 g^x 59 ad c3 fd 17 9f 6a 57 3a ce d3 53 40 ff 80 cd | ikev2 g^x 2f 45 20 0b 35 18 98 3e fd d4 f1 c2 5b 24 a6 b4 | ikev2 g^x d3 85 ab 50 66 2f 6e e1 c7 2b 8d 80 af 44 09 c2 | ikev2 g^x 2e e2 62 9c 13 02 df 29 e8 3f 25 ff 6e cd 77 82 | ikev2 g^x b9 fb 29 ee fb 56 a7 1b 5f 87 17 56 10 02 52 9e | ikev2 g^x e1 da 85 62 de 49 8b 3f 6f b5 87 b7 0e 34 41 d8 | ikev2 g^x ab 6f 86 6e 66 c3 a5 6c 25 ee bc 3b 8c ed 35 76 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce b5 85 f8 15 14 10 09 cd 00 16 33 6f 47 2b e8 01 | IKEv2 nonce 24 4f dc 01 63 46 6c 18 09 d0 a6 8b db 44 09 73 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff72f592e0 (length 8) | d7 a7 50 22 b2 e6 a3 46 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff72f592e8 (length 8) | 87 47 c3 68 a9 be 6f 68 | NATD hash sha digest IP addr-bytes@0x7fff72f59214 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff72f59206 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff72f59290 (length 20) | 00 42 47 e2 c1 d0 6e 87 b8 13 de 81 fc 7c 57 cb | 8f 88 b0 3f | natd_hash: hasher=0x557c448ca7a0(20) | natd_hash: icookie= d7 a7 50 22 b2 e6 a3 46 | natd_hash: rcookie= 87 47 c3 68 a9 be 6f 68 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 00 42 47 e2 c1 d0 6e 87 b8 13 de 81 fc 7c 57 cb | natd_hash: hash= 8f 88 b0 3f | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 00 42 47 e2 c1 d0 6e 87 b8 13 de 81 fc 7c 57 cb | Notify data 8f 88 b0 3f | emitting length of IKEv2 Notify Payload: 28 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff72f592e0 (length 8) | d7 a7 50 22 b2 e6 a3 46 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff72f592e8 (length 8) | 87 47 c3 68 a9 be 6f 68 | NATD hash sha digest IP addr-bytes@0x7fff72f59214 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff72f59206 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff72f59290 (length 20) | 41 99 70 26 41 9f 66 d7 26 d2 c8 30 70 c6 45 9d | 36 25 fe 9a | natd_hash: hasher=0x557c448ca7a0(20) | natd_hash: icookie= d7 a7 50 22 b2 e6 a3 46 | natd_hash: rcookie= 87 47 c3 68 a9 be 6f 68 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 41 99 70 26 41 9f 66 d7 26 d2 c8 30 70 c6 45 9d | natd_hash: hash= 36 25 fe 9a | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 41 99 70 26 41 9f 66 d7 26 d2 c8 30 70 c6 45 9d | Notify data 36 25 fe 9a | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | [RE]START processing: state #7 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #7 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 | parent state #7: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) | Message ID: updating counters for #7 to 0 after switching state | Message ID: recv #7 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 | Message ID: sent #7 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 "east" #7: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_CBC_128 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP2048} | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) | sending 440 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #7) | d7 a7 50 22 b2 e6 a3 46 87 47 c3 68 a9 be 6f 68 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 fd 71 14 f4 f5 97 ed 3c b7 91 a1 6c | 6f e9 1e bb da bb d2 f2 a6 e6 60 82 c4 04 1c 2d | 8f b7 54 4d d9 b1 a8 5b 30 6c 05 9e a8 56 5e a7 | e0 66 ac e3 6b 8a 9f a2 e4 f6 8e d4 ac 4e 7c 47 | ab 17 c4 7e f9 74 21 d8 98 ba 34 43 f5 fe c4 5f | 5f f6 12 bc e5 c4 7e a0 ff 76 c7 8c 0e b4 a8 21 | e1 8b 72 cb 08 53 d6 91 e0 37 d9 6f 01 b2 7a 7b | 1b 6c b2 52 de 88 cb 92 e3 98 68 e8 c0 14 3b 0f | f9 04 f4 04 a4 6d a4 75 10 98 75 18 43 78 e4 95 | cf 20 9d 91 59 ad c3 fd 17 9f 6a 57 3a ce d3 53 | 40 ff 80 cd 2f 45 20 0b 35 18 98 3e fd d4 f1 c2 | 5b 24 a6 b4 d3 85 ab 50 66 2f 6e e1 c7 2b 8d 80 | af 44 09 c2 2e e2 62 9c 13 02 df 29 e8 3f 25 ff | 6e cd 77 82 b9 fb 29 ee fb 56 a7 1b 5f 87 17 56 | 10 02 52 9e e1 da 85 62 de 49 8b 3f 6f b5 87 b7 | 0e 34 41 d8 ab 6f 86 6e 66 c3 a5 6c 25 ee bc 3b | 8c ed 35 76 29 00 00 24 b5 85 f8 15 14 10 09 cd | 00 16 33 6f 47 2b e8 01 24 4f dc 01 63 46 6c 18 | 09 d0 a6 8b db 44 09 73 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 00 42 47 e2 c1 d0 6e 87 | b8 13 de 81 fc 7c 57 cb 8f 88 b0 3f 00 00 00 1c | 00 00 40 05 41 99 70 26 41 9f 66 d7 26 d2 c8 30 | 70 c6 45 9d 36 25 fe 9a | state #7 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7efea40060f0 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x557c468f4150 | event_schedule: new EVENT_SO_DISCARD-pe@0x557c468f4150 | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #7 | libevent_malloc: new ptr-libevent@0x7efea40060f0 size 128 | resume sending helper answer for #7 suppresed complete_v2_state_transition() | #7 spent 0.464 milliseconds in resume sending helper answer | stop processing: state #7 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7efea8006900 | spent 0.00311 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 220 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | d7 a7 50 22 b2 e6 a3 46 87 47 c3 68 a9 be 6f 68 | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | d8 9e ab df b4 fc 34 31 7f 97 8f a6 6c 34 cd 89 | c9 fc 9d 31 4d 6a 6f 7e d9 0b 58 f2 39 7e 71 62 | 58 1c 6c 87 2b df 1a 98 e6 da 39 b1 fc 90 57 6a | 1d 52 9b a4 d1 6e 81 1f bb d9 45 be 02 68 fb 67 | 2d 7d df b9 24 da b0 44 61 f9 e6 95 55 16 0c 61 | 64 6c 5d c2 9a 11 9f 88 0f 4f 4c 98 f0 05 4e 54 | 1d 29 71 fb 38 8b fe b1 c9 d5 6d 91 49 c2 b1 11 | 3c a8 12 24 30 65 0b f3 3f 07 ac d3 72 6f 25 6e | cd b4 6a 5f ed 23 ad 40 99 f9 a8 6e 57 29 fe e5 | e7 1f d4 14 c6 40 b2 65 82 35 56 da 43 42 dc a4 | f9 de 64 13 7f f8 8b 2f e8 39 db 9d 41 18 45 c0 | e6 9d 34 17 8b 51 e5 45 f2 dc d8 d1 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | d7 a7 50 22 b2 e6 a3 46 | responder cookie: | 87 47 c3 68 a9 be 6f 68 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | length: 220 (0xdc) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request | State DB: found IKEv2 state #7 in PARENT_R1 (find_v2_ike_sa) | start processing: state #7 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #7 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #7 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 | Message ID: #7 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | length: 192 (0xc0) | processing payload: ISAKMP_NEXT_v2SK (len=188) | Message ID: start-responder #7 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 | #7 in state PARENT_R1: received v2I1, sent v2R1 | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) | Now let's proceed with state specific processing | calling processor Responder: process IKE_AUTH request (no SKEYSEED) | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA1 integ=HMAC_SHA1_96 cipherkey=AES_CBC | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7efea8000d60: transferring ownership from state #7 to helper IKEv2 DH | adding ikev2_inI2outR2 KE work-order 6 for state #7 | state #7 requesting EVENT_SO_DISCARD to be deleted | libevent_free: release ptr-libevent@0x7efea40060f0 | free_event_entry: release EVENT_SO_DISCARD-pe@0x557c468f4150 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x557c468f4150 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #7 | libevent_malloc: new ptr-libevent@0x7efea40060f0 size 128 | #7 spent 0.0291 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet() | crypto helper 5 resuming | [RE]START processing: state #7 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | crypto helper 5 starting work-order 6 for state #7 | #7 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND | crypto helper 5 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 6 | suspending state #7 and saving MD | #7 is busy; has a suspended MD | peer's g: 82 f8 07 85 6c 3b ee 6b f9 9e d9 3f b2 9c 05 e5 | peer's g: 81 47 60 da 10 52 ac 82 42 5b 88 b1 30 09 3c 49 | peer's g: 79 79 eb 53 93 cf ff 34 7e f2 fd 20 63 34 b1 77 | peer's g: 61 3f 5b 9b c5 3f ba 2a b2 8f 12 3d 4b e8 17 41 | peer's g: 66 ae c8 dc 58 40 d8 46 2f 1d 23 01 a2 f1 05 f4 | peer's g: 2c c1 fb cc 0e 73 36 19 8c b1 55 f0 04 c1 8c e3 | peer's g: 46 a4 25 67 2f 45 fe 6a 2e 19 29 3d b8 b6 6b 3a | peer's g: 68 fe 32 d1 51 49 4c 9d 5c 72 bd 0e bd 5f e4 9a | peer's g: 09 c7 4e 3d 76 a9 9b ce 65 e1 52 22 df ee 79 80 | peer's g: 3a 06 63 a4 c6 1b 96 7b c1 f5 b6 7a 71 60 d9 c3 | peer's g: 62 fc 56 dc c1 e7 e7 05 c7 40 95 f4 e9 9d 1b af | peer's g: 30 2f 1a 68 2b 94 ad 14 8a 18 de df 8f 9b 8e b3 | peer's g: 38 2f 5d 7f 91 29 01 a4 6f b8 88 51 b8 6b 92 86 | peer's g: ce b6 43 9c 75 4f fe e1 ca 1f fb 31 9d d4 aa 3b | peer's g: 11 22 95 b5 0a 4e 7c f0 39 59 1d 5e 3a ad 75 30 | peer's g: 3d 56 e2 ad f7 48 8a 2e 85 e0 35 4f af 2d e5 4d | [RE]START processing: state #7 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3266) | Started DH shared-secret computation in NSS: | "east" #7 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | stop processing: state #7 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #7 spent 0.221 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.232 milliseconds in comm_handle_cb() reading and processing packet | new : g_ir-key@0x557c468d7990 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7efea8000d60: computed shared DH secret key@0x557c468d7990 | dh-shared : g^ir-key@0x557c468d7990 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha integ=sha cipherkey-size=16 salt-size=0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha init Ni | Nr-chunk@0x7efe9c001ef0 (length 64) | 82 1e 39 68 ce 24 fd ef 02 2c 26 2a 5d 06 d3 54 | 09 ff 0d 94 ff b3 37 1f 0f 56 04 2f dc 7c ff 71 | b5 85 f8 15 14 10 09 cd 00 16 33 6f 47 2b e8 01 | 24 4f dc 01 63 46 6c 18 09 d0 a6 8b db 44 09 73 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efeba0a4670 | result: Ni | Nr-key@0x557c468ef2a0 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x557c468ef2a0 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeba0a4658 | result: Ni | Nr-key@0x7efeb4006900 (64-bytes, SHA_1_HMAC) | Ni | Nr: release tmp-key@0x557c468ef2a0 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha context 0x7efe9c002e80 from Ni | Nr-key@0x7efeb4006900 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha with context 0x7efe9c002e80 from Ni | Nr-key@0x7efeb4006900 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x7efeb4006900 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha crypt-prf@0x7efe9c0016b0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha update g^ir-key@0x557c468d7990 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x557c468d7990 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x557c468d7990 | nss hmac digest hack: symkey-key@0x557c468d7990 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)-1173732656: 31 18 4d ffffffa8 ffffffeb ffffffcc ffffffef fffffff1 ffffffbb 2b 11 54 ffffffc9 ffffffa9 2c 09 ffffff93 57 ffffffc2 16 ffffffab ffffffe4 ffffffc0 ffffffc0 04 ffffffbc ffffff9f 0e 65 7f 58 ffffff8e 40 fffffff1 ffffff83 73 ffffffcf 3a ffffffcd 2e ffffff96 16 ffffffe3 36 61 ffffffcf ffffff8b ffffffff 0d 7e fffffffb 3f 37 02 38 ffffffac 3c ffffffbc 20 49 ffffffc9 2a ffffff9a 76 ffffff9e 25 59 ffffff8f 45 ffffffac ffffffbb ffffff8d 29 ffffffbc 6a ffffffde fffffff6 61 39 7e ffffffc3 12 20 ffffffa2 ffffffd3 2a fffffffe ffffff97 ffffffee ffffffa1 55 ffffffa7 ffffff85 13 ffffffd9 56 ffffffac ffffffba 7a ffffff8b ffffffb8 5a 7f 2c 2d 06 01 ffffffe5 ffffffa3 7f fffffff1 ffffffbb 76 ffffff85 2e 4b fffffffc 06 0f 32 ffffffaf 70 ffffffc1 ffffffd5 1f 6c ffffffdb 27 62 42 fffffff0 6f ffffff85 fffffff7 22 ffffff82 ffffffd1 ffffffbd 52 ffffffd8 34 ffffffab fffffff7 3b ffffffef ffffffb0 ffffffcf ffffffb5 ffffffb6 ffffffaa 32 70 3f ffffffeb ffffffab | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 256 bytes at 0x7efe9c003dd0 | unwrapped: f7 6c d5 04 f1 61 0e a6 ee b4 2f 7b d0 8c 49 eb | unwrapped: 29 ee f7 da 33 c3 f8 10 c2 89 15 7e 37 e2 76 b1 | unwrapped: 91 d7 8e 66 36 7a 23 cb f9 6d ea c9 41 ca 70 5b | unwrapped: 6d da a9 74 bf cf 69 0c db 21 02 5a 92 38 d6 97 | unwrapped: a1 c5 77 c9 ea 53 3f 80 a7 3a 86 cf bc 83 3a c2 | unwrapped: 31 0f 98 35 00 14 0b 1c 58 04 2a ac 06 0e 44 38 | unwrapped: 73 43 57 6c 01 cb d5 a6 37 eb f0 2c db 61 7e eb | unwrapped: 3d 2a 2b bb 81 f3 4c 0b 2f 06 5f 2d d7 64 64 6d | unwrapped: b0 7b bf ed 31 94 7b 7d fc 83 94 77 11 58 ee 4c | unwrapped: 5d e0 1d 16 6a ef cf 96 8b 0c ee 15 cc 31 f7 78 | unwrapped: 59 25 66 9c a2 ac e4 4e 4f 0d 69 91 ae 48 c6 36 | unwrapped: 7f ec ba ca 2c bf 4c 28 08 e5 00 8f 6b c4 30 31 | unwrapped: f9 1e 61 e0 6e 35 3a cf 10 ce a7 bb 49 8a 48 15 | unwrapped: e0 ab d3 b4 ff 41 93 a6 e4 df e1 a9 8b b8 e1 a8 | unwrapped: e1 74 b5 84 20 84 ef 76 98 a5 fb 37 ae 45 b9 07 | unwrapped: 73 8f 4e 51 69 6e 99 c0 69 4d e3 fe ec 52 3a 67 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efeba0a4690 | result: final-key@0x557c468ef2a0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x557c468ef2a0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeba0a4678 | result: final-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x557c468ef2a0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha final-key@0x7efeb4006900 (size 20) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efeba0a4600 | result: data=Ni-key@0x7efeac0069f0 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x7efeac0069f0 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeba0a45e8 | result: data=Ni-key@0x557c468ef2a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x7efeac0069f0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c468ef2a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7efeba0a45f0 | result: data+=Nr-key@0x7efeac0069f0 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x557c468ef2a0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7efeac0069f0 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7efeba0a45f0 | result: data+=SPIi-key@0x557c468ef2a0 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x7efeac0069f0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c468ef2a0 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7efeba0a45f0 | result: data+=SPIr-key@0x7efeac0069f0 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x557c468ef2a0 | prf+0 PRF sha init key-key@0x7efeb4006900 (size 20) | prf+0: key-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeba0a4518 | result: clone-key@0x557c468ef2a0 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7efe9c002e80 from key-key@0x557c468ef2a0 | prf+0 prf: begin sha with context 0x7efe9c002e80 from key-key@0x557c468ef2a0 | prf+0: release clone-key@0x557c468ef2a0 | prf+0 PRF sha crypt-prf@0x7efe9c0018a0 | prf+0 PRF sha update seed-key@0x7efeac0069f0 (size 80) | prf+0: seed-key@0x7efeac0069f0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x7efeac0069f0 | nss hmac digest hack: symkey-key@0x7efeac0069f0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1173733024: ffffffa4 01 26 08 63 fffffffa 39 01 ffffffce ffffff90 ffffff88 ffffffbd 1e ffffff8d 7d 5b 68 5b ffffffee 5d ffffff9d ffffffa4 69 06 ffffffca 13 ffffffdf 01 5c ffffffcf ffffffcf ffffffaa ffffff96 77 ffffff92 ffffff9d 4e ffffffeb ffffffd6 ffffffc2 ffffffd3 6f 5e ffffffe9 ffffffd5 ffffffa9 08 6f 1e ffffffbc 04 0d 41 1c ffffffd6 33 19 39 50 17 ffffff89 ffffff8e 36 4a ffffffe0 77 ffffff91 74 ffffff8d ffffff95 48 51 ffffffb8 53 2b 19 fffffff4 ffffffcd 58 7f | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 80 bytes at 0x7efe9c007e90 | unwrapped: 82 1e 39 68 ce 24 fd ef 02 2c 26 2a 5d 06 d3 54 | unwrapped: 09 ff 0d 94 ff b3 37 1f 0f 56 04 2f dc 7c ff 71 | unwrapped: b5 85 f8 15 14 10 09 cd 00 16 33 6f 47 2b e8 01 | unwrapped: 24 4f dc 01 63 46 6c 18 09 d0 a6 8b db 44 09 73 | unwrapped: d7 a7 50 22 b2 e6 a3 46 87 47 c3 68 a9 be 6f 68 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efeba0a4520 | result: final-key@0x557c468ef410 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x557c468ef410 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeba0a4508 | result: final-key@0x557c468ef2a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x557c468ef410 | prf+0 PRF sha final-key@0x557c468ef2a0 (size 20) | prf+0: key-key@0x557c468ef2a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x557c468ef2a0 | prf+N PRF sha init key-key@0x7efeb4006900 (size 20) | prf+N: key-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeba0a4518 | result: clone-key@0x557c468ef410 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7efe9c002e80 from key-key@0x557c468ef410 | prf+N prf: begin sha with context 0x7efe9c002e80 from key-key@0x557c468ef410 | prf+N: release clone-key@0x557c468ef410 | prf+N PRF sha crypt-prf@0x7efe9c001f40 | prf+N PRF sha update old_t-key@0x557c468ef2a0 (size 20) | prf+N: old_t-key@0x557c468ef2a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x557c468ef2a0 | nss hmac digest hack: symkey-key@0x557c468ef2a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1173733024: ffffffca ffffffd3 ffffffa1 fffffff5 fffffff9 1c ffffffc6 12 36 08 74 ffffffe2 ffffffa6 ffffffa9 09 39 ffffff85 ffffffd5 22 38 6e ffffffc6 49 67 12 39 ffffff8d 46 ffffffef fffffffd ffffffc2 ffffffc3 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x7efe9c007ef0 | unwrapped: 73 08 d4 6d 40 b4 bf 47 85 2e 26 3f 29 74 66 24 | unwrapped: b9 2d d0 49 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7efeac0069f0 (size 80) | prf+N: seed-key@0x7efeac0069f0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x7efeac0069f0 | nss hmac digest hack: symkey-key@0x7efeac0069f0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1173733024: ffffffa4 01 26 08 63 fffffffa 39 01 ffffffce ffffff90 ffffff88 ffffffbd 1e ffffff8d 7d 5b 68 5b ffffffee 5d ffffff9d ffffffa4 69 06 ffffffca 13 ffffffdf 01 5c ffffffcf ffffffcf ffffffaa ffffff96 77 ffffff92 ffffff9d 4e ffffffeb ffffffd6 ffffffc2 ffffffd3 6f 5e ffffffe9 ffffffd5 ffffffa9 08 6f 1e ffffffbc 04 0d 41 1c ffffffd6 33 19 39 50 17 ffffff89 ffffff8e 36 4a ffffffe0 77 ffffff91 74 ffffff8d ffffff95 48 51 ffffffb8 53 2b 19 fffffff4 ffffffcd 58 7f | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 80 bytes at 0x7efe9c007e30 | unwrapped: 82 1e 39 68 ce 24 fd ef 02 2c 26 2a 5d 06 d3 54 | unwrapped: 09 ff 0d 94 ff b3 37 1f 0f 56 04 2f dc 7c ff 71 | unwrapped: b5 85 f8 15 14 10 09 cd 00 16 33 6f 47 2b e8 01 | unwrapped: 24 4f dc 01 63 46 6c 18 09 d0 a6 8b db 44 09 73 | unwrapped: d7 a7 50 22 b2 e6 a3 46 87 47 c3 68 a9 be 6f 68 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efeba0a4520 | result: final-key@0x7efe9c006450 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efe9c006450 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeba0a4508 | result: final-key@0x557c468ef410 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efe9c006450 | prf+N PRF sha final-key@0x557c468ef410 (size 20) | prf+N: key-key@0x557c468ef410 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c468ef2a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7efeba0a4598 | result: result-key@0x7efe9c006450 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x557c468ef2a0 | prfplus: release old_t[N]-key@0x557c468ef2a0 | prf+N PRF sha init key-key@0x7efeb4006900 (size 20) | prf+N: key-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeba0a4518 | result: clone-key@0x557c468ef2a0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7efe9c002e80 from key-key@0x557c468ef2a0 | prf+N prf: begin sha with context 0x7efe9c002e80 from key-key@0x557c468ef2a0 | prf+N: release clone-key@0x557c468ef2a0 | prf+N PRF sha crypt-prf@0x7efe9c001270 | prf+N PRF sha update old_t-key@0x557c468ef410 (size 20) | prf+N: old_t-key@0x557c468ef410 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x557c468ef410 | nss hmac digest hack: symkey-key@0x557c468ef410 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1173733024: ffffffdf 54 ffffff9d 4f 3a ffffff84 ffffffcc ffffff88 ffffffd2 ffffffe6 ffffffff fffffff8 7d ffffffa9 ffffffa4 40 ffffffb4 13 6f ffffff8a ffffffb9 fffffffa ffffff97 02 6d ffffffae ffffff96 fffffff4 30 ffffffe6 7a ffffffa0 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x7efe9c00b950 | unwrapped: 2c d5 3d 77 f5 98 eb 65 01 fe 9f c1 e4 91 35 63 | unwrapped: e6 f5 38 4a 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7efeac0069f0 (size 80) | prf+N: seed-key@0x7efeac0069f0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x7efeac0069f0 | nss hmac digest hack: symkey-key@0x7efeac0069f0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1173733024: ffffffa4 01 26 08 63 fffffffa 39 01 ffffffce ffffff90 ffffff88 ffffffbd 1e ffffff8d 7d 5b 68 5b ffffffee 5d ffffff9d ffffffa4 69 06 ffffffca 13 ffffffdf 01 5c ffffffcf ffffffcf ffffffaa ffffff96 77 ffffff92 ffffff9d 4e ffffffeb ffffffd6 ffffffc2 ffffffd3 6f 5e ffffffe9 ffffffd5 ffffffa9 08 6f 1e ffffffbc 04 0d 41 1c ffffffd6 33 19 39 50 17 ffffff89 ffffff8e 36 4a ffffffe0 77 ffffff91 74 ffffff8d ffffff95 48 51 ffffffb8 53 2b 19 fffffff4 ffffffcd 58 7f | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 80 bytes at 0x7efe9c007dd0 | unwrapped: 82 1e 39 68 ce 24 fd ef 02 2c 26 2a 5d 06 d3 54 | unwrapped: 09 ff 0d 94 ff b3 37 1f 0f 56 04 2f dc 7c ff 71 | unwrapped: b5 85 f8 15 14 10 09 cd 00 16 33 6f 47 2b e8 01 | unwrapped: 24 4f dc 01 63 46 6c 18 09 d0 a6 8b db 44 09 73 | unwrapped: d7 a7 50 22 b2 e6 a3 46 87 47 c3 68 a9 be 6f 68 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efeba0a4520 | result: final-key@0x7efe9c009e40 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efe9c009e40 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeba0a4508 | result: final-key@0x557c468ef2a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efe9c009e40 | prf+N PRF sha final-key@0x557c468ef2a0 (size 20) | prf+N: key-key@0x557c468ef2a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7efe9c006450 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7efeba0a4598 | result: result-key@0x7efe9c009e40 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7efe9c006450 | prfplus: release old_t[N]-key@0x557c468ef410 | prf+N PRF sha init key-key@0x7efeb4006900 (size 20) | prf+N: key-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeba0a4518 | result: clone-key@0x557c468ef410 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7efe9c002e80 from key-key@0x557c468ef410 | prf+N prf: begin sha with context 0x7efe9c002e80 from key-key@0x557c468ef410 | prf+N: release clone-key@0x557c468ef410 | prf+N PRF sha crypt-prf@0x7efe9c002010 | prf+N PRF sha update old_t-key@0x557c468ef2a0 (size 20) | prf+N: old_t-key@0x557c468ef2a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x557c468ef2a0 | nss hmac digest hack: symkey-key@0x557c468ef2a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1173733024: 14 fffffff1 2a 14 1c 10 ffffff9e 0d 64 66 ffffffeb ffffff92 44 1e 48 7d 73 09 78 72 4d 30 5a ffffff87 ffffff8a ffffff9b ffffffb6 ffffffc6 ffffff82 ffffffd8 ffffff85 33 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x7efe9c00bca0 | unwrapped: 7e d9 33 ea 93 8e b3 73 0c 7b 54 c5 ca 88 1b 91 | unwrapped: f3 2e fc e8 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7efeac0069f0 (size 80) | prf+N: seed-key@0x7efeac0069f0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x7efeac0069f0 | nss hmac digest hack: symkey-key@0x7efeac0069f0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1173733024: ffffffa4 01 26 08 63 fffffffa 39 01 ffffffce ffffff90 ffffff88 ffffffbd 1e ffffff8d 7d 5b 68 5b ffffffee 5d ffffff9d ffffffa4 69 06 ffffffca 13 ffffffdf 01 5c ffffffcf ffffffcf ffffffaa ffffff96 77 ffffff92 ffffff9d 4e ffffffeb ffffffd6 ffffffc2 ffffffd3 6f 5e ffffffe9 ffffffd5 ffffffa9 08 6f 1e ffffffbc 04 0d 41 1c ffffffd6 33 19 39 50 17 ffffff89 ffffff8e 36 4a ffffffe0 77 ffffff91 74 ffffff8d ffffff95 48 51 ffffffb8 53 2b 19 fffffff4 ffffffcd 58 7f | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 80 bytes at 0x7efe9c0066d0 | unwrapped: 82 1e 39 68 ce 24 fd ef 02 2c 26 2a 5d 06 d3 54 | unwrapped: 09 ff 0d 94 ff b3 37 1f 0f 56 04 2f dc 7c ff 71 | unwrapped: b5 85 f8 15 14 10 09 cd 00 16 33 6f 47 2b e8 01 | unwrapped: 24 4f dc 01 63 46 6c 18 09 d0 a6 8b db 44 09 73 | unwrapped: d7 a7 50 22 b2 e6 a3 46 87 47 c3 68 a9 be 6f 68 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efeba0a4520 | result: final-key@0x7efe9c006450 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efe9c006450 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeba0a4508 | result: final-key@0x557c468ef410 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efe9c006450 | prf+N PRF sha final-key@0x557c468ef410 (size 20) | prf+N: key-key@0x557c468ef410 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7efe9c009e40 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7efeba0a4598 | result: result-key@0x7efe9c006450 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7efe9c009e40 | prfplus: release old_t[N]-key@0x557c468ef2a0 | prf+N PRF sha init key-key@0x7efeb4006900 (size 20) | prf+N: key-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeba0a4518 | result: clone-key@0x557c468ef2a0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7efe9c002e80 from key-key@0x557c468ef2a0 | prf+N prf: begin sha with context 0x7efe9c002e80 from key-key@0x557c468ef2a0 | prf+N: release clone-key@0x557c468ef2a0 | prf+N PRF sha crypt-prf@0x7efe9c001270 | prf+N PRF sha update old_t-key@0x557c468ef410 (size 20) | prf+N: old_t-key@0x557c468ef410 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x557c468ef410 | nss hmac digest hack: symkey-key@0x557c468ef410 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1173733024: 4a ffffffda 0b ffffffe4 ffffffd4 47 ffffffc1 0a 46 2c 09 63 ffffff85 fffffffb 79 fffffff6 ffffffd0 08 09 74 ffffffd4 ffffff84 ffffff91 3b ffffffde ffffff81 6e 5d ffffffe5 15 ffffffb9 67 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x7efe9c00bc70 | unwrapped: 84 e9 17 5f 32 27 22 6f 44 b3 19 81 c4 88 85 61 | unwrapped: ac 40 7d b9 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7efeac0069f0 (size 80) | prf+N: seed-key@0x7efeac0069f0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x7efeac0069f0 | nss hmac digest hack: symkey-key@0x7efeac0069f0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1173733024: ffffffa4 01 26 08 63 fffffffa 39 01 ffffffce ffffff90 ffffff88 ffffffbd 1e ffffff8d 7d 5b 68 5b ffffffee 5d ffffff9d ffffffa4 69 06 ffffffca 13 ffffffdf 01 5c ffffffcf ffffffcf ffffffaa ffffff96 77 ffffff92 ffffff9d 4e ffffffeb ffffffd6 ffffffc2 ffffffd3 6f 5e ffffffe9 ffffffd5 ffffffa9 08 6f 1e ffffffbc 04 0d 41 1c ffffffd6 33 19 39 50 17 ffffff89 ffffff8e 36 4a ffffffe0 77 ffffff91 74 ffffff8d ffffff95 48 51 ffffffb8 53 2b 19 fffffff4 ffffffcd 58 7f | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 80 bytes at 0x7efe9c00bcd0 | unwrapped: 82 1e 39 68 ce 24 fd ef 02 2c 26 2a 5d 06 d3 54 | unwrapped: 09 ff 0d 94 ff b3 37 1f 0f 56 04 2f dc 7c ff 71 | unwrapped: b5 85 f8 15 14 10 09 cd 00 16 33 6f 47 2b e8 01 | unwrapped: 24 4f dc 01 63 46 6c 18 09 d0 a6 8b db 44 09 73 | unwrapped: d7 a7 50 22 b2 e6 a3 46 87 47 c3 68 a9 be 6f 68 | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efeba0a4520 | result: final-key@0x7efe9c009e40 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efe9c009e40 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeba0a4508 | result: final-key@0x557c468ef2a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efe9c009e40 | prf+N PRF sha final-key@0x557c468ef2a0 (size 20) | prf+N: key-key@0x557c468ef2a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7efe9c006450 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7efeba0a4598 | result: result-key@0x7efe9c009e40 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7efe9c006450 | prfplus: release old_t[N]-key@0x557c468ef410 | prf+N PRF sha init key-key@0x7efeb4006900 (size 20) | prf+N: key-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeba0a4518 | result: clone-key@0x557c468ef410 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7efe9c00b7c0 from key-key@0x557c468ef410 | prf+N prf: begin sha with context 0x7efe9c00b7c0 from key-key@0x557c468ef410 | prf+N: release clone-key@0x557c468ef410 | prf+N PRF sha crypt-prf@0x7efe9c002010 | prf+N PRF sha update old_t-key@0x557c468ef2a0 (size 20) | prf+N: old_t-key@0x557c468ef2a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x557c468ef2a0 | nss hmac digest hack: symkey-key@0x557c468ef2a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1173733024: 40 47 ffffff95 24 7a ffffffbd ffffff97 fffffffe ffffffa7 5c ffffff8a 13 6d 54 7e ffffff8c 26 ffffffd1 fffffff1 21 ffffff99 31 35 ffffffd3 07 30 4d 02 6f ffffffba ffffffa3 64 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x7efe9c00bc20 | unwrapped: c3 96 18 0b 71 4d e8 33 4c 01 dc 21 33 f8 40 71 | unwrapped: 41 d4 c0 cf 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7efeac0069f0 (size 80) | prf+N: seed-key@0x7efeac0069f0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x7efeac0069f0 | nss hmac digest hack: symkey-key@0x7efeac0069f0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1173733024: ffffffa4 01 26 08 63 fffffffa 39 01 ffffffce ffffff90 ffffff88 ffffffbd 1e ffffff8d 7d 5b 68 5b ffffffee 5d ffffff9d ffffffa4 69 06 ffffffca 13 ffffffdf 01 5c ffffffcf ffffffcf ffffffaa ffffff96 77 ffffff92 ffffff9d 4e ffffffeb ffffffd6 ffffffc2 ffffffd3 6f 5e ffffffe9 ffffffd5 ffffffa9 08 6f 1e ffffffbc 04 0d 41 1c ffffffd6 33 19 39 50 17 ffffff89 ffffff8e 36 4a ffffffe0 77 ffffff91 74 ffffff8d ffffff95 48 51 ffffffb8 53 2b 19 fffffff4 ffffffcd 58 7f | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 80 bytes at 0x7efe9c007e30 | unwrapped: 82 1e 39 68 ce 24 fd ef 02 2c 26 2a 5d 06 d3 54 | unwrapped: 09 ff 0d 94 ff b3 37 1f 0f 56 04 2f dc 7c ff 71 | unwrapped: b5 85 f8 15 14 10 09 cd 00 16 33 6f 47 2b e8 01 | unwrapped: 24 4f dc 01 63 46 6c 18 09 d0 a6 8b db 44 09 73 | unwrapped: d7 a7 50 22 b2 e6 a3 46 87 47 c3 68 a9 be 6f 68 | prf+N PRF sha update N++-byte@0x6 (6) | 06 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efeba0a4520 | result: final-key@0x7efe9c006450 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efe9c006450 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeba0a4508 | result: final-key@0x557c468ef410 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efe9c006450 | prf+N PRF sha final-key@0x557c468ef410 (size 20) | prf+N: key-key@0x557c468ef410 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7efe9c009e40 (100-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7efeba0a4598 | result: result-key@0x7efe9c006450 (120-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7efe9c009e40 | prfplus: release old_t[N]-key@0x557c468ef2a0 | prf+N PRF sha init key-key@0x7efeb4006900 (size 20) | prf+N: key-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeba0a4518 | result: clone-key@0x557c468ef2a0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7efe9c002e80 from key-key@0x557c468ef2a0 | prf+N prf: begin sha with context 0x7efe9c002e80 from key-key@0x557c468ef2a0 | prf+N: release clone-key@0x557c468ef2a0 | prf+N PRF sha crypt-prf@0x7efe9c001270 | prf+N PRF sha update old_t-key@0x557c468ef410 (size 20) | prf+N: old_t-key@0x557c468ef410 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x557c468ef410 | nss hmac digest hack: symkey-key@0x557c468ef410 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1173733024: ffffffa4 ffffffbb ffffffe9 10 ffffff8e 30 fffffff6 2b fffffff7 7a ffffffe8 fffffff4 27 0a ffffffb3 ffffffbe ffffffbc 5d 69 ffffffd3 12 ffffffae ffffffef 6c 2c 1c ffffffa9 03 04 6b 51 5a | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x7efe9c00be60 | unwrapped: 83 31 01 9a c1 01 91 85 d6 99 5c df 0b 33 6b 54 | unwrapped: c8 70 1e 99 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7efeac0069f0 (size 80) | prf+N: seed-key@0x7efeac0069f0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x7efeac0069f0 | nss hmac digest hack: symkey-key@0x7efeac0069f0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1173733024: ffffffa4 01 26 08 63 fffffffa 39 01 ffffffce ffffff90 ffffff88 ffffffbd 1e ffffff8d 7d 5b 68 5b ffffffee 5d ffffff9d ffffffa4 69 06 ffffffca 13 ffffffdf 01 5c ffffffcf ffffffcf ffffffaa ffffff96 77 ffffff92 ffffff9d 4e ffffffeb ffffffd6 ffffffc2 ffffffd3 6f 5e ffffffe9 ffffffd5 ffffffa9 08 6f 1e ffffffbc 04 0d 41 1c ffffffd6 33 19 39 50 17 ffffff89 ffffff8e 36 4a ffffffe0 77 ffffff91 74 ffffff8d ffffff95 48 51 ffffffb8 53 2b 19 fffffff4 ffffffcd 58 7f | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 80 bytes at 0x7efe9c00bcd0 | unwrapped: 82 1e 39 68 ce 24 fd ef 02 2c 26 2a 5d 06 d3 54 | unwrapped: 09 ff 0d 94 ff b3 37 1f 0f 56 04 2f dc 7c ff 71 | unwrapped: b5 85 f8 15 14 10 09 cd 00 16 33 6f 47 2b e8 01 | unwrapped: 24 4f dc 01 63 46 6c 18 09 d0 a6 8b db 44 09 73 | unwrapped: d7 a7 50 22 b2 e6 a3 46 87 47 c3 68 a9 be 6f 68 | prf+N PRF sha update N++-byte@0x7 (7) | 07 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efeba0a4520 | result: final-key@0x7efe9c009e40 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efe9c009e40 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeba0a4508 | result: final-key@0x557c468ef2a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efe9c009e40 | prf+N PRF sha final-key@0x557c468ef2a0 (size 20) | prf+N: key-key@0x557c468ef2a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7efe9c006450 (120-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7efeba0a4598 | result: result-key@0x7efe9c009e40 (140-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7efe9c006450 | prfplus: release old_t[N]-key@0x557c468ef410 | prfplus: release old_t[final]-key@0x557c468ef2a0 | ike_sa_keymat: release data-key@0x7efeac0069f0 | calc_skeyseed_v2: release skeyseed_k-key@0x7efeb4006900 | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efe9c009e40 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeba0a4738 | result: result-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 20, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efe9c009e40 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeba0a4738 | result: result-key@0x7efeac0069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 40, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efe9c009e40 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeba0a4738 | result: result-key@0x557c468ef2a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 60, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x7efe9c009e40 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeba0a4748 | result: SK_ei_k-key@0x557c468ef410 (16-bytes, AES_CBC) | initiator salt NULL key has no bytes | calc_skeyseed_v2: release initiator-salt-key-key@NULL | key-offset: 76, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x7efe9c009e40 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeba0a4748 | result: SK_er_k-key@0x7efe9c006450 (16-bytes, AES_CBC) | responder salt NULL key has no bytes | calc_skeyseed_v2: release responder-salt-key-key@NULL | key-offset: 92, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efe9c009e40 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeba0a4748 | result: result-key@0x7efe9c00bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 20 bytes of key@0x7efe9c00bdb0 | chunk_SK_pi: symkey-key@0x7efe9c00bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1713381473: ffffffd1 3f ffffffb2 ffffffb5 ffffffb2 68 36 58 ffffffe2 38 ffffff9e fffffffc 10 38 79 ffffff9c fffffff5 18 ffffffc7 ffffffe4 5b ffffff90 ffffffd8 fffffffe ffffffd7 70 6c 72 ffffffa1 ffffff8c ffffffd3 ffffffc9 | chunk_SK_pi: release slot-key-key@0x557c468d1160 | chunk_SK_pi extracted len 32 bytes at 0x7efe9c002d20 | unwrapped: 33 f8 40 71 41 d4 c0 cf 83 31 01 9a c1 01 91 85 | unwrapped: d6 99 5c df 00 00 00 00 00 00 00 00 00 00 00 00 | key-offset: 112, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efe9c009e40 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeba0a4748 | result: result-key@0x7efe9c00eee0 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 20 bytes of key@0x7efe9c00eee0 | chunk_SK_pr: symkey-key@0x7efe9c00eee0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1713381473: 0f ffffff98 2e ffffffb4 3f 6e fffffff8 33 65 78 29 4b ffffffa9 4a 54 ffffffe1 36 ffffffdb 67 3b 40 ffffffaa ffffffbe 5b 5f ffffff8a 29 5a ffffffd2 6f ffffff87 ffffffae | chunk_SK_pr: release slot-key-key@0x557c468d1160 | chunk_SK_pr extracted len 32 bytes at 0x7efe9c002d50 | unwrapped: 0b 33 6b 54 c8 70 1e 99 4d f3 d9 74 69 9a ab 1b | unwrapped: a5 61 0f 4b 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x7efe9c009e40 | calc_skeyseed_v2 pointers: shared-key@0x557c468d7990, SK_d-key@0x7efeb4006900, SK_ai-key@0x7efeac0069f0, SK_ar-key@0x557c468ef2a0, SK_ei-key@0x557c468ef410, SK_er-key@0x7efe9c006450, SK_pi-key@0x7efe9c00bdb0, SK_pr-key@0x7efe9c00eee0 | calc_skeyseed_v2 initiator salt | | calc_skeyseed_v2 responder salt | | calc_skeyseed_v2 SK_pi | 33 f8 40 71 41 d4 c0 cf 83 31 01 9a c1 01 91 85 | d6 99 5c df | calc_skeyseed_v2 SK_pr | 0b 33 6b 54 c8 70 1e 99 4d f3 d9 74 69 9a ab 1b | a5 61 0f 4b | crypto helper 5 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 6 time elapsed 0.003497 seconds | (#7) spent 3.14 milliseconds in crypto helper computing work-order 6: ikev2_inI2outR2 KE (pcr) | crypto helper 5 sending results from work-order 6 for state #7 to event queue | scheduling resume sending helper answer for #7 | libevent_malloc: new ptr-libevent@0x7efe9c010760 size 128 | crypto helper 5 waiting (nothing to do) | processing resume sending helper answer for #7 | start processing: state #7 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 5 replies to request ID 6 | calling continuation function 0x557c447f4630 | ikev2_parent_inI2outR2_continue for #7: calculating g^{xy}, sending R2 | DH secret MODP2048@0x7efea8000d60: transferring ownership from helper IKEv2 DH to state #7 | finish_dh_v2: release st_shared_nss-key@NULL | #7 in state PARENT_R1: received v2I1, sent v2R1 | hmac PRF sha init symkey-key@0x7efeac0069f0 (size 20) | hmac: symkey-key@0x7efeac0069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efeac0069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f58c28 | result: clone-key@0x7efe9c009e40 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x557c468d06c0 from symkey-key@0x7efe9c009e40 | hmac prf: begin sha with context 0x557c468d06c0 from symkey-key@0x7efe9c009e40 | hmac: release clone-key@0x7efe9c009e40 | hmac PRF sha crypt-prf@0x557c468ec6e0 | hmac PRF sha update data-bytes@0x557c46842c20 (length 208) | d7 a7 50 22 b2 e6 a3 46 87 47 c3 68 a9 be 6f 68 | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | d8 9e ab df b4 fc 34 31 7f 97 8f a6 6c 34 cd 89 | c9 fc 9d 31 4d 6a 6f 7e d9 0b 58 f2 39 7e 71 62 | 58 1c 6c 87 2b df 1a 98 e6 da 39 b1 fc 90 57 6a | 1d 52 9b a4 d1 6e 81 1f bb d9 45 be 02 68 fb 67 | 2d 7d df b9 24 da b0 44 61 f9 e6 95 55 16 0c 61 | 64 6c 5d c2 9a 11 9f 88 0f 4f 4c 98 f0 05 4e 54 | 1d 29 71 fb 38 8b fe b1 c9 d5 6d 91 49 c2 b1 11 | 3c a8 12 24 30 65 0b f3 3f 07 ac d3 72 6f 25 6e | cd b4 6a 5f ed 23 ad 40 99 f9 a8 6e 57 29 fe e5 | e7 1f d4 14 c6 40 b2 65 82 35 56 da 43 42 dc a4 | f9 de 64 13 7f f8 8b 2f e8 39 db 9d 41 18 45 c0 | hmac PRF sha final-bytes@0x7fff72f58df0 (length 20) | e6 9d 34 17 8b 51 e5 45 f2 dc d8 d1 d1 3a 1d fa | bf 72 7f 83 | data for hmac: d7 a7 50 22 b2 e6 a3 46 87 47 c3 68 a9 be 6f 68 | data for hmac: 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | data for hmac: d8 9e ab df b4 fc 34 31 7f 97 8f a6 6c 34 cd 89 | data for hmac: c9 fc 9d 31 4d 6a 6f 7e d9 0b 58 f2 39 7e 71 62 | data for hmac: 58 1c 6c 87 2b df 1a 98 e6 da 39 b1 fc 90 57 6a | data for hmac: 1d 52 9b a4 d1 6e 81 1f bb d9 45 be 02 68 fb 67 | data for hmac: 2d 7d df b9 24 da b0 44 61 f9 e6 95 55 16 0c 61 | data for hmac: 64 6c 5d c2 9a 11 9f 88 0f 4f 4c 98 f0 05 4e 54 | data for hmac: 1d 29 71 fb 38 8b fe b1 c9 d5 6d 91 49 c2 b1 11 | data for hmac: 3c a8 12 24 30 65 0b f3 3f 07 ac d3 72 6f 25 6e | data for hmac: cd b4 6a 5f ed 23 ad 40 99 f9 a8 6e 57 29 fe e5 | data for hmac: e7 1f d4 14 c6 40 b2 65 82 35 56 da 43 42 dc a4 | data for hmac: f9 de 64 13 7f f8 8b 2f e8 39 db 9d 41 18 45 c0 | calculated auth: e6 9d 34 17 8b 51 e5 45 f2 dc d8 d1 | provided auth: e6 9d 34 17 8b 51 e5 45 f2 dc d8 d1 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | d8 9e ab df b4 fc 34 31 7f 97 8f a6 6c 34 cd 89 | payload before decryption: | c9 fc 9d 31 4d 6a 6f 7e d9 0b 58 f2 39 7e 71 62 | 58 1c 6c 87 2b df 1a 98 e6 da 39 b1 fc 90 57 6a | 1d 52 9b a4 d1 6e 81 1f bb d9 45 be 02 68 fb 67 | 2d 7d df b9 24 da b0 44 61 f9 e6 95 55 16 0c 61 | 64 6c 5d c2 9a 11 9f 88 0f 4f 4c 98 f0 05 4e 54 | 1d 29 71 fb 38 8b fe b1 c9 d5 6d 91 49 c2 b1 11 | 3c a8 12 24 30 65 0b f3 3f 07 ac d3 72 6f 25 6e | cd b4 6a 5f ed 23 ad 40 99 f9 a8 6e 57 29 fe e5 | e7 1f d4 14 c6 40 b2 65 82 35 56 da 43 42 dc a4 | f9 de 64 13 7f f8 8b 2f e8 39 db 9d 41 18 45 c0 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c | 02 00 00 00 65 61 73 74 21 00 00 1c 02 00 00 00 | 87 f6 31 76 35 44 e1 52 b7 59 b5 28 7c 80 19 aa | 94 3b dc 54 2c 00 00 2c 00 00 00 28 01 03 04 03 | 8c 0e e0 d8 03 00 00 0c 01 00 00 0c 80 0e 00 80 | 03 00 00 08 03 00 00 02 00 00 00 08 05 00 00 00 | 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff | c0 00 01 00 c0 00 01 ff 00 00 00 18 01 00 00 00 | 07 00 00 10 00 00 ff ff c0 00 02 00 c0 00 02 ff | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | stripping 16 octets as pad | #7 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) | **parse IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2IDr (0x24) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDi (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) | **parse IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDr (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) | **parse IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | length: 28 (0x1c) | auth method: IKEv2_AUTH_SHARED (0x2) | processing payload: ISAKMP_NEXT_v2AUTH (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | **parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) | flags: none (0x0) | length: 44 (0x2c) | processing payload: ISAKMP_NEXT_v2SA (len=40) | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) | **parse IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSi (len=16) | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) | **parse IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSr (len=16) | selected state microcode Responder: process IKE_AUTH request | Now let's proceed with state specific processing | calling processor Responder: process IKE_AUTH request "east" #7: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr} | #7 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) | received IDr payload - extracting our alleged ID | refine_host_connection for IKEv2: starting with "east" | match_id a=@west | b=@west | results matched | refine_host_connection: checking "east" against "east", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0)) | Warning: not switching back to template of current instance | Peer expects us to be @east (ID_FQDN) according to its IDr payload | This connection's local id is @east (ID_FQDN) | refine_host_connection: checked east against east, now for see if best | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x557c468dd5e0 (line=1) | concluding with best_match=014 best=0x557c468dd5e0 (lineno=1) | returning because exact peer id match | offered CA: '%none' "east" #7: IKEv2 mode peer ID is ID_FQDN: '@west' | hmac PRF sha init symkey-key@0x7efe9c00bdb0 (size 20) | hmac: symkey-key@0x7efe9c00bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efe9c00bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f58698 | result: clone-key@0x7efe9c009e40 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x557c468d06c0 from symkey-key@0x7efe9c009e40 | hmac prf: begin sha with context 0x557c468d06c0 from symkey-key@0x7efe9c009e40 | hmac: release clone-key@0x7efe9c009e40 | hmac PRF sha crypt-prf@0x557c468ed980 | idhash verify I2 02 00 00 00 77 65 73 74 | hmac PRF sha update data-bytes@0x557c46842c54 (length 8) | 02 00 00 00 77 65 73 74 | hmac PRF sha final-bytes@0x7fff72f58850 (length 20) | 27 85 85 82 ef b1 a8 5b 23 06 e5 05 c1 47 75 6e | 9a 6f 7b ac | verifying AUTH payload | ikev2_calculate_psk_sighash() called from STATE_PARENT_R1 to verify PSK with authby=secret | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x557c468dd5e0 (line=1) | concluding with best_match=014 best=0x557c468dd5e0 (lineno=1) | inputs to hash1 (first packet) | d7 a7 50 22 b2 e6 a3 46 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 bc 22 00 00 34 | 00 00 00 30 01 01 00 04 03 00 00 10 01 00 00 0c | 80 0e 00 80 80 0e 00 80 03 00 00 08 02 00 00 02 | 03 00 00 08 03 00 00 02 00 00 00 08 04 00 00 0e | 28 00 01 08 00 0e 00 00 82 f8 07 85 6c 3b ee 6b | f9 9e d9 3f b2 9c 05 e5 81 47 60 da 10 52 ac 82 | 42 5b 88 b1 30 09 3c 49 79 79 eb 53 93 cf ff 34 | 7e f2 fd 20 63 34 b1 77 61 3f 5b 9b c5 3f ba 2a | b2 8f 12 3d 4b e8 17 41 66 ae c8 dc 58 40 d8 46 | 2f 1d 23 01 a2 f1 05 f4 2c c1 fb cc 0e 73 36 19 | 8c b1 55 f0 04 c1 8c e3 46 a4 25 67 2f 45 fe 6a | 2e 19 29 3d b8 b6 6b 3a 68 fe 32 d1 51 49 4c 9d | 5c 72 bd 0e bd 5f e4 9a 09 c7 4e 3d 76 a9 9b ce | 65 e1 52 22 df ee 79 80 3a 06 63 a4 c6 1b 96 7b | c1 f5 b6 7a 71 60 d9 c3 62 fc 56 dc c1 e7 e7 05 | c7 40 95 f4 e9 9d 1b af 30 2f 1a 68 2b 94 ad 14 | 8a 18 de df 8f 9b 8e b3 38 2f 5d 7f 91 29 01 a4 | 6f b8 88 51 b8 6b 92 86 ce b6 43 9c 75 4f fe e1 | ca 1f fb 31 9d d4 aa 3b 11 22 95 b5 0a 4e 7c f0 | 39 59 1d 5e 3a ad 75 30 3d 56 e2 ad f7 48 8a 2e | 85 e0 35 4f af 2d e5 4d 29 00 00 24 82 1e 39 68 | ce 24 fd ef 02 2c 26 2a 5d 06 d3 54 09 ff 0d 94 | ff b3 37 1f 0f 56 04 2f dc 7c ff 71 29 00 00 08 | 00 00 40 2e 29 00 00 1c 00 00 40 04 5c a4 70 98 | e4 3b 8f f3 8b 26 84 ce da 97 a3 8f 00 14 0a ac | 00 00 00 1c 00 00 40 05 a6 9a 48 8b 83 1a f6 b9 | fa d7 5c f0 30 ab 4f 31 25 39 12 bc | verify: initiator inputs to hash2 (responder nonce) | b5 85 f8 15 14 10 09 cd 00 16 33 6f 47 2b e8 01 | 24 4f dc 01 63 46 6c 18 09 d0 a6 8b db 44 09 73 | idhash 27 85 85 82 ef b1 a8 5b 23 06 e5 05 c1 47 75 6e | idhash 9a 6f 7b ac | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x557c468e7dc0 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f584a0 | result: shared secret-key@0x7efea8006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x7efea8006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f58488 | result: shared secret-key@0x7efe9c009e40 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x7efea8006900 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x557c468d06c0 from shared secret-key@0x7efe9c009e40 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x557c468d06c0 from shared secret-key@0x7efe9c009e40 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7efe9c009e40 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x557c468ec6e0 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x557c44887bb0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f584c0 | result: final-key@0x7efea8006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efea8006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f584a8 | result: final-key@0x7efe9c009e40 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efea8006900 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7efe9c009e40 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7efe9c009e40 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7efe9c009e40 (size 20) | = prf(, ): -key@0x7efe9c009e40 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efe9c009e40 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f584b8 | result: clone-key@0x7efea8006900 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x557c468d06c0 from -key@0x7efea8006900 | = prf(, ) prf: begin sha with context 0x557c468d06c0 from -key@0x7efea8006900 | = prf(, ): release clone-key@0x7efea8006900 | = prf(, ) PRF sha crypt-prf@0x557c468eabb0 | = prf(, ) PRF sha update first-packet-bytes@0x557c468edcb0 (length 444) | d7 a7 50 22 b2 e6 a3 46 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 bc 22 00 00 34 | 00 00 00 30 01 01 00 04 03 00 00 10 01 00 00 0c | 80 0e 00 80 80 0e 00 80 03 00 00 08 02 00 00 02 | 03 00 00 08 03 00 00 02 00 00 00 08 04 00 00 0e | 28 00 01 08 00 0e 00 00 82 f8 07 85 6c 3b ee 6b | f9 9e d9 3f b2 9c 05 e5 81 47 60 da 10 52 ac 82 | 42 5b 88 b1 30 09 3c 49 79 79 eb 53 93 cf ff 34 | 7e f2 fd 20 63 34 b1 77 61 3f 5b 9b c5 3f ba 2a | b2 8f 12 3d 4b e8 17 41 66 ae c8 dc 58 40 d8 46 | 2f 1d 23 01 a2 f1 05 f4 2c c1 fb cc 0e 73 36 19 | 8c b1 55 f0 04 c1 8c e3 46 a4 25 67 2f 45 fe 6a | 2e 19 29 3d b8 b6 6b 3a 68 fe 32 d1 51 49 4c 9d | 5c 72 bd 0e bd 5f e4 9a 09 c7 4e 3d 76 a9 9b ce | 65 e1 52 22 df ee 79 80 3a 06 63 a4 c6 1b 96 7b | c1 f5 b6 7a 71 60 d9 c3 62 fc 56 dc c1 e7 e7 05 | c7 40 95 f4 e9 9d 1b af 30 2f 1a 68 2b 94 ad 14 | 8a 18 de df 8f 9b 8e b3 38 2f 5d 7f 91 29 01 a4 | 6f b8 88 51 b8 6b 92 86 ce b6 43 9c 75 4f fe e1 | ca 1f fb 31 9d d4 aa 3b 11 22 95 b5 0a 4e 7c f0 | 39 59 1d 5e 3a ad 75 30 3d 56 e2 ad f7 48 8a 2e | 85 e0 35 4f af 2d e5 4d 29 00 00 24 82 1e 39 68 | ce 24 fd ef 02 2c 26 2a 5d 06 d3 54 09 ff 0d 94 | ff b3 37 1f 0f 56 04 2f dc 7c ff 71 29 00 00 08 | 00 00 40 2e 29 00 00 1c 00 00 40 04 5c a4 70 98 | e4 3b 8f f3 8b 26 84 ce da 97 a3 8f 00 14 0a ac | 00 00 00 1c 00 00 40 05 a6 9a 48 8b 83 1a f6 b9 | fa d7 5c f0 30 ab 4f 31 25 39 12 bc | = prf(, ) PRF sha update nonce-bytes@0x7efea8002af0 (length 32) | b5 85 f8 15 14 10 09 cd 00 16 33 6f 47 2b e8 01 | 24 4f dc 01 63 46 6c 18 09 d0 a6 8b db 44 09 73 | = prf(, ) PRF sha update hash-bytes@0x7fff72f58850 (length 20) | 27 85 85 82 ef b1 a8 5b 23 06 e5 05 c1 47 75 6e | 9a 6f 7b ac | = prf(, ) PRF sha final-chunk@0x557c468ed980 (length 20) | 87 f6 31 76 35 44 e1 52 b7 59 b5 28 7c 80 19 aa | 94 3b dc 54 | psk_auth: release prf-psk-key@0x7efe9c009e40 | Received PSK auth octets | 87 f6 31 76 35 44 e1 52 b7 59 b5 28 7c 80 19 aa | 94 3b dc 54 | Calculated PSK auth octets | 87 f6 31 76 35 44 e1 52 b7 59 b5 28 7c 80 19 aa | 94 3b dc 54 "east" #7: Authenticated using authby=secret | parent state #7: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA) | #7 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) | state #7 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7efea40060f0 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x557c468f4150 | event_schedule: new EVENT_SA_REKEY-pe@0x557c468f4150 | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #7 | libevent_malloc: new ptr-libevent@0x7efea40060f0 size 128 | pstats #7 ikev2.ike established | **emit ISAKMP Message: | initiator cookie: | d7 a7 50 22 b2 e6 a3 46 | responder cookie: | 87 47 c3 68 a9 be 6f 68 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | hmac PRF sha init symkey-key@0x7efe9c00eee0 (size 20) | hmac: symkey-key@0x7efe9c00eee0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efe9c00eee0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f58008 | result: clone-key@0x7efe9c009e40 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x557c468d06c0 from symkey-key@0x7efe9c009e40 | hmac prf: begin sha with context 0x557c468d06c0 from symkey-key@0x7efe9c009e40 | hmac: release clone-key@0x7efe9c009e40 | hmac PRF sha crypt-prf@0x557c468eabd0 | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload | my identity 65 61 73 74 | emitting length of IKEv2 Identification - Responder - Payload: 12 | idhash calc R2 02 00 00 00 65 61 73 74 | hmac PRF sha update data-bytes@0x557c448f3974 (length 8) | 02 00 00 00 65 61 73 74 | hmac PRF sha final-bytes@0x7fff72f58310 (length 20) | 0a 0d 62 2f 01 0b 29 e2 5f 24 61 58 9c 03 ef 4a | 85 39 33 92 | assembled IDr payload | CHILD SA proposals received | going to assemble AUTH payload | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | auth method: IKEv2_AUTH_SHARED (0x2) | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_R2 to create PSK with authby=secret | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x557c468dd5e0 (line=1) | concluding with best_match=014 best=0x557c468dd5e0 (lineno=1) | inputs to hash1 (first packet) | d7 a7 50 22 b2 e6 a3 46 87 47 c3 68 a9 be 6f 68 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 fd 71 14 f4 f5 97 ed 3c b7 91 a1 6c | 6f e9 1e bb da bb d2 f2 a6 e6 60 82 c4 04 1c 2d | 8f b7 54 4d d9 b1 a8 5b 30 6c 05 9e a8 56 5e a7 | e0 66 ac e3 6b 8a 9f a2 e4 f6 8e d4 ac 4e 7c 47 | ab 17 c4 7e f9 74 21 d8 98 ba 34 43 f5 fe c4 5f | 5f f6 12 bc e5 c4 7e a0 ff 76 c7 8c 0e b4 a8 21 | e1 8b 72 cb 08 53 d6 91 e0 37 d9 6f 01 b2 7a 7b | 1b 6c b2 52 de 88 cb 92 e3 98 68 e8 c0 14 3b 0f | f9 04 f4 04 a4 6d a4 75 10 98 75 18 43 78 e4 95 | cf 20 9d 91 59 ad c3 fd 17 9f 6a 57 3a ce d3 53 | 40 ff 80 cd 2f 45 20 0b 35 18 98 3e fd d4 f1 c2 | 5b 24 a6 b4 d3 85 ab 50 66 2f 6e e1 c7 2b 8d 80 | af 44 09 c2 2e e2 62 9c 13 02 df 29 e8 3f 25 ff | 6e cd 77 82 b9 fb 29 ee fb 56 a7 1b 5f 87 17 56 | 10 02 52 9e e1 da 85 62 de 49 8b 3f 6f b5 87 b7 | 0e 34 41 d8 ab 6f 86 6e 66 c3 a5 6c 25 ee bc 3b | 8c ed 35 76 29 00 00 24 b5 85 f8 15 14 10 09 cd | 00 16 33 6f 47 2b e8 01 24 4f dc 01 63 46 6c 18 | 09 d0 a6 8b db 44 09 73 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 00 42 47 e2 c1 d0 6e 87 | b8 13 de 81 fc 7c 57 cb 8f 88 b0 3f 00 00 00 1c | 00 00 40 05 41 99 70 26 41 9f 66 d7 26 d2 c8 30 | 70 c6 45 9d 36 25 fe 9a | create: responder inputs to hash2 (initiator nonce) | 82 1e 39 68 ce 24 fd ef 02 2c 26 2a 5d 06 d3 54 | 09 ff 0d 94 ff b3 37 1f 0f 56 04 2f dc 7c ff 71 | idhash 0a 0d 62 2f 01 0b 29 e2 5f 24 61 58 9c 03 ef 4a | idhash 85 39 33 92 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x557c468e7dc0 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f57e00 | result: shared secret-key@0x7efea8006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x7efea8006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57de8 | result: shared secret-key@0x7efe9c009e40 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x7efea8006900 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x557c468d06c0 from shared secret-key@0x7efe9c009e40 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x557c468d06c0 from shared secret-key@0x7efe9c009e40 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7efe9c009e40 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x557c468ed980 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x557c44887bb0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f57e20 | result: final-key@0x7efea8006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efea8006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57e08 | result: final-key@0x7efe9c009e40 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efea8006900 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7efe9c009e40 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7efe9c009e40 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7efe9c009e40 (size 20) | = prf(, ): -key@0x7efe9c009e40 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efe9c009e40 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57e18 | result: clone-key@0x7efea8006900 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x557c468d06c0 from -key@0x7efea8006900 | = prf(, ) prf: begin sha with context 0x557c468d06c0 from -key@0x7efea8006900 | = prf(, ): release clone-key@0x7efea8006900 | = prf(, ) PRF sha crypt-prf@0x557c468ec6e0 | = prf(, ) PRF sha update first-packet-bytes@0x557c468ede80 (length 440) | d7 a7 50 22 b2 e6 a3 46 87 47 c3 68 a9 be 6f 68 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 fd 71 14 f4 f5 97 ed 3c b7 91 a1 6c | 6f e9 1e bb da bb d2 f2 a6 e6 60 82 c4 04 1c 2d | 8f b7 54 4d d9 b1 a8 5b 30 6c 05 9e a8 56 5e a7 | e0 66 ac e3 6b 8a 9f a2 e4 f6 8e d4 ac 4e 7c 47 | ab 17 c4 7e f9 74 21 d8 98 ba 34 43 f5 fe c4 5f | 5f f6 12 bc e5 c4 7e a0 ff 76 c7 8c 0e b4 a8 21 | e1 8b 72 cb 08 53 d6 91 e0 37 d9 6f 01 b2 7a 7b | 1b 6c b2 52 de 88 cb 92 e3 98 68 e8 c0 14 3b 0f | f9 04 f4 04 a4 6d a4 75 10 98 75 18 43 78 e4 95 | cf 20 9d 91 59 ad c3 fd 17 9f 6a 57 3a ce d3 53 | 40 ff 80 cd 2f 45 20 0b 35 18 98 3e fd d4 f1 c2 | 5b 24 a6 b4 d3 85 ab 50 66 2f 6e e1 c7 2b 8d 80 | af 44 09 c2 2e e2 62 9c 13 02 df 29 e8 3f 25 ff | 6e cd 77 82 b9 fb 29 ee fb 56 a7 1b 5f 87 17 56 | 10 02 52 9e e1 da 85 62 de 49 8b 3f 6f b5 87 b7 | 0e 34 41 d8 ab 6f 86 6e 66 c3 a5 6c 25 ee bc 3b | 8c ed 35 76 29 00 00 24 b5 85 f8 15 14 10 09 cd | 00 16 33 6f 47 2b e8 01 24 4f dc 01 63 46 6c 18 | 09 d0 a6 8b db 44 09 73 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 00 42 47 e2 c1 d0 6e 87 | b8 13 de 81 fc 7c 57 cb 8f 88 b0 3f 00 00 00 1c | 00 00 40 05 41 99 70 26 41 9f 66 d7 26 d2 c8 30 | 70 c6 45 9d 36 25 fe 9a | = prf(, ) PRF sha update nonce-bytes@0x7efea4005f00 (length 32) | 82 1e 39 68 ce 24 fd ef 02 2c 26 2a 5d 06 d3 54 | 09 ff 0d 94 ff b3 37 1f 0f 56 04 2f dc 7c ff 71 | = prf(, ) PRF sha update hash-bytes@0x7fff72f58310 (length 20) | 0a 0d 62 2f 01 0b 29 e2 5f 24 61 58 9c 03 ef 4a | 85 39 33 92 | = prf(, ) PRF sha final-chunk@0x557c468eabd0 (length 20) | 28 b5 68 d9 ff 03 4d 06 34 96 3d 73 c5 ac 3a 7e | a6 59 fe 8e | psk_auth: release prf-psk-key@0x7efe9c009e40 | PSK auth octets 28 b5 68 d9 ff 03 4d 06 34 96 3d 73 c5 ac 3a 7e | PSK auth octets a6 59 fe 8e | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth 28 b5 68 d9 ff 03 4d 06 34 96 3d 73 c5 ac 3a 7e | PSK auth a6 59 fe 8e | emitting length of IKEv2 Authentication Payload: 28 | creating state object #8 at 0x557c468f5ad0 | State DB: adding IKEv2 state #8 in UNDEFINED | pstats #8 ikev2.child started | duplicating state object #7 "east" as #8 for IPSEC SA | #8 setting local endpoint to 192.1.2.23:500 from #7.st_localport (in duplicate_state() at state.c:1481) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x7efeb4006900 | duplicate_state: reference st_skey_ai_nss-key@0x7efeac0069f0 | duplicate_state: reference st_skey_ar_nss-key@0x557c468ef2a0 | duplicate_state: reference st_skey_ei_nss-key@0x557c468ef410 | duplicate_state: reference st_skey_er_nss-key@0x7efe9c006450 | duplicate_state: reference st_skey_pi_nss-key@0x7efe9c00bdb0 | duplicate_state: reference st_skey_pr_nss-key@0x7efe9c00eee0 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #7.#8; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #7 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1 | Message ID: switch-to #7.#8 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1 | Child SA TS Request has ike->sa == md->st; so using parent connection | TSi: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 01 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 01 ff | TSi: parsed 1 traffic selectors | TSr: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 02 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 02 ff | TSr: parsed 1 traffic selectors | looking for best SPD in current connection | evaluating our conn="east" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | found better spd route for TSi[0],TSr[0] | looking for better host pair | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | checking hostpair 192.0.2.0/24:0 -> 192.0.1.0/24:0 is found | investigating connection "east" as a better match | match_id a=@west | b=@west | results matched | evaluating our conn="east" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | did not find a better connection using host pair | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV4_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.2.0-192.0.2.255 | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV4_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.1.0-192.0.1.255 | using existing local ESP/AH proposals for east (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED 2:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 0 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 1 transforms | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 0 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 1 transforms | local proposal 2 transforms: required: ENCR+INTEG+ESN; optional: DH | ***parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 40 (0x28) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI | remote SPI 8c 0e e0 d8 | Comparing remote proposal 1 containing 3 transforms against local proposal [1..2] of 2 local proposals | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | *****parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN | remote proposal 1 matches local proposal 1 "east" #7: proposal 1:ESP:SPI=8c0ee0d8;ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED[first-match] | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=8c0ee0d8;ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: NONE=0, found NONE | netlink_get_spi: allocated 0x17144ad9 for esp.0@192.1.2.23 | Emitting ikev2_proposal ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 17 14 4a d9 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 40 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 44 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 00 01 00 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 00 01 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 00 02 00 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 00 02 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | integ=sha: .key_size=20 encrypt=aes: .key_size=16 .salt_size=0 keymat_len=36 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f57e90 | result: data=Ni-key@0x7efea8006900 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x7efea8006900 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57e78 | result: data=Ni-key@0x7efe9c009e40 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x7efea8006900 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7efe9c009e40 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff72f57e80 | result: data+=Nr-key@0x7efea8006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x7efe9c009e40 | prf+0 PRF sha init key-key@0x7efeb4006900 (size 20) | prf+0: key-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57da8 | result: clone-key@0x7efe9c009e40 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x557c468d06c0 from key-key@0x7efe9c009e40 | prf+0 prf: begin sha with context 0x557c468d06c0 from key-key@0x7efe9c009e40 | prf+0: release clone-key@0x7efe9c009e40 | prf+0 PRF sha crypt-prf@0x557c468eabb0 | prf+0 PRF sha update seed-key@0x7efea8006900 (size 64) | prf+0: seed-key@0x7efea8006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7efea8006900 | nss hmac digest hack: symkey-key@0x7efea8006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1928690160: ffffffa4 01 26 08 63 fffffffa 39 01 ffffffce ffffff90 ffffff88 ffffffbd 1e ffffff8d 7d 5b 68 5b ffffffee 5d ffffff9d ffffffa4 69 06 ffffffca 13 ffffffdf 01 5c ffffffcf ffffffcf ffffffaa ffffff96 77 ffffff92 ffffff9d 4e ffffffeb ffffffd6 ffffffc2 ffffffd3 6f 5e ffffffe9 ffffffd5 ffffffa9 08 6f 1e ffffffbc 04 0d 41 1c ffffffd6 33 19 39 50 17 ffffff89 ffffff8e 36 4a | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 64 bytes at 0x557c468e8830 | unwrapped: 82 1e 39 68 ce 24 fd ef 02 2c 26 2a 5d 06 d3 54 | unwrapped: 09 ff 0d 94 ff b3 37 1f 0f 56 04 2f dc 7c ff 71 | unwrapped: b5 85 f8 15 14 10 09 cd 00 16 33 6f 47 2b e8 01 | unwrapped: 24 4f dc 01 63 46 6c 18 09 d0 a6 8b db 44 09 73 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f57db0 | result: final-key@0x557c468f27a0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x557c468f27a0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57d98 | result: final-key@0x7efe9c009e40 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x557c468f27a0 | prf+0 PRF sha final-key@0x7efe9c009e40 (size 20) | prf+0: key-key@0x7efe9c009e40 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x7efe9c009e40 | prf+N PRF sha init key-key@0x7efeb4006900 (size 20) | prf+N: key-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57da8 | result: clone-key@0x557c468f27a0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x557c468d06c0 from key-key@0x557c468f27a0 | prf+N prf: begin sha with context 0x557c468d06c0 from key-key@0x557c468f27a0 | prf+N: release clone-key@0x557c468f27a0 | prf+N PRF sha crypt-prf@0x557c468ed980 | prf+N PRF sha update old_t-key@0x7efe9c009e40 (size 20) | prf+N: old_t-key@0x7efe9c009e40 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7efe9c009e40 | nss hmac digest hack: symkey-key@0x7efe9c009e40 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1928690160: ffffffac ffffffdd ffffffbb fffffff8 ffffffb8 ffffffeb 62 ffffffc5 62 fffffffe fffffff9 ffffff87 ffffff86 2d 74 ffffffd9 ffffffb8 ffffffd0 ffffff98 fffffff1 ffffff8d ffffffb0 47 ffffff9f ffffff80 ffffff96 42 ffffff90 ffffffa3 ffffffaa fffffff2 ffffffb7 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x557c468ef3e0 | unwrapped: 94 cd 36 40 50 a9 dd fb 49 ae eb 97 24 77 e1 3e | unwrapped: 73 43 42 75 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7efea8006900 (size 64) | prf+N: seed-key@0x7efea8006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7efea8006900 | nss hmac digest hack: symkey-key@0x7efea8006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1928690160: ffffffa4 01 26 08 63 fffffffa 39 01 ffffffce ffffff90 ffffff88 ffffffbd 1e ffffff8d 7d 5b 68 5b ffffffee 5d ffffff9d ffffffa4 69 06 ffffffca 13 ffffffdf 01 5c ffffffcf ffffffcf ffffffaa ffffff96 77 ffffff92 ffffff9d 4e ffffffeb ffffffd6 ffffffc2 ffffffd3 6f 5e ffffffe9 ffffffd5 ffffffa9 08 6f 1e ffffffbc 04 0d 41 1c ffffffd6 33 19 39 50 17 ffffff89 ffffff8e 36 4a | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 64 bytes at 0x557c468f0c60 | unwrapped: 82 1e 39 68 ce 24 fd ef 02 2c 26 2a 5d 06 d3 54 | unwrapped: 09 ff 0d 94 ff b3 37 1f 0f 56 04 2f dc 7c ff 71 | unwrapped: b5 85 f8 15 14 10 09 cd 00 16 33 6f 47 2b e8 01 | unwrapped: 24 4f dc 01 63 46 6c 18 09 d0 a6 8b db 44 09 73 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f57db0 | result: final-key@0x7efeac00eec0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efeac00eec0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57d98 | result: final-key@0x557c468f27a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efeac00eec0 | prf+N PRF sha final-key@0x557c468f27a0 (size 20) | prf+N: key-key@0x557c468f27a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7efe9c009e40 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff72f57e28 | result: result-key@0x7efeac00eec0 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7efe9c009e40 | prfplus: release old_t[N]-key@0x7efe9c009e40 | prf+N PRF sha init key-key@0x7efeb4006900 (size 20) | prf+N: key-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57da8 | result: clone-key@0x7efe9c009e40 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x557c468d06c0 from key-key@0x7efe9c009e40 | prf+N prf: begin sha with context 0x557c468d06c0 from key-key@0x7efe9c009e40 | prf+N: release clone-key@0x7efe9c009e40 | prf+N PRF sha crypt-prf@0x557c468ed880 | prf+N PRF sha update old_t-key@0x557c468f27a0 (size 20) | prf+N: old_t-key@0x557c468f27a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x557c468f27a0 | nss hmac digest hack: symkey-key@0x557c468f27a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1928690160: 15 ffffffca ffffff97 fffffff0 ffffff83 6c ffffffbd 72 08 55 ffffffa0 27 ffffffd7 ffffffe1 24 ffffffbb ffffffc5 ffffffd2 43 64 ffffffa2 39 ffffffb0 ffffffd5 70 ffffff93 ffffff97 76 71 04 58 ffffffe3 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x557c468ed270 | unwrapped: 06 31 6a 51 dc 5f 4e e9 d8 8d 20 09 52 38 e8 a1 | unwrapped: e0 51 35 b2 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7efea8006900 (size 64) | prf+N: seed-key@0x7efea8006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7efea8006900 | nss hmac digest hack: symkey-key@0x7efea8006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1928690160: ffffffa4 01 26 08 63 fffffffa 39 01 ffffffce ffffff90 ffffff88 ffffffbd 1e ffffff8d 7d 5b 68 5b ffffffee 5d ffffff9d ffffffa4 69 06 ffffffca 13 ffffffdf 01 5c ffffffcf ffffffcf ffffffaa ffffff96 77 ffffff92 ffffff9d 4e ffffffeb ffffffd6 ffffffc2 ffffffd3 6f 5e ffffffe9 ffffffd5 ffffffa9 08 6f 1e ffffffbc 04 0d 41 1c ffffffd6 33 19 39 50 17 ffffff89 ffffff8e 36 4a | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 64 bytes at 0x557c468ef4a0 | unwrapped: 82 1e 39 68 ce 24 fd ef 02 2c 26 2a 5d 06 d3 54 | unwrapped: 09 ff 0d 94 ff b3 37 1f 0f 56 04 2f dc 7c ff 71 | unwrapped: b5 85 f8 15 14 10 09 cd 00 16 33 6f 47 2b e8 01 | unwrapped: 24 4f dc 01 63 46 6c 18 09 d0 a6 8b db 44 09 73 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f57db0 | result: final-key@0x557c468f9700 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x557c468f9700 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57d98 | result: final-key@0x7efe9c009e40 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x557c468f9700 | prf+N PRF sha final-key@0x7efe9c009e40 (size 20) | prf+N: key-key@0x7efe9c009e40 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7efeac00eec0 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff72f57e28 | result: result-key@0x557c468f9700 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7efeac00eec0 | prfplus: release old_t[N]-key@0x557c468f27a0 | prf+N PRF sha init key-key@0x7efeb4006900 (size 20) | prf+N: key-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57da8 | result: clone-key@0x557c468f27a0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x557c468d06c0 from key-key@0x557c468f27a0 | prf+N prf: begin sha with context 0x557c468d06c0 from key-key@0x557c468f27a0 | prf+N: release clone-key@0x557c468f27a0 | prf+N PRF sha crypt-prf@0x557c468f0e70 | prf+N PRF sha update old_t-key@0x7efe9c009e40 (size 20) | prf+N: old_t-key@0x7efe9c009e40 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7efe9c009e40 | nss hmac digest hack: symkey-key@0x7efe9c009e40 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1928690160: 7b 05 ffffffb5 77 03 ffffff9a ffffffd1 ffffffbd 20 ffffffa5 62 ffffffeb 09 0d fffffffb ffffffe3 7a ffffffff 4d 5b ffffff8a ffffffc8 49 27 51 ffffffa6 79 ffffffd1 56 6f ffffffa2 ffffffb9 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x557c468f0ce0 | unwrapped: 2d e7 d7 7c 62 3c db 0d 36 96 bc 68 30 b8 83 a7 | unwrapped: cc c6 68 6e 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7efea8006900 (size 64) | prf+N: seed-key@0x7efea8006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7efea8006900 | nss hmac digest hack: symkey-key@0x7efea8006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1928690160: ffffffa4 01 26 08 63 fffffffa 39 01 ffffffce ffffff90 ffffff88 ffffffbd 1e ffffff8d 7d 5b 68 5b ffffffee 5d ffffff9d ffffffa4 69 06 ffffffca 13 ffffffdf 01 5c ffffffcf ffffffcf ffffffaa ffffff96 77 ffffff92 ffffff9d 4e ffffffeb ffffffd6 ffffffc2 ffffffd3 6f 5e ffffffe9 ffffffd5 ffffffa9 08 6f 1e ffffffbc 04 0d 41 1c ffffffd6 33 19 39 50 17 ffffff89 ffffff8e 36 4a | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 64 bytes at 0x557c468e8790 | unwrapped: 82 1e 39 68 ce 24 fd ef 02 2c 26 2a 5d 06 d3 54 | unwrapped: 09 ff 0d 94 ff b3 37 1f 0f 56 04 2f dc 7c ff 71 | unwrapped: b5 85 f8 15 14 10 09 cd 00 16 33 6f 47 2b e8 01 | unwrapped: 24 4f dc 01 63 46 6c 18 09 d0 a6 8b db 44 09 73 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f57db0 | result: final-key@0x7efeac00eec0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efeac00eec0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57d98 | result: final-key@0x557c468f27a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efeac00eec0 | prf+N PRF sha final-key@0x557c468f27a0 (size 20) | prf+N: key-key@0x557c468f27a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c468f9700 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff72f57e28 | result: result-key@0x7efeac00eec0 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x557c468f9700 | prfplus: release old_t[N]-key@0x7efe9c009e40 | prfplus: release old_t[final]-key@0x557c468f27a0 | child_sa_keymat: release data-key@0x7efea8006900 | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 36-bytes | base: base-key@0x7efeac00eec0 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57f08 | result: result-key@0x7efea8006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | initiator to responder keys extracting all 36 bytes of key@0x7efea8006900 | initiator to responder keys: symkey-key@0x7efea8006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | initiator to responder keys: new slot-key@0x557c468d1160 (36-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)1713399395: ffffffac ffffffdd ffffffbb fffffff8 ffffffb8 ffffffeb 62 ffffffc5 62 fffffffe fffffff9 ffffff87 ffffff86 2d 74 ffffffd9 0e 1a 60 ffffff8f ffffff85 22 ffffffb5 fffffff8 ffffff86 5f 6f 10 02 2c ffffffbb ffffffd4 0d 70 ffffff88 ffffffc6 75 fffffff2 72 ffffffaf 06 2c 09 ffffffcb 4c 4c 63 ffffff8b | initiator to responder keys: release slot-key-key@0x557c468d1160 | initiator to responder keys extracted len 48 bytes at 0x557c468ed270 | unwrapped: 94 cd 36 40 50 a9 dd fb 49 ae eb 97 24 77 e1 3e | unwrapped: 73 43 42 75 06 31 6a 51 dc 5f 4e e9 d8 8d 20 09 | unwrapped: 52 38 e8 a1 00 00 00 00 00 00 00 00 00 00 00 00 | ikev2_derive_child_keys: release ikey-key@0x7efea8006900 | key-offset: 36, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 36-bytes | base: base-key@0x7efeac00eec0 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57f08 | result: result-key@0x7efea8006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | responder to initiator keys: extracting all 36 bytes of key@0x7efea8006900 | responder to initiator keys:: symkey-key@0x7efea8006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | responder to initiator keys:: new slot-key@0x557c468d1160 (36-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)1713399395: ffffffeb ffffff9e 2b 4b ffffff8e ffffffa1 ffffffcc 21 0f 25 ffffff8c ffffffb4 ffffffa3 09 ffffffbf ffffff9e ffffffb1 fffffff0 ffffffc0 ffffff81 58 41 ffffff91 31 ffffff8a 4e 58 47 ffffffe8 ffffff98 0f ffffffd3 23 16 52 6f 3b ffffffc1 5f 28 ffffff82 6b 23 74 6d ffffffde ffffffce ffffffb7 | responder to initiator keys:: release slot-key-key@0x557c468d1160 | responder to initiator keys: extracted len 48 bytes at 0x557c468ed980 | unwrapped: e0 51 35 b2 2d e7 d7 7c 62 3c db 0d 36 96 bc 68 | unwrapped: 30 b8 83 a7 cc c6 68 6e 20 88 b7 8e 19 e5 a7 a0 | unwrapped: e6 db 16 49 00 00 00 00 00 00 00 00 00 00 00 00 | ikev2_derive_child_keys: release rkey-key@0x7efea8006900 | ikev2_derive_child_keys: release keymat-key@0x7efeac00eec0 | FOR_EACH_CONNECTION_... in ISAKMP_SA_established | #7 spent 2.53 milliseconds | install_ipsec_sa() for #8: inbound and outbound | could_route called for east (kind=CK_PERMANENT) | FOR_EACH_CONNECTION_... in route_owner | conn east mark 0/00000000, 0/00000000 vs | conn east mark 0/00000000, 0/00000000 | route owner of "east" prospective erouted: self; eroute owner: self | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'east' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.8c0ee0d8@192.1.2.45 included non-error error | set up outgoing SA, ref=0/0 | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'east' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.17144ad9@192.1.2.23 included non-error error | priority calculation of connection "east" is 0xfe7e7 | add inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | set up incoming SA, ref=0/0 | sr for #8: prospective erouted | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn east mark 0/00000000, 0/00000000 vs | conn east mark 0/00000000, 0/00000000 | route owner of "east" prospective erouted: self; eroute owner: self | route_and_eroute with c: east (next: none) ero:east esr:{(nil)} ro:east rosr:{(nil)} and state: #8 | priority calculation of connection "east" is 0xfe7e7 | eroute_connection replace eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.0@192.1.2.45>tun.0@192.1.2.45 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | running updown command "ipsec _updown" for verb up | command executing up-client | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x8c0ee0d8 SPI_OUT=0x171 | popen cmd is 1020 chars long | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFA: | cmd( 80):CE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' : | cmd( 160):PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_M: | cmd( 240):ASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1638: | cmd( 320):8' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_: | cmd( 400):CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK=': | cmd( 480):255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUT: | cmd( 560):O_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKE: | cmd( 640):V2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO: | cmd( 720):_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_IN: | cmd( 800):FO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_: | cmd( 880):CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED=: | cmd( 960):'no' SPI_IN=0x8c0ee0d8 SPI_OUT=0x17144ad9 ipsec _updown 2>&1: | route_and_eroute: firewall_notified: true | route_and_eroute: instance "east", setting eroute_owner {spd=0x557c468e8eb0,sr=0x557c468e8eb0} to #8 (was #0) (newest_ipsec_sa=#0) | #7 spent 0.51 milliseconds in install_ipsec_sa() | ISAKMP_v2_IKE_AUTH: instance east[0], setting IKEv2 newest_ipsec_sa to #8 (was #0) (spd.eroute=#8) cloned from #7 | adding 12 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 176 | emitting length of ISAKMP Message: 204 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 4a 05 d9 8c 87 82 5c f9 08 2f 06 c5 ca a4 de 54 | data before encryption: | 27 00 00 0c 02 00 00 00 65 61 73 74 21 00 00 1c | 02 00 00 00 28 b5 68 d9 ff 03 4d 06 34 96 3d 73 | c5 ac 3a 7e a6 59 fe 8e 2c 00 00 2c 00 00 00 28 | 01 03 04 03 17 14 4a d9 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 03 00 00 02 00 00 00 08 | 05 00 00 00 2d 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 01 00 c0 00 01 ff 00 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 02 00 | c0 00 02 ff 00 01 02 03 04 05 06 07 08 09 0a 0b | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | c1 6f 92 74 d3 46 d9 cf a6 6e 3c 64 f3 d1 8e d0 | 75 13 b8 19 71 9a 14 e1 9c 92 4d 2c 64 ba 1e be | 7b 25 63 4f 6d a1 bc 10 e2 4c 3f d9 c5 4f 12 33 | b9 a0 6c 23 32 e6 44 1d 6b 38 07 0c c9 14 a0 59 | ba a3 57 1e d8 1f 8e 7c 45 7f ca 96 4d 91 b1 e7 | e8 0a db 4e 82 fc 2f 7c 07 e5 bf ce 15 5b 0d b0 | 85 8e 5e 6e 3c 53 0d 4b 14 50 7d 7c 39 32 d3 df | d9 9e 47 3f 5e 48 99 4b 55 b8 66 06 0b 85 aa 90 | 49 a5 9d 44 97 aa 45 4b ff 40 00 d9 8e 99 c2 d4 | hmac PRF sha init symkey-key@0x557c468ef2a0 (size 20) | hmac: symkey-key@0x557c468ef2a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x557c468ef2a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57f18 | result: clone-key@0x7efeac00eec0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x557c468d06c0 from symkey-key@0x7efeac00eec0 | hmac prf: begin sha with context 0x557c468d06c0 from symkey-key@0x7efeac00eec0 | hmac: release clone-key@0x7efeac00eec0 | hmac PRF sha crypt-prf@0x557c468ed880 | hmac PRF sha update data-bytes@0x557c448f3940 (length 192) | d7 a7 50 22 b2 e6 a3 46 87 47 c3 68 a9 be 6f 68 | 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | 4a 05 d9 8c 87 82 5c f9 08 2f 06 c5 ca a4 de 54 | c1 6f 92 74 d3 46 d9 cf a6 6e 3c 64 f3 d1 8e d0 | 75 13 b8 19 71 9a 14 e1 9c 92 4d 2c 64 ba 1e be | 7b 25 63 4f 6d a1 bc 10 e2 4c 3f d9 c5 4f 12 33 | b9 a0 6c 23 32 e6 44 1d 6b 38 07 0c c9 14 a0 59 | ba a3 57 1e d8 1f 8e 7c 45 7f ca 96 4d 91 b1 e7 | e8 0a db 4e 82 fc 2f 7c 07 e5 bf ce 15 5b 0d b0 | 85 8e 5e 6e 3c 53 0d 4b 14 50 7d 7c 39 32 d3 df | d9 9e 47 3f 5e 48 99 4b 55 b8 66 06 0b 85 aa 90 | 49 a5 9d 44 97 aa 45 4b ff 40 00 d9 8e 99 c2 d4 | hmac PRF sha final-bytes@0x557c448f3a00 (length 20) | 5e f3 ad d3 19 97 a7 26 fa 7f bd 86 80 cf 8a 55 | 59 2b 56 32 | data being hmac: d7 a7 50 22 b2 e6 a3 46 87 47 c3 68 a9 be 6f 68 | data being hmac: 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | data being hmac: 4a 05 d9 8c 87 82 5c f9 08 2f 06 c5 ca a4 de 54 | data being hmac: c1 6f 92 74 d3 46 d9 cf a6 6e 3c 64 f3 d1 8e d0 | data being hmac: 75 13 b8 19 71 9a 14 e1 9c 92 4d 2c 64 ba 1e be | data being hmac: 7b 25 63 4f 6d a1 bc 10 e2 4c 3f d9 c5 4f 12 33 | data being hmac: b9 a0 6c 23 32 e6 44 1d 6b 38 07 0c c9 14 a0 59 | data being hmac: ba a3 57 1e d8 1f 8e 7c 45 7f ca 96 4d 91 b1 e7 | data being hmac: e8 0a db 4e 82 fc 2f 7c 07 e5 bf ce 15 5b 0d b0 | data being hmac: 85 8e 5e 6e 3c 53 0d 4b 14 50 7d 7c 39 32 d3 df | data being hmac: d9 9e 47 3f 5e 48 99 4b 55 b8 66 06 0b 85 aa 90 | data being hmac: 49 a5 9d 44 97 aa 45 4b ff 40 00 d9 8e 99 c2 d4 | out calculated auth: | 5e f3 ad d3 19 97 a7 26 fa 7f bd 86 | ikev2_parent_inI2outR2_continue_tail returned STF_OK | #7 spent 3.29 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet() | suspend processing: state #7 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | start processing: state #8 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #8 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_OK | IKEv2: transition from state STATE_PARENT_R1 to state STATE_V2_IPSEC_R | child state #8: UNDEFINED(ignore) => V2_IPSEC_R(established CHILD SA) | Message ID: updating counters for #8 to 1 after switching state | Message ID: recv #7.#8 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0->1; child: wip.initiator=-1 wip.responder=1->-1 | Message ID: sent #7.#8 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1 | pstats #8 ikev2.child established "east" #8: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.1.0-192.0.1.255:0-65535 0] | NAT-T: encaps is 'auto' "east" #8: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0x8c0ee0d8 <0x17144ad9 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) | sending 204 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #7) | d7 a7 50 22 b2 e6 a3 46 87 47 c3 68 a9 be 6f 68 | 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | 4a 05 d9 8c 87 82 5c f9 08 2f 06 c5 ca a4 de 54 | c1 6f 92 74 d3 46 d9 cf a6 6e 3c 64 f3 d1 8e d0 | 75 13 b8 19 71 9a 14 e1 9c 92 4d 2c 64 ba 1e be | 7b 25 63 4f 6d a1 bc 10 e2 4c 3f d9 c5 4f 12 33 | b9 a0 6c 23 32 e6 44 1d 6b 38 07 0c c9 14 a0 59 | ba a3 57 1e d8 1f 8e 7c 45 7f ca 96 4d 91 b1 e7 | e8 0a db 4e 82 fc 2f 7c 07 e5 bf ce 15 5b 0d b0 | 85 8e 5e 6e 3c 53 0d 4b 14 50 7d 7c 39 32 d3 df | d9 9e 47 3f 5e 48 99 4b 55 b8 66 06 0b 85 aa 90 | 49 a5 9d 44 97 aa 45 4b ff 40 00 d9 8e 99 c2 d4 | 5e f3 ad d3 19 97 a7 26 fa 7f bd 86 | releasing whack for #8 (sock=fd@-1) | releasing whack and unpending for parent #7 | unpending state #7 connection "east" | #8 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) | event_schedule: new EVENT_SA_REKEY-pe@0x557c468f4110 | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #8 | libevent_malloc: new ptr-libevent@0x557c468f9790 size 128 | resume sending helper answer for #7 suppresed complete_v2_state_transition() | #7 spent 3.69 milliseconds in resume sending helper answer | stop processing: state #8 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7efe9c010760 | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00399 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00274 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | d7 a7 50 22 b2 e6 a3 46 87 47 c3 68 a9 be 6f 68 | 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | c4 bf 2e c2 97 c2 37 0f fa 18 d3 0a 0e 0b ae f4 | 13 8b 63 6d d9 53 6d ab 43 c2 be 2e f5 52 24 86 | bc 1d f1 df 61 11 3c 57 95 e5 7c 9e | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | d7 a7 50 22 b2 e6 a3 46 | responder cookie: | 87 47 c3 68 a9 be 6f 68 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 2 (0x2) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request | State DB: found IKEv2 state #7 in PARENT_R2 (find_v2_ike_sa) | start processing: state #7 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #7 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #7 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 | Message ID: #7 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2D (0x2a) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SK (len=44) | Message ID: start-responder #7 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1->2 | #7 in state PARENT_R2: received v2I2, PARENT SA established | hmac PRF sha init symkey-key@0x7efeac0069f0 (size 20) | hmac: symkey-key@0x7efeac0069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efeac0069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f58b68 | result: clone-key@0x7efeac00eec0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x557c468d06c0 from symkey-key@0x7efeac00eec0 | hmac prf: begin sha with context 0x557c468d06c0 from symkey-key@0x7efeac00eec0 | hmac: release clone-key@0x7efeac00eec0 | hmac PRF sha crypt-prf@0x557c468f2830 | hmac PRF sha update data-bytes@0x557c46868320 (length 64) | d7 a7 50 22 b2 e6 a3 46 87 47 c3 68 a9 be 6f 68 | 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | c4 bf 2e c2 97 c2 37 0f fa 18 d3 0a 0e 0b ae f4 | 13 8b 63 6d d9 53 6d ab 43 c2 be 2e f5 52 24 86 | hmac PRF sha final-bytes@0x7fff72f58d30 (length 20) | bc 1d f1 df 61 11 3c 57 95 e5 7c 9e 5a 05 c4 2b | 3b 52 6a e8 | data for hmac: d7 a7 50 22 b2 e6 a3 46 87 47 c3 68 a9 be 6f 68 | data for hmac: 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | data for hmac: c4 bf 2e c2 97 c2 37 0f fa 18 d3 0a 0e 0b ae f4 | data for hmac: 13 8b 63 6d d9 53 6d ab 43 c2 be 2e f5 52 24 86 | calculated auth: bc 1d f1 df 61 11 3c 57 95 e5 7c 9e | provided auth: bc 1d f1 df 61 11 3c 57 95 e5 7c 9e | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | c4 bf 2e c2 97 c2 37 0f fa 18 d3 0a 0e 0b ae f4 | payload before decryption: | 13 8b 63 6d d9 53 6d ab 43 c2 be 2e f5 52 24 86 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 00 00 00 0c 03 04 00 01 8c 0e e0 d8 00 01 02 03 | stripping 4 octets as pad | #7 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2D) | **parse IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 12 (0xc) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | processing payload: ISAKMP_NEXT_v2D (len=4) | selected state microcode R2: process INFORMATIONAL Request | Now let's proceed with state specific processing | calling processor R2: process INFORMATIONAL Request | an informational request should send a response | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness | **emit ISAKMP Message: | initiator cookie: | d7 a7 50 22 b2 e6 a3 46 | responder cookie: | 87 47 c3 68 a9 be 6f 68 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 2 (0x2) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | parsing 4 raw bytes of IKEv2 Delete Payload into SPI | SPI 8c 0e e0 d8 | delete PROTO_v2_ESP SA(0x8c0ee0d8) | v2 CHILD SA #8 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_R | State DB: found IKEv2 state #8 in V2_IPSEC_R (find_v2_child_sa_by_outbound_spi) | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0x8c0ee0d8) "east" #7: received Delete SA payload: delete IPsec State #8 now | pstats #8 ikev2.child deleted completed | suspend processing: state #7 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) | start processing: state #8 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #8: deleting other state #8 (STATE_V2_IPSEC_R) aged 0.150s and NOT sending notification | child state #8: V2_IPSEC_R(established CHILD SA) => delete | get_sa_info esp.8c0ee0d8@192.1.2.45 | get_sa_info esp.17144ad9@192.1.2.23 "east" #8: ESP traffic information: in=84B out=84B | child state #8: V2_IPSEC_R(established CHILD SA) => CHILDSA_DEL(informational) | state #8 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x557c468f9790 | free_event_entry: release EVENT_SA_REKEY-pe@0x557c468f4110 | running updown command "ipsec _updown" for verb down | command executing down-client | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050846' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x8c0ee0d8 | popen cmd is 1031 chars long | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTER: | cmd( 80):FACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east: | cmd( 160):' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT: | cmd( 240):_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16: | cmd( 320):388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEE: | cmd( 400):R_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK: | cmd( 480):='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PL: | cmd( 560):UTO_STACK='netkey' PLUTO_ADDTIME='1569050846' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUN: | cmd( 640):NEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMA: | cmd( 720):NENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_: | cmd( 800):PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER: | cmd( 880):='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' : | cmd( 960):VTI_SHARED='no' SPI_IN=0x8c0ee0d8 SPI_OUT=0x17144ad9 ipsec _updown 2>&1: | shunt_eroute() called for connection 'east' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.2.0/24:0 --0->- 192.0.1.0/24:0 | netlink_shunt_eroute for proto 0, and source 192.0.2.0/24:0 dest 192.0.1.0/24:0 | priority calculation of connection "east" is 0xfe7e7 | IPsec Sa SPD priority set to 1042407 | delete esp.8c0ee0d8@192.1.2.45 | netlink response for Del SA esp.8c0ee0d8@192.1.2.45 included non-error error | priority calculation of connection "east" is 0xfe7e7 | delete inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) | raw_eroute result=success | delete esp.17144ad9@192.1.2.23 | netlink response for Del SA esp.17144ad9@192.1.2.23 included non-error error | in connection_discard for connection east | State DB: deleting IKEv2 state #8 in CHILDSA_DEL | child state #8: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #8 from 192.1.2.45:500 (in delete_state() at state.c:1143) | resume processing: state #7 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x7efeb4006900 | delete_state: release st->st_skey_ai_nss-key@0x7efeac0069f0 | delete_state: release st->st_skey_ar_nss-key@0x557c468ef2a0 | delete_state: release st->st_skey_ei_nss-key@0x557c468ef410 | delete_state: release st->st_skey_er_nss-key@0x7efe9c006450 | delete_state: release st->st_skey_pi_nss-key@0x7efe9c00bdb0 | delete_state: release st->st_skey_pr_nss-key@0x7efe9c00eee0 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload | local SPIs 17 14 4a d9 | emitting length of IKEv2 Delete Payload: 12 | adding 4 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 08 b8 3c 8f b4 68 16 1f b8 ef 88 ec fe 2e 86 b9 | data before encryption: | 00 00 00 0c 03 04 00 01 17 14 4a d9 00 01 02 03 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 78 14 f3 5a 97 cf 45 38 70 d1 17 f9 c7 d1 28 e7 | hmac PRF sha init symkey-key@0x557c468ef2a0 (size 20) | hmac: symkey-key@0x557c468ef2a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x557c468ef2a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f58728 | result: clone-key@0x7efeac00eec0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x557c468d06c0 from symkey-key@0x7efeac00eec0 | hmac prf: begin sha with context 0x557c468d06c0 from symkey-key@0x7efeac00eec0 | hmac: release clone-key@0x7efeac00eec0 | hmac PRF sha crypt-prf@0x557c468f0e90 | hmac PRF sha update data-bytes@0x557c448f3940 (length 64) | d7 a7 50 22 b2 e6 a3 46 87 47 c3 68 a9 be 6f 68 | 2e 20 25 20 00 00 00 02 00 00 00 4c 2a 00 00 30 | 08 b8 3c 8f b4 68 16 1f b8 ef 88 ec fe 2e 86 b9 | 78 14 f3 5a 97 cf 45 38 70 d1 17 f9 c7 d1 28 e7 | hmac PRF sha final-bytes@0x557c448f3980 (length 20) | 30 e7 d8 53 5d 71 dc 68 25 d7 ea 30 91 78 83 59 | 4d 1a f7 45 | data being hmac: d7 a7 50 22 b2 e6 a3 46 87 47 c3 68 a9 be 6f 68 | data being hmac: 2e 20 25 20 00 00 00 02 00 00 00 4c 2a 00 00 30 | data being hmac: 08 b8 3c 8f b4 68 16 1f b8 ef 88 ec fe 2e 86 b9 | data being hmac: 78 14 f3 5a 97 cf 45 38 70 d1 17 f9 c7 d1 28 e7 | out calculated auth: | 30 e7 d8 53 5d 71 dc 68 25 d7 ea 30 | sending 76 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #7) | d7 a7 50 22 b2 e6 a3 46 87 47 c3 68 a9 be 6f 68 | 2e 20 25 20 00 00 00 02 00 00 00 4c 2a 00 00 30 | 08 b8 3c 8f b4 68 16 1f b8 ef 88 ec fe 2e 86 b9 | 78 14 f3 5a 97 cf 45 38 70 d1 17 f9 c7 d1 28 e7 | 30 e7 d8 53 5d 71 dc 68 25 d7 ea 30 | Message ID: #7 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=2 | Message ID: sent #7 response 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1->2 responder.recv=1 wip.initiator=-1 wip.responder=2 | #7 spent 0.767 milliseconds in processing: R2: process INFORMATIONAL Request in ikev2_process_state_packet() | [RE]START processing: state #7 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #7 complete_v2_state_transition() PARENT_R2->PARENT_R2 with status STF_OK | Message ID: updating counters for #7 to 2 after switching state | Message ID: recv #7 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=1->2 wip.initiator=-1 wip.responder=2->-1 | Message ID: #7 skipping update_send as nothing to send; initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=-1 "east" #7: STATE_PARENT_R2: received v2I2, PARENT SA established | stop processing: state #7 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #7 spent 1.04 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 1.05 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00147 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | d7 a7 50 22 b2 e6 a3 46 87 47 c3 68 a9 be 6f 68 | 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | 12 3e 37 8a b9 82 8f 54 49 fb 0f a8 61 a5 dc 8a | 6b 3d 13 ca 00 0c 93 01 ed 50 0e 35 c1 f6 64 e9 | 23 54 bc 3c 68 ee 0b b9 90 07 f1 50 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | d7 a7 50 22 b2 e6 a3 46 | responder cookie: | 87 47 c3 68 a9 be 6f 68 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 3 (0x3) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request | State DB: found IKEv2 state #7 in PARENT_R2 (find_v2_ike_sa) | start processing: state #7 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #7 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #7 st.st_msgid_lastrecv 2 md.hdr.isa_msgid 00000003 | Message ID: #7 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2D (0x2a) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SK (len=44) | Message ID: start-responder #7 request 3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=-1->3 | #7 in state PARENT_R2: received v2I2, PARENT SA established | hmac PRF sha init symkey-key@0x7efeac0069f0 (size 20) | hmac: symkey-key@0x7efeac0069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efeac0069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f58b68 | result: clone-key@0x7efeac00eec0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x557c468d06c0 from symkey-key@0x7efeac00eec0 | hmac prf: begin sha with context 0x557c468d06c0 from symkey-key@0x7efeac00eec0 | hmac: release clone-key@0x7efeac00eec0 | hmac PRF sha crypt-prf@0x557c468f2830 | hmac PRF sha update data-bytes@0x557c46868320 (length 64) | d7 a7 50 22 b2 e6 a3 46 87 47 c3 68 a9 be 6f 68 | 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | 12 3e 37 8a b9 82 8f 54 49 fb 0f a8 61 a5 dc 8a | 6b 3d 13 ca 00 0c 93 01 ed 50 0e 35 c1 f6 64 e9 | hmac PRF sha final-bytes@0x7fff72f58d30 (length 20) | 23 54 bc 3c 68 ee 0b b9 90 07 f1 50 46 8e 31 b6 | f8 8f 40 10 | data for hmac: d7 a7 50 22 b2 e6 a3 46 87 47 c3 68 a9 be 6f 68 | data for hmac: 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | data for hmac: 12 3e 37 8a b9 82 8f 54 49 fb 0f a8 61 a5 dc 8a | data for hmac: 6b 3d 13 ca 00 0c 93 01 ed 50 0e 35 c1 f6 64 e9 | calculated auth: 23 54 bc 3c 68 ee 0b b9 90 07 f1 50 | provided auth: 23 54 bc 3c 68 ee 0b b9 90 07 f1 50 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 12 3e 37 8a b9 82 8f 54 49 fb 0f a8 61 a5 dc 8a | payload before decryption: | 6b 3d 13 ca 00 0c 93 01 ed 50 0e 35 c1 f6 64 e9 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 00 00 00 08 01 00 00 00 00 01 02 03 04 05 06 07 | stripping 8 octets as pad | #7 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2D) | **parse IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | protocol ID: PROTO_v2_IKE (0x1) | SPI size: 0 (0x0) | number of SPIs: 0 (0x0) | processing payload: ISAKMP_NEXT_v2D (len=0) | selected state microcode R2: process INFORMATIONAL Request | Now let's proceed with state specific processing | calling processor R2: process INFORMATIONAL Request | an informational request should send a response | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness | **emit ISAKMP Message: | initiator cookie: | d7 a7 50 22 b2 e6 a3 46 | responder cookie: | 87 47 c3 68 a9 be 6f 68 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 3 (0x3) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | adding 16 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0c repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0d repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0e repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0f repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 65 b8 b0 01 9c 86 2a 7d 3b 12 3f 20 22 d8 08 5a | data before encryption: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | a2 8c cf e0 23 d8 fc 1a ab 7a ab 4d 62 f3 b1 47 | hmac PRF sha init symkey-key@0x557c468ef2a0 (size 20) | hmac: symkey-key@0x557c468ef2a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x557c468ef2a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f58728 | result: clone-key@0x7efeac00eec0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x557c468d06c0 from symkey-key@0x7efeac00eec0 | hmac prf: begin sha with context 0x557c468d06c0 from symkey-key@0x7efeac00eec0 | hmac: release clone-key@0x7efeac00eec0 | hmac PRF sha crypt-prf@0x557c468ea9d0 | hmac PRF sha update data-bytes@0x557c448f3940 (length 64) | d7 a7 50 22 b2 e6 a3 46 87 47 c3 68 a9 be 6f 68 | 2e 20 25 20 00 00 00 03 00 00 00 4c 00 00 00 30 | 65 b8 b0 01 9c 86 2a 7d 3b 12 3f 20 22 d8 08 5a | a2 8c cf e0 23 d8 fc 1a ab 7a ab 4d 62 f3 b1 47 | hmac PRF sha final-bytes@0x557c448f3980 (length 20) | a9 fb dc ec 83 d2 1a a1 2b 37 73 1e 3a a9 e1 4e | 6b d6 6b 37 | data being hmac: d7 a7 50 22 b2 e6 a3 46 87 47 c3 68 a9 be 6f 68 | data being hmac: 2e 20 25 20 00 00 00 03 00 00 00 4c 00 00 00 30 | data being hmac: 65 b8 b0 01 9c 86 2a 7d 3b 12 3f 20 22 d8 08 5a | data being hmac: a2 8c cf e0 23 d8 fc 1a ab 7a ab 4d 62 f3 b1 47 | out calculated auth: | a9 fb dc ec 83 d2 1a a1 2b 37 73 1e | sending 76 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #7) | d7 a7 50 22 b2 e6 a3 46 87 47 c3 68 a9 be 6f 68 | 2e 20 25 20 00 00 00 03 00 00 00 4c 00 00 00 30 | 65 b8 b0 01 9c 86 2a 7d 3b 12 3f 20 22 d8 08 5a | a2 8c cf e0 23 d8 fc 1a ab 7a ab 4d 62 f3 b1 47 | a9 fb dc ec 83 d2 1a a1 2b 37 73 1e | Message ID: #7 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=3 | Message ID: sent #7 response 3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2->3 responder.recv=2 wip.initiator=-1 wip.responder=3 | State DB: IKEv2 state not found (delete_my_family) | parent state #7: PARENT_R2(established IKE SA) => IKESA_DEL(established IKE SA) | pstats #7 ikev2.ike deleted completed | #7 spent 10.1 milliseconds in total | [RE]START processing: state #7 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #7: deleting state (STATE_IKESA_DEL) aged 0.184s and NOT sending notification | parent state #7: IKESA_DEL(established IKE SA) => delete | state #7 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x7efea40060f0 | free_event_entry: release EVENT_SA_REKEY-pe@0x557c468f4150 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #7 in IKESA_DEL | parent state #7: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7efea8000d60: destroyed | stop processing: state #7 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x557c468d7990 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x7efeb4006900 | delete_state: release st->st_skey_ai_nss-key@0x7efeac0069f0 | delete_state: release st->st_skey_ar_nss-key@0x557c468ef2a0 | delete_state: release st->st_skey_ei_nss-key@0x557c468ef410 | delete_state: release st->st_skey_er_nss-key@0x7efe9c006450 | delete_state: release st->st_skey_pi_nss-key@0x7efe9c00bdb0 | delete_state: release st->st_skey_pr_nss-key@0x7efe9c00eee0 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | in statetime_stop() and could not find #7 | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3376) | #0 complete_v2_state_transition() md.from_state=PARENT_R2 md.svm.state[from]=PARENT_R2 UNDEFINED->PARENT_R2 with status STF_OK | STF_OK but no state object remains | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #7 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.627 milliseconds in comm_handle_cb() reading and processing packet | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00461 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00238 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 3d 05 88 93 fe 15 a1 2e 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 3d 34 7f 0f d5 ee 3c db 09 82 c9 2a | 8b 2f 57 8b 2b 82 fb 18 6e 10 a3 9e 88 a3 e9 04 | 0d 1b 7a 73 1a a6 61 68 05 04 9f 5a f4 49 c8 6e | 9c da c2 7a 6b a7 4c a3 28 a2 40 b8 bf f5 49 65 | 79 a3 d9 c0 f0 31 90 16 c8 d9 19 d8 df 90 3a 2e | 3b 96 b9 3c f3 62 f7 b2 12 a3 2b 82 07 e1 42 94 | d2 65 6b e9 d0 d1 c9 6a 11 41 3c 84 91 f9 10 7f | 2d 1b 74 22 bd b1 d4 29 dc db a8 4b b4 99 08 62 | 37 df 82 31 22 dd 2a 62 23 31 3d 55 71 21 9e 02 | e3 19 93 33 1f 32 76 64 86 25 d8 6f 99 2f 5c 96 | c4 34 1f fe ce 6e 8e 63 4d 2b f6 b1 c6 79 7f d0 | 93 d6 10 c2 e8 99 ba d0 c3 8e 56 b7 ce 27 30 7c | 57 e6 5b 13 a0 a5 2c 0b 78 19 4f 16 40 b5 31 e7 | a9 07 d3 cd af e0 a6 dd 27 af 6f be d9 94 31 75 | be 4c 6a c7 4f dc 8d 4a 95 cf f6 5e d4 c7 e4 38 | 88 96 4c dc 53 0f 78 f4 3e e0 c5 3f 6b 3a 5d 3c | 36 4f 59 f7 29 00 00 24 16 e7 be db c1 0a 0f b9 | 2f 16 03 e3 1c 5f ce e0 48 ed c4 b9 8a 65 e1 61 | 88 9b 1f 5a af be 0b 0f 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 b8 6a e8 e2 1d 5a f4 dd | 23 da 69 cf e8 30 cc 76 c6 0f 8b 4d 00 00 00 1c | 00 00 40 05 55 a4 66 8b e1 77 c3 77 5b da 0b a2 | 71 da b7 89 8f ea cc 6a | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d 05 88 93 fe 15 a1 2e | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | find_next_host_connection policy=PSK+IKEV2_ALLOW | find_next_host_connection returns empty | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x557c468e9610 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x557c448e7700 (length 32) | b3 4d 7f 00 5e 96 ec 2b 24 17 98 2c 30 c4 0b 6f | 32 2a a8 67 4e 25 c8 f6 c6 25 a4 e9 5e fb 8a 57 | IKE SPIr hash sha2_256 digest counter-bytes@0x557c448e76e0 (length 4) | 06 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7fff72f59390 (length 32) | 0c f2 36 c3 98 49 00 79 22 00 e5 dc 3b 9c c9 39 | db 08 21 7b e6 09 1c 3e a8 c6 32 22 34 63 ca 29 | creating state object #9 at 0x557c468ec6e0 | State DB: adding IKEv2 state #9 in UNDEFINED | pstats #9 ikev2.ike started | Message ID: init #9: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #9: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #9; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #9 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #9 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #9 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #9 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #9 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #9 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #9 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 2 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH | remote proposal 1 matches local proposal 1 "east" #9: proposal 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048[first-match] | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | PRF ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1 | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | DH public value received: | 3d 34 7f 0f d5 ee 3c db 09 82 c9 2a 8b 2f 57 8b | 2b 82 fb 18 6e 10 a3 9e 88 a3 e9 04 0d 1b 7a 73 | 1a a6 61 68 05 04 9f 5a f4 49 c8 6e 9c da c2 7a | 6b a7 4c a3 28 a2 40 b8 bf f5 49 65 79 a3 d9 c0 | f0 31 90 16 c8 d9 19 d8 df 90 3a 2e 3b 96 b9 3c | f3 62 f7 b2 12 a3 2b 82 07 e1 42 94 d2 65 6b e9 | d0 d1 c9 6a 11 41 3c 84 91 f9 10 7f 2d 1b 74 22 | bd b1 d4 29 dc db a8 4b b4 99 08 62 37 df 82 31 | 22 dd 2a 62 23 31 3d 55 71 21 9e 02 e3 19 93 33 | 1f 32 76 64 86 25 d8 6f 99 2f 5c 96 c4 34 1f fe | ce 6e 8e 63 4d 2b f6 b1 c6 79 7f d0 93 d6 10 c2 | e8 99 ba d0 c3 8e 56 b7 ce 27 30 7c 57 e6 5b 13 | a0 a5 2c 0b 78 19 4f 16 40 b5 31 e7 a9 07 d3 cd | af e0 a6 dd 27 af 6f be d9 94 31 75 be 4c 6a c7 | 4f dc 8d 4a 95 cf f6 5e d4 c7 e4 38 88 96 4c dc | 53 0f 78 f4 3e e0 c5 3f 6b 3a 5d 3c 36 4f 59 f7 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff72f58d90 (length 8) | 3d 05 88 93 fe 15 a1 2e | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff72f58d98 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff72f58d24 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff72f58d16 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff72f58da0 (length 20) | 55 a4 66 8b e1 77 c3 77 5b da 0b a2 71 da b7 89 | 8f ea cc 6a | natd_hash: hasher=0x557c448ca7a0(20) | natd_hash: icookie= 3d 05 88 93 fe 15 a1 2e | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 55 a4 66 8b e1 77 c3 77 5b da 0b a2 71 da b7 89 | natd_hash: hash= 8f ea cc 6a | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff72f58d90 (length 8) | 3d 05 88 93 fe 15 a1 2e | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff72f58d98 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff72f58d24 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff72f58d16 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff72f58dc0 (length 20) | b8 6a e8 e2 1d 5a f4 dd 23 da 69 cf e8 30 cc 76 | c6 0f 8b 4d | natd_hash: hasher=0x557c448ca7a0(20) | natd_hash: icookie= 3d 05 88 93 fe 15 a1 2e | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= b8 6a e8 e2 1d 5a f4 dd 23 da 69 cf e8 30 cc 76 | natd_hash: hash= c6 0f 8b 4d | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.45 | adding ikev2_inI1outR1 KE work-order 7 for state #9 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x557c468f4110 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #9 | libevent_malloc: new ptr-libevent@0x7efea40060f0 size 128 | #9 spent 0.288 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #9 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #9 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND | suspending state #9 and saving MD | #9 is busy; has a suspended MD | [RE]START processing: state #9 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3266) | "east" #9 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | stop processing: state #9 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #9 spent 0.669 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.68 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 6 resuming | crypto helper 6 starting work-order 7 for state #9 | crypto helper 6 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 7 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7efea0000d60: created | NSS: Local DH MODP2048 secret (pointer): 0x7efea0000d60 | NSS: Public DH wire value: | 2d 0c f2 be 24 46 6e 43 85 05 d2 40 d8 37 42 ef | e6 e2 50 ee 07 28 a8 23 7c 61 6c a3 ad 08 82 41 | 57 5f 4d b8 07 86 ea 0b b1 be 25 d4 f9 13 ec 11 | 00 9c 62 9e 3e 75 65 73 a8 4f 63 2a 8b 11 eb 05 | 85 d6 7d 52 14 8e da 23 e3 bc 71 03 68 2d b1 4a | 2b 19 7b b4 0a 5b 97 a7 d4 e0 b5 b0 04 16 0b ff | b9 07 0f 1f 21 2d a0 31 2d 67 86 a7 93 01 fd 19 | c4 7e e5 c3 50 7b 3c c7 31 0a e3 fe aa d6 5d eb | 73 4a 88 05 91 b7 e2 a0 1f 02 13 d5 2c f9 43 a5 | 1e 0b 35 11 ca 86 c7 a6 f5 5e f0 0e 6a 8a ef 21 | 5c 07 77 3b dc 8f 93 36 04 5a 75 1c d8 36 9f 17 | d3 e1 0b 3e 91 64 52 ca 86 9c da de ba d2 52 99 | ce 22 07 cc 7a be 9f f9 e1 9e 4a 0b 67 b8 da c2 | ed af 8c 83 1e 23 6c 21 55 a5 b0 14 75 be e3 f5 | 70 4c 4a 23 ea 0e 86 8a eb a7 db 43 5c 42 ed 6d | db 4d 5a 86 ac 71 8f 7a eb e9 30 d7 8d 52 4a 4e | Generated nonce: f7 34 4b 0d b9 c1 88 48 af 92 5e 42 75 1d 74 ba | Generated nonce: 30 fa c7 aa 2b 61 2f b2 56 d7 33 71 72 82 9b 21 | crypto helper 6 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 7 time elapsed 0.001034 seconds | (#9) spent 1.03 milliseconds in crypto helper computing work-order 7: ikev2_inI1outR1 KE (pcr) | crypto helper 6 sending results from work-order 7 for state #9 to event queue | scheduling resume sending helper answer for #9 | libevent_malloc: new ptr-libevent@0x7efea0006900 size 128 | crypto helper 6 waiting (nothing to do) | processing resume sending helper answer for #9 | start processing: state #9 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 6 replies to request ID 7 | calling continuation function 0x557c447f4630 | ikev2_parent_inI1outR1_continue for #9: calculated ke+nonce, sending R1 | **emit ISAKMP Message: | initiator cookie: | 3d 05 88 93 fe 15 a1 2e | responder cookie: | 0c f2 36 c3 98 49 00 79 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Emitting ikev2_proposal ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7efea0000d60: transferring ownership from helper KE to state #9 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 2d 0c f2 be 24 46 6e 43 85 05 d2 40 d8 37 42 ef | ikev2 g^x e6 e2 50 ee 07 28 a8 23 7c 61 6c a3 ad 08 82 41 | ikev2 g^x 57 5f 4d b8 07 86 ea 0b b1 be 25 d4 f9 13 ec 11 | ikev2 g^x 00 9c 62 9e 3e 75 65 73 a8 4f 63 2a 8b 11 eb 05 | ikev2 g^x 85 d6 7d 52 14 8e da 23 e3 bc 71 03 68 2d b1 4a | ikev2 g^x 2b 19 7b b4 0a 5b 97 a7 d4 e0 b5 b0 04 16 0b ff | ikev2 g^x b9 07 0f 1f 21 2d a0 31 2d 67 86 a7 93 01 fd 19 | ikev2 g^x c4 7e e5 c3 50 7b 3c c7 31 0a e3 fe aa d6 5d eb | ikev2 g^x 73 4a 88 05 91 b7 e2 a0 1f 02 13 d5 2c f9 43 a5 | ikev2 g^x 1e 0b 35 11 ca 86 c7 a6 f5 5e f0 0e 6a 8a ef 21 | ikev2 g^x 5c 07 77 3b dc 8f 93 36 04 5a 75 1c d8 36 9f 17 | ikev2 g^x d3 e1 0b 3e 91 64 52 ca 86 9c da de ba d2 52 99 | ikev2 g^x ce 22 07 cc 7a be 9f f9 e1 9e 4a 0b 67 b8 da c2 | ikev2 g^x ed af 8c 83 1e 23 6c 21 55 a5 b0 14 75 be e3 f5 | ikev2 g^x 70 4c 4a 23 ea 0e 86 8a eb a7 db 43 5c 42 ed 6d | ikev2 g^x db 4d 5a 86 ac 71 8f 7a eb e9 30 d7 8d 52 4a 4e | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce f7 34 4b 0d b9 c1 88 48 af 92 5e 42 75 1d 74 ba | IKEv2 nonce 30 fa c7 aa 2b 61 2f b2 56 d7 33 71 72 82 9b 21 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff72f592e0 (length 8) | 3d 05 88 93 fe 15 a1 2e | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff72f592e8 (length 8) | 0c f2 36 c3 98 49 00 79 | NATD hash sha digest IP addr-bytes@0x7fff72f59214 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff72f59206 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff72f59290 (length 20) | a0 49 27 fc 82 1d 21 9e b4 4a 57 7c 55 d0 45 10 | 10 5f 71 85 | natd_hash: hasher=0x557c448ca7a0(20) | natd_hash: icookie= 3d 05 88 93 fe 15 a1 2e | natd_hash: rcookie= 0c f2 36 c3 98 49 00 79 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= a0 49 27 fc 82 1d 21 9e b4 4a 57 7c 55 d0 45 10 | natd_hash: hash= 10 5f 71 85 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data a0 49 27 fc 82 1d 21 9e b4 4a 57 7c 55 d0 45 10 | Notify data 10 5f 71 85 | emitting length of IKEv2 Notify Payload: 28 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff72f592e0 (length 8) | 3d 05 88 93 fe 15 a1 2e | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff72f592e8 (length 8) | 0c f2 36 c3 98 49 00 79 | NATD hash sha digest IP addr-bytes@0x7fff72f59214 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff72f59206 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff72f59290 (length 20) | 54 a4 71 5f ae 08 f4 6b d1 a6 8a d5 da 40 71 4a | e5 8a 25 26 | natd_hash: hasher=0x557c448ca7a0(20) | natd_hash: icookie= 3d 05 88 93 fe 15 a1 2e | natd_hash: rcookie= 0c f2 36 c3 98 49 00 79 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 54 a4 71 5f ae 08 f4 6b d1 a6 8a d5 da 40 71 4a | natd_hash: hash= e5 8a 25 26 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 54 a4 71 5f ae 08 f4 6b d1 a6 8a d5 da 40 71 4a | Notify data e5 8a 25 26 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | [RE]START processing: state #9 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #9 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 | parent state #9: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) | Message ID: updating counters for #9 to 0 after switching state | Message ID: recv #9 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 | Message ID: sent #9 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 "east" #9: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_CBC_128 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP2048} | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) | sending 440 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #9) | 3d 05 88 93 fe 15 a1 2e 0c f2 36 c3 98 49 00 79 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 2d 0c f2 be 24 46 6e 43 85 05 d2 40 | d8 37 42 ef e6 e2 50 ee 07 28 a8 23 7c 61 6c a3 | ad 08 82 41 57 5f 4d b8 07 86 ea 0b b1 be 25 d4 | f9 13 ec 11 00 9c 62 9e 3e 75 65 73 a8 4f 63 2a | 8b 11 eb 05 85 d6 7d 52 14 8e da 23 e3 bc 71 03 | 68 2d b1 4a 2b 19 7b b4 0a 5b 97 a7 d4 e0 b5 b0 | 04 16 0b ff b9 07 0f 1f 21 2d a0 31 2d 67 86 a7 | 93 01 fd 19 c4 7e e5 c3 50 7b 3c c7 31 0a e3 fe | aa d6 5d eb 73 4a 88 05 91 b7 e2 a0 1f 02 13 d5 | 2c f9 43 a5 1e 0b 35 11 ca 86 c7 a6 f5 5e f0 0e | 6a 8a ef 21 5c 07 77 3b dc 8f 93 36 04 5a 75 1c | d8 36 9f 17 d3 e1 0b 3e 91 64 52 ca 86 9c da de | ba d2 52 99 ce 22 07 cc 7a be 9f f9 e1 9e 4a 0b | 67 b8 da c2 ed af 8c 83 1e 23 6c 21 55 a5 b0 14 | 75 be e3 f5 70 4c 4a 23 ea 0e 86 8a eb a7 db 43 | 5c 42 ed 6d db 4d 5a 86 ac 71 8f 7a eb e9 30 d7 | 8d 52 4a 4e 29 00 00 24 f7 34 4b 0d b9 c1 88 48 | af 92 5e 42 75 1d 74 ba 30 fa c7 aa 2b 61 2f b2 | 56 d7 33 71 72 82 9b 21 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 a0 49 27 fc 82 1d 21 9e | b4 4a 57 7c 55 d0 45 10 10 5f 71 85 00 00 00 1c | 00 00 40 05 54 a4 71 5f ae 08 f4 6b d1 a6 8a d5 | da 40 71 4a e5 8a 25 26 | state #9 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7efea40060f0 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x557c468f4110 | event_schedule: new EVENT_SO_DISCARD-pe@0x557c468f4110 | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #9 | libevent_malloc: new ptr-libevent@0x7efea40060f0 size 128 | resume sending helper answer for #9 suppresed complete_v2_state_transition() | #9 spent 0.473 milliseconds in resume sending helper answer | stop processing: state #9 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7efea0006900 | spent 0.00355 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 220 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 3d 05 88 93 fe 15 a1 2e 0c f2 36 c3 98 49 00 79 | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | fb 4e 77 f6 ee b9 c5 6a b8 fa 89 a8 96 55 f9 1c | af 4a ec e1 2c bd 53 06 e8 12 f2 8a 33 67 8c 22 | 4e f9 58 61 f0 dd b8 bf 17 ed 5d 92 0e 13 12 5b | 61 a2 57 aa a0 80 c4 5e f8 ac b7 37 18 f7 97 a0 | 3f 27 75 81 8c de 88 df 12 7a b3 9d 34 a7 01 4f | 54 46 93 df 6c 4b 37 8c f9 22 d7 30 7d 50 76 56 | 88 c0 b1 1b 0f 4c 6d 04 c4 35 74 e9 2a b0 da e2 | 4e d0 e4 09 06 00 ca 11 08 09 f6 48 9b 5b 54 ab | bf 80 b4 cd 36 b3 67 0f 14 6b e0 28 13 57 05 81 | 34 c4 1e 20 c8 d2 3c fb ab 50 ac c1 71 ef 22 f6 | 42 34 de a1 6a 19 6f 91 c6 d3 5e ae 63 a2 e7 19 | e6 74 e8 b3 6b fc ee 0f ae 4b c0 21 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d 05 88 93 fe 15 a1 2e | responder cookie: | 0c f2 36 c3 98 49 00 79 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | length: 220 (0xdc) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request | State DB: found IKEv2 state #9 in PARENT_R1 (find_v2_ike_sa) | start processing: state #9 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #9 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #9 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 | Message ID: #9 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | length: 192 (0xc0) | processing payload: ISAKMP_NEXT_v2SK (len=188) | Message ID: start-responder #9 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 | #9 in state PARENT_R1: received v2I1, sent v2R1 | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) | Now let's proceed with state specific processing | calling processor Responder: process IKE_AUTH request (no SKEYSEED) | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA1 integ=HMAC_SHA1_96 cipherkey=AES_CBC | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7efea0000d60: transferring ownership from state #9 to helper IKEv2 DH | adding ikev2_inI2outR2 KE work-order 8 for state #9 | state #9 requesting EVENT_SO_DISCARD to be deleted | libevent_free: release ptr-libevent@0x7efea40060f0 | free_event_entry: release EVENT_SO_DISCARD-pe@0x557c468f4110 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7efea0002b20 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #9 | libevent_malloc: new ptr-libevent@0x7efea40060f0 size 128 | #9 spent 0.0348 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet() | [RE]START processing: state #9 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #9 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND | suspending state #9 and saving MD | #9 is busy; has a suspended MD | [RE]START processing: state #9 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3266) | "east" #9 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | stop processing: state #9 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #9 spent 0.184 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.196 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 1 resuming | crypto helper 1 starting work-order 8 for state #9 | crypto helper 1 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 8 | peer's g: 3d 34 7f 0f d5 ee 3c db 09 82 c9 2a 8b 2f 57 8b | peer's g: 2b 82 fb 18 6e 10 a3 9e 88 a3 e9 04 0d 1b 7a 73 | peer's g: 1a a6 61 68 05 04 9f 5a f4 49 c8 6e 9c da c2 7a | peer's g: 6b a7 4c a3 28 a2 40 b8 bf f5 49 65 79 a3 d9 c0 | peer's g: f0 31 90 16 c8 d9 19 d8 df 90 3a 2e 3b 96 b9 3c | peer's g: f3 62 f7 b2 12 a3 2b 82 07 e1 42 94 d2 65 6b e9 | peer's g: d0 d1 c9 6a 11 41 3c 84 91 f9 10 7f 2d 1b 74 22 | peer's g: bd b1 d4 29 dc db a8 4b b4 99 08 62 37 df 82 31 | peer's g: 22 dd 2a 62 23 31 3d 55 71 21 9e 02 e3 19 93 33 | peer's g: 1f 32 76 64 86 25 d8 6f 99 2f 5c 96 c4 34 1f fe | peer's g: ce 6e 8e 63 4d 2b f6 b1 c6 79 7f d0 93 d6 10 c2 | peer's g: e8 99 ba d0 c3 8e 56 b7 ce 27 30 7c 57 e6 5b 13 | peer's g: a0 a5 2c 0b 78 19 4f 16 40 b5 31 e7 a9 07 d3 cd | peer's g: af e0 a6 dd 27 af 6f be d9 94 31 75 be 4c 6a c7 | peer's g: 4f dc 8d 4a 95 cf f6 5e d4 c7 e4 38 88 96 4c dc | peer's g: 53 0f 78 f4 3e e0 c5 3f 6b 3a 5d 3c 36 4f 59 f7 | Started DH shared-secret computation in NSS: | new : g_ir-key@0x7efe9c00eee0 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7efea0000d60: computed shared DH secret key@0x7efe9c00eee0 | dh-shared : g^ir-key@0x7efe9c00eee0 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha integ=sha cipherkey-size=16 salt-size=0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha init Ni | Nr-chunk@0x7efeb40039a0 (length 64) | 16 e7 be db c1 0a 0f b9 2f 16 03 e3 1c 5f ce e0 | 48 ed c4 b9 8a 65 e1 61 88 9b 1f 5a af be 0b 0f | f7 34 4b 0d b9 c1 88 48 af 92 5e 42 75 1d 74 ba | 30 fa c7 aa 2b 61 2f b2 56 d7 33 71 72 82 9b 21 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efebc0a8670 | result: Ni | Nr-key@0x7efe9c006450 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x7efe9c006450 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebc0a8658 | result: Ni | Nr-key@0x7efe9c00bdb0 (64-bytes, SHA_1_HMAC) | Ni | Nr: release tmp-key@0x7efe9c006450 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha context 0x7efeb4003aa0 from Ni | Nr-key@0x7efe9c00bdb0 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha with context 0x7efeb4003aa0 from Ni | Nr-key@0x7efe9c00bdb0 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x7efe9c00bdb0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha crypt-prf@0x7efeb4000d60 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha update g^ir-key@0x7efe9c00eee0 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x7efe9c00eee0 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x7efe9c00eee0 | nss hmac digest hack: symkey-key@0x7efe9c00eee0 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)-1140161840: 62 ffffffb6 7f 43 ffffffdf 0e ffffffd5 ffffffa6 ffffffcb ffffff9f ffffff80 fffffff3 77 ffffffa3 ffffffc0 3a 39 51 ffffff89 ffffffc4 6e ffffff94 50 00 fffffff4 62 63 ffffff87 68 46 ffffffc4 31 ffffffb9 5c 19 ffffff99 3f ffffffbe ffffffcb 5f ffffffae 4a ffffff80 3a 71 ffffff96 40 ffffffc7 ffffffe6 fffffff2 54 fffffff6 ffffff89 ffffff97 ffffffb9 3c ffffff9b fffffffa 25 2f ffffff9f 1c ffffffe8 0b ffffffdd ffffffdf 0c 32 ffffffdb ffffffeb ffffffca 67 fffffffe 18 33 ffffffbb 7e ffffffc9 20 2f ffffffe4 20 ffffff98 ffffffe0 ffffff86 ffffffb3 2c 57 04 ffffff89 ffffffba 04 ffffff97 0e 0d 5b 70 0d 05 fffffffd 58 6e ffffff95 6e 59 ffffff89 39 32 ffffffd1 ffffffe3 6b 08 19 57 fffffff0 5f 59 ffffffdc ffffffe7 45 fffffff8 fffffffc 62 0f ffffffae ffffffdf 04 3f 46 30 7b ffffff9f ffffff91 ffffffbf ffffffe3 22 7e 2e ffffffd1 66 ffffffd3 ffffffc3 3d 35 ffffffbd 44 ffffffd3 34 0a ffffff9c ffffffd2 ffffffc0 3c ffffffac ffffffd2 1d ffffffbf 29 ffffffd | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 256 bytes at 0x7efeb40045f0 | unwrapped: bf cf e8 9d 3b 47 7a 98 f1 4a af e7 0e 3b f7 07 | unwrapped: 8f a1 fe 5c 8b 2d f8 2e 97 4f eb 51 24 83 90 eb | unwrapped: 19 6a c1 c3 67 dd ac 6d bc 4c 51 bd ab 33 13 a6 | unwrapped: 10 90 af 90 90 33 19 80 7e 49 37 91 fd 6b 57 ae | unwrapped: f5 e1 6a 2d e6 71 d6 1d 71 80 ea a6 3a f6 a5 14 | unwrapped: 7a 5f 1b bc 58 f3 f3 98 e5 67 e1 33 a4 30 cd 96 | unwrapped: 24 4c 18 b8 52 60 4e 7c 78 b9 14 b8 c8 fb f2 ac | unwrapped: 0c 63 d6 57 02 64 5c 39 28 f8 2d 53 f0 05 9a 0f | unwrapped: 66 fe 3a 7a 39 7b 3a 9d dd fd 3c 04 07 17 10 e7 | unwrapped: 60 73 b3 44 51 ea ca d7 f3 f6 03 c0 ce 42 64 f1 | unwrapped: 95 09 6a f5 16 be c7 0e bb a6 ef bb 5b 6a 99 17 | unwrapped: 30 d9 b2 55 33 7e 4e 59 4b 71 fa 0d 6f 81 f2 7d | unwrapped: 95 82 cd 5b 73 cd f7 51 41 39 af 67 4c d3 50 bf | unwrapped: f6 d7 93 9d 98 03 40 ff d8 4a a8 8a 9c 37 f2 33 | unwrapped: 0c 6b 04 48 c6 f2 c9 8c 7c b8 43 52 bf 86 39 ce | unwrapped: fe ba 8d be a5 db 3c dc d4 ec 62 f9 99 b0 47 47 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efebc0a8690 | result: final-key@0x7efe9c006450 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efe9c006450 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebc0a8678 | result: final-key@0x7efe9c00bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efe9c006450 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha final-key@0x7efe9c00bdb0 (size 20) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x7efe9c00bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efebc0a8600 | result: data=Ni-key@0x557c468ef410 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x557c468ef410 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebc0a85e8 | result: data=Ni-key@0x7efe9c006450 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x557c468ef410 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7efe9c006450 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7efebc0a85f0 | result: data+=Nr-key@0x557c468ef410 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x7efe9c006450 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c468ef410 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7efebc0a85f0 | result: data+=SPIi-key@0x7efe9c006450 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x557c468ef410 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7efe9c006450 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7efebc0a85f0 | result: data+=SPIr-key@0x557c468ef410 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x7efe9c006450 | prf+0 PRF sha init key-key@0x7efe9c00bdb0 (size 20) | prf+0: key-key@0x7efe9c00bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efe9c00bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebc0a8518 | result: clone-key@0x7efe9c006450 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7efeb4003aa0 from key-key@0x7efe9c006450 | prf+0 prf: begin sha with context 0x7efeb4003aa0 from key-key@0x7efe9c006450 | prf+0: release clone-key@0x7efe9c006450 | prf+0 PRF sha crypt-prf@0x7efeb4001ae0 | prf+0 PRF sha update seed-key@0x557c468ef410 (size 80) | prf+0: seed-key@0x557c468ef410 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x557c468ef410 | nss hmac digest hack: symkey-key@0x557c468ef410 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1140162208: 1e 1a ffffffd7 ffffff91 ffffffdc ffffff91 46 ffffff91 ffffffd6 07 ffffff96 ffffffa7 7c 67 ffffffb6 01 ffffff88 ffffffb8 ffffffcb ffffffb3 ffffff8f ffffffe7 ffffffd4 ffffffd8 fffffff6 ffffffb7 35 ffffffaf 6c ffffff87 51 54 ffffffc8 57 ffffff88 ffffffa3 6d ffffff9c ffffffe1 5b ffffffbb ffffff96 05 5c 01 fffffff8 ffffffe6 ffffff9e ffffff9e 19 25 ffffffe6 60 7e 19 53 ffffffaa 5e 43 71 fffffffe ffffffa0 51 ffffff81 3d 20 56 49 5b fffffffe ffffff8d 7a ffffff95 5c 31 ffffffd1 ffffffcd 4b 7b 15 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 80 bytes at 0x7efeb4004a20 | unwrapped: 16 e7 be db c1 0a 0f b9 2f 16 03 e3 1c 5f ce e0 | unwrapped: 48 ed c4 b9 8a 65 e1 61 88 9b 1f 5a af be 0b 0f | unwrapped: f7 34 4b 0d b9 c1 88 48 af 92 5e 42 75 1d 74 ba | unwrapped: 30 fa c7 aa 2b 61 2f b2 56 d7 33 71 72 82 9b 21 | unwrapped: 3d 05 88 93 fe 15 a1 2e 0c f2 36 c3 98 49 00 79 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efebc0a8520 | result: final-key@0x557c468ef2a0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x557c468ef2a0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebc0a8508 | result: final-key@0x7efe9c006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x557c468ef2a0 | prf+0 PRF sha final-key@0x7efe9c006450 (size 20) | prf+0: key-key@0x7efe9c006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x7efe9c006450 | prf+N PRF sha init key-key@0x7efe9c00bdb0 (size 20) | prf+N: key-key@0x7efe9c00bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efe9c00bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebc0a8518 | result: clone-key@0x557c468ef2a0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7efeb4003aa0 from key-key@0x557c468ef2a0 | prf+N prf: begin sha with context 0x7efeb4003aa0 from key-key@0x557c468ef2a0 | prf+N: release clone-key@0x557c468ef2a0 | prf+N PRF sha crypt-prf@0x7efeb40010c0 | prf+N PRF sha update old_t-key@0x7efe9c006450 (size 20) | prf+N: old_t-key@0x7efe9c006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7efe9c006450 | nss hmac digest hack: symkey-key@0x7efe9c006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1140162208: 10 ffffffbe 21 56 fffffffc ffffffa2 04 72 60 75 ffffff93 42 5b ffffffd6 fffffffd ffffff9d 5f 62 11 ffffff80 ffffffac 7c ffffff93 50 ffffffde 45 6c 1c ffffffe3 ffffff84 ffffffa5 65 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x7efeb4003970 | unwrapped: 2b 2b 48 42 a3 31 3c 66 91 bf d3 7a 32 4a c5 21 | unwrapped: 46 ca 82 01 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x557c468ef410 (size 80) | prf+N: seed-key@0x557c468ef410 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x557c468ef410 | nss hmac digest hack: symkey-key@0x557c468ef410 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1140162208: 1e 1a ffffffd7 ffffff91 ffffffdc ffffff91 46 ffffff91 ffffffd6 07 ffffff96 ffffffa7 7c 67 ffffffb6 01 ffffff88 ffffffb8 ffffffcb ffffffb3 ffffff8f ffffffe7 ffffffd4 ffffffd8 fffffff6 ffffffb7 35 ffffffaf 6c ffffff87 51 54 ffffffc8 57 ffffff88 ffffffa3 6d ffffff9c ffffffe1 5b ffffffbb ffffff96 05 5c 01 fffffff8 ffffffe6 ffffff9e ffffff9e 19 25 ffffffe6 60 7e 19 53 ffffffaa 5e 43 71 fffffffe ffffffa0 51 ffffff81 3d 20 56 49 5b fffffffe ffffff8d 7a ffffff95 5c 31 ffffffd1 ffffffcd 4b 7b 15 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 80 bytes at 0x7efeb40049c0 | unwrapped: 16 e7 be db c1 0a 0f b9 2f 16 03 e3 1c 5f ce e0 | unwrapped: 48 ed c4 b9 8a 65 e1 61 88 9b 1f 5a af be 0b 0f | unwrapped: f7 34 4b 0d b9 c1 88 48 af 92 5e 42 75 1d 74 ba | unwrapped: 30 fa c7 aa 2b 61 2f b2 56 d7 33 71 72 82 9b 21 | unwrapped: 3d 05 88 93 fe 15 a1 2e 0c f2 36 c3 98 49 00 79 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efebc0a8520 | result: final-key@0x7efeac0069f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efeac0069f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebc0a8508 | result: final-key@0x557c468ef2a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efeac0069f0 | prf+N PRF sha final-key@0x557c468ef2a0 (size 20) | prf+N: key-key@0x557c468ef2a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7efe9c006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7efebc0a8598 | result: result-key@0x7efeac0069f0 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7efe9c006450 | prfplus: release old_t[N]-key@0x7efe9c006450 | prf+N PRF sha init key-key@0x7efe9c00bdb0 (size 20) | prf+N: key-key@0x7efe9c00bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efe9c00bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebc0a8518 | result: clone-key@0x7efe9c006450 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7efeb4003aa0 from key-key@0x7efe9c006450 | prf+N prf: begin sha with context 0x7efeb4003aa0 from key-key@0x7efe9c006450 | prf+N: release clone-key@0x7efe9c006450 | prf+N PRF sha crypt-prf@0x7efeb4002a80 | prf+N PRF sha update old_t-key@0x557c468ef2a0 (size 20) | prf+N: old_t-key@0x557c468ef2a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x557c468ef2a0 | nss hmac digest hack: symkey-key@0x557c468ef2a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1140162208: 11 50 ffffffb4 ffffffa9 53 50 fffffffa ffffffac ffffffba ffffffc4 0d ffffffe0 ffffff85 ffffffb2 4a 43 7b 2c ffffff8e ffffffd5 ffffffd0 78 ffffffe3 ffffffa6 ffffffb5 ffffffea ffffff8e 0b ffffffc1 ffffffbf 52 ffffffb0 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x7efeb40061e0 | unwrapped: b3 63 5f 1a e7 04 e9 9b bc 61 7f 4c 11 e4 3a bf | unwrapped: 58 b5 bb 48 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x557c468ef410 (size 80) | prf+N: seed-key@0x557c468ef410 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x557c468ef410 | nss hmac digest hack: symkey-key@0x557c468ef410 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1140162208: 1e 1a ffffffd7 ffffff91 ffffffdc ffffff91 46 ffffff91 ffffffd6 07 ffffff96 ffffffa7 7c 67 ffffffb6 01 ffffff88 ffffffb8 ffffffcb ffffffb3 ffffff8f ffffffe7 ffffffd4 ffffffd8 fffffff6 ffffffb7 35 ffffffaf 6c ffffff87 51 54 ffffffc8 57 ffffff88 ffffffa3 6d ffffff9c ffffffe1 5b ffffffbb ffffff96 05 5c 01 fffffff8 ffffffe6 ffffff9e ffffff9e 19 25 ffffffe6 60 7e 19 53 ffffffaa 5e 43 71 fffffffe ffffffa0 51 ffffff81 3d 20 56 49 5b fffffffe ffffff8d 7a ffffff95 5c 31 ffffffd1 ffffffcd 4b 7b 15 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 80 bytes at 0x7efeb4004960 | unwrapped: 16 e7 be db c1 0a 0f b9 2f 16 03 e3 1c 5f ce e0 | unwrapped: 48 ed c4 b9 8a 65 e1 61 88 9b 1f 5a af be 0b 0f | unwrapped: f7 34 4b 0d b9 c1 88 48 af 92 5e 42 75 1d 74 ba | unwrapped: 30 fa c7 aa 2b 61 2f b2 56 d7 33 71 72 82 9b 21 | unwrapped: 3d 05 88 93 fe 15 a1 2e 0c f2 36 c3 98 49 00 79 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efebc0a8520 | result: final-key@0x7efeb4006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efeb4006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebc0a8508 | result: final-key@0x7efe9c006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efeb4006900 | prf+N PRF sha final-key@0x7efe9c006450 (size 20) | prf+N: key-key@0x7efe9c006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7efeac0069f0 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7efebc0a8598 | result: result-key@0x7efeb4006900 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7efeac0069f0 | prfplus: release old_t[N]-key@0x557c468ef2a0 | prf+N PRF sha init key-key@0x7efe9c00bdb0 (size 20) | prf+N: key-key@0x7efe9c00bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efe9c00bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebc0a8518 | result: clone-key@0x557c468ef2a0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7efeb4003aa0 from key-key@0x557c468ef2a0 | prf+N prf: begin sha with context 0x7efeb4003aa0 from key-key@0x557c468ef2a0 | prf+N: release clone-key@0x557c468ef2a0 | prf+N PRF sha crypt-prf@0x7efeb40010c0 | prf+N PRF sha update old_t-key@0x7efe9c006450 (size 20) | prf+N: old_t-key@0x7efe9c006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7efe9c006450 | nss hmac digest hack: symkey-key@0x7efe9c006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1140162208: ffffffe1 ffffffe4 ffffffb4 42 45 ffffff96 ffffff97 6d 44 ffffffeb ffffffe7 0a ffffffcf 16 06 fffffff7 fffffff2 ffffff95 2d ffffffd8 4a 46 ffffffdf 20 ffffffa9 54 6c ffffffc3 ffffff9d 41 ffffffd9 3e | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x7efeb40061b0 | unwrapped: 82 1b c1 b9 6d ef fe 53 56 e8 2e 4c 51 61 9f 81 | unwrapped: c8 6f 1f 6b 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x557c468ef410 (size 80) | prf+N: seed-key@0x557c468ef410 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x557c468ef410 | nss hmac digest hack: symkey-key@0x557c468ef410 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1140162208: 1e 1a ffffffd7 ffffff91 ffffffdc ffffff91 46 ffffff91 ffffffd6 07 ffffff96 ffffffa7 7c 67 ffffffb6 01 ffffff88 ffffffb8 ffffffcb ffffffb3 ffffff8f ffffffe7 ffffffd4 ffffffd8 fffffff6 ffffffb7 35 ffffffaf 6c ffffff87 51 54 ffffffc8 57 ffffff88 ffffffa3 6d ffffff9c ffffffe1 5b ffffffbb ffffff96 05 5c 01 fffffff8 ffffffe6 ffffff9e ffffff9e 19 25 ffffffe6 60 7e 19 53 ffffffaa 5e 43 71 fffffffe ffffffa0 51 ffffff81 3d 20 56 49 5b fffffffe ffffff8d 7a ffffff95 5c 31 ffffffd1 ffffffcd 4b 7b 15 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 80 bytes at 0x7efeb4004900 | unwrapped: 16 e7 be db c1 0a 0f b9 2f 16 03 e3 1c 5f ce e0 | unwrapped: 48 ed c4 b9 8a 65 e1 61 88 9b 1f 5a af be 0b 0f | unwrapped: f7 34 4b 0d b9 c1 88 48 af 92 5e 42 75 1d 74 ba | unwrapped: 30 fa c7 aa 2b 61 2f b2 56 d7 33 71 72 82 9b 21 | unwrapped: 3d 05 88 93 fe 15 a1 2e 0c f2 36 c3 98 49 00 79 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efebc0a8520 | result: final-key@0x7efeac0069f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efeac0069f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebc0a8508 | result: final-key@0x557c468ef2a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efeac0069f0 | prf+N PRF sha final-key@0x557c468ef2a0 (size 20) | prf+N: key-key@0x557c468ef2a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7efeb4006900 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7efebc0a8598 | result: result-key@0x7efeac0069f0 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7efeb4006900 | prfplus: release old_t[N]-key@0x7efe9c006450 | prf+N PRF sha init key-key@0x7efe9c00bdb0 (size 20) | prf+N: key-key@0x7efe9c00bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efe9c00bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebc0a8518 | result: clone-key@0x7efe9c006450 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7efeb4003aa0 from key-key@0x7efe9c006450 | prf+N prf: begin sha with context 0x7efeb4003aa0 from key-key@0x7efe9c006450 | prf+N: release clone-key@0x7efe9c006450 | prf+N PRF sha crypt-prf@0x7efeb4002a80 | prf+N PRF sha update old_t-key@0x557c468ef2a0 (size 20) | prf+N: old_t-key@0x557c468ef2a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x557c468ef2a0 | nss hmac digest hack: symkey-key@0x557c468ef2a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1140162208: 70 69 ffffff87 ffffffa9 36 ffffffee 60 ffffffeb 2f 14 ffffff84 ffffff95 44 76 ffffff98 35 ffffff92 ffffffef ffffffeb fffffff6 2b 61 ffffff88 ffffffae 1f ffffffca ffffffba ffffff9b 15 3e ffffffbf 78 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x7efeb4006480 | unwrapped: 62 97 9b 78 37 2d 15 59 7b ef f1 45 9c fc 6e 1f | unwrapped: 64 4f 9c 97 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x557c468ef410 (size 80) | prf+N: seed-key@0x557c468ef410 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x557c468ef410 | nss hmac digest hack: symkey-key@0x557c468ef410 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1140162208: 1e 1a ffffffd7 ffffff91 ffffffdc ffffff91 46 ffffff91 ffffffd6 07 ffffff96 ffffffa7 7c 67 ffffffb6 01 ffffff88 ffffffb8 ffffffcb ffffffb3 ffffff8f ffffffe7 ffffffd4 ffffffd8 fffffff6 ffffffb7 35 ffffffaf 6c ffffff87 51 54 ffffffc8 57 ffffff88 ffffffa3 6d ffffff9c ffffffe1 5b ffffffbb ffffff96 05 5c 01 fffffff8 ffffffe6 ffffff9e ffffff9e 19 25 ffffffe6 60 7e 19 53 ffffffaa 5e 43 71 fffffffe ffffffa0 51 ffffff81 3d 20 56 49 5b fffffffe ffffff8d 7a ffffff95 5c 31 ffffffd1 ffffffcd 4b 7b 15 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 80 bytes at 0x7efeb4006330 | unwrapped: 16 e7 be db c1 0a 0f b9 2f 16 03 e3 1c 5f ce e0 | unwrapped: 48 ed c4 b9 8a 65 e1 61 88 9b 1f 5a af be 0b 0f | unwrapped: f7 34 4b 0d b9 c1 88 48 af 92 5e 42 75 1d 74 ba | unwrapped: 30 fa c7 aa 2b 61 2f b2 56 d7 33 71 72 82 9b 21 | unwrapped: 3d 05 88 93 fe 15 a1 2e 0c f2 36 c3 98 49 00 79 | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efebc0a8520 | result: final-key@0x7efeb4006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efeb4006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebc0a8508 | result: final-key@0x7efe9c006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efeb4006900 | prf+N PRF sha final-key@0x7efe9c006450 (size 20) | prf+N: key-key@0x7efe9c006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7efeac0069f0 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7efebc0a8598 | result: result-key@0x7efeb4006900 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7efeac0069f0 | prfplus: release old_t[N]-key@0x557c468ef2a0 | prf+N PRF sha init key-key@0x7efe9c00bdb0 (size 20) | prf+N: key-key@0x7efe9c00bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efe9c00bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebc0a8518 | result: clone-key@0x557c468ef2a0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7efeb4004700 from key-key@0x557c468ef2a0 | prf+N prf: begin sha with context 0x7efeb4004700 from key-key@0x557c468ef2a0 | prf+N: release clone-key@0x557c468ef2a0 | prf+N PRF sha crypt-prf@0x7efeb40010c0 | prf+N PRF sha update old_t-key@0x7efe9c006450 (size 20) | prf+N: old_t-key@0x7efe9c006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7efe9c006450 | nss hmac digest hack: symkey-key@0x7efe9c006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1140162208: ffffffd1 12 52 ffffff95 3f 6f ffffffdd 74 2e ffffff81 ffffffd8 65 12 ffffffaa fffffffb ffffffcf ffffffb5 2a ffffff90 28 ffffffd7 ffffffeb 4b ffffffe7 49 06 7e ffffffa6 1b ffffffb2 fffffff6 0c | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x7efeb4006880 | unwrapped: 14 b9 cd 43 8f 9d e5 a4 7b 52 8c 4f c2 d6 f3 3b | unwrapped: ad 90 44 12 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x557c468ef410 (size 80) | prf+N: seed-key@0x557c468ef410 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x557c468ef410 | nss hmac digest hack: symkey-key@0x557c468ef410 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1140162208: 1e 1a ffffffd7 ffffff91 ffffffdc ffffff91 46 ffffff91 ffffffd6 07 ffffff96 ffffffa7 7c 67 ffffffb6 01 ffffff88 ffffffb8 ffffffcb ffffffb3 ffffff8f ffffffe7 ffffffd4 ffffffd8 fffffff6 ffffffb7 35 ffffffaf 6c ffffff87 51 54 ffffffc8 57 ffffff88 ffffffa3 6d ffffff9c ffffffe1 5b ffffffbb ffffff96 05 5c 01 fffffff8 ffffffe6 ffffff9e ffffff9e 19 25 ffffffe6 60 7e 19 53 ffffffaa 5e 43 71 fffffffe ffffffa0 51 ffffff81 3d 20 56 49 5b fffffffe ffffff8d 7a ffffff95 5c 31 ffffffd1 ffffffcd 4b 7b 15 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 80 bytes at 0x7efeb40049c0 | unwrapped: 16 e7 be db c1 0a 0f b9 2f 16 03 e3 1c 5f ce e0 | unwrapped: 48 ed c4 b9 8a 65 e1 61 88 9b 1f 5a af be 0b 0f | unwrapped: f7 34 4b 0d b9 c1 88 48 af 92 5e 42 75 1d 74 ba | unwrapped: 30 fa c7 aa 2b 61 2f b2 56 d7 33 71 72 82 9b 21 | unwrapped: 3d 05 88 93 fe 15 a1 2e 0c f2 36 c3 98 49 00 79 | prf+N PRF sha update N++-byte@0x6 (6) | 06 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efebc0a8520 | result: final-key@0x7efeac0069f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efeac0069f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebc0a8508 | result: final-key@0x557c468ef2a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efeac0069f0 | prf+N PRF sha final-key@0x557c468ef2a0 (size 20) | prf+N: key-key@0x557c468ef2a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7efeb4006900 (100-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7efebc0a8598 | result: result-key@0x7efeac0069f0 (120-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7efeb4006900 | prfplus: release old_t[N]-key@0x7efe9c006450 | prf+N PRF sha init key-key@0x7efe9c00bdb0 (size 20) | prf+N: key-key@0x7efe9c00bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efe9c00bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebc0a8518 | result: clone-key@0x7efe9c006450 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7efeb4003aa0 from key-key@0x7efe9c006450 | prf+N prf: begin sha with context 0x7efeb4003aa0 from key-key@0x7efe9c006450 | prf+N: release clone-key@0x7efe9c006450 | prf+N PRF sha crypt-prf@0x7efeb4002a80 | prf+N PRF sha update old_t-key@0x557c468ef2a0 (size 20) | prf+N: old_t-key@0x557c468ef2a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x557c468ef2a0 | nss hmac digest hack: symkey-key@0x557c468ef2a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1140162208: ffffffb2 5a ffffff87 ffffff94 ffffffe6 56 5f ffffffa0 31 2b ffffff91 ffffffe8 ffffffba ffffff91 ffffffb8 fffffff0 27 78 ffffff8c ffffffa2 7f ffffffa1 ffffffa3 ffffffa0 34 43 3a 44 15 00 6c ffffffd5 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x7efeb4006530 | unwrapped: 9c fa 17 20 93 a1 40 ec 5c 4b fc a4 f7 85 a5 66 | unwrapped: ab 37 a1 3a 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x557c468ef410 (size 80) | prf+N: seed-key@0x557c468ef410 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x557c468ef410 | nss hmac digest hack: symkey-key@0x557c468ef410 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1140162208: 1e 1a ffffffd7 ffffff91 ffffffdc ffffff91 46 ffffff91 ffffffd6 07 ffffff96 ffffffa7 7c 67 ffffffb6 01 ffffff88 ffffffb8 ffffffcb ffffffb3 ffffff8f ffffffe7 ffffffd4 ffffffd8 fffffff6 ffffffb7 35 ffffffaf 6c ffffff87 51 54 ffffffc8 57 ffffff88 ffffffa3 6d ffffff9c ffffffe1 5b ffffffbb ffffff96 05 5c 01 fffffff8 ffffffe6 ffffff9e ffffff9e 19 25 ffffffe6 60 7e 19 53 ffffffaa 5e 43 71 fffffffe ffffffa0 51 ffffff81 3d 20 56 49 5b fffffffe ffffff8d 7a ffffff95 5c 31 ffffffd1 ffffffcd 4b 7b 15 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 80 bytes at 0x7efeb4006330 | unwrapped: 16 e7 be db c1 0a 0f b9 2f 16 03 e3 1c 5f ce e0 | unwrapped: 48 ed c4 b9 8a 65 e1 61 88 9b 1f 5a af be 0b 0f | unwrapped: f7 34 4b 0d b9 c1 88 48 af 92 5e 42 75 1d 74 ba | unwrapped: 30 fa c7 aa 2b 61 2f b2 56 d7 33 71 72 82 9b 21 | unwrapped: 3d 05 88 93 fe 15 a1 2e 0c f2 36 c3 98 49 00 79 | prf+N PRF sha update N++-byte@0x7 (7) | 07 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efebc0a8520 | result: final-key@0x7efeb4006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efeb4006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebc0a8508 | result: final-key@0x7efe9c006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efeb4006900 | prf+N PRF sha final-key@0x7efe9c006450 (size 20) | prf+N: key-key@0x7efe9c006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7efeac0069f0 (120-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7efebc0a8598 | result: result-key@0x7efeb4006900 (140-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7efeac0069f0 | prfplus: release old_t[N]-key@0x557c468ef2a0 | prfplus: release old_t[final]-key@0x7efe9c006450 | ike_sa_keymat: release data-key@0x557c468ef410 | calc_skeyseed_v2: release skeyseed_k-key@0x7efe9c00bdb0 | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efeb4006900 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebc0a8738 | result: result-key@0x7efe9c00bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 20, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efeb4006900 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebc0a8738 | result: result-key@0x557c468ef410 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 40, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efeb4006900 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebc0a8738 | result: result-key@0x7efe9c006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 60, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x7efeb4006900 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebc0a8748 | result: SK_ei_k-key@0x557c468ef2a0 (16-bytes, AES_CBC) | initiator salt NULL key has no bytes | calc_skeyseed_v2: release initiator-salt-key-key@NULL | key-offset: 76, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x7efeb4006900 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebc0a8748 | result: SK_er_k-key@0x7efeac0069f0 (16-bytes, AES_CBC) | responder salt NULL key has no bytes | calc_skeyseed_v2: release responder-salt-key-key@NULL | key-offset: 92, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efeb4006900 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebc0a8748 | result: result-key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 20 bytes of key@0x557c468d7990 | chunk_SK_pi: symkey-key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1717986848: 2c ffffffd3 ffffffe3 ffffff9b ffffffd5 ffffff98 ffffffa2 ffffffac 11 50 56 1f 5e ffffffa0 ffffffa7 ffffffdb 5a ffffffe3 46 43 ffffff8f 48 ffffff9c 70 52 13 07 ffffffa8 63 ffffffd0 42 ffffff9b | chunk_SK_pi: release slot-key-key@0x557c468d1160 | chunk_SK_pi extracted len 32 bytes at 0x7efeb4006880 | unwrapped: c2 d6 f3 3b ad 90 44 12 9c fa 17 20 93 a1 40 ec | unwrapped: 5c 4b fc a4 00 00 00 00 00 00 00 00 00 00 00 00 | key-offset: 112, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efeb4006900 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebc0a8748 | result: result-key@0x7efeac00eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 20 bytes of key@0x7efeac00eec0 | chunk_SK_pr: symkey-key@0x7efeac00eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1717986848: ffffff84 ffffff90 09 ffffff89 ffffffc3 ffffff97 ffffffe0 ffffff9f 1d 63 43 01 1b ffffffa0 ffffffbc ffffffb4 74 5b ffffffe5 ffffffb9 ffffffbe ffffff94 0c ffffff9f ffffffa1 7d ffffffe1 56 64 1e ffffffd2 ffffffd8 | chunk_SK_pr: release slot-key-key@0x557c468d1160 | chunk_SK_pr extracted len 32 bytes at 0x7efeb4006480 | unwrapped: f7 85 a5 66 ab 37 a1 3a f3 b9 05 77 3b 01 48 68 | unwrapped: 61 16 fb e5 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x7efeb4006900 | calc_skeyseed_v2 pointers: shared-key@0x7efe9c00eee0, SK_d-key@0x7efe9c00bdb0, SK_ai-key@0x557c468ef410, SK_ar-key@0x7efe9c006450, SK_ei-key@0x557c468ef2a0, SK_er-key@0x7efeac0069f0, SK_pi-key@0x557c468d7990, SK_pr-key@0x7efeac00eec0 | calc_skeyseed_v2 initiator salt | | calc_skeyseed_v2 responder salt | | calc_skeyseed_v2 SK_pi | c2 d6 f3 3b ad 90 44 12 9c fa 17 20 93 a1 40 ec | 5c 4b fc a4 | calc_skeyseed_v2 SK_pr | f7 85 a5 66 ab 37 a1 3a f3 b9 05 77 3b 01 48 68 | 61 16 fb e5 | crypto helper 1 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 8 time elapsed 0.003049 seconds | (#9) spent 3.04 milliseconds in crypto helper computing work-order 8: ikev2_inI2outR2 KE (pcr) | crypto helper 1 sending results from work-order 8 for state #9 to event queue | scheduling resume sending helper answer for #9 | libevent_malloc: new ptr-libevent@0x7efeb4006720 size 128 | crypto helper 1 waiting (nothing to do) | processing resume sending helper answer for #9 | start processing: state #9 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 1 replies to request ID 8 | calling continuation function 0x557c447f4630 | ikev2_parent_inI2outR2_continue for #9: calculating g^{xy}, sending R2 | DH secret MODP2048@0x7efea0000d60: transferring ownership from helper IKEv2 DH to state #9 | finish_dh_v2: release st_shared_nss-key@NULL | #9 in state PARENT_R1: received v2I1, sent v2R1 | hmac PRF sha init symkey-key@0x557c468ef410 (size 20) | hmac: symkey-key@0x557c468ef410 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x557c468ef410 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f58c28 | result: clone-key@0x7efeb4006900 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x557c468d06c0 from symkey-key@0x7efeb4006900 | hmac prf: begin sha with context 0x557c468d06c0 from symkey-key@0x7efeb4006900 | hmac: release clone-key@0x7efeb4006900 | hmac PRF sha crypt-prf@0x557c468ed880 | hmac PRF sha update data-bytes@0x557c46842c20 (length 208) | 3d 05 88 93 fe 15 a1 2e 0c f2 36 c3 98 49 00 79 | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | fb 4e 77 f6 ee b9 c5 6a b8 fa 89 a8 96 55 f9 1c | af 4a ec e1 2c bd 53 06 e8 12 f2 8a 33 67 8c 22 | 4e f9 58 61 f0 dd b8 bf 17 ed 5d 92 0e 13 12 5b | 61 a2 57 aa a0 80 c4 5e f8 ac b7 37 18 f7 97 a0 | 3f 27 75 81 8c de 88 df 12 7a b3 9d 34 a7 01 4f | 54 46 93 df 6c 4b 37 8c f9 22 d7 30 7d 50 76 56 | 88 c0 b1 1b 0f 4c 6d 04 c4 35 74 e9 2a b0 da e2 | 4e d0 e4 09 06 00 ca 11 08 09 f6 48 9b 5b 54 ab | bf 80 b4 cd 36 b3 67 0f 14 6b e0 28 13 57 05 81 | 34 c4 1e 20 c8 d2 3c fb ab 50 ac c1 71 ef 22 f6 | 42 34 de a1 6a 19 6f 91 c6 d3 5e ae 63 a2 e7 19 | hmac PRF sha final-bytes@0x7fff72f58df0 (length 20) | e6 74 e8 b3 6b fc ee 0f ae 4b c0 21 e2 c4 ad 36 | 2a 71 f2 a8 | data for hmac: 3d 05 88 93 fe 15 a1 2e 0c f2 36 c3 98 49 00 79 | data for hmac: 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | data for hmac: fb 4e 77 f6 ee b9 c5 6a b8 fa 89 a8 96 55 f9 1c | data for hmac: af 4a ec e1 2c bd 53 06 e8 12 f2 8a 33 67 8c 22 | data for hmac: 4e f9 58 61 f0 dd b8 bf 17 ed 5d 92 0e 13 12 5b | data for hmac: 61 a2 57 aa a0 80 c4 5e f8 ac b7 37 18 f7 97 a0 | data for hmac: 3f 27 75 81 8c de 88 df 12 7a b3 9d 34 a7 01 4f | data for hmac: 54 46 93 df 6c 4b 37 8c f9 22 d7 30 7d 50 76 56 | data for hmac: 88 c0 b1 1b 0f 4c 6d 04 c4 35 74 e9 2a b0 da e2 | data for hmac: 4e d0 e4 09 06 00 ca 11 08 09 f6 48 9b 5b 54 ab | data for hmac: bf 80 b4 cd 36 b3 67 0f 14 6b e0 28 13 57 05 81 | data for hmac: 34 c4 1e 20 c8 d2 3c fb ab 50 ac c1 71 ef 22 f6 | data for hmac: 42 34 de a1 6a 19 6f 91 c6 d3 5e ae 63 a2 e7 19 | calculated auth: e6 74 e8 b3 6b fc ee 0f ae 4b c0 21 | provided auth: e6 74 e8 b3 6b fc ee 0f ae 4b c0 21 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | fb 4e 77 f6 ee b9 c5 6a b8 fa 89 a8 96 55 f9 1c | payload before decryption: | af 4a ec e1 2c bd 53 06 e8 12 f2 8a 33 67 8c 22 | 4e f9 58 61 f0 dd b8 bf 17 ed 5d 92 0e 13 12 5b | 61 a2 57 aa a0 80 c4 5e f8 ac b7 37 18 f7 97 a0 | 3f 27 75 81 8c de 88 df 12 7a b3 9d 34 a7 01 4f | 54 46 93 df 6c 4b 37 8c f9 22 d7 30 7d 50 76 56 | 88 c0 b1 1b 0f 4c 6d 04 c4 35 74 e9 2a b0 da e2 | 4e d0 e4 09 06 00 ca 11 08 09 f6 48 9b 5b 54 ab | bf 80 b4 cd 36 b3 67 0f 14 6b e0 28 13 57 05 81 | 34 c4 1e 20 c8 d2 3c fb ab 50 ac c1 71 ef 22 f6 | 42 34 de a1 6a 19 6f 91 c6 d3 5e ae 63 a2 e7 19 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c | 02 00 00 00 65 61 73 74 21 00 00 1c 02 00 00 00 | d8 ad a4 0d 99 fa c5 3e 8c 94 6f 6b 1d 79 80 3b | e0 02 d5 a7 2c 00 00 30 00 00 00 2c 01 03 04 03 | e1 7d 93 b3 03 00 00 10 01 00 00 0c 80 0e 00 80 | 80 0e 00 80 03 00 00 08 03 00 00 02 00 00 00 08 | 05 00 00 00 2d 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 01 00 c0 00 01 ff 00 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 02 00 | c0 00 02 ff 00 01 02 03 04 05 06 07 08 09 0a 0b | stripping 12 octets as pad | #9 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) | **parse IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2IDr (0x24) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDi (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) | **parse IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDr (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) | **parse IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | length: 28 (0x1c) | auth method: IKEv2_AUTH_SHARED (0x2) | processing payload: ISAKMP_NEXT_v2AUTH (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | **parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) | **parse IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSi (len=16) | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) | **parse IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSr (len=16) | selected state microcode Responder: process IKE_AUTH request | Now let's proceed with state specific processing | calling processor Responder: process IKE_AUTH request "east" #9: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr} | #9 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) | received IDr payload - extracting our alleged ID | refine_host_connection for IKEv2: starting with "east" | match_id a=@west | b=@west | results matched | refine_host_connection: checking "east" against "east", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0)) | Warning: not switching back to template of current instance | Peer expects us to be @east (ID_FQDN) according to its IDr payload | This connection's local id is @east (ID_FQDN) | refine_host_connection: checked east against east, now for see if best | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x557c468dd5e0 (line=1) | concluding with best_match=014 best=0x557c468dd5e0 (lineno=1) | returning because exact peer id match | offered CA: '%none' "east" #9: IKEv2 mode peer ID is ID_FQDN: '@west' | hmac PRF sha init symkey-key@0x557c468d7990 (size 20) | hmac: symkey-key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f58698 | result: clone-key@0x7efeb4006900 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x557c468d06c0 from symkey-key@0x7efeb4006900 | hmac prf: begin sha with context 0x557c468d06c0 from symkey-key@0x7efeb4006900 | hmac: release clone-key@0x7efeb4006900 | hmac PRF sha crypt-prf@0x557c468ea9d0 | idhash verify I2 02 00 00 00 77 65 73 74 | hmac PRF sha update data-bytes@0x557c46842c54 (length 8) | 02 00 00 00 77 65 73 74 | hmac PRF sha final-bytes@0x7fff72f58850 (length 20) | d2 d4 73 97 ac 7d 90 93 59 70 45 44 1f 1d 8d b2 | 7a 1b ed cf | verifying AUTH payload | ikev2_calculate_psk_sighash() called from STATE_PARENT_R1 to verify PSK with authby=secret | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x557c468dd5e0 (line=1) | concluding with best_match=014 best=0x557c468dd5e0 (lineno=1) | inputs to hash1 (first packet) | 3d 05 88 93 fe 15 a1 2e 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 3d 34 7f 0f d5 ee 3c db 09 82 c9 2a | 8b 2f 57 8b 2b 82 fb 18 6e 10 a3 9e 88 a3 e9 04 | 0d 1b 7a 73 1a a6 61 68 05 04 9f 5a f4 49 c8 6e | 9c da c2 7a 6b a7 4c a3 28 a2 40 b8 bf f5 49 65 | 79 a3 d9 c0 f0 31 90 16 c8 d9 19 d8 df 90 3a 2e | 3b 96 b9 3c f3 62 f7 b2 12 a3 2b 82 07 e1 42 94 | d2 65 6b e9 d0 d1 c9 6a 11 41 3c 84 91 f9 10 7f | 2d 1b 74 22 bd b1 d4 29 dc db a8 4b b4 99 08 62 | 37 df 82 31 22 dd 2a 62 23 31 3d 55 71 21 9e 02 | e3 19 93 33 1f 32 76 64 86 25 d8 6f 99 2f 5c 96 | c4 34 1f fe ce 6e 8e 63 4d 2b f6 b1 c6 79 7f d0 | 93 d6 10 c2 e8 99 ba d0 c3 8e 56 b7 ce 27 30 7c | 57 e6 5b 13 a0 a5 2c 0b 78 19 4f 16 40 b5 31 e7 | a9 07 d3 cd af e0 a6 dd 27 af 6f be d9 94 31 75 | be 4c 6a c7 4f dc 8d 4a 95 cf f6 5e d4 c7 e4 38 | 88 96 4c dc 53 0f 78 f4 3e e0 c5 3f 6b 3a 5d 3c | 36 4f 59 f7 29 00 00 24 16 e7 be db c1 0a 0f b9 | 2f 16 03 e3 1c 5f ce e0 48 ed c4 b9 8a 65 e1 61 | 88 9b 1f 5a af be 0b 0f 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 b8 6a e8 e2 1d 5a f4 dd | 23 da 69 cf e8 30 cc 76 c6 0f 8b 4d 00 00 00 1c | 00 00 40 05 55 a4 66 8b e1 77 c3 77 5b da 0b a2 | 71 da b7 89 8f ea cc 6a | verify: initiator inputs to hash2 (responder nonce) | f7 34 4b 0d b9 c1 88 48 af 92 5e 42 75 1d 74 ba | 30 fa c7 aa 2b 61 2f b2 56 d7 33 71 72 82 9b 21 | idhash d2 d4 73 97 ac 7d 90 93 59 70 45 44 1f 1d 8d b2 | idhash 7a 1b ed cf | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x557c468e7dc0 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f584a0 | result: shared secret-key@0x7efea8006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x7efea8006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f58488 | result: shared secret-key@0x7efeb4006900 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x7efea8006900 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x557c468d06c0 from shared secret-key@0x7efeb4006900 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x557c468d06c0 from shared secret-key@0x7efeb4006900 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7efeb4006900 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x557c468ed880 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x557c44887bb0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f584c0 | result: final-key@0x7efea8006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efea8006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f584a8 | result: final-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efea8006900 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7efeb4006900 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7efeb4006900 (size 20) | = prf(, ): -key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f584b8 | result: clone-key@0x7efea8006900 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x557c468d06c0 from -key@0x7efea8006900 | = prf(, ) prf: begin sha with context 0x557c468d06c0 from -key@0x7efea8006900 | = prf(, ): release clone-key@0x7efea8006900 | = prf(, ) PRF sha crypt-prf@0x557c468f0e90 | = prf(, ) PRF sha update first-packet-bytes@0x557c468ed2b0 (length 440) | 3d 05 88 93 fe 15 a1 2e 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 3d 34 7f 0f d5 ee 3c db 09 82 c9 2a | 8b 2f 57 8b 2b 82 fb 18 6e 10 a3 9e 88 a3 e9 04 | 0d 1b 7a 73 1a a6 61 68 05 04 9f 5a f4 49 c8 6e | 9c da c2 7a 6b a7 4c a3 28 a2 40 b8 bf f5 49 65 | 79 a3 d9 c0 f0 31 90 16 c8 d9 19 d8 df 90 3a 2e | 3b 96 b9 3c f3 62 f7 b2 12 a3 2b 82 07 e1 42 94 | d2 65 6b e9 d0 d1 c9 6a 11 41 3c 84 91 f9 10 7f | 2d 1b 74 22 bd b1 d4 29 dc db a8 4b b4 99 08 62 | 37 df 82 31 22 dd 2a 62 23 31 3d 55 71 21 9e 02 | e3 19 93 33 1f 32 76 64 86 25 d8 6f 99 2f 5c 96 | c4 34 1f fe ce 6e 8e 63 4d 2b f6 b1 c6 79 7f d0 | 93 d6 10 c2 e8 99 ba d0 c3 8e 56 b7 ce 27 30 7c | 57 e6 5b 13 a0 a5 2c 0b 78 19 4f 16 40 b5 31 e7 | a9 07 d3 cd af e0 a6 dd 27 af 6f be d9 94 31 75 | be 4c 6a c7 4f dc 8d 4a 95 cf f6 5e d4 c7 e4 38 | 88 96 4c dc 53 0f 78 f4 3e e0 c5 3f 6b 3a 5d 3c | 36 4f 59 f7 29 00 00 24 16 e7 be db c1 0a 0f b9 | 2f 16 03 e3 1c 5f ce e0 48 ed c4 b9 8a 65 e1 61 | 88 9b 1f 5a af be 0b 0f 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 b8 6a e8 e2 1d 5a f4 dd | 23 da 69 cf e8 30 cc 76 c6 0f 8b 4d 00 00 00 1c | 00 00 40 05 55 a4 66 8b e1 77 c3 77 5b da 0b a2 | 71 da b7 89 8f ea cc 6a | = prf(, ) PRF sha update nonce-bytes@0x7efea0002af0 (length 32) | f7 34 4b 0d b9 c1 88 48 af 92 5e 42 75 1d 74 ba | 30 fa c7 aa 2b 61 2f b2 56 d7 33 71 72 82 9b 21 | = prf(, ) PRF sha update hash-bytes@0x7fff72f58850 (length 20) | d2 d4 73 97 ac 7d 90 93 59 70 45 44 1f 1d 8d b2 | 7a 1b ed cf | = prf(, ) PRF sha final-chunk@0x557c468ea9d0 (length 20) | d8 ad a4 0d 99 fa c5 3e 8c 94 6f 6b 1d 79 80 3b | e0 02 d5 a7 | psk_auth: release prf-psk-key@0x7efeb4006900 | Received PSK auth octets | d8 ad a4 0d 99 fa c5 3e 8c 94 6f 6b 1d 79 80 3b | e0 02 d5 a7 | Calculated PSK auth octets | d8 ad a4 0d 99 fa c5 3e 8c 94 6f 6b 1d 79 80 3b | e0 02 d5 a7 "east" #9: Authenticated using authby=secret | parent state #9: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA) | #9 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) | state #9 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7efea40060f0 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7efea0002b20 | event_schedule: new EVENT_SA_REKEY-pe@0x7efea0002b20 | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #9 | libevent_malloc: new ptr-libevent@0x7efea40060f0 size 128 | pstats #9 ikev2.ike established | **emit ISAKMP Message: | initiator cookie: | 3d 05 88 93 fe 15 a1 2e | responder cookie: | 0c f2 36 c3 98 49 00 79 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | hmac PRF sha init symkey-key@0x7efeac00eec0 (size 20) | hmac: symkey-key@0x7efeac00eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efeac00eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f58008 | result: clone-key@0x7efeb4006900 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x557c468d06c0 from symkey-key@0x7efeb4006900 | hmac prf: begin sha with context 0x557c468d06c0 from symkey-key@0x7efeb4006900 | hmac: release clone-key@0x7efeb4006900 | hmac PRF sha crypt-prf@0x557c468f2830 | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload | my identity 65 61 73 74 | emitting length of IKEv2 Identification - Responder - Payload: 12 | idhash calc R2 02 00 00 00 65 61 73 74 | hmac PRF sha update data-bytes@0x557c448f3974 (length 8) | 02 00 00 00 65 61 73 74 | hmac PRF sha final-bytes@0x7fff72f58310 (length 20) | cc a0 58 95 71 b8 9e 25 99 42 c4 8b 83 e9 0a f7 | 11 80 57 82 | assembled IDr payload | CHILD SA proposals received | going to assemble AUTH payload | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | auth method: IKEv2_AUTH_SHARED (0x2) | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_R2 to create PSK with authby=secret | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x557c468dd5e0 (line=1) | concluding with best_match=014 best=0x557c468dd5e0 (lineno=1) | inputs to hash1 (first packet) | 3d 05 88 93 fe 15 a1 2e 0c f2 36 c3 98 49 00 79 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 2d 0c f2 be 24 46 6e 43 85 05 d2 40 | d8 37 42 ef e6 e2 50 ee 07 28 a8 23 7c 61 6c a3 | ad 08 82 41 57 5f 4d b8 07 86 ea 0b b1 be 25 d4 | f9 13 ec 11 00 9c 62 9e 3e 75 65 73 a8 4f 63 2a | 8b 11 eb 05 85 d6 7d 52 14 8e da 23 e3 bc 71 03 | 68 2d b1 4a 2b 19 7b b4 0a 5b 97 a7 d4 e0 b5 b0 | 04 16 0b ff b9 07 0f 1f 21 2d a0 31 2d 67 86 a7 | 93 01 fd 19 c4 7e e5 c3 50 7b 3c c7 31 0a e3 fe | aa d6 5d eb 73 4a 88 05 91 b7 e2 a0 1f 02 13 d5 | 2c f9 43 a5 1e 0b 35 11 ca 86 c7 a6 f5 5e f0 0e | 6a 8a ef 21 5c 07 77 3b dc 8f 93 36 04 5a 75 1c | d8 36 9f 17 d3 e1 0b 3e 91 64 52 ca 86 9c da de | ba d2 52 99 ce 22 07 cc 7a be 9f f9 e1 9e 4a 0b | 67 b8 da c2 ed af 8c 83 1e 23 6c 21 55 a5 b0 14 | 75 be e3 f5 70 4c 4a 23 ea 0e 86 8a eb a7 db 43 | 5c 42 ed 6d db 4d 5a 86 ac 71 8f 7a eb e9 30 d7 | 8d 52 4a 4e 29 00 00 24 f7 34 4b 0d b9 c1 88 48 | af 92 5e 42 75 1d 74 ba 30 fa c7 aa 2b 61 2f b2 | 56 d7 33 71 72 82 9b 21 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 a0 49 27 fc 82 1d 21 9e | b4 4a 57 7c 55 d0 45 10 10 5f 71 85 00 00 00 1c | 00 00 40 05 54 a4 71 5f ae 08 f4 6b d1 a6 8a d5 | da 40 71 4a e5 8a 25 26 | create: responder inputs to hash2 (initiator nonce) | 16 e7 be db c1 0a 0f b9 2f 16 03 e3 1c 5f ce e0 | 48 ed c4 b9 8a 65 e1 61 88 9b 1f 5a af be 0b 0f | idhash cc a0 58 95 71 b8 9e 25 99 42 c4 8b 83 e9 0a f7 | idhash 11 80 57 82 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x557c468e7dc0 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f57e00 | result: shared secret-key@0x7efea8006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x7efea8006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57de8 | result: shared secret-key@0x7efeb4006900 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x7efea8006900 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x557c468d06c0 from shared secret-key@0x7efeb4006900 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x557c468d06c0 from shared secret-key@0x7efeb4006900 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7efeb4006900 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x557c468ea9d0 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x557c44887bb0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f57e20 | result: final-key@0x7efea8006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efea8006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57e08 | result: final-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efea8006900 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7efeb4006900 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7efeb4006900 (size 20) | = prf(, ): -key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57e18 | result: clone-key@0x7efea8006900 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x557c468d06c0 from -key@0x7efea8006900 | = prf(, ) prf: begin sha with context 0x557c468d06c0 from -key@0x7efea8006900 | = prf(, ): release clone-key@0x7efea8006900 | = prf(, ) PRF sha crypt-prf@0x557c468ed880 | = prf(, ) PRF sha update first-packet-bytes@0x557c468f5ad0 (length 440) | 3d 05 88 93 fe 15 a1 2e 0c f2 36 c3 98 49 00 79 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 2d 0c f2 be 24 46 6e 43 85 05 d2 40 | d8 37 42 ef e6 e2 50 ee 07 28 a8 23 7c 61 6c a3 | ad 08 82 41 57 5f 4d b8 07 86 ea 0b b1 be 25 d4 | f9 13 ec 11 00 9c 62 9e 3e 75 65 73 a8 4f 63 2a | 8b 11 eb 05 85 d6 7d 52 14 8e da 23 e3 bc 71 03 | 68 2d b1 4a 2b 19 7b b4 0a 5b 97 a7 d4 e0 b5 b0 | 04 16 0b ff b9 07 0f 1f 21 2d a0 31 2d 67 86 a7 | 93 01 fd 19 c4 7e e5 c3 50 7b 3c c7 31 0a e3 fe | aa d6 5d eb 73 4a 88 05 91 b7 e2 a0 1f 02 13 d5 | 2c f9 43 a5 1e 0b 35 11 ca 86 c7 a6 f5 5e f0 0e | 6a 8a ef 21 5c 07 77 3b dc 8f 93 36 04 5a 75 1c | d8 36 9f 17 d3 e1 0b 3e 91 64 52 ca 86 9c da de | ba d2 52 99 ce 22 07 cc 7a be 9f f9 e1 9e 4a 0b | 67 b8 da c2 ed af 8c 83 1e 23 6c 21 55 a5 b0 14 | 75 be e3 f5 70 4c 4a 23 ea 0e 86 8a eb a7 db 43 | 5c 42 ed 6d db 4d 5a 86 ac 71 8f 7a eb e9 30 d7 | 8d 52 4a 4e 29 00 00 24 f7 34 4b 0d b9 c1 88 48 | af 92 5e 42 75 1d 74 ba 30 fa c7 aa 2b 61 2f b2 | 56 d7 33 71 72 82 9b 21 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 a0 49 27 fc 82 1d 21 9e | b4 4a 57 7c 55 d0 45 10 10 5f 71 85 00 00 00 1c | 00 00 40 05 54 a4 71 5f ae 08 f4 6b d1 a6 8a d5 | da 40 71 4a e5 8a 25 26 | = prf(, ) PRF sha update nonce-bytes@0x7efea8002af0 (length 32) | 16 e7 be db c1 0a 0f b9 2f 16 03 e3 1c 5f ce e0 | 48 ed c4 b9 8a 65 e1 61 88 9b 1f 5a af be 0b 0f | = prf(, ) PRF sha update hash-bytes@0x7fff72f58310 (length 20) | cc a0 58 95 71 b8 9e 25 99 42 c4 8b 83 e9 0a f7 | 11 80 57 82 | = prf(, ) PRF sha final-chunk@0x557c468f2830 (length 20) | 65 5f e5 68 e0 3e ef 83 6a 28 f8 36 ba f9 c4 7f | 48 3c d2 24 | psk_auth: release prf-psk-key@0x7efeb4006900 | PSK auth octets 65 5f e5 68 e0 3e ef 83 6a 28 f8 36 ba f9 c4 7f | PSK auth octets 48 3c d2 24 | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth 65 5f e5 68 e0 3e ef 83 6a 28 f8 36 ba f9 c4 7f | PSK auth 48 3c d2 24 | emitting length of IKEv2 Authentication Payload: 28 | creating state object #10 at 0x557c468fb1d0 | State DB: adding IKEv2 state #10 in UNDEFINED | pstats #10 ikev2.child started | duplicating state object #9 "east" as #10 for IPSEC SA | #10 setting local endpoint to 192.1.2.23:500 from #9.st_localport (in duplicate_state() at state.c:1481) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x7efe9c00bdb0 | duplicate_state: reference st_skey_ai_nss-key@0x557c468ef410 | duplicate_state: reference st_skey_ar_nss-key@0x7efe9c006450 | duplicate_state: reference st_skey_ei_nss-key@0x557c468ef2a0 | duplicate_state: reference st_skey_er_nss-key@0x7efeac0069f0 | duplicate_state: reference st_skey_pi_nss-key@0x557c468d7990 | duplicate_state: reference st_skey_pr_nss-key@0x7efeac00eec0 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #9.#10; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #9 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1 | Message ID: switch-to #9.#10 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1 | Child SA TS Request has ike->sa == md->st; so using parent connection | TSi: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 01 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 01 ff | TSi: parsed 1 traffic selectors | TSr: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 02 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 02 ff | TSr: parsed 1 traffic selectors | looking for best SPD in current connection | evaluating our conn="east" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | found better spd route for TSi[0],TSr[0] | looking for better host pair | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | checking hostpair 192.0.2.0/24:0 -> 192.0.1.0/24:0 is found | investigating connection "east" as a better match | match_id a=@west | b=@west | results matched | evaluating our conn="east" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | did not find a better connection using host pair | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV4_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.2.0-192.0.2.255 | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV4_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.1.0-192.0.1.255 | using existing local ESP/AH proposals for east (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED 2:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 0 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 1 transforms | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 0 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 1 transforms | local proposal 2 transforms: required: ENCR+INTEG+ESN; optional: DH | ***parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI | remote SPI e1 7d 93 b3 | Comparing remote proposal 1 containing 3 transforms against local proposal [1..2] of 2 local proposals | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 16 (0x10) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | *****parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | *****parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN | remote proposal 1 matches local proposal 1 "east" #9: proposal 1:ESP:SPI=e17d93b3;ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED[first-match] | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=e17d93b3;ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: NONE=0, found NONE | netlink_get_spi: allocated 0x4efeef28 for esp.0@192.1.2.23 | Emitting ikev2_proposal ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 4e fe ef 28 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 40 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 44 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 00 01 00 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 00 01 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 00 02 00 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 00 02 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | integ=sha: .key_size=20 encrypt=aes: .key_size=16 .salt_size=0 keymat_len=36 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f57e90 | result: data=Ni-key@0x7efea8006900 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x7efea8006900 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57e78 | result: data=Ni-key@0x7efeb4006900 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x7efea8006900 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7efeb4006900 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff72f57e80 | result: data+=Nr-key@0x7efea8006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x7efeb4006900 | prf+0 PRF sha init key-key@0x7efe9c00bdb0 (size 20) | prf+0: key-key@0x7efe9c00bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efe9c00bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57da8 | result: clone-key@0x7efeb4006900 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x557c468d06c0 from key-key@0x7efeb4006900 | prf+0 prf: begin sha with context 0x557c468d06c0 from key-key@0x7efeb4006900 | prf+0: release clone-key@0x7efeb4006900 | prf+0 PRF sha crypt-prf@0x557c468f0e90 | prf+0 PRF sha update seed-key@0x7efea8006900 (size 64) | prf+0: seed-key@0x7efea8006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7efea8006900 | nss hmac digest hack: symkey-key@0x7efea8006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1928690160: 1e 1a ffffffd7 ffffff91 ffffffdc ffffff91 46 ffffff91 ffffffd6 07 ffffff96 ffffffa7 7c 67 ffffffb6 01 ffffff88 ffffffb8 ffffffcb ffffffb3 ffffff8f ffffffe7 ffffffd4 ffffffd8 fffffff6 ffffffb7 35 ffffffaf 6c ffffff87 51 54 ffffffc8 57 ffffff88 ffffffa3 6d ffffff9c ffffffe1 5b ffffffbb ffffff96 05 5c 01 fffffff8 ffffffe6 ffffff9e ffffff9e 19 25 ffffffe6 60 7e 19 53 ffffffaa 5e 43 71 fffffffe ffffffa0 51 ffffff81 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 64 bytes at 0x557c468f0b70 | unwrapped: 16 e7 be db c1 0a 0f b9 2f 16 03 e3 1c 5f ce e0 | unwrapped: 48 ed c4 b9 8a 65 e1 61 88 9b 1f 5a af be 0b 0f | unwrapped: f7 34 4b 0d b9 c1 88 48 af 92 5e 42 75 1d 74 ba | unwrapped: 30 fa c7 aa 2b 61 2f b2 56 d7 33 71 72 82 9b 21 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f57db0 | result: final-key@0x557c468f27a0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x557c468f27a0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57d98 | result: final-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x557c468f27a0 | prf+0 PRF sha final-key@0x7efeb4006900 (size 20) | prf+0: key-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x7efeb4006900 | prf+N PRF sha init key-key@0x7efe9c00bdb0 (size 20) | prf+N: key-key@0x7efe9c00bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efe9c00bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57da8 | result: clone-key@0x557c468f27a0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x557c468d06c0 from key-key@0x557c468f27a0 | prf+N prf: begin sha with context 0x557c468d06c0 from key-key@0x557c468f27a0 | prf+N: release clone-key@0x557c468f27a0 | prf+N PRF sha crypt-prf@0x557c468ea9d0 | prf+N PRF sha update old_t-key@0x7efeb4006900 (size 20) | prf+N: old_t-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7efeb4006900 | nss hmac digest hack: symkey-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1928690160: ffffffde 15 20 4c fffffff7 07 22 ffffffaf ffffffdf 12 5e ffffffc7 38 ffffffba ffffffcc ffffffc7 35 ffffffa8 7b ffffffb3 fffffffe 14 ffffff9b ffffffd8 15 ffffffc7 4f ffffffe1 ffffff83 fffffffd ffffff93 ffffff88 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x557c468f6060 | unwrapped: 23 9e 41 cc 18 21 ab 8a 59 37 06 17 72 df 77 0f | unwrapped: 7e a6 a8 b2 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7efea8006900 (size 64) | prf+N: seed-key@0x7efea8006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7efea8006900 | nss hmac digest hack: symkey-key@0x7efea8006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1928690160: 1e 1a ffffffd7 ffffff91 ffffffdc ffffff91 46 ffffff91 ffffffd6 07 ffffff96 ffffffa7 7c 67 ffffffb6 01 ffffff88 ffffffb8 ffffffcb ffffffb3 ffffff8f ffffffe7 ffffffd4 ffffffd8 fffffff6 ffffffb7 35 ffffffaf 6c ffffff87 51 54 ffffffc8 57 ffffff88 ffffffa3 6d ffffff9c ffffffe1 5b ffffffbb ffffff96 05 5c 01 fffffff8 ffffffe6 ffffff9e ffffff9e 19 25 ffffffe6 60 7e 19 53 ffffffaa 5e 43 71 fffffffe ffffffa0 51 ffffff81 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 64 bytes at 0x557c468e8830 | unwrapped: 16 e7 be db c1 0a 0f b9 2f 16 03 e3 1c 5f ce e0 | unwrapped: 48 ed c4 b9 8a 65 e1 61 88 9b 1f 5a af be 0b 0f | unwrapped: f7 34 4b 0d b9 c1 88 48 af 92 5e 42 75 1d 74 ba | unwrapped: 30 fa c7 aa 2b 61 2f b2 56 d7 33 71 72 82 9b 21 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f57db0 | result: final-key@0x7efe9c009e40 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efe9c009e40 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57d98 | result: final-key@0x557c468f27a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efe9c009e40 | prf+N PRF sha final-key@0x557c468f27a0 (size 20) | prf+N: key-key@0x557c468f27a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff72f57e28 | result: result-key@0x7efe9c009e40 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7efeb4006900 | prfplus: release old_t[N]-key@0x7efeb4006900 | prf+N PRF sha init key-key@0x7efe9c00bdb0 (size 20) | prf+N: key-key@0x7efe9c00bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efe9c00bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57da8 | result: clone-key@0x7efeb4006900 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x557c468d06c0 from key-key@0x7efeb4006900 | prf+N prf: begin sha with context 0x557c468d06c0 from key-key@0x7efeb4006900 | prf+N: release clone-key@0x7efeb4006900 | prf+N PRF sha crypt-prf@0x557c468ed880 | prf+N PRF sha update old_t-key@0x557c468f27a0 (size 20) | prf+N: old_t-key@0x557c468f27a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x557c468f27a0 | nss hmac digest hack: symkey-key@0x557c468f27a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1928690160: 2f 2a 13 ffffffa6 5d 3f 10 07 7b 42 fffffff7 ffffff85 55 ffffffc0 ffffffdc 33 ffffffe4 5b ffffffc9 66 4c 5e 5d fffffff5 33 ffffffdc ffffffb5 40 ffffffec 3d 0d 56 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x7efe9c00be60 | unwrapped: ef 0b 9f 52 e2 dd f8 d7 13 8e dd 4e be 74 7b b1 | unwrapped: f6 6f 30 1a 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7efea8006900 (size 64) | prf+N: seed-key@0x7efea8006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7efea8006900 | nss hmac digest hack: symkey-key@0x7efea8006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1928690160: 1e 1a ffffffd7 ffffff91 ffffffdc ffffff91 46 ffffff91 ffffffd6 07 ffffff96 ffffffa7 7c 67 ffffffb6 01 ffffff88 ffffffb8 ffffffcb ffffffb3 ffffff8f ffffffe7 ffffffd4 ffffffd8 fffffff6 ffffffb7 35 ffffffaf 6c ffffff87 51 54 ffffffc8 57 ffffff88 ffffffa3 6d ffffff9c ffffffe1 5b ffffffbb ffffff96 05 5c 01 fffffff8 ffffffe6 ffffff9e ffffff9e 19 25 ffffffe6 60 7e 19 53 ffffffaa 5e 43 71 fffffffe ffffffa0 51 ffffff81 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 64 bytes at 0x557c468e8790 | unwrapped: 16 e7 be db c1 0a 0f b9 2f 16 03 e3 1c 5f ce e0 | unwrapped: 48 ed c4 b9 8a 65 e1 61 88 9b 1f 5a af be 0b 0f | unwrapped: f7 34 4b 0d b9 c1 88 48 af 92 5e 42 75 1d 74 ba | unwrapped: 30 fa c7 aa 2b 61 2f b2 56 d7 33 71 72 82 9b 21 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f57db0 | result: final-key@0x557c468f9700 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x557c468f9700 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57d98 | result: final-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x557c468f9700 | prf+N PRF sha final-key@0x7efeb4006900 (size 20) | prf+N: key-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7efe9c009e40 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff72f57e28 | result: result-key@0x557c468f9700 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7efe9c009e40 | prfplus: release old_t[N]-key@0x557c468f27a0 | prf+N PRF sha init key-key@0x7efe9c00bdb0 (size 20) | prf+N: key-key@0x7efe9c00bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efe9c00bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57da8 | result: clone-key@0x557c468f27a0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x557c468d06c0 from key-key@0x557c468f27a0 | prf+N prf: begin sha with context 0x557c468d06c0 from key-key@0x557c468f27a0 | prf+N: release clone-key@0x557c468f27a0 | prf+N PRF sha crypt-prf@0x557c468ea9d0 | prf+N PRF sha update old_t-key@0x7efeb4006900 (size 20) | prf+N: old_t-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7efeb4006900 | nss hmac digest hack: symkey-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1928690160: ffffffdf 3f 04 ffffff88 2e ffffffe3 ffffffd2 79 ffffffbe 77 ffffffe1 ffffffba 1a 31 27 74 ffffffb3 5b 2b 33 ffffffe1 50 63 ffffff8f 7d ffffffab 0a 60 ffffff9f 79 58 3d | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x7efe9c00be60 | unwrapped: ca 0c f8 b4 d9 ea 90 74 b0 20 51 18 c3 15 2b 6a | unwrapped: b5 b6 9b 0b 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7efea8006900 (size 64) | prf+N: seed-key@0x7efea8006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7efea8006900 | nss hmac digest hack: symkey-key@0x7efea8006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1928690160: 1e 1a ffffffd7 ffffff91 ffffffdc ffffff91 46 ffffff91 ffffffd6 07 ffffff96 ffffffa7 7c 67 ffffffb6 01 ffffff88 ffffffb8 ffffffcb ffffffb3 ffffff8f ffffffe7 ffffffd4 ffffffd8 fffffff6 ffffffb7 35 ffffffaf 6c ffffff87 51 54 ffffffc8 57 ffffff88 ffffffa3 6d ffffff9c ffffffe1 5b ffffffbb ffffff96 05 5c 01 fffffff8 ffffffe6 ffffff9e ffffff9e 19 25 ffffffe6 60 7e 19 53 ffffffaa 5e 43 71 fffffffe ffffffa0 51 ffffff81 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 64 bytes at 0x557c468e87e0 | unwrapped: 16 e7 be db c1 0a 0f b9 2f 16 03 e3 1c 5f ce e0 | unwrapped: 48 ed c4 b9 8a 65 e1 61 88 9b 1f 5a af be 0b 0f | unwrapped: f7 34 4b 0d b9 c1 88 48 af 92 5e 42 75 1d 74 ba | unwrapped: 30 fa c7 aa 2b 61 2f b2 56 d7 33 71 72 82 9b 21 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f57db0 | result: final-key@0x7efe9c009e40 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efe9c009e40 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57d98 | result: final-key@0x557c468f27a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efe9c009e40 | prf+N PRF sha final-key@0x557c468f27a0 (size 20) | prf+N: key-key@0x557c468f27a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c468f9700 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff72f57e28 | result: result-key@0x7efe9c009e40 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x557c468f9700 | prfplus: release old_t[N]-key@0x7efeb4006900 | prfplus: release old_t[final]-key@0x557c468f27a0 | child_sa_keymat: release data-key@0x7efea8006900 | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 36-bytes | base: base-key@0x7efe9c009e40 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57f08 | result: result-key@0x7efea8006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | initiator to responder keys extracting all 36 bytes of key@0x7efea8006900 | initiator to responder keys: symkey-key@0x7efea8006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | initiator to responder keys: new slot-key@0x557c468d1160 (36-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)1717986918: ffffffde 15 20 4c fffffff7 07 22 ffffffaf ffffffdf 12 5e ffffffc7 38 ffffffba ffffffcc ffffffc7 52 ffffffd0 7e ffffffa1 2a ffffffab 70 00 ffffffdd ffffffeb ffffffd9 fffffffb 72 70 ffffff8e fffffff9 ffffffd1 30 3b ffffffe3 ffffff9e fffffff9 20 62 21 ffffffa9 07 56 1d ffffffdb 1f 4a | initiator to responder keys: release slot-key-key@0x557c468d1160 | initiator to responder keys extracted len 48 bytes at 0x557c468ed980 | unwrapped: 23 9e 41 cc 18 21 ab 8a 59 37 06 17 72 df 77 0f | unwrapped: 7e a6 a8 b2 ef 0b 9f 52 e2 dd f8 d7 13 8e dd 4e | unwrapped: be 74 7b b1 00 00 00 00 00 00 00 00 00 00 00 00 | ikev2_derive_child_keys: release ikey-key@0x7efea8006900 | key-offset: 36, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 36-bytes | base: base-key@0x7efe9c009e40 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57f08 | result: result-key@0x7efea8006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | responder to initiator keys: extracting all 36 bytes of key@0x7efea8006900 | responder to initiator keys:: symkey-key@0x7efea8006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | responder to initiator keys:: new slot-key@0x557c468d1160 (36-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)1717986918: 26 ffffffa0 ffffff97 ffffff87 30 65 fffffff9 5c ffffff86 ffffffe7 ffffffc4 ffffff92 ffffffcf 40 07 ffffff99 5a ffffffd9 ffffffcf ffffff84 ffffff9c 07 ffffffab ffffffe5 52 ffffffb6 71 ffffffd5 5a 59 5e ffffffd8 ffffffd0 4f 22 59 ffffffb2 4a 7d 26 fffffff2 57 71 7d ffffffb3 3f ffffffbb 63 | responder to initiator keys:: release slot-key-key@0x557c468d1160 | responder to initiator keys: extracted len 48 bytes at 0x557c468f5de0 | unwrapped: f6 6f 30 1a ca 0c f8 b4 d9 ea 90 74 b0 20 51 18 | unwrapped: c3 15 2b 6a b5 b6 9b 0b d7 4e 30 02 9b 88 7f 69 | unwrapped: 2e c4 20 e2 00 00 00 00 00 00 00 00 00 00 00 00 | ikev2_derive_child_keys: release rkey-key@0x7efea8006900 | ikev2_derive_child_keys: release keymat-key@0x7efe9c009e40 | FOR_EACH_CONNECTION_... in ISAKMP_SA_established | #9 spent 2.55 milliseconds | install_ipsec_sa() for #10: inbound and outbound | could_route called for east (kind=CK_PERMANENT) | FOR_EACH_CONNECTION_... in route_owner | conn east mark 0/00000000, 0/00000000 vs | conn east mark 0/00000000, 0/00000000 | route owner of "east" prospective erouted: self; eroute owner: self | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'east' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.e17d93b3@192.1.2.45 included non-error error | set up outgoing SA, ref=0/0 | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'east' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.4efeef28@192.1.2.23 included non-error error | priority calculation of connection "east" is 0xfe7e7 | add inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | set up incoming SA, ref=0/0 | sr for #10: prospective erouted | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn east mark 0/00000000, 0/00000000 vs | conn east mark 0/00000000, 0/00000000 | route owner of "east" prospective erouted: self; eroute owner: self | route_and_eroute with c: east (next: none) ero:east esr:{(nil)} ro:east rosr:{(nil)} and state: #10 | priority calculation of connection "east" is 0xfe7e7 | eroute_connection replace eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.0@192.1.2.45>tun.0@192.1.2.45 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | running updown command "ipsec _updown" for verb up | command executing up-client | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xe17d93b3 SPI_OUT=0x4ef | popen cmd is 1020 chars long | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFA: | cmd( 80):CE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' : | cmd( 160):PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_M: | cmd( 240):ASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1638: | cmd( 320):8' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_: | cmd( 400):CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK=': | cmd( 480):255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUT: | cmd( 560):O_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKE: | cmd( 640):V2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO: | cmd( 720):_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_IN: | cmd( 800):FO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_: | cmd( 880):CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED=: | cmd( 960):'no' SPI_IN=0xe17d93b3 SPI_OUT=0x4efeef28 ipsec _updown 2>&1: | route_and_eroute: firewall_notified: true | route_and_eroute: instance "east", setting eroute_owner {spd=0x557c468e8eb0,sr=0x557c468e8eb0} to #10 (was #0) (newest_ipsec_sa=#0) | #9 spent 0.515 milliseconds in install_ipsec_sa() | ISAKMP_v2_IKE_AUTH: instance east[0], setting IKEv2 newest_ipsec_sa to #10 (was #0) (spd.eroute=#10) cloned from #9 | adding 12 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 176 | emitting length of ISAKMP Message: 204 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | f2 56 f6 60 57 b1 69 79 e5 8e b7 7e 96 3c b5 09 | data before encryption: | 27 00 00 0c 02 00 00 00 65 61 73 74 21 00 00 1c | 02 00 00 00 65 5f e5 68 e0 3e ef 83 6a 28 f8 36 | ba f9 c4 7f 48 3c d2 24 2c 00 00 2c 00 00 00 28 | 01 03 04 03 4e fe ef 28 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 03 00 00 02 00 00 00 08 | 05 00 00 00 2d 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 01 00 c0 00 01 ff 00 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 02 00 | c0 00 02 ff 00 01 02 03 04 05 06 07 08 09 0a 0b | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 11 98 1b f6 c3 b1 3f 79 81 23 cf e0 28 63 58 29 | 88 b2 59 9c 35 ae 76 72 22 20 7d c3 2a fd 5e 56 | a0 fa fc 58 fc f6 30 20 cc 5e ae ad f3 70 00 f6 | 2b 21 71 a1 8a 9f 3e 27 b9 fc c9 1b 98 53 9a 59 | 4b 19 5f 49 90 ba 70 c4 09 59 dc 78 48 e2 b9 9d | c5 79 eb de f7 5e 40 c2 98 af 95 5d 09 84 47 f2 | 94 6f 72 04 98 63 b3 70 52 d0 e3 84 d5 94 49 a9 | 65 ef ac fc 7a 59 bc 71 59 4c 68 b3 b0 d7 a3 c6 | f3 e1 c1 7c 91 de 37 30 7f 79 64 12 5b bb 6c 9b | hmac PRF sha init symkey-key@0x7efe9c006450 (size 20) | hmac: symkey-key@0x7efe9c006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efe9c006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57f18 | result: clone-key@0x7efe9c009e40 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x557c468d06c0 from symkey-key@0x7efe9c009e40 | hmac prf: begin sha with context 0x557c468d06c0 from symkey-key@0x7efe9c009e40 | hmac: release clone-key@0x7efe9c009e40 | hmac PRF sha crypt-prf@0x557c468ed880 | hmac PRF sha update data-bytes@0x557c448f3940 (length 192) | 3d 05 88 93 fe 15 a1 2e 0c f2 36 c3 98 49 00 79 | 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | f2 56 f6 60 57 b1 69 79 e5 8e b7 7e 96 3c b5 09 | 11 98 1b f6 c3 b1 3f 79 81 23 cf e0 28 63 58 29 | 88 b2 59 9c 35 ae 76 72 22 20 7d c3 2a fd 5e 56 | a0 fa fc 58 fc f6 30 20 cc 5e ae ad f3 70 00 f6 | 2b 21 71 a1 8a 9f 3e 27 b9 fc c9 1b 98 53 9a 59 | 4b 19 5f 49 90 ba 70 c4 09 59 dc 78 48 e2 b9 9d | c5 79 eb de f7 5e 40 c2 98 af 95 5d 09 84 47 f2 | 94 6f 72 04 98 63 b3 70 52 d0 e3 84 d5 94 49 a9 | 65 ef ac fc 7a 59 bc 71 59 4c 68 b3 b0 d7 a3 c6 | f3 e1 c1 7c 91 de 37 30 7f 79 64 12 5b bb 6c 9b | hmac PRF sha final-bytes@0x557c448f3a00 (length 20) | 3e 2e 90 58 4d 5b 22 cd 57 a5 cc 9d c8 fe 2b be | e6 8d eb 46 | data being hmac: 3d 05 88 93 fe 15 a1 2e 0c f2 36 c3 98 49 00 79 | data being hmac: 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | data being hmac: f2 56 f6 60 57 b1 69 79 e5 8e b7 7e 96 3c b5 09 | data being hmac: 11 98 1b f6 c3 b1 3f 79 81 23 cf e0 28 63 58 29 | data being hmac: 88 b2 59 9c 35 ae 76 72 22 20 7d c3 2a fd 5e 56 | data being hmac: a0 fa fc 58 fc f6 30 20 cc 5e ae ad f3 70 00 f6 | data being hmac: 2b 21 71 a1 8a 9f 3e 27 b9 fc c9 1b 98 53 9a 59 | data being hmac: 4b 19 5f 49 90 ba 70 c4 09 59 dc 78 48 e2 b9 9d | data being hmac: c5 79 eb de f7 5e 40 c2 98 af 95 5d 09 84 47 f2 | data being hmac: 94 6f 72 04 98 63 b3 70 52 d0 e3 84 d5 94 49 a9 | data being hmac: 65 ef ac fc 7a 59 bc 71 59 4c 68 b3 b0 d7 a3 c6 | data being hmac: f3 e1 c1 7c 91 de 37 30 7f 79 64 12 5b bb 6c 9b | out calculated auth: | 3e 2e 90 58 4d 5b 22 cd 57 a5 cc 9d | ikev2_parent_inI2outR2_continue_tail returned STF_OK | #9 spent 3.29 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet() | suspend processing: state #9 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | start processing: state #10 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #10 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_OK | IKEv2: transition from state STATE_PARENT_R1 to state STATE_V2_IPSEC_R | child state #10: UNDEFINED(ignore) => V2_IPSEC_R(established CHILD SA) | Message ID: updating counters for #10 to 1 after switching state | Message ID: recv #9.#10 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0->1; child: wip.initiator=-1 wip.responder=1->-1 | Message ID: sent #9.#10 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1 | pstats #10 ikev2.child established "east" #10: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.1.0-192.0.1.255:0-65535 0] | NAT-T: encaps is 'auto' "east" #10: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0xe17d93b3 <0x4efeef28 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) | sending 204 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #9) | 3d 05 88 93 fe 15 a1 2e 0c f2 36 c3 98 49 00 79 | 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | f2 56 f6 60 57 b1 69 79 e5 8e b7 7e 96 3c b5 09 | 11 98 1b f6 c3 b1 3f 79 81 23 cf e0 28 63 58 29 | 88 b2 59 9c 35 ae 76 72 22 20 7d c3 2a fd 5e 56 | a0 fa fc 58 fc f6 30 20 cc 5e ae ad f3 70 00 f6 | 2b 21 71 a1 8a 9f 3e 27 b9 fc c9 1b 98 53 9a 59 | 4b 19 5f 49 90 ba 70 c4 09 59 dc 78 48 e2 b9 9d | c5 79 eb de f7 5e 40 c2 98 af 95 5d 09 84 47 f2 | 94 6f 72 04 98 63 b3 70 52 d0 e3 84 d5 94 49 a9 | 65 ef ac fc 7a 59 bc 71 59 4c 68 b3 b0 d7 a3 c6 | f3 e1 c1 7c 91 de 37 30 7f 79 64 12 5b bb 6c 9b | 3e 2e 90 58 4d 5b 22 cd 57 a5 cc 9d | releasing whack for #10 (sock=fd@-1) | releasing whack and unpending for parent #9 | unpending state #9 connection "east" | #10 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) | event_schedule: new EVENT_SA_REKEY-pe@0x557c468eabb0 | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #10 | libevent_malloc: new ptr-libevent@0x7efea0006900 size 128 | resume sending helper answer for #9 suppresed complete_v2_state_transition() | #9 spent 3.67 milliseconds in resume sending helper answer | stop processing: state #10 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7efeb4006720 | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00359 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00273 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 3d 05 88 93 fe 15 a1 2e 0c f2 36 c3 98 49 00 79 | 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | 4d 1b c4 ed f5 c6 e0 94 05 7f 02 5f 21 47 e6 1f | e6 cf 52 f9 e7 57 5b 2e d4 a3 4f 5f b8 61 21 43 | de a4 07 c2 3f 93 33 ab 1d a2 f4 61 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d 05 88 93 fe 15 a1 2e | responder cookie: | 0c f2 36 c3 98 49 00 79 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 2 (0x2) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request | State DB: found IKEv2 state #9 in PARENT_R2 (find_v2_ike_sa) | start processing: state #9 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #9 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #9 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 | Message ID: #9 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2D (0x2a) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SK (len=44) | Message ID: start-responder #9 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1->2 | #9 in state PARENT_R2: received v2I2, PARENT SA established | hmac PRF sha init symkey-key@0x557c468ef410 (size 20) | hmac: symkey-key@0x557c468ef410 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x557c468ef410 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f58b68 | result: clone-key@0x7efe9c009e40 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x557c468d06c0 from symkey-key@0x7efe9c009e40 | hmac prf: begin sha with context 0x557c468d06c0 from symkey-key@0x7efe9c009e40 | hmac: release clone-key@0x7efe9c009e40 | hmac PRF sha crypt-prf@0x557c468f0e90 | hmac PRF sha update data-bytes@0x557c46868320 (length 64) | 3d 05 88 93 fe 15 a1 2e 0c f2 36 c3 98 49 00 79 | 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | 4d 1b c4 ed f5 c6 e0 94 05 7f 02 5f 21 47 e6 1f | e6 cf 52 f9 e7 57 5b 2e d4 a3 4f 5f b8 61 21 43 | hmac PRF sha final-bytes@0x7fff72f58d30 (length 20) | de a4 07 c2 3f 93 33 ab 1d a2 f4 61 22 0d 16 6e | bc 00 c5 5e | data for hmac: 3d 05 88 93 fe 15 a1 2e 0c f2 36 c3 98 49 00 79 | data for hmac: 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | data for hmac: 4d 1b c4 ed f5 c6 e0 94 05 7f 02 5f 21 47 e6 1f | data for hmac: e6 cf 52 f9 e7 57 5b 2e d4 a3 4f 5f b8 61 21 43 | calculated auth: de a4 07 c2 3f 93 33 ab 1d a2 f4 61 | provided auth: de a4 07 c2 3f 93 33 ab 1d a2 f4 61 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 4d 1b c4 ed f5 c6 e0 94 05 7f 02 5f 21 47 e6 1f | payload before decryption: | e6 cf 52 f9 e7 57 5b 2e d4 a3 4f 5f b8 61 21 43 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 00 00 00 0c 03 04 00 01 e1 7d 93 b3 00 01 02 03 | stripping 4 octets as pad | #9 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2D) | **parse IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 12 (0xc) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | processing payload: ISAKMP_NEXT_v2D (len=4) | selected state microcode R2: process INFORMATIONAL Request | Now let's proceed with state specific processing | calling processor R2: process INFORMATIONAL Request | an informational request should send a response | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness | **emit ISAKMP Message: | initiator cookie: | 3d 05 88 93 fe 15 a1 2e | responder cookie: | 0c f2 36 c3 98 49 00 79 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 2 (0x2) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | parsing 4 raw bytes of IKEv2 Delete Payload into SPI | SPI e1 7d 93 b3 | delete PROTO_v2_ESP SA(0xe17d93b3) | v2 CHILD SA #10 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_R | State DB: found IKEv2 state #10 in V2_IPSEC_R (find_v2_child_sa_by_outbound_spi) | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0xe17d93b3) "east" #9: received Delete SA payload: delete IPsec State #10 now | pstats #10 ikev2.child deleted completed | suspend processing: state #9 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) | start processing: state #10 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #10: deleting other state #10 (STATE_V2_IPSEC_R) aged 0.386s and NOT sending notification | child state #10: V2_IPSEC_R(established CHILD SA) => delete | get_sa_info esp.e17d93b3@192.1.2.45 | get_sa_info esp.4efeef28@192.1.2.23 "east" #10: ESP traffic information: in=84B out=84B | child state #10: V2_IPSEC_R(established CHILD SA) => CHILDSA_DEL(informational) | state #10 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x7efea0006900 | free_event_entry: release EVENT_SA_REKEY-pe@0x557c468eabb0 | running updown command "ipsec _updown" for verb down | command executing down-client | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050847' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xe17d93b3 | popen cmd is 1031 chars long | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTER: | cmd( 80):FACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east: | cmd( 160):' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT: | cmd( 240):_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16: | cmd( 320):388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEE: | cmd( 400):R_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK: | cmd( 480):='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PL: | cmd( 560):UTO_STACK='netkey' PLUTO_ADDTIME='1569050847' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUN: | cmd( 640):NEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMA: | cmd( 720):NENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_: | cmd( 800):PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER: | cmd( 880):='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' : | cmd( 960):VTI_SHARED='no' SPI_IN=0xe17d93b3 SPI_OUT=0x4efeef28 ipsec _updown 2>&1: | shunt_eroute() called for connection 'east' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.2.0/24:0 --0->- 192.0.1.0/24:0 | netlink_shunt_eroute for proto 0, and source 192.0.2.0/24:0 dest 192.0.1.0/24:0 | priority calculation of connection "east" is 0xfe7e7 | IPsec Sa SPD priority set to 1042407 | delete esp.e17d93b3@192.1.2.45 | netlink response for Del SA esp.e17d93b3@192.1.2.45 included non-error error | priority calculation of connection "east" is 0xfe7e7 | delete inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) | raw_eroute result=success | delete esp.4efeef28@192.1.2.23 | netlink response for Del SA esp.4efeef28@192.1.2.23 included non-error error | in connection_discard for connection east | State DB: deleting IKEv2 state #10 in CHILDSA_DEL | child state #10: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #10 from 192.1.2.45:500 (in delete_state() at state.c:1143) | resume processing: state #9 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x7efe9c00bdb0 | delete_state: release st->st_skey_ai_nss-key@0x557c468ef410 | delete_state: release st->st_skey_ar_nss-key@0x7efe9c006450 | delete_state: release st->st_skey_ei_nss-key@0x557c468ef2a0 | delete_state: release st->st_skey_er_nss-key@0x7efeac0069f0 | delete_state: release st->st_skey_pi_nss-key@0x557c468d7990 | delete_state: release st->st_skey_pr_nss-key@0x7efeac00eec0 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload | local SPIs 4e fe ef 28 | emitting length of IKEv2 Delete Payload: 12 | adding 4 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 2e 0f 8f 0e 76 ec 84 b0 a9 33 60 fc ee b3 2e 54 | data before encryption: | 00 00 00 0c 03 04 00 01 4e fe ef 28 00 01 02 03 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | b7 53 54 f7 99 45 cb a1 c7 fe 60 a4 32 ee 6f a9 | hmac PRF sha init symkey-key@0x7efe9c006450 (size 20) | hmac: symkey-key@0x7efe9c006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efe9c006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f58728 | result: clone-key@0x7efe9c009e40 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x557c468d06c0 from symkey-key@0x7efe9c009e40 | hmac prf: begin sha with context 0x557c468d06c0 from symkey-key@0x7efe9c009e40 | hmac: release clone-key@0x7efe9c009e40 | hmac PRF sha crypt-prf@0x557c468f2830 | hmac PRF sha update data-bytes@0x557c448f3940 (length 64) | 3d 05 88 93 fe 15 a1 2e 0c f2 36 c3 98 49 00 79 | 2e 20 25 20 00 00 00 02 00 00 00 4c 2a 00 00 30 | 2e 0f 8f 0e 76 ec 84 b0 a9 33 60 fc ee b3 2e 54 | b7 53 54 f7 99 45 cb a1 c7 fe 60 a4 32 ee 6f a9 | hmac PRF sha final-bytes@0x557c448f3980 (length 20) | 66 75 e0 8a 25 07 4d 9f 35 c2 aa ac e9 df ff db | 20 69 79 82 | data being hmac: 3d 05 88 93 fe 15 a1 2e 0c f2 36 c3 98 49 00 79 | data being hmac: 2e 20 25 20 00 00 00 02 00 00 00 4c 2a 00 00 30 | data being hmac: 2e 0f 8f 0e 76 ec 84 b0 a9 33 60 fc ee b3 2e 54 | data being hmac: b7 53 54 f7 99 45 cb a1 c7 fe 60 a4 32 ee 6f a9 | out calculated auth: | 66 75 e0 8a 25 07 4d 9f 35 c2 aa ac | sending 76 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #9) | 3d 05 88 93 fe 15 a1 2e 0c f2 36 c3 98 49 00 79 | 2e 20 25 20 00 00 00 02 00 00 00 4c 2a 00 00 30 | 2e 0f 8f 0e 76 ec 84 b0 a9 33 60 fc ee b3 2e 54 | b7 53 54 f7 99 45 cb a1 c7 fe 60 a4 32 ee 6f a9 | 66 75 e0 8a 25 07 4d 9f 35 c2 aa ac | Message ID: #9 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=2 | Message ID: sent #9 response 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1->2 responder.recv=1 wip.initiator=-1 wip.responder=2 | #9 spent 0.76 milliseconds in processing: R2: process INFORMATIONAL Request in ikev2_process_state_packet() | [RE]START processing: state #9 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #9 complete_v2_state_transition() PARENT_R2->PARENT_R2 with status STF_OK | Message ID: updating counters for #9 to 2 after switching state | Message ID: recv #9 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=1->2 wip.initiator=-1 wip.responder=2->-1 | Message ID: #9 skipping update_send as nothing to send; initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=-1 "east" #9: STATE_PARENT_R2: received v2I2, PARENT SA established | stop processing: state #9 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #9 spent 1.03 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 1.04 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00157 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 3d 05 88 93 fe 15 a1 2e 0c f2 36 c3 98 49 00 79 | 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | d2 ac 54 c7 7d 59 13 52 6d 2e f0 68 83 a3 2c 7d | 5c ef 14 59 86 79 17 06 cf 0f 0b 21 41 69 ea fa | 9d ae 31 27 3b ea ff 55 1e 42 93 53 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d 05 88 93 fe 15 a1 2e | responder cookie: | 0c f2 36 c3 98 49 00 79 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 3 (0x3) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request | State DB: found IKEv2 state #9 in PARENT_R2 (find_v2_ike_sa) | start processing: state #9 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #9 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #9 st.st_msgid_lastrecv 2 md.hdr.isa_msgid 00000003 | Message ID: #9 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2D (0x2a) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SK (len=44) | Message ID: start-responder #9 request 3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=-1->3 | #9 in state PARENT_R2: received v2I2, PARENT SA established | hmac PRF sha init symkey-key@0x557c468ef410 (size 20) | hmac: symkey-key@0x557c468ef410 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x557c468ef410 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f58b68 | result: clone-key@0x7efe9c009e40 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x557c468d06c0 from symkey-key@0x7efe9c009e40 | hmac prf: begin sha with context 0x557c468d06c0 from symkey-key@0x7efe9c009e40 | hmac: release clone-key@0x7efe9c009e40 | hmac PRF sha crypt-prf@0x557c468f0e90 | hmac PRF sha update data-bytes@0x557c46868320 (length 64) | 3d 05 88 93 fe 15 a1 2e 0c f2 36 c3 98 49 00 79 | 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | d2 ac 54 c7 7d 59 13 52 6d 2e f0 68 83 a3 2c 7d | 5c ef 14 59 86 79 17 06 cf 0f 0b 21 41 69 ea fa | hmac PRF sha final-bytes@0x7fff72f58d30 (length 20) | 9d ae 31 27 3b ea ff 55 1e 42 93 53 76 e5 f5 94 | 0e f6 b9 e4 | data for hmac: 3d 05 88 93 fe 15 a1 2e 0c f2 36 c3 98 49 00 79 | data for hmac: 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | data for hmac: d2 ac 54 c7 7d 59 13 52 6d 2e f0 68 83 a3 2c 7d | data for hmac: 5c ef 14 59 86 79 17 06 cf 0f 0b 21 41 69 ea fa | calculated auth: 9d ae 31 27 3b ea ff 55 1e 42 93 53 | provided auth: 9d ae 31 27 3b ea ff 55 1e 42 93 53 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | d2 ac 54 c7 7d 59 13 52 6d 2e f0 68 83 a3 2c 7d | payload before decryption: | 5c ef 14 59 86 79 17 06 cf 0f 0b 21 41 69 ea fa | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 00 00 00 08 01 00 00 00 00 01 02 03 04 05 06 07 | stripping 8 octets as pad | #9 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2D) | **parse IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | protocol ID: PROTO_v2_IKE (0x1) | SPI size: 0 (0x0) | number of SPIs: 0 (0x0) | processing payload: ISAKMP_NEXT_v2D (len=0) | selected state microcode R2: process INFORMATIONAL Request | Now let's proceed with state specific processing | calling processor R2: process INFORMATIONAL Request | an informational request should send a response | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness | **emit ISAKMP Message: | initiator cookie: | 3d 05 88 93 fe 15 a1 2e | responder cookie: | 0c f2 36 c3 98 49 00 79 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 3 (0x3) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | adding 16 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0c repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0d repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0e repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0f repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 77 6d eb 3c 46 5f 88 3e 81 22 d9 70 06 ed 60 a8 | data before encryption: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 46 b2 3b 03 0c 45 35 cb f4 46 2b c8 70 b4 be 7f | hmac PRF sha init symkey-key@0x7efe9c006450 (size 20) | hmac: symkey-key@0x7efe9c006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efe9c006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f58728 | result: clone-key@0x7efe9c009e40 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x557c468d06c0 from symkey-key@0x7efe9c009e40 | hmac prf: begin sha with context 0x557c468d06c0 from symkey-key@0x7efe9c009e40 | hmac: release clone-key@0x7efe9c009e40 | hmac PRF sha crypt-prf@0x557c468f28a0 | hmac PRF sha update data-bytes@0x557c448f3940 (length 64) | 3d 05 88 93 fe 15 a1 2e 0c f2 36 c3 98 49 00 79 | 2e 20 25 20 00 00 00 03 00 00 00 4c 00 00 00 30 | 77 6d eb 3c 46 5f 88 3e 81 22 d9 70 06 ed 60 a8 | 46 b2 3b 03 0c 45 35 cb f4 46 2b c8 70 b4 be 7f | hmac PRF sha final-bytes@0x557c448f3980 (length 20) | af f1 75 7b 5c b4 cf 58 a5 be 4b 84 b2 1a 34 12 | 88 f4 b1 6d | data being hmac: 3d 05 88 93 fe 15 a1 2e 0c f2 36 c3 98 49 00 79 | data being hmac: 2e 20 25 20 00 00 00 03 00 00 00 4c 00 00 00 30 | data being hmac: 77 6d eb 3c 46 5f 88 3e 81 22 d9 70 06 ed 60 a8 | data being hmac: 46 b2 3b 03 0c 45 35 cb f4 46 2b c8 70 b4 be 7f | out calculated auth: | af f1 75 7b 5c b4 cf 58 a5 be 4b 84 | sending 76 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #9) | 3d 05 88 93 fe 15 a1 2e 0c f2 36 c3 98 49 00 79 | 2e 20 25 20 00 00 00 03 00 00 00 4c 00 00 00 30 | 77 6d eb 3c 46 5f 88 3e 81 22 d9 70 06 ed 60 a8 | 46 b2 3b 03 0c 45 35 cb f4 46 2b c8 70 b4 be 7f | af f1 75 7b 5c b4 cf 58 a5 be 4b 84 | Message ID: #9 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=3 | Message ID: sent #9 response 3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2->3 responder.recv=2 wip.initiator=-1 wip.responder=3 | State DB: IKEv2 state not found (delete_my_family) | parent state #9: PARENT_R2(established IKE SA) => IKESA_DEL(established IKE SA) | pstats #9 ikev2.ike deleted completed | #9 spent 10.1 milliseconds in total | [RE]START processing: state #9 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #9: deleting state (STATE_IKESA_DEL) aged 0.449s and NOT sending notification | parent state #9: IKESA_DEL(established IKE SA) => delete | state #9 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x7efea40060f0 | free_event_entry: release EVENT_SA_REKEY-pe@0x7efea0002b20 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #9 in IKESA_DEL | parent state #9: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7efea0000d60: destroyed | stop processing: state #9 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x7efe9c00eee0 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x7efe9c00bdb0 | delete_state: release st->st_skey_ai_nss-key@0x557c468ef410 | delete_state: release st->st_skey_ar_nss-key@0x7efe9c006450 | delete_state: release st->st_skey_ei_nss-key@0x557c468ef2a0 | delete_state: release st->st_skey_er_nss-key@0x7efeac0069f0 | delete_state: release st->st_skey_pi_nss-key@0x557c468d7990 | delete_state: release st->st_skey_pr_nss-key@0x7efeac00eec0 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | in statetime_stop() and could not find #9 | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3376) | #0 complete_v2_state_transition() md.from_state=PARENT_R2 md.svm.state[from]=PARENT_R2 UNDEFINED->PARENT_R2 with status STF_OK | STF_OK but no state object remains | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #9 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.617 milliseconds in comm_handle_cb() reading and processing packet | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00471 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00285 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 436 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 51 09 2b ee f6 12 cf 23 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 0c | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | 1b 46 69 e0 5a 3b ac 24 fd a5 51 36 38 cc c5 6e | 8d 80 dc 23 de 67 0c 8c 12 54 06 7f 23 ea 34 2e | ae 6b 2c 5b 00 4f 06 5c 78 55 ec 0c a6 66 a2 fe | 24 00 55 11 ea 59 cb 05 6c 51 af 7c f3 f2 be 7b | 59 5e 8f dc 0b 29 3e 16 fd 74 2f 8d 60 4a 9a 7f | bf d7 95 62 b6 6c fb 7a e0 fd 97 e0 4d 9b 41 79 | d1 91 f5 1c 9b 2d 8f 48 fb 5b 8d 97 bc a6 cb c1 | 4d 65 d2 0a 02 9c 55 2c 64 d7 26 fc 64 16 46 d1 | 34 16 b8 6e f1 62 8d d5 0c 53 e1 25 f8 15 20 9c | 36 92 bb 61 b9 7e 2f 01 63 16 da 43 9d 58 c2 7c | 7d e4 3b b9 2a 9f 6b 54 91 b9 00 38 c7 c3 bb 4b | f6 f6 e0 46 69 26 22 61 42 f1 d9 a7 af 78 e9 c4 | ab 3b 9b bd f8 df 32 5f 3a 08 4f 79 9a 78 a5 73 | 9c 50 5f e5 76 12 53 5a 25 f4 73 2e 54 a6 08 e9 | c4 d9 dc 5d ba e0 6c 64 cc f9 4d 96 d0 c9 6f f5 | 1b a0 cc 6c 92 f4 a1 ff 75 c0 a5 ce 82 23 82 14 | 29 00 00 24 64 89 08 b1 9e 0a 63 d1 9c 50 5b 75 | 79 89 e4 99 cf 9a 42 04 d8 c2 a6 c0 de e3 52 8b | 31 99 df 03 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 4d 15 a4 db 39 a6 0d b8 85 c7 d8 72 | 27 2d 6b 54 c9 3a 8c 98 00 00 00 1c 00 00 40 05 | ec 4e 1e 95 49 0e 4a 49 23 4a e0 23 e9 e5 20 7f | 13 29 b4 53 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 51 09 2b ee f6 12 cf 23 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 436 (0x1b4) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 44 (0x2c) | processing payload: ISAKMP_NEXT_v2SA (len=40) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | find_next_host_connection policy=PSK+IKEV2_ALLOW | find_next_host_connection returns empty | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x557c468e9610 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x557c448e7700 (length 32) | b3 4d 7f 00 5e 96 ec 2b 24 17 98 2c 30 c4 0b 6f | 32 2a a8 67 4e 25 c8 f6 c6 25 a4 e9 5e fb 8a 57 | IKE SPIr hash sha2_256 digest counter-bytes@0x557c448e76e0 (length 4) | 07 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7fff72f59390 (length 32) | 78 a2 33 56 c1 87 8f 73 bc db 0e 2d bc 8a 57 ad | 2e df 25 cf 2a db 4a a4 e7 ae 6b c5 c0 02 ab 82 | creating state object #11 at 0x557c468f4f20 | State DB: adding IKEv2 state #11 in UNDEFINED | pstats #11 ikev2.ike started | Message ID: init #11: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #11: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #11; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #11 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #11 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #11 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #11 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #11 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #11 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #11 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 40 (0x28) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 2 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: PRF+INTEG+DH; unmatched: ENCR | remote proposal 1 does not match; unmatched remote transforms: ENCR "east" #11: no local proposal matches remote proposals 1:IKE:ENCR=AES_CBC;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "east" #11: responding to IKE_SA_INIT (34) message (Message ID 0) from 192.1.2.45:500 with unencrypted notification NO_PROPOSAL_CHOSEN | Opening output PBS unencrypted notification | **emit ISAKMP Message: | initiator cookie: | 51 09 2b ee f6 12 cf 23 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'unencrypted notification' | emitting length of IKEv2 Notify Payload: 8 | emitting length of ISAKMP Message: 36 | sending 36 bytes for v2 notify through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #0) | 51 09 2b ee f6 12 cf 23 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 0e | #11 spent 0.197 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #11 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #11 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_FATAL | release_pending_whacks: state #11 has no whack fd | pstats #11 ikev2.ike deleted other | [RE]START processing: state #11 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #11: deleting state (STATE_PARENT_R0) aged 0.000s and NOT sending notification | parent state #11: PARENT_R0(half-open IKE SA) => delete | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #11 in PARENT_R0 | parent state #11: PARENT_R0(half-open IKE SA) => UNDEFINED(ignore) | stop processing: state #11 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #11 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.667 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00238 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 436 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 29 a3 3c 30 7d 92 33 78 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 0c | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | 30 b5 96 57 23 48 ec 57 1e b9 04 bb e0 41 8f b4 | 90 ad c6 e1 a3 e1 77 2c ec 46 d1 10 26 bf 4a e6 | 93 31 cd 13 78 2c d1 69 1e b6 79 d3 d0 fd 6c cd | 38 fc a6 d6 d9 bd a6 e2 0d 0b 52 1b 5d f1 e1 ea | 02 0a e7 af ef 66 1b 59 4a fb 0d c5 c3 83 f6 c2 | a9 17 79 5e 91 f3 75 ca 32 fd c8 37 9c b7 d2 c7 | e3 7b 98 d0 fa 3b 47 9e 2b 48 75 65 93 48 70 02 | 74 32 63 0c 67 7f 6d 51 c8 eb 2c 88 cb a1 f9 5a | 2f 9f c6 71 70 9e 68 0d 8b 74 40 52 41 aa d6 33 | d2 1d 75 1d ed c5 43 80 33 0b 75 4b 9c 99 f8 39 | be 06 89 7a 8e d4 59 69 dd 3c 25 f5 a3 f1 63 8e | 08 21 84 d7 68 b8 3f aa 7a b2 3a 93 f5 4c de 40 | 49 1c f2 a8 23 d5 02 2b ea 7b b7 11 99 c6 40 26 | 19 f9 79 0f f2 41 32 17 2f 4b a7 9c 56 41 b1 54 | 31 b8 93 38 0b f3 09 67 ea cc 0e 9d 0f 9f 82 f8 | a5 8d ca 09 fa 45 47 a7 03 e2 41 74 86 f7 07 43 | 29 00 00 24 03 6b 47 a3 f8 c5 4c dd b0 90 d0 dd | 77 f7 ef bb 66 f9 10 c0 af 05 f8 01 98 6c ee fd | 67 4d 48 a9 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 e8 e2 0b 2d 52 d6 84 53 b8 70 44 90 | a9 56 1b 81 ec b6 5e d3 00 00 00 1c 00 00 40 05 | e8 8d 08 69 7b 91 dd 98 bb 1d 20 b7 20 e0 7c 1b | c8 b3 75 e8 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 29 a3 3c 30 7d 92 33 78 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 436 (0x1b4) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 44 (0x2c) | processing payload: ISAKMP_NEXT_v2SA (len=40) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | find_next_host_connection policy=PSK+IKEV2_ALLOW | find_next_host_connection returns empty | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x557c468e9610 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x557c448e7700 (length 32) | b3 4d 7f 00 5e 96 ec 2b 24 17 98 2c 30 c4 0b 6f | 32 2a a8 67 4e 25 c8 f6 c6 25 a4 e9 5e fb 8a 57 | IKE SPIr hash sha2_256 digest counter-bytes@0x557c448e76e0 (length 4) | 08 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7fff72f59390 (length 32) | bf d5 66 c0 d8 1d c6 99 76 9d c0 f9 24 d2 76 26 | af 7e ee 24 97 f3 00 f9 8c c5 46 7b 0e 00 57 ae | creating state object #12 at 0x557c468f4f20 | State DB: adding IKEv2 state #12 in UNDEFINED | pstats #12 ikev2.ike started | Message ID: init #12: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #12: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #12; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #12 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #12 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #12 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #12 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #12 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #12 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #12 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 40 (0x28) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 2 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: PRF+INTEG+DH; unmatched: ENCR | remote proposal 1 does not match; unmatched remote transforms: ENCR "east" #12: no local proposal matches remote proposals 1:IKE:ENCR=AES_CBC;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "east" #12: responding to IKE_SA_INIT (34) message (Message ID 0) from 192.1.2.45:500 with unencrypted notification NO_PROPOSAL_CHOSEN | Opening output PBS unencrypted notification | **emit ISAKMP Message: | initiator cookie: | 29 a3 3c 30 7d 92 33 78 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'unencrypted notification' | emitting length of IKEv2 Notify Payload: 8 | emitting length of ISAKMP Message: 36 | sending 36 bytes for v2 notify through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #0) | 29 a3 3c 30 7d 92 33 78 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 0e | #12 spent 0.201 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #12 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #12 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_FATAL | release_pending_whacks: state #12 has no whack fd | pstats #12 ikev2.ike deleted other | [RE]START processing: state #12 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #12: deleting state (STATE_PARENT_R0) aged 0.000s and NOT sending notification | parent state #12: PARENT_R0(half-open IKE SA) => delete | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #12 in PARENT_R0 | parent state #12: PARENT_R0(half-open IKE SA) => UNDEFINED(ignore) | stop processing: state #12 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #12 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.693 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00377 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 09 59 11 4a c2 0f 26 e5 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 5a 3e 0a b1 d0 2b 79 58 5e d4 e2 0a | 1c cd 00 5f 7c 7d 86 5c 26 9b 91 73 01 1d 3e f4 | b8 76 06 81 62 d4 60 57 a2 26 9c 9c 35 47 c9 e8 | 34 97 36 16 a9 40 cc fc 6b f4 f1 23 d9 78 72 7d | c1 f6 8e c2 e6 72 03 2e 5d 49 b6 c7 b5 5a ac 07 | 4b 5e 8c e6 c8 52 a9 b5 19 44 30 29 66 ec 7b ed | 07 e2 ae 8c 2c ad a0 95 a2 31 0f b1 e4 d2 d8 f7 | 19 a3 89 eb 18 4b b2 4a 4a 1b b8 f0 b1 0c 51 70 | b1 8b cb 4a 0e 93 c9 37 b0 3f 57 15 fa 30 61 07 | b4 f9 eb 91 a0 ef e8 7a cd 67 38 1b db 2f 46 15 | ed 76 0b 8b d3 b2 bd bd e9 2a 7b c0 97 74 4e 4f | d4 63 a5 42 ef 22 a6 af e6 4f 00 fc f2 62 dc d8 | e3 e5 71 89 65 95 3c f0 f2 f9 8e cf ff a9 14 3c | 97 e7 c8 d7 d3 34 85 e4 65 fc 1d 1f 6a 84 1a d3 | 26 06 06 5b 7a 5e 66 55 a4 bf 03 e3 bf dc 05 9a | 30 1c b5 d6 85 2e ed 38 be 0f 01 f9 fc 61 2f bc | 3d 69 a0 03 29 00 00 24 9f ce 7b 23 47 90 3a ec | 2d fd 17 be cc 64 c0 40 a5 36 3d 60 3b f5 5b 1f | 6b 59 0c 6c b3 2d e7 05 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 50 19 d0 f3 ce 05 64 3e | e7 65 ff 3b 43 93 56 05 97 c8 e9 d9 00 00 00 1c | 00 00 40 05 e2 ba bb c9 ec 25 fb f0 38 fc 5d 9d | 25 64 6d bf 91 9c 64 d3 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 09 59 11 4a c2 0f 26 e5 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | find_next_host_connection policy=PSK+IKEV2_ALLOW | find_next_host_connection returns empty | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x557c468e9610 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x557c448e7700 (length 32) | b3 4d 7f 00 5e 96 ec 2b 24 17 98 2c 30 c4 0b 6f | 32 2a a8 67 4e 25 c8 f6 c6 25 a4 e9 5e fb 8a 57 | IKE SPIr hash sha2_256 digest counter-bytes@0x557c448e76e0 (length 4) | 09 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7fff72f59390 (length 32) | 55 a5 da 62 5b bc 99 84 5a 36 ad e7 2a 5b 48 b0 | 87 b3 dc e5 83 26 e4 bd 72 40 32 61 f7 46 4d 4f | creating state object #13 at 0x557c468f4f20 | State DB: adding IKEv2 state #13 in UNDEFINED | pstats #13 ikev2.ike started | Message ID: init #13: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #13: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #13; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #13 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #13 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #13 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #13 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #13 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #13 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #13 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 2 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH | remote proposal 1 matches local proposal 1 "east" #13: proposal 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048[first-match] | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | PRF ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1 | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | DH public value received: | 5a 3e 0a b1 d0 2b 79 58 5e d4 e2 0a 1c cd 00 5f | 7c 7d 86 5c 26 9b 91 73 01 1d 3e f4 b8 76 06 81 | 62 d4 60 57 a2 26 9c 9c 35 47 c9 e8 34 97 36 16 | a9 40 cc fc 6b f4 f1 23 d9 78 72 7d c1 f6 8e c2 | e6 72 03 2e 5d 49 b6 c7 b5 5a ac 07 4b 5e 8c e6 | c8 52 a9 b5 19 44 30 29 66 ec 7b ed 07 e2 ae 8c | 2c ad a0 95 a2 31 0f b1 e4 d2 d8 f7 19 a3 89 eb | 18 4b b2 4a 4a 1b b8 f0 b1 0c 51 70 b1 8b cb 4a | 0e 93 c9 37 b0 3f 57 15 fa 30 61 07 b4 f9 eb 91 | a0 ef e8 7a cd 67 38 1b db 2f 46 15 ed 76 0b 8b | d3 b2 bd bd e9 2a 7b c0 97 74 4e 4f d4 63 a5 42 | ef 22 a6 af e6 4f 00 fc f2 62 dc d8 e3 e5 71 89 | 65 95 3c f0 f2 f9 8e cf ff a9 14 3c 97 e7 c8 d7 | d3 34 85 e4 65 fc 1d 1f 6a 84 1a d3 26 06 06 5b | 7a 5e 66 55 a4 bf 03 e3 bf dc 05 9a 30 1c b5 d6 | 85 2e ed 38 be 0f 01 f9 fc 61 2f bc 3d 69 a0 03 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff72f58d90 (length 8) | 09 59 11 4a c2 0f 26 e5 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff72f58d98 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff72f58d24 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff72f58d16 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff72f58da0 (length 20) | e2 ba bb c9 ec 25 fb f0 38 fc 5d 9d 25 64 6d bf | 91 9c 64 d3 | natd_hash: hasher=0x557c448ca7a0(20) | natd_hash: icookie= 09 59 11 4a c2 0f 26 e5 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= e2 ba bb c9 ec 25 fb f0 38 fc 5d 9d 25 64 6d bf | natd_hash: hash= 91 9c 64 d3 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff72f58d90 (length 8) | 09 59 11 4a c2 0f 26 e5 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff72f58d98 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff72f58d24 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff72f58d16 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff72f58dc0 (length 20) | 50 19 d0 f3 ce 05 64 3e e7 65 ff 3b 43 93 56 05 | 97 c8 e9 d9 | natd_hash: hasher=0x557c448ca7a0(20) | natd_hash: icookie= 09 59 11 4a c2 0f 26 e5 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 50 19 d0 f3 ce 05 64 3e e7 65 ff 3b 43 93 56 05 | natd_hash: hash= 97 c8 e9 d9 | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.45 | adding ikev2_inI1outR1 KE work-order 9 for state #13 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x557c468eabb0 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #13 | libevent_malloc: new ptr-libevent@0x7efea40060f0 size 128 | #13 spent 0.404 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #13 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #13 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND | suspending state #13 and saving MD | #13 is busy; has a suspended MD | [RE]START processing: state #13 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3266) | "east" #13 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | stop processing: state #13 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #13 spent 0.929 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.945 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 2 resuming | crypto helper 2 starting work-order 9 for state #13 | crypto helper 2 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 9 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7efeac002010: created | NSS: Local DH MODP2048 secret (pointer): 0x7efeac002010 | NSS: Public DH wire value: | 0e 3e e6 66 aa 41 9c 64 27 32 89 19 e9 6d ef af | 85 89 f5 31 fc ff 09 25 04 0b 8e 27 ac 6c 30 1f | e5 06 fe c5 1c f2 e6 63 28 99 dc f1 9d 13 f5 be | 51 9c a6 67 49 da 3b bd 96 ab f0 4d 23 b9 a4 f6 | 69 a3 a8 e0 cb 09 28 2f 82 e8 f4 20 8c cc e1 ae | e8 a0 e1 7b 8e 09 e8 83 81 c6 4c d0 0b 7d 6e 5e | 5b 39 f1 a1 48 7b 10 ee d7 8d 84 5d 7b 72 ae 48 | e4 5e fa b1 c2 a6 87 b2 55 1e 30 6b 80 a8 af 0b | 62 12 a3 6a 26 21 1d c2 39 8a bd 0b 0a 50 44 e2 | 5c 72 1a 46 5e b4 f9 f5 a9 90 82 02 e3 15 d8 7c | 79 20 a1 f8 d7 a9 df e1 4b 56 03 a0 a1 0a df be | 3a 86 63 ee 32 6e da ed b4 cd 5d b2 89 86 01 56 | e4 4c 60 6f b2 a2 61 eb a2 c4 56 df a5 26 97 e7 | bc e6 bb 4d 4b 22 07 df d4 b9 6b 67 17 76 fc a0 | c7 ce b9 2a 1f 92 ca 99 fb 2d 83 47 e5 66 64 6e | 22 6c 0b a0 39 c4 e1 da cb 94 b7 4b 6b 4e 1f 18 | Generated nonce: a3 df cd ef d4 fd d2 32 58 f4 10 7f 27 30 74 c7 | Generated nonce: 18 52 1b e1 2b 37 07 97 e5 f8 08 84 aa 52 06 d5 | crypto helper 2 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 9 time elapsed 0.000994 seconds | (#13) spent 0.992 milliseconds in crypto helper computing work-order 9: ikev2_inI1outR1 KE (pcr) | crypto helper 2 sending results from work-order 9 for state #13 to event queue | scheduling resume sending helper answer for #13 | libevent_malloc: new ptr-libevent@0x7efeac011520 size 128 | crypto helper 2 waiting (nothing to do) | processing resume sending helper answer for #13 | start processing: state #13 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 2 replies to request ID 9 | calling continuation function 0x557c447f4630 | ikev2_parent_inI1outR1_continue for #13: calculated ke+nonce, sending R1 | **emit ISAKMP Message: | initiator cookie: | 09 59 11 4a c2 0f 26 e5 | responder cookie: | 55 a5 da 62 5b bc 99 84 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Emitting ikev2_proposal ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7efeac002010: transferring ownership from helper KE to state #13 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 0e 3e e6 66 aa 41 9c 64 27 32 89 19 e9 6d ef af | ikev2 g^x 85 89 f5 31 fc ff 09 25 04 0b 8e 27 ac 6c 30 1f | ikev2 g^x e5 06 fe c5 1c f2 e6 63 28 99 dc f1 9d 13 f5 be | ikev2 g^x 51 9c a6 67 49 da 3b bd 96 ab f0 4d 23 b9 a4 f6 | ikev2 g^x 69 a3 a8 e0 cb 09 28 2f 82 e8 f4 20 8c cc e1 ae | ikev2 g^x e8 a0 e1 7b 8e 09 e8 83 81 c6 4c d0 0b 7d 6e 5e | ikev2 g^x 5b 39 f1 a1 48 7b 10 ee d7 8d 84 5d 7b 72 ae 48 | ikev2 g^x e4 5e fa b1 c2 a6 87 b2 55 1e 30 6b 80 a8 af 0b | ikev2 g^x 62 12 a3 6a 26 21 1d c2 39 8a bd 0b 0a 50 44 e2 | ikev2 g^x 5c 72 1a 46 5e b4 f9 f5 a9 90 82 02 e3 15 d8 7c | ikev2 g^x 79 20 a1 f8 d7 a9 df e1 4b 56 03 a0 a1 0a df be | ikev2 g^x 3a 86 63 ee 32 6e da ed b4 cd 5d b2 89 86 01 56 | ikev2 g^x e4 4c 60 6f b2 a2 61 eb a2 c4 56 df a5 26 97 e7 | ikev2 g^x bc e6 bb 4d 4b 22 07 df d4 b9 6b 67 17 76 fc a0 | ikev2 g^x c7 ce b9 2a 1f 92 ca 99 fb 2d 83 47 e5 66 64 6e | ikev2 g^x 22 6c 0b a0 39 c4 e1 da cb 94 b7 4b 6b 4e 1f 18 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce a3 df cd ef d4 fd d2 32 58 f4 10 7f 27 30 74 c7 | IKEv2 nonce 18 52 1b e1 2b 37 07 97 e5 f8 08 84 aa 52 06 d5 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff72f592e0 (length 8) | 09 59 11 4a c2 0f 26 e5 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff72f592e8 (length 8) | 55 a5 da 62 5b bc 99 84 | NATD hash sha digest IP addr-bytes@0x7fff72f59214 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff72f59206 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff72f59290 (length 20) | 24 52 91 e4 ad 50 db 15 6f fa 61 92 fd 34 e1 d3 | 3b 92 7f b7 | natd_hash: hasher=0x557c448ca7a0(20) | natd_hash: icookie= 09 59 11 4a c2 0f 26 e5 | natd_hash: rcookie= 55 a5 da 62 5b bc 99 84 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 24 52 91 e4 ad 50 db 15 6f fa 61 92 fd 34 e1 d3 | natd_hash: hash= 3b 92 7f b7 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 24 52 91 e4 ad 50 db 15 6f fa 61 92 fd 34 e1 d3 | Notify data 3b 92 7f b7 | emitting length of IKEv2 Notify Payload: 28 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff72f592e0 (length 8) | 09 59 11 4a c2 0f 26 e5 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff72f592e8 (length 8) | 55 a5 da 62 5b bc 99 84 | NATD hash sha digest IP addr-bytes@0x7fff72f59214 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff72f59206 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff72f59290 (length 20) | b9 b1 fd 3a 02 72 df c3 42 bd 46 0d 52 9b 48 75 | 7c ec f0 17 | natd_hash: hasher=0x557c448ca7a0(20) | natd_hash: icookie= 09 59 11 4a c2 0f 26 e5 | natd_hash: rcookie= 55 a5 da 62 5b bc 99 84 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= b9 b1 fd 3a 02 72 df c3 42 bd 46 0d 52 9b 48 75 | natd_hash: hash= 7c ec f0 17 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data b9 b1 fd 3a 02 72 df c3 42 bd 46 0d 52 9b 48 75 | Notify data 7c ec f0 17 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | [RE]START processing: state #13 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #13 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 | parent state #13: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) | Message ID: updating counters for #13 to 0 after switching state | Message ID: recv #13 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 | Message ID: sent #13 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 "east" #13: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_CBC_128 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP2048} | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) | sending 440 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #13) | 09 59 11 4a c2 0f 26 e5 55 a5 da 62 5b bc 99 84 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 0e 3e e6 66 aa 41 9c 64 27 32 89 19 | e9 6d ef af 85 89 f5 31 fc ff 09 25 04 0b 8e 27 | ac 6c 30 1f e5 06 fe c5 1c f2 e6 63 28 99 dc f1 | 9d 13 f5 be 51 9c a6 67 49 da 3b bd 96 ab f0 4d | 23 b9 a4 f6 69 a3 a8 e0 cb 09 28 2f 82 e8 f4 20 | 8c cc e1 ae e8 a0 e1 7b 8e 09 e8 83 81 c6 4c d0 | 0b 7d 6e 5e 5b 39 f1 a1 48 7b 10 ee d7 8d 84 5d | 7b 72 ae 48 e4 5e fa b1 c2 a6 87 b2 55 1e 30 6b | 80 a8 af 0b 62 12 a3 6a 26 21 1d c2 39 8a bd 0b | 0a 50 44 e2 5c 72 1a 46 5e b4 f9 f5 a9 90 82 02 | e3 15 d8 7c 79 20 a1 f8 d7 a9 df e1 4b 56 03 a0 | a1 0a df be 3a 86 63 ee 32 6e da ed b4 cd 5d b2 | 89 86 01 56 e4 4c 60 6f b2 a2 61 eb a2 c4 56 df | a5 26 97 e7 bc e6 bb 4d 4b 22 07 df d4 b9 6b 67 | 17 76 fc a0 c7 ce b9 2a 1f 92 ca 99 fb 2d 83 47 | e5 66 64 6e 22 6c 0b a0 39 c4 e1 da cb 94 b7 4b | 6b 4e 1f 18 29 00 00 24 a3 df cd ef d4 fd d2 32 | 58 f4 10 7f 27 30 74 c7 18 52 1b e1 2b 37 07 97 | e5 f8 08 84 aa 52 06 d5 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 24 52 91 e4 ad 50 db 15 | 6f fa 61 92 fd 34 e1 d3 3b 92 7f b7 00 00 00 1c | 00 00 40 05 b9 b1 fd 3a 02 72 df c3 42 bd 46 0d | 52 9b 48 75 7c ec f0 17 | state #13 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7efea40060f0 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x557c468eabb0 | event_schedule: new EVENT_SO_DISCARD-pe@0x557c468eabb0 | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #13 | libevent_malloc: new ptr-libevent@0x7efea40060f0 size 128 | resume sending helper answer for #13 suppresed complete_v2_state_transition() | #13 spent 0.486 milliseconds in resume sending helper answer | stop processing: state #13 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7efeac011520 | spent 0.00257 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 204 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 09 59 11 4a c2 0f 26 e5 55 a5 da 62 5b bc 99 84 | 2e 20 23 08 00 00 00 01 00 00 00 cc 23 00 00 b0 | 80 40 52 57 7f dc 3f 9d be db 4f 13 05 52 af 25 | 28 41 11 7c 45 68 2a 0e 67 85 3c f5 44 ff 28 40 | 8f d4 e3 b8 38 65 a4 dd 7a 7d 17 8b 58 54 84 e2 | 46 dc 6b 81 11 a3 8e d4 97 d5 fe b9 2b a2 68 b9 | d2 41 c8 3c 71 ae 7f 4e 37 2b 15 0d fa 81 15 f1 | bb 10 0e e7 fb 3a 7b 3e ef 0a 0a 95 23 62 08 12 | be f4 7e 98 c0 58 64 5c 59 7d 88 98 b9 41 bc b4 | 63 fc af 1e 57 bd 7a fc 61 53 b5 c2 e6 2d 48 a2 | 47 82 b9 ff 18 c7 d9 aa 50 b1 5b c3 e6 5e e3 57 | 6b ac 0f 35 a9 89 30 0d 05 41 58 50 68 2f 69 aa | 40 10 32 4b 48 4e 07 44 57 4d ef 30 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 09 59 11 4a c2 0f 26 e5 | responder cookie: | 55 a5 da 62 5b bc 99 84 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | length: 204 (0xcc) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request | State DB: found IKEv2 state #13 in PARENT_R1 (find_v2_ike_sa) | start processing: state #13 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #13 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #13 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 | Message ID: #13 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | length: 176 (0xb0) | processing payload: ISAKMP_NEXT_v2SK (len=172) | Message ID: start-responder #13 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 | #13 in state PARENT_R1: received v2I1, sent v2R1 | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) | Now let's proceed with state specific processing | calling processor Responder: process IKE_AUTH request (no SKEYSEED) | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA1 integ=HMAC_SHA1_96 cipherkey=AES_CBC | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7efeac002010: transferring ownership from state #13 to helper IKEv2 DH | adding ikev2_inI2outR2 KE work-order 10 for state #13 | state #13 requesting EVENT_SO_DISCARD to be deleted | libevent_free: release ptr-libevent@0x7efea40060f0 | free_event_entry: release EVENT_SO_DISCARD-pe@0x557c468eabb0 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x557c468eabb0 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #13 | libevent_malloc: new ptr-libevent@0x7efea40060f0 size 128 | #13 spent 0.0324 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet() | [RE]START processing: state #13 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #13 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND | suspending state #13 and saving MD | #13 is busy; has a suspended MD | [RE]START processing: state #13 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3266) | "east" #13 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | stop processing: state #13 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #13 spent 0.169 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.18 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 0 resuming | crypto helper 0 starting work-order 10 for state #13 | crypto helper 0 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 10 | peer's g: 5a 3e 0a b1 d0 2b 79 58 5e d4 e2 0a 1c cd 00 5f | peer's g: 7c 7d 86 5c 26 9b 91 73 01 1d 3e f4 b8 76 06 81 | peer's g: 62 d4 60 57 a2 26 9c 9c 35 47 c9 e8 34 97 36 16 | peer's g: a9 40 cc fc 6b f4 f1 23 d9 78 72 7d c1 f6 8e c2 | peer's g: e6 72 03 2e 5d 49 b6 c7 b5 5a ac 07 4b 5e 8c e6 | peer's g: c8 52 a9 b5 19 44 30 29 66 ec 7b ed 07 e2 ae 8c | peer's g: 2c ad a0 95 a2 31 0f b1 e4 d2 d8 f7 19 a3 89 eb | peer's g: 18 4b b2 4a 4a 1b b8 f0 b1 0c 51 70 b1 8b cb 4a | peer's g: 0e 93 c9 37 b0 3f 57 15 fa 30 61 07 b4 f9 eb 91 | peer's g: a0 ef e8 7a cd 67 38 1b db 2f 46 15 ed 76 0b 8b | peer's g: d3 b2 bd bd e9 2a 7b c0 97 74 4e 4f d4 63 a5 42 | peer's g: ef 22 a6 af e6 4f 00 fc f2 62 dc d8 e3 e5 71 89 | peer's g: 65 95 3c f0 f2 f9 8e cf ff a9 14 3c 97 e7 c8 d7 | peer's g: d3 34 85 e4 65 fc 1d 1f 6a 84 1a d3 26 06 06 5b | peer's g: 7a 5e 66 55 a4 bf 03 e3 bf dc 05 9a 30 1c b5 d6 | peer's g: 85 2e ed 38 be 0f 01 f9 fc 61 2f bc 3d 69 a0 03 | Started DH shared-secret computation in NSS: | new : g_ir-key@0x7efeac00eec0 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7efeac002010: computed shared DH secret key@0x7efeac00eec0 | dh-shared : g^ir-key@0x7efeac00eec0 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha integ=sha cipherkey-size=16 salt-size=0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha init Ni | Nr-chunk@0x7efeb00039a0 (length 64) | 9f ce 7b 23 47 90 3a ec 2d fd 17 be cc 64 c0 40 | a5 36 3d 60 3b f5 5b 1f 6b 59 0c 6c b3 2d e7 05 | a3 df cd ef d4 fd d2 32 58 f4 10 7f 27 30 74 c7 | 18 52 1b e1 2b 37 07 97 e5 f8 08 84 aa 52 06 d5 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efebc8a9670 | result: Ni | Nr-key@0x7efeac0069f0 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x7efeac0069f0 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebc8a9658 | result: Ni | Nr-key@0x557c468d7990 (64-bytes, SHA_1_HMAC) | Ni | Nr: release tmp-key@0x7efeac0069f0 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha context 0x7efeb0003aa0 from Ni | Nr-key@0x557c468d7990 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha with context 0x7efeb0003aa0 from Ni | Nr-key@0x557c468d7990 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x557c468d7990 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha crypt-prf@0x7efeb0006c30 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha update g^ir-key@0x7efeac00eec0 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x7efeac00eec0 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x7efeac00eec0 | nss hmac digest hack: symkey-key@0x7efeac00eec0 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)-1131769136: 15 1a ffffffd3 2e 11 ffffffcc 4f 30 32 ffffffcf 1c ffffffda ffffffda ffffffa0 ffffffb7 ffffffb7 69 10 25 16 36 50 ffffffb0 ffffff8b 04 ffffffbb fffffff3 ffffffa5 46 ffffffd3 0e 02 1f ffffffb4 30 ffffffd3 fffffffa 03 ffffffb2 3f 4b ffffffc3 ffffffed 0d 4c 7b ffffffae 14 ffffffcf fffffff7 6c ffffffe8 31 ffffffe8 ffffffee 21 ffffffeb fffffff1 49 ffffffc5 ffffffd0 0f ffffffb1 3d ffffffd5 0c 03 22 5f ffffff9a 08 fffffffe 48 ffffff97 21 ffffff8f 16 ffffff9b ffffffae 45 48 53 19 ffffffc5 09 ffffffad 04 fffffff2 41 ffffff91 56 ffffffe1 ffffffbe ffffffd7 ffffff92 ffffff8e 30 4e 02 1b fffffffe 7a 6b 3f 61 fffffffa ffffffd6 21 49 4e fffffff2 0f 3d ffffffc9 6d ffffff83 21 35 ffffff84 ffffffe5 45 ffffffd2 ffffffe2 ffffffdb ffffffff ffffffa9 ffffff9a ffffffb6 0c 0d ffffffdb fffffffb ffffffe2 ffffff9c ffffffb8 29 ffffffbc ffffffc4 ffffffb6 35 ffffff98 5f 58 ffffffe2 ffffffba 60 ffffff92 2a ffffffde ffffff9e fffffff5 00 2c 7c 46 ffffffa7 ffffffd | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 256 bytes at 0x7efeb00078b0 | unwrapped: c0 41 8b f4 a3 39 52 0c 57 ba 5d fa 12 76 9e 4e | unwrapped: eb c6 74 f1 56 62 f7 23 57 3d e9 3f cd 36 39 08 | unwrapped: a3 0c 33 3a 7b 2d 78 b8 1b 53 2e f3 00 e0 a5 64 | unwrapped: 63 eb a8 db 5a 98 41 6b b2 d8 7f 18 d2 31 7d 4b | unwrapped: 8d d0 e6 71 70 c8 7a 16 d0 fb c5 57 1a f1 5d 28 | unwrapped: 99 7f 38 a2 cc dd 13 8c 69 e5 24 be 39 a4 b8 ec | unwrapped: 36 1e fe af 63 6f 85 00 df fe 07 a2 de 40 48 f9 | unwrapped: 1f d3 2b 95 e0 68 5b 28 e7 08 e0 6d f4 8a 8a 18 | unwrapped: cb 04 3f 9e f1 a4 98 eb 20 ac d5 25 c3 20 cb 69 | unwrapped: e7 d6 03 77 c7 6f 14 03 73 ff e7 bf 09 2a cb 7d | unwrapped: fc f5 61 49 82 c8 56 0d c9 ec 69 f7 56 15 0a b8 | unwrapped: 45 9e 65 9c 40 9a 4e 06 9d 56 84 d1 67 00 e3 5f | unwrapped: 4f 2c 1b c8 36 aa 56 58 88 69 33 3e 77 f6 5e c7 | unwrapped: 4e bb f8 e8 d4 cf ce 28 75 c9 08 06 1f f7 98 10 | unwrapped: 9d 22 2f c7 e2 12 4d 9e 04 35 05 89 af 68 f6 42 | unwrapped: 44 4c 1f 4f a8 a8 62 47 b2 7f 6e 11 44 7a d3 1b | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efebc8a9690 | result: final-key@0x7efeac0069f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efeac0069f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebc8a9678 | result: final-key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efeac0069f0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha final-key@0x557c468d7990 (size 20) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efebc8a9600 | result: data=Ni-key@0x557c468ef2a0 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x557c468ef2a0 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebc8a95e8 | result: data=Ni-key@0x7efeac0069f0 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x557c468ef2a0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7efeac0069f0 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7efebc8a95f0 | result: data+=Nr-key@0x557c468ef2a0 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x7efeac0069f0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c468ef2a0 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7efebc8a95f0 | result: data+=SPIi-key@0x7efeac0069f0 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x557c468ef2a0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7efeac0069f0 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7efebc8a95f0 | result: data+=SPIr-key@0x557c468ef2a0 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x7efeac0069f0 | prf+0 PRF sha init key-key@0x557c468d7990 (size 20) | prf+0: key-key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebc8a9518 | result: clone-key@0x7efeac0069f0 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7efeb0003aa0 from key-key@0x7efeac0069f0 | prf+0 prf: begin sha with context 0x7efeb0003aa0 from key-key@0x7efeac0069f0 | prf+0: release clone-key@0x7efeac0069f0 | prf+0 PRF sha crypt-prf@0x7efeb0007090 | prf+0 PRF sha update seed-key@0x557c468ef2a0 (size 80) | prf+0: seed-key@0x557c468ef2a0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x557c468ef2a0 | nss hmac digest hack: symkey-key@0x557c468ef2a0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1131769504: fffffff3 01 ffffffcb fffffffd 65 ffffffe1 ffffffa4 33 4e ffffffd4 7a 4d 18 51 ffffffd8 61 ffffffb1 ffffffab 61 ffffff98 ffffff98 ffffff94 6e 4c ffffffde ffffffa2 ffffff86 62 ffffff86 ffffffe2 08 ffffffa7 36 ffffffde ffffffd0 05 ffffff87 ffffffb0 ffffffbc 11 77 fffffffe 58 58 ffffffa3 68 0e 65 ffffffbf 72 ffffff8e ffffff84 ffffff8f 78 7e 20 ffffffe6 55 32 2f 04 4c 0b ffffffe3 ffffffd2 19 ffffffd3 6d 42 ffffffd0 ffffff9d ffffffe2 50 0e ffffff8a ffffff9b 1e 1b ffffff9d 18 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 80 bytes at 0x7efeb0007d50 | unwrapped: 9f ce 7b 23 47 90 3a ec 2d fd 17 be cc 64 c0 40 | unwrapped: a5 36 3d 60 3b f5 5b 1f 6b 59 0c 6c b3 2d e7 05 | unwrapped: a3 df cd ef d4 fd d2 32 58 f4 10 7f 27 30 74 c7 | unwrapped: 18 52 1b e1 2b 37 07 97 e5 f8 08 84 aa 52 06 d5 | unwrapped: 09 59 11 4a c2 0f 26 e5 55 a5 da 62 5b bc 99 84 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efebc8a9520 | result: final-key@0x7efe9c006450 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efe9c006450 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebc8a9508 | result: final-key@0x7efeac0069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efe9c006450 | prf+0 PRF sha final-key@0x7efeac0069f0 (size 20) | prf+0: key-key@0x7efeac0069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x7efeac0069f0 | prf+N PRF sha init key-key@0x557c468d7990 (size 20) | prf+N: key-key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebc8a9518 | result: clone-key@0x7efe9c006450 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7efeb0003aa0 from key-key@0x7efe9c006450 | prf+N prf: begin sha with context 0x7efeb0003aa0 from key-key@0x7efe9c006450 | prf+N: release clone-key@0x7efe9c006450 | prf+N PRF sha crypt-prf@0x7efeb00010c0 | prf+N PRF sha update old_t-key@0x7efeac0069f0 (size 20) | prf+N: old_t-key@0x7efeac0069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7efeac0069f0 | nss hmac digest hack: symkey-key@0x7efeac0069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1131769504: 0e ffffffb0 fffffff8 ffffffd2 ffffff91 ffffffa0 10 49 59 2c 5d ffffffdc ffffff9d 7f ffffffb5 0c 6d ffffff95 ffffffb1 ffffff83 ffffff9b ffffff9c 0d ffffffea 20 ffffffa6 59 00 ffffff97 0d ffffffa7 60 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x7efeb00070d0 | unwrapped: d7 ab 21 35 fe bc 32 47 eb ca a3 ae 75 7c 0f b0 | unwrapped: 1e 64 b3 f7 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x557c468ef2a0 (size 80) | prf+N: seed-key@0x557c468ef2a0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x557c468ef2a0 | nss hmac digest hack: symkey-key@0x557c468ef2a0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1131769504: fffffff3 01 ffffffcb fffffffd 65 ffffffe1 ffffffa4 33 4e ffffffd4 7a 4d 18 51 ffffffd8 61 ffffffb1 ffffffab 61 ffffff98 ffffff98 ffffff94 6e 4c ffffffde ffffffa2 ffffff86 62 ffffff86 ffffffe2 08 ffffffa7 36 ffffffde ffffffd0 05 ffffff87 ffffffb0 ffffffbc 11 77 fffffffe 58 58 ffffffa3 68 0e 65 ffffffbf 72 ffffff8e ffffff84 ffffff8f 78 7e 20 ffffffe6 55 32 2f 04 4c 0b ffffffe3 ffffffd2 19 ffffffd3 6d 42 ffffffd0 ffffff9d ffffffe2 50 0e ffffff8a ffffff9b 1e 1b ffffff9d 18 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 80 bytes at 0x7efeb0007cf0 | unwrapped: 9f ce 7b 23 47 90 3a ec 2d fd 17 be cc 64 c0 40 | unwrapped: a5 36 3d 60 3b f5 5b 1f 6b 59 0c 6c b3 2d e7 05 | unwrapped: a3 df cd ef d4 fd d2 32 58 f4 10 7f 27 30 74 c7 | unwrapped: 18 52 1b e1 2b 37 07 97 e5 f8 08 84 aa 52 06 d5 | unwrapped: 09 59 11 4a c2 0f 26 e5 55 a5 da 62 5b bc 99 84 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efebc8a9520 | result: final-key@0x557c468ef410 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x557c468ef410 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebc8a9508 | result: final-key@0x7efe9c006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x557c468ef410 | prf+N PRF sha final-key@0x7efe9c006450 (size 20) | prf+N: key-key@0x7efe9c006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7efeac0069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7efebc8a9598 | result: result-key@0x557c468ef410 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7efeac0069f0 | prfplus: release old_t[N]-key@0x7efeac0069f0 | prf+N PRF sha init key-key@0x557c468d7990 (size 20) | prf+N: key-key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebc8a9518 | result: clone-key@0x7efeac0069f0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7efeb0003aa0 from key-key@0x7efeac0069f0 | prf+N prf: begin sha with context 0x7efeb0003aa0 from key-key@0x7efeac0069f0 | prf+N: release clone-key@0x7efeac0069f0 | prf+N PRF sha crypt-prf@0x7efeb0002a80 | prf+N PRF sha update old_t-key@0x7efe9c006450 (size 20) | prf+N: old_t-key@0x7efe9c006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7efe9c006450 | nss hmac digest hack: symkey-key@0x7efe9c006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1131769504: 16 ffffff8d ffffffdd 54 3e 0c 6e fffffffb 15 ffffff93 65 57 35 ffffffb2 ffffff94 ffffffe8 ffffffaf ffffffe2 3e 71 07 ffffff89 ffffffed 30 ffffffba ffffffaa 07 ffffffa5 fffffffd 2d ffffff82 ffffffa0 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x7efeb0007dd0 | unwrapped: 88 c8 6f 27 c7 62 01 fa f5 e7 bf 1b 81 d9 a3 c9 | unwrapped: 25 ac 29 b5 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x557c468ef2a0 (size 80) | prf+N: seed-key@0x557c468ef2a0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x557c468ef2a0 | nss hmac digest hack: symkey-key@0x557c468ef2a0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1131769504: fffffff3 01 ffffffcb fffffffd 65 ffffffe1 ffffffa4 33 4e ffffffd4 7a 4d 18 51 ffffffd8 61 ffffffb1 ffffffab 61 ffffff98 ffffff98 ffffff94 6e 4c ffffffde ffffffa2 ffffff86 62 ffffff86 ffffffe2 08 ffffffa7 36 ffffffde ffffffd0 05 ffffff87 ffffffb0 ffffffbc 11 77 fffffffe 58 58 ffffffa3 68 0e 65 ffffffbf 72 ffffff8e ffffff84 ffffff8f 78 7e 20 ffffffe6 55 32 2f 04 4c 0b ffffffe3 ffffffd2 19 ffffffd3 6d 42 ffffffd0 ffffff9d ffffffe2 50 0e ffffff8a ffffff9b 1e 1b ffffff9d 18 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 80 bytes at 0x7efeb0007c90 | unwrapped: 9f ce 7b 23 47 90 3a ec 2d fd 17 be cc 64 c0 40 | unwrapped: a5 36 3d 60 3b f5 5b 1f 6b 59 0c 6c b3 2d e7 05 | unwrapped: a3 df cd ef d4 fd d2 32 58 f4 10 7f 27 30 74 c7 | unwrapped: 18 52 1b e1 2b 37 07 97 e5 f8 08 84 aa 52 06 d5 | unwrapped: 09 59 11 4a c2 0f 26 e5 55 a5 da 62 5b bc 99 84 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efebc8a9520 | result: final-key@0x7efe9c00bdb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efe9c00bdb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebc8a9508 | result: final-key@0x7efeac0069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efe9c00bdb0 | prf+N PRF sha final-key@0x7efeac0069f0 (size 20) | prf+N: key-key@0x7efeac0069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c468ef410 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7efebc8a9598 | result: result-key@0x7efe9c00bdb0 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x557c468ef410 | prfplus: release old_t[N]-key@0x7efe9c006450 | prf+N PRF sha init key-key@0x557c468d7990 (size 20) | prf+N: key-key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebc8a9518 | result: clone-key@0x7efe9c006450 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7efeb0003aa0 from key-key@0x7efe9c006450 | prf+N prf: begin sha with context 0x7efeb0003aa0 from key-key@0x7efe9c006450 | prf+N: release clone-key@0x7efe9c006450 | prf+N PRF sha crypt-prf@0x7efeb00010c0 | prf+N PRF sha update old_t-key@0x7efeac0069f0 (size 20) | prf+N: old_t-key@0x7efeac0069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7efeac0069f0 | nss hmac digest hack: symkey-key@0x7efeac0069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1131769504: fffffff6 ffffff9c fffffff7 42 ffffffeb ffffffab 34 ffffffdf 4e 3f 3e 16 ffffffe2 ffffffaa ffffffa2 28 2f 41 63 ffffffb9 19 05 69 46 ffffffc0 ffffff94 39 12 7d 1b ffffffeb 05 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x7efeb00089f0 | unwrapped: a9 c1 29 68 8a 80 24 c5 d6 1f 33 ce b4 1e 45 a1 | unwrapped: f7 4d cb 49 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x557c468ef2a0 (size 80) | prf+N: seed-key@0x557c468ef2a0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x557c468ef2a0 | nss hmac digest hack: symkey-key@0x557c468ef2a0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1131769504: fffffff3 01 ffffffcb fffffffd 65 ffffffe1 ffffffa4 33 4e ffffffd4 7a 4d 18 51 ffffffd8 61 ffffffb1 ffffffab 61 ffffff98 ffffff98 ffffff94 6e 4c ffffffde ffffffa2 ffffff86 62 ffffff86 ffffffe2 08 ffffffa7 36 ffffffde ffffffd0 05 ffffff87 ffffffb0 ffffffbc 11 77 fffffffe 58 58 ffffffa3 68 0e 65 ffffffbf 72 ffffff8e ffffff84 ffffff8f 78 7e 20 ffffffe6 55 32 2f 04 4c 0b ffffffe3 ffffffd2 19 ffffffd3 6d 42 ffffffd0 ffffff9d ffffffe2 50 0e ffffff8a ffffff9b 1e 1b ffffff9d 18 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 80 bytes at 0x7efeb0007c30 | unwrapped: 9f ce 7b 23 47 90 3a ec 2d fd 17 be cc 64 c0 40 | unwrapped: a5 36 3d 60 3b f5 5b 1f 6b 59 0c 6c b3 2d e7 05 | unwrapped: a3 df cd ef d4 fd d2 32 58 f4 10 7f 27 30 74 c7 | unwrapped: 18 52 1b e1 2b 37 07 97 e5 f8 08 84 aa 52 06 d5 | unwrapped: 09 59 11 4a c2 0f 26 e5 55 a5 da 62 5b bc 99 84 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efebc8a9520 | result: final-key@0x557c468ef410 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x557c468ef410 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebc8a9508 | result: final-key@0x7efe9c006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x557c468ef410 | prf+N PRF sha final-key@0x7efe9c006450 (size 20) | prf+N: key-key@0x7efe9c006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7efe9c00bdb0 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7efebc8a9598 | result: result-key@0x557c468ef410 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7efe9c00bdb0 | prfplus: release old_t[N]-key@0x7efeac0069f0 | prf+N PRF sha init key-key@0x557c468d7990 (size 20) | prf+N: key-key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebc8a9518 | result: clone-key@0x7efeac0069f0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7efeb0003aa0 from key-key@0x7efeac0069f0 | prf+N prf: begin sha with context 0x7efeb0003aa0 from key-key@0x7efeac0069f0 | prf+N: release clone-key@0x7efeac0069f0 | prf+N PRF sha crypt-prf@0x7efeb0002a80 | prf+N PRF sha update old_t-key@0x7efe9c006450 (size 20) | prf+N: old_t-key@0x7efe9c006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7efe9c006450 | nss hmac digest hack: symkey-key@0x7efe9c006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1131769504: ffffff8c 51 ffffffd9 ffffff88 3c 00 ffffffee ffffffd2 fffffff7 fffffff2 7c ffffffb5 ffffff9d ffffffee 33 0b ffffffca ffffffbd ffffffce 70 62 fffffff7 fffffff1 fffffff7 ffffffb7 ffffff89 4d ffffff8c 55 ffffffe7 2c 4c | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x7efeb00089c0 | unwrapped: 0c 47 74 a2 1a 93 13 7d 48 9b 2b 48 5f ee 80 6c | unwrapped: fb 64 98 5d 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x557c468ef2a0 (size 80) | prf+N: seed-key@0x557c468ef2a0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x557c468ef2a0 | nss hmac digest hack: symkey-key@0x557c468ef2a0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1131769504: fffffff3 01 ffffffcb fffffffd 65 ffffffe1 ffffffa4 33 4e ffffffd4 7a 4d 18 51 ffffffd8 61 ffffffb1 ffffffab 61 ffffff98 ffffff98 ffffff94 6e 4c ffffffde ffffffa2 ffffff86 62 ffffff86 ffffffe2 08 ffffffa7 36 ffffffde ffffffd0 05 ffffff87 ffffffb0 ffffffbc 11 77 fffffffe 58 58 ffffffa3 68 0e 65 ffffffbf 72 ffffff8e ffffff84 ffffff8f 78 7e 20 ffffffe6 55 32 2f 04 4c 0b ffffffe3 ffffffd2 19 ffffffd3 6d 42 ffffffd0 ffffff9d ffffffe2 50 0e ffffff8a ffffff9b 1e 1b ffffff9d 18 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 80 bytes at 0x7efeb0008a20 | unwrapped: 9f ce 7b 23 47 90 3a ec 2d fd 17 be cc 64 c0 40 | unwrapped: a5 36 3d 60 3b f5 5b 1f 6b 59 0c 6c b3 2d e7 05 | unwrapped: a3 df cd ef d4 fd d2 32 58 f4 10 7f 27 30 74 c7 | unwrapped: 18 52 1b e1 2b 37 07 97 e5 f8 08 84 aa 52 06 d5 | unwrapped: 09 59 11 4a c2 0f 26 e5 55 a5 da 62 5b bc 99 84 | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efebc8a9520 | result: final-key@0x7efe9c00bdb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efe9c00bdb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebc8a9508 | result: final-key@0x7efeac0069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efe9c00bdb0 | prf+N PRF sha final-key@0x7efeac0069f0 (size 20) | prf+N: key-key@0x7efeac0069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c468ef410 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7efebc8a9598 | result: result-key@0x7efe9c00bdb0 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x557c468ef410 | prfplus: release old_t[N]-key@0x7efe9c006450 | prf+N PRF sha init key-key@0x557c468d7990 (size 20) | prf+N: key-key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebc8a9518 | result: clone-key@0x7efe9c006450 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7efeb00075e0 from key-key@0x7efe9c006450 | prf+N prf: begin sha with context 0x7efeb00075e0 from key-key@0x7efe9c006450 | prf+N: release clone-key@0x7efe9c006450 | prf+N PRF sha crypt-prf@0x7efeb00010c0 | prf+N PRF sha update old_t-key@0x7efeac0069f0 (size 20) | prf+N: old_t-key@0x7efeac0069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7efeac0069f0 | nss hmac digest hack: symkey-key@0x7efeac0069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1131769504: ffffffd1 4f 32 58 ffffffe5 70 67 7f ffffffcb 5a 13 40 ffffff86 ffffffc8 40 0b ffffffd0 07 fffffffa fffffff1 1d ffffffd8 44 1a ffffff85 05 10 57 7f 54 ffffffcb fffffffc | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x7efeb00089f0 | unwrapped: 20 8b 4e 5a 60 3f 9f 16 fd 2f 72 f2 f2 bc 24 5e | unwrapped: 86 e7 1d 62 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x557c468ef2a0 (size 80) | prf+N: seed-key@0x557c468ef2a0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x557c468ef2a0 | nss hmac digest hack: symkey-key@0x557c468ef2a0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1131769504: fffffff3 01 ffffffcb fffffffd 65 ffffffe1 ffffffa4 33 4e ffffffd4 7a 4d 18 51 ffffffd8 61 ffffffb1 ffffffab 61 ffffff98 ffffff98 ffffff94 6e 4c ffffffde ffffffa2 ffffff86 62 ffffff86 ffffffe2 08 ffffffa7 36 ffffffde ffffffd0 05 ffffff87 ffffffb0 ffffffbc 11 77 fffffffe 58 58 ffffffa3 68 0e 65 ffffffbf 72 ffffff8e ffffff84 ffffff8f 78 7e 20 ffffffe6 55 32 2f 04 4c 0b ffffffe3 ffffffd2 19 ffffffd3 6d 42 ffffffd0 ffffff9d ffffffe2 50 0e ffffff8a ffffff9b 1e 1b ffffff9d 18 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 80 bytes at 0x7efeb0007cf0 | unwrapped: 9f ce 7b 23 47 90 3a ec 2d fd 17 be cc 64 c0 40 | unwrapped: a5 36 3d 60 3b f5 5b 1f 6b 59 0c 6c b3 2d e7 05 | unwrapped: a3 df cd ef d4 fd d2 32 58 f4 10 7f 27 30 74 c7 | unwrapped: 18 52 1b e1 2b 37 07 97 e5 f8 08 84 aa 52 06 d5 | unwrapped: 09 59 11 4a c2 0f 26 e5 55 a5 da 62 5b bc 99 84 | prf+N PRF sha update N++-byte@0x6 (6) | 06 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efebc8a9520 | result: final-key@0x557c468ef410 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x557c468ef410 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebc8a9508 | result: final-key@0x7efe9c006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x557c468ef410 | prf+N PRF sha final-key@0x7efe9c006450 (size 20) | prf+N: key-key@0x7efe9c006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7efe9c00bdb0 (100-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7efebc8a9598 | result: result-key@0x557c468ef410 (120-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7efe9c00bdb0 | prfplus: release old_t[N]-key@0x7efeac0069f0 | prf+N PRF sha init key-key@0x557c468d7990 (size 20) | prf+N: key-key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebc8a9518 | result: clone-key@0x7efeac0069f0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7efeb0003aa0 from key-key@0x7efeac0069f0 | prf+N prf: begin sha with context 0x7efeb0003aa0 from key-key@0x7efeac0069f0 | prf+N: release clone-key@0x7efeac0069f0 | prf+N PRF sha crypt-prf@0x7efeb0002a80 | prf+N PRF sha update old_t-key@0x7efe9c006450 (size 20) | prf+N: old_t-key@0x7efe9c006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7efe9c006450 | nss hmac digest hack: symkey-key@0x7efe9c006450 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1131769504: 03 ffffffb3 ffffffe3 ffffffd2 15 ffffff8e ffffffa2 fffffff5 2a 6f ffffffcc 00 7f 38 65 06 2b fffffffa ffffffff ffffffd4 ffffffd1 4e ffffffd1 ffffffd1 ffffffd1 56 ffffffe4 ffffffea ffffff95 4a 1c 7e | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x7efeb00089c0 | unwrapped: 81 c2 fd 50 01 f4 60 0c d6 9b c6 72 c2 e8 98 af | unwrapped: 4f 54 23 ad 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x557c468ef2a0 (size 80) | prf+N: seed-key@0x557c468ef2a0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x557c468ef2a0 | nss hmac digest hack: symkey-key@0x557c468ef2a0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1131769504: fffffff3 01 ffffffcb fffffffd 65 ffffffe1 ffffffa4 33 4e ffffffd4 7a 4d 18 51 ffffffd8 61 ffffffb1 ffffffab 61 ffffff98 ffffff98 ffffff94 6e 4c ffffffde ffffffa2 ffffff86 62 ffffff86 ffffffe2 08 ffffffa7 36 ffffffde ffffffd0 05 ffffff87 ffffffb0 ffffffbc 11 77 fffffffe 58 58 ffffffa3 68 0e 65 ffffffbf 72 ffffff8e ffffff84 ffffff8f 78 7e 20 ffffffe6 55 32 2f 04 4c 0b ffffffe3 ffffffd2 19 ffffffd3 6d 42 ffffffd0 ffffff9d ffffffe2 50 0e ffffff8a ffffff9b 1e 1b ffffff9d 18 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 80 bytes at 0x7efeb0008a20 | unwrapped: 9f ce 7b 23 47 90 3a ec 2d fd 17 be cc 64 c0 40 | unwrapped: a5 36 3d 60 3b f5 5b 1f 6b 59 0c 6c b3 2d e7 05 | unwrapped: a3 df cd ef d4 fd d2 32 58 f4 10 7f 27 30 74 c7 | unwrapped: 18 52 1b e1 2b 37 07 97 e5 f8 08 84 aa 52 06 d5 | unwrapped: 09 59 11 4a c2 0f 26 e5 55 a5 da 62 5b bc 99 84 | prf+N PRF sha update N++-byte@0x7 (7) | 07 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efebc8a9520 | result: final-key@0x7efe9c00bdb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efe9c00bdb0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebc8a9508 | result: final-key@0x7efeac0069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efe9c00bdb0 | prf+N PRF sha final-key@0x7efeac0069f0 (size 20) | prf+N: key-key@0x7efeac0069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c468ef410 (120-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7efebc8a9598 | result: result-key@0x7efe9c00bdb0 (140-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x557c468ef410 | prfplus: release old_t[N]-key@0x7efe9c006450 | prfplus: release old_t[final]-key@0x7efeac0069f0 | ike_sa_keymat: release data-key@0x557c468ef2a0 | calc_skeyseed_v2: release skeyseed_k-key@0x557c468d7990 | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efe9c00bdb0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebc8a9738 | result: result-key@0x557c468d7990 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 20, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efe9c00bdb0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebc8a9738 | result: result-key@0x557c468ef2a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 40, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efe9c00bdb0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebc8a9738 | result: result-key@0x7efeac0069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 60, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x7efe9c00bdb0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebc8a9748 | result: SK_ei_k-key@0x7efe9c006450 (16-bytes, AES_CBC) | initiator salt NULL key has no bytes | calc_skeyseed_v2: release initiator-salt-key-key@NULL | key-offset: 76, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x7efe9c00bdb0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebc8a9748 | result: SK_er_k-key@0x557c468ef410 (16-bytes, AES_CBC) | responder salt NULL key has no bytes | calc_skeyseed_v2: release responder-salt-key-key@NULL | key-offset: 92, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efe9c00bdb0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebc8a9748 | result: result-key@0x7efe9c00eee0 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 20 bytes of key@0x7efe9c00eee0 | chunk_SK_pi: symkey-key@0x7efe9c00eee0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1647321187: 08 ffffff84 ffffff8c 1e 61 ffffff9b 1f ffffffc4 23 ffffffc3 75 ffffffa7 ffffffa1 7c fffffffa ffffffe0 ffffff8c ffffffd0 61 75 ffffffce fffffffa ffffffa3 ffffffe1 fffffffe 0c 36 0d 33 ffffffcb 6e 6e | chunk_SK_pi: release slot-key-key@0x557c468d1160 | chunk_SK_pi extracted len 32 bytes at 0x7efeb0007fb0 | unwrapped: f2 bc 24 5e 86 e7 1d 62 81 c2 fd 50 01 f4 60 0c | unwrapped: d6 9b c6 72 00 00 00 00 00 00 00 00 00 00 00 00 | key-offset: 112, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efe9c00bdb0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efebc8a9748 | result: result-key@0x7efe9c009e40 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 20 bytes of key@0x7efe9c009e40 | chunk_SK_pr: symkey-key@0x7efe9c009e40 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1647321187: ffffffa1 42 ffffffcc ffffff99 fffffff0 ffffffe7 10 fffffff0 ffffffa3 ffffffb0 ffffffdd 4b ffffffe3 ffffffb5 09 76 0a 2e 63 60 ffffff8d 70 3e 18 0f 21 fffffffe ffffffcf 67 2f ffffffa9 fffffff2 | chunk_SK_pr: release slot-key-key@0x557c468d1160 | chunk_SK_pr extracted len 32 bytes at 0x7efeb0008b80 | unwrapped: c2 e8 98 af 4f 54 23 ad a5 59 76 16 28 4f 0e a6 | unwrapped: 27 db 6a 1a 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x7efe9c00bdb0 | calc_skeyseed_v2 pointers: shared-key@0x7efeac00eec0, SK_d-key@0x557c468d7990, SK_ai-key@0x557c468ef2a0, SK_ar-key@0x7efeac0069f0, SK_ei-key@0x7efe9c006450, SK_er-key@0x557c468ef410, SK_pi-key@0x7efe9c00eee0, SK_pr-key@0x7efe9c009e40 | calc_skeyseed_v2 initiator salt | | calc_skeyseed_v2 responder salt | | calc_skeyseed_v2 SK_pi | f2 bc 24 5e 86 e7 1d 62 81 c2 fd 50 01 f4 60 0c | d6 9b c6 72 | calc_skeyseed_v2 SK_pr | c2 e8 98 af 4f 54 23 ad a5 59 76 16 28 4f 0e a6 | 27 db 6a 1a | crypto helper 0 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 10 time elapsed 0.003194 seconds | (#13) spent 3.06 milliseconds in crypto helper computing work-order 10: ikev2_inI2outR2 KE (pcr) | crypto helper 0 sending results from work-order 10 for state #13 to event queue | scheduling resume sending helper answer for #13 | libevent_malloc: new ptr-libevent@0x7efeb0008da0 size 128 | crypto helper 0 waiting (nothing to do) | processing resume sending helper answer for #13 | start processing: state #13 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 0 replies to request ID 10 | calling continuation function 0x557c447f4630 | ikev2_parent_inI2outR2_continue for #13: calculating g^{xy}, sending R2 | DH secret MODP2048@0x7efeac002010: transferring ownership from helper IKEv2 DH to state #13 | finish_dh_v2: release st_shared_nss-key@NULL | #13 in state PARENT_R1: received v2I1, sent v2R1 | hmac PRF sha init symkey-key@0x557c468ef2a0 (size 20) | hmac: symkey-key@0x557c468ef2a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x557c468ef2a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f58c28 | result: clone-key@0x7efe9c00bdb0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x557c468d06c0 from symkey-key@0x7efe9c00bdb0 | hmac prf: begin sha with context 0x557c468d06c0 from symkey-key@0x7efe9c00bdb0 | hmac: release clone-key@0x7efe9c00bdb0 | hmac PRF sha crypt-prf@0x557c468ed880 | hmac PRF sha update data-bytes@0x557c468f4380 (length 192) | 09 59 11 4a c2 0f 26 e5 55 a5 da 62 5b bc 99 84 | 2e 20 23 08 00 00 00 01 00 00 00 cc 23 00 00 b0 | 80 40 52 57 7f dc 3f 9d be db 4f 13 05 52 af 25 | 28 41 11 7c 45 68 2a 0e 67 85 3c f5 44 ff 28 40 | 8f d4 e3 b8 38 65 a4 dd 7a 7d 17 8b 58 54 84 e2 | 46 dc 6b 81 11 a3 8e d4 97 d5 fe b9 2b a2 68 b9 | d2 41 c8 3c 71 ae 7f 4e 37 2b 15 0d fa 81 15 f1 | bb 10 0e e7 fb 3a 7b 3e ef 0a 0a 95 23 62 08 12 | be f4 7e 98 c0 58 64 5c 59 7d 88 98 b9 41 bc b4 | 63 fc af 1e 57 bd 7a fc 61 53 b5 c2 e6 2d 48 a2 | 47 82 b9 ff 18 c7 d9 aa 50 b1 5b c3 e6 5e e3 57 | 6b ac 0f 35 a9 89 30 0d 05 41 58 50 68 2f 69 aa | hmac PRF sha final-bytes@0x7fff72f58df0 (length 20) | 40 10 32 4b 48 4e 07 44 57 4d ef 30 fc 7e b3 e8 | 31 6d 84 4e | data for hmac: 09 59 11 4a c2 0f 26 e5 55 a5 da 62 5b bc 99 84 | data for hmac: 2e 20 23 08 00 00 00 01 00 00 00 cc 23 00 00 b0 | data for hmac: 80 40 52 57 7f dc 3f 9d be db 4f 13 05 52 af 25 | data for hmac: 28 41 11 7c 45 68 2a 0e 67 85 3c f5 44 ff 28 40 | data for hmac: 8f d4 e3 b8 38 65 a4 dd 7a 7d 17 8b 58 54 84 e2 | data for hmac: 46 dc 6b 81 11 a3 8e d4 97 d5 fe b9 2b a2 68 b9 | data for hmac: d2 41 c8 3c 71 ae 7f 4e 37 2b 15 0d fa 81 15 f1 | data for hmac: bb 10 0e e7 fb 3a 7b 3e ef 0a 0a 95 23 62 08 12 | data for hmac: be f4 7e 98 c0 58 64 5c 59 7d 88 98 b9 41 bc b4 | data for hmac: 63 fc af 1e 57 bd 7a fc 61 53 b5 c2 e6 2d 48 a2 | data for hmac: 47 82 b9 ff 18 c7 d9 aa 50 b1 5b c3 e6 5e e3 57 | data for hmac: 6b ac 0f 35 a9 89 30 0d 05 41 58 50 68 2f 69 aa | calculated auth: 40 10 32 4b 48 4e 07 44 57 4d ef 30 | provided auth: 40 10 32 4b 48 4e 07 44 57 4d ef 30 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 80 40 52 57 7f dc 3f 9d be db 4f 13 05 52 af 25 | payload before decryption: | 28 41 11 7c 45 68 2a 0e 67 85 3c f5 44 ff 28 40 | 8f d4 e3 b8 38 65 a4 dd 7a 7d 17 8b 58 54 84 e2 | 46 dc 6b 81 11 a3 8e d4 97 d5 fe b9 2b a2 68 b9 | d2 41 c8 3c 71 ae 7f 4e 37 2b 15 0d fa 81 15 f1 | bb 10 0e e7 fb 3a 7b 3e ef 0a 0a 95 23 62 08 12 | be f4 7e 98 c0 58 64 5c 59 7d 88 98 b9 41 bc b4 | 63 fc af 1e 57 bd 7a fc 61 53 b5 c2 e6 2d 48 a2 | 47 82 b9 ff 18 c7 d9 aa 50 b1 5b c3 e6 5e e3 57 | 6b ac 0f 35 a9 89 30 0d 05 41 58 50 68 2f 69 aa | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c | 02 00 00 00 65 61 73 74 21 00 00 1c 02 00 00 00 | f4 1c 08 0d ee 3d 06 ca 0f e4 d2 db fc 94 13 93 | 9f 95 ca 03 2c 00 00 28 00 00 00 24 01 03 04 03 | 5c 88 08 37 03 00 00 08 01 00 00 0c 03 00 00 08 | 03 00 00 02 00 00 00 08 05 00 00 00 2d 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 01 00 | c0 00 01 ff 00 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 02 00 c0 00 02 ff 00 01 02 03 | stripping 4 octets as pad | #13 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) | **parse IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2IDr (0x24) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDi (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) | **parse IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDr (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) | **parse IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | length: 28 (0x1c) | auth method: IKEv2_AUTH_SHARED (0x2) | processing payload: ISAKMP_NEXT_v2AUTH (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | **parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) | flags: none (0x0) | length: 40 (0x28) | processing payload: ISAKMP_NEXT_v2SA (len=36) | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) | **parse IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSi (len=16) | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) | **parse IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSr (len=16) | selected state microcode Responder: process IKE_AUTH request | Now let's proceed with state specific processing | calling processor Responder: process IKE_AUTH request "east" #13: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr} | #13 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) | received IDr payload - extracting our alleged ID | refine_host_connection for IKEv2: starting with "east" | match_id a=@west | b=@west | results matched | refine_host_connection: checking "east" against "east", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0)) | Warning: not switching back to template of current instance | Peer expects us to be @east (ID_FQDN) according to its IDr payload | This connection's local id is @east (ID_FQDN) | refine_host_connection: checked east against east, now for see if best | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x557c468dd5e0 (line=1) | concluding with best_match=014 best=0x557c468dd5e0 (lineno=1) | returning because exact peer id match | offered CA: '%none' "east" #13: IKEv2 mode peer ID is ID_FQDN: '@west' | hmac PRF sha init symkey-key@0x7efe9c00eee0 (size 20) | hmac: symkey-key@0x7efe9c00eee0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efe9c00eee0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f58698 | result: clone-key@0x7efe9c00bdb0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x557c468d06c0 from symkey-key@0x7efe9c00bdb0 | hmac prf: begin sha with context 0x557c468d06c0 from symkey-key@0x7efe9c00bdb0 | hmac: release clone-key@0x7efe9c00bdb0 | hmac PRF sha crypt-prf@0x557c468f28a0 | idhash verify I2 02 00 00 00 77 65 73 74 | hmac PRF sha update data-bytes@0x557c468f43b4 (length 8) | 02 00 00 00 77 65 73 74 | hmac PRF sha final-bytes@0x7fff72f58850 (length 20) | 34 47 c2 95 85 86 a8 ef b7 ef a5 32 b4 af a9 61 | 71 5c d9 5c | verifying AUTH payload | ikev2_calculate_psk_sighash() called from STATE_PARENT_R1 to verify PSK with authby=secret | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x557c468dd5e0 (line=1) | concluding with best_match=014 best=0x557c468dd5e0 (lineno=1) | inputs to hash1 (first packet) | 09 59 11 4a c2 0f 26 e5 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 5a 3e 0a b1 d0 2b 79 58 5e d4 e2 0a | 1c cd 00 5f 7c 7d 86 5c 26 9b 91 73 01 1d 3e f4 | b8 76 06 81 62 d4 60 57 a2 26 9c 9c 35 47 c9 e8 | 34 97 36 16 a9 40 cc fc 6b f4 f1 23 d9 78 72 7d | c1 f6 8e c2 e6 72 03 2e 5d 49 b6 c7 b5 5a ac 07 | 4b 5e 8c e6 c8 52 a9 b5 19 44 30 29 66 ec 7b ed | 07 e2 ae 8c 2c ad a0 95 a2 31 0f b1 e4 d2 d8 f7 | 19 a3 89 eb 18 4b b2 4a 4a 1b b8 f0 b1 0c 51 70 | b1 8b cb 4a 0e 93 c9 37 b0 3f 57 15 fa 30 61 07 | b4 f9 eb 91 a0 ef e8 7a cd 67 38 1b db 2f 46 15 | ed 76 0b 8b d3 b2 bd bd e9 2a 7b c0 97 74 4e 4f | d4 63 a5 42 ef 22 a6 af e6 4f 00 fc f2 62 dc d8 | e3 e5 71 89 65 95 3c f0 f2 f9 8e cf ff a9 14 3c | 97 e7 c8 d7 d3 34 85 e4 65 fc 1d 1f 6a 84 1a d3 | 26 06 06 5b 7a 5e 66 55 a4 bf 03 e3 bf dc 05 9a | 30 1c b5 d6 85 2e ed 38 be 0f 01 f9 fc 61 2f bc | 3d 69 a0 03 29 00 00 24 9f ce 7b 23 47 90 3a ec | 2d fd 17 be cc 64 c0 40 a5 36 3d 60 3b f5 5b 1f | 6b 59 0c 6c b3 2d e7 05 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 50 19 d0 f3 ce 05 64 3e | e7 65 ff 3b 43 93 56 05 97 c8 e9 d9 00 00 00 1c | 00 00 40 05 e2 ba bb c9 ec 25 fb f0 38 fc 5d 9d | 25 64 6d bf 91 9c 64 d3 | verify: initiator inputs to hash2 (responder nonce) | a3 df cd ef d4 fd d2 32 58 f4 10 7f 27 30 74 c7 | 18 52 1b e1 2b 37 07 97 e5 f8 08 84 aa 52 06 d5 | idhash 34 47 c2 95 85 86 a8 ef b7 ef a5 32 b4 af a9 61 | idhash 71 5c d9 5c | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x557c468e7dc0 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f584a0 | result: shared secret-key@0x7efea8006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x7efea8006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f58488 | result: shared secret-key@0x7efe9c00bdb0 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x7efea8006900 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x557c468d06c0 from shared secret-key@0x7efe9c00bdb0 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x557c468d06c0 from shared secret-key@0x7efe9c00bdb0 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7efe9c00bdb0 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x557c468ed880 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x557c44887bb0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f584c0 | result: final-key@0x7efea8006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efea8006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f584a8 | result: final-key@0x7efe9c00bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efea8006900 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7efe9c00bdb0 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7efe9c00bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7efe9c00bdb0 (size 20) | = prf(, ): -key@0x7efe9c00bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efe9c00bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f584b8 | result: clone-key@0x7efea8006900 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x557c468d06c0 from -key@0x7efea8006900 | = prf(, ) prf: begin sha with context 0x557c468d06c0 from -key@0x7efea8006900 | = prf(, ): release clone-key@0x7efea8006900 | = prf(, ) PRF sha crypt-prf@0x557c468f2830 | = prf(, ) PRF sha update first-packet-bytes@0x557c468f5ad0 (length 440) | 09 59 11 4a c2 0f 26 e5 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 5a 3e 0a b1 d0 2b 79 58 5e d4 e2 0a | 1c cd 00 5f 7c 7d 86 5c 26 9b 91 73 01 1d 3e f4 | b8 76 06 81 62 d4 60 57 a2 26 9c 9c 35 47 c9 e8 | 34 97 36 16 a9 40 cc fc 6b f4 f1 23 d9 78 72 7d | c1 f6 8e c2 e6 72 03 2e 5d 49 b6 c7 b5 5a ac 07 | 4b 5e 8c e6 c8 52 a9 b5 19 44 30 29 66 ec 7b ed | 07 e2 ae 8c 2c ad a0 95 a2 31 0f b1 e4 d2 d8 f7 | 19 a3 89 eb 18 4b b2 4a 4a 1b b8 f0 b1 0c 51 70 | b1 8b cb 4a 0e 93 c9 37 b0 3f 57 15 fa 30 61 07 | b4 f9 eb 91 a0 ef e8 7a cd 67 38 1b db 2f 46 15 | ed 76 0b 8b d3 b2 bd bd e9 2a 7b c0 97 74 4e 4f | d4 63 a5 42 ef 22 a6 af e6 4f 00 fc f2 62 dc d8 | e3 e5 71 89 65 95 3c f0 f2 f9 8e cf ff a9 14 3c | 97 e7 c8 d7 d3 34 85 e4 65 fc 1d 1f 6a 84 1a d3 | 26 06 06 5b 7a 5e 66 55 a4 bf 03 e3 bf dc 05 9a | 30 1c b5 d6 85 2e ed 38 be 0f 01 f9 fc 61 2f bc | 3d 69 a0 03 29 00 00 24 9f ce 7b 23 47 90 3a ec | 2d fd 17 be cc 64 c0 40 a5 36 3d 60 3b f5 5b 1f | 6b 59 0c 6c b3 2d e7 05 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 50 19 d0 f3 ce 05 64 3e | e7 65 ff 3b 43 93 56 05 97 c8 e9 d9 00 00 00 1c | 00 00 40 05 e2 ba bb c9 ec 25 fb f0 38 fc 5d 9d | 25 64 6d bf 91 9c 64 d3 | = prf(, ) PRF sha update nonce-bytes@0x7efeac00a380 (length 32) | a3 df cd ef d4 fd d2 32 58 f4 10 7f 27 30 74 c7 | 18 52 1b e1 2b 37 07 97 e5 f8 08 84 aa 52 06 d5 | = prf(, ) PRF sha update hash-bytes@0x7fff72f58850 (length 20) | 34 47 c2 95 85 86 a8 ef b7 ef a5 32 b4 af a9 61 | 71 5c d9 5c | = prf(, ) PRF sha final-chunk@0x557c468f28a0 (length 20) | f4 1c 08 0d ee 3d 06 ca 0f e4 d2 db fc 94 13 93 | 9f 95 ca 03 | psk_auth: release prf-psk-key@0x7efe9c00bdb0 | Received PSK auth octets | f4 1c 08 0d ee 3d 06 ca 0f e4 d2 db fc 94 13 93 | 9f 95 ca 03 | Calculated PSK auth octets | f4 1c 08 0d ee 3d 06 ca 0f e4 d2 db fc 94 13 93 | 9f 95 ca 03 "east" #13: Authenticated using authby=secret | parent state #13: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA) | #13 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) | state #13 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7efea40060f0 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x557c468eabb0 | event_schedule: new EVENT_SA_REKEY-pe@0x557c468eabb0 | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #13 | libevent_malloc: new ptr-libevent@0x7efea40060f0 size 128 | pstats #13 ikev2.ike established | **emit ISAKMP Message: | initiator cookie: | 09 59 11 4a c2 0f 26 e5 | responder cookie: | 55 a5 da 62 5b bc 99 84 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | hmac PRF sha init symkey-key@0x7efe9c009e40 (size 20) | hmac: symkey-key@0x7efe9c009e40 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efe9c009e40 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f58008 | result: clone-key@0x7efe9c00bdb0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x557c468d06c0 from symkey-key@0x7efe9c00bdb0 | hmac prf: begin sha with context 0x557c468d06c0 from symkey-key@0x7efe9c00bdb0 | hmac: release clone-key@0x7efe9c00bdb0 | hmac PRF sha crypt-prf@0x557c468f0e90 | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload | my identity 65 61 73 74 | emitting length of IKEv2 Identification - Responder - Payload: 12 | idhash calc R2 02 00 00 00 65 61 73 74 | hmac PRF sha update data-bytes@0x557c448f3974 (length 8) | 02 00 00 00 65 61 73 74 | hmac PRF sha final-bytes@0x7fff72f58310 (length 20) | 22 cf f0 fe 1e 2d 41 13 15 a4 9c b0 38 e0 04 6a | 9d b9 b2 33 | assembled IDr payload | CHILD SA proposals received | going to assemble AUTH payload | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | auth method: IKEv2_AUTH_SHARED (0x2) | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_R2 to create PSK with authby=secret | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x557c468dd5e0 (line=1) | concluding with best_match=014 best=0x557c468dd5e0 (lineno=1) | inputs to hash1 (first packet) | 09 59 11 4a c2 0f 26 e5 55 a5 da 62 5b bc 99 84 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 0e 3e e6 66 aa 41 9c 64 27 32 89 19 | e9 6d ef af 85 89 f5 31 fc ff 09 25 04 0b 8e 27 | ac 6c 30 1f e5 06 fe c5 1c f2 e6 63 28 99 dc f1 | 9d 13 f5 be 51 9c a6 67 49 da 3b bd 96 ab f0 4d | 23 b9 a4 f6 69 a3 a8 e0 cb 09 28 2f 82 e8 f4 20 | 8c cc e1 ae e8 a0 e1 7b 8e 09 e8 83 81 c6 4c d0 | 0b 7d 6e 5e 5b 39 f1 a1 48 7b 10 ee d7 8d 84 5d | 7b 72 ae 48 e4 5e fa b1 c2 a6 87 b2 55 1e 30 6b | 80 a8 af 0b 62 12 a3 6a 26 21 1d c2 39 8a bd 0b | 0a 50 44 e2 5c 72 1a 46 5e b4 f9 f5 a9 90 82 02 | e3 15 d8 7c 79 20 a1 f8 d7 a9 df e1 4b 56 03 a0 | a1 0a df be 3a 86 63 ee 32 6e da ed b4 cd 5d b2 | 89 86 01 56 e4 4c 60 6f b2 a2 61 eb a2 c4 56 df | a5 26 97 e7 bc e6 bb 4d 4b 22 07 df d4 b9 6b 67 | 17 76 fc a0 c7 ce b9 2a 1f 92 ca 99 fb 2d 83 47 | e5 66 64 6e 22 6c 0b a0 39 c4 e1 da cb 94 b7 4b | 6b 4e 1f 18 29 00 00 24 a3 df cd ef d4 fd d2 32 | 58 f4 10 7f 27 30 74 c7 18 52 1b e1 2b 37 07 97 | e5 f8 08 84 aa 52 06 d5 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 24 52 91 e4 ad 50 db 15 | 6f fa 61 92 fd 34 e1 d3 3b 92 7f b7 00 00 00 1c | 00 00 40 05 b9 b1 fd 3a 02 72 df c3 42 bd 46 0d | 52 9b 48 75 7c ec f0 17 | create: responder inputs to hash2 (initiator nonce) | 9f ce 7b 23 47 90 3a ec 2d fd 17 be cc 64 c0 40 | a5 36 3d 60 3b f5 5b 1f 6b 59 0c 6c b3 2d e7 05 | idhash 22 cf f0 fe 1e 2d 41 13 15 a4 9c b0 38 e0 04 6a | idhash 9d b9 b2 33 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x557c468e7dc0 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f57e00 | result: shared secret-key@0x7efea8006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x7efea8006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57de8 | result: shared secret-key@0x7efe9c00bdb0 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x7efea8006900 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x557c468d06c0 from shared secret-key@0x7efe9c00bdb0 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x557c468d06c0 from shared secret-key@0x7efe9c00bdb0 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7efe9c00bdb0 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x557c468f28a0 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x557c44887bb0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f57e20 | result: final-key@0x7efea8006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efea8006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57e08 | result: final-key@0x7efe9c00bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efea8006900 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7efe9c00bdb0 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7efe9c00bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7efe9c00bdb0 (size 20) | = prf(, ): -key@0x7efe9c00bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efe9c00bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57e18 | result: clone-key@0x7efea8006900 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x557c468d06c0 from -key@0x7efea8006900 | = prf(, ) prf: begin sha with context 0x557c468d06c0 from -key@0x7efea8006900 | = prf(, ): release clone-key@0x7efea8006900 | = prf(, ) PRF sha crypt-prf@0x557c468ed880 | = prf(, ) PRF sha update first-packet-bytes@0x557c468f5c90 (length 440) | 09 59 11 4a c2 0f 26 e5 55 a5 da 62 5b bc 99 84 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 0e 3e e6 66 aa 41 9c 64 27 32 89 19 | e9 6d ef af 85 89 f5 31 fc ff 09 25 04 0b 8e 27 | ac 6c 30 1f e5 06 fe c5 1c f2 e6 63 28 99 dc f1 | 9d 13 f5 be 51 9c a6 67 49 da 3b bd 96 ab f0 4d | 23 b9 a4 f6 69 a3 a8 e0 cb 09 28 2f 82 e8 f4 20 | 8c cc e1 ae e8 a0 e1 7b 8e 09 e8 83 81 c6 4c d0 | 0b 7d 6e 5e 5b 39 f1 a1 48 7b 10 ee d7 8d 84 5d | 7b 72 ae 48 e4 5e fa b1 c2 a6 87 b2 55 1e 30 6b | 80 a8 af 0b 62 12 a3 6a 26 21 1d c2 39 8a bd 0b | 0a 50 44 e2 5c 72 1a 46 5e b4 f9 f5 a9 90 82 02 | e3 15 d8 7c 79 20 a1 f8 d7 a9 df e1 4b 56 03 a0 | a1 0a df be 3a 86 63 ee 32 6e da ed b4 cd 5d b2 | 89 86 01 56 e4 4c 60 6f b2 a2 61 eb a2 c4 56 df | a5 26 97 e7 bc e6 bb 4d 4b 22 07 df d4 b9 6b 67 | 17 76 fc a0 c7 ce b9 2a 1f 92 ca 99 fb 2d 83 47 | e5 66 64 6e 22 6c 0b a0 39 c4 e1 da cb 94 b7 4b | 6b 4e 1f 18 29 00 00 24 a3 df cd ef d4 fd d2 32 | 58 f4 10 7f 27 30 74 c7 18 52 1b e1 2b 37 07 97 | e5 f8 08 84 aa 52 06 d5 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 24 52 91 e4 ad 50 db 15 | 6f fa 61 92 fd 34 e1 d3 3b 92 7f b7 00 00 00 1c | 00 00 40 05 b9 b1 fd 3a 02 72 df c3 42 bd 46 0d | 52 9b 48 75 7c ec f0 17 | = prf(, ) PRF sha update nonce-bytes@0x7efea4005f00 (length 32) | 9f ce 7b 23 47 90 3a ec 2d fd 17 be cc 64 c0 40 | a5 36 3d 60 3b f5 5b 1f 6b 59 0c 6c b3 2d e7 05 | = prf(, ) PRF sha update hash-bytes@0x7fff72f58310 (length 20) | 22 cf f0 fe 1e 2d 41 13 15 a4 9c b0 38 e0 04 6a | 9d b9 b2 33 | = prf(, ) PRF sha final-chunk@0x557c468f0e90 (length 20) | bf e2 a9 f1 bf d8 1a 1b 9d 8b 81 1c 41 1a f7 5a | 6c 16 8d 97 | psk_auth: release prf-psk-key@0x7efe9c00bdb0 | PSK auth octets bf e2 a9 f1 bf d8 1a 1b 9d 8b 81 1c 41 1a f7 5a | PSK auth octets 6c 16 8d 97 | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth bf e2 a9 f1 bf d8 1a 1b 9d 8b 81 1c 41 1a f7 5a | PSK auth 6c 16 8d 97 | emitting length of IKEv2 Authentication Payload: 28 | creating state object #14 at 0x557c468fb1d0 | State DB: adding IKEv2 state #14 in UNDEFINED | pstats #14 ikev2.child started | duplicating state object #13 "east" as #14 for IPSEC SA | #14 setting local endpoint to 192.1.2.23:500 from #13.st_localport (in duplicate_state() at state.c:1481) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x557c468d7990 | duplicate_state: reference st_skey_ai_nss-key@0x557c468ef2a0 | duplicate_state: reference st_skey_ar_nss-key@0x7efeac0069f0 | duplicate_state: reference st_skey_ei_nss-key@0x7efe9c006450 | duplicate_state: reference st_skey_er_nss-key@0x557c468ef410 | duplicate_state: reference st_skey_pi_nss-key@0x7efe9c00eee0 | duplicate_state: reference st_skey_pr_nss-key@0x7efe9c009e40 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #13.#14; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #13 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1 | Message ID: switch-to #13.#14 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1 | Child SA TS Request has ike->sa == md->st; so using parent connection | TSi: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 01 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 01 ff | TSi: parsed 1 traffic selectors | TSr: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 02 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 02 ff | TSr: parsed 1 traffic selectors | looking for best SPD in current connection | evaluating our conn="east" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | found better spd route for TSi[0],TSr[0] | looking for better host pair | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | checking hostpair 192.0.2.0/24:0 -> 192.0.1.0/24:0 is found | investigating connection "east" as a better match | match_id a=@west | b=@west | results matched | evaluating our conn="east" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | did not find a better connection using host pair | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV4_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.2.0-192.0.2.255 | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV4_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.1.0-192.0.1.255 | using existing local ESP/AH proposals for east (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED 2:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 0 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 1 transforms | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 0 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 1 transforms | local proposal 2 transforms: required: ENCR+INTEG+ESN; optional: DH | ***parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 36 (0x24) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI | remote SPI 5c 88 08 37 | Comparing remote proposal 1 containing 3 transforms against local proposal [1..2] of 2 local proposals | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: INTEG+ESN; unmatched: ENCR | remote proposal 1 does not match; unmatched remote transforms: ENCR "east" #13: no local proposal matches remote proposals 1:ESP:ENCR=AES_CBC;INTEG=HMAC_SHA1_96;ESN=DISABLED "east" #13: IKE_AUTH responder matching remote ESP/AH proposals failed, responder SA processing returned STF_FAIL+v2N_NO_PROPOSAL_CHOSEN | ikev2_child_sa_respond returned STF_FAIL+v2N_NO_PROPOSAL_CHOSEN | ikev2_parent_inI2outR2_continue_tail returned STF_FAIL+v2N_NO_PROPOSAL_CHOSEN | #13 spent 1.33 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet() | suspend processing: state #13 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | start processing: state #14 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #14 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_FAIL+v2N_NO_PROPOSAL_CHOSEN | sending a notification reply "east" #14: responding to IKE_AUTH message (ID 1) from 192.1.2.45:500 with encrypted notification NO_PROPOSAL_CHOSEN | Opening output PBS encrypted notification | **emit ISAKMP Message: | initiator cookie: | 09 59 11 4a c2 0f 26 e5 | responder cookie: | 55 a5 da 62 5b bc 99 84 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'encrypted notification' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | Adding a v2N Payload | ****emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'encrypted notification' | emitting length of IKEv2 Notify Payload: 8 | adding 8 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 0f 9f 13 37 0d 5a 59 53 5e 9e 69 82 d6 a6 b9 61 | data before encryption: | 00 00 00 08 00 00 00 0e 00 01 02 03 04 05 06 07 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 3b 92 6c 75 95 9e 04 65 63 20 50 5e 7b 7a 64 6c | hmac PRF sha init symkey-key@0x7efeac0069f0 (size 20) | hmac: symkey-key@0x7efeac0069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efeac0069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f580d8 | result: clone-key@0x7efe9c00bdb0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x557c468d06c0 from symkey-key@0x7efe9c00bdb0 | hmac prf: begin sha with context 0x557c468d06c0 from symkey-key@0x7efe9c00bdb0 | hmac: release clone-key@0x7efe9c00bdb0 | hmac PRF sha crypt-prf@0x557c468f0f90 | hmac PRF sha update data-bytes@0x7fff72f58510 (length 64) | 09 59 11 4a c2 0f 26 e5 55 a5 da 62 5b bc 99 84 | 2e 20 23 20 00 00 00 01 00 00 00 4c 29 00 00 30 | 0f 9f 13 37 0d 5a 59 53 5e 9e 69 82 d6 a6 b9 61 | 3b 92 6c 75 95 9e 04 65 63 20 50 5e 7b 7a 64 6c | hmac PRF sha final-bytes@0x7fff72f58550 (length 20) | 9e ea 68 4c 70 a3 78 3a 10 ac a5 3b 18 7f b0 c3 | 6e 13 fb 02 | data being hmac: 09 59 11 4a c2 0f 26 e5 55 a5 da 62 5b bc 99 84 | data being hmac: 2e 20 23 20 00 00 00 01 00 00 00 4c 29 00 00 30 | data being hmac: 0f 9f 13 37 0d 5a 59 53 5e 9e 69 82 d6 a6 b9 61 | data being hmac: 3b 92 6c 75 95 9e 04 65 63 20 50 5e 7b 7a 64 6c | out calculated auth: | 9e ea 68 4c 70 a3 78 3a 10 ac a5 3b | sending 76 bytes for v2 notify through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #13) | 09 59 11 4a c2 0f 26 e5 55 a5 da 62 5b bc 99 84 | 2e 20 23 20 00 00 00 01 00 00 00 4c 29 00 00 30 | 0f 9f 13 37 0d 5a 59 53 5e 9e 69 82 d6 a6 b9 61 | 3b 92 6c 75 95 9e 04 65 63 20 50 5e 7b 7a 64 6c | 9e ea 68 4c 70 a3 78 3a 10 ac a5 3b | forcing #14 to a discard event | event_schedule: new EVENT_SO_DISCARD-pe@0x557c468f4190 | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #14 | libevent_malloc: new ptr-libevent@0x7efeac011520 size 128 | state transition function for STATE_UNDEFINED failed: v2N_NO_PROPOSAL_CHOSEN | resume sending helper answer for #13 suppresed complete_v2_state_transition() | #13 spent 1.88 milliseconds in resume sending helper answer | stop processing: state #14 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7efeb0008da0 | spent 0.00317 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 43 bb 13 1f 1d c8 71 49 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 00 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 bc 55 6e 96 d1 6b 2b 46 d5 8f 12 4a | 35 7a 1c e0 d3 d8 6b 65 ca c2 7e 54 09 a6 f4 b6 | 60 d2 8f 37 59 3a db 40 a1 12 ed 52 6e 11 81 0c | c3 ea b4 c7 c5 17 39 0d 67 98 6d 3a f2 2f a0 74 | 14 c0 a5 fa 88 67 10 58 13 82 40 50 de 3b 9d 65 | 8c d1 b7 8b 05 e7 ac a1 00 4a e5 c5 24 72 d8 a5 | 32 04 2c 41 69 7f fd b2 e0 3f d8 c0 02 d5 c8 f1 | 8f 19 0c e9 97 f1 3a 04 7a ea a7 73 1a d4 97 7c | b8 f2 90 d3 de e9 37 70 73 ab 8d 2c dc 99 99 98 | 2f 71 a4 49 93 01 06 b4 56 92 58 7e 8d 46 bb 7b | 82 09 0f 52 28 7d c7 55 54 f8 5e 07 c7 d7 b4 c5 | c6 42 e7 b8 0c c9 06 de ea ef 90 94 11 15 6e ef | 85 ab 41 5d b8 e0 51 b2 02 89 4b 5c ca 5a e7 2e | 23 2a 32 d4 ea 75 b6 68 7a 8b 1b a4 aa 13 ce 7b | 11 36 18 06 08 b2 f4 ac 8f b7 f4 ae 9e 07 d8 6c | 05 01 ef 45 ea 93 f5 c2 7c 8e 2c c3 4d 43 8d fd | 5a e4 ee f7 29 00 00 24 81 61 31 62 0f b6 bb 6c | 11 4a 1b 58 42 ef 95 3f 9a 05 62 53 e9 8b 94 17 | 68 aa 50 9b c4 ce 52 b2 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 22 89 88 d8 d2 6b 5f 86 | 6b 80 be 18 05 e7 eb ba 24 75 bd 79 00 00 00 1c | 00 00 40 05 6c 66 ba 27 00 58 20 4e 9e fd 6c 77 | 3f 0d dd 2b bd 74 19 bb | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 43 bb 13 1f 1d c8 71 49 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x557c468e9610 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x557c448e7700 (length 32) | b3 4d 7f 00 5e 96 ec 2b 24 17 98 2c 30 c4 0b 6f | 32 2a a8 67 4e 25 c8 f6 c6 25 a4 e9 5e fb 8a 57 | IKE SPIr hash sha2_256 digest counter-bytes@0x557c448e76e0 (length 4) | 0a 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7fff72f59390 (length 32) | 28 8c a7 ef 8b b3 48 f3 f9 e7 f7 4d 3b 05 2f 10 | 95 35 6a 02 72 61 b6 64 b4 1e 41 7a be 1f b0 38 | creating state object #15 at 0x557c468ec6e0 | State DB: adding IKEv2 state #15 in UNDEFINED | pstats #15 ikev2.ike started | Message ID: init #15: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #15: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #15; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #15 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #15 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #15 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #15 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #15 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #15 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #15 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) "east" #15: af+type of IKEv2 Attribute Substructure Payload has an unknown value: 14 (0xe) "east" #15: remote proposal 1 transform 0 contains corrupt attribute "east" #15: partial list of remote proposals: 1:IKE:[corrupt-attribute] "east" #15: responding to IKE_SA_INIT (34) message (Message ID 0) from 192.1.2.45:500 with unencrypted notification INVALID_SYNTAX | Opening output PBS unencrypted notification | **emit ISAKMP Message: | initiator cookie: | 43 bb 13 1f 1d c8 71 49 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_INVALID_SYNTAX (0x7) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'unencrypted notification' | emitting length of IKEv2 Notify Payload: 8 | emitting length of ISAKMP Message: 36 | sending 36 bytes for v2 notify through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #0) | 43 bb 13 1f 1d c8 71 49 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 07 | #15 spent 0.144 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #15 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #15 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_FATAL | release_pending_whacks: state #15 has no whack fd | pstats #15 ikev2.ike deleted other | [RE]START processing: state #15 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #15: deleting state (STATE_PARENT_R0) aged 0.000s and NOT sending notification | parent state #15: PARENT_R0(half-open IKE SA) => delete | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #15 in PARENT_R0 | parent state #15: PARENT_R0(half-open IKE SA) => UNDEFINED(ignore) | stop processing: state #15 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #15 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.64 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00277 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 28 d5 cc e6 c9 60 c9 f7 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 00 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 af 34 8b e6 82 27 fe fe 15 45 0d 71 | d1 b9 0b 22 8e 23 0d 6f d5 d5 fd cb ff 53 72 af | ee 54 cd 5e 94 c2 95 6a 97 28 63 62 52 6a 8e 77 | 52 92 7a 65 f7 4b 34 fc ff e4 3c bd ef a8 e8 86 | 30 18 b2 6c 9e 3f 5d 08 fc 3d 9f 2d 43 ac bd 54 | fc 7b 13 c1 a1 d4 25 7c e7 ee 8a 2a cc 51 5b d2 | 28 b4 48 ed 3b f4 20 bf e2 24 9a dd eb b5 35 1d | 0f a4 c6 e9 10 15 fa 89 f1 8b 9e 94 df 90 39 ff | dc f5 b8 bc 46 39 0a e7 7f 64 f1 db 2a 2d 58 7f | ed e4 97 8a b6 12 2c 8d c9 63 f9 53 e5 36 98 04 | 74 00 24 ce c6 07 1b 4b ec d1 d9 ac fa 10 9f 0c | 06 e9 e7 a9 8f 3d cf b5 c2 30 b8 22 92 00 7b e2 | 3b e1 5d 54 35 aa d9 0a d6 ac 43 44 1f e9 c5 9a | 7e eb b3 af f0 d7 50 25 54 2e 1f 37 aa 81 44 e1 | f8 a3 0b 1b 0f 4a fc 25 b9 94 d9 2a 76 b9 96 20 | 47 0b 1b f7 62 9b 58 84 19 d1 fd 89 1d dc 27 e2 | 50 ed 77 a9 29 00 00 24 ad c7 fd 01 e5 6e 3e 72 | 2b 7d 57 3b 84 36 37 a4 63 02 c1 47 06 92 68 66 | 2b e0 05 3d fe 9c 56 5e 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 3e ba f1 33 5e 6f 28 ca | aa f0 35 89 a3 bb d4 8b 15 a7 cd 0d 00 00 00 1c | 00 00 40 05 a5 5e 02 e1 56 0a 89 c6 87 ae c8 2e | 2a e4 50 76 63 a4 d8 2d | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 28 d5 cc e6 c9 60 c9 f7 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x557c468e9610 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x557c448e7700 (length 32) | b3 4d 7f 00 5e 96 ec 2b 24 17 98 2c 30 c4 0b 6f | 32 2a a8 67 4e 25 c8 f6 c6 25 a4 e9 5e fb 8a 57 | IKE SPIr hash sha2_256 digest counter-bytes@0x557c448e76e0 (length 4) | 0b 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7fff72f59390 (length 32) | 1c 1c fd 88 ef 8a 78 9f ef 0f b6 f1 06 a8 fa 8e | 59 22 8e 5e 28 f6 9c 31 75 cc f3 01 fc df c0 54 | creating state object #16 at 0x557c468ec6e0 | State DB: adding IKEv2 state #16 in UNDEFINED | pstats #16 ikev2.ike started | Message ID: init #16: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #16: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #16; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #16 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #16 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #16 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #16 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #16 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #16 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #16 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) "east" #16: af+type of IKEv2 Attribute Substructure Payload has an unknown value: 14 (0xe) "east" #16: remote proposal 1 transform 0 contains corrupt attribute "east" #16: partial list of remote proposals: 1:IKE:[corrupt-attribute] "east" #16: responding to IKE_SA_INIT (34) message (Message ID 0) from 192.1.2.45:500 with unencrypted notification INVALID_SYNTAX | Opening output PBS unencrypted notification | **emit ISAKMP Message: | initiator cookie: | 28 d5 cc e6 c9 60 c9 f7 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_INVALID_SYNTAX (0x7) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'unencrypted notification' | emitting length of IKEv2 Notify Payload: 8 | emitting length of ISAKMP Message: 36 | sending 36 bytes for v2 notify through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #0) | 28 d5 cc e6 c9 60 c9 f7 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 07 | #16 spent 0.146 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #16 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #16 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_FATAL | release_pending_whacks: state #16 has no whack fd | pstats #16 ikev2.ike deleted other | [RE]START processing: state #16 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #16: deleting state (STATE_PARENT_R0) aged 0.000s and NOT sending notification | parent state #16: PARENT_R0(half-open IKE SA) => delete | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #16 in PARENT_R0 | parent state #16: PARENT_R0(half-open IKE SA) => UNDEFINED(ignore) | stop processing: state #16 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #16 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.63 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00302 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | f3 5d 5a ec 9f 73 ce 44 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 00 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 db c5 95 0c 25 7e b1 18 35 70 bd 61 | cc e0 ed d5 23 71 64 c6 b6 20 81 d3 9a 08 7f 4e | 21 ae a0 de 8c 48 e1 fa 1f 85 72 7a 8b a3 58 5b | ad ad a2 ed 55 17 3c 33 e4 77 b7 21 f2 87 aa 64 | 63 ce 56 9d c2 c2 45 c7 94 b2 49 97 6c fc 1e f6 | d4 96 a8 0b f6 b3 2a 4a 38 8a 3a 76 85 5f 31 58 | 8c f7 9d 47 d9 aa 72 15 b6 4a da 35 41 28 26 45 | 3a 40 f3 25 96 46 51 d2 5c bc 6a 1f 86 a0 da 2d | b6 43 1d 0e 93 9a 71 20 dc be cf 73 f9 e5 86 1b | f6 0d dc a4 06 97 e7 d0 df 2a cb 42 9e 4c 79 21 | 8c cf 9b cc d1 c1 39 54 25 22 d3 a7 86 c6 21 ef | 7a 38 e0 b3 ef b7 c9 ea f2 d6 d5 83 c2 fb 73 c3 | 86 62 cf f5 1a bd cb 41 16 93 cd 11 dd 9f 3f 16 | 29 c5 2c 8c c8 11 d1 69 2b fb b2 93 28 10 6f c6 | e1 10 7d 53 ab 66 29 35 25 dd 21 ba 20 b6 fc 8c | e0 d3 99 51 91 e6 06 7f a3 57 04 16 ed 39 17 99 | 00 12 65 3c 29 00 00 24 a3 f6 f6 46 32 91 3d ce | 17 0f 90 af fd b5 b9 06 1b 0a bd 3c f2 e2 26 30 | 84 b5 ac a1 e9 42 9b e7 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 15 8f d1 aa 44 25 f0 5d | 02 11 c5 09 5b ba 39 9c e9 d8 e7 98 00 00 00 1c | 00 00 40 05 b8 0f 84 55 52 bd 9a 2f 56 9f 15 8b | ff 1e d8 3e ae 51 41 cb | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | f3 5d 5a ec 9f 73 ce 44 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x557c468e9610 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x557c448e7700 (length 32) | b3 4d 7f 00 5e 96 ec 2b 24 17 98 2c 30 c4 0b 6f | 32 2a a8 67 4e 25 c8 f6 c6 25 a4 e9 5e fb 8a 57 | IKE SPIr hash sha2_256 digest counter-bytes@0x557c448e76e0 (length 4) | 0c 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7fff72f59390 (length 32) | e8 6f e4 12 12 91 1f 82 27 ec 20 38 07 2d 5c 93 | 40 5e 8f c0 1b 96 8f 5e bf 0a e6 bf 5a cf 3c d1 | creating state object #17 at 0x557c468ec6e0 | State DB: adding IKEv2 state #17 in UNDEFINED | pstats #17 ikev2.ike started | Message ID: init #17: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #17: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #17; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #17 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #17 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #17 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #17 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #17 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #17 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #17 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) "east" #17: af+type of IKEv2 Attribute Substructure Payload has an unknown value: 14 (0xe) "east" #17: remote proposal 1 transform 0 contains corrupt attribute "east" #17: partial list of remote proposals: 1:IKE:[corrupt-attribute] "east" #17: responding to IKE_SA_INIT (34) message (Message ID 0) from 192.1.2.45:500 with unencrypted notification INVALID_SYNTAX | Opening output PBS unencrypted notification | **emit ISAKMP Message: | initiator cookie: | f3 5d 5a ec 9f 73 ce 44 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_INVALID_SYNTAX (0x7) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'unencrypted notification' | emitting length of IKEv2 Notify Payload: 8 | emitting length of ISAKMP Message: 36 | sending 36 bytes for v2 notify through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #0) | f3 5d 5a ec 9f 73 ce 44 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 07 | #17 spent 0.152 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #17 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #17 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_FATAL | release_pending_whacks: state #17 has no whack fd | pstats #17 ikev2.ike deleted other | [RE]START processing: state #17 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #17: deleting state (STATE_PARENT_R0) aged 0.000s and NOT sending notification | parent state #17: PARENT_R0(half-open IKE SA) => delete | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #17 in PARENT_R0 | parent state #17: PARENT_R0(half-open IKE SA) => UNDEFINED(ignore) | stop processing: state #17 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #17 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.682 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00249 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 08 74 23 e1 6d 7d 1f 32 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 00 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 7a ef 33 bd 35 9c 5c f0 c8 f2 99 19 | 7a cb b8 03 a3 d9 03 60 df 81 fe 93 7f 61 30 f2 | ca 38 8e 5e 99 33 04 1f 3c 86 4e ac b0 29 74 f1 | 63 bc a7 e5 12 c5 fa 99 26 ef 68 58 49 4f 72 05 | ec 90 d7 95 2b b6 3a f1 0c d4 c2 95 df ea 7a 2d | 35 be 5e 00 de 32 ec 9a cb 2a ba f6 ca 73 83 8c | 7d 6d 59 0f 67 aa 37 72 c4 e5 34 f4 93 e6 cf 6e | d8 ad 3b 62 a0 a3 45 0c 45 41 95 f4 8b 40 43 2a | a8 ef f5 da 4c 9f 08 51 64 06 f2 37 bc c9 b6 db | 6e 22 ed e8 48 9b 37 78 6e 42 cb 10 f2 ff f1 44 | dc ff 03 14 d3 63 a0 d6 18 be 68 77 e9 df d4 5a | b5 2b 88 22 b8 25 5b 00 bd b6 ce c3 a9 12 74 3e | 4d d7 b3 7f 36 ea b1 f8 e9 97 65 37 34 38 63 1b | a9 5c eb c1 02 b4 16 f8 88 92 20 4c fc e7 03 98 | 7e 6e 8e 43 6b ae 3a 86 80 d8 38 3b 70 5f 09 91 | dd 7e 52 ee 28 2a 1e 32 cb a7 d7 d5 59 ce e1 d2 | 7b 05 48 3f 29 00 00 24 d6 45 86 32 8c 4c 66 8e | 55 a3 fc 12 20 d4 63 0e 34 2b 78 94 50 f3 75 2d | 69 17 b1 d4 3d 72 8e 4a 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 ea 3f 63 3a e7 96 c3 6b | 03 7a 49 ba fc 0e e6 1d 7e 0a f3 10 00 00 00 1c | 00 00 40 05 b3 ba 8f 7b 01 02 05 e5 79 d9 a7 72 | c9 79 be c0 c5 77 91 7c | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 08 74 23 e1 6d 7d 1f 32 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x557c468e9610 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x557c448e7700 (length 32) | b3 4d 7f 00 5e 96 ec 2b 24 17 98 2c 30 c4 0b 6f | 32 2a a8 67 4e 25 c8 f6 c6 25 a4 e9 5e fb 8a 57 | IKE SPIr hash sha2_256 digest counter-bytes@0x557c448e76e0 (length 4) | 0d 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7fff72f59390 (length 32) | e5 ff a9 98 3f c5 14 b8 fc 0d ba 6a 2a 96 d9 59 | ba 97 c9 db 8e f1 00 73 db 91 f2 29 80 c7 f6 6b | creating state object #18 at 0x557c468ec6e0 | State DB: adding IKEv2 state #18 in UNDEFINED | pstats #18 ikev2.ike started | Message ID: init #18: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #18: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #18; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #18 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #18 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #18 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #18 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #18 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #18 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #18 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) "east" #18: af+type of IKEv2 Attribute Substructure Payload has an unknown value: 14 (0xe) "east" #18: remote proposal 1 transform 0 contains corrupt attribute "east" #18: partial list of remote proposals: 1:IKE:[corrupt-attribute] "east" #18: responding to IKE_SA_INIT (34) message (Message ID 0) from 192.1.2.45:500 with unencrypted notification INVALID_SYNTAX | Opening output PBS unencrypted notification | **emit ISAKMP Message: | initiator cookie: | 08 74 23 e1 6d 7d 1f 32 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_INVALID_SYNTAX (0x7) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'unencrypted notification' | emitting length of IKEv2 Notify Payload: 8 | emitting length of ISAKMP Message: 36 | sending 36 bytes for v2 notify through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #0) | 08 74 23 e1 6d 7d 1f 32 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 07 | #18 spent 0.101 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #18 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #18 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_FATAL | release_pending_whacks: state #18 has no whack fd | pstats #18 ikev2.ike deleted other | [RE]START processing: state #18 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #18: deleting state (STATE_PARENT_R0) aged 0.000s and NOT sending notification | parent state #18: PARENT_R0(half-open IKE SA) => delete | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #18 in PARENT_R0 | parent state #18: PARENT_R0(half-open IKE SA) => UNDEFINED(ignore) | stop processing: state #18 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #18 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.531 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00325 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 436 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 33 49 c1 46 bb a8 9f 78 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | 70 0f 0b 91 33 30 52 da d0 52 4f e2 b2 33 e6 4f | 26 bc aa f9 e5 81 e0 c4 2d 3b 11 cb 02 e5 88 8e | 16 a9 08 04 18 15 f4 bc d5 d2 b1 4d 93 6c d4 8e | 71 d1 a1 04 4f 22 8f d6 18 21 39 c8 15 e1 c1 f1 | a3 50 7c 98 fe 78 db 01 6c 0c ad 2f 0a b1 bc d8 | ca 1f 61 49 15 67 26 e3 2f 2f 5c 7b 13 79 d8 f9 | e4 81 75 6a 1a cf f2 7d 2f 0d 8a 9b c8 f3 06 c6 | 7d 91 d7 42 07 f5 5d 5a 70 d9 cc ab 37 02 03 80 | 23 04 40 4d 82 e2 86 32 19 28 b4 c6 b6 32 ac 4a | 80 66 f9 59 42 25 aa 5a be de 81 70 8e ea da 0e | 5e 57 15 ea 10 48 15 1e 56 d1 58 99 c1 0f 7e d2 | 31 d8 b0 ec 71 b4 aa 13 c6 e2 69 61 23 08 9c 05 | 23 f6 0f d1 07 85 83 94 05 f3 30 7a fc 86 cf 5c | b5 be 3b 64 48 2a 1f de de 7c e8 40 a9 d2 23 b6 | de cc 17 c5 37 a1 78 da d1 71 db 47 58 48 6c b5 | 4c 45 75 37 5b 51 61 f8 6d ba 3f 74 48 ac 97 e0 | 29 00 00 24 6c 47 6e 5e b1 39 0d 54 47 38 98 23 | 68 19 fe 38 b9 55 ad 39 24 53 8c 3b c4 36 17 f8 | b7 60 dc 4d 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 49 3b 75 82 0d 55 fc 41 fe db 99 36 | b1 eb 08 53 91 b1 11 27 00 00 00 1c 00 00 40 05 | 6f dd a3 3f 28 9d 53 1b 2d 97 14 c6 79 98 7b 37 | 0e 9e f8 d9 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 33 49 c1 46 bb a8 9f 78 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 436 (0x1b4) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 44 (0x2c) | processing payload: ISAKMP_NEXT_v2SA (len=40) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x557c468e9610 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x557c448e7700 (length 32) | b3 4d 7f 00 5e 96 ec 2b 24 17 98 2c 30 c4 0b 6f | 32 2a a8 67 4e 25 c8 f6 c6 25 a4 e9 5e fb 8a 57 | IKE SPIr hash sha2_256 digest counter-bytes@0x557c448e76e0 (length 4) | 0e 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7fff72f59390 (length 32) | 15 53 a3 f9 4d 5f fc 5b f9 17 dd 4a f4 c5 bb 17 | cb 7e e2 d8 98 7a 0b ca 6e cb b0 89 d6 f4 12 37 | creating state object #19 at 0x557c468ec6e0 | State DB: adding IKEv2 state #19 in UNDEFINED | pstats #19 ikev2.ike started | Message ID: init #19: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #19: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #19; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #19 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #19 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #19 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #19 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #19 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #19 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #19 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 40 (0x28) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | remote proposal 1 transform 0 (ENCR=3DES) matches local proposal 2 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 2 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: PRF+INTEG+DH | remote proposal 1 does not match local proposal 1; unmatched transforms: ENCR; missing transforms: ENCR | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 2; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH | remote proposal 1 matches local proposal 2 "east" #19: proposal 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048[first-match] | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: 3DES=3, found 3DES_CBC | PRF ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1 | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | DH public value received: | 70 0f 0b 91 33 30 52 da d0 52 4f e2 b2 33 e6 4f | 26 bc aa f9 e5 81 e0 c4 2d 3b 11 cb 02 e5 88 8e | 16 a9 08 04 18 15 f4 bc d5 d2 b1 4d 93 6c d4 8e | 71 d1 a1 04 4f 22 8f d6 18 21 39 c8 15 e1 c1 f1 | a3 50 7c 98 fe 78 db 01 6c 0c ad 2f 0a b1 bc d8 | ca 1f 61 49 15 67 26 e3 2f 2f 5c 7b 13 79 d8 f9 | e4 81 75 6a 1a cf f2 7d 2f 0d 8a 9b c8 f3 06 c6 | 7d 91 d7 42 07 f5 5d 5a 70 d9 cc ab 37 02 03 80 | 23 04 40 4d 82 e2 86 32 19 28 b4 c6 b6 32 ac 4a | 80 66 f9 59 42 25 aa 5a be de 81 70 8e ea da 0e | 5e 57 15 ea 10 48 15 1e 56 d1 58 99 c1 0f 7e d2 | 31 d8 b0 ec 71 b4 aa 13 c6 e2 69 61 23 08 9c 05 | 23 f6 0f d1 07 85 83 94 05 f3 30 7a fc 86 cf 5c | b5 be 3b 64 48 2a 1f de de 7c e8 40 a9 d2 23 b6 | de cc 17 c5 37 a1 78 da d1 71 db 47 58 48 6c b5 | 4c 45 75 37 5b 51 61 f8 6d ba 3f 74 48 ac 97 e0 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff72f58d90 (length 8) | 33 49 c1 46 bb a8 9f 78 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff72f58d98 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff72f58d24 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff72f58d16 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff72f58da0 (length 20) | 6f dd a3 3f 28 9d 53 1b 2d 97 14 c6 79 98 7b 37 | 0e 9e f8 d9 | natd_hash: hasher=0x557c448ca7a0(20) | natd_hash: icookie= 33 49 c1 46 bb a8 9f 78 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 6f dd a3 3f 28 9d 53 1b 2d 97 14 c6 79 98 7b 37 | natd_hash: hash= 0e 9e f8 d9 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff72f58d90 (length 8) | 33 49 c1 46 bb a8 9f 78 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff72f58d98 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff72f58d24 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff72f58d16 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff72f58dc0 (length 20) | 49 3b 75 82 0d 55 fc 41 fe db 99 36 b1 eb 08 53 | 91 b1 11 27 | natd_hash: hasher=0x557c448ca7a0(20) | natd_hash: icookie= 33 49 c1 46 bb a8 9f 78 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 49 3b 75 82 0d 55 fc 41 fe db 99 36 b1 eb 08 53 | natd_hash: hash= 91 b1 11 27 | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.45 | adding ikev2_inI1outR1 KE work-order 11 for state #19 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7efea8002b20 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #19 | libevent_malloc: new ptr-libevent@0x7efeb0008da0 size 128 | #19 spent 0.288 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | crypto helper 3 resuming | crypto helper 3 starting work-order 11 for state #19 | crypto helper 3 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 11 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7efea4002010: created | NSS: Local DH MODP2048 secret (pointer): 0x7efea4002010 | NSS: Public DH wire value: | af 4b cd bd 95 71 09 ef 61 a3 ce d1 2f a9 9c 72 | e2 54 45 19 47 e2 3a 57 02 90 03 ee 8f 47 5d 18 | d4 24 c3 15 18 e7 29 6c 4c b5 16 a4 3d 77 99 ba | b4 69 71 56 37 c4 53 e1 43 85 13 05 37 1c b4 76 | 3f 4f 83 6b 2d d2 49 3e 1e e4 c1 27 b2 f3 7e 21 | b1 61 df 24 b8 f5 eb 68 b4 c4 9f a5 09 ad 2c 17 | 64 a0 b6 77 71 d4 68 c6 0b 9d 8f c5 7b a5 00 74 | da ba b1 ba ab f2 6f f8 96 eb 3c 0b 8a 91 3b 07 | 82 3f 37 c7 9b 7b e5 8a 1c 7e cd cb 46 07 26 7b | 9c 18 7a 51 c1 2a 16 0f 6d 35 9b 37 5c c5 66 80 | 5e 92 01 c9 58 a7 dd bc ba b5 5e 63 99 c1 e8 04 | b0 33 3b a1 82 13 5b 3e e8 64 b8 d5 31 bf 4f af | fb 26 55 09 9c c8 33 5f 49 44 0e 59 be 56 65 ee | 4b 18 15 5a c1 cc dd bb 7f c9 ac e7 f3 a5 d1 05 | f2 c1 70 b2 83 6c 4d 1d 28 d2 81 aa d5 12 86 ac | 73 bc 4e 0c 5f c4 11 11 ee aa 53 08 57 98 6c 94 | Generated nonce: 3e 69 6a c0 55 c9 7f ce d9 8a 67 f4 bb 26 3b 7d | Generated nonce: 35 17 65 ab 3c ba a5 b9 6e 92 98 4e a7 3b 48 cc | crypto helper 3 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 11 time elapsed 0.001017 seconds | (#19) spent 0.999 milliseconds in crypto helper computing work-order 11: ikev2_inI1outR1 KE (pcr) | crypto helper 3 sending results from work-order 11 for state #19 to event queue | scheduling resume sending helper answer for #19 | libevent_malloc: new ptr-libevent@0x7efea40067f0 size 128 | crypto helper 3 waiting (nothing to do) | [RE]START processing: state #19 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #19 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND | suspending state #19 and saving MD | #19 is busy; has a suspended MD | [RE]START processing: state #19 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3266) | "east" #19 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | stop processing: state #19 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #19 spent 0.689 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.702 milliseconds in comm_handle_cb() reading and processing packet | processing resume sending helper answer for #19 | start processing: state #19 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 3 replies to request ID 11 | calling continuation function 0x557c447f4630 | ikev2_parent_inI1outR1_continue for #19: calculated ke+nonce, sending R1 | **emit ISAKMP Message: | initiator cookie: | 33 49 c1 46 bb a8 9f 78 | responder cookie: | 15 53 a3 f9 4d 5f fc 5b | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Emitting ikev2_proposal ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 40 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 44 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7efea4002010: transferring ownership from helper KE to state #19 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x af 4b cd bd 95 71 09 ef 61 a3 ce d1 2f a9 9c 72 | ikev2 g^x e2 54 45 19 47 e2 3a 57 02 90 03 ee 8f 47 5d 18 | ikev2 g^x d4 24 c3 15 18 e7 29 6c 4c b5 16 a4 3d 77 99 ba | ikev2 g^x b4 69 71 56 37 c4 53 e1 43 85 13 05 37 1c b4 76 | ikev2 g^x 3f 4f 83 6b 2d d2 49 3e 1e e4 c1 27 b2 f3 7e 21 | ikev2 g^x b1 61 df 24 b8 f5 eb 68 b4 c4 9f a5 09 ad 2c 17 | ikev2 g^x 64 a0 b6 77 71 d4 68 c6 0b 9d 8f c5 7b a5 00 74 | ikev2 g^x da ba b1 ba ab f2 6f f8 96 eb 3c 0b 8a 91 3b 07 | ikev2 g^x 82 3f 37 c7 9b 7b e5 8a 1c 7e cd cb 46 07 26 7b | ikev2 g^x 9c 18 7a 51 c1 2a 16 0f 6d 35 9b 37 5c c5 66 80 | ikev2 g^x 5e 92 01 c9 58 a7 dd bc ba b5 5e 63 99 c1 e8 04 | ikev2 g^x b0 33 3b a1 82 13 5b 3e e8 64 b8 d5 31 bf 4f af | ikev2 g^x fb 26 55 09 9c c8 33 5f 49 44 0e 59 be 56 65 ee | ikev2 g^x 4b 18 15 5a c1 cc dd bb 7f c9 ac e7 f3 a5 d1 05 | ikev2 g^x f2 c1 70 b2 83 6c 4d 1d 28 d2 81 aa d5 12 86 ac | ikev2 g^x 73 bc 4e 0c 5f c4 11 11 ee aa 53 08 57 98 6c 94 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 3e 69 6a c0 55 c9 7f ce d9 8a 67 f4 bb 26 3b 7d | IKEv2 nonce 35 17 65 ab 3c ba a5 b9 6e 92 98 4e a7 3b 48 cc | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff72f592e0 (length 8) | 33 49 c1 46 bb a8 9f 78 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff72f592e8 (length 8) | 15 53 a3 f9 4d 5f fc 5b | NATD hash sha digest IP addr-bytes@0x7fff72f59214 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff72f59206 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff72f59290 (length 20) | 82 cd 10 83 f7 65 05 84 cd ce 28 71 48 2a 9a 5c | a4 42 89 25 | natd_hash: hasher=0x557c448ca7a0(20) | natd_hash: icookie= 33 49 c1 46 bb a8 9f 78 | natd_hash: rcookie= 15 53 a3 f9 4d 5f fc 5b | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 82 cd 10 83 f7 65 05 84 cd ce 28 71 48 2a 9a 5c | natd_hash: hash= a4 42 89 25 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 82 cd 10 83 f7 65 05 84 cd ce 28 71 48 2a 9a 5c | Notify data a4 42 89 25 | emitting length of IKEv2 Notify Payload: 28 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff72f592e0 (length 8) | 33 49 c1 46 bb a8 9f 78 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff72f592e8 (length 8) | 15 53 a3 f9 4d 5f fc 5b | NATD hash sha digest IP addr-bytes@0x7fff72f59214 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff72f59206 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff72f59290 (length 20) | f9 fd e3 80 2b ff 64 83 8b b8 e3 27 c2 5e 23 2b | b2 34 e1 a5 | natd_hash: hasher=0x557c448ca7a0(20) | natd_hash: icookie= 33 49 c1 46 bb a8 9f 78 | natd_hash: rcookie= 15 53 a3 f9 4d 5f fc 5b | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= f9 fd e3 80 2b ff 64 83 8b b8 e3 27 c2 5e 23 2b | natd_hash: hash= b2 34 e1 a5 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data f9 fd e3 80 2b ff 64 83 8b b8 e3 27 c2 5e 23 2b | Notify data b2 34 e1 a5 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 436 | [RE]START processing: state #19 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #19 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 | parent state #19: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) | Message ID: updating counters for #19 to 0 after switching state | Message ID: recv #19 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 | Message ID: sent #19 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 "east" #19: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=3DES_CBC_192 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP2048} | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) | sending 436 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #19) | 33 49 c1 46 bb a8 9f 78 15 53 a3 f9 4d 5f fc 5b | 21 20 22 20 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | af 4b cd bd 95 71 09 ef 61 a3 ce d1 2f a9 9c 72 | e2 54 45 19 47 e2 3a 57 02 90 03 ee 8f 47 5d 18 | d4 24 c3 15 18 e7 29 6c 4c b5 16 a4 3d 77 99 ba | b4 69 71 56 37 c4 53 e1 43 85 13 05 37 1c b4 76 | 3f 4f 83 6b 2d d2 49 3e 1e e4 c1 27 b2 f3 7e 21 | b1 61 df 24 b8 f5 eb 68 b4 c4 9f a5 09 ad 2c 17 | 64 a0 b6 77 71 d4 68 c6 0b 9d 8f c5 7b a5 00 74 | da ba b1 ba ab f2 6f f8 96 eb 3c 0b 8a 91 3b 07 | 82 3f 37 c7 9b 7b e5 8a 1c 7e cd cb 46 07 26 7b | 9c 18 7a 51 c1 2a 16 0f 6d 35 9b 37 5c c5 66 80 | 5e 92 01 c9 58 a7 dd bc ba b5 5e 63 99 c1 e8 04 | b0 33 3b a1 82 13 5b 3e e8 64 b8 d5 31 bf 4f af | fb 26 55 09 9c c8 33 5f 49 44 0e 59 be 56 65 ee | 4b 18 15 5a c1 cc dd bb 7f c9 ac e7 f3 a5 d1 05 | f2 c1 70 b2 83 6c 4d 1d 28 d2 81 aa d5 12 86 ac | 73 bc 4e 0c 5f c4 11 11 ee aa 53 08 57 98 6c 94 | 29 00 00 24 3e 69 6a c0 55 c9 7f ce d9 8a 67 f4 | bb 26 3b 7d 35 17 65 ab 3c ba a5 b9 6e 92 98 4e | a7 3b 48 cc 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 82 cd 10 83 f7 65 05 84 cd ce 28 71 | 48 2a 9a 5c a4 42 89 25 00 00 00 1c 00 00 40 05 | f9 fd e3 80 2b ff 64 83 8b b8 e3 27 c2 5e 23 2b | b2 34 e1 a5 | state #19 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7efeb0008da0 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7efea8002b20 | event_schedule: new EVENT_SO_DISCARD-pe@0x7efea8002b20 | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #19 | libevent_malloc: new ptr-libevent@0x7efeb0008da0 size 128 | resume sending helper answer for #19 suppresed complete_v2_state_transition() | #19 spent 0.454 milliseconds in resume sending helper answer | stop processing: state #19 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7efea40067f0 | spent 0.00273 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 196 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 33 49 c1 46 bb a8 9f 78 15 53 a3 f9 4d 5f fc 5b | 2e 20 23 08 00 00 00 01 00 00 00 c4 23 00 00 a8 | 68 0f a9 6d ad 29 c0 4e 43 78 c7 38 1c 54 6e 5d | 71 13 1d 24 f1 cd 3d bf 8b 77 d6 ae 3f 8e 2c 9c | 5c f1 d0 b7 1b d2 54 7d b2 12 b0 4a ec 9f b7 21 | 5e 1b c4 34 0f d6 4d b0 f7 f2 26 e3 68 a5 4b ae | 48 2e 15 12 e0 b2 f8 e1 a5 c0 de ff 52 c1 ce 1a | 77 33 b0 32 94 d0 af d3 c9 79 8b ee 2a 60 5d 70 | a1 46 37 e9 17 bb 3d 53 68 0e b2 4b f4 0a d4 53 | 2a f7 d7 10 b3 eb 34 1d 61 7a 40 d6 cc 2c be 2f | f2 53 02 60 64 eb 7d 50 9c ea d0 ae d9 db 28 0e | ec db 8c fc 9f 5c 75 1a ba c7 84 f5 41 71 4f 89 | 88 2e 7d 89 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 33 49 c1 46 bb a8 9f 78 | responder cookie: | 15 53 a3 f9 4d 5f fc 5b | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | length: 196 (0xc4) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request | State DB: found IKEv2 state #19 in PARENT_R1 (find_v2_ike_sa) | start processing: state #19 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #19 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #19 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 | Message ID: #19 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | length: 168 (0xa8) | processing payload: ISAKMP_NEXT_v2SK (len=164) | Message ID: start-responder #19 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 | #19 in state PARENT_R1: received v2I1, sent v2R1 | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) | Now let's proceed with state specific processing | calling processor Responder: process IKE_AUTH request (no SKEYSEED) | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA1 integ=HMAC_SHA1_96 cipherkey=3DES_CBC | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7efea4002010: transferring ownership from state #19 to helper IKEv2 DH | adding ikev2_inI2outR2 KE work-order 12 for state #19 | state #19 requesting EVENT_SO_DISCARD to be deleted | libevent_free: release ptr-libevent@0x7efeb0008da0 | free_event_entry: release EVENT_SO_DISCARD-pe@0x7efea8002b20 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7efea8002b20 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #19 | libevent_malloc: new ptr-libevent@0x7efeb0008da0 size 128 | #19 spent 0.0323 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet() | [RE]START processing: state #19 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #19 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND | suspending state #19 and saving MD | #19 is busy; has a suspended MD | [RE]START processing: state #19 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3266) | "east" #19 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | stop processing: state #19 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #19 spent 0.157 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.167 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 4 resuming | crypto helper 4 starting work-order 12 for state #19 | crypto helper 4 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 12 | peer's g: 70 0f 0b 91 33 30 52 da d0 52 4f e2 b2 33 e6 4f | peer's g: 26 bc aa f9 e5 81 e0 c4 2d 3b 11 cb 02 e5 88 8e | peer's g: 16 a9 08 04 18 15 f4 bc d5 d2 b1 4d 93 6c d4 8e | peer's g: 71 d1 a1 04 4f 22 8f d6 18 21 39 c8 15 e1 c1 f1 | peer's g: a3 50 7c 98 fe 78 db 01 6c 0c ad 2f 0a b1 bc d8 | peer's g: ca 1f 61 49 15 67 26 e3 2f 2f 5c 7b 13 79 d8 f9 | peer's g: e4 81 75 6a 1a cf f2 7d 2f 0d 8a 9b c8 f3 06 c6 | peer's g: 7d 91 d7 42 07 f5 5d 5a 70 d9 cc ab 37 02 03 80 | peer's g: 23 04 40 4d 82 e2 86 32 19 28 b4 c6 b6 32 ac 4a | peer's g: 80 66 f9 59 42 25 aa 5a be de 81 70 8e ea da 0e | peer's g: 5e 57 15 ea 10 48 15 1e 56 d1 58 99 c1 0f 7e d2 | peer's g: 31 d8 b0 ec 71 b4 aa 13 c6 e2 69 61 23 08 9c 05 | peer's g: 23 f6 0f d1 07 85 83 94 05 f3 30 7a fc 86 cf 5c | peer's g: b5 be 3b 64 48 2a 1f de de 7c e8 40 a9 d2 23 b6 | peer's g: de cc 17 c5 37 a1 78 da d1 71 db 47 58 48 6c b5 | peer's g: 4c 45 75 37 5b 51 61 f8 6d ba 3f 74 48 ac 97 e0 | Started DH shared-secret computation in NSS: | new : g_ir-key@0x7efe9c00bdb0 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7efea4002010: computed shared DH secret key@0x7efe9c00bdb0 | dh-shared : g^ir-key@0x7efe9c00bdb0 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha integ=sha cipherkey-size=24 salt-size=0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha init Ni | Nr-chunk@0x557c468cbb90 (length 64) | 6c 47 6e 5e b1 39 0d 54 47 38 98 23 68 19 fe 38 | b9 55 ad 39 24 53 8c 3b c4 36 17 f8 b7 60 dc 4d | 3e 69 6a c0 55 c9 7f ce d9 8a 67 f4 bb 26 3b 7d | 35 17 65 ab 3c ba a5 b9 6e 92 98 4e a7 3b 48 cc | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efeba8a5670 | result: Ni | Nr-key@0x557c468f27a0 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x557c468f27a0 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeba8a5658 | result: Ni | Nr-key@0x7efea8006900 (64-bytes, SHA_1_HMAC) | Ni | Nr: release tmp-key@0x557c468f27a0 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha context 0x7efea8003aa0 from Ni | Nr-key@0x7efea8006900 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha with context 0x7efea8003aa0 from Ni | Nr-key@0x7efea8006900 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x7efea8006900 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha crypt-prf@0x7efea8000d60 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha update g^ir-key@0x7efe9c00bdb0 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x7efe9c00bdb0 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x7efe9c00bdb0 | nss hmac digest hack: symkey-key@0x7efe9c00bdb0 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)-1165339952: 34 42 76 ffffff92 ffffff97 ffffff9f ffffffc0 02 08 37 ffffffd5 67 fffffff8 ffffffb4 ffffff9a ffffff94 27 47 ffffffbe ffffff93 75 ffffff98 ffffffff ffffffa8 52 6d ffffff99 ffffffff 63 51 34 00 60 24 13 07 24 73 ffffff9d 2c ffffffc6 fffffff2 2f ffffffd3 fffffff1 73 ffffffc2 57 ffffff8b ffffff94 ffffffbb ffffffaf 14 ffffffa1 ffffff9a 63 11 ffffffaa 7a 6c fffffffb 7c ffffffcd 38 ffffff89 1e 7a fffffff7 72 ffffffa3 ffffffc9 ffffffcf ffffffc0 20 5c ffffff81 0f 24 ffffffe6 ffffffc0 ffffffcc 26 2f ffffffa1 46 36 fffffff1 ffffffc0 ffffffe9 ffffff98 ffffffa0 35 2c 35 1e ffffffda ffffffc6 ffffffc8 51 31 fffffff3 ffffffc1 ffffffcb ffffffca 32 2d ffffffea 3f ffffff9c 06 ffffffab 42 63 ffffff84 ffffffb0 ffffff85 4b ffffffdf 64 53 1e ffffffac 39 18 ffffffa5 ffffff96 49 6e ffffff8f 2a ffffffa7 1e 59 6c ffffff89 ffffffdd ffffffd5 fffffff8 34 ffffff9f fffffffd ffffff96 ffffffba ffffffa8 78 3c 44 67 18 ffffffa1 3d ffffffb0 ffffffef ffffffec 50 21 4 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 256 bytes at 0x7efea80043d0 | unwrapped: db 96 a0 49 9a fb 19 c6 7f 10 42 06 f8 e8 9b df | unwrapped: ff 5b 96 97 57 88 91 99 d8 17 d7 e0 eb 9d db 5f | unwrapped: ea c1 44 19 51 75 19 8a dd 49 4a 09 7b 2c d8 3a | unwrapped: 2f cd 8e 9b 49 25 a7 0a 6c 73 69 1b 1c 14 85 15 | unwrapped: c6 36 fa 0a 17 d9 a2 7f 8e fb d0 e8 b4 c2 35 94 | unwrapped: 38 38 1c ae 23 14 f1 41 c6 a9 b6 62 3b 79 01 ab | unwrapped: 89 37 ca de 92 c0 ad b4 ce 11 8c 8c f2 31 85 35 | unwrapped: 52 17 72 6b 7b ff fc 28 42 84 22 eb 53 fd 50 de | unwrapped: d1 c0 20 92 e9 a2 70 dc ef e4 8f d0 d5 49 d0 bd | unwrapped: 9e df cc 06 33 74 f7 0e 4d 44 c6 9c b6 25 c2 d1 | unwrapped: a2 4a a4 51 76 c0 45 bb 0e 0b b6 b5 3d 4f f0 e0 | unwrapped: 6c 64 96 9e 03 63 7a fe 99 51 37 c2 cb 63 a2 fb | unwrapped: f2 1a d8 ec 23 52 dc 98 86 28 12 d7 93 fa 2d 6c | unwrapped: a8 f7 fc 22 84 f8 ca 65 15 65 27 58 12 e4 2f cd | unwrapped: 23 16 95 fd c7 a3 19 f5 53 58 76 6b 1f e0 30 27 | unwrapped: 94 d2 fd 30 4f e6 bf 2b 92 35 74 2d fa 3e e2 a4 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efeba8a5690 | result: final-key@0x557c468f27a0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x557c468f27a0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeba8a5678 | result: final-key@0x7efea8006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x557c468f27a0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha final-key@0x7efea8006900 (size 20) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x7efea8006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efeba8a5600 | result: data=Ni-key@0x7efeb4006900 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x7efeb4006900 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeba8a55e8 | result: data=Ni-key@0x557c468f27a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x7efeb4006900 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c468f27a0 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7efeba8a55f0 | result: data+=Nr-key@0x7efeb4006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x557c468f27a0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7efeb4006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7efeba8a55f0 | result: data+=SPIi-key@0x557c468f27a0 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x7efeb4006900 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c468f27a0 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7efeba8a55f0 | result: data+=SPIr-key@0x7efeb4006900 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x557c468f27a0 | prf+0 PRF sha init key-key@0x7efea8006900 (size 20) | prf+0: key-key@0x7efea8006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efea8006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeba8a5518 | result: clone-key@0x557c468f27a0 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7efea8003aa0 from key-key@0x557c468f27a0 | prf+0 prf: begin sha with context 0x7efea8003aa0 from key-key@0x557c468f27a0 | prf+0: release clone-key@0x557c468f27a0 | prf+0 PRF sha crypt-prf@0x7efea80016e0 | prf+0 PRF sha update seed-key@0x7efeb4006900 (size 80) | prf+0: seed-key@0x7efeb4006900 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x7efeb4006900 | nss hmac digest hack: symkey-key@0x7efeb4006900 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1165340320: ffffffa2 ffffffe7 ffffffd9 ffffffc8 ffffff9f ffffffb6 ffffffbb 51 fffffff1 fffffff8 06 55 05 53 ffffffa3 3e ffffff98 16 7b ffffff97 2a 6a ffffffe9 ffffff88 ffffffcb ffffffa0 ffffffd6 54 ffffffd8 ffffffbc ffffffd1 3a 5f ffffffa2 43 ffffff8f 7c ffffffd4 ffffffec 1a 16 ffffffdd 16 36 7d ffffffb5 17 ffffff8a ffffffb1 4c ffffffa4 67 ffffffef ffffff8b fffffffd 4f 64 fffffffd 10 ffffffc4 16 68 5e ffffff92 ffffffb3 5c ffffffb1 ffffffff 6d 3e ffffffb7 00 13 5e 5d 52 39 ffffffb9 ffffffb8 ffffff8f | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 80 bytes at 0x7efea8005980 | unwrapped: 6c 47 6e 5e b1 39 0d 54 47 38 98 23 68 19 fe 38 | unwrapped: b9 55 ad 39 24 53 8c 3b c4 36 17 f8 b7 60 dc 4d | unwrapped: 3e 69 6a c0 55 c9 7f ce d9 8a 67 f4 bb 26 3b 7d | unwrapped: 35 17 65 ab 3c ba a5 b9 6e 92 98 4e a7 3b 48 cc | unwrapped: 33 49 c1 46 bb a8 9f 78 15 53 a3 f9 4d 5f fc 5b | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efeba8a5520 | result: final-key@0x557c468f9700 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x557c468f9700 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeba8a5508 | result: final-key@0x557c468f27a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x557c468f9700 | prf+0 PRF sha final-key@0x557c468f27a0 (size 20) | prf+0: key-key@0x557c468f27a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x557c468f27a0 | prf+N PRF sha init key-key@0x7efea8006900 (size 20) | prf+N: key-key@0x7efea8006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efea8006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeba8a5518 | result: clone-key@0x557c468f9700 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7efea8003aa0 from key-key@0x557c468f9700 | prf+N prf: begin sha with context 0x7efea8003aa0 from key-key@0x557c468f9700 | prf+N: release clone-key@0x557c468f9700 | prf+N PRF sha crypt-prf@0x7efea80010c0 | prf+N PRF sha update old_t-key@0x557c468f27a0 (size 20) | prf+N: old_t-key@0x557c468f27a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x557c468f27a0 | nss hmac digest hack: symkey-key@0x557c468f27a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1165340320: 28 45 ffffffaf 40 ffffffa9 ffffffe5 19 1a ffffffef fffffff3 ffffffa3 57 39 ffffff9c 4e 73 ffffffa1 ffffffec 56 ffffff80 20 27 7e ffffff8e ffffffa0 08 ffffffcf 1f 07 51 57 7e | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x7efea8005fb0 | unwrapped: 6a 8b b8 77 6d 65 98 d1 50 fb 38 50 a1 2f d9 6e | unwrapped: e8 34 3c 25 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7efeb4006900 (size 80) | prf+N: seed-key@0x7efeb4006900 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x7efeb4006900 | nss hmac digest hack: symkey-key@0x7efeb4006900 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1165340320: ffffffa2 ffffffe7 ffffffd9 ffffffc8 ffffff9f ffffffb6 ffffffbb 51 fffffff1 fffffff8 06 55 05 53 ffffffa3 3e ffffff98 16 7b ffffff97 2a 6a ffffffe9 ffffff88 ffffffcb ffffffa0 ffffffd6 54 ffffffd8 ffffffbc ffffffd1 3a 5f ffffffa2 43 ffffff8f 7c ffffffd4 ffffffec 1a 16 ffffffdd 16 36 7d ffffffb5 17 ffffff8a ffffffb1 4c ffffffa4 67 ffffffef ffffff8b fffffffd 4f 64 fffffffd 10 ffffffc4 16 68 5e ffffff92 ffffffb3 5c ffffffb1 ffffffff 6d 3e ffffffb7 00 13 5e 5d 52 39 ffffffb9 ffffffb8 ffffff8f | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 80 bytes at 0x7efea8004ad0 | unwrapped: 6c 47 6e 5e b1 39 0d 54 47 38 98 23 68 19 fe 38 | unwrapped: b9 55 ad 39 24 53 8c 3b c4 36 17 f8 b7 60 dc 4d | unwrapped: 3e 69 6a c0 55 c9 7f ce d9 8a 67 f4 bb 26 3b 7d | unwrapped: 35 17 65 ab 3c ba a5 b9 6e 92 98 4e a7 3b 48 cc | unwrapped: 33 49 c1 46 bb a8 9f 78 15 53 a3 f9 4d 5f fc 5b | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efeba8a5520 | result: final-key@0x7efea8001a70 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efea8001a70 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeba8a5508 | result: final-key@0x557c468f9700 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efea8001a70 | prf+N PRF sha final-key@0x557c468f9700 (size 20) | prf+N: key-key@0x557c468f9700 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c468f27a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7efeba8a5598 | result: result-key@0x7efea8001a70 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x557c468f27a0 | prfplus: release old_t[N]-key@0x557c468f27a0 | prf+N PRF sha init key-key@0x7efea8006900 (size 20) | prf+N: key-key@0x7efea8006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efea8006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeba8a5518 | result: clone-key@0x557c468f27a0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7efea8003aa0 from key-key@0x557c468f27a0 | prf+N prf: begin sha with context 0x7efea8003aa0 from key-key@0x557c468f27a0 | prf+N: release clone-key@0x557c468f27a0 | prf+N PRF sha crypt-prf@0x7efea8002a80 | prf+N PRF sha update old_t-key@0x557c468f9700 (size 20) | prf+N: old_t-key@0x557c468f9700 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x557c468f9700 | nss hmac digest hack: symkey-key@0x557c468f9700 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1165340320: 6e 2c 2b 38 4e ffffffbe 3d ffffff87 ffffffe5 63 ffffff8c ffffffca ffffff90 35 0b 36 ffffffcf ffffffde 34 3f ffffff8b ffffffe6 ffffff9a 30 ffffffed 76 ffffff82 fffffff2 36 00 08 ffffff80 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x7efea80067a0 | unwrapped: 57 db 46 d3 57 37 e3 87 2e 76 9f da 90 4f f2 0f | unwrapped: 3c d7 5f 27 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7efeb4006900 (size 80) | prf+N: seed-key@0x7efeb4006900 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x7efeb4006900 | nss hmac digest hack: symkey-key@0x7efeb4006900 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1165340320: ffffffa2 ffffffe7 ffffffd9 ffffffc8 ffffff9f ffffffb6 ffffffbb 51 fffffff1 fffffff8 06 55 05 53 ffffffa3 3e ffffff98 16 7b ffffff97 2a 6a ffffffe9 ffffff88 ffffffcb ffffffa0 ffffffd6 54 ffffffd8 ffffffbc ffffffd1 3a 5f ffffffa2 43 ffffff8f 7c ffffffd4 ffffffec 1a 16 ffffffdd 16 36 7d ffffffb5 17 ffffff8a ffffffb1 4c ffffffa4 67 ffffffef ffffff8b fffffffd 4f 64 fffffffd 10 ffffffc4 16 68 5e ffffff92 ffffffb3 5c ffffffb1 ffffffff 6d 3e ffffffb7 00 13 5e 5d 52 39 ffffffb9 ffffffb8 ffffff8f | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 80 bytes at 0x7efea8004a70 | unwrapped: 6c 47 6e 5e b1 39 0d 54 47 38 98 23 68 19 fe 38 | unwrapped: b9 55 ad 39 24 53 8c 3b c4 36 17 f8 b7 60 dc 4d | unwrapped: 3e 69 6a c0 55 c9 7f ce d9 8a 67 f4 bb 26 3b 7d | unwrapped: 35 17 65 ab 3c ba a5 b9 6e 92 98 4e a7 3b 48 cc | unwrapped: 33 49 c1 46 bb a8 9f 78 15 53 a3 f9 4d 5f fc 5b | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efeba8a5520 | result: final-key@0x7efea8005db0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efea8005db0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeba8a5508 | result: final-key@0x557c468f27a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efea8005db0 | prf+N PRF sha final-key@0x557c468f27a0 (size 20) | prf+N: key-key@0x557c468f27a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7efea8001a70 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7efeba8a5598 | result: result-key@0x7efea8005db0 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7efea8001a70 | prfplus: release old_t[N]-key@0x557c468f9700 | prf+N PRF sha init key-key@0x7efea8006900 (size 20) | prf+N: key-key@0x7efea8006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efea8006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeba8a5518 | result: clone-key@0x557c468f9700 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7efea8003aa0 from key-key@0x557c468f9700 | prf+N prf: begin sha with context 0x7efea8003aa0 from key-key@0x557c468f9700 | prf+N: release clone-key@0x557c468f9700 | prf+N PRF sha crypt-prf@0x7efea80010c0 | prf+N PRF sha update old_t-key@0x557c468f27a0 (size 20) | prf+N: old_t-key@0x557c468f27a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x557c468f27a0 | nss hmac digest hack: symkey-key@0x557c468f27a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1165340320: 36 1b 63 4c 42 5b ffffff92 29 ffffffe6 ffffffe2 6d ffffffef ffffffb9 23 ffffffae 1d 03 13 19 5d 41 71 08 2e ffffff9f 2c 7b fffffff0 ffffffdc 1d ffffffde ffffffe2 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x7efea8006770 | unwrapped: 80 b1 8c 92 42 9d a3 8e 9d 2d f9 89 03 f9 9f cd | unwrapped: df 0b 78 93 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7efeb4006900 (size 80) | prf+N: seed-key@0x7efeb4006900 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x7efeb4006900 | nss hmac digest hack: symkey-key@0x7efeb4006900 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1165340320: ffffffa2 ffffffe7 ffffffd9 ffffffc8 ffffff9f ffffffb6 ffffffbb 51 fffffff1 fffffff8 06 55 05 53 ffffffa3 3e ffffff98 16 7b ffffff97 2a 6a ffffffe9 ffffff88 ffffffcb ffffffa0 ffffffd6 54 ffffffd8 ffffffbc ffffffd1 3a 5f ffffffa2 43 ffffff8f 7c ffffffd4 ffffffec 1a 16 ffffffdd 16 36 7d ffffffb5 17 ffffff8a ffffffb1 4c ffffffa4 67 ffffffef ffffff8b fffffffd 4f 64 fffffffd 10 ffffffc4 16 68 5e ffffff92 ffffffb3 5c ffffffb1 ffffffff 6d 3e ffffffb7 00 13 5e 5d 52 39 ffffffb9 ffffffb8 ffffff8f | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 80 bytes at 0x7efea80048b0 | unwrapped: 6c 47 6e 5e b1 39 0d 54 47 38 98 23 68 19 fe 38 | unwrapped: b9 55 ad 39 24 53 8c 3b c4 36 17 f8 b7 60 dc 4d | unwrapped: 3e 69 6a c0 55 c9 7f ce d9 8a 67 f4 bb 26 3b 7d | unwrapped: 35 17 65 ab 3c ba a5 b9 6e 92 98 4e a7 3b 48 cc | unwrapped: 33 49 c1 46 bb a8 9f 78 15 53 a3 f9 4d 5f fc 5b | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efeba8a5520 | result: final-key@0x7efea8001a70 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efea8001a70 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeba8a5508 | result: final-key@0x557c468f9700 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efea8001a70 | prf+N PRF sha final-key@0x557c468f9700 (size 20) | prf+N: key-key@0x557c468f9700 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7efea8005db0 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7efeba8a5598 | result: result-key@0x7efea8001a70 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7efea8005db0 | prfplus: release old_t[N]-key@0x557c468f27a0 | prf+N PRF sha init key-key@0x7efea8006900 (size 20) | prf+N: key-key@0x7efea8006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efea8006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeba8a5518 | result: clone-key@0x557c468f27a0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7efea8003aa0 from key-key@0x557c468f27a0 | prf+N prf: begin sha with context 0x7efea8003aa0 from key-key@0x557c468f27a0 | prf+N: release clone-key@0x557c468f27a0 | prf+N PRF sha crypt-prf@0x7efea8002a80 | prf+N PRF sha update old_t-key@0x557c468f9700 (size 20) | prf+N: old_t-key@0x557c468f9700 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x557c468f9700 | nss hmac digest hack: symkey-key@0x557c468f9700 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1165340320: 28 fffffff9 39 fffffffc ffffffc3 6b ffffffb0 07 fffffffc 4a 10 6e 1a 7b fffffff2 ffffffad ffffffc7 ffffffba 27 2c ffffffa5 ffffffee 50 ffffff94 69 ffffffa5 ffffffaa 7f 38 1f 7f 40 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x7efea8001460 | unwrapped: 75 cb 88 56 fb 7b 7e 0a 37 eb 2a c8 73 4b df b9 | unwrapped: b2 ff b1 3c 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7efeb4006900 (size 80) | prf+N: seed-key@0x7efeb4006900 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x7efeb4006900 | nss hmac digest hack: symkey-key@0x7efeb4006900 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1165340320: ffffffa2 ffffffe7 ffffffd9 ffffffc8 ffffff9f ffffffb6 ffffffbb 51 fffffff1 fffffff8 06 55 05 53 ffffffa3 3e ffffff98 16 7b ffffff97 2a 6a ffffffe9 ffffff88 ffffffcb ffffffa0 ffffffd6 54 ffffffd8 ffffffbc ffffffd1 3a 5f ffffffa2 43 ffffff8f 7c ffffffd4 ffffffec 1a 16 ffffffdd 16 36 7d ffffffb5 17 ffffff8a ffffffb1 4c ffffffa4 67 ffffffef ffffff8b fffffffd 4f 64 fffffffd 10 ffffffc4 16 68 5e ffffff92 ffffffb3 5c ffffffb1 ffffffff 6d 3e ffffffb7 00 13 5e 5d 52 39 ffffffb9 ffffffb8 ffffff8f | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 80 bytes at 0x7efea800c050 | unwrapped: 6c 47 6e 5e b1 39 0d 54 47 38 98 23 68 19 fe 38 | unwrapped: b9 55 ad 39 24 53 8c 3b c4 36 17 f8 b7 60 dc 4d | unwrapped: 3e 69 6a c0 55 c9 7f ce d9 8a 67 f4 bb 26 3b 7d | unwrapped: 35 17 65 ab 3c ba a5 b9 6e 92 98 4e a7 3b 48 cc | unwrapped: 33 49 c1 46 bb a8 9f 78 15 53 a3 f9 4d 5f fc 5b | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efeba8a5520 | result: final-key@0x7efea8005db0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efea8005db0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeba8a5508 | result: final-key@0x557c468f27a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efea8005db0 | prf+N PRF sha final-key@0x557c468f27a0 (size 20) | prf+N: key-key@0x557c468f27a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7efea8001a70 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7efeba8a5598 | result: result-key@0x7efea8005db0 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7efea8001a70 | prfplus: release old_t[N]-key@0x557c468f9700 | prf+N PRF sha init key-key@0x7efea8006900 (size 20) | prf+N: key-key@0x7efea8006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efea8006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeba8a5518 | result: clone-key@0x557c468f9700 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7efea80065a0 from key-key@0x557c468f9700 | prf+N prf: begin sha with context 0x7efea80065a0 from key-key@0x557c468f9700 | prf+N: release clone-key@0x557c468f9700 | prf+N PRF sha crypt-prf@0x7efea80010c0 | prf+N PRF sha update old_t-key@0x557c468f27a0 (size 20) | prf+N: old_t-key@0x557c468f27a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x557c468f27a0 | nss hmac digest hack: symkey-key@0x557c468f27a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1165340320: 25 ffffffd0 ffffffea ffffff88 ffffffe0 ffffffce ffffffdf 27 77 0a ffffffae 17 05 fffffff4 ffffffcf ffffffba 42 44 fffffff4 0b ffffffe1 ffffff89 26 ffffffeb 1b 6c ffffffc2 42 20 fffffffc ffffffda 39 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x7efea8006770 | unwrapped: 5e 30 a7 b5 69 c7 3e 60 aa 29 43 6c 89 10 63 4e | unwrapped: d9 36 e6 a3 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7efeb4006900 (size 80) | prf+N: seed-key@0x7efeb4006900 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x7efeb4006900 | nss hmac digest hack: symkey-key@0x7efeb4006900 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1165340320: ffffffa2 ffffffe7 ffffffd9 ffffffc8 ffffff9f ffffffb6 ffffffbb 51 fffffff1 fffffff8 06 55 05 53 ffffffa3 3e ffffff98 16 7b ffffff97 2a 6a ffffffe9 ffffff88 ffffffcb ffffffa0 ffffffd6 54 ffffffd8 ffffffbc ffffffd1 3a 5f ffffffa2 43 ffffff8f 7c ffffffd4 ffffffec 1a 16 ffffffdd 16 36 7d ffffffb5 17 ffffff8a ffffffb1 4c ffffffa4 67 ffffffef ffffff8b fffffffd 4f 64 fffffffd 10 ffffffc4 16 68 5e ffffff92 ffffffb3 5c ffffffb1 ffffffff 6d 3e ffffffb7 00 13 5e 5d 52 39 ffffffb9 ffffffb8 ffffff8f | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 80 bytes at 0x7efea8004ad0 | unwrapped: 6c 47 6e 5e b1 39 0d 54 47 38 98 23 68 19 fe 38 | unwrapped: b9 55 ad 39 24 53 8c 3b c4 36 17 f8 b7 60 dc 4d | unwrapped: 3e 69 6a c0 55 c9 7f ce d9 8a 67 f4 bb 26 3b 7d | unwrapped: 35 17 65 ab 3c ba a5 b9 6e 92 98 4e a7 3b 48 cc | unwrapped: 33 49 c1 46 bb a8 9f 78 15 53 a3 f9 4d 5f fc 5b | prf+N PRF sha update N++-byte@0x6 (6) | 06 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efeba8a5520 | result: final-key@0x7efea8001a70 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efea8001a70 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeba8a5508 | result: final-key@0x557c468f9700 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efea8001a70 | prf+N PRF sha final-key@0x557c468f9700 (size 20) | prf+N: key-key@0x557c468f9700 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7efea8005db0 (100-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7efeba8a5598 | result: result-key@0x7efea8001a70 (120-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7efea8005db0 | prfplus: release old_t[N]-key@0x557c468f27a0 | prf+N PRF sha init key-key@0x7efea8006900 (size 20) | prf+N: key-key@0x7efea8006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efea8006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeba8a5518 | result: clone-key@0x557c468f27a0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7efea8003aa0 from key-key@0x557c468f27a0 | prf+N prf: begin sha with context 0x7efea8003aa0 from key-key@0x557c468f27a0 | prf+N: release clone-key@0x557c468f27a0 | prf+N PRF sha crypt-prf@0x7efea8002a80 | prf+N PRF sha update old_t-key@0x557c468f9700 (size 20) | prf+N: old_t-key@0x557c468f9700 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x557c468f9700 | nss hmac digest hack: symkey-key@0x557c468f9700 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1165340320: 71 7a ffffffb4 ffffffa5 7c ffffffaa 5c ffffffe4 47 ffffffae 03 6a ffffffae 31 ffffffda ffffffb9 58 21 1b 72 ffffffb2 7c 4d ffffffb4 3d 22 fffffff7 48 ffffffdf 48 fffffff8 ffffffd3 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x7efea8001460 | unwrapped: e8 be a1 25 6e 4a d9 d2 80 ba 69 95 0a fb 3d d0 | unwrapped: db b0 26 7b 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7efeb4006900 (size 80) | prf+N: seed-key@0x7efeb4006900 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x7efeb4006900 | nss hmac digest hack: symkey-key@0x7efeb4006900 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1165340320: ffffffa2 ffffffe7 ffffffd9 ffffffc8 ffffff9f ffffffb6 ffffffbb 51 fffffff1 fffffff8 06 55 05 53 ffffffa3 3e ffffff98 16 7b ffffff97 2a 6a ffffffe9 ffffff88 ffffffcb ffffffa0 ffffffd6 54 ffffffd8 ffffffbc ffffffd1 3a 5f ffffffa2 43 ffffff8f 7c ffffffd4 ffffffec 1a 16 ffffffdd 16 36 7d ffffffb5 17 ffffff8a ffffffb1 4c ffffffa4 67 ffffffef ffffff8b fffffffd 4f 64 fffffffd 10 ffffffc4 16 68 5e ffffff92 ffffffb3 5c ffffffb1 ffffffff 6d 3e ffffffb7 00 13 5e 5d 52 39 ffffffb9 ffffffb8 ffffff8f | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 80 bytes at 0x7efea800c050 | unwrapped: 6c 47 6e 5e b1 39 0d 54 47 38 98 23 68 19 fe 38 | unwrapped: b9 55 ad 39 24 53 8c 3b c4 36 17 f8 b7 60 dc 4d | unwrapped: 3e 69 6a c0 55 c9 7f ce d9 8a 67 f4 bb 26 3b 7d | unwrapped: 35 17 65 ab 3c ba a5 b9 6e 92 98 4e a7 3b 48 cc | unwrapped: 33 49 c1 46 bb a8 9f 78 15 53 a3 f9 4d 5f fc 5b | prf+N PRF sha update N++-byte@0x7 (7) | 07 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efeba8a5520 | result: final-key@0x7efea8005db0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efea8005db0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeba8a5508 | result: final-key@0x557c468f27a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efea8005db0 | prf+N PRF sha final-key@0x557c468f27a0 (size 20) | prf+N: key-key@0x557c468f27a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7efea8001a70 (120-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7efeba8a5598 | result: result-key@0x7efea8005db0 (140-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7efea8001a70 | prfplus: release old_t[N]-key@0x557c468f9700 | prf+N PRF sha init key-key@0x7efea8006900 (size 20) | prf+N: key-key@0x7efea8006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efea8006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeba8a5518 | result: clone-key@0x557c468f9700 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7efea8003aa0 from key-key@0x557c468f9700 | prf+N prf: begin sha with context 0x7efea8003aa0 from key-key@0x557c468f9700 | prf+N: release clone-key@0x557c468f9700 | prf+N PRF sha crypt-prf@0x7efea80010c0 | prf+N PRF sha update old_t-key@0x557c468f27a0 (size 20) | prf+N: old_t-key@0x557c468f27a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x557c468f27a0 | nss hmac digest hack: symkey-key@0x557c468f27a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1165340320: 12 ffffffb6 5c 37 58 61 0b 0a ffffff84 ffffffbf 23 7c 55 4f ffffff86 ffffffdd ffffffbb 2b 21 72 ffffff83 fffffff0 ffffffa2 17 ffffffcd ffffffc0 ffffff8d 6c 11 ffffffe5 10 ffffff82 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x7efea800c1b0 | unwrapped: 51 b5 e4 4f a9 a9 c0 8b 29 32 dd c0 58 1a 27 60 | unwrapped: 3e 4a 52 00 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7efeb4006900 (size 80) | prf+N: seed-key@0x7efeb4006900 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x7efeb4006900 | nss hmac digest hack: symkey-key@0x7efeb4006900 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1165340320: ffffffa2 ffffffe7 ffffffd9 ffffffc8 ffffff9f ffffffb6 ffffffbb 51 fffffff1 fffffff8 06 55 05 53 ffffffa3 3e ffffff98 16 7b ffffff97 2a 6a ffffffe9 ffffff88 ffffffcb ffffffa0 ffffffd6 54 ffffffd8 ffffffbc ffffffd1 3a 5f ffffffa2 43 ffffff8f 7c ffffffd4 ffffffec 1a 16 ffffffdd 16 36 7d ffffffb5 17 ffffff8a ffffffb1 4c ffffffa4 67 ffffffef ffffff8b fffffffd 4f 64 fffffffd 10 ffffffc4 16 68 5e ffffff92 ffffffb3 5c ffffffb1 ffffffff 6d 3e ffffffb7 00 13 5e 5d 52 39 ffffffb9 ffffffb8 ffffff8f | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 80 bytes at 0x7efea8004a70 | unwrapped: 6c 47 6e 5e b1 39 0d 54 47 38 98 23 68 19 fe 38 | unwrapped: b9 55 ad 39 24 53 8c 3b c4 36 17 f8 b7 60 dc 4d | unwrapped: 3e 69 6a c0 55 c9 7f ce d9 8a 67 f4 bb 26 3b 7d | unwrapped: 35 17 65 ab 3c ba a5 b9 6e 92 98 4e a7 3b 48 cc | unwrapped: 33 49 c1 46 bb a8 9f 78 15 53 a3 f9 4d 5f fc 5b | prf+N PRF sha update N++-byte@0x8 (8) | 08 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efeba8a5520 | result: final-key@0x7efea8001a70 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efea8001a70 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeba8a5508 | result: final-key@0x557c468f9700 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efea8001a70 | prf+N PRF sha final-key@0x557c468f9700 (size 20) | prf+N: key-key@0x557c468f9700 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7efea8005db0 (140-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7efeba8a5598 | result: result-key@0x7efea8001a70 (160-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7efea8005db0 | prfplus: release old_t[N]-key@0x557c468f27a0 | prfplus: release old_t[final]-key@0x557c468f9700 | ike_sa_keymat: release data-key@0x7efeb4006900 | calc_skeyseed_v2: release skeyseed_k-key@0x7efea8006900 | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efea8001a70 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeba8a5738 | result: result-key@0x7efea8006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 20, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efea8001a70 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeba8a5738 | result: result-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 40, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efea8001a70 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeba8a5738 | result: result-key@0x557c468f9700 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 60, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: DES3_CBC | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x7efea8001a70 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeba8a5748 | result: SK_ei_k-key@0x557c468f27a0 (24-bytes, DES3_CBC) | initiator salt NULL key has no bytes | calc_skeyseed_v2: release initiator-salt-key-key@NULL | key-offset: 84, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: DES3_CBC | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x7efea8001a70 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeba8a5748 | result: SK_er_k-key@0x7efea8005db0 (24-bytes, DES3_CBC) | responder salt NULL key has no bytes | calc_skeyseed_v2: release responder-salt-key-key@NULL | key-offset: 108, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efea8001a70 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeba8a5748 | result: result-key@0x7efea800c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 20 bytes of key@0x7efea800c3d0 | chunk_SK_pi: symkey-key@0x7efea800c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1717986918: 56 ffffff9c ffffffbf ffffff84 55 ffffffdd ffffff97 ffffffd1 ffffff96 30 ffffffa0 2f ffffff8c 5e ffffffaf 36 ffffff82 06 24 fffffffd 79 ffffff81 23 73 6a 40 ffffffe3 ffffff98 65 3e ffffffee ffffffe0 | chunk_SK_pi: release slot-key-key@0x557c468d1160 | chunk_SK_pi extracted len 32 bytes at 0x7efea800c1e0 | unwrapped: 80 ba 69 95 0a fb 3d d0 db b0 26 7b 51 b5 e4 4f | unwrapped: a9 a9 c0 8b 00 00 00 00 00 00 00 00 00 00 00 00 | key-offset: 128, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efea8001a70 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeba8a5748 | result: result-key@0x7efea800c5c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 20 bytes of key@0x7efea800c5c0 | chunk_SK_pr: symkey-key@0x7efea800c5c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1717986918: ffffffe6 ffffffe4 24 73 26 ffffffa3 ffffffc3 1f 49 ffffffd7 71 ffffffe7 ffffffad 19 4b 14 51 ffffffbc ffffffef 49 60 29 70 ffffffa7 ffffffa0 ffffff82 ffffffee ffffffce ffffffa2 20 35 30 | chunk_SK_pr: release slot-key-key@0x557c468d1160 | chunk_SK_pr extracted len 32 bytes at 0x7efea8003900 | unwrapped: 29 32 dd c0 58 1a 27 60 3e 4a 52 00 4b 9c 87 f4 | unwrapped: ca 1c 6a 57 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x7efea8001a70 | calc_skeyseed_v2 pointers: shared-key@0x7efe9c00bdb0, SK_d-key@0x7efea8006900, SK_ai-key@0x7efeb4006900, SK_ar-key@0x557c468f9700, SK_ei-key@0x557c468f27a0, SK_er-key@0x7efea8005db0, SK_pi-key@0x7efea800c3d0, SK_pr-key@0x7efea800c5c0 | calc_skeyseed_v2 initiator salt | | calc_skeyseed_v2 responder salt | | calc_skeyseed_v2 SK_pi | 80 ba 69 95 0a fb 3d d0 db b0 26 7b 51 b5 e4 4f | a9 a9 c0 8b | calc_skeyseed_v2 SK_pr | 29 32 dd c0 58 1a 27 60 3e 4a 52 00 4b 9c 87 f4 | ca 1c 6a 57 | crypto helper 4 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 12 time elapsed 0.003415 seconds | (#19) spent 2.86 milliseconds in crypto helper computing work-order 12: ikev2_inI2outR2 KE (pcr) | crypto helper 4 sending results from work-order 12 for state #19 to event queue | scheduling resume sending helper answer for #19 | libevent_malloc: new ptr-libevent@0x7efea80037a0 size 128 | crypto helper 4 waiting (nothing to do) | processing resume sending helper answer for #19 | start processing: state #19 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 4 replies to request ID 12 | calling continuation function 0x557c447f4630 | ikev2_parent_inI2outR2_continue for #19: calculating g^{xy}, sending R2 | DH secret MODP2048@0x7efea4002010: transferring ownership from helper IKEv2 DH to state #19 | finish_dh_v2: release st_shared_nss-key@NULL | #19 in state PARENT_R1: received v2I1, sent v2R1 | hmac PRF sha init symkey-key@0x7efeb4006900 (size 20) | hmac: symkey-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f58c28 | result: clone-key@0x7efea8001a70 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x557c468d06c0 from symkey-key@0x7efea8001a70 | hmac prf: begin sha with context 0x557c468d06c0 from symkey-key@0x7efea8001a70 | hmac: release clone-key@0x7efea8001a70 | hmac PRF sha crypt-prf@0x557c468f0e90 | hmac PRF sha update data-bytes@0x557c46874050 (length 184) | 33 49 c1 46 bb a8 9f 78 15 53 a3 f9 4d 5f fc 5b | 2e 20 23 08 00 00 00 01 00 00 00 c4 23 00 00 a8 | 68 0f a9 6d ad 29 c0 4e 43 78 c7 38 1c 54 6e 5d | 71 13 1d 24 f1 cd 3d bf 8b 77 d6 ae 3f 8e 2c 9c | 5c f1 d0 b7 1b d2 54 7d b2 12 b0 4a ec 9f b7 21 | 5e 1b c4 34 0f d6 4d b0 f7 f2 26 e3 68 a5 4b ae | 48 2e 15 12 e0 b2 f8 e1 a5 c0 de ff 52 c1 ce 1a | 77 33 b0 32 94 d0 af d3 c9 79 8b ee 2a 60 5d 70 | a1 46 37 e9 17 bb 3d 53 68 0e b2 4b f4 0a d4 53 | 2a f7 d7 10 b3 eb 34 1d 61 7a 40 d6 cc 2c be 2f | f2 53 02 60 64 eb 7d 50 9c ea d0 ae d9 db 28 0e | ec db 8c fc 9f 5c 75 1a | hmac PRF sha final-bytes@0x7fff72f58df0 (length 20) | ba c7 84 f5 41 71 4f 89 88 2e 7d 89 3b e5 e8 0d | c4 08 06 e1 | data for hmac: 33 49 c1 46 bb a8 9f 78 15 53 a3 f9 4d 5f fc 5b | data for hmac: 2e 20 23 08 00 00 00 01 00 00 00 c4 23 00 00 a8 | data for hmac: 68 0f a9 6d ad 29 c0 4e 43 78 c7 38 1c 54 6e 5d | data for hmac: 71 13 1d 24 f1 cd 3d bf 8b 77 d6 ae 3f 8e 2c 9c | data for hmac: 5c f1 d0 b7 1b d2 54 7d b2 12 b0 4a ec 9f b7 21 | data for hmac: 5e 1b c4 34 0f d6 4d b0 f7 f2 26 e3 68 a5 4b ae | data for hmac: 48 2e 15 12 e0 b2 f8 e1 a5 c0 de ff 52 c1 ce 1a | data for hmac: 77 33 b0 32 94 d0 af d3 c9 79 8b ee 2a 60 5d 70 | data for hmac: a1 46 37 e9 17 bb 3d 53 68 0e b2 4b f4 0a d4 53 | data for hmac: 2a f7 d7 10 b3 eb 34 1d 61 7a 40 d6 cc 2c be 2f | data for hmac: f2 53 02 60 64 eb 7d 50 9c ea d0 ae d9 db 28 0e | data for hmac: ec db 8c fc 9f 5c 75 1a | calculated auth: ba c7 84 f5 41 71 4f 89 88 2e 7d 89 | provided auth: ba c7 84 f5 41 71 4f 89 88 2e 7d 89 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 68 0f a9 6d ad 29 c0 4e | payload before decryption: | 43 78 c7 38 1c 54 6e 5d 71 13 1d 24 f1 cd 3d bf | 8b 77 d6 ae 3f 8e 2c 9c 5c f1 d0 b7 1b d2 54 7d | b2 12 b0 4a ec 9f b7 21 5e 1b c4 34 0f d6 4d b0 | f7 f2 26 e3 68 a5 4b ae 48 2e 15 12 e0 b2 f8 e1 | a5 c0 de ff 52 c1 ce 1a 77 33 b0 32 94 d0 af d3 | c9 79 8b ee 2a 60 5d 70 a1 46 37 e9 17 bb 3d 53 | 68 0e b2 4b f4 0a d4 53 2a f7 d7 10 b3 eb 34 1d | 61 7a 40 d6 cc 2c be 2f f2 53 02 60 64 eb 7d 50 | 9c ea d0 ae d9 db 28 0e ec db 8c fc 9f 5c 75 1a | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | payload after decryption: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c | 02 00 00 00 65 61 73 74 21 00 00 1c 02 00 00 00 | 5b 20 cb 3d 68 01 ad 02 5d 45 a0 70 fa 7e a4 84 | 26 2f b3 3a 2c 00 00 28 00 00 00 24 01 03 04 03 | 2b 5e cc 02 03 00 00 08 01 00 00 03 03 00 00 08 | 03 00 00 02 00 00 00 08 05 00 00 00 2d 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 01 00 | c0 00 01 ff 00 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 02 00 c0 00 02 ff 00 01 02 03 | stripping 4 octets as pad | #19 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) | **parse IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2IDr (0x24) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDi (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) | **parse IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDr (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) | **parse IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | length: 28 (0x1c) | auth method: IKEv2_AUTH_SHARED (0x2) | processing payload: ISAKMP_NEXT_v2AUTH (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | **parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) | flags: none (0x0) | length: 40 (0x28) | processing payload: ISAKMP_NEXT_v2SA (len=36) | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) | **parse IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSi (len=16) | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) | **parse IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSr (len=16) | selected state microcode Responder: process IKE_AUTH request | Now let's proceed with state specific processing | calling processor Responder: process IKE_AUTH request "east" #19: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr} | #19 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) | received IDr payload - extracting our alleged ID | refine_host_connection for IKEv2: starting with "east" | match_id a=@west | b=@west | results matched | refine_host_connection: checking "east" against "east", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0)) | Warning: not switching back to template of current instance | Peer expects us to be @east (ID_FQDN) according to its IDr payload | This connection's local id is @east (ID_FQDN) | refine_host_connection: checked east against east, now for see if best | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x557c468dd5e0 (line=1) | concluding with best_match=014 best=0x557c468dd5e0 (lineno=1) | returning because exact peer id match | offered CA: '%none' "east" #19: IKEv2 mode peer ID is ID_FQDN: '@west' | hmac PRF sha init symkey-key@0x7efea800c3d0 (size 20) | hmac: symkey-key@0x7efea800c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efea800c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f58698 | result: clone-key@0x7efea8001a70 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x557c468d06c0 from symkey-key@0x7efea8001a70 | hmac prf: begin sha with context 0x557c468d06c0 from symkey-key@0x7efea8001a70 | hmac: release clone-key@0x7efea8001a70 | hmac PRF sha crypt-prf@0x557c468ea9d0 | idhash verify I2 02 00 00 00 77 65 73 74 | hmac PRF sha update data-bytes@0x557c4687407c (length 8) | 02 00 00 00 77 65 73 74 | hmac PRF sha final-bytes@0x7fff72f58850 (length 20) | 44 41 ce 41 c0 64 1a bd 15 3f eb 31 c9 3a c5 0b | 59 76 a1 40 | verifying AUTH payload | ikev2_calculate_psk_sighash() called from STATE_PARENT_R1 to verify PSK with authby=secret | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x557c468dd5e0 (line=1) | concluding with best_match=014 best=0x557c468dd5e0 (lineno=1) | inputs to hash1 (first packet) | 33 49 c1 46 bb a8 9f 78 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | 70 0f 0b 91 33 30 52 da d0 52 4f e2 b2 33 e6 4f | 26 bc aa f9 e5 81 e0 c4 2d 3b 11 cb 02 e5 88 8e | 16 a9 08 04 18 15 f4 bc d5 d2 b1 4d 93 6c d4 8e | 71 d1 a1 04 4f 22 8f d6 18 21 39 c8 15 e1 c1 f1 | a3 50 7c 98 fe 78 db 01 6c 0c ad 2f 0a b1 bc d8 | ca 1f 61 49 15 67 26 e3 2f 2f 5c 7b 13 79 d8 f9 | e4 81 75 6a 1a cf f2 7d 2f 0d 8a 9b c8 f3 06 c6 | 7d 91 d7 42 07 f5 5d 5a 70 d9 cc ab 37 02 03 80 | 23 04 40 4d 82 e2 86 32 19 28 b4 c6 b6 32 ac 4a | 80 66 f9 59 42 25 aa 5a be de 81 70 8e ea da 0e | 5e 57 15 ea 10 48 15 1e 56 d1 58 99 c1 0f 7e d2 | 31 d8 b0 ec 71 b4 aa 13 c6 e2 69 61 23 08 9c 05 | 23 f6 0f d1 07 85 83 94 05 f3 30 7a fc 86 cf 5c | b5 be 3b 64 48 2a 1f de de 7c e8 40 a9 d2 23 b6 | de cc 17 c5 37 a1 78 da d1 71 db 47 58 48 6c b5 | 4c 45 75 37 5b 51 61 f8 6d ba 3f 74 48 ac 97 e0 | 29 00 00 24 6c 47 6e 5e b1 39 0d 54 47 38 98 23 | 68 19 fe 38 b9 55 ad 39 24 53 8c 3b c4 36 17 f8 | b7 60 dc 4d 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 49 3b 75 82 0d 55 fc 41 fe db 99 36 | b1 eb 08 53 91 b1 11 27 00 00 00 1c 00 00 40 05 | 6f dd a3 3f 28 9d 53 1b 2d 97 14 c6 79 98 7b 37 | 0e 9e f8 d9 | verify: initiator inputs to hash2 (responder nonce) | 3e 69 6a c0 55 c9 7f ce d9 8a 67 f4 bb 26 3b 7d | 35 17 65 ab 3c ba a5 b9 6e 92 98 4e a7 3b 48 cc | idhash 44 41 ce 41 c0 64 1a bd 15 3f eb 31 c9 3a c5 0b | idhash 59 76 a1 40 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x557c468e7dc0 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f584a0 | result: shared secret-key@0x7efea40067f0 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x7efea40067f0 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f58488 | result: shared secret-key@0x7efea8001a70 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x7efea40067f0 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x557c468d06c0 from shared secret-key@0x7efea8001a70 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x557c468d06c0 from shared secret-key@0x7efea8001a70 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7efea8001a70 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x557c468f0e90 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x557c44887bb0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f584c0 | result: final-key@0x7efea40067f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efea40067f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f584a8 | result: final-key@0x7efea8001a70 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efea40067f0 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7efea8001a70 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7efea8001a70 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7efea8001a70 (size 20) | = prf(, ): -key@0x7efea8001a70 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efea8001a70 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f584b8 | result: clone-key@0x7efea40067f0 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x557c468d06c0 from -key@0x7efea40067f0 | = prf(, ) prf: begin sha with context 0x557c468d06c0 from -key@0x7efea40067f0 | = prf(, ): release clone-key@0x7efea40067f0 | = prf(, ) PRF sha crypt-prf@0x557c468f2830 | = prf(, ) PRF sha update first-packet-bytes@0x557c468f5e50 (length 436) | 33 49 c1 46 bb a8 9f 78 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | 70 0f 0b 91 33 30 52 da d0 52 4f e2 b2 33 e6 4f | 26 bc aa f9 e5 81 e0 c4 2d 3b 11 cb 02 e5 88 8e | 16 a9 08 04 18 15 f4 bc d5 d2 b1 4d 93 6c d4 8e | 71 d1 a1 04 4f 22 8f d6 18 21 39 c8 15 e1 c1 f1 | a3 50 7c 98 fe 78 db 01 6c 0c ad 2f 0a b1 bc d8 | ca 1f 61 49 15 67 26 e3 2f 2f 5c 7b 13 79 d8 f9 | e4 81 75 6a 1a cf f2 7d 2f 0d 8a 9b c8 f3 06 c6 | 7d 91 d7 42 07 f5 5d 5a 70 d9 cc ab 37 02 03 80 | 23 04 40 4d 82 e2 86 32 19 28 b4 c6 b6 32 ac 4a | 80 66 f9 59 42 25 aa 5a be de 81 70 8e ea da 0e | 5e 57 15 ea 10 48 15 1e 56 d1 58 99 c1 0f 7e d2 | 31 d8 b0 ec 71 b4 aa 13 c6 e2 69 61 23 08 9c 05 | 23 f6 0f d1 07 85 83 94 05 f3 30 7a fc 86 cf 5c | b5 be 3b 64 48 2a 1f de de 7c e8 40 a9 d2 23 b6 | de cc 17 c5 37 a1 78 da d1 71 db 47 58 48 6c b5 | 4c 45 75 37 5b 51 61 f8 6d ba 3f 74 48 ac 97 e0 | 29 00 00 24 6c 47 6e 5e b1 39 0d 54 47 38 98 23 | 68 19 fe 38 b9 55 ad 39 24 53 8c 3b c4 36 17 f8 | b7 60 dc 4d 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 49 3b 75 82 0d 55 fc 41 fe db 99 36 | b1 eb 08 53 91 b1 11 27 00 00 00 1c 00 00 40 05 | 6f dd a3 3f 28 9d 53 1b 2d 97 14 c6 79 98 7b 37 | 0e 9e f8 d9 | = prf(, ) PRF sha update nonce-bytes@0x7efea4005cd0 (length 32) | 3e 69 6a c0 55 c9 7f ce d9 8a 67 f4 bb 26 3b 7d | 35 17 65 ab 3c ba a5 b9 6e 92 98 4e a7 3b 48 cc | = prf(, ) PRF sha update hash-bytes@0x7fff72f58850 (length 20) | 44 41 ce 41 c0 64 1a bd 15 3f eb 31 c9 3a c5 0b | 59 76 a1 40 | = prf(, ) PRF sha final-chunk@0x557c468ea9d0 (length 20) | 5b 20 cb 3d 68 01 ad 02 5d 45 a0 70 fa 7e a4 84 | 26 2f b3 3a | psk_auth: release prf-psk-key@0x7efea8001a70 | Received PSK auth octets | 5b 20 cb 3d 68 01 ad 02 5d 45 a0 70 fa 7e a4 84 | 26 2f b3 3a | Calculated PSK auth octets | 5b 20 cb 3d 68 01 ad 02 5d 45 a0 70 fa 7e a4 84 | 26 2f b3 3a "east" #19: Authenticated using authby=secret | parent state #19: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA) | #19 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) | state #19 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7efeb0008da0 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7efea8002b20 | event_schedule: new EVENT_SA_REKEY-pe@0x7efea8002b20 | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #19 | libevent_malloc: new ptr-libevent@0x7efeb0008da0 size 128 | pstats #19 ikev2.ike established | **emit ISAKMP Message: | initiator cookie: | 33 49 c1 46 bb a8 9f 78 | responder cookie: | 15 53 a3 f9 4d 5f fc 5b | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | hmac PRF sha init symkey-key@0x7efea800c5c0 (size 20) | hmac: symkey-key@0x7efea800c5c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efea800c5c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f58008 | result: clone-key@0x7efea8001a70 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x557c468d06c0 from symkey-key@0x7efea8001a70 | hmac prf: begin sha with context 0x557c468d06c0 from symkey-key@0x7efea8001a70 | hmac: release clone-key@0x7efea8001a70 | hmac PRF sha crypt-prf@0x557c468ed880 | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload | my identity 65 61 73 74 | emitting length of IKEv2 Identification - Responder - Payload: 12 | idhash calc R2 02 00 00 00 65 61 73 74 | hmac PRF sha update data-bytes@0x557c448f396c (length 8) | 02 00 00 00 65 61 73 74 | hmac PRF sha final-bytes@0x7fff72f58310 (length 20) | 03 79 cd e6 d2 a8 81 80 a8 11 61 16 f0 1f bd 70 | bd 46 f8 25 | assembled IDr payload | CHILD SA proposals received | going to assemble AUTH payload | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | auth method: IKEv2_AUTH_SHARED (0x2) | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_R2 to create PSK with authby=secret | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x557c468dd5e0 (line=1) | concluding with best_match=014 best=0x557c468dd5e0 (lineno=1) | inputs to hash1 (first packet) | 33 49 c1 46 bb a8 9f 78 15 53 a3 f9 4d 5f fc 5b | 21 20 22 20 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | af 4b cd bd 95 71 09 ef 61 a3 ce d1 2f a9 9c 72 | e2 54 45 19 47 e2 3a 57 02 90 03 ee 8f 47 5d 18 | d4 24 c3 15 18 e7 29 6c 4c b5 16 a4 3d 77 99 ba | b4 69 71 56 37 c4 53 e1 43 85 13 05 37 1c b4 76 | 3f 4f 83 6b 2d d2 49 3e 1e e4 c1 27 b2 f3 7e 21 | b1 61 df 24 b8 f5 eb 68 b4 c4 9f a5 09 ad 2c 17 | 64 a0 b6 77 71 d4 68 c6 0b 9d 8f c5 7b a5 00 74 | da ba b1 ba ab f2 6f f8 96 eb 3c 0b 8a 91 3b 07 | 82 3f 37 c7 9b 7b e5 8a 1c 7e cd cb 46 07 26 7b | 9c 18 7a 51 c1 2a 16 0f 6d 35 9b 37 5c c5 66 80 | 5e 92 01 c9 58 a7 dd bc ba b5 5e 63 99 c1 e8 04 | b0 33 3b a1 82 13 5b 3e e8 64 b8 d5 31 bf 4f af | fb 26 55 09 9c c8 33 5f 49 44 0e 59 be 56 65 ee | 4b 18 15 5a c1 cc dd bb 7f c9 ac e7 f3 a5 d1 05 | f2 c1 70 b2 83 6c 4d 1d 28 d2 81 aa d5 12 86 ac | 73 bc 4e 0c 5f c4 11 11 ee aa 53 08 57 98 6c 94 | 29 00 00 24 3e 69 6a c0 55 c9 7f ce d9 8a 67 f4 | bb 26 3b 7d 35 17 65 ab 3c ba a5 b9 6e 92 98 4e | a7 3b 48 cc 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 82 cd 10 83 f7 65 05 84 cd ce 28 71 | 48 2a 9a 5c a4 42 89 25 00 00 00 1c 00 00 40 05 | f9 fd e3 80 2b ff 64 83 8b b8 e3 27 c2 5e 23 2b | b2 34 e1 a5 | create: responder inputs to hash2 (initiator nonce) | 6c 47 6e 5e b1 39 0d 54 47 38 98 23 68 19 fe 38 | b9 55 ad 39 24 53 8c 3b c4 36 17 f8 b7 60 dc 4d | idhash 03 79 cd e6 d2 a8 81 80 a8 11 61 16 f0 1f bd 70 | idhash bd 46 f8 25 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x557c468e7dc0 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f57e00 | result: shared secret-key@0x7efea40067f0 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x7efea40067f0 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57de8 | result: shared secret-key@0x7efea8001a70 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x7efea40067f0 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x557c468d06c0 from shared secret-key@0x7efea8001a70 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x557c468d06c0 from shared secret-key@0x7efea8001a70 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7efea8001a70 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x557c468ea9d0 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x557c44887bb0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f57e20 | result: final-key@0x7efea40067f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efea40067f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57e08 | result: final-key@0x7efea8001a70 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efea40067f0 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7efea8001a70 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7efea8001a70 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7efea8001a70 (size 20) | = prf(, ): -key@0x7efea8001a70 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efea8001a70 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57e18 | result: clone-key@0x7efea40067f0 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x557c468d06c0 from -key@0x7efea40067f0 | = prf(, ) prf: begin sha with context 0x557c468d06c0 from -key@0x7efea40067f0 | = prf(, ): release clone-key@0x7efea40067f0 | = prf(, ) PRF sha crypt-prf@0x557c468f0e90 | = prf(, ) PRF sha update first-packet-bytes@0x557c468f6250 (length 436) | 33 49 c1 46 bb a8 9f 78 15 53 a3 f9 4d 5f fc 5b | 21 20 22 20 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | af 4b cd bd 95 71 09 ef 61 a3 ce d1 2f a9 9c 72 | e2 54 45 19 47 e2 3a 57 02 90 03 ee 8f 47 5d 18 | d4 24 c3 15 18 e7 29 6c 4c b5 16 a4 3d 77 99 ba | b4 69 71 56 37 c4 53 e1 43 85 13 05 37 1c b4 76 | 3f 4f 83 6b 2d d2 49 3e 1e e4 c1 27 b2 f3 7e 21 | b1 61 df 24 b8 f5 eb 68 b4 c4 9f a5 09 ad 2c 17 | 64 a0 b6 77 71 d4 68 c6 0b 9d 8f c5 7b a5 00 74 | da ba b1 ba ab f2 6f f8 96 eb 3c 0b 8a 91 3b 07 | 82 3f 37 c7 9b 7b e5 8a 1c 7e cd cb 46 07 26 7b | 9c 18 7a 51 c1 2a 16 0f 6d 35 9b 37 5c c5 66 80 | 5e 92 01 c9 58 a7 dd bc ba b5 5e 63 99 c1 e8 04 | b0 33 3b a1 82 13 5b 3e e8 64 b8 d5 31 bf 4f af | fb 26 55 09 9c c8 33 5f 49 44 0e 59 be 56 65 ee | 4b 18 15 5a c1 cc dd bb 7f c9 ac e7 f3 a5 d1 05 | f2 c1 70 b2 83 6c 4d 1d 28 d2 81 aa d5 12 86 ac | 73 bc 4e 0c 5f c4 11 11 ee aa 53 08 57 98 6c 94 | 29 00 00 24 3e 69 6a c0 55 c9 7f ce d9 8a 67 f4 | bb 26 3b 7d 35 17 65 ab 3c ba a5 b9 6e 92 98 4e | a7 3b 48 cc 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 82 cd 10 83 f7 65 05 84 cd ce 28 71 | 48 2a 9a 5c a4 42 89 25 00 00 00 1c 00 00 40 05 | f9 fd e3 80 2b ff 64 83 8b b8 e3 27 c2 5e 23 2b | b2 34 e1 a5 | = prf(, ) PRF sha update nonce-bytes@0x7efeb00089c0 (length 32) | 6c 47 6e 5e b1 39 0d 54 47 38 98 23 68 19 fe 38 | b9 55 ad 39 24 53 8c 3b c4 36 17 f8 b7 60 dc 4d | = prf(, ) PRF sha update hash-bytes@0x7fff72f58310 (length 20) | 03 79 cd e6 d2 a8 81 80 a8 11 61 16 f0 1f bd 70 | bd 46 f8 25 | = prf(, ) PRF sha final-chunk@0x557c468ed880 (length 20) | e4 88 94 af ad bd 48 20 fa d8 bb 9d 42 ba b5 ca | 88 3b c5 2e | psk_auth: release prf-psk-key@0x7efea8001a70 | PSK auth octets e4 88 94 af ad bd 48 20 fa d8 bb 9d 42 ba b5 ca | PSK auth octets 88 3b c5 2e | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth e4 88 94 af ad bd 48 20 fa d8 bb 9d 42 ba b5 ca | PSK auth 88 3b c5 2e | emitting length of IKEv2 Authentication Payload: 28 | creating state object #20 at 0x557c468fc840 | State DB: adding IKEv2 state #20 in UNDEFINED | pstats #20 ikev2.child started | duplicating state object #19 "east" as #20 for IPSEC SA | #20 setting local endpoint to 192.1.2.23:500 from #19.st_localport (in duplicate_state() at state.c:1481) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x7efea8006900 | duplicate_state: reference st_skey_ai_nss-key@0x7efeb4006900 | duplicate_state: reference st_skey_ar_nss-key@0x557c468f9700 | duplicate_state: reference st_skey_ei_nss-key@0x557c468f27a0 | duplicate_state: reference st_skey_er_nss-key@0x7efea8005db0 | duplicate_state: reference st_skey_pi_nss-key@0x7efea800c3d0 | duplicate_state: reference st_skey_pr_nss-key@0x7efea800c5c0 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #19.#20; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #19 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1 | Message ID: switch-to #19.#20 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1 | Child SA TS Request has ike->sa == md->st; so using parent connection | TSi: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 01 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 01 ff | TSi: parsed 1 traffic selectors | TSr: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 02 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 02 ff | TSr: parsed 1 traffic selectors | looking for best SPD in current connection | evaluating our conn="east" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | found better spd route for TSi[0],TSr[0] | looking for better host pair | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | checking hostpair 192.0.2.0/24:0 -> 192.0.1.0/24:0 is found | investigating connection "east" as a better match | match_id a=@west | b=@west | results matched | evaluating our conn="east" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | did not find a better connection using host pair | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV4_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.2.0-192.0.2.255 | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV4_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.1.0-192.0.1.255 | using existing local ESP/AH proposals for east (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED 2:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 0 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 1 transforms | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 0 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 1 transforms | local proposal 2 transforms: required: ENCR+INTEG+ESN; optional: DH | ***parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 36 (0x24) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI | remote SPI 2b 5e cc 02 | Comparing remote proposal 1 containing 3 transforms against local proposal [1..2] of 2 local proposals | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | remote proposal 1 transform 0 (ENCR=3DES) matches local proposal 2 type 1 (ENCR) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: INTEG+ESN | remote proposal 1 does not match local proposal 1; unmatched transforms: ENCR; missing transforms: ENCR | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 2; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN | remote proposal 1 matches local proposal 2 "east" #19: proposal 1:ESP:SPI=2b5ecc02;ENCR=3DES;INTEG=HMAC_SHA1_96;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;ESN=DISABLED[first-match] | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=2b5ecc02;ENCR=3DES;INTEG=HMAC_SHA1_96;ESN=DISABLED | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: 3DES=3, found 3DES_CBC | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: NONE=0, found NONE | netlink_get_spi: allocated 0x92d9e9c2 for esp.0@192.1.2.23 | Emitting ikev2_proposal ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 92 d9 e9 c2 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 36 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 40 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 00 01 00 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 00 01 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 00 02 00 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 00 02 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | integ=sha: .key_size=20 encrypt=3des_cbc: .key_size=24 .salt_size=0 keymat_len=44 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f57e90 | result: data=Ni-key@0x7efea40067f0 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x7efea40067f0 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57e78 | result: data=Ni-key@0x7efea8001a70 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x7efea40067f0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7efea8001a70 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff72f57e80 | result: data+=Nr-key@0x7efea40067f0 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x7efea8001a70 | prf+0 PRF sha init key-key@0x7efea8006900 (size 20) | prf+0: key-key@0x7efea8006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efea8006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57da8 | result: clone-key@0x7efea8001a70 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x557c468d06c0 from key-key@0x7efea8001a70 | prf+0 prf: begin sha with context 0x557c468d06c0 from key-key@0x7efea8001a70 | prf+0: release clone-key@0x7efea8001a70 | prf+0 PRF sha crypt-prf@0x557c468f2830 | prf+0 PRF sha update seed-key@0x7efea40067f0 (size 64) | prf+0: seed-key@0x7efea40067f0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7efea40067f0 | nss hmac digest hack: symkey-key@0x7efea40067f0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1928690160: ffffffa2 ffffffe7 ffffffd9 ffffffc8 ffffff9f ffffffb6 ffffffbb 51 fffffff1 fffffff8 06 55 05 53 ffffffa3 3e ffffff98 16 7b ffffff97 2a 6a ffffffe9 ffffff88 ffffffcb ffffffa0 ffffffd6 54 ffffffd8 ffffffbc ffffffd1 3a 5f ffffffa2 43 ffffff8f 7c ffffffd4 ffffffec 1a 16 ffffffdd 16 36 7d ffffffb5 17 ffffff8a ffffffb1 4c ffffffa4 67 ffffffef ffffff8b fffffffd 4f 64 fffffffd 10 ffffffc4 16 68 5e ffffff92 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 64 bytes at 0x557c468f0c60 | unwrapped: 6c 47 6e 5e b1 39 0d 54 47 38 98 23 68 19 fe 38 | unwrapped: b9 55 ad 39 24 53 8c 3b c4 36 17 f8 b7 60 dc 4d | unwrapped: 3e 69 6a c0 55 c9 7f ce d9 8a 67 f4 bb 26 3b 7d | unwrapped: 35 17 65 ab 3c ba a5 b9 6e 92 98 4e a7 3b 48 cc | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f57db0 | result: final-key@0x7efea0006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efea0006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57d98 | result: final-key@0x7efea8001a70 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efea0006900 | prf+0 PRF sha final-key@0x7efea8001a70 (size 20) | prf+0: key-key@0x7efea8001a70 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x7efea8001a70 | prf+N PRF sha init key-key@0x7efea8006900 (size 20) | prf+N: key-key@0x7efea8006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efea8006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57da8 | result: clone-key@0x7efea0006900 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x557c468d06c0 from key-key@0x7efea0006900 | prf+N prf: begin sha with context 0x557c468d06c0 from key-key@0x7efea0006900 | prf+N: release clone-key@0x7efea0006900 | prf+N PRF sha crypt-prf@0x557c468ea9d0 | prf+N PRF sha update old_t-key@0x7efea8001a70 (size 20) | prf+N: old_t-key@0x7efea8001a70 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7efea8001a70 | nss hmac digest hack: symkey-key@0x7efea8001a70 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1928690160: fffffffd ffffffdf ffffffec 4b ffffffd7 ffffffed 25 ffffffc5 72 fffffff4 4c ffffff83 0c 53 ffffff82 ffffff9b ffffffe5 22 5c fffffffd ffffff9c ffffffe0 2e 1b ffffffcb 12 32 ffffffc2 54 ffffff88 43 32 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x557c468f0cb0 | unwrapped: 18 36 c2 a7 61 97 e6 5e d4 fe f9 f1 8a d7 e9 19 | unwrapped: c7 fb 6b 4c 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7efea40067f0 (size 64) | prf+N: seed-key@0x7efea40067f0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7efea40067f0 | nss hmac digest hack: symkey-key@0x7efea40067f0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1928690160: ffffffa2 ffffffe7 ffffffd9 ffffffc8 ffffff9f ffffffb6 ffffffbb 51 fffffff1 fffffff8 06 55 05 53 ffffffa3 3e ffffff98 16 7b ffffff97 2a 6a ffffffe9 ffffff88 ffffffcb ffffffa0 ffffffd6 54 ffffffd8 ffffffbc ffffffd1 3a 5f ffffffa2 43 ffffff8f 7c ffffffd4 ffffffec 1a 16 ffffffdd 16 36 7d ffffffb5 17 ffffff8a ffffffb1 4c ffffffa4 67 ffffffef ffffff8b fffffffd 4f 64 fffffffd 10 ffffffc4 16 68 5e ffffff92 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 64 bytes at 0x557c468f0b70 | unwrapped: 6c 47 6e 5e b1 39 0d 54 47 38 98 23 68 19 fe 38 | unwrapped: b9 55 ad 39 24 53 8c 3b c4 36 17 f8 b7 60 dc 4d | unwrapped: 3e 69 6a c0 55 c9 7f ce d9 8a 67 f4 bb 26 3b 7d | unwrapped: 35 17 65 ab 3c ba a5 b9 6e 92 98 4e a7 3b 48 cc | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f57db0 | result: final-key@0x7efeb4006720 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efeb4006720 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57d98 | result: final-key@0x7efea0006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efeb4006720 | prf+N PRF sha final-key@0x7efea0006900 (size 20) | prf+N: key-key@0x7efea0006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7efea8001a70 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff72f57e28 | result: result-key@0x7efeb4006720 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7efea8001a70 | prfplus: release old_t[N]-key@0x7efea8001a70 | prf+N PRF sha init key-key@0x7efea8006900 (size 20) | prf+N: key-key@0x7efea8006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efea8006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57da8 | result: clone-key@0x7efea8001a70 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x557c468d06c0 from key-key@0x7efea8001a70 | prf+N prf: begin sha with context 0x557c468d06c0 from key-key@0x7efea8001a70 | prf+N: release clone-key@0x7efea8001a70 | prf+N PRF sha crypt-prf@0x557c468f28a0 | prf+N PRF sha update old_t-key@0x7efea0006900 (size 20) | prf+N: old_t-key@0x7efea0006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7efea0006900 | nss hmac digest hack: symkey-key@0x7efea0006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1928690160: 5b 1e ffffff86 ffffff96 fffffff0 ffffff88 12 ffffff95 19 ffffffba 51 ffffffa3 1f 21 66 ffffffd3 08 ffffffb8 2b 43 11 ffffffec 75 62 2c 54 00 ffffffbb 77 51 ffffffee 51 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x557c468f0f60 | unwrapped: e2 c2 6f f3 8c 13 3a b5 c0 88 7e 36 c4 e2 ba 3e | unwrapped: f9 4c 28 96 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7efea40067f0 (size 64) | prf+N: seed-key@0x7efea40067f0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7efea40067f0 | nss hmac digest hack: symkey-key@0x7efea40067f0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1928690160: ffffffa2 ffffffe7 ffffffd9 ffffffc8 ffffff9f ffffffb6 ffffffbb 51 fffffff1 fffffff8 06 55 05 53 ffffffa3 3e ffffff98 16 7b ffffff97 2a 6a ffffffe9 ffffff88 ffffffcb ffffffa0 ffffffd6 54 ffffffd8 ffffffbc ffffffd1 3a 5f ffffffa2 43 ffffff8f 7c ffffffd4 ffffffec 1a 16 ffffffdd 16 36 7d ffffffb5 17 ffffff8a ffffffb1 4c ffffffa4 67 ffffffef ffffff8b fffffffd 4f 64 fffffffd 10 ffffffc4 16 68 5e ffffff92 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 64 bytes at 0x557c468e87e0 | unwrapped: 6c 47 6e 5e b1 39 0d 54 47 38 98 23 68 19 fe 38 | unwrapped: b9 55 ad 39 24 53 8c 3b c4 36 17 f8 b7 60 dc 4d | unwrapped: 3e 69 6a c0 55 c9 7f ce d9 8a 67 f4 bb 26 3b 7d | unwrapped: 35 17 65 ab 3c ba a5 b9 6e 92 98 4e a7 3b 48 cc | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f57db0 | result: final-key@0x557c468f9790 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x557c468f9790 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57d98 | result: final-key@0x7efea8001a70 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x557c468f9790 | prf+N PRF sha final-key@0x7efea8001a70 (size 20) | prf+N: key-key@0x7efea8001a70 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7efeb4006720 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff72f57e28 | result: result-key@0x557c468f9790 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7efeb4006720 | prfplus: release old_t[N]-key@0x7efea0006900 | prf+N PRF sha init key-key@0x7efea8006900 (size 20) | prf+N: key-key@0x7efea8006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efea8006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57da8 | result: clone-key@0x7efea0006900 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x557c468d06c0 from key-key@0x7efea0006900 | prf+N prf: begin sha with context 0x557c468d06c0 from key-key@0x7efea0006900 | prf+N: release clone-key@0x7efea0006900 | prf+N PRF sha crypt-prf@0x557c468f0e90 | prf+N PRF sha update old_t-key@0x7efea8001a70 (size 20) | prf+N: old_t-key@0x7efea8001a70 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7efea8001a70 | nss hmac digest hack: symkey-key@0x7efea8001a70 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1928690160: 36 25 19 5d ffffffc5 7c ffffffb5 2c ffffffa7 43 29 29 7b 64 2c 22 77 fffffffa 39 ffffffb6 55 fffffff0 0d ffffff92 ffffffbf 28 5f 77 3c ffffff8b 2a 59 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x557c468f0f60 | unwrapped: 3f 19 a8 83 0f 25 e9 20 7c 07 2a cd 0c b9 ed 79 | unwrapped: c2 98 9a 9b 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7efea40067f0 (size 64) | prf+N: seed-key@0x7efea40067f0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7efea40067f0 | nss hmac digest hack: symkey-key@0x7efea40067f0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1928690160: ffffffa2 ffffffe7 ffffffd9 ffffffc8 ffffff9f ffffffb6 ffffffbb 51 fffffff1 fffffff8 06 55 05 53 ffffffa3 3e ffffff98 16 7b ffffff97 2a 6a ffffffe9 ffffff88 ffffffcb ffffffa0 ffffffd6 54 ffffffd8 ffffffbc ffffffd1 3a 5f ffffffa2 43 ffffff8f 7c ffffffd4 ffffffec 1a 16 ffffffdd 16 36 7d ffffffb5 17 ffffff8a ffffffb1 4c ffffffa4 67 ffffffef ffffff8b fffffffd 4f 64 fffffffd 10 ffffffc4 16 68 5e ffffff92 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 64 bytes at 0x557c468f0b20 | unwrapped: 6c 47 6e 5e b1 39 0d 54 47 38 98 23 68 19 fe 38 | unwrapped: b9 55 ad 39 24 53 8c 3b c4 36 17 f8 b7 60 dc 4d | unwrapped: 3e 69 6a c0 55 c9 7f ce d9 8a 67 f4 bb 26 3b 7d | unwrapped: 35 17 65 ab 3c ba a5 b9 6e 92 98 4e a7 3b 48 cc | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f57db0 | result: final-key@0x7efeb4006720 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efeb4006720 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57d98 | result: final-key@0x7efea0006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efeb4006720 | prf+N PRF sha final-key@0x7efea0006900 (size 20) | prf+N: key-key@0x7efea0006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c468f9790 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff72f57e28 | result: result-key@0x7efeb4006720 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x557c468f9790 | prfplus: release old_t[N]-key@0x7efea8001a70 | prf+N PRF sha init key-key@0x7efea8006900 (size 20) | prf+N: key-key@0x7efea8006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efea8006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57da8 | result: clone-key@0x7efea8001a70 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x557c468d06c0 from key-key@0x7efea8001a70 | prf+N prf: begin sha with context 0x557c468d06c0 from key-key@0x7efea8001a70 | prf+N: release clone-key@0x7efea8001a70 | prf+N PRF sha crypt-prf@0x557c468f28a0 | prf+N PRF sha update old_t-key@0x7efea0006900 (size 20) | prf+N: old_t-key@0x7efea0006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7efea0006900 | nss hmac digest hack: symkey-key@0x7efea0006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1928690160: 2b 07 ffffffc8 34 35 47 ffffff96 37 ffffffe4 ffffff9d ffffffb1 1a 4b 17 ffffffc5 ffffff8f ffffff9d 09 ffffffe3 66 68 ffffff84 ffffff99 ffffffbe ffffffed ffffffbc ffffff98 6c 7e ffffffd0 fffffff9 ffffffaa | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x557c468ed250 | unwrapped: 1e ed 93 85 51 55 a0 2b f0 45 ef ed cd b5 4f f0 | unwrapped: e2 4c 5e 99 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7efea40067f0 (size 64) | prf+N: seed-key@0x7efea40067f0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7efea40067f0 | nss hmac digest hack: symkey-key@0x7efea40067f0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1928690160: ffffffa2 ffffffe7 ffffffd9 ffffffc8 ffffff9f ffffffb6 ffffffbb 51 fffffff1 fffffff8 06 55 05 53 ffffffa3 3e ffffff98 16 7b ffffff97 2a 6a ffffffe9 ffffff88 ffffffcb ffffffa0 ffffffd6 54 ffffffd8 ffffffbc ffffffd1 3a 5f ffffffa2 43 ffffff8f 7c ffffffd4 ffffffec 1a 16 ffffffdd 16 36 7d ffffffb5 17 ffffff8a ffffffb1 4c ffffffa4 67 ffffffef ffffff8b fffffffd 4f 64 fffffffd 10 ffffffc4 16 68 5e ffffff92 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 64 bytes at 0x557c468f0c60 | unwrapped: 6c 47 6e 5e b1 39 0d 54 47 38 98 23 68 19 fe 38 | unwrapped: b9 55 ad 39 24 53 8c 3b c4 36 17 f8 b7 60 dc 4d | unwrapped: 3e 69 6a c0 55 c9 7f ce d9 8a 67 f4 bb 26 3b 7d | unwrapped: 35 17 65 ab 3c ba a5 b9 6e 92 98 4e a7 3b 48 cc | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f57db0 | result: final-key@0x557c468f9790 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x557c468f9790 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57d98 | result: final-key@0x7efea8001a70 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x557c468f9790 | prf+N PRF sha final-key@0x7efea8001a70 (size 20) | prf+N: key-key@0x7efea8001a70 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7efeb4006720 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff72f57e28 | result: result-key@0x557c468f9790 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7efeb4006720 | prfplus: release old_t[N]-key@0x7efea0006900 | prfplus: release old_t[final]-key@0x7efea8001a70 | child_sa_keymat: release data-key@0x7efea40067f0 | key-offset: 0, key-size: 44 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 44-bytes | base: base-key@0x557c468f9790 (100-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57f08 | result: result-key@0x7efea40067f0 (44-bytes, EXTRACT_KEY_FROM_KEY) | initiator to responder keys extracting all 44 bytes of key@0x7efea40067f0 | initiator to responder keys: symkey-key@0x7efea40067f0 (44-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | initiator to responder keys: new slot-key@0x557c468d1160 (44-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)1717986918: fffffffd ffffffdf ffffffec 4b ffffffd7 ffffffed 25 ffffffc5 72 fffffff4 4c ffffff83 0c 53 ffffff82 ffffff9b ffffffa3 ffffffdc 5a 24 ffffffdc 70 04 ffffffe5 00 02 ffffffc8 0e 2a 2c 4e ffffff81 ffffffe8 ffffff86 01 ffffffef 6a ffffff9f 71 27 77 05 63 13 26 ffffffc9 ffffff93 ffffffbc | initiator to responder keys: release slot-key-key@0x557c468d1160 | initiator to responder keys extracted len 48 bytes at 0x557c468f7f50 | unwrapped: 18 36 c2 a7 61 97 e6 5e d4 fe f9 f1 8a d7 e9 19 | unwrapped: c7 fb 6b 4c e2 c2 6f f3 8c 13 3a b5 c0 88 7e 36 | unwrapped: c4 e2 ba 3e f9 4c 28 96 3f 19 a8 83 00 00 00 00 | ikev2_derive_child_keys: release ikey-key@0x7efea40067f0 | key-offset: 44, key-size: 44 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 44-bytes | base: base-key@0x557c468f9790 (100-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57f08 | result: result-key@0x7efea40067f0 (44-bytes, EXTRACT_KEY_FROM_KEY) | responder to initiator keys: extracting all 44 bytes of key@0x7efea40067f0 | responder to initiator keys:: symkey-key@0x7efea40067f0 (44-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | responder to initiator keys:: new slot-key@0x557c468d1160 (44-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)1717986918: ffffffce ffffff81 32 ffffffca ffffff9b 48 3b ffffffe3 1b 4c ffffff85 2b 53 ffffffba 6a 4b 2b 07 ffffffc8 34 35 47 ffffff96 37 ffffffe4 ffffff9d ffffffb1 1a 4b 17 ffffffc5 ffffff8f ffffffa6 46 ffffffdb 44 02 74 ffffffea 64 73 57 ffffffc9 71 ffffff82 ffffffd0 ffffffc8 fffffff5 | responder to initiator keys:: release slot-key-key@0x557c468d1160 | responder to initiator keys: extracted len 48 bytes at 0x557c468ed9c0 | unwrapped: 0f 25 e9 20 7c 07 2a cd 0c b9 ed 79 c2 98 9a 9b | unwrapped: 1e ed 93 85 51 55 a0 2b f0 45 ef ed cd b5 4f f0 | unwrapped: e2 4c 5e 99 f2 99 d6 b1 e1 83 40 0d 00 00 00 00 | ikev2_derive_child_keys: release rkey-key@0x7efea40067f0 | ikev2_derive_child_keys: release keymat-key@0x557c468f9790 | FOR_EACH_CONNECTION_... in ISAKMP_SA_established | #19 spent 2.46 milliseconds | install_ipsec_sa() for #20: inbound and outbound | could_route called for east (kind=CK_PERMANENT) | FOR_EACH_CONNECTION_... in route_owner | conn east mark 0/00000000, 0/00000000 vs | conn east mark 0/00000000, 0/00000000 | route owner of "east" prospective erouted: self; eroute owner: self | looking for alg with encrypt: 3DES_CBC keylen: 192 integ: HMAC_SHA1_96 | encrypt 3DES_CBC keylen=192 transid=3, key_size=24, encryptalg=3 | st->st_esp.keymat_len=44 is encrypt_keymat_size=24 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'east' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.2b5ecc02@192.1.2.45 included non-error error | set up outgoing SA, ref=0/0 | looking for alg with encrypt: 3DES_CBC keylen: 192 integ: HMAC_SHA1_96 | encrypt 3DES_CBC keylen=192 transid=3, key_size=24, encryptalg=3 | st->st_esp.keymat_len=44 is encrypt_keymat_size=24 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'east' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.92d9e9c2@192.1.2.23 included non-error error | priority calculation of connection "east" is 0xfe7e7 | add inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | set up incoming SA, ref=0/0 | sr for #20: prospective erouted | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn east mark 0/00000000, 0/00000000 vs | conn east mark 0/00000000, 0/00000000 | route owner of "east" prospective erouted: self; eroute owner: self | route_and_eroute with c: east (next: none) ero:east esr:{(nil)} ro:east rosr:{(nil)} and state: #20 | priority calculation of connection "east" is 0xfe7e7 | eroute_connection replace eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.0@192.1.2.45>tun.0@192.1.2.45 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | running updown command "ipsec _updown" for verb up | command executing up-client | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x2b5ecc02 SPI_OUT=0x92d | popen cmd is 1020 chars long | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFA: | cmd( 80):CE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' : | cmd( 160):PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_M: | cmd( 240):ASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1638: | cmd( 320):8' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_: | cmd( 400):CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK=': | cmd( 480):255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUT: | cmd( 560):O_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKE: | cmd( 640):V2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO: | cmd( 720):_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_IN: | cmd( 800):FO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_: | cmd( 880):CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED=: | cmd( 960):'no' SPI_IN=0x2b5ecc02 SPI_OUT=0x92d9e9c2 ipsec _updown 2>&1: | route_and_eroute: firewall_notified: true | route_and_eroute: instance "east", setting eroute_owner {spd=0x557c468e8eb0,sr=0x557c468e8eb0} to #20 (was #0) (newest_ipsec_sa=#0) | #19 spent 0.542 milliseconds in install_ipsec_sa() | ISAKMP_v2_IKE_AUTH: instance east[0], setting IKEv2 newest_ipsec_sa to #20 (was #0) (spd.eroute=#20) cloned from #19 | adding 8 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 160 | emitting length of ISAKMP Message: 188 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 37 90 c8 35 70 93 15 22 | data before encryption: | 27 00 00 0c 02 00 00 00 65 61 73 74 21 00 00 1c | 02 00 00 00 e4 88 94 af ad bd 48 20 fa d8 bb 9d | 42 ba b5 ca 88 3b c5 2e 2c 00 00 28 00 00 00 24 | 01 03 04 03 92 d9 e9 c2 03 00 00 08 01 00 00 03 | 03 00 00 08 03 00 00 02 00 00 00 08 05 00 00 00 | 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff | c0 00 01 00 c0 00 01 ff 00 00 00 18 01 00 00 00 | 07 00 00 10 00 00 ff ff c0 00 02 00 c0 00 02 ff | 00 01 02 03 04 05 06 07 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | data after encryption: | 0b 3f 0d 03 0c 59 bd 71 d6 05 1f 4e 86 df 05 0a | 32 d2 1d 14 21 ea b4 97 33 61 7f b0 83 6e 73 2b | a3 f8 ba 16 04 18 0a 75 ea f0 11 42 47 93 f1 23 | 99 06 c4 20 42 79 8e 40 11 ef 47 af c3 34 d5 e2 | d1 ac a7 e9 42 16 69 62 3b 39 94 23 6f d7 87 db | 66 c8 53 b8 a5 1f 4c 56 f8 cd c7 6b bf 3e b3 4e | af 6f a6 e5 ff 02 47 16 a0 6a c0 e6 80 2a ae f2 | 97 b2 a3 54 14 d4 ed 21 c9 2c e2 a3 82 4e ef 0d | ac bf 6d 3a 58 1d cc 4e | hmac PRF sha init symkey-key@0x557c468f9700 (size 20) | hmac: symkey-key@0x557c468f9700 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x557c468f9700 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57f18 | result: clone-key@0x557c468f9790 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x557c468d06c0 from symkey-key@0x557c468f9790 | hmac prf: begin sha with context 0x557c468d06c0 from symkey-key@0x557c468f9790 | hmac: release clone-key@0x557c468f9790 | hmac PRF sha crypt-prf@0x557c468f0e90 | hmac PRF sha update data-bytes@0x557c448f3940 (length 176) | 33 49 c1 46 bb a8 9f 78 15 53 a3 f9 4d 5f fc 5b | 2e 20 23 20 00 00 00 01 00 00 00 bc 24 00 00 a0 | 37 90 c8 35 70 93 15 22 0b 3f 0d 03 0c 59 bd 71 | d6 05 1f 4e 86 df 05 0a 32 d2 1d 14 21 ea b4 97 | 33 61 7f b0 83 6e 73 2b a3 f8 ba 16 04 18 0a 75 | ea f0 11 42 47 93 f1 23 99 06 c4 20 42 79 8e 40 | 11 ef 47 af c3 34 d5 e2 d1 ac a7 e9 42 16 69 62 | 3b 39 94 23 6f d7 87 db 66 c8 53 b8 a5 1f 4c 56 | f8 cd c7 6b bf 3e b3 4e af 6f a6 e5 ff 02 47 16 | a0 6a c0 e6 80 2a ae f2 97 b2 a3 54 14 d4 ed 21 | c9 2c e2 a3 82 4e ef 0d ac bf 6d 3a 58 1d cc 4e | hmac PRF sha final-bytes@0x557c448f39f0 (length 20) | ef 22 a4 9a eb 56 ca bc 3d 21 53 a4 c0 ff ee be | 88 f8 e6 75 | data being hmac: 33 49 c1 46 bb a8 9f 78 15 53 a3 f9 4d 5f fc 5b | data being hmac: 2e 20 23 20 00 00 00 01 00 00 00 bc 24 00 00 a0 | data being hmac: 37 90 c8 35 70 93 15 22 0b 3f 0d 03 0c 59 bd 71 | data being hmac: d6 05 1f 4e 86 df 05 0a 32 d2 1d 14 21 ea b4 97 | data being hmac: 33 61 7f b0 83 6e 73 2b a3 f8 ba 16 04 18 0a 75 | data being hmac: ea f0 11 42 47 93 f1 23 99 06 c4 20 42 79 8e 40 | data being hmac: 11 ef 47 af c3 34 d5 e2 d1 ac a7 e9 42 16 69 62 | data being hmac: 3b 39 94 23 6f d7 87 db 66 c8 53 b8 a5 1f 4c 56 | data being hmac: f8 cd c7 6b bf 3e b3 4e af 6f a6 e5 ff 02 47 16 | data being hmac: a0 6a c0 e6 80 2a ae f2 97 b2 a3 54 14 d4 ed 21 | data being hmac: c9 2c e2 a3 82 4e ef 0d ac bf 6d 3a 58 1d cc 4e | out calculated auth: | ef 22 a4 9a eb 56 ca bc 3d 21 53 a4 | ikev2_parent_inI2outR2_continue_tail returned STF_OK | #19 spent 3.24 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet() | suspend processing: state #19 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | start processing: state #20 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #20 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_OK | IKEv2: transition from state STATE_PARENT_R1 to state STATE_V2_IPSEC_R | child state #20: UNDEFINED(ignore) => V2_IPSEC_R(established CHILD SA) | Message ID: updating counters for #20 to 1 after switching state | Message ID: recv #19.#20 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0->1; child: wip.initiator=-1 wip.responder=1->-1 | Message ID: sent #19.#20 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1 | pstats #20 ikev2.child established "east" #20: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.1.0-192.0.1.255:0-65535 0] | NAT-T: encaps is 'auto' "east" #20: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0x2b5ecc02 <0x92d9e9c2 xfrm=3DES_CBC-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) | sending 188 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #19) | 33 49 c1 46 bb a8 9f 78 15 53 a3 f9 4d 5f fc 5b | 2e 20 23 20 00 00 00 01 00 00 00 bc 24 00 00 a0 | 37 90 c8 35 70 93 15 22 0b 3f 0d 03 0c 59 bd 71 | d6 05 1f 4e 86 df 05 0a 32 d2 1d 14 21 ea b4 97 | 33 61 7f b0 83 6e 73 2b a3 f8 ba 16 04 18 0a 75 | ea f0 11 42 47 93 f1 23 99 06 c4 20 42 79 8e 40 | 11 ef 47 af c3 34 d5 e2 d1 ac a7 e9 42 16 69 62 | 3b 39 94 23 6f d7 87 db 66 c8 53 b8 a5 1f 4c 56 | f8 cd c7 6b bf 3e b3 4e af 6f a6 e5 ff 02 47 16 | a0 6a c0 e6 80 2a ae f2 97 b2 a3 54 14 d4 ed 21 | c9 2c e2 a3 82 4e ef 0d ac bf 6d 3a 58 1d cc 4e | ef 22 a4 9a eb 56 ca bc 3d 21 53 a4 | releasing whack for #20 (sock=fd@-1) | releasing whack and unpending for parent #19 | unpending state #19 connection "east" | #20 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) | event_schedule: new EVENT_SA_REKEY-pe@0x557c468f5a90 | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #20 | libevent_malloc: new ptr-libevent@0x7efe9c010760 size 128 | resume sending helper answer for #19 suppresed complete_v2_state_transition() | #19 spent 3.64 milliseconds in resume sending helper answer | stop processing: state #20 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7efea80037a0 | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00424 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00312 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 68 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 33 49 c1 46 bb a8 9f 78 15 53 a3 f9 4d 5f fc 5b | 2e 20 25 08 00 00 00 02 00 00 00 44 2a 00 00 28 | 05 47 b7 03 79 6d e9 25 4c 8a 73 65 e6 5c 4a 31 | 5e 10 3f 2a 15 78 9b 88 ec 21 76 99 ed ed 20 e7 | 6e e4 ca fc | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 33 49 c1 46 bb a8 9f 78 | responder cookie: | 15 53 a3 f9 4d 5f fc 5b | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 2 (0x2) | length: 68 (0x44) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request | State DB: found IKEv2 state #19 in PARENT_R2 (find_v2_ike_sa) | start processing: state #19 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #19 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #19 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 | Message ID: #19 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2D (0x2a) | flags: none (0x0) | length: 40 (0x28) | processing payload: ISAKMP_NEXT_v2SK (len=36) | Message ID: start-responder #19 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1->2 | #19 in state PARENT_R2: received v2I2, PARENT SA established | hmac PRF sha init symkey-key@0x7efeb4006900 (size 20) | hmac: symkey-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f58b68 | result: clone-key@0x557c468f9790 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x557c468d06c0 from symkey-key@0x557c468f9790 | hmac prf: begin sha with context 0x557c468d06c0 from symkey-key@0x557c468f9790 | hmac: release clone-key@0x557c468f9790 | hmac PRF sha crypt-prf@0x557c468ea9d0 | hmac PRF sha update data-bytes@0x557c468f0c60 (length 56) | 33 49 c1 46 bb a8 9f 78 15 53 a3 f9 4d 5f fc 5b | 2e 20 25 08 00 00 00 02 00 00 00 44 2a 00 00 28 | 05 47 b7 03 79 6d e9 25 4c 8a 73 65 e6 5c 4a 31 | 5e 10 3f 2a 15 78 9b 88 | hmac PRF sha final-bytes@0x7fff72f58d30 (length 20) | ec 21 76 99 ed ed 20 e7 6e e4 ca fc 20 0a 11 11 | c7 03 f5 d3 | data for hmac: 33 49 c1 46 bb a8 9f 78 15 53 a3 f9 4d 5f fc 5b | data for hmac: 2e 20 25 08 00 00 00 02 00 00 00 44 2a 00 00 28 | data for hmac: 05 47 b7 03 79 6d e9 25 4c 8a 73 65 e6 5c 4a 31 | data for hmac: 5e 10 3f 2a 15 78 9b 88 | calculated auth: ec 21 76 99 ed ed 20 e7 6e e4 ca fc | provided auth: ec 21 76 99 ed ed 20 e7 6e e4 ca fc | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 05 47 b7 03 79 6d e9 25 | payload before decryption: | 4c 8a 73 65 e6 5c 4a 31 5e 10 3f 2a 15 78 9b 88 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | payload after decryption: | 00 00 00 0c 03 04 00 01 2b 5e cc 02 00 01 02 03 | stripping 4 octets as pad | #19 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2D) | **parse IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 12 (0xc) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | processing payload: ISAKMP_NEXT_v2D (len=4) | selected state microcode R2: process INFORMATIONAL Request | Now let's proceed with state specific processing | calling processor R2: process INFORMATIONAL Request | an informational request should send a response | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness | **emit ISAKMP Message: | initiator cookie: | 33 49 c1 46 bb a8 9f 78 | responder cookie: | 15 53 a3 f9 4d 5f fc 5b | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 2 (0x2) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | parsing 4 raw bytes of IKEv2 Delete Payload into SPI | SPI 2b 5e cc 02 | delete PROTO_v2_ESP SA(0x2b5ecc02) | v2 CHILD SA #20 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_R | State DB: found IKEv2 state #20 in V2_IPSEC_R (find_v2_child_sa_by_outbound_spi) | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0x2b5ecc02) "east" #19: received Delete SA payload: delete IPsec State #20 now | pstats #20 ikev2.child deleted completed | suspend processing: state #19 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) | start processing: state #20 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #20: deleting other state #20 (STATE_V2_IPSEC_R) aged 0.273s and NOT sending notification | child state #20: V2_IPSEC_R(established CHILD SA) => delete | get_sa_info esp.2b5ecc02@192.1.2.45 | get_sa_info esp.92d9e9c2@192.1.2.23 "east" #20: ESP traffic information: in=84B out=84B | child state #20: V2_IPSEC_R(established CHILD SA) => CHILDSA_DEL(informational) | state #20 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x7efe9c010760 | free_event_entry: release EVENT_SA_REKEY-pe@0x557c468f5a90 | running updown command "ipsec _updown" for verb down | command executing down-client | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050852' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x2b5ecc02 | popen cmd is 1031 chars long | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTER: | cmd( 80):FACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east: | cmd( 160):' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT: | cmd( 240):_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16: | cmd( 320):388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEE: | cmd( 400):R_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK: | cmd( 480):='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PL: | cmd( 560):UTO_STACK='netkey' PLUTO_ADDTIME='1569050852' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUN: | cmd( 640):NEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMA: | cmd( 720):NENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_: | cmd( 800):PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER: | cmd( 880):='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' : | cmd( 960):VTI_SHARED='no' SPI_IN=0x2b5ecc02 SPI_OUT=0x92d9e9c2 ipsec _updown 2>&1: | shunt_eroute() called for connection 'east' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.2.0/24:0 --0->- 192.0.1.0/24:0 | netlink_shunt_eroute for proto 0, and source 192.0.2.0/24:0 dest 192.0.1.0/24:0 | priority calculation of connection "east" is 0xfe7e7 | IPsec Sa SPD priority set to 1042407 | delete esp.2b5ecc02@192.1.2.45 | netlink response for Del SA esp.2b5ecc02@192.1.2.45 included non-error error | priority calculation of connection "east" is 0xfe7e7 | delete inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) | raw_eroute result=success | delete esp.92d9e9c2@192.1.2.23 | netlink response for Del SA esp.92d9e9c2@192.1.2.23 included non-error error | in connection_discard for connection east | State DB: deleting IKEv2 state #20 in CHILDSA_DEL | child state #20: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #20 from 192.1.2.45:500 (in delete_state() at state.c:1143) | resume processing: state #19 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x7efea8006900 | delete_state: release st->st_skey_ai_nss-key@0x7efeb4006900 | delete_state: release st->st_skey_ar_nss-key@0x557c468f9700 | delete_state: release st->st_skey_ei_nss-key@0x557c468f27a0 | delete_state: release st->st_skey_er_nss-key@0x7efea8005db0 | delete_state: release st->st_skey_pi_nss-key@0x7efea800c3d0 | delete_state: release st->st_skey_pr_nss-key@0x7efea800c5c0 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload | local SPIs 92 d9 e9 c2 | emitting length of IKEv2 Delete Payload: 12 | adding 4 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 40 | emitting length of ISAKMP Message: 68 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 30 0d 44 f3 ed 4a 23 52 | data before encryption: | 00 00 00 0c 03 04 00 01 92 d9 e9 c2 00 01 02 03 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | data after encryption: | 40 db 32 e5 9a f4 1c 29 13 6b 55 f2 10 90 42 35 | hmac PRF sha init symkey-key@0x557c468f9700 (size 20) | hmac: symkey-key@0x557c468f9700 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x557c468f9700 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f58728 | result: clone-key@0x557c468f9790 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x557c468d06c0 from symkey-key@0x557c468f9790 | hmac prf: begin sha with context 0x557c468d06c0 from symkey-key@0x557c468f9790 | hmac: release clone-key@0x557c468f9790 | hmac PRF sha crypt-prf@0x557c468f2830 | hmac PRF sha update data-bytes@0x557c448f3940 (length 56) | 33 49 c1 46 bb a8 9f 78 15 53 a3 f9 4d 5f fc 5b | 2e 20 25 20 00 00 00 02 00 00 00 44 2a 00 00 28 | 30 0d 44 f3 ed 4a 23 52 40 db 32 e5 9a f4 1c 29 | 13 6b 55 f2 10 90 42 35 | hmac PRF sha final-bytes@0x557c448f3978 (length 20) | c7 c0 c4 f6 8e 6b b5 94 4f c1 a4 9a 2f b4 e3 a4 | ca 3a 9f 4b | data being hmac: 33 49 c1 46 bb a8 9f 78 15 53 a3 f9 4d 5f fc 5b | data being hmac: 2e 20 25 20 00 00 00 02 00 00 00 44 2a 00 00 28 | data being hmac: 30 0d 44 f3 ed 4a 23 52 40 db 32 e5 9a f4 1c 29 | data being hmac: 13 6b 55 f2 10 90 42 35 | out calculated auth: | c7 c0 c4 f6 8e 6b b5 94 4f c1 a4 9a | sending 68 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #19) | 33 49 c1 46 bb a8 9f 78 15 53 a3 f9 4d 5f fc 5b | 2e 20 25 20 00 00 00 02 00 00 00 44 2a 00 00 28 | 30 0d 44 f3 ed 4a 23 52 40 db 32 e5 9a f4 1c 29 | 13 6b 55 f2 10 90 42 35 c7 c0 c4 f6 8e 6b b5 94 | 4f c1 a4 9a | Message ID: #19 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=2 | Message ID: sent #19 response 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1->2 responder.recv=1 wip.initiator=-1 wip.responder=2 | #19 spent 0.717 milliseconds in processing: R2: process INFORMATIONAL Request in ikev2_process_state_packet() | [RE]START processing: state #19 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #19 complete_v2_state_transition() PARENT_R2->PARENT_R2 with status STF_OK | Message ID: updating counters for #19 to 2 after switching state | Message ID: recv #19 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=1->2 wip.initiator=-1 wip.responder=2->-1 | Message ID: #19 skipping update_send as nothing to send; initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=-1 "east" #19: STATE_PARENT_R2: received v2I2, PARENT SA established | stop processing: state #19 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #19 spent 0.977 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.989 milliseconds in comm_handle_cb() reading and processing packet | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00623 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00314 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 68 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 33 49 c1 46 bb a8 9f 78 15 53 a3 f9 4d 5f fc 5b | 2e 20 25 08 00 00 00 03 00 00 00 44 2a 00 00 28 | b6 12 2b b1 66 87 a2 b0 f2 73 ea b2 ab 45 76 c3 | 98 11 00 54 d4 25 62 48 38 ac 58 a7 77 6e 7d 5a | 75 55 f2 85 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 33 49 c1 46 bb a8 9f 78 | responder cookie: | 15 53 a3 f9 4d 5f fc 5b | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 3 (0x3) | length: 68 (0x44) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request | State DB: found IKEv2 state #19 in PARENT_R2 (find_v2_ike_sa) | start processing: state #19 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #19 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #19 st.st_msgid_lastrecv 2 md.hdr.isa_msgid 00000003 | Message ID: #19 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2D (0x2a) | flags: none (0x0) | length: 40 (0x28) | processing payload: ISAKMP_NEXT_v2SK (len=36) | Message ID: start-responder #19 request 3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=-1->3 | #19 in state PARENT_R2: received v2I2, PARENT SA established | hmac PRF sha init symkey-key@0x7efeb4006900 (size 20) | hmac: symkey-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f58b68 | result: clone-key@0x557c468f9790 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x557c468d06c0 from symkey-key@0x557c468f9790 | hmac prf: begin sha with context 0x557c468d06c0 from symkey-key@0x557c468f9790 | hmac: release clone-key@0x557c468f9790 | hmac PRF sha crypt-prf@0x557c468ea9d0 | hmac PRF sha update data-bytes@0x557c468f0c60 (length 56) | 33 49 c1 46 bb a8 9f 78 15 53 a3 f9 4d 5f fc 5b | 2e 20 25 08 00 00 00 03 00 00 00 44 2a 00 00 28 | b6 12 2b b1 66 87 a2 b0 f2 73 ea b2 ab 45 76 c3 | 98 11 00 54 d4 25 62 48 | hmac PRF sha final-bytes@0x7fff72f58d30 (length 20) | 38 ac 58 a7 77 6e 7d 5a 75 55 f2 85 d0 32 70 26 | f1 86 4b c2 | data for hmac: 33 49 c1 46 bb a8 9f 78 15 53 a3 f9 4d 5f fc 5b | data for hmac: 2e 20 25 08 00 00 00 03 00 00 00 44 2a 00 00 28 | data for hmac: b6 12 2b b1 66 87 a2 b0 f2 73 ea b2 ab 45 76 c3 | data for hmac: 98 11 00 54 d4 25 62 48 | calculated auth: 38 ac 58 a7 77 6e 7d 5a 75 55 f2 85 | provided auth: 38 ac 58 a7 77 6e 7d 5a 75 55 f2 85 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | b6 12 2b b1 66 87 a2 b0 | payload before decryption: | f2 73 ea b2 ab 45 76 c3 98 11 00 54 d4 25 62 48 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | payload after decryption: | 00 00 00 08 01 00 00 00 00 01 02 03 04 05 06 07 | stripping 8 octets as pad | #19 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2D) | **parse IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | protocol ID: PROTO_v2_IKE (0x1) | SPI size: 0 (0x0) | number of SPIs: 0 (0x0) | processing payload: ISAKMP_NEXT_v2D (len=0) | selected state microcode R2: process INFORMATIONAL Request | Now let's proceed with state specific processing | calling processor R2: process INFORMATIONAL Request | an informational request should send a response | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness | **emit ISAKMP Message: | initiator cookie: | 33 49 c1 46 bb a8 9f 78 | responder cookie: | 15 53 a3 f9 4d 5f fc 5b | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 3 (0x3) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | adding 8 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 32 | emitting length of ISAKMP Message: 60 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | ea 7d bf 31 fc 83 f4 af | data before encryption: | 00 01 02 03 04 05 06 07 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | data after encryption: | c0 5b a7 97 57 75 03 43 | hmac PRF sha init symkey-key@0x557c468f9700 (size 20) | hmac: symkey-key@0x557c468f9700 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x557c468f9700 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f58728 | result: clone-key@0x557c468f9790 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x557c468d06c0 from symkey-key@0x557c468f9790 | hmac prf: begin sha with context 0x557c468d06c0 from symkey-key@0x557c468f9790 | hmac: release clone-key@0x557c468f9790 | hmac PRF sha crypt-prf@0x557c468ef280 | hmac PRF sha update data-bytes@0x557c448f3940 (length 48) | 33 49 c1 46 bb a8 9f 78 15 53 a3 f9 4d 5f fc 5b | 2e 20 25 20 00 00 00 03 00 00 00 3c 00 00 00 20 | ea 7d bf 31 fc 83 f4 af c0 5b a7 97 57 75 03 43 | hmac PRF sha final-bytes@0x557c448f3970 (length 20) | 0f 4d 3e d5 8d 31 f9 fd f5 7a 0b 76 f8 cc e8 2c | 55 8a c4 6c | data being hmac: 33 49 c1 46 bb a8 9f 78 15 53 a3 f9 4d 5f fc 5b | data being hmac: 2e 20 25 20 00 00 00 03 00 00 00 3c 00 00 00 20 | data being hmac: ea 7d bf 31 fc 83 f4 af c0 5b a7 97 57 75 03 43 | out calculated auth: | 0f 4d 3e d5 8d 31 f9 fd f5 7a 0b 76 | sending 60 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #19) | 33 49 c1 46 bb a8 9f 78 15 53 a3 f9 4d 5f fc 5b | 2e 20 25 20 00 00 00 03 00 00 00 3c 00 00 00 20 | ea 7d bf 31 fc 83 f4 af c0 5b a7 97 57 75 03 43 | 0f 4d 3e d5 8d 31 f9 fd f5 7a 0b 76 | Message ID: #19 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=3 | Message ID: sent #19 response 3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2->3 responder.recv=2 wip.initiator=-1 wip.responder=3 | State DB: IKEv2 state not found (delete_my_family) | parent state #19: PARENT_R2(established IKE SA) => IKESA_DEL(established IKE SA) | pstats #19 ikev2.ike deleted completed | #19 spent 9.77 milliseconds in total | [RE]START processing: state #19 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #19: deleting state (STATE_IKESA_DEL) aged 0.304s and NOT sending notification | parent state #19: IKESA_DEL(established IKE SA) => delete | state #19 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x7efeb0008da0 | free_event_entry: release EVENT_SA_REKEY-pe@0x7efea8002b20 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #19 in IKESA_DEL | parent state #19: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7efea4002010: destroyed | stop processing: state #19 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x7efe9c00bdb0 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x7efea8006900 | delete_state: release st->st_skey_ai_nss-key@0x7efeb4006900 | delete_state: release st->st_skey_ar_nss-key@0x557c468f9700 | delete_state: release st->st_skey_ei_nss-key@0x557c468f27a0 | delete_state: release st->st_skey_er_nss-key@0x7efea8005db0 | delete_state: release st->st_skey_pi_nss-key@0x7efea800c3d0 | delete_state: release st->st_skey_pr_nss-key@0x7efea800c5c0 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | in statetime_stop() and could not find #19 | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3376) | #0 complete_v2_state_transition() md.from_state=PARENT_R2 md.svm.state[from]=PARENT_R2 UNDEFINED->PARENT_R2 with status STF_OK | STF_OK but no state object remains | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #19 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.567 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00272 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 97 77 0f 81 26 36 14 86 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 03 | 80 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 85 d5 0d 50 03 83 b0 5e e6 19 95 0c | ef 05 7c 44 82 39 fb 0b 41 6d 5b 2e 26 e0 c9 e2 | 95 55 77 7b ab 59 2c e3 9f 8f 26 5d 56 54 36 6c | 93 bd f6 93 1e 52 da 6c be f7 44 5e 86 b1 8a 68 | 82 38 59 5a 94 df d4 cf da 34 96 48 c6 d5 2e f5 | b4 51 cf 24 d0 a9 b4 f5 f4 05 99 db 0d 85 1c 14 | 7e 0a 89 96 7a 5e 72 33 6a c2 c8 8b f1 89 08 d7 | ae 12 d4 05 55 ec 0c 6e 1d fa dd 3e c0 23 73 a6 | 8c 6c 32 46 f2 a4 6e 74 e0 01 13 42 fe 8b fd 1a | b7 04 9e 08 45 d1 0b 17 97 ee 66 d2 0e a4 e2 a9 | 6f 48 76 c7 a6 05 ce 92 9b 5c 06 a7 6b aa 28 56 | 00 71 1e c4 30 6e 0f c5 54 c6 6b dc ac d8 f4 4a | 28 10 ab de 64 d4 4d f7 4d d9 25 62 f4 8e c3 12 | 1f 30 24 a8 ee 36 a7 23 4b 44 c5 76 27 ac e8 53 | 99 be 15 bd 8c 09 dc 05 6b bf c5 65 40 02 c3 6d | 2e 6e 36 09 22 c4 77 4a 99 d9 35 99 1b 0e 9c 04 | 3f 77 ac af 29 00 00 24 6b e2 14 0e db 0e 03 67 | 51 79 6b 8b 3c 1b e9 65 6a df b0 5a 4c 3a 8f 98 | 3e 21 e0 bf 75 62 f5 e4 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 78 45 54 6e 32 0c d1 65 | bb a1 99 9b c3 aa e8 58 67 d3 c3 58 00 00 00 1c | 00 00 40 05 95 08 88 e5 b8 57 cc bd d3 da d0 da | 30 73 df 88 c9 83 88 0f | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 97 77 0f 81 26 36 14 86 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | find_next_host_connection policy=PSK+IKEV2_ALLOW | find_next_host_connection returns empty | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x557c468e9610 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x557c448e7700 (length 32) | b3 4d 7f 00 5e 96 ec 2b 24 17 98 2c 30 c4 0b 6f | 32 2a a8 67 4e 25 c8 f6 c6 25 a4 e9 5e fb 8a 57 | IKE SPIr hash sha2_256 digest counter-bytes@0x557c448e76e0 (length 4) | 0f 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7fff72f59390 (length 32) | dd c5 49 2c 24 a3 cb 98 2a 44 c1 08 b4 94 0f 48 | ac a1 69 03 25 11 84 7c bc 4a fd e3 04 2d ab aa | creating state object #21 at 0x557c468ec6e0 | State DB: adding IKEv2 state #21 in UNDEFINED | pstats #21 ikev2.ike started | Message ID: init #21: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #21: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #21; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #21 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #21 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #21 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #21 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #21 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #21 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #21 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 0 (0x0) | remote proposal 1 transform 0 (ENCR=3DES) matches local proposal 2 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 2 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: PRF+INTEG+DH | remote proposal 1 does not match local proposal 1; unmatched transforms: ENCR; missing transforms: ENCR | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 2; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH | remote proposal 1 matches local proposal 2 "east" #21: proposal 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048[first-match] | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: 3DES=3, found 3DES_CBC | PRF ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1 | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | DH public value received: | 85 d5 0d 50 03 83 b0 5e e6 19 95 0c ef 05 7c 44 | 82 39 fb 0b 41 6d 5b 2e 26 e0 c9 e2 95 55 77 7b | ab 59 2c e3 9f 8f 26 5d 56 54 36 6c 93 bd f6 93 | 1e 52 da 6c be f7 44 5e 86 b1 8a 68 82 38 59 5a | 94 df d4 cf da 34 96 48 c6 d5 2e f5 b4 51 cf 24 | d0 a9 b4 f5 f4 05 99 db 0d 85 1c 14 7e 0a 89 96 | 7a 5e 72 33 6a c2 c8 8b f1 89 08 d7 ae 12 d4 05 | 55 ec 0c 6e 1d fa dd 3e c0 23 73 a6 8c 6c 32 46 | f2 a4 6e 74 e0 01 13 42 fe 8b fd 1a b7 04 9e 08 | 45 d1 0b 17 97 ee 66 d2 0e a4 e2 a9 6f 48 76 c7 | a6 05 ce 92 9b 5c 06 a7 6b aa 28 56 00 71 1e c4 | 30 6e 0f c5 54 c6 6b dc ac d8 f4 4a 28 10 ab de | 64 d4 4d f7 4d d9 25 62 f4 8e c3 12 1f 30 24 a8 | ee 36 a7 23 4b 44 c5 76 27 ac e8 53 99 be 15 bd | 8c 09 dc 05 6b bf c5 65 40 02 c3 6d 2e 6e 36 09 | 22 c4 77 4a 99 d9 35 99 1b 0e 9c 04 3f 77 ac af | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff72f58d90 (length 8) | 97 77 0f 81 26 36 14 86 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff72f58d98 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff72f58d24 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff72f58d16 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff72f58da0 (length 20) | 95 08 88 e5 b8 57 cc bd d3 da d0 da 30 73 df 88 | c9 83 88 0f | natd_hash: hasher=0x557c448ca7a0(20) | natd_hash: icookie= 97 77 0f 81 26 36 14 86 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 95 08 88 e5 b8 57 cc bd d3 da d0 da 30 73 df 88 | natd_hash: hash= c9 83 88 0f | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff72f58d90 (length 8) | 97 77 0f 81 26 36 14 86 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff72f58d98 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7fff72f58d24 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff72f58d16 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff72f58dc0 (length 20) | 78 45 54 6e 32 0c d1 65 bb a1 99 9b c3 aa e8 58 | 67 d3 c3 58 | natd_hash: hasher=0x557c448ca7a0(20) | natd_hash: icookie= 97 77 0f 81 26 36 14 86 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 78 45 54 6e 32 0c d1 65 bb a1 99 9b c3 aa e8 58 | natd_hash: hash= 67 d3 c3 58 | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.45 | adding ikev2_inI1outR1 KE work-order 13 for state #21 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x557c468ed9c0 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #21 | libevent_malloc: new ptr-libevent@0x7efeb0008da0 size 128 | #21 spent 0.295 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | crypto helper 5 resuming | crypto helper 5 starting work-order 13 for state #21 | crypto helper 5 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 13 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7efe9c002010: created | NSS: Local DH MODP2048 secret (pointer): 0x7efe9c002010 | NSS: Public DH wire value: | c8 23 fc 9c 26 e4 ff f7 c1 28 52 2e 8a c5 f6 0d | ba 8d 38 ad 62 00 78 57 c0 1f 7c 6d 78 e7 c5 0e | e5 d2 ad e6 d4 85 e9 d9 0b 1f ad dd 28 6e be b8 | 82 a2 9a 78 88 cb 85 6b 80 e0 18 9a 61 b0 07 d1 | 5e 14 07 37 76 14 b6 cd 28 bc 05 4b e2 1c 6f a8 | 86 1a ff f8 1a 99 15 1b 51 c7 c0 b6 d5 89 42 25 | 53 69 cf 29 8c ff e4 9d 49 3c c0 50 dc 12 b8 f1 | 3a d9 b1 d9 8f 39 45 a3 c8 b1 1f f4 29 1a d0 d9 | 02 bf b8 a0 7d 2f ee 5a 54 24 f3 9b 1f 2c a1 ad | 42 6a 05 8b e5 ca 91 8e 03 0b c5 d7 4b ee 0c 53 | a1 c0 4c 2c ce 20 55 d9 c1 10 90 cf af ba 9e f9 | 02 66 28 7f df 58 b9 16 cd a3 96 ab 99 ba a4 10 | 10 a9 b5 82 ee 58 a5 cf 09 56 c7 4c 8a c1 88 00 | 88 be 9d 5c 89 67 bf d3 0a 49 2c 65 c3 bf 2a a1 | 3a ae c8 69 7d ef 97 f3 89 9d 6e 8a b2 f8 59 7c | e7 ea 60 cd 2c 14 95 1c 9c 5d 93 a3 e7 5b 31 4e | Generated nonce: 82 58 f2 d4 d0 fa a5 d0 5b b0 72 19 e6 a8 0d ef | Generated nonce: 8e d6 d0 72 5d 6b d9 63 ea 48 51 6a ee b6 df 84 | crypto helper 5 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 13 time elapsed 0.001334 seconds | (#21) spent 1.06 milliseconds in crypto helper computing work-order 13: ikev2_inI1outR1 KE (pcr) | crypto helper 5 sending results from work-order 13 for state #21 to event queue | scheduling resume sending helper answer for #21 | libevent_malloc: new ptr-libevent@0x7efe9c012d70 size 128 | crypto helper 5 waiting (nothing to do) | [RE]START processing: state #21 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #21 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND | suspending state #21 and saving MD | #21 is busy; has a suspended MD | [RE]START processing: state #21 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3266) | "east" #21 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | stop processing: state #21 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #21 spent 0.675 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.687 milliseconds in comm_handle_cb() reading and processing packet | processing resume sending helper answer for #21 | start processing: state #21 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 5 replies to request ID 13 | calling continuation function 0x557c447f4630 | ikev2_parent_inI1outR1_continue for #21: calculated ke+nonce, sending R1 | **emit ISAKMP Message: | initiator cookie: | 97 77 0f 81 26 36 14 86 | responder cookie: | dd c5 49 2c 24 a3 cb 98 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Emitting ikev2_proposal ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 40 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 44 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7efe9c002010: transferring ownership from helper KE to state #21 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x c8 23 fc 9c 26 e4 ff f7 c1 28 52 2e 8a c5 f6 0d | ikev2 g^x ba 8d 38 ad 62 00 78 57 c0 1f 7c 6d 78 e7 c5 0e | ikev2 g^x e5 d2 ad e6 d4 85 e9 d9 0b 1f ad dd 28 6e be b8 | ikev2 g^x 82 a2 9a 78 88 cb 85 6b 80 e0 18 9a 61 b0 07 d1 | ikev2 g^x 5e 14 07 37 76 14 b6 cd 28 bc 05 4b e2 1c 6f a8 | ikev2 g^x 86 1a ff f8 1a 99 15 1b 51 c7 c0 b6 d5 89 42 25 | ikev2 g^x 53 69 cf 29 8c ff e4 9d 49 3c c0 50 dc 12 b8 f1 | ikev2 g^x 3a d9 b1 d9 8f 39 45 a3 c8 b1 1f f4 29 1a d0 d9 | ikev2 g^x 02 bf b8 a0 7d 2f ee 5a 54 24 f3 9b 1f 2c a1 ad | ikev2 g^x 42 6a 05 8b e5 ca 91 8e 03 0b c5 d7 4b ee 0c 53 | ikev2 g^x a1 c0 4c 2c ce 20 55 d9 c1 10 90 cf af ba 9e f9 | ikev2 g^x 02 66 28 7f df 58 b9 16 cd a3 96 ab 99 ba a4 10 | ikev2 g^x 10 a9 b5 82 ee 58 a5 cf 09 56 c7 4c 8a c1 88 00 | ikev2 g^x 88 be 9d 5c 89 67 bf d3 0a 49 2c 65 c3 bf 2a a1 | ikev2 g^x 3a ae c8 69 7d ef 97 f3 89 9d 6e 8a b2 f8 59 7c | ikev2 g^x e7 ea 60 cd 2c 14 95 1c 9c 5d 93 a3 e7 5b 31 4e | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 82 58 f2 d4 d0 fa a5 d0 5b b0 72 19 e6 a8 0d ef | IKEv2 nonce 8e d6 d0 72 5d 6b d9 63 ea 48 51 6a ee b6 df 84 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff72f592e0 (length 8) | 97 77 0f 81 26 36 14 86 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff72f592e8 (length 8) | dd c5 49 2c 24 a3 cb 98 | NATD hash sha digest IP addr-bytes@0x7fff72f59214 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7fff72f59206 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff72f59290 (length 20) | 28 0b d4 91 a9 f3 b4 2c 38 9e 47 c7 21 74 38 a3 | 0d 35 0e 69 | natd_hash: hasher=0x557c448ca7a0(20) | natd_hash: icookie= 97 77 0f 81 26 36 14 86 | natd_hash: rcookie= dd c5 49 2c 24 a3 cb 98 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 28 0b d4 91 a9 f3 b4 2c 38 9e 47 c7 21 74 38 a3 | natd_hash: hash= 0d 35 0e 69 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 28 0b d4 91 a9 f3 b4 2c 38 9e 47 c7 21 74 38 a3 | Notify data 0d 35 0e 69 | emitting length of IKEv2 Notify Payload: 28 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7fff72f592e0 (length 8) | 97 77 0f 81 26 36 14 86 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7fff72f592e8 (length 8) | dd c5 49 2c 24 a3 cb 98 | NATD hash sha digest IP addr-bytes@0x7fff72f59214 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7fff72f59206 (length 2) | 01 f4 | NATD hash sha final bytes@0x7fff72f59290 (length 20) | 14 a3 f9 1e 5a 64 7b 99 25 8f c3 a7 0f 67 5a a8 | d0 ee b3 a3 | natd_hash: hasher=0x557c448ca7a0(20) | natd_hash: icookie= 97 77 0f 81 26 36 14 86 | natd_hash: rcookie= dd c5 49 2c 24 a3 cb 98 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 14 a3 f9 1e 5a 64 7b 99 25 8f c3 a7 0f 67 5a a8 | natd_hash: hash= d0 ee b3 a3 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 14 a3 f9 1e 5a 64 7b 99 25 8f c3 a7 0f 67 5a a8 | Notify data d0 ee b3 a3 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 436 | [RE]START processing: state #21 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #21 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 | parent state #21: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) | Message ID: updating counters for #21 to 0 after switching state | Message ID: recv #21 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 | Message ID: sent #21 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 "east" #21: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=3DES_CBC_192 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP2048} | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) | sending 436 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #21) | 97 77 0f 81 26 36 14 86 dd c5 49 2c 24 a3 cb 98 | 21 20 22 20 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | c8 23 fc 9c 26 e4 ff f7 c1 28 52 2e 8a c5 f6 0d | ba 8d 38 ad 62 00 78 57 c0 1f 7c 6d 78 e7 c5 0e | e5 d2 ad e6 d4 85 e9 d9 0b 1f ad dd 28 6e be b8 | 82 a2 9a 78 88 cb 85 6b 80 e0 18 9a 61 b0 07 d1 | 5e 14 07 37 76 14 b6 cd 28 bc 05 4b e2 1c 6f a8 | 86 1a ff f8 1a 99 15 1b 51 c7 c0 b6 d5 89 42 25 | 53 69 cf 29 8c ff e4 9d 49 3c c0 50 dc 12 b8 f1 | 3a d9 b1 d9 8f 39 45 a3 c8 b1 1f f4 29 1a d0 d9 | 02 bf b8 a0 7d 2f ee 5a 54 24 f3 9b 1f 2c a1 ad | 42 6a 05 8b e5 ca 91 8e 03 0b c5 d7 4b ee 0c 53 | a1 c0 4c 2c ce 20 55 d9 c1 10 90 cf af ba 9e f9 | 02 66 28 7f df 58 b9 16 cd a3 96 ab 99 ba a4 10 | 10 a9 b5 82 ee 58 a5 cf 09 56 c7 4c 8a c1 88 00 | 88 be 9d 5c 89 67 bf d3 0a 49 2c 65 c3 bf 2a a1 | 3a ae c8 69 7d ef 97 f3 89 9d 6e 8a b2 f8 59 7c | e7 ea 60 cd 2c 14 95 1c 9c 5d 93 a3 e7 5b 31 4e | 29 00 00 24 82 58 f2 d4 d0 fa a5 d0 5b b0 72 19 | e6 a8 0d ef 8e d6 d0 72 5d 6b d9 63 ea 48 51 6a | ee b6 df 84 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 28 0b d4 91 a9 f3 b4 2c 38 9e 47 c7 | 21 74 38 a3 0d 35 0e 69 00 00 00 1c 00 00 40 05 | 14 a3 f9 1e 5a 64 7b 99 25 8f c3 a7 0f 67 5a a8 | d0 ee b3 a3 | state #21 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7efeb0008da0 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x557c468ed9c0 | event_schedule: new EVENT_SO_DISCARD-pe@0x557c468ed9c0 | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #21 | libevent_malloc: new ptr-libevent@0x7efeb0008da0 size 128 | resume sending helper answer for #21 suppresed complete_v2_state_transition() | #21 spent 0.457 milliseconds in resume sending helper answer | stop processing: state #21 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7efe9c012d70 | spent 0.00247 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 196 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 97 77 0f 81 26 36 14 86 dd c5 49 2c 24 a3 cb 98 | 2e 20 23 08 00 00 00 01 00 00 00 c4 23 00 00 a8 | 21 b8 e4 07 95 88 fe c8 b4 4b 8b 7c c3 14 ac 0e | e7 1b 5c e9 c3 ce 4d 1a 22 f9 35 b3 11 dc c0 66 | 16 26 ab ac 70 a2 8e 31 b6 ea 08 aa 7c 08 67 91 | 03 03 9d 92 5b 7d 99 08 24 b1 22 a4 4f 71 96 a3 | b3 88 af c4 8d 31 bf 35 0b bd e1 0f 8c 66 5f 99 | ab 8c 23 f8 5f 62 92 a6 3b cc c2 e9 1b 00 e4 61 | 60 e4 f6 a0 78 17 a8 2a 71 2e c3 c7 0e c6 e2 e5 | d6 fd 51 bc ad 12 4d dd 69 5d fd ec 0c 41 20 d1 | dd bf 5f 69 78 4c 73 fe a9 c1 7d 9b e3 2a 31 a0 | d5 ff 57 32 e3 02 e5 26 30 16 75 75 31 ff eb 04 | 35 de 2c d6 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 97 77 0f 81 26 36 14 86 | responder cookie: | dd c5 49 2c 24 a3 cb 98 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | length: 196 (0xc4) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request | State DB: found IKEv2 state #21 in PARENT_R1 (find_v2_ike_sa) | start processing: state #21 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #21 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #21 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 | Message ID: #21 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDi (0x23) | flags: none (0x0) | length: 168 (0xa8) | processing payload: ISAKMP_NEXT_v2SK (len=164) | Message ID: start-responder #21 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 | #21 in state PARENT_R1: received v2I1, sent v2R1 | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) | Now let's proceed with state specific processing | calling processor Responder: process IKE_AUTH request (no SKEYSEED) | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA1 integ=HMAC_SHA1_96 cipherkey=3DES_CBC | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7efe9c002010: transferring ownership from state #21 to helper IKEv2 DH | adding ikev2_inI2outR2 KE work-order 14 for state #21 | state #21 requesting EVENT_SO_DISCARD to be deleted | libevent_free: release ptr-libevent@0x7efeb0008da0 | free_event_entry: release EVENT_SO_DISCARD-pe@0x557c468ed9c0 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x557c468ed9c0 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #21 | libevent_malloc: new ptr-libevent@0x7efeb0008da0 size 128 | #21 spent 0.035 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet() | crypto helper 6 resuming | [RE]START processing: state #21 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | crypto helper 6 starting work-order 14 for state #21 | #21 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND | crypto helper 6 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 14 | suspending state #21 and saving MD | #21 is busy; has a suspended MD | peer's g: 85 d5 0d 50 03 83 b0 5e e6 19 95 0c ef 05 7c 44 | [RE]START processing: state #21 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3266) | "east" #21 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | peer's g: 82 39 fb 0b 41 6d 5b 2e 26 e0 c9 e2 95 55 77 7b | stop processing: state #21 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | peer's g: ab 59 2c e3 9f 8f 26 5d 56 54 36 6c 93 bd f6 93 | #21 spent 0.196 milliseconds in ikev2_process_packet() | peer's g: 1e 52 da 6c be f7 44 5e 86 b1 8a 68 82 38 59 5a | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | peer's g: 94 df d4 cf da 34 96 48 c6 d5 2e f5 b4 51 cf 24 | peer's g: d0 a9 b4 f5 f4 05 99 db 0d 85 1c 14 7e 0a 89 96 | peer's g: 7a 5e 72 33 6a c2 c8 8b f1 89 08 d7 ae 12 d4 05 | peer's g: 55 ec 0c 6e 1d fa dd 3e c0 23 73 a6 8c 6c 32 46 | peer's g: f2 a4 6e 74 e0 01 13 42 fe 8b fd 1a b7 04 9e 08 | peer's g: 45 d1 0b 17 97 ee 66 d2 0e a4 e2 a9 6f 48 76 c7 | peer's g: a6 05 ce 92 9b 5c 06 a7 6b aa 28 56 00 71 1e c4 | peer's g: 30 6e 0f c5 54 c6 6b dc ac d8 f4 4a 28 10 ab de | peer's g: 64 d4 4d f7 4d d9 25 62 f4 8e c3 12 1f 30 24 a8 | processing: STOP connection NULL (in process_md() at demux.c:383) | peer's g: ee 36 a7 23 4b 44 c5 76 27 ac e8 53 99 be 15 bd | spent 0.235 milliseconds in comm_handle_cb() reading and processing packet | peer's g: 8c 09 dc 05 6b bf c5 65 40 02 c3 6d 2e 6e 36 09 | peer's g: 22 c4 77 4a 99 d9 35 99 1b 0e 9c 04 3f 77 ac af | Started DH shared-secret computation in NSS: | new : g_ir-key@0x7efea800c5c0 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7efe9c002010: computed shared DH secret key@0x7efea800c5c0 | dh-shared : g^ir-key@0x7efea800c5c0 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha integ=sha cipherkey-size=24 salt-size=0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha init Ni | Nr-chunk@0x7efea00039a0 (length 64) | 6b e2 14 0e db 0e 03 67 51 79 6b 8b 3c 1b e9 65 | 6a df b0 5a 4c 3a 8f 98 3e 21 e0 bf 75 62 f5 e4 | 82 58 f2 d4 d0 fa a5 d0 5b b0 72 19 e6 a8 0d ef | 8e d6 d0 72 5d 6b d9 63 ea 48 51 6a ee b6 df 84 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efeb98a3670 | result: Ni | Nr-key@0x7efea8005db0 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x7efea8005db0 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeb98a3658 | result: Ni | Nr-key@0x7efea800c3d0 (64-bytes, SHA_1_HMAC) | Ni | Nr: release tmp-key@0x7efea8005db0 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha context 0x7efea0003aa0 from Ni | Nr-key@0x7efea800c3d0 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha with context 0x7efea0003aa0 from Ni | Nr-key@0x7efea800c3d0 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x7efea800c3d0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha crypt-prf@0x7efea0000d60 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha update g^ir-key@0x7efea800c5c0 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x7efea800c5c0 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x7efea800c5c0 | nss hmac digest hack: symkey-key@0x7efea800c5c0 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)-1182125360: 67 6e 7c ffffff90 7c ffffff8c fffffffa 43 ffffffe1 05 29 ffffffc4 ffffffed 46 ffffffa0 ffffffb3 19 48 ffffff81 0c 29 ffffffa2 ffffffdc 5d ffffff8c 03 2b 71 ffffffcd ffffffec 0b 30 41 ffffffdd ffffff8f 6b 13 ffffffc8 ffffffe8 3b 1c ffffffda ffffff9e 7d 75 40 ffffffde ffffffa6 16 6b ffffffcc ffffffcd 7d ffffff8b ffffffff ffffffe0 ffffffba ffffffce 63 ffffff91 ffffffd9 ffffff98 42 02 40 0c ffffffc4 60 49 ffffffee 4d 64 0a 2d ffffff87 ffffff9f ffffffe9 ffffffb3 51 5f ffffff87 60 ffffff94 ffffffcf ffffffec 51 3e ffffffec ffffffad ffffffd1 1a 17 ffffffe3 4a 09 ffffffc0 ffffffbd 4a 30 ffffffec 62 ffffffe5 17 ffffffec 63 25 04 03 ffffffc2 44 78 fffffffd ffffffb0 ffffffb4 ffffff80 ffffffdb 1e ffffffb0 ffffff81 12 ffffff84 ffffffa1 ffffffdf 73 7f 52 61 ffffffa0 ffffffc6 ffffffd1 31 ffffff93 1f ffffff96 ffffffac ffffff9a ffffff8f 7a ffffffd3 ffffffc7 28 ffffffe6 0e ffffff97 ffffffa8 58 ffffff8a ffffff8a 43 49 4f ffffff8c 38 ffffffad fffffff8 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 256 bytes at 0x7efea00043d0 | unwrapped: fa 01 1a 8d 02 5b e1 91 f8 33 a3 c7 4f a9 14 97 | unwrapped: df b0 44 b5 a2 35 92 2d 41 e8 7c a8 c2 ee 14 99 | unwrapped: 11 f5 0b ff 01 97 f7 5d c0 bd 2d ec b7 3f cf 88 | unwrapped: 01 f0 4d 16 28 2d 65 df aa cc 40 bc c0 e0 d4 fa | unwrapped: 3a b7 2c 1e c0 5f 59 bd 10 7d da 38 48 e4 f9 18 | unwrapped: c2 e2 01 d0 b3 79 14 7d db e1 0e d8 c0 ff 7a 4b | unwrapped: 32 6a 57 48 46 91 b9 d5 42 94 38 89 9b 9b 58 9d | unwrapped: 72 37 d1 f6 31 3e ea 64 15 6c fb 9d a4 ab 5f b2 | unwrapped: d3 af a8 f5 fb 1a e6 93 ca 15 3d 23 80 b3 63 8f | unwrapped: 19 cc a3 6d 41 98 76 b3 19 55 e0 4e ff 40 e1 b8 | unwrapped: 2e d5 a5 fe 62 4b e5 17 81 d8 3f b9 b0 67 0c 22 | unwrapped: 02 73 e5 85 14 4f 2f c5 28 3f ee 66 ac f5 a0 ca | unwrapped: ec 3b 69 53 e9 82 da 4b 29 3f 73 98 a9 d5 a3 77 | unwrapped: cc 69 7d 4f 9a 86 f3 ba fb d8 cd 78 18 e8 71 f8 | unwrapped: 08 ee b8 21 b6 26 e3 ed 91 5c 4c ab b3 d1 3e 1f | unwrapped: 54 d9 4b 84 02 01 8d 42 ad 7f 73 f1 49 a0 6b 70 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efeb98a3690 | result: final-key@0x7efea8005db0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efea8005db0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeb98a3678 | result: final-key@0x7efea800c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efea8005db0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha final-key@0x7efea800c3d0 (size 20) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x7efea800c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efeb98a3600 | result: data=Ni-key@0x557c468f27a0 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x557c468f27a0 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeb98a35e8 | result: data=Ni-key@0x7efea8005db0 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x557c468f27a0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7efea8005db0 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7efeb98a35f0 | result: data+=Nr-key@0x557c468f27a0 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x7efea8005db0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c468f27a0 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7efeb98a35f0 | result: data+=SPIi-key@0x7efea8005db0 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x557c468f27a0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7efea8005db0 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7efeb98a35f0 | result: data+=SPIr-key@0x557c468f27a0 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x7efea8005db0 | prf+0 PRF sha init key-key@0x7efea800c3d0 (size 20) | prf+0: key-key@0x7efea800c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efea800c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeb98a3518 | result: clone-key@0x7efea8005db0 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7efea0003aa0 from key-key@0x7efea8005db0 | prf+0 prf: begin sha with context 0x7efea0003aa0 from key-key@0x7efea8005db0 | prf+0: release clone-key@0x7efea8005db0 | prf+0 PRF sha crypt-prf@0x7efea00016e0 | prf+0 PRF sha update seed-key@0x557c468f27a0 (size 80) | prf+0: seed-key@0x557c468f27a0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x557c468f27a0 | nss hmac digest hack: symkey-key@0x557c468f27a0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1182125728: ffffff87 ffffffeb 69 3f 78 ffffffe3 ffffff9e ffffffe1 6f ffffffc1 fffffff2 ffffff9f ffffffe3 ffffff96 ffffffd0 ffffff8e 1f ffffffcc ffffffb2 ffffffc8 ffffffc1 38 ffffffbc fffffff6 ffffffd0 59 ffffff8d ffffffd3 ffffffb2 fffffffc 7e 04 ffffffb4 22 78 54 6c ffffffcf ffffffba 0a 58 ffffffb5 ffffffff 1d ffffff96 fffffff2 ffffffd9 ffffffd7 65 ffffffc2 72 ffffffbb ffffff96 29 ffffffd4 ffffffc8 ffffffe8 fffffff5 ffffffbb 60 65 fffffff6 ffffffe2 79 ffffffcd ffffff89 4c fffffff9 ffffffc8 67 fffffff7 ffffff98 71 6e 65 22 ffffff81 07 0f ffffff82 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 80 bytes at 0x7efea0001a70 | unwrapped: 6b e2 14 0e db 0e 03 67 51 79 6b 8b 3c 1b e9 65 | unwrapped: 6a df b0 5a 4c 3a 8f 98 3e 21 e0 bf 75 62 f5 e4 | unwrapped: 82 58 f2 d4 d0 fa a5 d0 5b b0 72 19 e6 a8 0d ef | unwrapped: 8e d6 d0 72 5d 6b d9 63 ea 48 51 6a ee b6 df 84 | unwrapped: 97 77 0f 81 26 36 14 86 dd c5 49 2c 24 a3 cb 98 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efeb98a3520 | result: final-key@0x557c468f9700 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x557c468f9700 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeb98a3508 | result: final-key@0x7efea8005db0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x557c468f9700 | prf+0 PRF sha final-key@0x7efea8005db0 (size 20) | prf+0: key-key@0x7efea8005db0 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x7efea8005db0 | prf+N PRF sha init key-key@0x7efea800c3d0 (size 20) | prf+N: key-key@0x7efea800c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efea800c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeb98a3518 | result: clone-key@0x557c468f9700 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7efea0003aa0 from key-key@0x557c468f9700 | prf+N prf: begin sha with context 0x7efea0003aa0 from key-key@0x557c468f9700 | prf+N: release clone-key@0x557c468f9700 | prf+N PRF sha crypt-prf@0x7efea00010c0 | prf+N PRF sha update old_t-key@0x7efea8005db0 (size 20) | prf+N: old_t-key@0x7efea8005db0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7efea8005db0 | nss hmac digest hack: symkey-key@0x7efea8005db0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1182125728: ffffffe7 36 62 ffffffab 00 6e 42 ffffffb8 ffffffe9 ffffffbd ffffffda 61 ffffffef ffffffb5 ffffffd1 ffffffc0 76 ffffff85 fffffffd 4b 64 25 ffffffa7 31 2e 3e 0c 33 fffffff9 fffffff1 3f ffffff8d | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x7efea0001ad0 | unwrapped: a4 64 eb 0f cd 1c 3e 75 f1 90 6e bd 32 1e 52 07 | unwrapped: c7 d0 d9 f0 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x557c468f27a0 (size 80) | prf+N: seed-key@0x557c468f27a0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x557c468f27a0 | nss hmac digest hack: symkey-key@0x557c468f27a0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1182125728: ffffff87 ffffffeb 69 3f 78 ffffffe3 ffffff9e ffffffe1 6f ffffffc1 fffffff2 ffffff9f ffffffe3 ffffff96 ffffffd0 ffffff8e 1f ffffffcc ffffffb2 ffffffc8 ffffffc1 38 ffffffbc fffffff6 ffffffd0 59 ffffff8d ffffffd3 ffffffb2 fffffffc 7e 04 ffffffb4 22 78 54 6c ffffffcf ffffffba 0a 58 ffffffb5 ffffffff 1d ffffff96 fffffff2 ffffffd9 ffffffd7 65 ffffffc2 72 ffffffbb ffffff96 29 ffffffd4 ffffffc8 ffffffe8 fffffff5 ffffffbb 60 65 fffffff6 ffffffe2 79 ffffffcd ffffff89 4c fffffff9 ffffffc8 67 fffffff7 ffffff98 71 6e 65 22 ffffff81 07 0f ffffff82 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 80 bytes at 0x7efea0004810 | unwrapped: 6b e2 14 0e db 0e 03 67 51 79 6b 8b 3c 1b e9 65 | unwrapped: 6a df b0 5a 4c 3a 8f 98 3e 21 e0 bf 75 62 f5 e4 | unwrapped: 82 58 f2 d4 d0 fa a5 d0 5b b0 72 19 e6 a8 0d ef | unwrapped: 8e d6 d0 72 5d 6b d9 63 ea 48 51 6a ee b6 df 84 | unwrapped: 97 77 0f 81 26 36 14 86 dd c5 49 2c 24 a3 cb 98 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efeb98a3520 | result: final-key@0x7efeb4006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efeb4006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeb98a3508 | result: final-key@0x557c468f9700 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efeb4006900 | prf+N PRF sha final-key@0x557c468f9700 (size 20) | prf+N: key-key@0x557c468f9700 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7efea8005db0 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7efeb98a3598 | result: result-key@0x7efeb4006900 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7efea8005db0 | prfplus: release old_t[N]-key@0x7efea8005db0 | prf+N PRF sha init key-key@0x7efea800c3d0 (size 20) | prf+N: key-key@0x7efea800c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efea800c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeb98a3518 | result: clone-key@0x7efea8005db0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7efea0003aa0 from key-key@0x7efea8005db0 | prf+N prf: begin sha with context 0x7efea0003aa0 from key-key@0x7efea8005db0 | prf+N: release clone-key@0x7efea8005db0 | prf+N PRF sha crypt-prf@0x7efea0002a80 | prf+N PRF sha update old_t-key@0x557c468f9700 (size 20) | prf+N: old_t-key@0x557c468f9700 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x557c468f9700 | nss hmac digest hack: symkey-key@0x557c468f9700 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1182125728: ffffff84 ffffff90 ffffffc8 ffffffd9 ffffffdf 05 34 2d ffffffbf ffffffad fffffff8 ffffffc0 fffffffd 6f fffffffd 19 ffffff96 ffffff86 ffffffd1 ffffff8c 46 ffffff93 6f 0c ffffffb0 ffffffcc 34 79 4a ffffffd5 25 4d | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x7efea0005f40 | unwrapped: 5f 4f 92 d2 b6 e1 f5 47 22 d4 27 d2 c9 5b 8b dd | unwrapped: 03 89 41 36 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x557c468f27a0 (size 80) | prf+N: seed-key@0x557c468f27a0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x557c468f27a0 | nss hmac digest hack: symkey-key@0x557c468f27a0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1182125728: ffffff87 ffffffeb 69 3f 78 ffffffe3 ffffff9e ffffffe1 6f ffffffc1 fffffff2 ffffff9f ffffffe3 ffffff96 ffffffd0 ffffff8e 1f ffffffcc ffffffb2 ffffffc8 ffffffc1 38 ffffffbc fffffff6 ffffffd0 59 ffffff8d ffffffd3 ffffffb2 fffffffc 7e 04 ffffffb4 22 78 54 6c ffffffcf ffffffba 0a 58 ffffffb5 ffffffff 1d ffffff96 fffffff2 ffffffd9 ffffffd7 65 ffffffc2 72 ffffffbb ffffff96 29 ffffffd4 ffffffc8 ffffffe8 fffffff5 ffffffbb 60 65 fffffff6 ffffffe2 79 ffffffcd ffffff89 4c fffffff9 ffffffc8 67 fffffff7 ffffff98 71 6e 65 22 ffffff81 07 0f ffffff82 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 80 bytes at 0x7efea00047b0 | unwrapped: 6b e2 14 0e db 0e 03 67 51 79 6b 8b 3c 1b e9 65 | unwrapped: 6a df b0 5a 4c 3a 8f 98 3e 21 e0 bf 75 62 f5 e4 | unwrapped: 82 58 f2 d4 d0 fa a5 d0 5b b0 72 19 e6 a8 0d ef | unwrapped: 8e d6 d0 72 5d 6b d9 63 ea 48 51 6a ee b6 df 84 | unwrapped: 97 77 0f 81 26 36 14 86 dd c5 49 2c 24 a3 cb 98 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efeb98a3520 | result: final-key@0x7efea8006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efea8006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeb98a3508 | result: final-key@0x7efea8005db0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efea8006900 | prf+N PRF sha final-key@0x7efea8005db0 (size 20) | prf+N: key-key@0x7efea8005db0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7efeb4006900 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7efeb98a3598 | result: result-key@0x7efea8006900 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7efeb4006900 | prfplus: release old_t[N]-key@0x557c468f9700 | prf+N PRF sha init key-key@0x7efea800c3d0 (size 20) | prf+N: key-key@0x7efea800c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efea800c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeb98a3518 | result: clone-key@0x557c468f9700 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7efea0003aa0 from key-key@0x557c468f9700 | prf+N prf: begin sha with context 0x7efea0003aa0 from key-key@0x557c468f9700 | prf+N: release clone-key@0x557c468f9700 | prf+N PRF sha crypt-prf@0x7efea00010c0 | prf+N PRF sha update old_t-key@0x7efea8005db0 (size 20) | prf+N: old_t-key@0x7efea8005db0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7efea8005db0 | nss hmac digest hack: symkey-key@0x7efea8005db0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1182125728: ffffffde ffffffb7 13 ffffffc6 5c 5c 08 ffffffda ffffffd7 1c 17 ffffffd0 ffffffc1 68 ffffffef 50 0d 0f 32 25 77 ffffff8d ffffffa6 2b ffffffd7 0c ffffffb8 4b 1c fffffff2 66 ffffff8d | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x7efea0005f10 | unwrapped: 52 54 35 93 80 56 55 0b 74 fb a3 06 d4 68 98 5d | unwrapped: 3d 91 97 ed 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x557c468f27a0 (size 80) | prf+N: seed-key@0x557c468f27a0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x557c468f27a0 | nss hmac digest hack: symkey-key@0x557c468f27a0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1182125728: ffffff87 ffffffeb 69 3f 78 ffffffe3 ffffff9e ffffffe1 6f ffffffc1 fffffff2 ffffff9f ffffffe3 ffffff96 ffffffd0 ffffff8e 1f ffffffcc ffffffb2 ffffffc8 ffffffc1 38 ffffffbc fffffff6 ffffffd0 59 ffffff8d ffffffd3 ffffffb2 fffffffc 7e 04 ffffffb4 22 78 54 6c ffffffcf ffffffba 0a 58 ffffffb5 ffffffff 1d ffffff96 fffffff2 ffffffd9 ffffffd7 65 ffffffc2 72 ffffffbb ffffff96 29 ffffffd4 ffffffc8 ffffffe8 fffffff5 ffffffbb 60 65 fffffff6 ffffffe2 79 ffffffcd ffffff89 4c fffffff9 ffffffc8 67 fffffff7 ffffff98 71 6e 65 22 ffffff81 07 0f ffffff82 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 80 bytes at 0x7efea0004750 | unwrapped: 6b e2 14 0e db 0e 03 67 51 79 6b 8b 3c 1b e9 65 | unwrapped: 6a df b0 5a 4c 3a 8f 98 3e 21 e0 bf 75 62 f5 e4 | unwrapped: 82 58 f2 d4 d0 fa a5 d0 5b b0 72 19 e6 a8 0d ef | unwrapped: 8e d6 d0 72 5d 6b d9 63 ea 48 51 6a ee b6 df 84 | unwrapped: 97 77 0f 81 26 36 14 86 dd c5 49 2c 24 a3 cb 98 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efeb98a3520 | result: final-key@0x7efeb4006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efeb4006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeb98a3508 | result: final-key@0x557c468f9700 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efeb4006900 | prf+N PRF sha final-key@0x557c468f9700 (size 20) | prf+N: key-key@0x557c468f9700 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7efea8006900 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7efeb98a3598 | result: result-key@0x7efeb4006900 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7efea8006900 | prfplus: release old_t[N]-key@0x7efea8005db0 | prf+N PRF sha init key-key@0x7efea800c3d0 (size 20) | prf+N: key-key@0x7efea800c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efea800c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeb98a3518 | result: clone-key@0x7efea8005db0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7efea0003aa0 from key-key@0x7efea8005db0 | prf+N prf: begin sha with context 0x7efea0003aa0 from key-key@0x7efea8005db0 | prf+N: release clone-key@0x7efea8005db0 | prf+N PRF sha crypt-prf@0x7efea0002a80 | prf+N PRF sha update old_t-key@0x557c468f9700 (size 20) | prf+N: old_t-key@0x557c468f9700 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x557c468f9700 | nss hmac digest hack: symkey-key@0x557c468f9700 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1182125728: 41 1d 17 ffffffca 6b ffffffb3 ffffffcc 61 ffffffb3 14 40 36 71 40 ffffff9b ffffffa4 1f 33 ffffff82 2d 44 ffffff82 0e 79 34 ffffffc2 ffffffbe ffffffed fffffff4 ffffffa0 1c ffffffca | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x7efea00061e0 | unwrapped: ce 71 50 63 11 39 82 eb 04 0a 5d 1d 90 38 03 67 | unwrapped: a8 af a7 3d 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x557c468f27a0 (size 80) | prf+N: seed-key@0x557c468f27a0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x557c468f27a0 | nss hmac digest hack: symkey-key@0x557c468f27a0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1182125728: ffffff87 ffffffeb 69 3f 78 ffffffe3 ffffff9e ffffffe1 6f ffffffc1 fffffff2 ffffff9f ffffffe3 ffffff96 ffffffd0 ffffff8e 1f ffffffcc ffffffb2 ffffffc8 ffffffc1 38 ffffffbc fffffff6 ffffffd0 59 ffffff8d ffffffd3 ffffffb2 fffffffc 7e 04 ffffffb4 22 78 54 6c ffffffcf ffffffba 0a 58 ffffffb5 ffffffff 1d ffffff96 fffffff2 ffffffd9 ffffffd7 65 ffffffc2 72 ffffffbb ffffff96 29 ffffffd4 ffffffc8 ffffffe8 fffffff5 ffffffbb 60 65 fffffff6 ffffffe2 79 ffffffcd ffffff89 4c fffffff9 ffffffc8 67 fffffff7 ffffff98 71 6e 65 22 ffffff81 07 0f ffffff82 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 80 bytes at 0x7efea0006090 | unwrapped: 6b e2 14 0e db 0e 03 67 51 79 6b 8b 3c 1b e9 65 | unwrapped: 6a df b0 5a 4c 3a 8f 98 3e 21 e0 bf 75 62 f5 e4 | unwrapped: 82 58 f2 d4 d0 fa a5 d0 5b b0 72 19 e6 a8 0d ef | unwrapped: 8e d6 d0 72 5d 6b d9 63 ea 48 51 6a ee b6 df 84 | unwrapped: 97 77 0f 81 26 36 14 86 dd c5 49 2c 24 a3 cb 98 | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efeb98a3520 | result: final-key@0x7efea8006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efea8006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeb98a3508 | result: final-key@0x7efea8005db0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efea8006900 | prf+N PRF sha final-key@0x7efea8005db0 (size 20) | prf+N: key-key@0x7efea8005db0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7efeb4006900 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7efeb98a3598 | result: result-key@0x7efea8006900 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7efeb4006900 | prfplus: release old_t[N]-key@0x557c468f9700 | prf+N PRF sha init key-key@0x7efea800c3d0 (size 20) | prf+N: key-key@0x7efea800c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efea800c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeb98a3518 | result: clone-key@0x557c468f9700 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7efea0004b10 from key-key@0x557c468f9700 | prf+N prf: begin sha with context 0x7efea0004b10 from key-key@0x557c468f9700 | prf+N: release clone-key@0x557c468f9700 | prf+N PRF sha crypt-prf@0x7efea00010c0 | prf+N PRF sha update old_t-key@0x7efea8005db0 (size 20) | prf+N: old_t-key@0x7efea8005db0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7efea8005db0 | nss hmac digest hack: symkey-key@0x7efea8005db0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1182125728: ffffffb6 ffffff93 ffffffc8 03 ffffffdc 2a 21 78 41 76 ffffffe2 7a ffffffef ffffffe9 ffffff83 76 3b fffffffd fffffff6 75 ffffffae 1d 6b ffffffc2 ffffff9b ffffffd9 7e ffffff91 ffffffa8 ffffffcd ffffffbf ffffffad | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x7efea00065e0 | unwrapped: 13 06 64 90 74 2a 99 7b 9d ac 33 83 a7 ed d1 27 | unwrapped: ee b9 a3 39 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x557c468f27a0 (size 80) | prf+N: seed-key@0x557c468f27a0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x557c468f27a0 | nss hmac digest hack: symkey-key@0x557c468f27a0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1182125728: ffffff87 ffffffeb 69 3f 78 ffffffe3 ffffff9e ffffffe1 6f ffffffc1 fffffff2 ffffff9f ffffffe3 ffffff96 ffffffd0 ffffff8e 1f ffffffcc ffffffb2 ffffffc8 ffffffc1 38 ffffffbc fffffff6 ffffffd0 59 ffffff8d ffffffd3 ffffffb2 fffffffc 7e 04 ffffffb4 22 78 54 6c ffffffcf ffffffba 0a 58 ffffffb5 ffffffff 1d ffffff96 fffffff2 ffffffd9 ffffffd7 65 ffffffc2 72 ffffffbb ffffff96 29 ffffffd4 ffffffc8 ffffffe8 fffffff5 ffffffbb 60 65 fffffff6 ffffffe2 79 ffffffcd ffffff89 4c fffffff9 ffffffc8 67 fffffff7 ffffff98 71 6e 65 22 ffffff81 07 0f ffffff82 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 80 bytes at 0x7efea0004810 | unwrapped: 6b e2 14 0e db 0e 03 67 51 79 6b 8b 3c 1b e9 65 | unwrapped: 6a df b0 5a 4c 3a 8f 98 3e 21 e0 bf 75 62 f5 e4 | unwrapped: 82 58 f2 d4 d0 fa a5 d0 5b b0 72 19 e6 a8 0d ef | unwrapped: 8e d6 d0 72 5d 6b d9 63 ea 48 51 6a ee b6 df 84 | unwrapped: 97 77 0f 81 26 36 14 86 dd c5 49 2c 24 a3 cb 98 | prf+N PRF sha update N++-byte@0x6 (6) | 06 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efeb98a3520 | result: final-key@0x7efeb4006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efeb4006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeb98a3508 | result: final-key@0x557c468f9700 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efeb4006900 | prf+N PRF sha final-key@0x557c468f9700 (size 20) | prf+N: key-key@0x557c468f9700 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7efea8006900 (100-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7efeb98a3598 | result: result-key@0x7efeb4006900 (120-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7efea8006900 | prfplus: release old_t[N]-key@0x7efea8005db0 | prf+N PRF sha init key-key@0x7efea800c3d0 (size 20) | prf+N: key-key@0x7efea800c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efea800c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeb98a3518 | result: clone-key@0x7efea8005db0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7efea0003aa0 from key-key@0x7efea8005db0 | prf+N prf: begin sha with context 0x7efea0003aa0 from key-key@0x7efea8005db0 | prf+N: release clone-key@0x7efea8005db0 | prf+N PRF sha crypt-prf@0x7efea0002a80 | prf+N PRF sha update old_t-key@0x557c468f9700 (size 20) | prf+N: old_t-key@0x557c468f9700 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x557c468f9700 | nss hmac digest hack: symkey-key@0x557c468f9700 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1182125728: fffffffa ffffff96 0c 25 ffffffbd 76 40 ffffffd0 ffffffa9 ffffff8a 1a 61 6f ffffff99 ffffffbf 10 7d ffffffad 07 ffffffa7 7a ffffffc3 62 77 ffffffbd ffffff80 30 3c 74 0c ffffffab ffffffe0 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x7efea0006290 | unwrapped: e5 35 da e0 26 0c b3 0c dd 78 c1 1c 79 56 a5 8e | unwrapped: 42 04 ab 46 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x557c468f27a0 (size 80) | prf+N: seed-key@0x557c468f27a0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x557c468f27a0 | nss hmac digest hack: symkey-key@0x557c468f27a0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1182125728: ffffff87 ffffffeb 69 3f 78 ffffffe3 ffffff9e ffffffe1 6f ffffffc1 fffffff2 ffffff9f ffffffe3 ffffff96 ffffffd0 ffffff8e 1f ffffffcc ffffffb2 ffffffc8 ffffffc1 38 ffffffbc fffffff6 ffffffd0 59 ffffff8d ffffffd3 ffffffb2 fffffffc 7e 04 ffffffb4 22 78 54 6c ffffffcf ffffffba 0a 58 ffffffb5 ffffffff 1d ffffff96 fffffff2 ffffffd9 ffffffd7 65 ffffffc2 72 ffffffbb ffffff96 29 ffffffd4 ffffffc8 ffffffe8 fffffff5 ffffffbb 60 65 fffffff6 ffffffe2 79 ffffffcd ffffff89 4c fffffff9 ffffffc8 67 fffffff7 ffffff98 71 6e 65 22 ffffff81 07 0f ffffff82 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 80 bytes at 0x7efea0006090 | unwrapped: 6b e2 14 0e db 0e 03 67 51 79 6b 8b 3c 1b e9 65 | unwrapped: 6a df b0 5a 4c 3a 8f 98 3e 21 e0 bf 75 62 f5 e4 | unwrapped: 82 58 f2 d4 d0 fa a5 d0 5b b0 72 19 e6 a8 0d ef | unwrapped: 8e d6 d0 72 5d 6b d9 63 ea 48 51 6a ee b6 df 84 | unwrapped: 97 77 0f 81 26 36 14 86 dd c5 49 2c 24 a3 cb 98 | prf+N PRF sha update N++-byte@0x7 (7) | 07 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efeb98a3520 | result: final-key@0x7efea8006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efea8006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeb98a3508 | result: final-key@0x7efea8005db0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efea8006900 | prf+N PRF sha final-key@0x7efea8005db0 (size 20) | prf+N: key-key@0x7efea8005db0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7efeb4006900 (120-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7efeb98a3598 | result: result-key@0x7efea8006900 (140-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7efeb4006900 | prfplus: release old_t[N]-key@0x557c468f9700 | prf+N PRF sha init key-key@0x7efea800c3d0 (size 20) | prf+N: key-key@0x7efea800c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efea800c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeb98a3518 | result: clone-key@0x557c468f9700 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7efea0003aa0 from key-key@0x557c468f9700 | prf+N prf: begin sha with context 0x7efea0003aa0 from key-key@0x557c468f9700 | prf+N: release clone-key@0x557c468f9700 | prf+N PRF sha crypt-prf@0x7efea00010c0 | prf+N PRF sha update old_t-key@0x7efea8005db0 (size 20) | prf+N: old_t-key@0x7efea8005db0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7efea8005db0 | nss hmac digest hack: symkey-key@0x7efea8005db0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1182125728: ffffffab 3d fffffffd ffffff8c fffffff4 ffffffc8 6a fffffffa ffffffd4 ffffffec 00 29 ffffffb6 ffffff85 77 ffffff9e 7d 21 ffffff9d ffffffe8 ffffffbc ffffff98 ffffffd6 1c 5f ffffff8d 0b 31 ffffffa8 49 0b 65 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x7efea0006290 | unwrapped: 6b 96 15 df 46 2f 5b 7f e7 e4 34 01 5d 59 b1 9e | unwrapped: a0 0b 1e df 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x557c468f27a0 (size 80) | prf+N: seed-key@0x557c468f27a0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x557c468f27a0 | nss hmac digest hack: symkey-key@0x557c468f27a0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)-1182125728: ffffff87 ffffffeb 69 3f 78 ffffffe3 ffffff9e ffffffe1 6f ffffffc1 fffffff2 ffffff9f ffffffe3 ffffff96 ffffffd0 ffffff8e 1f ffffffcc ffffffb2 ffffffc8 ffffffc1 38 ffffffbc fffffff6 ffffffd0 59 ffffff8d ffffffd3 ffffffb2 fffffffc 7e 04 ffffffb4 22 78 54 6c ffffffcf ffffffba 0a 58 ffffffb5 ffffffff 1d ffffff96 fffffff2 ffffffd9 ffffffd7 65 ffffffc2 72 ffffffbb ffffff96 29 ffffffd4 ffffffc8 ffffffe8 fffffff5 ffffffbb 60 65 fffffff6 ffffffe2 79 ffffffcd ffffff89 4c fffffff9 ffffffc8 67 fffffff7 ffffff98 71 6e 65 22 ffffff81 07 0f ffffff82 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 80 bytes at 0x7efea00047b0 | unwrapped: 6b e2 14 0e db 0e 03 67 51 79 6b 8b 3c 1b e9 65 | unwrapped: 6a df b0 5a 4c 3a 8f 98 3e 21 e0 bf 75 62 f5 e4 | unwrapped: 82 58 f2 d4 d0 fa a5 d0 5b b0 72 19 e6 a8 0d ef | unwrapped: 8e d6 d0 72 5d 6b d9 63 ea 48 51 6a ee b6 df 84 | unwrapped: 97 77 0f 81 26 36 14 86 dd c5 49 2c 24 a3 cb 98 | prf+N PRF sha update N++-byte@0x8 (8) | 08 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7efeb98a3520 | result: final-key@0x7efeb4006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efeb4006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeb98a3508 | result: final-key@0x557c468f9700 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efeb4006900 | prf+N PRF sha final-key@0x557c468f9700 (size 20) | prf+N: key-key@0x557c468f9700 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7efea8006900 (140-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7efeb98a3598 | result: result-key@0x7efeb4006900 (160-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7efea8006900 | prfplus: release old_t[N]-key@0x7efea8005db0 | prfplus: release old_t[final]-key@0x557c468f9700 | ike_sa_keymat: release data-key@0x557c468f27a0 | calc_skeyseed_v2: release skeyseed_k-key@0x7efea800c3d0 | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efeb4006900 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeb98a3738 | result: result-key@0x7efea800c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 20, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efeb4006900 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeb98a3738 | result: result-key@0x557c468f27a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 40, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efeb4006900 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeb98a3738 | result: result-key@0x557c468f9700 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 60, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: DES3_CBC | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x7efeb4006900 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeb98a3748 | result: SK_ei_k-key@0x7efea8005db0 (24-bytes, DES3_CBC) | initiator salt NULL key has no bytes | calc_skeyseed_v2: release initiator-salt-key-key@NULL | key-offset: 84, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: DES3_CBC | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x7efeb4006900 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeb98a3748 | result: SK_er_k-key@0x7efea8006900 (24-bytes, DES3_CBC) | responder salt NULL key has no bytes | calc_skeyseed_v2: release responder-salt-key-key@NULL | key-offset: 108, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efeb4006900 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeb98a3748 | result: result-key@0x7efe9c00bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 20 bytes of key@0x7efe9c00bdb0 | chunk_SK_pi: symkey-key@0x7efe9c00bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)840971833: ffffffb9 ffffffd5 19 ffffffda 3e 7f 12 ffffffc5 ffffffe0 73 77 2e 1e 5d 23 4e 2f ffffff80 ffffffc3 fffffff4 ffffff9a ffffffb9 70 73 ffffff8e 33 ffffffb4 5c 65 68 ffffffcc 34 | chunk_SK_pi: release slot-key-key@0x557c468d1160 | chunk_SK_pi extracted len 32 bytes at 0x7efea0006290 | unwrapped: dd 78 c1 1c 79 56 a5 8e 42 04 ab 46 6b 96 15 df | unwrapped: 46 2f 5b 7f 00 00 00 00 00 00 00 00 00 00 00 00 | key-offset: 128, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efeb4006900 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7efeb98a3748 | result: result-key@0x557c468f9790 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 20 bytes of key@0x557c468f9790 | chunk_SK_pr: symkey-key@0x557c468f9790 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)840971833: fffffff4 ffffff85 ffffff9a 2b ffffffc0 ffffffe7 00 28 ffffffd7 5c 0a fffffff3 23 76 ffffffac ffffff97 ffffffd3 44 3e ffffffc4 4e fffffff4 ffffffc0 62 27 25 07 6e fffffff4 ffffff8b 2b fffffff4 | chunk_SK_pr: release slot-key-key@0x557c468d1160 | chunk_SK_pr extracted len 32 bytes at 0x7efea00061e0 | unwrapped: e7 e4 34 01 5d 59 b1 9e a0 0b 1e df 12 b1 d0 f0 | unwrapped: 38 08 82 d8 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x7efeb4006900 | calc_skeyseed_v2 pointers: shared-key@0x7efea800c5c0, SK_d-key@0x7efea800c3d0, SK_ai-key@0x557c468f27a0, SK_ar-key@0x557c468f9700, SK_ei-key@0x7efea8005db0, SK_er-key@0x7efea8006900, SK_pi-key@0x7efe9c00bdb0, SK_pr-key@0x557c468f9790 | calc_skeyseed_v2 initiator salt | | calc_skeyseed_v2 responder salt | | calc_skeyseed_v2 SK_pi | dd 78 c1 1c 79 56 a5 8e 42 04 ab 46 6b 96 15 df | 46 2f 5b 7f | calc_skeyseed_v2 SK_pr | e7 e4 34 01 5d 59 b1 9e a0 0b 1e df 12 b1 d0 f0 | 38 08 82 d8 | crypto helper 6 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 14 time elapsed 0.003751 seconds | (#21) spent 3.56 milliseconds in crypto helper computing work-order 14: ikev2_inI2outR2 KE (pcr) | crypto helper 6 sending results from work-order 14 for state #21 to event queue | scheduling resume sending helper answer for #21 | libevent_malloc: new ptr-libevent@0x7efea00037a0 size 128 | crypto helper 6 waiting (nothing to do) | processing resume sending helper answer for #21 | start processing: state #21 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 6 replies to request ID 14 | calling continuation function 0x557c447f4630 | ikev2_parent_inI2outR2_continue for #21: calculating g^{xy}, sending R2 | DH secret MODP2048@0x7efe9c002010: transferring ownership from helper IKEv2 DH to state #21 | finish_dh_v2: release st_shared_nss-key@NULL | #21 in state PARENT_R1: received v2I1, sent v2R1 | hmac PRF sha init symkey-key@0x557c468f27a0 (size 20) | hmac: symkey-key@0x557c468f27a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x557c468f27a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f58c28 | result: clone-key@0x7efeb4006900 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x557c468d06c0 from symkey-key@0x7efeb4006900 | hmac prf: begin sha with context 0x557c468d06c0 from symkey-key@0x7efeb4006900 | hmac: release clone-key@0x7efeb4006900 | hmac PRF sha crypt-prf@0x557c468f0e90 | hmac PRF sha update data-bytes@0x557c468f0d10 (length 184) | 97 77 0f 81 26 36 14 86 dd c5 49 2c 24 a3 cb 98 | 2e 20 23 08 00 00 00 01 00 00 00 c4 23 00 00 a8 | 21 b8 e4 07 95 88 fe c8 b4 4b 8b 7c c3 14 ac 0e | e7 1b 5c e9 c3 ce 4d 1a 22 f9 35 b3 11 dc c0 66 | 16 26 ab ac 70 a2 8e 31 b6 ea 08 aa 7c 08 67 91 | 03 03 9d 92 5b 7d 99 08 24 b1 22 a4 4f 71 96 a3 | b3 88 af c4 8d 31 bf 35 0b bd e1 0f 8c 66 5f 99 | ab 8c 23 f8 5f 62 92 a6 3b cc c2 e9 1b 00 e4 61 | 60 e4 f6 a0 78 17 a8 2a 71 2e c3 c7 0e c6 e2 e5 | d6 fd 51 bc ad 12 4d dd 69 5d fd ec 0c 41 20 d1 | dd bf 5f 69 78 4c 73 fe a9 c1 7d 9b e3 2a 31 a0 | d5 ff 57 32 e3 02 e5 26 | hmac PRF sha final-bytes@0x7fff72f58df0 (length 20) | 30 16 75 75 31 ff eb 04 35 de 2c d6 17 16 4e 9d | c4 d6 62 34 | data for hmac: 97 77 0f 81 26 36 14 86 dd c5 49 2c 24 a3 cb 98 | data for hmac: 2e 20 23 08 00 00 00 01 00 00 00 c4 23 00 00 a8 | data for hmac: 21 b8 e4 07 95 88 fe c8 b4 4b 8b 7c c3 14 ac 0e | data for hmac: e7 1b 5c e9 c3 ce 4d 1a 22 f9 35 b3 11 dc c0 66 | data for hmac: 16 26 ab ac 70 a2 8e 31 b6 ea 08 aa 7c 08 67 91 | data for hmac: 03 03 9d 92 5b 7d 99 08 24 b1 22 a4 4f 71 96 a3 | data for hmac: b3 88 af c4 8d 31 bf 35 0b bd e1 0f 8c 66 5f 99 | data for hmac: ab 8c 23 f8 5f 62 92 a6 3b cc c2 e9 1b 00 e4 61 | data for hmac: 60 e4 f6 a0 78 17 a8 2a 71 2e c3 c7 0e c6 e2 e5 | data for hmac: d6 fd 51 bc ad 12 4d dd 69 5d fd ec 0c 41 20 d1 | data for hmac: dd bf 5f 69 78 4c 73 fe a9 c1 7d 9b e3 2a 31 a0 | data for hmac: d5 ff 57 32 e3 02 e5 26 | calculated auth: 30 16 75 75 31 ff eb 04 35 de 2c d6 | provided auth: 30 16 75 75 31 ff eb 04 35 de 2c d6 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 21 b8 e4 07 95 88 fe c8 | payload before decryption: | b4 4b 8b 7c c3 14 ac 0e e7 1b 5c e9 c3 ce 4d 1a | 22 f9 35 b3 11 dc c0 66 16 26 ab ac 70 a2 8e 31 | b6 ea 08 aa 7c 08 67 91 03 03 9d 92 5b 7d 99 08 | 24 b1 22 a4 4f 71 96 a3 b3 88 af c4 8d 31 bf 35 | 0b bd e1 0f 8c 66 5f 99 ab 8c 23 f8 5f 62 92 a6 | 3b cc c2 e9 1b 00 e4 61 60 e4 f6 a0 78 17 a8 2a | 71 2e c3 c7 0e c6 e2 e5 d6 fd 51 bc ad 12 4d dd | 69 5d fd ec 0c 41 20 d1 dd bf 5f 69 78 4c 73 fe | a9 c1 7d 9b e3 2a 31 a0 d5 ff 57 32 e3 02 e5 26 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | payload after decryption: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c | 02 00 00 00 65 61 73 74 21 00 00 1c 02 00 00 00 | cc a7 d2 36 9a da 0c fd 0b 67 b4 81 ef 05 de 39 | b8 c1 fb 59 2c 00 00 28 00 00 00 24 01 03 04 03 | 61 40 df 86 03 00 00 08 01 00 00 03 03 00 00 08 | 03 00 00 02 00 00 00 08 05 00 00 00 2d 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 01 00 | c0 00 01 ff 00 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 02 00 c0 00 02 ff 00 01 02 03 | stripping 4 octets as pad | #21 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) | **parse IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2IDr (0x24) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDi (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) | **parse IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDr (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) | **parse IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | length: 28 (0x1c) | auth method: IKEv2_AUTH_SHARED (0x2) | processing payload: ISAKMP_NEXT_v2AUTH (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | **parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) | flags: none (0x0) | length: 40 (0x28) | processing payload: ISAKMP_NEXT_v2SA (len=36) | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) | **parse IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSi (len=16) | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) | **parse IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSr (len=16) | selected state microcode Responder: process IKE_AUTH request | Now let's proceed with state specific processing | calling processor Responder: process IKE_AUTH request "east" #21: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr} | #21 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) | received IDr payload - extracting our alleged ID | refine_host_connection for IKEv2: starting with "east" | match_id a=@west | b=@west | results matched | refine_host_connection: checking "east" against "east", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0)) | Warning: not switching back to template of current instance | Peer expects us to be @east (ID_FQDN) according to its IDr payload | This connection's local id is @east (ID_FQDN) | refine_host_connection: checked east against east, now for see if best | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x557c468dd5e0 (line=1) | concluding with best_match=014 best=0x557c468dd5e0 (lineno=1) | returning because exact peer id match | offered CA: '%none' "east" #21: IKEv2 mode peer ID is ID_FQDN: '@west' | hmac PRF sha init symkey-key@0x7efe9c00bdb0 (size 20) | hmac: symkey-key@0x7efe9c00bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efe9c00bdb0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f58698 | result: clone-key@0x7efeb4006900 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x557c468d06c0 from symkey-key@0x7efeb4006900 | hmac prf: begin sha with context 0x557c468d06c0 from symkey-key@0x7efeb4006900 | hmac: release clone-key@0x7efeb4006900 | hmac PRF sha crypt-prf@0x557c468ef280 | idhash verify I2 02 00 00 00 77 65 73 74 | hmac PRF sha update data-bytes@0x557c468f0d3c (length 8) | 02 00 00 00 77 65 73 74 | hmac PRF sha final-bytes@0x7fff72f58850 (length 20) | 1d c6 a2 35 42 24 94 38 bf 08 e3 d0 7d b6 41 f0 | 8c dc 5c c7 | verifying AUTH payload | ikev2_calculate_psk_sighash() called from STATE_PARENT_R1 to verify PSK with authby=secret | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x557c468dd5e0 (line=1) | concluding with best_match=014 best=0x557c468dd5e0 (lineno=1) | inputs to hash1 (first packet) | 97 77 0f 81 26 36 14 86 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 03 | 80 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 85 d5 0d 50 03 83 b0 5e e6 19 95 0c | ef 05 7c 44 82 39 fb 0b 41 6d 5b 2e 26 e0 c9 e2 | 95 55 77 7b ab 59 2c e3 9f 8f 26 5d 56 54 36 6c | 93 bd f6 93 1e 52 da 6c be f7 44 5e 86 b1 8a 68 | 82 38 59 5a 94 df d4 cf da 34 96 48 c6 d5 2e f5 | b4 51 cf 24 d0 a9 b4 f5 f4 05 99 db 0d 85 1c 14 | 7e 0a 89 96 7a 5e 72 33 6a c2 c8 8b f1 89 08 d7 | ae 12 d4 05 55 ec 0c 6e 1d fa dd 3e c0 23 73 a6 | 8c 6c 32 46 f2 a4 6e 74 e0 01 13 42 fe 8b fd 1a | b7 04 9e 08 45 d1 0b 17 97 ee 66 d2 0e a4 e2 a9 | 6f 48 76 c7 a6 05 ce 92 9b 5c 06 a7 6b aa 28 56 | 00 71 1e c4 30 6e 0f c5 54 c6 6b dc ac d8 f4 4a | 28 10 ab de 64 d4 4d f7 4d d9 25 62 f4 8e c3 12 | 1f 30 24 a8 ee 36 a7 23 4b 44 c5 76 27 ac e8 53 | 99 be 15 bd 8c 09 dc 05 6b bf c5 65 40 02 c3 6d | 2e 6e 36 09 22 c4 77 4a 99 d9 35 99 1b 0e 9c 04 | 3f 77 ac af 29 00 00 24 6b e2 14 0e db 0e 03 67 | 51 79 6b 8b 3c 1b e9 65 6a df b0 5a 4c 3a 8f 98 | 3e 21 e0 bf 75 62 f5 e4 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 78 45 54 6e 32 0c d1 65 | bb a1 99 9b c3 aa e8 58 67 d3 c3 58 00 00 00 1c | 00 00 40 05 95 08 88 e5 b8 57 cc bd d3 da d0 da | 30 73 df 88 c9 83 88 0f | verify: initiator inputs to hash2 (responder nonce) | 82 58 f2 d4 d0 fa a5 d0 5b b0 72 19 e6 a8 0d ef | 8e d6 d0 72 5d 6b d9 63 ea 48 51 6a ee b6 df 84 | idhash 1d c6 a2 35 42 24 94 38 bf 08 e3 d0 7d b6 41 f0 | idhash 8c dc 5c c7 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x557c468e7dc0 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f584a0 | result: shared secret-key@0x7efea40067f0 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x7efea40067f0 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f58488 | result: shared secret-key@0x7efeb4006900 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x7efea40067f0 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x557c468d06c0 from shared secret-key@0x7efeb4006900 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x557c468d06c0 from shared secret-key@0x7efeb4006900 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7efeb4006900 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x557c468f0e90 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x557c44887bb0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f584c0 | result: final-key@0x7efea40067f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efea40067f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f584a8 | result: final-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efea40067f0 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7efeb4006900 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7efeb4006900 (size 20) | = prf(, ): -key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f584b8 | result: clone-key@0x7efea40067f0 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x557c468d06c0 from -key@0x7efea40067f0 | = prf(, ) prf: begin sha with context 0x557c468d06c0 from -key@0x7efea40067f0 | = prf(, ): release clone-key@0x7efea40067f0 | = prf(, ) PRF sha crypt-prf@0x557c468f2830 | = prf(, ) PRF sha update first-packet-bytes@0x557c468f6250 (length 440) | 97 77 0f 81 26 36 14 86 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 03 | 80 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 85 d5 0d 50 03 83 b0 5e e6 19 95 0c | ef 05 7c 44 82 39 fb 0b 41 6d 5b 2e 26 e0 c9 e2 | 95 55 77 7b ab 59 2c e3 9f 8f 26 5d 56 54 36 6c | 93 bd f6 93 1e 52 da 6c be f7 44 5e 86 b1 8a 68 | 82 38 59 5a 94 df d4 cf da 34 96 48 c6 d5 2e f5 | b4 51 cf 24 d0 a9 b4 f5 f4 05 99 db 0d 85 1c 14 | 7e 0a 89 96 7a 5e 72 33 6a c2 c8 8b f1 89 08 d7 | ae 12 d4 05 55 ec 0c 6e 1d fa dd 3e c0 23 73 a6 | 8c 6c 32 46 f2 a4 6e 74 e0 01 13 42 fe 8b fd 1a | b7 04 9e 08 45 d1 0b 17 97 ee 66 d2 0e a4 e2 a9 | 6f 48 76 c7 a6 05 ce 92 9b 5c 06 a7 6b aa 28 56 | 00 71 1e c4 30 6e 0f c5 54 c6 6b dc ac d8 f4 4a | 28 10 ab de 64 d4 4d f7 4d d9 25 62 f4 8e c3 12 | 1f 30 24 a8 ee 36 a7 23 4b 44 c5 76 27 ac e8 53 | 99 be 15 bd 8c 09 dc 05 6b bf c5 65 40 02 c3 6d | 2e 6e 36 09 22 c4 77 4a 99 d9 35 99 1b 0e 9c 04 | 3f 77 ac af 29 00 00 24 6b e2 14 0e db 0e 03 67 | 51 79 6b 8b 3c 1b e9 65 6a df b0 5a 4c 3a 8f 98 | 3e 21 e0 bf 75 62 f5 e4 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 78 45 54 6e 32 0c d1 65 | bb a1 99 9b c3 aa e8 58 67 d3 c3 58 00 00 00 1c | 00 00 40 05 95 08 88 e5 b8 57 cc bd d3 da d0 da | 30 73 df 88 c9 83 88 0f | = prf(, ) PRF sha update nonce-bytes@0x7efe9c00bc20 (length 32) | 82 58 f2 d4 d0 fa a5 d0 5b b0 72 19 e6 a8 0d ef | 8e d6 d0 72 5d 6b d9 63 ea 48 51 6a ee b6 df 84 | = prf(, ) PRF sha update hash-bytes@0x7fff72f58850 (length 20) | 1d c6 a2 35 42 24 94 38 bf 08 e3 d0 7d b6 41 f0 | 8c dc 5c c7 | = prf(, ) PRF sha final-chunk@0x557c468ef280 (length 20) | cc a7 d2 36 9a da 0c fd 0b 67 b4 81 ef 05 de 39 | b8 c1 fb 59 | psk_auth: release prf-psk-key@0x7efeb4006900 | Received PSK auth octets | cc a7 d2 36 9a da 0c fd 0b 67 b4 81 ef 05 de 39 | b8 c1 fb 59 | Calculated PSK auth octets | cc a7 d2 36 9a da 0c fd 0b 67 b4 81 ef 05 de 39 | b8 c1 fb 59 "east" #21: Authenticated using authby=secret | parent state #21: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA) | #21 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) | state #21 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7efeb0008da0 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x557c468ed9c0 | event_schedule: new EVENT_SA_REKEY-pe@0x557c468ed9c0 | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #21 | libevent_malloc: new ptr-libevent@0x7efeb0008da0 size 128 | pstats #21 ikev2.ike established | **emit ISAKMP Message: | initiator cookie: | 97 77 0f 81 26 36 14 86 | responder cookie: | dd c5 49 2c 24 a3 cb 98 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | hmac PRF sha init symkey-key@0x557c468f9790 (size 20) | hmac: symkey-key@0x557c468f9790 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x557c468f9790 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f58008 | result: clone-key@0x7efeb4006900 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x557c468d06c0 from symkey-key@0x7efeb4006900 | hmac prf: begin sha with context 0x557c468d06c0 from symkey-key@0x7efeb4006900 | hmac: release clone-key@0x7efeb4006900 | hmac PRF sha crypt-prf@0x557c468ea9d0 | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload | my identity 65 61 73 74 | emitting length of IKEv2 Identification - Responder - Payload: 12 | idhash calc R2 02 00 00 00 65 61 73 74 | hmac PRF sha update data-bytes@0x557c448f396c (length 8) | 02 00 00 00 65 61 73 74 | hmac PRF sha final-bytes@0x7fff72f58310 (length 20) | 87 90 4d 87 fd 3e cc 84 d3 4b 0e 62 3a d8 c6 96 | dc 3c f6 5c | assembled IDr payload | CHILD SA proposals received | going to assemble AUTH payload | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | auth method: IKEv2_AUTH_SHARED (0x2) | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_R2 to create PSK with authby=secret | started looking for secret for @east->@west of kind PKK_PSK | actually looking for secret for @east->@west of kind PKK_PSK | line 1: key type PKK_PSK(@east) to type PKK_PSK | 1: compared key @west to @east / @west -> 004 | 2: compared key @east to @east / @west -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x557c468dd5e0 (line=1) | concluding with best_match=014 best=0x557c468dd5e0 (lineno=1) | inputs to hash1 (first packet) | 97 77 0f 81 26 36 14 86 dd c5 49 2c 24 a3 cb 98 | 21 20 22 20 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | c8 23 fc 9c 26 e4 ff f7 c1 28 52 2e 8a c5 f6 0d | ba 8d 38 ad 62 00 78 57 c0 1f 7c 6d 78 e7 c5 0e | e5 d2 ad e6 d4 85 e9 d9 0b 1f ad dd 28 6e be b8 | 82 a2 9a 78 88 cb 85 6b 80 e0 18 9a 61 b0 07 d1 | 5e 14 07 37 76 14 b6 cd 28 bc 05 4b e2 1c 6f a8 | 86 1a ff f8 1a 99 15 1b 51 c7 c0 b6 d5 89 42 25 | 53 69 cf 29 8c ff e4 9d 49 3c c0 50 dc 12 b8 f1 | 3a d9 b1 d9 8f 39 45 a3 c8 b1 1f f4 29 1a d0 d9 | 02 bf b8 a0 7d 2f ee 5a 54 24 f3 9b 1f 2c a1 ad | 42 6a 05 8b e5 ca 91 8e 03 0b c5 d7 4b ee 0c 53 | a1 c0 4c 2c ce 20 55 d9 c1 10 90 cf af ba 9e f9 | 02 66 28 7f df 58 b9 16 cd a3 96 ab 99 ba a4 10 | 10 a9 b5 82 ee 58 a5 cf 09 56 c7 4c 8a c1 88 00 | 88 be 9d 5c 89 67 bf d3 0a 49 2c 65 c3 bf 2a a1 | 3a ae c8 69 7d ef 97 f3 89 9d 6e 8a b2 f8 59 7c | e7 ea 60 cd 2c 14 95 1c 9c 5d 93 a3 e7 5b 31 4e | 29 00 00 24 82 58 f2 d4 d0 fa a5 d0 5b b0 72 19 | e6 a8 0d ef 8e d6 d0 72 5d 6b d9 63 ea 48 51 6a | ee b6 df 84 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 28 0b d4 91 a9 f3 b4 2c 38 9e 47 c7 | 21 74 38 a3 0d 35 0e 69 00 00 00 1c 00 00 40 05 | 14 a3 f9 1e 5a 64 7b 99 25 8f c3 a7 0f 67 5a a8 | d0 ee b3 a3 | create: responder inputs to hash2 (initiator nonce) | 6b e2 14 0e db 0e 03 67 51 79 6b 8b 3c 1b e9 65 | 6a df b0 5a 4c 3a 8f 98 3e 21 e0 bf 75 62 f5 e4 | idhash 87 90 4d 87 fd 3e cc 84 d3 4b 0e 62 3a d8 c6 96 | idhash dc 3c f6 5c | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x557c468e7dc0 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f57e00 | result: shared secret-key@0x7efea40067f0 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x7efea40067f0 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57de8 | result: shared secret-key@0x7efeb4006900 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x7efea40067f0 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x557c468d06c0 from shared secret-key@0x7efeb4006900 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x557c468d06c0 from shared secret-key@0x7efeb4006900 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7efeb4006900 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x557c468ef280 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x557c44887bb0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f57e20 | result: final-key@0x7efea40067f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efea40067f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57e08 | result: final-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efea40067f0 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7efeb4006900 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7efeb4006900 (size 20) | = prf(, ): -key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57e18 | result: clone-key@0x7efea40067f0 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x557c468d06c0 from -key@0x7efea40067f0 | = prf(, ) prf: begin sha with context 0x557c468d06c0 from -key@0x7efea40067f0 | = prf(, ): release clone-key@0x7efea40067f0 | = prf(, ) PRF sha crypt-prf@0x557c468f0e90 | = prf(, ) PRF sha update first-packet-bytes@0x557c468ed2b0 (length 436) | 97 77 0f 81 26 36 14 86 dd c5 49 2c 24 a3 cb 98 | 21 20 22 20 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | c8 23 fc 9c 26 e4 ff f7 c1 28 52 2e 8a c5 f6 0d | ba 8d 38 ad 62 00 78 57 c0 1f 7c 6d 78 e7 c5 0e | e5 d2 ad e6 d4 85 e9 d9 0b 1f ad dd 28 6e be b8 | 82 a2 9a 78 88 cb 85 6b 80 e0 18 9a 61 b0 07 d1 | 5e 14 07 37 76 14 b6 cd 28 bc 05 4b e2 1c 6f a8 | 86 1a ff f8 1a 99 15 1b 51 c7 c0 b6 d5 89 42 25 | 53 69 cf 29 8c ff e4 9d 49 3c c0 50 dc 12 b8 f1 | 3a d9 b1 d9 8f 39 45 a3 c8 b1 1f f4 29 1a d0 d9 | 02 bf b8 a0 7d 2f ee 5a 54 24 f3 9b 1f 2c a1 ad | 42 6a 05 8b e5 ca 91 8e 03 0b c5 d7 4b ee 0c 53 | a1 c0 4c 2c ce 20 55 d9 c1 10 90 cf af ba 9e f9 | 02 66 28 7f df 58 b9 16 cd a3 96 ab 99 ba a4 10 | 10 a9 b5 82 ee 58 a5 cf 09 56 c7 4c 8a c1 88 00 | 88 be 9d 5c 89 67 bf d3 0a 49 2c 65 c3 bf 2a a1 | 3a ae c8 69 7d ef 97 f3 89 9d 6e 8a b2 f8 59 7c | e7 ea 60 cd 2c 14 95 1c 9c 5d 93 a3 e7 5b 31 4e | 29 00 00 24 82 58 f2 d4 d0 fa a5 d0 5b b0 72 19 | e6 a8 0d ef 8e d6 d0 72 5d 6b d9 63 ea 48 51 6a | ee b6 df 84 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 28 0b d4 91 a9 f3 b4 2c 38 9e 47 c7 | 21 74 38 a3 0d 35 0e 69 00 00 00 1c 00 00 40 05 | 14 a3 f9 1e 5a 64 7b 99 25 8f c3 a7 0f 67 5a a8 | d0 ee b3 a3 | = prf(, ) PRF sha update nonce-bytes@0x7efea800c1b0 (length 32) | 6b e2 14 0e db 0e 03 67 51 79 6b 8b 3c 1b e9 65 | 6a df b0 5a 4c 3a 8f 98 3e 21 e0 bf 75 62 f5 e4 | = prf(, ) PRF sha update hash-bytes@0x7fff72f58310 (length 20) | 87 90 4d 87 fd 3e cc 84 d3 4b 0e 62 3a d8 c6 96 | dc 3c f6 5c | = prf(, ) PRF sha final-chunk@0x557c468ea9d0 (length 20) | e3 6a 0f 7e 10 9d d1 8c cc 74 c2 20 d1 d0 21 2b | 85 b9 f8 2f | psk_auth: release prf-psk-key@0x7efeb4006900 | PSK auth octets e3 6a 0f 7e 10 9d d1 8c cc 74 c2 20 d1 d0 21 2b | PSK auth octets 85 b9 f8 2f | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth e3 6a 0f 7e 10 9d d1 8c cc 74 c2 20 d1 d0 21 2b | PSK auth 85 b9 f8 2f | emitting length of IKEv2 Authentication Payload: 28 | creating state object #22 at 0x557c468fc840 | State DB: adding IKEv2 state #22 in UNDEFINED | pstats #22 ikev2.child started | duplicating state object #21 "east" as #22 for IPSEC SA | #22 setting local endpoint to 192.1.2.23:500 from #21.st_localport (in duplicate_state() at state.c:1481) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x7efea800c3d0 | duplicate_state: reference st_skey_ai_nss-key@0x557c468f27a0 | duplicate_state: reference st_skey_ar_nss-key@0x557c468f9700 | duplicate_state: reference st_skey_ei_nss-key@0x7efea8005db0 | duplicate_state: reference st_skey_er_nss-key@0x7efea8006900 | duplicate_state: reference st_skey_pi_nss-key@0x7efe9c00bdb0 | duplicate_state: reference st_skey_pr_nss-key@0x557c468f9790 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #21.#22; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #21 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1 | Message ID: switch-to #21.#22 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1 | Child SA TS Request has ike->sa == md->st; so using parent connection | TSi: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 01 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 01 ff | TSi: parsed 1 traffic selectors | TSr: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 02 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 02 ff | TSr: parsed 1 traffic selectors | looking for best SPD in current connection | evaluating our conn="east" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | found better spd route for TSi[0],TSr[0] | looking for better host pair | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | checking hostpair 192.0.2.0/24:0 -> 192.0.1.0/24:0 is found | investigating connection "east" as a better match | match_id a=@west | b=@west | results matched | evaluating our conn="east" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | did not find a better connection using host pair | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV4_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.2.0-192.0.2.255 | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV4_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.1.0-192.0.1.255 | using existing local ESP/AH proposals for east (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED 2:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 0 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 1 transforms | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 0 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 1 transforms | local proposal 2 transforms: required: ENCR+INTEG+ESN; optional: DH | ***parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 36 (0x24) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI | remote SPI 61 40 df 86 | Comparing remote proposal 1 containing 3 transforms against local proposal [1..2] of 2 local proposals | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | remote proposal 1 transform 0 (ENCR=3DES) matches local proposal 2 type 1 (ENCR) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: INTEG+ESN | remote proposal 1 does not match local proposal 1; unmatched transforms: ENCR; missing transforms: ENCR | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 2; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN | remote proposal 1 matches local proposal 2 "east" #21: proposal 1:ESP:SPI=6140df86;ENCR=3DES;INTEG=HMAC_SHA1_96;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;ESN=DISABLED[first-match] | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=6140df86;ENCR=3DES;INTEG=HMAC_SHA1_96;ESN=DISABLED | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: 3DES=3, found 3DES_CBC | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: NONE=0, found NONE | netlink_get_spi: allocated 0x1dd8c1f6 for esp.0@192.1.2.23 | Emitting ikev2_proposal ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 1d d8 c1 f6 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 36 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 40 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 00 01 00 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 00 01 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 00 02 00 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 00 02 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | integ=sha: .key_size=20 encrypt=3des_cbc: .key_size=24 .salt_size=0 keymat_len=44 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f57e90 | result: data=Ni-key@0x7efea40067f0 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x7efea40067f0 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57e78 | result: data=Ni-key@0x7efeb4006900 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x7efea40067f0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7efeb4006900 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7fff72f57e80 | result: data+=Nr-key@0x7efea40067f0 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x7efeb4006900 | prf+0 PRF sha init key-key@0x7efea800c3d0 (size 20) | prf+0: key-key@0x7efea800c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efea800c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57da8 | result: clone-key@0x7efeb4006900 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x557c468d06c0 from key-key@0x7efeb4006900 | prf+0 prf: begin sha with context 0x557c468d06c0 from key-key@0x7efeb4006900 | prf+0: release clone-key@0x7efeb4006900 | prf+0 PRF sha crypt-prf@0x557c468f2830 | prf+0 PRF sha update seed-key@0x7efea40067f0 (size 64) | prf+0: seed-key@0x7efea40067f0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7efea40067f0 | nss hmac digest hack: symkey-key@0x7efea40067f0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1928690160: ffffff87 ffffffeb 69 3f 78 ffffffe3 ffffff9e ffffffe1 6f ffffffc1 fffffff2 ffffff9f ffffffe3 ffffff96 ffffffd0 ffffff8e 1f ffffffcc ffffffb2 ffffffc8 ffffffc1 38 ffffffbc fffffff6 ffffffd0 59 ffffff8d ffffffd3 ffffffb2 fffffffc 7e 04 ffffffb4 22 78 54 6c ffffffcf ffffffba 0a 58 ffffffb5 ffffffff 1d ffffff96 fffffff2 ffffffd9 ffffffd7 65 ffffffc2 72 ffffffbb ffffff96 29 ffffffd4 ffffffc8 ffffffe8 fffffff5 ffffffbb 60 65 fffffff6 ffffffe2 79 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 64 bytes at 0x557c468f2850 | unwrapped: 6b e2 14 0e db 0e 03 67 51 79 6b 8b 3c 1b e9 65 | unwrapped: 6a df b0 5a 4c 3a 8f 98 3e 21 e0 bf 75 62 f5 e4 | unwrapped: 82 58 f2 d4 d0 fa a5 d0 5b b0 72 19 e6 a8 0d ef | unwrapped: 8e d6 d0 72 5d 6b d9 63 ea 48 51 6a ee b6 df 84 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f57db0 | result: final-key@0x7efea8001a70 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efea8001a70 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57d98 | result: final-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efea8001a70 | prf+0 PRF sha final-key@0x7efeb4006900 (size 20) | prf+0: key-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x7efeb4006900 | prf+N PRF sha init key-key@0x7efea800c3d0 (size 20) | prf+N: key-key@0x7efea800c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efea800c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57da8 | result: clone-key@0x7efea8001a70 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x557c468d06c0 from key-key@0x7efea8001a70 | prf+N prf: begin sha with context 0x557c468d06c0 from key-key@0x7efea8001a70 | prf+N: release clone-key@0x7efea8001a70 | prf+N PRF sha crypt-prf@0x557c468ef280 | prf+N PRF sha update old_t-key@0x7efeb4006900 (size 20) | prf+N: old_t-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7efeb4006900 | nss hmac digest hack: symkey-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1928690160: 6d 19 ffffffa7 ffffff93 ffffffde ffffffcf 42 76 ffffff88 ffffffa1 1f 47 ffffff97 36 15 6a ffffffe9 4c 71 14 ffffffc9 ffffffae 48 ffffffcc ffffffc6 ffffffaf ffffffc7 1d ffffff94 ffffff90 ffffff95 0e | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x557c468ed280 | unwrapped: fb 10 71 a8 16 6c 0a d4 a5 cb 96 48 a2 3c 41 1a | unwrapped: 93 91 c1 f9 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7efea40067f0 (size 64) | prf+N: seed-key@0x7efea40067f0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7efea40067f0 | nss hmac digest hack: symkey-key@0x7efea40067f0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1928690160: ffffff87 ffffffeb 69 3f 78 ffffffe3 ffffff9e ffffffe1 6f ffffffc1 fffffff2 ffffff9f ffffffe3 ffffff96 ffffffd0 ffffff8e 1f ffffffcc ffffffb2 ffffffc8 ffffffc1 38 ffffffbc fffffff6 ffffffd0 59 ffffff8d ffffffd3 ffffffb2 fffffffc 7e 04 ffffffb4 22 78 54 6c ffffffcf ffffffba 0a 58 ffffffb5 ffffffff 1d ffffff96 fffffff2 ffffffd9 ffffffd7 65 ffffffc2 72 ffffffbb ffffff96 29 ffffffd4 ffffffc8 ffffffe8 fffffff5 ffffffbb 60 65 fffffff6 ffffffe2 79 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 64 bytes at 0x557c468e8830 | unwrapped: 6b e2 14 0e db 0e 03 67 51 79 6b 8b 3c 1b e9 65 | unwrapped: 6a df b0 5a 4c 3a 8f 98 3e 21 e0 bf 75 62 f5 e4 | unwrapped: 82 58 f2 d4 d0 fa a5 d0 5b b0 72 19 e6 a8 0d ef | unwrapped: 8e d6 d0 72 5d 6b d9 63 ea 48 51 6a ee b6 df 84 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f57db0 | result: final-key@0x7efea0006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efea0006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57d98 | result: final-key@0x7efea8001a70 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efea0006900 | prf+N PRF sha final-key@0x7efea8001a70 (size 20) | prf+N: key-key@0x7efea8001a70 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff72f57e28 | result: result-key@0x7efea0006900 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7efeb4006900 | prfplus: release old_t[N]-key@0x7efeb4006900 | prf+N PRF sha init key-key@0x7efea800c3d0 (size 20) | prf+N: key-key@0x7efea800c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efea800c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57da8 | result: clone-key@0x7efeb4006900 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x557c468d06c0 from key-key@0x7efeb4006900 | prf+N prf: begin sha with context 0x557c468d06c0 from key-key@0x7efeb4006900 | prf+N: release clone-key@0x7efeb4006900 | prf+N PRF sha crypt-prf@0x557c468f0e70 | prf+N PRF sha update old_t-key@0x7efea8001a70 (size 20) | prf+N: old_t-key@0x7efea8001a70 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7efea8001a70 | nss hmac digest hack: symkey-key@0x7efea8001a70 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1928690160: 1c 68 ffffffda 52 4a fffffff1 ffffff80 48 56 ffffff97 ffffffb3 fffffff6 1e 54 40 50 56 ffffff93 ffffffbe ffffffa6 6e ffffffec ffffffaa ffffff88 ffffffc2 ffffffb4 6c 70 4f 08 55 ffffff83 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x557c468ef4a0 | unwrapped: c0 bc e7 d1 28 90 40 d5 f5 b5 df 13 9d af c8 cf | unwrapped: 1e 79 bb 68 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7efea40067f0 (size 64) | prf+N: seed-key@0x7efea40067f0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7efea40067f0 | nss hmac digest hack: symkey-key@0x7efea40067f0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1928690160: ffffff87 ffffffeb 69 3f 78 ffffffe3 ffffff9e ffffffe1 6f ffffffc1 fffffff2 ffffff9f ffffffe3 ffffff96 ffffffd0 ffffff8e 1f ffffffcc ffffffb2 ffffffc8 ffffffc1 38 ffffffbc fffffff6 ffffffd0 59 ffffff8d ffffffd3 ffffffb2 fffffffc 7e 04 ffffffb4 22 78 54 6c ffffffcf ffffffba 0a 58 ffffffb5 ffffffff 1d ffffff96 fffffff2 ffffffd9 ffffffd7 65 ffffffc2 72 ffffffbb ffffff96 29 ffffffd4 ffffffc8 ffffffe8 fffffff5 ffffffbb 60 65 fffffff6 ffffffe2 79 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 64 bytes at 0x557c468f0b20 | unwrapped: 6b e2 14 0e db 0e 03 67 51 79 6b 8b 3c 1b e9 65 | unwrapped: 6a df b0 5a 4c 3a 8f 98 3e 21 e0 bf 75 62 f5 e4 | unwrapped: 82 58 f2 d4 d0 fa a5 d0 5b b0 72 19 e6 a8 0d ef | unwrapped: 8e d6 d0 72 5d 6b d9 63 ea 48 51 6a ee b6 df 84 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f57db0 | result: final-key@0x7efeb4006720 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efeb4006720 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57d98 | result: final-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efeb4006720 | prf+N PRF sha final-key@0x7efeb4006900 (size 20) | prf+N: key-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7efea0006900 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff72f57e28 | result: result-key@0x7efeb4006720 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7efea0006900 | prfplus: release old_t[N]-key@0x7efea8001a70 | prf+N PRF sha init key-key@0x7efea800c3d0 (size 20) | prf+N: key-key@0x7efea800c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efea800c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57da8 | result: clone-key@0x7efea8001a70 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x557c468d06c0 from key-key@0x7efea8001a70 | prf+N prf: begin sha with context 0x557c468d06c0 from key-key@0x7efea8001a70 | prf+N: release clone-key@0x7efea8001a70 | prf+N PRF sha crypt-prf@0x557c468f0e90 | prf+N PRF sha update old_t-key@0x7efeb4006900 (size 20) | prf+N: old_t-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7efeb4006900 | nss hmac digest hack: symkey-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1928690160: ffffff95 ffffffbc 75 72 fffffffc ffffffd4 70 7d ffffffec 1f 6a ffffff91 ffffffe1 ffffffd1 27 ffffffac 1d ffffffa1 69 50 5f ffffff8f ffffffd8 13 ffffffd1 6f ffffff91 0c ffffff90 ffffff99 ffffff83 ffffffa8 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x557c468ed280 | unwrapped: d9 05 69 33 8e 34 84 3e f9 14 96 b5 be 6d 3e c6 | unwrapped: 7c c8 c3 52 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7efea40067f0 (size 64) | prf+N: seed-key@0x7efea40067f0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7efea40067f0 | nss hmac digest hack: symkey-key@0x7efea40067f0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1928690160: ffffff87 ffffffeb 69 3f 78 ffffffe3 ffffff9e ffffffe1 6f ffffffc1 fffffff2 ffffff9f ffffffe3 ffffff96 ffffffd0 ffffff8e 1f ffffffcc ffffffb2 ffffffc8 ffffffc1 38 ffffffbc fffffff6 ffffffd0 59 ffffff8d ffffffd3 ffffffb2 fffffffc 7e 04 ffffffb4 22 78 54 6c ffffffcf ffffffba 0a 58 ffffffb5 ffffffff 1d ffffff96 fffffff2 ffffffd9 ffffffd7 65 ffffffc2 72 ffffffbb ffffff96 29 ffffffd4 ffffffc8 ffffffe8 fffffff5 ffffffbb 60 65 fffffff6 ffffffe2 79 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 64 bytes at 0x557c468f0c60 | unwrapped: 6b e2 14 0e db 0e 03 67 51 79 6b 8b 3c 1b e9 65 | unwrapped: 6a df b0 5a 4c 3a 8f 98 3e 21 e0 bf 75 62 f5 e4 | unwrapped: 82 58 f2 d4 d0 fa a5 d0 5b b0 72 19 e6 a8 0d ef | unwrapped: 8e d6 d0 72 5d 6b d9 63 ea 48 51 6a ee b6 df 84 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f57db0 | result: final-key@0x7efea0006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efea0006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57d98 | result: final-key@0x7efea8001a70 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efea0006900 | prf+N PRF sha final-key@0x7efea8001a70 (size 20) | prf+N: key-key@0x7efea8001a70 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7efeb4006720 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff72f57e28 | result: result-key@0x7efea0006900 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7efeb4006720 | prfplus: release old_t[N]-key@0x7efeb4006900 | prf+N PRF sha init key-key@0x7efea800c3d0 (size 20) | prf+N: key-key@0x7efea800c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efea800c3d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57da8 | result: clone-key@0x7efeb4006900 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x557c468d06c0 from key-key@0x7efeb4006900 | prf+N prf: begin sha with context 0x557c468d06c0 from key-key@0x7efeb4006900 | prf+N: release clone-key@0x7efeb4006900 | prf+N PRF sha crypt-prf@0x557c468f0e70 | prf+N PRF sha update old_t-key@0x7efea8001a70 (size 20) | prf+N: old_t-key@0x7efea8001a70 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7efea8001a70 | nss hmac digest hack: symkey-key@0x7efea8001a70 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1928690160: 4a 22 fffffffd ffffff86 ffffffce ffffff8d ffffffef fffffff9 57 ffffffc9 28 ffffff90 51 4c 53 ffffffb7 4f ffffffc2 ffffffb8 ffffff9a ffffffc0 ffffffbc 1f ffffffb9 4a ffffff91 03 fffffff2 ffffffdf 0a ffffffd0 ffffff97 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 32 bytes at 0x557c468ed280 | unwrapped: f0 a0 3c 58 0c f3 d9 d6 ef 5d fc a0 d7 1f 53 cb | unwrapped: 5e cd ee 19 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7efea40067f0 (size 64) | prf+N: seed-key@0x7efea40067f0 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7efea40067f0 | nss hmac digest hack: symkey-key@0x7efea40067f0 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x557c468d1160 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)1928690160: ffffff87 ffffffeb 69 3f 78 ffffffe3 ffffff9e ffffffe1 6f ffffffc1 fffffff2 ffffff9f ffffffe3 ffffff96 ffffffd0 ffffff8e 1f ffffffcc ffffffb2 ffffffc8 ffffffc1 38 ffffffbc fffffff6 ffffffd0 59 ffffff8d ffffffd3 ffffffb2 fffffffc 7e 04 ffffffb4 22 78 54 6c ffffffcf ffffffba 0a 58 ffffffb5 ffffffff 1d ffffff96 fffffff2 ffffffd9 ffffffd7 65 ffffffc2 72 ffffffbb ffffff96 29 ffffffd4 ffffffc8 ffffffe8 fffffff5 ffffffbb 60 65 fffffff6 ffffffe2 79 | nss hmac digest hack: release slot-key-key@0x557c468d1160 | nss hmac digest hack extracted len 64 bytes at 0x557c468f2850 | unwrapped: 6b e2 14 0e db 0e 03 67 51 79 6b 8b 3c 1b e9 65 | unwrapped: 6a df b0 5a 4c 3a 8f 98 3e 21 e0 bf 75 62 f5 e4 | unwrapped: 82 58 f2 d4 d0 fa a5 d0 5b b0 72 19 e6 a8 0d ef | unwrapped: 8e d6 d0 72 5d 6b d9 63 ea 48 51 6a ee b6 df 84 | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7fff72f57db0 | result: final-key@0x7efeb4006720 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7efeb4006720 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57d98 | result: final-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7efeb4006720 | prf+N PRF sha final-key@0x7efeb4006900 (size 20) | prf+N: key-key@0x7efeb4006900 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7efea0006900 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7fff72f57e28 | result: result-key@0x7efeb4006720 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7efea0006900 | prfplus: release old_t[N]-key@0x7efea8001a70 | prfplus: release old_t[final]-key@0x7efeb4006900 | child_sa_keymat: release data-key@0x7efea40067f0 | key-offset: 0, key-size: 44 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 44-bytes | base: base-key@0x7efeb4006720 (100-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57f08 | result: result-key@0x7efea40067f0 (44-bytes, EXTRACT_KEY_FROM_KEY) | initiator to responder keys extracting all 44 bytes of key@0x7efea40067f0 | initiator to responder keys: symkey-key@0x7efea40067f0 (44-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | initiator to responder keys: new slot-key@0x557c468d1160 (44-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)543384166: 6d 19 ffffffa7 ffffff93 ffffffde ffffffcf 42 76 ffffff88 ffffffa1 1f 47 ffffff97 36 15 6a ffffff8b ffffffc4 36 ffffffb6 50 41 01 6a 35 ffffff88 ffffffb3 ffffffff 5a ffffff84 7f 44 ffffffaa ffffff9f 0f ffffffea ffffffd8 ffffff81 ffffff87 61 ffffffc9 ffffffe7 17 32 6b ffffffd6 ffffffea ffffffcc | initiator to responder keys: release slot-key-key@0x557c468d1160 | initiator to responder keys extracted len 48 bytes at 0x557c468f66f0 | unwrapped: fb 10 71 a8 16 6c 0a d4 a5 cb 96 48 a2 3c 41 1a | unwrapped: 93 91 c1 f9 c0 bc e7 d1 28 90 40 d5 f5 b5 df 13 | unwrapped: 9d af c8 cf 1e 79 bb 68 d9 05 69 33 00 00 00 00 | ikev2_derive_child_keys: release ikey-key@0x7efea40067f0 | key-offset: 44, key-size: 44 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 44-bytes | base: base-key@0x7efeb4006720 (100-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57f08 | result: result-key@0x7efea40067f0 (44-bytes, EXTRACT_KEY_FROM_KEY) | responder to initiator keys: extracting all 44 bytes of key@0x7efea40067f0 | responder to initiator keys:: symkey-key@0x7efea40067f0 (44-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x557c4684d080 (16-bytes, AES_KEY_GEN) | responder to initiator keys:: new slot-key@0x557c468d1160 (44-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)543384166: 57 fffffffc ffffff87 22 ffffff83 ffffffd9 3d 46 ffffffc8 ffffffc6 ffffffc3 54 27 ffffffcc ffffffde ffffffa9 4a 22 fffffffd ffffff86 ffffffce ffffff8d ffffffef fffffff9 57 ffffffc9 28 ffffff90 51 4c 53 ffffffb7 ffffffb4 11 ffffffe3 ffffffaf 77 24 78 ffffff89 ffffffb0 7e 31 fffffffa 15 ffffffe2 ffffff8f 29 | responder to initiator keys:: release slot-key-key@0x557c468d1160 | responder to initiator keys: extracted len 48 bytes at 0x557c468fd6f0 | unwrapped: 8e 34 84 3e f9 14 96 b5 be 6d 3e c6 7c c8 c3 52 | unwrapped: f0 a0 3c 58 0c f3 d9 d6 ef 5d fc a0 d7 1f 53 cb | unwrapped: 5e cd ee 19 07 13 d2 b0 b0 16 80 9b 00 00 00 00 | ikev2_derive_child_keys: release rkey-key@0x7efea40067f0 | ikev2_derive_child_keys: release keymat-key@0x7efeb4006720 | FOR_EACH_CONNECTION_... in ISAKMP_SA_established | #21 spent 2.76 milliseconds | install_ipsec_sa() for #22: inbound and outbound | could_route called for east (kind=CK_PERMANENT) | FOR_EACH_CONNECTION_... in route_owner | conn east mark 0/00000000, 0/00000000 vs | conn east mark 0/00000000, 0/00000000 | route owner of "east" prospective erouted: self; eroute owner: self | looking for alg with encrypt: 3DES_CBC keylen: 192 integ: HMAC_SHA1_96 | encrypt 3DES_CBC keylen=192 transid=3, key_size=24, encryptalg=3 | st->st_esp.keymat_len=44 is encrypt_keymat_size=24 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'east' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.6140df86@192.1.2.45 included non-error error | set up outgoing SA, ref=0/0 | looking for alg with encrypt: 3DES_CBC keylen: 192 integ: HMAC_SHA1_96 | encrypt 3DES_CBC keylen=192 transid=3, key_size=24, encryptalg=3 | st->st_esp.keymat_len=44 is encrypt_keymat_size=24 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'east' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.1dd8c1f6@192.1.2.23 included non-error error | priority calculation of connection "east" is 0xfe7e7 | add inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | set up incoming SA, ref=0/0 | sr for #22: prospective erouted | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn east mark 0/00000000, 0/00000000 vs | conn east mark 0/00000000, 0/00000000 | route owner of "east" prospective erouted: self; eroute owner: self | route_and_eroute with c: east (next: none) ero:east esr:{(nil)} ro:east rosr:{(nil)} and state: #22 | priority calculation of connection "east" is 0xfe7e7 | eroute_connection replace eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.0@192.1.2.45>tun.0@192.1.2.45 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | running updown command "ipsec _updown" for verb up | command executing up-client | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x6140df86 SPI_OUT=0x1dd | popen cmd is 1020 chars long | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFA: | cmd( 80):CE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' : | cmd( 160):PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_M: | cmd( 240):ASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1638: | cmd( 320):8' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_: | cmd( 400):CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK=': | cmd( 480):255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUT: | cmd( 560):O_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKE: | cmd( 640):V2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO: | cmd( 720):_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_IN: | cmd( 800):FO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_: | cmd( 880):CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED=: | cmd( 960):'no' SPI_IN=0x6140df86 SPI_OUT=0x1dd8c1f6 ipsec _updown 2>&1: | route_and_eroute: firewall_notified: true | route_and_eroute: instance "east", setting eroute_owner {spd=0x557c468e8eb0,sr=0x557c468e8eb0} to #22 (was #0) (newest_ipsec_sa=#0) | #21 spent 0.51 milliseconds in install_ipsec_sa() | ISAKMP_v2_IKE_AUTH: instance east[0], setting IKEv2 newest_ipsec_sa to #22 (was #0) (spd.eroute=#22) cloned from #21 | adding 8 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 160 | emitting length of ISAKMP Message: 188 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | a8 8a 22 f6 ea 5d f2 0a | data before encryption: | 27 00 00 0c 02 00 00 00 65 61 73 74 21 00 00 1c | 02 00 00 00 e3 6a 0f 7e 10 9d d1 8c cc 74 c2 20 | d1 d0 21 2b 85 b9 f8 2f 2c 00 00 28 00 00 00 24 | 01 03 04 03 1d d8 c1 f6 03 00 00 08 01 00 00 03 | 03 00 00 08 03 00 00 02 00 00 00 08 05 00 00 00 | 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff | c0 00 01 00 c0 00 01 ff 00 00 00 18 01 00 00 00 | 07 00 00 10 00 00 ff ff c0 00 02 00 c0 00 02 ff | 00 01 02 03 04 05 06 07 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | data after encryption: | 10 9a c4 ef 34 e4 77 e2 7d f0 8f aa 2d 76 7c 51 | ad cf b1 39 e9 1d 8d 84 1c a2 1a 06 57 d3 b3 70 | dd 63 3b f3 0d 31 78 de 73 0f a4 ea 69 ab a0 8f | e1 43 d2 f0 e9 1b 16 63 de d0 7a 63 2f 27 73 6d | 2b dd 41 b1 7a a4 b2 3d 45 c4 1a 74 36 3d 25 e9 | d1 2d 26 3a ef 03 d6 d1 d5 7f 45 49 b7 fd d9 68 | ed e8 b1 4d 0f c8 2d c3 cf ed a3 2b f4 00 c6 ae | bf 4b 81 5b 90 7b 39 30 b2 ad 3f f6 c5 fb 16 11 | 16 9a d6 a0 df 9a a0 6c | hmac PRF sha init symkey-key@0x557c468f9700 (size 20) | hmac: symkey-key@0x557c468f9700 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x557c468f9700 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f57f18 | result: clone-key@0x7efeb4006720 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x557c468d06c0 from symkey-key@0x7efeb4006720 | hmac prf: begin sha with context 0x557c468d06c0 from symkey-key@0x7efeb4006720 | hmac: release clone-key@0x7efeb4006720 | hmac PRF sha crypt-prf@0x557c468f0e90 | hmac PRF sha update data-bytes@0x557c448f3940 (length 176) | 97 77 0f 81 26 36 14 86 dd c5 49 2c 24 a3 cb 98 | 2e 20 23 20 00 00 00 01 00 00 00 bc 24 00 00 a0 | a8 8a 22 f6 ea 5d f2 0a 10 9a c4 ef 34 e4 77 e2 | 7d f0 8f aa 2d 76 7c 51 ad cf b1 39 e9 1d 8d 84 | 1c a2 1a 06 57 d3 b3 70 dd 63 3b f3 0d 31 78 de | 73 0f a4 ea 69 ab a0 8f e1 43 d2 f0 e9 1b 16 63 | de d0 7a 63 2f 27 73 6d 2b dd 41 b1 7a a4 b2 3d | 45 c4 1a 74 36 3d 25 e9 d1 2d 26 3a ef 03 d6 d1 | d5 7f 45 49 b7 fd d9 68 ed e8 b1 4d 0f c8 2d c3 | cf ed a3 2b f4 00 c6 ae bf 4b 81 5b 90 7b 39 30 | b2 ad 3f f6 c5 fb 16 11 16 9a d6 a0 df 9a a0 6c | hmac PRF sha final-bytes@0x557c448f39f0 (length 20) | 28 55 6d 3f 6b c3 61 0d fc bc 30 6a 3b 86 33 cf | f1 d1 54 6a | data being hmac: 97 77 0f 81 26 36 14 86 dd c5 49 2c 24 a3 cb 98 | data being hmac: 2e 20 23 20 00 00 00 01 00 00 00 bc 24 00 00 a0 | data being hmac: a8 8a 22 f6 ea 5d f2 0a 10 9a c4 ef 34 e4 77 e2 | data being hmac: 7d f0 8f aa 2d 76 7c 51 ad cf b1 39 e9 1d 8d 84 | data being hmac: 1c a2 1a 06 57 d3 b3 70 dd 63 3b f3 0d 31 78 de | data being hmac: 73 0f a4 ea 69 ab a0 8f e1 43 d2 f0 e9 1b 16 63 | data being hmac: de d0 7a 63 2f 27 73 6d 2b dd 41 b1 7a a4 b2 3d | data being hmac: 45 c4 1a 74 36 3d 25 e9 d1 2d 26 3a ef 03 d6 d1 | data being hmac: d5 7f 45 49 b7 fd d9 68 ed e8 b1 4d 0f c8 2d c3 | data being hmac: cf ed a3 2b f4 00 c6 ae bf 4b 81 5b 90 7b 39 30 | data being hmac: b2 ad 3f f6 c5 fb 16 11 16 9a d6 a0 df 9a a0 6c | out calculated auth: | 28 55 6d 3f 6b c3 61 0d fc bc 30 6a | ikev2_parent_inI2outR2_continue_tail returned STF_OK | #21 spent 3.48 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet() | suspend processing: state #21 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | start processing: state #22 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #22 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_OK | IKEv2: transition from state STATE_PARENT_R1 to state STATE_V2_IPSEC_R | child state #22: UNDEFINED(ignore) => V2_IPSEC_R(established CHILD SA) | Message ID: updating counters for #22 to 1 after switching state | Message ID: recv #21.#22 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0->1; child: wip.initiator=-1 wip.responder=1->-1 | Message ID: sent #21.#22 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1 | pstats #22 ikev2.child established "east" #22: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.1.0-192.0.1.255:0-65535 0] | NAT-T: encaps is 'auto' "east" #22: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0x6140df86 <0x1dd8c1f6 xfrm=3DES_CBC-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) | sending 188 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #21) | 97 77 0f 81 26 36 14 86 dd c5 49 2c 24 a3 cb 98 | 2e 20 23 20 00 00 00 01 00 00 00 bc 24 00 00 a0 | a8 8a 22 f6 ea 5d f2 0a 10 9a c4 ef 34 e4 77 e2 | 7d f0 8f aa 2d 76 7c 51 ad cf b1 39 e9 1d 8d 84 | 1c a2 1a 06 57 d3 b3 70 dd 63 3b f3 0d 31 78 de | 73 0f a4 ea 69 ab a0 8f e1 43 d2 f0 e9 1b 16 63 | de d0 7a 63 2f 27 73 6d 2b dd 41 b1 7a a4 b2 3d | 45 c4 1a 74 36 3d 25 e9 d1 2d 26 3a ef 03 d6 d1 | d5 7f 45 49 b7 fd d9 68 ed e8 b1 4d 0f c8 2d c3 | cf ed a3 2b f4 00 c6 ae bf 4b 81 5b 90 7b 39 30 | b2 ad 3f f6 c5 fb 16 11 16 9a d6 a0 df 9a a0 6c | 28 55 6d 3f 6b c3 61 0d fc bc 30 6a | releasing whack for #22 (sock=fd@-1) | releasing whack and unpending for parent #21 | unpending state #21 connection "east" | #22 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) | event_schedule: new EVENT_SA_REKEY-pe@0x557c468f7f50 | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #22 | libevent_malloc: new ptr-libevent@0x7efe9c012d70 size 128 | resume sending helper answer for #21 suppresed complete_v2_state_transition() | #21 spent 3.9 milliseconds in resume sending helper answer | stop processing: state #22 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7efea00037a0 | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00437 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00251 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 68 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 97 77 0f 81 26 36 14 86 dd c5 49 2c 24 a3 cb 98 | 2e 20 25 08 00 00 00 02 00 00 00 44 2a 00 00 28 | ff 9e 4d 18 b4 47 9c b6 89 4f 39 7c 5c 68 a0 14 | a4 89 3a 76 12 19 df d6 cf 9c 41 51 d8 ca 8e 14 | 78 86 68 58 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 97 77 0f 81 26 36 14 86 | responder cookie: | dd c5 49 2c 24 a3 cb 98 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 2 (0x2) | length: 68 (0x44) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request | State DB: found IKEv2 state #21 in PARENT_R2 (find_v2_ike_sa) | start processing: state #21 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #21 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #21 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 | Message ID: #21 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2D (0x2a) | flags: none (0x0) | length: 40 (0x28) | processing payload: ISAKMP_NEXT_v2SK (len=36) | Message ID: start-responder #21 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1->2 | #21 in state PARENT_R2: received v2I2, PARENT SA established | hmac PRF sha init symkey-key@0x557c468f27a0 (size 20) | hmac: symkey-key@0x557c468f27a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x557c468f27a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f58b68 | result: clone-key@0x7efeb4006720 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x557c468d06c0 from symkey-key@0x7efeb4006720 | hmac prf: begin sha with context 0x557c468d06c0 from symkey-key@0x7efeb4006720 | hmac: release clone-key@0x7efeb4006720 | hmac PRF sha crypt-prf@0x557c468ef280 | hmac PRF sha update data-bytes@0x7efea40064a0 (length 56) | 97 77 0f 81 26 36 14 86 dd c5 49 2c 24 a3 cb 98 | 2e 20 25 08 00 00 00 02 00 00 00 44 2a 00 00 28 | ff 9e 4d 18 b4 47 9c b6 89 4f 39 7c 5c 68 a0 14 | a4 89 3a 76 12 19 df d6 | hmac PRF sha final-bytes@0x7fff72f58d30 (length 20) | cf 9c 41 51 d8 ca 8e 14 78 86 68 58 01 c8 3d 9d | b9 68 c2 26 | data for hmac: 97 77 0f 81 26 36 14 86 dd c5 49 2c 24 a3 cb 98 | data for hmac: 2e 20 25 08 00 00 00 02 00 00 00 44 2a 00 00 28 | data for hmac: ff 9e 4d 18 b4 47 9c b6 89 4f 39 7c 5c 68 a0 14 | data for hmac: a4 89 3a 76 12 19 df d6 | calculated auth: cf 9c 41 51 d8 ca 8e 14 78 86 68 58 | provided auth: cf 9c 41 51 d8 ca 8e 14 78 86 68 58 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | ff 9e 4d 18 b4 47 9c b6 | payload before decryption: | 89 4f 39 7c 5c 68 a0 14 a4 89 3a 76 12 19 df d6 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | payload after decryption: | 00 00 00 0c 03 04 00 01 61 40 df 86 00 01 02 03 | stripping 4 octets as pad | #21 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2D) | **parse IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 12 (0xc) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | processing payload: ISAKMP_NEXT_v2D (len=4) | selected state microcode R2: process INFORMATIONAL Request | Now let's proceed with state specific processing | calling processor R2: process INFORMATIONAL Request | an informational request should send a response | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness | **emit ISAKMP Message: | initiator cookie: | 97 77 0f 81 26 36 14 86 | responder cookie: | dd c5 49 2c 24 a3 cb 98 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 2 (0x2) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | parsing 4 raw bytes of IKEv2 Delete Payload into SPI | SPI 61 40 df 86 | delete PROTO_v2_ESP SA(0x6140df86) | v2 CHILD SA #22 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_R | State DB: found IKEv2 state #22 in V2_IPSEC_R (find_v2_child_sa_by_outbound_spi) | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0x6140df86) "east" #21: received Delete SA payload: delete IPsec State #22 now | pstats #22 ikev2.child deleted completed | suspend processing: state #21 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) | start processing: state #22 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #22: deleting other state #22 (STATE_V2_IPSEC_R) aged 0.153s and NOT sending notification | child state #22: V2_IPSEC_R(established CHILD SA) => delete | get_sa_info esp.6140df86@192.1.2.45 | get_sa_info esp.1dd8c1f6@192.1.2.23 "east" #22: ESP traffic information: in=84B out=84B | child state #22: V2_IPSEC_R(established CHILD SA) => CHILDSA_DEL(informational) | state #22 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x7efe9c012d70 | free_event_entry: release EVENT_SA_REKEY-pe@0x557c468f7f50 | running updown command "ipsec _updown" for verb down | command executing down-client | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050853' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x6140df86 | popen cmd is 1031 chars long | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTER: | cmd( 80):FACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east: | cmd( 160):' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT: | cmd( 240):_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16: | cmd( 320):388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEE: | cmd( 400):R_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK: | cmd( 480):='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PL: | cmd( 560):UTO_STACK='netkey' PLUTO_ADDTIME='1569050853' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUN: | cmd( 640):NEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMA: | cmd( 720):NENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_: | cmd( 800):PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER: | cmd( 880):='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' : | cmd( 960):VTI_SHARED='no' SPI_IN=0x6140df86 SPI_OUT=0x1dd8c1f6 ipsec _updown 2>&1: | shunt_eroute() called for connection 'east' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.2.0/24:0 --0->- 192.0.1.0/24:0 | netlink_shunt_eroute for proto 0, and source 192.0.2.0/24:0 dest 192.0.1.0/24:0 | priority calculation of connection "east" is 0xfe7e7 | IPsec Sa SPD priority set to 1042407 | delete esp.6140df86@192.1.2.45 | netlink response for Del SA esp.6140df86@192.1.2.45 included non-error error | priority calculation of connection "east" is 0xfe7e7 | delete inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) | raw_eroute result=success | delete esp.1dd8c1f6@192.1.2.23 | netlink response for Del SA esp.1dd8c1f6@192.1.2.23 included non-error error | in connection_discard for connection east | State DB: deleting IKEv2 state #22 in CHILDSA_DEL | child state #22: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #22 from 192.1.2.45:500 (in delete_state() at state.c:1143) | resume processing: state #21 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x7efea800c3d0 | delete_state: release st->st_skey_ai_nss-key@0x557c468f27a0 | delete_state: release st->st_skey_ar_nss-key@0x557c468f9700 | delete_state: release st->st_skey_ei_nss-key@0x7efea8005db0 | delete_state: release st->st_skey_er_nss-key@0x7efea8006900 | delete_state: release st->st_skey_pi_nss-key@0x7efe9c00bdb0 | delete_state: release st->st_skey_pr_nss-key@0x557c468f9790 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload | local SPIs 1d d8 c1 f6 | emitting length of IKEv2 Delete Payload: 12 | adding 4 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 40 | emitting length of ISAKMP Message: 68 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 22 58 9f d7 01 20 d4 a2 | data before encryption: | 00 00 00 0c 03 04 00 01 1d d8 c1 f6 00 01 02 03 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | data after encryption: | 6e 34 0f 25 4f 0e 6c 79 53 da e9 7d c9 7e 02 68 | hmac PRF sha init symkey-key@0x557c468f9700 (size 20) | hmac: symkey-key@0x557c468f9700 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x557c468f9700 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f58728 | result: clone-key@0x7efeb4006720 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x557c468d06c0 from symkey-key@0x7efeb4006720 | hmac prf: begin sha with context 0x557c468d06c0 from symkey-key@0x7efeb4006720 | hmac: release clone-key@0x7efeb4006720 | hmac PRF sha crypt-prf@0x557c468f2830 | hmac PRF sha update data-bytes@0x557c448f3940 (length 56) | 97 77 0f 81 26 36 14 86 dd c5 49 2c 24 a3 cb 98 | 2e 20 25 20 00 00 00 02 00 00 00 44 2a 00 00 28 | 22 58 9f d7 01 20 d4 a2 6e 34 0f 25 4f 0e 6c 79 | 53 da e9 7d c9 7e 02 68 | hmac PRF sha final-bytes@0x557c448f3978 (length 20) | 24 b6 71 61 6a c0 8b d9 b6 ea fe c5 ef 4b 16 44 | 2c 0f 0f bb | data being hmac: 97 77 0f 81 26 36 14 86 dd c5 49 2c 24 a3 cb 98 | data being hmac: 2e 20 25 20 00 00 00 02 00 00 00 44 2a 00 00 28 | data being hmac: 22 58 9f d7 01 20 d4 a2 6e 34 0f 25 4f 0e 6c 79 | data being hmac: 53 da e9 7d c9 7e 02 68 | out calculated auth: | 24 b6 71 61 6a c0 8b d9 b6 ea fe c5 | sending 68 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #21) | 97 77 0f 81 26 36 14 86 dd c5 49 2c 24 a3 cb 98 | 2e 20 25 20 00 00 00 02 00 00 00 44 2a 00 00 28 | 22 58 9f d7 01 20 d4 a2 6e 34 0f 25 4f 0e 6c 79 | 53 da e9 7d c9 7e 02 68 24 b6 71 61 6a c0 8b d9 | b6 ea fe c5 | Message ID: #21 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=2 | Message ID: sent #21 response 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1->2 responder.recv=1 wip.initiator=-1 wip.responder=2 | #21 spent 0.764 milliseconds in processing: R2: process INFORMATIONAL Request in ikev2_process_state_packet() | [RE]START processing: state #21 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #21 complete_v2_state_transition() PARENT_R2->PARENT_R2 with status STF_OK | Message ID: updating counters for #21 to 2 after switching state | Message ID: recv #21 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=1->2 wip.initiator=-1 wip.responder=2->-1 | Message ID: #21 skipping update_send as nothing to send; initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=-1 "east" #21: STATE_PARENT_R2: received v2I2, PARENT SA established | stop processing: state #21 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) | #21 spent 1.05 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 1.06 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00156 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 68 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 97 77 0f 81 26 36 14 86 dd c5 49 2c 24 a3 cb 98 | 2e 20 25 08 00 00 00 03 00 00 00 44 2a 00 00 28 | df 0f 00 79 42 ae a0 c3 d3 68 d7 90 13 97 05 c3 | 70 53 a5 c7 47 fb ee 73 8b 7f 11 8e 8f 3b 9b 20 | 60 fb 87 7a | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 97 77 0f 81 26 36 14 86 | responder cookie: | dd c5 49 2c 24 a3 cb 98 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 3 (0x3) | length: 68 (0x44) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request | State DB: found IKEv2 state #21 in PARENT_R2 (find_v2_ike_sa) | start processing: state #21 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #21 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #21 st.st_msgid_lastrecv 2 md.hdr.isa_msgid 00000003 | Message ID: #21 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2D (0x2a) | flags: none (0x0) | length: 40 (0x28) | processing payload: ISAKMP_NEXT_v2SK (len=36) | Message ID: start-responder #21 request 3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=-1->3 | #21 in state PARENT_R2: received v2I2, PARENT SA established | hmac PRF sha init symkey-key@0x557c468f27a0 (size 20) | hmac: symkey-key@0x557c468f27a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x557c468f27a0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f58b68 | result: clone-key@0x7efeb4006720 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x557c468d06c0 from symkey-key@0x7efeb4006720 | hmac prf: begin sha with context 0x557c468d06c0 from symkey-key@0x7efeb4006720 | hmac: release clone-key@0x7efeb4006720 | hmac PRF sha crypt-prf@0x557c468ef280 | hmac PRF sha update data-bytes@0x7efea40064a0 (length 56) | 97 77 0f 81 26 36 14 86 dd c5 49 2c 24 a3 cb 98 | 2e 20 25 08 00 00 00 03 00 00 00 44 2a 00 00 28 | df 0f 00 79 42 ae a0 c3 d3 68 d7 90 13 97 05 c3 | 70 53 a5 c7 47 fb ee 73 | hmac PRF sha final-bytes@0x7fff72f58d30 (length 20) | 8b 7f 11 8e 8f 3b 9b 20 60 fb 87 7a cd a1 7d 6c | 4c 61 14 c7 | data for hmac: 97 77 0f 81 26 36 14 86 dd c5 49 2c 24 a3 cb 98 | data for hmac: 2e 20 25 08 00 00 00 03 00 00 00 44 2a 00 00 28 | data for hmac: df 0f 00 79 42 ae a0 c3 d3 68 d7 90 13 97 05 c3 | data for hmac: 70 53 a5 c7 47 fb ee 73 | calculated auth: 8b 7f 11 8e 8f 3b 9b 20 60 fb 87 7a | provided auth: 8b 7f 11 8e 8f 3b 9b 20 60 fb 87 7a | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | df 0f 00 79 42 ae a0 c3 | payload before decryption: | d3 68 d7 90 13 97 05 c3 70 53 a5 c7 47 fb ee 73 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | payload after decryption: | 00 00 00 08 01 00 00 00 00 01 02 03 04 05 06 07 | stripping 8 octets as pad | #21 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2D) | **parse IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | protocol ID: PROTO_v2_IKE (0x1) | SPI size: 0 (0x0) | number of SPIs: 0 (0x0) | processing payload: ISAKMP_NEXT_v2D (len=0) | selected state microcode R2: process INFORMATIONAL Request | Now let's proceed with state specific processing | calling processor R2: process INFORMATIONAL Request | an informational request should send a response | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness | **emit ISAKMP Message: | initiator cookie: | 97 77 0f 81 26 36 14 86 | responder cookie: | dd c5 49 2c 24 a3 cb 98 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 3 (0x3) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | adding 8 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 32 | emitting length of ISAKMP Message: 60 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | f9 cb 7c e1 b8 00 87 1e | data before encryption: | 00 01 02 03 04 05 06 07 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | data after encryption: | 22 2c 41 56 31 6f e9 5c | hmac PRF sha init symkey-key@0x557c468f9700 (size 20) | hmac: symkey-key@0x557c468f9700 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x557c468f9700 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f58728 | result: clone-key@0x7efeb4006720 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x557c468d06c0 from symkey-key@0x7efeb4006720 | hmac prf: begin sha with context 0x557c468d06c0 from symkey-key@0x7efeb4006720 | hmac: release clone-key@0x7efeb4006720 | hmac PRF sha crypt-prf@0x557c468f6570 | hmac PRF sha update data-bytes@0x557c448f3940 (length 48) | 97 77 0f 81 26 36 14 86 dd c5 49 2c 24 a3 cb 98 | 2e 20 25 20 00 00 00 03 00 00 00 3c 00 00 00 20 | f9 cb 7c e1 b8 00 87 1e 22 2c 41 56 31 6f e9 5c | hmac PRF sha final-bytes@0x557c448f3970 (length 20) | 21 6c be 99 24 49 09 88 c9 ce 34 92 0e e0 f4 54 | 63 c1 a2 57 | data being hmac: 97 77 0f 81 26 36 14 86 dd c5 49 2c 24 a3 cb 98 | data being hmac: 2e 20 25 20 00 00 00 03 00 00 00 3c 00 00 00 20 | data being hmac: f9 cb 7c e1 b8 00 87 1e 22 2c 41 56 31 6f e9 5c | out calculated auth: | 21 6c be 99 24 49 09 88 c9 ce 34 92 | sending 60 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #21) | 97 77 0f 81 26 36 14 86 dd c5 49 2c 24 a3 cb 98 | 2e 20 25 20 00 00 00 03 00 00 00 3c 00 00 00 20 | f9 cb 7c e1 b8 00 87 1e 22 2c 41 56 31 6f e9 5c | 21 6c be 99 24 49 09 88 c9 ce 34 92 | Message ID: #21 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=3 | Message ID: sent #21 response 3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2->3 responder.recv=2 wip.initiator=-1 wip.responder=3 | State DB: IKEv2 state not found (delete_my_family) | parent state #21: PARENT_R2(established IKE SA) => IKESA_DEL(established IKE SA) | pstats #21 ikev2.ike deleted completed | #21 spent 10.9 milliseconds in total | [RE]START processing: state #21 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #21: deleting state (STATE_IKESA_DEL) aged 0.202s and NOT sending notification | parent state #21: IKESA_DEL(established IKE SA) => delete | state #21 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x7efeb0008da0 | free_event_entry: release EVENT_SA_REKEY-pe@0x557c468ed9c0 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #21 in IKESA_DEL | parent state #21: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7efe9c002010: destroyed | stop processing: state #21 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x7efea800c5c0 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x7efea800c3d0 | delete_state: release st->st_skey_ai_nss-key@0x557c468f27a0 | delete_state: release st->st_skey_ar_nss-key@0x557c468f9700 | delete_state: release st->st_skey_ei_nss-key@0x7efea8005db0 | delete_state: release st->st_skey_er_nss-key@0x7efea8006900 | delete_state: release st->st_skey_pi_nss-key@0x7efe9c00bdb0 | delete_state: release st->st_skey_pr_nss-key@0x557c468f9790 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | in statetime_stop() and could not find #21 | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3376) | #0 complete_v2_state_transition() md.from_state=PARENT_R2 md.svm.state[from]=PARENT_R2 UNDEFINED->PARENT_R2 with status STF_OK | STF_OK but no state object remains | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #21 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.563 milliseconds in comm_handle_cb() reading and processing packet | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00387 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00262 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 43 79 11 0e 3d f3 24 3a 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 03 | 80 0e 00 c0 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 30 32 31 d8 c7 43 ae 97 01 31 c1 e3 | 60 86 bc b5 2d 40 64 04 c5 7c 6a 16 16 91 73 28 | dd a5 d8 1d b7 23 f5 99 a8 26 c3 a0 f0 f7 7b 70 | 29 a9 44 e4 6f 65 de 9f 74 11 55 88 38 e1 33 94 | c4 02 09 ea e9 c3 64 41 ab b9 bf 69 2b 56 ff c1 | a2 23 bb 69 03 a5 ec 81 46 2e fb 56 6b ea fd 4b | d3 18 3b 64 83 9f 85 cb 8a 1e 79 d7 f6 d7 26 0b | 1a 0f 57 8c 07 f7 b4 4d 34 c9 12 bc 57 06 20 65 | b9 16 23 5a b9 a7 2a b0 88 f9 28 29 7c 41 84 88 | e4 be 87 47 6f 75 ab 4b da a8 6a f9 83 47 28 82 | 25 63 7f 58 a9 56 63 14 b8 03 ee 9a e4 4a 3e 98 | 20 cc 2e cf 64 33 73 3f ef 63 0d 0a cd c1 6f 2e | 39 5a ef 4f ed 60 6d 6f 41 99 35 77 93 7e ea c2 | 76 3b b9 77 76 89 80 f0 7e 2e 70 27 7e 29 b5 63 | 80 0e 17 57 ee 87 64 85 47 f0 d6 9b 92 50 ec 68 | 50 ae c9 cd 41 16 c6 96 ad 73 e3 ea 2f 38 0c 0d | 1b 1f 80 c1 29 00 00 24 52 f0 bd eb 1f a0 dc a6 | d0 ff 2e 05 2e 38 0d 76 e8 f2 75 9b d5 ba f4 8b | 37 a1 5a 5b 4a ee 60 92 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 7d 3b ae fb 14 b6 a5 f1 | 11 b7 80 9d 87 e0 76 34 31 dd 6a 55 00 00 00 1c | 00 00 40 05 d7 55 91 1e aa d2 d9 98 c4 a1 1d e6 | 20 cb a0 9c 6b 96 54 aa | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 43 79 11 0e 3d f3 24 3a | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | find_next_host_connection policy=PSK+IKEV2_ALLOW | find_next_host_connection returns empty | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x557c468e9610 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x557c448e7700 (length 32) | b3 4d 7f 00 5e 96 ec 2b 24 17 98 2c 30 c4 0b 6f | 32 2a a8 67 4e 25 c8 f6 c6 25 a4 e9 5e fb 8a 57 | IKE SPIr hash sha2_256 digest counter-bytes@0x557c448e76e0 (length 4) | 10 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7fff72f59390 (length 32) | 2d fe f6 40 3d e2 f8 a3 46 1e fb a3 35 1f c8 32 | cb cc b3 6e 05 8b f4 3b e5 df 8e 4a 47 b7 f3 d8 | creating state object #23 at 0x557c468ec6e0 | State DB: adding IKEv2 state #23 in UNDEFINED | pstats #23 ikev2.ike started | Message ID: init #23: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #23: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #23; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #23 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #23 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #23 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #23 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #23 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #23 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #23 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 192 (0xc0) | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 2 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: PRF+INTEG+DH; unmatched: ENCR | remote proposal 1 does not match; unmatched remote transforms: ENCR "east" #23: no local proposal matches remote proposals 1:IKE:ENCR=3DES_192;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "east" #23: responding to IKE_SA_INIT (34) message (Message ID 0) from 192.1.2.45:500 with unencrypted notification NO_PROPOSAL_CHOSEN | Opening output PBS unencrypted notification | **emit ISAKMP Message: | initiator cookie: | 43 79 11 0e 3d f3 24 3a | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'unencrypted notification' | emitting length of IKEv2 Notify Payload: 8 | emitting length of ISAKMP Message: 36 | sending 36 bytes for v2 notify through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #0) | 43 79 11 0e 3d f3 24 3a 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 0e | #23 spent 0.194 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #23 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #23 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_FATAL | release_pending_whacks: state #23 has no whack fd | pstats #23 ikev2.ike deleted other | [RE]START processing: state #23 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #23: deleting state (STATE_PARENT_R0) aged 0.000s and NOT sending notification | parent state #23: PARENT_R0(half-open IKE SA) => delete | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #23 in PARENT_R0 | parent state #23: PARENT_R0(half-open IKE SA) => UNDEFINED(ignore) | stop processing: state #23 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #23 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.591 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00347 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | e0 6f b0 8f 10 d0 e6 ce 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 03 | 80 0e 00 c0 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 be 3a 70 41 53 bd 7c 16 38 90 82 fa | 60 71 c4 64 47 a4 0b c4 cf 84 13 1a 8c 87 ae 72 | 2d a1 e7 64 ca ae bd 1a b9 ae 84 2d 26 0d 66 46 | 23 eb e8 3d d1 bc 1c e8 df 06 da a6 b3 a2 74 d5 | 33 56 77 31 03 4d 4d 86 f9 cb a4 57 e6 3d ec 72 | 9d c5 4c a5 b8 eb 92 b5 f8 39 11 68 37 4c ba d5 | 10 50 93 58 74 37 66 a4 97 f3 44 c0 98 1b aa 51 | eb 8d 9e f1 25 ac 8f 66 1c 95 52 79 0d b0 fc 9a | 00 70 22 03 1a 63 f3 1c b6 fa e4 02 f2 c9 ed 53 | 43 1b 38 3f 9f 0c 2d 00 82 83 e5 c3 1a 80 46 1d | 20 7a 52 4d 1b 4d 01 79 ed e3 d6 d7 9d d7 c0 c9 | ad a8 a8 1d 33 66 7c 92 17 42 d7 de 8c 32 85 bf | 61 f0 dd 52 cd fd b0 8e 8e 55 4f 87 e0 61 ab 0f | d8 5c cf ab 77 64 18 f6 37 df ea 6b 81 c6 18 16 | 57 58 43 73 69 08 63 c8 42 36 3f ed f7 ac 06 5c | f6 0a be 50 c2 60 0c a3 ec 8b 2b de a9 8c f1 6f | b2 e7 c9 cd 29 00 00 24 8f dc 2e 30 db 69 0e d0 | 11 0a 85 fc 6a fd 72 7c 24 4b cc d9 38 18 af cc | eb 42 22 2a 70 30 27 20 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 0e 26 d2 ff 72 b3 c5 15 | 8b 91 e4 39 52 ee ee 10 4e 33 71 8a 00 00 00 1c | 00 00 40 05 2f 0e a5 28 d0 07 11 8f 7a 63 52 93 | ae c1 7e 04 a1 22 88 7e | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | e0 6f b0 8f 10 d0 e6 ce | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | DDOS disabled and no cookie sent, continuing | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=ECDSA+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns empty | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports | find_next_host_connection policy=RSASIG+IKEV2_ALLOW | find_next_host_connection returns empty | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=PSK+IKEV2_ALLOW | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east) | find_next_host_connection returns east | find_next_host_connection policy=PSK+IKEV2_ALLOW | find_next_host_connection returns empty | found connection: east with policy PSK+IKEV2_ALLOW | IKE SPIr hash sha2_256 init | IKE SPIr hash sha2_256 digest addr-bytes@0x557c468e9610 (length 28) | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 | IKE SPIr hash sha2_256 digest sod-bytes@0x557c448e7700 (length 32) | b3 4d 7f 00 5e 96 ec 2b 24 17 98 2c 30 c4 0b 6f | 32 2a a8 67 4e 25 c8 f6 c6 25 a4 e9 5e fb 8a 57 | IKE SPIr hash sha2_256 digest counter-bytes@0x557c448e76e0 (length 4) | 11 00 00 00 | IKE SPIr hash sha2_256 final bytes@0x7fff72f59390 (length 32) | 3b 3f af 9a 2c 32 be 72 01 7f 1f 23 2c 4e 60 db | f1 de eb e5 68 0c 95 44 c3 28 17 39 29 d0 7f 61 | creating state object #24 at 0x557c468ec6e0 | State DB: adding IKEv2 state #24 in UNDEFINED | pstats #24 ikev2.ike started | Message ID: init #24: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #24: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) | Message ID: init_ike #24; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | start processing: state #24 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) | [RE]START processing: state #24 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) | #24 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 | Message ID: #24 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 | Message ID: start-responder #24 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 | #24 in state PARENT_R0: processing SA_INIT request | selected state microcode Respond to IKE_SA_INIT | Now let's proceed with state specific processing | calling processor Respond to IKE_SA_INIT | #24 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) | using existing local IKE proposals for connection east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 2:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE responder 2 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | local proposal 2 type ENCR has 1 transforms | local proposal 2 type PRF has 1 transforms | local proposal 2 type INTEG has 1 transforms | local proposal 2 type DH has 1 transforms | local proposal 2 type ESN has 0 transforms | local proposal 2 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..2] of 2 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 192 (0xc0) | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 2 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 2 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: PRF+INTEG+DH; unmatched: ENCR | remote proposal 1 does not match; unmatched remote transforms: ENCR "east" #24: no local proposal matches remote proposals 1:IKE:ENCR=3DES_192;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "east" #24: responding to IKE_SA_INIT (34) message (Message ID 0) from 192.1.2.45:500 with unencrypted notification NO_PROPOSAL_CHOSEN | Opening output PBS unencrypted notification | **emit ISAKMP Message: | initiator cookie: | e0 6f b0 8f 10 d0 e6 ce | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'unencrypted notification' | emitting length of IKEv2 Notify Payload: 8 | emitting length of ISAKMP Message: 36 | sending 36 bytes for v2 notify through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #0) | e0 6f b0 8f 10 d0 e6 ce 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 0e | #24 spent 0.185 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() | [RE]START processing: state #24 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) | #24 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_FATAL | release_pending_whacks: state #24 has no whack fd | pstats #24 ikev2.ike deleted other | [RE]START processing: state #24 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #24: deleting state (STATE_PARENT_R0) aged 0.000s and NOT sending notification | parent state #24: PARENT_R0(half-open IKE SA) => delete | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #24 in PARENT_R0 | parent state #24: PARENT_R0(half-open IKE SA) => UNDEFINED(ignore) | stop processing: state #24 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) | in statetime_stop() and could not find #24 | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.631 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in show_connections_status | FOR_EACH_CONNECTION_... in show_connections_status | FOR_EACH_STATE_... in show_states_status (sort_states) | FOR_EACH_STATE_... in sort_states | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.33 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) shutting down | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) | pluto_sd: executing action action: stopping(6), status 0 | certs and keys locked by 'free_preshared_secrets' forgetting secrets | certs and keys unlocked by 'free_preshared_secrets' | start processing: connection "east" (in delete_connection() at connections.c:189) | Deleting states for connection - including all other IPsec SA's of this IKE SA | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #14 | suspend processing: connection "east" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #14 connection "east" from 192.1.2.45:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #14 ikev2.child deleted other | [RE]START processing: state #14 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #14: deleting state (STATE_UNDEFINED) aged 6.171s and NOT sending notification | child state #14: UNDEFINED(ignore) => delete | child state #14: UNDEFINED(ignore) => CHILDSA_DEL(informational) | state #14 requesting EVENT_SO_DISCARD to be deleted | libevent_free: release ptr-libevent@0x7efeac011520 | free_event_entry: release EVENT_SO_DISCARD-pe@0x557c468f4190 | priority calculation of connection "east" is 0xfe7e7 | delete inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) | raw_eroute result=success | stop processing: connection "east" (BACKGROUND) (in update_state_connection() at connections.c:4037) | start processing: connection NULL (in update_state_connection() at connections.c:4038) | in connection_discard for connection east | State DB: deleting IKEv2 state #14 in CHILDSA_DEL | child state #14: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #14 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x557c468d7990 | delete_state: release st->st_skey_ai_nss-key@0x557c468ef2a0 | delete_state: release st->st_skey_ar_nss-key@0x7efeac0069f0 | delete_state: release st->st_skey_ei_nss-key@0x7efe9c006450 | delete_state: release st->st_skey_er_nss-key@0x557c468ef410 | delete_state: release st->st_skey_pi_nss-key@0x7efe9c00eee0 | delete_state: release st->st_skey_pr_nss-key@0x7efe9c009e40 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #13 | state #6 | start processing: state #6 connection "east" from 192.1.2.45:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #6 ikev2.child deleted other | [RE]START processing: state #6 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #6: deleting state (STATE_UNDEFINED) aged 9.722s and NOT sending notification | child state #6: UNDEFINED(ignore) => delete | child state #6: UNDEFINED(ignore) => CHILDSA_DEL(informational) | state #6 requesting EVENT_SO_DISCARD to be deleted | libevent_free: release ptr-libevent@0x7efeb0006900 | free_event_entry: release EVENT_SO_DISCARD-pe@0x7efeb0002b20 | priority calculation of connection "east" is 0xfe7e7 | delete inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) | raw_eroute result=success | in connection_discard for connection east | State DB: deleting IKEv2 state #6 in CHILDSA_DEL | child state #6: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #6 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x7efeac00a510 | delete_state: release st->st_skey_ai_nss-key@0x557c468dafb0 | delete_state: release st->st_skey_ar_nss-key@0x557c468cec90 | delete_state: release st->st_skey_ei_nss-key@0x557c468d4560 | delete_state: release st->st_skey_er_nss-key@0x557c468cd410 | delete_state: release st->st_skey_pi_nss-key@0x557c468d9650 | delete_state: release st->st_skey_pr_nss-key@0x557c468f0de0 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #5 | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #13 | start processing: state #13 connection "east" from 192.1.2.45:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #13 ikev2.ike deleted completed | #13 spent 7.51 milliseconds in total | [RE]START processing: state #13 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #13: deleting state (STATE_PARENT_R2) aged 6.183s and sending notification | parent state #13: PARENT_R2(established IKE SA) => delete | #13 send IKEv2 delete notification for STATE_PARENT_R2 | Opening output PBS informational exchange delete request | **emit ISAKMP Message: | initiator cookie: | 09 59 11 4a c2 0f 26 e5 | responder cookie: | 55 a5 da 62 5b bc 99 84 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: none (0x0) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_IKE (0x1) | SPI size: 0 (0x0) | number of SPIs: 0 (0x0) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' | emitting length of IKEv2 Delete Payload: 8 | adding 8 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 2c 3f 67 f5 29 c4 30 9f 68 5f 6c 7a a9 c4 b9 85 | data before encryption: | 00 00 00 08 01 00 00 00 00 01 02 03 04 05 06 07 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | d4 96 75 90 f5 52 21 e4 e1 4f 75 f6 ed f0 14 3c | hmac PRF sha init symkey-key@0x7efeac0069f0 (size 20) | hmac: symkey-key@0x7efeac0069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7efeac0069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f558e8 | result: clone-key@0x557c468f9790 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x557c468d06c0 from symkey-key@0x557c468f9790 | hmac prf: begin sha with context 0x557c468d06c0 from symkey-key@0x557c468f9790 | hmac: release clone-key@0x557c468f9790 | hmac PRF sha crypt-prf@0x557c468f2830 | hmac PRF sha update data-bytes@0x7fff72f55cc0 (length 64) | 09 59 11 4a c2 0f 26 e5 55 a5 da 62 5b bc 99 84 | 2e 20 25 00 00 00 00 00 00 00 00 4c 2a 00 00 30 | 2c 3f 67 f5 29 c4 30 9f 68 5f 6c 7a a9 c4 b9 85 | d4 96 75 90 f5 52 21 e4 e1 4f 75 f6 ed f0 14 3c | hmac PRF sha final-bytes@0x7fff72f55d00 (length 20) | f4 42 ed d7 ba 6f 07 78 3c 31 1c a3 6b 45 b9 c6 | 13 c0 df 94 | data being hmac: 09 59 11 4a c2 0f 26 e5 55 a5 da 62 5b bc 99 84 | data being hmac: 2e 20 25 00 00 00 00 00 00 00 00 4c 2a 00 00 30 | data being hmac: 2c 3f 67 f5 29 c4 30 9f 68 5f 6c 7a a9 c4 b9 85 | data being hmac: d4 96 75 90 f5 52 21 e4 e1 4f 75 f6 ed f0 14 3c | out calculated auth: | f4 42 ed d7 ba 6f 07 78 3c 31 1c a3 | sending 76 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #13) | 09 59 11 4a c2 0f 26 e5 55 a5 da 62 5b bc 99 84 | 2e 20 25 00 00 00 00 00 00 00 00 4c 2a 00 00 30 | 2c 3f 67 f5 29 c4 30 9f 68 5f 6c 7a a9 c4 b9 85 | d4 96 75 90 f5 52 21 e4 e1 4f 75 f6 ed f0 14 3c | f4 42 ed d7 ba 6f 07 78 3c 31 1c a3 | Message ID: IKE #13 sender #13 in send_delete record 'n' sending delete request so forcing IKE nextuse=0->1 and sender msgid=0->0 | Message ID: IKE #13 sender #13 in send_delete hacking around record ' send | Message ID: sent #13 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1->0 wip.responder=-1 | state #13 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x7efea40060f0 | free_event_entry: release EVENT_SA_REKEY-pe@0x557c468eabb0 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #13 in PARENT_R2 | parent state #13: PARENT_R2(established IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7efeac002010: destroyed | stop processing: state #13 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x7efeac00eec0 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x557c468d7990 | delete_state: release st->st_skey_ai_nss-key@0x557c468ef2a0 | delete_state: release st->st_skey_ar_nss-key@0x7efeac0069f0 | delete_state: release st->st_skey_ei_nss-key@0x7efe9c006450 | delete_state: release st->st_skey_er_nss-key@0x557c468ef410 | delete_state: release st->st_skey_pi_nss-key@0x7efe9c00eee0 | delete_state: release st->st_skey_pr_nss-key@0x7efe9c009e40 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #5 | start processing: state #5 connection "east" from 192.1.2.45:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #5 ikev2.ike deleted completed | #5 spent 8.34 milliseconds in total | [RE]START processing: state #5 connection "east" from 192.1.2.45:500 (in delete_state() at state.c:879) "east" #5: deleting state (STATE_PARENT_R2) aged 9.754s and sending notification | parent state #5: PARENT_R2(established IKE SA) => delete | #5 send IKEv2 delete notification for STATE_PARENT_R2 | Opening output PBS informational exchange delete request | **emit ISAKMP Message: | initiator cookie: | 6d 52 27 e4 2d 1d 3b 0e | responder cookie: | 61 91 89 8f 29 8a 8c 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: none (0x0) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_IKE (0x1) | SPI size: 0 (0x0) | number of SPIs: 0 (0x0) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' | emitting length of IKEv2 Delete Payload: 8 | adding 8 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 2c a5 a4 ac 8b 25 a6 bb 84 7f 87 b0 40 48 5a f7 | data before encryption: | 00 00 00 08 01 00 00 00 00 01 02 03 04 05 06 07 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 43 96 df 80 c8 40 b3 ff 41 45 27 81 f2 de 93 64 | hmac PRF sha init symkey-key@0x557c468cec90 (size 20) | hmac: symkey-key@0x557c468cec90 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x557c468cec90 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7fff72f558e8 | result: clone-key@0x7efe9c009e40 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x557c468d06c0 from symkey-key@0x7efe9c009e40 | hmac prf: begin sha with context 0x557c468d06c0 from symkey-key@0x7efe9c009e40 | hmac: release clone-key@0x7efe9c009e40 | hmac PRF sha crypt-prf@0x557c468f0e90 | hmac PRF sha update data-bytes@0x7fff72f55cc0 (length 64) | 6d 52 27 e4 2d 1d 3b 0e 61 91 89 8f 29 8a 8c 00 | 2e 20 25 00 00 00 00 00 00 00 00 4c 2a 00 00 30 | 2c a5 a4 ac 8b 25 a6 bb 84 7f 87 b0 40 48 5a f7 | 43 96 df 80 c8 40 b3 ff 41 45 27 81 f2 de 93 64 | hmac PRF sha final-bytes@0x7fff72f55d00 (length 20) | 94 38 3b 6d 01 0b 12 f3 62 06 07 39 9c 15 6e 93 | 82 0f 36 80 | data being hmac: 6d 52 27 e4 2d 1d 3b 0e 61 91 89 8f 29 8a 8c 00 | data being hmac: 2e 20 25 00 00 00 00 00 00 00 00 4c 2a 00 00 30 | data being hmac: 2c a5 a4 ac 8b 25 a6 bb 84 7f 87 b0 40 48 5a f7 | data being hmac: 43 96 df 80 c8 40 b3 ff 41 45 27 81 f2 de 93 64 | out calculated auth: | 94 38 3b 6d 01 0b 12 f3 62 06 07 39 | sending 76 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #5) | 6d 52 27 e4 2d 1d 3b 0e 61 91 89 8f 29 8a 8c 00 | 2e 20 25 00 00 00 00 00 00 00 00 4c 2a 00 00 30 | 2c a5 a4 ac 8b 25 a6 bb 84 7f 87 b0 40 48 5a f7 | 43 96 df 80 c8 40 b3 ff 41 45 27 81 f2 de 93 64 | 94 38 3b 6d 01 0b 12 f3 62 06 07 39 | Message ID: IKE #5 sender #5 in send_delete record 'n' sending delete request so forcing IKE nextuse=0->1 and sender msgid=0->0 | Message ID: IKE #5 sender #5 in send_delete hacking around record ' send | Message ID: sent #5 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1->0 wip.responder=-1 | state #5 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x557c468ec630 | free_event_entry: release EVENT_SA_REKEY-pe@0x557c468eab40 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection east | State DB: deleting IKEv2 state #5 in PARENT_R2 | parent state #5: PARENT_R2(established IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7efeb0000d60: destroyed | stop processing: state #5 from 192.1.2.45:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x7efeac00d640 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x7efeac00a510 | delete_state: release st->st_skey_ai_nss-key@0x557c468dafb0 | delete_state: release st->st_skey_ar_nss-key@0x557c468cec90 | delete_state: release st->st_skey_ei_nss-key@0x557c468d4560 | delete_state: release st->st_skey_er_nss-key@0x557c468cd410 | delete_state: release st->st_skey_pi_nss-key@0x557c468d9650 | delete_state: release st->st_skey_pr_nss-key@0x557c468f0de0 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | shunt_eroute() called for connection 'east' to 'delete' for rt_kind 'unrouted' using protoports 192.0.2.0/24:0 --0->- 192.0.1.0/24:0 | netlink_shunt_eroute for proto 0, and source 192.0.2.0/24:0 dest 192.0.1.0/24:0 | priority calculation of connection "east" is 0xfe7e7 | priority calculation of connection "east" is 0xfe7e7 | FOR_EACH_CONNECTION_... in route_owner | conn east mark 0/00000000, 0/00000000 vs | conn east mark 0/00000000, 0/00000000 | route owner of "east" unrouted: NULL | running updown command "ipsec _updown" for verb unroute | command executing unroute-client | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0 | popen cmd is 1012 chars long | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_IN: | cmd( 80):TERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@e: | cmd( 160):ast' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLI: | cmd( 240):ENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=: | cmd( 320):'16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO: | cmd( 400):_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_: | cmd( 480):MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA=': | cmd( 560):' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+P: | cmd( 640):FS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT': | cmd( 720): PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_: | cmd( 800):DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' : | cmd( 880):PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_S: | cmd( 960):HARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. | free hp@0x557c468b49f0 | flush revival: connection 'east' wasn't on the list | processing: STOP connection NULL (in discard_connection() at connections.c:249) | crl fetch request list locked by 'free_crl_fetch' | crl fetch request list unlocked by 'free_crl_fetch' shutting down interface lo/lo 127.0.0.1:4500 shutting down interface lo/lo 127.0.0.1:500 shutting down interface eth0/eth0 192.0.2.254:4500 shutting down interface eth0/eth0 192.0.2.254:500 shutting down interface eth1/eth1 192.1.2.23:4500 shutting down interface eth1/eth1 192.1.2.23:500 | FOR_EACH_STATE_... in delete_states_dead_interfaces | libevent_free: release ptr-libevent@0x557c468e8060 | free_event_entry: release EVENT_NULL-pe@0x557c468e8020 | libevent_free: release ptr-libevent@0x557c468e8150 | free_event_entry: release EVENT_NULL-pe@0x557c468e8110 | libevent_free: release ptr-libevent@0x557c468e8240 | free_event_entry: release EVENT_NULL-pe@0x557c468e8200 | libevent_free: release ptr-libevent@0x557c468e8330 | free_event_entry: release EVENT_NULL-pe@0x557c468e82f0 | libevent_free: release ptr-libevent@0x557c468e8420 | free_event_entry: release EVENT_NULL-pe@0x557c468e83e0 | libevent_free: release ptr-libevent@0x557c468e8510 | free_event_entry: release EVENT_NULL-pe@0x557c468e84d0 | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations | libevent_free: release ptr-libevent@0x557c468e7940 | free_event_entry: release EVENT_NULL-pe@0x557c468d0680 | libevent_free: release ptr-libevent@0x557c468dd490 | free_event_entry: release EVENT_NULL-pe@0x557c468cb7b0 | libevent_free: release ptr-libevent@0x557c468dd400 | free_event_entry: release EVENT_NULL-pe@0x557c468d0770 | global timer EVENT_REINIT_SECRET uninitialized | global timer EVENT_SHUNT_SCAN uninitialized | global timer EVENT_PENDING_DDNS uninitialized | global timer EVENT_PENDING_PHASE2 uninitialized | global timer EVENT_CHECK_CRLS uninitialized | global timer EVENT_REVIVE_CONNS uninitialized | global timer EVENT_FREE_ROOT_CERTS uninitialized | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized | global timer EVENT_NAT_T_KEEPALIVE uninitialized | libevent_free: release ptr-libevent@0x557c468e7a10 | signal event handler PLUTO_SIGCHLD uninstalled | libevent_free: release ptr-libevent@0x557c468e7af0 | signal event handler PLUTO_SIGTERM uninstalled | libevent_free: release ptr-libevent@0x557c468e7bb0 | signal event handler PLUTO_SIGHUP uninstalled | libevent_free: release ptr-libevent@0x557c468dc790 | signal event handler PLUTO_SIGSYS uninstalled | releasing event base | libevent_free: release ptr-libevent@0x557c468e7c70 | libevent_free: release ptr-libevent@0x557c468be240 | libevent_free: release ptr-libevent@0x557c468cbac0 | libevent_free: release ptr-libevent@0x557c468ed7f0 | libevent_free: release ptr-libevent@0x557c468cbae0 | libevent_free: release ptr-libevent@0x557c468e79d0 | libevent_free: release ptr-libevent@0x557c468e7ab0 | libevent_free: release ptr-libevent@0x557c468cbb70 | libevent_free: release ptr-libevent@0x557c468cbda0 | libevent_free: release ptr-libevent@0x557c468d0800 | libevent_free: release ptr-libevent@0x557c468e85a0 | libevent_free: release ptr-libevent@0x557c468e84b0 | libevent_free: release ptr-libevent@0x557c468e83c0 | libevent_free: release ptr-libevent@0x557c468e82d0 | libevent_free: release ptr-libevent@0x557c468e81e0 | libevent_free: release ptr-libevent@0x557c468e80f0 | libevent_free: release ptr-libevent@0x557c4684d370 | libevent_free: release ptr-libevent@0x557c468e7b90 | libevent_free: release ptr-libevent@0x557c468e7ad0 | libevent_free: release ptr-libevent@0x557c468e79f0 | libevent_free: release ptr-libevent@0x557c468e7c50 | libevent_free: release ptr-libevent@0x557c4684b6c0 | libevent_free: release ptr-libevent@0x557c468cbb00 | libevent_free: release ptr-libevent@0x557c468cbb30 | libevent_free: release ptr-libevent@0x557c468cb820 | releasing global libevent data | libevent_free: release ptr-libevent@0x557c468ca4f0 | libevent_free: release ptr-libevent@0x557c468ca520 | libevent_free: release ptr-libevent@0x557c468cb7f0