rfc9385.original   rfc9385.txt 
Network Working Group V. Smyslov Independent Submission V. Smyslov
Internet-Draft ELVIS-PLUS Request for Comments: 9385 ELVIS-PLUS
Intended status: Informational 6 December 2022 Category: Informational May 2023
Expires: 9 June 2023 ISSN: 2070-1721
Using GOST Cryptographic Algorithms in the Internet Key Exchange Using GOST Cryptographic Algorithms in the Internet Key Exchange
Protocol Version 2 (IKEv2) Protocol Version 2 (IKEv2)
draft-smyslov-ike2-gost-15
Abstract Abstract
This document defines a set of cryptographic transforms for use in This document defines a set of cryptographic transforms for use in
the Internet Key Exchange protocol version 2 (IKEv2). The transforms the Internet Key Exchange Protocol version 2 (IKEv2). The transforms
are based on Russian cryptographic standard algorithms (GOST). Use are based on Russian cryptographic standard algorithms (called "GOST"
of GOST ciphers in IKEv2 was defined in RFC 9227. This document aims algorithms). Use of GOST ciphers in IKEv2 is defined in RFC 9227.
to define using GOST algorithms for the rest of cryptographic This document aims to define the use of GOST algorithms for the rest
transforms used in IKEv2. of the cryptographic transforms used in IKEv2.
This specification was developed to facilitate implementations that This specification was developed to facilitate implementations that
wish to support the GOST algorithms. This document does not imply wish to support the GOST algorithms. This document does not imply
IETF endorsement of the cryptographic algorithms used in this IETF endorsement of the cryptographic algorithms used in this
document. document.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This document is not an Internet Standards Track specification; it is
provisions of BCP 78 and BCP 79. published for informational purposes.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months This is a contribution to the RFC Series, independently of any other
and may be updated, replaced, or obsoleted by other documents at any RFC stream. The RFC Editor has chosen to publish this document at
time. It is inappropriate to use Internet-Drafts as reference its discretion and makes no statement about its value for
material or to cite them other than as "work in progress." implementation or deployment. Documents approved for publication by
the RFC Editor are not candidates for any level of Internet Standard;
see Section 2 of RFC 7841.
This Internet-Draft will expire on 9 June 2023. Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc9385.
Copyright Notice Copyright Notice
Copyright (c) 2022 IETF Trust and the persons identified as the Copyright (c) 2023 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents
license-info) in effect on the date of publication of this document. (https://trustee.ietf.org/license-info) in effect on the date of
Please review these documents carefully, as they describe your rights publication of this document. Please review these documents
and restrictions with respect to this document. carefully, as they describe your rights and restrictions with respect
to this document.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction
2. Terminology and Notation . . . . . . . . . . . . . . . . . . 3 2. Terminology and Notation
3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Overview
4. IKE SA Protection . . . . . . . . . . . . . . . . . . . . . . 3 4. IKE SA Protection
5. Pseudo Random Function . . . . . . . . . . . . . . . . . . . 3 5. Pseudorandom Function
6. Shared Key Calculation . . . . . . . . . . . . . . . . . . . 4 6. Shared Key Calculation
6.1. Recipient Tests . . . . . . . . . . . . . . . . . . . . . 4 6.1. Recipient Tests
7. Authentication . . . . . . . . . . . . . . . . . . . . . . . 5 7. Authentication
7.1. Hash Functions . . . . . . . . . . . . . . . . . . . . . 5 7.1. Hash Functions
7.2. ASN.1 Objects . . . . . . . . . . . . . . . . . . . . . . 6 7.2. ASN.1 Objects
7.2.1. id-tc26-signwithdigest-gost3410-12-256 . . . . . . . 6 7.2.1. id-tc26-signwithdigest-gost3410-12-256
7.2.2. id-tc26-signwithdigest-gost3410-12-512 . . . . . . . 6 7.2.2. id-tc26-signwithdigest-gost3410-12-512
8. Security Considerations . . . . . . . . . . . . . . . . . . . 6 8. Security Considerations
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 9. IANA Considerations
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 10. References
10.1. Normative References . . . . . . . . . . . . . . . . . . 7 10.1. Normative References
10.2. Informative References . . . . . . . . . . . . . . . . . 8 10.2. Informative References
Appendix A. Test Vectors . . . . . . . . . . . . . . . . . . . . 10 Appendix A. Test Vectors
A.1. Scenario 1 . . . . . . . . . . . . . . . . . . . . . . . 10 A.1. Scenario 1
A.2. Scenario 2 . . . . . . . . . . . . . . . . . . . . . . . 56 A.1.1. Sub-Scenario 1: Establishment of IKE and ESP SAs Using
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 150 the IKE_SA_INIT and the IKE_AUTH Exchanges
A.1.2. Sub-Scenario 2: IKE SA Rekeying Using the
CREATE_CHILD_SA Exchange
A.1.3. Sub-Scenario 3: ESP SAs Rekeying with PFS Using the
CREATE_CHILD_SA Exchange
A.1.4. Sub-Scenario 4: IKE SA Deletion Using the INFORMATIONAL
Exchange
A.2. Scenario 2
A.2.1. Sub-Scenario 1: Establishment of IKE and ESP SAs Using
the IKE_SA_INIT and the IKE_AUTH Exchanges
A.2.2. Sub-Scenario 2: IKE SA Rekeying Using the
CREATE_CHILD_SA Exchange
A.2.3. Sub-Scenario 3: ESP SAs Rekeying without PFS Using the
CREATE_CHILD_SA Exchange
A.2.4. Sub-Scenario 4: IKE SA Deletion Using the INFORMATIONAL
Exchange
Author's Address
1. Introduction 1. Introduction
The Internet Key Exchange protocol version 2 (IKEv2) defined in The Internet Key Exchange Protocol version 2 (IKEv2) defined in
[RFC7296] is an important part of the IP Security (IPsec) [RFC7296] is an important part of the IP Security (IPsec)
architecture. It is used for the authenticated key exchange and for architecture. It is used for the authenticated key exchange and for
the negotiation of various protocol parameters and features. the negotiation of various protocol parameters and features.
This document defines a number of transforms for IKEv2, based on This document defines a number of transforms for IKEv2, based on
Russian cryptographic standard algorithms (often reffered to as Russian cryptographic standard algorithms (often referred to as
"GOST" algorithms) for hash function, digital signature and key "GOST" algorithms) for hash function, digital signature, and key
exchange method. These definitions are based on the recommendations exchange method. These definitions are based on the recommendations
[GOST-IKEv2] established by the Standardisation Technical Committee established by the Standardisation Technical Committee "Cryptographic
"Cryptographic information protection", which describe how Russian information protection", which describe how Russian cryptographic
cryptographic standard algorithms are used in IKEv2. Along with the standard algorithms are used in IKEv2 [GOST-IKEv2]. Along with the
transforms defined in [RFC9227], the transforms defined in this transforms defined in [RFC9227], the transforms defined in this
specification allow using GOST cryptographic algorithms in IPsec specification allow for the use of GOST cryptographic algorithms in
protocols. IPsec protocols.
This specification was developed to facilitate implementations that This specification was developed to facilitate implementations that
wish to support the GOST algorithms. This document does not imply wish to support the GOST algorithms. This document does not imply
IETF endorsement of the cryptographic algorithms used in this IETF endorsement of the cryptographic algorithms used in this
document. document.
2. Terminology and Notation 2. Terminology and Notation
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP "OPTIONAL" in this document are to be interpreted as described in
14 [RFC2119] [RFC8174] when, and only when, they appear in all BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here. capitals, as shown here.
3. Overview 3. Overview
Russian cryptographic standard (GOST) algorithms are a set of Russian cryptographic standard algorithms (GOST algorithms) are a set
cryptographic algorithms of different types - ciphers, hash of cryptographic algorithms of different types -- ciphers, hash
functions, digital signatures etc. In particular, Russian functions, digital signatures, etc. In particular, Russian
cryptographic standard [GOST3412-2015] defines block ciphers cryptographic standard [GOST3412-2015] defines the "Kuznyechik" and
"Kuznyechik" (also defined in [RFC7801]) and "Magma" (also defined in "Magma" block ciphers (also defined in [RFC7801] and [RFC8891],
[RFC8891]). Cryptographic standard [GOST3410-2012] defines elliptic respectively). Cryptographic standard [GOST3410-2012] defines the
curve digital signature algorithm (also defined in [RFC7091]), while elliptic curve digital signature algorithm (also defined in
[GOST3411-2012] defines two cryptographic hash functions "Streebog", [RFC7091]), while [GOST3411-2012] defines two cryptographic hash
with different output length (also defined in [RFC6986]). The functions with different output lengths (also defined in [RFC6986]).
parameters for the elliptic curves used in GOST signature and key These hash functions are often referred to as "Streebog" hash
exchange algorithms are defined in [RFC7836]. functions, although this is not an official name and is not used in
the provided references. The parameters for the elliptic curves used
in GOST signature and key exchange algorithms are defined in
[RFC7836].
4. IKE SA Protection 4. IKE SA Protection
IKE SA protection using GOST algorithms is defined in [RFC9227]. In IKE Security Association (SA) protection using GOST algorithms is
particular, two transforms of type 1 (Encryption Algorithm Transform defined in [RFC9227]. In particular, two transforms of Type 1
IDs) can be used for IKE SA protection: ENCR_KUZNYECHIK_MGM_KTREE (Encryption Algorithm Transform IDs) can be used for IKE SA
(32) based on "Kuznyechik" block cipher and ENCR_MAGMA_MGM_KTREE (33) protection: ENCR_KUZNYECHIK_MGM_KTREE (32) based on the "Kuznyechik"
based on "Magma" block cipher, both in Multilinear Galois Mode (MGM). block cipher and ENCR_MAGMA_MGM_KTREE (33) based on the "Magma" block
cipher, both in Multilinear Galois Mode (MGM).
The information here is provided for convenience. For full details, The information here is provided for convenience. For full details,
please see [RFC9227]. please see [RFC9227].
5. Pseudo Random Function 5. Pseudorandom Function
This specification defines a new transform of type 2 (Pseudorandom This specification defines a new transform of Type 2 (Pseudorandom
Function Transform IDs) - PRF_HMAC_STREEBOG_512 (9). This transform Function Transform IDs): PRF_HMAC_STREEBOG_512 (9). This transform
uses PRF HMAC_GOSTR3411_2012_512 defined in Section 4.1.2 of uses the Pseudorandom Function (PRF) HMAC_GOSTR3411_2012_512 defined
[RFC7836]. The PRF uses GOST R 34.11-2012 ("Streebog") hash-function in Section 4.1.2 of [RFC7836]. The PRF uses the GOST R 34.11-2012
with 512-bit output defined in [RFC6986][GOST3411-2012] with HMAC ("Streebog") hash function with a 512-bit output defined in [RFC6986]
[RFC2104] construction. The PRF has a 512-bit block size and a and [GOST3411-2012] with HMAC [RFC2104] construction. The PRF has a
512-bit output length. 512-bit block size and a 512-bit output length.
6. Shared Key Calculation 6. Shared Key Calculation
This specification defines two new transforms of type 4 (Diffie- This specification defines two new transforms of Type 4 (Key Exchange
Hellman Group Transform IDs): GOST3410_2012_256 (33) and Method Transform IDs): GOST3410_2012_256 (33) and GOST3410_2012_512
GOST3410_2012_512 (34). These transforms uses Elliptic Curve Diffie- (34). These transforms use the Elliptic Curve Diffie-Hellman (ECDH)
Hellman (ECDH) key exchange algorithm over Twisted Edwards curves. key exchange algorithm over twisted Edwards curves. The parameters
The parameters for these curves are defined in Section A.2 of for these curves are defined in Appendix A.2 of [RFC7836]. In
[RFC7836]. In particular, transform GOST3410_2012_256 uses id-tc26- particular, transform GOST3410_2012_256 uses the id-tc26-gost-
gost-3410-2012-256-paramSetA parameter set and GOST3410_2012_512 uses 3410-2012-256-paramSetA parameter set and GOST3410_2012_512 uses the
id-tc26-gost-3410-2012-512-paramSetC parameter set (both defined in id-tc26-gost-3410-2012-512-paramSetC parameter set (both defined in
[RFC7836]). [RFC7836]).
Shared secret is computed as follows. The initiator randomly selects The shared secret is computed as follows. The initiator randomly
its private key d_i from {1,..,q - 1}, where q is the subgroup order selects its private key d_i from {1,..,q - 1}, where q is the
and is a parameter of the selected curve. Then a public key Q_i is subgroup order and is a parameter of the selected curve. Then a
computed as a point on the curve: public key Q_i is computed as a point on the curve:
Q_i = d_i * G Q_i = d_i * G
where G is the generator for the selected curve, and then is sent to where G is the generator for the selected curve. It is then sent to
the responder. The responder makes the same calculations to get d_r the responder. The responder makes the same calculations to get d_r
and Q_r and sends Q_r to the initiator. After peers exchange Q_i and and Q_r and sends Q_r to the initiator. After peers exchange Q_i and
Q_R both sides can compute a point on the curve: Q_R, both sides can compute a point on the curve:
S = ((m / q) * d_i) * Q_r = ((m / q) * d_r) * Q_i S = ((m / q) * d_i) * Q_r = ((m / q) * d_r) * Q_i
where m is the group order and is a parameter of the selected curve. where m is the group order and is a parameter of the selected curve.
The shared secret K is an x coordinate of S in a little-endian The shared secret K is an x coordinate of S in a little-endian
representation. The size of K is determined by the size of used representation. The size of K is determined by the size of the used
curve and is either 256 or 512 bit. curve and is either 256 or 512 bits.
When GOST public key is transmitted in the KE payload, it MUST be When the GOST public key is transmitted in the Key Exchange payload
represented as x coordinate immediately followed by y coordinate, (Section 3.4 of [RFC7296]), it MUST be represented as x coordinate
each in a little-endian representation. The size of each coordinate immediately followed by y coordinate, each in a little-endian
is determined by the size of the used curve and is either 256 or 512 representation. The size of each coordinate is determined by the
bits, so that the size of the Key Exchange Data field in the KE size of the used curve and is either 256 or 512 bits, so that the
payload is either 64 or 128 octets. size of the Key Exchange Data field in the Key Exchange payload is
either 64 or 128 octets.
6.1. Recipient Tests 6.1. Recipient Tests
Upon receiving peer's public key, implementations MUST check that the Upon receiving a peer's public key, implementations MUST check that
key is actually a point on the curve. Otherwise the exchange fails. the key is actually a point on the curve. Otherwise, the exchange
Implementations MUST check that the calculated public value S is not fails. Implementations MUST check that the calculated public value S
an identity element of the curve. If S appears to be the identity is not an identity element of the curve. If S appears to be the
element of the curve, the exchange fails. The INVALID_SYNTAX identity element of the curve, the exchange fails. The
notification MAY be sent in these cases. INVALID_SYNTAX notification MAY be sent in these cases.
7. Authentication 7. Authentication
IKEv2 allows various authentication methods to be used for IKE SA IKEv2 allows various authentication methods to be used for IKE SA
establishment. Some methods are tied to a particular algorithm, establishment. Some methods are tied to a particular algorithm,
while others may be used with different algorithms. This while others may be used with different algorithms. This
specification makes no restrictions on using the latter ones with the specification makes no restrictions on using the latter ones with the
GOST algorithms. In particular, "Shared Key Message Integrity Code" GOST algorithms. In particular, "Shared Key Message Integrity Code"
(2), defined in [RFC7296], and "NULL Authentication" (13), defined in (2), defined in [RFC7296], and "NULL Authentication" (13), defined in
[RFC7619], can be used with GOST algorithms with no changes to the [RFC7619], can be used with GOST algorithms with no changes to the
process of the AUTH payload content calculation. process of the AUTH payload content calculation.
When GOST digital signature is used in IKEv2 for authentication When the GOST digital signature algorithm is used in IKEv2 for
purposes, an Authentication Method "Digital Signature" (14), defined authentication purposes, the "Digital Signature" (14) authentication
in [RFC7427], MUST be specified in the AUTH payload. method, defined in [RFC7427], MUST be specified in the AUTH payload.
GOST digital signature algorithm GOST R 34.10-2012 is defined in The GOST digital signature algorithm GOST R 34.10-2012 is defined in
[RFC7091][GOST3410-2012]. There are two variants of GOST signature [RFC7091] and [GOST3410-2012]. There are two variants of the GOST
algorithm - one over 256-bit elliptic curve and the other over digital signature algorithm -- one over a 256-bit elliptic curve and
512-bit key elliptic curve. The signature value, as defined in the other over a 512-bit key elliptic curve. The signature value, as
[RFC7091][GOST3410-2012], consists of two integers r and s. The size defined in [RFC7091] and [GOST3410-2012], consists of two integers: r
of each integer is either 256 bit or 512 bit depending on the used and s. The size of each integer is either 256 or 512 bits depending
elliptic curve. The content of the Signature Value field in the AUTH on the elliptic curve used. The content of the Signature Value field
payload MUST consist of s immediately followed by r, each in a big- in the AUTH payload MUST consist of s immediately followed by r, each
endian representation, so that the size of the field is either 64 or in a big-endian representation, so that the size of the field is
128 octets. The AlgorithmIdentifier ASN.1 objects for GOST digital either 64 or 128 octets. The AlgorithmIdentifier ASN.1 objects for
signature algorithm are defined in Section 7.2. the GOST digital signature algorithm are defined in Section 7.2.
7.1. Hash Functions 7.1. Hash Functions
GOST digital signature algorithm uses GOST hash functions GOST R The GOST digital signature algorithm uses the GOST R 34.11-2012
34.11-2012 ("Streebog") defined in [RFC6986][GOST3411-2012]. There ("Streebog") hash functions defined in [RFC6986] and [GOST3411-2012].
are two "Streebog" hash functions - one with 256-bit output length There are two "Streebog" hash functions: one with a 256-bit output
and the other with 512-bit output length. The former is used with length and the other with a 512-bit output length. The former is
GOST digital signature algorithm over a 256-bit elliptic curve and used with the GOST digital signature algorithm over a 256-bit
the latter - over a 512-bit key elliptic curve. elliptic curve and the latter over a 512-bit key elliptic curve.
This specification defines two new values for IKEv2 Hash Algorithms This specification defines two new values for the "IKEv2 Hash
registry: STREEBOG_256 (6) for GOST hash function with 256-bit output Algorithms" registry: STREEBOG_256 (6) for the GOST hash function
length and STREEBOG_512 (7) for the 512-bit length output. These with a 256-bit output length and STREEBOG_512 (7) for the GOST hash
values MUST be included in the SIGNATURE_HASH_ALGORITHMS notify if a function with a 512-bit output length. These values MUST be included
corresponding GOST digital signature algorithm is supported by the in the SIGNATURE_HASH_ALGORITHMS notification if a corresponding GOST
sender and its local policy allows using this algorithm (see digital signature algorithm is supported by the sender and its local
Section 4 of [RFC7427] for details). policy allows the use of this algorithm (see Section 4 of [RFC7427]
for details).
7.2. ASN.1 Objects 7.2. ASN.1 Objects
This section lists GOST signature algorithm ASN.1 AlgorithmIdentifier This section lists GOST digital signature algorithm ASN.1
objects in binary form. With GOST signature algorithms, optional AlgorithmIdentifier objects in binary form. With GOST digital
parameters in AlgorithmIdentifier objects are always omitted. This signature algorithms, optional parameters in AlgorithmIdentifier
objects are defined in [RFC9215][USING-GOST-IN-CERTS] and are objects are always omitted. These objects are defined in [RFC9215]
provided here for convenience. and [USING-GOST-IN-CERTS] and are provided here for convenience.
7.2.1. id-tc26-signwithdigest-gost3410-12-256 7.2.1. id-tc26-signwithdigest-gost3410-12-256
id-tc26-signwithdigest-gost3410-12-256 OBJECT IDENTIFIER ::= { iso(1) id-tc26-signwithdigest-gost3410-12-256 OBJECT IDENTIFIER ::=
member-body(2) ru(643) rosstandart(7) tc26(1) algorithms(1) { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1)
signwithdigest(3) gost3410-12-256(2) } algorithms(1) signwithdigest(3) gost3410-12-256(2)}
The optional parameters field must be omitted. The optional parameters field must be omitted.
Name = id-tc26-signwithdigest-gost3410-12-256 Name = id-tc26-signwithdigest-gost3410-12-256
OID = 1.2.643.7.1.1.3.2 OID = 1.2.643.7.1.1.3.2
Length = 12 Length = 12
0000: 300a 0608 2a85 0307 0101 0302 0000: 300a 0608 2a85 0307 0101 0302
7.2.2. id-tc26-signwithdigest-gost3410-12-512 7.2.2. id-tc26-signwithdigest-gost3410-12-512
id-tc26-signwithdigest-gost3410-12-512 OBJECT IDENTIFIER ::= { iso(1) id-tc26-signwithdigest-gost3410-12-512 OBJECT IDENTIFIER ::=
member-body(2) ru(643) rosstandart(7) tc26(1) algorithms(1) { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1)
signwithdigest(3) gost3410-12-512(3) } algorithms(1) signwithdigest(3) gost3410-12-512(3)}
The optional parameters field must be omitted. The optional parameters field must be omitted.
Name = id-tc26-signwithdigest-gost3410-12-512 Name = id-tc26-signwithdigest-gost3410-12-512
OID = 1.2.643.7.1.1.3.3 OID = 1.2.643.7.1.1.3.3
Length = 12 Length = 12
0000: 300a 0608 2a85 0307 0101 0303 0000: 300a 0608 2a85 0307 0101 0303
8. Security Considerations 8. Security Considerations
The security considerations of [RFC7296] and [RFC7427] apply The security considerations of [RFC7296] and [RFC7427] apply.
accordingly.
The security of GOST elliptic curves is discussed in The security of GOST elliptic curves is discussed in
[GOST-EC-SECURITY]. The security of "Streebog" hash function is [GOST-EC-SECURITY]. The security of the "Streebog" hash functions is
discussed in [STREEBOG-SECURITY]. A second preimage attack on discussed in [STREEBOG-SECURITY]. A second preimage attack on
"Streebog" is described in [STREEBOG-PREIMAGE] if message size "Streebog" hash functions is described in [STREEBOG-PREIMAGE] if the
exceeds 2^259 blocks. This attack is not relevant to how "Streebog" message size exceeds 2^259 blocks. This attack is not relevant to
is used in IKEv2. how "Streebog" hash functions are used in IKEv2.
9. IANA Considerations 9. IANA Considerations
IANA has assigned one Transform ID in the "Transform Type 2 - IANA has assigned one Transform ID in the "Transform Type 2 -
Pseudorandom Function Transform IDs" registry (where RFCXXXX is this Pseudorandom Function Transform IDs" registry:
document):
Number Name Reference +========+=======================+===========+
------------------------------------------------- | Number | Name | Reference |
9 PRF_HMAC_STREEBOG_512 [RFCXXXX] +========+=======================+===========+
| 9 | PRF_HMAC_STREEBOG_512 | RFC 9385 |
+--------+-----------------------+-----------+
IANA has assigned two Transform IDs in the "Transform Type 4 - Table 1: New Pseudorandom Function
Diffie-Hellman Group Transform IDs" registry (where RFCXXXX is this Transform ID
document):
Number Name Recipient Tests Reference IANA has assigned two Transform IDs in the "Transform Type 4 - Key
--------------------------------------------------------------------- Exchange Method Transform IDs" registry:
33 GOST3410_2012_256 [RFCXXXX] Sec. 6.1 [RFCXXXX]
34 GOST3410_2012_512 [RFCXXXX] Sec. 6.1 [RFCXXXX]
IANA has assigned two values in the "IKEv2 Hash Algorithms" registry +========+===================+=======================+===========+
(where RFCXXXX is this document): | Number | Name | Recipient Tests | Reference |
+========+===================+=======================+===========+
| 33 | GOST3410_2012_256 | RFC 9385, Section 6.1 | RFC 9385 |
+--------+-------------------+-----------------------+-----------+
| 34 | GOST3410_2012_512 | RFC 9385, Section 6.1 | RFC 9385 |
+--------+-------------------+-----------------------+-----------+
Number Hash Algorithm Reference Table 2: New Key Exchange Method Transform IDs
-------------------------------------------------
6 STREEBOG_256 [RFCXXXX] IANA has assigned two values in the "IKEv2 Hash Algorithms" registry:
7 STREEBOG_512 [RFCXXXX]
+========+================+===========+
| Number | Hash Algorithm | Reference |
+========+================+===========+
| 6 | STREEBOG_256 | RFC 9385 |
+--------+----------------+-----------+
| 7 | STREEBOG_512 | RFC 9385 |
+--------+----------------+-----------+
Table 3: New IKEv2 Hash Algorithms
10. References 10. References
10.1. Normative References 10.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
skipping to change at page 9, line 28 skipping to change at line 428
Hashing function", GOST R 34.11-2012, 2012. (In Russian) Hashing function", GOST R 34.11-2012, 2012. (In Russian)
[GOST3412-2015] [GOST3412-2015]
Federal Agency on Technical Regulating and Metrology, Federal Agency on Technical Regulating and Metrology,
"Information technology. Cryptographic data security. "Information technology. Cryptographic data security.
Block ciphers", GOST R 34.12-2015, 2015. (In Russian) Block ciphers", GOST R 34.12-2015, 2015. (In Russian)
[GOST-IKEv2] [GOST-IKEv2]
Standardisation Technical Committee "Cryptographic Standardisation Technical Committee "Cryptographic
information protection", "Information technology. information protection", "Information technology.
Cryptographic information protection. The use of Russian Cryptographic data security. Using Russian cryptographic
cryptographic algorithms in the IKEv2 key exchange algorithms in the Internet Key Exchange protocol version 2
protocol", MR 26.2.001-22, 2022. (In Russian) (IKEv2)", MR 26.2.001-22, 2022. (In Russian)
[GOST-IKEv2-TESTVECTORS] [GOST-IKEv2-TESTVECTORS]
Standardisation Technical Committee "Cryptographic Standardisation Technical Committee "Cryptographic
information protection", "Information technology. information protection", "Information technology.
Cryptographic information protection. The test vectors for Cryptographic data security. The test vectors for the use
the use of Russian cryptographic algorithms in the IKEv2 of Russian cryptographic algorithms in the IKEv2 key
key exchange protocol", MR 26.2.002-22, 2022. (In exchange protocol", MR 26.2.002-22, 2022. (In Russian)
Russian)
[USING-GOST-IN-CERTS] [USING-GOST-IN-CERTS]
Federal Agency on Technical Regulating and Metrology, Federal Agency on Technical Regulating and Metrology,
"Information technology. Cryptographic data security. "Information technology. Cryptographic data security.
Using GOST R 34.10-2012 and GOST R 34.11-2012 algorithms Usage of GOST R 34.10-2012 and GOST R 34.11-2012
in X.509 Certificates, CRLs and PKCS #10 Certificate algorithms in certificate, CRL and PKCS#10 certificate
Requests", R 1323565.1.023-2018, 2018. (In Russian) request in X.509 public key infrastructure",
R 1323565.1.023-2018, 2018. (In Russian)
[GOST-EC-SECURITY] [GOST-EC-SECURITY]
Alekseev, E., Nikolaev, V., and S. Smyshlyaev, "On the Alekseev, E., Nikolaev, V., and S. Smyshlyaev, "On the
security properties of Russian standardized elliptic security properties of Russian standardized elliptic
curves", https://doi.org/10.4213/mvk260, 2018. curves", DOI 10.4213/mvk260, 2018,
<https://doi.org/10.4213/mvk260>.
[STREEBOG-SECURITY] [STREEBOG-SECURITY]
Wang, Z., Yu, H., and X. Wang, "Cryptanalysis of GOST R Wang, Z., Yu, H., and X. Wang, "Cryptanalysis of GOST R
hash hash function", DOI 10.1016/j.ipl.2014.07.007, December
function", https://doi.org/10.1016/j.ipl.2014.07.007, 2014, <https://doi.org/10.1016/j.ipl.2014.07.007>.
2014.
[STREEBOG-PREIMAGE] [STREEBOG-PREIMAGE]
Guo, J., Jean, J., Leurent, G., Peyrin, T., and L. Wang, Guo, J., Jean, J., Leurent, G., Peyrin, T., and L. Wang,
"The Usage of Counter Revisited: Second-Preimage Attack on "The Usage of Counter Revisited: Second-Preimage Attack on
New Russian Standardized Hash New Russian Standardized Hash Function", Cryptology ePrint
Function", https://eprint.iacr.org/2014/675, 2014. Archive, Paper 2014/675, 2014,
<https://eprint.iacr.org/2014/675>.
Appendix A. Test Vectors Appendix A. Test Vectors
This Appendix contains test vectors for two scenarios. The test This appendix contains test vectors for two scenarios. The test
vectors were borrowed from [GOST-IKEv2-TESTVECTORS]. In both vectors were borrowed from [GOST-IKEv2-TESTVECTORS]. In both
scenarios peers establish, rekey and delete IKE SA and ESP SAs. The scenarios, peers establish, rekey, and delete an IKE SA and ESP SAs.
IP addresses of the peers used in both scenarios are the same: The IP addresses of the peers used in both scenarios are the same:
* initiator's IP address is 10.111.10.171 * initiator's IP address is 10.111.10.171
* responder's IP address is 10.111.10.45 * responder's IP address is 10.111.10.45
The test vectors also cover IKE message protection for transforms The test vectors also cover IKE message protection for transforms
defined in [RFC9227]. The keys SK_ei, SK_er are transform keys (see defined in [RFC9227]. The keys SK_ei and SK_er are transform keys
Section 4.4 of [RFC9227]) and the keys K1i, K2i K3i, K1r, K2r, and (see Section 4.4 of [RFC9227]), and the keys K1i, K2i, K3i, K1r, K2r,
K3r represent nodes in the key tree for the initiator and responder and K3r represent nodes in the key tree for the initiator and
correspondently. The leaf keys K3i and K3r are effectively message responder correspondently. The leaf keys K3i and K3r are effectively
protection keys (K_msg in terms of [RFC9227]). MGM nonces (also message protection keys (K_msg in terms of [RFC9227]). MGM nonces
known as Initial Counter Nonces) are defined in Section 4.3 of (also known as Initial Counter Nonces) are defined in Section 4.3 of
[RFC9227]. IV format is defined in Section 4.2 of [RFC9227] and AAD [RFC9227]. The Initialization Vector (IV) format is defined in
Section 4.2 of [RFC9227], and the Additional Authenticated Data (AAD)
format is defined in Section 4.7 of [RFC9227]. format is defined in Section 4.7 of [RFC9227].
All other keys and entities used in the test vectors are defined in All other keys and entities used in the test vectors are defined in
[RFC7296]. [RFC7296].
A.1. Scenario 1 A.1. Scenario 1
With this scenario peers establish, rekey and delete IKE SA and ESP In this scenario, peers establish, rekey, and delete an IKE SA and
SAs using the following prerequisites: ESP SAs using the following prerequisites:
* Peers authenticate each other using preshared key * Peers authenticate each other using a Pre-Shared Key (PSK).
* Initiator's ID is "IKE-Initiator" of type ID_FQDN * Initiator's ID is "IKE-Initiator" of type ID_FQDN.
* Responder's ID is "IKE-Responder" of type ID_FQDN * Responder's ID is "IKE-Responder" of type ID_FQDN.
* No NAT is present between the peers * No NAT is present between the peers.
* IKE fragmentation is not used
* IKE fragmentation is not used.
* IKE SA is created with the following transforms: * IKE SA is created with the following transforms:
- ENCR_KUZNYECHIK_MGM_KTREE - ENCR_KUZNYECHIK_MGM_KTREE
- PRF_HMAC_STREEBOG_512 - PRF_HMAC_STREEBOG_512
- GOST3410_2012_512 - GOST3410_2012_512
* ESP SAs are created with the following transforms: * ESP SAs are created with the following transforms:
- ENCR_KUZNYECHIK_MGM_KTREE - ENCR_KUZNYECHIK_MGM_KTREE
- ESN off - ESN off
The 256-bit preshared key (PSK) used for authentication: The 256-bit PSK used for authentication:
00000000: e2 69 24 cf 15 32 93 47 3a 11 a4 97 a8 a4 5c b3 00000000: e2 69 24 cf 15 32 93 47 3a 11 a4 97 a8 a4 5c b3
00000010: 4e 28 31 ef 0e 28 bb 77 69 69 c6 3c 68 bf e1 0d 00000010: 4e 28 31 ef 0e 28 bb 77 69 69 c6 3c 68 bf e1 0d
This scenario includes four sub-scenarios. This scenario includes four sub-scenarios, which are described below.
Sub-scenario 1: Establishing of IKE and ESP SAs using the A.1.1. Sub-Scenario 1: Establishment of IKE and ESP SAs Using the
IKE_SA_INIT and the IKE_AUTH exchanges. IKE_SA_INIT and the IKE_AUTH Exchanges
Initiator Responder Initiator Responder
HDR, SAi1, KEi, Ni [,N+] ---> HDR, SAi1, KEi, Ni [,N+] --->
<--- HDR, SAr1, KEr, Nr [,N+] <--- HDR, SAr1, KEr, Nr [,N+]
HDR, SK {IDi, [IDr,] [N+,] HDR, SK {IDi, [IDr,] [N+,]
AUTH, SAi2, TSi, TSr} ---> AUTH, SAi2, TSi, TSr} --->
<--- HDR, SK {IDr, [N+,] <--- HDR, SK {IDr, [N+,]
AUTH, SAr2, TSi, TSr} AUTH, SAr2, TSi, TSr}
Initiator's actions: Initiator's actions:
(1) Generates random SPIi for IKE SA (1) Generates random SPIi for IKE SA
00000000: e9 d3 f3 78 19 1c 38 40 00000000: e9 d3 f3 78 19 1c 38 40
(2) Generates random IKE nonce Ni (2) Generates random IKE nonce Ni
00000000: 48 b6 d3 b3 ab 56 f2 c8 f0 42 d5 16 e7 21 d9 31 00000000: 48 b6 d3 b3 ab 56 f2 c8 f0 42 d5 16 e7 21 d9 31
skipping to change at page 19, line 4 skipping to change at line 836
(31) Composes MGM nonce (31) Composes MGM nonce
00000000: 00 00 00 00 83 00 37 c3 08 01 7e c3 0a 71 62 01 00000000: 00 00 00 00 83 00 37 c3 08 01 7e c3 0a 71 62 01
(32) Composes AAD (32) Composes AAD
00000000: e9 d3 f3 78 19 1c 38 40 8d df f4 01 fb fb 0b 14 00000000: e9 d3 f3 78 19 1c 38 40 8d df f4 01 fb fb 0b 14
00000010: 2e 20 23 08 00 00 00 01 00 00 01 4e 23 00 01 32 00000010: 2e 20 23 08 00 00 00 01 00 00 01 4e 23 00 01 32
(33) Composes plaintext (33) Composes plaintext
00000000: 27 00 00 15 02 00 00 00 49 4b 45 2d 49 6e 69 74 00000000: 27 00 00 15 02 00 00 00 49 4b 45 2d 49 6e 69 74
00000010: 69 61 74 6f 72 29 00 00 48 02 00 00 00 c9 9b 01 00000010: 69 61 74 6f 72 29 00 00 48 02 00 00 00 c9 9b 01
00000020: 9a 89 ee 56 53 ab 28 25 a1 d7 51 54 ac 01 42 fb 00000020: 9a 89 ee 56 53 ab 28 25 a1 d7 51 54 ac 01 42 fb
00000030: d6 2e bc 1e f3 65 73 63 5b 16 81 4b 97 38 b4 20 00000030: d6 2e bc 1e f3 65 73 63 5b 16 81 4b 97 38 b4 20
00000040: 5d 09 d9 b4 21 b4 0c f4 55 27 80 e7 4c cf 66 d0 00000040: 5d 09 d9 b4 21 b4 0c f4 55 27 80 e7 4c cf 66 d0
00000050: 14 25 87 7c 20 84 68 d5 79 3a 74 1e e3 29 00 00 00000050: 14 25 87 7c 20 84 68 d5 79 3a 74 1e e3 29 00 00
00000060: 08 00 00 40 00 2f 00 00 0c 00 00 40 01 00 00 00 00000060: 08 00 00 40 00 2f 00 00 0c 00 00 40 01 00 00 00
00000070: 04 21 00 00 10 01 00 00 00 00 01 00 00 00 03 00 00000070: 04 21 00 00 10 01 00 00 00 00 01 00 00 00 03 00
00000080: 00 2c 00 00 38 00 00 00 34 01 03 04 05 0a de 5f 00000080: 00 2c 00 00 38 00 00 00 34 01 03 04 05 0a de 5f
00000090: cd 03 00 00 08 01 00 00 20 03 00 00 08 01 00 00 00000090: cd 03 00 00 08 01 00 00 20 03 00 00 08 01 00 00
000000A0: 21 03 00 00 08 01 00 00 22 03 00 00 08 01 00 00 000000A0: 21 03 00 00 08 01 00 00 22 03 00 00 08 01 00 00
000000B0: 23 00 00 00 08 05 00 00 00 2d 00 00 28 02 00 00 000000B0: 23 00 00 00 08 05 00 00 00 2d 00 00 28 02 00 00
000000C0: 00 07 01 00 10 08 00 08 00 0a 6f 0a ab 0a 6f 0a 000000C0: 00 07 01 00 10 08 00 08 00 0a 6f 0a ab 0a 6f 0a
000000D0: ab 07 00 00 10 00 00 ff ff 00 00 00 00 ff ff ff 000000D0: ab 07 00 00 10 00 00 ff ff 00 00 00 00 ff ff ff
000000E0: ff 29 00 00 28 02 00 00 00 07 01 00 10 08 00 08 000000E0: ff 29 00 00 28 02 00 00 00 07 01 00 10 08 00 08
000000F0: 00 0a 00 00 02 0a 00 00 02 07 00 00 10 00 00 ff 000000F0: 00 0a 00 00 02 0a 00 00 02 07 00 00 10 00 00 ff
00000100: ff 0a 00 00 00 0a 00 00 ff 29 00 00 08 00 00 40 00000100: ff 0a 00 00 00 0a 00 00 ff 29 00 00 08 00 00 40
00000110: 0a 00 00 00 08 00 00 40 0b 00 00000110: 0a 00 00 00 08 00 00 40 0b 00
(34) Encrypts plaintext using K3i as K_msg, resulted in ciphertext (34) Encrypts plaintext using K3i as K_msg, resulting in ciphertext
00000000: a5 7d 65 70 aa c3 ef f7 df d6 5c 58 f6 2e ea 80 00000000: a5 7d 65 70 aa c3 ef f7 df d6 5c 58 f6 2e ea 80
00000010: 82 15 dc 9d ae 42 1c f0 4c e4 cd 2a 45 f0 22 96 00000010: 82 15 dc 9d ae 42 1c f0 4c e4 cd 2a 45 f0 22 96
00000020: ea d2 06 cc 9b 59 97 9e 45 5d 27 5f b4 fd 55 6a 00000020: ea d2 06 cc 9b 59 97 9e 45 5d 27 5f b4 fd 55 6a
00000030: 90 bb 14 da df 9f 56 b0 e8 4c 89 a5 d8 f1 f6 55 00000030: 90 bb 14 da df 9f 56 b0 e8 4c 89 a5 d8 f1 f6 55
00000040: a9 f0 82 90 57 28 86 a5 bd 12 85 2f 2e 51 54 29 00000040: a9 f0 82 90 57 28 86 a5 bd 12 85 2f 2e 51 54 29
00000050: fe 04 45 a4 90 f0 f8 0e 8b e9 c7 37 05 8f 6b bb 00000050: fe 04 45 a4 90 f0 f8 0e 8b e9 c7 37 05 8f 6b bb
00000060: 36 b0 24 8a 5f a3 ca f3 7e 7d f9 8e 73 4b b0 14 00000060: 36 b0 24 8a 5f a3 ca f3 7e 7d f9 8e 73 4b b0 14
00000070: ce b0 af 63 4c 4f ea 60 f6 46 4c 61 76 7c 9f 18 00000070: ce b0 af 63 4c 4f ea 60 f6 46 4c 61 76 7c 9f 18
00000080: 0c 61 73 fa 30 9f 91 c4 22 c9 ab 61 80 5a de 8e 00000080: 0c 61 73 fa 30 9f 91 c4 22 c9 ab 61 80 5a de 8e
skipping to change at page 22, line 36 skipping to change at line 1014
000000A0: 9f c1 de 51 11 7b f1 16 20 81 78 3f a8 01 d6 c8 000000A0: 9f c1 de 51 11 7b f1 16 20 81 78 3f a8 01 d6 c8
000000B0: 79 89 d9 65 3e ea 58 6d ac 48 fc 4a 9a b9 48 02 000000B0: 79 89 d9 65 3e ea 58 6d ac 48 fc 4a 9a b9 48 02
000000C0: d7 2b 01 5d 6a 2d cb 65 bb ad 99 86 e2 03 08 76 000000C0: d7 2b 01 5d 6a 2d cb 65 bb ad 99 86 e2 03 08 76
000000D0: 1b dd 7c 56 3c 49 a4 2c da 24 1f ad 54 79 f5 d8 000000D0: 1b dd 7c 56 3c 49 a4 2c da 24 1f ad 54 79 f5 d8
000000E0: 0e 52 8a 49 92 90 66 80 85 00 b7 d8 89 5f b7 f4 000000E0: 0e 52 8a 49 92 90 66 80 85 00 b7 d8 89 5f b7 f4
000000F0: 92 c1 5b ed 8a 16 00 f3 9a f8 90 4b fa 6a b2 de 000000F0: 92 c1 5b ed 8a 16 00 f3 9a f8 90 4b fa 6a b2 de
00000100: 2a 89 74 9f 99 c7 c3 57 88 5b 88 95 5c ec 46 52 00000100: 2a 89 74 9f 99 c7 c3 57 88 5b 88 95 5c ec 46 52
00000110: 04 c4 49 08 05 ab ee 1c 80 f6 00000110: 04 c4 49 08 05 ab ee 1c 80 f6
(53) Decrypts ciphertext and verifies ICV using K3i as K_msg, (53) Decrypts ciphertext and verifies ICV using K3i as K_msg,
resulted in plaintext resulting in plaintext
00000000: 27 00 00 15 02 00 00 00 49 4b 45 2d 49 6e 69 74 00000000: 27 00 00 15 02 00 00 00 49 4b 45 2d 49 6e 69 74
00000010: 69 61 74 6f 72 29 00 00 48 02 00 00 00 c9 9b 01 00000010: 69 61 74 6f 72 29 00 00 48 02 00 00 00 c9 9b 01
00000020: 9a 89 ee 56 53 ab 28 25 a1 d7 51 54 ac 01 42 fb 00000020: 9a 89 ee 56 53 ab 28 25 a1 d7 51 54 ac 01 42 fb
00000030: d6 2e bc 1e f3 65 73 63 5b 16 81 4b 97 38 b4 20 00000030: d6 2e bc 1e f3 65 73 63 5b 16 81 4b 97 38 b4 20
00000040: 5d 09 d9 b4 21 b4 0c f4 55 27 80 e7 4c cf 66 d0 00000040: 5d 09 d9 b4 21 b4 0c f4 55 27 80 e7 4c cf 66 d0
00000050: 14 25 87 7c 20 84 68 d5 79 3a 74 1e e3 29 00 00 00000050: 14 25 87 7c 20 84 68 d5 79 3a 74 1e e3 29 00 00
00000060: 08 00 00 40 00 2f 00 00 0c 00 00 40 01 00 00 00 00000060: 08 00 00 40 00 2f 00 00 0c 00 00 40 01 00 00 00
00000070: 04 21 00 00 10 01 00 00 00 00 01 00 00 00 03 00 00000070: 04 21 00 00 10 01 00 00 00 00 01 00 00 00 03 00
00000080: 00 2c 00 00 38 00 00 00 34 01 03 04 05 0a de 5f 00000080: 00 2c 00 00 38 00 00 00 34 01 03 04 05 0a de 5f
skipping to change at page 26, line 29 skipping to change at line 1185
00000060: 08 00 00 40 00 2f 00 00 0c 00 00 40 01 00 00 00 00000060: 08 00 00 40 00 2f 00 00 0c 00 00 40 01 00 00 00
00000070: 40 21 00 00 10 02 00 00 00 00 01 00 04 0a 01 01 00000070: 40 21 00 00 10 02 00 00 00 00 01 00 04 0a 01 01
00000080: 02 2c 00 00 20 00 00 00 1c 01 03 04 02 50 3c 8d 00000080: 02 2c 00 00 20 00 00 00 1c 01 03 04 02 50 3c 8d
00000090: af 03 00 00 08 01 00 00 20 00 00 00 08 05 00 00 00000090: af 03 00 00 08 01 00 00 20 00 00 00 08 05 00 00
000000A0: 00 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff 000000A0: 00 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff
000000B0: ff 0a 01 01 02 0a 01 01 02 29 00 00 18 01 00 00 000000B0: ff 0a 01 01 02 0a 01 01 02 29 00 00 18 01 00 00
000000C0: 00 07 00 00 10 00 00 ff ff 0a 00 00 00 0a 00 00 000000C0: 00 07 00 00 10 00 00 ff ff 0a 00 00 00 0a 00 00
000000D0: ff 29 00 00 08 00 00 40 02 29 00 00 08 00 00 40 000000D0: ff 29 00 00 08 00 00 40 02 29 00 00 08 00 00 40
000000E0: 0a 00 00 00 08 00 00 40 0b 00 000000E0: 0a 00 00 00 08 00 00 40 0b 00
(72) Encrypts plaintext using K3r as K_msg, resulted in ciphertext (72) Encrypts plaintext using K3r as K_msg, resulting in ciphertext
00000000: 9b 5d 58 8a 99 44 11 d6 5b 93 7f 98 57 0d 0f 09 00000000: 9b 5d 58 8a 99 44 11 d6 5b 93 7f 98 57 0d 0f 09
00000010: 0c a3 d9 36 41 b5 9c 91 94 17 3a cb 00 88 24 5e 00000010: 0c a3 d9 36 41 b5 9c 91 94 17 3a cb 00 88 24 5e
00000020: 25 b7 0d 75 2f fb 4d d0 ab 2c cc 84 42 e7 f8 1b 00000020: 25 b7 0d 75 2f fb 4d d0 ab 2c cc 84 42 e7 f8 1b
00000030: 5a e6 88 13 9a 3e b1 03 79 31 0c 69 f6 17 a2 40 00000030: 5a e6 88 13 9a 3e b1 03 79 31 0c 69 f6 17 a2 40
00000040: f8 aa 74 2e 62 29 ee 57 43 3f 10 bf 44 73 51 97 00000040: f8 aa 74 2e 62 29 ee 57 43 3f 10 bf 44 73 51 97
00000050: 2c 93 a4 02 87 3d 37 45 2c f1 3e 16 c3 d9 ec b3 00000050: 2c 93 a4 02 87 3d 37 45 2c f1 3e 16 c3 d9 ec b3
00000060: b8 6f 66 1a f1 73 44 7c db 74 11 e6 07 4a 75 23 00000060: b8 6f 66 1a f1 73 44 7c db 74 11 e6 07 4a 75 23
00000070: 83 df 00 52 ae 68 60 39 83 4c c3 b1 d5 7a e8 7f 00000070: 83 df 00 52 ae 68 60 39 83 4c c3 b1 d5 7a e8 7f
00000080: 61 59 9e 4f 92 3c 2f 04 3b c3 ac e7 23 3f 1c a7 00000080: 61 59 9e 4f 92 3c 2f 04 3b c3 ac e7 23 3f 1c a7
skipping to change at page 28, line 34 skipping to change at line 1287
00000070: 83 df 00 52 ae 68 60 39 83 4c c3 b1 d5 7a e8 7f 00000070: 83 df 00 52 ae 68 60 39 83 4c c3 b1 d5 7a e8 7f
00000080: 61 59 9e 4f 92 3c 2f 04 3b c3 ac e7 23 3f 1c a7 00000080: 61 59 9e 4f 92 3c 2f 04 3b c3 ac e7 23 3f 1c a7
00000090: a5 3f 4d 33 1f 46 25 9f 09 5e f4 75 e0 12 32 5b 00000090: a5 3f 4d 33 1f 46 25 9f 09 5e f4 75 e0 12 32 5b
000000A0: 29 64 a4 40 1a b5 c9 cd 9e 8f 91 cc 5b 7d 14 15 000000A0: 29 64 a4 40 1a b5 c9 cd 9e 8f 91 cc 5b 7d 14 15
000000B0: d0 89 70 e0 c6 d8 e4 e0 93 ff 02 4c 69 db ab 84 000000B0: d0 89 70 e0 c6 d8 e4 e0 93 ff 02 4c 69 db ab 84
000000C0: d6 8f b9 f9 ed 07 aa 96 29 2a 50 c2 c4 b6 e5 cb 000000C0: d6 8f b9 f9 ed 07 aa 96 29 2a 50 c2 c4 b6 e5 cb
000000D0: 8e 16 33 7a 20 a4 3b 0e f2 53 9b b1 63 c0 46 4b 000000D0: 8e 16 33 7a 20 a4 3b 0e f2 53 9b b1 63 c0 46 4b
000000E0: d9 31 a8 98 f5 17 8a ff 0a c0 000000E0: d9 31 a8 98 f5 17 8a ff 0a c0
(84) Decrypts ciphertext and verifies ICV using K3r as K_msg, (84) Decrypts ciphertext and verifies ICV using K3r as K_msg,
resulted in plaintext resulting in plaintext
00000000: 27 00 00 15 02 00 00 00 49 4b 45 2d 52 65 73 70 00000000: 27 00 00 15 02 00 00 00 49 4b 45 2d 52 65 73 70
00000010: 6f 6e 64 65 72 29 00 00 48 02 00 00 00 35 ce 8a 00000010: 6f 6e 64 65 72 29 00 00 48 02 00 00 00 35 ce 8a
00000020: ab dd 3d b1 5f 38 7b 2e c9 a6 24 7a 1f a7 bb a0 00000020: ab dd 3d b1 5f 38 7b 2e c9 a6 24 7a 1f a7 bb a0
00000030: 6f b6 5e d8 81 07 d3 43 c8 a5 db 37 51 0e 9d 9a 00000030: 6f b6 5e d8 81 07 d3 43 c8 a5 db 37 51 0e 9d 9a
00000040: 85 66 18 7a 0f 5c e2 1b fb 27 56 65 ed 0e 41 fe 00000040: 85 66 18 7a 0f 5c e2 1b fb 27 56 65 ed 0e 41 fe
00000050: ce 5e 95 bf 8a ae 57 f6 d6 26 d2 d1 2d 29 00 00 00000050: ce 5e 95 bf 8a ae 57 f6 d6 26 d2 d1 2d 29 00 00
00000060: 08 00 00 40 00 2f 00 00 0c 00 00 40 01 00 00 00 00000060: 08 00 00 40 00 2f 00 00 0c 00 00 40 01 00 00 00
00000070: 40 21 00 00 10 02 00 00 00 00 01 00 04 0a 01 01 00000070: 40 21 00 00 10 02 00 00 00 00 01 00 04 0a 01 01
00000080: 02 2c 00 00 20 00 00 00 1c 01 03 04 02 50 3c 8d 00000080: 02 2c 00 00 20 00 00 00 1c 01 03 04 02 50 3c 8d
skipping to change at page 30, line 4 skipping to change at line 1353
(89) Computes content of AUTH payload and compares it with the (89) Computes content of AUTH payload and compares it with the
received one received one
00000000: 35 ce 8a ab dd 3d b1 5f 38 7b 2e c9 a6 24 7a 1f 00000000: 35 ce 8a ab dd 3d b1 5f 38 7b 2e c9 a6 24 7a 1f
00000010: a7 bb a0 6f b6 5e d8 81 07 d3 43 c8 a5 db 37 51 00000010: a7 bb a0 6f b6 5e d8 81 07 d3 43 c8 a5 db 37 51
00000020: 0e 9d 9a 85 66 18 7a 0f 5c e2 1b fb 27 56 65 ed 00000020: 0e 9d 9a 85 66 18 7a 0f 5c e2 1b fb 27 56 65 ed
00000030: 0e 41 fe ce 5e 95 bf 8a ae 57 f6 d6 26 d2 d1 2d 00000030: 0e 41 fe ce 5e 95 bf 8a ae 57 f6 d6 26 d2 d1 2d
(90) Computes keys for ESP SAs (90) Computes keys for ESP SAs
00000000: ff 42 3b a3 78 29 2b 10 52 c8 bf 06 fa ba 6d 5f 00000000: ff 42 3b a3 78 29 2b 10 52 c8 bf 06 fa ba 6d 5f
00000010: e2 db 51 1b 74 1b 54 ad 35 85 e3 cf 2b 77 52 42 00000010: e2 db 51 1b 74 1b 54 ad 35 85 e3 cf 2b 77 52 42
00000020: bc 8c d8 ba dd f4 46 9e 89 41 5c d6 00000020: bc 8c d8 ba dd f4 46 9e 89 41 5c d6
00000000: 8c eb 84 af 18 01 18 36 b7 8d 65 be 03 ca 69 64 00000000: 8c eb 84 af 18 01 18 36 b7 8d 65 be 03 ca 69 64
00000010: 89 6e a8 91 03 bc 9a dc bd 49 10 ab 20 83 9f 83 00000010: 89 6e a8 91 03 bc 9a dc bd 49 10 ab 20 83 9f 83
00000020: b1 7c 45 9d ab d8 ab 6f de 6a 62 d1 00000020: b1 7c 45 9d ab d8 ab 6f de 6a 62 d1
Sub-scenario 2: IKE SA rekeying using the CREATE_CHILD_SA exchange. A.1.2. Sub-Scenario 2: IKE SA Rekeying Using the CREATE_CHILD_SA
Exchange
Initiator Responder Initiator Responder
HDR, SK {SAi, Ni, KEi [,N+]} ---> HDR, SK {SAi, Ni, KEi [,N+]} --->
<--- HDR, SK {SAr, Nr, KEr [,N+]} <--- HDR, SK {SAr, Nr, KEr [,N+]}
Initiator's actions: Initiator's actions:
(1) Generates random SPIi for new IKE SA (1) Generates random SPIi for new IKE SA
00000000: 43 87 64 8d 6c 9e 28 ff 00000000: 43 87 64 8d 6c 9e 28 ff
(2) Generates random IKE nonce Ni (2) Generates random IKE nonce Ni
00000000: 6c 83 67 41 1b 45 94 1d 79 94 51 2d 3f 7d 1e ce 00000000: 6c 83 67 41 1b 45 94 1d 79 94 51 2d 3f 7d 1e ce
skipping to change at page 31, line 48 skipping to change at line 1444
00000060: e9 9d a9 11 c3 12 f6 df f6 ae 99 38 55 20 1f 83 00000060: e9 9d a9 11 c3 12 f6 df f6 ae 99 38 55 20 1f 83
00000070: c8 28 ed 14 f9 68 88 77 ac 78 36 41 7a d7 93 a7 00000070: c8 28 ed 14 f9 68 88 77 ac 78 36 41 7a d7 93 a7
00000080: ee 4c 6a d7 f2 50 24 f5 a8 7b 03 28 22 9f a4 66 00000080: ee 4c 6a d7 f2 50 24 f5 a8 7b 03 28 22 9f a4 66
00000090: 11 20 57 64 56 7c 36 3c 72 c7 91 0a 1c fd 64 54 00000090: 11 20 57 64 56 7c 36 3c 72 c7 91 0a 1c fd 64 54
000000A0: f1 17 97 6a 35 48 dc 8f 85 97 20 12 2f 35 55 58 000000A0: f1 17 97 6a 35 48 dc 8f 85 97 20 12 2f 35 55 58
000000B0: 9b ca 7a 84 f3 01 cf ca 78 e7 41 87 d3 3f 0f 2b 000000B0: 9b ca 7a 84 f3 01 cf ca 78 e7 41 87 d3 3f 0f 2b
000000C0: 6d 78 59 ad f2 f2 c2 97 db 0b 75 6e 00 38 a2 72 000000C0: 6d 78 59 ad f2 f2 c2 97 db 0b 75 6e 00 38 a2 72
000000D0: 8d 17 6b 44 f9 8b 95 66 00 00 00 0c 00 00 40 01 000000D0: 8d 17 6b 44 f9 8b 95 66 00 00 00 0c 00 00 40 01
000000E0: 00 00 00 04 00 000000E0: 00 00 00 04 00
(10) Encrypts plaintext using K3i as K_msg, resulted in ciphertext (10) Encrypts plaintext using K3i as K_msg, resulting in ciphertext
00000000: 00 16 cf 92 8a 87 4c 02 79 31 04 22 c3 d9 5f fd 00000000: 00 16 cf 92 8a 87 4c 02 79 31 04 22 c3 d9 5f fd
00000010: 5a 19 23 62 25 d1 99 c2 af 75 4d f1 3c ac c0 c1 00000010: 5a 19 23 62 25 d1 99 c2 af 75 4d f1 3c ac c0 c1
00000020: c7 db d0 fd 93 ac 6d 25 b4 19 01 e6 df e8 51 c2 00000020: c7 db d0 fd 93 ac 6d 25 b4 19 01 e6 df e8 51 c2
00000030: 88 a9 8a 26 92 98 ec ce c1 2f cf ca ce 9b 5a 6d 00000030: 88 a9 8a 26 92 98 ec ce c1 2f cf ca ce 9b 5a 6d
00000040: 4c 8b cf 97 63 5a a3 e6 46 49 0f 1f 05 54 00 49 00000040: 4c 8b cf 97 63 5a a3 e6 46 49 0f 1f 05 54 00 49
00000050: 6b d8 14 f4 e2 ee b3 66 2a 13 9b dd 63 53 7a 82 00000050: 6b d8 14 f4 e2 ee b3 66 2a 13 9b dd 63 53 7a 82
00000060: 2a d8 bf 48 aa db 79 21 d3 d8 ac b1 ac 8f 9b 41 00000060: 2a d8 bf 48 aa db 79 21 d3 d8 ac b1 ac 8f 9b 41
00000070: a7 49 81 95 d7 54 46 e2 00 9b 17 3a ab 9a 4c 8f 00000070: a7 49 81 95 d7 54 46 e2 00 9b 17 3a ab 9a 4c 8f
00000080: 19 9e ac 61 cc f6 02 47 a1 7e f4 48 5b e7 3c a7 00000080: 19 9e ac 61 cc f6 02 47 a1 7e f4 48 5b e7 3c a7
00000090: 53 dc 03 9e ea 5f c4 99 60 6e db 6a 21 fe 7c 7b 00000090: 53 dc 03 9e ea 5f c4 99 60 6e db 6a 21 fe 7c 7b
skipping to change at page 33, line 46 skipping to change at line 1536
00000070: a7 49 81 95 d7 54 46 e2 00 9b 17 3a ab 9a 4c 8f 00000070: a7 49 81 95 d7 54 46 e2 00 9b 17 3a ab 9a 4c 8f
00000080: 19 9e ac 61 cc f6 02 47 a1 7e f4 48 5b e7 3c a7 00000080: 19 9e ac 61 cc f6 02 47 a1 7e f4 48 5b e7 3c a7
00000090: 53 dc 03 9e ea 5f c4 99 60 6e db 6a 21 fe 7c 7b 00000090: 53 dc 03 9e ea 5f c4 99 60 6e db 6a 21 fe 7c 7b
000000A0: 11 ed bf 44 59 73 fa 65 01 98 e4 e6 10 63 87 27 000000A0: 11 ed bf 44 59 73 fa 65 01 98 e4 e6 10 63 87 27
000000B0: 8b f0 8c bb 94 52 dd 97 ee dc ce 88 c4 45 b4 16 000000B0: 8b f0 8c bb 94 52 dd 97 ee dc ce 88 c4 45 b4 16
000000C0: f2 8b d4 74 cb 46 38 57 f4 44 88 23 44 06 d9 91 000000C0: f2 8b d4 74 cb 46 38 57 f4 44 88 23 44 06 d9 91
000000D0: 00 ea 81 2c e7 f6 66 0f a8 45 0f 1d 8c 2d f1 02 000000D0: 00 ea 81 2c e7 f6 66 0f a8 45 0f 1d 8c 2d f1 02
000000E0: a2 06 78 c7 e0 000000E0: a2 06 78 c7 e0
(20) Decrypts ciphertext and verifies ICV using K3i as K_msg, (20) Decrypts ciphertext and verifies ICV using K3i as K_msg,
resulted in plaintext resulting in plaintext
00000000: 28 00 00 2c 00 00 00 28 01 01 08 03 43 87 64 8d 00000000: 28 00 00 2c 00 00 00 28 01 01 08 03 43 87 64 8d
00000010: 6c 9e 28 ff 03 00 00 08 01 00 00 20 03 00 00 08 00000010: 6c 9e 28 ff 03 00 00 08 01 00 00 20 03 00 00 08
00000020: 02 00 00 09 00 00 00 08 04 00 00 22 22 00 00 24 00000020: 02 00 00 09 00 00 00 08 04 00 00 22 22 00 00 24
00000030: 6c 83 67 41 1b 45 94 1d 79 94 51 2d 3f 7d 1e ce 00000030: 6c 83 67 41 1b 45 94 1d 79 94 51 2d 3f 7d 1e ce
00000040: 06 76 a6 09 cc a9 3a 8f f8 17 81 ff 28 08 5a 4c 00000040: 06 76 a6 09 cc a9 3a 8f f8 17 81 ff 28 08 5a 4c
00000050: 29 00 00 88 00 22 00 00 04 db 0b d3 9a ac 83 f3 00000050: 29 00 00 88 00 22 00 00 04 db 0b d3 9a ac 83 f3
00000060: e9 9d a9 11 c3 12 f6 df f6 ae 99 38 55 20 1f 83 00000060: e9 9d a9 11 c3 12 f6 df f6 ae 99 38 55 20 1f 83
00000070: c8 28 ed 14 f9 68 88 77 ac 78 36 41 7a d7 93 a7 00000070: c8 28 ed 14 f9 68 88 77 ac 78 36 41 7a d7 93 a7
00000080: ee 4c 6a d7 f2 50 24 f5 a8 7b 03 28 22 9f a4 66 00000080: ee 4c 6a d7 f2 50 24 f5 a8 7b 03 28 22 9f a4 66
skipping to change at page 36, line 48 skipping to change at line 1674
00000060: 58 c2 39 58 63 2d 50 20 bf 69 c0 1d a6 de d4 4d 00000060: 58 c2 39 58 63 2d 50 20 bf 69 c0 1d a6 de d4 4d
00000070: 65 aa 26 c6 8f 9f e9 e9 4b bb da 1d 2f d3 60 2d 00000070: 65 aa 26 c6 8f 9f e9 e9 4b bb da 1d 2f d3 60 2d
00000080: 18 33 04 9b b2 25 a6 07 ac 58 1b fc 3c 5b 1e f3 00000080: 18 33 04 9b b2 25 a6 07 ac 58 1b fc 3c 5b 1e f3
00000090: 4b c0 f9 cb 90 14 c6 80 6e c3 73 c1 4a f7 5c 27 00000090: 4b c0 f9 cb 90 14 c6 80 6e c3 73 c1 4a f7 5c 27
000000A0: dd 2a e1 ba 94 9c f7 06 68 92 19 8e 85 67 f9 d2 000000A0: dd 2a e1 ba 94 9c f7 06 68 92 19 8e 85 67 f9 d2
000000B0: d1 ea 3c 16 16 b9 3f 0c 8b 2d 2e d6 20 14 7e 27 000000B0: d1 ea 3c 16 16 b9 3f 0c 8b 2d 2e d6 20 14 7e 27
000000C0: 18 d3 23 9e 2a 99 41 40 6a 41 c5 3f 79 9c a7 22 000000C0: 18 d3 23 9e 2a 99 41 40 6a 41 c5 3f 79 9c a7 22
000000D0: 79 15 98 1d 98 b5 ac 4a 00 00 00 0c 00 00 40 01 000000D0: 79 15 98 1d 98 b5 ac 4a 00 00 00 0c 00 00 40 01
000000E0: 00 00 00 40 00 000000E0: 00 00 00 40 00
(36) Encrypts plaintext using K3r as K_msg, resulted in ciphertext (36) Encrypts plaintext using K3r as K_msg, resulting in ciphertext
00000000: fd ee 4c 8f 78 ff b6 0c fc 65 bb ef db 53 56 a2 00000000: fd ee 4c 8f 78 ff b6 0c fc 65 bb ef db 53 56 a2
00000010: d3 2d 4f 59 ff 28 38 eb 76 0b 40 5e 8d 52 e8 c1 00000010: d3 2d 4f 59 ff 28 38 eb 76 0b 40 5e 8d 52 e8 c1
00000020: b9 75 22 b4 bb 71 8f 16 3a 97 0e 4d 95 ef bc 84 00000020: b9 75 22 b4 bb 71 8f 16 3a 97 0e 4d 95 ef bc 84
00000030: 46 c6 77 1e 4b 14 73 46 89 ed d4 b4 54 a2 64 19 00000030: 46 c6 77 1e 4b 14 73 46 89 ed d4 b4 54 a2 64 19
00000040: 67 b2 98 7e 8b d4 45 31 17 1e e4 ae f4 24 44 42 00000040: 67 b2 98 7e 8b d4 45 31 17 1e e4 ae f4 24 44 42
00000050: dd 55 a0 49 fe 08 59 d0 a1 16 69 60 8a 8e 54 d2 00000050: dd 55 a0 49 fe 08 59 d0 a1 16 69 60 8a 8e 54 d2
00000060: 02 6d ae 17 5f 32 bf 14 78 f0 86 47 26 bf fb 6b 00000060: 02 6d ae 17 5f 32 bf 14 78 f0 86 47 26 bf fb 6b
00000070: 7c 17 f7 f5 62 b6 d6 a0 e5 f3 c2 af b5 28 ee d0 00000070: 7c 17 f7 f5 62 b6 d6 a0 e5 f3 c2 af b5 28 ee d0
00000080: 9b 22 8c e6 d0 58 4d 48 18 6d dd 3e 4e 33 66 ac 00000080: 9b 22 8c e6 d0 58 4d 48 18 6d dd 3e 4e 33 66 ac
00000090: a2 29 1f 3b 62 4a e6 4a 8c 98 18 8b 21 73 a5 88 00000090: a2 29 1f 3b 62 4a e6 4a 8c 98 18 8b 21 73 a5 88
skipping to change at page 38, line 46 skipping to change at line 1766
00000070: 7c 17 f7 f5 62 b6 d6 a0 e5 f3 c2 af b5 28 ee d0 00000070: 7c 17 f7 f5 62 b6 d6 a0 e5 f3 c2 af b5 28 ee d0
00000080: 9b 22 8c e6 d0 58 4d 48 18 6d dd 3e 4e 33 66 ac 00000080: 9b 22 8c e6 d0 58 4d 48 18 6d dd 3e 4e 33 66 ac
00000090: a2 29 1f 3b 62 4a e6 4a 8c 98 18 8b 21 73 a5 88 00000090: a2 29 1f 3b 62 4a e6 4a 8c 98 18 8b 21 73 a5 88
000000A0: 49 09 3b 27 88 20 40 6b a5 fc 08 37 c7 ac c9 0f 000000A0: 49 09 3b 27 88 20 40 6b a5 fc 08 37 c7 ac c9 0f
000000B0: 5d 69 87 7c 37 c8 c7 fd d8 72 6d ad ac 22 27 ca 000000B0: 5d 69 87 7c 37 c8 c7 fd d8 72 6d ad ac 22 27 ca
000000C0: 93 d6 bd 6a 55 2a 1a 8b 2e 84 b4 0a 35 d3 ac d5 000000C0: 93 d6 bd 6a 55 2a 1a 8b 2e 84 b4 0a 35 d3 ac d5
000000D0: 99 c9 ac d5 6f 03 94 bf ca f5 53 e5 a5 74 57 de 000000D0: 99 c9 ac d5 6f 03 94 bf ca f5 53 e5 a5 74 57 de
000000E0: 6a 5a 26 b8 e4 000000E0: 6a 5a 26 b8 e4
(46) Decrypts ciphertext and verifies ICV using K3r as K_msg, (46) Decrypts ciphertext and verifies ICV using K3r as K_msg,
resulted in plaintext resulting in plaintext
00000000: 28 00 00 2c 00 00 00 28 01 01 08 03 82 d9 fa f8 00000000: 28 00 00 2c 00 00 00 28 01 01 08 03 82 d9 fa f8
00000010: 74 49 b9 36 03 00 00 08 01 00 00 20 03 00 00 08 00000010: 74 49 b9 36 03 00 00 08 01 00 00 20 03 00 00 08
00000020: 02 00 00 09 00 00 00 08 04 00 00 22 22 00 00 24 00000020: 02 00 00 09 00 00 00 08 04 00 00 22 22 00 00 24
00000030: 5a 2d d2 68 c6 85 5d 32 d4 7b 0b 8e ae 7d c9 81 00000030: 5a 2d d2 68 c6 85 5d 32 d4 7b 0b 8e ae 7d c9 81
00000040: be 3e 69 c1 bb f5 ae 89 55 59 c7 48 bc 96 43 7b 00000040: be 3e 69 c1 bb f5 ae 89 55 59 c7 48 bc 96 43 7b
00000050: 29 00 00 88 00 22 00 00 b9 f9 27 a8 96 70 7a 03 00000050: 29 00 00 88 00 22 00 00 b9 f9 27 a8 96 70 7a 03
00000060: 58 c2 39 58 63 2d 50 20 bf 69 c0 1d a6 de d4 4d 00000060: 58 c2 39 58 63 2d 50 20 bf 69 c0 1d a6 de d4 4d
00000070: 65 aa 26 c6 8f 9f e9 e9 4b bb da 1d 2f d3 60 2d 00000070: 65 aa 26 c6 8f 9f e9 e9 4b bb da 1d 2f d3 60 2d
00000080: 18 33 04 9b b2 25 a6 07 ac 58 1b fc 3c 5b 1e f3 00000080: 18 33 04 9b b2 25 a6 07 ac 58 1b fc 3c 5b 1e f3
skipping to change at page 40, line 4 skipping to change at line 1813
00000030: eb 5e 79 fa 0e 62 9e bc af ca e4 ee 7a 81 3a 84 00000030: eb 5e 79 fa 0e 62 9e bc af ca e4 ee 7a 81 3a 84
(49) Computes SKEYSEED for new SA (49) Computes SKEYSEED for new SA
00000000: ec 5f 4f 15 ce d7 7d 2f 12 fb a1 df 5f 44 aa 88 00000000: ec 5f 4f 15 ce d7 7d 2f 12 fb a1 df 5f 44 aa 88
00000010: 6a ef 45 e4 04 97 86 95 15 1b 3c ac 31 cc 57 a3 00000010: 6a ef 45 e4 04 97 86 95 15 1b 3c ac 31 cc 57 a3
00000020: f0 f4 92 89 33 00 76 2b e9 fd 8b c2 ed 8b e7 36 00000020: f0 f4 92 89 33 00 76 2b e9 fd 8b c2 ed 8b e7 36
00000030: cb 17 59 55 9e cc 22 14 72 a5 79 27 27 1d 06 62 00000030: cb 17 59 55 9e cc 22 14 72 a5 79 27 27 1d 06 62
(50) Computes SK_d for new SA (50) Computes SK_d for new SA
00000000: 08 58 14 7d eb c9 41 7f 7f a2 86 66 bf d4 76 37 00000000: 08 58 14 7d eb c9 41 7f 7f a2 86 66 bf d4 76 37
00000010: 04 27 4e bc 5d 63 f7 07 79 62 69 7a 69 3c da 7a 00000010: 04 27 4e bc 5d 63 f7 07 79 62 69 7a 69 3c da 7a
00000020: d5 4d 6f 08 1e 14 51 66 2f 94 0d bd 29 45 9c b0 00000020: d5 4d 6f 08 1e 14 51 66 2f 94 0d bd 29 45 9c b0
00000030: 51 26 09 4b 47 52 ba 19 98 a5 c2 65 af 84 a1 34 00000030: 51 26 09 4b 47 52 ba 19 98 a5 c2 65 af 84 a1 34
(51) Computes SK_ei for new SA (51) Computes SK_ei for new SA
00000000: 18 0a 4f 98 7d a4 21 6c 68 84 94 1f d9 28 49 b9 00000000: 18 0a 4f 98 7d a4 21 6c 68 84 94 1f d9 28 49 b9
00000010: 05 30 f8 aa 43 02 7e 0d aa d3 27 e9 8c 9a 39 9a 00000010: 05 30 f8 aa 43 02 7e 0d aa d3 27 e9 8c 9a 39 9a
00000020: 03 a0 05 b7 b2 2d f9 90 bb 6c ff ca 00000020: 03 a0 05 b7 b2 2d f9 90 bb 6c ff ca
(52) Computes SK_er for new SA (52) Computes SK_er for new SA
00000000: 47 dc aa 71 4a 8b 66 13 d8 09 79 c7 8c 72 0a 78 00000000: 47 dc aa 71 4a 8b 66 13 d8 09 79 c7 8c 72 0a 78
00000010: 06 48 6d 4f 1f 53 3a 91 1d b7 2c 86 f5 f1 4e 00 00000010: 06 48 6d 4f 1f 53 3a 91 1d b7 2c 86 f5 f1 4e 00
00000020: 84 57 87 2b 38 70 63 27 8c dd 88 78 00000020: 84 57 87 2b 38 70 63 27 8c dd 88 78
Sub-scenario 3: ESP SAs rekeying with PFS using the CREATE_CHILD_SA A.1.3. Sub-Scenario 3: ESP SAs Rekeying with PFS Using the
exchange. CREATE_CHILD_SA Exchange
Initiator Responder Initiator Responder
HDR, SK {N(REKEY_SA), SAi, Ni, HDR, SK {N(REKEY_SA), SAi, Ni,
KEi, TSi, TSr [,N+]} ---> KEi, TSi, TSr [,N+]} --->
<--- HDR, SK {SAr, Nr, <--- HDR, SK {SAr, Nr,
KEr, TSi, TSr [,N+]} KEr, TSi, TSr [,N+]}
Initiator's actions: Initiator's actions:
(1) Generates random IKE nonce Ni (1) Generates random IKE nonce Ni
00000000: 59 52 b2 58 00 b7 d3 f9 c3 31 23 16 6f c2 d1 d7 00000000: 59 52 b2 58 00 b7 d3 f9 c3 31 23 16 6f c2 d1 d7
00000010: 07 8b 99 fb 24 cf 24 30 a3 ce a6 fe d3 0f 20 9b 00000010: 07 8b 99 fb 24 cf 24 30 a3 ce a6 fe d3 0f 20 9b
(2) Generates ephemeral private key (2) Generates ephemeral private key
skipping to change at page 42, line 33 skipping to change at line 1934
000000A0: b8 c6 66 36 e5 eb a0 43 c2 56 fa 52 f9 99 b6 95 000000A0: b8 c6 66 36 e5 eb a0 43 c2 56 fa 52 f9 99 b6 95
000000B0: 34 4c cd 49 1f c7 83 9e d7 d9 ca e3 a5 d0 3c aa 000000B0: 34 4c cd 49 1f c7 83 9e d7 d9 ca e3 a5 d0 3c aa
000000C0: e8 ee ed 2c dd 5c 81 49 ab 3c d4 fa 15 4e 29 5f 000000C0: e8 ee ed 2c dd 5c 81 49 ab 3c d4 fa 15 4e 29 5f
000000D0: 7c cd b2 f1 c1 d2 6f 8f a7 74 4d 6a d8 8a c3 60 000000D0: 7c cd b2 f1 c1 d2 6f 8f a7 74 4d 6a d8 8a c3 60
000000E0: 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff 000000E0: 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff
000000F0: 0a 01 01 02 0a 01 01 02 29 00 00 18 01 00 00 00 000000F0: 0a 01 01 02 0a 01 01 02 29 00 00 18 01 00 00 00
00000100: 07 00 00 10 00 00 ff ff 0a 00 00 00 0a 00 00 ff 00000100: 07 00 00 10 00 00 ff ff 0a 00 00 00 0a 00 00 ff
00000110: 29 00 00 08 00 00 40 0a 00 00 00 08 00 00 40 0b 00000110: 29 00 00 08 00 00 40 0a 00 00 00 08 00 00 40 0b
00000120: 00 00000120: 00
(12) Encrypts plaintext using K3i as K_msg, resulted in ciphertext (12) Encrypts plaintext using K3i as K_msg, resulting in ciphertext
00000000: 00 9b 13 cb cb f1 18 53 fc 81 2e 75 c3 03 e0 ca 00000000: 00 9b 13 cb cb f1 18 53 fc 81 2e 75 c3 03 e0 ca
00000010: 55 c1 fb 55 c0 29 40 48 fc 20 f4 a8 51 5b 97 6b 00000010: 55 c1 fb 55 c0 29 40 48 fc 20 f4 a8 51 5b 97 6b
00000020: c6 07 4c 7d 45 54 51 0f 18 7f 43 a4 df 4b e8 e3 00000020: c6 07 4c 7d 45 54 51 0f 18 7f 43 a4 df 4b e8 e3
00000030: b4 eb 68 24 4b f0 1c df 8f 1e a2 21 31 02 29 68 00000030: b4 eb 68 24 4b f0 1c df 8f 1e a2 21 31 02 29 68
00000040: 38 4d 68 fd 42 66 34 3e 82 46 f0 17 02 bf 65 19 00000040: 38 4d 68 fd 42 66 34 3e 82 46 f0 17 02 bf 65 19
00000050: b0 f7 09 62 0d 12 6a 7e ad 76 57 0d 19 55 cf 01 00000050: b0 f7 09 62 0d 12 6a 7e ad 76 57 0d 19 55 cf 01
00000060: 89 9c 7e f5 5a fa 20 4f 8c 6d a4 83 b9 94 ad 4e 00000060: 89 9c 7e f5 5a fa 20 4f 8c 6d a4 83 b9 94 ad 4e
00000070: 2a 46 08 5a 58 a1 4b 8e 53 2b a4 e6 3b fc 33 de 00000070: 2a 46 08 5a 58 a1 4b 8e 53 2b a4 e6 3b fc 33 de
00000080: cf cb ee 50 6d a1 9f e4 94 06 19 39 39 6b 7e 4b 00000080: cf cb ee 50 6d a1 9f e4 94 06 19 39 39 6b 7e 4b
00000090: 83 f7 07 c0 bb 15 21 8d 8f 2d 5f 6c f6 97 68 21 00000090: 83 f7 07 c0 bb 15 21 8d 8f 2d 5f 6c f6 97 68 21
skipping to change at page 45, line 38 skipping to change at line 2048
000000B0: a3 0f f8 e2 0a 62 e8 f5 98 df bc f0 02 6a 3f 47 000000B0: a3 0f f8 e2 0a 62 e8 f5 98 df bc f0 02 6a 3f 47
000000C0: c4 f0 24 a4 80 95 bf cf 32 5a a5 22 3c a5 a8 f1 000000C0: c4 f0 24 a4 80 95 bf cf 32 5a a5 22 3c a5 a8 f1
000000D0: 57 d6 3b b8 06 1c b6 d7 c7 b3 58 e7 ee 69 eb 31 000000D0: 57 d6 3b b8 06 1c b6 d7 c7 b3 58 e7 ee 69 eb 31
000000E0: d6 09 db 8b 8a 1d 2b a1 f7 46 e5 b9 99 13 73 30 000000E0: d6 09 db 8b 8a 1d 2b a1 f7 46 e5 b9 99 13 73 30
000000F0: 1f ed 0c 82 4b cc ce 5e 25 79 1b ff 8b ca f0 b2 000000F0: 1f ed 0c 82 4b cc ce 5e 25 79 1b ff 8b ca f0 b2
00000100: 1e 7e 70 03 66 c7 7b 6c 10 92 f2 34 b6 e9 ce bb 00000100: 1e 7e 70 03 66 c7 7b 6c 10 92 f2 34 b6 e9 ce bb
00000110: 65 ce d4 b5 99 f3 70 78 5f 06 f4 fe 0a 3c 00 28 00000110: 65 ce d4 b5 99 f3 70 78 5f 06 f4 fe 0a 3c 00 28
00000120: 68 00000120: 68
(24) Decrypts ciphertext and verifies ICV using K3i as K_msg, (24) Decrypts ciphertext and verifies ICV using K3i as K_msg,
resulted in plaintext resulting in plaintext
00000000: 21 00 00 0c 03 04 40 09 0a de 5f cd 28 00 00 28 00000000: 21 00 00 0c 03 04 40 09 0a de 5f cd 28 00 00 28
00000010: 00 00 00 24 01 03 04 03 a4 fe 65 a1 03 00 00 08 00000010: 00 00 00 24 01 03 04 03 a4 fe 65 a1 03 00 00 08
00000020: 01 00 00 20 03 00 00 08 04 00 00 22 00 00 00 08 00000020: 01 00 00 20 03 00 00 08 04 00 00 22 00 00 00 08
00000030: 05 00 00 00 22 00 00 24 59 52 b2 58 00 b7 d3 f9 00000030: 05 00 00 00 22 00 00 24 59 52 b2 58 00 b7 d3 f9
00000040: c3 31 23 16 6f c2 d1 d7 07 8b 99 fb 24 cf 24 30 00000040: c3 31 23 16 6f c2 d1 d7 07 8b 99 fb 24 cf 24 30
00000050: a3 ce a6 fe d3 0f 20 9b 2c 00 00 88 00 22 00 00 00000050: a3 ce a6 fe d3 0f 20 9b 2c 00 00 88 00 22 00 00
00000060: 1c 55 08 b9 01 f5 76 6a 01 27 97 2d 38 b1 4a 5c 00000060: 1c 55 08 b9 01 f5 76 6a 01 27 97 2d 38 b1 4a 5c
00000070: b7 43 f1 64 24 ef 76 75 50 ce 4f 6f 59 ca 96 ae 00000070: b7 43 f1 64 24 ef 76 75 50 ce 4f 6f 59 ca 96 ae
00000080: 54 85 9c 94 8d 04 91 62 3a 0c b6 6e 77 59 81 40 00000080: 54 85 9c 94 8d 04 91 62 3a 0c b6 6e 77 59 81 40
skipping to change at page 48, line 47 skipping to change at line 2187
00000090: c1 65 7c 4d 67 77 00 0a bc cd bc 4c 34 c3 b3 85 00000090: c1 65 7c 4d 67 77 00 0a bc cd bc 4c 34 c3 b3 85
000000A0: ed 86 7d 3b 9f f7 15 ea 55 b5 e4 1e 45 d9 b0 4f 000000A0: ed 86 7d 3b 9f f7 15 ea 55 b5 e4 1e 45 d9 b0 4f
000000B0: 69 3f ee 7c 89 0e 09 3d 4b 35 2e 8a 3c 0c 33 20 000000B0: 69 3f ee 7c 89 0e 09 3d 4b 35 2e 8a 3c 0c 33 20
000000C0: c3 54 7b 44 db 9f c7 96 a0 1e 9e ae b4 bd 29 73 000000C0: c3 54 7b 44 db 9f c7 96 a0 1e 9e ae b4 bd 29 73
000000D0: b6 80 2d 00 2d 00 00 18 01 00 00 00 07 00 00 10 000000D0: b6 80 2d 00 2d 00 00 18 01 00 00 00 07 00 00 10
000000E0: 00 00 ff ff 0a 01 01 02 0a 01 01 02 29 00 00 18 000000E0: 00 00 ff ff 0a 01 01 02 0a 01 01 02 29 00 00 18
000000F0: 01 00 00 00 07 00 00 10 00 00 ff ff 0a 00 00 00 000000F0: 01 00 00 00 07 00 00 10 00 00 ff ff 0a 00 00 00
00000100: 0a 00 00 ff 29 00 00 08 00 00 40 02 29 00 00 08 00000100: 0a 00 00 ff 29 00 00 08 00 00 40 02 29 00 00 08
00000110: 00 00 40 0a 00 00 00 08 00 00 40 0b 00 00000110: 00 00 40 0a 00 00 00 08 00 00 40 0b 00
(38) Encrypts plaintext using K3r as K_msg, resulted in ciphertext (38) Encrypts plaintext using K3r as K_msg, resulting in ciphertext
00000000: 42 73 5f 2b 14 a0 27 ca 3c 90 67 80 3c 3d 99 02 00000000: 42 73 5f 2b 14 a0 27 ca 3c 90 67 80 3c 3d 99 02
00000010: 1c 08 c8 67 03 0f 69 f1 c3 64 43 a6 59 74 ce b0 00000010: 1c 08 c8 67 03 0f 69 f1 c3 64 43 a6 59 74 ce b0
00000020: d7 5d 29 58 53 3a f6 c3 20 04 56 ba 2e af 14 9b 00000020: d7 5d 29 58 53 3a f6 c3 20 04 56 ba 2e af 14 9b
00000030: 2d a3 93 15 2c e5 15 e6 59 2b 7f 47 94 7f 90 82 00000030: 2d a3 93 15 2c e5 15 e6 59 2b 7f 47 94 7f 90 82
00000040: ce d3 64 cc 89 92 04 c6 bc 7b ce 61 c6 1d 7f a5 00000040: ce d3 64 cc 89 92 04 c6 bc 7b ce 61 c6 1d 7f a5
00000050: 45 1c 27 e6 0b 78 1a f2 75 8f 3e 47 53 8e d7 16 00000050: 45 1c 27 e6 0b 78 1a f2 75 8f 3e 47 53 8e d7 16
00000060: 11 f4 26 04 ae 5e d5 b8 84 b6 ac e6 20 28 da ca 00000060: 11 f4 26 04 ae 5e d5 b8 84 b6 ac e6 20 28 da ca
00000070: da 84 fe 0d c4 4d 29 2f 58 30 fe 93 f6 59 04 4a 00000070: da 84 fe 0d c4 4d 29 2f 58 30 fe 93 f6 59 04 4a
00000080: 9b aa 97 99 5b 5e 74 9c 5d 45 d5 99 42 16 8c ab 00000080: 9b aa 97 99 5b 5e 74 9c 5d 45 d5 99 42 16 8c ab
00000090: 62 cb 9f 14 5f f5 25 92 34 5c 8d 61 45 44 55 6d 00000090: 62 cb 9f 14 5f f5 25 92 34 5c 8d 61 45 44 55 6d
skipping to change at page 51, line 37 skipping to change at line 2299
000000A0: 3d 80 b0 39 f0 39 0b 43 8a f9 b7 b7 17 41 34 ce 000000A0: 3d 80 b0 39 f0 39 0b 43 8a f9 b7 b7 17 41 34 ce
000000B0: 36 bf e3 e7 1a 68 61 72 0e f1 91 24 89 ab d7 e9 000000B0: 36 bf e3 e7 1a 68 61 72 0e f1 91 24 89 ab d7 e9
000000C0: a9 b1 87 38 a1 c0 4c 42 4e 47 62 28 9e d7 1f 02 000000C0: a9 b1 87 38 a1 c0 4c 42 4e 47 62 28 9e d7 1f 02
000000D0: 13 40 69 38 31 f1 91 87 ec 54 11 0a 2d d9 25 15 000000D0: 13 40 69 38 31 f1 91 87 ec 54 11 0a 2d d9 25 15
000000E0: 15 16 37 b7 71 94 11 49 5e f7 28 90 c5 1e 6b 07 000000E0: 15 16 37 b7 71 94 11 49 5e f7 28 90 c5 1e 6b 07
000000F0: d9 cf 06 a2 a2 33 0e e0 25 67 db a6 17 11 27 60 000000F0: d9 cf 06 a2 a2 33 0e e0 25 67 db a6 17 11 27 60
00000100: c8 21 f7 79 63 aa b0 f9 7b 95 03 a7 8d 2e d7 df 00000100: c8 21 f7 79 63 aa b0 f9 7b 95 03 a7 8d 2e d7 df
00000110: 58 e7 30 ab d3 c8 f1 24 40 69 fc 3f bf 00000110: 58 e7 30 ab d3 c8 f1 24 40 69 fc 3f bf
(50) Decrypts ciphertext and verifies ICV using K3r as K_msg, (50) Decrypts ciphertext and verifies ICV using K3r as K_msg,
resulted in plaintext resulting in plaintext
00000000: 28 00 00 28 00 00 00 24 01 03 04 03 29 0a 8e 3f 00000000: 28 00 00 28 00 00 00 24 01 03 04 03 29 0a 8e 3f
00000010: 03 00 00 08 01 00 00 20 03 00 00 08 04 00 00 22 00000010: 03 00 00 08 01 00 00 20 03 00 00 08 04 00 00 22
00000020: 00 00 00 08 05 00 00 00 22 00 00 24 f1 c1 3f 5e 00000020: 00 00 00 08 05 00 00 00 22 00 00 24 f1 c1 3f 5e
00000030: c4 c9 70 81 cb 1f 57 fe af 3d 80 37 92 a9 ff 96 00000030: c4 c9 70 81 cb 1f 57 fe af 3d 80 37 92 a9 ff 96
00000040: db 8f 3f 31 0a db 84 d1 24 d5 94 12 2c 00 00 88 00000040: db 8f 3f 31 0a db 84 d1 24 d5 94 12 2c 00 00 88
00000050: 00 22 00 00 de 1d 91 64 c3 3e 58 4a b3 3e 55 5d 00000050: 00 22 00 00 de 1d 91 64 c3 3e 58 4a b3 3e 55 5d
00000060: 3e f6 5b cb b5 c6 1c 09 cb 9a 17 91 81 13 5f 46 00000060: 3e f6 5b cb b5 c6 1c 09 cb 9a 17 91 81 13 5f 46
00000070: ce 52 98 c5 1e bb 77 96 c9 04 03 2d f4 e5 23 f9 00000070: ce 52 98 c5 1e bb 77 96 c9 04 03 2d f4 e5 23 f9
00000080: 75 e3 ef a8 53 52 b4 75 9c 00 55 7b 09 75 49 55 00000080: 75 e3 ef a8 53 52 b4 75 9c 00 55 7b 09 75 49 55
skipping to change at page 53, line 5 skipping to change at line 2347
(52) Computes keys for new ESP SAs (52) Computes keys for new ESP SAs
00000000: 4e c4 99 c2 d9 e8 fc 7f 26 fa cf df 20 8f a2 5c 00000000: 4e c4 99 c2 d9 e8 fc 7f 26 fa cf df 20 8f a2 5c
00000010: 85 f8 e3 0c f7 fd 11 5b 5f 80 ba c4 e6 70 8b e4 00000010: 85 f8 e3 0c f7 fd 11 5b 5f 80 ba c4 e6 70 8b e4
00000020: 0b 90 d7 8f bd d4 c5 bd c4 31 6f 0b 00000020: 0b 90 d7 8f bd d4 c5 bd c4 31 6f 0b
00000000: 3c cc d8 46 72 44 68 c6 41 84 d2 22 ea 39 7c e8 00000000: 3c cc d8 46 72 44 68 c6 41 84 d2 22 ea 39 7c e8
00000010: aa 83 66 11 3a 26 4d 7b 07 52 6b c7 65 25 73 9d 00000010: aa 83 66 11 3a 26 4d 7b 07 52 6b c7 65 25 73 9d
00000020: 0f 3d 80 bc 8c 34 ff 07 31 11 5e d2 00000020: 0f 3d 80 bc 8c 34 ff 07 31 11 5e d2
Sub-scenario 4: IKE SA deletion using the INFORMATIONAL exchange. A.1.4. Sub-Scenario 4: IKE SA Deletion Using the INFORMATIONAL Exchange
Initiator Responder Initiator Responder
HDR, SK {D} ---> HDR, SK {D} --->
<--- HDR, SK { } <--- HDR, SK { }
Initiator's actions: Initiator's actions:
(1) Creates message (1) Creates message
Informational Informational
4387648D6C9E28FF.82D9FAF87449B936.00000003 IKEv2 R<-I[61] 4387648D6C9E28FF.82D9FAF87449B936.00000003 IKEv2 R<-I[61]
E[33]{ E[33]{
D[8](IKE)} D[8](IKE)}
skipping to change at page 53, line 39 skipping to change at line 2381
(4) Composes AAD (4) Composes AAD
00000000: 43 87 64 8d 6c 9e 28 ff 82 d9 fa f8 74 49 b9 36 00000000: 43 87 64 8d 6c 9e 28 ff 82 d9 fa f8 74 49 b9 36
00000010: 2e 20 25 08 00 00 00 03 00 00 00 3d 2a 00 00 21 00000010: 2e 20 25 08 00 00 00 03 00 00 00 3d 2a 00 00 21
(5) Composes plaintext (5) Composes plaintext
00000000: 00 00 00 08 01 00 00 00 00 00000000: 00 00 00 08 01 00 00 00 00
(6) Encrypts plaintext using K3i as K_msg, resulted in ciphertext (6) Encrypts plaintext using K3i as K_msg, resulting in ciphertext
00000000: 3e 17 6f 6c 23 48 06 e9 fd 00000000: 3e 17 6f 6c 23 48 06 e9 fd
(7) Computes ICV using K3i as K_msg (7) Computes ICV using K3i as K_msg
00000000: 23 7b a2 fc d5 1c 6f 2c c0 1e 21 e4 00000000: 23 7b a2 fc d5 1c 6f 2c c0 1e 21 e4
(8) Composes IV (8) Composes IV
00000000: 00 00 00 00 00 00 00 03 00000000: 00 00 00 00 00 00 00 03
skipping to change at page 54, line 40 skipping to change at line 2431
(14) Extracts AAD from message (14) Extracts AAD from message
00000000: 43 87 64 8d 6c 9e 28 ff 82 d9 fa f8 74 49 b9 36 00000000: 43 87 64 8d 6c 9e 28 ff 82 d9 fa f8 74 49 b9 36
00000010: 2e 20 25 08 00 00 00 03 00 00 00 3d 2a 00 00 21 00000010: 2e 20 25 08 00 00 00 03 00 00 00 3d 2a 00 00 21
(15) Extracts ciphertext from message (15) Extracts ciphertext from message
00000000: 3e 17 6f 6c 23 48 06 e9 fd 00000000: 3e 17 6f 6c 23 48 06 e9 fd
(16) Decrypts ciphertext and verifies ICV using K3i as K_msg, (16) Decrypts ciphertext and verifies ICV using K3i as K_msg,
resulted in plaintext resulting in plaintext
00000000: 00 00 00 08 01 00 00 00 00 00000000: 00 00 00 08 01 00 00 00 00
(17) Parses received message (17) Parses received message
Informational Informational
4387648D6C9E28FF.82D9FAF87449B936.00000003 IKEv2 I->R[61] 4387648D6C9E28FF.82D9FAF87449B936.00000003 IKEv2 I->R[61]
E[33]{ E[33]{
D[8](IKE)} D[8](IKE)}
skipping to change at page 55, line 26 skipping to change at line 2466
(21) Composes AAD (21) Composes AAD
00000000: 43 87 64 8d 6c 9e 28 ff 82 d9 fa f8 74 49 b9 36 00000000: 43 87 64 8d 6c 9e 28 ff 82 d9 fa f8 74 49 b9 36
00000010: 2e 20 25 20 00 00 00 03 00 00 00 35 00 00 00 19 00000010: 2e 20 25 20 00 00 00 03 00 00 00 35 00 00 00 19
(22) Composes plaintext (22) Composes plaintext
00000000: 00 00000000: 00
(23) Encrypts plaintext using K3r as K_msg, resulted in ciphertext (23) Encrypts plaintext using K3r as K_msg, resulting in ciphertext
00000000: f1 00000000: f1
(24) Computes ICV using K3r as K_msg (24) Computes ICV using K3r as K_msg
00000000: 38 3b 47 ed 04 4d af 44 b8 59 9a ce 00000000: 38 3b 47 ed 04 4d af 44 b8 59 9a ce
(25) Composes IV (25) Composes IV
00000000: 00 00 00 00 00 00 00 03 00000000: 00 00 00 00 00 00 00 03
skipping to change at page 56, line 28 skipping to change at line 2516
(31) Extracts AAD from message (31) Extracts AAD from message
00000000: 43 87 64 8d 6c 9e 28 ff 82 d9 fa f8 74 49 b9 36 00000000: 43 87 64 8d 6c 9e 28 ff 82 d9 fa f8 74 49 b9 36
00000010: 2e 20 25 20 00 00 00 03 00 00 00 35 00 00 00 19 00000010: 2e 20 25 20 00 00 00 03 00 00 00 35 00 00 00 19
(32) Extracts ciphertext from message (32) Extracts ciphertext from message
00000000: f1 00000000: f1
(33) Decrypts ciphertext and verifies ICV using K3r as K_msg, (33) Decrypts ciphertext and verifies ICV using K3r as K_msg,
resulted in plaintext resulting in plaintext
00000000: 00 00000000: 00
(34) Parses received message (34) Parses received message
Informational Informational
4387648D6C9E28FF.82D9FAF87449B936.00000003 IKEv2 R=>I[53] 4387648D6C9E28FF.82D9FAF87449B936.00000003 IKEv2 R=>I[53]
E[25]{} E[25]{}
A.2. Scenario 2 A.2. Scenario 2
With this scenario peers establish, rekey and delete IKE SA and ESP In this scenario, peers establish, rekey, and delete an IKE SA and
SAs using the following prerequisites: ESP SAs using the following prerequisites:
* Peers authenticate each other using digital signatures * Peers authenticate each other using digital signatures.
* Initiator's ID is "CN=IKE Interop Test Client, O=ELVIS-PLUS, C=RU" * Initiator's ID is "CN=IKE Interop Test Client, O=ELVIS-PLUS, C=RU"
of type ID_DER_ASN1_DN: of type ID_DER_ASN1_DN:
00000010: 30 44 31 20 30 1e 06 03 55 04 03 13 17 49 4b 45 00000010: 30 44 31 20 30 1e 06 03 55 04 03 13 17 49 4b 45
00000020: 20 49 6e 74 65 72 6f 70 20 54 65 73 74 20 43 6c 00000020: 20 49 6e 74 65 72 6f 70 20 54 65 73 74 20 43 6c
00000030: 69 65 6e 74 31 13 30 11 06 03 55 04 0a 13 0a 45 00000030: 69 65 6e 74 31 13 30 11 06 03 55 04 0a 13 0a 45
00000040: 4c 56 49 53 2d 50 4c 55 53 31 0b 30 09 06 03 55 00000040: 4c 56 49 53 2d 50 4c 55 53 31 0b 30 09 06 03 55
00000050: 04 06 13 02 52 55 00000050: 04 06 13 02 52 55
* Responder's ID is "CN=IKE Interop Test Server, O=ELVIS-PLUS, C=RU" * Responder's ID is "CN=IKE Interop Test Server, O=ELVIS-PLUS, C=RU"
of type ID_DER_ASN1_DN: of type ID_DER_ASN1_DN:
00000010: 30 44 31 20 30 1e 06 03 55 04 03 13 17 49 4b 45 00000010: 30 44 31 20 30 1e 06 03 55 04 03 13 17 49 4b 45
00000020: 20 49 6e 74 65 72 6f 70 20 54 65 73 74 20 53 65 00000020: 20 49 6e 74 65 72 6f 70 20 54 65 73 74 20 53 65
00000030: 72 76 65 72 31 13 30 11 06 03 55 04 0a 13 0a 45 00000030: 72 76 65 72 31 13 30 11 06 03 55 04 0a 13 0a 45
00000040: 4c 56 49 53 2d 50 4c 55 53 31 0b 30 09 06 03 55 00000040: 4c 56 49 53 2d 50 4c 55 53 31 0b 30 09 06 03 55
00000050: 04 06 13 02 52 55 00000050: 04 06 13 02 52 55
* No NAT is present between the peers, but using UDP encapsulation * No NAT is present between the peers, but using UDP encapsulation
is forced by the initiator by setting NAT_DETECTION_SOURCE_IP is forced by the initiator by setting the NAT_DETECTION_SOURCE_IP
notify to all zeroes notification data to all zeroes.
* IKE fragmentation is used in the IKE_AUTH exchange * IKE fragmentation is used in the IKE_AUTH exchange.
* IKE SA is created with the following transforms: * IKE SA is created with the following transforms:
- ENCR_MAGMA_MGM_KTREE - ENCR_MAGMA_MGM_KTREE
- PRF_HMAC_STREEBOG_512 - PRF_HMAC_STREEBOG_512
- GOST3410_2012_256 - GOST3410_2012_256
* ESP SAs are created with the following transforms: * ESP SAs are created with the following transforms:
- ENCR_MAGMA_MGM_KTREE - ENCR_MAGMA_MGM_KTREE
- ESN off - ESN off
The certificates for this scenatio were obtained from the public The certificates for this scenario were obtained from the public
testing CA service https://testgost2012.cryptopro.ru/certsrv/ testing CA service <https://testgost2012.cryptopro.ru/certsrv/>.
The initiator's certificate private key (little endian): The initiator's certificate private key (little endian):
0000000000: 76 e9 dd b3 f3 a2 08 a2 4e a5 81 9c ae 41 da b4 0000000000: 76 e9 dd b3 f3 a2 08 a2 4e a5 81 9c ae 41 da b4
0000000010: 77 3c 1d d5 dc eb af e6 58 b1 47 d2 d8 29 ce 71 0000000010: 77 3c 1d d5 dc eb af e6 58 b1 47 d2 d8 29 ce 71
0000000020: 18 a9 85 5d 28 5b 3c e3 23 bd 80 ac 2f 00 cc b6 0000000020: 18 a9 85 5d 28 5b 3c e3 23 bd 80 ac 2f 00 cc b6
0000000030: 61 4c 42 a1 65 61 02 cf 33 eb 1f 5f 02 ce 8a b9 0000000030: 61 4c 42 a1 65 61 02 cf 33 eb 1f 5f 02 ce 8a b9
The initiator's certificate: The initiator's certificate:
skipping to change at page 77, line 31 skipping to change at line 3528
1235 8: OBJECT IDENTIFIER 1235 8: OBJECT IDENTIFIER
: gost2012Signature256 (1 2 643 7 1 1 3 2) : gost2012Signature256 (1 2 643 7 1 1 3 2)
: } : }
1245 65: BIT STRING 1245 65: BIT STRING
: 3e 95 cd d8 1f 95 bd 09 ab 73 82 f5 04 e0 f2 66 : 3e 95 cd d8 1f 95 bd 09 ab 73 82 f5 04 e0 f2 66
: 12 32 82 9b 2b 03 cc 4b c0 b3 73 f8 e7 0d d6 bd : 12 32 82 9b 2b 03 cc 4b c0 b3 73 f8 e7 0d d6 bd
: 83 c8 27 2d 01 c1 ec ef 65 5d ac 77 fd dd da 9d : 83 c8 27 2d 01 c1 ec ef 65 5d ac 77 fd dd da 9d
: 04 e2 bf e8 02 7f 87 36 1b cf ac 7a 28 9c 21 fe : 04 e2 bf e8 02 7f 87 36 1b cf ac 7a 28 9c 21 fe
: } : }
This scenario includes four sub-scenarios. This scenario includes four sub-scenarios, which are described below.
Sub-scenario 1: Establishing of IKE and ESP SAs using the A.2.1. Sub-Scenario 1: Establishment of IKE and ESP SAs Using the
IKE_SA_INIT and the IKE_AUTH exchanges. IKE_SA_INIT and the IKE_AUTH Exchanges
Initiator Responder Initiator Responder
HDR, SAi1, KEi, Ni [,N+] ---> HDR, SAi1, KEi, Ni [,N+] --->
<--- HDR, N(INVALID_KE_PAYLOAD) <--- HDR, N(INVALID_KE_PAYLOAD)
HDR, SAi1, KEi, Ni [,N+] ---> HDR, SAi1, KEi, Ni [,N+] --->
<--- HDR, SAr1, KEr, Nr <--- HDR, SAr1, KEr, Nr
[,CERTREQ] [,N+] [,CERTREQ] [,N+]
HDR, SK {IDi, [CERT,] HDR, SK {IDi, [CERT,]
[CERTREQ,] [IDr,] [N+,] [CERTREQ,] [IDr,] [N+,]
AUTH, SAi2, TSi, TSr} ---> AUTH, SAi2, TSi, TSr} --->
<--- HDR, SK {IDr, [CERT,] [N+,] <--- HDR, SK {IDr, [CERT,] [N+,]
AUTH, SAr2, TSi, TSr} AUTH, SAr2, TSi, TSr}
Initiator's actions: Initiator's actions:
(1) Generates random SPIi for IKE SA (1) Generates random SPIi for IKE SA
00000000: 92 80 e0 82 2e 75 87 78 00000000: 92 80 e0 82 2e 75 87 78
(2) Generates random IKE nonce Ni (2) Generates random IKE nonce Ni
00000000: 98 44 d5 40 ef 89 46 f4 55 20 0a 55 73 dc ad 73 00000000: 98 44 d5 40 ef 89 46 f4 55 20 0a 55 73 dc ad 73
skipping to change at page 87, line 49 skipping to change at line 3992
00000160: b5 d1 81 d1 82 d0 be d0 b2 d1 8b d0 b9 20 d0 a3 00000160: b5 d1 81 d1 82 d0 be d0 b2 d1 8b d0 b9 20 d0 a3
00000170: d0 a6 20 d0 9e d0 9e d0 9e 20 22 d0 9a d0 a0 d0 00000170: d0 a6 20 d0 9e d0 9e d0 9e 20 22 d0 9a d0 a0 d0
00000180: 98 d0 9f d0 a2 d0 9e 2d d0 9f d0 a0 d0 9e 22 30 00000180: 98 d0 9f d0 a2 d0 9e 2d d0 9f d0 a0 d0 9e 22 30
00000190: 1e 17 0d 32 31 31 30 30 31 30 36 31 30 31 30 5a 00000190: 1e 17 0d 32 31 31 30 30 31 30 36 31 30 31 30 5a
000001A0: 17 0d 32 32 30 31 30 31 30 36 32 30 31 30 5a 30 000001A0: 17 0d 32 32 30 31 30 31 30 36 32 30 31 30 5a 30
000001B0: 44 31 20 30 1e 06 03 55 04 03 13 17 49 4b 45 20 000001B0: 44 31 20 30 1e 06 03 55 04 03 13 17 49 4b 45 20
000001C0: 49 6e 74 65 72 6f 70 20 54 65 73 74 20 43 6c 69 000001C0: 49 6e 74 65 72 6f 70 20 54 65 73 74 20 43 6c 69
000001D0: 65 6e 74 31 13 30 11 06 03 55 04 0a 13 0a 45 4c 000001D0: 65 6e 74 31 13 30 11 06 03 55 04 0a 13 0a 45 4c
000001E0: 56 49 53 2d 50 4c 55 53 31 0b 30 00 000001E0: 56 49 53 2d 50 4c 55 53 31 0b 30 00
(44) Encrypts plaintext using K3i as K_msg, resulted in ciphertext (44) Encrypts plaintext using K3i as K_msg, resulting in ciphertext
(fragment 1) (fragment 1)
00000000: 03 45 60 11 15 25 f5 45 bb 0e f4 25 26 e2 14 8c 00000000: 03 45 60 11 15 25 f5 45 bb 0e f4 25 26 e2 14 8c
00000010: a7 01 82 f6 9c 6e 42 f1 a3 9b 9e ac a6 dd 0d 9c 00000010: a7 01 82 f6 9c 6e 42 f1 a3 9b 9e ac a6 dd 0d 9c
00000020: ff 79 15 ed b9 0c 81 a0 b4 29 61 fb 55 1b c1 73 00000020: ff 79 15 ed b9 0c 81 a0 b4 29 61 fb 55 1b c1 73
00000030: 4d de 1f b2 5f 1f cb 84 5d 12 24 85 52 c4 f2 1d 00000030: 4d de 1f b2 5f 1f cb 84 5d 12 24 85 52 c4 f2 1d
00000040: 01 a7 92 ad 55 4d 90 d0 58 d2 1a 5e f6 dc 4e 73 00000040: 01 a7 92 ad 55 4d 90 d0 58 d2 1a 5e f6 dc 4e 73
00000050: d4 9b 08 66 d7 64 de 10 e6 75 69 20 e3 7b 6c f0 00000050: d4 9b 08 66 d7 64 de 10 e6 75 69 20 e3 7b 6c f0
00000060: 4b 8b ff 60 39 f1 19 31 72 dd c1 09 33 5b 1d 56 00000060: 4b 8b ff 60 39 f1 19 31 72 dd c1 09 33 5b 1d 56
00000070: ee 0c 1c 42 d7 f3 04 d3 5b 9a 6e cf 7f b3 1f ac 00000070: ee 0c 1c 42 d7 f3 04 d3 5b 9a 6e cf 7f b3 1f ac
skipping to change at page 89, line 42 skipping to change at line 4079
00000160: 75 2f 43 65 72 74 45 6e 72 6f 6c 6c 2f 21 30 34 00000160: 75 2f 43 65 72 74 45 6e 72 6f 6c 6c 2f 21 30 34
00000170: 32 32 21 30 34 33 35 21 30 34 34 31 21 30 34 34 00000170: 32 32 21 30 34 33 35 21 30 34 34 31 21 30 34 34
00000180: 32 21 30 34 33 65 21 30 34 33 32 21 30 34 34 62 00000180: 32 21 30 34 33 65 21 30 34 33 32 21 30 34 34 62
00000190: 21 30 34 33 39 25 32 30 21 30 34 32 33 21 30 34 00000190: 21 30 34 33 39 25 32 30 21 30 34 32 33 21 30 34
000001A0: 32 36 25 32 30 21 30 34 31 65 21 30 34 31 65 21 000001A0: 32 36 25 32 30 21 30 34 31 65 21 30 34 31 65 21
000001B0: 30 34 31 65 25 32 30 21 30 30 32 32 21 30 34 31 000001B0: 30 34 31 65 25 32 30 21 30 30 32 32 21 30 34 31
000001C0: 61 21 30 34 32 30 21 30 34 31 38 21 30 34 31 66 000001C0: 61 21 30 34 32 30 21 30 34 31 38 21 30 34 31 66
000001D0: 21 30 34 32 32 21 30 34 31 65 2d 21 30 34 31 66 000001D0: 21 30 34 32 32 21 30 34 31 65 2d 21 30 34 31 66
000001E0: 21 30 34 32 30 21 30 34 31 65 21 00 000001E0: 21 30 34 32 30 21 30 34 31 65 21 00
(50) Encrypts plaintext using K3i as K_msg, resulted in ciphertext (50) Encrypts plaintext using K3i as K_msg, resulting in ciphertext
(fragment 2) (fragment 2)
00000000: 3c b1 b4 aa 04 56 27 1b 45 04 f7 70 1b 17 16 16 00000000: 3c b1 b4 aa 04 56 27 1b 45 04 f7 70 1b 17 16 16
00000010: 85 16 ee b3 88 7d 08 64 2d 24 b8 1d 7e ac c9 72 00000010: 85 16 ee b3 88 7d 08 64 2d 24 b8 1d 7e ac c9 72
00000020: 73 07 d3 d9 ef 5d 08 8b 47 97 5a 98 53 00 ec 13 00000020: 73 07 d3 d9 ef 5d 08 8b 47 97 5a 98 53 00 ec 13
00000030: cc 5a 46 7b 16 a2 14 6a f1 ea 17 71 9b 75 1d 46 00000030: cc 5a 46 7b 16 a2 14 6a f1 ea 17 71 9b 75 1d 46
00000040: 9d 6d 8c 3a a2 b2 75 c5 c9 4c 16 56 73 03 16 40 00000040: 9d 6d 8c 3a a2 b2 75 c5 c9 4c 16 56 73 03 16 40
00000050: 42 fe a2 5a cc c7 ed 37 91 b1 eb e5 56 2a 01 bc 00000050: 42 fe a2 5a cc c7 ed 37 91 b1 eb e5 56 2a 01 bc
00000060: a2 83 ac 05 f1 a7 56 e5 f2 bb f4 18 7f 05 82 14 00000060: a2 83 ac 05 f1 a7 56 e5 f2 bb f4 18 7f 05 82 14
00000070: 70 de af 44 d4 cc a9 0a 95 6d c1 96 11 3d cf e1 00000070: 70 de af 44 d4 cc a9 0a 95 6d c1 96 11 3d cf e1
skipping to change at page 91, line 42 skipping to change at line 4166
00000160: c3 75 e9 ca 67 81 c1 93 96 b4 bd 18 12 4c 37 f7 00000160: c3 75 e9 ca 67 81 c1 93 96 b4 bd 18 12 4c 37 f7
00000170: d9 73 d6 4c 8a a6 c4 0a 24 00 00 19 04 5e 9e 50 00000170: d9 73 d6 4c 8a a6 c4 0a 24 00 00 19 04 5e 9e 50
00000180: 5f 58 b0 a5 7a 33 45 83 49 66 0f 1c 3c 7a 67 71 00000180: 5f 58 b0 a5 7a 33 45 83 49 66 0f 1c 3c 7a 67 71
00000190: 98 27 00 00 4e 09 00 00 00 30 44 31 20 30 1e 06 00000190: 98 27 00 00 4e 09 00 00 00 30 44 31 20 30 1e 06
000001A0: 03 55 04 03 13 17 49 4b 45 20 49 6e 74 65 72 6f 000001A0: 03 55 04 03 13 17 49 4b 45 20 49 6e 74 65 72 6f
000001B0: 70 20 54 65 73 74 20 53 65 72 76 65 72 31 13 30 000001B0: 70 20 54 65 73 74 20 53 65 72 76 65 72 31 13 30
000001C0: 11 06 03 55 04 0a 13 0a 45 4c 56 49 53 2d 50 4c 000001C0: 11 06 03 55 04 0a 13 0a 45 4c 56 49 53 2d 50 4c
000001D0: 55 53 31 0b 30 09 06 03 55 04 06 13 02 52 55 29 000001D0: 55 53 31 0b 30 09 06 03 55 04 06 13 02 52 55 29
000001E0: 00 00 95 0e 00 00 00 0c 30 0a 06 00 000001E0: 00 00 95 0e 00 00 00 0c 30 0a 06 00
(56) Encrypts plaintext using K3i as K_msg, resulted in ciphertext (56) Encrypts plaintext using K3i as K_msg, resulting in ciphertext
(fragment 3) (fragment 3)
00000000: e7 72 d9 51 90 b1 a2 bc 81 8d d6 56 bf 7a 81 e0 00000000: e7 72 d9 51 90 b1 a2 bc 81 8d d6 56 bf 7a 81 e0
00000010: 1a a1 70 8b 35 a0 7e 5f e8 df 58 3d 75 5d d2 4c 00000010: 1a a1 70 8b 35 a0 7e 5f e8 df 58 3d 75 5d d2 4c
00000020: 4c ce 17 77 3f 28 9c ca 7a a4 23 23 f0 c7 ff ff 00000020: 4c ce 17 77 3f 28 9c ca 7a a4 23 23 f0 c7 ff ff
00000030: 98 ee e3 1a 27 39 4d 90 1a b7 5b 44 11 16 11 3a 00000030: 98 ee e3 1a 27 39 4d 90 1a b7 5b 44 11 16 11 3a
00000040: ea bf 83 66 da 92 2a 3a 3d bd b5 40 c8 bc f6 ed 00000040: ea bf 83 66 da 92 2a 3a 3d bd b5 40 c8 bc f6 ed
00000050: cb 1d 5a 8e 30 f0 06 72 dc 6c da c1 45 7b e8 25 00000050: cb 1d 5a 8e 30 f0 06 72 dc 6c da c1 45 7b e8 25
00000060: ca 93 2a b2 fe 4a db 00 90 e3 31 78 26 8d ae c8 00000060: ca 93 2a b2 fe 4a db 00 90 e3 31 78 26 8d ae c8
00000070: 39 66 80 7d e5 01 5f 21 d6 c3 40 46 19 e4 43 9d 00000070: 39 66 80 7d e5 01 5f 21 d6 c3 40 46 19 e4 43 9d
skipping to change at page 93, line 32 skipping to change at line 4243
000000C0: 08 01 00 00 20 03 00 00 08 01 00 00 21 03 00 00 000000C0: 08 01 00 00 20 03 00 00 08 01 00 00 21 03 00 00
000000D0: 08 01 00 00 22 03 00 00 08 01 00 00 23 00 00 00 000000D0: 08 01 00 00 22 03 00 00 08 01 00 00 23 00 00 00
000000E0: 08 05 00 00 00 2d 00 00 28 02 00 00 00 07 01 00 000000E0: 08 05 00 00 00 2d 00 00 28 02 00 00 00 07 01 00
000000F0: 10 08 00 08 00 0a 6f 0a ab 0a 6f 0a ab 07 00 00 000000F0: 10 08 00 08 00 0a 6f 0a ab 0a 6f 0a ab 07 00 00
00000100: 10 00 00 ff ff 00 00 00 00 ff ff ff ff 29 00 00 00000100: 10 00 00 ff ff 00 00 00 00 ff ff ff ff 29 00 00
00000110: 28 02 00 00 00 07 01 00 10 08 00 08 00 0a 00 00 00000110: 28 02 00 00 00 07 01 00 10 08 00 08 00 0a 00 00
00000120: 02 0a 00 00 02 07 00 00 10 00 00 ff ff 0a 00 00 00000120: 02 0a 00 00 02 07 00 00 10 00 00 ff ff 0a 00 00
00000130: 00 0a 00 00 ff 29 00 00 08 00 00 40 0a 00 00 00 00000130: 00 0a 00 00 ff 29 00 00 08 00 00 40 0a 00 00 00
00000140: 08 00 00 40 0b 00 00000140: 08 00 00 40 0b 00
(62) Encrypts plaintext using K3i as K_msg, resulted in ciphertext (62) Encrypts plaintext using K3i as K_msg, resulting in ciphertext
(fragment 4) (fragment 4)
00000000: e0 8a 0b 04 ee f8 47 c2 52 96 71 9f 9d 39 0c 91 00000000: e0 8a 0b 04 ee f8 47 c2 52 96 71 9f 9d 39 0c 91
00000010: ea 6a 16 7c 80 31 a0 fd 76 cc c4 f1 8f 1a d3 be 00000010: ea 6a 16 7c 80 31 a0 fd 76 cc c4 f1 8f 1a d3 be
00000020: fa 78 6b df c1 c6 73 83 be 36 69 c4 8a 87 ed 11 00000020: fa 78 6b df c1 c6 73 83 be 36 69 c4 8a 87 ed 11
00000030: 90 31 a8 fd f9 0a 5c e4 d4 23 c9 e6 b3 96 ac b6 00000030: 90 31 a8 fd f9 0a 5c e4 d4 23 c9 e6 b3 96 ac b6
00000040: 8e bd fc 27 58 79 9f cc 8b ac 6b 59 e4 70 4b 05 00000040: 8e bd fc 27 58 79 9f cc 8b ac 6b 59 e4 70 4b 05
00000050: 23 16 ed 49 25 f3 de 02 2e ce ae 86 e8 b4 ca b4 00000050: 23 16 ed 49 25 f3 de 02 2e ce ae 86 e8 b4 ca b4
00000060: 96 ad 5b f6 2b c2 47 33 6f da f3 97 3c 13 ed 1f 00000060: 96 ad 5b f6 2b c2 47 33 6f da f3 97 3c 13 ed 1f
00000070: 7a da 93 b5 69 6a b5 10 93 38 75 ea b7 34 a3 87 00000070: 7a da 93 b5 69 6a b5 10 93 38 75 ea b7 34 a3 87
skipping to change at page 94, line 35 skipping to change at line 4276
00000140: 42 53 49 d1 2c c2 00000140: 42 53 49 d1 2c c2
(63) Computes ICV using K3i as K_msg (fragment 4) (63) Computes ICV using K3i as K_msg (fragment 4)
00000000: d2 25 f1 d0 38 65 b7 b6 00000000: d2 25 f1 d0 38 65 b7 b6
(64) Composes IV (fragment 4) (64) Composes IV (fragment 4)
00000000: 00 00 00 00 00 00 00 03 00000000: 00 00 00 00 00 00 00 03
(65) Sends message fragment (1) , peer receives message fragment (1) (65) Sends message fragment (1), peer receives message fragment (1)
10.111.10.171:54295->10.111.15.45:4500 [548] 10.111.10.171:54295->10.111.15.45:4500 [548]
00000000: 00 00 00 00 92 80 e0 82 2e 75 87 78 db 57 8d 97 00000000: 00 00 00 00 92 80 e0 82 2e 75 87 78 db 57 8d 97
00000010: de 11 9d 1e 35 20 23 08 00 00 00 01 00 00 02 20 00000010: de 11 9d 1e 35 20 23 08 00 00 00 01 00 00 02 20
00000020: 23 00 02 04 00 01 00 04 00 00 00 00 00 00 00 00 00000020: 23 00 02 04 00 01 00 04 00 00 00 00 00 00 00 00
00000030: 03 45 60 11 15 25 f5 45 bb 0e f4 25 26 e2 14 8c 00000030: 03 45 60 11 15 25 f5 45 bb 0e f4 25 26 e2 14 8c
00000040: a7 01 82 f6 9c 6e 42 f1 a3 9b 9e ac a6 dd 0d 9c 00000040: a7 01 82 f6 9c 6e 42 f1 a3 9b 9e ac a6 dd 0d 9c
00000050: ff 79 15 ed b9 0c 81 a0 b4 29 61 fb 55 1b c1 73 00000050: ff 79 15 ed b9 0c 81 a0 b4 29 61 fb 55 1b c1 73
00000060: 4d de 1f b2 5f 1f cb 84 5d 12 24 85 52 c4 f2 1d 00000060: 4d de 1f b2 5f 1f cb 84 5d 12 24 85 52 c4 f2 1d
00000070: 01 a7 92 ad 55 4d 90 d0 58 d2 1a 5e f6 dc 4e 73 00000070: 01 a7 92 ad 55 4d 90 d0 58 d2 1a 5e f6 dc 4e 73
skipping to change at page 95, line 42 skipping to change at line 4316
000001A0: f8 ca 37 20 5f a7 74 8c 12 88 f2 d8 9e d4 94 29 000001A0: f8 ca 37 20 5f a7 74 8c 12 88 f2 d8 9e d4 94 29
000001B0: c2 db f9 fb 35 a0 cf 21 2b da 8b 9e cc 52 84 eb 000001B0: c2 db f9 fb 35 a0 cf 21 2b da 8b 9e cc 52 84 eb
000001C0: c4 12 39 3e e6 18 fb f7 57 6c b5 1e 10 3d 11 9c 000001C0: c4 12 39 3e e6 18 fb f7 57 6c b5 1e 10 3d 11 9c
000001D0: 29 9c 41 73 69 d8 d0 9d 71 2b 77 66 87 65 51 19 000001D0: 29 9c 41 73 69 d8 d0 9d 71 2b 77 66 87 65 51 19
000001E0: db 27 a0 dd aa 64 ba fd c0 5f e1 4e da 7c 20 fc 000001E0: db 27 a0 dd aa 64 ba fd c0 5f e1 4e da 7c 20 fc
000001F0: 8c 13 ab 2d c2 9c 37 9d 7e 51 cb 29 03 10 52 dc 000001F0: 8c 13 ab 2d c2 9c 37 9d 7e 51 cb 29 03 10 52 dc
00000200: f8 09 61 cc 12 9a a0 8e 1b e4 52 f8 72 bd 7a 86 00000200: f8 09 61 cc 12 9a a0 8e 1b e4 52 f8 72 bd 7a 86
00000210: db 93 7c 55 b8 1e 7f 21 d4 e6 02 f2 b1 51 cd e6 00000210: db 93 7c 55 b8 1e 7f 21 d4 e6 02 f2 b1 51 cd e6
00000220: dc 64 12 1c 00000220: dc 64 12 1c
(66) Sends message fragment (2) , peer receives message fragment (2) (66) Sends message fragment (2), peer receives message fragment (2)
10.111.10.171:54295->10.111.15.45:4500 [548] 10.111.10.171:54295->10.111.15.45:4500 [548]
00000000: 00 00 00 00 92 80 e0 82 2e 75 87 78 db 57 8d 97 00000000: 00 00 00 00 92 80 e0 82 2e 75 87 78 db 57 8d 97
00000010: de 11 9d 1e 35 20 23 08 00 00 00 01 00 00 02 20 00000010: de 11 9d 1e 35 20 23 08 00 00 00 01 00 00 02 20
00000020: 00 00 02 04 00 02 00 04 00 00 00 00 00 00 00 01 00000020: 00 00 02 04 00 02 00 04 00 00 00 00 00 00 00 01
00000030: 3c b1 b4 aa 04 56 27 1b 45 04 f7 70 1b 17 16 16 00000030: 3c b1 b4 aa 04 56 27 1b 45 04 f7 70 1b 17 16 16
00000040: 85 16 ee b3 88 7d 08 64 2d 24 b8 1d 7e ac c9 72 00000040: 85 16 ee b3 88 7d 08 64 2d 24 b8 1d 7e ac c9 72
00000050: 73 07 d3 d9 ef 5d 08 8b 47 97 5a 98 53 00 ec 13 00000050: 73 07 d3 d9 ef 5d 08 8b 47 97 5a 98 53 00 ec 13
00000060: cc 5a 46 7b 16 a2 14 6a f1 ea 17 71 9b 75 1d 46 00000060: cc 5a 46 7b 16 a2 14 6a f1 ea 17 71 9b 75 1d 46
00000070: 9d 6d 8c 3a a2 b2 75 c5 c9 4c 16 56 73 03 16 40 00000070: 9d 6d 8c 3a a2 b2 75 c5 c9 4c 16 56 73 03 16 40
skipping to change at page 96, line 42 skipping to change at line 4356
000001A0: 91 c5 ea b4 60 64 db ed d5 bc fc 3a 73 62 ce b2 000001A0: 91 c5 ea b4 60 64 db ed d5 bc fc 3a 73 62 ce b2
000001B0: ff 7a 15 95 0d 77 00 ee 5c a8 c5 89 2f 39 13 59 000001B0: ff 7a 15 95 0d 77 00 ee 5c a8 c5 89 2f 39 13 59
000001C0: dd 52 ea 11 ae 28 82 36 be aa 29 68 4c f6 63 d5 000001C0: dd 52 ea 11 ae 28 82 36 be aa 29 68 4c f6 63 d5
000001D0: 93 a5 54 3d 8f 13 26 0a 87 34 b9 81 1c 2c cd d5 000001D0: 93 a5 54 3d 8f 13 26 0a 87 34 b9 81 1c 2c cd d5
000001E0: 79 3a 65 6d 1c 6e 32 be b0 77 b7 b3 e4 ae b8 72 000001E0: 79 3a 65 6d 1c 6e 32 be b0 77 b7 b3 e4 ae b8 72
000001F0: f9 44 59 e9 14 46 67 56 93 ca 70 d1 ac 25 05 62 000001F0: f9 44 59 e9 14 46 67 56 93 ca 70 d1 ac 25 05 62
00000200: f7 55 c2 9e 2e 11 a7 29 01 24 77 4a 6f 1c ba f6 00000200: f7 55 c2 9e 2e 11 a7 29 01 24 77 4a 6f 1c ba f6
00000210: 4a 4f 83 75 29 1e c7 a9 68 29 02 d0 b4 68 c7 4d 00000210: 4a 4f 83 75 29 1e c7 a9 68 29 02 d0 b4 68 c7 4d
00000220: eb dd bd 92 00000220: eb dd bd 92
(67) Sends message fragment (3) , peer receives message fragment (3) (67) Sends message fragment (3), peer receives message fragment (3)
10.111.10.171:54295->10.111.15.45:4500 [548] 10.111.10.171:54295->10.111.15.45:4500 [548]
00000000: 00 00 00 00 92 80 e0 82 2e 75 87 78 db 57 8d 97 00000000: 00 00 00 00 92 80 e0 82 2e 75 87 78 db 57 8d 97
00000010: de 11 9d 1e 35 20 23 08 00 00 00 01 00 00 02 20 00000010: de 11 9d 1e 35 20 23 08 00 00 00 01 00 00 02 20
00000020: 00 00 02 04 00 03 00 04 00 00 00 00 00 00 00 02 00000020: 00 00 02 04 00 03 00 04 00 00 00 00 00 00 00 02
00000030: e7 72 d9 51 90 b1 a2 bc 81 8d d6 56 bf 7a 81 e0 00000030: e7 72 d9 51 90 b1 a2 bc 81 8d d6 56 bf 7a 81 e0
00000040: 1a a1 70 8b 35 a0 7e 5f e8 df 58 3d 75 5d d2 4c 00000040: 1a a1 70 8b 35 a0 7e 5f e8 df 58 3d 75 5d d2 4c
00000050: 4c ce 17 77 3f 28 9c ca 7a a4 23 23 f0 c7 ff ff 00000050: 4c ce 17 77 3f 28 9c ca 7a a4 23 23 f0 c7 ff ff
00000060: 98 ee e3 1a 27 39 4d 90 1a b7 5b 44 11 16 11 3a 00000060: 98 ee e3 1a 27 39 4d 90 1a b7 5b 44 11 16 11 3a
00000070: ea bf 83 66 da 92 2a 3a 3d bd b5 40 c8 bc f6 ed 00000070: ea bf 83 66 da 92 2a 3a 3d bd b5 40 c8 bc f6 ed
skipping to change at page 97, line 42 skipping to change at line 4396
000001A0: 19 7f f8 08 5a 0f 09 4f 6f ba 7f 4c 5b cd 0c c2 000001A0: 19 7f f8 08 5a 0f 09 4f 6f ba 7f 4c 5b cd 0c c2
000001B0: 71 ab ea 82 a2 d2 d1 1b 17 fd dc c3 54 03 85 14 000001B0: 71 ab ea 82 a2 d2 d1 1b 17 fd dc c3 54 03 85 14
000001C0: f4 90 47 2e 67 d7 93 c3 67 7e 8a f7 43 1a b3 41 000001C0: f4 90 47 2e 67 d7 93 c3 67 7e 8a f7 43 1a b3 41
000001D0: 32 f7 b0 58 38 6e 24 c8 96 d9 94 d3 54 89 2d 61 000001D0: 32 f7 b0 58 38 6e 24 c8 96 d9 94 d3 54 89 2d 61
000001E0: 10 a9 9c 22 51 52 02 c9 b7 8d cc 5b 28 6d cb 55 000001E0: 10 a9 9c 22 51 52 02 c9 b7 8d cc 5b 28 6d cb 55
000001F0: 5d 2f 97 8a 8f 3f 27 56 73 eb ec 5d e4 64 91 49 000001F0: 5d 2f 97 8a 8f 3f 27 56 73 eb ec 5d e4 64 91 49
00000200: 3b 88 f2 0a fc ed a5 67 a9 e3 71 ef 31 ce a0 33 00000200: 3b 88 f2 0a fc ed a5 67 a9 e3 71 ef 31 ce a0 33
00000210: fc d8 ea 4d 1e 3f dc 89 c8 89 e2 c3 54 4f 9b aa 00000210: fc d8 ea 4d 1e 3f dc 89 c8 89 e2 c3 54 4f 9b aa
00000220: dd af bd ca 00000220: dd af bd ca
(68) Sends message fragment (4) , peer receives message fragment (4) (68) Sends message fragment (4), peer receives message fragment (4)
10.111.10.171:54295->10.111.15.45:4500 [382] 10.111.10.171:54295->10.111.15.45:4500 [382]
00000000: 00 00 00 00 92 80 e0 82 2e 75 87 78 db 57 8d 97 00000000: 00 00 00 00 92 80 e0 82 2e 75 87 78 db 57 8d 97
00000010: de 11 9d 1e 35 20 23 08 00 00 00 01 00 00 01 7a 00000010: de 11 9d 1e 35 20 23 08 00 00 00 01 00 00 01 7a
00000020: 00 00 01 5e 00 04 00 04 00 00 00 00 00 00 00 03 00000020: 00 00 01 5e 00 04 00 04 00 00 00 00 00 00 00 03
00000030: e0 8a 0b 04 ee f8 47 c2 52 96 71 9f 9d 39 0c 91 00000030: e0 8a 0b 04 ee f8 47 c2 52 96 71 9f 9d 39 0c 91
00000040: ea 6a 16 7c 80 31 a0 fd 76 cc c4 f1 8f 1a d3 be 00000040: ea 6a 16 7c 80 31 a0 fd 76 cc c4 f1 8f 1a d3 be
00000050: fa 78 6b df c1 c6 73 83 be 36 69 c4 8a 87 ed 11 00000050: fa 78 6b df c1 c6 73 83 be 36 69 c4 8a 87 ed 11
00000060: 90 31 a8 fd f9 0a 5c e4 d4 23 c9 e6 b3 96 ac b6 00000060: 90 31 a8 fd f9 0a 5c e4 d4 23 c9 e6 b3 96 ac b6
00000070: 8e bd fc 27 58 79 9f cc 8b ac 6b 59 e4 70 4b 05 00000070: 8e bd fc 27 58 79 9f cc 8b ac 6b 59 e4 70 4b 05
skipping to change at page 100, line 50 skipping to change at line 4540
00000170: f8 ca 37 20 5f a7 74 8c 12 88 f2 d8 9e d4 94 29 00000170: f8 ca 37 20 5f a7 74 8c 12 88 f2 d8 9e d4 94 29
00000180: c2 db f9 fb 35 a0 cf 21 2b da 8b 9e cc 52 84 eb 00000180: c2 db f9 fb 35 a0 cf 21 2b da 8b 9e cc 52 84 eb
00000190: c4 12 39 3e e6 18 fb f7 57 6c b5 1e 10 3d 11 9c 00000190: c4 12 39 3e e6 18 fb f7 57 6c b5 1e 10 3d 11 9c
000001A0: 29 9c 41 73 69 d8 d0 9d 71 2b 77 66 87 65 51 19 000001A0: 29 9c 41 73 69 d8 d0 9d 71 2b 77 66 87 65 51 19
000001B0: db 27 a0 dd aa 64 ba fd c0 5f e1 4e da 7c 20 fc 000001B0: db 27 a0 dd aa 64 ba fd c0 5f e1 4e da 7c 20 fc
000001C0: 8c 13 ab 2d c2 9c 37 9d 7e 51 cb 29 03 10 52 dc 000001C0: 8c 13 ab 2d c2 9c 37 9d 7e 51 cb 29 03 10 52 dc
000001D0: f8 09 61 cc 12 9a a0 8e 1b e4 52 f8 72 bd 7a 86 000001D0: f8 09 61 cc 12 9a a0 8e 1b e4 52 f8 72 bd 7a 86
000001E0: db 93 7c 55 b8 1e 7f 21 d4 e6 02 f2 000001E0: db 93 7c 55 b8 1e 7f 21 d4 e6 02 f2
(84) Decrypts ciphertext and verifies ICV using K3i as K_msg, (84) Decrypts ciphertext and verifies ICV using K3i as K_msg,
resulted in plaintext (fragment 1) resulting in plaintext (fragment 1)
00000000: 25 00 00 4e 09 00 00 00 30 44 31 20 30 1e 06 03 00000000: 25 00 00 4e 09 00 00 00 30 44 31 20 30 1e 06 03
00000010: 55 04 03 13 17 49 4b 45 20 49 6e 74 65 72 6f 70 00000010: 55 04 03 13 17 49 4b 45 20 49 6e 74 65 72 6f 70
00000020: 20 54 65 73 74 20 43 6c 69 65 6e 74 31 13 30 11 00000020: 20 54 65 73 74 20 43 6c 69 65 6e 74 31 13 30 11
00000030: 06 03 55 04 0a 13 0a 45 4c 56 49 53 2d 50 4c 55 00000030: 06 03 55 04 0a 13 0a 45 4c 56 49 53 2d 50 4c 55
00000040: 53 31 0b 30 09 06 03 55 04 06 13 02 52 55 26 00 00000040: 53 31 0b 30 09 06 03 55 04 06 13 02 52 55 26 00
00000050: 05 00 04 30 82 04 f7 30 82 04 a4 a0 03 02 01 02 00000050: 05 00 04 30 82 04 f7 30 82 04 a4 a0 03 02 01 02
00000060: 02 13 7c 00 03 da a8 9e 1e ff 9e 79 05 fb bb 00 00000060: 02 13 7c 00 03 da a8 9e 1e ff 9e 79 05 fb bb 00
00000070: 01 00 03 da a8 30 0a 06 08 2a 85 03 07 01 01 03 00000070: 01 00 03 da a8 30 0a 06 08 2a 85 03 07 01 01 03
00000080: 02 30 82 01 0a 31 18 30 16 06 05 2a 85 03 64 01 00000080: 02 30 82 01 0a 31 18 30 16 06 05 2a 85 03 64 01
skipping to change at page 102, line 46 skipping to change at line 4632
00000170: 91 c5 ea b4 60 64 db ed d5 bc fc 3a 73 62 ce b2 00000170: 91 c5 ea b4 60 64 db ed d5 bc fc 3a 73 62 ce b2
00000180: ff 7a 15 95 0d 77 00 ee 5c a8 c5 89 2f 39 13 59 00000180: ff 7a 15 95 0d 77 00 ee 5c a8 c5 89 2f 39 13 59
00000190: dd 52 ea 11 ae 28 82 36 be aa 29 68 4c f6 63 d5 00000190: dd 52 ea 11 ae 28 82 36 be aa 29 68 4c f6 63 d5
000001A0: 93 a5 54 3d 8f 13 26 0a 87 34 b9 81 1c 2c cd d5 000001A0: 93 a5 54 3d 8f 13 26 0a 87 34 b9 81 1c 2c cd d5
000001B0: 79 3a 65 6d 1c 6e 32 be b0 77 b7 b3 e4 ae b8 72 000001B0: 79 3a 65 6d 1c 6e 32 be b0 77 b7 b3 e4 ae b8 72
000001C0: f9 44 59 e9 14 46 67 56 93 ca 70 d1 ac 25 05 62 000001C0: f9 44 59 e9 14 46 67 56 93 ca 70 d1 ac 25 05 62
000001D0: f7 55 c2 9e 2e 11 a7 29 01 24 77 4a 6f 1c ba f6 000001D0: f7 55 c2 9e 2e 11 a7 29 01 24 77 4a 6f 1c ba f6
000001E0: 4a 4f 83 75 29 1e c7 a9 68 29 02 d0 000001E0: 4a 4f 83 75 29 1e c7 a9 68 29 02 d0
(91) Decrypts ciphertext and verifies ICV using K3i as K_msg, (91) Decrypts ciphertext and verifies ICV using K3i as K_msg,
resulted in plaintext (fragment 2) resulting in plaintext (fragment 2)
00000000: 09 06 03 55 04 06 13 02 52 55 30 81 aa 30 21 06 00000000: 09 06 03 55 04 06 13 02 52 55 30 81 aa 30 21 06
00000010: 08 2a 85 03 07 01 01 01 02 30 15 06 09 2a 85 03 00000010: 08 2a 85 03 07 01 01 01 02 30 15 06 09 2a 85 03
00000020: 07 01 02 01 02 01 06 08 2a 85 03 07 01 01 02 03 00000020: 07 01 02 01 02 01 06 08 2a 85 03 07 01 01 02 03
00000030: 03 81 84 00 04 81 80 ee 2f 0a 0e 09 1e 7e 04 ef 00000030: 03 81 84 00 04 81 80 ee 2f 0a 0e 09 1e 7e 04 ef
00000040: ba 5b 62 a2 52 86 e1 9c 24 50 30 50 b0 b4 8a 37 00000040: ba 5b 62 a2 52 86 e1 9c 24 50 30 50 b0 b4 8a 37
00000050: 35 b5 fc af 28 94 ec b5 9b 92 41 5b 69 e2 c9 ba 00000050: 35 b5 fc af 28 94 ec b5 9b 92 41 5b 69 e2 c9 ba
00000060: 24 de 6a 72 c4 ef 44 bb 89 a1 05 14 1b 87 3d 6a 00000060: 24 de 6a 72 c4 ef 44 bb 89 a1 05 14 1b 87 3d 6a
00000070: a3 72 3e 17 ca 7f 39 28 ce 16 8b dd 07 52 87 6a 00000070: a3 72 3e 17 ca 7f 39 28 ce 16 8b dd 07 52 87 6a
00000080: 0d 77 42 6d 99 2b 46 2c fd 4b b2 7c d7 c7 17 08 00000080: 0d 77 42 6d 99 2b 46 2c fd 4b b2 7c d7 c7 17 08
skipping to change at page 104, line 46 skipping to change at line 4724
00000170: 19 7f f8 08 5a 0f 09 4f 6f ba 7f 4c 5b cd 0c c2 00000170: 19 7f f8 08 5a 0f 09 4f 6f ba 7f 4c 5b cd 0c c2
00000180: 71 ab ea 82 a2 d2 d1 1b 17 fd dc c3 54 03 85 14 00000180: 71 ab ea 82 a2 d2 d1 1b 17 fd dc c3 54 03 85 14
00000190: f4 90 47 2e 67 d7 93 c3 67 7e 8a f7 43 1a b3 41 00000190: f4 90 47 2e 67 d7 93 c3 67 7e 8a f7 43 1a b3 41
000001A0: 32 f7 b0 58 38 6e 24 c8 96 d9 94 d3 54 89 2d 61 000001A0: 32 f7 b0 58 38 6e 24 c8 96 d9 94 d3 54 89 2d 61
000001B0: 10 a9 9c 22 51 52 02 c9 b7 8d cc 5b 28 6d cb 55 000001B0: 10 a9 9c 22 51 52 02 c9 b7 8d cc 5b 28 6d cb 55
000001C0: 5d 2f 97 8a 8f 3f 27 56 73 eb ec 5d e4 64 91 49 000001C0: 5d 2f 97 8a 8f 3f 27 56 73 eb ec 5d e4 64 91 49
000001D0: 3b 88 f2 0a fc ed a5 67 a9 e3 71 ef 31 ce a0 33 000001D0: 3b 88 f2 0a fc ed a5 67 a9 e3 71 ef 31 ce a0 33
000001E0: fc d8 ea 4d 1e 3f dc 89 c8 89 e2 c3 000001E0: fc d8 ea 4d 1e 3f dc 89 c8 89 e2 c3
(98) Decrypts ciphertext and verifies ICV using K3i as K_msg, (98) Decrypts ciphertext and verifies ICV using K3i as K_msg,
resulted in plaintext (fragment 3) resulting in plaintext (fragment 3)
00000000: 30 30 32 32 28 31 29 2e 63 72 6c 86 3f 68 74 74 00000000: 30 30 32 32 28 31 29 2e 63 72 6c 86 3f 68 74 74
00000010: 70 3a 2f 2f 74 65 73 74 67 6f 73 74 32 30 31 32 00000010: 70 3a 2f 2f 74 65 73 74 67 6f 73 74 32 30 31 32
00000020: 2e 63 72 79 70 74 6f 70 72 6f 2e 72 75 2f 43 65 00000020: 2e 63 72 79 70 74 6f 70 72 6f 2e 72 75 2f 43 65
00000030: 72 74 45 6e 72 6f 6c 6c 2f 74 65 73 74 67 6f 73 00000030: 72 74 45 6e 72 6f 6c 6c 2f 74 65 73 74 67 6f 73
00000040: 74 32 30 31 32 28 31 29 2e 63 72 6c 30 81 da 06 00000040: 74 32 30 31 32 28 31 29 2e 63 72 6c 30 81 da 06
00000050: 08 2b 06 01 05 05 07 01 01 04 81 cd 30 81 ca 30 00000050: 08 2b 06 01 05 05 07 01 01 04 81 cd 30 81 ca 30
00000060: 44 06 08 2b 06 01 05 05 07 30 02 86 38 68 74 74 00000060: 44 06 08 2b 06 01 05 05 07 30 02 86 38 68 74 74
00000070: 70 3a 2f 2f 74 65 73 74 67 6f 73 74 32 30 31 32 00000070: 70 3a 2f 2f 74 65 73 74 67 6f 73 74 32 30 31 32
00000080: 2e 63 72 79 70 74 6f 70 72 6f 2e 72 75 2f 43 65 00000080: 2e 63 72 79 70 74 6f 70 72 6f 2e 72 75 2f 43 65
skipping to change at page 106, line 36 skipping to change at line 4806
000000D0: 36 fc a5 bb 1f d7 6d e7 1d 9f 3f b5 cc 60 19 48 000000D0: 36 fc a5 bb 1f d7 6d e7 1d 9f 3f b5 cc 60 19 48
000000E0: 17 f7 08 28 1c 58 9f 2b 7a 0b b9 50 bd 02 ea b8 000000E0: 17 f7 08 28 1c 58 9f 2b 7a 0b b9 50 bd 02 ea b8
000000F0: 1e 03 1f 52 6a 7a fc e5 b4 6b 00 cf 0d 83 1f d2 000000F0: 1e 03 1f 52 6a 7a fc e5 b4 6b 00 cf 0d 83 1f d2
00000100: 3f f2 ad 43 d4 86 6e c1 88 d2 87 d6 1f ac a3 30 00000100: 3f f2 ad 43 d4 86 6e c1 88 d2 87 d6 1f ac a3 30
00000110: 7b c1 5b 6a 3d 4c 20 72 5d 2c ca bf 87 a2 ce 1d 00000110: 7b c1 5b 6a 3d 4c 20 72 5d 2c ca bf 87 a2 ce 1d
00000120: b3 fa c7 7c 22 cd 66 fc be 49 22 32 17 ee 6e 5e 00000120: b3 fa c7 7c 22 cd 66 fc be 49 22 32 17 ee 6e 5e
00000130: 62 c1 ca 12 2b 5d 3d 7b ae b5 3e 53 c5 98 05 1f 00000130: 62 c1 ca 12 2b 5d 3d 7b ae b5 3e 53 c5 98 05 1f
00000140: 42 53 49 d1 2c c2 00000140: 42 53 49 d1 2c c2
(105) Decrypts ciphertext and verifies ICV using K3i as K_msg, (105) Decrypts ciphertext and verifies ICV using K3i as K_msg,
resulted in plaintext (fragment 4) resulting in plaintext (fragment 4)
00000000: 08 2a 85 03 07 01 01 03 03 6a 3e 59 0d 72 1e 55 00000000: 08 2a 85 03 07 01 01 03 03 6a 3e 59 0d 72 1e 55
00000010: a3 c0 d1 2f 8a 9b 4e 44 10 58 59 bd 62 9e e7 12 00000010: a3 c0 d1 2f 8a 9b 4e 44 10 58 59 bd 62 9e e7 12
00000020: 31 e5 7d 01 53 f3 84 40 dd ac 73 ed 09 3a 10 d9 00000020: 31 e5 7d 01 53 f3 84 40 dd ac 73 ed 09 3a 10 d9
00000030: 6e 7f eb 80 6c 11 9e 91 f3 7c 3c b0 55 f7 4b ec 00000030: 6e 7f eb 80 6c 11 9e 91 f3 7c 3c b0 55 f7 4b ec
00000040: 0e 78 36 10 95 02 09 86 b3 27 04 2a 83 3c 89 36 00000040: 0e 78 36 10 95 02 09 86 b3 27 04 2a 83 3c 89 36
00000050: 1b 73 cf 7b c9 e0 df a2 07 12 1e 69 52 4d 89 1b 00000050: 1b 73 cf 7b c9 e0 df a2 07 12 1e 69 52 4d 89 1b
00000060: de 6e 48 d1 34 fa 21 78 22 88 2e 30 86 c0 80 0a 00000060: de 6e 48 d1 34 fa 21 78 22 88 2e 30 86 c0 80 0a
00000070: 2d 74 af 08 ff 35 75 a5 79 e3 85 40 22 6b a8 42 00000070: 2d 74 af 08 ff 35 75 a5 79 e3 85 40 22 6b a8 42
00000080: f6 72 24 bf 29 87 58 a8 20 29 00 00 08 00 00 40 00000080: f6 72 24 bf 29 87 58 a8 20 29 00 00 08 00 00 40
skipping to change at page 111, line 36 skipping to change at line 5005
00000160: b5 d1 81 d1 82 d0 be d0 b2 d1 8b d0 b9 20 d0 a3 00000160: b5 d1 81 d1 82 d0 be d0 b2 d1 8b d0 b9 20 d0 a3
00000170: d0 a6 20 d0 9e d0 9e d0 9e 20 22 d0 9a d0 a0 d0 00000170: d0 a6 20 d0 9e d0 9e d0 9e 20 22 d0 9a d0 a0 d0
00000180: 98 d0 9f d0 a2 d0 9e 2d d0 9f d0 a0 d0 9e 22 30 00000180: 98 d0 9f d0 a2 d0 9e 2d d0 9f d0 a0 d0 9e 22 30
00000190: 1e 17 0d 32 31 30 39 33 30 31 33 32 34 30 36 5a 00000190: 1e 17 0d 32 31 30 39 33 30 31 33 32 34 30 36 5a
000001A0: 17 0d 32 31 31 32 33 30 31 33 33 34 30 36 5a 30 000001A0: 17 0d 32 31 31 32 33 30 31 33 33 34 30 36 5a 30
000001B0: 44 31 20 30 1e 06 03 55 04 03 13 17 49 4b 45 20 000001B0: 44 31 20 30 1e 06 03 55 04 03 13 17 49 4b 45 20
000001C0: 49 6e 74 65 72 6f 70 20 54 65 73 74 20 53 65 72 000001C0: 49 6e 74 65 72 6f 70 20 54 65 73 74 20 53 65 72
000001D0: 76 65 72 31 13 30 11 06 03 55 04 0a 13 0a 45 4c 000001D0: 76 65 72 31 13 30 11 06 03 55 04 0a 13 0a 45 4c
000001E0: 56 49 53 2d 50 4c 55 53 31 0b 30 00 000001E0: 56 49 53 2d 50 4c 55 53 31 0b 30 00
(123) Encrypts plaintext using K3r as K_msg, resulted in ciphertext (123) Encrypts plaintext using K3r as K_msg, resulting in ciphertext
(fragment 1) (fragment 1)
00000000: 73 f2 45 3e fb 6a 26 28 67 7d 14 e3 bf 0a 90 74 00000000: 73 f2 45 3e fb 6a 26 28 67 7d 14 e3 bf 0a 90 74
00000010: c9 95 6a 40 d5 4e a6 77 cf 58 2e b8 ae 52 f4 25 00000010: c9 95 6a 40 d5 4e a6 77 cf 58 2e b8 ae 52 f4 25
00000020: f7 82 bc d9 f0 74 4e 38 51 90 07 70 27 f8 01 27 00000020: f7 82 bc d9 f0 74 4e 38 51 90 07 70 27 f8 01 27
00000030: 17 da f4 ba bc 1e 02 0b 73 ec cc 7b f8 b3 68 64 00000030: 17 da f4 ba bc 1e 02 0b 73 ec cc 7b f8 b3 68 64
00000040: f3 48 65 33 3b ab ac 19 11 d3 f7 78 b4 f8 d1 3f 00000040: f3 48 65 33 3b ab ac 19 11 d3 f7 78 b4 f8 d1 3f
00000050: 6d 46 93 37 a6 58 48 3a 7d d0 8a 9c 84 ab de eb 00000050: 6d 46 93 37 a6 58 48 3a 7d d0 8a 9c 84 ab de eb
00000060: 0d d4 8d ab 75 20 18 27 42 fe 24 ee ba c4 a4 6e 00000060: 0d d4 8d ab 75 20 18 27 42 fe 24 ee ba c4 a4 6e
00000070: db 80 68 3c 84 7e d6 36 50 d4 1b 1c bc c5 9f 18 00000070: db 80 68 3c 84 7e d6 36 50 d4 1b 1c bc c5 9f 18
skipping to change at page 113, line 42 skipping to change at line 5092
00000160: 21 30 34 31 65 21 30 34 31 65 21 30 34 31 65 25 00000160: 21 30 34 31 65 21 30 34 31 65 21 30 34 31 65 25
00000170: 32 30 21 30 30 32 32 21 30 34 31 61 21 30 34 32 00000170: 32 30 21 30 30 32 32 21 30 34 31 61 21 30 34 32
00000180: 30 21 30 34 31 38 21 30 34 31 66 21 30 34 32 32 00000180: 30 21 30 34 31 38 21 30 34 31 66 21 30 34 32 32
00000190: 21 30 34 31 65 2d 21 30 34 31 66 21 30 34 32 30 00000190: 21 30 34 31 65 2d 21 30 34 31 66 21 30 34 32 30
000001A0: 21 30 34 31 65 21 30 30 32 32 28 31 29 2e 63 72 000001A0: 21 30 34 31 65 21 30 30 32 32 28 31 29 2e 63 72
000001B0: 6c 86 3f 68 74 74 70 3a 2f 2f 74 65 73 74 67 6f 000001B0: 6c 86 3f 68 74 74 70 3a 2f 2f 74 65 73 74 67 6f
000001C0: 73 74 32 30 31 32 2e 63 72 79 70 74 6f 70 72 6f 000001C0: 73 74 32 30 31 32 2e 63 72 79 70 74 6f 70 72 6f
000001D0: 2e 72 75 2f 43 65 72 74 45 6e 72 6f 6c 6c 2f 74 000001D0: 2e 72 75 2f 43 65 72 74 45 6e 72 6f 6c 6c 2f 74
000001E0: 65 73 74 67 6f 73 74 32 30 31 32 00 000001E0: 65 73 74 67 6f 73 74 32 30 31 32 00
(129) Encrypts plaintext using K3r as K_msg, resulted in ciphertext (129) Encrypts plaintext using K3r as K_msg, resulting in ciphertext
(fragment 2) (fragment 2)
00000000: b1 c8 8d ae d9 6f 91 7e 5a 6a 2d 8c e0 d6 28 3e 00000000: b1 c8 8d ae d9 6f 91 7e 5a 6a 2d 8c e0 d6 28 3e
00000010: 10 59 46 12 a1 1e fa 53 c3 58 ec 4e a9 a5 92 0c 00000010: 10 59 46 12 a1 1e fa 53 c3 58 ec 4e a9 a5 92 0c
00000020: fa 5e cf a3 33 4a 8b b7 56 66 54 d9 9c 64 2e b6 00000020: fa 5e cf a3 33 4a 8b b7 56 66 54 d9 9c 64 2e b6
00000030: 4d 03 3f 77 a8 17 88 f6 23 e0 2e 56 a6 a2 4c 4d 00000030: 4d 03 3f 77 a8 17 88 f6 23 e0 2e 56 a6 a2 4c 4d
00000040: 6e e3 09 8a 2e 31 a1 85 1c cf ce 95 e7 73 93 8e 00000040: 6e e3 09 8a 2e 31 a1 85 1c cf ce 95 e7 73 93 8e
00000050: 9c 5a 7b 3b 49 75 96 69 d4 b0 46 f7 74 b0 0d 5d 00000050: 9c 5a 7b 3b 49 75 96 69 d4 b0 46 f7 74 b0 0d 5d
00000060: 91 3b 6d 2b a4 46 cc 5c d9 a8 38 c0 6b ad 73 35 00000060: 91 3b 6d 2b a4 46 cc 5c d9 a8 38 c0 6b ad 73 35
00000070: 09 aa c7 4c 91 8a 84 1c dd 3f e1 44 f7 c5 9c 61 00000070: 09 aa c7 4c 91 8a 84 1c dd 3f e1 44 f7 c5 9c 61
skipping to change at page 115, line 42 skipping to change at line 5179
00000160: 61 9c da a5 16 94 83 c5 68 5f e8 4d 03 e7 c2 cd 00000160: 61 9c da a5 16 94 83 c5 68 5f e8 4d 03 e7 c2 cd
00000170: 08 07 b8 f3 46 66 6d 05 76 c0 d5 e7 60 1d 59 49 00000170: 08 07 b8 f3 46 66 6d 05 76 c0 d5 e7 60 1d 59 49
00000180: 09 45 52 c4 95 a7 5a d3 29 00 00 08 00 00 40 00 00000180: 09 45 52 c4 95 a7 5a d3 29 00 00 08 00 00 40 00
00000190: 2f 00 00 0c 00 00 40 01 00 00 00 40 21 00 00 10 00000190: 2f 00 00 0c 00 00 40 01 00 00 00 40 21 00 00 10
000001A0: 02 00 00 00 00 01 00 04 0a 01 01 03 2c 00 00 20 000001A0: 02 00 00 00 00 01 00 04 0a 01 01 03 2c 00 00 20
000001B0: 00 00 00 1c 01 03 04 02 34 ff 8a 25 03 00 00 08 000001B0: 00 00 00 1c 01 03 04 02 34 ff 8a 25 03 00 00 08
000001C0: 01 00 00 21 00 00 00 08 05 00 00 00 2d 00 00 18 000001C0: 01 00 00 21 00 00 00 08 05 00 00 00 2d 00 00 18
000001D0: 01 00 00 00 07 00 00 10 00 00 ff ff 0a 01 01 03 000001D0: 01 00 00 00 07 00 00 10 00 00 ff ff 0a 01 01 03
000001E0: 0a 01 01 03 29 00 00 18 01 00 00 00 000001E0: 0a 01 01 03 29 00 00 18 01 00 00 00
(135) Encrypts plaintext using K3r as K_msg, resulted in ciphertext (135) Encrypts plaintext using K3r as K_msg, resulting in ciphertext
(fragment 3) (fragment 3)
00000000: 08 e0 86 04 1f 8a c9 b5 68 cd 96 10 ab 59 99 3a 00000000: 08 e0 86 04 1f 8a c9 b5 68 cd 96 10 ab 59 99 3a
00000010: 54 7b a9 fa d7 60 46 ec c3 bf bd 8f fa 03 ed 41 00000010: 54 7b a9 fa d7 60 46 ec c3 bf bd 8f fa 03 ed 41
00000020: 49 13 ca 8c 9c b8 0c df 81 25 e2 30 ca cb 65 b9 00000020: 49 13 ca 8c 9c b8 0c df 81 25 e2 30 ca cb 65 b9
00000030: 16 55 8e 67 f4 b3 7c b8 91 66 76 7c a4 15 98 a3 00000030: 16 55 8e 67 f4 b3 7c b8 91 66 76 7c a4 15 98 a3
00000040: 3a c9 48 64 e4 ce 9f 64 67 5d bb 7c 03 23 9e c9 00000040: 3a c9 48 64 e4 ce 9f 64 67 5d bb 7c 03 23 9e c9
00000050: 81 3f da 48 ee a6 2a d8 fb ac 77 ce ed c2 a4 d9 00000050: 81 3f da 48 ee a6 2a d8 fb ac 77 ce ed c2 a4 d9
00000060: 24 d3 71 99 fc 71 2b 6c 10 d3 c3 4b b5 37 e2 55 00000060: 24 d3 71 99 fc 71 2b 6c 10 d3 c3 4b b5 37 e2 55
00000070: 5f d5 ee c0 d6 ff 66 15 8c e5 63 26 96 cd 3f 49 00000070: 5f d5 ee c0 d6 ff 66 15 8c e5 63 26 96 cd 3f 49
skipping to change at page 117, line 4 skipping to change at line 5227
(137) Composes IV (fragment 3) (137) Composes IV (fragment 3)
00000000: 00 00 00 00 00 00 00 02 00000000: 00 00 00 00 00 00 00 02
(138) Composes MGM nonce (fragment 4) (138) Composes MGM nonce (fragment 4)
00000000: 00 00 00 03 a5 bb 18 2f 00000000: 00 00 00 03 a5 bb 18 2f
(139) Composes AAD (fragment 4) (139) Composes AAD (fragment 4)
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e 00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 35 20 23 20 00 00 00 01 00 00 00 5e 00 00 00 42 00000010: 35 20 23 20 00 00 00 01 00 00 00 5e 00 00 00 42
00000020: 00 04 00 04 00000020: 00 04 00 04
(140) Composes plaintext (fragment 4) (140) Composes plaintext (fragment 4)
00000000: 00 07 00 00 10 00 00 ff ff 0a 00 00 00 0a 00 00 00000000: 00 07 00 00 10 00 00 ff ff 0a 00 00 00 0a 00 00
00000010: ff 29 00 00 08 00 00 40 02 29 00 00 08 00 00 40 00000010: ff 29 00 00 08 00 00 40 02 29 00 00 08 00 00 40
00000020: 0a 00 00 00 08 00 00 40 0b 00 00000020: 0a 00 00 00 08 00 00 40 0b 00
(141) Encrypts plaintext using K3r as K_msg, resulted in ciphertext (141) Encrypts plaintext using K3r as K_msg, resulting in ciphertext
(fragment 4) (fragment 4)
00000000: 81 fa 5d 7a 67 13 b7 93 f4 2c 01 b8 d1 02 8c ab 00000000: 81 fa 5d 7a 67 13 b7 93 f4 2c 01 b8 d1 02 8c ab
00000010: 8e 80 47 25 6e c5 69 e3 0c 84 cd 35 9a 0f 7a cc 00000010: 8e 80 47 25 6e c5 69 e3 0c 84 cd 35 9a 0f 7a cc
00000020: 0a 92 7a 74 77 dc ba 60 ac 4a 00000020: 0a 92 7a 74 77 dc ba 60 ac 4a
(142) Computes ICV using K3r as K_msg (fragment 4) (142) Computes ICV using K3r as K_msg (fragment 4)
00000000: 6c 27 70 e0 8a 82 bd 4b 00000000: 6c 27 70 e0 8a 82 bd 4b
(143) Composes IV (fragment 4) (143) Composes IV (fragment 4)
00000000: 00 00 00 00 00 00 00 03 00000000: 00 00 00 00 00 00 00 03
(144) Sends message fragment (1) , peer receives message fragment (1) (144) Sends message fragment (1), peer receives message fragment (1)
10.111.10.171:54295<-10.111.15.45:4500 [548] 10.111.10.171:54295<-10.111.15.45:4500 [548]
00000000: 00 00 00 00 92 80 e0 82 2e 75 87 78 db 57 8d 97 00000000: 00 00 00 00 92 80 e0 82 2e 75 87 78 db 57 8d 97
00000010: de 11 9d 1e 35 20 23 20 00 00 00 01 00 00 02 20 00000010: de 11 9d 1e 35 20 23 20 00 00 00 01 00 00 02 20
00000020: 24 00 02 04 00 01 00 04 00 00 00 00 00 00 00 00 00000020: 24 00 02 04 00 01 00 04 00 00 00 00 00 00 00 00
00000030: 73 f2 45 3e fb 6a 26 28 67 7d 14 e3 bf 0a 90 74 00000030: 73 f2 45 3e fb 6a 26 28 67 7d 14 e3 bf 0a 90 74
00000040: c9 95 6a 40 d5 4e a6 77 cf 58 2e b8 ae 52 f4 25 00000040: c9 95 6a 40 d5 4e a6 77 cf 58 2e b8 ae 52 f4 25
00000050: f7 82 bc d9 f0 74 4e 38 51 90 07 70 27 f8 01 27 00000050: f7 82 bc d9 f0 74 4e 38 51 90 07 70 27 f8 01 27
00000060: 17 da f4 ba bc 1e 02 0b 73 ec cc 7b f8 b3 68 64 00000060: 17 da f4 ba bc 1e 02 0b 73 ec cc 7b f8 b3 68 64
00000070: f3 48 65 33 3b ab ac 19 11 d3 f7 78 b4 f8 d1 3f 00000070: f3 48 65 33 3b ab ac 19 11 d3 f7 78 b4 f8 d1 3f
skipping to change at page 118, line 42 skipping to change at line 5293
000001A0: d4 08 4e 45 c2 c0 60 3b 73 df 6b 35 3a fe 38 2e 000001A0: d4 08 4e 45 c2 c0 60 3b 73 df 6b 35 3a fe 38 2e
000001B0: 25 75 fc be 89 4c d2 7a 9c 1f b4 41 a6 31 d3 3d 000001B0: 25 75 fc be 89 4c d2 7a 9c 1f b4 41 a6 31 d3 3d
000001C0: 39 a6 d1 c4 47 94 44 30 3a 2b 23 22 ba c0 a9 df 000001C0: 39 a6 d1 c4 47 94 44 30 3a 2b 23 22 ba c0 a9 df
000001D0: dc 1c 90 8d d1 e8 13 f9 08 68 5a 94 98 c7 3f 47 000001D0: dc 1c 90 8d d1 e8 13 f9 08 68 5a 94 98 c7 3f 47
000001E0: 77 79 b5 bb fb 22 56 4b 38 55 48 e8 14 d4 01 eb 000001E0: 77 79 b5 bb fb 22 56 4b 38 55 48 e8 14 d4 01 eb
000001F0: 63 e9 17 da 24 69 9a 6d dc 1e 25 06 ef 77 10 46 000001F0: 63 e9 17 da 24 69 9a 6d dc 1e 25 06 ef 77 10 46
00000200: ad 99 ad 9c 54 4f d4 68 64 ea 05 1d ef 29 ea 0e 00000200: ad 99 ad 9c 54 4f d4 68 64 ea 05 1d ef 29 ea 0e
00000210: 3c 1c 7e 27 cf 59 76 42 5b 02 04 b8 96 08 17 ed 00000210: 3c 1c 7e 27 cf 59 76 42 5b 02 04 b8 96 08 17 ed
00000220: ef 01 4d a0 00000220: ef 01 4d a0
(145) Sends message fragment (2) , peer receives message fragment (2) (145) Sends message fragment (2), peer receives message fragment (2)
10.111.10.171:54295<-10.111.15.45:4500 [548] 10.111.10.171:54295<-10.111.15.45:4500 [548]
00000000: 00 00 00 00 92 80 e0 82 2e 75 87 78 db 57 8d 97 00000000: 00 00 00 00 92 80 e0 82 2e 75 87 78 db 57 8d 97
00000010: de 11 9d 1e 35 20 23 20 00 00 00 01 00 00 02 20 00000010: de 11 9d 1e 35 20 23 20 00 00 00 01 00 00 02 20
00000020: 00 00 02 04 00 02 00 04 00 00 00 00 00 00 00 01 00000020: 00 00 02 04 00 02 00 04 00 00 00 00 00 00 00 01
00000030: b1 c8 8d ae d9 6f 91 7e 5a 6a 2d 8c e0 d6 28 3e 00000030: b1 c8 8d ae d9 6f 91 7e 5a 6a 2d 8c e0 d6 28 3e
00000040: 10 59 46 12 a1 1e fa 53 c3 58 ec 4e a9 a5 92 0c 00000040: 10 59 46 12 a1 1e fa 53 c3 58 ec 4e a9 a5 92 0c
00000050: fa 5e cf a3 33 4a 8b b7 56 66 54 d9 9c 64 2e b6 00000050: fa 5e cf a3 33 4a 8b b7 56 66 54 d9 9c 64 2e b6
00000060: 4d 03 3f 77 a8 17 88 f6 23 e0 2e 56 a6 a2 4c 4d 00000060: 4d 03 3f 77 a8 17 88 f6 23 e0 2e 56 a6 a2 4c 4d
00000070: 6e e3 09 8a 2e 31 a1 85 1c cf ce 95 e7 73 93 8e 00000070: 6e e3 09 8a 2e 31 a1 85 1c cf ce 95 e7 73 93 8e
skipping to change at page 119, line 42 skipping to change at line 5333
000001A0: 21 15 c4 f7 66 dc 02 cf 55 c2 e3 4d 8e 91 7a fd 000001A0: 21 15 c4 f7 66 dc 02 cf 55 c2 e3 4d 8e 91 7a fd
000001B0: d7 4d 20 b0 6f 67 78 58 08 9c ba 05 8b b0 9c 16 000001B0: d7 4d 20 b0 6f 67 78 58 08 9c ba 05 8b b0 9c 16
000001C0: 20 51 75 12 96 e2 d5 28 ac 3e 50 26 04 6f 59 02 000001C0: 20 51 75 12 96 e2 d5 28 ac 3e 50 26 04 6f 59 02
000001D0: 28 e0 ec 2c da 70 4a 9c 15 5a 2e 52 01 e6 4e 1e 000001D0: 28 e0 ec 2c da 70 4a 9c 15 5a 2e 52 01 e6 4e 1e
000001E0: 10 6d 8d 5d 2a 81 69 0e 54 d0 5e 13 82 82 84 9a 000001E0: 10 6d 8d 5d 2a 81 69 0e 54 d0 5e 13 82 82 84 9a
000001F0: ac a6 0e 69 4e 17 5c c1 8a 71 f8 b4 80 3b 7a e5 000001F0: ac a6 0e 69 4e 17 5c c1 8a 71 f8 b4 80 3b 7a e5
00000200: b8 1f 09 4a 02 14 24 07 af 6a 14 d9 52 8e da d3 00000200: b8 1f 09 4a 02 14 24 07 af 6a 14 d9 52 8e da d3
00000210: 58 23 68 71 27 b2 9a 03 09 f7 80 51 89 bd 07 12 00000210: 58 23 68 71 27 b2 9a 03 09 f7 80 51 89 bd 07 12
00000220: fc 3f 15 8d 00000220: fc 3f 15 8d
(146) Sends message fragment (3) , peer receives message fragment (3) (146) Sends message fragment (3), peer receives message fragment (3)
10.111.10.171:54295<-10.111.15.45:4500 [548] 10.111.10.171:54295<-10.111.15.45:4500 [548]
00000000: 00 00 00 00 92 80 e0 82 2e 75 87 78 db 57 8d 97 00000000: 00 00 00 00 92 80 e0 82 2e 75 87 78 db 57 8d 97
00000010: de 11 9d 1e 35 20 23 20 00 00 00 01 00 00 02 20 00000010: de 11 9d 1e 35 20 23 20 00 00 00 01 00 00 02 20
00000020: 00 00 02 04 00 03 00 04 00 00 00 00 00 00 00 02 00000020: 00 00 02 04 00 03 00 04 00 00 00 00 00 00 00 02
00000030: 08 e0 86 04 1f 8a c9 b5 68 cd 96 10 ab 59 99 3a 00000030: 08 e0 86 04 1f 8a c9 b5 68 cd 96 10 ab 59 99 3a
00000040: 54 7b a9 fa d7 60 46 ec c3 bf bd 8f fa 03 ed 41 00000040: 54 7b a9 fa d7 60 46 ec c3 bf bd 8f fa 03 ed 41
00000050: 49 13 ca 8c 9c b8 0c df 81 25 e2 30 ca cb 65 b9 00000050: 49 13 ca 8c 9c b8 0c df 81 25 e2 30 ca cb 65 b9
00000060: 16 55 8e 67 f4 b3 7c b8 91 66 76 7c a4 15 98 a3 00000060: 16 55 8e 67 f4 b3 7c b8 91 66 76 7c a4 15 98 a3
00000070: 3a c9 48 64 e4 ce 9f 64 67 5d bb 7c 03 23 9e c9 00000070: 3a c9 48 64 e4 ce 9f 64 67 5d bb 7c 03 23 9e c9
skipping to change at page 120, line 42 skipping to change at line 5373
000001A0: 26 e2 84 21 f2 5c 0a ed bf c4 34 1c a4 91 5e f3 000001A0: 26 e2 84 21 f2 5c 0a ed bf c4 34 1c a4 91 5e f3
000001B0: 47 ef 0e 9e fb ee 34 95 5d 21 72 43 c9 63 af b4 000001B0: 47 ef 0e 9e fb ee 34 95 5d 21 72 43 c9 63 af b4
000001C0: f2 98 4a 36 57 77 fc e7 57 52 b2 4d bf 34 2a 98 000001C0: f2 98 4a 36 57 77 fc e7 57 52 b2 4d bf 34 2a 98
000001D0: ea 70 cd d7 a9 da 4c 0d 19 05 d4 1e dd 36 c7 c4 000001D0: ea 70 cd d7 a9 da 4c 0d 19 05 d4 1e dd 36 c7 c4
000001E0: 31 54 18 2a ef 0e 30 44 97 31 15 57 cd d4 88 52 000001E0: 31 54 18 2a ef 0e 30 44 97 31 15 57 cd d4 88 52
000001F0: 4e 42 c8 20 89 8d 35 7b 8e 03 96 b4 74 fb ec 3b 000001F0: 4e 42 c8 20 89 8d 35 7b 8e 03 96 b4 74 fb ec 3b
00000200: 14 c2 64 49 92 f2 1f 3d ff 84 2d 92 4c b9 01 04 00000200: 14 c2 64 49 92 f2 1f 3d ff 84 2d 92 4c b9 01 04
00000210: 3d 0a 2a 28 33 de 43 44 6b cf 79 0e 7d 7c 57 8f 00000210: 3d 0a 2a 28 33 de 43 44 6b cf 79 0e 7d 7c 57 8f
00000220: 91 d0 c9 eb 00000220: 91 d0 c9 eb
(147) Sends message fragment (4) , peer receives message fragment (4) (147) Sends message fragment (4), peer receives message fragment (4)
10.111.10.171:54295<-10.111.15.45:4500 [98] 10.111.10.171:54295<-10.111.15.45:4500 [98]
00000000: 00 00 00 00 92 80 e0 82 2e 75 87 78 db 57 8d 97 00000000: 00 00 00 00 92 80 e0 82 2e 75 87 78 db 57 8d 97
00000010: de 11 9d 1e 35 20 23 20 00 00 00 01 00 00 00 5e 00000010: de 11 9d 1e 35 20 23 20 00 00 00 01 00 00 00 5e
00000020: 00 00 00 42 00 04 00 04 00 00 00 00 00 00 00 03 00000020: 00 00 00 42 00 04 00 04 00 00 00 00 00 00 00 03
00000030: 81 fa 5d 7a 67 13 b7 93 f4 2c 01 b8 d1 02 8c ab 00000030: 81 fa 5d 7a 67 13 b7 93 f4 2c 01 b8 d1 02 8c ab
00000040: 8e 80 47 25 6e c5 69 e3 0c 84 cd 35 9a 0f 7a cc 00000040: 8e 80 47 25 6e c5 69 e3 0c 84 cd 35 9a 0f 7a cc
00000050: 0a 92 7a 74 77 dc ba 60 ac 4a 6c 27 70 e0 8a 82 00000050: 0a 92 7a 74 77 dc ba 60 ac 4a 6c 27 70 e0 8a 82
00000060: bd 4b 00000060: bd 4b
skipping to change at page 122, line 37 skipping to change at line 5455
00000170: d4 08 4e 45 c2 c0 60 3b 73 df 6b 35 3a fe 38 2e 00000170: d4 08 4e 45 c2 c0 60 3b 73 df 6b 35 3a fe 38 2e
00000180: 25 75 fc be 89 4c d2 7a 9c 1f b4 41 a6 31 d3 3d 00000180: 25 75 fc be 89 4c d2 7a 9c 1f b4 41 a6 31 d3 3d
00000190: 39 a6 d1 c4 47 94 44 30 3a 2b 23 22 ba c0 a9 df 00000190: 39 a6 d1 c4 47 94 44 30 3a 2b 23 22 ba c0 a9 df
000001A0: dc 1c 90 8d d1 e8 13 f9 08 68 5a 94 98 c7 3f 47 000001A0: dc 1c 90 8d d1 e8 13 f9 08 68 5a 94 98 c7 3f 47
000001B0: 77 79 b5 bb fb 22 56 4b 38 55 48 e8 14 d4 01 eb 000001B0: 77 79 b5 bb fb 22 56 4b 38 55 48 e8 14 d4 01 eb
000001C0: 63 e9 17 da 24 69 9a 6d dc 1e 25 06 ef 77 10 46 000001C0: 63 e9 17 da 24 69 9a 6d dc 1e 25 06 ef 77 10 46
000001D0: ad 99 ad 9c 54 4f d4 68 64 ea 05 1d ef 29 ea 0e 000001D0: ad 99 ad 9c 54 4f d4 68 64 ea 05 1d ef 29 ea 0e
000001E0: 3c 1c 7e 27 cf 59 76 42 5b 02 04 b8 000001E0: 3c 1c 7e 27 cf 59 76 42 5b 02 04 b8
(156) Decrypts ciphertext and verifies ICV using K3r as K_msg, (156) Decrypts ciphertext and verifies ICV using K3r as K_msg,
resulted in plaintext (fragment 1) resulting in plaintext (fragment 1)
00000000: 25 00 00 4e 09 00 00 00 30 44 31 20 30 1e 06 03 00000000: 25 00 00 4e 09 00 00 00 30 44 31 20 30 1e 06 03
00000010: 55 04 03 13 17 49 4b 45 20 49 6e 74 65 72 6f 70 00000010: 55 04 03 13 17 49 4b 45 20 49 6e 74 65 72 6f 70
00000020: 20 54 65 73 74 20 53 65 72 76 65 72 31 13 30 11 00000020: 20 54 65 73 74 20 53 65 72 76 65 72 31 13 30 11
00000030: 06 03 55 04 0a 13 0a 45 4c 56 49 53 2d 50 4c 55 00000030: 06 03 55 04 0a 13 0a 45 4c 56 49 53 2d 50 4c 55
00000040: 53 31 0b 30 09 06 03 55 04 06 13 02 52 55 27 00 00000040: 53 31 0b 30 09 06 03 55 04 06 13 02 52 55 27 00
00000050: 04 bb 04 30 82 04 b2 30 82 04 5f a0 03 02 01 02 00000050: 04 bb 04 30 82 04 b2 30 82 04 5f a0 03 02 01 02
00000060: 02 13 7c 00 03 d9 02 ec f9 34 3e c8 aa d6 59 00 00000060: 02 13 7c 00 03 d9 02 ec f9 34 3e c8 aa d6 59 00
00000070: 01 00 03 d9 02 30 0a 06 08 2a 85 03 07 01 01 03 00000070: 01 00 03 d9 02 30 0a 06 08 2a 85 03 07 01 01 03
00000080: 02 30 82 01 0a 31 18 30 16 06 05 2a 85 03 64 01 00000080: 02 30 82 01 0a 31 18 30 16 06 05 2a 85 03 64 01
skipping to change at page 124, line 46 skipping to change at line 5547
00000170: 21 15 c4 f7 66 dc 02 cf 55 c2 e3 4d 8e 91 7a fd 00000170: 21 15 c4 f7 66 dc 02 cf 55 c2 e3 4d 8e 91 7a fd
00000180: d7 4d 20 b0 6f 67 78 58 08 9c ba 05 8b b0 9c 16 00000180: d7 4d 20 b0 6f 67 78 58 08 9c ba 05 8b b0 9c 16
00000190: 20 51 75 12 96 e2 d5 28 ac 3e 50 26 04 6f 59 02 00000190: 20 51 75 12 96 e2 d5 28 ac 3e 50 26 04 6f 59 02
000001A0: 28 e0 ec 2c da 70 4a 9c 15 5a 2e 52 01 e6 4e 1e 000001A0: 28 e0 ec 2c da 70 4a 9c 15 5a 2e 52 01 e6 4e 1e
000001B0: 10 6d 8d 5d 2a 81 69 0e 54 d0 5e 13 82 82 84 9a 000001B0: 10 6d 8d 5d 2a 81 69 0e 54 d0 5e 13 82 82 84 9a
000001C0: ac a6 0e 69 4e 17 5c c1 8a 71 f8 b4 80 3b 7a e5 000001C0: ac a6 0e 69 4e 17 5c c1 8a 71 f8 b4 80 3b 7a e5
000001D0: b8 1f 09 4a 02 14 24 07 af 6a 14 d9 52 8e da d3 000001D0: b8 1f 09 4a 02 14 24 07 af 6a 14 d9 52 8e da d3
000001E0: 58 23 68 71 27 b2 9a 03 09 f7 80 51 000001E0: 58 23 68 71 27 b2 9a 03 09 f7 80 51
(163) Decrypts ciphertext and verifies ICV using K3r as K_msg, (163) Decrypts ciphertext and verifies ICV using K3r as K_msg,
resulted in plaintext (fragment 2) resulting in plaintext (fragment 2)
00000000: 09 06 03 55 04 06 13 02 52 55 30 66 30 1f 06 08 00000000: 09 06 03 55 04 06 13 02 52 55 30 66 30 1f 06 08
00000010: 2a 85 03 07 01 01 01 01 30 13 06 07 2a 85 03 02 00000010: 2a 85 03 07 01 01 01 01 30 13 06 07 2a 85 03 02
00000020: 02 24 00 06 08 2a 85 03 07 01 01 02 02 03 43 00 00000020: 02 24 00 06 08 2a 85 03 07 01 01 02 02 03 43 00
00000030: 04 40 5b b3 14 3e f4 70 c1 70 d7 f3 27 25 d8 53 00000030: 04 40 5b b3 14 3e f4 70 c1 70 d7 f3 27 25 d8 53
00000040: 7c e6 de 6d 8c 29 f6 b2 32 64 56 dc b1 77 f2 3d 00000040: 7c e6 de 6d 8c 29 f6 b2 32 64 56 dc b1 77 f2 3d
00000050: fa f4 2a 5c f3 74 86 7f 04 72 51 c1 cf b3 43 36 00000050: fa f4 2a 5c f3 74 86 7f 04 72 51 c1 cf b3 43 36
00000060: f5 95 a2 af 05 47 57 1a 55 c0 78 a4 9d 64 26 b8 00000060: f5 95 a2 af 05 47 57 1a 55 c0 78 a4 9d 64 26 b8
00000070: 61 14 a3 82 02 59 30 82 02 55 30 0e 06 03 55 1d 00000070: 61 14 a3 82 02 59 30 82 02 55 30 0e 06 03 55 1d
00000080: 0f 01 01 ff 04 04 03 02 05 a0 30 13 06 03 55 1d 00000080: 0f 01 01 ff 04 04 03 02 05 a0 30 13 06 03 55 1d
skipping to change at page 126, line 46 skipping to change at line 5639
00000170: 26 e2 84 21 f2 5c 0a ed bf c4 34 1c a4 91 5e f3 00000170: 26 e2 84 21 f2 5c 0a ed bf c4 34 1c a4 91 5e f3
00000180: 47 ef 0e 9e fb ee 34 95 5d 21 72 43 c9 63 af b4 00000180: 47 ef 0e 9e fb ee 34 95 5d 21 72 43 c9 63 af b4
00000190: f2 98 4a 36 57 77 fc e7 57 52 b2 4d bf 34 2a 98 00000190: f2 98 4a 36 57 77 fc e7 57 52 b2 4d bf 34 2a 98
000001A0: ea 70 cd d7 a9 da 4c 0d 19 05 d4 1e dd 36 c7 c4 000001A0: ea 70 cd d7 a9 da 4c 0d 19 05 d4 1e dd 36 c7 c4
000001B0: 31 54 18 2a ef 0e 30 44 97 31 15 57 cd d4 88 52 000001B0: 31 54 18 2a ef 0e 30 44 97 31 15 57 cd d4 88 52
000001C0: 4e 42 c8 20 89 8d 35 7b 8e 03 96 b4 74 fb ec 3b 000001C0: 4e 42 c8 20 89 8d 35 7b 8e 03 96 b4 74 fb ec 3b
000001D0: 14 c2 64 49 92 f2 1f 3d ff 84 2d 92 4c b9 01 04 000001D0: 14 c2 64 49 92 f2 1f 3d ff 84 2d 92 4c b9 01 04
000001E0: 3d 0a 2a 28 33 de 43 44 6b cf 79 0e 000001E0: 3d 0a 2a 28 33 de 43 44 6b cf 79 0e
(170) Decrypts ciphertext and verifies ICV using K3r as K_msg, (170) Decrypts ciphertext and verifies ICV using K3r as K_msg,
resulted in plaintext (fragment 3) resulting in plaintext (fragment 3)
00000000: 28 31 29 2e 63 72 6c 30 81 da 06 08 2b 06 01 05 00000000: 28 31 29 2e 63 72 6c 30 81 da 06 08 2b 06 01 05
00000010: 05 07 01 01 04 81 cd 30 81 ca 30 44 06 08 2b 06 00000010: 05 07 01 01 04 81 cd 30 81 ca 30 44 06 08 2b 06
00000020: 01 05 05 07 30 02 86 38 68 74 74 70 3a 2f 2f 74 00000020: 01 05 05 07 30 02 86 38 68 74 74 70 3a 2f 2f 74
00000030: 65 73 74 67 6f 73 74 32 30 31 32 2e 63 72 79 70 00000030: 65 73 74 67 6f 73 74 32 30 31 32 2e 63 72 79 70
00000040: 74 6f 70 72 6f 2e 72 75 2f 43 65 72 74 45 6e 72 00000040: 74 6f 70 72 6f 2e 72 75 2f 43 65 72 74 45 6e 72
00000050: 6f 6c 6c 2f 72 6f 6f 74 32 30 31 38 2e 63 72 74 00000050: 6f 6c 6c 2f 72 6f 6f 74 32 30 31 38 2e 63 72 74
00000060: 30 3f 06 08 2b 06 01 05 05 07 30 01 86 33 68 74 00000060: 30 3f 06 08 2b 06 01 05 05 07 30 01 86 33 68 74
00000070: 74 70 3a 2f 2f 74 65 73 74 67 6f 73 74 32 30 31 00000070: 74 70 3a 2f 2f 74 65 73 74 67 6f 73 74 32 30 31
00000080: 32 2e 63 72 79 70 74 6f 70 72 6f 2e 72 75 2f 6f 00000080: 32 2e 63 72 79 70 74 6f 70 72 6f 2e 72 75 2f 6f
skipping to change at page 128, line 18 skipping to change at line 5703
00000010: 35 20 23 20 00 00 00 01 00 00 00 5e 00 00 00 42 00000010: 35 20 23 20 00 00 00 01 00 00 00 5e 00 00 00 42
00000020: 00 04 00 04 00000020: 00 04 00 04
(176) Extracts ciphertext from message (fragment 4) (176) Extracts ciphertext from message (fragment 4)
00000000: 81 fa 5d 7a 67 13 b7 93 f4 2c 01 b8 d1 02 8c ab 00000000: 81 fa 5d 7a 67 13 b7 93 f4 2c 01 b8 d1 02 8c ab
00000010: 8e 80 47 25 6e c5 69 e3 0c 84 cd 35 9a 0f 7a cc 00000010: 8e 80 47 25 6e c5 69 e3 0c 84 cd 35 9a 0f 7a cc
00000020: 0a 92 7a 74 77 dc ba 60 ac 4a 00000020: 0a 92 7a 74 77 dc ba 60 ac 4a
(177) Decrypts ciphertext and verifies ICV using K3r as K_msg, (177) Decrypts ciphertext and verifies ICV using K3r as K_msg,
resulted in plaintext (fragment 4) resulting in plaintext (fragment 4)
00000000: 00 07 00 00 10 00 00 ff ff 0a 00 00 00 0a 00 00 00000000: 00 07 00 00 10 00 00 ff ff 0a 00 00 00 0a 00 00
00000010: ff 29 00 00 08 00 00 40 02 29 00 00 08 00 00 40 00000010: ff 29 00 00 08 00 00 40 02 29 00 00 08 00 00 40
00000020: 0a 00 00 00 08 00 00 40 0b 00 00000020: 0a 00 00 00 08 00 00 40 0b 00
(178) Reassembles message from received fragments and parses it (178) Reassembles message from received fragments and parses it
IKE SA Auth IKE SA Auth
#9280E0822E758778.DB578D97DE119D1E.00000001 IKEv2 R=>I[1563] #9280E0822E758778.DB578D97DE119D1E.00000001 IKEv2 R=>I[1563]
4*EF[...]->E[1535]{ 4*EF[...]->E[1535]{
skipping to change at page 129, line 29 skipping to change at line 5762
(182) Computes keys for ESP SAs (182) Computes keys for ESP SAs
00000000: 98 ab 7e db 78 03 a1 e6 c7 21 43 ee b9 7f 5f 56 00000000: 98 ab 7e db 78 03 a1 e6 c7 21 43 ee b9 7f 5f 56
00000010: 45 bb 51 cd 0b b7 09 a1 af 34 02 87 69 4d 7b a0 00000010: 45 bb 51 cd 0b b7 09 a1 af 34 02 87 69 4d 7b a0
00000020: 1d 14 a0 cc 00000020: 1d 14 a0 cc
00000000: 70 31 4d 57 94 8b 7e 5c 6f 29 d5 68 1b fd 43 2b 00000000: 70 31 4d 57 94 8b 7e 5c 6f 29 d5 68 1b fd 43 2b
00000010: 19 4e 64 6d 8f 8a 8d 1e ba 72 24 59 c7 0c de 81 00000010: 19 4e 64 6d 8f 8a 8d 1e ba 72 24 59 c7 0c de 81
00000020: e2 04 84 af 00000020: e2 04 84 af
Sub-scenario 2: IKE SA rekeying using the CREATE_CHILD_SA exchange. A.2.2. Sub-Scenario 2: IKE SA Rekeying Using the CREATE_CHILD_SA
Exchange
Initiator Responder Initiator Responder
HDR, SK {SAi, Ni, KEi [,N+]} ---> HDR, SK {SAi, Ni, KEi [,N+]} --->
<--- HDR, SK {SAr, Nr, KEr [,N+]} <--- HDR, SK {SAr, Nr, KEr [,N+]}
Initiator's actions: Initiator's actions:
(1) Generates random SPIi for new IKE SA (1) Generates random SPIi for new IKE SA
00000000: fd d9 35 89 50 d5 db 22 00000000: fd d9 35 89 50 d5 db 22
(2) Generates random IKE nonce Ni (2) Generates random IKE nonce Ni
00000000: 2e 98 99 76 4a 67 1e d9 17 27 32 f2 6d 3a 93 3c 00000000: 2e 98 99 76 4a 67 1e d9 17 27 32 f2 6d 3a 93 3c
skipping to change at page 131, line 4 skipping to change at line 5822
(7) Composes MGM nonce (7) Composes MGM nonce
00000000: 00 00 00 00 b4 e1 3e 23 00000000: 00 00 00 00 b4 e1 3e 23
(8) Composes AAD (8) Composes AAD
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e 00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 2e 20 24 08 00 00 00 02 00 00 00 d5 21 00 00 b9 00000010: 2e 20 24 08 00 00 00 02 00 00 00 d5 21 00 00 b9
(9) Composes plaintext (9) Composes plaintext
00000000: 28 00 00 2c 00 00 00 28 01 01 08 03 fd d9 35 89 00000000: 28 00 00 2c 00 00 00 28 01 01 08 03 fd d9 35 89
00000010: 50 d5 db 22 03 00 00 08 01 00 00 21 03 00 00 08 00000010: 50 d5 db 22 03 00 00 08 01 00 00 21 03 00 00 08
00000020: 02 00 00 09 00 00 00 08 04 00 00 21 22 00 00 24 00000020: 02 00 00 09 00 00 00 08 04 00 00 21 22 00 00 24
00000030: 2e 98 99 76 4a 67 1e d9 17 27 32 f2 6d 3a 93 3c 00000030: 2e 98 99 76 4a 67 1e d9 17 27 32 f2 6d 3a 93 3c
00000040: 7f 21 2b 0e 59 90 cf 2a 7f 85 53 c5 ed 8a ec 37 00000040: 7f 21 2b 0e 59 90 cf 2a 7f 85 53 c5 ed 8a ec 37
00000050: 29 00 00 48 00 21 00 00 13 78 88 b1 0f 09 65 43 00000050: 29 00 00 48 00 21 00 00 13 78 88 b1 0f 09 65 43
00000060: 94 53 b7 26 5d 2a 8b 29 5f a9 d6 73 a2 d0 64 6c 00000060: 94 53 b7 26 5d 2a 8b 29 5f a9 d6 73 a2 d0 64 6c
00000070: 98 0f 02 44 d5 5a 1d 13 7b b4 4d 18 81 c3 ee 48 00000070: 98 0f 02 44 d5 5a 1d 13 7b b4 4d 18 81 c3 ee 48
00000080: 35 18 a7 71 ce 4f fa 45 b0 e9 74 63 37 58 32 7c 00000080: 35 18 a7 71 ce 4f fa 45 b0 e9 74 63 37 58 32 7c
00000090: ff a5 e4 98 b5 02 d4 ef 00 00 00 0c 00 00 40 01 00000090: ff a5 e4 98 b5 02 d4 ef 00 00 00 0c 00 00 40 01
000000A0: 00 00 00 04 00 000000A0: 00 00 00 04 00
(10) Encrypts plaintext using K3i as K_msg, resulted in ciphertext (10) Encrypts plaintext using K3i as K_msg, resulting in ciphertext
00000000: f4 d1 2b 1e 51 65 d1 0b 7f 38 c6 16 3f 6e 5e f7 00000000: f4 d1 2b 1e 51 65 d1 0b 7f 38 c6 16 3f 6e 5e f7
00000010: e0 48 24 15 6a 45 50 51 1a 6e fb 1c 1d b8 52 75 00000010: e0 48 24 15 6a 45 50 51 1a 6e fb 1c 1d b8 52 75
00000020: 80 56 e4 da fb e5 fe 42 08 71 79 99 ef 17 7a 03 00000020: 80 56 e4 da fb e5 fe 42 08 71 79 99 ef 17 7a 03
00000030: fc c3 c6 b0 15 a5 72 a4 1b de e2 b5 e6 46 56 73 00000030: fc c3 c6 b0 15 a5 72 a4 1b de e2 b5 e6 46 56 73
00000040: 3f 78 57 9e 6b b4 05 4c 86 91 c3 61 00 2d 9b 89 00000040: 3f 78 57 9e 6b b4 05 4c 86 91 c3 61 00 2d 9b 89
00000050: c0 0c 8b 11 0b 41 e7 92 16 7f f8 f6 5d ef f4 29 00000050: c0 0c 8b 11 0b 41 e7 92 16 7f f8 f6 5d ef f4 29
00000060: 27 ef ba 8c 5f 30 fd a9 12 4c 5f 8d e9 39 97 48 00000060: 27 ef ba 8c 5f 30 fd a9 12 4c 5f 8d e9 39 97 48
00000070: 9a e1 6a 91 01 c7 8c 94 aa 3b 89 bb 54 40 3b f1 00000070: 9a e1 6a 91 01 c7 8c 94 aa 3b 89 bb 54 40 3b f1
00000080: 8d 2b 0e 75 d8 f6 98 d2 74 e4 b7 2f f5 ac a0 41 00000080: 8d 2b 0e 75 d8 f6 98 d2 74 e4 b7 2f f5 ac a0 41
skipping to change at page 133, line 4 skipping to change at line 5901
(17) Extracts ICV from message (17) Extracts ICV from message
00000000: 49 96 ac 4c 3f c4 fc 1d 00000000: 49 96 ac 4c 3f c4 fc 1d
(18) Extracts AAD from message (18) Extracts AAD from message
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e 00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 2e 20 24 08 00 00 00 02 00 00 00 d5 21 00 00 b9 00000010: 2e 20 24 08 00 00 00 02 00 00 00 d5 21 00 00 b9
(19) Extracts ciphertext from message (19) Extracts ciphertext from message
00000000: f4 d1 2b 1e 51 65 d1 0b 7f 38 c6 16 3f 6e 5e f7 00000000: f4 d1 2b 1e 51 65 d1 0b 7f 38 c6 16 3f 6e 5e f7
00000010: e0 48 24 15 6a 45 50 51 1a 6e fb 1c 1d b8 52 75 00000010: e0 48 24 15 6a 45 50 51 1a 6e fb 1c 1d b8 52 75
00000020: 80 56 e4 da fb e5 fe 42 08 71 79 99 ef 17 7a 03 00000020: 80 56 e4 da fb e5 fe 42 08 71 79 99 ef 17 7a 03
00000030: fc c3 c6 b0 15 a5 72 a4 1b de e2 b5 e6 46 56 73 00000030: fc c3 c6 b0 15 a5 72 a4 1b de e2 b5 e6 46 56 73
00000040: 3f 78 57 9e 6b b4 05 4c 86 91 c3 61 00 2d 9b 89 00000040: 3f 78 57 9e 6b b4 05 4c 86 91 c3 61 00 2d 9b 89
00000050: c0 0c 8b 11 0b 41 e7 92 16 7f f8 f6 5d ef f4 29 00000050: c0 0c 8b 11 0b 41 e7 92 16 7f f8 f6 5d ef f4 29
00000060: 27 ef ba 8c 5f 30 fd a9 12 4c 5f 8d e9 39 97 48 00000060: 27 ef ba 8c 5f 30 fd a9 12 4c 5f 8d e9 39 97 48
00000070: 9a e1 6a 91 01 c7 8c 94 aa 3b 89 bb 54 40 3b f1 00000070: 9a e1 6a 91 01 c7 8c 94 aa 3b 89 bb 54 40 3b f1
00000080: 8d 2b 0e 75 d8 f6 98 d2 74 e4 b7 2f f5 ac a0 41 00000080: 8d 2b 0e 75 d8 f6 98 d2 74 e4 b7 2f f5 ac a0 41
00000090: df 73 7f 1c 37 18 b9 79 8e 9d 6f ea e5 8a b6 9f 00000090: df 73 7f 1c 37 18 b9 79 8e 9d 6f ea e5 8a b6 9f
000000A0: 35 d9 d4 b3 cd 000000A0: 35 d9 d4 b3 cd
(20) Decrypts ciphertext and verifies ICV using K3i as K_msg, (20) Decrypts ciphertext and verifies ICV using K3i as K_msg,
resulted in plaintext resulting in plaintext
00000000: 28 00 00 2c 00 00 00 28 01 01 08 03 fd d9 35 89 00000000: 28 00 00 2c 00 00 00 28 01 01 08 03 fd d9 35 89
00000010: 50 d5 db 22 03 00 00 08 01 00 00 21 03 00 00 08 00000010: 50 d5 db 22 03 00 00 08 01 00 00 21 03 00 00 08
00000020: 02 00 00 09 00 00 00 08 04 00 00 21 22 00 00 24 00000020: 02 00 00 09 00 00 00 08 04 00 00 21 22 00 00 24
00000030: 2e 98 99 76 4a 67 1e d9 17 27 32 f2 6d 3a 93 3c 00000030: 2e 98 99 76 4a 67 1e d9 17 27 32 f2 6d 3a 93 3c
00000040: 7f 21 2b 0e 59 90 cf 2a 7f 85 53 c5 ed 8a ec 37 00000040: 7f 21 2b 0e 59 90 cf 2a 7f 85 53 c5 ed 8a ec 37
00000050: 29 00 00 48 00 21 00 00 13 78 88 b1 0f 09 65 43 00000050: 29 00 00 48 00 21 00 00 13 78 88 b1 0f 09 65 43
00000060: 94 53 b7 26 5d 2a 8b 29 5f a9 d6 73 a2 d0 64 6c 00000060: 94 53 b7 26 5d 2a 8b 29 5f a9 d6 73 a2 d0 64 6c
00000070: 98 0f 02 44 d5 5a 1d 13 7b b4 4d 18 81 c3 ee 48 00000070: 98 0f 02 44 d5 5a 1d 13 7b b4 4d 18 81 c3 ee 48
00000080: 35 18 a7 71 ce 4f fa 45 b0 e9 74 63 37 58 32 7c 00000080: 35 18 a7 71 ce 4f fa 45 b0 e9 74 63 37 58 32 7c
skipping to change at page 135, line 44 skipping to change at line 6037
00000020: 02 00 00 09 00 00 00 08 04 00 00 21 22 00 00 24 00000020: 02 00 00 09 00 00 00 08 04 00 00 21 22 00 00 24
00000030: cf 8e 80 0f 84 c9 d8 50 06 a4 02 b5 19 2a 0f a0 00000030: cf 8e 80 0f 84 c9 d8 50 06 a4 02 b5 19 2a 0f a0
00000040: d7 f4 db 70 ca f1 2b 9b 02 ce 92 8d 97 20 43 96 00000040: d7 f4 db 70 ca f1 2b 9b 02 ce 92 8d 97 20 43 96
00000050: 29 00 00 48 00 21 00 00 ba 9c bb 8d c4 51 68 1c 00000050: 29 00 00 48 00 21 00 00 ba 9c bb 8d c4 51 68 1c
00000060: 63 50 9c 5b 78 c2 93 be 52 9b 7a a0 6b 14 1e 0f 00000060: 63 50 9c 5b 78 c2 93 be 52 9b 7a a0 6b 14 1e 0f
00000070: 52 d4 a3 0e 71 d7 5b 4c aa 58 af 26 21 d9 b2 92 00000070: 52 d4 a3 0e 71 d7 5b 4c aa 58 af 26 21 d9 b2 92
00000080: 87 1c d9 7a 89 6f c2 7d 7d 95 96 39 a2 36 37 8f 00000080: 87 1c d9 7a 89 6f c2 7d 7d 95 96 39 a2 36 37 8f
00000090: f4 b9 1d 2f a8 b7 f5 c9 00 00 00 0c 00 00 40 01 00000090: f4 b9 1d 2f a8 b7 f5 c9 00 00 00 0c 00 00 40 01
000000A0: 00 00 00 40 00 000000A0: 00 00 00 40 00
(36) Encrypts plaintext using K3r as K_msg, resulted in ciphertext (36) Encrypts plaintext using K3r as K_msg, resulting in ciphertext
00000000: 6e a0 bc 5e 58 16 91 db 1f e0 22 20 b6 75 fd e6 00000000: 6e a0 bc 5e 58 16 91 db 1f e0 22 20 b6 75 fd e6
00000010: e0 01 a7 86 0c 9c a6 77 ef cd f6 be e4 c8 31 18 00000010: e0 01 a7 86 0c 9c a6 77 ef cd f6 be e4 c8 31 18
00000020: c7 7f 68 58 d8 85 75 6c 1d 4a 0e 66 09 86 7c 84 00000020: c7 7f 68 58 d8 85 75 6c 1d 4a 0e 66 09 86 7c 84
00000030: 30 a7 2e f0 26 2b 19 da c5 25 34 5b 19 f0 97 86 00000030: 30 a7 2e f0 26 2b 19 da c5 25 34 5b 19 f0 97 86
00000040: 54 ca 08 92 65 9c e3 92 4d ee 92 0a a0 86 d7 3f 00000040: 54 ca 08 92 65 9c e3 92 4d ee 92 0a a0 86 d7 3f
00000050: 4d d9 f2 7e 32 48 b3 9f ea 54 d2 96 99 42 30 6b 00000050: 4d d9 f2 7e 32 48 b3 9f ea 54 d2 96 99 42 30 6b
00000060: b0 b4 fe 5d 4a fc 8c ff 54 f6 2f b7 ca 7b 83 01 00000060: b0 b4 fe 5d 4a fc 8c ff 54 f6 2f b7 ca 7b 83 01
00000070: 36 85 57 78 b3 74 84 72 9d 94 2f 6f ae 4e 26 bb 00000070: 36 85 57 78 b3 74 84 72 9d 94 2f 6f ae 4e 26 bb
00000080: 6e 06 84 2b ac f8 99 29 31 ad 7b dc db c0 0f 19 00000080: 6e 06 84 2b ac f8 99 29 31 ad 7b dc db c0 0f 19
00000090: 5f 06 42 2d 90 d2 6a 05 8a 41 ee 24 e2 49 a5 b6 00000090: 5f 06 42 2d 90 d2 6a 05 8a 41 ee 24 e2 49 a5 b6
skipping to change at page 137, line 35 skipping to change at line 6117
00000030: 30 a7 2e f0 26 2b 19 da c5 25 34 5b 19 f0 97 86 00000030: 30 a7 2e f0 26 2b 19 da c5 25 34 5b 19 f0 97 86
00000040: 54 ca 08 92 65 9c e3 92 4d ee 92 0a a0 86 d7 3f 00000040: 54 ca 08 92 65 9c e3 92 4d ee 92 0a a0 86 d7 3f
00000050: 4d d9 f2 7e 32 48 b3 9f ea 54 d2 96 99 42 30 6b 00000050: 4d d9 f2 7e 32 48 b3 9f ea 54 d2 96 99 42 30 6b
00000060: b0 b4 fe 5d 4a fc 8c ff 54 f6 2f b7 ca 7b 83 01 00000060: b0 b4 fe 5d 4a fc 8c ff 54 f6 2f b7 ca 7b 83 01
00000070: 36 85 57 78 b3 74 84 72 9d 94 2f 6f ae 4e 26 bb 00000070: 36 85 57 78 b3 74 84 72 9d 94 2f 6f ae 4e 26 bb
00000080: 6e 06 84 2b ac f8 99 29 31 ad 7b dc db c0 0f 19 00000080: 6e 06 84 2b ac f8 99 29 31 ad 7b dc db c0 0f 19
00000090: 5f 06 42 2d 90 d2 6a 05 8a 41 ee 24 e2 49 a5 b6 00000090: 5f 06 42 2d 90 d2 6a 05 8a 41 ee 24 e2 49 a5 b6
000000A0: 61 e8 cb 46 3c 000000A0: 61 e8 cb 46 3c
(46) Decrypts ciphertext and verifies ICV using K3r as K_msg, (46) Decrypts ciphertext and verifies ICV using K3r as K_msg,
resulted in plaintext resulting in plaintext
00000000: 28 00 00 2c 00 00 00 28 01 01 08 03 81 27 5d a2 00000000: 28 00 00 2c 00 00 00 28 01 01 08 03 81 27 5d a2
00000010: 98 90 1a 06 03 00 00 08 01 00 00 21 03 00 00 08 00000010: 98 90 1a 06 03 00 00 08 01 00 00 21 03 00 00 08
00000020: 02 00 00 09 00 00 00 08 04 00 00 21 22 00 00 24 00000020: 02 00 00 09 00 00 00 08 04 00 00 21 22 00 00 24
00000030: cf 8e 80 0f 84 c9 d8 50 06 a4 02 b5 19 2a 0f a0 00000030: cf 8e 80 0f 84 c9 d8 50 06 a4 02 b5 19 2a 0f a0
00000040: d7 f4 db 70 ca f1 2b 9b 02 ce 92 8d 97 20 43 96 00000040: d7 f4 db 70 ca f1 2b 9b 02 ce 92 8d 97 20 43 96
00000050: 29 00 00 48 00 21 00 00 ba 9c bb 8d c4 51 68 1c 00000050: 29 00 00 48 00 21 00 00 ba 9c bb 8d c4 51 68 1c
00000060: 63 50 9c 5b 78 c2 93 be 52 9b 7a a0 6b 14 1e 0f 00000060: 63 50 9c 5b 78 c2 93 be 52 9b 7a a0 6b 14 1e 0f
00000070: 52 d4 a3 0e 71 d7 5b 4c aa 58 af 26 21 d9 b2 92 00000070: 52 d4 a3 0e 71 d7 5b 4c aa 58 af 26 21 d9 b2 92
00000080: 87 1c d9 7a 89 6f c2 7d 7d 95 96 39 a2 36 37 8f 00000080: 87 1c d9 7a 89 6f c2 7d 7d 95 96 39 a2 36 37 8f
skipping to change at page 138, line 47 skipping to change at line 6176
00000000: 17 1c 7c 08 bd 1a 3d 50 58 e1 13 58 9d c4 21 c6 00000000: 17 1c 7c 08 bd 1a 3d 50 58 e1 13 58 9d c4 21 c6
00000010: a3 44 e5 c1 f5 14 e8 22 ed 94 03 2e 76 47 b1 8d 00000010: a3 44 e5 c1 f5 14 e8 22 ed 94 03 2e 76 47 b1 8d
00000020: 2b 3d 3b 2f 00000020: 2b 3d 3b 2f
(52) Computes SK_er for new SA (52) Computes SK_er for new SA
00000000: 4a a9 b7 36 1d 2c e1 e0 dc 55 b6 45 0a 38 f1 9a 00000000: 4a a9 b7 36 1d 2c e1 e0 dc 55 b6 45 0a 38 f1 9a
00000010: 83 cb 8f 79 57 5e df d8 5f 5e 22 a8 36 bd 3a 4a 00000010: 83 cb 8f 79 57 5e df d8 5f 5e 22 a8 36 bd 3a 4a
00000020: d2 f6 27 21 00000020: d2 f6 27 21
Sub-scenario 3: ESP SAs rekeying without PFS using the A.2.3. Sub-Scenario 3: ESP SAs Rekeying without PFS Using the
CREATE_CHILD_SA exchange. CREATE_CHILD_SA Exchange
Initiator Responder Initiator Responder
HDR, SK {N(REKEY_SA), SAi, Ni, HDR, SK {N(REKEY_SA), SAi, Ni,
TSi, TSr [,N+]} ---> TSi, TSr [,N+]} --->
<--- HDR, SK {SAr, Nr, <--- HDR, SK {SAr, Nr,
TSi, TSr [,N+]} TSi, TSr [,N+]}
Initiator's actions: Initiator's actions:
(1) Generates random IKE nonce Ni (1) Generates random IKE nonce Ni
00000000: b5 48 18 7d 30 d8 ea 49 20 d0 9d 42 de 9e 91 ce 00000000: b5 48 18 7d 30 d8 ea 49 20 d0 9d 42 de 9e 91 ce
00000010: b3 1c 41 85 37 66 d8 9e c6 a6 f8 08 93 f4 48 23 00000010: b3 1c 41 85 37 66 d8 9e c6 a6 f8 08 93 f4 48 23
(2) Computes K1i (i1 = 0) (2) Computes K1i (i1 = 0)
skipping to change at page 140, line 27 skipping to change at line 6250
00000010: 00 00 00 1c 01 03 04 02 9a 8c 6a 9b 03 00 00 08 00000010: 00 00 00 1c 01 03 04 02 9a 8c 6a 9b 03 00 00 08
00000020: 01 00 00 21 00 00 00 08 05 00 00 00 2c 00 00 24 00000020: 01 00 00 21 00 00 00 08 05 00 00 00 2c 00 00 24
00000030: b5 48 18 7d 30 d8 ea 49 20 d0 9d 42 de 9e 91 ce 00000030: b5 48 18 7d 30 d8 ea 49 20 d0 9d 42 de 9e 91 ce
00000040: b3 1c 41 85 37 66 d8 9e c6 a6 f8 08 93 f4 48 23 00000040: b3 1c 41 85 37 66 d8 9e c6 a6 f8 08 93 f4 48 23
00000050: 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff 00000050: 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff
00000060: 0a 01 01 03 0a 01 01 03 29 00 00 18 01 00 00 00 00000060: 0a 01 01 03 0a 01 01 03 29 00 00 18 01 00 00 00
00000070: 07 00 00 10 00 00 ff ff 0a 00 00 00 0a 00 00 ff 00000070: 07 00 00 10 00 00 ff ff 0a 00 00 00 0a 00 00 ff
00000080: 29 00 00 08 00 00 40 0a 00 00 00 08 00 00 40 0b 00000080: 29 00 00 08 00 00 40 0a 00 00 00 08 00 00 40 0b
00000090: 00 00000090: 00
(10) Encrypts plaintext using K3i as K_msg, resulted in ciphertext (10) Encrypts plaintext using K3i as K_msg, resulting in ciphertext
00000000: 47 71 bb 57 2a 1a 58 a6 44 cb 60 d4 8e 5c cc 0a 00000000: 47 71 bb 57 2a 1a 58 a6 44 cb 60 d4 8e 5c cc 0a
00000010: b9 34 0f 34 80 cf a2 38 54 f6 70 3b 98 4e 8f 9f 00000010: b9 34 0f 34 80 cf a2 38 54 f6 70 3b 98 4e 8f 9f
00000020: 3b 5c 5a 04 06 dc e9 d4 d3 54 c6 4d 73 09 10 c5 00000020: 3b 5c 5a 04 06 dc e9 d4 d3 54 c6 4d 73 09 10 c5
00000030: 4e 26 c4 27 fd cb 54 e1 cf e0 fd b4 9f f8 00 41 00000030: 4e 26 c4 27 fd cb 54 e1 cf e0 fd b4 9f f8 00 41
00000040: 41 c8 58 b2 c9 3a d8 e0 19 40 a3 89 ee 26 d4 84 00000040: 41 c8 58 b2 c9 3a d8 e0 19 40 a3 89 ee 26 d4 84
00000050: 69 e9 52 68 d5 e1 ee f0 89 6e d3 95 34 62 ad 2e 00000050: 69 e9 52 68 d5 e1 ee f0 89 6e d3 95 34 62 ad 2e
00000060: e6 77 17 b8 6c 25 52 7f d8 70 9c 36 0b c8 1d 1a 00000060: e6 77 17 b8 6c 25 52 7f d8 70 9c 36 0b c8 1d 1a
00000070: 43 50 82 2a be b6 31 ff 2f 43 11 f7 d0 60 bf 62 00000070: 43 50 82 2a be b6 31 ff 2f 43 11 f7 d0 60 bf 62
00000080: b9 08 c3 09 a3 78 fb 5e 76 57 91 5d 48 1c aa d2 00000080: b9 08 c3 09 a3 78 fb 5e 76 57 91 5d 48 1c aa d2
skipping to change at page 142, line 4 skipping to change at line 6319
(18) Composes MGM nonce (18) Composes MGM nonce
00000000: 00 00 00 00 2b 3d 3b 2f 00000000: 00 00 00 00 2b 3d 3b 2f
(19) Extracts ICV from message (19) Extracts ICV from message
00000000: b3 05 bd 43 2f 87 0c 3f 00000000: b3 05 bd 43 2f 87 0c 3f
(20) Extracts AAD from message (20) Extracts AAD from message
00000000: fd d9 35 89 50 d5 db 22 81 27 5d a2 98 90 1a 06 00000000: fd d9 35 89 50 d5 db 22 81 27 5d a2 98 90 1a 06
00000010: 2e 20 24 08 00 00 00 00 00 00 00 c1 29 00 00 a5 00000010: 2e 20 24 08 00 00 00 00 00 00 00 c1 29 00 00 a5
(21) Extracts ciphertext from message (21) Extracts ciphertext from message
00000000: 47 71 bb 57 2a 1a 58 a6 44 cb 60 d4 8e 5c cc 0a 00000000: 47 71 bb 57 2a 1a 58 a6 44 cb 60 d4 8e 5c cc 0a
00000010: b9 34 0f 34 80 cf a2 38 54 f6 70 3b 98 4e 8f 9f 00000010: b9 34 0f 34 80 cf a2 38 54 f6 70 3b 98 4e 8f 9f
00000020: 3b 5c 5a 04 06 dc e9 d4 d3 54 c6 4d 73 09 10 c5 00000020: 3b 5c 5a 04 06 dc e9 d4 d3 54 c6 4d 73 09 10 c5
00000030: 4e 26 c4 27 fd cb 54 e1 cf e0 fd b4 9f f8 00 41 00000030: 4e 26 c4 27 fd cb 54 e1 cf e0 fd b4 9f f8 00 41
00000040: 41 c8 58 b2 c9 3a d8 e0 19 40 a3 89 ee 26 d4 84 00000040: 41 c8 58 b2 c9 3a d8 e0 19 40 a3 89 ee 26 d4 84
00000050: 69 e9 52 68 d5 e1 ee f0 89 6e d3 95 34 62 ad 2e 00000050: 69 e9 52 68 d5 e1 ee f0 89 6e d3 95 34 62 ad 2e
00000060: e6 77 17 b8 6c 25 52 7f d8 70 9c 36 0b c8 1d 1a 00000060: e6 77 17 b8 6c 25 52 7f d8 70 9c 36 0b c8 1d 1a
00000070: 43 50 82 2a be b6 31 ff 2f 43 11 f7 d0 60 bf 62 00000070: 43 50 82 2a be b6 31 ff 2f 43 11 f7 d0 60 bf 62
00000080: b9 08 c3 09 a3 78 fb 5e 76 57 91 5d 48 1c aa d2 00000080: b9 08 c3 09 a3 78 fb 5e 76 57 91 5d 48 1c aa d2
00000090: a3 00000090: a3
(22) Decrypts ciphertext and verifies ICV using K3i as K_msg, (22) Decrypts ciphertext and verifies ICV using K3i as K_msg,
resulted in plaintext resulting in plaintext
00000000: 21 00 00 0c 03 04 40 09 6c 0c a5 70 28 00 00 20 00000000: 21 00 00 0c 03 04 40 09 6c 0c a5 70 28 00 00 20
00000010: 00 00 00 1c 01 03 04 02 9a 8c 6a 9b 03 00 00 08 00000010: 00 00 00 1c 01 03 04 02 9a 8c 6a 9b 03 00 00 08
00000020: 01 00 00 21 00 00 00 08 05 00 00 00 2c 00 00 24 00000020: 01 00 00 21 00 00 00 08 05 00 00 00 2c 00 00 24
00000030: b5 48 18 7d 30 d8 ea 49 20 d0 9d 42 de 9e 91 ce 00000030: b5 48 18 7d 30 d8 ea 49 20 d0 9d 42 de 9e 91 ce
00000040: b3 1c 41 85 37 66 d8 9e c6 a6 f8 08 93 f4 48 23 00000040: b3 1c 41 85 37 66 d8 9e c6 a6 f8 08 93 f4 48 23
00000050: 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff 00000050: 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff
00000060: 0a 01 01 03 0a 01 01 03 29 00 00 18 01 00 00 00 00000060: 0a 01 01 03 0a 01 01 03 29 00 00 18 01 00 00 00
00000070: 07 00 00 10 00 00 ff ff 0a 00 00 00 0a 00 00 ff 00000070: 07 00 00 10 00 00 ff ff 0a 00 00 00 0a 00 00 ff
00000080: 29 00 00 08 00 00 40 0a 00 00 00 08 00 00 40 0b 00000080: 29 00 00 08 00 00 40 0a 00 00 00 08 00 00 40 0b
skipping to change at page 144, line 4 skipping to change at line 6416
00000000: 0e 8f 21 54 2e fc 81 79 57 c4 c9 0b e0 25 9a 59 00000000: 0e 8f 21 54 2e fc 81 79 57 c4 c9 0b e0 25 9a 59
00000010: 29 26 0e 86 20 bf d4 e6 00 32 23 43 ae f0 11 52 00000010: 29 26 0e 86 20 bf d4 e6 00 32 23 43 ae f0 11 52
(30) Computes K3r (i3 = 0) (30) Computes K3r (i3 = 0)
00000000: 92 b8 b2 d6 7a 2d e1 db 5f e1 39 d2 57 c8 24 5f 00000000: 92 b8 b2 d6 7a 2d e1 db 5f e1 39 d2 57 c8 24 5f
00000010: f6 22 54 de fc 35 35 c9 24 cf a5 4a e1 5d 75 71 00000010: f6 22 54 de fc 35 35 c9 24 cf a5 4a e1 5d 75 71
(31) Composes MGM nonce (31) Composes MGM nonce
00000000: 00 00 00 00 d2 f6 27 21 00000000: 00 00 00 00 d2 f6 27 21
(32) Composes AAD (32) Composes AAD
00000000: fd d9 35 89 50 d5 db 22 81 27 5d a2 98 90 1a 06 00000000: fd d9 35 89 50 d5 db 22 81 27 5d a2 98 90 1a 06
00000010: 2e 20 24 20 00 00 00 00 00 00 00 bd 21 00 00 a1 00000010: 2e 20 24 20 00 00 00 00 00 00 00 bd 21 00 00 a1
(33) Composes plaintext (33) Composes plaintext
00000000: 28 00 00 20 00 00 00 1c 01 03 04 02 15 4f 35 39 00000000: 28 00 00 20 00 00 00 1c 01 03 04 02 15 4f 35 39
00000010: 03 00 00 08 01 00 00 21 00 00 00 08 05 00 00 00 00000010: 03 00 00 08 01 00 00 21 00 00 00 08 05 00 00 00
00000020: 2c 00 00 24 41 5e a7 ed 7e 65 d3 ff d3 df ed 5f 00000020: 2c 00 00 24 41 5e a7 ed 7e 65 d3 ff d3 df ed 5f
00000030: b5 c8 5c 60 2b 9c 15 14 eb 52 97 b7 fc aa 33 c4 00000030: b5 c8 5c 60 2b 9c 15 14 eb 52 97 b7 fc aa 33 c4
00000040: 64 f3 58 06 2d 00 00 18 01 00 00 00 07 00 00 10 00000040: 64 f3 58 06 2d 00 00 18 01 00 00 00 07 00 00 10
00000050: 00 00 ff ff 0a 01 01 03 0a 01 01 03 29 00 00 18 00000050: 00 00 ff ff 0a 01 01 03 0a 01 01 03 29 00 00 18
00000060: 01 00 00 00 07 00 00 10 00 00 ff ff 0a 00 00 00 00000060: 01 00 00 00 07 00 00 10 00 00 ff ff 0a 00 00 00
00000070: 0a 00 00 ff 29 00 00 08 00 00 40 02 29 00 00 08 00000070: 0a 00 00 ff 29 00 00 08 00 00 40 02 29 00 00 08
00000080: 00 00 40 0a 00 00 00 08 00 00 40 0b 00 00000080: 00 00 40 0a 00 00 00 08 00 00 40 0b 00
(34) Encrypts plaintext using K3r as K_msg, resulted in ciphertext (34) Encrypts plaintext using K3r as K_msg, resulting in ciphertext
00000000: 2e c7 13 73 4c cc f8 f3 51 71 ac d9 7a 6e 20 2c 00000000: 2e c7 13 73 4c cc f8 f3 51 71 ac d9 7a 6e 20 2c
00000010: 68 70 bb 8f 82 42 2a 14 e3 8d b8 25 10 9a 1f b6 00000010: 68 70 bb 8f 82 42 2a 14 e3 8d b8 25 10 9a 1f b6
00000020: 51 ef c5 35 50 bf df 8e 96 bc 94 5a e5 4d 9d 99 00000020: 51 ef c5 35 50 bf df 8e 96 bc 94 5a e5 4d 9d 99
00000030: 9a 14 36 d1 4b 61 e1 de 3b 0d 12 94 e5 72 60 00 00000030: 9a 14 36 d1 4b 61 e1 de 3b 0d 12 94 e5 72 60 00
00000040: 0f 9d dd 2b e1 97 25 4c 5c ee 48 2e 9b f7 d8 9e 00000040: 0f 9d dd 2b e1 97 25 4c 5c ee 48 2e 9b f7 d8 9e
00000050: 01 6b 1d 92 b7 c1 7f 16 81 0f e2 e3 14 1c 27 c7 00000050: 01 6b 1d 92 b7 c1 7f 16 81 0f e2 e3 14 1c 27 c7
00000060: 35 e9 e3 fd b8 fc 5d fb a2 ee 2f f9 b0 17 39 ca 00000060: 35 e9 e3 fd b8 fc 5d fb a2 ee 2f f9 b0 17 39 ca
00000070: f1 2e b1 13 99 e0 da 10 1a 29 74 26 a3 63 ce 09 00000070: f1 2e b1 13 99 e0 da 10 1a 29 74 26 a3 63 ce 09
00000080: 6a f9 1b 67 4a f2 fb 0f 17 5e 48 1a 93 00000080: 6a f9 1b 67 4a f2 fb 0f 17 5e 48 1a 93
skipping to change at page 146, line 4 skipping to change at line 6504
(42) Composes MGM nonce (42) Composes MGM nonce
00000000: 00 00 00 00 d2 f6 27 21 00000000: 00 00 00 00 d2 f6 27 21
(43) Extracts ICV from message (43) Extracts ICV from message
00000000: 57 b4 30 41 07 50 b1 cc 00000000: 57 b4 30 41 07 50 b1 cc
(44) Extracts AAD from message (44) Extracts AAD from message
00000000: fd d9 35 89 50 d5 db 22 81 27 5d a2 98 90 1a 06 00000000: fd d9 35 89 50 d5 db 22 81 27 5d a2 98 90 1a 06
00000010: 2e 20 24 20 00 00 00 00 00 00 00 bd 21 00 00 a1 00000010: 2e 20 24 20 00 00 00 00 00 00 00 bd 21 00 00 a1
(45) Extracts ciphertext from message (45) Extracts ciphertext from message
00000000: 2e c7 13 73 4c cc f8 f3 51 71 ac d9 7a 6e 20 2c 00000000: 2e c7 13 73 4c cc f8 f3 51 71 ac d9 7a 6e 20 2c
00000010: 68 70 bb 8f 82 42 2a 14 e3 8d b8 25 10 9a 1f b6 00000010: 68 70 bb 8f 82 42 2a 14 e3 8d b8 25 10 9a 1f b6
00000020: 51 ef c5 35 50 bf df 8e 96 bc 94 5a e5 4d 9d 99 00000020: 51 ef c5 35 50 bf df 8e 96 bc 94 5a e5 4d 9d 99
00000030: 9a 14 36 d1 4b 61 e1 de 3b 0d 12 94 e5 72 60 00 00000030: 9a 14 36 d1 4b 61 e1 de 3b 0d 12 94 e5 72 60 00
00000040: 0f 9d dd 2b e1 97 25 4c 5c ee 48 2e 9b f7 d8 9e 00000040: 0f 9d dd 2b e1 97 25 4c 5c ee 48 2e 9b f7 d8 9e
00000050: 01 6b 1d 92 b7 c1 7f 16 81 0f e2 e3 14 1c 27 c7 00000050: 01 6b 1d 92 b7 c1 7f 16 81 0f e2 e3 14 1c 27 c7
00000060: 35 e9 e3 fd b8 fc 5d fb a2 ee 2f f9 b0 17 39 ca 00000060: 35 e9 e3 fd b8 fc 5d fb a2 ee 2f f9 b0 17 39 ca
00000070: f1 2e b1 13 99 e0 da 10 1a 29 74 26 a3 63 ce 09 00000070: f1 2e b1 13 99 e0 da 10 1a 29 74 26 a3 63 ce 09
00000080: 6a f9 1b 67 4a f2 fb 0f 17 5e 48 1a 93 00000080: 6a f9 1b 67 4a f2 fb 0f 17 5e 48 1a 93
(46) Decrypts ciphertext and verifies ICV using K3r as K_msg, (46) Decrypts ciphertext and verifies ICV using K3r as K_msg,
resulted in plaintext resulting in plaintext
00000000: 28 00 00 20 00 00 00 1c 01 03 04 02 15 4f 35 39 00000000: 28 00 00 20 00 00 00 1c 01 03 04 02 15 4f 35 39
00000010: 03 00 00 08 01 00 00 21 00 00 00 08 05 00 00 00 00000010: 03 00 00 08 01 00 00 21 00 00 00 08 05 00 00 00
00000020: 2c 00 00 24 41 5e a7 ed 7e 65 d3 ff d3 df ed 5f 00000020: 2c 00 00 24 41 5e a7 ed 7e 65 d3 ff d3 df ed 5f
00000030: b5 c8 5c 60 2b 9c 15 14 eb 52 97 b7 fc aa 33 c4 00000030: b5 c8 5c 60 2b 9c 15 14 eb 52 97 b7 fc aa 33 c4
00000040: 64 f3 58 06 2d 00 00 18 01 00 00 00 07 00 00 10 00000040: 64 f3 58 06 2d 00 00 18 01 00 00 00 07 00 00 10
00000050: 00 00 ff ff 0a 01 01 03 0a 01 01 03 29 00 00 18 00000050: 00 00 ff ff 0a 01 01 03 0a 01 01 03 29 00 00 18
00000060: 01 00 00 00 07 00 00 10 00 00 ff ff 0a 00 00 00 00000060: 01 00 00 00 07 00 00 10 00 00 ff ff 0a 00 00 00
00000070: 0a 00 00 ff 29 00 00 08 00 00 40 02 29 00 00 08 00000070: 0a 00 00 ff 29 00 00 08 00 00 40 02 29 00 00 08
00000080: 00 00 40 0a 00 00 00 08 00 00 40 0b 00 00000080: 00 00 40 0a 00 00 00 08 00 00 40 0b 00
skipping to change at page 147, line 4 skipping to change at line 6550
Encryption=ENCR_MAGMA_MGM_KTREE, Encryption=ENCR_MAGMA_MGM_KTREE,
ESN=Off}}, ESN=Off}},
NONCE[36]{415EA7...F35806}, NONCE[36]{415EA7...F35806},
TSi[24](1#){10.1.1.3}, TSi[24](1#){10.1.1.3},
TSr[24](1#){10.0.0.0-10.0.0.255}, TSr[24](1#){10.0.0.0-10.0.0.255},
N[8](ADDITIONAL_TS_POSSIBLE), N[8](ADDITIONAL_TS_POSSIBLE),
N[8](ESP_TFC_PADDING_NOT_SUPPORTED), N[8](ESP_TFC_PADDING_NOT_SUPPORTED),
N[8](NON_FIRST_FRAGMENTS_ALSO)} N[8](NON_FIRST_FRAGMENTS_ALSO)}
(48) Computes keys for new ESP SAs (48) Computes keys for new ESP SAs
00000000: 6a b6 a0 e7 05 d3 51 16 6f 4f b9 d6 59 0c c8 69 00000000: 6a b6 a0 e7 05 d3 51 16 6f 4f b9 d6 59 0c c8 69
00000010: 43 70 cf 6f 0d 32 c3 7d 92 75 00 4b 0a 76 35 67 00000010: 43 70 cf 6f 0d 32 c3 7d 92 75 00 4b 0a 76 35 67
00000020: 64 0e 3a fe 00000020: 64 0e 3a fe
00000000: 65 56 1c 79 27 cb c6 d6 8c b8 69 0f 40 00 d2 0a 00000000: 65 56 1c 79 27 cb c6 d6 8c b8 69 0f 40 00 d2 0a
00000010: c1 49 1c d1 86 88 db 88 ae f3 be 82 0c 71 b7 c9 00000010: c1 49 1c d1 86 88 db 88 ae f3 be 82 0c 71 b7 c9
00000020: 6c cf a3 64 00000020: 6c cf a3 64
Sub-scenario 4: IKE SA deletion using the INFORMATIONAL exchange. A.2.4. Sub-Scenario 4: IKE SA Deletion Using the INFORMATIONAL Exchange
Initiator Responder Initiator Responder
HDR, SK {D} ---> HDR, SK {D} --->
<--- HDR, SK { } <--- HDR, SK { }
Initiator's actions: Initiator's actions:
(1) Creates message (1) Creates message
Informational Informational
#FDD9358950D5DB22.81275DA298901A06.00000003 IKEv2 R<-I[57] #FDD9358950D5DB22.81275DA298901A06.00000003 IKEv2 R<-I[57]
E[29]{ E[29]{
D[8](IKE)} D[8](IKE)}
skipping to change at page 147, line 45 skipping to change at line 6592
(4) Composes AAD (4) Composes AAD
00000000: fd d9 35 89 50 d5 db 22 81 27 5d a2 98 90 1a 06 00000000: fd d9 35 89 50 d5 db 22 81 27 5d a2 98 90 1a 06
00000010: 2e 20 25 08 00 00 00 03 00 00 00 39 2a 00 00 1d 00000010: 2e 20 25 08 00 00 00 03 00 00 00 39 2a 00 00 1d
(5) Composes plaintext (5) Composes plaintext
00000000: 00 00 00 08 01 00 00 00 00 00000000: 00 00 00 08 01 00 00 00 00
(6) Encrypts plaintext using K3i as K_msg, resulted in ciphertext (6) Encrypts plaintext using K3i as K_msg, resulting in ciphertext
00000000: 4f ff 67 66 41 9c d3 ec 8e 00000000: 4f ff 67 66 41 9c d3 ec 8e
(7) Computes ICV using K3i as K_msg (7) Computes ICV using K3i as K_msg
00000000: d2 bf 0e b7 8f c5 53 03 00000000: d2 bf 0e b7 8f c5 53 03
(8) Composes IV (8) Composes IV
00000000: 00 00 00 00 00 00 00 03 00000000: 00 00 00 00 00 00 00 03
skipping to change at page 148, line 51 skipping to change at line 6642
(14) Extracts AAD from message (14) Extracts AAD from message
00000000: fd d9 35 89 50 d5 db 22 81 27 5d a2 98 90 1a 06 00000000: fd d9 35 89 50 d5 db 22 81 27 5d a2 98 90 1a 06
00000010: 2e 20 25 08 00 00 00 03 00 00 00 39 2a 00 00 1d 00000010: 2e 20 25 08 00 00 00 03 00 00 00 39 2a 00 00 1d
(15) Extracts ciphertext from message (15) Extracts ciphertext from message
00000000: 4f ff 67 66 41 9c d3 ec 8e 00000000: 4f ff 67 66 41 9c d3 ec 8e
(16) Decrypts ciphertext and verifies ICV using K3i as K_msg, (16) Decrypts ciphertext and verifies ICV using K3i as K_msg,
resulted in plaintext resulting in plaintext
00000000: 00 00 00 08 01 00 00 00 00 00000000: 00 00 00 08 01 00 00 00 00
(17) Parses received message (17) Parses received message
Informational Informational
#FDD9358950D5DB22.81275DA298901A06.00000003 IKEv2 I->R[57] #FDD9358950D5DB22.81275DA298901A06.00000003 IKEv2 I->R[57]
E[29]{ E[29]{
D[8](IKE)} D[8](IKE)}
skipping to change at page 149, line 38 skipping to change at line 6677
(21) Composes AAD (21) Composes AAD
00000000: fd d9 35 89 50 d5 db 22 81 27 5d a2 98 90 1a 06 00000000: fd d9 35 89 50 d5 db 22 81 27 5d a2 98 90 1a 06
00000010: 2e 20 25 20 00 00 00 03 00 00 00 31 00 00 00 15 00000010: 2e 20 25 20 00 00 00 03 00 00 00 31 00 00 00 15
(22) Composes plaintext (22) Composes plaintext
00000000: 00 00000000: 00
(23) Encrypts plaintext using K3r as K_msg, resulted in ciphertext (23) Encrypts plaintext using K3r as K_msg, resulting in ciphertext
00000000: a8 00000000: a8
(24) Computes ICV using K3r as K_msg (24) Computes ICV using K3r as K_msg
00000000: ef 77 21 c9 8b c1 eb 98 00000000: ef 77 21 c9 8b c1 eb 98
(25) Composes IV (25) Composes IV
00000000: 00 00 00 00 00 00 00 03 00000000: 00 00 00 00 00 00 00 03
skipping to change at page 150, line 40 skipping to change at line 6727
(31) Extracts AAD from message (31) Extracts AAD from message
00000000: fd d9 35 89 50 d5 db 22 81 27 5d a2 98 90 1a 06 00000000: fd d9 35 89 50 d5 db 22 81 27 5d a2 98 90 1a 06
00000010: 2e 20 25 20 00 00 00 03 00 00 00 31 00 00 00 15 00000010: 2e 20 25 20 00 00 00 03 00 00 00 31 00 00 00 15
(32) Extracts ciphertext from message (32) Extracts ciphertext from message
00000000: a8 00000000: a8
(33) Decrypts ciphertext and verifies ICV using K3r as K_msg, (33) Decrypts ciphertext and verifies ICV using K3r as K_msg,
resulted in plaintext resulting in plaintext
00000000: 00 00000000: 00
(34) Parses received message (34) Parses received message
Informational Informational
#FDD9358950D5DB22.81275DA298901A06.00000003 IKEv2 R=>I[49] #FDD9358950D5DB22.81275DA298901A06.00000003 IKEv2 R=>I[49]
E[21]{} E[21]{}
Author's Address Author's Address
 End of changes. 154 change blocks. 
321 lines changed or deleted 381 lines changed or added

This html diff was produced by rfcdiff 1.48.