Using GOST Cryptographic Algorithms in the Internet Key Exchange Protocol Version 2 (IKEv2)
RFC 9385
| Document | Type |
RFC
- Informational
(May 2023)
Was
draft-smyslov-ike2-gost
(individual)
|
|
|---|---|---|---|
| Author | Valery Smyslov | ||
| Last updated | 2023-12-12 | ||
| RFC stream | Independent Submission | ||
| Formats | |||
| IESG | Responsible AD | (None) | |
| Send notices to | (None) |
RFC 9385
#x27;s actions:
(69) Computes shared key
00000000: bd 04 9d 0f 9c 5f 58 af c7 e4 01 bc 18 59 01 7c
00000010: 88 28 f9 f2 9f 33 01 5d 49 9a 7d 14 74 d4 31 ac
(70) Computes SKEYSEED
00000000: 9b ed 6c 79 64 b3 de 3a e4 9e dd 62 04 5a f0 8b
00000010: 43 88 33 d4 e6 9e 73 16 a1 1a 9e b2 b4 19 13 c5
00000020: d0 6d fb 86 40 11 c3 02 bb e5 a3 b5 e4 4a c4 c0
00000030: 9d 18 c6 94 de c3 c5 14 82 e7 a2 51 fe c4 98 ca
(71) Computes SK_d
00000000: c2 21 15 fd d3 99 3b 2a 43 60 c4 59 34 b0 be 3f
00000010: 53 ef 6e b1 dd 88 ad 72 55 dd 83 22 5c 6f e1 d6
00000020: 1f 1e ab 06 f9 41 cb c8 ea f9 dc fc 19 a0 2d bf
00000030: 9a 0a 3f 3a 9a 45 1f 08 b6 a9 2c 62 52 b7 26 34
(72) Computes SK_ei
00000000: 18 4e 4e 0f 36 28 bf 3c 9c 04 8e 93 bf a0 77 53
00000010: 91 34 12 81 42 e6 4e 62 7f db a5 ed 98 60 50 ff
00000020: b4 e1 3e 23
(73) Computes SK_er
00000000: e9 27 59 2f 09 49 68 1e 0e 62 db c6 19 06 73 13
00000010: cf da 5c 02 27 3e 4a b4 78 98 b4 86 d0 e9 34 f4
00000020: a5 bb 18 2f
(74) Computes SK_pi
00000000: 30 2c 10 8d 0f 61 47 00 f1 40 4f a9 4f af b5 30
00000010: 11 ba 5f 24 39 32 85 12 4e 7e 71 75 50 15 a6 93
00000020: c3 d0 5e 40 2e 21 8e b1 59 09 cd a4 eb b4 91 68
00000030: 29 42 fe e2 d8 76 8f a6 96 55 1f ab 6c 9b 00 f8
(75) Computes SK_pr
00000000: 6f 81 72 cb 96 58 fb 0e 17 70 b6 b9 1f a9 69 a9
00000010: fc c7 27 4f b4 e1 85 90 a0 c7 9f f9 72 11 61 2a
00000020: 35 b7 b7 96 d3 6a bb a5 aa b1 b8 34 8d 99 c6 f3
00000030: 2b fc 32 56 c1 94 71 04 55 bd 89 6a bf c3 8b fe
(76) Extracts IV from message (fragment 1)
00000000: 00 00 00 00 00 00 00 00
(77) Computes K1i (i1 = 0)
00000000: 3c 57 d7 c8 9f 50 98 fc 86 81 d6 8a 4e 5d 83 c6
00000010: 1e 42 e6 e7 60 67 05 8d f5 2e 10 13 12 15 32 58
(78) Computes K2i (i2 = 0)
00000000: 0b 88 0a 1b c8 3e 61 79 82 08 db 13 31 08 63 3c
00000010: 17 62 17 cb 7d 18 ce 70 37 84 85 f4 89 49 d0 06
(79) Computes K3i (i3 = 0)
00000000: 18 63 41 67 49 6e cf 48 56 71 4d aa 42 63 5c 11
00000010: 2e 26 5b e2 7b c7 53 a4 09 82 e5 5a 7e f4 65 4d
(80) Composes MGM nonce (fragment 1)
00000000: 00 00 00 00 b4 e1 3e 23
(81) Extracts ICV from message (fragment 1)
00000000: b1 51 cd e6 dc 64 12 1c
(82) Extracts AAD from message (fragment 1)
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 35 20 23 08 00 00 00 01 00 00 02 20 23 00 02 04
00000020: 00 01 00 04
(83) Extracts ciphertext from message (fragment 1)
00000000: 03 45 60 11 15 25 f5 45 bb 0e f4 25 26 e2 14 8c
00000010: a7 01 82 f6 9c 6e 42 f1 a3 9b 9e ac a6 dd 0d 9c
00000020: ff 79 15 ed b9 0c 81 a0 b4 29 61 fb 55 1b c1 73
00000030: 4d de 1f b2 5f 1f cb 84 5d 12 24 85 52 c4 f2 1d
00000040: 01 a7 92 ad 55 4d 90 d0 58 d2 1a 5e f6 dc 4e 73
00000050: d4 9b 08 66 d7 64 de 10 e6 75 69 20 e3 7b 6c f0
00000060: 4b 8b ff 60 39 f1 19 31 72 dd c1 09 33 5b 1d 56
00000070: ee 0c 1c 42 d7 f3 04 d3 5b 9a 6e cf 7f b3 1f ac
00000080: 34 a6 ee e0 ac 87 b8 88 99 75 a6 ae dc b5 30 38
00000090: eb 3d 48 fd cc 69 64 f8 c6 61 ce e9 e1 24 ba aa
000000A0: 25 5e e6 ea 8b 0c ef 20 31 bf a9 ae 6d e2 82 d4
000000B0: ab 2c d7 af ca 62 fe bd 7c 8f a9 dc d3 63 05 d7
000000C0: ba 92 56 66 44 ad 5d 9d 1e 9a 27 2e 22 6e 5b 0c
000000D0: af 84 6b c6 a7 cf ca 72 f8 8e d3 a1 bc d4 7c 5b
000000E0: 7e 26 7f b3 05 d8 62 ef ad d6 07 70 d7 4b 33 e4
000000F0: 26 84 e6 eb 5b 65 5c a7 71 29 45 15 d9 b0 83 6a
00000100: 52 5f a9 d8 dd f1 d8 62 c7 d7 3d e9 69 0e c5 b1
00000110: e1 de 20 6c 3d 5f f7 f7 9f f6 a5 7b 4d a5 4e e9
00000120: b4 c4 c2 7d cc 43 62 77 57 37 d3 40 48 b2 c0 5b
00000130: 48 ab d0 94 79 ef 3d 04 e3 d8 6d 42 56 ed cd 94
00000140: b4 23 2c fa f0 6b 39 ad 41 a3 b3 8f ec b8 6c ef
00000150: e1 98 3a b2 fb a8 fd 21 96 8a bf 3a 65 47 8a e9
00000160: 69 60 44 02 2c ec 7a 86 74 fe 1d 9b 08 5e b8 5e
00000170: f8 ca 37 20 5f a7 74 8c 12 88 f2 d8 9e d4 94 29
00000180: c2 db f9 fb 35 a0 cf 21 2b da 8b 9e cc 52 84 eb
00000190: c4 12 39 3e e6 18 fb f7 57 6c b5 1e 10 3d 11 9c
000001A0: 29 9c 41 73 69 d8 d0 9d 71 2b 77 66 87 65 51 19
000001B0: db 27 a0 dd aa 64 ba fd c0 5f e1 4e da 7c 20 fc
000001C0: 8c 13 ab 2d c2 9c 37 9d 7e 51 cb 29 03 10 52 dc
000001D0: f8 09 61 cc 12 9a a0 8e 1b e4 52 f8 72 bd 7a 86
000001E0: db 93 7c 55 b8 1e 7f 21 d4 e6 02 f2
(84) Decrypts ciphertext and verifies ICV using K3i as K_msg,
resulting in plaintext (fragment 1)
00000000: 25 00 00 4e 09 00 00 00 30 44 31 20 30 1e 06 03
00000010: 55 04 03 13 17 49 4b 45 20 49 6e 74 65 72 6f 70
00000020: 20 54 65 73 74 20 43 6c 69 65 6e 74 31 13 30 11
00000030: 06 03 55 04 0a 13 0a 45 4c 56 49 53 2d 50 4c 55
00000040: 53 31 0b 30 09 06 03 55 04 06 13 02 52 55 26 00
00000050: 05 00 04 30 82 04 f7 30 82 04 a4 a0 03 02 01 02
00000060: 02 13 7c 00 03 da a8 9e 1e ff 9e 79 05 fb bb 00
00000070: 01 00 03 da a8 30 0a 06 08 2a 85 03 07 01 01 03
00000080: 02 30 82 01 0a 31 18 30 16 06 05 2a 85 03 64 01
00000090: 12 0d 31 32 33 34 35 36 37 38 39 30 31 32 33 31
000000A0: 1a 30 18 06 08 2a 85 03 03 81 03 01 01 12 0c 30
000000B0: 30 31 32 33 34 35 36 37 38 39 30 31 2f 30 2d 06
000000C0: 03 55 04 09 0c 26 d1 83 d0 bb 2e 20 d0 a1 d1 83
000000D0: d1 89 d1 91 d0 b2 d1 81 d0 ba d0 b8 d0 b9 20 d0
000000E0: b2 d0 b0 d0 bb 20 d0 b4 2e 20 31 38 31 0b 30 09
000000F0: 06 03 55 04 06 13 02 52 55 31 19 30 17 06 03 55
00000100: 04 08 0c 10 d0 b3 2e 20 d0 9c d0 be d1 81 d0 ba
00000110: d0 b2 d0 b0 31 15 30 13 06 03 55 04 07 0c 0c d0
00000120: 9c d0 be d1 81 d0 ba d0 b2 d0 b0 31 25 30 23 06
00000130: 03 55 04 0a 0c 1c d0 9e d0 9e d0 9e 20 22 d0 9a
00000140: d0 a0 d0 98 d0 9f d0 a2 d0 9e 2d d0 9f d0 a0 d0
00000150: 9e 22 31 3b 30 39 06 03 55 04 03 0c 32 d0 a2 d0
00000160: b5 d1 81 d1 82 d0 be d0 b2 d1 8b d0 b9 20 d0 a3
00000170: d0 a6 20 d0 9e d0 9e d0 9e 20 22 d0 9a d0 a0 d0
00000180: 98 d0 9f d0 a2 d0 9e 2d d0 9f d0 a0 d0 9e 22 30
00000190: 1e 17 0d 32 31 31 30 30 31 30 36 31 30 31 30 5a
000001A0: 17 0d 32 32 30 31 30 31 30 36 32 30 31 30 5a 30
000001B0: 44 31 20 30 1e 06 03 55 04 03 13 17 49 4b 45 20
000001C0: 49 6e 74 65 72 6f 70 20 54 65 73 74 20 43 6c 69
000001D0: 65 6e 74 31 13 30 11 06 03 55 04 0a 13 0a 45 4c
000001E0: 56 49 53 2d 50 4c 55 53 31 0b 30 00
(85) Extracts IV from message (fragment 2)
00000000: 00 00 00 00 00 00 00 01
(86) Uses previously computed key K3i
00000000: 18 63 41 67 49 6e cf 48 56 71 4d aa 42 63 5c 11
00000010: 2e 26 5b e2 7b c7 53 a4 09 82 e5 5a 7e f4 65 4d
(87) Composes MGM nonce (fragment 2)
00000000: 00 00 00 01 b4 e1 3e 23
(88) Extracts ICV from message (fragment 2)
00000000: b4 68 c7 4d eb dd bd 92
(89) Extracts AAD from message (fragment 2)
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 35 20 23 08 00 00 00 01 00 00 02 20 00 00 02 04
00000020: 00 02 00 04
(90) Extracts ciphertext from message (fragment 2)
00000000: 3c b1 b4 aa 04 56 27 1b 45 04 f7 70 1b 17 16 16
00000010: 85 16 ee b3 88 7d 08 64 2d 24 b8 1d 7e ac c9 72
00000020: 73 07 d3 d9 ef 5d 08 8b 47 97 5a 98 53 00 ec 13
00000030: cc 5a 46 7b 16 a2 14 6a f1 ea 17 71 9b 75 1d 46
00000040: 9d 6d 8c 3a a2 b2 75 c5 c9 4c 16 56 73 03 16 40
00000050: 42 fe a2 5a cc c7 ed 37 91 b1 eb e5 56 2a 01 bc
00000060: a2 83 ac 05 f1 a7 56 e5 f2 bb f4 18 7f 05 82 14
00000070: 70 de af 44 d4 cc a9 0a 95 6d c1 96 11 3d cf e1
00000080: aa 27 f1 87 60 d2 32 c1 1e 91 bf 60 00 5f d3 fb
00000090: a4 55 2e f0 0b 08 14 ed a3 63 54 4c b8 7b 5c 71
000000A0: 69 d1 3b 0c 6c 93 f3 99 2e fe 36 98 90 a1 05 ee
000000B0: 35 d2 da f8 81 59 f5 17 23 33 40 99 99 42 37 b0
000000C0: 0d 94 0a bd 00 cf 1c be 0e d0 13 93 e2 27 5a a5
000000D0: c5 e8 a0 25 5a 2d ad 6c b4 bc 64 37 05 ac cd 22
000000E0: 92 13 83 ab e8 87 93 29 82 dc 47 b4 1c 92 4d 36
000000F0: ef ba 10 3d 42 2d d6 2c d5 6b 95 99 2d 17 61 c4
00000100: c5 13 ed 55 a5 e5 b2 65 ac 25 24 21 c4 25 7f 6f
00000110: 68 fb ce 8f 17 60 e9 ac 9c 52 9f d5 d4 a7 14 35
00000120: 89 a4 1f de 21 a9 51 3c 1d 73 00 10 ba a6 7c 24
00000130: fb b9 20 21 5e df 63 8a c8 1f b1 55 05 5a 70 a8
00000140: b5 f4 23 9e 22 c0 2a 7c a5 11 01 c3 5e 3d 52 2a
00000150: b8 1d c5 19 b5 55 cc 8e f0 8d 6e 93 36 10 cd e3
00000160: c8 a5 a6 2e 90 53 fa 92 64 16 6c 4f da 9b e5 f8
00000170: 91 c5 ea b4 60 64 db ed d5 bc fc 3a 73 62 ce b2
00000180: ff 7a 15 95 0d 77 00 ee 5c a8 c5 89 2f 39 13 59
00000190: dd 52 ea 11 ae 28 82 36 be aa 29 68 4c f6 63 d5
000001A0: 93 a5 54 3d 8f 13 26 0a 87 34 b9 81 1c 2c cd d5
000001B0: 79 3a 65 6d 1c 6e 32 be b0 77 b7 b3 e4 ae b8 72
000001C0: f9 44 59 e9 14 46 67 56 93 ca 70 d1 ac 25 05 62
000001D0: f7 55 c2 9e 2e 11 a7 29 01 24 77 4a 6f 1c ba f6
000001E0: 4a 4f 83 75 29 1e c7 a9 68 29 02 d0
(91) Decrypts ciphertext and verifies ICV using K3i as K_msg,
resulting in plaintext (fragment 2)
00000000: 09 06 03 55 04 06 13 02 52 55 30 81 aa 30 21 06
00000010: 08 2a 85 03 07 01 01 01 02 30 15 06 09 2a 85 03
00000020: 07 01 02 01 02 01 06 08 2a 85 03 07 01 01 02 03
00000030: 03 81 84 00 04 81 80 ee 2f 0a 0e 09 1e 7e 04 ef
00000040: ba 5b 62 a2 52 86 e1 9c 24 50 30 50 b0 b4 8a 37
00000050: 35 b5 fc af 28 94 ec b5 9b 92 41 5b 69 e2 c9 ba
00000060: 24 de 6a 72 c4 ef 44 bb 89 a1 05 14 1b 87 3d 6a
00000070: a3 72 3e 17 ca 7f 39 28 ce 16 8b dd 07 52 87 6a
00000080: 0d 77 42 6d 99 2b 46 2c fd 4b b2 7c d7 c7 17 08
00000090: 12 54 63 47 9d 14 3d 61 ed f2 95 ab 11 80 69 02
000000A0: a7 66 60 50 7e a4 53 6d ad 01 49 b2 16 8a 95 1d
000000B0: cf 1a 57 93 56 14 5e a3 82 02 59 30 82 02 55 30
000000C0: 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 a0 30
000000D0: 13 06 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05
000000E0: 05 07 03 11 30 1d 06 03 55 1d 0e 04 16 04 14 40
000000F0: 81 b1 d1 18 75 f0 da 6b 3c 50 5f cd 73 1d d9 77
00000100: f2 d7 c1 30 1f 06 03 55 1d 23 04 18 30 16 80 14
00000110: 9b 85 5e fb 81 dc 4d 59 07 51 63 cf be df da 2c
00000120: 7f c9 44 3c 30 82 01 0f 06 03 55 1d 1f 04 82 01
00000130: 06 30 82 01 02 30 81 ff a0 81 fc a0 81 f9 86 81
00000140: b5 68 74 74 70 3a 2f 2f 74 65 73 74 67 6f 73 74
00000150: 32 30 31 32 2e 63 72 79 70 74 6f 70 72 6f 2e 72
00000160: 75 2f 43 65 72 74 45 6e 72 6f 6c 6c 2f 21 30 34
00000170: 32 32 21 30 34 33 35 21 30 34 34 31 21 30 34 34
00000180: 32 21 30 34 33 65 21 30 34 33 32 21 30 34 34 62
00000190: 21 30 34 33 39 25 32 30 21 30 34 32 33 21 30 34
000001A0: 32 36 25 32 30 21 30 34 31 65 21 30 34 31 65 21
000001B0: 30 34 31 65 25 32 30 21 30 30 32 32 21 30 34 31
000001C0: 61 21 30 34 32 30 21 30 34 31 38 21 30 34 31 66
000001D0: 21 30 34 32 32 21 30 34 31 65 2d 21 30 34 31 66
000001E0: 21 30 34 32 30 21 30 34 31 65 21 00
(92) Extracts IV from message (fragment 3)
00000000: 00 00 00 00 00 00 00 02
(93) Uses previously computed key K3i
00000000: 18 63 41 67 49 6e cf 48 56 71 4d aa 42 63 5c 11
00000010: 2e 26 5b e2 7b c7 53 a4 09 82 e5 5a 7e f4 65 4d
(94) Composes MGM nonce (fragment 3)
00000000: 00 00 00 02 b4 e1 3e 23
(95) Extracts ICV from message (fragment 3)
00000000: 54 4f 9b aa dd af bd ca
(96) Extracts AAD from message (fragment 3)
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 35 20 23 08 00 00 00 01 00 00 02 20 00 00 02 04
00000020: 00 03 00 04
(97) Extracts ciphertext from message (fragment 3)
00000000: e7 72 d9 51 90 b1 a2 bc 81 8d d6 56 bf 7a 81 e0
00000010: 1a a1 70 8b 35 a0 7e 5f e8 df 58 3d 75 5d d2 4c
00000020: 4c ce 17 77 3f 28 9c ca 7a a4 23 23 f0 c7 ff ff
00000030: 98 ee e3 1a 27 39 4d 90 1a b7 5b 44 11 16 11 3a
00000040: ea bf 83 66 da 92 2a 3a 3d bd b5 40 c8 bc f6 ed
00000050: cb 1d 5a 8e 30 f0 06 72 dc 6c da c1 45 7b e8 25
00000060: ca 93 2a b2 fe 4a db 00 90 e3 31 78 26 8d ae c8
00000070: 39 66 80 7d e5 01 5f 21 d6 c3 40 46 19 e4 43 9d
00000080: 23 c6 c1 18 06 49 bd f5 dc 8c 1b 19 b0 60 0c a3
00000090: ad f5 5c 57 e8 8e 37 e6 ea b6 79 11 b8 f1 16 ba
000000A0: a6 d9 09 1f 0d e0 3c 07 b8 ce 9d 11 a3 c6 f7 e4
000000B0: 62 e8 94 7b ad b9 8a 6b 9c f1 f8 43 cf 7e fc 5e
000000C0: 44 ab bf b1 88 f5 67 1e 84 5f 82 63 f3 13 89 55
000000D0: f5 ef 86 c3 db 48 37 f8 26 3c c4 6d a5 fc b5 69
000000E0: 56 0d 2d f3 c0 98 dd e7 53 da 0a 28 87 2f 38 ab
000000F0: a9 ec 60 a6 c4 54 c6 68 e7 6b e3 4b 54 bf b5 82
00000100: 44 c9 b9 45 bc 9e f5 58 d8 76 63 92 cd 52 ec 82
00000110: 80 d6 43 86 10 16 eb 7b 32 e4 ee ba ec 09 b6 4f
00000120: 35 1a bf da d7 de 40 fa b5 d2 40 f2 73 09 2d 52
00000130: 83 bd 56 a6 6b d3 9f 8a c2 c5 66 c6 6b 22 fb 6a
00000140: 00 b2 8a ac 9d 8b fc 8d 41 af 80 92 16 51 e2 cb
00000150: 89 62 9b 77 2b 1e 38 01 df fc 1f 81 2d 95 8b 9e
00000160: 1d 1e ad 9c c0 0d fc 77 6e 35 13 16 26 28 1a 29
00000170: 19 7f f8 08 5a 0f 09 4f 6f ba 7f 4c 5b cd 0c c2
00000180: 71 ab ea 82 a2 d2 d1 1b 17 fd dc c3 54 03 85 14
00000190: f4 90 47 2e 67 d7 93 c3 67 7e 8a f7 43 1a b3 41
000001A0: 32 f7 b0 58 38 6e 24 c8 96 d9 94 d3 54 89 2d 61
000001B0: 10 a9 9c 22 51 52 02 c9 b7 8d cc 5b 28 6d cb 55
000001C0: 5d 2f 97 8a 8f 3f 27 56 73 eb ec 5d e4 64 91 49
000001D0: 3b 88 f2 0a fc ed a5 67 a9 e3 71 ef 31 ce a0 33
000001E0: fc d8 ea 4d 1e 3f dc 89 c8 89 e2 c3
(98) Decrypts ciphertext and verifies ICV using K3i as K_msg,
resulting in plaintext (fragment 3)
00000000: 30 30 32 32 28 31 29 2e 63 72 6c 86 3f 68 74 74
00000010: 70 3a 2f 2f 74 65 73 74 67 6f 73 74 32 30 31 32
00000020: 2e 63 72 79 70 74 6f 70 72 6f 2e 72 75 2f 43 65
00000030: 72 74 45 6e 72 6f 6c 6c 2f 74 65 73 74 67 6f 73
00000040: 74 32 30 31 32 28 31 29 2e 63 72 6c 30 81 da 06
00000050: 08 2b 06 01 05 05 07 01 01 04 81 cd 30 81 ca 30
00000060: 44 06 08 2b 06 01 05 05 07 30 02 86 38 68 74 74
00000070: 70 3a 2f 2f 74 65 73 74 67 6f 73 74 32 30 31 32
00000080: 2e 63 72 79 70 74 6f 70 72 6f 2e 72 75 2f 43 65
00000090: 72 74 45 6e 72 6f 6c 6c 2f 72 6f 6f 74 32 30 31
000000A0: 38 2e 63 72 74 30 3f 06 08 2b 06 01 05 05 07 30
000000B0: 01 86 33 68 74 74 70 3a 2f 2f 74 65 73 74 67 6f
000000C0: 73 74 32 30 31 32 2e 63 72 79 70 74 6f 70 72 6f
000000D0: 2e 72 75 2f 6f 63 73 70 32 30 31 32 67 2f 6f 63
000000E0: 73 70 2e 73 72 66 30 41 06 08 2b 06 01 05 05 07
000000F0: 30 01 86 35 68 74 74 70 3a 2f 2f 74 65 73 74 67
00000100: 6f 73 74 32 30 31 32 2e 63 72 79 70 74 6f 70 72
00000110: 6f 2e 72 75 2f 6f 63 73 70 32 30 31 32 67 73 74
00000120: 2f 6f 63 73 70 2e 73 72 66 30 0a 06 08 2a 85 03
00000130: 07 01 01 03 02 03 41 00 21 ee 3b e1 fd 0f 36 90
00000140: 92 c4 a2 35 26 e8 dc 4e b8 ef 89 40 70 d2 91 39
00000150: bc 79 a6 e2 f7 c1 06 bd d5 d6 ff 72 a5 6c f2 c0
00000160: c3 75 e9 ca 67 81 c1 93 96 b4 bd 18 12 4c 37 f7
00000170: d9 73 d6 4c 8a a6 c4 0a 24 00 00 19 04 5e 9e 50
00000180: 5f 58 b0 a5 7a 33 45 83 49 66 0f 1c 3c 7a 67 71
00000190: 98 27 00 00 4e 09 00 00 00 30 44 31 20 30 1e 06
000001A0: 03 55 04 03 13 17 49 4b 45 20 49 6e 74 65 72 6f
000001B0: 70 20 54 65 73 74 20 53 65 72 76 65 72 31 13 30
000001C0: 11 06 03 55 04 0a 13 0a 45 4c 56 49 53 2d 50 4c
000001D0: 55 53 31 0b 30 09 06 03 55 04 06 13 02 52 55 29
000001E0: 00 00 95 0e 00 00 00 0c 30 0a 06 00
(99) Extracts IV from message (fragment 4)
00000000: 00 00 00 00 00 00 00 03
(100) Uses previously computed key K3i
00000000: 18 63 41 67 49 6e cf 48 56 71 4d aa 42 63 5c 11
00000010: 2e 26 5b e2 7b c7 53 a4 09 82 e5 5a 7e f4 65 4d
(101) Composes MGM nonce (fragment 4)
00000000: 00 00 00 03 b4 e1 3e 23
(102) Extracts ICV from message (fragment 4)
00000000: d2 25 f1 d0 38 65 b7 b6
(103) Extracts AAD from message (fragment 4)
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 35 20 23 08 00 00 00 01 00 00 01 7a 00 00 01 5e
00000020: 00 04 00 04
(104) Extracts ciphertext from message (fragment 4)
00000000: e0 8a 0b 04 ee f8 47 c2 52 96 71 9f 9d 39 0c 91
00000010: ea 6a 16 7c 80 31 a0 fd 76 cc c4 f1 8f 1a d3 be
00000020: fa 78 6b df c1 c6 73 83 be 36 69 c4 8a 87 ed 11
00000030: 90 31 a8 fd f9 0a 5c e4 d4 23 c9 e6 b3 96 ac b6
00000040: 8e bd fc 27 58 79 9f cc 8b ac 6b 59 e4 70 4b 05
00000050: 23 16 ed 49 25 f3 de 02 2e ce ae 86 e8 b4 ca b4
00000060: 96 ad 5b f6 2b c2 47 33 6f da f3 97 3c 13 ed 1f
00000070: 7a da 93 b5 69 6a b5 10 93 38 75 ea b7 34 a3 87
00000080: b6 83 c7 da 8a a1 d9 2a 0b 22 e2 ab 63 2b 57 2b
00000090: 88 e3 ea be 7b fc dc 26 ac b8 bb 15 96 f9 c2 f4
000000A0: 60 17 e4 09 18 ae 78 b8 73 02 6b 0e 20 cc b1 cd
000000B0: b4 4d 94 7f f3 16 28 9a d2 bd 26 77 4b a5 85 56
000000C0: b1 81 8b 9c c3 0a 7f 67 fe 6a 61 15 f1 45 66 f3
000000D0: 36 fc a5 bb 1f d7 6d e7 1d 9f 3f b5 cc 60 19 48
000000E0: 17 f7 08 28 1c 58 9f 2b 7a 0b b9 50 bd 02 ea b8
000000F0: 1e 03 1f 52 6a 7a fc e5 b4 6b 00 cf 0d 83 1f d2
00000100: 3f f2 ad 43 d4 86 6e c1 88 d2 87 d6 1f ac a3 30
00000110: 7b c1 5b 6a 3d 4c 20 72 5d 2c ca bf 87 a2 ce 1d
00000120: b3 fa c7 7c 22 cd 66 fc be 49 22 32 17 ee 6e 5e
00000130: 62 c1 ca 12 2b 5d 3d 7b ae b5 3e 53 c5 98 05 1f
00000140: 42 53 49 d1 2c c2
(105) Decrypts ciphertext and verifies ICV using K3i as K_msg,
resulting in plaintext (fragment 4)
00000000: 08 2a 85 03 07 01 01 03 03 6a 3e 59 0d 72 1e 55
00000010: a3 c0 d1 2f 8a 9b 4e 44 10 58 59 bd 62 9e e7 12
00000020: 31 e5 7d 01 53 f3 84 40 dd ac 73 ed 09 3a 10 d9
00000030: 6e 7f eb 80 6c 11 9e 91 f3 7c 3c b0 55 f7 4b ec
00000040: 0e 78 36 10 95 02 09 86 b3 27 04 2a 83 3c 89 36
00000050: 1b 73 cf 7b c9 e0 df a2 07 12 1e 69 52 4d 89 1b
00000060: de 6e 48 d1 34 fa 21 78 22 88 2e 30 86 c0 80 0a
00000070: 2d 74 af 08 ff 35 75 a5 79 e3 85 40 22 6b a8 42
00000080: f6 72 24 bf 29 87 58 a8 20 29 00 00 08 00 00 40
00000090: 00 2f 00 00 0c 00 00 40 01 00 00 00 04 21 00 00
000000A0: 10 01 00 00 00 00 01 00 00 00 03 00 00 2c 00 00
000000B0: 38 00 00 00 34 01 03 04 05 6c 0c a5 70 03 00 00
000000C0: 08 01 00 00 20 03 00 00 08 01 00 00 21 03 00 00
000000D0: 08 01 00 00 22 03 00 00 08 01 00 00 23 00 00 00
000000E0: 08 05 00 00 00 2d 00 00 28 02 00 00 00 07 01 00
000000F0: 10 08 00 08 00 0a 6f 0a ab 0a 6f 0a ab 07 00 00
00000100: 10 00 00 ff ff 00 00 00 00 ff ff ff ff 29 00 00
00000110: 28 02 00 00 00 07 01 00 10 08 00 08 00 0a 00 00
00000120: 02 0a 00 00 02 07 00 00 10 00 00 ff ff 0a 00 00
00000130: 00 0a 00 00 ff 29 00 00 08 00 00 40 0a 00 00 00
00000140: 08 00 00 40 0b 00
(106) Reassembles message from received fragments and parses it
IKE SA Auth
#9280E0822E758778.DB578D97DE119D1E.00000001 IKEv2 I->R[1847]
4*EF[...]->E[1819]{
IDi[78](DN){CN=IKE Interop Test Client,O=ELVIS-PLUS,C=RU},
CERT[1280](X.509 Cert){308204...A6C40A},
CERTREQ[25](X.509 Cert){5E9E50...677198},
IDr[78](DN){CN=IKE Interop Test Server,O=ELVIS-PLUS,C=RU},
AUTH[149](Sig){id-tc26-signwithdigest-gost3410-12-512[12]:
6A3E59...58A820},
N[8](INITIAL_CONTACT),
N[12](SET_WINDOW_SIZE){4},
CP[16](REQUEST){IP4.Address[0], IP4.DNS[0]},
SA[56]{
P[52](#1:ESP:6C0CA570:5#){
Encryption=ENCR_KUZNYECHIK_MGM_KTREE,
ENCR_MAGMA_MGM_KTREE,
ENCR_KUZNYECHIK_MGM_MAC_KTREE,
ENCR_MAGMA_MGM_MAC_KTREE,
ESN=Off}},
TSi[40](2#){10.111.10.171:icmp:8.0, 0.0.0.0-255.255.255.255},
TSr[40](2#){10.0.0.2:icmp:8.0, 10.0.0.0-10.0.0.255},
N[8](ESP_TFC_PADDING_NOT_SUPPORTED),
N[8](NON_FIRST_FRAGMENTS_ALSO)}
(107) Computes prf(SK_pi, IDi)
00000000: ce e8 8b d1 7e 3c 83 32 eb d1 29 08 de dc 71 f4
00000010: 8f ba 09 b8 ca 5b 10 e2 f4 44 29 5c 97 7b 26 01
00000020: a4 ba 83 c8 ea 40 92 0f 88 18 bd e7 e1 c9 45 cf
00000030: ff 99 48 05 0d f4 93 a6 cd 54 46 d7 eb 7a 52 94
(108) Uses initiator's public key
00000010: EE 2F 0A 0E 09 1E 7E 04 EF BA 5B 62 A2 52 86 E1
00000020: 9C 24 50 30 50 B0 B4 8A 37 35 B5 FC AF 28 94 EC
00000030: B5 9B 92 41 5B 69 E2 C9 BA 24 DE 6A 72 C4 EF 44
00000040: BB 89 A1 05 14 1B 87 3D 6A A3 72 3E 17 CA 7F 39
00000050: 28 CE 16 8B DD 07 52 87 6A 0D 77 42 6D 99 2B 46
00000060: 2C FD 4B B2 7C D7 C7 17 08 12 54 63 47 9D 14 3D
00000070: 61 ED F2 95 AB 11 80 69 02 A7 66 60 50 7E A4 53
00000080: 6D AD 01 49 B2 16 8A 95 1D CF 1A 57 93 56 14 5E
(109) Verifies signature from AUTH payload using algorithm id-tc26-
signwithdigest-gost3410-12-512
00000000: 6a 3e 59 0d 72 1e 55 a3 c0 d1 2f 8a 9b 4e 44 10
00000010: 58 59 bd 62 9e e7 12 31 e5 7d 01 53 f3 84 40 dd
00000020: ac 73 ed 09 3a 10 d9 6e 7f eb 80 6c 11 9e 91 f3
00000030: 7c 3c b0 55 f7 4b ec 0e 78 36 10 95 02 09 86 b3
00000040: 27 04 2a 83 3c 89 36 1b 73 cf 7b c9 e0 df a2 07
00000050: 12 1e 69 52 4d 89 1b de 6e 48 d1 34 fa 21 78 22
00000060: 88 2e 30 86 c0 80 0a 2d 74 af 08 ff 35 75 a5 79
00000070: e3 85 40 22 6b a8 42 f6 72 24 bf 29 87 58 a8 20
(110) Computes keys for ESP SAs
00000000: 98 ab 7e db 78 03 a1 e6 c7 21 43 ee b9 7f 5f 56
00000010: 45 bb 51 cd 0b b7 09 a1 af 34 02 87 69 4d 7b a0
00000020: 1d 14 a0 cc
00000000: 70 31 4d 57 94 8b 7e 5c 6f 29 d5 68 1b fd 43 2b
00000010: 19 4e 64 6d 8f 8a 8d 1e ba 72 24 59 c7 0c de 81
00000020: e2 04 84 af
(111) Computes prf(SK_pr,IDr)
00000000: 7d c8 6a 33 12 02 5c 21 1f ab dc 83 0b 01 a5 27
00000010: 82 a2 f2 1f 64 c6 e9 5e 0e c0 4c e5 d9 11 8d 8e
00000020: b9 5c ef fa b0 a3 37 75 94 20 7c e4 60 60 ed 9d
00000030: fa 5e cb 7e e7 79 05 ab fb 51 1b 03 a8 2c c5 6a
(112) Uses private key for signing (little endian)
00000000: CB 73 0C 81 6F AC 6D 81 9F 82 AE 15 A9 08 12 17
00000010: D3 1B 97 64 B7 1C 34 0D D3 DD 90 1F 15 8C 9B 06
(113) Uses random number for signing
00000000: 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02
00000010: 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02
(114) Computes signature using algorithm id-tc26-signwithdigest-
gost3410-12-256
00000000: c8 40 af f7 46 6f 7b eb d2 b9 1c 5a 80 d0 00 93
00000010: c2 5e 44 16 40 47 f7 8e 61 9c da a5 16 94 83 c5
00000020: 68 5f e8 4d 03 e7 c2 cd 08 07 b8 f3 46 66 6d 05
00000030: 76 c0 d5 e7 60 1d 59 49 09 45 52 c4 95 a7 5a d3
(115) Computes K1r (i1 = 0)
00000000: 35 e4 d1 65 2e ec 24 89 e4 c9 58 b1 b9 05 1b 83
00000010: 62 5e 65 d7 61 73 d9 1c cf 84 60 64 b9 f2 e7 51
(116) Computes K2r (i2 = 0)
00000000: 86 8c 89 42 41 d7 30 da 1a 4a 67 69 3a 32 4d 38
00000010: f3 54 02 9f f7 7d b7 bc 5a ee 3b 60 2b 3f 05 56
(117) Computes K3r (i3 = 0)
00000000: 31 95 e8 c6 67 af 42 d8 ce f1 e8 99 c6 8b 2a c2
00000010: 29 aa 3d c0 ff 18 5f 3d 79 4a 14 6b 9f ac d0 bb
(118) Selects SPI for incoming ESP SA
00000000: 34 ff 8a 25
(119) Creates message splitting it into 4 fragments
IKE SA Auth
#9280E0822E758778.DB578D97DE119D1E.00000001 IKEv2 I<=R[1563]
E[1535]->4*EF[...]{
IDr[78](DN){CN=IKE Interop Test Server,O=ELVIS-PLUS,C=RU},
CERT[1211](X.509 Cert){308204...FB346D},
AUTH[85](Sig){id-tc26-signwithdigest-gost3410-12-256[12]:
C840AF...A75AD3},
N[8](INITIAL_CONTACT),
N[12](SET_WINDOW_SIZE){64},
CP[16](REPLY){IP4.Address[4]=10.1.1.3},
SA[32]{
P[28](#1:ESP:34FF8A25:2#){
Encryption=ENCR_MAGMA_MGM_KTREE,
ESN=Off}},
TSi[24](1#){10.1.1.3},
TSr[24](1#){10.0.0.0-10.0.0.255},
N[8](ADDITIONAL_TS_POSSIBLE),
N[8](ESP_TFC_PADDING_NOT_SUPPORTED),
N[8](NON_FIRST_FRAGMENTS_ALSO)}
(120) Composes MGM nonce (fragment 1)
00000000: 00 00 00 00 a5 bb 18 2f
(121) Composes AAD (fragment 1)
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 35 20 23 20 00 00 00 01 00 00 02 20 24 00 02 04
00000020: 00 01 00 04
(122) Composes plaintext (fragment 1)
00000000: 25 00 00 4e 09 00 00 00 30 44 31 20 30 1e 06 03
00000010: 55 04 03 13 17 49 4b 45 20 49 6e 74 65 72 6f 70
00000020: 20 54 65 73 74 20 53 65 72 76 65 72 31 13 30 11
00000030: 06 03 55 04 0a 13 0a 45 4c 56 49 53 2d 50 4c 55
00000040: 53 31 0b 30 09 06 03 55 04 06 13 02 52 55 27 00
00000050: 04 bb 04 30 82 04 b2 30 82 04 5f a0 03 02 01 02
00000060: 02 13 7c 00 03 d9 02 ec f9 34 3e c8 aa d6 59 00
00000070: 01 00 03 d9 02 30 0a 06 08 2a 85 03 07 01 01 03
00000080: 02 30 82 01 0a 31 18 30 16 06 05 2a 85 03 64 01
00000090: 12 0d 31 32 33 34 35 36 37 38 39 30 31 32 33 31
000000A0: 1a 30 18 06 08 2a 85 03 03 81 03 01 01 12 0c 30
000000B0: 30 31 32 33 34 35 36 37 38 39 30 31 2f 30 2d 06
000000C0: 03 55 04 09 0c 26 d1 83 d0 bb 2e 20 d0 a1 d1 83
000000D0: d1 89 d1 91 d0 b2 d1 81 d0 ba d0 b8 d0 b9 20 d0
000000E0: b2 d0 b0 d0 bb 20 d0 b4 2e 20 31 38 31 0b 30 09
000000F0: 06 03 55 04 06 13 02 52 55 31 19 30 17 06 03 55
00000100: 04 08 0c 10 d0 b3 2e 20 d0 9c d0 be d1 81 d0 ba
00000110: d0 b2 d0 b0 31 15 30 13 06 03 55 04 07 0c 0c d0
00000120: 9c d0 be d1 81 d0 ba d0 b2 d0 b0 31 25 30 23 06
00000130: 03 55 04 0a 0c 1c d0 9e d0 9e d0 9e 20 22 d0 9a
00000140: d0 a0 d0 98 d0 9f d0 a2 d0 9e 2d d0 9f d0 a0 d0
00000150: 9e 22 31 3b 30 39 06 03 55 04 03 0c 32 d0 a2 d0
00000160: b5 d1 81 d1 82 d0 be d0 b2 d1 8b d0 b9 20 d0 a3
00000170: d0 a6 20 d0 9e d0 9e d0 9e 20 22 d0 9a d0 a0 d0
00000180: 98 d0 9f d0 a2 d0 9e 2d d0 9f d0 a0 d0 9e 22 30
00000190: 1e 17 0d 32 31 30 39 33 30 31 33 32 34 30 36 5a
000001A0: 17 0d 32 31 31 32 33 30 31 33 33 34 30 36 5a 30
000001B0: 44 31 20 30 1e 06 03 55 04 03 13 17 49 4b 45 20
000001C0: 49 6e 74 65 72 6f 70 20 54 65 73 74 20 53 65 72
000001D0: 76 65 72 31 13 30 11 06 03 55 04 0a 13 0a 45 4c
000001E0: 56 49 53 2d 50 4c 55 53 31 0b 30 00
(123) Encrypts plaintext using K3r as K_msg, resulting in ciphertext
(fragment 1)
00000000: 73 f2 45 3e fb 6a 26 28 67 7d 14 e3 bf 0a 90 74
00000010: c9 95 6a 40 d5 4e a6 77 cf 58 2e b8 ae 52 f4 25
00000020: f7 82 bc d9 f0 74 4e 38 51 90 07 70 27 f8 01 27
00000030: 17 da f4 ba bc 1e 02 0b 73 ec cc 7b f8 b3 68 64
00000040: f3 48 65 33 3b ab ac 19 11 d3 f7 78 b4 f8 d1 3f
00000050: 6d 46 93 37 a6 58 48 3a 7d d0 8a 9c 84 ab de eb
00000060: 0d d4 8d ab 75 20 18 27 42 fe 24 ee ba c4 a4 6e
00000070: db 80 68 3c 84 7e d6 36 50 d4 1b 1c bc c5 9f 18
00000080: 41 af 48 52 c1 7e a2 f0 e4 bc 0a 3c 64 34 81 ca
00000090: df 96 ba 51 91 f1 06 13 b2 04 23 c8 70 3a ea 64
000000A0: e9 ea ce c2 db aa 12 90 28 0c 9d f9 89 02 a8 5e
000000B0: 66 f5 6e ce dd e7 2c 4a 45 54 de 5e b8 76 73 67
000000C0: 2d a3 a0 52 91 74 ff b7 eb e4 ea d1 2b 04 76 f7
000000D0: ff 4b 1c b8 45 7e 8a 60 e7 1e ec 13 3e c1 d8 d0
000000E0: 78 be f4 79 77 06 ce 76 04 64 ad e7 10 19 65 2b
000000F0: 45 66 23 3d 34 7a 40 6c 36 c0 20 73 47 d8 7a b6
00000100: 2b 0f 56 04 7a c0 41 ab 18 23 11 78 7f 4f d4 f5
00000110: 7d 2e 06 a5 15 ee de 84 9f c2 0a f6 c8 1e a4 30
00000120: 70 42 07 c8 5e 97 08 69 12 27 58 c3 c7 b7 db 7a
00000130: 8c 50 3a 3a 5c bf 3a a7 73 40 8f 9c 18 f6 13 77
00000140: 63 c1 60 06 36 a1 43 ab 88 08 c9 cc ad f2 88 ca
00000150: 84 bd 45 e0 8e d9 27 a3 07 f2 63 79 b0 a8 62 9f
00000160: 5f ba dc a7 f5 54 b8 4f 4f bb 1e a2 16 4b 4f 2d
00000170: d4 08 4e 45 c2 c0 60 3b 73 df 6b 35 3a fe 38 2e
00000180: 25 75 fc be 89 4c d2 7a 9c 1f b4 41 a6 31 d3 3d
00000190: 39 a6 d1 c4 47 94 44 30 3a 2b 23 22 ba c0 a9 df
000001A0: dc 1c 90 8d d1 e8 13 f9 08 68 5a 94 98 c7 3f 47
000001B0: 77 79 b5 bb fb 22 56 4b 38 55 48 e8 14 d4 01 eb
000001C0: 63 e9 17 da 24 69 9a 6d dc 1e 25 06 ef 77 10 46
000001D0: ad 99 ad 9c 54 4f d4 68 64 ea 05 1d ef 29 ea 0e
000001E0: 3c 1c 7e 27 cf 59 76 42 5b 02 04 b8
(124) Computes ICV using K3r as K_msg (fragment 1)
00000000: 96 08 17 ed ef 01 4d a0
(125) Composes IV (fragment 1)
00000000: 00 00 00 00 00 00 00 00
(126) Composes MGM nonce (fragment 2)
00000000: 00 00 00 01 a5 bb 18 2f
(127) Composes AAD (fragment 2)
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 35 20 23 20 00 00 00 01 00 00 02 20 00 00 02 04
00000020: 00 02 00 04
(128) Composes plaintext (fragment 2)
00000000: 09 06 03 55 04 06 13 02 52 55 30 66 30 1f 06 08
00000010: 2a 85 03 07 01 01 01 01 30 13 06 07 2a 85 03 02
00000020: 02 24 00 06 08 2a 85 03 07 01 01 02 02 03 43 00
00000030: 04 40 5b b3 14 3e f4 70 c1 70 d7 f3 27 25 d8 53
00000040: 7c e6 de 6d 8c 29 f6 b2 32 64 56 dc b1 77 f2 3d
00000050: fa f4 2a 5c f3 74 86 7f 04 72 51 c1 cf b3 43 36
00000060: f5 95 a2 af 05 47 57 1a 55 c0 78 a4 9d 64 26 b8
00000070: 61 14 a3 82 02 59 30 82 02 55 30 0e 06 03 55 1d
00000080: 0f 01 01 ff 04 04 03 02 05 a0 30 13 06 03 55 1d
00000090: 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 11 30
000000A0: 1d 06 03 55 1d 0e 04 16 04 14 e0 d3 f0 09 ad ce
000000B0: 6c a5 47 ba 9b f7 a6 a5 1b 06 14 ba a5 43 30 1f
000000C0: 06 03 55 1d 23 04 18 30 16 80 14 9b 85 5e fb 81
000000D0: dc 4d 59 07 51 63 cf be df da 2c 7f c9 44 3c 30
000000E0: 82 01 0f 06 03 55 1d 1f 04 82 01 06 30 82 01 02
000000F0: 30 81 ff a0 81 fc a0 81 f9 86 81 b5 68 74 74 70
00000100: 3a 2f 2f 74 65 73 74 67 6f 73 74 32 30 31 32 2e
00000110: 63 72 79 70 74 6f 70 72 6f 2e 72 75 2f 43 65 72
00000120: 74 45 6e 72 6f 6c 6c 2f 21 30 34 32 32 21 30 34
00000130: 33 35 21 30 34 34 31 21 30 34 34 32 21 30 34 33
00000140: 65 21 30 34 33 32 21 30 34 34 62 21 30 34 33 39
00000150: 25 32 30 21 30 34 32 33 21 30 34 32 36 25 32 30
00000160: 21 30 34 31 65 21 30 34 31 65 21 30 34 31 65 25
00000170: 32 30 21 30 30 32 32 21 30 34 31 61 21 30 34 32
00000180: 30 21 30 34 31 38 21 30 34 31 66 21 30 34 32 32
00000190: 21 30 34 31 65 2d 21 30 34 31 66 21 30 34 32 30
000001A0: 21 30 34 31 65 21 30 30 32 32 28 31 29 2e 63 72
000001B0: 6c 86 3f 68 74 74 70 3a 2f 2f 74 65 73 74 67 6f
000001C0: 73 74 32 30 31 32 2e 63 72 79 70 74 6f 70 72 6f
000001D0: 2e 72 75 2f 43 65 72 74 45 6e 72 6f 6c 6c 2f 74
000001E0: 65 73 74 67 6f 73 74 32 30 31 32 00
(129) Encrypts plaintext using K3r as K_msg, resulting in ciphertext
(fragment 2)
00000000: b1 c8 8d ae d9 6f 91 7e 5a 6a 2d 8c e0 d6 28 3e
00000010: 10 59 46 12 a1 1e fa 53 c3 58 ec 4e a9 a5 92 0c
00000020: fa 5e cf a3 33 4a 8b b7 56 66 54 d9 9c 64 2e b6
00000030: 4d 03 3f 77 a8 17 88 f6 23 e0 2e 56 a6 a2 4c 4d
00000040: 6e e3 09 8a 2e 31 a1 85 1c cf ce 95 e7 73 93 8e
00000050: 9c 5a 7b 3b 49 75 96 69 d4 b0 46 f7 74 b0 0d 5d
00000060: 91 3b 6d 2b a4 46 cc 5c d9 a8 38 c0 6b ad 73 35
00000070: 09 aa c7 4c 91 8a 84 1c dd 3f e1 44 f7 c5 9c 61
00000080: 0e b7 03 6b 84 cc 8e 93 5b d5 f6 7e 71 3a f4 2c
00000090: 98 14 ad 47 e3 c3 70 dc e3 3e c0 a5 e0 e4 6d 01
000000A0: 44 78 7f e3 b7 6c cb 44 29 59 96 e9 84 6d 9d 18
000000B0: 89 66 16 07 46 a4 cd 72 a6 0e bd d2 a7 1c f7 21
000000C0: f0 d1 67 a9 0d 1c c4 c8 30 bd 26 1f 53 7d 61 8b
000000D0: ad 6f ef 3e 2c 6e 7e 69 b9 92 72 66 65 b6 06 22
000000E0: 49 a1 a8 f1 2f 02 dd 41 bf f5 d1 f6 7c 93 25 6e
000000F0: 52 8b a9 3f b5 40 97 02 bb 7c f5 33 a6 60 52 b8
00000100: 4f 3e 80 6c 38 cf e4 8b 15 fd d0 66 75 c1 bf bb
00000110: ac fc ac 01 c3 11 8e 0b 3e e9 2c 1b 5d b9 9f f6
00000120: 2f d7 e8 3c c7 a9 25 8b aa 6e c6 49 6d 6f df 42
00000130: 53 0e ba 70 54 d2 af c3 4d 02 e1 48 42 c5 45 53
00000140: 25 59 66 25 c7 3c c6 c2 e2 99 e2 bb 47 a4 a7 be
00000150: 6c 92 0d 3b 4c ab 6e d7 23 05 ea 73 07 62 e8 c0
00000160: e8 78 47 af 54 c8 67 8f dd 32 59 8d 87 ac 42 0e
00000170: 21 15 c4 f7 66 dc 02 cf 55 c2 e3 4d 8e 91 7a fd
00000180: d7 4d 20 b0 6f 67 78 58 08 9c ba 05 8b b0 9c 16
00000190: 20 51 75 12 96 e2 d5 28 ac 3e 50 26 04 6f 59 02
000001A0: 28 e0 ec 2c da 70 4a 9c 15 5a 2e 52 01 e6 4e 1e
000001B0: 10 6d 8d 5d 2a 81 69 0e 54 d0 5e 13 82 82 84 9a
000001C0: ac a6 0e 69 4e 17 5c c1 8a 71 f8 b4 80 3b 7a e5
000001D0: b8 1f 09 4a 02 14 24 07 af 6a 14 d9 52 8e da d3
000001E0: 58 23 68 71 27 b2 9a 03 09 f7 80 51
(130) Computes ICV using K3r as K_msg (fragment 2)
00000000: 89 bd 07 12 fc 3f 15 8d
(131) Composes IV (fragment 2)
00000000: 00 00 00 00 00 00 00 01
(132) Composes MGM nonce (fragment 3)
00000000: 00 00 00 02 a5 bb 18 2f
(133) Composes AAD (fragment 3)
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 35 20 23 20 00 00 00 01 00 00 02 20 00 00 02 04
00000020: 00 03 00 04
(134) Composes plaintext (fragment 3)
00000000: 28 31 29 2e 63 72 6c 30 81 da 06 08 2b 06 01 05
00000010: 05 07 01 01 04 81 cd 30 81 ca 30 44 06 08 2b 06
00000020: 01 05 05 07 30 02 86 38 68 74 74 70 3a 2f 2f 74
00000030: 65 73 74 67 6f 73 74 32 30 31 32 2e 63 72 79 70
00000040: 74 6f 70 72 6f 2e 72 75 2f 43 65 72 74 45 6e 72
00000050: 6f 6c 6c 2f 72 6f 6f 74 32 30 31 38 2e 63 72 74
00000060: 30 3f 06 08 2b 06 01 05 05 07 30 01 86 33 68 74
00000070: 74 70 3a 2f 2f 74 65 73 74 67 6f 73 74 32 30 31
00000080: 32 2e 63 72 79 70 74 6f 70 72 6f 2e 72 75 2f 6f
00000090: 63 73 70 32 30 31 32 67 2f 6f 63 73 70 2e 73 72
000000A0: 66 30 41 06 08 2b 06 01 05 05 07 30 01 86 35 68
000000B0: 74 74 70 3a 2f 2f 74 65 73 74 67 6f 73 74 32 30
000000C0: 31 32 2e 63 72 79 70 74 6f 70 72 6f 2e 72 75 2f
000000D0: 6f 63 73 70 32 30 31 32 67 73 74 2f 6f 63 73 70
000000E0: 2e 73 72 66 30 0a 06 08 2a 85 03 07 01 01 03 02
000000F0: 03 41 00 a5 39 5f ca 48 e1 c2 93 c1 e0 8a 64 74
00000100: 0f 6b 86 a2 15 9b 46 29 d0 42 71 4f ce e7 52 d7
00000110: d7 3d aa 47 ce cf 52 63 8f 26 b2 17 5f ad 96 57
00000120: 76 ea 5f d0 87 bb 12 29 e4 06 0e e1 5f fd 59 81
00000130: fb 34 6d 29 00 00 55 0e 00 00 00 0c 30 0a 06 08
00000140: 2a 85 03 07 01 01 03 02 c8 40 af f7 46 6f 7b eb
00000150: d2 b9 1c 5a 80 d0 00 93 c2 5e 44 16 40 47 f7 8e
00000160: 61 9c da a5 16 94 83 c5 68 5f e8 4d 03 e7 c2 cd
00000170: 08 07 b8 f3 46 66 6d 05 76 c0 d5 e7 60 1d 59 49
00000180: 09 45 52 c4 95 a7 5a d3 29 00 00 08 00 00 40 00
00000190: 2f 00 00 0c 00 00 40 01 00 00 00 40 21 00 00 10
000001A0: 02 00 00 00 00 01 00 04 0a 01 01 03 2c 00 00 20
000001B0: 00 00 00 1c 01 03 04 02 34 ff 8a 25 03 00 00 08
000001C0: 01 00 00 21 00 00 00 08 05 00 00 00 2d 00 00 18
000001D0: 01 00 00 00 07 00 00 10 00 00 ff ff 0a 01 01 03
000001E0: 0a 01 01 03 29 00 00 18 01 00 00 00
(135) Encrypts plaintext using K3r as K_msg, resulting in ciphertext
(fragment 3)
00000000: 08 e0 86 04 1f 8a c9 b5 68 cd 96 10 ab 59 99 3a
00000010: 54 7b a9 fa d7 60 46 ec c3 bf bd 8f fa 03 ed 41
00000020: 49 13 ca 8c 9c b8 0c df 81 25 e2 30 ca cb 65 b9
00000030: 16 55 8e 67 f4 b3 7c b8 91 66 76 7c a4 15 98 a3
00000040: 3a c9 48 64 e4 ce 9f 64 67 5d bb 7c 03 23 9e c9
00000050: 81 3f da 48 ee a6 2a d8 fb ac 77 ce ed c2 a4 d9
00000060: 24 d3 71 99 fc 71 2b 6c 10 d3 c3 4b b5 37 e2 55
00000070: 5f d5 ee c0 d6 ff 66 15 8c e5 63 26 96 cd 3f 49
00000080: 2b da 51 94 55 6e 2e e5 2e d1 b4 91 81 50 85 8a
00000090: 84 bd fe 52 ec ce 1b 6b bd 7d 12 b4 de a5 88 c4
000000A0: b7 78 d3 3d 2d 46 ef dc 0f 91 43 be 08 7a ba fa
000000B0: b3 2a c2 17 30 99 79 ae 3a 00 f0 3f 47 4a 9b 11
000000C0: 4d 7b 1b 28 0a 44 5b 1a af 35 4d c3 2b 6b be 11
000000D0: 89 03 b9 de cf 37 57 53 1e a4 f3 3f ce 52 a6 d8
000000E0: 7e 9d d8 d4 2f 9f f5 8f 3c c6 cb 2f 56 e0 97 2d
000000F0: b2 0e 10 66 3b 3c ec 34 50 99 a3 7d 42 ec 96 eb
00000100: 87 48 72 2c 0a 6d af b9 4b 62 48 89 36 01 21 ab
00000110: 8e 79 10 54 9c 83 ab a9 8a 6c 37 c7 ac dc a1 7e
00000120: 41 0e 58 de da aa 95 71 fb 34 50 8a ef 37 0b c4
00000130: 56 ca 4b 2c 75 b7 c7 d9 74 22 c2 65 1a e4 4f 94
00000140: 20 f6 e9 44 f1 69 5e d2 18 d3 30 2e 85 74 25 be
00000150: 2a 88 e2 ce fe 75 ca fa 25 f9 2e 88 8c ed 6f dd
00000160: c3 c5 53 2e da 14 fd 96 28 4a b7 81 3a b3 d5 44
00000170: 26 e2 84 21 f2 5c 0a ed bf c4 34 1c a4 91 5e f3
00000180: 47 ef 0e 9e fb ee 34 95 5d 21 72 43 c9 63 af b4
00000190: f2 98 4a 36 57 77 fc e7 57 52 b2 4d bf 34 2a 98
000001A0: ea 70 cd d7 a9 da 4c 0d 19 05 d4 1e dd 36 c7 c4
000001B0: 31 54 18 2a ef 0e 30 44 97 31 15 57 cd d4 88 52
000001C0: 4e 42 c8 20 89 8d 35 7b 8e 03 96 b4 74 fb ec 3b
000001D0: 14 c2 64 49 92 f2 1f 3d ff 84 2d 92 4c b9 01 04
000001E0: 3d 0a 2a 28 33 de 43 44 6b cf 79 0e
(136) Computes ICV using K3r as K_msg (fragment 3)
00000000: 7d 7c 57 8f 91 d0 c9 eb
(137) Composes IV (fragment 3)
00000000: 00 00 00 00 00 00 00 02
(138) Composes MGM nonce (fragment 4)
00000000: 00 00 00 03 a5 bb 18 2f
(139) Composes AAD (fragment 4)
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 35 20 23 20 00 00 00 01 00 00 00 5e 00 00 00 42
00000020: 00 04 00 04
(140) Composes plaintext (fragment 4)
00000000: 00 07 00 00 10 00 00 ff ff 0a 00 00 00 0a 00 00
00000010: ff 29 00 00 08 00 00 40 02 29 00 00 08 00 00 40
00000020: 0a 00 00 00 08 00 00 40 0b 00
(141) Encrypts plaintext using K3r as K_msg, resulting in ciphertext
(fragment 4)
00000000: 81 fa 5d 7a 67 13 b7 93 f4 2c 01 b8 d1 02 8c ab
00000010: 8e 80 47 25 6e c5 69 e3 0c 84 cd 35 9a 0f 7a cc
00000020: 0a 92 7a 74 77 dc ba 60 ac 4a
(142) Computes ICV using K3r as K_msg (fragment 4)
00000000: 6c 27 70 e0 8a 82 bd 4b
(143) Composes IV (fragment 4)
00000000: 00 00 00 00 00 00 00 03
(144) Sends message fragment (1), peer receives message fragment (1)
10.111.10.171:54295<-10.111.15.45:4500 [548]
00000000: 00 00 00 00 92 80 e0 82 2e 75 87 78 db 57 8d 97
00000010: de 11 9d 1e 35 20 23 20 00 00 00 01 00 00 02 20
00000020: 24 00 02 04 00 01 00 04 00 00 00 00 00 00 00 00
00000030: 73 f2 45 3e fb 6a 26 28 67 7d 14 e3 bf 0a 90 74
00000040: c9 95 6a 40 d5 4e a6 77 cf 58 2e b8 ae 52 f4 25
00000050: f7 82 bc d9 f0 74 4e 38 51 90 07 70 27 f8 01 27
00000060: 17 da f4 ba bc 1e 02 0b 73 ec cc 7b f8 b3 68 64
00000070: f3 48 65 33 3b ab ac 19 11 d3 f7 78 b4 f8 d1 3f
00000080: 6d 46 93 37 a6 58 48 3a 7d d0 8a 9c 84 ab de eb
00000090: 0d d4 8d ab 75 20 18 27 42 fe 24 ee ba c4 a4 6e
000000A0: db 80 68 3c 84 7e d6 36 50 d4 1b 1c bc c5 9f 18
000000B0: 41 af 48 52 c1 7e a2 f0 e4 bc 0a 3c 64 34 81 ca
000000C0: df 96 ba 51 91 f1 06 13 b2 04 23 c8 70 3a ea 64
000000D0: e9 ea ce c2 db aa 12 90 28 0c 9d f9 89 02 a8 5e
000000E0: 66 f5 6e ce dd e7 2c 4a 45 54 de 5e b8 76 73 67
000000F0: 2d a3 a0 52 91 74 ff b7 eb e4 ea d1 2b 04 76 f7
00000100: ff 4b 1c b8 45 7e 8a 60 e7 1e ec 13 3e c1 d8 d0
00000110: 78 be f4 79 77 06 ce 76 04 64 ad e7 10 19 65 2b
00000120: 45 66 23 3d 34 7a 40 6c 36 c0 20 73 47 d8 7a b6
00000130: 2b 0f 56 04 7a c0 41 ab 18 23 11 78 7f 4f d4 f5
00000140: 7d 2e 06 a5 15 ee de 84 9f c2 0a f6 c8 1e a4 30
00000150: 70 42 07 c8 5e 97 08 69 12 27 58 c3 c7 b7 db 7a
00000160: 8c 50 3a 3a 5c bf 3a a7 73 40 8f 9c 18 f6 13 77
00000170: 63 c1 60 06 36 a1 43 ab 88 08 c9 cc ad f2 88 ca
00000180: 84 bd 45 e0 8e d9 27 a3 07 f2 63 79 b0 a8 62 9f
00000190: 5f ba dc a7 f5 54 b8 4f 4f bb 1e a2 16 4b 4f 2d
000001A0: d4 08 4e 45 c2 c0 60 3b 73 df 6b 35 3a fe 38 2e
000001B0: 25 75 fc be 89 4c d2 7a 9c 1f b4 41 a6 31 d3 3d
000001C0: 39 a6 d1 c4 47 94 44 30 3a 2b 23 22 ba c0 a9 df
000001D0: dc 1c 90 8d d1 e8 13 f9 08 68 5a 94 98 c7 3f 47
000001E0: 77 79 b5 bb fb 22 56 4b 38 55 48 e8 14 d4 01 eb
000001F0: 63 e9 17 da 24 69 9a 6d dc 1e 25 06 ef 77 10 46
00000200: ad 99 ad 9c 54 4f d4 68 64 ea 05 1d ef 29 ea 0e
00000210: 3c 1c 7e 27 cf 59 76 42 5b 02 04 b8 96 08 17 ed
00000220: ef 01 4d a0
(145) Sends message fragment (2), peer receives message fragment (2)
10.111.10.171:54295<-10.111.15.45:4500 [548]
00000000: 00 00 00 00 92 80 e0 82 2e 75 87 78 db 57 8d 97
00000010: de 11 9d 1e 35 20 23 20 00 00 00 01 00 00 02 20
00000020: 00 00 02 04 00 02 00 04 00 00 00 00 00 00 00 01
00000030: b1 c8 8d ae d9 6f 91 7e 5a 6a 2d 8c e0 d6 28 3e
00000040: 10 59 46 12 a1 1e fa 53 c3 58 ec 4e a9 a5 92 0c
00000050: fa 5e cf a3 33 4a 8b b7 56 66 54 d9 9c 64 2e b6
00000060: 4d 03 3f 77 a8 17 88 f6 23 e0 2e 56 a6 a2 4c 4d
00000070: 6e e3 09 8a 2e 31 a1 85 1c cf ce 95 e7 73 93 8e
00000080: 9c 5a 7b 3b 49 75 96 69 d4 b0 46 f7 74 b0 0d 5d
00000090: 91 3b 6d 2b a4 46 cc 5c d9 a8 38 c0 6b ad 73 35
000000A0: 09 aa c7 4c 91 8a 84 1c dd 3f e1 44 f7 c5 9c 61
000000B0: 0e b7 03 6b 84 cc 8e 93 5b d5 f6 7e 71 3a f4 2c
000000C0: 98 14 ad 47 e3 c3 70 dc e3 3e c0 a5 e0 e4 6d 01
000000D0: 44 78 7f e3 b7 6c cb 44 29 59 96 e9 84 6d 9d 18
000000E0: 89 66 16 07 46 a4 cd 72 a6 0e bd d2 a7 1c f7 21
000000F0: f0 d1 67 a9 0d 1c c4 c8 30 bd 26 1f 53 7d 61 8b
00000100: ad 6f ef 3e 2c 6e 7e 69 b9 92 72 66 65 b6 06 22
00000110: 49 a1 a8 f1 2f 02 dd 41 bf f5 d1 f6 7c 93 25 6e
00000120: 52 8b a9 3f b5 40 97 02 bb 7c f5 33 a6 60 52 b8
00000130: 4f 3e 80 6c 38 cf e4 8b 15 fd d0 66 75 c1 bf bb
00000140: ac fc ac 01 c3 11 8e 0b 3e e9 2c 1b 5d b9 9f f6
00000150: 2f d7 e8 3c c7 a9 25 8b aa 6e c6 49 6d 6f df 42
00000160: 53 0e ba 70 54 d2 af c3 4d 02 e1 48 42 c5 45 53
00000170: 25 59 66 25 c7 3c c6 c2 e2 99 e2 bb 47 a4 a7 be
00000180: 6c 92 0d 3b 4c ab 6e d7 23 05 ea 73 07 62 e8 c0
00000190: e8 78 47 af 54 c8 67 8f dd 32 59 8d 87 ac 42 0e
000001A0: 21 15 c4 f7 66 dc 02 cf 55 c2 e3 4d 8e 91 7a fd
000001B0: d7 4d 20 b0 6f 67 78 58 08 9c ba 05 8b b0 9c 16
000001C0: 20 51 75 12 96 e2 d5 28 ac 3e 50 26 04 6f 59 02
000001D0: 28 e0 ec 2c da 70 4a 9c 15 5a 2e 52 01 e6 4e 1e
000001E0: 10 6d 8d 5d 2a 81 69 0e 54 d0 5e 13 82 82 84 9a
000001F0: ac a6 0e 69 4e 17 5c c1 8a 71 f8 b4 80 3b 7a e5
00000200: b8 1f 09 4a 02 14 24 07 af 6a 14 d9 52 8e da d3
00000210: 58 23 68 71 27 b2 9a 03 09 f7 80 51 89 bd 07 12
00000220: fc 3f 15 8d
(146) Sends message fragment (3), peer receives message fragment (3)
10.111.10.171:54295<-10.111.15.45:4500 [548]
00000000: 00 00 00 00 92 80 e0 82 2e 75 87 78 db 57 8d 97
00000010: de 11 9d 1e 35 20 23 20 00 00 00 01 00 00 02 20
00000020: 00 00 02 04 00 03 00 04 00 00 00 00 00 00 00 02
00000030: 08 e0 86 04 1f 8a c9 b5 68 cd 96 10 ab 59 99 3a
00000040: 54 7b a9 fa d7 60 46 ec c3 bf bd 8f fa 03 ed 41
00000050: 49 13 ca 8c 9c b8 0c df 81 25 e2 30 ca cb 65 b9
00000060: 16 55 8e 67 f4 b3 7c b8 91 66 76 7c a4 15 98 a3
00000070: 3a c9 48 64 e4 ce 9f 64 67 5d bb 7c 03 23 9e c9
00000080: 81 3f da 48 ee a6 2a d8 fb ac 77 ce ed c2 a4 d9
00000090: 24 d3 71 99 fc 71 2b 6c 10 d3 c3 4b b5 37 e2 55
000000A0: 5f d5 ee c0 d6 ff 66 15 8c e5 63 26 96 cd 3f 49
000000B0: 2b da 51 94 55 6e 2e e5 2e d1 b4 91 81 50 85 8a
000000C0: 84 bd fe 52 ec ce 1b 6b bd 7d 12 b4 de a5 88 c4
000000D0: b7 78 d3 3d 2d 46 ef dc 0f 91 43 be 08 7a ba fa
000000E0: b3 2a c2 17 30 99 79 ae 3a 00 f0 3f 47 4a 9b 11
000000F0: 4d 7b 1b 28 0a 44 5b 1a af 35 4d c3 2b 6b be 11
00000100: 89 03 b9 de cf 37 57 53 1e a4 f3 3f ce 52 a6 d8
00000110: 7e 9d d8 d4 2f 9f f5 8f 3c c6 cb 2f 56 e0 97 2d
00000120: b2 0e 10 66 3b 3c ec 34 50 99 a3 7d 42 ec 96 eb
00000130: 87 48 72 2c 0a 6d af b9 4b 62 48 89 36 01 21 ab
00000140: 8e 79 10 54 9c 83 ab a9 8a 6c 37 c7 ac dc a1 7e
00000150: 41 0e 58 de da aa 95 71 fb 34 50 8a ef 37 0b c4
00000160: 56 ca 4b 2c 75 b7 c7 d9 74 22 c2 65 1a e4 4f 94
00000170: 20 f6 e9 44 f1 69 5e d2 18 d3 30 2e 85 74 25 be
00000180: 2a 88 e2 ce fe 75 ca fa 25 f9 2e 88 8c ed 6f dd
00000190: c3 c5 53 2e da 14 fd 96 28 4a b7 81 3a b3 d5 44
000001A0: 26 e2 84 21 f2 5c 0a ed bf c4 34 1c a4 91 5e f3
000001B0: 47 ef 0e 9e fb ee 34 95 5d 21 72 43 c9 63 af b4
000001C0: f2 98 4a 36 57 77 fc e7 57 52 b2 4d bf 34 2a 98
000001D0: ea 70 cd d7 a9 da 4c 0d 19 05 d4 1e dd 36 c7 c4
000001E0: 31 54 18 2a ef 0e 30 44 97 31 15 57 cd d4 88 52
000001F0: 4e 42 c8 20 89 8d 35 7b 8e 03 96 b4 74 fb ec 3b
00000200: 14 c2 64 49 92 f2 1f 3d ff 84 2d 92 4c b9 01 04
00000210: 3d 0a 2a 28 33 de 43 44 6b cf 79 0e 7d 7c 57 8f
00000220: 91 d0 c9 eb
(147) Sends message fragment (4), peer receives message fragment (4)
10.111.10.171:54295<-10.111.15.45:4500 [98]
00000000: 00 00 00 00 92 80 e0 82 2e 75 87 78 db 57 8d 97
00000010: de 11 9d 1e 35 20 23 20 00 00 00 01 00 00 00 5e
00000020: 00 00 00 42 00 04 00 04 00 00 00 00 00 00 00 03
00000030: 81 fa 5d 7a 67 13 b7 93 f4 2c 01 b8 d1 02 8c ab
00000040: 8e 80 47 25 6e c5 69 e3 0c 84 cd 35 9a 0f 7a cc
00000050: 0a 92 7a 74 77 dc ba 60 ac 4a 6c 27 70 e0 8a 82
00000060: bd 4b
Initiator's actions:
(148) Extracts IV from message (fragment 1)
00000000: 00 00 00 00 00 00 00 00
(149) Computes K1r (i1 = 0)
00000000: 35 e4 d1 65 2e ec 24 89 e4 c9 58 b1 b9 05 1b 83
00000010: 62 5e 65 d7 61 73 d9 1c cf 84 60 64 b9 f2 e7 51
(150) Computes K2r (i2 = 0)
00000000: 86 8c 89 42 41 d7 30 da 1a 4a 67 69 3a 32 4d 38
00000010: f3 54 02 9f f7 7d b7 bc 5a ee 3b 60 2b 3f 05 56
(151) Computes K3r (i3 = 0)
00000000: 31 95 e8 c6 67 af 42 d8 ce f1 e8 99 c6 8b 2a c2
00000010: 29 aa 3d c0 ff 18 5f 3d 79 4a 14 6b 9f ac d0 bb
(152) Composes MGM nonce (fragment 1)
00000000: 00 00 00 00 a5 bb 18 2f
(153) Extracts ICV from message (fragment 1)
00000000: 96 08 17 ed ef 01 4d a0
(154) Extracts AAD from message (fragment 1)
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 35 20 23 20 00 00 00 01 00 00 02 20 24 00 02 04
00000020: 00 01 00 04
(155) Extracts ciphertext from message (fragment 1)
00000000: 73 f2 45 3e fb 6a 26 28 67 7d 14 e3 bf 0a 90 74
00000010: c9 95 6a 40 d5 4e a6 77 cf 58 2e b8 ae 52 f4 25
00000020: f7 82 bc d9 f0 74 4e 38 51 90 07 70 27 f8 01 27
00000030: 17 da f4 ba bc 1e 02 0b 73 ec cc 7b f8 b3 68 64
00000040: f3 48 65 33 3b ab ac 19 11 d3 f7 78 b4 f8 d1 3f
00000050: 6d 46 93 37 a6 58 48 3a 7d d0 8a 9c 84 ab de eb
00000060: 0d d4 8d ab 75 20 18 27 42 fe 24 ee ba c4 a4 6e
00000070: db 80 68 3c 84 7e d6 36 50 d4 1b 1c bc c5 9f 18
00000080: 41 af 48 52 c1 7e a2 f0 e4 bc 0a 3c 64 34 81 ca
00000090: df 96 ba 51 91 f1 06 13 b2 04 23 c8 70 3a ea 64
000000A0: e9 ea ce c2 db aa 12 90 28 0c 9d f9 89 02 a8 5e
000000B0: 66 f5 6e ce dd e7 2c 4a 45 54 de 5e b8 76 73 67
000000C0: 2d a3 a0 52 91 74 ff b7 eb e4 ea d1 2b 04 76 f7
000000D0: ff 4b 1c b8 45 7e 8a 60 e7 1e ec 13 3e c1 d8 d0
000000E0: 78 be f4 79 77 06 ce 76 04 64 ad e7 10 19 65 2b
000000F0: 45 66 23 3d 34 7a 40 6c 36 c0 20 73 47 d8 7a b6
00000100: 2b 0f 56 04 7a c0 41 ab 18 23 11 78 7f 4f d4 f5
00000110: 7d 2e 06 a5 15 ee de 84 9f c2 0a f6 c8 1e a4 30
00000120: 70 42 07 c8 5e 97 08 69 12 27 58 c3 c7 b7 db 7a
00000130: 8c 50 3a 3a 5c bf 3a a7 73 40 8f 9c 18 f6 13 77
00000140: 63 c1 60 06 36 a1 43 ab 88 08 c9 cc ad f2 88 ca
00000150: 84 bd 45 e0 8e d9 27 a3 07 f2 63 79 b0 a8 62 9f
00000160: 5f ba dc a7 f5 54 b8 4f 4f bb 1e a2 16 4b 4f 2d
00000170: d4 08 4e 45 c2 c0 60 3b 73 df 6b 35 3a fe 38 2e
00000180: 25 75 fc be 89 4c d2 7a 9c 1f b4 41 a6 31 d3 3d
00000190: 39 a6 d1 c4 47 94 44 30 3a 2b 23 22 ba c0 a9 df
000001A0: dc 1c 90 8d d1 e8 13 f9 08 68 5a 94 98 c7 3f 47
000001B0: 77 79 b5 bb fb 22 56 4b 38 55 48 e8 14 d4 01 eb
000001C0: 63 e9 17 da 24 69 9a 6d dc 1e 25 06 ef 77 10 46
000001D0: ad 99 ad 9c 54 4f d4 68 64 ea 05 1d ef 29 ea 0e
000001E0: 3c 1c 7e 27 cf 59 76 42 5b 02 04 b8
(156) Decrypts ciphertext and verifies ICV using K3r as K_msg,
resulting in plaintext (fragment 1)
00000000: 25 00 00 4e 09 00 00 00 30 44 31 20 30 1e 06 03
00000010: 55 04 03 13 17 49 4b 45 20 49 6e 74 65 72 6f 70
00000020: 20 54 65 73 74 20 53 65 72 76 65 72 31 13 30 11
00000030: 06 03 55 04 0a 13 0a 45 4c 56 49 53 2d 50 4c 55
00000040: 53 31 0b 30 09 06 03 55 04 06 13 02 52 55 27 00
00000050: 04 bb 04 30 82 04 b2 30 82 04 5f a0 03 02 01 02
00000060: 02 13 7c 00 03 d9 02 ec f9 34 3e c8 aa d6 59 00
00000070: 01 00 03 d9 02 30 0a 06 08 2a 85 03 07 01 01 03
00000080: 02 30 82 01 0a 31 18 30 16 06 05 2a 85 03 64 01
00000090: 12 0d 31 32 33 34 35 36 37 38 39 30 31 32 33 31
000000A0: 1a 30 18 06 08 2a 85 03 03 81 03 01 01 12 0c 30
000000B0: 30 31 32 33 34 35 36 37 38 39 30 31 2f 30 2d 06
000000C0: 03 55 04 09 0c 26 d1 83 d0 bb 2e 20 d0 a1 d1 83
000000D0: d1 89 d1 91 d0 b2 d1 81 d0 ba d0 b8 d0 b9 20 d0
000000E0: b2 d0 b0 d0 bb 20 d0 b4 2e 20 31 38 31 0b 30 09
000000F0: 06 03 55 04 06 13 02 52 55 31 19 30 17 06 03 55
00000100: 04 08 0c 10 d0 b3 2e 20 d0 9c d0 be d1 81 d0 ba
00000110: d0 b2 d0 b0 31 15 30 13 06 03 55 04 07 0c 0c d0
00000120: 9c d0 be d1 81 d0 ba d0 b2 d0 b0 31 25 30 23 06
00000130: 03 55 04 0a 0c 1c d0 9e d0 9e d0 9e 20 22 d0 9a
00000140: d0 a0 d0 98 d0 9f d0 a2 d0 9e 2d d0 9f d0 a0 d0
00000150: 9e 22 31 3b 30 39 06 03 55 04 03 0c 32 d0 a2 d0
00000160: b5 d1 81 d1 82 d0 be d0 b2 d1 8b d0 b9 20 d0 a3
00000170: d0 a6 20 d0 9e d0 9e d0 9e 20 22 d0 9a d0 a0 d0
00000180: 98 d0 9f d0 a2 d0 9e 2d d0 9f d0 a0 d0 9e 22 30
00000190: 1e 17 0d 32 31 30 39 33 30 31 33 32 34 30 36 5a
000001A0: 17 0d 32 31 31 32 33 30 31 33 33 34 30 36 5a 30
000001B0: 44 31 20 30 1e 06 03 55 04 03 13 17 49 4b 45 20
000001C0: 49 6e 74 65 72 6f 70 20 54 65 73 74 20 53 65 72
000001D0: 76 65 72 31 13 30 11 06 03 55 04 0a 13 0a 45 4c
000001E0: 56 49 53 2d 50 4c 55 53 31 0b 30 00
(157) Extracts IV from message (fragment 2)
00000000: 00 00 00 00 00 00 00 01
(158) Uses previously computed key K3r
00000000: 31 95 e8 c6 67 af 42 d8 ce f1 e8 99 c6 8b 2a c2
00000010: 29 aa 3d c0 ff 18 5f 3d 79 4a 14 6b 9f ac d0 bb
(159) Composes MGM nonce (fragment 2)
00000000: 00 00 00 01 a5 bb 18 2f
(160) Extracts ICV from message (fragment 2)
00000000: 89 bd 07 12 fc 3f 15 8d
(161) Extracts AAD from message (fragment 2)
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 35 20 23 20 00 00 00 01 00 00 02 20 00 00 02 04
00000020: 00 02 00 04
(162) Extracts ciphertext from message (fragment 2)
00000000: b1 c8 8d ae d9 6f 91 7e 5a 6a 2d 8c e0 d6 28 3e
00000010: 10 59 46 12 a1 1e fa 53 c3 58 ec 4e a9 a5 92 0c
00000020: fa 5e cf a3 33 4a 8b b7 56 66 54 d9 9c 64 2e b6
00000030: 4d 03 3f 77 a8 17 88 f6 23 e0 2e 56 a6 a2 4c 4d
00000040: 6e e3 09 8a 2e 31 a1 85 1c cf ce 95 e7 73 93 8e
00000050: 9c 5a 7b 3b 49 75 96 69 d4 b0 46 f7 74 b0 0d 5d
00000060: 91 3b 6d 2b a4 46 cc 5c d9 a8 38 c0 6b ad 73 35
00000070: 09 aa c7 4c 91 8a 84 1c dd 3f e1 44 f7 c5 9c 61
00000080: 0e b7 03 6b 84 cc 8e 93 5b d5 f6 7e 71 3a f4 2c
00000090: 98 14 ad 47 e3 c3 70 dc e3 3e c0 a5 e0 e4 6d 01
000000A0: 44 78 7f e3 b7 6c cb 44 29 59 96 e9 84 6d 9d 18
000000B0: 89 66 16 07 46 a4 cd 72 a6 0e bd d2 a7 1c f7 21
000000C0: f0 d1 67 a9 0d 1c c4 c8 30 bd 26 1f 53 7d 61 8b
000000D0: ad 6f ef 3e 2c 6e 7e 69 b9 92 72 66 65 b6 06 22
000000E0: 49 a1 a8 f1 2f 02 dd 41 bf f5 d1 f6 7c 93 25 6e
000000F0: 52 8b a9 3f b5 40 97 02 bb 7c f5 33 a6 60 52 b8
00000100: 4f 3e 80 6c 38 cf e4 8b 15 fd d0 66 75 c1 bf bb
00000110: ac fc ac 01 c3 11 8e 0b 3e e9 2c 1b 5d b9 9f f6
00000120: 2f d7 e8 3c c7 a9 25 8b aa 6e c6 49 6d 6f df 42
00000130: 53 0e ba 70 54 d2 af c3 4d 02 e1 48 42 c5 45 53
00000140: 25 59 66 25 c7 3c c6 c2 e2 99 e2 bb 47 a4 a7 be
00000150: 6c 92 0d 3b 4c ab 6e d7 23 05 ea 73 07 62 e8 c0
00000160: e8 78 47 af 54 c8 67 8f dd 32 59 8d 87 ac 42 0e
00000170: 21 15 c4 f7 66 dc 02 cf 55 c2 e3 4d 8e 91 7a fd
00000180: d7 4d 20 b0 6f 67 78 58 08 9c ba 05 8b b0 9c 16
00000190: 20 51 75 12 96 e2 d5 28 ac 3e 50 26 04 6f 59 02
000001A0: 28 e0 ec 2c da 70 4a 9c 15 5a 2e 52 01 e6 4e 1e
000001B0: 10 6d 8d 5d 2a 81 69 0e 54 d0 5e 13 82 82 84 9a
000001C0: ac a6 0e 69 4e 17 5c c1 8a 71 f8 b4 80 3b 7a e5
000001D0: b8 1f 09 4a 02 14 24 07 af 6a 14 d9 52 8e da d3
000001E0: 58 23 68 71 27 b2 9a 03 09 f7 80 51
(163) Decrypts ciphertext and verifies ICV using K3r as K_msg,
resulting in plaintext (fragment 2)
00000000: 09 06 03 55 04 06 13 02 52 55 30 66 30 1f 06 08
00000010: 2a 85 03 07 01 01 01 01 30 13 06 07 2a 85 03 02
00000020: 02 24 00 06 08 2a 85 03 07 01 01 02 02 03 43 00
00000030: 04 40 5b b3 14 3e f4 70 c1 70 d7 f3 27 25 d8 53
00000040: 7c e6 de 6d 8c 29 f6 b2 32 64 56 dc b1 77 f2 3d
00000050: fa f4 2a 5c f3 74 86 7f 04 72 51 c1 cf b3 43 36
00000060: f5 95 a2 af 05 47 57 1a 55 c0 78 a4 9d 64 26 b8
00000070: 61 14 a3 82 02 59 30 82 02 55 30 0e 06 03 55 1d
00000080: 0f 01 01 ff 04 04 03 02 05 a0 30 13 06 03 55 1d
00000090: 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 11 30
000000A0: 1d 06 03 55 1d 0e 04 16 04 14 e0 d3 f0 09 ad ce
000000B0: 6c a5 47 ba 9b f7 a6 a5 1b 06 14 ba a5 43 30 1f
000000C0: 06 03 55 1d 23 04 18 30 16 80 14 9b 85 5e fb 81
000000D0: dc 4d 59 07 51 63 cf be df da 2c 7f c9 44 3c 30
000000E0: 82 01 0f 06 03 55 1d 1f 04 82 01 06 30 82 01 02
000000F0: 30 81 ff a0 81 fc a0 81 f9 86 81 b5 68 74 74 70
00000100: 3a 2f 2f 74 65 73 74 67 6f 73 74 32 30 31 32 2e
00000110: 63 72 79 70 74 6f 70 72 6f 2e 72 75 2f 43 65 72
00000120: 74 45 6e 72 6f 6c 6c 2f 21 30 34 32 32 21 30 34
00000130: 33 35 21 30 34 34 31 21 30 34 34 32 21 30 34 33
00000140: 65 21 30 34 33 32 21 30 34 34 62 21 30 34 33 39
00000150: 25 32 30 21 30 34 32 33 21 30 34 32 36 25 32 30
00000160: 21 30 34 31 65 21 30 34 31 65 21 30 34 31 65 25
00000170: 32 30 21 30 30 32 32 21 30 34 31 61 21 30 34 32
00000180: 30 21 30 34 31 38 21 30 34 31 66 21 30 34 32 32
00000190: 21 30 34 31 65 2d 21 30 34 31 66 21 30 34 32 30
000001A0: 21 30 34 31 65 21 30 30 32 32 28 31 29 2e 63 72
000001B0: 6c 86 3f 68 74 74 70 3a 2f 2f 74 65 73 74 67 6f
000001C0: 73 74 32 30 31 32 2e 63 72 79 70 74 6f 70 72 6f
000001D0: 2e 72 75 2f 43 65 72 74 45 6e 72 6f 6c 6c 2f 74
000001E0: 65 73 74 67 6f 73 74 32 30 31 32 00
(164) Extracts IV from message (fragment 3)
00000000: 00 00 00 00 00 00 00 02
(165) Uses previously computed key K3r
00000000: 31 95 e8 c6 67 af 42 d8 ce f1 e8 99 c6 8b 2a c2
00000010: 29 aa 3d c0 ff 18 5f 3d 79 4a 14 6b 9f ac d0 bb
(166) Composes MGM nonce (fragment 3)
00000000: 00 00 00 02 a5 bb 18 2f
(167) Extracts ICV from message (fragment 3)
00000000: 7d 7c 57 8f 91 d0 c9 eb
(168) Extracts AAD from message (fragment 3)
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 35 20 23 20 00 00 00 01 00 00 02 20 00 00 02 04
00000020: 00 03 00 04
(169) Extracts ciphertext from message (fragment 3)
00000000: 08 e0 86 04 1f 8a c9 b5 68 cd 96 10 ab 59 99 3a
00000010: 54 7b a9 fa d7 60 46 ec c3 bf bd 8f fa 03 ed 41
00000020: 49 13 ca 8c 9c b8 0c df 81 25 e2 30 ca cb 65 b9
00000030: 16 55 8e 67 f4 b3 7c b8 91 66 76 7c a4 15 98 a3
00000040: 3a c9 48 64 e4 ce 9f 64 67 5d bb 7c 03 23 9e c9
00000050: 81 3f da 48 ee a6 2a d8 fb ac 77 ce ed c2 a4 d9
00000060: 24 d3 71 99 fc 71 2b 6c 10 d3 c3 4b b5 37 e2 55
00000070: 5f d5 ee c0 d6 ff 66 15 8c e5 63 26 96 cd 3f 49
00000080: 2b da 51 94 55 6e 2e e5 2e d1 b4 91 81 50 85 8a
00000090: 84 bd fe 52 ec ce 1b 6b bd 7d 12 b4 de a5 88 c4
000000A0: b7 78 d3 3d 2d 46 ef dc 0f 91 43 be 08 7a ba fa
000000B0: b3 2a c2 17 30 99 79 ae 3a 00 f0 3f 47 4a 9b 11
000000C0: 4d 7b 1b 28 0a 44 5b 1a af 35 4d c3 2b 6b be 11
000000D0: 89 03 b9 de cf 37 57 53 1e a4 f3 3f ce 52 a6 d8
000000E0: 7e 9d d8 d4 2f 9f f5 8f 3c c6 cb 2f 56 e0 97 2d
000000F0: b2 0e 10 66 3b 3c ec 34 50 99 a3 7d 42 ec 96 eb
00000100: 87 48 72 2c 0a 6d af b9 4b 62 48 89 36 01 21 ab
00000110: 8e 79 10 54 9c 83 ab a9 8a 6c 37 c7 ac dc a1 7e
00000120: 41 0e 58 de da aa 95 71 fb 34 50 8a ef 37 0b c4
00000130: 56 ca 4b 2c 75 b7 c7 d9 74 22 c2 65 1a e4 4f 94
00000140: 20 f6 e9 44 f1 69 5e d2 18 d3 30 2e 85 74 25 be
00000150: 2a 88 e2 ce fe 75 ca fa 25 f9 2e 88 8c ed 6f dd
00000160: c3 c5 53 2e da 14 fd 96 28 4a b7 81 3a b3 d5 44
00000170: 26 e2 84 21 f2 5c 0a ed bf c4 34 1c a4 91 5e f3
00000180: 47 ef 0e 9e fb ee 34 95 5d 21 72 43 c9 63 af b4
00000190: f2 98 4a 36 57 77 fc e7 57 52 b2 4d bf 34 2a 98
000001A0: ea 70 cd d7 a9 da 4c 0d 19 05 d4 1e dd 36 c7 c4
000001B0: 31 54 18 2a ef 0e 30 44 97 31 15 57 cd d4 88 52
000001C0: 4e 42 c8 20 89 8d 35 7b 8e 03 96 b4 74 fb ec 3b
000001D0: 14 c2 64 49 92 f2 1f 3d ff 84 2d 92 4c b9 01 04
000001E0: 3d 0a 2a 28 33 de 43 44 6b cf 79 0e
(170) Decrypts ciphertext and verifies ICV using K3r as K_msg,
resulting in plaintext (fragment 3)
00000000: 28 31 29 2e 63 72 6c 30 81 da 06 08 2b 06 01 05
00000010: 05 07 01 01 04 81 cd 30 81 ca 30 44 06 08 2b 06
00000020: 01 05 05 07 30 02 86 38 68 74 74 70 3a 2f 2f 74
00000030: 65 73 74 67 6f 73 74 32 30 31 32 2e 63 72 79 70
00000040: 74 6f 70 72 6f 2e 72 75 2f 43 65 72 74 45 6e 72
00000050: 6f 6c 6c 2f 72 6f 6f 74 32 30 31 38 2e 63 72 74
00000060: 30 3f 06 08 2b 06 01 05 05 07 30 01 86 33 68 74
00000070: 74 70 3a 2f 2f 74 65 73 74 67 6f 73 74 32 30 31
00000080: 32 2e 63 72 79 70 74 6f 70 72 6f 2e 72 75 2f 6f
00000090: 63 73 70 32 30 31 32 67 2f 6f 63 73 70 2e 73 72
000000A0: 66 30 41 06 08 2b 06 01 05 05 07 30 01 86 35 68
000000B0: 74 74 70 3a 2f 2f 74 65 73 74 67 6f 73 74 32 30
000000C0: 31 32 2e 63 72 79 70 74 6f 70 72 6f 2e 72 75 2f
000000D0: 6f 63 73 70 32 30 31 32 67 73 74 2f 6f 63 73 70
000000E0: 2e 73 72 66 30 0a 06 08 2a 85 03 07 01 01 03 02
000000F0: 03 41 00 a5 39 5f ca 48 e1 c2 93 c1 e0 8a 64 74
00000100: 0f 6b 86 a2 15 9b 46 29 d0 42 71 4f ce e7 52 d7
00000110: d7 3d aa 47 ce cf 52 63 8f 26 b2 17 5f ad 96 57
00000120: 76 ea 5f d0 87 bb 12 29 e4 06 0e e1 5f fd 59 81
00000130: fb 34 6d 29 00 00 55 0e 00 00 00 0c 30 0a 06 08
00000140: 2a 85 03 07 01 01 03 02 c8 40 af f7 46 6f 7b eb
00000150: d2 b9 1c 5a 80 d0 00 93 c2 5e 44 16 40 47 f7 8e
00000160: 61 9c da a5 16 94 83 c5 68 5f e8 4d 03 e7 c2 cd
00000170: 08 07 b8 f3 46 66 6d 05 76 c0 d5 e7 60 1d 59 49
00000180: 09 45 52 c4 95 a7 5a d3 29 00 00 08 00 00 40 00
00000190: 2f 00 00 0c 00 00 40 01 00 00 00 40 21 00 00 10
000001A0: 02 00 00 00 00 01 00 04 0a 01 01 03 2c 00 00 20
000001B0: 00 00 00 1c 01 03 04 02 34 ff 8a 25 03 00 00 08
000001C0: 01 00 00 21 00 00 00 08 05 00 00 00 2d 00 00 18
000001D0: 01 00 00 00 07 00 00 10 00 00 ff ff 0a 01 01 03
000001E0: 0a 01 01 03 29 00 00 18 01 00 00 00
(171) Extracts IV from message (fragment 4)
00000000: 00 00 00 00 00 00 00 03
(172) Uses previously computed key K3r
00000000: 31 95 e8 c6 67 af 42 d8 ce f1 e8 99 c6 8b 2a c2
00000010: 29 aa 3d c0 ff 18 5f 3d 79 4a 14 6b 9f ac d0 bb
(173) Composes MGM nonce (fragment 4)
00000000: 00 00 00 03 a5 bb 18 2f
(174) Extracts ICV from message (fragment 4)
00000000: 6c 27 70 e0 8a 82 bd 4b
(175) Extracts AAD from message (fragment 4)
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 35 20 23 20 00 00 00 01 00 00 00 5e 00 00 00 42
00000020: 00 04 00 04
(176) Extracts ciphertext from message (fragment 4)
00000000: 81 fa 5d 7a 67 13 b7 93 f4 2c 01 b8 d1 02 8c ab
00000010: 8e 80 47 25 6e c5 69 e3 0c 84 cd 35 9a 0f 7a cc
00000020: 0a 92 7a 74 77 dc ba 60 ac 4a
(177) Decrypts ciphertext and verifies ICV using K3r as K_msg,
resulting in plaintext (fragment 4)
00000000: 00 07 00 00 10 00 00 ff ff 0a 00 00 00 0a 00 00
00000010: ff 29 00 00 08 00 00 40 02 29 00 00 08 00 00 40
00000020: 0a 00 00 00 08 00 00 40 0b 00
(178) Reassembles message from received fragments and parses it
IKE SA Auth
#9280E0822E758778.DB578D97DE119D1E.00000001 IKEv2 R=>I[1563]
4*EF[...]->E[1535]{
IDr[78](DN){CN=IKE Interop Test Server,O=ELVIS-PLUS,C=RU},
CERT[1211](X.509 Cert){308204...FB346D},
AUTH[85](Sig){id-tc26-signwithdigest-gost3410-12-256[12]:
C840AF...A75AD3},
N[8](INITIAL_CONTACT),
N[12](SET_WINDOW_SIZE){64},
CP[16](REPLY){IP4.Address[4]=10.1.1.3},
SA[32]{
P[28](#1:ESP:34FF8A25:2#){
Encryption=ENCR_MAGMA_MGM_KTREE,
ESN=Off}},
TSi[24](1#){10.1.1.3},
TSr[24](1#){10.0.0.0-10.0.0.255},
N[8](ADDITIONAL_TS_POSSIBLE),
N[8](ESP_TFC_PADDING_NOT_SUPPORTED),
N[8](NON_FIRST_FRAGMENTS_ALSO)}
(179) Computes prf(SK_pr, IDr)
00000000: 7d c8 6a 33 12 02 5c 21 1f ab dc 83 0b 01 a5 27
00000010: 82 a2 f2 1f 64 c6 e9 5e 0e c0 4c e5 d9 11 8d 8e
00000020: b9 5c ef fa b0 a3 37 75 94 20 7c e4 60 60 ed 9d
00000030: fa 5e cb 7e e7 79 05 ab fb 51 1b 03 a8 2c c5 6a
(180) Uses responder's public key
00000000: 5B B3 14 3E F4 70 C1 70 D7 F3 27 25 D8 53 7C E6
00000010: DE 6D 8C 29 F6 B2 32 64 56 DC B1 77 F2 3D FA F4
00000020: 2A 5C F3 74 86 7F 04 72 51 C1 CF B3 43 36 F5 95
00000030: A2 AF 05 47 57 1A 55 C0 78 A4 9D 64 26 B8 61 14
(181) Verifies signature from AUTH payload using algorithm id-tc26-
signwithdigest-gost3410-12-256
00000000: c8 40 af f7 46 6f 7b eb d2 b9 1c 5a 80 d0 00 93
00000010: c2 5e 44 16 40 47 f7 8e 61 9c da a5 16 94 83 c5
00000020: 68 5f e8 4d 03 e7 c2 cd 08 07 b8 f3 46 66 6d 05
00000030: 76 c0 d5 e7 60 1d 59 49 09 45 52 c4 95 a7 5a d3
(182) Computes keys for ESP SAs
00000000: 98 ab 7e db 78 03 a1 e6 c7 21 43 ee b9 7f 5f 56
00000010: 45 bb 51 cd 0b b7 09 a1 af 34 02 87 69 4d 7b a0
00000020: 1d 14 a0 cc
00000000: 70 31 4d 57 94 8b 7e 5c 6f 29 d5 68 1b fd 43 2b
00000010: 19 4e 64 6d 8f 8a 8d 1e ba 72 24 59 c7 0c de 81
00000020: e2 04 84 af
A.2.2. Sub-Scenario 2: IKE SA Rekeying Using the CREATE_CHILD_SA
Exchange
Initiator Responder
HDR, SK {SAi, Ni, KEi [,N+]} --->
<--- HDR, SK {SAr, Nr, KEr [,N+]}
Initiator's actions:
(1) Generates random SPIi for new IKE SA
00000000: fd d9 35 89 50 d5 db 22
(2) Generates random IKE nonce Ni
00000000: 2e 98 99 76 4a 67 1e d9 17 27 32 f2 6d 3a 93 3c
00000010: 7f 21 2b 0e 59 90 cf 2a 7f 85 53 c5 ed 8a ec 37
(3) Generates ephemeral private key
00000000: 29 2c 72 52 e0 6c fd 39 1d 55 04 e9 cf af 82 29
00000010: 89 09 ff 1c ab b2 dd a5 88 f0 34 fd 2c 57 d2 28
(4) Computes public key
00000000: 13 78 88 b1 0f 09 65 43 94 53 b7 26 5d 2a 8b 29
00000010: 5f a9 d6 73 a2 d0 64 6c 98 0f 02 44 d5 5a 1d 13
00000020: 7b b4 4d 18 81 c3 ee 48 35 18 a7 71 ce 4f fa 45
00000030: b0 e9 74 63 37 58 32 7c ff a5 e4 98 b5 02 d4 ef
(5) Creates message
Create Child SA
#9280E0822E758778.DB578D97DE119D1E.00000002 IKEv2 R<-I[213]
E[185]{
SA[44]{
P[40](#1:IKE:FDD9358950D5DB22:3#){
Encryption=ENCR_MAGMA_MGM_KTREE,
PRF=PRF_HMAC_STREEBOG_512,
KE=GOST3410_2012_256}},
NONCE[36]{2E9899...8AEC37},
KE[72](GOST3410_2012_256){137888...02D4EF},
N[12](SET_WINDOW_SIZE){4}}
(6) Computes K3i (i3 = 1)
00000000: da 26 f7 b5 4c 4c 97 23 3f e2 cb 53 23 82 1b 2a
00000010: 40 3c 95 e1 78 2a 8f 3d 1b 0f a4 d3 ab c3 98 3d
(7) Composes MGM nonce
00000000: 00 00 00 00 b4 e1 3e 23
(8) Composes AAD
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 2e 20 24 08 00 00 00 02 00 00 00 d5 21 00 00 b9
(9) Composes plaintext
00000000: 28 00 00 2c 00 00 00 28 01 01 08 03 fd d9 35 89
00000010: 50 d5 db 22 03 00 00 08 01 00 00 21 03 00 00 08
00000020: 02 00 00 09 00 00 00 08 04 00 00 21 22 00 00 24
00000030: 2e 98 99 76 4a 67 1e d9 17 27 32 f2 6d 3a 93 3c
00000040: 7f 21 2b 0e 59 90 cf 2a 7f 85 53 c5 ed 8a ec 37
00000050: 29 00 00 48 00 21 00 00 13 78 88 b1 0f 09 65 43
00000060: 94 53 b7 26 5d 2a 8b 29 5f a9 d6 73 a2 d0 64 6c
00000070: 98 0f 02 44 d5 5a 1d 13 7b b4 4d 18 81 c3 ee 48
00000080: 35 18 a7 71 ce 4f fa 45 b0 e9 74 63 37 58 32 7c
00000090: ff a5 e4 98 b5 02 d4 ef 00 00 00 0c 00 00 40 01
000000A0: 00 00 00 04 00
(10) Encrypts plaintext using K3i as K_msg, resulting in ciphertext
00000000: f4 d1 2b 1e 51 65 d1 0b 7f 38 c6 16 3f 6e 5e f7
00000010: e0 48 24 15 6a 45 50 51 1a 6e fb 1c 1d b8 52 75
00000020: 80 56 e4 da fb e5 fe 42 08 71 79 99 ef 17 7a 03
00000030: fc c3 c6 b0 15 a5 72 a4 1b de e2 b5 e6 46 56 73
00000040: 3f 78 57 9e 6b b4 05 4c 86 91 c3 61 00 2d 9b 89
00000050: c0 0c 8b 11 0b 41 e7 92 16 7f f8 f6 5d ef f4 29
00000060: 27 ef ba 8c 5f 30 fd a9 12 4c 5f 8d e9 39 97 48
00000070: 9a e1 6a 91 01 c7 8c 94 aa 3b 89 bb 54 40 3b f1
00000080: 8d 2b 0e 75 d8 f6 98 d2 74 e4 b7 2f f5 ac a0 41
00000090: df 73 7f 1c 37 18 b9 79 8e 9d 6f ea e5 8a b6 9f
000000A0: 35 d9 d4 b3 cd
(11) Computes ICV using K3i as K_msg
00000000: 49 96 ac 4c 3f c4 fc 1d
(12) Composes IV
00000000: 00 00 00 00 01 00 00 00
(13) Sends message, peer receives message
10.111.10.171:54295->10.111.15.45:4500 [217]
00000000: 00 00 00 00 92 80 e0 82 2e 75 87 78 db 57 8d 97
00000010: de 11 9d 1e 2e 20 24 08 00 00 00 02 00 00 00 d5
00000020: 21 00 00 b9 00 00 00 00 01 00 00 00 f4 d1 2b 1e
00000030: 51 65 d1 0b 7f 38 c6 16 3f 6e 5e f7 e0 48 24 15
00000040: 6a 45 50 51 1a 6e fb 1c 1d b8 52 75 80 56 e4 da
00000050: fb e5 fe 42 08 71 79 99 ef 17 7a 03 fc c3 c6 b0
00000060: 15 a5 72 a4 1b de e2 b5 e6 46 56 73 3f 78 57 9e
00000070: 6b b4 05 4c 86 91 c3 61 00 2d 9b 89 c0 0c 8b 11
00000080: 0b 41 e7 92 16 7f f8 f6 5d ef f4 29 27 ef ba 8c
00000090: 5f 30 fd a9 12 4c 5f 8d e9 39 97 48 9a e1 6a 91
000000A0: 01 c7 8c 94 aa 3b 89 bb 54 40 3b f1 8d 2b 0e 75
000000B0: d8 f6 98 d2 74 e4 b7 2f f5 ac a0 41 df 73 7f 1c
000000C0: 37 18 b9 79 8e 9d 6f ea e5 8a b6 9f 35 d9 d4 b3
000000D0: cd 49 96 ac 4c 3f c4 fc 1d
Responder's actions:
(14) Extracts IV from message
00000000: 00 00 00 00 01 00 00 00
(15) Computes K3i (I = 1)
00000000: da 26 f7 b5 4c 4c 97 23 3f e2 cb 53 23 82 1b 2a
00000010: 40 3c 95 e1 78 2a 8f 3d 1b 0f a4 d3 ab c3 98 3d
(16) Composes MGM nonce
00000000: 00 00 00 00 b4 e1 3e 23
(17) Extracts ICV from message
00000000: 49 96 ac 4c 3f c4 fc 1d
(18) Extracts AAD from message
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 2e 20 24 08 00 00 00 02 00 00 00 d5 21 00 00 b9
(19) Extracts ciphertext from message
00000000: f4 d1 2b 1e 51 65 d1 0b 7f 38 c6 16 3f 6e 5e f7
00000010: e0 48 24 15 6a 45 50 51 1a 6e fb 1c 1d b8 52 75
00000020: 80 56 e4 da fb e5 fe 42 08 71 79 99 ef 17 7a 03
00000030: fc c3 c6 b0 15 a5 72 a4 1b de e2 b5 e6 46 56 73
00000040: 3f 78 57 9e 6b b4 05 4c 86 91 c3 61 00 2d 9b 89
00000050: c0 0c 8b 11 0b 41 e7 92 16 7f f8 f6 5d ef f4 29
00000060: 27 ef ba 8c 5f 30 fd a9 12 4c 5f 8d e9 39 97 48
00000070: 9a e1 6a 91 01 c7 8c 94 aa 3b 89 bb 54 40 3b f1
00000080: 8d 2b 0e 75 d8 f6 98 d2 74 e4 b7 2f f5 ac a0 41
00000090: df 73 7f 1c 37 18 b9 79 8e 9d 6f ea e5 8a b6 9f
000000A0: 35 d9 d4 b3 cd
(20) Decrypts ciphertext and verifies ICV using K3i as K_msg,
resulting in plaintext
00000000: 28 00 00 2c 00 00 00 28 01 01 08 03 fd d9 35 89
00000010: 50 d5 db 22 03 00 00 08 01 00 00 21 03 00 00 08
00000020: 02 00 00 09 00 00 00 08 04 00 00 21 22 00 00 24
00000030: 2e 98 99 76 4a 67 1e d9 17 27 32 f2 6d 3a 93 3c
00000040: 7f 21 2b 0e 59 90 cf 2a 7f 85 53 c5 ed 8a ec 37
00000050: 29 00 00 48 00 21 00 00 13 78 88 b1 0f 09 65 43
00000060: 94 53 b7 26 5d 2a 8b 29 5f a9 d6 73 a2 d0 64 6c
00000070: 98 0f 02 44 d5 5a 1d 13 7b b4 4d 18 81 c3 ee 48
00000080: 35 18 a7 71 ce 4f fa 45 b0 e9 74 63 37 58 32 7c
00000090: ff a5 e4 98 b5 02 d4 ef 00 00 00 0c 00 00 40 01
000000A0: 00 00 00 04 00
(21) Parses received message
Create Child SA
#9280E0822E758778.DB578D97DE119D1E.00000002 IKEv2 I->R[213]
E[185]{
SA[44]{
P[40](#1:IKE:FDD9358950D5DB22:3#){
Encryption=ENCR_MAGMA_MGM_KTREE,
PRF=PRF_HMAC_STREEBOG_512,
KE=GOST3410_2012_256}},
NONCE[36]{2E9899...8AEC37},
KE[72](GOST3410_2012_256){137888...02D4EF},
N[12](SET_WINDOW_SIZE){4}}
(22) Generates random SPIr for new IKE SA
00000000: 81 27 5d a2 98 90 1a 06
(23) Generates random IKE nonce Nr
00000000: cf 8e 80 0f 84 c9 d8 50 06 a4 02 b5 19 2a 0f a0
00000010: d7 f4 db 70 ca f1 2b 9b 02 ce 92 8d 97 20 43 96
(24) Generates ephemeral private key
00000000: af 9a 62 7d d3 b8 23 d2 49 7f f9 0a 9d f2 55 8c
00000010: ae 9c 48 ad f5 a4 ee a5 f6 24 5f 48 3c f8 42 0d
(25) Computes public key
00000000: ba 9c bb 8d c4 51 68 1c 63 50 9c 5b 78 c2 93 be
00000010: 52 9b 7a a0 6b 14 1e 0f 52 d4 a3 0e 71 d7 5b 4c
00000020: aa 58 af 26 21 d9 b2 92 87 1c d9 7a 89 6f c2 7d
00000030: 7d 95 96 39 a2 36 37 8f f4 b9 1d 2f a8 b7 f5 c9
(26) Computes shared key
00000000: ae 27 a3 df af 7d bb ad f4 5c 19 64 c9 27 eb 41
00000010: 14 fc 1a f8 25 cc 93 50 a2 64 5f 04 67 0a 74 cb
(27) Computes SKEYSEED for new SA
00000000: 31 2b 7f 6a 24 23 8f ed b6 ac 40 a7 58 2e 28 54
00000010: 47 53 76 20 05 c7 00 c8 87 c1 51 68 93 40 7e 2d
00000020: ed 14 c4 78 9a f4 12 e7 f0 19 4d 4d 12 45 0d 42
00000030: e4 b2 29 e5 57 b4 90 cc cf d5 94 84 b4 59 5e b9
(28) Computes SK_d for new SA
00000000: 38 ec b5 1c 33 77 f8 62 29 9f 00 d9 98 5f a4 4c
00000010: ea c7 97 31 01 b9 39 ce 16 2c 1c 30 dd 53 d8 97
00000020: 48 49 cd ca 82 7b 57 55 e4 5a 33 1c 80 e6 b9 1f
00000030: 2c 80 b2 e5 48 8a 23 9d 8e 42 32 ed 4f 63 3a f1
(29) Computes SK_ei for new SA
00000000: 17 1c 7c 08 bd 1a 3d 50 58 e1 13 58 9d c4 21 c6
00000010: a3 44 e5 c1 f5 14 e8 22 ed 94 03 2e 76 47 b1 8d
00000020: 2b 3d 3b 2f
(30) Computes SK_er for new SA
00000000: 4a a9 b7 36 1d 2c e1 e0 dc 55 b6 45 0a 38 f1 9a
00000010: 83 cb 8f 79 57 5e df d8 5f 5e 22 a8 36 bd 3a 4a
00000020: d2 f6 27 21
(31) Creates message
Create Child SA
#9280E0822E758778.DB578D97DE119D1E.00000002 IKEv2 I<=R[213]
E[185]{
SA[44]{
P[40](#1:IKE:81275DA298901A06:3#){
Encryption=ENCR_MAGMA_MGM_KTREE,
PRF=PRF_HMAC_STREEBOG_512,
KE=GOST3410_2012_256}},
NONCE[36]{CF8E80...204396},
KE[72](GOST3410_2012_256){BA9CBB...B7F5C9},
N[12](SET_WINDOW_SIZE){64}}
(32) Computes K3r (i3 = 1)
00000000: 9b 6c de 40 b4 63 c4 85 db 09 b7 24 f4 60 fa d0
00000010: 1f d3 f3 fa e9 f8 e9 03 0c 34 cb 51 52 51 5b 56
(33) Composes MGM nonce
00000000: 00 00 00 00 a5 bb 18 2f
(34) Composes AAD
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 2e 20 24 20 00 00 00 02 00 00 00 d5 21 00 00 b9
(35) Composes plaintext
00000000: 28 00 00 2c 00 00 00 28 01 01 08 03 81 27 5d a2
00000010: 98 90 1a 06 03 00 00 08 01 00 00 21 03 00 00 08
00000020: 02 00 00 09 00 00 00 08 04 00 00 21 22 00 00 24
00000030: cf 8e 80 0f 84 c9 d8 50 06 a4 02 b5 19 2a 0f a0
00000040: d7 f4 db 70 ca f1 2b 9b 02 ce 92 8d 97 20 43 96
00000050: 29 00 00 48 00 21 00 00 ba 9c bb 8d c4 51 68 1c
00000060: 63 50 9c 5b 78 c2 93 be 52 9b 7a a0 6b 14 1e 0f
00000070: 52 d4 a3 0e 71 d7 5b 4c aa 58 af 26 21 d9 b2 92
00000080: 87 1c d9 7a 89 6f c2 7d 7d 95 96 39 a2 36 37 8f
00000090: f4 b9 1d 2f a8 b7 f5 c9 00 00 00 0c 00 00 40 01
000000A0: 00 00 00 40 00
(36) Encrypts plaintext using K3r as K_msg, resulting in ciphertext
00000000: 6e a0 bc 5e 58 16 91 db 1f e0 22 20 b6 75 fd e6
00000010: e0 01 a7 86 0c 9c a6 77 ef cd f6 be e4 c8 31 18
00000020: c7 7f 68 58 d8 85 75 6c 1d 4a 0e 66 09 86 7c 84
00000030: 30 a7 2e f0 26 2b 19 da c5 25 34 5b 19 f0 97 86
00000040: 54 ca 08 92 65 9c e3 92 4d ee 92 0a a0 86 d7 3f
00000050: 4d d9 f2 7e 32 48 b3 9f ea 54 d2 96 99 42 30 6b
00000060: b0 b4 fe 5d 4a fc 8c ff 54 f6 2f b7 ca 7b 83 01
00000070: 36 85 57 78 b3 74 84 72 9d 94 2f 6f ae 4e 26 bb
00000080: 6e 06 84 2b ac f8 99 29 31 ad 7b dc db c0 0f 19
00000090: 5f 06 42 2d 90 d2 6a 05 8a 41 ee 24 e2 49 a5 b6
000000A0: 61 e8 cb 46 3c
(37) Computes ICV using K3r as K_msg
00000000: dc c4 ca 6d 07 cf 31 a8
(38) Composes IV
00000000: 00 00 00 00 01 00 00 00
(39) Sends message, peer receives message
10.111.10.171:54295<-10.111.15.45:4500 [217]
00000000: 00 00 00 00 92 80 e0 82 2e 75 87 78 db 57 8d 97
00000010: de 11 9d 1e 2e 20 24 20 00 00 00 02 00 00 00 d5
00000020: 21 00 00 b9 00 00 00 00 01 00 00 00 6e a0 bc 5e
00000030: 58 16 91 db 1f e0 22 20 b6 75 fd e6 e0 01 a7 86
00000040: 0c 9c a6 77 ef cd f6 be e4 c8 31 18 c7 7f 68 58
00000050: d8 85 75 6c 1d 4a 0e 66 09 86 7c 84 30 a7 2e f0
00000060: 26 2b 19 da c5 25 34 5b 19 f0 97 86 54 ca 08 92
00000070: 65 9c e3 92 4d ee 92 0a a0 86 d7 3f 4d d9 f2 7e
00000080: 32 48 b3 9f ea 54 d2 96 99 42 30 6b b0 b4 fe 5d
00000090: 4a fc 8c ff 54 f6 2f b7 ca 7b 83 01 36 85 57 78
000000A0: b3 74 84 72 9d 94 2f 6f ae 4e 26 bb 6e 06 84 2b
000000B0: ac f8 99 29 31 ad 7b dc db c0 0f 19 5f 06 42 2d
000000C0: 90 d2 6a 05 8a 41 ee 24 e2 49 a5 b6 61 e8 cb 46
000000D0: 3c dc c4 ca 6d 07 cf 31 a8
Initiator's actions:
(40) Extracts IV from message
00000000: 00 00 00 00 01 00 00 00
(41) Computes K3r (i3 = 1)
00000000: 9b 6c de 40 b4 63 c4 85 db 09 b7 24 f4 60 fa d0
00000010: 1f d3 f3 fa e9 f8 e9 03 0c 34 cb 51 52 51 5b 56
(42) Composes MGM nonce
00000000: 00 00 00 00 a5 bb 18 2f
(43) Extracts ICV from message
00000000: dc c4 ca 6d 07 cf 31 a8
(44) Extracts AAD from message
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 2e 20 24 20 00 00 00 02 00 00 00 d5 21 00 00 b9
(45) Extracts ciphertext from message
00000000: 6e a0 bc 5e 58 16 91 db 1f e0 22 20 b6 75 fd e6
00000010: e0 01 a7 86 0c 9c a6 77 ef cd f6 be e4 c8 31 18
00000020: c7 7f 68 58 d8 85 75 6c 1d 4a 0e 66 09 86 7c 84
00000030: 30 a7 2e f0 26 2b 19 da c5 25 34 5b 19 f0 97 86
00000040: 54 ca 08 92 65 9c e3 92 4d ee 92 0a a0 86 d7 3f
00000050: 4d d9 f2 7e 32 48 b3 9f ea 54 d2 96 99 42 30 6b
00000060: b0 b4 fe 5d 4a fc 8c ff 54 f6 2f b7 ca 7b 83 01
00000070: 36 85 57 78 b3 74 84 72 9d 94 2f 6f ae 4e 26 bb
00000080: 6e 06 84 2b ac f8 99 29 31 ad 7b dc db c0 0f 19
00000090: 5f 06 42 2d 90 d2 6a 05 8a 41 ee 24 e2 49 a5 b6
000000A0: 61 e8 cb 46 3c
(46) Decrypts ciphertext and verifies ICV using K3r as K_msg,
resulting in plaintext
00000000: 28 00 00 2c 00 00 00 28 01 01 08 03 81 27 5d a2
00000010: 98 90 1a 06 03 00 00 08 01 00 00 21 03 00 00 08
00000020: 02 00 00 09 00 00 00 08 04 00 00 21 22 00 00 24
00000030: cf 8e 80 0f 84 c9 d8 50 06 a4 02 b5 19 2a 0f a0
00000040: d7 f4 db 70 ca f1 2b 9b 02 ce 92 8d 97 20 43 96
00000050: 29 00 00 48 00 21 00 00 ba 9c bb 8d c4 51 68 1c
00000060: 63 50 9c 5b 78 c2 93 be 52 9b 7a a0 6b 14 1e 0f
00000070: 52 d4 a3 0e 71 d7 5b 4c aa 58 af 26 21 d9 b2 92
00000080: 87 1c d9 7a 89 6f c2 7d 7d 95 96 39 a2 36 37 8f
00000090: f4 b9 1d 2f a8 b7 f5 c9 00 00 00 0c 00 00 40 01
000000A0: 00 00 00 40 00
(47) Parses received message
Create Child SA
#9280E0822E758778.DB578D97DE119D1E.00000002 IKEv2 R=>I[213]
E[185]{
SA[44]{
P[40](#1:IKE:81275DA298901A06:3#){
Encryption=ENCR_MAGMA_MGM_KTREE,
PRF=PRF_HMAC_STREEBOG_512,
KE=GOST3410_2012_256}},
NONCE[36]{CF8E80...204396},
KE[72](GOST3410_2012_256){BA9CBB...B7F5C9},
N[12](SET_WINDOW_SIZE){64}}
(48) Computes shared key
00000000: ae 27 a3 df af 7d bb ad f4 5c 19 64 c9 27 eb 41
00000010: 14 fc 1a f8 25 cc 93 50 a2 64 5f 04 67 0a 74 cb
(49) Computes SKEYSEED for new SA
00000000: 31 2b 7f 6a 24 23 8f ed b6 ac 40 a7 58 2e 28 54
00000010: 47 53 76 20 05 c7 00 c8 87 c1 51 68 93 40 7e 2d
00000020: ed 14 c4 78 9a f4 12 e7 f0 19 4d 4d 12 45 0d 42
00000030: e4 b2 29 e5 57 b4 90 cc cf d5 94 84 b4 59 5e b9
(50) Computes SK_d for new SA
00000000: 38 ec b5 1c 33 77 f8 62 29 9f 00 d9 98 5f a4 4c
00000010: ea c7 97 31 01 b9 39 ce 16 2c 1c 30 dd 53 d8 97
00000020: 48 49 cd ca 82 7b 57 55 e4 5a 33 1c 80 e6 b9 1f
00000030: 2c 80 b2 e5 48 8a 23 9d 8e 42 32 ed 4f 63 3a f1
(51) Computes SK_ei for new SA
00000000: 17 1c 7c 08 bd 1a 3d 50 58 e1 13 58 9d c4 21 c6
00000010: a3 44 e5 c1 f5 14 e8 22 ed 94 03 2e 76 47 b1 8d
00000020: 2b 3d 3b 2f
(52) Computes SK_er for new SA
00000000: 4a a9 b7 36 1d 2c e1 e0 dc 55 b6 45 0a 38 f1 9a
00000010: 83 cb 8f 79 57 5e df d8 5f 5e 22 a8 36 bd 3a 4a
00000020: d2 f6 27 21
A.2.3. Sub-Scenario 3: ESP SAs Rekeying without PFS Using the
CREATE_CHILD_SA Exchange
Initiator Responder
HDR, SK {N(REKEY_SA), SAi, Ni,
TSi, TSr [,N+]} --->
<--- HDR, SK {SAr, Nr,
TSi, TSr [,N+]}
Initiator's actions:
(1) Generates random IKE nonce Ni
00000000: b5 48 18 7d 30 d8 ea 49 20 d0 9d 42 de 9e 91 ce
00000010: b3 1c 41 85 37 66 d8 9e c6 a6 f8 08 93 f4 48 23
(2) Computes K1i (i1 = 0)
00000000: 28 b9 3c 93 ea db 74 38 64 87 8a 28 8d e0 38 5c
00000010: 14 cb ea 9f 67 58 a6 ee e2 2d c9 37 bb c8 41 69
(3) Computes K2i (i2 = 0)
00000000: 75 11 35 65 e6 29 70 2a d9 7d 38 a8 3a e3 aa 8a
00000010: 9e fb 80 af f5 52 71 be c9 c6 c3 4b 4b 40 96 44
(4) Computes K3i (i3 = 0)
00000000: 45 6f 03 f7 ad 75 eb e9 52 b8 8f 0d e8 36 47 69
00000010: 4d 2e f2 ba 15 e6 8c 89 1c 99 62 64 fb 0e 70 0a
(5) Selects SPI for new incoming ESP SA
00000000: 9a 8c 6a 9b
(6) Creates message
Create Child SA
#FDD9358950D5DB22.81275DA298901A06.00000000 IKEv2 R<-I[193]
E[165]{
N[12](ESP:6C0CA570:REKEY_SA),
SA[32]{
P[28](#1:ESP:9A8C6A9B:2#){
Encryption=ENCR_MAGMA_MGM_KTREE,
ESN=Off}},
NONCE[36]{B54818...F44823},
TSi[24](1#){10.1.1.3},
TSr[24](1#){10.0.0.0-10.0.0.255},
N[8](ESP_TFC_PADDING_NOT_SUPPORTED),
N[8](NON_FIRST_FRAGMENTS_ALSO)}
(7) Composes MGM nonce
00000000: 00 00 00 00 2b 3d 3b 2f
(8) Composes AAD
00000000: fd d9 35 89 50 d5 db 22 81 27 5d a2 98 90 1a 06
00000010: 2e 20 24 08 00 00 00 00 00 00 00 c1 29 00 00 a5
(9) Composes plaintext
00000000: 21 00 00 0c 03 04 40 09 6c 0c a5 70 28 00 00 20
00000010: 00 00 00 1c 01 03 04 02 9a 8c 6a 9b 03 00 00 08
00000020: 01 00 00 21 00 00 00 08 05 00 00 00 2c 00 00 24
00000030: b5 48 18 7d 30 d8 ea 49 20 d0 9d 42 de 9e 91 ce
00000040: b3 1c 41 85 37 66 d8 9e c6 a6 f8 08 93 f4 48 23
00000050: 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff
00000060: 0a 01 01 03 0a 01 01 03 29 00 00 18 01 00 00 00
00000070: 07 00 00 10 00 00 ff ff 0a 00 00 00 0a 00 00 ff
00000080: 29 00 00 08 00 00 40 0a 00 00 00 08 00 00 40 0b
00000090: 00
(10) Encrypts plaintext using K3i as K_msg, resulting in ciphertext
00000000: 47 71 bb 57 2a 1a 58 a6 44 cb 60 d4 8e 5c cc 0a
00000010: b9 34 0f 34 80 cf a2 38 54 f6 70 3b 98 4e 8f 9f
00000020: 3b 5c 5a 04 06 dc e9 d4 d3 54 c6 4d 73 09 10 c5
00000030: 4e 26 c4 27 fd cb 54 e1 cf e0 fd b4 9f f8 00 41
00000040: 41 c8 58 b2 c9 3a d8 e0 19 40 a3 89 ee 26 d4 84
00000050: 69 e9 52 68 d5 e1 ee f0 89 6e d3 95 34 62 ad 2e
00000060: e6 77 17 b8 6c 25 52 7f d8 70 9c 36 0b c8 1d 1a
00000070: 43 50 82 2a be b6 31 ff 2f 43 11 f7 d0 60 bf 62
00000080: b9 08 c3 09 a3 78 fb 5e 76 57 91 5d 48 1c aa d2
00000090: a3
(11) Computes ICV using K3i as K_msg
00000000: b3 05 bd 43 2f 87 0c 3f
(12) Composes IV
00000000: 00 00 00 00 00 00 00 00
(13) Sends message, peer receives message
10.111.10.171:54295->10.111.15.45:4500 [197]
00000000: 00 00 00 00 fd d9 35 89 50 d5 db 22 81 27 5d a2
00000010: 98 90 1a 06 2e 20 24 08 00 00 00 00 00 00 00 c1
00000020: 29 00 00 a5 00 00 00 00 00 00 00 00 47 71 bb 57
00000030: 2a 1a 58 a6 44 cb 60 d4 8e 5c cc 0a b9 34 0f 34
00000040: 80 cf a2 38 54 f6 70 3b 98 4e 8f 9f 3b 5c 5a 04
00000050: 06 dc e9 d4 d3 54 c6 4d 73 09 10 c5 4e 26 c4 27
00000060: fd cb 54 e1 cf e0 fd b4 9f f8 00 41 41 c8 58 b2
00000070: c9 3a d8 e0 19 40 a3 89 ee 26 d4 84 69 e9 52 68
00000080: d5 e1 ee f0 89 6e d3 95 34 62 ad 2e e6 77 17 b8
00000090: 6c 25 52 7f d8 70 9c 36 0b c8 1d 1a 43 50 82 2a
000000A0: be b6 31 ff 2f 43 11 f7 d0 60 bf 62 b9 08 c3 09
000000B0: a3 78 fb 5e 76 57 91 5d 48 1c aa d2 a3 b3 05 bd
000000C0: 43 2f 87 0c 3f
Responder's actions:
(14) Extracts IV from message
00000000: 00 00 00 00 00 00 00 00
(15) Computes K1i (i1 = 0)
00000000: 28 b9 3c 93 ea db 74 38 64 87 8a 28 8d e0 38 5c
00000010: 14 cb ea 9f 67 58 a6 ee e2 2d c9 37 bb c8 41 69
(16) Computes K2i (i2 = 0)
00000000: 75 11 35 65 e6 29 70 2a d9 7d 38 a8 3a e3 aa 8a
00000010: 9e fb 80 af f5 52 71 be c9 c6 c3 4b 4b 40 96 44
(17) Computes K3i (i3 = 0)
00000000: 45 6f 03 f7 ad 75 eb e9 52 b8 8f 0d e8 36 47 69
00000010: 4d 2e f2 ba 15 e6 8c 89 1c 99 62 64 fb 0e 70 0a
(18) Composes MGM nonce
00000000: 00 00 00 00 2b 3d 3b 2f
(19) Extracts ICV from message
00000000: b3 05 bd 43 2f 87 0c 3f
(20) Extracts AAD from message
00000000: fd d9 35 89 50 d5 db 22 81 27 5d a2 98 90 1a 06
00000010: 2e 20 24 08 00 00 00 00 00 00 00 c1 29 00 00 a5
(21) Extracts ciphertext from message
00000000: 47 71 bb 57 2a 1a 58 a6 44 cb 60 d4 8e 5c cc 0a
00000010: b9 34 0f 34 80 cf a2 38 54 f6 70 3b 98 4e 8f 9f
00000020: 3b 5c 5a 04 06 dc e9 d4 d3 54 c6 4d 73 09 10 c5
00000030: 4e 26 c4 27 fd cb 54 e1 cf e0 fd b4 9f f8 00 41
00000040: 41 c8 58 b2 c9 3a d8 e0 19 40 a3 89 ee 26 d4 84
00000050: 69 e9 52 68 d5 e1 ee f0 89 6e d3 95 34 62 ad 2e
00000060: e6 77 17 b8 6c 25 52 7f d8 70 9c 36 0b c8 1d 1a
00000070: 43 50 82 2a be b6 31 ff 2f 43 11 f7 d0 60 bf 62
00000080: b9 08 c3 09 a3 78 fb 5e 76 57 91 5d 48 1c aa d2
00000090: a3
(22) Decrypts ciphertext and verifies ICV using K3i as K_msg,
resulting in plaintext
00000000: 21 00 00 0c 03 04 40 09 6c 0c a5 70 28 00 00 20
00000010: 00 00 00 1c 01 03 04 02 9a 8c 6a 9b 03 00 00 08
00000020: 01 00 00 21 00 00 00 08 05 00 00 00 2c 00 00 24
00000030: b5 48 18 7d 30 d8 ea 49 20 d0 9d 42 de 9e 91 ce
00000040: b3 1c 41 85 37 66 d8 9e c6 a6 f8 08 93 f4 48 23
00000050: 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff
00000060: 0a 01 01 03 0a 01 01 03 29 00 00 18 01 00 00 00
00000070: 07 00 00 10 00 00 ff ff 0a 00 00 00 0a 00 00 ff
00000080: 29 00 00 08 00 00 40 0a 00 00 00 08 00 00 40 0b
00000090: 00
(23) Parses received message
Create Child SA
#FDD9358950D5DB22.81275DA298901A06.00000000 IKEv2 I->R[193]
E[165]{
N[12](ESP:6C0CA570:REKEY_SA),
SA[32]{
P[28](#1:ESP:9A8C6A9B:2#){
Encryption=ENCR_MAGMA_MGM_KTREE,
ESN=Off}},
NONCE[36]{B54818...F44823},
TSi[24](1#){10.1.1.3},
TSr[24](1#){10.0.0.0-10.0.0.255},
N[8](ESP_TFC_PADDING_NOT_SUPPORTED),
N[8](NON_FIRST_FRAGMENTS_ALSO)}
(24) Generates random IKE nonce Nr
00000000: 41 5e a7 ed 7e 65 d3 ff d3 df ed 5f b5 c8 5c 60
00000010: 2b 9c 15 14 eb 52 97 b7 fc aa 33 c4 64 f3 58 06
(25) Selects SPI for new incoming ESP SA
00000000: 15 4f 35 39
(26) Computes keys for new ESP SAs
00000000: 6a b6 a0 e7 05 d3 51 16 6f 4f b9 d6 59 0c c8 69
00000010: 43 70 cf 6f 0d 32 c3 7d 92 75 00 4b 0a 76 35 67
00000020: 64 0e 3a fe
00000000: 65 56 1c 79 27 cb c6 d6 8c b8 69 0f 40 00 d2 0a
00000010: c1 49 1c d1 86 88 db 88 ae f3 be 82 0c 71 b7 c9
00000020: 6c cf a3 64
(27) Creates message
Create Child SA
#FDD9358950D5DB22.81275DA298901A06.00000000 IKEv2 I<=R[189]
E[161]{
SA[32]{
P[28](#1:ESP:154F3539:2#){
Encryption=ENCR_MAGMA_MGM_KTREE,
ESN=Off}},
NONCE[36]{415EA7...F35806},
TSi[24](1#){10.1.1.3},
TSr[24](1#){10.0.0.0-10.0.0.255},
N[8](ADDITIONAL_TS_POSSIBLE),
N[8](ESP_TFC_PADDING_NOT_SUPPORTED),
N[8](NON_FIRST_FRAGMENTS_ALSO)}
(28) Computes K1r (i1 = 0)
00000000: 51 49 d5 41 33 91 45 dd ff 04 f5 05 e5 21 39 f2
00000010: 3a 71 1c 18 ef 39 94 1e dd 0c 70 e5 14 12 43 0a
(29) Computes K2r (i2 = 0)
00000000: 0e 8f 21 54 2e fc 81 79 57 c4 c9 0b e0 25 9a 59
00000010: 29 26 0e 86 20 bf d4 e6 00 32 23 43 ae f0 11 52
(30) Computes K3r (i3 = 0)
00000000: 92 b8 b2 d6 7a 2d e1 db 5f e1 39 d2 57 c8 24 5f
00000010: f6 22 54 de fc 35 35 c9 24 cf a5 4a e1 5d 75 71
(31) Composes MGM nonce
00000000: 00 00 00 00 d2 f6 27 21
(32) Composes AAD
00000000: fd d9 35 89 50 d5 db 22 81 27 5d a2 98 90 1a 06
00000010: 2e 20 24 20 00 00 00 00 00 00 00 bd 21 00 00 a1
(33) Composes plaintext
00000000: 28 00 00 20 00 00 00 1c 01 03 04 02 15 4f 35 39
00000010: 03 00 00 08 01 00 00 21 00 00 00 08 05 00 00 00
00000020: 2c 00 00 24 41 5e a7 ed 7e 65 d3 ff d3 df ed 5f
00000030: b5 c8 5c 60 2b 9c 15 14 eb 52 97 b7 fc aa 33 c4
00000040: 64 f3 58 06 2d 00 00 18 01 00 00 00 07 00 00 10
00000050: 00 00 ff ff 0a 01 01 03 0a 01 01 03 29 00 00 18
00000060: 01 00 00 00 07 00 00 10 00 00 ff ff 0a 00 00 00
00000070: 0a 00 00 ff 29 00 00 08 00 00 40 02 29 00 00 08
00000080: 00 00 40 0a 00 00 00 08 00 00 40 0b 00
(34) Encrypts plaintext using K3r as K_msg, resulting in ciphertext
00000000: 2e c7 13 73 4c cc f8 f3 51 71 ac d9 7a 6e 20 2c
00000010: 68 70 bb 8f 82 42 2a 14 e3 8d b8 25 10 9a 1f b6
00000020: 51 ef c5 35 50 bf df 8e 96 bc 94 5a e5 4d 9d 99
00000030: 9a 14 36 d1 4b 61 e1 de 3b 0d 12 94 e5 72 60 00
00000040: 0f 9d dd 2b e1 97 25 4c 5c ee 48 2e 9b f7 d8 9e
00000050: 01 6b 1d 92 b7 c1 7f 16 81 0f e2 e3 14 1c 27 c7
00000060: 35 e9 e3 fd b8 fc 5d fb a2 ee 2f f9 b0 17 39 ca
00000070: f1 2e b1 13 99 e0 da 10 1a 29 74 26 a3 63 ce 09
00000080: 6a f9 1b 67 4a f2 fb 0f 17 5e 48 1a 93
(35) Computes ICV using K3r as K_msg
00000000: 57 b4 30 41 07 50 b1 cc
(36) Composes IV
00000000: 00 00 00 00 00 00 00 00
(37) Sends message, peer receives message
10.111.10.171:54295<-10.111.15.45:4500 [193]
00000000: 00 00 00 00 fd d9 35 89 50 d5 db 22 81 27 5d a2
00000010: 98 90 1a 06 2e 20 24 20 00 00 00 00 00 00 00 bd
00000020: 21 00 00 a1 00 00 00 00 00 00 00 00 2e c7 13 73
00000030: 4c cc f8 f3 51 71 ac d9 7a 6e 20 2c 68 70 bb 8f
00000040: 82 42 2a 14 e3 8d b8 25 10 9a 1f b6 51 ef c5 35
00000050: 50 bf df 8e 96 bc 94 5a e5 4d 9d 99 9a 14 36 d1
00000060: 4b 61 e1 de 3b 0d 12 94 e5 72 60 00 0f 9d dd 2b
00000070: e1 97 25 4c 5c ee 48 2e 9b f7 d8 9e 01 6b 1d 92
00000080: b7 c1 7f 16 81 0f e2 e3 14 1c 27 c7 35 e9 e3 fd
00000090: b8 fc 5d fb a2 ee 2f f9 b0 17 39 ca f1 2e b1 13
000000A0: 99 e0 da 10 1a 29 74 26 a3 63 ce 09 6a f9 1b 67
000000B0: 4a f2 fb 0f 17 5e 48 1a 93 57 b4 30 41 07 50 b1
000000C0: cc
Initiator's actions:
(38) Extracts IV from message
00000000: 00 00 00 00 00 00 00 00
(39) Computes K1r (i1 = 0)
00000000: 51 49 d5 41 33 91 45 dd ff 04 f5 05 e5 21 39 f2
00000010: 3a 71 1c 18 ef 39 94 1e dd 0c 70 e5 14 12 43 0a
(40) Computes K2r (i2 = 0)
00000000: 0e 8f 21 54 2e fc 81 79 57 c4 c9 0b e0 25 9a 59
00000010: 29 26 0e 86 20 bf d4 e6 00 32 23 43 ae f0 11 52
(41) Computes K3r (i3 = 0)
00000000: 92 b8 b2 d6 7a 2d e1 db 5f e1 39 d2 57 c8 24 5f
00000010: f6 22 54 de fc 35 35 c9 24 cf a5 4a e1 5d 75 71
(42) Composes MGM nonce
00000000: 00 00 00 00 d2 f6 27 21
(43) Extracts ICV from message
00000000: 57 b4 30 41 07 50 b1 cc
(44) Extracts AAD from message
00000000: fd d9 35 89 50 d5 db 22 81 27 5d a2 98 90 1a 06
00000010: 2e 20 24 20 00 00 00 00 00 00 00 bd 21 00 00 a1
(45) Extracts ciphertext from message
00000000: 2e c7 13 73 4c cc f8 f3 51 71 ac d9 7a 6e 20 2c
00000010: 68 70 bb 8f 82 42 2a 14 e3 8d b8 25 10 9a 1f b6
00000020: 51 ef c5 35 50 bf df 8e 96 bc 94 5a e5 4d 9d 99
00000030: 9a 14 36 d1 4b 61 e1 de 3b 0d 12 94 e5 72 60 00
00000040: 0f 9d dd 2b e1 97 25 4c 5c ee 48 2e 9b f7 d8 9e
00000050: 01 6b 1d 92 b7 c1 7f 16 81 0f e2 e3 14 1c 27 c7
00000060: 35 e9 e3 fd b8 fc 5d fb a2 ee 2f f9 b0 17 39 ca
00000070: f1 2e b1 13 99 e0 da 10 1a 29 74 26 a3 63 ce 09
00000080: 6a f9 1b 67 4a f2 fb 0f 17 5e 48 1a 93
(46) Decrypts ciphertext and verifies ICV using K3r as K_msg,
resulting in plaintext
00000000: 28 00 00 20 00 00 00 1c 01 03 04 02 15 4f 35 39
00000010: 03 00 00 08 01 00 00 21 00 00 00 08 05 00 00 00
00000020: 2c 00 00 24 41 5e a7 ed 7e 65 d3 ff d3 df ed 5f
00000030: b5 c8 5c 60 2b 9c 15 14 eb 52 97 b7 fc aa 33 c4
00000040: 64 f3 58 06 2d 00 00 18 01 00 00 00 07 00 00 10
00000050: 00 00 ff ff 0a 01 01 03 0a 01 01 03 29 00 00 18
00000060: 01 00 00 00 07 00 00 10 00 00 ff ff 0a 00 00 00
00000070: 0a 00 00 ff 29 00 00 08 00 00 40 02 29 00 00 08
00000080: 00 00 40 0a 00 00 00 08 00 00 40 0b 00
(47) Parses received message
Create Child SA
#FDD9358950D5DB22.81275DA298901A06.00000000 IKEv2 R=>I[189]
E[161]{
SA[32]{
P[28](#1:ESP:154F3539:2#){
Encryption=ENCR_MAGMA_MGM_KTREE,
ESN=Off}},
NONCE[36]{415EA7...F35806},
TSi[24](1#){10.1.1.3},
TSr[24](1#){10.0.0.0-10.0.0.255},
N[8](ADDITIONAL_TS_POSSIBLE),
N[8](ESP_TFC_PADDING_NOT_SUPPORTED),
N[8](NON_FIRST_FRAGMENTS_ALSO)}
(48) Computes keys for new ESP SAs
00000000: 6a b6 a0 e7 05 d3 51 16 6f 4f b9 d6 59 0c c8 69
00000010: 43 70 cf 6f 0d 32 c3 7d 92 75 00 4b 0a 76 35 67
00000020: 64 0e 3a fe
00000000: 65 56 1c 79 27 cb c6 d6 8c b8 69 0f 40 00 d2 0a
00000010: c1 49 1c d1 86 88 db 88 ae f3 be 82 0c 71 b7 c9
00000020: 6c cf a3 64
A.2.4. Sub-Scenario 4: IKE SA Deletion Using the INFORMATIONAL Exchange
Initiator Responder
HDR, SK {D} --->
<--- HDR, SK { }
Initiator's actions:
(1) Creates message
Informational
#FDD9358950D5DB22.81275DA298901A06.00000003 IKEv2 R<-I[57]
E[29]{
D[8](IKE)}
(2) Uses previously computed key K3i
00000000: 45 6f 03 f7 ad 75 eb e9 52 b8 8f 0d e8 36 47 69
00000010: 4d 2e f2 ba 15 e6 8c 89 1c 99 62 64 fb 0e 70 0a
(3) Composes MGM nonce
00000000: 00 00 00 03 2b 3d 3b 2f
(4) Composes AAD
00000000: fd d9 35 89 50 d5 db 22 81 27 5d a2 98 90 1a 06
00000010: 2e 20 25 08 00 00 00 03 00 00 00 39 2a 00 00 1d
(5) Composes plaintext
00000000: 00 00 00 08 01 00 00 00 00
(6) Encrypts plaintext using K3i as K_msg, resulting in ciphertext
00000000: 4f ff 67 66 41 9c d3 ec 8e
(7) Computes ICV using K3i as K_msg
00000000: d2 bf 0e b7 8f c5 53 03
(8) Composes IV
00000000: 00 00 00 00 00 00 00 03
(9) Sends message, peer receives message
10.111.10.171:54295->10.111.15.45:4500 [61]
00000000: 00 00 00 00 fd d9 35 89 50 d5 db 22 81 27 5d a2
00000010: 98 90 1a 06 2e 20 25 08 00 00 00 03 00 00 00 39
00000020: 2a 00 00 1d 00 00 00 00 00 00 00 03 4f ff 67 66
00000030: 41 9c d3 ec 8e d2 bf 0e b7 8f c5 53 03
Responder's actions:
(10) Extracts IV from message
00000000: 00 00 00 00 00 00 00 03
(11) Uses previously computed key K3i
00000000: 45 6f 03 f7 ad 75 eb e9 52 b8 8f 0d e8 36 47 69
00000010: 4d 2e f2 ba 15 e6 8c 89 1c 99 62 64 fb 0e 70 0a
(12) Composes MGM nonce
00000000: 00 00 00 03 2b 3d 3b 2f
(13) Extracts ICV from message
00000000: d2 bf 0e b7 8f c5 53 03
(14) Extracts AAD from message
00000000: fd d9 35 89 50 d5 db 22 81 27 5d a2 98 90 1a 06
00000010: 2e 20 25 08 00 00 00 03 00 00 00 39 2a 00 00 1d
(15) Extracts ciphertext from message
00000000: 4f ff 67 66 41 9c d3 ec 8e
(16) Decrypts ciphertext and verifies ICV using K3i as K_msg,
resulting in plaintext
00000000: 00 00 00 08 01 00 00 00 00
(17) Parses received message
Informational
#FDD9358950D5DB22.81275DA298901A06.00000003 IKEv2 I->R[57]
E[29]{
D[8](IKE)}
(18) Creates message
Informational
#FDD9358950D5DB22.81275DA298901A06.00000003 IKEv2 I<=R[49]
E[21]{}
(19) Uses previously computed key K3r
00000000: 92 b8 b2 d6 7a 2d e1 db 5f e1 39 d2 57 c8 24 5f
00000010: f6 22 54 de fc 35 35 c9 24 cf a5 4a e1 5d 75 71
(20) Composes MGM nonce
00000000: 00 00 00 03 d2 f6 27 21
(21) Composes AAD
00000000: fd d9 35 89 50 d5 db 22 81 27 5d a2 98 90 1a 06
00000010: 2e 20 25 20 00 00 00 03 00 00 00 31 00 00 00 15
(22) Composes plaintext
00000000: 00
(23) Encrypts plaintext using K3r as K_msg, resulting in ciphertext
00000000: a8
(24) Computes ICV using K3r as K_msg
00000000: ef 77 21 c9 8b c1 eb 98
(25) Composes IV
00000000: 00 00 00 00 00 00 00 03
(26) Sends message, peer receives message
10.111.10.171:54295<-10.111.15.45:4500 [53]
00000000: 00 00 00 00 fd d9 35 89 50 d5 db 22 81 27 5d a2
00000010: 98 90 1a 06 2e 20 25 20 00 00 00 03 00 00 00 31
00000020: 00 00 00 15 00 00 00 00 00 00 00 03 a8 ef 77 21
00000030: c9 8b c1 eb 98
Initiator's actions:
(27) Extracts IV from message
00000000: 00 00 00 00 00 00 00 03
(28) Uses previously computed key K3r
00000000: 92 b8 b2 d6 7a 2d e1 db 5f e1 39 d2 57 c8 24 5f
00000010: f6 22 54 de fc 35 35 c9 24 cf a5 4a e1 5d 75 71
(29) Composes MGM nonce
00000000: 00 00 00 03 d2 f6 27 21
(30) Extracts ICV from message
00000000: ef 77 21 c9 8b c1 eb 98
(31) Extracts AAD from message
00000000: fd d9 35 89 50 d5 db 22 81 27 5d a2 98 90 1a 06
00000010: 2e 20 25 20 00 00 00 03 00 00 00 31 00 00 00 15
(32) Extracts ciphertext from message
00000000: a8
(33) Decrypts ciphertext and verifies ICV using K3r as K_msg,
resulting in plaintext
00000000: 00
(34) Parses received message
Informational
#FDD9358950D5DB22.81275DA298901A06.00000003 IKEv2 R=>I[49]
E[21]{}
Author's Address
Valery Smyslov
ELVIS-PLUS
PO Box 81
Moscow (Zelenograd)
124460
Russian Federation
Phone: +7 495 276 0211
Email: svan@elvis.ru