FIPS Product: YES FIPS Kernel: NO FIPS Mode: NO NSS DB directory: sql:/etc/ipsec.d Initializing NSS Opening NSS database "sql:/etc/ipsec.d" read-only NSS initialized NSS crypto library initialized FIPS HMAC integrity support [enabled] FIPS mode disabled for pluto daemon FIPS HMAC integrity verification self-test FAILED libcap-ng support [enabled] Linux audit support [enabled] Linux audit activated Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:10189 core dump dir: /tmp secrets file: /etc/ipsec.secrets leak-detective disabled NSS crypto [enabled] XAUTH PAM support [enabled] | libevent is using pluto's memory allocator Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) | libevent_malloc: new ptr-libevent@0x556c5074a360 size 40 | libevent_malloc: new ptr-libevent@0x556c5074a390 size 40 | libevent_malloc: new ptr-libevent@0x556c5074b660 size 40 | creating event base | libevent_malloc: new ptr-libevent@0x556c5074b620 size 56 | libevent_malloc: new ptr-libevent@0x556c5074b690 size 664 | libevent_malloc: new ptr-libevent@0x556c5074b930 size 24 | libevent_malloc: new ptr-libevent@0x556c5073d1a0 size 384 | libevent_malloc: new ptr-libevent@0x556c5074b950 size 16 | libevent_malloc: new ptr-libevent@0x556c5074b970 size 40 | libevent_malloc: new ptr-libevent@0x556c5074b9a0 size 48 | libevent_realloc: new ptr-libevent@0x556c506cd370 size 256 | libevent_malloc: new ptr-libevent@0x556c5074b9e0 size 16 | libevent_free: release ptr-libevent@0x556c5074b620 | libevent initialized | libevent_realloc: new ptr-libevent@0x556c5074ba00 size 64 | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds | init_nat_traversal() initialized with keep_alive=0s NAT-Traversal support [enabled] | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized | global one-shot timer EVENT_FREE_ROOT_CERTS initialized | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds | global one-shot timer EVENT_REVIVE_CONNS initialized | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds | encryption algorithm assertion checks | encryption algorithm AES_CCM_16, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 16, IKEv2 id: 16 | IKEv1 ESP ID id: 16 enum name: AES_CCM_C | IKEv2 ID id: 16 enum name: AES_CCM_C | encryption algorithm AES_CCM_12, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 15, IKEv2 id: 15 | IKEv1 ESP ID id: 15 enum name: AES_CCM_B | IKEv2 ID id: 15 enum name: AES_CCM_B | encryption algorithm AES_CCM_8, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 14, IKEv2 id: 14 | IKEv1 ESP ID id: 14 enum name: AES_CCM_A | IKEv2 ID id: 14 enum name: AES_CCM_A | encryption algorithm 3DES_CBC, IKEv1 OAKLEY id: 5, IKEv1 ESP_INFO id: 3, IKEv2 id: 3 | IKEv1 OAKLEY ID id: 5 enum name: 3DES_CBC | IKEv1 ESP ID id: 3 enum name: 3DES | IKEv2 ID id: 3 enum name: 3DES | encryption algorithm CAMELLIA_CTR, IKEv1 OAKLEY id: 24, IKEv1 ESP_INFO id: 24, IKEv2 id: 24 | IKEv1 OAKLEY ID id: 24 enum name: CAMELLIA_CTR | IKEv1 ESP ID id: 24 enum name: CAMELLIA_CTR | IKEv2 ID id: 24 enum name: CAMELLIA_CTR | encryption algorithm CAMELLIA_CBC, IKEv1 OAKLEY id: 8, IKEv1 ESP_INFO id: 22, IKEv2 id: 23 | IKEv1 OAKLEY ID id: 8 enum name: CAMELLIA_CBC | IKEv1 ESP ID id: 22 enum name: CAMELLIA | IKEv2 ID id: 23 enum name: CAMELLIA_CBC | encryption algorithm AES_GCM_16, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 20, IKEv2 id: 20 | IKEv1 ESP ID id: 20 enum name: AES_GCM_C | IKEv2 ID id: 20 enum name: AES_GCM_C | encryption algorithm AES_GCM_12, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 19, IKEv2 id: 19 | IKEv1 ESP ID id: 19 enum name: AES_GCM_B | IKEv2 ID id: 19 enum name: AES_GCM_B | encryption algorithm AES_GCM_8, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 18, IKEv2 id: 18 | IKEv1 ESP ID id: 18 enum name: AES_GCM_A | IKEv2 ID id: 18 enum name: AES_GCM_A | encryption algorithm AES_CTR, IKEv1 OAKLEY id: 13, IKEv1 ESP_INFO id: 13, IKEv2 id: 13 | IKEv1 OAKLEY ID id: 13 enum name: AES_CTR | IKEv1 ESP ID id: 13 enum name: AES_CTR | IKEv2 ID id: 13 enum name: AES_CTR | encryption algorithm AES_CBC, IKEv1 OAKLEY id: 7, IKEv1 ESP_INFO id: 12, IKEv2 id: 12 | IKEv1 OAKLEY ID id: 7 enum name: AES_CBC | IKEv1 ESP ID id: 12 enum name: AES | IKEv2 ID id: 12 enum name: AES_CBC | encryption algorithm SERPENT_CBC, IKEv1 OAKLEY id: 65004, IKEv1 ESP_INFO id: 252, IKEv2 id: 65004 | IKEv1 OAKLEY ID id: 65004 enum name: SERPENT_CBC | IKEv1 ESP ID id: 252 enum name: SERPENT | IKEv2 ID id: 65004 enum name: SERPENT_CBC | encryption algorithm TWOFISH_CBC, IKEv1 OAKLEY id: 65005, IKEv1 ESP_INFO id: 253, IKEv2 id: 65005 | IKEv1 OAKLEY ID id: 65005 enum name: TWOFISH_CBC | IKEv1 ESP ID id: 253 enum name: TWOFISH | IKEv2 ID id: 65005 enum name: TWOFISH_CBC | encryption algorithm TWOFISH_SSH, IKEv1 OAKLEY id: 65289, IKEv1 ESP_INFO id: -1, IKEv2 id: 65289 | IKEv1 OAKLEY ID id: 65289 enum name: TWOFISH_CBC_SSH | IKEv2 ID id: 65289 enum name: TWOFISH_CBC_SSH | encryption algorithm NULL_AUTH_AES_GMAC, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 23, IKEv2 id: 21 | IKEv1 ESP ID id: 23 enum name: NULL_AUTH_AES_GMAC | IKEv2 ID id: 21 enum name: NULL_AUTH_AES_GMAC | encryption algorithm NULL, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 11, IKEv2 id: 11 | IKEv1 ESP ID id: 11 enum name: NULL | IKEv2 ID id: 11 enum name: NULL | encryption algorithm CHACHA20_POLY1305, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: -1, IKEv2 id: 28 | IKEv2 ID id: 28 enum name: CHACHA20_POLY1305 Encryption algorithms: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac NULL IKEv1: ESP IKEv2: ESP [] CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 | hash algorithm assertion checks | hash algorithm MD5, IKEv1 OAKLEY id: 1, IKEv1 ESP_INFO id: -1, IKEv2 id: -1 | IKEv1 OAKLEY ID id: 1 enum name: MD5 | hash algorithm SHA1, IKEv1 OAKLEY id: 2, IKEv1 ESP_INFO id: -1, IKEv2 id: -1 | IKEv1 OAKLEY ID id: 2 enum name: SHA1 | hash algorithm SHA2_256, IKEv1 OAKLEY id: 4, IKEv1 ESP_INFO id: -1, IKEv2 id: -1 | IKEv1 OAKLEY ID id: 4 enum name: SHA2_256 | hash algorithm SHA2_384, IKEv1 OAKLEY id: 5, IKEv1 ESP_INFO id: -1, IKEv2 id: -1 | IKEv1 OAKLEY ID id: 5 enum name: SHA2_384 | hash algorithm SHA2_512, IKEv1 OAKLEY id: 6, IKEv1 ESP_INFO id: -1, IKEv2 id: -1 | IKEv1 OAKLEY ID id: 6 enum name: SHA2_512 Hash algorithms: MD5 IKEv1: IKE IKEv2: SHA1 IKEv1: IKE IKEv2: FIPS sha SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 | PRF algorithm assertion checks | PRF algorithm HMAC_MD5, IKEv1 OAKLEY id: 1, IKEv1 ESP_INFO id: -1, IKEv2 id: 1 | IKEv1 OAKLEY ID id: 1 enum name: MD5 | IKEv2 ID id: 1 enum name: HMAC_MD5 | PRF algorithm HMAC_SHA1, IKEv1 OAKLEY id: 2, IKEv1 ESP_INFO id: -1, IKEv2 id: 2 | IKEv1 OAKLEY ID id: 2 enum name: SHA1 | IKEv2 ID id: 2 enum name: HMAC_SHA1 | PRF algorithm HMAC_SHA2_256, IKEv1 OAKLEY id: 4, IKEv1 ESP_INFO id: -1, IKEv2 id: 5 | IKEv1 OAKLEY ID id: 4 enum name: SHA2_256 | IKEv2 ID id: 5 enum name: HMAC_SHA2_256 | PRF algorithm HMAC_SHA2_384, IKEv1 OAKLEY id: 5, IKEv1 ESP_INFO id: -1, IKEv2 id: 6 | IKEv1 OAKLEY ID id: 5 enum name: SHA2_384 | IKEv2 ID id: 6 enum name: HMAC_SHA2_384 | PRF algorithm HMAC_SHA2_512, IKEv1 OAKLEY id: 6, IKEv1 ESP_INFO id: -1, IKEv2 id: 7 | IKEv1 OAKLEY ID id: 6 enum name: SHA2_512 | IKEv2 ID id: 7 enum name: HMAC_SHA2_512 | PRF algorithm AES_XCBC, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: -1, IKEv2 id: 4 | IKEv2 ID id: 4 enum name: AES128_XCBC PRF algorithms: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc | integrity algorithm assertion checks | integrity algorithm HMAC_MD5_96, IKEv1 OAKLEY id: 1, IKEv1 ESP_INFO id: 1, IKEv2 id: 1 | IKEv1 OAKLEY ID id: 1 enum name: MD5 | IKEv1 ESP ID id: 1 enum name: HMAC_MD5 | IKEv2 ID id: 1 enum name: HMAC_MD5_96 | integrity algorithm HMAC_SHA1_96, IKEv1 OAKLEY id: 2, IKEv1 ESP_INFO id: 2, IKEv2 id: 2 | IKEv1 OAKLEY ID id: 2 enum name: SHA1 | IKEv1 ESP ID id: 2 enum name: HMAC_SHA1 | IKEv2 ID id: 2 enum name: HMAC_SHA1_96 | integrity algorithm HMAC_SHA2_512_256, IKEv1 OAKLEY id: 6, IKEv1 ESP_INFO id: 7, IKEv2 id: 14 | IKEv1 OAKLEY ID id: 6 enum name: SHA2_512 | IKEv1 ESP ID id: 7 enum name: HMAC_SHA2_512 | IKEv2 ID id: 14 enum name: HMAC_SHA2_512_256 | integrity algorithm HMAC_SHA2_384_192, IKEv1 OAKLEY id: 5, IKEv1 ESP_INFO id: 6, IKEv2 id: 13 | IKEv1 OAKLEY ID id: 5 enum name: SHA2_384 | IKEv1 ESP ID id: 6 enum name: HMAC_SHA2_384 | IKEv2 ID id: 13 enum name: HMAC_SHA2_384_192 | integrity algorithm HMAC_SHA2_256_128, IKEv1 OAKLEY id: 4, IKEv1 ESP_INFO id: 5, IKEv2 id: 12 | IKEv1 OAKLEY ID id: 4 enum name: SHA2_256 | IKEv1 ESP ID id: 5 enum name: HMAC_SHA2_256 | IKEv2 ID id: 12 enum name: HMAC_SHA2_256_128 | integrity algorithm HMAC_SHA2_256_TRUNCBUG, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 252, IKEv2 id: -1 | IKEv1 ESP ID id: 252 enum name: HMAC_SHA2_256_TRUNCBUG | integrity algorithm AES_XCBC_96, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 9, IKEv2 id: 5 | IKEv1 ESP ID id: 9 enum name: AES_XCBC | IKEv2 ID id: 5 enum name: AES_XCBC_96 | integrity algorithm AES_CMAC_96, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 250, IKEv2 id: 8 | IKEv1 ESP ID id: 250 enum name: AES_CMAC_96 | IKEv2 ID id: 8 enum name: AES_CMAC_96 | integrity algorithm NONE, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: 0, IKEv2 id: 0 | IKEv1 ESP ID id: 0 enum name: NONE | IKEv2 ID id: 0 enum name: NONE Integrity algorithms: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac NONE IKEv1: ESP IKEv2: IKE ESP FIPS null | DH algorithm assertion checks | DH algorithm NONE, IKEv1 OAKLEY id: -1, IKEv1 ESP_INFO id: -1, IKEv2 id: 0 | IKEv2 ID id: 0 enum name: NONE | DH algorithm MODP1536, IKEv1 OAKLEY id: 5, IKEv1 ESP_INFO id: 5, IKEv2 id: 5 | IKEv1 OAKLEY ID id: 5 enum name: MODP1536 | IKEv1 ESP ID id: 5 enum name: MODP1536 | IKEv2 ID id: 5 enum name: MODP1536 | DH algorithm MODP2048, IKEv1 OAKLEY id: 14, IKEv1 ESP_INFO id: 14, IKEv2 id: 14 | IKEv1 OAKLEY ID id: 14 enum name: MODP2048 | IKEv1 ESP ID id: 14 enum name: MODP2048 | IKEv2 ID id: 14 enum name: MODP2048 | DH algorithm MODP3072, IKEv1 OAKLEY id: 15, IKEv1 ESP_INFO id: 15, IKEv2 id: 15 | IKEv1 OAKLEY ID id: 15 enum name: MODP3072 | IKEv1 ESP ID id: 15 enum name: MODP3072 | IKEv2 ID id: 15 enum name: MODP3072 | DH algorithm MODP4096, IKEv1 OAKLEY id: 16, IKEv1 ESP_INFO id: 16, IKEv2 id: 16 | IKEv1 OAKLEY ID id: 16 enum name: MODP4096 | IKEv1 ESP ID id: 16 enum name: MODP4096 | IKEv2 ID id: 16 enum name: MODP4096 | DH algorithm MODP6144, IKEv1 OAKLEY id: 17, IKEv1 ESP_INFO id: 17, IKEv2 id: 17 | IKEv1 OAKLEY ID id: 17 enum name: MODP6144 | IKEv1 ESP ID id: 17 enum name: MODP6144 | IKEv2 ID id: 17 enum name: MODP6144 | DH algorithm MODP8192, IKEv1 OAKLEY id: 18, IKEv1 ESP_INFO id: 18, IKEv2 id: 18 | IKEv1 OAKLEY ID id: 18 enum name: MODP8192 | IKEv1 ESP ID id: 18 enum name: MODP8192 | IKEv2 ID id: 18 enum name: MODP8192 | DH algorithm DH19, IKEv1 OAKLEY id: 19, IKEv1 ESP_INFO id: -1, IKEv2 id: 19 | IKEv1 OAKLEY ID id: 19 enum name: ECP_256 | IKEv2 ID id: 19 enum name: ECP_256 | DH algorithm DH20, IKEv1 OAKLEY id: 20, IKEv1 ESP_INFO id: -1, IKEv2 id: 20 | IKEv1 OAKLEY ID id: 20 enum name: ECP_384 | IKEv2 ID id: 20 enum name: ECP_384 | DH algorithm DH21, IKEv1 OAKLEY id: 21, IKEv1 ESP_INFO id: -1, IKEv2 id: 21 | IKEv1 OAKLEY ID id: 21 enum name: ECP_521 | IKEv2 ID id: 21 enum name: ECP_521 | DH algorithm DH31, IKEv1 OAKLEY id: 31, IKEv1 ESP_INFO id: -1, IKEv2 id: 31 | IKEv1 OAKLEY ID id: 31 enum name: CURVE25519 | IKEv2 ID id: 31 enum name: CURVE25519 DH algorithms: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 testing CAMELLIA_CBC: Camellia: 16 bytes with 128-bit key | decode_to_chunk: raw_key: input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf80 | result: symkey-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: CAMELLIA_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bf68 | result: symkey-key@0x556c5074d280 (16-bytes, CAMELLIA_CBC) | symkey: release tmp-key@0x556c5074eb00 | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0x07 92 3A 39 EB 0A 81 7D 1C 4D 87 BD B8 2D 1F 1C" | decode_to_chunk: output: | 07 92 3a 39 eb 0a 81 7d 1c 4d 87 bd b8 2d 1f 1c | decode_to_chunk: plaintext: : input "0x80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: ciphertext: : input "0x07 92 3A 39 EB 0A 81 7D 1C 4D 87 BD B8 2D 1F 1C" | decode_to_chunk: output: | 07 92 3a 39 eb 0a 81 7d 1c 4d 87 bd b8 2d 1f 1c | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0x07 92 3A 39 EB 0A 81 7D 1C 4D 87 BD B8 2D 1F 1C" | decode_to_chunk: output: | 07 92 3a 39 eb 0a 81 7d 1c 4d 87 bd b8 2d 1f 1c | decode_to_chunk: cipertext: : input "0x07 92 3A 39 EB 0A 81 7D 1C 4D 87 BD B8 2D 1F 1C" | decode_to_chunk: output: | 07 92 3a 39 eb 0a 81 7d 1c 4d 87 bd b8 2d 1f 1c | decode_to_chunk: plaintext: : input "0x80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x556c5074d280 | test_ctr_vector: Camellia: 16 bytes with 128-bit key passed Camellia: 16 bytes with 128-bit key | decode_to_chunk: raw_key: input "0x00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF" | decode_to_chunk: output: | 00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf80 | result: symkey-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: CAMELLIA_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bf68 | result: symkey-key@0x556c5074d280 (16-bytes, CAMELLIA_CBC) | symkey: release tmp-key@0x556c5074eb00 | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0x14 4D 2B 0F 50 0C 27 B7 EC 2C D1 2D 91 59 6F 37" | decode_to_chunk: output: | 14 4d 2b 0f 50 0c 27 b7 ec 2c d1 2d 91 59 6f 37 | decode_to_chunk: plaintext: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 " | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 | decode_to_chunk: ciphertext: : input "0x14 4D 2B 0F 50 0C 27 B7 EC 2C D1 2D 91 59 6F 37" | decode_to_chunk: output: | 14 4d 2b 0f 50 0c 27 b7 ec 2c d1 2d 91 59 6f 37 | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0x14 4D 2B 0F 50 0C 27 B7 EC 2C D1 2D 91 59 6F 37" | decode_to_chunk: output: | 14 4d 2b 0f 50 0c 27 b7 ec 2c d1 2d 91 59 6f 37 | decode_to_chunk: cipertext: : input "0x14 4D 2B 0F 50 0C 27 B7 EC 2C D1 2D 91 59 6F 37" | decode_to_chunk: output: | 14 4d 2b 0f 50 0c 27 b7 ec 2c d1 2d 91 59 6f 37 | decode_to_chunk: plaintext: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 " | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x556c5074d280 | test_ctr_vector: Camellia: 16 bytes with 128-bit key passed Camellia: 16 bytes with 256-bit key | decode_to_chunk: raw_key: input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf80 | result: symkey-key@0x556c5074eb00 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: CAMELLIA_CBC | flags: ENCRYPT+DECRYPT | key_size: 32-bytes | base: base-key@0x556c5074eb00 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bf68 | result: symkey-key@0x556c5074d280 (32-bytes, CAMELLIA_CBC) | symkey: release tmp-key@0x556c5074eb00 | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0xB0 C6 B8 8A EA 51 8A B0 9E 84 72 48 E9 1B 1B 9D" | decode_to_chunk: output: | b0 c6 b8 8a ea 51 8a b0 9e 84 72 48 e9 1b 1b 9d | decode_to_chunk: plaintext: : input "0x80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: ciphertext: : input "0xB0 C6 B8 8A EA 51 8A B0 9E 84 72 48 E9 1B 1B 9D" | decode_to_chunk: output: | b0 c6 b8 8a ea 51 8a b0 9e 84 72 48 e9 1b 1b 9d | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0xB0 C6 B8 8A EA 51 8A B0 9E 84 72 48 E9 1B 1B 9D" | decode_to_chunk: output: | b0 c6 b8 8a ea 51 8a b0 9e 84 72 48 e9 1b 1b 9d | decode_to_chunk: cipertext: : input "0xB0 C6 B8 8A EA 51 8A B0 9E 84 72 48 E9 1B 1B 9D" | decode_to_chunk: output: | b0 c6 b8 8a ea 51 8a b0 9e 84 72 48 e9 1b 1b 9d | decode_to_chunk: plaintext: : input "0x80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x556c5074d280 | test_ctr_vector: Camellia: 16 bytes with 256-bit key passed Camellia: 16 bytes with 256-bit key | decode_to_chunk: raw_key: input "0x00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF FF EE DD CC BB AA 99 88 77 66 55 44 33 22 11 00" | decode_to_chunk: output: | 00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff | ff ee dd cc bb aa 99 88 77 66 55 44 33 22 11 00 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf80 | result: symkey-key@0x556c5074eb00 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: CAMELLIA_CBC | flags: ENCRYPT+DECRYPT | key_size: 32-bytes | base: base-key@0x556c5074eb00 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bf68 | result: symkey-key@0x556c5074d280 (32-bytes, CAMELLIA_CBC) | symkey: release tmp-key@0x556c5074eb00 | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0xCC 39 FF EE 18 56 D3 EB 61 02 5E 93 21 9B 65 23 " | decode_to_chunk: output: | cc 39 ff ee 18 56 d3 eb 61 02 5e 93 21 9b 65 23 | decode_to_chunk: plaintext: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 | decode_to_chunk: ciphertext: : input "0xCC 39 FF EE 18 56 D3 EB 61 02 5E 93 21 9B 65 23 " | decode_to_chunk: output: | cc 39 ff ee 18 56 d3 eb 61 02 5e 93 21 9b 65 23 | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | decode_to_chunk: new IV: : input "0xCC 39 FF EE 18 56 D3 EB 61 02 5E 93 21 9B 65 23 " | decode_to_chunk: output: | cc 39 ff ee 18 56 d3 eb 61 02 5e 93 21 9b 65 23 | decode_to_chunk: cipertext: : input "0xCC 39 FF EE 18 56 D3 EB 61 02 5E 93 21 9B 65 23 " | decode_to_chunk: output: | cc 39 ff ee 18 56 d3 eb 61 02 5e 93 21 9b 65 23 | decode_to_chunk: plaintext: : input "0x00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01" | decode_to_chunk: output: | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 | NSS ike_alg_nss_cbc: camellia - enter | NSS ike_alg_nss_cbc: camellia - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x556c5074d280 | test_ctr_vector: Camellia: 16 bytes with 256-bit key passed testing AES_GCM_16: empty string | decode_to_chunk: raw_key: input "0xcf063a34d4a9a76c2c86787d3f96db71" | decode_to_chunk: output: | cf 06 3a 34 d4 a9 a7 6c 2c 86 78 7d 3f 96 db 71 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf20 | result: symkey-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_GCM | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bf08 | result: symkey-key@0x556c5074d280 (16-bytes, AES_GCM) | symkey: release tmp-key@0x556c5074eb00 | decode_to_chunk: salted IV: input "0x113b9785971864c83b01c787" | decode_to_chunk: output: | 11 3b 97 85 97 18 64 c8 3b 01 c7 87 | decode_to_chunk: AAD: input "" | decode_to_chunk: output: | | decode_to_chunk: plaintext: input "" | decode_to_chunk: output: | | decode_to_chunk: ciphertext: input "" | decode_to_chunk: output: | | decode_to_chunk: tag: input "0x72ac8493e3a5228b5d130a69d2510e42" | decode_to_chunk: output: | 72 ac 84 93 e3 a5 22 8b 5d 13 0a 69 d2 51 0e 42 | test_gcm_vector: decrypt: aad-size=0 salt-size=4 wire-IV-size=8 text-size=0 tag-size=16 | test_gcm_vector: text+tag on call | 72 ac 84 93 e3 a5 22 8b 5d 13 0a 69 d2 51 0e 42 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | 72 ac 84 93 e3 a5 22 8b 5d 13 0a 69 d2 51 0e 42 | test_gcm_vector: encrypt: aad-size=0 salt-size=4 wire-IV-size=8 text-size=0 tag-size=16 | test_gcm_vector: text+tag on call | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | 72 ac 84 93 e3 a5 22 8b 5d 13 0a 69 d2 51 0e 42 | test_gcm_vector: release sym_key-key@0x556c5074d280 | test_gcm_vector: passed one block | decode_to_chunk: raw_key: input "0xe98b72a9881a84ca6b76e0f43e68647a" | decode_to_chunk: output: | e9 8b 72 a9 88 1a 84 ca 6b 76 e0 f4 3e 68 64 7a | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf20 | result: symkey-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_GCM | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bf08 | result: symkey-key@0x556c5074d280 (16-bytes, AES_GCM) | symkey: release tmp-key@0x556c5074eb00 | decode_to_chunk: salted IV: input "0x8b23299fde174053f3d652ba" | decode_to_chunk: output: | 8b 23 29 9f de 17 40 53 f3 d6 52 ba | decode_to_chunk: AAD: input "" | decode_to_chunk: output: | | decode_to_chunk: plaintext: input "0x28286a321293253c3e0aa2704a278032" | decode_to_chunk: output: | 28 28 6a 32 12 93 25 3c 3e 0a a2 70 4a 27 80 32 | decode_to_chunk: ciphertext: input "0x5a3c1cf1985dbb8bed818036fdd5ab42" | decode_to_chunk: output: | 5a 3c 1c f1 98 5d bb 8b ed 81 80 36 fd d5 ab 42 | decode_to_chunk: tag: input "0x23c7ab0f952b7091cd324835043b5eb5" | decode_to_chunk: output: | 23 c7 ab 0f 95 2b 70 91 cd 32 48 35 04 3b 5e b5 | test_gcm_vector: decrypt: aad-size=0 salt-size=4 wire-IV-size=8 text-size=16 tag-size=16 | test_gcm_vector: text+tag on call | 5a 3c 1c f1 98 5d bb 8b ed 81 80 36 fd d5 ab 42 | 23 c7 ab 0f 95 2b 70 91 cd 32 48 35 04 3b 5e b5 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | 28 28 6a 32 12 93 25 3c 3e 0a a2 70 4a 27 80 32 | 23 c7 ab 0f 95 2b 70 91 cd 32 48 35 04 3b 5e b5 | test_gcm_vector: encrypt: aad-size=0 salt-size=4 wire-IV-size=8 text-size=16 tag-size=16 | test_gcm_vector: text+tag on call | 28 28 6a 32 12 93 25 3c 3e 0a a2 70 4a 27 80 32 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | 5a 3c 1c f1 98 5d bb 8b ed 81 80 36 fd d5 ab 42 | 23 c7 ab 0f 95 2b 70 91 cd 32 48 35 04 3b 5e b5 | test_gcm_vector: release sym_key-key@0x556c5074d280 | test_gcm_vector: passed two blocks | decode_to_chunk: raw_key: input "0xbfd414a6212958a607a0f5d3ab48471d" | decode_to_chunk: output: | bf d4 14 a6 21 29 58 a6 07 a0 f5 d3 ab 48 47 1d | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf20 | result: symkey-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_GCM | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bf08 | result: symkey-key@0x556c5074d280 (16-bytes, AES_GCM) | symkey: release tmp-key@0x556c5074eb00 | decode_to_chunk: salted IV: input "0x86d8ea0ab8e40dcc481cd0e2" | decode_to_chunk: output: | 86 d8 ea 0a b8 e4 0d cc 48 1c d0 e2 | decode_to_chunk: AAD: input "" | decode_to_chunk: output: | | decode_to_chunk: plaintext: input "0xa6b76a066e63392c9443e60272ceaeb9d25c991b0f2e55e2804e168c05ea591a" | decode_to_chunk: output: | a6 b7 6a 06 6e 63 39 2c 94 43 e6 02 72 ce ae b9 | d2 5c 99 1b 0f 2e 55 e2 80 4e 16 8c 05 ea 59 1a | decode_to_chunk: ciphertext: input "0x62171db33193292d930bf6647347652c1ef33316d7feca99d54f1db4fcf513f8" | decode_to_chunk: output: | 62 17 1d b3 31 93 29 2d 93 0b f6 64 73 47 65 2c | 1e f3 33 16 d7 fe ca 99 d5 4f 1d b4 fc f5 13 f8 | decode_to_chunk: tag: input "0xc28280aa5c6c7a8bd366f28c1cfd1f6e" | decode_to_chunk: output: | c2 82 80 aa 5c 6c 7a 8b d3 66 f2 8c 1c fd 1f 6e | test_gcm_vector: decrypt: aad-size=0 salt-size=4 wire-IV-size=8 text-size=32 tag-size=16 | test_gcm_vector: text+tag on call | 62 17 1d b3 31 93 29 2d 93 0b f6 64 73 47 65 2c | 1e f3 33 16 d7 fe ca 99 d5 4f 1d b4 fc f5 13 f8 | c2 82 80 aa 5c 6c 7a 8b d3 66 f2 8c 1c fd 1f 6e | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | a6 b7 6a 06 6e 63 39 2c 94 43 e6 02 72 ce ae b9 | d2 5c 99 1b 0f 2e 55 e2 80 4e 16 8c 05 ea 59 1a | c2 82 80 aa 5c 6c 7a 8b d3 66 f2 8c 1c fd 1f 6e | test_gcm_vector: encrypt: aad-size=0 salt-size=4 wire-IV-size=8 text-size=32 tag-size=16 | test_gcm_vector: text+tag on call | a6 b7 6a 06 6e 63 39 2c 94 43 e6 02 72 ce ae b9 | d2 5c 99 1b 0f 2e 55 e2 80 4e 16 8c 05 ea 59 1a | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | 62 17 1d b3 31 93 29 2d 93 0b f6 64 73 47 65 2c | 1e f3 33 16 d7 fe ca 99 d5 4f 1d b4 fc f5 13 f8 | c2 82 80 aa 5c 6c 7a 8b d3 66 f2 8c 1c fd 1f 6e | test_gcm_vector: release sym_key-key@0x556c5074d280 | test_gcm_vector: passed two blocks with associated data | decode_to_chunk: raw_key: input "0x006c458100fc5f4d62949d2c833b82d1" | decode_to_chunk: output: | 00 6c 45 81 00 fc 5f 4d 62 94 9d 2c 83 3b 82 d1 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf20 | result: symkey-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_GCM | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bf08 | result: symkey-key@0x556c5074d280 (16-bytes, AES_GCM) | symkey: release tmp-key@0x556c5074eb00 | decode_to_chunk: salted IV: input "0xa4e9c4bc5725a21ff42c82b2" | decode_to_chunk: output: | a4 e9 c4 bc 57 25 a2 1f f4 2c 82 b2 | decode_to_chunk: AAD: input "0x2efb14fb3657cdd6b9a8ff1a5f5a39b9" | decode_to_chunk: output: | 2e fb 14 fb 36 57 cd d6 b9 a8 ff 1a 5f 5a 39 b9 | decode_to_chunk: plaintext: input "0xf381d3bfbee0a879f7a4e17b623278cedd6978053dd313530a18f1a836100950" | decode_to_chunk: output: | f3 81 d3 bf be e0 a8 79 f7 a4 e1 7b 62 32 78 ce | dd 69 78 05 3d d3 13 53 0a 18 f1 a8 36 10 09 50 | decode_to_chunk: ciphertext: input "0xf39b4db3542d8542fb73fd2d66be568f26d7f814b3f87d1eceac3dd09a8d697e" | decode_to_chunk: output: | f3 9b 4d b3 54 2d 85 42 fb 73 fd 2d 66 be 56 8f | 26 d7 f8 14 b3 f8 7d 1e ce ac 3d d0 9a 8d 69 7e | decode_to_chunk: tag: input "0x39f045cb23b698c925db134d56c5" | decode_to_chunk: output: | 39 f0 45 cb 23 b6 98 c9 25 db 13 4d 56 c5 | test_gcm_vector: decrypt: aad-size=16 salt-size=4 wire-IV-size=8 text-size=32 tag-size=14 | test_gcm_vector: text+tag on call | f3 9b 4d b3 54 2d 85 42 fb 73 fd 2d 66 be 56 8f | 26 d7 f8 14 b3 f8 7d 1e ce ac 3d d0 9a 8d 69 7e | 39 f0 45 cb 23 b6 98 c9 25 db 13 4d 56 c5 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | f3 81 d3 bf be e0 a8 79 f7 a4 e1 7b 62 32 78 ce | dd 69 78 05 3d d3 13 53 0a 18 f1 a8 36 10 09 50 | 39 f0 45 cb 23 b6 98 c9 25 db 13 4d 56 c5 | test_gcm_vector: encrypt: aad-size=16 salt-size=4 wire-IV-size=8 text-size=32 tag-size=14 | test_gcm_vector: text+tag on call | f3 81 d3 bf be e0 a8 79 f7 a4 e1 7b 62 32 78 ce | dd 69 78 05 3d d3 13 53 0a 18 f1 a8 36 10 09 50 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | verify_chunk_data: output ciphertext: ok | verify_chunk_data: TAG: ok | test_gcm_vector: text+tag on return | f3 9b 4d b3 54 2d 85 42 fb 73 fd 2d 66 be 56 8f | 26 d7 f8 14 b3 f8 7d 1e ce ac 3d d0 9a 8d 69 7e | 39 f0 45 cb 23 b6 98 c9 25 db 13 4d 56 c5 | test_gcm_vector: release sym_key-key@0x556c5074d280 | test_gcm_vector: passed testing AES_CTR: Encrypting 16 octets using AES-CTR with 128-bit key | decode_to_chunk: raw_key: input "0x AE 68 52 F8 12 10 67 CC 4B F7 A5 76 55 77 F3 9E" | decode_to_chunk: output: | ae 68 52 f8 12 10 67 cc 4b f7 a5 76 55 77 f3 9e | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf80 | result: symkey-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bf68 | result: symkey-key@0x556c5074d280 (16-bytes, AES_CTR) | symkey: release tmp-key@0x556c5074eb00 | decode_to_chunk: input counter-block: : input "0x 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 01" | decode_to_chunk: output: | 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 01 | decode_to_chunk: Plaintext: input "0x 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: Ciphertext: input "0x E4 09 5D 4F B7 A7 B3 79 2D 61 75 A3 26 13 11 B8" | decode_to_chunk: output: | e4 09 5d 4f b7 a7 b3 79 2d 61 75 a3 26 13 11 b8 | decode_to_chunk: expected counter-block: : input "0x 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 02" | decode_to_chunk: output: | 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 02 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x2 for 16 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 01" | decode_to_chunk: output: | 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 01 | decode_to_chunk: Ciphertext: input "0x E4 09 5D 4F B7 A7 B3 79 2D 61 75 A3 26 13 11 B8" | decode_to_chunk: output: | e4 09 5d 4f b7 a7 b3 79 2d 61 75 a3 26 13 11 b8 | decode_to_chunk: Plaintext: input "0x 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: expected counter-block: : input "0x 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 02" | decode_to_chunk: output: | 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 02 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x2 for 16 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x556c5074d280 | test_ctr_vector: Encrypting 16 octets using AES-CTR with 128-bit key passed Encrypting 32 octets using AES-CTR with 128-bit key | decode_to_chunk: raw_key: input "0x 7E 24 06 78 17 FA E0 D7 43 D6 CE 1F 32 53 91 63" | decode_to_chunk: output: | 7e 24 06 78 17 fa e0 d7 43 d6 ce 1f 32 53 91 63 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf80 | result: symkey-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bf68 | result: symkey-key@0x556c5074d280 (16-bytes, AES_CTR) | symkey: release tmp-key@0x556c5074eb00 | decode_to_chunk: input counter-block: : input "0x 00 6C B6 DB C0 54 3B 59 DA 48 D9 0B 00 00 00 01" | decode_to_chunk: output: | 00 6c b6 db c0 54 3b 59 da 48 d9 0b 00 00 00 01 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: Ciphertext: input "0x51 04 A1 06 16 8A 72 D9 79 0D 41 EE 8E DA D3 88EB 2E 1E FC 46 DA 57 C8 FC E6 30 DF 91 41 BE 28" | decode_to_chunk: output: | 51 04 a1 06 16 8a 72 d9 79 0d 41 ee 8e da d3 88 | eb 2e 1e fc 46 da 57 c8 fc e6 30 df 91 41 be 28 | decode_to_chunk: expected counter-block: : input "0x 00 6C B6 DB C0 54 3B 59 DA 48 D9 0B 00 00 00 03" | decode_to_chunk: output: | 00 6c b6 db c0 54 3b 59 da 48 d9 0b 00 00 00 03 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x3 for 32 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 6C B6 DB C0 54 3B 59 DA 48 D9 0B 00 00 00 01" | decode_to_chunk: output: | 00 6c b6 db c0 54 3b 59 da 48 d9 0b 00 00 00 01 | decode_to_chunk: Ciphertext: input "0x51 04 A1 06 16 8A 72 D9 79 0D 41 EE 8E DA D3 88EB 2E 1E FC 46 DA 57 C8 FC E6 30 DF 91 41 BE 28" | decode_to_chunk: output: | 51 04 a1 06 16 8a 72 d9 79 0d 41 ee 8e da d3 88 | eb 2e 1e fc 46 da 57 c8 fc e6 30 df 91 41 be 28 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: expected counter-block: : input "0x 00 6C B6 DB C0 54 3B 59 DA 48 D9 0B 00 00 00 03" | decode_to_chunk: output: | 00 6c b6 db c0 54 3b 59 da 48 d9 0b 00 00 00 03 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x3 for 32 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x556c5074d280 | test_ctr_vector: Encrypting 32 octets using AES-CTR with 128-bit key passed Encrypting 36 octets using AES-CTR with 128-bit key | decode_to_chunk: raw_key: input "0x 76 91 BE 03 5E 50 20 A8 AC 6E 61 85 29 F9 A0 DC" | decode_to_chunk: output: | 76 91 be 03 5e 50 20 a8 ac 6e 61 85 29 f9 a0 dc | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf80 | result: symkey-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bf68 | result: symkey-key@0x556c5074d280 (16-bytes, AES_CTR) | symkey: release tmp-key@0x556c5074eb00 | decode_to_chunk: input counter-block: : input "0x 00 E0 01 7B 27 77 7F 3F 4A 17 86 F0 00 00 00 01" | decode_to_chunk: output: | 00 e0 01 7b 27 77 7f 3f 4a 17 86 f0 00 00 00 01 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F20 21 22 23" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 22 23 | decode_to_chunk: Ciphertext: input "0xC1 CF 48 A8 9F 2F FD D9 CF 46 52 E9 EF DB 72 D745 40 A4 2B DE 6D 78 36 D5 9A 5C EA AE F3 10 5325 B2 07 2F" | decode_to_chunk: output: | c1 cf 48 a8 9f 2f fd d9 cf 46 52 e9 ef db 72 d7 | 45 40 a4 2b de 6d 78 36 d5 9a 5c ea ae f3 10 53 | 25 b2 07 2f | decode_to_chunk: expected counter-block: : input "0x 00 E0 01 7B 27 77 7F 3F 4A 17 86 F0 00 00 00 04" | decode_to_chunk: output: | 00 e0 01 7b 27 77 7f 3f 4a 17 86 f0 00 00 00 04 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x4 for 36 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 E0 01 7B 27 77 7F 3F 4A 17 86 F0 00 00 00 01" | decode_to_chunk: output: | 00 e0 01 7b 27 77 7f 3f 4a 17 86 f0 00 00 00 01 | decode_to_chunk: Ciphertext: input "0xC1 CF 48 A8 9F 2F FD D9 CF 46 52 E9 EF DB 72 D745 40 A4 2B DE 6D 78 36 D5 9A 5C EA AE F3 10 5325 B2 07 2F" | decode_to_chunk: output: | c1 cf 48 a8 9f 2f fd d9 cf 46 52 e9 ef db 72 d7 | 45 40 a4 2b de 6d 78 36 d5 9a 5c ea ae f3 10 53 | 25 b2 07 2f | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F20 21 22 23" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 22 23 | decode_to_chunk: expected counter-block: : input "0x 00 E0 01 7B 27 77 7F 3F 4A 17 86 F0 00 00 00 04" | decode_to_chunk: output: | 00 e0 01 7b 27 77 7f 3f 4a 17 86 f0 00 00 00 04 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x4 for 36 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x556c5074d280 | test_ctr_vector: Encrypting 36 octets using AES-CTR with 128-bit key passed Encrypting 16 octets using AES-CTR with 192-bit key | decode_to_chunk: raw_key: input "0x16 AF 5B 14 5F C9 F5 79 C1 75 F9 3E 3B FB 0E ED86 3D 06 CC FD B7 85 15" | decode_to_chunk: output: | 16 af 5b 14 5f c9 f5 79 c1 75 f9 3e 3b fb 0e ed | 86 3d 06 cc fd b7 85 15 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf80 | result: symkey-key@0x556c5074eb00 (40-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x556c5074eb00 (40-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bf68 | result: symkey-key@0x556c5074d280 (24-bytes, AES_CTR) | symkey: release tmp-key@0x556c5074eb00 | decode_to_chunk: input counter-block: : input "0x 00 00 00 48 36 73 3C 14 7D 6D 93 CB 00 00 00 01" | decode_to_chunk: output: | 00 00 00 48 36 73 3c 14 7d 6d 93 cb 00 00 00 01 | decode_to_chunk: Plaintext: input "0x 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: Ciphertext: input "0x 4B 55 38 4F E2 59 C9 C8 4E 79 35 A0 03 CB E9 28" | decode_to_chunk: output: | 4b 55 38 4f e2 59 c9 c8 4e 79 35 a0 03 cb e9 28 | decode_to_chunk: expected counter-block: : input "0x 00 00 00 48 36 73 3C 14 7D 6D 93 CB 00 00 00 02" | decode_to_chunk: output: | 00 00 00 48 36 73 3c 14 7d 6d 93 cb 00 00 00 02 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x2 for 16 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 00 00 48 36 73 3C 14 7D 6D 93 CB 00 00 00 01" | decode_to_chunk: output: | 00 00 00 48 36 73 3c 14 7d 6d 93 cb 00 00 00 01 | decode_to_chunk: Ciphertext: input "0x 4B 55 38 4F E2 59 C9 C8 4E 79 35 A0 03 CB E9 28" | decode_to_chunk: output: | 4b 55 38 4f e2 59 c9 c8 4e 79 35 a0 03 cb e9 28 | decode_to_chunk: Plaintext: input "0x 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: expected counter-block: : input "0x 00 00 00 48 36 73 3C 14 7D 6D 93 CB 00 00 00 02" | decode_to_chunk: output: | 00 00 00 48 36 73 3c 14 7d 6d 93 cb 00 00 00 02 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x2 for 16 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x556c5074d280 | test_ctr_vector: Encrypting 16 octets using AES-CTR with 192-bit key passed Encrypting 32 octets using AES-CTR with 192-bit key | decode_to_chunk: raw_key: input "0x7C 5C B2 40 1B 3D C3 3C 19 E7 34 08 19 E0 F6 9C67 8C 3D B8 E6 F6 A9 1A" | decode_to_chunk: output: | 7c 5c b2 40 1b 3d c3 3c 19 e7 34 08 19 e0 f6 9c | 67 8c 3d b8 e6 f6 a9 1a | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf80 | result: symkey-key@0x556c5074eb00 (40-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x556c5074eb00 (40-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bf68 | result: symkey-key@0x556c5074d280 (24-bytes, AES_CTR) | symkey: release tmp-key@0x556c5074eb00 | decode_to_chunk: input counter-block: : input "0x 00 96 B0 3B 02 0C 6E AD C2 CB 50 0D 00 00 00 01" | decode_to_chunk: output: | 00 96 b0 3b 02 0c 6e ad c2 cb 50 0d 00 00 00 01 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: Ciphertext: input "0x45 32 43 FC 60 9B 23 32 7E DF AA FA 71 31 CD 9F84 90 70 1C 5A D4 A7 9C FC 1F E0 FF 42 F4 FB 00" | decode_to_chunk: output: | 45 32 43 fc 60 9b 23 32 7e df aa fa 71 31 cd 9f | 84 90 70 1c 5a d4 a7 9c fc 1f e0 ff 42 f4 fb 00 | decode_to_chunk: expected counter-block: : input "0x 00 96 B0 3B 02 0C 6E AD C2 CB 50 0D 00 00 00 03" | decode_to_chunk: output: | 00 96 b0 3b 02 0c 6e ad c2 cb 50 0d 00 00 00 03 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x3 for 32 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 96 B0 3B 02 0C 6E AD C2 CB 50 0D 00 00 00 01" | decode_to_chunk: output: | 00 96 b0 3b 02 0c 6e ad c2 cb 50 0d 00 00 00 01 | decode_to_chunk: Ciphertext: input "0x45 32 43 FC 60 9B 23 32 7E DF AA FA 71 31 CD 9F84 90 70 1C 5A D4 A7 9C FC 1F E0 FF 42 F4 FB 00" | decode_to_chunk: output: | 45 32 43 fc 60 9b 23 32 7e df aa fa 71 31 cd 9f | 84 90 70 1c 5a d4 a7 9c fc 1f e0 ff 42 f4 fb 00 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: expected counter-block: : input "0x 00 96 B0 3B 02 0C 6E AD C2 CB 50 0D 00 00 00 03" | decode_to_chunk: output: | 00 96 b0 3b 02 0c 6e ad c2 cb 50 0d 00 00 00 03 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x3 for 32 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x556c5074d280 | test_ctr_vector: Encrypting 32 octets using AES-CTR with 192-bit key passed Encrypting 36 octets using AES-CTR with 192-bit key | decode_to_chunk: raw_key: input "0x02 BF 39 1E E8 EC B1 59 B9 59 61 7B 09 65 27 9BF5 9B 60 A7 86 D3 E0 FE" | decode_to_chunk: output: | 02 bf 39 1e e8 ec b1 59 b9 59 61 7b 09 65 27 9b | f5 9b 60 a7 86 d3 e0 fe | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf80 | result: symkey-key@0x556c5074eb00 (40-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x556c5074eb00 (40-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bf68 | result: symkey-key@0x556c5074d280 (24-bytes, AES_CTR) | symkey: release tmp-key@0x556c5074eb00 | decode_to_chunk: input counter-block: : input "0x 00 07 BD FD 5C BD 60 27 8D CC 09 12 00 00 00 01" | decode_to_chunk: output: | 00 07 bd fd 5c bd 60 27 8d cc 09 12 00 00 00 01 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F20 21 22 23" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 22 23 | decode_to_chunk: Ciphertext: input "0x96 89 3F C5 5E 5C 72 2F 54 0B 7D D1 DD F7 E7 58D2 88 BC 95 C6 91 65 88 45 36 C8 11 66 2F 21 88AB EE 09 35" | decode_to_chunk: output: | 96 89 3f c5 5e 5c 72 2f 54 0b 7d d1 dd f7 e7 58 | d2 88 bc 95 c6 91 65 88 45 36 c8 11 66 2f 21 88 | ab ee 09 35 | decode_to_chunk: expected counter-block: : input "0x 00 07 BD FD 5C BD 60 27 8D CC 09 12 00 00 00 04" | decode_to_chunk: output: | 00 07 bd fd 5c bd 60 27 8d cc 09 12 00 00 00 04 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x4 for 36 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 07 BD FD 5C BD 60 27 8D CC 09 12 00 00 00 01" | decode_to_chunk: output: | 00 07 bd fd 5c bd 60 27 8d cc 09 12 00 00 00 01 | decode_to_chunk: Ciphertext: input "0x96 89 3F C5 5E 5C 72 2F 54 0B 7D D1 DD F7 E7 58D2 88 BC 95 C6 91 65 88 45 36 C8 11 66 2F 21 88AB EE 09 35" | decode_to_chunk: output: | 96 89 3f c5 5e 5c 72 2f 54 0b 7d d1 dd f7 e7 58 | d2 88 bc 95 c6 91 65 88 45 36 c8 11 66 2f 21 88 | ab ee 09 35 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F20 21 22 23" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 22 23 | decode_to_chunk: expected counter-block: : input "0x 00 07 BD FD 5C BD 60 27 8D CC 09 12 00 00 00 04" | decode_to_chunk: output: | 00 07 bd fd 5c bd 60 27 8d cc 09 12 00 00 00 04 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x4 for 36 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x556c5074d280 | test_ctr_vector: Encrypting 36 octets using AES-CTR with 192-bit key passed Encrypting 16 octets using AES-CTR with 256-bit key | decode_to_chunk: raw_key: input "0x77 6B EF F2 85 1D B0 6F 4C 8A 05 42 C8 69 6F 6C6A 81 AF 1E EC 96 B4 D3 7F C1 D6 89 E6 C1 C1 04" | decode_to_chunk: output: | 77 6b ef f2 85 1d b0 6f 4c 8a 05 42 c8 69 6f 6c | 6a 81 af 1e ec 96 b4 d3 7f c1 d6 89 e6 c1 c1 04 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf80 | result: symkey-key@0x556c5074eb00 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 32-bytes | base: base-key@0x556c5074eb00 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bf68 | result: symkey-key@0x556c5074d280 (32-bytes, AES_CTR) | symkey: release tmp-key@0x556c5074eb00 | decode_to_chunk: input counter-block: : input "0x 00 00 00 60 DB 56 72 C9 7A A8 F0 B2 00 00 00 01" | decode_to_chunk: output: | 00 00 00 60 db 56 72 c9 7a a8 f0 b2 00 00 00 01 | decode_to_chunk: Plaintext: input "0x 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: Ciphertext: input "0x 14 5A D0 1D BF 82 4E C7 56 08 63 DC 71 E3 E0 C0" | decode_to_chunk: output: | 14 5a d0 1d bf 82 4e c7 56 08 63 dc 71 e3 e0 c0 | decode_to_chunk: expected counter-block: : input "0x 00 00 00 60 DB 56 72 C9 7A A8 F0 B2 00 00 00 02" | decode_to_chunk: output: | 00 00 00 60 db 56 72 c9 7a a8 f0 b2 00 00 00 02 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x2 for 16 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 00 00 60 DB 56 72 C9 7A A8 F0 B2 00 00 00 01" | decode_to_chunk: output: | 00 00 00 60 db 56 72 c9 7a a8 f0 b2 00 00 00 01 | decode_to_chunk: Ciphertext: input "0x 14 5A D0 1D BF 82 4E C7 56 08 63 DC 71 E3 E0 C0" | decode_to_chunk: output: | 14 5a d0 1d bf 82 4e c7 56 08 63 dc 71 e3 e0 c0 | decode_to_chunk: Plaintext: input "0x 53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: expected counter-block: : input "0x 00 00 00 60 DB 56 72 C9 7A A8 F0 B2 00 00 00 02" | decode_to_chunk: output: | 00 00 00 60 db 56 72 c9 7a a8 f0 b2 00 00 00 02 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x2 for 16 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x556c5074d280 | test_ctr_vector: Encrypting 16 octets using AES-CTR with 256-bit key passed Encrypting 32 octets using AES-CTR with 256-bit key | decode_to_chunk: raw_key: input "0xF6 D6 6D 6B D5 2D 59 BB 07 96 36 58 79 EF F8 86C6 6D D5 1A 5B 6A 99 74 4B 50 59 0C 87 A2 38 84" | decode_to_chunk: output: | f6 d6 6d 6b d5 2d 59 bb 07 96 36 58 79 ef f8 86 | c6 6d d5 1a 5b 6a 99 74 4b 50 59 0c 87 a2 38 84 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf80 | result: symkey-key@0x556c5074eb00 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 32-bytes | base: base-key@0x556c5074eb00 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bf68 | result: symkey-key@0x556c5074d280 (32-bytes, AES_CTR) | symkey: release tmp-key@0x556c5074eb00 | decode_to_chunk: input counter-block: : input "0x 00 FA AC 24 C1 58 5E F1 5A 43 D8 75 00 00 00 01" | decode_to_chunk: output: | 00 fa ac 24 c1 58 5e f1 5a 43 d8 75 00 00 00 01 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: Ciphertext: input "0xF0 5E 23 1B 38 94 61 2C 49 EE 00 0B 80 4E B2 A9B8 30 6B 50 8F 83 9D 6A 55 30 83 1D 93 44 AF 1C" | decode_to_chunk: output: | f0 5e 23 1b 38 94 61 2c 49 ee 00 0b 80 4e b2 a9 | b8 30 6b 50 8f 83 9d 6a 55 30 83 1d 93 44 af 1c | decode_to_chunk: expected counter-block: : input "0x 00 FA AC 24 C1 58 5E F1 5A 43 D8 75 00 00 00 03" | decode_to_chunk: output: | 00 fa ac 24 c1 58 5e f1 5a 43 d8 75 00 00 00 03 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x3 for 32 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 FA AC 24 C1 58 5E F1 5A 43 D8 75 00 00 00 01" | decode_to_chunk: output: | 00 fa ac 24 c1 58 5e f1 5a 43 d8 75 00 00 00 01 | decode_to_chunk: Ciphertext: input "0xF0 5E 23 1B 38 94 61 2C 49 EE 00 0B 80 4E B2 A9B8 30 6B 50 8F 83 9D 6A 55 30 83 1D 93 44 AF 1C" | decode_to_chunk: output: | f0 5e 23 1b 38 94 61 2c 49 ee 00 0b 80 4e b2 a9 | b8 30 6b 50 8f 83 9d 6a 55 30 83 1d 93 44 af 1c | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: expected counter-block: : input "0x 00 FA AC 24 C1 58 5E F1 5A 43 D8 75 00 00 00 03" | decode_to_chunk: output: | 00 fa ac 24 c1 58 5e f1 5a 43 d8 75 00 00 00 03 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x3 for 32 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x556c5074d280 | test_ctr_vector: Encrypting 32 octets using AES-CTR with 256-bit key passed Encrypting 36 octets using AES-CTR with 256-bit key | decode_to_chunk: raw_key: input "0xFF 7A 61 7C E6 91 48 E4 F1 72 6E 2F 43 58 1D E2AA 62 D9 F8 05 53 2E DF F1 EE D6 87 FB 54 15 3D" | decode_to_chunk: output: | ff 7a 61 7c e6 91 48 e4 f1 72 6e 2f 43 58 1d e2 | aa 62 d9 f8 05 53 2e df f1 ee d6 87 fb 54 15 3d | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf80 | result: symkey-key@0x556c5074eb00 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: AES_CTR | flags: ENCRYPT+DECRYPT | key_size: 32-bytes | base: base-key@0x556c5074eb00 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bf68 | result: symkey-key@0x556c5074d280 (32-bytes, AES_CTR) | symkey: release tmp-key@0x556c5074eb00 | decode_to_chunk: input counter-block: : input "0x 00 1C C5 B7 51 A5 1D 70 A1 C1 11 48 00 00 00 01" | decode_to_chunk: output: | 00 1c c5 b7 51 a5 1d 70 a1 c1 11 48 00 00 00 01 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F20 21 22 23" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 22 23 | decode_to_chunk: Ciphertext: input "0xEB 6C 52 82 1D 0B BB F7 CE 75 94 46 2A CA 4F AAB4 07 DF 86 65 69 FD 07 F4 8C C0 B5 83 D6 07 1F1E C0 E6 B8" | decode_to_chunk: output: | eb 6c 52 82 1d 0b bb f7 ce 75 94 46 2a ca 4f aa | b4 07 df 86 65 69 fd 07 f4 8c c0 b5 83 d6 07 1f | 1e c0 e6 b8 | decode_to_chunk: expected counter-block: : input "0x 00 1C C5 B7 51 A5 1D 70 A1 C1 11 48 00 00 00 04" | decode_to_chunk: output: | 00 1c c5 b7 51 a5 1d 70 a1 c1 11 48 00 00 00 04 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x4 for 36 bytes | do_aes_ctr: exit | verify_chunk_data: encrypt: ok | verify_chunk_data: counter-block: ok | decode_to_chunk: input counter-block: : input "0x 00 1C C5 B7 51 A5 1D 70 A1 C1 11 48 00 00 00 01" | decode_to_chunk: output: | 00 1c c5 b7 51 a5 1d 70 a1 c1 11 48 00 00 00 01 | decode_to_chunk: Ciphertext: input "0xEB 6C 52 82 1D 0B BB F7 CE 75 94 46 2A CA 4F AAB4 07 DF 86 65 69 FD 07 F4 8C C0 B5 83 D6 07 1F1E C0 E6 B8" | decode_to_chunk: output: | eb 6c 52 82 1d 0b bb f7 ce 75 94 46 2a ca 4f aa | b4 07 df 86 65 69 fd 07 f4 8c c0 b5 83 d6 07 1f | 1e c0 e6 b8 | decode_to_chunk: Plaintext: input "0x00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F20 21 22 23" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 22 23 | decode_to_chunk: expected counter-block: : input "0x 00 1C C5 B7 51 A5 1D 70 A1 C1 11 48 00 00 00 04" | decode_to_chunk: output: | 00 1c c5 b7 51 a5 1d 70 a1 c1 11 48 00 00 00 04 | do_aes_ctr: enter | do_aes_ctr: counter-block updated from 0x1 to 0x4 for 36 bytes | do_aes_ctr: exit | verify_chunk_data: decrypt: ok | verify_chunk_data: counter-block: ok | test_ctr_vector: release sym_key-key@0x556c5074d280 | test_ctr_vector: Encrypting 36 octets using AES-CTR with 256-bit key passed testing AES_CBC: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key | decode_to_chunk: raw_key: input "0x06a9214036b8a15b512e03d534120006" | decode_to_chunk: output: | 06 a9 21 40 36 b8 a1 5b 51 2e 03 d5 34 12 00 06 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf80 | result: symkey-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bf68 | result: symkey-key@0x556c5074d280 (16-bytes, AES_CBC) | symkey: release tmp-key@0x556c5074eb00 | decode_to_chunk: IV: : input "0x3dafba429d9eb430b422da802c9fac41" | decode_to_chunk: output: | 3d af ba 42 9d 9e b4 30 b4 22 da 80 2c 9f ac 41 | decode_to_chunk: new IV: : input "0xe353779c1079aeb82708942dbe77181a" | decode_to_chunk: output: | e3 53 77 9c 10 79 ae b8 27 08 94 2d be 77 18 1a | decode_to_chunk: plaintext: : input "Single block msg" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | decode_to_chunk: ciphertext: : input "0xe353779c1079aeb82708942dbe77181a" | decode_to_chunk: output: | e3 53 77 9c 10 79 ae b8 27 08 94 2d be 77 18 1a | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x3dafba429d9eb430b422da802c9fac41" | decode_to_chunk: output: | 3d af ba 42 9d 9e b4 30 b4 22 da 80 2c 9f ac 41 | decode_to_chunk: new IV: : input "0xe353779c1079aeb82708942dbe77181a" | decode_to_chunk: output: | e3 53 77 9c 10 79 ae b8 27 08 94 2d be 77 18 1a | decode_to_chunk: cipertext: : input "0xe353779c1079aeb82708942dbe77181a" | decode_to_chunk: output: | e3 53 77 9c 10 79 ae b8 27 08 94 2d be 77 18 1a | decode_to_chunk: plaintext: : input "Single block msg" | decode_to_chunk: output: | 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x556c5074d280 | test_ctr_vector: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key passed Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key | decode_to_chunk: raw_key: input "0xc286696d887c9aa0611bbb3e2025a45a" | decode_to_chunk: output: | c2 86 69 6d 88 7c 9a a0 61 1b bb 3e 20 25 a4 5a | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf80 | result: symkey-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bf68 | result: symkey-key@0x556c5074d280 (16-bytes, AES_CBC) | symkey: release tmp-key@0x556c5074eb00 | decode_to_chunk: IV: : input "0x562e17996d093d28ddb3ba695a2e6f58" | decode_to_chunk: output: | 56 2e 17 99 6d 09 3d 28 dd b3 ba 69 5a 2e 6f 58 | decode_to_chunk: new IV: : input "0xd296cd94c2cccf8a3a863028b5e1dc0a7586602d253cfff91b8266bea6d61ab1" | decode_to_chunk: output: | d2 96 cd 94 c2 cc cf 8a 3a 86 30 28 b5 e1 dc 0a | 75 86 60 2d 25 3c ff f9 1b 82 66 be a6 d6 1a b1 | decode_to_chunk: plaintext: : input "0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: ciphertext: : input "0xd296cd94c2cccf8a3a863028b5e1dc0a7586602d253cfff91b8266bea6d61ab1" | decode_to_chunk: output: | d2 96 cd 94 c2 cc cf 8a 3a 86 30 28 b5 e1 dc 0a | 75 86 60 2d 25 3c ff f9 1b 82 66 be a6 d6 1a b1 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x562e17996d093d28ddb3ba695a2e6f58" | decode_to_chunk: output: | 56 2e 17 99 6d 09 3d 28 dd b3 ba 69 5a 2e 6f 58 | decode_to_chunk: new IV: : input "0xd296cd94c2cccf8a3a863028b5e1dc0a7586602d253cfff91b8266bea6d61ab1" | decode_to_chunk: output: | d2 96 cd 94 c2 cc cf 8a 3a 86 30 28 b5 e1 dc 0a | 75 86 60 2d 25 3c ff f9 1b 82 66 be a6 d6 1a b1 | decode_to_chunk: cipertext: : input "0xd296cd94c2cccf8a3a863028b5e1dc0a7586602d253cfff91b8266bea6d61ab1" | decode_to_chunk: output: | d2 96 cd 94 c2 cc cf 8a 3a 86 30 28 b5 e1 dc 0a | 75 86 60 2d 25 3c ff f9 1b 82 66 be a6 d6 1a b1 | decode_to_chunk: plaintext: : input "0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x556c5074d280 | test_ctr_vector: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key passed Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key | decode_to_chunk: raw_key: input "0x6c3ea0477630ce21a2ce334aa746c2cd" | decode_to_chunk: output: | 6c 3e a0 47 76 30 ce 21 a2 ce 33 4a a7 46 c2 cd | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf80 | result: symkey-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bf68 | result: symkey-key@0x556c5074d280 (16-bytes, AES_CBC) | symkey: release tmp-key@0x556c5074eb00 | decode_to_chunk: IV: : input "0xc782dc4c098c66cbd9cd27d825682c81" | decode_to_chunk: output: | c7 82 dc 4c 09 8c 66 cb d9 cd 27 d8 25 68 2c 81 | decode_to_chunk: new IV: : input "0xd0a02b3836451753d493665d33f0e8862dea54cdb293abc7506939276772f8d5021c19216bad525c8579695d83ba2684" | decode_to_chunk: output: | d0 a0 2b 38 36 45 17 53 d4 93 66 5d 33 f0 e8 86 | 2d ea 54 cd b2 93 ab c7 50 69 39 27 67 72 f8 d5 | 02 1c 19 21 6b ad 52 5c 85 79 69 5d 83 ba 26 84 | decode_to_chunk: plaintext: : input "This is a 48-byte message (exactly 3 AES blocks)" | decode_to_chunk: output: | 54 68 69 73 20 69 73 20 61 20 34 38 2d 62 79 74 | 65 20 6d 65 73 73 61 67 65 20 28 65 78 61 63 74 | 6c 79 20 33 20 41 45 53 20 62 6c 6f 63 6b 73 29 | decode_to_chunk: ciphertext: : input "0xd0a02b3836451753d493665d33f0e8862dea54cdb293abc7506939276772f8d5021c19216bad525c8579695d83ba2684" | decode_to_chunk: output: | d0 a0 2b 38 36 45 17 53 d4 93 66 5d 33 f0 e8 86 | 2d ea 54 cd b2 93 ab c7 50 69 39 27 67 72 f8 d5 | 02 1c 19 21 6b ad 52 5c 85 79 69 5d 83 ba 26 84 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0xc782dc4c098c66cbd9cd27d825682c81" | decode_to_chunk: output: | c7 82 dc 4c 09 8c 66 cb d9 cd 27 d8 25 68 2c 81 | decode_to_chunk: new IV: : input "0xd0a02b3836451753d493665d33f0e8862dea54cdb293abc7506939276772f8d5021c19216bad525c8579695d83ba2684" | decode_to_chunk: output: | d0 a0 2b 38 36 45 17 53 d4 93 66 5d 33 f0 e8 86 | 2d ea 54 cd b2 93 ab c7 50 69 39 27 67 72 f8 d5 | 02 1c 19 21 6b ad 52 5c 85 79 69 5d 83 ba 26 84 | decode_to_chunk: cipertext: : input "0xd0a02b3836451753d493665d33f0e8862dea54cdb293abc7506939276772f8d5021c19216bad525c8579695d83ba2684" | decode_to_chunk: output: | d0 a0 2b 38 36 45 17 53 d4 93 66 5d 33 f0 e8 86 | 2d ea 54 cd b2 93 ab c7 50 69 39 27 67 72 f8 d5 | 02 1c 19 21 6b ad 52 5c 85 79 69 5d 83 ba 26 84 | decode_to_chunk: plaintext: : input "This is a 48-byte message (exactly 3 AES blocks)" | decode_to_chunk: output: | 54 68 69 73 20 69 73 20 61 20 34 38 2d 62 79 74 | 65 20 6d 65 73 73 61 67 65 20 28 65 78 61 63 74 | 6c 79 20 33 20 41 45 53 20 62 6c 6f 63 6b 73 29 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x556c5074d280 | test_ctr_vector: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key passed Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key | decode_to_chunk: raw_key: input "0x56e47a38c5598974bc46903dba290349" | decode_to_chunk: output: | 56 e4 7a 38 c5 59 89 74 bc 46 90 3d ba 29 03 49 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf80 | result: symkey-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bf68 | result: symkey-key@0x556c5074d280 (16-bytes, AES_CBC) | symkey: release tmp-key@0x556c5074eb00 | decode_to_chunk: IV: : input "0x8ce82eefbea0da3c44699ed7db51b7d9" | decode_to_chunk: output: | 8c e8 2e ef be a0 da 3c 44 69 9e d7 db 51 b7 d9 | decode_to_chunk: new IV: : input "0xc30e32ffedc0774e6aff6af0869f71aa0f3af07a9a31a9c684db207eb0ef8e4e35907aa632c3ffdf868bb7b29d3d46ad83ce9f9a102ee99d49a53e87f4c3da55" | decode_to_chunk: output: | c3 0e 32 ff ed c0 77 4e 6a ff 6a f0 86 9f 71 aa | 0f 3a f0 7a 9a 31 a9 c6 84 db 20 7e b0 ef 8e 4e | 35 90 7a a6 32 c3 ff df 86 8b b7 b2 9d 3d 46 ad | 83 ce 9f 9a 10 2e e9 9d 49 a5 3e 87 f4 c3 da 55 | decode_to_chunk: plaintext: : input "0xa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedf" | decode_to_chunk: output: | a0 a1 a2 a3 a4 a5 a6 a7 a8 a9 aa ab ac ad ae af | b0 b1 b2 b3 b4 b5 b6 b7 b8 b9 ba bb bc bd be bf | c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf | d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 da db dc dd de df | decode_to_chunk: ciphertext: : input "0xc30e32ffedc0774e6aff6af0869f71aa0f3af07a9a31a9c684db207eb0ef8e4e35907aa632c3ffdf868bb7b29d3d46ad83ce9f9a102ee99d49a53e87f4c3da55" | decode_to_chunk: output: | c3 0e 32 ff ed c0 77 4e 6a ff 6a f0 86 9f 71 aa | 0f 3a f0 7a 9a 31 a9 c6 84 db 20 7e b0 ef 8e 4e | 35 90 7a a6 32 c3 ff df 86 8b b7 b2 9d 3d 46 ad | 83 ce 9f 9a 10 2e e9 9d 49 a5 3e 87 f4 c3 da 55 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: encrypt: ok | verify_chunk_data: updated CBC IV: ok | decode_to_chunk: IV: : input "0x8ce82eefbea0da3c44699ed7db51b7d9" | decode_to_chunk: output: | 8c e8 2e ef be a0 da 3c 44 69 9e d7 db 51 b7 d9 | decode_to_chunk: new IV: : input "0xc30e32ffedc0774e6aff6af0869f71aa0f3af07a9a31a9c684db207eb0ef8e4e35907aa632c3ffdf868bb7b29d3d46ad83ce9f9a102ee99d49a53e87f4c3da55" | decode_to_chunk: output: | c3 0e 32 ff ed c0 77 4e 6a ff 6a f0 86 9f 71 aa | 0f 3a f0 7a 9a 31 a9 c6 84 db 20 7e b0 ef 8e 4e | 35 90 7a a6 32 c3 ff df 86 8b b7 b2 9d 3d 46 ad | 83 ce 9f 9a 10 2e e9 9d 49 a5 3e 87 f4 c3 da 55 | decode_to_chunk: cipertext: : input "0xc30e32ffedc0774e6aff6af0869f71aa0f3af07a9a31a9c684db207eb0ef8e4e35907aa632c3ffdf868bb7b29d3d46ad83ce9f9a102ee99d49a53e87f4c3da55" | decode_to_chunk: output: | c3 0e 32 ff ed c0 77 4e 6a ff 6a f0 86 9f 71 aa | 0f 3a f0 7a 9a 31 a9 c6 84 db 20 7e b0 ef 8e 4e | 35 90 7a a6 32 c3 ff df 86 8b b7 b2 9d 3d 46 ad | 83 ce 9f 9a 10 2e e9 9d 49 a5 3e 87 f4 c3 da 55 | decode_to_chunk: plaintext: : input "0xa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedf" | decode_to_chunk: output: | a0 a1 a2 a3 a4 a5 a6 a7 a8 a9 aa ab ac ad ae af | b0 b1 b2 b3 b4 b5 b6 b7 b8 b9 ba bb bc bd be bf | c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf | d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 da db dc dd de df | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | verify_chunk_data: decrypt: ok | verify_chunk_data: updated CBC IV: ok | test_cbc_vector: release sym_key-key@0x556c5074d280 | test_ctr_vector: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key passed testing AES_XCBC: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "" | decode_to_chunk: output: | | decode_to_chunk: test_prf_vector: input "0x75f0251d528ac01c4573dfd584d79f29" | decode_to_chunk: output: | 75 f0 25 1d 52 8a c0 1c 45 73 df d5 84 d7 9f 29 | PRF chunk interface PRF aes_xcbc init key-chunk@0x556c507505a0 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf00 | result: key-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bee8 | result: key-key@0x556c5074d280 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x556c5074eb00 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x556c5074d280 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bec8 | result: key-key@0x556c5074eb00 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x556c5074d280 | PRF chunk interface PRF aes_xcbc crypt-prf@0x556c507503a0 | PRF chunk interface PRF aes_xcbc update message-bytes@0x556c5074ba50 (length 0) | | XCBC: data | K extracting all 16 bytes of key@0x556c5074eb00 | K: symkey-key@0x556c5074eb00 (16-bytes, AES_ECB) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x556c50750fd0 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)-1030178176: ffffff87 ffffffde ffffff83 24 10 ffffff8c 29 48 49 61 ffffffa2 6a 1e 24 ffffffa1 ffffffe7 | K: release slot-key-key@0x556c50750fd0 | K extracted len 16 bytes at 0x556c50750670 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298be60 | result: k1-key@0x556c50751260 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x556c50751260 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298be48 | result: k1-key@0x556c5074d280 (16-bytes, AES_ECB) | k1: release tmp-key@0x556c50751260 | Computing E[0] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: M[n] | XCBC: M[n] | XCBC: M[n]:80...^E[n-1]^K3 | 41 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: MAC 75 f0 25 1d 52 8a c0 1c 45 73 df d5 84 d7 9f 29 | xcbc: release k1-key@0x556c5074d280 | PRF chunk interface: release key-key@0x556c5074eb00 | PRF chunk interface PRF aes_xcbc final-chunk@0x556c507503c0 (length 16) | 75 f0 25 1d 52 8a c0 1c 45 73 df d5 84 d7 9f 29 | chunk output 75 f0 25 1d 52 8a c0 1c 45 73 df d5 84 d7 9f 29 | verify_chunk_data: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input: ok | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf70 | result: key symkey-key@0x556c5074d280 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x556c5074d280 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bf58 | result: key symkey-key@0x556c5074eb00 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x556c5074d280 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x556c5074eb00 (size 16) | PRF symkey interface: key symkey-key@0x556c5074eb00 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x556c5074eb00 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bef8 | result: key symkey-key@0x556c5074d280 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x556c507503a0 | PRF symkey interface PRF aes_xcbc update symkey message-key@(nil) (size 0) | PRF symkey interface: symkey message-key@NULL | symkey message NULL key has no bytes | XCBC: data | K extracting all 16 bytes of key@0x556c5074d280 | K: symkey-key@0x556c5074d280 (16-bytes, AES_ECB) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x556c50750fd0 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1023: ffffff87 ffffffde ffffff83 24 10 ffffff8c 29 48 49 61 ffffffa2 6a 1e 24 ffffffa1 ffffffe7 | K: release slot-key-key@0x556c50750fd0 | K extracted len 16 bytes at 0x556c50751060 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298be80 | result: k1-key@0x556c50752b50 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x556c50752b50 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298be68 | result: k1-key@0x556c50751260 (16-bytes, AES_ECB) | k1: release tmp-key@0x556c50752b50 | Computing E[0] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: M[n] | XCBC: M[n] | XCBC: M[n]:80...^E[n-1]^K3 | 41 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: MAC 75 f0 25 1d 52 8a c0 1c 45 73 df d5 84 d7 9f 29 | xcbc: release k1-key@0x556c50751260 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf10 | result: xcbc-key@0x556c50752b50 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x556c50752b50 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bef8 | result: xcbc-key@0x556c50751260 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x556c50752b50 | PRF symkey interface: release key-key@0x556c5074d280 | PRF symkey interface PRF aes_xcbc final-key@0x556c50751260 (size 16) | PRF symkey interface: key-key@0x556c50751260 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x556c50751260 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input extracting all 16 bytes of key@0x556c50751260 | RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input: symkey-key@0x556c50751260 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input: new slot-key@0x556c50750fd0 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1333043673: 02 ffffffcb ffffff8b 51 ffffff9b ffffff9e 49 ffffff8c 09 ffffff94 ffffffcc 22 ffffff9b 7e 4e 6f | RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input: release slot-key-key@0x556c50750fd0 | RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input extracted len 16 bytes at 0x556c507505c0 | unwrapped: 75 f0 25 1d 52 8a c0 1c 45 73 df d5 84 d7 9f 29 | verify_chunk_data: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input: ok | test_prf_vector: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input passed | test_prf_vector: release symkey-key@0x556c50751260 | test_prf_vector: release message-key@NULL | test_prf_vector: release key-key@0x556c5074eb00 | test_prf_vector: release output-key@NULL RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0x000102" | decode_to_chunk: output: | 00 01 02 | decode_to_chunk: test_prf_vector: input "0x5b376580ae2f19afe7219ceef172756f" | decode_to_chunk: output: | 5b 37 65 80 ae 2f 19 af e7 21 9c ee f1 72 75 6f | PRF chunk interface PRF aes_xcbc init key-chunk@0x556c507503a0 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf00 | result: key-key@0x556c50751260 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x556c50751260 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bee8 | result: key-key@0x556c5074eb00 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x556c50751260 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x556c5074eb00 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bec8 | result: key-key@0x556c50751260 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x556c5074eb00 | PRF chunk interface PRF aes_xcbc crypt-prf@0x556c507507d0 | PRF chunk interface PRF aes_xcbc update message-bytes@0x556c507505c0 (length 3) | 00 01 02 | XCBC: data 00 01 02 | K extracting all 16 bytes of key@0x556c50751260 | K: symkey-key@0x556c50751260 (16-bytes, AES_ECB) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x556c50750fd0 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)-1030178176: ffffff87 ffffffde ffffff83 24 10 ffffff8c 29 48 49 61 ffffffa2 6a 1e 24 ffffffa1 ffffffe7 | K: release slot-key-key@0x556c50750fd0 | K extracted len 16 bytes at 0x556c507505a0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298be60 | result: k1-key@0x556c5074d280 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x556c5074d280 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298be48 | result: k1-key@0x556c5074eb00 (16-bytes, AES_ECB) | k1: release tmp-key@0x556c5074d280 | Computing E[1] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: M[n] 00 01 02 | XCBC: M[n] 00 01 02 | XCBC: M[n]:80...^E[n-1]^K3 | c1 a6 a9 21 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: MAC 5b 37 65 80 ae 2f 19 af e7 21 9c ee f1 72 75 6f | xcbc: release k1-key@0x556c5074eb00 | PRF chunk interface: release key-key@0x556c50751260 | PRF chunk interface PRF aes_xcbc final-chunk@0x556c50750380 (length 16) | 5b 37 65 80 ae 2f 19 af e7 21 9c ee f1 72 75 6f | chunk output 5b 37 65 80 ae 2f 19 af e7 21 9c ee f1 72 75 6f | verify_chunk_data: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input: ok | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf70 | result: key symkey-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bf58 | result: key symkey-key@0x556c50751260 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x556c5074eb00 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x556c50751260 (size 16) | PRF symkey interface: key symkey-key@0x556c50751260 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x556c50751260 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bef8 | result: key symkey-key@0x556c5074eb00 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x556c50750670 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf70 | result: message symkey-key@0x556c50752b50 (19-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 3 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 3-bytes | base: base-key@0x556c50752b50 (19-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bf58 | result: message symkey-key@0x556c5074d280 (3-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x556c50752b50 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x556c5074d280 (size 3) | PRF symkey interface: symkey message-key@0x556c5074d280 (3-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 3 bytes of key@0x556c5074d280 | symkey message: symkey-key@0x556c5074d280 (3-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x556c50750fd0 (3-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)-1030177968: ffffff93 ffffffe5 57 ffffff81 3a 6f 0e ffffffd5 ffffffb2 ffffffc4 00 ffffffc3 ffffff84 53 fffffff2 ffffffed | symkey message: release slot-key-key@0x556c50750fd0 | symkey message extracted len 16 bytes at 0x556c507512f0 | unwrapped: 00 01 02 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 | K extracting all 16 bytes of key@0x556c5074eb00 | K: symkey-key@0x556c5074eb00 (16-bytes, AES_ECB) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x556c50750fd0 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: ffffff87 ffffffde ffffff83 24 10 ffffff8c 29 48 49 61 ffffffa2 6a 1e 24 ffffffa1 ffffffe7 | K: release slot-key-key@0x556c50750fd0 | K extracted len 16 bytes at 0x556c507507d0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298be80 | result: k1-key@0x556c507543d0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x556c507543d0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298be68 | result: k1-key@0x556c50752b50 (16-bytes, AES_ECB) | k1: release tmp-key@0x556c507543d0 | Computing E[1] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: M[n] 00 01 02 | XCBC: M[n] 00 01 02 | XCBC: M[n]:80...^E[n-1]^K3 | c1 a6 a9 21 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: MAC 5b 37 65 80 ae 2f 19 af e7 21 9c ee f1 72 75 6f | xcbc: release k1-key@0x556c50752b50 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf10 | result: xcbc-key@0x556c507543d0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x556c507543d0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bef8 | result: xcbc-key@0x556c50752b50 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x556c507543d0 | PRF symkey interface: release key-key@0x556c5074eb00 | PRF symkey interface PRF aes_xcbc final-key@0x556c50752b50 (size 16) | PRF symkey interface: key-key@0x556c50752b50 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x556c50752b50 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input extracting all 16 bytes of key@0x556c50752b50 | RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input: symkey-key@0x556c50752b50 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input: new slot-key@0x556c50750fd0 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1333043673: 4c ffffffe3 ffffff8d ffffffab 78 ffffffb6 77 ffffff9b ffffff82 28 ffffff8c ffffff90 7e 72 1d 50 | RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input: release slot-key-key@0x556c50750fd0 | RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input extracted len 16 bytes at 0x556c507507d0 | unwrapped: 5b 37 65 80 ae 2f 19 af e7 21 9c ee f1 72 75 6f | verify_chunk_data: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input: ok | test_prf_vector: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input passed | test_prf_vector: release symkey-key@0x556c50752b50 | test_prf_vector: release message-key@0x556c5074d280 | test_prf_vector: release key-key@0x556c50751260 | test_prf_vector: release output-key@NULL RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0xd2a246fa349b68a79998a4394ff7a263" | decode_to_chunk: output: | d2 a2 46 fa 34 9b 68 a7 99 98 a4 39 4f f7 a2 63 | PRF chunk interface PRF aes_xcbc init key-chunk@0x556c507512f0 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf00 | result: key-key@0x556c5074d280 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x556c5074d280 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bee8 | result: key-key@0x556c50751260 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x556c5074d280 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x556c50751260 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bec8 | result: key-key@0x556c5074d280 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x556c50751260 | PRF chunk interface PRF aes_xcbc crypt-prf@0x556c507505a0 | PRF chunk interface PRF aes_xcbc update message-bytes@0x556c507507d0 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | K extracting all 16 bytes of key@0x556c5074d280 | K: symkey-key@0x556c5074d280 (16-bytes, AES_ECB) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x556c50750fd0 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540618784: ffffff87 ffffffde ffffff83 24 10 ffffff8c 29 48 49 61 ffffffa2 6a 1e 24 ffffffa1 ffffffe7 | K: release slot-key-key@0x556c50750fd0 | K extracted len 16 bytes at 0x556c507505c0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298be60 | result: k1-key@0x556c50752b50 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x556c50752b50 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298be48 | result: k1-key@0x556c50751260 (16-bytes, AES_ECB) | k1: release tmp-key@0x556c50752b50 | XCBC: Computing E[1] using K2 | XCBC: K2 bd 86 2f fb 97 ad 2f b8 f8 b8 91 f6 03 2f 36 cb | XCBC: E[n-1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: M[n] 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: M[n]^E[n-1]^K2 | bd 87 2d f8 93 a8 29 bf f0 b1 9b fd 0f 22 38 c4 | XCBC: MAC d2 a2 46 fa 34 9b 68 a7 99 98 a4 39 4f f7 a2 63 | xcbc: release k1-key@0x556c50751260 | PRF chunk interface: release key-key@0x556c5074d280 | PRF chunk interface PRF aes_xcbc final-chunk@0x556c50750380 (length 16) | d2 a2 46 fa 34 9b 68 a7 99 98 a4 39 4f f7 a2 63 | chunk output d2 a2 46 fa 34 9b 68 a7 99 98 a4 39 4f f7 a2 63 | verify_chunk_data: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input: ok | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf70 | result: key symkey-key@0x556c50751260 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x556c50751260 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bf58 | result: key symkey-key@0x556c5074d280 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x556c50751260 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x556c5074d280 (size 16) | PRF symkey interface: key symkey-key@0x556c5074d280 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x556c5074d280 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bef8 | result: key symkey-key@0x556c50751260 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x556c507503c0 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf70 | result: message symkey-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bf58 | result: message symkey-key@0x556c50752b50 (16-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x556c5074eb00 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x556c50752b50 (size 16) | PRF symkey interface: symkey message-key@0x556c50752b50 (16-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 16 bytes of key@0x556c50752b50 | symkey message: symkey-key@0x556c50752b50 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x556c50750fd0 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)-1030177968: ffffff87 ffffffde ffffff83 24 10 ffffff8c 29 48 49 61 ffffffa2 6a 1e 24 ffffffa1 ffffffe7 | symkey message: release slot-key-key@0x556c50750fd0 | symkey message extracted len 16 bytes at 0x556c507503a0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | K extracting all 16 bytes of key@0x556c50751260 | K: symkey-key@0x556c50751260 (16-bytes, AES_ECB) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x556c50750fd0 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: ffffff87 ffffffde ffffff83 24 10 ffffff8c 29 48 49 61 ffffffa2 6a 1e 24 ffffffa1 ffffffe7 | K: release slot-key-key@0x556c50750fd0 | K extracted len 16 bytes at 0x556c50751060 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298be80 | result: k1-key@0x556c507543d0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x556c507543d0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298be68 | result: k1-key@0x556c5074eb00 (16-bytes, AES_ECB) | k1: release tmp-key@0x556c507543d0 | XCBC: Computing E[1] using K2 | XCBC: K2 bd 86 2f fb 97 ad 2f b8 f8 b8 91 f6 03 2f 36 cb | XCBC: E[n-1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: M[n] 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: M[n]^E[n-1]^K2 | bd 87 2d f8 93 a8 29 bf f0 b1 9b fd 0f 22 38 c4 | XCBC: MAC d2 a2 46 fa 34 9b 68 a7 99 98 a4 39 4f f7 a2 63 | xcbc: release k1-key@0x556c5074eb00 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf10 | result: xcbc-key@0x556c507543d0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x556c507543d0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bef8 | result: xcbc-key@0x556c5074eb00 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x556c507543d0 | PRF symkey interface: release key-key@0x556c50751260 | PRF symkey interface PRF aes_xcbc final-key@0x556c5074eb00 (size 16) | PRF symkey interface: key-key@0x556c5074eb00 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x556c5074eb00 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input extracting all 16 bytes of key@0x556c5074eb00 | RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input: symkey-key@0x556c5074eb00 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input: new slot-key@0x556c50750fd0 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1333043673: ffffffad ffffffbc ffffff94 4c ffffffa7 4a ffffff9c ffffffba 1e ffffffb5 ffffffd3 74 2b 76 ffffff88 ffffff87 | RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input: release slot-key-key@0x556c50750fd0 | RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input extracted len 16 bytes at 0x556c50751060 | unwrapped: d2 a2 46 fa 34 9b 68 a7 99 98 a4 39 4f f7 a2 63 | verify_chunk_data: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input: ok | test_prf_vector: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input passed | test_prf_vector: release symkey-key@0x556c5074eb00 | test_prf_vector: release message-key@0x556c50752b50 | test_prf_vector: release key-key@0x556c5074d280 | test_prf_vector: release output-key@NULL RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f10111213" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | decode_to_chunk: test_prf_vector: input "0x47f51b4564966215b8985c63055ed308" | decode_to_chunk: output: | 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | PRF chunk interface PRF aes_xcbc init key-chunk@0x556c507503a0 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf00 | result: key-key@0x556c50752b50 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x556c50752b50 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bee8 | result: key-key@0x556c5074d280 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x556c50752b50 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x556c5074d280 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bec8 | result: key-key@0x556c50752b50 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x556c5074d280 | PRF chunk interface PRF aes_xcbc crypt-prf@0x556c507505c0 | PRF chunk interface PRF aes_xcbc update message-bytes@0x556c50751060 (length 20) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x556c50752b50 | K: symkey-key@0x556c50752b50 (16-bytes, AES_ECB) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x556c50750fd0 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540618784: ffffff87 ffffffde ffffff83 24 10 ffffff8c 29 48 49 61 ffffffa2 6a 1e 24 ffffffa1 ffffffe7 | K: release slot-key-key@0x556c50750fd0 | K extracted len 16 bytes at 0x556c507507d0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298be60 | result: k1-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298be48 | result: k1-key@0x556c5074d280 (16-bytes, AES_ECB) | k1: release tmp-key@0x556c5074eb00 | Computing E[2] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 1d 04 48 fa cf 4d 9c 6f 55 b9 93 da 09 80 3d b3 | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | cc b2 f1 48 ed 77 08 69 0d be 33 56 c1 6e ed dd | XCBC: MAC 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | xcbc: release k1-key@0x556c5074d280 | PRF chunk interface: release key-key@0x556c50752b50 | PRF chunk interface PRF aes_xcbc final-chunk@0x556c50750670 (length 16) | 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | chunk output 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | verify_chunk_data: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input: ok | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf70 | result: key symkey-key@0x556c5074d280 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x556c5074d280 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bf58 | result: key symkey-key@0x556c50752b50 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x556c5074d280 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x556c50752b50 (size 16) | PRF symkey interface: key symkey-key@0x556c50752b50 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x556c50752b50 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bef8 | result: key symkey-key@0x556c5074d280 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x556c507505a0 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf70 | result: message symkey-key@0x556c50751260 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c50751260 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bf58 | result: message symkey-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x556c50751260 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x556c5074eb00 (size 20) | PRF symkey interface: symkey message-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 20 bytes of key@0x556c5074eb00 | symkey message: symkey-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1030177968: ffffff87 ffffffde ffffff83 24 10 ffffff8c 29 48 49 61 ffffffa2 6a 1e 24 ffffffa1 ffffffe7 ffffffd9 3b ffffffc6 77 12 ffffffc0 79 61 ffffff89 76 76 ffffffd3 14 4e ffffff91 21 | symkey message: release slot-key-key@0x556c50750fd0 | symkey message extracted len 32 bytes at 0x556c50750c30 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: 10 11 12 13 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x556c5074d280 | K: symkey-key@0x556c5074d280 (16-bytes, AES_ECB) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x556c50750fd0 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: ffffff87 ffffffde ffffff83 24 10 ffffff8c 29 48 49 61 ffffffa2 6a 1e 24 ffffffa1 ffffffe7 | K: release slot-key-key@0x556c50750fd0 | K extracted len 16 bytes at 0x556c5074ba50 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298be80 | result: k1-key@0x556c507543d0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x556c507543d0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298be68 | result: k1-key@0x556c50751260 (16-bytes, AES_ECB) | k1: release tmp-key@0x556c507543d0 | Computing E[2] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 1d 04 48 fa cf 4d 9c 6f 55 b9 93 da 09 80 3d b3 | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | cc b2 f1 48 ed 77 08 69 0d be 33 56 c1 6e ed dd | XCBC: MAC 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | xcbc: release k1-key@0x556c50751260 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf10 | result: xcbc-key@0x556c507543d0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x556c507543d0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bef8 | result: xcbc-key@0x556c50751260 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x556c507543d0 | PRF symkey interface: release key-key@0x556c5074d280 | PRF symkey interface PRF aes_xcbc final-key@0x556c50751260 (size 16) | PRF symkey interface: key-key@0x556c50751260 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x556c50751260 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input extracting all 16 bytes of key@0x556c50751260 | RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input: symkey-key@0x556c50751260 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input: new slot-key@0x556c50750fd0 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1333043673: 62 ffffffb8 1c ffffff88 48 77 ffffffc3 79 4a ffffff8e 47 ffffffa8 ffffffd4 2c 7e 35 | RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input: release slot-key-key@0x556c50750fd0 | RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input extracted len 16 bytes at 0x556c5074ba50 | unwrapped: 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | verify_chunk_data: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input: ok | test_prf_vector: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input passed | test_prf_vector: release symkey-key@0x556c50751260 | test_prf_vector: release message-key@0x556c5074eb00 | test_prf_vector: release key-key@0x556c50752b50 | test_prf_vector: release output-key@NULL RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | decode_to_chunk: test_prf_vector: input "0xf54f0ec8d2b9f3d36807734bd5283fd4" | decode_to_chunk: output: | f5 4f 0e c8 d2 b9 f3 d3 68 07 73 4b d5 28 3f d4 | PRF chunk interface PRF aes_xcbc init key-chunk@0x556c507507d0 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf00 | result: key-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bee8 | result: key-key@0x556c50752b50 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x556c5074eb00 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x556c50752b50 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bec8 | result: key-key@0x556c5074eb00 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x556c50752b50 | PRF chunk interface PRF aes_xcbc crypt-prf@0x556c5074bc10 | PRF chunk interface PRF aes_xcbc update message-bytes@0x556c5074bce0 (length 32) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | K extracting all 16 bytes of key@0x556c5074eb00 | K: symkey-key@0x556c5074eb00 (16-bytes, AES_ECB) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x556c50750fd0 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540619040: ffffff87 ffffffde ffffff83 24 10 ffffff8c 29 48 49 61 ffffffa2 6a 1e 24 ffffffa1 ffffffe7 | K: release slot-key-key@0x556c50750fd0 | K extracted len 16 bytes at 0x556c5074bb40 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298be60 | result: k1-key@0x556c50751260 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x556c50751260 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298be48 | result: k1-key@0x556c50752b50 (16-bytes, AES_ECB) | k1: release tmp-key@0x556c50751260 | XCBC: Computing E[2] using K2 | XCBC: K2 bd 86 2f fb 97 ad 2f b8 f8 b8 91 f6 03 2f 36 cb | XCBC: E[n-1] 1d 04 48 fa cf 4d 9c 6f 55 b9 93 da 09 80 3d b3 | XCBC: M[n] 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | XCBC: M[n]^E[n-1]^K2 | b0 93 75 12 4c f5 a5 c0 b5 18 18 37 16 b2 15 67 | XCBC: MAC f5 4f 0e c8 d2 b9 f3 d3 68 07 73 4b d5 28 3f d4 | xcbc: release k1-key@0x556c50752b50 | PRF chunk interface: release key-key@0x556c5074eb00 | PRF chunk interface PRF aes_xcbc final-chunk@0x556c507512f0 (length 16) | f5 4f 0e c8 d2 b9 f3 d3 68 07 73 4b d5 28 3f d4 | chunk output f5 4f 0e c8 d2 b9 f3 d3 68 07 73 4b d5 28 3f d4 | verify_chunk_data: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input: ok | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf70 | result: key symkey-key@0x556c50752b50 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x556c50752b50 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bf58 | result: key symkey-key@0x556c5074eb00 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x556c50752b50 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x556c5074eb00 (size 16) | PRF symkey interface: key symkey-key@0x556c5074eb00 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x556c5074eb00 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bef8 | result: key symkey-key@0x556c50752b50 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x556c507503c0 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf70 | result: message symkey-key@0x556c5074d280 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x556c5074d280 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bf58 | result: message symkey-key@0x556c50751260 (32-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x556c5074d280 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x556c50751260 (size 32) | PRF symkey interface: symkey message-key@0x556c50751260 (32-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 32 bytes of key@0x556c50751260 | symkey message: symkey-key@0x556c50751260 (32-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x556c50750fd0 (32-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1030177968: ffffff87 ffffffde ffffff83 24 10 ffffff8c 29 48 49 61 ffffffa2 6a 1e 24 ffffffa1 ffffffe7 fffffffd 52 3a ffffffbd ffffff96 3e 45 ffffffa9 ffffffe4 7f ffffff8a ffffffa7 08 ffffffbe 78 0f | symkey message: release slot-key-key@0x556c50750fd0 | symkey message extracted len 32 bytes at 0x556c50751080 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | K extracting all 16 bytes of key@0x556c50752b50 | K: symkey-key@0x556c50752b50 (16-bytes, AES_ECB) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x556c50750fd0 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: ffffff87 ffffffde ffffff83 24 10 ffffff8c 29 48 49 61 ffffffa2 6a 1e 24 ffffffa1 ffffffe7 | K: release slot-key-key@0x556c50750fd0 | K extracted len 16 bytes at 0x556c50751060 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298be80 | result: k1-key@0x556c507543d0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x556c507543d0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298be68 | result: k1-key@0x556c5074d280 (16-bytes, AES_ECB) | k1: release tmp-key@0x556c507543d0 | XCBC: Computing E[2] using K2 | XCBC: K2 bd 86 2f fb 97 ad 2f b8 f8 b8 91 f6 03 2f 36 cb | XCBC: E[n-1] 1d 04 48 fa cf 4d 9c 6f 55 b9 93 da 09 80 3d b3 | XCBC: M[n] 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | XCBC: M[n]^E[n-1]^K2 | b0 93 75 12 4c f5 a5 c0 b5 18 18 37 16 b2 15 67 | XCBC: MAC f5 4f 0e c8 d2 b9 f3 d3 68 07 73 4b d5 28 3f d4 | xcbc: release k1-key@0x556c5074d280 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf10 | result: xcbc-key@0x556c507543d0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x556c507543d0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bef8 | result: xcbc-key@0x556c5074d280 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x556c507543d0 | PRF symkey interface: release key-key@0x556c50752b50 | PRF symkey interface PRF aes_xcbc final-key@0x556c5074d280 (size 16) | PRF symkey interface: key-key@0x556c5074d280 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x556c5074d280 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input extracting all 16 bytes of key@0x556c5074d280 | RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input: symkey-key@0x556c5074d280 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input: new slot-key@0x556c50750fd0 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1333043673: 19 ffffffc0 57 19 6c 4f ffffffa6 10 ffffffbb ffffffee ffffffb1 ffffff95 18 2d ffffffdb 66 | RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input: release slot-key-key@0x556c50750fd0 | RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input extracted len 16 bytes at 0x556c50751060 | unwrapped: f5 4f 0e c8 d2 b9 f3 d3 68 07 73 4b d5 28 3f d4 | verify_chunk_data: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input: ok | test_prf_vector: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input passed | test_prf_vector: release symkey-key@0x556c5074d280 | test_prf_vector: release message-key@0x556c50751260 | test_prf_vector: release key-key@0x556c5074eb00 | test_prf_vector: release output-key@NULL RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f2021" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 | decode_to_chunk: test_prf_vector: input "0xbecbb3bccdb518a30677d5481fb6b4d8" | decode_to_chunk: output: | be cb b3 bc cd b5 18 a3 06 77 d5 48 1f b6 b4 d8 | PRF chunk interface PRF aes_xcbc init key-chunk@0x556c507503c0 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf00 | result: key-key@0x556c50751260 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x556c50751260 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bee8 | result: key-key@0x556c5074eb00 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x556c50751260 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x556c5074eb00 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bec8 | result: key-key@0x556c50751260 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x556c5074eb00 | PRF chunk interface PRF aes_xcbc crypt-prf@0x556c5074bb40 | PRF chunk interface PRF aes_xcbc update message-bytes@0x556c5074bd10 (length 34) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | 20 21 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | XCBC: data 20 21 | K extracting all 16 bytes of key@0x556c50751260 | K: symkey-key@0x556c50751260 (16-bytes, AES_ECB) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x556c50750fd0 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540619040: ffffff87 ffffffde ffffff83 24 10 ffffff8c 29 48 49 61 ffffffa2 6a 1e 24 ffffffa1 ffffffe7 | K: release slot-key-key@0x556c50750fd0 | K extracted len 16 bytes at 0x556c5074ba50 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298be60 | result: k1-key@0x556c5074d280 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x556c5074d280 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298be48 | result: k1-key@0x556c5074eb00 (16-bytes, AES_ECB) | k1: release tmp-key@0x556c5074d280 | Computing E[3] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 09 02 5e 5a 67 25 20 72 44 14 5c 6b 80 66 85 79 | XCBC: M[n] 20 21 | XCBC: M[n] 20 21 | XCBC: M[n]:80...^E[n-1]^K3 | e8 84 75 fb c5 1f b4 74 1c 13 fc e7 48 88 55 17 | XCBC: MAC be cb b3 bc cd b5 18 a3 06 77 d5 48 1f b6 b4 d8 | xcbc: release k1-key@0x556c5074eb00 | PRF chunk interface: release key-key@0x556c50751260 | PRF chunk interface PRF aes_xcbc final-chunk@0x556c507505a0 (length 16) | be cb b3 bc cd b5 18 a3 06 77 d5 48 1f b6 b4 d8 | chunk output be cb b3 bc cd b5 18 a3 06 77 d5 48 1f b6 b4 d8 | verify_chunk_data: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input: ok | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf70 | result: key symkey-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bf58 | result: key symkey-key@0x556c50751260 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x556c5074eb00 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x556c50751260 (size 16) | PRF symkey interface: key symkey-key@0x556c50751260 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x556c50751260 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bef8 | result: key symkey-key@0x556c5074eb00 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x556c507505c0 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf70 | result: message symkey-key@0x556c50752b50 (50-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 34 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 34-bytes | base: base-key@0x556c50752b50 (50-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bf58 | result: message symkey-key@0x556c5074d280 (34-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x556c50752b50 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x556c5074d280 (size 34) | PRF symkey interface: symkey message-key@0x556c5074d280 (34-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 34 bytes of key@0x556c5074d280 | symkey message: symkey-key@0x556c5074d280 (34-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x556c50750fd0 (34-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)-1030177968: ffffff87 ffffffde ffffff83 24 10 ffffff8c 29 48 49 61 ffffffa2 6a 1e 24 ffffffa1 ffffffe7 fffffffd 52 3a ffffffbd ffffff96 3e 45 ffffffa9 ffffffe4 7f ffffff8a ffffffa7 08 ffffffbe 78 0f ffffffcc ffffffb2 5e 3b 03 ffffffc7 ffffffd0 ffffffe5 ffffff84 22 ffffffdb ffffff80 0f 10 ffffffe4 6f | symkey message: release slot-key-key@0x556c50750fd0 | symkey message extracted len 48 bytes at 0x556c507505e0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | unwrapped: 20 21 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f | XCBC: data 20 21 | K extracting all 16 bytes of key@0x556c5074eb00 | K: symkey-key@0x556c5074eb00 (16-bytes, AES_ECB) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x556c50750fd0 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: ffffff87 ffffffde ffffff83 24 10 ffffff8c 29 48 49 61 ffffffa2 6a 1e 24 ffffffa1 ffffffe7 | K: release slot-key-key@0x556c50750fd0 | K extracted len 16 bytes at 0x556c5074bc10 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298be80 | result: k1-key@0x556c507543d0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x556c507543d0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298be68 | result: k1-key@0x556c50752b50 (16-bytes, AES_ECB) | k1: release tmp-key@0x556c507543d0 | Computing E[3] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 09 02 5e 5a 67 25 20 72 44 14 5c 6b 80 66 85 79 | XCBC: M[n] 20 21 | XCBC: M[n] 20 21 | XCBC: M[n]:80...^E[n-1]^K3 | e8 84 75 fb c5 1f b4 74 1c 13 fc e7 48 88 55 17 | XCBC: MAC be cb b3 bc cd b5 18 a3 06 77 d5 48 1f b6 b4 d8 | xcbc: release k1-key@0x556c50752b50 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf10 | result: xcbc-key@0x556c507543d0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x556c507543d0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bef8 | result: xcbc-key@0x556c50752b50 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x556c507543d0 | PRF symkey interface: release key-key@0x556c5074eb00 | PRF symkey interface PRF aes_xcbc final-key@0x556c50752b50 (size 16) | PRF symkey interface: key-key@0x556c50752b50 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x556c50752b50 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input extracting all 16 bytes of key@0x556c50752b50 | RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input: symkey-key@0x556c50752b50 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input: new slot-key@0x556c50750fd0 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1333043673: ffffffb7 57 fffffffd ffffff94 7c ffffffeb 6d fffffff5 2b ffffff92 ffffffd8 ffffffa5 50 ffffff9a ffffffc2 79 | RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input: release slot-key-key@0x556c50750fd0 | RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input extracted len 16 bytes at 0x556c5074bc10 | unwrapped: be cb b3 bc cd b5 18 a3 06 77 d5 48 1f b6 b4 d8 | verify_chunk_data: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input: ok | test_prf_vector: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input passed | test_prf_vector: release symkey-key@0x556c50752b50 | test_prf_vector: release message-key@0x556c5074d280 | test_prf_vector: release key-key@0x556c50751260 | test_prf_vector: release output-key@NULL RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0xf0dafee895db30253761103b5d84528f" | decode_to_chunk: output: | f0 da fe e8 95 db 30 25 37 61 10 3b 5d 84 52 8f | PRF chunk interface PRF aes_xcbc init key-chunk@0x556c507505c0 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf00 | result: key-key@0x556c5074d280 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x556c5074d280 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bee8 | result: key-key@0x556c50751260 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x556c5074d280 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x556c50751260 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bec8 | result: key-key@0x556c5074d280 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x556c50751260 | PRF chunk interface PRF aes_xcbc crypt-prf@0x556c5074ba50 | PRF chunk interface PRF aes_xcbc update message-bytes@0x556c50755c50 (length 1000) | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 | K extracting all 16 bytes of key@0x556c5074d280 | K: symkey-key@0x556c5074d280 (16-bytes, AES_ECB) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x556c50750fd0 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540028960: ffffff87 ffffffde ffffff83 24 10 ffffff8c 29 48 49 61 ffffffa2 6a 1e 24 ffffffa1 ffffffe7 | K: release slot-key-key@0x556c50750fd0 | K extracted len 16 bytes at 0x556c50751060 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298be60 | result: k1-key@0x556c50752b50 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x556c50752b50 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298be48 | result: k1-key@0x556c50751260 (16-bytes, AES_ECB) | k1: release tmp-key@0x556c50752b50 | Computing E[63] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 5c 88 af cc 1e 1e 83 fc c4 2c 0c e4 12 12 f5 17 | XCBC: M[n] 00 00 00 00 00 00 00 00 | XCBC: M[n] 00 00 00 00 00 00 00 00 | XCBC: M[n]:80...^E[n-1]^K3 | 9d 2f 04 6d bc 24 17 fa 1c 2b ac 68 da fc 25 79 | XCBC: MAC f0 da fe e8 95 db 30 25 37 61 10 3b 5d 84 52 8f | xcbc: release k1-key@0x556c50751260 | PRF chunk interface: release key-key@0x556c5074d280 | PRF chunk interface PRF aes_xcbc final-chunk@0x556c50750670 (length 16) | f0 da fe e8 95 db 30 25 37 61 10 3b 5d 84 52 8f | chunk output f0 da fe e8 95 db 30 25 37 61 10 3b 5d 84 52 8f | verify_chunk_data: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input: ok | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf70 | result: key symkey-key@0x556c50751260 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x556c50751260 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bf58 | result: key symkey-key@0x556c5074d280 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x556c50751260 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x556c5074d280 (size 16) | PRF symkey interface: key symkey-key@0x556c5074d280 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x556c5074d280 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bef8 | result: key symkey-key@0x556c50751260 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x556c50750380 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf70 | result: message symkey-key@0x556c5074eb00 (1016-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 1000 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 1000-bytes | base: base-key@0x556c5074eb00 (1016-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bf58 | result: message symkey-key@0x556c50752b50 (1000-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x556c5074eb00 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x556c50752b50 (size 1000) | PRF symkey interface: symkey message-key@0x556c50752b50 (1000-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 1000 bytes of key@0x556c50752b50 | symkey message: symkey-key@0x556c50752b50 (1000-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x556c50750fd0 (1000-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 1008 | wrapper: (SECItemType)-1030177968: 5c ffffff93 67 70 71 ffffffb3 ffffff82 ffffffb3 21 ffffffde 38 63 3b 65 28 69 5c ffffff93 67 70 71 ffffffb3 ffffff82 ffffffb3 21 ffffffde 38 63 3b 65 28 69 5c ffffff93 67 70 71 ffffffb3 ffffff82 ffffffb3 21 ffffffde 38 63 3b 65 28 69 5c ffffff93 67 70 71 ffffffb3 ffffff82 ffffffb3 21 ffffffde 38 63 3b 65 28 69 5c ffffff93 67 70 71 ffffffb3 ffffff82 ffffffb3 21 ffffffde 38 63 3b 65 28 69 5c ffffff93 67 70 71 ffffffb3 ffffff82 ffffffb3 21 ffffffde 38 63 3b 65 28 69 5c ffffff93 67 70 71 ffffffb3 ffffff82 ffffffb3 21 ffffffde 38 63 3b 65 28 69 5c ffffff93 67 70 71 ffffffb3 ffffff82 ffffffb3 21 ffffffde 38 63 3b 65 28 69 5c ffffff93 67 70 71 ffffffb3 ffffff82 ffffffb3 21 ffffffde 38 63 3b 65 28 69 5c ffffff93 67 70 71 ffffffb3 ffffff82 ffffffb3 21 ffffffde 38 63 3b 65 28 69 5c ffffff93 67 70 71 ffffffb3 ffffff82 ffffffb3 21 ffffffde 38 63 3b 65 28 69 5c ffffff93 67 70 71 ffffffb3 ffffff82 ffffffb3 21 ffffffde 38 63 3b 65 28 69 | symkey message: release slot-key-key@0x556c50750fd0 | symkey message extracted len 1008 bytes at 0x556c50757a00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 00 00 00 00 00 00 00 | K extracting all 16 bytes of key@0x556c50751260 | K: symkey-key@0x556c50751260 (16-bytes, AES_ECB) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x556c50750fd0 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: ffffff87 ffffffde ffffff83 24 10 ffffff8c 29 48 49 61 ffffffa2 6a 1e 24 ffffffa1 ffffffe7 | K: release slot-key-key@0x556c50750fd0 | K extracted len 16 bytes at 0x556c5074bb40 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298be80 | result: k1-key@0x556c507543d0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x556c507543d0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298be68 | result: k1-key@0x556c5074eb00 (16-bytes, AES_ECB) | k1: release tmp-key@0x556c507543d0 | Computing E[63] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 5c 88 af cc 1e 1e 83 fc c4 2c 0c e4 12 12 f5 17 | XCBC: M[n] 00 00 00 00 00 00 00 00 | XCBC: M[n] 00 00 00 00 00 00 00 00 | XCBC: M[n]:80...^E[n-1]^K3 | 9d 2f 04 6d bc 24 17 fa 1c 2b ac 68 da fc 25 79 | XCBC: MAC f0 da fe e8 95 db 30 25 37 61 10 3b 5d 84 52 8f | xcbc: release k1-key@0x556c5074eb00 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf10 | result: xcbc-key@0x556c507543d0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x556c507543d0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bef8 | result: xcbc-key@0x556c5074eb00 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x556c507543d0 | PRF symkey interface: release key-key@0x556c50751260 | PRF symkey interface PRF aes_xcbc final-key@0x556c5074eb00 (size 16) | PRF symkey interface: key-key@0x556c5074eb00 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x556c5074eb00 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input extracting all 16 bytes of key@0x556c5074eb00 | RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input: symkey-key@0x556c5074eb00 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input: new slot-key@0x556c50750fd0 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1333043673: 38 ffffffd2 55 20 ffffffeb 27 ffffffef 3e ffffffbe 34 ffffffbe 26 16 6b 3b ffffff95 | RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input: release slot-key-key@0x556c50750fd0 | RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input extracted len 16 bytes at 0x556c5074bb40 | unwrapped: f0 da fe e8 95 db 30 25 37 61 10 3b 5d 84 52 8f | verify_chunk_data: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input: ok | test_prf_vector: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input passed | test_prf_vector: release symkey-key@0x556c5074eb00 | test_prf_vector: release message-key@0x556c50752b50 | test_prf_vector: release key-key@0x556c5074d280 | test_prf_vector: release output-key@NULL RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f10111213" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | decode_to_chunk: test_prf_vector: input "0x47f51b4564966215b8985c63055ed308" | decode_to_chunk: output: | 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | PRF chunk interface PRF aes_xcbc init key-chunk@0x556c50750380 (length 16) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf00 | result: key-key@0x556c50752b50 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x556c50752b50 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bee8 | result: key-key@0x556c5074d280 (16-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x556c50752b50 | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x556c5074d280 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bec8 | result: key-key@0x556c50752b50 (16-bytes, AES_ECB) | PRF chunk interface: release clone-key@0x556c5074d280 | PRF chunk interface PRF aes_xcbc crypt-prf@0x556c507503a0 | PRF chunk interface PRF aes_xcbc update message-bytes@0x556c5074bb40 (length 20) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x556c50752b50 | K: symkey-key@0x556c50752b50 (16-bytes, AES_ECB) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x556c50750fd0 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540618784: ffffff87 ffffffde ffffff83 24 10 ffffff8c 29 48 49 61 ffffffa2 6a 1e 24 ffffffa1 ffffffe7 | K: release slot-key-key@0x556c50750fd0 | K extracted len 16 bytes at 0x556c50750620 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298be60 | result: k1-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298be48 | result: k1-key@0x556c5074d280 (16-bytes, AES_ECB) | k1: release tmp-key@0x556c5074eb00 | Computing E[2] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 1d 04 48 fa cf 4d 9c 6f 55 b9 93 da 09 80 3d b3 | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | cc b2 f1 48 ed 77 08 69 0d be 33 56 c1 6e ed dd | XCBC: MAC 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | xcbc: release k1-key@0x556c5074d280 | PRF chunk interface: release key-key@0x556c50752b50 | PRF chunk interface PRF aes_xcbc final-chunk@0x556c507507d0 (length 16) | 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | chunk output 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | verify_chunk_data: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16): ok | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf70 | result: key symkey-key@0x556c5074d280 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x556c5074d280 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bf58 | result: key symkey-key@0x556c50752b50 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x556c5074d280 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x556c50752b50 (size 16) | PRF symkey interface: key symkey-key@0x556c50752b50 (16-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 16=16 just right | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x556c50752b50 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bef8 | result: key symkey-key@0x556c5074d280 (16-bytes, AES_ECB) | PRF symkey interface PRF aes_xcbc crypt-prf@0x556c507505a0 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf70 | result: message symkey-key@0x556c50751260 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c50751260 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bf58 | result: message symkey-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x556c50751260 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x556c5074eb00 (size 20) | PRF symkey interface: symkey message-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 20 bytes of key@0x556c5074eb00 | symkey message: symkey-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1030177968: ffffff87 ffffffde ffffff83 24 10 ffffff8c 29 48 49 61 ffffffa2 6a 1e 24 ffffffa1 ffffffe7 ffffffd9 3b ffffffc6 77 12 ffffffc0 79 61 ffffff89 76 76 ffffffd3 14 4e ffffff91 21 | symkey message: release slot-key-key@0x556c50750fd0 | symkey message extracted len 32 bytes at 0x556c507510b0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: 10 11 12 13 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x556c5074d280 | K: symkey-key@0x556c5074d280 (16-bytes, AES_ECB) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x556c50750fd0 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: ffffff87 ffffffde ffffff83 24 10 ffffff8c 29 48 49 61 ffffffa2 6a 1e 24 ffffffa1 ffffffe7 | K: release slot-key-key@0x556c50750fd0 | K extracted len 16 bytes at 0x556c50750670 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: K1 c3 52 80 57 54 23 7f 31 1a c0 ff f4 e3 e0 3e 78 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298be80 | result: k1-key@0x556c507543d0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x556c507543d0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298be68 | result: k1-key@0x556c50751260 (16-bytes, AES_ECB) | k1: release tmp-key@0x556c507543d0 | Computing E[2] using K3 | XCBC: K3 c1 a7 ab a1 a2 3a 94 06 58 07 a0 8c c8 ee d0 6e | XCBC: E[n-1] 1d 04 48 fa cf 4d 9c 6f 55 b9 93 da 09 80 3d b3 | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | cc b2 f1 48 ed 77 08 69 0d be 33 56 c1 6e ed dd | XCBC: MAC 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | xcbc: release k1-key@0x556c50751260 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf10 | result: xcbc-key@0x556c507543d0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x556c507543d0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bef8 | result: xcbc-key@0x556c50751260 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x556c507543d0 | PRF symkey interface: release key-key@0x556c5074d280 | PRF symkey interface PRF aes_xcbc final-key@0x556c50751260 (size 16) | PRF symkey interface: key-key@0x556c50751260 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x556c50751260 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) extracting all 16 bytes of key@0x556c50751260 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16): symkey-key@0x556c50751260 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16): new slot-key@0x556c50750fd0 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1333043673: 62 ffffffb8 1c ffffff88 48 77 ffffffc3 79 4a ffffff8e 47 ffffffa8 ffffffd4 2c 7e 35 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16): release slot-key-key@0x556c50750fd0 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) extracted len 16 bytes at 0x556c507507d0 | unwrapped: 47 f5 1b 45 64 96 62 15 b8 98 5c 63 05 5e d3 08 | verify_chunk_data: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16): ok | test_prf_vector: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) passed | test_prf_vector: release symkey-key@0x556c50751260 | test_prf_vector: release message-key@0x556c5074eb00 | test_prf_vector: release key-key@0x556c50752b50 | test_prf_vector: release output-key@NULL RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) | decode_to_chunk: test_prf_vector: input "0x00010203040506070809" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f10111213" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | decode_to_chunk: test_prf_vector: input "0x0fa087af7d866e7653434e602fdde835" | decode_to_chunk: output: | 0f a0 87 af 7d 86 6e 76 53 43 4e 60 2f dd e8 35 | PRF chunk interface PRF aes_xcbc init key-chunk@0x556c50750620 (length 10) | 00 01 02 03 04 05 06 07 08 09 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf00 | result: key-key@0x556c5074eb00 (26-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 10 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 10-bytes | base: base-key@0x556c5074eb00 (26-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bee8 | result: key-key@0x556c50752b50 (10-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x556c5074eb00 | XCBC: Key 10<16 too small, padding with zeros | xcbc: reference tmp-key@0x556c50752b50 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c50752b50 (10-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffdc298bea0 | result: tmp+=0-key@0x556c5074eb00 (16-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x556c50752b50 | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x556c5074eb00 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bec8 | result: PRF chunk interface-key@0x556c50751260 (16-bytes, AES_ECB) | PRF chunk interface: release tmp-key@0x556c5074eb00 | PRF chunk interface: release clone-key@0x556c50752b50 | PRF chunk interface PRF aes_xcbc crypt-prf@0x556c5074ba50 | PRF chunk interface PRF aes_xcbc update message-bytes@0x556c507507d0 (length 20) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x556c50751260 | K: symkey-key@0x556c50751260 (16-bytes, AES_ECB) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x556c50750fd0 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540618784: fffffff1 59 ffffff92 73 71 2a ffffffaa ffffffe9 7a 3d 75 20 ffffff90 ffffff9b 54 ffffffa7 | K: release slot-key-key@0x556c50750fd0 | K extracted len 16 bytes at 0x556c507505a0 | unwrapped: 00 01 02 03 04 05 06 07 08 09 00 00 00 00 00 00 | XCBC: K: 00 01 02 03 04 05 06 07 08 09 00 00 00 00 00 00 | XCBC: K1 50 ca b2 4d 03 34 45 5e 40 7b 25 0f dd 7c f8 d5 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298be60 | result: k1-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298be48 | result: k1-key@0x556c50752b50 (16-bytes, AES_ECB) | k1: release tmp-key@0x556c5074eb00 | Computing E[2] using K3 | XCBC: K3 8e f7 48 db 56 f1 f7 26 24 72 f2 c5 63 b0 3f 88 | XCBC: E[n-1] fe 1f 63 e9 65 1a 4b bb 3c cc cd 0d cc 83 e4 30 | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | 60 f9 39 21 b3 eb bc 9d 18 be 3f c8 af 33 db b8 | XCBC: MAC 0f a0 87 af 7d 86 6e 76 53 43 4e 60 2f dd e8 35 | xcbc: release k1-key@0x556c50752b50 | PRF chunk interface: release key-key@0x556c50751260 | PRF chunk interface PRF aes_xcbc final-chunk@0x556c507503c0 (length 16) | 0f a0 87 af 7d 86 6e 76 53 43 4e 60 2f dd e8 35 | chunk output 0f a0 87 af 7d 86 6e 76 53 43 4e 60 2f dd e8 35 | verify_chunk_data: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10): ok | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf70 | result: key symkey-key@0x556c50752b50 (26-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 10 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 10-bytes | base: base-key@0x556c50752b50 (26-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bf58 | result: key symkey-key@0x556c50751260 (10-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x556c50752b50 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x556c50751260 (size 10) | PRF symkey interface: key symkey-key@0x556c50751260 (10-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 10<16 too small, padding with zeros | xcbc: reference tmp-key@0x556c50751260 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c50751260 (10-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffdc298bed0 | result: tmp+=0-key@0x556c50752b50 (16-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x556c50751260 | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x556c50752b50 (16-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bef8 | result: PRF symkey interface-key@0x556c5074eb00 (16-bytes, AES_ECB) | PRF symkey interface: release tmp-key@0x556c50752b50 | PRF symkey interface PRF aes_xcbc crypt-prf@0x556c50751060 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf70 | result: message symkey-key@0x556c5074d280 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c5074d280 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bf58 | result: message symkey-key@0x556c50752b50 (20-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x556c5074d280 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x556c50752b50 (size 20) | PRF symkey interface: symkey message-key@0x556c50752b50 (20-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 20 bytes of key@0x556c50752b50 | symkey message: symkey-key@0x556c50752b50 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1030177968: ffffff87 ffffffde ffffff83 24 10 ffffff8c 29 48 49 61 ffffffa2 6a 1e 24 ffffffa1 ffffffe7 ffffffd9 3b ffffffc6 77 12 ffffffc0 79 61 ffffff89 76 76 ffffffd3 14 4e ffffff91 21 | symkey message: release slot-key-key@0x556c50750fd0 | symkey message extracted len 32 bytes at 0x556c50757e00 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: 10 11 12 13 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x556c5074eb00 | K: symkey-key@0x556c5074eb00 (16-bytes, AES_ECB) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x556c50750fd0 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: fffffff1 59 ffffff92 73 71 2a ffffffaa ffffffe9 7a 3d 75 20 ffffff90 ffffff9b 54 ffffffa7 | K: release slot-key-key@0x556c50750fd0 | K extracted len 16 bytes at 0x556c5074bc10 | unwrapped: 00 01 02 03 04 05 06 07 08 09 00 00 00 00 00 00 | XCBC: K: 00 01 02 03 04 05 06 07 08 09 00 00 00 00 00 00 | XCBC: K1 50 ca b2 4d 03 34 45 5e 40 7b 25 0f dd 7c f8 d5 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298be80 | result: k1-key@0x556c507543d0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x556c507543d0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298be68 | result: k1-key@0x556c5074d280 (16-bytes, AES_ECB) | k1: release tmp-key@0x556c507543d0 | Computing E[2] using K3 | XCBC: K3 8e f7 48 db 56 f1 f7 26 24 72 f2 c5 63 b0 3f 88 | XCBC: E[n-1] fe 1f 63 e9 65 1a 4b bb 3c cc cd 0d cc 83 e4 30 | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | 60 f9 39 21 b3 eb bc 9d 18 be 3f c8 af 33 db b8 | XCBC: MAC 0f a0 87 af 7d 86 6e 76 53 43 4e 60 2f dd e8 35 | xcbc: release k1-key@0x556c5074d280 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf10 | result: xcbc-key@0x556c507543d0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x556c507543d0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bef8 | result: xcbc-key@0x556c5074d280 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x556c507543d0 | PRF symkey interface: release key-key@0x556c5074eb00 | PRF symkey interface PRF aes_xcbc final-key@0x556c5074d280 (size 16) | PRF symkey interface: key-key@0x556c5074d280 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x556c5074d280 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) extracting all 16 bytes of key@0x556c5074d280 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10): symkey-key@0x556c5074d280 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10): new slot-key@0x556c50750fd0 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1333043673: ffffffd1 71 ffffffb5 4a 1f 37 ffffff93 ffffffa8 79 13 7b 19 4f 30 ffffff82 ffffffa4 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10): release slot-key-key@0x556c50750fd0 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) extracted len 16 bytes at 0x556c507503c0 | unwrapped: 0f a0 87 af 7d 86 6e 76 53 43 4e 60 2f dd e8 35 | verify_chunk_data: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10): ok | test_prf_vector: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) passed | test_prf_vector: release symkey-key@0x556c5074d280 | test_prf_vector: release message-key@0x556c50752b50 | test_prf_vector: release key-key@0x556c50751260 | test_prf_vector: release output-key@NULL RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0fedcb" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | ed cb | decode_to_chunk: test_prf_vector: input "0x000102030405060708090a0b0c0d0e0f10111213" | decode_to_chunk: output: | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | decode_to_chunk: test_prf_vector: input "0x8cd3c93ae598a9803006ffb67c40e9e4" | decode_to_chunk: output: | 8c d3 c9 3a e5 98 a9 80 30 06 ff b6 7c 40 e9 e4 | PRF chunk interface PRF aes_xcbc init key-chunk@0x556c507505a0 (length 18) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | ed cb | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf00 | result: key-key@0x556c50752b50 (34-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 18 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 18-bytes | base: base-key@0x556c50752b50 (34-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bee8 | result: key-key@0x556c50751260 (18-bytes, EXTRACT_KEY_FROM_KEY) | key: release tmp-key@0x556c50752b50 | XCBC: Key 18>16 too big, rehashing to size | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bea0 | result: key-key@0x556c5074d280 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x556c5074d280 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298be88 | result: key-key@0x556c50752b50 (16-bytes, AES_ECB) | key: release tmp-key@0x556c5074d280 | key extracting all 18 bytes of key@0x556c50751260 | key: symkey-key@0x556c50751260 (18-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | key: new slot-key@0x556c50750fd0 (18-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1701522796: ffffff87 ffffffde ffffff83 24 10 ffffff8c 29 48 49 61 ffffffa2 6a 1e 24 ffffffa1 ffffffe7 ffffffd8 59 10 fffffff3 fffffffc ffffffb8 14 ffffffda 47 03 7d 58 46 ffffffb0 4c ffffffa6 | key: release slot-key-key@0x556c50750fd0 | key extracted len 32 bytes at 0x556c50750c30 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: ed cb 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data ed cb | K extracting all 16 bytes of key@0x556c50752b50 | K: symkey-key@0x556c50752b50 (16-bytes, AES_ECB) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x556c50750fd0 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)808460336: 5c ffffff93 67 70 71 ffffffb3 ffffff82 ffffffb3 21 ffffffde 38 63 3b 65 28 69 | K: release slot-key-key@0x556c50750fd0 | K extracted len 16 bytes at 0x556c507505c0 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: K: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: K1 e1 4d 5d 0e e2 77 15 df 08 b4 15 2b a2 3d a8 e0 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298be20 | result: k1-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298be08 | result: k1-key@0x556c5074d280 (16-bytes, AES_ECB) | k1: release tmp-key@0x556c5074eb00 | Computing E[2] using K3 | XCBC: K3 8d 34 ef cb 3b d5 45 ca 06 2a ec df ef 7c 0b fa | XCBC: E[n-1] 0b 72 b2 ae 0a 37 79 81 75 6a d5 9c 79 c0 e6 96 | XCBC: M[n] ed cb | XCBC: M[n] ed cb | XCBC: M[n]:80...^E[n-1]^K3 | 6b 8d dd 65 31 e2 3c 4b 73 40 39 43 96 bc ed 6c | XCBC: MAC 5d 93 a5 3b 80 a3 e4 06 90 d2 4c ea e1 44 9c 0e | xcbc: release k1-key@0x556c5074d280 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bea0 | result: key-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298be88 | result: key-key@0x556c5074d280 (16-bytes, AES_ECB) | key: release tmp-key@0x556c5074eb00 | PRF chunk interface: release clone-key@0x556c50751260 | PRF chunk interface PRF aes_xcbc crypt-prf@0x556c5074ba50 | PRF chunk interface PRF aes_xcbc update message-bytes@0x556c507503c0 (length 20) | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | 10 11 12 13 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x556c5074d280 | K: symkey-key@0x556c5074d280 (16-bytes, AES_ECB) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x556c50750fd0 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)540618784: 5d ffffffda 32 ffffffb6 66 ffffff9d 4a ffffff8f fffffffa ffffffdc 52 ffffff84 ffffffbe ffffffb4 ffffffa6 ffffffd9 | K: release slot-key-key@0x556c50750fd0 | K extracted len 16 bytes at 0x556c50750670 | unwrapped: 5d 93 a5 3b 80 a3 e4 06 90 d2 4c ea e1 44 9c 0e | XCBC: K: 5d 93 a5 3b 80 a3 e4 06 90 d2 4c ea e1 44 9c 0e | XCBC: K1 27 f3 88 2f b7 b9 4b a4 16 36 09 d5 d2 39 c5 7f | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298be60 | result: k1-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298be48 | result: k1-key@0x556c50751260 (16-bytes, AES_ECB) | k1: release tmp-key@0x556c5074eb00 | Computing E[2] using K3 | XCBC: K3 50 9e d8 ae 74 5a 75 4c 93 4d 6c 91 98 fe e2 1b | XCBC: E[n-1] ec 26 f6 dd e8 bb 1b d1 ec 76 c4 91 78 37 ca 4b | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | ac a9 3c 60 1c e1 6e 9d 7f 3b a8 00 e0 c9 28 50 | XCBC: MAC 8c d3 c9 3a e5 98 a9 80 30 06 ff b6 7c 40 e9 e4 | xcbc: release k1-key@0x556c50751260 | PRF chunk interface: release key-key@0x556c5074d280 | PRF chunk interface PRF aes_xcbc final-chunk@0x556c50751060 (length 16) | 8c d3 c9 3a e5 98 a9 80 30 06 ff b6 7c 40 e9 e4 | chunk output 8c d3 c9 3a e5 98 a9 80 30 06 ff b6 7c 40 e9 e4 | verify_chunk_data: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18): ok | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf70 | result: key symkey-key@0x556c50751260 (34-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 18 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 18-bytes | base: base-key@0x556c50751260 (34-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bf58 | result: key symkey-key@0x556c5074d280 (18-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x556c50751260 | PRF symkey interface PRF aes_xcbc init key symkey-key@0x556c5074d280 (size 18) | PRF symkey interface: key symkey-key@0x556c5074d280 (18-bytes, EXTRACT_KEY_FROM_KEY) | XCBC: Key 18>16 too big, rehashing to size | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bed0 | result: key symkey-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298beb8 | result: key symkey-key@0x556c50751260 (16-bytes, AES_ECB) | key symkey: release tmp-key@0x556c5074eb00 | key symkey extracting all 18 bytes of key@0x556c5074d280 | key symkey: symkey-key@0x556c5074d280 (18-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | key symkey: new slot-key@0x556c50750fd0 (18-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1701522796: ffffff87 ffffffde ffffff83 24 10 ffffff8c 29 48 49 61 ffffffa2 6a 1e 24 ffffffa1 ffffffe7 ffffffd8 59 10 fffffff3 fffffffc ffffffb8 14 ffffffda 47 03 7d 58 46 ffffffb0 4c ffffffa6 | key symkey: release slot-key-key@0x556c50750fd0 | key symkey extracted len 32 bytes at 0x556c50750c30 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: ed cb 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data ed cb | K extracting all 16 bytes of key@0x556c50751260 | K: symkey-key@0x556c50751260 (16-bytes, AES_ECB) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x556c50750fd0 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)808460336: 5c ffffff93 67 70 71 ffffffb3 ffffff82 ffffffb3 21 ffffffde 38 63 3b 65 28 69 | K: release slot-key-key@0x556c50750fd0 | K extracted len 16 bytes at 0x556c5074bc10 | unwrapped: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: K: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: K1 e1 4d 5d 0e e2 77 15 df 08 b4 15 2b a2 3d a8 e0 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298be50 | result: k1-key@0x556c507543d0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x556c507543d0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298be38 | result: k1-key@0x556c5074eb00 (16-bytes, AES_ECB) | k1: release tmp-key@0x556c507543d0 | Computing E[2] using K3 | XCBC: K3 8d 34 ef cb 3b d5 45 ca 06 2a ec df ef 7c 0b fa | XCBC: E[n-1] 0b 72 b2 ae 0a 37 79 81 75 6a d5 9c 79 c0 e6 96 | XCBC: M[n] ed cb | XCBC: M[n] ed cb | XCBC: M[n]:80...^E[n-1]^K3 | 6b 8d dd 65 31 e2 3c 4b 73 40 39 43 96 bc ed 6c | XCBC: MAC 5d 93 a5 3b 80 a3 e4 06 90 d2 4c ea e1 44 9c 0e | xcbc: release k1-key@0x556c5074eb00 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bed0 | result: key symkey-key@0x556c507543d0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x556c507543d0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298beb8 | result: key symkey-key@0x556c5074eb00 (16-bytes, AES_ECB) | key symkey: release tmp-key@0x556c507543d0 | PRF symkey interface PRF aes_xcbc crypt-prf@0x556c507507d0 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf70 | result: message symkey-key@0x556c50757800 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c50757800 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bf58 | result: message symkey-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x556c50757800 | PRF symkey interface PRF aes_xcbc update symkey message-key@0x556c507543d0 (size 20) | PRF symkey interface: symkey message-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | symkey message extracting all 20 bytes of key@0x556c507543d0 | symkey message: symkey-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | symkey message: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1030177968: ffffff87 ffffffde ffffff83 24 10 ffffff8c 29 48 49 61 ffffffa2 6a 1e 24 ffffffa1 ffffffe7 ffffffd9 3b ffffffc6 77 12 ffffffc0 79 61 ffffff89 76 76 ffffffd3 14 4e ffffff91 21 | symkey message: release slot-key-key@0x556c50750fd0 | symkey message extracted len 32 bytes at 0x556c50750c30 | unwrapped: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | unwrapped: 10 11 12 13 00 00 00 00 00 00 00 00 00 00 00 00 | XCBC: data 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | XCBC: data 10 11 12 13 | K extracting all 16 bytes of key@0x556c5074eb00 | K: symkey-key@0x556c5074eb00 (16-bytes, AES_ECB) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | K: new slot-key@0x556c50750fd0 (16-bytes, AES_ECB) | sizeof bytes 16 | wrapper: (SECItemType)1920429685: 5d ffffffda 32 ffffffb6 66 ffffff9d 4a ffffff8f fffffffa ffffffdc 52 ffffff84 ffffffbe ffffffb4 ffffffa6 ffffffd9 | K: release slot-key-key@0x556c50750fd0 | K extracted len 16 bytes at 0x556c5074ba50 | unwrapped: 5d 93 a5 3b 80 a3 e4 06 90 d2 4c ea e1 44 9c 0e | XCBC: K: 5d 93 a5 3b 80 a3 e4 06 90 d2 4c ea e1 44 9c 0e | XCBC: K1 27 f3 88 2f b7 b9 4b a4 16 36 09 d5 d2 39 c5 7f | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298be80 | result: k1-key@0x556c507594c0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_ECB | flags: SIGN | key_size: 16-bytes | base: base-key@0x556c507594c0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298be68 | result: k1-key@0x556c50757800 (16-bytes, AES_ECB) | k1: release tmp-key@0x556c507594c0 | Computing E[2] using K3 | XCBC: K3 50 9e d8 ae 74 5a 75 4c 93 4d 6c 91 98 fe e2 1b | XCBC: E[n-1] ec 26 f6 dd e8 bb 1b d1 ec 76 c4 91 78 37 ca 4b | XCBC: M[n] 10 11 12 13 | XCBC: M[n] 10 11 12 13 | XCBC: M[n]:80...^E[n-1]^K3 | ac a9 3c 60 1c e1 6e 9d 7f 3b a8 00 e0 c9 28 50 | XCBC: MAC 8c d3 c9 3a e5 98 a9 80 30 06 ff b6 7c 40 e9 e4 | xcbc: release k1-key@0x556c50757800 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf10 | result: xcbc-key@0x556c507594c0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x556c507594c0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bef8 | result: xcbc-key@0x556c50757800 (16-bytes, EXTRACT_KEY_FROM_KEY) | xcbc: release tmp-key@0x556c507594c0 | PRF symkey interface: release key-key@0x556c5074eb00 | PRF symkey interface PRF aes_xcbc final-key@0x556c50757800 (size 16) | PRF symkey interface: key-key@0x556c50757800 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x556c50757800 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) extracting all 16 bytes of key@0x556c50757800 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18): symkey-key@0x556c50757800 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18): new slot-key@0x556c50750fd0 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1333043673: fffffff5 ffffffe6 fffffffd fffffffa ffffffa3 ffffffc8 14 2d 14 ffffff93 1b 08 ffffffe5 ffffffa1 05 fffffffd | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18): release slot-key-key@0x556c50750fd0 | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) extracted len 16 bytes at 0x556c507505c0 | unwrapped: 8c d3 c9 3a e5 98 a9 80 30 06 ff b6 7c 40 e9 e4 | verify_chunk_data: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18): ok | test_prf_vector: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) passed | test_prf_vector: release symkey-key@0x556c50757800 | test_prf_vector: release message-key@0x556c507543d0 | test_prf_vector: release key-key@0x556c5074d280 | test_prf_vector: release output-key@NULL testing HMAC_MD5: RFC 2104: MD5_HMAC test 1 | decode_to_chunk: test_prf_vector: input "0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b" | decode_to_chunk: output: | 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b | decode_to_chunk: test_prf_vector: input "Hi There" | decode_to_chunk: output: | 48 69 20 54 68 65 72 65 | decode_to_chunk: test_prf_vector: input "0x9294727a3638bb1c13f48ef8158bfc9d" | decode_to_chunk: output: | 92 94 72 7a 36 38 bb 1c 13 f4 8e f8 15 8b fc 9d | PRF chunk interface PRF md5 init key-chunk@0x556c507507d0 (length 16) | 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bef0 | result: PRF chunk interface-key@0x556c507543d0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x556c507543d0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bed8 | result: PRF chunk interface-key@0x556c5074d280 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF chunk interface: release tmp-key@0x556c507543d0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c5074d280 (16-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffdc298be30 | result: trimed key-key@0x556c507543d0 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x556c5074d280 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x556c507543d0 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffdc298be70 | result: result-key@0x556c5074d280 (64-bytes, CONCATENATE_BASE_AND_DATA) | PRF chunk interface PRF md5 crypt-prf@0x556c50750620 | PRF chunk interface PRF md5 update message-bytes@0x556c507505c0 (length 8) | 48 69 20 54 68 65 72 65 | CONCATENATE_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x556c5074d280 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 16-bytes@0x7ffdc298bf60 | result: message-key@0x556c50757800 (72-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_bytes: release lhs-key@0x556c5074d280 | PRF HMAC inner hash hash md5 inner-key@0x556c50757800 (size 72) | PRF HMAC inner hash hash md5 init | PRF HMAC inner hash hash md5 digest inner-key@0x556c50757800 (size 72) | PRF HMAC inner hash: inner-key@0x556c50757800 (72-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC inner hash hash md5 final chunk@0x556c507512f0 (length 16) | 90 1d 23 73 2e dc c0 f1 a1 06 53 2f 6b e5 ec eb | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bdf0 | result: PRF HMAC inner hash-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bdd8 | result: PRF HMAC inner hash-key@0x556c5074d280 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC inner hash: release tmp-key@0x556c5074eb00 | PRF chunk interface: release inner-key@0x556c50757800 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x556c507543d0 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffdc298be60 | result: result-key@0x556c50757800 (64-bytes, CONCATENATE_BASE_AND_DATA) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x556c50757800 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7ffdc298be48 | result: result-key@0x556c5074eb00 (80-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x556c50757800 | PRF chunk interface: release hashed-inner-key@0x556c5074d280 | PRF chunk interface: release key-key@0x556c507543d0 | PRF HMAC outer hash hash md5 init | PRF HMAC outer hash hash md5 digest outer-key@0x556c5074eb00 (size 80) | PRF HMAC outer hash: outer-key@0x556c5074eb00 (80-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC outer hash hash md5 final bytes@0x556c5074ba50 (length 16) | 92 94 72 7a 36 38 bb 1c 13 f4 8e f8 15 8b fc 9d | PRF chunk interface: release outer-key@0x556c5074eb00 | PRF chunk interface PRF md5 final-chunk@0x556c5074ba50 (length 16) | 92 94 72 7a 36 38 bb 1c 13 f4 8e f8 15 8b fc 9d | chunk output 92 94 72 7a 36 38 bb 1c 13 f4 8e f8 15 8b fc 9d | verify_chunk_data: RFC 2104: MD5_HMAC test 1: ok | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf70 | result: key symkey-key@0x556c507543d0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x556c507543d0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bf58 | result: key symkey-key@0x556c5074eb00 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x556c507543d0 | PRF symkey interface PRF md5 init key symkey-key@0x556c5074eb00 (size 16) | PRF symkey interface: key symkey-key@0x556c5074eb00 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF symkey interface: reference key-key@0x556c5074eb00 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c5074eb00 (16-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffdc298be30 | result: trimed key-key@0x556c507543d0 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x556c5074eb00 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x556c507543d0 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffdc298be70 | result: result-key@0x556c5074d280 (64-bytes, CONCATENATE_BASE_AND_DATA) | PRF symkey interface PRF md5 crypt-prf@0x556c50751060 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf70 | result: message symkey-key@0x556c507594c0 (24-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 8 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 8-bytes | base: base-key@0x556c507594c0 (24-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bf58 | result: message symkey-key@0x556c50757800 (8-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x556c507594c0 | PRF symkey interface PRF md5 update symkey message-key@0x556c50757800 (size 8) | PRF symkey interface: symkey message-key@0x556c50757800 (8-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x556c5074d280 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7ffdc298bf88 | result: result-key@0x556c507594c0 (72-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x556c5074d280 | PRF HMAC inner hash hash md5 inner-key@0x556c507594c0 (size 72) | PRF HMAC inner hash hash md5 init | PRF HMAC inner hash hash md5 digest inner-key@0x556c507594c0 (size 72) | PRF HMAC inner hash: inner-key@0x556c507594c0 (72-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC inner hash hash md5 final chunk@0x556c507503c0 (length 16) | 90 1d 23 73 2e dc c0 f1 a1 06 53 2f 6b e5 ec eb | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298be10 | result: PRF HMAC inner hash-key@0x556c5075ae20 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x556c5075ae20 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bdf8 | result: PRF HMAC inner hash-key@0x556c5074d280 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC inner hash: release tmp-key@0x556c5075ae20 | PRF symkey interface: release inner-key@0x556c507594c0 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x556c507543d0 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffdc298be80 | result: result-key@0x556c507594c0 (64-bytes, CONCATENATE_BASE_AND_DATA) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x556c507594c0 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7ffdc298be68 | result: result-key@0x556c5075ae20 (80-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x556c507594c0 | PRF symkey interface: release hashed-inner-key@0x556c5074d280 | PRF symkey interface: release key-key@0x556c507543d0 | PRF HMAC outer hash hash md5 outer-key@0x556c5075ae20 (size 80) | PRF HMAC outer hash hash md5 init | PRF HMAC outer hash hash md5 digest outer-key@0x556c5075ae20 (size 80) | PRF HMAC outer hash: outer-key@0x556c5075ae20 (80-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC outer hash hash md5 final chunk@0x556c507512f0 (length 16) | 92 94 72 7a 36 38 bb 1c 13 f4 8e f8 15 8b fc 9d | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bed0 | result: PRF HMAC outer hash-key@0x556c5074d280 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x556c5074d280 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298beb8 | result: PRF HMAC outer hash-key@0x556c507543d0 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC outer hash: release tmp-key@0x556c5074d280 | PRF symkey interface: release outer-key@0x556c5075ae20 | : hashed-outer-key@0x556c507543d0 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF symkey interface PRF md5 final-key@0x556c507543d0 (size 16) | PRF symkey interface: key-key@0x556c507543d0 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x556c507543d0 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 2104: MD5_HMAC test 1 extracting all 16 bytes of key@0x556c507543d0 | RFC 2104: MD5_HMAC test 1: symkey-key@0x556c507543d0 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | RFC 2104: MD5_HMAC test 1: new slot-key@0x556c50750fd0 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1333043673: fffffff1 ffffff9e ffffffc7 77 7d 14 ffffffe3 12 59 1a ffffffc0 ffffff90 7e 0b ffffffd6 4e | RFC 2104: MD5_HMAC test 1: release slot-key-key@0x556c50750fd0 | RFC 2104: MD5_HMAC test 1 extracted len 16 bytes at 0x556c507503c0 | unwrapped: 92 94 72 7a 36 38 bb 1c 13 f4 8e f8 15 8b fc 9d | verify_chunk_data: RFC 2104: MD5_HMAC test 1: ok | test_prf_vector: RFC 2104: MD5_HMAC test 1 passed | test_prf_vector: release symkey-key@0x556c507543d0 | test_prf_vector: release message-key@0x556c50757800 | test_prf_vector: release key-key@0x556c5074eb00 | test_prf_vector: release output-key@NULL RFC 2104: MD5_HMAC test 2 | decode_to_chunk: test_prf_vector: input "Jefe" | decode_to_chunk: output: | 4a 65 66 65 | decode_to_chunk: test_prf_vector: input "what do ya want for nothing?" | decode_to_chunk: output: | 77 68 61 74 20 64 6f 20 79 61 20 77 61 6e 74 20 | 66 6f 72 20 6e 6f 74 68 69 6e 67 3f | decode_to_chunk: test_prf_vector: input "0x750c783e6ab0b503eaa86e310a5db738" | decode_to_chunk: output: | 75 0c 78 3e 6a b0 b5 03 ea a8 6e 31 0a 5d b7 38 | PRF chunk interface PRF md5 init key-chunk@0x556c50751060 (length 4) | 4a 65 66 65 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bef0 | result: PRF chunk interface-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 4 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 4-bytes | base: base-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bed8 | result: PRF chunk interface-key@0x556c5074eb00 (4-bytes, EXTRACT_KEY_FROM_KEY) | PRF chunk interface: release tmp-key@0x556c50757800 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c5074eb00 (4-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffdc298be30 | result: trimed key-key@0x556c50757800 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x556c5074eb00 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x556c50757800 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffdc298be70 | result: result-key@0x556c5074eb00 (64-bytes, CONCATENATE_BASE_AND_DATA) | PRF chunk interface PRF md5 crypt-prf@0x556c507512f0 | PRF chunk interface PRF md5 update message-bytes@0x556c50750c30 (length 28) | 77 68 61 74 20 64 6f 20 79 61 20 77 61 6e 74 20 | 66 6f 72 20 6e 6f 74 68 69 6e 67 3f | CONCATENATE_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x556c5074eb00 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 16-bytes@0x7ffdc298bf60 | result: message-key@0x556c507543d0 (92-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_bytes: release lhs-key@0x556c5074eb00 | PRF HMAC inner hash hash md5 inner-key@0x556c507543d0 (size 92) | PRF HMAC inner hash hash md5 init | PRF HMAC inner hash hash md5 digest inner-key@0x556c507543d0 (size 92) | PRF HMAC inner hash: inner-key@0x556c507543d0 (92-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC inner hash hash md5 final chunk@0x556c5074bb40 (length 16) | c3 db 14 c0 65 f5 52 03 b0 33 c8 1a 69 7b 97 c5 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bdf0 | result: PRF HMAC inner hash-key@0x556c5075ae20 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x556c5075ae20 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bdd8 | result: PRF HMAC inner hash-key@0x556c5074eb00 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC inner hash: release tmp-key@0x556c5075ae20 | PRF chunk interface: release inner-key@0x556c507543d0 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x556c50757800 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffdc298be60 | result: result-key@0x556c507543d0 (64-bytes, CONCATENATE_BASE_AND_DATA) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x556c507543d0 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7ffdc298be48 | result: result-key@0x556c5075ae20 (80-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x556c507543d0 | PRF chunk interface: release hashed-inner-key@0x556c5074eb00 | PRF chunk interface: release key-key@0x556c50757800 | PRF HMAC outer hash hash md5 init | PRF HMAC outer hash hash md5 digest outer-key@0x556c5075ae20 (size 80) | PRF HMAC outer hash: outer-key@0x556c5075ae20 (80-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC outer hash hash md5 final bytes@0x556c50759620 (length 16) | 75 0c 78 3e 6a b0 b5 03 ea a8 6e 31 0a 5d b7 38 | PRF chunk interface: release outer-key@0x556c5075ae20 | PRF chunk interface PRF md5 final-chunk@0x556c50759620 (length 16) | 75 0c 78 3e 6a b0 b5 03 ea a8 6e 31 0a 5d b7 38 | chunk output 75 0c 78 3e 6a b0 b5 03 ea a8 6e 31 0a 5d b7 38 | verify_chunk_data: RFC 2104: MD5_HMAC test 2: ok | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf70 | result: key symkey-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 4 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 4-bytes | base: base-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bf58 | result: key symkey-key@0x556c5075ae20 (4-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x556c50757800 | PRF symkey interface PRF md5 init key symkey-key@0x556c5075ae20 (size 4) | PRF symkey interface: key symkey-key@0x556c5075ae20 (4-bytes, EXTRACT_KEY_FROM_KEY) | PRF symkey interface: reference key-key@0x556c5075ae20 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c5075ae20 (4-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffdc298be30 | result: trimed key-key@0x556c50757800 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x556c5075ae20 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x556c50757800 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffdc298be70 | result: result-key@0x556c5074eb00 (64-bytes, CONCATENATE_BASE_AND_DATA) | PRF symkey interface PRF md5 crypt-prf@0x556c507512f0 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf70 | result: message symkey-key@0x556c5074d280 (44-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 28 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 28-bytes | base: base-key@0x556c5074d280 (44-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bf58 | result: message symkey-key@0x556c507543d0 (28-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x556c5074d280 | PRF symkey interface PRF md5 update symkey message-key@0x556c507543d0 (size 28) | PRF symkey interface: symkey message-key@0x556c507543d0 (28-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x556c5074eb00 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7ffdc298bf88 | result: result-key@0x556c5074d280 (92-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x556c5074eb00 | PRF HMAC inner hash hash md5 inner-key@0x556c5074d280 (size 92) | PRF HMAC inner hash hash md5 init | PRF HMAC inner hash hash md5 digest inner-key@0x556c5074d280 (size 92) | PRF HMAC inner hash: inner-key@0x556c5074d280 (92-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC inner hash hash md5 final chunk@0x556c507505a0 (length 16) | c3 db 14 c0 65 f5 52 03 b0 33 c8 1a 69 7b 97 c5 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298be10 | result: PRF HMAC inner hash-key@0x556c507594c0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x556c507594c0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bdf8 | result: PRF HMAC inner hash-key@0x556c5074eb00 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC inner hash: release tmp-key@0x556c507594c0 | PRF symkey interface: release inner-key@0x556c5074d280 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x556c50757800 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffdc298be80 | result: result-key@0x556c5074d280 (64-bytes, CONCATENATE_BASE_AND_DATA) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x556c5074d280 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7ffdc298be68 | result: result-key@0x556c507594c0 (80-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x556c5074d280 | PRF symkey interface: release hashed-inner-key@0x556c5074eb00 | PRF symkey interface: release key-key@0x556c50757800 | PRF HMAC outer hash hash md5 outer-key@0x556c507594c0 (size 80) | PRF HMAC outer hash hash md5 init | PRF HMAC outer hash hash md5 digest outer-key@0x556c507594c0 (size 80) | PRF HMAC outer hash: outer-key@0x556c507594c0 (80-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC outer hash hash md5 final chunk@0x556c5074bc10 (length 16) | 75 0c 78 3e 6a b0 b5 03 ea a8 6e 31 0a 5d b7 38 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bed0 | result: PRF HMAC outer hash-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298beb8 | result: PRF HMAC outer hash-key@0x556c50757800 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC outer hash: release tmp-key@0x556c5074eb00 | PRF symkey interface: release outer-key@0x556c507594c0 | : hashed-outer-key@0x556c50757800 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF symkey interface PRF md5 final-key@0x556c50757800 (size 16) | PRF symkey interface: key-key@0x556c50757800 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x556c50757800 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 2104: MD5_HMAC test 2 extracting all 16 bytes of key@0x556c50757800 | RFC 2104: MD5_HMAC test 2: symkey-key@0x556c50757800 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | RFC 2104: MD5_HMAC test 2: new slot-key@0x556c50750fd0 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1333043673: 19 77 ffffffe4 61 59 06 ffffff8b ffffffbf ffffffdd 1f 25 ffffffdc ffffffae 64 ffffffa0 ffffffa8 | RFC 2104: MD5_HMAC test 2: release slot-key-key@0x556c50750fd0 | RFC 2104: MD5_HMAC test 2 extracted len 16 bytes at 0x556c507505a0 | unwrapped: 75 0c 78 3e 6a b0 b5 03 ea a8 6e 31 0a 5d b7 38 | verify_chunk_data: RFC 2104: MD5_HMAC test 2: ok | test_prf_vector: RFC 2104: MD5_HMAC test 2 passed | test_prf_vector: release symkey-key@0x556c50757800 | test_prf_vector: release message-key@0x556c507543d0 | test_prf_vector: release key-key@0x556c5075ae20 | test_prf_vector: release output-key@NULL RFC 2104: MD5_HMAC test 3 | decode_to_chunk: test_prf_vector: input "0xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" | decode_to_chunk: output: | aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa | decode_to_chunk: test_prf_vector: input "0xDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD" | decode_to_chunk: output: | dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd | dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd | dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd | dd dd | decode_to_chunk: test_prf_vector: input "0x56be34521d144c88dbb8c733f0e8b3f6" | decode_to_chunk: output: | 56 be 34 52 1d 14 4c 88 db b8 c7 33 f0 e8 b3 f6 | PRF chunk interface PRF md5 init key-chunk@0x556c507512f0 (length 16) | aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bef0 | result: PRF chunk interface-key@0x556c507543d0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x556c507543d0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bed8 | result: PRF chunk interface-key@0x556c5075ae20 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF chunk interface: release tmp-key@0x556c507543d0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c5075ae20 (16-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffdc298be30 | result: trimed key-key@0x556c507543d0 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x556c5075ae20 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x556c507543d0 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffdc298be70 | result: result-key@0x556c5075ae20 (64-bytes, CONCATENATE_BASE_AND_DATA) | PRF chunk interface PRF md5 crypt-prf@0x556c5074bc10 | PRF chunk interface PRF md5 update message-bytes@0x556c507505e0 (length 50) | dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd | dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd | dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd | dd dd | CONCATENATE_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x556c5075ae20 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 16-bytes@0x7ffdc298bf60 | result: message-key@0x556c50757800 (114-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_bytes: release lhs-key@0x556c5075ae20 | PRF HMAC inner hash hash md5 inner-key@0x556c50757800 (size 114) | PRF HMAC inner hash hash md5 init | PRF HMAC inner hash hash md5 digest inner-key@0x556c50757800 (size 114) | PRF HMAC inner hash: inner-key@0x556c50757800 (114-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC inner hash hash md5 final chunk@0x556c507507d0 (length 16) | 82 0a 6b 33 5d 18 7b 90 dc ba b1 7e f5 b4 26 ff | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bdf0 | result: PRF HMAC inner hash-key@0x556c507594c0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x556c507594c0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bdd8 | result: PRF HMAC inner hash-key@0x556c5075ae20 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC inner hash: release tmp-key@0x556c507594c0 | PRF chunk interface: release inner-key@0x556c50757800 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x556c507543d0 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffdc298be60 | result: result-key@0x556c50757800 (64-bytes, CONCATENATE_BASE_AND_DATA) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x556c50757800 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7ffdc298be48 | result: result-key@0x556c507594c0 (80-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x556c50757800 | PRF chunk interface: release hashed-inner-key@0x556c5075ae20 | PRF chunk interface: release key-key@0x556c507543d0 | PRF HMAC outer hash hash md5 init | PRF HMAC outer hash hash md5 digest outer-key@0x556c507594c0 (size 80) | PRF HMAC outer hash: outer-key@0x556c507594c0 (80-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC outer hash hash md5 final bytes@0x556c5074bb40 (length 16) | 56 be 34 52 1d 14 4c 88 db b8 c7 33 f0 e8 b3 f6 | PRF chunk interface: release outer-key@0x556c507594c0 | PRF chunk interface PRF md5 final-chunk@0x556c5074bb40 (length 16) | 56 be 34 52 1d 14 4c 88 db b8 c7 33 f0 e8 b3 f6 | chunk output 56 be 34 52 1d 14 4c 88 db b8 c7 33 f0 e8 b3 f6 | verify_chunk_data: RFC 2104: MD5_HMAC test 3: ok | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf70 | result: key symkey-key@0x556c507543d0 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x556c507543d0 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bf58 | result: key symkey-key@0x556c507594c0 (16-bytes, EXTRACT_KEY_FROM_KEY) | key symkey: release tmp-key@0x556c507543d0 | PRF symkey interface PRF md5 init key symkey-key@0x556c507594c0 (size 16) | PRF symkey interface: key symkey-key@0x556c507594c0 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF symkey interface: reference key-key@0x556c507594c0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c507594c0 (16-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffdc298be30 | result: trimed key-key@0x556c507543d0 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x556c507594c0 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x556c507543d0 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffdc298be70 | result: result-key@0x556c5075ae20 (64-bytes, CONCATENATE_BASE_AND_DATA) | PRF symkey interface PRF md5 crypt-prf@0x556c5074bc10 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bf70 | result: message symkey-key@0x556c5074eb00 (66-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 50 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 50-bytes | base: base-key@0x556c5074eb00 (66-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bf58 | result: message symkey-key@0x556c50757800 (50-bytes, EXTRACT_KEY_FROM_KEY) | message symkey: release tmp-key@0x556c5074eb00 | PRF symkey interface PRF md5 update symkey message-key@0x556c50757800 (size 50) | PRF symkey interface: symkey message-key@0x556c50757800 (50-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x556c5075ae20 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7ffdc298bf88 | result: result-key@0x556c5074eb00 (114-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x556c5075ae20 | PRF HMAC inner hash hash md5 inner-key@0x556c5074eb00 (size 114) | PRF HMAC inner hash hash md5 init | PRF HMAC inner hash hash md5 digest inner-key@0x556c5074eb00 (size 114) | PRF HMAC inner hash: inner-key@0x556c5074eb00 (114-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC inner hash hash md5 final chunk@0x556c50750670 (length 16) | 82 0a 6b 33 5d 18 7b 90 dc ba b1 7e f5 b4 26 ff | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298be10 | result: PRF HMAC inner hash-key@0x556c5074d280 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x556c5074d280 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298bdf8 | result: PRF HMAC inner hash-key@0x556c5075ae20 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC inner hash: release tmp-key@0x556c5074d280 | PRF symkey interface: release inner-key@0x556c5074eb00 | XOR_BASE_AND_DATA: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x556c507543d0 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffdc298be80 | result: result-key@0x556c5074eb00 (64-bytes, CONCATENATE_BASE_AND_DATA) | CONCATENATE_BASE_AND_KEY: | target: CONCATENATE_BASE_AND_DATA | base: base-key@0x556c5074eb00 (64-bytes, CONCATENATE_BASE_AND_DATA) | params: 8-bytes@0x7ffdc298be68 | result: result-key@0x556c5074d280 (80-bytes, CONCATENATE_BASE_AND_DATA) | append_symkey_symkey: release lhs-key@0x556c5074eb00 | PRF symkey interface: release hashed-inner-key@0x556c5075ae20 | PRF symkey interface: release key-key@0x556c507543d0 | PRF HMAC outer hash hash md5 outer-key@0x556c5074d280 (size 80) | PRF HMAC outer hash hash md5 init | PRF HMAC outer hash hash md5 digest outer-key@0x556c5074d280 (size 80) | PRF HMAC outer hash: outer-key@0x556c5074d280 (80-bytes, CONCATENATE_BASE_AND_DATA) | PRF HMAC outer hash hash md5 final chunk@0x556c507505c0 (length 16) | 56 be 34 52 1d 14 4c 88 db b8 c7 33 f0 e8 b3 f6 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298bed0 | result: PRF HMAC outer hash-key@0x556c5075ae20 (32-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 16-bytes | base: base-key@0x556c5075ae20 (32-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298beb8 | result: PRF HMAC outer hash-key@0x556c507543d0 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF HMAC outer hash: release tmp-key@0x556c5075ae20 | PRF symkey interface: release outer-key@0x556c5074d280 | : hashed-outer-key@0x556c507543d0 (16-bytes, EXTRACT_KEY_FROM_KEY) | PRF symkey interface PRF md5 final-key@0x556c507543d0 (size 16) | PRF symkey interface: key-key@0x556c507543d0 (16-bytes, EXTRACT_KEY_FROM_KEY) | output: symkey-key@0x556c507543d0 (16-bytes, EXTRACT_KEY_FROM_KEY) | RFC 2104: MD5_HMAC test 3 extracting all 16 bytes of key@0x556c507543d0 | RFC 2104: MD5_HMAC test 3: symkey-key@0x556c507543d0 (16-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | RFC 2104: MD5_HMAC test 3: new slot-key@0x556c50750fd0 (16-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 16 | wrapper: (SECItemType)1333043673: 55 ffffffac 39 fffffff5 ffffffb3 ffffffc8 73 56 ffffff93 10 4c ffffff84 79 13 33 fffffffa | RFC 2104: MD5_HMAC test 3: release slot-key-key@0x556c50750fd0 | RFC 2104: MD5_HMAC test 3 extracted len 16 bytes at 0x556c50750670 | unwrapped: 56 be 34 52 1d 14 4c 88 db b8 c7 33 f0 e8 b3 f6 | verify_chunk_data: RFC 2104: MD5_HMAC test 3: ok | test_prf_vector: RFC 2104: MD5_HMAC test 3 passed | test_prf_vector: release symkey-key@0x556c507543d0 | test_prf_vector: release message-key@0x556c50757800 | test_prf_vector: release key-key@0x556c507594c0 | test_prf_vector: release output-key@NULL 8 CPU cores online starting up 7 crypto helpers started thread for crypto helper 0 started thread for crypto helper 1 started thread for crypto helper 2 started thread for crypto helper 3 started thread for crypto helper 4 started thread for crypto helper 5 started thread for crypto helper 6 | checking IKEv1 state table | MAIN_R0: category: half-open IKE SA flags: 0: | -> MAIN_R1 EVENT_SO_DISCARD | MAIN_I1: category: half-open IKE SA flags: 0: | -> MAIN_I2 EVENT_RETRANSMIT | MAIN_R1: category: open IKE SA flags: 200: | -> MAIN_R2 EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | MAIN_I2: category: open IKE SA flags: 0: | -> MAIN_I3 EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | MAIN_R2: category: open IKE SA flags: 0: | -> MAIN_R3 EVENT_SA_REPLACE | -> MAIN_R3 EVENT_SA_REPLACE | -> UNDEFINED EVENT_SA_REPLACE | MAIN_I3: category: open IKE SA flags: 0: | -> MAIN_I4 EVENT_SA_REPLACE | -> MAIN_I4 EVENT_SA_REPLACE | -> UNDEFINED EVENT_SA_REPLACE | MAIN_R3: category: established IKE SA flags: 200: | -> UNDEFINED EVENT_NULL | MAIN_I4: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | AGGR_R0: category: half-open IKE SA flags: 0: | -> AGGR_R1 EVENT_SO_DISCARD | AGGR_I1: category: half-open IKE SA flags: 0: | -> AGGR_I2 EVENT_SA_REPLACE | -> AGGR_I2 EVENT_SA_REPLACE | AGGR_R1: category: open IKE SA flags: 200: | -> AGGR_R2 EVENT_SA_REPLACE | -> AGGR_R2 EVENT_SA_REPLACE | AGGR_I2: category: established IKE SA flags: 200: | -> UNDEFINED EVENT_NULL | AGGR_R2: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | QUICK_R0: category: established CHILD SA flags: 0: | -> QUICK_R1 EVENT_RETRANSMIT | QUICK_I1: category: established CHILD SA flags: 0: | -> QUICK_I2 EVENT_SA_REPLACE | QUICK_R1: category: established CHILD SA flags: 0: | -> QUICK_R2 EVENT_SA_REPLACE | QUICK_I2: category: established CHILD SA flags: 200: | -> UNDEFINED EVENT_NULL | QUICK_R2: category: established CHILD SA flags: 0: | -> UNDEFINED EVENT_NULL | INFO: category: informational flags: 0: | -> UNDEFINED EVENT_NULL | INFO_PROTECTED: category: informational flags: 0: | -> UNDEFINED EVENT_NULL | XAUTH_R0: category: established IKE SA flags: 0: | -> XAUTH_R1 EVENT_NULL | XAUTH_R1: category: established IKE SA flags: 0: | -> MAIN_R3 EVENT_SA_REPLACE | MODE_CFG_R0: category: informational flags: 0: | -> MODE_CFG_R1 EVENT_SA_REPLACE | MODE_CFG_R1: category: established IKE SA flags: 0: | -> MODE_CFG_R2 EVENT_SA_REPLACE | MODE_CFG_R2: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | MODE_CFG_I1: category: established IKE SA flags: 0: | -> MAIN_I4 EVENT_SA_REPLACE | XAUTH_I0: category: established IKE SA flags: 0: | -> XAUTH_I1 EVENT_RETRANSMIT | XAUTH_I1: category: established IKE SA flags: 0: | -> MAIN_I4 EVENT_RETRANSMIT | checking IKEv2 state table | PARENT_I0: category: ignore flags: 0: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) | PARENT_I1: category: half-open IKE SA flags: 0: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) | PARENT_I2: category: open IKE SA flags: 0: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) | PARENT_I3: category: established IKE SA flags: 0: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) | PARENT_R0: category: half-open IKE SA flags: 0: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) | PARENT_R1: category: half-open IKE SA flags: 0: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) | PARENT_R2: category: established IKE SA flags: 0: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) | V2_CREATE_I0: category: established IKE SA flags: 0: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) | V2_CREATE_I: category: established IKE SA flags: 0: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) | V2_REKEY_IKE_I: category: established IKE SA flags: 0: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: | V2_CREATE_R: category: established IKE SA flags: 0: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) | V2_REKEY_IKE_R: category: established IKE SA flags: 0: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: | V2_IPSEC_I: category: established CHILD SA flags: 0: | V2_IPSEC_R: category: established CHILD SA flags: 0: | IKESA_DEL: category: established IKE SA flags: 0: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) | CHILDSA_DEL: category: informational flags: 0: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+ | Hard-wiring algorithms | adding AES_CCM_16 to kernel algorithm db | adding AES_CCM_12 to kernel algorithm db | adding AES_CCM_8 to kernel algorithm db | adding 3DES_CBC to kernel algorithm db | adding CAMELLIA_CBC to kernel algorithm db | adding AES_GCM_16 to kernel algorithm db | adding AES_GCM_12 to kernel algorithm db | adding AES_GCM_8 to kernel algorithm db | adding AES_CTR to kernel algorithm db | adding AES_CBC to kernel algorithm db | adding SERPENT_CBC to kernel algorithm db | adding TWOFISH_CBC to kernel algorithm db | adding NULL_AUTH_AES_GMAC to kernel algorithm db | adding NULL to kernel algorithm db | adding CHACHA20_POLY1305 to kernel algorithm db | adding HMAC_MD5_96 to kernel algorithm db | adding HMAC_SHA1_96 to kernel algorithm db | adding HMAC_SHA2_512_256 to kernel algorithm db | adding HMAC_SHA2_384_192 to kernel algorithm db | adding HMAC_SHA2_256_128 to kernel algorithm db | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db | adding AES_XCBC_96 to kernel algorithm db | adding AES_CMAC_96 to kernel algorithm db | adding NONE to kernel algorithm db | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds | setup kernel fd callback | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x556c507505e0 | libevent_malloc: new ptr-libevent@0x556c5075d370 size 128 | libevent_malloc: new ptr-libevent@0x556c5074bc10 size 16 | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x556c5074b620 | libevent_malloc: new ptr-libevent@0x556c5075d400 size 128 | libevent_malloc: new ptr-libevent@0x556c50750670 size 16 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76e46b (length 11) | 4b 41 4d 45 2f 72 61 63 6f 6f 6e | vendor id hash md5 final bytes@0x556c507503c0 (length 16) | 70 03 cb c1 09 7d be 9c 26 00 ba 69 83 bc 8b 35 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76f260 (length 46) | 4e 4c 42 53 5f 50 52 45 53 45 4e 54 28 4e 4c 42 | 2f 4d 53 43 53 20 66 61 73 74 20 66 61 69 6c 6f | 76 65 72 20 73 75 70 70 6f 72 74 65 64 29 | vendor id hash md5 final bytes@0x556c50751060 (length 16) | ec 22 62 b5 12 32 63 83 67 12 3b ce 3d 37 3c 5e | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76f290 (length 32) | 4d 53 2d 4d 61 6d 69 65 45 78 69 73 74 73 28 41 | 75 74 68 49 50 20 73 75 70 70 6f 72 74 65 64 29 | vendor id hash md5 final bytes@0x556c507505a0 (length 16) | 6f fe a4 ae ec 37 f4 9a 02 6f 97 cf b5 53 30 6d | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76e5ee (length 17) | 49 4b 45 20 43 47 41 20 76 65 72 73 69 6f 6e 20 | 31 | vendor id hash md5 final bytes@0x556c5074bb40 (length 16) | e3 a5 96 6a 76 37 9f e7 07 22 82 31 e5 ce 86 52 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76f2b8 (length 32) | 4d 53 2d 4e 65 67 6f 74 69 61 74 69 6f 6e 20 44 | 69 73 63 6f 76 65 72 79 20 43 61 70 61 62 6c 65 | vendor id hash md5 final bytes@0x556c507512f0 (length 16) | fb 1d e3 cd f3 41 b7 ea 16 b7 e5 be 08 55 f1 20 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76e600 (length 23) | 4d 69 63 72 6f 73 6f 66 74 20 58 62 6f 78 20 4f | 6e 65 20 32 30 31 33 | vendor id hash md5 final bytes@0x556c50759600 (length 16) | 8a a3 94 cf 8a 55 77 dc 31 10 c1 13 b0 27 a4 f2 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76e618 (length 22) | 58 62 6f 78 20 49 4b 45 76 32 20 4e 65 67 6f 74 | 69 61 74 69 6f 6e | vendor id hash md5 final bytes@0x556c50750620 (length 16) | aa 28 1f cc d6 8c f8 a8 dc b8 5c c0 a7 10 40 2a | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76e62f (length 28) | 4d 53 46 54 20 49 50 73 65 63 20 53 65 63 75 72 | 69 74 79 20 52 65 61 6c 6d 20 49 64 | vendor id hash md5 final bytes@0x556c5074ba50 (length 16) | 68 6a 8c bd fe 63 4b 40 51 46 fb 2b af 33 e9 e8 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76f2e0 (length 39) | 41 20 47 53 53 2d 41 50 49 20 41 75 74 68 65 6e | 74 69 63 61 74 69 6f 6e 20 4d 65 74 68 6f 64 20 | 66 6f 72 20 49 4b 45 | vendor id hash md5 final bytes@0x556c50759620 (length 16) | ad 2c 0d d0 b9 c3 20 83 cc ba 25 b8 86 1e c4 55 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76e64c (length 6) | 47 53 53 41 50 49 | vendor id hash md5 final bytes@0x556c5075d610 (length 16) | 62 1b 04 bb 09 88 2a c1 e1 59 35 fe fa 24 ae ee | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76e653 (length 12) | 53 53 48 20 53 65 6e 74 69 6e 65 6c | vendor id hash md5 final bytes@0x556c5075d630 (length 16) | 05 41 82 a0 7c 7a e2 06 f9 d2 cf 9d 24 32 c4 82 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76e660 (length 16) | 53 53 48 20 53 65 6e 74 69 6e 65 6c 20 31 2e 31 | vendor id hash md5 final bytes@0x556c5075d650 (length 16) | b9 16 23 e6 93 ca 18 a5 4c 6a 27 78 55 23 05 e8 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76e671 (length 16) | 53 53 48 20 53 65 6e 74 69 6e 65 6c 20 31 2e 32 | vendor id hash md5 final bytes@0x556c5075d670 (length 16) | 54 30 88 8d e0 1a 31 a6 fa 8f 60 22 4e 44 99 58 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76e682 (length 16) | 53 53 48 20 53 65 6e 74 69 6e 65 6c 20 31 2e 33 | vendor id hash md5 final bytes@0x556c5075d690 (length 16) | 7e e5 cb 85 f7 1c e2 59 c9 4a 5c 73 1e e4 e7 52 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76e693 (length 16) | 53 53 48 20 53 65 6e 74 69 6e 65 6c 20 31 2e 34 | vendor id hash md5 final bytes@0x556c5075d6b0 (length 16) | 63 d9 a1 a7 00 94 91 b5 a0 a6 fd eb 2a 82 84 f0 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76e6a4 (length 18) | 53 53 48 20 53 65 6e 74 69 6e 65 6c 20 31 2e 34 | 2e 31 | vendor id hash md5 final bytes@0x556c5075d6d0 (length 16) | eb 4b 0d 96 27 6b 4e 22 0a d1 62 21 a7 b2 a5 e6 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76f308 (length 55) | 53 73 68 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 31 2e 31 2e 30 | vendor id hash md5 final bytes@0x556c5075d6f0 (length 16) | fb f4 76 14 98 40 31 fa 8e 3b b6 19 80 89 b2 23 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76f340 (length 55) | 53 73 68 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 31 2e 31 2e 31 | vendor id hash md5 final bytes@0x556c5075d710 (length 16) | 19 52 dc 91 ac 20 f6 46 fb 01 cf 42 a3 3a ee 30 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76f378 (length 55) | 53 73 68 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 31 2e 31 2e 32 | vendor id hash md5 final bytes@0x556c5075d730 (length 16) | e8 bf fa 64 3e 5c 8f 2c d1 0f da 73 70 b6 eb e5 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76f3b0 (length 55) | 53 73 68 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 31 2e 32 2e 31 | vendor id hash md5 final bytes@0x556c5075d750 (length 16) | c1 11 1b 2d ee 8c bc 3d 62 05 73 ec 57 aa b9 cb | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76f3e8 (length 55) | 53 73 68 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 31 2e 32 2e 32 | vendor id hash md5 final bytes@0x556c5075d770 (length 16) | 09 ec 27 bf bc 09 c7 58 23 cf ec bf fe 56 5a 2e | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76f420 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 32 2e 30 2e 30 | vendor id hash md5 final bytes@0x556c5075d790 (length 16) | 7f 21 a5 96 e4 e3 18 f0 b2 f4 94 4c 23 84 cb 84 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76f458 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 32 2e 31 2e 30 | vendor id hash md5 final bytes@0x556c5075d7b0 (length 16) | 28 36 d1 fd 28 07 bc 9e 5a e3 07 86 32 04 51 ec | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76f490 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 32 2e 31 2e 31 | vendor id hash md5 final bytes@0x556c5075d7d0 (length 16) | a6 8d e7 56 a9 c5 22 9b ae 66 49 80 40 95 1a d5 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76f4c8 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 32 2e 31 2e 32 | vendor id hash md5 final bytes@0x556c5075d7f0 (length 16) | 3f 23 72 86 7e 23 7c 1c d8 25 0a 75 55 9c ae 20 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76f500 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 33 2e 30 2e 30 | vendor id hash md5 final bytes@0x556c5075d810 (length 16) | 0e 58 d5 77 4d f6 02 00 7d 0b 02 44 36 60 f7 eb | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76f538 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 33 2e 30 2e 31 | vendor id hash md5 final bytes@0x556c5075d830 (length 16) | f5 ce 31 eb c2 10 f4 43 50 cf 71 26 5b 57 38 0f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76f570 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 34 2e 30 2e 30 | vendor id hash md5 final bytes@0x556c5075d850 (length 16) | f6 42 60 af 2e 27 42 da dd d5 69 87 06 8a 99 a0 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76f5a8 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 34 2e 30 2e 31 | vendor id hash md5 final bytes@0x556c5075d870 (length 16) | 7a 54 d3 bd b3 b1 e6 d9 23 89 20 64 be 2d 98 1c | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76f5e0 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 34 2e 31 2e 30 | vendor id hash md5 final bytes@0x556c5075d890 (length 16) | 9a a1 f3 b4 34 72 a4 5d 5f 50 6a eb 26 0c f2 14 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76f618 (length 55) | 53 53 48 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f | 6e 73 20 53 65 63 75 72 69 74 79 20 49 50 53 45 | 43 20 45 78 70 72 65 73 73 20 76 65 72 73 69 6f | 6e 20 34 2e 32 2e 30 | vendor id hash md5 final bytes@0x556c5075d8b0 (length 16) | 68 80 c7 d0 26 09 91 14 e4 86 c5 54 30 e7 ab ee | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76f650 (length 41) | 4c 69 6e 75 78 20 46 72 65 65 53 2f 57 41 4e 20 | 32 2e 30 30 20 50 4c 55 54 4f 5f 53 45 4e 44 53 | 5f 56 45 4e 44 4f 52 49 44 | vendor id hash md5 final bytes@0x7ffdc298c060 (length 16) | 44 76 1b d7 6b 80 85 41 74 87 ee 8a 51 cf fc f3 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76f680 (length 53) | 4c 69 6e 75 78 20 46 72 65 65 53 2f 57 41 4e 20 | 32 2e 30 30 20 58 2e 35 30 39 2d 31 2e 33 2e 31 | 20 50 4c 55 54 4f 5f 53 45 4e 44 53 5f 56 45 4e | 44 4f 52 49 44 | vendor id hash md5 final bytes@0x7ffdc298c060 (length 16) | b7 0e 8a c3 92 b1 6e 05 48 2f c4 dc 36 10 91 68 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76f6b8 (length 58) | 4c 69 6e 75 78 20 46 72 65 65 53 2f 57 41 4e 20 | 32 2e 30 30 20 58 2e 35 30 39 2d 31 2e 33 2e 31 | 20 4c 44 41 50 20 50 4c 55 54 4f 5f 53 45 4e 44 | 53 5f 56 45 4e 44 4f 52 49 44 | vendor id hash md5 final bytes@0x7ffdc298c060 (length 16) | 97 1d ea 93 c3 c2 06 74 f9 ae 35 40 83 de 3e 2f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76e791 (length 14) | 4f 70 65 6e 73 77 61 6e 20 32 2e 32 2e 30 | vendor id hash md5 final bytes@0x7ffdc298c060 (length 16) | 08 72 0b ee 9e 28 95 3c e0 8f 0a 18 b6 e2 9d da | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76f720 (length 37) | 64 72 61 66 74 2d 73 74 65 6e 62 65 72 67 2d 69 | 70 73 65 63 2d 6e 61 74 2d 74 72 61 76 65 72 73 | 61 6c 2d 30 31 | vendor id hash md5 final bytes@0x556c5075dab0 (length 16) | 27 ba b5 dc 01 ea 07 60 ea 4e 31 90 ac 27 c0 d0 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76f748 (length 37) | 64 72 61 66 74 2d 73 74 65 6e 62 65 72 67 2d 69 | 70 73 65 63 2d 6e 61 74 2d 74 72 61 76 65 72 73 | 61 6c 2d 30 32 | vendor id hash md5 final bytes@0x556c5075dad0 (length 16) | 61 05 c4 22 e7 68 47 e4 3f 96 84 80 12 92 ae cd | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76e7b9 (length 10) | 45 53 50 54 68 72 75 4e 41 54 | vendor id hash md5 final bytes@0x556c5075daf0 (length 16) | 50 76 0f 62 4c 63 e5 c5 3e ea 38 6c 68 5c a0 83 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76f770 (length 38) | 64 72 61 66 74 2d 68 75 74 74 75 6e 65 6e 2d 69 | 70 73 65 63 2d 65 73 70 2d 69 6e 2d 75 64 70 2d | 30 30 2e 74 78 74 | vendor id hash md5 final bytes@0x556c5075db10 (length 16) | 6a 74 34 c1 9d 7e 36 34 80 90 a0 23 34 c9 c8 05 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76e7c4 (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 30 | vendor id hash md5 final bytes@0x556c5075db30 (length 16) | 44 85 15 2d 18 b6 bb cd 0b e8 a8 46 95 79 dd cc | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76e7e2 (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 31 | vendor id hash md5 final bytes@0x556c5075db50 (length 16) | 16 f6 ca 16 e4 a4 06 6d 83 82 1a 0f 0a ea a8 62 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76e800 (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 32 | vendor id hash md5 final bytes@0x556c5075db70 (length 16) | cd 60 46 43 35 df 21 f8 7c fd b2 fc 68 b6 a4 48 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76f798 (length 30) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 32 0a | vendor id hash md5 final bytes@0x556c5075db90 (length 16) | 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76e81e (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 33 | vendor id hash md5 final bytes@0x556c5075dbb0 (length 16) | 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76e83c (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 34 | vendor id hash md5 final bytes@0x556c5075dbd0 (length 16) | 99 09 b6 4e ed 93 7c 65 73 de 52 ac e9 52 fa 6b | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76e85a (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 35 | vendor id hash md5 final bytes@0x556c5075dbf0 (length 16) | 80 d0 bb 3d ef 54 56 5e e8 46 45 d4 c8 5c e3 ee | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76e878 (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 36 | vendor id hash md5 final bytes@0x556c5075dc10 (length 16) | 4d 1e 0e 13 6d ea fa 34 c4 f3 ea 9f 02 ec 72 85 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76e896 (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 37 | vendor id hash md5 final bytes@0x556c5075dc30 (length 16) | 43 9b 59 f8 ba 67 6c 4c 77 37 ae 22 ea b8 f5 82 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76e8b4 (length 29) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 2d 30 38 | vendor id hash md5 final bytes@0x556c5075dc50 (length 16) | 8f 8d 83 82 6d 24 6b 6f c7 a8 a6 a4 28 c1 1d e8 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76e8d2 (length 26) | 64 72 61 66 74 2d 69 65 74 66 2d 69 70 73 65 63 | 2d 6e 61 74 2d 74 2d 69 6b 65 | vendor id hash md5 final bytes@0x556c5075dc70 (length 16) | 4d f3 79 28 e9 fc 4f d1 b3 26 21 70 d5 15 c6 62 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76e8ed (length 8) | 52 46 43 20 33 39 34 37 | vendor id hash md5 final bytes@0x556c5075dc90 (length 16) | 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f777707 (length 13) | 46 52 41 47 4d 45 4e 54 41 54 49 4f 4e | vendor id hash md5 final bytes@0x556c5075d910 (length 16) | 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76e99d (length 19) | 56 69 64 2d 49 6e 69 74 69 61 6c 2d 43 6f 6e 74 | 61 63 74 | vendor id hash md5 final bytes@0x556c5075d950 (length 16) | 26 24 4d 38 ed db 61 b3 17 2a 36 e3 d0 cf b8 19 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76f2b8 (length 32) | 4d 53 2d 4e 65 67 6f 74 69 61 74 69 6f 6e 20 44 | 69 73 63 6f 76 65 72 79 20 43 61 70 61 62 6c 65 | vendor id hash md5 final bytes@0x556c5075d930 (length 16) | fb 1d e3 cd f3 41 b7 ea 16 b7 e5 be 08 55 f1 20 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76e5ee (length 17) | 49 4b 45 20 43 47 41 20 76 65 72 73 69 6f 6e 20 | 31 | vendor id hash md5 final bytes@0x556c5075d9e0 (length 16) | e3 a5 96 6a 76 37 9f e7 07 22 82 31 e5 ce 86 52 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76e9b1 (length 14) | 4d 53 2d 4d 61 6d 69 65 45 78 69 73 74 73 | vendor id hash md5 final bytes@0x556c5075da00 (length 16) | 21 4c a4 fa ff a7 f3 2d 67 48 e5 30 33 95 ae 83 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f75dbfd (length 10) | 73 74 72 6f 6e 67 53 77 61 6e | vendor id hash md5 final bytes@0x556c5075da20 (length 16) | 88 2f e5 6d 6f d2 0d bc 22 51 61 3b 2e be 5b eb | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76e9c0 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 30 | vendor id hash md5 final bytes@0x556c5075d9c0 (length 16) | 2c e9 c9 46 a4 c8 79 bf 11 b5 0b 76 cc 56 92 cb | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76e9d1 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 31 | vendor id hash md5 final bytes@0x556c5075de50 (length 16) | 9d bb af cf 1d b0 dd 59 5a e0 65 29 40 03 ad 3e | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76e9e2 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 32 | vendor id hash md5 final bytes@0x556c5075de70 (length 16) | 77 e8 ee a6 f5 56 a4 99 de 3f fe 7f 7f 95 66 1c | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76e9f3 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 33 | vendor id hash md5 final bytes@0x556c5075de90 (length 16) | b1 81 b1 8e 11 4f c2 09 b3 c6 e2 6c 3a 80 71 8e | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76ea04 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 34 | vendor id hash md5 final bytes@0x556c5075deb0 (length 16) | 1e f2 83 f8 35 49 b5 ff 96 08 b6 d6 34 f8 4d 75 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76ea15 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 35 | vendor id hash md5 final bytes@0x556c5075ded0 (length 16) | dd 18 0d 21 e5 ce 65 5a 76 8b a3 22 11 dd 8a d9 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76ea26 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 36 | vendor id hash md5 final bytes@0x556c5075def0 (length 16) | 4c 90 13 69 46 57 7b 51 91 9d 8d 9a 6b 8e 4a 9f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76ea37 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 30 2e 37 | vendor id hash md5 final bytes@0x556c5075df10 (length 16) | ab 07 46 22 1c c8 fd 0d 52 38 f7 3a 9b 3d a5 57 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76ea48 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 30 | vendor id hash md5 final bytes@0x556c5075df30 (length 16) | 47 94 ce f6 84 34 22 98 0d 1a 3d 06 af 41 c5 cd | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76ea59 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 31 | vendor id hash md5 final bytes@0x556c5075df50 (length 16) | d3 f1 c4 88 c3 68 17 5d 5f 40 a8 f5 ca 5f 5e 12 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76ea6a (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 32 | vendor id hash md5 final bytes@0x556c5075df70 (length 16) | 15 a1 ac e7 ee 52 fd df ef 04 f9 28 db 2d d1 34 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76ea7b (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 33 | vendor id hash md5 final bytes@0x556c5075df90 (length 16) | 58 49 ab 6d 8b ea bd 6e 4d 09 e5 a3 b8 8c 08 9a | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76ea8c (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 34 | vendor id hash md5 final bytes@0x556c5075dfb0 (length 16) | 31 2f 9c b1 a6 b9 0e 19 de 75 28 c9 04 ac 30 87 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76ea9d (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 35 | vendor id hash md5 final bytes@0x556c5075dfd0 (length 16) | bf 0f bf 73 06 eb b7 82 70 42 d8 93 53 98 86 e2 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76eaae (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 36 | vendor id hash md5 final bytes@0x556c5075dff0 (length 16) | d1 96 83 36 8a f4 b0 ed c2 1c cd e9 82 b1 d1 b0 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76eabf (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 37 | vendor id hash md5 final bytes@0x556c5075e010 (length 16) | ea 84 0a a4 df c9 71 2d 6c 32 b5 a1 6e b3 29 a3 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76ead0 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 38 | vendor id hash md5 final bytes@0x556c5075e030 (length 16) | 66 a2 04 55 07 c1 19 da 78 a4 66 62 59 cd ea 48 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76eae1 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 39 | vendor id hash md5 final bytes@0x556c5075e050 (length 16) | 78 fd d2 87 de f0 1a 3f 07 4b 53 69 ea b4 fd 1c | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76eaf2 (length 17) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 31 | 30 | vendor id hash md5 final bytes@0x556c5075e070 (length 16) | bf 3a 89 ae 5b ef 8e 72 d4 4d ac 8b b8 8d 7d 5f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76eb04 (length 17) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 31 2e 31 | 31 | vendor id hash md5 final bytes@0x556c5075e090 (length 16) | b7 bd 9f 2f 97 8e 32 59 a7 aa 9f 7a 13 96 ad 6c | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76eb16 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 32 2e 30 | vendor id hash md5 final bytes@0x556c5075e0b0 (length 16) | 9f 68 90 13 25 a9 72 89 43 35 30 2a 95 31 ab 9f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76eb27 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 32 2e 31 | vendor id hash md5 final bytes@0x556c5075e0d0 (length 16) | ba b2 53 f4 cb 10 a8 10 8a 7c 92 7c 56 c8 78 86 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76eb38 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 32 2e 32 | vendor id hash md5 final bytes@0x556c5075e0f0 (length 16) | 2a 51 7d 0d 23 c3 7d 08 bc e7 c2 92 a0 21 7b 39 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76eb49 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 34 2e 32 2e 33 | vendor id hash md5 final bytes@0x556c5075e110 (length 16) | 2d 1f 40 61 18 fb d5 d2 84 74 79 1f fa 00 48 8a | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76eb5a (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 38 | vendor id hash md5 final bytes@0x556c5075e130 (length 16) | 8c 4a 3b cb 72 9b 11 f7 03 d2 2a 5b 39 64 0c a8 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76eb6b (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 37 | vendor id hash md5 final bytes@0x556c5075e150 (length 16) | 3a 0d 4e 7c a4 e4 92 ed 4d fe 47 6d 1a c6 01 8b | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76eb7c (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 36 | vendor id hash md5 final bytes@0x556c5075e170 (length 16) | fe 3f 49 70 6e 26 a9 fb 36 a8 7b fc e9 ea 36 ce | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76eb8d (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 35 | vendor id hash md5 final bytes@0x556c5075e190 (length 16) | 4c 7e fa 31 b3 9e 51 04 32 a3 17 57 0d 97 bb b9 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76eb9e (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 34 | vendor id hash md5 final bytes@0x556c5075e1b0 (length 16) | 76 c7 2b fd 39 84 24 dd 00 1b 86 d0 01 2f e0 61 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76ebaf (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 33 | vendor id hash md5 final bytes@0x556c5075e1d0 (length 16) | fb 46 41 ad 0e eb 2a 34 49 1d 15 f4 ef f5 10 63 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76ebc0 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 32 | vendor id hash md5 final bytes@0x556c5075e1f0 (length 16) | 29 99 32 27 7b 7d fe 38 2c e2 34 65 33 3a 7d 23 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76ebd1 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 31 | vendor id hash md5 final bytes@0x556c5075e210 (length 16) | e3 7f 2d 5b a8 9a 62 cd 20 2e e2 7d ac 06 c8 a8 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76ebe2 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 38 2e 30 | vendor id hash md5 final bytes@0x556c5075e230 (length 16) | 32 f0 e9 b9 c0 6d fe 8c 9a d5 59 9a 63 69 71 a1 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76ebf3 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 37 2e 33 | vendor id hash md5 final bytes@0x556c5075e250 (length 16) | 7f 50 cc 4e bf 04 c2 d9 da 73 ab fd 69 b7 7a a2 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76ec04 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 37 2e 32 | vendor id hash md5 final bytes@0x556c5075e270 (length 16) | a1 94 e2 aa dd d0 ba fb 95 25 3d d9 6d c7 33 eb | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76ec15 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 37 2e 31 | vendor id hash md5 final bytes@0x556c5075e290 (length 16) | 81 34 87 85 82 12 17 85 ba 65 ea 34 5d 6b a7 24 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76ec26 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 37 2e 30 | vendor id hash md5 final bytes@0x556c5075e2b0 (length 16) | 07 fa 12 8e 47 54 f9 44 7b 1d d4 63 74 ee f3 60 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76ec37 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 36 2e 34 | vendor id hash md5 final bytes@0x556c5075e2d0 (length 16) | b9 27 f9 52 19 a0 fe 36 00 db a3 c1 18 2a e5 5f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76ec48 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 36 2e 33 | vendor id hash md5 final bytes@0x556c5075e2f0 (length 16) | b2 86 0e 78 37 f7 11 be f3 d0 ee b1 06 87 2d ed | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76ec59 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 36 2e 32 | vendor id hash md5 final bytes@0x556c5075e310 (length 16) | 5b 1c d6 fe 7d 05 0e da 6c 93 87 1c 10 7d b3 d2 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76ec6a (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 36 2e 31 | vendor id hash md5 final bytes@0x556c5075e330 (length 16) | 66 af bc 12 bb fe 6c e1 08 b1 f6 9f 4b c9 17 b7 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76ec7b (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 36 2e 30 | vendor id hash md5 final bytes@0x556c5075e350 (length 16) | 3f 32 66 49 9f fd bd 85 95 0e 70 22 98 06 28 44 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76ec8c (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 37 | vendor id hash md5 final bytes@0x556c5075e370 (length 16) | 1f 44 42 29 6b 83 d7 e3 3a 8b 45 20 9b a0 e5 90 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76ec9d (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 36 | vendor id hash md5 final bytes@0x556c5075e390 (length 16) | 3c 5e ba 3d 85 64 92 8e 32 ae 43 c3 d9 92 4d ee | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76ecae (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 35 | vendor id hash md5 final bytes@0x556c5075e3b0 (length 16) | 3f 26 7e d6 21 ad a7 ee 6c 7d 88 93 cc b0 b1 4b | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76ecbf (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 34 | vendor id hash md5 final bytes@0x556c5075e3d0 (length 16) | 7a 6b f5 b7 df 89 64 2a 75 a7 8e f7 d6 57 c1 c0 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76ecd0 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 33 | vendor id hash md5 final bytes@0x556c5075e3f0 (length 16) | df 5b 1f 0f 1d 56 79 d9 f8 51 2b 16 c5 5a 60 65 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76ece1 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 32 | vendor id hash md5 final bytes@0x556c5075e410 (length 16) | 86 1c e5 eb 72 16 4b 19 0e 9e 62 9a 31 cf 49 01 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76ecf2 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 31 | vendor id hash md5 final bytes@0x556c5075e430 (length 16) | 9a 4a 46 48 f6 0f 8e da 7c fc bf e2 71 ee 5b 7d | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76ed03 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 35 2e 30 | vendor id hash md5 final bytes@0x556c5075e450 (length 16) | 9e b3 d9 07 ed 7a da 4e 3c bc ac b9 17 ab c8 e4 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76ed14 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 34 2e 34 | vendor id hash md5 final bytes@0x556c5075e470 (length 16) | 48 5a 70 36 1b 44 33 b3 1d ea 1c 6b e0 df 24 3e | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76ed25 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 34 2e 33 | vendor id hash md5 final bytes@0x556c5075e490 (length 16) | 98 2b 7a 06 3a 33 c1 43 a8 ea dc 88 24 9f 6b cc | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76ed36 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 34 2e 32 | vendor id hash md5 final bytes@0x556c5075e4b0 (length 16) | e7 a3 fd 0c 6d 77 1a 8f 1b 8a 86 a4 16 9c 9e a4 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76ed47 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 34 2e 31 | vendor id hash md5 final bytes@0x556c5075e4d0 (length 16) | 75 b0 65 3c b2 81 eb 26 d3 1e de 38 c8 e1 e2 28 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76ed58 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 34 2e 30 | vendor id hash md5 final bytes@0x556c5075e4f0 (length 16) | e8 29 c8 81 49 ba b3 c0 ce e8 5d a6 0e 18 ae 9b | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76ed69 (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 33 2e 32 | vendor id hash md5 final bytes@0x556c5075e510 (length 16) | 42 a4 83 4c 92 ab 9a 77 77 06 3a fa 25 4b cb 69 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76ed7a (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 33 2e 31 | vendor id hash md5 final bytes@0x556c5075e530 (length 16) | f6 97 c1 af cc 2e c8 dd cd f9 9d c7 af 03 a6 7f | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76ed8b (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 33 2e 30 | vendor id hash md5 final bytes@0x556c5075e550 (length 16) | b8 f9 2b 2f a2 d3 fe 5f e1 58 34 4b da 1c c6 ae | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76ed9c (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 32 2e 32 | vendor id hash md5 final bytes@0x556c5075e570 (length 16) | 99 dc 7c c8 23 37 6b 3b 33 d0 43 57 89 6a e0 7b | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76edad (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 32 2e 31 | vendor id hash md5 final bytes@0x556c5075e590 (length 16) | d9 11 8b 1e 9d e5 ef ce d9 cc 9d 88 3f 21 68 ff | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f76edbe (length 16) | 73 74 72 6f 6e 67 53 77 61 6e 20 32 2e 32 2e 30 | vendor id hash md5 final bytes@0x556c5075e5b0 (length 16) | 85 b6 cb ec 48 0d 5c 8c d9 88 2c 82 5a c2 c2 44 | vendor id hash md5 init | vendor id hash md5 digest data-bytes@0x556c4f777707 (length 13) | 46 52 41 47 4d 45 4e 54 41 54 49 4f 4e | vendor id hash md5 final bytes@0x556c5075e5d0 (length 16) | 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 | global one-shot timer EVENT_CHECK_CRLS initialized selinux support is enabled. systemd watchdog not enabled - not sending watchdog keepalives | unbound context created - setting debug level to 5 | /etc/hosts lookups activated | /etc/resolv.conf usage activated | outgoing-port-avoid set 0-65535 | outgoing-port-permit set 32768-60999 | Loading dnssec root key from:/var/lib/unbound/root.key | No additional dnssec trust anchors defined via dnssec-trusted= option | Setting up events, loop start | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x556c507504f0 | libevent_malloc: new ptr-libevent@0x556c507678b0 size 128 | libevent_malloc: new ptr-libevent@0x556c50767940 size 16 | libevent_realloc: new ptr-libevent@0x556c506cb5b0 size 256 | libevent_malloc: new ptr-libevent@0x556c50767960 size 8 | libevent_realloc: new ptr-libevent@0x556c5075c600 size 144 | libevent_malloc: new ptr-libevent@0x556c50767980 size 152 | libevent_malloc: new ptr-libevent@0x556c50767a20 size 16 | signal event handler PLUTO_SIGCHLD installed | libevent_malloc: new ptr-libevent@0x556c50767a40 size 8 | libevent_malloc: new ptr-libevent@0x556c50767a60 size 152 | signal event handler PLUTO_SIGTERM installed | libevent_malloc: new ptr-libevent@0x556c50767b00 size 8 | libevent_malloc: new ptr-libevent@0x556c50767b20 size 152 | signal event handler PLUTO_SIGHUP installed | libevent_malloc: new ptr-libevent@0x556c50767bc0 size 8 | libevent_realloc: release ptr-libevent@0x556c5075c600 | libevent_realloc: new ptr-libevent@0x556c50767be0 size 256 | libevent_malloc: new ptr-libevent@0x556c5075c600 size 152 | signal event handler PLUTO_SIGSYS installed | created addconn helper (pid:10396) using fork+execve | forked child 10396 | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | pluto_sd: executing action action: reloading(4), status 0 listening for IKE messages | starting up helper thread 1 | status value returned by setting the priority of this thread (crypto helper 1) 22 | crypto helper 1 waiting (nothing to do) | starting up helper thread 3 | status value returned by setting the priority of this thread (crypto helper 3) 22 | crypto helper 3 waiting (nothing to do) | starting up helper thread 6 | status value returned by setting the priority of this thread (crypto helper 6) 22 | crypto helper 6 waiting (nothing to do) | starting up helper thread 0 | status value returned by setting the priority of this thread (crypto helper 0) 22 | crypto helper 0 waiting (nothing to do) | starting up helper thread 2 | status value returned by setting the priority of this thread (crypto helper 2) 22 | crypto helper 2 waiting (nothing to do) | starting up helper thread 4 | status value returned by setting the priority of this thread (crypto helper 4) 22 | crypto helper 4 waiting (nothing to do) | starting up helper thread 5 | status value returned by setting the priority of this thread (crypto helper 5) 22 | crypto helper 5 waiting (nothing to do) | Inspecting interface lo | found lo with address 127.0.0.1 | Inspecting interface eth0 | found eth0 with address 192.0.1.254 | Inspecting interface eth1 | found eth1 with address 192.1.2.45 Kernel supports NIC esp-hw-offload adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.45:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface eth1/eth1 192.1.2.45:4500 adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.1.254:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface eth0/eth0 192.0.1.254:4500 adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface lo/lo 127.0.0.1:4500 | no interfaces to sort | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations | add_fd_read_event_handler: new ethX-pe@0x556c50767f90 | libevent_malloc: new ptr-libevent@0x556c50767fd0 size 128 | libevent_malloc: new ptr-libevent@0x556c50768060 size 16 | setup callback for interface lo 127.0.0.1:4500 fd 22 | add_fd_read_event_handler: new ethX-pe@0x556c50768080 | libevent_malloc: new ptr-libevent@0x556c507680c0 size 128 | libevent_malloc: new ptr-libevent@0x556c50768150 size 16 | setup callback for interface lo 127.0.0.1:500 fd 21 | add_fd_read_event_handler: new ethX-pe@0x556c50768170 | libevent_malloc: new ptr-libevent@0x556c507681b0 size 128 | libevent_malloc: new ptr-libevent@0x556c50768240 size 16 | setup callback for interface eth0 192.0.1.254:4500 fd 20 | add_fd_read_event_handler: new ethX-pe@0x556c50768260 | libevent_malloc: new ptr-libevent@0x556c507682a0 size 128 | libevent_malloc: new ptr-libevent@0x556c50768330 size 16 | setup callback for interface eth0 192.0.1.254:500 fd 19 | add_fd_read_event_handler: new ethX-pe@0x556c50768350 | libevent_malloc: new ptr-libevent@0x556c50768390 size 128 | libevent_malloc: new ptr-libevent@0x556c50768420 size 16 | setup callback for interface eth1 192.1.2.45:4500 fd 18 | add_fd_read_event_handler: new ethX-pe@0x556c50768440 | libevent_malloc: new ptr-libevent@0x556c50768480 size 128 | libevent_malloc: new ptr-libevent@0x556c50768510 size 16 | setup callback for interface eth1 192.1.2.45:500 fd 17 | certs and keys locked by 'free_preshared_secrets' | certs and keys unlocked by 'free_preshared_secrets' loading secrets from "/etc/ipsec.secrets" | id type added to secret(0x556c5075d550) PKK_PSK: @west | id type added to secret(0x556c5075d550) PKK_PSK: @east | Processing PSK at line 1: passed | certs and keys locked by 'process_secret' | certs and keys unlocked by 'process_secret' | pluto_sd: executing action action: ready(5), status 0 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.661 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | pluto_sd: executing action action: reloading(4), status 0 listening for IKE messages | Inspecting interface lo | found lo with address 127.0.0.1 | Inspecting interface eth0 | found eth0 with address 192.0.1.254 | Inspecting interface eth1 | found eth1 with address 192.1.2.45 | no interfaces to sort | libevent_free: release ptr-libevent@0x556c50767fd0 | free_event_entry: release EVENT_NULL-pe@0x556c50767f90 | add_fd_read_event_handler: new ethX-pe@0x556c50767f90 | libevent_malloc: new ptr-libevent@0x556c50767fd0 size 128 | setup callback for interface lo 127.0.0.1:4500 fd 22 | libevent_free: release ptr-libevent@0x556c507680c0 | free_event_entry: release EVENT_NULL-pe@0x556c50768080 | add_fd_read_event_handler: new ethX-pe@0x556c50768080 | libevent_malloc: new ptr-libevent@0x556c507680c0 size 128 | setup callback for interface lo 127.0.0.1:500 fd 21 | libevent_free: release ptr-libevent@0x556c507681b0 | free_event_entry: release EVENT_NULL-pe@0x556c50768170 | add_fd_read_event_handler: new ethX-pe@0x556c50768170 | libevent_malloc: new ptr-libevent@0x556c507681b0 size 128 | setup callback for interface eth0 192.0.1.254:4500 fd 20 | libevent_free: release ptr-libevent@0x556c507682a0 | free_event_entry: release EVENT_NULL-pe@0x556c50768260 | add_fd_read_event_handler: new ethX-pe@0x556c50768260 | libevent_malloc: new ptr-libevent@0x556c507682a0 size 128 | setup callback for interface eth0 192.0.1.254:500 fd 19 | libevent_free: release ptr-libevent@0x556c50768390 | free_event_entry: release EVENT_NULL-pe@0x556c50768350 | add_fd_read_event_handler: new ethX-pe@0x556c50768350 | libevent_malloc: new ptr-libevent@0x556c50768390 size 128 | setup callback for interface eth1 192.1.2.45:4500 fd 18 | libevent_free: release ptr-libevent@0x556c50768480 | free_event_entry: release EVENT_NULL-pe@0x556c50768440 | add_fd_read_event_handler: new ethX-pe@0x556c50768440 | libevent_malloc: new ptr-libevent@0x556c50768480 size 128 | setup callback for interface eth1 192.1.2.45:500 fd 17 | certs and keys locked by 'free_preshared_secrets' forgetting secrets | certs and keys unlocked by 'free_preshared_secrets' loading secrets from "/etc/ipsec.secrets" | id type added to secret(0x556c5075d550) PKK_PSK: @west | id type added to secret(0x556c5075d550) PKK_PSK: @east | Processing PSK at line 1: passed | certs and keys locked by 'process_secret' | certs and keys unlocked by 'process_secret' | pluto_sd: executing action action: ready(5), status 0 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.277 milliseconds in whack | processing signal PLUTO_SIGCHLD | waitpid returned pid 10396 (exited with status 0) | reaped addconn helper child (status 0) | waitpid returned ECHILD (no child processes left) | spent 0.0228 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing none + suppress-retransmits | base impairing = suppress-retransmits | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0473 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection aes128 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_CBC_128-HMAC_SHA1-MODP2048 | from whack: got --esp=aes128-sha1;modp2048 | ESP/AH string values: AES_CBC_128-HMAC_SHA1_96-MODP2048 | counting wild cards for @west is 0 | counting wild cards for @east is 0 | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x556c50734860 added connection description "aes128" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.139 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in initiate_a_connection() at initiate.c:186) | connection 'aes128' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #1 at 0x556c507694f0 | State DB: adding IKEv2 state #1 in UNDEFINED | pstats #1 ikev2.ike started | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #1 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "aes128" IKE SA #1 "aes128" "aes128" #1: initiating v2 parent SA | constructing local IKE proposals for aes128 (IKE SA initiator selecting KE) | converting ike_info AES_CBC_128-HMAC_SHA1-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "aes128": constructed local IKE proposals for aes128 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 1 for state #1 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x556c5076b210 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x556c5076b250 size 128 | #1 spent 0.13 milliseconds in ikev2_parent_outI1() | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: state #1 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.189 milliseconds in whack | crypto helper 1 resuming | crypto helper 1 starting work-order 1 for state #1 | crypto helper 1 doing build KE and nonce (ikev2_outI1 KE); request ID 1 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f4568000d60: created | NSS: Local DH MODP2048 secret (pointer): 0x7f4568000d60 | NSS: Public DH wire value: | 45 ad 5c 1c 07 fa b3 b7 ed 12 9f a0 bf 27 a5 3e | fb cf f2 41 4a eb 76 f6 1d c4 cf 69 e4 95 d5 90 | ed 02 a5 61 75 d5 6d 76 f2 da 92 1d ac 57 b4 1f | 22 bc 97 c0 ac 3d 48 43 0d b6 44 f9 62 61 3e 8a | a4 ac 9a f7 03 4d 68 47 3d d7 c9 81 3a a6 44 26 | b2 4a 74 ef e9 19 a7 ee b0 cb 08 fd aa 65 c5 71 | a8 5a ca 30 bb 63 69 e6 b1 6d c2 f7 4f 0b 5c 39 | 40 39 8e 22 2c e0 a5 ea f7 cb 5b 65 aa f6 3e 98 | c1 5b 3a 9f 84 8c b3 d2 92 2c bd d4 7a 7f 64 7f | a7 c5 28 4a fb d0 1e 1d d0 4b 84 2e 8e 27 57 68 | 75 30 4f 53 2c 5e 4c 5f ef c1 1e a1 87 c2 9e 16 | 95 97 be 4f bd 01 c3 11 09 6f d2 58 18 26 d0 47 | a9 a5 88 ba 2b 48 03 c4 2d 32 60 f7 71 9c 10 41 | dc 68 69 b9 24 8d 78 48 db cf be 9f 20 4e 59 93 | f2 d0 d6 cb d9 ee 0a 61 01 e2 c9 fa 95 84 ab d2 | 5b 42 f7 1e cf 19 04 a3 b9 f0 90 38 db fe 61 02 | Generated nonce: b7 cd 8a 86 f0 01 6d 5a c6 31 bf 73 c2 a1 9f f2 | Generated nonce: 9e 4d 11 62 f6 6b 97 cf c6 be bf e4 57 7a ad d1 | crypto helper 1 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.001119 seconds | (#1) spent 1.12 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) | crypto helper 1 sending results from work-order 1 for state #1 to event queue | scheduling resume sending helper answer for #1 | libevent_malloc: new ptr-libevent@0x7f4568006900 size 128 | crypto helper 1 waiting (nothing to do) | processing resume sending helper answer for #1 | start processing: state #1 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 1 replies to request ID 1 | calling continuation function 0x556c4f6f1630 | ikev2_parent_outI1_continue for #1 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f4568000d60: transferring ownership from helper KE to state #1 | **emit ISAKMP Message: | initiator cookie: | 39 8e 7c f7 c4 ba 85 ba | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection aes128 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 45 ad 5c 1c 07 fa b3 b7 ed 12 9f a0 bf 27 a5 3e | ikev2 g^x fb cf f2 41 4a eb 76 f6 1d c4 cf 69 e4 95 d5 90 | ikev2 g^x ed 02 a5 61 75 d5 6d 76 f2 da 92 1d ac 57 b4 1f | ikev2 g^x 22 bc 97 c0 ac 3d 48 43 0d b6 44 f9 62 61 3e 8a | ikev2 g^x a4 ac 9a f7 03 4d 68 47 3d d7 c9 81 3a a6 44 26 | ikev2 g^x b2 4a 74 ef e9 19 a7 ee b0 cb 08 fd aa 65 c5 71 | ikev2 g^x a8 5a ca 30 bb 63 69 e6 b1 6d c2 f7 4f 0b 5c 39 | ikev2 g^x 40 39 8e 22 2c e0 a5 ea f7 cb 5b 65 aa f6 3e 98 | ikev2 g^x c1 5b 3a 9f 84 8c b3 d2 92 2c bd d4 7a 7f 64 7f | ikev2 g^x a7 c5 28 4a fb d0 1e 1d d0 4b 84 2e 8e 27 57 68 | ikev2 g^x 75 30 4f 53 2c 5e 4c 5f ef c1 1e a1 87 c2 9e 16 | ikev2 g^x 95 97 be 4f bd 01 c3 11 09 6f d2 58 18 26 d0 47 | ikev2 g^x a9 a5 88 ba 2b 48 03 c4 2d 32 60 f7 71 9c 10 41 | ikev2 g^x dc 68 69 b9 24 8d 78 48 db cf be 9f 20 4e 59 93 | ikev2 g^x f2 d0 d6 cb d9 ee 0a 61 01 e2 c9 fa 95 84 ab d2 | ikev2 g^x 5b 42 f7 1e cf 19 04 a3 b9 f0 90 38 db fe 61 02 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce b7 cd 8a 86 f0 01 6d 5a c6 31 bf 73 c2 a1 9f f2 | IKEv2 nonce 9e 4d 11 62 f6 6b 97 cf c6 be bf e4 57 7a ad d1 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffdc298a810 (length 8) | 39 8e 7c f7 c4 ba 85 ba | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffdc298a818 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffdc298a744 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffdc298a736 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffdc298a7c0 (length 20) | 96 22 89 1d 49 b2 3b df 8b 3e fa 3e e5 2b e2 0d | ee 3a b4 a8 | natd_hash: hasher=0x556c4f7c77a0(20) | natd_hash: icookie= 39 8e 7c f7 c4 ba 85 ba | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 96 22 89 1d 49 b2 3b df 8b 3e fa 3e e5 2b e2 0d | natd_hash: hash= ee 3a b4 a8 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 96 22 89 1d 49 b2 3b df 8b 3e fa 3e e5 2b e2 0d | Notify data ee 3a b4 a8 | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffdc298a810 (length 8) | 39 8e 7c f7 c4 ba 85 ba | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffdc298a818 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffdc298a744 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffdc298a736 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffdc298a7c0 (length 20) | 04 03 d7 1e 1f ac 4c 62 a7 2f 76 46 69 6a 75 33 | a2 b7 6a d7 | natd_hash: hasher=0x556c4f7c77a0(20) | natd_hash: icookie= 39 8e 7c f7 c4 ba 85 ba | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 04 03 d7 1e 1f ac 4c 62 a7 2f 76 46 69 6a 75 33 | natd_hash: hash= a2 b7 6a d7 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 04 03 d7 1e 1f ac 4c 62 a7 2f 76 46 69 6a 75 33 | Notify data a2 b7 6a d7 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | stop processing: state #1 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #1 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #1 to 4294967295 after switching state | Message ID: IKE #1 skipping update_recv as MD is fake | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "aes128" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 440 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) | 39 8e 7c f7 c4 ba 85 ba 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 45 ad 5c 1c 07 fa b3 b7 ed 12 9f a0 | bf 27 a5 3e fb cf f2 41 4a eb 76 f6 1d c4 cf 69 | e4 95 d5 90 ed 02 a5 61 75 d5 6d 76 f2 da 92 1d | ac 57 b4 1f 22 bc 97 c0 ac 3d 48 43 0d b6 44 f9 | 62 61 3e 8a a4 ac 9a f7 03 4d 68 47 3d d7 c9 81 | 3a a6 44 26 b2 4a 74 ef e9 19 a7 ee b0 cb 08 fd | aa 65 c5 71 a8 5a ca 30 bb 63 69 e6 b1 6d c2 f7 | 4f 0b 5c 39 40 39 8e 22 2c e0 a5 ea f7 cb 5b 65 | aa f6 3e 98 c1 5b 3a 9f 84 8c b3 d2 92 2c bd d4 | 7a 7f 64 7f a7 c5 28 4a fb d0 1e 1d d0 4b 84 2e | 8e 27 57 68 75 30 4f 53 2c 5e 4c 5f ef c1 1e a1 | 87 c2 9e 16 95 97 be 4f bd 01 c3 11 09 6f d2 58 | 18 26 d0 47 a9 a5 88 ba 2b 48 03 c4 2d 32 60 f7 | 71 9c 10 41 dc 68 69 b9 24 8d 78 48 db cf be 9f | 20 4e 59 93 f2 d0 d6 cb d9 ee 0a 61 01 e2 c9 fa | 95 84 ab d2 5b 42 f7 1e cf 19 04 a3 b9 f0 90 38 | db fe 61 02 29 00 00 24 b7 cd 8a 86 f0 01 6d 5a | c6 31 bf 73 c2 a1 9f f2 9e 4d 11 62 f6 6b 97 cf | c6 be bf e4 57 7a ad d1 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 96 22 89 1d 49 b2 3b df | 8b 3e fa 3e e5 2b e2 0d ee 3a b4 a8 00 00 00 1c | 00 00 40 05 04 03 d7 1e 1f ac 4c 62 a7 2f 76 46 | 69 6a 75 33 a2 b7 6a d7 | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x556c5076b250 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x556c5076b210 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "aes128" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x556c5076b210 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x556c5076b250 size 128 | #1 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49489.967396 | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD | #1 spent 0.56 milliseconds in resume sending helper answer | stop processing: state #1 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f4568006900 | spent 0.00287 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 39 8e 7c f7 c4 ba 85 ba ca d8 bc 42 bd 8c 6a 15 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 a3 f6 ac 2c 72 e6 34 da ce cb 9f cf | ed e3 d7 95 5d bd 1f e3 90 10 5b b1 bc 90 14 2e | fb 5a 7a 26 d6 94 b3 97 70 40 56 5c 7c 76 ee d1 | 61 1b 64 29 03 14 1f ed 0f c1 ac f4 69 c0 00 17 | 15 f4 34 a1 9e e2 c8 f4 6a b4 bb 79 f0 84 fe 7b | 4b df d2 9f fc a0 b5 82 69 c7 4d 14 1f 51 6d 0e | 34 b7 c2 33 a9 93 e3 c6 5f 54 cf 37 ff ac 1a 45 | 1b e3 8c 5a 28 e6 20 fa f8 17 64 ae bb 3e b6 82 | f9 3c a8 7f 2d e6 33 c0 cf 9a bd 9d aa 3e 82 1a | 4c 7a 61 5f 90 f8 56 3e 40 35 28 4b 8a 63 e9 56 | 0e 7a 4c b2 0d 63 63 f2 b6 cc 7d 7a d5 b7 b3 82 | 8c 5f 1b f6 63 d1 78 1f 67 68 cb 7d 1a 6e bb 71 | e9 17 87 ac 7d 97 6d 64 71 21 7d 6d 7c a2 d2 fe | 08 ac 89 28 63 de 9e 7c 7e 84 f6 13 9d 47 f9 3d | 89 b0 64 ff 5b c1 46 c0 4e e7 de 4f 65 07 29 3e | 85 be f0 61 96 8a f1 e5 ab ed 73 06 3b 2c aa 81 | 61 30 04 92 29 00 00 24 3f 9b e3 5c 66 a1 00 89 | b9 63 c0 be 47 a6 20 17 16 81 86 ad 51 d3 62 1d | a3 d7 61 ff 7c 32 a0 1b 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 29 5d 28 e9 37 37 db b6 | bc 59 bf 7c 56 0f 90 86 99 66 1d f4 00 00 00 1c | 00 00 40 05 15 86 98 fc 21 7a 01 4c 16 fd 61 19 | 90 68 46 b1 04 2b f0 90 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 39 8e 7c f7 c4 ba 85 ba | responder cookie: | ca d8 bc 42 bd 8c 6a 15 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #1 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #1 connection "aes128" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #1 is idle | #1 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] | #1 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | Now let's proceed with state specific processing | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | ikev2 parent inR1: calculating g^{xy} in order to send I2 | DH public value received: | a3 f6 ac 2c 72 e6 34 da ce cb 9f cf ed e3 d7 95 | 5d bd 1f e3 90 10 5b b1 bc 90 14 2e fb 5a 7a 26 | d6 94 b3 97 70 40 56 5c 7c 76 ee d1 61 1b 64 29 | 03 14 1f ed 0f c1 ac f4 69 c0 00 17 15 f4 34 a1 | 9e e2 c8 f4 6a b4 bb 79 f0 84 fe 7b 4b df d2 9f | fc a0 b5 82 69 c7 4d 14 1f 51 6d 0e 34 b7 c2 33 | a9 93 e3 c6 5f 54 cf 37 ff ac 1a 45 1b e3 8c 5a | 28 e6 20 fa f8 17 64 ae bb 3e b6 82 f9 3c a8 7f | 2d e6 33 c0 cf 9a bd 9d aa 3e 82 1a 4c 7a 61 5f | 90 f8 56 3e 40 35 28 4b 8a 63 e9 56 0e 7a 4c b2 | 0d 63 63 f2 b6 cc 7d 7a d5 b7 b3 82 8c 5f 1b f6 | 63 d1 78 1f 67 68 cb 7d 1a 6e bb 71 e9 17 87 ac | 7d 97 6d 64 71 21 7d 6d 7c a2 d2 fe 08 ac 89 28 | 63 de 9e 7c 7e 84 f6 13 9d 47 f9 3d 89 b0 64 ff | 5b c1 46 c0 4e e7 de 4f 65 07 29 3e 85 be f0 61 | 96 8a f1 e5 ab ed 73 06 3b 2c aa 81 61 30 04 92 | using existing local IKE proposals for connection aes128 (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE initiator (accepting) 1 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..1] of 1 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048[first-match] | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | PRF ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1 | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffdc298a2d0 (length 8) | 39 8e 7c f7 c4 ba 85 ba | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffdc298a2d8 (length 8) | ca d8 bc 42 bd 8c 6a 15 | NATD hash sha digest IP addr-bytes@0x7ffdc298a264 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffdc298a256 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffdc298a2e0 (length 20) | 15 86 98 fc 21 7a 01 4c 16 fd 61 19 90 68 46 b1 | 04 2b f0 90 | natd_hash: hasher=0x556c4f7c77a0(20) | natd_hash: icookie= 39 8e 7c f7 c4 ba 85 ba | natd_hash: rcookie= ca d8 bc 42 bd 8c 6a 15 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 15 86 98 fc 21 7a 01 4c 16 fd 61 19 90 68 46 b1 | natd_hash: hash= 04 2b f0 90 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffdc298a2d0 (length 8) | 39 8e 7c f7 c4 ba 85 ba | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffdc298a2d8 (length 8) | ca d8 bc 42 bd 8c 6a 15 | NATD hash sha digest IP addr-bytes@0x7ffdc298a264 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffdc298a256 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffdc298a300 (length 20) | 29 5d 28 e9 37 37 db b6 bc 59 bf 7c 56 0f 90 86 | 99 66 1d f4 | natd_hash: hasher=0x556c4f7c77a0(20) | natd_hash: icookie= 39 8e 7c f7 c4 ba 85 ba | natd_hash: rcookie= ca d8 bc 42 bd 8c 6a 15 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 29 5d 28 e9 37 37 db b6 bc 59 bf 7c 56 0f 90 86 | natd_hash: hash= 99 66 1d f4 | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA1 integ=HMAC_SHA1_96 cipherkey=AES_CBC | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7f4568000d60: transferring ownership from state #1 to helper IKEv2 DH | adding ikev2_inR1outI2 KE work-order 2 for state #1 | state #1 requesting EVENT_RETRANSMIT to be deleted | #1 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x556c5076b250 | free_event_entry: release EVENT_RETRANSMIT-pe@0x556c5076b210 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x556c5076b210 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x556c5076b250 size 128 | #1 spent 0.293 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() | [RE]START processing: state #1 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND | suspending state #1 and saving MD | #1 is busy; has a suspended MD | [RE]START processing: state #1 connection "aes128" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) | "aes128" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | stop processing: state #1 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #1 spent 0.551 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.563 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 3 resuming | crypto helper 3 starting work-order 2 for state #1 | crypto helper 3 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 | peer's g: a3 f6 ac 2c 72 e6 34 da ce cb 9f cf ed e3 d7 95 | peer's g: 5d bd 1f e3 90 10 5b b1 bc 90 14 2e fb 5a 7a 26 | peer's g: d6 94 b3 97 70 40 56 5c 7c 76 ee d1 61 1b 64 29 | peer's g: 03 14 1f ed 0f c1 ac f4 69 c0 00 17 15 f4 34 a1 | peer's g: 9e e2 c8 f4 6a b4 bb 79 f0 84 fe 7b 4b df d2 9f | peer's g: fc a0 b5 82 69 c7 4d 14 1f 51 6d 0e 34 b7 c2 33 | peer's g: a9 93 e3 c6 5f 54 cf 37 ff ac 1a 45 1b e3 8c 5a | peer's g: 28 e6 20 fa f8 17 64 ae bb 3e b6 82 f9 3c a8 7f | peer's g: 2d e6 33 c0 cf 9a bd 9d aa 3e 82 1a 4c 7a 61 5f | peer's g: 90 f8 56 3e 40 35 28 4b 8a 63 e9 56 0e 7a 4c b2 | peer's g: 0d 63 63 f2 b6 cc 7d 7a d5 b7 b3 82 8c 5f 1b f6 | peer's g: 63 d1 78 1f 67 68 cb 7d 1a 6e bb 71 e9 17 87 ac | peer's g: 7d 97 6d 64 71 21 7d 6d 7c a2 d2 fe 08 ac 89 28 | peer's g: 63 de 9e 7c 7e 84 f6 13 9d 47 f9 3d 89 b0 64 ff | peer's g: 5b c1 46 c0 4e e7 de 4f 65 07 29 3e 85 be f0 61 | peer's g: 96 8a f1 e5 ab ed 73 06 3b 2c aa 81 61 30 04 92 | Started DH shared-secret computation in NSS: | new : g_ir-key@0x556c507594c0 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7f4568000d60: computed shared DH secret key@0x556c507594c0 | dh-shared : g^ir-key@0x556c507594c0 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha integ=sha cipherkey-size=16 salt-size=0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha init Ni | Nr-chunk@0x7f4560001ef0 (length 64) | b7 cd 8a 86 f0 01 6d 5a c6 31 bf 73 c2 a1 9f f2 | 9e 4d 11 62 f6 6b 97 cf c6 be bf e4 57 7a ad d1 | 3f 9b e3 5c 66 a1 00 89 b9 63 c0 be 47 a6 20 17 | 16 81 86 ad 51 d3 62 1d a3 d7 61 ff 7c 32 a0 1b | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f457159a670 | result: Ni | Nr-key@0x556c507543d0 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x556c507543d0 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457159a658 | result: Ni | Nr-key@0x556c50757800 (64-bytes, SHA_1_HMAC) | Ni | Nr: release tmp-key@0x556c507543d0 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha context 0x7f4560002e80 from Ni | Nr-key@0x556c50757800 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha with context 0x7f4560002e80 from Ni | Nr-key@0x556c50757800 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x556c50757800 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha crypt-prf@0x7f45600016b0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha update g^ir-key@0x556c507594c0 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x556c507594c0 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x556c507594c0 | nss hmac digest hack: symkey-key@0x556c507594c0 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)1901699792: 06 fffffff4 36 08 ffffffc4 30 73 ffffff9a 56 ffffff88 ffffff8d ffffff99 fffffff3 25 ffffff92 6a ffffff84 18 76 63 ffffffdc 63 ffffff83 ffffff9a ffffffaf 7f 16 ffffff80 fffffffb 53 53 65 ffffff80 ffffff98 42 ffffffa9 ffffffa7 08 ffffffce fffffff6 73 ffffff98 ffffff8f 63 ffffffe5 fffffff4 ffffffe6 29 1a 6d ffffffbb 3b ffffffbc ffffff8c ffffffc4 5b ffffffac ffffffd4 ffffffa3 3c ffffffdc 7e ffffffba ffffffef 10 3c 49 47 ffffffa4 09 ffffffdb ffffffe7 35 3c 51 ffffff9e ffffffcf 54 3c ffffffd8 37 69 12 12 59 ffffffff ffffffbe ffffffa1 70 17 ffffffaa ffffffed ffffffe2 35 ffffffe9 ffffffb6 43 ffffff99 49 5c ffffffd6 23 32 ffffffa7 ffffffca 59 ffffffd8 66 ffffffb0 44 ffffffec ffffff85 fffffffb 58 3b 4e 21 69 ffffffcc ffffffc0 ffffffd0 54 ffffff99 02 2a fffffffd 3c 0a ffffffa5 37 32 39 ffffffe0 ffffffc0 4b 56 66 ffffffc1 1b ffffffb6 51 ffffff8e ffffff93 58 72 ffffffa0 ffffffce 1e 58 4a 46 ffffffca ffffffc8 76 ffffffc6 ffffffaa ffffffed fffff | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 256 bytes at 0x7f4560003dd0 | unwrapped: a5 6d 2c 51 6c 8c de 22 2d ca f4 ae de 99 3c 2b | unwrapped: 8e 0c e9 b3 f8 5a 37 fe b1 f2 12 6e 7e e6 aa bd | unwrapped: 13 38 67 ed 6c 9b 8e 19 90 24 92 04 7d fd 4f 16 | unwrapped: 4b e5 b7 1f 36 24 48 35 06 84 bb 01 42 03 c8 0c | unwrapped: e8 d9 49 78 57 9d 55 ca c1 30 e4 47 a6 fa f1 6a | unwrapped: 34 1c c4 e5 6e 5e 9e 88 5d f0 82 12 f0 b1 12 2c | unwrapped: 5d f4 a9 b3 36 cb 0d b9 5f 17 7a 8b 46 60 53 37 | unwrapped: e8 b1 cf fe 76 10 8f 72 bb 52 88 c3 56 47 57 b7 | unwrapped: 16 eb 37 69 6d 7e 41 54 7f ab 5a 0e a2 d7 c0 fe | unwrapped: b1 3d d8 3a 1e 8c 01 10 ba c4 c7 d5 1b 0e b8 d1 | unwrapped: 2d 8c b1 a3 49 1c 33 9b cc 5a 7c f7 23 d2 3d 6f | unwrapped: 1d a2 4b f2 69 ea b9 a0 3c 51 8d 02 4f 7a 75 42 | unwrapped: c7 23 78 95 cf 44 51 10 6c b2 a1 cf 8a 5e e2 82 | unwrapped: 5b c0 df d2 83 7a 2b 65 b5 6a 9d c4 14 ce be 36 | unwrapped: f5 36 24 17 eb c3 3f c1 dc a1 b6 56 d7 c6 aa 0d | unwrapped: 00 7c bc cf 66 d0 4e d7 21 15 80 a3 6b af 8e 2b | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f457159a690 | result: final-key@0x556c507543d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c507543d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457159a678 | result: final-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c507543d0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha final-key@0x556c50757800 (size 20) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f457159a600 | result: data=Ni-key@0x556c5074d280 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x556c5074d280 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457159a5e8 | result: data=Ni-key@0x556c507543d0 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x556c5074d280 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c507543d0 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f457159a5f0 | result: data+=Nr-key@0x556c5074d280 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x556c507543d0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c5074d280 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f457159a5f0 | result: data+=SPIi-key@0x556c507543d0 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x556c5074d280 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c507543d0 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f457159a5f0 | result: data+=SPIr-key@0x556c5074d280 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x556c507543d0 | prf+0 PRF sha init key-key@0x556c50757800 (size 20) | prf+0: key-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457159a518 | result: clone-key@0x556c507543d0 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f4560002e80 from key-key@0x556c507543d0 | prf+0 prf: begin sha with context 0x7f4560002e80 from key-key@0x556c507543d0 | prf+0: release clone-key@0x556c507543d0 | prf+0 PRF sha crypt-prf@0x7f45600018a0 | prf+0 PRF sha update seed-key@0x556c5074d280 (size 80) | prf+0: seed-key@0x556c5074d280 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x556c5074d280 | nss hmac digest hack: symkey-key@0x556c5074d280 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1901699424: 13 ffffffd8 6a 33 ffffffbe 1e 67 ffffffed ffffffc0 fffffff8 ffffff86 ffffffbd 70 ffffffb5 ffffff93 26 ffffffe7 62 1f 79 07 73 ffffffc5 fffffff5 ffffff92 fffffffa ffffffdb 42 ffffffbc ffffffef fffffffe 71 ffffffbc 33 57 ffffffd5 60 17 ffffffc0 ffffffce ffffff9c ffffffa0 ffffffdf ffffff84 03 1e ffffffb3 ffffff88 34 ffffffed ffffffaf 12 2b ffffffce 68 ffffffb1 2c 7f 2e 63 78 fffffff0 ffffffbe 0f 71 ffffff89 ffffffc9 6d 38 03 6d ffffffaa 23 ffffff9f ffffffd1 ffffffbd 26 fffffff3 2f 0a | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 80 bytes at 0x7f45600067f0 | unwrapped: b7 cd 8a 86 f0 01 6d 5a c6 31 bf 73 c2 a1 9f f2 | unwrapped: 9e 4d 11 62 f6 6b 97 cf c6 be bf e4 57 7a ad d1 | unwrapped: 3f 9b e3 5c 66 a1 00 89 b9 63 c0 be 47 a6 20 17 | unwrapped: 16 81 86 ad 51 d3 62 1d a3 d7 61 ff 7c 32 a0 1b | unwrapped: 39 8e 7c f7 c4 ba 85 ba ca d8 bc 42 bd 8c 6a 15 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f457159a520 | result: final-key@0x556c5075ae20 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c5075ae20 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457159a508 | result: final-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c5075ae20 | prf+0 PRF sha final-key@0x556c507543d0 (size 20) | prf+0: key-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x556c507543d0 | prf+N PRF sha init key-key@0x556c50757800 (size 20) | prf+N: key-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457159a518 | result: clone-key@0x556c5075ae20 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f4560002e80 from key-key@0x556c5075ae20 | prf+N prf: begin sha with context 0x7f4560002e80 from key-key@0x556c5075ae20 | prf+N: release clone-key@0x556c5075ae20 | prf+N PRF sha crypt-prf@0x7f4560001f40 | prf+N PRF sha update old_t-key@0x556c507543d0 (size 20) | prf+N: old_t-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x556c507543d0 | nss hmac digest hack: symkey-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1901699424: 29 79 30 ffffff8f fffffff2 6c 3a 6c ffffffbb ffffffca 41 36 03 25 ffffff9d ffffffe6 ffffffc2 0e 06 0e ffffffb7 73 ffffffea 3b 19 3b 3d 53 ffffffae ffffffb9 43 ffffff8e | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x7f4560006850 | unwrapped: 76 d5 fe 4d 5e 4e d0 1b 0e 2e a4 c4 ed eb b3 d0 | unwrapped: 65 87 ee af 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x556c5074d280 (size 80) | prf+N: seed-key@0x556c5074d280 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x556c5074d280 | nss hmac digest hack: symkey-key@0x556c5074d280 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1901699424: 13 ffffffd8 6a 33 ffffffbe 1e 67 ffffffed ffffffc0 fffffff8 ffffff86 ffffffbd 70 ffffffb5 ffffff93 26 ffffffe7 62 1f 79 07 73 ffffffc5 fffffff5 ffffff92 fffffffa ffffffdb 42 ffffffbc ffffffef fffffffe 71 ffffffbc 33 57 ffffffd5 60 17 ffffffc0 ffffffce ffffff9c ffffffa0 ffffffdf ffffff84 03 1e ffffffb3 ffffff88 34 ffffffed ffffffaf 12 2b ffffffce 68 ffffffb1 2c 7f 2e 63 78 fffffff0 ffffffbe 0f 71 ffffff89 ffffffc9 6d 38 03 6d ffffffaa 23 ffffff9f ffffffd1 ffffffbd 26 fffffff3 2f 0a | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 80 bytes at 0x7f4560006790 | unwrapped: b7 cd 8a 86 f0 01 6d 5a c6 31 bf 73 c2 a1 9f f2 | unwrapped: 9e 4d 11 62 f6 6b 97 cf c6 be bf e4 57 7a ad d1 | unwrapped: 3f 9b e3 5c 66 a1 00 89 b9 63 c0 be 47 a6 20 17 | unwrapped: 16 81 86 ad 51 d3 62 1d a3 d7 61 ff 7c 32 a0 1b | unwrapped: 39 8e 7c f7 c4 ba 85 ba ca d8 bc 42 bd 8c 6a 15 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f457159a520 | result: final-key@0x556c5074eb00 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c5074eb00 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457159a508 | result: final-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c5074eb00 | prf+N PRF sha final-key@0x556c5075ae20 (size 20) | prf+N: key-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f457159a598 | result: result-key@0x556c5074eb00 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x556c507543d0 | prfplus: release old_t[N]-key@0x556c507543d0 | prf+N PRF sha init key-key@0x556c50757800 (size 20) | prf+N: key-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457159a518 | result: clone-key@0x556c507543d0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f4560002e80 from key-key@0x556c507543d0 | prf+N prf: begin sha with context 0x7f4560002e80 from key-key@0x556c507543d0 | prf+N: release clone-key@0x556c507543d0 | prf+N PRF sha crypt-prf@0x7f4560001270 | prf+N PRF sha update old_t-key@0x556c5075ae20 (size 20) | prf+N: old_t-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x556c5075ae20 | nss hmac digest hack: symkey-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1901699424: ffffffe8 1d 6d 09 ffffffd7 7b ffffffe3 3d ffffffbe fffffff5 00 ffffffb2 52 43 2b 4c 4d ffffffbb 69 68 ffffffb7 ffffff8f 6d ffffff9e ffffffb4 ffffffee ffffffcd fffffff9 ffffffca 0a fffffff7 2b | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x7f456000a0b0 | unwrapped: 26 b8 28 d8 d2 a4 18 2f 5f aa ca 60 49 5e 0c 19 | unwrapped: e7 60 a7 90 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x556c5074d280 (size 80) | prf+N: seed-key@0x556c5074d280 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x556c5074d280 | nss hmac digest hack: symkey-key@0x556c5074d280 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1901699424: 13 ffffffd8 6a 33 ffffffbe 1e 67 ffffffed ffffffc0 fffffff8 ffffff86 ffffffbd 70 ffffffb5 ffffff93 26 ffffffe7 62 1f 79 07 73 ffffffc5 fffffff5 ffffff92 fffffffa ffffffdb 42 ffffffbc ffffffef fffffffe 71 ffffffbc 33 57 ffffffd5 60 17 ffffffc0 ffffffce ffffff9c ffffffa0 ffffffdf ffffff84 03 1e ffffffb3 ffffff88 34 ffffffed ffffffaf 12 2b ffffffce 68 ffffffb1 2c 7f 2e 63 78 fffffff0 ffffffbe 0f 71 ffffff89 ffffffc9 6d 38 03 6d ffffffaa 23 ffffff9f ffffffd1 ffffffbd 26 fffffff3 2f 0a | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 80 bytes at 0x7f4560006730 | unwrapped: b7 cd 8a 86 f0 01 6d 5a c6 31 bf 73 c2 a1 9f f2 | unwrapped: 9e 4d 11 62 f6 6b 97 cf c6 be bf e4 57 7a ad d1 | unwrapped: 3f 9b e3 5c 66 a1 00 89 b9 63 c0 be 47 a6 20 17 | unwrapped: 16 81 86 ad 51 d3 62 1d a3 d7 61 ff 7c 32 a0 1b | unwrapped: 39 8e 7c f7 c4 ba 85 ba ca d8 bc 42 bd 8c 6a 15 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f457159a520 | result: final-key@0x7f45600069f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f45600069f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457159a508 | result: final-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f45600069f0 | prf+N PRF sha final-key@0x556c507543d0 (size 20) | prf+N: key-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c5074eb00 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f457159a598 | result: result-key@0x7f45600069f0 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x556c5074eb00 | prfplus: release old_t[N]-key@0x556c5075ae20 | prf+N PRF sha init key-key@0x556c50757800 (size 20) | prf+N: key-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457159a518 | result: clone-key@0x556c5075ae20 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f4560002e80 from key-key@0x556c5075ae20 | prf+N prf: begin sha with context 0x7f4560002e80 from key-key@0x556c5075ae20 | prf+N: release clone-key@0x556c5075ae20 | prf+N PRF sha crypt-prf@0x7f4560002010 | prf+N PRF sha update old_t-key@0x556c507543d0 (size 20) | prf+N: old_t-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x556c507543d0 | nss hmac digest hack: symkey-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1901699424: ffffffa1 ffffff8f 18 ffffff89 45 ffffffe9 07 7b 03 ffffffee 18 0e 30 ffffffca 79 ffffffa2 ffffffb9 5e ffffffa6 ffffffd5 ffffff88 4c ffffff84 ffffff85 4b ffffff95 7e 4c 05 3f 5b ffffffbb | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x7f456000a400 | unwrapped: 41 ba 57 f1 0c 61 ce 4a b0 b7 55 dd 55 52 ad 41 | unwrapped: 63 24 52 9e 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x556c5074d280 (size 80) | prf+N: seed-key@0x556c5074d280 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x556c5074d280 | nss hmac digest hack: symkey-key@0x556c5074d280 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1901699424: 13 ffffffd8 6a 33 ffffffbe 1e 67 ffffffed ffffffc0 fffffff8 ffffff86 ffffffbd 70 ffffffb5 ffffff93 26 ffffffe7 62 1f 79 07 73 ffffffc5 fffffff5 ffffff92 fffffffa ffffffdb 42 ffffffbc ffffffef fffffffe 71 ffffffbc 33 57 ffffffd5 60 17 ffffffc0 ffffffce ffffff9c ffffffa0 ffffffdf ffffff84 03 1e ffffffb3 ffffff88 34 ffffffed ffffffaf 12 2b ffffffce 68 ffffffb1 2c 7f 2e 63 78 fffffff0 ffffffbe 0f 71 ffffff89 ffffffc9 6d 38 03 6d ffffffaa 23 ffffff9f ffffffd1 ffffffbd 26 fffffff3 2f 0a | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 80 bytes at 0x7f4560005030 | unwrapped: b7 cd 8a 86 f0 01 6d 5a c6 31 bf 73 c2 a1 9f f2 | unwrapped: 9e 4d 11 62 f6 6b 97 cf c6 be bf e4 57 7a ad d1 | unwrapped: 3f 9b e3 5c 66 a1 00 89 b9 63 c0 be 47 a6 20 17 | unwrapped: 16 81 86 ad 51 d3 62 1d a3 d7 61 ff 7c 32 a0 1b | unwrapped: 39 8e 7c f7 c4 ba 85 ba ca d8 bc 42 bd 8c 6a 15 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f457159a520 | result: final-key@0x556c5074eb00 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c5074eb00 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457159a508 | result: final-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c5074eb00 | prf+N PRF sha final-key@0x556c5075ae20 (size 20) | prf+N: key-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f45600069f0 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f457159a598 | result: result-key@0x556c5074eb00 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f45600069f0 | prfplus: release old_t[N]-key@0x556c507543d0 | prf+N PRF sha init key-key@0x556c50757800 (size 20) | prf+N: key-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457159a518 | result: clone-key@0x556c507543d0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f4560002e80 from key-key@0x556c507543d0 | prf+N prf: begin sha with context 0x7f4560002e80 from key-key@0x556c507543d0 | prf+N: release clone-key@0x556c507543d0 | prf+N PRF sha crypt-prf@0x7f4560001270 | prf+N PRF sha update old_t-key@0x556c5075ae20 (size 20) | prf+N: old_t-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x556c5075ae20 | nss hmac digest hack: symkey-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1901699424: ffffffdc ffffffc4 fffffffc 5f 41 ffffff9f ffffffae ffffffaa ffffffb7 ffffffc8 15 ffffff96 7b ffffffee ffffffe5 fffffff2 ffffff92 66 ffffffa8 ffffffbc 4c ffffff83 4a ffffffef ffffffee ffffffbf 19 63 3f ffffffdd ffffffe8 21 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x7f456000a3d0 | unwrapped: 86 b0 a4 e3 d8 95 79 4d 8c 09 92 b1 93 19 4a df | unwrapped: 78 bc 8d ac 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x556c5074d280 (size 80) | prf+N: seed-key@0x556c5074d280 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x556c5074d280 | nss hmac digest hack: symkey-key@0x556c5074d280 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1901699424: 13 ffffffd8 6a 33 ffffffbe 1e 67 ffffffed ffffffc0 fffffff8 ffffff86 ffffffbd 70 ffffffb5 ffffff93 26 ffffffe7 62 1f 79 07 73 ffffffc5 fffffff5 ffffff92 fffffffa ffffffdb 42 ffffffbc ffffffef fffffffe 71 ffffffbc 33 57 ffffffd5 60 17 ffffffc0 ffffffce ffffff9c ffffffa0 ffffffdf ffffff84 03 1e ffffffb3 ffffff88 34 ffffffed ffffffaf 12 2b ffffffce 68 ffffffb1 2c 7f 2e 63 78 fffffff0 ffffffbe 0f 71 ffffff89 ffffffc9 6d 38 03 6d ffffffaa 23 ffffff9f ffffffd1 ffffffbd 26 fffffff3 2f 0a | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 80 bytes at 0x7f456000a430 | unwrapped: b7 cd 8a 86 f0 01 6d 5a c6 31 bf 73 c2 a1 9f f2 | unwrapped: 9e 4d 11 62 f6 6b 97 cf c6 be bf e4 57 7a ad d1 | unwrapped: 3f 9b e3 5c 66 a1 00 89 b9 63 c0 be 47 a6 20 17 | unwrapped: 16 81 86 ad 51 d3 62 1d a3 d7 61 ff 7c 32 a0 1b | unwrapped: 39 8e 7c f7 c4 ba 85 ba ca d8 bc 42 bd 8c 6a 15 | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f457159a520 | result: final-key@0x7f45600069f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f45600069f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457159a508 | result: final-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f45600069f0 | prf+N PRF sha final-key@0x556c507543d0 (size 20) | prf+N: key-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c5074eb00 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f457159a598 | result: result-key@0x7f45600069f0 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x556c5074eb00 | prfplus: release old_t[N]-key@0x556c5075ae20 | prf+N PRF sha init key-key@0x556c50757800 (size 20) | prf+N: key-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457159a518 | result: clone-key@0x556c5075ae20 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f4560009f20 from key-key@0x556c5075ae20 | prf+N prf: begin sha with context 0x7f4560009f20 from key-key@0x556c5075ae20 | prf+N: release clone-key@0x556c5075ae20 | prf+N PRF sha crypt-prf@0x7f4560002010 | prf+N PRF sha update old_t-key@0x556c507543d0 (size 20) | prf+N: old_t-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x556c507543d0 | nss hmac digest hack: symkey-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1901699424: ffffffc7 00 ffffffed 41 ffffffa2 ffffffff ffffffb3 ffffffad 0d 4b ffffffee ffffffd1 ffffffd6 ffffffd0 61 ffffffcc 1d 07 ffffff82 6d ffffffa5 3b ffffffed ffffff92 5c ffffffed fffffff6 ffffff95 ffffff90 04 3b ffffffae | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x7f456000a380 | unwrapped: d0 b7 c1 82 7a e8 61 45 c2 97 ac b9 6b d8 e6 30 | unwrapped: 05 42 67 ba 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x556c5074d280 (size 80) | prf+N: seed-key@0x556c5074d280 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x556c5074d280 | nss hmac digest hack: symkey-key@0x556c5074d280 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1901699424: 13 ffffffd8 6a 33 ffffffbe 1e 67 ffffffed ffffffc0 fffffff8 ffffff86 ffffffbd 70 ffffffb5 ffffff93 26 ffffffe7 62 1f 79 07 73 ffffffc5 fffffff5 ffffff92 fffffffa ffffffdb 42 ffffffbc ffffffef fffffffe 71 ffffffbc 33 57 ffffffd5 60 17 ffffffc0 ffffffce ffffff9c ffffffa0 ffffffdf ffffff84 03 1e ffffffb3 ffffff88 34 ffffffed ffffffaf 12 2b ffffffce 68 ffffffb1 2c 7f 2e 63 78 fffffff0 ffffffbe 0f 71 ffffff89 ffffffc9 6d 38 03 6d ffffffaa 23 ffffff9f ffffffd1 ffffffbd 26 fffffff3 2f 0a | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 80 bytes at 0x7f4560006790 | unwrapped: b7 cd 8a 86 f0 01 6d 5a c6 31 bf 73 c2 a1 9f f2 | unwrapped: 9e 4d 11 62 f6 6b 97 cf c6 be bf e4 57 7a ad d1 | unwrapped: 3f 9b e3 5c 66 a1 00 89 b9 63 c0 be 47 a6 20 17 | unwrapped: 16 81 86 ad 51 d3 62 1d a3 d7 61 ff 7c 32 a0 1b | unwrapped: 39 8e 7c f7 c4 ba 85 ba ca d8 bc 42 bd 8c 6a 15 | prf+N PRF sha update N++-byte@0x6 (6) | 06 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f457159a520 | result: final-key@0x556c5074eb00 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c5074eb00 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457159a508 | result: final-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c5074eb00 | prf+N PRF sha final-key@0x556c5075ae20 (size 20) | prf+N: key-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f45600069f0 (100-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f457159a598 | result: result-key@0x556c5074eb00 (120-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f45600069f0 | prfplus: release old_t[N]-key@0x556c507543d0 | prf+N PRF sha init key-key@0x556c50757800 (size 20) | prf+N: key-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457159a518 | result: clone-key@0x556c507543d0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f4560002e80 from key-key@0x556c507543d0 | prf+N prf: begin sha with context 0x7f4560002e80 from key-key@0x556c507543d0 | prf+N: release clone-key@0x556c507543d0 | prf+N PRF sha crypt-prf@0x7f4560001270 | prf+N PRF sha update old_t-key@0x556c5075ae20 (size 20) | prf+N: old_t-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x556c5075ae20 | nss hmac digest hack: symkey-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1901699424: 3e ffffff9a 22 7c ffffff9f fffffffe ffffff80 ffffffc7 4f 2a ffffff8d 4a ffffffb1 ffffffef ffffff87 ffffff90 ffffffdf 25 33 12 64 50 ffffffa5 ffffffc2 ffffffed ffffffa0 ffffffac 30 ffffff8d 57 5f fffffff9 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x7f456000a5c0 | unwrapped: 4c 45 0c 57 d2 db ec 03 a1 86 49 41 35 9c 14 2a | unwrapped: 77 77 49 59 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x556c5074d280 (size 80) | prf+N: seed-key@0x556c5074d280 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x556c5074d280 | nss hmac digest hack: symkey-key@0x556c5074d280 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1901699424: 13 ffffffd8 6a 33 ffffffbe 1e 67 ffffffed ffffffc0 fffffff8 ffffff86 ffffffbd 70 ffffffb5 ffffff93 26 ffffffe7 62 1f 79 07 73 ffffffc5 fffffff5 ffffff92 fffffffa ffffffdb 42 ffffffbc ffffffef fffffffe 71 ffffffbc 33 57 ffffffd5 60 17 ffffffc0 ffffffce ffffff9c ffffffa0 ffffffdf ffffff84 03 1e ffffffb3 ffffff88 34 ffffffed ffffffaf 12 2b ffffffce 68 ffffffb1 2c 7f 2e 63 78 fffffff0 ffffffbe 0f 71 ffffff89 ffffffc9 6d 38 03 6d ffffffaa 23 ffffff9f ffffffd1 ffffffbd 26 fffffff3 2f 0a | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 80 bytes at 0x7f456000a430 | unwrapped: b7 cd 8a 86 f0 01 6d 5a c6 31 bf 73 c2 a1 9f f2 | unwrapped: 9e 4d 11 62 f6 6b 97 cf c6 be bf e4 57 7a ad d1 | unwrapped: 3f 9b e3 5c 66 a1 00 89 b9 63 c0 be 47 a6 20 17 | unwrapped: 16 81 86 ad 51 d3 62 1d a3 d7 61 ff 7c 32 a0 1b | unwrapped: 39 8e 7c f7 c4 ba 85 ba ca d8 bc 42 bd 8c 6a 15 | prf+N PRF sha update N++-byte@0x7 (7) | 07 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f457159a520 | result: final-key@0x7f45600069f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f45600069f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457159a508 | result: final-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f45600069f0 | prf+N PRF sha final-key@0x556c507543d0 (size 20) | prf+N: key-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c5074eb00 (120-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f457159a598 | result: result-key@0x7f45600069f0 (140-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x556c5074eb00 | prfplus: release old_t[N]-key@0x556c5075ae20 | prfplus: release old_t[final]-key@0x556c507543d0 | ike_sa_keymat: release data-key@0x556c5074d280 | calc_skeyseed_v2: release skeyseed_k-key@0x556c50757800 | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f45600069f0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457159a738 | result: result-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 20, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f45600069f0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457159a738 | result: result-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 40, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f45600069f0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457159a738 | result: result-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 60, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x7f45600069f0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457159a748 | result: SK_ei_k-key@0x556c5075ae20 (16-bytes, AES_CBC) | initiator salt NULL key has no bytes | calc_skeyseed_v2: release initiator-salt-key-key@NULL | key-offset: 76, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x7f45600069f0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457159a748 | result: SK_er_k-key@0x556c5074eb00 (16-bytes, AES_CBC) | responder salt NULL key has no bytes | calc_skeyseed_v2: release responder-salt-key-key@NULL | key-offset: 92, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f45600069f0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457159a748 | result: result-key@0x7f456000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 20 bytes of key@0x7f456000a510 | chunk_SK_pi: symkey-key@0x7f456000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)908092722: ffffffd3 ffffffee ffffffd8 ffffffd8 4c ffffffb1 1e ffffffe3 7d ffffff8a 55 ffffffa8 6b ffffffdb ffffff8e 10 06 12 ffffffc8 0d ffffffbe 15 55 5a ffffffa1 ffffffd8 2d ffffff82 0d 31 7e 7a | chunk_SK_pi: release slot-key-key@0x556c50750fd0 | chunk_SK_pi extracted len 32 bytes at 0x7f4560002d20 | unwrapped: 6b d8 e6 30 05 42 67 ba 4c 45 0c 57 d2 db ec 03 | unwrapped: a1 86 49 41 00 00 00 00 00 00 00 00 00 00 00 00 | key-offset: 112, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f45600069f0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457159a748 | result: result-key@0x7f456000d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 20 bytes of key@0x7f456000d640 | chunk_SK_pr: symkey-key@0x7f456000d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)908092722: ffffffe6 59 37 65 3a 52 ffffffea 5e ffffffb8 ffffff93 fffffff5 55 ffffffa1 69 ffffff98 ffffffc2 64 ffffff87 17 ffffffbe ffffff96 23 0f ffffffd2 72 ffffffbe ffffff97 ffffffd4 02 42 ffffffe1 fffffff6 | chunk_SK_pr: release slot-key-key@0x556c50750fd0 | chunk_SK_pr extracted len 32 bytes at 0x7f4560002d50 | unwrapped: 35 9c 14 2a 77 77 49 59 fe 9a 1a bf f8 38 b4 c2 | unwrapped: 12 5b 80 cf 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x7f45600069f0 | calc_skeyseed_v2 pointers: shared-key@0x556c507594c0, SK_d-key@0x556c50757800, SK_ai-key@0x556c5074d280, SK_ar-key@0x556c507543d0, SK_ei-key@0x556c5075ae20, SK_er-key@0x556c5074eb00, SK_pi-key@0x7f456000a510, SK_pr-key@0x7f456000d640 | calc_skeyseed_v2 initiator salt | | calc_skeyseed_v2 responder salt | | calc_skeyseed_v2 SK_pi | 6b d8 e6 30 05 42 67 ba 4c 45 0c 57 d2 db ec 03 | a1 86 49 41 | calc_skeyseed_v2 SK_pr | 35 9c 14 2a 77 77 49 59 fe 9a 1a bf f8 38 b4 c2 | 12 5b 80 cf | crypto helper 3 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.003078 seconds | (#1) spent 3.07 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) | crypto helper 3 sending results from work-order 2 for state #1 to event queue | scheduling resume sending helper answer for #1 | libevent_malloc: new ptr-libevent@0x7f456000eec0 size 128 | crypto helper 3 waiting (nothing to do) | processing resume sending helper answer for #1 | start processing: state #1 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 3 replies to request ID 2 | calling continuation function 0x556c4f6f1630 | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 | DH secret MODP2048@0x7f4568000d60: transferring ownership from helper IKEv2 DH to state #1 | finish_dh_v2: release st_shared_nss-key@NULL | creating state object #2 at 0x556c5076d670 | State DB: adding IKEv2 state #2 in UNDEFINED | pstats #2 ikev2.child started | duplicating state object #1 "aes128" as #2 for IPSEC SA | #2 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1481) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x556c50757800 | duplicate_state: reference st_skey_ai_nss-key@0x556c5074d280 | duplicate_state: reference st_skey_ar_nss-key@0x556c507543d0 | duplicate_state: reference st_skey_ei_nss-key@0x556c5075ae20 | duplicate_state: reference st_skey_er_nss-key@0x556c5074eb00 | duplicate_state: reference st_skey_pi_nss-key@0x7f456000a510 | duplicate_state: reference st_skey_pr_nss-key@0x7f456000d640 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x556c5076b250 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x556c5076b210 | event_schedule: new EVENT_SA_REPLACE-pe@0x556c5076b210 | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x556c5076b250 size 128 | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) | **emit ISAKMP Message: | initiator cookie: | 39 8e 7c f7 c4 ba 85 ba | responder cookie: | ca d8 bc 42 bd 8c 6a 15 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK | IDr payload will be sent | hmac PRF sha init symkey-key@0x7f456000a510 (size 20) | hmac: symkey-key@0x7f456000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f456000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a288 | result: clone-key@0x7f45600069f0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x556c50750530 from symkey-key@0x7f45600069f0 | hmac prf: begin sha with context 0x556c50750530 from symkey-key@0x7f45600069f0 | hmac: release clone-key@0x7f45600069f0 | hmac PRF sha crypt-prf@0x556c5076b0c0 | ****emit IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload | my identity 77 65 73 74 | emitting length of IKEv2 Identification - Initiator - Payload: 12 | idhash calc I2 02 00 00 00 77 65 73 74 | hmac PRF sha update data-bytes@0x556c4f7f0974 (length 8) | 02 00 00 00 77 65 73 74 | hmac PRF sha final-bytes@0x7ffdc298a820 (length 20) | 00 a0 13 67 0b 42 a5 af 34 00 4b 20 19 a1 40 81 | 1f 8a d8 b4 | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload | IDr 65 61 73 74 | emitting length of IKEv2 Identification - Responder - Payload: 12 | not sending INITIAL_CONTACT | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | auth method: IKEv2_AUTH_SHARED (0x2) | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_PSK | 1: compared key @east to @west / @east -> 004 | 2: compared key @west to @west / @east -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x556c5075d550 (line=1) | concluding with best_match=014 best=0x556c5075d550 (lineno=1) | inputs to hash1 (first packet) | 39 8e 7c f7 c4 ba 85 ba 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 45 ad 5c 1c 07 fa b3 b7 ed 12 9f a0 | bf 27 a5 3e fb cf f2 41 4a eb 76 f6 1d c4 cf 69 | e4 95 d5 90 ed 02 a5 61 75 d5 6d 76 f2 da 92 1d | ac 57 b4 1f 22 bc 97 c0 ac 3d 48 43 0d b6 44 f9 | 62 61 3e 8a a4 ac 9a f7 03 4d 68 47 3d d7 c9 81 | 3a a6 44 26 b2 4a 74 ef e9 19 a7 ee b0 cb 08 fd | aa 65 c5 71 a8 5a ca 30 bb 63 69 e6 b1 6d c2 f7 | 4f 0b 5c 39 40 39 8e 22 2c e0 a5 ea f7 cb 5b 65 | aa f6 3e 98 c1 5b 3a 9f 84 8c b3 d2 92 2c bd d4 | 7a 7f 64 7f a7 c5 28 4a fb d0 1e 1d d0 4b 84 2e | 8e 27 57 68 75 30 4f 53 2c 5e 4c 5f ef c1 1e a1 | 87 c2 9e 16 95 97 be 4f bd 01 c3 11 09 6f d2 58 | 18 26 d0 47 a9 a5 88 ba 2b 48 03 c4 2d 32 60 f7 | 71 9c 10 41 dc 68 69 b9 24 8d 78 48 db cf be 9f | 20 4e 59 93 f2 d0 d6 cb d9 ee 0a 61 01 e2 c9 fa | 95 84 ab d2 5b 42 f7 1e cf 19 04 a3 b9 f0 90 38 | db fe 61 02 29 00 00 24 b7 cd 8a 86 f0 01 6d 5a | c6 31 bf 73 c2 a1 9f f2 9e 4d 11 62 f6 6b 97 cf | c6 be bf e4 57 7a ad d1 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 96 22 89 1d 49 b2 3b df | 8b 3e fa 3e e5 2b e2 0d ee 3a b4 a8 00 00 00 1c | 00 00 40 05 04 03 d7 1e 1f ac 4c 62 a7 2f 76 46 | 69 6a 75 33 a2 b7 6a d7 | create: initiator inputs to hash2 (responder nonce) | 3f 9b e3 5c 66 a1 00 89 b9 63 c0 be 47 a6 20 17 | 16 81 86 ad 51 d3 62 1d a3 d7 61 ff 7c 32 a0 1b | idhash 00 a0 13 67 0b 42 a5 af 34 00 4b 20 19 a1 40 81 | idhash 1f 8a d8 b4 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x556c50767d30 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298a080 | result: shared secret-key@0x7f4568006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x7f4568006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a068 | result: shared secret-key@0x7f45600069f0 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x7f4568006900 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x556c50750530 from shared secret-key@0x7f45600069f0 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x556c50750530 from shared secret-key@0x7f45600069f0 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7f45600069f0 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x556c5076b2e0 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x556c4f784bb0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298a0a0 | result: final-key@0x7f4568006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f4568006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a088 | result: final-key@0x7f45600069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f4568006900 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7f45600069f0 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7f45600069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7f45600069f0 (size 20) | = prf(, ): -key@0x7f45600069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f45600069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a098 | result: clone-key@0x7f4568006900 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x556c50750530 from -key@0x7f4568006900 | = prf(, ) prf: begin sha with context 0x556c50750530 from -key@0x7f4568006900 | = prf(, ): release clone-key@0x7f4568006900 | = prf(, ) PRF sha crypt-prf@0x556c5076b4b0 | = prf(, ) PRF sha update first-packet-bytes@0x556c506fc6d0 (length 440) | 39 8e 7c f7 c4 ba 85 ba 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 45 ad 5c 1c 07 fa b3 b7 ed 12 9f a0 | bf 27 a5 3e fb cf f2 41 4a eb 76 f6 1d c4 cf 69 | e4 95 d5 90 ed 02 a5 61 75 d5 6d 76 f2 da 92 1d | ac 57 b4 1f 22 bc 97 c0 ac 3d 48 43 0d b6 44 f9 | 62 61 3e 8a a4 ac 9a f7 03 4d 68 47 3d d7 c9 81 | 3a a6 44 26 b2 4a 74 ef e9 19 a7 ee b0 cb 08 fd | aa 65 c5 71 a8 5a ca 30 bb 63 69 e6 b1 6d c2 f7 | 4f 0b 5c 39 40 39 8e 22 2c e0 a5 ea f7 cb 5b 65 | aa f6 3e 98 c1 5b 3a 9f 84 8c b3 d2 92 2c bd d4 | 7a 7f 64 7f a7 c5 28 4a fb d0 1e 1d d0 4b 84 2e | 8e 27 57 68 75 30 4f 53 2c 5e 4c 5f ef c1 1e a1 | 87 c2 9e 16 95 97 be 4f bd 01 c3 11 09 6f d2 58 | 18 26 d0 47 a9 a5 88 ba 2b 48 03 c4 2d 32 60 f7 | 71 9c 10 41 dc 68 69 b9 24 8d 78 48 db cf be 9f | 20 4e 59 93 f2 d0 d6 cb d9 ee 0a 61 01 e2 c9 fa | 95 84 ab d2 5b 42 f7 1e cf 19 04 a3 b9 f0 90 38 | db fe 61 02 29 00 00 24 b7 cd 8a 86 f0 01 6d 5a | c6 31 bf 73 c2 a1 9f f2 9e 4d 11 62 f6 6b 97 cf | c6 be bf e4 57 7a ad d1 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 96 22 89 1d 49 b2 3b df | 8b 3e fa 3e e5 2b e2 0d ee 3a b4 a8 00 00 00 1c | 00 00 40 05 04 03 d7 1e 1f ac 4c 62 a7 2f 76 46 | 69 6a 75 33 a2 b7 6a d7 | = prf(, ) PRF sha update nonce-bytes@0x556c5076a910 (length 32) | 3f 9b e3 5c 66 a1 00 89 b9 63 c0 be 47 a6 20 17 | 16 81 86 ad 51 d3 62 1d a3 d7 61 ff 7c 32 a0 1b | = prf(, ) PRF sha update hash-bytes@0x7ffdc298a820 (length 20) | 00 a0 13 67 0b 42 a5 af 34 00 4b 20 19 a1 40 81 | 1f 8a d8 b4 | = prf(, ) PRF sha final-chunk@0x556c5076b0c0 (length 20) | 2c 93 e4 27 f2 7c 2c 04 17 a3 e4 9c 22 8f 00 10 | 83 8a f8 44 | psk_auth: release prf-psk-key@0x7f45600069f0 | PSK auth octets 2c 93 e4 27 f2 7c 2c 04 17 a3 e4 9c 22 8f 00 10 | PSK auth octets 83 8a f8 44 | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth 2c 93 e4 27 f2 7c 2c 04 17 a3 e4 9c 22 8f 00 10 | PSK auth 83 8a f8 44 | emitting length of IKEv2 Authentication Payload: 28 | getting first pending from state #1 | netlink_get_spi: allocated 0x3abe5545 for esp.0@192.1.2.45 | constructing ESP/AH proposals with all DH removed for aes128 (IKE SA initiator emitting ESP/AH proposals) | converting proposal AES_CBC_128-HMAC_SHA1_96-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED "aes128": constructed local ESP/AH proposals for aes128 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Emitting ikev2_proposals ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 3a be 55 45 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 40 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 44 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 00 01 00 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 00 01 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 00 02 00 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 00 02 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | adding 16 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0c repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0d repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0e repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0f repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 192 | emitting length of ISAKMP Message: 220 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 84 14 c4 32 bc 77 9f 53 68 7c cd 14 3b 1c 37 f7 | data before encryption: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c | 02 00 00 00 65 61 73 74 21 00 00 1c 02 00 00 00 | 2c 93 e4 27 f2 7c 2c 04 17 a3 e4 9c 22 8f 00 10 | 83 8a f8 44 2c 00 00 2c 00 00 00 28 01 03 04 03 | 3a be 55 45 03 00 00 0c 01 00 00 0c 80 0e 00 80 | 03 00 00 08 03 00 00 02 00 00 00 08 05 00 00 00 | 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff | c0 00 01 00 c0 00 01 ff 00 00 00 18 01 00 00 00 | 07 00 00 10 00 00 ff ff c0 00 02 00 c0 00 02 ff | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 06 2b be 24 9f 77 ef 78 55 d8 e2 d9 e7 39 ed 56 | 86 90 d8 16 00 37 68 4b 3c 6a c1 03 da 4d 9f cf | b5 7b f2 5f 5f 09 60 70 51 63 f2 8e 0c 29 5c cc | ba 2c db 7e 3e 8f 27 b4 41 82 3c a2 2e 69 26 37 | eb 13 53 17 a4 01 d6 39 87 71 1f a9 4f 08 1b ae | bd 98 44 09 18 0d ec 09 01 62 e5 1f 98 36 aa 1c | cf 58 66 0a c3 53 6e b6 5b 0e 91 de 28 62 e7 c5 | e5 e4 9d 26 23 5d 4b 5b 2a 96 97 1d a5 8b e1 e7 | 49 66 b0 0f 00 20 70 47 c3 9b 68 ec c6 51 a8 25 | e5 2a fa 84 3d ab 26 55 4f 7f b5 5e 92 4d b9 a1 | hmac PRF sha init symkey-key@0x556c5074d280 (size 20) | hmac: symkey-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a198 | result: clone-key@0x7f45600069f0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x556c50750530 from symkey-key@0x7f45600069f0 | hmac prf: begin sha with context 0x556c50750530 from symkey-key@0x7f45600069f0 | hmac: release clone-key@0x7f45600069f0 | hmac PRF sha crypt-prf@0x556c5076b2e0 | hmac PRF sha update data-bytes@0x556c4f7f0940 (length 208) | 39 8e 7c f7 c4 ba 85 ba ca d8 bc 42 bd 8c 6a 15 | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | 84 14 c4 32 bc 77 9f 53 68 7c cd 14 3b 1c 37 f7 | 06 2b be 24 9f 77 ef 78 55 d8 e2 d9 e7 39 ed 56 | 86 90 d8 16 00 37 68 4b 3c 6a c1 03 da 4d 9f cf | b5 7b f2 5f 5f 09 60 70 51 63 f2 8e 0c 29 5c cc | ba 2c db 7e 3e 8f 27 b4 41 82 3c a2 2e 69 26 37 | eb 13 53 17 a4 01 d6 39 87 71 1f a9 4f 08 1b ae | bd 98 44 09 18 0d ec 09 01 62 e5 1f 98 36 aa 1c | cf 58 66 0a c3 53 6e b6 5b 0e 91 de 28 62 e7 c5 | e5 e4 9d 26 23 5d 4b 5b 2a 96 97 1d a5 8b e1 e7 | 49 66 b0 0f 00 20 70 47 c3 9b 68 ec c6 51 a8 25 | e5 2a fa 84 3d ab 26 55 4f 7f b5 5e 92 4d b9 a1 | hmac PRF sha final-bytes@0x556c4f7f0a10 (length 20) | 78 cc da 6a 78 7e 85 2a 16 d7 18 64 d5 2c fc cc | 14 24 66 79 | data being hmac: 39 8e 7c f7 c4 ba 85 ba ca d8 bc 42 bd 8c 6a 15 | data being hmac: 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | data being hmac: 84 14 c4 32 bc 77 9f 53 68 7c cd 14 3b 1c 37 f7 | data being hmac: 06 2b be 24 9f 77 ef 78 55 d8 e2 d9 e7 39 ed 56 | data being hmac: 86 90 d8 16 00 37 68 4b 3c 6a c1 03 da 4d 9f cf | data being hmac: b5 7b f2 5f 5f 09 60 70 51 63 f2 8e 0c 29 5c cc | data being hmac: ba 2c db 7e 3e 8f 27 b4 41 82 3c a2 2e 69 26 37 | data being hmac: eb 13 53 17 a4 01 d6 39 87 71 1f a9 4f 08 1b ae | data being hmac: bd 98 44 09 18 0d ec 09 01 62 e5 1f 98 36 aa 1c | data being hmac: cf 58 66 0a c3 53 6e b6 5b 0e 91 de 28 62 e7 c5 | data being hmac: e5 e4 9d 26 23 5d 4b 5b 2a 96 97 1d a5 8b e1 e7 | data being hmac: 49 66 b0 0f 00 20 70 47 c3 9b 68 ec c6 51 a8 25 | data being hmac: e5 2a fa 84 3d ab 26 55 4f 7f b5 5e 92 4d b9 a1 | out calculated auth: | 78 cc da 6a 78 7e 85 2a 16 d7 18 64 | suspend processing: state #1 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | start processing: state #2 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) | Message ID: updating counters for #2 to 0 after switching state | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 "aes128" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_CBC_128 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP2048} | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 220 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) | 39 8e 7c f7 c4 ba 85 ba ca d8 bc 42 bd 8c 6a 15 | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | 84 14 c4 32 bc 77 9f 53 68 7c cd 14 3b 1c 37 f7 | 06 2b be 24 9f 77 ef 78 55 d8 e2 d9 e7 39 ed 56 | 86 90 d8 16 00 37 68 4b 3c 6a c1 03 da 4d 9f cf | b5 7b f2 5f 5f 09 60 70 51 63 f2 8e 0c 29 5c cc | ba 2c db 7e 3e 8f 27 b4 41 82 3c a2 2e 69 26 37 | eb 13 53 17 a4 01 d6 39 87 71 1f a9 4f 08 1b ae | bd 98 44 09 18 0d ec 09 01 62 e5 1f 98 36 aa 1c | cf 58 66 0a c3 53 6e b6 5b 0e 91 de 28 62 e7 c5 | e5 e4 9d 26 23 5d 4b 5b 2a 96 97 1d a5 8b e1 e7 | 49 66 b0 0f 00 20 70 47 c3 9b 68 ec c6 51 a8 25 | e5 2a fa 84 3d ab 26 55 4f 7f b5 5e 92 4d b9 a1 | 78 cc da 6a 78 7e 85 2a 16 d7 18 64 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "aes128" #2: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x7f4568002b20 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #2 | libevent_malloc: new ptr-libevent@0x556c5076af10 size 128 | #2 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49489.97538 | resume sending helper answer for #1 suppresed complete_v2_state_transition() | #1 spent 1.5 milliseconds in resume sending helper answer | stop processing: state #2 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f456000eec0 | spent 0.00311 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 204 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 39 8e 7c f7 c4 ba 85 ba ca d8 bc 42 bd 8c 6a 15 | 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | 13 56 91 c7 68 1d 4d f5 a5 e5 25 39 32 a9 07 b7 | 1d 46 40 ea be 5c 2f b7 0f 90 d2 6f 8a 04 44 40 | 6c ef 0a e7 a3 08 a0 e3 b0 f2 41 ac 8c 0c 47 1f | 47 56 02 02 69 bf 18 13 bd d7 c5 34 df ed af 6c | 76 16 66 72 b6 8b 39 25 c9 88 b9 a2 49 19 8e ea | ff fc 83 11 fb 5a ed a5 5a 2e 2b 86 16 2c c6 50 | 1b af 5a c4 7e 4e 8c 36 e2 8b f4 4a 5f 1d eb fd | d3 61 78 89 4e 32 04 d4 8e 79 bd 7f a1 86 26 eb | 01 29 83 3d 4c 52 9a 26 54 bb ce 8a 10 92 0c e2 | ec 7b 11 eb 6f 12 ef 4c 9f 1c 75 58 48 ee ff 89 | 38 83 40 c4 8b 3e 0b 79 80 22 4a e9 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 39 8e 7c f7 c4 ba 85 ba | responder cookie: | ca d8 bc 42 bd 8c 6a 15 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | length: 204 (0xcc) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) | start processing: state #1 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) | suspend processing: state #1 connection "aes128" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | start processing: state #2 connection "aes128" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #2 is idle | #2 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDr (0x24) | flags: none (0x0) | length: 176 (0xb0) | processing payload: ISAKMP_NEXT_v2SK (len=172) | #2 in state PARENT_I2: sent v2I2, expected v2R2 | hmac PRF sha init symkey-key@0x556c507543d0 (size 20) | hmac: symkey-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a0b8 | result: clone-key@0x7f45600069f0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x556c50750530 from symkey-key@0x7f45600069f0 | hmac prf: begin sha with context 0x556c50750530 from symkey-key@0x7f45600069f0 | hmac: release clone-key@0x7f45600069f0 | hmac PRF sha crypt-prf@0x556c5076b500 | hmac PRF sha update data-bytes@0x556c5076cac0 (length 192) | 39 8e 7c f7 c4 ba 85 ba ca d8 bc 42 bd 8c 6a 15 | 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | 13 56 91 c7 68 1d 4d f5 a5 e5 25 39 32 a9 07 b7 | 1d 46 40 ea be 5c 2f b7 0f 90 d2 6f 8a 04 44 40 | 6c ef 0a e7 a3 08 a0 e3 b0 f2 41 ac 8c 0c 47 1f | 47 56 02 02 69 bf 18 13 bd d7 c5 34 df ed af 6c | 76 16 66 72 b6 8b 39 25 c9 88 b9 a2 49 19 8e ea | ff fc 83 11 fb 5a ed a5 5a 2e 2b 86 16 2c c6 50 | 1b af 5a c4 7e 4e 8c 36 e2 8b f4 4a 5f 1d eb fd | d3 61 78 89 4e 32 04 d4 8e 79 bd 7f a1 86 26 eb | 01 29 83 3d 4c 52 9a 26 54 bb ce 8a 10 92 0c e2 | ec 7b 11 eb 6f 12 ef 4c 9f 1c 75 58 48 ee ff 89 | hmac PRF sha final-bytes@0x7ffdc298a280 (length 20) | 38 83 40 c4 8b 3e 0b 79 80 22 4a e9 12 94 29 0d | a7 bf 92 bb | data for hmac: 39 8e 7c f7 c4 ba 85 ba ca d8 bc 42 bd 8c 6a 15 | data for hmac: 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | data for hmac: 13 56 91 c7 68 1d 4d f5 a5 e5 25 39 32 a9 07 b7 | data for hmac: 1d 46 40 ea be 5c 2f b7 0f 90 d2 6f 8a 04 44 40 | data for hmac: 6c ef 0a e7 a3 08 a0 e3 b0 f2 41 ac 8c 0c 47 1f | data for hmac: 47 56 02 02 69 bf 18 13 bd d7 c5 34 df ed af 6c | data for hmac: 76 16 66 72 b6 8b 39 25 c9 88 b9 a2 49 19 8e ea | data for hmac: ff fc 83 11 fb 5a ed a5 5a 2e 2b 86 16 2c c6 50 | data for hmac: 1b af 5a c4 7e 4e 8c 36 e2 8b f4 4a 5f 1d eb fd | data for hmac: d3 61 78 89 4e 32 04 d4 8e 79 bd 7f a1 86 26 eb | data for hmac: 01 29 83 3d 4c 52 9a 26 54 bb ce 8a 10 92 0c e2 | data for hmac: ec 7b 11 eb 6f 12 ef 4c 9f 1c 75 58 48 ee ff 89 | calculated auth: 38 83 40 c4 8b 3e 0b 79 80 22 4a e9 | provided auth: 38 83 40 c4 8b 3e 0b 79 80 22 4a e9 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 13 56 91 c7 68 1d 4d f5 a5 e5 25 39 32 a9 07 b7 | payload before decryption: | 1d 46 40 ea be 5c 2f b7 0f 90 d2 6f 8a 04 44 40 | 6c ef 0a e7 a3 08 a0 e3 b0 f2 41 ac 8c 0c 47 1f | 47 56 02 02 69 bf 18 13 bd d7 c5 34 df ed af 6c | 76 16 66 72 b6 8b 39 25 c9 88 b9 a2 49 19 8e ea | ff fc 83 11 fb 5a ed a5 5a 2e 2b 86 16 2c c6 50 | 1b af 5a c4 7e 4e 8c 36 e2 8b f4 4a 5f 1d eb fd | d3 61 78 89 4e 32 04 d4 8e 79 bd 7f a1 86 26 eb | 01 29 83 3d 4c 52 9a 26 54 bb ce 8a 10 92 0c e2 | ec 7b 11 eb 6f 12 ef 4c 9f 1c 75 58 48 ee ff 89 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 27 00 00 0c 02 00 00 00 65 61 73 74 21 00 00 1c | 02 00 00 00 82 ee cc 45 bd 25 5a 0d 9b bd 0a 0f | de cc 85 3b 30 13 a8 47 2c 00 00 2c 00 00 00 28 | 01 03 04 03 b1 1e 20 e2 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 03 00 00 02 00 00 00 08 | 05 00 00 00 2d 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 01 00 c0 00 01 ff 00 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 02 00 | c0 00 02 ff 00 01 02 03 04 05 06 07 08 09 0a 0b | stripping 12 octets as pad | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) | **parse IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDr (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) | **parse IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | length: 28 (0x1c) | auth method: IKEv2_AUTH_SHARED (0x2) | processing payload: ISAKMP_NEXT_v2AUTH (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | **parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) | flags: none (0x0) | length: 44 (0x2c) | processing payload: ISAKMP_NEXT_v2SA (len=40) | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) | **parse IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSi (len=16) | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) | **parse IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSr (len=16) | selected state microcode Initiator: process IKE_AUTH response | Now let's proceed with state specific processing | calling processor Initiator: process IKE_AUTH response | offered CA: '%none' "aes128" #2: IKEv2 mode peer ID is ID_FQDN: '@east' | hmac PRF sha init symkey-key@0x7f456000d640 (size 20) | hmac: symkey-key@0x7f456000d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f456000d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a1e8 | result: clone-key@0x7f45600069f0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x556c50750530 from symkey-key@0x7f45600069f0 | hmac prf: begin sha with context 0x556c50750530 from symkey-key@0x7f45600069f0 | hmac: release clone-key@0x7f45600069f0 | hmac PRF sha crypt-prf@0x556c5076b1f0 | idhash auth R2 02 00 00 00 65 61 73 74 | hmac PRF sha update data-bytes@0x556c5076caf4 (length 8) | 02 00 00 00 65 61 73 74 | hmac PRF sha final-bytes@0x7ffdc298a340 (length 20) | 09 77 d9 d8 ea 81 25 7b 5a 0f d1 c3 fa f2 6f 01 | 51 66 c3 f3 | verifying AUTH payload | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to verify PSK with authby=secret | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_PSK | 1: compared key @east to @west / @east -> 004 | 2: compared key @west to @west / @east -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x556c5075d550 (line=1) | concluding with best_match=014 best=0x556c5075d550 (lineno=1) | inputs to hash1 (first packet) | 39 8e 7c f7 c4 ba 85 ba ca d8 bc 42 bd 8c 6a 15 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 a3 f6 ac 2c 72 e6 34 da ce cb 9f cf | ed e3 d7 95 5d bd 1f e3 90 10 5b b1 bc 90 14 2e | fb 5a 7a 26 d6 94 b3 97 70 40 56 5c 7c 76 ee d1 | 61 1b 64 29 03 14 1f ed 0f c1 ac f4 69 c0 00 17 | 15 f4 34 a1 9e e2 c8 f4 6a b4 bb 79 f0 84 fe 7b | 4b df d2 9f fc a0 b5 82 69 c7 4d 14 1f 51 6d 0e | 34 b7 c2 33 a9 93 e3 c6 5f 54 cf 37 ff ac 1a 45 | 1b e3 8c 5a 28 e6 20 fa f8 17 64 ae bb 3e b6 82 | f9 3c a8 7f 2d e6 33 c0 cf 9a bd 9d aa 3e 82 1a | 4c 7a 61 5f 90 f8 56 3e 40 35 28 4b 8a 63 e9 56 | 0e 7a 4c b2 0d 63 63 f2 b6 cc 7d 7a d5 b7 b3 82 | 8c 5f 1b f6 63 d1 78 1f 67 68 cb 7d 1a 6e bb 71 | e9 17 87 ac 7d 97 6d 64 71 21 7d 6d 7c a2 d2 fe | 08 ac 89 28 63 de 9e 7c 7e 84 f6 13 9d 47 f9 3d | 89 b0 64 ff 5b c1 46 c0 4e e7 de 4f 65 07 29 3e | 85 be f0 61 96 8a f1 e5 ab ed 73 06 3b 2c aa 81 | 61 30 04 92 29 00 00 24 3f 9b e3 5c 66 a1 00 89 | b9 63 c0 be 47 a6 20 17 16 81 86 ad 51 d3 62 1d | a3 d7 61 ff 7c 32 a0 1b 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 29 5d 28 e9 37 37 db b6 | bc 59 bf 7c 56 0f 90 86 99 66 1d f4 00 00 00 1c | 00 00 40 05 15 86 98 fc 21 7a 01 4c 16 fd 61 19 | 90 68 46 b1 04 2b f0 90 | verify: initiator inputs to hash2 (initiator nonce) | b7 cd 8a 86 f0 01 6d 5a c6 31 bf 73 c2 a1 9f f2 | 9e 4d 11 62 f6 6b 97 cf c6 be bf e4 57 7a ad d1 | idhash 09 77 d9 d8 ea 81 25 7b 5a 0f d1 c3 fa f2 6f 01 | idhash 51 66 c3 f3 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x556c50767d30 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc2989ff0 | result: shared secret-key@0x7f4568006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x7f4568006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc2989fd8 | result: shared secret-key@0x7f45600069f0 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x7f4568006900 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x556c50750530 from shared secret-key@0x7f45600069f0 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x556c50750530 from shared secret-key@0x7f45600069f0 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7f45600069f0 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x556c5076b500 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x556c4f784bb0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298a010 | result: final-key@0x7f4568006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f4568006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc2989ff8 | result: final-key@0x7f45600069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f4568006900 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7f45600069f0 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7f45600069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7f45600069f0 (size 20) | = prf(, ): -key@0x7f45600069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f45600069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a008 | result: clone-key@0x7f4568006900 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x556c50750530 from -key@0x7f4568006900 | = prf(, ) prf: begin sha with context 0x556c50750530 from -key@0x7f4568006900 | = prf(, ): release clone-key@0x7f4568006900 | = prf(, ) PRF sha crypt-prf@0x556c5076b4b0 | = prf(, ) PRF sha update first-packet-bytes@0x556c5076ac80 (length 440) | 39 8e 7c f7 c4 ba 85 ba ca d8 bc 42 bd 8c 6a 15 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 a3 f6 ac 2c 72 e6 34 da ce cb 9f cf | ed e3 d7 95 5d bd 1f e3 90 10 5b b1 bc 90 14 2e | fb 5a 7a 26 d6 94 b3 97 70 40 56 5c 7c 76 ee d1 | 61 1b 64 29 03 14 1f ed 0f c1 ac f4 69 c0 00 17 | 15 f4 34 a1 9e e2 c8 f4 6a b4 bb 79 f0 84 fe 7b | 4b df d2 9f fc a0 b5 82 69 c7 4d 14 1f 51 6d 0e | 34 b7 c2 33 a9 93 e3 c6 5f 54 cf 37 ff ac 1a 45 | 1b e3 8c 5a 28 e6 20 fa f8 17 64 ae bb 3e b6 82 | f9 3c a8 7f 2d e6 33 c0 cf 9a bd 9d aa 3e 82 1a | 4c 7a 61 5f 90 f8 56 3e 40 35 28 4b 8a 63 e9 56 | 0e 7a 4c b2 0d 63 63 f2 b6 cc 7d 7a d5 b7 b3 82 | 8c 5f 1b f6 63 d1 78 1f 67 68 cb 7d 1a 6e bb 71 | e9 17 87 ac 7d 97 6d 64 71 21 7d 6d 7c a2 d2 fe | 08 ac 89 28 63 de 9e 7c 7e 84 f6 13 9d 47 f9 3d | 89 b0 64 ff 5b c1 46 c0 4e e7 de 4f 65 07 29 3e | 85 be f0 61 96 8a f1 e5 ab ed 73 06 3b 2c aa 81 | 61 30 04 92 29 00 00 24 3f 9b e3 5c 66 a1 00 89 | b9 63 c0 be 47 a6 20 17 16 81 86 ad 51 d3 62 1d | a3 d7 61 ff 7c 32 a0 1b 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 29 5d 28 e9 37 37 db b6 | bc 59 bf 7c 56 0f 90 86 99 66 1d f4 00 00 00 1c | 00 00 40 05 15 86 98 fc 21 7a 01 4c 16 fd 61 19 | 90 68 46 b1 04 2b f0 90 | = prf(, ) PRF sha update nonce-bytes@0x7f4568002af0 (length 32) | b7 cd 8a 86 f0 01 6d 5a c6 31 bf 73 c2 a1 9f f2 | 9e 4d 11 62 f6 6b 97 cf c6 be bf e4 57 7a ad d1 | = prf(, ) PRF sha update hash-bytes@0x7ffdc298a340 (length 20) | 09 77 d9 d8 ea 81 25 7b 5a 0f d1 c3 fa f2 6f 01 | 51 66 c3 f3 | = prf(, ) PRF sha final-chunk@0x556c5076b1f0 (length 20) | 82 ee cc 45 bd 25 5a 0d 9b bd 0a 0f de cc 85 3b | 30 13 a8 47 | psk_auth: release prf-psk-key@0x7f45600069f0 | Received PSK auth octets | 82 ee cc 45 bd 25 5a 0d 9b bd 0a 0f de cc 85 3b | 30 13 a8 47 | Calculated PSK auth octets | 82 ee cc 45 bd 25 5a 0d 9b bd 0a 0f de cc 85 3b | 30 13 a8 47 "aes128" #2: Authenticated using authby=secret | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) | state #1 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x556c5076b250 | free_event_entry: release EVENT_SA_REPLACE-pe@0x556c5076b210 | event_schedule: new EVENT_SA_REKEY-pe@0x556c5076b210 | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 | libevent_malloc: new ptr-libevent@0x556c5076b250 size 128 | pstats #1 ikev2.ike established | TSi: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 01 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 01 ff | TSi: parsed 1 traffic selectors | TSr: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 02 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 02 ff | TSr: parsed 1 traffic selectors | evaluating our conn="aes128" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | found an acceptable TSi/TSr Traffic Selector | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV6_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.1.0-192.0.1.255 | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV6_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.2.0-192.0.2.255 | using existing local ESP/AH proposals for aes128 (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 1 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 0 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 1 transforms | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH | ***parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 40 (0x28) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI | remote SPI b1 1e 20 e2 | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 1 local proposals | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | *****parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED[first-match] | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=b11e20e2;ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: NONE=0, found NONE | integ=sha: .key_size=20 encrypt=aes: .key_size=16 .salt_size=0 keymat_len=36 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298a0f0 | result: data=Ni-key@0x7f4568006900 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x7f4568006900 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a0d8 | result: data=Ni-key@0x7f45600069f0 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x7f4568006900 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f45600069f0 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffdc298a0e0 | result: data+=Nr-key@0x7f4568006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x7f45600069f0 | prf+0 PRF sha init key-key@0x556c50757800 (size 20) | prf+0: key-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a008 | result: clone-key@0x7f45600069f0 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x556c50750530 from key-key@0x7f45600069f0 | prf+0 prf: begin sha with context 0x556c50750530 from key-key@0x7f45600069f0 | prf+0: release clone-key@0x7f45600069f0 | prf+0 PRF sha crypt-prf@0x556c5076b2e0 | prf+0 PRF sha update seed-key@0x7f4568006900 (size 64) | prf+0: seed-key@0x7f4568006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f4568006900 | nss hmac digest hack: symkey-key@0x7f4568006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1030185904: 13 ffffffd8 6a 33 ffffffbe 1e 67 ffffffed ffffffc0 fffffff8 ffffff86 ffffffbd 70 ffffffb5 ffffff93 26 ffffffe7 62 1f 79 07 73 ffffffc5 fffffff5 ffffff92 fffffffa ffffffdb 42 ffffffbc ffffffef fffffffe 71 ffffffbc 33 57 ffffffd5 60 17 ffffffc0 ffffffce ffffff9c ffffffa0 ffffffdf ffffff84 03 1e ffffffb3 ffffff88 34 ffffffed ffffffaf 12 2b ffffffce 68 ffffffb1 2c 7f 2e 63 78 fffffff0 ffffffbe 0f | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 64 bytes at 0x556c5076d4a0 | unwrapped: b7 cd 8a 86 f0 01 6d 5a c6 31 bf 73 c2 a1 9f f2 | unwrapped: 9e 4d 11 62 f6 6b 97 cf c6 be bf e4 57 7a ad d1 | unwrapped: 3f 9b e3 5c 66 a1 00 89 b9 63 c0 be 47 a6 20 17 | unwrapped: 16 81 86 ad 51 d3 62 1d a3 d7 61 ff 7c 32 a0 1b | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298a010 | result: final-key@0x7f456000eec0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f456000eec0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc2989ff8 | result: final-key@0x7f45600069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f456000eec0 | prf+0 PRF sha final-key@0x7f45600069f0 (size 20) | prf+0: key-key@0x7f45600069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x7f45600069f0 | prf+N PRF sha init key-key@0x556c50757800 (size 20) | prf+N: key-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a008 | result: clone-key@0x7f456000eec0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x556c50750530 from key-key@0x7f456000eec0 | prf+N prf: begin sha with context 0x556c50750530 from key-key@0x7f456000eec0 | prf+N: release clone-key@0x7f456000eec0 | prf+N PRF sha crypt-prf@0x556c5076b500 | prf+N PRF sha update old_t-key@0x7f45600069f0 (size 20) | prf+N: old_t-key@0x7f45600069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f45600069f0 | nss hmac digest hack: symkey-key@0x7f45600069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1030185904: ffffffa9 17 ffffffb7 ffffffbe fffffff5 48 27 ffffffa5 4d 18 74 ffffffd8 ffffffad ffffffbf ffffffe2 2a 48 ffffffeb 78 ffffff85 3a ffffffc4 ffffffff 32 04 12 42 52 ffffffe6 ffffffa6 ffffff85 ffffffd7 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x556c5076b1c0 | unwrapped: b0 60 b7 4c 02 b8 a0 6a 4f d2 25 67 06 d7 75 8c | unwrapped: 7d af 12 da 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f4568006900 (size 64) | prf+N: seed-key@0x7f4568006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f4568006900 | nss hmac digest hack: symkey-key@0x7f4568006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1030185904: 13 ffffffd8 6a 33 ffffffbe 1e 67 ffffffed ffffffc0 fffffff8 ffffff86 ffffffbd 70 ffffffb5 ffffff93 26 ffffffe7 62 1f 79 07 73 ffffffc5 fffffff5 ffffff92 fffffffa ffffffdb 42 ffffffbc ffffffef fffffffe 71 ffffffbc 33 57 ffffffd5 60 17 ffffffc0 ffffffce ffffff9c ffffffa0 ffffffdf ffffff84 03 1e ffffffb3 ffffff88 34 ffffffed ffffffaf 12 2b ffffffce 68 ffffffb1 2c 7f 2e 63 78 fffffff0 ffffffbe 0f | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 64 bytes at 0x556c5076d450 | unwrapped: b7 cd 8a 86 f0 01 6d 5a c6 31 bf 73 c2 a1 9f f2 | unwrapped: 9e 4d 11 62 f6 6b 97 cf c6 be bf e4 57 7a ad d1 | unwrapped: 3f 9b e3 5c 66 a1 00 89 b9 63 c0 be 47 a6 20 17 | unwrapped: 16 81 86 ad 51 d3 62 1d a3 d7 61 ff 7c 32 a0 1b | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298a010 | result: final-key@0x556c5076d180 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c5076d180 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc2989ff8 | result: final-key@0x7f456000eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c5076d180 | prf+N PRF sha final-key@0x7f456000eec0 (size 20) | prf+N: key-key@0x7f456000eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f45600069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffdc298a088 | result: result-key@0x556c5076d180 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f45600069f0 | prfplus: release old_t[N]-key@0x7f45600069f0 | prf+N PRF sha init key-key@0x556c50757800 (size 20) | prf+N: key-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a008 | result: clone-key@0x7f45600069f0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x556c50750530 from key-key@0x7f45600069f0 | prf+N prf: begin sha with context 0x556c50750530 from key-key@0x7f45600069f0 | prf+N: release clone-key@0x7f45600069f0 | prf+N PRF sha crypt-prf@0x556c5076b4b0 | prf+N PRF sha update old_t-key@0x7f456000eec0 (size 20) | prf+N: old_t-key@0x7f456000eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f456000eec0 | nss hmac digest hack: symkey-key@0x7f456000eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1030185904: ffffffbd 3e ffffffba ffffffe7 ffffffc9 ffffffec ffffffcf fffffff9 ffffff86 ffffffd0 27 ffffff86 61 fffffff2 ffffffca 1f ffffffc0 7b ffffffa4 ffffff96 73 18 ffffffd3 ffffffc9 3c ffffffd1 12 6f fffffff0 21 41 41 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x556c5076d250 | unwrapped: ba f9 a3 07 a3 e2 41 0a ac 37 cc dd b3 a5 ae bf | unwrapped: 0c 68 36 94 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f4568006900 (size 64) | prf+N: seed-key@0x7f4568006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f4568006900 | nss hmac digest hack: symkey-key@0x7f4568006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1030185904: 13 ffffffd8 6a 33 ffffffbe 1e 67 ffffffed ffffffc0 fffffff8 ffffff86 ffffffbd 70 ffffffb5 ffffff93 26 ffffffe7 62 1f 79 07 73 ffffffc5 fffffff5 ffffff92 fffffffa ffffffdb 42 ffffffbc ffffffef fffffffe 71 ffffffbc 33 57 ffffffd5 60 17 ffffffc0 ffffffce ffffff9c ffffffa0 ffffffdf ffffff84 03 1e ffffffb3 ffffff88 34 ffffffed ffffffaf 12 2b ffffffce 68 ffffffb1 2c 7f 2e 63 78 fffffff0 ffffffbe 0f | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 64 bytes at 0x556c5076d400 | unwrapped: b7 cd 8a 86 f0 01 6d 5a c6 31 bf 73 c2 a1 9f f2 | unwrapped: 9e 4d 11 62 f6 6b 97 cf c6 be bf e4 57 7a ad d1 | unwrapped: 3f 9b e3 5c 66 a1 00 89 b9 63 c0 be 47 a6 20 17 | unwrapped: 16 81 86 ad 51 d3 62 1d a3 d7 61 ff 7c 32 a0 1b | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298a010 | result: final-key@0x556c50771420 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c50771420 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc2989ff8 | result: final-key@0x7f45600069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c50771420 | prf+N PRF sha final-key@0x7f45600069f0 (size 20) | prf+N: key-key@0x7f45600069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c5076d180 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffdc298a088 | result: result-key@0x556c50771420 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x556c5076d180 | prfplus: release old_t[N]-key@0x7f456000eec0 | prf+N PRF sha init key-key@0x556c50757800 (size 20) | prf+N: key-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a008 | result: clone-key@0x7f456000eec0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x556c50750530 from key-key@0x7f456000eec0 | prf+N prf: begin sha with context 0x556c50750530 from key-key@0x7f456000eec0 | prf+N: release clone-key@0x7f456000eec0 | prf+N PRF sha crypt-prf@0x556c5076b500 | prf+N PRF sha update old_t-key@0x7f45600069f0 (size 20) | prf+N: old_t-key@0x7f45600069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f45600069f0 | nss hmac digest hack: symkey-key@0x7f45600069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1030185904: ffffffd6 4d 41 ffffffa9 1e 07 1a ffffffd0 ffffffe0 ffffffb4 ffffff93 ffffffe0 7f 30 ffffffeb ffffffba ffffffac 08 63 fffffff6 71 fffffffc 13 25 13 ffffffd9 31 14 ffffffa7 ffffff96 2a 7f | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x556c507714b0 | unwrapped: c3 64 43 9c 21 93 3c 28 c2 e4 d4 a4 de 72 26 f1 | unwrapped: 4d ef d5 a8 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f4568006900 (size 64) | prf+N: seed-key@0x7f4568006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f4568006900 | nss hmac digest hack: symkey-key@0x7f4568006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1030185904: 13 ffffffd8 6a 33 ffffffbe 1e 67 ffffffed ffffffc0 fffffff8 ffffff86 ffffffbd 70 ffffffb5 ffffff93 26 ffffffe7 62 1f 79 07 73 ffffffc5 fffffff5 ffffff92 fffffffa ffffffdb 42 ffffffbc ffffffef fffffffe 71 ffffffbc 33 57 ffffffd5 60 17 ffffffc0 ffffffce ffffff9c ffffffa0 ffffffdf ffffff84 03 1e ffffffb3 ffffff88 34 ffffffed ffffffaf 12 2b ffffffce 68 ffffffb1 2c 7f 2e 63 78 fffffff0 ffffffbe 0f | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 64 bytes at 0x556c50772ef0 | unwrapped: b7 cd 8a 86 f0 01 6d 5a c6 31 bf 73 c2 a1 9f f2 | unwrapped: 9e 4d 11 62 f6 6b 97 cf c6 be bf e4 57 7a ad d1 | unwrapped: 3f 9b e3 5c 66 a1 00 89 b9 63 c0 be 47 a6 20 17 | unwrapped: 16 81 86 ad 51 d3 62 1d a3 d7 61 ff 7c 32 a0 1b | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298a010 | result: final-key@0x556c5076d180 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c5076d180 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc2989ff8 | result: final-key@0x7f456000eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c5076d180 | prf+N PRF sha final-key@0x7f456000eec0 (size 20) | prf+N: key-key@0x7f456000eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c50771420 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffdc298a088 | result: result-key@0x556c5076d180 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x556c50771420 | prfplus: release old_t[N]-key@0x7f45600069f0 | prfplus: release old_t[final]-key@0x7f456000eec0 | child_sa_keymat: release data-key@0x7f4568006900 | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 36-bytes | base: base-key@0x556c5076d180 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a168 | result: result-key@0x7f4568006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | initiator to responder keys extracting all 36 bytes of key@0x7f4568006900 | initiator to responder keys: symkey-key@0x7f4568006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | initiator to responder keys: new slot-key@0x556c50750fd0 (36-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)1684432486: ffffffa9 17 ffffffb7 ffffffbe fffffff5 48 27 ffffffa5 4d 18 74 ffffffd8 ffffffad ffffffbf ffffffe2 2a 37 ffffff94 ffffffb3 24 4a 4e 33 ffffff8a ffffff9c ffffffd4 65 60 36 1f 30 71 ffffff8c 72 ffffff9f ffffff98 ffffffe3 4d ffffffe6 ffffffb3 ffffffa0 59 ffffffd8 70 17 60 50 ffffffbc | initiator to responder keys: release slot-key-key@0x556c50750fd0 | initiator to responder keys extracted len 48 bytes at 0x556c50772dd0 | unwrapped: b0 60 b7 4c 02 b8 a0 6a 4f d2 25 67 06 d7 75 8c | unwrapped: 7d af 12 da ba f9 a3 07 a3 e2 41 0a ac 37 cc dd | unwrapped: b3 a5 ae bf 00 00 00 00 00 00 00 00 00 00 00 00 | ikev2_derive_child_keys: release ikey-key@0x7f4568006900 | key-offset: 36, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 36-bytes | base: base-key@0x556c5076d180 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a168 | result: result-key@0x7f4568006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | responder to initiator keys: extracting all 36 bytes of key@0x7f4568006900 | responder to initiator keys:: symkey-key@0x7f4568006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | responder to initiator keys:: new slot-key@0x556c50750fd0 (36-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)1684432486: 45 67 ffffffa4 ffffffea ffffff9b ffffffc8 66 53 fffffff3 ffffffd7 45 19 fffffffc ffffffff ffffffae 38 14 ffffffed 0d 5d 25 11 38 ffffffb0 2a 05 ffffffc5 21 ffffff86 09 ffffffa5 ffffff82 ffffffd6 7e ffffffda ffffff88 ffffffc9 ffffffba ffffffad 4d 69 ffffffdb ffffff94 ffffffd4 ffffff87 17 4b ffffffb3 | responder to initiator keys:: release slot-key-key@0x556c50750fd0 | responder to initiator keys: extracted len 48 bytes at 0x556c50772e10 | unwrapped: 0c 68 36 94 c3 64 43 9c 21 93 3c 28 c2 e4 d4 a4 | unwrapped: de 72 26 f1 4d ef d5 a8 58 b7 8f 5f a9 18 33 e3 | unwrapped: 03 ea b8 d3 00 00 00 00 00 00 00 00 00 00 00 00 | ikev2_derive_child_keys: release rkey-key@0x7f4568006900 | ikev2_derive_child_keys: release keymat-key@0x556c5076d180 | #1 spent 2.19 milliseconds | install_ipsec_sa() for #2: inbound and outbound | could_route called for aes128 (kind=CK_PERMANENT) | FOR_EACH_CONNECTION_... in route_owner | conn aes128 mark 0/00000000, 0/00000000 vs | conn aes128 mark 0/00000000, 0/00000000 | route owner of "aes128" unrouted: NULL; eroute owner: NULL | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'aes128' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.b11e20e2@192.1.2.23 included non-error error | set up outgoing SA, ref=0/0 | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'aes128' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.3abe5545@192.1.2.45 included non-error error | priority calculation of connection "aes128" is 0xfe7e7 | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.10000@192.1.2.45 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | set up incoming SA, ref=0/0 | sr for #2: unrouted | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn aes128 mark 0/00000000, 0/00000000 vs | conn aes128 mark 0/00000000, 0/00000000 | route owner of "aes128" unrouted: NULL; eroute owner: NULL | route_and_eroute with c: aes128 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 | priority calculation of connection "aes128" is 0xfe7e7 | eroute_connection add eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | running updown command "ipsec _updown" for verb up | command executing up-client | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xb11e20e2 SPI_OUT= | popen cmd is 1025 chars long | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTER: | cmd( 80):FACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west: | cmd( 160):' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT: | cmd( 240):_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16: | cmd( 320):388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEE: | cmd( 400):R_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK: | cmd( 480):='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PL: | cmd( 560):UTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+U: | cmd( 640):P+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' : | cmd( 720):PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_D: | cmd( 800):NS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' P: | cmd( 880):LUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SH: | cmd( 960):ARED='no' SPI_IN=0xb11e20e2 SPI_OUT=0x3abe5545 ipsec _updown 2>&1: | route_and_eroute: firewall_notified: true | running updown command "ipsec _updown" for verb prepare | command executing prepare-client | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xb11e20e | popen cmd is 1030 chars long | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_: | cmd( 80):INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID=': | cmd( 160):@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_C: | cmd( 240):LIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQI: | cmd( 320):D='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUT: | cmd( 400):O_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT: | cmd( 480):_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA=: | cmd( 560):'' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+: | cmd( 640):PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMAN: | cmd( 720):ENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_P: | cmd( 800):EER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER=: | cmd( 880):'0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' V: | cmd( 960):TI_SHARED='no' SPI_IN=0xb11e20e2 SPI_OUT=0x3abe5545 ipsec _updown 2>&1: | running updown command "ipsec _updown" for verb route | command executing route-client | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xb11e20e2 SP | popen cmd is 1028 chars long | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_IN: | cmd( 80):TERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@w: | cmd( 160):est' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLI: | cmd( 240):ENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=: | cmd( 320):'16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_: | cmd( 400):PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_M: | cmd( 480):ASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='': | cmd( 560): PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PF: | cmd( 640):S+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANEN: | cmd( 720):T' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEE: | cmd( 800):R_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0: | cmd( 880):' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI: | cmd( 960):_SHARED='no' SPI_IN=0xb11e20e2 SPI_OUT=0x3abe5545 ipsec _updown 2>&1: | route_and_eroute: instance "aes128", setting eroute_owner {spd=0x556c50768e20,sr=0x556c50768e20} to #2 (was #0) (newest_ipsec_sa=#0) | #1 spent 0.828 milliseconds in install_ipsec_sa() | inR2: instance aes128[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 | state #2 requesting EVENT_RETRANSMIT to be deleted | #2 STATE_PARENT_I2: retransmits: cleared | libevent_free: release ptr-libevent@0x556c5076af10 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f4568002b20 | #2 spent 2.69 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() | [RE]START processing: state #2 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) | Message ID: updating counters for #2 to 1 after switching state | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 | pstats #2 ikev2.child established "aes128" #2: negotiated connection [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] | NAT-T: encaps is 'auto' "aes128" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0xb11e20e2 <0x3abe5545 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} | releasing whack for #2 (sock=fd@25) | close_any(fd@25) (in release_whack() at state.c:654) | releasing whack and unpending for parent #1 | unpending state #1 connection "aes128" | delete from pending Child SA with 192.1.2.23 "aes128" | removing pending policy for no connection {0x556c506cb890} | close_any(fd@24) (in release_whack() at state.c:654) | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) | event_schedule: new EVENT_SA_REKEY-pe@0x7f4568002b20 | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 | libevent_malloc: new ptr-libevent@0x556c5076af10 size 128 | stop processing: state #2 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #1 spent 3.15 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 3.16 milliseconds in comm_handle_cb() reading and processing packet | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00416 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.0027 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00262 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_STATE_... in show_traffic_status (sort_states) | FOR_EACH_STATE_... in sort_states | get_sa_info esp.3abe5545@192.1.2.45 | get_sa_info esp.b11e20e2@192.1.2.23 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0758 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in terminate_a_connection() at terminate.c:69) "aes128": terminating SAs using this connection | connection 'aes128' -POLICY_UP | FOR_EACH_STATE_... in shared_phase1_connection | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #2 | suspend processing: connection "aes128" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #2 connection "aes128" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #2 ikev2.child deleted completed | #2 spent 2.69 milliseconds in total | [RE]START processing: state #2 connection "aes128" from 192.1.2.23:500 (in delete_state() at state.c:879) "aes128" #2: deleting state (STATE_V2_IPSEC_I) aged 0.542s and sending notification | child state #2: V2_IPSEC_I(established CHILD SA) => delete | get_sa_info esp.b11e20e2@192.1.2.23 | get_sa_info esp.3abe5545@192.1.2.45 "aes128" #2: ESP traffic information: in=84B out=84B | #2 send IKEv2 delete notification for STATE_V2_IPSEC_I | Opening output PBS informational exchange delete request | **emit ISAKMP Message: | initiator cookie: | 39 8e 7c f7 c4 ba 85 ba | responder cookie: | ca d8 bc 42 bd 8c 6a 15 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 2 (0x2) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' | emitting 4 raw bytes of local spis into IKEv2 Delete Payload | local spis 3a be 55 45 | emitting length of IKEv2 Delete Payload: 12 | adding 4 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 18 27 21 d0 b1 c6 10 98 c4 8c df 78 4c 49 02 cd | data before encryption: | 00 00 00 0c 03 04 00 01 3a be 55 45 00 01 02 03 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 7e b6 22 59 ad bd 92 f3 5a b5 c1 4f c6 97 e6 df | hmac PRF sha init symkey-key@0x556c5074d280 (size 20) | hmac: symkey-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc2986fa8 | result: clone-key@0x556c5076d180 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x556c50750530 from symkey-key@0x556c5076d180 | hmac prf: begin sha with context 0x556c50750530 from symkey-key@0x556c5076d180 | hmac: release clone-key@0x556c5076d180 | hmac PRF sha crypt-prf@0x556c5076aef0 | hmac PRF sha update data-bytes@0x7ffdc2987380 (length 64) | 39 8e 7c f7 c4 ba 85 ba ca d8 bc 42 bd 8c 6a 15 | 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | 18 27 21 d0 b1 c6 10 98 c4 8c df 78 4c 49 02 cd | 7e b6 22 59 ad bd 92 f3 5a b5 c1 4f c6 97 e6 df | hmac PRF sha final-bytes@0x7ffdc29873c0 (length 20) | 77 0e e5 3c e9 56 3b 44 34 5b f8 a7 28 c9 d4 0a | 8b cb 4f 1e | data being hmac: 39 8e 7c f7 c4 ba 85 ba ca d8 bc 42 bd 8c 6a 15 | data being hmac: 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | data being hmac: 18 27 21 d0 b1 c6 10 98 c4 8c df 78 4c 49 02 cd | data being hmac: 7e b6 22 59 ad bd 92 f3 5a b5 c1 4f c6 97 e6 df | out calculated auth: | 77 0e e5 3c e9 56 3b 44 34 5b f8 a7 | sending 76 bytes for delete notification through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #2) | 39 8e 7c f7 c4 ba 85 ba ca d8 bc 42 bd 8c 6a 15 | 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | 18 27 21 d0 b1 c6 10 98 c4 8c df 78 4c 49 02 cd | 7e b6 22 59 ad bd 92 f3 5a b5 c1 4f c6 97 e6 df | 77 0e e5 3c e9 56 3b 44 34 5b f8 a7 | Message ID: IKE #1 sender #2 in send_delete record 'n' sending delete request so forcing IKE nextuse=0->1 and sender msgid=0->0 | Message ID: IKE #1 sender #2 in send_delete hacking around record ' send | Message ID: sent #1 request 2; ike: initiator.sent=1->2 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->2 wip.responder=-1 | state #2 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x556c5076af10 | free_event_entry: release EVENT_SA_REKEY-pe@0x7f4568002b20 | running updown command "ipsec _updown" for verb down | command executing down-client | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050843' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xb11e20e | popen cmd is 1033 chars long | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INT: | cmd( 80):ERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@we: | cmd( 160):st' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIE: | cmd( 240):NT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=': | cmd( 320):16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_P: | cmd( 400):EER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MA: | cmd( 480):SK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' : | cmd( 560):PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050843' PLUTO_CONN_POLICY='PSK+ENCRYPT+T: | cmd( 640):UNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PER: | cmd( 720):MANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUT: | cmd( 800):O_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERV: | cmd( 880):ER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no: | cmd( 960):' VTI_SHARED='no' SPI_IN=0xb11e20e2 SPI_OUT=0x3abe5545 ipsec _updown 2>&1: | shunt_eroute() called for connection 'aes128' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.1.0/24:0 --0->- 192.0.2.0/24:0 | netlink_shunt_eroute for proto 0, and source 192.0.1.0/24:0 dest 192.0.2.0/24:0 | priority calculation of connection "aes128" is 0xfe7e7 | IPsec Sa SPD priority set to 1042407 | delete esp.b11e20e2@192.1.2.23 | netlink response for Del SA esp.b11e20e2@192.1.2.23 included non-error error | priority calculation of connection "aes128" is 0xfe7e7 | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | delete esp.3abe5545@192.1.2.45 | netlink response for Del SA esp.3abe5545@192.1.2.45 included non-error error | stop processing: connection "aes128" (BACKGROUND) (in update_state_connection() at connections.c:4037) | start processing: connection NULL (in update_state_connection() at connections.c:4038) | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #2 in V2_IPSEC_I | child state #2: V2_IPSEC_I(established CHILD SA) => UNDEFINED(ignore) | stop processing: state #2 from 192.1.2.23:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x556c50757800 | delete_state: release st->st_skey_ai_nss-key@0x556c5074d280 | delete_state: release st->st_skey_ar_nss-key@0x556c507543d0 | delete_state: release st->st_skey_ei_nss-key@0x556c5075ae20 | delete_state: release st->st_skey_er_nss-key@0x556c5074eb00 | delete_state: release st->st_skey_pi_nss-key@0x7f456000a510 | delete_state: release st->st_skey_pr_nss-key@0x7f456000d640 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #1 | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #1 | start processing: state #1 connection "aes128" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #1 ikev2.ike deleted completed | #1 spent 10.1 milliseconds in total | [RE]START processing: state #1 connection "aes128" from 192.1.2.23:500 (in delete_state() at state.c:879) "aes128" #1: deleting state (STATE_PARENT_I3) aged 0.595s and sending notification | parent state #1: PARENT_I3(established IKE SA) => delete | #1 send IKEv2 delete notification for STATE_PARENT_I3 | Opening output PBS informational exchange delete request | **emit ISAKMP Message: | initiator cookie: | 39 8e 7c f7 c4 ba 85 ba | responder cookie: | ca d8 bc 42 bd 8c 6a 15 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 3 (0x3) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_IKE (0x1) | SPI size: 0 (0x0) | number of SPIs: 0 (0x0) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' | emitting length of IKEv2 Delete Payload: 8 | adding 8 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | cb b8 16 f0 44 6b 20 f2 ab 57 79 70 5e 64 36 49 | data before encryption: | 00 00 00 08 01 00 00 00 00 01 02 03 04 05 06 07 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 28 2f 8b 76 e7 80 e1 6e a1 74 ae c1 5d 86 70 03 | hmac PRF sha init symkey-key@0x556c5074d280 (size 20) | hmac: symkey-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc2986fa8 | result: clone-key@0x556c5076d180 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x556c50750530 from symkey-key@0x556c5076d180 | hmac prf: begin sha with context 0x556c50750530 from symkey-key@0x556c5076d180 | hmac: release clone-key@0x556c5076d180 | hmac PRF sha crypt-prf@0x556c5076b1f0 | hmac PRF sha update data-bytes@0x7ffdc2987380 (length 64) | 39 8e 7c f7 c4 ba 85 ba ca d8 bc 42 bd 8c 6a 15 | 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | cb b8 16 f0 44 6b 20 f2 ab 57 79 70 5e 64 36 49 | 28 2f 8b 76 e7 80 e1 6e a1 74 ae c1 5d 86 70 03 | hmac PRF sha final-bytes@0x7ffdc29873c0 (length 20) | be 33 03 a9 e5 7c 83 1b 5e dc 2d 47 7c b2 c0 1a | 8d 4b 37 36 | data being hmac: 39 8e 7c f7 c4 ba 85 ba ca d8 bc 42 bd 8c 6a 15 | data being hmac: 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | data being hmac: cb b8 16 f0 44 6b 20 f2 ab 57 79 70 5e 64 36 49 | data being hmac: 28 2f 8b 76 e7 80 e1 6e a1 74 ae c1 5d 86 70 03 | out calculated auth: | be 33 03 a9 e5 7c 83 1b 5e dc 2d 47 | sending 76 bytes for delete notification through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) | 39 8e 7c f7 c4 ba 85 ba ca d8 bc 42 bd 8c 6a 15 | 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | cb b8 16 f0 44 6b 20 f2 ab 57 79 70 5e 64 36 49 | 28 2f 8b 76 e7 80 e1 6e a1 74 ae c1 5d 86 70 03 | be 33 03 a9 e5 7c 83 1b 5e dc 2d 47 | Message ID: IKE #1 sender #1 in send_delete record 'n' sending delete request so forcing IKE nextuse=1->2 and sender msgid=0->1 | Message ID: IKE #1 sender #1 in send_delete hacking around record ' send | Message ID: #1 XXX: expecting sender.wip.initiator 2 == -1 - suspect record'n'send out-of-order?); initiator.sent=3 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=3 wip.responder=-1 | Message ID: sent #1 request 3; ike: initiator.sent=2->3 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=2->3 wip.responder=-1 | state #1 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x556c5076b250 | free_event_entry: release EVENT_SA_REKEY-pe@0x556c5076b210 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #1 in PARENT_I3 | parent state #1: PARENT_I3(established IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f4568000d60: destroyed | stop processing: state #1 from 192.1.2.23:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x556c507594c0 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x556c50757800 | delete_state: release st->st_skey_ai_nss-key@0x556c5074d280 | delete_state: release st->st_skey_ar_nss-key@0x556c507543d0 | delete_state: release st->st_skey_ei_nss-key@0x556c5075ae20 | delete_state: release st->st_skey_er_nss-key@0x556c5074eb00 | delete_state: release st->st_skey_pi_nss-key@0x7f456000a510 | delete_state: release st->st_skey_pr_nss-key@0x7f456000d640 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 1.33 milliseconds in whack | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00425 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00296 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 39 8e 7c f7 c4 ba 85 ba ca d8 bc 42 bd 8c 6a 15 | 2e 20 25 20 00 00 00 02 00 00 00 4c 2a 00 00 30 | 59 11 62 62 1e f2 2f be 96 a4 f7 b9 7d 14 93 97 | 4f f8 89 18 6a 83 b7 f9 70 b3 7f e2 49 8e 77 4b | d0 b8 25 06 b8 69 bf 19 10 c9 8b 42 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 39 8e 7c f7 c4 ba 85 ba | responder cookie: | ca d8 bc 42 bd 8c 6a 15 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 2 (0x2) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL response | State DB: IKEv2 state not found (find_v2_ike_sa) packet from 192.1.2.23:500: ISAKMP_v2_INFORMATIONAL message response has no matching IKE SA | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0693 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00129 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 39 8e 7c f7 c4 ba 85 ba ca d8 bc 42 bd 8c 6a 15 | 2e 20 25 20 00 00 00 03 00 00 00 4c 00 00 00 30 | 14 41 a1 40 66 17 01 e8 e5 09 dc 04 99 87 7f 81 | 6d 1c be 93 fe c9 43 9b 9e 57 e5 ee a8 e8 9e a3 | a4 31 49 39 80 c1 39 3a e4 52 f7 6d | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 39 8e 7c f7 c4 ba 85 ba | responder cookie: | ca d8 bc 42 bd 8c 6a 15 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 3 (0x3) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL response | State DB: IKEv2 state not found (find_v2_ike_sa) packet from 192.1.2.23:500: ISAKMP_v2_INFORMATIONAL message response has no matching IKE SA | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0567 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in terminate_a_connection() at terminate.c:69) "aes128": terminating SAs using this connection | connection 'aes128' -POLICY_UP | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | stop processing: connection "aes128" (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | shunt_eroute() called for connection 'aes128' to 'delete' for rt_kind 'unrouted' using protoports 192.0.1.0/24:0 --0->- 192.0.2.0/24:0 | netlink_shunt_eroute for proto 0, and source 192.0.1.0/24:0 dest 192.0.2.0/24:0 | priority calculation of connection "aes128" is 0xfe7e7 | priority calculation of connection "aes128" is 0xfe7e7 | FOR_EACH_CONNECTION_... in route_owner | conn aes128 mark 0/00000000, 0/00000000 vs | conn aes128 mark 0/00000000, 0/00000000 | route owner of "aes128" unrouted: NULL | running updown command "ipsec _updown" for verb unroute | command executing unroute-client | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT | popen cmd is 1014 chars long | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_: | cmd( 80):INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID=': | cmd( 160):@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_C: | cmd( 240):LIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQI: | cmd( 320):D='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLU: | cmd( 400):TO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIEN: | cmd( 480):T_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA: | cmd( 560):='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL: | cmd( 640):+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANEN: | cmd( 720):T' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEE: | cmd( 800):R_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0: | cmd( 880):' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI: | cmd( 960):_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. | free hp@0x556c50734860 | flush revival: connection 'aes128' wasn't on the list | stop processing: connection "aes128" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.945 milliseconds in whack | kernel_process_msg_cb process netlink message | netlink_get: XFRM_MSG_UPDPOLICY message | spent 0.00691 milliseconds in kernel message | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00441 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing suppress-retransmits + none - bust-mi2+bust-mr2+drop-i2+sa-creation+jacob-two-two+allow-null-none+major-version-bump+minor-version-bump+timeout-on-retransmit+delete-on-retransmit+suppress-retransmits+send-bogus-payload-flag+send-bogus-isakmp-flag+send-no-delete+send-no-ikev2-auth+send-no-xauth-r0+drop-xauth-r0+send-no-main-r2+force-fips+send-key-size-check+send-bogus-dcookie+omit-hash-notify+ignore-hash-notify+ignore-hash-notify-resp+ikev2-exclude-integ-none+ikev2-include-integ-none+replay-duplicates+replay-forward+replay-backward+replay-encrypted+corrupt-encrypted+proposal-parser+add-unknown-payload-to-sa-init+add-unknown-payload-to-auth+add-unknown-payload-to-auth-sk+unknown-payload-critical+allow-dns-insecure+send-pkcs7-thingie+ikev1-del-with-notify+bad-ikev2-auth-xchg | base impairing = none | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0581 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing none + delete-on-retransmit | base impairing = delete-on-retransmit | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0441 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none | base impairing = delete-on-retransmit | ike-key-length-attribute:0 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0478 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection aes128 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_CBC_128-HMAC_SHA1-MODP2048 | from whack: got --esp=aes128-sha1;modp2048 | ESP/AH string values: AES_CBC_128-HMAC_SHA1_96-MODP2048 | counting wild cards for @west is 0 | counting wild cards for @east is 0 | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x556c5076ae40 added connection description "aes128" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.131 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in initiate_a_connection() at initiate.c:186) | connection 'aes128' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #3 at 0x556c5076d5a0 | State DB: adding IKEv2 state #3 in UNDEFINED | pstats #3 ikev2.ike started | Message ID: init #3: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #3: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #3; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #3 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "aes128" IKE SA #3 "aes128" "aes128" #3: initiating v2 parent SA | constructing local IKE proposals for aes128 (IKE SA initiator selecting KE) | converting ike_info AES_CBC_128-HMAC_SHA1-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "aes128": constructed local IKE proposals for aes128 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 3 for state #3 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x556c50772dd0 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 | libevent_malloc: new ptr-libevent@0x556c5076b250 size 128 | #3 spent 0.114 milliseconds in ikev2_parent_outI1() | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: state #3 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.18 milliseconds in whack | crypto helper 6 resuming | crypto helper 6 starting work-order 3 for state #3 | crypto helper 6 doing build KE and nonce (ikev2_outI1 KE); request ID 3 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f4564000d60: created | NSS: Local DH MODP2048 secret (pointer): 0x7f4564000d60 | NSS: Public DH wire value: | bc b4 55 a2 36 13 8d fc 3f a6 5b 02 e6 83 84 e4 | d8 33 0d 03 dd a8 a7 57 ad 1d 63 f4 80 a2 27 9a | b2 61 ea f7 df 09 3f 89 c1 ed 99 3c b0 9d dc 1d | 0a 95 55 6d 13 6c 7e 4a 64 b9 f0 e4 20 02 f1 07 | 5a f3 3e 2f 85 5b a4 5c eb 7d e3 56 a1 cc 4a 02 | e1 19 5f be f2 aa 3f 8d 94 86 7d 94 08 6e 97 82 | 6d d6 75 90 83 75 ce f6 58 0e 36 23 3b 4d 7f 63 | e8 45 0f e4 7f 38 85 e3 9b 88 89 f2 e2 42 57 fa | 7d 53 ee 70 3c 0d 21 ce ee ff b8 77 f7 1c dc 46 | 46 19 42 08 2b ed 00 ae 60 64 76 9d c9 bf 34 8c | 2d d6 b1 b5 60 71 cf af fa b7 ca 0b 4c 7d f2 49 | c3 5b 53 63 24 24 cf ce 8e 5e 3b 1e 3c 81 ba 84 | 60 28 79 ed b6 53 4c 9c 7d 1a 69 9c fe 0f 2a e6 | 86 17 a3 8f 14 f0 79 74 70 37 29 29 53 71 b6 e6 | a2 05 cc 6f 53 20 76 d3 89 42 4c b2 5a 24 b8 75 | 93 22 47 3d 4f 07 e5 46 df ca 72 da 6d 39 47 4c | Generated nonce: a2 f4 7d 57 ef 77 08 c0 6f 8d 24 dd 35 3e 8a 76 | Generated nonce: ed 9a 20 c3 4f 7e 73 1f 79 86 22 cc a5 d4 23 2b | crypto helper 6 finished build KE and nonce (ikev2_outI1 KE); request ID 3 time elapsed 0.001111 seconds | (#3) spent 1.07 milliseconds in crypto helper computing work-order 3: ikev2_outI1 KE (pcr) | crypto helper 6 sending results from work-order 3 for state #3 to event queue | scheduling resume sending helper answer for #3 | libevent_malloc: new ptr-libevent@0x7f4564006900 size 128 | crypto helper 6 waiting (nothing to do) | processing resume sending helper answer for #3 | start processing: state #3 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 6 replies to request ID 3 | calling continuation function 0x556c4f6f1630 | ikev2_parent_outI1_continue for #3 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f4564000d60: transferring ownership from helper KE to state #3 | **emit ISAKMP Message: | initiator cookie: | 0e 53 4c 5a 08 50 2d f0 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection aes128 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "aes128" #3: IMPAIR: emitting fixed-length key-length attribute with 0 key | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 0 (0x0) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x bc b4 55 a2 36 13 8d fc 3f a6 5b 02 e6 83 84 e4 | ikev2 g^x d8 33 0d 03 dd a8 a7 57 ad 1d 63 f4 80 a2 27 9a | ikev2 g^x b2 61 ea f7 df 09 3f 89 c1 ed 99 3c b0 9d dc 1d | ikev2 g^x 0a 95 55 6d 13 6c 7e 4a 64 b9 f0 e4 20 02 f1 07 | ikev2 g^x 5a f3 3e 2f 85 5b a4 5c eb 7d e3 56 a1 cc 4a 02 | ikev2 g^x e1 19 5f be f2 aa 3f 8d 94 86 7d 94 08 6e 97 82 | ikev2 g^x 6d d6 75 90 83 75 ce f6 58 0e 36 23 3b 4d 7f 63 | ikev2 g^x e8 45 0f e4 7f 38 85 e3 9b 88 89 f2 e2 42 57 fa | ikev2 g^x 7d 53 ee 70 3c 0d 21 ce ee ff b8 77 f7 1c dc 46 | ikev2 g^x 46 19 42 08 2b ed 00 ae 60 64 76 9d c9 bf 34 8c | ikev2 g^x 2d d6 b1 b5 60 71 cf af fa b7 ca 0b 4c 7d f2 49 | ikev2 g^x c3 5b 53 63 24 24 cf ce 8e 5e 3b 1e 3c 81 ba 84 | ikev2 g^x 60 28 79 ed b6 53 4c 9c 7d 1a 69 9c fe 0f 2a e6 | ikev2 g^x 86 17 a3 8f 14 f0 79 74 70 37 29 29 53 71 b6 e6 | ikev2 g^x a2 05 cc 6f 53 20 76 d3 89 42 4c b2 5a 24 b8 75 | ikev2 g^x 93 22 47 3d 4f 07 e5 46 df ca 72 da 6d 39 47 4c | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce a2 f4 7d 57 ef 77 08 c0 6f 8d 24 dd 35 3e 8a 76 | IKEv2 nonce ed 9a 20 c3 4f 7e 73 1f 79 86 22 cc a5 d4 23 2b | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffdc298a810 (length 8) | 0e 53 4c 5a 08 50 2d f0 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffdc298a818 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffdc298a744 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffdc298a736 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffdc298a7c0 (length 20) | 85 7b cc d8 ac 7f a1 da 58 b0 66 b0 df fa a8 f1 | 22 88 9f 1d | natd_hash: hasher=0x556c4f7c77a0(20) | natd_hash: icookie= 0e 53 4c 5a 08 50 2d f0 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 85 7b cc d8 ac 7f a1 da 58 b0 66 b0 df fa a8 f1 | natd_hash: hash= 22 88 9f 1d | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 85 7b cc d8 ac 7f a1 da 58 b0 66 b0 df fa a8 f1 | Notify data 22 88 9f 1d | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffdc298a810 (length 8) | 0e 53 4c 5a 08 50 2d f0 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffdc298a818 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffdc298a744 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffdc298a736 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffdc298a7c0 (length 20) | ba e9 4c 3f 22 3e 21 2f 0b 9f 1a 7a 3e dc 00 32 | e5 9c b5 54 | natd_hash: hasher=0x556c4f7c77a0(20) | natd_hash: icookie= 0e 53 4c 5a 08 50 2d f0 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= ba e9 4c 3f 22 3e 21 2f 0b 9f 1a 7a 3e dc 00 32 | natd_hash: hash= e5 9c b5 54 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data ba e9 4c 3f 22 3e 21 2f 0b 9f 1a 7a 3e dc 00 32 | Notify data e5 9c b5 54 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | stop processing: state #3 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #3 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #3 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #3: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #3 to 4294967295 after switching state | Message ID: IKE #3 skipping update_recv as MD is fake | Message ID: sent #3 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "aes128" #3: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 440 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #3) | 0e 53 4c 5a 08 50 2d f0 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 bc b4 55 a2 36 13 8d fc 3f a6 5b 02 | e6 83 84 e4 d8 33 0d 03 dd a8 a7 57 ad 1d 63 f4 | 80 a2 27 9a b2 61 ea f7 df 09 3f 89 c1 ed 99 3c | b0 9d dc 1d 0a 95 55 6d 13 6c 7e 4a 64 b9 f0 e4 | 20 02 f1 07 5a f3 3e 2f 85 5b a4 5c eb 7d e3 56 | a1 cc 4a 02 e1 19 5f be f2 aa 3f 8d 94 86 7d 94 | 08 6e 97 82 6d d6 75 90 83 75 ce f6 58 0e 36 23 | 3b 4d 7f 63 e8 45 0f e4 7f 38 85 e3 9b 88 89 f2 | e2 42 57 fa 7d 53 ee 70 3c 0d 21 ce ee ff b8 77 | f7 1c dc 46 46 19 42 08 2b ed 00 ae 60 64 76 9d | c9 bf 34 8c 2d d6 b1 b5 60 71 cf af fa b7 ca 0b | 4c 7d f2 49 c3 5b 53 63 24 24 cf ce 8e 5e 3b 1e | 3c 81 ba 84 60 28 79 ed b6 53 4c 9c 7d 1a 69 9c | fe 0f 2a e6 86 17 a3 8f 14 f0 79 74 70 37 29 29 | 53 71 b6 e6 a2 05 cc 6f 53 20 76 d3 89 42 4c b2 | 5a 24 b8 75 93 22 47 3d 4f 07 e5 46 df ca 72 da | 6d 39 47 4c 29 00 00 24 a2 f4 7d 57 ef 77 08 c0 | 6f 8d 24 dd 35 3e 8a 76 ed 9a 20 c3 4f 7e 73 1f | 79 86 22 cc a5 d4 23 2b 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 85 7b cc d8 ac 7f a1 da | 58 b0 66 b0 df fa a8 f1 22 88 9f 1d 00 00 00 1c | 00 00 40 05 ba e9 4c 3f 22 3e 21 2f 0b 9f 1a 7a | 3e dc 00 32 e5 9c b5 54 | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x556c5076b250 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x556c50772dd0 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x556c50772dd0 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #3 | libevent_malloc: new ptr-libevent@0x556c5076b250 size 128 | #3 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49491.563516 | resume sending helper answer for #3 suppresed complete_v2_state_transition() and stole MD | #3 spent 0.519 milliseconds in resume sending helper answer | stop processing: state #3 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f4564006900 | spent 0.00157 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 36 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 0e 53 4c 5a 08 50 2d f0 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 0e | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 0e 53 4c 5a 08 50 2d f0 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2N (0x29) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 36 (0x24) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #3 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #3 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #3 connection "aes128" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #3 is idle | #3 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | processing payload: ISAKMP_NEXT_v2N (len=0) | State DB: re-hashing IKEv2 state #3 IKE SPIi and SPI[ir] | #3 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process SA_INIT reply notification | Now let's proceed with state specific processing | calling processor Initiator: process SA_INIT reply notification "aes128" #3: STATE_PARENT_I1: received unauthenticated v2N_NO_PROPOSAL_CHOSEN - ignored | #3 spent 0.00646 milliseconds in processing: Initiator: process SA_INIT reply notification in ikev2_process_state_packet() | [RE]START processing: state #3 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #3 complete_v2_state_transition() PARENT_I1->PARENT_I1 with status STF_IGNORE | stop processing: state #3 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #3 spent 0.116 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.128 milliseconds in comm_handle_cb() reading and processing packet | timer_event_cb: processing event@0x556c50772dd0 | handling event EVENT_RETRANSMIT for parent state #3 | start processing: state #3 connection "aes128" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) | IKEv2 retransmit event | [RE]START processing: state #3 connection "aes128" from 192.1.2.23:500 (in retransmit_v2_msg() at retry.c:144) | handling event EVENT_RETRANSMIT for 192.1.2.23 "aes128" #3 attempt 2 of 0 | and parent for 192.1.2.23 "aes128" #3 keying attempt 1 of 0; retransmit 1 "aes128" #3: IMPAIR: retransmit so deleting SA | maximum number of keyingtries reached - deleting state | [RE]START processing: state #3 connection "aes128" from 192.1.2.23:500 (in retransmit_v2_msg() at retry.c:234) | pstats #3 ikev2.ike failed too-many-retransmits | pstats #3 ikev2.ike deleted too-many-retransmits | #3 spent 1.82 milliseconds in total | [RE]START processing: state #3 connection "aes128" from 192.1.2.23:500 (in delete_state() at state.c:879) "aes128" #3: deleting state (STATE_PARENT_I1) aged 0.502s and NOT sending notification | parent state #3: PARENT_I1(half-open IKE SA) => delete | in connection_discard for connection aes128 | close_any(fd@25) (in delete_pending() at pending.c:244) | removing pending policy for "aes128" {0x556c507714e0} | State DB: IKEv2 state not found (flush_incomplete_children) | picked newest_isakmp_sa #0 for #3 "aes128" #3: deleting IKE SA for connection 'aes128' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS | add revival: connection 'aes128' added to the list and scheduled for 0 seconds | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #3 in PARENT_I1 | parent state #3: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) | close_any(fd@24) (in release_whack() at state.c:654) | DH secret MODP2048@0x7f4564000d60: destroyed | stop processing: state #3 from 192.1.2.23:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | libevent_free: release ptr-libevent@0x556c5076b250 | free_event_entry: release EVENT_RETRANSMIT-pe@0x556c50772dd0 | in statetime_stop() and could not find #3 | processing: STOP state #0 (in timer_event_cb() at timer.c:557) | processing global timer EVENT_REVIVE_CONNS Initiating connection aes128 which received a Delete/Notify but must remain up per local policy | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in initiate_a_connection() at initiate.c:186) | connection 'aes128' +POLICY_UP | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #4 at 0x556c5076d5a0 | State DB: adding IKEv2 state #4 in UNDEFINED | pstats #4 ikev2.ike started | Message ID: init #4: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #4: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #4; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #4 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "aes128" IKE SA #4 "aes128" "aes128" #4: initiating v2 parent SA | using existing local IKE proposals for connection aes128 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 4 for state #4 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x556c50772dd0 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 | libevent_malloc: new ptr-libevent@0x556c5076b250 size 128 | #4 spent 0.0954 milliseconds in ikev2_parent_outI1() | RESET processing: state #4 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | spent 0.115 milliseconds in global timer EVENT_REVIVE_CONNS | crypto helper 0 resuming | crypto helper 0 starting work-order 4 for state #4 | crypto helper 0 doing build KE and nonce (ikev2_outI1 KE); request ID 4 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f4558000d60: created | NSS: Local DH MODP2048 secret (pointer): 0x7f4558000d60 | NSS: Public DH wire value: | 60 b9 5b 15 e1 7b 66 fd 1a d3 2c db b2 a9 a0 b7 | 2d 25 27 5e 1e 42 82 ca cd 78 29 6e ad c9 c1 f5 | 6e 91 65 68 88 c2 88 32 a0 24 e2 4e 46 f7 38 e3 | 6c ca f6 c0 f7 a0 50 eb 3a f9 3c e4 92 c2 aa 64 | 6b 8a 94 cf fd 04 0a 09 d4 7a c5 25 09 22 36 c5 | 15 1a 36 42 5a e6 1d 56 c2 55 bc e8 20 1a d4 57 | 88 81 f1 d2 1d 38 d0 2e 77 bc 8a 6d 60 8b e7 08 | d4 7a 98 dc d5 ea 72 58 2f 54 1e fe 70 83 0e cc | 9c e3 9c 20 b0 95 5d 93 38 da f3 fc da a5 a0 be | 39 d1 3b cc af 9f f9 32 aa 42 f6 3d 33 2a 3c 2b | 07 44 2c 4f 3e eb 77 25 45 a1 8b 8f 94 7f c1 38 | e3 63 76 44 0c ee 6b 2e 44 49 1f 3e 82 25 fb 60 | e7 9d d3 a2 9d 70 b5 a9 fa 11 bf 3f 4b 7a c8 d7 | 91 b9 e2 c7 5f 2d a1 c8 31 54 23 65 a5 c1 2f 19 | 98 9f fc 03 bd 25 74 c3 a1 3a a7 87 af 26 af 68 | 10 7b 36 12 e4 4a 1b 94 d1 43 da 69 84 c4 a6 87 | Generated nonce: fb 50 d3 24 a2 b4 c5 53 84 da 8b 3d e9 b5 43 60 | Generated nonce: ce a9 5b 30 8f 31 5f 18 1d b5 ab 14 90 23 ef 5e | crypto helper 0 finished build KE and nonce (ikev2_outI1 KE); request ID 4 time elapsed 0.000948 seconds | (#4) spent 0.95 milliseconds in crypto helper computing work-order 4: ikev2_outI1 KE (pcr) | crypto helper 0 sending results from work-order 4 for state #4 to event queue | scheduling resume sending helper answer for #4 | libevent_malloc: new ptr-libevent@0x7f4558006900 size 128 | crypto helper 0 waiting (nothing to do) | processing resume sending helper answer for #4 | start processing: state #4 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 0 replies to request ID 4 | calling continuation function 0x556c4f6f1630 | ikev2_parent_outI1_continue for #4 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f4558000d60: transferring ownership from helper KE to state #4 | **emit ISAKMP Message: | initiator cookie: | 1b f6 c4 67 0a cb ce fa | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection aes128 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "aes128" #4: IMPAIR: emitting fixed-length key-length attribute with 0 key | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 0 (0x0) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 60 b9 5b 15 e1 7b 66 fd 1a d3 2c db b2 a9 a0 b7 | ikev2 g^x 2d 25 27 5e 1e 42 82 ca cd 78 29 6e ad c9 c1 f5 | ikev2 g^x 6e 91 65 68 88 c2 88 32 a0 24 e2 4e 46 f7 38 e3 | ikev2 g^x 6c ca f6 c0 f7 a0 50 eb 3a f9 3c e4 92 c2 aa 64 | ikev2 g^x 6b 8a 94 cf fd 04 0a 09 d4 7a c5 25 09 22 36 c5 | ikev2 g^x 15 1a 36 42 5a e6 1d 56 c2 55 bc e8 20 1a d4 57 | ikev2 g^x 88 81 f1 d2 1d 38 d0 2e 77 bc 8a 6d 60 8b e7 08 | ikev2 g^x d4 7a 98 dc d5 ea 72 58 2f 54 1e fe 70 83 0e cc | ikev2 g^x 9c e3 9c 20 b0 95 5d 93 38 da f3 fc da a5 a0 be | ikev2 g^x 39 d1 3b cc af 9f f9 32 aa 42 f6 3d 33 2a 3c 2b | ikev2 g^x 07 44 2c 4f 3e eb 77 25 45 a1 8b 8f 94 7f c1 38 | ikev2 g^x e3 63 76 44 0c ee 6b 2e 44 49 1f 3e 82 25 fb 60 | ikev2 g^x e7 9d d3 a2 9d 70 b5 a9 fa 11 bf 3f 4b 7a c8 d7 | ikev2 g^x 91 b9 e2 c7 5f 2d a1 c8 31 54 23 65 a5 c1 2f 19 | ikev2 g^x 98 9f fc 03 bd 25 74 c3 a1 3a a7 87 af 26 af 68 | ikev2 g^x 10 7b 36 12 e4 4a 1b 94 d1 43 da 69 84 c4 a6 87 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce fb 50 d3 24 a2 b4 c5 53 84 da 8b 3d e9 b5 43 60 | IKEv2 nonce ce a9 5b 30 8f 31 5f 18 1d b5 ab 14 90 23 ef 5e | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffdc298a810 (length 8) | 1b f6 c4 67 0a cb ce fa | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffdc298a818 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffdc298a744 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffdc298a736 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffdc298a7c0 (length 20) | 7b ec 06 e1 6d 75 dc d7 c8 f0 51 94 58 f6 59 9f | 9e 6d 1c af | natd_hash: hasher=0x556c4f7c77a0(20) | natd_hash: icookie= 1b f6 c4 67 0a cb ce fa | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 7b ec 06 e1 6d 75 dc d7 c8 f0 51 94 58 f6 59 9f | natd_hash: hash= 9e 6d 1c af | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 7b ec 06 e1 6d 75 dc d7 c8 f0 51 94 58 f6 59 9f | Notify data 9e 6d 1c af | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffdc298a810 (length 8) | 1b f6 c4 67 0a cb ce fa | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffdc298a818 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffdc298a744 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffdc298a736 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffdc298a7c0 (length 20) | a8 ba be 54 b3 e8 68 99 4a bd 86 97 12 84 11 bc | 63 c9 7f 04 | natd_hash: hasher=0x556c4f7c77a0(20) | natd_hash: icookie= 1b f6 c4 67 0a cb ce fa | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= a8 ba be 54 b3 e8 68 99 4a bd 86 97 12 84 11 bc | natd_hash: hash= 63 c9 7f 04 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data a8 ba be 54 b3 e8 68 99 4a bd 86 97 12 84 11 bc | Notify data 63 c9 7f 04 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | stop processing: state #4 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #4 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #4 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #4: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #4 to 4294967295 after switching state | Message ID: IKE #4 skipping update_recv as MD is fake | Message ID: sent #4 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "aes128" #4: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 440 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #4) | 1b f6 c4 67 0a cb ce fa 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 60 b9 5b 15 e1 7b 66 fd 1a d3 2c db | b2 a9 a0 b7 2d 25 27 5e 1e 42 82 ca cd 78 29 6e | ad c9 c1 f5 6e 91 65 68 88 c2 88 32 a0 24 e2 4e | 46 f7 38 e3 6c ca f6 c0 f7 a0 50 eb 3a f9 3c e4 | 92 c2 aa 64 6b 8a 94 cf fd 04 0a 09 d4 7a c5 25 | 09 22 36 c5 15 1a 36 42 5a e6 1d 56 c2 55 bc e8 | 20 1a d4 57 88 81 f1 d2 1d 38 d0 2e 77 bc 8a 6d | 60 8b e7 08 d4 7a 98 dc d5 ea 72 58 2f 54 1e fe | 70 83 0e cc 9c e3 9c 20 b0 95 5d 93 38 da f3 fc | da a5 a0 be 39 d1 3b cc af 9f f9 32 aa 42 f6 3d | 33 2a 3c 2b 07 44 2c 4f 3e eb 77 25 45 a1 8b 8f | 94 7f c1 38 e3 63 76 44 0c ee 6b 2e 44 49 1f 3e | 82 25 fb 60 e7 9d d3 a2 9d 70 b5 a9 fa 11 bf 3f | 4b 7a c8 d7 91 b9 e2 c7 5f 2d a1 c8 31 54 23 65 | a5 c1 2f 19 98 9f fc 03 bd 25 74 c3 a1 3a a7 87 | af 26 af 68 10 7b 36 12 e4 4a 1b 94 d1 43 da 69 | 84 c4 a6 87 29 00 00 24 fb 50 d3 24 a2 b4 c5 53 | 84 da 8b 3d e9 b5 43 60 ce a9 5b 30 8f 31 5f 18 | 1d b5 ab 14 90 23 ef 5e 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 7b ec 06 e1 6d 75 dc d7 | c8 f0 51 94 58 f6 59 9f 9e 6d 1c af 00 00 00 1c | 00 00 40 05 a8 ba be 54 b3 e8 68 99 4a bd 86 97 | 12 84 11 bc 63 c9 7f 04 | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x556c5076b250 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x556c50772dd0 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x556c50772dd0 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #4 | libevent_malloc: new ptr-libevent@0x556c5076b250 size 128 | #4 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49492.066606 | resume sending helper answer for #4 suppresed complete_v2_state_transition() and stole MD | #4 spent 0.527 milliseconds in resume sending helper answer | stop processing: state #4 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f4558006900 | spent 0.0019 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 36 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 1b f6 c4 67 0a cb ce fa 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 0e | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 1b f6 c4 67 0a cb ce fa | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2N (0x29) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 36 (0x24) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #4 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #4 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #4 connection "aes128" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #4 is idle | #4 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | processing payload: ISAKMP_NEXT_v2N (len=0) | State DB: re-hashing IKEv2 state #4 IKE SPIi and SPI[ir] | #4 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process SA_INIT reply notification | Now let's proceed with state specific processing | calling processor Initiator: process SA_INIT reply notification "aes128" #4: STATE_PARENT_I1: received unauthenticated v2N_NO_PROPOSAL_CHOSEN - ignored | #4 spent 0.00351 milliseconds in processing: Initiator: process SA_INIT reply notification in ikev2_process_state_packet() | [RE]START processing: state #4 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #4 complete_v2_state_transition() PARENT_I1->PARENT_I1 with status STF_IGNORE | stop processing: state #4 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #4 spent 0.097 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.107 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_STATE_... in show_traffic_status (sort_states) | FOR_EACH_STATE_... in sort_states | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0538 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in terminate_a_connection() at terminate.c:69) "aes128": terminating SAs using this connection | connection 'aes128' -POLICY_UP | removing pending policy for no connection {0x556c507714e0} | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #4 | suspend processing: connection "aes128" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #4 connection "aes128" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #4 ikev2.ike deleted other | #4 spent 1.67 milliseconds in total | [RE]START processing: state #4 connection "aes128" from 192.1.2.23:500 (in delete_state() at state.c:879) "aes128" #4: deleting state (STATE_PARENT_I1) aged 0.045s and NOT sending notification | parent state #4: PARENT_I1(half-open IKE SA) => delete | state #4 requesting EVENT_RETRANSMIT to be deleted | #4 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x556c5076b250 | free_event_entry: release EVENT_RETRANSMIT-pe@0x556c50772dd0 | State DB: IKEv2 state not found (flush_incomplete_children) | stop processing: connection "aes128" (BACKGROUND) (in update_state_connection() at connections.c:4037) | start processing: connection NULL (in update_state_connection() at connections.c:4038) | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #4 in PARENT_I1 | parent state #4: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f4558000d60: destroyed | stop processing: state #4 from 192.1.2.23:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | free hp@0x556c5076ae40 | flush revival: connection 'aes128' wasn't on the list | stop processing: connection "aes128" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.214 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none - bust-mi2+bust-mr2+drop-i2+sa-creation+jacob-two-two+allow-null-none+major-version-bump+minor-version-bump+timeout-on-retransmit+delete-on-retransmit+suppress-retransmits+send-bogus-payload-flag+send-bogus-isakmp-flag+send-no-delete+send-no-ikev2-auth+send-no-xauth-r0+drop-xauth-r0+send-no-main-r2+force-fips+send-key-size-check+send-bogus-dcookie+omit-hash-notify+ignore-hash-notify+ignore-hash-notify-resp+ikev2-exclude-integ-none+ikev2-include-integ-none+replay-duplicates+replay-forward+replay-backward+replay-encrypted+corrupt-encrypted+proposal-parser+add-unknown-payload-to-sa-init+add-unknown-payload-to-auth+add-unknown-payload-to-auth-sk+unknown-payload-critical+allow-dns-insecure+send-pkcs7-thingie+ikev1-del-with-notify+bad-ikev2-auth-xchg | base impairing = none | ike-key-length-attribute: disabled | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0646 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing none + delete-on-retransmit | base impairing = delete-on-retransmit | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0518 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none | base impairing = delete-on-retransmit | child-key-length-attribute:0 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0463 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection aes128 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_CBC_128-HMAC_SHA1-MODP2048 | from whack: got --esp=aes128-sha1;modp2048 | ESP/AH string values: AES_CBC_128-HMAC_SHA1_96-MODP2048 | counting wild cards for @west is 0 | counting wild cards for @east is 0 | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x556c50734860 added connection description "aes128" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.139 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in initiate_a_connection() at initiate.c:186) | connection 'aes128' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #5 at 0x556c5076d5a0 | State DB: adding IKEv2 state #5 in UNDEFINED | pstats #5 ikev2.ike started | Message ID: init #5: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #5: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #5; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #5 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "aes128" IKE SA #5 "aes128" "aes128" #5: initiating v2 parent SA | constructing local IKE proposals for aes128 (IKE SA initiator selecting KE) | converting ike_info AES_CBC_128-HMAC_SHA1-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "aes128": constructed local IKE proposals for aes128 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 5 for state #5 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f4564002b20 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 | libevent_malloc: new ptr-libevent@0x556c5076b250 size 128 | #5 spent 0.112 milliseconds in ikev2_parent_outI1() | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: state #5 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.176 milliseconds in whack | crypto helper 2 resuming | crypto helper 2 starting work-order 5 for state #5 | crypto helper 2 doing build KE and nonce (ikev2_outI1 KE); request ID 5 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f455c000d60: created | NSS: Local DH MODP2048 secret (pointer): 0x7f455c000d60 | NSS: Public DH wire value: | a7 21 c3 b3 99 7e 93 8d ce 6f d9 a9 ea af 33 d5 | 16 35 97 d2 60 d6 fa 7d 52 cf b9 df 6f 9b 84 e3 | 02 14 79 53 9d d6 45 67 1e 78 25 af fb 9e c5 2e | 55 75 02 67 5c bd d8 1d f4 58 9a 11 b2 22 9f 66 | 86 ea c4 ed c9 19 32 b1 c5 b8 02 89 79 1a b5 07 | db 37 d2 e5 72 b4 24 9d f0 26 2b 6b 65 63 ca 4b | de 92 e0 89 3a 61 61 04 6d 31 c5 66 5a c8 17 a6 | ea 7f bc 2e cf 4b 47 0b bb 18 5f 4e 5a 48 5e bf | c0 77 d8 3c 41 94 57 31 63 76 de 20 06 6f 09 d0 | 62 10 a3 a2 60 c9 7d da b2 e9 d5 d3 d8 2b c7 03 | cd 8a 6d ac 3b 12 d1 7c 5e d1 00 13 38 ae 86 7b | e4 0d 3d b1 1d cb e0 b0 15 51 4a 62 65 b5 90 e7 | 99 7e ab 58 4c d3 63 4c 5c 41 39 37 1b d9 54 2a | 52 2c 7a b3 45 aa 6b 82 55 7b ae 44 ef 9b 9f 7d | 22 d9 dc a6 85 65 63 b2 52 11 e7 d9 32 94 b8 86 | a0 e7 02 e9 f9 00 25 d8 5a c5 b9 a9 9d 20 07 38 | Generated nonce: 0b c6 33 0a 67 ff b3 97 33 e1 32 d0 51 5b 91 7c | Generated nonce: 57 e3 82 54 5c 1d eb fd 81 54 66 53 d3 24 6e 90 | crypto helper 2 finished build KE and nonce (ikev2_outI1 KE); request ID 5 time elapsed 0.001383 seconds | (#5) spent 1.38 milliseconds in crypto helper computing work-order 5: ikev2_outI1 KE (pcr) | crypto helper 2 sending results from work-order 5 for state #5 to event queue | scheduling resume sending helper answer for #5 | libevent_malloc: new ptr-libevent@0x7f455c006900 size 128 | crypto helper 2 waiting (nothing to do) | processing resume sending helper answer for #5 | start processing: state #5 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 2 replies to request ID 5 | calling continuation function 0x556c4f6f1630 | ikev2_parent_outI1_continue for #5 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f455c000d60: transferring ownership from helper KE to state #5 | **emit ISAKMP Message: | initiator cookie: | 6d 52 27 e4 2d 1d 3b 0e | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection aes128 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x a7 21 c3 b3 99 7e 93 8d ce 6f d9 a9 ea af 33 d5 | ikev2 g^x 16 35 97 d2 60 d6 fa 7d 52 cf b9 df 6f 9b 84 e3 | ikev2 g^x 02 14 79 53 9d d6 45 67 1e 78 25 af fb 9e c5 2e | ikev2 g^x 55 75 02 67 5c bd d8 1d f4 58 9a 11 b2 22 9f 66 | ikev2 g^x 86 ea c4 ed c9 19 32 b1 c5 b8 02 89 79 1a b5 07 | ikev2 g^x db 37 d2 e5 72 b4 24 9d f0 26 2b 6b 65 63 ca 4b | ikev2 g^x de 92 e0 89 3a 61 61 04 6d 31 c5 66 5a c8 17 a6 | ikev2 g^x ea 7f bc 2e cf 4b 47 0b bb 18 5f 4e 5a 48 5e bf | ikev2 g^x c0 77 d8 3c 41 94 57 31 63 76 de 20 06 6f 09 d0 | ikev2 g^x 62 10 a3 a2 60 c9 7d da b2 e9 d5 d3 d8 2b c7 03 | ikev2 g^x cd 8a 6d ac 3b 12 d1 7c 5e d1 00 13 38 ae 86 7b | ikev2 g^x e4 0d 3d b1 1d cb e0 b0 15 51 4a 62 65 b5 90 e7 | ikev2 g^x 99 7e ab 58 4c d3 63 4c 5c 41 39 37 1b d9 54 2a | ikev2 g^x 52 2c 7a b3 45 aa 6b 82 55 7b ae 44 ef 9b 9f 7d | ikev2 g^x 22 d9 dc a6 85 65 63 b2 52 11 e7 d9 32 94 b8 86 | ikev2 g^x a0 e7 02 e9 f9 00 25 d8 5a c5 b9 a9 9d 20 07 38 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 0b c6 33 0a 67 ff b3 97 33 e1 32 d0 51 5b 91 7c | IKEv2 nonce 57 e3 82 54 5c 1d eb fd 81 54 66 53 d3 24 6e 90 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffdc298a810 (length 8) | 6d 52 27 e4 2d 1d 3b 0e | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffdc298a818 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffdc298a744 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffdc298a736 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffdc298a7c0 (length 20) | 77 27 1a 46 f7 9f e8 82 72 8b 8a 4e 6c c1 bf c1 | a5 08 de 68 | natd_hash: hasher=0x556c4f7c77a0(20) | natd_hash: icookie= 6d 52 27 e4 2d 1d 3b 0e | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 77 27 1a 46 f7 9f e8 82 72 8b 8a 4e 6c c1 bf c1 | natd_hash: hash= a5 08 de 68 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 77 27 1a 46 f7 9f e8 82 72 8b 8a 4e 6c c1 bf c1 | Notify data a5 08 de 68 | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffdc298a810 (length 8) | 6d 52 27 e4 2d 1d 3b 0e | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffdc298a818 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffdc298a744 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffdc298a736 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffdc298a7c0 (length 20) | d7 f1 b2 2c cf 66 77 b7 51 d2 70 ad e6 1f ed 4c | e7 fc c1 e7 | natd_hash: hasher=0x556c4f7c77a0(20) | natd_hash: icookie= 6d 52 27 e4 2d 1d 3b 0e | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= d7 f1 b2 2c cf 66 77 b7 51 d2 70 ad e6 1f ed 4c | natd_hash: hash= e7 fc c1 e7 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data d7 f1 b2 2c cf 66 77 b7 51 d2 70 ad e6 1f ed 4c | Notify data e7 fc c1 e7 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | stop processing: state #5 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #5 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #5 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #5: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #5 to 4294967295 after switching state | Message ID: IKE #5 skipping update_recv as MD is fake | Message ID: sent #5 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "aes128" #5: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 440 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #5) | 6d 52 27 e4 2d 1d 3b 0e 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 a7 21 c3 b3 99 7e 93 8d ce 6f d9 a9 | ea af 33 d5 16 35 97 d2 60 d6 fa 7d 52 cf b9 df | 6f 9b 84 e3 02 14 79 53 9d d6 45 67 1e 78 25 af | fb 9e c5 2e 55 75 02 67 5c bd d8 1d f4 58 9a 11 | b2 22 9f 66 86 ea c4 ed c9 19 32 b1 c5 b8 02 89 | 79 1a b5 07 db 37 d2 e5 72 b4 24 9d f0 26 2b 6b | 65 63 ca 4b de 92 e0 89 3a 61 61 04 6d 31 c5 66 | 5a c8 17 a6 ea 7f bc 2e cf 4b 47 0b bb 18 5f 4e | 5a 48 5e bf c0 77 d8 3c 41 94 57 31 63 76 de 20 | 06 6f 09 d0 62 10 a3 a2 60 c9 7d da b2 e9 d5 d3 | d8 2b c7 03 cd 8a 6d ac 3b 12 d1 7c 5e d1 00 13 | 38 ae 86 7b e4 0d 3d b1 1d cb e0 b0 15 51 4a 62 | 65 b5 90 e7 99 7e ab 58 4c d3 63 4c 5c 41 39 37 | 1b d9 54 2a 52 2c 7a b3 45 aa 6b 82 55 7b ae 44 | ef 9b 9f 7d 22 d9 dc a6 85 65 63 b2 52 11 e7 d9 | 32 94 b8 86 a0 e7 02 e9 f9 00 25 d8 5a c5 b9 a9 | 9d 20 07 38 29 00 00 24 0b c6 33 0a 67 ff b3 97 | 33 e1 32 d0 51 5b 91 7c 57 e3 82 54 5c 1d eb fd | 81 54 66 53 d3 24 6e 90 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 77 27 1a 46 f7 9f e8 82 | 72 8b 8a 4e 6c c1 bf c1 a5 08 de 68 00 00 00 1c | 00 00 40 05 d7 f1 b2 2c cf 66 77 b7 51 d2 70 ad | e6 1f ed 4c e7 fc c1 e7 | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x556c5076b250 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f4564002b20 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x7f4564002b20 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #5 | libevent_malloc: new ptr-libevent@0x556c5076b250 size 128 | #5 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49492.485928 | resume sending helper answer for #5 suppresed complete_v2_state_transition() and stole MD | #5 spent 0.705 milliseconds in resume sending helper answer | stop processing: state #5 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f455c006900 | spent 0.00335 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 6d 52 27 e4 2d 1d 3b 0e 61 91 89 8f 29 8a 8c 00 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 78 9a 89 f6 1c 11 1c 2a 18 15 5f f0 | be a1 9a 53 47 a4 12 ef 4e 75 00 e8 b2 0b 7b 38 | f8 04 ab 5f 98 d0 59 3d 8b 88 e0 f4 e1 a5 4c 18 | fa 18 c8 c7 29 3d c2 de 28 b2 d7 d2 e7 46 72 08 | 0f 39 d5 ed af 88 6b 39 fd fc 83 69 fe e9 c3 ad | 9e 1e b2 ff 14 42 18 e6 57 a1 31 4a 6f a3 b7 4e | 3a 5b ab 9e f2 7f ad 36 33 b0 db 01 69 66 12 07 | ba 36 06 a1 90 44 48 91 72 a9 9d 0d 2e 8f 3e fa | 27 f0 1c 21 83 8d c9 e6 fd 8f 44 b2 fc 35 0e c2 | 9a c9 bc c5 a8 0f 1a 62 65 e9 7a d0 02 11 4f a9 | 2a bd 6f 93 99 7b bf 50 7c e6 42 e1 14 e4 d5 c2 | a0 f5 3a 75 d4 bd 41 30 22 b8 be ea ca c1 5e 6d | 4f 5a 19 47 39 bf 00 37 d5 52 f2 9f 42 f9 3b e7 | e7 bc b3 86 89 ec be 9c 4e e8 f7 8b 71 a1 77 ea | 4c db 53 72 e0 6e 08 0b 55 f8 1d d8 7f 89 34 08 | 7c c7 36 32 c9 97 4c 66 ec b9 29 69 fc 6b 01 e2 | b2 56 10 c0 29 00 00 24 0c 24 3f 43 95 79 67 e6 | fa 6c f3 35 b2 66 bf 6e b0 09 e6 75 e4 c1 1c 0c | cb c7 d5 27 b5 6a 1b 00 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 76 44 35 2b 7d 76 7a 21 | 43 e3 e3 2b e0 97 d5 6c 4b 0a 62 9e 00 00 00 1c | 00 00 40 05 46 b5 af 11 56 78 c0 16 85 91 65 72 | f0 39 79 0f 9d 60 17 85 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 6d 52 27 e4 2d 1d 3b 0e | responder cookie: | 61 91 89 8f 29 8a 8c 00 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #5 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #5 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #5 connection "aes128" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #5 is idle | #5 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | State DB: re-hashing IKEv2 state #5 IKE SPIi and SPI[ir] | #5 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | Now let's proceed with state specific processing | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | ikev2 parent inR1: calculating g^{xy} in order to send I2 | DH public value received: | 78 9a 89 f6 1c 11 1c 2a 18 15 5f f0 be a1 9a 53 | 47 a4 12 ef 4e 75 00 e8 b2 0b 7b 38 f8 04 ab 5f | 98 d0 59 3d 8b 88 e0 f4 e1 a5 4c 18 fa 18 c8 c7 | 29 3d c2 de 28 b2 d7 d2 e7 46 72 08 0f 39 d5 ed | af 88 6b 39 fd fc 83 69 fe e9 c3 ad 9e 1e b2 ff | 14 42 18 e6 57 a1 31 4a 6f a3 b7 4e 3a 5b ab 9e | f2 7f ad 36 33 b0 db 01 69 66 12 07 ba 36 06 a1 | 90 44 48 91 72 a9 9d 0d 2e 8f 3e fa 27 f0 1c 21 | 83 8d c9 e6 fd 8f 44 b2 fc 35 0e c2 9a c9 bc c5 | a8 0f 1a 62 65 e9 7a d0 02 11 4f a9 2a bd 6f 93 | 99 7b bf 50 7c e6 42 e1 14 e4 d5 c2 a0 f5 3a 75 | d4 bd 41 30 22 b8 be ea ca c1 5e 6d 4f 5a 19 47 | 39 bf 00 37 d5 52 f2 9f 42 f9 3b e7 e7 bc b3 86 | 89 ec be 9c 4e e8 f7 8b 71 a1 77 ea 4c db 53 72 | e0 6e 08 0b 55 f8 1d d8 7f 89 34 08 7c c7 36 32 | c9 97 4c 66 ec b9 29 69 fc 6b 01 e2 b2 56 10 c0 | using existing local IKE proposals for connection aes128 (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE initiator (accepting) 1 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..1] of 1 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048[first-match] | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | PRF ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1 | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffdc298a2d0 (length 8) | 6d 52 27 e4 2d 1d 3b 0e | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffdc298a2d8 (length 8) | 61 91 89 8f 29 8a 8c 00 | NATD hash sha digest IP addr-bytes@0x7ffdc298a264 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffdc298a256 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffdc298a2e0 (length 20) | 46 b5 af 11 56 78 c0 16 85 91 65 72 f0 39 79 0f | 9d 60 17 85 | natd_hash: hasher=0x556c4f7c77a0(20) | natd_hash: icookie= 6d 52 27 e4 2d 1d 3b 0e | natd_hash: rcookie= 61 91 89 8f 29 8a 8c 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 46 b5 af 11 56 78 c0 16 85 91 65 72 f0 39 79 0f | natd_hash: hash= 9d 60 17 85 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffdc298a2d0 (length 8) | 6d 52 27 e4 2d 1d 3b 0e | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffdc298a2d8 (length 8) | 61 91 89 8f 29 8a 8c 00 | NATD hash sha digest IP addr-bytes@0x7ffdc298a264 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffdc298a256 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffdc298a300 (length 20) | 76 44 35 2b 7d 76 7a 21 43 e3 e3 2b e0 97 d5 6c | 4b 0a 62 9e | natd_hash: hasher=0x556c4f7c77a0(20) | natd_hash: icookie= 6d 52 27 e4 2d 1d 3b 0e | natd_hash: rcookie= 61 91 89 8f 29 8a 8c 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 76 44 35 2b 7d 76 7a 21 43 e3 e3 2b e0 97 d5 6c | natd_hash: hash= 4b 0a 62 9e | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA1 integ=HMAC_SHA1_96 cipherkey=AES_CBC | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7f455c000d60: transferring ownership from state #5 to helper IKEv2 DH | adding ikev2_inR1outI2 KE work-order 6 for state #5 | state #5 requesting EVENT_RETRANSMIT to be deleted | #5 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x556c5076b250 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f4564002b20 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f4564002b20 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 | libevent_malloc: new ptr-libevent@0x556c5076b250 size 128 | #5 spent 0.389 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() | [RE]START processing: state #5 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #5 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND | suspending state #5 and saving MD | #5 is busy; has a suspended MD | [RE]START processing: state #5 connection "aes128" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) | "aes128" #5 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | stop processing: state #5 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #5 spent 0.722 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.738 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 4 resuming | crypto helper 4 starting work-order 6 for state #5 | crypto helper 4 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 6 | peer's g: 78 9a 89 f6 1c 11 1c 2a 18 15 5f f0 be a1 9a 53 | peer's g: 47 a4 12 ef 4e 75 00 e8 b2 0b 7b 38 f8 04 ab 5f | peer's g: 98 d0 59 3d 8b 88 e0 f4 e1 a5 4c 18 fa 18 c8 c7 | peer's g: 29 3d c2 de 28 b2 d7 d2 e7 46 72 08 0f 39 d5 ed | peer's g: af 88 6b 39 fd fc 83 69 fe e9 c3 ad 9e 1e b2 ff | peer's g: 14 42 18 e6 57 a1 31 4a 6f a3 b7 4e 3a 5b ab 9e | peer's g: f2 7f ad 36 33 b0 db 01 69 66 12 07 ba 36 06 a1 | peer's g: 90 44 48 91 72 a9 9d 0d 2e 8f 3e fa 27 f0 1c 21 | peer's g: 83 8d c9 e6 fd 8f 44 b2 fc 35 0e c2 9a c9 bc c5 | peer's g: a8 0f 1a 62 65 e9 7a d0 02 11 4f a9 2a bd 6f 93 | peer's g: 99 7b bf 50 7c e6 42 e1 14 e4 d5 c2 a0 f5 3a 75 | peer's g: d4 bd 41 30 22 b8 be ea ca c1 5e 6d 4f 5a 19 47 | peer's g: 39 bf 00 37 d5 52 f2 9f 42 f9 3b e7 e7 bc b3 86 | peer's g: 89 ec be 9c 4e e8 f7 8b 71 a1 77 ea 4c db 53 72 | peer's g: e0 6e 08 0b 55 f8 1d d8 7f 89 34 08 7c c7 36 32 | peer's g: c9 97 4c 66 ec b9 29 69 fc 6b 01 e2 b2 56 10 c0 | Started DH shared-secret computation in NSS: | new : g_ir-key@0x7f456000d640 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7f455c000d60: computed shared DH secret key@0x7f456000d640 | dh-shared : g^ir-key@0x7f456000d640 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha integ=sha cipherkey-size=16 salt-size=0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha init Ni | Nr-chunk@0x7f4550001ef0 (length 64) | 0b c6 33 0a 67 ff b3 97 33 e1 32 d0 51 5b 91 7c | 57 e3 82 54 5c 1d eb fd 81 54 66 53 d3 24 6e 90 | 0c 24 3f 43 95 79 67 e6 fa 6c f3 35 b2 66 bf 6e | b0 09 e6 75 e4 c1 1c 0c cb c7 d5 27 b5 6a 1b 00 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4570d99670 | result: Ni | Nr-key@0x556c5074eb00 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x556c5074eb00 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570d99658 | result: Ni | Nr-key@0x7f456000a510 (64-bytes, SHA_1_HMAC) | Ni | Nr: release tmp-key@0x556c5074eb00 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha context 0x7f4550002e80 from Ni | Nr-key@0x7f456000a510 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha with context 0x7f4550002e80 from Ni | Nr-key@0x7f456000a510 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x7f456000a510 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha crypt-prf@0x7f45500016b0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha update g^ir-key@0x7f456000d640 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x7f456000d640 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x7f456000d640 | nss hmac digest hack: symkey-key@0x7f456000d640 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)1893307088: 4b ffffffd9 53 ffffffb6 1c ffffffdb ffffff94 ffffff9f 46 ffffffd9 48 ffffffd5 48 02 ffffffc3 ffffffe5 ffffff80 53 ffffffa2 ffffff84 ffffffdb ffffff84 ffffffea 50 70 47 75 ffffff9d 2e 34 7c 5c ffffff92 ffffffe7 ffffffb8 24 11 03 ffffffa9 04 ffffff85 ffffffe5 ffffff85 63 20 7b ffffffd4 6c ffffffb0 ffffff89 27 29 ffffffba 5a 1b 75 6f 16 ffffffb7 71 ffffffe2 24 4f 65 26 ffffffaf 69 ffffffbf 43 4d 30 ffffff8e ffffffce ffffffe0 ffffffee 18 ffffffa3 4a 1a 2b ffffffa2 45 77 14 ffffff86 2f ffffffdd ffffff80 ffffffb3 ffffffc3 72 08 41 77 ffffffe9 7b ffffffce 09 ffffffb9 1c ffffff80 0b 78 49 ffffff86 fffffff2 ffffffec 35 ffffffc3 7d 28 0b fffffff3 0a ffffff8b ffffffb3 1f 32 ffffffca ffffffe7 ffffffd1 1f 63 ffffffea 65 ffffffcb ffffff9c ffffff80 ffffffc5 4e 62 fffffff2 71 ffffffbd 11 7a ffffffc1 ffffffd7 ffffffc5 4d 12 ffffff98 ffffffb2 ffffffbd ffffff93 ffffffef fffffff3 ffffff8c ffffff9f 42 6d 53 21 ffffffea 63 ffffffb3 ffffffa0 34 20 fffff | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 256 bytes at 0x7f4550003dd0 | unwrapped: 77 2d 6c 28 4c 5d 4a 36 0d 48 fc e4 6e 0a df 3a | unwrapped: b9 57 d3 38 0f 52 ad 25 f8 8c e6 4a bc 16 51 4c | unwrapped: bb 91 fd d0 a4 cd cd 73 9b 0a dc 39 13 98 13 2a | unwrapped: 7f ee f0 3f 14 6f 3e b5 b0 27 0f 73 80 ee f0 3b | unwrapped: 24 52 b7 c0 a7 a8 39 a9 21 83 dc 9f 60 2a 90 d1 | unwrapped: a5 7a 92 cc a6 f7 d2 f6 81 e0 c6 e9 bc 4e 81 b0 | unwrapped: 1c 0a dc 24 09 28 cc 8d 1c d5 b2 d6 3a ab 86 e3 | unwrapped: 83 5a f4 7b d0 c8 df 0f 54 c3 08 b5 4d 3d 52 0a | unwrapped: 3f be a5 2f a2 01 2e eb 2b 9e 8b 99 c5 09 c7 23 | unwrapped: e3 8e e2 4c 91 68 1e b1 64 fa f6 04 f8 e0 03 9a | unwrapped: aa 8f 79 6a 71 d4 e1 6b ea 01 12 67 a3 f6 92 08 | unwrapped: 6b 9b 3f 37 bb b8 a1 20 cf 21 9b 86 01 37 de 58 | unwrapped: 06 96 5a 00 70 d4 48 cb 1f 2c dc fc 1a 85 2f 84 | unwrapped: 65 f8 6f f1 71 27 e8 92 9e b0 b8 f3 af 50 4f 48 | unwrapped: 40 b0 8a 5e 31 0a f5 8c d0 3d b9 ed b1 79 ac 00 | unwrapped: f4 95 b4 58 c9 c9 70 e4 c4 66 e1 be c5 ce 4d 27 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4570d99690 | result: final-key@0x556c5074eb00 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c5074eb00 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570d99678 | result: final-key@0x7f456000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c5074eb00 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha final-key@0x7f456000a510 (size 20) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x7f456000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4570d99600 | result: data=Ni-key@0x556c5075ae20 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x556c5075ae20 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570d995e8 | result: data=Ni-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x556c5075ae20 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f4570d995f0 | result: data+=Nr-key@0x556c5075ae20 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x556c5074eb00 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c5075ae20 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f4570d995f0 | result: data+=SPIi-key@0x556c5074eb00 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x556c5075ae20 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c5074eb00 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f4570d995f0 | result: data+=SPIr-key@0x556c5075ae20 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x556c5074eb00 | prf+0 PRF sha init key-key@0x7f456000a510 (size 20) | prf+0: key-key@0x7f456000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f456000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570d99518 | result: clone-key@0x556c5074eb00 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f4550002e80 from key-key@0x556c5074eb00 | prf+0 prf: begin sha with context 0x7f4550002e80 from key-key@0x556c5074eb00 | prf+0: release clone-key@0x556c5074eb00 | prf+0 PRF sha crypt-prf@0x7f45500018a0 | prf+0 PRF sha update seed-key@0x556c5075ae20 (size 80) | prf+0: seed-key@0x556c5075ae20 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x556c5075ae20 | nss hmac digest hack: symkey-key@0x556c5075ae20 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1893306720: 4a ffffffe0 14 13 30 0b fffffff7 57 ffffff8f 64 45 2f fffffff0 6e 76 55 38 47 5d 51 5b 20 3f ffffffb9 0b 1c fffffffb ffffffe3 ffffffc1 ffffffe5 ffffffe0 ffffff91 6a 69 ffffffd9 54 0b 2a ffffff84 5b ffffffa0 0d ffffffa9 00 ffffffed ffffffe9 ffffff99 02 fffffff0 fffffff7 ffffffbe ffffff8c ffffff8d 32 ffffffb4 ffffffab 1d 28 ffffffdf ffffff9f ffffff93 32 ffffffa9 ffffffc5 05 ffffffee ffffffcb 56 1d 5e fffffffb fffffffc ffffffcb ffffffdc 44 3f 72 fffffff0 fffffff0 3d | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 80 bytes at 0x7f4550005150 | unwrapped: 0b c6 33 0a 67 ff b3 97 33 e1 32 d0 51 5b 91 7c | unwrapped: 57 e3 82 54 5c 1d eb fd 81 54 66 53 d3 24 6e 90 | unwrapped: 0c 24 3f 43 95 79 67 e6 fa 6c f3 35 b2 66 bf 6e | unwrapped: b0 09 e6 75 e4 c1 1c 0c cb c7 d5 27 b5 6a 1b 00 | unwrapped: 6d 52 27 e4 2d 1d 3b 0e 61 91 89 8f 29 8a 8c 00 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4570d99520 | result: final-key@0x556c507543d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c507543d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570d99508 | result: final-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c507543d0 | prf+0 PRF sha final-key@0x556c5074eb00 (size 20) | prf+0: key-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x556c5074eb00 | prf+N PRF sha init key-key@0x7f456000a510 (size 20) | prf+N: key-key@0x7f456000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f456000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570d99518 | result: clone-key@0x556c507543d0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f4550002e80 from key-key@0x556c507543d0 | prf+N prf: begin sha with context 0x7f4550002e80 from key-key@0x556c507543d0 | prf+N: release clone-key@0x556c507543d0 | prf+N PRF sha crypt-prf@0x7f4550001f40 | prf+N PRF sha update old_t-key@0x556c5074eb00 (size 20) | prf+N: old_t-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x556c5074eb00 | nss hmac digest hack: symkey-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1893306720: ffffffc8 17 ffffffc2 7f ffffffb2 60 fffffffe ffffff92 27 ffffffaa ffffffcf 64 55 fffffff9 6c ffffff8c 5e 7a 32 ffffff8f 4c fffffff5 ffffffa0 ffffffec 0d ffffffc3 ffffffc4 ffffffd9 ffffff9f 05 62 fffffff0 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x7f45500051b0 | unwrapped: 34 1c fb 10 66 72 c7 aa 43 d7 bd e2 92 45 49 47 | unwrapped: 54 00 f0 b6 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x556c5075ae20 (size 80) | prf+N: seed-key@0x556c5075ae20 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x556c5075ae20 | nss hmac digest hack: symkey-key@0x556c5075ae20 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1893306720: 4a ffffffe0 14 13 30 0b fffffff7 57 ffffff8f 64 45 2f fffffff0 6e 76 55 38 47 5d 51 5b 20 3f ffffffb9 0b 1c fffffffb ffffffe3 ffffffc1 ffffffe5 ffffffe0 ffffff91 6a 69 ffffffd9 54 0b 2a ffffff84 5b ffffffa0 0d ffffffa9 00 ffffffed ffffffe9 ffffff99 02 fffffff0 fffffff7 ffffffbe ffffff8c ffffff8d 32 ffffffb4 ffffffab 1d 28 ffffffdf ffffff9f ffffff93 32 ffffffa9 ffffffc5 05 ffffffee ffffffcb 56 1d 5e fffffffb fffffffc ffffffcb ffffffdc 44 3f 72 fffffff0 fffffff0 3d | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 80 bytes at 0x7f45500050f0 | unwrapped: 0b c6 33 0a 67 ff b3 97 33 e1 32 d0 51 5b 91 7c | unwrapped: 57 e3 82 54 5c 1d eb fd 81 54 66 53 d3 24 6e 90 | unwrapped: 0c 24 3f 43 95 79 67 e6 fa 6c f3 35 b2 66 bf 6e | unwrapped: b0 09 e6 75 e4 c1 1c 0c cb c7 d5 27 b5 6a 1b 00 | unwrapped: 6d 52 27 e4 2d 1d 3b 0e 61 91 89 8f 29 8a 8c 00 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4570d99520 | result: final-key@0x556c5074d280 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c5074d280 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570d99508 | result: final-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c5074d280 | prf+N PRF sha final-key@0x556c507543d0 (size 20) | prf+N: key-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4570d99598 | result: result-key@0x556c5074d280 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x556c5074eb00 | prfplus: release old_t[N]-key@0x556c5074eb00 | prf+N PRF sha init key-key@0x7f456000a510 (size 20) | prf+N: key-key@0x7f456000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f456000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570d99518 | result: clone-key@0x556c5074eb00 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f4550002e80 from key-key@0x556c5074eb00 | prf+N prf: begin sha with context 0x7f4550002e80 from key-key@0x556c5074eb00 | prf+N: release clone-key@0x556c5074eb00 | prf+N PRF sha crypt-prf@0x7f4550001270 | prf+N PRF sha update old_t-key@0x556c507543d0 (size 20) | prf+N: old_t-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x556c507543d0 | nss hmac digest hack: symkey-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1893306720: ffffffff 04 22 22 ffffffef ffffffde 2f ffffff88 7a ffffff9d 36 2e 5d ffffffcf ffffffa5 ffffffdd 65 ffffffe4 58 72 0a 7e ffffffde 03 ffffff9e ffffff9b ffffffa3 fffffffd 4a ffffffff 34 ffffffc0 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x7f4550005cd0 | unwrapped: 23 88 ba 01 5c 0c 0c d6 83 44 02 6a b8 e4 0f 4e | unwrapped: 17 9f bc 36 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x556c5075ae20 (size 80) | prf+N: seed-key@0x556c5075ae20 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x556c5075ae20 | nss hmac digest hack: symkey-key@0x556c5075ae20 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1893306720: 4a ffffffe0 14 13 30 0b fffffff7 57 ffffff8f 64 45 2f fffffff0 6e 76 55 38 47 5d 51 5b 20 3f ffffffb9 0b 1c fffffffb ffffffe3 ffffffc1 ffffffe5 ffffffe0 ffffff91 6a 69 ffffffd9 54 0b 2a ffffff84 5b ffffffa0 0d ffffffa9 00 ffffffed ffffffe9 ffffff99 02 fffffff0 fffffff7 ffffffbe ffffff8c ffffff8d 32 ffffffb4 ffffffab 1d 28 ffffffdf ffffff9f ffffff93 32 ffffffa9 ffffffc5 05 ffffffee ffffffcb 56 1d 5e fffffffb fffffffc ffffffcb ffffffdc 44 3f 72 fffffff0 fffffff0 3d | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 80 bytes at 0x7f4550005090 | unwrapped: 0b c6 33 0a 67 ff b3 97 33 e1 32 d0 51 5b 91 7c | unwrapped: 57 e3 82 54 5c 1d eb fd 81 54 66 53 d3 24 6e 90 | unwrapped: 0c 24 3f 43 95 79 67 e6 fa 6c f3 35 b2 66 bf 6e | unwrapped: b0 09 e6 75 e4 c1 1c 0c cb c7 d5 27 b5 6a 1b 00 | unwrapped: 6d 52 27 e4 2d 1d 3b 0e 61 91 89 8f 29 8a 8c 00 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4570d99520 | result: final-key@0x556c50757800 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c50757800 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570d99508 | result: final-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c50757800 | prf+N PRF sha final-key@0x556c5074eb00 (size 20) | prf+N: key-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c5074d280 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4570d99598 | result: result-key@0x556c50757800 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x556c5074d280 | prfplus: release old_t[N]-key@0x556c507543d0 | prf+N PRF sha init key-key@0x7f456000a510 (size 20) | prf+N: key-key@0x7f456000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f456000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570d99518 | result: clone-key@0x556c507543d0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f4550002e80 from key-key@0x556c507543d0 | prf+N prf: begin sha with context 0x7f4550002e80 from key-key@0x556c507543d0 | prf+N: release clone-key@0x556c507543d0 | prf+N PRF sha crypt-prf@0x7f4550002010 | prf+N PRF sha update old_t-key@0x556c5074eb00 (size 20) | prf+N: old_t-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x556c5074eb00 | nss hmac digest hack: symkey-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1893306720: ffffffbd 08 28 ffffffdf ffffffe5 49 fffffff0 ffffffae ffffffbd 34 45 ffffffef fffffff6 3c ffffffe2 ffffff83 ffffffac ffffff92 60 43 11 75 ffffffd6 03 ffffffd5 ffffffe2 ffffff87 ffffffc9 fffffffd ffffffa0 ffffffa3 04 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x7f4550005cd0 | unwrapped: 82 b7 84 9f ee 71 66 56 6b f6 fd 87 31 ed a7 38 | unwrapped: 42 19 9b 5f 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x556c5075ae20 (size 80) | prf+N: seed-key@0x556c5075ae20 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x556c5075ae20 | nss hmac digest hack: symkey-key@0x556c5075ae20 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1893306720: 4a ffffffe0 14 13 30 0b fffffff7 57 ffffff8f 64 45 2f fffffff0 6e 76 55 38 47 5d 51 5b 20 3f ffffffb9 0b 1c fffffffb ffffffe3 ffffffc1 ffffffe5 ffffffe0 ffffff91 6a 69 ffffffd9 54 0b 2a ffffff84 5b ffffffa0 0d ffffffa9 00 ffffffed ffffffe9 ffffff99 02 fffffff0 fffffff7 ffffffbe ffffff8c ffffff8d 32 ffffffb4 ffffffab 1d 28 ffffffdf ffffff9f ffffff93 32 ffffffa9 ffffffc5 05 ffffffee ffffffcb 56 1d 5e fffffffb fffffffc ffffffcb ffffffdc 44 3f 72 fffffff0 fffffff0 3d | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 80 bytes at 0x7f4550005030 | unwrapped: 0b c6 33 0a 67 ff b3 97 33 e1 32 d0 51 5b 91 7c | unwrapped: 57 e3 82 54 5c 1d eb fd 81 54 66 53 d3 24 6e 90 | unwrapped: 0c 24 3f 43 95 79 67 e6 fa 6c f3 35 b2 66 bf 6e | unwrapped: b0 09 e6 75 e4 c1 1c 0c cb c7 d5 27 b5 6a 1b 00 | unwrapped: 6d 52 27 e4 2d 1d 3b 0e 61 91 89 8f 29 8a 8c 00 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4570d99520 | result: final-key@0x556c5074d280 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c5074d280 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570d99508 | result: final-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c5074d280 | prf+N PRF sha final-key@0x556c507543d0 (size 20) | prf+N: key-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c50757800 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4570d99598 | result: result-key@0x556c5074d280 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x556c50757800 | prfplus: release old_t[N]-key@0x556c5074eb00 | prf+N PRF sha init key-key@0x7f456000a510 (size 20) | prf+N: key-key@0x7f456000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f456000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570d99518 | result: clone-key@0x556c5074eb00 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f4550002e80 from key-key@0x556c5074eb00 | prf+N prf: begin sha with context 0x7f4550002e80 from key-key@0x556c5074eb00 | prf+N: release clone-key@0x556c5074eb00 | prf+N PRF sha crypt-prf@0x7f4550001270 | prf+N PRF sha update old_t-key@0x556c507543d0 (size 20) | prf+N: old_t-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x556c507543d0 | nss hmac digest hack: symkey-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1893306720: 33 75 67 fffffffb ffffffb3 77 ffffffa1 fffffffe 03 0a 62 27 56 ffffffdc ffffffb5 ffffffc1 ffffffa4 0d ffffffa3 ffffffa0 ffffffd7 fffffffb ffffff8e ffffffe6 1a fffffff3 ffffff8a ffffffe6 13 3e 5a 26 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x7f4550005c30 | unwrapped: b1 97 33 83 f6 f1 ab 44 89 03 f3 95 f9 a2 a1 0f | unwrapped: 7f 87 33 9c 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x556c5075ae20 (size 80) | prf+N: seed-key@0x556c5075ae20 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x556c5075ae20 | nss hmac digest hack: symkey-key@0x556c5075ae20 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1893306720: 4a ffffffe0 14 13 30 0b fffffff7 57 ffffff8f 64 45 2f fffffff0 6e 76 55 38 47 5d 51 5b 20 3f ffffffb9 0b 1c fffffffb ffffffe3 ffffffc1 ffffffe5 ffffffe0 ffffff91 6a 69 ffffffd9 54 0b 2a ffffff84 5b ffffffa0 0d ffffffa9 00 ffffffed ffffffe9 ffffff99 02 fffffff0 fffffff7 ffffffbe ffffff8c ffffff8d 32 ffffffb4 ffffffab 1d 28 ffffffdf ffffff9f ffffff93 32 ffffffa9 ffffffc5 05 ffffffee ffffffcb 56 1d 5e fffffffb fffffffc ffffffcb ffffffdc 44 3f 72 fffffff0 fffffff0 3d | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 80 bytes at 0x7f4550005e20 | unwrapped: 0b c6 33 0a 67 ff b3 97 33 e1 32 d0 51 5b 91 7c | unwrapped: 57 e3 82 54 5c 1d eb fd 81 54 66 53 d3 24 6e 90 | unwrapped: 0c 24 3f 43 95 79 67 e6 fa 6c f3 35 b2 66 bf 6e | unwrapped: b0 09 e6 75 e4 c1 1c 0c cb c7 d5 27 b5 6a 1b 00 | unwrapped: 6d 52 27 e4 2d 1d 3b 0e 61 91 89 8f 29 8a 8c 00 | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4570d99520 | result: final-key@0x556c50757800 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c50757800 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570d99508 | result: final-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c50757800 | prf+N PRF sha final-key@0x556c5074eb00 (size 20) | prf+N: key-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c5074d280 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4570d99598 | result: result-key@0x556c50757800 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x556c5074d280 | prfplus: release old_t[N]-key@0x556c507543d0 | prf+N PRF sha init key-key@0x7f456000a510 (size 20) | prf+N: key-key@0x7f456000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f456000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570d99518 | result: clone-key@0x556c507543d0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f4550005b80 from key-key@0x556c507543d0 | prf+N prf: begin sha with context 0x7f4550005b80 from key-key@0x556c507543d0 | prf+N: release clone-key@0x556c507543d0 | prf+N PRF sha crypt-prf@0x7f4550002010 | prf+N PRF sha update old_t-key@0x556c5074eb00 (size 20) | prf+N: old_t-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x556c5074eb00 | nss hmac digest hack: symkey-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1893306720: ffffffe2 ffffffe3 ffffffba ffffff97 4d 1c fffffffa 0f 6c 5c fffffffd 0c ffffffa9 ffffffd4 fffffff0 44 46 58 34 ffffffd9 ffffffd2 ffffffe4 6f ffffffc8 7e 5e ffffff9c 77 1c 6a 22 ffffff9c | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x7f4550005cd0 | unwrapped: 21 44 a8 99 11 9f cf b0 dd 2d b1 79 cc 77 7d 89 | unwrapped: 7c 15 1e 13 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x556c5075ae20 (size 80) | prf+N: seed-key@0x556c5075ae20 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x556c5075ae20 | nss hmac digest hack: symkey-key@0x556c5075ae20 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1893306720: 4a ffffffe0 14 13 30 0b fffffff7 57 ffffff8f 64 45 2f fffffff0 6e 76 55 38 47 5d 51 5b 20 3f ffffffb9 0b 1c fffffffb ffffffe3 ffffffc1 ffffffe5 ffffffe0 ffffff91 6a 69 ffffffd9 54 0b 2a ffffff84 5b ffffffa0 0d ffffffa9 00 ffffffed ffffffe9 ffffff99 02 fffffff0 fffffff7 ffffffbe ffffff8c ffffff8d 32 ffffffb4 ffffffab 1d 28 ffffffdf ffffff9f ffffff93 32 ffffffa9 ffffffc5 05 ffffffee ffffffcb 56 1d 5e fffffffb fffffffc ffffffcb ffffffdc 44 3f 72 fffffff0 fffffff0 3d | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 80 bytes at 0x7f45500050f0 | unwrapped: 0b c6 33 0a 67 ff b3 97 33 e1 32 d0 51 5b 91 7c | unwrapped: 57 e3 82 54 5c 1d eb fd 81 54 66 53 d3 24 6e 90 | unwrapped: 0c 24 3f 43 95 79 67 e6 fa 6c f3 35 b2 66 bf 6e | unwrapped: b0 09 e6 75 e4 c1 1c 0c cb c7 d5 27 b5 6a 1b 00 | unwrapped: 6d 52 27 e4 2d 1d 3b 0e 61 91 89 8f 29 8a 8c 00 | prf+N PRF sha update N++-byte@0x6 (6) | 06 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4570d99520 | result: final-key@0x556c5074d280 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c5074d280 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570d99508 | result: final-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c5074d280 | prf+N PRF sha final-key@0x556c507543d0 (size 20) | prf+N: key-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c50757800 (100-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4570d99598 | result: result-key@0x556c5074d280 (120-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x556c50757800 | prfplus: release old_t[N]-key@0x556c5074eb00 | prf+N PRF sha init key-key@0x7f456000a510 (size 20) | prf+N: key-key@0x7f456000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f456000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570d99518 | result: clone-key@0x556c5074eb00 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f4550002e80 from key-key@0x556c5074eb00 | prf+N prf: begin sha with context 0x7f4550002e80 from key-key@0x556c5074eb00 | prf+N: release clone-key@0x556c5074eb00 | prf+N PRF sha crypt-prf@0x7f4550001270 | prf+N PRF sha update old_t-key@0x556c507543d0 (size 20) | prf+N: old_t-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x556c507543d0 | nss hmac digest hack: symkey-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1893306720: 65 ffffffa8 48 ffffffe7 5f ffffff8a ffffffb6 65 ffffffb4 62 78 7f ffffffd3 09 62 49 fffffffa 33 74 ffffffa2 ffffffa5 62 ffffff98 ffffffa6 20 3c ffffffcb 2f ffffff92 ffffff8d 38 6c | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x7f4550005f00 | unwrapped: c5 35 8e f7 b7 14 8c ba fa 64 fc 27 70 32 3e 0e | unwrapped: 3c a0 8e 52 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x556c5075ae20 (size 80) | prf+N: seed-key@0x556c5075ae20 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x556c5075ae20 | nss hmac digest hack: symkey-key@0x556c5075ae20 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1893306720: 4a ffffffe0 14 13 30 0b fffffff7 57 ffffff8f 64 45 2f fffffff0 6e 76 55 38 47 5d 51 5b 20 3f ffffffb9 0b 1c fffffffb ffffffe3 ffffffc1 ffffffe5 ffffffe0 ffffff91 6a 69 ffffffd9 54 0b 2a ffffff84 5b ffffffa0 0d ffffffa9 00 ffffffed ffffffe9 ffffff99 02 fffffff0 fffffff7 ffffffbe ffffff8c ffffff8d 32 ffffffb4 ffffffab 1d 28 ffffffdf ffffff9f ffffff93 32 ffffffa9 ffffffc5 05 ffffffee ffffffcb 56 1d 5e fffffffb fffffffc ffffffcb ffffffdc 44 3f 72 fffffff0 fffffff0 3d | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 80 bytes at 0x7f4550005e20 | unwrapped: 0b c6 33 0a 67 ff b3 97 33 e1 32 d0 51 5b 91 7c | unwrapped: 57 e3 82 54 5c 1d eb fd 81 54 66 53 d3 24 6e 90 | unwrapped: 0c 24 3f 43 95 79 67 e6 fa 6c f3 35 b2 66 bf 6e | unwrapped: b0 09 e6 75 e4 c1 1c 0c cb c7 d5 27 b5 6a 1b 00 | unwrapped: 6d 52 27 e4 2d 1d 3b 0e 61 91 89 8f 29 8a 8c 00 | prf+N PRF sha update N++-byte@0x7 (7) | 07 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4570d99520 | result: final-key@0x556c50757800 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c50757800 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570d99508 | result: final-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c50757800 | prf+N PRF sha final-key@0x556c5074eb00 (size 20) | prf+N: key-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c5074d280 (120-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4570d99598 | result: result-key@0x556c50757800 (140-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x556c5074d280 | prfplus: release old_t[N]-key@0x556c507543d0 | prfplus: release old_t[final]-key@0x556c5074eb00 | ike_sa_keymat: release data-key@0x556c5075ae20 | calc_skeyseed_v2: release skeyseed_k-key@0x7f456000a510 | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c50757800 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570d99738 | result: result-key@0x7f456000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 20, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c50757800 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570d99738 | result: result-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 40, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c50757800 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570d99738 | result: result-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 60, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x556c50757800 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570d99748 | result: SK_ei_k-key@0x556c507543d0 (16-bytes, AES_CBC) | initiator salt NULL key has no bytes | calc_skeyseed_v2: release initiator-salt-key-key@NULL | key-offset: 76, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x556c50757800 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570d99748 | result: SK_er_k-key@0x556c5074d280 (16-bytes, AES_CBC) | responder salt NULL key has no bytes | calc_skeyseed_v2: release responder-salt-key-key@NULL | key-offset: 92, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c50757800 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570d99748 | result: result-key@0x556c507594c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 20 bytes of key@0x556c507594c0 | chunk_SK_pi: symkey-key@0x556c507594c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1717986918: ffffffa0 ffffffd9 34 4c ffffff92 ffffffed 3a 0f 55 ffffff81 46 3b fffffff3 ffffffe8 67 61 38 65 4d ffffffa0 7a ffffffed 5b 5b 49 ffffffc7 0f 37 ffffff8f 4b fffffff0 51 | chunk_SK_pi: release slot-key-key@0x556c50750fd0 | chunk_SK_pi extracted len 32 bytes at 0x7f45500062f0 | unwrapped: cc 77 7d 89 7c 15 1e 13 c5 35 8e f7 b7 14 8c ba | unwrapped: fa 64 fc 27 00 00 00 00 00 00 00 00 00 00 00 00 | key-offset: 112, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c50757800 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570d99748 | result: result-key@0x556c5076d180 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 20 bytes of key@0x556c5076d180 | chunk_SK_pr: symkey-key@0x556c5076d180 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1717986918: 48 ffffffe8 29 05 ffffffdd ffffffcd ffffff9a ffffffad ffffff9d 5b ffffffd6 ffffffa3 ffffff8d ffffffa6 fffffff7 ffffffcc ffffff96 ffffffb8 ffffffc4 ffffffdc 6b ffffffa3 0b ffffffa3 73 ffffffd8 5a fffffff8 ffffff82 0a ffffffdf ffffff92 | chunk_SK_pr: release slot-key-key@0x556c50750fd0 | chunk_SK_pr extracted len 32 bytes at 0x7f4550006320 | unwrapped: 70 32 3e 0e 3c a0 8e 52 07 4f 53 5d d8 30 ea 3d | unwrapped: 79 e7 e5 8f 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x556c50757800 | calc_skeyseed_v2 pointers: shared-key@0x7f456000d640, SK_d-key@0x7f456000a510, SK_ai-key@0x556c5075ae20, SK_ar-key@0x556c5074eb00, SK_ei-key@0x556c507543d0, SK_er-key@0x556c5074d280, SK_pi-key@0x556c507594c0, SK_pr-key@0x556c5076d180 | calc_skeyseed_v2 initiator salt | | calc_skeyseed_v2 responder salt | | calc_skeyseed_v2 SK_pi | cc 77 7d 89 7c 15 1e 13 c5 35 8e f7 b7 14 8c ba | fa 64 fc 27 | calc_skeyseed_v2 SK_pr | 70 32 3e 0e 3c a0 8e 52 07 4f 53 5d d8 30 ea 3d | 79 e7 e5 8f | crypto helper 4 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 6 time elapsed 0.004196 seconds | (#5) spent 4.17 milliseconds in crypto helper computing work-order 6: ikev2_inR1outI2 KE (pcr) | crypto helper 4 sending results from work-order 6 for state #5 to event queue | scheduling resume sending helper answer for #5 | libevent_malloc: new ptr-libevent@0x7f45500060f0 size 128 | crypto helper 4 waiting (nothing to do) | processing resume sending helper answer for #5 | start processing: state #5 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 4 replies to request ID 6 | calling continuation function 0x556c4f6f1630 | ikev2_parent_inR1outI2_continue for #5: calculating g^{xy}, sending I2 | DH secret MODP2048@0x7f455c000d60: transferring ownership from helper IKEv2 DH to state #5 | finish_dh_v2: release st_shared_nss-key@NULL | creating state object #6 at 0x556c50773050 | State DB: adding IKEv2 state #6 in UNDEFINED | pstats #6 ikev2.child started | duplicating state object #5 "aes128" as #6 for IPSEC SA | #6 setting local endpoint to 192.1.2.45:500 from #5.st_localport (in duplicate_state() at state.c:1481) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x7f456000a510 | duplicate_state: reference st_skey_ai_nss-key@0x556c5075ae20 | duplicate_state: reference st_skey_ar_nss-key@0x556c5074eb00 | duplicate_state: reference st_skey_ei_nss-key@0x556c507543d0 | duplicate_state: reference st_skey_er_nss-key@0x556c5074d280 | duplicate_state: reference st_skey_pi_nss-key@0x556c507594c0 | duplicate_state: reference st_skey_pr_nss-key@0x556c5076d180 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #5.#6; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #5 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 | Message ID: switch-to #5.#6 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x556c5076b250 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f4564002b20 | event_schedule: new EVENT_SA_REPLACE-pe@0x7f4564002b20 | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #5 | libevent_malloc: new ptr-libevent@0x556c5076b250 size 128 | parent state #5: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) | **emit ISAKMP Message: | initiator cookie: | 6d 52 27 e4 2d 1d 3b 0e | responder cookie: | 61 91 89 8f 29 8a 8c 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK | IDr payload will be sent | hmac PRF sha init symkey-key@0x556c507594c0 (size 20) | hmac: symkey-key@0x556c507594c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c507594c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a288 | result: clone-key@0x556c50757800 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x556c50750530 from symkey-key@0x556c50757800 | hmac prf: begin sha with context 0x556c50750530 from symkey-key@0x556c50757800 | hmac: release clone-key@0x556c50757800 | hmac PRF sha crypt-prf@0x556c5076aef0 | ****emit IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload | my identity 77 65 73 74 | emitting length of IKEv2 Identification - Initiator - Payload: 12 | idhash calc I2 02 00 00 00 77 65 73 74 | hmac PRF sha update data-bytes@0x556c4f7f0974 (length 8) | 02 00 00 00 77 65 73 74 | hmac PRF sha final-bytes@0x7ffdc298a820 (length 20) | e5 db 7b 48 4e 5f c4 0c d3 53 5d f6 15 62 c8 b4 | ef 39 36 ab | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload | IDr 65 61 73 74 | emitting length of IKEv2 Identification - Responder - Payload: 12 | not sending INITIAL_CONTACT | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | auth method: IKEv2_AUTH_SHARED (0x2) | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_PSK | 1: compared key @east to @west / @east -> 004 | 2: compared key @west to @west / @east -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x556c5075d550 (line=1) | concluding with best_match=014 best=0x556c5075d550 (lineno=1) | inputs to hash1 (first packet) | 6d 52 27 e4 2d 1d 3b 0e 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 a7 21 c3 b3 99 7e 93 8d ce 6f d9 a9 | ea af 33 d5 16 35 97 d2 60 d6 fa 7d 52 cf b9 df | 6f 9b 84 e3 02 14 79 53 9d d6 45 67 1e 78 25 af | fb 9e c5 2e 55 75 02 67 5c bd d8 1d f4 58 9a 11 | b2 22 9f 66 86 ea c4 ed c9 19 32 b1 c5 b8 02 89 | 79 1a b5 07 db 37 d2 e5 72 b4 24 9d f0 26 2b 6b | 65 63 ca 4b de 92 e0 89 3a 61 61 04 6d 31 c5 66 | 5a c8 17 a6 ea 7f bc 2e cf 4b 47 0b bb 18 5f 4e | 5a 48 5e bf c0 77 d8 3c 41 94 57 31 63 76 de 20 | 06 6f 09 d0 62 10 a3 a2 60 c9 7d da b2 e9 d5 d3 | d8 2b c7 03 cd 8a 6d ac 3b 12 d1 7c 5e d1 00 13 | 38 ae 86 7b e4 0d 3d b1 1d cb e0 b0 15 51 4a 62 | 65 b5 90 e7 99 7e ab 58 4c d3 63 4c 5c 41 39 37 | 1b d9 54 2a 52 2c 7a b3 45 aa 6b 82 55 7b ae 44 | ef 9b 9f 7d 22 d9 dc a6 85 65 63 b2 52 11 e7 d9 | 32 94 b8 86 a0 e7 02 e9 f9 00 25 d8 5a c5 b9 a9 | 9d 20 07 38 29 00 00 24 0b c6 33 0a 67 ff b3 97 | 33 e1 32 d0 51 5b 91 7c 57 e3 82 54 5c 1d eb fd | 81 54 66 53 d3 24 6e 90 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 77 27 1a 46 f7 9f e8 82 | 72 8b 8a 4e 6c c1 bf c1 a5 08 de 68 00 00 00 1c | 00 00 40 05 d7 f1 b2 2c cf 66 77 b7 51 d2 70 ad | e6 1f ed 4c e7 fc c1 e7 | create: initiator inputs to hash2 (responder nonce) | 0c 24 3f 43 95 79 67 e6 fa 6c f3 35 b2 66 bf 6e | b0 09 e6 75 e4 c1 1c 0c cb c7 d5 27 b5 6a 1b 00 | idhash e5 db 7b 48 4e 5f c4 0c d3 53 5d f6 15 62 c8 b4 | idhash ef 39 36 ab | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x556c50767d30 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298a080 | result: shared secret-key@0x7f4568006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x7f4568006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a068 | result: shared secret-key@0x556c50757800 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x7f4568006900 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x556c50750530 from shared secret-key@0x556c50757800 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x556c50750530 from shared secret-key@0x556c50757800 | = prf(,"Key Pad for IKEv2"): release clone-key@0x556c50757800 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x556c5076b210 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x556c4f784bb0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298a0a0 | result: final-key@0x7f4568006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f4568006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a088 | result: final-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f4568006900 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x556c50757800 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x556c50757800 (size 20) | = prf(, ): -key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a098 | result: clone-key@0x7f4568006900 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x556c50750530 from -key@0x7f4568006900 | = prf(, ) prf: begin sha with context 0x556c50750530 from -key@0x7f4568006900 | = prf(, ): release clone-key@0x7f4568006900 | = prf(, ) PRF sha crypt-prf@0x556c5076a040 | = prf(, ) PRF sha update first-packet-bytes@0x556c5076ac80 (length 440) | 6d 52 27 e4 2d 1d 3b 0e 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 a7 21 c3 b3 99 7e 93 8d ce 6f d9 a9 | ea af 33 d5 16 35 97 d2 60 d6 fa 7d 52 cf b9 df | 6f 9b 84 e3 02 14 79 53 9d d6 45 67 1e 78 25 af | fb 9e c5 2e 55 75 02 67 5c bd d8 1d f4 58 9a 11 | b2 22 9f 66 86 ea c4 ed c9 19 32 b1 c5 b8 02 89 | 79 1a b5 07 db 37 d2 e5 72 b4 24 9d f0 26 2b 6b | 65 63 ca 4b de 92 e0 89 3a 61 61 04 6d 31 c5 66 | 5a c8 17 a6 ea 7f bc 2e cf 4b 47 0b bb 18 5f 4e | 5a 48 5e bf c0 77 d8 3c 41 94 57 31 63 76 de 20 | 06 6f 09 d0 62 10 a3 a2 60 c9 7d da b2 e9 d5 d3 | d8 2b c7 03 cd 8a 6d ac 3b 12 d1 7c 5e d1 00 13 | 38 ae 86 7b e4 0d 3d b1 1d cb e0 b0 15 51 4a 62 | 65 b5 90 e7 99 7e ab 58 4c d3 63 4c 5c 41 39 37 | 1b d9 54 2a 52 2c 7a b3 45 aa 6b 82 55 7b ae 44 | ef 9b 9f 7d 22 d9 dc a6 85 65 63 b2 52 11 e7 d9 | 32 94 b8 86 a0 e7 02 e9 f9 00 25 d8 5a c5 b9 a9 | 9d 20 07 38 29 00 00 24 0b c6 33 0a 67 ff b3 97 | 33 e1 32 d0 51 5b 91 7c 57 e3 82 54 5c 1d eb fd | 81 54 66 53 d3 24 6e 90 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 77 27 1a 46 f7 9f e8 82 | 72 8b 8a 4e 6c c1 bf c1 a5 08 de 68 00 00 00 1c | 00 00 40 05 d7 f1 b2 2c cf 66 77 b7 51 d2 70 ad | e6 1f ed 4c e7 fc c1 e7 | = prf(, ) PRF sha update nonce-bytes@0x556c5076b450 (length 32) | 0c 24 3f 43 95 79 67 e6 fa 6c f3 35 b2 66 bf 6e | b0 09 e6 75 e4 c1 1c 0c cb c7 d5 27 b5 6a 1b 00 | = prf(, ) PRF sha update hash-bytes@0x7ffdc298a820 (length 20) | e5 db 7b 48 4e 5f c4 0c d3 53 5d f6 15 62 c8 b4 | ef 39 36 ab | = prf(, ) PRF sha final-chunk@0x556c5076aef0 (length 20) | ee 02 c5 7f cd 3d ad a3 cb ae 18 8d 2f 1b 57 59 | 82 b7 dc f4 | psk_auth: release prf-psk-key@0x556c50757800 | PSK auth octets ee 02 c5 7f cd 3d ad a3 cb ae 18 8d 2f 1b 57 59 | PSK auth octets 82 b7 dc f4 | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth ee 02 c5 7f cd 3d ad a3 cb ae 18 8d 2f 1b 57 59 | PSK auth 82 b7 dc f4 | emitting length of IKEv2 Authentication Payload: 28 | getting first pending from state #5 | netlink_get_spi: allocated 0x874bd25c for esp.0@192.1.2.45 | constructing ESP/AH proposals with all DH removed for aes128 (IKE SA initiator emitting ESP/AH proposals) | converting proposal AES_CBC_128-HMAC_SHA1_96-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED "aes128": constructed local ESP/AH proposals for aes128 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Emitting ikev2_proposals ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 87 4b d2 5c | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "aes128" #5: IMPAIR: emitting fixed-length key-length attribute with 0 key | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 0 (0x0) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 40 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 44 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 00 01 00 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 00 01 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 00 02 00 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 00 02 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | adding 16 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0c repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0d repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0e repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0f repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 192 | emitting length of ISAKMP Message: 220 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 33 6e 4c 50 63 bf 0a ec 52 07 af 78 37 0d 1b 67 | data before encryption: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c | 02 00 00 00 65 61 73 74 21 00 00 1c 02 00 00 00 | ee 02 c5 7f cd 3d ad a3 cb ae 18 8d 2f 1b 57 59 | 82 b7 dc f4 2c 00 00 2c 00 00 00 28 01 03 04 03 | 87 4b d2 5c 03 00 00 0c 01 00 00 0c 80 0e 00 00 | 03 00 00 08 03 00 00 02 00 00 00 08 05 00 00 00 | 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff | c0 00 01 00 c0 00 01 ff 00 00 00 18 01 00 00 00 | 07 00 00 10 00 00 ff ff c0 00 02 00 c0 00 02 ff | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 7a b5 42 43 39 cd d6 cc ae 82 4e b5 64 83 72 9a | ba a3 c9 21 29 ba 36 69 85 86 c6 73 1b 59 3b f0 | 1a 5c fa 1b 7b e2 05 ea 54 5e dc 3f 9f 48 25 3e | 1f 9f 7d 5c bc f2 a1 b1 d2 ee 59 cf fe f8 61 4a | 0e 8c c3 68 80 ff 82 e4 a0 be 89 4f df 2c e1 47 | 45 1f bc 73 bd 7f 10 9b 43 41 46 5b 84 f1 7f 41 | 99 c2 ea 8e 46 dc 7c ea be 35 5a 6a 1d cd f7 56 | fb f5 d1 e4 8f 7f 70 7b a2 5f c9 06 a2 6f 65 25 | b4 fa a3 cb 88 d8 9e 05 f3 87 88 25 d4 84 04 4d | db 85 e1 bf 94 6c d2 90 cd 6c 1f a3 29 c8 56 a9 | hmac PRF sha init symkey-key@0x556c5075ae20 (size 20) | hmac: symkey-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a198 | result: clone-key@0x556c50757800 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x556c50750530 from symkey-key@0x556c50757800 | hmac prf: begin sha with context 0x556c50750530 from symkey-key@0x556c50757800 | hmac: release clone-key@0x556c50757800 | hmac PRF sha crypt-prf@0x556c5076b210 | hmac PRF sha update data-bytes@0x556c4f7f0940 (length 208) | 6d 52 27 e4 2d 1d 3b 0e 61 91 89 8f 29 8a 8c 00 | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | 33 6e 4c 50 63 bf 0a ec 52 07 af 78 37 0d 1b 67 | 7a b5 42 43 39 cd d6 cc ae 82 4e b5 64 83 72 9a | ba a3 c9 21 29 ba 36 69 85 86 c6 73 1b 59 3b f0 | 1a 5c fa 1b 7b e2 05 ea 54 5e dc 3f 9f 48 25 3e | 1f 9f 7d 5c bc f2 a1 b1 d2 ee 59 cf fe f8 61 4a | 0e 8c c3 68 80 ff 82 e4 a0 be 89 4f df 2c e1 47 | 45 1f bc 73 bd 7f 10 9b 43 41 46 5b 84 f1 7f 41 | 99 c2 ea 8e 46 dc 7c ea be 35 5a 6a 1d cd f7 56 | fb f5 d1 e4 8f 7f 70 7b a2 5f c9 06 a2 6f 65 25 | b4 fa a3 cb 88 d8 9e 05 f3 87 88 25 d4 84 04 4d | db 85 e1 bf 94 6c d2 90 cd 6c 1f a3 29 c8 56 a9 | hmac PRF sha final-bytes@0x556c4f7f0a10 (length 20) | 79 9e 98 05 88 b5 e5 28 c4 90 4b 1b 7e 81 92 30 | fe 33 ba 83 | data being hmac: 6d 52 27 e4 2d 1d 3b 0e 61 91 89 8f 29 8a 8c 00 | data being hmac: 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | data being hmac: 33 6e 4c 50 63 bf 0a ec 52 07 af 78 37 0d 1b 67 | data being hmac: 7a b5 42 43 39 cd d6 cc ae 82 4e b5 64 83 72 9a | data being hmac: ba a3 c9 21 29 ba 36 69 85 86 c6 73 1b 59 3b f0 | data being hmac: 1a 5c fa 1b 7b e2 05 ea 54 5e dc 3f 9f 48 25 3e | data being hmac: 1f 9f 7d 5c bc f2 a1 b1 d2 ee 59 cf fe f8 61 4a | data being hmac: 0e 8c c3 68 80 ff 82 e4 a0 be 89 4f df 2c e1 47 | data being hmac: 45 1f bc 73 bd 7f 10 9b 43 41 46 5b 84 f1 7f 41 | data being hmac: 99 c2 ea 8e 46 dc 7c ea be 35 5a 6a 1d cd f7 56 | data being hmac: fb f5 d1 e4 8f 7f 70 7b a2 5f c9 06 a2 6f 65 25 | data being hmac: b4 fa a3 cb 88 d8 9e 05 f3 87 88 25 d4 84 04 4d | data being hmac: db 85 e1 bf 94 6c d2 90 cd 6c 1f a3 29 c8 56 a9 | out calculated auth: | 79 9e 98 05 88 b5 e5 28 c4 90 4b 1b | suspend processing: state #5 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | start processing: state #6 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #6 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 | child state #6: UNDEFINED(ignore) => PARENT_I2(open IKE SA) | Message ID: updating counters for #6 to 0 after switching state | Message ID: recv #5.#6 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 | Message ID: sent #5.#6 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 "aes128" #6: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_CBC_128 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP2048} | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 220 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #5) | 6d 52 27 e4 2d 1d 3b 0e 61 91 89 8f 29 8a 8c 00 | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | 33 6e 4c 50 63 bf 0a ec 52 07 af 78 37 0d 1b 67 | 7a b5 42 43 39 cd d6 cc ae 82 4e b5 64 83 72 9a | ba a3 c9 21 29 ba 36 69 85 86 c6 73 1b 59 3b f0 | 1a 5c fa 1b 7b e2 05 ea 54 5e dc 3f 9f 48 25 3e | 1f 9f 7d 5c bc f2 a1 b1 d2 ee 59 cf fe f8 61 4a | 0e 8c c3 68 80 ff 82 e4 a0 be 89 4f df 2c e1 47 | 45 1f bc 73 bd 7f 10 9b 43 41 46 5b 84 f1 7f 41 | 99 c2 ea 8e 46 dc 7c ea be 35 5a 6a 1d cd f7 56 | fb f5 d1 e4 8f 7f 70 7b a2 5f c9 06 a2 6f 65 25 | b4 fa a3 cb 88 d8 9e 05 f3 87 88 25 d4 84 04 4d | db 85 e1 bf 94 6c d2 90 cd 6c 1f a3 29 c8 56 a9 | 79 9e 98 05 88 b5 e5 28 c4 90 4b 1b | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x7f455c002b20 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #6 | libevent_malloc: new ptr-libevent@0x7f455c006900 size 128 | #6 STATE_PARENT_I2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49492.497684 | resume sending helper answer for #5 suppresed complete_v2_state_transition() | #5 spent 1.55 milliseconds in resume sending helper answer | stop processing: state #6 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f45500060f0 | spent 0.00278 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 6d 52 27 e4 2d 1d 3b 0e 61 91 89 8f 29 8a 8c 00 | 2e 20 23 20 00 00 00 01 00 00 00 4c 29 00 00 30 | ec 3c 39 3d 94 40 60 7f 3b 31 a2 af b8 30 89 45 | 16 a5 7e 56 5c 6e c2 75 cd 3f a4 fe d3 77 d1 b6 | 7f ce 48 77 4a 07 e9 4e 39 7e 0c a7 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 6d 52 27 e4 2d 1d 3b 0e | responder cookie: | 61 91 89 8f 29 8a 8c 00 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response | State DB: found IKEv2 state #5 in PARENT_I2 (find_v2_ike_sa) | start processing: state #5 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: found IKEv2 state #6 in PARENT_I2 (find_v2_sa_by_initiator_wip) | suspend processing: state #5 connection "aes128" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | start processing: state #6 connection "aes128" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #6 is idle | #6 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SK (len=44) | #6 in state PARENT_I2: sent v2I2, expected v2R2 | hmac PRF sha init symkey-key@0x556c5074eb00 (size 20) | hmac: symkey-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a0b8 | result: clone-key@0x556c50757800 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x556c50750530 from symkey-key@0x556c50757800 | hmac prf: begin sha with context 0x556c50750530 from symkey-key@0x556c50757800 | hmac: release clone-key@0x556c50757800 | hmac PRF sha crypt-prf@0x556c5076b230 | hmac PRF sha update data-bytes@0x556c506cc0b0 (length 64) | 6d 52 27 e4 2d 1d 3b 0e 61 91 89 8f 29 8a 8c 00 | 2e 20 23 20 00 00 00 01 00 00 00 4c 29 00 00 30 | ec 3c 39 3d 94 40 60 7f 3b 31 a2 af b8 30 89 45 | 16 a5 7e 56 5c 6e c2 75 cd 3f a4 fe d3 77 d1 b6 | hmac PRF sha final-bytes@0x7ffdc298a280 (length 20) | 7f ce 48 77 4a 07 e9 4e 39 7e 0c a7 12 d5 15 c4 | 64 27 ee 90 | data for hmac: 6d 52 27 e4 2d 1d 3b 0e 61 91 89 8f 29 8a 8c 00 | data for hmac: 2e 20 23 20 00 00 00 01 00 00 00 4c 29 00 00 30 | data for hmac: ec 3c 39 3d 94 40 60 7f 3b 31 a2 af b8 30 89 45 | data for hmac: 16 a5 7e 56 5c 6e c2 75 cd 3f a4 fe d3 77 d1 b6 | calculated auth: 7f ce 48 77 4a 07 e9 4e 39 7e 0c a7 | provided auth: 7f ce 48 77 4a 07 e9 4e 39 7e 0c a7 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | ec 3c 39 3d 94 40 60 7f 3b 31 a2 af b8 30 89 45 | payload before decryption: | 16 a5 7e 56 5c 6e c2 75 cd 3f a4 fe d3 77 d1 b6 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 00 00 00 08 00 00 00 0e 00 01 02 03 04 05 06 07 | stripping 8 octets as pad | #6 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2N) | **parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | processing payload: ISAKMP_NEXT_v2N (len=0) | selected state microcode IKE SA: process IKE_AUTH response containing unknown notification | Now let's proceed with state specific processing | calling processor IKE SA: process IKE_AUTH response containing unknown notification "aes128" #6: IKE_AUTH response contained the error notification NO_PROPOSAL_CHOSEN "aes128" #6: scheduling retry attempt 1 of an unlimited number, but releasing whack | release_pending_whacks: state #6 fd@25 .st_dev=9 .st_ino=3008027 | close_any(fd@25) (in release_whack() at state.c:654) | close_any(fd@24) (in release_whack() at state.c:654) | release_pending_whacks: IKE SA #5 fd@-1 has pending CHILD SA with socket fd@25 | libevent_free: release ptr-libevent@0x7f455c006900 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f455c002b20 | event_schedule: new EVENT_RETRANSMIT-pe@0x7f455c002b20 | inserting event EVENT_RETRANSMIT, timeout in 59.978497 seconds for #6 | libevent_malloc: new ptr-libevent@0x7f455c006900 size 128 "aes128" #6: STATE_PARENT_I2: suppressing retransmits; will wait 59.978497 seconds for retry | #6 spent 0.12 milliseconds in processing: IKE SA: process IKE_AUTH response containing unknown notification in ikev2_process_state_packet() | [RE]START processing: state #6 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #6 complete_v2_state_transition() PARENT_I2->PARENT_I2 with status STF_IGNORE | stop processing: state #6 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #5 spent 0.384 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.398 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_STATE_... in show_traffic_status (sort_states) | FOR_EACH_STATE_... in sort_states | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0485 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in terminate_a_connection() at terminate.c:69) "aes128": terminating SAs using this connection | connection 'aes128' -POLICY_UP | close_any(fd@25) Errno 9: Bad file descriptor (in delete_pending() at pending.c:244) | removing pending policy for no connection {0x556c507714e0} | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #6 | suspend processing: connection "aes128" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #6 connection "aes128" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #6 ikev2.child deleted other | #6 spent 0.12 milliseconds in total | [RE]START processing: state #6 connection "aes128" from 192.1.2.23:500 (in delete_state() at state.c:879) "aes128" #6: deleting state (STATE_PARENT_I2) aged 0.064s and NOT sending notification | child state #6: PARENT_I2(open IKE SA) => delete | child state #6: PARENT_I2(open IKE SA) => CHILDSA_DEL(informational) | state #6 requesting EVENT_RETRANSMIT to be deleted | #6 STATE_CHILDSA_DEL: retransmits: cleared | libevent_free: release ptr-libevent@0x7f455c006900 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f455c002b20 | priority calculation of connection "aes128" is 0xfe7e7 | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | stop processing: connection "aes128" (BACKGROUND) (in update_state_connection() at connections.c:4037) | start processing: connection NULL (in update_state_connection() at connections.c:4038) | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #6 in CHILDSA_DEL | child state #6: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #6 from 192.1.2.23:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x7f456000a510 | delete_state: release st->st_skey_ai_nss-key@0x556c5075ae20 | delete_state: release st->st_skey_ar_nss-key@0x556c5074eb00 | delete_state: release st->st_skey_ei_nss-key@0x556c507543d0 | delete_state: release st->st_skey_er_nss-key@0x556c5074d280 | delete_state: release st->st_skey_pi_nss-key@0x556c507594c0 | delete_state: release st->st_skey_pr_nss-key@0x556c5076d180 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #5 | start processing: state #5 connection "aes128" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #5 ikev2.ike deleted other | #5 spent 9.03 milliseconds in total | [RE]START processing: state #5 connection "aes128" from 192.1.2.23:500 (in delete_state() at state.c:879) "aes128" #5: deleting state (STATE_PARENT_I2) aged 0.076s and NOT sending notification | parent state #5: PARENT_I2(open IKE SA) => delete | state #5 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x556c5076b250 | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f4564002b20 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #5 in PARENT_I2 | parent state #5: PARENT_I2(open IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f455c000d60: destroyed | stop processing: state #5 from 192.1.2.23:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x7f456000d640 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x7f456000a510 | delete_state: release st->st_skey_ai_nss-key@0x556c5075ae20 | delete_state: release st->st_skey_ar_nss-key@0x556c5074eb00 | delete_state: release st->st_skey_ei_nss-key@0x556c507543d0 | delete_state: release st->st_skey_er_nss-key@0x556c5074d280 | delete_state: release st->st_skey_pi_nss-key@0x556c507594c0 | delete_state: release st->st_skey_pr_nss-key@0x556c5076d180 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | free hp@0x556c50734860 | flush revival: connection 'aes128' wasn't on the list | stop processing: connection "aes128" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.25 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none - bust-mi2+bust-mr2+drop-i2+sa-creation+jacob-two-two+allow-null-none+major-version-bump+minor-version-bump+timeout-on-retransmit+delete-on-retransmit+suppress-retransmits+send-bogus-payload-flag+send-bogus-isakmp-flag+send-no-delete+send-no-ikev2-auth+send-no-xauth-r0+drop-xauth-r0+send-no-main-r2+force-fips+send-key-size-check+send-bogus-dcookie+omit-hash-notify+ignore-hash-notify+ignore-hash-notify-resp+ikev2-exclude-integ-none+ikev2-include-integ-none+replay-duplicates+replay-forward+replay-backward+replay-encrypted+corrupt-encrypted+proposal-parser+add-unknown-payload-to-sa-init+add-unknown-payload-to-auth+add-unknown-payload-to-auth-sk+unknown-payload-critical+allow-dns-insecure+send-pkcs7-thingie+ikev1-del-with-notify+bad-ikev2-auth-xchg | base impairing = none | child-key-length-attribute: disabled | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.066 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing none + suppress-retransmits | base impairing = suppress-retransmits | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0427 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing suppress-retransmits + none | base impairing = suppress-retransmits | ike-key-length-attribute:DUPLICATE | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.058 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection aes128 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_CBC_128-HMAC_SHA1-MODP2048 | from whack: got --esp=aes128-sha1;modp2048 | ESP/AH string values: AES_CBC_128-HMAC_SHA1_96-MODP2048 | counting wild cards for @west is 0 | counting wild cards for @east is 0 | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x556c50769f20 added connection description "aes128" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.139 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in initiate_a_connection() at initiate.c:186) | connection 'aes128' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #7 at 0x556c50769370 | State DB: adding IKEv2 state #7 in UNDEFINED | pstats #7 ikev2.ike started | Message ID: init #7: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #7: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #7; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #7 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "aes128" IKE SA #7 "aes128" "aes128" #7: initiating v2 parent SA | constructing local IKE proposals for aes128 (IKE SA initiator selecting KE) | converting ike_info AES_CBC_128-HMAC_SHA1-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "aes128": constructed local IKE proposals for aes128 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 7 for state #7 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f455c002b20 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #7 | libevent_malloc: new ptr-libevent@0x556c5076b250 size 128 | #7 spent 0.125 milliseconds in ikev2_parent_outI1() | crypto helper 5 resuming | crypto helper 5 starting work-order 7 for state #7 | crypto helper 5 doing build KE and nonce (ikev2_outI1 KE); request ID 7 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: state #7 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.217 milliseconds in whack | DH secret MODP2048@0x7f4554000d60: created | NSS: Local DH MODP2048 secret (pointer): 0x7f4554000d60 | NSS: Public DH wire value: | 82 f8 07 85 6c 3b ee 6b f9 9e d9 3f b2 9c 05 e5 | 81 47 60 da 10 52 ac 82 42 5b 88 b1 30 09 3c 49 | 79 79 eb 53 93 cf ff 34 7e f2 fd 20 63 34 b1 77 | 61 3f 5b 9b c5 3f ba 2a b2 8f 12 3d 4b e8 17 41 | 66 ae c8 dc 58 40 d8 46 2f 1d 23 01 a2 f1 05 f4 | 2c c1 fb cc 0e 73 36 19 8c b1 55 f0 04 c1 8c e3 | 46 a4 25 67 2f 45 fe 6a 2e 19 29 3d b8 b6 6b 3a | 68 fe 32 d1 51 49 4c 9d 5c 72 bd 0e bd 5f e4 9a | 09 c7 4e 3d 76 a9 9b ce 65 e1 52 22 df ee 79 80 | 3a 06 63 a4 c6 1b 96 7b c1 f5 b6 7a 71 60 d9 c3 | 62 fc 56 dc c1 e7 e7 05 c7 40 95 f4 e9 9d 1b af | 30 2f 1a 68 2b 94 ad 14 8a 18 de df 8f 9b 8e b3 | 38 2f 5d 7f 91 29 01 a4 6f b8 88 51 b8 6b 92 86 | ce b6 43 9c 75 4f fe e1 ca 1f fb 31 9d d4 aa 3b | 11 22 95 b5 0a 4e 7c f0 39 59 1d 5e 3a ad 75 30 | 3d 56 e2 ad f7 48 8a 2e 85 e0 35 4f af 2d e5 4d | Generated nonce: 82 1e 39 68 ce 24 fd ef 02 2c 26 2a 5d 06 d3 54 | Generated nonce: 09 ff 0d 94 ff b3 37 1f 0f 56 04 2f dc 7c ff 71 | crypto helper 5 finished build KE and nonce (ikev2_outI1 KE); request ID 7 time elapsed 0.001171 seconds | (#7) spent 1.09 milliseconds in crypto helper computing work-order 7: ikev2_outI1 KE (pcr) | crypto helper 5 sending results from work-order 7 for state #7 to event queue | scheduling resume sending helper answer for #7 | libevent_malloc: new ptr-libevent@0x7f4554006900 size 128 | crypto helper 5 waiting (nothing to do) | processing resume sending helper answer for #7 | start processing: state #7 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 5 replies to request ID 7 | calling continuation function 0x556c4f6f1630 | ikev2_parent_outI1_continue for #7 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f4554000d60: transferring ownership from helper KE to state #7 | **emit ISAKMP Message: | initiator cookie: | d7 a7 50 22 b2 e6 a3 46 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection aes128 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "aes128" #7: IMPAIR: duplicating key-length attribute | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 16 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 48 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 52 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 82 f8 07 85 6c 3b ee 6b f9 9e d9 3f b2 9c 05 e5 | ikev2 g^x 81 47 60 da 10 52 ac 82 42 5b 88 b1 30 09 3c 49 | ikev2 g^x 79 79 eb 53 93 cf ff 34 7e f2 fd 20 63 34 b1 77 | ikev2 g^x 61 3f 5b 9b c5 3f ba 2a b2 8f 12 3d 4b e8 17 41 | ikev2 g^x 66 ae c8 dc 58 40 d8 46 2f 1d 23 01 a2 f1 05 f4 | ikev2 g^x 2c c1 fb cc 0e 73 36 19 8c b1 55 f0 04 c1 8c e3 | ikev2 g^x 46 a4 25 67 2f 45 fe 6a 2e 19 29 3d b8 b6 6b 3a | ikev2 g^x 68 fe 32 d1 51 49 4c 9d 5c 72 bd 0e bd 5f e4 9a | ikev2 g^x 09 c7 4e 3d 76 a9 9b ce 65 e1 52 22 df ee 79 80 | ikev2 g^x 3a 06 63 a4 c6 1b 96 7b c1 f5 b6 7a 71 60 d9 c3 | ikev2 g^x 62 fc 56 dc c1 e7 e7 05 c7 40 95 f4 e9 9d 1b af | ikev2 g^x 30 2f 1a 68 2b 94 ad 14 8a 18 de df 8f 9b 8e b3 | ikev2 g^x 38 2f 5d 7f 91 29 01 a4 6f b8 88 51 b8 6b 92 86 | ikev2 g^x ce b6 43 9c 75 4f fe e1 ca 1f fb 31 9d d4 aa 3b | ikev2 g^x 11 22 95 b5 0a 4e 7c f0 39 59 1d 5e 3a ad 75 30 | ikev2 g^x 3d 56 e2 ad f7 48 8a 2e 85 e0 35 4f af 2d e5 4d | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 82 1e 39 68 ce 24 fd ef 02 2c 26 2a 5d 06 d3 54 | IKEv2 nonce 09 ff 0d 94 ff b3 37 1f 0f 56 04 2f dc 7c ff 71 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffdc298a810 (length 8) | d7 a7 50 22 b2 e6 a3 46 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffdc298a818 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffdc298a744 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffdc298a736 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffdc298a7c0 (length 20) | 5c a4 70 98 e4 3b 8f f3 8b 26 84 ce da 97 a3 8f | 00 14 0a ac | natd_hash: hasher=0x556c4f7c77a0(20) | natd_hash: icookie= d7 a7 50 22 b2 e6 a3 46 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 5c a4 70 98 e4 3b 8f f3 8b 26 84 ce da 97 a3 8f | natd_hash: hash= 00 14 0a ac | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 5c a4 70 98 e4 3b 8f f3 8b 26 84 ce da 97 a3 8f | Notify data 00 14 0a ac | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffdc298a810 (length 8) | d7 a7 50 22 b2 e6 a3 46 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffdc298a818 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffdc298a744 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffdc298a736 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffdc298a7c0 (length 20) | a6 9a 48 8b 83 1a f6 b9 fa d7 5c f0 30 ab 4f 31 | 25 39 12 bc | natd_hash: hasher=0x556c4f7c77a0(20) | natd_hash: icookie= d7 a7 50 22 b2 e6 a3 46 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= a6 9a 48 8b 83 1a f6 b9 fa d7 5c f0 30 ab 4f 31 | natd_hash: hash= 25 39 12 bc | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data a6 9a 48 8b 83 1a f6 b9 fa d7 5c f0 30 ab 4f 31 | Notify data 25 39 12 bc | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 444 | stop processing: state #7 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #7 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #7 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #7: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #7 to 4294967295 after switching state | Message ID: IKE #7 skipping update_recv as MD is fake | Message ID: sent #7 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "aes128" #7: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 444 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #7) | d7 a7 50 22 b2 e6 a3 46 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 bc 22 00 00 34 | 00 00 00 30 01 01 00 04 03 00 00 10 01 00 00 0c | 80 0e 00 80 80 0e 00 80 03 00 00 08 02 00 00 02 | 03 00 00 08 03 00 00 02 00 00 00 08 04 00 00 0e | 28 00 01 08 00 0e 00 00 82 f8 07 85 6c 3b ee 6b | f9 9e d9 3f b2 9c 05 e5 81 47 60 da 10 52 ac 82 | 42 5b 88 b1 30 09 3c 49 79 79 eb 53 93 cf ff 34 | 7e f2 fd 20 63 34 b1 77 61 3f 5b 9b c5 3f ba 2a | b2 8f 12 3d 4b e8 17 41 66 ae c8 dc 58 40 d8 46 | 2f 1d 23 01 a2 f1 05 f4 2c c1 fb cc 0e 73 36 19 | 8c b1 55 f0 04 c1 8c e3 46 a4 25 67 2f 45 fe 6a | 2e 19 29 3d b8 b6 6b 3a 68 fe 32 d1 51 49 4c 9d | 5c 72 bd 0e bd 5f e4 9a 09 c7 4e 3d 76 a9 9b ce | 65 e1 52 22 df ee 79 80 3a 06 63 a4 c6 1b 96 7b | c1 f5 b6 7a 71 60 d9 c3 62 fc 56 dc c1 e7 e7 05 | c7 40 95 f4 e9 9d 1b af 30 2f 1a 68 2b 94 ad 14 | 8a 18 de df 8f 9b 8e b3 38 2f 5d 7f 91 29 01 a4 | 6f b8 88 51 b8 6b 92 86 ce b6 43 9c 75 4f fe e1 | ca 1f fb 31 9d d4 aa 3b 11 22 95 b5 0a 4e 7c f0 | 39 59 1d 5e 3a ad 75 30 3d 56 e2 ad f7 48 8a 2e | 85 e0 35 4f af 2d e5 4d 29 00 00 24 82 1e 39 68 | ce 24 fd ef 02 2c 26 2a 5d 06 d3 54 09 ff 0d 94 | ff b3 37 1f 0f 56 04 2f dc 7c ff 71 29 00 00 08 | 00 00 40 2e 29 00 00 1c 00 00 40 04 5c a4 70 98 | e4 3b 8f f3 8b 26 84 ce da 97 a3 8f 00 14 0a ac | 00 00 00 1c 00 00 40 05 a6 9a 48 8b 83 1a f6 b9 | fa d7 5c f0 30 ab 4f 31 25 39 12 bc | state #7 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x556c5076b250 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f455c002b20 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "aes128" #7: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x7f455c002b20 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #7 | libevent_malloc: new ptr-libevent@0x556c5076b250 size 128 | #7 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49493.085704 | resume sending helper answer for #7 suppresed complete_v2_state_transition() and stole MD | #7 spent 0.534 milliseconds in resume sending helper answer | stop processing: state #7 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f4554006900 | spent 0.00305 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | d7 a7 50 22 b2 e6 a3 46 87 47 c3 68 a9 be 6f 68 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 fd 71 14 f4 f5 97 ed 3c b7 91 a1 6c | 6f e9 1e bb da bb d2 f2 a6 e6 60 82 c4 04 1c 2d | 8f b7 54 4d d9 b1 a8 5b 30 6c 05 9e a8 56 5e a7 | e0 66 ac e3 6b 8a 9f a2 e4 f6 8e d4 ac 4e 7c 47 | ab 17 c4 7e f9 74 21 d8 98 ba 34 43 f5 fe c4 5f | 5f f6 12 bc e5 c4 7e a0 ff 76 c7 8c 0e b4 a8 21 | e1 8b 72 cb 08 53 d6 91 e0 37 d9 6f 01 b2 7a 7b | 1b 6c b2 52 de 88 cb 92 e3 98 68 e8 c0 14 3b 0f | f9 04 f4 04 a4 6d a4 75 10 98 75 18 43 78 e4 95 | cf 20 9d 91 59 ad c3 fd 17 9f 6a 57 3a ce d3 53 | 40 ff 80 cd 2f 45 20 0b 35 18 98 3e fd d4 f1 c2 | 5b 24 a6 b4 d3 85 ab 50 66 2f 6e e1 c7 2b 8d 80 | af 44 09 c2 2e e2 62 9c 13 02 df 29 e8 3f 25 ff | 6e cd 77 82 b9 fb 29 ee fb 56 a7 1b 5f 87 17 56 | 10 02 52 9e e1 da 85 62 de 49 8b 3f 6f b5 87 b7 | 0e 34 41 d8 ab 6f 86 6e 66 c3 a5 6c 25 ee bc 3b | 8c ed 35 76 29 00 00 24 b5 85 f8 15 14 10 09 cd | 00 16 33 6f 47 2b e8 01 24 4f dc 01 63 46 6c 18 | 09 d0 a6 8b db 44 09 73 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 00 42 47 e2 c1 d0 6e 87 | b8 13 de 81 fc 7c 57 cb 8f 88 b0 3f 00 00 00 1c | 00 00 40 05 41 99 70 26 41 9f 66 d7 26 d2 c8 30 | 70 c6 45 9d 36 25 fe 9a | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | d7 a7 50 22 b2 e6 a3 46 | responder cookie: | 87 47 c3 68 a9 be 6f 68 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #7 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #7 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #7 connection "aes128" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #7 is idle | #7 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | State DB: re-hashing IKEv2 state #7 IKE SPIi and SPI[ir] | #7 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | Now let's proceed with state specific processing | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | ikev2 parent inR1: calculating g^{xy} in order to send I2 | DH public value received: | fd 71 14 f4 f5 97 ed 3c b7 91 a1 6c 6f e9 1e bb | da bb d2 f2 a6 e6 60 82 c4 04 1c 2d 8f b7 54 4d | d9 b1 a8 5b 30 6c 05 9e a8 56 5e a7 e0 66 ac e3 | 6b 8a 9f a2 e4 f6 8e d4 ac 4e 7c 47 ab 17 c4 7e | f9 74 21 d8 98 ba 34 43 f5 fe c4 5f 5f f6 12 bc | e5 c4 7e a0 ff 76 c7 8c 0e b4 a8 21 e1 8b 72 cb | 08 53 d6 91 e0 37 d9 6f 01 b2 7a 7b 1b 6c b2 52 | de 88 cb 92 e3 98 68 e8 c0 14 3b 0f f9 04 f4 04 | a4 6d a4 75 10 98 75 18 43 78 e4 95 cf 20 9d 91 | 59 ad c3 fd 17 9f 6a 57 3a ce d3 53 40 ff 80 cd | 2f 45 20 0b 35 18 98 3e fd d4 f1 c2 5b 24 a6 b4 | d3 85 ab 50 66 2f 6e e1 c7 2b 8d 80 af 44 09 c2 | 2e e2 62 9c 13 02 df 29 e8 3f 25 ff 6e cd 77 82 | b9 fb 29 ee fb 56 a7 1b 5f 87 17 56 10 02 52 9e | e1 da 85 62 de 49 8b 3f 6f b5 87 b7 0e 34 41 d8 | ab 6f 86 6e 66 c3 a5 6c 25 ee bc 3b 8c ed 35 76 | using existing local IKE proposals for connection aes128 (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE initiator (accepting) 1 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..1] of 1 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048[first-match] | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | PRF ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1 | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffdc298a2d0 (length 8) | d7 a7 50 22 b2 e6 a3 46 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffdc298a2d8 (length 8) | 87 47 c3 68 a9 be 6f 68 | NATD hash sha digest IP addr-bytes@0x7ffdc298a264 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffdc298a256 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffdc298a2e0 (length 20) | 41 99 70 26 41 9f 66 d7 26 d2 c8 30 70 c6 45 9d | 36 25 fe 9a | natd_hash: hasher=0x556c4f7c77a0(20) | natd_hash: icookie= d7 a7 50 22 b2 e6 a3 46 | natd_hash: rcookie= 87 47 c3 68 a9 be 6f 68 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 41 99 70 26 41 9f 66 d7 26 d2 c8 30 70 c6 45 9d | natd_hash: hash= 36 25 fe 9a | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffdc298a2d0 (length 8) | d7 a7 50 22 b2 e6 a3 46 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffdc298a2d8 (length 8) | 87 47 c3 68 a9 be 6f 68 | NATD hash sha digest IP addr-bytes@0x7ffdc298a264 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffdc298a256 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffdc298a300 (length 20) | 00 42 47 e2 c1 d0 6e 87 b8 13 de 81 fc 7c 57 cb | 8f 88 b0 3f | natd_hash: hasher=0x556c4f7c77a0(20) | natd_hash: icookie= d7 a7 50 22 b2 e6 a3 46 | natd_hash: rcookie= 87 47 c3 68 a9 be 6f 68 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 00 42 47 e2 c1 d0 6e 87 b8 13 de 81 fc 7c 57 cb | natd_hash: hash= 8f 88 b0 3f | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA1 integ=HMAC_SHA1_96 cipherkey=AES_CBC | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7f4554000d60: transferring ownership from state #7 to helper IKEv2 DH | adding ikev2_inR1outI2 KE work-order 8 for state #7 | state #7 requesting EVENT_RETRANSMIT to be deleted | #7 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x556c5076b250 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f455c002b20 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f455c002b20 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #7 | libevent_malloc: new ptr-libevent@0x556c5076b250 size 128 | #7 spent 0.273 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() | crypto helper 1 resuming | crypto helper 1 starting work-order 8 for state #7 | [RE]START processing: state #7 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #7 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND | suspending state #7 and saving MD | #7 is busy; has a suspended MD | crypto helper 1 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 8 | [RE]START processing: state #7 connection "aes128" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) | peer's g: fd 71 14 f4 f5 97 ed 3c b7 91 a1 6c 6f e9 1e bb | "aes128" #7 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | peer's g: da bb d2 f2 a6 e6 60 82 c4 04 1c 2d 8f b7 54 4d | stop processing: state #7 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | peer's g: d9 b1 a8 5b 30 6c 05 9e a8 56 5e a7 e0 66 ac e3 | #7 spent 0.532 milliseconds in ikev2_process_packet() | peer's g: 6b 8a 9f a2 e4 f6 8e d4 ac 4e 7c 47 ab 17 c4 7e | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | peer's g: f9 74 21 d8 98 ba 34 43 f5 fe c4 5f 5f f6 12 bc | peer's g: e5 c4 7e a0 ff 76 c7 8c 0e b4 a8 21 e1 8b 72 cb | processing: STOP state #0 (in process_md() at demux.c:382) | peer's g: 08 53 d6 91 e0 37 d9 6f 01 b2 7a 7b 1b 6c b2 52 | peer's g: de 88 cb 92 e3 98 68 e8 c0 14 3b 0f f9 04 f4 04 | peer's g: a4 6d a4 75 10 98 75 18 43 78 e4 95 cf 20 9d 91 | peer's g: 59 ad c3 fd 17 9f 6a 57 3a ce d3 53 40 ff 80 cd | peer's g: 2f 45 20 0b 35 18 98 3e fd d4 f1 c2 5b 24 a6 b4 | peer's g: d3 85 ab 50 66 2f 6e e1 c7 2b 8d 80 af 44 09 c2 | peer's g: 2e e2 62 9c 13 02 df 29 e8 3f 25 ff 6e cd 77 82 | peer's g: b9 fb 29 ee fb 56 a7 1b 5f 87 17 56 10 02 52 9e | peer's g: e1 da 85 62 de 49 8b 3f 6f b5 87 b7 0e 34 41 d8 | peer's g: ab 6f 86 6e 66 c3 a5 6c 25 ee bc 3b 8c ed 35 76 | processing: STOP connection NULL (in process_md() at demux.c:383) | Started DH shared-secret computation in NSS: | spent 0.578 milliseconds in comm_handle_cb() reading and processing packet | new : g_ir-key@0x556c5076d180 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7f4554000d60: computed shared DH secret key@0x556c5076d180 | dh-shared : g^ir-key@0x556c5076d180 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha integ=sha cipherkey-size=16 salt-size=0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha init Ni | Nr-chunk@0x7f45680039a0 (length 64) | 82 1e 39 68 ce 24 fd ef 02 2c 26 2a 5d 06 d3 54 | 09 ff 0d 94 ff b3 37 1f 0f 56 04 2f dc 7c ff 71 | b5 85 f8 15 14 10 09 cd 00 16 33 6f 47 2b e8 01 | 24 4f dc 01 63 46 6c 18 09 d0 a6 8b db 44 09 73 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f457259c670 | result: Ni | Nr-key@0x556c5074d280 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x556c5074d280 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457259c658 | result: Ni | Nr-key@0x556c507594c0 (64-bytes, SHA_1_HMAC) | Ni | Nr: release tmp-key@0x556c5074d280 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha context 0x7f4568003aa0 from Ni | Nr-key@0x556c507594c0 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha with context 0x7f4568003aa0 from Ni | Nr-key@0x556c507594c0 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x556c507594c0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha crypt-prf@0x7f4568000d60 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha update g^ir-key@0x556c5076d180 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x556c5076d180 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x556c5076d180 | nss hmac digest hack: symkey-key@0x556c5076d180 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)1918485200: ffffffcd ffffffe5 31 ffffffbe 14 ffffffd5 ffffffad ffffffdd ffffff88 30 ffffff8d 79 0f 00 20 ffffff87 62 7d 47 ffffff90 ffffffa6 2c ffffffd0 34 ffffffe0 14 ffffffae 35 ffffff9f 79 ffffffdc ffffffc4 20 ffffff9f ffffffed 7e 2c ffffff9f 6f ffffff88 3e 20 13 18 ffffffc0 ffffffc4 fffffff1 ffffffcb 43 ffffffea ffffffc5 53 74 ffffffaf ffffffbe ffffffd3 ffffffdc ffffffcf ffffffe1 57 78 3a ffffff82 ffffffbd ffffffa8 20 ffffff83 ffffff9c 18 71 ffffffc1 66 1e 03 0e 76 23 ffffffda ffffffc3 00 ffffffe7 ffffffaa 50 54 ffffffd2 49 ffffffcf 2d 26 13 ffffffc4 68 ffffffb2 2a ffffffb1 ffffffa8 fffffffb ffffffc3 3a 06 56 50 26 58 79 ffffffb5 4c fffffff0 ffffffb0 52 ffffff98 0c ffffffa1 60 ffffff94 ffffffd9 ffffff97 ffffffae ffffffe1 4f ffffffa1 ffffffe4 fffffff6 ffffffcf 0d ffffffa3 ffffff92 fffffff6 ffffffdd 27 7f ffffff92 51 ffffff9e 09 ffffffb6 ffffffcf ffffffad 57 58 ffffff89 78 47 7a ffffffe0 6e 6b 51 ffffffe1 0c ffffff89 51 fffffffe ffffffff fff | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 256 bytes at 0x7f4568001440 | unwrapped: f7 6c d5 04 f1 61 0e a6 ee b4 2f 7b d0 8c 49 eb | unwrapped: 29 ee f7 da 33 c3 f8 10 c2 89 15 7e 37 e2 76 b1 | unwrapped: 91 d7 8e 66 36 7a 23 cb f9 6d ea c9 41 ca 70 5b | unwrapped: 6d da a9 74 bf cf 69 0c db 21 02 5a 92 38 d6 97 | unwrapped: a1 c5 77 c9 ea 53 3f 80 a7 3a 86 cf bc 83 3a c2 | unwrapped: 31 0f 98 35 00 14 0b 1c 58 04 2a ac 06 0e 44 38 | unwrapped: 73 43 57 6c 01 cb d5 a6 37 eb f0 2c db 61 7e eb | unwrapped: 3d 2a 2b bb 81 f3 4c 0b 2f 06 5f 2d d7 64 64 6d | unwrapped: b0 7b bf ed 31 94 7b 7d fc 83 94 77 11 58 ee 4c | unwrapped: 5d e0 1d 16 6a ef cf 96 8b 0c ee 15 cc 31 f7 78 | unwrapped: 59 25 66 9c a2 ac e4 4e 4f 0d 69 91 ae 48 c6 36 | unwrapped: 7f ec ba ca 2c bf 4c 28 08 e5 00 8f 6b c4 30 31 | unwrapped: f9 1e 61 e0 6e 35 3a cf 10 ce a7 bb 49 8a 48 15 | unwrapped: e0 ab d3 b4 ff 41 93 a6 e4 df e1 a9 8b b8 e1 a8 | unwrapped: e1 74 b5 84 20 84 ef 76 98 a5 fb 37 ae 45 b9 07 | unwrapped: 73 8f 4e 51 69 6e 99 c0 69 4d e3 fe ec 52 3a 67 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f457259c690 | result: final-key@0x556c5074d280 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c5074d280 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457259c678 | result: final-key@0x556c507594c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c5074d280 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha final-key@0x556c507594c0 (size 20) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x556c507594c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f457259c600 | result: data=Ni-key@0x556c507543d0 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x556c507543d0 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457259c5e8 | result: data=Ni-key@0x556c5074d280 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x556c507543d0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c5074d280 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f457259c5f0 | result: data+=Nr-key@0x556c507543d0 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x556c5074d280 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c507543d0 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f457259c5f0 | result: data+=SPIi-key@0x556c5074d280 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x556c507543d0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c5074d280 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f457259c5f0 | result: data+=SPIr-key@0x556c507543d0 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x556c5074d280 | prf+0 PRF sha init key-key@0x556c507594c0 (size 20) | prf+0: key-key@0x556c507594c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c507594c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457259c518 | result: clone-key@0x556c5074d280 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f4568003aa0 from key-key@0x556c5074d280 | prf+0 prf: begin sha with context 0x7f4568003aa0 from key-key@0x556c5074d280 | prf+0: release clone-key@0x556c5074d280 | prf+0 PRF sha crypt-prf@0x7f4568001ae0 | prf+0 PRF sha update seed-key@0x556c507543d0 (size 80) | prf+0: seed-key@0x556c507543d0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x556c507543d0 | nss hmac digest hack: symkey-key@0x556c507543d0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1918484832: fffffffd 7f 50 ffffffd8 ffffffce 3c ffffffc5 33 ffffff89 1e 0d ffffffa2 7f 55 ffffffed ffffffd6 27 ffffffb3 35 09 ffffff9c 7a ffffffdb 6e 67 08 70 ffffffbb 74 0c ffffff84 fffffffb ffffffad ffffff9d 3f 39 ffffffc0 4c ffffff97 ffffffdb 3a ffffff8f ffffff89 5e 17 ffffffe2 ffffffe2 0d ffffffe2 ffffffe6 0a 41 ffffffff 37 6c ffffff94 40 ffffffb7 ffffffe1 21 1e 4f 1d ffffffd7 ffffffc9 ffffffab 5c 57 0f ffffff8f ffffffef ffffffa2 ffffffd2 ffffffb4 7f fffffff4 60 56 ffffffe2 ffffffa7 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 80 bytes at 0x7f45680048a0 | unwrapped: 82 1e 39 68 ce 24 fd ef 02 2c 26 2a 5d 06 d3 54 | unwrapped: 09 ff 0d 94 ff b3 37 1f 0f 56 04 2f dc 7c ff 71 | unwrapped: b5 85 f8 15 14 10 09 cd 00 16 33 6f 47 2b e8 01 | unwrapped: 24 4f dc 01 63 46 6c 18 09 d0 a6 8b db 44 09 73 | unwrapped: d7 a7 50 22 b2 e6 a3 46 87 47 c3 68 a9 be 6f 68 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f457259c520 | result: final-key@0x556c5074eb00 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c5074eb00 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457259c508 | result: final-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c5074eb00 | prf+0 PRF sha final-key@0x556c5074d280 (size 20) | prf+0: key-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x556c5074d280 | prf+N PRF sha init key-key@0x556c507594c0 (size 20) | prf+N: key-key@0x556c507594c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c507594c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457259c518 | result: clone-key@0x556c5074eb00 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f4568003aa0 from key-key@0x556c5074eb00 | prf+N prf: begin sha with context 0x7f4568003aa0 from key-key@0x556c5074eb00 | prf+N: release clone-key@0x556c5074eb00 | prf+N PRF sha crypt-prf@0x7f45680010c0 | prf+N PRF sha update old_t-key@0x556c5074d280 (size 20) | prf+N: old_t-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x556c5074d280 | nss hmac digest hack: symkey-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1918484832: ffffffc8 30 fffffff8 ffffff8f 7b ffffffb6 1a ffffffa0 ffffffcf 2c fffffff9 ffffff94 ffffffd4 ffffffd7 ffffffc0 14 fffffffa 38 38 1d ffffff90 ffffff86 ffffffa1 fffffff8 ffffffb1 ffffffc6 ffffffbf 7c 79 ffffffb3 0a 25 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x7f4568005d80 | unwrapped: 73 08 d4 6d 40 b4 bf 47 85 2e 26 3f 29 74 66 24 | unwrapped: b9 2d d0 49 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x556c507543d0 (size 80) | prf+N: seed-key@0x556c507543d0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x556c507543d0 | nss hmac digest hack: symkey-key@0x556c507543d0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1918484832: fffffffd 7f 50 ffffffd8 ffffffce 3c ffffffc5 33 ffffff89 1e 0d ffffffa2 7f 55 ffffffed ffffffd6 27 ffffffb3 35 09 ffffff9c 7a ffffffdb 6e 67 08 70 ffffffbb 74 0c ffffff84 fffffffb ffffffad ffffff9d 3f 39 ffffffc0 4c ffffff97 ffffffdb 3a ffffff8f ffffff89 5e 17 ffffffe2 ffffffe2 0d ffffffe2 ffffffe6 0a 41 ffffffff 37 6c ffffff94 40 ffffffb7 ffffffe1 21 1e 4f 1d ffffffd7 ffffffc9 ffffffab 5c 57 0f ffffff8f ffffffef ffffffa2 ffffffd2 ffffffb4 7f fffffff4 60 56 ffffffe2 ffffffa7 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 80 bytes at 0x7f4568005b80 | unwrapped: 82 1e 39 68 ce 24 fd ef 02 2c 26 2a 5d 06 d3 54 | unwrapped: 09 ff 0d 94 ff b3 37 1f 0f 56 04 2f dc 7c ff 71 | unwrapped: b5 85 f8 15 14 10 09 cd 00 16 33 6f 47 2b e8 01 | unwrapped: 24 4f dc 01 63 46 6c 18 09 d0 a6 8b db 44 09 73 | unwrapped: d7 a7 50 22 b2 e6 a3 46 87 47 c3 68 a9 be 6f 68 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f457259c520 | result: final-key@0x556c5075ae20 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c5075ae20 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457259c508 | result: final-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c5075ae20 | prf+N PRF sha final-key@0x556c5074eb00 (size 20) | prf+N: key-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f457259c598 | result: result-key@0x556c5075ae20 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x556c5074d280 | prfplus: release old_t[N]-key@0x556c5074d280 | prf+N PRF sha init key-key@0x556c507594c0 (size 20) | prf+N: key-key@0x556c507594c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c507594c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457259c518 | result: clone-key@0x556c5074d280 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f4568003aa0 from key-key@0x556c5074d280 | prf+N prf: begin sha with context 0x7f4568003aa0 from key-key@0x556c5074d280 | prf+N: release clone-key@0x556c5074d280 | prf+N PRF sha crypt-prf@0x7f45680049e0 | prf+N PRF sha update old_t-key@0x556c5074eb00 (size 20) | prf+N: old_t-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x556c5074eb00 | nss hmac digest hack: symkey-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1918484832: ffffff8e ffffffa4 57 ffffffc9 1a ffffffa5 ffffffbb 1b ffffffdd ffffffa3 ffffffbb ffffffaf ffffffef fffffff4 4d ffffff9b 15 2d ffffff9c 2a 51 12 ffffffd0 ffffffa5 02 23 65 ffffffd4 1a ffffffc9 0e ffffffbb | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x7f4568006370 | unwrapped: 2c d5 3d 77 f5 98 eb 65 01 fe 9f c1 e4 91 35 63 | unwrapped: e6 f5 38 4a 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x556c507543d0 (size 80) | prf+N: seed-key@0x556c507543d0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x556c507543d0 | nss hmac digest hack: symkey-key@0x556c507543d0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1918484832: fffffffd 7f 50 ffffffd8 ffffffce 3c ffffffc5 33 ffffff89 1e 0d ffffffa2 7f 55 ffffffed ffffffd6 27 ffffffb3 35 09 ffffff9c 7a ffffffdb 6e 67 08 70 ffffffbb 74 0c ffffff84 fffffffb ffffffad ffffff9d 3f 39 ffffffc0 4c ffffff97 ffffffdb 3a ffffff8f ffffff89 5e 17 ffffffe2 ffffffe2 0d ffffffe2 ffffffe6 0a 41 ffffffff 37 6c ffffff94 40 ffffffb7 ffffffe1 21 1e 4f 1d ffffffd7 ffffffc9 ffffffab 5c 57 0f ffffff8f ffffffef ffffffa2 ffffffd2 ffffffb4 7f fffffff4 60 56 ffffffe2 ffffffa7 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 80 bytes at 0x7f4568001880 | unwrapped: 82 1e 39 68 ce 24 fd ef 02 2c 26 2a 5d 06 d3 54 | unwrapped: 09 ff 0d 94 ff b3 37 1f 0f 56 04 2f dc 7c ff 71 | unwrapped: b5 85 f8 15 14 10 09 cd 00 16 33 6f 47 2b e8 01 | unwrapped: 24 4f dc 01 63 46 6c 18 09 d0 a6 8b db 44 09 73 | unwrapped: d7 a7 50 22 b2 e6 a3 46 87 47 c3 68 a9 be 6f 68 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f457259c520 | result: final-key@0x7f456000a510 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f456000a510 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457259c508 | result: final-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f456000a510 | prf+N PRF sha final-key@0x556c5074d280 (size 20) | prf+N: key-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c5075ae20 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f457259c598 | result: result-key@0x7f456000a510 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x556c5075ae20 | prfplus: release old_t[N]-key@0x556c5074eb00 | prf+N PRF sha init key-key@0x556c507594c0 (size 20) | prf+N: key-key@0x556c507594c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c507594c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457259c518 | result: clone-key@0x556c5074eb00 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f4568003aa0 from key-key@0x556c5074eb00 | prf+N prf: begin sha with context 0x7f4568003aa0 from key-key@0x556c5074eb00 | prf+N: release clone-key@0x556c5074eb00 | prf+N PRF sha crypt-prf@0x7f4568002a80 | prf+N PRF sha update old_t-key@0x556c5074d280 (size 20) | prf+N: old_t-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x556c5074d280 | nss hmac digest hack: symkey-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1918484832: 1e 11 49 0f 0b ffffffe7 49 41 fffffff5 fffffff1 3a 1b 0e 5a 08 50 28 ffffffe3 71 ffffffae 47 ffffff89 ffffff84 ffffffac 43 79 4a fffffff6 ffffffc0 7d ffffffbb 4b | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x7f4568006340 | unwrapped: 7e d9 33 ea 93 8e b3 73 0c 7b 54 c5 ca 88 1b 91 | unwrapped: f3 2e fc e8 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x556c507543d0 (size 80) | prf+N: seed-key@0x556c507543d0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x556c507543d0 | nss hmac digest hack: symkey-key@0x556c507543d0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1918484832: fffffffd 7f 50 ffffffd8 ffffffce 3c ffffffc5 33 ffffff89 1e 0d ffffffa2 7f 55 ffffffed ffffffd6 27 ffffffb3 35 09 ffffff9c 7a ffffffdb 6e 67 08 70 ffffffbb 74 0c ffffff84 fffffffb ffffffad ffffff9d 3f 39 ffffffc0 4c ffffff97 ffffffdb 3a ffffff8f ffffff89 5e 17 ffffffe2 ffffffe2 0d ffffffe2 ffffffe6 0a 41 ffffffff 37 6c ffffff94 40 ffffffb7 ffffffe1 21 1e 4f 1d ffffffd7 ffffffc9 ffffffab 5c 57 0f ffffff8f ffffffef ffffffa2 ffffffd2 ffffffb4 7f fffffff4 60 56 ffffffe2 ffffffa7 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 80 bytes at 0x7f4568001820 | unwrapped: 82 1e 39 68 ce 24 fd ef 02 2c 26 2a 5d 06 d3 54 | unwrapped: 09 ff 0d 94 ff b3 37 1f 0f 56 04 2f dc 7c ff 71 | unwrapped: b5 85 f8 15 14 10 09 cd 00 16 33 6f 47 2b e8 01 | unwrapped: 24 4f dc 01 63 46 6c 18 09 d0 a6 8b db 44 09 73 | unwrapped: d7 a7 50 22 b2 e6 a3 46 87 47 c3 68 a9 be 6f 68 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f457259c520 | result: final-key@0x556c5075ae20 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c5075ae20 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457259c508 | result: final-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c5075ae20 | prf+N PRF sha final-key@0x556c5074eb00 (size 20) | prf+N: key-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f456000a510 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f457259c598 | result: result-key@0x556c5075ae20 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f456000a510 | prfplus: release old_t[N]-key@0x556c5074d280 | prf+N PRF sha init key-key@0x556c507594c0 (size 20) | prf+N: key-key@0x556c507594c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c507594c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457259c518 | result: clone-key@0x556c5074d280 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f4568003aa0 from key-key@0x556c5074d280 | prf+N prf: begin sha with context 0x7f4568003aa0 from key-key@0x556c5074d280 | prf+N: release clone-key@0x556c5074d280 | prf+N PRF sha crypt-prf@0x7f45680049e0 | prf+N PRF sha update old_t-key@0x556c5074eb00 (size 20) | prf+N: old_t-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x556c5074eb00 | nss hmac digest hack: symkey-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1918484832: 13 ffffff84 ffffff8f 13 ffffffb5 49 33 00 ffffffd6 ffffff8d 15 12 7b 49 ffffff95 3b ffffffc9 6a 29 ffffffc8 10 5e 44 49 ffffff9d ffffff90 ffffffaa ffffffdf 53 ffffff82 ffffff8e ffffffd0 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x7f4568006610 | unwrapped: 84 e9 17 5f 32 27 22 6f 44 b3 19 81 c4 88 85 61 | unwrapped: ac 40 7d b9 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x556c507543d0 (size 80) | prf+N: seed-key@0x556c507543d0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x556c507543d0 | nss hmac digest hack: symkey-key@0x556c507543d0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1918484832: fffffffd 7f 50 ffffffd8 ffffffce 3c ffffffc5 33 ffffff89 1e 0d ffffffa2 7f 55 ffffffed ffffffd6 27 ffffffb3 35 09 ffffff9c 7a ffffffdb 6e 67 08 70 ffffffbb 74 0c ffffff84 fffffffb ffffffad ffffff9d 3f 39 ffffffc0 4c ffffff97 ffffffdb 3a ffffff8f ffffff89 5e 17 ffffffe2 ffffffe2 0d ffffffe2 ffffffe6 0a 41 ffffffff 37 6c ffffff94 40 ffffffb7 ffffffe1 21 1e 4f 1d ffffffd7 ffffffc9 ffffffab 5c 57 0f ffffff8f ffffffef ffffffa2 ffffffd2 ffffffb4 7f fffffff4 60 56 ffffffe2 ffffffa7 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 80 bytes at 0x7f45680064c0 | unwrapped: 82 1e 39 68 ce 24 fd ef 02 2c 26 2a 5d 06 d3 54 | unwrapped: 09 ff 0d 94 ff b3 37 1f 0f 56 04 2f dc 7c ff 71 | unwrapped: b5 85 f8 15 14 10 09 cd 00 16 33 6f 47 2b e8 01 | unwrapped: 24 4f dc 01 63 46 6c 18 09 d0 a6 8b db 44 09 73 | unwrapped: d7 a7 50 22 b2 e6 a3 46 87 47 c3 68 a9 be 6f 68 | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f457259c520 | result: final-key@0x7f456000a510 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f456000a510 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457259c508 | result: final-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f456000a510 | prf+N PRF sha final-key@0x556c5074d280 (size 20) | prf+N: key-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c5075ae20 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f457259c598 | result: result-key@0x7f456000a510 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x556c5075ae20 | prfplus: release old_t[N]-key@0x556c5074eb00 | prf+N PRF sha init key-key@0x556c507594c0 (size 20) | prf+N: key-key@0x556c507594c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c507594c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457259c518 | result: clone-key@0x556c5074eb00 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f45680043d0 from key-key@0x556c5074eb00 | prf+N prf: begin sha with context 0x7f45680043d0 from key-key@0x556c5074eb00 | prf+N: release clone-key@0x556c5074eb00 | prf+N PRF sha crypt-prf@0x7f4568002a80 | prf+N PRF sha update old_t-key@0x556c5074d280 (size 20) | prf+N: old_t-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x556c5074d280 | nss hmac digest hack: symkey-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1918484832: fffffff6 ffffff8f 47 ffffff8a fffffffd 73 ffffffbb 58 15 2a ffffffe3 fffffff3 3b fffffff7 ffffffe4 ffffffa7 08 ffffffde 30 ffffffb0 4a ffffffae ffffffe8 0c ffffffbd 2d 6a 73 06 07 22 ffffff86 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x7f4568006340 | unwrapped: c3 96 18 0b 71 4d e8 33 4c 01 dc 21 33 f8 40 71 | unwrapped: 41 d4 c0 cf 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x556c507543d0 (size 80) | prf+N: seed-key@0x556c507543d0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x556c507543d0 | nss hmac digest hack: symkey-key@0x556c507543d0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1918484832: fffffffd 7f 50 ffffffd8 ffffffce 3c ffffffc5 33 ffffff89 1e 0d ffffffa2 7f 55 ffffffed ffffffd6 27 ffffffb3 35 09 ffffff9c 7a ffffffdb 6e 67 08 70 ffffffbb 74 0c ffffff84 fffffffb ffffffad ffffff9d 3f 39 ffffffc0 4c ffffff97 ffffffdb 3a ffffff8f ffffff89 5e 17 ffffffe2 ffffffe2 0d ffffffe2 ffffffe6 0a 41 ffffffff 37 6c ffffff94 40 ffffffb7 ffffffe1 21 1e 4f 1d ffffffd7 ffffffc9 ffffffab 5c 57 0f ffffff8f ffffffef ffffffa2 ffffffd2 ffffffb4 7f fffffff4 60 56 ffffffe2 ffffffa7 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 80 bytes at 0x7f4568005b80 | unwrapped: 82 1e 39 68 ce 24 fd ef 02 2c 26 2a 5d 06 d3 54 | unwrapped: 09 ff 0d 94 ff b3 37 1f 0f 56 04 2f dc 7c ff 71 | unwrapped: b5 85 f8 15 14 10 09 cd 00 16 33 6f 47 2b e8 01 | unwrapped: 24 4f dc 01 63 46 6c 18 09 d0 a6 8b db 44 09 73 | unwrapped: d7 a7 50 22 b2 e6 a3 46 87 47 c3 68 a9 be 6f 68 | prf+N PRF sha update N++-byte@0x6 (6) | 06 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f457259c520 | result: final-key@0x556c5075ae20 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c5075ae20 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457259c508 | result: final-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c5075ae20 | prf+N PRF sha final-key@0x556c5074eb00 (size 20) | prf+N: key-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f456000a510 (100-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f457259c598 | result: result-key@0x556c5075ae20 (120-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f456000a510 | prfplus: release old_t[N]-key@0x556c5074d280 | prf+N PRF sha init key-key@0x556c507594c0 (size 20) | prf+N: key-key@0x556c507594c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c507594c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457259c518 | result: clone-key@0x556c5074d280 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f4568003aa0 from key-key@0x556c5074d280 | prf+N prf: begin sha with context 0x7f4568003aa0 from key-key@0x556c5074d280 | prf+N: release clone-key@0x556c5074d280 | prf+N PRF sha crypt-prf@0x7f45680049e0 | prf+N PRF sha update old_t-key@0x556c5074eb00 (size 20) | prf+N: old_t-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x556c5074eb00 | nss hmac digest hack: symkey-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1918484832: 06 75 0a 03 ffffffd4 ffffffbb 6f 60 4e fffffff3 ffffffda 25 ffffffcf 1e 21 29 fffffff2 ffffffc3 35 fffffff7 6c 60 36 ffffff85 31 0f ffffffb1 ffffffbb 49 ffffffd9 ffffff98 ffffffd6 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x7f45680058b0 | unwrapped: 83 31 01 9a c1 01 91 85 d6 99 5c df 0b 33 6b 54 | unwrapped: c8 70 1e 99 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x556c507543d0 (size 80) | prf+N: seed-key@0x556c507543d0 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x556c507543d0 | nss hmac digest hack: symkey-key@0x556c507543d0 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1918484832: fffffffd 7f 50 ffffffd8 ffffffce 3c ffffffc5 33 ffffff89 1e 0d ffffffa2 7f 55 ffffffed ffffffd6 27 ffffffb3 35 09 ffffff9c 7a ffffffdb 6e 67 08 70 ffffffbb 74 0c ffffff84 fffffffb ffffffad ffffff9d 3f 39 ffffffc0 4c ffffff97 ffffffdb 3a ffffff8f ffffff89 5e 17 ffffffe2 ffffffe2 0d ffffffe2 ffffffe6 0a 41 ffffffff 37 6c ffffff94 40 ffffffb7 ffffffe1 21 1e 4f 1d ffffffd7 ffffffc9 ffffffab 5c 57 0f ffffff8f ffffffef ffffffa2 ffffffd2 ffffffb4 7f fffffff4 60 56 ffffffe2 ffffffa7 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 80 bytes at 0x7f45680064c0 | unwrapped: 82 1e 39 68 ce 24 fd ef 02 2c 26 2a 5d 06 d3 54 | unwrapped: 09 ff 0d 94 ff b3 37 1f 0f 56 04 2f dc 7c ff 71 | unwrapped: b5 85 f8 15 14 10 09 cd 00 16 33 6f 47 2b e8 01 | unwrapped: 24 4f dc 01 63 46 6c 18 09 d0 a6 8b db 44 09 73 | unwrapped: d7 a7 50 22 b2 e6 a3 46 87 47 c3 68 a9 be 6f 68 | prf+N PRF sha update N++-byte@0x7 (7) | 07 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f457259c520 | result: final-key@0x7f456000a510 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f456000a510 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457259c508 | result: final-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f456000a510 | prf+N PRF sha final-key@0x556c5074d280 (size 20) | prf+N: key-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c5075ae20 (120-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f457259c598 | result: result-key@0x7f456000a510 (140-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x556c5075ae20 | prfplus: release old_t[N]-key@0x556c5074eb00 | prfplus: release old_t[final]-key@0x556c5074d280 | ike_sa_keymat: release data-key@0x556c507543d0 | calc_skeyseed_v2: release skeyseed_k-key@0x556c507594c0 | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f456000a510 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457259c738 | result: result-key@0x556c507594c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 20, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f456000a510 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457259c738 | result: result-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 40, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f456000a510 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457259c738 | result: result-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 60, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x7f456000a510 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457259c748 | result: SK_ei_k-key@0x556c5074eb00 (16-bytes, AES_CBC) | initiator salt NULL key has no bytes | calc_skeyseed_v2: release initiator-salt-key-key@NULL | key-offset: 76, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x7f456000a510 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457259c748 | result: SK_er_k-key@0x556c5075ae20 (16-bytes, AES_CBC) | responder salt NULL key has no bytes | calc_skeyseed_v2: release responder-salt-key-key@NULL | key-offset: 92, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f456000a510 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457259c748 | result: result-key@0x7f456000d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 20 bytes of key@0x7f456000d640 | chunk_SK_pi: symkey-key@0x7f456000d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1717986918: 7a ffffffbd 0a ffffffaf ffffffa6 2e 09 10 33 ffffffb7 fffffff0 4f ffffffdc 62 60 ffffffb6 ffffffc9 ffffffe4 ffffffb3 ffffff8b 7c ffffff9e ffffffe3 62 ffffffb0 ffffffe8 18 ffffffbc 67 ffffff9c 02 53 | chunk_SK_pi: release slot-key-key@0x556c50750fd0 | chunk_SK_pi extracted len 32 bytes at 0x7f4568005be0 | unwrapped: 33 f8 40 71 41 d4 c0 cf 83 31 01 9a c1 01 91 85 | unwrapped: d6 99 5c df 00 00 00 00 00 00 00 00 00 00 00 00 | key-offset: 112, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f456000a510 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457259c748 | result: result-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 20 bytes of key@0x556c50757800 | chunk_SK_pr: symkey-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1717986918: ffffff81 ffffffd0 46 ffffffe6 39 0c 4f ffffffc6 ffffffc7 4a ffffffe4 ffffff92 75 24 19 ffffff98 2a 1b ffffffa2 ffffff82 ffffffc6 fffffffb 33 05 17 ffffffc3 ffffffcf 4f ffffffb9 56 ffffffaf ffffff80 | chunk_SK_pr: release slot-key-key@0x556c50750fd0 | chunk_SK_pr extracted len 32 bytes at 0x7f45680062f0 | unwrapped: 0b 33 6b 54 c8 70 1e 99 4d f3 d9 74 69 9a ab 1b | unwrapped: a5 61 0f 4b 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x7f456000a510 | calc_skeyseed_v2 pointers: shared-key@0x556c5076d180, SK_d-key@0x556c507594c0, SK_ai-key@0x556c507543d0, SK_ar-key@0x556c5074d280, SK_ei-key@0x556c5074eb00, SK_er-key@0x556c5075ae20, SK_pi-key@0x7f456000d640, SK_pr-key@0x556c50757800 | calc_skeyseed_v2 initiator salt | | calc_skeyseed_v2 responder salt | | calc_skeyseed_v2 SK_pi | 33 f8 40 71 41 d4 c0 cf 83 31 01 9a c1 01 91 85 | d6 99 5c df | calc_skeyseed_v2 SK_pr | 0b 33 6b 54 c8 70 1e 99 4d f3 d9 74 69 9a ab 1b | a5 61 0f 4b | crypto helper 1 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 8 time elapsed 0.003079 seconds | (#7) spent 2.99 milliseconds in crypto helper computing work-order 8: ikev2_inR1outI2 KE (pcr) | crypto helper 1 sending results from work-order 8 for state #7 to event queue | scheduling resume sending helper answer for #7 | libevent_malloc: new ptr-libevent@0x7f4568006800 size 128 | crypto helper 1 waiting (nothing to do) | processing resume sending helper answer for #7 | start processing: state #7 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 1 replies to request ID 8 | calling continuation function 0x556c4f6f1630 | ikev2_parent_inR1outI2_continue for #7: calculating g^{xy}, sending I2 | DH secret MODP2048@0x7f4554000d60: transferring ownership from helper IKEv2 DH to state #7 | finish_dh_v2: release st_shared_nss-key@NULL | creating state object #8 at 0x556c5076dc10 | State DB: adding IKEv2 state #8 in UNDEFINED | pstats #8 ikev2.child started | duplicating state object #7 "aes128" as #8 for IPSEC SA | #8 setting local endpoint to 192.1.2.45:500 from #7.st_localport (in duplicate_state() at state.c:1481) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x556c507594c0 | duplicate_state: reference st_skey_ai_nss-key@0x556c507543d0 | duplicate_state: reference st_skey_ar_nss-key@0x556c5074d280 | duplicate_state: reference st_skey_ei_nss-key@0x556c5074eb00 | duplicate_state: reference st_skey_er_nss-key@0x556c5075ae20 | duplicate_state: reference st_skey_pi_nss-key@0x7f456000d640 | duplicate_state: reference st_skey_pr_nss-key@0x556c50757800 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #7.#8; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #7 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 | Message ID: switch-to #7.#8 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 | state #7 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x556c5076b250 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f455c002b20 | event_schedule: new EVENT_SA_REPLACE-pe@0x7f455c002b20 | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #7 | libevent_malloc: new ptr-libevent@0x556c5076b250 size 128 | parent state #7: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) | **emit ISAKMP Message: | initiator cookie: | d7 a7 50 22 b2 e6 a3 46 | responder cookie: | 87 47 c3 68 a9 be 6f 68 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK | IDr payload will be sent | hmac PRF sha init symkey-key@0x7f456000d640 (size 20) | hmac: symkey-key@0x7f456000d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f456000d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a288 | result: clone-key@0x7f456000a510 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x556c50750530 from symkey-key@0x7f456000a510 | hmac prf: begin sha with context 0x556c50750530 from symkey-key@0x7f456000a510 | hmac: release clone-key@0x7f456000a510 | hmac PRF sha crypt-prf@0x556c5076e780 | ****emit IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload | my identity 77 65 73 74 | emitting length of IKEv2 Identification - Initiator - Payload: 12 | idhash calc I2 02 00 00 00 77 65 73 74 | hmac PRF sha update data-bytes@0x556c4f7f0974 (length 8) | 02 00 00 00 77 65 73 74 | hmac PRF sha final-bytes@0x7ffdc298a820 (length 20) | 27 85 85 82 ef b1 a8 5b 23 06 e5 05 c1 47 75 6e | 9a 6f 7b ac | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload | IDr 65 61 73 74 | emitting length of IKEv2 Identification - Responder - Payload: 12 | not sending INITIAL_CONTACT | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | auth method: IKEv2_AUTH_SHARED (0x2) | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_PSK | 1: compared key @east to @west / @east -> 004 | 2: compared key @west to @west / @east -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x556c5075d550 (line=1) | concluding with best_match=014 best=0x556c5075d550 (lineno=1) | inputs to hash1 (first packet) | d7 a7 50 22 b2 e6 a3 46 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 bc 22 00 00 34 | 00 00 00 30 01 01 00 04 03 00 00 10 01 00 00 0c | 80 0e 00 80 80 0e 00 80 03 00 00 08 02 00 00 02 | 03 00 00 08 03 00 00 02 00 00 00 08 04 00 00 0e | 28 00 01 08 00 0e 00 00 82 f8 07 85 6c 3b ee 6b | f9 9e d9 3f b2 9c 05 e5 81 47 60 da 10 52 ac 82 | 42 5b 88 b1 30 09 3c 49 79 79 eb 53 93 cf ff 34 | 7e f2 fd 20 63 34 b1 77 61 3f 5b 9b c5 3f ba 2a | b2 8f 12 3d 4b e8 17 41 66 ae c8 dc 58 40 d8 46 | 2f 1d 23 01 a2 f1 05 f4 2c c1 fb cc 0e 73 36 19 | 8c b1 55 f0 04 c1 8c e3 46 a4 25 67 2f 45 fe 6a | 2e 19 29 3d b8 b6 6b 3a 68 fe 32 d1 51 49 4c 9d | 5c 72 bd 0e bd 5f e4 9a 09 c7 4e 3d 76 a9 9b ce | 65 e1 52 22 df ee 79 80 3a 06 63 a4 c6 1b 96 7b | c1 f5 b6 7a 71 60 d9 c3 62 fc 56 dc c1 e7 e7 05 | c7 40 95 f4 e9 9d 1b af 30 2f 1a 68 2b 94 ad 14 | 8a 18 de df 8f 9b 8e b3 38 2f 5d 7f 91 29 01 a4 | 6f b8 88 51 b8 6b 92 86 ce b6 43 9c 75 4f fe e1 | ca 1f fb 31 9d d4 aa 3b 11 22 95 b5 0a 4e 7c f0 | 39 59 1d 5e 3a ad 75 30 3d 56 e2 ad f7 48 8a 2e | 85 e0 35 4f af 2d e5 4d 29 00 00 24 82 1e 39 68 | ce 24 fd ef 02 2c 26 2a 5d 06 d3 54 09 ff 0d 94 | ff b3 37 1f 0f 56 04 2f dc 7c ff 71 29 00 00 08 | 00 00 40 2e 29 00 00 1c 00 00 40 04 5c a4 70 98 | e4 3b 8f f3 8b 26 84 ce da 97 a3 8f 00 14 0a ac | 00 00 00 1c 00 00 40 05 a6 9a 48 8b 83 1a f6 b9 | fa d7 5c f0 30 ab 4f 31 25 39 12 bc | create: initiator inputs to hash2 (responder nonce) | b5 85 f8 15 14 10 09 cd 00 16 33 6f 47 2b e8 01 | 24 4f dc 01 63 46 6c 18 09 d0 a6 8b db 44 09 73 | idhash 27 85 85 82 ef b1 a8 5b 23 06 e5 05 c1 47 75 6e | idhash 9a 6f 7b ac | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x556c50767d30 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298a080 | result: shared secret-key@0x7f4568006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x7f4568006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a068 | result: shared secret-key@0x7f456000a510 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x7f4568006900 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x556c50750530 from shared secret-key@0x7f456000a510 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x556c50750530 from shared secret-key@0x7f456000a510 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7f456000a510 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x556c5076d230 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x556c4f784bb0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298a0a0 | result: final-key@0x7f4568006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f4568006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a088 | result: final-key@0x7f456000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f4568006900 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7f456000a510 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7f456000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7f456000a510 (size 20) | = prf(, ): -key@0x7f456000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f456000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a098 | result: clone-key@0x7f4568006900 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x556c50750530 from -key@0x7f4568006900 | = prf(, ) prf: begin sha with context 0x556c50750530 from -key@0x7f4568006900 | = prf(, ): release clone-key@0x7f4568006900 | = prf(, ) PRF sha crypt-prf@0x556c5076a920 | = prf(, ) PRF sha update first-packet-bytes@0x556c5076a060 (length 444) | d7 a7 50 22 b2 e6 a3 46 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 bc 22 00 00 34 | 00 00 00 30 01 01 00 04 03 00 00 10 01 00 00 0c | 80 0e 00 80 80 0e 00 80 03 00 00 08 02 00 00 02 | 03 00 00 08 03 00 00 02 00 00 00 08 04 00 00 0e | 28 00 01 08 00 0e 00 00 82 f8 07 85 6c 3b ee 6b | f9 9e d9 3f b2 9c 05 e5 81 47 60 da 10 52 ac 82 | 42 5b 88 b1 30 09 3c 49 79 79 eb 53 93 cf ff 34 | 7e f2 fd 20 63 34 b1 77 61 3f 5b 9b c5 3f ba 2a | b2 8f 12 3d 4b e8 17 41 66 ae c8 dc 58 40 d8 46 | 2f 1d 23 01 a2 f1 05 f4 2c c1 fb cc 0e 73 36 19 | 8c b1 55 f0 04 c1 8c e3 46 a4 25 67 2f 45 fe 6a | 2e 19 29 3d b8 b6 6b 3a 68 fe 32 d1 51 49 4c 9d | 5c 72 bd 0e bd 5f e4 9a 09 c7 4e 3d 76 a9 9b ce | 65 e1 52 22 df ee 79 80 3a 06 63 a4 c6 1b 96 7b | c1 f5 b6 7a 71 60 d9 c3 62 fc 56 dc c1 e7 e7 05 | c7 40 95 f4 e9 9d 1b af 30 2f 1a 68 2b 94 ad 14 | 8a 18 de df 8f 9b 8e b3 38 2f 5d 7f 91 29 01 a4 | 6f b8 88 51 b8 6b 92 86 ce b6 43 9c 75 4f fe e1 | ca 1f fb 31 9d d4 aa 3b 11 22 95 b5 0a 4e 7c f0 | 39 59 1d 5e 3a ad 75 30 3d 56 e2 ad f7 48 8a 2e | 85 e0 35 4f af 2d e5 4d 29 00 00 24 82 1e 39 68 | ce 24 fd ef 02 2c 26 2a 5d 06 d3 54 09 ff 0d 94 | ff b3 37 1f 0f 56 04 2f dc 7c ff 71 29 00 00 08 | 00 00 40 2e 29 00 00 1c 00 00 40 04 5c a4 70 98 | e4 3b 8f f3 8b 26 84 ce da 97 a3 8f 00 14 0a ac | 00 00 00 1c 00 00 40 05 a6 9a 48 8b 83 1a f6 b9 | fa d7 5c f0 30 ab 4f 31 25 39 12 bc | = prf(, ) PRF sha update nonce-bytes@0x556c5076b1c0 (length 32) | b5 85 f8 15 14 10 09 cd 00 16 33 6f 47 2b e8 01 | 24 4f dc 01 63 46 6c 18 09 d0 a6 8b db 44 09 73 | = prf(, ) PRF sha update hash-bytes@0x7ffdc298a820 (length 20) | 27 85 85 82 ef b1 a8 5b 23 06 e5 05 c1 47 75 6e | 9a 6f 7b ac | = prf(, ) PRF sha final-chunk@0x556c5076e780 (length 20) | 87 f6 31 76 35 44 e1 52 b7 59 b5 28 7c 80 19 aa | 94 3b dc 54 | psk_auth: release prf-psk-key@0x7f456000a510 | PSK auth octets 87 f6 31 76 35 44 e1 52 b7 59 b5 28 7c 80 19 aa | PSK auth octets 94 3b dc 54 | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth 87 f6 31 76 35 44 e1 52 b7 59 b5 28 7c 80 19 aa | PSK auth 94 3b dc 54 | emitting length of IKEv2 Authentication Payload: 28 | getting first pending from state #7 | netlink_get_spi: allocated 0x8c0ee0d8 for esp.0@192.1.2.45 | constructing ESP/AH proposals with all DH removed for aes128 (IKE SA initiator emitting ESP/AH proposals) | converting proposal AES_CBC_128-HMAC_SHA1_96-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED "aes128": constructed local ESP/AH proposals for aes128 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Emitting ikev2_proposals ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 8c 0e e0 d8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 40 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 44 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 00 01 00 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 00 01 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 00 02 00 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 00 02 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | adding 16 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0c repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0d repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0e repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0f repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 192 | emitting length of ISAKMP Message: 220 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | d8 9e ab df b4 fc 34 31 7f 97 8f a6 6c 34 cd 89 | data before encryption: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c | 02 00 00 00 65 61 73 74 21 00 00 1c 02 00 00 00 | 87 f6 31 76 35 44 e1 52 b7 59 b5 28 7c 80 19 aa | 94 3b dc 54 2c 00 00 2c 00 00 00 28 01 03 04 03 | 8c 0e e0 d8 03 00 00 0c 01 00 00 0c 80 0e 00 80 | 03 00 00 08 03 00 00 02 00 00 00 08 05 00 00 00 | 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff | c0 00 01 00 c0 00 01 ff 00 00 00 18 01 00 00 00 | 07 00 00 10 00 00 ff ff c0 00 02 00 c0 00 02 ff | 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | c9 fc 9d 31 4d 6a 6f 7e d9 0b 58 f2 39 7e 71 62 | 58 1c 6c 87 2b df 1a 98 e6 da 39 b1 fc 90 57 6a | 1d 52 9b a4 d1 6e 81 1f bb d9 45 be 02 68 fb 67 | 2d 7d df b9 24 da b0 44 61 f9 e6 95 55 16 0c 61 | 64 6c 5d c2 9a 11 9f 88 0f 4f 4c 98 f0 05 4e 54 | 1d 29 71 fb 38 8b fe b1 c9 d5 6d 91 49 c2 b1 11 | 3c a8 12 24 30 65 0b f3 3f 07 ac d3 72 6f 25 6e | cd b4 6a 5f ed 23 ad 40 99 f9 a8 6e 57 29 fe e5 | e7 1f d4 14 c6 40 b2 65 82 35 56 da 43 42 dc a4 | f9 de 64 13 7f f8 8b 2f e8 39 db 9d 41 18 45 c0 | hmac PRF sha init symkey-key@0x556c507543d0 (size 20) | hmac: symkey-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a198 | result: clone-key@0x7f456000a510 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x556c50750530 from symkey-key@0x7f456000a510 | hmac prf: begin sha with context 0x556c50750530 from symkey-key@0x7f456000a510 | hmac: release clone-key@0x7f456000a510 | hmac PRF sha crypt-prf@0x556c5076d230 | hmac PRF sha update data-bytes@0x556c4f7f0940 (length 208) | d7 a7 50 22 b2 e6 a3 46 87 47 c3 68 a9 be 6f 68 | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | d8 9e ab df b4 fc 34 31 7f 97 8f a6 6c 34 cd 89 | c9 fc 9d 31 4d 6a 6f 7e d9 0b 58 f2 39 7e 71 62 | 58 1c 6c 87 2b df 1a 98 e6 da 39 b1 fc 90 57 6a | 1d 52 9b a4 d1 6e 81 1f bb d9 45 be 02 68 fb 67 | 2d 7d df b9 24 da b0 44 61 f9 e6 95 55 16 0c 61 | 64 6c 5d c2 9a 11 9f 88 0f 4f 4c 98 f0 05 4e 54 | 1d 29 71 fb 38 8b fe b1 c9 d5 6d 91 49 c2 b1 11 | 3c a8 12 24 30 65 0b f3 3f 07 ac d3 72 6f 25 6e | cd b4 6a 5f ed 23 ad 40 99 f9 a8 6e 57 29 fe e5 | e7 1f d4 14 c6 40 b2 65 82 35 56 da 43 42 dc a4 | f9 de 64 13 7f f8 8b 2f e8 39 db 9d 41 18 45 c0 | hmac PRF sha final-bytes@0x556c4f7f0a10 (length 20) | e6 9d 34 17 8b 51 e5 45 f2 dc d8 d1 d1 3a 1d fa | bf 72 7f 83 | data being hmac: d7 a7 50 22 b2 e6 a3 46 87 47 c3 68 a9 be 6f 68 | data being hmac: 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | data being hmac: d8 9e ab df b4 fc 34 31 7f 97 8f a6 6c 34 cd 89 | data being hmac: c9 fc 9d 31 4d 6a 6f 7e d9 0b 58 f2 39 7e 71 62 | data being hmac: 58 1c 6c 87 2b df 1a 98 e6 da 39 b1 fc 90 57 6a | data being hmac: 1d 52 9b a4 d1 6e 81 1f bb d9 45 be 02 68 fb 67 | data being hmac: 2d 7d df b9 24 da b0 44 61 f9 e6 95 55 16 0c 61 | data being hmac: 64 6c 5d c2 9a 11 9f 88 0f 4f 4c 98 f0 05 4e 54 | data being hmac: 1d 29 71 fb 38 8b fe b1 c9 d5 6d 91 49 c2 b1 11 | data being hmac: 3c a8 12 24 30 65 0b f3 3f 07 ac d3 72 6f 25 6e | data being hmac: cd b4 6a 5f ed 23 ad 40 99 f9 a8 6e 57 29 fe e5 | data being hmac: e7 1f d4 14 c6 40 b2 65 82 35 56 da 43 42 dc a4 | data being hmac: f9 de 64 13 7f f8 8b 2f e8 39 db 9d 41 18 45 c0 | out calculated auth: | e6 9d 34 17 8b 51 e5 45 f2 dc d8 d1 | suspend processing: state #7 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | start processing: state #8 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #8 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 | child state #8: UNDEFINED(ignore) => PARENT_I2(open IKE SA) | Message ID: updating counters for #8 to 0 after switching state | Message ID: recv #7.#8 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 | Message ID: sent #7.#8 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 "aes128" #8: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_CBC_128 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP2048} | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 220 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #7) | d7 a7 50 22 b2 e6 a3 46 87 47 c3 68 a9 be 6f 68 | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | d8 9e ab df b4 fc 34 31 7f 97 8f a6 6c 34 cd 89 | c9 fc 9d 31 4d 6a 6f 7e d9 0b 58 f2 39 7e 71 62 | 58 1c 6c 87 2b df 1a 98 e6 da 39 b1 fc 90 57 6a | 1d 52 9b a4 d1 6e 81 1f bb d9 45 be 02 68 fb 67 | 2d 7d df b9 24 da b0 44 61 f9 e6 95 55 16 0c 61 | 64 6c 5d c2 9a 11 9f 88 0f 4f 4c 98 f0 05 4e 54 | 1d 29 71 fb 38 8b fe b1 c9 d5 6d 91 49 c2 b1 11 | 3c a8 12 24 30 65 0b f3 3f 07 ac d3 72 6f 25 6e | cd b4 6a 5f ed 23 ad 40 99 f9 a8 6e 57 29 fe e5 | e7 1f d4 14 c6 40 b2 65 82 35 56 da 43 42 dc a4 | f9 de 64 13 7f f8 8b 2f e8 39 db 9d 41 18 45 c0 | e6 9d 34 17 8b 51 e5 45 f2 dc d8 d1 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "aes128" #8: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x7f4554002b20 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #8 | libevent_malloc: new ptr-libevent@0x7f4554006900 size 128 | #8 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49493.09279 | resume sending helper answer for #7 suppresed complete_v2_state_transition() | #7 spent 1.11 milliseconds in resume sending helper answer | stop processing: state #8 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f4568006800 | spent 0.00292 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 204 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | d7 a7 50 22 b2 e6 a3 46 87 47 c3 68 a9 be 6f 68 | 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | 4a 05 d9 8c 87 82 5c f9 08 2f 06 c5 ca a4 de 54 | c1 6f 92 74 d3 46 d9 cf a6 6e 3c 64 f3 d1 8e d0 | 75 13 b8 19 71 9a 14 e1 9c 92 4d 2c 64 ba 1e be | 7b 25 63 4f 6d a1 bc 10 e2 4c 3f d9 c5 4f 12 33 | b9 a0 6c 23 32 e6 44 1d 6b 38 07 0c c9 14 a0 59 | ba a3 57 1e d8 1f 8e 7c 45 7f ca 96 4d 91 b1 e7 | e8 0a db 4e 82 fc 2f 7c 07 e5 bf ce 15 5b 0d b0 | 85 8e 5e 6e 3c 53 0d 4b 14 50 7d 7c 39 32 d3 df | d9 9e 47 3f 5e 48 99 4b 55 b8 66 06 0b 85 aa 90 | 49 a5 9d 44 97 aa 45 4b ff 40 00 d9 8e 99 c2 d4 | 5e f3 ad d3 19 97 a7 26 fa 7f bd 86 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | d7 a7 50 22 b2 e6 a3 46 | responder cookie: | 87 47 c3 68 a9 be 6f 68 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | length: 204 (0xcc) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response | State DB: found IKEv2 state #7 in PARENT_I2 (find_v2_ike_sa) | start processing: state #7 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: found IKEv2 state #8 in PARENT_I2 (find_v2_sa_by_initiator_wip) | suspend processing: state #7 connection "aes128" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | start processing: state #8 connection "aes128" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #8 is idle | #8 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDr (0x24) | flags: none (0x0) | length: 176 (0xb0) | processing payload: ISAKMP_NEXT_v2SK (len=172) | #8 in state PARENT_I2: sent v2I2, expected v2R2 | hmac PRF sha init symkey-key@0x556c5074d280 (size 20) | hmac: symkey-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a0b8 | result: clone-key@0x7f456000a510 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x556c50750530 from symkey-key@0x7f456000a510 | hmac prf: begin sha with context 0x556c50750530 from symkey-key@0x7f456000a510 | hmac: release clone-key@0x7f456000a510 | hmac PRF sha crypt-prf@0x556c5076aef0 | hmac PRF sha update data-bytes@0x556c5076cac0 (length 192) | d7 a7 50 22 b2 e6 a3 46 87 47 c3 68 a9 be 6f 68 | 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | 4a 05 d9 8c 87 82 5c f9 08 2f 06 c5 ca a4 de 54 | c1 6f 92 74 d3 46 d9 cf a6 6e 3c 64 f3 d1 8e d0 | 75 13 b8 19 71 9a 14 e1 9c 92 4d 2c 64 ba 1e be | 7b 25 63 4f 6d a1 bc 10 e2 4c 3f d9 c5 4f 12 33 | b9 a0 6c 23 32 e6 44 1d 6b 38 07 0c c9 14 a0 59 | ba a3 57 1e d8 1f 8e 7c 45 7f ca 96 4d 91 b1 e7 | e8 0a db 4e 82 fc 2f 7c 07 e5 bf ce 15 5b 0d b0 | 85 8e 5e 6e 3c 53 0d 4b 14 50 7d 7c 39 32 d3 df | d9 9e 47 3f 5e 48 99 4b 55 b8 66 06 0b 85 aa 90 | 49 a5 9d 44 97 aa 45 4b ff 40 00 d9 8e 99 c2 d4 | hmac PRF sha final-bytes@0x7ffdc298a280 (length 20) | 5e f3 ad d3 19 97 a7 26 fa 7f bd 86 80 cf 8a 55 | 59 2b 56 32 | data for hmac: d7 a7 50 22 b2 e6 a3 46 87 47 c3 68 a9 be 6f 68 | data for hmac: 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | data for hmac: 4a 05 d9 8c 87 82 5c f9 08 2f 06 c5 ca a4 de 54 | data for hmac: c1 6f 92 74 d3 46 d9 cf a6 6e 3c 64 f3 d1 8e d0 | data for hmac: 75 13 b8 19 71 9a 14 e1 9c 92 4d 2c 64 ba 1e be | data for hmac: 7b 25 63 4f 6d a1 bc 10 e2 4c 3f d9 c5 4f 12 33 | data for hmac: b9 a0 6c 23 32 e6 44 1d 6b 38 07 0c c9 14 a0 59 | data for hmac: ba a3 57 1e d8 1f 8e 7c 45 7f ca 96 4d 91 b1 e7 | data for hmac: e8 0a db 4e 82 fc 2f 7c 07 e5 bf ce 15 5b 0d b0 | data for hmac: 85 8e 5e 6e 3c 53 0d 4b 14 50 7d 7c 39 32 d3 df | data for hmac: d9 9e 47 3f 5e 48 99 4b 55 b8 66 06 0b 85 aa 90 | data for hmac: 49 a5 9d 44 97 aa 45 4b ff 40 00 d9 8e 99 c2 d4 | calculated auth: 5e f3 ad d3 19 97 a7 26 fa 7f bd 86 | provided auth: 5e f3 ad d3 19 97 a7 26 fa 7f bd 86 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 4a 05 d9 8c 87 82 5c f9 08 2f 06 c5 ca a4 de 54 | payload before decryption: | c1 6f 92 74 d3 46 d9 cf a6 6e 3c 64 f3 d1 8e d0 | 75 13 b8 19 71 9a 14 e1 9c 92 4d 2c 64 ba 1e be | 7b 25 63 4f 6d a1 bc 10 e2 4c 3f d9 c5 4f 12 33 | b9 a0 6c 23 32 e6 44 1d 6b 38 07 0c c9 14 a0 59 | ba a3 57 1e d8 1f 8e 7c 45 7f ca 96 4d 91 b1 e7 | e8 0a db 4e 82 fc 2f 7c 07 e5 bf ce 15 5b 0d b0 | 85 8e 5e 6e 3c 53 0d 4b 14 50 7d 7c 39 32 d3 df | d9 9e 47 3f 5e 48 99 4b 55 b8 66 06 0b 85 aa 90 | 49 a5 9d 44 97 aa 45 4b ff 40 00 d9 8e 99 c2 d4 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 27 00 00 0c 02 00 00 00 65 61 73 74 21 00 00 1c | 02 00 00 00 28 b5 68 d9 ff 03 4d 06 34 96 3d 73 | c5 ac 3a 7e a6 59 fe 8e 2c 00 00 2c 00 00 00 28 | 01 03 04 03 17 14 4a d9 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 03 00 00 02 00 00 00 08 | 05 00 00 00 2d 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 01 00 c0 00 01 ff 00 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 02 00 | c0 00 02 ff 00 01 02 03 04 05 06 07 08 09 0a 0b | stripping 12 octets as pad | #8 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) | **parse IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDr (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) | **parse IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | length: 28 (0x1c) | auth method: IKEv2_AUTH_SHARED (0x2) | processing payload: ISAKMP_NEXT_v2AUTH (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | **parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) | flags: none (0x0) | length: 44 (0x2c) | processing payload: ISAKMP_NEXT_v2SA (len=40) | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) | **parse IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSi (len=16) | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) | **parse IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSr (len=16) | selected state microcode Initiator: process IKE_AUTH response | Now let's proceed with state specific processing | calling processor Initiator: process IKE_AUTH response | offered CA: '%none' "aes128" #8: IKEv2 mode peer ID is ID_FQDN: '@east' | hmac PRF sha init symkey-key@0x556c50757800 (size 20) | hmac: symkey-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a1e8 | result: clone-key@0x7f456000a510 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x556c50750530 from symkey-key@0x7f456000a510 | hmac prf: begin sha with context 0x556c50750530 from symkey-key@0x7f456000a510 | hmac: release clone-key@0x7f456000a510 | hmac PRF sha crypt-prf@0x556c5076d210 | idhash auth R2 02 00 00 00 65 61 73 74 | hmac PRF sha update data-bytes@0x556c5076caf4 (length 8) | 02 00 00 00 65 61 73 74 | hmac PRF sha final-bytes@0x7ffdc298a340 (length 20) | 0a 0d 62 2f 01 0b 29 e2 5f 24 61 58 9c 03 ef 4a | 85 39 33 92 | verifying AUTH payload | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to verify PSK with authby=secret | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_PSK | 1: compared key @east to @west / @east -> 004 | 2: compared key @west to @west / @east -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x556c5075d550 (line=1) | concluding with best_match=014 best=0x556c5075d550 (lineno=1) | inputs to hash1 (first packet) | d7 a7 50 22 b2 e6 a3 46 87 47 c3 68 a9 be 6f 68 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 fd 71 14 f4 f5 97 ed 3c b7 91 a1 6c | 6f e9 1e bb da bb d2 f2 a6 e6 60 82 c4 04 1c 2d | 8f b7 54 4d d9 b1 a8 5b 30 6c 05 9e a8 56 5e a7 | e0 66 ac e3 6b 8a 9f a2 e4 f6 8e d4 ac 4e 7c 47 | ab 17 c4 7e f9 74 21 d8 98 ba 34 43 f5 fe c4 5f | 5f f6 12 bc e5 c4 7e a0 ff 76 c7 8c 0e b4 a8 21 | e1 8b 72 cb 08 53 d6 91 e0 37 d9 6f 01 b2 7a 7b | 1b 6c b2 52 de 88 cb 92 e3 98 68 e8 c0 14 3b 0f | f9 04 f4 04 a4 6d a4 75 10 98 75 18 43 78 e4 95 | cf 20 9d 91 59 ad c3 fd 17 9f 6a 57 3a ce d3 53 | 40 ff 80 cd 2f 45 20 0b 35 18 98 3e fd d4 f1 c2 | 5b 24 a6 b4 d3 85 ab 50 66 2f 6e e1 c7 2b 8d 80 | af 44 09 c2 2e e2 62 9c 13 02 df 29 e8 3f 25 ff | 6e cd 77 82 b9 fb 29 ee fb 56 a7 1b 5f 87 17 56 | 10 02 52 9e e1 da 85 62 de 49 8b 3f 6f b5 87 b7 | 0e 34 41 d8 ab 6f 86 6e 66 c3 a5 6c 25 ee bc 3b | 8c ed 35 76 29 00 00 24 b5 85 f8 15 14 10 09 cd | 00 16 33 6f 47 2b e8 01 24 4f dc 01 63 46 6c 18 | 09 d0 a6 8b db 44 09 73 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 00 42 47 e2 c1 d0 6e 87 | b8 13 de 81 fc 7c 57 cb 8f 88 b0 3f 00 00 00 1c | 00 00 40 05 41 99 70 26 41 9f 66 d7 26 d2 c8 30 | 70 c6 45 9d 36 25 fe 9a | verify: initiator inputs to hash2 (initiator nonce) | 82 1e 39 68 ce 24 fd ef 02 2c 26 2a 5d 06 d3 54 | 09 ff 0d 94 ff b3 37 1f 0f 56 04 2f dc 7c ff 71 | idhash 0a 0d 62 2f 01 0b 29 e2 5f 24 61 58 9c 03 ef 4a | idhash 85 39 33 92 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x556c50767d30 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc2989ff0 | result: shared secret-key@0x7f4568006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x7f4568006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc2989fd8 | result: shared secret-key@0x7f456000a510 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x7f4568006900 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x556c50750530 from shared secret-key@0x7f456000a510 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x556c50750530 from shared secret-key@0x7f456000a510 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7f456000a510 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x556c5076aef0 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x556c4f784bb0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298a010 | result: final-key@0x7f4568006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f4568006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc2989ff8 | result: final-key@0x7f456000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f4568006900 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7f456000a510 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7f456000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7f456000a510 (size 20) | = prf(, ): -key@0x7f456000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f456000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a008 | result: clone-key@0x7f4568006900 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x556c50750530 from -key@0x7f4568006900 | = prf(, ) prf: begin sha with context 0x556c50750530 from -key@0x7f4568006900 | = prf(, ): release clone-key@0x7f4568006900 | = prf(, ) PRF sha crypt-prf@0x556c5076a920 | = prf(, ) PRF sha update first-packet-bytes@0x556c5076ac80 (length 440) | d7 a7 50 22 b2 e6 a3 46 87 47 c3 68 a9 be 6f 68 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 fd 71 14 f4 f5 97 ed 3c b7 91 a1 6c | 6f e9 1e bb da bb d2 f2 a6 e6 60 82 c4 04 1c 2d | 8f b7 54 4d d9 b1 a8 5b 30 6c 05 9e a8 56 5e a7 | e0 66 ac e3 6b 8a 9f a2 e4 f6 8e d4 ac 4e 7c 47 | ab 17 c4 7e f9 74 21 d8 98 ba 34 43 f5 fe c4 5f | 5f f6 12 bc e5 c4 7e a0 ff 76 c7 8c 0e b4 a8 21 | e1 8b 72 cb 08 53 d6 91 e0 37 d9 6f 01 b2 7a 7b | 1b 6c b2 52 de 88 cb 92 e3 98 68 e8 c0 14 3b 0f | f9 04 f4 04 a4 6d a4 75 10 98 75 18 43 78 e4 95 | cf 20 9d 91 59 ad c3 fd 17 9f 6a 57 3a ce d3 53 | 40 ff 80 cd 2f 45 20 0b 35 18 98 3e fd d4 f1 c2 | 5b 24 a6 b4 d3 85 ab 50 66 2f 6e e1 c7 2b 8d 80 | af 44 09 c2 2e e2 62 9c 13 02 df 29 e8 3f 25 ff | 6e cd 77 82 b9 fb 29 ee fb 56 a7 1b 5f 87 17 56 | 10 02 52 9e e1 da 85 62 de 49 8b 3f 6f b5 87 b7 | 0e 34 41 d8 ab 6f 86 6e 66 c3 a5 6c 25 ee bc 3b | 8c ed 35 76 29 00 00 24 b5 85 f8 15 14 10 09 cd | 00 16 33 6f 47 2b e8 01 24 4f dc 01 63 46 6c 18 | 09 d0 a6 8b db 44 09 73 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 00 42 47 e2 c1 d0 6e 87 | b8 13 de 81 fc 7c 57 cb 8f 88 b0 3f 00 00 00 1c | 00 00 40 05 41 99 70 26 41 9f 66 d7 26 d2 c8 30 | 70 c6 45 9d 36 25 fe 9a | = prf(, ) PRF sha update nonce-bytes@0x7f4554002af0 (length 32) | 82 1e 39 68 ce 24 fd ef 02 2c 26 2a 5d 06 d3 54 | 09 ff 0d 94 ff b3 37 1f 0f 56 04 2f dc 7c ff 71 | = prf(, ) PRF sha update hash-bytes@0x7ffdc298a340 (length 20) | 0a 0d 62 2f 01 0b 29 e2 5f 24 61 58 9c 03 ef 4a | 85 39 33 92 | = prf(, ) PRF sha final-chunk@0x556c5076d210 (length 20) | 28 b5 68 d9 ff 03 4d 06 34 96 3d 73 c5 ac 3a 7e | a6 59 fe 8e | psk_auth: release prf-psk-key@0x7f456000a510 | Received PSK auth octets | 28 b5 68 d9 ff 03 4d 06 34 96 3d 73 c5 ac 3a 7e | a6 59 fe 8e | Calculated PSK auth octets | 28 b5 68 d9 ff 03 4d 06 34 96 3d 73 c5 ac 3a 7e | a6 59 fe 8e "aes128" #8: Authenticated using authby=secret | parent state #7: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) | #7 will start re-keying in 2638 seconds with margin of 962 seconds (attempting re-key) | state #7 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x556c5076b250 | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f455c002b20 | event_schedule: new EVENT_SA_REKEY-pe@0x7f455c002b20 | inserting event EVENT_SA_REKEY, timeout in 2638 seconds for #7 | libevent_malloc: new ptr-libevent@0x556c5076b250 size 128 | pstats #7 ikev2.ike established | TSi: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 01 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 01 ff | TSi: parsed 1 traffic selectors | TSr: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 02 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 02 ff | TSr: parsed 1 traffic selectors | evaluating our conn="aes128" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | found an acceptable TSi/TSr Traffic Selector | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV6_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.1.0-192.0.1.255 | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV6_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.2.0-192.0.2.255 | using existing local ESP/AH proposals for aes128 (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 1 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 0 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 1 transforms | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH | ***parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 40 (0x28) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI | remote SPI 17 14 4a d9 | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 1 local proposals | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | *****parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED[first-match] | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=17144ad9;ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: NONE=0, found NONE | integ=sha: .key_size=20 encrypt=aes: .key_size=16 .salt_size=0 keymat_len=36 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298a0f0 | result: data=Ni-key@0x7f4568006900 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x7f4568006900 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a0d8 | result: data=Ni-key@0x7f456000a510 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x7f4568006900 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f456000a510 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffdc298a0e0 | result: data+=Nr-key@0x7f4568006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x7f456000a510 | prf+0 PRF sha init key-key@0x556c507594c0 (size 20) | prf+0: key-key@0x556c507594c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c507594c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a008 | result: clone-key@0x7f456000a510 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x556c50750530 from key-key@0x7f456000a510 | prf+0 prf: begin sha with context 0x556c50750530 from key-key@0x7f456000a510 | prf+0: release clone-key@0x7f456000a510 | prf+0 PRF sha crypt-prf@0x556c5076d230 | prf+0 PRF sha update seed-key@0x7f4568006900 (size 64) | prf+0: seed-key@0x7f4568006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f4568006900 | nss hmac digest hack: symkey-key@0x7f4568006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1030185904: fffffffd 7f 50 ffffffd8 ffffffce 3c ffffffc5 33 ffffff89 1e 0d ffffffa2 7f 55 ffffffed ffffffd6 27 ffffffb3 35 09 ffffff9c 7a ffffffdb 6e 67 08 70 ffffffbb 74 0c ffffff84 fffffffb ffffffad ffffff9d 3f 39 ffffffc0 4c ffffff97 ffffffdb 3a ffffff8f ffffff89 5e 17 ffffffe2 ffffffe2 0d ffffffe2 ffffffe6 0a 41 ffffffff 37 6c ffffff94 40 ffffffb7 ffffffe1 21 1e 4f 1d ffffffd7 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 64 bytes at 0x556c5076d4a0 | unwrapped: 82 1e 39 68 ce 24 fd ef 02 2c 26 2a 5d 06 d3 54 | unwrapped: 09 ff 0d 94 ff b3 37 1f 0f 56 04 2f dc 7c ff 71 | unwrapped: b5 85 f8 15 14 10 09 cd 00 16 33 6f 47 2b e8 01 | unwrapped: 24 4f dc 01 63 46 6c 18 09 d0 a6 8b db 44 09 73 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298a010 | result: final-key@0x7f456000eec0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f456000eec0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc2989ff8 | result: final-key@0x7f456000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f456000eec0 | prf+0 PRF sha final-key@0x7f456000a510 (size 20) | prf+0: key-key@0x7f456000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x7f456000a510 | prf+N PRF sha init key-key@0x556c507594c0 (size 20) | prf+N: key-key@0x556c507594c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c507594c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a008 | result: clone-key@0x7f456000eec0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x556c50750530 from key-key@0x7f456000eec0 | prf+N prf: begin sha with context 0x556c50750530 from key-key@0x7f456000eec0 | prf+N: release clone-key@0x7f456000eec0 | prf+N PRF sha crypt-prf@0x556c5076aef0 | prf+N PRF sha update old_t-key@0x7f456000a510 (size 20) | prf+N: old_t-key@0x7f456000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f456000a510 | nss hmac digest hack: symkey-key@0x7f456000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1030185904: ffffff86 ffffffd1 ffffffb7 ffffffcf 54 ffffffa2 77 ffffffab ffffffd0 fffffffd 40 6a ffffffce fffffff0 ffffffe4 ffffff8c ffffff9d ffffffc0 ffffffe3 1f 20 ffffffc8 ffffff8c ffffff8e 16 ffffff96 00 ffffffa6 6e ffffffc1 23 4d | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x556c5076a550 | unwrapped: 94 cd 36 40 50 a9 dd fb 49 ae eb 97 24 77 e1 3e | unwrapped: 73 43 42 75 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f4568006900 (size 64) | prf+N: seed-key@0x7f4568006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f4568006900 | nss hmac digest hack: symkey-key@0x7f4568006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1030185904: fffffffd 7f 50 ffffffd8 ffffffce 3c ffffffc5 33 ffffff89 1e 0d ffffffa2 7f 55 ffffffed ffffffd6 27 ffffffb3 35 09 ffffff9c 7a ffffffdb 6e 67 08 70 ffffffbb 74 0c ffffff84 fffffffb ffffffad ffffff9d 3f 39 ffffffc0 4c ffffff97 ffffffdb 3a ffffff8f ffffff89 5e 17 ffffffe2 ffffffe2 0d ffffffe2 ffffffe6 0a 41 ffffffff 37 6c ffffff94 40 ffffffb7 ffffffe1 21 1e 4f 1d ffffffd7 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 64 bytes at 0x556c50772ef0 | unwrapped: 82 1e 39 68 ce 24 fd ef 02 2c 26 2a 5d 06 d3 54 | unwrapped: 09 ff 0d 94 ff b3 37 1f 0f 56 04 2f dc 7c ff 71 | unwrapped: b5 85 f8 15 14 10 09 cd 00 16 33 6f 47 2b e8 01 | unwrapped: 24 4f dc 01 63 46 6c 18 09 d0 a6 8b db 44 09 73 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298a010 | result: final-key@0x7f45600069f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f45600069f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc2989ff8 | result: final-key@0x7f456000eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f45600069f0 | prf+N PRF sha final-key@0x7f456000eec0 (size 20) | prf+N: key-key@0x7f456000eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f456000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffdc298a088 | result: result-key@0x7f45600069f0 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f456000a510 | prfplus: release old_t[N]-key@0x7f456000a510 | prf+N PRF sha init key-key@0x556c507594c0 (size 20) | prf+N: key-key@0x556c507594c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c507594c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a008 | result: clone-key@0x7f456000a510 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x556c50750530 from key-key@0x7f456000a510 | prf+N prf: begin sha with context 0x556c50750530 from key-key@0x7f456000a510 | prf+N: release clone-key@0x7f456000a510 | prf+N PRF sha crypt-prf@0x556c5076a920 | prf+N PRF sha update old_t-key@0x7f456000eec0 (size 20) | prf+N: old_t-key@0x7f456000eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f456000eec0 | nss hmac digest hack: symkey-key@0x7f456000eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1030185904: 4d ffffff9a 4a 08 76 ffffff82 ffffff86 3f 2c ffffffa3 ffffffe9 15 35 7e 75 3b 07 2f 54 5b 74 ffffffd0 6d 21 49 3a ffffffdb 0d ffffffe7 47 7c ffffff9d | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x556c5076d250 | unwrapped: 06 31 6a 51 dc 5f 4e e9 d8 8d 20 09 52 38 e8 a1 | unwrapped: e0 51 35 b2 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f4568006900 (size 64) | prf+N: seed-key@0x7f4568006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f4568006900 | nss hmac digest hack: symkey-key@0x7f4568006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1030185904: fffffffd 7f 50 ffffffd8 ffffffce 3c ffffffc5 33 ffffff89 1e 0d ffffffa2 7f 55 ffffffed ffffffd6 27 ffffffb3 35 09 ffffff9c 7a ffffffdb 6e 67 08 70 ffffffbb 74 0c ffffff84 fffffffb ffffffad ffffff9d 3f 39 ffffffc0 4c ffffff97 ffffffdb 3a ffffff8f ffffff89 5e 17 ffffffe2 ffffffe2 0d ffffffe2 ffffffe6 0a 41 ffffffff 37 6c ffffff94 40 ffffffb7 ffffffe1 21 1e 4f 1d ffffffd7 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 64 bytes at 0x556c5076d450 | unwrapped: 82 1e 39 68 ce 24 fd ef 02 2c 26 2a 5d 06 d3 54 | unwrapped: 09 ff 0d 94 ff b3 37 1f 0f 56 04 2f dc 7c ff 71 | unwrapped: b5 85 f8 15 14 10 09 cd 00 16 33 6f 47 2b e8 01 | unwrapped: 24 4f dc 01 63 46 6c 18 09 d0 a6 8b db 44 09 73 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298a010 | result: final-key@0x556c50771420 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c50771420 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc2989ff8 | result: final-key@0x7f456000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c50771420 | prf+N PRF sha final-key@0x7f456000a510 (size 20) | prf+N: key-key@0x7f456000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f45600069f0 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffdc298a088 | result: result-key@0x556c50771420 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f45600069f0 | prfplus: release old_t[N]-key@0x7f456000eec0 | prf+N PRF sha init key-key@0x556c507594c0 (size 20) | prf+N: key-key@0x556c507594c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c507594c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a008 | result: clone-key@0x7f456000eec0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x556c50750530 from key-key@0x7f456000eec0 | prf+N prf: begin sha with context 0x556c50750530 from key-key@0x7f456000eec0 | prf+N: release clone-key@0x7f456000eec0 | prf+N PRF sha crypt-prf@0x556c5076aef0 | prf+N PRF sha update old_t-key@0x7f456000a510 (size 20) | prf+N: old_t-key@0x7f456000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f456000a510 | nss hmac digest hack: symkey-key@0x7f456000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1030185904: 26 6b 2a 0c 41 74 22 ffffffea 21 43 fffffffd fffffffb ffffffc0 02 66 3a 12 0c 7f ffffffb5 ffffff8e 3d 56 ffffffe6 37 ffffffbc ffffff92 16 62 5a 04 1a | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x556c50769e30 | unwrapped: 2d e7 d7 7c 62 3c db 0d 36 96 bc 68 30 b8 83 a7 | unwrapped: cc c6 68 6e 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f4568006900 (size 64) | prf+N: seed-key@0x7f4568006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f4568006900 | nss hmac digest hack: symkey-key@0x7f4568006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1030185904: fffffffd 7f 50 ffffffd8 ffffffce 3c ffffffc5 33 ffffff89 1e 0d ffffffa2 7f 55 ffffffed ffffffd6 27 ffffffb3 35 09 ffffff9c 7a ffffffdb 6e 67 08 70 ffffffbb 74 0c ffffff84 fffffffb ffffffad ffffff9d 3f 39 ffffffc0 4c ffffff97 ffffffdb 3a ffffff8f ffffff89 5e 17 ffffffe2 ffffffe2 0d ffffffe2 ffffffe6 0a 41 ffffffff 37 6c ffffff94 40 ffffffb7 ffffffe1 21 1e 4f 1d ffffffd7 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 64 bytes at 0x556c50768610 | unwrapped: 82 1e 39 68 ce 24 fd ef 02 2c 26 2a 5d 06 d3 54 | unwrapped: 09 ff 0d 94 ff b3 37 1f 0f 56 04 2f dc 7c ff 71 | unwrapped: b5 85 f8 15 14 10 09 cd 00 16 33 6f 47 2b e8 01 | unwrapped: 24 4f dc 01 63 46 6c 18 09 d0 a6 8b db 44 09 73 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298a010 | result: final-key@0x7f45600069f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f45600069f0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc2989ff8 | result: final-key@0x7f456000eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f45600069f0 | prf+N PRF sha final-key@0x7f456000eec0 (size 20) | prf+N: key-key@0x7f456000eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c50771420 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffdc298a088 | result: result-key@0x7f45600069f0 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x556c50771420 | prfplus: release old_t[N]-key@0x7f456000a510 | prfplus: release old_t[final]-key@0x7f456000eec0 | child_sa_keymat: release data-key@0x7f4568006900 | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 36-bytes | base: base-key@0x7f45600069f0 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a168 | result: result-key@0x7f4568006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | initiator to responder keys extracting all 36 bytes of key@0x7f4568006900 | initiator to responder keys: symkey-key@0x7f4568006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | initiator to responder keys: new slot-key@0x556c50750fd0 (36-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)1717986918: ffffff86 ffffffd1 ffffffb7 ffffffcf 54 ffffffa2 77 ffffffab ffffffd0 fffffffd 40 6a ffffffce fffffff0 ffffffe4 ffffff8c ffffff9f ffffffc8 69 28 20 ffffffc1 3b ffffffc2 ffffffcc ffffff81 11 4e 53 ffffffb9 41 02 30 4a ffffff99 7f ffffffd6 fffffffa fffffff6 3a ffffffe9 1d ffffffb3 ffffffe9 ffffffdd ffffffd6 31 08 | initiator to responder keys: release slot-key-key@0x556c50750fd0 | initiator to responder keys extracted len 48 bytes at 0x556c50768660 | unwrapped: 94 cd 36 40 50 a9 dd fb 49 ae eb 97 24 77 e1 3e | unwrapped: 73 43 42 75 06 31 6a 51 dc 5f 4e e9 d8 8d 20 09 | unwrapped: 52 38 e8 a1 00 00 00 00 00 00 00 00 00 00 00 00 | ikev2_derive_child_keys: release ikey-key@0x7f4568006900 | key-offset: 36, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 36-bytes | base: base-key@0x7f45600069f0 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a168 | result: result-key@0x7f4568006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | responder to initiator keys: extracting all 36 bytes of key@0x7f4568006900 | responder to initiator keys:: symkey-key@0x7f4568006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | responder to initiator keys:: new slot-key@0x556c50750fd0 (36-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)1717986918: 51 ffffffd0 2e 7c ffffff95 21 73 ffffffd6 ffffff8a 6d ffffffb3 ffffffe3 36 5f ffffffe5 ffffffae 2a 69 06 5a ffffffc9 ffffff80 ffffffde 3a ffffff98 76 34 ffffff94 08 ffffffdb ffffff81 78 ffffffd0 ffffffbe ffffffd2 15 61 ffffffcf ffffffe5 2b ffffffb9 ffffffd5 45 ffffffb0 7f 6a 5e fffffffe | responder to initiator keys:: release slot-key-key@0x556c50750fd0 | responder to initiator keys: extracted len 48 bytes at 0x556c5076e6d0 | unwrapped: e0 51 35 b2 2d e7 d7 7c 62 3c db 0d 36 96 bc 68 | unwrapped: 30 b8 83 a7 cc c6 68 6e 20 88 b7 8e 19 e5 a7 a0 | unwrapped: e6 db 16 49 00 00 00 00 00 00 00 00 00 00 00 00 | ikev2_derive_child_keys: release rkey-key@0x7f4568006900 | ikev2_derive_child_keys: release keymat-key@0x7f45600069f0 | #7 spent 1.79 milliseconds | install_ipsec_sa() for #8: inbound and outbound | could_route called for aes128 (kind=CK_PERMANENT) | FOR_EACH_CONNECTION_... in route_owner | conn aes128 mark 0/00000000, 0/00000000 vs | conn aes128 mark 0/00000000, 0/00000000 | route owner of "aes128" unrouted: NULL; eroute owner: NULL | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'aes128' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.17144ad9@192.1.2.23 included non-error error | set up outgoing SA, ref=0/0 | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'aes128' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.8c0ee0d8@192.1.2.45 included non-error error | priority calculation of connection "aes128" is 0xfe7e7 | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.10000@192.1.2.45 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | set up incoming SA, ref=0/0 | sr for #8: unrouted | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn aes128 mark 0/00000000, 0/00000000 vs | conn aes128 mark 0/00000000, 0/00000000 | route owner of "aes128" unrouted: NULL; eroute owner: NULL | route_and_eroute with c: aes128 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #8 | priority calculation of connection "aes128" is 0xfe7e7 | eroute_connection add eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | running updown command "ipsec _updown" for verb up | command executing up-client | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16400' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x17144ad9 SPI_OUT= | popen cmd is 1025 chars long | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTER: | cmd( 80):FACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west: | cmd( 160):' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT: | cmd( 240):_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16: | cmd( 320):400' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEE: | cmd( 400):R_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK: | cmd( 480):='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PL: | cmd( 560):UTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+U: | cmd( 640):P+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' : | cmd( 720):PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_D: | cmd( 800):NS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' P: | cmd( 880):LUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SH: | cmd( 960):ARED='no' SPI_IN=0x17144ad9 SPI_OUT=0x8c0ee0d8 ipsec _updown 2>&1: | route_and_eroute: firewall_notified: true | running updown command "ipsec _updown" for verb prepare | command executing prepare-client | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16400' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x17144ad | popen cmd is 1030 chars long | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_: | cmd( 80):INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID=': | cmd( 160):@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_C: | cmd( 240):LIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQI: | cmd( 320):D='16400' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUT: | cmd( 400):O_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT: | cmd( 480):_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA=: | cmd( 560):'' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+: | cmd( 640):PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMAN: | cmd( 720):ENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_P: | cmd( 800):EER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER=: | cmd( 880):'0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' V: | cmd( 960):TI_SHARED='no' SPI_IN=0x17144ad9 SPI_OUT=0x8c0ee0d8 ipsec _updown 2>&1: | running updown command "ipsec _updown" for verb route | command executing route-client | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16400' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x17144ad9 SP | popen cmd is 1028 chars long | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_IN: | cmd( 80):TERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@w: | cmd( 160):est' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLI: | cmd( 240):ENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=: | cmd( 320):'16400' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_: | cmd( 400):PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_M: | cmd( 480):ASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='': | cmd( 560): PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PF: | cmd( 640):S+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANEN: | cmd( 720):T' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEE: | cmd( 800):R_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0: | cmd( 880):' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI: | cmd( 960):_SHARED='no' SPI_IN=0x17144ad9 SPI_OUT=0x8c0ee0d8 ipsec _updown 2>&1: | route_and_eroute: instance "aes128", setting eroute_owner {spd=0x556c50768e20,sr=0x556c50768e20} to #8 (was #0) (newest_ipsec_sa=#0) | #7 spent 0.894 milliseconds in install_ipsec_sa() | inR2: instance aes128[0], setting IKEv2 newest_ipsec_sa to #8 (was #0) (spd.eroute=#8) cloned from #7 | state #8 requesting EVENT_RETRANSMIT to be deleted | #8 STATE_PARENT_I2: retransmits: cleared | libevent_free: release ptr-libevent@0x7f4554006900 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f4554002b20 | #8 spent 2.33 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() | [RE]START processing: state #8 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #8 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I | child state #8: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) | Message ID: updating counters for #8 to 1 after switching state | Message ID: recv #7.#8 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 | Message ID: #7.#8 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 | pstats #8 ikev2.child established "aes128" #8: negotiated connection [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] | NAT-T: encaps is 'auto' "aes128" #8: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x17144ad9 <0x8c0ee0d8 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} | releasing whack for #8 (sock=fd@25) | close_any(fd@25) (in release_whack() at state.c:654) | releasing whack and unpending for parent #7 | unpending state #7 connection "aes128" | delete from pending Child SA with 192.1.2.23 "aes128" | removing pending policy for no connection {0x556c507714e0} | close_any(fd@24) (in release_whack() at state.c:654) | #8 will start re-keying in 27829 seconds with margin of 971 seconds (attempting re-key) | event_schedule: new EVENT_SA_REKEY-pe@0x7f4554002b20 | inserting event EVENT_SA_REKEY, timeout in 27829 seconds for #8 | libevent_malloc: new ptr-libevent@0x7f4554006900 size 128 | stop processing: state #8 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #7 spent 2.81 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 2.82 milliseconds in comm_handle_cb() reading and processing packet | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00435 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00268 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.0027 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_STATE_... in show_traffic_status (sort_states) | FOR_EACH_STATE_... in sort_states | get_sa_info esp.8c0ee0d8@192.1.2.45 | get_sa_info esp.17144ad9@192.1.2.23 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0883 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in terminate_a_connection() at terminate.c:69) "aes128": terminating SAs using this connection | connection 'aes128' -POLICY_UP | FOR_EACH_STATE_... in shared_phase1_connection | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #8 | suspend processing: connection "aes128" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #8 connection "aes128" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #8 ikev2.child deleted completed | #8 spent 2.33 milliseconds in total | [RE]START processing: state #8 connection "aes128" from 192.1.2.23:500 (in delete_state() at state.c:879) "aes128" #8: deleting state (STATE_V2_IPSEC_I) aged 0.156s and sending notification | child state #8: V2_IPSEC_I(established CHILD SA) => delete | get_sa_info esp.17144ad9@192.1.2.23 | get_sa_info esp.8c0ee0d8@192.1.2.45 "aes128" #8: ESP traffic information: in=84B out=84B | #8 send IKEv2 delete notification for STATE_V2_IPSEC_I | Opening output PBS informational exchange delete request | **emit ISAKMP Message: | initiator cookie: | d7 a7 50 22 b2 e6 a3 46 | responder cookie: | 87 47 c3 68 a9 be 6f 68 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 2 (0x2) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' | emitting 4 raw bytes of local spis into IKEv2 Delete Payload | local spis 8c 0e e0 d8 | emitting length of IKEv2 Delete Payload: 12 | adding 4 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | c4 bf 2e c2 97 c2 37 0f fa 18 d3 0a 0e 0b ae f4 | data before encryption: | 00 00 00 0c 03 04 00 01 8c 0e e0 d8 00 01 02 03 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 13 8b 63 6d d9 53 6d ab 43 c2 be 2e f5 52 24 86 | hmac PRF sha init symkey-key@0x556c507543d0 (size 20) | hmac: symkey-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc2986fa8 | result: clone-key@0x7f45600069f0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x556c50750530 from symkey-key@0x7f45600069f0 | hmac prf: begin sha with context 0x556c50750530 from symkey-key@0x7f45600069f0 | hmac: release clone-key@0x7f45600069f0 | hmac PRF sha crypt-prf@0x556c50769ff0 | hmac PRF sha update data-bytes@0x7ffdc2987380 (length 64) | d7 a7 50 22 b2 e6 a3 46 87 47 c3 68 a9 be 6f 68 | 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | c4 bf 2e c2 97 c2 37 0f fa 18 d3 0a 0e 0b ae f4 | 13 8b 63 6d d9 53 6d ab 43 c2 be 2e f5 52 24 86 | hmac PRF sha final-bytes@0x7ffdc29873c0 (length 20) | bc 1d f1 df 61 11 3c 57 95 e5 7c 9e 5a 05 c4 2b | 3b 52 6a e8 | data being hmac: d7 a7 50 22 b2 e6 a3 46 87 47 c3 68 a9 be 6f 68 | data being hmac: 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | data being hmac: c4 bf 2e c2 97 c2 37 0f fa 18 d3 0a 0e 0b ae f4 | data being hmac: 13 8b 63 6d d9 53 6d ab 43 c2 be 2e f5 52 24 86 | out calculated auth: | bc 1d f1 df 61 11 3c 57 95 e5 7c 9e | sending 76 bytes for delete notification through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #8) | d7 a7 50 22 b2 e6 a3 46 87 47 c3 68 a9 be 6f 68 | 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | c4 bf 2e c2 97 c2 37 0f fa 18 d3 0a 0e 0b ae f4 | 13 8b 63 6d d9 53 6d ab 43 c2 be 2e f5 52 24 86 | bc 1d f1 df 61 11 3c 57 95 e5 7c 9e | Message ID: IKE #7 sender #8 in send_delete record 'n' sending delete request so forcing IKE nextuse=0->1 and sender msgid=0->0 | Message ID: IKE #7 sender #8 in send_delete hacking around record ' send | Message ID: sent #7 request 2; ike: initiator.sent=1->2 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->2 wip.responder=-1 | state #8 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x7f4554006900 | free_event_entry: release EVENT_SA_REKEY-pe@0x7f4554002b20 | running updown command "ipsec _updown" for verb down | command executing down-client | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16400' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050846' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x17144ad | popen cmd is 1033 chars long | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INT: | cmd( 80):ERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@we: | cmd( 160):st' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIE: | cmd( 240):NT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=': | cmd( 320):16400' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_P: | cmd( 400):EER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MA: | cmd( 480):SK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' : | cmd( 560):PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050846' PLUTO_CONN_POLICY='PSK+ENCRYPT+T: | cmd( 640):UNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PER: | cmd( 720):MANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUT: | cmd( 800):O_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERV: | cmd( 880):ER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no: | cmd( 960):' VTI_SHARED='no' SPI_IN=0x17144ad9 SPI_OUT=0x8c0ee0d8 ipsec _updown 2>&1: | shunt_eroute() called for connection 'aes128' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.1.0/24:0 --0->- 192.0.2.0/24:0 | netlink_shunt_eroute for proto 0, and source 192.0.1.0/24:0 dest 192.0.2.0/24:0 | priority calculation of connection "aes128" is 0xfe7e7 | IPsec Sa SPD priority set to 1042407 | delete esp.17144ad9@192.1.2.23 | netlink response for Del SA esp.17144ad9@192.1.2.23 included non-error error | priority calculation of connection "aes128" is 0xfe7e7 | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | delete esp.8c0ee0d8@192.1.2.45 | netlink response for Del SA esp.8c0ee0d8@192.1.2.45 included non-error error | stop processing: connection "aes128" (BACKGROUND) (in update_state_connection() at connections.c:4037) | start processing: connection NULL (in update_state_connection() at connections.c:4038) | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #8 in V2_IPSEC_I | child state #8: V2_IPSEC_I(established CHILD SA) => UNDEFINED(ignore) | stop processing: state #8 from 192.1.2.23:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x556c507594c0 | delete_state: release st->st_skey_ai_nss-key@0x556c507543d0 | delete_state: release st->st_skey_ar_nss-key@0x556c5074d280 | delete_state: release st->st_skey_ei_nss-key@0x556c5074eb00 | delete_state: release st->st_skey_er_nss-key@0x556c5075ae20 | delete_state: release st->st_skey_pi_nss-key@0x7f456000d640 | delete_state: release st->st_skey_pr_nss-key@0x556c50757800 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #7 | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #7 | start processing: state #7 connection "aes128" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #7 ikev2.ike deleted completed | #7 spent 9.18 milliseconds in total | [RE]START processing: state #7 connection "aes128" from 192.1.2.23:500 (in delete_state() at state.c:879) "aes128" #7: deleting state (STATE_PARENT_I3) aged 0.180s and sending notification | parent state #7: PARENT_I3(established IKE SA) => delete | #7 send IKEv2 delete notification for STATE_PARENT_I3 | Opening output PBS informational exchange delete request | **emit ISAKMP Message: | initiator cookie: | d7 a7 50 22 b2 e6 a3 46 | responder cookie: | 87 47 c3 68 a9 be 6f 68 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 3 (0x3) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_IKE (0x1) | SPI size: 0 (0x0) | number of SPIs: 0 (0x0) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' | emitting length of IKEv2 Delete Payload: 8 | adding 8 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 12 3e 37 8a b9 82 8f 54 49 fb 0f a8 61 a5 dc 8a | data before encryption: | 00 00 00 08 01 00 00 00 00 01 02 03 04 05 06 07 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 6b 3d 13 ca 00 0c 93 01 ed 50 0e 35 c1 f6 64 e9 | hmac PRF sha init symkey-key@0x556c507543d0 (size 20) | hmac: symkey-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc2986fa8 | result: clone-key@0x7f45600069f0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x556c50750530 from symkey-key@0x7f45600069f0 | hmac prf: begin sha with context 0x556c50750530 from symkey-key@0x7f45600069f0 | hmac: release clone-key@0x7f45600069f0 | hmac PRF sha crypt-prf@0x556c5076d210 | hmac PRF sha update data-bytes@0x7ffdc2987380 (length 64) | d7 a7 50 22 b2 e6 a3 46 87 47 c3 68 a9 be 6f 68 | 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | 12 3e 37 8a b9 82 8f 54 49 fb 0f a8 61 a5 dc 8a | 6b 3d 13 ca 00 0c 93 01 ed 50 0e 35 c1 f6 64 e9 | hmac PRF sha final-bytes@0x7ffdc29873c0 (length 20) | 23 54 bc 3c 68 ee 0b b9 90 07 f1 50 46 8e 31 b6 | f8 8f 40 10 | data being hmac: d7 a7 50 22 b2 e6 a3 46 87 47 c3 68 a9 be 6f 68 | data being hmac: 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | data being hmac: 12 3e 37 8a b9 82 8f 54 49 fb 0f a8 61 a5 dc 8a | data being hmac: 6b 3d 13 ca 00 0c 93 01 ed 50 0e 35 c1 f6 64 e9 | out calculated auth: | 23 54 bc 3c 68 ee 0b b9 90 07 f1 50 | sending 76 bytes for delete notification through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #7) | d7 a7 50 22 b2 e6 a3 46 87 47 c3 68 a9 be 6f 68 | 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | 12 3e 37 8a b9 82 8f 54 49 fb 0f a8 61 a5 dc 8a | 6b 3d 13 ca 00 0c 93 01 ed 50 0e 35 c1 f6 64 e9 | 23 54 bc 3c 68 ee 0b b9 90 07 f1 50 | Message ID: IKE #7 sender #7 in send_delete record 'n' sending delete request so forcing IKE nextuse=1->2 and sender msgid=0->1 | Message ID: IKE #7 sender #7 in send_delete hacking around record ' send | Message ID: #7 XXX: expecting sender.wip.initiator 2 == -1 - suspect record'n'send out-of-order?); initiator.sent=3 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=3 wip.responder=-1 | Message ID: sent #7 request 3; ike: initiator.sent=2->3 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=2->3 wip.responder=-1 | state #7 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x556c5076b250 | free_event_entry: release EVENT_SA_REKEY-pe@0x7f455c002b20 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #7 in PARENT_I3 | parent state #7: PARENT_I3(established IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f4554000d60: destroyed | stop processing: state #7 from 192.1.2.23:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x556c5076d180 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x556c507594c0 | delete_state: release st->st_skey_ai_nss-key@0x556c507543d0 | delete_state: release st->st_skey_ar_nss-key@0x556c5074d280 | delete_state: release st->st_skey_ei_nss-key@0x556c5074eb00 | delete_state: release st->st_skey_er_nss-key@0x556c5075ae20 | delete_state: release st->st_skey_pi_nss-key@0x7f456000d640 | delete_state: release st->st_skey_pr_nss-key@0x556c50757800 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 1.31 milliseconds in whack | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00447 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00278 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | d7 a7 50 22 b2 e6 a3 46 87 47 c3 68 a9 be 6f 68 | 2e 20 25 20 00 00 00 02 00 00 00 4c 2a 00 00 30 | 08 b8 3c 8f b4 68 16 1f b8 ef 88 ec fe 2e 86 b9 | 78 14 f3 5a 97 cf 45 38 70 d1 17 f9 c7 d1 28 e7 | 30 e7 d8 53 5d 71 dc 68 25 d7 ea 30 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | d7 a7 50 22 b2 e6 a3 46 | responder cookie: | 87 47 c3 68 a9 be 6f 68 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 2 (0x2) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL response | State DB: IKEv2 state not found (find_v2_ike_sa) packet from 192.1.2.23:500: ISAKMP_v2_INFORMATIONAL message response has no matching IKE SA | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0658 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00168 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | d7 a7 50 22 b2 e6 a3 46 87 47 c3 68 a9 be 6f 68 | 2e 20 25 20 00 00 00 03 00 00 00 4c 00 00 00 30 | 65 b8 b0 01 9c 86 2a 7d 3b 12 3f 20 22 d8 08 5a | a2 8c cf e0 23 d8 fc 1a ab 7a ab 4d 62 f3 b1 47 | a9 fb dc ec 83 d2 1a a1 2b 37 73 1e | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | d7 a7 50 22 b2 e6 a3 46 | responder cookie: | 87 47 c3 68 a9 be 6f 68 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 3 (0x3) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL response | State DB: IKEv2 state not found (find_v2_ike_sa) packet from 192.1.2.23:500: ISAKMP_v2_INFORMATIONAL message response has no matching IKE SA | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0595 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in terminate_a_connection() at terminate.c:69) "aes128": terminating SAs using this connection | connection 'aes128' -POLICY_UP | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | stop processing: connection "aes128" (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | shunt_eroute() called for connection 'aes128' to 'delete' for rt_kind 'unrouted' using protoports 192.0.1.0/24:0 --0->- 192.0.2.0/24:0 | netlink_shunt_eroute for proto 0, and source 192.0.1.0/24:0 dest 192.0.2.0/24:0 | priority calculation of connection "aes128" is 0xfe7e7 | priority calculation of connection "aes128" is 0xfe7e7 | FOR_EACH_CONNECTION_... in route_owner | conn aes128 mark 0/00000000, 0/00000000 vs | conn aes128 mark 0/00000000, 0/00000000 | route owner of "aes128" unrouted: NULL | running updown command "ipsec _updown" for verb unroute | command executing unroute-client | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16400' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT | popen cmd is 1014 chars long | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_: | cmd( 80):INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID=': | cmd( 160):@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_C: | cmd( 240):LIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQI: | cmd( 320):D='16400' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLU: | cmd( 400):TO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIEN: | cmd( 480):T_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA: | cmd( 560):='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL: | cmd( 640):+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANEN: | cmd( 720):T' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEE: | cmd( 800):R_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0: | cmd( 880):' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI: | cmd( 960):_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. | free hp@0x556c50769f20 | flush revival: connection 'aes128' wasn't on the list | stop processing: connection "aes128" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 1.44 milliseconds in whack | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.0132 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing suppress-retransmits + none - bust-mi2+bust-mr2+drop-i2+sa-creation+jacob-two-two+allow-null-none+major-version-bump+minor-version-bump+timeout-on-retransmit+delete-on-retransmit+suppress-retransmits+send-bogus-payload-flag+send-bogus-isakmp-flag+send-no-delete+send-no-ikev2-auth+send-no-xauth-r0+drop-xauth-r0+send-no-main-r2+force-fips+send-key-size-check+send-bogus-dcookie+omit-hash-notify+ignore-hash-notify+ignore-hash-notify-resp+ikev2-exclude-integ-none+ikev2-include-integ-none+replay-duplicates+replay-forward+replay-backward+replay-encrypted+corrupt-encrypted+proposal-parser+add-unknown-payload-to-sa-init+add-unknown-payload-to-auth+add-unknown-payload-to-auth-sk+unknown-payload-critical+allow-dns-insecure+send-pkcs7-thingie+ikev1-del-with-notify+bad-ikev2-auth-xchg | base impairing = none | ike-key-length-attribute: disabled | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0578 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing none + suppress-retransmits | base impairing = suppress-retransmits | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0467 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing suppress-retransmits + none | base impairing = suppress-retransmits | child-key-length-attribute:DUPLICATE | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0529 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection aes128 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_CBC_128-HMAC_SHA1-MODP2048 | from whack: got --esp=aes128-sha1;modp2048 | ESP/AH string values: AES_CBC_128-HMAC_SHA1_96-MODP2048 | counting wild cards for @west is 0 | counting wild cards for @east is 0 | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x556c5076ae40 added connection description "aes128" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.145 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in initiate_a_connection() at initiate.c:186) | connection 'aes128' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #9 at 0x556c50769370 | State DB: adding IKEv2 state #9 in UNDEFINED | pstats #9 ikev2.ike started | Message ID: init #9: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #9: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #9; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #9 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "aes128" IKE SA #9 "aes128" "aes128" #9: initiating v2 parent SA | constructing local IKE proposals for aes128 (IKE SA initiator selecting KE) | converting ike_info AES_CBC_128-HMAC_SHA1-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "aes128": constructed local IKE proposals for aes128 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 9 for state #9 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x556c507686c0 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #9 | libevent_malloc: new ptr-libevent@0x7f4554006900 size 128 | #9 spent 0.116 milliseconds in ikev2_parent_outI1() | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: state #9 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.179 milliseconds in whack | crypto helper 3 resuming | crypto helper 3 starting work-order 9 for state #9 | crypto helper 3 doing build KE and nonce (ikev2_outI1 KE); request ID 9 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f4560002010: created | NSS: Local DH MODP2048 secret (pointer): 0x7f4560002010 | NSS: Public DH wire value: | 3d 34 7f 0f d5 ee 3c db 09 82 c9 2a 8b 2f 57 8b | 2b 82 fb 18 6e 10 a3 9e 88 a3 e9 04 0d 1b 7a 73 | 1a a6 61 68 05 04 9f 5a f4 49 c8 6e 9c da c2 7a | 6b a7 4c a3 28 a2 40 b8 bf f5 49 65 79 a3 d9 c0 | f0 31 90 16 c8 d9 19 d8 df 90 3a 2e 3b 96 b9 3c | f3 62 f7 b2 12 a3 2b 82 07 e1 42 94 d2 65 6b e9 | d0 d1 c9 6a 11 41 3c 84 91 f9 10 7f 2d 1b 74 22 | bd b1 d4 29 dc db a8 4b b4 99 08 62 37 df 82 31 | 22 dd 2a 62 23 31 3d 55 71 21 9e 02 e3 19 93 33 | 1f 32 76 64 86 25 d8 6f 99 2f 5c 96 c4 34 1f fe | ce 6e 8e 63 4d 2b f6 b1 c6 79 7f d0 93 d6 10 c2 | e8 99 ba d0 c3 8e 56 b7 ce 27 30 7c 57 e6 5b 13 | a0 a5 2c 0b 78 19 4f 16 40 b5 31 e7 a9 07 d3 cd | af e0 a6 dd 27 af 6f be d9 94 31 75 be 4c 6a c7 | 4f dc 8d 4a 95 cf f6 5e d4 c7 e4 38 88 96 4c dc | 53 0f 78 f4 3e e0 c5 3f 6b 3a 5d 3c 36 4f 59 f7 | Generated nonce: 16 e7 be db c1 0a 0f b9 2f 16 03 e3 1c 5f ce e0 | Generated nonce: 48 ed c4 b9 8a 65 e1 61 88 9b 1f 5a af be 0b 0f | crypto helper 3 finished build KE and nonce (ikev2_outI1 KE); request ID 9 time elapsed 0.001028 seconds | (#9) spent 1.03 milliseconds in crypto helper computing work-order 9: ikev2_outI1 KE (pcr) | crypto helper 3 sending results from work-order 9 for state #9 to event queue | scheduling resume sending helper answer for #9 | libevent_malloc: new ptr-libevent@0x7f4560011520 size 128 | crypto helper 3 waiting (nothing to do) | processing resume sending helper answer for #9 | start processing: state #9 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 3 replies to request ID 9 | calling continuation function 0x556c4f6f1630 | ikev2_parent_outI1_continue for #9 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f4560002010: transferring ownership from helper KE to state #9 | **emit ISAKMP Message: | initiator cookie: | 3d 05 88 93 fe 15 a1 2e | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection aes128 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 3d 34 7f 0f d5 ee 3c db 09 82 c9 2a 8b 2f 57 8b | ikev2 g^x 2b 82 fb 18 6e 10 a3 9e 88 a3 e9 04 0d 1b 7a 73 | ikev2 g^x 1a a6 61 68 05 04 9f 5a f4 49 c8 6e 9c da c2 7a | ikev2 g^x 6b a7 4c a3 28 a2 40 b8 bf f5 49 65 79 a3 d9 c0 | ikev2 g^x f0 31 90 16 c8 d9 19 d8 df 90 3a 2e 3b 96 b9 3c | ikev2 g^x f3 62 f7 b2 12 a3 2b 82 07 e1 42 94 d2 65 6b e9 | ikev2 g^x d0 d1 c9 6a 11 41 3c 84 91 f9 10 7f 2d 1b 74 22 | ikev2 g^x bd b1 d4 29 dc db a8 4b b4 99 08 62 37 df 82 31 | ikev2 g^x 22 dd 2a 62 23 31 3d 55 71 21 9e 02 e3 19 93 33 | ikev2 g^x 1f 32 76 64 86 25 d8 6f 99 2f 5c 96 c4 34 1f fe | ikev2 g^x ce 6e 8e 63 4d 2b f6 b1 c6 79 7f d0 93 d6 10 c2 | ikev2 g^x e8 99 ba d0 c3 8e 56 b7 ce 27 30 7c 57 e6 5b 13 | ikev2 g^x a0 a5 2c 0b 78 19 4f 16 40 b5 31 e7 a9 07 d3 cd | ikev2 g^x af e0 a6 dd 27 af 6f be d9 94 31 75 be 4c 6a c7 | ikev2 g^x 4f dc 8d 4a 95 cf f6 5e d4 c7 e4 38 88 96 4c dc | ikev2 g^x 53 0f 78 f4 3e e0 c5 3f 6b 3a 5d 3c 36 4f 59 f7 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 16 e7 be db c1 0a 0f b9 2f 16 03 e3 1c 5f ce e0 | IKEv2 nonce 48 ed c4 b9 8a 65 e1 61 88 9b 1f 5a af be 0b 0f | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffdc298a810 (length 8) | 3d 05 88 93 fe 15 a1 2e | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffdc298a818 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffdc298a744 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffdc298a736 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffdc298a7c0 (length 20) | b8 6a e8 e2 1d 5a f4 dd 23 da 69 cf e8 30 cc 76 | c6 0f 8b 4d | natd_hash: hasher=0x556c4f7c77a0(20) | natd_hash: icookie= 3d 05 88 93 fe 15 a1 2e | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= b8 6a e8 e2 1d 5a f4 dd 23 da 69 cf e8 30 cc 76 | natd_hash: hash= c6 0f 8b 4d | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data b8 6a e8 e2 1d 5a f4 dd 23 da 69 cf e8 30 cc 76 | Notify data c6 0f 8b 4d | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffdc298a810 (length 8) | 3d 05 88 93 fe 15 a1 2e | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffdc298a818 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffdc298a744 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffdc298a736 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffdc298a7c0 (length 20) | 55 a4 66 8b e1 77 c3 77 5b da 0b a2 71 da b7 89 | 8f ea cc 6a | natd_hash: hasher=0x556c4f7c77a0(20) | natd_hash: icookie= 3d 05 88 93 fe 15 a1 2e | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 55 a4 66 8b e1 77 c3 77 5b da 0b a2 71 da b7 89 | natd_hash: hash= 8f ea cc 6a | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 55 a4 66 8b e1 77 c3 77 5b da 0b a2 71 da b7 89 | Notify data 8f ea cc 6a | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | stop processing: state #9 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #9 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #9 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #9: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #9 to 4294967295 after switching state | Message ID: IKE #9 skipping update_recv as MD is fake | Message ID: sent #9 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "aes128" #9: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 440 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #9) | 3d 05 88 93 fe 15 a1 2e 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 3d 34 7f 0f d5 ee 3c db 09 82 c9 2a | 8b 2f 57 8b 2b 82 fb 18 6e 10 a3 9e 88 a3 e9 04 | 0d 1b 7a 73 1a a6 61 68 05 04 9f 5a f4 49 c8 6e | 9c da c2 7a 6b a7 4c a3 28 a2 40 b8 bf f5 49 65 | 79 a3 d9 c0 f0 31 90 16 c8 d9 19 d8 df 90 3a 2e | 3b 96 b9 3c f3 62 f7 b2 12 a3 2b 82 07 e1 42 94 | d2 65 6b e9 d0 d1 c9 6a 11 41 3c 84 91 f9 10 7f | 2d 1b 74 22 bd b1 d4 29 dc db a8 4b b4 99 08 62 | 37 df 82 31 22 dd 2a 62 23 31 3d 55 71 21 9e 02 | e3 19 93 33 1f 32 76 64 86 25 d8 6f 99 2f 5c 96 | c4 34 1f fe ce 6e 8e 63 4d 2b f6 b1 c6 79 7f d0 | 93 d6 10 c2 e8 99 ba d0 c3 8e 56 b7 ce 27 30 7c | 57 e6 5b 13 a0 a5 2c 0b 78 19 4f 16 40 b5 31 e7 | a9 07 d3 cd af e0 a6 dd 27 af 6f be d9 94 31 75 | be 4c 6a c7 4f dc 8d 4a 95 cf f6 5e d4 c7 e4 38 | 88 96 4c dc 53 0f 78 f4 3e e0 c5 3f 6b 3a 5d 3c | 36 4f 59 f7 29 00 00 24 16 e7 be db c1 0a 0f b9 | 2f 16 03 e3 1c 5f ce e0 48 ed c4 b9 8a 65 e1 61 | 88 9b 1f 5a af be 0b 0f 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 b8 6a e8 e2 1d 5a f4 dd | 23 da 69 cf e8 30 cc 76 c6 0f 8b 4d 00 00 00 1c | 00 00 40 05 55 a4 66 8b e1 77 c3 77 5b da 0b a2 | 71 da b7 89 8f ea cc 6a | state #9 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f4554006900 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x556c507686c0 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "aes128" #9: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x556c507686c0 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #9 | libevent_malloc: new ptr-libevent@0x7f4554006900 size 128 | #9 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49493.918958 | resume sending helper answer for #9 suppresed complete_v2_state_transition() and stole MD | #9 spent 0.544 milliseconds in resume sending helper answer | stop processing: state #9 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f4560011520 | spent 0.00226 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 3d 05 88 93 fe 15 a1 2e 0c f2 36 c3 98 49 00 79 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 2d 0c f2 be 24 46 6e 43 85 05 d2 40 | d8 37 42 ef e6 e2 50 ee 07 28 a8 23 7c 61 6c a3 | ad 08 82 41 57 5f 4d b8 07 86 ea 0b b1 be 25 d4 | f9 13 ec 11 00 9c 62 9e 3e 75 65 73 a8 4f 63 2a | 8b 11 eb 05 85 d6 7d 52 14 8e da 23 e3 bc 71 03 | 68 2d b1 4a 2b 19 7b b4 0a 5b 97 a7 d4 e0 b5 b0 | 04 16 0b ff b9 07 0f 1f 21 2d a0 31 2d 67 86 a7 | 93 01 fd 19 c4 7e e5 c3 50 7b 3c c7 31 0a e3 fe | aa d6 5d eb 73 4a 88 05 91 b7 e2 a0 1f 02 13 d5 | 2c f9 43 a5 1e 0b 35 11 ca 86 c7 a6 f5 5e f0 0e | 6a 8a ef 21 5c 07 77 3b dc 8f 93 36 04 5a 75 1c | d8 36 9f 17 d3 e1 0b 3e 91 64 52 ca 86 9c da de | ba d2 52 99 ce 22 07 cc 7a be 9f f9 e1 9e 4a 0b | 67 b8 da c2 ed af 8c 83 1e 23 6c 21 55 a5 b0 14 | 75 be e3 f5 70 4c 4a 23 ea 0e 86 8a eb a7 db 43 | 5c 42 ed 6d db 4d 5a 86 ac 71 8f 7a eb e9 30 d7 | 8d 52 4a 4e 29 00 00 24 f7 34 4b 0d b9 c1 88 48 | af 92 5e 42 75 1d 74 ba 30 fa c7 aa 2b 61 2f b2 | 56 d7 33 71 72 82 9b 21 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 a0 49 27 fc 82 1d 21 9e | b4 4a 57 7c 55 d0 45 10 10 5f 71 85 00 00 00 1c | 00 00 40 05 54 a4 71 5f ae 08 f4 6b d1 a6 8a d5 | da 40 71 4a e5 8a 25 26 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d 05 88 93 fe 15 a1 2e | responder cookie: | 0c f2 36 c3 98 49 00 79 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #9 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #9 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #9 connection "aes128" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #9 is idle | #9 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | State DB: re-hashing IKEv2 state #9 IKE SPIi and SPI[ir] | #9 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | Now let's proceed with state specific processing | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | ikev2 parent inR1: calculating g^{xy} in order to send I2 | DH public value received: | 2d 0c f2 be 24 46 6e 43 85 05 d2 40 d8 37 42 ef | e6 e2 50 ee 07 28 a8 23 7c 61 6c a3 ad 08 82 41 | 57 5f 4d b8 07 86 ea 0b b1 be 25 d4 f9 13 ec 11 | 00 9c 62 9e 3e 75 65 73 a8 4f 63 2a 8b 11 eb 05 | 85 d6 7d 52 14 8e da 23 e3 bc 71 03 68 2d b1 4a | 2b 19 7b b4 0a 5b 97 a7 d4 e0 b5 b0 04 16 0b ff | b9 07 0f 1f 21 2d a0 31 2d 67 86 a7 93 01 fd 19 | c4 7e e5 c3 50 7b 3c c7 31 0a e3 fe aa d6 5d eb | 73 4a 88 05 91 b7 e2 a0 1f 02 13 d5 2c f9 43 a5 | 1e 0b 35 11 ca 86 c7 a6 f5 5e f0 0e 6a 8a ef 21 | 5c 07 77 3b dc 8f 93 36 04 5a 75 1c d8 36 9f 17 | d3 e1 0b 3e 91 64 52 ca 86 9c da de ba d2 52 99 | ce 22 07 cc 7a be 9f f9 e1 9e 4a 0b 67 b8 da c2 | ed af 8c 83 1e 23 6c 21 55 a5 b0 14 75 be e3 f5 | 70 4c 4a 23 ea 0e 86 8a eb a7 db 43 5c 42 ed 6d | db 4d 5a 86 ac 71 8f 7a eb e9 30 d7 8d 52 4a 4e | using existing local IKE proposals for connection aes128 (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE initiator (accepting) 1 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..1] of 1 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048[first-match] | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | PRF ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1 | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffdc298a2d0 (length 8) | 3d 05 88 93 fe 15 a1 2e | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffdc298a2d8 (length 8) | 0c f2 36 c3 98 49 00 79 | NATD hash sha digest IP addr-bytes@0x7ffdc298a264 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffdc298a256 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffdc298a2e0 (length 20) | 54 a4 71 5f ae 08 f4 6b d1 a6 8a d5 da 40 71 4a | e5 8a 25 26 | natd_hash: hasher=0x556c4f7c77a0(20) | natd_hash: icookie= 3d 05 88 93 fe 15 a1 2e | natd_hash: rcookie= 0c f2 36 c3 98 49 00 79 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 54 a4 71 5f ae 08 f4 6b d1 a6 8a d5 da 40 71 4a | natd_hash: hash= e5 8a 25 26 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffdc298a2d0 (length 8) | 3d 05 88 93 fe 15 a1 2e | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffdc298a2d8 (length 8) | 0c f2 36 c3 98 49 00 79 | NATD hash sha digest IP addr-bytes@0x7ffdc298a264 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffdc298a256 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffdc298a300 (length 20) | a0 49 27 fc 82 1d 21 9e b4 4a 57 7c 55 d0 45 10 | 10 5f 71 85 | natd_hash: hasher=0x556c4f7c77a0(20) | natd_hash: icookie= 3d 05 88 93 fe 15 a1 2e | natd_hash: rcookie= 0c f2 36 c3 98 49 00 79 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= a0 49 27 fc 82 1d 21 9e b4 4a 57 7c 55 d0 45 10 | natd_hash: hash= 10 5f 71 85 | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA1 integ=HMAC_SHA1_96 cipherkey=AES_CBC | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7f4560002010: transferring ownership from state #9 to helper IKEv2 DH | adding ikev2_inR1outI2 KE work-order 10 for state #9 | state #9 requesting EVENT_RETRANSMIT to be deleted | #9 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x7f4554006900 | free_event_entry: release EVENT_RETRANSMIT-pe@0x556c507686c0 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x556c507686c0 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #9 | libevent_malloc: new ptr-libevent@0x7f4560011520 size 128 | #9 spent 0.279 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() | crypto helper 6 resuming | [RE]START processing: state #9 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #9 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND | suspending state #9 and saving MD | #9 is busy; has a suspended MD | crypto helper 6 starting work-order 10 for state #9 | [RE]START processing: state #9 connection "aes128" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) | "aes128" #9 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | stop processing: state #9 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #9 spent 0.535 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | crypto helper 6 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 10 | peer's g: 2d 0c f2 be 24 46 6e 43 85 05 d2 40 d8 37 42 ef | peer's g: e6 e2 50 ee 07 28 a8 23 7c 61 6c a3 ad 08 82 41 | peer's g: 57 5f 4d b8 07 86 ea 0b b1 be 25 d4 f9 13 ec 11 | peer's g: 00 9c 62 9e 3e 75 65 73 a8 4f 63 2a 8b 11 eb 05 | peer's g: 85 d6 7d 52 14 8e da 23 e3 bc 71 03 68 2d b1 4a | peer's g: 2b 19 7b b4 0a 5b 97 a7 d4 e0 b5 b0 04 16 0b ff | spent 0.554 milliseconds in comm_handle_cb() reading and processing packet | peer's g: b9 07 0f 1f 21 2d a0 31 2d 67 86 a7 93 01 fd 19 | peer's g: c4 7e e5 c3 50 7b 3c c7 31 0a e3 fe aa d6 5d eb | peer's g: 73 4a 88 05 91 b7 e2 a0 1f 02 13 d5 2c f9 43 a5 | peer's g: 1e 0b 35 11 ca 86 c7 a6 f5 5e f0 0e 6a 8a ef 21 | peer's g: 5c 07 77 3b dc 8f 93 36 04 5a 75 1c d8 36 9f 17 | peer's g: d3 e1 0b 3e 91 64 52 ca 86 9c da de ba d2 52 99 | peer's g: ce 22 07 cc 7a be 9f f9 e1 9e 4a 0b 67 b8 da c2 | peer's g: ed af 8c 83 1e 23 6c 21 55 a5 b0 14 75 be e3 f5 | peer's g: 70 4c 4a 23 ea 0e 86 8a eb a7 db 43 5c 42 ed 6d | peer's g: db 4d 5a 86 ac 71 8f 7a eb e9 30 d7 8d 52 4a 4e | Started DH shared-secret computation in NSS: | new : g_ir-key@0x556c50757800 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7f4560002010: computed shared DH secret key@0x556c50757800 | dh-shared : g^ir-key@0x556c50757800 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha integ=sha cipherkey-size=16 salt-size=0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha init Ni | Nr-chunk@0x7f45640039a0 (length 64) | 16 e7 be db c1 0a 0f b9 2f 16 03 e3 1c 5f ce e0 | 48 ed c4 b9 8a 65 e1 61 88 9b 1f 5a af be 0b 0f | f7 34 4b 0d b9 c1 88 48 af 92 5e 42 75 1d 74 ba | 30 fa c7 aa 2b 61 2f b2 56 d7 33 71 72 82 9b 21 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f456fd97670 | result: Ni | Nr-key@0x556c5075ae20 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x556c5075ae20 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f456fd97658 | result: Ni | Nr-key@0x7f456000d640 (64-bytes, SHA_1_HMAC) | Ni | Nr: release tmp-key@0x556c5075ae20 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha context 0x7f4564003aa0 from Ni | Nr-key@0x7f456000d640 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha with context 0x7f4564003aa0 from Ni | Nr-key@0x7f456000d640 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x7f456000d640 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha crypt-prf@0x7f4564000d60 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha update g^ir-key@0x556c50757800 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x556c50757800 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x556c50757800 | nss hmac digest hack: symkey-key@0x556c50757800 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)1876521680: 3e 0f ffffffd1 58 07 ffffffb8 76 fffffffe ffffffbc 52 ffffffe0 25 ffffffe6 fffffff7 ffffff95 7c 59 ffffffcd 48 1c ffffffe1 66 71 ffffff82 59 ffffffe7 1f ffffffab 64 ffffffe6 ffffffb9 68 56 ffffffd2 73 ffffff86 71 01 36 06 6a ffffffc9 ffffffec ffffffc0 ffffffc3 ffffff83 ffffffcf ffffff8c 5e ffffffca 0f ffffffe9 4c 4c ffffff9c ffffff9c 73 ffffffa3 39 39 ffffff9d ffffff8b ffffff95 31 ffffff94 ffffffdd ffffff86 71 ffffffbf 38 1c 79 fffffffe 5c 3f ffffffed ffffffb5 57 ffffff89 ffffffbd ffffff8c ffffff90 ffffffc8 ffffffd6 0c ffffff87 03 56 ffffff80 ffffffc1 56 ffffffbf fffffffe ffffffde 6e ffffff89 ffffffec ffffffea 22 52 ffffffcf 41 ffffffdf ffffffe1 12 ffffffab ffffffd9 43 ffffff93 5e 0e 44 20 ffffffe4 7c ffffffd4 fffffffe 08 ffffffda ffffffed ffffffd3 ffffffcb ffffffd8 1d ffffff90 ffffff82 43 ffffffb5 0c ffffffad fffffffa ffffffea ffffffb6 ffffffc1 64 ffffff92 ffffffd3 5a ffffffc1 ffffffe8 ffffff8c 43 ffffffcb 27 65 7a 02 ffffffe7 7d 6 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 256 bytes at 0x7f4564004520 | unwrapped: bf cf e8 9d 3b 47 7a 98 f1 4a af e7 0e 3b f7 07 | unwrapped: 8f a1 fe 5c 8b 2d f8 2e 97 4f eb 51 24 83 90 eb | unwrapped: 19 6a c1 c3 67 dd ac 6d bc 4c 51 bd ab 33 13 a6 | unwrapped: 10 90 af 90 90 33 19 80 7e 49 37 91 fd 6b 57 ae | unwrapped: f5 e1 6a 2d e6 71 d6 1d 71 80 ea a6 3a f6 a5 14 | unwrapped: 7a 5f 1b bc 58 f3 f3 98 e5 67 e1 33 a4 30 cd 96 | unwrapped: 24 4c 18 b8 52 60 4e 7c 78 b9 14 b8 c8 fb f2 ac | unwrapped: 0c 63 d6 57 02 64 5c 39 28 f8 2d 53 f0 05 9a 0f | unwrapped: 66 fe 3a 7a 39 7b 3a 9d dd fd 3c 04 07 17 10 e7 | unwrapped: 60 73 b3 44 51 ea ca d7 f3 f6 03 c0 ce 42 64 f1 | unwrapped: 95 09 6a f5 16 be c7 0e bb a6 ef bb 5b 6a 99 17 | unwrapped: 30 d9 b2 55 33 7e 4e 59 4b 71 fa 0d 6f 81 f2 7d | unwrapped: 95 82 cd 5b 73 cd f7 51 41 39 af 67 4c d3 50 bf | unwrapped: f6 d7 93 9d 98 03 40 ff d8 4a a8 8a 9c 37 f2 33 | unwrapped: 0c 6b 04 48 c6 f2 c9 8c 7c b8 43 52 bf 86 39 ce | unwrapped: fe ba 8d be a5 db 3c dc d4 ec 62 f9 99 b0 47 47 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f456fd97690 | result: final-key@0x556c5075ae20 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c5075ae20 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f456fd97678 | result: final-key@0x7f456000d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c5075ae20 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha final-key@0x7f456000d640 (size 20) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x7f456000d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f456fd97600 | result: data=Ni-key@0x556c5074eb00 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x556c5074eb00 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f456fd975e8 | result: data=Ni-key@0x556c5075ae20 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x556c5074eb00 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c5075ae20 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f456fd975f0 | result: data+=Nr-key@0x556c5074eb00 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x556c5075ae20 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c5074eb00 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f456fd975f0 | result: data+=SPIi-key@0x556c5075ae20 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x556c5074eb00 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c5075ae20 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f456fd975f0 | result: data+=SPIr-key@0x556c5074eb00 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x556c5075ae20 | prf+0 PRF sha init key-key@0x7f456000d640 (size 20) | prf+0: key-key@0x7f456000d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f456000d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f456fd97518 | result: clone-key@0x556c5075ae20 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f4564003aa0 from key-key@0x556c5075ae20 | prf+0 prf: begin sha with context 0x7f4564003aa0 from key-key@0x556c5075ae20 | prf+0: release clone-key@0x556c5075ae20 | prf+0 PRF sha crypt-prf@0x7f45640017f0 | prf+0 PRF sha update seed-key@0x556c5074eb00 (size 80) | prf+0: seed-key@0x556c5074eb00 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x556c5074eb00 | nss hmac digest hack: symkey-key@0x556c5074eb00 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1876521312: 22 ffffffc9 7b 71 ffffffbf ffffffa6 1b 11 ffffff83 55 ffffffaa ffffffce 5e 26 ffffffe3 6a ffffffb2 14 1d 65 ffffff94 ffffffb7 23 ffffff9f ffffff8d 4a 61 7a ffffffbb 74 ffffffa9 fffffff2 ffffffe7 ffffffa0 63 20 31 ffffff9d 16 fffffffa 59 fffffff1 ffffff90 ffffffb9 53 53 fffffffe ffffff88 ffffffb5 1a 64 ffffff8b 5a ffffffd9 0b 65 ffffffa3 03 0a 6f ffffffbc ffffffa3 04 4e ffffffae 06 fffffffb 70 ffffff8e ffffffe6 0d ffffff8e 03 28 64 6a ffffffbb 18 4c ffffffd6 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 80 bytes at 0x7f45640048a0 | unwrapped: 16 e7 be db c1 0a 0f b9 2f 16 03 e3 1c 5f ce e0 | unwrapped: 48 ed c4 b9 8a 65 e1 61 88 9b 1f 5a af be 0b 0f | unwrapped: f7 34 4b 0d b9 c1 88 48 af 92 5e 42 75 1d 74 ba | unwrapped: 30 fa c7 aa 2b 61 2f b2 56 d7 33 71 72 82 9b 21 | unwrapped: 3d 05 88 93 fe 15 a1 2e 0c f2 36 c3 98 49 00 79 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f456fd97520 | result: final-key@0x556c5074d280 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c5074d280 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f456fd97508 | result: final-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c5074d280 | prf+0 PRF sha final-key@0x556c5075ae20 (size 20) | prf+0: key-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x556c5075ae20 | prf+N PRF sha init key-key@0x7f456000d640 (size 20) | prf+N: key-key@0x7f456000d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f456000d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f456fd97518 | result: clone-key@0x556c5074d280 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f4564003aa0 from key-key@0x556c5074d280 | prf+N prf: begin sha with context 0x7f4564003aa0 from key-key@0x556c5074d280 | prf+N: release clone-key@0x556c5074d280 | prf+N PRF sha crypt-prf@0x7f45640010c0 | prf+N PRF sha update old_t-key@0x556c5075ae20 (size 20) | prf+N: old_t-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x556c5075ae20 | nss hmac digest hack: symkey-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1876521312: ffffffd4 ffffffe7 ffffff81 43 fffffffc fffffffc ffffff8b fffffffd ffffffcd ffffff9b 17 69 03 ffffff8e 7b ffffffd0 ffffffc3 75 fffffff8 4d 0f ffffffe9 ffffffac ffffffaa ffffffa6 6e ffffff81 fffffffb 7d 14 ffffffec 48 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x7f4564004bc0 | unwrapped: 2b 2b 48 42 a3 31 3c 66 91 bf d3 7a 32 4a c5 21 | unwrapped: 46 ca 82 01 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x556c5074eb00 (size 80) | prf+N: seed-key@0x556c5074eb00 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x556c5074eb00 | nss hmac digest hack: symkey-key@0x556c5074eb00 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1876521312: 22 ffffffc9 7b 71 ffffffbf ffffffa6 1b 11 ffffff83 55 ffffffaa ffffffce 5e 26 ffffffe3 6a ffffffb2 14 1d 65 ffffff94 ffffffb7 23 ffffff9f ffffff8d 4a 61 7a ffffffbb 74 ffffffa9 fffffff2 ffffffe7 ffffffa0 63 20 31 ffffff9d 16 fffffffa 59 fffffff1 ffffff90 ffffffb9 53 53 fffffffe ffffff88 ffffffb5 1a 64 ffffff8b 5a ffffffd9 0b 65 ffffffa3 03 0a 6f ffffffbc ffffffa3 04 4e ffffffae 06 fffffffb 70 ffffff8e ffffffe6 0d ffffff8e 03 28 64 6a ffffffbb 18 4c ffffffd6 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 80 bytes at 0x7f4564004840 | unwrapped: 16 e7 be db c1 0a 0f b9 2f 16 03 e3 1c 5f ce e0 | unwrapped: 48 ed c4 b9 8a 65 e1 61 88 9b 1f 5a af be 0b 0f | unwrapped: f7 34 4b 0d b9 c1 88 48 af 92 5e 42 75 1d 74 ba | unwrapped: 30 fa c7 aa 2b 61 2f b2 56 d7 33 71 72 82 9b 21 | unwrapped: 3d 05 88 93 fe 15 a1 2e 0c f2 36 c3 98 49 00 79 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f456fd97520 | result: final-key@0x556c507543d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c507543d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f456fd97508 | result: final-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c507543d0 | prf+N PRF sha final-key@0x556c5074d280 (size 20) | prf+N: key-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f456fd97598 | result: result-key@0x556c507543d0 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x556c5075ae20 | prfplus: release old_t[N]-key@0x556c5075ae20 | prf+N PRF sha init key-key@0x7f456000d640 (size 20) | prf+N: key-key@0x7f456000d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f456000d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f456fd97518 | result: clone-key@0x556c5075ae20 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f4564003aa0 from key-key@0x556c5075ae20 | prf+N prf: begin sha with context 0x7f4564003aa0 from key-key@0x556c5075ae20 | prf+N: release clone-key@0x556c5075ae20 | prf+N PRF sha crypt-prf@0x7f4564002a80 | prf+N PRF sha update old_t-key@0x556c5074d280 (size 20) | prf+N: old_t-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x556c5074d280 | nss hmac digest hack: symkey-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1876521312: ffffffe8 ffffff95 ffffffe8 ffffffa5 1c 4d 5e 3d 47 ffffff94 34 23 29 ffffff9a 65 ffffffad ffffffe5 22 3b ffffffff ffffffbb 2f fffffff8 ffffffd5 ffffffb1 ffffffb5 0a 68 65 fffffff5 ffffffde ffffffd5 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x7f4564006140 | unwrapped: b3 63 5f 1a e7 04 e9 9b bc 61 7f 4c 11 e4 3a bf | unwrapped: 58 b5 bb 48 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x556c5074eb00 (size 80) | prf+N: seed-key@0x556c5074eb00 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x556c5074eb00 | nss hmac digest hack: symkey-key@0x556c5074eb00 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1876521312: 22 ffffffc9 7b 71 ffffffbf ffffffa6 1b 11 ffffff83 55 ffffffaa ffffffce 5e 26 ffffffe3 6a ffffffb2 14 1d 65 ffffff94 ffffffb7 23 ffffff9f ffffff8d 4a 61 7a ffffffbb 74 ffffffa9 fffffff2 ffffffe7 ffffffa0 63 20 31 ffffff9d 16 fffffffa 59 fffffff1 ffffff90 ffffffb9 53 53 fffffffe ffffff88 ffffffb5 1a 64 ffffff8b 5a ffffffd9 0b 65 ffffffa3 03 0a 6f ffffffbc ffffffa3 04 4e ffffffae 06 fffffffb 70 ffffff8e ffffffe6 0d ffffff8e 03 28 64 6a ffffffbb 18 4c ffffffd6 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 80 bytes at 0x7f45640047e0 | unwrapped: 16 e7 be db c1 0a 0f b9 2f 16 03 e3 1c 5f ce e0 | unwrapped: 48 ed c4 b9 8a 65 e1 61 88 9b 1f 5a af be 0b 0f | unwrapped: f7 34 4b 0d b9 c1 88 48 af 92 5e 42 75 1d 74 ba | unwrapped: 30 fa c7 aa 2b 61 2f b2 56 d7 33 71 72 82 9b 21 | unwrapped: 3d 05 88 93 fe 15 a1 2e 0c f2 36 c3 98 49 00 79 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f456fd97520 | result: final-key@0x556c507594c0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c507594c0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f456fd97508 | result: final-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c507594c0 | prf+N PRF sha final-key@0x556c5075ae20 (size 20) | prf+N: key-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c507543d0 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f456fd97598 | result: result-key@0x556c507594c0 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x556c507543d0 | prfplus: release old_t[N]-key@0x556c5074d280 | prf+N PRF sha init key-key@0x7f456000d640 (size 20) | prf+N: key-key@0x7f456000d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f456000d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f456fd97518 | result: clone-key@0x556c5074d280 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f4564003aa0 from key-key@0x556c5074d280 | prf+N prf: begin sha with context 0x7f4564003aa0 from key-key@0x556c5074d280 | prf+N: release clone-key@0x556c5074d280 | prf+N PRF sha crypt-prf@0x7f45640010c0 | prf+N PRF sha update old_t-key@0x556c5075ae20 (size 20) | prf+N: old_t-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x556c5075ae20 | nss hmac digest hack: symkey-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1876521312: ffffffc4 21 ffffffaf 2d 26 ffffff97 fffffffe 4e ffffffd5 ffffffc8 51 ffffffb5 35 00 3f 4b 0d 56 27 ffffffd9 76 59 ffffff81 ffffffe8 36 50 7c 79 6e ffffff8d 0f ffffffe3 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x7f4564006110 | unwrapped: 82 1b c1 b9 6d ef fe 53 56 e8 2e 4c 51 61 9f 81 | unwrapped: c8 6f 1f 6b 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x556c5074eb00 (size 80) | prf+N: seed-key@0x556c5074eb00 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x556c5074eb00 | nss hmac digest hack: symkey-key@0x556c5074eb00 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1876521312: 22 ffffffc9 7b 71 ffffffbf ffffffa6 1b 11 ffffff83 55 ffffffaa ffffffce 5e 26 ffffffe3 6a ffffffb2 14 1d 65 ffffff94 ffffffb7 23 ffffff9f ffffff8d 4a 61 7a ffffffbb 74 ffffffa9 fffffff2 ffffffe7 ffffffa0 63 20 31 ffffff9d 16 fffffffa 59 fffffff1 ffffff90 ffffffb9 53 53 fffffffe ffffff88 ffffffb5 1a 64 ffffff8b 5a ffffffd9 0b 65 ffffffa3 03 0a 6f ffffffbc ffffffa3 04 4e ffffffae 06 fffffffb 70 ffffff8e ffffffe6 0d ffffff8e 03 28 64 6a ffffffbb 18 4c ffffffd6 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 80 bytes at 0x7f4564004780 | unwrapped: 16 e7 be db c1 0a 0f b9 2f 16 03 e3 1c 5f ce e0 | unwrapped: 48 ed c4 b9 8a 65 e1 61 88 9b 1f 5a af be 0b 0f | unwrapped: f7 34 4b 0d b9 c1 88 48 af 92 5e 42 75 1d 74 ba | unwrapped: 30 fa c7 aa 2b 61 2f b2 56 d7 33 71 72 82 9b 21 | unwrapped: 3d 05 88 93 fe 15 a1 2e 0c f2 36 c3 98 49 00 79 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f456fd97520 | result: final-key@0x556c507543d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c507543d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f456fd97508 | result: final-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c507543d0 | prf+N PRF sha final-key@0x556c5074d280 (size 20) | prf+N: key-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c507594c0 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f456fd97598 | result: result-key@0x556c507543d0 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x556c507594c0 | prfplus: release old_t[N]-key@0x556c5075ae20 | prf+N PRF sha init key-key@0x7f456000d640 (size 20) | prf+N: key-key@0x7f456000d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f456000d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f456fd97518 | result: clone-key@0x556c5075ae20 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f4564003aa0 from key-key@0x556c5075ae20 | prf+N prf: begin sha with context 0x7f4564003aa0 from key-key@0x556c5075ae20 | prf+N: release clone-key@0x556c5075ae20 | prf+N PRF sha crypt-prf@0x7f4564002a80 | prf+N PRF sha update old_t-key@0x556c5074d280 (size 20) | prf+N: old_t-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x556c5074d280 | nss hmac digest hack: symkey-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1876521312: 30 5d 48 07 4c ffffffaa 4e ffffff88 ffffffc3 6b 52 68 ffffffd8 55 ffffffba ffffffaa ffffffe2 13 ffffffc3 7f 61 ffffffab 27 52 fffffff5 76 5b 07 3f 1e ffffffcf ffffffd5 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x7f45640063e0 | unwrapped: 62 97 9b 78 37 2d 15 59 7b ef f1 45 9c fc 6e 1f | unwrapped: 64 4f 9c 97 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x556c5074eb00 (size 80) | prf+N: seed-key@0x556c5074eb00 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x556c5074eb00 | nss hmac digest hack: symkey-key@0x556c5074eb00 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1876521312: 22 ffffffc9 7b 71 ffffffbf ffffffa6 1b 11 ffffff83 55 ffffffaa ffffffce 5e 26 ffffffe3 6a ffffffb2 14 1d 65 ffffff94 ffffffb7 23 ffffff9f ffffff8d 4a 61 7a ffffffbb 74 ffffffa9 fffffff2 ffffffe7 ffffffa0 63 20 31 ffffff9d 16 fffffffa 59 fffffff1 ffffff90 ffffffb9 53 53 fffffffe ffffff88 ffffffb5 1a 64 ffffff8b 5a ffffffd9 0b 65 ffffffa3 03 0a 6f ffffffbc ffffffa3 04 4e ffffffae 06 fffffffb 70 ffffff8e ffffffe6 0d ffffff8e 03 28 64 6a ffffffbb 18 4c ffffffd6 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 80 bytes at 0x7f4564001a30 | unwrapped: 16 e7 be db c1 0a 0f b9 2f 16 03 e3 1c 5f ce e0 | unwrapped: 48 ed c4 b9 8a 65 e1 61 88 9b 1f 5a af be 0b 0f | unwrapped: f7 34 4b 0d b9 c1 88 48 af 92 5e 42 75 1d 74 ba | unwrapped: 30 fa c7 aa 2b 61 2f b2 56 d7 33 71 72 82 9b 21 | unwrapped: 3d 05 88 93 fe 15 a1 2e 0c f2 36 c3 98 49 00 79 | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f456fd97520 | result: final-key@0x556c507594c0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c507594c0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f456fd97508 | result: final-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c507594c0 | prf+N PRF sha final-key@0x556c5075ae20 (size 20) | prf+N: key-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c507543d0 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f456fd97598 | result: result-key@0x556c507594c0 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x556c507543d0 | prfplus: release old_t[N]-key@0x556c5074d280 | prf+N PRF sha init key-key@0x7f456000d640 (size 20) | prf+N: key-key@0x7f456000d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f456000d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f456fd97518 | result: clone-key@0x556c5074d280 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f4564005980 from key-key@0x556c5074d280 | prf+N prf: begin sha with context 0x7f4564005980 from key-key@0x556c5074d280 | prf+N: release clone-key@0x556c5074d280 | prf+N PRF sha crypt-prf@0x7f45640010c0 | prf+N PRF sha update old_t-key@0x556c5075ae20 (size 20) | prf+N: old_t-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x556c5075ae20 | nss hmac digest hack: symkey-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1876521312: 46 61 ffffff87 ffffffdf 7b 0e 17 30 6d 62 ffffffaa 6c 30 36 fffffff7 ffffffe6 ffffffa6 67 65 11 fffffffd ffffffe8 ffffffa8 ffffffa6 ffffffef ffffffe5 71 2c 24 0c 2d 29 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x7f4564006730 | unwrapped: 14 b9 cd 43 8f 9d e5 a4 7b 52 8c 4f c2 d6 f3 3b | unwrapped: ad 90 44 12 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x556c5074eb00 (size 80) | prf+N: seed-key@0x556c5074eb00 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x556c5074eb00 | nss hmac digest hack: symkey-key@0x556c5074eb00 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1876521312: 22 ffffffc9 7b 71 ffffffbf ffffffa6 1b 11 ffffff83 55 ffffffaa ffffffce 5e 26 ffffffe3 6a ffffffb2 14 1d 65 ffffff94 ffffffb7 23 ffffff9f ffffff8d 4a 61 7a ffffffbb 74 ffffffa9 fffffff2 ffffffe7 ffffffa0 63 20 31 ffffff9d 16 fffffffa 59 fffffff1 ffffff90 ffffffb9 53 53 fffffffe ffffff88 ffffffb5 1a 64 ffffff8b 5a ffffffd9 0b 65 ffffffa3 03 0a 6f ffffffbc ffffffa3 04 4e ffffffae 06 fffffffb 70 ffffff8e ffffffe6 0d ffffff8e 03 28 64 6a ffffffbb 18 4c ffffffd6 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 80 bytes at 0x7f4564004840 | unwrapped: 16 e7 be db c1 0a 0f b9 2f 16 03 e3 1c 5f ce e0 | unwrapped: 48 ed c4 b9 8a 65 e1 61 88 9b 1f 5a af be 0b 0f | unwrapped: f7 34 4b 0d b9 c1 88 48 af 92 5e 42 75 1d 74 ba | unwrapped: 30 fa c7 aa 2b 61 2f b2 56 d7 33 71 72 82 9b 21 | unwrapped: 3d 05 88 93 fe 15 a1 2e 0c f2 36 c3 98 49 00 79 | prf+N PRF sha update N++-byte@0x6 (6) | 06 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f456fd97520 | result: final-key@0x556c507543d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c507543d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f456fd97508 | result: final-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c507543d0 | prf+N PRF sha final-key@0x556c5074d280 (size 20) | prf+N: key-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c507594c0 (100-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f456fd97598 | result: result-key@0x556c507543d0 (120-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x556c507594c0 | prfplus: release old_t[N]-key@0x556c5075ae20 | prf+N PRF sha init key-key@0x7f456000d640 (size 20) | prf+N: key-key@0x7f456000d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f456000d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f456fd97518 | result: clone-key@0x556c5075ae20 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f4564003aa0 from key-key@0x556c5075ae20 | prf+N prf: begin sha with context 0x7f4564003aa0 from key-key@0x556c5075ae20 | prf+N: release clone-key@0x556c5075ae20 | prf+N PRF sha crypt-prf@0x7f4564002a80 | prf+N PRF sha update old_t-key@0x556c5074d280 (size 20) | prf+N: old_t-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x556c5074d280 | nss hmac digest hack: symkey-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1876521312: ffffffdb 58 ffffff84 ffffffe8 0b 47 ffffff91 2f 48 6c ffffffc1 ffffff92 ffffffe5 ffffffd9 ffffff91 ffffff86 7c 00 53 6c ffffffa6 12 ffffff85 ffffffea ffffffd7 ffffffbc 0e 12 ffffffb5 ffffffce ffffffee ffffff8e | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x7f4564001930 | unwrapped: 9c fa 17 20 93 a1 40 ec 5c 4b fc a4 f7 85 a5 66 | unwrapped: ab 37 a1 3a 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x556c5074eb00 (size 80) | prf+N: seed-key@0x556c5074eb00 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x556c5074eb00 | nss hmac digest hack: symkey-key@0x556c5074eb00 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1876521312: 22 ffffffc9 7b 71 ffffffbf ffffffa6 1b 11 ffffff83 55 ffffffaa ffffffce 5e 26 ffffffe3 6a ffffffb2 14 1d 65 ffffff94 ffffffb7 23 ffffff9f ffffff8d 4a 61 7a ffffffbb 74 ffffffa9 fffffff2 ffffffe7 ffffffa0 63 20 31 ffffff9d 16 fffffffa 59 fffffff1 ffffff90 ffffffb9 53 53 fffffffe ffffff88 ffffffb5 1a 64 ffffff8b 5a ffffffd9 0b 65 ffffffa3 03 0a 6f ffffffbc ffffffa3 04 4e ffffffae 06 fffffffb 70 ffffff8e ffffffe6 0d ffffff8e 03 28 64 6a ffffffbb 18 4c ffffffd6 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 80 bytes at 0x7f4564001a30 | unwrapped: 16 e7 be db c1 0a 0f b9 2f 16 03 e3 1c 5f ce e0 | unwrapped: 48 ed c4 b9 8a 65 e1 61 88 9b 1f 5a af be 0b 0f | unwrapped: f7 34 4b 0d b9 c1 88 48 af 92 5e 42 75 1d 74 ba | unwrapped: 30 fa c7 aa 2b 61 2f b2 56 d7 33 71 72 82 9b 21 | unwrapped: 3d 05 88 93 fe 15 a1 2e 0c f2 36 c3 98 49 00 79 | prf+N PRF sha update N++-byte@0x7 (7) | 07 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f456fd97520 | result: final-key@0x556c507594c0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c507594c0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f456fd97508 | result: final-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c507594c0 | prf+N PRF sha final-key@0x556c5075ae20 (size 20) | prf+N: key-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c507543d0 (120-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f456fd97598 | result: result-key@0x556c507594c0 (140-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x556c507543d0 | prfplus: release old_t[N]-key@0x556c5074d280 | prfplus: release old_t[final]-key@0x556c5075ae20 | ike_sa_keymat: release data-key@0x556c5074eb00 | calc_skeyseed_v2: release skeyseed_k-key@0x7f456000d640 | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c507594c0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f456fd97738 | result: result-key@0x7f456000d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 20, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c507594c0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f456fd97738 | result: result-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 40, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c507594c0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f456fd97738 | result: result-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 60, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x556c507594c0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f456fd97748 | result: SK_ei_k-key@0x556c5074d280 (16-bytes, AES_CBC) | initiator salt NULL key has no bytes | calc_skeyseed_v2: release initiator-salt-key-key@NULL | key-offset: 76, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x556c507594c0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f456fd97748 | result: SK_er_k-key@0x556c507543d0 (16-bytes, AES_CBC) | responder salt NULL key has no bytes | calc_skeyseed_v2: release responder-salt-key-key@NULL | key-offset: 92, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c507594c0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f456fd97748 | result: result-key@0x556c5076d180 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 20 bytes of key@0x556c5076d180 | chunk_SK_pi: symkey-key@0x556c5076d180 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)540291104: ffffff9b 1c 26 ffffffe9 ffffff95 ffffff88 46 67 1a 06 59 3f fffffffc ffffffbe ffffffdd 69 2e 12 26 13 ffffff9c ffffff9e 52 ffffffae ffffff8e 45 ffffffcc 26 1c 64 6b 4b | chunk_SK_pi: release slot-key-key@0x556c50750fd0 | chunk_SK_pi extracted len 32 bytes at 0x7f45640063b0 | unwrapped: c2 d6 f3 3b ad 90 44 12 9c fa 17 20 93 a1 40 ec | unwrapped: 5c 4b fc a4 00 00 00 00 00 00 00 00 00 00 00 00 | key-offset: 112, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c507594c0 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f456fd97748 | result: result-key@0x7f45600069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 20 bytes of key@0x7f45600069f0 | chunk_SK_pr: symkey-key@0x7f45600069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)540291104: 14 5f ffffffab ffffffe3 05 ffffffe7 6d 6a 2e 66 ffffff93 21 5d 4d ffffff87 ffffffee ffffffd4 ffffffb0 ffffffc1 1b 19 75 ffffffcc ffffffdb 69 50 71 fffffff0 ffffff9a ffffffcb ffffffbd ffffffe3 | chunk_SK_pr: release slot-key-key@0x556c50750fd0 | chunk_SK_pr extracted len 32 bytes at 0x7f4564001930 | unwrapped: f7 85 a5 66 ab 37 a1 3a f3 b9 05 77 3b 01 48 68 | unwrapped: 61 16 fb e5 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x556c507594c0 | calc_skeyseed_v2 pointers: shared-key@0x556c50757800, SK_d-key@0x7f456000d640, SK_ai-key@0x556c5074eb00, SK_ar-key@0x556c5075ae20, SK_ei-key@0x556c5074d280, SK_er-key@0x556c507543d0, SK_pi-key@0x556c5076d180, SK_pr-key@0x7f45600069f0 | calc_skeyseed_v2 initiator salt | | calc_skeyseed_v2 responder salt | | calc_skeyseed_v2 SK_pi | c2 d6 f3 3b ad 90 44 12 9c fa 17 20 93 a1 40 ec | 5c 4b fc a4 | calc_skeyseed_v2 SK_pr | f7 85 a5 66 ab 37 a1 3a f3 b9 05 77 3b 01 48 68 | 61 16 fb e5 | crypto helper 6 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 10 time elapsed 0.003177 seconds | (#9) spent 3.16 milliseconds in crypto helper computing work-order 10: ikev2_inR1outI2 KE (pcr) | crypto helper 6 sending results from work-order 10 for state #9 to event queue | scheduling resume sending helper answer for #9 | libevent_malloc: new ptr-libevent@0x7f4564006760 size 128 | crypto helper 6 waiting (nothing to do) | processing resume sending helper answer for #9 | start processing: state #9 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 6 replies to request ID 10 | calling continuation function 0x556c4f6f1630 | ikev2_parent_inR1outI2_continue for #9: calculating g^{xy}, sending I2 | DH secret MODP2048@0x7f4560002010: transferring ownership from helper IKEv2 DH to state #9 | finish_dh_v2: release st_shared_nss-key@NULL | creating state object #10 at 0x556c5076dc10 | State DB: adding IKEv2 state #10 in UNDEFINED | pstats #10 ikev2.child started | duplicating state object #9 "aes128" as #10 for IPSEC SA | #10 setting local endpoint to 192.1.2.45:500 from #9.st_localport (in duplicate_state() at state.c:1481) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x7f456000d640 | duplicate_state: reference st_skey_ai_nss-key@0x556c5074eb00 | duplicate_state: reference st_skey_ar_nss-key@0x556c5075ae20 | duplicate_state: reference st_skey_ei_nss-key@0x556c5074d280 | duplicate_state: reference st_skey_er_nss-key@0x556c507543d0 | duplicate_state: reference st_skey_pi_nss-key@0x556c5076d180 | duplicate_state: reference st_skey_pr_nss-key@0x7f45600069f0 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #9.#10; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #9 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 | Message ID: switch-to #9.#10 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 | state #9 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f4560011520 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x556c507686c0 | event_schedule: new EVENT_SA_REPLACE-pe@0x556c507686c0 | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #9 | libevent_malloc: new ptr-libevent@0x7f4560011520 size 128 | parent state #9: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) | **emit ISAKMP Message: | initiator cookie: | 3d 05 88 93 fe 15 a1 2e | responder cookie: | 0c f2 36 c3 98 49 00 79 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK | IDr payload will be sent | hmac PRF sha init symkey-key@0x556c5076d180 (size 20) | hmac: symkey-key@0x556c5076d180 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c5076d180 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a288 | result: clone-key@0x556c507594c0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x556c50750530 from symkey-key@0x556c507594c0 | hmac prf: begin sha with context 0x556c50750530 from symkey-key@0x556c507594c0 | hmac: release clone-key@0x556c507594c0 | hmac PRF sha crypt-prf@0x556c50769e30 | ****emit IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload | my identity 77 65 73 74 | emitting length of IKEv2 Identification - Initiator - Payload: 12 | idhash calc I2 02 00 00 00 77 65 73 74 | hmac PRF sha update data-bytes@0x556c4f7f0974 (length 8) | 02 00 00 00 77 65 73 74 | hmac PRF sha final-bytes@0x7ffdc298a820 (length 20) | d2 d4 73 97 ac 7d 90 93 59 70 45 44 1f 1d 8d b2 | 7a 1b ed cf | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload | IDr 65 61 73 74 | emitting length of IKEv2 Identification - Responder - Payload: 12 | not sending INITIAL_CONTACT | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | auth method: IKEv2_AUTH_SHARED (0x2) | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_PSK | 1: compared key @east to @west / @east -> 004 | 2: compared key @west to @west / @east -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x556c5075d550 (line=1) | concluding with best_match=014 best=0x556c5075d550 (lineno=1) | inputs to hash1 (first packet) | 3d 05 88 93 fe 15 a1 2e 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 3d 34 7f 0f d5 ee 3c db 09 82 c9 2a | 8b 2f 57 8b 2b 82 fb 18 6e 10 a3 9e 88 a3 e9 04 | 0d 1b 7a 73 1a a6 61 68 05 04 9f 5a f4 49 c8 6e | 9c da c2 7a 6b a7 4c a3 28 a2 40 b8 bf f5 49 65 | 79 a3 d9 c0 f0 31 90 16 c8 d9 19 d8 df 90 3a 2e | 3b 96 b9 3c f3 62 f7 b2 12 a3 2b 82 07 e1 42 94 | d2 65 6b e9 d0 d1 c9 6a 11 41 3c 84 91 f9 10 7f | 2d 1b 74 22 bd b1 d4 29 dc db a8 4b b4 99 08 62 | 37 df 82 31 22 dd 2a 62 23 31 3d 55 71 21 9e 02 | e3 19 93 33 1f 32 76 64 86 25 d8 6f 99 2f 5c 96 | c4 34 1f fe ce 6e 8e 63 4d 2b f6 b1 c6 79 7f d0 | 93 d6 10 c2 e8 99 ba d0 c3 8e 56 b7 ce 27 30 7c | 57 e6 5b 13 a0 a5 2c 0b 78 19 4f 16 40 b5 31 e7 | a9 07 d3 cd af e0 a6 dd 27 af 6f be d9 94 31 75 | be 4c 6a c7 4f dc 8d 4a 95 cf f6 5e d4 c7 e4 38 | 88 96 4c dc 53 0f 78 f4 3e e0 c5 3f 6b 3a 5d 3c | 36 4f 59 f7 29 00 00 24 16 e7 be db c1 0a 0f b9 | 2f 16 03 e3 1c 5f ce e0 48 ed c4 b9 8a 65 e1 61 | 88 9b 1f 5a af be 0b 0f 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 b8 6a e8 e2 1d 5a f4 dd | 23 da 69 cf e8 30 cc 76 c6 0f 8b 4d 00 00 00 1c | 00 00 40 05 55 a4 66 8b e1 77 c3 77 5b da 0b a2 | 71 da b7 89 8f ea cc 6a | create: initiator inputs to hash2 (responder nonce) | f7 34 4b 0d b9 c1 88 48 af 92 5e 42 75 1d 74 ba | 30 fa c7 aa 2b 61 2f b2 56 d7 33 71 72 82 9b 21 | idhash d2 d4 73 97 ac 7d 90 93 59 70 45 44 1f 1d 8d b2 | idhash 7a 1b ed cf | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x556c50767d30 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298a080 | result: shared secret-key@0x7f4568006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x7f4568006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a068 | result: shared secret-key@0x556c507594c0 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x7f4568006900 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x556c50750530 from shared secret-key@0x556c507594c0 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x556c50750530 from shared secret-key@0x556c507594c0 | = prf(,"Key Pad for IKEv2"): release clone-key@0x556c507594c0 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x556c5076b270 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x556c4f784bb0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298a0a0 | result: final-key@0x7f4568006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f4568006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a088 | result: final-key@0x556c507594c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f4568006900 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x556c507594c0 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x556c507594c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x556c507594c0 (size 20) | = prf(, ): -key@0x556c507594c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c507594c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a098 | result: clone-key@0x7f4568006900 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x556c50750530 from -key@0x7f4568006900 | = prf(, ) prf: begin sha with context 0x556c50750530 from -key@0x7f4568006900 | = prf(, ): release clone-key@0x7f4568006900 | = prf(, ) PRF sha crypt-prf@0x556c50768680 | = prf(, ) PRF sha update first-packet-bytes@0x556c5076ac80 (length 440) | 3d 05 88 93 fe 15 a1 2e 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 3d 34 7f 0f d5 ee 3c db 09 82 c9 2a | 8b 2f 57 8b 2b 82 fb 18 6e 10 a3 9e 88 a3 e9 04 | 0d 1b 7a 73 1a a6 61 68 05 04 9f 5a f4 49 c8 6e | 9c da c2 7a 6b a7 4c a3 28 a2 40 b8 bf f5 49 65 | 79 a3 d9 c0 f0 31 90 16 c8 d9 19 d8 df 90 3a 2e | 3b 96 b9 3c f3 62 f7 b2 12 a3 2b 82 07 e1 42 94 | d2 65 6b e9 d0 d1 c9 6a 11 41 3c 84 91 f9 10 7f | 2d 1b 74 22 bd b1 d4 29 dc db a8 4b b4 99 08 62 | 37 df 82 31 22 dd 2a 62 23 31 3d 55 71 21 9e 02 | e3 19 93 33 1f 32 76 64 86 25 d8 6f 99 2f 5c 96 | c4 34 1f fe ce 6e 8e 63 4d 2b f6 b1 c6 79 7f d0 | 93 d6 10 c2 e8 99 ba d0 c3 8e 56 b7 ce 27 30 7c | 57 e6 5b 13 a0 a5 2c 0b 78 19 4f 16 40 b5 31 e7 | a9 07 d3 cd af e0 a6 dd 27 af 6f be d9 94 31 75 | be 4c 6a c7 4f dc 8d 4a 95 cf f6 5e d4 c7 e4 38 | 88 96 4c dc 53 0f 78 f4 3e e0 c5 3f 6b 3a 5d 3c | 36 4f 59 f7 29 00 00 24 16 e7 be db c1 0a 0f b9 | 2f 16 03 e3 1c 5f ce e0 48 ed c4 b9 8a 65 e1 61 | 88 9b 1f 5a af be 0b 0f 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 b8 6a e8 e2 1d 5a f4 dd | 23 da 69 cf e8 30 cc 76 c6 0f 8b 4d 00 00 00 1c | 00 00 40 05 55 a4 66 8b e1 77 c3 77 5b da 0b a2 | 71 da b7 89 8f ea cc 6a | = prf(, ) PRF sha update nonce-bytes@0x556c5076a550 (length 32) | f7 34 4b 0d b9 c1 88 48 af 92 5e 42 75 1d 74 ba | 30 fa c7 aa 2b 61 2f b2 56 d7 33 71 72 82 9b 21 | = prf(, ) PRF sha update hash-bytes@0x7ffdc298a820 (length 20) | d2 d4 73 97 ac 7d 90 93 59 70 45 44 1f 1d 8d b2 | 7a 1b ed cf | = prf(, ) PRF sha final-chunk@0x556c5076b2e0 (length 20) | d8 ad a4 0d 99 fa c5 3e 8c 94 6f 6b 1d 79 80 3b | e0 02 d5 a7 | psk_auth: release prf-psk-key@0x556c507594c0 | PSK auth octets d8 ad a4 0d 99 fa c5 3e 8c 94 6f 6b 1d 79 80 3b | PSK auth octets e0 02 d5 a7 | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth d8 ad a4 0d 99 fa c5 3e 8c 94 6f 6b 1d 79 80 3b | PSK auth e0 02 d5 a7 | emitting length of IKEv2 Authentication Payload: 28 | getting first pending from state #9 | netlink_get_spi: allocated 0xe17d93b3 for esp.0@192.1.2.45 | constructing ESP/AH proposals with all DH removed for aes128 (IKE SA initiator emitting ESP/AH proposals) | converting proposal AES_CBC_128-HMAC_SHA1_96-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED "aes128": constructed local ESP/AH proposals for aes128 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Emitting ikev2_proposals ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi e1 7d 93 b3 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "aes128" #9: IMPAIR: duplicating key-length attribute | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | *******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 16 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 00 01 00 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 00 01 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 00 02 00 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 00 02 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | adding 12 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 192 | emitting length of ISAKMP Message: 220 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | fb 4e 77 f6 ee b9 c5 6a b8 fa 89 a8 96 55 f9 1c | data before encryption: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c | 02 00 00 00 65 61 73 74 21 00 00 1c 02 00 00 00 | d8 ad a4 0d 99 fa c5 3e 8c 94 6f 6b 1d 79 80 3b | e0 02 d5 a7 2c 00 00 30 00 00 00 2c 01 03 04 03 | e1 7d 93 b3 03 00 00 10 01 00 00 0c 80 0e 00 80 | 80 0e 00 80 03 00 00 08 03 00 00 02 00 00 00 08 | 05 00 00 00 2d 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 01 00 c0 00 01 ff 00 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 02 00 | c0 00 02 ff 00 01 02 03 04 05 06 07 08 09 0a 0b | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | af 4a ec e1 2c bd 53 06 e8 12 f2 8a 33 67 8c 22 | 4e f9 58 61 f0 dd b8 bf 17 ed 5d 92 0e 13 12 5b | 61 a2 57 aa a0 80 c4 5e f8 ac b7 37 18 f7 97 a0 | 3f 27 75 81 8c de 88 df 12 7a b3 9d 34 a7 01 4f | 54 46 93 df 6c 4b 37 8c f9 22 d7 30 7d 50 76 56 | 88 c0 b1 1b 0f 4c 6d 04 c4 35 74 e9 2a b0 da e2 | 4e d0 e4 09 06 00 ca 11 08 09 f6 48 9b 5b 54 ab | bf 80 b4 cd 36 b3 67 0f 14 6b e0 28 13 57 05 81 | 34 c4 1e 20 c8 d2 3c fb ab 50 ac c1 71 ef 22 f6 | 42 34 de a1 6a 19 6f 91 c6 d3 5e ae 63 a2 e7 19 | hmac PRF sha init symkey-key@0x556c5074eb00 (size 20) | hmac: symkey-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a198 | result: clone-key@0x556c507594c0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x556c50750530 from symkey-key@0x556c507594c0 | hmac prf: begin sha with context 0x556c50750530 from symkey-key@0x556c507594c0 | hmac: release clone-key@0x556c507594c0 | hmac PRF sha crypt-prf@0x556c5076b270 | hmac PRF sha update data-bytes@0x556c4f7f0940 (length 208) | 3d 05 88 93 fe 15 a1 2e 0c f2 36 c3 98 49 00 79 | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | fb 4e 77 f6 ee b9 c5 6a b8 fa 89 a8 96 55 f9 1c | af 4a ec e1 2c bd 53 06 e8 12 f2 8a 33 67 8c 22 | 4e f9 58 61 f0 dd b8 bf 17 ed 5d 92 0e 13 12 5b | 61 a2 57 aa a0 80 c4 5e f8 ac b7 37 18 f7 97 a0 | 3f 27 75 81 8c de 88 df 12 7a b3 9d 34 a7 01 4f | 54 46 93 df 6c 4b 37 8c f9 22 d7 30 7d 50 76 56 | 88 c0 b1 1b 0f 4c 6d 04 c4 35 74 e9 2a b0 da e2 | 4e d0 e4 09 06 00 ca 11 08 09 f6 48 9b 5b 54 ab | bf 80 b4 cd 36 b3 67 0f 14 6b e0 28 13 57 05 81 | 34 c4 1e 20 c8 d2 3c fb ab 50 ac c1 71 ef 22 f6 | 42 34 de a1 6a 19 6f 91 c6 d3 5e ae 63 a2 e7 19 | hmac PRF sha final-bytes@0x556c4f7f0a10 (length 20) | e6 74 e8 b3 6b fc ee 0f ae 4b c0 21 e2 c4 ad 36 | 2a 71 f2 a8 | data being hmac: 3d 05 88 93 fe 15 a1 2e 0c f2 36 c3 98 49 00 79 | data being hmac: 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | data being hmac: fb 4e 77 f6 ee b9 c5 6a b8 fa 89 a8 96 55 f9 1c | data being hmac: af 4a ec e1 2c bd 53 06 e8 12 f2 8a 33 67 8c 22 | data being hmac: 4e f9 58 61 f0 dd b8 bf 17 ed 5d 92 0e 13 12 5b | data being hmac: 61 a2 57 aa a0 80 c4 5e f8 ac b7 37 18 f7 97 a0 | data being hmac: 3f 27 75 81 8c de 88 df 12 7a b3 9d 34 a7 01 4f | data being hmac: 54 46 93 df 6c 4b 37 8c f9 22 d7 30 7d 50 76 56 | data being hmac: 88 c0 b1 1b 0f 4c 6d 04 c4 35 74 e9 2a b0 da e2 | data being hmac: 4e d0 e4 09 06 00 ca 11 08 09 f6 48 9b 5b 54 ab | data being hmac: bf 80 b4 cd 36 b3 67 0f 14 6b e0 28 13 57 05 81 | data being hmac: 34 c4 1e 20 c8 d2 3c fb ab 50 ac c1 71 ef 22 f6 | data being hmac: 42 34 de a1 6a 19 6f 91 c6 d3 5e ae 63 a2 e7 19 | out calculated auth: | e6 74 e8 b3 6b fc ee 0f ae 4b c0 21 | suspend processing: state #9 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | start processing: state #10 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #10 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 | child state #10: UNDEFINED(ignore) => PARENT_I2(open IKE SA) | Message ID: updating counters for #10 to 0 after switching state | Message ID: recv #9.#10 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 | Message ID: sent #9.#10 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 "aes128" #10: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_CBC_128 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP2048} | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 220 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #9) | 3d 05 88 93 fe 15 a1 2e 0c f2 36 c3 98 49 00 79 | 2e 20 23 08 00 00 00 01 00 00 00 dc 23 00 00 c0 | fb 4e 77 f6 ee b9 c5 6a b8 fa 89 a8 96 55 f9 1c | af 4a ec e1 2c bd 53 06 e8 12 f2 8a 33 67 8c 22 | 4e f9 58 61 f0 dd b8 bf 17 ed 5d 92 0e 13 12 5b | 61 a2 57 aa a0 80 c4 5e f8 ac b7 37 18 f7 97 a0 | 3f 27 75 81 8c de 88 df 12 7a b3 9d 34 a7 01 4f | 54 46 93 df 6c 4b 37 8c f9 22 d7 30 7d 50 76 56 | 88 c0 b1 1b 0f 4c 6d 04 c4 35 74 e9 2a b0 da e2 | 4e d0 e4 09 06 00 ca 11 08 09 f6 48 9b 5b 54 ab | bf 80 b4 cd 36 b3 67 0f 14 6b e0 28 13 57 05 81 | 34 c4 1e 20 c8 d2 3c fb ab 50 ac c1 71 ef 22 f6 | 42 34 de a1 6a 19 6f 91 c6 d3 5e ae 63 a2 e7 19 | e6 74 e8 b3 6b fc ee 0f ae 4b c0 21 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "aes128" #10: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x556c50772e10 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #10 | libevent_malloc: new ptr-libevent@0x7f4568006800 size 128 | #10 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49493.926171 | resume sending helper answer for #9 suppresed complete_v2_state_transition() | #9 spent 1.1 milliseconds in resume sending helper answer | stop processing: state #10 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f4564006760 | spent 0.00243 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 204 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 3d 05 88 93 fe 15 a1 2e 0c f2 36 c3 98 49 00 79 | 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | f2 56 f6 60 57 b1 69 79 e5 8e b7 7e 96 3c b5 09 | 11 98 1b f6 c3 b1 3f 79 81 23 cf e0 28 63 58 29 | 88 b2 59 9c 35 ae 76 72 22 20 7d c3 2a fd 5e 56 | a0 fa fc 58 fc f6 30 20 cc 5e ae ad f3 70 00 f6 | 2b 21 71 a1 8a 9f 3e 27 b9 fc c9 1b 98 53 9a 59 | 4b 19 5f 49 90 ba 70 c4 09 59 dc 78 48 e2 b9 9d | c5 79 eb de f7 5e 40 c2 98 af 95 5d 09 84 47 f2 | 94 6f 72 04 98 63 b3 70 52 d0 e3 84 d5 94 49 a9 | 65 ef ac fc 7a 59 bc 71 59 4c 68 b3 b0 d7 a3 c6 | f3 e1 c1 7c 91 de 37 30 7f 79 64 12 5b bb 6c 9b | 3e 2e 90 58 4d 5b 22 cd 57 a5 cc 9d | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d 05 88 93 fe 15 a1 2e | responder cookie: | 0c f2 36 c3 98 49 00 79 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | length: 204 (0xcc) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response | State DB: found IKEv2 state #9 in PARENT_I2 (find_v2_ike_sa) | start processing: state #9 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: found IKEv2 state #10 in PARENT_I2 (find_v2_sa_by_initiator_wip) | suspend processing: state #9 connection "aes128" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | start processing: state #10 connection "aes128" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #10 is idle | #10 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDr (0x24) | flags: none (0x0) | length: 176 (0xb0) | processing payload: ISAKMP_NEXT_v2SK (len=172) | #10 in state PARENT_I2: sent v2I2, expected v2R2 | hmac PRF sha init symkey-key@0x556c5075ae20 (size 20) | hmac: symkey-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a0b8 | result: clone-key@0x556c507594c0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x556c50750530 from symkey-key@0x556c507594c0 | hmac prf: begin sha with context 0x556c50750530 from symkey-key@0x556c507594c0 | hmac: release clone-key@0x556c507594c0 | hmac PRF sha crypt-prf@0x556c50769fd0 | hmac PRF sha update data-bytes@0x556c5076cac0 (length 192) | 3d 05 88 93 fe 15 a1 2e 0c f2 36 c3 98 49 00 79 | 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | f2 56 f6 60 57 b1 69 79 e5 8e b7 7e 96 3c b5 09 | 11 98 1b f6 c3 b1 3f 79 81 23 cf e0 28 63 58 29 | 88 b2 59 9c 35 ae 76 72 22 20 7d c3 2a fd 5e 56 | a0 fa fc 58 fc f6 30 20 cc 5e ae ad f3 70 00 f6 | 2b 21 71 a1 8a 9f 3e 27 b9 fc c9 1b 98 53 9a 59 | 4b 19 5f 49 90 ba 70 c4 09 59 dc 78 48 e2 b9 9d | c5 79 eb de f7 5e 40 c2 98 af 95 5d 09 84 47 f2 | 94 6f 72 04 98 63 b3 70 52 d0 e3 84 d5 94 49 a9 | 65 ef ac fc 7a 59 bc 71 59 4c 68 b3 b0 d7 a3 c6 | f3 e1 c1 7c 91 de 37 30 7f 79 64 12 5b bb 6c 9b | hmac PRF sha final-bytes@0x7ffdc298a280 (length 20) | 3e 2e 90 58 4d 5b 22 cd 57 a5 cc 9d c8 fe 2b be | e6 8d eb 46 | data for hmac: 3d 05 88 93 fe 15 a1 2e 0c f2 36 c3 98 49 00 79 | data for hmac: 2e 20 23 20 00 00 00 01 00 00 00 cc 24 00 00 b0 | data for hmac: f2 56 f6 60 57 b1 69 79 e5 8e b7 7e 96 3c b5 09 | data for hmac: 11 98 1b f6 c3 b1 3f 79 81 23 cf e0 28 63 58 29 | data for hmac: 88 b2 59 9c 35 ae 76 72 22 20 7d c3 2a fd 5e 56 | data for hmac: a0 fa fc 58 fc f6 30 20 cc 5e ae ad f3 70 00 f6 | data for hmac: 2b 21 71 a1 8a 9f 3e 27 b9 fc c9 1b 98 53 9a 59 | data for hmac: 4b 19 5f 49 90 ba 70 c4 09 59 dc 78 48 e2 b9 9d | data for hmac: c5 79 eb de f7 5e 40 c2 98 af 95 5d 09 84 47 f2 | data for hmac: 94 6f 72 04 98 63 b3 70 52 d0 e3 84 d5 94 49 a9 | data for hmac: 65 ef ac fc 7a 59 bc 71 59 4c 68 b3 b0 d7 a3 c6 | data for hmac: f3 e1 c1 7c 91 de 37 30 7f 79 64 12 5b bb 6c 9b | calculated auth: 3e 2e 90 58 4d 5b 22 cd 57 a5 cc 9d | provided auth: 3e 2e 90 58 4d 5b 22 cd 57 a5 cc 9d | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | f2 56 f6 60 57 b1 69 79 e5 8e b7 7e 96 3c b5 09 | payload before decryption: | 11 98 1b f6 c3 b1 3f 79 81 23 cf e0 28 63 58 29 | 88 b2 59 9c 35 ae 76 72 22 20 7d c3 2a fd 5e 56 | a0 fa fc 58 fc f6 30 20 cc 5e ae ad f3 70 00 f6 | 2b 21 71 a1 8a 9f 3e 27 b9 fc c9 1b 98 53 9a 59 | 4b 19 5f 49 90 ba 70 c4 09 59 dc 78 48 e2 b9 9d | c5 79 eb de f7 5e 40 c2 98 af 95 5d 09 84 47 f2 | 94 6f 72 04 98 63 b3 70 52 d0 e3 84 d5 94 49 a9 | 65 ef ac fc 7a 59 bc 71 59 4c 68 b3 b0 d7 a3 c6 | f3 e1 c1 7c 91 de 37 30 7f 79 64 12 5b bb 6c 9b | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 27 00 00 0c 02 00 00 00 65 61 73 74 21 00 00 1c | 02 00 00 00 65 5f e5 68 e0 3e ef 83 6a 28 f8 36 | ba f9 c4 7f 48 3c d2 24 2c 00 00 2c 00 00 00 28 | 01 03 04 03 4e fe ef 28 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 03 00 00 02 00 00 00 08 | 05 00 00 00 2d 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 01 00 c0 00 01 ff 00 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 02 00 | c0 00 02 ff 00 01 02 03 04 05 06 07 08 09 0a 0b | stripping 12 octets as pad | #10 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) | **parse IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDr (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) | **parse IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | length: 28 (0x1c) | auth method: IKEv2_AUTH_SHARED (0x2) | processing payload: ISAKMP_NEXT_v2AUTH (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | **parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) | flags: none (0x0) | length: 44 (0x2c) | processing payload: ISAKMP_NEXT_v2SA (len=40) | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) | **parse IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSi (len=16) | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) | **parse IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSr (len=16) | selected state microcode Initiator: process IKE_AUTH response | Now let's proceed with state specific processing | calling processor Initiator: process IKE_AUTH response | offered CA: '%none' "aes128" #10: IKEv2 mode peer ID is ID_FQDN: '@east' | hmac PRF sha init symkey-key@0x7f45600069f0 (size 20) | hmac: symkey-key@0x7f45600069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f45600069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a1e8 | result: clone-key@0x556c507594c0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x556c50750530 from symkey-key@0x556c507594c0 | hmac prf: begin sha with context 0x556c50750530 from symkey-key@0x556c507594c0 | hmac: release clone-key@0x556c507594c0 | hmac PRF sha crypt-prf@0x556c50768660 | idhash auth R2 02 00 00 00 65 61 73 74 | hmac PRF sha update data-bytes@0x556c5076caf4 (length 8) | 02 00 00 00 65 61 73 74 | hmac PRF sha final-bytes@0x7ffdc298a340 (length 20) | cc a0 58 95 71 b8 9e 25 99 42 c4 8b 83 e9 0a f7 | 11 80 57 82 | verifying AUTH payload | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to verify PSK with authby=secret | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_PSK | 1: compared key @east to @west / @east -> 004 | 2: compared key @west to @west / @east -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x556c5075d550 (line=1) | concluding with best_match=014 best=0x556c5075d550 (lineno=1) | inputs to hash1 (first packet) | 3d 05 88 93 fe 15 a1 2e 0c f2 36 c3 98 49 00 79 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 2d 0c f2 be 24 46 6e 43 85 05 d2 40 | d8 37 42 ef e6 e2 50 ee 07 28 a8 23 7c 61 6c a3 | ad 08 82 41 57 5f 4d b8 07 86 ea 0b b1 be 25 d4 | f9 13 ec 11 00 9c 62 9e 3e 75 65 73 a8 4f 63 2a | 8b 11 eb 05 85 d6 7d 52 14 8e da 23 e3 bc 71 03 | 68 2d b1 4a 2b 19 7b b4 0a 5b 97 a7 d4 e0 b5 b0 | 04 16 0b ff b9 07 0f 1f 21 2d a0 31 2d 67 86 a7 | 93 01 fd 19 c4 7e e5 c3 50 7b 3c c7 31 0a e3 fe | aa d6 5d eb 73 4a 88 05 91 b7 e2 a0 1f 02 13 d5 | 2c f9 43 a5 1e 0b 35 11 ca 86 c7 a6 f5 5e f0 0e | 6a 8a ef 21 5c 07 77 3b dc 8f 93 36 04 5a 75 1c | d8 36 9f 17 d3 e1 0b 3e 91 64 52 ca 86 9c da de | ba d2 52 99 ce 22 07 cc 7a be 9f f9 e1 9e 4a 0b | 67 b8 da c2 ed af 8c 83 1e 23 6c 21 55 a5 b0 14 | 75 be e3 f5 70 4c 4a 23 ea 0e 86 8a eb a7 db 43 | 5c 42 ed 6d db 4d 5a 86 ac 71 8f 7a eb e9 30 d7 | 8d 52 4a 4e 29 00 00 24 f7 34 4b 0d b9 c1 88 48 | af 92 5e 42 75 1d 74 ba 30 fa c7 aa 2b 61 2f b2 | 56 d7 33 71 72 82 9b 21 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 a0 49 27 fc 82 1d 21 9e | b4 4a 57 7c 55 d0 45 10 10 5f 71 85 00 00 00 1c | 00 00 40 05 54 a4 71 5f ae 08 f4 6b d1 a6 8a d5 | da 40 71 4a e5 8a 25 26 | verify: initiator inputs to hash2 (initiator nonce) | 16 e7 be db c1 0a 0f b9 2f 16 03 e3 1c 5f ce e0 | 48 ed c4 b9 8a 65 e1 61 88 9b 1f 5a af be 0b 0f | idhash cc a0 58 95 71 b8 9e 25 99 42 c4 8b 83 e9 0a f7 | idhash 11 80 57 82 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x556c50767d30 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc2989ff0 | result: shared secret-key@0x7f4568006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x7f4568006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc2989fd8 | result: shared secret-key@0x556c507594c0 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x7f4568006900 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x556c50750530 from shared secret-key@0x556c507594c0 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x556c50750530 from shared secret-key@0x556c507594c0 | = prf(,"Key Pad for IKEv2"): release clone-key@0x556c507594c0 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x556c50769fd0 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x556c4f784bb0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298a010 | result: final-key@0x7f4568006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f4568006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc2989ff8 | result: final-key@0x556c507594c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f4568006900 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x556c507594c0 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x556c507594c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x556c507594c0 (size 20) | = prf(, ): -key@0x556c507594c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c507594c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a008 | result: clone-key@0x7f4568006900 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x556c50750530 from -key@0x7f4568006900 | = prf(, ) prf: begin sha with context 0x556c50750530 from -key@0x7f4568006900 | = prf(, ): release clone-key@0x7f4568006900 | = prf(, ) PRF sha crypt-prf@0x556c50768680 | = prf(, ) PRF sha update first-packet-bytes@0x556c506fc6d0 (length 440) | 3d 05 88 93 fe 15 a1 2e 0c f2 36 c3 98 49 00 79 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 2d 0c f2 be 24 46 6e 43 85 05 d2 40 | d8 37 42 ef e6 e2 50 ee 07 28 a8 23 7c 61 6c a3 | ad 08 82 41 57 5f 4d b8 07 86 ea 0b b1 be 25 d4 | f9 13 ec 11 00 9c 62 9e 3e 75 65 73 a8 4f 63 2a | 8b 11 eb 05 85 d6 7d 52 14 8e da 23 e3 bc 71 03 | 68 2d b1 4a 2b 19 7b b4 0a 5b 97 a7 d4 e0 b5 b0 | 04 16 0b ff b9 07 0f 1f 21 2d a0 31 2d 67 86 a7 | 93 01 fd 19 c4 7e e5 c3 50 7b 3c c7 31 0a e3 fe | aa d6 5d eb 73 4a 88 05 91 b7 e2 a0 1f 02 13 d5 | 2c f9 43 a5 1e 0b 35 11 ca 86 c7 a6 f5 5e f0 0e | 6a 8a ef 21 5c 07 77 3b dc 8f 93 36 04 5a 75 1c | d8 36 9f 17 d3 e1 0b 3e 91 64 52 ca 86 9c da de | ba d2 52 99 ce 22 07 cc 7a be 9f f9 e1 9e 4a 0b | 67 b8 da c2 ed af 8c 83 1e 23 6c 21 55 a5 b0 14 | 75 be e3 f5 70 4c 4a 23 ea 0e 86 8a eb a7 db 43 | 5c 42 ed 6d db 4d 5a 86 ac 71 8f 7a eb e9 30 d7 | 8d 52 4a 4e 29 00 00 24 f7 34 4b 0d b9 c1 88 48 | af 92 5e 42 75 1d 74 ba 30 fa c7 aa 2b 61 2f b2 | 56 d7 33 71 72 82 9b 21 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 a0 49 27 fc 82 1d 21 9e | b4 4a 57 7c 55 d0 45 10 10 5f 71 85 00 00 00 1c | 00 00 40 05 54 a4 71 5f ae 08 f4 6b d1 a6 8a d5 | da 40 71 4a e5 8a 25 26 | = prf(, ) PRF sha update nonce-bytes@0x7f456000a380 (length 32) | 16 e7 be db c1 0a 0f b9 2f 16 03 e3 1c 5f ce e0 | 48 ed c4 b9 8a 65 e1 61 88 9b 1f 5a af be 0b 0f | = prf(, ) PRF sha update hash-bytes@0x7ffdc298a340 (length 20) | cc a0 58 95 71 b8 9e 25 99 42 c4 8b 83 e9 0a f7 | 11 80 57 82 | = prf(, ) PRF sha final-chunk@0x556c50768660 (length 20) | 65 5f e5 68 e0 3e ef 83 6a 28 f8 36 ba f9 c4 7f | 48 3c d2 24 | psk_auth: release prf-psk-key@0x556c507594c0 | Received PSK auth octets | 65 5f e5 68 e0 3e ef 83 6a 28 f8 36 ba f9 c4 7f | 48 3c d2 24 | Calculated PSK auth octets | 65 5f e5 68 e0 3e ef 83 6a 28 f8 36 ba f9 c4 7f | 48 3c d2 24 "aes128" #10: Authenticated using authby=secret | parent state #9: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) | #9 will start re-keying in 2568 seconds with margin of 1032 seconds (attempting re-key) | state #9 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x7f4560011520 | free_event_entry: release EVENT_SA_REPLACE-pe@0x556c507686c0 | event_schedule: new EVENT_SA_REKEY-pe@0x556c507686c0 | inserting event EVENT_SA_REKEY, timeout in 2568 seconds for #9 | libevent_malloc: new ptr-libevent@0x7f4560011520 size 128 | pstats #9 ikev2.ike established | TSi: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 01 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 01 ff | TSi: parsed 1 traffic selectors | TSr: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 02 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 02 ff | TSr: parsed 1 traffic selectors | evaluating our conn="aes128" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | found an acceptable TSi/TSr Traffic Selector | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV6_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.1.0-192.0.1.255 | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV6_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.2.0-192.0.2.255 | using existing local ESP/AH proposals for aes128 (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 1 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 0 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 1 transforms | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH | ***parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 40 (0x28) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI | remote SPI 4e fe ef 28 | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 1 local proposals | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | *****parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED[first-match] | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=4efeef28;ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: NONE=0, found NONE | integ=sha: .key_size=20 encrypt=aes: .key_size=16 .salt_size=0 keymat_len=36 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298a0f0 | result: data=Ni-key@0x7f4568006900 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x7f4568006900 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a0d8 | result: data=Ni-key@0x556c507594c0 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x7f4568006900 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c507594c0 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffdc298a0e0 | result: data+=Nr-key@0x7f4568006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x556c507594c0 | prf+0 PRF sha init key-key@0x7f456000d640 (size 20) | prf+0: key-key@0x7f456000d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f456000d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a008 | result: clone-key@0x556c507594c0 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x556c50750530 from key-key@0x556c507594c0 | prf+0 prf: begin sha with context 0x556c50750530 from key-key@0x556c507594c0 | prf+0: release clone-key@0x556c507594c0 | prf+0 PRF sha crypt-prf@0x556c5076b270 | prf+0 PRF sha update seed-key@0x7f4568006900 (size 64) | prf+0: seed-key@0x7f4568006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f4568006900 | nss hmac digest hack: symkey-key@0x7f4568006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1030185904: 22 ffffffc9 7b 71 ffffffbf ffffffa6 1b 11 ffffff83 55 ffffffaa ffffffce 5e 26 ffffffe3 6a ffffffb2 14 1d 65 ffffff94 ffffffb7 23 ffffff9f ffffff8d 4a 61 7a ffffffbb 74 ffffffa9 fffffff2 ffffffe7 ffffffa0 63 20 31 ffffff9d 16 fffffffa 59 fffffff1 ffffff90 ffffffb9 53 53 fffffffe ffffff88 ffffffb5 1a 64 ffffff8b 5a ffffffd9 0b 65 ffffffa3 03 0a 6f ffffffbc ffffffa3 04 4e | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 64 bytes at 0x556c5076d400 | unwrapped: 16 e7 be db c1 0a 0f b9 2f 16 03 e3 1c 5f ce e0 | unwrapped: 48 ed c4 b9 8a 65 e1 61 88 9b 1f 5a af be 0b 0f | unwrapped: f7 34 4b 0d b9 c1 88 48 af 92 5e 42 75 1d 74 ba | unwrapped: 30 fa c7 aa 2b 61 2f b2 56 d7 33 71 72 82 9b 21 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298a010 | result: final-key@0x7f456000eec0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f456000eec0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc2989ff8 | result: final-key@0x556c507594c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f456000eec0 | prf+0 PRF sha final-key@0x556c507594c0 (size 20) | prf+0: key-key@0x556c507594c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x556c507594c0 | prf+N PRF sha init key-key@0x7f456000d640 (size 20) | prf+N: key-key@0x7f456000d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f456000d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a008 | result: clone-key@0x7f456000eec0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x556c50750530 from key-key@0x7f456000eec0 | prf+N prf: begin sha with context 0x556c50750530 from key-key@0x7f456000eec0 | prf+N: release clone-key@0x7f456000eec0 | prf+N PRF sha crypt-prf@0x556c50769fd0 | prf+N PRF sha update old_t-key@0x556c507594c0 (size 20) | prf+N: old_t-key@0x556c507594c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x556c507594c0 | nss hmac digest hack: symkey-key@0x556c507594c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1030185904: 03 ffffffba 30 ffffffc1 44 fffffffd 75 ffffff85 ffffff81 2c 6e ffffffd0 36 19 ffffffc4 ffffff84 4e 23 78 32 6a fffffff2 79 29 fffffff0 1b 59 09 ffffffe5 60 1f ffffff81 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x556c5076b2b0 | unwrapped: 23 9e 41 cc 18 21 ab 8a 59 37 06 17 72 df 77 0f | unwrapped: 7e a6 a8 b2 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f4568006900 (size 64) | prf+N: seed-key@0x7f4568006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f4568006900 | nss hmac digest hack: symkey-key@0x7f4568006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1030185904: 22 ffffffc9 7b 71 ffffffbf ffffffa6 1b 11 ffffff83 55 ffffffaa ffffffce 5e 26 ffffffe3 6a ffffffb2 14 1d 65 ffffff94 ffffffb7 23 ffffff9f ffffff8d 4a 61 7a ffffffbb 74 ffffffa9 fffffff2 ffffffe7 ffffffa0 63 20 31 ffffff9d 16 fffffffa 59 fffffff1 ffffff90 ffffffb9 53 53 fffffffe ffffff88 ffffffb5 1a 64 ffffff8b 5a ffffffd9 0b 65 ffffffa3 03 0a 6f ffffffbc ffffffa3 04 4e | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 64 bytes at 0x556c5076d4a0 | unwrapped: 16 e7 be db c1 0a 0f b9 2f 16 03 e3 1c 5f ce e0 | unwrapped: 48 ed c4 b9 8a 65 e1 61 88 9b 1f 5a af be 0b 0f | unwrapped: f7 34 4b 0d b9 c1 88 48 af 92 5e 42 75 1d 74 ba | unwrapped: 30 fa c7 aa 2b 61 2f b2 56 d7 33 71 72 82 9b 21 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298a010 | result: final-key@0x7f456000a510 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f456000a510 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc2989ff8 | result: final-key@0x7f456000eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f456000a510 | prf+N PRF sha final-key@0x7f456000eec0 (size 20) | prf+N: key-key@0x7f456000eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c507594c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffdc298a088 | result: result-key@0x7f456000a510 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x556c507594c0 | prfplus: release old_t[N]-key@0x556c507594c0 | prf+N PRF sha init key-key@0x7f456000d640 (size 20) | prf+N: key-key@0x7f456000d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f456000d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a008 | result: clone-key@0x556c507594c0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x556c50750530 from key-key@0x556c507594c0 | prf+N prf: begin sha with context 0x556c50750530 from key-key@0x556c507594c0 | prf+N: release clone-key@0x556c507594c0 | prf+N PRF sha crypt-prf@0x556c50768680 | prf+N PRF sha update old_t-key@0x7f456000eec0 (size 20) | prf+N: old_t-key@0x7f456000eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f456000eec0 | nss hmac digest hack: symkey-key@0x7f456000eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1030185904: 21 73 ffffff95 ffffffc4 ffffffcb ffffff97 ffffffc4 ffffffa7 ffffffab ffffff83 ffffffa2 13 36 ffffffc5 ffffffbd ffffffd7 41 ffffffb2 ffffff8e 22 1b 39 ffffffbe ffffffab 0c fffffffd 2d 5d ffffffb7 ffffffd8 19 ffffffcd | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x556c507731a0 | unwrapped: ef 0b 9f 52 e2 dd f8 d7 13 8e dd 4e be 74 7b b1 | unwrapped: f6 6f 30 1a 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f4568006900 (size 64) | prf+N: seed-key@0x7f4568006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f4568006900 | nss hmac digest hack: symkey-key@0x7f4568006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1030185904: 22 ffffffc9 7b 71 ffffffbf ffffffa6 1b 11 ffffff83 55 ffffffaa ffffffce 5e 26 ffffffe3 6a ffffffb2 14 1d 65 ffffff94 ffffffb7 23 ffffff9f ffffff8d 4a 61 7a ffffffbb 74 ffffffa9 fffffff2 ffffffe7 ffffffa0 63 20 31 ffffff9d 16 fffffffa 59 fffffff1 ffffff90 ffffffb9 53 53 fffffffe ffffff88 ffffffb5 1a 64 ffffff8b 5a ffffffd9 0b 65 ffffffa3 03 0a 6f ffffffbc ffffffa3 04 4e | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 64 bytes at 0x556c50768610 | unwrapped: 16 e7 be db c1 0a 0f b9 2f 16 03 e3 1c 5f ce e0 | unwrapped: 48 ed c4 b9 8a 65 e1 61 88 9b 1f 5a af be 0b 0f | unwrapped: f7 34 4b 0d b9 c1 88 48 af 92 5e 42 75 1d 74 ba | unwrapped: 30 fa c7 aa 2b 61 2f b2 56 d7 33 71 72 82 9b 21 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298a010 | result: final-key@0x556c50771420 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c50771420 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc2989ff8 | result: final-key@0x556c507594c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c50771420 | prf+N PRF sha final-key@0x556c507594c0 (size 20) | prf+N: key-key@0x556c507594c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f456000a510 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffdc298a088 | result: result-key@0x556c50771420 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f456000a510 | prfplus: release old_t[N]-key@0x7f456000eec0 | prf+N PRF sha init key-key@0x7f456000d640 (size 20) | prf+N: key-key@0x7f456000d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f456000d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a008 | result: clone-key@0x7f456000eec0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x556c50750530 from key-key@0x7f456000eec0 | prf+N prf: begin sha with context 0x556c50750530 from key-key@0x7f456000eec0 | prf+N: release clone-key@0x7f456000eec0 | prf+N PRF sha crypt-prf@0x556c50769fd0 | prf+N PRF sha update old_t-key@0x556c507594c0 (size 20) | prf+N: old_t-key@0x556c507594c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x556c507594c0 | nss hmac digest hack: symkey-key@0x556c507594c0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1030185904: 28 ffffff8b ffffff8e fffffffa 62 ffffff8e ffffffe3 70 43 ffffff81 6b ffffff9e 48 ffffff8e 25 7a ffffffd4 3f fffffff5 ffffffa6 1e 55 ffffff89 ffffffc8 fffffff9 40 ffffffaa 35 ffffffc8 ffffff83 7d 69 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x556c5076b2b0 | unwrapped: ca 0c f8 b4 d9 ea 90 74 b0 20 51 18 c3 15 2b 6a | unwrapped: b5 b6 9b 0b 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f4568006900 (size 64) | prf+N: seed-key@0x7f4568006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f4568006900 | nss hmac digest hack: symkey-key@0x7f4568006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1030185904: 22 ffffffc9 7b 71 ffffffbf ffffffa6 1b 11 ffffff83 55 ffffffaa ffffffce 5e 26 ffffffe3 6a ffffffb2 14 1d 65 ffffff94 ffffffb7 23 ffffff9f ffffff8d 4a 61 7a ffffffbb 74 ffffffa9 fffffff2 ffffffe7 ffffffa0 63 20 31 ffffff9d 16 fffffffa 59 fffffff1 ffffff90 ffffffb9 53 53 fffffffe ffffff88 ffffffb5 1a 64 ffffff8b 5a ffffffd9 0b 65 ffffffa3 03 0a 6f ffffffbc ffffffa3 04 4e | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 64 bytes at 0x556c5076b470 | unwrapped: 16 e7 be db c1 0a 0f b9 2f 16 03 e3 1c 5f ce e0 | unwrapped: 48 ed c4 b9 8a 65 e1 61 88 9b 1f 5a af be 0b 0f | unwrapped: f7 34 4b 0d b9 c1 88 48 af 92 5e 42 75 1d 74 ba | unwrapped: 30 fa c7 aa 2b 61 2f b2 56 d7 33 71 72 82 9b 21 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298a010 | result: final-key@0x7f456000a510 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f456000a510 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc2989ff8 | result: final-key@0x7f456000eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f456000a510 | prf+N PRF sha final-key@0x7f456000eec0 (size 20) | prf+N: key-key@0x7f456000eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c50771420 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffdc298a088 | result: result-key@0x7f456000a510 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x556c50771420 | prfplus: release old_t[N]-key@0x556c507594c0 | prfplus: release old_t[final]-key@0x7f456000eec0 | child_sa_keymat: release data-key@0x7f4568006900 | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 36-bytes | base: base-key@0x7f456000a510 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a168 | result: result-key@0x7f4568006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | initiator to responder keys extracting all 36 bytes of key@0x7f4568006900 | initiator to responder keys: symkey-key@0x7f4568006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | initiator to responder keys: new slot-key@0x556c50750fd0 (36-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)540292896: 03 ffffffba 30 ffffffc1 44 fffffffd 75 ffffff85 ffffff81 2c 6e ffffffd0 36 19 ffffffc4 ffffff84 ffffffc6 ffffffed ffffffd2 32 28 21 47 ffffffe0 09 ffffff81 33 fffffffe 47 7f ffffffaf 2b 4b 19 00 00 ffffffe5 ffffffd1 52 79 ffffff8e 59 fffffffe 3b fffffff9 4c ffffffc3 ffffffb4 | initiator to responder keys: release slot-key-key@0x556c50750fd0 | initiator to responder keys extracted len 48 bytes at 0x556c50772d90 | unwrapped: 23 9e 41 cc 18 21 ab 8a 59 37 06 17 72 df 77 0f | unwrapped: 7e a6 a8 b2 ef 0b 9f 52 e2 dd f8 d7 13 8e dd 4e | unwrapped: be 74 7b b1 00 00 00 00 00 00 00 00 00 00 00 00 | ikev2_derive_child_keys: release ikey-key@0x7f4568006900 | key-offset: 36, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 36-bytes | base: base-key@0x7f456000a510 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a168 | result: result-key@0x7f4568006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | responder to initiator keys: extracting all 36 bytes of key@0x7f4568006900 | responder to initiator keys:: symkey-key@0x7f4568006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | responder to initiator keys:: new slot-key@0x556c50750fd0 (36-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)540292896: ffffffc8 6d ffffff82 7b ffffffe1 33 1f ffffffb0 6b ffffffad ffffffd9 ffffffe4 5f 41 ffffffaf 42 0c ffffffaa ffffffbc 41 74 14 ffffffc5 30 1c 3a ffffff81 0f 51 6e 01 4b ffffffb4 ffffff8a 29 ffffffea ffffff91 ffffffaa 62 44 7c ffffffec fffffff6 02 0b ffffffe8 ffffff8d fffffffb | responder to initiator keys:: release slot-key-key@0x556c50750fd0 | responder to initiator keys: extracted len 48 bytes at 0x556c50772dd0 | unwrapped: f6 6f 30 1a ca 0c f8 b4 d9 ea 90 74 b0 20 51 18 | unwrapped: c3 15 2b 6a b5 b6 9b 0b d7 4e 30 02 9b 88 7f 69 | unwrapped: 2e c4 20 e2 00 00 00 00 00 00 00 00 00 00 00 00 | ikev2_derive_child_keys: release rkey-key@0x7f4568006900 | ikev2_derive_child_keys: release keymat-key@0x7f456000a510 | #9 spent 2.09 milliseconds | install_ipsec_sa() for #10: inbound and outbound | could_route called for aes128 (kind=CK_PERMANENT) | FOR_EACH_CONNECTION_... in route_owner | conn aes128 mark 0/00000000, 0/00000000 vs | conn aes128 mark 0/00000000, 0/00000000 | route owner of "aes128" unrouted: NULL; eroute owner: NULL | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'aes128' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.4efeef28@192.1.2.23 included non-error error | set up outgoing SA, ref=0/0 | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'aes128' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.e17d93b3@192.1.2.45 included non-error error | priority calculation of connection "aes128" is 0xfe7e7 | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.10000@192.1.2.45 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | set up incoming SA, ref=0/0 | sr for #10: unrouted | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn aes128 mark 0/00000000, 0/00000000 vs | conn aes128 mark 0/00000000, 0/00000000 | route owner of "aes128" unrouted: NULL; eroute owner: NULL | route_and_eroute with c: aes128 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #10 | priority calculation of connection "aes128" is 0xfe7e7 | eroute_connection add eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | running updown command "ipsec _updown" for verb up | command executing up-client | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16404' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x4efeef28 SPI_OUT= | popen cmd is 1025 chars long | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTER: | cmd( 80):FACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west: | cmd( 160):' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT: | cmd( 240):_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16: | cmd( 320):404' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEE: | cmd( 400):R_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK: | cmd( 480):='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PL: | cmd( 560):UTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+U: | cmd( 640):P+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' : | cmd( 720):PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_D: | cmd( 800):NS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' P: | cmd( 880):LUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SH: | cmd( 960):ARED='no' SPI_IN=0x4efeef28 SPI_OUT=0xe17d93b3 ipsec _updown 2>&1: | route_and_eroute: firewall_notified: true | running updown command "ipsec _updown" for verb prepare | command executing prepare-client | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16404' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x4efeef2 | popen cmd is 1030 chars long | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_: | cmd( 80):INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID=': | cmd( 160):@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_C: | cmd( 240):LIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQI: | cmd( 320):D='16404' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUT: | cmd( 400):O_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT: | cmd( 480):_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA=: | cmd( 560):'' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+: | cmd( 640):PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMAN: | cmd( 720):ENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_P: | cmd( 800):EER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER=: | cmd( 880):'0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' V: | cmd( 960):TI_SHARED='no' SPI_IN=0x4efeef28 SPI_OUT=0xe17d93b3 ipsec _updown 2>&1: | running updown command "ipsec _updown" for verb route | command executing route-client | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16404' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x4efeef28 SP | popen cmd is 1028 chars long | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_IN: | cmd( 80):TERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@w: | cmd( 160):est' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLI: | cmd( 240):ENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=: | cmd( 320):'16404' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_: | cmd( 400):PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_M: | cmd( 480):ASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='': | cmd( 560): PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PF: | cmd( 640):S+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANEN: | cmd( 720):T' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEE: | cmd( 800):R_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0: | cmd( 880):' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI: | cmd( 960):_SHARED='no' SPI_IN=0x4efeef28 SPI_OUT=0xe17d93b3 ipsec _updown 2>&1: | route_and_eroute: instance "aes128", setting eroute_owner {spd=0x556c50768e20,sr=0x556c50768e20} to #10 (was #0) (newest_ipsec_sa=#0) | #9 spent 0.937 milliseconds in install_ipsec_sa() | inR2: instance aes128[0], setting IKEv2 newest_ipsec_sa to #10 (was #0) (spd.eroute=#10) cloned from #9 | state #10 requesting EVENT_RETRANSMIT to be deleted | #10 STATE_PARENT_I2: retransmits: cleared | libevent_free: release ptr-libevent@0x7f4568006800 | free_event_entry: release EVENT_RETRANSMIT-pe@0x556c50772e10 | #10 spent 2.72 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() | [RE]START processing: state #10 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #10 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I | child state #10: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) | Message ID: updating counters for #10 to 1 after switching state | Message ID: recv #9.#10 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 | Message ID: #9.#10 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 | pstats #10 ikev2.child established "aes128" #10: negotiated connection [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] | NAT-T: encaps is 'auto' "aes128" #10: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x4efeef28 <0xe17d93b3 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} | releasing whack for #10 (sock=fd@25) | close_any(fd@25) (in release_whack() at state.c:654) | releasing whack and unpending for parent #9 | unpending state #9 connection "aes128" | delete from pending Child SA with 192.1.2.23 "aes128" | removing pending policy for no connection {0x556c507714e0} | close_any(fd@24) (in release_whack() at state.c:654) | #10 will start re-keying in 28154 seconds with margin of 646 seconds (attempting re-key) | event_schedule: new EVENT_SA_REKEY-pe@0x556c50772e10 | inserting event EVENT_SA_REKEY, timeout in 28154 seconds for #10 | libevent_malloc: new ptr-libevent@0x7f4568006800 size 128 | stop processing: state #10 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #9 spent 3.16 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 3.17 milliseconds in comm_handle_cb() reading and processing packet | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00436 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00266 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00269 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_STATE_... in show_traffic_status (sort_states) | FOR_EACH_STATE_... in sort_states | get_sa_info esp.e17d93b3@192.1.2.45 | get_sa_info esp.4efeef28@192.1.2.23 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0674 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in terminate_a_connection() at terminate.c:69) "aes128": terminating SAs using this connection | connection 'aes128' -POLICY_UP | FOR_EACH_STATE_... in shared_phase1_connection | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #10 | suspend processing: connection "aes128" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #10 connection "aes128" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #10 ikev2.child deleted completed | #10 spent 2.72 milliseconds in total | [RE]START processing: state #10 connection "aes128" from 192.1.2.23:500 (in delete_state() at state.c:879) "aes128" #10: deleting state (STATE_V2_IPSEC_I) aged 0.391s and sending notification | child state #10: V2_IPSEC_I(established CHILD SA) => delete | get_sa_info esp.4efeef28@192.1.2.23 | get_sa_info esp.e17d93b3@192.1.2.45 "aes128" #10: ESP traffic information: in=84B out=84B | #10 send IKEv2 delete notification for STATE_V2_IPSEC_I | Opening output PBS informational exchange delete request | **emit ISAKMP Message: | initiator cookie: | 3d 05 88 93 fe 15 a1 2e | responder cookie: | 0c f2 36 c3 98 49 00 79 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 2 (0x2) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' | emitting 4 raw bytes of local spis into IKEv2 Delete Payload | local spis e1 7d 93 b3 | emitting length of IKEv2 Delete Payload: 12 | adding 4 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 4d 1b c4 ed f5 c6 e0 94 05 7f 02 5f 21 47 e6 1f | data before encryption: | 00 00 00 0c 03 04 00 01 e1 7d 93 b3 00 01 02 03 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | e6 cf 52 f9 e7 57 5b 2e d4 a3 4f 5f b8 61 21 43 | hmac PRF sha init symkey-key@0x556c5074eb00 (size 20) | hmac: symkey-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc2986fa8 | result: clone-key@0x7f456000a510 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x556c50750530 from symkey-key@0x7f456000a510 | hmac prf: begin sha with context 0x556c50750530 from symkey-key@0x7f456000a510 | hmac: release clone-key@0x7f456000a510 | hmac PRF sha crypt-prf@0x556c507686a0 | hmac PRF sha update data-bytes@0x7ffdc2987380 (length 64) | 3d 05 88 93 fe 15 a1 2e 0c f2 36 c3 98 49 00 79 | 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | 4d 1b c4 ed f5 c6 e0 94 05 7f 02 5f 21 47 e6 1f | e6 cf 52 f9 e7 57 5b 2e d4 a3 4f 5f b8 61 21 43 | hmac PRF sha final-bytes@0x7ffdc29873c0 (length 20) | de a4 07 c2 3f 93 33 ab 1d a2 f4 61 22 0d 16 6e | bc 00 c5 5e | data being hmac: 3d 05 88 93 fe 15 a1 2e 0c f2 36 c3 98 49 00 79 | data being hmac: 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | data being hmac: 4d 1b c4 ed f5 c6 e0 94 05 7f 02 5f 21 47 e6 1f | data being hmac: e6 cf 52 f9 e7 57 5b 2e d4 a3 4f 5f b8 61 21 43 | out calculated auth: | de a4 07 c2 3f 93 33 ab 1d a2 f4 61 | sending 76 bytes for delete notification through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #10) | 3d 05 88 93 fe 15 a1 2e 0c f2 36 c3 98 49 00 79 | 2e 20 25 08 00 00 00 02 00 00 00 4c 2a 00 00 30 | 4d 1b c4 ed f5 c6 e0 94 05 7f 02 5f 21 47 e6 1f | e6 cf 52 f9 e7 57 5b 2e d4 a3 4f 5f b8 61 21 43 | de a4 07 c2 3f 93 33 ab 1d a2 f4 61 | Message ID: IKE #9 sender #10 in send_delete record 'n' sending delete request so forcing IKE nextuse=0->1 and sender msgid=0->0 | Message ID: IKE #9 sender #10 in send_delete hacking around record ' send | Message ID: sent #9 request 2; ike: initiator.sent=1->2 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->2 wip.responder=-1 | state #10 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x7f4568006800 | free_event_entry: release EVENT_SA_REKEY-pe@0x556c50772e10 | running updown command "ipsec _updown" for verb down | command executing down-client | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16404' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050847' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x4efeef2 | popen cmd is 1033 chars long | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INT: | cmd( 80):ERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@we: | cmd( 160):st' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIE: | cmd( 240):NT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=': | cmd( 320):16404' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_P: | cmd( 400):EER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MA: | cmd( 480):SK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' : | cmd( 560):PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050847' PLUTO_CONN_POLICY='PSK+ENCRYPT+T: | cmd( 640):UNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PER: | cmd( 720):MANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUT: | cmd( 800):O_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERV: | cmd( 880):ER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no: | cmd( 960):' VTI_SHARED='no' SPI_IN=0x4efeef28 SPI_OUT=0xe17d93b3 ipsec _updown 2>&1: | shunt_eroute() called for connection 'aes128' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.1.0/24:0 --0->- 192.0.2.0/24:0 | netlink_shunt_eroute for proto 0, and source 192.0.1.0/24:0 dest 192.0.2.0/24:0 | priority calculation of connection "aes128" is 0xfe7e7 | IPsec Sa SPD priority set to 1042407 | delete esp.4efeef28@192.1.2.23 | netlink response for Del SA esp.4efeef28@192.1.2.23 included non-error error | priority calculation of connection "aes128" is 0xfe7e7 | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | delete esp.e17d93b3@192.1.2.45 | netlink response for Del SA esp.e17d93b3@192.1.2.45 included non-error error | stop processing: connection "aes128" (BACKGROUND) (in update_state_connection() at connections.c:4037) | start processing: connection NULL (in update_state_connection() at connections.c:4038) | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #10 in V2_IPSEC_I | child state #10: V2_IPSEC_I(established CHILD SA) => UNDEFINED(ignore) | stop processing: state #10 from 192.1.2.23:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x7f456000d640 | delete_state: release st->st_skey_ai_nss-key@0x556c5074eb00 | delete_state: release st->st_skey_ar_nss-key@0x556c5075ae20 | delete_state: release st->st_skey_ei_nss-key@0x556c5074d280 | delete_state: release st->st_skey_er_nss-key@0x556c507543d0 | delete_state: release st->st_skey_pi_nss-key@0x556c5076d180 | delete_state: release st->st_skey_pr_nss-key@0x7f45600069f0 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #9 | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #9 | start processing: state #9 connection "aes128" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #9 ikev2.ike deleted completed | #9 spent 9.64 milliseconds in total | [RE]START processing: state #9 connection "aes128" from 192.1.2.23:500 (in delete_state() at state.c:879) "aes128" #9: deleting state (STATE_PARENT_I3) aged 0.420s and sending notification | parent state #9: PARENT_I3(established IKE SA) => delete | #9 send IKEv2 delete notification for STATE_PARENT_I3 | Opening output PBS informational exchange delete request | **emit ISAKMP Message: | initiator cookie: | 3d 05 88 93 fe 15 a1 2e | responder cookie: | 0c f2 36 c3 98 49 00 79 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 3 (0x3) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_IKE (0x1) | SPI size: 0 (0x0) | number of SPIs: 0 (0x0) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' | emitting length of IKEv2 Delete Payload: 8 | adding 8 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 48 | emitting length of ISAKMP Message: 76 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | d2 ac 54 c7 7d 59 13 52 6d 2e f0 68 83 a3 2c 7d | data before encryption: | 00 00 00 08 01 00 00 00 00 01 02 03 04 05 06 07 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 5c ef 14 59 86 79 17 06 cf 0f 0b 21 41 69 ea fa | hmac PRF sha init symkey-key@0x556c5074eb00 (size 20) | hmac: symkey-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc2986fa8 | result: clone-key@0x7f456000a510 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x556c50750530 from symkey-key@0x7f456000a510 | hmac prf: begin sha with context 0x556c50750530 from symkey-key@0x7f456000a510 | hmac: release clone-key@0x7f456000a510 | hmac PRF sha crypt-prf@0x556c50768660 | hmac PRF sha update data-bytes@0x7ffdc2987380 (length 64) | 3d 05 88 93 fe 15 a1 2e 0c f2 36 c3 98 49 00 79 | 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | d2 ac 54 c7 7d 59 13 52 6d 2e f0 68 83 a3 2c 7d | 5c ef 14 59 86 79 17 06 cf 0f 0b 21 41 69 ea fa | hmac PRF sha final-bytes@0x7ffdc29873c0 (length 20) | 9d ae 31 27 3b ea ff 55 1e 42 93 53 76 e5 f5 94 | 0e f6 b9 e4 | data being hmac: 3d 05 88 93 fe 15 a1 2e 0c f2 36 c3 98 49 00 79 | data being hmac: 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | data being hmac: d2 ac 54 c7 7d 59 13 52 6d 2e f0 68 83 a3 2c 7d | data being hmac: 5c ef 14 59 86 79 17 06 cf 0f 0b 21 41 69 ea fa | out calculated auth: | 9d ae 31 27 3b ea ff 55 1e 42 93 53 | sending 76 bytes for delete notification through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #9) | 3d 05 88 93 fe 15 a1 2e 0c f2 36 c3 98 49 00 79 | 2e 20 25 08 00 00 00 03 00 00 00 4c 2a 00 00 30 | d2 ac 54 c7 7d 59 13 52 6d 2e f0 68 83 a3 2c 7d | 5c ef 14 59 86 79 17 06 cf 0f 0b 21 41 69 ea fa | 9d ae 31 27 3b ea ff 55 1e 42 93 53 | Message ID: IKE #9 sender #9 in send_delete record 'n' sending delete request so forcing IKE nextuse=1->2 and sender msgid=0->1 | Message ID: IKE #9 sender #9 in send_delete hacking around record ' send | Message ID: #9 XXX: expecting sender.wip.initiator 2 == -1 - suspect record'n'send out-of-order?); initiator.sent=3 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=3 wip.responder=-1 | Message ID: sent #9 request 3; ike: initiator.sent=2->3 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=2->3 wip.responder=-1 | state #9 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x7f4560011520 | free_event_entry: release EVENT_SA_REKEY-pe@0x556c507686c0 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #9 in PARENT_I3 | parent state #9: PARENT_I3(established IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f4560002010: destroyed | stop processing: state #9 from 192.1.2.23:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x556c50757800 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x7f456000d640 | delete_state: release st->st_skey_ai_nss-key@0x556c5074eb00 | delete_state: release st->st_skey_ar_nss-key@0x556c5075ae20 | delete_state: release st->st_skey_ei_nss-key@0x556c5074d280 | delete_state: release st->st_skey_er_nss-key@0x556c507543d0 | delete_state: release st->st_skey_pi_nss-key@0x556c5076d180 | delete_state: release st->st_skey_pr_nss-key@0x7f45600069f0 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 1.3 milliseconds in whack | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00463 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in terminate_a_connection() at terminate.c:69) "aes128": terminating SAs using this connection | connection 'aes128' -POLICY_UP | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | stop processing: connection "aes128" (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | shunt_eroute() called for connection 'aes128' to 'delete' for rt_kind 'unrouted' using protoports 192.0.1.0/24:0 --0->- 192.0.2.0/24:0 | netlink_shunt_eroute for proto 0, and source 192.0.1.0/24:0 dest 192.0.2.0/24:0 | priority calculation of connection "aes128" is 0xfe7e7 | priority calculation of connection "aes128" is 0xfe7e7 | FOR_EACH_CONNECTION_... in route_owner | conn aes128 mark 0/00000000, 0/00000000 vs | conn aes128 mark 0/00000000, 0/00000000 | route owner of "aes128" unrouted: NULL | running updown command "ipsec _updown" for verb unroute | command executing unroute-client | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16404' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT | popen cmd is 1014 chars long | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='aes128' PLUTO_: | cmd( 80):INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID=': | cmd( 160):@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_C: | cmd( 240):LIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQI: | cmd( 320):D='16404' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLU: | cmd( 400):TO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIEN: | cmd( 480):T_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA: | cmd( 560):='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL: | cmd( 640):+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANEN: | cmd( 720):T' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEE: | cmd( 800):R_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0: | cmd( 880):' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI: | cmd( 960):_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. "aes128": unroute-client output: Error: Peer netns reference is invalid. | free hp@0x556c5076ae40 | flush revival: connection 'aes128' wasn't on the list | stop processing: connection "aes128" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 1.54 milliseconds in whack | spent 0.00287 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 3d 05 88 93 fe 15 a1 2e 0c f2 36 c3 98 49 00 79 | 2e 20 25 20 00 00 00 02 00 00 00 4c 2a 00 00 30 | 2e 0f 8f 0e 76 ec 84 b0 a9 33 60 fc ee b3 2e 54 | b7 53 54 f7 99 45 cb a1 c7 fe 60 a4 32 ee 6f a9 | 66 75 e0 8a 25 07 4d 9f 35 c2 aa ac | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d 05 88 93 fe 15 a1 2e | responder cookie: | 0c f2 36 c3 98 49 00 79 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 2 (0x2) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL response | State DB: IKEv2 state not found (find_v2_ike_sa) packet from 192.1.2.23:500: ISAKMP_v2_INFORMATIONAL message response has no matching IKE SA | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0751 milliseconds in comm_handle_cb() reading and processing packet | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00488 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00151 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 3d 05 88 93 fe 15 a1 2e 0c f2 36 c3 98 49 00 79 | 2e 20 25 20 00 00 00 03 00 00 00 4c 00 00 00 30 | 77 6d eb 3c 46 5f 88 3e 81 22 d9 70 06 ed 60 a8 | 46 b2 3b 03 0c 45 35 cb f4 46 2b c8 70 b4 be 7f | af f1 75 7b 5c b4 cf 58 a5 be 4b 84 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d 05 88 93 fe 15 a1 2e | responder cookie: | 0c f2 36 c3 98 49 00 79 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 3 (0x3) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL response | State DB: IKEv2 state not found (find_v2_ike_sa) packet from 192.1.2.23:500: ISAKMP_v2_INFORMATIONAL message response has no matching IKE SA | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0597 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing suppress-retransmits + none - bust-mi2+bust-mr2+drop-i2+sa-creation+jacob-two-two+allow-null-none+major-version-bump+minor-version-bump+timeout-on-retransmit+delete-on-retransmit+suppress-retransmits+send-bogus-payload-flag+send-bogus-isakmp-flag+send-no-delete+send-no-ikev2-auth+send-no-xauth-r0+drop-xauth-r0+send-no-main-r2+force-fips+send-key-size-check+send-bogus-dcookie+omit-hash-notify+ignore-hash-notify+ignore-hash-notify-resp+ikev2-exclude-integ-none+ikev2-include-integ-none+replay-duplicates+replay-forward+replay-backward+replay-encrypted+corrupt-encrypted+proposal-parser+add-unknown-payload-to-sa-init+add-unknown-payload-to-auth+add-unknown-payload-to-auth-sk+unknown-payload-critical+allow-dns-insecure+send-pkcs7-thingie+ikev1-del-with-notify+bad-ikev2-auth-xchg | base impairing = none | child-key-length-attribute: disabled | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0566 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing none + delete-on-retransmit | base impairing = delete-on-retransmit | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0446 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none | base impairing = delete-on-retransmit | ike-key-length-attribute:OMIT | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0662 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection aes128 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_CBC_128-HMAC_SHA1-MODP2048 | from whack: got --esp=aes128-sha1;modp2048 | ESP/AH string values: AES_CBC_128-HMAC_SHA1_96-MODP2048 | counting wild cards for @west is 0 | counting wild cards for @east is 0 | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x556c50769f20 added connection description "aes128" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.154 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in initiate_a_connection() at initiate.c:186) | connection 'aes128' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #11 at 0x556c50769370 | State DB: adding IKEv2 state #11 in UNDEFINED | pstats #11 ikev2.ike started | Message ID: init #11: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #11: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #11; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #11 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "aes128" IKE SA #11 "aes128" "aes128" #11: initiating v2 parent SA | constructing local IKE proposals for aes128 (IKE SA initiator selecting KE) | converting ike_info AES_CBC_128-HMAC_SHA1-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "aes128": constructed local IKE proposals for aes128 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 11 for state #11 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x556c50772dd0 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #11 | libevent_malloc: new ptr-libevent@0x7f4568006800 size 128 | #11 spent 0.122 milliseconds in ikev2_parent_outI1() | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: state #11 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 0 resuming | crypto helper 0 starting work-order 11 for state #11 | crypto helper 0 doing build KE and nonce (ikev2_outI1 KE); request ID 11 | RESET processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.195 milliseconds in whack | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f45580010c0: created | NSS: Local DH MODP2048 secret (pointer): 0x7f45580010c0 | NSS: Public DH wire value: | 1b 46 69 e0 5a 3b ac 24 fd a5 51 36 38 cc c5 6e | 8d 80 dc 23 de 67 0c 8c 12 54 06 7f 23 ea 34 2e | ae 6b 2c 5b 00 4f 06 5c 78 55 ec 0c a6 66 a2 fe | 24 00 55 11 ea 59 cb 05 6c 51 af 7c f3 f2 be 7b | 59 5e 8f dc 0b 29 3e 16 fd 74 2f 8d 60 4a 9a 7f | bf d7 95 62 b6 6c fb 7a e0 fd 97 e0 4d 9b 41 79 | d1 91 f5 1c 9b 2d 8f 48 fb 5b 8d 97 bc a6 cb c1 | 4d 65 d2 0a 02 9c 55 2c 64 d7 26 fc 64 16 46 d1 | 34 16 b8 6e f1 62 8d d5 0c 53 e1 25 f8 15 20 9c | 36 92 bb 61 b9 7e 2f 01 63 16 da 43 9d 58 c2 7c | 7d e4 3b b9 2a 9f 6b 54 91 b9 00 38 c7 c3 bb 4b | f6 f6 e0 46 69 26 22 61 42 f1 d9 a7 af 78 e9 c4 | ab 3b 9b bd f8 df 32 5f 3a 08 4f 79 9a 78 a5 73 | 9c 50 5f e5 76 12 53 5a 25 f4 73 2e 54 a6 08 e9 | c4 d9 dc 5d ba e0 6c 64 cc f9 4d 96 d0 c9 6f f5 | 1b a0 cc 6c 92 f4 a1 ff 75 c0 a5 ce 82 23 82 14 | Generated nonce: 64 89 08 b1 9e 0a 63 d1 9c 50 5b 75 79 89 e4 99 | Generated nonce: cf 9a 42 04 d8 c2 a6 c0 de e3 52 8b 31 99 df 03 | crypto helper 0 finished build KE and nonce (ikev2_outI1 KE); request ID 11 time elapsed 0.001034 seconds | (#11) spent 1.01 milliseconds in crypto helper computing work-order 11: ikev2_outI1 KE (pcr) | crypto helper 0 sending results from work-order 11 for state #11 to event queue | scheduling resume sending helper answer for #11 | libevent_malloc: new ptr-libevent@0x7f45580016a0 size 128 | crypto helper 0 waiting (nothing to do) | processing resume sending helper answer for #11 | start processing: state #11 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 0 replies to request ID 11 | calling continuation function 0x556c4f6f1630 | ikev2_parent_outI1_continue for #11 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f45580010c0: transferring ownership from helper KE to state #11 | **emit ISAKMP Message: | initiator cookie: | 51 09 2b ee f6 12 cf 23 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection aes128 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "aes128" #11: IMPAIR: omitting fixed-size key-length attribute | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 40 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 44 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 1b 46 69 e0 5a 3b ac 24 fd a5 51 36 38 cc c5 6e | ikev2 g^x 8d 80 dc 23 de 67 0c 8c 12 54 06 7f 23 ea 34 2e | ikev2 g^x ae 6b 2c 5b 00 4f 06 5c 78 55 ec 0c a6 66 a2 fe | ikev2 g^x 24 00 55 11 ea 59 cb 05 6c 51 af 7c f3 f2 be 7b | ikev2 g^x 59 5e 8f dc 0b 29 3e 16 fd 74 2f 8d 60 4a 9a 7f | ikev2 g^x bf d7 95 62 b6 6c fb 7a e0 fd 97 e0 4d 9b 41 79 | ikev2 g^x d1 91 f5 1c 9b 2d 8f 48 fb 5b 8d 97 bc a6 cb c1 | ikev2 g^x 4d 65 d2 0a 02 9c 55 2c 64 d7 26 fc 64 16 46 d1 | ikev2 g^x 34 16 b8 6e f1 62 8d d5 0c 53 e1 25 f8 15 20 9c | ikev2 g^x 36 92 bb 61 b9 7e 2f 01 63 16 da 43 9d 58 c2 7c | ikev2 g^x 7d e4 3b b9 2a 9f 6b 54 91 b9 00 38 c7 c3 bb 4b | ikev2 g^x f6 f6 e0 46 69 26 22 61 42 f1 d9 a7 af 78 e9 c4 | ikev2 g^x ab 3b 9b bd f8 df 32 5f 3a 08 4f 79 9a 78 a5 73 | ikev2 g^x 9c 50 5f e5 76 12 53 5a 25 f4 73 2e 54 a6 08 e9 | ikev2 g^x c4 d9 dc 5d ba e0 6c 64 cc f9 4d 96 d0 c9 6f f5 | ikev2 g^x 1b a0 cc 6c 92 f4 a1 ff 75 c0 a5 ce 82 23 82 14 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 64 89 08 b1 9e 0a 63 d1 9c 50 5b 75 79 89 e4 99 | IKEv2 nonce cf 9a 42 04 d8 c2 a6 c0 de e3 52 8b 31 99 df 03 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffdc298a810 (length 8) | 51 09 2b ee f6 12 cf 23 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffdc298a818 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffdc298a744 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffdc298a736 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffdc298a7c0 (length 20) | 4d 15 a4 db 39 a6 0d b8 85 c7 d8 72 27 2d 6b 54 | c9 3a 8c 98 | natd_hash: hasher=0x556c4f7c77a0(20) | natd_hash: icookie= 51 09 2b ee f6 12 cf 23 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 4d 15 a4 db 39 a6 0d b8 85 c7 d8 72 27 2d 6b 54 | natd_hash: hash= c9 3a 8c 98 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 4d 15 a4 db 39 a6 0d b8 85 c7 d8 72 27 2d 6b 54 | Notify data c9 3a 8c 98 | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffdc298a810 (length 8) | 51 09 2b ee f6 12 cf 23 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffdc298a818 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffdc298a744 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffdc298a736 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffdc298a7c0 (length 20) | ec 4e 1e 95 49 0e 4a 49 23 4a e0 23 e9 e5 20 7f | 13 29 b4 53 | natd_hash: hasher=0x556c4f7c77a0(20) | natd_hash: icookie= 51 09 2b ee f6 12 cf 23 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= ec 4e 1e 95 49 0e 4a 49 23 4a e0 23 e9 e5 20 7f | natd_hash: hash= 13 29 b4 53 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data ec 4e 1e 95 49 0e 4a 49 23 4a e0 23 e9 e5 20 7f | Notify data 13 29 b4 53 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 436 | stop processing: state #11 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #11 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #11 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #11: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #11 to 4294967295 after switching state | Message ID: IKE #11 skipping update_recv as MD is fake | Message ID: sent #11 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "aes128" #11: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 436 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #11) | 51 09 2b ee f6 12 cf 23 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 0c | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | 1b 46 69 e0 5a 3b ac 24 fd a5 51 36 38 cc c5 6e | 8d 80 dc 23 de 67 0c 8c 12 54 06 7f 23 ea 34 2e | ae 6b 2c 5b 00 4f 06 5c 78 55 ec 0c a6 66 a2 fe | 24 00 55 11 ea 59 cb 05 6c 51 af 7c f3 f2 be 7b | 59 5e 8f dc 0b 29 3e 16 fd 74 2f 8d 60 4a 9a 7f | bf d7 95 62 b6 6c fb 7a e0 fd 97 e0 4d 9b 41 79 | d1 91 f5 1c 9b 2d 8f 48 fb 5b 8d 97 bc a6 cb c1 | 4d 65 d2 0a 02 9c 55 2c 64 d7 26 fc 64 16 46 d1 | 34 16 b8 6e f1 62 8d d5 0c 53 e1 25 f8 15 20 9c | 36 92 bb 61 b9 7e 2f 01 63 16 da 43 9d 58 c2 7c | 7d e4 3b b9 2a 9f 6b 54 91 b9 00 38 c7 c3 bb 4b | f6 f6 e0 46 69 26 22 61 42 f1 d9 a7 af 78 e9 c4 | ab 3b 9b bd f8 df 32 5f 3a 08 4f 79 9a 78 a5 73 | 9c 50 5f e5 76 12 53 5a 25 f4 73 2e 54 a6 08 e9 | c4 d9 dc 5d ba e0 6c 64 cc f9 4d 96 d0 c9 6f f5 | 1b a0 cc 6c 92 f4 a1 ff 75 c0 a5 ce 82 23 82 14 | 29 00 00 24 64 89 08 b1 9e 0a 63 d1 9c 50 5b 75 | 79 89 e4 99 cf 9a 42 04 d8 c2 a6 c0 de e3 52 8b | 31 99 df 03 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 4d 15 a4 db 39 a6 0d b8 85 c7 d8 72 | 27 2d 6b 54 c9 3a 8c 98 00 00 00 1c 00 00 40 05 | ec 4e 1e 95 49 0e 4a 49 23 4a e0 23 e9 e5 20 7f | 13 29 b4 53 | state #11 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f4568006800 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x556c50772dd0 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x556c50772dd0 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #11 | libevent_malloc: new ptr-libevent@0x7f4568006800 size 128 | #11 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49495.009736 | resume sending helper answer for #11 suppresed complete_v2_state_transition() and stole MD | #11 spent 0.53 milliseconds in resume sending helper answer | stop processing: state #11 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f45580016a0 | spent 0.0021 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 36 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 51 09 2b ee f6 12 cf 23 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 0e | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 51 09 2b ee f6 12 cf 23 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2N (0x29) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 36 (0x24) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #11 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #11 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #11 connection "aes128" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #11 is idle | #11 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | processing payload: ISAKMP_NEXT_v2N (len=0) | State DB: re-hashing IKEv2 state #11 IKE SPIi and SPI[ir] | #11 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process SA_INIT reply notification | Now let's proceed with state specific processing | calling processor Initiator: process SA_INIT reply notification "aes128" #11: STATE_PARENT_I1: received unauthenticated v2N_NO_PROPOSAL_CHOSEN - ignored | #11 spent 0.00981 milliseconds in processing: Initiator: process SA_INIT reply notification in ikev2_process_state_packet() | [RE]START processing: state #11 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #11 complete_v2_state_transition() PARENT_I1->PARENT_I1 with status STF_IGNORE | stop processing: state #11 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #11 spent 0.119 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.131 milliseconds in comm_handle_cb() reading and processing packet | timer_event_cb: processing event@0x556c50772dd0 | handling event EVENT_RETRANSMIT for parent state #11 | start processing: state #11 connection "aes128" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) | IKEv2 retransmit event | [RE]START processing: state #11 connection "aes128" from 192.1.2.23:500 (in retransmit_v2_msg() at retry.c:144) | handling event EVENT_RETRANSMIT for 192.1.2.23 "aes128" #11 attempt 2 of 0 | and parent for 192.1.2.23 "aes128" #11 keying attempt 1 of 0; retransmit 1 "aes128" #11: IMPAIR: retransmit so deleting SA | maximum number of keyingtries reached - deleting state | [RE]START processing: state #11 connection "aes128" from 192.1.2.23:500 (in retransmit_v2_msg() at retry.c:234) | pstats #11 ikev2.ike failed too-many-retransmits | pstats #11 ikev2.ike deleted too-many-retransmits | #11 spent 1.78 milliseconds in total | [RE]START processing: state #11 connection "aes128" from 192.1.2.23:500 (in delete_state() at state.c:879) "aes128" #11: deleting state (STATE_PARENT_I1) aged 0.502s and NOT sending notification | parent state #11: PARENT_I1(half-open IKE SA) => delete | in connection_discard for connection aes128 | close_any(fd@25) (in delete_pending() at pending.c:244) | removing pending policy for "aes128" {0x7f4560002d20} | State DB: IKEv2 state not found (flush_incomplete_children) | picked newest_isakmp_sa #0 for #11 "aes128" #11: deleting IKE SA for connection 'aes128' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS | add revival: connection 'aes128' added to the list and scheduled for 0 seconds | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #11 in PARENT_I1 | parent state #11: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) | close_any(fd@24) (in release_whack() at state.c:654) | DH secret MODP2048@0x7f45580010c0: destroyed | stop processing: state #11 from 192.1.2.23:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | libevent_free: release ptr-libevent@0x7f4568006800 | free_event_entry: release EVENT_RETRANSMIT-pe@0x556c50772dd0 | in statetime_stop() and could not find #11 | processing: STOP state #0 (in timer_event_cb() at timer.c:557) | processing global timer EVENT_REVIVE_CONNS Initiating connection aes128 which received a Delete/Notify but must remain up per local policy | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in initiate_a_connection() at initiate.c:186) | connection 'aes128' +POLICY_UP | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #12 at 0x556c50769370 | State DB: adding IKEv2 state #12 in UNDEFINED | pstats #12 ikev2.ike started | Message ID: init #12: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #12: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #12; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #12 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "aes128" IKE SA #12 "aes128" "aes128" #12: initiating v2 parent SA | using existing local IKE proposals for connection aes128 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 12 for state #12 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x556c50772dd0 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #12 | libevent_malloc: new ptr-libevent@0x7f45580016a0 size 128 | #12 spent 0.0786 milliseconds in ikev2_parent_outI1() | RESET processing: state #12 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | spent 0.0974 milliseconds in global timer EVENT_REVIVE_CONNS | crypto helper 2 resuming | crypto helper 2 starting work-order 12 for state #12 | crypto helper 2 doing build KE and nonce (ikev2_outI1 KE); request ID 12 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f455c0010c0: created | NSS: Local DH MODP2048 secret (pointer): 0x7f455c0010c0 | NSS: Public DH wire value: | 30 b5 96 57 23 48 ec 57 1e b9 04 bb e0 41 8f b4 | 90 ad c6 e1 a3 e1 77 2c ec 46 d1 10 26 bf 4a e6 | 93 31 cd 13 78 2c d1 69 1e b6 79 d3 d0 fd 6c cd | 38 fc a6 d6 d9 bd a6 e2 0d 0b 52 1b 5d f1 e1 ea | 02 0a e7 af ef 66 1b 59 4a fb 0d c5 c3 83 f6 c2 | a9 17 79 5e 91 f3 75 ca 32 fd c8 37 9c b7 d2 c7 | e3 7b 98 d0 fa 3b 47 9e 2b 48 75 65 93 48 70 02 | 74 32 63 0c 67 7f 6d 51 c8 eb 2c 88 cb a1 f9 5a | 2f 9f c6 71 70 9e 68 0d 8b 74 40 52 41 aa d6 33 | d2 1d 75 1d ed c5 43 80 33 0b 75 4b 9c 99 f8 39 | be 06 89 7a 8e d4 59 69 dd 3c 25 f5 a3 f1 63 8e | 08 21 84 d7 68 b8 3f aa 7a b2 3a 93 f5 4c de 40 | 49 1c f2 a8 23 d5 02 2b ea 7b b7 11 99 c6 40 26 | 19 f9 79 0f f2 41 32 17 2f 4b a7 9c 56 41 b1 54 | 31 b8 93 38 0b f3 09 67 ea cc 0e 9d 0f 9f 82 f8 | a5 8d ca 09 fa 45 47 a7 03 e2 41 74 86 f7 07 43 | Generated nonce: 03 6b 47 a3 f8 c5 4c dd b0 90 d0 dd 77 f7 ef bb | Generated nonce: 66 f9 10 c0 af 05 f8 01 98 6c ee fd 67 4d 48 a9 | crypto helper 2 finished build KE and nonce (ikev2_outI1 KE); request ID 12 time elapsed 0.001205 seconds | (#12) spent 1.06 milliseconds in crypto helper computing work-order 12: ikev2_outI1 KE (pcr) | crypto helper 2 sending results from work-order 12 for state #12 to event queue | scheduling resume sending helper answer for #12 | libevent_malloc: new ptr-libevent@0x7f455c0016a0 size 128 | crypto helper 2 waiting (nothing to do) | processing resume sending helper answer for #12 | start processing: state #12 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 2 replies to request ID 12 | calling continuation function 0x556c4f6f1630 | ikev2_parent_outI1_continue for #12 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f455c0010c0: transferring ownership from helper KE to state #12 | **emit ISAKMP Message: | initiator cookie: | 29 a3 3c 30 7d 92 33 78 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection aes128 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "aes128" #12: IMPAIR: omitting fixed-size key-length attribute | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 40 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 44 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 30 b5 96 57 23 48 ec 57 1e b9 04 bb e0 41 8f b4 | ikev2 g^x 90 ad c6 e1 a3 e1 77 2c ec 46 d1 10 26 bf 4a e6 | ikev2 g^x 93 31 cd 13 78 2c d1 69 1e b6 79 d3 d0 fd 6c cd | ikev2 g^x 38 fc a6 d6 d9 bd a6 e2 0d 0b 52 1b 5d f1 e1 ea | ikev2 g^x 02 0a e7 af ef 66 1b 59 4a fb 0d c5 c3 83 f6 c2 | ikev2 g^x a9 17 79 5e 91 f3 75 ca 32 fd c8 37 9c b7 d2 c7 | ikev2 g^x e3 7b 98 d0 fa 3b 47 9e 2b 48 75 65 93 48 70 02 | ikev2 g^x 74 32 63 0c 67 7f 6d 51 c8 eb 2c 88 cb a1 f9 5a | ikev2 g^x 2f 9f c6 71 70 9e 68 0d 8b 74 40 52 41 aa d6 33 | ikev2 g^x d2 1d 75 1d ed c5 43 80 33 0b 75 4b 9c 99 f8 39 | ikev2 g^x be 06 89 7a 8e d4 59 69 dd 3c 25 f5 a3 f1 63 8e | ikev2 g^x 08 21 84 d7 68 b8 3f aa 7a b2 3a 93 f5 4c de 40 | ikev2 g^x 49 1c f2 a8 23 d5 02 2b ea 7b b7 11 99 c6 40 26 | ikev2 g^x 19 f9 79 0f f2 41 32 17 2f 4b a7 9c 56 41 b1 54 | ikev2 g^x 31 b8 93 38 0b f3 09 67 ea cc 0e 9d 0f 9f 82 f8 | ikev2 g^x a5 8d ca 09 fa 45 47 a7 03 e2 41 74 86 f7 07 43 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 03 6b 47 a3 f8 c5 4c dd b0 90 d0 dd 77 f7 ef bb | IKEv2 nonce 66 f9 10 c0 af 05 f8 01 98 6c ee fd 67 4d 48 a9 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffdc298a810 (length 8) | 29 a3 3c 30 7d 92 33 78 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffdc298a818 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffdc298a744 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffdc298a736 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffdc298a7c0 (length 20) | e8 e2 0b 2d 52 d6 84 53 b8 70 44 90 a9 56 1b 81 | ec b6 5e d3 | natd_hash: hasher=0x556c4f7c77a0(20) | natd_hash: icookie= 29 a3 3c 30 7d 92 33 78 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= e8 e2 0b 2d 52 d6 84 53 b8 70 44 90 a9 56 1b 81 | natd_hash: hash= ec b6 5e d3 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data e8 e2 0b 2d 52 d6 84 53 b8 70 44 90 a9 56 1b 81 | Notify data ec b6 5e d3 | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffdc298a810 (length 8) | 29 a3 3c 30 7d 92 33 78 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffdc298a818 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffdc298a744 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffdc298a736 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffdc298a7c0 (length 20) | e8 8d 08 69 7b 91 dd 98 bb 1d 20 b7 20 e0 7c 1b | c8 b3 75 e8 | natd_hash: hasher=0x556c4f7c77a0(20) | natd_hash: icookie= 29 a3 3c 30 7d 92 33 78 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= e8 8d 08 69 7b 91 dd 98 bb 1d 20 b7 20 e0 7c 1b | natd_hash: hash= c8 b3 75 e8 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data e8 8d 08 69 7b 91 dd 98 bb 1d 20 b7 20 e0 7c 1b | Notify data c8 b3 75 e8 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 436 | stop processing: state #12 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #12 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #12 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #12: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #12 to 4294967295 after switching state | Message ID: IKE #12 skipping update_recv as MD is fake | Message ID: sent #12 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "aes128" #12: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 436 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #12) | 29 a3 3c 30 7d 92 33 78 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 0c | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | 30 b5 96 57 23 48 ec 57 1e b9 04 bb e0 41 8f b4 | 90 ad c6 e1 a3 e1 77 2c ec 46 d1 10 26 bf 4a e6 | 93 31 cd 13 78 2c d1 69 1e b6 79 d3 d0 fd 6c cd | 38 fc a6 d6 d9 bd a6 e2 0d 0b 52 1b 5d f1 e1 ea | 02 0a e7 af ef 66 1b 59 4a fb 0d c5 c3 83 f6 c2 | a9 17 79 5e 91 f3 75 ca 32 fd c8 37 9c b7 d2 c7 | e3 7b 98 d0 fa 3b 47 9e 2b 48 75 65 93 48 70 02 | 74 32 63 0c 67 7f 6d 51 c8 eb 2c 88 cb a1 f9 5a | 2f 9f c6 71 70 9e 68 0d 8b 74 40 52 41 aa d6 33 | d2 1d 75 1d ed c5 43 80 33 0b 75 4b 9c 99 f8 39 | be 06 89 7a 8e d4 59 69 dd 3c 25 f5 a3 f1 63 8e | 08 21 84 d7 68 b8 3f aa 7a b2 3a 93 f5 4c de 40 | 49 1c f2 a8 23 d5 02 2b ea 7b b7 11 99 c6 40 26 | 19 f9 79 0f f2 41 32 17 2f 4b a7 9c 56 41 b1 54 | 31 b8 93 38 0b f3 09 67 ea cc 0e 9d 0f 9f 82 f8 | a5 8d ca 09 fa 45 47 a7 03 e2 41 74 86 f7 07 43 | 29 00 00 24 03 6b 47 a3 f8 c5 4c dd b0 90 d0 dd | 77 f7 ef bb 66 f9 10 c0 af 05 f8 01 98 6c ee fd | 67 4d 48 a9 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 e8 e2 0b 2d 52 d6 84 53 b8 70 44 90 | a9 56 1b 81 ec b6 5e d3 00 00 00 1c 00 00 40 05 | e8 8d 08 69 7b 91 dd 98 bb 1d 20 b7 20 e0 7c 1b | c8 b3 75 e8 | state #12 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f45580016a0 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x556c50772dd0 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x556c50772dd0 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #12 | libevent_malloc: new ptr-libevent@0x7f45580016a0 size 128 | #12 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49495.512463 | resume sending helper answer for #12 suppresed complete_v2_state_transition() and stole MD | #12 spent 0.496 milliseconds in resume sending helper answer | stop processing: state #12 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f455c0016a0 | spent 0.00173 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 36 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 29 a3 3c 30 7d 92 33 78 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 0e | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 29 a3 3c 30 7d 92 33 78 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2N (0x29) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 36 (0x24) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #12 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #12 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #12 connection "aes128" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #12 is idle | #12 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | processing payload: ISAKMP_NEXT_v2N (len=0) | State DB: re-hashing IKEv2 state #12 IKE SPIi and SPI[ir] | #12 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process SA_INIT reply notification | Now let's proceed with state specific processing | calling processor Initiator: process SA_INIT reply notification "aes128" #12: STATE_PARENT_I1: received unauthenticated v2N_NO_PROPOSAL_CHOSEN - ignored | #12 spent 0.00335 milliseconds in processing: Initiator: process SA_INIT reply notification in ikev2_process_state_packet() | [RE]START processing: state #12 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #12 complete_v2_state_transition() PARENT_I1->PARENT_I1 with status STF_IGNORE | stop processing: state #12 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #12 spent 0.109 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.12 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_STATE_... in show_traffic_status (sort_states) | FOR_EACH_STATE_... in sort_states | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0407 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in terminate_a_connection() at terminate.c:69) "aes128": terminating SAs using this connection | connection 'aes128' -POLICY_UP | removing pending policy for no connection {0x7f4560002d20} | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #12 | suspend processing: connection "aes128" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #12 connection "aes128" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #12 ikev2.ike deleted other | #12 spent 1.75 milliseconds in total | [RE]START processing: state #12 connection "aes128" from 192.1.2.23:500 (in delete_state() at state.c:879) "aes128" #12: deleting state (STATE_PARENT_I1) aged 0.061s and NOT sending notification | parent state #12: PARENT_I1(half-open IKE SA) => delete | state #12 requesting EVENT_RETRANSMIT to be deleted | #12 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x7f45580016a0 | free_event_entry: release EVENT_RETRANSMIT-pe@0x556c50772dd0 | State DB: IKEv2 state not found (flush_incomplete_children) | stop processing: connection "aes128" (BACKGROUND) (in update_state_connection() at connections.c:4037) | start processing: connection NULL (in update_state_connection() at connections.c:4038) | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #12 in PARENT_I1 | parent state #12: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f455c0010c0: destroyed | stop processing: state #12 from 192.1.2.23:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | free hp@0x556c50769f20 | flush revival: connection 'aes128' wasn't on the list | stop processing: connection "aes128" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.226 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none - bust-mi2+bust-mr2+drop-i2+sa-creation+jacob-two-two+allow-null-none+major-version-bump+minor-version-bump+timeout-on-retransmit+delete-on-retransmit+suppress-retransmits+send-bogus-payload-flag+send-bogus-isakmp-flag+send-no-delete+send-no-ikev2-auth+send-no-xauth-r0+drop-xauth-r0+send-no-main-r2+force-fips+send-key-size-check+send-bogus-dcookie+omit-hash-notify+ignore-hash-notify+ignore-hash-notify-resp+ikev2-exclude-integ-none+ikev2-include-integ-none+replay-duplicates+replay-forward+replay-backward+replay-encrypted+corrupt-encrypted+proposal-parser+add-unknown-payload-to-sa-init+add-unknown-payload-to-auth+add-unknown-payload-to-auth-sk+unknown-payload-critical+allow-dns-insecure+send-pkcs7-thingie+ikev1-del-with-notify+bad-ikev2-auth-xchg | base impairing = none | ike-key-length-attribute: disabled | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0575 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing none + delete-on-retransmit | base impairing = delete-on-retransmit | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0476 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none | base impairing = delete-on-retransmit | child-key-length-attribute:OMIT | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0456 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection aes128 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_CBC_128-HMAC_SHA1-MODP2048 | from whack: got --esp=aes128-sha1;modp2048 | ESP/AH string values: AES_CBC_128-HMAC_SHA1_96-MODP2048 | counting wild cards for @west is 0 | counting wild cards for @east is 0 | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x556c5076b1c0 added connection description "aes128" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.149 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in initiate_a_connection() at initiate.c:186) | connection 'aes128' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #13 at 0x556c50769370 | State DB: adding IKEv2 state #13 in UNDEFINED | pstats #13 ikev2.ike started | Message ID: init #13: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #13: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #13; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #13 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "aes128" IKE SA #13 "aes128" "aes128" #13: initiating v2 parent SA | constructing local IKE proposals for aes128 (IKE SA initiator selecting KE) | converting ike_info AES_CBC_128-HMAC_SHA1-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "aes128": constructed local IKE proposals for aes128 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 13 for state #13 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x556c50772dd0 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #13 | libevent_malloc: new ptr-libevent@0x7f455c0016a0 size 128 | #13 spent 0.162 milliseconds in ikev2_parent_outI1() | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: state #13 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.255 milliseconds in whack | crypto helper 4 resuming | crypto helper 4 starting work-order 13 for state #13 | crypto helper 4 doing build KE and nonce (ikev2_outI1 KE); request ID 13 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f4550002010: created | NSS: Local DH MODP2048 secret (pointer): 0x7f4550002010 | NSS: Public DH wire value: | 5a 3e 0a b1 d0 2b 79 58 5e d4 e2 0a 1c cd 00 5f | 7c 7d 86 5c 26 9b 91 73 01 1d 3e f4 b8 76 06 81 | 62 d4 60 57 a2 26 9c 9c 35 47 c9 e8 34 97 36 16 | a9 40 cc fc 6b f4 f1 23 d9 78 72 7d c1 f6 8e c2 | e6 72 03 2e 5d 49 b6 c7 b5 5a ac 07 4b 5e 8c e6 | c8 52 a9 b5 19 44 30 29 66 ec 7b ed 07 e2 ae 8c | 2c ad a0 95 a2 31 0f b1 e4 d2 d8 f7 19 a3 89 eb | 18 4b b2 4a 4a 1b b8 f0 b1 0c 51 70 b1 8b cb 4a | 0e 93 c9 37 b0 3f 57 15 fa 30 61 07 b4 f9 eb 91 | a0 ef e8 7a cd 67 38 1b db 2f 46 15 ed 76 0b 8b | d3 b2 bd bd e9 2a 7b c0 97 74 4e 4f d4 63 a5 42 | ef 22 a6 af e6 4f 00 fc f2 62 dc d8 e3 e5 71 89 | 65 95 3c f0 f2 f9 8e cf ff a9 14 3c 97 e7 c8 d7 | d3 34 85 e4 65 fc 1d 1f 6a 84 1a d3 26 06 06 5b | 7a 5e 66 55 a4 bf 03 e3 bf dc 05 9a 30 1c b5 d6 | 85 2e ed 38 be 0f 01 f9 fc 61 2f bc 3d 69 a0 03 | Generated nonce: 9f ce 7b 23 47 90 3a ec 2d fd 17 be cc 64 c0 40 | Generated nonce: a5 36 3d 60 3b f5 5b 1f 6b 59 0c 6c b3 2d e7 05 | crypto helper 4 finished build KE and nonce (ikev2_outI1 KE); request ID 13 time elapsed 0.001441 seconds | (#13) spent 1.38 milliseconds in crypto helper computing work-order 13: ikev2_outI1 KE (pcr) | crypto helper 4 sending results from work-order 13 for state #13 to event queue | scheduling resume sending helper answer for #13 | libevent_malloc: new ptr-libevent@0x7f45500087a0 size 128 | crypto helper 4 waiting (nothing to do) | processing resume sending helper answer for #13 | start processing: state #13 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 4 replies to request ID 13 | calling continuation function 0x556c4f6f1630 | ikev2_parent_outI1_continue for #13 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f4550002010: transferring ownership from helper KE to state #13 | **emit ISAKMP Message: | initiator cookie: | 09 59 11 4a c2 0f 26 e5 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection aes128 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 5a 3e 0a b1 d0 2b 79 58 5e d4 e2 0a 1c cd 00 5f | ikev2 g^x 7c 7d 86 5c 26 9b 91 73 01 1d 3e f4 b8 76 06 81 | ikev2 g^x 62 d4 60 57 a2 26 9c 9c 35 47 c9 e8 34 97 36 16 | ikev2 g^x a9 40 cc fc 6b f4 f1 23 d9 78 72 7d c1 f6 8e c2 | ikev2 g^x e6 72 03 2e 5d 49 b6 c7 b5 5a ac 07 4b 5e 8c e6 | ikev2 g^x c8 52 a9 b5 19 44 30 29 66 ec 7b ed 07 e2 ae 8c | ikev2 g^x 2c ad a0 95 a2 31 0f b1 e4 d2 d8 f7 19 a3 89 eb | ikev2 g^x 18 4b b2 4a 4a 1b b8 f0 b1 0c 51 70 b1 8b cb 4a | ikev2 g^x 0e 93 c9 37 b0 3f 57 15 fa 30 61 07 b4 f9 eb 91 | ikev2 g^x a0 ef e8 7a cd 67 38 1b db 2f 46 15 ed 76 0b 8b | ikev2 g^x d3 b2 bd bd e9 2a 7b c0 97 74 4e 4f d4 63 a5 42 | ikev2 g^x ef 22 a6 af e6 4f 00 fc f2 62 dc d8 e3 e5 71 89 | ikev2 g^x 65 95 3c f0 f2 f9 8e cf ff a9 14 3c 97 e7 c8 d7 | ikev2 g^x d3 34 85 e4 65 fc 1d 1f 6a 84 1a d3 26 06 06 5b | ikev2 g^x 7a 5e 66 55 a4 bf 03 e3 bf dc 05 9a 30 1c b5 d6 | ikev2 g^x 85 2e ed 38 be 0f 01 f9 fc 61 2f bc 3d 69 a0 03 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 9f ce 7b 23 47 90 3a ec 2d fd 17 be cc 64 c0 40 | IKEv2 nonce a5 36 3d 60 3b f5 5b 1f 6b 59 0c 6c b3 2d e7 05 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffdc298a810 (length 8) | 09 59 11 4a c2 0f 26 e5 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffdc298a818 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffdc298a744 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffdc298a736 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffdc298a7c0 (length 20) | 50 19 d0 f3 ce 05 64 3e e7 65 ff 3b 43 93 56 05 | 97 c8 e9 d9 | natd_hash: hasher=0x556c4f7c77a0(20) | natd_hash: icookie= 09 59 11 4a c2 0f 26 e5 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 50 19 d0 f3 ce 05 64 3e e7 65 ff 3b 43 93 56 05 | natd_hash: hash= 97 c8 e9 d9 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 50 19 d0 f3 ce 05 64 3e e7 65 ff 3b 43 93 56 05 | Notify data 97 c8 e9 d9 | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffdc298a810 (length 8) | 09 59 11 4a c2 0f 26 e5 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffdc298a818 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffdc298a744 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffdc298a736 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffdc298a7c0 (length 20) | e2 ba bb c9 ec 25 fb f0 38 fc 5d 9d 25 64 6d bf | 91 9c 64 d3 | natd_hash: hasher=0x556c4f7c77a0(20) | natd_hash: icookie= 09 59 11 4a c2 0f 26 e5 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= e2 ba bb c9 ec 25 fb f0 38 fc 5d 9d 25 64 6d bf | natd_hash: hash= 91 9c 64 d3 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data e2 ba bb c9 ec 25 fb f0 38 fc 5d 9d 25 64 6d bf | Notify data 91 9c 64 d3 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | stop processing: state #13 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #13 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #13 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #13: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #13 to 4294967295 after switching state | Message ID: IKE #13 skipping update_recv as MD is fake | Message ID: sent #13 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "aes128" #13: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 440 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #13) | 09 59 11 4a c2 0f 26 e5 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 5a 3e 0a b1 d0 2b 79 58 5e d4 e2 0a | 1c cd 00 5f 7c 7d 86 5c 26 9b 91 73 01 1d 3e f4 | b8 76 06 81 62 d4 60 57 a2 26 9c 9c 35 47 c9 e8 | 34 97 36 16 a9 40 cc fc 6b f4 f1 23 d9 78 72 7d | c1 f6 8e c2 e6 72 03 2e 5d 49 b6 c7 b5 5a ac 07 | 4b 5e 8c e6 c8 52 a9 b5 19 44 30 29 66 ec 7b ed | 07 e2 ae 8c 2c ad a0 95 a2 31 0f b1 e4 d2 d8 f7 | 19 a3 89 eb 18 4b b2 4a 4a 1b b8 f0 b1 0c 51 70 | b1 8b cb 4a 0e 93 c9 37 b0 3f 57 15 fa 30 61 07 | b4 f9 eb 91 a0 ef e8 7a cd 67 38 1b db 2f 46 15 | ed 76 0b 8b d3 b2 bd bd e9 2a 7b c0 97 74 4e 4f | d4 63 a5 42 ef 22 a6 af e6 4f 00 fc f2 62 dc d8 | e3 e5 71 89 65 95 3c f0 f2 f9 8e cf ff a9 14 3c | 97 e7 c8 d7 d3 34 85 e4 65 fc 1d 1f 6a 84 1a d3 | 26 06 06 5b 7a 5e 66 55 a4 bf 03 e3 bf dc 05 9a | 30 1c b5 d6 85 2e ed 38 be 0f 01 f9 fc 61 2f bc | 3d 69 a0 03 29 00 00 24 9f ce 7b 23 47 90 3a ec | 2d fd 17 be cc 64 c0 40 a5 36 3d 60 3b f5 5b 1f | 6b 59 0c 6c b3 2d e7 05 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 50 19 d0 f3 ce 05 64 3e | e7 65 ff 3b 43 93 56 05 97 c8 e9 d9 00 00 00 1c | 00 00 40 05 e2 ba bb c9 ec 25 fb f0 38 fc 5d 9d | 25 64 6d bf 91 9c 64 d3 | state #13 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f455c0016a0 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x556c50772dd0 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x556c50772dd0 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #13 | libevent_malloc: new ptr-libevent@0x7f455c0016a0 size 128 | #13 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49496.056364 | resume sending helper answer for #13 suppresed complete_v2_state_transition() and stole MD | #13 spent 0.716 milliseconds in resume sending helper answer | stop processing: state #13 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f45500087a0 | spent 0.00225 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 440 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 09 59 11 4a c2 0f 26 e5 55 a5 da 62 5b bc 99 84 | 21 20 22 20 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 0e 3e e6 66 aa 41 9c 64 27 32 89 19 | e9 6d ef af 85 89 f5 31 fc ff 09 25 04 0b 8e 27 | ac 6c 30 1f e5 06 fe c5 1c f2 e6 63 28 99 dc f1 | 9d 13 f5 be 51 9c a6 67 49 da 3b bd 96 ab f0 4d | 23 b9 a4 f6 69 a3 a8 e0 cb 09 28 2f 82 e8 f4 20 | 8c cc e1 ae e8 a0 e1 7b 8e 09 e8 83 81 c6 4c d0 | 0b 7d 6e 5e 5b 39 f1 a1 48 7b 10 ee d7 8d 84 5d | 7b 72 ae 48 e4 5e fa b1 c2 a6 87 b2 55 1e 30 6b | 80 a8 af 0b 62 12 a3 6a 26 21 1d c2 39 8a bd 0b | 0a 50 44 e2 5c 72 1a 46 5e b4 f9 f5 a9 90 82 02 | e3 15 d8 7c 79 20 a1 f8 d7 a9 df e1 4b 56 03 a0 | a1 0a df be 3a 86 63 ee 32 6e da ed b4 cd 5d b2 | 89 86 01 56 e4 4c 60 6f b2 a2 61 eb a2 c4 56 df | a5 26 97 e7 bc e6 bb 4d 4b 22 07 df d4 b9 6b 67 | 17 76 fc a0 c7 ce b9 2a 1f 92 ca 99 fb 2d 83 47 | e5 66 64 6e 22 6c 0b a0 39 c4 e1 da cb 94 b7 4b | 6b 4e 1f 18 29 00 00 24 a3 df cd ef d4 fd d2 32 | 58 f4 10 7f 27 30 74 c7 18 52 1b e1 2b 37 07 97 | e5 f8 08 84 aa 52 06 d5 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 24 52 91 e4 ad 50 db 15 | 6f fa 61 92 fd 34 e1 d3 3b 92 7f b7 00 00 00 1c | 00 00 40 05 b9 b1 fd 3a 02 72 df c3 42 bd 46 0d | 52 9b 48 75 7c ec f0 17 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 09 59 11 4a c2 0f 26 e5 | responder cookie: | 55 a5 da 62 5b bc 99 84 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 440 (0x1b8) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #13 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #13 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #13 connection "aes128" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #13 is idle | #13 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SA (len=44) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | State DB: re-hashing IKEv2 state #13 IKE SPIi and SPI[ir] | #13 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | Now let's proceed with state specific processing | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | ikev2 parent inR1: calculating g^{xy} in order to send I2 | DH public value received: | 0e 3e e6 66 aa 41 9c 64 27 32 89 19 e9 6d ef af | 85 89 f5 31 fc ff 09 25 04 0b 8e 27 ac 6c 30 1f | e5 06 fe c5 1c f2 e6 63 28 99 dc f1 9d 13 f5 be | 51 9c a6 67 49 da 3b bd 96 ab f0 4d 23 b9 a4 f6 | 69 a3 a8 e0 cb 09 28 2f 82 e8 f4 20 8c cc e1 ae | e8 a0 e1 7b 8e 09 e8 83 81 c6 4c d0 0b 7d 6e 5e | 5b 39 f1 a1 48 7b 10 ee d7 8d 84 5d 7b 72 ae 48 | e4 5e fa b1 c2 a6 87 b2 55 1e 30 6b 80 a8 af 0b | 62 12 a3 6a 26 21 1d c2 39 8a bd 0b 0a 50 44 e2 | 5c 72 1a 46 5e b4 f9 f5 a9 90 82 02 e3 15 d8 7c | 79 20 a1 f8 d7 a9 df e1 4b 56 03 a0 a1 0a df be | 3a 86 63 ee 32 6e da ed b4 cd 5d b2 89 86 01 56 | e4 4c 60 6f b2 a2 61 eb a2 c4 56 df a5 26 97 e7 | bc e6 bb 4d 4b 22 07 df d4 b9 6b 67 17 76 fc a0 | c7 ce b9 2a 1f 92 ca 99 fb 2d 83 47 e5 66 64 6e | 22 6c 0b a0 39 c4 e1 da cb 94 b7 4b 6b 4e 1f 18 | using existing local IKE proposals for connection aes128 (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE initiator (accepting) 1 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 44 (0x2c) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..1] of 1 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 12 (0xc) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | ******parse IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048[first-match] | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: AES_CBC=12, found AES_CBC | PRF ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1 | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffdc298a2d0 (length 8) | 09 59 11 4a c2 0f 26 e5 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffdc298a2d8 (length 8) | 55 a5 da 62 5b bc 99 84 | NATD hash sha digest IP addr-bytes@0x7ffdc298a264 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffdc298a256 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffdc298a2e0 (length 20) | b9 b1 fd 3a 02 72 df c3 42 bd 46 0d 52 9b 48 75 | 7c ec f0 17 | natd_hash: hasher=0x556c4f7c77a0(20) | natd_hash: icookie= 09 59 11 4a c2 0f 26 e5 | natd_hash: rcookie= 55 a5 da 62 5b bc 99 84 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= b9 b1 fd 3a 02 72 df c3 42 bd 46 0d 52 9b 48 75 | natd_hash: hash= 7c ec f0 17 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffdc298a2d0 (length 8) | 09 59 11 4a c2 0f 26 e5 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffdc298a2d8 (length 8) | 55 a5 da 62 5b bc 99 84 | NATD hash sha digest IP addr-bytes@0x7ffdc298a264 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffdc298a256 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffdc298a300 (length 20) | 24 52 91 e4 ad 50 db 15 6f fa 61 92 fd 34 e1 d3 | 3b 92 7f b7 | natd_hash: hasher=0x556c4f7c77a0(20) | natd_hash: icookie= 09 59 11 4a c2 0f 26 e5 | natd_hash: rcookie= 55 a5 da 62 5b bc 99 84 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 24 52 91 e4 ad 50 db 15 6f fa 61 92 fd 34 e1 d3 | natd_hash: hash= 3b 92 7f b7 | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA1 integ=HMAC_SHA1_96 cipherkey=AES_CBC | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7f4550002010: transferring ownership from state #13 to helper IKEv2 DH | adding ikev2_inR1outI2 KE work-order 14 for state #13 | state #13 requesting EVENT_RETRANSMIT to be deleted | #13 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x7f455c0016a0 | free_event_entry: release EVENT_RETRANSMIT-pe@0x556c50772dd0 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x556c50772dd0 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #13 | libevent_malloc: new ptr-libevent@0x7f45500087a0 size 128 | #13 spent 0.273 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() | [RE]START processing: state #13 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #13 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND | suspending state #13 and saving MD | #13 is busy; has a suspended MD | [RE]START processing: state #13 connection "aes128" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) | "aes128" #13 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | stop processing: state #13 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #13 spent 0.503 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.514 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 5 resuming | crypto helper 5 starting work-order 14 for state #13 | crypto helper 5 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 14 | peer's g: 0e 3e e6 66 aa 41 9c 64 27 32 89 19 e9 6d ef af | peer's g: 85 89 f5 31 fc ff 09 25 04 0b 8e 27 ac 6c 30 1f | peer's g: e5 06 fe c5 1c f2 e6 63 28 99 dc f1 9d 13 f5 be | peer's g: 51 9c a6 67 49 da 3b bd 96 ab f0 4d 23 b9 a4 f6 | peer's g: 69 a3 a8 e0 cb 09 28 2f 82 e8 f4 20 8c cc e1 ae | peer's g: e8 a0 e1 7b 8e 09 e8 83 81 c6 4c d0 0b 7d 6e 5e | peer's g: 5b 39 f1 a1 48 7b 10 ee d7 8d 84 5d 7b 72 ae 48 | peer's g: e4 5e fa b1 c2 a6 87 b2 55 1e 30 6b 80 a8 af 0b | peer's g: 62 12 a3 6a 26 21 1d c2 39 8a bd 0b 0a 50 44 e2 | peer's g: 5c 72 1a 46 5e b4 f9 f5 a9 90 82 02 e3 15 d8 7c | peer's g: 79 20 a1 f8 d7 a9 df e1 4b 56 03 a0 a1 0a df be | peer's g: 3a 86 63 ee 32 6e da ed b4 cd 5d b2 89 86 01 56 | peer's g: e4 4c 60 6f b2 a2 61 eb a2 c4 56 df a5 26 97 e7 | peer's g: bc e6 bb 4d 4b 22 07 df d4 b9 6b 67 17 76 fc a0 | peer's g: c7 ce b9 2a 1f 92 ca 99 fb 2d 83 47 e5 66 64 6e | peer's g: 22 6c 0b a0 39 c4 e1 da cb 94 b7 4b 6b 4e 1f 18 | Started DH shared-secret computation in NSS: | new : g_ir-key@0x7f45600069f0 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7f4550002010: computed shared DH secret key@0x7f45600069f0 | dh-shared : g^ir-key@0x7f45600069f0 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha integ=sha cipherkey-size=16 salt-size=0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha init Ni | Nr-chunk@0x7f45540039a0 (length 64) | 9f ce 7b 23 47 90 3a ec 2d fd 17 be cc 64 c0 40 | a5 36 3d 60 3b f5 5b 1f 6b 59 0c 6c b3 2d e7 05 | a3 df cd ef d4 fd d2 32 58 f4 10 7f 27 30 74 c7 | 18 52 1b e1 2b 37 07 97 e5 f8 08 84 aa 52 06 d5 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4570598670 | result: Ni | Nr-key@0x556c507543d0 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x556c507543d0 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570598658 | result: Ni | Nr-key@0x556c5076d180 (64-bytes, SHA_1_HMAC) | Ni | Nr: release tmp-key@0x556c507543d0 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha context 0x7f4554003aa0 from Ni | Nr-key@0x556c5076d180 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha with context 0x7f4554003aa0 from Ni | Nr-key@0x556c5076d180 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x556c5076d180 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha crypt-prf@0x7f4554000d60 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha update g^ir-key@0x7f45600069f0 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x7f45600069f0 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x7f45600069f0 | nss hmac digest hack: symkey-key@0x7f45600069f0 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)1884914384: 29 57 57 0b 3a ffffffb7 3f 5a ffffffa4 48 0d 26 ffffffb9 01 ffffffbd 1e ffffffa3 1c 68 ffffff92 ffffffe6 6d 20 ffffffaa 7e 06 12 50 ffffff92 45 28 ffffffed ffffffd8 58 7d 08 1e ffffffc7 56 4b ffffffd2 ffffff96 ffffffd5 39 fffffffa ffffffe3 48 2a fffffff1 78 7f ffffff96 ffffff84 ffffff9d ffffffe7 16 05 4d ffffffee ffffffca 48 51 28 54 7b ffffffc5 3a 7a ffffffe7 52 5d 5a 66 57 ffffffea 15 6a ffffffce 5f ffffffde ffffffb3 6e ffffff84 4d ffffffec fffffff8 ffffff81 08 ffffff96 ffffffcd ffffffea 7d 63 ffffff8c ffffff9d 2c ffffffa3 7d ffffff94 ffffffa0 25 5a ffffffee ffffffb1 ffffff88 66 ffffffb6 ffffffc2 ffffffee 54 68 0b ffffffc0 7a ffffffc0 6e 3d 66 ffffffa8 4c ffffffbe 3b 72 7a 44 08 4e ffffff9f fffffff8 68 ffffff8a ffffffee 7f 1f ffffffe9 07 36 0c 17 fffffff2 50 67 ffffffad ffffff9b 37 6c 3d ffffffcd 18 ffffff94 ffffff93 fffffff8 17 ffffff81 43 ffffffe5 0a 09 ffffffb0 ffffffc8 ffffffa2 1e ffffffe5 18 ffffff93 ffffff97 fffffff2 fff | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 256 bytes at 0x7f45540019d0 | unwrapped: c0 41 8b f4 a3 39 52 0c 57 ba 5d fa 12 76 9e 4e | unwrapped: eb c6 74 f1 56 62 f7 23 57 3d e9 3f cd 36 39 08 | unwrapped: a3 0c 33 3a 7b 2d 78 b8 1b 53 2e f3 00 e0 a5 64 | unwrapped: 63 eb a8 db 5a 98 41 6b b2 d8 7f 18 d2 31 7d 4b | unwrapped: 8d d0 e6 71 70 c8 7a 16 d0 fb c5 57 1a f1 5d 28 | unwrapped: 99 7f 38 a2 cc dd 13 8c 69 e5 24 be 39 a4 b8 ec | unwrapped: 36 1e fe af 63 6f 85 00 df fe 07 a2 de 40 48 f9 | unwrapped: 1f d3 2b 95 e0 68 5b 28 e7 08 e0 6d f4 8a 8a 18 | unwrapped: cb 04 3f 9e f1 a4 98 eb 20 ac d5 25 c3 20 cb 69 | unwrapped: e7 d6 03 77 c7 6f 14 03 73 ff e7 bf 09 2a cb 7d | unwrapped: fc f5 61 49 82 c8 56 0d c9 ec 69 f7 56 15 0a b8 | unwrapped: 45 9e 65 9c 40 9a 4e 06 9d 56 84 d1 67 00 e3 5f | unwrapped: 4f 2c 1b c8 36 aa 56 58 88 69 33 3e 77 f6 5e c7 | unwrapped: 4e bb f8 e8 d4 cf ce 28 75 c9 08 06 1f f7 98 10 | unwrapped: 9d 22 2f c7 e2 12 4d 9e 04 35 05 89 af 68 f6 42 | unwrapped: 44 4c 1f 4f a8 a8 62 47 b2 7f 6e 11 44 7a d3 1b | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4570598690 | result: final-key@0x556c507543d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c507543d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570598678 | result: final-key@0x556c5076d180 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c507543d0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha final-key@0x556c5076d180 (size 20) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x556c5076d180 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4570598600 | result: data=Ni-key@0x556c5074d280 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x556c5074d280 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f45705985e8 | result: data=Ni-key@0x556c507543d0 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x556c5074d280 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c507543d0 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f45705985f0 | result: data+=Nr-key@0x556c5074d280 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x556c507543d0 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c5074d280 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f45705985f0 | result: data+=SPIi-key@0x556c507543d0 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x556c5074d280 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c507543d0 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f45705985f0 | result: data+=SPIr-key@0x556c5074d280 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x556c507543d0 | prf+0 PRF sha init key-key@0x556c5076d180 (size 20) | prf+0: key-key@0x556c5076d180 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c5076d180 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570598518 | result: clone-key@0x556c507543d0 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f4554003aa0 from key-key@0x556c507543d0 | prf+0 prf: begin sha with context 0x7f4554003aa0 from key-key@0x556c507543d0 | prf+0: release clone-key@0x556c507543d0 | prf+0 PRF sha crypt-prf@0x7f4554001790 | prf+0 PRF sha update seed-key@0x556c5074d280 (size 80) | prf+0: seed-key@0x556c5074d280 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x556c5074d280 | nss hmac digest hack: symkey-key@0x556c5074d280 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1884914016: ffffffec 13 fffffffb ffffffeb ffffff99 ffffff88 60 4b 05 28 ffffffab ffffff80 ffffffb5 23 ffffffaa ffffffab 78 15 3d ffffffd6 2c 01 ffffffd5 ffffffe8 4f 74 51 ffffff9f 6b 04 ffffffdd ffffffdb ffffff86 ffffff8a 3b ffffffba 4c ffffffc7 5b ffffffc4 ffffffde 06 fffffff5 15 ffffffc6 67 ffffffcc 1d ffffffd4 6f ffffff9b 49 ffffff89 59 ffffffe4 ffffffbb 73 00 ffffffab 14 4d ffffffbe ffffffd4 ffffffac ffffffa8 ffffffbb ffffffb7 6f ffffff92 70 45 7d ffffff9b 66 0a ffffffee 0f ffffffaf 22 ffffffac | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 80 bytes at 0x7f45540048b0 | unwrapped: 9f ce 7b 23 47 90 3a ec 2d fd 17 be cc 64 c0 40 | unwrapped: a5 36 3d 60 3b f5 5b 1f 6b 59 0c 6c b3 2d e7 05 | unwrapped: a3 df cd ef d4 fd d2 32 58 f4 10 7f 27 30 74 c7 | unwrapped: 18 52 1b e1 2b 37 07 97 e5 f8 08 84 aa 52 06 d5 | unwrapped: 09 59 11 4a c2 0f 26 e5 55 a5 da 62 5b bc 99 84 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4570598520 | result: final-key@0x556c5075ae20 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c5075ae20 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570598508 | result: final-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c5075ae20 | prf+0 PRF sha final-key@0x556c507543d0 (size 20) | prf+0: key-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x556c507543d0 | prf+N PRF sha init key-key@0x556c5076d180 (size 20) | prf+N: key-key@0x556c5076d180 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c5076d180 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570598518 | result: clone-key@0x556c5075ae20 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f4554003aa0 from key-key@0x556c5075ae20 | prf+N prf: begin sha with context 0x7f4554003aa0 from key-key@0x556c5075ae20 | prf+N: release clone-key@0x556c5075ae20 | prf+N PRF sha crypt-prf@0x7f45540010c0 | prf+N PRF sha update old_t-key@0x556c507543d0 (size 20) | prf+N: old_t-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x556c507543d0 | nss hmac digest hack: symkey-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1884914016: ffffffca 0a ffffff80 ffffffba 49 ffffffbf ffffffae ffffffac 70 ffffff8b 05 ffffff89 44 ffffffc7 ffffff89 ffffffa4 ffffffb8 05 ffffffa8 ffffff84 ffffffe8 48 ffffffda ffffff89 ffffffe5 ffffffa3 6b 68 ffffffb0 ffffff97 ffffff87 68 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x7f4554002b30 | unwrapped: d7 ab 21 35 fe bc 32 47 eb ca a3 ae 75 7c 0f b0 | unwrapped: 1e 64 b3 f7 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x556c5074d280 (size 80) | prf+N: seed-key@0x556c5074d280 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x556c5074d280 | nss hmac digest hack: symkey-key@0x556c5074d280 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1884914016: ffffffec 13 fffffffb ffffffeb ffffff99 ffffff88 60 4b 05 28 ffffffab ffffff80 ffffffb5 23 ffffffaa ffffffab 78 15 3d ffffffd6 2c 01 ffffffd5 ffffffe8 4f 74 51 ffffff9f 6b 04 ffffffdd ffffffdb ffffff86 ffffff8a 3b ffffffba 4c ffffffc7 5b ffffffc4 ffffffde 06 fffffff5 15 ffffffc6 67 ffffffcc 1d ffffffd4 6f ffffff9b 49 ffffff89 59 ffffffe4 ffffffbb 73 00 ffffffab 14 4d ffffffbe ffffffd4 ffffffac ffffffa8 ffffffbb ffffffb7 6f ffffff92 70 45 7d ffffff9b 66 0a ffffffee 0f ffffffaf 22 ffffffac | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 80 bytes at 0x7f4554004850 | unwrapped: 9f ce 7b 23 47 90 3a ec 2d fd 17 be cc 64 c0 40 | unwrapped: a5 36 3d 60 3b f5 5b 1f 6b 59 0c 6c b3 2d e7 05 | unwrapped: a3 df cd ef d4 fd d2 32 58 f4 10 7f 27 30 74 c7 | unwrapped: 18 52 1b e1 2b 37 07 97 e5 f8 08 84 aa 52 06 d5 | unwrapped: 09 59 11 4a c2 0f 26 e5 55 a5 da 62 5b bc 99 84 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4570598520 | result: final-key@0x556c5074eb00 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c5074eb00 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570598508 | result: final-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c5074eb00 | prf+N PRF sha final-key@0x556c5075ae20 (size 20) | prf+N: key-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4570598598 | result: result-key@0x556c5074eb00 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x556c507543d0 | prfplus: release old_t[N]-key@0x556c507543d0 | prf+N PRF sha init key-key@0x556c5076d180 (size 20) | prf+N: key-key@0x556c5076d180 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c5076d180 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570598518 | result: clone-key@0x556c507543d0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f4554003aa0 from key-key@0x556c507543d0 | prf+N prf: begin sha with context 0x7f4554003aa0 from key-key@0x556c507543d0 | prf+N: release clone-key@0x556c507543d0 | prf+N PRF sha crypt-prf@0x7f4554002a80 | prf+N PRF sha update old_t-key@0x556c5075ae20 (size 20) | prf+N: old_t-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x556c5075ae20 | nss hmac digest hack: symkey-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1884914016: 03 72 03 ffffff8f 78 ffffff9d ffffffa3 ffffffe6 ffffffb7 ffffffa8 0a 18 ffffff95 79 7c ffffff9e 63 ffffffcb 6f 14 06 47 fffffff2 ffffffe4 04 14 ffffffa2 ffffff83 ffffffe1 39 76 27 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x7f4554004910 | unwrapped: 88 c8 6f 27 c7 62 01 fa f5 e7 bf 1b 81 d9 a3 c9 | unwrapped: 25 ac 29 b5 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x556c5074d280 (size 80) | prf+N: seed-key@0x556c5074d280 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x556c5074d280 | nss hmac digest hack: symkey-key@0x556c5074d280 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1884914016: ffffffec 13 fffffffb ffffffeb ffffff99 ffffff88 60 4b 05 28 ffffffab ffffff80 ffffffb5 23 ffffffaa ffffffab 78 15 3d ffffffd6 2c 01 ffffffd5 ffffffe8 4f 74 51 ffffff9f 6b 04 ffffffdd ffffffdb ffffff86 ffffff8a 3b ffffffba 4c ffffffc7 5b ffffffc4 ffffffde 06 fffffff5 15 ffffffc6 67 ffffffcc 1d ffffffd4 6f ffffff9b 49 ffffff89 59 ffffffe4 ffffffbb 73 00 ffffffab 14 4d ffffffbe ffffffd4 ffffffac ffffffa8 ffffffbb ffffffb7 6f ffffff92 70 45 7d ffffff9b 66 0a ffffffee 0f ffffffaf 22 ffffffac | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 80 bytes at 0x7f45540047f0 | unwrapped: 9f ce 7b 23 47 90 3a ec 2d fd 17 be cc 64 c0 40 | unwrapped: a5 36 3d 60 3b f5 5b 1f 6b 59 0c 6c b3 2d e7 05 | unwrapped: a3 df cd ef d4 fd d2 32 58 f4 10 7f 27 30 74 c7 | unwrapped: 18 52 1b e1 2b 37 07 97 e5 f8 08 84 aa 52 06 d5 | unwrapped: 09 59 11 4a c2 0f 26 e5 55 a5 da 62 5b bc 99 84 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4570598520 | result: final-key@0x7f456000d640 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f456000d640 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570598508 | result: final-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f456000d640 | prf+N PRF sha final-key@0x556c507543d0 (size 20) | prf+N: key-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c5074eb00 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4570598598 | result: result-key@0x7f456000d640 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x556c5074eb00 | prfplus: release old_t[N]-key@0x556c5075ae20 | prf+N PRF sha init key-key@0x556c5076d180 (size 20) | prf+N: key-key@0x556c5076d180 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c5076d180 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570598518 | result: clone-key@0x556c5075ae20 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f4554003aa0 from key-key@0x556c5075ae20 | prf+N prf: begin sha with context 0x7f4554003aa0 from key-key@0x556c5075ae20 | prf+N: release clone-key@0x556c5075ae20 | prf+N PRF sha crypt-prf@0x7f45540010c0 | prf+N PRF sha update old_t-key@0x556c507543d0 (size 20) | prf+N: old_t-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x556c507543d0 | nss hmac digest hack: symkey-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1884914016: ffffffbe fffffff7 ffffffb2 27 28 ffffff8e ffffffd2 5e ffffffcd 56 ffffffa5 46 ffffff94 ffffffed ffffff8e ffffffff 36 fffffff2 56 ffffff82 7b ffffffd5 ffffffbf 68 ffffffe1 0c 22 19 72 65 ffffffae ffffffea | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x7f45540061b0 | unwrapped: a9 c1 29 68 8a 80 24 c5 d6 1f 33 ce b4 1e 45 a1 | unwrapped: f7 4d cb 49 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x556c5074d280 (size 80) | prf+N: seed-key@0x556c5074d280 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x556c5074d280 | nss hmac digest hack: symkey-key@0x556c5074d280 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1884914016: ffffffec 13 fffffffb ffffffeb ffffff99 ffffff88 60 4b 05 28 ffffffab ffffff80 ffffffb5 23 ffffffaa ffffffab 78 15 3d ffffffd6 2c 01 ffffffd5 ffffffe8 4f 74 51 ffffff9f 6b 04 ffffffdd ffffffdb ffffff86 ffffff8a 3b ffffffba 4c ffffffc7 5b ffffffc4 ffffffde 06 fffffff5 15 ffffffc6 67 ffffffcc 1d ffffffd4 6f ffffff9b 49 ffffff89 59 ffffffe4 ffffffbb 73 00 ffffffab 14 4d ffffffbe ffffffd4 ffffffac ffffffa8 ffffffbb ffffffb7 6f ffffff92 70 45 7d ffffff9b 66 0a ffffffee 0f ffffffaf 22 ffffffac | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 80 bytes at 0x7f4554004790 | unwrapped: 9f ce 7b 23 47 90 3a ec 2d fd 17 be cc 64 c0 40 | unwrapped: a5 36 3d 60 3b f5 5b 1f 6b 59 0c 6c b3 2d e7 05 | unwrapped: a3 df cd ef d4 fd d2 32 58 f4 10 7f 27 30 74 c7 | unwrapped: 18 52 1b e1 2b 37 07 97 e5 f8 08 84 aa 52 06 d5 | unwrapped: 09 59 11 4a c2 0f 26 e5 55 a5 da 62 5b bc 99 84 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4570598520 | result: final-key@0x556c5074eb00 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c5074eb00 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570598508 | result: final-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c5074eb00 | prf+N PRF sha final-key@0x556c5075ae20 (size 20) | prf+N: key-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f456000d640 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4570598598 | result: result-key@0x556c5074eb00 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f456000d640 | prfplus: release old_t[N]-key@0x556c507543d0 | prf+N PRF sha init key-key@0x556c5076d180 (size 20) | prf+N: key-key@0x556c5076d180 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c5076d180 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570598518 | result: clone-key@0x556c507543d0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f4554003aa0 from key-key@0x556c507543d0 | prf+N prf: begin sha with context 0x7f4554003aa0 from key-key@0x556c507543d0 | prf+N: release clone-key@0x556c507543d0 | prf+N PRF sha crypt-prf@0x7f4554002a80 | prf+N PRF sha update old_t-key@0x556c5075ae20 (size 20) | prf+N: old_t-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x556c5075ae20 | nss hmac digest hack: symkey-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1884914016: ffffffcc 3b 10 06 79 24 ffffffc6 ffffffee ffffffd8 21 32 01 ffffffed 56 10 ffffffea 0b fffffff9 ffffffa2 34 03 ffffffe0 ffffffc4 ffffffa5 fffffffa 5d ffffffd5 4d 2d ffffffae ffffffc5 42 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x7f4554006180 | unwrapped: 0c 47 74 a2 1a 93 13 7d 48 9b 2b 48 5f ee 80 6c | unwrapped: fb 64 98 5d 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x556c5074d280 (size 80) | prf+N: seed-key@0x556c5074d280 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x556c5074d280 | nss hmac digest hack: symkey-key@0x556c5074d280 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1884914016: ffffffec 13 fffffffb ffffffeb ffffff99 ffffff88 60 4b 05 28 ffffffab ffffff80 ffffffb5 23 ffffffaa ffffffab 78 15 3d ffffffd6 2c 01 ffffffd5 ffffffe8 4f 74 51 ffffff9f 6b 04 ffffffdd ffffffdb ffffff86 ffffff8a 3b ffffffba 4c ffffffc7 5b ffffffc4 ffffffde 06 fffffff5 15 ffffffc6 67 ffffffcc 1d ffffffd4 6f ffffff9b 49 ffffff89 59 ffffffe4 ffffffbb 73 00 ffffffab 14 4d ffffffbe ffffffd4 ffffffac ffffffa8 ffffffbb ffffffb7 6f ffffff92 70 45 7d ffffff9b 66 0a ffffffee 0f ffffffaf 22 ffffffac | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 80 bytes at 0x7f45540061e0 | unwrapped: 9f ce 7b 23 47 90 3a ec 2d fd 17 be cc 64 c0 40 | unwrapped: a5 36 3d 60 3b f5 5b 1f 6b 59 0c 6c b3 2d e7 05 | unwrapped: a3 df cd ef d4 fd d2 32 58 f4 10 7f 27 30 74 c7 | unwrapped: 18 52 1b e1 2b 37 07 97 e5 f8 08 84 aa 52 06 d5 | unwrapped: 09 59 11 4a c2 0f 26 e5 55 a5 da 62 5b bc 99 84 | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4570598520 | result: final-key@0x7f456000d640 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f456000d640 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570598508 | result: final-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f456000d640 | prf+N PRF sha final-key@0x556c507543d0 (size 20) | prf+N: key-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c5074eb00 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4570598598 | result: result-key@0x7f456000d640 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x556c5074eb00 | prfplus: release old_t[N]-key@0x556c5075ae20 | prf+N PRF sha init key-key@0x556c5076d180 (size 20) | prf+N: key-key@0x556c5076d180 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c5076d180 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570598518 | result: clone-key@0x556c5075ae20 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f4554001850 from key-key@0x556c5075ae20 | prf+N prf: begin sha with context 0x7f4554001850 from key-key@0x556c5075ae20 | prf+N: release clone-key@0x556c5075ae20 | prf+N PRF sha crypt-prf@0x7f45540010c0 | prf+N PRF sha update old_t-key@0x556c507543d0 (size 20) | prf+N: old_t-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x556c507543d0 | nss hmac digest hack: symkey-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1884914016: fffffff7 ffffffa9 23 28 7f 78 3f ffffffa6 0a fffffffc 20 2e ffffff99 ffffffa6 ffffff8d 60 7e 08 44 ffffffaf 74 2b 60 ffffff80 ffffffe1 74 fffffff6 27 ffffff9b ffffffaa fffffffb ffffffb9 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x7f45540061b0 | unwrapped: 20 8b 4e 5a 60 3f 9f 16 fd 2f 72 f2 f2 bc 24 5e | unwrapped: 86 e7 1d 62 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x556c5074d280 (size 80) | prf+N: seed-key@0x556c5074d280 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x556c5074d280 | nss hmac digest hack: symkey-key@0x556c5074d280 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1884914016: ffffffec 13 fffffffb ffffffeb ffffff99 ffffff88 60 4b 05 28 ffffffab ffffff80 ffffffb5 23 ffffffaa ffffffab 78 15 3d ffffffd6 2c 01 ffffffd5 ffffffe8 4f 74 51 ffffff9f 6b 04 ffffffdd ffffffdb ffffff86 ffffff8a 3b ffffffba 4c ffffffc7 5b ffffffc4 ffffffde 06 fffffff5 15 ffffffc6 67 ffffffcc 1d ffffffd4 6f ffffff9b 49 ffffff89 59 ffffffe4 ffffffbb 73 00 ffffffab 14 4d ffffffbe ffffffd4 ffffffac ffffffa8 ffffffbb ffffffb7 6f ffffff92 70 45 7d ffffff9b 66 0a ffffffee 0f ffffffaf 22 ffffffac | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 80 bytes at 0x7f4554004850 | unwrapped: 9f ce 7b 23 47 90 3a ec 2d fd 17 be cc 64 c0 40 | unwrapped: a5 36 3d 60 3b f5 5b 1f 6b 59 0c 6c b3 2d e7 05 | unwrapped: a3 df cd ef d4 fd d2 32 58 f4 10 7f 27 30 74 c7 | unwrapped: 18 52 1b e1 2b 37 07 97 e5 f8 08 84 aa 52 06 d5 | unwrapped: 09 59 11 4a c2 0f 26 e5 55 a5 da 62 5b bc 99 84 | prf+N PRF sha update N++-byte@0x6 (6) | 06 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4570598520 | result: final-key@0x556c5074eb00 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c5074eb00 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570598508 | result: final-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c5074eb00 | prf+N PRF sha final-key@0x556c5075ae20 (size 20) | prf+N: key-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f456000d640 (100-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4570598598 | result: result-key@0x556c5074eb00 (120-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f456000d640 | prfplus: release old_t[N]-key@0x556c507543d0 | prf+N PRF sha init key-key@0x556c5076d180 (size 20) | prf+N: key-key@0x556c5076d180 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c5076d180 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570598518 | result: clone-key@0x556c507543d0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f4554003aa0 from key-key@0x556c507543d0 | prf+N prf: begin sha with context 0x7f4554003aa0 from key-key@0x556c507543d0 | prf+N: release clone-key@0x556c507543d0 | prf+N PRF sha crypt-prf@0x7f4554002a80 | prf+N PRF sha update old_t-key@0x556c5075ae20 (size 20) | prf+N: old_t-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x556c5075ae20 | nss hmac digest hack: symkey-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1884914016: 4b ffffffe6 fffffffe ffffffc8 ffffffa0 1e 2a ffffffe4 ffffffcf ffffffb1 ffffffb9 fffffff6 ffffffbd 27 4a 3a 58 ffffff91 39 ffffffcb ffffffaf ffffffcc 53 0b 06 fffffff6 ffffffe6 ffffff81 35 fffffffe ffffffff 16 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x7f4554006180 | unwrapped: 81 c2 fd 50 01 f4 60 0c d6 9b c6 72 c2 e8 98 af | unwrapped: 4f 54 23 ad 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x556c5074d280 (size 80) | prf+N: seed-key@0x556c5074d280 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x556c5074d280 | nss hmac digest hack: symkey-key@0x556c5074d280 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1884914016: ffffffec 13 fffffffb ffffffeb ffffff99 ffffff88 60 4b 05 28 ffffffab ffffff80 ffffffb5 23 ffffffaa ffffffab 78 15 3d ffffffd6 2c 01 ffffffd5 ffffffe8 4f 74 51 ffffff9f 6b 04 ffffffdd ffffffdb ffffff86 ffffff8a 3b ffffffba 4c ffffffc7 5b ffffffc4 ffffffde 06 fffffff5 15 ffffffc6 67 ffffffcc 1d ffffffd4 6f ffffff9b 49 ffffff89 59 ffffffe4 ffffffbb 73 00 ffffffab 14 4d ffffffbe ffffffd4 ffffffac ffffffa8 ffffffbb ffffffb7 6f ffffff92 70 45 7d ffffff9b 66 0a ffffffee 0f ffffffaf 22 ffffffac | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 80 bytes at 0x7f45540061e0 | unwrapped: 9f ce 7b 23 47 90 3a ec 2d fd 17 be cc 64 c0 40 | unwrapped: a5 36 3d 60 3b f5 5b 1f 6b 59 0c 6c b3 2d e7 05 | unwrapped: a3 df cd ef d4 fd d2 32 58 f4 10 7f 27 30 74 c7 | unwrapped: 18 52 1b e1 2b 37 07 97 e5 f8 08 84 aa 52 06 d5 | unwrapped: 09 59 11 4a c2 0f 26 e5 55 a5 da 62 5b bc 99 84 | prf+N PRF sha update N++-byte@0x7 (7) | 07 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4570598520 | result: final-key@0x7f456000d640 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f456000d640 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570598508 | result: final-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f456000d640 | prf+N PRF sha final-key@0x556c507543d0 (size 20) | prf+N: key-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c5074eb00 (120-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4570598598 | result: result-key@0x7f456000d640 (140-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x556c5074eb00 | prfplus: release old_t[N]-key@0x556c5075ae20 | prfplus: release old_t[final]-key@0x556c507543d0 | ike_sa_keymat: release data-key@0x556c5074d280 | calc_skeyseed_v2: release skeyseed_k-key@0x556c5076d180 | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f456000d640 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570598738 | result: result-key@0x556c5076d180 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 20, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f456000d640 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570598738 | result: result-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 40, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f456000d640 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570598738 | result: result-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 60, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x7f456000d640 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570598748 | result: SK_ei_k-key@0x556c5075ae20 (16-bytes, AES_CBC) | initiator salt NULL key has no bytes | calc_skeyseed_v2: release initiator-salt-key-key@NULL | key-offset: 76, key-size: 16 | EXTRACT_KEY_FROM_KEY: | target: AES_CBC | flags: ENCRYPT+DECRYPT | key_size: 16-bytes | base: base-key@0x7f456000d640 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570598748 | result: SK_er_k-key@0x556c5074eb00 (16-bytes, AES_CBC) | responder salt NULL key has no bytes | calc_skeyseed_v2: release responder-salt-key-key@NULL | key-offset: 92, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f456000d640 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570598748 | result: result-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 20 bytes of key@0x556c50757800 | chunk_SK_pi: symkey-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)543437856: 3c 53 ffffffb3 77 04 ffffffd7 ffffff95 24 41 2c 50 37 74 0f ffffffa4 ffffffdb 1d 6a 06 ffffffd0 68 07 13 ffffffbf ffffff98 5f 5e 06 40 ffffffaa ffffff88 ffffffe2 | chunk_SK_pi: release slot-key-key@0x556c50750fd0 | chunk_SK_pi extracted len 32 bytes at 0x7f45540059e0 | unwrapped: f2 bc 24 5e 86 e7 1d 62 81 c2 fd 50 01 f4 60 0c | unwrapped: d6 9b c6 72 00 00 00 00 00 00 00 00 00 00 00 00 | key-offset: 112, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f456000d640 (140-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570598748 | result: result-key@0x7f456000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 20 bytes of key@0x7f456000a510 | chunk_SK_pr: symkey-key@0x7f456000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)543437856: ffffffc7 5b 5b ffffffd4 ffffffe8 ffffffbf 69 ffffffc7 08 ffffffe8 0f 35 07 79 24 1b ffffff95 ffffffdf ffffffa3 5a 67 53 09 14 ffffff8d ffffffe7 07 71 17 4d 0f ffffffeb | chunk_SK_pr: release slot-key-key@0x556c50750fd0 | chunk_SK_pr extracted len 32 bytes at 0x7f4554006340 | unwrapped: c2 e8 98 af 4f 54 23 ad a5 59 76 16 28 4f 0e a6 | unwrapped: 27 db 6a 1a 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x7f456000d640 | calc_skeyseed_v2 pointers: shared-key@0x7f45600069f0, SK_d-key@0x556c5076d180, SK_ai-key@0x556c5074d280, SK_ar-key@0x556c507543d0, SK_ei-key@0x556c5075ae20, SK_er-key@0x556c5074eb00, SK_pi-key@0x556c50757800, SK_pr-key@0x7f456000a510 | calc_skeyseed_v2 initiator salt | | calc_skeyseed_v2 responder salt | | calc_skeyseed_v2 SK_pi | f2 bc 24 5e 86 e7 1d 62 81 c2 fd 50 01 f4 60 0c | d6 9b c6 72 | calc_skeyseed_v2 SK_pr | c2 e8 98 af 4f 54 23 ad a5 59 76 16 28 4f 0e a6 | 27 db 6a 1a | crypto helper 5 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 14 time elapsed 0.003363 seconds | (#13) spent 3.07 milliseconds in crypto helper computing work-order 14: ikev2_inR1outI2 KE (pcr) | crypto helper 5 sending results from work-order 14 for state #13 to event queue | scheduling resume sending helper answer for #13 | libevent_malloc: new ptr-libevent@0x7f4554006560 size 128 | crypto helper 5 waiting (nothing to do) | processing resume sending helper answer for #13 | start processing: state #13 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 5 replies to request ID 14 | calling continuation function 0x556c4f6f1630 | ikev2_parent_inR1outI2_continue for #13: calculating g^{xy}, sending I2 | DH secret MODP2048@0x7f4550002010: transferring ownership from helper IKEv2 DH to state #13 | finish_dh_v2: release st_shared_nss-key@NULL | creating state object #14 at 0x556c5076dc10 | State DB: adding IKEv2 state #14 in UNDEFINED | pstats #14 ikev2.child started | duplicating state object #13 "aes128" as #14 for IPSEC SA | #14 setting local endpoint to 192.1.2.45:500 from #13.st_localport (in duplicate_state() at state.c:1481) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x556c5076d180 | duplicate_state: reference st_skey_ai_nss-key@0x556c5074d280 | duplicate_state: reference st_skey_ar_nss-key@0x556c507543d0 | duplicate_state: reference st_skey_ei_nss-key@0x556c5075ae20 | duplicate_state: reference st_skey_er_nss-key@0x556c5074eb00 | duplicate_state: reference st_skey_pi_nss-key@0x556c50757800 | duplicate_state: reference st_skey_pr_nss-key@0x7f456000a510 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #13.#14; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #13 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 | Message ID: switch-to #13.#14 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 | state #13 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f45500087a0 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x556c50772dd0 | event_schedule: new EVENT_SA_REPLACE-pe@0x556c50772dd0 | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #13 | libevent_malloc: new ptr-libevent@0x7f45500087a0 size 128 | parent state #13: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) | **emit ISAKMP Message: | initiator cookie: | 09 59 11 4a c2 0f 26 e5 | responder cookie: | 55 a5 da 62 5b bc 99 84 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 16 zero bytes of IV into IKEv2 Encryption Payload | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK | IDr payload will be sent | hmac PRF sha init symkey-key@0x556c50757800 (size 20) | hmac: symkey-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a288 | result: clone-key@0x7f456000d640 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x556c50750530 from symkey-key@0x7f456000d640 | hmac prf: begin sha with context 0x556c50750530 from symkey-key@0x7f456000d640 | hmac: release clone-key@0x7f456000d640 | hmac PRF sha crypt-prf@0x556c50769fd0 | ****emit IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload | my identity 77 65 73 74 | emitting length of IKEv2 Identification - Initiator - Payload: 12 | idhash calc I2 02 00 00 00 77 65 73 74 | hmac PRF sha update data-bytes@0x556c4f7f0974 (length 8) | 02 00 00 00 77 65 73 74 | hmac PRF sha final-bytes@0x7ffdc298a820 (length 20) | 34 47 c2 95 85 86 a8 ef b7 ef a5 32 b4 af a9 61 | 71 5c d9 5c | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload | IDr 65 61 73 74 | emitting length of IKEv2 Identification - Responder - Payload: 12 | not sending INITIAL_CONTACT | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | auth method: IKEv2_AUTH_SHARED (0x2) | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_PSK | 1: compared key @east to @west / @east -> 004 | 2: compared key @west to @west / @east -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x556c5075d550 (line=1) | concluding with best_match=014 best=0x556c5075d550 (lineno=1) | inputs to hash1 (first packet) | 09 59 11 4a c2 0f 26 e5 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 5a 3e 0a b1 d0 2b 79 58 5e d4 e2 0a | 1c cd 00 5f 7c 7d 86 5c 26 9b 91 73 01 1d 3e f4 | b8 76 06 81 62 d4 60 57 a2 26 9c 9c 35 47 c9 e8 | 34 97 36 16 a9 40 cc fc 6b f4 f1 23 d9 78 72 7d | c1 f6 8e c2 e6 72 03 2e 5d 49 b6 c7 b5 5a ac 07 | 4b 5e 8c e6 c8 52 a9 b5 19 44 30 29 66 ec 7b ed | 07 e2 ae 8c 2c ad a0 95 a2 31 0f b1 e4 d2 d8 f7 | 19 a3 89 eb 18 4b b2 4a 4a 1b b8 f0 b1 0c 51 70 | b1 8b cb 4a 0e 93 c9 37 b0 3f 57 15 fa 30 61 07 | b4 f9 eb 91 a0 ef e8 7a cd 67 38 1b db 2f 46 15 | ed 76 0b 8b d3 b2 bd bd e9 2a 7b c0 97 74 4e 4f | d4 63 a5 42 ef 22 a6 af e6 4f 00 fc f2 62 dc d8 | e3 e5 71 89 65 95 3c f0 f2 f9 8e cf ff a9 14 3c | 97 e7 c8 d7 d3 34 85 e4 65 fc 1d 1f 6a 84 1a d3 | 26 06 06 5b 7a 5e 66 55 a4 bf 03 e3 bf dc 05 9a | 30 1c b5 d6 85 2e ed 38 be 0f 01 f9 fc 61 2f bc | 3d 69 a0 03 29 00 00 24 9f ce 7b 23 47 90 3a ec | 2d fd 17 be cc 64 c0 40 a5 36 3d 60 3b f5 5b 1f | 6b 59 0c 6c b3 2d e7 05 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 50 19 d0 f3 ce 05 64 3e | e7 65 ff 3b 43 93 56 05 97 c8 e9 d9 00 00 00 1c | 00 00 40 05 e2 ba bb c9 ec 25 fb f0 38 fc 5d 9d | 25 64 6d bf 91 9c 64 d3 | create: initiator inputs to hash2 (responder nonce) | a3 df cd ef d4 fd d2 32 58 f4 10 7f 27 30 74 c7 | 18 52 1b e1 2b 37 07 97 e5 f8 08 84 aa 52 06 d5 | idhash 34 47 c2 95 85 86 a8 ef b7 ef a5 32 b4 af a9 61 | idhash 71 5c d9 5c | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x556c50767d30 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298a080 | result: shared secret-key@0x7f4568006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x7f4568006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a068 | result: shared secret-key@0x7f456000d640 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x7f4568006900 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x556c50750530 from shared secret-key@0x7f456000d640 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x556c50750530 from shared secret-key@0x7f456000d640 | = prf(,"Key Pad for IKEv2"): release clone-key@0x7f456000d640 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x556c506cb8b0 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x556c4f784bb0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298a0a0 | result: final-key@0x7f4568006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f4568006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a088 | result: final-key@0x7f456000d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f4568006900 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x7f456000d640 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x7f456000d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x7f456000d640 (size 20) | = prf(, ): -key@0x7f456000d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f456000d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a098 | result: clone-key@0x7f4568006900 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x556c50750530 from -key@0x7f4568006900 | = prf(, ) prf: begin sha with context 0x556c50750530 from -key@0x7f4568006900 | = prf(, ): release clone-key@0x7f4568006900 | = prf(, ) PRF sha crypt-prf@0x556c5076aef0 | = prf(, ) PRF sha update first-packet-bytes@0x556c506fc6d0 (length 440) | 09 59 11 4a c2 0f 26 e5 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 80 0e 00 80 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 5a 3e 0a b1 d0 2b 79 58 5e d4 e2 0a | 1c cd 00 5f 7c 7d 86 5c 26 9b 91 73 01 1d 3e f4 | b8 76 06 81 62 d4 60 57 a2 26 9c 9c 35 47 c9 e8 | 34 97 36 16 a9 40 cc fc 6b f4 f1 23 d9 78 72 7d | c1 f6 8e c2 e6 72 03 2e 5d 49 b6 c7 b5 5a ac 07 | 4b 5e 8c e6 c8 52 a9 b5 19 44 30 29 66 ec 7b ed | 07 e2 ae 8c 2c ad a0 95 a2 31 0f b1 e4 d2 d8 f7 | 19 a3 89 eb 18 4b b2 4a 4a 1b b8 f0 b1 0c 51 70 | b1 8b cb 4a 0e 93 c9 37 b0 3f 57 15 fa 30 61 07 | b4 f9 eb 91 a0 ef e8 7a cd 67 38 1b db 2f 46 15 | ed 76 0b 8b d3 b2 bd bd e9 2a 7b c0 97 74 4e 4f | d4 63 a5 42 ef 22 a6 af e6 4f 00 fc f2 62 dc d8 | e3 e5 71 89 65 95 3c f0 f2 f9 8e cf ff a9 14 3c | 97 e7 c8 d7 d3 34 85 e4 65 fc 1d 1f 6a 84 1a d3 | 26 06 06 5b 7a 5e 66 55 a4 bf 03 e3 bf dc 05 9a | 30 1c b5 d6 85 2e ed 38 be 0f 01 f9 fc 61 2f bc | 3d 69 a0 03 29 00 00 24 9f ce 7b 23 47 90 3a ec | 2d fd 17 be cc 64 c0 40 a5 36 3d 60 3b f5 5b 1f | 6b 59 0c 6c b3 2d e7 05 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 50 19 d0 f3 ce 05 64 3e | e7 65 ff 3b 43 93 56 05 97 c8 e9 d9 00 00 00 1c | 00 00 40 05 e2 ba bb c9 ec 25 fb f0 38 fc 5d 9d | 25 64 6d bf 91 9c 64 d3 | = prf(, ) PRF sha update nonce-bytes@0x556c507731a0 (length 32) | a3 df cd ef d4 fd d2 32 58 f4 10 7f 27 30 74 c7 | 18 52 1b e1 2b 37 07 97 e5 f8 08 84 aa 52 06 d5 | = prf(, ) PRF sha update hash-bytes@0x7ffdc298a820 (length 20) | 34 47 c2 95 85 86 a8 ef b7 ef a5 32 b4 af a9 61 | 71 5c d9 5c | = prf(, ) PRF sha final-chunk@0x556c50769fd0 (length 20) | f4 1c 08 0d ee 3d 06 ca 0f e4 d2 db fc 94 13 93 | 9f 95 ca 03 | psk_auth: release prf-psk-key@0x7f456000d640 | PSK auth octets f4 1c 08 0d ee 3d 06 ca 0f e4 d2 db fc 94 13 93 | PSK auth octets 9f 95 ca 03 | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth f4 1c 08 0d ee 3d 06 ca 0f e4 d2 db fc 94 13 93 | PSK auth 9f 95 ca 03 | emitting length of IKEv2 Authentication Payload: 28 | getting first pending from state #13 | netlink_get_spi: allocated 0x5c880837 for esp.0@192.1.2.45 | constructing ESP/AH proposals with all DH removed for aes128 (IKE SA initiator emitting ESP/AH proposals) | converting proposal AES_CBC_128-HMAC_SHA1_96-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED "aes128": constructed local ESP/AH proposals for aes128 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Emitting ikev2_proposals ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 5c 88 08 37 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "aes128" #13: IMPAIR: omitting fixed-size key-length attribute | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 36 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 40 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 00 01 00 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 00 01 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 00 02 00 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 00 02 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | adding 4 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 176 | emitting length of ISAKMP Message: 204 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 80 40 52 57 7f dc 3f 9d be db 4f 13 05 52 af 25 | data before encryption: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c | 02 00 00 00 65 61 73 74 21 00 00 1c 02 00 00 00 | f4 1c 08 0d ee 3d 06 ca 0f e4 d2 db fc 94 13 93 | 9f 95 ca 03 2c 00 00 28 00 00 00 24 01 03 04 03 | 5c 88 08 37 03 00 00 08 01 00 00 0c 03 00 00 08 | 03 00 00 02 00 00 00 08 05 00 00 00 2d 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 01 00 | c0 00 01 ff 00 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 02 00 c0 00 02 ff 00 01 02 03 | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | data after encryption: | 28 41 11 7c 45 68 2a 0e 67 85 3c f5 44 ff 28 40 | 8f d4 e3 b8 38 65 a4 dd 7a 7d 17 8b 58 54 84 e2 | 46 dc 6b 81 11 a3 8e d4 97 d5 fe b9 2b a2 68 b9 | d2 41 c8 3c 71 ae 7f 4e 37 2b 15 0d fa 81 15 f1 | bb 10 0e e7 fb 3a 7b 3e ef 0a 0a 95 23 62 08 12 | be f4 7e 98 c0 58 64 5c 59 7d 88 98 b9 41 bc b4 | 63 fc af 1e 57 bd 7a fc 61 53 b5 c2 e6 2d 48 a2 | 47 82 b9 ff 18 c7 d9 aa 50 b1 5b c3 e6 5e e3 57 | 6b ac 0f 35 a9 89 30 0d 05 41 58 50 68 2f 69 aa | hmac PRF sha init symkey-key@0x556c5074d280 (size 20) | hmac: symkey-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a198 | result: clone-key@0x7f456000d640 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x556c50750530 from symkey-key@0x7f456000d640 | hmac prf: begin sha with context 0x556c50750530 from symkey-key@0x7f456000d640 | hmac: release clone-key@0x7f456000d640 | hmac PRF sha crypt-prf@0x556c506cb8b0 | hmac PRF sha update data-bytes@0x556c4f7f0940 (length 192) | 09 59 11 4a c2 0f 26 e5 55 a5 da 62 5b bc 99 84 | 2e 20 23 08 00 00 00 01 00 00 00 cc 23 00 00 b0 | 80 40 52 57 7f dc 3f 9d be db 4f 13 05 52 af 25 | 28 41 11 7c 45 68 2a 0e 67 85 3c f5 44 ff 28 40 | 8f d4 e3 b8 38 65 a4 dd 7a 7d 17 8b 58 54 84 e2 | 46 dc 6b 81 11 a3 8e d4 97 d5 fe b9 2b a2 68 b9 | d2 41 c8 3c 71 ae 7f 4e 37 2b 15 0d fa 81 15 f1 | bb 10 0e e7 fb 3a 7b 3e ef 0a 0a 95 23 62 08 12 | be f4 7e 98 c0 58 64 5c 59 7d 88 98 b9 41 bc b4 | 63 fc af 1e 57 bd 7a fc 61 53 b5 c2 e6 2d 48 a2 | 47 82 b9 ff 18 c7 d9 aa 50 b1 5b c3 e6 5e e3 57 | 6b ac 0f 35 a9 89 30 0d 05 41 58 50 68 2f 69 aa | hmac PRF sha final-bytes@0x556c4f7f0a00 (length 20) | 40 10 32 4b 48 4e 07 44 57 4d ef 30 fc 7e b3 e8 | 31 6d 84 4e | data being hmac: 09 59 11 4a c2 0f 26 e5 55 a5 da 62 5b bc 99 84 | data being hmac: 2e 20 23 08 00 00 00 01 00 00 00 cc 23 00 00 b0 | data being hmac: 80 40 52 57 7f dc 3f 9d be db 4f 13 05 52 af 25 | data being hmac: 28 41 11 7c 45 68 2a 0e 67 85 3c f5 44 ff 28 40 | data being hmac: 8f d4 e3 b8 38 65 a4 dd 7a 7d 17 8b 58 54 84 e2 | data being hmac: 46 dc 6b 81 11 a3 8e d4 97 d5 fe b9 2b a2 68 b9 | data being hmac: d2 41 c8 3c 71 ae 7f 4e 37 2b 15 0d fa 81 15 f1 | data being hmac: bb 10 0e e7 fb 3a 7b 3e ef 0a 0a 95 23 62 08 12 | data being hmac: be f4 7e 98 c0 58 64 5c 59 7d 88 98 b9 41 bc b4 | data being hmac: 63 fc af 1e 57 bd 7a fc 61 53 b5 c2 e6 2d 48 a2 | data being hmac: 47 82 b9 ff 18 c7 d9 aa 50 b1 5b c3 e6 5e e3 57 | data being hmac: 6b ac 0f 35 a9 89 30 0d 05 41 58 50 68 2f 69 aa | out calculated auth: | 40 10 32 4b 48 4e 07 44 57 4d ef 30 | suspend processing: state #13 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | start processing: state #14 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #14 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 | child state #14: UNDEFINED(ignore) => PARENT_I2(open IKE SA) | Message ID: updating counters for #14 to 0 after switching state | Message ID: recv #13.#14 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 | Message ID: sent #13.#14 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 "aes128" #14: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_CBC_128 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP2048} | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 204 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #13) | 09 59 11 4a c2 0f 26 e5 55 a5 da 62 5b bc 99 84 | 2e 20 23 08 00 00 00 01 00 00 00 cc 23 00 00 b0 | 80 40 52 57 7f dc 3f 9d be db 4f 13 05 52 af 25 | 28 41 11 7c 45 68 2a 0e 67 85 3c f5 44 ff 28 40 | 8f d4 e3 b8 38 65 a4 dd 7a 7d 17 8b 58 54 84 e2 | 46 dc 6b 81 11 a3 8e d4 97 d5 fe b9 2b a2 68 b9 | d2 41 c8 3c 71 ae 7f 4e 37 2b 15 0d fa 81 15 f1 | bb 10 0e e7 fb 3a 7b 3e ef 0a 0a 95 23 62 08 12 | be f4 7e 98 c0 58 64 5c 59 7d 88 98 b9 41 bc b4 | 63 fc af 1e 57 bd 7a fc 61 53 b5 c2 e6 2d 48 a2 | 47 82 b9 ff 18 c7 d9 aa 50 b1 5b c3 e6 5e e3 57 | 6b ac 0f 35 a9 89 30 0d 05 41 58 50 68 2f 69 aa | 40 10 32 4b 48 4e 07 44 57 4d ef 30 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x556c50772e10 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #14 | libevent_malloc: new ptr-libevent@0x7f4564006760 size 128 | #14 STATE_PARENT_I2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49496.064036 | resume sending helper answer for #13 suppresed complete_v2_state_transition() | #13 spent 1.05 milliseconds in resume sending helper answer | stop processing: state #14 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f4554006560 | spent 0.00238 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 09 59 11 4a c2 0f 26 e5 55 a5 da 62 5b bc 99 84 | 2e 20 23 20 00 00 00 01 00 00 00 4c 29 00 00 30 | 0f 9f 13 37 0d 5a 59 53 5e 9e 69 82 d6 a6 b9 61 | 3b 92 6c 75 95 9e 04 65 63 20 50 5e 7b 7a 64 6c | 9e ea 68 4c 70 a3 78 3a 10 ac a5 3b | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 09 59 11 4a c2 0f 26 e5 | responder cookie: | 55 a5 da 62 5b bc 99 84 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response | State DB: found IKEv2 state #13 in PARENT_I2 (find_v2_ike_sa) | start processing: state #13 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: found IKEv2 state #14 in PARENT_I2 (find_v2_sa_by_initiator_wip) | suspend processing: state #13 connection "aes128" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | start processing: state #14 connection "aes128" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #14 is idle | #14 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 48 (0x30) | processing payload: ISAKMP_NEXT_v2SK (len=44) | #14 in state PARENT_I2: sent v2I2, expected v2R2 | hmac PRF sha init symkey-key@0x556c507543d0 (size 20) | hmac: symkey-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a0b8 | result: clone-key@0x7f456000d640 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x556c50750530 from symkey-key@0x7f456000d640 | hmac prf: begin sha with context 0x556c50750530 from symkey-key@0x7f456000d640 | hmac: release clone-key@0x7f456000d640 | hmac PRF sha crypt-prf@0x556c506cb8d0 | hmac PRF sha update data-bytes@0x556c506cc0b0 (length 64) | 09 59 11 4a c2 0f 26 e5 55 a5 da 62 5b bc 99 84 | 2e 20 23 20 00 00 00 01 00 00 00 4c 29 00 00 30 | 0f 9f 13 37 0d 5a 59 53 5e 9e 69 82 d6 a6 b9 61 | 3b 92 6c 75 95 9e 04 65 63 20 50 5e 7b 7a 64 6c | hmac PRF sha final-bytes@0x7ffdc298a280 (length 20) | 9e ea 68 4c 70 a3 78 3a 10 ac a5 3b 18 7f b0 c3 | 6e 13 fb 02 | data for hmac: 09 59 11 4a c2 0f 26 e5 55 a5 da 62 5b bc 99 84 | data for hmac: 2e 20 23 20 00 00 00 01 00 00 00 4c 29 00 00 30 | data for hmac: 0f 9f 13 37 0d 5a 59 53 5e 9e 69 82 d6 a6 b9 61 | data for hmac: 3b 92 6c 75 95 9e 04 65 63 20 50 5e 7b 7a 64 6c | calculated auth: 9e ea 68 4c 70 a3 78 3a 10 ac a5 3b | provided auth: 9e ea 68 4c 70 a3 78 3a 10 ac a5 3b | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=16 block-size 16 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 0f 9f 13 37 0d 5a 59 53 5e 9e 69 82 d6 a6 b9 61 | payload before decryption: | 3b 92 6c 75 95 9e 04 65 63 20 50 5e 7b 7a 64 6c | NSS ike_alg_nss_cbc: aes - enter | NSS ike_alg_nss_cbc: aes - exit | payload after decryption: | 00 00 00 08 00 00 00 0e 00 01 02 03 04 05 06 07 | stripping 8 octets as pad | #14 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2N) | **parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | processing payload: ISAKMP_NEXT_v2N (len=0) | selected state microcode IKE SA: process IKE_AUTH response containing unknown notification | Now let's proceed with state specific processing | calling processor IKE SA: process IKE_AUTH response containing unknown notification "aes128" #14: IKE_AUTH response contained the error notification NO_PROPOSAL_CHOSEN "aes128" #14: scheduling retry attempt 1 of an unlimited number, but releasing whack | release_pending_whacks: state #14 fd@25 .st_dev=9 .st_ino=3019680 | close_any(fd@25) (in release_whack() at state.c:654) | close_any(fd@24) (in release_whack() at state.c:654) | release_pending_whacks: IKE SA #13 fd@-1 has pending CHILD SA with socket fd@25 | libevent_free: release ptr-libevent@0x7f4564006760 | free_event_entry: release EVENT_RETRANSMIT-pe@0x556c50772e10 | event_schedule: new EVENT_RETRANSMIT-pe@0x556c50772e10 | inserting event EVENT_RETRANSMIT, timeout in 59.994207 seconds for #14 | libevent_malloc: new ptr-libevent@0x7f4564006760 size 128 "aes128" #14: STATE_PARENT_I2: suppressing retransmits; will wait 59.994207 seconds for retry | #14 spent 0.1 milliseconds in processing: IKE SA: process IKE_AUTH response containing unknown notification in ikev2_process_state_packet() | [RE]START processing: state #14 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #14 complete_v2_state_transition() PARENT_I2->PARENT_I2 with status STF_IGNORE | stop processing: state #14 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #13 spent 0.337 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.348 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_STATE_... in show_traffic_status (sort_states) | FOR_EACH_STATE_... in sort_states | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0412 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in terminate_a_connection() at terminate.c:69) "aes128": terminating SAs using this connection | connection 'aes128' -POLICY_UP | close_any(fd@25) Errno 9: Bad file descriptor (in delete_pending() at pending.c:244) | removing pending policy for no connection {0x7f4560002d20} | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #14 | suspend processing: connection "aes128" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #14 connection "aes128" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #14 ikev2.child deleted other | #14 spent 0.1 milliseconds in total | [RE]START processing: state #14 connection "aes128" from 192.1.2.23:500 (in delete_state() at state.c:879) "aes128" #14: deleting state (STATE_PARENT_I2) aged 0.104s and NOT sending notification | child state #14: PARENT_I2(open IKE SA) => delete | child state #14: PARENT_I2(open IKE SA) => CHILDSA_DEL(informational) | state #14 requesting EVENT_RETRANSMIT to be deleted | #14 STATE_CHILDSA_DEL: retransmits: cleared | libevent_free: release ptr-libevent@0x7f4564006760 | free_event_entry: release EVENT_RETRANSMIT-pe@0x556c50772e10 | priority calculation of connection "aes128" is 0xfe7e7 | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | stop processing: connection "aes128" (BACKGROUND) (in update_state_connection() at connections.c:4037) | start processing: connection NULL (in update_state_connection() at connections.c:4038) | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #14 in CHILDSA_DEL | child state #14: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #14 from 192.1.2.23:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x556c5076d180 | delete_state: release st->st_skey_ai_nss-key@0x556c5074d280 | delete_state: release st->st_skey_ar_nss-key@0x556c507543d0 | delete_state: release st->st_skey_ei_nss-key@0x556c5075ae20 | delete_state: release st->st_skey_er_nss-key@0x556c5074eb00 | delete_state: release st->st_skey_pi_nss-key@0x556c50757800 | delete_state: release st->st_skey_pr_nss-key@0x7f456000a510 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #13 | start processing: state #13 connection "aes128" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #13 ikev2.ike deleted other | #13 spent 7.21 milliseconds in total | [RE]START processing: state #13 connection "aes128" from 192.1.2.23:500 (in delete_state() at state.c:879) "aes128" #13: deleting state (STATE_PARENT_I2) aged 0.113s and NOT sending notification | parent state #13: PARENT_I2(open IKE SA) => delete | state #13 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x7f45500087a0 | free_event_entry: release EVENT_SA_REPLACE-pe@0x556c50772dd0 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #13 in PARENT_I2 | parent state #13: PARENT_I2(open IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f4550002010: destroyed | stop processing: state #13 from 192.1.2.23:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x7f45600069f0 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x556c5076d180 | delete_state: release st->st_skey_ai_nss-key@0x556c5074d280 | delete_state: release st->st_skey_ar_nss-key@0x556c507543d0 | delete_state: release st->st_skey_ei_nss-key@0x556c5075ae20 | delete_state: release st->st_skey_er_nss-key@0x556c5074eb00 | delete_state: release st->st_skey_pi_nss-key@0x556c50757800 | delete_state: release st->st_skey_pr_nss-key@0x7f456000a510 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | free hp@0x556c5076b1c0 | flush revival: connection 'aes128' wasn't on the list | stop processing: connection "aes128" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.376 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none - bust-mi2+bust-mr2+drop-i2+sa-creation+jacob-two-two+allow-null-none+major-version-bump+minor-version-bump+timeout-on-retransmit+delete-on-retransmit+suppress-retransmits+send-bogus-payload-flag+send-bogus-isakmp-flag+send-no-delete+send-no-ikev2-auth+send-no-xauth-r0+drop-xauth-r0+send-no-main-r2+force-fips+send-key-size-check+send-bogus-dcookie+omit-hash-notify+ignore-hash-notify+ignore-hash-notify-resp+ikev2-exclude-integ-none+ikev2-include-integ-none+replay-duplicates+replay-forward+replay-backward+replay-encrypted+corrupt-encrypted+proposal-parser+add-unknown-payload-to-sa-init+add-unknown-payload-to-auth+add-unknown-payload-to-auth-sk+unknown-payload-critical+allow-dns-insecure+send-pkcs7-thingie+ikev1-del-with-notify+bad-ikev2-auth-xchg | base impairing = none | child-key-length-attribute: disabled | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0583 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing none + delete-on-retransmit | base impairing = delete-on-retransmit | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0462 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none | base impairing = delete-on-retransmit | emitting | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0478 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none | base impairing = delete-on-retransmit | ike-key-length-attribute:EMPTY | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0439 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection aes128 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_CBC_128-HMAC_SHA1-MODP2048 | from whack: got --esp=aes128-sha1;modp2048 | ESP/AH string values: AES_CBC_128-HMAC_SHA1_96-MODP2048 | counting wild cards for @west is 0 | counting wild cards for @east is 0 | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x556c50734860 added connection description "aes128" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.133 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in initiate_a_connection() at initiate.c:186) | connection 'aes128' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #15 at 0x556c50769370 | State DB: adding IKEv2 state #15 in UNDEFINED | pstats #15 ikev2.ike started | Message ID: init #15: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #15: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #15; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #15 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "aes128" IKE SA #15 "aes128" "aes128" #15: initiating v2 parent SA | constructing local IKE proposals for aes128 (IKE SA initiator selecting KE) | converting ike_info AES_CBC_128-HMAC_SHA1-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "aes128": constructed local IKE proposals for aes128 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 15 for state #15 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x556c50772dd0 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #15 | libevent_malloc: new ptr-libevent@0x7f4564006760 size 128 | crypto helper 1 resuming | crypto helper 1 starting work-order 15 for state #15 | crypto helper 1 doing build KE and nonce (ikev2_outI1 KE); request ID 15 | #15 spent 0.103 milliseconds in ikev2_parent_outI1() | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | RESET processing: state #15 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.173 milliseconds in whack | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f4568002a80: created | NSS: Local DH MODP2048 secret (pointer): 0x7f4568002a80 | NSS: Public DH wire value: | bc 55 6e 96 d1 6b 2b 46 d5 8f 12 4a 35 7a 1c e0 | d3 d8 6b 65 ca c2 7e 54 09 a6 f4 b6 60 d2 8f 37 | 59 3a db 40 a1 12 ed 52 6e 11 81 0c c3 ea b4 c7 | c5 17 39 0d 67 98 6d 3a f2 2f a0 74 14 c0 a5 fa | 88 67 10 58 13 82 40 50 de 3b 9d 65 8c d1 b7 8b | 05 e7 ac a1 00 4a e5 c5 24 72 d8 a5 32 04 2c 41 | 69 7f fd b2 e0 3f d8 c0 02 d5 c8 f1 8f 19 0c e9 | 97 f1 3a 04 7a ea a7 73 1a d4 97 7c b8 f2 90 d3 | de e9 37 70 73 ab 8d 2c dc 99 99 98 2f 71 a4 49 | 93 01 06 b4 56 92 58 7e 8d 46 bb 7b 82 09 0f 52 | 28 7d c7 55 54 f8 5e 07 c7 d7 b4 c5 c6 42 e7 b8 | 0c c9 06 de ea ef 90 94 11 15 6e ef 85 ab 41 5d | b8 e0 51 b2 02 89 4b 5c ca 5a e7 2e 23 2a 32 d4 | ea 75 b6 68 7a 8b 1b a4 aa 13 ce 7b 11 36 18 06 | 08 b2 f4 ac 8f b7 f4 ae 9e 07 d8 6c 05 01 ef 45 | ea 93 f5 c2 7c 8e 2c c3 4d 43 8d fd 5a e4 ee f7 | Generated nonce: 81 61 31 62 0f b6 bb 6c 11 4a 1b 58 42 ef 95 3f | Generated nonce: 9a 05 62 53 e9 8b 94 17 68 aa 50 9b c4 ce 52 b2 | crypto helper 1 finished build KE and nonce (ikev2_outI1 KE); request ID 15 time elapsed 0.002126 seconds | (#15) spent 0.981 milliseconds in crypto helper computing work-order 15: ikev2_outI1 KE (pcr) | crypto helper 1 sending results from work-order 15 for state #15 to event queue | scheduling resume sending helper answer for #15 | libevent_malloc: new ptr-libevent@0x7f4568008b30 size 128 | crypto helper 1 waiting (nothing to do) | processing resume sending helper answer for #15 | start processing: state #15 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 1 replies to request ID 15 | calling continuation function 0x556c4f6f1630 | ikev2_parent_outI1_continue for #15 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f4568002a80: transferring ownership from helper KE to state #15 | **emit ISAKMP Message: | initiator cookie: | 43 bb 13 1f 1d c8 71 49 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection aes128 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "aes128" #15: IMPAIR: emitting variable-size key-length attribute with no key | ******emit IKEv2 Attribute Substructure Payload: | af+type: 14?? (0xe) | length/value: 0 (0x0) "aes128" #15: IMPAIR: emitting af+type of IKEv2 Attribute Substructure Payload has an unknown value: 0x0+14 (0xe) | emitting length of IKEv2 Attribute Substructure Payload: 0 | emitting 0 raw bytes of attribute value into IKEv2 Transform Substructure Payload | attribute value | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x bc 55 6e 96 d1 6b 2b 46 d5 8f 12 4a 35 7a 1c e0 | ikev2 g^x d3 d8 6b 65 ca c2 7e 54 09 a6 f4 b6 60 d2 8f 37 | ikev2 g^x 59 3a db 40 a1 12 ed 52 6e 11 81 0c c3 ea b4 c7 | ikev2 g^x c5 17 39 0d 67 98 6d 3a f2 2f a0 74 14 c0 a5 fa | ikev2 g^x 88 67 10 58 13 82 40 50 de 3b 9d 65 8c d1 b7 8b | ikev2 g^x 05 e7 ac a1 00 4a e5 c5 24 72 d8 a5 32 04 2c 41 | ikev2 g^x 69 7f fd b2 e0 3f d8 c0 02 d5 c8 f1 8f 19 0c e9 | ikev2 g^x 97 f1 3a 04 7a ea a7 73 1a d4 97 7c b8 f2 90 d3 | ikev2 g^x de e9 37 70 73 ab 8d 2c dc 99 99 98 2f 71 a4 49 | ikev2 g^x 93 01 06 b4 56 92 58 7e 8d 46 bb 7b 82 09 0f 52 | ikev2 g^x 28 7d c7 55 54 f8 5e 07 c7 d7 b4 c5 c6 42 e7 b8 | ikev2 g^x 0c c9 06 de ea ef 90 94 11 15 6e ef 85 ab 41 5d | ikev2 g^x b8 e0 51 b2 02 89 4b 5c ca 5a e7 2e 23 2a 32 d4 | ikev2 g^x ea 75 b6 68 7a 8b 1b a4 aa 13 ce 7b 11 36 18 06 | ikev2 g^x 08 b2 f4 ac 8f b7 f4 ae 9e 07 d8 6c 05 01 ef 45 | ikev2 g^x ea 93 f5 c2 7c 8e 2c c3 4d 43 8d fd 5a e4 ee f7 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 81 61 31 62 0f b6 bb 6c 11 4a 1b 58 42 ef 95 3f | IKEv2 nonce 9a 05 62 53 e9 8b 94 17 68 aa 50 9b c4 ce 52 b2 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffdc298a810 (length 8) | 43 bb 13 1f 1d c8 71 49 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffdc298a818 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffdc298a744 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffdc298a736 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffdc298a7c0 (length 20) | 22 89 88 d8 d2 6b 5f 86 6b 80 be 18 05 e7 eb ba | 24 75 bd 79 | natd_hash: hasher=0x556c4f7c77a0(20) | natd_hash: icookie= 43 bb 13 1f 1d c8 71 49 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 22 89 88 d8 d2 6b 5f 86 6b 80 be 18 05 e7 eb ba | natd_hash: hash= 24 75 bd 79 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 22 89 88 d8 d2 6b 5f 86 6b 80 be 18 05 e7 eb ba | Notify data 24 75 bd 79 | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffdc298a810 (length 8) | 43 bb 13 1f 1d c8 71 49 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffdc298a818 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffdc298a744 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffdc298a736 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffdc298a7c0 (length 20) | 6c 66 ba 27 00 58 20 4e 9e fd 6c 77 3f 0d dd 2b | bd 74 19 bb | natd_hash: hasher=0x556c4f7c77a0(20) | natd_hash: icookie= 43 bb 13 1f 1d c8 71 49 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 6c 66 ba 27 00 58 20 4e 9e fd 6c 77 3f 0d dd 2b | natd_hash: hash= bd 74 19 bb | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 6c 66 ba 27 00 58 20 4e 9e fd 6c 77 3f 0d dd 2b | Notify data bd 74 19 bb | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | stop processing: state #15 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #15 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #15 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #15: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #15 to 4294967295 after switching state | Message ID: IKE #15 skipping update_recv as MD is fake | Message ID: sent #15 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "aes128" #15: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 440 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #15) | 43 bb 13 1f 1d c8 71 49 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 00 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 bc 55 6e 96 d1 6b 2b 46 d5 8f 12 4a | 35 7a 1c e0 d3 d8 6b 65 ca c2 7e 54 09 a6 f4 b6 | 60 d2 8f 37 59 3a db 40 a1 12 ed 52 6e 11 81 0c | c3 ea b4 c7 c5 17 39 0d 67 98 6d 3a f2 2f a0 74 | 14 c0 a5 fa 88 67 10 58 13 82 40 50 de 3b 9d 65 | 8c d1 b7 8b 05 e7 ac a1 00 4a e5 c5 24 72 d8 a5 | 32 04 2c 41 69 7f fd b2 e0 3f d8 c0 02 d5 c8 f1 | 8f 19 0c e9 97 f1 3a 04 7a ea a7 73 1a d4 97 7c | b8 f2 90 d3 de e9 37 70 73 ab 8d 2c dc 99 99 98 | 2f 71 a4 49 93 01 06 b4 56 92 58 7e 8d 46 bb 7b | 82 09 0f 52 28 7d c7 55 54 f8 5e 07 c7 d7 b4 c5 | c6 42 e7 b8 0c c9 06 de ea ef 90 94 11 15 6e ef | 85 ab 41 5d b8 e0 51 b2 02 89 4b 5c ca 5a e7 2e | 23 2a 32 d4 ea 75 b6 68 7a 8b 1b a4 aa 13 ce 7b | 11 36 18 06 08 b2 f4 ac 8f b7 f4 ae 9e 07 d8 6c | 05 01 ef 45 ea 93 f5 c2 7c 8e 2c c3 4d 43 8d fd | 5a e4 ee f7 29 00 00 24 81 61 31 62 0f b6 bb 6c | 11 4a 1b 58 42 ef 95 3f 9a 05 62 53 e9 8b 94 17 | 68 aa 50 9b c4 ce 52 b2 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 22 89 88 d8 d2 6b 5f 86 | 6b 80 be 18 05 e7 eb ba 24 75 bd 79 00 00 00 1c | 00 00 40 05 6c 66 ba 27 00 58 20 4e 9e fd 6c 77 | 3f 0d dd 2b bd 74 19 bb | state #15 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f4564006760 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x556c50772dd0 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x556c50772dd0 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #15 | libevent_malloc: new ptr-libevent@0x7f4564006760 size 128 | #15 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49496.812361 | resume sending helper answer for #15 suppresed complete_v2_state_transition() and stole MD | #15 spent 0.758 milliseconds in resume sending helper answer | stop processing: state #15 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f4568008b30 | spent 0.00199 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 36 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 43 bb 13 1f 1d c8 71 49 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 07 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 43 bb 13 1f 1d c8 71 49 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2N (0x29) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 36 (0x24) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #15 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #15 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #15 connection "aes128" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #15 is idle | #15 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_INVALID_SYNTAX (0x7) | processing payload: ISAKMP_NEXT_v2N (len=0) | State DB: re-hashing IKEv2 state #15 IKE SPIi and SPI[ir] | #15 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process SA_INIT reply notification | Now let's proceed with state specific processing | calling processor Initiator: process SA_INIT reply notification "aes128" #15: STATE_PARENT_I1: received unauthenticated v2N_INVALID_SYNTAX - ignored | #15 spent 0.0129 milliseconds in processing: Initiator: process SA_INIT reply notification in ikev2_process_state_packet() | [RE]START processing: state #15 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #15 complete_v2_state_transition() PARENT_I1->PARENT_I1 with status STF_IGNORE | stop processing: state #15 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #15 spent 0.158 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.174 milliseconds in comm_handle_cb() reading and processing packet | timer_event_cb: processing event@0x556c50772dd0 | handling event EVENT_RETRANSMIT for parent state #15 | start processing: state #15 connection "aes128" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) | IKEv2 retransmit event | [RE]START processing: state #15 connection "aes128" from 192.1.2.23:500 (in retransmit_v2_msg() at retry.c:144) | handling event EVENT_RETRANSMIT for 192.1.2.23 "aes128" #15 attempt 2 of 0 | and parent for 192.1.2.23 "aes128" #15 keying attempt 1 of 0; retransmit 1 "aes128" #15: IMPAIR: retransmit so deleting SA | maximum number of keyingtries reached - deleting state | [RE]START processing: state #15 connection "aes128" from 192.1.2.23:500 (in retransmit_v2_msg() at retry.c:234) | pstats #15 ikev2.ike failed too-many-retransmits | pstats #15 ikev2.ike deleted too-many-retransmits | #15 spent 2 milliseconds in total | [RE]START processing: state #15 connection "aes128" from 192.1.2.23:500 (in delete_state() at state.c:879) "aes128" #15: deleting state (STATE_PARENT_I1) aged 0.503s and NOT sending notification | parent state #15: PARENT_I1(half-open IKE SA) => delete | in connection_discard for connection aes128 | close_any(fd@25) (in delete_pending() at pending.c:244) | removing pending policy for "aes128" {0x7f4560002d20} | State DB: IKEv2 state not found (flush_incomplete_children) | picked newest_isakmp_sa #0 for #15 "aes128" #15: deleting IKE SA for connection 'aes128' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS | add revival: connection 'aes128' added to the list and scheduled for 0 seconds | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #15 in PARENT_I1 | parent state #15: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) | close_any(fd@24) (in release_whack() at state.c:654) | DH secret MODP2048@0x7f4568002a80: destroyed | stop processing: state #15 from 192.1.2.23:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | libevent_free: release ptr-libevent@0x7f4564006760 | free_event_entry: release EVENT_RETRANSMIT-pe@0x556c50772dd0 | in statetime_stop() and could not find #15 | processing: STOP state #0 (in timer_event_cb() at timer.c:557) | processing global timer EVENT_REVIVE_CONNS Initiating connection aes128 which received a Delete/Notify but must remain up per local policy | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in initiate_a_connection() at initiate.c:186) | connection 'aes128' +POLICY_UP | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #16 at 0x556c50769370 | State DB: adding IKEv2 state #16 in UNDEFINED | pstats #16 ikev2.ike started | Message ID: init #16: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #16: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #16; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #16 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "aes128" IKE SA #16 "aes128" "aes128" #16: initiating v2 parent SA | using existing local IKE proposals for connection aes128 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 16 for state #16 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x556c50772dd0 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #16 | libevent_malloc: new ptr-libevent@0x7f4568008b30 size 128 | #16 spent 0.0879 milliseconds in ikev2_parent_outI1() | RESET processing: state #16 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | spent 0.109 milliseconds in global timer EVENT_REVIVE_CONNS | crypto helper 3 resuming | crypto helper 3 starting work-order 16 for state #16 | crypto helper 3 doing build KE and nonce (ikev2_outI1 KE); request ID 16 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f4560001f40: created | NSS: Local DH MODP2048 secret (pointer): 0x7f4560001f40 | NSS: Public DH wire value: | af 34 8b e6 82 27 fe fe 15 45 0d 71 d1 b9 0b 22 | 8e 23 0d 6f d5 d5 fd cb ff 53 72 af ee 54 cd 5e | 94 c2 95 6a 97 28 63 62 52 6a 8e 77 52 92 7a 65 | f7 4b 34 fc ff e4 3c bd ef a8 e8 86 30 18 b2 6c | 9e 3f 5d 08 fc 3d 9f 2d 43 ac bd 54 fc 7b 13 c1 | a1 d4 25 7c e7 ee 8a 2a cc 51 5b d2 28 b4 48 ed | 3b f4 20 bf e2 24 9a dd eb b5 35 1d 0f a4 c6 e9 | 10 15 fa 89 f1 8b 9e 94 df 90 39 ff dc f5 b8 bc | 46 39 0a e7 7f 64 f1 db 2a 2d 58 7f ed e4 97 8a | b6 12 2c 8d c9 63 f9 53 e5 36 98 04 74 00 24 ce | c6 07 1b 4b ec d1 d9 ac fa 10 9f 0c 06 e9 e7 a9 | 8f 3d cf b5 c2 30 b8 22 92 00 7b e2 3b e1 5d 54 | 35 aa d9 0a d6 ac 43 44 1f e9 c5 9a 7e eb b3 af | f0 d7 50 25 54 2e 1f 37 aa 81 44 e1 f8 a3 0b 1b | 0f 4a fc 25 b9 94 d9 2a 76 b9 96 20 47 0b 1b f7 | 62 9b 58 84 19 d1 fd 89 1d dc 27 e2 50 ed 77 a9 | Generated nonce: ad c7 fd 01 e5 6e 3e 72 2b 7d 57 3b 84 36 37 a4 | Generated nonce: 63 02 c1 47 06 92 68 66 2b e0 05 3d fe 9c 56 5e | crypto helper 3 finished build KE and nonce (ikev2_outI1 KE); request ID 16 time elapsed 0.001299 seconds | (#16) spent 1.08 milliseconds in crypto helper computing work-order 16: ikev2_outI1 KE (pcr) | crypto helper 3 sending results from work-order 16 for state #16 to event queue | scheduling resume sending helper answer for #16 | libevent_malloc: new ptr-libevent@0x7f4560011520 size 128 | crypto helper 3 waiting (nothing to do) | processing resume sending helper answer for #16 | start processing: state #16 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 3 replies to request ID 16 | calling continuation function 0x556c4f6f1630 | ikev2_parent_outI1_continue for #16 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f4560001f40: transferring ownership from helper KE to state #16 | **emit ISAKMP Message: | initiator cookie: | 28 d5 cc e6 c9 60 c9 f7 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection aes128 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "aes128" #16: IMPAIR: emitting variable-size key-length attribute with no key | ******emit IKEv2 Attribute Substructure Payload: | af+type: 14?? (0xe) | length/value: 0 (0x0) "aes128" #16: IMPAIR: emitting af+type of IKEv2 Attribute Substructure Payload has an unknown value: 0x0+14 (0xe) | emitting length of IKEv2 Attribute Substructure Payload: 0 | emitting 0 raw bytes of attribute value into IKEv2 Transform Substructure Payload | attribute value | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x af 34 8b e6 82 27 fe fe 15 45 0d 71 d1 b9 0b 22 | ikev2 g^x 8e 23 0d 6f d5 d5 fd cb ff 53 72 af ee 54 cd 5e | ikev2 g^x 94 c2 95 6a 97 28 63 62 52 6a 8e 77 52 92 7a 65 | ikev2 g^x f7 4b 34 fc ff e4 3c bd ef a8 e8 86 30 18 b2 6c | ikev2 g^x 9e 3f 5d 08 fc 3d 9f 2d 43 ac bd 54 fc 7b 13 c1 | ikev2 g^x a1 d4 25 7c e7 ee 8a 2a cc 51 5b d2 28 b4 48 ed | ikev2 g^x 3b f4 20 bf e2 24 9a dd eb b5 35 1d 0f a4 c6 e9 | ikev2 g^x 10 15 fa 89 f1 8b 9e 94 df 90 39 ff dc f5 b8 bc | ikev2 g^x 46 39 0a e7 7f 64 f1 db 2a 2d 58 7f ed e4 97 8a | ikev2 g^x b6 12 2c 8d c9 63 f9 53 e5 36 98 04 74 00 24 ce | ikev2 g^x c6 07 1b 4b ec d1 d9 ac fa 10 9f 0c 06 e9 e7 a9 | ikev2 g^x 8f 3d cf b5 c2 30 b8 22 92 00 7b e2 3b e1 5d 54 | ikev2 g^x 35 aa d9 0a d6 ac 43 44 1f e9 c5 9a 7e eb b3 af | ikev2 g^x f0 d7 50 25 54 2e 1f 37 aa 81 44 e1 f8 a3 0b 1b | ikev2 g^x 0f 4a fc 25 b9 94 d9 2a 76 b9 96 20 47 0b 1b f7 | ikev2 g^x 62 9b 58 84 19 d1 fd 89 1d dc 27 e2 50 ed 77 a9 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce ad c7 fd 01 e5 6e 3e 72 2b 7d 57 3b 84 36 37 a4 | IKEv2 nonce 63 02 c1 47 06 92 68 66 2b e0 05 3d fe 9c 56 5e | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffdc298a810 (length 8) | 28 d5 cc e6 c9 60 c9 f7 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffdc298a818 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffdc298a744 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffdc298a736 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffdc298a7c0 (length 20) | 3e ba f1 33 5e 6f 28 ca aa f0 35 89 a3 bb d4 8b | 15 a7 cd 0d | natd_hash: hasher=0x556c4f7c77a0(20) | natd_hash: icookie= 28 d5 cc e6 c9 60 c9 f7 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 3e ba f1 33 5e 6f 28 ca aa f0 35 89 a3 bb d4 8b | natd_hash: hash= 15 a7 cd 0d | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 3e ba f1 33 5e 6f 28 ca aa f0 35 89 a3 bb d4 8b | Notify data 15 a7 cd 0d | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffdc298a810 (length 8) | 28 d5 cc e6 c9 60 c9 f7 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffdc298a818 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffdc298a744 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffdc298a736 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffdc298a7c0 (length 20) | a5 5e 02 e1 56 0a 89 c6 87 ae c8 2e 2a e4 50 76 | 63 a4 d8 2d | natd_hash: hasher=0x556c4f7c77a0(20) | natd_hash: icookie= 28 d5 cc e6 c9 60 c9 f7 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= a5 5e 02 e1 56 0a 89 c6 87 ae c8 2e 2a e4 50 76 | natd_hash: hash= 63 a4 d8 2d | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data a5 5e 02 e1 56 0a 89 c6 87 ae c8 2e 2a e4 50 76 | Notify data 63 a4 d8 2d | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | stop processing: state #16 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #16 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #16 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #16: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #16 to 4294967295 after switching state | Message ID: IKE #16 skipping update_recv as MD is fake | Message ID: sent #16 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "aes128" #16: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 440 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #16) | 28 d5 cc e6 c9 60 c9 f7 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 00 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 af 34 8b e6 82 27 fe fe 15 45 0d 71 | d1 b9 0b 22 8e 23 0d 6f d5 d5 fd cb ff 53 72 af | ee 54 cd 5e 94 c2 95 6a 97 28 63 62 52 6a 8e 77 | 52 92 7a 65 f7 4b 34 fc ff e4 3c bd ef a8 e8 86 | 30 18 b2 6c 9e 3f 5d 08 fc 3d 9f 2d 43 ac bd 54 | fc 7b 13 c1 a1 d4 25 7c e7 ee 8a 2a cc 51 5b d2 | 28 b4 48 ed 3b f4 20 bf e2 24 9a dd eb b5 35 1d | 0f a4 c6 e9 10 15 fa 89 f1 8b 9e 94 df 90 39 ff | dc f5 b8 bc 46 39 0a e7 7f 64 f1 db 2a 2d 58 7f | ed e4 97 8a b6 12 2c 8d c9 63 f9 53 e5 36 98 04 | 74 00 24 ce c6 07 1b 4b ec d1 d9 ac fa 10 9f 0c | 06 e9 e7 a9 8f 3d cf b5 c2 30 b8 22 92 00 7b e2 | 3b e1 5d 54 35 aa d9 0a d6 ac 43 44 1f e9 c5 9a | 7e eb b3 af f0 d7 50 25 54 2e 1f 37 aa 81 44 e1 | f8 a3 0b 1b 0f 4a fc 25 b9 94 d9 2a 76 b9 96 20 | 47 0b 1b f7 62 9b 58 84 19 d1 fd 89 1d dc 27 e2 | 50 ed 77 a9 29 00 00 24 ad c7 fd 01 e5 6e 3e 72 | 2b 7d 57 3b 84 36 37 a4 63 02 c1 47 06 92 68 66 | 2b e0 05 3d fe 9c 56 5e 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 3e ba f1 33 5e 6f 28 ca | aa f0 35 89 a3 bb d4 8b 15 a7 cd 0d 00 00 00 1c | 00 00 40 05 a5 5e 02 e1 56 0a 89 c6 87 ae c8 2e | 2a e4 50 76 63 a4 d8 2d | state #16 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f4568008b30 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x556c50772dd0 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x556c50772dd0 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #16 | libevent_malloc: new ptr-libevent@0x7f4568008b30 size 128 | #16 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49497.314872 | resume sending helper answer for #16 suppresed complete_v2_state_transition() and stole MD | #16 spent 0.481 milliseconds in resume sending helper answer | stop processing: state #16 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f4560011520 | spent 0.00216 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 36 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 28 d5 cc e6 c9 60 c9 f7 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 07 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 28 d5 cc e6 c9 60 c9 f7 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2N (0x29) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 36 (0x24) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #16 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #16 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #16 connection "aes128" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #16 is idle | #16 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_INVALID_SYNTAX (0x7) | processing payload: ISAKMP_NEXT_v2N (len=0) | State DB: re-hashing IKEv2 state #16 IKE SPIi and SPI[ir] | #16 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process SA_INIT reply notification | Now let's proceed with state specific processing | calling processor Initiator: process SA_INIT reply notification "aes128" #16: STATE_PARENT_I1: received unauthenticated v2N_INVALID_SYNTAX - ignored | #16 spent 0.00372 milliseconds in processing: Initiator: process SA_INIT reply notification in ikev2_process_state_packet() | [RE]START processing: state #16 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #16 complete_v2_state_transition() PARENT_I1->PARENT_I1 with status STF_IGNORE | stop processing: state #16 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #16 spent 0.112 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.123 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_STATE_... in show_traffic_status (sort_states) | FOR_EACH_STATE_... in sort_states | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0449 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in terminate_a_connection() at terminate.c:69) "aes128": terminating SAs using this connection | connection 'aes128' -POLICY_UP | removing pending policy for no connection {0x7f4560002d20} | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #16 | suspend processing: connection "aes128" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #16 connection "aes128" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #16 ikev2.ike deleted other | #16 spent 1.76 milliseconds in total | [RE]START processing: state #16 connection "aes128" from 192.1.2.23:500 (in delete_state() at state.c:879) "aes128" #16: deleting state (STATE_PARENT_I1) aged 0.036s and NOT sending notification | parent state #16: PARENT_I1(half-open IKE SA) => delete | state #16 requesting EVENT_RETRANSMIT to be deleted | #16 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x7f4568008b30 | free_event_entry: release EVENT_RETRANSMIT-pe@0x556c50772dd0 | State DB: IKEv2 state not found (flush_incomplete_children) | stop processing: connection "aes128" (BACKGROUND) (in update_state_connection() at connections.c:4037) | start processing: connection NULL (in update_state_connection() at connections.c:4038) | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #16 in PARENT_I1 | parent state #16: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f4560001f40: destroyed | stop processing: state #16 from 192.1.2.23:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | free hp@0x556c50734860 | flush revival: connection 'aes128' wasn't on the list | stop processing: connection "aes128" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.208 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none - bust-mi2+bust-mr2+drop-i2+sa-creation+jacob-two-two+allow-null-none+major-version-bump+minor-version-bump+timeout-on-retransmit+delete-on-retransmit+suppress-retransmits+send-bogus-payload-flag+send-bogus-isakmp-flag+send-no-delete+send-no-ikev2-auth+send-no-xauth-r0+drop-xauth-r0+send-no-main-r2+force-fips+send-key-size-check+send-bogus-dcookie+omit-hash-notify+ignore-hash-notify+ignore-hash-notify-resp+ikev2-exclude-integ-none+ikev2-include-integ-none+replay-duplicates+replay-forward+replay-backward+replay-encrypted+corrupt-encrypted+proposal-parser+add-unknown-payload-to-sa-init+add-unknown-payload-to-auth+add-unknown-payload-to-auth-sk+unknown-payload-critical+allow-dns-insecure+send-pkcs7-thingie+ikev1-del-with-notify+bad-ikev2-auth-xchg | base impairing = none | emitting: disabled | ike-key-length-attribute: disabled | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0607 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing none + delete-on-retransmit | base impairing = delete-on-retransmit | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.054 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none | base impairing = delete-on-retransmit | emitting | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0695 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none | base impairing = delete-on-retransmit | ike-key-length-attribute:EMPTY | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0748 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection aes128 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_CBC_128-HMAC_SHA1-MODP2048 | from whack: got --esp=aes128-sha1;modp2048 | ESP/AH string values: AES_CBC_128-HMAC_SHA1_96-MODP2048 | counting wild cards for @west is 0 | counting wild cards for @east is 0 | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x556c5076ae40 added connection description "aes128" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.167 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in initiate_a_connection() at initiate.c:186) | connection 'aes128' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #17 at 0x556c50769370 | State DB: adding IKEv2 state #17 in UNDEFINED | pstats #17 ikev2.ike started | Message ID: init #17: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #17: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #17; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #17 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "aes128" IKE SA #17 "aes128" "aes128" #17: initiating v2 parent SA | constructing local IKE proposals for aes128 (IKE SA initiator selecting KE) | converting ike_info AES_CBC_128-HMAC_SHA1-MODP2048 to ikev2 ... | ... ikev2_proposal: 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "aes128": constructed local IKE proposals for aes128 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 17 for state #17 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x556c50772dd0 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #17 | libevent_malloc: new ptr-libevent@0x7f4560011520 size 128 | #17 spent 0.111 milliseconds in ikev2_parent_outI1() | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: state #17 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | crypto helper 6 resuming | crypto helper 6 starting work-order 17 for state #17 | crypto helper 6 doing build KE and nonce (ikev2_outI1 KE); request ID 17 | close_any(fd@23) (in initiate_connection() at initiate.c:372) | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.193 milliseconds in whack | DH secret MODP2048@0x7f45640010c0: created | NSS: Local DH MODP2048 secret (pointer): 0x7f45640010c0 | NSS: Public DH wire value: | db c5 95 0c 25 7e b1 18 35 70 bd 61 cc e0 ed d5 | 23 71 64 c6 b6 20 81 d3 9a 08 7f 4e 21 ae a0 de | 8c 48 e1 fa 1f 85 72 7a 8b a3 58 5b ad ad a2 ed | 55 17 3c 33 e4 77 b7 21 f2 87 aa 64 63 ce 56 9d | c2 c2 45 c7 94 b2 49 97 6c fc 1e f6 d4 96 a8 0b | f6 b3 2a 4a 38 8a 3a 76 85 5f 31 58 8c f7 9d 47 | d9 aa 72 15 b6 4a da 35 41 28 26 45 3a 40 f3 25 | 96 46 51 d2 5c bc 6a 1f 86 a0 da 2d b6 43 1d 0e | 93 9a 71 20 dc be cf 73 f9 e5 86 1b f6 0d dc a4 | 06 97 e7 d0 df 2a cb 42 9e 4c 79 21 8c cf 9b cc | d1 c1 39 54 25 22 d3 a7 86 c6 21 ef 7a 38 e0 b3 | ef b7 c9 ea f2 d6 d5 83 c2 fb 73 c3 86 62 cf f5 | 1a bd cb 41 16 93 cd 11 dd 9f 3f 16 29 c5 2c 8c | c8 11 d1 69 2b fb b2 93 28 10 6f c6 e1 10 7d 53 | ab 66 29 35 25 dd 21 ba 20 b6 fc 8c e0 d3 99 51 | 91 e6 06 7f a3 57 04 16 ed 39 17 99 00 12 65 3c | Generated nonce: a3 f6 f6 46 32 91 3d ce 17 0f 90 af fd b5 b9 06 | Generated nonce: 1b 0a bd 3c f2 e2 26 30 84 b5 ac a1 e9 42 9b e7 | crypto helper 6 finished build KE and nonce (ikev2_outI1 KE); request ID 17 time elapsed 0.000952 seconds | (#17) spent 0.944 milliseconds in crypto helper computing work-order 17: ikev2_outI1 KE (pcr) | crypto helper 6 sending results from work-order 17 for state #17 to event queue | scheduling resume sending helper answer for #17 | libevent_malloc: new ptr-libevent@0x7f45640089d0 size 128 | crypto helper 6 waiting (nothing to do) | processing resume sending helper answer for #17 | start processing: state #17 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 6 replies to request ID 17 | calling continuation function 0x556c4f6f1630 | ikev2_parent_outI1_continue for #17 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f45640010c0: transferring ownership from helper KE to state #17 | **emit ISAKMP Message: | initiator cookie: | f3 5d 5a ec 9f 73 ce 44 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection aes128 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "aes128" #17: IMPAIR: emitting variable-size key-length attribute with no key | ******emit IKEv2 Attribute Substructure Payload: | af+type: 14?? (0xe) | length/value: 0 (0x0) "aes128" #17: IMPAIR: emitting af+type of IKEv2 Attribute Substructure Payload has an unknown value: 0x0+14 (0xe) | emitting length of IKEv2 Attribute Substructure Payload: 0 | emitting 0 raw bytes of attribute value into IKEv2 Transform Substructure Payload | attribute value | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x db c5 95 0c 25 7e b1 18 35 70 bd 61 cc e0 ed d5 | ikev2 g^x 23 71 64 c6 b6 20 81 d3 9a 08 7f 4e 21 ae a0 de | ikev2 g^x 8c 48 e1 fa 1f 85 72 7a 8b a3 58 5b ad ad a2 ed | ikev2 g^x 55 17 3c 33 e4 77 b7 21 f2 87 aa 64 63 ce 56 9d | ikev2 g^x c2 c2 45 c7 94 b2 49 97 6c fc 1e f6 d4 96 a8 0b | ikev2 g^x f6 b3 2a 4a 38 8a 3a 76 85 5f 31 58 8c f7 9d 47 | ikev2 g^x d9 aa 72 15 b6 4a da 35 41 28 26 45 3a 40 f3 25 | ikev2 g^x 96 46 51 d2 5c bc 6a 1f 86 a0 da 2d b6 43 1d 0e | ikev2 g^x 93 9a 71 20 dc be cf 73 f9 e5 86 1b f6 0d dc a4 | ikev2 g^x 06 97 e7 d0 df 2a cb 42 9e 4c 79 21 8c cf 9b cc | ikev2 g^x d1 c1 39 54 25 22 d3 a7 86 c6 21 ef 7a 38 e0 b3 | ikev2 g^x ef b7 c9 ea f2 d6 d5 83 c2 fb 73 c3 86 62 cf f5 | ikev2 g^x 1a bd cb 41 16 93 cd 11 dd 9f 3f 16 29 c5 2c 8c | ikev2 g^x c8 11 d1 69 2b fb b2 93 28 10 6f c6 e1 10 7d 53 | ikev2 g^x ab 66 29 35 25 dd 21 ba 20 b6 fc 8c e0 d3 99 51 | ikev2 g^x 91 e6 06 7f a3 57 04 16 ed 39 17 99 00 12 65 3c | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce a3 f6 f6 46 32 91 3d ce 17 0f 90 af fd b5 b9 06 | IKEv2 nonce 1b 0a bd 3c f2 e2 26 30 84 b5 ac a1 e9 42 9b e7 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffdc298a810 (length 8) | f3 5d 5a ec 9f 73 ce 44 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffdc298a818 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffdc298a744 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffdc298a736 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffdc298a7c0 (length 20) | 15 8f d1 aa 44 25 f0 5d 02 11 c5 09 5b ba 39 9c | e9 d8 e7 98 | natd_hash: hasher=0x556c4f7c77a0(20) | natd_hash: icookie= f3 5d 5a ec 9f 73 ce 44 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 15 8f d1 aa 44 25 f0 5d 02 11 c5 09 5b ba 39 9c | natd_hash: hash= e9 d8 e7 98 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 15 8f d1 aa 44 25 f0 5d 02 11 c5 09 5b ba 39 9c | Notify data e9 d8 e7 98 | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffdc298a810 (length 8) | f3 5d 5a ec 9f 73 ce 44 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffdc298a818 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffdc298a744 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffdc298a736 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffdc298a7c0 (length 20) | b8 0f 84 55 52 bd 9a 2f 56 9f 15 8b ff 1e d8 3e | ae 51 41 cb | natd_hash: hasher=0x556c4f7c77a0(20) | natd_hash: icookie= f3 5d 5a ec 9f 73 ce 44 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= b8 0f 84 55 52 bd 9a 2f 56 9f 15 8b ff 1e d8 3e | natd_hash: hash= ae 51 41 cb | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data b8 0f 84 55 52 bd 9a 2f 56 9f 15 8b ff 1e d8 3e | Notify data ae 51 41 cb | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | stop processing: state #17 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #17 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #17 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #17: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #17 to 4294967295 after switching state | Message ID: IKE #17 skipping update_recv as MD is fake | Message ID: sent #17 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "aes128" #17: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 440 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #17) | f3 5d 5a ec 9f 73 ce 44 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 00 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 db c5 95 0c 25 7e b1 18 35 70 bd 61 | cc e0 ed d5 23 71 64 c6 b6 20 81 d3 9a 08 7f 4e | 21 ae a0 de 8c 48 e1 fa 1f 85 72 7a 8b a3 58 5b | ad ad a2 ed 55 17 3c 33 e4 77 b7 21 f2 87 aa 64 | 63 ce 56 9d c2 c2 45 c7 94 b2 49 97 6c fc 1e f6 | d4 96 a8 0b f6 b3 2a 4a 38 8a 3a 76 85 5f 31 58 | 8c f7 9d 47 d9 aa 72 15 b6 4a da 35 41 28 26 45 | 3a 40 f3 25 96 46 51 d2 5c bc 6a 1f 86 a0 da 2d | b6 43 1d 0e 93 9a 71 20 dc be cf 73 f9 e5 86 1b | f6 0d dc a4 06 97 e7 d0 df 2a cb 42 9e 4c 79 21 | 8c cf 9b cc d1 c1 39 54 25 22 d3 a7 86 c6 21 ef | 7a 38 e0 b3 ef b7 c9 ea f2 d6 d5 83 c2 fb 73 c3 | 86 62 cf f5 1a bd cb 41 16 93 cd 11 dd 9f 3f 16 | 29 c5 2c 8c c8 11 d1 69 2b fb b2 93 28 10 6f c6 | e1 10 7d 53 ab 66 29 35 25 dd 21 ba 20 b6 fc 8c | e0 d3 99 51 91 e6 06 7f a3 57 04 16 ed 39 17 99 | 00 12 65 3c 29 00 00 24 a3 f6 f6 46 32 91 3d ce | 17 0f 90 af fd b5 b9 06 1b 0a bd 3c f2 e2 26 30 | 84 b5 ac a1 e9 42 9b e7 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 15 8f d1 aa 44 25 f0 5d | 02 11 c5 09 5b ba 39 9c e9 d8 e7 98 00 00 00 1c | 00 00 40 05 b8 0f 84 55 52 bd 9a 2f 56 9f 15 8b | ff 1e d8 3e ae 51 41 cb | state #17 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f4560011520 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x556c50772dd0 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x556c50772dd0 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #17 | libevent_malloc: new ptr-libevent@0x7f4560011520 size 128 | #17 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49497.836023 | resume sending helper answer for #17 suppresed complete_v2_state_transition() and stole MD | #17 spent 0.546 milliseconds in resume sending helper answer | stop processing: state #17 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f45640089d0 | spent 0.00218 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 36 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | f3 5d 5a ec 9f 73 ce 44 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 07 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | f3 5d 5a ec 9f 73 ce 44 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2N (0x29) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 36 (0x24) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #17 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #17 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #17 connection "aes128" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #17 is idle | #17 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_INVALID_SYNTAX (0x7) | processing payload: ISAKMP_NEXT_v2N (len=0) | State DB: re-hashing IKEv2 state #17 IKE SPIi and SPI[ir] | #17 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process SA_INIT reply notification | Now let's proceed with state specific processing | calling processor Initiator: process SA_INIT reply notification "aes128" #17: STATE_PARENT_I1: received unauthenticated v2N_INVALID_SYNTAX - ignored | #17 spent 0.0102 milliseconds in processing: Initiator: process SA_INIT reply notification in ikev2_process_state_packet() | [RE]START processing: state #17 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #17 complete_v2_state_transition() PARENT_I1->PARENT_I1 with status STF_IGNORE | stop processing: state #17 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #17 spent 0.155 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.169 milliseconds in comm_handle_cb() reading and processing packet | timer_event_cb: processing event@0x556c50772dd0 | handling event EVENT_RETRANSMIT for parent state #17 | start processing: state #17 connection "aes128" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) | IKEv2 retransmit event | [RE]START processing: state #17 connection "aes128" from 192.1.2.23:500 (in retransmit_v2_msg() at retry.c:144) | handling event EVENT_RETRANSMIT for 192.1.2.23 "aes128" #17 attempt 2 of 0 | and parent for 192.1.2.23 "aes128" #17 keying attempt 1 of 0; retransmit 1 "aes128" #17: IMPAIR: retransmit so deleting SA | maximum number of keyingtries reached - deleting state | [RE]START processing: state #17 connection "aes128" from 192.1.2.23:500 (in retransmit_v2_msg() at retry.c:234) | pstats #17 ikev2.ike failed too-many-retransmits | pstats #17 ikev2.ike deleted too-many-retransmits | #17 spent 1.76 milliseconds in total | [RE]START processing: state #17 connection "aes128" from 192.1.2.23:500 (in delete_state() at state.c:879) "aes128" #17: deleting state (STATE_PARENT_I1) aged 0.502s and NOT sending notification | parent state #17: PARENT_I1(half-open IKE SA) => delete | in connection_discard for connection aes128 | close_any(fd@25) (in delete_pending() at pending.c:244) | removing pending policy for "aes128" {0x7f4560002d20} | State DB: IKEv2 state not found (flush_incomplete_children) | picked newest_isakmp_sa #0 for #17 "aes128" #17: deleting IKE SA for connection 'aes128' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS | add revival: connection 'aes128' added to the list and scheduled for 0 seconds | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #17 in PARENT_I1 | parent state #17: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) | close_any(fd@24) (in release_whack() at state.c:654) | DH secret MODP2048@0x7f45640010c0: destroyed | stop processing: state #17 from 192.1.2.23:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | libevent_free: release ptr-libevent@0x7f4560011520 | free_event_entry: release EVENT_RETRANSMIT-pe@0x556c50772dd0 | in statetime_stop() and could not find #17 | processing: STOP state #0 (in timer_event_cb() at timer.c:557) | processing global timer EVENT_REVIVE_CONNS Initiating connection aes128 which received a Delete/Notify but must remain up per local policy | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in initiate_a_connection() at initiate.c:186) | connection 'aes128' +POLICY_UP | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #18 at 0x556c50769370 | State DB: adding IKEv2 state #18 in UNDEFINED | pstats #18 ikev2.ike started | Message ID: init #18: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #18: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #18; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #18 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "aes128" IKE SA #18 "aes128" "aes128" #18: initiating v2 parent SA | using existing local IKE proposals for connection aes128 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 18 for state #18 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x556c50772dd0 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #18 | libevent_malloc: new ptr-libevent@0x7f45640089d0 size 128 | #18 spent 0.0857 milliseconds in ikev2_parent_outI1() | crypto helper 0 resuming | crypto helper 0 starting work-order 18 for state #18 | crypto helper 0 doing build KE and nonce (ikev2_outI1 KE); request ID 18 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f4558002a80: created | NSS: Local DH MODP2048 secret (pointer): 0x7f4558002a80 | NSS: Public DH wire value: | 7a ef 33 bd 35 9c 5c f0 c8 f2 99 19 7a cb b8 03 | a3 d9 03 60 df 81 fe 93 7f 61 30 f2 ca 38 8e 5e | 99 33 04 1f 3c 86 4e ac b0 29 74 f1 63 bc a7 e5 | 12 c5 fa 99 26 ef 68 58 49 4f 72 05 ec 90 d7 95 | 2b b6 3a f1 0c d4 c2 95 df ea 7a 2d 35 be 5e 00 | de 32 ec 9a cb 2a ba f6 ca 73 83 8c 7d 6d 59 0f | 67 aa 37 72 c4 e5 34 f4 93 e6 cf 6e d8 ad 3b 62 | a0 a3 45 0c 45 41 95 f4 8b 40 43 2a a8 ef f5 da | 4c 9f 08 51 64 06 f2 37 bc c9 b6 db 6e 22 ed e8 | 48 9b 37 78 6e 42 cb 10 f2 ff f1 44 dc ff 03 14 | d3 63 a0 d6 18 be 68 77 e9 df d4 5a b5 2b 88 22 | b8 25 5b 00 bd b6 ce c3 a9 12 74 3e 4d d7 b3 7f | 36 ea b1 f8 e9 97 65 37 34 38 63 1b a9 5c eb c1 | 02 b4 16 f8 88 92 20 4c fc e7 03 98 7e 6e 8e 43 | 6b ae 3a 86 80 d8 38 3b 70 5f 09 91 dd 7e 52 ee | 28 2a 1e 32 cb a7 d7 d5 59 ce e1 d2 7b 05 48 3f | Generated nonce: d6 45 86 32 8c 4c 66 8e 55 a3 fc 12 20 d4 63 0e | Generated nonce: 34 2b 78 94 50 f3 75 2d 69 17 b1 d4 3d 72 8e 4a | crypto helper 0 finished build KE and nonce (ikev2_outI1 KE); request ID 18 time elapsed 0.001005 seconds | (#18) spent 1.01 milliseconds in crypto helper computing work-order 18: ikev2_outI1 KE (pcr) | crypto helper 0 sending results from work-order 18 for state #18 to event queue | scheduling resume sending helper answer for #18 | libevent_malloc: new ptr-libevent@0x7f45580016a0 size 128 | crypto helper 0 waiting (nothing to do) | RESET processing: state #18 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "aes128" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | spent 0.12 milliseconds in global timer EVENT_REVIVE_CONNS | processing resume sending helper answer for #18 | start processing: state #18 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 0 replies to request ID 18 | calling continuation function 0x556c4f6f1630 | ikev2_parent_outI1_continue for #18 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f4558002a80: transferring ownership from helper KE to state #18 | **emit ISAKMP Message: | initiator cookie: | 08 74 23 e1 6d 7d 1f 32 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection aes128 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: AES_CBC (0xc) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "aes128" #18: IMPAIR: emitting variable-size key-length attribute with no key | ******emit IKEv2 Attribute Substructure Payload: | af+type: 14?? (0xe) | length/value: 0 (0x0) "aes128" #18: IMPAIR: emitting af+type of IKEv2 Attribute Substructure Payload has an unknown value: 0x0+14 (0xe) | emitting length of IKEv2 Attribute Substructure Payload: 0 | emitting 0 raw bytes of attribute value into IKEv2 Transform Substructure Payload | attribute value | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 7a ef 33 bd 35 9c 5c f0 c8 f2 99 19 7a cb b8 03 | ikev2 g^x a3 d9 03 60 df 81 fe 93 7f 61 30 f2 ca 38 8e 5e | ikev2 g^x 99 33 04 1f 3c 86 4e ac b0 29 74 f1 63 bc a7 e5 | ikev2 g^x 12 c5 fa 99 26 ef 68 58 49 4f 72 05 ec 90 d7 95 | ikev2 g^x 2b b6 3a f1 0c d4 c2 95 df ea 7a 2d 35 be 5e 00 | ikev2 g^x de 32 ec 9a cb 2a ba f6 ca 73 83 8c 7d 6d 59 0f | ikev2 g^x 67 aa 37 72 c4 e5 34 f4 93 e6 cf 6e d8 ad 3b 62 | ikev2 g^x a0 a3 45 0c 45 41 95 f4 8b 40 43 2a a8 ef f5 da | ikev2 g^x 4c 9f 08 51 64 06 f2 37 bc c9 b6 db 6e 22 ed e8 | ikev2 g^x 48 9b 37 78 6e 42 cb 10 f2 ff f1 44 dc ff 03 14 | ikev2 g^x d3 63 a0 d6 18 be 68 77 e9 df d4 5a b5 2b 88 22 | ikev2 g^x b8 25 5b 00 bd b6 ce c3 a9 12 74 3e 4d d7 b3 7f | ikev2 g^x 36 ea b1 f8 e9 97 65 37 34 38 63 1b a9 5c eb c1 | ikev2 g^x 02 b4 16 f8 88 92 20 4c fc e7 03 98 7e 6e 8e 43 | ikev2 g^x 6b ae 3a 86 80 d8 38 3b 70 5f 09 91 dd 7e 52 ee | ikev2 g^x 28 2a 1e 32 cb a7 d7 d5 59 ce e1 d2 7b 05 48 3f | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce d6 45 86 32 8c 4c 66 8e 55 a3 fc 12 20 d4 63 0e | IKEv2 nonce 34 2b 78 94 50 f3 75 2d 69 17 b1 d4 3d 72 8e 4a | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffdc298a810 (length 8) | 08 74 23 e1 6d 7d 1f 32 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffdc298a818 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffdc298a744 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffdc298a736 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffdc298a7c0 (length 20) | ea 3f 63 3a e7 96 c3 6b 03 7a 49 ba fc 0e e6 1d | 7e 0a f3 10 | natd_hash: hasher=0x556c4f7c77a0(20) | natd_hash: icookie= 08 74 23 e1 6d 7d 1f 32 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= ea 3f 63 3a e7 96 c3 6b 03 7a 49 ba fc 0e e6 1d | natd_hash: hash= 7e 0a f3 10 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data ea 3f 63 3a e7 96 c3 6b 03 7a 49 ba fc 0e e6 1d | Notify data 7e 0a f3 10 | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffdc298a810 (length 8) | 08 74 23 e1 6d 7d 1f 32 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffdc298a818 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffdc298a744 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffdc298a736 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffdc298a7c0 (length 20) | b3 ba 8f 7b 01 02 05 e5 79 d9 a7 72 c9 79 be c0 | c5 77 91 7c | natd_hash: hasher=0x556c4f7c77a0(20) | natd_hash: icookie= 08 74 23 e1 6d 7d 1f 32 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= b3 ba 8f 7b 01 02 05 e5 79 d9 a7 72 c9 79 be c0 | natd_hash: hash= c5 77 91 7c | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data b3 ba 8f 7b 01 02 05 e5 79 d9 a7 72 c9 79 be c0 | Notify data c5 77 91 7c | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | stop processing: state #18 connection "aes128" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #18 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #18 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #18: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #18 to 4294967295 after switching state | Message ID: IKE #18 skipping update_recv as MD is fake | Message ID: sent #18 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "aes128" #18: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 440 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #18) | 08 74 23 e1 6d 7d 1f 32 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c | 00 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 7a ef 33 bd 35 9c 5c f0 c8 f2 99 19 | 7a cb b8 03 a3 d9 03 60 df 81 fe 93 7f 61 30 f2 | ca 38 8e 5e 99 33 04 1f 3c 86 4e ac b0 29 74 f1 | 63 bc a7 e5 12 c5 fa 99 26 ef 68 58 49 4f 72 05 | ec 90 d7 95 2b b6 3a f1 0c d4 c2 95 df ea 7a 2d | 35 be 5e 00 de 32 ec 9a cb 2a ba f6 ca 73 83 8c | 7d 6d 59 0f 67 aa 37 72 c4 e5 34 f4 93 e6 cf 6e | d8 ad 3b 62 a0 a3 45 0c 45 41 95 f4 8b 40 43 2a | a8 ef f5 da 4c 9f 08 51 64 06 f2 37 bc c9 b6 db | 6e 22 ed e8 48 9b 37 78 6e 42 cb 10 f2 ff f1 44 | dc ff 03 14 d3 63 a0 d6 18 be 68 77 e9 df d4 5a | b5 2b 88 22 b8 25 5b 00 bd b6 ce c3 a9 12 74 3e | 4d d7 b3 7f 36 ea b1 f8 e9 97 65 37 34 38 63 1b | a9 5c eb c1 02 b4 16 f8 88 92 20 4c fc e7 03 98 | 7e 6e 8e 43 6b ae 3a 86 80 d8 38 3b 70 5f 09 91 | dd 7e 52 ee 28 2a 1e 32 cb a7 d7 d5 59 ce e1 d2 | 7b 05 48 3f 29 00 00 24 d6 45 86 32 8c 4c 66 8e | 55 a3 fc 12 20 d4 63 0e 34 2b 78 94 50 f3 75 2d | 69 17 b1 d4 3d 72 8e 4a 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 ea 3f 63 3a e7 96 c3 6b | 03 7a 49 ba fc 0e e6 1d 7e 0a f3 10 00 00 00 1c | 00 00 40 05 b3 ba 8f 7b 01 02 05 e5 79 d9 a7 72 | c9 79 be c0 c5 77 91 7c | state #18 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f45640089d0 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x556c50772dd0 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x556c50772dd0 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #18 | libevent_malloc: new ptr-libevent@0x7f45640089d0 size 128 | #18 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49498.338978 | resume sending helper answer for #18 suppresed complete_v2_state_transition() and stole MD | #18 spent 0.538 milliseconds in resume sending helper answer | stop processing: state #18 connection "aes128" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f45580016a0 | spent 0.00183 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 36 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 08 74 23 e1 6d 7d 1f 32 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 07 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 08 74 23 e1 6d 7d 1f 32 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2N (0x29) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 36 (0x24) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #18 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #18 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #18 connection "aes128" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #18 is idle | #18 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_INVALID_SYNTAX (0x7) | processing payload: ISAKMP_NEXT_v2N (len=0) | State DB: re-hashing IKEv2 state #18 IKE SPIi and SPI[ir] | #18 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process SA_INIT reply notification | Now let's proceed with state specific processing | calling processor Initiator: process SA_INIT reply notification "aes128" #18: STATE_PARENT_I1: received unauthenticated v2N_INVALID_SYNTAX - ignored | #18 spent 0.00345 milliseconds in processing: Initiator: process SA_INIT reply notification in ikev2_process_state_packet() | [RE]START processing: state #18 connection "aes128" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #18 complete_v2_state_transition() PARENT_I1->PARENT_I1 with status STF_IGNORE | stop processing: state #18 connection "aes128" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #18 spent 0.109 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.12 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_STATE_... in show_traffic_status (sort_states) | FOR_EACH_STATE_... in sort_states | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0407 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in terminate_a_connection() at terminate.c:69) "aes128": terminating SAs using this connection | connection 'aes128' -POLICY_UP | removing pending policy for no connection {0x7f4560002d20} | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #18 | suspend processing: connection "aes128" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #18 connection "aes128" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #18 ikev2.ike deleted other | #18 spent 1.74 milliseconds in total | [RE]START processing: state #18 connection "aes128" from 192.1.2.23:500 (in delete_state() at state.c:879) "aes128" #18: deleting state (STATE_PARENT_I1) aged 0.031s and NOT sending notification | parent state #18: PARENT_I1(half-open IKE SA) => delete | state #18 requesting EVENT_RETRANSMIT to be deleted | #18 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x7f45640089d0 | free_event_entry: release EVENT_RETRANSMIT-pe@0x556c50772dd0 | State DB: IKEv2 state not found (flush_incomplete_children) | stop processing: connection "aes128" (BACKGROUND) (in update_state_connection() at connections.c:4037) | start processing: connection NULL (in update_state_connection() at connections.c:4038) | in connection_discard for connection aes128 | State DB: deleting IKEv2 state #18 in PARENT_I1 | parent state #18: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f4558002a80: destroyed | stop processing: state #18 from 192.1.2.23:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "aes128" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | free hp@0x556c5076ae40 | flush revival: connection 'aes128' wasn't on the list | stop processing: connection "aes128" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.157 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none - bust-mi2+bust-mr2+drop-i2+sa-creation+jacob-two-two+allow-null-none+major-version-bump+minor-version-bump+timeout-on-retransmit+delete-on-retransmit+suppress-retransmits+send-bogus-payload-flag+send-bogus-isakmp-flag+send-no-delete+send-no-ikev2-auth+send-no-xauth-r0+drop-xauth-r0+send-no-main-r2+force-fips+send-key-size-check+send-bogus-dcookie+omit-hash-notify+ignore-hash-notify+ignore-hash-notify-resp+ikev2-exclude-integ-none+ikev2-include-integ-none+replay-duplicates+replay-forward+replay-backward+replay-encrypted+corrupt-encrypted+proposal-parser+add-unknown-payload-to-sa-init+add-unknown-payload-to-auth+add-unknown-payload-to-auth-sk+unknown-payload-critical+allow-dns-insecure+send-pkcs7-thingie+ikev1-del-with-notify+bad-ikev2-auth-xchg | base impairing = none | emitting: disabled | ike-key-length-attribute: disabled | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0547 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing none + suppress-retransmits | base impairing = suppress-retransmits | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0464 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection 3des with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: 3DES_CBC-HMAC_SHA1-MODP2048 | from whack: got --esp=3des-sha1;modp2048 | ESP/AH string values: 3DES_CBC-HMAC_SHA1_96-MODP2048 | counting wild cards for @west is 0 | counting wild cards for @east is 0 | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x556c50734860 added connection description "3des" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.139 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "3des" (in initiate_a_connection() at initiate.c:186) | connection '3des' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #19 at 0x556c50769370 | State DB: adding IKEv2 state #19 in UNDEFINED | pstats #19 ikev2.ike started | Message ID: init #19: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #19: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #19; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "3des" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #19 connection "3des" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "3des" IKE SA #19 "3des" "3des" #19: initiating v2 parent SA | constructing local IKE proposals for 3des (IKE SA initiator selecting KE) | converting ike_info 3DES_CBC-HMAC_SHA1-MODP2048 to ikev2 ... | omitting IKEv2 PROTO_v2_IKE 3des_cbc ENCRYPT transform key-length | ... ikev2_proposal: 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "3des": constructed local IKE proposals for 3des (IKE SA initiator selecting KE): 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 19 for state #19 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f4558001560 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #19 | libevent_malloc: new ptr-libevent@0x7f45580016a0 size 128 | #19 spent 0.122 milliseconds in ikev2_parent_outI1() | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: state #19 connection "3des" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) | RESET processing: connection "3des" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.186 milliseconds in whack | crypto helper 2 resuming | crypto helper 2 starting work-order 19 for state #19 | crypto helper 2 doing build KE and nonce (ikev2_outI1 KE); request ID 19 | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f455c002a80: created | NSS: Local DH MODP2048 secret (pointer): 0x7f455c002a80 | NSS: Public DH wire value: | 70 0f 0b 91 33 30 52 da d0 52 4f e2 b2 33 e6 4f | 26 bc aa f9 e5 81 e0 c4 2d 3b 11 cb 02 e5 88 8e | 16 a9 08 04 18 15 f4 bc d5 d2 b1 4d 93 6c d4 8e | 71 d1 a1 04 4f 22 8f d6 18 21 39 c8 15 e1 c1 f1 | a3 50 7c 98 fe 78 db 01 6c 0c ad 2f 0a b1 bc d8 | ca 1f 61 49 15 67 26 e3 2f 2f 5c 7b 13 79 d8 f9 | e4 81 75 6a 1a cf f2 7d 2f 0d 8a 9b c8 f3 06 c6 | 7d 91 d7 42 07 f5 5d 5a 70 d9 cc ab 37 02 03 80 | 23 04 40 4d 82 e2 86 32 19 28 b4 c6 b6 32 ac 4a | 80 66 f9 59 42 25 aa 5a be de 81 70 8e ea da 0e | 5e 57 15 ea 10 48 15 1e 56 d1 58 99 c1 0f 7e d2 | 31 d8 b0 ec 71 b4 aa 13 c6 e2 69 61 23 08 9c 05 | 23 f6 0f d1 07 85 83 94 05 f3 30 7a fc 86 cf 5c | b5 be 3b 64 48 2a 1f de de 7c e8 40 a9 d2 23 b6 | de cc 17 c5 37 a1 78 da d1 71 db 47 58 48 6c b5 | 4c 45 75 37 5b 51 61 f8 6d ba 3f 74 48 ac 97 e0 | Generated nonce: 6c 47 6e 5e b1 39 0d 54 47 38 98 23 68 19 fe 38 | Generated nonce: b9 55 ad 39 24 53 8c 3b c4 36 17 f8 b7 60 dc 4d | crypto helper 2 finished build KE and nonce (ikev2_outI1 KE); request ID 19 time elapsed 0.000987 seconds | (#19) spent 0.989 milliseconds in crypto helper computing work-order 19: ikev2_outI1 KE (pcr) | crypto helper 2 sending results from work-order 19 for state #19 to event queue | scheduling resume sending helper answer for #19 | libevent_malloc: new ptr-libevent@0x7f455c0016a0 size 128 | crypto helper 2 waiting (nothing to do) | processing resume sending helper answer for #19 | start processing: state #19 connection "3des" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 2 replies to request ID 19 | calling continuation function 0x556c4f6f1630 | ikev2_parent_outI1_continue for #19 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f455c002a80: transferring ownership from helper KE to state #19 | **emit ISAKMP Message: | initiator cookie: | 33 49 c1 46 bb a8 9f 78 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection 3des (IKE SA initiator emitting local proposals): 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 40 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 44 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 70 0f 0b 91 33 30 52 da d0 52 4f e2 b2 33 e6 4f | ikev2 g^x 26 bc aa f9 e5 81 e0 c4 2d 3b 11 cb 02 e5 88 8e | ikev2 g^x 16 a9 08 04 18 15 f4 bc d5 d2 b1 4d 93 6c d4 8e | ikev2 g^x 71 d1 a1 04 4f 22 8f d6 18 21 39 c8 15 e1 c1 f1 | ikev2 g^x a3 50 7c 98 fe 78 db 01 6c 0c ad 2f 0a b1 bc d8 | ikev2 g^x ca 1f 61 49 15 67 26 e3 2f 2f 5c 7b 13 79 d8 f9 | ikev2 g^x e4 81 75 6a 1a cf f2 7d 2f 0d 8a 9b c8 f3 06 c6 | ikev2 g^x 7d 91 d7 42 07 f5 5d 5a 70 d9 cc ab 37 02 03 80 | ikev2 g^x 23 04 40 4d 82 e2 86 32 19 28 b4 c6 b6 32 ac 4a | ikev2 g^x 80 66 f9 59 42 25 aa 5a be de 81 70 8e ea da 0e | ikev2 g^x 5e 57 15 ea 10 48 15 1e 56 d1 58 99 c1 0f 7e d2 | ikev2 g^x 31 d8 b0 ec 71 b4 aa 13 c6 e2 69 61 23 08 9c 05 | ikev2 g^x 23 f6 0f d1 07 85 83 94 05 f3 30 7a fc 86 cf 5c | ikev2 g^x b5 be 3b 64 48 2a 1f de de 7c e8 40 a9 d2 23 b6 | ikev2 g^x de cc 17 c5 37 a1 78 da d1 71 db 47 58 48 6c b5 | ikev2 g^x 4c 45 75 37 5b 51 61 f8 6d ba 3f 74 48 ac 97 e0 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 6c 47 6e 5e b1 39 0d 54 47 38 98 23 68 19 fe 38 | IKEv2 nonce b9 55 ad 39 24 53 8c 3b c4 36 17 f8 b7 60 dc 4d | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffdc298a810 (length 8) | 33 49 c1 46 bb a8 9f 78 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffdc298a818 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffdc298a744 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffdc298a736 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffdc298a7c0 (length 20) | 49 3b 75 82 0d 55 fc 41 fe db 99 36 b1 eb 08 53 | 91 b1 11 27 | natd_hash: hasher=0x556c4f7c77a0(20) | natd_hash: icookie= 33 49 c1 46 bb a8 9f 78 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 49 3b 75 82 0d 55 fc 41 fe db 99 36 b1 eb 08 53 | natd_hash: hash= 91 b1 11 27 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 49 3b 75 82 0d 55 fc 41 fe db 99 36 b1 eb 08 53 | Notify data 91 b1 11 27 | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffdc298a810 (length 8) | 33 49 c1 46 bb a8 9f 78 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffdc298a818 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffdc298a744 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffdc298a736 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffdc298a7c0 (length 20) | 6f dd a3 3f 28 9d 53 1b 2d 97 14 c6 79 98 7b 37 | 0e 9e f8 d9 | natd_hash: hasher=0x556c4f7c77a0(20) | natd_hash: icookie= 33 49 c1 46 bb a8 9f 78 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 6f dd a3 3f 28 9d 53 1b 2d 97 14 c6 79 98 7b 37 | natd_hash: hash= 0e 9e f8 d9 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 6f dd a3 3f 28 9d 53 1b 2d 97 14 c6 79 98 7b 37 | Notify data 0e 9e f8 d9 | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 436 | stop processing: state #19 connection "3des" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #19 connection "3des" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #19 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #19: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #19 to 4294967295 after switching state | Message ID: IKE #19 skipping update_recv as MD is fake | Message ID: sent #19 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "3des" #19: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 436 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #19) | 33 49 c1 46 bb a8 9f 78 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | 70 0f 0b 91 33 30 52 da d0 52 4f e2 b2 33 e6 4f | 26 bc aa f9 e5 81 e0 c4 2d 3b 11 cb 02 e5 88 8e | 16 a9 08 04 18 15 f4 bc d5 d2 b1 4d 93 6c d4 8e | 71 d1 a1 04 4f 22 8f d6 18 21 39 c8 15 e1 c1 f1 | a3 50 7c 98 fe 78 db 01 6c 0c ad 2f 0a b1 bc d8 | ca 1f 61 49 15 67 26 e3 2f 2f 5c 7b 13 79 d8 f9 | e4 81 75 6a 1a cf f2 7d 2f 0d 8a 9b c8 f3 06 c6 | 7d 91 d7 42 07 f5 5d 5a 70 d9 cc ab 37 02 03 80 | 23 04 40 4d 82 e2 86 32 19 28 b4 c6 b6 32 ac 4a | 80 66 f9 59 42 25 aa 5a be de 81 70 8e ea da 0e | 5e 57 15 ea 10 48 15 1e 56 d1 58 99 c1 0f 7e d2 | 31 d8 b0 ec 71 b4 aa 13 c6 e2 69 61 23 08 9c 05 | 23 f6 0f d1 07 85 83 94 05 f3 30 7a fc 86 cf 5c | b5 be 3b 64 48 2a 1f de de 7c e8 40 a9 d2 23 b6 | de cc 17 c5 37 a1 78 da d1 71 db 47 58 48 6c b5 | 4c 45 75 37 5b 51 61 f8 6d ba 3f 74 48 ac 97 e0 | 29 00 00 24 6c 47 6e 5e b1 39 0d 54 47 38 98 23 | 68 19 fe 38 b9 55 ad 39 24 53 8c 3b c4 36 17 f8 | b7 60 dc 4d 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 49 3b 75 82 0d 55 fc 41 fe db 99 36 | b1 eb 08 53 91 b1 11 27 00 00 00 1c 00 00 40 05 | 6f dd a3 3f 28 9d 53 1b 2d 97 14 c6 79 98 7b 37 | 0e 9e f8 d9 | state #19 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f45580016a0 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f4558001560 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "3des" #19: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x7f4558001560 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #19 | libevent_malloc: new ptr-libevent@0x7f45580016a0 size 128 | #19 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49498.848726 | resume sending helper answer for #19 suppresed complete_v2_state_transition() and stole MD | #19 spent 0.544 milliseconds in resume sending helper answer | stop processing: state #19 connection "3des" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f455c0016a0 | spent 0.00255 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 436 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 33 49 c1 46 bb a8 9f 78 15 53 a3 f9 4d 5f fc 5b | 21 20 22 20 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | af 4b cd bd 95 71 09 ef 61 a3 ce d1 2f a9 9c 72 | e2 54 45 19 47 e2 3a 57 02 90 03 ee 8f 47 5d 18 | d4 24 c3 15 18 e7 29 6c 4c b5 16 a4 3d 77 99 ba | b4 69 71 56 37 c4 53 e1 43 85 13 05 37 1c b4 76 | 3f 4f 83 6b 2d d2 49 3e 1e e4 c1 27 b2 f3 7e 21 | b1 61 df 24 b8 f5 eb 68 b4 c4 9f a5 09 ad 2c 17 | 64 a0 b6 77 71 d4 68 c6 0b 9d 8f c5 7b a5 00 74 | da ba b1 ba ab f2 6f f8 96 eb 3c 0b 8a 91 3b 07 | 82 3f 37 c7 9b 7b e5 8a 1c 7e cd cb 46 07 26 7b | 9c 18 7a 51 c1 2a 16 0f 6d 35 9b 37 5c c5 66 80 | 5e 92 01 c9 58 a7 dd bc ba b5 5e 63 99 c1 e8 04 | b0 33 3b a1 82 13 5b 3e e8 64 b8 d5 31 bf 4f af | fb 26 55 09 9c c8 33 5f 49 44 0e 59 be 56 65 ee | 4b 18 15 5a c1 cc dd bb 7f c9 ac e7 f3 a5 d1 05 | f2 c1 70 b2 83 6c 4d 1d 28 d2 81 aa d5 12 86 ac | 73 bc 4e 0c 5f c4 11 11 ee aa 53 08 57 98 6c 94 | 29 00 00 24 3e 69 6a c0 55 c9 7f ce d9 8a 67 f4 | bb 26 3b 7d 35 17 65 ab 3c ba a5 b9 6e 92 98 4e | a7 3b 48 cc 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 82 cd 10 83 f7 65 05 84 cd ce 28 71 | 48 2a 9a 5c a4 42 89 25 00 00 00 1c 00 00 40 05 | f9 fd e3 80 2b ff 64 83 8b b8 e3 27 c2 5e 23 2b | b2 34 e1 a5 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 33 49 c1 46 bb a8 9f 78 | responder cookie: | 15 53 a3 f9 4d 5f fc 5b | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 436 (0x1b4) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #19 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #19 connection "3des" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #19 connection "3des" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #19 is idle | #19 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 44 (0x2c) | processing payload: ISAKMP_NEXT_v2SA (len=40) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | State DB: re-hashing IKEv2 state #19 IKE SPIi and SPI[ir] | #19 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | Now let's proceed with state specific processing | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | ikev2 parent inR1: calculating g^{xy} in order to send I2 | DH public value received: | af 4b cd bd 95 71 09 ef 61 a3 ce d1 2f a9 9c 72 | e2 54 45 19 47 e2 3a 57 02 90 03 ee 8f 47 5d 18 | d4 24 c3 15 18 e7 29 6c 4c b5 16 a4 3d 77 99 ba | b4 69 71 56 37 c4 53 e1 43 85 13 05 37 1c b4 76 | 3f 4f 83 6b 2d d2 49 3e 1e e4 c1 27 b2 f3 7e 21 | b1 61 df 24 b8 f5 eb 68 b4 c4 9f a5 09 ad 2c 17 | 64 a0 b6 77 71 d4 68 c6 0b 9d 8f c5 7b a5 00 74 | da ba b1 ba ab f2 6f f8 96 eb 3c 0b 8a 91 3b 07 | 82 3f 37 c7 9b 7b e5 8a 1c 7e cd cb 46 07 26 7b | 9c 18 7a 51 c1 2a 16 0f 6d 35 9b 37 5c c5 66 80 | 5e 92 01 c9 58 a7 dd bc ba b5 5e 63 99 c1 e8 04 | b0 33 3b a1 82 13 5b 3e e8 64 b8 d5 31 bf 4f af | fb 26 55 09 9c c8 33 5f 49 44 0e 59 be 56 65 ee | 4b 18 15 5a c1 cc dd bb 7f c9 ac e7 f3 a5 d1 05 | f2 c1 70 b2 83 6c 4d 1d 28 d2 81 aa d5 12 86 ac | 73 bc 4e 0c 5f c4 11 11 ee aa 53 08 57 98 6c 94 | using existing local IKE proposals for connection 3des (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE initiator (accepting) 1 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 40 (0x28) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..1] of 1 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | remote proposal 1 transform 0 (ENCR=3DES) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048[first-match] | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: 3DES=3, found 3DES_CBC | PRF ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1 | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffdc298a2d0 (length 8) | 33 49 c1 46 bb a8 9f 78 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffdc298a2d8 (length 8) | 15 53 a3 f9 4d 5f fc 5b | NATD hash sha digest IP addr-bytes@0x7ffdc298a264 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffdc298a256 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffdc298a2e0 (length 20) | f9 fd e3 80 2b ff 64 83 8b b8 e3 27 c2 5e 23 2b | b2 34 e1 a5 | natd_hash: hasher=0x556c4f7c77a0(20) | natd_hash: icookie= 33 49 c1 46 bb a8 9f 78 | natd_hash: rcookie= 15 53 a3 f9 4d 5f fc 5b | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= f9 fd e3 80 2b ff 64 83 8b b8 e3 27 c2 5e 23 2b | natd_hash: hash= b2 34 e1 a5 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffdc298a2d0 (length 8) | 33 49 c1 46 bb a8 9f 78 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffdc298a2d8 (length 8) | 15 53 a3 f9 4d 5f fc 5b | NATD hash sha digest IP addr-bytes@0x7ffdc298a264 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffdc298a256 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffdc298a300 (length 20) | 82 cd 10 83 f7 65 05 84 cd ce 28 71 48 2a 9a 5c | a4 42 89 25 | natd_hash: hasher=0x556c4f7c77a0(20) | natd_hash: icookie= 33 49 c1 46 bb a8 9f 78 | natd_hash: rcookie= 15 53 a3 f9 4d 5f fc 5b | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 82 cd 10 83 f7 65 05 84 cd ce 28 71 48 2a 9a 5c | natd_hash: hash= a4 42 89 25 | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA1 integ=HMAC_SHA1_96 cipherkey=3DES_CBC | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7f455c002a80: transferring ownership from state #19 to helper IKEv2 DH | adding ikev2_inR1outI2 KE work-order 20 for state #19 | state #19 requesting EVENT_RETRANSMIT to be deleted | #19 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x7f45580016a0 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f4558001560 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f4558001560 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #19 | libevent_malloc: new ptr-libevent@0x7f455c0016a0 size 128 | #19 spent 0.26 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() | [RE]START processing: state #19 connection "3des" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #19 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND | suspending state #19 and saving MD | #19 is busy; has a suspended MD | [RE]START processing: state #19 connection "3des" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) | "3des" #19 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | stop processing: state #19 connection "3des" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #19 spent 0.485 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.495 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 4 resuming | crypto helper 4 starting work-order 20 for state #19 | crypto helper 4 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 20 | peer's g: af 4b cd bd 95 71 09 ef 61 a3 ce d1 2f a9 9c 72 | peer's g: e2 54 45 19 47 e2 3a 57 02 90 03 ee 8f 47 5d 18 | peer's g: d4 24 c3 15 18 e7 29 6c 4c b5 16 a4 3d 77 99 ba | peer's g: b4 69 71 56 37 c4 53 e1 43 85 13 05 37 1c b4 76 | peer's g: 3f 4f 83 6b 2d d2 49 3e 1e e4 c1 27 b2 f3 7e 21 | peer's g: b1 61 df 24 b8 f5 eb 68 b4 c4 9f a5 09 ad 2c 17 | peer's g: 64 a0 b6 77 71 d4 68 c6 0b 9d 8f c5 7b a5 00 74 | peer's g: da ba b1 ba ab f2 6f f8 96 eb 3c 0b 8a 91 3b 07 | peer's g: 82 3f 37 c7 9b 7b e5 8a 1c 7e cd cb 46 07 26 7b | peer's g: 9c 18 7a 51 c1 2a 16 0f 6d 35 9b 37 5c c5 66 80 | peer's g: 5e 92 01 c9 58 a7 dd bc ba b5 5e 63 99 c1 e8 04 | peer's g: b0 33 3b a1 82 13 5b 3e e8 64 b8 d5 31 bf 4f af | peer's g: fb 26 55 09 9c c8 33 5f 49 44 0e 59 be 56 65 ee | peer's g: 4b 18 15 5a c1 cc dd bb 7f c9 ac e7 f3 a5 d1 05 | peer's g: f2 c1 70 b2 83 6c 4d 1d 28 d2 81 aa d5 12 86 ac | peer's g: 73 bc 4e 0c 5f c4 11 11 ee aa 53 08 57 98 6c 94 | Started DH shared-secret computation in NSS: | new : g_ir-key@0x7f456000a510 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7f455c002a80: computed shared DH secret key@0x7f456000a510 | dh-shared : g^ir-key@0x7f456000a510 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha integ=sha cipherkey-size=24 salt-size=0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha init Ni | Nr-chunk@0x7f45500075d0 (length 64) | 6c 47 6e 5e b1 39 0d 54 47 38 98 23 68 19 fe 38 | b9 55 ad 39 24 53 8c 3b c4 36 17 f8 b7 60 dc 4d | 3e 69 6a c0 55 c9 7f ce d9 8a 67 f4 bb 26 3b 7d | 35 17 65 ab 3c ba a5 b9 6e 92 98 4e a7 3b 48 cc | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4570d99670 | result: Ni | Nr-key@0x556c5074eb00 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x556c5074eb00 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570d99658 | result: Ni | Nr-key@0x556c50757800 (64-bytes, SHA_1_HMAC) | Ni | Nr: release tmp-key@0x556c5074eb00 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha context 0x7f4550002e80 from Ni | Nr-key@0x556c50757800 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha with context 0x7f4550002e80 from Ni | Nr-key@0x556c50757800 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x556c50757800 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha crypt-prf@0x7f4550003110 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha update g^ir-key@0x7f456000a510 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x7f456000a510 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x7f456000a510 | nss hmac digest hack: symkey-key@0x7f456000a510 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)1893307088: 52 ffffffea 47 ffffffba ffffffdf 56 ffffffb8 ffffffe8 21 57 ffffffab 31 ffffffa7 ffffffe6 fffffffb ffffffb2 ffffffbc ffffffdc 4d 50 fffffff5 72 ffffffe8 56 03 6b 49 0e ffffffe8 ffffffb0 13 ffffffa6 18 63 ffffffe7 ffffffe7 12 39 ffffffdf ffffff9f 28 ffffffbb 00 ffffffb2 20 ffffffd9 ffffffbd 4b ffffff99 53 fffffffa 17 ffffffed 43 6e 36 50 6e 04 34 71 59 28 fffffffc ffffffa0 ffffffb7 ffffffad ffffffbe ffffff9f 0c ffffffc2 24 ffffffaf ffffffbe 35 0e ffffffb5 ffffffb3 ffffffdd ffffff83 ffffffc2 ffffffe8 49 ffffffe1 ffffffb7 ffffff97 43 06 ffffff8f 15 7c 22 57 76 7a 54 ffffffb1 12 fffffff1 38 54 ffffffe3 fffffff9 36 6a 13 3a ffffff92 2c ffffffb6 0f 10 fffffff5 44 ffffffe7 09 fffffff2 ffffffaf ffffffce 3e ffffffe4 30 69 ffffffb7 10 7f ffffffb4 65 ffffffdf fffffff4 fffffff8 ffffffc7 ffffffb7 7c 23 ffffffae 69 49 ffffffde ffffffc4 ffffffca ffffffa7 2b ffffffbc 72 4a ffffffd7 fffffff9 47 5e ffffffbc ffffffc0 21 0d 15 17 ffffffa8 26 3f 48 1 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 256 bytes at 0x7f45500066a0 | unwrapped: db 96 a0 49 9a fb 19 c6 7f 10 42 06 f8 e8 9b df | unwrapped: ff 5b 96 97 57 88 91 99 d8 17 d7 e0 eb 9d db 5f | unwrapped: ea c1 44 19 51 75 19 8a dd 49 4a 09 7b 2c d8 3a | unwrapped: 2f cd 8e 9b 49 25 a7 0a 6c 73 69 1b 1c 14 85 15 | unwrapped: c6 36 fa 0a 17 d9 a2 7f 8e fb d0 e8 b4 c2 35 94 | unwrapped: 38 38 1c ae 23 14 f1 41 c6 a9 b6 62 3b 79 01 ab | unwrapped: 89 37 ca de 92 c0 ad b4 ce 11 8c 8c f2 31 85 35 | unwrapped: 52 17 72 6b 7b ff fc 28 42 84 22 eb 53 fd 50 de | unwrapped: d1 c0 20 92 e9 a2 70 dc ef e4 8f d0 d5 49 d0 bd | unwrapped: 9e df cc 06 33 74 f7 0e 4d 44 c6 9c b6 25 c2 d1 | unwrapped: a2 4a a4 51 76 c0 45 bb 0e 0b b6 b5 3d 4f f0 e0 | unwrapped: 6c 64 96 9e 03 63 7a fe 99 51 37 c2 cb 63 a2 fb | unwrapped: f2 1a d8 ec 23 52 dc 98 86 28 12 d7 93 fa 2d 6c | unwrapped: a8 f7 fc 22 84 f8 ca 65 15 65 27 58 12 e4 2f cd | unwrapped: 23 16 95 fd c7 a3 19 f5 53 58 76 6b 1f e0 30 27 | unwrapped: 94 d2 fd 30 4f e6 bf 2b 92 35 74 2d fa 3e e2 a4 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4570d99690 | result: final-key@0x556c5074eb00 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c5074eb00 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570d99678 | result: final-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c5074eb00 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha final-key@0x556c50757800 (size 20) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4570d99600 | result: data=Ni-key@0x556c5075ae20 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x556c5075ae20 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570d995e8 | result: data=Ni-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x556c5075ae20 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c5074eb00 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f4570d995f0 | result: data+=Nr-key@0x556c5075ae20 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x556c5074eb00 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c5075ae20 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f4570d995f0 | result: data+=SPIi-key@0x556c5074eb00 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x556c5075ae20 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c5074eb00 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f4570d995f0 | result: data+=SPIr-key@0x556c5075ae20 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x556c5074eb00 | prf+0 PRF sha init key-key@0x556c50757800 (size 20) | prf+0: key-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570d99518 | result: clone-key@0x556c5074eb00 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f4550002e80 from key-key@0x556c5074eb00 | prf+0 prf: begin sha with context 0x7f4550002e80 from key-key@0x556c5074eb00 | prf+0: release clone-key@0x556c5074eb00 | prf+0 PRF sha crypt-prf@0x7f45500051e0 | prf+0 PRF sha update seed-key@0x556c5075ae20 (size 80) | prf+0: seed-key@0x556c5075ae20 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x556c5075ae20 | nss hmac digest hack: symkey-key@0x556c5075ae20 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1893306720: ffffffd5 70 ffffffd3 ffffffd6 13 ffffffd6 2d ffffffc4 0b 4e 01 fffffff7 3b ffffffe9 6e 04 ffffffae 18 6a ffffff92 0f 14 fffffff5 7c 14 4c 6d 4c ffffffe2 7f 6b ffffffd9 1d ffffffb0 5c 49 66 30 ffffff9d 30 ffffffd1 4e ffffffa9 02 fffffff6 5c ffffffc3 ffffff91 ffffffec ffffffa5 ffffffc2 40 46 ffffff94 4e 2f ffffffef ffffffa1 ffffff97 ffffffff 49 ffffffc6 38 28 ffffffcf fffffffc fffffff9 30 ffffffff 46 ffffff99 fffffffc 6e ffffffc9 18 ffffff9c ffffffdc 71 6e fffffff1 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 80 bytes at 0x7f4550005090 | unwrapped: 6c 47 6e 5e b1 39 0d 54 47 38 98 23 68 19 fe 38 | unwrapped: b9 55 ad 39 24 53 8c 3b c4 36 17 f8 b7 60 dc 4d | unwrapped: 3e 69 6a c0 55 c9 7f ce d9 8a 67 f4 bb 26 3b 7d | unwrapped: 35 17 65 ab 3c ba a5 b9 6e 92 98 4e a7 3b 48 cc | unwrapped: 33 49 c1 46 bb a8 9f 78 15 53 a3 f9 4d 5f fc 5b | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4570d99520 | result: final-key@0x556c507543d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c507543d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570d99508 | result: final-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c507543d0 | prf+0 PRF sha final-key@0x556c5074eb00 (size 20) | prf+0: key-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x556c5074eb00 | prf+N PRF sha init key-key@0x556c50757800 (size 20) | prf+N: key-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570d99518 | result: clone-key@0x556c507543d0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f4550002e80 from key-key@0x556c507543d0 | prf+N prf: begin sha with context 0x7f4550002e80 from key-key@0x556c507543d0 | prf+N: release clone-key@0x556c507543d0 | prf+N PRF sha crypt-prf@0x7f4550001f40 | prf+N PRF sha update old_t-key@0x556c5074eb00 (size 20) | prf+N: old_t-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x556c5074eb00 | nss hmac digest hack: symkey-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1893306720: fffffff5 32 38 ffffffba fffffff1 fffffffd ffffff90 13 44 36 6a 3d 3a ffffffba ffffffcc 44 ffffffd2 ffffff88 ffffffe1 fffffff9 13 ffffffd2 ffffff9e ffffffbc ffffffa3 ffffffe5 56 ffffff95 ffffffa1 7b 10 ffffffee | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x7f4550005f00 | unwrapped: 6a 8b b8 77 6d 65 98 d1 50 fb 38 50 a1 2f d9 6e | unwrapped: e8 34 3c 25 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x556c5075ae20 (size 80) | prf+N: seed-key@0x556c5075ae20 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x556c5075ae20 | nss hmac digest hack: symkey-key@0x556c5075ae20 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1893306720: ffffffd5 70 ffffffd3 ffffffd6 13 ffffffd6 2d ffffffc4 0b 4e 01 fffffff7 3b ffffffe9 6e 04 ffffffae 18 6a ffffff92 0f 14 fffffff5 7c 14 4c 6d 4c ffffffe2 7f 6b ffffffd9 1d ffffffb0 5c 49 66 30 ffffff9d 30 ffffffd1 4e ffffffa9 02 fffffff6 5c ffffffc3 ffffff91 ffffffec ffffffa5 ffffffc2 40 46 ffffff94 4e 2f ffffffef ffffffa1 ffffff97 ffffffff 49 ffffffc6 38 28 ffffffcf fffffffc fffffff9 30 ffffffff 46 ffffff99 fffffffc 6e ffffffc9 18 ffffff9c ffffffdc 71 6e fffffff1 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 80 bytes at 0x7f4550005030 | unwrapped: 6c 47 6e 5e b1 39 0d 54 47 38 98 23 68 19 fe 38 | unwrapped: b9 55 ad 39 24 53 8c 3b c4 36 17 f8 b7 60 dc 4d | unwrapped: 3e 69 6a c0 55 c9 7f ce d9 8a 67 f4 bb 26 3b 7d | unwrapped: 35 17 65 ab 3c ba a5 b9 6e 92 98 4e a7 3b 48 cc | unwrapped: 33 49 c1 46 bb a8 9f 78 15 53 a3 f9 4d 5f fc 5b | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4570d99520 | result: final-key@0x556c5074d280 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c5074d280 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570d99508 | result: final-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c5074d280 | prf+N PRF sha final-key@0x556c507543d0 (size 20) | prf+N: key-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4570d99598 | result: result-key@0x556c5074d280 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x556c5074eb00 | prfplus: release old_t[N]-key@0x556c5074eb00 | prf+N PRF sha init key-key@0x556c50757800 (size 20) | prf+N: key-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570d99518 | result: clone-key@0x556c5074eb00 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f4550002e80 from key-key@0x556c5074eb00 | prf+N prf: begin sha with context 0x7f4550002e80 from key-key@0x556c5074eb00 | prf+N: release clone-key@0x556c5074eb00 | prf+N PRF sha crypt-prf@0x7f45500018a0 | prf+N PRF sha update old_t-key@0x556c507543d0 (size 20) | prf+N: old_t-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x556c507543d0 | nss hmac digest hack: symkey-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1893306720: fffffff5 4e 26 ffffffe7 53 ffffffb5 ffffffc7 20 27 3e 09 ffffffef ffffff98 fffffff0 ffffffd0 3f 0e 1a 00 6e 78 56 ffffff8e ffffffca fffffff0 fffffff9 ffffff87 09 0a ffffffae 42 4f | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x7f45500069b0 | unwrapped: 57 db 46 d3 57 37 e3 87 2e 76 9f da 90 4f f2 0f | unwrapped: 3c d7 5f 27 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x556c5075ae20 (size 80) | prf+N: seed-key@0x556c5075ae20 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x556c5075ae20 | nss hmac digest hack: symkey-key@0x556c5075ae20 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1893306720: ffffffd5 70 ffffffd3 ffffffd6 13 ffffffd6 2d ffffffc4 0b 4e 01 fffffff7 3b ffffffe9 6e 04 ffffffae 18 6a ffffff92 0f 14 fffffff5 7c 14 4c 6d 4c ffffffe2 7f 6b ffffffd9 1d ffffffb0 5c 49 66 30 ffffff9d 30 ffffffd1 4e ffffffa9 02 fffffff6 5c ffffffc3 ffffff91 ffffffec ffffffa5 ffffffc2 40 46 ffffff94 4e 2f ffffffef ffffffa1 ffffff97 ffffffff 49 ffffffc6 38 28 ffffffcf fffffffc fffffff9 30 ffffffff 46 ffffff99 fffffffc 6e ffffffc9 18 ffffff9c ffffffdc 71 6e fffffff1 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 80 bytes at 0x7f45500050f0 | unwrapped: 6c 47 6e 5e b1 39 0d 54 47 38 98 23 68 19 fe 38 | unwrapped: b9 55 ad 39 24 53 8c 3b c4 36 17 f8 b7 60 dc 4d | unwrapped: 3e 69 6a c0 55 c9 7f ce d9 8a 67 f4 bb 26 3b 7d | unwrapped: 35 17 65 ab 3c ba a5 b9 6e 92 98 4e a7 3b 48 cc | unwrapped: 33 49 c1 46 bb a8 9f 78 15 53 a3 f9 4d 5f fc 5b | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4570d99520 | result: final-key@0x556c5076d180 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c5076d180 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570d99508 | result: final-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c5076d180 | prf+N PRF sha final-key@0x556c5074eb00 (size 20) | prf+N: key-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c5074d280 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4570d99598 | result: result-key@0x556c5076d180 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x556c5074d280 | prfplus: release old_t[N]-key@0x556c507543d0 | prf+N PRF sha init key-key@0x556c50757800 (size 20) | prf+N: key-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570d99518 | result: clone-key@0x556c507543d0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f4550002e80 from key-key@0x556c507543d0 | prf+N prf: begin sha with context 0x7f4550002e80 from key-key@0x556c507543d0 | prf+N: release clone-key@0x556c507543d0 | prf+N PRF sha crypt-prf@0x7f4550001f40 | prf+N PRF sha update old_t-key@0x556c5074eb00 (size 20) | prf+N: old_t-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x556c5074eb00 | nss hmac digest hack: symkey-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1893306720: ffffff92 ffffffb4 ffffffd4 ffffff90 47 4d ffffff99 04 3e 54 5f 4b ffffffdb ffffffca fffffff4 ffffff81 65 ffffff94 fffffff9 fffffff6 ffffffdd fffffffb 7e 06 ffffffaa ffffff86 32 fffffff0 ffffffd5 ffffffc9 ffffff9b ffffffd2 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x7f4550001210 | unwrapped: 80 b1 8c 92 42 9d a3 8e 9d 2d f9 89 03 f9 9f cd | unwrapped: df 0b 78 93 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x556c5075ae20 (size 80) | prf+N: seed-key@0x556c5075ae20 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x556c5075ae20 | nss hmac digest hack: symkey-key@0x556c5075ae20 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1893306720: ffffffd5 70 ffffffd3 ffffffd6 13 ffffffd6 2d ffffffc4 0b 4e 01 fffffff7 3b ffffffe9 6e 04 ffffffae 18 6a ffffff92 0f 14 fffffff5 7c 14 4c 6d 4c ffffffe2 7f 6b ffffffd9 1d ffffffb0 5c 49 66 30 ffffff9d 30 ffffffd1 4e ffffffa9 02 fffffff6 5c ffffffc3 ffffff91 ffffffec ffffffa5 ffffffc2 40 46 ffffff94 4e 2f ffffffef ffffffa1 ffffff97 ffffffff 49 ffffffc6 38 28 ffffffcf fffffffc fffffff9 30 ffffffff 46 ffffff99 fffffffc 6e ffffffc9 18 ffffff9c ffffffdc 71 6e fffffff1 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 80 bytes at 0x7f4550005e20 | unwrapped: 6c 47 6e 5e b1 39 0d 54 47 38 98 23 68 19 fe 38 | unwrapped: b9 55 ad 39 24 53 8c 3b c4 36 17 f8 b7 60 dc 4d | unwrapped: 3e 69 6a c0 55 c9 7f ce d9 8a 67 f4 bb 26 3b 7d | unwrapped: 35 17 65 ab 3c ba a5 b9 6e 92 98 4e a7 3b 48 cc | unwrapped: 33 49 c1 46 bb a8 9f 78 15 53 a3 f9 4d 5f fc 5b | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4570d99520 | result: final-key@0x556c5074d280 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c5074d280 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570d99508 | result: final-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c5074d280 | prf+N PRF sha final-key@0x556c507543d0 (size 20) | prf+N: key-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c5076d180 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4570d99598 | result: result-key@0x556c5074d280 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x556c5076d180 | prfplus: release old_t[N]-key@0x556c5074eb00 | prf+N PRF sha init key-key@0x556c50757800 (size 20) | prf+N: key-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570d99518 | result: clone-key@0x556c5074eb00 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f4550002e80 from key-key@0x556c5074eb00 | prf+N prf: begin sha with context 0x7f4550002e80 from key-key@0x556c5074eb00 | prf+N: release clone-key@0x556c5074eb00 | prf+N PRF sha crypt-prf@0x7f45500018a0 | prf+N PRF sha update old_t-key@0x556c507543d0 (size 20) | prf+N: old_t-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x556c507543d0 | nss hmac digest hack: symkey-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1893306720: ffffffac ffffffcf ffffffd7 ffffff99 44 ffffffd3 ffffffec ffffff91 0d ffffffd1 6b 1b 3d 60 2b ffffffd8 0c 4b ffffffa5 52 35 08 03 09 03 fffffff2 6f 68 ffffffb0 ffffff86 ffffffdc ffffffc9 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x7f4550001210 | unwrapped: 75 cb 88 56 fb 7b 7e 0a 37 eb 2a c8 73 4b df b9 | unwrapped: b2 ff b1 3c 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x556c5075ae20 (size 80) | prf+N: seed-key@0x556c5075ae20 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x556c5075ae20 | nss hmac digest hack: symkey-key@0x556c5075ae20 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1893306720: ffffffd5 70 ffffffd3 ffffffd6 13 ffffffd6 2d ffffffc4 0b 4e 01 fffffff7 3b ffffffe9 6e 04 ffffffae 18 6a ffffff92 0f 14 fffffff5 7c 14 4c 6d 4c ffffffe2 7f 6b ffffffd9 1d ffffffb0 5c 49 66 30 ffffff9d 30 ffffffd1 4e ffffffa9 02 fffffff6 5c ffffffc3 ffffff91 ffffffec ffffffa5 ffffffc2 40 46 ffffff94 4e 2f ffffffef ffffffa1 ffffff97 ffffffff 49 ffffffc6 38 28 ffffffcf fffffffc fffffff9 30 ffffffff 46 ffffff99 fffffffc 6e ffffffc9 18 ffffff9c ffffffdc 71 6e fffffff1 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 80 bytes at 0x7f45500067b0 | unwrapped: 6c 47 6e 5e b1 39 0d 54 47 38 98 23 68 19 fe 38 | unwrapped: b9 55 ad 39 24 53 8c 3b c4 36 17 f8 b7 60 dc 4d | unwrapped: 3e 69 6a c0 55 c9 7f ce d9 8a 67 f4 bb 26 3b 7d | unwrapped: 35 17 65 ab 3c ba a5 b9 6e 92 98 4e a7 3b 48 cc | unwrapped: 33 49 c1 46 bb a8 9f 78 15 53 a3 f9 4d 5f fc 5b | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4570d99520 | result: final-key@0x556c5076d180 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c5076d180 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570d99508 | result: final-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c5076d180 | prf+N PRF sha final-key@0x556c5074eb00 (size 20) | prf+N: key-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c5074d280 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4570d99598 | result: result-key@0x556c5076d180 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x556c5074d280 | prfplus: release old_t[N]-key@0x556c507543d0 | prf+N PRF sha init key-key@0x556c50757800 (size 20) | prf+N: key-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570d99518 | result: clone-key@0x556c507543d0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f4550005b80 from key-key@0x556c507543d0 | prf+N prf: begin sha with context 0x7f4550005b80 from key-key@0x556c507543d0 | prf+N: release clone-key@0x556c507543d0 | prf+N PRF sha crypt-prf@0x7f4550001f40 | prf+N PRF sha update old_t-key@0x556c5074eb00 (size 20) | prf+N: old_t-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x556c5074eb00 | nss hmac digest hack: symkey-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1893306720: ffffffc9 41 ffffff8e ffffffd5 6d 1e ffffffbf ffffffd1 ffffffaf ffffffb6 ffffffaa 27 ffffffc1 ffffff92 6b ffffff9b ffffffd3 ffffff86 17 30 ffffffac ffffff90 ffffffcb ffffffda 4e ffffffef ffffffa4 5b fffffff6 29 ffffffd2 44 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x7f4550001210 | unwrapped: 5e 30 a7 b5 69 c7 3e 60 aa 29 43 6c 89 10 63 4e | unwrapped: d9 36 e6 a3 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x556c5075ae20 (size 80) | prf+N: seed-key@0x556c5075ae20 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x556c5075ae20 | nss hmac digest hack: symkey-key@0x556c5075ae20 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1893306720: ffffffd5 70 ffffffd3 ffffffd6 13 ffffffd6 2d ffffffc4 0b 4e 01 fffffff7 3b ffffffe9 6e 04 ffffffae 18 6a ffffff92 0f 14 fffffff5 7c 14 4c 6d 4c ffffffe2 7f 6b ffffffd9 1d ffffffb0 5c 49 66 30 ffffff9d 30 ffffffd1 4e ffffffa9 02 fffffff6 5c ffffffc3 ffffff91 ffffffec ffffffa5 ffffffc2 40 46 ffffff94 4e 2f ffffffef ffffffa1 ffffff97 ffffffff 49 ffffffc6 38 28 ffffffcf fffffffc fffffff9 30 ffffffff 46 ffffff99 fffffffc 6e ffffffc9 18 ffffff9c ffffffdc 71 6e fffffff1 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 80 bytes at 0x7f4550005030 | unwrapped: 6c 47 6e 5e b1 39 0d 54 47 38 98 23 68 19 fe 38 | unwrapped: b9 55 ad 39 24 53 8c 3b c4 36 17 f8 b7 60 dc 4d | unwrapped: 3e 69 6a c0 55 c9 7f ce d9 8a 67 f4 bb 26 3b 7d | unwrapped: 35 17 65 ab 3c ba a5 b9 6e 92 98 4e a7 3b 48 cc | unwrapped: 33 49 c1 46 bb a8 9f 78 15 53 a3 f9 4d 5f fc 5b | prf+N PRF sha update N++-byte@0x6 (6) | 06 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4570d99520 | result: final-key@0x556c5074d280 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c5074d280 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570d99508 | result: final-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c5074d280 | prf+N PRF sha final-key@0x556c507543d0 (size 20) | prf+N: key-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c5076d180 (100-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4570d99598 | result: result-key@0x556c5074d280 (120-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x556c5076d180 | prfplus: release old_t[N]-key@0x556c5074eb00 | prf+N PRF sha init key-key@0x556c50757800 (size 20) | prf+N: key-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570d99518 | result: clone-key@0x556c5074eb00 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f4550002e80 from key-key@0x556c5074eb00 | prf+N prf: begin sha with context 0x7f4550002e80 from key-key@0x556c5074eb00 | prf+N: release clone-key@0x556c5074eb00 | prf+N PRF sha crypt-prf@0x7f45500018a0 | prf+N PRF sha update old_t-key@0x556c507543d0 (size 20) | prf+N: old_t-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x556c507543d0 | nss hmac digest hack: symkey-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1893306720: 16 5d 46 ffffffe8 64 26 ffffff90 ffffff98 ffffffc1 ffffff99 ffffffd3 67 ffffff92 ffffff8f ffffff88 ffffffc5 2d ffffff9b 30 ffffffa0 47 ffffff96 ffffffd5 66 ffffffb7 ffffffe4 ffffffad ffffff91 ffffffba ffffffae 06 ffffffa3 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x7f4550001210 | unwrapped: e8 be a1 25 6e 4a d9 d2 80 ba 69 95 0a fb 3d d0 | unwrapped: db b0 26 7b 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x556c5075ae20 (size 80) | prf+N: seed-key@0x556c5075ae20 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x556c5075ae20 | nss hmac digest hack: symkey-key@0x556c5075ae20 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1893306720: ffffffd5 70 ffffffd3 ffffffd6 13 ffffffd6 2d ffffffc4 0b 4e 01 fffffff7 3b ffffffe9 6e 04 ffffffae 18 6a ffffff92 0f 14 fffffff5 7c 14 4c 6d 4c ffffffe2 7f 6b ffffffd9 1d ffffffb0 5c 49 66 30 ffffff9d 30 ffffffd1 4e ffffffa9 02 fffffff6 5c ffffffc3 ffffff91 ffffffec ffffffa5 ffffffc2 40 46 ffffff94 4e 2f ffffffef ffffffa1 ffffff97 ffffffff 49 ffffffc6 38 28 ffffffcf fffffffc fffffff9 30 ffffffff 46 ffffff99 fffffffc 6e ffffffc9 18 ffffff9c ffffffdc 71 6e fffffff1 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 80 bytes at 0x7f45500067b0 | unwrapped: 6c 47 6e 5e b1 39 0d 54 47 38 98 23 68 19 fe 38 | unwrapped: b9 55 ad 39 24 53 8c 3b c4 36 17 f8 b7 60 dc 4d | unwrapped: 3e 69 6a c0 55 c9 7f ce d9 8a 67 f4 bb 26 3b 7d | unwrapped: 35 17 65 ab 3c ba a5 b9 6e 92 98 4e a7 3b 48 cc | unwrapped: 33 49 c1 46 bb a8 9f 78 15 53 a3 f9 4d 5f fc 5b | prf+N PRF sha update N++-byte@0x7 (7) | 07 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4570d99520 | result: final-key@0x556c5076d180 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c5076d180 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570d99508 | result: final-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c5076d180 | prf+N PRF sha final-key@0x556c5074eb00 (size 20) | prf+N: key-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c5074d280 (120-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4570d99598 | result: result-key@0x556c5076d180 (140-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x556c5074d280 | prfplus: release old_t[N]-key@0x556c507543d0 | prf+N PRF sha init key-key@0x556c50757800 (size 20) | prf+N: key-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570d99518 | result: clone-key@0x556c507543d0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f4550002e80 from key-key@0x556c507543d0 | prf+N prf: begin sha with context 0x7f4550002e80 from key-key@0x556c507543d0 | prf+N: release clone-key@0x556c507543d0 | prf+N PRF sha crypt-prf@0x7f4550001f40 | prf+N PRF sha update old_t-key@0x556c5074eb00 (size 20) | prf+N: old_t-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x556c5074eb00 | nss hmac digest hack: symkey-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1893306720: ffffffa5 36 17 ffffff9c 20 68 4e ffffff9e 76 ffffff91 07 74 3c ffffff88 ffffffc0 ffffff99 29 0c ffffff86 ffffffff ffffff81 ffffffd2 40 ffffff8e 1b ffffffd9 ffffffa2 ffffffe3 ffffff87 ffffff8d 59 ffffffed | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x7f4550001210 | unwrapped: 51 b5 e4 4f a9 a9 c0 8b 29 32 dd c0 58 1a 27 60 | unwrapped: 3e 4a 52 00 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x556c5075ae20 (size 80) | prf+N: seed-key@0x556c5075ae20 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x556c5075ae20 | nss hmac digest hack: symkey-key@0x556c5075ae20 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1893306720: ffffffd5 70 ffffffd3 ffffffd6 13 ffffffd6 2d ffffffc4 0b 4e 01 fffffff7 3b ffffffe9 6e 04 ffffffae 18 6a ffffff92 0f 14 fffffff5 7c 14 4c 6d 4c ffffffe2 7f 6b ffffffd9 1d ffffffb0 5c 49 66 30 ffffff9d 30 ffffffd1 4e ffffffa9 02 fffffff6 5c ffffffc3 ffffff91 ffffffec ffffffa5 ffffffc2 40 46 ffffff94 4e 2f ffffffef ffffffa1 ffffff97 ffffffff 49 ffffffc6 38 28 ffffffcf fffffffc fffffff9 30 ffffffff 46 ffffff99 fffffffc 6e ffffffc9 18 ffffff9c ffffffdc 71 6e fffffff1 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 80 bytes at 0x7f45500050f0 | unwrapped: 6c 47 6e 5e b1 39 0d 54 47 38 98 23 68 19 fe 38 | unwrapped: b9 55 ad 39 24 53 8c 3b c4 36 17 f8 b7 60 dc 4d | unwrapped: 3e 69 6a c0 55 c9 7f ce d9 8a 67 f4 bb 26 3b 7d | unwrapped: 35 17 65 ab 3c ba a5 b9 6e 92 98 4e a7 3b 48 cc | unwrapped: 33 49 c1 46 bb a8 9f 78 15 53 a3 f9 4d 5f fc 5b | prf+N PRF sha update N++-byte@0x8 (8) | 08 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f4570d99520 | result: final-key@0x556c5074d280 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c5074d280 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570d99508 | result: final-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c5074d280 | prf+N PRF sha final-key@0x556c507543d0 (size 20) | prf+N: key-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c5076d180 (140-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f4570d99598 | result: result-key@0x556c5074d280 (160-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x556c5076d180 | prfplus: release old_t[N]-key@0x556c5074eb00 | prfplus: release old_t[final]-key@0x556c507543d0 | ike_sa_keymat: release data-key@0x556c5075ae20 | calc_skeyseed_v2: release skeyseed_k-key@0x556c50757800 | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c5074d280 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570d99738 | result: result-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 20, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c5074d280 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570d99738 | result: result-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 40, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c5074d280 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570d99738 | result: result-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 60, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: DES3_CBC | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x556c5074d280 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570d99748 | result: SK_ei_k-key@0x556c5074eb00 (24-bytes, DES3_CBC) | initiator salt NULL key has no bytes | calc_skeyseed_v2: release initiator-salt-key-key@NULL | key-offset: 84, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: DES3_CBC | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x556c5074d280 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570d99748 | result: SK_er_k-key@0x556c5076d180 (24-bytes, DES3_CBC) | responder salt NULL key has no bytes | calc_skeyseed_v2: release responder-salt-key-key@NULL | key-offset: 108, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c5074d280 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570d99748 | result: result-key@0x7f45600069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 20 bytes of key@0x7f45600069f0 | chunk_SK_pi: symkey-key@0x7f45600069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1717790310: fffffff0 59 1a ffffffff ffffffed 36 ffffffde 0b 6c ffffffd7 ffffff87 5f ffffffc1 4c fffffff7 ffffff8c 35 ffffffbf ffffffd2 ffffffb3 36 71 18 21 ffffffb2 29 3a 1f fffffffd fffffff2 7e ffffff88 | chunk_SK_pi: release slot-key-key@0x556c50750fd0 | chunk_SK_pi extracted len 32 bytes at 0x7f4550001210 | unwrapped: 80 ba 69 95 0a fb 3d d0 db b0 26 7b 51 b5 e4 4f | unwrapped: a9 a9 c0 8b 00 00 00 00 00 00 00 00 00 00 00 00 | key-offset: 128, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c5074d280 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f4570d99748 | result: result-key@0x7f456000d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 20 bytes of key@0x7f456000d640 | chunk_SK_pr: symkey-key@0x7f456000d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1717790310: 64 ffffff86 1b 13 43 ffffffac ffffffdf ffffff85 ffffffe2 31 ffffff9c ffffffb4 ffffff90 ffffff9b 19 11 6d ffffffd4 ffffff9d fffffffa ffffffae 00 fffffffa 05 ffffffdf ffffffed ffffffc5 60 14 48 ffffff99 ffffff93 | chunk_SK_pr: release slot-key-key@0x556c50750fd0 | chunk_SK_pr extracted len 32 bytes at 0x7f4550006400 | unwrapped: 29 32 dd c0 58 1a 27 60 3e 4a 52 00 4b 9c 87 f4 | unwrapped: ca 1c 6a 57 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x556c5074d280 | calc_skeyseed_v2 pointers: shared-key@0x7f456000a510, SK_d-key@0x556c50757800, SK_ai-key@0x556c5075ae20, SK_ar-key@0x556c507543d0, SK_ei-key@0x556c5074eb00, SK_er-key@0x556c5076d180, SK_pi-key@0x7f45600069f0, SK_pr-key@0x7f456000d640 | calc_skeyseed_v2 initiator salt | | calc_skeyseed_v2 responder salt | | calc_skeyseed_v2 SK_pi | 80 ba 69 95 0a fb 3d d0 db b0 26 7b 51 b5 e4 4f | a9 a9 c0 8b | calc_skeyseed_v2 SK_pr | 29 32 dd c0 58 1a 27 60 3e 4a 52 00 4b 9c 87 f4 | ca 1c 6a 57 | crypto helper 4 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 20 time elapsed 0.003399 seconds | (#19) spent 3.3 milliseconds in crypto helper computing work-order 20: ikev2_inR1outI2 KE (pcr) | crypto helper 4 sending results from work-order 20 for state #19 to event queue | scheduling resume sending helper answer for #19 | libevent_malloc: new ptr-libevent@0x7f45500068c0 size 128 | crypto helper 4 waiting (nothing to do) | processing resume sending helper answer for #19 | start processing: state #19 connection "3des" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 4 replies to request ID 20 | calling continuation function 0x556c4f6f1630 | ikev2_parent_inR1outI2_continue for #19: calculating g^{xy}, sending I2 | DH secret MODP2048@0x7f455c002a80: transferring ownership from helper IKEv2 DH to state #19 | finish_dh_v2: release st_shared_nss-key@NULL | creating state object #20 at 0x556c5076dc10 | State DB: adding IKEv2 state #20 in UNDEFINED | pstats #20 ikev2.child started | duplicating state object #19 "3des" as #20 for IPSEC SA | #20 setting local endpoint to 192.1.2.45:500 from #19.st_localport (in duplicate_state() at state.c:1481) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x556c50757800 | duplicate_state: reference st_skey_ai_nss-key@0x556c5075ae20 | duplicate_state: reference st_skey_ar_nss-key@0x556c507543d0 | duplicate_state: reference st_skey_ei_nss-key@0x556c5074eb00 | duplicate_state: reference st_skey_er_nss-key@0x556c5076d180 | duplicate_state: reference st_skey_pi_nss-key@0x7f45600069f0 | duplicate_state: reference st_skey_pr_nss-key@0x7f456000d640 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #19.#20; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #19 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 | Message ID: switch-to #19.#20 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 | state #19 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f455c0016a0 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f4558001560 | event_schedule: new EVENT_SA_REPLACE-pe@0x7f4558001560 | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #19 | libevent_malloc: new ptr-libevent@0x7f455c0016a0 size 128 | parent state #19: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) | **emit ISAKMP Message: | initiator cookie: | 33 49 c1 46 bb a8 9f 78 | responder cookie: | 15 53 a3 f9 4d 5f fc 5b | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK | IDr payload will be sent | hmac PRF sha init symkey-key@0x7f45600069f0 (size 20) | hmac: symkey-key@0x7f45600069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f45600069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a288 | result: clone-key@0x556c5074d280 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x556c50750530 from symkey-key@0x556c5074d280 | hmac prf: begin sha with context 0x556c50750530 from symkey-key@0x556c5074d280 | hmac: release clone-key@0x556c5074d280 | hmac PRF sha crypt-prf@0x556c5076e780 | ****emit IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload | my identity 77 65 73 74 | emitting length of IKEv2 Identification - Initiator - Payload: 12 | idhash calc I2 02 00 00 00 77 65 73 74 | hmac PRF sha update data-bytes@0x556c4f7f096c (length 8) | 02 00 00 00 77 65 73 74 | hmac PRF sha final-bytes@0x7ffdc298a820 (length 20) | 44 41 ce 41 c0 64 1a bd 15 3f eb 31 c9 3a c5 0b | 59 76 a1 40 | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload | IDr 65 61 73 74 | emitting length of IKEv2 Identification - Responder - Payload: 12 | not sending INITIAL_CONTACT | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | auth method: IKEv2_AUTH_SHARED (0x2) | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_PSK | 1: compared key @east to @west / @east -> 004 | 2: compared key @west to @west / @east -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x556c5075d550 (line=1) | concluding with best_match=014 best=0x556c5075d550 (lineno=1) | inputs to hash1 (first packet) | 33 49 c1 46 bb a8 9f 78 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | 70 0f 0b 91 33 30 52 da d0 52 4f e2 b2 33 e6 4f | 26 bc aa f9 e5 81 e0 c4 2d 3b 11 cb 02 e5 88 8e | 16 a9 08 04 18 15 f4 bc d5 d2 b1 4d 93 6c d4 8e | 71 d1 a1 04 4f 22 8f d6 18 21 39 c8 15 e1 c1 f1 | a3 50 7c 98 fe 78 db 01 6c 0c ad 2f 0a b1 bc d8 | ca 1f 61 49 15 67 26 e3 2f 2f 5c 7b 13 79 d8 f9 | e4 81 75 6a 1a cf f2 7d 2f 0d 8a 9b c8 f3 06 c6 | 7d 91 d7 42 07 f5 5d 5a 70 d9 cc ab 37 02 03 80 | 23 04 40 4d 82 e2 86 32 19 28 b4 c6 b6 32 ac 4a | 80 66 f9 59 42 25 aa 5a be de 81 70 8e ea da 0e | 5e 57 15 ea 10 48 15 1e 56 d1 58 99 c1 0f 7e d2 | 31 d8 b0 ec 71 b4 aa 13 c6 e2 69 61 23 08 9c 05 | 23 f6 0f d1 07 85 83 94 05 f3 30 7a fc 86 cf 5c | b5 be 3b 64 48 2a 1f de de 7c e8 40 a9 d2 23 b6 | de cc 17 c5 37 a1 78 da d1 71 db 47 58 48 6c b5 | 4c 45 75 37 5b 51 61 f8 6d ba 3f 74 48 ac 97 e0 | 29 00 00 24 6c 47 6e 5e b1 39 0d 54 47 38 98 23 | 68 19 fe 38 b9 55 ad 39 24 53 8c 3b c4 36 17 f8 | b7 60 dc 4d 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 49 3b 75 82 0d 55 fc 41 fe db 99 36 | b1 eb 08 53 91 b1 11 27 00 00 00 1c 00 00 40 05 | 6f dd a3 3f 28 9d 53 1b 2d 97 14 c6 79 98 7b 37 | 0e 9e f8 d9 | create: initiator inputs to hash2 (responder nonce) | 3e 69 6a c0 55 c9 7f ce d9 8a 67 f4 bb 26 3b 7d | 35 17 65 ab 3c ba a5 b9 6e 92 98 4e a7 3b 48 cc | idhash 44 41 ce 41 c0 64 1a bd 15 3f eb 31 c9 3a c5 0b | idhash 59 76 a1 40 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x556c50767d30 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298a080 | result: shared secret-key@0x7f4568006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x7f4568006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a068 | result: shared secret-key@0x556c5074d280 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x7f4568006900 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x556c50750530 from shared secret-key@0x556c5074d280 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x556c50750530 from shared secret-key@0x556c5074d280 | = prf(,"Key Pad for IKEv2"): release clone-key@0x556c5074d280 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x556c507714b0 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x556c4f784bb0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298a0a0 | result: final-key@0x7f4568006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f4568006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a088 | result: final-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f4568006900 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x556c5074d280 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x556c5074d280 (size 20) | = prf(, ): -key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a098 | result: clone-key@0x7f4568006900 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x556c50750530 from -key@0x7f4568006900 | = prf(, ) prf: begin sha with context 0x556c50750530 from -key@0x7f4568006900 | = prf(, ): release clone-key@0x7f4568006900 | = prf(, ) PRF sha crypt-prf@0x556c5076a920 | = prf(, ) PRF sha update first-packet-bytes@0x556c5076b520 (length 436) | 33 49 c1 46 bb a8 9f 78 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | 70 0f 0b 91 33 30 52 da d0 52 4f e2 b2 33 e6 4f | 26 bc aa f9 e5 81 e0 c4 2d 3b 11 cb 02 e5 88 8e | 16 a9 08 04 18 15 f4 bc d5 d2 b1 4d 93 6c d4 8e | 71 d1 a1 04 4f 22 8f d6 18 21 39 c8 15 e1 c1 f1 | a3 50 7c 98 fe 78 db 01 6c 0c ad 2f 0a b1 bc d8 | ca 1f 61 49 15 67 26 e3 2f 2f 5c 7b 13 79 d8 f9 | e4 81 75 6a 1a cf f2 7d 2f 0d 8a 9b c8 f3 06 c6 | 7d 91 d7 42 07 f5 5d 5a 70 d9 cc ab 37 02 03 80 | 23 04 40 4d 82 e2 86 32 19 28 b4 c6 b6 32 ac 4a | 80 66 f9 59 42 25 aa 5a be de 81 70 8e ea da 0e | 5e 57 15 ea 10 48 15 1e 56 d1 58 99 c1 0f 7e d2 | 31 d8 b0 ec 71 b4 aa 13 c6 e2 69 61 23 08 9c 05 | 23 f6 0f d1 07 85 83 94 05 f3 30 7a fc 86 cf 5c | b5 be 3b 64 48 2a 1f de de 7c e8 40 a9 d2 23 b6 | de cc 17 c5 37 a1 78 da d1 71 db 47 58 48 6c b5 | 4c 45 75 37 5b 51 61 f8 6d ba 3f 74 48 ac 97 e0 | 29 00 00 24 6c 47 6e 5e b1 39 0d 54 47 38 98 23 | 68 19 fe 38 b9 55 ad 39 24 53 8c 3b c4 36 17 f8 | b7 60 dc 4d 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 49 3b 75 82 0d 55 fc 41 fe db 99 36 | b1 eb 08 53 91 b1 11 27 00 00 00 1c 00 00 40 05 | 6f dd a3 3f 28 9d 53 1b 2d 97 14 c6 79 98 7b 37 | 0e 9e f8 d9 | = prf(, ) PRF sha update nonce-bytes@0x556c50769e30 (length 32) | 3e 69 6a c0 55 c9 7f ce d9 8a 67 f4 bb 26 3b 7d | 35 17 65 ab 3c ba a5 b9 6e 92 98 4e a7 3b 48 cc | = prf(, ) PRF sha update hash-bytes@0x7ffdc298a820 (length 20) | 44 41 ce 41 c0 64 1a bd 15 3f eb 31 c9 3a c5 0b | 59 76 a1 40 | = prf(, ) PRF sha final-chunk@0x556c5076e780 (length 20) | 5b 20 cb 3d 68 01 ad 02 5d 45 a0 70 fa 7e a4 84 | 26 2f b3 3a | psk_auth: release prf-psk-key@0x556c5074d280 | PSK auth octets 5b 20 cb 3d 68 01 ad 02 5d 45 a0 70 fa 7e a4 84 | PSK auth octets 26 2f b3 3a | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth 5b 20 cb 3d 68 01 ad 02 5d 45 a0 70 fa 7e a4 84 | PSK auth 26 2f b3 3a | emitting length of IKEv2 Authentication Payload: 28 | getting first pending from state #19 | netlink_get_spi: allocated 0x2b5ecc02 for esp.0@192.1.2.45 | constructing ESP/AH proposals with all DH removed for 3des (IKE SA initiator emitting ESP/AH proposals) | converting proposal 3DES_CBC-HMAC_SHA1_96-MODP2048 to ikev2 ... | omitting IKEv2 PROTO_v2_ESP 3des_cbc ENCRYPT transform key-length | ... ikev2_proposal: 1:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED "3des": constructed local ESP/AH proposals for 3des (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Emitting ikev2_proposals ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 2b 5e cc 02 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 36 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 40 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 00 01 00 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 00 01 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 00 02 00 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 00 02 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | adding 4 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 168 | emitting length of ISAKMP Message: 196 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 68 0f a9 6d ad 29 c0 4e | data before encryption: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c | 02 00 00 00 65 61 73 74 21 00 00 1c 02 00 00 00 | 5b 20 cb 3d 68 01 ad 02 5d 45 a0 70 fa 7e a4 84 | 26 2f b3 3a 2c 00 00 28 00 00 00 24 01 03 04 03 | 2b 5e cc 02 03 00 00 08 01 00 00 03 03 00 00 08 | 03 00 00 02 00 00 00 08 05 00 00 00 2d 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 01 00 | c0 00 01 ff 00 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 02 00 c0 00 02 ff 00 01 02 03 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | data after encryption: | 43 78 c7 38 1c 54 6e 5d 71 13 1d 24 f1 cd 3d bf | 8b 77 d6 ae 3f 8e 2c 9c 5c f1 d0 b7 1b d2 54 7d | b2 12 b0 4a ec 9f b7 21 5e 1b c4 34 0f d6 4d b0 | f7 f2 26 e3 68 a5 4b ae 48 2e 15 12 e0 b2 f8 e1 | a5 c0 de ff 52 c1 ce 1a 77 33 b0 32 94 d0 af d3 | c9 79 8b ee 2a 60 5d 70 a1 46 37 e9 17 bb 3d 53 | 68 0e b2 4b f4 0a d4 53 2a f7 d7 10 b3 eb 34 1d | 61 7a 40 d6 cc 2c be 2f f2 53 02 60 64 eb 7d 50 | 9c ea d0 ae d9 db 28 0e ec db 8c fc 9f 5c 75 1a | hmac PRF sha init symkey-key@0x556c5075ae20 (size 20) | hmac: symkey-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a198 | result: clone-key@0x556c5074d280 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x556c50750530 from symkey-key@0x556c5074d280 | hmac prf: begin sha with context 0x556c50750530 from symkey-key@0x556c5074d280 | hmac: release clone-key@0x556c5074d280 | hmac PRF sha crypt-prf@0x556c507714b0 | hmac PRF sha update data-bytes@0x556c4f7f0940 (length 184) | 33 49 c1 46 bb a8 9f 78 15 53 a3 f9 4d 5f fc 5b | 2e 20 23 08 00 00 00 01 00 00 00 c4 23 00 00 a8 | 68 0f a9 6d ad 29 c0 4e 43 78 c7 38 1c 54 6e 5d | 71 13 1d 24 f1 cd 3d bf 8b 77 d6 ae 3f 8e 2c 9c | 5c f1 d0 b7 1b d2 54 7d b2 12 b0 4a ec 9f b7 21 | 5e 1b c4 34 0f d6 4d b0 f7 f2 26 e3 68 a5 4b ae | 48 2e 15 12 e0 b2 f8 e1 a5 c0 de ff 52 c1 ce 1a | 77 33 b0 32 94 d0 af d3 c9 79 8b ee 2a 60 5d 70 | a1 46 37 e9 17 bb 3d 53 68 0e b2 4b f4 0a d4 53 | 2a f7 d7 10 b3 eb 34 1d 61 7a 40 d6 cc 2c be 2f | f2 53 02 60 64 eb 7d 50 9c ea d0 ae d9 db 28 0e | ec db 8c fc 9f 5c 75 1a | hmac PRF sha final-bytes@0x556c4f7f09f8 (length 20) | ba c7 84 f5 41 71 4f 89 88 2e 7d 89 3b e5 e8 0d | c4 08 06 e1 | data being hmac: 33 49 c1 46 bb a8 9f 78 15 53 a3 f9 4d 5f fc 5b | data being hmac: 2e 20 23 08 00 00 00 01 00 00 00 c4 23 00 00 a8 | data being hmac: 68 0f a9 6d ad 29 c0 4e 43 78 c7 38 1c 54 6e 5d | data being hmac: 71 13 1d 24 f1 cd 3d bf 8b 77 d6 ae 3f 8e 2c 9c | data being hmac: 5c f1 d0 b7 1b d2 54 7d b2 12 b0 4a ec 9f b7 21 | data being hmac: 5e 1b c4 34 0f d6 4d b0 f7 f2 26 e3 68 a5 4b ae | data being hmac: 48 2e 15 12 e0 b2 f8 e1 a5 c0 de ff 52 c1 ce 1a | data being hmac: 77 33 b0 32 94 d0 af d3 c9 79 8b ee 2a 60 5d 70 | data being hmac: a1 46 37 e9 17 bb 3d 53 68 0e b2 4b f4 0a d4 53 | data being hmac: 2a f7 d7 10 b3 eb 34 1d 61 7a 40 d6 cc 2c be 2f | data being hmac: f2 53 02 60 64 eb 7d 50 9c ea d0 ae d9 db 28 0e | data being hmac: ec db 8c fc 9f 5c 75 1a | out calculated auth: | ba c7 84 f5 41 71 4f 89 88 2e 7d 89 | suspend processing: state #19 connection "3des" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | start processing: state #20 connection "3des" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #20 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 | child state #20: UNDEFINED(ignore) => PARENT_I2(open IKE SA) | Message ID: updating counters for #20 to 0 after switching state | Message ID: recv #19.#20 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 | Message ID: sent #19.#20 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 "3des" #20: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=3DES_CBC_192 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP2048} | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 196 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #19) | 33 49 c1 46 bb a8 9f 78 15 53 a3 f9 4d 5f fc 5b | 2e 20 23 08 00 00 00 01 00 00 00 c4 23 00 00 a8 | 68 0f a9 6d ad 29 c0 4e 43 78 c7 38 1c 54 6e 5d | 71 13 1d 24 f1 cd 3d bf 8b 77 d6 ae 3f 8e 2c 9c | 5c f1 d0 b7 1b d2 54 7d b2 12 b0 4a ec 9f b7 21 | 5e 1b c4 34 0f d6 4d b0 f7 f2 26 e3 68 a5 4b ae | 48 2e 15 12 e0 b2 f8 e1 a5 c0 de ff 52 c1 ce 1a | 77 33 b0 32 94 d0 af d3 c9 79 8b ee 2a 60 5d 70 | a1 46 37 e9 17 bb 3d 53 68 0e b2 4b f4 0a d4 53 | 2a f7 d7 10 b3 eb 34 1d 61 7a 40 d6 cc 2c be 2f | f2 53 02 60 64 eb 7d 50 9c ea d0 ae d9 db 28 0e | ec db 8c fc 9f 5c 75 1a ba c7 84 f5 41 71 4f 89 | 88 2e 7d 89 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms "3des" #20: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x7f455c001560 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #20 | libevent_malloc: new ptr-libevent@0x7f4554006560 size 128 | #20 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49498.855992 | resume sending helper answer for #19 suppresed complete_v2_state_transition() | #19 spent 0.914 milliseconds in resume sending helper answer | stop processing: state #20 connection "3des" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f45500068c0 | spent 0.00289 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 188 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 33 49 c1 46 bb a8 9f 78 15 53 a3 f9 4d 5f fc 5b | 2e 20 23 20 00 00 00 01 00 00 00 bc 24 00 00 a0 | 37 90 c8 35 70 93 15 22 0b 3f 0d 03 0c 59 bd 71 | d6 05 1f 4e 86 df 05 0a 32 d2 1d 14 21 ea b4 97 | 33 61 7f b0 83 6e 73 2b a3 f8 ba 16 04 18 0a 75 | ea f0 11 42 47 93 f1 23 99 06 c4 20 42 79 8e 40 | 11 ef 47 af c3 34 d5 e2 d1 ac a7 e9 42 16 69 62 | 3b 39 94 23 6f d7 87 db 66 c8 53 b8 a5 1f 4c 56 | f8 cd c7 6b bf 3e b3 4e af 6f a6 e5 ff 02 47 16 | a0 6a c0 e6 80 2a ae f2 97 b2 a3 54 14 d4 ed 21 | c9 2c e2 a3 82 4e ef 0d ac bf 6d 3a 58 1d cc 4e | ef 22 a4 9a eb 56 ca bc 3d 21 53 a4 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 33 49 c1 46 bb a8 9f 78 | responder cookie: | 15 53 a3 f9 4d 5f fc 5b | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | length: 188 (0xbc) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response | State DB: found IKEv2 state #19 in PARENT_I2 (find_v2_ike_sa) | start processing: state #19 connection "3des" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: found IKEv2 state #20 in PARENT_I2 (find_v2_sa_by_initiator_wip) | suspend processing: state #19 connection "3des" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | start processing: state #20 connection "3des" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #20 is idle | #20 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDr (0x24) | flags: none (0x0) | length: 160 (0xa0) | processing payload: ISAKMP_NEXT_v2SK (len=156) | #20 in state PARENT_I2: sent v2I2, expected v2R2 | hmac PRF sha init symkey-key@0x556c507543d0 (size 20) | hmac: symkey-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a0b8 | result: clone-key@0x556c5074d280 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x556c50750530 from symkey-key@0x556c5074d280 | hmac prf: begin sha with context 0x556c50750530 from symkey-key@0x556c5074d280 | hmac: release clone-key@0x556c5074d280 | hmac PRF sha crypt-prf@0x556c5076aef0 | hmac PRF sha update data-bytes@0x556c506e85e0 (length 176) | 33 49 c1 46 bb a8 9f 78 15 53 a3 f9 4d 5f fc 5b | 2e 20 23 20 00 00 00 01 00 00 00 bc 24 00 00 a0 | 37 90 c8 35 70 93 15 22 0b 3f 0d 03 0c 59 bd 71 | d6 05 1f 4e 86 df 05 0a 32 d2 1d 14 21 ea b4 97 | 33 61 7f b0 83 6e 73 2b a3 f8 ba 16 04 18 0a 75 | ea f0 11 42 47 93 f1 23 99 06 c4 20 42 79 8e 40 | 11 ef 47 af c3 34 d5 e2 d1 ac a7 e9 42 16 69 62 | 3b 39 94 23 6f d7 87 db 66 c8 53 b8 a5 1f 4c 56 | f8 cd c7 6b bf 3e b3 4e af 6f a6 e5 ff 02 47 16 | a0 6a c0 e6 80 2a ae f2 97 b2 a3 54 14 d4 ed 21 | c9 2c e2 a3 82 4e ef 0d ac bf 6d 3a 58 1d cc 4e | hmac PRF sha final-bytes@0x7ffdc298a280 (length 20) | ef 22 a4 9a eb 56 ca bc 3d 21 53 a4 c0 ff ee be | 88 f8 e6 75 | data for hmac: 33 49 c1 46 bb a8 9f 78 15 53 a3 f9 4d 5f fc 5b | data for hmac: 2e 20 23 20 00 00 00 01 00 00 00 bc 24 00 00 a0 | data for hmac: 37 90 c8 35 70 93 15 22 0b 3f 0d 03 0c 59 bd 71 | data for hmac: d6 05 1f 4e 86 df 05 0a 32 d2 1d 14 21 ea b4 97 | data for hmac: 33 61 7f b0 83 6e 73 2b a3 f8 ba 16 04 18 0a 75 | data for hmac: ea f0 11 42 47 93 f1 23 99 06 c4 20 42 79 8e 40 | data for hmac: 11 ef 47 af c3 34 d5 e2 d1 ac a7 e9 42 16 69 62 | data for hmac: 3b 39 94 23 6f d7 87 db 66 c8 53 b8 a5 1f 4c 56 | data for hmac: f8 cd c7 6b bf 3e b3 4e af 6f a6 e5 ff 02 47 16 | data for hmac: a0 6a c0 e6 80 2a ae f2 97 b2 a3 54 14 d4 ed 21 | data for hmac: c9 2c e2 a3 82 4e ef 0d ac bf 6d 3a 58 1d cc 4e | calculated auth: ef 22 a4 9a eb 56 ca bc 3d 21 53 a4 | provided auth: ef 22 a4 9a eb 56 ca bc 3d 21 53 a4 | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | 37 90 c8 35 70 93 15 22 | payload before decryption: | 0b 3f 0d 03 0c 59 bd 71 d6 05 1f 4e 86 df 05 0a | 32 d2 1d 14 21 ea b4 97 33 61 7f b0 83 6e 73 2b | a3 f8 ba 16 04 18 0a 75 ea f0 11 42 47 93 f1 23 | 99 06 c4 20 42 79 8e 40 11 ef 47 af c3 34 d5 e2 | d1 ac a7 e9 42 16 69 62 3b 39 94 23 6f d7 87 db | 66 c8 53 b8 a5 1f 4c 56 f8 cd c7 6b bf 3e b3 4e | af 6f a6 e5 ff 02 47 16 a0 6a c0 e6 80 2a ae f2 | 97 b2 a3 54 14 d4 ed 21 c9 2c e2 a3 82 4e ef 0d | ac bf 6d 3a 58 1d cc 4e | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | payload after decryption: | 27 00 00 0c 02 00 00 00 65 61 73 74 21 00 00 1c | 02 00 00 00 e4 88 94 af ad bd 48 20 fa d8 bb 9d | 42 ba b5 ca 88 3b c5 2e 2c 00 00 28 00 00 00 24 | 01 03 04 03 92 d9 e9 c2 03 00 00 08 01 00 00 03 | 03 00 00 08 03 00 00 02 00 00 00 08 05 00 00 00 | 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff | c0 00 01 00 c0 00 01 ff 00 00 00 18 01 00 00 00 | 07 00 00 10 00 00 ff ff c0 00 02 00 c0 00 02 ff | 00 01 02 03 04 05 06 07 | stripping 8 octets as pad | #20 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) | **parse IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDr (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) | **parse IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | length: 28 (0x1c) | auth method: IKEv2_AUTH_SHARED (0x2) | processing payload: ISAKMP_NEXT_v2AUTH (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | **parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) | flags: none (0x0) | length: 40 (0x28) | processing payload: ISAKMP_NEXT_v2SA (len=36) | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) | **parse IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSi (len=16) | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) | **parse IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSr (len=16) | selected state microcode Initiator: process IKE_AUTH response | Now let's proceed with state specific processing | calling processor Initiator: process IKE_AUTH response | offered CA: '%none' "3des" #20: IKEv2 mode peer ID is ID_FQDN: '@east' | hmac PRF sha init symkey-key@0x7f456000d640 (size 20) | hmac: symkey-key@0x7f456000d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f456000d640 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a1e8 | result: clone-key@0x556c5074d280 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x556c50750530 from symkey-key@0x556c5074d280 | hmac prf: begin sha with context 0x556c50750530 from symkey-key@0x556c5074d280 | hmac: release clone-key@0x556c5074d280 | hmac PRF sha crypt-prf@0x556c5076b4b0 | idhash auth R2 02 00 00 00 65 61 73 74 | hmac PRF sha update data-bytes@0x556c506e860c (length 8) | 02 00 00 00 65 61 73 74 | hmac PRF sha final-bytes@0x7ffdc298a340 (length 20) | 03 79 cd e6 d2 a8 81 80 a8 11 61 16 f0 1f bd 70 | bd 46 f8 25 | verifying AUTH payload | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to verify PSK with authby=secret | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_PSK | 1: compared key @east to @west / @east -> 004 | 2: compared key @west to @west / @east -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x556c5075d550 (line=1) | concluding with best_match=014 best=0x556c5075d550 (lineno=1) | inputs to hash1 (first packet) | 33 49 c1 46 bb a8 9f 78 15 53 a3 f9 4d 5f fc 5b | 21 20 22 20 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | af 4b cd bd 95 71 09 ef 61 a3 ce d1 2f a9 9c 72 | e2 54 45 19 47 e2 3a 57 02 90 03 ee 8f 47 5d 18 | d4 24 c3 15 18 e7 29 6c 4c b5 16 a4 3d 77 99 ba | b4 69 71 56 37 c4 53 e1 43 85 13 05 37 1c b4 76 | 3f 4f 83 6b 2d d2 49 3e 1e e4 c1 27 b2 f3 7e 21 | b1 61 df 24 b8 f5 eb 68 b4 c4 9f a5 09 ad 2c 17 | 64 a0 b6 77 71 d4 68 c6 0b 9d 8f c5 7b a5 00 74 | da ba b1 ba ab f2 6f f8 96 eb 3c 0b 8a 91 3b 07 | 82 3f 37 c7 9b 7b e5 8a 1c 7e cd cb 46 07 26 7b | 9c 18 7a 51 c1 2a 16 0f 6d 35 9b 37 5c c5 66 80 | 5e 92 01 c9 58 a7 dd bc ba b5 5e 63 99 c1 e8 04 | b0 33 3b a1 82 13 5b 3e e8 64 b8 d5 31 bf 4f af | fb 26 55 09 9c c8 33 5f 49 44 0e 59 be 56 65 ee | 4b 18 15 5a c1 cc dd bb 7f c9 ac e7 f3 a5 d1 05 | f2 c1 70 b2 83 6c 4d 1d 28 d2 81 aa d5 12 86 ac | 73 bc 4e 0c 5f c4 11 11 ee aa 53 08 57 98 6c 94 | 29 00 00 24 3e 69 6a c0 55 c9 7f ce d9 8a 67 f4 | bb 26 3b 7d 35 17 65 ab 3c ba a5 b9 6e 92 98 4e | a7 3b 48 cc 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 82 cd 10 83 f7 65 05 84 cd ce 28 71 | 48 2a 9a 5c a4 42 89 25 00 00 00 1c 00 00 40 05 | f9 fd e3 80 2b ff 64 83 8b b8 e3 27 c2 5e 23 2b | b2 34 e1 a5 | verify: initiator inputs to hash2 (initiator nonce) | 6c 47 6e 5e b1 39 0d 54 47 38 98 23 68 19 fe 38 | b9 55 ad 39 24 53 8c 3b c4 36 17 f8 b7 60 dc 4d | idhash 03 79 cd e6 d2 a8 81 80 a8 11 61 16 f0 1f bd 70 | idhash bd 46 f8 25 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x556c50767d30 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc2989ff0 | result: shared secret-key@0x7f4568006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x7f4568006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc2989fd8 | result: shared secret-key@0x556c5074d280 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x7f4568006900 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x556c50750530 from shared secret-key@0x556c5074d280 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x556c50750530 from shared secret-key@0x556c5074d280 | = prf(,"Key Pad for IKEv2"): release clone-key@0x556c5074d280 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x556c5076aef0 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x556c4f784bb0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298a010 | result: final-key@0x7f4568006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f4568006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc2989ff8 | result: final-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f4568006900 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x556c5074d280 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x556c5074d280 (size 20) | = prf(, ): -key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a008 | result: clone-key@0x7f4568006900 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x556c50750530 from -key@0x7f4568006900 | = prf(, ) prf: begin sha with context 0x556c50750530 from -key@0x7f4568006900 | = prf(, ): release clone-key@0x7f4568006900 | = prf(, ) PRF sha crypt-prf@0x556c5076a920 | = prf(, ) PRF sha update first-packet-bytes@0x556c5076ac80 (length 436) | 33 49 c1 46 bb a8 9f 78 15 53 a3 f9 4d 5f fc 5b | 21 20 22 20 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | af 4b cd bd 95 71 09 ef 61 a3 ce d1 2f a9 9c 72 | e2 54 45 19 47 e2 3a 57 02 90 03 ee 8f 47 5d 18 | d4 24 c3 15 18 e7 29 6c 4c b5 16 a4 3d 77 99 ba | b4 69 71 56 37 c4 53 e1 43 85 13 05 37 1c b4 76 | 3f 4f 83 6b 2d d2 49 3e 1e e4 c1 27 b2 f3 7e 21 | b1 61 df 24 b8 f5 eb 68 b4 c4 9f a5 09 ad 2c 17 | 64 a0 b6 77 71 d4 68 c6 0b 9d 8f c5 7b a5 00 74 | da ba b1 ba ab f2 6f f8 96 eb 3c 0b 8a 91 3b 07 | 82 3f 37 c7 9b 7b e5 8a 1c 7e cd cb 46 07 26 7b | 9c 18 7a 51 c1 2a 16 0f 6d 35 9b 37 5c c5 66 80 | 5e 92 01 c9 58 a7 dd bc ba b5 5e 63 99 c1 e8 04 | b0 33 3b a1 82 13 5b 3e e8 64 b8 d5 31 bf 4f af | fb 26 55 09 9c c8 33 5f 49 44 0e 59 be 56 65 ee | 4b 18 15 5a c1 cc dd bb 7f c9 ac e7 f3 a5 d1 05 | f2 c1 70 b2 83 6c 4d 1d 28 d2 81 aa d5 12 86 ac | 73 bc 4e 0c 5f c4 11 11 ee aa 53 08 57 98 6c 94 | 29 00 00 24 3e 69 6a c0 55 c9 7f ce d9 8a 67 f4 | bb 26 3b 7d 35 17 65 ab 3c ba a5 b9 6e 92 98 4e | a7 3b 48 cc 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 82 cd 10 83 f7 65 05 84 cd ce 28 71 | 48 2a 9a 5c a4 42 89 25 00 00 00 1c 00 00 40 05 | f9 fd e3 80 2b ff 64 83 8b b8 e3 27 c2 5e 23 2b | b2 34 e1 a5 | = prf(, ) PRF sha update nonce-bytes@0x7f455c0010b0 (length 32) | 6c 47 6e 5e b1 39 0d 54 47 38 98 23 68 19 fe 38 | b9 55 ad 39 24 53 8c 3b c4 36 17 f8 b7 60 dc 4d | = prf(, ) PRF sha update hash-bytes@0x7ffdc298a340 (length 20) | 03 79 cd e6 d2 a8 81 80 a8 11 61 16 f0 1f bd 70 | bd 46 f8 25 | = prf(, ) PRF sha final-chunk@0x556c5076b4b0 (length 20) | e4 88 94 af ad bd 48 20 fa d8 bb 9d 42 ba b5 ca | 88 3b c5 2e | psk_auth: release prf-psk-key@0x556c5074d280 | Received PSK auth octets | e4 88 94 af ad bd 48 20 fa d8 bb 9d 42 ba b5 ca | 88 3b c5 2e | Calculated PSK auth octets | e4 88 94 af ad bd 48 20 fa d8 bb 9d 42 ba b5 ca | 88 3b c5 2e "3des" #20: Authenticated using authby=secret | parent state #19: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) | #19 will start re-keying in 2879 seconds with margin of 721 seconds (attempting re-key) | state #19 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x7f455c0016a0 | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f4558001560 | event_schedule: new EVENT_SA_REKEY-pe@0x7f4558001560 | inserting event EVENT_SA_REKEY, timeout in 2879 seconds for #19 | libevent_malloc: new ptr-libevent@0x7f455c0016a0 size 128 | pstats #19 ikev2.ike established | TSi: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 01 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 01 ff | TSi: parsed 1 traffic selectors | TSr: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 02 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 02 ff | TSr: parsed 1 traffic selectors | evaluating our conn="3des" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | found an acceptable TSi/TSr Traffic Selector | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV6_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.1.0-192.0.1.255 | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV6_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.2.0-192.0.2.255 | using existing local ESP/AH proposals for 3des (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 1 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 0 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 1 transforms | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH | ***parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 36 (0x24) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI | remote SPI 92 d9 e9 c2 | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 1 local proposals | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | remote proposal 1 transform 0 (ENCR=3DES) matches local proposal 1 type 1 (ENCR) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;ESN=DISABLED[first-match] | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=92d9e9c2;ENCR=3DES;INTEG=HMAC_SHA1_96;ESN=DISABLED | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: 3DES=3, found 3DES_CBC | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: NONE=0, found NONE | integ=sha: .key_size=20 encrypt=3des_cbc: .key_size=24 .salt_size=0 keymat_len=44 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298a0f0 | result: data=Ni-key@0x7f4568006900 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x7f4568006900 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a0d8 | result: data=Ni-key@0x556c5074d280 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x7f4568006900 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c5074d280 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffdc298a0e0 | result: data+=Nr-key@0x7f4568006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x556c5074d280 | prf+0 PRF sha init key-key@0x556c50757800 (size 20) | prf+0: key-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a008 | result: clone-key@0x556c5074d280 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x556c50750530 from key-key@0x556c5074d280 | prf+0 prf: begin sha with context 0x556c50750530 from key-key@0x556c5074d280 | prf+0: release clone-key@0x556c5074d280 | prf+0 PRF sha crypt-prf@0x556c507714b0 | prf+0 PRF sha update seed-key@0x7f4568006900 (size 64) | prf+0: seed-key@0x7f4568006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f4568006900 | nss hmac digest hack: symkey-key@0x7f4568006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1030185904: ffffffd5 70 ffffffd3 ffffffd6 13 ffffffd6 2d ffffffc4 0b 4e 01 fffffff7 3b ffffffe9 6e 04 ffffffae 18 6a ffffff92 0f 14 fffffff5 7c 14 4c 6d 4c ffffffe2 7f 6b ffffffd9 1d ffffffb0 5c 49 66 30 ffffff9d 30 ffffffd1 4e ffffffa9 02 fffffff6 5c ffffffc3 ffffff91 ffffffec ffffffa5 ffffffc2 40 46 ffffff94 4e 2f ffffffef ffffffa1 ffffff97 ffffffff 49 ffffffc6 38 28 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 64 bytes at 0x556c50772ef0 | unwrapped: 6c 47 6e 5e b1 39 0d 54 47 38 98 23 68 19 fe 38 | unwrapped: b9 55 ad 39 24 53 8c 3b c4 36 17 f8 b7 60 dc 4d | unwrapped: 3e 69 6a c0 55 c9 7f ce d9 8a 67 f4 bb 26 3b 7d | unwrapped: 35 17 65 ab 3c ba a5 b9 6e 92 98 4e a7 3b 48 cc | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298a010 | result: final-key@0x7f456000eec0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f456000eec0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc2989ff8 | result: final-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f456000eec0 | prf+0 PRF sha final-key@0x556c5074d280 (size 20) | prf+0: key-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x556c5074d280 | prf+N PRF sha init key-key@0x556c50757800 (size 20) | prf+N: key-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a008 | result: clone-key@0x7f456000eec0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x556c50750530 from key-key@0x7f456000eec0 | prf+N prf: begin sha with context 0x556c50750530 from key-key@0x7f456000eec0 | prf+N: release clone-key@0x7f456000eec0 | prf+N PRF sha crypt-prf@0x556c5076aef0 | prf+N PRF sha update old_t-key@0x556c5074d280 (size 20) | prf+N: old_t-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x556c5074d280 | nss hmac digest hack: symkey-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1030185904: ffffff8b ffffff92 ffffffdc 72 00 6a 13 ffffffe0 49 07 ffffff8d 7e 22 0c 18 ffffffa1 21 ffffffe6 ffffff82 4f 5c 3d 60 0e fffffff9 50 ffffff95 ffffff8a fffffff9 1b ffffffda ffffff8c | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x556c50771510 | unwrapped: 18 36 c2 a7 61 97 e6 5e d4 fe f9 f1 8a d7 e9 19 | unwrapped: c7 fb 6b 4c 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f4568006900 (size 64) | prf+N: seed-key@0x7f4568006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f4568006900 | nss hmac digest hack: symkey-key@0x7f4568006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1030185904: ffffffd5 70 ffffffd3 ffffffd6 13 ffffffd6 2d ffffffc4 0b 4e 01 fffffff7 3b ffffffe9 6e 04 ffffffae 18 6a ffffff92 0f 14 fffffff5 7c 14 4c 6d 4c ffffffe2 7f 6b ffffffd9 1d ffffffb0 5c 49 66 30 ffffff9d 30 ffffffd1 4e ffffffa9 02 fffffff6 5c ffffffc3 ffffff91 ffffffec ffffffa5 ffffffc2 40 46 ffffff94 4e 2f ffffffef ffffffa1 ffffff97 ffffffff 49 ffffffc6 38 28 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 64 bytes at 0x556c5076d400 | unwrapped: 6c 47 6e 5e b1 39 0d 54 47 38 98 23 68 19 fe 38 | unwrapped: b9 55 ad 39 24 53 8c 3b c4 36 17 f8 b7 60 dc 4d | unwrapped: 3e 69 6a c0 55 c9 7f ce d9 8a 67 f4 bb 26 3b 7d | unwrapped: 35 17 65 ab 3c ba a5 b9 6e 92 98 4e a7 3b 48 cc | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298a010 | result: final-key@0x556c507594c0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c507594c0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc2989ff8 | result: final-key@0x7f456000eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c507594c0 | prf+N PRF sha final-key@0x7f456000eec0 (size 20) | prf+N: key-key@0x7f456000eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffdc298a088 | result: result-key@0x556c507594c0 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x556c5074d280 | prfplus: release old_t[N]-key@0x556c5074d280 | prf+N PRF sha init key-key@0x556c50757800 (size 20) | prf+N: key-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a008 | result: clone-key@0x556c5074d280 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x556c50750530 from key-key@0x556c5074d280 | prf+N prf: begin sha with context 0x556c50750530 from key-key@0x556c5074d280 | prf+N: release clone-key@0x556c5074d280 | prf+N PRF sha crypt-prf@0x556c5076a920 | prf+N PRF sha update old_t-key@0x7f456000eec0 (size 20) | prf+N: old_t-key@0x7f456000eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f456000eec0 | nss hmac digest hack: symkey-key@0x7f456000eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1030185904: 13 17 ffffffb7 ffffffbc ffffff84 ffffffc4 77 ffffffd6 ffffff93 ffffff99 53 40 ffffffb5 ffffff99 ffffffe6 18 ffffff8c 1a 4c 4d ffffffce 06 0c 6c 33 0e ffffffac 27 ffffff9c 69 fffffff4 ffffffb7 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x556c507731a0 | unwrapped: e2 c2 6f f3 8c 13 3a b5 c0 88 7e 36 c4 e2 ba 3e | unwrapped: f9 4c 28 96 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f4568006900 (size 64) | prf+N: seed-key@0x7f4568006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f4568006900 | nss hmac digest hack: symkey-key@0x7f4568006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1030185904: ffffffd5 70 ffffffd3 ffffffd6 13 ffffffd6 2d ffffffc4 0b 4e 01 fffffff7 3b ffffffe9 6e 04 ffffffae 18 6a ffffff92 0f 14 fffffff5 7c 14 4c 6d 4c ffffffe2 7f 6b ffffffd9 1d ffffffb0 5c 49 66 30 ffffff9d 30 ffffffd1 4e ffffffa9 02 fffffff6 5c ffffffc3 ffffff91 ffffffec ffffffa5 ffffffc2 40 46 ffffff94 4e 2f ffffffef ffffffa1 ffffff97 ffffffff 49 ffffffc6 38 28 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 64 bytes at 0x556c5076d4a0 | unwrapped: 6c 47 6e 5e b1 39 0d 54 47 38 98 23 68 19 fe 38 | unwrapped: b9 55 ad 39 24 53 8c 3b c4 36 17 f8 b7 60 dc 4d | unwrapped: 3e 69 6a c0 55 c9 7f ce d9 8a 67 f4 bb 26 3b 7d | unwrapped: 35 17 65 ab 3c ba a5 b9 6e 92 98 4e a7 3b 48 cc | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298a010 | result: final-key@0x556c50771420 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c50771420 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc2989ff8 | result: final-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c50771420 | prf+N PRF sha final-key@0x556c5074d280 (size 20) | prf+N: key-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c507594c0 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffdc298a088 | result: result-key@0x556c50771420 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x556c507594c0 | prfplus: release old_t[N]-key@0x7f456000eec0 | prf+N PRF sha init key-key@0x556c50757800 (size 20) | prf+N: key-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a008 | result: clone-key@0x7f456000eec0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x556c50750530 from key-key@0x7f456000eec0 | prf+N prf: begin sha with context 0x556c50750530 from key-key@0x7f456000eec0 | prf+N: release clone-key@0x7f456000eec0 | prf+N PRF sha crypt-prf@0x556c5076aef0 | prf+N PRF sha update old_t-key@0x556c5074d280 (size 20) | prf+N: old_t-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x556c5074d280 | nss hmac digest hack: symkey-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1030185904: ffffff8d 75 72 33 ffffffec 1d 2c ffffffc4 1d fffffff9 0d ffffffb3 ffffffa8 ffffffcd 7c ffffffbd ffffffd7 71 ffffff80 63 4d 3b ffffffdd ffffffc6 06 fffffffe ffffff8b fffffff3 ffffffea 6b ffffffc9 29 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x556c5076d210 | unwrapped: 3f 19 a8 83 0f 25 e9 20 7c 07 2a cd 0c b9 ed 79 | unwrapped: c2 98 9a 9b 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f4568006900 (size 64) | prf+N: seed-key@0x7f4568006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f4568006900 | nss hmac digest hack: symkey-key@0x7f4568006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1030185904: ffffffd5 70 ffffffd3 ffffffd6 13 ffffffd6 2d ffffffc4 0b 4e 01 fffffff7 3b ffffffe9 6e 04 ffffffae 18 6a ffffff92 0f 14 fffffff5 7c 14 4c 6d 4c ffffffe2 7f 6b ffffffd9 1d ffffffb0 5c 49 66 30 ffffff9d 30 ffffffd1 4e ffffffa9 02 fffffff6 5c ffffffc3 ffffff91 ffffffec ffffffa5 ffffffc2 40 46 ffffff94 4e 2f ffffffef ffffffa1 ffffff97 ffffffff 49 ffffffc6 38 28 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 64 bytes at 0x556c5076d240 | unwrapped: 6c 47 6e 5e b1 39 0d 54 47 38 98 23 68 19 fe 38 | unwrapped: b9 55 ad 39 24 53 8c 3b c4 36 17 f8 b7 60 dc 4d | unwrapped: 3e 69 6a c0 55 c9 7f ce d9 8a 67 f4 bb 26 3b 7d | unwrapped: 35 17 65 ab 3c ba a5 b9 6e 92 98 4e a7 3b 48 cc | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298a010 | result: final-key@0x556c507594c0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c507594c0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc2989ff8 | result: final-key@0x7f456000eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c507594c0 | prf+N PRF sha final-key@0x7f456000eec0 (size 20) | prf+N: key-key@0x7f456000eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c50771420 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffdc298a088 | result: result-key@0x556c507594c0 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x556c50771420 | prfplus: release old_t[N]-key@0x556c5074d280 | prf+N PRF sha init key-key@0x556c50757800 (size 20) | prf+N: key-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c50757800 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a008 | result: clone-key@0x556c5074d280 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x556c50750530 from key-key@0x556c5074d280 | prf+N prf: begin sha with context 0x556c50750530 from key-key@0x556c5074d280 | prf+N: release clone-key@0x556c5074d280 | prf+N PRF sha crypt-prf@0x556c5076a920 | prf+N PRF sha update old_t-key@0x7f456000eec0 (size 20) | prf+N: old_t-key@0x7f456000eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x7f456000eec0 | nss hmac digest hack: symkey-key@0x7f456000eec0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1030185904: 1f ffffffa6 ffffffbc 70 7b 64 ffffffd7 2f 30 ffffff9f 05 39 54 ffffffc9 ffffffdf ffffff8c 4f ffffff82 ffffffa5 ffffff86 ffffffc8 47 0f 07 78 ffffffce 60 20 fffffff6 ffffffe5 6a ffffff8a | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x556c5076d210 | unwrapped: 1e ed 93 85 51 55 a0 2b f0 45 ef ed cd b5 4f f0 | unwrapped: e2 4c 5e 99 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f4568006900 (size 64) | prf+N: seed-key@0x7f4568006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f4568006900 | nss hmac digest hack: symkey-key@0x7f4568006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1030185904: ffffffd5 70 ffffffd3 ffffffd6 13 ffffffd6 2d ffffffc4 0b 4e 01 fffffff7 3b ffffffe9 6e 04 ffffffae 18 6a ffffff92 0f 14 fffffff5 7c 14 4c 6d 4c ffffffe2 7f 6b ffffffd9 1d ffffffb0 5c 49 66 30 ffffff9d 30 ffffffd1 4e ffffffa9 02 fffffff6 5c ffffffc3 ffffff91 ffffffec ffffffa5 ffffffc2 40 46 ffffff94 4e 2f ffffffef ffffffa1 ffffff97 ffffffff 49 ffffffc6 38 28 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 64 bytes at 0x556c50768610 | unwrapped: 6c 47 6e 5e b1 39 0d 54 47 38 98 23 68 19 fe 38 | unwrapped: b9 55 ad 39 24 53 8c 3b c4 36 17 f8 b7 60 dc 4d | unwrapped: 3e 69 6a c0 55 c9 7f ce d9 8a 67 f4 bb 26 3b 7d | unwrapped: 35 17 65 ab 3c ba a5 b9 6e 92 98 4e a7 3b 48 cc | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298a010 | result: final-key@0x556c50771420 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c50771420 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc2989ff8 | result: final-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c50771420 | prf+N PRF sha final-key@0x556c5074d280 (size 20) | prf+N: key-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c507594c0 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffdc298a088 | result: result-key@0x556c50771420 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x556c507594c0 | prfplus: release old_t[N]-key@0x7f456000eec0 | prfplus: release old_t[final]-key@0x556c5074d280 | child_sa_keymat: release data-key@0x7f4568006900 | key-offset: 0, key-size: 44 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 44-bytes | base: base-key@0x556c50771420 (100-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a168 | result: result-key@0x7f4568006900 (44-bytes, EXTRACT_KEY_FROM_KEY) | initiator to responder keys extracting all 44 bytes of key@0x7f4568006900 | initiator to responder keys: symkey-key@0x7f4568006900 (44-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | initiator to responder keys: new slot-key@0x556c50750fd0 (44-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)540632166: ffffff8b ffffff92 ffffffdc 72 00 6a 13 ffffffe0 49 07 ffffff8d 7e 22 0c 18 ffffffa1 ffffffb7 ffffffe6 ffffff86 ffffffcf ffffff81 15 ffffffbe ffffffdb 44 ffffff9e ffffffac ffffffd1 23 ffffffc2 ffffffb9 ffffff99 57 70 ffffffbb ffffffaf ffffffcf fffffff5 3f 42 ffffffdc ffffff8b 67 0d ffffff85 29 5e ffffff80 | initiator to responder keys: release slot-key-key@0x556c50750fd0 | initiator to responder keys extracted len 48 bytes at 0x556c5076e6d0 | unwrapped: 18 36 c2 a7 61 97 e6 5e d4 fe f9 f1 8a d7 e9 19 | unwrapped: c7 fb 6b 4c e2 c2 6f f3 8c 13 3a b5 c0 88 7e 36 | unwrapped: c4 e2 ba 3e f9 4c 28 96 3f 19 a8 83 00 00 00 00 | ikev2_derive_child_keys: release ikey-key@0x7f4568006900 | key-offset: 44, key-size: 44 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 44-bytes | base: base-key@0x556c50771420 (100-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a168 | result: result-key@0x7f4568006900 (44-bytes, EXTRACT_KEY_FROM_KEY) | responder to initiator keys: extracting all 44 bytes of key@0x7f4568006900 | responder to initiator keys:: symkey-key@0x7f4568006900 (44-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | responder to initiator keys:: new slot-key@0x556c50750fd0 (44-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)540632166: fffffff6 ffffff9e ffffff99 04 ffffffbe ffffff86 ffffffde ffffff92 ffffffaf fffffffe ffffffee fffffff4 ffffffb0 ffffffc2 ffffffe6 39 1f ffffffa6 ffffffbc 70 7b 64 ffffffd7 2f 30 ffffff9f 05 39 54 ffffffc9 ffffffdf ffffff8c 0b ffffffa2 ffffffec 04 0b 12 2f ffffffae ffffff9f 5f ffffffc7 3a ffffffa7 ffffffc8 37 01 | responder to initiator keys:: release slot-key-key@0x556c50750fd0 | responder to initiator keys: extracted len 48 bytes at 0x556c5076e710 | unwrapped: 0f 25 e9 20 7c 07 2a cd 0c b9 ed 79 c2 98 9a 9b | unwrapped: 1e ed 93 85 51 55 a0 2b f0 45 ef ed cd b5 4f f0 | unwrapped: e2 4c 5e 99 f2 99 d6 b1 e1 83 40 0d 00 00 00 00 | ikev2_derive_child_keys: release rkey-key@0x7f4568006900 | ikev2_derive_child_keys: release keymat-key@0x556c50771420 | #19 spent 2.43 milliseconds | install_ipsec_sa() for #20: inbound and outbound | could_route called for 3des (kind=CK_PERMANENT) | FOR_EACH_CONNECTION_... in route_owner | conn 3des mark 0/00000000, 0/00000000 vs | conn 3des mark 0/00000000, 0/00000000 | route owner of "3des" unrouted: NULL; eroute owner: NULL | looking for alg with encrypt: 3DES_CBC keylen: 192 integ: HMAC_SHA1_96 | encrypt 3DES_CBC keylen=192 transid=3, key_size=24, encryptalg=3 | st->st_esp.keymat_len=44 is encrypt_keymat_size=24 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection '3des' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.92d9e9c2@192.1.2.23 included non-error error | set up outgoing SA, ref=0/0 | looking for alg with encrypt: 3DES_CBC keylen: 192 integ: HMAC_SHA1_96 | encrypt 3DES_CBC keylen=192 transid=3, key_size=24, encryptalg=3 | st->st_esp.keymat_len=44 is encrypt_keymat_size=24 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection '3des' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.2b5ecc02@192.1.2.45 included non-error error | priority calculation of connection "3des" is 0xfe7e7 | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.10000@192.1.2.45 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | set up incoming SA, ref=0/0 | sr for #20: unrouted | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn 3des mark 0/00000000, 0/00000000 vs | conn 3des mark 0/00000000, 0/00000000 | route owner of "3des" unrouted: NULL; eroute owner: NULL | route_and_eroute with c: 3des (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #20 | priority calculation of connection "3des" is 0xfe7e7 | eroute_connection add eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | running updown command "ipsec _updown" for verb up | command executing up-client | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16424' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x92d9e9c2 SPI_OUT=0x | popen cmd is 1023 chars long | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTERFA: | cmd( 80):CE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' : | cmd( 160):PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_M: | cmd( 240):ASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1642: | cmd( 320):4' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_: | cmd( 400):CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK=': | cmd( 480):255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUT: | cmd( 560):O_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+: | cmd( 640):IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PL: | cmd( 720):UTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS: | cmd( 800):_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLU: | cmd( 880):TO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHAR: | cmd( 960):ED='no' SPI_IN=0x92d9e9c2 SPI_OUT=0x2b5ecc02 ipsec _updown 2>&1: | route_and_eroute: firewall_notified: true | running updown command "ipsec _updown" for verb prepare | command executing prepare-client | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16424' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x92d9e9c2 | popen cmd is 1028 chars long | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_IN: | cmd( 80):TERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@w: | cmd( 160):est' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLI: | cmd( 240):ENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=: | cmd( 320):'16424' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_: | cmd( 400):PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_M: | cmd( 480):ASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='': | cmd( 560): PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PF: | cmd( 640):S+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANEN: | cmd( 720):T' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEE: | cmd( 800):R_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0: | cmd( 880):' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI: | cmd( 960):_SHARED='no' SPI_IN=0x92d9e9c2 SPI_OUT=0x2b5ecc02 ipsec _updown 2>&1: | running updown command "ipsec _updown" for verb route | command executing route-client | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16424' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x92d9e9c2 SPI_ | popen cmd is 1026 chars long | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTE: | cmd( 80):RFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@wes: | cmd( 160):t' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIEN: | cmd( 240):T_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1: | cmd( 320):6424' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PE: | cmd( 400):ER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MAS: | cmd( 480):K='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' P: | cmd( 560):LUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+: | cmd( 640):UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT': | cmd( 720): PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_: | cmd( 800):DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' : | cmd( 880):PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_S: | cmd( 960):HARED='no' SPI_IN=0x92d9e9c2 SPI_OUT=0x2b5ecc02 ipsec _updown 2>&1: | route_and_eroute: instance "3des", setting eroute_owner {spd=0x556c50768e20,sr=0x556c50768e20} to #20 (was #0) (newest_ipsec_sa=#0) | #19 spent 0.941 milliseconds in install_ipsec_sa() | inR2: instance 3des[0], setting IKEv2 newest_ipsec_sa to #20 (was #0) (spd.eroute=#20) cloned from #19 | state #20 requesting EVENT_RETRANSMIT to be deleted | #20 STATE_PARENT_I2: retransmits: cleared | libevent_free: release ptr-libevent@0x7f4554006560 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f455c001560 | #20 spent 3.03 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() | [RE]START processing: state #20 connection "3des" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #20 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I | child state #20: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) | Message ID: updating counters for #20 to 1 after switching state | Message ID: recv #19.#20 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 | Message ID: #19.#20 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 | pstats #20 ikev2.child established "3des" #20: negotiated connection [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] | NAT-T: encaps is 'auto' "3des" #20: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x92d9e9c2 <0x2b5ecc02 xfrm=3DES_CBC-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} | releasing whack for #20 (sock=fd@25) | close_any(fd@25) (in release_whack() at state.c:654) | releasing whack and unpending for parent #19 | unpending state #19 connection "3des" | delete from pending Child SA with 192.1.2.23 "3des" | removing pending policy for no connection {0x7f4560002d20} | close_any(fd@24) (in release_whack() at state.c:654) | #20 will start re-keying in 27846 seconds with margin of 954 seconds (attempting re-key) | event_schedule: new EVENT_SA_REKEY-pe@0x7f455c001560 | inserting event EVENT_SA_REKEY, timeout in 27846 seconds for #20 | libevent_malloc: new ptr-libevent@0x7f4554006560 size 128 | stop processing: state #20 connection "3des" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #19 spent 3.49 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 3.51 milliseconds in comm_handle_cb() reading and processing packet | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00459 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00274 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00262 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_STATE_... in show_traffic_status (sort_states) | FOR_EACH_STATE_... in sort_states | get_sa_info esp.2b5ecc02@192.1.2.45 | get_sa_info esp.92d9e9c2@192.1.2.23 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0803 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "3des" (in terminate_a_connection() at terminate.c:69) "3des": terminating SAs using this connection | connection '3des' -POLICY_UP | FOR_EACH_STATE_... in shared_phase1_connection | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #20 | suspend processing: connection "3des" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #20 connection "3des" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #20 ikev2.child deleted completed | #20 spent 3.03 milliseconds in total | [RE]START processing: state #20 connection "3des" from 192.1.2.23:500 (in delete_state() at state.c:879) "3des" #20: deleting state (STATE_V2_IPSEC_I) aged 0.278s and sending notification | child state #20: V2_IPSEC_I(established CHILD SA) => delete | get_sa_info esp.92d9e9c2@192.1.2.23 | get_sa_info esp.2b5ecc02@192.1.2.45 "3des" #20: ESP traffic information: in=84B out=84B | #20 send IKEv2 delete notification for STATE_V2_IPSEC_I | Opening output PBS informational exchange delete request | **emit ISAKMP Message: | initiator cookie: | 33 49 c1 46 bb a8 9f 78 | responder cookie: | 15 53 a3 f9 4d 5f fc 5b | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 2 (0x2) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' | emitting 4 raw bytes of local spis into IKEv2 Delete Payload | local spis 2b 5e cc 02 | emitting length of IKEv2 Delete Payload: 12 | adding 4 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 40 | emitting length of ISAKMP Message: 68 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 05 47 b7 03 79 6d e9 25 | data before encryption: | 00 00 00 0c 03 04 00 01 2b 5e cc 02 00 01 02 03 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | data after encryption: | 4c 8a 73 65 e6 5c 4a 31 5e 10 3f 2a 15 78 9b 88 | hmac PRF sha init symkey-key@0x556c5075ae20 (size 20) | hmac: symkey-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc2986fa8 | result: clone-key@0x556c50771420 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x556c50750530 from symkey-key@0x556c50771420 | hmac prf: begin sha with context 0x556c50750530 from symkey-key@0x556c50771420 | hmac: release clone-key@0x556c50771420 | hmac PRF sha crypt-prf@0x556c507714b0 | hmac PRF sha update data-bytes@0x7ffdc2987380 (length 56) | 33 49 c1 46 bb a8 9f 78 15 53 a3 f9 4d 5f fc 5b | 2e 20 25 08 00 00 00 02 00 00 00 44 2a 00 00 28 | 05 47 b7 03 79 6d e9 25 4c 8a 73 65 e6 5c 4a 31 | 5e 10 3f 2a 15 78 9b 88 | hmac PRF sha final-bytes@0x7ffdc29873b8 (length 20) | ec 21 76 99 ed ed 20 e7 6e e4 ca fc 20 0a 11 11 | c7 03 f5 d3 | data being hmac: 33 49 c1 46 bb a8 9f 78 15 53 a3 f9 4d 5f fc 5b | data being hmac: 2e 20 25 08 00 00 00 02 00 00 00 44 2a 00 00 28 | data being hmac: 05 47 b7 03 79 6d e9 25 4c 8a 73 65 e6 5c 4a 31 | data being hmac: 5e 10 3f 2a 15 78 9b 88 | out calculated auth: | ec 21 76 99 ed ed 20 e7 6e e4 ca fc | sending 68 bytes for delete notification through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #20) | 33 49 c1 46 bb a8 9f 78 15 53 a3 f9 4d 5f fc 5b | 2e 20 25 08 00 00 00 02 00 00 00 44 2a 00 00 28 | 05 47 b7 03 79 6d e9 25 4c 8a 73 65 e6 5c 4a 31 | 5e 10 3f 2a 15 78 9b 88 ec 21 76 99 ed ed 20 e7 | 6e e4 ca fc | Message ID: IKE #19 sender #20 in send_delete record 'n' sending delete request so forcing IKE nextuse=0->1 and sender msgid=0->0 | Message ID: IKE #19 sender #20 in send_delete hacking around record ' send | Message ID: sent #19 request 2; ike: initiator.sent=1->2 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->2 wip.responder=-1 | state #20 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x7f4554006560 | free_event_entry: release EVENT_SA_REKEY-pe@0x7f455c001560 | running updown command "ipsec _updown" for verb down | command executing down-client | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16424' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050852' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x92d9e9c2 | popen cmd is 1031 chars long | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTER: | cmd( 80):FACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west: | cmd( 160):' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT: | cmd( 240):_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16: | cmd( 320):424' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEE: | cmd( 400):R_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK: | cmd( 480):='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PL: | cmd( 560):UTO_STACK='netkey' PLUTO_ADDTIME='1569050852' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUN: | cmd( 640):NEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMA: | cmd( 720):NENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_: | cmd( 800):PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER: | cmd( 880):='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' : | cmd( 960):VTI_SHARED='no' SPI_IN=0x92d9e9c2 SPI_OUT=0x2b5ecc02 ipsec _updown 2>&1: | shunt_eroute() called for connection '3des' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.1.0/24:0 --0->- 192.0.2.0/24:0 | netlink_shunt_eroute for proto 0, and source 192.0.1.0/24:0 dest 192.0.2.0/24:0 | priority calculation of connection "3des" is 0xfe7e7 | IPsec Sa SPD priority set to 1042407 | delete esp.92d9e9c2@192.1.2.23 | netlink response for Del SA esp.92d9e9c2@192.1.2.23 included non-error error | priority calculation of connection "3des" is 0xfe7e7 | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | delete esp.2b5ecc02@192.1.2.45 | netlink response for Del SA esp.2b5ecc02@192.1.2.45 included non-error error | stop processing: connection "3des" (BACKGROUND) (in update_state_connection() at connections.c:4037) | start processing: connection NULL (in update_state_connection() at connections.c:4038) | in connection_discard for connection 3des | State DB: deleting IKEv2 state #20 in V2_IPSEC_I | child state #20: V2_IPSEC_I(established CHILD SA) => UNDEFINED(ignore) | stop processing: state #20 from 192.1.2.23:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x556c50757800 | delete_state: release st->st_skey_ai_nss-key@0x556c5075ae20 | delete_state: release st->st_skey_ar_nss-key@0x556c507543d0 | delete_state: release st->st_skey_ei_nss-key@0x556c5074eb00 | delete_state: release st->st_skey_er_nss-key@0x556c5076d180 | delete_state: release st->st_skey_pi_nss-key@0x7f45600069f0 | delete_state: release st->st_skey_pr_nss-key@0x7f456000d640 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #19 | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #19 | start processing: state #19 connection "3des" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #19 ikev2.ike deleted completed | #19 spent 9.84 milliseconds in total | [RE]START processing: state #19 connection "3des" from 192.1.2.23:500 (in delete_state() at state.c:879) "3des" #19: deleting state (STATE_PARENT_I3) aged 0.305s and sending notification | parent state #19: PARENT_I3(established IKE SA) => delete | #19 send IKEv2 delete notification for STATE_PARENT_I3 | Opening output PBS informational exchange delete request | **emit ISAKMP Message: | initiator cookie: | 33 49 c1 46 bb a8 9f 78 | responder cookie: | 15 53 a3 f9 4d 5f fc 5b | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 3 (0x3) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_IKE (0x1) | SPI size: 0 (0x0) | number of SPIs: 0 (0x0) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' | emitting length of IKEv2 Delete Payload: 8 | adding 8 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 40 | emitting length of ISAKMP Message: 68 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | b6 12 2b b1 66 87 a2 b0 | data before encryption: | 00 00 00 08 01 00 00 00 00 01 02 03 04 05 06 07 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | data after encryption: | f2 73 ea b2 ab 45 76 c3 98 11 00 54 d4 25 62 48 | hmac PRF sha init symkey-key@0x556c5075ae20 (size 20) | hmac: symkey-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc2986fa8 | result: clone-key@0x556c50771420 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x556c50750530 from symkey-key@0x556c50771420 | hmac prf: begin sha with context 0x556c50750530 from symkey-key@0x556c50771420 | hmac: release clone-key@0x556c50771420 | hmac PRF sha crypt-prf@0x556c507714d0 | hmac PRF sha update data-bytes@0x7ffdc2987380 (length 56) | 33 49 c1 46 bb a8 9f 78 15 53 a3 f9 4d 5f fc 5b | 2e 20 25 08 00 00 00 03 00 00 00 44 2a 00 00 28 | b6 12 2b b1 66 87 a2 b0 f2 73 ea b2 ab 45 76 c3 | 98 11 00 54 d4 25 62 48 | hmac PRF sha final-bytes@0x7ffdc29873b8 (length 20) | 38 ac 58 a7 77 6e 7d 5a 75 55 f2 85 d0 32 70 26 | f1 86 4b c2 | data being hmac: 33 49 c1 46 bb a8 9f 78 15 53 a3 f9 4d 5f fc 5b | data being hmac: 2e 20 25 08 00 00 00 03 00 00 00 44 2a 00 00 28 | data being hmac: b6 12 2b b1 66 87 a2 b0 f2 73 ea b2 ab 45 76 c3 | data being hmac: 98 11 00 54 d4 25 62 48 | out calculated auth: | 38 ac 58 a7 77 6e 7d 5a 75 55 f2 85 | sending 68 bytes for delete notification through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #19) | 33 49 c1 46 bb a8 9f 78 15 53 a3 f9 4d 5f fc 5b | 2e 20 25 08 00 00 00 03 00 00 00 44 2a 00 00 28 | b6 12 2b b1 66 87 a2 b0 f2 73 ea b2 ab 45 76 c3 | 98 11 00 54 d4 25 62 48 38 ac 58 a7 77 6e 7d 5a | 75 55 f2 85 | Message ID: IKE #19 sender #19 in send_delete record 'n' sending delete request so forcing IKE nextuse=1->2 and sender msgid=0->1 | Message ID: IKE #19 sender #19 in send_delete hacking around record ' send | Message ID: #19 XXX: expecting sender.wip.initiator 2 == -1 - suspect record'n'send out-of-order?); initiator.sent=3 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=3 wip.responder=-1 | Message ID: sent #19 request 3; ike: initiator.sent=2->3 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=2->3 wip.responder=-1 | state #19 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x7f455c0016a0 | free_event_entry: release EVENT_SA_REKEY-pe@0x7f4558001560 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection 3des | State DB: deleting IKEv2 state #19 in PARENT_I3 | parent state #19: PARENT_I3(established IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f455c002a80: destroyed | stop processing: state #19 from 192.1.2.23:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x7f456000a510 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x556c50757800 | delete_state: release st->st_skey_ai_nss-key@0x556c5075ae20 | delete_state: release st->st_skey_ar_nss-key@0x556c507543d0 | delete_state: release st->st_skey_ei_nss-key@0x556c5074eb00 | delete_state: release st->st_skey_er_nss-key@0x556c5076d180 | delete_state: release st->st_skey_pi_nss-key@0x7f45600069f0 | delete_state: release st->st_skey_pr_nss-key@0x7f456000d640 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 1.31 milliseconds in whack | spent 0.00182 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 68 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 33 49 c1 46 bb a8 9f 78 15 53 a3 f9 4d 5f fc 5b | 2e 20 25 20 00 00 00 02 00 00 00 44 2a 00 00 28 | 30 0d 44 f3 ed 4a 23 52 40 db 32 e5 9a f4 1c 29 | 13 6b 55 f2 10 90 42 35 c7 c0 c4 f6 8e 6b b5 94 | 4f c1 a4 9a | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 33 49 c1 46 bb a8 9f 78 | responder cookie: | 15 53 a3 f9 4d 5f fc 5b | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 2 (0x2) | length: 68 (0x44) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL response | State DB: IKEv2 state not found (find_v2_ike_sa) packet from 192.1.2.23:500: ISAKMP_v2_INFORMATIONAL message response has no matching IKE SA | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0698 milliseconds in comm_handle_cb() reading and processing packet | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00413 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00116 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 60 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 33 49 c1 46 bb a8 9f 78 15 53 a3 f9 4d 5f fc 5b | 2e 20 25 20 00 00 00 03 00 00 00 3c 00 00 00 20 | ea 7d bf 31 fc 83 f4 af c0 5b a7 97 57 75 03 43 | 0f 4d 3e d5 8d 31 f9 fd f5 7a 0b 76 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 33 49 c1 46 bb a8 9f 78 | responder cookie: | 15 53 a3 f9 4d 5f fc 5b | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 3 (0x3) | length: 60 (0x3c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL response | State DB: IKEv2 state not found (find_v2_ike_sa) packet from 192.1.2.23:500: ISAKMP_v2_INFORMATIONAL message response has no matching IKE SA | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0415 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "3des" (in terminate_a_connection() at terminate.c:69) "3des": terminating SAs using this connection | connection '3des' -POLICY_UP | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | stop processing: connection "3des" (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "3des" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | shunt_eroute() called for connection '3des' to 'delete' for rt_kind 'unrouted' using protoports 192.0.1.0/24:0 --0->- 192.0.2.0/24:0 | netlink_shunt_eroute for proto 0, and source 192.0.1.0/24:0 dest 192.0.2.0/24:0 | priority calculation of connection "3des" is 0xfe7e7 | priority calculation of connection "3des" is 0xfe7e7 | FOR_EACH_CONNECTION_... in route_owner | conn 3des mark 0/00000000, 0/00000000 vs | conn 3des mark 0/00000000, 0/00000000 | route owner of "3des" unrouted: NULL | running updown command "ipsec _updown" for verb unroute | command executing unroute-client | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16424' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0 | popen cmd is 1012 chars long | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_IN: | cmd( 80):TERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@w: | cmd( 160):est' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLI: | cmd( 240):ENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=: | cmd( 320):'16424' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO: | cmd( 400):_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_: | cmd( 480):MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA=': | cmd( 560):' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+P: | cmd( 640):FS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT': | cmd( 720): PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_: | cmd( 800):DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' : | cmd( 880):PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_S: | cmd( 960):HARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. | free hp@0x556c50734860 | flush revival: connection '3des' wasn't on the list | stop processing: connection "3des" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 2.26 milliseconds in whack | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00439 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing suppress-retransmits + none - bust-mi2+bust-mr2+drop-i2+sa-creation+jacob-two-two+allow-null-none+major-version-bump+minor-version-bump+timeout-on-retransmit+delete-on-retransmit+suppress-retransmits+send-bogus-payload-flag+send-bogus-isakmp-flag+send-no-delete+send-no-ikev2-auth+send-no-xauth-r0+drop-xauth-r0+send-no-main-r2+force-fips+send-key-size-check+send-bogus-dcookie+omit-hash-notify+ignore-hash-notify+ignore-hash-notify-resp+ikev2-exclude-integ-none+ikev2-include-integ-none+replay-duplicates+replay-forward+replay-backward+replay-encrypted+corrupt-encrypted+proposal-parser+add-unknown-payload-to-sa-init+add-unknown-payload-to-auth+add-unknown-payload-to-auth-sk+unknown-payload-critical+allow-dns-insecure+send-pkcs7-thingie+ikev1-del-with-notify+bad-ikev2-auth-xchg | base impairing = none | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0572 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing none + delete-on-retransmit | base impairing = delete-on-retransmit | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0513 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none | base impairing = delete-on-retransmit | ike-key-length-attribute:0 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0627 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection 3des with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: 3DES_CBC-HMAC_SHA1-MODP2048 | from whack: got --esp=3des-sha1;modp2048 | ESP/AH string values: 3DES_CBC-HMAC_SHA1_96-MODP2048 | counting wild cards for @west is 0 | counting wild cards for @east is 0 | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x556c5076b1c0 added connection description "3des" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.117 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "3des" (in initiate_a_connection() at initiate.c:186) | connection '3des' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #21 at 0x556c50769370 | State DB: adding IKEv2 state #21 in UNDEFINED | pstats #21 ikev2.ike started | Message ID: init #21: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #21: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #21; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "3des" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #21 connection "3des" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "3des" IKE SA #21 "3des" "3des" #21: initiating v2 parent SA | constructing local IKE proposals for 3des (IKE SA initiator selecting KE) | converting ike_info 3DES_CBC-HMAC_SHA1-MODP2048 to ikev2 ... | omitting IKEv2 PROTO_v2_IKE 3des_cbc ENCRYPT transform key-length | ... ikev2_proposal: 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "3des": constructed local IKE proposals for 3des (IKE SA initiator selecting KE): 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 21 for state #21 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f455c001560 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #21 | libevent_malloc: new ptr-libevent@0x7f4554006560 size 128 | crypto helper 5 resuming | #21 spent 0.113 milliseconds in ikev2_parent_outI1() | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 5 starting work-order 21 for state #21 | RESET processing: state #21 connection "3des" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 5 doing build KE and nonce (ikev2_outI1 KE); request ID 21 | RESET processing: connection "3des" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | spent 0.2 milliseconds in whack | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f45540010c0: created | NSS: Local DH MODP2048 secret (pointer): 0x7f45540010c0 | NSS: Public DH wire value: | 85 d5 0d 50 03 83 b0 5e e6 19 95 0c ef 05 7c 44 | 82 39 fb 0b 41 6d 5b 2e 26 e0 c9 e2 95 55 77 7b | ab 59 2c e3 9f 8f 26 5d 56 54 36 6c 93 bd f6 93 | 1e 52 da 6c be f7 44 5e 86 b1 8a 68 82 38 59 5a | 94 df d4 cf da 34 96 48 c6 d5 2e f5 b4 51 cf 24 | d0 a9 b4 f5 f4 05 99 db 0d 85 1c 14 7e 0a 89 96 | 7a 5e 72 33 6a c2 c8 8b f1 89 08 d7 ae 12 d4 05 | 55 ec 0c 6e 1d fa dd 3e c0 23 73 a6 8c 6c 32 46 | f2 a4 6e 74 e0 01 13 42 fe 8b fd 1a b7 04 9e 08 | 45 d1 0b 17 97 ee 66 d2 0e a4 e2 a9 6f 48 76 c7 | a6 05 ce 92 9b 5c 06 a7 6b aa 28 56 00 71 1e c4 | 30 6e 0f c5 54 c6 6b dc ac d8 f4 4a 28 10 ab de | 64 d4 4d f7 4d d9 25 62 f4 8e c3 12 1f 30 24 a8 | ee 36 a7 23 4b 44 c5 76 27 ac e8 53 99 be 15 bd | 8c 09 dc 05 6b bf c5 65 40 02 c3 6d 2e 6e 36 09 | 22 c4 77 4a 99 d9 35 99 1b 0e 9c 04 3f 77 ac af | Generated nonce: 6b e2 14 0e db 0e 03 67 51 79 6b 8b 3c 1b e9 65 | Generated nonce: 6a df b0 5a 4c 3a 8f 98 3e 21 e0 bf 75 62 f5 e4 | crypto helper 5 finished build KE and nonce (ikev2_outI1 KE); request ID 21 time elapsed 0.00094 seconds | (#21) spent 0.937 milliseconds in crypto helper computing work-order 21: ikev2_outI1 KE (pcr) | crypto helper 5 sending results from work-order 21 for state #21 to event queue | scheduling resume sending helper answer for #21 | libevent_malloc: new ptr-libevent@0x7f4554008840 size 128 | crypto helper 5 waiting (nothing to do) | processing resume sending helper answer for #21 | start processing: state #21 connection "3des" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 5 replies to request ID 21 | calling continuation function 0x556c4f6f1630 | ikev2_parent_outI1_continue for #21 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f45540010c0: transferring ownership from helper KE to state #21 | **emit ISAKMP Message: | initiator cookie: | 97 77 0f 81 26 36 14 86 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection 3des (IKE SA initiator emitting local proposals): 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "3des" #21: IMPAIR: emitting fixed-length key-length attribute with 0 key | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 0 (0x0) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 85 d5 0d 50 03 83 b0 5e e6 19 95 0c ef 05 7c 44 | ikev2 g^x 82 39 fb 0b 41 6d 5b 2e 26 e0 c9 e2 95 55 77 7b | ikev2 g^x ab 59 2c e3 9f 8f 26 5d 56 54 36 6c 93 bd f6 93 | ikev2 g^x 1e 52 da 6c be f7 44 5e 86 b1 8a 68 82 38 59 5a | ikev2 g^x 94 df d4 cf da 34 96 48 c6 d5 2e f5 b4 51 cf 24 | ikev2 g^x d0 a9 b4 f5 f4 05 99 db 0d 85 1c 14 7e 0a 89 96 | ikev2 g^x 7a 5e 72 33 6a c2 c8 8b f1 89 08 d7 ae 12 d4 05 | ikev2 g^x 55 ec 0c 6e 1d fa dd 3e c0 23 73 a6 8c 6c 32 46 | ikev2 g^x f2 a4 6e 74 e0 01 13 42 fe 8b fd 1a b7 04 9e 08 | ikev2 g^x 45 d1 0b 17 97 ee 66 d2 0e a4 e2 a9 6f 48 76 c7 | ikev2 g^x a6 05 ce 92 9b 5c 06 a7 6b aa 28 56 00 71 1e c4 | ikev2 g^x 30 6e 0f c5 54 c6 6b dc ac d8 f4 4a 28 10 ab de | ikev2 g^x 64 d4 4d f7 4d d9 25 62 f4 8e c3 12 1f 30 24 a8 | ikev2 g^x ee 36 a7 23 4b 44 c5 76 27 ac e8 53 99 be 15 bd | ikev2 g^x 8c 09 dc 05 6b bf c5 65 40 02 c3 6d 2e 6e 36 09 | ikev2 g^x 22 c4 77 4a 99 d9 35 99 1b 0e 9c 04 3f 77 ac af | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 6b e2 14 0e db 0e 03 67 51 79 6b 8b 3c 1b e9 65 | IKEv2 nonce 6a df b0 5a 4c 3a 8f 98 3e 21 e0 bf 75 62 f5 e4 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffdc298a810 (length 8) | 97 77 0f 81 26 36 14 86 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffdc298a818 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffdc298a744 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffdc298a736 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffdc298a7c0 (length 20) | 78 45 54 6e 32 0c d1 65 bb a1 99 9b c3 aa e8 58 | 67 d3 c3 58 | natd_hash: hasher=0x556c4f7c77a0(20) | natd_hash: icookie= 97 77 0f 81 26 36 14 86 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 78 45 54 6e 32 0c d1 65 bb a1 99 9b c3 aa e8 58 | natd_hash: hash= 67 d3 c3 58 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 78 45 54 6e 32 0c d1 65 bb a1 99 9b c3 aa e8 58 | Notify data 67 d3 c3 58 | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffdc298a810 (length 8) | 97 77 0f 81 26 36 14 86 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffdc298a818 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffdc298a744 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffdc298a736 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffdc298a7c0 (length 20) | 95 08 88 e5 b8 57 cc bd d3 da d0 da 30 73 df 88 | c9 83 88 0f | natd_hash: hasher=0x556c4f7c77a0(20) | natd_hash: icookie= 97 77 0f 81 26 36 14 86 | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 95 08 88 e5 b8 57 cc bd d3 da d0 da 30 73 df 88 | natd_hash: hash= c9 83 88 0f | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 95 08 88 e5 b8 57 cc bd d3 da d0 da 30 73 df 88 | Notify data c9 83 88 0f | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | stop processing: state #21 connection "3des" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #21 connection "3des" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #21 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #21: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #21 to 4294967295 after switching state | Message ID: IKE #21 skipping update_recv as MD is fake | Message ID: sent #21 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "3des" #21: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 440 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #21) | 97 77 0f 81 26 36 14 86 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 03 | 80 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 85 d5 0d 50 03 83 b0 5e e6 19 95 0c | ef 05 7c 44 82 39 fb 0b 41 6d 5b 2e 26 e0 c9 e2 | 95 55 77 7b ab 59 2c e3 9f 8f 26 5d 56 54 36 6c | 93 bd f6 93 1e 52 da 6c be f7 44 5e 86 b1 8a 68 | 82 38 59 5a 94 df d4 cf da 34 96 48 c6 d5 2e f5 | b4 51 cf 24 d0 a9 b4 f5 f4 05 99 db 0d 85 1c 14 | 7e 0a 89 96 7a 5e 72 33 6a c2 c8 8b f1 89 08 d7 | ae 12 d4 05 55 ec 0c 6e 1d fa dd 3e c0 23 73 a6 | 8c 6c 32 46 f2 a4 6e 74 e0 01 13 42 fe 8b fd 1a | b7 04 9e 08 45 d1 0b 17 97 ee 66 d2 0e a4 e2 a9 | 6f 48 76 c7 a6 05 ce 92 9b 5c 06 a7 6b aa 28 56 | 00 71 1e c4 30 6e 0f c5 54 c6 6b dc ac d8 f4 4a | 28 10 ab de 64 d4 4d f7 4d d9 25 62 f4 8e c3 12 | 1f 30 24 a8 ee 36 a7 23 4b 44 c5 76 27 ac e8 53 | 99 be 15 bd 8c 09 dc 05 6b bf c5 65 40 02 c3 6d | 2e 6e 36 09 22 c4 77 4a 99 d9 35 99 1b 0e 9c 04 | 3f 77 ac af 29 00 00 24 6b e2 14 0e db 0e 03 67 | 51 79 6b 8b 3c 1b e9 65 6a df b0 5a 4c 3a 8f 98 | 3e 21 e0 bf 75 62 f5 e4 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 78 45 54 6e 32 0c d1 65 | bb a1 99 9b c3 aa e8 58 67 d3 c3 58 00 00 00 1c | 00 00 40 05 95 08 88 e5 b8 57 cc bd d3 da d0 da | 30 73 df 88 c9 83 88 0f | state #21 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f4554006560 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f455c001560 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x7f455c001560 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #21 | libevent_malloc: new ptr-libevent@0x7f4554006560 size 128 | #21 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49499.795327 | resume sending helper answer for #21 suppresed complete_v2_state_transition() and stole MD | #21 spent 0.518 milliseconds in resume sending helper answer | stop processing: state #21 connection "3des" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f4554008840 | spent 0.00261 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 436 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 97 77 0f 81 26 36 14 86 dd c5 49 2c 24 a3 cb 98 | 21 20 22 20 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | c8 23 fc 9c 26 e4 ff f7 c1 28 52 2e 8a c5 f6 0d | ba 8d 38 ad 62 00 78 57 c0 1f 7c 6d 78 e7 c5 0e | e5 d2 ad e6 d4 85 e9 d9 0b 1f ad dd 28 6e be b8 | 82 a2 9a 78 88 cb 85 6b 80 e0 18 9a 61 b0 07 d1 | 5e 14 07 37 76 14 b6 cd 28 bc 05 4b e2 1c 6f a8 | 86 1a ff f8 1a 99 15 1b 51 c7 c0 b6 d5 89 42 25 | 53 69 cf 29 8c ff e4 9d 49 3c c0 50 dc 12 b8 f1 | 3a d9 b1 d9 8f 39 45 a3 c8 b1 1f f4 29 1a d0 d9 | 02 bf b8 a0 7d 2f ee 5a 54 24 f3 9b 1f 2c a1 ad | 42 6a 05 8b e5 ca 91 8e 03 0b c5 d7 4b ee 0c 53 | a1 c0 4c 2c ce 20 55 d9 c1 10 90 cf af ba 9e f9 | 02 66 28 7f df 58 b9 16 cd a3 96 ab 99 ba a4 10 | 10 a9 b5 82 ee 58 a5 cf 09 56 c7 4c 8a c1 88 00 | 88 be 9d 5c 89 67 bf d3 0a 49 2c 65 c3 bf 2a a1 | 3a ae c8 69 7d ef 97 f3 89 9d 6e 8a b2 f8 59 7c | e7 ea 60 cd 2c 14 95 1c 9c 5d 93 a3 e7 5b 31 4e | 29 00 00 24 82 58 f2 d4 d0 fa a5 d0 5b b0 72 19 | e6 a8 0d ef 8e d6 d0 72 5d 6b d9 63 ea 48 51 6a | ee b6 df 84 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 28 0b d4 91 a9 f3 b4 2c 38 9e 47 c7 | 21 74 38 a3 0d 35 0e 69 00 00 00 1c 00 00 40 05 | 14 a3 f9 1e 5a 64 7b 99 25 8f c3 a7 0f 67 5a a8 | d0 ee b3 a3 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 97 77 0f 81 26 36 14 86 | responder cookie: | dd c5 49 2c 24 a3 cb 98 | next payload type: ISAKMP_NEXT_v2SA (0x21) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 436 (0x1b4) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #21 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #21 connection "3des" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #21 connection "3des" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #21 is idle | #21 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | ***parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2KE (0x22) | flags: none (0x0) | length: 44 (0x2c) | processing payload: ISAKMP_NEXT_v2SA (len=40) | Now let's proceed with payload (ISAKMP_NEXT_v2KE) | ***parse IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2Ni (0x28) | flags: none (0x0) | length: 264 (0x108) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | processing payload: ISAKMP_NEXT_v2KE (len=256) | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) | ***parse IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 36 (0x24) | processing payload: ISAKMP_NEXT_v2Ni (len=32) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | processing payload: ISAKMP_NEXT_v2N (len=0) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | processing payload: ISAKMP_NEXT_v2N (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 28 (0x1c) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | processing payload: ISAKMP_NEXT_v2N (len=20) | State DB: re-hashing IKEv2 state #21 IKE SPIi and SPI[ir] | #21 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | Now let's proceed with state specific processing | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH | ikev2 parent inR1: calculating g^{xy} in order to send I2 | DH public value received: | c8 23 fc 9c 26 e4 ff f7 c1 28 52 2e 8a c5 f6 0d | ba 8d 38 ad 62 00 78 57 c0 1f 7c 6d 78 e7 c5 0e | e5 d2 ad e6 d4 85 e9 d9 0b 1f ad dd 28 6e be b8 | 82 a2 9a 78 88 cb 85 6b 80 e0 18 9a 61 b0 07 d1 | 5e 14 07 37 76 14 b6 cd 28 bc 05 4b e2 1c 6f a8 | 86 1a ff f8 1a 99 15 1b 51 c7 c0 b6 d5 89 42 25 | 53 69 cf 29 8c ff e4 9d 49 3c c0 50 dc 12 b8 f1 | 3a d9 b1 d9 8f 39 45 a3 c8 b1 1f f4 29 1a d0 d9 | 02 bf b8 a0 7d 2f ee 5a 54 24 f3 9b 1f 2c a1 ad | 42 6a 05 8b e5 ca 91 8e 03 0b c5 d7 4b ee 0c 53 | a1 c0 4c 2c ce 20 55 d9 c1 10 90 cf af ba 9e f9 | 02 66 28 7f df 58 b9 16 cd a3 96 ab 99 ba a4 10 | 10 a9 b5 82 ee 58 a5 cf 09 56 c7 4c 8a c1 88 00 | 88 be 9d 5c 89 67 bf d3 0a 49 2c 65 c3 bf 2a a1 | 3a ae c8 69 7d ef 97 f3 89 9d 6e 8a b2 f8 59 7c | e7 ea 60 cd 2c 14 95 1c 9c 5d 93 a3 e7 5b 31 4e | using existing local IKE proposals for connection 3des (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Comparing remote proposals against IKE initiator (accepting) 1 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 1 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 0 transforms | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none | ****parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 40 (0x28) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | Comparing remote proposal 1 containing 4 transforms against local proposal [1..1] of 1 local proposals | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | remote proposal 1 transform 0 (ENCR=3DES) matches local proposal 1 type 1 (ENCR) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | remote proposal 1 transform 1 (PRF=HMAC_SHA1) matches local proposal 1 type 2 (PRF) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 2 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | *****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048[first-match] | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: 3DES=3, found 3DES_CBC | PRF ike_alg_lookup_by_id id: HMAC_SHA1=2, found HMAC_SHA1 | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffdc298a2d0 (length 8) | 97 77 0f 81 26 36 14 86 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffdc298a2d8 (length 8) | dd c5 49 2c 24 a3 cb 98 | NATD hash sha digest IP addr-bytes@0x7ffdc298a264 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffdc298a256 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffdc298a2e0 (length 20) | 14 a3 f9 1e 5a 64 7b 99 25 8f c3 a7 0f 67 5a a8 | d0 ee b3 a3 | natd_hash: hasher=0x556c4f7c77a0(20) | natd_hash: icookie= 97 77 0f 81 26 36 14 86 | natd_hash: rcookie= dd c5 49 2c 24 a3 cb 98 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 14 a3 f9 1e 5a 64 7b 99 25 8f c3 a7 0f 67 5a a8 | natd_hash: hash= d0 ee b3 a3 | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffdc298a2d0 (length 8) | 97 77 0f 81 26 36 14 86 | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffdc298a2d8 (length 8) | dd c5 49 2c 24 a3 cb 98 | NATD hash sha digest IP addr-bytes@0x7ffdc298a264 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffdc298a256 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffdc298a300 (length 20) | 28 0b d4 91 a9 f3 b4 2c 38 9e 47 c7 21 74 38 a3 | 0d 35 0e 69 | natd_hash: hasher=0x556c4f7c77a0(20) | natd_hash: icookie= 97 77 0f 81 26 36 14 86 | natd_hash: rcookie= dd c5 49 2c 24 a3 cb 98 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 28 0b d4 91 a9 f3 b4 2c 38 9e 47 c7 21 74 38 a3 | natd_hash: hash= 0d 35 0e 69 | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 | offloading IKEv2 SKEYSEED using prf=HMAC_SHA1 integ=HMAC_SHA1_96 cipherkey=3DES_CBC | start_dh_v2: reference skey_d_old-key@NULL | DH secret MODP2048@0x7f45540010c0: transferring ownership from state #21 to helper IKEv2 DH | adding ikev2_inR1outI2 KE work-order 22 for state #21 | state #21 requesting EVENT_RETRANSMIT to be deleted | #21 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x7f4554006560 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f455c001560 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f455c001560 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #21 | libevent_malloc: new ptr-libevent@0x7f4554008840 size 128 | #21 spent 0.263 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() | [RE]START processing: state #21 connection "3des" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #21 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND | suspending state #21 and saving MD | #21 is busy; has a suspended MD | [RE]START processing: state #21 connection "3des" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) | "3des" #21 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 | stop processing: state #21 connection "3des" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #21 spent 0.496 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.507 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 1 resuming | crypto helper 1 starting work-order 22 for state #21 | crypto helper 1 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 22 | peer's g: c8 23 fc 9c 26 e4 ff f7 c1 28 52 2e 8a c5 f6 0d | peer's g: ba 8d 38 ad 62 00 78 57 c0 1f 7c 6d 78 e7 c5 0e | peer's g: e5 d2 ad e6 d4 85 e9 d9 0b 1f ad dd 28 6e be b8 | peer's g: 82 a2 9a 78 88 cb 85 6b 80 e0 18 9a 61 b0 07 d1 | peer's g: 5e 14 07 37 76 14 b6 cd 28 bc 05 4b e2 1c 6f a8 | peer's g: 86 1a ff f8 1a 99 15 1b 51 c7 c0 b6 d5 89 42 25 | peer's g: 53 69 cf 29 8c ff e4 9d 49 3c c0 50 dc 12 b8 f1 | peer's g: 3a d9 b1 d9 8f 39 45 a3 c8 b1 1f f4 29 1a d0 d9 | peer's g: 02 bf b8 a0 7d 2f ee 5a 54 24 f3 9b 1f 2c a1 ad | peer's g: 42 6a 05 8b e5 ca 91 8e 03 0b c5 d7 4b ee 0c 53 | peer's g: a1 c0 4c 2c ce 20 55 d9 c1 10 90 cf af ba 9e f9 | peer's g: 02 66 28 7f df 58 b9 16 cd a3 96 ab 99 ba a4 10 | peer's g: 10 a9 b5 82 ee 58 a5 cf 09 56 c7 4c 8a c1 88 00 | peer's g: 88 be 9d 5c 89 67 bf d3 0a 49 2c 65 c3 bf 2a a1 | peer's g: 3a ae c8 69 7d ef 97 f3 89 9d 6e 8a b2 f8 59 7c | peer's g: e7 ea 60 cd 2c 14 95 1c 9c 5d 93 a3 e7 5b 31 4e | Started DH shared-secret computation in NSS: | new : g_ir-key@0x7f456000d640 (256-bytes, CONCATENATE_DATA_AND_BASE) | DH secret MODP2048@0x7f45540010c0: computed shared DH secret key@0x7f456000d640 | dh-shared : g^ir-key@0x7f456000d640 (256-bytes, CONCATENATE_DATA_AND_BASE) | NSS: Started key computation | calculating skeyseed using prf=sha integ=sha cipherkey-size=24 salt-size=0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha init Ni | Nr-chunk@0x7f45680065a0 (length 64) | 6b e2 14 0e db 0e 03 67 51 79 6b 8b 3c 1b e9 65 | 6a df b0 5a 4c 3a 8f 98 3e 21 e0 bf 75 62 f5 e4 | 82 58 f2 d4 d0 fa a5 d0 5b b0 72 19 e6 a8 0d ef | 8e d6 d0 72 5d 6b d9 63 ea 48 51 6a ee b6 df 84 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f457259c670 | result: Ni | Nr-key@0x556c5076d180 (80-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 64 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 64-bytes | base: base-key@0x556c5076d180 (80-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457259c658 | result: Ni | Nr-key@0x7f45600069f0 (64-bytes, SHA_1_HMAC) | Ni | Nr: release tmp-key@0x556c5076d180 | SKEYSEED = prf(Ni | Nr, g^ir) prf: created sha context 0x7f4568003aa0 from Ni | Nr-key@0x7f45600069f0 | SKEYSEED = prf(Ni | Nr, g^ir) prf: begin sha with context 0x7f4568003aa0 from Ni | Nr-key@0x7f45600069f0 | SKEYSEED = prf(Ni | Nr, g^ir): release clone-key@0x7f45600069f0 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha crypt-prf@0x7f4568001900 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha update g^ir-key@0x7f456000d640 (size 256) | SKEYSEED = prf(Ni | Nr, g^ir): g^ir-key@0x7f456000d640 (256-bytes, CONCATENATE_DATA_AND_BASE) | nss hmac digest hack extracting all 256 bytes of key@0x7f456000d640 | nss hmac digest hack: symkey-key@0x7f456000d640 (256-bytes, CONCATENATE_DATA_AND_BASE) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (256-bytes, CONCATENATE_DATA_AND_BASE) | sizeof bytes 256 | wrapper: (SECItemType)1918485200: 24 ffffffba 29 ffffffc5 40 3d 0e ffffff8a fffffffb 5c 59 1f 0c ffffffaa 5e ffffff9c ffffffab 66 25 60 19 fffffffa 7d ffffffc8 ffffffd8 ffffffa5 43 fffffff6 38 fffffff4 75 45 ffffff8b ffffffd7 37 fffffff2 ffffffa2 fffffff8 ffffffd8 64 35 ffffffe8 2c ffffff8d 01 28 ffffff86 76 ffffffff 06 16 fffffffa 3b fffffff9 58 ffffffb9 02 76 ffffffca 2d ffffffa9 ffffffa3 ffffffc7 ffffffba 5b fffffff0 5b 50 fffffff1 7a ffffffb8 1c 4c 79 ffffffd9 ffffffaf 2d ffffffb3 52 ffffffd2 ffffff94 ffffffe1 ffffff92 03 73 44 3e ffffffb3 ffffffb8 ffffff9e 6f 44 59 ffffffc8 ffffffef 77 7a 2f 03 fffffffe ffffffba 36 ffffffb6 28 ffffffbb 78 ffffff87 ffffffd0 fffffff2 ffffffb4 fffffff9 45 ffffffa1 ffffffc1 38 36 ffffffd9 60 ffffffa6 fffffff1 7a 5a ffffffb3 ffffffb0 67 6b 52 2f 3f 01 42 26 74 00 ffffffe2 3f fffffff4 6a ffffffd5 0c ffffffbf 5b 1b ffffff89 05 78 1c 13 7f 4b 06 14 ffffffb4 ffffffe1 0d 5d fffffff4 ffffffc3 27 2c ffffff89 ffffffd3 3e ffffffa1 3f 1f | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 256 bytes at 0x7f4568006cd0 | unwrapped: fa 01 1a 8d 02 5b e1 91 f8 33 a3 c7 4f a9 14 97 | unwrapped: df b0 44 b5 a2 35 92 2d 41 e8 7c a8 c2 ee 14 99 | unwrapped: 11 f5 0b ff 01 97 f7 5d c0 bd 2d ec b7 3f cf 88 | unwrapped: 01 f0 4d 16 28 2d 65 df aa cc 40 bc c0 e0 d4 fa | unwrapped: 3a b7 2c 1e c0 5f 59 bd 10 7d da 38 48 e4 f9 18 | unwrapped: c2 e2 01 d0 b3 79 14 7d db e1 0e d8 c0 ff 7a 4b | unwrapped: 32 6a 57 48 46 91 b9 d5 42 94 38 89 9b 9b 58 9d | unwrapped: 72 37 d1 f6 31 3e ea 64 15 6c fb 9d a4 ab 5f b2 | unwrapped: d3 af a8 f5 fb 1a e6 93 ca 15 3d 23 80 b3 63 8f | unwrapped: 19 cc a3 6d 41 98 76 b3 19 55 e0 4e ff 40 e1 b8 | unwrapped: 2e d5 a5 fe 62 4b e5 17 81 d8 3f b9 b0 67 0c 22 | unwrapped: 02 73 e5 85 14 4f 2f c5 28 3f ee 66 ac f5 a0 ca | unwrapped: ec 3b 69 53 e9 82 da 4b 29 3f 73 98 a9 d5 a3 77 | unwrapped: cc 69 7d 4f 9a 86 f3 ba fb d8 cd 78 18 e8 71 f8 | unwrapped: 08 ee b8 21 b6 26 e3 ed 91 5c 4c ab b3 d1 3e 1f | unwrapped: 54 d9 4b 84 02 01 8d 42 ad 7f 73 f1 49 a0 6b 70 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f457259c690 | result: final-key@0x556c5076d180 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c5076d180 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457259c678 | result: final-key@0x7f45600069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c5076d180 | SKEYSEED = prf(Ni | Nr, g^ir) PRF sha final-key@0x7f45600069f0 (size 20) | SKEYSEED = prf(Ni | Nr, g^ir): key-key@0x7f45600069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f457259c600 | result: data=Ni-key@0x556c5074eb00 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x556c5074eb00 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457259c5e8 | result: data=Ni-key@0x556c5076d180 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x556c5074eb00 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c5076d180 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f457259c5f0 | result: data+=Nr-key@0x556c5074eb00 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x556c5076d180 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c5074eb00 (64-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f457259c5f0 | result: data+=SPIi-key@0x556c5076d180 (72-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x556c5074eb00 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c5076d180 (72-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7f457259c5f0 | result: data+=SPIr-key@0x556c5074eb00 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x556c5076d180 | prf+0 PRF sha init key-key@0x7f45600069f0 (size 20) | prf+0: key-key@0x7f45600069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f45600069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457259c518 | result: clone-key@0x556c5076d180 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x7f4568003aa0 from key-key@0x556c5076d180 | prf+0 prf: begin sha with context 0x7f4568003aa0 from key-key@0x556c5076d180 | prf+0: release clone-key@0x556c5076d180 | prf+0 PRF sha crypt-prf@0x7f4568003980 | prf+0 PRF sha update seed-key@0x556c5074eb00 (size 80) | prf+0: seed-key@0x556c5074eb00 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x556c5074eb00 | nss hmac digest hack: symkey-key@0x556c5074eb00 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1918484832: fffffff2 68 58 4c 00 ffffffa2 21 66 ffffff88 70 ffffffc4 ffffffbb fffffff2 ffffff99 5e 73 13 40 4b ffffffc2 33 ffffffea 0c ffffffaa 26 ffffff9b ffffffae ffffffff ffffff9f 48 46 ffffffb8 29 34 ffffffb7 ffffffe2 fffffff8 30 ffffffe7 38 ffffffc7 44 ffffff83 ffffffef 28 44 ffffff84 ffffff82 ffffffbd ffffffaf ffffffed fffffff9 36 ffffffe2 42 69 ffffffa3 5f 0c 58 1a 66 fffffff1 42 fffffff2 48 ffffffa3 4f ffffff99 05 1c 2a 08 2e ffffff94 66 35 ffffffb9 11 38 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 80 bytes at 0x7f45680017c0 | unwrapped: 6b e2 14 0e db 0e 03 67 51 79 6b 8b 3c 1b e9 65 | unwrapped: 6a df b0 5a 4c 3a 8f 98 3e 21 e0 bf 75 62 f5 e4 | unwrapped: 82 58 f2 d4 d0 fa a5 d0 5b b0 72 19 e6 a8 0d ef | unwrapped: 8e d6 d0 72 5d 6b d9 63 ea 48 51 6a ee b6 df 84 | unwrapped: 97 77 0f 81 26 36 14 86 dd c5 49 2c 24 a3 cb 98 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f457259c520 | result: final-key@0x556c507543d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c507543d0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457259c508 | result: final-key@0x556c5076d180 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c507543d0 | prf+0 PRF sha final-key@0x556c5076d180 (size 20) | prf+0: key-key@0x556c5076d180 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x556c5076d180 | prf+N PRF sha init key-key@0x7f45600069f0 (size 20) | prf+N: key-key@0x7f45600069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f45600069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457259c518 | result: clone-key@0x556c507543d0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f4568003aa0 from key-key@0x556c507543d0 | prf+N prf: begin sha with context 0x7f4568003aa0 from key-key@0x556c507543d0 | prf+N: release clone-key@0x556c507543d0 | prf+N PRF sha crypt-prf@0x7f45680010c0 | prf+N PRF sha update old_t-key@0x556c5076d180 (size 20) | prf+N: old_t-key@0x556c5076d180 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x556c5076d180 | nss hmac digest hack: symkey-key@0x556c5076d180 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1918484832: ffffffd9 ffffff88 36 ffffffb8 35 3b 54 2a 2a ffffffac ffffffdd 47 31 ffffff8f 42 68 ffffffbe ffffffcf 62 70 ffffffdf fffffff7 ffffffc1 33 ffffffaa ffffffd4 ffffffdc 32 05 69 60 3a | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x7f45680058b0 | unwrapped: a4 64 eb 0f cd 1c 3e 75 f1 90 6e bd 32 1e 52 07 | unwrapped: c7 d0 d9 f0 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x556c5074eb00 (size 80) | prf+N: seed-key@0x556c5074eb00 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x556c5074eb00 | nss hmac digest hack: symkey-key@0x556c5074eb00 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1918484832: fffffff2 68 58 4c 00 ffffffa2 21 66 ffffff88 70 ffffffc4 ffffffbb fffffff2 ffffff99 5e 73 13 40 4b ffffffc2 33 ffffffea 0c ffffffaa 26 ffffff9b ffffffae ffffffff ffffff9f 48 46 ffffffb8 29 34 ffffffb7 ffffffe2 fffffff8 30 ffffffe7 38 ffffffc7 44 ffffff83 ffffffef 28 44 ffffff84 ffffff82 ffffffbd ffffffaf ffffffed fffffff9 36 ffffffe2 42 69 ffffffa3 5f 0c 58 1a 66 fffffff1 42 fffffff2 48 ffffffa3 4f ffffff99 05 1c 2a 08 2e ffffff94 66 35 ffffffb9 11 38 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 80 bytes at 0x7f4568001880 | unwrapped: 6b e2 14 0e db 0e 03 67 51 79 6b 8b 3c 1b e9 65 | unwrapped: 6a df b0 5a 4c 3a 8f 98 3e 21 e0 bf 75 62 f5 e4 | unwrapped: 82 58 f2 d4 d0 fa a5 d0 5b b0 72 19 e6 a8 0d ef | unwrapped: 8e d6 d0 72 5d 6b d9 63 ea 48 51 6a ee b6 df 84 | unwrapped: 97 77 0f 81 26 36 14 86 dd c5 49 2c 24 a3 cb 98 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f457259c520 | result: final-key@0x556c5075ae20 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c5075ae20 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457259c508 | result: final-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c5075ae20 | prf+N PRF sha final-key@0x556c507543d0 (size 20) | prf+N: key-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c5076d180 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f457259c598 | result: result-key@0x556c5075ae20 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x556c5076d180 | prfplus: release old_t[N]-key@0x556c5076d180 | prf+N PRF sha init key-key@0x7f45600069f0 (size 20) | prf+N: key-key@0x7f45600069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f45600069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457259c518 | result: clone-key@0x556c5076d180 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f4568003aa0 from key-key@0x556c5076d180 | prf+N prf: begin sha with context 0x7f4568003aa0 from key-key@0x556c5076d180 | prf+N: release clone-key@0x556c5076d180 | prf+N PRF sha crypt-prf@0x7f4568001ae0 | prf+N PRF sha update old_t-key@0x556c507543d0 (size 20) | prf+N: old_t-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x556c507543d0 | nss hmac digest hack: symkey-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1918484832: ffffff86 5d 3a ffffffe0 ffffff99 ffffff90 31 5f ffffff8e ffffffa6 ffffffd4 11 1b ffffffd6 ffffff95 4e ffffffeb 3e 51 7d 34 ffffffcc 21 ffffffed 03 04 ffffff96 ffffffe1 ffffffeb ffffff91 20 10 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x7f45680065f0 | unwrapped: 5f 4f 92 d2 b6 e1 f5 47 22 d4 27 d2 c9 5b 8b dd | unwrapped: 03 89 41 36 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x556c5074eb00 (size 80) | prf+N: seed-key@0x556c5074eb00 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x556c5074eb00 | nss hmac digest hack: symkey-key@0x556c5074eb00 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1918484832: fffffff2 68 58 4c 00 ffffffa2 21 66 ffffff88 70 ffffffc4 ffffffbb fffffff2 ffffff99 5e 73 13 40 4b ffffffc2 33 ffffffea 0c ffffffaa 26 ffffff9b ffffffae ffffffff ffffff9f 48 46 ffffffb8 29 34 ffffffb7 ffffffe2 fffffff8 30 ffffffe7 38 ffffffc7 44 ffffff83 ffffffef 28 44 ffffff84 ffffff82 ffffffbd ffffffaf ffffffed fffffff9 36 ffffffe2 42 69 ffffffa3 5f 0c 58 1a 66 fffffff1 42 fffffff2 48 ffffffa3 4f ffffff99 05 1c 2a 08 2e ffffff94 66 35 ffffffb9 11 38 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 80 bytes at 0x7f4568001820 | unwrapped: 6b e2 14 0e db 0e 03 67 51 79 6b 8b 3c 1b e9 65 | unwrapped: 6a df b0 5a 4c 3a 8f 98 3e 21 e0 bf 75 62 f5 e4 | unwrapped: 82 58 f2 d4 d0 fa a5 d0 5b b0 72 19 e6 a8 0d ef | unwrapped: 8e d6 d0 72 5d 6b d9 63 ea 48 51 6a ee b6 df 84 | unwrapped: 97 77 0f 81 26 36 14 86 dd c5 49 2c 24 a3 cb 98 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f457259c520 | result: final-key@0x556c50757800 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c50757800 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457259c508 | result: final-key@0x556c5076d180 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c50757800 | prf+N PRF sha final-key@0x556c5076d180 (size 20) | prf+N: key-key@0x556c5076d180 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c5075ae20 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f457259c598 | result: result-key@0x556c50757800 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x556c5075ae20 | prfplus: release old_t[N]-key@0x556c507543d0 | prf+N PRF sha init key-key@0x7f45600069f0 (size 20) | prf+N: key-key@0x7f45600069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f45600069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457259c518 | result: clone-key@0x556c507543d0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f4568003aa0 from key-key@0x556c507543d0 | prf+N prf: begin sha with context 0x7f4568003aa0 from key-key@0x556c507543d0 | prf+N: release clone-key@0x556c507543d0 | prf+N PRF sha crypt-prf@0x7f45680010c0 | prf+N PRF sha update old_t-key@0x556c5076d180 (size 20) | prf+N: old_t-key@0x556c5076d180 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x556c5076d180 | nss hmac digest hack: symkey-key@0x556c5076d180 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1918484832: ffffffff 35 ffffffb4 ffffffce ffffff96 ffffff94 2f ffffffb7 1f ffffffa6 ffffffaf ffffffab ffffffbb ffffffcf 13 ffffffe4 76 ffffffb3 ffffffc3 ffffffbd ffffffed 2b 0a 14 17 ffffffc1 ffffff94 72 ffffffdb ffffffe0 ffffff86 7c | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x7f45680068b0 | unwrapped: 52 54 35 93 80 56 55 0b 74 fb a3 06 d4 68 98 5d | unwrapped: 3d 91 97 ed 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x556c5074eb00 (size 80) | prf+N: seed-key@0x556c5074eb00 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x556c5074eb00 | nss hmac digest hack: symkey-key@0x556c5074eb00 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1918484832: fffffff2 68 58 4c 00 ffffffa2 21 66 ffffff88 70 ffffffc4 ffffffbb fffffff2 ffffff99 5e 73 13 40 4b ffffffc2 33 ffffffea 0c ffffffaa 26 ffffff9b ffffffae ffffffff ffffff9f 48 46 ffffffb8 29 34 ffffffb7 ffffffe2 fffffff8 30 ffffffe7 38 ffffffc7 44 ffffff83 ffffffef 28 44 ffffff84 ffffff82 ffffffbd ffffffaf ffffffed fffffff9 36 ffffffe2 42 69 ffffffa3 5f 0c 58 1a 66 fffffff1 42 fffffff2 48 ffffffa3 4f ffffff99 05 1c 2a 08 2e ffffff94 66 35 ffffffb9 11 38 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 80 bytes at 0x7f4568005b80 | unwrapped: 6b e2 14 0e db 0e 03 67 51 79 6b 8b 3c 1b e9 65 | unwrapped: 6a df b0 5a 4c 3a 8f 98 3e 21 e0 bf 75 62 f5 e4 | unwrapped: 82 58 f2 d4 d0 fa a5 d0 5b b0 72 19 e6 a8 0d ef | unwrapped: 8e d6 d0 72 5d 6b d9 63 ea 48 51 6a ee b6 df 84 | unwrapped: 97 77 0f 81 26 36 14 86 dd c5 49 2c 24 a3 cb 98 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f457259c520 | result: final-key@0x556c5075ae20 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c5075ae20 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457259c508 | result: final-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c5075ae20 | prf+N PRF sha final-key@0x556c507543d0 (size 20) | prf+N: key-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c50757800 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f457259c598 | result: result-key@0x556c5075ae20 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x556c50757800 | prfplus: release old_t[N]-key@0x556c5076d180 | prf+N PRF sha init key-key@0x7f45600069f0 (size 20) | prf+N: key-key@0x7f45600069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f45600069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457259c518 | result: clone-key@0x556c5076d180 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f4568003aa0 from key-key@0x556c5076d180 | prf+N prf: begin sha with context 0x7f4568003aa0 from key-key@0x556c5076d180 | prf+N: release clone-key@0x556c5076d180 | prf+N PRF sha crypt-prf@0x7f4568001ae0 | prf+N PRF sha update old_t-key@0x556c507543d0 (size 20) | prf+N: old_t-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x556c507543d0 | nss hmac digest hack: symkey-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1918484832: ffffff87 1a 57 79 ffffffaf 68 56 fffffff6 ffffff97 ffffff9d ffffffb4 28 28 ffffff9f 0d 31 10 ffffff92 4e 52 40 ffffffa7 31 ffffff88 0f 48 5b ffffffae 5d 6c 32 34 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x7f45680037a0 | unwrapped: ce 71 50 63 11 39 82 eb 04 0a 5d 1d 90 38 03 67 | unwrapped: a8 af a7 3d 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x556c5074eb00 (size 80) | prf+N: seed-key@0x556c5074eb00 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x556c5074eb00 | nss hmac digest hack: symkey-key@0x556c5074eb00 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1918484832: fffffff2 68 58 4c 00 ffffffa2 21 66 ffffff88 70 ffffffc4 ffffffbb fffffff2 ffffff99 5e 73 13 40 4b ffffffc2 33 ffffffea 0c ffffffaa 26 ffffff9b ffffffae ffffffff ffffff9f 48 46 ffffffb8 29 34 ffffffb7 ffffffe2 fffffff8 30 ffffffe7 38 ffffffc7 44 ffffff83 ffffffef 28 44 ffffff84 ffffff82 ffffffbd ffffffaf ffffffed fffffff9 36 ffffffe2 42 69 ffffffa3 5f 0c 58 1a 66 fffffff1 42 fffffff2 48 ffffffa3 4f ffffff99 05 1c 2a 08 2e ffffff94 66 35 ffffffb9 11 38 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 80 bytes at 0x7f45680037a0 | unwrapped: 6b e2 14 0e db 0e 03 67 51 79 6b 8b 3c 1b e9 65 | unwrapped: 6a df b0 5a 4c 3a 8f 98 3e 21 e0 bf 75 62 f5 e4 | unwrapped: 82 58 f2 d4 d0 fa a5 d0 5b b0 72 19 e6 a8 0d ef | unwrapped: 8e d6 d0 72 5d 6b d9 63 ea 48 51 6a ee b6 df 84 | unwrapped: 97 77 0f 81 26 36 14 86 dd c5 49 2c 24 a3 cb 98 | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f457259c520 | result: final-key@0x556c50757800 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c50757800 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457259c508 | result: final-key@0x556c5076d180 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c50757800 | prf+N PRF sha final-key@0x556c5076d180 (size 20) | prf+N: key-key@0x556c5076d180 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c5075ae20 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f457259c598 | result: result-key@0x556c50757800 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x556c5075ae20 | prfplus: release old_t[N]-key@0x556c507543d0 | prf+N PRF sha init key-key@0x7f45600069f0 (size 20) | prf+N: key-key@0x7f45600069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f45600069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457259c518 | result: clone-key@0x556c507543d0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f45680043d0 from key-key@0x556c507543d0 | prf+N prf: begin sha with context 0x7f45680043d0 from key-key@0x556c507543d0 | prf+N: release clone-key@0x556c507543d0 | prf+N PRF sha crypt-prf@0x7f45680010c0 | prf+N PRF sha update old_t-key@0x556c5076d180 (size 20) | prf+N: old_t-key@0x556c5076d180 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x556c5076d180 | nss hmac digest hack: symkey-key@0x556c5076d180 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1918484832: ffffffe1 ffffffaa 5d ffffffea fffffffb 0d fffffffe 69 ffffffc4 ffffffcd 71 ffffffc6 42 33 67 75 3a ffffffff 01 39 5c ffffff89 ffffffe1 3e 14 ffffffe5 ffffff89 ffffffb0 6f ffffffca 4e 47 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x7f4568006a40 | unwrapped: 13 06 64 90 74 2a 99 7b 9d ac 33 83 a7 ed d1 27 | unwrapped: ee b9 a3 39 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x556c5074eb00 (size 80) | prf+N: seed-key@0x556c5074eb00 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x556c5074eb00 | nss hmac digest hack: symkey-key@0x556c5074eb00 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1918484832: fffffff2 68 58 4c 00 ffffffa2 21 66 ffffff88 70 ffffffc4 ffffffbb fffffff2 ffffff99 5e 73 13 40 4b ffffffc2 33 ffffffea 0c ffffffaa 26 ffffff9b ffffffae ffffffff ffffff9f 48 46 ffffffb8 29 34 ffffffb7 ffffffe2 fffffff8 30 ffffffe7 38 ffffffc7 44 ffffff83 ffffffef 28 44 ffffff84 ffffff82 ffffffbd ffffffaf ffffffed fffffff9 36 ffffffe2 42 69 ffffffa3 5f 0c 58 1a 66 fffffff1 42 fffffff2 48 ffffffa3 4f ffffff99 05 1c 2a 08 2e ffffff94 66 35 ffffffb9 11 38 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 80 bytes at 0x7f4568001880 | unwrapped: 6b e2 14 0e db 0e 03 67 51 79 6b 8b 3c 1b e9 65 | unwrapped: 6a df b0 5a 4c 3a 8f 98 3e 21 e0 bf 75 62 f5 e4 | unwrapped: 82 58 f2 d4 d0 fa a5 d0 5b b0 72 19 e6 a8 0d ef | unwrapped: 8e d6 d0 72 5d 6b d9 63 ea 48 51 6a ee b6 df 84 | unwrapped: 97 77 0f 81 26 36 14 86 dd c5 49 2c 24 a3 cb 98 | prf+N PRF sha update N++-byte@0x6 (6) | 06 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f457259c520 | result: final-key@0x556c5075ae20 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c5075ae20 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457259c508 | result: final-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c5075ae20 | prf+N PRF sha final-key@0x556c507543d0 (size 20) | prf+N: key-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c50757800 (100-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f457259c598 | result: result-key@0x556c5075ae20 (120-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x556c50757800 | prfplus: release old_t[N]-key@0x556c5076d180 | prf+N PRF sha init key-key@0x7f45600069f0 (size 20) | prf+N: key-key@0x7f45600069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f45600069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457259c518 | result: clone-key@0x556c5076d180 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f4568003aa0 from key-key@0x556c5076d180 | prf+N prf: begin sha with context 0x7f4568003aa0 from key-key@0x556c5076d180 | prf+N: release clone-key@0x556c5076d180 | prf+N PRF sha crypt-prf@0x7f4568001ae0 | prf+N PRF sha update old_t-key@0x556c507543d0 (size 20) | prf+N: old_t-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x556c507543d0 | nss hmac digest hack: symkey-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1918484832: ffffffaa 08 36 76 4c 7b ffffff96 ffffff92 ffffffc4 ffffffaf ffffff83 7a ffffffdb 7c 44 ffffffa1 4c ffffffe7 3c ffffff82 4c ffffffb3 ffffffeb 7a 41 65 fffffffa ffffff8a 4e 5f ffffff90 ffffffaa | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x7f4568006a40 | unwrapped: e5 35 da e0 26 0c b3 0c dd 78 c1 1c 79 56 a5 8e | unwrapped: 42 04 ab 46 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x556c5074eb00 (size 80) | prf+N: seed-key@0x556c5074eb00 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x556c5074eb00 | nss hmac digest hack: symkey-key@0x556c5074eb00 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1918484832: fffffff2 68 58 4c 00 ffffffa2 21 66 ffffff88 70 ffffffc4 ffffffbb fffffff2 ffffff99 5e 73 13 40 4b ffffffc2 33 ffffffea 0c ffffffaa 26 ffffff9b ffffffae ffffffff ffffff9f 48 46 ffffffb8 29 34 ffffffb7 ffffffe2 fffffff8 30 ffffffe7 38 ffffffc7 44 ffffff83 ffffffef 28 44 ffffff84 ffffff82 ffffffbd ffffffaf ffffffed fffffff9 36 ffffffe2 42 69 ffffffa3 5f 0c 58 1a 66 fffffff1 42 fffffff2 48 ffffffa3 4f ffffff99 05 1c 2a 08 2e ffffff94 66 35 ffffffb9 11 38 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 80 bytes at 0x7f45680037a0 | unwrapped: 6b e2 14 0e db 0e 03 67 51 79 6b 8b 3c 1b e9 65 | unwrapped: 6a df b0 5a 4c 3a 8f 98 3e 21 e0 bf 75 62 f5 e4 | unwrapped: 82 58 f2 d4 d0 fa a5 d0 5b b0 72 19 e6 a8 0d ef | unwrapped: 8e d6 d0 72 5d 6b d9 63 ea 48 51 6a ee b6 df 84 | unwrapped: 97 77 0f 81 26 36 14 86 dd c5 49 2c 24 a3 cb 98 | prf+N PRF sha update N++-byte@0x7 (7) | 07 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f457259c520 | result: final-key@0x556c50757800 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c50757800 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457259c508 | result: final-key@0x556c5076d180 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c50757800 | prf+N PRF sha final-key@0x556c5076d180 (size 20) | prf+N: key-key@0x556c5076d180 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c5075ae20 (120-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f457259c598 | result: result-key@0x556c50757800 (140-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x556c5075ae20 | prfplus: release old_t[N]-key@0x556c507543d0 | prf+N PRF sha init key-key@0x7f45600069f0 (size 20) | prf+N: key-key@0x7f45600069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f45600069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457259c518 | result: clone-key@0x556c507543d0 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x7f4568003aa0 from key-key@0x556c507543d0 | prf+N prf: begin sha with context 0x7f4568003aa0 from key-key@0x556c507543d0 | prf+N: release clone-key@0x556c507543d0 | prf+N PRF sha crypt-prf@0x7f45680010c0 | prf+N PRF sha update old_t-key@0x556c5076d180 (size 20) | prf+N: old_t-key@0x556c5076d180 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x556c5076d180 | nss hmac digest hack: symkey-key@0x556c5076d180 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1918484832: ffffffbf ffffffdc ffffff82 4d 25 ffffffeb ffffffe0 fffffffd ffffffec ffffffa4 fffffffb ffffff93 ffffff81 42 ffffff85 75 ffffffb2 53 75 fffffff8 ffffffbd 31 ffffffd3 12 ffffff9f ffffffd6 56 ffffffbf 70 01 ffffff9f 6d | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x7f4568006a40 | unwrapped: 6b 96 15 df 46 2f 5b 7f e7 e4 34 01 5d 59 b1 9e | unwrapped: a0 0b 1e df 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x556c5074eb00 (size 80) | prf+N: seed-key@0x556c5074eb00 (80-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 80 bytes of key@0x556c5074eb00 | nss hmac digest hack: symkey-key@0x556c5074eb00 (80-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (80-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 80 | wrapper: (SECItemType)1918484832: fffffff2 68 58 4c 00 ffffffa2 21 66 ffffff88 70 ffffffc4 ffffffbb fffffff2 ffffff99 5e 73 13 40 4b ffffffc2 33 ffffffea 0c ffffffaa 26 ffffff9b ffffffae ffffffff ffffff9f 48 46 ffffffb8 29 34 ffffffb7 ffffffe2 fffffff8 30 ffffffe7 38 ffffffc7 44 ffffff83 ffffffef 28 44 ffffff84 ffffff82 ffffffbd ffffffaf ffffffed fffffff9 36 ffffffe2 42 69 ffffffa3 5f 0c 58 1a 66 fffffff1 42 fffffff2 48 ffffffa3 4f ffffff99 05 1c 2a 08 2e ffffff94 66 35 ffffffb9 11 38 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 80 bytes at 0x7f4568001820 | unwrapped: 6b e2 14 0e db 0e 03 67 51 79 6b 8b 3c 1b e9 65 | unwrapped: 6a df b0 5a 4c 3a 8f 98 3e 21 e0 bf 75 62 f5 e4 | unwrapped: 82 58 f2 d4 d0 fa a5 d0 5b b0 72 19 e6 a8 0d ef | unwrapped: 8e d6 d0 72 5d 6b d9 63 ea 48 51 6a ee b6 df 84 | unwrapped: 97 77 0f 81 26 36 14 86 dd c5 49 2c 24 a3 cb 98 | prf+N PRF sha update N++-byte@0x8 (8) | 08 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7f457259c520 | result: final-key@0x556c5075ae20 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c5075ae20 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457259c508 | result: final-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c5075ae20 | prf+N PRF sha final-key@0x556c507543d0 (size 20) | prf+N: key-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c50757800 (140-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7f457259c598 | result: result-key@0x556c5075ae20 (160-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x556c50757800 | prfplus: release old_t[N]-key@0x556c5076d180 | prfplus: release old_t[final]-key@0x556c507543d0 | ike_sa_keymat: release data-key@0x556c5074eb00 | calc_skeyseed_v2: release skeyseed_k-key@0x7f45600069f0 | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c5075ae20 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457259c738 | result: result-key@0x7f45600069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 20, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c5075ae20 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457259c738 | result: result-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 40, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c5075ae20 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457259c738 | result: result-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 60, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: DES3_CBC | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x556c5075ae20 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457259c748 | result: SK_ei_k-key@0x556c5076d180 (24-bytes, DES3_CBC) | initiator salt NULL key has no bytes | calc_skeyseed_v2: release initiator-salt-key-key@NULL | key-offset: 84, key-size: 24 | EXTRACT_KEY_FROM_KEY: | target: DES3_CBC | flags: ENCRYPT+DECRYPT | key_size: 24-bytes | base: base-key@0x556c5075ae20 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457259c748 | result: SK_er_k-key@0x556c50757800 (24-bytes, DES3_CBC) | responder salt NULL key has no bytes | calc_skeyseed_v2: release responder-salt-key-key@NULL | key-offset: 108, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c5075ae20 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457259c748 | result: result-key@0x7f456000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pi extracting all 20 bytes of key@0x7f456000a510 | chunk_SK_pi: symkey-key@0x7f456000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | chunk_SK_pi: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1717986848: ffffff9d ffffff98 15 57 ffffffd5 ffffffdf 74 ffffff8a 1d ffffffac ffffffe5 46 28 74 ffffffc2 23 ffffff8c ffffffb4 fffffff4 5f ffffffed ffffffe1 54 29 3f 19 74 fffffff9 ffffff82 1b ffffffb5 ffffff89 | chunk_SK_pi: release slot-key-key@0x556c50750fd0 | chunk_SK_pi extracted len 32 bytes at 0x7f45680062f0 | unwrapped: dd 78 c1 1c 79 56 a5 8e 42 04 ab 46 6b 96 15 df | unwrapped: 46 2f 5b 7f 00 00 00 00 00 00 00 00 00 00 00 00 | key-offset: 128, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c5075ae20 (160-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7f457259c748 | result: result-key@0x556c50771420 (20-bytes, EXTRACT_KEY_FROM_KEY) | chunk_SK_pr extracting all 20 bytes of key@0x556c50771420 | chunk_SK_pr: symkey-key@0x556c50771420 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | chunk_SK_pr: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)1717986848: ffffffca ffffffd0 ffffffce ffffffee ffffff89 ffffffd0 ffffffdc ffffff82 70 6f ffffffeb ffffffee ffffff97 2e 04 fffffff2 34 ffffffd8 22 5a fffffff4 51 21 ffffffd9 50 ffffffd3 68 ffffff90 4c 30 ffffffcd 7b | chunk_SK_pr: release slot-key-key@0x556c50750fd0 | chunk_SK_pr extracted len 32 bytes at 0x7f4568006320 | unwrapped: e7 e4 34 01 5d 59 b1 9e a0 0b 1e df 12 b1 d0 f0 | unwrapped: 38 08 82 d8 00 00 00 00 00 00 00 00 00 00 00 00 | NSS ikev2: finished computing individual keys for IKEv2 SA | calc_skeyseed_v2: release finalkey-key@0x556c5075ae20 | calc_skeyseed_v2 pointers: shared-key@0x7f456000d640, SK_d-key@0x7f45600069f0, SK_ai-key@0x556c5074eb00, SK_ar-key@0x556c507543d0, SK_ei-key@0x556c5076d180, SK_er-key@0x556c50757800, SK_pi-key@0x7f456000a510, SK_pr-key@0x556c50771420 | calc_skeyseed_v2 initiator salt | | calc_skeyseed_v2 responder salt | | calc_skeyseed_v2 SK_pi | dd 78 c1 1c 79 56 a5 8e 42 04 ab 46 6b 96 15 df | 46 2f 5b 7f | calc_skeyseed_v2 SK_pr | e7 e4 34 01 5d 59 b1 9e a0 0b 1e df 12 b1 d0 f0 | 38 08 82 d8 | crypto helper 1 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 22 time elapsed 0.005487 seconds | (#21) spent 3.48 milliseconds in crypto helper computing work-order 22: ikev2_inR1outI2 KE (pcr) | crypto helper 1 sending results from work-order 22 for state #21 to event queue | scheduling resume sending helper answer for #21 | libevent_malloc: new ptr-libevent@0x7f4568004b10 size 128 | crypto helper 1 waiting (nothing to do) | processing resume sending helper answer for #21 | start processing: state #21 connection "3des" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 1 replies to request ID 22 | calling continuation function 0x556c4f6f1630 | ikev2_parent_inR1outI2_continue for #21: calculating g^{xy}, sending I2 | DH secret MODP2048@0x7f45540010c0: transferring ownership from helper IKEv2 DH to state #21 | finish_dh_v2: release st_shared_nss-key@NULL | creating state object #22 at 0x556c5076dc10 | State DB: adding IKEv2 state #22 in UNDEFINED | pstats #22 ikev2.child started | duplicating state object #21 "3des" as #22 for IPSEC SA | #22 setting local endpoint to 192.1.2.45:500 from #21.st_localport (in duplicate_state() at state.c:1481) | duplicate_state: reference st_skeyid_nss-key@NULL | duplicate_state: reference st_skey_d_nss-key@0x7f45600069f0 | duplicate_state: reference st_skey_ai_nss-key@0x556c5074eb00 | duplicate_state: reference st_skey_ar_nss-key@0x556c507543d0 | duplicate_state: reference st_skey_ei_nss-key@0x556c5076d180 | duplicate_state: reference st_skey_er_nss-key@0x556c50757800 | duplicate_state: reference st_skey_pi_nss-key@0x7f456000a510 | duplicate_state: reference st_skey_pr_nss-key@0x556c50771420 | duplicate_state: reference st_enc_key_nss-key@NULL | duplicate_state: reference st_sk_d_no_ppk-key@NULL | duplicate_state: reference st_sk_pi_no_ppk-key@NULL | duplicate_state: reference st_sk_pr_no_ppk-key@NULL | Message ID: init_child #21.#22; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 | Message ID: switch-from #21 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 | Message ID: switch-to #21.#22 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 | state #21 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f4554008840 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f455c001560 | event_schedule: new EVENT_SA_REPLACE-pe@0x7f455c001560 | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #21 | libevent_malloc: new ptr-libevent@0x7f4554008840 size 128 | parent state #21: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) | **emit ISAKMP Message: | initiator cookie: | 97 77 0f 81 26 36 14 86 | responder cookie: | dd c5 49 2c 24 a3 cb 98 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 1 (0x1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | IKEv2 CERT: send a certificate? | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK | IDr payload will be sent | hmac PRF sha init symkey-key@0x7f456000a510 (size 20) | hmac: symkey-key@0x7f456000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f456000a510 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a288 | result: clone-key@0x556c5075ae20 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x556c50750530 from symkey-key@0x556c5075ae20 | hmac prf: begin sha with context 0x556c50750530 from symkey-key@0x556c5075ae20 | hmac: release clone-key@0x556c5075ae20 | hmac PRF sha crypt-prf@0x556c50769e30 | ****emit IKEv2 Identification - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload | my identity 77 65 73 74 | emitting length of IKEv2 Identification - Initiator - Payload: 12 | idhash calc I2 02 00 00 00 77 65 73 74 | hmac PRF sha update data-bytes@0x556c4f7f096c (length 8) | 02 00 00 00 77 65 73 74 | hmac PRF sha final-bytes@0x7ffdc298a820 (length 20) | 1d c6 a2 35 42 24 94 38 bf 08 e3 d0 7d b6 41 f0 | 8c dc 5c c7 | ****emit IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | ID type: ID_FQDN (0x2) | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload | IDr 65 61 73 74 | emitting length of IKEv2 Identification - Responder - Payload: 12 | not sending INITIAL_CONTACT | ****emit IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | auth method: IKEv2_AUTH_SHARED (0x2) | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_PSK | 1: compared key @east to @west / @east -> 004 | 2: compared key @west to @west / @east -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x556c5075d550 (line=1) | concluding with best_match=014 best=0x556c5075d550 (lineno=1) | inputs to hash1 (first packet) | 97 77 0f 81 26 36 14 86 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 03 | 80 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 85 d5 0d 50 03 83 b0 5e e6 19 95 0c | ef 05 7c 44 82 39 fb 0b 41 6d 5b 2e 26 e0 c9 e2 | 95 55 77 7b ab 59 2c e3 9f 8f 26 5d 56 54 36 6c | 93 bd f6 93 1e 52 da 6c be f7 44 5e 86 b1 8a 68 | 82 38 59 5a 94 df d4 cf da 34 96 48 c6 d5 2e f5 | b4 51 cf 24 d0 a9 b4 f5 f4 05 99 db 0d 85 1c 14 | 7e 0a 89 96 7a 5e 72 33 6a c2 c8 8b f1 89 08 d7 | ae 12 d4 05 55 ec 0c 6e 1d fa dd 3e c0 23 73 a6 | 8c 6c 32 46 f2 a4 6e 74 e0 01 13 42 fe 8b fd 1a | b7 04 9e 08 45 d1 0b 17 97 ee 66 d2 0e a4 e2 a9 | 6f 48 76 c7 a6 05 ce 92 9b 5c 06 a7 6b aa 28 56 | 00 71 1e c4 30 6e 0f c5 54 c6 6b dc ac d8 f4 4a | 28 10 ab de 64 d4 4d f7 4d d9 25 62 f4 8e c3 12 | 1f 30 24 a8 ee 36 a7 23 4b 44 c5 76 27 ac e8 53 | 99 be 15 bd 8c 09 dc 05 6b bf c5 65 40 02 c3 6d | 2e 6e 36 09 22 c4 77 4a 99 d9 35 99 1b 0e 9c 04 | 3f 77 ac af 29 00 00 24 6b e2 14 0e db 0e 03 67 | 51 79 6b 8b 3c 1b e9 65 6a df b0 5a 4c 3a 8f 98 | 3e 21 e0 bf 75 62 f5 e4 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 78 45 54 6e 32 0c d1 65 | bb a1 99 9b c3 aa e8 58 67 d3 c3 58 00 00 00 1c | 00 00 40 05 95 08 88 e5 b8 57 cc bd d3 da d0 da | 30 73 df 88 c9 83 88 0f | create: initiator inputs to hash2 (responder nonce) | 82 58 f2 d4 d0 fa a5 d0 5b b0 72 19 e6 a8 0d ef | 8e d6 d0 72 5d 6b d9 63 ea 48 51 6a ee b6 df 84 | idhash 1d c6 a2 35 42 24 94 38 bf 08 e3 d0 7d b6 41 f0 | idhash 8c dc 5c c7 | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x556c50767d30 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298a080 | result: shared secret-key@0x7f4568006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x7f4568006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a068 | result: shared secret-key@0x556c5075ae20 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x7f4568006900 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x556c50750530 from shared secret-key@0x556c5075ae20 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x556c50750530 from shared secret-key@0x556c5075ae20 | = prf(,"Key Pad for IKEv2"): release clone-key@0x556c5075ae20 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x556c506cb890 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x556c4f784bb0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298a0a0 | result: final-key@0x7f4568006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f4568006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a088 | result: final-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f4568006900 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x556c5075ae20 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x556c5075ae20 (size 20) | = prf(, ): -key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a098 | result: clone-key@0x7f4568006900 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x556c50750530 from -key@0x7f4568006900 | = prf(, ) prf: begin sha with context 0x556c50750530 from -key@0x7f4568006900 | = prf(, ): release clone-key@0x7f4568006900 | = prf(, ) PRF sha crypt-prf@0x556c506cb8b0 | = prf(, ) PRF sha update first-packet-bytes@0x556c5076ac80 (length 440) | 97 77 0f 81 26 36 14 86 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 03 | 80 0e 00 00 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 85 d5 0d 50 03 83 b0 5e e6 19 95 0c | ef 05 7c 44 82 39 fb 0b 41 6d 5b 2e 26 e0 c9 e2 | 95 55 77 7b ab 59 2c e3 9f 8f 26 5d 56 54 36 6c | 93 bd f6 93 1e 52 da 6c be f7 44 5e 86 b1 8a 68 | 82 38 59 5a 94 df d4 cf da 34 96 48 c6 d5 2e f5 | b4 51 cf 24 d0 a9 b4 f5 f4 05 99 db 0d 85 1c 14 | 7e 0a 89 96 7a 5e 72 33 6a c2 c8 8b f1 89 08 d7 | ae 12 d4 05 55 ec 0c 6e 1d fa dd 3e c0 23 73 a6 | 8c 6c 32 46 f2 a4 6e 74 e0 01 13 42 fe 8b fd 1a | b7 04 9e 08 45 d1 0b 17 97 ee 66 d2 0e a4 e2 a9 | 6f 48 76 c7 a6 05 ce 92 9b 5c 06 a7 6b aa 28 56 | 00 71 1e c4 30 6e 0f c5 54 c6 6b dc ac d8 f4 4a | 28 10 ab de 64 d4 4d f7 4d d9 25 62 f4 8e c3 12 | 1f 30 24 a8 ee 36 a7 23 4b 44 c5 76 27 ac e8 53 | 99 be 15 bd 8c 09 dc 05 6b bf c5 65 40 02 c3 6d | 2e 6e 36 09 22 c4 77 4a 99 d9 35 99 1b 0e 9c 04 | 3f 77 ac af 29 00 00 24 6b e2 14 0e db 0e 03 67 | 51 79 6b 8b 3c 1b e9 65 6a df b0 5a 4c 3a 8f 98 | 3e 21 e0 bf 75 62 f5 e4 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 78 45 54 6e 32 0c d1 65 | bb a1 99 9b c3 aa e8 58 67 d3 c3 58 00 00 00 1c | 00 00 40 05 95 08 88 e5 b8 57 cc bd d3 da d0 da | 30 73 df 88 c9 83 88 0f | = prf(, ) PRF sha update nonce-bytes@0x556c50771510 (length 32) | 82 58 f2 d4 d0 fa a5 d0 5b b0 72 19 e6 a8 0d ef | 8e d6 d0 72 5d 6b d9 63 ea 48 51 6a ee b6 df 84 | = prf(, ) PRF sha update hash-bytes@0x7ffdc298a820 (length 20) | 1d c6 a2 35 42 24 94 38 bf 08 e3 d0 7d b6 41 f0 | 8c dc 5c c7 | = prf(, ) PRF sha final-chunk@0x556c5076b490 (length 20) | cc a7 d2 36 9a da 0c fd 0b 67 b4 81 ef 05 de 39 | b8 c1 fb 59 | psk_auth: release prf-psk-key@0x556c5075ae20 | PSK auth octets cc a7 d2 36 9a da 0c fd 0b 67 b4 81 ef 05 de 39 | PSK auth octets b8 c1 fb 59 | emitting 20 raw bytes of PSK auth into IKEv2 Authentication Payload | PSK auth cc a7 d2 36 9a da 0c fd 0b 67 b4 81 ef 05 de 39 | PSK auth b8 c1 fb 59 | emitting length of IKEv2 Authentication Payload: 28 | getting first pending from state #21 | netlink_get_spi: allocated 0x6140df86 for esp.0@192.1.2.45 | constructing ESP/AH proposals with all DH removed for 3des (IKE SA initiator emitting ESP/AH proposals) | converting proposal 3DES_CBC-HMAC_SHA1_96-MODP2048 to ikev2 ... | omitting IKEv2 PROTO_v2_ESP 3des_cbc ENCRYPT transform key-length | ... ikev2_proposal: 1:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED "3des": constructed local ESP/AH proposals for 3des (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Emitting ikev2_proposals ... | ****emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | discarding DH=NONE | *****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload | our spi 61 40 df 86 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | discarding DH=NONE | ******emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 36 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 40 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ****emit IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 00 01 00 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 00 01 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 | ****emit IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | number of TS: 1 (0x1) | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' | *****emit IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | start port: 0 (0x0) | end port: 65535 (0xffff) | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector | IP start c0 00 02 00 | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector | IP end c0 00 02 ff | emitting length of IKEv2 Traffic Selector: 16 | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED | adding 4 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 168 | emitting length of ISAKMP Message: 196 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | 21 b8 e4 07 95 88 fe c8 | data before encryption: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c | 02 00 00 00 65 61 73 74 21 00 00 1c 02 00 00 00 | cc a7 d2 36 9a da 0c fd 0b 67 b4 81 ef 05 de 39 | b8 c1 fb 59 2c 00 00 28 00 00 00 24 01 03 04 03 | 61 40 df 86 03 00 00 08 01 00 00 03 03 00 00 08 | 03 00 00 02 00 00 00 08 05 00 00 00 2d 00 00 18 | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 01 00 | c0 00 01 ff 00 00 00 18 01 00 00 00 07 00 00 10 | 00 00 ff ff c0 00 02 00 c0 00 02 ff 00 01 02 03 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | data after encryption: | b4 4b 8b 7c c3 14 ac 0e e7 1b 5c e9 c3 ce 4d 1a | 22 f9 35 b3 11 dc c0 66 16 26 ab ac 70 a2 8e 31 | b6 ea 08 aa 7c 08 67 91 03 03 9d 92 5b 7d 99 08 | 24 b1 22 a4 4f 71 96 a3 b3 88 af c4 8d 31 bf 35 | 0b bd e1 0f 8c 66 5f 99 ab 8c 23 f8 5f 62 92 a6 | 3b cc c2 e9 1b 00 e4 61 60 e4 f6 a0 78 17 a8 2a | 71 2e c3 c7 0e c6 e2 e5 d6 fd 51 bc ad 12 4d dd | 69 5d fd ec 0c 41 20 d1 dd bf 5f 69 78 4c 73 fe | a9 c1 7d 9b e3 2a 31 a0 d5 ff 57 32 e3 02 e5 26 | hmac PRF sha init symkey-key@0x556c5074eb00 (size 20) | hmac: symkey-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a198 | result: clone-key@0x556c5075ae20 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x556c50750530 from symkey-key@0x556c5075ae20 | hmac prf: begin sha with context 0x556c50750530 from symkey-key@0x556c5075ae20 | hmac: release clone-key@0x556c5075ae20 | hmac PRF sha crypt-prf@0x556c506cb890 | hmac PRF sha update data-bytes@0x556c4f7f0940 (length 184) | 97 77 0f 81 26 36 14 86 dd c5 49 2c 24 a3 cb 98 | 2e 20 23 08 00 00 00 01 00 00 00 c4 23 00 00 a8 | 21 b8 e4 07 95 88 fe c8 b4 4b 8b 7c c3 14 ac 0e | e7 1b 5c e9 c3 ce 4d 1a 22 f9 35 b3 11 dc c0 66 | 16 26 ab ac 70 a2 8e 31 b6 ea 08 aa 7c 08 67 91 | 03 03 9d 92 5b 7d 99 08 24 b1 22 a4 4f 71 96 a3 | b3 88 af c4 8d 31 bf 35 0b bd e1 0f 8c 66 5f 99 | ab 8c 23 f8 5f 62 92 a6 3b cc c2 e9 1b 00 e4 61 | 60 e4 f6 a0 78 17 a8 2a 71 2e c3 c7 0e c6 e2 e5 | d6 fd 51 bc ad 12 4d dd 69 5d fd ec 0c 41 20 d1 | dd bf 5f 69 78 4c 73 fe a9 c1 7d 9b e3 2a 31 a0 | d5 ff 57 32 e3 02 e5 26 | hmac PRF sha final-bytes@0x556c4f7f09f8 (length 20) | 30 16 75 75 31 ff eb 04 35 de 2c d6 17 16 4e 9d | c4 d6 62 34 | data being hmac: 97 77 0f 81 26 36 14 86 dd c5 49 2c 24 a3 cb 98 | data being hmac: 2e 20 23 08 00 00 00 01 00 00 00 c4 23 00 00 a8 | data being hmac: 21 b8 e4 07 95 88 fe c8 b4 4b 8b 7c c3 14 ac 0e | data being hmac: e7 1b 5c e9 c3 ce 4d 1a 22 f9 35 b3 11 dc c0 66 | data being hmac: 16 26 ab ac 70 a2 8e 31 b6 ea 08 aa 7c 08 67 91 | data being hmac: 03 03 9d 92 5b 7d 99 08 24 b1 22 a4 4f 71 96 a3 | data being hmac: b3 88 af c4 8d 31 bf 35 0b bd e1 0f 8c 66 5f 99 | data being hmac: ab 8c 23 f8 5f 62 92 a6 3b cc c2 e9 1b 00 e4 61 | data being hmac: 60 e4 f6 a0 78 17 a8 2a 71 2e c3 c7 0e c6 e2 e5 | data being hmac: d6 fd 51 bc ad 12 4d dd 69 5d fd ec 0c 41 20 d1 | data being hmac: dd bf 5f 69 78 4c 73 fe a9 c1 7d 9b e3 2a 31 a0 | data being hmac: d5 ff 57 32 e3 02 e5 26 | out calculated auth: | 30 16 75 75 31 ff eb 04 35 de 2c d6 | suspend processing: state #21 connection "3des" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | start processing: state #22 connection "3des" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #22 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 | child state #22: UNDEFINED(ignore) => PARENT_I2(open IKE SA) | Message ID: updating counters for #22 to 0 after switching state | Message ID: recv #21.#22 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 | Message ID: sent #21.#22 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 "3des" #22: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=3DES_CBC_192 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP2048} | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 196 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #21) | 97 77 0f 81 26 36 14 86 dd c5 49 2c 24 a3 cb 98 | 2e 20 23 08 00 00 00 01 00 00 00 c4 23 00 00 a8 | 21 b8 e4 07 95 88 fe c8 b4 4b 8b 7c c3 14 ac 0e | e7 1b 5c e9 c3 ce 4d 1a 22 f9 35 b3 11 dc c0 66 | 16 26 ab ac 70 a2 8e 31 b6 ea 08 aa 7c 08 67 91 | 03 03 9d 92 5b 7d 99 08 24 b1 22 a4 4f 71 96 a3 | b3 88 af c4 8d 31 bf 35 0b bd e1 0f 8c 66 5f 99 | ab 8c 23 f8 5f 62 92 a6 3b cc c2 e9 1b 00 e4 61 | 60 e4 f6 a0 78 17 a8 2a 71 2e c3 c7 0e c6 e2 e5 | d6 fd 51 bc ad 12 4d dd 69 5d fd ec 0c 41 20 d1 | dd bf 5f 69 78 4c 73 fe a9 c1 7d 9b e3 2a 31 a0 | d5 ff 57 32 e3 02 e5 26 30 16 75 75 31 ff eb 04 | 35 de 2c d6 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x556c50772e10 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #22 | libevent_malloc: new ptr-libevent@0x7f45500068c0 size 128 | #22 STATE_PARENT_I2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49499.805425 | resume sending helper answer for #21 suppresed complete_v2_state_transition() | #21 spent 1.08 milliseconds in resume sending helper answer | stop processing: state #22 connection "3des" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f4568004b10 | spent 0 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 188 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 97 77 0f 81 26 36 14 86 dd c5 49 2c 24 a3 cb 98 | 2e 20 23 20 00 00 00 01 00 00 00 bc 24 00 00 a0 | a8 8a 22 f6 ea 5d f2 0a 10 9a c4 ef 34 e4 77 e2 | 7d f0 8f aa 2d 76 7c 51 ad cf b1 39 e9 1d 8d 84 | 1c a2 1a 06 57 d3 b3 70 dd 63 3b f3 0d 31 78 de | 73 0f a4 ea 69 ab a0 8f e1 43 d2 f0 e9 1b 16 63 | de d0 7a 63 2f 27 73 6d 2b dd 41 b1 7a a4 b2 3d | 45 c4 1a 74 36 3d 25 e9 d1 2d 26 3a ef 03 d6 d1 | d5 7f 45 49 b7 fd d9 68 ed e8 b1 4d 0f c8 2d c3 | cf ed a3 2b f4 00 c6 ae bf 4b 81 5b 90 7b 39 30 | b2 ad 3f f6 c5 fb 16 11 16 9a d6 a0 df 9a a0 6c | 28 55 6d 3f 6b c3 61 0d fc bc 30 6a | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 97 77 0f 81 26 36 14 86 | responder cookie: | dd c5 49 2c 24 a3 cb 98 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_AUTH (0x23) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 1 (0x1) | length: 188 (0xbc) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response | State DB: found IKEv2 state #21 in PARENT_I2 (find_v2_ike_sa) | start processing: state #21 connection "3des" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | State DB: found IKEv2 state #22 in PARENT_I2 (find_v2_sa_by_initiator_wip) | suspend processing: state #21 connection "3des" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | start processing: state #22 connection "3des" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #22 is idle | #22 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2SK) | ***parse IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2IDr (0x24) | flags: none (0x0) | length: 160 (0xa0) | processing payload: ISAKMP_NEXT_v2SK (len=156) | #22 in state PARENT_I2: sent v2I2, expected v2R2 | hmac PRF sha init symkey-key@0x556c507543d0 (size 20) | hmac: symkey-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c507543d0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a0b8 | result: clone-key@0x556c5075ae20 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x556c50750530 from symkey-key@0x556c5075ae20 | hmac prf: begin sha with context 0x556c50750530 from symkey-key@0x556c5075ae20 | hmac: release clone-key@0x556c5075ae20 | hmac PRF sha crypt-prf@0x556c5076b470 | hmac PRF sha update data-bytes@0x556c506e85e0 (length 176) | 97 77 0f 81 26 36 14 86 dd c5 49 2c 24 a3 cb 98 | 2e 20 23 20 00 00 00 01 00 00 00 bc 24 00 00 a0 | a8 8a 22 f6 ea 5d f2 0a 10 9a c4 ef 34 e4 77 e2 | 7d f0 8f aa 2d 76 7c 51 ad cf b1 39 e9 1d 8d 84 | 1c a2 1a 06 57 d3 b3 70 dd 63 3b f3 0d 31 78 de | 73 0f a4 ea 69 ab a0 8f e1 43 d2 f0 e9 1b 16 63 | de d0 7a 63 2f 27 73 6d 2b dd 41 b1 7a a4 b2 3d | 45 c4 1a 74 36 3d 25 e9 d1 2d 26 3a ef 03 d6 d1 | d5 7f 45 49 b7 fd d9 68 ed e8 b1 4d 0f c8 2d c3 | cf ed a3 2b f4 00 c6 ae bf 4b 81 5b 90 7b 39 30 | b2 ad 3f f6 c5 fb 16 11 16 9a d6 a0 df 9a a0 6c | hmac PRF sha final-bytes@0x7ffdc298a280 (length 20) | 28 55 6d 3f 6b c3 61 0d fc bc 30 6a 3b 86 33 cf | f1 d1 54 6a | data for hmac: 97 77 0f 81 26 36 14 86 dd c5 49 2c 24 a3 cb 98 | data for hmac: 2e 20 23 20 00 00 00 01 00 00 00 bc 24 00 00 a0 | data for hmac: a8 8a 22 f6 ea 5d f2 0a 10 9a c4 ef 34 e4 77 e2 | data for hmac: 7d f0 8f aa 2d 76 7c 51 ad cf b1 39 e9 1d 8d 84 | data for hmac: 1c a2 1a 06 57 d3 b3 70 dd 63 3b f3 0d 31 78 de | data for hmac: 73 0f a4 ea 69 ab a0 8f e1 43 d2 f0 e9 1b 16 63 | data for hmac: de d0 7a 63 2f 27 73 6d 2b dd 41 b1 7a a4 b2 3d | data for hmac: 45 c4 1a 74 36 3d 25 e9 d1 2d 26 3a ef 03 d6 d1 | data for hmac: d5 7f 45 49 b7 fd d9 68 ed e8 b1 4d 0f c8 2d c3 | data for hmac: cf ed a3 2b f4 00 c6 ae bf 4b 81 5b 90 7b 39 30 | data for hmac: b2 ad 3f f6 c5 fb 16 11 16 9a d6 a0 df 9a a0 6c | calculated auth: 28 55 6d 3f 6b c3 61 0d fc bc 30 6a | provided auth: 28 55 6d 3f 6b c3 61 0d fc bc 30 6a | authenticator matched | construct_enc_iv: decryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: decryption IV/starting-variable: computed counter-size=0 | decryption IV/starting-variable | a8 8a 22 f6 ea 5d f2 0a | payload before decryption: | 10 9a c4 ef 34 e4 77 e2 7d f0 8f aa 2d 76 7c 51 | ad cf b1 39 e9 1d 8d 84 1c a2 1a 06 57 d3 b3 70 | dd 63 3b f3 0d 31 78 de 73 0f a4 ea 69 ab a0 8f | e1 43 d2 f0 e9 1b 16 63 de d0 7a 63 2f 27 73 6d | 2b dd 41 b1 7a a4 b2 3d 45 c4 1a 74 36 3d 25 e9 | d1 2d 26 3a ef 03 d6 d1 d5 7f 45 49 b7 fd d9 68 | ed e8 b1 4d 0f c8 2d c3 cf ed a3 2b f4 00 c6 ae | bf 4b 81 5b 90 7b 39 30 b2 ad 3f f6 c5 fb 16 11 | 16 9a d6 a0 df 9a a0 6c | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | payload after decryption: | 27 00 00 0c 02 00 00 00 65 61 73 74 21 00 00 1c | 02 00 00 00 e3 6a 0f 7e 10 9d d1 8c cc 74 c2 20 | d1 d0 21 2b 85 b9 f8 2f 2c 00 00 28 00 00 00 24 | 01 03 04 03 1d d8 c1 f6 03 00 00 08 01 00 00 03 | 03 00 00 08 03 00 00 02 00 00 00 08 05 00 00 00 | 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff | c0 00 01 00 c0 00 01 ff 00 00 00 18 01 00 00 00 | 07 00 00 10 00 00 ff ff c0 00 02 00 c0 00 02 ff | 00 01 02 03 04 05 06 07 | stripping 8 octets as pad | #22 ikev2 ISAKMP_v2_IKE_AUTH decrypt success | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) | **parse IKEv2 Identification - Responder - Payload: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) | flags: none (0x0) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | processing payload: ISAKMP_NEXT_v2IDr (len=4) | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) | **parse IKEv2 Authentication Payload: | next payload type: ISAKMP_NEXT_v2SA (0x21) | flags: none (0x0) | length: 28 (0x1c) | auth method: IKEv2_AUTH_SHARED (0x2) | processing payload: ISAKMP_NEXT_v2AUTH (len=20) | Now let's proceed with payload (ISAKMP_NEXT_v2SA) | **parse IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) | flags: none (0x0) | length: 40 (0x28) | processing payload: ISAKMP_NEXT_v2SA (len=36) | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) | **parse IKEv2 Traffic Selector - Initiator - Payload: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSi (len=16) | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) | **parse IKEv2 Traffic Selector - Responder - Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 24 (0x18) | number of TS: 1 (0x1) | processing payload: ISAKMP_NEXT_v2TSr (len=16) | selected state microcode Initiator: process IKE_AUTH response | Now let's proceed with state specific processing | calling processor Initiator: process IKE_AUTH response | offered CA: '%none' "3des" #22: IKEv2 mode peer ID is ID_FQDN: '@east' | hmac PRF sha init symkey-key@0x556c50771420 (size 20) | hmac: symkey-key@0x556c50771420 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c50771420 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a1e8 | result: clone-key@0x556c5075ae20 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x556c50750530 from symkey-key@0x556c5075ae20 | hmac prf: begin sha with context 0x556c50750530 from symkey-key@0x556c5075ae20 | hmac: release clone-key@0x556c5075ae20 | hmac PRF sha crypt-prf@0x556c5076b450 | idhash auth R2 02 00 00 00 65 61 73 74 | hmac PRF sha update data-bytes@0x556c506e860c (length 8) | 02 00 00 00 65 61 73 74 | hmac PRF sha final-bytes@0x7ffdc298a340 (length 20) | 87 90 4d 87 fd 3e cc 84 d3 4b 0e 62 3a d8 c6 96 | dc 3c f6 5c | verifying AUTH payload | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to verify PSK with authby=secret | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_PSK | 1: compared key @east to @west / @east -> 004 | 2: compared key @west to @west / @east -> 014 | line 1: match=014 | match 014 beats previous best_match 000 match=0x556c5075d550 (line=1) | concluding with best_match=014 best=0x556c5075d550 (lineno=1) | inputs to hash1 (first packet) | 97 77 0f 81 26 36 14 86 dd c5 49 2c 24 a3 cb 98 | 21 20 22 20 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | c8 23 fc 9c 26 e4 ff f7 c1 28 52 2e 8a c5 f6 0d | ba 8d 38 ad 62 00 78 57 c0 1f 7c 6d 78 e7 c5 0e | e5 d2 ad e6 d4 85 e9 d9 0b 1f ad dd 28 6e be b8 | 82 a2 9a 78 88 cb 85 6b 80 e0 18 9a 61 b0 07 d1 | 5e 14 07 37 76 14 b6 cd 28 bc 05 4b e2 1c 6f a8 | 86 1a ff f8 1a 99 15 1b 51 c7 c0 b6 d5 89 42 25 | 53 69 cf 29 8c ff e4 9d 49 3c c0 50 dc 12 b8 f1 | 3a d9 b1 d9 8f 39 45 a3 c8 b1 1f f4 29 1a d0 d9 | 02 bf b8 a0 7d 2f ee 5a 54 24 f3 9b 1f 2c a1 ad | 42 6a 05 8b e5 ca 91 8e 03 0b c5 d7 4b ee 0c 53 | a1 c0 4c 2c ce 20 55 d9 c1 10 90 cf af ba 9e f9 | 02 66 28 7f df 58 b9 16 cd a3 96 ab 99 ba a4 10 | 10 a9 b5 82 ee 58 a5 cf 09 56 c7 4c 8a c1 88 00 | 88 be 9d 5c 89 67 bf d3 0a 49 2c 65 c3 bf 2a a1 | 3a ae c8 69 7d ef 97 f3 89 9d 6e 8a b2 f8 59 7c | e7 ea 60 cd 2c 14 95 1c 9c 5d 93 a3 e7 5b 31 4e | 29 00 00 24 82 58 f2 d4 d0 fa a5 d0 5b b0 72 19 | e6 a8 0d ef 8e d6 d0 72 5d 6b d9 63 ea 48 51 6a | ee b6 df 84 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 28 0b d4 91 a9 f3 b4 2c 38 9e 47 c7 | 21 74 38 a3 0d 35 0e 69 00 00 00 1c 00 00 40 05 | 14 a3 f9 1e 5a 64 7b 99 25 8f c3 a7 0f 67 5a a8 | d0 ee b3 a3 | verify: initiator inputs to hash2 (initiator nonce) | 6b e2 14 0e db 0e 03 67 51 79 6b 8b 3c 1b e9 65 | 6a df b0 5a 4c 3a 8f 98 3e 21 e0 bf 75 62 f5 e4 | idhash 87 90 4d 87 fd 3e cc 84 d3 4b 0e 62 3a d8 c6 96 | idhash dc 3c f6 5c | = prf(,"Key Pad for IKEv2") PRF sha init shared secret-chunk@0x556c50767d30 (length 36) | 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 | 51 52 53 54 55 56 57 58 59 5a 31 32 33 34 35 36 | 37 38 39 30 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc2989ff0 | result: shared secret-key@0x7f4568006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 36 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 36-bytes | base: base-key@0x7f4568006900 (52-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc2989fd8 | result: shared secret-key@0x556c5075ae20 (36-bytes, SHA_1_HMAC) | shared secret: release tmp-key@0x7f4568006900 | = prf(,"Key Pad for IKEv2") prf: created sha context 0x556c50750530 from shared secret-key@0x556c5075ae20 | = prf(,"Key Pad for IKEv2") prf: begin sha with context 0x556c50750530 from shared secret-key@0x556c5075ae20 | = prf(,"Key Pad for IKEv2"): release clone-key@0x556c5075ae20 | = prf(,"Key Pad for IKEv2") PRF sha crypt-prf@0x556c5076b470 | = prf(,"Key Pad for IKEv2") PRF sha update Key Pad for IKEv2-bytes@0x556c4f784bb0 (length 17) | 4b 65 79 20 50 61 64 20 66 6f 72 20 49 4b 45 76 | 32 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298a010 | result: final-key@0x7f4568006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f4568006900 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc2989ff8 | result: final-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f4568006900 | = prf(,"Key Pad for IKEv2") PRF sha final-key@0x556c5075ae20 (size 20) | = prf(,"Key Pad for IKEv2"): key-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | = prf(, ) PRF sha init -key@0x556c5075ae20 (size 20) | = prf(, ): -key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a008 | result: clone-key@0x7f4568006900 (20-bytes, SHA_1_HMAC) | = prf(, ) prf: created sha context 0x556c50750530 from -key@0x7f4568006900 | = prf(, ) prf: begin sha with context 0x556c50750530 from -key@0x7f4568006900 | = prf(, ): release clone-key@0x7f4568006900 | = prf(, ) PRF sha crypt-prf@0x556c506cb8b0 | = prf(, ) PRF sha update first-packet-bytes@0x556c506fc6d0 (length 436) | 97 77 0f 81 26 36 14 86 dd c5 49 2c 24 a3 cb 98 | 21 20 22 20 00 00 00 00 00 00 01 b4 22 00 00 2c | 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 | 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 | 00 00 00 08 04 00 00 0e 28 00 01 08 00 0e 00 00 | c8 23 fc 9c 26 e4 ff f7 c1 28 52 2e 8a c5 f6 0d | ba 8d 38 ad 62 00 78 57 c0 1f 7c 6d 78 e7 c5 0e | e5 d2 ad e6 d4 85 e9 d9 0b 1f ad dd 28 6e be b8 | 82 a2 9a 78 88 cb 85 6b 80 e0 18 9a 61 b0 07 d1 | 5e 14 07 37 76 14 b6 cd 28 bc 05 4b e2 1c 6f a8 | 86 1a ff f8 1a 99 15 1b 51 c7 c0 b6 d5 89 42 25 | 53 69 cf 29 8c ff e4 9d 49 3c c0 50 dc 12 b8 f1 | 3a d9 b1 d9 8f 39 45 a3 c8 b1 1f f4 29 1a d0 d9 | 02 bf b8 a0 7d 2f ee 5a 54 24 f3 9b 1f 2c a1 ad | 42 6a 05 8b e5 ca 91 8e 03 0b c5 d7 4b ee 0c 53 | a1 c0 4c 2c ce 20 55 d9 c1 10 90 cf af ba 9e f9 | 02 66 28 7f df 58 b9 16 cd a3 96 ab 99 ba a4 10 | 10 a9 b5 82 ee 58 a5 cf 09 56 c7 4c 8a c1 88 00 | 88 be 9d 5c 89 67 bf d3 0a 49 2c 65 c3 bf 2a a1 | 3a ae c8 69 7d ef 97 f3 89 9d 6e 8a b2 f8 59 7c | e7 ea 60 cd 2c 14 95 1c 9c 5d 93 a3 e7 5b 31 4e | 29 00 00 24 82 58 f2 d4 d0 fa a5 d0 5b b0 72 19 | e6 a8 0d ef 8e d6 d0 72 5d 6b d9 63 ea 48 51 6a | ee b6 df 84 29 00 00 08 00 00 40 2e 29 00 00 1c | 00 00 40 04 28 0b d4 91 a9 f3 b4 2c 38 9e 47 c7 | 21 74 38 a3 0d 35 0e 69 00 00 00 1c 00 00 40 05 | 14 a3 f9 1e 5a 64 7b 99 25 8f c3 a7 0f 67 5a a8 | d0 ee b3 a3 | = prf(, ) PRF sha update nonce-bytes@0x7f45540061b0 (length 32) | 6b e2 14 0e db 0e 03 67 51 79 6b 8b 3c 1b e9 65 | 6a df b0 5a 4c 3a 8f 98 3e 21 e0 bf 75 62 f5 e4 | = prf(, ) PRF sha update hash-bytes@0x7ffdc298a340 (length 20) | 87 90 4d 87 fd 3e cc 84 d3 4b 0e 62 3a d8 c6 96 | dc 3c f6 5c | = prf(, ) PRF sha final-chunk@0x556c5076b450 (length 20) | e3 6a 0f 7e 10 9d d1 8c cc 74 c2 20 d1 d0 21 2b | 85 b9 f8 2f | psk_auth: release prf-psk-key@0x556c5075ae20 | Received PSK auth octets | e3 6a 0f 7e 10 9d d1 8c cc 74 c2 20 d1 d0 21 2b | 85 b9 f8 2f | Calculated PSK auth octets | e3 6a 0f 7e 10 9d d1 8c cc 74 c2 20 d1 d0 21 2b | 85 b9 f8 2f "3des" #22: Authenticated using authby=secret | parent state #21: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) | #21 will start re-keying in 2911 seconds with margin of 689 seconds (attempting re-key) | state #21 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x7f4554008840 | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f455c001560 | event_schedule: new EVENT_SA_REKEY-pe@0x7f455c001560 | inserting event EVENT_SA_REKEY, timeout in 2911 seconds for #21 | libevent_malloc: new ptr-libevent@0x7f4554008840 size 128 | pstats #21 ikev2.ike established | TSi: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 01 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 01 ff | TSi: parsed 1 traffic selectors | TSr: parsing 1 traffic selectors | ***parse IKEv2 Traffic Selector: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) | IP Protocol ID: 0 (0x0) | length: 16 (0x10) | start port: 0 (0x0) | end port: 65535 (0xffff) | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low | TS low c0 00 02 00 | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high | TS high c0 00 02 ff | TSr: parsed 1 traffic selectors | evaluating our conn="3des" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 | narrow port end=0..65535 == TSi[0]=0..65535: 0 | TSi[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSi[0]=*0: 0 | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 | narrow port end=0..65535 == TSr[0]=0..65535: 0 | TSr[0] port match: YES fitness 65536 | narrow protocol end=*0 == TSr[0]=*0: 0 | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 | best fit so far: TSi[0] TSr[0] | found an acceptable TSi/TSr Traffic Selector | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV6_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.1.0-192.0.1.255 | printing contents struct traffic_selector | ts_type: IKEv2_TS_IPV6_ADDR_RANGE | ipprotoid: 0 | port range: 0-65535 | ip range: 192.0.2.0-192.0.2.255 | using existing local ESP/AH proposals for 3des (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 1 local proposals | local proposal 1 type ENCR has 1 transforms | local proposal 1 type PRF has 0 transforms | local proposal 1 type INTEG has 1 transforms | local proposal 1 type DH has 1 transforms | local proposal 1 type ESN has 1 transforms | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH | ***parse IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | length: 36 (0x24) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_ESP (0x3) | spi size: 4 (0x4) | # transforms: 3 (0x3) | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI | remote SPI 1d d8 c1 f6 | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 1 local proposals | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | remote proposal 1 transform 0 (ENCR=3DES) matches local proposal 1 type 1 (ENCR) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | remote proposal 1 transform 1 (INTEG=HMAC_SHA1_96) matches local proposal 1 type 3 (INTEG) transform 0 | ****parse IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | length: 8 (0x8) | IKEv2 transform type: TRANS_TYPE_ESN (0x5) | IKEv2 transform ID: ESN_DISABLED (0x0) | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN | remote proposal 1 matches local proposal 1 | remote accepted the proposal 1:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;ESN=DISABLED[first-match] | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=1dd8c1f6;ENCR=3DES;INTEG=HMAC_SHA1_96;ESN=DISABLED | converting proposal to internal trans attrs | encryption ike_alg_lookup_by_id id: 3DES=3, found 3DES_CBC | integrity ike_alg_lookup_by_id id: HMAC_SHA1_96=2, found HMAC_SHA1_96 | DH ike_alg_lookup_by_id id: NONE=0, found NONE | integ=sha: .key_size=20 encrypt=3des_cbc: .key_size=24 .salt_size=0 keymat_len=44 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298a0f0 | result: data=Ni-key@0x7f4568006900 (48-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 32 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 32-bytes | base: base-key@0x7f4568006900 (48-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a0d8 | result: data=Ni-key@0x556c5075ae20 (32-bytes, EXTRACT_KEY_FROM_KEY) | data=Ni: release tmp-key@0x7f4568006900 | CONCATENATE_BASE_AND_DATA: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c5075ae20 (32-bytes, EXTRACT_KEY_FROM_KEY) | params: 16-bytes@0x7ffdc298a0e0 | result: data+=Nr-key@0x7f4568006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_bytes: release lhs-key@0x556c5075ae20 | prf+0 PRF sha init key-key@0x7f45600069f0 (size 20) | prf+0: key-key@0x7f45600069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f45600069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a008 | result: clone-key@0x556c5075ae20 (20-bytes, SHA_1_HMAC) | prf+0 prf: created sha context 0x556c50750530 from key-key@0x556c5075ae20 | prf+0 prf: begin sha with context 0x556c50750530 from key-key@0x556c5075ae20 | prf+0: release clone-key@0x556c5075ae20 | prf+0 PRF sha crypt-prf@0x556c506cb890 | prf+0 PRF sha update seed-key@0x7f4568006900 (size 64) | prf+0: seed-key@0x7f4568006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f4568006900 | nss hmac digest hack: symkey-key@0x7f4568006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1030185904: fffffff2 68 58 4c 00 ffffffa2 21 66 ffffff88 70 ffffffc4 ffffffbb fffffff2 ffffff99 5e 73 13 40 4b ffffffc2 33 ffffffea 0c ffffffaa 26 ffffff9b ffffffae ffffffff ffffff9f 48 46 ffffffb8 29 34 ffffffb7 ffffffe2 fffffff8 30 ffffffe7 38 ffffffc7 44 ffffff83 ffffffef 28 44 ffffff84 ffffff82 ffffffbd ffffffaf ffffffed fffffff9 36 ffffffe2 42 69 ffffffa3 5f 0c 58 1a 66 fffffff1 42 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 64 bytes at 0x556c50772ef0 | unwrapped: 6b e2 14 0e db 0e 03 67 51 79 6b 8b 3c 1b e9 65 | unwrapped: 6a df b0 5a 4c 3a 8f 98 3e 21 e0 bf 75 62 f5 e4 | unwrapped: 82 58 f2 d4 d0 fa a5 d0 5b b0 72 19 e6 a8 0d ef | unwrapped: 8e d6 d0 72 5d 6b d9 63 ea 48 51 6a ee b6 df 84 | prf+0 PRF sha update 1++-byte@0x1 (1) | 01 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298a010 | result: final-key@0x556c5074d280 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c5074d280 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc2989ff8 | result: final-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c5074d280 | prf+0 PRF sha final-key@0x556c5075ae20 (size 20) | prf+0: key-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | prfplus: reference old_t[1]-key@0x556c5075ae20 | prf+N PRF sha init key-key@0x7f45600069f0 (size 20) | prf+N: key-key@0x7f45600069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f45600069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a008 | result: clone-key@0x556c5074d280 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x556c50750530 from key-key@0x556c5074d280 | prf+N prf: begin sha with context 0x556c50750530 from key-key@0x556c5074d280 | prf+N: release clone-key@0x556c5074d280 | prf+N PRF sha crypt-prf@0x556c5076b470 | prf+N PRF sha update old_t-key@0x556c5075ae20 (size 20) | prf+N: old_t-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x556c5075ae20 | nss hmac digest hack: symkey-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1030185904: ffffff88 01 ffffffc7 41 ffffff9e ffffff8d ffffffaa ffffffc9 ffffffe0 ffffffdf 60 3d ffffffd0 03 79 30 2b 4b 02 fffffffe 1e fffffff0 31 ffffff92 ffffff9a ffffffb4 6a ffffffbf ffffffd6 56 12 ffffffe9 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x556c50769e30 | unwrapped: fb 10 71 a8 16 6c 0a d4 a5 cb 96 48 a2 3c 41 1a | unwrapped: 93 91 c1 f9 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f4568006900 (size 64) | prf+N: seed-key@0x7f4568006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f4568006900 | nss hmac digest hack: symkey-key@0x7f4568006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1030185904: fffffff2 68 58 4c 00 ffffffa2 21 66 ffffff88 70 ffffffc4 ffffffbb fffffff2 ffffff99 5e 73 13 40 4b ffffffc2 33 ffffffea 0c ffffffaa 26 ffffff9b ffffffae ffffffff ffffff9f 48 46 ffffffb8 29 34 ffffffb7 ffffffe2 fffffff8 30 ffffffe7 38 ffffffc7 44 ffffff83 ffffffef 28 44 ffffff84 ffffff82 ffffffbd ffffffaf ffffffed fffffff9 36 ffffffe2 42 69 ffffffa3 5f 0c 58 1a 66 fffffff1 42 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 64 bytes at 0x556c5076d400 | unwrapped: 6b e2 14 0e db 0e 03 67 51 79 6b 8b 3c 1b e9 65 | unwrapped: 6a df b0 5a 4c 3a 8f 98 3e 21 e0 bf 75 62 f5 e4 | unwrapped: 82 58 f2 d4 d0 fa a5 d0 5b b0 72 19 e6 a8 0d ef | unwrapped: 8e d6 d0 72 5d 6b d9 63 ea 48 51 6a ee b6 df 84 | prf+N PRF sha update N++-byte@0x2 (2) | 02 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298a010 | result: final-key@0x7f456000eec0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f456000eec0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc2989ff8 | result: final-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f456000eec0 | prf+N PRF sha final-key@0x556c5074d280 (size 20) | prf+N: key-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffdc298a088 | result: result-key@0x7f456000eec0 (40-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x556c5075ae20 | prfplus: release old_t[N]-key@0x556c5075ae20 | prf+N PRF sha init key-key@0x7f45600069f0 (size 20) | prf+N: key-key@0x7f45600069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f45600069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a008 | result: clone-key@0x556c5075ae20 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x556c50750530 from key-key@0x556c5075ae20 | prf+N prf: begin sha with context 0x556c50750530 from key-key@0x556c5075ae20 | prf+N: release clone-key@0x556c5075ae20 | prf+N PRF sha crypt-prf@0x556c506cb8b0 | prf+N PRF sha update old_t-key@0x556c5074d280 (size 20) | prf+N: old_t-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x556c5074d280 | nss hmac digest hack: symkey-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1030185904: 36 16 32 65 ffffff81 4b 2c 6a fffffff5 1f 07 ffffff97 4a ffffffcf ffffffcf ffffffac ffffffcd 3f 54 04 fffffff0 35 5f ffffff9f 10 ffffff9d ffffffd7 07 ffffffca ffffffb2 ffffffbd ffffff9e | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x556c5076a010 | unwrapped: c0 bc e7 d1 28 90 40 d5 f5 b5 df 13 9d af c8 cf | unwrapped: 1e 79 bb 68 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f4568006900 (size 64) | prf+N: seed-key@0x7f4568006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f4568006900 | nss hmac digest hack: symkey-key@0x7f4568006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1030185904: fffffff2 68 58 4c 00 ffffffa2 21 66 ffffff88 70 ffffffc4 ffffffbb fffffff2 ffffff99 5e 73 13 40 4b ffffffc2 33 ffffffea 0c ffffffaa 26 ffffff9b ffffffae ffffffff ffffff9f 48 46 ffffffb8 29 34 ffffffb7 ffffffe2 fffffff8 30 ffffffe7 38 ffffffc7 44 ffffff83 ffffffef 28 44 ffffff84 ffffff82 ffffffbd ffffffaf ffffffed fffffff9 36 ffffffe2 42 69 ffffffa3 5f 0c 58 1a 66 fffffff1 42 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 64 bytes at 0x556c5076d4a0 | unwrapped: 6b e2 14 0e db 0e 03 67 51 79 6b 8b 3c 1b e9 65 | unwrapped: 6a df b0 5a 4c 3a 8f 98 3e 21 e0 bf 75 62 f5 e4 | unwrapped: 82 58 f2 d4 d0 fa a5 d0 5b b0 72 19 e6 a8 0d ef | unwrapped: 8e d6 d0 72 5d 6b d9 63 ea 48 51 6a ee b6 df 84 | prf+N PRF sha update N++-byte@0x3 (3) | 03 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298a010 | result: final-key@0x556c507594c0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c507594c0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc2989ff8 | result: final-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c507594c0 | prf+N PRF sha final-key@0x556c5075ae20 (size 20) | prf+N: key-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f456000eec0 (40-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffdc298a088 | result: result-key@0x556c507594c0 (60-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f456000eec0 | prfplus: release old_t[N]-key@0x556c5074d280 | prf+N PRF sha init key-key@0x7f45600069f0 (size 20) | prf+N: key-key@0x7f45600069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f45600069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a008 | result: clone-key@0x556c5074d280 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x556c50750530 from key-key@0x556c5074d280 | prf+N prf: begin sha with context 0x556c50750530 from key-key@0x556c5074d280 | prf+N: release clone-key@0x556c5074d280 | prf+N PRF sha crypt-prf@0x556c5076b470 | prf+N PRF sha update old_t-key@0x556c5075ae20 (size 20) | prf+N: old_t-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x556c5075ae20 | nss hmac digest hack: symkey-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1030185904: 59 ffffffbe 34 ffffffa1 6a 25 ffffff8f ffffffa0 ffffff8c 4b ffffffa5 fffffff3 ffffffe4 ffffff96 54 6b fffffffc ffffff90 ffffffd0 ffffff9b 74 ffffffb7 ffffff90 ffffffc2 11 10 01 ffffffa5 47 fffffff8 ffffff8f ffffff83 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x556c5076b270 | unwrapped: d9 05 69 33 8e 34 84 3e f9 14 96 b5 be 6d 3e c6 | unwrapped: 7c c8 c3 52 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f4568006900 (size 64) | prf+N: seed-key@0x7f4568006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f4568006900 | nss hmac digest hack: symkey-key@0x7f4568006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1030185904: fffffff2 68 58 4c 00 ffffffa2 21 66 ffffff88 70 ffffffc4 ffffffbb fffffff2 ffffff99 5e 73 13 40 4b ffffffc2 33 ffffffea 0c ffffffaa 26 ffffff9b ffffffae ffffffff ffffff9f 48 46 ffffffb8 29 34 ffffffb7 ffffffe2 fffffff8 30 ffffffe7 38 ffffffc7 44 ffffff83 ffffffef 28 44 ffffff84 ffffff82 ffffffbd ffffffaf ffffffed fffffff9 36 ffffffe2 42 69 ffffffa3 5f 0c 58 1a 66 fffffff1 42 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 64 bytes at 0x556c5076b2a0 | unwrapped: 6b e2 14 0e db 0e 03 67 51 79 6b 8b 3c 1b e9 65 | unwrapped: 6a df b0 5a 4c 3a 8f 98 3e 21 e0 bf 75 62 f5 e4 | unwrapped: 82 58 f2 d4 d0 fa a5 d0 5b b0 72 19 e6 a8 0d ef | unwrapped: 8e d6 d0 72 5d 6b d9 63 ea 48 51 6a ee b6 df 84 | prf+N PRF sha update N++-byte@0x4 (4) | 04 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298a010 | result: final-key@0x7f456000eec0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x7f456000eec0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc2989ff8 | result: final-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x7f456000eec0 | prf+N PRF sha final-key@0x556c5074d280 (size 20) | prf+N: key-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c507594c0 (60-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffdc298a088 | result: result-key@0x7f456000eec0 (80-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x556c507594c0 | prfplus: release old_t[N]-key@0x556c5075ae20 | prf+N PRF sha init key-key@0x7f45600069f0 (size 20) | prf+N: key-key@0x7f45600069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x7f45600069f0 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a008 | result: clone-key@0x556c5075ae20 (20-bytes, SHA_1_HMAC) | prf+N prf: created sha context 0x556c50750530 from key-key@0x556c5075ae20 | prf+N prf: begin sha with context 0x556c50750530 from key-key@0x556c5075ae20 | prf+N: release clone-key@0x556c5075ae20 | prf+N PRF sha crypt-prf@0x556c506cb8b0 | prf+N PRF sha update old_t-key@0x556c5074d280 (size 20) | prf+N: old_t-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 20 bytes of key@0x556c5074d280 | nss hmac digest hack: symkey-key@0x556c5074d280 (20-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (20-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 32 | wrapper: (SECItemType)-1030185904: 24 ffffff9c 53 ffffff89 07 64 ffffffa5 33 6b 46 ffffffab ffffffef 68 7b ffffff98 ffffffdf 23 ffffffdc 40 56 48 4e 16 67 3f 61 75 20 ffffff91 ffffffc2 fffffffe 63 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 32 bytes at 0x556c507731d0 | unwrapped: f0 a0 3c 58 0c f3 d9 d6 ef 5d fc a0 d7 1f 53 cb | unwrapped: 5e cd ee 19 00 00 00 00 00 00 00 00 00 00 00 00 | prf+N PRF sha update seed-key@0x7f4568006900 (size 64) | prf+N: seed-key@0x7f4568006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | nss hmac digest hack extracting all 64 bytes of key@0x7f4568006900 | nss hmac digest hack: symkey-key@0x7f4568006900 (64-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | nss hmac digest hack: new slot-key@0x556c50750fd0 (64-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 64 | wrapper: (SECItemType)-1030185904: fffffff2 68 58 4c 00 ffffffa2 21 66 ffffff88 70 ffffffc4 ffffffbb fffffff2 ffffff99 5e 73 13 40 4b ffffffc2 33 ffffffea 0c ffffffaa 26 ffffff9b ffffffae ffffffff ffffff9f 48 46 ffffffb8 29 34 ffffffb7 ffffffe2 fffffff8 30 ffffffe7 38 ffffffc7 44 ffffff83 ffffffef 28 44 ffffff84 ffffff82 ffffffbd ffffffaf ffffffed fffffff9 36 ffffffe2 42 69 ffffffa3 5f 0c 58 1a 66 fffffff1 42 | nss hmac digest hack: release slot-key-key@0x556c50750fd0 | nss hmac digest hack extracted len 64 bytes at 0x556c50768610 | unwrapped: 6b e2 14 0e db 0e 03 67 51 79 6b 8b 3c 1b e9 65 | unwrapped: 6a df b0 5a 4c 3a 8f 98 3e 21 e0 bf 75 62 f5 e4 | unwrapped: 82 58 f2 d4 d0 fa a5 d0 5b b0 72 19 e6 a8 0d ef | unwrapped: 8e d6 d0 72 5d 6b d9 63 ea 48 51 6a ee b6 df 84 | prf+N PRF sha update N++-byte@0x5 (5) | 05 | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | CONCATENATE_DATA_AND_BASE: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | params: 16-bytes@0x7ffdc298a010 | result: final-key@0x556c507594c0 (36-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 20-bytes | base: base-key@0x556c507594c0 (36-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc2989ff8 | result: final-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | final: release tmp-key@0x556c507594c0 | prf+N PRF sha final-key@0x556c5075ae20 (size 20) | prf+N: key-key@0x556c5075ae20 (20-bytes, EXTRACT_KEY_FROM_KEY) | CONCATENATE_BASE_AND_KEY: | target: EXTRACT_KEY_FROM_KEY | base: base-key@0x7f456000eec0 (80-bytes, EXTRACT_KEY_FROM_KEY) | params: 8-bytes@0x7ffdc298a088 | result: result-key@0x556c507594c0 (100-bytes, EXTRACT_KEY_FROM_KEY) | append_symkey_symkey: release lhs-key@0x7f456000eec0 | prfplus: release old_t[N]-key@0x556c5074d280 | prfplus: release old_t[final]-key@0x556c5075ae20 | child_sa_keymat: release data-key@0x7f4568006900 | key-offset: 0, key-size: 44 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 44-bytes | base: base-key@0x556c507594c0 (100-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a168 | result: result-key@0x7f4568006900 (44-bytes, EXTRACT_KEY_FROM_KEY) | initiator to responder keys extracting all 44 bytes of key@0x7f4568006900 | initiator to responder keys: symkey-key@0x7f4568006900 (44-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | initiator to responder keys: new slot-key@0x556c50750fd0 (44-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)1717986918: ffffff88 01 ffffffc7 41 ffffff9e ffffff8d ffffffaa ffffffc9 ffffffe0 ffffffdf 60 3d ffffffd0 03 79 30 ffffffed ffffffbf 56 11 ffffffff ffffffba ffffffc9 0b ffffffab ffffffcb 03 3d ffffffaa ffffff8b ffffffb8 ffffffac 3d ffffffad ffffffe1 ffffff9a ffffffde fffffff8 55 ffffffc7 ffffffba 13 34 ffffff8c ffffffaf fffffff4 38 ffffffeb | initiator to responder keys: release slot-key-key@0x556c50750fd0 | initiator to responder keys extracted len 48 bytes at 0x556c50734860 | unwrapped: fb 10 71 a8 16 6c 0a d4 a5 cb 96 48 a2 3c 41 1a | unwrapped: 93 91 c1 f9 c0 bc e7 d1 28 90 40 d5 f5 b5 df 13 | unwrapped: 9d af c8 cf 1e 79 bb 68 d9 05 69 33 00 00 00 00 | ikev2_derive_child_keys: release ikey-key@0x7f4568006900 | key-offset: 44, key-size: 44 | EXTRACT_KEY_FROM_KEY: | target: EXTRACT_KEY_FROM_KEY | key_size: 44-bytes | base: base-key@0x556c507594c0 (100-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc298a168 | result: result-key@0x7f4568006900 (44-bytes, EXTRACT_KEY_FROM_KEY) | responder to initiator keys: extracting all 44 bytes of key@0x7f4568006900 | responder to initiator keys:: symkey-key@0x7f4568006900 (44-bytes, EXTRACT_KEY_FROM_KEY) | : ephemeral-key@0x556c506cd080 (16-bytes, AES_KEY_GEN) | responder to initiator keys:: new slot-key@0x556c50750fd0 (44-bytes, EXTRACT_KEY_FROM_KEY) | sizeof bytes 48 | wrapper: (SECItemType)1717986918: 74 74 04 6b ffffffdf 45 fffffff3 54 ffffff9b 38 66 7e 6b 22 ffffffd3 65 24 ffffff9c 53 ffffff89 07 64 ffffffa5 33 6b 46 ffffffab ffffffef 68 7b ffffff98 ffffffdf 3a 24 ffffffdb 06 ffffffa6 02 fffffffb 5c ffffffdf ffffffac ffffffe8 59 20 7c 42 ffffff93 | responder to initiator keys:: release slot-key-key@0x556c50750fd0 | responder to initiator keys: extracted len 48 bytes at 0x556c507348a0 | unwrapped: 8e 34 84 3e f9 14 96 b5 be 6d 3e c6 7c c8 c3 52 | unwrapped: f0 a0 3c 58 0c f3 d9 d6 ef 5d fc a0 d7 1f 53 cb | unwrapped: 5e cd ee 19 07 13 d2 b0 b0 16 80 9b 00 00 00 00 | ikev2_derive_child_keys: release rkey-key@0x7f4568006900 | ikev2_derive_child_keys: release keymat-key@0x556c507594c0 | #21 spent 2.39 milliseconds | install_ipsec_sa() for #22: inbound and outbound | could_route called for 3des (kind=CK_PERMANENT) | FOR_EACH_CONNECTION_... in route_owner | conn 3des mark 0/00000000, 0/00000000 vs | conn 3des mark 0/00000000, 0/00000000 | route owner of "3des" unrouted: NULL; eroute owner: NULL | looking for alg with encrypt: 3DES_CBC keylen: 192 integ: HMAC_SHA1_96 | encrypt 3DES_CBC keylen=192 transid=3, key_size=24, encryptalg=3 | st->st_esp.keymat_len=44 is encrypt_keymat_size=24 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection '3des' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.1dd8c1f6@192.1.2.23 included non-error error | set up outgoing SA, ref=0/0 | looking for alg with encrypt: 3DES_CBC keylen: 192 integ: HMAC_SHA1_96 | encrypt 3DES_CBC keylen=192 transid=3, key_size=24, encryptalg=3 | st->st_esp.keymat_len=44 is encrypt_keymat_size=24 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection '3des' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.6140df86@192.1.2.45 included non-error error | priority calculation of connection "3des" is 0xfe7e7 | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.10000@192.1.2.45 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | set up incoming SA, ref=0/0 | sr for #22: unrouted | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn 3des mark 0/00000000, 0/00000000 vs | conn 3des mark 0/00000000, 0/00000000 | route owner of "3des" unrouted: NULL; eroute owner: NULL | route_and_eroute with c: 3des (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #22 | priority calculation of connection "3des" is 0xfe7e7 | eroute_connection add eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) | IPsec Sa SPD priority set to 1042407 | raw_eroute result=success | running updown command "ipsec _updown" for verb up | command executing up-client | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16428' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x1dd8c1f6 SPI_OUT=0x | popen cmd is 1023 chars long | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTERFA: | cmd( 80):CE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' : | cmd( 160):PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_M: | cmd( 240):ASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1642: | cmd( 320):8' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_: | cmd( 400):CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK=': | cmd( 480):255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUT: | cmd( 560):O_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+: | cmd( 640):IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PL: | cmd( 720):UTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS: | cmd( 800):_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLU: | cmd( 880):TO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHAR: | cmd( 960):ED='no' SPI_IN=0x1dd8c1f6 SPI_OUT=0x6140df86 ipsec _updown 2>&1: | route_and_eroute: firewall_notified: true | running updown command "ipsec _updown" for verb prepare | command executing prepare-client | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16428' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x1dd8c1f6 | popen cmd is 1028 chars long | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_IN: | cmd( 80):TERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@w: | cmd( 160):est' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLI: | cmd( 240):ENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=: | cmd( 320):'16428' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_: | cmd( 400):PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_M: | cmd( 480):ASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='': | cmd( 560): PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PF: | cmd( 640):S+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANEN: | cmd( 720):T' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEE: | cmd( 800):R_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0: | cmd( 880):' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI: | cmd( 960):_SHARED='no' SPI_IN=0x1dd8c1f6 SPI_OUT=0x6140df86 ipsec _updown 2>&1: | running updown command "ipsec _updown" for verb route | command executing route-client | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16428' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x1dd8c1f6 SPI_ | popen cmd is 1026 chars long | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTE: | cmd( 80):RFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@wes: | cmd( 160):t' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIEN: | cmd( 240):T_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1: | cmd( 320):6428' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PE: | cmd( 400):ER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MAS: | cmd( 480):K='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' P: | cmd( 560):LUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+: | cmd( 640):UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT': | cmd( 720): PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_: | cmd( 800):DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' : | cmd( 880):PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_S: | cmd( 960):HARED='no' SPI_IN=0x1dd8c1f6 SPI_OUT=0x6140df86 ipsec _updown 2>&1: | route_and_eroute: instance "3des", setting eroute_owner {spd=0x556c50768e20,sr=0x556c50768e20} to #22 (was #0) (newest_ipsec_sa=#0) | #21 spent 0.82 milliseconds in install_ipsec_sa() | inR2: instance 3des[0], setting IKEv2 newest_ipsec_sa to #22 (was #0) (spd.eroute=#22) cloned from #21 | state #22 requesting EVENT_RETRANSMIT to be deleted | #22 STATE_PARENT_I2: retransmits: cleared | libevent_free: release ptr-libevent@0x7f45500068c0 | free_event_entry: release EVENT_RETRANSMIT-pe@0x556c50772e10 | #22 spent 2.9 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() | [RE]START processing: state #22 connection "3des" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #22 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I | child state #22: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) | Message ID: updating counters for #22 to 1 after switching state | Message ID: recv #21.#22 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 | Message ID: #21.#22 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 | pstats #22 ikev2.child established "3des" #22: negotiated connection [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] | NAT-T: encaps is 'auto' "3des" #22: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x1dd8c1f6 <0x6140df86 xfrm=3DES_CBC-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} | releasing whack for #22 (sock=fd@25) | close_any(fd@25) (in release_whack() at state.c:654) | releasing whack and unpending for parent #21 | unpending state #21 connection "3des" | delete from pending Child SA with 192.1.2.23 "3des" | removing pending policy for no connection {0x556c5076d240} | close_any(fd@24) (in release_whack() at state.c:654) | #22 will start re-keying in 27961 seconds with margin of 839 seconds (attempting re-key) | event_schedule: new EVENT_SA_REKEY-pe@0x556c50772e10 | inserting event EVENT_SA_REKEY, timeout in 27961 seconds for #22 | libevent_malloc: new ptr-libevent@0x7f45500068c0 size 128 | stop processing: state #22 connection "3des" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #21 spent 3.35 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 3.36 milliseconds in comm_handle_cb() reading and processing packet | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.0051 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.0034 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00267 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_STATE_... in show_traffic_status (sort_states) | FOR_EACH_STATE_... in sort_states | get_sa_info esp.6140df86@192.1.2.45 | get_sa_info esp.1dd8c1f6@192.1.2.23 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0824 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "3des" (in terminate_a_connection() at terminate.c:69) "3des": terminating SAs using this connection | connection '3des' -POLICY_UP | FOR_EACH_STATE_... in shared_phase1_connection | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #22 | suspend processing: connection "3des" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #22 connection "3des" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #22 ikev2.child deleted completed | #22 spent 2.9 milliseconds in total | [RE]START processing: state #22 connection "3des" from 192.1.2.23:500 (in delete_state() at state.c:879) "3des" #22: deleting state (STATE_V2_IPSEC_I) aged 0.159s and sending notification | child state #22: V2_IPSEC_I(established CHILD SA) => delete | get_sa_info esp.1dd8c1f6@192.1.2.23 | get_sa_info esp.6140df86@192.1.2.45 "3des" #22: ESP traffic information: in=84B out=84B | #22 send IKEv2 delete notification for STATE_V2_IPSEC_I | Opening output PBS informational exchange delete request | **emit ISAKMP Message: | initiator cookie: | 97 77 0f 81 26 36 14 86 | responder cookie: | dd c5 49 2c 24 a3 cb 98 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 2 (0x2) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_ESP (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' | emitting 4 raw bytes of local spis into IKEv2 Delete Payload | local spis 61 40 df 86 | emitting length of IKEv2 Delete Payload: 12 | adding 4 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 40 | emitting length of ISAKMP Message: 68 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | ff 9e 4d 18 b4 47 9c b6 | data before encryption: | 00 00 00 0c 03 04 00 01 61 40 df 86 00 01 02 03 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | data after encryption: | 89 4f 39 7c 5c 68 a0 14 a4 89 3a 76 12 19 df d6 | hmac PRF sha init symkey-key@0x556c5074eb00 (size 20) | hmac: symkey-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc2986fa8 | result: clone-key@0x556c507594c0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x556c50750530 from symkey-key@0x556c507594c0 | hmac prf: begin sha with context 0x556c50750530 from symkey-key@0x556c507594c0 | hmac: release clone-key@0x556c507594c0 | hmac PRF sha crypt-prf@0x556c506cb890 | hmac PRF sha update data-bytes@0x7ffdc2987380 (length 56) | 97 77 0f 81 26 36 14 86 dd c5 49 2c 24 a3 cb 98 | 2e 20 25 08 00 00 00 02 00 00 00 44 2a 00 00 28 | ff 9e 4d 18 b4 47 9c b6 89 4f 39 7c 5c 68 a0 14 | a4 89 3a 76 12 19 df d6 | hmac PRF sha final-bytes@0x7ffdc29873b8 (length 20) | cf 9c 41 51 d8 ca 8e 14 78 86 68 58 01 c8 3d 9d | b9 68 c2 26 | data being hmac: 97 77 0f 81 26 36 14 86 dd c5 49 2c 24 a3 cb 98 | data being hmac: 2e 20 25 08 00 00 00 02 00 00 00 44 2a 00 00 28 | data being hmac: ff 9e 4d 18 b4 47 9c b6 89 4f 39 7c 5c 68 a0 14 | data being hmac: a4 89 3a 76 12 19 df d6 | out calculated auth: | cf 9c 41 51 d8 ca 8e 14 78 86 68 58 | sending 68 bytes for delete notification through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #22) | 97 77 0f 81 26 36 14 86 dd c5 49 2c 24 a3 cb 98 | 2e 20 25 08 00 00 00 02 00 00 00 44 2a 00 00 28 | ff 9e 4d 18 b4 47 9c b6 89 4f 39 7c 5c 68 a0 14 | a4 89 3a 76 12 19 df d6 cf 9c 41 51 d8 ca 8e 14 | 78 86 68 58 | Message ID: IKE #21 sender #22 in send_delete record 'n' sending delete request so forcing IKE nextuse=0->1 and sender msgid=0->0 | Message ID: IKE #21 sender #22 in send_delete hacking around record ' send | Message ID: sent #21 request 2; ike: initiator.sent=1->2 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->2 wip.responder=-1 | state #22 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x7f45500068c0 | free_event_entry: release EVENT_SA_REKEY-pe@0x556c50772e10 | running updown command "ipsec _updown" for verb down | command executing down-client | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16428' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050853' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x1dd8c1f6 | popen cmd is 1031 chars long | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTER: | cmd( 80):FACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west: | cmd( 160):' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT: | cmd( 240):_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16: | cmd( 320):428' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEE: | cmd( 400):R_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK: | cmd( 480):='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PL: | cmd( 560):UTO_STACK='netkey' PLUTO_ADDTIME='1569050853' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUN: | cmd( 640):NEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMA: | cmd( 720):NENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_: | cmd( 800):PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER: | cmd( 880):='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' : | cmd( 960):VTI_SHARED='no' SPI_IN=0x1dd8c1f6 SPI_OUT=0x6140df86 ipsec _updown 2>&1: | shunt_eroute() called for connection '3des' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.1.0/24:0 --0->- 192.0.2.0/24:0 | netlink_shunt_eroute for proto 0, and source 192.0.1.0/24:0 dest 192.0.2.0/24:0 | priority calculation of connection "3des" is 0xfe7e7 | IPsec Sa SPD priority set to 1042407 | delete esp.1dd8c1f6@192.1.2.23 | netlink response for Del SA esp.1dd8c1f6@192.1.2.23 included non-error error | priority calculation of connection "3des" is 0xfe7e7 | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | delete esp.6140df86@192.1.2.45 | netlink response for Del SA esp.6140df86@192.1.2.45 included non-error error | stop processing: connection "3des" (BACKGROUND) (in update_state_connection() at connections.c:4037) | start processing: connection NULL (in update_state_connection() at connections.c:4038) | in connection_discard for connection 3des | State DB: deleting IKEv2 state #22 in V2_IPSEC_I | child state #22: V2_IPSEC_I(established CHILD SA) => UNDEFINED(ignore) | stop processing: state #22 from 192.1.2.23:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x7f45600069f0 | delete_state: release st->st_skey_ai_nss-key@0x556c5074eb00 | delete_state: release st->st_skey_ar_nss-key@0x556c507543d0 | delete_state: release st->st_skey_ei_nss-key@0x556c5076d180 | delete_state: release st->st_skey_er_nss-key@0x556c50757800 | delete_state: release st->st_skey_pi_nss-key@0x7f456000a510 | delete_state: release st->st_skey_pr_nss-key@0x556c50771420 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #21 | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #21 | start processing: state #21 connection "3des" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #21 ikev2.ike deleted completed | #21 spent 9.96 milliseconds in total | [RE]START processing: state #21 connection "3des" from 192.1.2.23:500 (in delete_state() at state.c:879) "3des" #21: deleting state (STATE_PARENT_I3) aged 0.193s and sending notification | parent state #21: PARENT_I3(established IKE SA) => delete | #21 send IKEv2 delete notification for STATE_PARENT_I3 | Opening output PBS informational exchange delete request | **emit ISAKMP Message: | initiator cookie: | 97 77 0f 81 26 36 14 86 | responder cookie: | dd c5 49 2c 24 a3 cb 98 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 3 (0x3) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit IKEv2 Encryption Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' | emitting 8 zero bytes of IV into IKEv2 Encryption Payload | ****emit IKEv2 Delete Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | protocol ID: PROTO_v2_IKE (0x1) | SPI size: 0 (0x0) | number of SPIs: 0 (0x0) | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' | emitting length of IKEv2 Delete Payload: 8 | adding 8 bytes of padding (including 1 byte padding-length) | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload | emitting 12 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload | emitting length of IKEv2 Encryption Payload: 40 | emitting length of ISAKMP Message: 68 | construct_enc_iv: encryption IV/starting-variable: salt-size=0 wire-IV-size=8 block-size 8 | construct_enc_iv: encryption IV/starting-variable: computed counter-size=0 | encryption IV/starting-variable | df 0f 00 79 42 ae a0 c3 | data before encryption: | 00 00 00 08 01 00 00 00 00 01 02 03 04 05 06 07 | NSS ike_alg_nss_cbc: 3des_cbc - enter | NSS ike_alg_nss_cbc: 3des_cbc - exit | data after encryption: | d3 68 d7 90 13 97 05 c3 70 53 a5 c7 47 fb ee 73 | hmac PRF sha init symkey-key@0x556c5074eb00 (size 20) | hmac: symkey-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | key-offset: 0, key-size: 20 | EXTRACT_KEY_FROM_KEY: | target: SHA_1_HMAC | flags: SIGN | key_size: 20-bytes | base: base-key@0x556c5074eb00 (20-bytes, EXTRACT_KEY_FROM_KEY) | operation: FLAGS_ONLY | params: 8-bytes@0x7ffdc2986fa8 | result: clone-key@0x556c507594c0 (20-bytes, SHA_1_HMAC) | hmac prf: created sha context 0x556c50750530 from symkey-key@0x556c507594c0 | hmac prf: begin sha with context 0x556c50750530 from symkey-key@0x556c507594c0 | hmac: release clone-key@0x556c507594c0 | hmac PRF sha crypt-prf@0x556c506cb8d0 | hmac PRF sha update data-bytes@0x7ffdc2987380 (length 56) | 97 77 0f 81 26 36 14 86 dd c5 49 2c 24 a3 cb 98 | 2e 20 25 08 00 00 00 03 00 00 00 44 2a 00 00 28 | df 0f 00 79 42 ae a0 c3 d3 68 d7 90 13 97 05 c3 | 70 53 a5 c7 47 fb ee 73 | hmac PRF sha final-bytes@0x7ffdc29873b8 (length 20) | 8b 7f 11 8e 8f 3b 9b 20 60 fb 87 7a cd a1 7d 6c | 4c 61 14 c7 | data being hmac: 97 77 0f 81 26 36 14 86 dd c5 49 2c 24 a3 cb 98 | data being hmac: 2e 20 25 08 00 00 00 03 00 00 00 44 2a 00 00 28 | data being hmac: df 0f 00 79 42 ae a0 c3 d3 68 d7 90 13 97 05 c3 | data being hmac: 70 53 a5 c7 47 fb ee 73 | out calculated auth: | 8b 7f 11 8e 8f 3b 9b 20 60 fb 87 7a | sending 68 bytes for delete notification through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #21) | 97 77 0f 81 26 36 14 86 dd c5 49 2c 24 a3 cb 98 | 2e 20 25 08 00 00 00 03 00 00 00 44 2a 00 00 28 | df 0f 00 79 42 ae a0 c3 d3 68 d7 90 13 97 05 c3 | 70 53 a5 c7 47 fb ee 73 8b 7f 11 8e 8f 3b 9b 20 | 60 fb 87 7a | Message ID: IKE #21 sender #21 in send_delete record 'n' sending delete request so forcing IKE nextuse=1->2 and sender msgid=0->1 | Message ID: IKE #21 sender #21 in send_delete hacking around record ' send | Message ID: #21 XXX: expecting sender.wip.initiator 2 == -1 - suspect record'n'send out-of-order?); initiator.sent=3 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=3 wip.responder=-1 | Message ID: sent #21 request 3; ike: initiator.sent=2->3 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=2->3 wip.responder=-1 | state #21 requesting EVENT_SA_REKEY to be deleted | libevent_free: release ptr-libevent@0x7f4554008840 | free_event_entry: release EVENT_SA_REKEY-pe@0x7f455c001560 | State DB: IKEv2 state not found (flush_incomplete_children) | in connection_discard for connection 3des | State DB: deleting IKEv2 state #21 in PARENT_I3 | parent state #21: PARENT_I3(established IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f45540010c0: destroyed | stop processing: state #21 from 192.1.2.23:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@0x7f456000d640 | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@0x7f45600069f0 | delete_state: release st->st_skey_ai_nss-key@0x556c5074eb00 | delete_state: release st->st_skey_ar_nss-key@0x556c507543d0 | delete_state: release st->st_skey_ei_nss-key@0x556c5076d180 | delete_state: release st->st_skey_er_nss-key@0x556c50757800 | delete_state: release st->st_skey_pi_nss-key@0x7f456000a510 | delete_state: release st->st_skey_pr_nss-key@0x556c50771420 | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 1.34 milliseconds in whack | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00459 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00311 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 68 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 97 77 0f 81 26 36 14 86 dd c5 49 2c 24 a3 cb 98 | 2e 20 25 20 00 00 00 02 00 00 00 44 2a 00 00 28 | 22 58 9f d7 01 20 d4 a2 6e 34 0f 25 4f 0e 6c 79 | 53 da e9 7d c9 7e 02 68 24 b6 71 61 6a c0 8b d9 | b6 ea fe c5 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 97 77 0f 81 26 36 14 86 | responder cookie: | dd c5 49 2c 24 a3 cb 98 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 2 (0x2) | length: 68 (0x44) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL response | State DB: IKEv2 state not found (find_v2_ike_sa) packet from 192.1.2.23:500: ISAKMP_v2_INFORMATIONAL message response has no matching IKE SA | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0741 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00232 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 60 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 97 77 0f 81 26 36 14 86 dd c5 49 2c 24 a3 cb 98 | 2e 20 25 20 00 00 00 03 00 00 00 3c 00 00 00 20 | f9 cb 7c e1 b8 00 87 1e 22 2c 41 56 31 6f e9 5c | 21 6c be 99 24 49 09 88 c9 ce 34 92 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 97 77 0f 81 26 36 14 86 | responder cookie: | dd c5 49 2c 24 a3 cb 98 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 3 (0x3) | length: 60 (0x3c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL response | State DB: IKEv2 state not found (find_v2_ike_sa) packet from 192.1.2.23:500: ISAKMP_v2_INFORMATIONAL message response has no matching IKE SA | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0616 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "3des" (in terminate_a_connection() at terminate.c:69) "3des": terminating SAs using this connection | connection '3des' -POLICY_UP | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | stop processing: connection "3des" (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "3des" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | shunt_eroute() called for connection '3des' to 'delete' for rt_kind 'unrouted' using protoports 192.0.1.0/24:0 --0->- 192.0.2.0/24:0 | netlink_shunt_eroute for proto 0, and source 192.0.1.0/24:0 dest 192.0.2.0/24:0 | priority calculation of connection "3des" is 0xfe7e7 | priority calculation of connection "3des" is 0xfe7e7 | FOR_EACH_CONNECTION_... in route_owner | conn 3des mark 0/00000000, 0/00000000 vs | conn 3des mark 0/00000000, 0/00000000 | route owner of "3des" unrouted: NULL | running updown command "ipsec _updown" for verb unroute | command executing unroute-client | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16428' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0 | popen cmd is 1012 chars long | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='3des' PLUTO_IN: | cmd( 80):TERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@w: | cmd( 160):est' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLI: | cmd( 240):ENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=: | cmd( 320):'16428' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO: | cmd( 400):_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_: | cmd( 480):MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA=': | cmd( 560):' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+P: | cmd( 640):FS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT': | cmd( 720): PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_: | cmd( 800):DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' : | cmd( 880):PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_S: | cmd( 960):HARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. "3des": unroute-client output: Error: Peer netns reference is invalid. | free hp@0x556c5076b1c0 | flush revival: connection '3des' wasn't on the list | stop processing: connection "3des" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 1.35 milliseconds in whack | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00673 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none - bust-mi2+bust-mr2+drop-i2+sa-creation+jacob-two-two+allow-null-none+major-version-bump+minor-version-bump+timeout-on-retransmit+delete-on-retransmit+suppress-retransmits+send-bogus-payload-flag+send-bogus-isakmp-flag+send-no-delete+send-no-ikev2-auth+send-no-xauth-r0+drop-xauth-r0+send-no-main-r2+force-fips+send-key-size-check+send-bogus-dcookie+omit-hash-notify+ignore-hash-notify+ignore-hash-notify-resp+ikev2-exclude-integ-none+ikev2-include-integ-none+replay-duplicates+replay-forward+replay-backward+replay-encrypted+corrupt-encrypted+proposal-parser+add-unknown-payload-to-sa-init+add-unknown-payload-to-auth+add-unknown-payload-to-auth-sk+unknown-payload-critical+allow-dns-insecure+send-pkcs7-thingie+ikev1-del-with-notify+bad-ikev2-auth-xchg | base impairing = none | ike-key-length-attribute: disabled | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0542 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing none + delete-on-retransmit | base impairing = delete-on-retransmit | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0437 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none | base impairing = delete-on-retransmit | ike-key-length-attribute:192 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0454 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection 3des with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: 3DES_CBC-HMAC_SHA1-MODP2048 | from whack: got --esp=3des-sha1;modp2048 | ESP/AH string values: 3DES_CBC-HMAC_SHA1_96-MODP2048 | counting wild cards for @west is 0 | counting wild cards for @east is 0 | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x556c5076a4d0 added connection description "3des" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.123 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "3des" (in initiate_a_connection() at initiate.c:186) | connection '3des' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #23 at 0x556c50769370 | State DB: adding IKEv2 state #23 in UNDEFINED | pstats #23 ikev2.ike started | Message ID: init #23: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #23: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #23; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "3des" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #23 connection "3des" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "3des" IKE SA #23 "3des" "3des" #23: initiating v2 parent SA | constructing local IKE proposals for 3des (IKE SA initiator selecting KE) | converting ike_info 3DES_CBC-HMAC_SHA1-MODP2048 to ikev2 ... | omitting IKEv2 PROTO_v2_IKE 3des_cbc ENCRYPT transform key-length | ... ikev2_proposal: 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 "3des": constructed local IKE proposals for 3des (IKE SA initiator selecting KE): 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 23 for state #23 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x556c50772dd0 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #23 | libevent_malloc: new ptr-libevent@0x7f45500068c0 size 128 | #23 spent 0.114 milliseconds in ikev2_parent_outI1() | crypto helper 3 resuming | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 3 starting work-order 23 for state #23 | RESET processing: state #23 connection "3des" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 3 doing build KE and nonce (ikev2_outI1 KE); request ID 23 | RESET processing: connection "3des" (in ikev2_parent_outI1() at ikev2_parent.c:610) | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | NSS: Value of Prime: | spent 0.182 milliseconds in whack | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | DH secret MODP2048@0x7f45600018a0: created | NSS: Local DH MODP2048 secret (pointer): 0x7f45600018a0 | NSS: Public DH wire value: | 30 32 31 d8 c7 43 ae 97 01 31 c1 e3 60 86 bc b5 | 2d 40 64 04 c5 7c 6a 16 16 91 73 28 dd a5 d8 1d | b7 23 f5 99 a8 26 c3 a0 f0 f7 7b 70 29 a9 44 e4 | 6f 65 de 9f 74 11 55 88 38 e1 33 94 c4 02 09 ea | e9 c3 64 41 ab b9 bf 69 2b 56 ff c1 a2 23 bb 69 | 03 a5 ec 81 46 2e fb 56 6b ea fd 4b d3 18 3b 64 | 83 9f 85 cb 8a 1e 79 d7 f6 d7 26 0b 1a 0f 57 8c | 07 f7 b4 4d 34 c9 12 bc 57 06 20 65 b9 16 23 5a | b9 a7 2a b0 88 f9 28 29 7c 41 84 88 e4 be 87 47 | 6f 75 ab 4b da a8 6a f9 83 47 28 82 25 63 7f 58 | a9 56 63 14 b8 03 ee 9a e4 4a 3e 98 20 cc 2e cf | 64 33 73 3f ef 63 0d 0a cd c1 6f 2e 39 5a ef 4f | ed 60 6d 6f 41 99 35 77 93 7e ea c2 76 3b b9 77 | 76 89 80 f0 7e 2e 70 27 7e 29 b5 63 80 0e 17 57 | ee 87 64 85 47 f0 d6 9b 92 50 ec 68 50 ae c9 cd | 41 16 c6 96 ad 73 e3 ea 2f 38 0c 0d 1b 1f 80 c1 | Generated nonce: 52 f0 bd eb 1f a0 dc a6 d0 ff 2e 05 2e 38 0d 76 | Generated nonce: e8 f2 75 9b d5 ba f4 8b 37 a1 5a 5b 4a ee 60 92 | crypto helper 3 finished build KE and nonce (ikev2_outI1 KE); request ID 23 time elapsed 0.00066 seconds | (#23) spent 0.655 milliseconds in crypto helper computing work-order 23: ikev2_outI1 KE (pcr) | crypto helper 3 sending results from work-order 23 for state #23 to event queue | scheduling resume sending helper answer for #23 | libevent_malloc: new ptr-libevent@0x7f45600102b0 size 128 | crypto helper 3 waiting (nothing to do) | processing resume sending helper answer for #23 | start processing: state #23 connection "3des" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 3 replies to request ID 23 | calling continuation function 0x556c4f6f1630 | ikev2_parent_outI1_continue for #23 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f45600018a0: transferring ownership from helper KE to state #23 | **emit ISAKMP Message: | initiator cookie: | 43 79 11 0e 3d f3 24 3a | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection 3des (IKE SA initiator emitting local proposals): 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "3des" #23: IMPAIR: emitting fixed-length key-length attribute with 192 key | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 192 (0xc0) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x 30 32 31 d8 c7 43 ae 97 01 31 c1 e3 60 86 bc b5 | ikev2 g^x 2d 40 64 04 c5 7c 6a 16 16 91 73 28 dd a5 d8 1d | ikev2 g^x b7 23 f5 99 a8 26 c3 a0 f0 f7 7b 70 29 a9 44 e4 | ikev2 g^x 6f 65 de 9f 74 11 55 88 38 e1 33 94 c4 02 09 ea | ikev2 g^x e9 c3 64 41 ab b9 bf 69 2b 56 ff c1 a2 23 bb 69 | ikev2 g^x 03 a5 ec 81 46 2e fb 56 6b ea fd 4b d3 18 3b 64 | ikev2 g^x 83 9f 85 cb 8a 1e 79 d7 f6 d7 26 0b 1a 0f 57 8c | ikev2 g^x 07 f7 b4 4d 34 c9 12 bc 57 06 20 65 b9 16 23 5a | ikev2 g^x b9 a7 2a b0 88 f9 28 29 7c 41 84 88 e4 be 87 47 | ikev2 g^x 6f 75 ab 4b da a8 6a f9 83 47 28 82 25 63 7f 58 | ikev2 g^x a9 56 63 14 b8 03 ee 9a e4 4a 3e 98 20 cc 2e cf | ikev2 g^x 64 33 73 3f ef 63 0d 0a cd c1 6f 2e 39 5a ef 4f | ikev2 g^x ed 60 6d 6f 41 99 35 77 93 7e ea c2 76 3b b9 77 | ikev2 g^x 76 89 80 f0 7e 2e 70 27 7e 29 b5 63 80 0e 17 57 | ikev2 g^x ee 87 64 85 47 f0 d6 9b 92 50 ec 68 50 ae c9 cd | ikev2 g^x 41 16 c6 96 ad 73 e3 ea 2f 38 0c 0d 1b 1f 80 c1 | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 52 f0 bd eb 1f a0 dc a6 d0 ff 2e 05 2e 38 0d 76 | IKEv2 nonce e8 f2 75 9b d5 ba f4 8b 37 a1 5a 5b 4a ee 60 92 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffdc298a810 (length 8) | 43 79 11 0e 3d f3 24 3a | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffdc298a818 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffdc298a744 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffdc298a736 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffdc298a7c0 (length 20) | 7d 3b ae fb 14 b6 a5 f1 11 b7 80 9d 87 e0 76 34 | 31 dd 6a 55 | natd_hash: hasher=0x556c4f7c77a0(20) | natd_hash: icookie= 43 79 11 0e 3d f3 24 3a | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 7d 3b ae fb 14 b6 a5 f1 11 b7 80 9d 87 e0 76 34 | natd_hash: hash= 31 dd 6a 55 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 7d 3b ae fb 14 b6 a5 f1 11 b7 80 9d 87 e0 76 34 | Notify data 31 dd 6a 55 | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffdc298a810 (length 8) | 43 79 11 0e 3d f3 24 3a | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffdc298a818 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffdc298a744 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffdc298a736 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffdc298a7c0 (length 20) | d7 55 91 1e aa d2 d9 98 c4 a1 1d e6 20 cb a0 9c | 6b 96 54 aa | natd_hash: hasher=0x556c4f7c77a0(20) | natd_hash: icookie= 43 79 11 0e 3d f3 24 3a | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= d7 55 91 1e aa d2 d9 98 c4 a1 1d e6 20 cb a0 9c | natd_hash: hash= 6b 96 54 aa | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data d7 55 91 1e aa d2 d9 98 c4 a1 1d e6 20 cb a0 9c | Notify data 6b 96 54 aa | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | stop processing: state #23 connection "3des" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #23 connection "3des" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #23 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #23: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #23 to 4294967295 after switching state | Message ID: IKE #23 skipping update_recv as MD is fake | Message ID: sent #23 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "3des" #23: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 440 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #23) | 43 79 11 0e 3d f3 24 3a 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 03 | 80 0e 00 c0 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 30 32 31 d8 c7 43 ae 97 01 31 c1 e3 | 60 86 bc b5 2d 40 64 04 c5 7c 6a 16 16 91 73 28 | dd a5 d8 1d b7 23 f5 99 a8 26 c3 a0 f0 f7 7b 70 | 29 a9 44 e4 6f 65 de 9f 74 11 55 88 38 e1 33 94 | c4 02 09 ea e9 c3 64 41 ab b9 bf 69 2b 56 ff c1 | a2 23 bb 69 03 a5 ec 81 46 2e fb 56 6b ea fd 4b | d3 18 3b 64 83 9f 85 cb 8a 1e 79 d7 f6 d7 26 0b | 1a 0f 57 8c 07 f7 b4 4d 34 c9 12 bc 57 06 20 65 | b9 16 23 5a b9 a7 2a b0 88 f9 28 29 7c 41 84 88 | e4 be 87 47 6f 75 ab 4b da a8 6a f9 83 47 28 82 | 25 63 7f 58 a9 56 63 14 b8 03 ee 9a e4 4a 3e 98 | 20 cc 2e cf 64 33 73 3f ef 63 0d 0a cd c1 6f 2e | 39 5a ef 4f ed 60 6d 6f 41 99 35 77 93 7e ea c2 | 76 3b b9 77 76 89 80 f0 7e 2e 70 27 7e 29 b5 63 | 80 0e 17 57 ee 87 64 85 47 f0 d6 9b 92 50 ec 68 | 50 ae c9 cd 41 16 c6 96 ad 73 e3 ea 2f 38 0c 0d | 1b 1f 80 c1 29 00 00 24 52 f0 bd eb 1f a0 dc a6 | d0 ff 2e 05 2e 38 0d 76 e8 f2 75 9b d5 ba f4 8b | 37 a1 5a 5b 4a ee 60 92 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 7d 3b ae fb 14 b6 a5 f1 | 11 b7 80 9d 87 e0 76 34 31 dd 6a 55 00 00 00 1c | 00 00 40 05 d7 55 91 1e aa d2 d9 98 c4 a1 1d e6 | 20 cb a0 9c 6b 96 54 aa | state #23 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f45500068c0 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x556c50772dd0 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x556c50772dd0 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #23 | libevent_malloc: new ptr-libevent@0x7f45500068c0 size 128 | #23 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49500.598625 | resume sending helper answer for #23 suppresed complete_v2_state_transition() and stole MD | #23 spent 0.52 milliseconds in resume sending helper answer | stop processing: state #23 connection "3des" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f45600102b0 | spent 0.00232 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 36 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 43 79 11 0e 3d f3 24 3a 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 0e | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 43 79 11 0e 3d f3 24 3a | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2N (0x29) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 36 (0x24) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #23 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #23 connection "3des" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #23 connection "3des" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #23 is idle | #23 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | processing payload: ISAKMP_NEXT_v2N (len=0) | State DB: re-hashing IKEv2 state #23 IKE SPIi and SPI[ir] | #23 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process SA_INIT reply notification | Now let's proceed with state specific processing | calling processor Initiator: process SA_INIT reply notification "3des" #23: STATE_PARENT_I1: received unauthenticated v2N_NO_PROPOSAL_CHOSEN - ignored | #23 spent 0.00979 milliseconds in processing: Initiator: process SA_INIT reply notification in ikev2_process_state_packet() | [RE]START processing: state #23 connection "3des" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #23 complete_v2_state_transition() PARENT_I1->PARENT_I1 with status STF_IGNORE | stop processing: state #23 connection "3des" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #23 spent 0.133 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.145 milliseconds in comm_handle_cb() reading and processing packet | timer_event_cb: processing event@0x556c50772dd0 | handling event EVENT_RETRANSMIT for parent state #23 | start processing: state #23 connection "3des" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) | IKEv2 retransmit event | [RE]START processing: state #23 connection "3des" from 192.1.2.23:500 (in retransmit_v2_msg() at retry.c:144) | handling event EVENT_RETRANSMIT for 192.1.2.23 "3des" #23 attempt 2 of 0 | and parent for 192.1.2.23 "3des" #23 keying attempt 1 of 0; retransmit 1 "3des" #23: IMPAIR: retransmit so deleting SA | maximum number of keyingtries reached - deleting state | [RE]START processing: state #23 connection "3des" from 192.1.2.23:500 (in retransmit_v2_msg() at retry.c:234) | pstats #23 ikev2.ike failed too-many-retransmits | pstats #23 ikev2.ike deleted too-many-retransmits | #23 spent 1.42 milliseconds in total | [RE]START processing: state #23 connection "3des" from 192.1.2.23:500 (in delete_state() at state.c:879) "3des" #23: deleting state (STATE_PARENT_I1) aged 0.502s and NOT sending notification | parent state #23: PARENT_I1(half-open IKE SA) => delete | in connection_discard for connection 3des | close_any(fd@25) (in delete_pending() at pending.c:244) | removing pending policy for "3des" {0x556c5076b2a0} | State DB: IKEv2 state not found (flush_incomplete_children) | picked newest_isakmp_sa #0 for #23 "3des" #23: deleting IKE SA for connection '3des' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS | add revival: connection '3des' added to the list and scheduled for 0 seconds | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds | in connection_discard for connection 3des | State DB: deleting IKEv2 state #23 in PARENT_I1 | parent state #23: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) | close_any(fd@24) (in release_whack() at state.c:654) | DH secret MODP2048@0x7f45600018a0: destroyed | stop processing: state #23 from 192.1.2.23:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | libevent_free: release ptr-libevent@0x7f45500068c0 | free_event_entry: release EVENT_RETRANSMIT-pe@0x556c50772dd0 | in statetime_stop() and could not find #23 | processing: STOP state #0 (in timer_event_cb() at timer.c:557) | processing global timer EVENT_REVIVE_CONNS Initiating connection 3des which received a Delete/Notify but must remain up per local policy | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "3des" (in initiate_a_connection() at initiate.c:186) | connection '3des' +POLICY_UP | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #24 at 0x556c50769370 | State DB: adding IKEv2 state #24 in UNDEFINED | pstats #24 ikev2.ike started | Message ID: init #24: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 | parent state #24: UNDEFINED(ignore) => PARENT_I0(ignore) | Message ID: init_ike #24; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 | suspend processing: connection "3des" (in ikev2_parent_outI1() at ikev2_parent.c:535) | start processing: state #24 connection "3des" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) | Queuing pending IPsec SA negotiating with 192.1.2.23 "3des" IKE SA #24 "3des" "3des" #24: initiating v2 parent SA | using existing local IKE proposals for connection 3des (IKE SA initiator selecting KE): 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | DH ike_alg_lookup_by_id id: MODP2048=14, found MODP2048 | adding ikev2_outI1 KE work-order 24 for state #24 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x556c50772dd0 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #24 | libevent_malloc: new ptr-libevent@0x7f45500068c0 size 128 | #24 spent 0.0606 milliseconds in ikev2_parent_outI1() | crypto helper 6 resuming | RESET processing: state #24 connection "3des" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 6 starting work-order 24 for state #24 | RESET processing: connection "3des" (in ikev2_parent_outI1() at ikev2_parent.c:610) | crypto helper 6 doing build KE and nonce (ikev2_outI1 KE); request ID 24 | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) | NSS: Value of Prime: | ff ff ff ff ff ff ff ff c9 0f da a2 21 68 c2 34 | c4 c6 62 8b 80 dc 1c d1 29 02 4e 08 8a 67 cc 74 | 02 0b be a6 3b 13 9b 22 51 4a 08 79 8e 34 04 dd | ef 95 19 b3 cd 3a 43 1b 30 2b 0a 6d f2 5f 14 37 | 4f e1 35 6d 6d 51 c2 45 e4 85 b5 76 62 5e 7e c6 | f4 4c 42 e9 a6 37 ed 6b 0b ff 5c b6 f4 06 b7 ed | ee 38 6b fb 5a 89 9f a5 ae 9f 24 11 7c 4b 1f e6 | 49 28 66 51 ec e4 5b 3d c2 00 7c b8 a1 63 bf 05 | 98 da 48 36 1c 55 d3 9a 69 16 3f a8 fd 24 cf 5f | 83 65 5d 23 dc a3 ad 96 1c 62 f3 56 20 85 52 bb | 9e d5 29 07 70 96 96 6d 67 0c 35 4e 4a bc 98 04 | f1 74 6c 08 ca 18 21 7c 32 90 5e 46 2e 36 ce 3b | e3 9e 77 2c 18 0e 86 03 9b 27 83 a2 ec 07 a2 8f | b5 c5 5d f0 6f 4c 52 c9 de 2b cb f6 95 58 17 18 | 39 95 49 7c ea 95 6a e5 15 d2 26 18 98 fa 05 10 | 15 72 8e 5a 8a ac aa 68 ff ff ff ff ff ff ff ff | NSS: Value of base: 02 | spent 0.0925 milliseconds in global timer EVENT_REVIVE_CONNS | DH secret MODP2048@0x7f4564000d60: created | NSS: Local DH MODP2048 secret (pointer): 0x7f4564000d60 | NSS: Public DH wire value: | be 3a 70 41 53 bd 7c 16 38 90 82 fa 60 71 c4 64 | 47 a4 0b c4 cf 84 13 1a 8c 87 ae 72 2d a1 e7 64 | ca ae bd 1a b9 ae 84 2d 26 0d 66 46 23 eb e8 3d | d1 bc 1c e8 df 06 da a6 b3 a2 74 d5 33 56 77 31 | 03 4d 4d 86 f9 cb a4 57 e6 3d ec 72 9d c5 4c a5 | b8 eb 92 b5 f8 39 11 68 37 4c ba d5 10 50 93 58 | 74 37 66 a4 97 f3 44 c0 98 1b aa 51 eb 8d 9e f1 | 25 ac 8f 66 1c 95 52 79 0d b0 fc 9a 00 70 22 03 | 1a 63 f3 1c b6 fa e4 02 f2 c9 ed 53 43 1b 38 3f | 9f 0c 2d 00 82 83 e5 c3 1a 80 46 1d 20 7a 52 4d | 1b 4d 01 79 ed e3 d6 d7 9d d7 c0 c9 ad a8 a8 1d | 33 66 7c 92 17 42 d7 de 8c 32 85 bf 61 f0 dd 52 | cd fd b0 8e 8e 55 4f 87 e0 61 ab 0f d8 5c cf ab | 77 64 18 f6 37 df ea 6b 81 c6 18 16 57 58 43 73 | 69 08 63 c8 42 36 3f ed f7 ac 06 5c f6 0a be 50 | c2 60 0c a3 ec 8b 2b de a9 8c f1 6f b2 e7 c9 cd | Generated nonce: 8f dc 2e 30 db 69 0e d0 11 0a 85 fc 6a fd 72 7c | Generated nonce: 24 4b cc d9 38 18 af cc eb 42 22 2a 70 30 27 20 | crypto helper 6 finished build KE and nonce (ikev2_outI1 KE); request ID 24 time elapsed 0.00066 seconds | (#24) spent 0.66 milliseconds in crypto helper computing work-order 24: ikev2_outI1 KE (pcr) | crypto helper 6 sending results from work-order 24 for state #24 to event queue | scheduling resume sending helper answer for #24 | libevent_malloc: new ptr-libevent@0x7f45640067e0 size 128 | crypto helper 6 waiting (nothing to do) | processing resume sending helper answer for #24 | start processing: state #24 connection "3des" from 192.1.2.23:500 (in resume_handler() at server.c:797) | crypto helper 6 replies to request ID 24 | calling continuation function 0x556c4f6f1630 | ikev2_parent_outI1_continue for #24 | wire (crypto helper) group MODP2048 and state group MODP2048 match | DH secret MODP2048@0x7f4564000d60: transferring ownership from helper KE to state #24 | **emit ISAKMP Message: | initiator cookie: | e0 6f b0 8f 10 d0 e6 ce | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | using existing local IKE proposals for connection 3des (IKE SA initiator emitting local proposals): 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 | Emitting ikev2_proposals ... | ***emit IKEv2 Security Association Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' | ****emit IKEv2 Proposal Substructure Payload: | last proposal: v2_PROPOSAL_LAST (0x0) | prop #: 1 (0x1) | proto ID: IKEv2_SEC_PROTO_IKE (0x1) | spi size: 0 (0x0) | # transforms: 4 (0x4) | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) | IKEv2 transform ID: 3DES (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' "3des" #24: IMPAIR: emitting fixed-length key-length attribute with 192 key | ******emit IKEv2 Attribute Substructure Payload: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) | length/value: 192 (0xc0) | emitting length of IKEv2 Transform Substructure Payload: 12 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_PRF (0x2) | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_NON_LAST (0x3) | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | *****emit IKEv2 Transform Substructure Payload: | last transform: v2_TRANSFORM_LAST (0x0) | IKEv2 transform type: TRANS_TYPE_DH (0x4) | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' | emitting length of IKEv2 Transform Substructure Payload: 8 | emitting length of IKEv2 Proposal Substructure Payload: 44 | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 | emitting length of IKEv2 Security Association Payload: 48 | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 | ***emit IKEv2 Key Exchange Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | DH group: OAKLEY_GROUP_MODP2048 (0xe) | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload | ikev2 g^x be 3a 70 41 53 bd 7c 16 38 90 82 fa 60 71 c4 64 | ikev2 g^x 47 a4 0b c4 cf 84 13 1a 8c 87 ae 72 2d a1 e7 64 | ikev2 g^x ca ae bd 1a b9 ae 84 2d 26 0d 66 46 23 eb e8 3d | ikev2 g^x d1 bc 1c e8 df 06 da a6 b3 a2 74 d5 33 56 77 31 | ikev2 g^x 03 4d 4d 86 f9 cb a4 57 e6 3d ec 72 9d c5 4c a5 | ikev2 g^x b8 eb 92 b5 f8 39 11 68 37 4c ba d5 10 50 93 58 | ikev2 g^x 74 37 66 a4 97 f3 44 c0 98 1b aa 51 eb 8d 9e f1 | ikev2 g^x 25 ac 8f 66 1c 95 52 79 0d b0 fc 9a 00 70 22 03 | ikev2 g^x 1a 63 f3 1c b6 fa e4 02 f2 c9 ed 53 43 1b 38 3f | ikev2 g^x 9f 0c 2d 00 82 83 e5 c3 1a 80 46 1d 20 7a 52 4d | ikev2 g^x 1b 4d 01 79 ed e3 d6 d7 9d d7 c0 c9 ad a8 a8 1d | ikev2 g^x 33 66 7c 92 17 42 d7 de 8c 32 85 bf 61 f0 dd 52 | ikev2 g^x cd fd b0 8e 8e 55 4f 87 e0 61 ab 0f d8 5c cf ab | ikev2 g^x 77 64 18 f6 37 df ea 6b 81 c6 18 16 57 58 43 73 | ikev2 g^x 69 08 63 c8 42 36 3f ed f7 ac 06 5c f6 0a be 50 | ikev2 g^x c2 60 0c a3 ec 8b 2b de a9 8c f1 6f b2 e7 c9 cd | emitting length of IKEv2 Key Exchange Payload: 264 | ***emit IKEv2 Nonce Payload: | next payload type: ISAKMP_NEXT_v2N (0x29) | flags: none (0x0) | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload | IKEv2 nonce 8f dc 2e 30 db 69 0e d0 11 0a 85 fc 6a fd 72 7c | IKEv2 nonce 24 4b cc d9 38 18 af cc eb 42 22 2a 70 30 27 20 | emitting length of IKEv2 Nonce Payload: 36 | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting length of IKEv2 Notify Payload: 8 | NAT-Traversal support [enabled] add v2N payloads. | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffdc298a810 (length 8) | e0 6f b0 8f 10 d0 e6 ce | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffdc298a818 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffdc298a744 (length 4) | c0 01 02 2d | NATD hash sha digest PORT-bytes@0x7ffdc298a736 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffdc298a7c0 (length 20) | 0e 26 d2 ff 72 b3 c5 15 8b 91 e4 39 52 ee ee 10 | 4e 33 71 8a | natd_hash: hasher=0x556c4f7c77a0(20) | natd_hash: icookie= e0 6f b0 8f 10 d0 e6 ce | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 2d | natd_hash: port= 01 f4 | natd_hash: hash= 0e 26 d2 ff 72 b3 c5 15 8b 91 e4 39 52 ee ee 10 | natd_hash: hash= 4e 33 71 8a | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 0e 26 d2 ff 72 b3 c5 15 8b 91 e4 39 52 ee ee 10 | Notify data 4e 33 71 8a | emitting length of IKEv2 Notify Payload: 28 | natd_hash: rcookie is zero | NATD hash sha init | NATD hash sha digest ICOOKIE/IKE SPIi-bytes@0x7ffdc298a810 (length 8) | e0 6f b0 8f 10 d0 e6 ce | NATD hash sha digest RCOOKIE/IKE SPIr-bytes@0x7ffdc298a818 (length 8) | 00 00 00 00 00 00 00 00 | NATD hash sha digest IP addr-bytes@0x7ffdc298a744 (length 4) | c0 01 02 17 | NATD hash sha digest PORT-bytes@0x7ffdc298a736 (length 2) | 01 f4 | NATD hash sha final bytes@0x7ffdc298a7c0 (length 20) | 2f 0e a5 28 d0 07 11 8f 7a 63 52 93 ae c1 7e 04 | a1 22 88 7e | natd_hash: hasher=0x556c4f7c77a0(20) | natd_hash: icookie= e0 6f b0 8f 10 d0 e6 ce | natd_hash: rcookie= 00 00 00 00 00 00 00 00 | natd_hash: ip= c0 01 02 17 | natd_hash: port= 01 f4 | natd_hash: hash= 2f 0e a5 28 d0 07 11 8f 7a 63 52 93 ae c1 7e 04 | natd_hash: hash= a1 22 88 7e | Adding a v2N Payload | ***emit IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload | Notify data 2f 0e a5 28 d0 07 11 8f 7a 63 52 93 ae c1 7e 04 | Notify data a1 22 88 7e | emitting length of IKEv2 Notify Payload: 28 | emitting length of ISAKMP Message: 440 | stop processing: state #24 connection "3des" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) | start processing: state #24 connection "3des" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #24 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 | parent state #24: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) | Message ID: updating counters for #24 to 4294967295 after switching state | Message ID: IKE #24 skipping update_recv as MD is fake | Message ID: sent #24 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 "3des" #24: STATE_PARENT_I1: sent v2I1, expected v2R1 | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 440 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #24) | e0 6f b0 8f 10 d0 e6 ce 00 00 00 00 00 00 00 00 | 21 20 22 08 00 00 00 00 00 00 01 b8 22 00 00 30 | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 03 | 80 0e 00 c0 03 00 00 08 02 00 00 02 03 00 00 08 | 03 00 00 02 00 00 00 08 04 00 00 0e 28 00 01 08 | 00 0e 00 00 be 3a 70 41 53 bd 7c 16 38 90 82 fa | 60 71 c4 64 47 a4 0b c4 cf 84 13 1a 8c 87 ae 72 | 2d a1 e7 64 ca ae bd 1a b9 ae 84 2d 26 0d 66 46 | 23 eb e8 3d d1 bc 1c e8 df 06 da a6 b3 a2 74 d5 | 33 56 77 31 03 4d 4d 86 f9 cb a4 57 e6 3d ec 72 | 9d c5 4c a5 b8 eb 92 b5 f8 39 11 68 37 4c ba d5 | 10 50 93 58 74 37 66 a4 97 f3 44 c0 98 1b aa 51 | eb 8d 9e f1 25 ac 8f 66 1c 95 52 79 0d b0 fc 9a | 00 70 22 03 1a 63 f3 1c b6 fa e4 02 f2 c9 ed 53 | 43 1b 38 3f 9f 0c 2d 00 82 83 e5 c3 1a 80 46 1d | 20 7a 52 4d 1b 4d 01 79 ed e3 d6 d7 9d d7 c0 c9 | ad a8 a8 1d 33 66 7c 92 17 42 d7 de 8c 32 85 bf | 61 f0 dd 52 cd fd b0 8e 8e 55 4f 87 e0 61 ab 0f | d8 5c cf ab 77 64 18 f6 37 df ea 6b 81 c6 18 16 | 57 58 43 73 69 08 63 c8 42 36 3f ed f7 ac 06 5c | f6 0a be 50 c2 60 0c a3 ec 8b 2b de a9 8c f1 6f | b2 e7 c9 cd 29 00 00 24 8f dc 2e 30 db 69 0e d0 | 11 0a 85 fc 6a fd 72 7c 24 4b cc d9 38 18 af cc | eb 42 22 2a 70 30 27 20 29 00 00 08 00 00 40 2e | 29 00 00 1c 00 00 40 04 0e 26 d2 ff 72 b3 c5 15 | 8b 91 e4 39 52 ee ee 10 4e 33 71 8a 00 00 00 1c | 00 00 40 05 2f 0e a5 28 d0 07 11 8f 7a 63 52 93 | ae c1 7e 04 a1 22 88 7e | state #24 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f45500068c0 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x556c50772dd0 | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms | event_schedule: new EVENT_RETRANSMIT-pe@0x556c50772dd0 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #24 | libevent_malloc: new ptr-libevent@0x7f45500068c0 size 128 | #24 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49501.101333 | resume sending helper answer for #24 suppresed complete_v2_state_transition() and stole MD | #24 spent 0.536 milliseconds in resume sending helper answer | stop processing: state #24 connection "3des" from 192.1.2.23:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f45640067e0 | spent 0.00195 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 36 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | e0 6f b0 8f 10 d0 e6 ce 00 00 00 00 00 00 00 00 | 29 20 22 20 00 00 00 00 00 00 00 24 00 00 00 08 | 00 00 00 0e | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | e0 6f b0 8f 10 d0 e6 ce | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_v2N (0x29) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) | Message ID: 0 (0x0) | length: 36 (0x24) | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response | State DB: found IKEv2 state #24 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) | start processing: state #24 connection "3des" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) | [RE]START processing: state #24 connection "3des" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) | #24 is idle | #24 idle | unpacking clear payload | Now let's proceed with payload (ISAKMP_NEXT_v2N) | ***parse IKEv2 Notify Payload: | next payload type: ISAKMP_NEXT_v2NONE (0x0) | flags: none (0x0) | length: 8 (0x8) | Protocol ID: PROTO_v2_RESERVED (0x0) | SPI size: 0 (0x0) | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe) | processing payload: ISAKMP_NEXT_v2N (len=0) | State DB: re-hashing IKEv2 state #24 IKE SPIi and SPI[ir] | #24 in state PARENT_I1: sent v2I1, expected v2R1 | selected state microcode Initiator: process SA_INIT reply notification | Now let's proceed with state specific processing | calling processor Initiator: process SA_INIT reply notification "3des" #24: STATE_PARENT_I1: received unauthenticated v2N_NO_PROPOSAL_CHOSEN - ignored | #24 spent 0.00358 milliseconds in processing: Initiator: process SA_INIT reply notification in ikev2_process_state_packet() | [RE]START processing: state #24 connection "3des" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) | #24 complete_v2_state_transition() PARENT_I1->PARENT_I1 with status STF_IGNORE | stop processing: state #24 connection "3des" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) | #24 spent 0.11 milliseconds in ikev2_process_packet() | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.121 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_STATE_... in show_traffic_status (sort_states) | FOR_EACH_STATE_... in sort_states | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0509 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "3des" (in terminate_a_connection() at terminate.c:69) "3des": terminating SAs using this connection | connection '3des' -POLICY_UP | removing pending policy for no connection {0x556c5076b2a0} | connection not shared - terminating IKE and IPsec SA | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #24 | suspend processing: connection "3des" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #24 connection "3des" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #24 ikev2.ike deleted other | #24 spent 1.37 milliseconds in total | [RE]START processing: state #24 connection "3des" from 192.1.2.23:500 (in delete_state() at state.c:879) "3des" #24: deleting state (STATE_PARENT_I1) aged 0.013s and NOT sending notification | parent state #24: PARENT_I1(half-open IKE SA) => delete | state #24 requesting EVENT_RETRANSMIT to be deleted | #24 STATE_PARENT_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x7f45500068c0 | free_event_entry: release EVENT_RETRANSMIT-pe@0x556c50772dd0 | State DB: IKEv2 state not found (flush_incomplete_children) | stop processing: connection "3des" (BACKGROUND) (in update_state_connection() at connections.c:4037) | start processing: connection NULL (in update_state_connection() at connections.c:4038) | in connection_discard for connection 3des | State DB: deleting IKEv2 state #24 in PARENT_I1 | parent state #24: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) | DH secret MODP2048@0x7f4564000d60: destroyed | stop processing: state #24 from 192.1.2.23:500 (in delete_state() at state.c:1143) | delete_state: release st->st_shared_nss-key@NULL | delete_state: release st->st_skeyid_nss-key@NULL | delete_state: release st->st_skey_d_nss-key@NULL | delete_state: release st->st_skey_ai_nss-key@NULL | delete_state: release st->st_skey_ar_nss-key@NULL | delete_state: release st->st_skey_ei_nss-key@NULL | delete_state: release st->st_skey_er_nss-key@NULL | delete_state: release st->st_skey_pi_nss-key@NULL | delete_state: release st->st_skey_pr_nss-key@NULL | delete_state: release st->st_enc_key_nss-key@NULL | delete_state: release st->st_sk_d_no_ppk-key@NULL | delete_state: release st->st_sk_pi_no_ppk-key@NULL | delete_state: release st->st_sk_pr_no_ppk-key@NULL | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "3des" (in delete_connection() at connections.c:189) | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | free hp@0x556c5076a4d0 | flush revival: connection '3des' wasn't on the list | stop processing: connection "3des" (in discard_connection() at connections.c:249) | FOR_EACH_CONNECTION_... in conn_by_name | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.152 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | old debugging base+cpu-usage+crypt + none | base debugging = base+cpu-usage+crypt | old impairing delete-on-retransmit + none - bust-mi2+bust-mr2+drop-i2+sa-creation+jacob-two-two+allow-null-none+major-version-bump+minor-version-bump+timeout-on-retransmit+delete-on-retransmit+suppress-retransmits+send-bogus-payload-flag+send-bogus-isakmp-flag+send-no-delete+send-no-ikev2-auth+send-no-xauth-r0+drop-xauth-r0+send-no-main-r2+force-fips+send-key-size-check+send-bogus-dcookie+omit-hash-notify+ignore-hash-notify+ignore-hash-notify-resp+ikev2-exclude-integ-none+ikev2-include-integ-none+replay-duplicates+replay-forward+replay-backward+replay-encrypted+corrupt-encrypted+proposal-parser+add-unknown-payload-to-sa-init+add-unknown-payload-to-auth+add-unknown-payload-to-auth-sk+unknown-payload-critical+allow-dns-insecure+send-pkcs7-thingie+ikev1-del-with-notify+bad-ikev2-auth-xchg | base impairing = none | ike-key-length-attribute: disabled | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.064 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) | FOR_EACH_CONNECTION_... in show_connections_status | FOR_EACH_STATE_... in show_states_status (sort_states) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.248 milliseconds in whack | spent 0.00295 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 09 59 11 4a c2 0f 26 e5 55 a5 da 62 5b bc 99 84 | 2e 20 25 00 00 00 00 00 00 00 00 4c 2a 00 00 30 | 2c 3f 67 f5 29 c4 30 9f 68 5f 6c 7a a9 c4 b9 85 | d4 96 75 90 f5 52 21 e4 e1 4f 75 f6 ed f0 14 3c | f4 42 ed d7 ba 6f 07 78 3c 31 1c a3 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 09 59 11 4a c2 0f 26 e5 | responder cookie: | 55 a5 da 62 5b bc 99 84 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: none (0x0) | Message ID: 0 (0x0) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request | State DB: IKEv2 state not found (find_v2_ike_sa) packet from 192.1.2.23:500: INFORMATIONAL message request has no corresponding IKE SA | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0745 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00208 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 6d 52 27 e4 2d 1d 3b 0e 61 91 89 8f 29 8a 8c 00 | 2e 20 25 00 00 00 00 00 00 00 00 4c 2a 00 00 30 | 2c a5 a4 ac 8b 25 a6 bb 84 7f 87 b0 40 48 5a f7 | 43 96 df 80 c8 40 b3 ff 41 45 27 81 f2 de 93 64 | 94 38 3b 6d 01 0b 12 f3 62 06 07 39 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 6d 52 27 e4 2d 1d 3b 0e | responder cookie: | 61 91 89 8f 29 8a 8c 00 | next payload type: ISAKMP_NEXT_v2SK (0x2e) | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) | flags: none (0x0) | Message ID: 0 (0x0) | length: 76 (0x4c) | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request | State DB: IKEv2 state not found (find_v2_ike_sa) packet from 192.1.2.23:500: INFORMATIONAL message request has no corresponding IKE SA | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0597 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) shutting down | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) | pluto_sd: executing action action: stopping(6), status 0 | certs and keys locked by 'free_preshared_secrets' forgetting secrets | certs and keys unlocked by 'free_preshared_secrets' | crl fetch request list locked by 'free_crl_fetch' | crl fetch request list unlocked by 'free_crl_fetch' shutting down interface lo/lo 127.0.0.1:4500 shutting down interface lo/lo 127.0.0.1:500 shutting down interface eth0/eth0 192.0.1.254:4500 shutting down interface eth0/eth0 192.0.1.254:500 shutting down interface eth1/eth1 192.1.2.45:4500 shutting down interface eth1/eth1 192.1.2.45:500 | FOR_EACH_STATE_... in delete_states_dead_interfaces | libevent_free: release ptr-libevent@0x556c50767fd0 | free_event_entry: release EVENT_NULL-pe@0x556c50767f90 | libevent_free: release ptr-libevent@0x556c507680c0 | free_event_entry: release EVENT_NULL-pe@0x556c50768080 | libevent_free: release ptr-libevent@0x556c507681b0 | free_event_entry: release EVENT_NULL-pe@0x556c50768170 | libevent_free: release ptr-libevent@0x556c507682a0 | free_event_entry: release EVENT_NULL-pe@0x556c50768260 | libevent_free: release ptr-libevent@0x556c50768390 | free_event_entry: release EVENT_NULL-pe@0x556c50768350 | libevent_free: release ptr-libevent@0x556c50768480 | free_event_entry: release EVENT_NULL-pe@0x556c50768440 | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations | libevent_free: release ptr-libevent@0x556c507678b0 | free_event_entry: release EVENT_NULL-pe@0x556c507504f0 | libevent_free: release ptr-libevent@0x556c5075d400 | free_event_entry: release EVENT_NULL-pe@0x556c5074b620 | libevent_free: release ptr-libevent@0x556c5075d370 | free_event_entry: release EVENT_NULL-pe@0x556c507505e0 | global timer EVENT_REINIT_SECRET uninitialized | global timer EVENT_SHUNT_SCAN uninitialized | global timer EVENT_PENDING_DDNS uninitialized | global timer EVENT_PENDING_PHASE2 uninitialized | global timer EVENT_CHECK_CRLS uninitialized | global timer EVENT_REVIVE_CONNS uninitialized | global timer EVENT_FREE_ROOT_CERTS uninitialized | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized | global timer EVENT_NAT_T_KEEPALIVE uninitialized | libevent_free: release ptr-libevent@0x556c50767980 | signal event handler PLUTO_SIGCHLD uninstalled | libevent_free: release ptr-libevent@0x556c50767a60 | signal event handler PLUTO_SIGTERM uninstalled | libevent_free: release ptr-libevent@0x556c50767b20 | signal event handler PLUTO_SIGHUP uninstalled | libevent_free: release ptr-libevent@0x556c5075c600 | signal event handler PLUTO_SIGSYS uninstalled | releasing event base | libevent_free: release ptr-libevent@0x556c50767be0 | libevent_free: release ptr-libevent@0x556c5073d1a0 | libevent_free: release ptr-libevent@0x556c5074b930 | libevent_free: release ptr-libevent@0x556c5074ba00 | libevent_free: release ptr-libevent@0x556c5074b950 | libevent_free: release ptr-libevent@0x556c50767940 | libevent_free: release ptr-libevent@0x556c50767a20 | libevent_free: release ptr-libevent@0x556c5074b9e0 | libevent_free: release ptr-libevent@0x556c5074bc10 | libevent_free: release ptr-libevent@0x556c50750670 | libevent_free: release ptr-libevent@0x556c50768510 | libevent_free: release ptr-libevent@0x556c50768420 | libevent_free: release ptr-libevent@0x556c50768330 | libevent_free: release ptr-libevent@0x556c50768240 | libevent_free: release ptr-libevent@0x556c50768150 | libevent_free: release ptr-libevent@0x556c50768060 | libevent_free: release ptr-libevent@0x556c506cd370 | libevent_free: release ptr-libevent@0x556c50767b00 | libevent_free: release ptr-libevent@0x556c50767a40 | libevent_free: release ptr-libevent@0x556c50767960 | libevent_free: release ptr-libevent@0x556c50767bc0 | libevent_free: release ptr-libevent@0x556c506cb5b0 | libevent_free: release ptr-libevent@0x556c5074b970 | libevent_free: release ptr-libevent@0x556c5074b9a0 | libevent_free: release ptr-libevent@0x556c5074b690 | releasing global libevent data | libevent_free: release ptr-libevent@0x556c5074a360 | libevent_free: release ptr-libevent@0x556c5074a390 | libevent_free: release ptr-libevent@0x556c5074b660