rfc9385xml2.original.xml   rfc9385.xml 
<?xml version="1.0" encoding="UTF-8"?> <?xml version='1.0' encoding='utf-8'?>
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" version="3" category="info" docN
<rfc category="info" submissionType="independent" ipr="trust200902" docName="dra ame="draft-smyslov-ike2-gost-15" indexInclude="true" ipr="trust200902" number="9
ft-smyslov-ike2-gost-15"> 385" prepTime="2023-05-19T13:03:10" scripts="Common,Cyrillic,Latin" sortRefs="fa
lse" submissionType="independent" symRefs="true" tocDepth="3" tocInclude="true"
<?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?> xml:lang="en">
<link href="https://datatracker.ietf.org/doc/draft-smyslov-ike2-gost-15" rel="
<?rfc toc="yes" ?> prev"/>
<?rfc symrefs="yes" ?> <link href="https://dx.doi.org/10.17487/rfc9385" rel="alternate"/>
<?rfc sortrefs="no"?> <link href="urn:issn:2070-1721" rel="alternate"/>
<?rfc iprnotified="no" ?> <front>
<?rfc strict="yes" ?> <title abbrev="GOST Algorithms in IKEv2">Using GOST Cryptographic Algorithms
in the Internet Key Exchange Protocol Version 2 (IKEv2)</title>
<front> <seriesInfo name="RFC" value="9385" stream="independent"/>
<title abbrev="GOST algorithms in IKEv2">Using GOST Cryptographic Algori <author initials="V." surname="Smyslov" fullname="Valery Smyslov">
thms in the Internet Key Exchange Protocol Version 2 (IKEv2)</title> <organization showOnFrontPage="true">ELVIS-PLUS</organization>
<author initials='V.' surname="Smyslov" fullname='Valery Smyslov'> <address>
<organization>ELVIS-PLUS</organization> <postal>
<address> <street>PO Box 81</street>
<postal> <city>Moscow (Zelenograd)</city>
<street>PO Box 81</street> <code>124460</code>
<city>Moscow (Zelenograd)</city> <country>Russian Federation</country>
<code>124460</code> </postal>
<country>Russian Federation</country> <phone>+7 495 276 0211</phone>
</postal> <email>svan@elvis.ru</email>
<phone>+7 495 276 0211</phone> </address>
<email>svan@elvis.ru</email> </author>
</address> <date month="05" year="2023"/>
</author> <keyword>Streebog</keyword>
<date/> <keyword>Kuznyechik</keyword>
<keyword>Magma</keyword>
<keyword>Streebog</keyword> <keyword>MGM</keyword>
<keyword>Kuznyechik</keyword> <abstract pn="section-abstract">
<keyword>Magma</keyword> <t indent="0" pn="section-abstract-1"> This document defines a set of cryp
<keyword>MGM</keyword> tographic transforms for use in
the Internet Key Exchange Protocol version 2 (IKEv2). The transforms
<abstract> are based on Russian cryptographic standard algorithms (called "GOST" algo
<t> This document defines a set of cryptographic transforms for use rithms). Use of
in the Internet Key Exchange protocol version 2 (IKEv2). GOST ciphers in IKEv2 is defined in RFC 9227. This document aims to
The transforms are based on Russian cryptographic standard algorithm define the use of GOST algorithms for the rest of the cryptographic
s (GOST). Use of GOST ciphers in IKEv2 was defined in RFC 9227. transforms used in IKEv2.
This document aims to define using GOST algorithms for the rest of c </t>
ryptographic transforms used in IKEv2. <t indent="0" pn="section-abstract-2"> This specification was developed to
</t> facilitate implementations that
wish to support the GOST algorithms. This document does not imply IETF
<t> This specification was developed to facilitate implementations t endorsement of the cryptographic algorithms used in this document.
hat wish to support the GOST algorithms. This document does not imply </t>
IETF endorsement of the cryptographic algorithms used in this docume </abstract>
nt. <boilerplate>
</t> <section anchor="status-of-memo" numbered="false" removeInRFC="false" toc=
</abstract> "exclude" pn="section-boilerplate.1">
</front> <name slugifiedName="name-status-of-this-memo">Status of This Memo</name
>
<middle> <t indent="0" pn="section-boilerplate.1-1">
<section title="Introduction"> This document is not an Internet Standards Track specification; it i
<t> The Internet Key Exchange protocol version 2 (IKEv2) defined in s
<xref target="RFC7296" /> is an important part published for informational purposes.
</t>
<t indent="0" pn="section-boilerplate.1-2">
This is a contribution to the RFC Series, independently of any
other RFC stream. The RFC Editor has chosen to publish this
document at its discretion and makes no statement about its value
for implementation or deployment. Documents approved for
publication by the RFC Editor are not candidates for any level of
Internet Standard; see Section 2 of RFC 7841.
</t>
<t indent="0" pn="section-boilerplate.1-3">
Information about the current status of this document, any
errata, and how to provide feedback on it may be obtained at
<eref target="https://www.rfc-editor.org/info/rfc9385" brackets="non
e"/>.
</t>
</section>
<section anchor="copyright" numbered="false" removeInRFC="false" toc="excl
ude" pn="section-boilerplate.2">
<name slugifiedName="name-copyright-notice">Copyright Notice</name>
<t indent="0" pn="section-boilerplate.2-1">
Copyright (c) 2023 IETF Trust and the persons identified as the
document authors. All rights reserved.
</t>
<t indent="0" pn="section-boilerplate.2-2">
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(<eref target="https://trustee.ietf.org/license-info" brackets="none
"/>) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with
respect to this document.
</t>
</section>
</boilerplate>
<toc>
<section anchor="toc" numbered="false" removeInRFC="false" toc="exclude" p
n="section-toc.1">
<name slugifiedName="name-table-of-contents">Table of Contents</name>
<ul bare="true" empty="true" indent="2" spacing="compact" pn="section-to
c.1-1">
<li pn="section-toc.1-1.1">
<t indent="0" keepWithNext="true" pn="section-toc.1-1.1.1"><xref der
ivedContent="1" format="counter" sectionFormat="of" target="section-1"/>.  <xref
derivedContent="" format="title" sectionFormat="of" target="name-introduction">
Introduction</xref></t>
</li>
<li pn="section-toc.1-1.2">
<t indent="0" keepWithNext="true" pn="section-toc.1-1.2.1"><xref der
ivedContent="2" format="counter" sectionFormat="of" target="section-2"/>.  <xref
derivedContent="" format="title" sectionFormat="of" target="name-terminology-an
d-notation">Terminology and Notation</xref></t>
</li>
<li pn="section-toc.1-1.3">
<t indent="0" keepWithNext="true" pn="section-toc.1-1.3.1"><xref der
ivedContent="3" format="counter" sectionFormat="of" target="section-3"/>.  <xref
derivedContent="" format="title" sectionFormat="of" target="name-overview">Over
view</xref></t>
</li>
<li pn="section-toc.1-1.4">
<t indent="0" pn="section-toc.1-1.4.1"><xref derivedContent="4" form
at="counter" sectionFormat="of" target="section-4"/>.  <xref derivedContent="" f
ormat="title" sectionFormat="of" target="name-ike-sa-protection">IKE SA Protecti
on</xref></t>
</li>
<li pn="section-toc.1-1.5">
<t indent="0" pn="section-toc.1-1.5.1"><xref derivedContent="5" form
at="counter" sectionFormat="of" target="section-5"/>.  <xref derivedContent="" f
ormat="title" sectionFormat="of" target="name-pseudorandom-function">Pseudorando
m Function</xref></t>
</li>
<li pn="section-toc.1-1.6">
<t indent="0" pn="section-toc.1-1.6.1"><xref derivedContent="6" form
at="counter" sectionFormat="of" target="section-6"/>.  <xref derivedContent="" f
ormat="title" sectionFormat="of" target="name-shared-key-calculation">Shared Key
Calculation</xref></t>
<ul bare="true" empty="true" indent="2" spacing="compact" pn="sectio
n-toc.1-1.6.2">
<li pn="section-toc.1-1.6.2.1">
<t indent="0" pn="section-toc.1-1.6.2.1.1"><xref derivedContent=
"6.1" format="counter" sectionFormat="of" target="section-6.1"/>.  <xref derived
Content="" format="title" sectionFormat="of" target="name-recipient-tests">Recip
ient Tests</xref></t>
</li>
</ul>
</li>
<li pn="section-toc.1-1.7">
<t indent="0" pn="section-toc.1-1.7.1"><xref derivedContent="7" form
at="counter" sectionFormat="of" target="section-7"/>.  <xref derivedContent="" f
ormat="title" sectionFormat="of" target="name-authentication">Authentication</xr
ef></t>
<ul bare="true" empty="true" indent="2" spacing="compact" pn="sectio
n-toc.1-1.7.2">
<li pn="section-toc.1-1.7.2.1">
<t indent="0" pn="section-toc.1-1.7.2.1.1"><xref derivedContent=
"7.1" format="counter" sectionFormat="of" target="section-7.1"/>.  <xref derived
Content="" format="title" sectionFormat="of" target="name-hash-functions">Hash F
unctions</xref></t>
</li>
<li pn="section-toc.1-1.7.2.2">
<t indent="0" pn="section-toc.1-1.7.2.2.1"><xref derivedContent=
"7.2" format="counter" sectionFormat="of" target="section-7.2"/>.  <xref derived
Content="" format="title" sectionFormat="of" target="name-asn1-objects">ASN.1 Ob
jects</xref></t>
<ul bare="true" empty="true" indent="2" spacing="compact" pn="se
ction-toc.1-1.7.2.2.2">
<li pn="section-toc.1-1.7.2.2.2.1">
<t indent="0" pn="section-toc.1-1.7.2.2.2.1.1"><xref derived
Content="7.2.1" format="counter" sectionFormat="of" target="section-7.2.1"/>.  <
xref derivedContent="" format="title" sectionFormat="of" target="name-id-tc26-si
gnwithdigest-gost">id-tc26-signwithdigest-gost3410-12-256</xref></t>
</li>
<li pn="section-toc.1-1.7.2.2.2.2">
<t indent="0" pn="section-toc.1-1.7.2.2.2.2.1"><xref derived
Content="7.2.2" format="counter" sectionFormat="of" target="section-7.2.2"/>.  <
xref derivedContent="" format="title" sectionFormat="of" target="name-id-tc26-si
gnwithdigest-gost3">id-tc26-signwithdigest-gost3410-12-512</xref></t>
</li>
</ul>
</li>
</ul>
</li>
<li pn="section-toc.1-1.8">
<t indent="0" pn="section-toc.1-1.8.1"><xref derivedContent="8" form
at="counter" sectionFormat="of" target="section-8"/>.  <xref derivedContent="" f
ormat="title" sectionFormat="of" target="name-security-considerations">Security
Considerations</xref></t>
</li>
<li pn="section-toc.1-1.9">
<t indent="0" pn="section-toc.1-1.9.1"><xref derivedContent="9" form
at="counter" sectionFormat="of" target="section-9"/>.  <xref derivedContent="" f
ormat="title" sectionFormat="of" target="name-iana-considerations">IANA Consider
ations</xref></t>
</li>
<li pn="section-toc.1-1.10">
<t indent="0" pn="section-toc.1-1.10.1"><xref derivedContent="10" fo
rmat="counter" sectionFormat="of" target="section-10"/>. <xref derivedContent=""
format="title" sectionFormat="of" target="name-references">References</xref></t
>
<ul bare="true" empty="true" indent="2" spacing="compact" pn="sectio
n-toc.1-1.10.2">
<li pn="section-toc.1-1.10.2.1">
<t indent="0" pn="section-toc.1-1.10.2.1.1"><xref derivedContent
="10.1" format="counter" sectionFormat="of" target="section-10.1"/>.  <xref deri
vedContent="" format="title" sectionFormat="of" target="name-normative-reference
s">Normative References</xref></t>
</li>
<li pn="section-toc.1-1.10.2.2">
<t indent="0" pn="section-toc.1-1.10.2.2.1"><xref derivedContent
="10.2" format="counter" sectionFormat="of" target="section-10.2"/>.  <xref deri
vedContent="" format="title" sectionFormat="of" target="name-informative-referen
ces">Informative References</xref></t>
</li>
</ul>
</li>
<li pn="section-toc.1-1.11">
<t indent="0" pn="section-toc.1-1.11.1"><xref derivedContent="Append
ix A" format="default" sectionFormat="of" target="section-appendix.a"/>.  <xref
derivedContent="" format="title" sectionFormat="of" target="name-test-vectors">T
est Vectors</xref></t>
<ul bare="true" empty="true" indent="2" spacing="compact" pn="sectio
n-toc.1-1.11.2">
<li pn="section-toc.1-1.11.2.1">
<t indent="0" pn="section-toc.1-1.11.2.1.1"><xref derivedContent
="A.1" format="counter" sectionFormat="of" target="section-appendix.a.1"/>.  <xr
ef derivedContent="" format="title" sectionFormat="of" target="name-scenario-1">
Scenario 1</xref></t>
<ul bare="true" empty="true" indent="2" spacing="compact" pn="se
ction-toc.1-1.11.2.1.2">
<li pn="section-toc.1-1.11.2.1.2.1">
<t indent="0" pn="section-toc.1-1.11.2.1.2.1.1"><xref derive
dContent="A.1.1" format="counter" sectionFormat="of" target="section-appendix.a.
1.1"/>.  <xref derivedContent="" format="title" sectionFormat="of" target="name-
sub-scenario-1-establishmen">Sub-Scenario 1: Establishment of IKE and ESP SAs Us
ing the IKE_SA_INIT and the IKE_AUTH Exchanges
</xref></t>
</li>
<li pn="section-toc.1-1.11.2.1.2.2">
<t indent="0" pn="section-toc.1-1.11.2.1.2.2.1"><xref derive
dContent="A.1.2" format="counter" sectionFormat="of" target="section-appendix.a.
1.2"/>.  <xref derivedContent="" format="title" sectionFormat="of" target="name-
sub-scenario-2-ike-sa-rekey">Sub-Scenario 2: IKE SA Rekeying Using the CREATE_CH
ILD_SA Exchange
</xref></t>
</li>
<li pn="section-toc.1-1.11.2.1.2.3">
<t indent="0" pn="section-toc.1-1.11.2.1.2.3.1"><xref derive
dContent="A.1.3" format="counter" sectionFormat="of" target="section-appendix.a.
1.3"/>.  <xref derivedContent="" format="title" sectionFormat="of" target="name-
sub-scenario-3-esp-sas-reke">Sub-Scenario 3: ESP SAs Rekeying with PFS Using the
CREATE_CHILD_SA Exchange</xref></t>
</li>
<li pn="section-toc.1-1.11.2.1.2.4">
<t indent="0" pn="section-toc.1-1.11.2.1.2.4.1"><xref derive
dContent="A.1.4" format="counter" sectionFormat="of" target="section-appendix.a.
1.4"/>.  <xref derivedContent="" format="title" sectionFormat="of" target="name-
sub-scenario-4-ike-sa-delet">Sub-Scenario 4: IKE SA Deletion Using the INFORMATI
ONAL Exchange</xref></t>
</li>
</ul>
</li>
<li pn="section-toc.1-1.11.2.2">
<t indent="0" pn="section-toc.1-1.11.2.2.1"><xref derivedContent
="A.2" format="counter" sectionFormat="of" target="section-appendix.a.2"/>.  <xr
ef derivedContent="" format="title" sectionFormat="of" target="name-scenario-2">
Scenario 2</xref></t>
<ul bare="true" empty="true" indent="2" spacing="compact" pn="se
ction-toc.1-1.11.2.2.2">
<li pn="section-toc.1-1.11.2.2.2.1">
<t indent="0" pn="section-toc.1-1.11.2.2.2.1.1"><xref derive
dContent="A.2.1" format="counter" sectionFormat="of" target="section-appendix.a.
2.1"/>.  <xref derivedContent="" format="title" sectionFormat="of" target="name-
sub-scenario-1-establishment">Sub-Scenario 1: Establishment of IKE and ESP SAs U
sing the IKE_SA_INIT and the IKE_AUTH Exchanges</xref></t>
</li>
<li pn="section-toc.1-1.11.2.2.2.2">
<t indent="0" pn="section-toc.1-1.11.2.2.2.2.1"><xref derive
dContent="A.2.2" format="counter" sectionFormat="of" target="section-appendix.a.
2.2"/>.  <xref derivedContent="" format="title" sectionFormat="of" target="name-
sub-scenario-2-ike-sa-rekeyi">Sub-Scenario 2: IKE SA Rekeying Using the CREATE_C
HILD_SA Exchange</xref></t>
</li>
<li pn="section-toc.1-1.11.2.2.2.3">
<t indent="0" pn="section-toc.1-1.11.2.2.2.3.1"><xref derive
dContent="A.2.3" format="counter" sectionFormat="of" target="section-appendix.a.
2.3"/>.  <xref derivedContent="" format="title" sectionFormat="of" target="name-
sub-scenario-3-esp-sas-rekey">Sub-Scenario 3: ESP SAs Rekeying without PFS Using
the CREATE_CHILD_SA Exchange</xref></t>
</li>
<li pn="section-toc.1-1.11.2.2.2.4">
<t indent="0" pn="section-toc.1-1.11.2.2.2.4.1"><xref derive
dContent="A.2.4" format="counter" sectionFormat="of" target="section-appendix.a.
2.4"/>.  <xref derivedContent="" format="title" sectionFormat="of" target="name-
sub-scenario-4-ike-sa-deleti">Sub-Scenario 4: IKE SA Deletion Using the INFORMAT
IONAL Exchange</xref></t>
</li>
</ul>
</li>
</ul>
</li>
<li pn="section-toc.1-1.12">
<t indent="0" pn="section-toc.1-1.12.1"><xref derivedContent="" form
at="none" sectionFormat="of" target="section-appendix.b"/><xref derivedContent="
" format="title" sectionFormat="of" target="name-authors-address">Author's Addre
ss</xref></t>
</li>
</ul>
</section>
</toc>
</front>
<middle>
<section numbered="true" removeInRFC="false" toc="include" pn="section-1">
<name slugifiedName="name-introduction">Introduction</name>
<t indent="0" pn="section-1-1"> The Internet Key Exchange Protocol version
2 (IKEv2) defined in <xref target="RFC7296" format="default" sectionFormat="of"
derivedContent="RFC7296"/> is an important part
of the IP Security (IPsec) architecture. It is used for the authenti cated key exchange and for the negotiation of various protocol of the IP Security (IPsec) architecture. It is used for the authenti cated key exchange and for the negotiation of various protocol
parameters and features. parameters and features.
</t> </t>
<t indent="0" pn="section-1-2"> This document defines a number of transfor
<t> This document defines a number of transforms for IKEv2, based on ms for IKEv2, based on Russian cryptographic standard algorithms (often referred
Russian cryptographic standard algorithms (often reffered to as "GOST" to as "GOST"
algorithms) for hash function, digital signature and key exchange me algorithms) for hash function, digital signature, and key exchange m
thod. These definitions are based on the ethod.
recommendations <xref target="GOST-IKEv2" /> established by the Stan These definitions are based on the recommendations established by the
dardisation Technical Committee "Cryptographic information protection", Standardisation Technical Committee "Cryptographic information protection", whic
which describe how Russian cryptographic standard algorithms are use h describe how Russian cryptographic
d in IKEv2. Along with the transforms defined in <xref target="RFC9227" />, standard algorithms are used in IKEv2 <xref target="GOST-IKEv2" format="default"
the transforms defined in this specification allow using GOST crypto sectionFormat="of" derivedContent="GOST-IKEv2"/>. Along with
graphic algorithms in IPsec protocols. the transforms defined in <xref target="RFC9227" format="default" sectionFormat=
</t> "of" derivedContent="RFC9227"/>, the transforms defined in
this specification allow for the use of GOST cryptographic algorithms in IPsec
<t> This specification was developed to facilitate implementations t protocols.
hat </t>
<t indent="0" pn="section-1-3"> This specification was developed to facili
tate implementations that
wish to support the GOST algorithms. This document does not imply wish to support the GOST algorithms. This document does not imply
IETF endorsement of the cryptographic algorithms used in this IETF endorsement of the cryptographic algorithms used in this
document. document.
</t> </t>
</section> </section>
<section anchor="mustshouldmay" numbered="true" removeInRFC="false" toc="inc
<section title="Terminology and Notation" anchor="mustshouldmay" > lude" pn="section-2">
<t> The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NO <name slugifiedName="name-terminology-and-notation">Terminology and Notati
T", "SHOULD", "SHOULD NOT", on</name>
"RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this docu <t indent="0" pn="section-2-1">
ment are to be interpreted The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQU
as described in BCP 14 <xref target="RFC2119" /> <xref target="RFC81 IRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL NOT</bcp14>", "<bcp14>SHOUL
74" /> when, and only when, D</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>N
they appear in all capitals, as shown here. OT RECOMMENDED</bcp14>",
</t> "<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to
</section> be interpreted as
described in BCP 14 <xref target="RFC2119" format="default" sectionFormat="o
<section title="Overview" anchor="overview"> f" derivedContent="RFC2119"/> <xref target="RFC8174" format="default" sectionFor
<t> Russian cryptographic standard (GOST) algorithms are a set of cr mat="of" derivedContent="RFC8174"/>
yptographic algorithms of different types - when, and only when, they appear in all capitals, as shown here.
ciphers, hash functions, digital signatures etc. In particular, Russ </t>
ian cryptographic standard <xref target="GOST3412-2015" /> defines </section>
block ciphers "Kuznyechik" (also defined in <xref target="RFC7801" / <section anchor="overview" numbered="true" removeInRFC="false" toc="include"
>) and "Magma" (also defined in <xref target="RFC8891" />). pn="section-3">
Cryptographic standard <xref target="GOST3410-2012" /> defines elli <name slugifiedName="name-overview">Overview</name>
ptic curve digital signature algorithm <t indent="0" pn="section-3-1"> Russian cryptographic standard algorithms
(also defined in <xref target="RFC7091" />), while <xref target="GOS (GOST algorithms) are a
T3411-2012" /> defines two cryptographic hash functions "Streebog", set of cryptographic algorithms of different types -- ciphers, hash
with different output length (also defined in <xref target="RFC6986" functions, digital signatures, etc. In particular, Russian cryptographic
/>). standard <xref target="GOST3412-2015" format="default" sectionFormat="of"
The parameters for the elliptic curves used in GOST signature and ke derivedContent="GOST3412-2015"/> defines the "Kuznyechik" and
y exchange algorithms are defined in <xref target="RFC7836" />. "Magma" block ciphers (also defined in <xref target="RFC7801" format="defa
</t> ult" sectionFormat="of" derivedContent="RFC7801"/> and
</section> <xref target="RFC8891" format="default" sectionFormat="of" derivedContent=
"RFC8891"/>, respectively). Cryptographic standard <xref target="GOST3410-2012"
<section title="IKE SA Protection" anchor="protection" > format="default" sectionFormat="of" derivedContent="GOST3410-2012"/> defines th
<t> IKE SA protection using GOST algorithms is defined in <xref targ e elliptic curve digital signature
et="RFC9227" />. algorithm (also defined in <xref target="RFC7091" format="default" section
In particular, two transforms of type 1 (Encryption Algorithm Transf Format="of" derivedContent="RFC7091"/>), while <xref target="GOST3411-2012" form
orm IDs) at="default" sectionFormat="of" derivedContent="GOST3411-2012"/> defines two cry
can be used for IKE SA protection: ENCR_KUZNYECHIK_MGM_KTREE (32) ba ptographic hash functions
sed on "Kuznyechik" with different output lengths (also defined in <xref target="RFC6986" form
block cipher and ENCR_MAGMA_MGM_KTREE (33) based on "Magma" block ci at="default" sectionFormat="of" derivedContent="RFC6986"/>). These hash functio
pher, both in ns are often referred to as "Streebog" hash functions,
although this is not an official name and is not used in the provided referen
ces. The parameters for the elliptic curves used in
GOST signature and key exchange algorithms are defined in <xref target="RF
C7836" format="default" sectionFormat="of" derivedContent="RFC7836"/>.
</t>
</section>
<section anchor="protection" numbered="true" removeInRFC="false" toc="includ
e" pn="section-4">
<name slugifiedName="name-ike-sa-protection">IKE SA Protection</name>
<t indent="0" pn="section-4-1"> IKE Security Association (SA) protection u
sing GOST algorithms is defined in <xref target="RFC9227" format="default" secti
onFormat="of" derivedContent="RFC9227"/>.
In particular, two transforms of Type 1 (Encryption Algorithm Transf
orm IDs)
can be used for IKE SA protection: ENCR_KUZNYECHIK_MGM_KTREE (32) ba
sed on the "Kuznyechik"
block cipher and ENCR_MAGMA_MGM_KTREE (33) based on the "Magma" bloc
k cipher, both in
Multilinear Galois Mode (MGM). Multilinear Galois Mode (MGM).
</t> </t>
<t indent="0" pn="section-4-2"> The information here is provided for conve
<t> The information here is provided for convenience. For full deta nience. For full details, please see <xref target="RFC9227" format="default" se
ils, please see <xref target="RFC9227" />. ctionFormat="of" derivedContent="RFC9227"/>.
</t> </t>
</section> </section>
<section anchor="prf" numbered="true" removeInRFC="false" toc="include" pn="
<section title="Pseudo Random Function" anchor="prf" > section-5">
<t> This specification defines a new transform of type 2 (Pseudorand <name slugifiedName="name-pseudorandom-function">Pseudorandom Function</na
om Function Transform IDs) - PRF_HMAC_STREEBOG_512 (9). me>
This transform uses PRF HMAC_GOSTR3411_2012_512 defined in Section 4 <t indent="0" pn="section-5-1"> This specification defines a new transform
.1.2 of <xref target="RFC7836" />. of Type 2 (Pseudorandom Function Transform IDs): PRF_HMAC_STREEBOG_512 (9).
The PRF uses GOST R 34.11-2012 ("Streebog") hash-function with 512-b This transform uses the Pseudorandom Function (PRF) HMAC_GOSTR3411_2
it output defined in 012_512 defined in <xref target="RFC7836" sectionFormat="of" section="4.1.2" for
<xref target="RFC6986" /><xref target="GOST3411-2012" /> with HMAC < mat="default" derivedLink="https://rfc-editor.org/rfc/rfc7836#section-4.1.2" der
xref target="RFC2104" /> construction. ivedContent="RFC7836"/>.
The PRF uses the GOST R 34.11-2012 ("Streebog") hash function with a
512-bit output defined in
<xref target="RFC6986" format="default" sectionFormat="of" derivedCo
ntent="RFC6986"/> and <xref target="GOST3411-2012" format="default" sectionForma
t="of" derivedContent="GOST3411-2012"/> with HMAC <xref target="RFC2104" format=
"default" sectionFormat="of" derivedContent="RFC2104"/> construction.
The PRF has a 512-bit block size and a 512-bit output length. The PRF has a 512-bit block size and a 512-bit output length.
</t> </t>
</section> </section>
<section anchor="ecdh" numbered="true" removeInRFC="false" toc="include" pn=
<section title="Shared Key Calculation" anchor="ecdh" > "section-6">
<t> This specification defines two new transforms of type 4 (Diffie- <name slugifiedName="name-shared-key-calculation">Shared Key Calculation</
Hellman Group Transform IDs): GOST3410_2012_256 (33) and name>
GOST3410_2012_512 (34). These transforms uses Elliptic Curve Diffie- <t indent="0" pn="section-6-1"> This specification defines two new transfo
Hellman (ECDH) key exchange algorithm over Twisted Edwards curves. rms of Type 4 (Key Exchange Method Transform IDs): GOST3410_2012_256 (33) and
The parameters for these curves are defined in Section A.2 of <xref GOST3410_2012_512 (34). These transforms use the Elliptic Curve Diff
target="RFC7836" />. In particular, transform GOST3410_2012_256 ie-Hellman (ECDH) key exchange algorithm over twisted Edwards curves.
uses id-tc26-gost-3410-2012-256-paramSetA parameter set and GOST3410 The parameters for these curves are defined in <xref target="RFC7836
_2012_512 uses id-tc26-gost-3410-2012-512-paramSetC " sectionFormat="of" section="A.2" format="default" derivedLink="https://rfc-edi
parameter set (both defined in <xref target="RFC7836" />). tor.org/rfc/rfc7836#appendix-A.2" derivedContent="RFC7836"/>. In particular, tra
</t> nsform GOST3410_2012_256
uses the id-tc26-gost-3410-2012-256-paramSetA parameter set and GOST
<t> Shared secret is computed as follows. The initiator randomly sel 3410_2012_512 uses the id-tc26-gost-3410-2012-512-paramSetC
ects its private key d_i from {1,..,q - 1}, where q is the subgroup order parameter set (both defined in <xref target="RFC7836" format="defaul
and is a parameter of the selected curve. Then a public key Q_i is c t" sectionFormat="of" derivedContent="RFC7836"/>).
omputed as a point on the curve: </t>
</t> <t indent="0" pn="section-6-2"> The shared secret is computed as follows.
The initiator randomly selects
<sourcecode> its private key d_i from {1,..,q - 1}, where q is the subgroup order and
Q_i = d_i * G is a parameter of the selected curve. Then a public key Q_i is computed
</sourcecode> as a point on the curve:
</t>
<t> where G is the generator for the selected curve, and then is sen <artwork name="" type="" align="left" alt="" pn="section-6-3">
t to the responder. The responder makes the same calculations to get d_r and Q_r Q_i = d_i * G
and sends Q_r to the initiator. </artwork>
After peers exchange Q_i and Q_R both sides can compute a point on t <t indent="0" pn="section-6-4"> where G is the generator for the selected
he curve: curve. It is then sent to the responder. The responder makes the same calculatio
</t> ns to get d_r and Q_r and sends Q_r to the initiator.
After peers exchange Q_i and Q_R, both sides can compute a point on
<sourcecode> the curve:
S = ((m / q) * d_i) * Q_r = ((m / q) * d_r) * Q_i </t>
</sourcecode> <artwork name="" type="" align="left" alt="" pn="section-6-5">
S = ((m / q) * d_i) * Q_r = ((m / q) * d_r) * Q_i
<t> where m is the group order and is a parameter of the selected cu </artwork>
rve. The shared secret K is an x coordinate of S in a little-endian representati <t indent="0" pn="section-6-6"> where m is the group order and is a parame
on. ter of the selected curve. The shared secret K is an x coordinate of S in a litt
The size of K is determined by the size of used curve and is either le-endian representation.
256 or 512 bit. The size of K is determined by the size of the used curve and is eit
</t> her 256 or 512 bits.
</t>
<t> When GOST public key is transmitted in the KE payload, it <bcp14 <t indent="0" pn="section-6-7"> When the GOST public key is transmitted in
>MUST</bcp14> be represented as x coordinate immediately followed by y coordinat the Key Exchange payload (<xref target="RFC7296" sectionFormat="of" section="3.
e, 4" format="default" derivedLink="https://rfc-editor.org/rfc/rfc7296#section-3.4"
each in a little-endian representation. The size of each coordinate derivedContent="RFC7296"/>), it <bcp14>MUST</bcp14> be represented as x coordin
is determined by the size of the used curve and is either 256 or 512 bits, ate immediately followed by y coordinate,
so that the size of the Key Exchange Data field in the KE payload is each in a little-endian representation.
either 64 or 128 octets.
</t>
<section title="Recipient Tests" anchor="ecdh-tests" > The size of each coordinate is determined by the size of the used curve and is e
<t> Upon receiving peer's public key, implementations <bcp14>MUS ither 256 or 512 bits,
T</bcp14> check that the key is actually a point on the curve. Otherwise the exc so that the size of the Key Exchange Data field in the Key Exchange
hange fails. payload is either 64 or 128 octets.
</t>
<section anchor="ecdh-tests" numbered="true" removeInRFC="false" toc="incl
ude" pn="section-6.1">
<name slugifiedName="name-recipient-tests">Recipient Tests</name>
<t indent="0" pn="section-6.1-1"> Upon receiving a peer's public key, im
plementations <bcp14>MUST</bcp14> check that the key is actually a point on the
curve. Otherwise, the exchange fails.
Implementations <bcp14>MUST</bcp14> check that the calculated pu blic value S is not an identity element of the curve. If S appears to be the ide ntity element of the curve, Implementations <bcp14>MUST</bcp14> check that the calculated pu blic value S is not an identity element of the curve. If S appears to be the ide ntity element of the curve,
the exchange fails. The INVALID_SYNTAX notification <bcp14>MAY</ bcp14> be sent in these cases. the exchange fails. The INVALID_SYNTAX notification <bcp14>MAY</ bcp14> be sent in these cases.
</t> </t>
</section> </section>
</section> </section>
<section anchor="auth" numbered="true" removeInRFC="false" toc="include" pn=
<section title="Authentication" anchor="auth" > "section-7">
<t>IKEv2 allows various authentication methods to be used for IKE SA <name slugifiedName="name-authentication">Authentication</name>
establishment. Some methods are tied <t indent="0" pn="section-7-1">IKEv2 allows various authentication methods
to be used for IKE SA establishment. Some methods are tied
to a particular algorithm, while others may be used with different a lgorithms. This specification to a particular algorithm, while others may be used with different a lgorithms. This specification
makes no restrictions on using the latter ones with the GOST algorit hms. In particular, makes no restrictions on using the latter ones with the GOST algorit hms. In particular,
"Shared Key Message Integrity Code" (2), defined in <xref target="RF "Shared Key Message Integrity Code" (2), defined in <xref target="RF
C7296" />, and "NULL Authentication" (13), C7296" format="default" sectionFormat="of" derivedContent="RFC7296"/>, and "NULL
defined in <xref target="RFC7619" />, can be used with GOST algorith Authentication" (13),
ms with no changes defined in <xref target="RFC7619" format="default" sectionFormat="of
" derivedContent="RFC7619"/>, can be used with GOST algorithms with no changes
to the process of the AUTH payload content calculation. to the process of the AUTH payload content calculation.
</t> </t>
<t indent="0" pn="section-7-2"> When the GOST digital signature algorithm
<t> When GOST digital signature is used in IKEv2 for authentication is used in IKEv2 for authentication
purposes, an Authentication Method "Digital Signature" (14), purposes, the "Digital Signature" (14) authentication method, defined in
defined in <xref target="RFC7427" />, <bcp14>MUST</bcp14> be specifi <xref target="RFC7427" format="default" sectionFormat="of" derivedContent=
ed in the AUTH payload. "RFC7427"/>, <bcp14>MUST</bcp14> be specified in the AUTH
</t> payload.
</t>
<t> GOST digital signature algorithm GOST R 34.10-2012 is defined in <t indent="0" pn="section-7-3"> The GOST digital signature algorithm GOST
<xref target="RFC7091" /><xref target="GOST3410-2012" />. There are R 34.10-2012 is defined in <xref target="RFC7091" format="default" sectionFormat
two variants of GOST signature algorithm - one over 256-bit elliptic ="of" derivedContent="RFC7091"/> and <xref target="GOST3410-2012" format="defaul
curve and the other over 512-bit key elliptic curve. t" sectionFormat="of" derivedContent="GOST3410-2012"/>.
The signature value, as defined in <xref target="RFC7091" /><xref ta There are
rget="GOST3410-2012" />, consists of two integers r and s. two variants of the GOST digital signature algorithm -- one over a 2
The size of each integer is either 256 bit or 512 bit depending on t 56-bit elliptic curve and the other over a 512-bit key elliptic curve.
he used elliptic curve. The signature value, as defined in <xref target="RFC7091" format="de
fault" sectionFormat="of" derivedContent="RFC7091"/> and <xref target="GOST3410-
2012" format="default" sectionFormat="of" derivedContent="GOST3410-2012"/>, cons
ists of two integers: r and s.
The size of each integer is either 256 or 512 bits depending on the
elliptic curve used.
The content of the Signature Value field in the AUTH payload <bcp14> MUST</bcp14> consist of s immediately followed by r, each in a big-endian repres entation, The content of the Signature Value field in the AUTH payload <bcp14> MUST</bcp14> consist of s immediately followed by r, each in a big-endian repres entation,
so that the size of the field is either 64 or 128 octets. The Algori so that the size of the field is either 64 or 128 octets.
thmIdentifier ASN.1 objects
for GOST digital signature algorithm are defined in <xref target="as
n1" />.
</t>
<section title="Hash Functions" anchor="hash" >
<t> GOST digital signature algorithm uses GOST hash functions GO
ST R 34.11-2012 ("Streebog") defined in
<xref target="RFC6986" /><xref target="GOST3411-2012" />. There
are two "Streebog" hash functions -
one with 256-bit output length and the other with 512-bit output
length. The former is used with
GOST digital signature algorithm over a 256-bit elliptic curve a
nd the latter - over a 512-bit key elliptic curve.
</t>
<t> This specification defines two new values for IKEv2 Hash Alg
orithms registry: STREEBOG_256 (6)
for GOST hash function with 256-bit output length and STREEBOG_5
12 (7) for the 512-bit length output.
These values <bcp14>MUST</bcp14> be included in the SIGNATURE_HA
SH_ALGORITHMS notify
if a corresponding GOST digital signature algorithm is supported
by the sender
and its local policy allows using this algorithm (see Section 4
of <xref target="RFC7427" /> for details).
</t>
</section>
<section title="ASN.1 Objects" anchor="asn1" >
<t> This section lists GOST signature algorithm ASN.1 AlgorithmI
dentifier objects in binary form.
With GOST signature algorithms, optional parameters in Algorithm
Identifier objects are always omitted.
This objects are defined in <xref target="RFC9215" /><xref targe
t="USING-GOST-IN-CERTS" /> and are provided here for convenience.
</t>
<section title="id-tc26-signwithdigest-gost3410-12-256" anchor="
gost256" >
<t> id-tc26-signwithdigest-gost3410-12-256 OBJECT IDENTIFIER
::= { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) algorithms(1) signwi
thdigest(3) gost3410-12-256(2) }
</t>
<t>The optional parameters field must be omitted. The AlgorithmIdentifier ASN.1 objects
</t> for the GOST digital signature algorithm are defined in <xref target
="asn1" format="default" sectionFormat="of" derivedContent="Section 7.2"/>.
</t>
<section anchor="hash" numbered="true" removeInRFC="false" toc="include" p
n="section-7.1">
<name slugifiedName="name-hash-functions">Hash Functions</name>
<t indent="0" pn="section-7.1-1">The GOST digital signature algorithm us
es the GOST R 34.11-2012 ("Streebog") hash functions defined in
<xref target="RFC6986" format="default" sectionFormat="of" deriv
edContent="RFC6986"/> and <xref target="GOST3411-2012" format="default" sectionF
ormat="of" derivedContent="GOST3411-2012"/>. There are two "Streebog" hash funct
ions: one with a 256-bit output length and the other with a 512-bit output lengt
h.
The former is used with
the GOST digital signature algorithm over a 256-bit elliptic cur
ve and the latter over a 512-bit key elliptic curve.
</t>
<t indent="0" pn="section-7.1-2"> This specification defines two new val
ues for the "IKEv2 Hash
Algorithms" registry: STREEBOG_256 (6) for the GOST hash function with
a 256-bit output length and STREEBOG_512 (7) for the GOST hash function
with a 512-bit output length.
<figure> These values <bcp14>MUST</bcp14> be included in the
<preamble></preamble> SIGNATURE_HASH_ALGORITHMS notification if a corresponding GOST digital
<artwork align="left"><![CDATA[ signature algorithm is supported by the sender and its local policy
allows the use of this algorithm (see <xref target="RFC7427" sectionForm
at="of" section="4" format="default" derivedLink="https://rfc-editor.org/rfc/rfc
7427#section-4" derivedContent="RFC7427"/> for details).
</t>
</section>
<section anchor="asn1" numbered="true" removeInRFC="false" toc="include" p
n="section-7.2">
<name slugifiedName="name-asn1-objects">ASN.1 Objects</name>
<t indent="0" pn="section-7.2-1"> This section lists GOST digital signat
ure algorithm ASN.1 AlgorithmIdentifier objects in binary form.
With GOST digital signature algorithms, optional parameters in A
lgorithmIdentifier objects are always omitted.
These objects are defined in <xref target="RFC9215" format="defa
ult" sectionFormat="of" derivedContent="RFC9215"/> and <xref target="USING-GOST-
IN-CERTS" format="default" sectionFormat="of" derivedContent="USING-GOST-IN-CERT
S"/> and are provided here for convenience.
</t>
<section anchor="gost256" numbered="true" removeInRFC="false" toc="inclu
de" pn="section-7.2.1">
<name slugifiedName="name-id-tc26-signwithdigest-gost">id-tc26-signwit
hdigest-gost3410-12-256</name>
<sourcecode type="asn.1" markers="false" pn="section-7.2.1-1">
id-tc26-signwithdigest-gost3410-12-256 OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) ru(643) rosstandart(7) tc26(1)
algorithms(1) signwithdigest(3) gost3410-12-256(2)}</sourcecode>
<t indent="0" pn="section-7.2.1-2">The optional parameters field must
be omitted.
</t>
<artwork type="" align="left" pn="section-7.2.1-3">
Name = id-tc26-signwithdigest-gost3410-12-256 Name = id-tc26-signwithdigest-gost3410-12-256
OID = 1.2.643.7.1.1.3.2 OID = 1.2.643.7.1.1.3.2
Length = 12 Length = 12
0000: 300a 0608 2a85 0307 0101 0302 0000: 300a 0608 2a85 0307 0101 0302
]]></artwork> </artwork>
</figure> </section>
<section anchor="gost512" numbered="true" removeInRFC="false" toc="inclu
</section> de" pn="section-7.2.2">
<name slugifiedName="name-id-tc26-signwithdigest-gost3">id-tc26-signwi
<section title="id-tc26-signwithdigest-gost3410-12-512" anchor=" thdigest-gost3410-12-512</name>
gost512" > <sourcecode type="asn.1" markers="false" pn="section-7.2.2-1">
<t> id-tc26-signwithdigest-gost3410-12-512 OBJECT IDENTIFIER id-tc26-signwithdigest-gost3410-12-512 OBJECT IDENTIFIER ::=
::= { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) algorithms(1) signwi { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1)
thdigest(3) gost3410-12-512(3) } algorithms(1) signwithdigest(3) gost3410-12-512(3)}
</t> </sourcecode>
<t indent="0" pn="section-7.2.2-2"> The optional parameters field mus
<t> The optional parameters field must be omitted. t be omitted.
</t> </t>
<artwork type="" align="left" pn="section-7.2.2-3">
<figure>
<preamble></preamble>
<artwork align="left"><![CDATA[
Name = id-tc26-signwithdigest-gost3410-12-512 Name = id-tc26-signwithdigest-gost3410-12-512
OID = 1.2.643.7.1.1.3.3 OID = 1.2.643.7.1.1.3.3
Length = 12 Length = 12
0000: 300a 0608 2a85 0307 0101 0303 0000: 300a 0608 2a85 0307 0101 0303
]]></artwork> </artwork>
</figure>
</section>
</section>
</section>
<section title="Security Considerations" anchor="security" >
<t> The security considerations of <xref target="RFC7296" /> and <xr
ef target="RFC7427" /> apply accordingly.
</t>
<t> The security of GOST elliptic curves is discussed in <xref targe
t="GOST-EC-SECURITY" />. The security
of "Streebog" hash function is discussed in <xref target="STREEBOG-S
ECURITY" />.
A second preimage attack on "Streebog" is described in <xref target=
"STREEBOG-PREIMAGE" />
if message size exceeds 2^259 blocks. This attack is not relevant to
how "Streebog" is used in IKEv2.
</t>
</section>
<section title="IANA Considerations" anchor="iana" >
<t> IANA has assigned one Transform ID in the "Transform Type 2 - Ps
eudorandom Function Transform IDs" registry
(where RFCXXXX is this document):
</t>
<figure>
<preamble></preamble>
<artwork align="left"><![CDATA[
Number Name Reference
9 PRF_HMAC_STREEBOG_512 [RFCXXXX]
]]></artwork>
</figure>
<t> IANA has assigned two Transform IDs in the "Transform Type 4 - D
iffie-Hellman Group Transform IDs" registry
(where RFCXXXX is this document):
</t>
<figure>
<preamble></preamble>
<artwork align="left"><![CDATA[
Number Name Recipient Tests Reference
33 GOST3410_2012_256 [RFCXXXX] Sec. 6.1 [RFCXXXX]
34 GOST3410_2012_512 [RFCXXXX] Sec. 6.1 [RFCXXXX]
]]></artwork>
</figure>
<t> IANA has assigned two values in the "IKEv2 Hash Algorithms" regi
stry
(where RFCXXXX is this document):
</t>
<figure>
<preamble></preamble>
<artwork align="left"><![CDATA[
Number Hash Algorithm Reference
6 STREEBOG_256 [RFCXXXX]
7 STREEBOG_512 [RFCXXXX]
]]></artwork>
</figure>
</section> </section>
</middle> </section>
</section>
<back> <section anchor="security" numbered="true" removeInRFC="false" toc="include"
<references title='Normative References'> pn="section-8">
<?rfc include="https://xml2rfc.ietf.org/public/rfc/bibxml/reference. <name slugifiedName="name-security-considerations">Security Considerations
RFC.2119.xml" ?> </name>
<?rfc include="https://xml2rfc.ietf.org/public/rfc/bibxml/reference. <t indent="0" pn="section-8-1"> The security considerations of <xref targe
RFC.8174.xml" ?> t="RFC7296" format="default" sectionFormat="of" derivedContent="RFC7296"/> and <
<?rfc include="https://xml2rfc.ietf.org/public/rfc/bibxml/reference. xref target="RFC7427" format="default" sectionFormat="of" derivedContent="RFC742
RFC.6986.xml" ?> 7"/> apply.
<?rfc include="https://xml2rfc.ietf.org/public/rfc/bibxml/reference. </t>
RFC.7091.xml" ?> <t indent="0" pn="section-8-2">The security of GOST elliptic curves is dis
<?rfc include="https://xml2rfc.ietf.org/public/rfc/bibxml/reference. cussed in <xref target="GOST-EC-SECURITY" format="default" sectionFormat="of" de
RFC.7296.xml" ?> rivedContent="GOST-EC-SECURITY"/>. The security
<?rfc include="https://xml2rfc.ietf.org/public/rfc/bibxml/reference. of the "Streebog" hash functions is discussed in <xref target="STREE
RFC.7427.xml" ?> BOG-SECURITY" format="default" sectionFormat="of" derivedContent="STREEBOG-SECUR
<?rfc include="https://xml2rfc.ietf.org/public/rfc/bibxml/reference. ITY"/>.
RFC.7836.xml" ?> A second preimage attack on "Streebog" hash functions is described in <xref targ
<?rfc include="https://xml2rfc.ietf.org/public/rfc/bibxml/reference. et="STREEBOG-PREIMAGE" format="default" sectionFormat="of" derivedContent="STREE
RFC.9215.xml" ?> BOG-PREIMAGE"/>
<?rfc include="https://xml2rfc.ietf.org/public/rfc/bibxml/reference. if the message size exceeds 2<sup>259</sup> blocks. This attack is n
RFC.9227.xml" ?> ot relevant to how "Streebog" hash functions are used in IKEv2.
</references> </t>
</section>
<references title='Informative References'> <section anchor="iana" numbered="true" removeInRFC="false" toc="include" pn=
<?rfc include="https://xml2rfc.ietf.org/public/rfc/bibxml/reference. "section-9">
RFC.2104.xml" ?> <name slugifiedName="name-iana-considerations">IANA Considerations</name>
<?rfc include="https://xml2rfc.ietf.org/public/rfc/bibxml/reference. <t indent="0" pn="section-9-1"> IANA has assigned one Transform ID in the
RFC.7619.xml" ?> "Transform Type 2 - Pseudorandom Function Transform IDs" registry:
<?rfc include="https://xml2rfc.ietf.org/public/rfc/bibxml/reference. </t>
RFC.7801.xml" ?> <table anchor="iana1" align="left" pn="table-1">
<?rfc include="https://xml2rfc.ietf.org/public/rfc/bibxml/reference. <name slugifiedName="name-new-pseudorandom-function-t">New Pseudorandom
RFC.8891.xml" ?> Function Transform ID</name>
<reference anchor="GOST3410-2012"> <thead>
<front> <tr>
<title>Information technology. Cryptographic data security. <th align="left" colspan="1" rowspan="1">Number</th>
Signature and verification processes of [electronic] digital signature</title> <th align="left" colspan="1" rowspan="1">Name</th>
<author> <th align="left" colspan="1" rowspan="1">Reference</th>
<organization>Federal Agency on Technical Regulating and </tr>
Metrology</organization> </thead>
</author> <tbody>
<date year="2012"/> <tr>
</front> <td align="left" colspan="1" rowspan="1">9</td>
<seriesInfo name="GOST R" value="34.10-2012"/> <td align="left" colspan="1" rowspan="1">PRF_HMAC_STREEBOG_512</td>
<annotation>(In Russian)</annotation> <td align="left" colspan="1" rowspan="1">RFC 9385</td>
</reference> </tr>
<reference anchor="GOST3411-2012"> </tbody>
<front> </table>
<title>Information technology. Cryptographic data security. <t indent="0" pn="section-9-3"> IANA has assigned two Transform IDs in the
Hashing function</title> "Transform Type 4 - Key Exchange Method Transform IDs" registry:
<author> </t>
<organization>Federal Agency on Technical Regulating and <table anchor="iana2" align="left" pn="table-2">
Metrology</organization> <name slugifiedName="name-new-key-exchange-method-tra">New Key Exchange
</author> Method Transform IDs</name>
<date year="2012"/> <thead>
</front> <tr>
<seriesInfo name="GOST R" value="34.11-2012"/> <th align="left" colspan="1" rowspan="1">Number</th>
<annotation>(In Russian)</annotation> <th align="left" colspan="1" rowspan="1">Name</th>
</reference> <th align="left" colspan="1" rowspan="1">Recipient Tests</th>
<reference anchor="GOST3412-2015"> <th align="left" colspan="1" rowspan="1">Reference</th>
<front> </tr>
<title>Information technology. Cryptographic data security. </thead>
Block ciphers</title> <tbody>
<author> <tr>
<organization>Federal Agency on Technical Regulating and <td align="left" colspan="1" rowspan="1">33</td>
Metrology</organization> <td align="left" colspan="1" rowspan="1">GOST3410_2012_256</td>
</author> <td align="left" colspan="1" rowspan="1">RFC 9385, Section 6.1</td>
<date year="2015"/> <td align="left" colspan="1" rowspan="1">RFC 9385</td>
</front> </tr>
<seriesInfo name="GOST R" value="34.12-2015"/> <tr>
<annotation>(In Russian)</annotation> <td align="left" colspan="1" rowspan="1">34</td>
</reference> <td align="left" colspan="1" rowspan="1">GOST3410_2012_512</td>
<reference anchor="GOST-IKEv2"> <td align="left" colspan="1" rowspan="1">RFC 9385, Section 6.1</td>
<front> <td align="left" colspan="1" rowspan="1">RFC 9385</td>
<title>Information technology. Cryptographic information pro </tr>
tection. The use of Russian cryptographic algorithms in the IKEv2 key exchange p </tbody>
rotocol</title> </table>
<author> <t indent="0" pn="section-9-5"> IANA has assigned two values in the "IKEv2
<organization>Standardisation Technical Committee "Crypt Hash Algorithms" registry:</t>
ographic information protection"</organization> <table anchor="iana3" align="left" pn="table-3">
</author> <name slugifiedName="name-new-ikev2-hash-algorithms">New IKEv2 Hash Algo
<date year="2022"/> rithms</name>
</front> <thead>
<seriesInfo name="MR" value="26.2.001-22"/> <tr>
<annotation>(In Russian)</annotation> <th align="left" colspan="1" rowspan="1">Number</th>
</reference> <th align="left" colspan="1" rowspan="1">Hash Algorithm</th>
<reference anchor="GOST-IKEv2-TESTVECTORS"> <th align="left" colspan="1" rowspan="1">Reference</th>
<front> </tr>
<title>Information technology. Cryptographic information pro </thead>
tection. The test vectors for the use of Russian cryptographic algorithms in the <tbody>
IKEv2 key exchange protocol</title> <tr>
<author> <td align="left" colspan="1" rowspan="1">6</td>
<organization>Standardisation Technical Committee "Crypt <td align="left" colspan="1" rowspan="1">STREEBOG_256</td>
ographic information protection"</organization> <td align="left" colspan="1" rowspan="1">RFC 9385</td>
</author> </tr>
<date year="2022"/> <tr>
</front> <td align="left" colspan="1" rowspan="1">7</td>
<seriesInfo name="MR" value="26.2.002-22"/> <td align="left" colspan="1" rowspan="1">STREEBOG_512</td>
<annotation>(In Russian)</annotation> <td align="left" colspan="1" rowspan="1">RFC 9385</td>
</reference> </tr>
<reference anchor="USING-GOST-IN-CERTS"> </tbody>
<front> </table>
<title>Information technology. Cryptographic data security. </section>
Using GOST R 34.10-2012 and GOST R 34.11-2012 algorithms </middle>
in X.509 Certificates, CRLs and PKCS #10 Certificate Request <back>
s</title> <references pn="section-10">
<author> <name slugifiedName="name-references">References</name>
<organization>Federal Agency on Technical Regulating and <references pn="section-10.1">
Metrology</organization> <name slugifiedName="name-normative-references">Normative References</na
</author> me>
<date year="2018"/> <reference anchor="RFC2119" target="https://www.rfc-editor.org/info/rfc2
</front> 119" quoteTitle="true" derivedAnchor="RFC2119">
<seriesInfo name="R" value="1323565.1.023-2018"/> <front>
<annotation>(In Russian)</annotation> <title>Key words for use in RFCs to Indicate Requirement Levels</tit
</reference> le>
<reference anchor="GOST-EC-SECURITY"> <author fullname="S. Bradner" initials="S." surname="Bradner"/>
<front> <date month="March" year="1997"/>
<title>On the security properties of Russian standardized el <abstract>
liptic curves</title> <t indent="0">In many standards track documents several words are
<author initials='E.' surname="Alekseev" /> used to signify the requirements in the specification. These words are often ca
<author initials='V.' surname="Nikolaev" /> pitalized. This document defines these words as they should be interpreted in I
<author initials='S.' surname="Smyshlyaev" /> ETF documents. This document specifies an Internet Best Current Practices for t
<date year="2018"/> he Internet Community, and requests discussion and suggestions for improvements.
</front> </t>
<seriesInfo name="" value="https://doi.org/10.4213/mvk260" /> </abstract>
</reference> </front>
<reference anchor="STREEBOG-SECURITY"> <seriesInfo name="BCP" value="14"/>
<front> <seriesInfo name="RFC" value="2119"/>
<title>Cryptanalysis of GOST R hash function</title> <seriesInfo name="DOI" value="10.17487/RFC2119"/>
<author initials='Z.' surname="Wang" /> </reference>
<author initials='H.' surname="Yu" /> <reference anchor="RFC8174" target="https://www.rfc-editor.org/info/rfc8
<author initials='X.' surname="Wang" /> 174" quoteTitle="true" derivedAnchor="RFC8174">
<date year="2014"/> <front>
</front> <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</ti
<seriesInfo name="" value="https://doi.org/10.1016/j.ipl.2014.07 tle>
.007" /> <author fullname="B. Leiba" initials="B." surname="Leiba"/>
</reference> <date month="May" year="2017"/>
<reference anchor="STREEBOG-PREIMAGE"> <abstract>
<front> <t indent="0">RFC 2119 specifies common key words that may be used
<title>The Usage of Counter Revisited: Second-Preimage Attac in protocol specifications. This document aims to reduce the ambiguity by clar
k on New Russian Standardized Hash Function</title> ifying that only UPPERCASE usage of the key words have the defined special meani
<author initials='J.' surname="Guo" /> ngs.</t>
<author initials='J.' surname="Jean" /> </abstract>
<author initials='G.' surname="Leurent" /> </front>
<author initials='T.' surname="Peyrin" /> <seriesInfo name="BCP" value="14"/>
<author initials='L.' surname="Wang" /> <seriesInfo name="RFC" value="8174"/>
<date year="2014"/> <seriesInfo name="DOI" value="10.17487/RFC8174"/>
</front> </reference>
<seriesInfo name="" value="https://eprint.iacr.org/2014/675" /> <reference anchor="RFC6986" target="https://www.rfc-editor.org/info/rfc6
</reference> 986" quoteTitle="true" derivedAnchor="RFC6986">
</references> <front>
<title>GOST R 34.11-2012: Hash Function</title>
<section title="Test Vectors" anchor="testvec"> <author fullname="V. Dolmatov" initials="V." role="editor" surname="
<t> This Appendix contains test vectors for two scenarios. The test ve Dolmatov"/>
ctors were borrowed from <xref target="GOST-IKEv2-TESTVECTORS" />. <author fullname="A. Degtyarev" initials="A." surname="Degtyarev"/>
In both scenarios peers establish, rekey and delete IKE SA and ESP SAs <date month="August" year="2013"/>
. <abstract>
<t indent="0">This document is intended to be a source of informat
ion about the Russian Federal standard hash function (GOST R 34.11-2012), which
is one of the Russian cryptographic standard algorithms (called GOST algorithms)
. This document updates RFC 5831.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="6986"/>
<seriesInfo name="DOI" value="10.17487/RFC6986"/>
</reference>
<reference anchor="RFC7091" target="https://www.rfc-editor.org/info/rfc7
091" quoteTitle="true" derivedAnchor="RFC7091">
<front>
<title>GOST R 34.10-2012: Digital Signature Algorithm</title>
<author fullname="V. Dolmatov" initials="V." role="editor" surname="
Dolmatov"/>
<author fullname="A. Degtyarev" initials="A." surname="Degtyarev"/>
<date month="December" year="2013"/>
<abstract>
<t indent="0">This document provides information about the Russian
Federal standard for digital signatures (GOST R 34.10-2012), which is one of th
e Russian cryptographic standard algorithms (called GOST algorithms). Recently,
Russian cryptography is being used in Internet applications, and this document
provides information for developers and users of GOST R 34.10-2012 regarding dig
ital signature generation and verification. This document updates RFC 5832.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="7091"/>
<seriesInfo name="DOI" value="10.17487/RFC7091"/>
</reference>
<reference anchor="RFC7296" target="https://www.rfc-editor.org/info/rfc7
296" quoteTitle="true" derivedAnchor="RFC7296">
<front>
<title>Internet Key Exchange Protocol Version 2 (IKEv2)</title>
<author fullname="C. Kaufman" initials="C." surname="Kaufman"/>
<author fullname="P. Hoffman" initials="P." surname="Hoffman"/>
<author fullname="Y. Nir" initials="Y." surname="Nir"/>
<author fullname="P. Eronen" initials="P." surname="Eronen"/>
<author fullname="T. Kivinen" initials="T." surname="Kivinen"/>
<date month="October" year="2014"/>
<abstract>
<t indent="0">This document describes version 2 of the Internet Ke
y Exchange (IKE) protocol. IKE is a component of IPsec used for performing mutu
al authentication and establishing and maintaining Security Associations (SAs).
This document obsoletes RFC 5996, and includes all of the errata for it. It ad
vances IKEv2 to be an Internet Standard.</t>
</abstract>
</front>
<seriesInfo name="STD" value="79"/>
<seriesInfo name="RFC" value="7296"/>
<seriesInfo name="DOI" value="10.17487/RFC7296"/>
</reference>
<reference anchor="RFC7427" target="https://www.rfc-editor.org/info/rfc7
427" quoteTitle="true" derivedAnchor="RFC7427">
<front>
<title>Signature Authentication in the Internet Key Exchange Version
2 (IKEv2)</title>
<author fullname="T. Kivinen" initials="T." surname="Kivinen"/>
<author fullname="J. Snyder" initials="J." surname="Snyder"/>
<date month="January" year="2015"/>
<abstract>
<t indent="0">The Internet Key Exchange Version 2 (IKEv2) protocol
has limited support for the Elliptic Curve Digital Signature Algorithm (ECDSA).
The current version only includes support for three Elliptic Curve groups, and
there is a fixed hash algorithm tied to each group. This document generalizes
IKEv2 signature support to allow any signature method supported by PKIX and also
adds signature hash algorithm negotiation. This is a generic mechanism and is
not limited to ECDSA; it can also be used with other signature algorithms.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="7427"/>
<seriesInfo name="DOI" value="10.17487/RFC7427"/>
</reference>
<reference anchor="RFC7836" target="https://www.rfc-editor.org/info/rfc7
836" quoteTitle="true" derivedAnchor="RFC7836">
<front>
<title>Guidelines on the Cryptographic Algorithms to Accompany the U
sage of Standards GOST R 34.10-2012 and GOST R 34.11-2012</title>
<author fullname="S. Smyshlyaev" initials="S." role="editor" surname
="Smyshlyaev"/>
<author fullname="E. Alekseev" initials="E." surname="Alekseev"/>
<author fullname="I. Oshkin" initials="I." surname="Oshkin"/>
<author fullname="V. Popov" initials="V." surname="Popov"/>
<author fullname="S. Leontiev" initials="S." surname="Leontiev"/>
<author fullname="V. Podobaev" initials="V." surname="Podobaev"/>
<author fullname="D. Belyavsky" initials="D." surname="Belyavsky"/>
<date month="March" year="2016"/>
<abstract>
<t indent="0">The purpose of this document is to make the specific
ations of the cryptographic algorithms defined by the Russian national standards
GOST R 34.10-2012 and GOST R 34.11-2012 available to the Internet community for
their implementation in the cryptographic protocols based on the accompanying a
lgorithms.</t>
<t indent="0">These specifications define the pseudorandom functio
ns, the key agreement algorithm based on the Diffie-Hellman algorithm and a hash
function, the parameters of elliptic curves, the key derivation functions, and
the key export functions.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="7836"/>
<seriesInfo name="DOI" value="10.17487/RFC7836"/>
</reference>
<reference anchor="RFC9215" target="https://www.rfc-editor.org/info/rfc9
215" quoteTitle="true" derivedAnchor="RFC9215">
<front>
<title>Using GOST R 34.10-2012 and GOST R 34.11-2012 Algorithms with
the Internet X.509 Public Key Infrastructure</title>
<author fullname="D. Baryshkov" initials="D." role="editor" surname=
"Baryshkov"/>
<author fullname="V. Nikolaev" initials="V." surname="Nikolaev"/>
<author fullname="A. Chelpanov" initials="A." surname="Chelpanov"/>
<date month="March" year="2022"/>
<abstract>
<t indent="0">This document describes encoding formats, identifier
s, and parameter formats for the GOST R 34.10-2012 and GOST R 34.11-2012 algorit
hms for use in the Internet X.509 Public Key Infrastructure (PKI).</t>
<t indent="0">This specification is developed to facilitate implem
entations that wish to support the GOST algorithms. This document does not imply
IETF endorsement of the cryptographic algorithms used in this document.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="9215"/>
<seriesInfo name="DOI" value="10.17487/RFC9215"/>
</reference>
<reference anchor="RFC9227" target="https://www.rfc-editor.org/info/rfc9
227" quoteTitle="true" derivedAnchor="RFC9227">
<front>
<title>Using GOST Ciphers in the Encapsulating Security Payload (ESP
) and Internet Key Exchange Version 2 (IKEv2) Protocols</title>
<author fullname="V. Smyslov" initials="V." surname="Smyslov"/>
<date month="March" year="2022"/>
<abstract>
<t indent="0">This document defines a set of encryption transforms
for use in the Encapsulating Security Payload (ESP) and in the Internet Key Exc
hange version 2 (IKEv2) protocols, which are parts of the IP Security (IPsec) pr
otocol suite. The transforms are based on the GOST R 34.12-2015 block ciphers (w
hich are named "Magma" and "Kuznyechik") in Multilinear Galois Mode (MGM) and th
e external rekeying approach.</t>
<t indent="0">This specification was developed to facilitate imple
mentations that wish to support the GOST algorithms. This document does not impl
y IETF endorsement of the cryptographic algorithms used in this document.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="9227"/>
<seriesInfo name="DOI" value="10.17487/RFC9227"/>
</reference>
</references>
<references pn="section-10.2">
<name slugifiedName="name-informative-references">Informative References
</name>
<reference anchor="RFC2104" target="https://www.rfc-editor.org/info/rfc2
104" quoteTitle="true" derivedAnchor="RFC2104">
<front>
<title>HMAC: Keyed-Hashing for Message Authentication</title>
<author fullname="H. Krawczyk" initials="H." surname="Krawczyk"/>
<author fullname="M. Bellare" initials="M." surname="Bellare"/>
<author fullname="R. Canetti" initials="R." surname="Canetti"/>
<date month="February" year="1997"/>
<abstract>
<t indent="0">This document describes HMAC, a mechanism for messag
e authentication using cryptographic hash functions. HMAC can be used with any
iterative cryptographic hash function, e.g., MD5, SHA-1, in combination with a s
ecret shared key. The cryptographic strength of HMAC depends on the properties
of the underlying hash function. This memo provides information for the Interne
t community. This memo does not specify an Internet standard of any kind</t>
</abstract>
</front>
<seriesInfo name="RFC" value="2104"/>
<seriesInfo name="DOI" value="10.17487/RFC2104"/>
</reference>
<reference anchor="RFC7619" target="https://www.rfc-editor.org/info/rfc7
619" quoteTitle="true" derivedAnchor="RFC7619">
<front>
<title>The NULL Authentication Method in the Internet Key Exchange P
rotocol Version 2 (IKEv2)</title>
<author fullname="V. Smyslov" initials="V." surname="Smyslov"/>
<author fullname="P. Wouters" initials="P." surname="Wouters"/>
<date month="August" year="2015"/>
<abstract>
<t indent="0">This document specifies the NULL Authentication meth
od and the ID_NULL Identification Payload ID Type for Internet Key Exchange Prot
ocol version 2 (IKEv2). This allows two IKE peers to establish single-side auth
enticated or mutual unauthenticated IKE sessions for those use cases where a pee
r is unwilling or unable to authenticate or identify itself. This ensures IKEv2
can be used for Opportunistic Security (also known as Opportunistic Encryption)
to defend against Pervasive Monitoring attacks without the need to sacrifice an
onymity.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="7619"/>
<seriesInfo name="DOI" value="10.17487/RFC7619"/>
</reference>
<reference anchor="RFC7801" target="https://www.rfc-editor.org/info/rfc7
801" quoteTitle="true" derivedAnchor="RFC7801">
<front>
<title>GOST R 34.12-2015: Block Cipher "Kuznyechik"</title>
<author fullname="V. Dolmatov" initials="V." role="editor" surname="
Dolmatov"/>
<date month="March" year="2016"/>
<abstract>
<t indent="0">This document is intended to be a source of informat
ion about the Russian Federal standard GOST R 34.12-2015 describing the block ci
pher with a block length of n=128 bits and a key length of k=256 bits, which is
also referred to as "Kuznyechik". This algorithm is one of the set of Russian c
ryptographic standard algorithms (called GOST algorithms).</t>
</abstract>
</front>
<seriesInfo name="RFC" value="7801"/>
<seriesInfo name="DOI" value="10.17487/RFC7801"/>
</reference>
<reference anchor="RFC8891" target="https://www.rfc-editor.org/info/rfc8
891" quoteTitle="true" derivedAnchor="RFC8891">
<front>
<title>GOST R 34.12-2015: Block Cipher "Magma"</title>
<author fullname="V. Dolmatov" initials="V." role="editor" surname="
Dolmatov"/>
<author fullname="D. Baryshkov" initials="D." surname="Baryshkov"/>
<date month="September" year="2020"/>
<abstract>
<t indent="0">In addition to a new cipher with a block length of n
=128 bits (referred to as "Kuznyechik" and described in RFC 7801), Russian Feder
al standard GOST R 34.12-2015 includes an updated version of the block cipher wi
th a block length of n=64 bits and key length of k=256 bits, which is also refer
red to as "Magma". The algorithm is an updated version of an older block cipher
with a block length of n=64 bits described in GOST 28147-89 (RFC 5830). This d
ocument is intended to be a source of information about the updated version of t
he 64-bit cipher. It may facilitate the use of the block cipher in Internet app
lications by providing information for developers and users of the GOST 64-bit c
ipher with the revised version of the cipher for encryption and decryption.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="8891"/>
<seriesInfo name="DOI" value="10.17487/RFC8891"/>
</reference>
<reference anchor="GOST3410-2012" quoteTitle="true" derivedAnchor="GOST3
410-2012">
<front>
<title>Information technology. Cryptographic data security. Signatur
e and verification processes of [electronic] digital signature</title>
<author>
<organization showOnFrontPage="true">Federal Agency on Technical R
egulating and Metrology</organization>
</author>
<date year="2012"/>
</front>
<seriesInfo name="GOST R" value="34.10-2012"/>
<annotation>(In Russian)</annotation>
</reference>
<reference anchor="GOST3411-2012" quoteTitle="true" derivedAnchor="GOST3
411-2012">
<front>
<title>Information technology. Cryptographic data security. Hashing
function</title>
<author>
<organization showOnFrontPage="true">Federal Agency on Technical R
egulating and Metrology</organization>
</author>
<date year="2012"/>
</front>
<seriesInfo name="GOST R" value="34.11-2012"/>
<annotation>(In Russian)</annotation>
</reference>
<reference anchor="GOST3412-2015" quoteTitle="true" derivedAnchor="GOST3
412-2015">
<front>
<title>Information technology. Cryptographic data security. Block ci
phers</title>
<author>
<organization showOnFrontPage="true">Federal Agency on Technical R
egulating and Metrology</organization>
</author>
<date year="2015"/>
</front>
<seriesInfo name="GOST R" value="34.12-2015"/>
<annotation>(In Russian)</annotation>
</reference>
<reference anchor="GOST-IKEv2" quoteTitle="true" derivedAnchor="GOST-IKE
v2">
<front>
<title>Information technology. Cryptographic data security. Using Ru
ssian cryptographic algorithms in the Internet Key Exchange protocol version 2 (
IKEv2)</title>
<author>
<organization showOnFrontPage="true">Standardisation Technical Com
mittee "Cryptographic information protection"</organization>
</author>
<date year="2022"/>
</front>
<seriesInfo name="MR" value="26.2.001-22"/>
<annotation>(In Russian)</annotation>
</reference>
<reference anchor="GOST-IKEv2-TESTVECTORS" quoteTitle="true" derivedAnch
or="GOST-IKEv2-TESTVECTORS">
<front>
<title>Information technology. Cryptographic data security. The test
vectors for the use of Russian cryptographic algorithms in the IKEv2 key exchan
ge protocol</title>
<author>
<organization showOnFrontPage="true">Standardisation Technical Com
mittee "Cryptographic information protection"</organization>
</author>
<date year="2022"/>
</front>
<seriesInfo name="MR" value="26.2.002-22"/>
<annotation>(In Russian)</annotation>
</reference>
<reference anchor="USING-GOST-IN-CERTS" quoteTitle="true" derivedAnchor=
"USING-GOST-IN-CERTS">
<front>
<title>Information technology. Cryptographic data security. Usage of
GOST R 34.10-2012 and GOST R 34.11-2012 algorithms in certificate, CRL and PKCS
#10 certificate request in X.509 public key infrastructure</title>
<author>
<organization showOnFrontPage="true">Federal Agency on Technical R
egulating and Metrology</organization>
</author>
<date year="2018"/>
</front>
<seriesInfo name="R" value="1323565.1.023-2018"/>
<annotation>(In Russian)</annotation>
</reference>
<reference anchor="GOST-EC-SECURITY" target="https://doi.org/10.4213/mvk
260" quoteTitle="true" derivedAnchor="GOST-EC-SECURITY">
<front>
<title>On the security properties of Russian standardized elliptic c
urves</title>
<author initials="E." surname="Alekseev"/>
<author initials="V." surname="Nikolaev"/>
<author initials="S." surname="Smyshlyaev"/>
<date year="2018"/>
</front>
<seriesInfo name="DOI" value="10.4213/mvk260"/>
</reference>
<reference anchor="STREEBOG-SECURITY" target="https://doi.org/10.1016/j.
ipl.2014.07.007" quoteTitle="true" derivedAnchor="STREEBOG-SECURITY">
<front>
<title>Cryptanalysis of GOST R hash function</title>
<author initials="Z." surname="Wang"/>
<author initials="H." surname="Yu"/>
<author initials="X." surname="Wang"/>
<date year="2014" month="December"/>
</front>
<seriesInfo name="DOI" value="10.1016/j.ipl.2014.07.007"/>
</reference>
<reference anchor="STREEBOG-PREIMAGE" target="https://eprint.iacr.org/20
14/675" quoteTitle="true" derivedAnchor="STREEBOG-PREIMAGE">
<front>
<title>The Usage of Counter Revisited: Second-Preimage Attack on New
Russian Standardized Hash Function</title>
<author initials="J." surname="Guo"/>
<author initials="J." surname="Jean"/>
<author initials="G." surname="Leurent"/>
<author initials="T." surname="Peyrin"/>
<author initials="L." surname="Wang"/>
<date year="2014"/>
</front>
<refcontent>Cryptology ePrint Archive, Paper 2014/675</refcontent>
</reference>
</references>
</references>
<section anchor="testvec" numbered="true" removeInRFC="false" toc="include"
pn="section-appendix.a">
<name slugifiedName="name-test-vectors">Test Vectors</name>
<t indent="0" pn="section-appendix.a-1"> This appendix contains test vecto
rs for two scenarios. The test vectors were borrowed from <xref target="GOST-IKE
v2-TESTVECTORS" format="default" sectionFormat="of" derivedContent="GOST-IKEv2-T
ESTVECTORS"/>.
In both scenarios, peers establish, rekey, and delete an IKE SA and ES
P SAs.
The IP addresses of the peers used in both scenarios are the same:</t> The IP addresses of the peers used in both scenarios are the same:</t>
<ul> <ul bare="false" empty="false" indent="3" spacing="normal" pn="section-app
<li>initiator's IP address is 10.111.10.171</li> endix.a-2">
<li>responder's IP address is 10.111.10.45</li> <li pn="section-appendix.a-2.1">initiator's IP address is 10.111.10.171<
</ul> /li>
<li pn="section-appendix.a-2.2">responder's IP address is 10.111.10.45</
<t> The test vectors also cover IKE message protection for transforms li>
defined in <xref target="RFC9227" />. </ul>
The keys SK_ei, SK_er are transform keys (see Section 4.4 of <xref tar <t indent="0" pn="section-appendix.a-3"> The test vectors also cover IKE m
get="RFC9227" />) essage protection for transforms defined in <xref target="RFC9227" format="defau
and the keys K1i, K2i K3i, K1r, K2r, and K3r represent nodes in the ke lt" sectionFormat="of" derivedContent="RFC9227"/>.
y tree for the initiator and responder correspondently. The keys SK_ei and SK_er are transform keys (see <xref target="RFC9227
The leaf keys K3i and K3r are effectively message protection keys (K_m " sectionFormat="of" section="4.4" format="default" derivedLink="https://rfc-edi
sg in terms of <xref target="RFC9227" />). tor.org/rfc/rfc9227#section-4.4" derivedContent="RFC9227"/>),
MGM nonces (also known as Initial Counter Nonces) are defined in Secti and the keys K1i, K2i, K3i, K1r, K2r, and K3r represent nodes in the k
on 4.3 of <xref target="RFC9227" />. ey tree for the initiator and responder correspondently.
IV format is defined in Section 4.2 of <xref target="RFC9227" /> and A The leaf keys K3i and K3r are effectively message protection keys (K_m
AD format is defined in Section 4.7 of <xref target="RFC9227" />. sg in terms of <xref target="RFC9227" format="default" sectionFormat="of" derive
</t> dContent="RFC9227"/>).
MGM nonces (also known as Initial Counter Nonces) are defined in <xref
<t> All other keys and entities used in the test vectors are defined i target="RFC9227" sectionFormat="of" section="4.3" format="default" derivedLink=
n <xref target="RFC7296" />. "https://rfc-editor.org/rfc/rfc9227#section-4.3" derivedContent="RFC9227"/>.
</t> The Initialization Vector (IV) format is defined in <xref target="RFC9227" secti
onFormat="of" section="4.2" format="default" derivedLink="https://rfc-editor.org
<section title="Scenario 1" anchor="scenario1"> /rfc/rfc9227#section-4.2" derivedContent="RFC9227"/>, and the Additional Authent
icated Data (AAD) format is defined in <xref target="RFC9227" sectionFormat="of"
<t> With this scenario peers establish, rekey and delete IKE SA and section="4.7" format="default" derivedLink="https://rfc-editor.org/rfc/rfc9227#
ESP SAs using the following prerequisites:</t> section-4.7" derivedContent="RFC9227"/>.
<ul> </t>
<li> Peers authenticate each other using preshared key </li> <t indent="0" pn="section-appendix.a-4"> All other keys and entities used
<li> Initiator's ID is "IKE-Initiator" of type ID_FQDN </li> in the test vectors are defined in <xref target="RFC7296" format="default" secti
<li> Responder's ID is "IKE-Responder" of type ID_FQDN </li> onFormat="of" derivedContent="RFC7296"/>.
<li> No NAT is present between the peers </li> </t>
<li> IKE fragmentation is not used </li> <section anchor="scenario1" numbered="true" removeInRFC="false" toc="inclu
<li> IKE SA is created with the following transforms: de" pn="section-appendix.a.1">
<ul> <name slugifiedName="name-scenario-1">Scenario 1</name>
<li> ENCR_KUZNYECHIK_MGM_KTREE </li> <t indent="0" pn="section-appendix.a.1-1"> In this scenario, peers estab
<li> PRF_HMAC_STREEBOG_512 </li> lish, rekey, and delete an IKE SA and ESP SAs using the following prerequisites:
<li> GOST3410_2012_512 </li> </t>
</ul> <ul bare="false" empty="false" indent="3" spacing="normal" pn="section-a
</li> ppendix.a.1-2">
<li> ESP SAs are created with the following transforms: <li pn="section-appendix.a.1-2.1"> Peers authenticate each other using
<ul> a Pre-Shared Key (PSK). </li>
<li> ENCR_KUZNYECHIK_MGM_KTREE </li> <li pn="section-appendix.a.1-2.2"> Initiator's ID is "IKE-Initiator" o
<li> ESN off </li> f type ID_FQDN. </li>
</ul> <li pn="section-appendix.a.1-2.3"> Responder's ID is "IKE-Responder" o
</li> f type ID_FQDN. </li>
<li pn="section-appendix.a.1-2.4"> No NAT is present between the peers
. </li>
<li pn="section-appendix.a.1-2.5"> IKE fragmentation is not used. </li
>
<li pn="section-appendix.a.1-2.6">
<t indent="0" pn="section-appendix.a.1-2.6.1"> IKE SA is created wit
h the following transforms:
</t>
<ul bare="false" empty="false" indent="3" spacing="normal" pn="secti
on-appendix.a.1-2.6.2">
<li pn="section-appendix.a.1-2.6.2.1"> ENCR_KUZNYECHIK_MGM_KTREE <
/li>
<li pn="section-appendix.a.1-2.6.2.2"> PRF_HMAC_STREEBOG_512 </li>
<li pn="section-appendix.a.1-2.6.2.3"> GOST3410_2012_512 </li>
</ul> </ul>
</li>
<t> The 256-bit preshared key (PSK) used for authentication: <li pn="section-appendix.a.1-2.7">
<t indent="0" pn="section-appendix.a.1-2.7.1"> ESP SAs are created w
ith the following transforms:
</t> </t>
<ul bare="false" empty="false" indent="3" spacing="normal" pn="secti
<sourcecode type="test-vectors"> on-appendix.a.1-2.7.2">
<![CDATA[ <li pn="section-appendix.a.1-2.7.2.1"> ENCR_KUZNYECHIK_MGM_KTREE <
/li>
<li pn="section-appendix.a.1-2.7.2.2"> ESN off </li>
</ul>
</li>
</ul>
<t indent="0" pn="section-appendix.a.1-3"> The 256-bit PSK used for auth
entication:
</t>
<sourcecode type="test-vectors" markers="false" pn="section-appendix.a.1
-4">
00000000: e2 69 24 cf 15 32 93 47 3a 11 a4 97 a8 a4 5c b3 00000000: e2 69 24 cf 15 32 93 47 3a 11 a4 97 a8 a4 5c b3
00000010: 4e 28 31 ef 0e 28 bb 77 69 69 c6 3c 68 bf e1 0d 00000010: 4e 28 31 ef 0e 28 bb 77 69 69 c6 3c 68 bf e1 0d
]]> </sourcecode>
</sourcecode> <t indent="0" pn="section-appendix.a.1-5">This scenario includes four su
b-scenarios, which are described below.</t>
<t> This scenario includes four sub-scenarios. <section anchor="scenario1-1" numbered="true" removeInRFC="false" toc="i
</t> nclude" pn="section-appendix.a.1.1">
<name slugifiedName="name-sub-scenario-1-establishmen">Sub-Scenario 1:
<ol group="scenario1" type="Sub-scenario %d:"> Establishment of IKE and ESP SAs Using the IKE_SA_INIT and the IKE_AUTH Exchang
<li> Establishing of IKE and ESP SAs using the IKE_SA_INIT and the es
IKE_AUTH exchanges. </name>
<sourcecode type="test-vectors"> <artwork name="" type="" align="left" pn="section-appendix.a.1.1-1">
<![CDATA[
Initiator Responder Initiator Responder
HDR, SAi1, KEi, Ni [,N+] ---> HDR, SAi1, KEi, Ni [,N+] ---&gt;
<--- HDR, SAr1, KEr, Nr [,N+] &lt;--- HDR, SAr1, KEr, Nr [,N+]
HDR, SK {IDi, [IDr,] [N+,] HDR, SK {IDi, [IDr,] [N+,]
AUTH, SAi2, TSi, TSr} ---> AUTH, SAi2, TSi, TSr} ---&gt;
<--- HDR, SK {IDr, [N+,] &lt;--- HDR, SK {IDr, [N+,]
AUTH, SAr2, TSi, TSr} AUTH, SAr2, TSi, TSr}
]]> </artwork>
</sourcecode> <t indent="0" pn="section-appendix.a.1.1-2">Initiator's actions:</t>
</li> <ol start="1" type="(%d)" group="data1.txt" indent="adaptive" spacing=
</ol> "normal" pn="section-appendix.a.1.1-3">
<li pn="section-appendix.a.1.1-3.1" derivedCounter="(1)">
<t>Initiator's actions:</t> <t indent="0" pn="section-appendix.a.1.1-3.1.1">
<ol start="1" type="(%d)" group="data1.txt">
<li>
Generates random SPIi for IKE SA Generates random SPIi for IKE SA
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-3.1.2">
00000000: e9 d3 f3 78 19 1c 38 40 00000000: e9 d3 f3 78 19 1c 38 40
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-3.2" derivedCounter="(2)">
<t indent="0" pn="section-appendix.a.1.1-3.2.1">
Generates random IKE nonce Ni Generates random IKE nonce Ni
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-3.2.2">
00000000: 48 b6 d3 b3 ab 56 f2 c8 f0 42 d5 16 e7 21 d9 31 00000000: 48 b6 d3 b3 ab 56 f2 c8 f0 42 d5 16 e7 21 d9 31
00000010: f9 ac 10 f9 7f 80 8c 51 2b d6 f4 59 93 a7 4d 13 00000010: f9 ac 10 f9 7f 80 8c 51 2b d6 f4 59 93 a7 4d 13
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-3.3" derivedCounter="(3)">
<t indent="0" pn="section-appendix.a.1.1-3.3.1">
Generates ephemeral private key Generates ephemeral private key
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-3.3.2">
00000000: 95 07 3a 04 dc db ce 77 f5 5e 4f fe 97 0c cd 6f 00000000: 95 07 3a 04 dc db ce 77 f5 5e 4f fe 97 0c cd 6f
00000010: 0a e0 b5 c6 53 bd a0 da 47 fc 03 b5 8a e1 d5 1d 00000010: 0a e0 b5 c6 53 bd a0 da 47 fc 03 b5 8a e1 d5 1d
00000020: 89 e6 c0 db dc b1 ea 74 59 1f 1d 0c 9f 3f 4f dc 00000020: 89 e6 c0 db dc b1 ea 74 59 1f 1d 0c 9f 3f 4f dc
00000030: 10 d5 c9 cc a4 34 9c 3d 3e 6b dd 57 c5 d6 c9 01 00000030: 10 d5 c9 cc a4 34 9c 3d 3e 6b dd 57 c5 d6 c9 01
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-3.4" derivedCounter="(4)">
<t indent="0" pn="section-appendix.a.1.1-3.4.1">
Computes public key Computes public key
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-3.4.2">
00000000: 96 1b 9b 21 4f 7e e9 83 ec 27 a0 64 0c 77 4f be 00000000: 96 1b 9b 21 4f 7e e9 83 ec 27 a0 64 0c 77 4f be
00000010: 78 31 be fd 1e 63 7d 6e 76 eb 2f 81 23 80 62 87 00000010: 78 31 be fd 1e 63 7d 6e 76 eb 2f 81 23 80 62 87
00000020: ba 2c f7 31 a2 70 b7 3e 8a 1d 91 93 72 cf 61 c8 00000020: ba 2c f7 31 a2 70 b7 3e 8a 1d 91 93 72 cf 61 c8
00000030: d3 18 f6 bc f7 a0 44 c8 11 a7 fe d2 99 ea 8b 4d 00000030: d3 18 f6 bc f7 a0 44 c8 11 a7 fe d2 99 ea 8b 4d
00000040: 59 fa a7 38 ae 03 48 d2 aa f7 ff 11 e0 60 29 dd 00000040: 59 fa a7 38 ae 03 48 d2 aa f7 ff 11 e0 60 29 dd
00000050: 16 59 58 78 8e 3b e2 b5 48 36 3c ca 07 1a 5d be 00000050: 16 59 58 78 8e 3b e2 b5 48 36 3c ca 07 1a 5d be
00000060: a7 42 79 81 74 22 6f 53 15 d2 c2 f6 06 d4 0f ed 00000060: a7 42 79 81 74 22 6f 53 15 d2 c2 f6 06 d4 0f ed
00000070: 70 f0 1c cf 89 2e ac 3c fe 01 02 91 85 06 7b d4 00000070: 70 f0 1c cf 89 2e ac 3c fe 01 02 91 85 06 7b d4
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-3.5" derivedCounter="(5)">
<t indent="0" pn="section-appendix.a.1.1-3.5.1">
Creates message Creates message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-3.5.2">
IKE SA Init IKE SA Init
E9D3F378191C3840.0000000000000000.00000000 IKEv2 R<-I[316] E9D3F378191C3840.0000000000000000.00000000 IKEv2 R&lt;-I[316]
SA[52]{ SA[52]{
P[48](#1:IKE::5#){ P[48](#1:IKE::5#){
Encryption=ENCR_KUZNYECHIK_MGM_KTREE, Encryption=ENCR_KUZNYECHIK_MGM_KTREE,
ENCR_MAGMA_MGM_KTREE, ENCR_MAGMA_MGM_KTREE,
PRF=PRF_HMAC_STREEBOG_512, PRF=PRF_HMAC_STREEBOG_512,
KE=GOST3410_2012_512, KE=GOST3410_2012_512,
GOST3410_2012_256}}, GOST3410_2012_256}},
KE[136](GOST3410_2012_512){961B9B...067BD4}, KE[136](GOST3410_2012_512){961B9B...067BD4},
NONCE[36]{48B6D3...A74D13}, NONCE[36]{48B6D3...A74D13},
N[28](NAT_DETECTION_SOURCE_IP){92B291...F4E2BF}, N[28](NAT_DETECTION_SOURCE_IP){92B291...F4E2BF},
N[28](NAT_DETECTION_DESTINATION_IP){77E199...98A613}, N[28](NAT_DETECTION_DESTINATION_IP){77E199...98A613},
N[8](IKEV2_FRAGMENTATION_SUPPORTED) N[8](IKEV2_FRAGMENTATION_SUPPORTED)
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-3.6" derivedCounter="(6)">
Sends message, peer receives message<sourcecode type="test-vectors"> <t indent="0" pn="section-appendix.a.1.1-3.6.1">
<![CDATA[ Sends message, peer receives message</t>
10.111.10.171:54294->10.111.15.45:500 [316] <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-3.6.2">
10.111.10.171:54294-&gt;10.111.15.45:500 [316]
00000000: e9 d3 f3 78 19 1c 38 40 00 00 00 00 00 00 00 00 00000000: e9 d3 f3 78 19 1c 38 40 00 00 00 00 00 00 00 00
00000010: 21 20 22 08 00 00 00 00 00 00 01 3c 22 00 00 34 00000010: 21 20 22 08 00 00 00 00 00 00 01 3c 22 00 00 34
00000020: 00 00 00 30 01 01 00 05 03 00 00 08 01 00 00 20 00000020: 00 00 00 30 01 01 00 05 03 00 00 08 01 00 00 20
00000030: 03 00 00 08 01 00 00 21 03 00 00 08 02 00 00 09 00000030: 03 00 00 08 01 00 00 21 03 00 00 08 02 00 00 09
00000040: 03 00 00 08 04 00 00 22 00 00 00 08 04 00 00 21 00000040: 03 00 00 08 04 00 00 22 00 00 00 08 04 00 00 21
00000050: 28 00 00 88 00 22 00 00 96 1b 9b 21 4f 7e e9 83 00000050: 28 00 00 88 00 22 00 00 96 1b 9b 21 4f 7e e9 83
00000060: ec 27 a0 64 0c 77 4f be 78 31 be fd 1e 63 7d 6e 00000060: ec 27 a0 64 0c 77 4f be 78 31 be fd 1e 63 7d 6e
00000070: 76 eb 2f 81 23 80 62 87 ba 2c f7 31 a2 70 b7 3e 00000070: 76 eb 2f 81 23 80 62 87 ba 2c f7 31 a2 70 b7 3e
00000080: 8a 1d 91 93 72 cf 61 c8 d3 18 f6 bc f7 a0 44 c8 00000080: 8a 1d 91 93 72 cf 61 c8 d3 18 f6 bc f7 a0 44 c8
skipping to change at line 573 skipping to change at line 903
000000A0: aa f7 ff 11 e0 60 29 dd 16 59 58 78 8e 3b e2 b5 000000A0: aa f7 ff 11 e0 60 29 dd 16 59 58 78 8e 3b e2 b5
000000B0: 48 36 3c ca 07 1a 5d be a7 42 79 81 74 22 6f 53 000000B0: 48 36 3c ca 07 1a 5d be a7 42 79 81 74 22 6f 53
000000C0: 15 d2 c2 f6 06 d4 0f ed 70 f0 1c cf 89 2e ac 3c 000000C0: 15 d2 c2 f6 06 d4 0f ed 70 f0 1c cf 89 2e ac 3c
000000D0: fe 01 02 91 85 06 7b d4 29 00 00 24 48 b6 d3 b3 000000D0: fe 01 02 91 85 06 7b d4 29 00 00 24 48 b6 d3 b3
000000E0: ab 56 f2 c8 f0 42 d5 16 e7 21 d9 31 f9 ac 10 f9 000000E0: ab 56 f2 c8 f0 42 d5 16 e7 21 d9 31 f9 ac 10 f9
000000F0: 7f 80 8c 51 2b d6 f4 59 93 a7 4d 13 29 00 00 1c 000000F0: 7f 80 8c 51 2b d6 f4 59 93 a7 4d 13 29 00 00 1c
00000100: 00 00 40 04 92 b2 91 d3 9b 53 51 c8 33 c2 1f 2e 00000100: 00 00 40 04 92 b2 91 d3 9b 53 51 c8 33 c2 1f 2e
00000110: 92 ef 24 88 ef f4 e2 bf 29 00 00 1c 00 00 40 05 00000110: 92 ef 24 88 ef f4 e2 bf 29 00 00 1c 00 00 40 05
00000120: 77 e1 99 fe 3b 7e 33 42 b5 af ad 51 cf 97 91 4b 00000120: 77 e1 99 fe 3b 7e 33 42 b5 af ad 51 cf 97 91 4b
00000130: 08 98 a6 13 00 00 00 08 00 00 40 2e 00000130: 08 98 a6 13 00 00 00 08 00 00 40 2e
]]>
</sourcecode> </sourcecode>
</li> </li>
</ol> </ol>
<t>Responder's actions:</t> <t indent="0" pn="section-appendix.a.1.1-4">Responder's actions:</t>
<ol type="(%d)" group="data1.txt"> <ol type="(%d)" group="data1.txt" start="7" indent="adaptive" spacing=
<li> "normal" pn="section-appendix.a.1.1-5">
<li pn="section-appendix.a.1.1-5.1" derivedCounter="(7)">
<t indent="0" pn="section-appendix.a.1.1-5.1.1">
Parses received message Parses received message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-5.1.2">
IKE SA Init IKE SA Init
E9D3F378191C3840.0000000000000000.00000000 IKEv2 I->R[316] E9D3F378191C3840.0000000000000000.00000000 IKEv2 I-&gt;R[316]
SA[52]{ SA[52]{
P[48](#1:IKE::5#){ P[48](#1:IKE::5#){
Encryption=ENCR_KUZNYECHIK_MGM_KTREE, Encryption=ENCR_KUZNYECHIK_MGM_KTREE,
ENCR_MAGMA_MGM_KTREE, ENCR_MAGMA_MGM_KTREE,
PRF=PRF_HMAC_STREEBOG_512, PRF=PRF_HMAC_STREEBOG_512,
KE=GOST3410_2012_512, KE=GOST3410_2012_512,
GOST3410_2012_256}}, GOST3410_2012_256}},
KE[136](GOST3410_2012_512){961B9B...067BD4}, KE[136](GOST3410_2012_512){961B9B...067BD4},
NONCE[36]{48B6D3...A74D13}, NONCE[36]{48B6D3...A74D13},
N[28](NAT_DETECTION_SOURCE_IP){92B291...F4E2BF}, N[28](NAT_DETECTION_SOURCE_IP){92B291...F4E2BF},
N[28](NAT_DETECTION_DESTINATION_IP){77E199...98A613}, N[28](NAT_DETECTION_DESTINATION_IP){77E199...98A613},
N[8](IKEV2_FRAGMENTATION_SUPPORTED) N[8](IKEV2_FRAGMENTATION_SUPPORTED)
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-5.2" derivedCounter="(8)">
<t indent="0" pn="section-appendix.a.1.1-5.2.1">
Generates random SPIr for IKE SA Generates random SPIr for IKE SA
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-5.2.2">
00000000: 8d df f4 01 fb fb 0b 14 00000000: 8d df f4 01 fb fb 0b 14
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-5.3" derivedCounter="(9)">
<t indent="0" pn="section-appendix.a.1.1-5.3.1">
Generates random IKE nonce Nr Generates random IKE nonce Nr
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-5.3.2">
00000000: fb 81 c8 80 e5 f0 35 60 99 ef 46 b2 72 44 95 0f 00000000: fb 81 c8 80 e5 f0 35 60 99 ef 46 b2 72 44 95 0f
00000010: 03 85 f4 73 92 67 b7 68 43 8f 90 69 16 fe 63 f0 00000010: 03 85 f4 73 92 67 b7 68 43 8f 90 69 16 fe 63 f0
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-5.4" derivedCounter="(10)">
<t indent="0" pn="section-appendix.a.1.1-5.4.1">
Generates ephemeral private key Generates ephemeral private key
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-5.4.2">
00000000: 7f 49 e3 77 39 db 03 cc fe fe c9 63 17 71 e9 f1 00000000: 7f 49 e3 77 39 db 03 cc fe fe c9 63 17 71 e9 f1
00000010: 50 4b 98 79 b3 df 3b 48 bd f3 89 72 52 07 47 4f 00000010: 50 4b 98 79 b3 df 3b 48 bd f3 89 72 52 07 47 4f
00000020: 70 29 f8 39 63 2c 89 b6 92 39 18 27 9c fb 80 f5 00000020: 70 29 f8 39 63 2c 89 b6 92 39 18 27 9c fb 80 f5
00000030: 43 af 8b 9c 68 bb 93 22 1e 18 7d c2 1b dc e1 22 00000030: 43 af 8b 9c 68 bb 93 22 1e 18 7d c2 1b dc e1 22
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-5.5" derivedCounter="(11)">
<t indent="0" pn="section-appendix.a.1.1-5.5.1">
Computes public key Computes public key
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-5.5.2">
00000000: ad b4 e4 db b9 af 28 59 ab 76 4d 30 fd d4 7a f3 00000000: ad b4 e4 db b9 af 28 59 ab 76 4d 30 fd d4 7a f3
00000010: 5f 8c cb 85 8c cc ca 30 5e 4a 9d 20 52 32 48 88 00000010: 5f 8c cb 85 8c cc ca 30 5e 4a 9d 20 52 32 48 88
00000020: 69 81 48 5e ae db 1e 8c 0d 8d db 12 3e f5 ef 1d 00000020: 69 81 48 5e ae db 1e 8c 0d 8d db 12 3e f5 ef 1d
00000030: 7f e8 83 39 7f e6 5d 6e 51 ca 9e ee f5 b6 ba 02 00000030: 7f e8 83 39 7f e6 5d 6e 51 ca 9e ee f5 b6 ba 02
00000040: db 10 87 47 ba 38 b3 17 95 60 6d a3 81 15 5c 3d 00000040: db 10 87 47 ba 38 b3 17 95 60 6d a3 81 15 5c 3d
00000050: 6b 86 d3 59 2f 5f 74 14 17 a9 64 20 3d 05 12 08 00000050: 6b 86 d3 59 2f 5f 74 14 17 a9 64 20 3d 05 12 08
00000060: 02 75 15 ac ff 08 7c aa 82 1d f6 89 6c f4 33 e0 00000060: 02 75 15 ac ff 08 7c aa 82 1d f6 89 6c f4 33 e0
00000070: 01 4e 11 68 73 7e e3 e9 c6 88 ce 90 9b 39 05 48 00000070: 01 4e 11 68 73 7e e3 e9 c6 88 ce 90 9b 39 05 48
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-5.6" derivedCounter="(12)">
<t indent="0" pn="section-appendix.a.1.1-5.6.1">
Creates message Creates message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-5.6.2">
IKE SA Init IKE SA Init
E9D3F378191C3840.8DDFF401FBFB0B14.00000000 IKEv2 I<=R[300] E9D3F378191C3840.8DDFF401FBFB0B14.00000000 IKEv2 I&lt;=R[300]
SA[36]{ SA[36]{
P[32](#1:IKE::3#){ P[32](#1:IKE::3#){
Encryption=ENCR_KUZNYECHIK_MGM_KTREE, Encryption=ENCR_KUZNYECHIK_MGM_KTREE,
PRF=PRF_HMAC_STREEBOG_512, PRF=PRF_HMAC_STREEBOG_512,
KE=GOST3410_2012_512}}, KE=GOST3410_2012_512}},
KE[136](GOST3410_2012_512){ADB4E4...390548}, KE[136](GOST3410_2012_512){ADB4E4...390548},
NONCE[36]{FB81C8...FE63F0}, NONCE[36]{FB81C8...FE63F0},
N[28](NAT_DETECTION_SOURCE_IP){6D7A48...683D59}, N[28](NAT_DETECTION_SOURCE_IP){6D7A48...683D59},
N[28](NAT_DETECTION_DESTINATION_IP){481A5B...905499}, N[28](NAT_DETECTION_DESTINATION_IP){481A5B...905499},
N[8](IKEV2_FRAGMENTATION_SUPPORTED) N[8](IKEV2_FRAGMENTATION_SUPPORTED)
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-5.7" derivedCounter="(13)">
Sends message, peer receives message<sourcecode type="test-vectors"> <t indent="0" pn="section-appendix.a.1.1-5.7.1">
<![CDATA[ Sends message, peer receives message</t>
10.111.10.171:54294<-10.111.15.45:500 [300] <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-5.7.2">
10.111.10.171:54294&lt;-10.111.15.45:500 [300]
00000000: e9 d3 f3 78 19 1c 38 40 8d df f4 01 fb fb 0b 14 00000000: e9 d3 f3 78 19 1c 38 40 8d df f4 01 fb fb 0b 14
00000010: 21 20 22 20 00 00 00 00 00 00 01 2c 22 00 00 24 00000010: 21 20 22 20 00 00 00 00 00 00 01 2c 22 00 00 24
00000020: 00 00 00 20 01 01 00 03 03 00 00 08 01 00 00 20 00000020: 00 00 00 20 01 01 00 03 03 00 00 08 01 00 00 20
00000030: 03 00 00 08 02 00 00 09 00 00 00 08 04 00 00 22 00000030: 03 00 00 08 02 00 00 09 00 00 00 08 04 00 00 22
00000040: 28 00 00 88 00 22 00 00 ad b4 e4 db b9 af 28 59 00000040: 28 00 00 88 00 22 00 00 ad b4 e4 db b9 af 28 59
00000050: ab 76 4d 30 fd d4 7a f3 5f 8c cb 85 8c cc ca 30 00000050: ab 76 4d 30 fd d4 7a f3 5f 8c cb 85 8c cc ca 30
00000060: 5e 4a 9d 20 52 32 48 88 69 81 48 5e ae db 1e 8c 00000060: 5e 4a 9d 20 52 32 48 88 69 81 48 5e ae db 1e 8c
00000070: 0d 8d db 12 3e f5 ef 1d 7f e8 83 39 7f e6 5d 6e 00000070: 0d 8d db 12 3e f5 ef 1d 7f e8 83 39 7f e6 5d 6e
00000080: 51 ca 9e ee f5 b6 ba 02 db 10 87 47 ba 38 b3 17 00000080: 51 ca 9e ee f5 b6 ba 02 db 10 87 47 ba 38 b3 17
00000090: 95 60 6d a3 81 15 5c 3d 6b 86 d3 59 2f 5f 74 14 00000090: 95 60 6d a3 81 15 5c 3d 6b 86 d3 59 2f 5f 74 14
000000A0: 17 a9 64 20 3d 05 12 08 02 75 15 ac ff 08 7c aa 000000A0: 17 a9 64 20 3d 05 12 08 02 75 15 ac ff 08 7c aa
000000B0: 82 1d f6 89 6c f4 33 e0 01 4e 11 68 73 7e e3 e9 000000B0: 82 1d f6 89 6c f4 33 e0 01 4e 11 68 73 7e e3 e9
000000C0: c6 88 ce 90 9b 39 05 48 29 00 00 24 fb 81 c8 80 000000C0: c6 88 ce 90 9b 39 05 48 29 00 00 24 fb 81 c8 80
000000D0: e5 f0 35 60 99 ef 46 b2 72 44 95 0f 03 85 f4 73 000000D0: e5 f0 35 60 99 ef 46 b2 72 44 95 0f 03 85 f4 73
000000E0: 92 67 b7 68 43 8f 90 69 16 fe 63 f0 29 00 00 1c 000000E0: 92 67 b7 68 43 8f 90 69 16 fe 63 f0 29 00 00 1c
000000F0: 00 00 40 04 6d 7a 48 7a 9d ce 80 6f b0 09 4b f7 000000F0: 00 00 40 04 6d 7a 48 7a 9d ce 80 6f b0 09 4b f7
00000100: 8d fd ec eb 2e 68 3d 59 29 00 00 1c 00 00 40 05 00000100: 8d fd ec eb 2e 68 3d 59 29 00 00 1c 00 00 40 05
00000110: 48 1a 5b 15 12 e4 26 a3 8d 88 8b 65 8e 17 b3 f1 00000110: 48 1a 5b 15 12 e4 26 a3 8d 88 8b 65 8e 17 b3 f1
00000120: 38 90 54 99 00 00 00 08 00 00 40 2e 00000120: 38 90 54 99 00 00 00 08 00 00 40 2e
]]>
</sourcecode> </sourcecode>
</li> </li>
</ol> </ol>
<t>Initiator's actions:</t> <t indent="0" pn="section-appendix.a.1.1-6">Initiator's actions:</t>
<ol type="(%d)" group="data1.txt"> <ol type="(%d)" group="data1.txt" start="14" indent="adaptive" spacing
<li> ="normal" pn="section-appendix.a.1.1-7">
<li pn="section-appendix.a.1.1-7.1" derivedCounter="(14)">
<t indent="0" pn="section-appendix.a.1.1-7.1.1">
Parses received message Parses received message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-7.1.2">
IKE SA Init IKE SA Init
E9D3F378191C3840.8DDFF401FBFB0B14.00000000 IKEv2 R=>I[300] E9D3F378191C3840.8DDFF401FBFB0B14.00000000 IKEv2 R=&gt;I[300]
SA[36]{ SA[36]{
P[32](#1:IKE::3#){ P[32](#1:IKE::3#){
Encryption=ENCR_KUZNYECHIK_MGM_KTREE, Encryption=ENCR_KUZNYECHIK_MGM_KTREE,
PRF=PRF_HMAC_STREEBOG_512, PRF=PRF_HMAC_STREEBOG_512,
KE=GOST3410_2012_512}}, KE=GOST3410_2012_512}},
KE[136](GOST3410_2012_512){ADB4E4...390548}, KE[136](GOST3410_2012_512){ADB4E4...390548},
NONCE[36]{FB81C8...FE63F0}, NONCE[36]{FB81C8...FE63F0},
N[28](NAT_DETECTION_SOURCE_IP){6D7A48...683D59}, N[28](NAT_DETECTION_SOURCE_IP){6D7A48...683D59},
N[28](NAT_DETECTION_DESTINATION_IP){481A5B...905499}, N[28](NAT_DETECTION_DESTINATION_IP){481A5B...905499},
N[8](IKEV2_FRAGMENTATION_SUPPORTED) N[8](IKEV2_FRAGMENTATION_SUPPORTED)
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-7.2" derivedCounter="(15)">
<t indent="0" pn="section-appendix.a.1.1-7.2.1">
Computes shared key Computes shared key
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-7.2.2">
00000000: a2 43 6c bd 2d c1 0f 81 0d f7 6f 24 ae 78 70 f2 00000000: a2 43 6c bd 2d c1 0f 81 0d f7 6f 24 ae 78 70 f2
00000010: 27 5d 1b dc c5 52 0e d8 53 e5 c5 43 98 f7 35 ce 00000010: 27 5d 1b dc c5 52 0e d8 53 e5 c5 43 98 f7 35 ce
00000020: 32 70 89 2b 8e 89 0b 7d b3 98 77 cd bd 31 5d 18 00000020: 32 70 89 2b 8e 89 0b 7d b3 98 77 cd bd 31 5d 18
00000030: 10 5d 8b ac 16 f0 aa fd bc dc 7c 69 75 14 48 a8 00000030: 10 5d 8b ac 16 f0 aa fd bc dc 7c 69 75 14 48 a8
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-7.3" derivedCounter="(16)">
<t indent="0" pn="section-appendix.a.1.1-7.3.1">
Computes SKEYSEED Computes SKEYSEED
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-7.3.2">
00000000: fc 7b d9 80 4b 15 00 60 d2 08 17 3a 08 4b a9 2a 00000000: fc 7b d9 80 4b 15 00 60 d2 08 17 3a 08 4b a9 2a
00000010: 0f 01 cb c3 ef e9 b5 aa 15 5b 0e 80 24 68 3c 4c 00000010: 0f 01 cb c3 ef e9 b5 aa 15 5b 0e 80 24 68 3c 4c
00000020: 6c fb e9 c8 16 7d 54 2d 48 ee 61 71 01 68 ca 68 00000020: 6c fb e9 c8 16 7d 54 2d 48 ee 61 71 01 68 ca 68
00000030: 4f 7c b0 1b 61 29 20 9a 68 88 5b 3f d7 19 0b d0 00000030: 4f 7c b0 1b 61 29 20 9a 68 88 5b 3f d7 19 0b d0
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-7.4" derivedCounter="(17)">
<t indent="0" pn="section-appendix.a.1.1-7.4.1">
Computes SK_d Computes SK_d
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-7.4.2">
00000000: 6b 2b 83 d7 a9 10 5f f4 27 e8 05 86 b7 f0 09 31 00000000: 6b 2b 83 d7 a9 10 5f f4 27 e8 05 86 b7 f0 09 31
00000010: 16 43 81 ae 88 7a 3f c9 65 30 73 00 e5 82 81 52 00000010: 16 43 81 ae 88 7a 3f c9 65 30 73 00 e5 82 81 52
00000020: 68 07 ba e5 39 ef 6e a7 75 db 2c c9 1c d3 4b 70 00000020: 68 07 ba e5 39 ef 6e a7 75 db 2c c9 1c d3 4b 70
00000030: e0 be 97 14 81 bb 0c 80 ef b3 6e 12 2a 08 74 36 00000030: e0 be 97 14 81 bb 0c 80 ef b3 6e 12 2a 08 74 36
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-7.5" derivedCounter="(18)">
<t indent="0" pn="section-appendix.a.1.1-7.5.1">
Computes SK_ei Computes SK_ei
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-7.5.2">
00000000: 8c 6d f1 8f 6a ff 9f 1b 3e be 40 ef e2 64 c2 bf 00000000: 8c 6d f1 8f 6a ff 9f 1b 3e be 40 ef e2 64 c2 bf
00000010: 8e 6e d7 4c b5 8b 0a 74 a7 30 0c 21 7e 66 c7 d4 00000010: 8e 6e d7 4c b5 8b 0a 74 a7 30 0c 21 7e 66 c7 d4
00000020: 83 00 37 c3 08 01 7e c3 0a 71 62 01 00000020: 83 00 37 c3 08 01 7e c3 0a 71 62 01
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-7.6" derivedCounter="(19)">
<t indent="0" pn="section-appendix.a.1.1-7.6.1">
Computes SK_er Computes SK_er
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-7.6.2">
00000000: df e8 7d 5f 9c da 5e 45 b8 b9 11 02 63 6c 08 47 00000000: df e8 7d 5f 9c da 5e 45 b8 b9 11 02 63 6c 08 47
00000010: f6 4f c5 5d 6a 7b 4b 91 52 32 0a a2 5e c0 31 34 00000010: f6 4f c5 5d 6a 7b 4b 91 52 32 0a a2 5e c0 31 34
00000020: 65 20 72 e7 0a 1e ff 7d da ba 17 31 00000020: 65 20 72 e7 0a 1e ff 7d da ba 17 31
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-7.7" derivedCounter="(20)">
<t indent="0" pn="section-appendix.a.1.1-7.7.1">
Computes SK_pi Computes SK_pi
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-7.7.2">
00000000: 93 11 c6 4c d7 12 b5 40 f9 e8 7e 73 c5 28 a7 d8 00000000: 93 11 c6 4c d7 12 b5 40 f9 e8 7e 73 c5 28 a7 d8
00000010: 89 48 1c f1 bf a3 ad 67 cf b4 d9 6a 9b fe 3c ea 00000010: 89 48 1c f1 bf a3 ad 67 cf b4 d9 6a 9b fe 3c ea
00000020: 2f cc 2a 5e d4 e4 0b 27 7f be c9 9d c3 8d b7 68 00000020: 2f cc 2a 5e d4 e4 0b 27 7f be c9 9d c3 8d b7 68
00000030: 03 c1 f3 f8 94 af 47 8b d8 35 b8 6b c2 ca 38 16 00000030: 03 c1 f3 f8 94 af 47 8b d8 35 b8 6b c2 ca 38 16
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-7.8" derivedCounter="(21)">
<t indent="0" pn="section-appendix.a.1.1-7.8.1">
Computes SK_pr Computes SK_pr
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-7.8.2">
00000000: 7b b0 4b 24 74 9c 73 68 7f 34 a3 b8 17 6b 9e 30 00000000: 7b b0 4b 24 74 9c 73 68 7f 34 a3 b8 17 6b 9e 30
00000010: f2 eb 33 73 23 ff 49 1e e3 07 e7 9f 77 b6 2a ef 00000010: f2 eb 33 73 23 ff 49 1e e3 07 e7 9f 77 b6 2a ef
00000020: 5a 5e a9 02 8e 90 5c 83 49 ec 1e aa a4 05 bc e1 00000020: 5a 5e a9 02 8e 90 5c 83 49 ec 1e aa a4 05 bc e1
00000030: fb c4 5b f0 27 d6 9b 41 77 6f e1 48 f3 37 99 e5 00000030: fb c4 5b f0 27 d6 9b 41 77 6f e1 48 f3 37 99 e5
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-7.9" derivedCounter="(22)">
<t indent="0" pn="section-appendix.a.1.1-7.9.1">
Computes prf(SK_pi, IDi) Computes prf(SK_pi, IDi)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-7.9.2">
00000000: 06 d3 d4 36 ab 5b 4f 41 d4 3d fc 79 1f 13 a3 89 00000000: 06 d3 d4 36 ab 5b 4f 41 d4 3d fc 79 1f 13 a3 89
00000010: e9 a6 6e d7 87 7d 72 d1 9d 71 78 2d 05 ee 47 fb 00000010: e9 a6 6e d7 87 7d 72 d1 9d 71 78 2d 05 ee 47 fb
00000020: 82 c8 8f 86 cd b5 05 1d 25 7c 1e 79 18 ef 4e 4e 00000020: 82 c8 8f 86 cd b5 05 1d 25 7c 1e 79 18 ef 4e 4e
00000030: 8d ca f4 47 12 c6 7f 6a 32 7d d8 e8 f2 8e f8 33 00000030: 8d ca f4 47 12 c6 7f 6a 32 7d d8 e8 f2 8e f8 33
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-7.10" derivedCounter="(23)">
<t indent="0" pn="section-appendix.a.1.1-7.10.1">
Uses PSK Uses PSK
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-7.10.2">
00000000: e2 69 24 cf 15 32 93 47 3a 11 a4 97 a8 a4 5c b3 00000000: e2 69 24 cf 15 32 93 47 3a 11 a4 97 a8 a4 5c b3
00000010: 4e 28 31 ef 0e 28 bb 77 69 69 c6 3c 68 bf e1 0d 00000010: 4e 28 31 ef 0e 28 bb 77 69 69 c6 3c 68 bf e1 0d
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-7.11" derivedCounter="(24)">
<t indent="0" pn="section-appendix.a.1.1-7.11.1">
Computes prf(PSK,"Key Pad for IKEv2") Computes prf(PSK,"Key Pad for IKEv2")
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-7.11.2">
00000000: 01 3c a5 24 59 4e bc 78 99 20 61 6c 3f 03 e5 2e 00000000: 01 3c a5 24 59 4e bc 78 99 20 61 6c 3f 03 e5 2e
00000010: 7a 75 2a 0b 78 36 bd 0a 89 ce 1d e7 8b 23 32 ae 00000010: 7a 75 2a 0b 78 36 bd 0a 89 ce 1d e7 8b 23 32 ae
00000020: 08 9a a0 03 1d da f6 14 8c 38 c6 bd 7c 03 13 24 00000020: 08 9a a0 03 1d da f6 14 8c 38 c6 bd 7c 03 13 24
00000030: bd af c8 ad 88 18 8f 41 d0 12 b9 e1 5a 66 8f 10 00000030: bd af c8 ad 88 18 8f 41 d0 12 b9 e1 5a 66 8f 10
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-7.12" derivedCounter="(25)">
<t indent="0" pn="section-appendix.a.1.1-7.12.1">
Computes content of AUTH payload Computes content of AUTH payload
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-7.12.2">
00000000: c9 9b 01 9a 89 ee 56 53 ab 28 25 a1 d7 51 54 ac 00000000: c9 9b 01 9a 89 ee 56 53 ab 28 25 a1 d7 51 54 ac
00000010: 01 42 fb d6 2e bc 1e f3 65 73 63 5b 16 81 4b 97 00000010: 01 42 fb d6 2e bc 1e f3 65 73 63 5b 16 81 4b 97
00000020: 38 b4 20 5d 09 d9 b4 21 b4 0c f4 55 27 80 e7 4c 00000020: 38 b4 20 5d 09 d9 b4 21 b4 0c f4 55 27 80 e7 4c
00000030: cf 66 d0 14 25 87 7c 20 84 68 d5 79 3a 74 1e e3 00000030: cf 66 d0 14 25 87 7c 20 84 68 d5 79 3a 74 1e e3
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-7.13" derivedCounter="(26)">
<t indent="0" pn="section-appendix.a.1.1-7.13.1">
Computes K1i (i1 = 0) Computes K1i (i1 = 0)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-7.13.2">
00000000: f2 ac 10 7a 1f 92 d1 b1 1b b1 74 c3 42 76 a3 3f 00000000: f2 ac 10 7a 1f 92 d1 b1 1b b1 74 c3 42 76 a3 3f
00000010: fa ea 1b 1e 81 10 c1 01 7a 25 9a 00 8d 76 57 de 00000010: fa ea 1b 1e 81 10 c1 01 7a 25 9a 00 8d 76 57 de
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-7.14" derivedCounter="(27)">
<t indent="0" pn="section-appendix.a.1.1-7.14.1">
Computes K2i (i2 = 0) Computes K2i (i2 = 0)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-7.14.2">
00000000: 77 e0 16 18 ad 76 e8 5a 66 2f 88 c4 c0 92 ec 33 00000000: 77 e0 16 18 ad 76 e8 5a 66 2f 88 c4 c0 92 ec 33
00000010: 6d 23 63 28 28 d5 77 d8 84 e1 01 b1 8d 84 a7 1d 00000010: 6d 23 63 28 28 d5 77 d8 84 e1 01 b1 8d 84 a7 1d
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-7.15" derivedCounter="(28)">
<t indent="0" pn="section-appendix.a.1.1-7.15.1">
Computes K3i (i3 = 0) Computes K3i (i3 = 0)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-7.15.2">
00000000: 36 ff fa db 84 a9 f1 21 d5 84 16 db eb af 21 a2 00000000: 36 ff fa db 84 a9 f1 21 d5 84 16 db eb af 21 a2
00000010: 12 6d 5c 35 95 fe 89 cf 27 47 52 8a b7 36 92 d4 00000010: 12 6d 5c 35 95 fe 89 cf 27 47 52 8a b7 36 92 d4
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-7.16" derivedCounter="(29)">
<t indent="0" pn="section-appendix.a.1.1-7.16.1">
Selects SPI for incoming ESP SA Selects SPI for incoming ESP SA
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-7.16.2">
00000000: 0a de 5f cd 00000000: 0a de 5f cd
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-7.17" derivedCounter="(30)">
<t indent="0" pn="section-appendix.a.1.1-7.17.1">
Creates message Creates message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-7.17.2">
IKE SA Auth IKE SA Auth
E9D3F378191C3840.8DDFF401FBFB0B14.00000001 IKEv2 R<-I[334] E9D3F378191C3840.8DDFF401FBFB0B14.00000001 IKEv2 R&lt;-I[334]
E[306]{ E[306]{
IDi[21](FQDN){"IKE-Initiator"}, IDi[21](FQDN){"IKE-Initiator"},
AUTH[72](Preshared-Key){C99B01...741EE3}, AUTH[72](Preshared-Key){C99B01...741EE3},
N[8](INITIAL_CONTACT), N[8](INITIAL_CONTACT),
N[12](SET_WINDOW_SIZE){4}, N[12](SET_WINDOW_SIZE){4},
CP[16](REQUEST){IP4.Address[0], IP4.DNS[0]}, CP[16](REQUEST){IP4.Address[0], IP4.DNS[0]},
SA[56]{ SA[56]{
P[52](#1:ESP:0ADE5FCD:5#){ P[52](#1:ESP:0ADE5FCD:5#){
Encryption=ENCR_KUZNYECHIK_MGM_KTREE, Encryption=ENCR_KUZNYECHIK_MGM_KTREE,
ENCR_MAGMA_MGM_KTREE, ENCR_MAGMA_MGM_KTREE,
ENCR_KUZNYECHIK_MGM_MAC_KTREE, ENCR_KUZNYECHIK_MGM_MAC_KTREE,
ENCR_MAGMA_MGM_MAC_KTREE, ENCR_MAGMA_MGM_MAC_KTREE,
ESN=Off}}, ESN=Off}},
TSi[40](2#){10.111.10.171:icmp:8.0, 0.0.0.0-255.255.255.255}, TSi[40](2#){10.111.10.171:icmp:8.0, 0.0.0.0-255.255.255.255},
TSr[40](2#){10.0.0.2:icmp:8.0, 10.0.0.0-10.0.0.255}, TSr[40](2#){10.0.0.2:icmp:8.0, 10.0.0.0-10.0.0.255},
N[8](ESP_TFC_PADDING_NOT_SUPPORTED), N[8](ESP_TFC_PADDING_NOT_SUPPORTED),
N[8](NON_FIRST_FRAGMENTS_ALSO)} N[8](NON_FIRST_FRAGMENTS_ALSO)}
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-7.18" derivedCounter="(31)">
<t indent="0" pn="section-appendix.a.1.1-7.18.1">
Composes MGM nonce Composes MGM nonce
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-7.18.2">
00000000: 00 00 00 00 83 00 37 c3 08 01 7e c3 0a 71 62 01 00000000: 00 00 00 00 83 00 37 c3 08 01 7e c3 0a 71 62 01
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-7.19" derivedCounter="(32)">
<t indent="0" pn="section-appendix.a.1.1-7.19.1">
Composes AAD Composes AAD
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-7.19.2">
00000000: e9 d3 f3 78 19 1c 38 40 8d df f4 01 fb fb 0b 14 00000000: e9 d3 f3 78 19 1c 38 40 8d df f4 01 fb fb 0b 14
00000010: 2e 20 23 08 00 00 00 01 00 00 01 4e 23 00 01 32 00000010: 2e 20 23 08 00 00 00 01 00 00 01 4e 23 00 01 32
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-7.20" derivedCounter="(33)">
<t indent="0" pn="section-appendix.a.1.1-7.20.1">
Composes plaintext Composes plaintext
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-7.20.2">
00000000: 27 00 00 15 02 00 00 00 49 4b 45 2d 49 6e 69 74 00000000: 27 00 00 15 02 00 00 00 49 4b 45 2d 49 6e 69 74
00000010: 69 61 74 6f 72 29 00 00 48 02 00 00 00 c9 9b 01 00000010: 69 61 74 6f 72 29 00 00 48 02 00 00 00 c9 9b 01
00000020: 9a 89 ee 56 53 ab 28 25 a1 d7 51 54 ac 01 42 fb 00000020: 9a 89 ee 56 53 ab 28 25 a1 d7 51 54 ac 01 42 fb
00000030: d6 2e bc 1e f3 65 73 63 5b 16 81 4b 97 38 b4 20 00000030: d6 2e bc 1e f3 65 73 63 5b 16 81 4b 97 38 b4 20
00000040: 5d 09 d9 b4 21 b4 0c f4 55 27 80 e7 4c cf 66 d0 00000040: 5d 09 d9 b4 21 b4 0c f4 55 27 80 e7 4c cf 66 d0
00000050: 14 25 87 7c 20 84 68 d5 79 3a 74 1e e3 29 00 00 00000050: 14 25 87 7c 20 84 68 d5 79 3a 74 1e e3 29 00 00
00000060: 08 00 00 40 00 2f 00 00 0c 00 00 40 01 00 00 00 00000060: 08 00 00 40 00 2f 00 00 0c 00 00 40 01 00 00 00
00000070: 04 21 00 00 10 01 00 00 00 00 01 00 00 00 03 00 00000070: 04 21 00 00 10 01 00 00 00 00 01 00 00 00 03 00
00000080: 00 2c 00 00 38 00 00 00 34 01 03 04 05 0a de 5f 00000080: 00 2c 00 00 38 00 00 00 34 01 03 04 05 0a de 5f
00000090: cd 03 00 00 08 01 00 00 20 03 00 00 08 01 00 00 00000090: cd 03 00 00 08 01 00 00 20 03 00 00 08 01 00 00
000000A0: 21 03 00 00 08 01 00 00 22 03 00 00 08 01 00 00 000000A0: 21 03 00 00 08 01 00 00 22 03 00 00 08 01 00 00
000000B0: 23 00 00 00 08 05 00 00 00 2d 00 00 28 02 00 00 000000B0: 23 00 00 00 08 05 00 00 00 2d 00 00 28 02 00 00
000000C0: 00 07 01 00 10 08 00 08 00 0a 6f 0a ab 0a 6f 0a 000000C0: 00 07 01 00 10 08 00 08 00 0a 6f 0a ab 0a 6f 0a
000000D0: ab 07 00 00 10 00 00 ff ff 00 00 00 00 ff ff ff 000000D0: ab 07 00 00 10 00 00 ff ff 00 00 00 00 ff ff ff
000000E0: ff 29 00 00 28 02 00 00 00 07 01 00 10 08 00 08 000000E0: ff 29 00 00 28 02 00 00 00 07 01 00 10 08 00 08
000000F0: 00 0a 00 00 02 0a 00 00 02 07 00 00 10 00 00 ff 000000F0: 00 0a 00 00 02 0a 00 00 02 07 00 00 10 00 00 ff
00000100: ff 0a 00 00 00 0a 00 00 ff 29 00 00 08 00 00 40 00000100: ff 0a 00 00 00 0a 00 00 ff 29 00 00 08 00 00 40
00000110: 0a 00 00 00 08 00 00 40 0b 00 00000110: 0a 00 00 00 08 00 00 40 0b 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-7.21" derivedCounter="(34)">
Encrypts plaintext using K3i as K_msg, resulted in ciphertext <t indent="0" pn="section-appendix.a.1.1-7.21.1">
<sourcecode type="test-vectors"> Encrypts plaintext using K3i as K_msg, resulting in ciphertext
<![CDATA[ </t>
<sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-7.21.2">
00000000: a5 7d 65 70 aa c3 ef f7 df d6 5c 58 f6 2e ea 80 00000000: a5 7d 65 70 aa c3 ef f7 df d6 5c 58 f6 2e ea 80
00000010: 82 15 dc 9d ae 42 1c f0 4c e4 cd 2a 45 f0 22 96 00000010: 82 15 dc 9d ae 42 1c f0 4c e4 cd 2a 45 f0 22 96
00000020: ea d2 06 cc 9b 59 97 9e 45 5d 27 5f b4 fd 55 6a 00000020: ea d2 06 cc 9b 59 97 9e 45 5d 27 5f b4 fd 55 6a
00000030: 90 bb 14 da df 9f 56 b0 e8 4c 89 a5 d8 f1 f6 55 00000030: 90 bb 14 da df 9f 56 b0 e8 4c 89 a5 d8 f1 f6 55
00000040: a9 f0 82 90 57 28 86 a5 bd 12 85 2f 2e 51 54 29 00000040: a9 f0 82 90 57 28 86 a5 bd 12 85 2f 2e 51 54 29
00000050: fe 04 45 a4 90 f0 f8 0e 8b e9 c7 37 05 8f 6b bb 00000050: fe 04 45 a4 90 f0 f8 0e 8b e9 c7 37 05 8f 6b bb
00000060: 36 b0 24 8a 5f a3 ca f3 7e 7d f9 8e 73 4b b0 14 00000060: 36 b0 24 8a 5f a3 ca f3 7e 7d f9 8e 73 4b b0 14
00000070: ce b0 af 63 4c 4f ea 60 f6 46 4c 61 76 7c 9f 18 00000070: ce b0 af 63 4c 4f ea 60 f6 46 4c 61 76 7c 9f 18
00000080: 0c 61 73 fa 30 9f 91 c4 22 c9 ab 61 80 5a de 8e 00000080: 0c 61 73 fa 30 9f 91 c4 22 c9 ab 61 80 5a de 8e
00000090: 06 40 36 7a 71 59 a5 ad 1c 67 25 03 9b af 2b 04 00000090: 06 40 36 7a 71 59 a5 ad 1c 67 25 03 9b af 2b 04
000000A0: 9f c1 de 51 11 7b f1 16 20 81 78 3f a8 01 d6 c8 000000A0: 9f c1 de 51 11 7b f1 16 20 81 78 3f a8 01 d6 c8
000000B0: 79 89 d9 65 3e ea 58 6d ac 48 fc 4a 9a b9 48 02 000000B0: 79 89 d9 65 3e ea 58 6d ac 48 fc 4a 9a b9 48 02
000000C0: d7 2b 01 5d 6a 2d cb 65 bb ad 99 86 e2 03 08 76 000000C0: d7 2b 01 5d 6a 2d cb 65 bb ad 99 86 e2 03 08 76
000000D0: 1b dd 7c 56 3c 49 a4 2c da 24 1f ad 54 79 f5 d8 000000D0: 1b dd 7c 56 3c 49 a4 2c da 24 1f ad 54 79 f5 d8
000000E0: 0e 52 8a 49 92 90 66 80 85 00 b7 d8 89 5f b7 f4 000000E0: 0e 52 8a 49 92 90 66 80 85 00 b7 d8 89 5f b7 f4
000000F0: 92 c1 5b ed 8a 16 00 f3 9a f8 90 4b fa 6a b2 de 000000F0: 92 c1 5b ed 8a 16 00 f3 9a f8 90 4b fa 6a b2 de
00000100: 2a 89 74 9f 99 c7 c3 57 88 5b 88 95 5c ec 46 52 00000100: 2a 89 74 9f 99 c7 c3 57 88 5b 88 95 5c ec 46 52
00000110: 04 c4 49 08 05 ab ee 1c 80 f6 00000110: 04 c4 49 08 05 ab ee 1c 80 f6
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-7.22" derivedCounter="(35)">
<t indent="0" pn="section-appendix.a.1.1-7.22.1">
Computes ICV using K3i as K_msg Computes ICV using K3i as K_msg
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-7.22.2">
00000000: 7a 4f 14 38 e6 5f 6b 8c f5 5d 55 f5 00000000: 7a 4f 14 38 e6 5f 6b 8c f5 5d 55 f5
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-7.23" derivedCounter="(36)">
<t indent="0" pn="section-appendix.a.1.1-7.23.1">
Composes IV Composes IV
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-7.23.2">
00000000: 00 00 00 00 00 00 00 00 00000000: 00 00 00 00 00 00 00 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-7.24" derivedCounter="(37)">
Sends message, peer receives message<sourcecode type="test-vectors"> <t indent="0" pn="section-appendix.a.1.1-7.24.1">
<![CDATA[ Sends message, peer receives message</t>
10.111.10.171:54294->10.111.15.45:500 [334] <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-7.24.2">
10.111.10.171:54294-&gt;10.111.15.45:500 [334]
00000000: e9 d3 f3 78 19 1c 38 40 8d df f4 01 fb fb 0b 14 00000000: e9 d3 f3 78 19 1c 38 40 8d df f4 01 fb fb 0b 14
00000010: 2e 20 23 08 00 00 00 01 00 00 01 4e 23 00 01 32 00000010: 2e 20 23 08 00 00 00 01 00 00 01 4e 23 00 01 32
00000020: 00 00 00 00 00 00 00 00 a5 7d 65 70 aa c3 ef f7 00000020: 00 00 00 00 00 00 00 00 a5 7d 65 70 aa c3 ef f7
00000030: df d6 5c 58 f6 2e ea 80 82 15 dc 9d ae 42 1c f0 00000030: df d6 5c 58 f6 2e ea 80 82 15 dc 9d ae 42 1c f0
00000040: 4c e4 cd 2a 45 f0 22 96 ea d2 06 cc 9b 59 97 9e 00000040: 4c e4 cd 2a 45 f0 22 96 ea d2 06 cc 9b 59 97 9e
00000050: 45 5d 27 5f b4 fd 55 6a 90 bb 14 da df 9f 56 b0 00000050: 45 5d 27 5f b4 fd 55 6a 90 bb 14 da df 9f 56 b0
00000060: e8 4c 89 a5 d8 f1 f6 55 a9 f0 82 90 57 28 86 a5 00000060: e8 4c 89 a5 d8 f1 f6 55 a9 f0 82 90 57 28 86 a5
00000070: bd 12 85 2f 2e 51 54 29 fe 04 45 a4 90 f0 f8 0e 00000070: bd 12 85 2f 2e 51 54 29 fe 04 45 a4 90 f0 f8 0e
00000080: 8b e9 c7 37 05 8f 6b bb 36 b0 24 8a 5f a3 ca f3 00000080: 8b e9 c7 37 05 8f 6b bb 36 b0 24 8a 5f a3 ca f3
skipping to change at line 998 skipping to change at line 1328
000000B0: 22 c9 ab 61 80 5a de 8e 06 40 36 7a 71 59 a5 ad 000000B0: 22 c9 ab 61 80 5a de 8e 06 40 36 7a 71 59 a5 ad
000000C0: 1c 67 25 03 9b af 2b 04 9f c1 de 51 11 7b f1 16 000000C0: 1c 67 25 03 9b af 2b 04 9f c1 de 51 11 7b f1 16
000000D0: 20 81 78 3f a8 01 d6 c8 79 89 d9 65 3e ea 58 6d 000000D0: 20 81 78 3f a8 01 d6 c8 79 89 d9 65 3e ea 58 6d
000000E0: ac 48 fc 4a 9a b9 48 02 d7 2b 01 5d 6a 2d cb 65 000000E0: ac 48 fc 4a 9a b9 48 02 d7 2b 01 5d 6a 2d cb 65
000000F0: bb ad 99 86 e2 03 08 76 1b dd 7c 56 3c 49 a4 2c 000000F0: bb ad 99 86 e2 03 08 76 1b dd 7c 56 3c 49 a4 2c
00000100: da 24 1f ad 54 79 f5 d8 0e 52 8a 49 92 90 66 80 00000100: da 24 1f ad 54 79 f5 d8 0e 52 8a 49 92 90 66 80
00000110: 85 00 b7 d8 89 5f b7 f4 92 c1 5b ed 8a 16 00 f3 00000110: 85 00 b7 d8 89 5f b7 f4 92 c1 5b ed 8a 16 00 f3
00000120: 9a f8 90 4b fa 6a b2 de 2a 89 74 9f 99 c7 c3 57 00000120: 9a f8 90 4b fa 6a b2 de 2a 89 74 9f 99 c7 c3 57
00000130: 88 5b 88 95 5c ec 46 52 04 c4 49 08 05 ab ee 1c 00000130: 88 5b 88 95 5c ec 46 52 04 c4 49 08 05 ab ee 1c
00000140: 80 f6 7a 4f 14 38 e6 5f 6b 8c f5 5d 55 f5 00000140: 80 f6 7a 4f 14 38 e6 5f 6b 8c f5 5d 55 f5
]]>
</sourcecode> </sourcecode>
</li> </li>
</ol> </ol>
<t>Responder's actions:</t> <t indent="0" pn="section-appendix.a.1.1-8">Responder's actions:</t>
<ol type="(%d)" group="data1.txt"> <ol type="(%d)" group="data1.txt" start="38" indent="adaptive" spacing
<li> ="normal" pn="section-appendix.a.1.1-9">
<li pn="section-appendix.a.1.1-9.1" derivedCounter="(38)">
<t indent="0" pn="section-appendix.a.1.1-9.1.1">
Computes shared key Computes shared key
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-9.1.2">
00000000: a2 43 6c bd 2d c1 0f 81 0d f7 6f 24 ae 78 70 f2 00000000: a2 43 6c bd 2d c1 0f 81 0d f7 6f 24 ae 78 70 f2
00000010: 27 5d 1b dc c5 52 0e d8 53 e5 c5 43 98 f7 35 ce 00000010: 27 5d 1b dc c5 52 0e d8 53 e5 c5 43 98 f7 35 ce
00000020: 32 70 89 2b 8e 89 0b 7d b3 98 77 cd bd 31 5d 18 00000020: 32 70 89 2b 8e 89 0b 7d b3 98 77 cd bd 31 5d 18
00000030: 10 5d 8b ac 16 f0 aa fd bc dc 7c 69 75 14 48 a8 00000030: 10 5d 8b ac 16 f0 aa fd bc dc 7c 69 75 14 48 a8
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-9.2" derivedCounter="(39)">
<t indent="0" pn="section-appendix.a.1.1-9.2.1">
Computes SKEYSEED Computes SKEYSEED
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-9.2.2">
00000000: fc 7b d9 80 4b 15 00 60 d2 08 17 3a 08 4b a9 2a 00000000: fc 7b d9 80 4b 15 00 60 d2 08 17 3a 08 4b a9 2a
00000010: 0f 01 cb c3 ef e9 b5 aa 15 5b 0e 80 24 68 3c 4c 00000010: 0f 01 cb c3 ef e9 b5 aa 15 5b 0e 80 24 68 3c 4c
00000020: 6c fb e9 c8 16 7d 54 2d 48 ee 61 71 01 68 ca 68 00000020: 6c fb e9 c8 16 7d 54 2d 48 ee 61 71 01 68 ca 68
00000030: 4f 7c b0 1b 61 29 20 9a 68 88 5b 3f d7 19 0b d0 00000030: 4f 7c b0 1b 61 29 20 9a 68 88 5b 3f d7 19 0b d0
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-9.3" derivedCounter="(40)">
<t indent="0" pn="section-appendix.a.1.1-9.3.1">
Computes SK_d Computes SK_d
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-9.3.2">
00000000: 6b 2b 83 d7 a9 10 5f f4 27 e8 05 86 b7 f0 09 31 00000000: 6b 2b 83 d7 a9 10 5f f4 27 e8 05 86 b7 f0 09 31
00000010: 16 43 81 ae 88 7a 3f c9 65 30 73 00 e5 82 81 52 00000010: 16 43 81 ae 88 7a 3f c9 65 30 73 00 e5 82 81 52
00000020: 68 07 ba e5 39 ef 6e a7 75 db 2c c9 1c d3 4b 70 00000020: 68 07 ba e5 39 ef 6e a7 75 db 2c c9 1c d3 4b 70
00000030: e0 be 97 14 81 bb 0c 80 ef b3 6e 12 2a 08 74 36 00000030: e0 be 97 14 81 bb 0c 80 ef b3 6e 12 2a 08 74 36
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-9.4" derivedCounter="(41)">
<t indent="0" pn="section-appendix.a.1.1-9.4.1">
Computes SK_ei Computes SK_ei
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-9.4.2">
00000000: 8c 6d f1 8f 6a ff 9f 1b 3e be 40 ef e2 64 c2 bf 00000000: 8c 6d f1 8f 6a ff 9f 1b 3e be 40 ef e2 64 c2 bf
00000010: 8e 6e d7 4c b5 8b 0a 74 a7 30 0c 21 7e 66 c7 d4 00000010: 8e 6e d7 4c b5 8b 0a 74 a7 30 0c 21 7e 66 c7 d4
00000020: 83 00 37 c3 08 01 7e c3 0a 71 62 01 00000020: 83 00 37 c3 08 01 7e c3 0a 71 62 01
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-9.5" derivedCounter="(42)">
<t indent="0" pn="section-appendix.a.1.1-9.5.1">
Computes SK_er Computes SK_er
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-9.5.2">
00000000: df e8 7d 5f 9c da 5e 45 b8 b9 11 02 63 6c 08 47 00000000: df e8 7d 5f 9c da 5e 45 b8 b9 11 02 63 6c 08 47
00000010: f6 4f c5 5d 6a 7b 4b 91 52 32 0a a2 5e c0 31 34 00000010: f6 4f c5 5d 6a 7b 4b 91 52 32 0a a2 5e c0 31 34
00000020: 65 20 72 e7 0a 1e ff 7d da ba 17 31 00000020: 65 20 72 e7 0a 1e ff 7d da ba 17 31
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-9.6" derivedCounter="(43)">
<t indent="0" pn="section-appendix.a.1.1-9.6.1">
Computes SK_pi Computes SK_pi
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-9.6.2">
00000000: 93 11 c6 4c d7 12 b5 40 f9 e8 7e 73 c5 28 a7 d8 00000000: 93 11 c6 4c d7 12 b5 40 f9 e8 7e 73 c5 28 a7 d8
00000010: 89 48 1c f1 bf a3 ad 67 cf b4 d9 6a 9b fe 3c ea 00000010: 89 48 1c f1 bf a3 ad 67 cf b4 d9 6a 9b fe 3c ea
00000020: 2f cc 2a 5e d4 e4 0b 27 7f be c9 9d c3 8d b7 68 00000020: 2f cc 2a 5e d4 e4 0b 27 7f be c9 9d c3 8d b7 68
00000030: 03 c1 f3 f8 94 af 47 8b d8 35 b8 6b c2 ca 38 16 00000030: 03 c1 f3 f8 94 af 47 8b d8 35 b8 6b c2 ca 38 16
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-9.7" derivedCounter="(44)">
<t indent="0" pn="section-appendix.a.1.1-9.7.1">
Computes SK_pr Computes SK_pr
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-9.7.2">
00000000: 7b b0 4b 24 74 9c 73 68 7f 34 a3 b8 17 6b 9e 30 00000000: 7b b0 4b 24 74 9c 73 68 7f 34 a3 b8 17 6b 9e 30
00000010: f2 eb 33 73 23 ff 49 1e e3 07 e7 9f 77 b6 2a ef 00000010: f2 eb 33 73 23 ff 49 1e e3 07 e7 9f 77 b6 2a ef
00000020: 5a 5e a9 02 8e 90 5c 83 49 ec 1e aa a4 05 bc e1 00000020: 5a 5e a9 02 8e 90 5c 83 49 ec 1e aa a4 05 bc e1
00000030: fb c4 5b f0 27 d6 9b 41 77 6f e1 48 f3 37 99 e5 00000030: fb c4 5b f0 27 d6 9b 41 77 6f e1 48 f3 37 99 e5
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-9.8" derivedCounter="(45)">
<t indent="0" pn="section-appendix.a.1.1-9.8.1">
Extracts IV from message Extracts IV from message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-9.8.2">
00000000: 00 00 00 00 00 00 00 00 00000000: 00 00 00 00 00 00 00 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-9.9" derivedCounter="(46)">
<t indent="0" pn="section-appendix.a.1.1-9.9.1">
Computes K1i (i1 = 0) Computes K1i (i1 = 0)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-9.9.2">
00000000: f2 ac 10 7a 1f 92 d1 b1 1b b1 74 c3 42 76 a3 3f 00000000: f2 ac 10 7a 1f 92 d1 b1 1b b1 74 c3 42 76 a3 3f
00000010: fa ea 1b 1e 81 10 c1 01 7a 25 9a 00 8d 76 57 de 00000010: fa ea 1b 1e 81 10 c1 01 7a 25 9a 00 8d 76 57 de
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-9.10" derivedCounter="(47)">
<t indent="0" pn="section-appendix.a.1.1-9.10.1">
Computes K2i (i2 = 0) Computes K2i (i2 = 0)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-9.10.2">
00000000: 77 e0 16 18 ad 76 e8 5a 66 2f 88 c4 c0 92 ec 33 00000000: 77 e0 16 18 ad 76 e8 5a 66 2f 88 c4 c0 92 ec 33
00000010: 6d 23 63 28 28 d5 77 d8 84 e1 01 b1 8d 84 a7 1d 00000010: 6d 23 63 28 28 d5 77 d8 84 e1 01 b1 8d 84 a7 1d
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-9.11" derivedCounter="(48)">
<t indent="0" pn="section-appendix.a.1.1-9.11.1">
Computes K3i (i3 = 0) Computes K3i (i3 = 0)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-9.11.2">
00000000: 36 ff fa db 84 a9 f1 21 d5 84 16 db eb af 21 a2 00000000: 36 ff fa db 84 a9 f1 21 d5 84 16 db eb af 21 a2
00000010: 12 6d 5c 35 95 fe 89 cf 27 47 52 8a b7 36 92 d4 00000010: 12 6d 5c 35 95 fe 89 cf 27 47 52 8a b7 36 92 d4
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-9.12" derivedCounter="(49)">
<t indent="0" pn="section-appendix.a.1.1-9.12.1">
Composes MGM nonce Composes MGM nonce
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-9.12.2">
00000000: 00 00 00 00 83 00 37 c3 08 01 7e c3 0a 71 62 01 00000000: 00 00 00 00 83 00 37 c3 08 01 7e c3 0a 71 62 01
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-9.13" derivedCounter="(50)">
<t indent="0" pn="section-appendix.a.1.1-9.13.1">
Extracts ICV from message Extracts ICV from message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-9.13.2">
00000000: 7a 4f 14 38 e6 5f 6b 8c f5 5d 55 f5 00000000: 7a 4f 14 38 e6 5f 6b 8c f5 5d 55 f5
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-9.14" derivedCounter="(51)">
<t indent="0" pn="section-appendix.a.1.1-9.14.1">
Extracts AAD from message Extracts AAD from message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-9.14.2">
00000000: e9 d3 f3 78 19 1c 38 40 8d df f4 01 fb fb 0b 14 00000000: e9 d3 f3 78 19 1c 38 40 8d df f4 01 fb fb 0b 14
00000010: 2e 20 23 08 00 00 00 01 00 00 01 4e 23 00 01 32 00000010: 2e 20 23 08 00 00 00 01 00 00 01 4e 23 00 01 32
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-9.15" derivedCounter="(52)">
<t indent="0" pn="section-appendix.a.1.1-9.15.1">
Extracts ciphertext from message Extracts ciphertext from message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-9.15.2">
00000000: a5 7d 65 70 aa c3 ef f7 df d6 5c 58 f6 2e ea 80 00000000: a5 7d 65 70 aa c3 ef f7 df d6 5c 58 f6 2e ea 80
00000010: 82 15 dc 9d ae 42 1c f0 4c e4 cd 2a 45 f0 22 96 00000010: 82 15 dc 9d ae 42 1c f0 4c e4 cd 2a 45 f0 22 96
00000020: ea d2 06 cc 9b 59 97 9e 45 5d 27 5f b4 fd 55 6a 00000020: ea d2 06 cc 9b 59 97 9e 45 5d 27 5f b4 fd 55 6a
00000030: 90 bb 14 da df 9f 56 b0 e8 4c 89 a5 d8 f1 f6 55 00000030: 90 bb 14 da df 9f 56 b0 e8 4c 89 a5 d8 f1 f6 55
00000040: a9 f0 82 90 57 28 86 a5 bd 12 85 2f 2e 51 54 29 00000040: a9 f0 82 90 57 28 86 a5 bd 12 85 2f 2e 51 54 29
00000050: fe 04 45 a4 90 f0 f8 0e 8b e9 c7 37 05 8f 6b bb 00000050: fe 04 45 a4 90 f0 f8 0e 8b e9 c7 37 05 8f 6b bb
00000060: 36 b0 24 8a 5f a3 ca f3 7e 7d f9 8e 73 4b b0 14 00000060: 36 b0 24 8a 5f a3 ca f3 7e 7d f9 8e 73 4b b0 14
00000070: ce b0 af 63 4c 4f ea 60 f6 46 4c 61 76 7c 9f 18 00000070: ce b0 af 63 4c 4f ea 60 f6 46 4c 61 76 7c 9f 18
00000080: 0c 61 73 fa 30 9f 91 c4 22 c9 ab 61 80 5a de 8e 00000080: 0c 61 73 fa 30 9f 91 c4 22 c9 ab 61 80 5a de 8e
00000090: 06 40 36 7a 71 59 a5 ad 1c 67 25 03 9b af 2b 04 00000090: 06 40 36 7a 71 59 a5 ad 1c 67 25 03 9b af 2b 04
000000A0: 9f c1 de 51 11 7b f1 16 20 81 78 3f a8 01 d6 c8 000000A0: 9f c1 de 51 11 7b f1 16 20 81 78 3f a8 01 d6 c8
000000B0: 79 89 d9 65 3e ea 58 6d ac 48 fc 4a 9a b9 48 02 000000B0: 79 89 d9 65 3e ea 58 6d ac 48 fc 4a 9a b9 48 02
000000C0: d7 2b 01 5d 6a 2d cb 65 bb ad 99 86 e2 03 08 76 000000C0: d7 2b 01 5d 6a 2d cb 65 bb ad 99 86 e2 03 08 76
000000D0: 1b dd 7c 56 3c 49 a4 2c da 24 1f ad 54 79 f5 d8 000000D0: 1b dd 7c 56 3c 49 a4 2c da 24 1f ad 54 79 f5 d8
000000E0: 0e 52 8a 49 92 90 66 80 85 00 b7 d8 89 5f b7 f4 000000E0: 0e 52 8a 49 92 90 66 80 85 00 b7 d8 89 5f b7 f4
000000F0: 92 c1 5b ed 8a 16 00 f3 9a f8 90 4b fa 6a b2 de 000000F0: 92 c1 5b ed 8a 16 00 f3 9a f8 90 4b fa 6a b2 de
00000100: 2a 89 74 9f 99 c7 c3 57 88 5b 88 95 5c ec 46 52 00000100: 2a 89 74 9f 99 c7 c3 57 88 5b 88 95 5c ec 46 52
00000110: 04 c4 49 08 05 ab ee 1c 80 f6 00000110: 04 c4 49 08 05 ab ee 1c 80 f6
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-9.16" derivedCounter="(53)">
Decrypts ciphertext and verifies ICV using K3i as K_msg, resulted in plaintext <t indent="0" pn="section-appendix.a.1.1-9.16.1">
<sourcecode type="test-vectors"> Decrypts ciphertext and verifies ICV using K3i as K_msg, resulting in plaintext
<![CDATA[ </t>
<sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-9.16.2">
00000000: 27 00 00 15 02 00 00 00 49 4b 45 2d 49 6e 69 74 00000000: 27 00 00 15 02 00 00 00 49 4b 45 2d 49 6e 69 74
00000010: 69 61 74 6f 72 29 00 00 48 02 00 00 00 c9 9b 01 00000010: 69 61 74 6f 72 29 00 00 48 02 00 00 00 c9 9b 01
00000020: 9a 89 ee 56 53 ab 28 25 a1 d7 51 54 ac 01 42 fb 00000020: 9a 89 ee 56 53 ab 28 25 a1 d7 51 54 ac 01 42 fb
00000030: d6 2e bc 1e f3 65 73 63 5b 16 81 4b 97 38 b4 20 00000030: d6 2e bc 1e f3 65 73 63 5b 16 81 4b 97 38 b4 20
00000040: 5d 09 d9 b4 21 b4 0c f4 55 27 80 e7 4c cf 66 d0 00000040: 5d 09 d9 b4 21 b4 0c f4 55 27 80 e7 4c cf 66 d0
00000050: 14 25 87 7c 20 84 68 d5 79 3a 74 1e e3 29 00 00 00000050: 14 25 87 7c 20 84 68 d5 79 3a 74 1e e3 29 00 00
00000060: 08 00 00 40 00 2f 00 00 0c 00 00 40 01 00 00 00 00000060: 08 00 00 40 00 2f 00 00 0c 00 00 40 01 00 00 00
00000070: 04 21 00 00 10 01 00 00 00 00 01 00 00 00 03 00 00000070: 04 21 00 00 10 01 00 00 00 00 01 00 00 00 03 00
00000080: 00 2c 00 00 38 00 00 00 34 01 03 04 05 0a de 5f 00000080: 00 2c 00 00 38 00 00 00 34 01 03 04 05 0a de 5f
00000090: cd 03 00 00 08 01 00 00 20 03 00 00 08 01 00 00 00000090: cd 03 00 00 08 01 00 00 20 03 00 00 08 01 00 00
000000A0: 21 03 00 00 08 01 00 00 22 03 00 00 08 01 00 00 000000A0: 21 03 00 00 08 01 00 00 22 03 00 00 08 01 00 00
000000B0: 23 00 00 00 08 05 00 00 00 2d 00 00 28 02 00 00 000000B0: 23 00 00 00 08 05 00 00 00 2d 00 00 28 02 00 00
000000C0: 00 07 01 00 10 08 00 08 00 0a 6f 0a ab 0a 6f 0a 000000C0: 00 07 01 00 10 08 00 08 00 0a 6f 0a ab 0a 6f 0a
000000D0: ab 07 00 00 10 00 00 ff ff 00 00 00 00 ff ff ff 000000D0: ab 07 00 00 10 00 00 ff ff 00 00 00 00 ff ff ff
000000E0: ff 29 00 00 28 02 00 00 00 07 01 00 10 08 00 08 000000E0: ff 29 00 00 28 02 00 00 00 07 01 00 10 08 00 08
000000F0: 00 0a 00 00 02 0a 00 00 02 07 00 00 10 00 00 ff 000000F0: 00 0a 00 00 02 0a 00 00 02 07 00 00 10 00 00 ff
00000100: ff 0a 00 00 00 0a 00 00 ff 29 00 00 08 00 00 40 00000100: ff 0a 00 00 00 0a 00 00 ff 29 00 00 08 00 00 40
00000110: 0a 00 00 00 08 00 00 40 0b 00 00000110: 0a 00 00 00 08 00 00 40 0b 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-9.17" derivedCounter="(54)">
<t indent="0" pn="section-appendix.a.1.1-9.17.1">
Parses received message Parses received message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-9.17.2">
IKE SA Auth IKE SA Auth
E9D3F378191C3840.8DDFF401FBFB0B14.00000001 IKEv2 I->R[334] E9D3F378191C3840.8DDFF401FBFB0B14.00000001 IKEv2 I-&gt;R[334]
E[306]{ E[306]{
IDi[21](FQDN){"IKE-Initiator"}, IDi[21](FQDN){"IKE-Initiator"},
AUTH[72](Preshared-Key){C99B01...741EE3}, AUTH[72](Preshared-Key){C99B01...741EE3},
N[8](INITIAL_CONTACT), N[8](INITIAL_CONTACT),
N[12](SET_WINDOW_SIZE){4}, N[12](SET_WINDOW_SIZE){4},
CP[16](REQUEST){IP4.Address[0], IP4.DNS[0]}, CP[16](REQUEST){IP4.Address[0], IP4.DNS[0]},
SA[56]{ SA[56]{
P[52](#1:ESP:0ADE5FCD:5#){ P[52](#1:ESP:0ADE5FCD:5#){
Encryption=ENCR_KUZNYECHIK_MGM_KTREE, Encryption=ENCR_KUZNYECHIK_MGM_KTREE,
ENCR_MAGMA_MGM_KTREE, ENCR_MAGMA_MGM_KTREE,
ENCR_KUZNYECHIK_MGM_MAC_KTREE, ENCR_KUZNYECHIK_MGM_MAC_KTREE,
ENCR_MAGMA_MGM_MAC_KTREE, ENCR_MAGMA_MGM_MAC_KTREE,
ESN=Off}}, ESN=Off}},
TSi[40](2#){10.111.10.171:icmp:8.0, 0.0.0.0-255.255.255.255}, TSi[40](2#){10.111.10.171:icmp:8.0, 0.0.0.0-255.255.255.255},
TSr[40](2#){10.0.0.2:icmp:8.0, 10.0.0.0-10.0.0.255}, TSr[40](2#){10.0.0.2:icmp:8.0, 10.0.0.0-10.0.0.255},
N[8](ESP_TFC_PADDING_NOT_SUPPORTED), N[8](ESP_TFC_PADDING_NOT_SUPPORTED),
N[8](NON_FIRST_FRAGMENTS_ALSO)} N[8](NON_FIRST_FRAGMENTS_ALSO)}
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-9.18" derivedCounter="(55)">
<t indent="0" pn="section-appendix.a.1.1-9.18.1">
Computes prf(SK_pi, IDi) Computes prf(SK_pi, IDi)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-9.18.2">
00000000: 06 d3 d4 36 ab 5b 4f 41 d4 3d fc 79 1f 13 a3 89 00000000: 06 d3 d4 36 ab 5b 4f 41 d4 3d fc 79 1f 13 a3 89
00000010: e9 a6 6e d7 87 7d 72 d1 9d 71 78 2d 05 ee 47 fb 00000010: e9 a6 6e d7 87 7d 72 d1 9d 71 78 2d 05 ee 47 fb
00000020: 82 c8 8f 86 cd b5 05 1d 25 7c 1e 79 18 ef 4e 4e 00000020: 82 c8 8f 86 cd b5 05 1d 25 7c 1e 79 18 ef 4e 4e
00000030: 8d ca f4 47 12 c6 7f 6a 32 7d d8 e8 f2 8e f8 33 00000030: 8d ca f4 47 12 c6 7f 6a 32 7d d8 e8 f2 8e f8 33
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-9.19" derivedCounter="(56)">
<t indent="0" pn="section-appendix.a.1.1-9.19.1">
Uses PSK Uses PSK
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-9.19.2">
00000000: e2 69 24 cf 15 32 93 47 3a 11 a4 97 a8 a4 5c b3 00000000: e2 69 24 cf 15 32 93 47 3a 11 a4 97 a8 a4 5c b3
00000010: 4e 28 31 ef 0e 28 bb 77 69 69 c6 3c 68 bf e1 0d 00000010: 4e 28 31 ef 0e 28 bb 77 69 69 c6 3c 68 bf e1 0d
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-9.20" derivedCounter="(57)">
<t indent="0" pn="section-appendix.a.1.1-9.20.1">
Computes prf(PSK,"Key Pad for IKEv2") Computes prf(PSK,"Key Pad for IKEv2")
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-9.20.2">
00000000: 01 3c a5 24 59 4e bc 78 99 20 61 6c 3f 03 e5 2e 00000000: 01 3c a5 24 59 4e bc 78 99 20 61 6c 3f 03 e5 2e
00000010: 7a 75 2a 0b 78 36 bd 0a 89 ce 1d e7 8b 23 32 ae 00000010: 7a 75 2a 0b 78 36 bd 0a 89 ce 1d e7 8b 23 32 ae
00000020: 08 9a a0 03 1d da f6 14 8c 38 c6 bd 7c 03 13 24 00000020: 08 9a a0 03 1d da f6 14 8c 38 c6 bd 7c 03 13 24
00000030: bd af c8 ad 88 18 8f 41 d0 12 b9 e1 5a 66 8f 10 00000030: bd af c8 ad 88 18 8f 41 d0 12 b9 e1 5a 66 8f 10
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-9.21" derivedCounter="(58)">
<t indent="0" pn="section-appendix.a.1.1-9.21.1">
Computes content of AUTH payload and compares it with the received one Computes content of AUTH payload and compares it with the received one
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-9.21.2">
00000000: c9 9b 01 9a 89 ee 56 53 ab 28 25 a1 d7 51 54 ac 00000000: c9 9b 01 9a 89 ee 56 53 ab 28 25 a1 d7 51 54 ac
00000010: 01 42 fb d6 2e bc 1e f3 65 73 63 5b 16 81 4b 97 00000010: 01 42 fb d6 2e bc 1e f3 65 73 63 5b 16 81 4b 97
00000020: 38 b4 20 5d 09 d9 b4 21 b4 0c f4 55 27 80 e7 4c 00000020: 38 b4 20 5d 09 d9 b4 21 b4 0c f4 55 27 80 e7 4c
00000030: cf 66 d0 14 25 87 7c 20 84 68 d5 79 3a 74 1e e3 00000030: cf 66 d0 14 25 87 7c 20 84 68 d5 79 3a 74 1e e3
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-9.22" derivedCounter="(59)">
<t indent="0" pn="section-appendix.a.1.1-9.22.1">
Computes keys for ESP SAs Computes keys for ESP SAs
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-9.22.2">
00000000: ff 42 3b a3 78 29 2b 10 52 c8 bf 06 fa ba 6d 5f 00000000: ff 42 3b a3 78 29 2b 10 52 c8 bf 06 fa ba 6d 5f
00000010: e2 db 51 1b 74 1b 54 ad 35 85 e3 cf 2b 77 52 42 00000010: e2 db 51 1b 74 1b 54 ad 35 85 e3 cf 2b 77 52 42
00000020: bc 8c d8 ba dd f4 46 9e 89 41 5c d6 00000020: bc 8c d8 ba dd f4 46 9e 89 41 5c d6
00000000: 8c eb 84 af 18 01 18 36 b7 8d 65 be 03 ca 69 64 00000000: 8c eb 84 af 18 01 18 36 b7 8d 65 be 03 ca 69 64
00000010: 89 6e a8 91 03 bc 9a dc bd 49 10 ab 20 83 9f 83 00000010: 89 6e a8 91 03 bc 9a dc bd 49 10 ab 20 83 9f 83
00000020: b1 7c 45 9d ab d8 ab 6f de 6a 62 d1 00000020: b1 7c 45 9d ab d8 ab 6f de 6a 62 d1
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-9.23" derivedCounter="(60)">
<t indent="0" pn="section-appendix.a.1.1-9.23.1">
Computes prf(SK_pr,IDr) Computes prf(SK_pr,IDr)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-9.23.2">
00000000: 32 61 00 71 e8 1a d6 a1 12 8d ef 4e 2a e9 bb c2 00000000: 32 61 00 71 e8 1a d6 a1 12 8d ef 4e 2a e9 bb c2
00000010: 9f 3d ba 28 1b 2a a5 10 a2 ad c6 b1 73 07 c9 f1 00000010: 9f 3d ba 28 1b 2a a5 10 a2 ad c6 b1 73 07 c9 f1
00000020: 50 9e 1c d7 a5 85 8f a8 40 ef dd a7 ae 33 71 74 00000020: 50 9e 1c d7 a5 85 8f a8 40 ef dd a7 ae 33 71 74
00000030: c8 8b a9 f4 3a 83 0f c1 c5 3c 9b 21 9f a9 58 25 00000030: c8 8b a9 f4 3a 83 0f c1 c5 3c 9b 21 9f a9 58 25
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-9.24" derivedCounter="(61)">
<t indent="0" pn="section-appendix.a.1.1-9.24.1">
Uses PSK Uses PSK
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-9.24.2">
00000000: e2 69 24 cf 15 32 93 47 3a 11 a4 97 a8 a4 5c b3 00000000: e2 69 24 cf 15 32 93 47 3a 11 a4 97 a8 a4 5c b3
00000010: 4e 28 31 ef 0e 28 bb 77 69 69 c6 3c 68 bf e1 0d 00000010: 4e 28 31 ef 0e 28 bb 77 69 69 c6 3c 68 bf e1 0d
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-9.25" derivedCounter="(62)">
<t indent="0" pn="section-appendix.a.1.1-9.25.1">
Computes prf(PSK,"Key Pad for IKEv2") Computes prf(PSK,"Key Pad for IKEv2")
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-9.25.2">
00000000: 01 3c a5 24 59 4e bc 78 99 20 61 6c 3f 03 e5 2e 00000000: 01 3c a5 24 59 4e bc 78 99 20 61 6c 3f 03 e5 2e
00000010: 7a 75 2a 0b 78 36 bd 0a 89 ce 1d e7 8b 23 32 ae 00000010: 7a 75 2a 0b 78 36 bd 0a 89 ce 1d e7 8b 23 32 ae
00000020: 08 9a a0 03 1d da f6 14 8c 38 c6 bd 7c 03 13 24 00000020: 08 9a a0 03 1d da f6 14 8c 38 c6 bd 7c 03 13 24
00000030: bd af c8 ad 88 18 8f 41 d0 12 b9 e1 5a 66 8f 10 00000030: bd af c8 ad 88 18 8f 41 d0 12 b9 e1 5a 66 8f 10
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-9.26" derivedCounter="(63)">
<t indent="0" pn="section-appendix.a.1.1-9.26.1">
Computes content of AUTH payload Computes content of AUTH payload
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-9.26.2">
00000000: 35 ce 8a ab dd 3d b1 5f 38 7b 2e c9 a6 24 7a 1f 00000000: 35 ce 8a ab dd 3d b1 5f 38 7b 2e c9 a6 24 7a 1f
00000010: a7 bb a0 6f b6 5e d8 81 07 d3 43 c8 a5 db 37 51 00000010: a7 bb a0 6f b6 5e d8 81 07 d3 43 c8 a5 db 37 51
00000020: 0e 9d 9a 85 66 18 7a 0f 5c e2 1b fb 27 56 65 ed 00000020: 0e 9d 9a 85 66 18 7a 0f 5c e2 1b fb 27 56 65 ed
00000030: 0e 41 fe ce 5e 95 bf 8a ae 57 f6 d6 26 d2 d1 2d 00000030: 0e 41 fe ce 5e 95 bf 8a ae 57 f6 d6 26 d2 d1 2d
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-9.27" derivedCounter="(64)">
<t indent="0" pn="section-appendix.a.1.1-9.27.1">
Computes K1r (i1 = 0) Computes K1r (i1 = 0)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-9.27.2">
00000000: 61 cd ad b1 01 10 71 7c dc 18 81 1d 1f aa e3 13 00000000: 61 cd ad b1 01 10 71 7c dc 18 81 1d 1f aa e3 13
00000010: 4b 07 f8 f7 49 a7 3d 0a 57 2f e1 61 bc ab 85 c4 00000010: 4b 07 f8 f7 49 a7 3d 0a 57 2f e1 61 bc ab 85 c4
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-9.28" derivedCounter="(65)">
<t indent="0" pn="section-appendix.a.1.1-9.28.1">
Computes K2r (i2 = 0) Computes K2r (i2 = 0)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-9.28.2">
00000000: 5f e7 47 77 da f7 54 d7 a8 e5 eb ed f9 82 c8 a9 00000000: 5f e7 47 77 da f7 54 d7 a8 e5 eb ed f9 82 c8 a9
00000010: 74 0c 54 77 6f eb b8 70 a4 43 43 3e c2 9e ce a6 00000010: 74 0c 54 77 6f eb b8 70 a4 43 43 3e c2 9e ce a6
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-9.29" derivedCounter="(66)">
<t indent="0" pn="section-appendix.a.1.1-9.29.1">
Computes K3r (i3 = 0) Computes K3r (i3 = 0)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-9.29.2">
00000000: e8 af 72 c4 c3 55 a2 6a fb ad 37 fd b4 b9 7f d6 00000000: e8 af 72 c4 c3 55 a2 6a fb ad 37 fd b4 b9 7f d6
00000010: f6 c8 cc 32 3f 50 32 40 06 86 ce 85 1b 02 28 f3 00000010: f6 c8 cc 32 3f 50 32 40 06 86 ce 85 1b 02 28 f3
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-9.30" derivedCounter="(67)">
<t indent="0" pn="section-appendix.a.1.1-9.30.1">
Selects SPI for incoming ESP SA Selects SPI for incoming ESP SA
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-9.30.2">
00000000: 50 3c 8d af 00000000: 50 3c 8d af
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-9.31" derivedCounter="(68)">
<t indent="0" pn="section-appendix.a.1.1-9.31.1">
Creates message Creates message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-9.31.2">
IKE SA Auth IKE SA Auth
E9D3F378191C3840.8DDFF401FBFB0B14.00000001 IKEv2 I<=R[286] E9D3F378191C3840.8DDFF401FBFB0B14.00000001 IKEv2 I&lt;=R[286]
E[258]{ E[258]{
IDr[21](FQDN){"IKE-Responder"}, IDr[21](FQDN){"IKE-Responder"},
AUTH[72](Preshared-Key){35CE8A...D2D12D}, AUTH[72](Preshared-Key){35CE8A...D2D12D},
N[8](INITIAL_CONTACT), N[8](INITIAL_CONTACT),
N[12](SET_WINDOW_SIZE){64}, N[12](SET_WINDOW_SIZE){64},
CP[16](REPLY){IP4.Address[4]=10.1.1.2}, CP[16](REPLY){IP4.Address[4]=10.1.1.2},
SA[32]{ SA[32]{
P[28](#1:ESP:503C8DAF:2#){ P[28](#1:ESP:503C8DAF:2#){
Encryption=ENCR_KUZNYECHIK_MGM_KTREE, Encryption=ENCR_KUZNYECHIK_MGM_KTREE,
ESN=Off}}, ESN=Off}},
TSi[24](1#){10.1.1.2}, TSi[24](1#){10.1.1.2},
TSr[24](1#){10.0.0.0-10.0.0.255}, TSr[24](1#){10.0.0.0-10.0.0.255},
N[8](ADDITIONAL_TS_POSSIBLE), N[8](ADDITIONAL_TS_POSSIBLE),
N[8](ESP_TFC_PADDING_NOT_SUPPORTED), N[8](ESP_TFC_PADDING_NOT_SUPPORTED),
N[8](NON_FIRST_FRAGMENTS_ALSO)} N[8](NON_FIRST_FRAGMENTS_ALSO)}
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-9.32" derivedCounter="(69)">
<t indent="0" pn="section-appendix.a.1.1-9.32.1">
Composes MGM nonce Composes MGM nonce
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-9.32.2">
00000000: 00 00 00 00 65 20 72 e7 0a 1e ff 7d da ba 17 31 00000000: 00 00 00 00 65 20 72 e7 0a 1e ff 7d da ba 17 31
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-9.33" derivedCounter="(70)">
<t indent="0" pn="section-appendix.a.1.1-9.33.1">
Composes AAD Composes AAD
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-9.33.2">
00000000: e9 d3 f3 78 19 1c 38 40 8d df f4 01 fb fb 0b 14 00000000: e9 d3 f3 78 19 1c 38 40 8d df f4 01 fb fb 0b 14
00000010: 2e 20 23 20 00 00 00 01 00 00 01 1e 24 00 01 02 00000010: 2e 20 23 20 00 00 00 01 00 00 01 1e 24 00 01 02
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-9.34" derivedCounter="(71)">
<t indent="0" pn="section-appendix.a.1.1-9.34.1">
Composes plaintext Composes plaintext
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-9.34.2">
00000000: 27 00 00 15 02 00 00 00 49 4b 45 2d 52 65 73 70 00000000: 27 00 00 15 02 00 00 00 49 4b 45 2d 52 65 73 70
00000010: 6f 6e 64 65 72 29 00 00 48 02 00 00 00 35 ce 8a 00000010: 6f 6e 64 65 72 29 00 00 48 02 00 00 00 35 ce 8a
00000020: ab dd 3d b1 5f 38 7b 2e c9 a6 24 7a 1f a7 bb a0 00000020: ab dd 3d b1 5f 38 7b 2e c9 a6 24 7a 1f a7 bb a0
00000030: 6f b6 5e d8 81 07 d3 43 c8 a5 db 37 51 0e 9d 9a 00000030: 6f b6 5e d8 81 07 d3 43 c8 a5 db 37 51 0e 9d 9a
00000040: 85 66 18 7a 0f 5c e2 1b fb 27 56 65 ed 0e 41 fe 00000040: 85 66 18 7a 0f 5c e2 1b fb 27 56 65 ed 0e 41 fe
00000050: ce 5e 95 bf 8a ae 57 f6 d6 26 d2 d1 2d 29 00 00 00000050: ce 5e 95 bf 8a ae 57 f6 d6 26 d2 d1 2d 29 00 00
00000060: 08 00 00 40 00 2f 00 00 0c 00 00 40 01 00 00 00 00000060: 08 00 00 40 00 2f 00 00 0c 00 00 40 01 00 00 00
00000070: 40 21 00 00 10 02 00 00 00 00 01 00 04 0a 01 01 00000070: 40 21 00 00 10 02 00 00 00 00 01 00 04 0a 01 01
00000080: 02 2c 00 00 20 00 00 00 1c 01 03 04 02 50 3c 8d 00000080: 02 2c 00 00 20 00 00 00 1c 01 03 04 02 50 3c 8d
00000090: af 03 00 00 08 01 00 00 20 00 00 00 08 05 00 00 00000090: af 03 00 00 08 01 00 00 20 00 00 00 08 05 00 00
000000A0: 00 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff 000000A0: 00 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff
000000B0: ff 0a 01 01 02 0a 01 01 02 29 00 00 18 01 00 00 000000B0: ff 0a 01 01 02 0a 01 01 02 29 00 00 18 01 00 00
000000C0: 00 07 00 00 10 00 00 ff ff 0a 00 00 00 0a 00 00 000000C0: 00 07 00 00 10 00 00 ff ff 0a 00 00 00 0a 00 00
000000D0: ff 29 00 00 08 00 00 40 02 29 00 00 08 00 00 40 000000D0: ff 29 00 00 08 00 00 40 02 29 00 00 08 00 00 40
000000E0: 0a 00 00 00 08 00 00 40 0b 00 000000E0: 0a 00 00 00 08 00 00 40 0b 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-9.35" derivedCounter="(72)">
Encrypts plaintext using K3r as K_msg, resulted in ciphertext <t indent="0" pn="section-appendix.a.1.1-9.35.1">
<sourcecode type="test-vectors"> Encrypts plaintext using K3r as K_msg, resulting in ciphertext
<![CDATA[ </t>
<sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-9.35.2">
00000000: 9b 5d 58 8a 99 44 11 d6 5b 93 7f 98 57 0d 0f 09 00000000: 9b 5d 58 8a 99 44 11 d6 5b 93 7f 98 57 0d 0f 09
00000010: 0c a3 d9 36 41 b5 9c 91 94 17 3a cb 00 88 24 5e 00000010: 0c a3 d9 36 41 b5 9c 91 94 17 3a cb 00 88 24 5e
00000020: 25 b7 0d 75 2f fb 4d d0 ab 2c cc 84 42 e7 f8 1b 00000020: 25 b7 0d 75 2f fb 4d d0 ab 2c cc 84 42 e7 f8 1b
00000030: 5a e6 88 13 9a 3e b1 03 79 31 0c 69 f6 17 a2 40 00000030: 5a e6 88 13 9a 3e b1 03 79 31 0c 69 f6 17 a2 40
00000040: f8 aa 74 2e 62 29 ee 57 43 3f 10 bf 44 73 51 97 00000040: f8 aa 74 2e 62 29 ee 57 43 3f 10 bf 44 73 51 97
00000050: 2c 93 a4 02 87 3d 37 45 2c f1 3e 16 c3 d9 ec b3 00000050: 2c 93 a4 02 87 3d 37 45 2c f1 3e 16 c3 d9 ec b3
00000060: b8 6f 66 1a f1 73 44 7c db 74 11 e6 07 4a 75 23 00000060: b8 6f 66 1a f1 73 44 7c db 74 11 e6 07 4a 75 23
00000070: 83 df 00 52 ae 68 60 39 83 4c c3 b1 d5 7a e8 7f 00000070: 83 df 00 52 ae 68 60 39 83 4c c3 b1 d5 7a e8 7f
00000080: 61 59 9e 4f 92 3c 2f 04 3b c3 ac e7 23 3f 1c a7 00000080: 61 59 9e 4f 92 3c 2f 04 3b c3 ac e7 23 3f 1c a7
00000090: a5 3f 4d 33 1f 46 25 9f 09 5e f4 75 e0 12 32 5b 00000090: a5 3f 4d 33 1f 46 25 9f 09 5e f4 75 e0 12 32 5b
000000A0: 29 64 a4 40 1a b5 c9 cd 9e 8f 91 cc 5b 7d 14 15 000000A0: 29 64 a4 40 1a b5 c9 cd 9e 8f 91 cc 5b 7d 14 15
000000B0: d0 89 70 e0 c6 d8 e4 e0 93 ff 02 4c 69 db ab 84 000000B0: d0 89 70 e0 c6 d8 e4 e0 93 ff 02 4c 69 db ab 84
000000C0: d6 8f b9 f9 ed 07 aa 96 29 2a 50 c2 c4 b6 e5 cb 000000C0: d6 8f b9 f9 ed 07 aa 96 29 2a 50 c2 c4 b6 e5 cb
000000D0: 8e 16 33 7a 20 a4 3b 0e f2 53 9b b1 63 c0 46 4b 000000D0: 8e 16 33 7a 20 a4 3b 0e f2 53 9b b1 63 c0 46 4b
000000E0: d9 31 a8 98 f5 17 8a ff 0a c0 000000E0: d9 31 a8 98 f5 17 8a ff 0a c0
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-9.36" derivedCounter="(73)">
<t indent="0" pn="section-appendix.a.1.1-9.36.1">
Computes ICV using K3r as K_msg Computes ICV using K3r as K_msg
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-9.36.2">
00000000: 4a db a4 67 7e a1 3c 54 22 1f cf 62 00000000: 4a db a4 67 7e a1 3c 54 22 1f cf 62
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-9.37" derivedCounter="(74)">
<t indent="0" pn="section-appendix.a.1.1-9.37.1">
Composes IV Composes IV
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-9.37.2">
00000000: 00 00 00 00 00 00 00 00 00000000: 00 00 00 00 00 00 00 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-9.38" derivedCounter="(75)">
Sends message, peer receives message<sourcecode type="test-vectors"> <t indent="0" pn="section-appendix.a.1.1-9.38.1">
<![CDATA[ Sends message, peer receives message</t>
10.111.10.171:54294<-10.111.15.45:500 [286] <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-9.38.2">
10.111.10.171:54294&lt;-10.111.15.45:500 [286]
00000000: e9 d3 f3 78 19 1c 38 40 8d df f4 01 fb fb 0b 14 00000000: e9 d3 f3 78 19 1c 38 40 8d df f4 01 fb fb 0b 14
00000010: 2e 20 23 20 00 00 00 01 00 00 01 1e 24 00 01 02 00000010: 2e 20 23 20 00 00 00 01 00 00 01 1e 24 00 01 02
00000020: 00 00 00 00 00 00 00 00 9b 5d 58 8a 99 44 11 d6 00000020: 00 00 00 00 00 00 00 00 9b 5d 58 8a 99 44 11 d6
00000030: 5b 93 7f 98 57 0d 0f 09 0c a3 d9 36 41 b5 9c 91 00000030: 5b 93 7f 98 57 0d 0f 09 0c a3 d9 36 41 b5 9c 91
00000040: 94 17 3a cb 00 88 24 5e 25 b7 0d 75 2f fb 4d d0 00000040: 94 17 3a cb 00 88 24 5e 25 b7 0d 75 2f fb 4d d0
00000050: ab 2c cc 84 42 e7 f8 1b 5a e6 88 13 9a 3e b1 03 00000050: ab 2c cc 84 42 e7 f8 1b 5a e6 88 13 9a 3e b1 03
00000060: 79 31 0c 69 f6 17 a2 40 f8 aa 74 2e 62 29 ee 57 00000060: 79 31 0c 69 f6 17 a2 40 f8 aa 74 2e 62 29 ee 57
00000070: 43 3f 10 bf 44 73 51 97 2c 93 a4 02 87 3d 37 45 00000070: 43 3f 10 bf 44 73 51 97 2c 93 a4 02 87 3d 37 45
00000080: 2c f1 3e 16 c3 d9 ec b3 b8 6f 66 1a f1 73 44 7c 00000080: 2c f1 3e 16 c3 d9 ec b3 b8 6f 66 1a f1 73 44 7c
00000090: db 74 11 e6 07 4a 75 23 83 df 00 52 ae 68 60 39 00000090: db 74 11 e6 07 4a 75 23 83 df 00 52 ae 68 60 39
000000A0: 83 4c c3 b1 d5 7a e8 7f 61 59 9e 4f 92 3c 2f 04 000000A0: 83 4c c3 b1 d5 7a e8 7f 61 59 9e 4f 92 3c 2f 04
000000B0: 3b c3 ac e7 23 3f 1c a7 a5 3f 4d 33 1f 46 25 9f 000000B0: 3b c3 ac e7 23 3f 1c a7 a5 3f 4d 33 1f 46 25 9f
000000C0: 09 5e f4 75 e0 12 32 5b 29 64 a4 40 1a b5 c9 cd 000000C0: 09 5e f4 75 e0 12 32 5b 29 64 a4 40 1a b5 c9 cd
000000D0: 9e 8f 91 cc 5b 7d 14 15 d0 89 70 e0 c6 d8 e4 e0 000000D0: 9e 8f 91 cc 5b 7d 14 15 d0 89 70 e0 c6 d8 e4 e0
000000E0: 93 ff 02 4c 69 db ab 84 d6 8f b9 f9 ed 07 aa 96 000000E0: 93 ff 02 4c 69 db ab 84 d6 8f b9 f9 ed 07 aa 96
000000F0: 29 2a 50 c2 c4 b6 e5 cb 8e 16 33 7a 20 a4 3b 0e 000000F0: 29 2a 50 c2 c4 b6 e5 cb 8e 16 33 7a 20 a4 3b 0e
00000100: f2 53 9b b1 63 c0 46 4b d9 31 a8 98 f5 17 8a ff 00000100: f2 53 9b b1 63 c0 46 4b d9 31 a8 98 f5 17 8a ff
00000110: 0a c0 4a db a4 67 7e a1 3c 54 22 1f cf 62 00000110: 0a c0 4a db a4 67 7e a1 3c 54 22 1f cf 62
]]>
</sourcecode> </sourcecode>
</li> </li>
</ol> </ol>
<t>Initiator's actions:</t> <t indent="0" pn="section-appendix.a.1.1-10">Initiator's actions:</t>
<ol type="(%d)" group="data1.txt"> <ol type="(%d)" group="data1.txt" start="76" indent="adaptive" spacing
<li> ="normal" pn="section-appendix.a.1.1-11">
<li pn="section-appendix.a.1.1-11.1" derivedCounter="(76)">
<t indent="0" pn="section-appendix.a.1.1-11.1.1">
Extracts IV from message Extracts IV from message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-11.1.2">
00000000: 00 00 00 00 00 00 00 00 00000000: 00 00 00 00 00 00 00 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-11.2" derivedCounter="(77)">
<t indent="0" pn="section-appendix.a.1.1-11.2.1">
Computes K1r (i1 = 0) Computes K1r (i1 = 0)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-11.2.2">
00000000: 61 cd ad b1 01 10 71 7c dc 18 81 1d 1f aa e3 13 00000000: 61 cd ad b1 01 10 71 7c dc 18 81 1d 1f aa e3 13
00000010: 4b 07 f8 f7 49 a7 3d 0a 57 2f e1 61 bc ab 85 c4 00000010: 4b 07 f8 f7 49 a7 3d 0a 57 2f e1 61 bc ab 85 c4
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-11.3" derivedCounter="(78)">
<t indent="0" pn="section-appendix.a.1.1-11.3.1">
Computes K2r (i2 = 0) Computes K2r (i2 = 0)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-11.3.2">
00000000: 5f e7 47 77 da f7 54 d7 a8 e5 eb ed f9 82 c8 a9 00000000: 5f e7 47 77 da f7 54 d7 a8 e5 eb ed f9 82 c8 a9
00000010: 74 0c 54 77 6f eb b8 70 a4 43 43 3e c2 9e ce a6 00000010: 74 0c 54 77 6f eb b8 70 a4 43 43 3e c2 9e ce a6
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-11.4" derivedCounter="(79)">
<t indent="0" pn="section-appendix.a.1.1-11.4.1">
Computes K3r (i3 = 0) Computes K3r (i3 = 0)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-11.4.2">
00000000: e8 af 72 c4 c3 55 a2 6a fb ad 37 fd b4 b9 7f d6 00000000: e8 af 72 c4 c3 55 a2 6a fb ad 37 fd b4 b9 7f d6
00000010: f6 c8 cc 32 3f 50 32 40 06 86 ce 85 1b 02 28 f3 00000010: f6 c8 cc 32 3f 50 32 40 06 86 ce 85 1b 02 28 f3
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-11.5" derivedCounter="(80)">
<t indent="0" pn="section-appendix.a.1.1-11.5.1">
Composes MGM nonce Composes MGM nonce
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-11.5.2">
00000000: 00 00 00 00 65 20 72 e7 0a 1e ff 7d da ba 17 31 00000000: 00 00 00 00 65 20 72 e7 0a 1e ff 7d da ba 17 31
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-11.6" derivedCounter="(81)">
<t indent="0" pn="section-appendix.a.1.1-11.6.1">
Extracts ICV from message Extracts ICV from message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-11.6.2">
00000000: 4a db a4 67 7e a1 3c 54 22 1f cf 62 00000000: 4a db a4 67 7e a1 3c 54 22 1f cf 62
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-11.7" derivedCounter="(82)">
<t indent="0" pn="section-appendix.a.1.1-11.7.1">
Extracts AAD from message Extracts AAD from message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-11.7.2">
00000000: e9 d3 f3 78 19 1c 38 40 8d df f4 01 fb fb 0b 14 00000000: e9 d3 f3 78 19 1c 38 40 8d df f4 01 fb fb 0b 14
00000010: 2e 20 23 20 00 00 00 01 00 00 01 1e 24 00 01 02 00000010: 2e 20 23 20 00 00 00 01 00 00 01 1e 24 00 01 02
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-11.8" derivedCounter="(83)">
<t indent="0" pn="section-appendix.a.1.1-11.8.1">
Extracts ciphertext from message Extracts ciphertext from message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-11.8.2">
00000000: 9b 5d 58 8a 99 44 11 d6 5b 93 7f 98 57 0d 0f 09 00000000: 9b 5d 58 8a 99 44 11 d6 5b 93 7f 98 57 0d 0f 09
00000010: 0c a3 d9 36 41 b5 9c 91 94 17 3a cb 00 88 24 5e 00000010: 0c a3 d9 36 41 b5 9c 91 94 17 3a cb 00 88 24 5e
00000020: 25 b7 0d 75 2f fb 4d d0 ab 2c cc 84 42 e7 f8 1b 00000020: 25 b7 0d 75 2f fb 4d d0 ab 2c cc 84 42 e7 f8 1b
00000030: 5a e6 88 13 9a 3e b1 03 79 31 0c 69 f6 17 a2 40 00000030: 5a e6 88 13 9a 3e b1 03 79 31 0c 69 f6 17 a2 40
00000040: f8 aa 74 2e 62 29 ee 57 43 3f 10 bf 44 73 51 97 00000040: f8 aa 74 2e 62 29 ee 57 43 3f 10 bf 44 73 51 97
00000050: 2c 93 a4 02 87 3d 37 45 2c f1 3e 16 c3 d9 ec b3 00000050: 2c 93 a4 02 87 3d 37 45 2c f1 3e 16 c3 d9 ec b3
00000060: b8 6f 66 1a f1 73 44 7c db 74 11 e6 07 4a 75 23 00000060: b8 6f 66 1a f1 73 44 7c db 74 11 e6 07 4a 75 23
00000070: 83 df 00 52 ae 68 60 39 83 4c c3 b1 d5 7a e8 7f 00000070: 83 df 00 52 ae 68 60 39 83 4c c3 b1 d5 7a e8 7f
00000080: 61 59 9e 4f 92 3c 2f 04 3b c3 ac e7 23 3f 1c a7 00000080: 61 59 9e 4f 92 3c 2f 04 3b c3 ac e7 23 3f 1c a7
00000090: a5 3f 4d 33 1f 46 25 9f 09 5e f4 75 e0 12 32 5b 00000090: a5 3f 4d 33 1f 46 25 9f 09 5e f4 75 e0 12 32 5b
000000A0: 29 64 a4 40 1a b5 c9 cd 9e 8f 91 cc 5b 7d 14 15 000000A0: 29 64 a4 40 1a b5 c9 cd 9e 8f 91 cc 5b 7d 14 15
000000B0: d0 89 70 e0 c6 d8 e4 e0 93 ff 02 4c 69 db ab 84 000000B0: d0 89 70 e0 c6 d8 e4 e0 93 ff 02 4c 69 db ab 84
000000C0: d6 8f b9 f9 ed 07 aa 96 29 2a 50 c2 c4 b6 e5 cb 000000C0: d6 8f b9 f9 ed 07 aa 96 29 2a 50 c2 c4 b6 e5 cb
000000D0: 8e 16 33 7a 20 a4 3b 0e f2 53 9b b1 63 c0 46 4b 000000D0: 8e 16 33 7a 20 a4 3b 0e f2 53 9b b1 63 c0 46 4b
000000E0: d9 31 a8 98 f5 17 8a ff 0a c0 000000E0: d9 31 a8 98 f5 17 8a ff 0a c0
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-11.9" derivedCounter="(84)">
Decrypts ciphertext and verifies ICV using K3r as K_msg, resulted in plaintext <t indent="0" pn="section-appendix.a.1.1-11.9.1">
<sourcecode type="test-vectors"> Decrypts ciphertext and verifies ICV using K3r as K_msg, resulting in plaintext
<![CDATA[ </t>
<sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-11.9.2">
00000000: 27 00 00 15 02 00 00 00 49 4b 45 2d 52 65 73 70 00000000: 27 00 00 15 02 00 00 00 49 4b 45 2d 52 65 73 70
00000010: 6f 6e 64 65 72 29 00 00 48 02 00 00 00 35 ce 8a 00000010: 6f 6e 64 65 72 29 00 00 48 02 00 00 00 35 ce 8a
00000020: ab dd 3d b1 5f 38 7b 2e c9 a6 24 7a 1f a7 bb a0 00000020: ab dd 3d b1 5f 38 7b 2e c9 a6 24 7a 1f a7 bb a0
00000030: 6f b6 5e d8 81 07 d3 43 c8 a5 db 37 51 0e 9d 9a 00000030: 6f b6 5e d8 81 07 d3 43 c8 a5 db 37 51 0e 9d 9a
00000040: 85 66 18 7a 0f 5c e2 1b fb 27 56 65 ed 0e 41 fe 00000040: 85 66 18 7a 0f 5c e2 1b fb 27 56 65 ed 0e 41 fe
00000050: ce 5e 95 bf 8a ae 57 f6 d6 26 d2 d1 2d 29 00 00 00000050: ce 5e 95 bf 8a ae 57 f6 d6 26 d2 d1 2d 29 00 00
00000060: 08 00 00 40 00 2f 00 00 0c 00 00 40 01 00 00 00 00000060: 08 00 00 40 00 2f 00 00 0c 00 00 40 01 00 00 00
00000070: 40 21 00 00 10 02 00 00 00 00 01 00 04 0a 01 01 00000070: 40 21 00 00 10 02 00 00 00 00 01 00 04 0a 01 01
00000080: 02 2c 00 00 20 00 00 00 1c 01 03 04 02 50 3c 8d 00000080: 02 2c 00 00 20 00 00 00 1c 01 03 04 02 50 3c 8d
00000090: af 03 00 00 08 01 00 00 20 00 00 00 08 05 00 00 00000090: af 03 00 00 08 01 00 00 20 00 00 00 08 05 00 00
000000A0: 00 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff 000000A0: 00 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff
000000B0: ff 0a 01 01 02 0a 01 01 02 29 00 00 18 01 00 00 000000B0: ff 0a 01 01 02 0a 01 01 02 29 00 00 18 01 00 00
000000C0: 00 07 00 00 10 00 00 ff ff 0a 00 00 00 0a 00 00 000000C0: 00 07 00 00 10 00 00 ff ff 0a 00 00 00 0a 00 00
000000D0: ff 29 00 00 08 00 00 40 02 29 00 00 08 00 00 40 000000D0: ff 29 00 00 08 00 00 40 02 29 00 00 08 00 00 40
000000E0: 0a 00 00 00 08 00 00 40 0b 00 000000E0: 0a 00 00 00 08 00 00 40 0b 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-11.10" derivedCounter="(85)">
<t indent="0" pn="section-appendix.a.1.1-11.10.1">
Parses received message Parses received message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-11.10.2">
IKE SA Auth IKE SA Auth
E9D3F378191C3840.8DDFF401FBFB0B14.00000001 IKEv2 R=>I[286] E9D3F378191C3840.8DDFF401FBFB0B14.00000001 IKEv2 R=&gt;I[286]
E[258]{ E[258]{
IDr[21](FQDN){"IKE-Responder"}, IDr[21](FQDN){"IKE-Responder"},
AUTH[72](Preshared-Key){35CE8A...D2D12D}, AUTH[72](Preshared-Key){35CE8A...D2D12D},
N[8](INITIAL_CONTACT), N[8](INITIAL_CONTACT),
N[12](SET_WINDOW_SIZE){64}, N[12](SET_WINDOW_SIZE){64},
CP[16](REPLY){IP4.Address[4]=10.1.1.2}, CP[16](REPLY){IP4.Address[4]=10.1.1.2},
SA[32]{ SA[32]{
P[28](#1:ESP:503C8DAF:2#){ P[28](#1:ESP:503C8DAF:2#){
Encryption=ENCR_KUZNYECHIK_MGM_KTREE, Encryption=ENCR_KUZNYECHIK_MGM_KTREE,
ESN=Off}}, ESN=Off}},
TSi[24](1#){10.1.1.2}, TSi[24](1#){10.1.1.2},
TSr[24](1#){10.0.0.0-10.0.0.255}, TSr[24](1#){10.0.0.0-10.0.0.255},
N[8](ADDITIONAL_TS_POSSIBLE), N[8](ADDITIONAL_TS_POSSIBLE),
N[8](ESP_TFC_PADDING_NOT_SUPPORTED), N[8](ESP_TFC_PADDING_NOT_SUPPORTED),
N[8](NON_FIRST_FRAGMENTS_ALSO)} N[8](NON_FIRST_FRAGMENTS_ALSO)}
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-11.11" derivedCounter="(86)">
<t indent="0" pn="section-appendix.a.1.1-11.11.1">
Computes prf(SK_pr, IDr) Computes prf(SK_pr, IDr)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-11.11.2">
00000000: 32 61 00 71 e8 1a d6 a1 12 8d ef 4e 2a e9 bb c2 00000000: 32 61 00 71 e8 1a d6 a1 12 8d ef 4e 2a e9 bb c2
00000010: 9f 3d ba 28 1b 2a a5 10 a2 ad c6 b1 73 07 c9 f1 00000010: 9f 3d ba 28 1b 2a a5 10 a2 ad c6 b1 73 07 c9 f1
00000020: 50 9e 1c d7 a5 85 8f a8 40 ef dd a7 ae 33 71 74 00000020: 50 9e 1c d7 a5 85 8f a8 40 ef dd a7 ae 33 71 74
00000030: c8 8b a9 f4 3a 83 0f c1 c5 3c 9b 21 9f a9 58 25 00000030: c8 8b a9 f4 3a 83 0f c1 c5 3c 9b 21 9f a9 58 25
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-11.12" derivedCounter="(87)">
<t indent="0" pn="section-appendix.a.1.1-11.12.1">
Uses PSK Uses PSK
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-11.12.2">
00000000: e2 69 24 cf 15 32 93 47 3a 11 a4 97 a8 a4 5c b3 00000000: e2 69 24 cf 15 32 93 47 3a 11 a4 97 a8 a4 5c b3
00000010: 4e 28 31 ef 0e 28 bb 77 69 69 c6 3c 68 bf e1 0d 00000010: 4e 28 31 ef 0e 28 bb 77 69 69 c6 3c 68 bf e1 0d
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-11.13" derivedCounter="(88)">
<t indent="0" pn="section-appendix.a.1.1-11.13.1">
Computes prf(PSK,"Key Pad for IKEv2") Computes prf(PSK,"Key Pad for IKEv2")
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-11.13.2">
00000000: 01 3c a5 24 59 4e bc 78 99 20 61 6c 3f 03 e5 2e 00000000: 01 3c a5 24 59 4e bc 78 99 20 61 6c 3f 03 e5 2e
00000010: 7a 75 2a 0b 78 36 bd 0a 89 ce 1d e7 8b 23 32 ae 00000010: 7a 75 2a 0b 78 36 bd 0a 89 ce 1d e7 8b 23 32 ae
00000020: 08 9a a0 03 1d da f6 14 8c 38 c6 bd 7c 03 13 24 00000020: 08 9a a0 03 1d da f6 14 8c 38 c6 bd 7c 03 13 24
00000030: bd af c8 ad 88 18 8f 41 d0 12 b9 e1 5a 66 8f 10 00000030: bd af c8 ad 88 18 8f 41 d0 12 b9 e1 5a 66 8f 10
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-11.14" derivedCounter="(89)">
<t indent="0" pn="section-appendix.a.1.1-11.14.1">
Computes content of AUTH payload and compares it with the received one Computes content of AUTH payload and compares it with the received one
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-11.14.2">
00000000: 35 ce 8a ab dd 3d b1 5f 38 7b 2e c9 a6 24 7a 1f 00000000: 35 ce 8a ab dd 3d b1 5f 38 7b 2e c9 a6 24 7a 1f
00000010: a7 bb a0 6f b6 5e d8 81 07 d3 43 c8 a5 db 37 51 00000010: a7 bb a0 6f b6 5e d8 81 07 d3 43 c8 a5 db 37 51
00000020: 0e 9d 9a 85 66 18 7a 0f 5c e2 1b fb 27 56 65 ed 00000020: 0e 9d 9a 85 66 18 7a 0f 5c e2 1b fb 27 56 65 ed
00000030: 0e 41 fe ce 5e 95 bf 8a ae 57 f6 d6 26 d2 d1 2d 00000030: 0e 41 fe ce 5e 95 bf 8a ae 57 f6 d6 26 d2 d1 2d
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.1-11.15" derivedCounter="(90)">
<t indent="0" pn="section-appendix.a.1.1-11.15.1">
Computes keys for ESP SAs Computes keys for ESP SAs
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.1-11.15.2">
00000000: ff 42 3b a3 78 29 2b 10 52 c8 bf 06 fa ba 6d 5f 00000000: ff 42 3b a3 78 29 2b 10 52 c8 bf 06 fa ba 6d 5f
00000010: e2 db 51 1b 74 1b 54 ad 35 85 e3 cf 2b 77 52 42 00000010: e2 db 51 1b 74 1b 54 ad 35 85 e3 cf 2b 77 52 42
00000020: bc 8c d8 ba dd f4 46 9e 89 41 5c d6 00000020: bc 8c d8 ba dd f4 46 9e 89 41 5c d6
00000000: 8c eb 84 af 18 01 18 36 b7 8d 65 be 03 ca 69 64 00000000: 8c eb 84 af 18 01 18 36 b7 8d 65 be 03 ca 69 64
00000010: 89 6e a8 91 03 bc 9a dc bd 49 10 ab 20 83 9f 83 00000010: 89 6e a8 91 03 bc 9a dc bd 49 10 ab 20 83 9f 83
00000020: b1 7c 45 9d ab d8 ab 6f de 6a 62 d1 00000020: b1 7c 45 9d ab d8 ab 6f de 6a 62 d1
]]> </sourcecode> </sourcecode>
</li> </li>
</ol> </ol>
</section>
<t><br/><br/></t> <section anchor="scenario1-2" numbered="true" removeInRFC="false" toc="i
nclude" pn="section-appendix.a.1.2">
<ol group="scenario1" type="Sub-scenario %d:"> <name slugifiedName="name-sub-scenario-2-ike-sa-rekey">Sub-Scenario 2:
<li> IKE SA rekeying using the CREATE_CHILD_SA exchange. IKE SA Rekeying Using the CREATE_CHILD_SA Exchange
<sourcecode type="test-vectors"> </name>
<![CDATA[ <artwork type="" align="left" pn="section-appendix.a.1.2-1">
Initiator Responder Initiator Responder
HDR, SK {SAi, Ni, KEi [,N+]} ---> HDR, SK {SAi, Ni, KEi [,N+]} ---&gt;
<--- HDR, SK {SAr, Nr, KEr [,N+]} &lt;--- HDR, SK {SAr, Nr, KEr [,N+]}
]]> </artwork>
</sourcecode> <t indent="0" pn="section-appendix.a.1.2-2">Initiator's actions:</t>
</li> <ol start="1" type="(%d)" group="data2.txt" indent="adaptive" spacing=
</ol> "normal" pn="section-appendix.a.1.2-3">
<li pn="section-appendix.a.1.2-3.1" derivedCounter="(1)">
<t>Initiator's actions:</t> <t indent="0" pn="section-appendix.a.1.2-3.1.1">
<ol start="1" type="(%d)" group="data2.txt">
<li>
Generates random SPIi for new IKE SA Generates random SPIi for new IKE SA
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.2-3.1.2">
00000000: 43 87 64 8d 6c 9e 28 ff 00000000: 43 87 64 8d 6c 9e 28 ff
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.2-3.2" derivedCounter="(2)">
<t indent="0" pn="section-appendix.a.1.2-3.2.1">
Generates random IKE nonce Ni Generates random IKE nonce Ni
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.2-3.2.2">
00000000: 6c 83 67 41 1b 45 94 1d 79 94 51 2d 3f 7d 1e ce 00000000: 6c 83 67 41 1b 45 94 1d 79 94 51 2d 3f 7d 1e ce
00000010: 06 76 a6 09 cc a9 3a 8f f8 17 81 ff 28 08 5a 4c 00000010: 06 76 a6 09 cc a9 3a 8f f8 17 81 ff 28 08 5a 4c
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.2-3.3" derivedCounter="(3)">
<t indent="0" pn="section-appendix.a.1.2-3.3.1">
Generates ephemeral private key Generates ephemeral private key
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.2-3.3.2">
00000000: cf 8f f0 df 04 24 43 b5 7e 15 2c bd 9f cd bd d9 00000000: cf 8f f0 df 04 24 43 b5 7e 15 2c bd 9f cd bd d9
00000010: 20 b5 35 7c e8 8b a6 d7 bd 7f 32 39 3d 5e 9a 3c 00000010: 20 b5 35 7c e8 8b a6 d7 bd 7f 32 39 3d 5e 9a 3c
00000020: eb 88 4f 7f 6c 5d 03 05 fc bf 08 12 41 76 f4 a6 00000020: eb 88 4f 7f 6c 5d 03 05 fc bf 08 12 41 76 f4 a6
00000030: 2e 4c f7 ce 55 18 9d 6a 54 1f f7 57 46 23 cd 26 00000030: 2e 4c f7 ce 55 18 9d 6a 54 1f f7 57 46 23 cd 26
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.2-3.4" derivedCounter="(4)">
<t indent="0" pn="section-appendix.a.1.2-3.4.1">
Computes public key Computes public key
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.2-3.4.2">
00000000: 04 db 0b d3 9a ac 83 f3 e9 9d a9 11 c3 12 f6 df 00000000: 04 db 0b d3 9a ac 83 f3 e9 9d a9 11 c3 12 f6 df
00000010: f6 ae 99 38 55 20 1f 83 c8 28 ed 14 f9 68 88 77 00000010: f6 ae 99 38 55 20 1f 83 c8 28 ed 14 f9 68 88 77
00000020: ac 78 36 41 7a d7 93 a7 ee 4c 6a d7 f2 50 24 f5 00000020: ac 78 36 41 7a d7 93 a7 ee 4c 6a d7 f2 50 24 f5
00000030: a8 7b 03 28 22 9f a4 66 11 20 57 64 56 7c 36 3c 00000030: a8 7b 03 28 22 9f a4 66 11 20 57 64 56 7c 36 3c
00000040: 72 c7 91 0a 1c fd 64 54 f1 17 97 6a 35 48 dc 8f 00000040: 72 c7 91 0a 1c fd 64 54 f1 17 97 6a 35 48 dc 8f
00000050: 85 97 20 12 2f 35 55 58 9b ca 7a 84 f3 01 cf ca 00000050: 85 97 20 12 2f 35 55 58 9b ca 7a 84 f3 01 cf ca
00000060: 78 e7 41 87 d3 3f 0f 2b 6d 78 59 ad f2 f2 c2 97 00000060: 78 e7 41 87 d3 3f 0f 2b 6d 78 59 ad f2 f2 c2 97
00000070: db 0b 75 6e 00 38 a2 72 8d 17 6b 44 f9 8b 95 66 00000070: db 0b 75 6e 00 38 a2 72 8d 17 6b 44 f9 8b 95 66
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.2-3.5" derivedCounter="(5)">
<t indent="0" pn="section-appendix.a.1.2-3.5.1">
Creates message Creates message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.2-3.5.2">
Create Child SA Create Child SA
E9D3F378191C3840.8DDFF401FBFB0B14.00000002 IKEv2 R<-I [281] E9D3F378191C3840.8DDFF401FBFB0B14.00000002 IKEv2 R&lt;-I [281]
E[253]{ E[253]{
SA[44]{ SA[44]{
P[40](#1:IKE:4387648D6C9E28FF:3#){ P[40](#1:IKE:4387648D6C9E28FF:3#){
Encryption=ENCR_KUZNYECHIK_MGM_KTREE, Encryption=ENCR_KUZNYECHIK_MGM_KTREE,
PRF=PRF_HMAC_STREEBOG_512, PRF=PRF_HMAC_STREEBOG_512,
KE=GOST3410_2012_512}}, KE=GOST3410_2012_512}},
NONCE[36]{6C8367...085A4C}, NONCE[36]{6C8367...085A4C},
KE[136](GOST3410_2012_512){04DB0B...8B9566}, KE[136](GOST3410_2012_512){04DB0B...8B9566},
N[12](SET_WINDOW_SIZE){4}} N[12](SET_WINDOW_SIZE){4}}
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.2-3.6" derivedCounter="(6)">
<t indent="0" pn="section-appendix.a.1.2-3.6.1">
Uses previously computed key K3i Uses previously computed key K3i
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.2-3.6.2">
00000000: 36 ff fa db 84 a9 f1 21 d5 84 16 db eb af 21 a2 00000000: 36 ff fa db 84 a9 f1 21 d5 84 16 db eb af 21 a2
00000010: 12 6d 5c 35 95 fe 89 cf 27 47 52 8a b7 36 92 d4 00000010: 12 6d 5c 35 95 fe 89 cf 27 47 52 8a b7 36 92 d4
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.2-3.7" derivedCounter="(7)">
<t indent="0" pn="section-appendix.a.1.2-3.7.1">
Composes MGM nonce Composes MGM nonce
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.2-3.7.2">
00000000: 00 00 00 01 83 00 37 c3 08 01 7e c3 0a 71 62 01 00000000: 00 00 00 01 83 00 37 c3 08 01 7e c3 0a 71 62 01
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.2-3.8" derivedCounter="(8)">
<t indent="0" pn="section-appendix.a.1.2-3.8.1">
Composes AAD Composes AAD
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.2-3.8.2">
00000000: e9 d3 f3 78 19 1c 38 40 8d df f4 01 fb fb 0b 14 00000000: e9 d3 f3 78 19 1c 38 40 8d df f4 01 fb fb 0b 14
00000010: 2e 20 24 08 00 00 00 02 00 00 01 19 21 00 00 fd 00000010: 2e 20 24 08 00 00 00 02 00 00 01 19 21 00 00 fd
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.2-3.9" derivedCounter="(9)">
<t indent="0" pn="section-appendix.a.1.2-3.9.1">
Composes plaintext Composes plaintext
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.2-3.9.2">
00000000: 28 00 00 2c 00 00 00 28 01 01 08 03 43 87 64 8d 00000000: 28 00 00 2c 00 00 00 28 01 01 08 03 43 87 64 8d
00000010: 6c 9e 28 ff 03 00 00 08 01 00 00 20 03 00 00 08 00000010: 6c 9e 28 ff 03 00 00 08 01 00 00 20 03 00 00 08
00000020: 02 00 00 09 00 00 00 08 04 00 00 22 22 00 00 24 00000020: 02 00 00 09 00 00 00 08 04 00 00 22 22 00 00 24
00000030: 6c 83 67 41 1b 45 94 1d 79 94 51 2d 3f 7d 1e ce 00000030: 6c 83 67 41 1b 45 94 1d 79 94 51 2d 3f 7d 1e ce
00000040: 06 76 a6 09 cc a9 3a 8f f8 17 81 ff 28 08 5a 4c 00000040: 06 76 a6 09 cc a9 3a 8f f8 17 81 ff 28 08 5a 4c
00000050: 29 00 00 88 00 22 00 00 04 db 0b d3 9a ac 83 f3 00000050: 29 00 00 88 00 22 00 00 04 db 0b d3 9a ac 83 f3
00000060: e9 9d a9 11 c3 12 f6 df f6 ae 99 38 55 20 1f 83 00000060: e9 9d a9 11 c3 12 f6 df f6 ae 99 38 55 20 1f 83
00000070: c8 28 ed 14 f9 68 88 77 ac 78 36 41 7a d7 93 a7 00000070: c8 28 ed 14 f9 68 88 77 ac 78 36 41 7a d7 93 a7
00000080: ee 4c 6a d7 f2 50 24 f5 a8 7b 03 28 22 9f a4 66 00000080: ee 4c 6a d7 f2 50 24 f5 a8 7b 03 28 22 9f a4 66
00000090: 11 20 57 64 56 7c 36 3c 72 c7 91 0a 1c fd 64 54 00000090: 11 20 57 64 56 7c 36 3c 72 c7 91 0a 1c fd 64 54
000000A0: f1 17 97 6a 35 48 dc 8f 85 97 20 12 2f 35 55 58 000000A0: f1 17 97 6a 35 48 dc 8f 85 97 20 12 2f 35 55 58
000000B0: 9b ca 7a 84 f3 01 cf ca 78 e7 41 87 d3 3f 0f 2b 000000B0: 9b ca 7a 84 f3 01 cf ca 78 e7 41 87 d3 3f 0f 2b
000000C0: 6d 78 59 ad f2 f2 c2 97 db 0b 75 6e 00 38 a2 72 000000C0: 6d 78 59 ad f2 f2 c2 97 db 0b 75 6e 00 38 a2 72
000000D0: 8d 17 6b 44 f9 8b 95 66 00 00 00 0c 00 00 40 01 000000D0: 8d 17 6b 44 f9 8b 95 66 00 00 00 0c 00 00 40 01
000000E0: 00 00 00 04 00 000000E0: 00 00 00 04 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.2-3.10" derivedCounter="(10)">
Encrypts plaintext using K3i as K_msg, resulted in ciphertext <t indent="0" pn="section-appendix.a.1.2-3.10.1">
<sourcecode type="test-vectors"> Encrypts plaintext using K3i as K_msg, resulting in ciphertext
<![CDATA[ </t>
<sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.2-3.10.2">
00000000: 00 16 cf 92 8a 87 4c 02 79 31 04 22 c3 d9 5f fd 00000000: 00 16 cf 92 8a 87 4c 02 79 31 04 22 c3 d9 5f fd
00000010: 5a 19 23 62 25 d1 99 c2 af 75 4d f1 3c ac c0 c1 00000010: 5a 19 23 62 25 d1 99 c2 af 75 4d f1 3c ac c0 c1
00000020: c7 db d0 fd 93 ac 6d 25 b4 19 01 e6 df e8 51 c2 00000020: c7 db d0 fd 93 ac 6d 25 b4 19 01 e6 df e8 51 c2
00000030: 88 a9 8a 26 92 98 ec ce c1 2f cf ca ce 9b 5a 6d 00000030: 88 a9 8a 26 92 98 ec ce c1 2f cf ca ce 9b 5a 6d
00000040: 4c 8b cf 97 63 5a a3 e6 46 49 0f 1f 05 54 00 49 00000040: 4c 8b cf 97 63 5a a3 e6 46 49 0f 1f 05 54 00 49
00000050: 6b d8 14 f4 e2 ee b3 66 2a 13 9b dd 63 53 7a 82 00000050: 6b d8 14 f4 e2 ee b3 66 2a 13 9b dd 63 53 7a 82
00000060: 2a d8 bf 48 aa db 79 21 d3 d8 ac b1 ac 8f 9b 41 00000060: 2a d8 bf 48 aa db 79 21 d3 d8 ac b1 ac 8f 9b 41
00000070: a7 49 81 95 d7 54 46 e2 00 9b 17 3a ab 9a 4c 8f 00000070: a7 49 81 95 d7 54 46 e2 00 9b 17 3a ab 9a 4c 8f
00000080: 19 9e ac 61 cc f6 02 47 a1 7e f4 48 5b e7 3c a7 00000080: 19 9e ac 61 cc f6 02 47 a1 7e f4 48 5b e7 3c a7
00000090: 53 dc 03 9e ea 5f c4 99 60 6e db 6a 21 fe 7c 7b 00000090: 53 dc 03 9e ea 5f c4 99 60 6e db 6a 21 fe 7c 7b
000000A0: 11 ed bf 44 59 73 fa 65 01 98 e4 e6 10 63 87 27 000000A0: 11 ed bf 44 59 73 fa 65 01 98 e4 e6 10 63 87 27
000000B0: 8b f0 8c bb 94 52 dd 97 ee dc ce 88 c4 45 b4 16 000000B0: 8b f0 8c bb 94 52 dd 97 ee dc ce 88 c4 45 b4 16
000000C0: f2 8b d4 74 cb 46 38 57 f4 44 88 23 44 06 d9 91 000000C0: f2 8b d4 74 cb 46 38 57 f4 44 88 23 44 06 d9 91
000000D0: 00 ea 81 2c e7 f6 66 0f a8 45 0f 1d 8c 2d f1 02 000000D0: 00 ea 81 2c e7 f6 66 0f a8 45 0f 1d 8c 2d f1 02
000000E0: a2 06 78 c7 e0 000000E0: a2 06 78 c7 e0
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.2-3.11" derivedCounter="(11)">
<t indent="0" pn="section-appendix.a.1.2-3.11.1">
Computes ICV using K3i as K_msg Computes ICV using K3i as K_msg
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.2-3.11.2">
00000000: b1 2f da a5 96 fa 27 ee 67 de 9e 95 00000000: b1 2f da a5 96 fa 27 ee 67 de 9e 95
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.2-3.12" derivedCounter="(12)">
<t indent="0" pn="section-appendix.a.1.2-3.12.1">
Composes IV Composes IV
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.2-3.12.2">
00000000: 00 00 00 00 00 00 00 01 00000000: 00 00 00 00 00 00 00 01
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.2-3.13" derivedCounter="(13)">
Sends message, peer receives message<sourcecode type="test-vectors"> <t indent="0" pn="section-appendix.a.1.2-3.13.1">
<![CDATA[ Sends message, peer receives message</t>
10.111.10.171:54294->10.111.15.45:500 [281] <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.2-3.13.2">
10.111.10.171:54294-&gt;10.111.15.45:500 [281]
00000000: e9 d3 f3 78 19 1c 38 40 8d df f4 01 fb fb 0b 14 00000000: e9 d3 f3 78 19 1c 38 40 8d df f4 01 fb fb 0b 14
00000010: 2e 20 24 08 00 00 00 02 00 00 01 19 21 00 00 fd 00000010: 2e 20 24 08 00 00 00 02 00 00 01 19 21 00 00 fd
00000020: 00 00 00 00 00 00 00 01 00 16 cf 92 8a 87 4c 02 00000020: 00 00 00 00 00 00 00 01 00 16 cf 92 8a 87 4c 02
00000030: 79 31 04 22 c3 d9 5f fd 5a 19 23 62 25 d1 99 c2 00000030: 79 31 04 22 c3 d9 5f fd 5a 19 23 62 25 d1 99 c2
00000040: af 75 4d f1 3c ac c0 c1 c7 db d0 fd 93 ac 6d 25 00000040: af 75 4d f1 3c ac c0 c1 c7 db d0 fd 93 ac 6d 25
00000050: b4 19 01 e6 df e8 51 c2 88 a9 8a 26 92 98 ec ce 00000050: b4 19 01 e6 df e8 51 c2 88 a9 8a 26 92 98 ec ce
00000060: c1 2f cf ca ce 9b 5a 6d 4c 8b cf 97 63 5a a3 e6 00000060: c1 2f cf ca ce 9b 5a 6d 4c 8b cf 97 63 5a a3 e6
00000070: 46 49 0f 1f 05 54 00 49 6b d8 14 f4 e2 ee b3 66 00000070: 46 49 0f 1f 05 54 00 49 6b d8 14 f4 e2 ee b3 66
00000080: 2a 13 9b dd 63 53 7a 82 2a d8 bf 48 aa db 79 21 00000080: 2a 13 9b dd 63 53 7a 82 2a d8 bf 48 aa db 79 21
00000090: d3 d8 ac b1 ac 8f 9b 41 a7 49 81 95 d7 54 46 e2 00000090: d3 d8 ac b1 ac 8f 9b 41 a7 49 81 95 d7 54 46 e2
000000A0: 00 9b 17 3a ab 9a 4c 8f 19 9e ac 61 cc f6 02 47 000000A0: 00 9b 17 3a ab 9a 4c 8f 19 9e ac 61 cc f6 02 47
000000B0: a1 7e f4 48 5b e7 3c a7 53 dc 03 9e ea 5f c4 99 000000B0: a1 7e f4 48 5b e7 3c a7 53 dc 03 9e ea 5f c4 99
000000C0: 60 6e db 6a 21 fe 7c 7b 11 ed bf 44 59 73 fa 65 000000C0: 60 6e db 6a 21 fe 7c 7b 11 ed bf 44 59 73 fa 65
000000D0: 01 98 e4 e6 10 63 87 27 8b f0 8c bb 94 52 dd 97 000000D0: 01 98 e4 e6 10 63 87 27 8b f0 8c bb 94 52 dd 97
000000E0: ee dc ce 88 c4 45 b4 16 f2 8b d4 74 cb 46 38 57 000000E0: ee dc ce 88 c4 45 b4 16 f2 8b d4 74 cb 46 38 57
000000F0: f4 44 88 23 44 06 d9 91 00 ea 81 2c e7 f6 66 0f 000000F0: f4 44 88 23 44 06 d9 91 00 ea 81 2c e7 f6 66 0f
00000100: a8 45 0f 1d 8c 2d f1 02 a2 06 78 c7 e0 b1 2f da 00000100: a8 45 0f 1d 8c 2d f1 02 a2 06 78 c7 e0 b1 2f da
00000110: a5 96 fa 27 ee 67 de 9e 95 00000110: a5 96 fa 27 ee 67 de 9e 95
]]>
</sourcecode> </sourcecode>
</li> </li>
</ol> </ol>
<t>Responder's actions:</t> <t indent="0" pn="section-appendix.a.1.2-4">Responder's actions:</t>
<ol type="(%d)" group="data2.txt"> <ol type="(%d)" group="data2.txt" start="14" indent="adaptive" spacing
<li> ="normal" pn="section-appendix.a.1.2-5">
<li pn="section-appendix.a.1.2-5.1" derivedCounter="(14)">
<t indent="0" pn="section-appendix.a.1.2-5.1.1">
Extracts IV from message Extracts IV from message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.2-5.1.2">
00000000: 00 00 00 00 00 00 00 01 00000000: 00 00 00 00 00 00 00 01
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.2-5.2" derivedCounter="(15)">
<t indent="0" pn="section-appendix.a.1.2-5.2.1">
Uses previously computed key K3i Uses previously computed key K3i
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.2-5.2.2">
00000000: 36 ff fa db 84 a9 f1 21 d5 84 16 db eb af 21 a2 00000000: 36 ff fa db 84 a9 f1 21 d5 84 16 db eb af 21 a2
00000010: 12 6d 5c 35 95 fe 89 cf 27 47 52 8a b7 36 92 d4 00000010: 12 6d 5c 35 95 fe 89 cf 27 47 52 8a b7 36 92 d4
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.2-5.3" derivedCounter="(16)">
<t indent="0" pn="section-appendix.a.1.2-5.3.1">
Composes MGM nonce Composes MGM nonce
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.2-5.3.2">
00000000: 00 00 00 01 83 00 37 c3 08 01 7e c3 0a 71 62 01 00000000: 00 00 00 01 83 00 37 c3 08 01 7e c3 0a 71 62 01
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.2-5.4" derivedCounter="(17)">
<t indent="0" pn="section-appendix.a.1.2-5.4.1">
Extracts ICV from message Extracts ICV from message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.2-5.4.2">
00000000: b1 2f da a5 96 fa 27 ee 67 de 9e 95 00000000: b1 2f da a5 96 fa 27 ee 67 de 9e 95
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.2-5.5" derivedCounter="(18)">
<t indent="0" pn="section-appendix.a.1.2-5.5.1">
Extracts AAD from message Extracts AAD from message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.2-5.5.2">
00000000: e9 d3 f3 78 19 1c 38 40 8d df f4 01 fb fb 0b 14 00000000: e9 d3 f3 78 19 1c 38 40 8d df f4 01 fb fb 0b 14
00000010: 2e 20 24 08 00 00 00 02 00 00 01 19 21 00 00 fd 00000010: 2e 20 24 08 00 00 00 02 00 00 01 19 21 00 00 fd
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.2-5.6" derivedCounter="(19)">
<t indent="0" pn="section-appendix.a.1.2-5.6.1">
Extracts ciphertext from message Extracts ciphertext from message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.2-5.6.2">
00000000: 00 16 cf 92 8a 87 4c 02 79 31 04 22 c3 d9 5f fd 00000000: 00 16 cf 92 8a 87 4c 02 79 31 04 22 c3 d9 5f fd
00000010: 5a 19 23 62 25 d1 99 c2 af 75 4d f1 3c ac c0 c1 00000010: 5a 19 23 62 25 d1 99 c2 af 75 4d f1 3c ac c0 c1
00000020: c7 db d0 fd 93 ac 6d 25 b4 19 01 e6 df e8 51 c2 00000020: c7 db d0 fd 93 ac 6d 25 b4 19 01 e6 df e8 51 c2
00000030: 88 a9 8a 26 92 98 ec ce c1 2f cf ca ce 9b 5a 6d 00000030: 88 a9 8a 26 92 98 ec ce c1 2f cf ca ce 9b 5a 6d
00000040: 4c 8b cf 97 63 5a a3 e6 46 49 0f 1f 05 54 00 49 00000040: 4c 8b cf 97 63 5a a3 e6 46 49 0f 1f 05 54 00 49
00000050: 6b d8 14 f4 e2 ee b3 66 2a 13 9b dd 63 53 7a 82 00000050: 6b d8 14 f4 e2 ee b3 66 2a 13 9b dd 63 53 7a 82
00000060: 2a d8 bf 48 aa db 79 21 d3 d8 ac b1 ac 8f 9b 41 00000060: 2a d8 bf 48 aa db 79 21 d3 d8 ac b1 ac 8f 9b 41
00000070: a7 49 81 95 d7 54 46 e2 00 9b 17 3a ab 9a 4c 8f 00000070: a7 49 81 95 d7 54 46 e2 00 9b 17 3a ab 9a 4c 8f
00000080: 19 9e ac 61 cc f6 02 47 a1 7e f4 48 5b e7 3c a7 00000080: 19 9e ac 61 cc f6 02 47 a1 7e f4 48 5b e7 3c a7
00000090: 53 dc 03 9e ea 5f c4 99 60 6e db 6a 21 fe 7c 7b 00000090: 53 dc 03 9e ea 5f c4 99 60 6e db 6a 21 fe 7c 7b
000000A0: 11 ed bf 44 59 73 fa 65 01 98 e4 e6 10 63 87 27 000000A0: 11 ed bf 44 59 73 fa 65 01 98 e4 e6 10 63 87 27
000000B0: 8b f0 8c bb 94 52 dd 97 ee dc ce 88 c4 45 b4 16 000000B0: 8b f0 8c bb 94 52 dd 97 ee dc ce 88 c4 45 b4 16
000000C0: f2 8b d4 74 cb 46 38 57 f4 44 88 23 44 06 d9 91 000000C0: f2 8b d4 74 cb 46 38 57 f4 44 88 23 44 06 d9 91
000000D0: 00 ea 81 2c e7 f6 66 0f a8 45 0f 1d 8c 2d f1 02 000000D0: 00 ea 81 2c e7 f6 66 0f a8 45 0f 1d 8c 2d f1 02
000000E0: a2 06 78 c7 e0 000000E0: a2 06 78 c7 e0
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.2-5.7" derivedCounter="(20)">
Decrypts ciphertext and verifies ICV using K3i as K_msg, resulted in plaintext <t indent="0" pn="section-appendix.a.1.2-5.7.1">
<sourcecode type="test-vectors"> Decrypts ciphertext and verifies ICV using K3i as K_msg, resulting in plaintext
<![CDATA[ </t>
<sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.2-5.7.2">
00000000: 28 00 00 2c 00 00 00 28 01 01 08 03 43 87 64 8d 00000000: 28 00 00 2c 00 00 00 28 01 01 08 03 43 87 64 8d
00000010: 6c 9e 28 ff 03 00 00 08 01 00 00 20 03 00 00 08 00000010: 6c 9e 28 ff 03 00 00 08 01 00 00 20 03 00 00 08
00000020: 02 00 00 09 00 00 00 08 04 00 00 22 22 00 00 24 00000020: 02 00 00 09 00 00 00 08 04 00 00 22 22 00 00 24
00000030: 6c 83 67 41 1b 45 94 1d 79 94 51 2d 3f 7d 1e ce 00000030: 6c 83 67 41 1b 45 94 1d 79 94 51 2d 3f 7d 1e ce
00000040: 06 76 a6 09 cc a9 3a 8f f8 17 81 ff 28 08 5a 4c 00000040: 06 76 a6 09 cc a9 3a 8f f8 17 81 ff 28 08 5a 4c
00000050: 29 00 00 88 00 22 00 00 04 db 0b d3 9a ac 83 f3 00000050: 29 00 00 88 00 22 00 00 04 db 0b d3 9a ac 83 f3
00000060: e9 9d a9 11 c3 12 f6 df f6 ae 99 38 55 20 1f 83 00000060: e9 9d a9 11 c3 12 f6 df f6 ae 99 38 55 20 1f 83
00000070: c8 28 ed 14 f9 68 88 77 ac 78 36 41 7a d7 93 a7 00000070: c8 28 ed 14 f9 68 88 77 ac 78 36 41 7a d7 93 a7
00000080: ee 4c 6a d7 f2 50 24 f5 a8 7b 03 28 22 9f a4 66 00000080: ee 4c 6a d7 f2 50 24 f5 a8 7b 03 28 22 9f a4 66
00000090: 11 20 57 64 56 7c 36 3c 72 c7 91 0a 1c fd 64 54 00000090: 11 20 57 64 56 7c 36 3c 72 c7 91 0a 1c fd 64 54
000000A0: f1 17 97 6a 35 48 dc 8f 85 97 20 12 2f 35 55 58 000000A0: f1 17 97 6a 35 48 dc 8f 85 97 20 12 2f 35 55 58
000000B0: 9b ca 7a 84 f3 01 cf ca 78 e7 41 87 d3 3f 0f 2b 000000B0: 9b ca 7a 84 f3 01 cf ca 78 e7 41 87 d3 3f 0f 2b
000000C0: 6d 78 59 ad f2 f2 c2 97 db 0b 75 6e 00 38 a2 72 000000C0: 6d 78 59 ad f2 f2 c2 97 db 0b 75 6e 00 38 a2 72
000000D0: 8d 17 6b 44 f9 8b 95 66 00 00 00 0c 00 00 40 01 000000D0: 8d 17 6b 44 f9 8b 95 66 00 00 00 0c 00 00 40 01
000000E0: 00 00 00 04 00 000000E0: 00 00 00 04 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.2-5.8" derivedCounter="(21)">
<t indent="0" pn="section-appendix.a.1.2-5.8.1">
Parses received message Parses received message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.2-5.8.2">
Create Child SA Create Child SA
E9D3F378191C3840.8DDFF401FBFB0B14.00000002 IKEv2 I->R[281] E9D3F378191C3840.8DDFF401FBFB0B14.00000002 IKEv2 I-&gt;R[281]
E[253]{ E[253]{
SA[44]{ SA[44]{
P[40](#1:IKE:4387648D6C9E28FF:3#){ P[40](#1:IKE:4387648D6C9E28FF:3#){
Encryption=ENCR_KUZNYECHIK_MGM_KTREE, Encryption=ENCR_KUZNYECHIK_MGM_KTREE,
PRF=PRF_HMAC_STREEBOG_512, PRF=PRF_HMAC_STREEBOG_512,
KE=GOST3410_2012_512}}, KE=GOST3410_2012_512}},
NONCE[36]{6C8367...085A4C}, NONCE[36]{6C8367...085A4C},
KE[136](GOST3410_2012_512){04DB0B...8B9566}, KE[136](GOST3410_2012_512){04DB0B...8B9566},
N[12](SET_WINDOW_SIZE){4}} N[12](SET_WINDOW_SIZE){4}}
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.2-5.9" derivedCounter="(22)">
<t indent="0" pn="section-appendix.a.1.2-5.9.1">
Generates random SPIr for new IKE SA Generates random SPIr for new IKE SA
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.2-5.9.2">
00000000: 82 d9 fa f8 74 49 b9 36 00000000: 82 d9 fa f8 74 49 b9 36
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.2-5.10" derivedCounter="(23)">
<t indent="0" pn="section-appendix.a.1.2-5.10.1">
Generates random IKE nonce Nr Generates random IKE nonce Nr
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.2-5.10.2">
00000000: 5a 2d d2 68 c6 85 5d 32 d4 7b 0b 8e ae 7d c9 81 00000000: 5a 2d d2 68 c6 85 5d 32 d4 7b 0b 8e ae 7d c9 81
00000010: be 3e 69 c1 bb f5 ae 89 55 59 c7 48 bc 96 43 7b 00000010: be 3e 69 c1 bb f5 ae 89 55 59 c7 48 bc 96 43 7b
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.2-5.11" derivedCounter="(24)">
<t indent="0" pn="section-appendix.a.1.2-5.11.1">
Generates ephemeral private key Generates ephemeral private key
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.2-5.11.2">
00000000: b9 ea c6 c1 84 db 39 54 e3 e7 74 be 02 e0 c9 0b 00000000: b9 ea c6 c1 84 db 39 54 e3 e7 74 be 02 e0 c9 0b
00000010: 5c b9 72 03 d4 fc a2 3f b6 cf 71 8d 4f f4 b4 c5 00000010: 5c b9 72 03 d4 fc a2 3f b6 cf 71 8d 4f f4 b4 c5
00000020: 21 1c 93 f9 86 cc 6b cb db ff 78 51 5b b6 48 e8 00000020: 21 1c 93 f9 86 cc 6b cb db ff 78 51 5b b6 48 e8
00000030: 44 ce c0 83 c9 d0 b8 90 08 94 db 29 9f bb c2 1a 00000030: 44 ce c0 83 c9 d0 b8 90 08 94 db 29 9f bb c2 1a
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.2-5.12" derivedCounter="(25)">
<t indent="0" pn="section-appendix.a.1.2-5.12.1">
Computes public key Computes public key
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.2-5.12.2">
00000000: b9 f9 27 a8 96 70 7a 03 58 c2 39 58 63 2d 50 20 00000000: b9 f9 27 a8 96 70 7a 03 58 c2 39 58 63 2d 50 20
00000010: bf 69 c0 1d a6 de d4 4d 65 aa 26 c6 8f 9f e9 e9 00000010: bf 69 c0 1d a6 de d4 4d 65 aa 26 c6 8f 9f e9 e9
00000020: 4b bb da 1d 2f d3 60 2d 18 33 04 9b b2 25 a6 07 00000020: 4b bb da 1d 2f d3 60 2d 18 33 04 9b b2 25 a6 07
00000030: ac 58 1b fc 3c 5b 1e f3 4b c0 f9 cb 90 14 c6 80 00000030: ac 58 1b fc 3c 5b 1e f3 4b c0 f9 cb 90 14 c6 80
00000040: 6e c3 73 c1 4a f7 5c 27 dd 2a e1 ba 94 9c f7 06 00000040: 6e c3 73 c1 4a f7 5c 27 dd 2a e1 ba 94 9c f7 06
00000050: 68 92 19 8e 85 67 f9 d2 d1 ea 3c 16 16 b9 3f 0c 00000050: 68 92 19 8e 85 67 f9 d2 d1 ea 3c 16 16 b9 3f 0c
00000060: 8b 2d 2e d6 20 14 7e 27 18 d3 23 9e 2a 99 41 40 00000060: 8b 2d 2e d6 20 14 7e 27 18 d3 23 9e 2a 99 41 40
00000070: 6a 41 c5 3f 79 9c a7 22 79 15 98 1d 98 b5 ac 4a 00000070: 6a 41 c5 3f 79 9c a7 22 79 15 98 1d 98 b5 ac 4a
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.2-5.13" derivedCounter="(26)">
<t indent="0" pn="section-appendix.a.1.2-5.13.1">
Computes shared key Computes shared key
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.2-5.13.2">
00000000: dd e7 44 39 1c d9 66 cf d2 24 a4 bb 0a 57 b3 3e 00000000: dd e7 44 39 1c d9 66 cf d2 24 a4 bb 0a 57 b3 3e
00000010: 1a 8f 5d 07 11 4d c3 47 87 1a 13 ec 84 26 03 f8 00000010: 1a 8f 5d 07 11 4d c3 47 87 1a 13 ec 84 26 03 f8
00000020: ea 93 5a f5 23 a3 45 71 ff 5f f2 3d 59 43 3a 5e 00000020: ea 93 5a f5 23 a3 45 71 ff 5f f2 3d 59 43 3a 5e
00000030: eb 5e 79 fa 0e 62 9e bc af ca e4 ee 7a 81 3a 84 00000030: eb 5e 79 fa 0e 62 9e bc af ca e4 ee 7a 81 3a 84
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.2-5.14" derivedCounter="(27)">
<t indent="0" pn="section-appendix.a.1.2-5.14.1">
Computes SKEYSEED for new SA Computes SKEYSEED for new SA
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.2-5.14.2">
00000000: ec 5f 4f 15 ce d7 7d 2f 12 fb a1 df 5f 44 aa 88 00000000: ec 5f 4f 15 ce d7 7d 2f 12 fb a1 df 5f 44 aa 88
00000010: 6a ef 45 e4 04 97 86 95 15 1b 3c ac 31 cc 57 a3 00000010: 6a ef 45 e4 04 97 86 95 15 1b 3c ac 31 cc 57 a3
00000020: f0 f4 92 89 33 00 76 2b e9 fd 8b c2 ed 8b e7 36 00000020: f0 f4 92 89 33 00 76 2b e9 fd 8b c2 ed 8b e7 36
00000030: cb 17 59 55 9e cc 22 14 72 a5 79 27 27 1d 06 62 00000030: cb 17 59 55 9e cc 22 14 72 a5 79 27 27 1d 06 62
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.2-5.15" derivedCounter="(28)">
<t indent="0" pn="section-appendix.a.1.2-5.15.1">
Computes SK_d for new SA Computes SK_d for new SA
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.2-5.15.2">
00000000: 08 58 14 7d eb c9 41 7f 7f a2 86 66 bf d4 76 37 00000000: 08 58 14 7d eb c9 41 7f 7f a2 86 66 bf d4 76 37
00000010: 04 27 4e bc 5d 63 f7 07 79 62 69 7a 69 3c da 7a 00000010: 04 27 4e bc 5d 63 f7 07 79 62 69 7a 69 3c da 7a
00000020: d5 4d 6f 08 1e 14 51 66 2f 94 0d bd 29 45 9c b0 00000020: d5 4d 6f 08 1e 14 51 66 2f 94 0d bd 29 45 9c b0
00000030: 51 26 09 4b 47 52 ba 19 98 a5 c2 65 af 84 a1 34 00000030: 51 26 09 4b 47 52 ba 19 98 a5 c2 65 af 84 a1 34
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.2-5.16" derivedCounter="(29)">
<t indent="0" pn="section-appendix.a.1.2-5.16.1">
Computes SK_ei for new SA Computes SK_ei for new SA
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.2-5.16.2">
00000000: 18 0a 4f 98 7d a4 21 6c 68 84 94 1f d9 28 49 b9 00000000: 18 0a 4f 98 7d a4 21 6c 68 84 94 1f d9 28 49 b9
00000010: 05 30 f8 aa 43 02 7e 0d aa d3 27 e9 8c 9a 39 9a 00000010: 05 30 f8 aa 43 02 7e 0d aa d3 27 e9 8c 9a 39 9a
00000020: 03 a0 05 b7 b2 2d f9 90 bb 6c ff ca 00000020: 03 a0 05 b7 b2 2d f9 90 bb 6c ff ca
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.2-5.17" derivedCounter="(30)">
<t indent="0" pn="section-appendix.a.1.2-5.17.1">
Computes SK_er for new SA Computes SK_er for new SA
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.2-5.17.2">
00000000: 47 dc aa 71 4a 8b 66 13 d8 09 79 c7 8c 72 0a 78 00000000: 47 dc aa 71 4a 8b 66 13 d8 09 79 c7 8c 72 0a 78
00000010: 06 48 6d 4f 1f 53 3a 91 1d b7 2c 86 f5 f1 4e 00 00000010: 06 48 6d 4f 1f 53 3a 91 1d b7 2c 86 f5 f1 4e 00
00000020: 84 57 87 2b 38 70 63 27 8c dd 88 78 00000020: 84 57 87 2b 38 70 63 27 8c dd 88 78
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.2-5.18" derivedCounter="(31)">
<t indent="0" pn="section-appendix.a.1.2-5.18.1">
Creates message Creates message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.2-5.18.2">
Create Child SA Create Child SA
E9D3F378191C3840.8DDFF401FBFB0B14.00000002 IKEv2 I<=R[281] E9D3F378191C3840.8DDFF401FBFB0B14.00000002 IKEv2 I&lt;=R[281]
E[253]{ E[253]{
SA[44]{ SA[44]{
P[40](#1:IKE:82D9FAF87449B936:3#){ P[40](#1:IKE:82D9FAF87449B936:3#){
Encryption=ENCR_KUZNYECHIK_MGM_KTREE, Encryption=ENCR_KUZNYECHIK_MGM_KTREE,
PRF=PRF_HMAC_STREEBOG_512, PRF=PRF_HMAC_STREEBOG_512,
KE=GOST3410_2012_512}}, KE=GOST3410_2012_512}},
NONCE[36]{5A2DD2...96437B}, NONCE[36]{5A2DD2...96437B},
KE[136](GOST3410_2012_512){B9F927...B5AC4A}, KE[136](GOST3410_2012_512){B9F927...B5AC4A},
N[12](SET_WINDOW_SIZE){64}} N[12](SET_WINDOW_SIZE){64}}
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.2-5.19" derivedCounter="(32)">
<t indent="0" pn="section-appendix.a.1.2-5.19.1">
Uses previously computed key K3r Uses previously computed key K3r
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.2-5.19.2">
00000000: e8 af 72 c4 c3 55 a2 6a fb ad 37 fd b4 b9 7f d6 00000000: e8 af 72 c4 c3 55 a2 6a fb ad 37 fd b4 b9 7f d6
00000010: f6 c8 cc 32 3f 50 32 40 06 86 ce 85 1b 02 28 f3 00000010: f6 c8 cc 32 3f 50 32 40 06 86 ce 85 1b 02 28 f3
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.2-5.20" derivedCounter="(33)">
<t indent="0" pn="section-appendix.a.1.2-5.20.1">
Composes MGM nonce Composes MGM nonce
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.2-5.20.2">
00000000: 00 00 00 01 65 20 72 e7 0a 1e ff 7d da ba 17 31 00000000: 00 00 00 01 65 20 72 e7 0a 1e ff 7d da ba 17 31
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.2-5.21" derivedCounter="(34)">
<t indent="0" pn="section-appendix.a.1.2-5.21.1">
Composes AAD Composes AAD
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.2-5.21.2">
00000000: e9 d3 f3 78 19 1c 38 40 8d df f4 01 fb fb 0b 14 00000000: e9 d3 f3 78 19 1c 38 40 8d df f4 01 fb fb 0b 14
00000010: 2e 20 24 20 00 00 00 02 00 00 01 19 21 00 00 fd 00000010: 2e 20 24 20 00 00 00 02 00 00 01 19 21 00 00 fd
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.2-5.22" derivedCounter="(35)">
<t indent="0" pn="section-appendix.a.1.2-5.22.1">
Composes plaintext Composes plaintext
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.2-5.22.2">
00000000: 28 00 00 2c 00 00 00 28 01 01 08 03 82 d9 fa f8 00000000: 28 00 00 2c 00 00 00 28 01 01 08 03 82 d9 fa f8
00000010: 74 49 b9 36 03 00 00 08 01 00 00 20 03 00 00 08 00000010: 74 49 b9 36 03 00 00 08 01 00 00 20 03 00 00 08
00000020: 02 00 00 09 00 00 00 08 04 00 00 22 22 00 00 24 00000020: 02 00 00 09 00 00 00 08 04 00 00 22 22 00 00 24
00000030: 5a 2d d2 68 c6 85 5d 32 d4 7b 0b 8e ae 7d c9 81 00000030: 5a 2d d2 68 c6 85 5d 32 d4 7b 0b 8e ae 7d c9 81
00000040: be 3e 69 c1 bb f5 ae 89 55 59 c7 48 bc 96 43 7b 00000040: be 3e 69 c1 bb f5 ae 89 55 59 c7 48 bc 96 43 7b
00000050: 29 00 00 88 00 22 00 00 b9 f9 27 a8 96 70 7a 03 00000050: 29 00 00 88 00 22 00 00 b9 f9 27 a8 96 70 7a 03
00000060: 58 c2 39 58 63 2d 50 20 bf 69 c0 1d a6 de d4 4d 00000060: 58 c2 39 58 63 2d 50 20 bf 69 c0 1d a6 de d4 4d
00000070: 65 aa 26 c6 8f 9f e9 e9 4b bb da 1d 2f d3 60 2d 00000070: 65 aa 26 c6 8f 9f e9 e9 4b bb da 1d 2f d3 60 2d
00000080: 18 33 04 9b b2 25 a6 07 ac 58 1b fc 3c 5b 1e f3 00000080: 18 33 04 9b b2 25 a6 07 ac 58 1b fc 3c 5b 1e f3
00000090: 4b c0 f9 cb 90 14 c6 80 6e c3 73 c1 4a f7 5c 27 00000090: 4b c0 f9 cb 90 14 c6 80 6e c3 73 c1 4a f7 5c 27
000000A0: dd 2a e1 ba 94 9c f7 06 68 92 19 8e 85 67 f9 d2 000000A0: dd 2a e1 ba 94 9c f7 06 68 92 19 8e 85 67 f9 d2
000000B0: d1 ea 3c 16 16 b9 3f 0c 8b 2d 2e d6 20 14 7e 27 000000B0: d1 ea 3c 16 16 b9 3f 0c 8b 2d 2e d6 20 14 7e 27
000000C0: 18 d3 23 9e 2a 99 41 40 6a 41 c5 3f 79 9c a7 22 000000C0: 18 d3 23 9e 2a 99 41 40 6a 41 c5 3f 79 9c a7 22
000000D0: 79 15 98 1d 98 b5 ac 4a 00 00 00 0c 00 00 40 01 000000D0: 79 15 98 1d 98 b5 ac 4a 00 00 00 0c 00 00 40 01
000000E0: 00 00 00 40 00 000000E0: 00 00 00 40 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.2-5.23" derivedCounter="(36)">
Encrypts plaintext using K3r as K_msg, resulted in ciphertext <t indent="0" pn="section-appendix.a.1.2-5.23.1">
<sourcecode type="test-vectors"> Encrypts plaintext using K3r as K_msg, resulting in ciphertext
<![CDATA[ </t>
<sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.2-5.23.2">
00000000: fd ee 4c 8f 78 ff b6 0c fc 65 bb ef db 53 56 a2 00000000: fd ee 4c 8f 78 ff b6 0c fc 65 bb ef db 53 56 a2
00000010: d3 2d 4f 59 ff 28 38 eb 76 0b 40 5e 8d 52 e8 c1 00000010: d3 2d 4f 59 ff 28 38 eb 76 0b 40 5e 8d 52 e8 c1
00000020: b9 75 22 b4 bb 71 8f 16 3a 97 0e 4d 95 ef bc 84 00000020: b9 75 22 b4 bb 71 8f 16 3a 97 0e 4d 95 ef bc 84
00000030: 46 c6 77 1e 4b 14 73 46 89 ed d4 b4 54 a2 64 19 00000030: 46 c6 77 1e 4b 14 73 46 89 ed d4 b4 54 a2 64 19
00000040: 67 b2 98 7e 8b d4 45 31 17 1e e4 ae f4 24 44 42 00000040: 67 b2 98 7e 8b d4 45 31 17 1e e4 ae f4 24 44 42
00000050: dd 55 a0 49 fe 08 59 d0 a1 16 69 60 8a 8e 54 d2 00000050: dd 55 a0 49 fe 08 59 d0 a1 16 69 60 8a 8e 54 d2
00000060: 02 6d ae 17 5f 32 bf 14 78 f0 86 47 26 bf fb 6b 00000060: 02 6d ae 17 5f 32 bf 14 78 f0 86 47 26 bf fb 6b
00000070: 7c 17 f7 f5 62 b6 d6 a0 e5 f3 c2 af b5 28 ee d0 00000070: 7c 17 f7 f5 62 b6 d6 a0 e5 f3 c2 af b5 28 ee d0
00000080: 9b 22 8c e6 d0 58 4d 48 18 6d dd 3e 4e 33 66 ac 00000080: 9b 22 8c e6 d0 58 4d 48 18 6d dd 3e 4e 33 66 ac
00000090: a2 29 1f 3b 62 4a e6 4a 8c 98 18 8b 21 73 a5 88 00000090: a2 29 1f 3b 62 4a e6 4a 8c 98 18 8b 21 73 a5 88
000000A0: 49 09 3b 27 88 20 40 6b a5 fc 08 37 c7 ac c9 0f 000000A0: 49 09 3b 27 88 20 40 6b a5 fc 08 37 c7 ac c9 0f
000000B0: 5d 69 87 7c 37 c8 c7 fd d8 72 6d ad ac 22 27 ca 000000B0: 5d 69 87 7c 37 c8 c7 fd d8 72 6d ad ac 22 27 ca
000000C0: 93 d6 bd 6a 55 2a 1a 8b 2e 84 b4 0a 35 d3 ac d5 000000C0: 93 d6 bd 6a 55 2a 1a 8b 2e 84 b4 0a 35 d3 ac d5
000000D0: 99 c9 ac d5 6f 03 94 bf ca f5 53 e5 a5 74 57 de 000000D0: 99 c9 ac d5 6f 03 94 bf ca f5 53 e5 a5 74 57 de
000000E0: 6a 5a 26 b8 e4 000000E0: 6a 5a 26 b8 e4
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.2-5.24" derivedCounter="(37)">
<t indent="0" pn="section-appendix.a.1.2-5.24.1">
Computes ICV using K3r as K_msg Computes ICV using K3r as K_msg
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.2-5.24.2">
00000000: 04 2f 99 3f 02 19 56 c4 0d 0b 7a 45 00000000: 04 2f 99 3f 02 19 56 c4 0d 0b 7a 45
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.2-5.25" derivedCounter="(38)">
<t indent="0" pn="section-appendix.a.1.2-5.25.1">
Composes IV Composes IV
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.2-5.25.2">
00000000: 00 00 00 00 00 00 00 01 00000000: 00 00 00 00 00 00 00 01
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.2-5.26" derivedCounter="(39)">
Sends message, peer receives message<sourcecode type="test-vectors"> <t indent="0" pn="section-appendix.a.1.2-5.26.1">
<![CDATA[ Sends message, peer receives message</t>
10.111.10.171:54294<-10.111.15.45:500 [281] <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.2-5.26.2">
10.111.10.171:54294&lt;-10.111.15.45:500 [281]
00000000: e9 d3 f3 78 19 1c 38 40 8d df f4 01 fb fb 0b 14 00000000: e9 d3 f3 78 19 1c 38 40 8d df f4 01 fb fb 0b 14
00000010: 2e 20 24 20 00 00 00 02 00 00 01 19 21 00 00 fd 00000010: 2e 20 24 20 00 00 00 02 00 00 01 19 21 00 00 fd
00000020: 00 00 00 00 00 00 00 01 fd ee 4c 8f 78 ff b6 0c 00000020: 00 00 00 00 00 00 00 01 fd ee 4c 8f 78 ff b6 0c
00000030: fc 65 bb ef db 53 56 a2 d3 2d 4f 59 ff 28 38 eb 00000030: fc 65 bb ef db 53 56 a2 d3 2d 4f 59 ff 28 38 eb
00000040: 76 0b 40 5e 8d 52 e8 c1 b9 75 22 b4 bb 71 8f 16 00000040: 76 0b 40 5e 8d 52 e8 c1 b9 75 22 b4 bb 71 8f 16
00000050: 3a 97 0e 4d 95 ef bc 84 46 c6 77 1e 4b 14 73 46 00000050: 3a 97 0e 4d 95 ef bc 84 46 c6 77 1e 4b 14 73 46
00000060: 89 ed d4 b4 54 a2 64 19 67 b2 98 7e 8b d4 45 31 00000060: 89 ed d4 b4 54 a2 64 19 67 b2 98 7e 8b d4 45 31
00000070: 17 1e e4 ae f4 24 44 42 dd 55 a0 49 fe 08 59 d0 00000070: 17 1e e4 ae f4 24 44 42 dd 55 a0 49 fe 08 59 d0
00000080: a1 16 69 60 8a 8e 54 d2 02 6d ae 17 5f 32 bf 14 00000080: a1 16 69 60 8a 8e 54 d2 02 6d ae 17 5f 32 bf 14
00000090: 78 f0 86 47 26 bf fb 6b 7c 17 f7 f5 62 b6 d6 a0 00000090: 78 f0 86 47 26 bf fb 6b 7c 17 f7 f5 62 b6 d6 a0
000000A0: e5 f3 c2 af b5 28 ee d0 9b 22 8c e6 d0 58 4d 48 000000A0: e5 f3 c2 af b5 28 ee d0 9b 22 8c e6 d0 58 4d 48
000000B0: 18 6d dd 3e 4e 33 66 ac a2 29 1f 3b 62 4a e6 4a 000000B0: 18 6d dd 3e 4e 33 66 ac a2 29 1f 3b 62 4a e6 4a
000000C0: 8c 98 18 8b 21 73 a5 88 49 09 3b 27 88 20 40 6b 000000C0: 8c 98 18 8b 21 73 a5 88 49 09 3b 27 88 20 40 6b
000000D0: a5 fc 08 37 c7 ac c9 0f 5d 69 87 7c 37 c8 c7 fd 000000D0: a5 fc 08 37 c7 ac c9 0f 5d 69 87 7c 37 c8 c7 fd
000000E0: d8 72 6d ad ac 22 27 ca 93 d6 bd 6a 55 2a 1a 8b 000000E0: d8 72 6d ad ac 22 27 ca 93 d6 bd 6a 55 2a 1a 8b
000000F0: 2e 84 b4 0a 35 d3 ac d5 99 c9 ac d5 6f 03 94 bf 000000F0: 2e 84 b4 0a 35 d3 ac d5 99 c9 ac d5 6f 03 94 bf
00000100: ca f5 53 e5 a5 74 57 de 6a 5a 26 b8 e4 04 2f 99 00000100: ca f5 53 e5 a5 74 57 de 6a 5a 26 b8 e4 04 2f 99
00000110: 3f 02 19 56 c4 0d 0b 7a 45 00000110: 3f 02 19 56 c4 0d 0b 7a 45
]]>
</sourcecode> </sourcecode>
</li> </li>
</ol> </ol>
<t>Initiator's actions:</t> <t indent="0" pn="section-appendix.a.1.2-6">Initiator's actions:</t>
<ol type="(%d)" group="data2.txt"> <ol type="(%d)" group="data2.txt" start="40" indent="adaptive" spacing
<li> ="normal" pn="section-appendix.a.1.2-7">
<li pn="section-appendix.a.1.2-7.1" derivedCounter="(40)">
<t indent="0" pn="section-appendix.a.1.2-7.1.1">
Extracts IV from message Extracts IV from message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.2-7.1.2">
00000000: 00 00 00 00 00 00 00 01 00000000: 00 00 00 00 00 00 00 01
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.2-7.2" derivedCounter="(41)">
<t indent="0" pn="section-appendix.a.1.2-7.2.1">
Uses previously computed key K3r Uses previously computed key K3r
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.2-7.2.2">
00000000: e8 af 72 c4 c3 55 a2 6a fb ad 37 fd b4 b9 7f d6 00000000: e8 af 72 c4 c3 55 a2 6a fb ad 37 fd b4 b9 7f d6
00000010: f6 c8 cc 32 3f 50 32 40 06 86 ce 85 1b 02 28 f3 00000010: f6 c8 cc 32 3f 50 32 40 06 86 ce 85 1b 02 28 f3
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.2-7.3" derivedCounter="(42)">
<t indent="0" pn="section-appendix.a.1.2-7.3.1">
Composes MGM nonce Composes MGM nonce
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.2-7.3.2">
00000000: 00 00 00 01 65 20 72 e7 0a 1e ff 7d da ba 17 31 00000000: 00 00 00 01 65 20 72 e7 0a 1e ff 7d da ba 17 31
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.2-7.4" derivedCounter="(43)">
<t indent="0" pn="section-appendix.a.1.2-7.4.1">
Extracts ICV from message Extracts ICV from message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.2-7.4.2">
00000000: 04 2f 99 3f 02 19 56 c4 0d 0b 7a 45 00000000: 04 2f 99 3f 02 19 56 c4 0d 0b 7a 45
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.2-7.5" derivedCounter="(44)">
<t indent="0" pn="section-appendix.a.1.2-7.5.1">
Extracts AAD from message Extracts AAD from message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.2-7.5.2">
00000000: e9 d3 f3 78 19 1c 38 40 8d df f4 01 fb fb 0b 14 00000000: e9 d3 f3 78 19 1c 38 40 8d df f4 01 fb fb 0b 14
00000010: 2e 20 24 20 00 00 00 02 00 00 01 19 21 00 00 fd 00000010: 2e 20 24 20 00 00 00 02 00 00 01 19 21 00 00 fd
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.2-7.6" derivedCounter="(45)">
<t indent="0" pn="section-appendix.a.1.2-7.6.1">
Extracts ciphertext from message Extracts ciphertext from message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.2-7.6.2">
00000000: fd ee 4c 8f 78 ff b6 0c fc 65 bb ef db 53 56 a2 00000000: fd ee 4c 8f 78 ff b6 0c fc 65 bb ef db 53 56 a2
00000010: d3 2d 4f 59 ff 28 38 eb 76 0b 40 5e 8d 52 e8 c1 00000010: d3 2d 4f 59 ff 28 38 eb 76 0b 40 5e 8d 52 e8 c1
00000020: b9 75 22 b4 bb 71 8f 16 3a 97 0e 4d 95 ef bc 84 00000020: b9 75 22 b4 bb 71 8f 16 3a 97 0e 4d 95 ef bc 84
00000030: 46 c6 77 1e 4b 14 73 46 89 ed d4 b4 54 a2 64 19 00000030: 46 c6 77 1e 4b 14 73 46 89 ed d4 b4 54 a2 64 19
00000040: 67 b2 98 7e 8b d4 45 31 17 1e e4 ae f4 24 44 42 00000040: 67 b2 98 7e 8b d4 45 31 17 1e e4 ae f4 24 44 42
00000050: dd 55 a0 49 fe 08 59 d0 a1 16 69 60 8a 8e 54 d2 00000050: dd 55 a0 49 fe 08 59 d0 a1 16 69 60 8a 8e 54 d2
00000060: 02 6d ae 17 5f 32 bf 14 78 f0 86 47 26 bf fb 6b 00000060: 02 6d ae 17 5f 32 bf 14 78 f0 86 47 26 bf fb 6b
00000070: 7c 17 f7 f5 62 b6 d6 a0 e5 f3 c2 af b5 28 ee d0 00000070: 7c 17 f7 f5 62 b6 d6 a0 e5 f3 c2 af b5 28 ee d0
00000080: 9b 22 8c e6 d0 58 4d 48 18 6d dd 3e 4e 33 66 ac 00000080: 9b 22 8c e6 d0 58 4d 48 18 6d dd 3e 4e 33 66 ac
00000090: a2 29 1f 3b 62 4a e6 4a 8c 98 18 8b 21 73 a5 88 00000090: a2 29 1f 3b 62 4a e6 4a 8c 98 18 8b 21 73 a5 88
000000A0: 49 09 3b 27 88 20 40 6b a5 fc 08 37 c7 ac c9 0f 000000A0: 49 09 3b 27 88 20 40 6b a5 fc 08 37 c7 ac c9 0f
000000B0: 5d 69 87 7c 37 c8 c7 fd d8 72 6d ad ac 22 27 ca 000000B0: 5d 69 87 7c 37 c8 c7 fd d8 72 6d ad ac 22 27 ca
000000C0: 93 d6 bd 6a 55 2a 1a 8b 2e 84 b4 0a 35 d3 ac d5 000000C0: 93 d6 bd 6a 55 2a 1a 8b 2e 84 b4 0a 35 d3 ac d5
000000D0: 99 c9 ac d5 6f 03 94 bf ca f5 53 e5 a5 74 57 de 000000D0: 99 c9 ac d5 6f 03 94 bf ca f5 53 e5 a5 74 57 de
000000E0: 6a 5a 26 b8 e4 000000E0: 6a 5a 26 b8 e4
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.2-7.7" derivedCounter="(46)">
Decrypts ciphertext and verifies ICV using K3r as K_msg, resulted in plaintext <t indent="0" pn="section-appendix.a.1.2-7.7.1">
<sourcecode type="test-vectors"> Decrypts ciphertext and verifies ICV using K3r as K_msg, resulting in plaintext
<![CDATA[ </t>
<sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.2-7.7.2">
00000000: 28 00 00 2c 00 00 00 28 01 01 08 03 82 d9 fa f8 00000000: 28 00 00 2c 00 00 00 28 01 01 08 03 82 d9 fa f8
00000010: 74 49 b9 36 03 00 00 08 01 00 00 20 03 00 00 08 00000010: 74 49 b9 36 03 00 00 08 01 00 00 20 03 00 00 08
00000020: 02 00 00 09 00 00 00 08 04 00 00 22 22 00 00 24 00000020: 02 00 00 09 00 00 00 08 04 00 00 22 22 00 00 24
00000030: 5a 2d d2 68 c6 85 5d 32 d4 7b 0b 8e ae 7d c9 81 00000030: 5a 2d d2 68 c6 85 5d 32 d4 7b 0b 8e ae 7d c9 81
00000040: be 3e 69 c1 bb f5 ae 89 55 59 c7 48 bc 96 43 7b 00000040: be 3e 69 c1 bb f5 ae 89 55 59 c7 48 bc 96 43 7b
00000050: 29 00 00 88 00 22 00 00 b9 f9 27 a8 96 70 7a 03 00000050: 29 00 00 88 00 22 00 00 b9 f9 27 a8 96 70 7a 03
00000060: 58 c2 39 58 63 2d 50 20 bf 69 c0 1d a6 de d4 4d 00000060: 58 c2 39 58 63 2d 50 20 bf 69 c0 1d a6 de d4 4d
00000070: 65 aa 26 c6 8f 9f e9 e9 4b bb da 1d 2f d3 60 2d 00000070: 65 aa 26 c6 8f 9f e9 e9 4b bb da 1d 2f d3 60 2d
00000080: 18 33 04 9b b2 25 a6 07 ac 58 1b fc 3c 5b 1e f3 00000080: 18 33 04 9b b2 25 a6 07 ac 58 1b fc 3c 5b 1e f3
00000090: 4b c0 f9 cb 90 14 c6 80 6e c3 73 c1 4a f7 5c 27 00000090: 4b c0 f9 cb 90 14 c6 80 6e c3 73 c1 4a f7 5c 27
000000A0: dd 2a e1 ba 94 9c f7 06 68 92 19 8e 85 67 f9 d2 000000A0: dd 2a e1 ba 94 9c f7 06 68 92 19 8e 85 67 f9 d2
000000B0: d1 ea 3c 16 16 b9 3f 0c 8b 2d 2e d6 20 14 7e 27 000000B0: d1 ea 3c 16 16 b9 3f 0c 8b 2d 2e d6 20 14 7e 27
000000C0: 18 d3 23 9e 2a 99 41 40 6a 41 c5 3f 79 9c a7 22 000000C0: 18 d3 23 9e 2a 99 41 40 6a 41 c5 3f 79 9c a7 22
000000D0: 79 15 98 1d 98 b5 ac 4a 00 00 00 0c 00 00 40 01 000000D0: 79 15 98 1d 98 b5 ac 4a 00 00 00 0c 00 00 40 01
000000E0: 00 00 00 40 00 000000E0: 00 00 00 40 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.2-7.8" derivedCounter="(47)">
<t indent="0" pn="section-appendix.a.1.2-7.8.1">
Parses received message Parses received message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.2-7.8.2">
Create Child SA Create Child SA
E9D3F378191C3840.8DDFF401FBFB0B14.00000002 IKEv2 R=>I[281] E9D3F378191C3840.8DDFF401FBFB0B14.00000002 IKEv2 R=&gt;I[281]
E[253]{ E[253]{
SA[44]{ SA[44]{
P[40](#1:IKE:82D9FAF87449B936:3#){ P[40](#1:IKE:82D9FAF87449B936:3#){
Encryption=ENCR_KUZNYECHIK_MGM_KTREE, Encryption=ENCR_KUZNYECHIK_MGM_KTREE,
PRF=PRF_HMAC_STREEBOG_512, PRF=PRF_HMAC_STREEBOG_512,
KE=GOST3410_2012_512}}, KE=GOST3410_2012_512}},
NONCE[36]{5A2DD2...96437B}, NONCE[36]{5A2DD2...96437B},
KE[136](GOST3410_2012_512){B9F927...B5AC4A}, KE[136](GOST3410_2012_512){B9F927...B5AC4A},
N[12](SET_WINDOW_SIZE){64}} N[12](SET_WINDOW_SIZE){64}}
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.2-7.9" derivedCounter="(48)">
<t indent="0" pn="section-appendix.a.1.2-7.9.1">
Computes shared key Computes shared key
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.2-7.9.2">
00000000: dd e7 44 39 1c d9 66 cf d2 24 a4 bb 0a 57 b3 3e 00000000: dd e7 44 39 1c d9 66 cf d2 24 a4 bb 0a 57 b3 3e
00000010: 1a 8f 5d 07 11 4d c3 47 87 1a 13 ec 84 26 03 f8 00000010: 1a 8f 5d 07 11 4d c3 47 87 1a 13 ec 84 26 03 f8
00000020: ea 93 5a f5 23 a3 45 71 ff 5f f2 3d 59 43 3a 5e 00000020: ea 93 5a f5 23 a3 45 71 ff 5f f2 3d 59 43 3a 5e
00000030: eb 5e 79 fa 0e 62 9e bc af ca e4 ee 7a 81 3a 84 00000030: eb 5e 79 fa 0e 62 9e bc af ca e4 ee 7a 81 3a 84
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.2-7.10" derivedCounter="(49)">
<t indent="0" pn="section-appendix.a.1.2-7.10.1">
Computes SKEYSEED for new SA Computes SKEYSEED for new SA
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.2-7.10.2">
00000000: ec 5f 4f 15 ce d7 7d 2f 12 fb a1 df 5f 44 aa 88 00000000: ec 5f 4f 15 ce d7 7d 2f 12 fb a1 df 5f 44 aa 88
00000010: 6a ef 45 e4 04 97 86 95 15 1b 3c ac 31 cc 57 a3 00000010: 6a ef 45 e4 04 97 86 95 15 1b 3c ac 31 cc 57 a3
00000020: f0 f4 92 89 33 00 76 2b e9 fd 8b c2 ed 8b e7 36 00000020: f0 f4 92 89 33 00 76 2b e9 fd 8b c2 ed 8b e7 36
00000030: cb 17 59 55 9e cc 22 14 72 a5 79 27 27 1d 06 62 00000030: cb 17 59 55 9e cc 22 14 72 a5 79 27 27 1d 06 62
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.2-7.11" derivedCounter="(50)">
<t indent="0" pn="section-appendix.a.1.2-7.11.1">
Computes SK_d for new SA Computes SK_d for new SA
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.2-7.11.2">
00000000: 08 58 14 7d eb c9 41 7f 7f a2 86 66 bf d4 76 37 00000000: 08 58 14 7d eb c9 41 7f 7f a2 86 66 bf d4 76 37
00000010: 04 27 4e bc 5d 63 f7 07 79 62 69 7a 69 3c da 7a 00000010: 04 27 4e bc 5d 63 f7 07 79 62 69 7a 69 3c da 7a
00000020: d5 4d 6f 08 1e 14 51 66 2f 94 0d bd 29 45 9c b0 00000020: d5 4d 6f 08 1e 14 51 66 2f 94 0d bd 29 45 9c b0
00000030: 51 26 09 4b 47 52 ba 19 98 a5 c2 65 af 84 a1 34 00000030: 51 26 09 4b 47 52 ba 19 98 a5 c2 65 af 84 a1 34
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.2-7.12" derivedCounter="(51)">
<t indent="0" pn="section-appendix.a.1.2-7.12.1">
Computes SK_ei for new SA Computes SK_ei for new SA
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.2-7.12.2">
00000000: 18 0a 4f 98 7d a4 21 6c 68 84 94 1f d9 28 49 b9 00000000: 18 0a 4f 98 7d a4 21 6c 68 84 94 1f d9 28 49 b9
00000010: 05 30 f8 aa 43 02 7e 0d aa d3 27 e9 8c 9a 39 9a 00000010: 05 30 f8 aa 43 02 7e 0d aa d3 27 e9 8c 9a 39 9a
00000020: 03 a0 05 b7 b2 2d f9 90 bb 6c ff ca 00000020: 03 a0 05 b7 b2 2d f9 90 bb 6c ff ca
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.2-7.13" derivedCounter="(52)">
<t indent="0" pn="section-appendix.a.1.2-7.13.1">
Computes SK_er for new SA Computes SK_er for new SA
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.2-7.13.2">
00000000: 47 dc aa 71 4a 8b 66 13 d8 09 79 c7 8c 72 0a 78 00000000: 47 dc aa 71 4a 8b 66 13 d8 09 79 c7 8c 72 0a 78
00000010: 06 48 6d 4f 1f 53 3a 91 1d b7 2c 86 f5 f1 4e 00 00000010: 06 48 6d 4f 1f 53 3a 91 1d b7 2c 86 f5 f1 4e 00
00000020: 84 57 87 2b 38 70 63 27 8c dd 88 78 00000020: 84 57 87 2b 38 70 63 27 8c dd 88 78
]]> </sourcecode> </sourcecode>
</li> </li>
</ol> </ol>
</section>
<t><br/><br/></t> <section anchor="scenario1-3" numbered="true" removeInRFC="false" toc="i
nclude" pn="section-appendix.a.1.3">
<ol group="scenario1" type="Sub-scenario %d:"> <name slugifiedName="name-sub-scenario-3-esp-sas-reke">Sub-Scenario 3:
<li> ESP SAs rekeying with PFS using the CREATE_CHILD_SA exchange. ESP SAs Rekeying with PFS Using the CREATE_CHILD_SA Exchange</name>
<sourcecode type="test-vectors"> <artwork type="" align="left" pn="section-appendix.a.1.3-1">
<![CDATA[
Initiator Responder Initiator Responder
HDR, SK {N(REKEY_SA), SAi, Ni, HDR, SK {N(REKEY_SA), SAi, Ni,
KEi, TSi, TSr [,N+]} ---> KEi, TSi, TSr [,N+]} ---&gt;
<--- HDR, SK {SAr, Nr, &lt;--- HDR, SK {SAr, Nr,
KEr, TSi, TSr [,N+]} KEr, TSi, TSr [,N+]}
]]> </artwork>
</sourcecode> <t indent="0" pn="section-appendix.a.1.3-2">Initiator's actions:</t>
</li> <ol start="1" type="(%d)" group="data3.txt" indent="adaptive" spacing=
</ol> "normal" pn="section-appendix.a.1.3-3">
<li pn="section-appendix.a.1.3-3.1" derivedCounter="(1)">
<t>Initiator's actions:</t> <t indent="0" pn="section-appendix.a.1.3-3.1.1">
<ol start="1" type="(%d)" group="data3.txt">
<li>
Generates random IKE nonce Ni Generates random IKE nonce Ni
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.3-3.1.2">
00000000: 59 52 b2 58 00 b7 d3 f9 c3 31 23 16 6f c2 d1 d7 00000000: 59 52 b2 58 00 b7 d3 f9 c3 31 23 16 6f c2 d1 d7
00000010: 07 8b 99 fb 24 cf 24 30 a3 ce a6 fe d3 0f 20 9b 00000010: 07 8b 99 fb 24 cf 24 30 a3 ce a6 fe d3 0f 20 9b
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.3-3.2" derivedCounter="(2)">
<t indent="0" pn="section-appendix.a.1.3-3.2.1">
Generates ephemeral private key Generates ephemeral private key
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.3-3.2.2">
00000000: 2f b9 df 43 dc 50 f5 17 59 c0 c7 21 ac ca 03 7a 00000000: 2f b9 df 43 dc 50 f5 17 59 c0 c7 21 ac ca 03 7a
00000010: 55 87 f9 bb a6 5a 9e d4 46 98 15 c9 3a 6b 40 91 00000010: 55 87 f9 bb a6 5a 9e d4 46 98 15 c9 3a 6b 40 91
00000020: e6 99 f4 f2 e5 88 14 e7 d8 9f 98 b1 59 21 05 52 00000020: e6 99 f4 f2 e5 88 14 e7 d8 9f 98 b1 59 21 05 52
00000030: f0 b0 ce dc 8e c6 db 1f 9d a9 4a 6d 95 f2 cb 3d 00000030: f0 b0 ce dc 8e c6 db 1f 9d a9 4a 6d 95 f2 cb 3d
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.3-3.3" derivedCounter="(3)">
<t indent="0" pn="section-appendix.a.1.3-3.3.1">
Computes public key Computes public key
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.3-3.3.2">
00000000: 1c 55 08 b9 01 f5 76 6a 01 27 97 2d 38 b1 4a 5c 00000000: 1c 55 08 b9 01 f5 76 6a 01 27 97 2d 38 b1 4a 5c
00000010: b7 43 f1 64 24 ef 76 75 50 ce 4f 6f 59 ca 96 ae 00000010: b7 43 f1 64 24 ef 76 75 50 ce 4f 6f 59 ca 96 ae
00000020: 54 85 9c 94 8d 04 91 62 3a 0c b6 6e 77 59 81 40 00000020: 54 85 9c 94 8d 04 91 62 3a 0c b6 6e 77 59 81 40
00000030: 69 bf bb 80 f7 7c 29 ee 9f 9e 0c 83 b6 08 fc 43 00000030: 69 bf bb 80 f7 7c 29 ee 9f 9e 0c 83 b6 08 fc 43
00000040: b8 c6 66 36 e5 eb a0 43 c2 56 fa 52 f9 99 b6 95 00000040: b8 c6 66 36 e5 eb a0 43 c2 56 fa 52 f9 99 b6 95
00000050: 34 4c cd 49 1f c7 83 9e d7 d9 ca e3 a5 d0 3c aa 00000050: 34 4c cd 49 1f c7 83 9e d7 d9 ca e3 a5 d0 3c aa
00000060: e8 ee ed 2c dd 5c 81 49 ab 3c d4 fa 15 4e 29 5f 00000060: e8 ee ed 2c dd 5c 81 49 ab 3c d4 fa 15 4e 29 5f
00000070: 7c cd b2 f1 c1 d2 6f 8f a7 74 4d 6a d8 8a c3 60 00000070: 7c cd b2 f1 c1 d2 6f 8f a7 74 4d 6a d8 8a c3 60
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.3-3.4" derivedCounter="(4)">
<t indent="0" pn="section-appendix.a.1.3-3.4.1">
Selects SPI for new incoming ESP SA Selects SPI for new incoming ESP SA
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.3-3.4.2">
00000000: a4 fe 65 a1 00000000: a4 fe 65 a1
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.3-3.5" derivedCounter="(5)">
<t indent="0" pn="section-appendix.a.1.3-3.5.1">
Creates message Creates message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.3-3.5.2">
Create Child SA Create Child SA
4387648D6C9E28FF.82D9FAF87449B936.00000000 IKEv2 R<-I[341] 4387648D6C9E28FF.82D9FAF87449B936.00000000 IKEv2 R&lt;-I[341]
E[313]{ E[313]{
N[12](ESP:0ADE5FCD:REKEY_SA), N[12](ESP:0ADE5FCD:REKEY_SA),
SA[40]{ SA[40]{
P[36](#1:ESP:A4FE65A1:3#){ P[36](#1:ESP:A4FE65A1:3#){
Encryption=ENCR_KUZNYECHIK_MGM_KTREE, Encryption=ENCR_KUZNYECHIK_MGM_KTREE,
KE=GOST3410_2012_512, KE=GOST3410_2012_512,
ESN=Off}}, ESN=Off}},
NONCE[36]{5952B2...0F209B}, NONCE[36]{5952B2...0F209B},
KE[136](GOST3410_2012_512){1C5508...8AC360}, KE[136](GOST3410_2012_512){1C5508...8AC360},
TSi[24](1#){10.1.1.2}, TSi[24](1#){10.1.1.2},
TSr[24](1#){10.0.0.0-10.0.0.255}, TSr[24](1#){10.0.0.0-10.0.0.255},
N[8](ESP_TFC_PADDING_NOT_SUPPORTED), N[8](ESP_TFC_PADDING_NOT_SUPPORTED),
N[8](NON_FIRST_FRAGMENTS_ALSO)} N[8](NON_FIRST_FRAGMENTS_ALSO)}
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.3-3.6" derivedCounter="(6)">
<t indent="0" pn="section-appendix.a.1.3-3.6.1">
Computes K1i (i1 = 0) Computes K1i (i1 = 0)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.3-3.6.2">
00000000: 17 ec f1 84 33 9a c3 e3 93 e1 21 d7 65 3b 6c 83 00000000: 17 ec f1 84 33 9a c3 e3 93 e1 21 d7 65 3b 6c 83
00000010: d4 ae 9c 29 5b 12 cc b3 c5 0c 48 19 49 eb c0 ba 00000010: d4 ae 9c 29 5b 12 cc b3 c5 0c 48 19 49 eb c0 ba
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.3-3.7" derivedCounter="(7)">
<t indent="0" pn="section-appendix.a.1.3-3.7.1">
Computes K2i (i2 = 0) Computes K2i (i2 = 0)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.3-3.7.2">
00000000: 2d 33 c0 55 87 f2 ee ce ac 1a f2 28 64 c6 f5 ad 00000000: 2d 33 c0 55 87 f2 ee ce ac 1a f2 28 64 c6 f5 ad
00000010: de 2d be 7a a8 92 d0 a6 20 bc ef 25 29 7b 56 9f 00000010: de 2d be 7a a8 92 d0 a6 20 bc ef 25 29 7b 56 9f
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.3-3.8" derivedCounter="(8)">
<t indent="0" pn="section-appendix.a.1.3-3.8.1">
Computes K3i (i3 = 0) Computes K3i (i3 = 0)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.3-3.8.2">
00000000: c9 41 22 b5 39 b7 d2 3f c4 4d a6 ae 88 2e ff b4 00000000: c9 41 22 b5 39 b7 d2 3f c4 4d a6 ae 88 2e ff b4
00000010: f4 c0 90 9c bd bc 63 56 14 62 e8 8f 90 1a e7 eb 00000010: f4 c0 90 9c bd bc 63 56 14 62 e8 8f 90 1a e7 eb
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.3-3.9" derivedCounter="(9)">
<t indent="0" pn="section-appendix.a.1.3-3.9.1">
Composes MGM nonce Composes MGM nonce
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.3-3.9.2">
00000000: 00 00 00 00 03 a0 05 b7 b2 2d f9 90 bb 6c ff ca 00000000: 00 00 00 00 03 a0 05 b7 b2 2d f9 90 bb 6c ff ca
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.3-3.10" derivedCounter="(10)">
<t indent="0" pn="section-appendix.a.1.3-3.10.1">
Composes AAD Composes AAD
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.3-3.10.2">
00000000: 43 87 64 8d 6c 9e 28 ff 82 d9 fa f8 74 49 b9 36 00000000: 43 87 64 8d 6c 9e 28 ff 82 d9 fa f8 74 49 b9 36
00000010: 2e 20 24 08 00 00 00 00 00 00 01 55 29 00 01 39 00000010: 2e 20 24 08 00 00 00 00 00 00 01 55 29 00 01 39
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.3-3.11" derivedCounter="(11)">
<t indent="0" pn="section-appendix.a.1.3-3.11.1">
Composes plaintext Composes plaintext
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.3-3.11.2">
00000000: 21 00 00 0c 03 04 40 09 0a de 5f cd 28 00 00 28 00000000: 21 00 00 0c 03 04 40 09 0a de 5f cd 28 00 00 28
00000010: 00 00 00 24 01 03 04 03 a4 fe 65 a1 03 00 00 08 00000010: 00 00 00 24 01 03 04 03 a4 fe 65 a1 03 00 00 08
00000020: 01 00 00 20 03 00 00 08 04 00 00 22 00 00 00 08 00000020: 01 00 00 20 03 00 00 08 04 00 00 22 00 00 00 08
00000030: 05 00 00 00 22 00 00 24 59 52 b2 58 00 b7 d3 f9 00000030: 05 00 00 00 22 00 00 24 59 52 b2 58 00 b7 d3 f9
00000040: c3 31 23 16 6f c2 d1 d7 07 8b 99 fb 24 cf 24 30 00000040: c3 31 23 16 6f c2 d1 d7 07 8b 99 fb 24 cf 24 30
00000050: a3 ce a6 fe d3 0f 20 9b 2c 00 00 88 00 22 00 00 00000050: a3 ce a6 fe d3 0f 20 9b 2c 00 00 88 00 22 00 00
00000060: 1c 55 08 b9 01 f5 76 6a 01 27 97 2d 38 b1 4a 5c 00000060: 1c 55 08 b9 01 f5 76 6a 01 27 97 2d 38 b1 4a 5c
00000070: b7 43 f1 64 24 ef 76 75 50 ce 4f 6f 59 ca 96 ae 00000070: b7 43 f1 64 24 ef 76 75 50 ce 4f 6f 59 ca 96 ae
00000080: 54 85 9c 94 8d 04 91 62 3a 0c b6 6e 77 59 81 40 00000080: 54 85 9c 94 8d 04 91 62 3a 0c b6 6e 77 59 81 40
00000090: 69 bf bb 80 f7 7c 29 ee 9f 9e 0c 83 b6 08 fc 43 00000090: 69 bf bb 80 f7 7c 29 ee 9f 9e 0c 83 b6 08 fc 43
000000A0: b8 c6 66 36 e5 eb a0 43 c2 56 fa 52 f9 99 b6 95 000000A0: b8 c6 66 36 e5 eb a0 43 c2 56 fa 52 f9 99 b6 95
000000B0: 34 4c cd 49 1f c7 83 9e d7 d9 ca e3 a5 d0 3c aa 000000B0: 34 4c cd 49 1f c7 83 9e d7 d9 ca e3 a5 d0 3c aa
000000C0: e8 ee ed 2c dd 5c 81 49 ab 3c d4 fa 15 4e 29 5f 000000C0: e8 ee ed 2c dd 5c 81 49 ab 3c d4 fa 15 4e 29 5f
000000D0: 7c cd b2 f1 c1 d2 6f 8f a7 74 4d 6a d8 8a c3 60 000000D0: 7c cd b2 f1 c1 d2 6f 8f a7 74 4d 6a d8 8a c3 60
000000E0: 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff 000000E0: 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff
000000F0: 0a 01 01 02 0a 01 01 02 29 00 00 18 01 00 00 00 000000F0: 0a 01 01 02 0a 01 01 02 29 00 00 18 01 00 00 00
00000100: 07 00 00 10 00 00 ff ff 0a 00 00 00 0a 00 00 ff 00000100: 07 00 00 10 00 00 ff ff 0a 00 00 00 0a 00 00 ff
00000110: 29 00 00 08 00 00 40 0a 00 00 00 08 00 00 40 0b 00000110: 29 00 00 08 00 00 40 0a 00 00 00 08 00 00 40 0b
00000120: 00 00000120: 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.3-3.12" derivedCounter="(12)">
Encrypts plaintext using K3i as K_msg, resulted in ciphertext <t indent="0" pn="section-appendix.a.1.3-3.12.1">
<sourcecode type="test-vectors"> Encrypts plaintext using K3i as K_msg, resulting in ciphertext
<![CDATA[ </t>
<sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.3-3.12.2">
00000000: 00 9b 13 cb cb f1 18 53 fc 81 2e 75 c3 03 e0 ca 00000000: 00 9b 13 cb cb f1 18 53 fc 81 2e 75 c3 03 e0 ca
00000010: 55 c1 fb 55 c0 29 40 48 fc 20 f4 a8 51 5b 97 6b 00000010: 55 c1 fb 55 c0 29 40 48 fc 20 f4 a8 51 5b 97 6b
00000020: c6 07 4c 7d 45 54 51 0f 18 7f 43 a4 df 4b e8 e3 00000020: c6 07 4c 7d 45 54 51 0f 18 7f 43 a4 df 4b e8 e3
00000030: b4 eb 68 24 4b f0 1c df 8f 1e a2 21 31 02 29 68 00000030: b4 eb 68 24 4b f0 1c df 8f 1e a2 21 31 02 29 68
00000040: 38 4d 68 fd 42 66 34 3e 82 46 f0 17 02 bf 65 19 00000040: 38 4d 68 fd 42 66 34 3e 82 46 f0 17 02 bf 65 19
00000050: b0 f7 09 62 0d 12 6a 7e ad 76 57 0d 19 55 cf 01 00000050: b0 f7 09 62 0d 12 6a 7e ad 76 57 0d 19 55 cf 01
00000060: 89 9c 7e f5 5a fa 20 4f 8c 6d a4 83 b9 94 ad 4e 00000060: 89 9c 7e f5 5a fa 20 4f 8c 6d a4 83 b9 94 ad 4e
00000070: 2a 46 08 5a 58 a1 4b 8e 53 2b a4 e6 3b fc 33 de 00000070: 2a 46 08 5a 58 a1 4b 8e 53 2b a4 e6 3b fc 33 de
00000080: cf cb ee 50 6d a1 9f e4 94 06 19 39 39 6b 7e 4b 00000080: cf cb ee 50 6d a1 9f e4 94 06 19 39 39 6b 7e 4b
00000090: 83 f7 07 c0 bb 15 21 8d 8f 2d 5f 6c f6 97 68 21 00000090: 83 f7 07 c0 bb 15 21 8d 8f 2d 5f 6c f6 97 68 21
000000A0: 3c ce c6 67 82 00 8f f3 d7 d6 c3 f2 87 47 b8 b9 000000A0: 3c ce c6 67 82 00 8f f3 d7 d6 c3 f2 87 47 b8 b9
000000B0: a3 0f f8 e2 0a 62 e8 f5 98 df bc f0 02 6a 3f 47 000000B0: a3 0f f8 e2 0a 62 e8 f5 98 df bc f0 02 6a 3f 47
000000C0: c4 f0 24 a4 80 95 bf cf 32 5a a5 22 3c a5 a8 f1 000000C0: c4 f0 24 a4 80 95 bf cf 32 5a a5 22 3c a5 a8 f1
000000D0: 57 d6 3b b8 06 1c b6 d7 c7 b3 58 e7 ee 69 eb 31 000000D0: 57 d6 3b b8 06 1c b6 d7 c7 b3 58 e7 ee 69 eb 31
000000E0: d6 09 db 8b 8a 1d 2b a1 f7 46 e5 b9 99 13 73 30 000000E0: d6 09 db 8b 8a 1d 2b a1 f7 46 e5 b9 99 13 73 30
000000F0: 1f ed 0c 82 4b cc ce 5e 25 79 1b ff 8b ca f0 b2 000000F0: 1f ed 0c 82 4b cc ce 5e 25 79 1b ff 8b ca f0 b2
00000100: 1e 7e 70 03 66 c7 7b 6c 10 92 f2 34 b6 e9 ce bb 00000100: 1e 7e 70 03 66 c7 7b 6c 10 92 f2 34 b6 e9 ce bb
00000110: 65 ce d4 b5 99 f3 70 78 5f 06 f4 fe 0a 3c 00 28 00000110: 65 ce d4 b5 99 f3 70 78 5f 06 f4 fe 0a 3c 00 28
00000120: 68 00000120: 68
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.3-3.13" derivedCounter="(13)">
<t indent="0" pn="section-appendix.a.1.3-3.13.1">
Computes ICV using K3i as K_msg Computes ICV using K3i as K_msg
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.3-3.13.2">
00000000: fc 85 a4 7e 0b 41 77 54 ef 1a 03 cb 00000000: fc 85 a4 7e 0b 41 77 54 ef 1a 03 cb
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.3-3.14" derivedCounter="(14)">
<t indent="0" pn="section-appendix.a.1.3-3.14.1">
Composes IV Composes IV
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.3-3.14.2">
00000000: 00 00 00 00 00 00 00 00 00000000: 00 00 00 00 00 00 00 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.3-3.15" derivedCounter="(15)">
Sends message, peer receives message<sourcecode type="test-vectors"> <t indent="0" pn="section-appendix.a.1.3-3.15.1">
<![CDATA[ Sends message, peer receives message</t>
10.111.10.171:54294->10.111.15.45:500 [341] <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.3-3.15.2">
10.111.10.171:54294-&gt;10.111.15.45:500 [341]
00000000: 43 87 64 8d 6c 9e 28 ff 82 d9 fa f8 74 49 b9 36 00000000: 43 87 64 8d 6c 9e 28 ff 82 d9 fa f8 74 49 b9 36
00000010: 2e 20 24 08 00 00 00 00 00 00 01 55 29 00 01 39 00000010: 2e 20 24 08 00 00 00 00 00 00 01 55 29 00 01 39
00000020: 00 00 00 00 00 00 00 00 00 9b 13 cb cb f1 18 53 00000020: 00 00 00 00 00 00 00 00 00 9b 13 cb cb f1 18 53
00000030: fc 81 2e 75 c3 03 e0 ca 55 c1 fb 55 c0 29 40 48 00000030: fc 81 2e 75 c3 03 e0 ca 55 c1 fb 55 c0 29 40 48
00000040: fc 20 f4 a8 51 5b 97 6b c6 07 4c 7d 45 54 51 0f 00000040: fc 20 f4 a8 51 5b 97 6b c6 07 4c 7d 45 54 51 0f
00000050: 18 7f 43 a4 df 4b e8 e3 b4 eb 68 24 4b f0 1c df 00000050: 18 7f 43 a4 df 4b e8 e3 b4 eb 68 24 4b f0 1c df
00000060: 8f 1e a2 21 31 02 29 68 38 4d 68 fd 42 66 34 3e 00000060: 8f 1e a2 21 31 02 29 68 38 4d 68 fd 42 66 34 3e
00000070: 82 46 f0 17 02 bf 65 19 b0 f7 09 62 0d 12 6a 7e 00000070: 82 46 f0 17 02 bf 65 19 b0 f7 09 62 0d 12 6a 7e
00000080: ad 76 57 0d 19 55 cf 01 89 9c 7e f5 5a fa 20 4f 00000080: ad 76 57 0d 19 55 cf 01 89 9c 7e f5 5a fa 20 4f
skipping to change at line 2568 skipping to change at line 2887
000000C0: 8f 2d 5f 6c f6 97 68 21 3c ce c6 67 82 00 8f f3 000000C0: 8f 2d 5f 6c f6 97 68 21 3c ce c6 67 82 00 8f f3
000000D0: d7 d6 c3 f2 87 47 b8 b9 a3 0f f8 e2 0a 62 e8 f5 000000D0: d7 d6 c3 f2 87 47 b8 b9 a3 0f f8 e2 0a 62 e8 f5
000000E0: 98 df bc f0 02 6a 3f 47 c4 f0 24 a4 80 95 bf cf 000000E0: 98 df bc f0 02 6a 3f 47 c4 f0 24 a4 80 95 bf cf
000000F0: 32 5a a5 22 3c a5 a8 f1 57 d6 3b b8 06 1c b6 d7 000000F0: 32 5a a5 22 3c a5 a8 f1 57 d6 3b b8 06 1c b6 d7
00000100: c7 b3 58 e7 ee 69 eb 31 d6 09 db 8b 8a 1d 2b a1 00000100: c7 b3 58 e7 ee 69 eb 31 d6 09 db 8b 8a 1d 2b a1
00000110: f7 46 e5 b9 99 13 73 30 1f ed 0c 82 4b cc ce 5e 00000110: f7 46 e5 b9 99 13 73 30 1f ed 0c 82 4b cc ce 5e
00000120: 25 79 1b ff 8b ca f0 b2 1e 7e 70 03 66 c7 7b 6c 00000120: 25 79 1b ff 8b ca f0 b2 1e 7e 70 03 66 c7 7b 6c
00000130: 10 92 f2 34 b6 e9 ce bb 65 ce d4 b5 99 f3 70 78 00000130: 10 92 f2 34 b6 e9 ce bb 65 ce d4 b5 99 f3 70 78
00000140: 5f 06 f4 fe 0a 3c 00 28 68 fc 85 a4 7e 0b 41 77 00000140: 5f 06 f4 fe 0a 3c 00 28 68 fc 85 a4 7e 0b 41 77
00000150: 54 ef 1a 03 cb 00000150: 54 ef 1a 03 cb
]]>
</sourcecode> </sourcecode>
</li> </li>
</ol> </ol>
<t>Responder's actions:</t> <t indent="0" pn="section-appendix.a.1.3-4">Responder's actions:</t>
<ol type="(%d)" group="data3.txt"> <ol type="(%d)" group="data3.txt" start="16" indent="adaptive" spacing
<li> ="normal" pn="section-appendix.a.1.3-5">
<li pn="section-appendix.a.1.3-5.1" derivedCounter="(16)">
<t indent="0" pn="section-appendix.a.1.3-5.1.1">
Extracts IV from message Extracts IV from message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.3-5.1.2">
00000000: 00 00 00 00 00 00 00 00 00000000: 00 00 00 00 00 00 00 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.3-5.2" derivedCounter="(17)">
<t indent="0" pn="section-appendix.a.1.3-5.2.1">
Computes K1i (i1 = 0) Computes K1i (i1 = 0)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.3-5.2.2">
00000000: 17 ec f1 84 33 9a c3 e3 93 e1 21 d7 65 3b 6c 83 00000000: 17 ec f1 84 33 9a c3 e3 93 e1 21 d7 65 3b 6c 83
00000010: d4 ae 9c 29 5b 12 cc b3 c5 0c 48 19 49 eb c0 ba 00000010: d4 ae 9c 29 5b 12 cc b3 c5 0c 48 19 49 eb c0 ba
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.3-5.3" derivedCounter="(18)">
<t indent="0" pn="section-appendix.a.1.3-5.3.1">
Computes K2i (i2 = 0) Computes K2i (i2 = 0)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.3-5.3.2">
00000000: 2d 33 c0 55 87 f2 ee ce ac 1a f2 28 64 c6 f5 ad 00000000: 2d 33 c0 55 87 f2 ee ce ac 1a f2 28 64 c6 f5 ad
00000010: de 2d be 7a a8 92 d0 a6 20 bc ef 25 29 7b 56 9f 00000010: de 2d be 7a a8 92 d0 a6 20 bc ef 25 29 7b 56 9f
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.3-5.4" derivedCounter="(19)">
<t indent="0" pn="section-appendix.a.1.3-5.4.1">
Computes K3i (i3 = 0) Computes K3i (i3 = 0)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.3-5.4.2">
00000000: c9 41 22 b5 39 b7 d2 3f c4 4d a6 ae 88 2e ff b4 00000000: c9 41 22 b5 39 b7 d2 3f c4 4d a6 ae 88 2e ff b4
00000010: f4 c0 90 9c bd bc 63 56 14 62 e8 8f 90 1a e7 eb 00000010: f4 c0 90 9c bd bc 63 56 14 62 e8 8f 90 1a e7 eb
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.3-5.5" derivedCounter="(20)">
<t indent="0" pn="section-appendix.a.1.3-5.5.1">
Composes MGM nonce Composes MGM nonce
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.3-5.5.2">
00000000: 00 00 00 00 03 a0 05 b7 b2 2d f9 90 bb 6c ff ca 00000000: 00 00 00 00 03 a0 05 b7 b2 2d f9 90 bb 6c ff ca
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.3-5.6" derivedCounter="(21)">
<t indent="0" pn="section-appendix.a.1.3-5.6.1">
Extracts ICV from message Extracts ICV from message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.3-5.6.2">
00000000: fc 85 a4 7e 0b 41 77 54 ef 1a 03 cb 00000000: fc 85 a4 7e 0b 41 77 54 ef 1a 03 cb
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.3-5.7" derivedCounter="(22)">
<t indent="0" pn="section-appendix.a.1.3-5.7.1">
Extracts AAD from message Extracts AAD from message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.3-5.7.2">
00000000: 43 87 64 8d 6c 9e 28 ff 82 d9 fa f8 74 49 b9 36 00000000: 43 87 64 8d 6c 9e 28 ff 82 d9 fa f8 74 49 b9 36
00000010: 2e 20 24 08 00 00 00 00 00 00 01 55 29 00 01 39 00000010: 2e 20 24 08 00 00 00 00 00 00 01 55 29 00 01 39
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.3-5.8" derivedCounter="(23)">
<t indent="0" pn="section-appendix.a.1.3-5.8.1">
Extracts ciphertext from message Extracts ciphertext from message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.3-5.8.2">
00000000: 00 9b 13 cb cb f1 18 53 fc 81 2e 75 c3 03 e0 ca 00000000: 00 9b 13 cb cb f1 18 53 fc 81 2e 75 c3 03 e0 ca
00000010: 55 c1 fb 55 c0 29 40 48 fc 20 f4 a8 51 5b 97 6b 00000010: 55 c1 fb 55 c0 29 40 48 fc 20 f4 a8 51 5b 97 6b
00000020: c6 07 4c 7d 45 54 51 0f 18 7f 43 a4 df 4b e8 e3 00000020: c6 07 4c 7d 45 54 51 0f 18 7f 43 a4 df 4b e8 e3
00000030: b4 eb 68 24 4b f0 1c df 8f 1e a2 21 31 02 29 68 00000030: b4 eb 68 24 4b f0 1c df 8f 1e a2 21 31 02 29 68
00000040: 38 4d 68 fd 42 66 34 3e 82 46 f0 17 02 bf 65 19 00000040: 38 4d 68 fd 42 66 34 3e 82 46 f0 17 02 bf 65 19
00000050: b0 f7 09 62 0d 12 6a 7e ad 76 57 0d 19 55 cf 01 00000050: b0 f7 09 62 0d 12 6a 7e ad 76 57 0d 19 55 cf 01
00000060: 89 9c 7e f5 5a fa 20 4f 8c 6d a4 83 b9 94 ad 4e 00000060: 89 9c 7e f5 5a fa 20 4f 8c 6d a4 83 b9 94 ad 4e
00000070: 2a 46 08 5a 58 a1 4b 8e 53 2b a4 e6 3b fc 33 de 00000070: 2a 46 08 5a 58 a1 4b 8e 53 2b a4 e6 3b fc 33 de
00000080: cf cb ee 50 6d a1 9f e4 94 06 19 39 39 6b 7e 4b 00000080: cf cb ee 50 6d a1 9f e4 94 06 19 39 39 6b 7e 4b
00000090: 83 f7 07 c0 bb 15 21 8d 8f 2d 5f 6c f6 97 68 21 00000090: 83 f7 07 c0 bb 15 21 8d 8f 2d 5f 6c f6 97 68 21
000000A0: 3c ce c6 67 82 00 8f f3 d7 d6 c3 f2 87 47 b8 b9 000000A0: 3c ce c6 67 82 00 8f f3 d7 d6 c3 f2 87 47 b8 b9
000000B0: a3 0f f8 e2 0a 62 e8 f5 98 df bc f0 02 6a 3f 47 000000B0: a3 0f f8 e2 0a 62 e8 f5 98 df bc f0 02 6a 3f 47
000000C0: c4 f0 24 a4 80 95 bf cf 32 5a a5 22 3c a5 a8 f1 000000C0: c4 f0 24 a4 80 95 bf cf 32 5a a5 22 3c a5 a8 f1
000000D0: 57 d6 3b b8 06 1c b6 d7 c7 b3 58 e7 ee 69 eb 31 000000D0: 57 d6 3b b8 06 1c b6 d7 c7 b3 58 e7 ee 69 eb 31
000000E0: d6 09 db 8b 8a 1d 2b a1 f7 46 e5 b9 99 13 73 30 000000E0: d6 09 db 8b 8a 1d 2b a1 f7 46 e5 b9 99 13 73 30
000000F0: 1f ed 0c 82 4b cc ce 5e 25 79 1b ff 8b ca f0 b2 000000F0: 1f ed 0c 82 4b cc ce 5e 25 79 1b ff 8b ca f0 b2
00000100: 1e 7e 70 03 66 c7 7b 6c 10 92 f2 34 b6 e9 ce bb 00000100: 1e 7e 70 03 66 c7 7b 6c 10 92 f2 34 b6 e9 ce bb
00000110: 65 ce d4 b5 99 f3 70 78 5f 06 f4 fe 0a 3c 00 28 00000110: 65 ce d4 b5 99 f3 70 78 5f 06 f4 fe 0a 3c 00 28
00000120: 68 00000120: 68
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.3-5.9" derivedCounter="(24)">
Decrypts ciphertext and verifies ICV using K3i as K_msg, resulted in plaintext <t indent="0" pn="section-appendix.a.1.3-5.9.1">
<sourcecode type="test-vectors"> Decrypts ciphertext and verifies ICV using K3i as K_msg, resulting in plaintext
<![CDATA[ </t>
<sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.3-5.9.2">
00000000: 21 00 00 0c 03 04 40 09 0a de 5f cd 28 00 00 28 00000000: 21 00 00 0c 03 04 40 09 0a de 5f cd 28 00 00 28
00000010: 00 00 00 24 01 03 04 03 a4 fe 65 a1 03 00 00 08 00000010: 00 00 00 24 01 03 04 03 a4 fe 65 a1 03 00 00 08
00000020: 01 00 00 20 03 00 00 08 04 00 00 22 00 00 00 08 00000020: 01 00 00 20 03 00 00 08 04 00 00 22 00 00 00 08
00000030: 05 00 00 00 22 00 00 24 59 52 b2 58 00 b7 d3 f9 00000030: 05 00 00 00 22 00 00 24 59 52 b2 58 00 b7 d3 f9
00000040: c3 31 23 16 6f c2 d1 d7 07 8b 99 fb 24 cf 24 30 00000040: c3 31 23 16 6f c2 d1 d7 07 8b 99 fb 24 cf 24 30
00000050: a3 ce a6 fe d3 0f 20 9b 2c 00 00 88 00 22 00 00 00000050: a3 ce a6 fe d3 0f 20 9b 2c 00 00 88 00 22 00 00
00000060: 1c 55 08 b9 01 f5 76 6a 01 27 97 2d 38 b1 4a 5c 00000060: 1c 55 08 b9 01 f5 76 6a 01 27 97 2d 38 b1 4a 5c
00000070: b7 43 f1 64 24 ef 76 75 50 ce 4f 6f 59 ca 96 ae 00000070: b7 43 f1 64 24 ef 76 75 50 ce 4f 6f 59 ca 96 ae
00000080: 54 85 9c 94 8d 04 91 62 3a 0c b6 6e 77 59 81 40 00000080: 54 85 9c 94 8d 04 91 62 3a 0c b6 6e 77 59 81 40
00000090: 69 bf bb 80 f7 7c 29 ee 9f 9e 0c 83 b6 08 fc 43 00000090: 69 bf bb 80 f7 7c 29 ee 9f 9e 0c 83 b6 08 fc 43
000000A0: b8 c6 66 36 e5 eb a0 43 c2 56 fa 52 f9 99 b6 95 000000A0: b8 c6 66 36 e5 eb a0 43 c2 56 fa 52 f9 99 b6 95
000000B0: 34 4c cd 49 1f c7 83 9e d7 d9 ca e3 a5 d0 3c aa 000000B0: 34 4c cd 49 1f c7 83 9e d7 d9 ca e3 a5 d0 3c aa
000000C0: e8 ee ed 2c dd 5c 81 49 ab 3c d4 fa 15 4e 29 5f 000000C0: e8 ee ed 2c dd 5c 81 49 ab 3c d4 fa 15 4e 29 5f
000000D0: 7c cd b2 f1 c1 d2 6f 8f a7 74 4d 6a d8 8a c3 60 000000D0: 7c cd b2 f1 c1 d2 6f 8f a7 74 4d 6a d8 8a c3 60
000000E0: 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff 000000E0: 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff
000000F0: 0a 01 01 02 0a 01 01 02 29 00 00 18 01 00 00 00 000000F0: 0a 01 01 02 0a 01 01 02 29 00 00 18 01 00 00 00
00000100: 07 00 00 10 00 00 ff ff 0a 00 00 00 0a 00 00 ff 00000100: 07 00 00 10 00 00 ff ff 0a 00 00 00 0a 00 00 ff
00000110: 29 00 00 08 00 00 40 0a 00 00 00 08 00 00 40 0b 00000110: 29 00 00 08 00 00 40 0a 00 00 00 08 00 00 40 0b
00000120: 00 00000120: 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.3-5.10" derivedCounter="(25)">
<t indent="0" pn="section-appendix.a.1.3-5.10.1">
Parses received message Parses received message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.3-5.10.2">
Create Child SA Create Child SA
4387648D6C9E28FF.82D9FAF87449B936.00000000 IKEv2 I->R[341] 4387648D6C9E28FF.82D9FAF87449B936.00000000 IKEv2 I-&gt;R[341]
E[313]{ E[313]{
N[12](ESP:0ADE5FCD:REKEY_SA), N[12](ESP:0ADE5FCD:REKEY_SA),
SA[40]{ SA[40]{
P[36](#1:ESP:A4FE65A1:3#){ P[36](#1:ESP:A4FE65A1:3#){
Encryption=ENCR_KUZNYECHIK_MGM_KTREE, Encryption=ENCR_KUZNYECHIK_MGM_KTREE,
KE=GOST3410_2012_512, KE=GOST3410_2012_512,
ESN=Off}}, ESN=Off}},
NONCE[36]{5952B2...0F209B}, NONCE[36]{5952B2...0F209B},
KE[136](GOST3410_2012_512){1C5508...8AC360}, KE[136](GOST3410_2012_512){1C5508...8AC360},
TSi[24](1#){10.1.1.2}, TSi[24](1#){10.1.1.2},
TSr[24](1#){10.0.0.0-10.0.0.255}, TSr[24](1#){10.0.0.0-10.0.0.255},
N[8](ESP_TFC_PADDING_NOT_SUPPORTED), N[8](ESP_TFC_PADDING_NOT_SUPPORTED),
N[8](NON_FIRST_FRAGMENTS_ALSO)} N[8](NON_FIRST_FRAGMENTS_ALSO)}
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.3-5.11" derivedCounter="(26)">
<t indent="0" pn="section-appendix.a.1.3-5.11.1">
Generates random IKE nonce Nr Generates random IKE nonce Nr
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.3-5.11.2">
00000000: f1 c1 3f 5e c4 c9 70 81 cb 1f 57 fe af 3d 80 37 00000000: f1 c1 3f 5e c4 c9 70 81 cb 1f 57 fe af 3d 80 37
00000010: 92 a9 ff 96 db 8f 3f 31 0a db 84 d1 24 d5 94 12 00000010: 92 a9 ff 96 db 8f 3f 31 0a db 84 d1 24 d5 94 12
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.3-5.12" derivedCounter="(27)">
<t indent="0" pn="section-appendix.a.1.3-5.12.1">
Generates ephemeral private key Generates ephemeral private key
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.3-5.12.2">
00000000: 2e 75 2f 5d 6c f0 9a 59 af 47 8d e1 2a a5 aa f5 00000000: 2e 75 2f 5d 6c f0 9a 59 af 47 8d e1 2a a5 aa f5
00000010: c1 ef 9a fb e0 16 5e d9 59 6a c5 96 e8 88 14 62 00000010: c1 ef 9a fb e0 16 5e d9 59 6a c5 96 e8 88 14 62
00000020: 03 81 90 4f 18 d1 60 18 fe dc 9a a1 61 b3 8b c0 00000020: 03 81 90 4f 18 d1 60 18 fe dc 9a a1 61 b3 8b c0
00000030: bf e0 d9 a0 d5 2b f2 7b 6b 60 f5 b9 4d e9 0b 36 00000030: bf e0 d9 a0 d5 2b f2 7b 6b 60 f5 b9 4d e9 0b 36
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.3-5.13" derivedCounter="(28)">
<t indent="0" pn="section-appendix.a.1.3-5.13.1">
Computes public key Computes public key
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.3-5.13.2">
00000000: de 1d 91 64 c3 3e 58 4a b3 3e 55 5d 3e f6 5b cb 00000000: de 1d 91 64 c3 3e 58 4a b3 3e 55 5d 3e f6 5b cb
00000010: b5 c6 1c 09 cb 9a 17 91 81 13 5f 46 ce 52 98 c5 00000010: b5 c6 1c 09 cb 9a 17 91 81 13 5f 46 ce 52 98 c5
00000020: 1e bb 77 96 c9 04 03 2d f4 e5 23 f9 75 e3 ef a8 00000020: 1e bb 77 96 c9 04 03 2d f4 e5 23 f9 75 e3 ef a8
00000030: 53 52 b4 75 9c 00 55 7b 09 75 49 55 c1 65 7c 4d 00000030: 53 52 b4 75 9c 00 55 7b 09 75 49 55 c1 65 7c 4d
00000040: 67 77 00 0a bc cd bc 4c 34 c3 b3 85 ed 86 7d 3b 00000040: 67 77 00 0a bc cd bc 4c 34 c3 b3 85 ed 86 7d 3b
00000050: 9f f7 15 ea 55 b5 e4 1e 45 d9 b0 4f 69 3f ee 7c 00000050: 9f f7 15 ea 55 b5 e4 1e 45 d9 b0 4f 69 3f ee 7c
00000060: 89 0e 09 3d 4b 35 2e 8a 3c 0c 33 20 c3 54 7b 44 00000060: 89 0e 09 3d 4b 35 2e 8a 3c 0c 33 20 c3 54 7b 44
00000070: db 9f c7 96 a0 1e 9e ae b4 bd 29 73 b6 80 2d 00 00000070: db 9f c7 96 a0 1e 9e ae b4 bd 29 73 b6 80 2d 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.3-5.14" derivedCounter="(29)">
<t indent="0" pn="section-appendix.a.1.3-5.14.1">
Selects SPI for new incoming ESP SA Selects SPI for new incoming ESP SA
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.3-5.14.2">
00000000: 29 0a 8e 3f 00000000: 29 0a 8e 3f
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.3-5.15" derivedCounter="(30)">
<t indent="0" pn="section-appendix.a.1.3-5.15.1">
Computes keys for new ESP SAs Computes keys for new ESP SAs
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.3-5.15.2">
00000000: 4e c4 99 c2 d9 e8 fc 7f 26 fa cf df 20 8f a2 5c 00000000: 4e c4 99 c2 d9 e8 fc 7f 26 fa cf df 20 8f a2 5c
00000010: 85 f8 e3 0c f7 fd 11 5b 5f 80 ba c4 e6 70 8b e4 00000010: 85 f8 e3 0c f7 fd 11 5b 5f 80 ba c4 e6 70 8b e4
00000020: 0b 90 d7 8f bd d4 c5 bd c4 31 6f 0b 00000020: 0b 90 d7 8f bd d4 c5 bd c4 31 6f 0b
00000000: 3c cc d8 46 72 44 68 c6 41 84 d2 22 ea 39 7c e8 00000000: 3c cc d8 46 72 44 68 c6 41 84 d2 22 ea 39 7c e8
00000010: aa 83 66 11 3a 26 4d 7b 07 52 6b c7 65 25 73 9d 00000010: aa 83 66 11 3a 26 4d 7b 07 52 6b c7 65 25 73 9d
00000020: 0f 3d 80 bc 8c 34 ff 07 31 11 5e d2 00000020: 0f 3d 80 bc 8c 34 ff 07 31 11 5e d2
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.3-5.16" derivedCounter="(31)">
<t indent="0" pn="section-appendix.a.1.3-5.16.1">
Creates message Creates message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.3-5.16.2">
Create Child SA Create Child SA
4387648D6C9E28FF.82D9FAF87449B936.00000000 IKEv2 I<=R[337] 4387648D6C9E28FF.82D9FAF87449B936.00000000 IKEv2 I&lt;=R[337]
E[309]{ E[309]{
SA[40]{ SA[40]{
P[36](#1:ESP:290A8E3F:3#){ P[36](#1:ESP:290A8E3F:3#){
Encryption=ENCR_KUZNYECHIK_MGM_KTREE, Encryption=ENCR_KUZNYECHIK_MGM_KTREE,
KE=GOST3410_2012_512, KE=GOST3410_2012_512,
ESN=Off}}, ESN=Off}},
NONCE[36]{F1C13F...D59412}, NONCE[36]{F1C13F...D59412},
KE[136](GOST3410_2012_512){DE1D91...802D00}, KE[136](GOST3410_2012_512){DE1D91...802D00},
TSi[24](1#){10.1.1.2}, TSi[24](1#){10.1.1.2},
TSr[24](1#){10.0.0.0-10.0.0.255}, TSr[24](1#){10.0.0.0-10.0.0.255},
N[8](ADDITIONAL_TS_POSSIBLE), N[8](ADDITIONAL_TS_POSSIBLE),
N[8](ESP_TFC_PADDING_NOT_SUPPORTED), N[8](ESP_TFC_PADDING_NOT_SUPPORTED),
N[8](NON_FIRST_FRAGMENTS_ALSO)} N[8](NON_FIRST_FRAGMENTS_ALSO)}
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.3-5.17" derivedCounter="(32)">
<t indent="0" pn="section-appendix.a.1.3-5.17.1">
Computes K1r (i1 = 0) Computes K1r (i1 = 0)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.3-5.17.2">
00000000: 0c 45 d2 29 64 b8 72 57 11 10 3b a0 c2 66 d8 63 00000000: 0c 45 d2 29 64 b8 72 57 11 10 3b a0 c2 66 d8 63
00000010: 34 f5 22 43 bf 6b 9a 1b 67 d6 d2 d8 fc 87 75 38 00000010: 34 f5 22 43 bf 6b 9a 1b 67 d6 d2 d8 fc 87 75 38
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.3-5.18" derivedCounter="(33)">
<t indent="0" pn="section-appendix.a.1.3-5.18.1">
Computes K2r (i2 = 0) Computes K2r (i2 = 0)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.3-5.18.2">
00000000: a9 92 d9 92 1f 15 13 bd db 61 83 43 58 2d dd e6 00000000: a9 92 d9 92 1f 15 13 bd db 61 83 43 58 2d dd e6
00000010: 66 28 4f 5d 71 47 a9 d4 8e 31 2e 95 37 f8 c5 d2 00000010: 66 28 4f 5d 71 47 a9 d4 8e 31 2e 95 37 f8 c5 d2
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.3-5.19" derivedCounter="(34)">
<t indent="0" pn="section-appendix.a.1.3-5.19.1">
Computes K3r (i3 = 0) Computes K3r (i3 = 0)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.3-5.19.2">
00000000: c1 ca 4f dd 2d 02 55 a4 11 9a 10 08 43 2d 61 ea 00000000: c1 ca 4f dd 2d 02 55 a4 11 9a 10 08 43 2d 61 ea
00000010: 52 68 83 c5 ec 92 53 24 01 b0 a2 0b d2 8f 72 78 00000010: 52 68 83 c5 ec 92 53 24 01 b0 a2 0b d2 8f 72 78
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.3-5.20" derivedCounter="(35)">
<t indent="0" pn="section-appendix.a.1.3-5.20.1">
Composes MGM nonce Composes MGM nonce
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.3-5.20.2">
00000000: 00 00 00 00 84 57 87 2b 38 70 63 27 8c dd 88 78 00000000: 00 00 00 00 84 57 87 2b 38 70 63 27 8c dd 88 78
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.3-5.21" derivedCounter="(36)">
<t indent="0" pn="section-appendix.a.1.3-5.21.1">
Composes AAD Composes AAD
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.3-5.21.2">
00000000: 43 87 64 8d 6c 9e 28 ff 82 d9 fa f8 74 49 b9 36 00000000: 43 87 64 8d 6c 9e 28 ff 82 d9 fa f8 74 49 b9 36
00000010: 2e 20 24 20 00 00 00 00 00 00 01 51 21 00 01 35 00000010: 2e 20 24 20 00 00 00 00 00 00 01 51 21 00 01 35
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.3-5.22" derivedCounter="(37)">
<t indent="0" pn="section-appendix.a.1.3-5.22.1">
Composes plaintext Composes plaintext
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.3-5.22.2">
00000000: 28 00 00 28 00 00 00 24 01 03 04 03 29 0a 8e 3f 00000000: 28 00 00 28 00 00 00 24 01 03 04 03 29 0a 8e 3f
00000010: 03 00 00 08 01 00 00 20 03 00 00 08 04 00 00 22 00000010: 03 00 00 08 01 00 00 20 03 00 00 08 04 00 00 22
00000020: 00 00 00 08 05 00 00 00 22 00 00 24 f1 c1 3f 5e 00000020: 00 00 00 08 05 00 00 00 22 00 00 24 f1 c1 3f 5e
00000030: c4 c9 70 81 cb 1f 57 fe af 3d 80 37 92 a9 ff 96 00000030: c4 c9 70 81 cb 1f 57 fe af 3d 80 37 92 a9 ff 96
00000040: db 8f 3f 31 0a db 84 d1 24 d5 94 12 2c 00 00 88 00000040: db 8f 3f 31 0a db 84 d1 24 d5 94 12 2c 00 00 88
00000050: 00 22 00 00 de 1d 91 64 c3 3e 58 4a b3 3e 55 5d 00000050: 00 22 00 00 de 1d 91 64 c3 3e 58 4a b3 3e 55 5d
00000060: 3e f6 5b cb b5 c6 1c 09 cb 9a 17 91 81 13 5f 46 00000060: 3e f6 5b cb b5 c6 1c 09 cb 9a 17 91 81 13 5f 46
00000070: ce 52 98 c5 1e bb 77 96 c9 04 03 2d f4 e5 23 f9 00000070: ce 52 98 c5 1e bb 77 96 c9 04 03 2d f4 e5 23 f9
00000080: 75 e3 ef a8 53 52 b4 75 9c 00 55 7b 09 75 49 55 00000080: 75 e3 ef a8 53 52 b4 75 9c 00 55 7b 09 75 49 55
00000090: c1 65 7c 4d 67 77 00 0a bc cd bc 4c 34 c3 b3 85 00000090: c1 65 7c 4d 67 77 00 0a bc cd bc 4c 34 c3 b3 85
000000A0: ed 86 7d 3b 9f f7 15 ea 55 b5 e4 1e 45 d9 b0 4f 000000A0: ed 86 7d 3b 9f f7 15 ea 55 b5 e4 1e 45 d9 b0 4f
000000B0: 69 3f ee 7c 89 0e 09 3d 4b 35 2e 8a 3c 0c 33 20 000000B0: 69 3f ee 7c 89 0e 09 3d 4b 35 2e 8a 3c 0c 33 20
000000C0: c3 54 7b 44 db 9f c7 96 a0 1e 9e ae b4 bd 29 73 000000C0: c3 54 7b 44 db 9f c7 96 a0 1e 9e ae b4 bd 29 73
000000D0: b6 80 2d 00 2d 00 00 18 01 00 00 00 07 00 00 10 000000D0: b6 80 2d 00 2d 00 00 18 01 00 00 00 07 00 00 10
000000E0: 00 00 ff ff 0a 01 01 02 0a 01 01 02 29 00 00 18 000000E0: 00 00 ff ff 0a 01 01 02 0a 01 01 02 29 00 00 18
000000F0: 01 00 00 00 07 00 00 10 00 00 ff ff 0a 00 00 00 000000F0: 01 00 00 00 07 00 00 10 00 00 ff ff 0a 00 00 00
00000100: 0a 00 00 ff 29 00 00 08 00 00 40 02 29 00 00 08 00000100: 0a 00 00 ff 29 00 00 08 00 00 40 02 29 00 00 08
00000110: 00 00 40 0a 00 00 00 08 00 00 40 0b 00 00000110: 00 00 40 0a 00 00 00 08 00 00 40 0b 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.3-5.23" derivedCounter="(38)">
Encrypts plaintext using K3r as K_msg, resulted in ciphertext <t indent="0" pn="section-appendix.a.1.3-5.23.1">
<sourcecode type="test-vectors"> Encrypts plaintext using K3r as K_msg, resulting in ciphertext
<![CDATA[ </t>
<sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.3-5.23.2">
00000000: 42 73 5f 2b 14 a0 27 ca 3c 90 67 80 3c 3d 99 02 00000000: 42 73 5f 2b 14 a0 27 ca 3c 90 67 80 3c 3d 99 02
00000010: 1c 08 c8 67 03 0f 69 f1 c3 64 43 a6 59 74 ce b0 00000010: 1c 08 c8 67 03 0f 69 f1 c3 64 43 a6 59 74 ce b0
00000020: d7 5d 29 58 53 3a f6 c3 20 04 56 ba 2e af 14 9b 00000020: d7 5d 29 58 53 3a f6 c3 20 04 56 ba 2e af 14 9b
00000030: 2d a3 93 15 2c e5 15 e6 59 2b 7f 47 94 7f 90 82 00000030: 2d a3 93 15 2c e5 15 e6 59 2b 7f 47 94 7f 90 82
00000040: ce d3 64 cc 89 92 04 c6 bc 7b ce 61 c6 1d 7f a5 00000040: ce d3 64 cc 89 92 04 c6 bc 7b ce 61 c6 1d 7f a5
00000050: 45 1c 27 e6 0b 78 1a f2 75 8f 3e 47 53 8e d7 16 00000050: 45 1c 27 e6 0b 78 1a f2 75 8f 3e 47 53 8e d7 16
00000060: 11 f4 26 04 ae 5e d5 b8 84 b6 ac e6 20 28 da ca 00000060: 11 f4 26 04 ae 5e d5 b8 84 b6 ac e6 20 28 da ca
00000070: da 84 fe 0d c4 4d 29 2f 58 30 fe 93 f6 59 04 4a 00000070: da 84 fe 0d c4 4d 29 2f 58 30 fe 93 f6 59 04 4a
00000080: 9b aa 97 99 5b 5e 74 9c 5d 45 d5 99 42 16 8c ab 00000080: 9b aa 97 99 5b 5e 74 9c 5d 45 d5 99 42 16 8c ab
00000090: 62 cb 9f 14 5f f5 25 92 34 5c 8d 61 45 44 55 6d 00000090: 62 cb 9f 14 5f f5 25 92 34 5c 8d 61 45 44 55 6d
000000A0: 3d 80 b0 39 f0 39 0b 43 8a f9 b7 b7 17 41 34 ce 000000A0: 3d 80 b0 39 f0 39 0b 43 8a f9 b7 b7 17 41 34 ce
000000B0: 36 bf e3 e7 1a 68 61 72 0e f1 91 24 89 ab d7 e9 000000B0: 36 bf e3 e7 1a 68 61 72 0e f1 91 24 89 ab d7 e9
000000C0: a9 b1 87 38 a1 c0 4c 42 4e 47 62 28 9e d7 1f 02 000000C0: a9 b1 87 38 a1 c0 4c 42 4e 47 62 28 9e d7 1f 02
000000D0: 13 40 69 38 31 f1 91 87 ec 54 11 0a 2d d9 25 15 000000D0: 13 40 69 38 31 f1 91 87 ec 54 11 0a 2d d9 25 15
000000E0: 15 16 37 b7 71 94 11 49 5e f7 28 90 c5 1e 6b 07 000000E0: 15 16 37 b7 71 94 11 49 5e f7 28 90 c5 1e 6b 07
000000F0: d9 cf 06 a2 a2 33 0e e0 25 67 db a6 17 11 27 60 000000F0: d9 cf 06 a2 a2 33 0e e0 25 67 db a6 17 11 27 60
00000100: c8 21 f7 79 63 aa b0 f9 7b 95 03 a7 8d 2e d7 df 00000100: c8 21 f7 79 63 aa b0 f9 7b 95 03 a7 8d 2e d7 df
00000110: 58 e7 30 ab d3 c8 f1 24 40 69 fc 3f bf 00000110: 58 e7 30 ab d3 c8 f1 24 40 69 fc 3f bf
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.3-5.24" derivedCounter="(39)">
<t indent="0" pn="section-appendix.a.1.3-5.24.1">
Computes ICV using K3r as K_msg Computes ICV using K3r as K_msg
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.3-5.24.2">
00000000: 3a 2d 3c 6b 87 43 ed 6e 80 ab 27 e2 00000000: 3a 2d 3c 6b 87 43 ed 6e 80 ab 27 e2
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.3-5.25" derivedCounter="(40)">
<t indent="0" pn="section-appendix.a.1.3-5.25.1">
Composes IV Composes IV
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.3-5.25.2">
00000000: 00 00 00 00 00 00 00 00 00000000: 00 00 00 00 00 00 00 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.3-5.26" derivedCounter="(41)">
Sends message, peer receives message<sourcecode type="test-vectors"> <t indent="0" pn="section-appendix.a.1.3-5.26.1">
<![CDATA[ Sends message, peer receives message</t>
10.111.10.171:54294<-10.111.15.45:500 [337] <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.3-5.26.2">
10.111.10.171:54294&lt;-10.111.15.45:500 [337]
00000000: 43 87 64 8d 6c 9e 28 ff 82 d9 fa f8 74 49 b9 36 00000000: 43 87 64 8d 6c 9e 28 ff 82 d9 fa f8 74 49 b9 36
00000010: 2e 20 24 20 00 00 00 00 00 00 01 51 21 00 01 35 00000010: 2e 20 24 20 00 00 00 00 00 00 01 51 21 00 01 35
00000020: 00 00 00 00 00 00 00 00 42 73 5f 2b 14 a0 27 ca 00000020: 00 00 00 00 00 00 00 00 42 73 5f 2b 14 a0 27 ca
00000030: 3c 90 67 80 3c 3d 99 02 1c 08 c8 67 03 0f 69 f1 00000030: 3c 90 67 80 3c 3d 99 02 1c 08 c8 67 03 0f 69 f1
00000040: c3 64 43 a6 59 74 ce b0 d7 5d 29 58 53 3a f6 c3 00000040: c3 64 43 a6 59 74 ce b0 d7 5d 29 58 53 3a f6 c3
00000050: 20 04 56 ba 2e af 14 9b 2d a3 93 15 2c e5 15 e6 00000050: 20 04 56 ba 2e af 14 9b 2d a3 93 15 2c e5 15 e6
00000060: 59 2b 7f 47 94 7f 90 82 ce d3 64 cc 89 92 04 c6 00000060: 59 2b 7f 47 94 7f 90 82 ce d3 64 cc 89 92 04 c6
00000070: bc 7b ce 61 c6 1d 7f a5 45 1c 27 e6 0b 78 1a f2 00000070: bc 7b ce 61 c6 1d 7f a5 45 1c 27 e6 0b 78 1a f2
00000080: 75 8f 3e 47 53 8e d7 16 11 f4 26 04 ae 5e d5 b8 00000080: 75 8f 3e 47 53 8e d7 16 11 f4 26 04 ae 5e d5 b8
skipping to change at line 2923 skipping to change at line 3242
000000C0: 34 5c 8d 61 45 44 55 6d 3d 80 b0 39 f0 39 0b 43 000000C0: 34 5c 8d 61 45 44 55 6d 3d 80 b0 39 f0 39 0b 43
000000D0: 8a f9 b7 b7 17 41 34 ce 36 bf e3 e7 1a 68 61 72 000000D0: 8a f9 b7 b7 17 41 34 ce 36 bf e3 e7 1a 68 61 72
000000E0: 0e f1 91 24 89 ab d7 e9 a9 b1 87 38 a1 c0 4c 42 000000E0: 0e f1 91 24 89 ab d7 e9 a9 b1 87 38 a1 c0 4c 42
000000F0: 4e 47 62 28 9e d7 1f 02 13 40 69 38 31 f1 91 87 000000F0: 4e 47 62 28 9e d7 1f 02 13 40 69 38 31 f1 91 87
00000100: ec 54 11 0a 2d d9 25 15 15 16 37 b7 71 94 11 49 00000100: ec 54 11 0a 2d d9 25 15 15 16 37 b7 71 94 11 49
00000110: 5e f7 28 90 c5 1e 6b 07 d9 cf 06 a2 a2 33 0e e0 00000110: 5e f7 28 90 c5 1e 6b 07 d9 cf 06 a2 a2 33 0e e0
00000120: 25 67 db a6 17 11 27 60 c8 21 f7 79 63 aa b0 f9 00000120: 25 67 db a6 17 11 27 60 c8 21 f7 79 63 aa b0 f9
00000130: 7b 95 03 a7 8d 2e d7 df 58 e7 30 ab d3 c8 f1 24 00000130: 7b 95 03 a7 8d 2e d7 df 58 e7 30 ab d3 c8 f1 24
00000140: 40 69 fc 3f bf 3a 2d 3c 6b 87 43 ed 6e 80 ab 27 00000140: 40 69 fc 3f bf 3a 2d 3c 6b 87 43 ed 6e 80 ab 27
00000150: e2 00000150: e2
]]>
</sourcecode> </sourcecode>
</li> </li>
</ol> </ol>
<t>Initiator's actions:</t> <t indent="0" pn="section-appendix.a.1.3-6">Initiator's actions:</t>
<ol type="(%d)" group="data3.txt"> <ol type="(%d)" group="data3.txt" start="42" indent="adaptive" spacing
<li> ="normal" pn="section-appendix.a.1.3-7">
<li pn="section-appendix.a.1.3-7.1" derivedCounter="(42)">
<t indent="0" pn="section-appendix.a.1.3-7.1.1">
Extracts IV from message Extracts IV from message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.3-7.1.2">
00000000: 00 00 00 00 00 00 00 00 00000000: 00 00 00 00 00 00 00 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.3-7.2" derivedCounter="(43)">
<t indent="0" pn="section-appendix.a.1.3-7.2.1">
Computes K1r (i1 = 0) Computes K1r (i1 = 0)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.3-7.2.2">
00000000: 0c 45 d2 29 64 b8 72 57 11 10 3b a0 c2 66 d8 63 00000000: 0c 45 d2 29 64 b8 72 57 11 10 3b a0 c2 66 d8 63
00000010: 34 f5 22 43 bf 6b 9a 1b 67 d6 d2 d8 fc 87 75 38 00000010: 34 f5 22 43 bf 6b 9a 1b 67 d6 d2 d8 fc 87 75 38
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.3-7.3" derivedCounter="(44)">
<t indent="0" pn="section-appendix.a.1.3-7.3.1">
Computes K2r (i2 = 0) Computes K2r (i2 = 0)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.3-7.3.2">
00000000: a9 92 d9 92 1f 15 13 bd db 61 83 43 58 2d dd e6 00000000: a9 92 d9 92 1f 15 13 bd db 61 83 43 58 2d dd e6
00000010: 66 28 4f 5d 71 47 a9 d4 8e 31 2e 95 37 f8 c5 d2 00000010: 66 28 4f 5d 71 47 a9 d4 8e 31 2e 95 37 f8 c5 d2
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.3-7.4" derivedCounter="(45)">
<t indent="0" pn="section-appendix.a.1.3-7.4.1">
Computes K3r (i3 = 0) Computes K3r (i3 = 0)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.3-7.4.2">
00000000: c1 ca 4f dd 2d 02 55 a4 11 9a 10 08 43 2d 61 ea 00000000: c1 ca 4f dd 2d 02 55 a4 11 9a 10 08 43 2d 61 ea
00000010: 52 68 83 c5 ec 92 53 24 01 b0 a2 0b d2 8f 72 78 00000010: 52 68 83 c5 ec 92 53 24 01 b0 a2 0b d2 8f 72 78
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.3-7.5" derivedCounter="(46)">
<t indent="0" pn="section-appendix.a.1.3-7.5.1">
Composes MGM nonce Composes MGM nonce
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.3-7.5.2">
00000000: 00 00 00 00 84 57 87 2b 38 70 63 27 8c dd 88 78 00000000: 00 00 00 00 84 57 87 2b 38 70 63 27 8c dd 88 78
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.3-7.6" derivedCounter="(47)">
<t indent="0" pn="section-appendix.a.1.3-7.6.1">
Extracts ICV from message Extracts ICV from message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.3-7.6.2">
00000000: 3a 2d 3c 6b 87 43 ed 6e 80 ab 27 e2 00000000: 3a 2d 3c 6b 87 43 ed 6e 80 ab 27 e2
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.3-7.7" derivedCounter="(48)">
<t indent="0" pn="section-appendix.a.1.3-7.7.1">
Extracts AAD from message Extracts AAD from message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.3-7.7.2">
00000000: 43 87 64 8d 6c 9e 28 ff 82 d9 fa f8 74 49 b9 36 00000000: 43 87 64 8d 6c 9e 28 ff 82 d9 fa f8 74 49 b9 36
00000010: 2e 20 24 20 00 00 00 00 00 00 01 51 21 00 01 35 00000010: 2e 20 24 20 00 00 00 00 00 00 01 51 21 00 01 35
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.3-7.8" derivedCounter="(49)">
<t indent="0" pn="section-appendix.a.1.3-7.8.1">
Extracts ciphertext from message Extracts ciphertext from message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.3-7.8.2">
00000000: 42 73 5f 2b 14 a0 27 ca 3c 90 67 80 3c 3d 99 02 00000000: 42 73 5f 2b 14 a0 27 ca 3c 90 67 80 3c 3d 99 02
00000010: 1c 08 c8 67 03 0f 69 f1 c3 64 43 a6 59 74 ce b0 00000010: 1c 08 c8 67 03 0f 69 f1 c3 64 43 a6 59 74 ce b0
00000020: d7 5d 29 58 53 3a f6 c3 20 04 56 ba 2e af 14 9b 00000020: d7 5d 29 58 53 3a f6 c3 20 04 56 ba 2e af 14 9b
00000030: 2d a3 93 15 2c e5 15 e6 59 2b 7f 47 94 7f 90 82 00000030: 2d a3 93 15 2c e5 15 e6 59 2b 7f 47 94 7f 90 82
00000040: ce d3 64 cc 89 92 04 c6 bc 7b ce 61 c6 1d 7f a5 00000040: ce d3 64 cc 89 92 04 c6 bc 7b ce 61 c6 1d 7f a5
00000050: 45 1c 27 e6 0b 78 1a f2 75 8f 3e 47 53 8e d7 16 00000050: 45 1c 27 e6 0b 78 1a f2 75 8f 3e 47 53 8e d7 16
00000060: 11 f4 26 04 ae 5e d5 b8 84 b6 ac e6 20 28 da ca 00000060: 11 f4 26 04 ae 5e d5 b8 84 b6 ac e6 20 28 da ca
00000070: da 84 fe 0d c4 4d 29 2f 58 30 fe 93 f6 59 04 4a 00000070: da 84 fe 0d c4 4d 29 2f 58 30 fe 93 f6 59 04 4a
00000080: 9b aa 97 99 5b 5e 74 9c 5d 45 d5 99 42 16 8c ab 00000080: 9b aa 97 99 5b 5e 74 9c 5d 45 d5 99 42 16 8c ab
00000090: 62 cb 9f 14 5f f5 25 92 34 5c 8d 61 45 44 55 6d 00000090: 62 cb 9f 14 5f f5 25 92 34 5c 8d 61 45 44 55 6d
000000A0: 3d 80 b0 39 f0 39 0b 43 8a f9 b7 b7 17 41 34 ce 000000A0: 3d 80 b0 39 f0 39 0b 43 8a f9 b7 b7 17 41 34 ce
000000B0: 36 bf e3 e7 1a 68 61 72 0e f1 91 24 89 ab d7 e9 000000B0: 36 bf e3 e7 1a 68 61 72 0e f1 91 24 89 ab d7 e9
000000C0: a9 b1 87 38 a1 c0 4c 42 4e 47 62 28 9e d7 1f 02 000000C0: a9 b1 87 38 a1 c0 4c 42 4e 47 62 28 9e d7 1f 02
000000D0: 13 40 69 38 31 f1 91 87 ec 54 11 0a 2d d9 25 15 000000D0: 13 40 69 38 31 f1 91 87 ec 54 11 0a 2d d9 25 15
000000E0: 15 16 37 b7 71 94 11 49 5e f7 28 90 c5 1e 6b 07 000000E0: 15 16 37 b7 71 94 11 49 5e f7 28 90 c5 1e 6b 07
000000F0: d9 cf 06 a2 a2 33 0e e0 25 67 db a6 17 11 27 60 000000F0: d9 cf 06 a2 a2 33 0e e0 25 67 db a6 17 11 27 60
00000100: c8 21 f7 79 63 aa b0 f9 7b 95 03 a7 8d 2e d7 df 00000100: c8 21 f7 79 63 aa b0 f9 7b 95 03 a7 8d 2e d7 df
00000110: 58 e7 30 ab d3 c8 f1 24 40 69 fc 3f bf 00000110: 58 e7 30 ab d3 c8 f1 24 40 69 fc 3f bf
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.3-7.9" derivedCounter="(50)">
Decrypts ciphertext and verifies ICV using K3r as K_msg, resulted in plaintext <t indent="0" pn="section-appendix.a.1.3-7.9.1">
<sourcecode type="test-vectors"> Decrypts ciphertext and verifies ICV using K3r as K_msg, resulting in plaintext
<![CDATA[ </t>
<sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.3-7.9.2">
00000000: 28 00 00 28 00 00 00 24 01 03 04 03 29 0a 8e 3f 00000000: 28 00 00 28 00 00 00 24 01 03 04 03 29 0a 8e 3f
00000010: 03 00 00 08 01 00 00 20 03 00 00 08 04 00 00 22 00000010: 03 00 00 08 01 00 00 20 03 00 00 08 04 00 00 22
00000020: 00 00 00 08 05 00 00 00 22 00 00 24 f1 c1 3f 5e 00000020: 00 00 00 08 05 00 00 00 22 00 00 24 f1 c1 3f 5e
00000030: c4 c9 70 81 cb 1f 57 fe af 3d 80 37 92 a9 ff 96 00000030: c4 c9 70 81 cb 1f 57 fe af 3d 80 37 92 a9 ff 96
00000040: db 8f 3f 31 0a db 84 d1 24 d5 94 12 2c 00 00 88 00000040: db 8f 3f 31 0a db 84 d1 24 d5 94 12 2c 00 00 88
00000050: 00 22 00 00 de 1d 91 64 c3 3e 58 4a b3 3e 55 5d 00000050: 00 22 00 00 de 1d 91 64 c3 3e 58 4a b3 3e 55 5d
00000060: 3e f6 5b cb b5 c6 1c 09 cb 9a 17 91 81 13 5f 46 00000060: 3e f6 5b cb b5 c6 1c 09 cb 9a 17 91 81 13 5f 46
00000070: ce 52 98 c5 1e bb 77 96 c9 04 03 2d f4 e5 23 f9 00000070: ce 52 98 c5 1e bb 77 96 c9 04 03 2d f4 e5 23 f9
00000080: 75 e3 ef a8 53 52 b4 75 9c 00 55 7b 09 75 49 55 00000080: 75 e3 ef a8 53 52 b4 75 9c 00 55 7b 09 75 49 55
00000090: c1 65 7c 4d 67 77 00 0a bc cd bc 4c 34 c3 b3 85 00000090: c1 65 7c 4d 67 77 00 0a bc cd bc 4c 34 c3 b3 85
000000A0: ed 86 7d 3b 9f f7 15 ea 55 b5 e4 1e 45 d9 b0 4f 000000A0: ed 86 7d 3b 9f f7 15 ea 55 b5 e4 1e 45 d9 b0 4f
000000B0: 69 3f ee 7c 89 0e 09 3d 4b 35 2e 8a 3c 0c 33 20 000000B0: 69 3f ee 7c 89 0e 09 3d 4b 35 2e 8a 3c 0c 33 20
000000C0: c3 54 7b 44 db 9f c7 96 a0 1e 9e ae b4 bd 29 73 000000C0: c3 54 7b 44 db 9f c7 96 a0 1e 9e ae b4 bd 29 73
000000D0: b6 80 2d 00 2d 00 00 18 01 00 00 00 07 00 00 10 000000D0: b6 80 2d 00 2d 00 00 18 01 00 00 00 07 00 00 10
000000E0: 00 00 ff ff 0a 01 01 02 0a 01 01 02 29 00 00 18 000000E0: 00 00 ff ff 0a 01 01 02 0a 01 01 02 29 00 00 18
000000F0: 01 00 00 00 07 00 00 10 00 00 ff ff 0a 00 00 00 000000F0: 01 00 00 00 07 00 00 10 00 00 ff ff 0a 00 00 00
00000100: 0a 00 00 ff 29 00 00 08 00 00 40 02 29 00 00 08 00000100: 0a 00 00 ff 29 00 00 08 00 00 40 02 29 00 00 08
00000110: 00 00 40 0a 00 00 00 08 00 00 40 0b 00 00000110: 00 00 40 0a 00 00 00 08 00 00 40 0b 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.3-7.10" derivedCounter="(51)">
<t indent="0" pn="section-appendix.a.1.3-7.10.1">
Parses received message Parses received message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.3-7.10.2">
Create Child SA Create Child SA
4387648D6C9E28FF.82D9FAF87449B936.00000000 IKEv2 R=>I[337] 4387648D6C9E28FF.82D9FAF87449B936.00000000 IKEv2 R=&gt;I[337]
E[309]{ E[309]{
SA[40]{ SA[40]{
P[36](#1:ESP:290A8E3F:3#){ P[36](#1:ESP:290A8E3F:3#){
Encryption=ENCR_KUZNYECHIK_MGM_KTREE, Encryption=ENCR_KUZNYECHIK_MGM_KTREE,
KE=GOST3410_2012_512, KE=GOST3410_2012_512,
ESN=Off}}, ESN=Off}},
NONCE[36]{F1C13F...D59412}, NONCE[36]{F1C13F...D59412},
KE[136](GOST3410_2012_512){DE1D91...802D00}, KE[136](GOST3410_2012_512){DE1D91...802D00},
TSi[24](1#){10.1.1.2}, TSi[24](1#){10.1.1.2},
TSr[24](1#){10.0.0.0-10.0.0.255}, TSr[24](1#){10.0.0.0-10.0.0.255},
N[8](ADDITIONAL_TS_POSSIBLE), N[8](ADDITIONAL_TS_POSSIBLE),
N[8](ESP_TFC_PADDING_NOT_SUPPORTED), N[8](ESP_TFC_PADDING_NOT_SUPPORTED),
N[8](NON_FIRST_FRAGMENTS_ALSO)} N[8](NON_FIRST_FRAGMENTS_ALSO)}
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.3-7.11" derivedCounter="(52)">
<t indent="0" pn="section-appendix.a.1.3-7.11.1">
Computes keys for new ESP SAs Computes keys for new ESP SAs
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.3-7.11.2">
00000000: 4e c4 99 c2 d9 e8 fc 7f 26 fa cf df 20 8f a2 5c 00000000: 4e c4 99 c2 d9 e8 fc 7f 26 fa cf df 20 8f a2 5c
00000010: 85 f8 e3 0c f7 fd 11 5b 5f 80 ba c4 e6 70 8b e4 00000010: 85 f8 e3 0c f7 fd 11 5b 5f 80 ba c4 e6 70 8b e4
00000020: 0b 90 d7 8f bd d4 c5 bd c4 31 6f 0b 00000020: 0b 90 d7 8f bd d4 c5 bd c4 31 6f 0b
00000000: 3c cc d8 46 72 44 68 c6 41 84 d2 22 ea 39 7c e8 00000000: 3c cc d8 46 72 44 68 c6 41 84 d2 22 ea 39 7c e8
00000010: aa 83 66 11 3a 26 4d 7b 07 52 6b c7 65 25 73 9d 00000010: aa 83 66 11 3a 26 4d 7b 07 52 6b c7 65 25 73 9d
00000020: 0f 3d 80 bc 8c 34 ff 07 31 11 5e d2 00000020: 0f 3d 80 bc 8c 34 ff 07 31 11 5e d2
]]> </sourcecode> </sourcecode>
</li> </li>
</ol> </ol>
</section>
<t><br/><br/></t> <section anchor="scenario1-4" numbered="true" removeInRFC="false" toc="i
nclude" pn="section-appendix.a.1.4">
<ol group="scenario1" type="Sub-scenario %d:"> <name slugifiedName="name-sub-scenario-4-ike-sa-delet">Sub-Scenario 4:
<li> IKE SA deletion using the INFORMATIONAL exchange. IKE SA Deletion Using the INFORMATIONAL Exchange</name>
<sourcecode type="test-vectors"> <artwork type="" align="left" pn="section-appendix.a.1.4-1">
<![CDATA[
Initiator Responder Initiator Responder
HDR, SK {D} ---> HDR, SK {D} ---&gt;
<--- HDR, SK { } &lt;--- HDR, SK { }
]]> </artwork>
</sourcecode> <t indent="0" pn="section-appendix.a.1.4-2">Initiator's actions:</t>
</li> <ol start="1" type="(%d)" group="data4.txt" indent="adaptive" spacing=
</ol> "normal" pn="section-appendix.a.1.4-3">
<li pn="section-appendix.a.1.4-3.1" derivedCounter="(1)">
<t>Initiator's actions:</t> <t indent="0" pn="section-appendix.a.1.4-3.1.1">
<ol start="1" type="(%d)" group="data4.txt">
<li>
Creates message Creates message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.4-3.1.2">
Informational Informational
4387648D6C9E28FF.82D9FAF87449B936.00000003 IKEv2 R<-I[61] 4387648D6C9E28FF.82D9FAF87449B936.00000003 IKEv2 R&lt;-I[61]
E[33]{ E[33]{
D[8](IKE)} D[8](IKE)}
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.4-3.2" derivedCounter="(2)">
<t indent="0" pn="section-appendix.a.1.4-3.2.1">
Uses previously computed key K3i Uses previously computed key K3i
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.4-3.2.2">
00000000: c9 41 22 b5 39 b7 d2 3f c4 4d a6 ae 88 2e ff b4 00000000: c9 41 22 b5 39 b7 d2 3f c4 4d a6 ae 88 2e ff b4
00000010: f4 c0 90 9c bd bc 63 56 14 62 e8 8f 90 1a e7 eb 00000010: f4 c0 90 9c bd bc 63 56 14 62 e8 8f 90 1a e7 eb
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.4-3.3" derivedCounter="(3)">
<t indent="0" pn="section-appendix.a.1.4-3.3.1">
Composes MGM nonce Composes MGM nonce
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.4-3.3.2">
00000000: 00 00 00 03 03 a0 05 b7 b2 2d f9 90 bb 6c ff ca 00000000: 00 00 00 03 03 a0 05 b7 b2 2d f9 90 bb 6c ff ca
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.4-3.4" derivedCounter="(4)">
<t indent="0" pn="section-appendix.a.1.4-3.4.1">
Composes AAD Composes AAD
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.4-3.4.2">
00000000: 43 87 64 8d 6c 9e 28 ff 82 d9 fa f8 74 49 b9 36 00000000: 43 87 64 8d 6c 9e 28 ff 82 d9 fa f8 74 49 b9 36
00000010: 2e 20 25 08 00 00 00 03 00 00 00 3d 2a 00 00 21 00000010: 2e 20 25 08 00 00 00 03 00 00 00 3d 2a 00 00 21
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.4-3.5" derivedCounter="(5)">
<t indent="0" pn="section-appendix.a.1.4-3.5.1">
Composes plaintext Composes plaintext
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.4-3.5.2">
00000000: 00 00 00 08 01 00 00 00 00 00000000: 00 00 00 08 01 00 00 00 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.4-3.6" derivedCounter="(6)">
Encrypts plaintext using K3i as K_msg, resulted in ciphertext <t indent="0" pn="section-appendix.a.1.4-3.6.1">
<sourcecode type="test-vectors"> Encrypts plaintext using K3i as K_msg, resulting in ciphertext
<![CDATA[ </t>
<sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.4-3.6.2">
00000000: 3e 17 6f 6c 23 48 06 e9 fd 00000000: 3e 17 6f 6c 23 48 06 e9 fd
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.4-3.7" derivedCounter="(7)">
<t indent="0" pn="section-appendix.a.1.4-3.7.1">
Computes ICV using K3i as K_msg Computes ICV using K3i as K_msg
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.4-3.7.2">
00000000: 23 7b a2 fc d5 1c 6f 2c c0 1e 21 e4 00000000: 23 7b a2 fc d5 1c 6f 2c c0 1e 21 e4
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.4-3.8" derivedCounter="(8)">
<t indent="0" pn="section-appendix.a.1.4-3.8.1">
Composes IV Composes IV
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.4-3.8.2">
00000000: 00 00 00 00 00 00 00 03 00000000: 00 00 00 00 00 00 00 03
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.4-3.9" derivedCounter="(9)">
Sends message, peer receives message<sourcecode type="test-vectors"> <t indent="0" pn="section-appendix.a.1.4-3.9.1">
<![CDATA[ Sends message, peer receives message</t>
10.111.10.171:54294->10.111.15.45:500 [61] <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.4-3.9.2">
10.111.10.171:54294-&gt;10.111.15.45:500 [61]
00000000: 43 87 64 8d 6c 9e 28 ff 82 d9 fa f8 74 49 b9 36 00000000: 43 87 64 8d 6c 9e 28 ff 82 d9 fa f8 74 49 b9 36
00000010: 2e 20 25 08 00 00 00 03 00 00 00 3d 2a 00 00 21 00000010: 2e 20 25 08 00 00 00 03 00 00 00 3d 2a 00 00 21
00000020: 00 00 00 00 00 00 00 03 3e 17 6f 6c 23 48 06 e9 00000020: 00 00 00 00 00 00 00 03 3e 17 6f 6c 23 48 06 e9
00000030: fd 23 7b a2 fc d5 1c 6f 2c c0 1e 21 e4 00000030: fd 23 7b a2 fc d5 1c 6f 2c c0 1e 21 e4
]]>
</sourcecode> </sourcecode>
</li> </li>
</ol> </ol>
<t>Responder's actions:</t> <t indent="0" pn="section-appendix.a.1.4-4">Responder's actions:</t>
<ol type="(%d)" group="data4.txt"> <ol type="(%d)" group="data4.txt" start="10" indent="adaptive" spacing
<li> ="normal" pn="section-appendix.a.1.4-5">
<li pn="section-appendix.a.1.4-5.1" derivedCounter="(10)">
<t indent="0" pn="section-appendix.a.1.4-5.1.1">
Extracts IV from message Extracts IV from message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.4-5.1.2">
00000000: 00 00 00 00 00 00 00 03 00000000: 00 00 00 00 00 00 00 03
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.4-5.2" derivedCounter="(11)">
<t indent="0" pn="section-appendix.a.1.4-5.2.1">
Uses previously computed key K3i Uses previously computed key K3i
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.4-5.2.2">
00000000: c9 41 22 b5 39 b7 d2 3f c4 4d a6 ae 88 2e ff b4 00000000: c9 41 22 b5 39 b7 d2 3f c4 4d a6 ae 88 2e ff b4
00000010: f4 c0 90 9c bd bc 63 56 14 62 e8 8f 90 1a e7 eb 00000010: f4 c0 90 9c bd bc 63 56 14 62 e8 8f 90 1a e7 eb
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.4-5.3" derivedCounter="(12)">
<t indent="0" pn="section-appendix.a.1.4-5.3.1">
Composes MGM nonce Composes MGM nonce
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.4-5.3.2">
00000000: 00 00 00 03 03 a0 05 b7 b2 2d f9 90 bb 6c ff ca 00000000: 00 00 00 03 03 a0 05 b7 b2 2d f9 90 bb 6c ff ca
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.4-5.4" derivedCounter="(13)">
<t indent="0" pn="section-appendix.a.1.4-5.4.1">
Extracts ICV from message Extracts ICV from message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.4-5.4.2">
00000000: 23 7b a2 fc d5 1c 6f 2c c0 1e 21 e4 00000000: 23 7b a2 fc d5 1c 6f 2c c0 1e 21 e4
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.4-5.5" derivedCounter="(14)">
<t indent="0" pn="section-appendix.a.1.4-5.5.1">
Extracts AAD from message Extracts AAD from message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.4-5.5.2">
00000000: 43 87 64 8d 6c 9e 28 ff 82 d9 fa f8 74 49 b9 36 00000000: 43 87 64 8d 6c 9e 28 ff 82 d9 fa f8 74 49 b9 36
00000010: 2e 20 25 08 00 00 00 03 00 00 00 3d 2a 00 00 21 00000010: 2e 20 25 08 00 00 00 03 00 00 00 3d 2a 00 00 21
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.4-5.6" derivedCounter="(15)">
<t indent="0" pn="section-appendix.a.1.4-5.6.1">
Extracts ciphertext from message Extracts ciphertext from message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.4-5.6.2">
00000000: 3e 17 6f 6c 23 48 06 e9 fd 00000000: 3e 17 6f 6c 23 48 06 e9 fd
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.4-5.7" derivedCounter="(16)">
Decrypts ciphertext and verifies ICV using K3i as K_msg, resulted in plaintext <t indent="0" pn="section-appendix.a.1.4-5.7.1">
<sourcecode type="test-vectors"> Decrypts ciphertext and verifies ICV using K3i as K_msg, resulting in plaintext
<![CDATA[ </t>
<sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.4-5.7.2">
00000000: 00 00 00 08 01 00 00 00 00 00000000: 00 00 00 08 01 00 00 00 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.4-5.8" derivedCounter="(17)">
<t indent="0" pn="section-appendix.a.1.4-5.8.1">
Parses received message Parses received message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.4-5.8.2">
Informational Informational
4387648D6C9E28FF.82D9FAF87449B936.00000003 IKEv2 I->R[61] 4387648D6C9E28FF.82D9FAF87449B936.00000003 IKEv2 I-&gt;R[61]
E[33]{ E[33]{
D[8](IKE)} D[8](IKE)}
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.4-5.9" derivedCounter="(18)">
<t indent="0" pn="section-appendix.a.1.4-5.9.1">
Creates message Creates message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.4-5.9.2">
Informational Informational
4387648D6C9E28FF.82D9FAF87449B936.00000003 IKEv2 I<=R[53] 4387648D6C9E28FF.82D9FAF87449B936.00000003 IKEv2 I&lt;=R[53]
E[25]{} E[25]{}
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.4-5.10" derivedCounter="(19)">
<t indent="0" pn="section-appendix.a.1.4-5.10.1">
Uses previously computed key K3r Uses previously computed key K3r
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.4-5.10.2">
00000000: c1 ca 4f dd 2d 02 55 a4 11 9a 10 08 43 2d 61 ea 00000000: c1 ca 4f dd 2d 02 55 a4 11 9a 10 08 43 2d 61 ea
00000010: 52 68 83 c5 ec 92 53 24 01 b0 a2 0b d2 8f 72 78 00000010: 52 68 83 c5 ec 92 53 24 01 b0 a2 0b d2 8f 72 78
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.4-5.11" derivedCounter="(20)">
<t indent="0" pn="section-appendix.a.1.4-5.11.1">
Composes MGM nonce Composes MGM nonce
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.4-5.11.2">
00000000: 00 00 00 03 84 57 87 2b 38 70 63 27 8c dd 88 78 00000000: 00 00 00 03 84 57 87 2b 38 70 63 27 8c dd 88 78
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.4-5.12" derivedCounter="(21)">
<t indent="0" pn="section-appendix.a.1.4-5.12.1">
Composes AAD Composes AAD
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.4-5.12.2">
00000000: 43 87 64 8d 6c 9e 28 ff 82 d9 fa f8 74 49 b9 36 00000000: 43 87 64 8d 6c 9e 28 ff 82 d9 fa f8 74 49 b9 36
00000010: 2e 20 25 20 00 00 00 03 00 00 00 35 00 00 00 19 00000010: 2e 20 25 20 00 00 00 03 00 00 00 35 00 00 00 19
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.4-5.13" derivedCounter="(22)">
<t indent="0" pn="section-appendix.a.1.4-5.13.1">
Composes plaintext Composes plaintext
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.4-5.13.2">
00000000: 00 00000000: 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.4-5.14" derivedCounter="(23)">
Encrypts plaintext using K3r as K_msg, resulted in ciphertext <t indent="0" pn="section-appendix.a.1.4-5.14.1">
<sourcecode type="test-vectors"> Encrypts plaintext using K3r as K_msg, resulting in ciphertext
<![CDATA[ </t>
<sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.4-5.14.2">
00000000: f1 00000000: f1
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.4-5.15" derivedCounter="(24)">
<t indent="0" pn="section-appendix.a.1.4-5.15.1">
Computes ICV using K3r as K_msg Computes ICV using K3r as K_msg
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.4-5.15.2">
00000000: 38 3b 47 ed 04 4d af 44 b8 59 9a ce 00000000: 38 3b 47 ed 04 4d af 44 b8 59 9a ce
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.4-5.16" derivedCounter="(25)">
<t indent="0" pn="section-appendix.a.1.4-5.16.1">
Composes IV Composes IV
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.4-5.16.2">
00000000: 00 00 00 00 00 00 00 03 00000000: 00 00 00 00 00 00 00 03
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.4-5.17" derivedCounter="(26)">
Sends message, peer receives message<sourcecode type="test-vectors"> <t indent="0" pn="section-appendix.a.1.4-5.17.1">
<![CDATA[ Sends message, peer receives message</t>
10.111.10.171:54294<-10.111.15.45:500 [53] <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.4-5.17.2">
10.111.10.171:54294&lt;-10.111.15.45:500 [53]
00000000: 43 87 64 8d 6c 9e 28 ff 82 d9 fa f8 74 49 b9 36 00000000: 43 87 64 8d 6c 9e 28 ff 82 d9 fa f8 74 49 b9 36
00000010: 2e 20 25 20 00 00 00 03 00 00 00 35 00 00 00 19 00000010: 2e 20 25 20 00 00 00 03 00 00 00 35 00 00 00 19
00000020: 00 00 00 00 00 00 00 03 f1 38 3b 47 ed 04 4d af 00000020: 00 00 00 00 00 00 00 03 f1 38 3b 47 ed 04 4d af
00000030: 44 b8 59 9a ce 00000030: 44 b8 59 9a ce
]]>
</sourcecode> </sourcecode>
</li> </li>
</ol> </ol>
<t>Initiator's actions:</t> <t indent="0" pn="section-appendix.a.1.4-6">Initiator's actions:</t>
<ol type="(%d)" group="data4.txt"> <ol type="(%d)" group="data4.txt" start="27" indent="adaptive" spacing
<li> ="normal" pn="section-appendix.a.1.4-7">
<li pn="section-appendix.a.1.4-7.1" derivedCounter="(27)">
<t indent="0" pn="section-appendix.a.1.4-7.1.1">
Extracts IV from message Extracts IV from message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.4-7.1.2">
00000000: 00 00 00 00 00 00 00 03 00000000: 00 00 00 00 00 00 00 03
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.4-7.2" derivedCounter="(28)">
<t indent="0" pn="section-appendix.a.1.4-7.2.1">
Uses previously computed key K3r Uses previously computed key K3r
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.4-7.2.2">
00000000: c1 ca 4f dd 2d 02 55 a4 11 9a 10 08 43 2d 61 ea 00000000: c1 ca 4f dd 2d 02 55 a4 11 9a 10 08 43 2d 61 ea
00000010: 52 68 83 c5 ec 92 53 24 01 b0 a2 0b d2 8f 72 78 00000010: 52 68 83 c5 ec 92 53 24 01 b0 a2 0b d2 8f 72 78
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.4-7.3" derivedCounter="(29)">
<t indent="0" pn="section-appendix.a.1.4-7.3.1">
Composes MGM nonce Composes MGM nonce
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.4-7.3.2">
00000000: 00 00 00 03 84 57 87 2b 38 70 63 27 8c dd 88 78 00000000: 00 00 00 03 84 57 87 2b 38 70 63 27 8c dd 88 78
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.4-7.4" derivedCounter="(30)">
<t indent="0" pn="section-appendix.a.1.4-7.4.1">
Extracts ICV from message Extracts ICV from message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.4-7.4.2">
00000000: 38 3b 47 ed 04 4d af 44 b8 59 9a ce 00000000: 38 3b 47 ed 04 4d af 44 b8 59 9a ce
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.4-7.5" derivedCounter="(31)">
<t indent="0" pn="section-appendix.a.1.4-7.5.1">
Extracts AAD from message Extracts AAD from message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.4-7.5.2">
00000000: 43 87 64 8d 6c 9e 28 ff 82 d9 fa f8 74 49 b9 36 00000000: 43 87 64 8d 6c 9e 28 ff 82 d9 fa f8 74 49 b9 36
00000010: 2e 20 25 20 00 00 00 03 00 00 00 35 00 00 00 19 00000010: 2e 20 25 20 00 00 00 03 00 00 00 35 00 00 00 19
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.4-7.6" derivedCounter="(32)">
<t indent="0" pn="section-appendix.a.1.4-7.6.1">
Extracts ciphertext from message Extracts ciphertext from message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.4-7.6.2">
00000000: f1 00000000: f1
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.4-7.7" derivedCounter="(33)">
Decrypts ciphertext and verifies ICV using K3r as K_msg, resulted in plaintext <t indent="0" pn="section-appendix.a.1.4-7.7.1">
<sourcecode type="test-vectors"> Decrypts ciphertext and verifies ICV using K3r as K_msg, resulting in plaintext
<![CDATA[ </t>
<sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.4-7.7.2">
00000000: 00 00000000: 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.1.4-7.8" derivedCounter="(34)">
<t indent="0" pn="section-appendix.a.1.4-7.8.1">
Parses received message Parses received message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.1.4-7.8.2">
Informational Informational
4387648D6C9E28FF.82D9FAF87449B936.00000003 IKEv2 R=>I[53] 4387648D6C9E28FF.82D9FAF87449B936.00000003 IKEv2 R=&gt;I[53]
E[25]{} E[25]{}
]]> </sourcecode> </sourcecode>
</li> </li>
</ol> </ol>
</section>
</section> </section>
<section anchor="scenario2" numbered="true" removeInRFC="false" toc="inclu
<section title="Scenario 2" anchor="scenario2"> de" pn="section-appendix.a.2">
<name slugifiedName="name-scenario-2">Scenario 2</name>
<t> With this scenario peers establish, rekey and delete IKE SA and <t indent="0" pn="section-appendix.a.2-1"> In this scenario, peers estab
ESP SAs using the following prerequisites:</t> lish, rekey, and delete an IKE SA and ESP SAs using the following prerequisites:
<ul> </t>
<li> Peers authenticate each other using digital signatures </li> <ul bare="false" empty="false" indent="3" spacing="normal" pn="section-a
<li> Initiator's ID is "CN=IKE Interop Test Client, O=ELVIS-PLUS, ppendix.a.2-2">
C=RU" of type ID_DER_ASN1_DN: <li pn="section-appendix.a.2-2.1"> Peers authenticate each other using
<sourcecode type="test-vectors"> digital signatures. </li>
<![CDATA[ <li pn="section-appendix.a.2-2.2">
<t indent="0" pn="section-appendix.a.2-2.2.1"> Initiator's ID is "CN
=IKE Interop Test Client, O=ELVIS-PLUS, C=RU" of type ID_DER_ASN1_DN:
</t>
<sourcecode type="test-vectors" markers="false" pn="section-appendix
.a.2-2.2.2">
00000010: 30 44 31 20 30 1e 06 03 55 04 03 13 17 49 4b 45 00000010: 30 44 31 20 30 1e 06 03 55 04 03 13 17 49 4b 45
00000020: 20 49 6e 74 65 72 6f 70 20 54 65 73 74 20 43 6c 00000020: 20 49 6e 74 65 72 6f 70 20 54 65 73 74 20 43 6c
00000030: 69 65 6e 74 31 13 30 11 06 03 55 04 0a 13 0a 45 00000030: 69 65 6e 74 31 13 30 11 06 03 55 04 0a 13 0a 45
00000040: 4c 56 49 53 2d 50 4c 55 53 31 0b 30 09 06 03 55 00000040: 4c 56 49 53 2d 50 4c 55 53 31 0b 30 09 06 03 55
00000050: 04 06 13 02 52 55 00000050: 04 06 13 02 52 55
]]> </sourcecode>
</sourcecode> </li>
</li> <li pn="section-appendix.a.2-2.3">
<li> Responder's ID is "CN=IKE Interop Test Server, O=ELVIS-PLUS, <t indent="0" pn="section-appendix.a.2-2.3.1"> Responder's ID is "CN
C=RU" of type ID_DER_ASN1_DN: =IKE Interop Test Server, O=ELVIS-PLUS, C=RU" of type ID_DER_ASN1_DN:
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-appendix
.a.2-2.3.2">
00000010: 30 44 31 20 30 1e 06 03 55 04 03 13 17 49 4b 45 00000010: 30 44 31 20 30 1e 06 03 55 04 03 13 17 49 4b 45
00000020: 20 49 6e 74 65 72 6f 70 20 54 65 73 74 20 53 65 00000020: 20 49 6e 74 65 72 6f 70 20 54 65 73 74 20 53 65
00000030: 72 76 65 72 31 13 30 11 06 03 55 04 0a 13 0a 45 00000030: 72 76 65 72 31 13 30 11 06 03 55 04 0a 13 0a 45
00000040: 4c 56 49 53 2d 50 4c 55 53 31 0b 30 09 06 03 55 00000040: 4c 56 49 53 2d 50 4c 55 53 31 0b 30 09 06 03 55
00000050: 04 06 13 02 52 55 00000050: 04 06 13 02 52 55
]]> </sourcecode>
</sourcecode> </li>
</li> <li pn="section-appendix.a.2-2.4"> No NAT is present between the peers
<li> No NAT is present between the peers, but using UDP encapsulat , but using UDP encapsulation is forced by the initiator
ion is forced by the initiator by setting the NAT_DETECTION_SOURCE_IP notification data to all ze
by setting NAT_DETECTION_SOURCE_IP notify to all zeroes </li> roes. </li>
<li> IKE fragmentation is used in the IKE_AUTH exchange </li> <li pn="section-appendix.a.2-2.5"> IKE fragmentation is used in the IK
<li> IKE SA is created with the following transforms: E_AUTH exchange. </li>
<ul> <li pn="section-appendix.a.2-2.6">
<li> ENCR_MAGMA_MGM_KTREE </li> <t indent="0" pn="section-appendix.a.2-2.6.1"> IKE SA is created wit
<li> PRF_HMAC_STREEBOG_512 </li> h the following transforms:
<li> GOST3410_2012_256 </li>
</ul>
</li>
<li> ESP SAs are created with the following transforms:
<ul>
<li> ENCR_MAGMA_MGM_KTREE </li>
<li> ESN off </li>
</ul>
</li>
</ul>
<t> The certificates for this scenatio were obtained from the public
testing CA service
<eref target="https://testgost2012.cryptopro.ru/certsrv/" />
</t> </t>
<ul bare="false" empty="false" indent="3" spacing="normal" pn="secti
<t> The initiator's certificate private key (little endian): on-appendix.a.2-2.6.2">
<li pn="section-appendix.a.2-2.6.2.1"> ENCR_MAGMA_MGM_KTREE </li>
<li pn="section-appendix.a.2-2.6.2.2"> PRF_HMAC_STREEBOG_512 </li>
<li pn="section-appendix.a.2-2.6.2.3"> GOST3410_2012_256 </li>
</ul>
</li>
<li pn="section-appendix.a.2-2.7">
<t indent="0" pn="section-appendix.a.2-2.7.1"> ESP SAs are created w
ith the following transforms:
</t> </t>
<ul bare="false" empty="false" indent="3" spacing="normal" pn="secti
<sourcecode type="test-vectors"> on-appendix.a.2-2.7.2">
<![CDATA[ <li pn="section-appendix.a.2-2.7.2.1"> ENCR_MAGMA_MGM_KTREE </li>
<li pn="section-appendix.a.2-2.7.2.2"> ESN off </li>
</ul>
</li>
</ul>
<t indent="0" pn="section-appendix.a.2-3"> The certificates for this sce
nario were obtained from the public testing CA service
<eref target="https://testgost2012.cryptopro.ru/certsrv/" brackets="
angle"/>.
</t>
<t indent="0" pn="section-appendix.a.2-4"> The initiator's certificate p
rivate key (little endian):
</t>
<sourcecode type="test-vectors" markers="false" pn="section-appendix.a.2
-5">
0000000000: 76 e9 dd b3 f3 a2 08 a2 4e a5 81 9c ae 41 da b4 0000000000: 76 e9 dd b3 f3 a2 08 a2 4e a5 81 9c ae 41 da b4
0000000010: 77 3c 1d d5 dc eb af e6 58 b1 47 d2 d8 29 ce 71 0000000010: 77 3c 1d d5 dc eb af e6 58 b1 47 d2 d8 29 ce 71
0000000020: 18 a9 85 5d 28 5b 3c e3 23 bd 80 ac 2f 00 cc b6 0000000020: 18 a9 85 5d 28 5b 3c e3 23 bd 80 ac 2f 00 cc b6
0000000030: 61 4c 42 a1 65 61 02 cf 33 eb 1f 5f 02 ce 8a b9 0000000030: 61 4c 42 a1 65 61 02 cf 33 eb 1f 5f 02 ce 8a b9
]]> </sourcecode>
</sourcecode> <t indent="0" pn="section-appendix.a.2-6"> The initiator's certificate:
</t>
<t> The initiator's certificate: <sourcecode type="test-vectors" markers="false" pn="section-appendix.a.2
</t> -7">
<sourcecode type="test-vectors">
<![CDATA[
0000000000: 30 82 04 f7 30 82 04 a4 a0 03 02 01 02 02 13 7c 0000000000: 30 82 04 f7 30 82 04 a4 a0 03 02 01 02 02 13 7c
0000000010: 00 03 da a8 9e 1e ff 9e 79 05 fb bb 00 01 00 03 0000000010: 00 03 da a8 9e 1e ff 9e 79 05 fb bb 00 01 00 03
0000000020: da a8 30 0a 06 08 2a 85 03 07 01 01 03 02 30 82 0000000020: da a8 30 0a 06 08 2a 85 03 07 01 01 03 02 30 82
0000000030: 01 0a 31 18 30 16 06 05 2a 85 03 64 01 12 0d 31 0000000030: 01 0a 31 18 30 16 06 05 2a 85 03 64 01 12 0d 31
0000000040: 32 33 34 35 36 37 38 39 30 31 32 33 31 1a 30 18 0000000040: 32 33 34 35 36 37 38 39 30 31 32 33 31 1a 30 18
0000000050: 06 08 2a 85 03 03 81 03 01 01 12 0c 30 30 31 32 0000000050: 06 08 2a 85 03 03 81 03 01 01 12 0c 30 30 31 32
0000000060: 33 34 35 36 37 38 39 30 31 2f 30 2d 06 03 55 04 0000000060: 33 34 35 36 37 38 39 30 31 2f 30 2d 06 03 55 04
0000000070: 09 0c 26 d1 83 d0 bb 2e 20 d0 a1 d1 83 d1 89 d1 0000000070: 09 0c 26 d1 83 d0 bb 2e 20 d0 a1 d1 83 d1 89 d1
0000000080: 91 d0 b2 d1 81 d0 ba d0 b8 d0 b9 20 d0 b2 d0 b0 0000000080: 91 d0 b2 d1 81 d0 ba d0 b8 d0 b9 20 d0 b2 d0 b0
0000000090: d0 bb 20 d0 b4 2e 20 31 38 31 0b 30 09 06 03 55 0000000090: d0 bb 20 d0 b4 2e 20 31 38 31 0b 30 09 06 03 55
skipping to change at line 3545 skipping to change at line 3853
0000000460: 2f 6f 63 73 70 2e 73 72 66 30 41 06 08 2b 06 01 0000000460: 2f 6f 63 73 70 2e 73 72 66 30 41 06 08 2b 06 01
0000000470: 05 05 07 30 01 86 35 68 74 74 70 3a 2f 2f 74 65 0000000470: 05 05 07 30 01 86 35 68 74 74 70 3a 2f 2f 74 65
0000000480: 73 74 67 6f 73 74 32 30 31 32 2e 63 72 79 70 74 0000000480: 73 74 67 6f 73 74 32 30 31 32 2e 63 72 79 70 74
0000000490: 6f 70 72 6f 2e 72 75 2f 6f 63 73 70 32 30 31 32 0000000490: 6f 70 72 6f 2e 72 75 2f 6f 63 73 70 32 30 31 32
00000004A0: 67 73 74 2f 6f 63 73 70 2e 73 72 66 30 0a 06 08 00000004A0: 67 73 74 2f 6f 63 73 70 2e 73 72 66 30 0a 06 08
00000004B0: 2a 85 03 07 01 01 03 02 03 41 00 21 ee 3b e1 fd 00000004B0: 2a 85 03 07 01 01 03 02 03 41 00 21 ee 3b e1 fd
00000004C0: 0f 36 90 92 c4 a2 35 26 e8 dc 4e b8 ef 89 40 70 00000004C0: 0f 36 90 92 c4 a2 35 26 e8 dc 4e b8 ef 89 40 70
00000004D0: d2 91 39 bc 79 a6 e2 f7 c1 06 bd d5 d6 ff 72 a5 00000004D0: d2 91 39 bc 79 a6 e2 f7 c1 06 bd d5 d6 ff 72 a5
00000004E0: 6c f2 c0 c3 75 e9 ca 67 81 c1 93 96 b4 bd 18 12 00000004E0: 6c f2 c0 c3 75 e9 ca 67 81 c1 93 96 b4 bd 18 12
00000004F0: 4c 37 f7 d9 73 d6 4c 8a a6 c4 0a 00000004F0: 4c 37 f7 d9 73 d6 4c 8a a6 c4 0a
]]> </sourcecode>
</sourcecode> <sourcecode type="asn.1" markers="false" pn="section-appendix.a.2-8">
<sourcecode type="asn.1">
<![CDATA[
0 1271: SEQUENCE { 0 1271: SEQUENCE {
4 1188: SEQUENCE { 4 1188: SEQUENCE {
8 3: [0] { 8 3: [0] {
10 1: INTEGER 2 10 1: INTEGER 2
: } : }
13 19: INTEGER 13 19: INTEGER
: 7c 00 03 da a8 9e 1e ff 9e 79 05 fb bb 00 01 00 : 7c 00 03 da a8 9e 1e ff 9e 79 05 fb bb 00 01 00
: 03 da a8 : 03 da a8
34 10: SEQUENCE { 34 10: SEQUENCE {
36 8: OBJECT IDENTIFIER 36 8: OBJECT IDENTIFIER
skipping to change at line 3774 skipping to change at line 4079
1196 10: SEQUENCE { 1196 10: SEQUENCE {
1198 8: OBJECT IDENTIFIER 1198 8: OBJECT IDENTIFIER
: gost2012Signature256 (1 2 643 7 1 1 3 2) : gost2012Signature256 (1 2 643 7 1 1 3 2)
: } : }
1208 65: BIT STRING 1208 65: BIT STRING
: 21 ee 3b e1 fd 0f 36 90 92 c4 a2 35 26 e8 dc 4e : 21 ee 3b e1 fd 0f 36 90 92 c4 a2 35 26 e8 dc 4e
: b8 ef 89 40 70 d2 91 39 bc 79 a6 e2 f7 c1 06 bd : b8 ef 89 40 70 d2 91 39 bc 79 a6 e2 f7 c1 06 bd
: d5 d6 ff 72 a5 6c f2 c0 c3 75 e9 ca 67 81 c1 93 : d5 d6 ff 72 a5 6c f2 c0 c3 75 e9 ca 67 81 c1 93
: 96 b4 bd 18 12 4c 37 f7 d9 73 d6 4c 8a a6 c4 0a : 96 b4 bd 18 12 4c 37 f7 d9 73 d6 4c 8a a6 c4 0a
: } : }
]]> </sourcecode>
</sourcecode> <t indent="0" pn="section-appendix.a.2-9"> The responder's certificate p
rivate key (little endian):
<t> The responder's certificate private key (little endian): </t>
</t> <sourcecode type="test-vectors" markers="false" pn="section-appendix.a.2
-10">
<sourcecode type="test-vectors">
<![CDATA[
0000000000: cb 73 0c 81 6f ac 6d 81 9f 82 ae 15 a9 08 12 17 0000000000: cb 73 0c 81 6f ac 6d 81 9f 82 ae 15 a9 08 12 17
0000000010: d3 1b 97 64 b7 1c 34 0d d3 dd 90 1f 15 8c 9b 06 0000000010: d3 1b 97 64 b7 1c 34 0d d3 dd 90 1f 15 8c 9b 06
]]> </sourcecode>
</sourcecode> <t indent="0" pn="section-appendix.a.2-11"> The responder's certificate:
</t>
<t> The responder's certificate: <sourcecode type="test-vectors" markers="false" pn="section-appendix.a.2
</t> -12">
<sourcecode type="test-vectors">
<![CDATA[
0000000000: 30 82 04 b2 30 82 04 5f a0 03 02 01 02 02 13 7c 0000000000: 30 82 04 b2 30 82 04 5f a0 03 02 01 02 02 13 7c
0000000010: 00 03 d9 02 ec f9 34 3e c8 aa d6 59 00 01 00 03 0000000010: 00 03 d9 02 ec f9 34 3e c8 aa d6 59 00 01 00 03
0000000020: d9 02 30 0a 06 08 2a 85 03 07 01 01 03 02 30 82 0000000020: d9 02 30 0a 06 08 2a 85 03 07 01 01 03 02 30 82
0000000030: 01 0a 31 18 30 16 06 05 2a 85 03 64 01 12 0d 31 0000000030: 01 0a 31 18 30 16 06 05 2a 85 03 64 01 12 0d 31
0000000040: 32 33 34 35 36 37 38 39 30 31 32 33 31 1a 30 18 0000000040: 32 33 34 35 36 37 38 39 30 31 32 33 31 1a 30 18
0000000050: 06 08 2a 85 03 03 81 03 01 01 12 0c 30 30 31 32 0000000050: 06 08 2a 85 03 03 81 03 01 01 12 0c 30 30 31 32
0000000060: 33 34 35 36 37 38 39 30 31 2f 30 2d 06 03 55 04 0000000060: 33 34 35 36 37 38 39 30 31 2f 30 2d 06 03 55 04
0000000070: 09 0c 26 d1 83 d0 bb 2e 20 d0 a1 d1 83 d1 89 d1 0000000070: 09 0c 26 d1 83 d0 bb 2e 20 d0 a1 d1 83 d1 89 d1
0000000080: 91 d0 b2 d1 81 d0 ba d0 b8 d0 b9 20 d0 b2 d0 b0 0000000080: 91 d0 b2 d1 81 d0 ba d0 b8 d0 b9 20 d0 b2 d0 b0
0000000090: d0 bb 20 d0 b4 2e 20 31 38 31 0b 30 09 06 03 55 0000000090: d0 bb 20 d0 b4 2e 20 31 38 31 0b 30 09 06 03 55
skipping to change at line 3868 skipping to change at line 4165
0000000420: 2e 73 72 66 30 41 06 08 2b 06 01 05 05 07 30 01 0000000420: 2e 73 72 66 30 41 06 08 2b 06 01 05 05 07 30 01
0000000430: 86 35 68 74 74 70 3a 2f 2f 74 65 73 74 67 6f 73 0000000430: 86 35 68 74 74 70 3a 2f 2f 74 65 73 74 67 6f 73
0000000440: 74 32 30 31 32 2e 63 72 79 70 74 6f 70 72 6f 2e 0000000440: 74 32 30 31 32 2e 63 72 79 70 74 6f 70 72 6f 2e
0000000450: 72 75 2f 6f 63 73 70 32 30 31 32 67 73 74 2f 6f 0000000450: 72 75 2f 6f 63 73 70 32 30 31 32 67 73 74 2f 6f
0000000460: 63 73 70 2e 73 72 66 30 0a 06 08 2a 85 03 07 01 0000000460: 63 73 70 2e 73 72 66 30 0a 06 08 2a 85 03 07 01
0000000470: 01 03 02 03 41 00 a5 39 5f ca 48 e1 c2 93 c1 e0 0000000470: 01 03 02 03 41 00 a5 39 5f ca 48 e1 c2 93 c1 e0
0000000480: 8a 64 74 0f 6b 86 a2 15 9b 46 29 d0 42 71 4f ce 0000000480: 8a 64 74 0f 6b 86 a2 15 9b 46 29 d0 42 71 4f ce
0000000490: e7 52 d7 d7 3d aa 47 ce cf 52 63 8f 26 b2 17 5f 0000000490: e7 52 d7 d7 3d aa 47 ce cf 52 63 8f 26 b2 17 5f
00000004A0: ad 96 57 76 ea 5f d0 87 bb 12 29 e4 06 0e e1 5f 00000004A0: ad 96 57 76 ea 5f d0 87 bb 12 29 e4 06 0e e1 5f
00000004B0: fd 59 81 fb 34 6d 00000004B0: fd 59 81 fb 34 6d
]]> </sourcecode>
</sourcecode> <sourcecode type="asn.1" markers="false" pn="section-appendix.a.2-13">
<sourcecode type="asn.1">
<![CDATA[
0 1202: SEQUENCE { 0 1202: SEQUENCE {
4 1119: SEQUENCE { 4 1119: SEQUENCE {
8 3: [0] { 8 3: [0] {
10 1: INTEGER 2 10 1: INTEGER 2
: } : }
13 19: INTEGER 13 19: INTEGER
: 7c 00 03 d9 02 ec f9 34 3e c8 aa d6 59 00 01 00 : 7c 00 03 d9 02 ec f9 34 3e c8 aa d6 59 00 01 00
: 03 d9 02 : 03 d9 02
34 10: SEQUENCE { 34 10: SEQUENCE {
36 8: OBJECT IDENTIFIER 36 8: OBJECT IDENTIFIER
skipping to change at line 4093 skipping to change at line 4387
1127 10: SEQUENCE { 1127 10: SEQUENCE {
1129 8: OBJECT IDENTIFIER 1129 8: OBJECT IDENTIFIER
: gost2012Signature256 (1 2 643 7 1 1 3 2) : gost2012Signature256 (1 2 643 7 1 1 3 2)
: } : }
1139 65: BIT STRING 1139 65: BIT STRING
: a5 39 5f ca 48 e1 c2 93 c1 e0 8a 64 74 0f 6b 86 : a5 39 5f ca 48 e1 c2 93 c1 e0 8a 64 74 0f 6b 86
: a2 15 9b 46 29 d0 42 71 4f ce e7 52 d7 d7 3d aa : a2 15 9b 46 29 d0 42 71 4f ce e7 52 d7 d7 3d aa
: 47 ce cf 52 63 8f 26 b2 17 5f ad 96 57 76 ea 5f : 47 ce cf 52 63 8f 26 b2 17 5f ad 96 57 76 ea 5f
: d0 87 bb 12 29 e4 06 0e e1 5f fd 59 81 fb 34 6d : d0 87 bb 12 29 e4 06 0e e1 5f fd 59 81 fb 34 6d
: } : }
]]> </sourcecode>
</sourcecode> <t indent="0" pn="section-appendix.a.2-14"> CA certificate:
</t>
<t> CA certificate: <sourcecode type="test-vectors" markers="false" pn="section-appendix.a.2
</t> -15">
<sourcecode type="test-vectors">
<![CDATA[
0000000000: 30 82 05 1c 30 82 04 c9 a0 03 02 01 02 02 10 3b 0000000000: 30 82 05 1c 30 82 04 c9 a0 03 02 01 02 02 10 3b
0000000010: 20 8a e5 fd 46 68 86 49 a0 50 fa af a8 83 93 30 0000000010: 20 8a e5 fd 46 68 86 49 a0 50 fa af a8 83 93 30
0000000020: 0a 06 08 2a 85 03 07 01 01 03 02 30 82 01 0a 31 0000000020: 0a 06 08 2a 85 03 07 01 01 03 02 30 82 01 0a 31
0000000030: 18 30 16 06 05 2a 85 03 64 01 12 0d 31 32 33 34 0000000030: 18 30 16 06 05 2a 85 03 64 01 12 0d 31 32 33 34
0000000040: 35 36 37 38 39 30 31 32 33 31 1a 30 18 06 08 2a 0000000040: 35 36 37 38 39 30 31 32 33 31 1a 30 18 06 08 2a
0000000050: 85 03 03 81 03 01 01 12 0c 30 30 31 32 33 34 35 0000000050: 85 03 03 81 03 01 01 12 0c 30 30 31 32 33 34 35
0000000060: 36 37 38 39 30 31 2f 30 2d 06 03 55 04 09 0c 26 0000000060: 36 37 38 39 30 31 2f 30 2d 06 03 55 04 09 0c 26
0000000070: d1 83 d0 bb 2e 20 d0 a1 d1 83 d1 89 d1 91 d0 b2 0000000070: d1 83 d0 bb 2e 20 d0 a1 d1 83 d1 89 d1 91 d0 b2
0000000080: d1 81 d0 ba d0 b8 d0 b9 20 d0 b2 d0 b0 d0 bb 20 0000000080: d1 81 d0 ba d0 b8 d0 b9 20 d0 b2 d0 b0 d0 bb 20
0000000090: d0 b4 2e 20 31 38 31 0b 30 09 06 03 55 04 06 13 0000000090: d0 b4 2e 20 31 38 31 0b 30 09 06 03 55 04 06 13
skipping to change at line 4183 skipping to change at line 4473
0000000480: 02 03 01 00 01 30 25 06 03 55 1d 20 04 1e 30 1c 0000000480: 02 03 01 00 01 30 25 06 03 55 1d 20 04 1e 30 1c
0000000490: 30 08 06 06 2a 85 03 64 71 01 30 08 06 06 2a 85 0000000490: 30 08 06 06 2a 85 03 64 71 01 30 08 06 06 2a 85
00000004A0: 03 64 71 02 30 06 06 04 55 1d 20 00 30 23 06 09 00000004A0: 03 64 71 02 30 06 06 04 55 1d 20 00 30 23 06 09
00000004B0: 2b 06 01 04 01 82 37 15 02 04 16 04 14 c8 da 66 00000004B0: 2b 06 01 04 01 82 37 15 02 04 16 04 14 c8 da 66
00000004C0: cb b6 97 d2 3e c9 67 1d c2 5b 64 3a ab dc bb cf 00000004C0: cb b6 97 d2 3e c9 67 1d c2 5b 64 3a ab dc bb cf
00000004D0: 69 30 0a 06 08 2a 85 03 07 01 01 03 02 03 41 00 00000004D0: 69 30 0a 06 08 2a 85 03 07 01 01 03 02 03 41 00
00000004E0: 3e 95 cd d8 1f 95 bd 09 ab 73 82 f5 04 e0 f2 66 00000004E0: 3e 95 cd d8 1f 95 bd 09 ab 73 82 f5 04 e0 f2 66
00000004F0: 12 32 82 9b 2b 03 cc 4b c0 b3 73 f8 e7 0d d6 bd 00000004F0: 12 32 82 9b 2b 03 cc 4b c0 b3 73 f8 e7 0d d6 bd
0000000500: 83 c8 27 2d 01 c1 ec ef 65 5d ac 77 fd dd da 9d 0000000500: 83 c8 27 2d 01 c1 ec ef 65 5d ac 77 fd dd da 9d
0000000510: 04 e2 bf e8 02 7f 87 36 1b cf ac 7a 28 9c 21 fe 0000000510: 04 e2 bf e8 02 7f 87 36 1b cf ac 7a 28 9c 21 fe
]]> </sourcecode>
</sourcecode> <sourcecode type="asn.1" markers="false" pn="section-appendix.a.2-16">
<sourcecode type="asn.1">
<![CDATA[
0 1308: SEQUENCE { 0 1308: SEQUENCE {
4 1225: SEQUENCE { 4 1225: SEQUENCE {
8 3: [0] { 8 3: [0] {
10 1: INTEGER 2 10 1: INTEGER 2
: } : }
13 16: INTEGER 13 16: INTEGER
: 3b 20 8a e5 fd 46 68 86 49 a0 50 fa af a8 83 93 : 3b 20 8a e5 fd 46 68 86 49 a0 50 fa af a8 83 93
31 10: SEQUENCE { 31 10: SEQUENCE {
33 8: OBJECT IDENTIFIER 33 8: OBJECT IDENTIFIER
: gost2012Signature256 (1 2 643 7 1 1 3 2) : gost2012Signature256 (1 2 643 7 1 1 3 2)
skipping to change at line 4436 skipping to change at line 4723
1233 10: SEQUENCE { 1233 10: SEQUENCE {
1235 8: OBJECT IDENTIFIER 1235 8: OBJECT IDENTIFIER
: gost2012Signature256 (1 2 643 7 1 1 3 2) : gost2012Signature256 (1 2 643 7 1 1 3 2)
: } : }
1245 65: BIT STRING 1245 65: BIT STRING
: 3e 95 cd d8 1f 95 bd 09 ab 73 82 f5 04 e0 f2 66 : 3e 95 cd d8 1f 95 bd 09 ab 73 82 f5 04 e0 f2 66
: 12 32 82 9b 2b 03 cc 4b c0 b3 73 f8 e7 0d d6 bd : 12 32 82 9b 2b 03 cc 4b c0 b3 73 f8 e7 0d d6 bd
: 83 c8 27 2d 01 c1 ec ef 65 5d ac 77 fd dd da 9d : 83 c8 27 2d 01 c1 ec ef 65 5d ac 77 fd dd da 9d
: 04 e2 bf e8 02 7f 87 36 1b cf ac 7a 28 9c 21 fe : 04 e2 bf e8 02 7f 87 36 1b cf ac 7a 28 9c 21 fe
: } : }
]]> </sourcecode>
</sourcecode> <t indent="0" pn="section-appendix.a.2-17"> This scenario includes four
<t> This scenario includes four sub-scenarios. sub-scenarios, which are described below.
</t> </t>
<section anchor="scenario2-1" numbered="true" removeInRFC="false" toc="i
<ol group="scenario2" type="Sub-scenario %d:"> nclude" pn="section-appendix.a.2.1">
<li> Establishing of IKE and ESP SAs using the IKE_SA_INIT and the <name slugifiedName="name-sub-scenario-1-establishment">Sub-Scenario 1
IKE_AUTH exchanges. : Establishment of IKE and ESP SAs Using the IKE_SA_INIT and the IKE_AUTH Exchan
<sourcecode type="test-vectors"> ges</name>
<![CDATA[ <artwork type="" align="left" pn="section-appendix.a.2.1-1">
Initiator Responder Initiator Responder
HDR, SAi1, KEi, Ni [,N+] ---> HDR, SAi1, KEi, Ni [,N+] ---&gt;
<--- HDR, N(INVALID_KE_PAYLOAD) &lt;--- HDR, N(INVALID_KE_PAYLOAD)
HDR, SAi1, KEi, Ni [,N+] ---> HDR, SAi1, KEi, Ni [,N+] ---&gt;
<--- HDR, SAr1, KEr, Nr &lt;--- HDR, SAr1, KEr, Nr
[,CERTREQ] [,N+] [,CERTREQ] [,N+]
HDR, SK {IDi, [CERT,] HDR, SK {IDi, [CERT,]
[CERTREQ,] [IDr,] [N+,] [CERTREQ,] [IDr,] [N+,]
AUTH, SAi2, TSi, TSr} ---> AUTH, SAi2, TSi, TSr} ---&gt;
<--- HDR, SK {IDr, [CERT,] [N+,] &lt;--- HDR, SK {IDr, [CERT,] [N+,]
AUTH, SAr2, TSi, TSr} AUTH, SAr2, TSi, TSr}
]]> </artwork>
</sourcecode> <t indent="0" pn="section-appendix.a.2.1-2">Initiator's actions:</t>
</li> <ol start="1" type="(%d)" group="data5.txt" indent="adaptive" spacing=
</ol> "normal" pn="section-appendix.a.2.1-3">
<li pn="section-appendix.a.2.1-3.1" derivedCounter="(1)">
<t>Initiator's actions:</t> <t indent="0" pn="section-appendix.a.2.1-3.1.1">
<ol start="1" type="(%d)" group="data5.txt">
<li>
Generates random SPIi for IKE SA Generates random SPIi for IKE SA
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-3.1.2">
00000000: 92 80 e0 82 2e 75 87 78 00000000: 92 80 e0 82 2e 75 87 78
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-3.2" derivedCounter="(2)">
<t indent="0" pn="section-appendix.a.2.1-3.2.1">
Generates random IKE nonce Ni Generates random IKE nonce Ni
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-3.2.2">
00000000: 98 44 d5 40 ef 89 46 f4 55 20 0a 55 73 dc ad 73 00000000: 98 44 d5 40 ef 89 46 f4 55 20 0a 55 73 dc ad 73
00000010: dd 2a 6f a8 31 f8 49 05 f5 8e 17 a2 6c cc 01 1f 00000010: dd 2a 6f a8 31 f8 49 05 f5 8e 17 a2 6c cc 01 1f
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-3.3" derivedCounter="(3)">
<t indent="0" pn="section-appendix.a.2.1-3.3.1">
Generates ephemeral private key (512 bit) Generates ephemeral private key (512 bit)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-3.3.2">
00000000: 82 fb 1c 90 c3 a3 c2 16 7f 76 15 5d 69 06 f8 47 00000000: 82 fb 1c 90 c3 a3 c2 16 7f 76 15 5d 69 06 f8 47
00000010: 3e fe 83 3e 21 cd e7 a4 e5 cd d9 71 ef d3 c5 db 00000010: 3e fe 83 3e 21 cd e7 a4 e5 cd d9 71 ef d3 c5 db
00000020: 7e de 50 70 48 96 90 01 0c 81 02 b9 4b 56 f6 47 00000020: 7e de 50 70 48 96 90 01 0c 81 02 b9 4b 56 f6 47
00000030: cb 27 40 25 58 55 80 32 e9 59 17 10 3b 0f eb 3b 00000030: cb 27 40 25 58 55 80 32 e9 59 17 10 3b 0f eb 3b
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-3.4" derivedCounter="(4)">
<t indent="0" pn="section-appendix.a.2.1-3.4.1">
Computes public key Computes public key
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-3.4.2">
00000000: 89 77 c6 d7 2b 08 5d d5 48 b1 ea 5d 99 c5 03 09 00000000: 89 77 c6 d7 2b 08 5d d5 48 b1 ea 5d 99 c5 03 09
00000010: c6 62 fe d7 7d 84 a4 d8 8b 9b a5 c8 3a 7a 05 86 00000010: c6 62 fe d7 7d 84 a4 d8 8b 9b a5 c8 3a 7a 05 86
00000020: e2 0d 8d 9b 5d ce 01 18 e2 d2 da 73 83 ee 30 ad 00000020: e2 0d 8d 9b 5d ce 01 18 e2 d2 da 73 83 ee 30 ad
00000030: 49 88 44 6f bd 18 78 b4 bb da c9 df 1a ca d1 2a 00000030: 49 88 44 6f bd 18 78 b4 bb da c9 df 1a ca d1 2a
00000040: 05 98 75 da 9e 9a 21 e4 db 71 8f af d1 96 c7 8b 00000040: 05 98 75 da 9e 9a 21 e4 db 71 8f af d1 96 c7 8b
00000050: de 9a b2 98 f7 55 bb 74 38 34 a4 da 47 ab 86 15 00000050: de 9a b2 98 f7 55 bb 74 38 34 a4 da 47 ab 86 15
00000060: d4 c8 33 70 b7 02 79 b8 7f c2 97 6d 03 8f 2d 08 00000060: d4 c8 33 70 b7 02 79 b8 7f c2 97 6d 03 8f 2d 08
00000070: d7 ab ac 85 4c bf 5a f6 27 57 ad fe 61 50 5e 45 00000070: d7 ab ac 85 4c bf 5a f6 27 57 ad fe 61 50 5e 45
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-3.5" derivedCounter="(5)">
<t indent="0" pn="section-appendix.a.2.1-3.5.1">
Creates message Creates message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-3.5.2">
IKE SA Init IKE SA Init
9280E0822E758778.0000000000000000.00000000 IKEv2 R<-I[328] 9280E0822E758778.0000000000000000.00000000 IKEv2 R&lt;-I[328]
SA[52]{ SA[52]{
P[48](#1:IKE::5#){ P[48](#1:IKE::5#){
Encryption=ENCR_KUZNYECHIK_MGM_KTREE, Encryption=ENCR_KUZNYECHIK_MGM_KTREE,
ENCR_MAGMA_MGM_KTREE, ENCR_MAGMA_MGM_KTREE,
PRF=PRF_HMAC_STREEBOG_512, PRF=PRF_HMAC_STREEBOG_512,
KE=GOST3410_2012_512, KE=GOST3410_2012_512,
GOST3410_2012_256}}, GOST3410_2012_256}},
KE[136](GOST3410_2012_512){8977C6...505E45}, KE[136](GOST3410_2012_512){8977C6...505E45},
NONCE[36]{9844D5...CC011F}, NONCE[36]{9844D5...CC011F},
N[28](NAT_DETECTION_SOURCE_IP){000000...000000}, N[28](NAT_DETECTION_SOURCE_IP){000000...000000},
N[28](NAT_DETECTION_DESTINATION_IP){7D2124...4E6F10}, N[28](NAT_DETECTION_DESTINATION_IP){7D2124...4E6F10},
N[8](IKEV2_FRAGMENTATION_SUPPORTED), N[8](IKEV2_FRAGMENTATION_SUPPORTED),
N[12](SIGNATURE_HASH_ALGORITHMS){STREEBOG_256, STREEBOG_512} N[12](SIGNATURE_HASH_ALGORITHMS){STREEBOG_256, STREEBOG_512}
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-3.6" derivedCounter="(6)">
Sends message, peer receives message<sourcecode type="test-vectors"> <t indent="0" pn="section-appendix.a.2.1-3.6.1">
<![CDATA[ Sends message, peer receives message</t>
10.111.10.171:54294->10.111.15.45:500 [328] <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-3.6.2">
10.111.10.171:54294-&gt;10.111.15.45:500 [328]
00000000: 92 80 e0 82 2e 75 87 78 00 00 00 00 00 00 00 00 00000000: 92 80 e0 82 2e 75 87 78 00 00 00 00 00 00 00 00
00000010: 21 20 22 08 00 00 00 00 00 00 01 48 22 00 00 34 00000010: 21 20 22 08 00 00 00 00 00 00 01 48 22 00 00 34
00000020: 00 00 00 30 01 01 00 05 03 00 00 08 01 00 00 20 00000020: 00 00 00 30 01 01 00 05 03 00 00 08 01 00 00 20
00000030: 03 00 00 08 01 00 00 21 03 00 00 08 02 00 00 09 00000030: 03 00 00 08 01 00 00 21 03 00 00 08 02 00 00 09
00000040: 03 00 00 08 04 00 00 22 00 00 00 08 04 00 00 21 00000040: 03 00 00 08 04 00 00 22 00 00 00 08 04 00 00 21
00000050: 28 00 00 88 00 22 00 00 89 77 c6 d7 2b 08 5d d5 00000050: 28 00 00 88 00 22 00 00 89 77 c6 d7 2b 08 5d d5
00000060: 48 b1 ea 5d 99 c5 03 09 c6 62 fe d7 7d 84 a4 d8 00000060: 48 b1 ea 5d 99 c5 03 09 c6 62 fe d7 7d 84 a4 d8
00000070: 8b 9b a5 c8 3a 7a 05 86 e2 0d 8d 9b 5d ce 01 18 00000070: 8b 9b a5 c8 3a 7a 05 86 e2 0d 8d 9b 5d ce 01 18
00000080: e2 d2 da 73 83 ee 30 ad 49 88 44 6f bd 18 78 b4 00000080: e2 d2 da 73 83 ee 30 ad 49 88 44 6f bd 18 78 b4
skipping to change at line 4557 skipping to change at line 4838
000000B0: 38 34 a4 da 47 ab 86 15 d4 c8 33 70 b7 02 79 b8 000000B0: 38 34 a4 da 47 ab 86 15 d4 c8 33 70 b7 02 79 b8
000000C0: 7f c2 97 6d 03 8f 2d 08 d7 ab ac 85 4c bf 5a f6 000000C0: 7f c2 97 6d 03 8f 2d 08 d7 ab ac 85 4c bf 5a f6
000000D0: 27 57 ad fe 61 50 5e 45 29 00 00 24 98 44 d5 40 000000D0: 27 57 ad fe 61 50 5e 45 29 00 00 24 98 44 d5 40
000000E0: ef 89 46 f4 55 20 0a 55 73 dc ad 73 dd 2a 6f a8 000000E0: ef 89 46 f4 55 20 0a 55 73 dc ad 73 dd 2a 6f a8
000000F0: 31 f8 49 05 f5 8e 17 a2 6c cc 01 1f 29 00 00 1c 000000F0: 31 f8 49 05 f5 8e 17 a2 6c cc 01 1f 29 00 00 1c
00000100: 00 00 40 04 00 00 00 00 00 00 00 00 00 00 00 00 00000100: 00 00 40 04 00 00 00 00 00 00 00 00 00 00 00 00
00000110: 00 00 00 00 00 00 00 00 29 00 00 1c 00 00 40 05 00000110: 00 00 00 00 00 00 00 00 29 00 00 1c 00 00 40 05
00000120: 7d 21 24 87 89 d7 95 71 bd a2 2d 22 9d 51 d0 71 00000120: 7d 21 24 87 89 d7 95 71 bd a2 2d 22 9d 51 d0 71
00000130: e9 4e 6f 10 29 00 00 08 00 00 40 2e 00 00 00 0c 00000130: e9 4e 6f 10 29 00 00 08 00 00 40 2e 00 00 00 0c
00000140: 00 00 40 2f 00 06 00 07 00000140: 00 00 40 2f 00 06 00 07
]]>
</sourcecode> </sourcecode>
</li> </li>
</ol> </ol>
<t>Responder's actions:</t> <t indent="0" pn="section-appendix.a.2.1-4">Responder's actions:</t>
<ol type="(%d)" group="data5.txt"> <ol type="(%d)" group="data5.txt" start="7" indent="adaptive" spacing=
<li> "normal" pn="section-appendix.a.2.1-5">
<li pn="section-appendix.a.2.1-5.1" derivedCounter="(7)">
<t indent="0" pn="section-appendix.a.2.1-5.1.1">
Parses received message Parses received message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-5.1.2">
IKE SA Init IKE SA Init
9280E0822E758778.0000000000000000.00000000 IKEv2 I->R[328] 9280E0822E758778.0000000000000000.00000000 IKEv2 I-&gt;R[328]
SA[52]{ SA[52]{
P[48](#1:IKE::5#){ P[48](#1:IKE::5#){
Encryption=ENCR_KUZNYECHIK_MGM_KTREE, Encryption=ENCR_KUZNYECHIK_MGM_KTREE,
ENCR_MAGMA_MGM_KTREE, ENCR_MAGMA_MGM_KTREE,
PRF=PRF_HMAC_STREEBOG_512, PRF=PRF_HMAC_STREEBOG_512,
KE=GOST3410_2012_512, KE=GOST3410_2012_512,
GOST3410_2012_256}}, GOST3410_2012_256}},
KE[136](GOST3410_2012_512){8977C6...505E45}, KE[136](GOST3410_2012_512){8977C6...505E45},
NONCE[36]{9844D5...CC011F}, NONCE[36]{9844D5...CC011F},
N[28](NAT_DETECTION_SOURCE_IP){000000...000000}, N[28](NAT_DETECTION_SOURCE_IP){000000...000000},
N[28](NAT_DETECTION_DESTINATION_IP){7D2124...4E6F10}, N[28](NAT_DETECTION_DESTINATION_IP){7D2124...4E6F10},
N[8](IKEV2_FRAGMENTATION_SUPPORTED), N[8](IKEV2_FRAGMENTATION_SUPPORTED),
N[12](SIGNATURE_HASH_ALGORITHMS){STREEBOG_256, STREEBOG_512} N[12](SIGNATURE_HASH_ALGORITHMS){STREEBOG_256, STREEBOG_512}
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-5.2" derivedCounter="(8)">
<t indent="0" pn="section-appendix.a.2.1-5.2.1">
Creates message Creates message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-5.2.2">
IKE SA Init IKE SA Init
9280E0822E758778.0000000000000000.00000000 IKEv2 I<=R[38] 9280E0822E758778.0000000000000000.00000000 IKEv2 I&lt;=R[38]
N[10](INVALID_KE_PAYLOAD){GOST3410_2012_256} N[10](INVALID_KE_PAYLOAD){GOST3410_2012_256}
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-5.3" derivedCounter="(9)">
Sends message, peer receives message<sourcecode type="test-vectors"> <t indent="0" pn="section-appendix.a.2.1-5.3.1">
<![CDATA[ Sends message, peer receives message</t>
10.111.10.171:54294<-10.111.15.45:500 [38] <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-5.3.2">
10.111.10.171:54294&lt;-10.111.15.45:500 [38]
00000000: 92 80 e0 82 2e 75 87 78 00 00 00 00 00 00 00 00 00000000: 92 80 e0 82 2e 75 87 78 00 00 00 00 00 00 00 00
00000010: 29 20 22 20 00 00 00 00 00 00 00 26 00 00 00 0a 00000010: 29 20 22 20 00 00 00 00 00 00 00 26 00 00 00 0a
00000020: 00 00 00 11 00 21 00000020: 00 00 00 11 00 21
]]>
</sourcecode> </sourcecode>
</li> </li>
</ol> </ol>
<t>Initiator's actions:</t> <t indent="0" pn="section-appendix.a.2.1-6">Initiator's actions:</t>
<ol type="(%d)" group="data5.txt"> <ol type="(%d)" group="data5.txt" start="10" indent="adaptive" spacing
<li> ="normal" pn="section-appendix.a.2.1-7">
<li pn="section-appendix.a.2.1-7.1" derivedCounter="(10)">
<t indent="0" pn="section-appendix.a.2.1-7.1.1">
Parses received message Parses received message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-7.1.2">
IKE SA Init IKE SA Init
9280E0822E758778.0000000000000000.00000000 IKEv2 R=>I[38] 9280E0822E758778.0000000000000000.00000000 IKEv2 R=&gt;I[38]
N[10](INVALID_KE_PAYLOAD){GOST3410_2012_256}} N[10](INVALID_KE_PAYLOAD){GOST3410_2012_256}}
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-7.2" derivedCounter="(11)">
<t indent="0" pn="section-appendix.a.2.1-7.2.1">
Generates ephemeral private key (256 bit) Generates ephemeral private key (256 bit)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-7.2.2">
00000000: b9 7c ac df 01 43 44 dd 54 92 33 63 4a 6e da 64 00000000: b9 7c ac df 01 43 44 dd 54 92 33 63 4a 6e da 64
00000010: 38 5b 6a 9c c0 3c 6c 41 c5 02 eb 63 d1 e6 24 21 00000010: 38 5b 6a 9c c0 3c 6c 41 c5 02 eb 63 d1 e6 24 21
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-7.3" derivedCounter="(12)">
<t indent="0" pn="section-appendix.a.2.1-7.3.1">
Computes public key Computes public key
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-7.3.2">
00000000: 7d b0 49 81 88 6d 1b 02 b2 a6 35 c5 8b ea 90 8c 00000000: 7d b0 49 81 88 6d 1b 02 b2 a6 35 c5 8b ea 90 8c
00000010: 3e 16 de e5 43 13 22 0b ad f5 89 9f 7f 85 54 2d 00000010: 3e 16 de e5 43 13 22 0b ad f5 89 9f 7f 85 54 2d
00000020: 3e db 1e de 85 f7 d5 5d 6f 83 c5 d0 31 bd 31 49 00000020: 3e db 1e de 85 f7 d5 5d 6f 83 c5 d0 31 bd 31 49
00000030: dd 29 c5 16 16 7d ec 86 16 d8 85 e6 e4 50 ab 46 00000030: dd 29 c5 16 16 7d ec 86 16 d8 85 e6 e4 50 ab 46
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-7.4" derivedCounter="(13)">
<t indent="0" pn="section-appendix.a.2.1-7.4.1">
Creates message Creates message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-7.4.2">
IKE SA Init IKE SA Init
9280E0822E758778.0000000000000000.00000000 IKEv2 R<-I[264] 9280E0822E758778.0000000000000000.00000000 IKEv2 R&lt;-I[264]
SA[52]{ SA[52]{
P[48](#1:IKE::5#){ P[48](#1:IKE::5#){
Encryption=ENCR_KUZNYECHIK_MGM_KTREE, Encryption=ENCR_KUZNYECHIK_MGM_KTREE,
ENCR_MAGMA_MGM_KTREE, ENCR_MAGMA_MGM_KTREE,
PRF=PRF_HMAC_STREEBOG_512, PRF=PRF_HMAC_STREEBOG_512,
KE=GOST3410_2012_512, KE=GOST3410_2012_512,
GOST3410_2012_256}}, GOST3410_2012_256}},
KE[72](GOST3410_2012_256){7DB049...50AB46}, KE[72](GOST3410_2012_256){7DB049...50AB46},
NONCE[36]{9844D5...CC011F}, NONCE[36]{9844D5...CC011F},
N[28](NAT_DETECTION_SOURCE_IP){000000...000000}, N[28](NAT_DETECTION_SOURCE_IP){000000...000000},
N[28](NAT_DETECTION_DESTINATION_IP){7D2124...4E6F10}, N[28](NAT_DETECTION_DESTINATION_IP){7D2124...4E6F10},
N[8](IKEV2_FRAGMENTATION_SUPPORTED), N[8](IKEV2_FRAGMENTATION_SUPPORTED),
N[12](SIGNATURE_HASH_ALGORITHMS){STREEBOG_256, STREEBOG_512} N[12](SIGNATURE_HASH_ALGORITHMS){STREEBOG_256, STREEBOG_512}
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-7.5" derivedCounter="(14)">
Sends message, peer receives message<sourcecode type="test-vectors"> <t indent="0" pn="section-appendix.a.2.1-7.5.1">
<![CDATA[ Sends message, peer receives message</t>
10.111.10.171:54294->10.111.15.45:500 [264] <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-7.5.2">
10.111.10.171:54294-&gt;10.111.15.45:500 [264]
00000000: 92 80 e0 82 2e 75 87 78 00 00 00 00 00 00 00 00 00000000: 92 80 e0 82 2e 75 87 78 00 00 00 00 00 00 00 00
00000010: 21 20 22 08 00 00 00 00 00 00 01 08 22 00 00 34 00000010: 21 20 22 08 00 00 00 00 00 00 01 08 22 00 00 34
00000020: 00 00 00 30 01 01 00 05 03 00 00 08 01 00 00 20 00000020: 00 00 00 30 01 01 00 05 03 00 00 08 01 00 00 20
00000030: 03 00 00 08 01 00 00 21 03 00 00 08 02 00 00 09 00000030: 03 00 00 08 01 00 00 21 03 00 00 08 02 00 00 09
00000040: 03 00 00 08 04 00 00 22 00 00 00 08 04 00 00 21 00000040: 03 00 00 08 04 00 00 22 00 00 00 08 04 00 00 21
00000050: 28 00 00 48 00 21 00 00 7d b0 49 81 88 6d 1b 02 00000050: 28 00 00 48 00 21 00 00 7d b0 49 81 88 6d 1b 02
00000060: b2 a6 35 c5 8b ea 90 8c 3e 16 de e5 43 13 22 0b 00000060: b2 a6 35 c5 8b ea 90 8c 3e 16 de e5 43 13 22 0b
00000070: ad f5 89 9f 7f 85 54 2d 3e db 1e de 85 f7 d5 5d 00000070: ad f5 89 9f 7f 85 54 2d 3e db 1e de 85 f7 d5 5d
00000080: 6f 83 c5 d0 31 bd 31 49 dd 29 c5 16 16 7d ec 86 00000080: 6f 83 c5 d0 31 bd 31 49 dd 29 c5 16 16 7d ec 86
00000090: 16 d8 85 e6 e4 50 ab 46 29 00 00 24 98 44 d5 40 00000090: 16 d8 85 e6 e4 50 ab 46 29 00 00 24 98 44 d5 40
000000A0: ef 89 46 f4 55 20 0a 55 73 dc ad 73 dd 2a 6f a8 000000A0: ef 89 46 f4 55 20 0a 55 73 dc ad 73 dd 2a 6f a8
000000B0: 31 f8 49 05 f5 8e 17 a2 6c cc 01 1f 29 00 00 1c 000000B0: 31 f8 49 05 f5 8e 17 a2 6c cc 01 1f 29 00 00 1c
000000C0: 00 00 40 04 00 00 00 00 00 00 00 00 00 00 00 00 000000C0: 00 00 40 04 00 00 00 00 00 00 00 00 00 00 00 00
000000D0: 00 00 00 00 00 00 00 00 29 00 00 1c 00 00 40 05 000000D0: 00 00 00 00 00 00 00 00 29 00 00 1c 00 00 40 05
000000E0: 7d 21 24 87 89 d7 95 71 bd a2 2d 22 9d 51 d0 71 000000E0: 7d 21 24 87 89 d7 95 71 bd a2 2d 22 9d 51 d0 71
000000F0: e9 4e 6f 10 29 00 00 08 00 00 40 2e 00 00 00 0c 000000F0: e9 4e 6f 10 29 00 00 08 00 00 40 2e 00 00 00 0c
00000100: 00 00 40 2f 00 06 00 07 00000100: 00 00 40 2f 00 06 00 07
]]>
</sourcecode> </sourcecode>
</li> </li>
</ol> </ol>
<t>Responder's actions:</t> <t indent="0" pn="section-appendix.a.2.1-8">Responder's actions:</t>
<ol type="(%d)" group="data5.txt"> <ol type="(%d)" group="data5.txt" start="15" indent="adaptive" spacing
<li> ="normal" pn="section-appendix.a.2.1-9">
<li pn="section-appendix.a.2.1-9.1" derivedCounter="(15)">
<t indent="0" pn="section-appendix.a.2.1-9.1.1">
Parses received message Parses received message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-9.1.2">
IKE SA Init IKE SA Init
9280E0822E758778.0000000000000000.00000000 IKEv2 I->R[264] 9280E0822E758778.0000000000000000.00000000 IKEv2 I-&gt;R[264]
SA[52]{ SA[52]{
P[48](#1:IKE::5#){ P[48](#1:IKE::5#){
Encryption=ENCR_KUZNYECHIK_MGM_KTREE, Encryption=ENCR_KUZNYECHIK_MGM_KTREE,
ENCR_MAGMA_MGM_KTREE, ENCR_MAGMA_MGM_KTREE,
PRF=PRF_HMAC_STREEBOG_512, PRF=PRF_HMAC_STREEBOG_512,
KE=GOST3410_2012_512, KE=GOST3410_2012_512,
GOST3410_2012_256}}, GOST3410_2012_256}},
KE[72](GOST3410_2012_256){7DB049...50AB46}, KE[72](GOST3410_2012_256){7DB049...50AB46},
NONCE[36]{9844D5...CC011F}, NONCE[36]{9844D5...CC011F},
N[28](NAT_DETECTION_SOURCE_IP){000000...000000}, N[28](NAT_DETECTION_SOURCE_IP){000000...000000},
N[28](NAT_DETECTION_DESTINATION_IP){7D2124...4E6F10}, N[28](NAT_DETECTION_DESTINATION_IP){7D2124...4E6F10},
N[8](IKEV2_FRAGMENTATION_SUPPORTED), N[8](IKEV2_FRAGMENTATION_SUPPORTED),
N[12](SIGNATURE_HASH_ALGORITHMS){STREEBOG_256, STREEBOG_512} N[12](SIGNATURE_HASH_ALGORITHMS){STREEBOG_256, STREEBOG_512}
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-9.2" derivedCounter="(16)">
<t indent="0" pn="section-appendix.a.2.1-9.2.1">
Generates random SPIr for IKE SA Generates random SPIr for IKE SA
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-9.2.2">
00000000: db 57 8d 97 de 11 9d 1e 00000000: db 57 8d 97 de 11 9d 1e
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-9.3" derivedCounter="(17)">
<t indent="0" pn="section-appendix.a.2.1-9.3.1">
Generates random IKE nonce Nr Generates random IKE nonce Nr
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-9.3.2">
00000000: 6c de 24 c1 2c 0a 10 d5 c3 fe 55 e8 7e 90 30 66 00000000: 6c de 24 c1 2c 0a 10 d5 c3 fe 55 e8 7e 90 30 66
00000010: ee 54 5b 24 1c 3c 01 dd b3 98 06 ae d3 b5 00 48 00000010: ee 54 5b 24 1c 3c 01 dd b3 98 06 ae d3 b5 00 48
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-9.4" derivedCounter="(18)">
<t indent="0" pn="section-appendix.a.2.1-9.4.1">
Generates ephemeral private key Generates ephemeral private key
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-9.4.2">
00000000: 46 fd 19 da 1c 77 e8 4c 12 69 cf c8 a2 2a 0b e9 00000000: 46 fd 19 da 1c 77 e8 4c 12 69 cf c8 a2 2a 0b e9
00000010: 70 db c1 2c 9f 6d 88 0a 70 71 22 03 68 c6 fd 2d 00000010: 70 db c1 2c 9f 6d 88 0a 70 71 22 03 68 c6 fd 2d
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-9.5" derivedCounter="(19)">
<t indent="0" pn="section-appendix.a.2.1-9.5.1">
Computes public key Computes public key
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-9.5.2">
00000000: 49 c2 40 f6 ac 35 f1 70 a7 c2 37 5e 9a 78 3c 09 00000000: 49 c2 40 f6 ac 35 f1 70 a7 c2 37 5e 9a 78 3c 09
00000010: 59 8d 55 3b 30 5b 64 58 db 2f 3c 36 f4 b1 db ad 00000010: 59 8d 55 3b 30 5b 64 58 db 2f 3c 36 f4 b1 db ad
00000020: ff c8 f4 b2 bd 14 cf 96 5b b2 d6 80 51 69 67 06 00000020: ff c8 f4 b2 bd 14 cf 96 5b b2 d6 80 51 69 67 06
00000030: bd 16 39 0e 6d 07 83 e4 9d ed fd 04 f1 9e 07 a2 00000030: bd 16 39 0e 6d 07 83 e4 9d ed fd 04 f1 9e 07 a2
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-9.6" derivedCounter="(20)">
<t indent="0" pn="section-appendix.a.2.1-9.6.1">
Computes hash of CA public key Computes hash of CA public key
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-9.6.2">
00000000: 5e 9e 50 5f 58 b0 a5 7a 33 45 83 49 66 0f 1c 3c 00000000: 5e 9e 50 5f 58 b0 a5 7a 33 45 83 49 66 0f 1c 3c
00000010: 7a 67 71 98 00000010: 7a 67 71 98
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-9.7" derivedCounter="(21)">
<t indent="0" pn="section-appendix.a.2.1-9.7.1">
Creates message Creates message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-9.7.2">
IKE SA Init IKE SA Init
9280E0822E758778.DB578D97DE119D1E.00000000 IKEv2 I<=R[273] 9280E0822E758778.DB578D97DE119D1E.00000000 IKEv2 I&lt;=R[273]
SA[36]{ SA[36]{
P[32](#1:IKE::3#){ P[32](#1:IKE::3#){
Encryption=ENCR_MAGMA_MGM_KTREE, Encryption=ENCR_MAGMA_MGM_KTREE,
PRF=PRF_HMAC_STREEBOG_512, PRF=PRF_HMAC_STREEBOG_512,
KE=GOST3410_2012_256}}, KE=GOST3410_2012_256}},
KE[72](GOST3410_2012_256){49C240...9E07A2}, KE[72](GOST3410_2012_256){49C240...9E07A2},
NONCE[36]{6CDE24...B50048}, NONCE[36]{6CDE24...B50048},
N[28](NAT_DETECTION_SOURCE_IP){A4DCA3...2F5B3F}, N[28](NAT_DETECTION_SOURCE_IP){A4DCA3...2F5B3F},
N[28](NAT_DETECTION_DESTINATION_IP){BA7D7A...7AB7C9}, N[28](NAT_DETECTION_DESTINATION_IP){BA7D7A...7AB7C9},
CERTREQ[25](X.509 Cert){5E9E50...677198}, CERTREQ[25](X.509 Cert){5E9E50...677198},
N[8](IKEV2_FRAGMENTATION_SUPPORTED), N[8](IKEV2_FRAGMENTATION_SUPPORTED),
N[12](SIGNATURE_HASH_ALGORITHMS){STREEBOG_256, STREEBOG_512} N[12](SIGNATURE_HASH_ALGORITHMS){STREEBOG_256, STREEBOG_512}
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-9.8" derivedCounter="(22)">
Sends message, peer receives message<sourcecode type="test-vectors"> <t indent="0" pn="section-appendix.a.2.1-9.8.1">
<![CDATA[ Sends message, peer receives message</t>
10.111.10.171:54294<-10.111.15.45:500 [273] <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-9.8.2">
10.111.10.171:54294&lt;-10.111.15.45:500 [273]
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e 00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 21 20 22 20 00 00 00 00 00 00 01 11 22 00 00 24 00000010: 21 20 22 20 00 00 00 00 00 00 01 11 22 00 00 24
00000020: 00 00 00 20 01 01 00 03 03 00 00 08 01 00 00 21 00000020: 00 00 00 20 01 01 00 03 03 00 00 08 01 00 00 21
00000030: 03 00 00 08 02 00 00 09 00 00 00 08 04 00 00 21 00000030: 03 00 00 08 02 00 00 09 00 00 00 08 04 00 00 21
00000040: 28 00 00 48 00 21 00 00 49 c2 40 f6 ac 35 f1 70 00000040: 28 00 00 48 00 21 00 00 49 c2 40 f6 ac 35 f1 70
00000050: a7 c2 37 5e 9a 78 3c 09 59 8d 55 3b 30 5b 64 58 00000050: a7 c2 37 5e 9a 78 3c 09 59 8d 55 3b 30 5b 64 58
00000060: db 2f 3c 36 f4 b1 db ad ff c8 f4 b2 bd 14 cf 96 00000060: db 2f 3c 36 f4 b1 db ad ff c8 f4 b2 bd 14 cf 96
00000070: 5b b2 d6 80 51 69 67 06 bd 16 39 0e 6d 07 83 e4 00000070: 5b b2 d6 80 51 69 67 06 bd 16 39 0e 6d 07 83 e4
00000080: 9d ed fd 04 f1 9e 07 a2 29 00 00 24 6c de 24 c1 00000080: 9d ed fd 04 f1 9e 07 a2 29 00 00 24 6c de 24 c1
00000090: 2c 0a 10 d5 c3 fe 55 e8 7e 90 30 66 ee 54 5b 24 00000090: 2c 0a 10 d5 c3 fe 55 e8 7e 90 30 66 ee 54 5b 24
000000A0: 1c 3c 01 dd b3 98 06 ae d3 b5 00 48 29 00 00 1c 000000A0: 1c 3c 01 dd b3 98 06 ae d3 b5 00 48 29 00 00 1c
000000B0: 00 00 40 04 a4 dc a3 62 54 e8 4b 53 2b ff e7 d2 000000B0: 00 00 40 04 a4 dc a3 62 54 e8 4b 53 2b ff e7 d2
000000C0: 26 83 f3 8f 28 2f 5b 3f 26 00 00 1c 00 00 40 05 000000C0: 26 83 f3 8f 28 2f 5b 3f 26 00 00 1c 00 00 40 05
000000D0: ba 7d 7a b8 48 82 72 f6 30 91 b6 ae 2b dd fb 48 000000D0: ba 7d 7a b8 48 82 72 f6 30 91 b6 ae 2b dd fb 48
000000E0: ba 7a b7 c9 29 00 00 19 04 5e 9e 50 5f 58 b0 a5 000000E0: ba 7a b7 c9 29 00 00 19 04 5e 9e 50 5f 58 b0 a5
000000F0: 7a 33 45 83 49 66 0f 1c 3c 7a 67 71 98 29 00 00 000000F0: 7a 33 45 83 49 66 0f 1c 3c 7a 67 71 98 29 00 00
00000100: 08 00 00 40 2e 00 00 00 0c 00 00 40 2f 00 06 00 00000100: 08 00 00 40 2e 00 00 00 0c 00 00 40 2f 00 06 00
00000110: 07 00000110: 07
]]>
</sourcecode> </sourcecode>
</li> </li>
</ol> </ol>
<t>Initiator's actions:</t> <t indent="0" pn="section-appendix.a.2.1-10">Initiator's actions:</t>
<ol type="(%d)" group="data5.txt"> <ol type="(%d)" group="data5.txt" start="23" indent="adaptive" spacing
<li> ="normal" pn="section-appendix.a.2.1-11">
<li pn="section-appendix.a.2.1-11.1" derivedCounter="(23)">
<t indent="0" pn="section-appendix.a.2.1-11.1.1">
Parses received message Parses received message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-11.1.2">
IKE SA Init IKE SA Init
9280E0822E758778.DB578D97DE119D1E.00000000 IKEv2 R=>I[273] 9280E0822E758778.DB578D97DE119D1E.00000000 IKEv2 R=&gt;I[273]
SA[36]{ SA[36]{
P[32](#1:IKE::3#){ P[32](#1:IKE::3#){
Encryption=ENCR_MAGMA_MGM_KTREE, Encryption=ENCR_MAGMA_MGM_KTREE,
PRF=PRF_HMAC_STREEBOG_512, PRF=PRF_HMAC_STREEBOG_512,
KE=GOST3410_2012_256}}, KE=GOST3410_2012_256}},
KE[72](GOST3410_2012_256){49C240...9E07A2}, KE[72](GOST3410_2012_256){49C240...9E07A2},
NONCE[36]{6CDE24...B50048}, NONCE[36]{6CDE24...B50048},
N[28](NAT_DETECTION_SOURCE_IP){A4DCA3...2F5B3F}, N[28](NAT_DETECTION_SOURCE_IP){A4DCA3...2F5B3F},
N[28](NAT_DETECTION_DESTINATION_IP){BA7D7A...7AB7C9}, N[28](NAT_DETECTION_DESTINATION_IP){BA7D7A...7AB7C9},
CERTREQ[25](X.509 Cert){5E9E50...677198}, CERTREQ[25](X.509 Cert){5E9E50...677198},
N[8](IKEV2_FRAGMENTATION_SUPPORTED), N[8](IKEV2_FRAGMENTATION_SUPPORTED),
N[12](SIGNATURE_HASH_ALGORITHMS){STREEBOG_256, STREEBOG_512} N[12](SIGNATURE_HASH_ALGORITHMS){STREEBOG_256, STREEBOG_512}
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-11.2" derivedCounter="(24)">
<t indent="0" pn="section-appendix.a.2.1-11.2.1">
Computes shared key Computes shared key
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-11.2.2">
00000000: bd 04 9d 0f 9c 5f 58 af c7 e4 01 bc 18 59 01 7c 00000000: bd 04 9d 0f 9c 5f 58 af c7 e4 01 bc 18 59 01 7c
00000010: 88 28 f9 f2 9f 33 01 5d 49 9a 7d 14 74 d4 31 ac 00000010: 88 28 f9 f2 9f 33 01 5d 49 9a 7d 14 74 d4 31 ac
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-11.3" derivedCounter="(25)">
<t indent="0" pn="section-appendix.a.2.1-11.3.1">
Computes SKEYSEED Computes SKEYSEED
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-11.3.2">
00000000: 9b ed 6c 79 64 b3 de 3a e4 9e dd 62 04 5a f0 8b 00000000: 9b ed 6c 79 64 b3 de 3a e4 9e dd 62 04 5a f0 8b
00000010: 43 88 33 d4 e6 9e 73 16 a1 1a 9e b2 b4 19 13 c5 00000010: 43 88 33 d4 e6 9e 73 16 a1 1a 9e b2 b4 19 13 c5
00000020: d0 6d fb 86 40 11 c3 02 bb e5 a3 b5 e4 4a c4 c0 00000020: d0 6d fb 86 40 11 c3 02 bb e5 a3 b5 e4 4a c4 c0
00000030: 9d 18 c6 94 de c3 c5 14 82 e7 a2 51 fe c4 98 ca 00000030: 9d 18 c6 94 de c3 c5 14 82 e7 a2 51 fe c4 98 ca
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-11.4" derivedCounter="(26)">
<t indent="0" pn="section-appendix.a.2.1-11.4.1">
Computes SK_d Computes SK_d
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-11.4.2">
00000000: c2 21 15 fd d3 99 3b 2a 43 60 c4 59 34 b0 be 3f 00000000: c2 21 15 fd d3 99 3b 2a 43 60 c4 59 34 b0 be 3f
00000010: 53 ef 6e b1 dd 88 ad 72 55 dd 83 22 5c 6f e1 d6 00000010: 53 ef 6e b1 dd 88 ad 72 55 dd 83 22 5c 6f e1 d6
00000020: 1f 1e ab 06 f9 41 cb c8 ea f9 dc fc 19 a0 2d bf 00000020: 1f 1e ab 06 f9 41 cb c8 ea f9 dc fc 19 a0 2d bf
00000030: 9a 0a 3f 3a 9a 45 1f 08 b6 a9 2c 62 52 b7 26 34 00000030: 9a 0a 3f 3a 9a 45 1f 08 b6 a9 2c 62 52 b7 26 34
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-11.5" derivedCounter="(27)">
<t indent="0" pn="section-appendix.a.2.1-11.5.1">
Computes SK_ei Computes SK_ei
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-11.5.2">
00000000: 18 4e 4e 0f 36 28 bf 3c 9c 04 8e 93 bf a0 77 53 00000000: 18 4e 4e 0f 36 28 bf 3c 9c 04 8e 93 bf a0 77 53
00000010: 91 34 12 81 42 e6 4e 62 7f db a5 ed 98 60 50 ff 00000010: 91 34 12 81 42 e6 4e 62 7f db a5 ed 98 60 50 ff
00000020: b4 e1 3e 23 00000020: b4 e1 3e 23
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-11.6" derivedCounter="(28)">
<t indent="0" pn="section-appendix.a.2.1-11.6.1">
Computes SK_er Computes SK_er
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-11.6.2">
00000000: e9 27 59 2f 09 49 68 1e 0e 62 db c6 19 06 73 13 00000000: e9 27 59 2f 09 49 68 1e 0e 62 db c6 19 06 73 13
00000010: cf da 5c 02 27 3e 4a b4 78 98 b4 86 d0 e9 34 f4 00000010: cf da 5c 02 27 3e 4a b4 78 98 b4 86 d0 e9 34 f4
00000020: a5 bb 18 2f 00000020: a5 bb 18 2f
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-11.7" derivedCounter="(29)">
<t indent="0" pn="section-appendix.a.2.1-11.7.1">
Computes SK_pi Computes SK_pi
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-11.7.2">
00000000: 30 2c 10 8d 0f 61 47 00 f1 40 4f a9 4f af b5 30 00000000: 30 2c 10 8d 0f 61 47 00 f1 40 4f a9 4f af b5 30
00000010: 11 ba 5f 24 39 32 85 12 4e 7e 71 75 50 15 a6 93 00000010: 11 ba 5f 24 39 32 85 12 4e 7e 71 75 50 15 a6 93
00000020: c3 d0 5e 40 2e 21 8e b1 59 09 cd a4 eb b4 91 68 00000020: c3 d0 5e 40 2e 21 8e b1 59 09 cd a4 eb b4 91 68
00000030: 29 42 fe e2 d8 76 8f a6 96 55 1f ab 6c 9b 00 f8 00000030: 29 42 fe e2 d8 76 8f a6 96 55 1f ab 6c 9b 00 f8
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-11.8" derivedCounter="(30)">
<t indent="0" pn="section-appendix.a.2.1-11.8.1">
Computes SK_pr Computes SK_pr
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-11.8.2">
00000000: 6f 81 72 cb 96 58 fb 0e 17 70 b6 b9 1f a9 69 a9 00000000: 6f 81 72 cb 96 58 fb 0e 17 70 b6 b9 1f a9 69 a9
00000010: fc c7 27 4f b4 e1 85 90 a0 c7 9f f9 72 11 61 2a 00000010: fc c7 27 4f b4 e1 85 90 a0 c7 9f f9 72 11 61 2a
00000020: 35 b7 b7 96 d3 6a bb a5 aa b1 b8 34 8d 99 c6 f3 00000020: 35 b7 b7 96 d3 6a bb a5 aa b1 b8 34 8d 99 c6 f3
00000030: 2b fc 32 56 c1 94 71 04 55 bd 89 6a bf c3 8b fe 00000030: 2b fc 32 56 c1 94 71 04 55 bd 89 6a bf c3 8b fe
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-11.9" derivedCounter="(31)">
<t indent="0" pn="section-appendix.a.2.1-11.9.1">
Computes prf(SK_pi, IDi) Computes prf(SK_pi, IDi)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-11.9.2">
00000000: ce e8 8b d1 7e 3c 83 32 eb d1 29 08 de dc 71 f4 00000000: ce e8 8b d1 7e 3c 83 32 eb d1 29 08 de dc 71 f4
00000010: 8f ba 09 b8 ca 5b 10 e2 f4 44 29 5c 97 7b 26 01 00000010: 8f ba 09 b8 ca 5b 10 e2 f4 44 29 5c 97 7b 26 01
00000020: a4 ba 83 c8 ea 40 92 0f 88 18 bd e7 e1 c9 45 cf 00000020: a4 ba 83 c8 ea 40 92 0f 88 18 bd e7 e1 c9 45 cf
00000030: ff 99 48 05 0d f4 93 a6 cd 54 46 d7 eb 7a 52 94 00000030: ff 99 48 05 0d f4 93 a6 cd 54 46 d7 eb 7a 52 94
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-11.10" derivedCounter="(32)">
<t indent="0" pn="section-appendix.a.2.1-11.10.1">
Uses private key for signing (little endian) Uses private key for signing (little endian)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-11.10.2">
00000000: 76 E9 DD B3 F3 A2 08 A2 4E A5 81 9C AE 41 DA B4 00000000: 76 E9 DD B3 F3 A2 08 A2 4E A5 81 9C AE 41 DA B4
00000010: 77 3C 1D D5 DC EB AF E6 58 B1 47 D2 D8 29 CE 71 00000010: 77 3C 1D D5 DC EB AF E6 58 B1 47 D2 D8 29 CE 71
00000020: 18 A9 85 5D 28 5B 3C E3 23 BD 80 AC 2F 00 CC B6 00000020: 18 A9 85 5D 28 5B 3C E3 23 BD 80 AC 2F 00 CC B6
00000030: 61 4C 42 A1 65 61 02 CF 33 EB 1F 5F 02 CE 8A B9 00000030: 61 4C 42 A1 65 61 02 CF 33 EB 1F 5F 02 CE 8A B9
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-11.11" derivedCounter="(33)">
<t indent="0" pn="section-appendix.a.2.1-11.11.1">
Uses random number for signing Uses random number for signing
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-11.11.2">
00000000: 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 00000000: 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01
00000010: 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 00000010: 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01
00000020: 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 00000020: 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01
00000030: 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 00000030: 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-11.12" derivedCounter="(34)">
<t indent="0" pn="section-appendix.a.2.1-11.12.1">
Computes signature using algorithm id-tc26-signwithdigest-gost3410-12-512 Computes signature using algorithm id-tc26-signwithdigest-gost3410-12-512
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-11.12.2">
00000000: 6a 3e 59 0d 72 1e 55 a3 c0 d1 2f 8a 9b 4e 44 10 00000000: 6a 3e 59 0d 72 1e 55 a3 c0 d1 2f 8a 9b 4e 44 10
00000010: 58 59 bd 62 9e e7 12 31 e5 7d 01 53 f3 84 40 dd 00000010: 58 59 bd 62 9e e7 12 31 e5 7d 01 53 f3 84 40 dd
00000020: ac 73 ed 09 3a 10 d9 6e 7f eb 80 6c 11 9e 91 f3 00000020: ac 73 ed 09 3a 10 d9 6e 7f eb 80 6c 11 9e 91 f3
00000030: 7c 3c b0 55 f7 4b ec 0e 78 36 10 95 02 09 86 b3 00000030: 7c 3c b0 55 f7 4b ec 0e 78 36 10 95 02 09 86 b3
00000040: 27 04 2a 83 3c 89 36 1b 73 cf 7b c9 e0 df a2 07 00000040: 27 04 2a 83 3c 89 36 1b 73 cf 7b c9 e0 df a2 07
00000050: 12 1e 69 52 4d 89 1b de 6e 48 d1 34 fa 21 78 22 00000050: 12 1e 69 52 4d 89 1b de 6e 48 d1 34 fa 21 78 22
00000060: 88 2e 30 86 c0 80 0a 2d 74 af 08 ff 35 75 a5 79 00000060: 88 2e 30 86 c0 80 0a 2d 74 af 08 ff 35 75 a5 79
00000070: e3 85 40 22 6b a8 42 f6 72 24 bf 29 87 58 a8 20 00000070: e3 85 40 22 6b a8 42 f6 72 24 bf 29 87 58 a8 20
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-11.13" derivedCounter="(35)">
<t indent="0" pn="section-appendix.a.2.1-11.13.1">
Computes K1i (i1 = 0) Computes K1i (i1 = 0)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-11.13.2">
00000000: 3c 57 d7 c8 9f 50 98 fc 86 81 d6 8a 4e 5d 83 c6 00000000: 3c 57 d7 c8 9f 50 98 fc 86 81 d6 8a 4e 5d 83 c6
00000010: 1e 42 e6 e7 60 67 05 8d f5 2e 10 13 12 15 32 58 00000010: 1e 42 e6 e7 60 67 05 8d f5 2e 10 13 12 15 32 58
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-11.14" derivedCounter="(36)">
<t indent="0" pn="section-appendix.a.2.1-11.14.1">
Computes K2i (i2 = 0) Computes K2i (i2 = 0)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-11.14.2">
00000000: 0b 88 0a 1b c8 3e 61 79 82 08 db 13 31 08 63 3c 00000000: 0b 88 0a 1b c8 3e 61 79 82 08 db 13 31 08 63 3c
00000010: 17 62 17 cb 7d 18 ce 70 37 84 85 f4 89 49 d0 06 00000010: 17 62 17 cb 7d 18 ce 70 37 84 85 f4 89 49 d0 06
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-11.15" derivedCounter="(37)">
<t indent="0" pn="section-appendix.a.2.1-11.15.1">
Computes K3i (i3 = 0) Computes K3i (i3 = 0)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-11.15.2">
00000000: 18 63 41 67 49 6e cf 48 56 71 4d aa 42 63 5c 11 00000000: 18 63 41 67 49 6e cf 48 56 71 4d aa 42 63 5c 11
00000010: 2e 26 5b e2 7b c7 53 a4 09 82 e5 5a 7e f4 65 4d 00000010: 2e 26 5b e2 7b c7 53 a4 09 82 e5 5a 7e f4 65 4d
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-11.16" derivedCounter="(38)">
<t indent="0" pn="section-appendix.a.2.1-11.16.1">
Selects SPI for incoming ESP SA Selects SPI for incoming ESP SA
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-11.16.2">
00000000: 6c 0c a5 70 00000000: 6c 0c a5 70
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-11.17" derivedCounter="(39)">
<t indent="0" pn="section-appendix.a.2.1-11.17.1">
Computes hash of CA public key Computes hash of CA public key
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-11.17.2">
00000000: 5e 9e 50 5f 58 b0 a5 7a 33 45 83 49 66 0f 1c 3c 00000000: 5e 9e 50 5f 58 b0 a5 7a 33 45 83 49 66 0f 1c 3c
00000010: 7a 67 71 98 00000010: 7a 67 71 98
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-11.18" derivedCounter="(40)">
<t indent="0" pn="section-appendix.a.2.1-11.18.1">
Creates message splitting it into 4 fragments Creates message splitting it into 4 fragments
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-11.18.2">
IKE SA Auth IKE SA Auth
#9280E0822E758778.DB578D97DE119D1E.00000001 IKEv2 R<-I[1847] #9280E0822E758778.DB578D97DE119D1E.00000001 IKEv2 R&lt;-I[1847]
E[1819]->4*EF[...]{ E[1819]-&gt;4*EF[...]{
IDi[78](DN){CN=IKE Interop Test Client,O=ELVIS-PLUS,C=RU}, IDi[78](DN){CN=IKE Interop Test Client,O=ELVIS-PLUS,C=RU},
CERT[1280](X.509 Cert){308204...A6C40A}, CERT[1280](X.509 Cert){308204...A6C40A},
CERTREQ[25](X.509 Cert){5E9E50...677198}, CERTREQ[25](X.509 Cert){5E9E50...677198},
IDr[78](DN){CN=IKE Interop Test Server,O=ELVIS-PLUS,C=RU}, IDr[78](DN){CN=IKE Interop Test Server,O=ELVIS-PLUS,C=RU},
AUTH[149](Sig){id-tc26-signwithdigest-gost3410-12-512[12]: AUTH[149](Sig){id-tc26-signwithdigest-gost3410-12-512[12]:
6A3E59...58A820}, 6A3E59...58A820},
N[8](INITIAL_CONTACT), N[8](INITIAL_CONTACT),
N[12](SET_WINDOW_SIZE){4}, N[12](SET_WINDOW_SIZE){4},
CP[16](REQUEST){IP4.Address[0], IP4.DNS[0]}, CP[16](REQUEST){IP4.Address[0], IP4.DNS[0]},
SA[56]{ SA[56]{
P[52](#1:ESP:6C0CA570:5#){ P[52](#1:ESP:6C0CA570:5#){
Encryption=ENCR_KUZNYECHIK_MGM_KTREE, Encryption=ENCR_KUZNYECHIK_MGM_KTREE,
ENCR_MAGMA_MGM_KTREE, ENCR_MAGMA_MGM_KTREE,
ENCR_KUZNYECHIK_MGM_MAC_KTREE, ENCR_KUZNYECHIK_MGM_MAC_KTREE,
ENCR_MAGMA_MGM_MAC_KTREE, ENCR_MAGMA_MGM_MAC_KTREE,
ESN=Off}}, ESN=Off}},
TSi[40](2#){10.111.10.171:icmp:8.0, 0.0.0.0-255.255.255.255}, TSi[40](2#){10.111.10.171:icmp:8.0, 0.0.0.0-255.255.255.255},
TSr[40](2#){10.0.0.2:icmp:8.0, 10.0.0.0-10.0.0.255}, TSr[40](2#){10.0.0.2:icmp:8.0, 10.0.0.0-10.0.0.255},
N[8](ESP_TFC_PADDING_NOT_SUPPORTED), N[8](ESP_TFC_PADDING_NOT_SUPPORTED),
N[8](NON_FIRST_FRAGMENTS_ALSO)} N[8](NON_FIRST_FRAGMENTS_ALSO)}
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-11.19" derivedCounter="(41)">
<t indent="0" pn="section-appendix.a.2.1-11.19.1">
Composes MGM nonce (fragment 1) Composes MGM nonce (fragment 1)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-11.19.2">
00000000: 00 00 00 00 b4 e1 3e 23 00000000: 00 00 00 00 b4 e1 3e 23
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-11.20" derivedCounter="(42)">
<t indent="0" pn="section-appendix.a.2.1-11.20.1">
Composes AAD (fragment 1) Composes AAD (fragment 1)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-11.20.2">
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e 00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 35 20 23 08 00 00 00 01 00 00 02 20 23 00 02 04 00000010: 35 20 23 08 00 00 00 01 00 00 02 20 23 00 02 04
00000020: 00 01 00 04 00000020: 00 01 00 04
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-11.21" derivedCounter="(43)">
<t indent="0" pn="section-appendix.a.2.1-11.21.1">
Composes plaintext (fragment 1) Composes plaintext (fragment 1)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-11.21.2">
00000000: 25 00 00 4e 09 00 00 00 30 44 31 20 30 1e 06 03 00000000: 25 00 00 4e 09 00 00 00 30 44 31 20 30 1e 06 03
00000010: 55 04 03 13 17 49 4b 45 20 49 6e 74 65 72 6f 70 00000010: 55 04 03 13 17 49 4b 45 20 49 6e 74 65 72 6f 70
00000020: 20 54 65 73 74 20 43 6c 69 65 6e 74 31 13 30 11 00000020: 20 54 65 73 74 20 43 6c 69 65 6e 74 31 13 30 11
00000030: 06 03 55 04 0a 13 0a 45 4c 56 49 53 2d 50 4c 55 00000030: 06 03 55 04 0a 13 0a 45 4c 56 49 53 2d 50 4c 55
00000040: 53 31 0b 30 09 06 03 55 04 06 13 02 52 55 26 00 00000040: 53 31 0b 30 09 06 03 55 04 06 13 02 52 55 26 00
00000050: 05 00 04 30 82 04 f7 30 82 04 a4 a0 03 02 01 02 00000050: 05 00 04 30 82 04 f7 30 82 04 a4 a0 03 02 01 02
00000060: 02 13 7c 00 03 da a8 9e 1e ff 9e 79 05 fb bb 00 00000060: 02 13 7c 00 03 da a8 9e 1e ff 9e 79 05 fb bb 00
00000070: 01 00 03 da a8 30 0a 06 08 2a 85 03 07 01 01 03 00000070: 01 00 03 da a8 30 0a 06 08 2a 85 03 07 01 01 03
00000080: 02 30 82 01 0a 31 18 30 16 06 05 2a 85 03 64 01 00000080: 02 30 82 01 0a 31 18 30 16 06 05 2a 85 03 64 01
00000090: 12 0d 31 32 33 34 35 36 37 38 39 30 31 32 33 31 00000090: 12 0d 31 32 33 34 35 36 37 38 39 30 31 32 33 31
skipping to change at line 5076 skipping to change at line 5357
00000150: 9e 22 31 3b 30 39 06 03 55 04 03 0c 32 d0 a2 d0 00000150: 9e 22 31 3b 30 39 06 03 55 04 03 0c 32 d0 a2 d0
00000160: b5 d1 81 d1 82 d0 be d0 b2 d1 8b d0 b9 20 d0 a3 00000160: b5 d1 81 d1 82 d0 be d0 b2 d1 8b d0 b9 20 d0 a3
00000170: d0 a6 20 d0 9e d0 9e d0 9e 20 22 d0 9a d0 a0 d0 00000170: d0 a6 20 d0 9e d0 9e d0 9e 20 22 d0 9a d0 a0 d0
00000180: 98 d0 9f d0 a2 d0 9e 2d d0 9f d0 a0 d0 9e 22 30 00000180: 98 d0 9f d0 a2 d0 9e 2d d0 9f d0 a0 d0 9e 22 30
00000190: 1e 17 0d 32 31 31 30 30 31 30 36 31 30 31 30 5a 00000190: 1e 17 0d 32 31 31 30 30 31 30 36 31 30 31 30 5a
000001A0: 17 0d 32 32 30 31 30 31 30 36 32 30 31 30 5a 30 000001A0: 17 0d 32 32 30 31 30 31 30 36 32 30 31 30 5a 30
000001B0: 44 31 20 30 1e 06 03 55 04 03 13 17 49 4b 45 20 000001B0: 44 31 20 30 1e 06 03 55 04 03 13 17 49 4b 45 20
000001C0: 49 6e 74 65 72 6f 70 20 54 65 73 74 20 43 6c 69 000001C0: 49 6e 74 65 72 6f 70 20 54 65 73 74 20 43 6c 69
000001D0: 65 6e 74 31 13 30 11 06 03 55 04 0a 13 0a 45 4c 000001D0: 65 6e 74 31 13 30 11 06 03 55 04 0a 13 0a 45 4c
000001E0: 56 49 53 2d 50 4c 55 53 31 0b 30 00 000001E0: 56 49 53 2d 50 4c 55 53 31 0b 30 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-11.22" derivedCounter="(44)">
Encrypts plaintext using K3i as K_msg, resulted in ciphertext (fragment 1) <t indent="0" pn="section-appendix.a.2.1-11.22.1">
<sourcecode type="test-vectors"> Encrypts plaintext using K3i as K_msg, resulting in ciphertext (fragment 1)
<![CDATA[ </t>
<sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-11.22.2">
00000000: 03 45 60 11 15 25 f5 45 bb 0e f4 25 26 e2 14 8c 00000000: 03 45 60 11 15 25 f5 45 bb 0e f4 25 26 e2 14 8c
00000010: a7 01 82 f6 9c 6e 42 f1 a3 9b 9e ac a6 dd 0d 9c 00000010: a7 01 82 f6 9c 6e 42 f1 a3 9b 9e ac a6 dd 0d 9c
00000020: ff 79 15 ed b9 0c 81 a0 b4 29 61 fb 55 1b c1 73 00000020: ff 79 15 ed b9 0c 81 a0 b4 29 61 fb 55 1b c1 73
00000030: 4d de 1f b2 5f 1f cb 84 5d 12 24 85 52 c4 f2 1d 00000030: 4d de 1f b2 5f 1f cb 84 5d 12 24 85 52 c4 f2 1d
00000040: 01 a7 92 ad 55 4d 90 d0 58 d2 1a 5e f6 dc 4e 73 00000040: 01 a7 92 ad 55 4d 90 d0 58 d2 1a 5e f6 dc 4e 73
00000050: d4 9b 08 66 d7 64 de 10 e6 75 69 20 e3 7b 6c f0 00000050: d4 9b 08 66 d7 64 de 10 e6 75 69 20 e3 7b 6c f0
00000060: 4b 8b ff 60 39 f1 19 31 72 dd c1 09 33 5b 1d 56 00000060: 4b 8b ff 60 39 f1 19 31 72 dd c1 09 33 5b 1d 56
00000070: ee 0c 1c 42 d7 f3 04 d3 5b 9a 6e cf 7f b3 1f ac 00000070: ee 0c 1c 42 d7 f3 04 d3 5b 9a 6e cf 7f b3 1f ac
00000080: 34 a6 ee e0 ac 87 b8 88 99 75 a6 ae dc b5 30 38 00000080: 34 a6 ee e0 ac 87 b8 88 99 75 a6 ae dc b5 30 38
00000090: eb 3d 48 fd cc 69 64 f8 c6 61 ce e9 e1 24 ba aa 00000090: eb 3d 48 fd cc 69 64 f8 c6 61 ce e9 e1 24 ba aa
skipping to change at line 5114 skipping to change at line 5395
00000150: e1 98 3a b2 fb a8 fd 21 96 8a bf 3a 65 47 8a e9 00000150: e1 98 3a b2 fb a8 fd 21 96 8a bf 3a 65 47 8a e9
00000160: 69 60 44 02 2c ec 7a 86 74 fe 1d 9b 08 5e b8 5e 00000160: 69 60 44 02 2c ec 7a 86 74 fe 1d 9b 08 5e b8 5e
00000170: f8 ca 37 20 5f a7 74 8c 12 88 f2 d8 9e d4 94 29 00000170: f8 ca 37 20 5f a7 74 8c 12 88 f2 d8 9e d4 94 29
00000180: c2 db f9 fb 35 a0 cf 21 2b da 8b 9e cc 52 84 eb 00000180: c2 db f9 fb 35 a0 cf 21 2b da 8b 9e cc 52 84 eb
00000190: c4 12 39 3e e6 18 fb f7 57 6c b5 1e 10 3d 11 9c 00000190: c4 12 39 3e e6 18 fb f7 57 6c b5 1e 10 3d 11 9c
000001A0: 29 9c 41 73 69 d8 d0 9d 71 2b 77 66 87 65 51 19 000001A0: 29 9c 41 73 69 d8 d0 9d 71 2b 77 66 87 65 51 19
000001B0: db 27 a0 dd aa 64 ba fd c0 5f e1 4e da 7c 20 fc 000001B0: db 27 a0 dd aa 64 ba fd c0 5f e1 4e da 7c 20 fc
000001C0: 8c 13 ab 2d c2 9c 37 9d 7e 51 cb 29 03 10 52 dc 000001C0: 8c 13 ab 2d c2 9c 37 9d 7e 51 cb 29 03 10 52 dc
000001D0: f8 09 61 cc 12 9a a0 8e 1b e4 52 f8 72 bd 7a 86 000001D0: f8 09 61 cc 12 9a a0 8e 1b e4 52 f8 72 bd 7a 86
000001E0: db 93 7c 55 b8 1e 7f 21 d4 e6 02 f2 000001E0: db 93 7c 55 b8 1e 7f 21 d4 e6 02 f2
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-11.23" derivedCounter="(45)">
<t indent="0" pn="section-appendix.a.2.1-11.23.1">
Computes ICV using K3i as K_msg (fragment 1) Computes ICV using K3i as K_msg (fragment 1)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-11.23.2">
00000000: b1 51 cd e6 dc 64 12 1c 00000000: b1 51 cd e6 dc 64 12 1c
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-11.24" derivedCounter="(46)">
<t indent="0" pn="section-appendix.a.2.1-11.24.1">
Composes IV (fragment 1) Composes IV (fragment 1)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-11.24.2">
00000000: 00 00 00 00 00 00 00 00 00000000: 00 00 00 00 00 00 00 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-11.25" derivedCounter="(47)">
<t indent="0" pn="section-appendix.a.2.1-11.25.1">
Composes MGM nonce (fragment 2) Composes MGM nonce (fragment 2)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-11.25.2">
00000000: 00 00 00 01 b4 e1 3e 23 00000000: 00 00 00 01 b4 e1 3e 23
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-11.26" derivedCounter="(48)">
<t indent="0" pn="section-appendix.a.2.1-11.26.1">
Composes AAD (fragment 2) Composes AAD (fragment 2)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-11.26.2">
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e 00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 35 20 23 08 00 00 00 01 00 00 02 20 00 00 02 04 00000010: 35 20 23 08 00 00 00 01 00 00 02 20 00 00 02 04
00000020: 00 02 00 04 00000020: 00 02 00 04
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-11.27" derivedCounter="(49)">
<t indent="0" pn="section-appendix.a.2.1-11.27.1">
Composes plaintext (fragment 2) Composes plaintext (fragment 2)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-11.27.2">
00000000: 09 06 03 55 04 06 13 02 52 55 30 81 aa 30 21 06 00000000: 09 06 03 55 04 06 13 02 52 55 30 81 aa 30 21 06
00000010: 08 2a 85 03 07 01 01 01 02 30 15 06 09 2a 85 03 00000010: 08 2a 85 03 07 01 01 01 02 30 15 06 09 2a 85 03
00000020: 07 01 02 01 02 01 06 08 2a 85 03 07 01 01 02 03 00000020: 07 01 02 01 02 01 06 08 2a 85 03 07 01 01 02 03
00000030: 03 81 84 00 04 81 80 ee 2f 0a 0e 09 1e 7e 04 ef 00000030: 03 81 84 00 04 81 80 ee 2f 0a 0e 09 1e 7e 04 ef
00000040: ba 5b 62 a2 52 86 e1 9c 24 50 30 50 b0 b4 8a 37 00000040: ba 5b 62 a2 52 86 e1 9c 24 50 30 50 b0 b4 8a 37
00000050: 35 b5 fc af 28 94 ec b5 9b 92 41 5b 69 e2 c9 ba 00000050: 35 b5 fc af 28 94 ec b5 9b 92 41 5b 69 e2 c9 ba
00000060: 24 de 6a 72 c4 ef 44 bb 89 a1 05 14 1b 87 3d 6a 00000060: 24 de 6a 72 c4 ef 44 bb 89 a1 05 14 1b 87 3d 6a
00000070: a3 72 3e 17 ca 7f 39 28 ce 16 8b dd 07 52 87 6a 00000070: a3 72 3e 17 ca 7f 39 28 ce 16 8b dd 07 52 87 6a
00000080: 0d 77 42 6d 99 2b 46 2c fd 4b b2 7c d7 c7 17 08 00000080: 0d 77 42 6d 99 2b 46 2c fd 4b b2 7c d7 c7 17 08
00000090: 12 54 63 47 9d 14 3d 61 ed f2 95 ab 11 80 69 02 00000090: 12 54 63 47 9d 14 3d 61 ed f2 95 ab 11 80 69 02
skipping to change at line 5186 skipping to change at line 5467
00000150: 32 30 31 32 2e 63 72 79 70 74 6f 70 72 6f 2e 72 00000150: 32 30 31 32 2e 63 72 79 70 74 6f 70 72 6f 2e 72
00000160: 75 2f 43 65 72 74 45 6e 72 6f 6c 6c 2f 21 30 34 00000160: 75 2f 43 65 72 74 45 6e 72 6f 6c 6c 2f 21 30 34
00000170: 32 32 21 30 34 33 35 21 30 34 34 31 21 30 34 34 00000170: 32 32 21 30 34 33 35 21 30 34 34 31 21 30 34 34
00000180: 32 21 30 34 33 65 21 30 34 33 32 21 30 34 34 62 00000180: 32 21 30 34 33 65 21 30 34 33 32 21 30 34 34 62
00000190: 21 30 34 33 39 25 32 30 21 30 34 32 33 21 30 34 00000190: 21 30 34 33 39 25 32 30 21 30 34 32 33 21 30 34
000001A0: 32 36 25 32 30 21 30 34 31 65 21 30 34 31 65 21 000001A0: 32 36 25 32 30 21 30 34 31 65 21 30 34 31 65 21
000001B0: 30 34 31 65 25 32 30 21 30 30 32 32 21 30 34 31 000001B0: 30 34 31 65 25 32 30 21 30 30 32 32 21 30 34 31
000001C0: 61 21 30 34 32 30 21 30 34 31 38 21 30 34 31 66 000001C0: 61 21 30 34 32 30 21 30 34 31 38 21 30 34 31 66
000001D0: 21 30 34 32 32 21 30 34 31 65 2d 21 30 34 31 66 000001D0: 21 30 34 32 32 21 30 34 31 65 2d 21 30 34 31 66
000001E0: 21 30 34 32 30 21 30 34 31 65 21 00 000001E0: 21 30 34 32 30 21 30 34 31 65 21 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-11.28" derivedCounter="(50)">
Encrypts plaintext using K3i as K_msg, resulted in ciphertext (fragment 2) <t indent="0" pn="section-appendix.a.2.1-11.28.1">
<sourcecode type="test-vectors"> Encrypts plaintext using K3i as K_msg, resulting in ciphertext (fragment 2)
<![CDATA[ </t>
<sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-11.28.2">
00000000: 3c b1 b4 aa 04 56 27 1b 45 04 f7 70 1b 17 16 16 00000000: 3c b1 b4 aa 04 56 27 1b 45 04 f7 70 1b 17 16 16
00000010: 85 16 ee b3 88 7d 08 64 2d 24 b8 1d 7e ac c9 72 00000010: 85 16 ee b3 88 7d 08 64 2d 24 b8 1d 7e ac c9 72
00000020: 73 07 d3 d9 ef 5d 08 8b 47 97 5a 98 53 00 ec 13 00000020: 73 07 d3 d9 ef 5d 08 8b 47 97 5a 98 53 00 ec 13
00000030: cc 5a 46 7b 16 a2 14 6a f1 ea 17 71 9b 75 1d 46 00000030: cc 5a 46 7b 16 a2 14 6a f1 ea 17 71 9b 75 1d 46
00000040: 9d 6d 8c 3a a2 b2 75 c5 c9 4c 16 56 73 03 16 40 00000040: 9d 6d 8c 3a a2 b2 75 c5 c9 4c 16 56 73 03 16 40
00000050: 42 fe a2 5a cc c7 ed 37 91 b1 eb e5 56 2a 01 bc 00000050: 42 fe a2 5a cc c7 ed 37 91 b1 eb e5 56 2a 01 bc
00000060: a2 83 ac 05 f1 a7 56 e5 f2 bb f4 18 7f 05 82 14 00000060: a2 83 ac 05 f1 a7 56 e5 f2 bb f4 18 7f 05 82 14
00000070: 70 de af 44 d4 cc a9 0a 95 6d c1 96 11 3d cf e1 00000070: 70 de af 44 d4 cc a9 0a 95 6d c1 96 11 3d cf e1
00000080: aa 27 f1 87 60 d2 32 c1 1e 91 bf 60 00 5f d3 fb 00000080: aa 27 f1 87 60 d2 32 c1 1e 91 bf 60 00 5f d3 fb
00000090: a4 55 2e f0 0b 08 14 ed a3 63 54 4c b8 7b 5c 71 00000090: a4 55 2e f0 0b 08 14 ed a3 63 54 4c b8 7b 5c 71
skipping to change at line 5224 skipping to change at line 5505
00000150: b8 1d c5 19 b5 55 cc 8e f0 8d 6e 93 36 10 cd e3 00000150: b8 1d c5 19 b5 55 cc 8e f0 8d 6e 93 36 10 cd e3
00000160: c8 a5 a6 2e 90 53 fa 92 64 16 6c 4f da 9b e5 f8 00000160: c8 a5 a6 2e 90 53 fa 92 64 16 6c 4f da 9b e5 f8
00000170: 91 c5 ea b4 60 64 db ed d5 bc fc 3a 73 62 ce b2 00000170: 91 c5 ea b4 60 64 db ed d5 bc fc 3a 73 62 ce b2
00000180: ff 7a 15 95 0d 77 00 ee 5c a8 c5 89 2f 39 13 59 00000180: ff 7a 15 95 0d 77 00 ee 5c a8 c5 89 2f 39 13 59
00000190: dd 52 ea 11 ae 28 82 36 be aa 29 68 4c f6 63 d5 00000190: dd 52 ea 11 ae 28 82 36 be aa 29 68 4c f6 63 d5
000001A0: 93 a5 54 3d 8f 13 26 0a 87 34 b9 81 1c 2c cd d5 000001A0: 93 a5 54 3d 8f 13 26 0a 87 34 b9 81 1c 2c cd d5
000001B0: 79 3a 65 6d 1c 6e 32 be b0 77 b7 b3 e4 ae b8 72 000001B0: 79 3a 65 6d 1c 6e 32 be b0 77 b7 b3 e4 ae b8 72
000001C0: f9 44 59 e9 14 46 67 56 93 ca 70 d1 ac 25 05 62 000001C0: f9 44 59 e9 14 46 67 56 93 ca 70 d1 ac 25 05 62
000001D0: f7 55 c2 9e 2e 11 a7 29 01 24 77 4a 6f 1c ba f6 000001D0: f7 55 c2 9e 2e 11 a7 29 01 24 77 4a 6f 1c ba f6
000001E0: 4a 4f 83 75 29 1e c7 a9 68 29 02 d0 000001E0: 4a 4f 83 75 29 1e c7 a9 68 29 02 d0
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-11.29" derivedCounter="(51)">
<t indent="0" pn="section-appendix.a.2.1-11.29.1">
Computes ICV using K3i as K_msg (fragment 2) Computes ICV using K3i as K_msg (fragment 2)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-11.29.2">
00000000: b4 68 c7 4d eb dd bd 92 00000000: b4 68 c7 4d eb dd bd 92
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-11.30" derivedCounter="(52)">
<t indent="0" pn="section-appendix.a.2.1-11.30.1">
Composes IV (fragment 2) Composes IV (fragment 2)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-11.30.2">
00000000: 00 00 00 00 00 00 00 01 00000000: 00 00 00 00 00 00 00 01
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-11.31" derivedCounter="(53)">
<t indent="0" pn="section-appendix.a.2.1-11.31.1">
Composes MGM nonce (fragment 3) Composes MGM nonce (fragment 3)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-11.31.2">
00000000: 00 00 00 02 b4 e1 3e 23 00000000: 00 00 00 02 b4 e1 3e 23
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-11.32" derivedCounter="(54)">
<t indent="0" pn="section-appendix.a.2.1-11.32.1">
Composes AAD (fragment 3) Composes AAD (fragment 3)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-11.32.2">
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e 00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 35 20 23 08 00 00 00 01 00 00 02 20 00 00 02 04 00000010: 35 20 23 08 00 00 00 01 00 00 02 20 00 00 02 04
00000020: 00 03 00 04 00000020: 00 03 00 04
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-11.33" derivedCounter="(55)">
<t indent="0" pn="section-appendix.a.2.1-11.33.1">
Composes plaintext (fragment 3) Composes plaintext (fragment 3)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-11.33.2">
00000000: 30 30 32 32 28 31 29 2e 63 72 6c 86 3f 68 74 74 00000000: 30 30 32 32 28 31 29 2e 63 72 6c 86 3f 68 74 74
00000010: 70 3a 2f 2f 74 65 73 74 67 6f 73 74 32 30 31 32 00000010: 70 3a 2f 2f 74 65 73 74 67 6f 73 74 32 30 31 32
00000020: 2e 63 72 79 70 74 6f 70 72 6f 2e 72 75 2f 43 65 00000020: 2e 63 72 79 70 74 6f 70 72 6f 2e 72 75 2f 43 65
00000030: 72 74 45 6e 72 6f 6c 6c 2f 74 65 73 74 67 6f 73 00000030: 72 74 45 6e 72 6f 6c 6c 2f 74 65 73 74 67 6f 73
00000040: 74 32 30 31 32 28 31 29 2e 63 72 6c 30 81 da 06 00000040: 74 32 30 31 32 28 31 29 2e 63 72 6c 30 81 da 06
00000050: 08 2b 06 01 05 05 07 01 01 04 81 cd 30 81 ca 30 00000050: 08 2b 06 01 05 05 07 01 01 04 81 cd 30 81 ca 30
00000060: 44 06 08 2b 06 01 05 05 07 30 02 86 38 68 74 74 00000060: 44 06 08 2b 06 01 05 05 07 30 02 86 38 68 74 74
00000070: 70 3a 2f 2f 74 65 73 74 67 6f 73 74 32 30 31 32 00000070: 70 3a 2f 2f 74 65 73 74 67 6f 73 74 32 30 31 32
00000080: 2e 63 72 79 70 74 6f 70 72 6f 2e 72 75 2f 43 65 00000080: 2e 63 72 79 70 74 6f 70 72 6f 2e 72 75 2f 43 65
00000090: 72 74 45 6e 72 6f 6c 6c 2f 72 6f 6f 74 32 30 31 00000090: 72 74 45 6e 72 6f 6c 6c 2f 72 6f 6f 74 32 30 31
skipping to change at line 5296 skipping to change at line 5577
00000150: bc 79 a6 e2 f7 c1 06 bd d5 d6 ff 72 a5 6c f2 c0 00000150: bc 79 a6 e2 f7 c1 06 bd d5 d6 ff 72 a5 6c f2 c0
00000160: c3 75 e9 ca 67 81 c1 93 96 b4 bd 18 12 4c 37 f7 00000160: c3 75 e9 ca 67 81 c1 93 96 b4 bd 18 12 4c 37 f7
00000170: d9 73 d6 4c 8a a6 c4 0a 24 00 00 19 04 5e 9e 50 00000170: d9 73 d6 4c 8a a6 c4 0a 24 00 00 19 04 5e 9e 50
00000180: 5f 58 b0 a5 7a 33 45 83 49 66 0f 1c 3c 7a 67 71 00000180: 5f 58 b0 a5 7a 33 45 83 49 66 0f 1c 3c 7a 67 71
00000190: 98 27 00 00 4e 09 00 00 00 30 44 31 20 30 1e 06 00000190: 98 27 00 00 4e 09 00 00 00 30 44 31 20 30 1e 06
000001A0: 03 55 04 03 13 17 49 4b 45 20 49 6e 74 65 72 6f 000001A0: 03 55 04 03 13 17 49 4b 45 20 49 6e 74 65 72 6f
000001B0: 70 20 54 65 73 74 20 53 65 72 76 65 72 31 13 30 000001B0: 70 20 54 65 73 74 20 53 65 72 76 65 72 31 13 30
000001C0: 11 06 03 55 04 0a 13 0a 45 4c 56 49 53 2d 50 4c 000001C0: 11 06 03 55 04 0a 13 0a 45 4c 56 49 53 2d 50 4c
000001D0: 55 53 31 0b 30 09 06 03 55 04 06 13 02 52 55 29 000001D0: 55 53 31 0b 30 09 06 03 55 04 06 13 02 52 55 29
000001E0: 00 00 95 0e 00 00 00 0c 30 0a 06 00 000001E0: 00 00 95 0e 00 00 00 0c 30 0a 06 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-11.34" derivedCounter="(56)">
Encrypts plaintext using K3i as K_msg, resulted in ciphertext (fragment 3) <t indent="0" pn="section-appendix.a.2.1-11.34.1">
<sourcecode type="test-vectors"> Encrypts plaintext using K3i as K_msg, resulting in ciphertext (fragment 3)
<![CDATA[ </t>
<sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-11.34.2">
00000000: e7 72 d9 51 90 b1 a2 bc 81 8d d6 56 bf 7a 81 e0 00000000: e7 72 d9 51 90 b1 a2 bc 81 8d d6 56 bf 7a 81 e0
00000010: 1a a1 70 8b 35 a0 7e 5f e8 df 58 3d 75 5d d2 4c 00000010: 1a a1 70 8b 35 a0 7e 5f e8 df 58 3d 75 5d d2 4c
00000020: 4c ce 17 77 3f 28 9c ca 7a a4 23 23 f0 c7 ff ff 00000020: 4c ce 17 77 3f 28 9c ca 7a a4 23 23 f0 c7 ff ff
00000030: 98 ee e3 1a 27 39 4d 90 1a b7 5b 44 11 16 11 3a 00000030: 98 ee e3 1a 27 39 4d 90 1a b7 5b 44 11 16 11 3a
00000040: ea bf 83 66 da 92 2a 3a 3d bd b5 40 c8 bc f6 ed 00000040: ea bf 83 66 da 92 2a 3a 3d bd b5 40 c8 bc f6 ed
00000050: cb 1d 5a 8e 30 f0 06 72 dc 6c da c1 45 7b e8 25 00000050: cb 1d 5a 8e 30 f0 06 72 dc 6c da c1 45 7b e8 25
00000060: ca 93 2a b2 fe 4a db 00 90 e3 31 78 26 8d ae c8 00000060: ca 93 2a b2 fe 4a db 00 90 e3 31 78 26 8d ae c8
00000070: 39 66 80 7d e5 01 5f 21 d6 c3 40 46 19 e4 43 9d 00000070: 39 66 80 7d e5 01 5f 21 d6 c3 40 46 19 e4 43 9d
00000080: 23 c6 c1 18 06 49 bd f5 dc 8c 1b 19 b0 60 0c a3 00000080: 23 c6 c1 18 06 49 bd f5 dc 8c 1b 19 b0 60 0c a3
00000090: ad f5 5c 57 e8 8e 37 e6 ea b6 79 11 b8 f1 16 ba 00000090: ad f5 5c 57 e8 8e 37 e6 ea b6 79 11 b8 f1 16 ba
skipping to change at line 5334 skipping to change at line 5615
00000150: 89 62 9b 77 2b 1e 38 01 df fc 1f 81 2d 95 8b 9e 00000150: 89 62 9b 77 2b 1e 38 01 df fc 1f 81 2d 95 8b 9e
00000160: 1d 1e ad 9c c0 0d fc 77 6e 35 13 16 26 28 1a 29 00000160: 1d 1e ad 9c c0 0d fc 77 6e 35 13 16 26 28 1a 29
00000170: 19 7f f8 08 5a 0f 09 4f 6f ba 7f 4c 5b cd 0c c2 00000170: 19 7f f8 08 5a 0f 09 4f 6f ba 7f 4c 5b cd 0c c2
00000180: 71 ab ea 82 a2 d2 d1 1b 17 fd dc c3 54 03 85 14 00000180: 71 ab ea 82 a2 d2 d1 1b 17 fd dc c3 54 03 85 14
00000190: f4 90 47 2e 67 d7 93 c3 67 7e 8a f7 43 1a b3 41 00000190: f4 90 47 2e 67 d7 93 c3 67 7e 8a f7 43 1a b3 41
000001A0: 32 f7 b0 58 38 6e 24 c8 96 d9 94 d3 54 89 2d 61 000001A0: 32 f7 b0 58 38 6e 24 c8 96 d9 94 d3 54 89 2d 61
000001B0: 10 a9 9c 22 51 52 02 c9 b7 8d cc 5b 28 6d cb 55 000001B0: 10 a9 9c 22 51 52 02 c9 b7 8d cc 5b 28 6d cb 55
000001C0: 5d 2f 97 8a 8f 3f 27 56 73 eb ec 5d e4 64 91 49 000001C0: 5d 2f 97 8a 8f 3f 27 56 73 eb ec 5d e4 64 91 49
000001D0: 3b 88 f2 0a fc ed a5 67 a9 e3 71 ef 31 ce a0 33 000001D0: 3b 88 f2 0a fc ed a5 67 a9 e3 71 ef 31 ce a0 33
000001E0: fc d8 ea 4d 1e 3f dc 89 c8 89 e2 c3 000001E0: fc d8 ea 4d 1e 3f dc 89 c8 89 e2 c3
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-11.35" derivedCounter="(57)">
<t indent="0" pn="section-appendix.a.2.1-11.35.1">
Computes ICV using K3i as K_msg (fragment 3) Computes ICV using K3i as K_msg (fragment 3)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-11.35.2">
00000000: 54 4f 9b aa dd af bd ca 00000000: 54 4f 9b aa dd af bd ca
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-11.36" derivedCounter="(58)">
<t indent="0" pn="section-appendix.a.2.1-11.36.1">
Composes IV (fragment 3) Composes IV (fragment 3)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-11.36.2">
00000000: 00 00 00 00 00 00 00 02 00000000: 00 00 00 00 00 00 00 02
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-11.37" derivedCounter="(59)">
<t indent="0" pn="section-appendix.a.2.1-11.37.1">
Composes MGM nonce (fragment 4) Composes MGM nonce (fragment 4)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-11.37.2">
00000000: 00 00 00 03 b4 e1 3e 23 00000000: 00 00 00 03 b4 e1 3e 23
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-11.38" derivedCounter="(60)">
<t indent="0" pn="section-appendix.a.2.1-11.38.1">
Composes AAD (fragment 4) Composes AAD (fragment 4)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-11.38.2">
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e 00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 35 20 23 08 00 00 00 01 00 00 01 7a 00 00 01 5e 00000010: 35 20 23 08 00 00 00 01 00 00 01 7a 00 00 01 5e
00000020: 00 04 00 04 00000020: 00 04 00 04
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-11.39" derivedCounter="(61)">
<t indent="0" pn="section-appendix.a.2.1-11.39.1">
Composes plaintext (fragment 4) Composes plaintext (fragment 4)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-11.39.2">
00000000: 08 2a 85 03 07 01 01 03 03 6a 3e 59 0d 72 1e 55 00000000: 08 2a 85 03 07 01 01 03 03 6a 3e 59 0d 72 1e 55
00000010: a3 c0 d1 2f 8a 9b 4e 44 10 58 59 bd 62 9e e7 12 00000010: a3 c0 d1 2f 8a 9b 4e 44 10 58 59 bd 62 9e e7 12
00000020: 31 e5 7d 01 53 f3 84 40 dd ac 73 ed 09 3a 10 d9 00000020: 31 e5 7d 01 53 f3 84 40 dd ac 73 ed 09 3a 10 d9
00000030: 6e 7f eb 80 6c 11 9e 91 f3 7c 3c b0 55 f7 4b ec 00000030: 6e 7f eb 80 6c 11 9e 91 f3 7c 3c b0 55 f7 4b ec
00000040: 0e 78 36 10 95 02 09 86 b3 27 04 2a 83 3c 89 36 00000040: 0e 78 36 10 95 02 09 86 b3 27 04 2a 83 3c 89 36
00000050: 1b 73 cf 7b c9 e0 df a2 07 12 1e 69 52 4d 89 1b 00000050: 1b 73 cf 7b c9 e0 df a2 07 12 1e 69 52 4d 89 1b
00000060: de 6e 48 d1 34 fa 21 78 22 88 2e 30 86 c0 80 0a 00000060: de 6e 48 d1 34 fa 21 78 22 88 2e 30 86 c0 80 0a
00000070: 2d 74 af 08 ff 35 75 a5 79 e3 85 40 22 6b a8 42 00000070: 2d 74 af 08 ff 35 75 a5 79 e3 85 40 22 6b a8 42
00000080: f6 72 24 bf 29 87 58 a8 20 29 00 00 08 00 00 40 00000080: f6 72 24 bf 29 87 58 a8 20 29 00 00 08 00 00 40
00000090: 00 2f 00 00 0c 00 00 40 01 00 00 00 04 21 00 00 00000090: 00 2f 00 00 0c 00 00 40 01 00 00 00 04 21 00 00
skipping to change at line 5396 skipping to change at line 5677
000000B0: 38 00 00 00 34 01 03 04 05 6c 0c a5 70 03 00 00 000000B0: 38 00 00 00 34 01 03 04 05 6c 0c a5 70 03 00 00
000000C0: 08 01 00 00 20 03 00 00 08 01 00 00 21 03 00 00 000000C0: 08 01 00 00 20 03 00 00 08 01 00 00 21 03 00 00
000000D0: 08 01 00 00 22 03 00 00 08 01 00 00 23 00 00 00 000000D0: 08 01 00 00 22 03 00 00 08 01 00 00 23 00 00 00
000000E0: 08 05 00 00 00 2d 00 00 28 02 00 00 00 07 01 00 000000E0: 08 05 00 00 00 2d 00 00 28 02 00 00 00 07 01 00
000000F0: 10 08 00 08 00 0a 6f 0a ab 0a 6f 0a ab 07 00 00 000000F0: 10 08 00 08 00 0a 6f 0a ab 0a 6f 0a ab 07 00 00
00000100: 10 00 00 ff ff 00 00 00 00 ff ff ff ff 29 00 00 00000100: 10 00 00 ff ff 00 00 00 00 ff ff ff ff 29 00 00
00000110: 28 02 00 00 00 07 01 00 10 08 00 08 00 0a 00 00 00000110: 28 02 00 00 00 07 01 00 10 08 00 08 00 0a 00 00
00000120: 02 0a 00 00 02 07 00 00 10 00 00 ff ff 0a 00 00 00000120: 02 0a 00 00 02 07 00 00 10 00 00 ff ff 0a 00 00
00000130: 00 0a 00 00 ff 29 00 00 08 00 00 40 0a 00 00 00 00000130: 00 0a 00 00 ff 29 00 00 08 00 00 40 0a 00 00 00
00000140: 08 00 00 40 0b 00 00000140: 08 00 00 40 0b 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-11.40" derivedCounter="(62)">
Encrypts plaintext using K3i as K_msg, resulted in ciphertext (fragment 4) <t indent="0" pn="section-appendix.a.2.1-11.40.1">
<sourcecode type="test-vectors"> Encrypts plaintext using K3i as K_msg, resulting in ciphertext (fragment 4)
<![CDATA[ </t>
<sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-11.40.2">
00000000: e0 8a 0b 04 ee f8 47 c2 52 96 71 9f 9d 39 0c 91 00000000: e0 8a 0b 04 ee f8 47 c2 52 96 71 9f 9d 39 0c 91
00000010: ea 6a 16 7c 80 31 a0 fd 76 cc c4 f1 8f 1a d3 be 00000010: ea 6a 16 7c 80 31 a0 fd 76 cc c4 f1 8f 1a d3 be
00000020: fa 78 6b df c1 c6 73 83 be 36 69 c4 8a 87 ed 11 00000020: fa 78 6b df c1 c6 73 83 be 36 69 c4 8a 87 ed 11
00000030: 90 31 a8 fd f9 0a 5c e4 d4 23 c9 e6 b3 96 ac b6 00000030: 90 31 a8 fd f9 0a 5c e4 d4 23 c9 e6 b3 96 ac b6
00000040: 8e bd fc 27 58 79 9f cc 8b ac 6b 59 e4 70 4b 05 00000040: 8e bd fc 27 58 79 9f cc 8b ac 6b 59 e4 70 4b 05
00000050: 23 16 ed 49 25 f3 de 02 2e ce ae 86 e8 b4 ca b4 00000050: 23 16 ed 49 25 f3 de 02 2e ce ae 86 e8 b4 ca b4
00000060: 96 ad 5b f6 2b c2 47 33 6f da f3 97 3c 13 ed 1f 00000060: 96 ad 5b f6 2b c2 47 33 6f da f3 97 3c 13 ed 1f
00000070: 7a da 93 b5 69 6a b5 10 93 38 75 ea b7 34 a3 87 00000070: 7a da 93 b5 69 6a b5 10 93 38 75 ea b7 34 a3 87
00000080: b6 83 c7 da 8a a1 d9 2a 0b 22 e2 ab 63 2b 57 2b 00000080: b6 83 c7 da 8a a1 d9 2a 0b 22 e2 ab 63 2b 57 2b
00000090: 88 e3 ea be 7b fc dc 26 ac b8 bb 15 96 f9 c2 f4 00000090: 88 e3 ea be 7b fc dc 26 ac b8 bb 15 96 f9 c2 f4
skipping to change at line 5424 skipping to change at line 5705
000000B0: b4 4d 94 7f f3 16 28 9a d2 bd 26 77 4b a5 85 56 000000B0: b4 4d 94 7f f3 16 28 9a d2 bd 26 77 4b a5 85 56
000000C0: b1 81 8b 9c c3 0a 7f 67 fe 6a 61 15 f1 45 66 f3 000000C0: b1 81 8b 9c c3 0a 7f 67 fe 6a 61 15 f1 45 66 f3
000000D0: 36 fc a5 bb 1f d7 6d e7 1d 9f 3f b5 cc 60 19 48 000000D0: 36 fc a5 bb 1f d7 6d e7 1d 9f 3f b5 cc 60 19 48
000000E0: 17 f7 08 28 1c 58 9f 2b 7a 0b b9 50 bd 02 ea b8 000000E0: 17 f7 08 28 1c 58 9f 2b 7a 0b b9 50 bd 02 ea b8
000000F0: 1e 03 1f 52 6a 7a fc e5 b4 6b 00 cf 0d 83 1f d2 000000F0: 1e 03 1f 52 6a 7a fc e5 b4 6b 00 cf 0d 83 1f d2
00000100: 3f f2 ad 43 d4 86 6e c1 88 d2 87 d6 1f ac a3 30 00000100: 3f f2 ad 43 d4 86 6e c1 88 d2 87 d6 1f ac a3 30
00000110: 7b c1 5b 6a 3d 4c 20 72 5d 2c ca bf 87 a2 ce 1d 00000110: 7b c1 5b 6a 3d 4c 20 72 5d 2c ca bf 87 a2 ce 1d
00000120: b3 fa c7 7c 22 cd 66 fc be 49 22 32 17 ee 6e 5e 00000120: b3 fa c7 7c 22 cd 66 fc be 49 22 32 17 ee 6e 5e
00000130: 62 c1 ca 12 2b 5d 3d 7b ae b5 3e 53 c5 98 05 1f 00000130: 62 c1 ca 12 2b 5d 3d 7b ae b5 3e 53 c5 98 05 1f
00000140: 42 53 49 d1 2c c2 00000140: 42 53 49 d1 2c c2
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-11.41" derivedCounter="(63)">
<t indent="0" pn="section-appendix.a.2.1-11.41.1">
Computes ICV using K3i as K_msg (fragment 4) Computes ICV using K3i as K_msg (fragment 4)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-11.41.2">
00000000: d2 25 f1 d0 38 65 b7 b6 00000000: d2 25 f1 d0 38 65 b7 b6
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-11.42" derivedCounter="(64)">
<t indent="0" pn="section-appendix.a.2.1-11.42.1">
Composes IV (fragment 4) Composes IV (fragment 4)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-11.42.2">
00000000: 00 00 00 00 00 00 00 03 00000000: 00 00 00 00 00 00 00 03
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-11.43" derivedCounter="(65)">
Sends message fragment (1) <t indent="0" pn="section-appendix.a.2.1-11.43.1">
, peer receives message fragment (1) Sends message fragment (1), peer receives message fragment (1)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
10.111.10.171:54295->10.111.15.45:4500 [548] ix.a.2.1-11.43.2">
10.111.10.171:54295-&gt;10.111.15.45:4500 [548]
00000000: 00 00 00 00 92 80 e0 82 2e 75 87 78 db 57 8d 97 00000000: 00 00 00 00 92 80 e0 82 2e 75 87 78 db 57 8d 97
00000010: de 11 9d 1e 35 20 23 08 00 00 00 01 00 00 02 20 00000010: de 11 9d 1e 35 20 23 08 00 00 00 01 00 00 02 20
00000020: 23 00 02 04 00 01 00 04 00 00 00 00 00 00 00 00 00000020: 23 00 02 04 00 01 00 04 00 00 00 00 00 00 00 00
00000030: 03 45 60 11 15 25 f5 45 bb 0e f4 25 26 e2 14 8c 00000030: 03 45 60 11 15 25 f5 45 bb 0e f4 25 26 e2 14 8c
00000040: a7 01 82 f6 9c 6e 42 f1 a3 9b 9e ac a6 dd 0d 9c 00000040: a7 01 82 f6 9c 6e 42 f1 a3 9b 9e ac a6 dd 0d 9c
00000050: ff 79 15 ed b9 0c 81 a0 b4 29 61 fb 55 1b c1 73 00000050: ff 79 15 ed b9 0c 81 a0 b4 29 61 fb 55 1b c1 73
00000060: 4d de 1f b2 5f 1f cb 84 5d 12 24 85 52 c4 f2 1d 00000060: 4d de 1f b2 5f 1f cb 84 5d 12 24 85 52 c4 f2 1d
00000070: 01 a7 92 ad 55 4d 90 d0 58 d2 1a 5e f6 dc 4e 73 00000070: 01 a7 92 ad 55 4d 90 d0 58 d2 1a 5e f6 dc 4e 73
00000080: d4 9b 08 66 d7 64 de 10 e6 75 69 20 e3 7b 6c f0 00000080: d4 9b 08 66 d7 64 de 10 e6 75 69 20 e3 7b 6c f0
skipping to change at line 5485 skipping to change at line 5765
00000190: 69 60 44 02 2c ec 7a 86 74 fe 1d 9b 08 5e b8 5e 00000190: 69 60 44 02 2c ec 7a 86 74 fe 1d 9b 08 5e b8 5e
000001A0: f8 ca 37 20 5f a7 74 8c 12 88 f2 d8 9e d4 94 29 000001A0: f8 ca 37 20 5f a7 74 8c 12 88 f2 d8 9e d4 94 29
000001B0: c2 db f9 fb 35 a0 cf 21 2b da 8b 9e cc 52 84 eb 000001B0: c2 db f9 fb 35 a0 cf 21 2b da 8b 9e cc 52 84 eb
000001C0: c4 12 39 3e e6 18 fb f7 57 6c b5 1e 10 3d 11 9c 000001C0: c4 12 39 3e e6 18 fb f7 57 6c b5 1e 10 3d 11 9c
000001D0: 29 9c 41 73 69 d8 d0 9d 71 2b 77 66 87 65 51 19 000001D0: 29 9c 41 73 69 d8 d0 9d 71 2b 77 66 87 65 51 19
000001E0: db 27 a0 dd aa 64 ba fd c0 5f e1 4e da 7c 20 fc 000001E0: db 27 a0 dd aa 64 ba fd c0 5f e1 4e da 7c 20 fc
000001F0: 8c 13 ab 2d c2 9c 37 9d 7e 51 cb 29 03 10 52 dc 000001F0: 8c 13 ab 2d c2 9c 37 9d 7e 51 cb 29 03 10 52 dc
00000200: f8 09 61 cc 12 9a a0 8e 1b e4 52 f8 72 bd 7a 86 00000200: f8 09 61 cc 12 9a a0 8e 1b e4 52 f8 72 bd 7a 86
00000210: db 93 7c 55 b8 1e 7f 21 d4 e6 02 f2 b1 51 cd e6 00000210: db 93 7c 55 b8 1e 7f 21 d4 e6 02 f2 b1 51 cd e6
00000220: dc 64 12 1c 00000220: dc 64 12 1c
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-11.44" derivedCounter="(66)">
Sends message fragment (2) <t indent="0" pn="section-appendix.a.2.1-11.44.1">
, peer receives message fragment (2) Sends message fragment (2), peer receives message fragment (2)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
10.111.10.171:54295->10.111.15.45:4500 [548] ix.a.2.1-11.44.2">
10.111.10.171:54295-&gt;10.111.15.45:4500 [548]
00000000: 00 00 00 00 92 80 e0 82 2e 75 87 78 db 57 8d 97 00000000: 00 00 00 00 92 80 e0 82 2e 75 87 78 db 57 8d 97
00000010: de 11 9d 1e 35 20 23 08 00 00 00 01 00 00 02 20 00000010: de 11 9d 1e 35 20 23 08 00 00 00 01 00 00 02 20
00000020: 00 00 02 04 00 02 00 04 00 00 00 00 00 00 00 01 00000020: 00 00 02 04 00 02 00 04 00 00 00 00 00 00 00 01
00000030: 3c b1 b4 aa 04 56 27 1b 45 04 f7 70 1b 17 16 16 00000030: 3c b1 b4 aa 04 56 27 1b 45 04 f7 70 1b 17 16 16
00000040: 85 16 ee b3 88 7d 08 64 2d 24 b8 1d 7e ac c9 72 00000040: 85 16 ee b3 88 7d 08 64 2d 24 b8 1d 7e ac c9 72
00000050: 73 07 d3 d9 ef 5d 08 8b 47 97 5a 98 53 00 ec 13 00000050: 73 07 d3 d9 ef 5d 08 8b 47 97 5a 98 53 00 ec 13
00000060: cc 5a 46 7b 16 a2 14 6a f1 ea 17 71 9b 75 1d 46 00000060: cc 5a 46 7b 16 a2 14 6a f1 ea 17 71 9b 75 1d 46
00000070: 9d 6d 8c 3a a2 b2 75 c5 c9 4c 16 56 73 03 16 40 00000070: 9d 6d 8c 3a a2 b2 75 c5 c9 4c 16 56 73 03 16 40
00000080: 42 fe a2 5a cc c7 ed 37 91 b1 eb e5 56 2a 01 bc 00000080: 42 fe a2 5a cc c7 ed 37 91 b1 eb e5 56 2a 01 bc
skipping to change at line 5530 skipping to change at line 5809
00000190: c8 a5 a6 2e 90 53 fa 92 64 16 6c 4f da 9b e5 f8 00000190: c8 a5 a6 2e 90 53 fa 92 64 16 6c 4f da 9b e5 f8
000001A0: 91 c5 ea b4 60 64 db ed d5 bc fc 3a 73 62 ce b2 000001A0: 91 c5 ea b4 60 64 db ed d5 bc fc 3a 73 62 ce b2
000001B0: ff 7a 15 95 0d 77 00 ee 5c a8 c5 89 2f 39 13 59 000001B0: ff 7a 15 95 0d 77 00 ee 5c a8 c5 89 2f 39 13 59
000001C0: dd 52 ea 11 ae 28 82 36 be aa 29 68 4c f6 63 d5 000001C0: dd 52 ea 11 ae 28 82 36 be aa 29 68 4c f6 63 d5
000001D0: 93 a5 54 3d 8f 13 26 0a 87 34 b9 81 1c 2c cd d5 000001D0: 93 a5 54 3d 8f 13 26 0a 87 34 b9 81 1c 2c cd d5
000001E0: 79 3a 65 6d 1c 6e 32 be b0 77 b7 b3 e4 ae b8 72 000001E0: 79 3a 65 6d 1c 6e 32 be b0 77 b7 b3 e4 ae b8 72
000001F0: f9 44 59 e9 14 46 67 56 93 ca 70 d1 ac 25 05 62 000001F0: f9 44 59 e9 14 46 67 56 93 ca 70 d1 ac 25 05 62
00000200: f7 55 c2 9e 2e 11 a7 29 01 24 77 4a 6f 1c ba f6 00000200: f7 55 c2 9e 2e 11 a7 29 01 24 77 4a 6f 1c ba f6
00000210: 4a 4f 83 75 29 1e c7 a9 68 29 02 d0 b4 68 c7 4d 00000210: 4a 4f 83 75 29 1e c7 a9 68 29 02 d0 b4 68 c7 4d
00000220: eb dd bd 92 00000220: eb dd bd 92
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-11.45" derivedCounter="(67)">
Sends message fragment (3) <t indent="0" pn="section-appendix.a.2.1-11.45.1">
, peer receives message fragment (3) Sends message fragment (3), peer receives message fragment (3)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
10.111.10.171:54295->10.111.15.45:4500 [548] ix.a.2.1-11.45.2">
10.111.10.171:54295-&gt;10.111.15.45:4500 [548]
00000000: 00 00 00 00 92 80 e0 82 2e 75 87 78 db 57 8d 97 00000000: 00 00 00 00 92 80 e0 82 2e 75 87 78 db 57 8d 97
00000010: de 11 9d 1e 35 20 23 08 00 00 00 01 00 00 02 20 00000010: de 11 9d 1e 35 20 23 08 00 00 00 01 00 00 02 20
00000020: 00 00 02 04 00 03 00 04 00 00 00 00 00 00 00 02 00000020: 00 00 02 04 00 03 00 04 00 00 00 00 00 00 00 02
00000030: e7 72 d9 51 90 b1 a2 bc 81 8d d6 56 bf 7a 81 e0 00000030: e7 72 d9 51 90 b1 a2 bc 81 8d d6 56 bf 7a 81 e0
00000040: 1a a1 70 8b 35 a0 7e 5f e8 df 58 3d 75 5d d2 4c 00000040: 1a a1 70 8b 35 a0 7e 5f e8 df 58 3d 75 5d d2 4c
00000050: 4c ce 17 77 3f 28 9c ca 7a a4 23 23 f0 c7 ff ff 00000050: 4c ce 17 77 3f 28 9c ca 7a a4 23 23 f0 c7 ff ff
00000060: 98 ee e3 1a 27 39 4d 90 1a b7 5b 44 11 16 11 3a 00000060: 98 ee e3 1a 27 39 4d 90 1a b7 5b 44 11 16 11 3a
00000070: ea bf 83 66 da 92 2a 3a 3d bd b5 40 c8 bc f6 ed 00000070: ea bf 83 66 da 92 2a 3a 3d bd b5 40 c8 bc f6 ed
00000080: cb 1d 5a 8e 30 f0 06 72 dc 6c da c1 45 7b e8 25 00000080: cb 1d 5a 8e 30 f0 06 72 dc 6c da c1 45 7b e8 25
skipping to change at line 5575 skipping to change at line 5853
00000190: 1d 1e ad 9c c0 0d fc 77 6e 35 13 16 26 28 1a 29 00000190: 1d 1e ad 9c c0 0d fc 77 6e 35 13 16 26 28 1a 29
000001A0: 19 7f f8 08 5a 0f 09 4f 6f ba 7f 4c 5b cd 0c c2 000001A0: 19 7f f8 08 5a 0f 09 4f 6f ba 7f 4c 5b cd 0c c2
000001B0: 71 ab ea 82 a2 d2 d1 1b 17 fd dc c3 54 03 85 14 000001B0: 71 ab ea 82 a2 d2 d1 1b 17 fd dc c3 54 03 85 14
000001C0: f4 90 47 2e 67 d7 93 c3 67 7e 8a f7 43 1a b3 41 000001C0: f4 90 47 2e 67 d7 93 c3 67 7e 8a f7 43 1a b3 41
000001D0: 32 f7 b0 58 38 6e 24 c8 96 d9 94 d3 54 89 2d 61 000001D0: 32 f7 b0 58 38 6e 24 c8 96 d9 94 d3 54 89 2d 61
000001E0: 10 a9 9c 22 51 52 02 c9 b7 8d cc 5b 28 6d cb 55 000001E0: 10 a9 9c 22 51 52 02 c9 b7 8d cc 5b 28 6d cb 55
000001F0: 5d 2f 97 8a 8f 3f 27 56 73 eb ec 5d e4 64 91 49 000001F0: 5d 2f 97 8a 8f 3f 27 56 73 eb ec 5d e4 64 91 49
00000200: 3b 88 f2 0a fc ed a5 67 a9 e3 71 ef 31 ce a0 33 00000200: 3b 88 f2 0a fc ed a5 67 a9 e3 71 ef 31 ce a0 33
00000210: fc d8 ea 4d 1e 3f dc 89 c8 89 e2 c3 54 4f 9b aa 00000210: fc d8 ea 4d 1e 3f dc 89 c8 89 e2 c3 54 4f 9b aa
00000220: dd af bd ca 00000220: dd af bd ca
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-11.46" derivedCounter="(68)">
Sends message fragment (4) <t indent="0" pn="section-appendix.a.2.1-11.46.1">
, peer receives message fragment (4) Sends message fragment (4), peer receives message fragment (4)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
10.111.10.171:54295->10.111.15.45:4500 [382] ix.a.2.1-11.46.2">
10.111.10.171:54295-&gt;10.111.15.45:4500 [382]
00000000: 00 00 00 00 92 80 e0 82 2e 75 87 78 db 57 8d 97 00000000: 00 00 00 00 92 80 e0 82 2e 75 87 78 db 57 8d 97
00000010: de 11 9d 1e 35 20 23 08 00 00 00 01 00 00 01 7a 00000010: de 11 9d 1e 35 20 23 08 00 00 00 01 00 00 01 7a
00000020: 00 00 01 5e 00 04 00 04 00 00 00 00 00 00 00 03 00000020: 00 00 01 5e 00 04 00 04 00 00 00 00 00 00 00 03
00000030: e0 8a 0b 04 ee f8 47 c2 52 96 71 9f 9d 39 0c 91 00000030: e0 8a 0b 04 ee f8 47 c2 52 96 71 9f 9d 39 0c 91
00000040: ea 6a 16 7c 80 31 a0 fd 76 cc c4 f1 8f 1a d3 be 00000040: ea 6a 16 7c 80 31 a0 fd 76 cc c4 f1 8f 1a d3 be
00000050: fa 78 6b df c1 c6 73 83 be 36 69 c4 8a 87 ed 11 00000050: fa 78 6b df c1 c6 73 83 be 36 69 c4 8a 87 ed 11
00000060: 90 31 a8 fd f9 0a 5c e4 d4 23 c9 e6 b3 96 ac b6 00000060: 90 31 a8 fd f9 0a 5c e4 d4 23 c9 e6 b3 96 ac b6
00000070: 8e bd fc 27 58 79 9f cc 8b ac 6b 59 e4 70 4b 05 00000070: 8e bd fc 27 58 79 9f cc 8b ac 6b 59 e4 70 4b 05
00000080: 23 16 ed 49 25 f3 de 02 2e ce ae 86 e8 b4 ca b4 00000080: 23 16 ed 49 25 f3 de 02 2e ce ae 86 e8 b4 ca b4
skipping to change at line 5609 skipping to change at line 5886
000000E0: b4 4d 94 7f f3 16 28 9a d2 bd 26 77 4b a5 85 56 000000E0: b4 4d 94 7f f3 16 28 9a d2 bd 26 77 4b a5 85 56
000000F0: b1 81 8b 9c c3 0a 7f 67 fe 6a 61 15 f1 45 66 f3 000000F0: b1 81 8b 9c c3 0a 7f 67 fe 6a 61 15 f1 45 66 f3
00000100: 36 fc a5 bb 1f d7 6d e7 1d 9f 3f b5 cc 60 19 48 00000100: 36 fc a5 bb 1f d7 6d e7 1d 9f 3f b5 cc 60 19 48
00000110: 17 f7 08 28 1c 58 9f 2b 7a 0b b9 50 bd 02 ea b8 00000110: 17 f7 08 28 1c 58 9f 2b 7a 0b b9 50 bd 02 ea b8
00000120: 1e 03 1f 52 6a 7a fc e5 b4 6b 00 cf 0d 83 1f d2 00000120: 1e 03 1f 52 6a 7a fc e5 b4 6b 00 cf 0d 83 1f d2
00000130: 3f f2 ad 43 d4 86 6e c1 88 d2 87 d6 1f ac a3 30 00000130: 3f f2 ad 43 d4 86 6e c1 88 d2 87 d6 1f ac a3 30
00000140: 7b c1 5b 6a 3d 4c 20 72 5d 2c ca bf 87 a2 ce 1d 00000140: 7b c1 5b 6a 3d 4c 20 72 5d 2c ca bf 87 a2 ce 1d
00000150: b3 fa c7 7c 22 cd 66 fc be 49 22 32 17 ee 6e 5e 00000150: b3 fa c7 7c 22 cd 66 fc be 49 22 32 17 ee 6e 5e
00000160: 62 c1 ca 12 2b 5d 3d 7b ae b5 3e 53 c5 98 05 1f 00000160: 62 c1 ca 12 2b 5d 3d 7b ae b5 3e 53 c5 98 05 1f
00000170: 42 53 49 d1 2c c2 d2 25 f1 d0 38 65 b7 b6 00000170: 42 53 49 d1 2c c2 d2 25 f1 d0 38 65 b7 b6
]]>
</sourcecode> </sourcecode>
</li> </li>
</ol> </ol>
<t>Responder's actions:</t> <t indent="0" pn="section-appendix.a.2.1-12">Responder's actions:</t>
<ol type="(%d)" group="data5.txt"> <ol type="(%d)" group="data5.txt" start="69" indent="adaptive" spacing
<li> ="normal" pn="section-appendix.a.2.1-13">
<li pn="section-appendix.a.2.1-13.1" derivedCounter="(69)">
<t indent="0" pn="section-appendix.a.2.1-13.1.1">
Computes shared key Computes shared key
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.1.2">
00000000: bd 04 9d 0f 9c 5f 58 af c7 e4 01 bc 18 59 01 7c 00000000: bd 04 9d 0f 9c 5f 58 af c7 e4 01 bc 18 59 01 7c
00000010: 88 28 f9 f2 9f 33 01 5d 49 9a 7d 14 74 d4 31 ac 00000010: 88 28 f9 f2 9f 33 01 5d 49 9a 7d 14 74 d4 31 ac
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.2" derivedCounter="(70)">
<t indent="0" pn="section-appendix.a.2.1-13.2.1">
Computes SKEYSEED Computes SKEYSEED
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.2.2">
00000000: 9b ed 6c 79 64 b3 de 3a e4 9e dd 62 04 5a f0 8b 00000000: 9b ed 6c 79 64 b3 de 3a e4 9e dd 62 04 5a f0 8b
00000010: 43 88 33 d4 e6 9e 73 16 a1 1a 9e b2 b4 19 13 c5 00000010: 43 88 33 d4 e6 9e 73 16 a1 1a 9e b2 b4 19 13 c5
00000020: d0 6d fb 86 40 11 c3 02 bb e5 a3 b5 e4 4a c4 c0 00000020: d0 6d fb 86 40 11 c3 02 bb e5 a3 b5 e4 4a c4 c0
00000030: 9d 18 c6 94 de c3 c5 14 82 e7 a2 51 fe c4 98 ca 00000030: 9d 18 c6 94 de c3 c5 14 82 e7 a2 51 fe c4 98 ca
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.3" derivedCounter="(71)">
<t indent="0" pn="section-appendix.a.2.1-13.3.1">
Computes SK_d Computes SK_d
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.3.2">
00000000: c2 21 15 fd d3 99 3b 2a 43 60 c4 59 34 b0 be 3f 00000000: c2 21 15 fd d3 99 3b 2a 43 60 c4 59 34 b0 be 3f
00000010: 53 ef 6e b1 dd 88 ad 72 55 dd 83 22 5c 6f e1 d6 00000010: 53 ef 6e b1 dd 88 ad 72 55 dd 83 22 5c 6f e1 d6
00000020: 1f 1e ab 06 f9 41 cb c8 ea f9 dc fc 19 a0 2d bf 00000020: 1f 1e ab 06 f9 41 cb c8 ea f9 dc fc 19 a0 2d bf
00000030: 9a 0a 3f 3a 9a 45 1f 08 b6 a9 2c 62 52 b7 26 34 00000030: 9a 0a 3f 3a 9a 45 1f 08 b6 a9 2c 62 52 b7 26 34
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.4" derivedCounter="(72)">
<t indent="0" pn="section-appendix.a.2.1-13.4.1">
Computes SK_ei Computes SK_ei
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.4.2">
00000000: 18 4e 4e 0f 36 28 bf 3c 9c 04 8e 93 bf a0 77 53 00000000: 18 4e 4e 0f 36 28 bf 3c 9c 04 8e 93 bf a0 77 53
00000010: 91 34 12 81 42 e6 4e 62 7f db a5 ed 98 60 50 ff 00000010: 91 34 12 81 42 e6 4e 62 7f db a5 ed 98 60 50 ff
00000020: b4 e1 3e 23 00000020: b4 e1 3e 23
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.5" derivedCounter="(73)">
<t indent="0" pn="section-appendix.a.2.1-13.5.1">
Computes SK_er Computes SK_er
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.5.2">
00000000: e9 27 59 2f 09 49 68 1e 0e 62 db c6 19 06 73 13 00000000: e9 27 59 2f 09 49 68 1e 0e 62 db c6 19 06 73 13
00000010: cf da 5c 02 27 3e 4a b4 78 98 b4 86 d0 e9 34 f4 00000010: cf da 5c 02 27 3e 4a b4 78 98 b4 86 d0 e9 34 f4
00000020: a5 bb 18 2f 00000020: a5 bb 18 2f
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.6" derivedCounter="(74)">
<t indent="0" pn="section-appendix.a.2.1-13.6.1">
Computes SK_pi Computes SK_pi
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.6.2">
00000000: 30 2c 10 8d 0f 61 47 00 f1 40 4f a9 4f af b5 30 00000000: 30 2c 10 8d 0f 61 47 00 f1 40 4f a9 4f af b5 30
00000010: 11 ba 5f 24 39 32 85 12 4e 7e 71 75 50 15 a6 93 00000010: 11 ba 5f 24 39 32 85 12 4e 7e 71 75 50 15 a6 93
00000020: c3 d0 5e 40 2e 21 8e b1 59 09 cd a4 eb b4 91 68 00000020: c3 d0 5e 40 2e 21 8e b1 59 09 cd a4 eb b4 91 68
00000030: 29 42 fe e2 d8 76 8f a6 96 55 1f ab 6c 9b 00 f8 00000030: 29 42 fe e2 d8 76 8f a6 96 55 1f ab 6c 9b 00 f8
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.7" derivedCounter="(75)">
<t indent="0" pn="section-appendix.a.2.1-13.7.1">
Computes SK_pr Computes SK_pr
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.7.2">
00000000: 6f 81 72 cb 96 58 fb 0e 17 70 b6 b9 1f a9 69 a9 00000000: 6f 81 72 cb 96 58 fb 0e 17 70 b6 b9 1f a9 69 a9
00000010: fc c7 27 4f b4 e1 85 90 a0 c7 9f f9 72 11 61 2a 00000010: fc c7 27 4f b4 e1 85 90 a0 c7 9f f9 72 11 61 2a
00000020: 35 b7 b7 96 d3 6a bb a5 aa b1 b8 34 8d 99 c6 f3 00000020: 35 b7 b7 96 d3 6a bb a5 aa b1 b8 34 8d 99 c6 f3
00000030: 2b fc 32 56 c1 94 71 04 55 bd 89 6a bf c3 8b fe 00000030: 2b fc 32 56 c1 94 71 04 55 bd 89 6a bf c3 8b fe
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.8" derivedCounter="(76)">
<t indent="0" pn="section-appendix.a.2.1-13.8.1">
Extracts IV from message (fragment 1) Extracts IV from message (fragment 1)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.8.2">
00000000: 00 00 00 00 00 00 00 00 00000000: 00 00 00 00 00 00 00 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.9" derivedCounter="(77)">
<t indent="0" pn="section-appendix.a.2.1-13.9.1">
Computes K1i (i1 = 0) Computes K1i (i1 = 0)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.9.2">
00000000: 3c 57 d7 c8 9f 50 98 fc 86 81 d6 8a 4e 5d 83 c6 00000000: 3c 57 d7 c8 9f 50 98 fc 86 81 d6 8a 4e 5d 83 c6
00000010: 1e 42 e6 e7 60 67 05 8d f5 2e 10 13 12 15 32 58 00000010: 1e 42 e6 e7 60 67 05 8d f5 2e 10 13 12 15 32 58
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.10" derivedCounter="(78)">
<t indent="0" pn="section-appendix.a.2.1-13.10.1">
Computes K2i (i2 = 0) Computes K2i (i2 = 0)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.10.2">
00000000: 0b 88 0a 1b c8 3e 61 79 82 08 db 13 31 08 63 3c 00000000: 0b 88 0a 1b c8 3e 61 79 82 08 db 13 31 08 63 3c
00000010: 17 62 17 cb 7d 18 ce 70 37 84 85 f4 89 49 d0 06 00000010: 17 62 17 cb 7d 18 ce 70 37 84 85 f4 89 49 d0 06
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.11" derivedCounter="(79)">
<t indent="0" pn="section-appendix.a.2.1-13.11.1">
Computes K3i (i3 = 0) Computes K3i (i3 = 0)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.11.2">
00000000: 18 63 41 67 49 6e cf 48 56 71 4d aa 42 63 5c 11 00000000: 18 63 41 67 49 6e cf 48 56 71 4d aa 42 63 5c 11
00000010: 2e 26 5b e2 7b c7 53 a4 09 82 e5 5a 7e f4 65 4d 00000010: 2e 26 5b e2 7b c7 53 a4 09 82 e5 5a 7e f4 65 4d
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.12" derivedCounter="(80)">
<t indent="0" pn="section-appendix.a.2.1-13.12.1">
Composes MGM nonce (fragment 1) Composes MGM nonce (fragment 1)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.12.2">
00000000: 00 00 00 00 b4 e1 3e 23 00000000: 00 00 00 00 b4 e1 3e 23
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.13" derivedCounter="(81)">
<t indent="0" pn="section-appendix.a.2.1-13.13.1">
Extracts ICV from message (fragment 1) Extracts ICV from message (fragment 1)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.13.2">
00000000: b1 51 cd e6 dc 64 12 1c 00000000: b1 51 cd e6 dc 64 12 1c
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.14" derivedCounter="(82)">
<t indent="0" pn="section-appendix.a.2.1-13.14.1">
Extracts AAD from message (fragment 1) Extracts AAD from message (fragment 1)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.14.2">
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e 00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 35 20 23 08 00 00 00 01 00 00 02 20 23 00 02 04 00000010: 35 20 23 08 00 00 00 01 00 00 02 20 23 00 02 04
00000020: 00 01 00 04 00000020: 00 01 00 04
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.15" derivedCounter="(83)">
<t indent="0" pn="section-appendix.a.2.1-13.15.1">
Extracts ciphertext from message (fragment 1) Extracts ciphertext from message (fragment 1)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.15.2">
00000000: 03 45 60 11 15 25 f5 45 bb 0e f4 25 26 e2 14 8c 00000000: 03 45 60 11 15 25 f5 45 bb 0e f4 25 26 e2 14 8c
00000010: a7 01 82 f6 9c 6e 42 f1 a3 9b 9e ac a6 dd 0d 9c 00000010: a7 01 82 f6 9c 6e 42 f1 a3 9b 9e ac a6 dd 0d 9c
00000020: ff 79 15 ed b9 0c 81 a0 b4 29 61 fb 55 1b c1 73 00000020: ff 79 15 ed b9 0c 81 a0 b4 29 61 fb 55 1b c1 73
00000030: 4d de 1f b2 5f 1f cb 84 5d 12 24 85 52 c4 f2 1d 00000030: 4d de 1f b2 5f 1f cb 84 5d 12 24 85 52 c4 f2 1d
00000040: 01 a7 92 ad 55 4d 90 d0 58 d2 1a 5e f6 dc 4e 73 00000040: 01 a7 92 ad 55 4d 90 d0 58 d2 1a 5e f6 dc 4e 73
00000050: d4 9b 08 66 d7 64 de 10 e6 75 69 20 e3 7b 6c f0 00000050: d4 9b 08 66 d7 64 de 10 e6 75 69 20 e3 7b 6c f0
00000060: 4b 8b ff 60 39 f1 19 31 72 dd c1 09 33 5b 1d 56 00000060: 4b 8b ff 60 39 f1 19 31 72 dd c1 09 33 5b 1d 56
00000070: ee 0c 1c 42 d7 f3 04 d3 5b 9a 6e cf 7f b3 1f ac 00000070: ee 0c 1c 42 d7 f3 04 d3 5b 9a 6e cf 7f b3 1f ac
00000080: 34 a6 ee e0 ac 87 b8 88 99 75 a6 ae dc b5 30 38 00000080: 34 a6 ee e0 ac 87 b8 88 99 75 a6 ae dc b5 30 38
00000090: eb 3d 48 fd cc 69 64 f8 c6 61 ce e9 e1 24 ba aa 00000090: eb 3d 48 fd cc 69 64 f8 c6 61 ce e9 e1 24 ba aa
skipping to change at line 5784 skipping to change at line 6061
00000150: e1 98 3a b2 fb a8 fd 21 96 8a bf 3a 65 47 8a e9 00000150: e1 98 3a b2 fb a8 fd 21 96 8a bf 3a 65 47 8a e9
00000160: 69 60 44 02 2c ec 7a 86 74 fe 1d 9b 08 5e b8 5e 00000160: 69 60 44 02 2c ec 7a 86 74 fe 1d 9b 08 5e b8 5e
00000170: f8 ca 37 20 5f a7 74 8c 12 88 f2 d8 9e d4 94 29 00000170: f8 ca 37 20 5f a7 74 8c 12 88 f2 d8 9e d4 94 29
00000180: c2 db f9 fb 35 a0 cf 21 2b da 8b 9e cc 52 84 eb 00000180: c2 db f9 fb 35 a0 cf 21 2b da 8b 9e cc 52 84 eb
00000190: c4 12 39 3e e6 18 fb f7 57 6c b5 1e 10 3d 11 9c 00000190: c4 12 39 3e e6 18 fb f7 57 6c b5 1e 10 3d 11 9c
000001A0: 29 9c 41 73 69 d8 d0 9d 71 2b 77 66 87 65 51 19 000001A0: 29 9c 41 73 69 d8 d0 9d 71 2b 77 66 87 65 51 19
000001B0: db 27 a0 dd aa 64 ba fd c0 5f e1 4e da 7c 20 fc 000001B0: db 27 a0 dd aa 64 ba fd c0 5f e1 4e da 7c 20 fc
000001C0: 8c 13 ab 2d c2 9c 37 9d 7e 51 cb 29 03 10 52 dc 000001C0: 8c 13 ab 2d c2 9c 37 9d 7e 51 cb 29 03 10 52 dc
000001D0: f8 09 61 cc 12 9a a0 8e 1b e4 52 f8 72 bd 7a 86 000001D0: f8 09 61 cc 12 9a a0 8e 1b e4 52 f8 72 bd 7a 86
000001E0: db 93 7c 55 b8 1e 7f 21 d4 e6 02 f2 000001E0: db 93 7c 55 b8 1e 7f 21 d4 e6 02 f2
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.16" derivedCounter="(84)">
Decrypts ciphertext and verifies ICV using K3i as K_msg, resulted in plaintext ( <t indent="0" pn="section-appendix.a.2.1-13.16.1">
fragment 1) Decrypts ciphertext and verifies ICV using K3i as K_msg, resulting in plaintext
<sourcecode type="test-vectors"> (fragment 1)
<![CDATA[ </t>
<sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.16.2">
00000000: 25 00 00 4e 09 00 00 00 30 44 31 20 30 1e 06 03 00000000: 25 00 00 4e 09 00 00 00 30 44 31 20 30 1e 06 03
00000010: 55 04 03 13 17 49 4b 45 20 49 6e 74 65 72 6f 70 00000010: 55 04 03 13 17 49 4b 45 20 49 6e 74 65 72 6f 70
00000020: 20 54 65 73 74 20 43 6c 69 65 6e 74 31 13 30 11 00000020: 20 54 65 73 74 20 43 6c 69 65 6e 74 31 13 30 11
00000030: 06 03 55 04 0a 13 0a 45 4c 56 49 53 2d 50 4c 55 00000030: 06 03 55 04 0a 13 0a 45 4c 56 49 53 2d 50 4c 55
00000040: 53 31 0b 30 09 06 03 55 04 06 13 02 52 55 26 00 00000040: 53 31 0b 30 09 06 03 55 04 06 13 02 52 55 26 00
00000050: 05 00 04 30 82 04 f7 30 82 04 a4 a0 03 02 01 02 00000050: 05 00 04 30 82 04 f7 30 82 04 a4 a0 03 02 01 02
00000060: 02 13 7c 00 03 da a8 9e 1e ff 9e 79 05 fb bb 00 00000060: 02 13 7c 00 03 da a8 9e 1e ff 9e 79 05 fb bb 00
00000070: 01 00 03 da a8 30 0a 06 08 2a 85 03 07 01 01 03 00000070: 01 00 03 da a8 30 0a 06 08 2a 85 03 07 01 01 03
00000080: 02 30 82 01 0a 31 18 30 16 06 05 2a 85 03 64 01 00000080: 02 30 82 01 0a 31 18 30 16 06 05 2a 85 03 64 01
00000090: 12 0d 31 32 33 34 35 36 37 38 39 30 31 32 33 31 00000090: 12 0d 31 32 33 34 35 36 37 38 39 30 31 32 33 31
skipping to change at line 5822 skipping to change at line 6099
00000150: 9e 22 31 3b 30 39 06 03 55 04 03 0c 32 d0 a2 d0 00000150: 9e 22 31 3b 30 39 06 03 55 04 03 0c 32 d0 a2 d0
00000160: b5 d1 81 d1 82 d0 be d0 b2 d1 8b d0 b9 20 d0 a3 00000160: b5 d1 81 d1 82 d0 be d0 b2 d1 8b d0 b9 20 d0 a3
00000170: d0 a6 20 d0 9e d0 9e d0 9e 20 22 d0 9a d0 a0 d0 00000170: d0 a6 20 d0 9e d0 9e d0 9e 20 22 d0 9a d0 a0 d0
00000180: 98 d0 9f d0 a2 d0 9e 2d d0 9f d0 a0 d0 9e 22 30 00000180: 98 d0 9f d0 a2 d0 9e 2d d0 9f d0 a0 d0 9e 22 30
00000190: 1e 17 0d 32 31 31 30 30 31 30 36 31 30 31 30 5a 00000190: 1e 17 0d 32 31 31 30 30 31 30 36 31 30 31 30 5a
000001A0: 17 0d 32 32 30 31 30 31 30 36 32 30 31 30 5a 30 000001A0: 17 0d 32 32 30 31 30 31 30 36 32 30 31 30 5a 30
000001B0: 44 31 20 30 1e 06 03 55 04 03 13 17 49 4b 45 20 000001B0: 44 31 20 30 1e 06 03 55 04 03 13 17 49 4b 45 20
000001C0: 49 6e 74 65 72 6f 70 20 54 65 73 74 20 43 6c 69 000001C0: 49 6e 74 65 72 6f 70 20 54 65 73 74 20 43 6c 69
000001D0: 65 6e 74 31 13 30 11 06 03 55 04 0a 13 0a 45 4c 000001D0: 65 6e 74 31 13 30 11 06 03 55 04 0a 13 0a 45 4c
000001E0: 56 49 53 2d 50 4c 55 53 31 0b 30 00 000001E0: 56 49 53 2d 50 4c 55 53 31 0b 30 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.17" derivedCounter="(85)">
<t indent="0" pn="section-appendix.a.2.1-13.17.1">
Extracts IV from message (fragment 2) Extracts IV from message (fragment 2)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.17.2">
00000000: 00 00 00 00 00 00 00 01 00000000: 00 00 00 00 00 00 00 01
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.18" derivedCounter="(86)">
<t indent="0" pn="section-appendix.a.2.1-13.18.1">
Uses previously computed key K3i Uses previously computed key K3i
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.18.2">
00000000: 18 63 41 67 49 6e cf 48 56 71 4d aa 42 63 5c 11 00000000: 18 63 41 67 49 6e cf 48 56 71 4d aa 42 63 5c 11
00000010: 2e 26 5b e2 7b c7 53 a4 09 82 e5 5a 7e f4 65 4d 00000010: 2e 26 5b e2 7b c7 53 a4 09 82 e5 5a 7e f4 65 4d
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.19" derivedCounter="(87)">
<t indent="0" pn="section-appendix.a.2.1-13.19.1">
Composes MGM nonce (fragment 2) Composes MGM nonce (fragment 2)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.19.2">
00000000: 00 00 00 01 b4 e1 3e 23 00000000: 00 00 00 01 b4 e1 3e 23
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.20" derivedCounter="(88)">
<t indent="0" pn="section-appendix.a.2.1-13.20.1">
Extracts ICV from message (fragment 2) Extracts ICV from message (fragment 2)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.20.2">
00000000: b4 68 c7 4d eb dd bd 92 00000000: b4 68 c7 4d eb dd bd 92
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.21" derivedCounter="(89)">
<t indent="0" pn="section-appendix.a.2.1-13.21.1">
Extracts AAD from message (fragment 2) Extracts AAD from message (fragment 2)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.21.2">
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e 00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 35 20 23 08 00 00 00 01 00 00 02 20 00 00 02 04 00000010: 35 20 23 08 00 00 00 01 00 00 02 20 00 00 02 04
00000020: 00 02 00 04 00000020: 00 02 00 04
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.22" derivedCounter="(90)">
<t indent="0" pn="section-appendix.a.2.1-13.22.1">
Extracts ciphertext from message (fragment 2) Extracts ciphertext from message (fragment 2)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.22.2">
00000000: 3c b1 b4 aa 04 56 27 1b 45 04 f7 70 1b 17 16 16 00000000: 3c b1 b4 aa 04 56 27 1b 45 04 f7 70 1b 17 16 16
00000010: 85 16 ee b3 88 7d 08 64 2d 24 b8 1d 7e ac c9 72 00000010: 85 16 ee b3 88 7d 08 64 2d 24 b8 1d 7e ac c9 72
00000020: 73 07 d3 d9 ef 5d 08 8b 47 97 5a 98 53 00 ec 13 00000020: 73 07 d3 d9 ef 5d 08 8b 47 97 5a 98 53 00 ec 13
00000030: cc 5a 46 7b 16 a2 14 6a f1 ea 17 71 9b 75 1d 46 00000030: cc 5a 46 7b 16 a2 14 6a f1 ea 17 71 9b 75 1d 46
00000040: 9d 6d 8c 3a a2 b2 75 c5 c9 4c 16 56 73 03 16 40 00000040: 9d 6d 8c 3a a2 b2 75 c5 c9 4c 16 56 73 03 16 40
00000050: 42 fe a2 5a cc c7 ed 37 91 b1 eb e5 56 2a 01 bc 00000050: 42 fe a2 5a cc c7 ed 37 91 b1 eb e5 56 2a 01 bc
00000060: a2 83 ac 05 f1 a7 56 e5 f2 bb f4 18 7f 05 82 14 00000060: a2 83 ac 05 f1 a7 56 e5 f2 bb f4 18 7f 05 82 14
00000070: 70 de af 44 d4 cc a9 0a 95 6d c1 96 11 3d cf e1 00000070: 70 de af 44 d4 cc a9 0a 95 6d c1 96 11 3d cf e1
00000080: aa 27 f1 87 60 d2 32 c1 1e 91 bf 60 00 5f d3 fb 00000080: aa 27 f1 87 60 d2 32 c1 1e 91 bf 60 00 5f d3 fb
00000090: a4 55 2e f0 0b 08 14 ed a3 63 54 4c b8 7b 5c 71 00000090: a4 55 2e f0 0b 08 14 ed a3 63 54 4c b8 7b 5c 71
skipping to change at line 5903 skipping to change at line 6180
00000150: b8 1d c5 19 b5 55 cc 8e f0 8d 6e 93 36 10 cd e3 00000150: b8 1d c5 19 b5 55 cc 8e f0 8d 6e 93 36 10 cd e3
00000160: c8 a5 a6 2e 90 53 fa 92 64 16 6c 4f da 9b e5 f8 00000160: c8 a5 a6 2e 90 53 fa 92 64 16 6c 4f da 9b e5 f8
00000170: 91 c5 ea b4 60 64 db ed d5 bc fc 3a 73 62 ce b2 00000170: 91 c5 ea b4 60 64 db ed d5 bc fc 3a 73 62 ce b2
00000180: ff 7a 15 95 0d 77 00 ee 5c a8 c5 89 2f 39 13 59 00000180: ff 7a 15 95 0d 77 00 ee 5c a8 c5 89 2f 39 13 59
00000190: dd 52 ea 11 ae 28 82 36 be aa 29 68 4c f6 63 d5 00000190: dd 52 ea 11 ae 28 82 36 be aa 29 68 4c f6 63 d5
000001A0: 93 a5 54 3d 8f 13 26 0a 87 34 b9 81 1c 2c cd d5 000001A0: 93 a5 54 3d 8f 13 26 0a 87 34 b9 81 1c 2c cd d5
000001B0: 79 3a 65 6d 1c 6e 32 be b0 77 b7 b3 e4 ae b8 72 000001B0: 79 3a 65 6d 1c 6e 32 be b0 77 b7 b3 e4 ae b8 72
000001C0: f9 44 59 e9 14 46 67 56 93 ca 70 d1 ac 25 05 62 000001C0: f9 44 59 e9 14 46 67 56 93 ca 70 d1 ac 25 05 62
000001D0: f7 55 c2 9e 2e 11 a7 29 01 24 77 4a 6f 1c ba f6 000001D0: f7 55 c2 9e 2e 11 a7 29 01 24 77 4a 6f 1c ba f6
000001E0: 4a 4f 83 75 29 1e c7 a9 68 29 02 d0 000001E0: 4a 4f 83 75 29 1e c7 a9 68 29 02 d0
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.23" derivedCounter="(91)">
Decrypts ciphertext and verifies ICV using K3i as K_msg, resulted in plaintext ( <t indent="0" pn="section-appendix.a.2.1-13.23.1">
fragment 2) Decrypts ciphertext and verifies ICV using K3i as K_msg, resulting in plaintext
<sourcecode type="test-vectors"> (fragment 2)
<![CDATA[ </t>
<sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.23.2">
00000000: 09 06 03 55 04 06 13 02 52 55 30 81 aa 30 21 06 00000000: 09 06 03 55 04 06 13 02 52 55 30 81 aa 30 21 06
00000010: 08 2a 85 03 07 01 01 01 02 30 15 06 09 2a 85 03 00000010: 08 2a 85 03 07 01 01 01 02 30 15 06 09 2a 85 03
00000020: 07 01 02 01 02 01 06 08 2a 85 03 07 01 01 02 03 00000020: 07 01 02 01 02 01 06 08 2a 85 03 07 01 01 02 03
00000030: 03 81 84 00 04 81 80 ee 2f 0a 0e 09 1e 7e 04 ef 00000030: 03 81 84 00 04 81 80 ee 2f 0a 0e 09 1e 7e 04 ef
00000040: ba 5b 62 a2 52 86 e1 9c 24 50 30 50 b0 b4 8a 37 00000040: ba 5b 62 a2 52 86 e1 9c 24 50 30 50 b0 b4 8a 37
00000050: 35 b5 fc af 28 94 ec b5 9b 92 41 5b 69 e2 c9 ba 00000050: 35 b5 fc af 28 94 ec b5 9b 92 41 5b 69 e2 c9 ba
00000060: 24 de 6a 72 c4 ef 44 bb 89 a1 05 14 1b 87 3d 6a 00000060: 24 de 6a 72 c4 ef 44 bb 89 a1 05 14 1b 87 3d 6a
00000070: a3 72 3e 17 ca 7f 39 28 ce 16 8b dd 07 52 87 6a 00000070: a3 72 3e 17 ca 7f 39 28 ce 16 8b dd 07 52 87 6a
00000080: 0d 77 42 6d 99 2b 46 2c fd 4b b2 7c d7 c7 17 08 00000080: 0d 77 42 6d 99 2b 46 2c fd 4b b2 7c d7 c7 17 08
00000090: 12 54 63 47 9d 14 3d 61 ed f2 95 ab 11 80 69 02 00000090: 12 54 63 47 9d 14 3d 61 ed f2 95 ab 11 80 69 02
skipping to change at line 5941 skipping to change at line 6218
00000150: 32 30 31 32 2e 63 72 79 70 74 6f 70 72 6f 2e 72 00000150: 32 30 31 32 2e 63 72 79 70 74 6f 70 72 6f 2e 72
00000160: 75 2f 43 65 72 74 45 6e 72 6f 6c 6c 2f 21 30 34 00000160: 75 2f 43 65 72 74 45 6e 72 6f 6c 6c 2f 21 30 34
00000170: 32 32 21 30 34 33 35 21 30 34 34 31 21 30 34 34 00000170: 32 32 21 30 34 33 35 21 30 34 34 31 21 30 34 34
00000180: 32 21 30 34 33 65 21 30 34 33 32 21 30 34 34 62 00000180: 32 21 30 34 33 65 21 30 34 33 32 21 30 34 34 62
00000190: 21 30 34 33 39 25 32 30 21 30 34 32 33 21 30 34 00000190: 21 30 34 33 39 25 32 30 21 30 34 32 33 21 30 34
000001A0: 32 36 25 32 30 21 30 34 31 65 21 30 34 31 65 21 000001A0: 32 36 25 32 30 21 30 34 31 65 21 30 34 31 65 21
000001B0: 30 34 31 65 25 32 30 21 30 30 32 32 21 30 34 31 000001B0: 30 34 31 65 25 32 30 21 30 30 32 32 21 30 34 31
000001C0: 61 21 30 34 32 30 21 30 34 31 38 21 30 34 31 66 000001C0: 61 21 30 34 32 30 21 30 34 31 38 21 30 34 31 66
000001D0: 21 30 34 32 32 21 30 34 31 65 2d 21 30 34 31 66 000001D0: 21 30 34 32 32 21 30 34 31 65 2d 21 30 34 31 66
000001E0: 21 30 34 32 30 21 30 34 31 65 21 00 000001E0: 21 30 34 32 30 21 30 34 31 65 21 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.24" derivedCounter="(92)">
<t indent="0" pn="section-appendix.a.2.1-13.24.1">
Extracts IV from message (fragment 3) Extracts IV from message (fragment 3)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.24.2">
00000000: 00 00 00 00 00 00 00 02 00000000: 00 00 00 00 00 00 00 02
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.25" derivedCounter="(93)">
<t indent="0" pn="section-appendix.a.2.1-13.25.1">
Uses previously computed key K3i Uses previously computed key K3i
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.25.2">
00000000: 18 63 41 67 49 6e cf 48 56 71 4d aa 42 63 5c 11 00000000: 18 63 41 67 49 6e cf 48 56 71 4d aa 42 63 5c 11
00000010: 2e 26 5b e2 7b c7 53 a4 09 82 e5 5a 7e f4 65 4d 00000010: 2e 26 5b e2 7b c7 53 a4 09 82 e5 5a 7e f4 65 4d
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.26" derivedCounter="(94)">
<t indent="0" pn="section-appendix.a.2.1-13.26.1">
Composes MGM nonce (fragment 3) Composes MGM nonce (fragment 3)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.26.2">
00000000: 00 00 00 02 b4 e1 3e 23 00000000: 00 00 00 02 b4 e1 3e 23
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.27" derivedCounter="(95)">
<t indent="0" pn="section-appendix.a.2.1-13.27.1">
Extracts ICV from message (fragment 3) Extracts ICV from message (fragment 3)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.27.2">
00000000: 54 4f 9b aa dd af bd ca 00000000: 54 4f 9b aa dd af bd ca
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.28" derivedCounter="(96)">
<t indent="0" pn="section-appendix.a.2.1-13.28.1">
Extracts AAD from message (fragment 3) Extracts AAD from message (fragment 3)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.28.2">
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e 00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 35 20 23 08 00 00 00 01 00 00 02 20 00 00 02 04 00000010: 35 20 23 08 00 00 00 01 00 00 02 20 00 00 02 04
00000020: 00 03 00 04 00000020: 00 03 00 04
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.29" derivedCounter="(97)">
<t indent="0" pn="section-appendix.a.2.1-13.29.1">
Extracts ciphertext from message (fragment 3) Extracts ciphertext from message (fragment 3)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.29.2">
00000000: e7 72 d9 51 90 b1 a2 bc 81 8d d6 56 bf 7a 81 e0 00000000: e7 72 d9 51 90 b1 a2 bc 81 8d d6 56 bf 7a 81 e0
00000010: 1a a1 70 8b 35 a0 7e 5f e8 df 58 3d 75 5d d2 4c 00000010: 1a a1 70 8b 35 a0 7e 5f e8 df 58 3d 75 5d d2 4c
00000020: 4c ce 17 77 3f 28 9c ca 7a a4 23 23 f0 c7 ff ff 00000020: 4c ce 17 77 3f 28 9c ca 7a a4 23 23 f0 c7 ff ff
00000030: 98 ee e3 1a 27 39 4d 90 1a b7 5b 44 11 16 11 3a 00000030: 98 ee e3 1a 27 39 4d 90 1a b7 5b 44 11 16 11 3a
00000040: ea bf 83 66 da 92 2a 3a 3d bd b5 40 c8 bc f6 ed 00000040: ea bf 83 66 da 92 2a 3a 3d bd b5 40 c8 bc f6 ed
00000050: cb 1d 5a 8e 30 f0 06 72 dc 6c da c1 45 7b e8 25 00000050: cb 1d 5a 8e 30 f0 06 72 dc 6c da c1 45 7b e8 25
00000060: ca 93 2a b2 fe 4a db 00 90 e3 31 78 26 8d ae c8 00000060: ca 93 2a b2 fe 4a db 00 90 e3 31 78 26 8d ae c8
00000070: 39 66 80 7d e5 01 5f 21 d6 c3 40 46 19 e4 43 9d 00000070: 39 66 80 7d e5 01 5f 21 d6 c3 40 46 19 e4 43 9d
00000080: 23 c6 c1 18 06 49 bd f5 dc 8c 1b 19 b0 60 0c a3 00000080: 23 c6 c1 18 06 49 bd f5 dc 8c 1b 19 b0 60 0c a3
00000090: ad f5 5c 57 e8 8e 37 e6 ea b6 79 11 b8 f1 16 ba 00000090: ad f5 5c 57 e8 8e 37 e6 ea b6 79 11 b8 f1 16 ba
skipping to change at line 6022 skipping to change at line 6299
00000150: 89 62 9b 77 2b 1e 38 01 df fc 1f 81 2d 95 8b 9e 00000150: 89 62 9b 77 2b 1e 38 01 df fc 1f 81 2d 95 8b 9e
00000160: 1d 1e ad 9c c0 0d fc 77 6e 35 13 16 26 28 1a 29 00000160: 1d 1e ad 9c c0 0d fc 77 6e 35 13 16 26 28 1a 29
00000170: 19 7f f8 08 5a 0f 09 4f 6f ba 7f 4c 5b cd 0c c2 00000170: 19 7f f8 08 5a 0f 09 4f 6f ba 7f 4c 5b cd 0c c2
00000180: 71 ab ea 82 a2 d2 d1 1b 17 fd dc c3 54 03 85 14 00000180: 71 ab ea 82 a2 d2 d1 1b 17 fd dc c3 54 03 85 14
00000190: f4 90 47 2e 67 d7 93 c3 67 7e 8a f7 43 1a b3 41 00000190: f4 90 47 2e 67 d7 93 c3 67 7e 8a f7 43 1a b3 41
000001A0: 32 f7 b0 58 38 6e 24 c8 96 d9 94 d3 54 89 2d 61 000001A0: 32 f7 b0 58 38 6e 24 c8 96 d9 94 d3 54 89 2d 61
000001B0: 10 a9 9c 22 51 52 02 c9 b7 8d cc 5b 28 6d cb 55 000001B0: 10 a9 9c 22 51 52 02 c9 b7 8d cc 5b 28 6d cb 55
000001C0: 5d 2f 97 8a 8f 3f 27 56 73 eb ec 5d e4 64 91 49 000001C0: 5d 2f 97 8a 8f 3f 27 56 73 eb ec 5d e4 64 91 49
000001D0: 3b 88 f2 0a fc ed a5 67 a9 e3 71 ef 31 ce a0 33 000001D0: 3b 88 f2 0a fc ed a5 67 a9 e3 71 ef 31 ce a0 33
000001E0: fc d8 ea 4d 1e 3f dc 89 c8 89 e2 c3 000001E0: fc d8 ea 4d 1e 3f dc 89 c8 89 e2 c3
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.30" derivedCounter="(98)">
Decrypts ciphertext and verifies ICV using K3i as K_msg, resulted in plaintext ( <t indent="0" pn="section-appendix.a.2.1-13.30.1">
fragment 3) Decrypts ciphertext and verifies ICV using K3i as K_msg, resulting in plaintext
<sourcecode type="test-vectors"> (fragment 3)
<![CDATA[ </t>
<sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.30.2">
00000000: 30 30 32 32 28 31 29 2e 63 72 6c 86 3f 68 74 74 00000000: 30 30 32 32 28 31 29 2e 63 72 6c 86 3f 68 74 74
00000010: 70 3a 2f 2f 74 65 73 74 67 6f 73 74 32 30 31 32 00000010: 70 3a 2f 2f 74 65 73 74 67 6f 73 74 32 30 31 32
00000020: 2e 63 72 79 70 74 6f 70 72 6f 2e 72 75 2f 43 65 00000020: 2e 63 72 79 70 74 6f 70 72 6f 2e 72 75 2f 43 65
00000030: 72 74 45 6e 72 6f 6c 6c 2f 74 65 73 74 67 6f 73 00000030: 72 74 45 6e 72 6f 6c 6c 2f 74 65 73 74 67 6f 73
00000040: 74 32 30 31 32 28 31 29 2e 63 72 6c 30 81 da 06 00000040: 74 32 30 31 32 28 31 29 2e 63 72 6c 30 81 da 06
00000050: 08 2b 06 01 05 05 07 01 01 04 81 cd 30 81 ca 30 00000050: 08 2b 06 01 05 05 07 01 01 04 81 cd 30 81 ca 30
00000060: 44 06 08 2b 06 01 05 05 07 30 02 86 38 68 74 74 00000060: 44 06 08 2b 06 01 05 05 07 30 02 86 38 68 74 74
00000070: 70 3a 2f 2f 74 65 73 74 67 6f 73 74 32 30 31 32 00000070: 70 3a 2f 2f 74 65 73 74 67 6f 73 74 32 30 31 32
00000080: 2e 63 72 79 70 74 6f 70 72 6f 2e 72 75 2f 43 65 00000080: 2e 63 72 79 70 74 6f 70 72 6f 2e 72 75 2f 43 65
00000090: 72 74 45 6e 72 6f 6c 6c 2f 72 6f 6f 74 32 30 31 00000090: 72 74 45 6e 72 6f 6c 6c 2f 72 6f 6f 74 32 30 31
skipping to change at line 6060 skipping to change at line 6337
00000150: bc 79 a6 e2 f7 c1 06 bd d5 d6 ff 72 a5 6c f2 c0 00000150: bc 79 a6 e2 f7 c1 06 bd d5 d6 ff 72 a5 6c f2 c0
00000160: c3 75 e9 ca 67 81 c1 93 96 b4 bd 18 12 4c 37 f7 00000160: c3 75 e9 ca 67 81 c1 93 96 b4 bd 18 12 4c 37 f7
00000170: d9 73 d6 4c 8a a6 c4 0a 24 00 00 19 04 5e 9e 50 00000170: d9 73 d6 4c 8a a6 c4 0a 24 00 00 19 04 5e 9e 50
00000180: 5f 58 b0 a5 7a 33 45 83 49 66 0f 1c 3c 7a 67 71 00000180: 5f 58 b0 a5 7a 33 45 83 49 66 0f 1c 3c 7a 67 71
00000190: 98 27 00 00 4e 09 00 00 00 30 44 31 20 30 1e 06 00000190: 98 27 00 00 4e 09 00 00 00 30 44 31 20 30 1e 06
000001A0: 03 55 04 03 13 17 49 4b 45 20 49 6e 74 65 72 6f 000001A0: 03 55 04 03 13 17 49 4b 45 20 49 6e 74 65 72 6f
000001B0: 70 20 54 65 73 74 20 53 65 72 76 65 72 31 13 30 000001B0: 70 20 54 65 73 74 20 53 65 72 76 65 72 31 13 30
000001C0: 11 06 03 55 04 0a 13 0a 45 4c 56 49 53 2d 50 4c 000001C0: 11 06 03 55 04 0a 13 0a 45 4c 56 49 53 2d 50 4c
000001D0: 55 53 31 0b 30 09 06 03 55 04 06 13 02 52 55 29 000001D0: 55 53 31 0b 30 09 06 03 55 04 06 13 02 52 55 29
000001E0: 00 00 95 0e 00 00 00 0c 30 0a 06 00 000001E0: 00 00 95 0e 00 00 00 0c 30 0a 06 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.31" derivedCounter="(99)">
<t indent="0" pn="section-appendix.a.2.1-13.31.1">
Extracts IV from message (fragment 4) Extracts IV from message (fragment 4)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.31.2">
00000000: 00 00 00 00 00 00 00 03 00000000: 00 00 00 00 00 00 00 03
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.32" derivedCounter="(100)">
<t indent="0" pn="section-appendix.a.2.1-13.32.1">
Uses previously computed key K3i Uses previously computed key K3i
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.32.2">
00000000: 18 63 41 67 49 6e cf 48 56 71 4d aa 42 63 5c 11 00000000: 18 63 41 67 49 6e cf 48 56 71 4d aa 42 63 5c 11
00000010: 2e 26 5b e2 7b c7 53 a4 09 82 e5 5a 7e f4 65 4d 00000010: 2e 26 5b e2 7b c7 53 a4 09 82 e5 5a 7e f4 65 4d
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.33" derivedCounter="(101)">
<t indent="0" pn="section-appendix.a.2.1-13.33.1">
Composes MGM nonce (fragment 4) Composes MGM nonce (fragment 4)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.33.2">
00000000: 00 00 00 03 b4 e1 3e 23 00000000: 00 00 00 03 b4 e1 3e 23
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.34" derivedCounter="(102)">
<t indent="0" pn="section-appendix.a.2.1-13.34.1">
Extracts ICV from message (fragment 4) Extracts ICV from message (fragment 4)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.34.2">
00000000: d2 25 f1 d0 38 65 b7 b6 00000000: d2 25 f1 d0 38 65 b7 b6
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.35" derivedCounter="(103)">
<t indent="0" pn="section-appendix.a.2.1-13.35.1">
Extracts AAD from message (fragment 4) Extracts AAD from message (fragment 4)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.35.2">
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e 00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 35 20 23 08 00 00 00 01 00 00 01 7a 00 00 01 5e 00000010: 35 20 23 08 00 00 00 01 00 00 01 7a 00 00 01 5e
00000020: 00 04 00 04 00000020: 00 04 00 04
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.36" derivedCounter="(104)">
<t indent="0" pn="section-appendix.a.2.1-13.36.1">
Extracts ciphertext from message (fragment 4) Extracts ciphertext from message (fragment 4)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.36.2">
00000000: e0 8a 0b 04 ee f8 47 c2 52 96 71 9f 9d 39 0c 91 00000000: e0 8a 0b 04 ee f8 47 c2 52 96 71 9f 9d 39 0c 91
00000010: ea 6a 16 7c 80 31 a0 fd 76 cc c4 f1 8f 1a d3 be 00000010: ea 6a 16 7c 80 31 a0 fd 76 cc c4 f1 8f 1a d3 be
00000020: fa 78 6b df c1 c6 73 83 be 36 69 c4 8a 87 ed 11 00000020: fa 78 6b df c1 c6 73 83 be 36 69 c4 8a 87 ed 11
00000030: 90 31 a8 fd f9 0a 5c e4 d4 23 c9 e6 b3 96 ac b6 00000030: 90 31 a8 fd f9 0a 5c e4 d4 23 c9 e6 b3 96 ac b6
00000040: 8e bd fc 27 58 79 9f cc 8b ac 6b 59 e4 70 4b 05 00000040: 8e bd fc 27 58 79 9f cc 8b ac 6b 59 e4 70 4b 05
00000050: 23 16 ed 49 25 f3 de 02 2e ce ae 86 e8 b4 ca b4 00000050: 23 16 ed 49 25 f3 de 02 2e ce ae 86 e8 b4 ca b4
00000060: 96 ad 5b f6 2b c2 47 33 6f da f3 97 3c 13 ed 1f 00000060: 96 ad 5b f6 2b c2 47 33 6f da f3 97 3c 13 ed 1f
00000070: 7a da 93 b5 69 6a b5 10 93 38 75 ea b7 34 a3 87 00000070: 7a da 93 b5 69 6a b5 10 93 38 75 ea b7 34 a3 87
00000080: b6 83 c7 da 8a a1 d9 2a 0b 22 e2 ab 63 2b 57 2b 00000080: b6 83 c7 da 8a a1 d9 2a 0b 22 e2 ab 63 2b 57 2b
00000090: 88 e3 ea be 7b fc dc 26 ac b8 bb 15 96 f9 c2 f4 00000090: 88 e3 ea be 7b fc dc 26 ac b8 bb 15 96 f9 c2 f4
skipping to change at line 6131 skipping to change at line 6408
000000B0: b4 4d 94 7f f3 16 28 9a d2 bd 26 77 4b a5 85 56 000000B0: b4 4d 94 7f f3 16 28 9a d2 bd 26 77 4b a5 85 56
000000C0: b1 81 8b 9c c3 0a 7f 67 fe 6a 61 15 f1 45 66 f3 000000C0: b1 81 8b 9c c3 0a 7f 67 fe 6a 61 15 f1 45 66 f3
000000D0: 36 fc a5 bb 1f d7 6d e7 1d 9f 3f b5 cc 60 19 48 000000D0: 36 fc a5 bb 1f d7 6d e7 1d 9f 3f b5 cc 60 19 48
000000E0: 17 f7 08 28 1c 58 9f 2b 7a 0b b9 50 bd 02 ea b8 000000E0: 17 f7 08 28 1c 58 9f 2b 7a 0b b9 50 bd 02 ea b8
000000F0: 1e 03 1f 52 6a 7a fc e5 b4 6b 00 cf 0d 83 1f d2 000000F0: 1e 03 1f 52 6a 7a fc e5 b4 6b 00 cf 0d 83 1f d2
00000100: 3f f2 ad 43 d4 86 6e c1 88 d2 87 d6 1f ac a3 30 00000100: 3f f2 ad 43 d4 86 6e c1 88 d2 87 d6 1f ac a3 30
00000110: 7b c1 5b 6a 3d 4c 20 72 5d 2c ca bf 87 a2 ce 1d 00000110: 7b c1 5b 6a 3d 4c 20 72 5d 2c ca bf 87 a2 ce 1d
00000120: b3 fa c7 7c 22 cd 66 fc be 49 22 32 17 ee 6e 5e 00000120: b3 fa c7 7c 22 cd 66 fc be 49 22 32 17 ee 6e 5e
00000130: 62 c1 ca 12 2b 5d 3d 7b ae b5 3e 53 c5 98 05 1f 00000130: 62 c1 ca 12 2b 5d 3d 7b ae b5 3e 53 c5 98 05 1f
00000140: 42 53 49 d1 2c c2 00000140: 42 53 49 d1 2c c2
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.37" derivedCounter="(105)">
Decrypts ciphertext and verifies ICV using K3i as K_msg, resulted in plaintext ( <t indent="0" pn="section-appendix.a.2.1-13.37.1">
fragment 4) Decrypts ciphertext and verifies ICV using K3i as K_msg, resulting in plaintext
<sourcecode type="test-vectors"> (fragment 4)
<![CDATA[ </t>
<sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.37.2">
00000000: 08 2a 85 03 07 01 01 03 03 6a 3e 59 0d 72 1e 55 00000000: 08 2a 85 03 07 01 01 03 03 6a 3e 59 0d 72 1e 55
00000010: a3 c0 d1 2f 8a 9b 4e 44 10 58 59 bd 62 9e e7 12 00000010: a3 c0 d1 2f 8a 9b 4e 44 10 58 59 bd 62 9e e7 12
00000020: 31 e5 7d 01 53 f3 84 40 dd ac 73 ed 09 3a 10 d9 00000020: 31 e5 7d 01 53 f3 84 40 dd ac 73 ed 09 3a 10 d9
00000030: 6e 7f eb 80 6c 11 9e 91 f3 7c 3c b0 55 f7 4b ec 00000030: 6e 7f eb 80 6c 11 9e 91 f3 7c 3c b0 55 f7 4b ec
00000040: 0e 78 36 10 95 02 09 86 b3 27 04 2a 83 3c 89 36 00000040: 0e 78 36 10 95 02 09 86 b3 27 04 2a 83 3c 89 36
00000050: 1b 73 cf 7b c9 e0 df a2 07 12 1e 69 52 4d 89 1b 00000050: 1b 73 cf 7b c9 e0 df a2 07 12 1e 69 52 4d 89 1b
00000060: de 6e 48 d1 34 fa 21 78 22 88 2e 30 86 c0 80 0a 00000060: de 6e 48 d1 34 fa 21 78 22 88 2e 30 86 c0 80 0a
00000070: 2d 74 af 08 ff 35 75 a5 79 e3 85 40 22 6b a8 42 00000070: 2d 74 af 08 ff 35 75 a5 79 e3 85 40 22 6b a8 42
00000080: f6 72 24 bf 29 87 58 a8 20 29 00 00 08 00 00 40 00000080: f6 72 24 bf 29 87 58 a8 20 29 00 00 08 00 00 40
00000090: 00 2f 00 00 0c 00 00 40 01 00 00 00 04 21 00 00 00000090: 00 2f 00 00 0c 00 00 40 01 00 00 00 04 21 00 00
skipping to change at line 6159 skipping to change at line 6436
000000B0: 38 00 00 00 34 01 03 04 05 6c 0c a5 70 03 00 00 000000B0: 38 00 00 00 34 01 03 04 05 6c 0c a5 70 03 00 00
000000C0: 08 01 00 00 20 03 00 00 08 01 00 00 21 03 00 00 000000C0: 08 01 00 00 20 03 00 00 08 01 00 00 21 03 00 00
000000D0: 08 01 00 00 22 03 00 00 08 01 00 00 23 00 00 00 000000D0: 08 01 00 00 22 03 00 00 08 01 00 00 23 00 00 00
000000E0: 08 05 00 00 00 2d 00 00 28 02 00 00 00 07 01 00 000000E0: 08 05 00 00 00 2d 00 00 28 02 00 00 00 07 01 00
000000F0: 10 08 00 08 00 0a 6f 0a ab 0a 6f 0a ab 07 00 00 000000F0: 10 08 00 08 00 0a 6f 0a ab 0a 6f 0a ab 07 00 00
00000100: 10 00 00 ff ff 00 00 00 00 ff ff ff ff 29 00 00 00000100: 10 00 00 ff ff 00 00 00 00 ff ff ff ff 29 00 00
00000110: 28 02 00 00 00 07 01 00 10 08 00 08 00 0a 00 00 00000110: 28 02 00 00 00 07 01 00 10 08 00 08 00 0a 00 00
00000120: 02 0a 00 00 02 07 00 00 10 00 00 ff ff 0a 00 00 00000120: 02 0a 00 00 02 07 00 00 10 00 00 ff ff 0a 00 00
00000130: 00 0a 00 00 ff 29 00 00 08 00 00 40 0a 00 00 00 00000130: 00 0a 00 00 ff 29 00 00 08 00 00 40 0a 00 00 00
00000140: 08 00 00 40 0b 00 00000140: 08 00 00 40 0b 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.38" derivedCounter="(106)">
<t indent="0" pn="section-appendix.a.2.1-13.38.1">
Reassembles message from received fragments and parses it Reassembles message from received fragments and parses it
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.38.2">
IKE SA Auth IKE SA Auth
#9280E0822E758778.DB578D97DE119D1E.00000001 IKEv2 I->R[1847] #9280E0822E758778.DB578D97DE119D1E.00000001 IKEv2 I-&gt;R[1847]
4*EF[...]->E[1819]{ 4*EF[...]-&gt;E[1819]{
IDi[78](DN){CN=IKE Interop Test Client,O=ELVIS-PLUS,C=RU}, IDi[78](DN){CN=IKE Interop Test Client,O=ELVIS-PLUS,C=RU},
CERT[1280](X.509 Cert){308204...A6C40A}, CERT[1280](X.509 Cert){308204...A6C40A},
CERTREQ[25](X.509 Cert){5E9E50...677198}, CERTREQ[25](X.509 Cert){5E9E50...677198},
IDr[78](DN){CN=IKE Interop Test Server,O=ELVIS-PLUS,C=RU}, IDr[78](DN){CN=IKE Interop Test Server,O=ELVIS-PLUS,C=RU},
AUTH[149](Sig){id-tc26-signwithdigest-gost3410-12-512[12]: AUTH[149](Sig){id-tc26-signwithdigest-gost3410-12-512[12]:
6A3E59...58A820}, 6A3E59...58A820},
N[8](INITIAL_CONTACT), N[8](INITIAL_CONTACT),
N[12](SET_WINDOW_SIZE){4}, N[12](SET_WINDOW_SIZE){4},
CP[16](REQUEST){IP4.Address[0], IP4.DNS[0]}, CP[16](REQUEST){IP4.Address[0], IP4.DNS[0]},
SA[56]{ SA[56]{
P[52](#1:ESP:6C0CA570:5#){ P[52](#1:ESP:6C0CA570:5#){
Encryption=ENCR_KUZNYECHIK_MGM_KTREE, Encryption=ENCR_KUZNYECHIK_MGM_KTREE,
ENCR_MAGMA_MGM_KTREE, ENCR_MAGMA_MGM_KTREE,
ENCR_KUZNYECHIK_MGM_MAC_KTREE, ENCR_KUZNYECHIK_MGM_MAC_KTREE,
ENCR_MAGMA_MGM_MAC_KTREE, ENCR_MAGMA_MGM_MAC_KTREE,
ESN=Off}}, ESN=Off}},
TSi[40](2#){10.111.10.171:icmp:8.0, 0.0.0.0-255.255.255.255}, TSi[40](2#){10.111.10.171:icmp:8.0, 0.0.0.0-255.255.255.255},
TSr[40](2#){10.0.0.2:icmp:8.0, 10.0.0.0-10.0.0.255}, TSr[40](2#){10.0.0.2:icmp:8.0, 10.0.0.0-10.0.0.255},
N[8](ESP_TFC_PADDING_NOT_SUPPORTED), N[8](ESP_TFC_PADDING_NOT_SUPPORTED),
N[8](NON_FIRST_FRAGMENTS_ALSO)} N[8](NON_FIRST_FRAGMENTS_ALSO)}
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.39" derivedCounter="(107)">
<t indent="0" pn="section-appendix.a.2.1-13.39.1">
Computes prf(SK_pi, IDi) Computes prf(SK_pi, IDi)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.39.2">
00000000: ce e8 8b d1 7e 3c 83 32 eb d1 29 08 de dc 71 f4 00000000: ce e8 8b d1 7e 3c 83 32 eb d1 29 08 de dc 71 f4
00000010: 8f ba 09 b8 ca 5b 10 e2 f4 44 29 5c 97 7b 26 01 00000010: 8f ba 09 b8 ca 5b 10 e2 f4 44 29 5c 97 7b 26 01
00000020: a4 ba 83 c8 ea 40 92 0f 88 18 bd e7 e1 c9 45 cf 00000020: a4 ba 83 c8 ea 40 92 0f 88 18 bd e7 e1 c9 45 cf
00000030: ff 99 48 05 0d f4 93 a6 cd 54 46 d7 eb 7a 52 94 00000030: ff 99 48 05 0d f4 93 a6 cd 54 46 d7 eb 7a 52 94
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.40" derivedCounter="(108)">
<t indent="0" pn="section-appendix.a.2.1-13.40.1">
Uses initiator's public key Uses initiator's public key
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.40.2">
00000010: EE 2F 0A 0E 09 1E 7E 04 EF BA 5B 62 A2 52 86 E1 00000010: EE 2F 0A 0E 09 1E 7E 04 EF BA 5B 62 A2 52 86 E1
00000020: 9C 24 50 30 50 B0 B4 8A 37 35 B5 FC AF 28 94 EC 00000020: 9C 24 50 30 50 B0 B4 8A 37 35 B5 FC AF 28 94 EC
00000030: B5 9B 92 41 5B 69 E2 C9 BA 24 DE 6A 72 C4 EF 44 00000030: B5 9B 92 41 5B 69 E2 C9 BA 24 DE 6A 72 C4 EF 44
00000040: BB 89 A1 05 14 1B 87 3D 6A A3 72 3E 17 CA 7F 39 00000040: BB 89 A1 05 14 1B 87 3D 6A A3 72 3E 17 CA 7F 39
00000050: 28 CE 16 8B DD 07 52 87 6A 0D 77 42 6D 99 2B 46 00000050: 28 CE 16 8B DD 07 52 87 6A 0D 77 42 6D 99 2B 46
00000060: 2C FD 4B B2 7C D7 C7 17 08 12 54 63 47 9D 14 3D 00000060: 2C FD 4B B2 7C D7 C7 17 08 12 54 63 47 9D 14 3D
00000070: 61 ED F2 95 AB 11 80 69 02 A7 66 60 50 7E A4 53 00000070: 61 ED F2 95 AB 11 80 69 02 A7 66 60 50 7E A4 53
00000080: 6D AD 01 49 B2 16 8A 95 1D CF 1A 57 93 56 14 5E 00000080: 6D AD 01 49 B2 16 8A 95 1D CF 1A 57 93 56 14 5E
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.41" derivedCounter="(109)">
<t indent="0" pn="section-appendix.a.2.1-13.41.1">
Verifies signature from AUTH payload using algorithm id-tc26-signwithdigest-gost 3410-12-512 Verifies signature from AUTH payload using algorithm id-tc26-signwithdigest-gost 3410-12-512
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.41.2">
00000000: 6a 3e 59 0d 72 1e 55 a3 c0 d1 2f 8a 9b 4e 44 10 00000000: 6a 3e 59 0d 72 1e 55 a3 c0 d1 2f 8a 9b 4e 44 10
00000010: 58 59 bd 62 9e e7 12 31 e5 7d 01 53 f3 84 40 dd 00000010: 58 59 bd 62 9e e7 12 31 e5 7d 01 53 f3 84 40 dd
00000020: ac 73 ed 09 3a 10 d9 6e 7f eb 80 6c 11 9e 91 f3 00000020: ac 73 ed 09 3a 10 d9 6e 7f eb 80 6c 11 9e 91 f3
00000030: 7c 3c b0 55 f7 4b ec 0e 78 36 10 95 02 09 86 b3 00000030: 7c 3c b0 55 f7 4b ec 0e 78 36 10 95 02 09 86 b3
00000040: 27 04 2a 83 3c 89 36 1b 73 cf 7b c9 e0 df a2 07 00000040: 27 04 2a 83 3c 89 36 1b 73 cf 7b c9 e0 df a2 07
00000050: 12 1e 69 52 4d 89 1b de 6e 48 d1 34 fa 21 78 22 00000050: 12 1e 69 52 4d 89 1b de 6e 48 d1 34 fa 21 78 22
00000060: 88 2e 30 86 c0 80 0a 2d 74 af 08 ff 35 75 a5 79 00000060: 88 2e 30 86 c0 80 0a 2d 74 af 08 ff 35 75 a5 79
00000070: e3 85 40 22 6b a8 42 f6 72 24 bf 29 87 58 a8 20 00000070: e3 85 40 22 6b a8 42 f6 72 24 bf 29 87 58 a8 20
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.42" derivedCounter="(110)">
<t indent="0" pn="section-appendix.a.2.1-13.42.1">
Computes keys for ESP SAs Computes keys for ESP SAs
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.42.2">
00000000: 98 ab 7e db 78 03 a1 e6 c7 21 43 ee b9 7f 5f 56 00000000: 98 ab 7e db 78 03 a1 e6 c7 21 43 ee b9 7f 5f 56
00000010: 45 bb 51 cd 0b b7 09 a1 af 34 02 87 69 4d 7b a0 00000010: 45 bb 51 cd 0b b7 09 a1 af 34 02 87 69 4d 7b a0
00000020: 1d 14 a0 cc 00000020: 1d 14 a0 cc
00000000: 70 31 4d 57 94 8b 7e 5c 6f 29 d5 68 1b fd 43 2b 00000000: 70 31 4d 57 94 8b 7e 5c 6f 29 d5 68 1b fd 43 2b
00000010: 19 4e 64 6d 8f 8a 8d 1e ba 72 24 59 c7 0c de 81 00000010: 19 4e 64 6d 8f 8a 8d 1e ba 72 24 59 c7 0c de 81
00000020: e2 04 84 af 00000020: e2 04 84 af
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.43" derivedCounter="(111)">
<t indent="0" pn="section-appendix.a.2.1-13.43.1">
Computes prf(SK_pr,IDr) Computes prf(SK_pr,IDr)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.43.2">
00000000: 7d c8 6a 33 12 02 5c 21 1f ab dc 83 0b 01 a5 27 00000000: 7d c8 6a 33 12 02 5c 21 1f ab dc 83 0b 01 a5 27
00000010: 82 a2 f2 1f 64 c6 e9 5e 0e c0 4c e5 d9 11 8d 8e 00000010: 82 a2 f2 1f 64 c6 e9 5e 0e c0 4c e5 d9 11 8d 8e
00000020: b9 5c ef fa b0 a3 37 75 94 20 7c e4 60 60 ed 9d 00000020: b9 5c ef fa b0 a3 37 75 94 20 7c e4 60 60 ed 9d
00000030: fa 5e cb 7e e7 79 05 ab fb 51 1b 03 a8 2c c5 6a 00000030: fa 5e cb 7e e7 79 05 ab fb 51 1b 03 a8 2c c5 6a
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.44" derivedCounter="(112)">
<t indent="0" pn="section-appendix.a.2.1-13.44.1">
Uses private key for signing (little endian) Uses private key for signing (little endian)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.44.2">
00000000: CB 73 0C 81 6F AC 6D 81 9F 82 AE 15 A9 08 12 17 00000000: CB 73 0C 81 6F AC 6D 81 9F 82 AE 15 A9 08 12 17
00000010: D3 1B 97 64 B7 1C 34 0D D3 DD 90 1F 15 8C 9B 06 00000010: D3 1B 97 64 B7 1C 34 0D D3 DD 90 1F 15 8C 9B 06
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.45" derivedCounter="(113)">
<t indent="0" pn="section-appendix.a.2.1-13.45.1">
Uses random number for signing Uses random number for signing
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.45.2">
00000000: 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 00000000: 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02
00000010: 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 00000010: 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.46" derivedCounter="(114)">
<t indent="0" pn="section-appendix.a.2.1-13.46.1">
Computes signature using algorithm id-tc26-signwithdigest-gost3410-12-256 Computes signature using algorithm id-tc26-signwithdigest-gost3410-12-256
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.46.2">
00000000: c8 40 af f7 46 6f 7b eb d2 b9 1c 5a 80 d0 00 93 00000000: c8 40 af f7 46 6f 7b eb d2 b9 1c 5a 80 d0 00 93
00000010: c2 5e 44 16 40 47 f7 8e 61 9c da a5 16 94 83 c5 00000010: c2 5e 44 16 40 47 f7 8e 61 9c da a5 16 94 83 c5
00000020: 68 5f e8 4d 03 e7 c2 cd 08 07 b8 f3 46 66 6d 05 00000020: 68 5f e8 4d 03 e7 c2 cd 08 07 b8 f3 46 66 6d 05
00000030: 76 c0 d5 e7 60 1d 59 49 09 45 52 c4 95 a7 5a d3 00000030: 76 c0 d5 e7 60 1d 59 49 09 45 52 c4 95 a7 5a d3
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.47" derivedCounter="(115)">
<t indent="0" pn="section-appendix.a.2.1-13.47.1">
Computes K1r (i1 = 0) Computes K1r (i1 = 0)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.47.2">
00000000: 35 e4 d1 65 2e ec 24 89 e4 c9 58 b1 b9 05 1b 83 00000000: 35 e4 d1 65 2e ec 24 89 e4 c9 58 b1 b9 05 1b 83
00000010: 62 5e 65 d7 61 73 d9 1c cf 84 60 64 b9 f2 e7 51 00000010: 62 5e 65 d7 61 73 d9 1c cf 84 60 64 b9 f2 e7 51
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.48" derivedCounter="(116)">
<t indent="0" pn="section-appendix.a.2.1-13.48.1">
Computes K2r (i2 = 0) Computes K2r (i2 = 0)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.48.2">
00000000: 86 8c 89 42 41 d7 30 da 1a 4a 67 69 3a 32 4d 38 00000000: 86 8c 89 42 41 d7 30 da 1a 4a 67 69 3a 32 4d 38
00000010: f3 54 02 9f f7 7d b7 bc 5a ee 3b 60 2b 3f 05 56 00000010: f3 54 02 9f f7 7d b7 bc 5a ee 3b 60 2b 3f 05 56
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.49" derivedCounter="(117)">
<t indent="0" pn="section-appendix.a.2.1-13.49.1">
Computes K3r (i3 = 0) Computes K3r (i3 = 0)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.49.2">
00000000: 31 95 e8 c6 67 af 42 d8 ce f1 e8 99 c6 8b 2a c2 00000000: 31 95 e8 c6 67 af 42 d8 ce f1 e8 99 c6 8b 2a c2
00000010: 29 aa 3d c0 ff 18 5f 3d 79 4a 14 6b 9f ac d0 bb 00000010: 29 aa 3d c0 ff 18 5f 3d 79 4a 14 6b 9f ac d0 bb
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.50" derivedCounter="(118)">
<t indent="0" pn="section-appendix.a.2.1-13.50.1">
Selects SPI for incoming ESP SA Selects SPI for incoming ESP SA
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.50.2">
00000000: 34 ff 8a 25 00000000: 34 ff 8a 25
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.51" derivedCounter="(119)">
<t indent="0" pn="section-appendix.a.2.1-13.51.1">
Creates message splitting it into 4 fragments Creates message splitting it into 4 fragments
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.51.2">
IKE SA Auth IKE SA Auth
#9280E0822E758778.DB578D97DE119D1E.00000001 IKEv2 I<=R[1563] #9280E0822E758778.DB578D97DE119D1E.00000001 IKEv2 I&lt;=R[1563]
E[1535]->4*EF[...]{ E[1535]-&gt;4*EF[...]{
IDr[78](DN){CN=IKE Interop Test Server,O=ELVIS-PLUS,C=RU}, IDr[78](DN){CN=IKE Interop Test Server,O=ELVIS-PLUS,C=RU},
CERT[1211](X.509 Cert){308204...FB346D}, CERT[1211](X.509 Cert){308204...FB346D},
AUTH[85](Sig){id-tc26-signwithdigest-gost3410-12-256[12]: AUTH[85](Sig){id-tc26-signwithdigest-gost3410-12-256[12]:
C840AF...A75AD3}, C840AF...A75AD3},
N[8](INITIAL_CONTACT), N[8](INITIAL_CONTACT),
N[12](SET_WINDOW_SIZE){64}, N[12](SET_WINDOW_SIZE){64},
CP[16](REPLY){IP4.Address[4]=10.1.1.3}, CP[16](REPLY){IP4.Address[4]=10.1.1.3},
SA[32]{ SA[32]{
P[28](#1:ESP:34FF8A25:2#){ P[28](#1:ESP:34FF8A25:2#){
Encryption=ENCR_MAGMA_MGM_KTREE, Encryption=ENCR_MAGMA_MGM_KTREE,
ESN=Off}}, ESN=Off}},
TSi[24](1#){10.1.1.3}, TSi[24](1#){10.1.1.3},
TSr[24](1#){10.0.0.0-10.0.0.255}, TSr[24](1#){10.0.0.0-10.0.0.255},
N[8](ADDITIONAL_TS_POSSIBLE), N[8](ADDITIONAL_TS_POSSIBLE),
N[8](ESP_TFC_PADDING_NOT_SUPPORTED), N[8](ESP_TFC_PADDING_NOT_SUPPORTED),
N[8](NON_FIRST_FRAGMENTS_ALSO)} N[8](NON_FIRST_FRAGMENTS_ALSO)}
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.52" derivedCounter="(120)">
<t indent="0" pn="section-appendix.a.2.1-13.52.1">
Composes MGM nonce (fragment 1) Composes MGM nonce (fragment 1)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.52.2">
00000000: 00 00 00 00 a5 bb 18 2f 00000000: 00 00 00 00 a5 bb 18 2f
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.53" derivedCounter="(121)">
<t indent="0" pn="section-appendix.a.2.1-13.53.1">
Composes AAD (fragment 1) Composes AAD (fragment 1)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.53.2">
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e 00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 35 20 23 20 00 00 00 01 00 00 02 20 24 00 02 04 00000010: 35 20 23 20 00 00 00 01 00 00 02 20 24 00 02 04
00000020: 00 01 00 04 00000020: 00 01 00 04
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.54" derivedCounter="(122)">
<t indent="0" pn="section-appendix.a.2.1-13.54.1">
Composes plaintext (fragment 1) Composes plaintext (fragment 1)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.54.2">
00000000: 25 00 00 4e 09 00 00 00 30 44 31 20 30 1e 06 03 00000000: 25 00 00 4e 09 00 00 00 30 44 31 20 30 1e 06 03
00000010: 55 04 03 13 17 49 4b 45 20 49 6e 74 65 72 6f 70 00000010: 55 04 03 13 17 49 4b 45 20 49 6e 74 65 72 6f 70
00000020: 20 54 65 73 74 20 53 65 72 76 65 72 31 13 30 11 00000020: 20 54 65 73 74 20 53 65 72 76 65 72 31 13 30 11
00000030: 06 03 55 04 0a 13 0a 45 4c 56 49 53 2d 50 4c 55 00000030: 06 03 55 04 0a 13 0a 45 4c 56 49 53 2d 50 4c 55
00000040: 53 31 0b 30 09 06 03 55 04 06 13 02 52 55 27 00 00000040: 53 31 0b 30 09 06 03 55 04 06 13 02 52 55 27 00
00000050: 04 bb 04 30 82 04 b2 30 82 04 5f a0 03 02 01 02 00000050: 04 bb 04 30 82 04 b2 30 82 04 5f a0 03 02 01 02
00000060: 02 13 7c 00 03 d9 02 ec f9 34 3e c8 aa d6 59 00 00000060: 02 13 7c 00 03 d9 02 ec f9 34 3e c8 aa d6 59 00
00000070: 01 00 03 d9 02 30 0a 06 08 2a 85 03 07 01 01 03 00000070: 01 00 03 d9 02 30 0a 06 08 2a 85 03 07 01 01 03
00000080: 02 30 82 01 0a 31 18 30 16 06 05 2a 85 03 64 01 00000080: 02 30 82 01 0a 31 18 30 16 06 05 2a 85 03 64 01
00000090: 12 0d 31 32 33 34 35 36 37 38 39 30 31 32 33 31 00000090: 12 0d 31 32 33 34 35 36 37 38 39 30 31 32 33 31
skipping to change at line 6401 skipping to change at line 6677
00000150: 9e 22 31 3b 30 39 06 03 55 04 03 0c 32 d0 a2 d0 00000150: 9e 22 31 3b 30 39 06 03 55 04 03 0c 32 d0 a2 d0
00000160: b5 d1 81 d1 82 d0 be d0 b2 d1 8b d0 b9 20 d0 a3 00000160: b5 d1 81 d1 82 d0 be d0 b2 d1 8b d0 b9 20 d0 a3
00000170: d0 a6 20 d0 9e d0 9e d0 9e 20 22 d0 9a d0 a0 d0 00000170: d0 a6 20 d0 9e d0 9e d0 9e 20 22 d0 9a d0 a0 d0
00000180: 98 d0 9f d0 a2 d0 9e 2d d0 9f d0 a0 d0 9e 22 30 00000180: 98 d0 9f d0 a2 d0 9e 2d d0 9f d0 a0 d0 9e 22 30
00000190: 1e 17 0d 32 31 30 39 33 30 31 33 32 34 30 36 5a 00000190: 1e 17 0d 32 31 30 39 33 30 31 33 32 34 30 36 5a
000001A0: 17 0d 32 31 31 32 33 30 31 33 33 34 30 36 5a 30 000001A0: 17 0d 32 31 31 32 33 30 31 33 33 34 30 36 5a 30
000001B0: 44 31 20 30 1e 06 03 55 04 03 13 17 49 4b 45 20 000001B0: 44 31 20 30 1e 06 03 55 04 03 13 17 49 4b 45 20
000001C0: 49 6e 74 65 72 6f 70 20 54 65 73 74 20 53 65 72 000001C0: 49 6e 74 65 72 6f 70 20 54 65 73 74 20 53 65 72
000001D0: 76 65 72 31 13 30 11 06 03 55 04 0a 13 0a 45 4c 000001D0: 76 65 72 31 13 30 11 06 03 55 04 0a 13 0a 45 4c
000001E0: 56 49 53 2d 50 4c 55 53 31 0b 30 00 000001E0: 56 49 53 2d 50 4c 55 53 31 0b 30 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.55" derivedCounter="(123)">
Encrypts plaintext using K3r as K_msg, resulted in ciphertext (fragment 1) <t indent="0" pn="section-appendix.a.2.1-13.55.1">
<sourcecode type="test-vectors"> Encrypts plaintext using K3r as K_msg, resulting in ciphertext (fragment 1)
<![CDATA[ </t>
<sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.55.2">
00000000: 73 f2 45 3e fb 6a 26 28 67 7d 14 e3 bf 0a 90 74 00000000: 73 f2 45 3e fb 6a 26 28 67 7d 14 e3 bf 0a 90 74
00000010: c9 95 6a 40 d5 4e a6 77 cf 58 2e b8 ae 52 f4 25 00000010: c9 95 6a 40 d5 4e a6 77 cf 58 2e b8 ae 52 f4 25
00000020: f7 82 bc d9 f0 74 4e 38 51 90 07 70 27 f8 01 27 00000020: f7 82 bc d9 f0 74 4e 38 51 90 07 70 27 f8 01 27
00000030: 17 da f4 ba bc 1e 02 0b 73 ec cc 7b f8 b3 68 64 00000030: 17 da f4 ba bc 1e 02 0b 73 ec cc 7b f8 b3 68 64
00000040: f3 48 65 33 3b ab ac 19 11 d3 f7 78 b4 f8 d1 3f 00000040: f3 48 65 33 3b ab ac 19 11 d3 f7 78 b4 f8 d1 3f
00000050: 6d 46 93 37 a6 58 48 3a 7d d0 8a 9c 84 ab de eb 00000050: 6d 46 93 37 a6 58 48 3a 7d d0 8a 9c 84 ab de eb
00000060: 0d d4 8d ab 75 20 18 27 42 fe 24 ee ba c4 a4 6e 00000060: 0d d4 8d ab 75 20 18 27 42 fe 24 ee ba c4 a4 6e
00000070: db 80 68 3c 84 7e d6 36 50 d4 1b 1c bc c5 9f 18 00000070: db 80 68 3c 84 7e d6 36 50 d4 1b 1c bc c5 9f 18
00000080: 41 af 48 52 c1 7e a2 f0 e4 bc 0a 3c 64 34 81 ca 00000080: 41 af 48 52 c1 7e a2 f0 e4 bc 0a 3c 64 34 81 ca
00000090: df 96 ba 51 91 f1 06 13 b2 04 23 c8 70 3a ea 64 00000090: df 96 ba 51 91 f1 06 13 b2 04 23 c8 70 3a ea 64
skipping to change at line 6439 skipping to change at line 6715
00000150: 84 bd 45 e0 8e d9 27 a3 07 f2 63 79 b0 a8 62 9f 00000150: 84 bd 45 e0 8e d9 27 a3 07 f2 63 79 b0 a8 62 9f
00000160: 5f ba dc a7 f5 54 b8 4f 4f bb 1e a2 16 4b 4f 2d 00000160: 5f ba dc a7 f5 54 b8 4f 4f bb 1e a2 16 4b 4f 2d
00000170: d4 08 4e 45 c2 c0 60 3b 73 df 6b 35 3a fe 38 2e 00000170: d4 08 4e 45 c2 c0 60 3b 73 df 6b 35 3a fe 38 2e
00000180: 25 75 fc be 89 4c d2 7a 9c 1f b4 41 a6 31 d3 3d 00000180: 25 75 fc be 89 4c d2 7a 9c 1f b4 41 a6 31 d3 3d
00000190: 39 a6 d1 c4 47 94 44 30 3a 2b 23 22 ba c0 a9 df 00000190: 39 a6 d1 c4 47 94 44 30 3a 2b 23 22 ba c0 a9 df
000001A0: dc 1c 90 8d d1 e8 13 f9 08 68 5a 94 98 c7 3f 47 000001A0: dc 1c 90 8d d1 e8 13 f9 08 68 5a 94 98 c7 3f 47
000001B0: 77 79 b5 bb fb 22 56 4b 38 55 48 e8 14 d4 01 eb 000001B0: 77 79 b5 bb fb 22 56 4b 38 55 48 e8 14 d4 01 eb
000001C0: 63 e9 17 da 24 69 9a 6d dc 1e 25 06 ef 77 10 46 000001C0: 63 e9 17 da 24 69 9a 6d dc 1e 25 06 ef 77 10 46
000001D0: ad 99 ad 9c 54 4f d4 68 64 ea 05 1d ef 29 ea 0e 000001D0: ad 99 ad 9c 54 4f d4 68 64 ea 05 1d ef 29 ea 0e
000001E0: 3c 1c 7e 27 cf 59 76 42 5b 02 04 b8 000001E0: 3c 1c 7e 27 cf 59 76 42 5b 02 04 b8
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.56" derivedCounter="(124)">
<t indent="0" pn="section-appendix.a.2.1-13.56.1">
Computes ICV using K3r as K_msg (fragment 1) Computes ICV using K3r as K_msg (fragment 1)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.56.2">
00000000: 96 08 17 ed ef 01 4d a0 00000000: 96 08 17 ed ef 01 4d a0
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.57" derivedCounter="(125)">
<t indent="0" pn="section-appendix.a.2.1-13.57.1">
Composes IV (fragment 1) Composes IV (fragment 1)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.57.2">
00000000: 00 00 00 00 00 00 00 00 00000000: 00 00 00 00 00 00 00 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.58" derivedCounter="(126)">
<t indent="0" pn="section-appendix.a.2.1-13.58.1">
Composes MGM nonce (fragment 2) Composes MGM nonce (fragment 2)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.58.2">
00000000: 00 00 00 01 a5 bb 18 2f 00000000: 00 00 00 01 a5 bb 18 2f
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.59" derivedCounter="(127)">
<t indent="0" pn="section-appendix.a.2.1-13.59.1">
Composes AAD (fragment 2) Composes AAD (fragment 2)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.59.2">
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e 00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 35 20 23 20 00 00 00 01 00 00 02 20 00 00 02 04 00000010: 35 20 23 20 00 00 00 01 00 00 02 20 00 00 02 04
00000020: 00 02 00 04 00000020: 00 02 00 04
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.60" derivedCounter="(128)">
<t indent="0" pn="section-appendix.a.2.1-13.60.1">
Composes plaintext (fragment 2) Composes plaintext (fragment 2)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.60.2">
00000000: 09 06 03 55 04 06 13 02 52 55 30 66 30 1f 06 08 00000000: 09 06 03 55 04 06 13 02 52 55 30 66 30 1f 06 08
00000010: 2a 85 03 07 01 01 01 01 30 13 06 07 2a 85 03 02 00000010: 2a 85 03 07 01 01 01 01 30 13 06 07 2a 85 03 02
00000020: 02 24 00 06 08 2a 85 03 07 01 01 02 02 03 43 00 00000020: 02 24 00 06 08 2a 85 03 07 01 01 02 02 03 43 00
00000030: 04 40 5b b3 14 3e f4 70 c1 70 d7 f3 27 25 d8 53 00000030: 04 40 5b b3 14 3e f4 70 c1 70 d7 f3 27 25 d8 53
00000040: 7c e6 de 6d 8c 29 f6 b2 32 64 56 dc b1 77 f2 3d 00000040: 7c e6 de 6d 8c 29 f6 b2 32 64 56 dc b1 77 f2 3d
00000050: fa f4 2a 5c f3 74 86 7f 04 72 51 c1 cf b3 43 36 00000050: fa f4 2a 5c f3 74 86 7f 04 72 51 c1 cf b3 43 36
00000060: f5 95 a2 af 05 47 57 1a 55 c0 78 a4 9d 64 26 b8 00000060: f5 95 a2 af 05 47 57 1a 55 c0 78 a4 9d 64 26 b8
00000070: 61 14 a3 82 02 59 30 82 02 55 30 0e 06 03 55 1d 00000070: 61 14 a3 82 02 59 30 82 02 55 30 0e 06 03 55 1d
00000080: 0f 01 01 ff 04 04 03 02 05 a0 30 13 06 03 55 1d 00000080: 0f 01 01 ff 04 04 03 02 05 a0 30 13 06 03 55 1d
00000090: 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 11 30 00000090: 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 11 30
skipping to change at line 6511 skipping to change at line 6787
00000150: 25 32 30 21 30 34 32 33 21 30 34 32 36 25 32 30 00000150: 25 32 30 21 30 34 32 33 21 30 34 32 36 25 32 30
00000160: 21 30 34 31 65 21 30 34 31 65 21 30 34 31 65 25 00000160: 21 30 34 31 65 21 30 34 31 65 21 30 34 31 65 25
00000170: 32 30 21 30 30 32 32 21 30 34 31 61 21 30 34 32 00000170: 32 30 21 30 30 32 32 21 30 34 31 61 21 30 34 32
00000180: 30 21 30 34 31 38 21 30 34 31 66 21 30 34 32 32 00000180: 30 21 30 34 31 38 21 30 34 31 66 21 30 34 32 32
00000190: 21 30 34 31 65 2d 21 30 34 31 66 21 30 34 32 30 00000190: 21 30 34 31 65 2d 21 30 34 31 66 21 30 34 32 30
000001A0: 21 30 34 31 65 21 30 30 32 32 28 31 29 2e 63 72 000001A0: 21 30 34 31 65 21 30 30 32 32 28 31 29 2e 63 72
000001B0: 6c 86 3f 68 74 74 70 3a 2f 2f 74 65 73 74 67 6f 000001B0: 6c 86 3f 68 74 74 70 3a 2f 2f 74 65 73 74 67 6f
000001C0: 73 74 32 30 31 32 2e 63 72 79 70 74 6f 70 72 6f 000001C0: 73 74 32 30 31 32 2e 63 72 79 70 74 6f 70 72 6f
000001D0: 2e 72 75 2f 43 65 72 74 45 6e 72 6f 6c 6c 2f 74 000001D0: 2e 72 75 2f 43 65 72 74 45 6e 72 6f 6c 6c 2f 74
000001E0: 65 73 74 67 6f 73 74 32 30 31 32 00 000001E0: 65 73 74 67 6f 73 74 32 30 31 32 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.61" derivedCounter="(129)">
Encrypts plaintext using K3r as K_msg, resulted in ciphertext (fragment 2) <t indent="0" pn="section-appendix.a.2.1-13.61.1">
<sourcecode type="test-vectors"> Encrypts plaintext using K3r as K_msg, resulting in ciphertext (fragment 2)
<![CDATA[ </t>
<sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.61.2">
00000000: b1 c8 8d ae d9 6f 91 7e 5a 6a 2d 8c e0 d6 28 3e 00000000: b1 c8 8d ae d9 6f 91 7e 5a 6a 2d 8c e0 d6 28 3e
00000010: 10 59 46 12 a1 1e fa 53 c3 58 ec 4e a9 a5 92 0c 00000010: 10 59 46 12 a1 1e fa 53 c3 58 ec 4e a9 a5 92 0c
00000020: fa 5e cf a3 33 4a 8b b7 56 66 54 d9 9c 64 2e b6 00000020: fa 5e cf a3 33 4a 8b b7 56 66 54 d9 9c 64 2e b6
00000030: 4d 03 3f 77 a8 17 88 f6 23 e0 2e 56 a6 a2 4c 4d 00000030: 4d 03 3f 77 a8 17 88 f6 23 e0 2e 56 a6 a2 4c 4d
00000040: 6e e3 09 8a 2e 31 a1 85 1c cf ce 95 e7 73 93 8e 00000040: 6e e3 09 8a 2e 31 a1 85 1c cf ce 95 e7 73 93 8e
00000050: 9c 5a 7b 3b 49 75 96 69 d4 b0 46 f7 74 b0 0d 5d 00000050: 9c 5a 7b 3b 49 75 96 69 d4 b0 46 f7 74 b0 0d 5d
00000060: 91 3b 6d 2b a4 46 cc 5c d9 a8 38 c0 6b ad 73 35 00000060: 91 3b 6d 2b a4 46 cc 5c d9 a8 38 c0 6b ad 73 35
00000070: 09 aa c7 4c 91 8a 84 1c dd 3f e1 44 f7 c5 9c 61 00000070: 09 aa c7 4c 91 8a 84 1c dd 3f e1 44 f7 c5 9c 61
00000080: 0e b7 03 6b 84 cc 8e 93 5b d5 f6 7e 71 3a f4 2c 00000080: 0e b7 03 6b 84 cc 8e 93 5b d5 f6 7e 71 3a f4 2c
00000090: 98 14 ad 47 e3 c3 70 dc e3 3e c0 a5 e0 e4 6d 01 00000090: 98 14 ad 47 e3 c3 70 dc e3 3e c0 a5 e0 e4 6d 01
skipping to change at line 6549 skipping to change at line 6825
00000150: 6c 92 0d 3b 4c ab 6e d7 23 05 ea 73 07 62 e8 c0 00000150: 6c 92 0d 3b 4c ab 6e d7 23 05 ea 73 07 62 e8 c0
00000160: e8 78 47 af 54 c8 67 8f dd 32 59 8d 87 ac 42 0e 00000160: e8 78 47 af 54 c8 67 8f dd 32 59 8d 87 ac 42 0e
00000170: 21 15 c4 f7 66 dc 02 cf 55 c2 e3 4d 8e 91 7a fd 00000170: 21 15 c4 f7 66 dc 02 cf 55 c2 e3 4d 8e 91 7a fd
00000180: d7 4d 20 b0 6f 67 78 58 08 9c ba 05 8b b0 9c 16 00000180: d7 4d 20 b0 6f 67 78 58 08 9c ba 05 8b b0 9c 16
00000190: 20 51 75 12 96 e2 d5 28 ac 3e 50 26 04 6f 59 02 00000190: 20 51 75 12 96 e2 d5 28 ac 3e 50 26 04 6f 59 02
000001A0: 28 e0 ec 2c da 70 4a 9c 15 5a 2e 52 01 e6 4e 1e 000001A0: 28 e0 ec 2c da 70 4a 9c 15 5a 2e 52 01 e6 4e 1e
000001B0: 10 6d 8d 5d 2a 81 69 0e 54 d0 5e 13 82 82 84 9a 000001B0: 10 6d 8d 5d 2a 81 69 0e 54 d0 5e 13 82 82 84 9a
000001C0: ac a6 0e 69 4e 17 5c c1 8a 71 f8 b4 80 3b 7a e5 000001C0: ac a6 0e 69 4e 17 5c c1 8a 71 f8 b4 80 3b 7a e5
000001D0: b8 1f 09 4a 02 14 24 07 af 6a 14 d9 52 8e da d3 000001D0: b8 1f 09 4a 02 14 24 07 af 6a 14 d9 52 8e da d3
000001E0: 58 23 68 71 27 b2 9a 03 09 f7 80 51 000001E0: 58 23 68 71 27 b2 9a 03 09 f7 80 51
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.62" derivedCounter="(130)">
<t indent="0" pn="section-appendix.a.2.1-13.62.1">
Computes ICV using K3r as K_msg (fragment 2) Computes ICV using K3r as K_msg (fragment 2)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.62.2">
00000000: 89 bd 07 12 fc 3f 15 8d 00000000: 89 bd 07 12 fc 3f 15 8d
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.63" derivedCounter="(131)">
<t indent="0" pn="section-appendix.a.2.1-13.63.1">
Composes IV (fragment 2) Composes IV (fragment 2)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.63.2">
00000000: 00 00 00 00 00 00 00 01 00000000: 00 00 00 00 00 00 00 01
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.64" derivedCounter="(132)">
<t indent="0" pn="section-appendix.a.2.1-13.64.1">
Composes MGM nonce (fragment 3) Composes MGM nonce (fragment 3)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.64.2">
00000000: 00 00 00 02 a5 bb 18 2f 00000000: 00 00 00 02 a5 bb 18 2f
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.65" derivedCounter="(133)">
<t indent="0" pn="section-appendix.a.2.1-13.65.1">
Composes AAD (fragment 3) Composes AAD (fragment 3)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.65.2">
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e 00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 35 20 23 20 00 00 00 01 00 00 02 20 00 00 02 04 00000010: 35 20 23 20 00 00 00 01 00 00 02 20 00 00 02 04
00000020: 00 03 00 04 00000020: 00 03 00 04
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.66" derivedCounter="(134)">
<t indent="0" pn="section-appendix.a.2.1-13.66.1">
Composes plaintext (fragment 3) Composes plaintext (fragment 3)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.66.2">
00000000: 28 31 29 2e 63 72 6c 30 81 da 06 08 2b 06 01 05 00000000: 28 31 29 2e 63 72 6c 30 81 da 06 08 2b 06 01 05
00000010: 05 07 01 01 04 81 cd 30 81 ca 30 44 06 08 2b 06 00000010: 05 07 01 01 04 81 cd 30 81 ca 30 44 06 08 2b 06
00000020: 01 05 05 07 30 02 86 38 68 74 74 70 3a 2f 2f 74 00000020: 01 05 05 07 30 02 86 38 68 74 74 70 3a 2f 2f 74
00000030: 65 73 74 67 6f 73 74 32 30 31 32 2e 63 72 79 70 00000030: 65 73 74 67 6f 73 74 32 30 31 32 2e 63 72 79 70
00000040: 74 6f 70 72 6f 2e 72 75 2f 43 65 72 74 45 6e 72 00000040: 74 6f 70 72 6f 2e 72 75 2f 43 65 72 74 45 6e 72
00000050: 6f 6c 6c 2f 72 6f 6f 74 32 30 31 38 2e 63 72 74 00000050: 6f 6c 6c 2f 72 6f 6f 74 32 30 31 38 2e 63 72 74
00000060: 30 3f 06 08 2b 06 01 05 05 07 30 01 86 33 68 74 00000060: 30 3f 06 08 2b 06 01 05 05 07 30 01 86 33 68 74
00000070: 74 70 3a 2f 2f 74 65 73 74 67 6f 73 74 32 30 31 00000070: 74 70 3a 2f 2f 74 65 73 74 67 6f 73 74 32 30 31
00000080: 32 2e 63 72 79 70 74 6f 70 72 6f 2e 72 75 2f 6f 00000080: 32 2e 63 72 79 70 74 6f 70 72 6f 2e 72 75 2f 6f
00000090: 63 73 70 32 30 31 32 67 2f 6f 63 73 70 2e 73 72 00000090: 63 73 70 32 30 31 32 67 2f 6f 63 73 70 2e 73 72
skipping to change at line 6621 skipping to change at line 6897
00000150: d2 b9 1c 5a 80 d0 00 93 c2 5e 44 16 40 47 f7 8e 00000150: d2 b9 1c 5a 80 d0 00 93 c2 5e 44 16 40 47 f7 8e
00000160: 61 9c da a5 16 94 83 c5 68 5f e8 4d 03 e7 c2 cd 00000160: 61 9c da a5 16 94 83 c5 68 5f e8 4d 03 e7 c2 cd
00000170: 08 07 b8 f3 46 66 6d 05 76 c0 d5 e7 60 1d 59 49 00000170: 08 07 b8 f3 46 66 6d 05 76 c0 d5 e7 60 1d 59 49
00000180: 09 45 52 c4 95 a7 5a d3 29 00 00 08 00 00 40 00 00000180: 09 45 52 c4 95 a7 5a d3 29 00 00 08 00 00 40 00
00000190: 2f 00 00 0c 00 00 40 01 00 00 00 40 21 00 00 10 00000190: 2f 00 00 0c 00 00 40 01 00 00 00 40 21 00 00 10
000001A0: 02 00 00 00 00 01 00 04 0a 01 01 03 2c 00 00 20 000001A0: 02 00 00 00 00 01 00 04 0a 01 01 03 2c 00 00 20
000001B0: 00 00 00 1c 01 03 04 02 34 ff 8a 25 03 00 00 08 000001B0: 00 00 00 1c 01 03 04 02 34 ff 8a 25 03 00 00 08
000001C0: 01 00 00 21 00 00 00 08 05 00 00 00 2d 00 00 18 000001C0: 01 00 00 21 00 00 00 08 05 00 00 00 2d 00 00 18
000001D0: 01 00 00 00 07 00 00 10 00 00 ff ff 0a 01 01 03 000001D0: 01 00 00 00 07 00 00 10 00 00 ff ff 0a 01 01 03
000001E0: 0a 01 01 03 29 00 00 18 01 00 00 00 000001E0: 0a 01 01 03 29 00 00 18 01 00 00 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.67" derivedCounter="(135)">
Encrypts plaintext using K3r as K_msg, resulted in ciphertext (fragment 3) <t indent="0" pn="section-appendix.a.2.1-13.67.1">
<sourcecode type="test-vectors"> Encrypts plaintext using K3r as K_msg, resulting in ciphertext (fragment 3)
<![CDATA[ </t>
<sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.67.2">
00000000: 08 e0 86 04 1f 8a c9 b5 68 cd 96 10 ab 59 99 3a 00000000: 08 e0 86 04 1f 8a c9 b5 68 cd 96 10 ab 59 99 3a
00000010: 54 7b a9 fa d7 60 46 ec c3 bf bd 8f fa 03 ed 41 00000010: 54 7b a9 fa d7 60 46 ec c3 bf bd 8f fa 03 ed 41
00000020: 49 13 ca 8c 9c b8 0c df 81 25 e2 30 ca cb 65 b9 00000020: 49 13 ca 8c 9c b8 0c df 81 25 e2 30 ca cb 65 b9
00000030: 16 55 8e 67 f4 b3 7c b8 91 66 76 7c a4 15 98 a3 00000030: 16 55 8e 67 f4 b3 7c b8 91 66 76 7c a4 15 98 a3
00000040: 3a c9 48 64 e4 ce 9f 64 67 5d bb 7c 03 23 9e c9 00000040: 3a c9 48 64 e4 ce 9f 64 67 5d bb 7c 03 23 9e c9
00000050: 81 3f da 48 ee a6 2a d8 fb ac 77 ce ed c2 a4 d9 00000050: 81 3f da 48 ee a6 2a d8 fb ac 77 ce ed c2 a4 d9
00000060: 24 d3 71 99 fc 71 2b 6c 10 d3 c3 4b b5 37 e2 55 00000060: 24 d3 71 99 fc 71 2b 6c 10 d3 c3 4b b5 37 e2 55
00000070: 5f d5 ee c0 d6 ff 66 15 8c e5 63 26 96 cd 3f 49 00000070: 5f d5 ee c0 d6 ff 66 15 8c e5 63 26 96 cd 3f 49
00000080: 2b da 51 94 55 6e 2e e5 2e d1 b4 91 81 50 85 8a 00000080: 2b da 51 94 55 6e 2e e5 2e d1 b4 91 81 50 85 8a
00000090: 84 bd fe 52 ec ce 1b 6b bd 7d 12 b4 de a5 88 c4 00000090: 84 bd fe 52 ec ce 1b 6b bd 7d 12 b4 de a5 88 c4
skipping to change at line 6659 skipping to change at line 6935
00000150: 2a 88 e2 ce fe 75 ca fa 25 f9 2e 88 8c ed 6f dd 00000150: 2a 88 e2 ce fe 75 ca fa 25 f9 2e 88 8c ed 6f dd
00000160: c3 c5 53 2e da 14 fd 96 28 4a b7 81 3a b3 d5 44 00000160: c3 c5 53 2e da 14 fd 96 28 4a b7 81 3a b3 d5 44
00000170: 26 e2 84 21 f2 5c 0a ed bf c4 34 1c a4 91 5e f3 00000170: 26 e2 84 21 f2 5c 0a ed bf c4 34 1c a4 91 5e f3
00000180: 47 ef 0e 9e fb ee 34 95 5d 21 72 43 c9 63 af b4 00000180: 47 ef 0e 9e fb ee 34 95 5d 21 72 43 c9 63 af b4
00000190: f2 98 4a 36 57 77 fc e7 57 52 b2 4d bf 34 2a 98 00000190: f2 98 4a 36 57 77 fc e7 57 52 b2 4d bf 34 2a 98
000001A0: ea 70 cd d7 a9 da 4c 0d 19 05 d4 1e dd 36 c7 c4 000001A0: ea 70 cd d7 a9 da 4c 0d 19 05 d4 1e dd 36 c7 c4
000001B0: 31 54 18 2a ef 0e 30 44 97 31 15 57 cd d4 88 52 000001B0: 31 54 18 2a ef 0e 30 44 97 31 15 57 cd d4 88 52
000001C0: 4e 42 c8 20 89 8d 35 7b 8e 03 96 b4 74 fb ec 3b 000001C0: 4e 42 c8 20 89 8d 35 7b 8e 03 96 b4 74 fb ec 3b
000001D0: 14 c2 64 49 92 f2 1f 3d ff 84 2d 92 4c b9 01 04 000001D0: 14 c2 64 49 92 f2 1f 3d ff 84 2d 92 4c b9 01 04
000001E0: 3d 0a 2a 28 33 de 43 44 6b cf 79 0e 000001E0: 3d 0a 2a 28 33 de 43 44 6b cf 79 0e
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.68" derivedCounter="(136)">
<t indent="0" pn="section-appendix.a.2.1-13.68.1">
Computes ICV using K3r as K_msg (fragment 3) Computes ICV using K3r as K_msg (fragment 3)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.68.2">
00000000: 7d 7c 57 8f 91 d0 c9 eb 00000000: 7d 7c 57 8f 91 d0 c9 eb
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.69" derivedCounter="(137)">
<t indent="0" pn="section-appendix.a.2.1-13.69.1">
Composes IV (fragment 3) Composes IV (fragment 3)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.69.2">
00000000: 00 00 00 00 00 00 00 02 00000000: 00 00 00 00 00 00 00 02
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.70" derivedCounter="(138)">
<t indent="0" pn="section-appendix.a.2.1-13.70.1">
Composes MGM nonce (fragment 4) Composes MGM nonce (fragment 4)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.70.2">
00000000: 00 00 00 03 a5 bb 18 2f 00000000: 00 00 00 03 a5 bb 18 2f
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.71" derivedCounter="(139)">
<t indent="0" pn="section-appendix.a.2.1-13.71.1">
Composes AAD (fragment 4) Composes AAD (fragment 4)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.71.2">
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e 00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 35 20 23 20 00 00 00 01 00 00 00 5e 00 00 00 42 00000010: 35 20 23 20 00 00 00 01 00 00 00 5e 00 00 00 42
00000020: 00 04 00 04 00000020: 00 04 00 04
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.72" derivedCounter="(140)">
<t indent="0" pn="section-appendix.a.2.1-13.72.1">
Composes plaintext (fragment 4) Composes plaintext (fragment 4)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.72.2">
00000000: 00 07 00 00 10 00 00 ff ff 0a 00 00 00 0a 00 00 00000000: 00 07 00 00 10 00 00 ff ff 0a 00 00 00 0a 00 00
00000010: ff 29 00 00 08 00 00 40 02 29 00 00 08 00 00 40 00000010: ff 29 00 00 08 00 00 40 02 29 00 00 08 00 00 40
00000020: 0a 00 00 00 08 00 00 40 0b 00 00000020: 0a 00 00 00 08 00 00 40 0b 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.73" derivedCounter="(141)">
Encrypts plaintext using K3r as K_msg, resulted in ciphertext (fragment 4) <t indent="0" pn="section-appendix.a.2.1-13.73.1">
<sourcecode type="test-vectors"> Encrypts plaintext using K3r as K_msg, resulting in ciphertext (fragment 4)
<![CDATA[ </t>
<sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.73.2">
00000000: 81 fa 5d 7a 67 13 b7 93 f4 2c 01 b8 d1 02 8c ab 00000000: 81 fa 5d 7a 67 13 b7 93 f4 2c 01 b8 d1 02 8c ab
00000010: 8e 80 47 25 6e c5 69 e3 0c 84 cd 35 9a 0f 7a cc 00000010: 8e 80 47 25 6e c5 69 e3 0c 84 cd 35 9a 0f 7a cc
00000020: 0a 92 7a 74 77 dc ba 60 ac 4a 00000020: 0a 92 7a 74 77 dc ba 60 ac 4a
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.74" derivedCounter="(142)">
<t indent="0" pn="section-appendix.a.2.1-13.74.1">
Computes ICV using K3r as K_msg (fragment 4) Computes ICV using K3r as K_msg (fragment 4)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.74.2">
00000000: 6c 27 70 e0 8a 82 bd 4b 00000000: 6c 27 70 e0 8a 82 bd 4b
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.75" derivedCounter="(143)">
<t indent="0" pn="section-appendix.a.2.1-13.75.1">
Composes IV (fragment 4) Composes IV (fragment 4)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-13.75.2">
00000000: 00 00 00 00 00 00 00 03 00000000: 00 00 00 00 00 00 00 03
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.76" derivedCounter="(144)">
Sends message fragment (1) <t indent="0" pn="section-appendix.a.2.1-13.76.1">
, peer receives message fragment (1) Sends message fragment (1), peer receives message fragment (1)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
10.111.10.171:54295<-10.111.15.45:4500 [548] ix.a.2.1-13.76.2">
10.111.10.171:54295&lt;-10.111.15.45:4500 [548]
00000000: 00 00 00 00 92 80 e0 82 2e 75 87 78 db 57 8d 97 00000000: 00 00 00 00 92 80 e0 82 2e 75 87 78 db 57 8d 97
00000010: de 11 9d 1e 35 20 23 20 00 00 00 01 00 00 02 20 00000010: de 11 9d 1e 35 20 23 20 00 00 00 01 00 00 02 20
00000020: 24 00 02 04 00 01 00 04 00 00 00 00 00 00 00 00 00000020: 24 00 02 04 00 01 00 04 00 00 00 00 00 00 00 00
00000030: 73 f2 45 3e fb 6a 26 28 67 7d 14 e3 bf 0a 90 74 00000030: 73 f2 45 3e fb 6a 26 28 67 7d 14 e3 bf 0a 90 74
00000040: c9 95 6a 40 d5 4e a6 77 cf 58 2e b8 ae 52 f4 25 00000040: c9 95 6a 40 d5 4e a6 77 cf 58 2e b8 ae 52 f4 25
00000050: f7 82 bc d9 f0 74 4e 38 51 90 07 70 27 f8 01 27 00000050: f7 82 bc d9 f0 74 4e 38 51 90 07 70 27 f8 01 27
00000060: 17 da f4 ba bc 1e 02 0b 73 ec cc 7b f8 b3 68 64 00000060: 17 da f4 ba bc 1e 02 0b 73 ec cc 7b f8 b3 68 64
00000070: f3 48 65 33 3b ab ac 19 11 d3 f7 78 b4 f8 d1 3f 00000070: f3 48 65 33 3b ab ac 19 11 d3 f7 78 b4 f8 d1 3f
00000080: 6d 46 93 37 a6 58 48 3a 7d d0 8a 9c 84 ab de eb 00000080: 6d 46 93 37 a6 58 48 3a 7d d0 8a 9c 84 ab de eb
skipping to change at line 6774 skipping to change at line 7049
00000190: 5f ba dc a7 f5 54 b8 4f 4f bb 1e a2 16 4b 4f 2d 00000190: 5f ba dc a7 f5 54 b8 4f 4f bb 1e a2 16 4b 4f 2d
000001A0: d4 08 4e 45 c2 c0 60 3b 73 df 6b 35 3a fe 38 2e 000001A0: d4 08 4e 45 c2 c0 60 3b 73 df 6b 35 3a fe 38 2e
000001B0: 25 75 fc be 89 4c d2 7a 9c 1f b4 41 a6 31 d3 3d 000001B0: 25 75 fc be 89 4c d2 7a 9c 1f b4 41 a6 31 d3 3d
000001C0: 39 a6 d1 c4 47 94 44 30 3a 2b 23 22 ba c0 a9 df 000001C0: 39 a6 d1 c4 47 94 44 30 3a 2b 23 22 ba c0 a9 df
000001D0: dc 1c 90 8d d1 e8 13 f9 08 68 5a 94 98 c7 3f 47 000001D0: dc 1c 90 8d d1 e8 13 f9 08 68 5a 94 98 c7 3f 47
000001E0: 77 79 b5 bb fb 22 56 4b 38 55 48 e8 14 d4 01 eb 000001E0: 77 79 b5 bb fb 22 56 4b 38 55 48 e8 14 d4 01 eb
000001F0: 63 e9 17 da 24 69 9a 6d dc 1e 25 06 ef 77 10 46 000001F0: 63 e9 17 da 24 69 9a 6d dc 1e 25 06 ef 77 10 46
00000200: ad 99 ad 9c 54 4f d4 68 64 ea 05 1d ef 29 ea 0e 00000200: ad 99 ad 9c 54 4f d4 68 64 ea 05 1d ef 29 ea 0e
00000210: 3c 1c 7e 27 cf 59 76 42 5b 02 04 b8 96 08 17 ed 00000210: 3c 1c 7e 27 cf 59 76 42 5b 02 04 b8 96 08 17 ed
00000220: ef 01 4d a0 00000220: ef 01 4d a0
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.77" derivedCounter="(145)">
Sends message fragment (2) <t indent="0" pn="section-appendix.a.2.1-13.77.1">
, peer receives message fragment (2) Sends message fragment (2), peer receives message fragment (2)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
10.111.10.171:54295<-10.111.15.45:4500 [548] ix.a.2.1-13.77.2">
10.111.10.171:54295&lt;-10.111.15.45:4500 [548]
00000000: 00 00 00 00 92 80 e0 82 2e 75 87 78 db 57 8d 97 00000000: 00 00 00 00 92 80 e0 82 2e 75 87 78 db 57 8d 97
00000010: de 11 9d 1e 35 20 23 20 00 00 00 01 00 00 02 20 00000010: de 11 9d 1e 35 20 23 20 00 00 00 01 00 00 02 20
00000020: 00 00 02 04 00 02 00 04 00 00 00 00 00 00 00 01 00000020: 00 00 02 04 00 02 00 04 00 00 00 00 00 00 00 01
00000030: b1 c8 8d ae d9 6f 91 7e 5a 6a 2d 8c e0 d6 28 3e 00000030: b1 c8 8d ae d9 6f 91 7e 5a 6a 2d 8c e0 d6 28 3e
00000040: 10 59 46 12 a1 1e fa 53 c3 58 ec 4e a9 a5 92 0c 00000040: 10 59 46 12 a1 1e fa 53 c3 58 ec 4e a9 a5 92 0c
00000050: fa 5e cf a3 33 4a 8b b7 56 66 54 d9 9c 64 2e b6 00000050: fa 5e cf a3 33 4a 8b b7 56 66 54 d9 9c 64 2e b6
00000060: 4d 03 3f 77 a8 17 88 f6 23 e0 2e 56 a6 a2 4c 4d 00000060: 4d 03 3f 77 a8 17 88 f6 23 e0 2e 56 a6 a2 4c 4d
00000070: 6e e3 09 8a 2e 31 a1 85 1c cf ce 95 e7 73 93 8e 00000070: 6e e3 09 8a 2e 31 a1 85 1c cf ce 95 e7 73 93 8e
00000080: 9c 5a 7b 3b 49 75 96 69 d4 b0 46 f7 74 b0 0d 5d 00000080: 9c 5a 7b 3b 49 75 96 69 d4 b0 46 f7 74 b0 0d 5d
skipping to change at line 6819 skipping to change at line 7093
00000190: e8 78 47 af 54 c8 67 8f dd 32 59 8d 87 ac 42 0e 00000190: e8 78 47 af 54 c8 67 8f dd 32 59 8d 87 ac 42 0e
000001A0: 21 15 c4 f7 66 dc 02 cf 55 c2 e3 4d 8e 91 7a fd 000001A0: 21 15 c4 f7 66 dc 02 cf 55 c2 e3 4d 8e 91 7a fd
000001B0: d7 4d 20 b0 6f 67 78 58 08 9c ba 05 8b b0 9c 16 000001B0: d7 4d 20 b0 6f 67 78 58 08 9c ba 05 8b b0 9c 16
000001C0: 20 51 75 12 96 e2 d5 28 ac 3e 50 26 04 6f 59 02 000001C0: 20 51 75 12 96 e2 d5 28 ac 3e 50 26 04 6f 59 02
000001D0: 28 e0 ec 2c da 70 4a 9c 15 5a 2e 52 01 e6 4e 1e 000001D0: 28 e0 ec 2c da 70 4a 9c 15 5a 2e 52 01 e6 4e 1e
000001E0: 10 6d 8d 5d 2a 81 69 0e 54 d0 5e 13 82 82 84 9a 000001E0: 10 6d 8d 5d 2a 81 69 0e 54 d0 5e 13 82 82 84 9a
000001F0: ac a6 0e 69 4e 17 5c c1 8a 71 f8 b4 80 3b 7a e5 000001F0: ac a6 0e 69 4e 17 5c c1 8a 71 f8 b4 80 3b 7a e5
00000200: b8 1f 09 4a 02 14 24 07 af 6a 14 d9 52 8e da d3 00000200: b8 1f 09 4a 02 14 24 07 af 6a 14 d9 52 8e da d3
00000210: 58 23 68 71 27 b2 9a 03 09 f7 80 51 89 bd 07 12 00000210: 58 23 68 71 27 b2 9a 03 09 f7 80 51 89 bd 07 12
00000220: fc 3f 15 8d 00000220: fc 3f 15 8d
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.78" derivedCounter="(146)">
Sends message fragment (3) <t indent="0" pn="section-appendix.a.2.1-13.78.1">
, peer receives message fragment (3) Sends message fragment (3), peer receives message fragment (3)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
10.111.10.171:54295<-10.111.15.45:4500 [548] ix.a.2.1-13.78.2">
10.111.10.171:54295&lt;-10.111.15.45:4500 [548]
00000000: 00 00 00 00 92 80 e0 82 2e 75 87 78 db 57 8d 97 00000000: 00 00 00 00 92 80 e0 82 2e 75 87 78 db 57 8d 97
00000010: de 11 9d 1e 35 20 23 20 00 00 00 01 00 00 02 20 00000010: de 11 9d 1e 35 20 23 20 00 00 00 01 00 00 02 20
00000020: 00 00 02 04 00 03 00 04 00 00 00 00 00 00 00 02 00000020: 00 00 02 04 00 03 00 04 00 00 00 00 00 00 00 02
00000030: 08 e0 86 04 1f 8a c9 b5 68 cd 96 10 ab 59 99 3a 00000030: 08 e0 86 04 1f 8a c9 b5 68 cd 96 10 ab 59 99 3a
00000040: 54 7b a9 fa d7 60 46 ec c3 bf bd 8f fa 03 ed 41 00000040: 54 7b a9 fa d7 60 46 ec c3 bf bd 8f fa 03 ed 41
00000050: 49 13 ca 8c 9c b8 0c df 81 25 e2 30 ca cb 65 b9 00000050: 49 13 ca 8c 9c b8 0c df 81 25 e2 30 ca cb 65 b9
00000060: 16 55 8e 67 f4 b3 7c b8 91 66 76 7c a4 15 98 a3 00000060: 16 55 8e 67 f4 b3 7c b8 91 66 76 7c a4 15 98 a3
00000070: 3a c9 48 64 e4 ce 9f 64 67 5d bb 7c 03 23 9e c9 00000070: 3a c9 48 64 e4 ce 9f 64 67 5d bb 7c 03 23 9e c9
00000080: 81 3f da 48 ee a6 2a d8 fb ac 77 ce ed c2 a4 d9 00000080: 81 3f da 48 ee a6 2a d8 fb ac 77 ce ed c2 a4 d9
skipping to change at line 6864 skipping to change at line 7137
00000190: c3 c5 53 2e da 14 fd 96 28 4a b7 81 3a b3 d5 44 00000190: c3 c5 53 2e da 14 fd 96 28 4a b7 81 3a b3 d5 44
000001A0: 26 e2 84 21 f2 5c 0a ed bf c4 34 1c a4 91 5e f3 000001A0: 26 e2 84 21 f2 5c 0a ed bf c4 34 1c a4 91 5e f3
000001B0: 47 ef 0e 9e fb ee 34 95 5d 21 72 43 c9 63 af b4 000001B0: 47 ef 0e 9e fb ee 34 95 5d 21 72 43 c9 63 af b4
000001C0: f2 98 4a 36 57 77 fc e7 57 52 b2 4d bf 34 2a 98 000001C0: f2 98 4a 36 57 77 fc e7 57 52 b2 4d bf 34 2a 98
000001D0: ea 70 cd d7 a9 da 4c 0d 19 05 d4 1e dd 36 c7 c4 000001D0: ea 70 cd d7 a9 da 4c 0d 19 05 d4 1e dd 36 c7 c4
000001E0: 31 54 18 2a ef 0e 30 44 97 31 15 57 cd d4 88 52 000001E0: 31 54 18 2a ef 0e 30 44 97 31 15 57 cd d4 88 52
000001F0: 4e 42 c8 20 89 8d 35 7b 8e 03 96 b4 74 fb ec 3b 000001F0: 4e 42 c8 20 89 8d 35 7b 8e 03 96 b4 74 fb ec 3b
00000200: 14 c2 64 49 92 f2 1f 3d ff 84 2d 92 4c b9 01 04 00000200: 14 c2 64 49 92 f2 1f 3d ff 84 2d 92 4c b9 01 04
00000210: 3d 0a 2a 28 33 de 43 44 6b cf 79 0e 7d 7c 57 8f 00000210: 3d 0a 2a 28 33 de 43 44 6b cf 79 0e 7d 7c 57 8f
00000220: 91 d0 c9 eb 00000220: 91 d0 c9 eb
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-13.79" derivedCounter="(147)">
Sends message fragment (4) <t indent="0" pn="section-appendix.a.2.1-13.79.1">
, peer receives message fragment (4) Sends message fragment (4), peer receives message fragment (4)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
10.111.10.171:54295<-10.111.15.45:4500 [98] ix.a.2.1-13.79.2">
10.111.10.171:54295&lt;-10.111.15.45:4500 [98]
00000000: 00 00 00 00 92 80 e0 82 2e 75 87 78 db 57 8d 97 00000000: 00 00 00 00 92 80 e0 82 2e 75 87 78 db 57 8d 97
00000010: de 11 9d 1e 35 20 23 20 00 00 00 01 00 00 00 5e 00000010: de 11 9d 1e 35 20 23 20 00 00 00 01 00 00 00 5e
00000020: 00 00 00 42 00 04 00 04 00 00 00 00 00 00 00 03 00000020: 00 00 00 42 00 04 00 04 00 00 00 00 00 00 00 03
00000030: 81 fa 5d 7a 67 13 b7 93 f4 2c 01 b8 d1 02 8c ab 00000030: 81 fa 5d 7a 67 13 b7 93 f4 2c 01 b8 d1 02 8c ab
00000040: 8e 80 47 25 6e c5 69 e3 0c 84 cd 35 9a 0f 7a cc 00000040: 8e 80 47 25 6e c5 69 e3 0c 84 cd 35 9a 0f 7a cc
00000050: 0a 92 7a 74 77 dc ba 60 ac 4a 6c 27 70 e0 8a 82 00000050: 0a 92 7a 74 77 dc ba 60 ac 4a 6c 27 70 e0 8a 82
00000060: bd 4b 00000060: bd 4b
]]>
</sourcecode> </sourcecode>
</li> </li>
</ol> </ol>
<t>Initiator's actions:</t> <t indent="0" pn="section-appendix.a.2.1-14">Initiator's actions:</t>
<ol type="(%d)" group="data5.txt"> <ol type="(%d)" group="data5.txt" start="148" indent="adaptive" spacin
<li> g="normal" pn="section-appendix.a.2.1-15">
<li pn="section-appendix.a.2.1-15.1" derivedCounter="(148)">
<t indent="0" pn="section-appendix.a.2.1-15.1.1">
Extracts IV from message (fragment 1) Extracts IV from message (fragment 1)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-15.1.2">
00000000: 00 00 00 00 00 00 00 00 00000000: 00 00 00 00 00 00 00 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-15.2" derivedCounter="(149)">
<t indent="0" pn="section-appendix.a.2.1-15.2.1">
Computes K1r (i1 = 0) Computes K1r (i1 = 0)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-15.2.2">
00000000: 35 e4 d1 65 2e ec 24 89 e4 c9 58 b1 b9 05 1b 83 00000000: 35 e4 d1 65 2e ec 24 89 e4 c9 58 b1 b9 05 1b 83
00000010: 62 5e 65 d7 61 73 d9 1c cf 84 60 64 b9 f2 e7 51 00000010: 62 5e 65 d7 61 73 d9 1c cf 84 60 64 b9 f2 e7 51
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-15.3" derivedCounter="(150)">
<t indent="0" pn="section-appendix.a.2.1-15.3.1">
Computes K2r (i2 = 0) Computes K2r (i2 = 0)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-15.3.2">
00000000: 86 8c 89 42 41 d7 30 da 1a 4a 67 69 3a 32 4d 38 00000000: 86 8c 89 42 41 d7 30 da 1a 4a 67 69 3a 32 4d 38
00000010: f3 54 02 9f f7 7d b7 bc 5a ee 3b 60 2b 3f 05 56 00000010: f3 54 02 9f f7 7d b7 bc 5a ee 3b 60 2b 3f 05 56
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-15.4" derivedCounter="(151)">
<t indent="0" pn="section-appendix.a.2.1-15.4.1">
Computes K3r (i3 = 0) Computes K3r (i3 = 0)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-15.4.2">
00000000: 31 95 e8 c6 67 af 42 d8 ce f1 e8 99 c6 8b 2a c2 00000000: 31 95 e8 c6 67 af 42 d8 ce f1 e8 99 c6 8b 2a c2
00000010: 29 aa 3d c0 ff 18 5f 3d 79 4a 14 6b 9f ac d0 bb 00000010: 29 aa 3d c0 ff 18 5f 3d 79 4a 14 6b 9f ac d0 bb
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-15.5" derivedCounter="(152)">
<t indent="0" pn="section-appendix.a.2.1-15.5.1">
Composes MGM nonce (fragment 1) Composes MGM nonce (fragment 1)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-15.5.2">
00000000: 00 00 00 00 a5 bb 18 2f 00000000: 00 00 00 00 a5 bb 18 2f
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-15.6" derivedCounter="(153)">
<t indent="0" pn="section-appendix.a.2.1-15.6.1">
Extracts ICV from message (fragment 1) Extracts ICV from message (fragment 1)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-15.6.2">
00000000: 96 08 17 ed ef 01 4d a0 00000000: 96 08 17 ed ef 01 4d a0
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-15.7" derivedCounter="(154)">
<t indent="0" pn="section-appendix.a.2.1-15.7.1">
Extracts AAD from message (fragment 1) Extracts AAD from message (fragment 1)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-15.7.2">
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e 00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 35 20 23 20 00 00 00 01 00 00 02 20 24 00 02 04 00000010: 35 20 23 20 00 00 00 01 00 00 02 20 24 00 02 04
00000020: 00 01 00 04 00000020: 00 01 00 04
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-15.8" derivedCounter="(155)">
<t indent="0" pn="section-appendix.a.2.1-15.8.1">
Extracts ciphertext from message (fragment 1) Extracts ciphertext from message (fragment 1)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-15.8.2">
00000000: 73 f2 45 3e fb 6a 26 28 67 7d 14 e3 bf 0a 90 74 00000000: 73 f2 45 3e fb 6a 26 28 67 7d 14 e3 bf 0a 90 74
00000010: c9 95 6a 40 d5 4e a6 77 cf 58 2e b8 ae 52 f4 25 00000010: c9 95 6a 40 d5 4e a6 77 cf 58 2e b8 ae 52 f4 25
00000020: f7 82 bc d9 f0 74 4e 38 51 90 07 70 27 f8 01 27 00000020: f7 82 bc d9 f0 74 4e 38 51 90 07 70 27 f8 01 27
00000030: 17 da f4 ba bc 1e 02 0b 73 ec cc 7b f8 b3 68 64 00000030: 17 da f4 ba bc 1e 02 0b 73 ec cc 7b f8 b3 68 64
00000040: f3 48 65 33 3b ab ac 19 11 d3 f7 78 b4 f8 d1 3f 00000040: f3 48 65 33 3b ab ac 19 11 d3 f7 78 b4 f8 d1 3f
00000050: 6d 46 93 37 a6 58 48 3a 7d d0 8a 9c 84 ab de eb 00000050: 6d 46 93 37 a6 58 48 3a 7d d0 8a 9c 84 ab de eb
00000060: 0d d4 8d ab 75 20 18 27 42 fe 24 ee ba c4 a4 6e 00000060: 0d d4 8d ab 75 20 18 27 42 fe 24 ee ba c4 a4 6e
00000070: db 80 68 3c 84 7e d6 36 50 d4 1b 1c bc c5 9f 18 00000070: db 80 68 3c 84 7e d6 36 50 d4 1b 1c bc c5 9f 18
00000080: 41 af 48 52 c1 7e a2 f0 e4 bc 0a 3c 64 34 81 ca 00000080: 41 af 48 52 c1 7e a2 f0 e4 bc 0a 3c 64 34 81 ca
00000090: df 96 ba 51 91 f1 06 13 b2 04 23 c8 70 3a ea 64 00000090: df 96 ba 51 91 f1 06 13 b2 04 23 c8 70 3a ea 64
skipping to change at line 6983 skipping to change at line 7255
00000150: 84 bd 45 e0 8e d9 27 a3 07 f2 63 79 b0 a8 62 9f 00000150: 84 bd 45 e0 8e d9 27 a3 07 f2 63 79 b0 a8 62 9f
00000160: 5f ba dc a7 f5 54 b8 4f 4f bb 1e a2 16 4b 4f 2d 00000160: 5f ba dc a7 f5 54 b8 4f 4f bb 1e a2 16 4b 4f 2d
00000170: d4 08 4e 45 c2 c0 60 3b 73 df 6b 35 3a fe 38 2e 00000170: d4 08 4e 45 c2 c0 60 3b 73 df 6b 35 3a fe 38 2e
00000180: 25 75 fc be 89 4c d2 7a 9c 1f b4 41 a6 31 d3 3d 00000180: 25 75 fc be 89 4c d2 7a 9c 1f b4 41 a6 31 d3 3d
00000190: 39 a6 d1 c4 47 94 44 30 3a 2b 23 22 ba c0 a9 df 00000190: 39 a6 d1 c4 47 94 44 30 3a 2b 23 22 ba c0 a9 df
000001A0: dc 1c 90 8d d1 e8 13 f9 08 68 5a 94 98 c7 3f 47 000001A0: dc 1c 90 8d d1 e8 13 f9 08 68 5a 94 98 c7 3f 47
000001B0: 77 79 b5 bb fb 22 56 4b 38 55 48 e8 14 d4 01 eb 000001B0: 77 79 b5 bb fb 22 56 4b 38 55 48 e8 14 d4 01 eb
000001C0: 63 e9 17 da 24 69 9a 6d dc 1e 25 06 ef 77 10 46 000001C0: 63 e9 17 da 24 69 9a 6d dc 1e 25 06 ef 77 10 46
000001D0: ad 99 ad 9c 54 4f d4 68 64 ea 05 1d ef 29 ea 0e 000001D0: ad 99 ad 9c 54 4f d4 68 64 ea 05 1d ef 29 ea 0e
000001E0: 3c 1c 7e 27 cf 59 76 42 5b 02 04 b8 000001E0: 3c 1c 7e 27 cf 59 76 42 5b 02 04 b8
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-15.9" derivedCounter="(156)">
Decrypts ciphertext and verifies ICV using K3r as K_msg, resulted in plaintext ( <t indent="0" pn="section-appendix.a.2.1-15.9.1">
fragment 1) Decrypts ciphertext and verifies ICV using K3r as K_msg, resulting in plaintext
<sourcecode type="test-vectors"> (fragment 1)
<![CDATA[ </t>
<sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-15.9.2">
00000000: 25 00 00 4e 09 00 00 00 30 44 31 20 30 1e 06 03 00000000: 25 00 00 4e 09 00 00 00 30 44 31 20 30 1e 06 03
00000010: 55 04 03 13 17 49 4b 45 20 49 6e 74 65 72 6f 70 00000010: 55 04 03 13 17 49 4b 45 20 49 6e 74 65 72 6f 70
00000020: 20 54 65 73 74 20 53 65 72 76 65 72 31 13 30 11 00000020: 20 54 65 73 74 20 53 65 72 76 65 72 31 13 30 11
00000030: 06 03 55 04 0a 13 0a 45 4c 56 49 53 2d 50 4c 55 00000030: 06 03 55 04 0a 13 0a 45 4c 56 49 53 2d 50 4c 55
00000040: 53 31 0b 30 09 06 03 55 04 06 13 02 52 55 27 00 00000040: 53 31 0b 30 09 06 03 55 04 06 13 02 52 55 27 00
00000050: 04 bb 04 30 82 04 b2 30 82 04 5f a0 03 02 01 02 00000050: 04 bb 04 30 82 04 b2 30 82 04 5f a0 03 02 01 02
00000060: 02 13 7c 00 03 d9 02 ec f9 34 3e c8 aa d6 59 00 00000060: 02 13 7c 00 03 d9 02 ec f9 34 3e c8 aa d6 59 00
00000070: 01 00 03 d9 02 30 0a 06 08 2a 85 03 07 01 01 03 00000070: 01 00 03 d9 02 30 0a 06 08 2a 85 03 07 01 01 03
00000080: 02 30 82 01 0a 31 18 30 16 06 05 2a 85 03 64 01 00000080: 02 30 82 01 0a 31 18 30 16 06 05 2a 85 03 64 01
00000090: 12 0d 31 32 33 34 35 36 37 38 39 30 31 32 33 31 00000090: 12 0d 31 32 33 34 35 36 37 38 39 30 31 32 33 31
skipping to change at line 7021 skipping to change at line 7293
00000150: 9e 22 31 3b 30 39 06 03 55 04 03 0c 32 d0 a2 d0 00000150: 9e 22 31 3b 30 39 06 03 55 04 03 0c 32 d0 a2 d0
00000160: b5 d1 81 d1 82 d0 be d0 b2 d1 8b d0 b9 20 d0 a3 00000160: b5 d1 81 d1 82 d0 be d0 b2 d1 8b d0 b9 20 d0 a3
00000170: d0 a6 20 d0 9e d0 9e d0 9e 20 22 d0 9a d0 a0 d0 00000170: d0 a6 20 d0 9e d0 9e d0 9e 20 22 d0 9a d0 a0 d0
00000180: 98 d0 9f d0 a2 d0 9e 2d d0 9f d0 a0 d0 9e 22 30 00000180: 98 d0 9f d0 a2 d0 9e 2d d0 9f d0 a0 d0 9e 22 30
00000190: 1e 17 0d 32 31 30 39 33 30 31 33 32 34 30 36 5a 00000190: 1e 17 0d 32 31 30 39 33 30 31 33 32 34 30 36 5a
000001A0: 17 0d 32 31 31 32 33 30 31 33 33 34 30 36 5a 30 000001A0: 17 0d 32 31 31 32 33 30 31 33 33 34 30 36 5a 30
000001B0: 44 31 20 30 1e 06 03 55 04 03 13 17 49 4b 45 20 000001B0: 44 31 20 30 1e 06 03 55 04 03 13 17 49 4b 45 20
000001C0: 49 6e 74 65 72 6f 70 20 54 65 73 74 20 53 65 72 000001C0: 49 6e 74 65 72 6f 70 20 54 65 73 74 20 53 65 72
000001D0: 76 65 72 31 13 30 11 06 03 55 04 0a 13 0a 45 4c 000001D0: 76 65 72 31 13 30 11 06 03 55 04 0a 13 0a 45 4c
000001E0: 56 49 53 2d 50 4c 55 53 31 0b 30 00 000001E0: 56 49 53 2d 50 4c 55 53 31 0b 30 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-15.10" derivedCounter="(157)">
<t indent="0" pn="section-appendix.a.2.1-15.10.1">
Extracts IV from message (fragment 2) Extracts IV from message (fragment 2)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-15.10.2">
00000000: 00 00 00 00 00 00 00 01 00000000: 00 00 00 00 00 00 00 01
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-15.11" derivedCounter="(158)">
<t indent="0" pn="section-appendix.a.2.1-15.11.1">
Uses previously computed key K3r Uses previously computed key K3r
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-15.11.2">
00000000: 31 95 e8 c6 67 af 42 d8 ce f1 e8 99 c6 8b 2a c2 00000000: 31 95 e8 c6 67 af 42 d8 ce f1 e8 99 c6 8b 2a c2
00000010: 29 aa 3d c0 ff 18 5f 3d 79 4a 14 6b 9f ac d0 bb 00000010: 29 aa 3d c0 ff 18 5f 3d 79 4a 14 6b 9f ac d0 bb
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-15.12" derivedCounter="(159)">
<t indent="0" pn="section-appendix.a.2.1-15.12.1">
Composes MGM nonce (fragment 2) Composes MGM nonce (fragment 2)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-15.12.2">
00000000: 00 00 00 01 a5 bb 18 2f 00000000: 00 00 00 01 a5 bb 18 2f
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-15.13" derivedCounter="(160)">
<t indent="0" pn="section-appendix.a.2.1-15.13.1">
Extracts ICV from message (fragment 2) Extracts ICV from message (fragment 2)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-15.13.2">
00000000: 89 bd 07 12 fc 3f 15 8d 00000000: 89 bd 07 12 fc 3f 15 8d
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-15.14" derivedCounter="(161)">
<t indent="0" pn="section-appendix.a.2.1-15.14.1">
Extracts AAD from message (fragment 2) Extracts AAD from message (fragment 2)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-15.14.2">
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e 00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 35 20 23 20 00 00 00 01 00 00 02 20 00 00 02 04 00000010: 35 20 23 20 00 00 00 01 00 00 02 20 00 00 02 04
00000020: 00 02 00 04 00000020: 00 02 00 04
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-15.15" derivedCounter="(162)">
<t indent="0" pn="section-appendix.a.2.1-15.15.1">
Extracts ciphertext from message (fragment 2) Extracts ciphertext from message (fragment 2)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-15.15.2">
00000000: b1 c8 8d ae d9 6f 91 7e 5a 6a 2d 8c e0 d6 28 3e 00000000: b1 c8 8d ae d9 6f 91 7e 5a 6a 2d 8c e0 d6 28 3e
00000010: 10 59 46 12 a1 1e fa 53 c3 58 ec 4e a9 a5 92 0c 00000010: 10 59 46 12 a1 1e fa 53 c3 58 ec 4e a9 a5 92 0c
00000020: fa 5e cf a3 33 4a 8b b7 56 66 54 d9 9c 64 2e b6 00000020: fa 5e cf a3 33 4a 8b b7 56 66 54 d9 9c 64 2e b6
00000030: 4d 03 3f 77 a8 17 88 f6 23 e0 2e 56 a6 a2 4c 4d 00000030: 4d 03 3f 77 a8 17 88 f6 23 e0 2e 56 a6 a2 4c 4d
00000040: 6e e3 09 8a 2e 31 a1 85 1c cf ce 95 e7 73 93 8e 00000040: 6e e3 09 8a 2e 31 a1 85 1c cf ce 95 e7 73 93 8e
00000050: 9c 5a 7b 3b 49 75 96 69 d4 b0 46 f7 74 b0 0d 5d 00000050: 9c 5a 7b 3b 49 75 96 69 d4 b0 46 f7 74 b0 0d 5d
00000060: 91 3b 6d 2b a4 46 cc 5c d9 a8 38 c0 6b ad 73 35 00000060: 91 3b 6d 2b a4 46 cc 5c d9 a8 38 c0 6b ad 73 35
00000070: 09 aa c7 4c 91 8a 84 1c dd 3f e1 44 f7 c5 9c 61 00000070: 09 aa c7 4c 91 8a 84 1c dd 3f e1 44 f7 c5 9c 61
00000080: 0e b7 03 6b 84 cc 8e 93 5b d5 f6 7e 71 3a f4 2c 00000080: 0e b7 03 6b 84 cc 8e 93 5b d5 f6 7e 71 3a f4 2c
00000090: 98 14 ad 47 e3 c3 70 dc e3 3e c0 a5 e0 e4 6d 01 00000090: 98 14 ad 47 e3 c3 70 dc e3 3e c0 a5 e0 e4 6d 01
skipping to change at line 7102 skipping to change at line 7374
00000150: 6c 92 0d 3b 4c ab 6e d7 23 05 ea 73 07 62 e8 c0 00000150: 6c 92 0d 3b 4c ab 6e d7 23 05 ea 73 07 62 e8 c0
00000160: e8 78 47 af 54 c8 67 8f dd 32 59 8d 87 ac 42 0e 00000160: e8 78 47 af 54 c8 67 8f dd 32 59 8d 87 ac 42 0e
00000170: 21 15 c4 f7 66 dc 02 cf 55 c2 e3 4d 8e 91 7a fd 00000170: 21 15 c4 f7 66 dc 02 cf 55 c2 e3 4d 8e 91 7a fd
00000180: d7 4d 20 b0 6f 67 78 58 08 9c ba 05 8b b0 9c 16 00000180: d7 4d 20 b0 6f 67 78 58 08 9c ba 05 8b b0 9c 16
00000190: 20 51 75 12 96 e2 d5 28 ac 3e 50 26 04 6f 59 02 00000190: 20 51 75 12 96 e2 d5 28 ac 3e 50 26 04 6f 59 02
000001A0: 28 e0 ec 2c da 70 4a 9c 15 5a 2e 52 01 e6 4e 1e 000001A0: 28 e0 ec 2c da 70 4a 9c 15 5a 2e 52 01 e6 4e 1e
000001B0: 10 6d 8d 5d 2a 81 69 0e 54 d0 5e 13 82 82 84 9a 000001B0: 10 6d 8d 5d 2a 81 69 0e 54 d0 5e 13 82 82 84 9a
000001C0: ac a6 0e 69 4e 17 5c c1 8a 71 f8 b4 80 3b 7a e5 000001C0: ac a6 0e 69 4e 17 5c c1 8a 71 f8 b4 80 3b 7a e5
000001D0: b8 1f 09 4a 02 14 24 07 af 6a 14 d9 52 8e da d3 000001D0: b8 1f 09 4a 02 14 24 07 af 6a 14 d9 52 8e da d3
000001E0: 58 23 68 71 27 b2 9a 03 09 f7 80 51 000001E0: 58 23 68 71 27 b2 9a 03 09 f7 80 51
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-15.16" derivedCounter="(163)">
Decrypts ciphertext and verifies ICV using K3r as K_msg, resulted in plaintext ( <t indent="0" pn="section-appendix.a.2.1-15.16.1">
fragment 2) Decrypts ciphertext and verifies ICV using K3r as K_msg, resulting in plaintext
<sourcecode type="test-vectors"> (fragment 2)
<![CDATA[ </t>
<sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-15.16.2">
00000000: 09 06 03 55 04 06 13 02 52 55 30 66 30 1f 06 08 00000000: 09 06 03 55 04 06 13 02 52 55 30 66 30 1f 06 08
00000010: 2a 85 03 07 01 01 01 01 30 13 06 07 2a 85 03 02 00000010: 2a 85 03 07 01 01 01 01 30 13 06 07 2a 85 03 02
00000020: 02 24 00 06 08 2a 85 03 07 01 01 02 02 03 43 00 00000020: 02 24 00 06 08 2a 85 03 07 01 01 02 02 03 43 00
00000030: 04 40 5b b3 14 3e f4 70 c1 70 d7 f3 27 25 d8 53 00000030: 04 40 5b b3 14 3e f4 70 c1 70 d7 f3 27 25 d8 53
00000040: 7c e6 de 6d 8c 29 f6 b2 32 64 56 dc b1 77 f2 3d 00000040: 7c e6 de 6d 8c 29 f6 b2 32 64 56 dc b1 77 f2 3d
00000050: fa f4 2a 5c f3 74 86 7f 04 72 51 c1 cf b3 43 36 00000050: fa f4 2a 5c f3 74 86 7f 04 72 51 c1 cf b3 43 36
00000060: f5 95 a2 af 05 47 57 1a 55 c0 78 a4 9d 64 26 b8 00000060: f5 95 a2 af 05 47 57 1a 55 c0 78 a4 9d 64 26 b8
00000070: 61 14 a3 82 02 59 30 82 02 55 30 0e 06 03 55 1d 00000070: 61 14 a3 82 02 59 30 82 02 55 30 0e 06 03 55 1d
00000080: 0f 01 01 ff 04 04 03 02 05 a0 30 13 06 03 55 1d 00000080: 0f 01 01 ff 04 04 03 02 05 a0 30 13 06 03 55 1d
00000090: 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 11 30 00000090: 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 11 30
skipping to change at line 7140 skipping to change at line 7412
00000150: 25 32 30 21 30 34 32 33 21 30 34 32 36 25 32 30 00000150: 25 32 30 21 30 34 32 33 21 30 34 32 36 25 32 30
00000160: 21 30 34 31 65 21 30 34 31 65 21 30 34 31 65 25 00000160: 21 30 34 31 65 21 30 34 31 65 21 30 34 31 65 25
00000170: 32 30 21 30 30 32 32 21 30 34 31 61 21 30 34 32 00000170: 32 30 21 30 30 32 32 21 30 34 31 61 21 30 34 32
00000180: 30 21 30 34 31 38 21 30 34 31 66 21 30 34 32 32 00000180: 30 21 30 34 31 38 21 30 34 31 66 21 30 34 32 32
00000190: 21 30 34 31 65 2d 21 30 34 31 66 21 30 34 32 30 00000190: 21 30 34 31 65 2d 21 30 34 31 66 21 30 34 32 30
000001A0: 21 30 34 31 65 21 30 30 32 32 28 31 29 2e 63 72 000001A0: 21 30 34 31 65 21 30 30 32 32 28 31 29 2e 63 72
000001B0: 6c 86 3f 68 74 74 70 3a 2f 2f 74 65 73 74 67 6f 000001B0: 6c 86 3f 68 74 74 70 3a 2f 2f 74 65 73 74 67 6f
000001C0: 73 74 32 30 31 32 2e 63 72 79 70 74 6f 70 72 6f 000001C0: 73 74 32 30 31 32 2e 63 72 79 70 74 6f 70 72 6f
000001D0: 2e 72 75 2f 43 65 72 74 45 6e 72 6f 6c 6c 2f 74 000001D0: 2e 72 75 2f 43 65 72 74 45 6e 72 6f 6c 6c 2f 74
000001E0: 65 73 74 67 6f 73 74 32 30 31 32 00 000001E0: 65 73 74 67 6f 73 74 32 30 31 32 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-15.17" derivedCounter="(164)">
<t indent="0" pn="section-appendix.a.2.1-15.17.1">
Extracts IV from message (fragment 3) Extracts IV from message (fragment 3)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-15.17.2">
00000000: 00 00 00 00 00 00 00 02 00000000: 00 00 00 00 00 00 00 02
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-15.18" derivedCounter="(165)">
<t indent="0" pn="section-appendix.a.2.1-15.18.1">
Uses previously computed key K3r Uses previously computed key K3r
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-15.18.2">
00000000: 31 95 e8 c6 67 af 42 d8 ce f1 e8 99 c6 8b 2a c2 00000000: 31 95 e8 c6 67 af 42 d8 ce f1 e8 99 c6 8b 2a c2
00000010: 29 aa 3d c0 ff 18 5f 3d 79 4a 14 6b 9f ac d0 bb 00000010: 29 aa 3d c0 ff 18 5f 3d 79 4a 14 6b 9f ac d0 bb
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-15.19" derivedCounter="(166)">
<t indent="0" pn="section-appendix.a.2.1-15.19.1">
Composes MGM nonce (fragment 3) Composes MGM nonce (fragment 3)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-15.19.2">
00000000: 00 00 00 02 a5 bb 18 2f 00000000: 00 00 00 02 a5 bb 18 2f
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-15.20" derivedCounter="(167)">
<t indent="0" pn="section-appendix.a.2.1-15.20.1">
Extracts ICV from message (fragment 3) Extracts ICV from message (fragment 3)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-15.20.2">
00000000: 7d 7c 57 8f 91 d0 c9 eb 00000000: 7d 7c 57 8f 91 d0 c9 eb
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-15.21" derivedCounter="(168)">
<t indent="0" pn="section-appendix.a.2.1-15.21.1">
Extracts AAD from message (fragment 3) Extracts AAD from message (fragment 3)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-15.21.2">
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e 00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 35 20 23 20 00 00 00 01 00 00 02 20 00 00 02 04 00000010: 35 20 23 20 00 00 00 01 00 00 02 20 00 00 02 04
00000020: 00 03 00 04 00000020: 00 03 00 04
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-15.22" derivedCounter="(169)">
<t indent="0" pn="section-appendix.a.2.1-15.22.1">
Extracts ciphertext from message (fragment 3) Extracts ciphertext from message (fragment 3)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-15.22.2">
00000000: 08 e0 86 04 1f 8a c9 b5 68 cd 96 10 ab 59 99 3a 00000000: 08 e0 86 04 1f 8a c9 b5 68 cd 96 10 ab 59 99 3a
00000010: 54 7b a9 fa d7 60 46 ec c3 bf bd 8f fa 03 ed 41 00000010: 54 7b a9 fa d7 60 46 ec c3 bf bd 8f fa 03 ed 41
00000020: 49 13 ca 8c 9c b8 0c df 81 25 e2 30 ca cb 65 b9 00000020: 49 13 ca 8c 9c b8 0c df 81 25 e2 30 ca cb 65 b9
00000030: 16 55 8e 67 f4 b3 7c b8 91 66 76 7c a4 15 98 a3 00000030: 16 55 8e 67 f4 b3 7c b8 91 66 76 7c a4 15 98 a3
00000040: 3a c9 48 64 e4 ce 9f 64 67 5d bb 7c 03 23 9e c9 00000040: 3a c9 48 64 e4 ce 9f 64 67 5d bb 7c 03 23 9e c9
00000050: 81 3f da 48 ee a6 2a d8 fb ac 77 ce ed c2 a4 d9 00000050: 81 3f da 48 ee a6 2a d8 fb ac 77 ce ed c2 a4 d9
00000060: 24 d3 71 99 fc 71 2b 6c 10 d3 c3 4b b5 37 e2 55 00000060: 24 d3 71 99 fc 71 2b 6c 10 d3 c3 4b b5 37 e2 55
00000070: 5f d5 ee c0 d6 ff 66 15 8c e5 63 26 96 cd 3f 49 00000070: 5f d5 ee c0 d6 ff 66 15 8c e5 63 26 96 cd 3f 49
00000080: 2b da 51 94 55 6e 2e e5 2e d1 b4 91 81 50 85 8a 00000080: 2b da 51 94 55 6e 2e e5 2e d1 b4 91 81 50 85 8a
00000090: 84 bd fe 52 ec ce 1b 6b bd 7d 12 b4 de a5 88 c4 00000090: 84 bd fe 52 ec ce 1b 6b bd 7d 12 b4 de a5 88 c4
skipping to change at line 7221 skipping to change at line 7493
00000150: 2a 88 e2 ce fe 75 ca fa 25 f9 2e 88 8c ed 6f dd 00000150: 2a 88 e2 ce fe 75 ca fa 25 f9 2e 88 8c ed 6f dd
00000160: c3 c5 53 2e da 14 fd 96 28 4a b7 81 3a b3 d5 44 00000160: c3 c5 53 2e da 14 fd 96 28 4a b7 81 3a b3 d5 44
00000170: 26 e2 84 21 f2 5c 0a ed bf c4 34 1c a4 91 5e f3 00000170: 26 e2 84 21 f2 5c 0a ed bf c4 34 1c a4 91 5e f3
00000180: 47 ef 0e 9e fb ee 34 95 5d 21 72 43 c9 63 af b4 00000180: 47 ef 0e 9e fb ee 34 95 5d 21 72 43 c9 63 af b4
00000190: f2 98 4a 36 57 77 fc e7 57 52 b2 4d bf 34 2a 98 00000190: f2 98 4a 36 57 77 fc e7 57 52 b2 4d bf 34 2a 98
000001A0: ea 70 cd d7 a9 da 4c 0d 19 05 d4 1e dd 36 c7 c4 000001A0: ea 70 cd d7 a9 da 4c 0d 19 05 d4 1e dd 36 c7 c4
000001B0: 31 54 18 2a ef 0e 30 44 97 31 15 57 cd d4 88 52 000001B0: 31 54 18 2a ef 0e 30 44 97 31 15 57 cd d4 88 52
000001C0: 4e 42 c8 20 89 8d 35 7b 8e 03 96 b4 74 fb ec 3b 000001C0: 4e 42 c8 20 89 8d 35 7b 8e 03 96 b4 74 fb ec 3b
000001D0: 14 c2 64 49 92 f2 1f 3d ff 84 2d 92 4c b9 01 04 000001D0: 14 c2 64 49 92 f2 1f 3d ff 84 2d 92 4c b9 01 04
000001E0: 3d 0a 2a 28 33 de 43 44 6b cf 79 0e 000001E0: 3d 0a 2a 28 33 de 43 44 6b cf 79 0e
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-15.23" derivedCounter="(170)">
Decrypts ciphertext and verifies ICV using K3r as K_msg, resulted in plaintext ( <t indent="0" pn="section-appendix.a.2.1-15.23.1">
fragment 3) Decrypts ciphertext and verifies ICV using K3r as K_msg, resulting in plaintext
<sourcecode type="test-vectors"> (fragment 3)
<![CDATA[ </t>
<sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-15.23.2">
00000000: 28 31 29 2e 63 72 6c 30 81 da 06 08 2b 06 01 05 00000000: 28 31 29 2e 63 72 6c 30 81 da 06 08 2b 06 01 05
00000010: 05 07 01 01 04 81 cd 30 81 ca 30 44 06 08 2b 06 00000010: 05 07 01 01 04 81 cd 30 81 ca 30 44 06 08 2b 06
00000020: 01 05 05 07 30 02 86 38 68 74 74 70 3a 2f 2f 74 00000020: 01 05 05 07 30 02 86 38 68 74 74 70 3a 2f 2f 74
00000030: 65 73 74 67 6f 73 74 32 30 31 32 2e 63 72 79 70 00000030: 65 73 74 67 6f 73 74 32 30 31 32 2e 63 72 79 70
00000040: 74 6f 70 72 6f 2e 72 75 2f 43 65 72 74 45 6e 72 00000040: 74 6f 70 72 6f 2e 72 75 2f 43 65 72 74 45 6e 72
00000050: 6f 6c 6c 2f 72 6f 6f 74 32 30 31 38 2e 63 72 74 00000050: 6f 6c 6c 2f 72 6f 6f 74 32 30 31 38 2e 63 72 74
00000060: 30 3f 06 08 2b 06 01 05 05 07 30 01 86 33 68 74 00000060: 30 3f 06 08 2b 06 01 05 05 07 30 01 86 33 68 74
00000070: 74 70 3a 2f 2f 74 65 73 74 67 6f 73 74 32 30 31 00000070: 74 70 3a 2f 2f 74 65 73 74 67 6f 73 74 32 30 31
00000080: 32 2e 63 72 79 70 74 6f 70 72 6f 2e 72 75 2f 6f 00000080: 32 2e 63 72 79 70 74 6f 70 72 6f 2e 72 75 2f 6f
00000090: 63 73 70 32 30 31 32 67 2f 6f 63 73 70 2e 73 72 00000090: 63 73 70 32 30 31 32 67 2f 6f 63 73 70 2e 73 72
skipping to change at line 7259 skipping to change at line 7531
00000150: d2 b9 1c 5a 80 d0 00 93 c2 5e 44 16 40 47 f7 8e 00000150: d2 b9 1c 5a 80 d0 00 93 c2 5e 44 16 40 47 f7 8e
00000160: 61 9c da a5 16 94 83 c5 68 5f e8 4d 03 e7 c2 cd 00000160: 61 9c da a5 16 94 83 c5 68 5f e8 4d 03 e7 c2 cd
00000170: 08 07 b8 f3 46 66 6d 05 76 c0 d5 e7 60 1d 59 49 00000170: 08 07 b8 f3 46 66 6d 05 76 c0 d5 e7 60 1d 59 49
00000180: 09 45 52 c4 95 a7 5a d3 29 00 00 08 00 00 40 00 00000180: 09 45 52 c4 95 a7 5a d3 29 00 00 08 00 00 40 00
00000190: 2f 00 00 0c 00 00 40 01 00 00 00 40 21 00 00 10 00000190: 2f 00 00 0c 00 00 40 01 00 00 00 40 21 00 00 10
000001A0: 02 00 00 00 00 01 00 04 0a 01 01 03 2c 00 00 20 000001A0: 02 00 00 00 00 01 00 04 0a 01 01 03 2c 00 00 20
000001B0: 00 00 00 1c 01 03 04 02 34 ff 8a 25 03 00 00 08 000001B0: 00 00 00 1c 01 03 04 02 34 ff 8a 25 03 00 00 08
000001C0: 01 00 00 21 00 00 00 08 05 00 00 00 2d 00 00 18 000001C0: 01 00 00 21 00 00 00 08 05 00 00 00 2d 00 00 18
000001D0: 01 00 00 00 07 00 00 10 00 00 ff ff 0a 01 01 03 000001D0: 01 00 00 00 07 00 00 10 00 00 ff ff 0a 01 01 03
000001E0: 0a 01 01 03 29 00 00 18 01 00 00 00 000001E0: 0a 01 01 03 29 00 00 18 01 00 00 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-15.24" derivedCounter="(171)">
<t indent="0" pn="section-appendix.a.2.1-15.24.1">
Extracts IV from message (fragment 4) Extracts IV from message (fragment 4)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-15.24.2">
00000000: 00 00 00 00 00 00 00 03 00000000: 00 00 00 00 00 00 00 03
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-15.25" derivedCounter="(172)">
<t indent="0" pn="section-appendix.a.2.1-15.25.1">
Uses previously computed key K3r Uses previously computed key K3r
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-15.25.2">
00000000: 31 95 e8 c6 67 af 42 d8 ce f1 e8 99 c6 8b 2a c2 00000000: 31 95 e8 c6 67 af 42 d8 ce f1 e8 99 c6 8b 2a c2
00000010: 29 aa 3d c0 ff 18 5f 3d 79 4a 14 6b 9f ac d0 bb 00000010: 29 aa 3d c0 ff 18 5f 3d 79 4a 14 6b 9f ac d0 bb
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-15.26" derivedCounter="(173)">
<t indent="0" pn="section-appendix.a.2.1-15.26.1">
Composes MGM nonce (fragment 4) Composes MGM nonce (fragment 4)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-15.26.2">
00000000: 00 00 00 03 a5 bb 18 2f 00000000: 00 00 00 03 a5 bb 18 2f
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-15.27" derivedCounter="(174)">
<t indent="0" pn="section-appendix.a.2.1-15.27.1">
Extracts ICV from message (fragment 4) Extracts ICV from message (fragment 4)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-15.27.2">
00000000: 6c 27 70 e0 8a 82 bd 4b 00000000: 6c 27 70 e0 8a 82 bd 4b
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-15.28" derivedCounter="(175)">
<t indent="0" pn="section-appendix.a.2.1-15.28.1">
Extracts AAD from message (fragment 4) Extracts AAD from message (fragment 4)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-15.28.2">
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e 00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 35 20 23 20 00 00 00 01 00 00 00 5e 00 00 00 42 00000010: 35 20 23 20 00 00 00 01 00 00 00 5e 00 00 00 42
00000020: 00 04 00 04 00000020: 00 04 00 04
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-15.29" derivedCounter="(176)">
<t indent="0" pn="section-appendix.a.2.1-15.29.1">
Extracts ciphertext from message (fragment 4) Extracts ciphertext from message (fragment 4)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-15.29.2">
00000000: 81 fa 5d 7a 67 13 b7 93 f4 2c 01 b8 d1 02 8c ab 00000000: 81 fa 5d 7a 67 13 b7 93 f4 2c 01 b8 d1 02 8c ab
00000010: 8e 80 47 25 6e c5 69 e3 0c 84 cd 35 9a 0f 7a cc 00000010: 8e 80 47 25 6e c5 69 e3 0c 84 cd 35 9a 0f 7a cc
00000020: 0a 92 7a 74 77 dc ba 60 ac 4a 00000020: 0a 92 7a 74 77 dc ba 60 ac 4a
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-15.30" derivedCounter="(177)">
Decrypts ciphertext and verifies ICV using K3r as K_msg, resulted in plaintext ( <t indent="0" pn="section-appendix.a.2.1-15.30.1">
fragment 4) Decrypts ciphertext and verifies ICV using K3r as K_msg, resulting in plaintext
<sourcecode type="test-vectors"> (fragment 4)
<![CDATA[ </t>
<sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-15.30.2">
00000000: 00 07 00 00 10 00 00 ff ff 0a 00 00 00 0a 00 00 00000000: 00 07 00 00 10 00 00 ff ff 0a 00 00 00 0a 00 00
00000010: ff 29 00 00 08 00 00 40 02 29 00 00 08 00 00 40 00000010: ff 29 00 00 08 00 00 40 02 29 00 00 08 00 00 40
00000020: 0a 00 00 00 08 00 00 40 0b 00 00000020: 0a 00 00 00 08 00 00 40 0b 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-15.31" derivedCounter="(178)">
<t indent="0" pn="section-appendix.a.2.1-15.31.1">
Reassembles message from received fragments and parses it Reassembles message from received fragments and parses it
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-15.31.2">
IKE SA Auth IKE SA Auth
#9280E0822E758778.DB578D97DE119D1E.00000001 IKEv2 R=>I[1563] #9280E0822E758778.DB578D97DE119D1E.00000001 IKEv2 R=&gt;I[1563]
4*EF[...]->E[1535]{ 4*EF[...]-&gt;E[1535]{
IDr[78](DN){CN=IKE Interop Test Server,O=ELVIS-PLUS,C=RU}, IDr[78](DN){CN=IKE Interop Test Server,O=ELVIS-PLUS,C=RU},
CERT[1211](X.509 Cert){308204...FB346D}, CERT[1211](X.509 Cert){308204...FB346D},
AUTH[85](Sig){id-tc26-signwithdigest-gost3410-12-256[12]: AUTH[85](Sig){id-tc26-signwithdigest-gost3410-12-256[12]:
C840AF...A75AD3}, C840AF...A75AD3},
N[8](INITIAL_CONTACT), N[8](INITIAL_CONTACT),
N[12](SET_WINDOW_SIZE){64}, N[12](SET_WINDOW_SIZE){64},
CP[16](REPLY){IP4.Address[4]=10.1.1.3}, CP[16](REPLY){IP4.Address[4]=10.1.1.3},
SA[32]{ SA[32]{
P[28](#1:ESP:34FF8A25:2#){ P[28](#1:ESP:34FF8A25:2#){
Encryption=ENCR_MAGMA_MGM_KTREE, Encryption=ENCR_MAGMA_MGM_KTREE,
ESN=Off}}, ESN=Off}},
TSi[24](1#){10.1.1.3}, TSi[24](1#){10.1.1.3},
TSr[24](1#){10.0.0.0-10.0.0.255}, TSr[24](1#){10.0.0.0-10.0.0.255},
N[8](ADDITIONAL_TS_POSSIBLE), N[8](ADDITIONAL_TS_POSSIBLE),
N[8](ESP_TFC_PADDING_NOT_SUPPORTED), N[8](ESP_TFC_PADDING_NOT_SUPPORTED),
N[8](NON_FIRST_FRAGMENTS_ALSO)} N[8](NON_FIRST_FRAGMENTS_ALSO)}
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-15.32" derivedCounter="(179)">
<t indent="0" pn="section-appendix.a.2.1-15.32.1">
Computes prf(SK_pr, IDr) Computes prf(SK_pr, IDr)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-15.32.2">
00000000: 7d c8 6a 33 12 02 5c 21 1f ab dc 83 0b 01 a5 27 00000000: 7d c8 6a 33 12 02 5c 21 1f ab dc 83 0b 01 a5 27
00000010: 82 a2 f2 1f 64 c6 e9 5e 0e c0 4c e5 d9 11 8d 8e 00000010: 82 a2 f2 1f 64 c6 e9 5e 0e c0 4c e5 d9 11 8d 8e
00000020: b9 5c ef fa b0 a3 37 75 94 20 7c e4 60 60 ed 9d 00000020: b9 5c ef fa b0 a3 37 75 94 20 7c e4 60 60 ed 9d
00000030: fa 5e cb 7e e7 79 05 ab fb 51 1b 03 a8 2c c5 6a 00000030: fa 5e cb 7e e7 79 05 ab fb 51 1b 03 a8 2c c5 6a
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-15.33" derivedCounter="(180)">
<t indent="0" pn="section-appendix.a.2.1-15.33.1">
Uses responder's public key Uses responder's public key
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-15.33.2">
00000000: 5B B3 14 3E F4 70 C1 70 D7 F3 27 25 D8 53 7C E6 00000000: 5B B3 14 3E F4 70 C1 70 D7 F3 27 25 D8 53 7C E6
00000010: DE 6D 8C 29 F6 B2 32 64 56 DC B1 77 F2 3D FA F4 00000010: DE 6D 8C 29 F6 B2 32 64 56 DC B1 77 F2 3D FA F4
00000020: 2A 5C F3 74 86 7F 04 72 51 C1 CF B3 43 36 F5 95 00000020: 2A 5C F3 74 86 7F 04 72 51 C1 CF B3 43 36 F5 95
00000030: A2 AF 05 47 57 1A 55 C0 78 A4 9D 64 26 B8 61 14 00000030: A2 AF 05 47 57 1A 55 C0 78 A4 9D 64 26 B8 61 14
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-15.34" derivedCounter="(181)">
<t indent="0" pn="section-appendix.a.2.1-15.34.1">
Verifies signature from AUTH payload using algorithm id-tc26-signwithdigest-gost 3410-12-256 Verifies signature from AUTH payload using algorithm id-tc26-signwithdigest-gost 3410-12-256
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-15.34.2">
00000000: c8 40 af f7 46 6f 7b eb d2 b9 1c 5a 80 d0 00 93 00000000: c8 40 af f7 46 6f 7b eb d2 b9 1c 5a 80 d0 00 93
00000010: c2 5e 44 16 40 47 f7 8e 61 9c da a5 16 94 83 c5 00000010: c2 5e 44 16 40 47 f7 8e 61 9c da a5 16 94 83 c5
00000020: 68 5f e8 4d 03 e7 c2 cd 08 07 b8 f3 46 66 6d 05 00000020: 68 5f e8 4d 03 e7 c2 cd 08 07 b8 f3 46 66 6d 05
00000030: 76 c0 d5 e7 60 1d 59 49 09 45 52 c4 95 a7 5a d3 00000030: 76 c0 d5 e7 60 1d 59 49 09 45 52 c4 95 a7 5a d3
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.1-15.35" derivedCounter="(182)">
<t indent="0" pn="section-appendix.a.2.1-15.35.1">
Computes keys for ESP SAs Computes keys for ESP SAs
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.1-15.35.2">
00000000: 98 ab 7e db 78 03 a1 e6 c7 21 43 ee b9 7f 5f 56 00000000: 98 ab 7e db 78 03 a1 e6 c7 21 43 ee b9 7f 5f 56
00000010: 45 bb 51 cd 0b b7 09 a1 af 34 02 87 69 4d 7b a0 00000010: 45 bb 51 cd 0b b7 09 a1 af 34 02 87 69 4d 7b a0
00000020: 1d 14 a0 cc 00000020: 1d 14 a0 cc
00000000: 70 31 4d 57 94 8b 7e 5c 6f 29 d5 68 1b fd 43 2b 00000000: 70 31 4d 57 94 8b 7e 5c 6f 29 d5 68 1b fd 43 2b
00000010: 19 4e 64 6d 8f 8a 8d 1e ba 72 24 59 c7 0c de 81 00000010: 19 4e 64 6d 8f 8a 8d 1e ba 72 24 59 c7 0c de 81
00000020: e2 04 84 af 00000020: e2 04 84 af
]]> </sourcecode> </sourcecode>
</li> </li>
</ol> </ol>
</section>
<t><br/><br/></t> <section anchor="scenario2-2" numbered="true" removeInRFC="false" toc="i
nclude" pn="section-appendix.a.2.2">
<ol group="scenario2" type="Sub-scenario %d:"> <name slugifiedName="name-sub-scenario-2-ike-sa-rekeyi">Sub-Scenario 2
<li> IKE SA rekeying using the CREATE_CHILD_SA exchange. : IKE SA Rekeying Using the CREATE_CHILD_SA Exchange</name>
<sourcecode type="test-vectors"> <artwork type="" align="left" pn="section-appendix.a.2.2-1">
<![CDATA[
Initiator Responder Initiator Responder
HDR, SK {SAi, Ni, KEi [,N+]} ---> HDR, SK {SAi, Ni, KEi [,N+]} ---&gt;
<--- HDR, SK {SAr, Nr, KEr [,N+]} &lt;--- HDR, SK {SAr, Nr, KEr [,N+]}
]]> </artwork>
</sourcecode> <t indent="0" pn="section-appendix.a.2.2-2">Initiator's actions:</t>
</li> <ol start="1" type="(%d)" group="data6.txt" indent="adaptive" spacing=
</ol> "normal" pn="section-appendix.a.2.2-3">
<li pn="section-appendix.a.2.2-3.1" derivedCounter="(1)">
<t>Initiator's actions:</t> <t indent="0" pn="section-appendix.a.2.2-3.1.1">
<ol start="1" type="(%d)" group="data6.txt">
<li>
Generates random SPIi for new IKE SA Generates random SPIi for new IKE SA
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.2-3.1.2">
00000000: fd d9 35 89 50 d5 db 22 00000000: fd d9 35 89 50 d5 db 22
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.2-3.2" derivedCounter="(2)">
<t indent="0" pn="section-appendix.a.2.2-3.2.1">
Generates random IKE nonce Ni Generates random IKE nonce Ni
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.2-3.2.2">
00000000: 2e 98 99 76 4a 67 1e d9 17 27 32 f2 6d 3a 93 3c 00000000: 2e 98 99 76 4a 67 1e d9 17 27 32 f2 6d 3a 93 3c
00000010: 7f 21 2b 0e 59 90 cf 2a 7f 85 53 c5 ed 8a ec 37 00000010: 7f 21 2b 0e 59 90 cf 2a 7f 85 53 c5 ed 8a ec 37
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.2-3.3" derivedCounter="(3)">
<t indent="0" pn="section-appendix.a.2.2-3.3.1">
Generates ephemeral private key Generates ephemeral private key
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.2-3.3.2">
00000000: 29 2c 72 52 e0 6c fd 39 1d 55 04 e9 cf af 82 29 00000000: 29 2c 72 52 e0 6c fd 39 1d 55 04 e9 cf af 82 29
00000010: 89 09 ff 1c ab b2 dd a5 88 f0 34 fd 2c 57 d2 28 00000010: 89 09 ff 1c ab b2 dd a5 88 f0 34 fd 2c 57 d2 28
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.2-3.4" derivedCounter="(4)">
<t indent="0" pn="section-appendix.a.2.2-3.4.1">
Computes public key Computes public key
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.2-3.4.2">
00000000: 13 78 88 b1 0f 09 65 43 94 53 b7 26 5d 2a 8b 29 00000000: 13 78 88 b1 0f 09 65 43 94 53 b7 26 5d 2a 8b 29
00000010: 5f a9 d6 73 a2 d0 64 6c 98 0f 02 44 d5 5a 1d 13 00000010: 5f a9 d6 73 a2 d0 64 6c 98 0f 02 44 d5 5a 1d 13
00000020: 7b b4 4d 18 81 c3 ee 48 35 18 a7 71 ce 4f fa 45 00000020: 7b b4 4d 18 81 c3 ee 48 35 18 a7 71 ce 4f fa 45
00000030: b0 e9 74 63 37 58 32 7c ff a5 e4 98 b5 02 d4 ef 00000030: b0 e9 74 63 37 58 32 7c ff a5 e4 98 b5 02 d4 ef
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.2-3.5" derivedCounter="(5)">
<t indent="0" pn="section-appendix.a.2.2-3.5.1">
Creates message Creates message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.2-3.5.2">
Create Child SA Create Child SA
#9280E0822E758778.DB578D97DE119D1E.00000002 IKEv2 R<-I[213] #9280E0822E758778.DB578D97DE119D1E.00000002 IKEv2 R&lt;-I[213]
E[185]{ E[185]{
SA[44]{ SA[44]{
P[40](#1:IKE:FDD9358950D5DB22:3#){ P[40](#1:IKE:FDD9358950D5DB22:3#){
Encryption=ENCR_MAGMA_MGM_KTREE, Encryption=ENCR_MAGMA_MGM_KTREE,
PRF=PRF_HMAC_STREEBOG_512, PRF=PRF_HMAC_STREEBOG_512,
KE=GOST3410_2012_256}}, KE=GOST3410_2012_256}},
NONCE[36]{2E9899...8AEC37}, NONCE[36]{2E9899...8AEC37},
KE[72](GOST3410_2012_256){137888...02D4EF}, KE[72](GOST3410_2012_256){137888...02D4EF},
N[12](SET_WINDOW_SIZE){4}} N[12](SET_WINDOW_SIZE){4}}
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.2-3.6" derivedCounter="(6)">
<t indent="0" pn="section-appendix.a.2.2-3.6.1">
Computes K3i (i3 = 1) Computes K3i (i3 = 1)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.2-3.6.2">
00000000: da 26 f7 b5 4c 4c 97 23 3f e2 cb 53 23 82 1b 2a 00000000: da 26 f7 b5 4c 4c 97 23 3f e2 cb 53 23 82 1b 2a
00000010: 40 3c 95 e1 78 2a 8f 3d 1b 0f a4 d3 ab c3 98 3d 00000010: 40 3c 95 e1 78 2a 8f 3d 1b 0f a4 d3 ab c3 98 3d
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.2-3.7" derivedCounter="(7)">
<t indent="0" pn="section-appendix.a.2.2-3.7.1">
Composes MGM nonce Composes MGM nonce
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.2-3.7.2">
00000000: 00 00 00 00 b4 e1 3e 23 00000000: 00 00 00 00 b4 e1 3e 23
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.2-3.8" derivedCounter="(8)">
<t indent="0" pn="section-appendix.a.2.2-3.8.1">
Composes AAD Composes AAD
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.2-3.8.2">
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e 00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 2e 20 24 08 00 00 00 02 00 00 00 d5 21 00 00 b9 00000010: 2e 20 24 08 00 00 00 02 00 00 00 d5 21 00 00 b9
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.2-3.9" derivedCounter="(9)">
<t indent="0" pn="section-appendix.a.2.2-3.9.1">
Composes plaintext Composes plaintext
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.2-3.9.2">
00000000: 28 00 00 2c 00 00 00 28 01 01 08 03 fd d9 35 89 00000000: 28 00 00 2c 00 00 00 28 01 01 08 03 fd d9 35 89
00000010: 50 d5 db 22 03 00 00 08 01 00 00 21 03 00 00 08 00000010: 50 d5 db 22 03 00 00 08 01 00 00 21 03 00 00 08
00000020: 02 00 00 09 00 00 00 08 04 00 00 21 22 00 00 24 00000020: 02 00 00 09 00 00 00 08 04 00 00 21 22 00 00 24
00000030: 2e 98 99 76 4a 67 1e d9 17 27 32 f2 6d 3a 93 3c 00000030: 2e 98 99 76 4a 67 1e d9 17 27 32 f2 6d 3a 93 3c
00000040: 7f 21 2b 0e 59 90 cf 2a 7f 85 53 c5 ed 8a ec 37 00000040: 7f 21 2b 0e 59 90 cf 2a 7f 85 53 c5 ed 8a ec 37
00000050: 29 00 00 48 00 21 00 00 13 78 88 b1 0f 09 65 43 00000050: 29 00 00 48 00 21 00 00 13 78 88 b1 0f 09 65 43
00000060: 94 53 b7 26 5d 2a 8b 29 5f a9 d6 73 a2 d0 64 6c 00000060: 94 53 b7 26 5d 2a 8b 29 5f a9 d6 73 a2 d0 64 6c
00000070: 98 0f 02 44 d5 5a 1d 13 7b b4 4d 18 81 c3 ee 48 00000070: 98 0f 02 44 d5 5a 1d 13 7b b4 4d 18 81 c3 ee 48
00000080: 35 18 a7 71 ce 4f fa 45 b0 e9 74 63 37 58 32 7c 00000080: 35 18 a7 71 ce 4f fa 45 b0 e9 74 63 37 58 32 7c
00000090: ff a5 e4 98 b5 02 d4 ef 00 00 00 0c 00 00 40 01 00000090: ff a5 e4 98 b5 02 d4 ef 00 00 00 0c 00 00 40 01
000000A0: 00 00 00 04 00 000000A0: 00 00 00 04 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.2-3.10" derivedCounter="(10)">
Encrypts plaintext using K3i as K_msg, resulted in ciphertext <t indent="0" pn="section-appendix.a.2.2-3.10.1">
<sourcecode type="test-vectors"> Encrypts plaintext using K3i as K_msg, resulting in ciphertext
<![CDATA[ </t>
<sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.2-3.10.2">
00000000: f4 d1 2b 1e 51 65 d1 0b 7f 38 c6 16 3f 6e 5e f7 00000000: f4 d1 2b 1e 51 65 d1 0b 7f 38 c6 16 3f 6e 5e f7
00000010: e0 48 24 15 6a 45 50 51 1a 6e fb 1c 1d b8 52 75 00000010: e0 48 24 15 6a 45 50 51 1a 6e fb 1c 1d b8 52 75
00000020: 80 56 e4 da fb e5 fe 42 08 71 79 99 ef 17 7a 03 00000020: 80 56 e4 da fb e5 fe 42 08 71 79 99 ef 17 7a 03
00000030: fc c3 c6 b0 15 a5 72 a4 1b de e2 b5 e6 46 56 73 00000030: fc c3 c6 b0 15 a5 72 a4 1b de e2 b5 e6 46 56 73
00000040: 3f 78 57 9e 6b b4 05 4c 86 91 c3 61 00 2d 9b 89 00000040: 3f 78 57 9e 6b b4 05 4c 86 91 c3 61 00 2d 9b 89
00000050: c0 0c 8b 11 0b 41 e7 92 16 7f f8 f6 5d ef f4 29 00000050: c0 0c 8b 11 0b 41 e7 92 16 7f f8 f6 5d ef f4 29
00000060: 27 ef ba 8c 5f 30 fd a9 12 4c 5f 8d e9 39 97 48 00000060: 27 ef ba 8c 5f 30 fd a9 12 4c 5f 8d e9 39 97 48
00000070: 9a e1 6a 91 01 c7 8c 94 aa 3b 89 bb 54 40 3b f1 00000070: 9a e1 6a 91 01 c7 8c 94 aa 3b 89 bb 54 40 3b f1
00000080: 8d 2b 0e 75 d8 f6 98 d2 74 e4 b7 2f f5 ac a0 41 00000080: 8d 2b 0e 75 d8 f6 98 d2 74 e4 b7 2f f5 ac a0 41
00000090: df 73 7f 1c 37 18 b9 79 8e 9d 6f ea e5 8a b6 9f 00000090: df 73 7f 1c 37 18 b9 79 8e 9d 6f ea e5 8a b6 9f
000000A0: 35 d9 d4 b3 cd 000000A0: 35 d9 d4 b3 cd
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.2-3.11" derivedCounter="(11)">
<t indent="0" pn="section-appendix.a.2.2-3.11.1">
Computes ICV using K3i as K_msg Computes ICV using K3i as K_msg
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.2-3.11.2">
00000000: 49 96 ac 4c 3f c4 fc 1d 00000000: 49 96 ac 4c 3f c4 fc 1d
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.2-3.12" derivedCounter="(12)">
<t indent="0" pn="section-appendix.a.2.2-3.12.1">
Composes IV Composes IV
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.2-3.12.2">
00000000: 00 00 00 00 01 00 00 00 00000000: 00 00 00 00 01 00 00 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.2-3.13" derivedCounter="(13)">
Sends message, peer receives message<sourcecode type="test-vectors"> <t indent="0" pn="section-appendix.a.2.2-3.13.1">
<![CDATA[ Sends message, peer receives message</t>
10.111.10.171:54295->10.111.15.45:4500 [217] <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.2-3.13.2">
10.111.10.171:54295-&gt;10.111.15.45:4500 [217]
00000000: 00 00 00 00 92 80 e0 82 2e 75 87 78 db 57 8d 97 00000000: 00 00 00 00 92 80 e0 82 2e 75 87 78 db 57 8d 97
00000010: de 11 9d 1e 2e 20 24 08 00 00 00 02 00 00 00 d5 00000010: de 11 9d 1e 2e 20 24 08 00 00 00 02 00 00 00 d5
00000020: 21 00 00 b9 00 00 00 00 01 00 00 00 f4 d1 2b 1e 00000020: 21 00 00 b9 00 00 00 00 01 00 00 00 f4 d1 2b 1e
00000030: 51 65 d1 0b 7f 38 c6 16 3f 6e 5e f7 e0 48 24 15 00000030: 51 65 d1 0b 7f 38 c6 16 3f 6e 5e f7 e0 48 24 15
00000040: 6a 45 50 51 1a 6e fb 1c 1d b8 52 75 80 56 e4 da 00000040: 6a 45 50 51 1a 6e fb 1c 1d b8 52 75 80 56 e4 da
00000050: fb e5 fe 42 08 71 79 99 ef 17 7a 03 fc c3 c6 b0 00000050: fb e5 fe 42 08 71 79 99 ef 17 7a 03 fc c3 c6 b0
00000060: 15 a5 72 a4 1b de e2 b5 e6 46 56 73 3f 78 57 9e 00000060: 15 a5 72 a4 1b de e2 b5 e6 46 56 73 3f 78 57 9e
00000070: 6b b4 05 4c 86 91 c3 61 00 2d 9b 89 c0 0c 8b 11 00000070: 6b b4 05 4c 86 91 c3 61 00 2d 9b 89 c0 0c 8b 11
00000080: 0b 41 e7 92 16 7f f8 f6 5d ef f4 29 27 ef ba 8c 00000080: 0b 41 e7 92 16 7f f8 f6 5d ef f4 29 27 ef ba 8c
00000090: 5f 30 fd a9 12 4c 5f 8d e9 39 97 48 9a e1 6a 91 00000090: 5f 30 fd a9 12 4c 5f 8d e9 39 97 48 9a e1 6a 91
000000A0: 01 c7 8c 94 aa 3b 89 bb 54 40 3b f1 8d 2b 0e 75 000000A0: 01 c7 8c 94 aa 3b 89 bb 54 40 3b f1 8d 2b 0e 75
000000B0: d8 f6 98 d2 74 e4 b7 2f f5 ac a0 41 df 73 7f 1c 000000B0: d8 f6 98 d2 74 e4 b7 2f f5 ac a0 41 df 73 7f 1c
000000C0: 37 18 b9 79 8e 9d 6f ea e5 8a b6 9f 35 d9 d4 b3 000000C0: 37 18 b9 79 8e 9d 6f ea e5 8a b6 9f 35 d9 d4 b3
000000D0: cd 49 96 ac 4c 3f c4 fc 1d 000000D0: cd 49 96 ac 4c 3f c4 fc 1d
]]>
</sourcecode> </sourcecode>
</li> </li>
</ol> </ol>
<t>Responder's actions:</t> <t indent="0" pn="section-appendix.a.2.2-4">Responder's actions:</t>
<ol type="(%d)" group="data6.txt"> <ol type="(%d)" group="data6.txt" start="14" indent="adaptive" spacing
<li> ="normal" pn="section-appendix.a.2.2-5">
<li pn="section-appendix.a.2.2-5.1" derivedCounter="(14)">
<t indent="0" pn="section-appendix.a.2.2-5.1.1">
Extracts IV from message Extracts IV from message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.2-5.1.2">
00000000: 00 00 00 00 01 00 00 00 00000000: 00 00 00 00 01 00 00 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.2-5.2" derivedCounter="(15)">
<t indent="0" pn="section-appendix.a.2.2-5.2.1">
Computes K3i (I = 1) Computes K3i (I = 1)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.2-5.2.2">
00000000: da 26 f7 b5 4c 4c 97 23 3f e2 cb 53 23 82 1b 2a 00000000: da 26 f7 b5 4c 4c 97 23 3f e2 cb 53 23 82 1b 2a
00000010: 40 3c 95 e1 78 2a 8f 3d 1b 0f a4 d3 ab c3 98 3d 00000010: 40 3c 95 e1 78 2a 8f 3d 1b 0f a4 d3 ab c3 98 3d
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.2-5.3" derivedCounter="(16)">
<t indent="0" pn="section-appendix.a.2.2-5.3.1">
Composes MGM nonce Composes MGM nonce
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.2-5.3.2">
00000000: 00 00 00 00 b4 e1 3e 23 00000000: 00 00 00 00 b4 e1 3e 23
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.2-5.4" derivedCounter="(17)">
<t indent="0" pn="section-appendix.a.2.2-5.4.1">
Extracts ICV from message Extracts ICV from message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.2-5.4.2">
00000000: 49 96 ac 4c 3f c4 fc 1d 00000000: 49 96 ac 4c 3f c4 fc 1d
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.2-5.5" derivedCounter="(18)">
<t indent="0" pn="section-appendix.a.2.2-5.5.1">
Extracts AAD from message Extracts AAD from message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.2-5.5.2">
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e 00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 2e 20 24 08 00 00 00 02 00 00 00 d5 21 00 00 b9 00000010: 2e 20 24 08 00 00 00 02 00 00 00 d5 21 00 00 b9
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.2-5.6" derivedCounter="(19)">
<t indent="0" pn="section-appendix.a.2.2-5.6.1">
Extracts ciphertext from message Extracts ciphertext from message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.2-5.6.2">
00000000: f4 d1 2b 1e 51 65 d1 0b 7f 38 c6 16 3f 6e 5e f7 00000000: f4 d1 2b 1e 51 65 d1 0b 7f 38 c6 16 3f 6e 5e f7
00000010: e0 48 24 15 6a 45 50 51 1a 6e fb 1c 1d b8 52 75 00000010: e0 48 24 15 6a 45 50 51 1a 6e fb 1c 1d b8 52 75
00000020: 80 56 e4 da fb e5 fe 42 08 71 79 99 ef 17 7a 03 00000020: 80 56 e4 da fb e5 fe 42 08 71 79 99 ef 17 7a 03
00000030: fc c3 c6 b0 15 a5 72 a4 1b de e2 b5 e6 46 56 73 00000030: fc c3 c6 b0 15 a5 72 a4 1b de e2 b5 e6 46 56 73
00000040: 3f 78 57 9e 6b b4 05 4c 86 91 c3 61 00 2d 9b 89 00000040: 3f 78 57 9e 6b b4 05 4c 86 91 c3 61 00 2d 9b 89
00000050: c0 0c 8b 11 0b 41 e7 92 16 7f f8 f6 5d ef f4 29 00000050: c0 0c 8b 11 0b 41 e7 92 16 7f f8 f6 5d ef f4 29
00000060: 27 ef ba 8c 5f 30 fd a9 12 4c 5f 8d e9 39 97 48 00000060: 27 ef ba 8c 5f 30 fd a9 12 4c 5f 8d e9 39 97 48
00000070: 9a e1 6a 91 01 c7 8c 94 aa 3b 89 bb 54 40 3b f1 00000070: 9a e1 6a 91 01 c7 8c 94 aa 3b 89 bb 54 40 3b f1
00000080: 8d 2b 0e 75 d8 f6 98 d2 74 e4 b7 2f f5 ac a0 41 00000080: 8d 2b 0e 75 d8 f6 98 d2 74 e4 b7 2f f5 ac a0 41
00000090: df 73 7f 1c 37 18 b9 79 8e 9d 6f ea e5 8a b6 9f 00000090: df 73 7f 1c 37 18 b9 79 8e 9d 6f ea e5 8a b6 9f
000000A0: 35 d9 d4 b3 cd 000000A0: 35 d9 d4 b3 cd
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.2-5.7" derivedCounter="(20)">
Decrypts ciphertext and verifies ICV using K3i as K_msg, resulted in plaintext <t indent="0" pn="section-appendix.a.2.2-5.7.1">
<sourcecode type="test-vectors"> Decrypts ciphertext and verifies ICV using K3i as K_msg, resulting in plaintext
<![CDATA[ </t>
<sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.2-5.7.2">
00000000: 28 00 00 2c 00 00 00 28 01 01 08 03 fd d9 35 89 00000000: 28 00 00 2c 00 00 00 28 01 01 08 03 fd d9 35 89
00000010: 50 d5 db 22 03 00 00 08 01 00 00 21 03 00 00 08 00000010: 50 d5 db 22 03 00 00 08 01 00 00 21 03 00 00 08
00000020: 02 00 00 09 00 00 00 08 04 00 00 21 22 00 00 24 00000020: 02 00 00 09 00 00 00 08 04 00 00 21 22 00 00 24
00000030: 2e 98 99 76 4a 67 1e d9 17 27 32 f2 6d 3a 93 3c 00000030: 2e 98 99 76 4a 67 1e d9 17 27 32 f2 6d 3a 93 3c
00000040: 7f 21 2b 0e 59 90 cf 2a 7f 85 53 c5 ed 8a ec 37 00000040: 7f 21 2b 0e 59 90 cf 2a 7f 85 53 c5 ed 8a ec 37
00000050: 29 00 00 48 00 21 00 00 13 78 88 b1 0f 09 65 43 00000050: 29 00 00 48 00 21 00 00 13 78 88 b1 0f 09 65 43
00000060: 94 53 b7 26 5d 2a 8b 29 5f a9 d6 73 a2 d0 64 6c 00000060: 94 53 b7 26 5d 2a 8b 29 5f a9 d6 73 a2 d0 64 6c
00000070: 98 0f 02 44 d5 5a 1d 13 7b b4 4d 18 81 c3 ee 48 00000070: 98 0f 02 44 d5 5a 1d 13 7b b4 4d 18 81 c3 ee 48
00000080: 35 18 a7 71 ce 4f fa 45 b0 e9 74 63 37 58 32 7c 00000080: 35 18 a7 71 ce 4f fa 45 b0 e9 74 63 37 58 32 7c
00000090: ff a5 e4 98 b5 02 d4 ef 00 00 00 0c 00 00 40 01 00000090: ff a5 e4 98 b5 02 d4 ef 00 00 00 0c 00 00 40 01
000000A0: 00 00 00 04 00 000000A0: 00 00 00 04 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.2-5.8" derivedCounter="(21)">
<t indent="0" pn="section-appendix.a.2.2-5.8.1">
Parses received message Parses received message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.2-5.8.2">
Create Child SA Create Child SA
#9280E0822E758778.DB578D97DE119D1E.00000002 IKEv2 I->R[213] #9280E0822E758778.DB578D97DE119D1E.00000002 IKEv2 I-&gt;R[213]
E[185]{ E[185]{
SA[44]{ SA[44]{
P[40](#1:IKE:FDD9358950D5DB22:3#){ P[40](#1:IKE:FDD9358950D5DB22:3#){
Encryption=ENCR_MAGMA_MGM_KTREE, Encryption=ENCR_MAGMA_MGM_KTREE,
PRF=PRF_HMAC_STREEBOG_512, PRF=PRF_HMAC_STREEBOG_512,
KE=GOST3410_2012_256}}, KE=GOST3410_2012_256}},
NONCE[36]{2E9899...8AEC37}, NONCE[36]{2E9899...8AEC37},
KE[72](GOST3410_2012_256){137888...02D4EF}, KE[72](GOST3410_2012_256){137888...02D4EF},
N[12](SET_WINDOW_SIZE){4}} N[12](SET_WINDOW_SIZE){4}}
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.2-5.9" derivedCounter="(22)">
<t indent="0" pn="section-appendix.a.2.2-5.9.1">
Generates random SPIr for new IKE SA Generates random SPIr for new IKE SA
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.2-5.9.2">
00000000: 81 27 5d a2 98 90 1a 06 00000000: 81 27 5d a2 98 90 1a 06
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.2-5.10" derivedCounter="(23)">
<t indent="0" pn="section-appendix.a.2.2-5.10.1">
Generates random IKE nonce Nr Generates random IKE nonce Nr
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.2-5.10.2">
00000000: cf 8e 80 0f 84 c9 d8 50 06 a4 02 b5 19 2a 0f a0 00000000: cf 8e 80 0f 84 c9 d8 50 06 a4 02 b5 19 2a 0f a0
00000010: d7 f4 db 70 ca f1 2b 9b 02 ce 92 8d 97 20 43 96 00000010: d7 f4 db 70 ca f1 2b 9b 02 ce 92 8d 97 20 43 96
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.2-5.11" derivedCounter="(24)">
<t indent="0" pn="section-appendix.a.2.2-5.11.1">
Generates ephemeral private key Generates ephemeral private key
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.2-5.11.2">
00000000: af 9a 62 7d d3 b8 23 d2 49 7f f9 0a 9d f2 55 8c 00000000: af 9a 62 7d d3 b8 23 d2 49 7f f9 0a 9d f2 55 8c
00000010: ae 9c 48 ad f5 a4 ee a5 f6 24 5f 48 3c f8 42 0d 00000010: ae 9c 48 ad f5 a4 ee a5 f6 24 5f 48 3c f8 42 0d
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.2-5.12" derivedCounter="(25)">
<t indent="0" pn="section-appendix.a.2.2-5.12.1">
Computes public key Computes public key
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.2-5.12.2">
00000000: ba 9c bb 8d c4 51 68 1c 63 50 9c 5b 78 c2 93 be 00000000: ba 9c bb 8d c4 51 68 1c 63 50 9c 5b 78 c2 93 be
00000010: 52 9b 7a a0 6b 14 1e 0f 52 d4 a3 0e 71 d7 5b 4c 00000010: 52 9b 7a a0 6b 14 1e 0f 52 d4 a3 0e 71 d7 5b 4c
00000020: aa 58 af 26 21 d9 b2 92 87 1c d9 7a 89 6f c2 7d 00000020: aa 58 af 26 21 d9 b2 92 87 1c d9 7a 89 6f c2 7d
00000030: 7d 95 96 39 a2 36 37 8f f4 b9 1d 2f a8 b7 f5 c9 00000030: 7d 95 96 39 a2 36 37 8f f4 b9 1d 2f a8 b7 f5 c9
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.2-5.13" derivedCounter="(26)">
<t indent="0" pn="section-appendix.a.2.2-5.13.1">
Computes shared key Computes shared key
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.2-5.13.2">
00000000: ae 27 a3 df af 7d bb ad f4 5c 19 64 c9 27 eb 41 00000000: ae 27 a3 df af 7d bb ad f4 5c 19 64 c9 27 eb 41
00000010: 14 fc 1a f8 25 cc 93 50 a2 64 5f 04 67 0a 74 cb 00000010: 14 fc 1a f8 25 cc 93 50 a2 64 5f 04 67 0a 74 cb
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.2-5.14" derivedCounter="(27)">
<t indent="0" pn="section-appendix.a.2.2-5.14.1">
Computes SKEYSEED for new SA Computes SKEYSEED for new SA
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.2-5.14.2">
00000000: 31 2b 7f 6a 24 23 8f ed b6 ac 40 a7 58 2e 28 54 00000000: 31 2b 7f 6a 24 23 8f ed b6 ac 40 a7 58 2e 28 54
00000010: 47 53 76 20 05 c7 00 c8 87 c1 51 68 93 40 7e 2d 00000010: 47 53 76 20 05 c7 00 c8 87 c1 51 68 93 40 7e 2d
00000020: ed 14 c4 78 9a f4 12 e7 f0 19 4d 4d 12 45 0d 42 00000020: ed 14 c4 78 9a f4 12 e7 f0 19 4d 4d 12 45 0d 42
00000030: e4 b2 29 e5 57 b4 90 cc cf d5 94 84 b4 59 5e b9 00000030: e4 b2 29 e5 57 b4 90 cc cf d5 94 84 b4 59 5e b9
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.2-5.15" derivedCounter="(28)">
<t indent="0" pn="section-appendix.a.2.2-5.15.1">
Computes SK_d for new SA Computes SK_d for new SA
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.2-5.15.2">
00000000: 38 ec b5 1c 33 77 f8 62 29 9f 00 d9 98 5f a4 4c 00000000: 38 ec b5 1c 33 77 f8 62 29 9f 00 d9 98 5f a4 4c
00000010: ea c7 97 31 01 b9 39 ce 16 2c 1c 30 dd 53 d8 97 00000010: ea c7 97 31 01 b9 39 ce 16 2c 1c 30 dd 53 d8 97
00000020: 48 49 cd ca 82 7b 57 55 e4 5a 33 1c 80 e6 b9 1f 00000020: 48 49 cd ca 82 7b 57 55 e4 5a 33 1c 80 e6 b9 1f
00000030: 2c 80 b2 e5 48 8a 23 9d 8e 42 32 ed 4f 63 3a f1 00000030: 2c 80 b2 e5 48 8a 23 9d 8e 42 32 ed 4f 63 3a f1
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.2-5.16" derivedCounter="(29)">
<t indent="0" pn="section-appendix.a.2.2-5.16.1">
Computes SK_ei for new SA Computes SK_ei for new SA
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.2-5.16.2">
00000000: 17 1c 7c 08 bd 1a 3d 50 58 e1 13 58 9d c4 21 c6 00000000: 17 1c 7c 08 bd 1a 3d 50 58 e1 13 58 9d c4 21 c6
00000010: a3 44 e5 c1 f5 14 e8 22 ed 94 03 2e 76 47 b1 8d 00000010: a3 44 e5 c1 f5 14 e8 22 ed 94 03 2e 76 47 b1 8d
00000020: 2b 3d 3b 2f 00000020: 2b 3d 3b 2f
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.2-5.17" derivedCounter="(30)">
<t indent="0" pn="section-appendix.a.2.2-5.17.1">
Computes SK_er for new SA Computes SK_er for new SA
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.2-5.17.2">
00000000: 4a a9 b7 36 1d 2c e1 e0 dc 55 b6 45 0a 38 f1 9a 00000000: 4a a9 b7 36 1d 2c e1 e0 dc 55 b6 45 0a 38 f1 9a
00000010: 83 cb 8f 79 57 5e df d8 5f 5e 22 a8 36 bd 3a 4a 00000010: 83 cb 8f 79 57 5e df d8 5f 5e 22 a8 36 bd 3a 4a
00000020: d2 f6 27 21 00000020: d2 f6 27 21
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.2-5.18" derivedCounter="(31)">
<t indent="0" pn="section-appendix.a.2.2-5.18.1">
Creates message Creates message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.2-5.18.2">
Create Child SA Create Child SA
#9280E0822E758778.DB578D97DE119D1E.00000002 IKEv2 I<=R[213] #9280E0822E758778.DB578D97DE119D1E.00000002 IKEv2 I&lt;=R[213]
E[185]{ E[185]{
SA[44]{ SA[44]{
P[40](#1:IKE:81275DA298901A06:3#){ P[40](#1:IKE:81275DA298901A06:3#){
Encryption=ENCR_MAGMA_MGM_KTREE, Encryption=ENCR_MAGMA_MGM_KTREE,
PRF=PRF_HMAC_STREEBOG_512, PRF=PRF_HMAC_STREEBOG_512,
KE=GOST3410_2012_256}}, KE=GOST3410_2012_256}},
NONCE[36]{CF8E80...204396}, NONCE[36]{CF8E80...204396},
KE[72](GOST3410_2012_256){BA9CBB...B7F5C9}, KE[72](GOST3410_2012_256){BA9CBB...B7F5C9},
N[12](SET_WINDOW_SIZE){64}} N[12](SET_WINDOW_SIZE){64}}
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.2-5.19" derivedCounter="(32)">
<t indent="0" pn="section-appendix.a.2.2-5.19.1">
Computes K3r (i3 = 1) Computes K3r (i3 = 1)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.2-5.19.2">
00000000: 9b 6c de 40 b4 63 c4 85 db 09 b7 24 f4 60 fa d0 00000000: 9b 6c de 40 b4 63 c4 85 db 09 b7 24 f4 60 fa d0
00000010: 1f d3 f3 fa e9 f8 e9 03 0c 34 cb 51 52 51 5b 56 00000010: 1f d3 f3 fa e9 f8 e9 03 0c 34 cb 51 52 51 5b 56
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.2-5.20" derivedCounter="(33)">
<t indent="0" pn="section-appendix.a.2.2-5.20.1">
Composes MGM nonce Composes MGM nonce
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.2-5.20.2">
00000000: 00 00 00 00 a5 bb 18 2f 00000000: 00 00 00 00 a5 bb 18 2f
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.2-5.21" derivedCounter="(34)">
<t indent="0" pn="section-appendix.a.2.2-5.21.1">
Composes AAD Composes AAD
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.2-5.21.2">
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e 00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 2e 20 24 20 00 00 00 02 00 00 00 d5 21 00 00 b9 00000010: 2e 20 24 20 00 00 00 02 00 00 00 d5 21 00 00 b9
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.2-5.22" derivedCounter="(35)">
<t indent="0" pn="section-appendix.a.2.2-5.22.1">
Composes plaintext Composes plaintext
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.2-5.22.2">
00000000: 28 00 00 2c 00 00 00 28 01 01 08 03 81 27 5d a2 00000000: 28 00 00 2c 00 00 00 28 01 01 08 03 81 27 5d a2
00000010: 98 90 1a 06 03 00 00 08 01 00 00 21 03 00 00 08 00000010: 98 90 1a 06 03 00 00 08 01 00 00 21 03 00 00 08
00000020: 02 00 00 09 00 00 00 08 04 00 00 21 22 00 00 24 00000020: 02 00 00 09 00 00 00 08 04 00 00 21 22 00 00 24
00000030: cf 8e 80 0f 84 c9 d8 50 06 a4 02 b5 19 2a 0f a0 00000030: cf 8e 80 0f 84 c9 d8 50 06 a4 02 b5 19 2a 0f a0
00000040: d7 f4 db 70 ca f1 2b 9b 02 ce 92 8d 97 20 43 96 00000040: d7 f4 db 70 ca f1 2b 9b 02 ce 92 8d 97 20 43 96
00000050: 29 00 00 48 00 21 00 00 ba 9c bb 8d c4 51 68 1c 00000050: 29 00 00 48 00 21 00 00 ba 9c bb 8d c4 51 68 1c
00000060: 63 50 9c 5b 78 c2 93 be 52 9b 7a a0 6b 14 1e 0f 00000060: 63 50 9c 5b 78 c2 93 be 52 9b 7a a0 6b 14 1e 0f
00000070: 52 d4 a3 0e 71 d7 5b 4c aa 58 af 26 21 d9 b2 92 00000070: 52 d4 a3 0e 71 d7 5b 4c aa 58 af 26 21 d9 b2 92
00000080: 87 1c d9 7a 89 6f c2 7d 7d 95 96 39 a2 36 37 8f 00000080: 87 1c d9 7a 89 6f c2 7d 7d 95 96 39 a2 36 37 8f
00000090: f4 b9 1d 2f a8 b7 f5 c9 00 00 00 0c 00 00 40 01 00000090: f4 b9 1d 2f a8 b7 f5 c9 00 00 00 0c 00 00 40 01
000000A0: 00 00 00 40 00 000000A0: 00 00 00 40 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.2-5.23" derivedCounter="(36)">
Encrypts plaintext using K3r as K_msg, resulted in ciphertext <t indent="0" pn="section-appendix.a.2.2-5.23.1">
<sourcecode type="test-vectors"> Encrypts plaintext using K3r as K_msg, resulting in ciphertext
<![CDATA[ </t>
<sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.2-5.23.2">
00000000: 6e a0 bc 5e 58 16 91 db 1f e0 22 20 b6 75 fd e6 00000000: 6e a0 bc 5e 58 16 91 db 1f e0 22 20 b6 75 fd e6
00000010: e0 01 a7 86 0c 9c a6 77 ef cd f6 be e4 c8 31 18 00000010: e0 01 a7 86 0c 9c a6 77 ef cd f6 be e4 c8 31 18
00000020: c7 7f 68 58 d8 85 75 6c 1d 4a 0e 66 09 86 7c 84 00000020: c7 7f 68 58 d8 85 75 6c 1d 4a 0e 66 09 86 7c 84
00000030: 30 a7 2e f0 26 2b 19 da c5 25 34 5b 19 f0 97 86 00000030: 30 a7 2e f0 26 2b 19 da c5 25 34 5b 19 f0 97 86
00000040: 54 ca 08 92 65 9c e3 92 4d ee 92 0a a0 86 d7 3f 00000040: 54 ca 08 92 65 9c e3 92 4d ee 92 0a a0 86 d7 3f
00000050: 4d d9 f2 7e 32 48 b3 9f ea 54 d2 96 99 42 30 6b 00000050: 4d d9 f2 7e 32 48 b3 9f ea 54 d2 96 99 42 30 6b
00000060: b0 b4 fe 5d 4a fc 8c ff 54 f6 2f b7 ca 7b 83 01 00000060: b0 b4 fe 5d 4a fc 8c ff 54 f6 2f b7 ca 7b 83 01
00000070: 36 85 57 78 b3 74 84 72 9d 94 2f 6f ae 4e 26 bb 00000070: 36 85 57 78 b3 74 84 72 9d 94 2f 6f ae 4e 26 bb
00000080: 6e 06 84 2b ac f8 99 29 31 ad 7b dc db c0 0f 19 00000080: 6e 06 84 2b ac f8 99 29 31 ad 7b dc db c0 0f 19
00000090: 5f 06 42 2d 90 d2 6a 05 8a 41 ee 24 e2 49 a5 b6 00000090: 5f 06 42 2d 90 d2 6a 05 8a 41 ee 24 e2 49 a5 b6
000000A0: 61 e8 cb 46 3c 000000A0: 61 e8 cb 46 3c
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.2-5.24" derivedCounter="(37)">
<t indent="0" pn="section-appendix.a.2.2-5.24.1">
Computes ICV using K3r as K_msg Computes ICV using K3r as K_msg
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.2-5.24.2">
00000000: dc c4 ca 6d 07 cf 31 a8 00000000: dc c4 ca 6d 07 cf 31 a8
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.2-5.25" derivedCounter="(38)">
<t indent="0" pn="section-appendix.a.2.2-5.25.1">
Composes IV Composes IV
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.2-5.25.2">
00000000: 00 00 00 00 01 00 00 00 00000000: 00 00 00 00 01 00 00 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.2-5.26" derivedCounter="(39)">
Sends message, peer receives message<sourcecode type="test-vectors"> <t indent="0" pn="section-appendix.a.2.2-5.26.1">
<![CDATA[ Sends message, peer receives message</t>
10.111.10.171:54295<-10.111.15.45:4500 [217] <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.2-5.26.2">
10.111.10.171:54295&lt;-10.111.15.45:4500 [217]
00000000: 00 00 00 00 92 80 e0 82 2e 75 87 78 db 57 8d 97 00000000: 00 00 00 00 92 80 e0 82 2e 75 87 78 db 57 8d 97
00000010: de 11 9d 1e 2e 20 24 20 00 00 00 02 00 00 00 d5 00000010: de 11 9d 1e 2e 20 24 20 00 00 00 02 00 00 00 d5
00000020: 21 00 00 b9 00 00 00 00 01 00 00 00 6e a0 bc 5e 00000020: 21 00 00 b9 00 00 00 00 01 00 00 00 6e a0 bc 5e
00000030: 58 16 91 db 1f e0 22 20 b6 75 fd e6 e0 01 a7 86 00000030: 58 16 91 db 1f e0 22 20 b6 75 fd e6 e0 01 a7 86
00000040: 0c 9c a6 77 ef cd f6 be e4 c8 31 18 c7 7f 68 58 00000040: 0c 9c a6 77 ef cd f6 be e4 c8 31 18 c7 7f 68 58
00000050: d8 85 75 6c 1d 4a 0e 66 09 86 7c 84 30 a7 2e f0 00000050: d8 85 75 6c 1d 4a 0e 66 09 86 7c 84 30 a7 2e f0
00000060: 26 2b 19 da c5 25 34 5b 19 f0 97 86 54 ca 08 92 00000060: 26 2b 19 da c5 25 34 5b 19 f0 97 86 54 ca 08 92
00000070: 65 9c e3 92 4d ee 92 0a a0 86 d7 3f 4d d9 f2 7e 00000070: 65 9c e3 92 4d ee 92 0a a0 86 d7 3f 4d d9 f2 7e
00000080: 32 48 b3 9f ea 54 d2 96 99 42 30 6b b0 b4 fe 5d 00000080: 32 48 b3 9f ea 54 d2 96 99 42 30 6b b0 b4 fe 5d
00000090: 4a fc 8c ff 54 f6 2f b7 ca 7b 83 01 36 85 57 78 00000090: 4a fc 8c ff 54 f6 2f b7 ca 7b 83 01 36 85 57 78
000000A0: b3 74 84 72 9d 94 2f 6f ae 4e 26 bb 6e 06 84 2b 000000A0: b3 74 84 72 9d 94 2f 6f ae 4e 26 bb 6e 06 84 2b
000000B0: ac f8 99 29 31 ad 7b dc db c0 0f 19 5f 06 42 2d 000000B0: ac f8 99 29 31 ad 7b dc db c0 0f 19 5f 06 42 2d
000000C0: 90 d2 6a 05 8a 41 ee 24 e2 49 a5 b6 61 e8 cb 46 000000C0: 90 d2 6a 05 8a 41 ee 24 e2 49 a5 b6 61 e8 cb 46
000000D0: 3c dc c4 ca 6d 07 cf 31 a8 000000D0: 3c dc c4 ca 6d 07 cf 31 a8
]]>
</sourcecode> </sourcecode>
</li> </li>
</ol> </ol>
<t>Initiator's actions:</t> <t indent="0" pn="section-appendix.a.2.2-6">Initiator's actions:</t>
<ol type="(%d)" group="data6.txt"> <ol type="(%d)" group="data6.txt" start="40" indent="adaptive" spacing
<li> ="normal" pn="section-appendix.a.2.2-7">
<li pn="section-appendix.a.2.2-7.1" derivedCounter="(40)">
<t indent="0" pn="section-appendix.a.2.2-7.1.1">
Extracts IV from message Extracts IV from message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.2-7.1.2">
00000000: 00 00 00 00 01 00 00 00 00000000: 00 00 00 00 01 00 00 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.2-7.2" derivedCounter="(41)">
<t indent="0" pn="section-appendix.a.2.2-7.2.1">
Computes K3r (i3 = 1) Computes K3r (i3 = 1)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.2-7.2.2">
00000000: 9b 6c de 40 b4 63 c4 85 db 09 b7 24 f4 60 fa d0 00000000: 9b 6c de 40 b4 63 c4 85 db 09 b7 24 f4 60 fa d0
00000010: 1f d3 f3 fa e9 f8 e9 03 0c 34 cb 51 52 51 5b 56 00000010: 1f d3 f3 fa e9 f8 e9 03 0c 34 cb 51 52 51 5b 56
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.2-7.3" derivedCounter="(42)">
<t indent="0" pn="section-appendix.a.2.2-7.3.1">
Composes MGM nonce Composes MGM nonce
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.2-7.3.2">
00000000: 00 00 00 00 a5 bb 18 2f 00000000: 00 00 00 00 a5 bb 18 2f
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.2-7.4" derivedCounter="(43)">
<t indent="0" pn="section-appendix.a.2.2-7.4.1">
Extracts ICV from message Extracts ICV from message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.2-7.4.2">
00000000: dc c4 ca 6d 07 cf 31 a8 00000000: dc c4 ca 6d 07 cf 31 a8
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.2-7.5" derivedCounter="(44)">
<t indent="0" pn="section-appendix.a.2.2-7.5.1">
Extracts AAD from message Extracts AAD from message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.2-7.5.2">
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e 00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 2e 20 24 20 00 00 00 02 00 00 00 d5 21 00 00 b9 00000010: 2e 20 24 20 00 00 00 02 00 00 00 d5 21 00 00 b9
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.2-7.6" derivedCounter="(45)">
<t indent="0" pn="section-appendix.a.2.2-7.6.1">
Extracts ciphertext from message Extracts ciphertext from message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.2-7.6.2">
00000000: 6e a0 bc 5e 58 16 91 db 1f e0 22 20 b6 75 fd e6 00000000: 6e a0 bc 5e 58 16 91 db 1f e0 22 20 b6 75 fd e6
00000010: e0 01 a7 86 0c 9c a6 77 ef cd f6 be e4 c8 31 18 00000010: e0 01 a7 86 0c 9c a6 77 ef cd f6 be e4 c8 31 18
00000020: c7 7f 68 58 d8 85 75 6c 1d 4a 0e 66 09 86 7c 84 00000020: c7 7f 68 58 d8 85 75 6c 1d 4a 0e 66 09 86 7c 84
00000030: 30 a7 2e f0 26 2b 19 da c5 25 34 5b 19 f0 97 86 00000030: 30 a7 2e f0 26 2b 19 da c5 25 34 5b 19 f0 97 86
00000040: 54 ca 08 92 65 9c e3 92 4d ee 92 0a a0 86 d7 3f 00000040: 54 ca 08 92 65 9c e3 92 4d ee 92 0a a0 86 d7 3f
00000050: 4d d9 f2 7e 32 48 b3 9f ea 54 d2 96 99 42 30 6b 00000050: 4d d9 f2 7e 32 48 b3 9f ea 54 d2 96 99 42 30 6b
00000060: b0 b4 fe 5d 4a fc 8c ff 54 f6 2f b7 ca 7b 83 01 00000060: b0 b4 fe 5d 4a fc 8c ff 54 f6 2f b7 ca 7b 83 01
00000070: 36 85 57 78 b3 74 84 72 9d 94 2f 6f ae 4e 26 bb 00000070: 36 85 57 78 b3 74 84 72 9d 94 2f 6f ae 4e 26 bb
00000080: 6e 06 84 2b ac f8 99 29 31 ad 7b dc db c0 0f 19 00000080: 6e 06 84 2b ac f8 99 29 31 ad 7b dc db c0 0f 19
00000090: 5f 06 42 2d 90 d2 6a 05 8a 41 ee 24 e2 49 a5 b6 00000090: 5f 06 42 2d 90 d2 6a 05 8a 41 ee 24 e2 49 a5 b6
000000A0: 61 e8 cb 46 3c 000000A0: 61 e8 cb 46 3c
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.2-7.7" derivedCounter="(46)">
Decrypts ciphertext and verifies ICV using K3r as K_msg, resulted in plaintext <t indent="0" pn="section-appendix.a.2.2-7.7.1">
<sourcecode type="test-vectors"> Decrypts ciphertext and verifies ICV using K3r as K_msg, resulting in plaintext
<![CDATA[ </t>
<sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.2-7.7.2">
00000000: 28 00 00 2c 00 00 00 28 01 01 08 03 81 27 5d a2 00000000: 28 00 00 2c 00 00 00 28 01 01 08 03 81 27 5d a2
00000010: 98 90 1a 06 03 00 00 08 01 00 00 21 03 00 00 08 00000010: 98 90 1a 06 03 00 00 08 01 00 00 21 03 00 00 08
00000020: 02 00 00 09 00 00 00 08 04 00 00 21 22 00 00 24 00000020: 02 00 00 09 00 00 00 08 04 00 00 21 22 00 00 24
00000030: cf 8e 80 0f 84 c9 d8 50 06 a4 02 b5 19 2a 0f a0 00000030: cf 8e 80 0f 84 c9 d8 50 06 a4 02 b5 19 2a 0f a0
00000040: d7 f4 db 70 ca f1 2b 9b 02 ce 92 8d 97 20 43 96 00000040: d7 f4 db 70 ca f1 2b 9b 02 ce 92 8d 97 20 43 96
00000050: 29 00 00 48 00 21 00 00 ba 9c bb 8d c4 51 68 1c 00000050: 29 00 00 48 00 21 00 00 ba 9c bb 8d c4 51 68 1c
00000060: 63 50 9c 5b 78 c2 93 be 52 9b 7a a0 6b 14 1e 0f 00000060: 63 50 9c 5b 78 c2 93 be 52 9b 7a a0 6b 14 1e 0f
00000070: 52 d4 a3 0e 71 d7 5b 4c aa 58 af 26 21 d9 b2 92 00000070: 52 d4 a3 0e 71 d7 5b 4c aa 58 af 26 21 d9 b2 92
00000080: 87 1c d9 7a 89 6f c2 7d 7d 95 96 39 a2 36 37 8f 00000080: 87 1c d9 7a 89 6f c2 7d 7d 95 96 39 a2 36 37 8f
00000090: f4 b9 1d 2f a8 b7 f5 c9 00 00 00 0c 00 00 40 01 00000090: f4 b9 1d 2f a8 b7 f5 c9 00 00 00 0c 00 00 40 01
000000A0: 00 00 00 40 00 000000A0: 00 00 00 40 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.2-7.8" derivedCounter="(47)">
<t indent="0" pn="section-appendix.a.2.2-7.8.1">
Parses received message Parses received message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.2-7.8.2">
Create Child SA Create Child SA
#9280E0822E758778.DB578D97DE119D1E.00000002 IKEv2 R=>I[213] #9280E0822E758778.DB578D97DE119D1E.00000002 IKEv2 R=&gt;I[213]
E[185]{ E[185]{
SA[44]{ SA[44]{
P[40](#1:IKE:81275DA298901A06:3#){ P[40](#1:IKE:81275DA298901A06:3#){
Encryption=ENCR_MAGMA_MGM_KTREE, Encryption=ENCR_MAGMA_MGM_KTREE,
PRF=PRF_HMAC_STREEBOG_512, PRF=PRF_HMAC_STREEBOG_512,
KE=GOST3410_2012_256}}, KE=GOST3410_2012_256}},
NONCE[36]{CF8E80...204396}, NONCE[36]{CF8E80...204396},
KE[72](GOST3410_2012_256){BA9CBB...B7F5C9}, KE[72](GOST3410_2012_256){BA9CBB...B7F5C9},
N[12](SET_WINDOW_SIZE){64}} N[12](SET_WINDOW_SIZE){64}}
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.2-7.9" derivedCounter="(48)">
<t indent="0" pn="section-appendix.a.2.2-7.9.1">
Computes shared key Computes shared key
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.2-7.9.2">
00000000: ae 27 a3 df af 7d bb ad f4 5c 19 64 c9 27 eb 41 00000000: ae 27 a3 df af 7d bb ad f4 5c 19 64 c9 27 eb 41
00000010: 14 fc 1a f8 25 cc 93 50 a2 64 5f 04 67 0a 74 cb 00000010: 14 fc 1a f8 25 cc 93 50 a2 64 5f 04 67 0a 74 cb
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.2-7.10" derivedCounter="(49)">
<t indent="0" pn="section-appendix.a.2.2-7.10.1">
Computes SKEYSEED for new SA Computes SKEYSEED for new SA
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.2-7.10.2">
00000000: 31 2b 7f 6a 24 23 8f ed b6 ac 40 a7 58 2e 28 54 00000000: 31 2b 7f 6a 24 23 8f ed b6 ac 40 a7 58 2e 28 54
00000010: 47 53 76 20 05 c7 00 c8 87 c1 51 68 93 40 7e 2d 00000010: 47 53 76 20 05 c7 00 c8 87 c1 51 68 93 40 7e 2d
00000020: ed 14 c4 78 9a f4 12 e7 f0 19 4d 4d 12 45 0d 42 00000020: ed 14 c4 78 9a f4 12 e7 f0 19 4d 4d 12 45 0d 42
00000030: e4 b2 29 e5 57 b4 90 cc cf d5 94 84 b4 59 5e b9 00000030: e4 b2 29 e5 57 b4 90 cc cf d5 94 84 b4 59 5e b9
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.2-7.11" derivedCounter="(50)">
<t indent="0" pn="section-appendix.a.2.2-7.11.1">
Computes SK_d for new SA Computes SK_d for new SA
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.2-7.11.2">
00000000: 38 ec b5 1c 33 77 f8 62 29 9f 00 d9 98 5f a4 4c 00000000: 38 ec b5 1c 33 77 f8 62 29 9f 00 d9 98 5f a4 4c
00000010: ea c7 97 31 01 b9 39 ce 16 2c 1c 30 dd 53 d8 97 00000010: ea c7 97 31 01 b9 39 ce 16 2c 1c 30 dd 53 d8 97
00000020: 48 49 cd ca 82 7b 57 55 e4 5a 33 1c 80 e6 b9 1f 00000020: 48 49 cd ca 82 7b 57 55 e4 5a 33 1c 80 e6 b9 1f
00000030: 2c 80 b2 e5 48 8a 23 9d 8e 42 32 ed 4f 63 3a f1 00000030: 2c 80 b2 e5 48 8a 23 9d 8e 42 32 ed 4f 63 3a f1
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.2-7.12" derivedCounter="(51)">
<t indent="0" pn="section-appendix.a.2.2-7.12.1">
Computes SK_ei for new SA Computes SK_ei for new SA
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.2-7.12.2">
00000000: 17 1c 7c 08 bd 1a 3d 50 58 e1 13 58 9d c4 21 c6 00000000: 17 1c 7c 08 bd 1a 3d 50 58 e1 13 58 9d c4 21 c6
00000010: a3 44 e5 c1 f5 14 e8 22 ed 94 03 2e 76 47 b1 8d 00000010: a3 44 e5 c1 f5 14 e8 22 ed 94 03 2e 76 47 b1 8d
00000020: 2b 3d 3b 2f 00000020: 2b 3d 3b 2f
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.2-7.13" derivedCounter="(52)">
<t indent="0" pn="section-appendix.a.2.2-7.13.1">
Computes SK_er for new SA Computes SK_er for new SA
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.2-7.13.2">
00000000: 4a a9 b7 36 1d 2c e1 e0 dc 55 b6 45 0a 38 f1 9a 00000000: 4a a9 b7 36 1d 2c e1 e0 dc 55 b6 45 0a 38 f1 9a
00000010: 83 cb 8f 79 57 5e df d8 5f 5e 22 a8 36 bd 3a 4a 00000010: 83 cb 8f 79 57 5e df d8 5f 5e 22 a8 36 bd 3a 4a
00000020: d2 f6 27 21 00000020: d2 f6 27 21
]]> </sourcecode> </sourcecode>
</li> </li>
</ol> </ol>
</section>
<t><br/><br/></t> <section anchor="scenario2-3" numbered="true" removeInRFC="false" toc="i
nclude" pn="section-appendix.a.2.3">
<ol group="scenario2" type="Sub-scenario %d:"> <name slugifiedName="name-sub-scenario-3-esp-sas-rekey">Sub-Scenario 3
<li> ESP SAs rekeying without PFS using the CREATE_CHILD_SA exchan : ESP SAs Rekeying without PFS Using the CREATE_CHILD_SA Exchange</name>
ge. <artwork type="" align="left" pn="section-appendix.a.2.3-1">
<sourcecode type="test-vectors">
<![CDATA[
Initiator Responder Initiator Responder
HDR, SK {N(REKEY_SA), SAi, Ni, HDR, SK {N(REKEY_SA), SAi, Ni,
TSi, TSr [,N+]} ---> TSi, TSr [,N+]} ---&gt;
<--- HDR, SK {SAr, Nr, &lt;--- HDR, SK {SAr, Nr,
TSi, TSr [,N+]} TSi, TSr [,N+]}
]]> </artwork>
</sourcecode> <t indent="0" pn="section-appendix.a.2.3-2">Initiator's actions:</t>
</li> <ol start="1" type="(%d)" group="data7.txt" indent="adaptive" spacing=
</ol> "normal" pn="section-appendix.a.2.3-3">
<li pn="section-appendix.a.2.3-3.1" derivedCounter="(1)">
<t>Initiator's actions:</t> <t indent="0" pn="section-appendix.a.2.3-3.1.1">
<ol start="1" type="(%d)" group="data7.txt">
<li>
Generates random IKE nonce Ni Generates random IKE nonce Ni
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.3-3.1.2">
00000000: b5 48 18 7d 30 d8 ea 49 20 d0 9d 42 de 9e 91 ce 00000000: b5 48 18 7d 30 d8 ea 49 20 d0 9d 42 de 9e 91 ce
00000010: b3 1c 41 85 37 66 d8 9e c6 a6 f8 08 93 f4 48 23 00000010: b3 1c 41 85 37 66 d8 9e c6 a6 f8 08 93 f4 48 23
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.3-3.2" derivedCounter="(2)">
<t indent="0" pn="section-appendix.a.2.3-3.2.1">
Computes K1i (i1 = 0) Computes K1i (i1 = 0)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.3-3.2.2">
00000000: 28 b9 3c 93 ea db 74 38 64 87 8a 28 8d e0 38 5c 00000000: 28 b9 3c 93 ea db 74 38 64 87 8a 28 8d e0 38 5c
00000010: 14 cb ea 9f 67 58 a6 ee e2 2d c9 37 bb c8 41 69 00000010: 14 cb ea 9f 67 58 a6 ee e2 2d c9 37 bb c8 41 69
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.3-3.3" derivedCounter="(3)">
<t indent="0" pn="section-appendix.a.2.3-3.3.1">
Computes K2i (i2 = 0) Computes K2i (i2 = 0)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.3-3.3.2">
00000000: 75 11 35 65 e6 29 70 2a d9 7d 38 a8 3a e3 aa 8a 00000000: 75 11 35 65 e6 29 70 2a d9 7d 38 a8 3a e3 aa 8a
00000010: 9e fb 80 af f5 52 71 be c9 c6 c3 4b 4b 40 96 44 00000010: 9e fb 80 af f5 52 71 be c9 c6 c3 4b 4b 40 96 44
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.3-3.4" derivedCounter="(4)">
<t indent="0" pn="section-appendix.a.2.3-3.4.1">
Computes K3i (i3 = 0) Computes K3i (i3 = 0)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.3-3.4.2">
00000000: 45 6f 03 f7 ad 75 eb e9 52 b8 8f 0d e8 36 47 69 00000000: 45 6f 03 f7 ad 75 eb e9 52 b8 8f 0d e8 36 47 69
00000010: 4d 2e f2 ba 15 e6 8c 89 1c 99 62 64 fb 0e 70 0a 00000010: 4d 2e f2 ba 15 e6 8c 89 1c 99 62 64 fb 0e 70 0a
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.3-3.5" derivedCounter="(5)">
<t indent="0" pn="section-appendix.a.2.3-3.5.1">
Selects SPI for new incoming ESP SA Selects SPI for new incoming ESP SA
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.3-3.5.2">
00000000: 9a 8c 6a 9b 00000000: 9a 8c 6a 9b
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.3-3.6" derivedCounter="(6)">
<t indent="0" pn="section-appendix.a.2.3-3.6.1">
Creates message Creates message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.3-3.6.2">
Create Child SA Create Child SA
#FDD9358950D5DB22.81275DA298901A06.00000000 IKEv2 R<-I[193] #FDD9358950D5DB22.81275DA298901A06.00000000 IKEv2 R&lt;-I[193]
E[165]{ E[165]{
N[12](ESP:6C0CA570:REKEY_SA), N[12](ESP:6C0CA570:REKEY_SA),
SA[32]{ SA[32]{
P[28](#1:ESP:9A8C6A9B:2#){ P[28](#1:ESP:9A8C6A9B:2#){
Encryption=ENCR_MAGMA_MGM_KTREE, Encryption=ENCR_MAGMA_MGM_KTREE,
ESN=Off}}, ESN=Off}},
NONCE[36]{B54818...F44823}, NONCE[36]{B54818...F44823},
TSi[24](1#){10.1.1.3}, TSi[24](1#){10.1.1.3},
TSr[24](1#){10.0.0.0-10.0.0.255}, TSr[24](1#){10.0.0.0-10.0.0.255},
N[8](ESP_TFC_PADDING_NOT_SUPPORTED), N[8](ESP_TFC_PADDING_NOT_SUPPORTED),
N[8](NON_FIRST_FRAGMENTS_ALSO)} N[8](NON_FIRST_FRAGMENTS_ALSO)}
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.3-3.7" derivedCounter="(7)">
<t indent="0" pn="section-appendix.a.2.3-3.7.1">
Composes MGM nonce Composes MGM nonce
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.3-3.7.2">
00000000: 00 00 00 00 2b 3d 3b 2f 00000000: 00 00 00 00 2b 3d 3b 2f
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.3-3.8" derivedCounter="(8)">
<t indent="0" pn="section-appendix.a.2.3-3.8.1">
Composes AAD Composes AAD
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.3-3.8.2">
00000000: fd d9 35 89 50 d5 db 22 81 27 5d a2 98 90 1a 06 00000000: fd d9 35 89 50 d5 db 22 81 27 5d a2 98 90 1a 06
00000010: 2e 20 24 08 00 00 00 00 00 00 00 c1 29 00 00 a5 00000010: 2e 20 24 08 00 00 00 00 00 00 00 c1 29 00 00 a5
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.3-3.9" derivedCounter="(9)">
<t indent="0" pn="section-appendix.a.2.3-3.9.1">
Composes plaintext Composes plaintext
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.3-3.9.2">
00000000: 21 00 00 0c 03 04 40 09 6c 0c a5 70 28 00 00 20 00000000: 21 00 00 0c 03 04 40 09 6c 0c a5 70 28 00 00 20
00000010: 00 00 00 1c 01 03 04 02 9a 8c 6a 9b 03 00 00 08 00000010: 00 00 00 1c 01 03 04 02 9a 8c 6a 9b 03 00 00 08
00000020: 01 00 00 21 00 00 00 08 05 00 00 00 2c 00 00 24 00000020: 01 00 00 21 00 00 00 08 05 00 00 00 2c 00 00 24
00000030: b5 48 18 7d 30 d8 ea 49 20 d0 9d 42 de 9e 91 ce 00000030: b5 48 18 7d 30 d8 ea 49 20 d0 9d 42 de 9e 91 ce
00000040: b3 1c 41 85 37 66 d8 9e c6 a6 f8 08 93 f4 48 23 00000040: b3 1c 41 85 37 66 d8 9e c6 a6 f8 08 93 f4 48 23
00000050: 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff 00000050: 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff
00000060: 0a 01 01 03 0a 01 01 03 29 00 00 18 01 00 00 00 00000060: 0a 01 01 03 0a 01 01 03 29 00 00 18 01 00 00 00
00000070: 07 00 00 10 00 00 ff ff 0a 00 00 00 0a 00 00 ff 00000070: 07 00 00 10 00 00 ff ff 0a 00 00 00 0a 00 00 ff
00000080: 29 00 00 08 00 00 40 0a 00 00 00 08 00 00 40 0b 00000080: 29 00 00 08 00 00 40 0a 00 00 00 08 00 00 40 0b
00000090: 00 00000090: 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.3-3.10" derivedCounter="(10)">
Encrypts plaintext using K3i as K_msg, resulted in ciphertext <t indent="0" pn="section-appendix.a.2.3-3.10.1">
<sourcecode type="test-vectors"> Encrypts plaintext using K3i as K_msg, resulting in ciphertext
<![CDATA[ </t>
<sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.3-3.10.2">
00000000: 47 71 bb 57 2a 1a 58 a6 44 cb 60 d4 8e 5c cc 0a 00000000: 47 71 bb 57 2a 1a 58 a6 44 cb 60 d4 8e 5c cc 0a
00000010: b9 34 0f 34 80 cf a2 38 54 f6 70 3b 98 4e 8f 9f 00000010: b9 34 0f 34 80 cf a2 38 54 f6 70 3b 98 4e 8f 9f
00000020: 3b 5c 5a 04 06 dc e9 d4 d3 54 c6 4d 73 09 10 c5 00000020: 3b 5c 5a 04 06 dc e9 d4 d3 54 c6 4d 73 09 10 c5
00000030: 4e 26 c4 27 fd cb 54 e1 cf e0 fd b4 9f f8 00 41 00000030: 4e 26 c4 27 fd cb 54 e1 cf e0 fd b4 9f f8 00 41
00000040: 41 c8 58 b2 c9 3a d8 e0 19 40 a3 89 ee 26 d4 84 00000040: 41 c8 58 b2 c9 3a d8 e0 19 40 a3 89 ee 26 d4 84
00000050: 69 e9 52 68 d5 e1 ee f0 89 6e d3 95 34 62 ad 2e 00000050: 69 e9 52 68 d5 e1 ee f0 89 6e d3 95 34 62 ad 2e
00000060: e6 77 17 b8 6c 25 52 7f d8 70 9c 36 0b c8 1d 1a 00000060: e6 77 17 b8 6c 25 52 7f d8 70 9c 36 0b c8 1d 1a
00000070: 43 50 82 2a be b6 31 ff 2f 43 11 f7 d0 60 bf 62 00000070: 43 50 82 2a be b6 31 ff 2f 43 11 f7 d0 60 bf 62
00000080: b9 08 c3 09 a3 78 fb 5e 76 57 91 5d 48 1c aa d2 00000080: b9 08 c3 09 a3 78 fb 5e 76 57 91 5d 48 1c aa d2
00000090: a3 00000090: a3
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.3-3.11" derivedCounter="(11)">
<t indent="0" pn="section-appendix.a.2.3-3.11.1">
Computes ICV using K3i as K_msg Computes ICV using K3i as K_msg
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.3-3.11.2">
00000000: b3 05 bd 43 2f 87 0c 3f 00000000: b3 05 bd 43 2f 87 0c 3f
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.3-3.12" derivedCounter="(12)">
<t indent="0" pn="section-appendix.a.2.3-3.12.1">
Composes IV Composes IV
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.3-3.12.2">
00000000: 00 00 00 00 00 00 00 00 00000000: 00 00 00 00 00 00 00 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.3-3.13" derivedCounter="(13)">
Sends message, peer receives message<sourcecode type="test-vectors"> <t indent="0" pn="section-appendix.a.2.3-3.13.1">
<![CDATA[ Sends message, peer receives message</t>
10.111.10.171:54295->10.111.15.45:4500 [197] <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.3-3.13.2">
10.111.10.171:54295-&gt;10.111.15.45:4500 [197]
00000000: 00 00 00 00 fd d9 35 89 50 d5 db 22 81 27 5d a2 00000000: 00 00 00 00 fd d9 35 89 50 d5 db 22 81 27 5d a2
00000010: 98 90 1a 06 2e 20 24 08 00 00 00 00 00 00 00 c1 00000010: 98 90 1a 06 2e 20 24 08 00 00 00 00 00 00 00 c1
00000020: 29 00 00 a5 00 00 00 00 00 00 00 00 47 71 bb 57 00000020: 29 00 00 a5 00 00 00 00 00 00 00 00 47 71 bb 57
00000030: 2a 1a 58 a6 44 cb 60 d4 8e 5c cc 0a b9 34 0f 34 00000030: 2a 1a 58 a6 44 cb 60 d4 8e 5c cc 0a b9 34 0f 34
00000040: 80 cf a2 38 54 f6 70 3b 98 4e 8f 9f 3b 5c 5a 04 00000040: 80 cf a2 38 54 f6 70 3b 98 4e 8f 9f 3b 5c 5a 04
00000050: 06 dc e9 d4 d3 54 c6 4d 73 09 10 c5 4e 26 c4 27 00000050: 06 dc e9 d4 d3 54 c6 4d 73 09 10 c5 4e 26 c4 27
00000060: fd cb 54 e1 cf e0 fd b4 9f f8 00 41 41 c8 58 b2 00000060: fd cb 54 e1 cf e0 fd b4 9f f8 00 41 41 c8 58 b2
00000070: c9 3a d8 e0 19 40 a3 89 ee 26 d4 84 69 e9 52 68 00000070: c9 3a d8 e0 19 40 a3 89 ee 26 d4 84 69 e9 52 68
00000080: d5 e1 ee f0 89 6e d3 95 34 62 ad 2e e6 77 17 b8 00000080: d5 e1 ee f0 89 6e d3 95 34 62 ad 2e e6 77 17 b8
00000090: 6c 25 52 7f d8 70 9c 36 0b c8 1d 1a 43 50 82 2a 00000090: 6c 25 52 7f d8 70 9c 36 0b c8 1d 1a 43 50 82 2a
000000A0: be b6 31 ff 2f 43 11 f7 d0 60 bf 62 b9 08 c3 09 000000A0: be b6 31 ff 2f 43 11 f7 d0 60 bf 62 b9 08 c3 09
000000B0: a3 78 fb 5e 76 57 91 5d 48 1c aa d2 a3 b3 05 bd 000000B0: a3 78 fb 5e 76 57 91 5d 48 1c aa d2 a3 b3 05 bd
000000C0: 43 2f 87 0c 3f 000000C0: 43 2f 87 0c 3f
]]>
</sourcecode> </sourcecode>
</li> </li>
</ol> </ol>
<t>Responder's actions:</t> <t indent="0" pn="section-appendix.a.2.3-4">Responder's actions:</t>
<ol type="(%d)" group="data7.txt"> <ol type="(%d)" group="data7.txt" start="14" indent="adaptive" spacing
<li> ="normal" pn="section-appendix.a.2.3-5">
<li pn="section-appendix.a.2.3-5.1" derivedCounter="(14)">
<t indent="0" pn="section-appendix.a.2.3-5.1.1">
Extracts IV from message Extracts IV from message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.3-5.1.2">
00000000: 00 00 00 00 00 00 00 00 00000000: 00 00 00 00 00 00 00 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.3-5.2" derivedCounter="(15)">
<t indent="0" pn="section-appendix.a.2.3-5.2.1">
Computes K1i (i1 = 0) Computes K1i (i1 = 0)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.3-5.2.2">
00000000: 28 b9 3c 93 ea db 74 38 64 87 8a 28 8d e0 38 5c 00000000: 28 b9 3c 93 ea db 74 38 64 87 8a 28 8d e0 38 5c
00000010: 14 cb ea 9f 67 58 a6 ee e2 2d c9 37 bb c8 41 69 00000010: 14 cb ea 9f 67 58 a6 ee e2 2d c9 37 bb c8 41 69
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.3-5.3" derivedCounter="(16)">
<t indent="0" pn="section-appendix.a.2.3-5.3.1">
Computes K2i (i2 = 0) Computes K2i (i2 = 0)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.3-5.3.2">
00000000: 75 11 35 65 e6 29 70 2a d9 7d 38 a8 3a e3 aa 8a 00000000: 75 11 35 65 e6 29 70 2a d9 7d 38 a8 3a e3 aa 8a
00000010: 9e fb 80 af f5 52 71 be c9 c6 c3 4b 4b 40 96 44 00000010: 9e fb 80 af f5 52 71 be c9 c6 c3 4b 4b 40 96 44
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.3-5.4" derivedCounter="(17)">
<t indent="0" pn="section-appendix.a.2.3-5.4.1">
Computes K3i (i3 = 0) Computes K3i (i3 = 0)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.3-5.4.2">
00000000: 45 6f 03 f7 ad 75 eb e9 52 b8 8f 0d e8 36 47 69 00000000: 45 6f 03 f7 ad 75 eb e9 52 b8 8f 0d e8 36 47 69
00000010: 4d 2e f2 ba 15 e6 8c 89 1c 99 62 64 fb 0e 70 0a 00000010: 4d 2e f2 ba 15 e6 8c 89 1c 99 62 64 fb 0e 70 0a
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.3-5.5" derivedCounter="(18)">
<t indent="0" pn="section-appendix.a.2.3-5.5.1">
Composes MGM nonce Composes MGM nonce
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.3-5.5.2">
00000000: 00 00 00 00 2b 3d 3b 2f 00000000: 00 00 00 00 2b 3d 3b 2f
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.3-5.6" derivedCounter="(19)">
<t indent="0" pn="section-appendix.a.2.3-5.6.1">
Extracts ICV from message Extracts ICV from message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.3-5.6.2">
00000000: b3 05 bd 43 2f 87 0c 3f 00000000: b3 05 bd 43 2f 87 0c 3f
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.3-5.7" derivedCounter="(20)">
<t indent="0" pn="section-appendix.a.2.3-5.7.1">
Extracts AAD from message Extracts AAD from message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.3-5.7.2">
00000000: fd d9 35 89 50 d5 db 22 81 27 5d a2 98 90 1a 06 00000000: fd d9 35 89 50 d5 db 22 81 27 5d a2 98 90 1a 06
00000010: 2e 20 24 08 00 00 00 00 00 00 00 c1 29 00 00 a5 00000010: 2e 20 24 08 00 00 00 00 00 00 00 c1 29 00 00 a5
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.3-5.8" derivedCounter="(21)">
<t indent="0" pn="section-appendix.a.2.3-5.8.1">
Extracts ciphertext from message Extracts ciphertext from message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.3-5.8.2">
00000000: 47 71 bb 57 2a 1a 58 a6 44 cb 60 d4 8e 5c cc 0a 00000000: 47 71 bb 57 2a 1a 58 a6 44 cb 60 d4 8e 5c cc 0a
00000010: b9 34 0f 34 80 cf a2 38 54 f6 70 3b 98 4e 8f 9f 00000010: b9 34 0f 34 80 cf a2 38 54 f6 70 3b 98 4e 8f 9f
00000020: 3b 5c 5a 04 06 dc e9 d4 d3 54 c6 4d 73 09 10 c5 00000020: 3b 5c 5a 04 06 dc e9 d4 d3 54 c6 4d 73 09 10 c5
00000030: 4e 26 c4 27 fd cb 54 e1 cf e0 fd b4 9f f8 00 41 00000030: 4e 26 c4 27 fd cb 54 e1 cf e0 fd b4 9f f8 00 41
00000040: 41 c8 58 b2 c9 3a d8 e0 19 40 a3 89 ee 26 d4 84 00000040: 41 c8 58 b2 c9 3a d8 e0 19 40 a3 89 ee 26 d4 84
00000050: 69 e9 52 68 d5 e1 ee f0 89 6e d3 95 34 62 ad 2e 00000050: 69 e9 52 68 d5 e1 ee f0 89 6e d3 95 34 62 ad 2e
00000060: e6 77 17 b8 6c 25 52 7f d8 70 9c 36 0b c8 1d 1a 00000060: e6 77 17 b8 6c 25 52 7f d8 70 9c 36 0b c8 1d 1a
00000070: 43 50 82 2a be b6 31 ff 2f 43 11 f7 d0 60 bf 62 00000070: 43 50 82 2a be b6 31 ff 2f 43 11 f7 d0 60 bf 62
00000080: b9 08 c3 09 a3 78 fb 5e 76 57 91 5d 48 1c aa d2 00000080: b9 08 c3 09 a3 78 fb 5e 76 57 91 5d 48 1c aa d2
00000090: a3 00000090: a3
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.3-5.9" derivedCounter="(22)">
Decrypts ciphertext and verifies ICV using K3i as K_msg, resulted in plaintext <t indent="0" pn="section-appendix.a.2.3-5.9.1">
<sourcecode type="test-vectors"> Decrypts ciphertext and verifies ICV using K3i as K_msg, resulting in plaintext
<![CDATA[ </t>
<sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.3-5.9.2">
00000000: 21 00 00 0c 03 04 40 09 6c 0c a5 70 28 00 00 20 00000000: 21 00 00 0c 03 04 40 09 6c 0c a5 70 28 00 00 20
00000010: 00 00 00 1c 01 03 04 02 9a 8c 6a 9b 03 00 00 08 00000010: 00 00 00 1c 01 03 04 02 9a 8c 6a 9b 03 00 00 08
00000020: 01 00 00 21 00 00 00 08 05 00 00 00 2c 00 00 24 00000020: 01 00 00 21 00 00 00 08 05 00 00 00 2c 00 00 24
00000030: b5 48 18 7d 30 d8 ea 49 20 d0 9d 42 de 9e 91 ce 00000030: b5 48 18 7d 30 d8 ea 49 20 d0 9d 42 de 9e 91 ce
00000040: b3 1c 41 85 37 66 d8 9e c6 a6 f8 08 93 f4 48 23 00000040: b3 1c 41 85 37 66 d8 9e c6 a6 f8 08 93 f4 48 23
00000050: 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff 00000050: 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff
00000060: 0a 01 01 03 0a 01 01 03 29 00 00 18 01 00 00 00 00000060: 0a 01 01 03 0a 01 01 03 29 00 00 18 01 00 00 00
00000070: 07 00 00 10 00 00 ff ff 0a 00 00 00 0a 00 00 ff 00000070: 07 00 00 10 00 00 ff ff 0a 00 00 00 0a 00 00 ff
00000080: 29 00 00 08 00 00 40 0a 00 00 00 08 00 00 40 0b 00000080: 29 00 00 08 00 00 40 0a 00 00 00 08 00 00 40 0b
00000090: 00 00000090: 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.3-5.10" derivedCounter="(23)">
<t indent="0" pn="section-appendix.a.2.3-5.10.1">
Parses received message Parses received message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.3-5.10.2">
Create Child SA Create Child SA
#FDD9358950D5DB22.81275DA298901A06.00000000 IKEv2 I->R[193] #FDD9358950D5DB22.81275DA298901A06.00000000 IKEv2 I-&gt;R[193]
E[165]{ E[165]{
N[12](ESP:6C0CA570:REKEY_SA), N[12](ESP:6C0CA570:REKEY_SA),
SA[32]{ SA[32]{
P[28](#1:ESP:9A8C6A9B:2#){ P[28](#1:ESP:9A8C6A9B:2#){
Encryption=ENCR_MAGMA_MGM_KTREE, Encryption=ENCR_MAGMA_MGM_KTREE,
ESN=Off}}, ESN=Off}},
NONCE[36]{B54818...F44823}, NONCE[36]{B54818...F44823},
TSi[24](1#){10.1.1.3}, TSi[24](1#){10.1.1.3},
TSr[24](1#){10.0.0.0-10.0.0.255}, TSr[24](1#){10.0.0.0-10.0.0.255},
N[8](ESP_TFC_PADDING_NOT_SUPPORTED), N[8](ESP_TFC_PADDING_NOT_SUPPORTED),
N[8](NON_FIRST_FRAGMENTS_ALSO)} N[8](NON_FIRST_FRAGMENTS_ALSO)}
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.3-5.11" derivedCounter="(24)">
<t indent="0" pn="section-appendix.a.2.3-5.11.1">
Generates random IKE nonce Nr Generates random IKE nonce Nr
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.3-5.11.2">
00000000: 41 5e a7 ed 7e 65 d3 ff d3 df ed 5f b5 c8 5c 60 00000000: 41 5e a7 ed 7e 65 d3 ff d3 df ed 5f b5 c8 5c 60
00000010: 2b 9c 15 14 eb 52 97 b7 fc aa 33 c4 64 f3 58 06 00000010: 2b 9c 15 14 eb 52 97 b7 fc aa 33 c4 64 f3 58 06
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.3-5.12" derivedCounter="(25)">
<t indent="0" pn="section-appendix.a.2.3-5.12.1">
Selects SPI for new incoming ESP SA Selects SPI for new incoming ESP SA
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.3-5.12.2">
00000000: 15 4f 35 39 00000000: 15 4f 35 39
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.3-5.13" derivedCounter="(26)">
<t indent="0" pn="section-appendix.a.2.3-5.13.1">
Computes keys for new ESP SAs Computes keys for new ESP SAs
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.3-5.13.2">
00000000: 6a b6 a0 e7 05 d3 51 16 6f 4f b9 d6 59 0c c8 69 00000000: 6a b6 a0 e7 05 d3 51 16 6f 4f b9 d6 59 0c c8 69
00000010: 43 70 cf 6f 0d 32 c3 7d 92 75 00 4b 0a 76 35 67 00000010: 43 70 cf 6f 0d 32 c3 7d 92 75 00 4b 0a 76 35 67
00000020: 64 0e 3a fe 00000020: 64 0e 3a fe
00000000: 65 56 1c 79 27 cb c6 d6 8c b8 69 0f 40 00 d2 0a 00000000: 65 56 1c 79 27 cb c6 d6 8c b8 69 0f 40 00 d2 0a
00000010: c1 49 1c d1 86 88 db 88 ae f3 be 82 0c 71 b7 c9 00000010: c1 49 1c d1 86 88 db 88 ae f3 be 82 0c 71 b7 c9
00000020: 6c cf a3 64 00000020: 6c cf a3 64
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.3-5.14" derivedCounter="(27)">
<t indent="0" pn="section-appendix.a.2.3-5.14.1">
Creates message Creates message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.3-5.14.2">
Create Child SA Create Child SA
#FDD9358950D5DB22.81275DA298901A06.00000000 IKEv2 I<=R[189] #FDD9358950D5DB22.81275DA298901A06.00000000 IKEv2 I&lt;=R[189]
E[161]{ E[161]{
SA[32]{ SA[32]{
P[28](#1:ESP:154F3539:2#){ P[28](#1:ESP:154F3539:2#){
Encryption=ENCR_MAGMA_MGM_KTREE, Encryption=ENCR_MAGMA_MGM_KTREE,
ESN=Off}}, ESN=Off}},
NONCE[36]{415EA7...F35806}, NONCE[36]{415EA7...F35806},
TSi[24](1#){10.1.1.3}, TSi[24](1#){10.1.1.3},
TSr[24](1#){10.0.0.0-10.0.0.255}, TSr[24](1#){10.0.0.0-10.0.0.255},
N[8](ADDITIONAL_TS_POSSIBLE), N[8](ADDITIONAL_TS_POSSIBLE),
N[8](ESP_TFC_PADDING_NOT_SUPPORTED), N[8](ESP_TFC_PADDING_NOT_SUPPORTED),
N[8](NON_FIRST_FRAGMENTS_ALSO)} N[8](NON_FIRST_FRAGMENTS_ALSO)}
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.3-5.15" derivedCounter="(28)">
<t indent="0" pn="section-appendix.a.2.3-5.15.1">
Computes K1r (i1 = 0) Computes K1r (i1 = 0)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.3-5.15.2">
00000000: 51 49 d5 41 33 91 45 dd ff 04 f5 05 e5 21 39 f2 00000000: 51 49 d5 41 33 91 45 dd ff 04 f5 05 e5 21 39 f2
00000010: 3a 71 1c 18 ef 39 94 1e dd 0c 70 e5 14 12 43 0a 00000010: 3a 71 1c 18 ef 39 94 1e dd 0c 70 e5 14 12 43 0a
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.3-5.16" derivedCounter="(29)">
<t indent="0" pn="section-appendix.a.2.3-5.16.1">
Computes K2r (i2 = 0) Computes K2r (i2 = 0)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.3-5.16.2">
00000000: 0e 8f 21 54 2e fc 81 79 57 c4 c9 0b e0 25 9a 59 00000000: 0e 8f 21 54 2e fc 81 79 57 c4 c9 0b e0 25 9a 59
00000010: 29 26 0e 86 20 bf d4 e6 00 32 23 43 ae f0 11 52 00000010: 29 26 0e 86 20 bf d4 e6 00 32 23 43 ae f0 11 52
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.3-5.17" derivedCounter="(30)">
<t indent="0" pn="section-appendix.a.2.3-5.17.1">
Computes K3r (i3 = 0) Computes K3r (i3 = 0)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.3-5.17.2">
00000000: 92 b8 b2 d6 7a 2d e1 db 5f e1 39 d2 57 c8 24 5f 00000000: 92 b8 b2 d6 7a 2d e1 db 5f e1 39 d2 57 c8 24 5f
00000010: f6 22 54 de fc 35 35 c9 24 cf a5 4a e1 5d 75 71 00000010: f6 22 54 de fc 35 35 c9 24 cf a5 4a e1 5d 75 71
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.3-5.18" derivedCounter="(31)">
<t indent="0" pn="section-appendix.a.2.3-5.18.1">
Composes MGM nonce Composes MGM nonce
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.3-5.18.2">
00000000: 00 00 00 00 d2 f6 27 21 00000000: 00 00 00 00 d2 f6 27 21
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.3-5.19" derivedCounter="(32)">
<t indent="0" pn="section-appendix.a.2.3-5.19.1">
Composes AAD Composes AAD
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.3-5.19.2">
00000000: fd d9 35 89 50 d5 db 22 81 27 5d a2 98 90 1a 06 00000000: fd d9 35 89 50 d5 db 22 81 27 5d a2 98 90 1a 06
00000010: 2e 20 24 20 00 00 00 00 00 00 00 bd 21 00 00 a1 00000010: 2e 20 24 20 00 00 00 00 00 00 00 bd 21 00 00 a1
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.3-5.20" derivedCounter="(33)">
<t indent="0" pn="section-appendix.a.2.3-5.20.1">
Composes plaintext Composes plaintext
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.3-5.20.2">
00000000: 28 00 00 20 00 00 00 1c 01 03 04 02 15 4f 35 39 00000000: 28 00 00 20 00 00 00 1c 01 03 04 02 15 4f 35 39
00000010: 03 00 00 08 01 00 00 21 00 00 00 08 05 00 00 00 00000010: 03 00 00 08 01 00 00 21 00 00 00 08 05 00 00 00
00000020: 2c 00 00 24 41 5e a7 ed 7e 65 d3 ff d3 df ed 5f 00000020: 2c 00 00 24 41 5e a7 ed 7e 65 d3 ff d3 df ed 5f
00000030: b5 c8 5c 60 2b 9c 15 14 eb 52 97 b7 fc aa 33 c4 00000030: b5 c8 5c 60 2b 9c 15 14 eb 52 97 b7 fc aa 33 c4
00000040: 64 f3 58 06 2d 00 00 18 01 00 00 00 07 00 00 10 00000040: 64 f3 58 06 2d 00 00 18 01 00 00 00 07 00 00 10
00000050: 00 00 ff ff 0a 01 01 03 0a 01 01 03 29 00 00 18 00000050: 00 00 ff ff 0a 01 01 03 0a 01 01 03 29 00 00 18
00000060: 01 00 00 00 07 00 00 10 00 00 ff ff 0a 00 00 00 00000060: 01 00 00 00 07 00 00 10 00 00 ff ff 0a 00 00 00
00000070: 0a 00 00 ff 29 00 00 08 00 00 40 02 29 00 00 08 00000070: 0a 00 00 ff 29 00 00 08 00 00 40 02 29 00 00 08
00000080: 00 00 40 0a 00 00 00 08 00 00 40 0b 00 00000080: 00 00 40 0a 00 00 00 08 00 00 40 0b 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.3-5.21" derivedCounter="(34)">
Encrypts plaintext using K3r as K_msg, resulted in ciphertext <t indent="0" pn="section-appendix.a.2.3-5.21.1">
<sourcecode type="test-vectors"> Encrypts plaintext using K3r as K_msg, resulting in ciphertext
<![CDATA[ </t>
<sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.3-5.21.2">
00000000: 2e c7 13 73 4c cc f8 f3 51 71 ac d9 7a 6e 20 2c 00000000: 2e c7 13 73 4c cc f8 f3 51 71 ac d9 7a 6e 20 2c
00000010: 68 70 bb 8f 82 42 2a 14 e3 8d b8 25 10 9a 1f b6 00000010: 68 70 bb 8f 82 42 2a 14 e3 8d b8 25 10 9a 1f b6
00000020: 51 ef c5 35 50 bf df 8e 96 bc 94 5a e5 4d 9d 99 00000020: 51 ef c5 35 50 bf df 8e 96 bc 94 5a e5 4d 9d 99
00000030: 9a 14 36 d1 4b 61 e1 de 3b 0d 12 94 e5 72 60 00 00000030: 9a 14 36 d1 4b 61 e1 de 3b 0d 12 94 e5 72 60 00
00000040: 0f 9d dd 2b e1 97 25 4c 5c ee 48 2e 9b f7 d8 9e 00000040: 0f 9d dd 2b e1 97 25 4c 5c ee 48 2e 9b f7 d8 9e
00000050: 01 6b 1d 92 b7 c1 7f 16 81 0f e2 e3 14 1c 27 c7 00000050: 01 6b 1d 92 b7 c1 7f 16 81 0f e2 e3 14 1c 27 c7
00000060: 35 e9 e3 fd b8 fc 5d fb a2 ee 2f f9 b0 17 39 ca 00000060: 35 e9 e3 fd b8 fc 5d fb a2 ee 2f f9 b0 17 39 ca
00000070: f1 2e b1 13 99 e0 da 10 1a 29 74 26 a3 63 ce 09 00000070: f1 2e b1 13 99 e0 da 10 1a 29 74 26 a3 63 ce 09
00000080: 6a f9 1b 67 4a f2 fb 0f 17 5e 48 1a 93 00000080: 6a f9 1b 67 4a f2 fb 0f 17 5e 48 1a 93
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.3-5.22" derivedCounter="(35)">
<t indent="0" pn="section-appendix.a.2.3-5.22.1">
Computes ICV using K3r as K_msg Computes ICV using K3r as K_msg
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.3-5.22.2">
00000000: 57 b4 30 41 07 50 b1 cc 00000000: 57 b4 30 41 07 50 b1 cc
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.3-5.23" derivedCounter="(36)">
<t indent="0" pn="section-appendix.a.2.3-5.23.1">
Composes IV Composes IV
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.3-5.23.2">
00000000: 00 00 00 00 00 00 00 00 00000000: 00 00 00 00 00 00 00 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.3-5.24" derivedCounter="(37)">
Sends message, peer receives message<sourcecode type="test-vectors"> <t indent="0" pn="section-appendix.a.2.3-5.24.1">
<![CDATA[ Sends message, peer receives message</t>
10.111.10.171:54295<-10.111.15.45:4500 [193] <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.3-5.24.2">
10.111.10.171:54295&lt;-10.111.15.45:4500 [193]
00000000: 00 00 00 00 fd d9 35 89 50 d5 db 22 81 27 5d a2 00000000: 00 00 00 00 fd d9 35 89 50 d5 db 22 81 27 5d a2
00000010: 98 90 1a 06 2e 20 24 20 00 00 00 00 00 00 00 bd 00000010: 98 90 1a 06 2e 20 24 20 00 00 00 00 00 00 00 bd
00000020: 21 00 00 a1 00 00 00 00 00 00 00 00 2e c7 13 73 00000020: 21 00 00 a1 00 00 00 00 00 00 00 00 2e c7 13 73
00000030: 4c cc f8 f3 51 71 ac d9 7a 6e 20 2c 68 70 bb 8f 00000030: 4c cc f8 f3 51 71 ac d9 7a 6e 20 2c 68 70 bb 8f
00000040: 82 42 2a 14 e3 8d b8 25 10 9a 1f b6 51 ef c5 35 00000040: 82 42 2a 14 e3 8d b8 25 10 9a 1f b6 51 ef c5 35
00000050: 50 bf df 8e 96 bc 94 5a e5 4d 9d 99 9a 14 36 d1 00000050: 50 bf df 8e 96 bc 94 5a e5 4d 9d 99 9a 14 36 d1
00000060: 4b 61 e1 de 3b 0d 12 94 e5 72 60 00 0f 9d dd 2b 00000060: 4b 61 e1 de 3b 0d 12 94 e5 72 60 00 0f 9d dd 2b
00000070: e1 97 25 4c 5c ee 48 2e 9b f7 d8 9e 01 6b 1d 92 00000070: e1 97 25 4c 5c ee 48 2e 9b f7 d8 9e 01 6b 1d 92
00000080: b7 c1 7f 16 81 0f e2 e3 14 1c 27 c7 35 e9 e3 fd 00000080: b7 c1 7f 16 81 0f e2 e3 14 1c 27 c7 35 e9 e3 fd
00000090: b8 fc 5d fb a2 ee 2f f9 b0 17 39 ca f1 2e b1 13 00000090: b8 fc 5d fb a2 ee 2f f9 b0 17 39 ca f1 2e b1 13
000000A0: 99 e0 da 10 1a 29 74 26 a3 63 ce 09 6a f9 1b 67 000000A0: 99 e0 da 10 1a 29 74 26 a3 63 ce 09 6a f9 1b 67
000000B0: 4a f2 fb 0f 17 5e 48 1a 93 57 b4 30 41 07 50 b1 000000B0: 4a f2 fb 0f 17 5e 48 1a 93 57 b4 30 41 07 50 b1
000000C0: cc 000000C0: cc
]]>
</sourcecode> </sourcecode>
</li> </li>
</ol> </ol>
<t>Initiator's actions:</t> <t indent="0" pn="section-appendix.a.2.3-6">Initiator's actions:</t>
<ol type="(%d)" group="data7.txt"> <ol type="(%d)" group="data7.txt" start="38" indent="adaptive" spacing
<li> ="normal" pn="section-appendix.a.2.3-7">
<li pn="section-appendix.a.2.3-7.1" derivedCounter="(38)">
<t indent="0" pn="section-appendix.a.2.3-7.1.1">
Extracts IV from message Extracts IV from message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.3-7.1.2">
00000000: 00 00 00 00 00 00 00 00 00000000: 00 00 00 00 00 00 00 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.3-7.2" derivedCounter="(39)">
<t indent="0" pn="section-appendix.a.2.3-7.2.1">
Computes K1r (i1 = 0) Computes K1r (i1 = 0)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.3-7.2.2">
00000000: 51 49 d5 41 33 91 45 dd ff 04 f5 05 e5 21 39 f2 00000000: 51 49 d5 41 33 91 45 dd ff 04 f5 05 e5 21 39 f2
00000010: 3a 71 1c 18 ef 39 94 1e dd 0c 70 e5 14 12 43 0a 00000010: 3a 71 1c 18 ef 39 94 1e dd 0c 70 e5 14 12 43 0a
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.3-7.3" derivedCounter="(40)">
<t indent="0" pn="section-appendix.a.2.3-7.3.1">
Computes K2r (i2 = 0) Computes K2r (i2 = 0)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.3-7.3.2">
00000000: 0e 8f 21 54 2e fc 81 79 57 c4 c9 0b e0 25 9a 59 00000000: 0e 8f 21 54 2e fc 81 79 57 c4 c9 0b e0 25 9a 59
00000010: 29 26 0e 86 20 bf d4 e6 00 32 23 43 ae f0 11 52 00000010: 29 26 0e 86 20 bf d4 e6 00 32 23 43 ae f0 11 52
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.3-7.4" derivedCounter="(41)">
<t indent="0" pn="section-appendix.a.2.3-7.4.1">
Computes K3r (i3 = 0) Computes K3r (i3 = 0)
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.3-7.4.2">
00000000: 92 b8 b2 d6 7a 2d e1 db 5f e1 39 d2 57 c8 24 5f 00000000: 92 b8 b2 d6 7a 2d e1 db 5f e1 39 d2 57 c8 24 5f
00000010: f6 22 54 de fc 35 35 c9 24 cf a5 4a e1 5d 75 71 00000010: f6 22 54 de fc 35 35 c9 24 cf a5 4a e1 5d 75 71
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.3-7.5" derivedCounter="(42)">
<t indent="0" pn="section-appendix.a.2.3-7.5.1">
Composes MGM nonce Composes MGM nonce
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.3-7.5.2">
00000000: 00 00 00 00 d2 f6 27 21 00000000: 00 00 00 00 d2 f6 27 21
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.3-7.6" derivedCounter="(43)">
<t indent="0" pn="section-appendix.a.2.3-7.6.1">
Extracts ICV from message Extracts ICV from message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.3-7.6.2">
00000000: 57 b4 30 41 07 50 b1 cc 00000000: 57 b4 30 41 07 50 b1 cc
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.3-7.7" derivedCounter="(44)">
<t indent="0" pn="section-appendix.a.2.3-7.7.1">
Extracts AAD from message Extracts AAD from message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.3-7.7.2">
00000000: fd d9 35 89 50 d5 db 22 81 27 5d a2 98 90 1a 06 00000000: fd d9 35 89 50 d5 db 22 81 27 5d a2 98 90 1a 06
00000010: 2e 20 24 20 00 00 00 00 00 00 00 bd 21 00 00 a1 00000010: 2e 20 24 20 00 00 00 00 00 00 00 bd 21 00 00 a1
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.3-7.8" derivedCounter="(45)">
<t indent="0" pn="section-appendix.a.2.3-7.8.1">
Extracts ciphertext from message Extracts ciphertext from message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.3-7.8.2">
00000000: 2e c7 13 73 4c cc f8 f3 51 71 ac d9 7a 6e 20 2c 00000000: 2e c7 13 73 4c cc f8 f3 51 71 ac d9 7a 6e 20 2c
00000010: 68 70 bb 8f 82 42 2a 14 e3 8d b8 25 10 9a 1f b6 00000010: 68 70 bb 8f 82 42 2a 14 e3 8d b8 25 10 9a 1f b6
00000020: 51 ef c5 35 50 bf df 8e 96 bc 94 5a e5 4d 9d 99 00000020: 51 ef c5 35 50 bf df 8e 96 bc 94 5a e5 4d 9d 99
00000030: 9a 14 36 d1 4b 61 e1 de 3b 0d 12 94 e5 72 60 00 00000030: 9a 14 36 d1 4b 61 e1 de 3b 0d 12 94 e5 72 60 00
00000040: 0f 9d dd 2b e1 97 25 4c 5c ee 48 2e 9b f7 d8 9e 00000040: 0f 9d dd 2b e1 97 25 4c 5c ee 48 2e 9b f7 d8 9e
00000050: 01 6b 1d 92 b7 c1 7f 16 81 0f e2 e3 14 1c 27 c7 00000050: 01 6b 1d 92 b7 c1 7f 16 81 0f e2 e3 14 1c 27 c7
00000060: 35 e9 e3 fd b8 fc 5d fb a2 ee 2f f9 b0 17 39 ca 00000060: 35 e9 e3 fd b8 fc 5d fb a2 ee 2f f9 b0 17 39 ca
00000070: f1 2e b1 13 99 e0 da 10 1a 29 74 26 a3 63 ce 09 00000070: f1 2e b1 13 99 e0 da 10 1a 29 74 26 a3 63 ce 09
00000080: 6a f9 1b 67 4a f2 fb 0f 17 5e 48 1a 93 00000080: 6a f9 1b 67 4a f2 fb 0f 17 5e 48 1a 93
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.3-7.9" derivedCounter="(46)">
Decrypts ciphertext and verifies ICV using K3r as K_msg, resulted in plaintext <t indent="0" pn="section-appendix.a.2.3-7.9.1">
<sourcecode type="test-vectors"> Decrypts ciphertext and verifies ICV using K3r as K_msg, resulting in plaintext
<![CDATA[ </t>
<sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.3-7.9.2">
00000000: 28 00 00 20 00 00 00 1c 01 03 04 02 15 4f 35 39 00000000: 28 00 00 20 00 00 00 1c 01 03 04 02 15 4f 35 39
00000010: 03 00 00 08 01 00 00 21 00 00 00 08 05 00 00 00 00000010: 03 00 00 08 01 00 00 21 00 00 00 08 05 00 00 00
00000020: 2c 00 00 24 41 5e a7 ed 7e 65 d3 ff d3 df ed 5f 00000020: 2c 00 00 24 41 5e a7 ed 7e 65 d3 ff d3 df ed 5f
00000030: b5 c8 5c 60 2b 9c 15 14 eb 52 97 b7 fc aa 33 c4 00000030: b5 c8 5c 60 2b 9c 15 14 eb 52 97 b7 fc aa 33 c4
00000040: 64 f3 58 06 2d 00 00 18 01 00 00 00 07 00 00 10 00000040: 64 f3 58 06 2d 00 00 18 01 00 00 00 07 00 00 10
00000050: 00 00 ff ff 0a 01 01 03 0a 01 01 03 29 00 00 18 00000050: 00 00 ff ff 0a 01 01 03 0a 01 01 03 29 00 00 18
00000060: 01 00 00 00 07 00 00 10 00 00 ff ff 0a 00 00 00 00000060: 01 00 00 00 07 00 00 10 00 00 ff ff 0a 00 00 00
00000070: 0a 00 00 ff 29 00 00 08 00 00 40 02 29 00 00 08 00000070: 0a 00 00 ff 29 00 00 08 00 00 40 02 29 00 00 08
00000080: 00 00 40 0a 00 00 00 08 00 00 40 0b 00 00000080: 00 00 40 0a 00 00 00 08 00 00 40 0b 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.3-7.10" derivedCounter="(47)">
<t indent="0" pn="section-appendix.a.2.3-7.10.1">
Parses received message Parses received message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.3-7.10.2">
Create Child SA Create Child SA
#FDD9358950D5DB22.81275DA298901A06.00000000 IKEv2 R=>I[189] #FDD9358950D5DB22.81275DA298901A06.00000000 IKEv2 R=&gt;I[189]
E[161]{ E[161]{
SA[32]{ SA[32]{
P[28](#1:ESP:154F3539:2#){ P[28](#1:ESP:154F3539:2#){
Encryption=ENCR_MAGMA_MGM_KTREE, Encryption=ENCR_MAGMA_MGM_KTREE,
ESN=Off}}, ESN=Off}},
NONCE[36]{415EA7...F35806}, NONCE[36]{415EA7...F35806},
TSi[24](1#){10.1.1.3}, TSi[24](1#){10.1.1.3},
TSr[24](1#){10.0.0.0-10.0.0.255}, TSr[24](1#){10.0.0.0-10.0.0.255},
N[8](ADDITIONAL_TS_POSSIBLE), N[8](ADDITIONAL_TS_POSSIBLE),
N[8](ESP_TFC_PADDING_NOT_SUPPORTED), N[8](ESP_TFC_PADDING_NOT_SUPPORTED),
N[8](NON_FIRST_FRAGMENTS_ALSO)} N[8](NON_FIRST_FRAGMENTS_ALSO)}
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.3-7.11" derivedCounter="(48)">
<t indent="0" pn="section-appendix.a.2.3-7.11.1">
Computes keys for new ESP SAs Computes keys for new ESP SAs
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.3-7.11.2">
00000000: 6a b6 a0 e7 05 d3 51 16 6f 4f b9 d6 59 0c c8 69 00000000: 6a b6 a0 e7 05 d3 51 16 6f 4f b9 d6 59 0c c8 69
00000010: 43 70 cf 6f 0d 32 c3 7d 92 75 00 4b 0a 76 35 67 00000010: 43 70 cf 6f 0d 32 c3 7d 92 75 00 4b 0a 76 35 67
00000020: 64 0e 3a fe 00000020: 64 0e 3a fe
00000000: 65 56 1c 79 27 cb c6 d6 8c b8 69 0f 40 00 d2 0a 00000000: 65 56 1c 79 27 cb c6 d6 8c b8 69 0f 40 00 d2 0a
00000010: c1 49 1c d1 86 88 db 88 ae f3 be 82 0c 71 b7 c9 00000010: c1 49 1c d1 86 88 db 88 ae f3 be 82 0c 71 b7 c9
00000020: 6c cf a3 64 00000020: 6c cf a3 64
]]> </sourcecode> </sourcecode>
</li> </li>
</ol> </ol>
</section>
<t><br/><br/></t> <section anchor="scenario2-4" numbered="true" removeInRFC="false" toc="i
nclude" pn="section-appendix.a.2.4">
<ol group="scenario2" type="Sub-scenario %d:"> <name slugifiedName="name-sub-scenario-4-ike-sa-deleti">Sub-Scenario 4
<li> IKE SA deletion using the INFORMATIONAL exchange. : IKE SA Deletion Using the INFORMATIONAL Exchange</name>
<sourcecode type="test-vectors"> <artwork type="" align="left" pn="section-appendix.a.2.4-1">
<![CDATA[
Initiator Responder Initiator Responder
HDR, SK {D} ---> HDR, SK {D} ---&gt;
<--- HDR, SK { } &lt;--- HDR, SK { }
]]> </artwork>
</sourcecode> <t indent="0" pn="section-appendix.a.2.4-2">Initiator's actions:</t>
<ol start="1" type="(%d)" group="data8.txt" indent="adaptive" spacing=
</li> "normal" pn="section-appendix.a.2.4-3">
</ol> <li pn="section-appendix.a.2.4-3.1" derivedCounter="(1)">
<t indent="0" pn="section-appendix.a.2.4-3.1.1">
<t>Initiator's actions:</t>
<ol start="1" type="(%d)" group="data8.txt">
<li>
Creates message Creates message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.4-3.1.2">
Informational Informational
#FDD9358950D5DB22.81275DA298901A06.00000003 IKEv2 R<-I[57] #FDD9358950D5DB22.81275DA298901A06.00000003 IKEv2 R&lt;-I[57]
E[29]{ E[29]{
D[8](IKE)} D[8](IKE)}
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.4-3.2" derivedCounter="(2)">
<t indent="0" pn="section-appendix.a.2.4-3.2.1">
Uses previously computed key K3i Uses previously computed key K3i
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.4-3.2.2">
00000000: 45 6f 03 f7 ad 75 eb e9 52 b8 8f 0d e8 36 47 69 00000000: 45 6f 03 f7 ad 75 eb e9 52 b8 8f 0d e8 36 47 69
00000010: 4d 2e f2 ba 15 e6 8c 89 1c 99 62 64 fb 0e 70 0a 00000010: 4d 2e f2 ba 15 e6 8c 89 1c 99 62 64 fb 0e 70 0a
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.4-3.3" derivedCounter="(3)">
<t indent="0" pn="section-appendix.a.2.4-3.3.1">
Composes MGM nonce Composes MGM nonce
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.4-3.3.2">
00000000: 00 00 00 03 2b 3d 3b 2f 00000000: 00 00 00 03 2b 3d 3b 2f
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.4-3.4" derivedCounter="(4)">
<t indent="0" pn="section-appendix.a.2.4-3.4.1">
Composes AAD Composes AAD
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.4-3.4.2">
00000000: fd d9 35 89 50 d5 db 22 81 27 5d a2 98 90 1a 06 00000000: fd d9 35 89 50 d5 db 22 81 27 5d a2 98 90 1a 06
00000010: 2e 20 25 08 00 00 00 03 00 00 00 39 2a 00 00 1d 00000010: 2e 20 25 08 00 00 00 03 00 00 00 39 2a 00 00 1d
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.4-3.5" derivedCounter="(5)">
<t indent="0" pn="section-appendix.a.2.4-3.5.1">
Composes plaintext Composes plaintext
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.4-3.5.2">
00000000: 00 00 00 08 01 00 00 00 00 00000000: 00 00 00 08 01 00 00 00 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.4-3.6" derivedCounter="(6)">
Encrypts plaintext using K3i as K_msg, resulted in ciphertext <t indent="0" pn="section-appendix.a.2.4-3.6.1">
<sourcecode type="test-vectors"> Encrypts plaintext using K3i as K_msg, resulting in ciphertext
<![CDATA[ </t>
<sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.4-3.6.2">
00000000: 4f ff 67 66 41 9c d3 ec 8e 00000000: 4f ff 67 66 41 9c d3 ec 8e
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.4-3.7" derivedCounter="(7)">
<t indent="0" pn="section-appendix.a.2.4-3.7.1">
Computes ICV using K3i as K_msg Computes ICV using K3i as K_msg
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.4-3.7.2">
00000000: d2 bf 0e b7 8f c5 53 03 00000000: d2 bf 0e b7 8f c5 53 03
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.4-3.8" derivedCounter="(8)">
<t indent="0" pn="section-appendix.a.2.4-3.8.1">
Composes IV Composes IV
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.4-3.8.2">
00000000: 00 00 00 00 00 00 00 03 00000000: 00 00 00 00 00 00 00 03
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.4-3.9" derivedCounter="(9)">
Sends message, peer receives message<sourcecode type="test-vectors"> <t indent="0" pn="section-appendix.a.2.4-3.9.1">
<![CDATA[ Sends message, peer receives message</t>
10.111.10.171:54295->10.111.15.45:4500 [61] <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.4-3.9.2">
10.111.10.171:54295-&gt;10.111.15.45:4500 [61]
00000000: 00 00 00 00 fd d9 35 89 50 d5 db 22 81 27 5d a2 00000000: 00 00 00 00 fd d9 35 89 50 d5 db 22 81 27 5d a2
00000010: 98 90 1a 06 2e 20 25 08 00 00 00 03 00 00 00 39 00000010: 98 90 1a 06 2e 20 25 08 00 00 00 03 00 00 00 39
00000020: 2a 00 00 1d 00 00 00 00 00 00 00 03 4f ff 67 66 00000020: 2a 00 00 1d 00 00 00 00 00 00 00 03 4f ff 67 66
00000030: 41 9c d3 ec 8e d2 bf 0e b7 8f c5 53 03 00000030: 41 9c d3 ec 8e d2 bf 0e b7 8f c5 53 03
]]>
</sourcecode> </sourcecode>
</li> </li>
</ol> </ol>
<t>Responder's actions:</t> <t indent="0" pn="section-appendix.a.2.4-4">Responder's actions:</t>
<ol type="(%d)" group="data8.txt"> <ol type="(%d)" group="data8.txt" start="10" indent="adaptive" spacing
<li> ="normal" pn="section-appendix.a.2.4-5">
<li pn="section-appendix.a.2.4-5.1" derivedCounter="(10)">
<t indent="0" pn="section-appendix.a.2.4-5.1.1">
Extracts IV from message Extracts IV from message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.4-5.1.2">
00000000: 00 00 00 00 00 00 00 03 00000000: 00 00 00 00 00 00 00 03
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.4-5.2" derivedCounter="(11)">
<t indent="0" pn="section-appendix.a.2.4-5.2.1">
Uses previously computed key K3i Uses previously computed key K3i
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.4-5.2.2">
00000000: 45 6f 03 f7 ad 75 eb e9 52 b8 8f 0d e8 36 47 69 00000000: 45 6f 03 f7 ad 75 eb e9 52 b8 8f 0d e8 36 47 69
00000010: 4d 2e f2 ba 15 e6 8c 89 1c 99 62 64 fb 0e 70 0a 00000010: 4d 2e f2 ba 15 e6 8c 89 1c 99 62 64 fb 0e 70 0a
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.4-5.3" derivedCounter="(12)">
<t indent="0" pn="section-appendix.a.2.4-5.3.1">
Composes MGM nonce Composes MGM nonce
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.4-5.3.2">
00000000: 00 00 00 03 2b 3d 3b 2f 00000000: 00 00 00 03 2b 3d 3b 2f
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.4-5.4" derivedCounter="(13)">
<t indent="0" pn="section-appendix.a.2.4-5.4.1">
Extracts ICV from message Extracts ICV from message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.4-5.4.2">
00000000: d2 bf 0e b7 8f c5 53 03 00000000: d2 bf 0e b7 8f c5 53 03
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.4-5.5" derivedCounter="(14)">
<t indent="0" pn="section-appendix.a.2.4-5.5.1">
Extracts AAD from message Extracts AAD from message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.4-5.5.2">
00000000: fd d9 35 89 50 d5 db 22 81 27 5d a2 98 90 1a 06 00000000: fd d9 35 89 50 d5 db 22 81 27 5d a2 98 90 1a 06
00000010: 2e 20 25 08 00 00 00 03 00 00 00 39 2a 00 00 1d 00000010: 2e 20 25 08 00 00 00 03 00 00 00 39 2a 00 00 1d
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.4-5.6" derivedCounter="(15)">
<t indent="0" pn="section-appendix.a.2.4-5.6.1">
Extracts ciphertext from message Extracts ciphertext from message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.4-5.6.2">
00000000: 4f ff 67 66 41 9c d3 ec 8e 00000000: 4f ff 67 66 41 9c d3 ec 8e
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.4-5.7" derivedCounter="(16)">
Decrypts ciphertext and verifies ICV using K3i as K_msg, resulted in plaintext <t indent="0" pn="section-appendix.a.2.4-5.7.1">
<sourcecode type="test-vectors"> Decrypts ciphertext and verifies ICV using K3i as K_msg, resulting in plaintext
<![CDATA[ </t>
<sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.4-5.7.2">
00000000: 00 00 00 08 01 00 00 00 00 00000000: 00 00 00 08 01 00 00 00 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.4-5.8" derivedCounter="(17)">
<t indent="0" pn="section-appendix.a.2.4-5.8.1">
Parses received message Parses received message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.4-5.8.2">
Informational Informational
#FDD9358950D5DB22.81275DA298901A06.00000003 IKEv2 I->R[57] #FDD9358950D5DB22.81275DA298901A06.00000003 IKEv2 I-&gt;R[57]
E[29]{ E[29]{
D[8](IKE)} D[8](IKE)}
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.4-5.9" derivedCounter="(18)">
<t indent="0" pn="section-appendix.a.2.4-5.9.1">
Creates message Creates message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.4-5.9.2">
Informational Informational
#FDD9358950D5DB22.81275DA298901A06.00000003 IKEv2 I<=R[49] #FDD9358950D5DB22.81275DA298901A06.00000003 IKEv2 I&lt;=R[49]
E[21]{} E[21]{}
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.4-5.10" derivedCounter="(19)">
<t indent="0" pn="section-appendix.a.2.4-5.10.1">
Uses previously computed key K3r Uses previously computed key K3r
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.4-5.10.2">
00000000: 92 b8 b2 d6 7a 2d e1 db 5f e1 39 d2 57 c8 24 5f 00000000: 92 b8 b2 d6 7a 2d e1 db 5f e1 39 d2 57 c8 24 5f
00000010: f6 22 54 de fc 35 35 c9 24 cf a5 4a e1 5d 75 71 00000010: f6 22 54 de fc 35 35 c9 24 cf a5 4a e1 5d 75 71
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.4-5.11" derivedCounter="(20)">
<t indent="0" pn="section-appendix.a.2.4-5.11.1">
Composes MGM nonce Composes MGM nonce
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.4-5.11.2">
00000000: 00 00 00 03 d2 f6 27 21 00000000: 00 00 00 03 d2 f6 27 21
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.4-5.12" derivedCounter="(21)">
<t indent="0" pn="section-appendix.a.2.4-5.12.1">
Composes AAD Composes AAD
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.4-5.12.2">
00000000: fd d9 35 89 50 d5 db 22 81 27 5d a2 98 90 1a 06 00000000: fd d9 35 89 50 d5 db 22 81 27 5d a2 98 90 1a 06
00000010: 2e 20 25 20 00 00 00 03 00 00 00 31 00 00 00 15 00000010: 2e 20 25 20 00 00 00 03 00 00 00 31 00 00 00 15
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.4-5.13" derivedCounter="(22)">
<t indent="0" pn="section-appendix.a.2.4-5.13.1">
Composes plaintext Composes plaintext
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.4-5.13.2">
00000000: 00 00000000: 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.4-5.14" derivedCounter="(23)">
Encrypts plaintext using K3r as K_msg, resulted in ciphertext <t indent="0" pn="section-appendix.a.2.4-5.14.1">
<sourcecode type="test-vectors"> Encrypts plaintext using K3r as K_msg, resulting in ciphertext
<![CDATA[ </t>
<sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.4-5.14.2">
00000000: a8 00000000: a8
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.4-5.15" derivedCounter="(24)">
<t indent="0" pn="section-appendix.a.2.4-5.15.1">
Computes ICV using K3r as K_msg Computes ICV using K3r as K_msg
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.4-5.15.2">
00000000: ef 77 21 c9 8b c1 eb 98 00000000: ef 77 21 c9 8b c1 eb 98
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.4-5.16" derivedCounter="(25)">
<t indent="0" pn="section-appendix.a.2.4-5.16.1">
Composes IV Composes IV
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.4-5.16.2">
00000000: 00 00 00 00 00 00 00 03 00000000: 00 00 00 00 00 00 00 03
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.4-5.17" derivedCounter="(26)">
Sends message, peer receives message<sourcecode type="test-vectors"> <t indent="0" pn="section-appendix.a.2.4-5.17.1">
<![CDATA[ Sends message, peer receives message</t>
10.111.10.171:54295<-10.111.15.45:4500 [53] <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.4-5.17.2">
10.111.10.171:54295&lt;-10.111.15.45:4500 [53]
00000000: 00 00 00 00 fd d9 35 89 50 d5 db 22 81 27 5d a2 00000000: 00 00 00 00 fd d9 35 89 50 d5 db 22 81 27 5d a2
00000010: 98 90 1a 06 2e 20 25 20 00 00 00 03 00 00 00 31 00000010: 98 90 1a 06 2e 20 25 20 00 00 00 03 00 00 00 31
00000020: 00 00 00 15 00 00 00 00 00 00 00 03 a8 ef 77 21 00000020: 00 00 00 15 00 00 00 00 00 00 00 03 a8 ef 77 21
00000030: c9 8b c1 eb 98 00000030: c9 8b c1 eb 98
]]>
</sourcecode> </sourcecode>
</li> </li>
</ol> </ol>
<t>Initiator's actions:</t> <t indent="0" pn="section-appendix.a.2.4-6">Initiator's actions:</t>
<ol type="(%d)" group="data8.txt"> <ol type="(%d)" group="data8.txt" start="27" indent="adaptive" spacing
<li> ="normal" pn="section-appendix.a.2.4-7">
<li pn="section-appendix.a.2.4-7.1" derivedCounter="(27)">
<t indent="0" pn="section-appendix.a.2.4-7.1.1">
Extracts IV from message Extracts IV from message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.4-7.1.2">
00000000: 00 00 00 00 00 00 00 03 00000000: 00 00 00 00 00 00 00 03
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.4-7.2" derivedCounter="(28)">
<t indent="0" pn="section-appendix.a.2.4-7.2.1">
Uses previously computed key K3r Uses previously computed key K3r
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.4-7.2.2">
00000000: 92 b8 b2 d6 7a 2d e1 db 5f e1 39 d2 57 c8 24 5f 00000000: 92 b8 b2 d6 7a 2d e1 db 5f e1 39 d2 57 c8 24 5f
00000010: f6 22 54 de fc 35 35 c9 24 cf a5 4a e1 5d 75 71 00000010: f6 22 54 de fc 35 35 c9 24 cf a5 4a e1 5d 75 71
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.4-7.3" derivedCounter="(29)">
<t indent="0" pn="section-appendix.a.2.4-7.3.1">
Composes MGM nonce Composes MGM nonce
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.4-7.3.2">
00000000: 00 00 00 03 d2 f6 27 21 00000000: 00 00 00 03 d2 f6 27 21
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.4-7.4" derivedCounter="(30)">
<t indent="0" pn="section-appendix.a.2.4-7.4.1">
Extracts ICV from message Extracts ICV from message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.4-7.4.2">
00000000: ef 77 21 c9 8b c1 eb 98 00000000: ef 77 21 c9 8b c1 eb 98
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.4-7.5" derivedCounter="(31)">
<t indent="0" pn="section-appendix.a.2.4-7.5.1">
Extracts AAD from message Extracts AAD from message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.4-7.5.2">
00000000: fd d9 35 89 50 d5 db 22 81 27 5d a2 98 90 1a 06 00000000: fd d9 35 89 50 d5 db 22 81 27 5d a2 98 90 1a 06
00000010: 2e 20 25 20 00 00 00 03 00 00 00 31 00 00 00 15 00000010: 2e 20 25 20 00 00 00 03 00 00 00 31 00 00 00 15
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.4-7.6" derivedCounter="(32)">
<t indent="0" pn="section-appendix.a.2.4-7.6.1">
Extracts ciphertext from message Extracts ciphertext from message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.4-7.6.2">
00000000: a8 00000000: a8
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.4-7.7" derivedCounter="(33)">
Decrypts ciphertext and verifies ICV using K3r as K_msg, resulted in plaintext <t indent="0" pn="section-appendix.a.2.4-7.7.1">
<sourcecode type="test-vectors"> Decrypts ciphertext and verifies ICV using K3r as K_msg, resulting in plaintext
<![CDATA[ </t>
<sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.4-7.7.2">
00000000: 00 00000000: 00
]]>
</sourcecode> </sourcecode>
</li> </li>
<li> <li pn="section-appendix.a.2.4-7.8" derivedCounter="(34)">
<t indent="0" pn="section-appendix.a.2.4-7.8.1">
Parses received message Parses received message
<sourcecode type="test-vectors"> </t>
<![CDATA[ <sourcecode type="test-vectors" markers="false" pn="section-append
ix.a.2.4-7.8.2">
Informational Informational
#FDD9358950D5DB22.81275DA298901A06.00000003 IKEv2 R=>I[49] #FDD9358950D5DB22.81275DA298901A06.00000003 IKEv2 R=&gt;I[49]
E[21]{} E[21]{}
]]> </sourcecode> </sourcecode>
</li> </li>
</ol> </ol>
</section>
</section> </section>
</section>
</back> </section>
<section anchor="authors-addresses" numbered="false" removeInRFC="false" toc
="include" pn="section-appendix.b">
<name slugifiedName="name-authors-address">Author's Address</name>
<author initials="V." surname="Smyslov" fullname="Valery Smyslov">
<organization showOnFrontPage="true">ELVIS-PLUS</organization>
<address>
<postal>
<street>PO Box 81</street>
<city>Moscow (Zelenograd)</city>
<code>124460</code>
<country>Russian Federation</country>
</postal>
<phone>+7 495 276 0211</phone>
<email>svan@elvis.ru</email>
</address>
</author>
</section>
</back>
</rfc> </rfc>
 End of changes. 1643 change blocks. 
3737 lines changed or deleted 4905 lines changed or added

This html diff was produced by rfcdiff 1.48.