Internet DRAFT - draft-smyslov-ike2-gost
draft-smyslov-ike2-gost
Network Working Group V. Smyslov
Internet-Draft ELVIS-PLUS
Intended status: Informational 6 December 2022
Expires: 9 June 2023
Using GOST Cryptographic Algorithms in the Internet Key Exchange
Protocol Version 2 (IKEv2)
draft-smyslov-ike2-gost-15
Abstract
This document defines a set of cryptographic transforms for use in
the Internet Key Exchange protocol version 2 (IKEv2). The transforms
are based on Russian cryptographic standard algorithms (GOST). Use
of GOST ciphers in IKEv2 was defined in RFC 9227. This document aims
to define using GOST algorithms for the rest of cryptographic
transforms used in IKEv2.
This specification was developed to facilitate implementations that
wish to support the GOST algorithms. This document does not imply
IETF endorsement of the cryptographic algorithms used in this
document.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 9 June 2023.
Copyright Notice
Copyright (c) 2022 IETF Trust and the persons identified as the
document authors. All rights reserved.
Smyslov Expires 9 June 2023 [Page 1]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology and Notation . . . . . . . . . . . . . . . . . . 3
3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 3
4. IKE SA Protection . . . . . . . . . . . . . . . . . . . . . . 3
5. Pseudo Random Function . . . . . . . . . . . . . . . . . . . 3
6. Shared Key Calculation . . . . . . . . . . . . . . . . . . . 4
6.1. Recipient Tests . . . . . . . . . . . . . . . . . . . . . 4
7. Authentication . . . . . . . . . . . . . . . . . . . . . . . 5
7.1. Hash Functions . . . . . . . . . . . . . . . . . . . . . 5
7.2. ASN.1 Objects . . . . . . . . . . . . . . . . . . . . . . 6
7.2.1. id-tc26-signwithdigest-gost3410-12-256 . . . . . . . 6
7.2.2. id-tc26-signwithdigest-gost3410-12-512 . . . . . . . 6
8. Security Considerations . . . . . . . . . . . . . . . . . . . 6
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 7
10.1. Normative References . . . . . . . . . . . . . . . . . . 7
10.2. Informative References . . . . . . . . . . . . . . . . . 8
Appendix A. Test Vectors . . . . . . . . . . . . . . . . . . . . 10
A.1. Scenario 1 . . . . . . . . . . . . . . . . . . . . . . . 10
A.2. Scenario 2 . . . . . . . . . . . . . . . . . . . . . . . 56
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 150
1. Introduction
The Internet Key Exchange protocol version 2 (IKEv2) defined in
[RFC7296] is an important part of the IP Security (IPsec)
architecture. It is used for the authenticated key exchange and for
the negotiation of various protocol parameters and features.
This document defines a number of transforms for IKEv2, based on
Russian cryptographic standard algorithms (often reffered to as
"GOST" algorithms) for hash function, digital signature and key
exchange method. These definitions are based on the recommendations
[GOST-IKEv2] established by the Standardisation Technical Committee
"Cryptographic information protection", which describe how Russian
cryptographic standard algorithms are used in IKEv2. Along with the
transforms defined in [RFC9227], the transforms defined in this
specification allow using GOST cryptographic algorithms in IPsec
protocols.
Smyslov Expires 9 June 2023 [Page 2]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
This specification was developed to facilitate implementations that
wish to support the GOST algorithms. This document does not imply
IETF endorsement of the cryptographic algorithms used in this
document.
2. Terminology and Notation
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
3. Overview
Russian cryptographic standard (GOST) algorithms are a set of
cryptographic algorithms of different types - ciphers, hash
functions, digital signatures etc. In particular, Russian
cryptographic standard [GOST3412-2015] defines block ciphers
"Kuznyechik" (also defined in [RFC7801]) and "Magma" (also defined in
[RFC8891]). Cryptographic standard [GOST3410-2012] defines elliptic
curve digital signature algorithm (also defined in [RFC7091]), while
[GOST3411-2012] defines two cryptographic hash functions "Streebog",
with different output length (also defined in [RFC6986]). The
parameters for the elliptic curves used in GOST signature and key
exchange algorithms are defined in [RFC7836].
4. IKE SA Protection
IKE SA protection using GOST algorithms is defined in [RFC9227]. In
particular, two transforms of type 1 (Encryption Algorithm Transform
IDs) can be used for IKE SA protection: ENCR_KUZNYECHIK_MGM_KTREE
(32) based on "Kuznyechik" block cipher and ENCR_MAGMA_MGM_KTREE (33)
based on "Magma" block cipher, both in Multilinear Galois Mode (MGM).
The information here is provided for convenience. For full details,
please see [RFC9227].
5. Pseudo Random Function
This specification defines a new transform of type 2 (Pseudorandom
Function Transform IDs) - PRF_HMAC_STREEBOG_512 (9). This transform
uses PRF HMAC_GOSTR3411_2012_512 defined in Section 4.1.2 of
[RFC7836]. The PRF uses GOST R 34.11-2012 ("Streebog") hash-function
with 512-bit output defined in [RFC6986][GOST3411-2012] with HMAC
[RFC2104] construction. The PRF has a 512-bit block size and a
512-bit output length.
Smyslov Expires 9 June 2023 [Page 3]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
6. Shared Key Calculation
This specification defines two new transforms of type 4 (Diffie-
Hellman Group Transform IDs): GOST3410_2012_256 (33) and
GOST3410_2012_512 (34). These transforms uses Elliptic Curve Diffie-
Hellman (ECDH) key exchange algorithm over Twisted Edwards curves.
The parameters for these curves are defined in Section A.2 of
[RFC7836]. In particular, transform GOST3410_2012_256 uses id-tc26-
gost-3410-2012-256-paramSetA parameter set and GOST3410_2012_512 uses
id-tc26-gost-3410-2012-512-paramSetC parameter set (both defined in
[RFC7836]).
Shared secret is computed as follows. The initiator randomly selects
its private key d_i from {1,..,q - 1}, where q is the subgroup order
and is a parameter of the selected curve. Then a public key Q_i is
computed as a point on the curve:
Q_i = d_i * G
where G is the generator for the selected curve, and then is sent to
the responder. The responder makes the same calculations to get d_r
and Q_r and sends Q_r to the initiator. After peers exchange Q_i and
Q_R both sides can compute a point on the curve:
S = ((m / q) * d_i) * Q_r = ((m / q) * d_r) * Q_i
where m is the group order and is a parameter of the selected curve.
The shared secret K is an x coordinate of S in a little-endian
representation. The size of K is determined by the size of used
curve and is either 256 or 512 bit.
When GOST public key is transmitted in the KE payload, it MUST be
represented as x coordinate immediately followed by y coordinate,
each in a little-endian representation. The size of each coordinate
is determined by the size of the used curve and is either 256 or 512
bits, so that the size of the Key Exchange Data field in the KE
payload is either 64 or 128 octets.
6.1. Recipient Tests
Upon receiving peer's public key, implementations MUST check that the
key is actually a point on the curve. Otherwise the exchange fails.
Implementations MUST check that the calculated public value S is not
an identity element of the curve. If S appears to be the identity
element of the curve, the exchange fails. The INVALID_SYNTAX
notification MAY be sent in these cases.
Smyslov Expires 9 June 2023 [Page 4]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
7. Authentication
IKEv2 allows various authentication methods to be used for IKE SA
establishment. Some methods are tied to a particular algorithm,
while others may be used with different algorithms. This
specification makes no restrictions on using the latter ones with the
GOST algorithms. In particular, "Shared Key Message Integrity Code"
(2), defined in [RFC7296], and "NULL Authentication" (13), defined in
[RFC7619], can be used with GOST algorithms with no changes to the
process of the AUTH payload content calculation.
When GOST digital signature is used in IKEv2 for authentication
purposes, an Authentication Method "Digital Signature" (14), defined
in [RFC7427], MUST be specified in the AUTH payload.
GOST digital signature algorithm GOST R 34.10-2012 is defined in
[RFC7091][GOST3410-2012]. There are two variants of GOST signature
algorithm - one over 256-bit elliptic curve and the other over
512-bit key elliptic curve. The signature value, as defined in
[RFC7091][GOST3410-2012], consists of two integers r and s. The size
of each integer is either 256 bit or 512 bit depending on the used
elliptic curve. The content of the Signature Value field in the AUTH
payload MUST consist of s immediately followed by r, each in a big-
endian representation, so that the size of the field is either 64 or
128 octets. The AlgorithmIdentifier ASN.1 objects for GOST digital
signature algorithm are defined in Section 7.2.
7.1. Hash Functions
GOST digital signature algorithm uses GOST hash functions GOST R
34.11-2012 ("Streebog") defined in [RFC6986][GOST3411-2012]. There
are two "Streebog" hash functions - one with 256-bit output length
and the other with 512-bit output length. The former is used with
GOST digital signature algorithm over a 256-bit elliptic curve and
the latter - over a 512-bit key elliptic curve.
This specification defines two new values for IKEv2 Hash Algorithms
registry: STREEBOG_256 (6) for GOST hash function with 256-bit output
length and STREEBOG_512 (7) for the 512-bit length output. These
values MUST be included in the SIGNATURE_HASH_ALGORITHMS notify if a
corresponding GOST digital signature algorithm is supported by the
sender and its local policy allows using this algorithm (see
Section 4 of [RFC7427] for details).
Smyslov Expires 9 June 2023 [Page 5]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
7.2. ASN.1 Objects
This section lists GOST signature algorithm ASN.1 AlgorithmIdentifier
objects in binary form. With GOST signature algorithms, optional
parameters in AlgorithmIdentifier objects are always omitted. This
objects are defined in [RFC9215][USING-GOST-IN-CERTS] and are
provided here for convenience.
7.2.1. id-tc26-signwithdigest-gost3410-12-256
id-tc26-signwithdigest-gost3410-12-256 OBJECT IDENTIFIER ::= { iso(1)
member-body(2) ru(643) rosstandart(7) tc26(1) algorithms(1)
signwithdigest(3) gost3410-12-256(2) }
The optional parameters field must be omitted.
Name = id-tc26-signwithdigest-gost3410-12-256
OID = 1.2.643.7.1.1.3.2
Length = 12
0000: 300a 0608 2a85 0307 0101 0302
7.2.2. id-tc26-signwithdigest-gost3410-12-512
id-tc26-signwithdigest-gost3410-12-512 OBJECT IDENTIFIER ::= { iso(1)
member-body(2) ru(643) rosstandart(7) tc26(1) algorithms(1)
signwithdigest(3) gost3410-12-512(3) }
The optional parameters field must be omitted.
Name = id-tc26-signwithdigest-gost3410-12-512
OID = 1.2.643.7.1.1.3.3
Length = 12
0000: 300a 0608 2a85 0307 0101 0303
8. Security Considerations
The security considerations of [RFC7296] and [RFC7427] apply
accordingly.
The security of GOST elliptic curves is discussed in
[GOST-EC-SECURITY]. The security of "Streebog" hash function is
discussed in [STREEBOG-SECURITY]. A second preimage attack on
"Streebog" is described in [STREEBOG-PREIMAGE] if message size
exceeds 2^259 blocks. This attack is not relevant to how "Streebog"
is used in IKEv2.
Smyslov Expires 9 June 2023 [Page 6]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
9. IANA Considerations
IANA has assigned one Transform ID in the "Transform Type 2 -
Pseudorandom Function Transform IDs" registry (where RFCXXXX is this
document):
Number Name Reference
-------------------------------------------------
9 PRF_HMAC_STREEBOG_512 [RFCXXXX]
IANA has assigned two Transform IDs in the "Transform Type 4 -
Diffie-Hellman Group Transform IDs" registry (where RFCXXXX is this
document):
Number Name Recipient Tests Reference
---------------------------------------------------------------------
33 GOST3410_2012_256 [RFCXXXX] Sec. 6.1 [RFCXXXX]
34 GOST3410_2012_512 [RFCXXXX] Sec. 6.1 [RFCXXXX]
IANA has assigned two values in the "IKEv2 Hash Algorithms" registry
(where RFCXXXX is this document):
Number Hash Algorithm Reference
-------------------------------------------------
6 STREEBOG_256 [RFCXXXX]
7 STREEBOG_512 [RFCXXXX]
10. References
10.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC6986] Dolmatov, V., Ed. and A. Degtyarev, "GOST R 34.11-2012:
Hash Function", RFC 6986, DOI 10.17487/RFC6986, August
2013, <https://www.rfc-editor.org/info/rfc6986>.
Smyslov Expires 9 June 2023 [Page 7]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
[RFC7091] Dolmatov, V., Ed. and A. Degtyarev, "GOST R 34.10-2012:
Digital Signature Algorithm", RFC 7091,
DOI 10.17487/RFC7091, December 2013,
<https://www.rfc-editor.org/info/rfc7091>.
[RFC7296] Kaufman, C., Hoffman, P., Nir, Y., Eronen, P., and T.
Kivinen, "Internet Key Exchange Protocol Version 2
(IKEv2)", STD 79, RFC 7296, DOI 10.17487/RFC7296, October
2014, <https://www.rfc-editor.org/info/rfc7296>.
[RFC7427] Kivinen, T. and J. Snyder, "Signature Authentication in
the Internet Key Exchange Version 2 (IKEv2)", RFC 7427,
DOI 10.17487/RFC7427, January 2015,
<https://www.rfc-editor.org/info/rfc7427>.
[RFC7836] Smyshlyaev, S., Ed., Alekseev, E., Oshkin, I., Popov, V.,
Leontiev, S., Podobaev, V., and D. Belyavsky, "Guidelines
on the Cryptographic Algorithms to Accompany the Usage of
Standards GOST R 34.10-2012 and GOST R 34.11-2012",
RFC 7836, DOI 10.17487/RFC7836, March 2016,
<https://www.rfc-editor.org/info/rfc7836>.
[RFC9215] Baryshkov, D., Ed., Nikolaev, V., and A. Chelpanov, "Using
GOST R 34.10-2012 and GOST R 34.11-2012 Algorithms with
the Internet X.509 Public Key Infrastructure", RFC 9215,
DOI 10.17487/RFC9215, March 2022,
<https://www.rfc-editor.org/info/rfc9215>.
[RFC9227] Smyslov, V., "Using GOST Ciphers in the Encapsulating
Security Payload (ESP) and Internet Key Exchange Version 2
(IKEv2) Protocols", RFC 9227, DOI 10.17487/RFC9227, March
2022, <https://www.rfc-editor.org/info/rfc9227>.
10.2. Informative References
[RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-
Hashing for Message Authentication", RFC 2104,
DOI 10.17487/RFC2104, February 1997,
<https://www.rfc-editor.org/info/rfc2104>.
[RFC7619] Smyslov, V. and P. Wouters, "The NULL Authentication
Method in the Internet Key Exchange Protocol Version 2
(IKEv2)", RFC 7619, DOI 10.17487/RFC7619, August 2015,
<https://www.rfc-editor.org/info/rfc7619>.
[RFC7801] Dolmatov, V., Ed., "GOST R 34.12-2015: Block Cipher
"Kuznyechik"", RFC 7801, DOI 10.17487/RFC7801, March 2016,
<https://www.rfc-editor.org/info/rfc7801>.
Smyslov Expires 9 June 2023 [Page 8]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
[RFC8891] Dolmatov, V., Ed. and D. Baryshkov, "GOST R 34.12-2015:
Block Cipher "Magma"", RFC 8891, DOI 10.17487/RFC8891,
September 2020, <https://www.rfc-editor.org/info/rfc8891>.
[GOST3410-2012]
Federal Agency on Technical Regulating and Metrology,
"Information technology. Cryptographic data security.
Signature and verification processes of [electronic]
digital signature", GOST R 34.10-2012, 2012. (In Russian)
[GOST3411-2012]
Federal Agency on Technical Regulating and Metrology,
"Information technology. Cryptographic data security.
Hashing function", GOST R 34.11-2012, 2012. (In Russian)
[GOST3412-2015]
Federal Agency on Technical Regulating and Metrology,
"Information technology. Cryptographic data security.
Block ciphers", GOST R 34.12-2015, 2015. (In Russian)
[GOST-IKEv2]
Standardisation Technical Committee "Cryptographic
information protection", "Information technology.
Cryptographic information protection. The use of Russian
cryptographic algorithms in the IKEv2 key exchange
protocol", MR 26.2.001-22, 2022. (In Russian)
[GOST-IKEv2-TESTVECTORS]
Standardisation Technical Committee "Cryptographic
information protection", "Information technology.
Cryptographic information protection. The test vectors for
the use of Russian cryptographic algorithms in the IKEv2
key exchange protocol", MR 26.2.002-22, 2022. (In
Russian)
[USING-GOST-IN-CERTS]
Federal Agency on Technical Regulating and Metrology,
"Information technology. Cryptographic data security.
Using GOST R 34.10-2012 and GOST R 34.11-2012 algorithms
in X.509 Certificates, CRLs and PKCS #10 Certificate
Requests", R 1323565.1.023-2018, 2018. (In Russian)
[GOST-EC-SECURITY]
Alekseev, E., Nikolaev, V., and S. Smyshlyaev, "On the
security properties of Russian standardized elliptic
curves", https://doi.org/10.4213/mvk260, 2018.
Smyslov Expires 9 June 2023 [Page 9]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
[STREEBOG-SECURITY]
Wang, Z., Yu, H., and X. Wang, "Cryptanalysis of GOST R
hash
function", https://doi.org/10.1016/j.ipl.2014.07.007,
2014.
[STREEBOG-PREIMAGE]
Guo, J., Jean, J., Leurent, G., Peyrin, T., and L. Wang,
"The Usage of Counter Revisited: Second-Preimage Attack on
New Russian Standardized Hash
Function", https://eprint.iacr.org/2014/675, 2014.
Appendix A. Test Vectors
This Appendix contains test vectors for two scenarios. The test
vectors were borrowed from [GOST-IKEv2-TESTVECTORS]. In both
scenarios peers establish, rekey and delete IKE SA and ESP SAs. The
IP addresses of the peers used in both scenarios are the same:
* initiator's IP address is 10.111.10.171
* responder's IP address is 10.111.10.45
The test vectors also cover IKE message protection for transforms
defined in [RFC9227]. The keys SK_ei, SK_er are transform keys (see
Section 4.4 of [RFC9227]) and the keys K1i, K2i K3i, K1r, K2r, and
K3r represent nodes in the key tree for the initiator and responder
correspondently. The leaf keys K3i and K3r are effectively message
protection keys (K_msg in terms of [RFC9227]). MGM nonces (also
known as Initial Counter Nonces) are defined in Section 4.3 of
[RFC9227]. IV format is defined in Section 4.2 of [RFC9227] and AAD
format is defined in Section 4.7 of [RFC9227].
All other keys and entities used in the test vectors are defined in
[RFC7296].
A.1. Scenario 1
With this scenario peers establish, rekey and delete IKE SA and ESP
SAs using the following prerequisites:
* Peers authenticate each other using preshared key
* Initiator's ID is "IKE-Initiator" of type ID_FQDN
* Responder's ID is "IKE-Responder" of type ID_FQDN
* No NAT is present between the peers
Smyslov Expires 9 June 2023 [Page 10]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
* IKE fragmentation is not used
* IKE SA is created with the following transforms:
- ENCR_KUZNYECHIK_MGM_KTREE
- PRF_HMAC_STREEBOG_512
- GOST3410_2012_512
* ESP SAs are created with the following transforms:
- ENCR_KUZNYECHIK_MGM_KTREE
- ESN off
The 256-bit preshared key (PSK) used for authentication:
00000000: e2 69 24 cf 15 32 93 47 3a 11 a4 97 a8 a4 5c b3
00000010: 4e 28 31 ef 0e 28 bb 77 69 69 c6 3c 68 bf e1 0d
This scenario includes four sub-scenarios.
Sub-scenario 1: Establishing of IKE and ESP SAs using the
IKE_SA_INIT and the IKE_AUTH exchanges.
Initiator Responder
HDR, SAi1, KEi, Ni [,N+] --->
<--- HDR, SAr1, KEr, Nr [,N+]
HDR, SK {IDi, [IDr,] [N+,]
AUTH, SAi2, TSi, TSr} --->
<--- HDR, SK {IDr, [N+,]
AUTH, SAr2, TSi, TSr}
Initiator's actions:
(1) Generates random SPIi for IKE SA
00000000: e9 d3 f3 78 19 1c 38 40
(2) Generates random IKE nonce Ni
00000000: 48 b6 d3 b3 ab 56 f2 c8 f0 42 d5 16 e7 21 d9 31
00000010: f9 ac 10 f9 7f 80 8c 51 2b d6 f4 59 93 a7 4d 13
(3) Generates ephemeral private key
Smyslov Expires 9 June 2023 [Page 11]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: 95 07 3a 04 dc db ce 77 f5 5e 4f fe 97 0c cd 6f
00000010: 0a e0 b5 c6 53 bd a0 da 47 fc 03 b5 8a e1 d5 1d
00000020: 89 e6 c0 db dc b1 ea 74 59 1f 1d 0c 9f 3f 4f dc
00000030: 10 d5 c9 cc a4 34 9c 3d 3e 6b dd 57 c5 d6 c9 01
(4) Computes public key
00000000: 96 1b 9b 21 4f 7e e9 83 ec 27 a0 64 0c 77 4f be
00000010: 78 31 be fd 1e 63 7d 6e 76 eb 2f 81 23 80 62 87
00000020: ba 2c f7 31 a2 70 b7 3e 8a 1d 91 93 72 cf 61 c8
00000030: d3 18 f6 bc f7 a0 44 c8 11 a7 fe d2 99 ea 8b 4d
00000040: 59 fa a7 38 ae 03 48 d2 aa f7 ff 11 e0 60 29 dd
00000050: 16 59 58 78 8e 3b e2 b5 48 36 3c ca 07 1a 5d be
00000060: a7 42 79 81 74 22 6f 53 15 d2 c2 f6 06 d4 0f ed
00000070: 70 f0 1c cf 89 2e ac 3c fe 01 02 91 85 06 7b d4
(5) Creates message
IKE SA Init
E9D3F378191C3840.0000000000000000.00000000 IKEv2 R<-I[316]
SA[52]{
P[48](#1:IKE::5#){
Encryption=ENCR_KUZNYECHIK_MGM_KTREE,
ENCR_MAGMA_MGM_KTREE,
PRF=PRF_HMAC_STREEBOG_512,
KE=GOST3410_2012_512,
GOST3410_2012_256}},
KE[136](GOST3410_2012_512){961B9B...067BD4},
NONCE[36]{48B6D3...A74D13},
N[28](NAT_DETECTION_SOURCE_IP){92B291...F4E2BF},
N[28](NAT_DETECTION_DESTINATION_IP){77E199...98A613},
N[8](IKEV2_FRAGMENTATION_SUPPORTED)
(6) Sends message, peer receives message
Smyslov Expires 9 June 2023 [Page 12]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
10.111.10.171:54294->10.111.15.45:500 [316]
00000000: e9 d3 f3 78 19 1c 38 40 00 00 00 00 00 00 00 00
00000010: 21 20 22 08 00 00 00 00 00 00 01 3c 22 00 00 34
00000020: 00 00 00 30 01 01 00 05 03 00 00 08 01 00 00 20
00000030: 03 00 00 08 01 00 00 21 03 00 00 08 02 00 00 09
00000040: 03 00 00 08 04 00 00 22 00 00 00 08 04 00 00 21
00000050: 28 00 00 88 00 22 00 00 96 1b 9b 21 4f 7e e9 83
00000060: ec 27 a0 64 0c 77 4f be 78 31 be fd 1e 63 7d 6e
00000070: 76 eb 2f 81 23 80 62 87 ba 2c f7 31 a2 70 b7 3e
00000080: 8a 1d 91 93 72 cf 61 c8 d3 18 f6 bc f7 a0 44 c8
00000090: 11 a7 fe d2 99 ea 8b 4d 59 fa a7 38 ae 03 48 d2
000000A0: aa f7 ff 11 e0 60 29 dd 16 59 58 78 8e 3b e2 b5
000000B0: 48 36 3c ca 07 1a 5d be a7 42 79 81 74 22 6f 53
000000C0: 15 d2 c2 f6 06 d4 0f ed 70 f0 1c cf 89 2e ac 3c
000000D0: fe 01 02 91 85 06 7b d4 29 00 00 24 48 b6 d3 b3
000000E0: ab 56 f2 c8 f0 42 d5 16 e7 21 d9 31 f9 ac 10 f9
000000F0: 7f 80 8c 51 2b d6 f4 59 93 a7 4d 13 29 00 00 1c
00000100: 00 00 40 04 92 b2 91 d3 9b 53 51 c8 33 c2 1f 2e
00000110: 92 ef 24 88 ef f4 e2 bf 29 00 00 1c 00 00 40 05
00000120: 77 e1 99 fe 3b 7e 33 42 b5 af ad 51 cf 97 91 4b
00000130: 08 98 a6 13 00 00 00 08 00 00 40 2e
Responder's actions:
(7) Parses received message
IKE SA Init
E9D3F378191C3840.0000000000000000.00000000 IKEv2 I->R[316]
SA[52]{
P[48](#1:IKE::5#){
Encryption=ENCR_KUZNYECHIK_MGM_KTREE,
ENCR_MAGMA_MGM_KTREE,
PRF=PRF_HMAC_STREEBOG_512,
KE=GOST3410_2012_512,
GOST3410_2012_256}},
KE[136](GOST3410_2012_512){961B9B...067BD4},
NONCE[36]{48B6D3...A74D13},
N[28](NAT_DETECTION_SOURCE_IP){92B291...F4E2BF},
N[28](NAT_DETECTION_DESTINATION_IP){77E199...98A613},
N[8](IKEV2_FRAGMENTATION_SUPPORTED)
(8) Generates random SPIr for IKE SA
00000000: 8d df f4 01 fb fb 0b 14
(9) Generates random IKE nonce Nr
Smyslov Expires 9 June 2023 [Page 13]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: fb 81 c8 80 e5 f0 35 60 99 ef 46 b2 72 44 95 0f
00000010: 03 85 f4 73 92 67 b7 68 43 8f 90 69 16 fe 63 f0
(10) Generates ephemeral private key
00000000: 7f 49 e3 77 39 db 03 cc fe fe c9 63 17 71 e9 f1
00000010: 50 4b 98 79 b3 df 3b 48 bd f3 89 72 52 07 47 4f
00000020: 70 29 f8 39 63 2c 89 b6 92 39 18 27 9c fb 80 f5
00000030: 43 af 8b 9c 68 bb 93 22 1e 18 7d c2 1b dc e1 22
(11) Computes public key
00000000: ad b4 e4 db b9 af 28 59 ab 76 4d 30 fd d4 7a f3
00000010: 5f 8c cb 85 8c cc ca 30 5e 4a 9d 20 52 32 48 88
00000020: 69 81 48 5e ae db 1e 8c 0d 8d db 12 3e f5 ef 1d
00000030: 7f e8 83 39 7f e6 5d 6e 51 ca 9e ee f5 b6 ba 02
00000040: db 10 87 47 ba 38 b3 17 95 60 6d a3 81 15 5c 3d
00000050: 6b 86 d3 59 2f 5f 74 14 17 a9 64 20 3d 05 12 08
00000060: 02 75 15 ac ff 08 7c aa 82 1d f6 89 6c f4 33 e0
00000070: 01 4e 11 68 73 7e e3 e9 c6 88 ce 90 9b 39 05 48
(12) Creates message
IKE SA Init
E9D3F378191C3840.8DDFF401FBFB0B14.00000000 IKEv2 I<=R[300]
SA[36]{
P[32](#1:IKE::3#){
Encryption=ENCR_KUZNYECHIK_MGM_KTREE,
PRF=PRF_HMAC_STREEBOG_512,
KE=GOST3410_2012_512}},
KE[136](GOST3410_2012_512){ADB4E4...390548},
NONCE[36]{FB81C8...FE63F0},
N[28](NAT_DETECTION_SOURCE_IP){6D7A48...683D59},
N[28](NAT_DETECTION_DESTINATION_IP){481A5B...905499},
N[8](IKEV2_FRAGMENTATION_SUPPORTED)
(13) Sends message, peer receives message
Smyslov Expires 9 June 2023 [Page 14]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
10.111.10.171:54294<-10.111.15.45:500 [300]
00000000: e9 d3 f3 78 19 1c 38 40 8d df f4 01 fb fb 0b 14
00000010: 21 20 22 20 00 00 00 00 00 00 01 2c 22 00 00 24
00000020: 00 00 00 20 01 01 00 03 03 00 00 08 01 00 00 20
00000030: 03 00 00 08 02 00 00 09 00 00 00 08 04 00 00 22
00000040: 28 00 00 88 00 22 00 00 ad b4 e4 db b9 af 28 59
00000050: ab 76 4d 30 fd d4 7a f3 5f 8c cb 85 8c cc ca 30
00000060: 5e 4a 9d 20 52 32 48 88 69 81 48 5e ae db 1e 8c
00000070: 0d 8d db 12 3e f5 ef 1d 7f e8 83 39 7f e6 5d 6e
00000080: 51 ca 9e ee f5 b6 ba 02 db 10 87 47 ba 38 b3 17
00000090: 95 60 6d a3 81 15 5c 3d 6b 86 d3 59 2f 5f 74 14
000000A0: 17 a9 64 20 3d 05 12 08 02 75 15 ac ff 08 7c aa
000000B0: 82 1d f6 89 6c f4 33 e0 01 4e 11 68 73 7e e3 e9
000000C0: c6 88 ce 90 9b 39 05 48 29 00 00 24 fb 81 c8 80
000000D0: e5 f0 35 60 99 ef 46 b2 72 44 95 0f 03 85 f4 73
000000E0: 92 67 b7 68 43 8f 90 69 16 fe 63 f0 29 00 00 1c
000000F0: 00 00 40 04 6d 7a 48 7a 9d ce 80 6f b0 09 4b f7
00000100: 8d fd ec eb 2e 68 3d 59 29 00 00 1c 00 00 40 05
00000110: 48 1a 5b 15 12 e4 26 a3 8d 88 8b 65 8e 17 b3 f1
00000120: 38 90 54 99 00 00 00 08 00 00 40 2e
Initiator's actions:
(14) Parses received message
IKE SA Init
E9D3F378191C3840.8DDFF401FBFB0B14.00000000 IKEv2 R=>I[300]
SA[36]{
P[32](#1:IKE::3#){
Encryption=ENCR_KUZNYECHIK_MGM_KTREE,
PRF=PRF_HMAC_STREEBOG_512,
KE=GOST3410_2012_512}},
KE[136](GOST3410_2012_512){ADB4E4...390548},
NONCE[36]{FB81C8...FE63F0},
N[28](NAT_DETECTION_SOURCE_IP){6D7A48...683D59},
N[28](NAT_DETECTION_DESTINATION_IP){481A5B...905499},
N[8](IKEV2_FRAGMENTATION_SUPPORTED)
(15) Computes shared key
00000000: a2 43 6c bd 2d c1 0f 81 0d f7 6f 24 ae 78 70 f2
00000010: 27 5d 1b dc c5 52 0e d8 53 e5 c5 43 98 f7 35 ce
00000020: 32 70 89 2b 8e 89 0b 7d b3 98 77 cd bd 31 5d 18
00000030: 10 5d 8b ac 16 f0 aa fd bc dc 7c 69 75 14 48 a8
(16) Computes SKEYSEED
Smyslov Expires 9 June 2023 [Page 15]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: fc 7b d9 80 4b 15 00 60 d2 08 17 3a 08 4b a9 2a
00000010: 0f 01 cb c3 ef e9 b5 aa 15 5b 0e 80 24 68 3c 4c
00000020: 6c fb e9 c8 16 7d 54 2d 48 ee 61 71 01 68 ca 68
00000030: 4f 7c b0 1b 61 29 20 9a 68 88 5b 3f d7 19 0b d0
(17) Computes SK_d
00000000: 6b 2b 83 d7 a9 10 5f f4 27 e8 05 86 b7 f0 09 31
00000010: 16 43 81 ae 88 7a 3f c9 65 30 73 00 e5 82 81 52
00000020: 68 07 ba e5 39 ef 6e a7 75 db 2c c9 1c d3 4b 70
00000030: e0 be 97 14 81 bb 0c 80 ef b3 6e 12 2a 08 74 36
(18) Computes SK_ei
00000000: 8c 6d f1 8f 6a ff 9f 1b 3e be 40 ef e2 64 c2 bf
00000010: 8e 6e d7 4c b5 8b 0a 74 a7 30 0c 21 7e 66 c7 d4
00000020: 83 00 37 c3 08 01 7e c3 0a 71 62 01
(19) Computes SK_er
00000000: df e8 7d 5f 9c da 5e 45 b8 b9 11 02 63 6c 08 47
00000010: f6 4f c5 5d 6a 7b 4b 91 52 32 0a a2 5e c0 31 34
00000020: 65 20 72 e7 0a 1e ff 7d da ba 17 31
(20) Computes SK_pi
00000000: 93 11 c6 4c d7 12 b5 40 f9 e8 7e 73 c5 28 a7 d8
00000010: 89 48 1c f1 bf a3 ad 67 cf b4 d9 6a 9b fe 3c ea
00000020: 2f cc 2a 5e d4 e4 0b 27 7f be c9 9d c3 8d b7 68
00000030: 03 c1 f3 f8 94 af 47 8b d8 35 b8 6b c2 ca 38 16
(21) Computes SK_pr
00000000: 7b b0 4b 24 74 9c 73 68 7f 34 a3 b8 17 6b 9e 30
00000010: f2 eb 33 73 23 ff 49 1e e3 07 e7 9f 77 b6 2a ef
00000020: 5a 5e a9 02 8e 90 5c 83 49 ec 1e aa a4 05 bc e1
00000030: fb c4 5b f0 27 d6 9b 41 77 6f e1 48 f3 37 99 e5
(22) Computes prf(SK_pi, IDi)
00000000: 06 d3 d4 36 ab 5b 4f 41 d4 3d fc 79 1f 13 a3 89
00000010: e9 a6 6e d7 87 7d 72 d1 9d 71 78 2d 05 ee 47 fb
00000020: 82 c8 8f 86 cd b5 05 1d 25 7c 1e 79 18 ef 4e 4e
00000030: 8d ca f4 47 12 c6 7f 6a 32 7d d8 e8 f2 8e f8 33
(23) Uses PSK
Smyslov Expires 9 June 2023 [Page 16]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: e2 69 24 cf 15 32 93 47 3a 11 a4 97 a8 a4 5c b3
00000010: 4e 28 31 ef 0e 28 bb 77 69 69 c6 3c 68 bf e1 0d
(24) Computes prf(PSK,"Key Pad for IKEv2")
00000000: 01 3c a5 24 59 4e bc 78 99 20 61 6c 3f 03 e5 2e
00000010: 7a 75 2a 0b 78 36 bd 0a 89 ce 1d e7 8b 23 32 ae
00000020: 08 9a a0 03 1d da f6 14 8c 38 c6 bd 7c 03 13 24
00000030: bd af c8 ad 88 18 8f 41 d0 12 b9 e1 5a 66 8f 10
(25) Computes content of AUTH payload
00000000: c9 9b 01 9a 89 ee 56 53 ab 28 25 a1 d7 51 54 ac
00000010: 01 42 fb d6 2e bc 1e f3 65 73 63 5b 16 81 4b 97
00000020: 38 b4 20 5d 09 d9 b4 21 b4 0c f4 55 27 80 e7 4c
00000030: cf 66 d0 14 25 87 7c 20 84 68 d5 79 3a 74 1e e3
(26) Computes K1i (i1 = 0)
00000000: f2 ac 10 7a 1f 92 d1 b1 1b b1 74 c3 42 76 a3 3f
00000010: fa ea 1b 1e 81 10 c1 01 7a 25 9a 00 8d 76 57 de
(27) Computes K2i (i2 = 0)
00000000: 77 e0 16 18 ad 76 e8 5a 66 2f 88 c4 c0 92 ec 33
00000010: 6d 23 63 28 28 d5 77 d8 84 e1 01 b1 8d 84 a7 1d
(28) Computes K3i (i3 = 0)
00000000: 36 ff fa db 84 a9 f1 21 d5 84 16 db eb af 21 a2
00000010: 12 6d 5c 35 95 fe 89 cf 27 47 52 8a b7 36 92 d4
(29) Selects SPI for incoming ESP SA
00000000: 0a de 5f cd
(30) Creates message
Smyslov Expires 9 June 2023 [Page 17]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
IKE SA Auth
E9D3F378191C3840.8DDFF401FBFB0B14.00000001 IKEv2 R<-I[334]
E[306]{
IDi[21](FQDN){"IKE-Initiator"},
AUTH[72](Preshared-Key){C99B01...741EE3},
N[8](INITIAL_CONTACT),
N[12](SET_WINDOW_SIZE){4},
CP[16](REQUEST){IP4.Address[0], IP4.DNS[0]},
SA[56]{
P[52](#1:ESP:0ADE5FCD:5#){
Encryption=ENCR_KUZNYECHIK_MGM_KTREE,
ENCR_MAGMA_MGM_KTREE,
ENCR_KUZNYECHIK_MGM_MAC_KTREE,
ENCR_MAGMA_MGM_MAC_KTREE,
ESN=Off}},
TSi[40](2#){10.111.10.171:icmp:8.0, 0.0.0.0-255.255.255.255},
TSr[40](2#){10.0.0.2:icmp:8.0, 10.0.0.0-10.0.0.255},
N[8](ESP_TFC_PADDING_NOT_SUPPORTED),
N[8](NON_FIRST_FRAGMENTS_ALSO)}
(31) Composes MGM nonce
00000000: 00 00 00 00 83 00 37 c3 08 01 7e c3 0a 71 62 01
(32) Composes AAD
00000000: e9 d3 f3 78 19 1c 38 40 8d df f4 01 fb fb 0b 14
00000010: 2e 20 23 08 00 00 00 01 00 00 01 4e 23 00 01 32
(33) Composes plaintext
Smyslov Expires 9 June 2023 [Page 18]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: 27 00 00 15 02 00 00 00 49 4b 45 2d 49 6e 69 74
00000010: 69 61 74 6f 72 29 00 00 48 02 00 00 00 c9 9b 01
00000020: 9a 89 ee 56 53 ab 28 25 a1 d7 51 54 ac 01 42 fb
00000030: d6 2e bc 1e f3 65 73 63 5b 16 81 4b 97 38 b4 20
00000040: 5d 09 d9 b4 21 b4 0c f4 55 27 80 e7 4c cf 66 d0
00000050: 14 25 87 7c 20 84 68 d5 79 3a 74 1e e3 29 00 00
00000060: 08 00 00 40 00 2f 00 00 0c 00 00 40 01 00 00 00
00000070: 04 21 00 00 10 01 00 00 00 00 01 00 00 00 03 00
00000080: 00 2c 00 00 38 00 00 00 34 01 03 04 05 0a de 5f
00000090: cd 03 00 00 08 01 00 00 20 03 00 00 08 01 00 00
000000A0: 21 03 00 00 08 01 00 00 22 03 00 00 08 01 00 00
000000B0: 23 00 00 00 08 05 00 00 00 2d 00 00 28 02 00 00
000000C0: 00 07 01 00 10 08 00 08 00 0a 6f 0a ab 0a 6f 0a
000000D0: ab 07 00 00 10 00 00 ff ff 00 00 00 00 ff ff ff
000000E0: ff 29 00 00 28 02 00 00 00 07 01 00 10 08 00 08
000000F0: 00 0a 00 00 02 0a 00 00 02 07 00 00 10 00 00 ff
00000100: ff 0a 00 00 00 0a 00 00 ff 29 00 00 08 00 00 40
00000110: 0a 00 00 00 08 00 00 40 0b 00
(34) Encrypts plaintext using K3i as K_msg, resulted in ciphertext
00000000: a5 7d 65 70 aa c3 ef f7 df d6 5c 58 f6 2e ea 80
00000010: 82 15 dc 9d ae 42 1c f0 4c e4 cd 2a 45 f0 22 96
00000020: ea d2 06 cc 9b 59 97 9e 45 5d 27 5f b4 fd 55 6a
00000030: 90 bb 14 da df 9f 56 b0 e8 4c 89 a5 d8 f1 f6 55
00000040: a9 f0 82 90 57 28 86 a5 bd 12 85 2f 2e 51 54 29
00000050: fe 04 45 a4 90 f0 f8 0e 8b e9 c7 37 05 8f 6b bb
00000060: 36 b0 24 8a 5f a3 ca f3 7e 7d f9 8e 73 4b b0 14
00000070: ce b0 af 63 4c 4f ea 60 f6 46 4c 61 76 7c 9f 18
00000080: 0c 61 73 fa 30 9f 91 c4 22 c9 ab 61 80 5a de 8e
00000090: 06 40 36 7a 71 59 a5 ad 1c 67 25 03 9b af 2b 04
000000A0: 9f c1 de 51 11 7b f1 16 20 81 78 3f a8 01 d6 c8
000000B0: 79 89 d9 65 3e ea 58 6d ac 48 fc 4a 9a b9 48 02
000000C0: d7 2b 01 5d 6a 2d cb 65 bb ad 99 86 e2 03 08 76
000000D0: 1b dd 7c 56 3c 49 a4 2c da 24 1f ad 54 79 f5 d8
000000E0: 0e 52 8a 49 92 90 66 80 85 00 b7 d8 89 5f b7 f4
000000F0: 92 c1 5b ed 8a 16 00 f3 9a f8 90 4b fa 6a b2 de
00000100: 2a 89 74 9f 99 c7 c3 57 88 5b 88 95 5c ec 46 52
00000110: 04 c4 49 08 05 ab ee 1c 80 f6
(35) Computes ICV using K3i as K_msg
00000000: 7a 4f 14 38 e6 5f 6b 8c f5 5d 55 f5
(36) Composes IV
00000000: 00 00 00 00 00 00 00 00
Smyslov Expires 9 June 2023 [Page 19]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
(37) Sends message, peer receives message
10.111.10.171:54294->10.111.15.45:500 [334]
00000000: e9 d3 f3 78 19 1c 38 40 8d df f4 01 fb fb 0b 14
00000010: 2e 20 23 08 00 00 00 01 00 00 01 4e 23 00 01 32
00000020: 00 00 00 00 00 00 00 00 a5 7d 65 70 aa c3 ef f7
00000030: df d6 5c 58 f6 2e ea 80 82 15 dc 9d ae 42 1c f0
00000040: 4c e4 cd 2a 45 f0 22 96 ea d2 06 cc 9b 59 97 9e
00000050: 45 5d 27 5f b4 fd 55 6a 90 bb 14 da df 9f 56 b0
00000060: e8 4c 89 a5 d8 f1 f6 55 a9 f0 82 90 57 28 86 a5
00000070: bd 12 85 2f 2e 51 54 29 fe 04 45 a4 90 f0 f8 0e
00000080: 8b e9 c7 37 05 8f 6b bb 36 b0 24 8a 5f a3 ca f3
00000090: 7e 7d f9 8e 73 4b b0 14 ce b0 af 63 4c 4f ea 60
000000A0: f6 46 4c 61 76 7c 9f 18 0c 61 73 fa 30 9f 91 c4
000000B0: 22 c9 ab 61 80 5a de 8e 06 40 36 7a 71 59 a5 ad
000000C0: 1c 67 25 03 9b af 2b 04 9f c1 de 51 11 7b f1 16
000000D0: 20 81 78 3f a8 01 d6 c8 79 89 d9 65 3e ea 58 6d
000000E0: ac 48 fc 4a 9a b9 48 02 d7 2b 01 5d 6a 2d cb 65
000000F0: bb ad 99 86 e2 03 08 76 1b dd 7c 56 3c 49 a4 2c
00000100: da 24 1f ad 54 79 f5 d8 0e 52 8a 49 92 90 66 80
00000110: 85 00 b7 d8 89 5f b7 f4 92 c1 5b ed 8a 16 00 f3
00000120: 9a f8 90 4b fa 6a b2 de 2a 89 74 9f 99 c7 c3 57
00000130: 88 5b 88 95 5c ec 46 52 04 c4 49 08 05 ab ee 1c
00000140: 80 f6 7a 4f 14 38 e6 5f 6b 8c f5 5d 55 f5
Responder's actions:
(38) Computes shared key
00000000: a2 43 6c bd 2d c1 0f 81 0d f7 6f 24 ae 78 70 f2
00000010: 27 5d 1b dc c5 52 0e d8 53 e5 c5 43 98 f7 35 ce
00000020: 32 70 89 2b 8e 89 0b 7d b3 98 77 cd bd 31 5d 18
00000030: 10 5d 8b ac 16 f0 aa fd bc dc 7c 69 75 14 48 a8
(39) Computes SKEYSEED
00000000: fc 7b d9 80 4b 15 00 60 d2 08 17 3a 08 4b a9 2a
00000010: 0f 01 cb c3 ef e9 b5 aa 15 5b 0e 80 24 68 3c 4c
00000020: 6c fb e9 c8 16 7d 54 2d 48 ee 61 71 01 68 ca 68
00000030: 4f 7c b0 1b 61 29 20 9a 68 88 5b 3f d7 19 0b d0
(40) Computes SK_d
00000000: 6b 2b 83 d7 a9 10 5f f4 27 e8 05 86 b7 f0 09 31
00000010: 16 43 81 ae 88 7a 3f c9 65 30 73 00 e5 82 81 52
00000020: 68 07 ba e5 39 ef 6e a7 75 db 2c c9 1c d3 4b 70
00000030: e0 be 97 14 81 bb 0c 80 ef b3 6e 12 2a 08 74 36
Smyslov Expires 9 June 2023 [Page 20]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
(41) Computes SK_ei
00000000: 8c 6d f1 8f 6a ff 9f 1b 3e be 40 ef e2 64 c2 bf
00000010: 8e 6e d7 4c b5 8b 0a 74 a7 30 0c 21 7e 66 c7 d4
00000020: 83 00 37 c3 08 01 7e c3 0a 71 62 01
(42) Computes SK_er
00000000: df e8 7d 5f 9c da 5e 45 b8 b9 11 02 63 6c 08 47
00000010: f6 4f c5 5d 6a 7b 4b 91 52 32 0a a2 5e c0 31 34
00000020: 65 20 72 e7 0a 1e ff 7d da ba 17 31
(43) Computes SK_pi
00000000: 93 11 c6 4c d7 12 b5 40 f9 e8 7e 73 c5 28 a7 d8
00000010: 89 48 1c f1 bf a3 ad 67 cf b4 d9 6a 9b fe 3c ea
00000020: 2f cc 2a 5e d4 e4 0b 27 7f be c9 9d c3 8d b7 68
00000030: 03 c1 f3 f8 94 af 47 8b d8 35 b8 6b c2 ca 38 16
(44) Computes SK_pr
00000000: 7b b0 4b 24 74 9c 73 68 7f 34 a3 b8 17 6b 9e 30
00000010: f2 eb 33 73 23 ff 49 1e e3 07 e7 9f 77 b6 2a ef
00000020: 5a 5e a9 02 8e 90 5c 83 49 ec 1e aa a4 05 bc e1
00000030: fb c4 5b f0 27 d6 9b 41 77 6f e1 48 f3 37 99 e5
(45) Extracts IV from message
00000000: 00 00 00 00 00 00 00 00
(46) Computes K1i (i1 = 0)
00000000: f2 ac 10 7a 1f 92 d1 b1 1b b1 74 c3 42 76 a3 3f
00000010: fa ea 1b 1e 81 10 c1 01 7a 25 9a 00 8d 76 57 de
(47) Computes K2i (i2 = 0)
00000000: 77 e0 16 18 ad 76 e8 5a 66 2f 88 c4 c0 92 ec 33
00000010: 6d 23 63 28 28 d5 77 d8 84 e1 01 b1 8d 84 a7 1d
(48) Computes K3i (i3 = 0)
00000000: 36 ff fa db 84 a9 f1 21 d5 84 16 db eb af 21 a2
00000010: 12 6d 5c 35 95 fe 89 cf 27 47 52 8a b7 36 92 d4
(49) Composes MGM nonce
00000000: 00 00 00 00 83 00 37 c3 08 01 7e c3 0a 71 62 01
Smyslov Expires 9 June 2023 [Page 21]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
(50) Extracts ICV from message
00000000: 7a 4f 14 38 e6 5f 6b 8c f5 5d 55 f5
(51) Extracts AAD from message
00000000: e9 d3 f3 78 19 1c 38 40 8d df f4 01 fb fb 0b 14
00000010: 2e 20 23 08 00 00 00 01 00 00 01 4e 23 00 01 32
(52) Extracts ciphertext from message
00000000: a5 7d 65 70 aa c3 ef f7 df d6 5c 58 f6 2e ea 80
00000010: 82 15 dc 9d ae 42 1c f0 4c e4 cd 2a 45 f0 22 96
00000020: ea d2 06 cc 9b 59 97 9e 45 5d 27 5f b4 fd 55 6a
00000030: 90 bb 14 da df 9f 56 b0 e8 4c 89 a5 d8 f1 f6 55
00000040: a9 f0 82 90 57 28 86 a5 bd 12 85 2f 2e 51 54 29
00000050: fe 04 45 a4 90 f0 f8 0e 8b e9 c7 37 05 8f 6b bb
00000060: 36 b0 24 8a 5f a3 ca f3 7e 7d f9 8e 73 4b b0 14
00000070: ce b0 af 63 4c 4f ea 60 f6 46 4c 61 76 7c 9f 18
00000080: 0c 61 73 fa 30 9f 91 c4 22 c9 ab 61 80 5a de 8e
00000090: 06 40 36 7a 71 59 a5 ad 1c 67 25 03 9b af 2b 04
000000A0: 9f c1 de 51 11 7b f1 16 20 81 78 3f a8 01 d6 c8
000000B0: 79 89 d9 65 3e ea 58 6d ac 48 fc 4a 9a b9 48 02
000000C0: d7 2b 01 5d 6a 2d cb 65 bb ad 99 86 e2 03 08 76
000000D0: 1b dd 7c 56 3c 49 a4 2c da 24 1f ad 54 79 f5 d8
000000E0: 0e 52 8a 49 92 90 66 80 85 00 b7 d8 89 5f b7 f4
000000F0: 92 c1 5b ed 8a 16 00 f3 9a f8 90 4b fa 6a b2 de
00000100: 2a 89 74 9f 99 c7 c3 57 88 5b 88 95 5c ec 46 52
00000110: 04 c4 49 08 05 ab ee 1c 80 f6
(53) Decrypts ciphertext and verifies ICV using K3i as K_msg,
resulted in plaintext
Smyslov Expires 9 June 2023 [Page 22]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: 27 00 00 15 02 00 00 00 49 4b 45 2d 49 6e 69 74
00000010: 69 61 74 6f 72 29 00 00 48 02 00 00 00 c9 9b 01
00000020: 9a 89 ee 56 53 ab 28 25 a1 d7 51 54 ac 01 42 fb
00000030: d6 2e bc 1e f3 65 73 63 5b 16 81 4b 97 38 b4 20
00000040: 5d 09 d9 b4 21 b4 0c f4 55 27 80 e7 4c cf 66 d0
00000050: 14 25 87 7c 20 84 68 d5 79 3a 74 1e e3 29 00 00
00000060: 08 00 00 40 00 2f 00 00 0c 00 00 40 01 00 00 00
00000070: 04 21 00 00 10 01 00 00 00 00 01 00 00 00 03 00
00000080: 00 2c 00 00 38 00 00 00 34 01 03 04 05 0a de 5f
00000090: cd 03 00 00 08 01 00 00 20 03 00 00 08 01 00 00
000000A0: 21 03 00 00 08 01 00 00 22 03 00 00 08 01 00 00
000000B0: 23 00 00 00 08 05 00 00 00 2d 00 00 28 02 00 00
000000C0: 00 07 01 00 10 08 00 08 00 0a 6f 0a ab 0a 6f 0a
000000D0: ab 07 00 00 10 00 00 ff ff 00 00 00 00 ff ff ff
000000E0: ff 29 00 00 28 02 00 00 00 07 01 00 10 08 00 08
000000F0: 00 0a 00 00 02 0a 00 00 02 07 00 00 10 00 00 ff
00000100: ff 0a 00 00 00 0a 00 00 ff 29 00 00 08 00 00 40
00000110: 0a 00 00 00 08 00 00 40 0b 00
(54) Parses received message
IKE SA Auth
E9D3F378191C3840.8DDFF401FBFB0B14.00000001 IKEv2 I->R[334]
E[306]{
IDi[21](FQDN){"IKE-Initiator"},
AUTH[72](Preshared-Key){C99B01...741EE3},
N[8](INITIAL_CONTACT),
N[12](SET_WINDOW_SIZE){4},
CP[16](REQUEST){IP4.Address[0], IP4.DNS[0]},
SA[56]{
P[52](#1:ESP:0ADE5FCD:5#){
Encryption=ENCR_KUZNYECHIK_MGM_KTREE,
ENCR_MAGMA_MGM_KTREE,
ENCR_KUZNYECHIK_MGM_MAC_KTREE,
ENCR_MAGMA_MGM_MAC_KTREE,
ESN=Off}},
TSi[40](2#){10.111.10.171:icmp:8.0, 0.0.0.0-255.255.255.255},
TSr[40](2#){10.0.0.2:icmp:8.0, 10.0.0.0-10.0.0.255},
N[8](ESP_TFC_PADDING_NOT_SUPPORTED),
N[8](NON_FIRST_FRAGMENTS_ALSO)}
(55) Computes prf(SK_pi, IDi)
00000000: 06 d3 d4 36 ab 5b 4f 41 d4 3d fc 79 1f 13 a3 89
00000010: e9 a6 6e d7 87 7d 72 d1 9d 71 78 2d 05 ee 47 fb
00000020: 82 c8 8f 86 cd b5 05 1d 25 7c 1e 79 18 ef 4e 4e
00000030: 8d ca f4 47 12 c6 7f 6a 32 7d d8 e8 f2 8e f8 33
Smyslov Expires 9 June 2023 [Page 23]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
(56) Uses PSK
00000000: e2 69 24 cf 15 32 93 47 3a 11 a4 97 a8 a4 5c b3
00000010: 4e 28 31 ef 0e 28 bb 77 69 69 c6 3c 68 bf e1 0d
(57) Computes prf(PSK,"Key Pad for IKEv2")
00000000: 01 3c a5 24 59 4e bc 78 99 20 61 6c 3f 03 e5 2e
00000010: 7a 75 2a 0b 78 36 bd 0a 89 ce 1d e7 8b 23 32 ae
00000020: 08 9a a0 03 1d da f6 14 8c 38 c6 bd 7c 03 13 24
00000030: bd af c8 ad 88 18 8f 41 d0 12 b9 e1 5a 66 8f 10
(58) Computes content of AUTH payload and compares it with the
received one
00000000: c9 9b 01 9a 89 ee 56 53 ab 28 25 a1 d7 51 54 ac
00000010: 01 42 fb d6 2e bc 1e f3 65 73 63 5b 16 81 4b 97
00000020: 38 b4 20 5d 09 d9 b4 21 b4 0c f4 55 27 80 e7 4c
00000030: cf 66 d0 14 25 87 7c 20 84 68 d5 79 3a 74 1e e3
(59) Computes keys for ESP SAs
00000000: ff 42 3b a3 78 29 2b 10 52 c8 bf 06 fa ba 6d 5f
00000010: e2 db 51 1b 74 1b 54 ad 35 85 e3 cf 2b 77 52 42
00000020: bc 8c d8 ba dd f4 46 9e 89 41 5c d6
00000000: 8c eb 84 af 18 01 18 36 b7 8d 65 be 03 ca 69 64
00000010: 89 6e a8 91 03 bc 9a dc bd 49 10 ab 20 83 9f 83
00000020: b1 7c 45 9d ab d8 ab 6f de 6a 62 d1
(60) Computes prf(SK_pr,IDr)
00000000: 32 61 00 71 e8 1a d6 a1 12 8d ef 4e 2a e9 bb c2
00000010: 9f 3d ba 28 1b 2a a5 10 a2 ad c6 b1 73 07 c9 f1
00000020: 50 9e 1c d7 a5 85 8f a8 40 ef dd a7 ae 33 71 74
00000030: c8 8b a9 f4 3a 83 0f c1 c5 3c 9b 21 9f a9 58 25
(61) Uses PSK
00000000: e2 69 24 cf 15 32 93 47 3a 11 a4 97 a8 a4 5c b3
00000010: 4e 28 31 ef 0e 28 bb 77 69 69 c6 3c 68 bf e1 0d
(62) Computes prf(PSK,"Key Pad for IKEv2")
00000000: 01 3c a5 24 59 4e bc 78 99 20 61 6c 3f 03 e5 2e
00000010: 7a 75 2a 0b 78 36 bd 0a 89 ce 1d e7 8b 23 32 ae
00000020: 08 9a a0 03 1d da f6 14 8c 38 c6 bd 7c 03 13 24
00000030: bd af c8 ad 88 18 8f 41 d0 12 b9 e1 5a 66 8f 10
Smyslov Expires 9 June 2023 [Page 24]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
(63) Computes content of AUTH payload
00000000: 35 ce 8a ab dd 3d b1 5f 38 7b 2e c9 a6 24 7a 1f
00000010: a7 bb a0 6f b6 5e d8 81 07 d3 43 c8 a5 db 37 51
00000020: 0e 9d 9a 85 66 18 7a 0f 5c e2 1b fb 27 56 65 ed
00000030: 0e 41 fe ce 5e 95 bf 8a ae 57 f6 d6 26 d2 d1 2d
(64) Computes K1r (i1 = 0)
00000000: 61 cd ad b1 01 10 71 7c dc 18 81 1d 1f aa e3 13
00000010: 4b 07 f8 f7 49 a7 3d 0a 57 2f e1 61 bc ab 85 c4
(65) Computes K2r (i2 = 0)
00000000: 5f e7 47 77 da f7 54 d7 a8 e5 eb ed f9 82 c8 a9
00000010: 74 0c 54 77 6f eb b8 70 a4 43 43 3e c2 9e ce a6
(66) Computes K3r (i3 = 0)
00000000: e8 af 72 c4 c3 55 a2 6a fb ad 37 fd b4 b9 7f d6
00000010: f6 c8 cc 32 3f 50 32 40 06 86 ce 85 1b 02 28 f3
(67) Selects SPI for incoming ESP SA
00000000: 50 3c 8d af
(68) Creates message
IKE SA Auth
E9D3F378191C3840.8DDFF401FBFB0B14.00000001 IKEv2 I<=R[286]
E[258]{
IDr[21](FQDN){"IKE-Responder"},
AUTH[72](Preshared-Key){35CE8A...D2D12D},
N[8](INITIAL_CONTACT),
N[12](SET_WINDOW_SIZE){64},
CP[16](REPLY){IP4.Address[4]=10.1.1.2},
SA[32]{
P[28](#1:ESP:503C8DAF:2#){
Encryption=ENCR_KUZNYECHIK_MGM_KTREE,
ESN=Off}},
TSi[24](1#){10.1.1.2},
TSr[24](1#){10.0.0.0-10.0.0.255},
N[8](ADDITIONAL_TS_POSSIBLE),
N[8](ESP_TFC_PADDING_NOT_SUPPORTED),
N[8](NON_FIRST_FRAGMENTS_ALSO)}
(69) Composes MGM nonce
Smyslov Expires 9 June 2023 [Page 25]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: 00 00 00 00 65 20 72 e7 0a 1e ff 7d da ba 17 31
(70) Composes AAD
00000000: e9 d3 f3 78 19 1c 38 40 8d df f4 01 fb fb 0b 14
00000010: 2e 20 23 20 00 00 00 01 00 00 01 1e 24 00 01 02
(71) Composes plaintext
00000000: 27 00 00 15 02 00 00 00 49 4b 45 2d 52 65 73 70
00000010: 6f 6e 64 65 72 29 00 00 48 02 00 00 00 35 ce 8a
00000020: ab dd 3d b1 5f 38 7b 2e c9 a6 24 7a 1f a7 bb a0
00000030: 6f b6 5e d8 81 07 d3 43 c8 a5 db 37 51 0e 9d 9a
00000040: 85 66 18 7a 0f 5c e2 1b fb 27 56 65 ed 0e 41 fe
00000050: ce 5e 95 bf 8a ae 57 f6 d6 26 d2 d1 2d 29 00 00
00000060: 08 00 00 40 00 2f 00 00 0c 00 00 40 01 00 00 00
00000070: 40 21 00 00 10 02 00 00 00 00 01 00 04 0a 01 01
00000080: 02 2c 00 00 20 00 00 00 1c 01 03 04 02 50 3c 8d
00000090: af 03 00 00 08 01 00 00 20 00 00 00 08 05 00 00
000000A0: 00 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff
000000B0: ff 0a 01 01 02 0a 01 01 02 29 00 00 18 01 00 00
000000C0: 00 07 00 00 10 00 00 ff ff 0a 00 00 00 0a 00 00
000000D0: ff 29 00 00 08 00 00 40 02 29 00 00 08 00 00 40
000000E0: 0a 00 00 00 08 00 00 40 0b 00
(72) Encrypts plaintext using K3r as K_msg, resulted in ciphertext
00000000: 9b 5d 58 8a 99 44 11 d6 5b 93 7f 98 57 0d 0f 09
00000010: 0c a3 d9 36 41 b5 9c 91 94 17 3a cb 00 88 24 5e
00000020: 25 b7 0d 75 2f fb 4d d0 ab 2c cc 84 42 e7 f8 1b
00000030: 5a e6 88 13 9a 3e b1 03 79 31 0c 69 f6 17 a2 40
00000040: f8 aa 74 2e 62 29 ee 57 43 3f 10 bf 44 73 51 97
00000050: 2c 93 a4 02 87 3d 37 45 2c f1 3e 16 c3 d9 ec b3
00000060: b8 6f 66 1a f1 73 44 7c db 74 11 e6 07 4a 75 23
00000070: 83 df 00 52 ae 68 60 39 83 4c c3 b1 d5 7a e8 7f
00000080: 61 59 9e 4f 92 3c 2f 04 3b c3 ac e7 23 3f 1c a7
00000090: a5 3f 4d 33 1f 46 25 9f 09 5e f4 75 e0 12 32 5b
000000A0: 29 64 a4 40 1a b5 c9 cd 9e 8f 91 cc 5b 7d 14 15
000000B0: d0 89 70 e0 c6 d8 e4 e0 93 ff 02 4c 69 db ab 84
000000C0: d6 8f b9 f9 ed 07 aa 96 29 2a 50 c2 c4 b6 e5 cb
000000D0: 8e 16 33 7a 20 a4 3b 0e f2 53 9b b1 63 c0 46 4b
000000E0: d9 31 a8 98 f5 17 8a ff 0a c0
(73) Computes ICV using K3r as K_msg
00000000: 4a db a4 67 7e a1 3c 54 22 1f cf 62
(74) Composes IV
Smyslov Expires 9 June 2023 [Page 26]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: 00 00 00 00 00 00 00 00
(75) Sends message, peer receives message
10.111.10.171:54294<-10.111.15.45:500 [286]
00000000: e9 d3 f3 78 19 1c 38 40 8d df f4 01 fb fb 0b 14
00000010: 2e 20 23 20 00 00 00 01 00 00 01 1e 24 00 01 02
00000020: 00 00 00 00 00 00 00 00 9b 5d 58 8a 99 44 11 d6
00000030: 5b 93 7f 98 57 0d 0f 09 0c a3 d9 36 41 b5 9c 91
00000040: 94 17 3a cb 00 88 24 5e 25 b7 0d 75 2f fb 4d d0
00000050: ab 2c cc 84 42 e7 f8 1b 5a e6 88 13 9a 3e b1 03
00000060: 79 31 0c 69 f6 17 a2 40 f8 aa 74 2e 62 29 ee 57
00000070: 43 3f 10 bf 44 73 51 97 2c 93 a4 02 87 3d 37 45
00000080: 2c f1 3e 16 c3 d9 ec b3 b8 6f 66 1a f1 73 44 7c
00000090: db 74 11 e6 07 4a 75 23 83 df 00 52 ae 68 60 39
000000A0: 83 4c c3 b1 d5 7a e8 7f 61 59 9e 4f 92 3c 2f 04
000000B0: 3b c3 ac e7 23 3f 1c a7 a5 3f 4d 33 1f 46 25 9f
000000C0: 09 5e f4 75 e0 12 32 5b 29 64 a4 40 1a b5 c9 cd
000000D0: 9e 8f 91 cc 5b 7d 14 15 d0 89 70 e0 c6 d8 e4 e0
000000E0: 93 ff 02 4c 69 db ab 84 d6 8f b9 f9 ed 07 aa 96
000000F0: 29 2a 50 c2 c4 b6 e5 cb 8e 16 33 7a 20 a4 3b 0e
00000100: f2 53 9b b1 63 c0 46 4b d9 31 a8 98 f5 17 8a ff
00000110: 0a c0 4a db a4 67 7e a1 3c 54 22 1f cf 62
Initiator's actions:
(76) Extracts IV from message
00000000: 00 00 00 00 00 00 00 00
(77) Computes K1r (i1 = 0)
00000000: 61 cd ad b1 01 10 71 7c dc 18 81 1d 1f aa e3 13
00000010: 4b 07 f8 f7 49 a7 3d 0a 57 2f e1 61 bc ab 85 c4
(78) Computes K2r (i2 = 0)
00000000: 5f e7 47 77 da f7 54 d7 a8 e5 eb ed f9 82 c8 a9
00000010: 74 0c 54 77 6f eb b8 70 a4 43 43 3e c2 9e ce a6
(79) Computes K3r (i3 = 0)
00000000: e8 af 72 c4 c3 55 a2 6a fb ad 37 fd b4 b9 7f d6
00000010: f6 c8 cc 32 3f 50 32 40 06 86 ce 85 1b 02 28 f3
(80) Composes MGM nonce
Smyslov Expires 9 June 2023 [Page 27]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: 00 00 00 00 65 20 72 e7 0a 1e ff 7d da ba 17 31
(81) Extracts ICV from message
00000000: 4a db a4 67 7e a1 3c 54 22 1f cf 62
(82) Extracts AAD from message
00000000: e9 d3 f3 78 19 1c 38 40 8d df f4 01 fb fb 0b 14
00000010: 2e 20 23 20 00 00 00 01 00 00 01 1e 24 00 01 02
(83) Extracts ciphertext from message
00000000: 9b 5d 58 8a 99 44 11 d6 5b 93 7f 98 57 0d 0f 09
00000010: 0c a3 d9 36 41 b5 9c 91 94 17 3a cb 00 88 24 5e
00000020: 25 b7 0d 75 2f fb 4d d0 ab 2c cc 84 42 e7 f8 1b
00000030: 5a e6 88 13 9a 3e b1 03 79 31 0c 69 f6 17 a2 40
00000040: f8 aa 74 2e 62 29 ee 57 43 3f 10 bf 44 73 51 97
00000050: 2c 93 a4 02 87 3d 37 45 2c f1 3e 16 c3 d9 ec b3
00000060: b8 6f 66 1a f1 73 44 7c db 74 11 e6 07 4a 75 23
00000070: 83 df 00 52 ae 68 60 39 83 4c c3 b1 d5 7a e8 7f
00000080: 61 59 9e 4f 92 3c 2f 04 3b c3 ac e7 23 3f 1c a7
00000090: a5 3f 4d 33 1f 46 25 9f 09 5e f4 75 e0 12 32 5b
000000A0: 29 64 a4 40 1a b5 c9 cd 9e 8f 91 cc 5b 7d 14 15
000000B0: d0 89 70 e0 c6 d8 e4 e0 93 ff 02 4c 69 db ab 84
000000C0: d6 8f b9 f9 ed 07 aa 96 29 2a 50 c2 c4 b6 e5 cb
000000D0: 8e 16 33 7a 20 a4 3b 0e f2 53 9b b1 63 c0 46 4b
000000E0: d9 31 a8 98 f5 17 8a ff 0a c0
(84) Decrypts ciphertext and verifies ICV using K3r as K_msg,
resulted in plaintext
00000000: 27 00 00 15 02 00 00 00 49 4b 45 2d 52 65 73 70
00000010: 6f 6e 64 65 72 29 00 00 48 02 00 00 00 35 ce 8a
00000020: ab dd 3d b1 5f 38 7b 2e c9 a6 24 7a 1f a7 bb a0
00000030: 6f b6 5e d8 81 07 d3 43 c8 a5 db 37 51 0e 9d 9a
00000040: 85 66 18 7a 0f 5c e2 1b fb 27 56 65 ed 0e 41 fe
00000050: ce 5e 95 bf 8a ae 57 f6 d6 26 d2 d1 2d 29 00 00
00000060: 08 00 00 40 00 2f 00 00 0c 00 00 40 01 00 00 00
00000070: 40 21 00 00 10 02 00 00 00 00 01 00 04 0a 01 01
00000080: 02 2c 00 00 20 00 00 00 1c 01 03 04 02 50 3c 8d
00000090: af 03 00 00 08 01 00 00 20 00 00 00 08 05 00 00
000000A0: 00 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff
000000B0: ff 0a 01 01 02 0a 01 01 02 29 00 00 18 01 00 00
000000C0: 00 07 00 00 10 00 00 ff ff 0a 00 00 00 0a 00 00
000000D0: ff 29 00 00 08 00 00 40 02 29 00 00 08 00 00 40
000000E0: 0a 00 00 00 08 00 00 40 0b 00
Smyslov Expires 9 June 2023 [Page 28]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
(85) Parses received message
IKE SA Auth
E9D3F378191C3840.8DDFF401FBFB0B14.00000001 IKEv2 R=>I[286]
E[258]{
IDr[21](FQDN){"IKE-Responder"},
AUTH[72](Preshared-Key){35CE8A...D2D12D},
N[8](INITIAL_CONTACT),
N[12](SET_WINDOW_SIZE){64},
CP[16](REPLY){IP4.Address[4]=10.1.1.2},
SA[32]{
P[28](#1:ESP:503C8DAF:2#){
Encryption=ENCR_KUZNYECHIK_MGM_KTREE,
ESN=Off}},
TSi[24](1#){10.1.1.2},
TSr[24](1#){10.0.0.0-10.0.0.255},
N[8](ADDITIONAL_TS_POSSIBLE),
N[8](ESP_TFC_PADDING_NOT_SUPPORTED),
N[8](NON_FIRST_FRAGMENTS_ALSO)}
(86) Computes prf(SK_pr, IDr)
00000000: 32 61 00 71 e8 1a d6 a1 12 8d ef 4e 2a e9 bb c2
00000010: 9f 3d ba 28 1b 2a a5 10 a2 ad c6 b1 73 07 c9 f1
00000020: 50 9e 1c d7 a5 85 8f a8 40 ef dd a7 ae 33 71 74
00000030: c8 8b a9 f4 3a 83 0f c1 c5 3c 9b 21 9f a9 58 25
(87) Uses PSK
00000000: e2 69 24 cf 15 32 93 47 3a 11 a4 97 a8 a4 5c b3
00000010: 4e 28 31 ef 0e 28 bb 77 69 69 c6 3c 68 bf e1 0d
(88) Computes prf(PSK,"Key Pad for IKEv2")
00000000: 01 3c a5 24 59 4e bc 78 99 20 61 6c 3f 03 e5 2e
00000010: 7a 75 2a 0b 78 36 bd 0a 89 ce 1d e7 8b 23 32 ae
00000020: 08 9a a0 03 1d da f6 14 8c 38 c6 bd 7c 03 13 24
00000030: bd af c8 ad 88 18 8f 41 d0 12 b9 e1 5a 66 8f 10
(89) Computes content of AUTH payload and compares it with the
received one
00000000: 35 ce 8a ab dd 3d b1 5f 38 7b 2e c9 a6 24 7a 1f
00000010: a7 bb a0 6f b6 5e d8 81 07 d3 43 c8 a5 db 37 51
00000020: 0e 9d 9a 85 66 18 7a 0f 5c e2 1b fb 27 56 65 ed
00000030: 0e 41 fe ce 5e 95 bf 8a ae 57 f6 d6 26 d2 d1 2d
(90) Computes keys for ESP SAs
Smyslov Expires 9 June 2023 [Page 29]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: ff 42 3b a3 78 29 2b 10 52 c8 bf 06 fa ba 6d 5f
00000010: e2 db 51 1b 74 1b 54 ad 35 85 e3 cf 2b 77 52 42
00000020: bc 8c d8 ba dd f4 46 9e 89 41 5c d6
00000000: 8c eb 84 af 18 01 18 36 b7 8d 65 be 03 ca 69 64
00000010: 89 6e a8 91 03 bc 9a dc bd 49 10 ab 20 83 9f 83
00000020: b1 7c 45 9d ab d8 ab 6f de 6a 62 d1
Sub-scenario 2: IKE SA rekeying using the CREATE_CHILD_SA exchange.
Initiator Responder
HDR, SK {SAi, Ni, KEi [,N+]} --->
<--- HDR, SK {SAr, Nr, KEr [,N+]}
Initiator's actions:
(1) Generates random SPIi for new IKE SA
00000000: 43 87 64 8d 6c 9e 28 ff
(2) Generates random IKE nonce Ni
00000000: 6c 83 67 41 1b 45 94 1d 79 94 51 2d 3f 7d 1e ce
00000010: 06 76 a6 09 cc a9 3a 8f f8 17 81 ff 28 08 5a 4c
(3) Generates ephemeral private key
00000000: cf 8f f0 df 04 24 43 b5 7e 15 2c bd 9f cd bd d9
00000010: 20 b5 35 7c e8 8b a6 d7 bd 7f 32 39 3d 5e 9a 3c
00000020: eb 88 4f 7f 6c 5d 03 05 fc bf 08 12 41 76 f4 a6
00000030: 2e 4c f7 ce 55 18 9d 6a 54 1f f7 57 46 23 cd 26
(4) Computes public key
00000000: 04 db 0b d3 9a ac 83 f3 e9 9d a9 11 c3 12 f6 df
00000010: f6 ae 99 38 55 20 1f 83 c8 28 ed 14 f9 68 88 77
00000020: ac 78 36 41 7a d7 93 a7 ee 4c 6a d7 f2 50 24 f5
00000030: a8 7b 03 28 22 9f a4 66 11 20 57 64 56 7c 36 3c
00000040: 72 c7 91 0a 1c fd 64 54 f1 17 97 6a 35 48 dc 8f
00000050: 85 97 20 12 2f 35 55 58 9b ca 7a 84 f3 01 cf ca
00000060: 78 e7 41 87 d3 3f 0f 2b 6d 78 59 ad f2 f2 c2 97
00000070: db 0b 75 6e 00 38 a2 72 8d 17 6b 44 f9 8b 95 66
(5) Creates message
Smyslov Expires 9 June 2023 [Page 30]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
Create Child SA
E9D3F378191C3840.8DDFF401FBFB0B14.00000002 IKEv2 R<-I [281]
E[253]{
SA[44]{
P[40](#1:IKE:4387648D6C9E28FF:3#){
Encryption=ENCR_KUZNYECHIK_MGM_KTREE,
PRF=PRF_HMAC_STREEBOG_512,
KE=GOST3410_2012_512}},
NONCE[36]{6C8367...085A4C},
KE[136](GOST3410_2012_512){04DB0B...8B9566},
N[12](SET_WINDOW_SIZE){4}}
(6) Uses previously computed key K3i
00000000: 36 ff fa db 84 a9 f1 21 d5 84 16 db eb af 21 a2
00000010: 12 6d 5c 35 95 fe 89 cf 27 47 52 8a b7 36 92 d4
(7) Composes MGM nonce
00000000: 00 00 00 01 83 00 37 c3 08 01 7e c3 0a 71 62 01
(8) Composes AAD
00000000: e9 d3 f3 78 19 1c 38 40 8d df f4 01 fb fb 0b 14
00000010: 2e 20 24 08 00 00 00 02 00 00 01 19 21 00 00 fd
(9) Composes plaintext
00000000: 28 00 00 2c 00 00 00 28 01 01 08 03 43 87 64 8d
00000010: 6c 9e 28 ff 03 00 00 08 01 00 00 20 03 00 00 08
00000020: 02 00 00 09 00 00 00 08 04 00 00 22 22 00 00 24
00000030: 6c 83 67 41 1b 45 94 1d 79 94 51 2d 3f 7d 1e ce
00000040: 06 76 a6 09 cc a9 3a 8f f8 17 81 ff 28 08 5a 4c
00000050: 29 00 00 88 00 22 00 00 04 db 0b d3 9a ac 83 f3
00000060: e9 9d a9 11 c3 12 f6 df f6 ae 99 38 55 20 1f 83
00000070: c8 28 ed 14 f9 68 88 77 ac 78 36 41 7a d7 93 a7
00000080: ee 4c 6a d7 f2 50 24 f5 a8 7b 03 28 22 9f a4 66
00000090: 11 20 57 64 56 7c 36 3c 72 c7 91 0a 1c fd 64 54
000000A0: f1 17 97 6a 35 48 dc 8f 85 97 20 12 2f 35 55 58
000000B0: 9b ca 7a 84 f3 01 cf ca 78 e7 41 87 d3 3f 0f 2b
000000C0: 6d 78 59 ad f2 f2 c2 97 db 0b 75 6e 00 38 a2 72
000000D0: 8d 17 6b 44 f9 8b 95 66 00 00 00 0c 00 00 40 01
000000E0: 00 00 00 04 00
(10) Encrypts plaintext using K3i as K_msg, resulted in ciphertext
Smyslov Expires 9 June 2023 [Page 31]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: 00 16 cf 92 8a 87 4c 02 79 31 04 22 c3 d9 5f fd
00000010: 5a 19 23 62 25 d1 99 c2 af 75 4d f1 3c ac c0 c1
00000020: c7 db d0 fd 93 ac 6d 25 b4 19 01 e6 df e8 51 c2
00000030: 88 a9 8a 26 92 98 ec ce c1 2f cf ca ce 9b 5a 6d
00000040: 4c 8b cf 97 63 5a a3 e6 46 49 0f 1f 05 54 00 49
00000050: 6b d8 14 f4 e2 ee b3 66 2a 13 9b dd 63 53 7a 82
00000060: 2a d8 bf 48 aa db 79 21 d3 d8 ac b1 ac 8f 9b 41
00000070: a7 49 81 95 d7 54 46 e2 00 9b 17 3a ab 9a 4c 8f
00000080: 19 9e ac 61 cc f6 02 47 a1 7e f4 48 5b e7 3c a7
00000090: 53 dc 03 9e ea 5f c4 99 60 6e db 6a 21 fe 7c 7b
000000A0: 11 ed bf 44 59 73 fa 65 01 98 e4 e6 10 63 87 27
000000B0: 8b f0 8c bb 94 52 dd 97 ee dc ce 88 c4 45 b4 16
000000C0: f2 8b d4 74 cb 46 38 57 f4 44 88 23 44 06 d9 91
000000D0: 00 ea 81 2c e7 f6 66 0f a8 45 0f 1d 8c 2d f1 02
000000E0: a2 06 78 c7 e0
(11) Computes ICV using K3i as K_msg
00000000: b1 2f da a5 96 fa 27 ee 67 de 9e 95
(12) Composes IV
00000000: 00 00 00 00 00 00 00 01
(13) Sends message, peer receives message
10.111.10.171:54294->10.111.15.45:500 [281]
00000000: e9 d3 f3 78 19 1c 38 40 8d df f4 01 fb fb 0b 14
00000010: 2e 20 24 08 00 00 00 02 00 00 01 19 21 00 00 fd
00000020: 00 00 00 00 00 00 00 01 00 16 cf 92 8a 87 4c 02
00000030: 79 31 04 22 c3 d9 5f fd 5a 19 23 62 25 d1 99 c2
00000040: af 75 4d f1 3c ac c0 c1 c7 db d0 fd 93 ac 6d 25
00000050: b4 19 01 e6 df e8 51 c2 88 a9 8a 26 92 98 ec ce
00000060: c1 2f cf ca ce 9b 5a 6d 4c 8b cf 97 63 5a a3 e6
00000070: 46 49 0f 1f 05 54 00 49 6b d8 14 f4 e2 ee b3 66
00000080: 2a 13 9b dd 63 53 7a 82 2a d8 bf 48 aa db 79 21
00000090: d3 d8 ac b1 ac 8f 9b 41 a7 49 81 95 d7 54 46 e2
000000A0: 00 9b 17 3a ab 9a 4c 8f 19 9e ac 61 cc f6 02 47
000000B0: a1 7e f4 48 5b e7 3c a7 53 dc 03 9e ea 5f c4 99
000000C0: 60 6e db 6a 21 fe 7c 7b 11 ed bf 44 59 73 fa 65
000000D0: 01 98 e4 e6 10 63 87 27 8b f0 8c bb 94 52 dd 97
000000E0: ee dc ce 88 c4 45 b4 16 f2 8b d4 74 cb 46 38 57
000000F0: f4 44 88 23 44 06 d9 91 00 ea 81 2c e7 f6 66 0f
00000100: a8 45 0f 1d 8c 2d f1 02 a2 06 78 c7 e0 b1 2f da
00000110: a5 96 fa 27 ee 67 de 9e 95
Responder's actions:
Smyslov Expires 9 June 2023 [Page 32]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
(14) Extracts IV from message
00000000: 00 00 00 00 00 00 00 01
(15) Uses previously computed key K3i
00000000: 36 ff fa db 84 a9 f1 21 d5 84 16 db eb af 21 a2
00000010: 12 6d 5c 35 95 fe 89 cf 27 47 52 8a b7 36 92 d4
(16) Composes MGM nonce
00000000: 00 00 00 01 83 00 37 c3 08 01 7e c3 0a 71 62 01
(17) Extracts ICV from message
00000000: b1 2f da a5 96 fa 27 ee 67 de 9e 95
(18) Extracts AAD from message
00000000: e9 d3 f3 78 19 1c 38 40 8d df f4 01 fb fb 0b 14
00000010: 2e 20 24 08 00 00 00 02 00 00 01 19 21 00 00 fd
(19) Extracts ciphertext from message
00000000: 00 16 cf 92 8a 87 4c 02 79 31 04 22 c3 d9 5f fd
00000010: 5a 19 23 62 25 d1 99 c2 af 75 4d f1 3c ac c0 c1
00000020: c7 db d0 fd 93 ac 6d 25 b4 19 01 e6 df e8 51 c2
00000030: 88 a9 8a 26 92 98 ec ce c1 2f cf ca ce 9b 5a 6d
00000040: 4c 8b cf 97 63 5a a3 e6 46 49 0f 1f 05 54 00 49
00000050: 6b d8 14 f4 e2 ee b3 66 2a 13 9b dd 63 53 7a 82
00000060: 2a d8 bf 48 aa db 79 21 d3 d8 ac b1 ac 8f 9b 41
00000070: a7 49 81 95 d7 54 46 e2 00 9b 17 3a ab 9a 4c 8f
00000080: 19 9e ac 61 cc f6 02 47 a1 7e f4 48 5b e7 3c a7
00000090: 53 dc 03 9e ea 5f c4 99 60 6e db 6a 21 fe 7c 7b
000000A0: 11 ed bf 44 59 73 fa 65 01 98 e4 e6 10 63 87 27
000000B0: 8b f0 8c bb 94 52 dd 97 ee dc ce 88 c4 45 b4 16
000000C0: f2 8b d4 74 cb 46 38 57 f4 44 88 23 44 06 d9 91
000000D0: 00 ea 81 2c e7 f6 66 0f a8 45 0f 1d 8c 2d f1 02
000000E0: a2 06 78 c7 e0
(20) Decrypts ciphertext and verifies ICV using K3i as K_msg,
resulted in plaintext
Smyslov Expires 9 June 2023 [Page 33]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: 28 00 00 2c 00 00 00 28 01 01 08 03 43 87 64 8d
00000010: 6c 9e 28 ff 03 00 00 08 01 00 00 20 03 00 00 08
00000020: 02 00 00 09 00 00 00 08 04 00 00 22 22 00 00 24
00000030: 6c 83 67 41 1b 45 94 1d 79 94 51 2d 3f 7d 1e ce
00000040: 06 76 a6 09 cc a9 3a 8f f8 17 81 ff 28 08 5a 4c
00000050: 29 00 00 88 00 22 00 00 04 db 0b d3 9a ac 83 f3
00000060: e9 9d a9 11 c3 12 f6 df f6 ae 99 38 55 20 1f 83
00000070: c8 28 ed 14 f9 68 88 77 ac 78 36 41 7a d7 93 a7
00000080: ee 4c 6a d7 f2 50 24 f5 a8 7b 03 28 22 9f a4 66
00000090: 11 20 57 64 56 7c 36 3c 72 c7 91 0a 1c fd 64 54
000000A0: f1 17 97 6a 35 48 dc 8f 85 97 20 12 2f 35 55 58
000000B0: 9b ca 7a 84 f3 01 cf ca 78 e7 41 87 d3 3f 0f 2b
000000C0: 6d 78 59 ad f2 f2 c2 97 db 0b 75 6e 00 38 a2 72
000000D0: 8d 17 6b 44 f9 8b 95 66 00 00 00 0c 00 00 40 01
000000E0: 00 00 00 04 00
(21) Parses received message
Create Child SA
E9D3F378191C3840.8DDFF401FBFB0B14.00000002 IKEv2 I->R[281]
E[253]{
SA[44]{
P[40](#1:IKE:4387648D6C9E28FF:3#){
Encryption=ENCR_KUZNYECHIK_MGM_KTREE,
PRF=PRF_HMAC_STREEBOG_512,
KE=GOST3410_2012_512}},
NONCE[36]{6C8367...085A4C},
KE[136](GOST3410_2012_512){04DB0B...8B9566},
N[12](SET_WINDOW_SIZE){4}}
(22) Generates random SPIr for new IKE SA
00000000: 82 d9 fa f8 74 49 b9 36
(23) Generates random IKE nonce Nr
00000000: 5a 2d d2 68 c6 85 5d 32 d4 7b 0b 8e ae 7d c9 81
00000010: be 3e 69 c1 bb f5 ae 89 55 59 c7 48 bc 96 43 7b
(24) Generates ephemeral private key
00000000: b9 ea c6 c1 84 db 39 54 e3 e7 74 be 02 e0 c9 0b
00000010: 5c b9 72 03 d4 fc a2 3f b6 cf 71 8d 4f f4 b4 c5
00000020: 21 1c 93 f9 86 cc 6b cb db ff 78 51 5b b6 48 e8
00000030: 44 ce c0 83 c9 d0 b8 90 08 94 db 29 9f bb c2 1a
(25) Computes public key
Smyslov Expires 9 June 2023 [Page 34]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: b9 f9 27 a8 96 70 7a 03 58 c2 39 58 63 2d 50 20
00000010: bf 69 c0 1d a6 de d4 4d 65 aa 26 c6 8f 9f e9 e9
00000020: 4b bb da 1d 2f d3 60 2d 18 33 04 9b b2 25 a6 07
00000030: ac 58 1b fc 3c 5b 1e f3 4b c0 f9 cb 90 14 c6 80
00000040: 6e c3 73 c1 4a f7 5c 27 dd 2a e1 ba 94 9c f7 06
00000050: 68 92 19 8e 85 67 f9 d2 d1 ea 3c 16 16 b9 3f 0c
00000060: 8b 2d 2e d6 20 14 7e 27 18 d3 23 9e 2a 99 41 40
00000070: 6a 41 c5 3f 79 9c a7 22 79 15 98 1d 98 b5 ac 4a
(26) Computes shared key
00000000: dd e7 44 39 1c d9 66 cf d2 24 a4 bb 0a 57 b3 3e
00000010: 1a 8f 5d 07 11 4d c3 47 87 1a 13 ec 84 26 03 f8
00000020: ea 93 5a f5 23 a3 45 71 ff 5f f2 3d 59 43 3a 5e
00000030: eb 5e 79 fa 0e 62 9e bc af ca e4 ee 7a 81 3a 84
(27) Computes SKEYSEED for new SA
00000000: ec 5f 4f 15 ce d7 7d 2f 12 fb a1 df 5f 44 aa 88
00000010: 6a ef 45 e4 04 97 86 95 15 1b 3c ac 31 cc 57 a3
00000020: f0 f4 92 89 33 00 76 2b e9 fd 8b c2 ed 8b e7 36
00000030: cb 17 59 55 9e cc 22 14 72 a5 79 27 27 1d 06 62
(28) Computes SK_d for new SA
00000000: 08 58 14 7d eb c9 41 7f 7f a2 86 66 bf d4 76 37
00000010: 04 27 4e bc 5d 63 f7 07 79 62 69 7a 69 3c da 7a
00000020: d5 4d 6f 08 1e 14 51 66 2f 94 0d bd 29 45 9c b0
00000030: 51 26 09 4b 47 52 ba 19 98 a5 c2 65 af 84 a1 34
(29) Computes SK_ei for new SA
00000000: 18 0a 4f 98 7d a4 21 6c 68 84 94 1f d9 28 49 b9
00000010: 05 30 f8 aa 43 02 7e 0d aa d3 27 e9 8c 9a 39 9a
00000020: 03 a0 05 b7 b2 2d f9 90 bb 6c ff ca
(30) Computes SK_er for new SA
00000000: 47 dc aa 71 4a 8b 66 13 d8 09 79 c7 8c 72 0a 78
00000010: 06 48 6d 4f 1f 53 3a 91 1d b7 2c 86 f5 f1 4e 00
00000020: 84 57 87 2b 38 70 63 27 8c dd 88 78
(31) Creates message
Smyslov Expires 9 June 2023 [Page 35]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
Create Child SA
E9D3F378191C3840.8DDFF401FBFB0B14.00000002 IKEv2 I<=R[281]
E[253]{
SA[44]{
P[40](#1:IKE:82D9FAF87449B936:3#){
Encryption=ENCR_KUZNYECHIK_MGM_KTREE,
PRF=PRF_HMAC_STREEBOG_512,
KE=GOST3410_2012_512}},
NONCE[36]{5A2DD2...96437B},
KE[136](GOST3410_2012_512){B9F927...B5AC4A},
N[12](SET_WINDOW_SIZE){64}}
(32) Uses previously computed key K3r
00000000: e8 af 72 c4 c3 55 a2 6a fb ad 37 fd b4 b9 7f d6
00000010: f6 c8 cc 32 3f 50 32 40 06 86 ce 85 1b 02 28 f3
(33) Composes MGM nonce
00000000: 00 00 00 01 65 20 72 e7 0a 1e ff 7d da ba 17 31
(34) Composes AAD
00000000: e9 d3 f3 78 19 1c 38 40 8d df f4 01 fb fb 0b 14
00000010: 2e 20 24 20 00 00 00 02 00 00 01 19 21 00 00 fd
(35) Composes plaintext
00000000: 28 00 00 2c 00 00 00 28 01 01 08 03 82 d9 fa f8
00000010: 74 49 b9 36 03 00 00 08 01 00 00 20 03 00 00 08
00000020: 02 00 00 09 00 00 00 08 04 00 00 22 22 00 00 24
00000030: 5a 2d d2 68 c6 85 5d 32 d4 7b 0b 8e ae 7d c9 81
00000040: be 3e 69 c1 bb f5 ae 89 55 59 c7 48 bc 96 43 7b
00000050: 29 00 00 88 00 22 00 00 b9 f9 27 a8 96 70 7a 03
00000060: 58 c2 39 58 63 2d 50 20 bf 69 c0 1d a6 de d4 4d
00000070: 65 aa 26 c6 8f 9f e9 e9 4b bb da 1d 2f d3 60 2d
00000080: 18 33 04 9b b2 25 a6 07 ac 58 1b fc 3c 5b 1e f3
00000090: 4b c0 f9 cb 90 14 c6 80 6e c3 73 c1 4a f7 5c 27
000000A0: dd 2a e1 ba 94 9c f7 06 68 92 19 8e 85 67 f9 d2
000000B0: d1 ea 3c 16 16 b9 3f 0c 8b 2d 2e d6 20 14 7e 27
000000C0: 18 d3 23 9e 2a 99 41 40 6a 41 c5 3f 79 9c a7 22
000000D0: 79 15 98 1d 98 b5 ac 4a 00 00 00 0c 00 00 40 01
000000E0: 00 00 00 40 00
(36) Encrypts plaintext using K3r as K_msg, resulted in ciphertext
Smyslov Expires 9 June 2023 [Page 36]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: fd ee 4c 8f 78 ff b6 0c fc 65 bb ef db 53 56 a2
00000010: d3 2d 4f 59 ff 28 38 eb 76 0b 40 5e 8d 52 e8 c1
00000020: b9 75 22 b4 bb 71 8f 16 3a 97 0e 4d 95 ef bc 84
00000030: 46 c6 77 1e 4b 14 73 46 89 ed d4 b4 54 a2 64 19
00000040: 67 b2 98 7e 8b d4 45 31 17 1e e4 ae f4 24 44 42
00000050: dd 55 a0 49 fe 08 59 d0 a1 16 69 60 8a 8e 54 d2
00000060: 02 6d ae 17 5f 32 bf 14 78 f0 86 47 26 bf fb 6b
00000070: 7c 17 f7 f5 62 b6 d6 a0 e5 f3 c2 af b5 28 ee d0
00000080: 9b 22 8c e6 d0 58 4d 48 18 6d dd 3e 4e 33 66 ac
00000090: a2 29 1f 3b 62 4a e6 4a 8c 98 18 8b 21 73 a5 88
000000A0: 49 09 3b 27 88 20 40 6b a5 fc 08 37 c7 ac c9 0f
000000B0: 5d 69 87 7c 37 c8 c7 fd d8 72 6d ad ac 22 27 ca
000000C0: 93 d6 bd 6a 55 2a 1a 8b 2e 84 b4 0a 35 d3 ac d5
000000D0: 99 c9 ac d5 6f 03 94 bf ca f5 53 e5 a5 74 57 de
000000E0: 6a 5a 26 b8 e4
(37) Computes ICV using K3r as K_msg
00000000: 04 2f 99 3f 02 19 56 c4 0d 0b 7a 45
(38) Composes IV
00000000: 00 00 00 00 00 00 00 01
(39) Sends message, peer receives message
10.111.10.171:54294<-10.111.15.45:500 [281]
00000000: e9 d3 f3 78 19 1c 38 40 8d df f4 01 fb fb 0b 14
00000010: 2e 20 24 20 00 00 00 02 00 00 01 19 21 00 00 fd
00000020: 00 00 00 00 00 00 00 01 fd ee 4c 8f 78 ff b6 0c
00000030: fc 65 bb ef db 53 56 a2 d3 2d 4f 59 ff 28 38 eb
00000040: 76 0b 40 5e 8d 52 e8 c1 b9 75 22 b4 bb 71 8f 16
00000050: 3a 97 0e 4d 95 ef bc 84 46 c6 77 1e 4b 14 73 46
00000060: 89 ed d4 b4 54 a2 64 19 67 b2 98 7e 8b d4 45 31
00000070: 17 1e e4 ae f4 24 44 42 dd 55 a0 49 fe 08 59 d0
00000080: a1 16 69 60 8a 8e 54 d2 02 6d ae 17 5f 32 bf 14
00000090: 78 f0 86 47 26 bf fb 6b 7c 17 f7 f5 62 b6 d6 a0
000000A0: e5 f3 c2 af b5 28 ee d0 9b 22 8c e6 d0 58 4d 48
000000B0: 18 6d dd 3e 4e 33 66 ac a2 29 1f 3b 62 4a e6 4a
000000C0: 8c 98 18 8b 21 73 a5 88 49 09 3b 27 88 20 40 6b
000000D0: a5 fc 08 37 c7 ac c9 0f 5d 69 87 7c 37 c8 c7 fd
000000E0: d8 72 6d ad ac 22 27 ca 93 d6 bd 6a 55 2a 1a 8b
000000F0: 2e 84 b4 0a 35 d3 ac d5 99 c9 ac d5 6f 03 94 bf
00000100: ca f5 53 e5 a5 74 57 de 6a 5a 26 b8 e4 04 2f 99
00000110: 3f 02 19 56 c4 0d 0b 7a 45
Initiator's actions:
Smyslov Expires 9 June 2023 [Page 37]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
(40) Extracts IV from message
00000000: 00 00 00 00 00 00 00 01
(41) Uses previously computed key K3r
00000000: e8 af 72 c4 c3 55 a2 6a fb ad 37 fd b4 b9 7f d6
00000010: f6 c8 cc 32 3f 50 32 40 06 86 ce 85 1b 02 28 f3
(42) Composes MGM nonce
00000000: 00 00 00 01 65 20 72 e7 0a 1e ff 7d da ba 17 31
(43) Extracts ICV from message
00000000: 04 2f 99 3f 02 19 56 c4 0d 0b 7a 45
(44) Extracts AAD from message
00000000: e9 d3 f3 78 19 1c 38 40 8d df f4 01 fb fb 0b 14
00000010: 2e 20 24 20 00 00 00 02 00 00 01 19 21 00 00 fd
(45) Extracts ciphertext from message
00000000: fd ee 4c 8f 78 ff b6 0c fc 65 bb ef db 53 56 a2
00000010: d3 2d 4f 59 ff 28 38 eb 76 0b 40 5e 8d 52 e8 c1
00000020: b9 75 22 b4 bb 71 8f 16 3a 97 0e 4d 95 ef bc 84
00000030: 46 c6 77 1e 4b 14 73 46 89 ed d4 b4 54 a2 64 19
00000040: 67 b2 98 7e 8b d4 45 31 17 1e e4 ae f4 24 44 42
00000050: dd 55 a0 49 fe 08 59 d0 a1 16 69 60 8a 8e 54 d2
00000060: 02 6d ae 17 5f 32 bf 14 78 f0 86 47 26 bf fb 6b
00000070: 7c 17 f7 f5 62 b6 d6 a0 e5 f3 c2 af b5 28 ee d0
00000080: 9b 22 8c e6 d0 58 4d 48 18 6d dd 3e 4e 33 66 ac
00000090: a2 29 1f 3b 62 4a e6 4a 8c 98 18 8b 21 73 a5 88
000000A0: 49 09 3b 27 88 20 40 6b a5 fc 08 37 c7 ac c9 0f
000000B0: 5d 69 87 7c 37 c8 c7 fd d8 72 6d ad ac 22 27 ca
000000C0: 93 d6 bd 6a 55 2a 1a 8b 2e 84 b4 0a 35 d3 ac d5
000000D0: 99 c9 ac d5 6f 03 94 bf ca f5 53 e5 a5 74 57 de
000000E0: 6a 5a 26 b8 e4
(46) Decrypts ciphertext and verifies ICV using K3r as K_msg,
resulted in plaintext
Smyslov Expires 9 June 2023 [Page 38]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: 28 00 00 2c 00 00 00 28 01 01 08 03 82 d9 fa f8
00000010: 74 49 b9 36 03 00 00 08 01 00 00 20 03 00 00 08
00000020: 02 00 00 09 00 00 00 08 04 00 00 22 22 00 00 24
00000030: 5a 2d d2 68 c6 85 5d 32 d4 7b 0b 8e ae 7d c9 81
00000040: be 3e 69 c1 bb f5 ae 89 55 59 c7 48 bc 96 43 7b
00000050: 29 00 00 88 00 22 00 00 b9 f9 27 a8 96 70 7a 03
00000060: 58 c2 39 58 63 2d 50 20 bf 69 c0 1d a6 de d4 4d
00000070: 65 aa 26 c6 8f 9f e9 e9 4b bb da 1d 2f d3 60 2d
00000080: 18 33 04 9b b2 25 a6 07 ac 58 1b fc 3c 5b 1e f3
00000090: 4b c0 f9 cb 90 14 c6 80 6e c3 73 c1 4a f7 5c 27
000000A0: dd 2a e1 ba 94 9c f7 06 68 92 19 8e 85 67 f9 d2
000000B0: d1 ea 3c 16 16 b9 3f 0c 8b 2d 2e d6 20 14 7e 27
000000C0: 18 d3 23 9e 2a 99 41 40 6a 41 c5 3f 79 9c a7 22
000000D0: 79 15 98 1d 98 b5 ac 4a 00 00 00 0c 00 00 40 01
000000E0: 00 00 00 40 00
(47) Parses received message
Create Child SA
E9D3F378191C3840.8DDFF401FBFB0B14.00000002 IKEv2 R=>I[281]
E[253]{
SA[44]{
P[40](#1:IKE:82D9FAF87449B936:3#){
Encryption=ENCR_KUZNYECHIK_MGM_KTREE,
PRF=PRF_HMAC_STREEBOG_512,
KE=GOST3410_2012_512}},
NONCE[36]{5A2DD2...96437B},
KE[136](GOST3410_2012_512){B9F927...B5AC4A},
N[12](SET_WINDOW_SIZE){64}}
(48) Computes shared key
00000000: dd e7 44 39 1c d9 66 cf d2 24 a4 bb 0a 57 b3 3e
00000010: 1a 8f 5d 07 11 4d c3 47 87 1a 13 ec 84 26 03 f8
00000020: ea 93 5a f5 23 a3 45 71 ff 5f f2 3d 59 43 3a 5e
00000030: eb 5e 79 fa 0e 62 9e bc af ca e4 ee 7a 81 3a 84
(49) Computes SKEYSEED for new SA
00000000: ec 5f 4f 15 ce d7 7d 2f 12 fb a1 df 5f 44 aa 88
00000010: 6a ef 45 e4 04 97 86 95 15 1b 3c ac 31 cc 57 a3
00000020: f0 f4 92 89 33 00 76 2b e9 fd 8b c2 ed 8b e7 36
00000030: cb 17 59 55 9e cc 22 14 72 a5 79 27 27 1d 06 62
(50) Computes SK_d for new SA
Smyslov Expires 9 June 2023 [Page 39]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: 08 58 14 7d eb c9 41 7f 7f a2 86 66 bf d4 76 37
00000010: 04 27 4e bc 5d 63 f7 07 79 62 69 7a 69 3c da 7a
00000020: d5 4d 6f 08 1e 14 51 66 2f 94 0d bd 29 45 9c b0
00000030: 51 26 09 4b 47 52 ba 19 98 a5 c2 65 af 84 a1 34
(51) Computes SK_ei for new SA
00000000: 18 0a 4f 98 7d a4 21 6c 68 84 94 1f d9 28 49 b9
00000010: 05 30 f8 aa 43 02 7e 0d aa d3 27 e9 8c 9a 39 9a
00000020: 03 a0 05 b7 b2 2d f9 90 bb 6c ff ca
(52) Computes SK_er for new SA
00000000: 47 dc aa 71 4a 8b 66 13 d8 09 79 c7 8c 72 0a 78
00000010: 06 48 6d 4f 1f 53 3a 91 1d b7 2c 86 f5 f1 4e 00
00000020: 84 57 87 2b 38 70 63 27 8c dd 88 78
Sub-scenario 3: ESP SAs rekeying with PFS using the CREATE_CHILD_SA
exchange.
Initiator Responder
HDR, SK {N(REKEY_SA), SAi, Ni,
KEi, TSi, TSr [,N+]} --->
<--- HDR, SK {SAr, Nr,
KEr, TSi, TSr [,N+]}
Initiator's actions:
(1) Generates random IKE nonce Ni
00000000: 59 52 b2 58 00 b7 d3 f9 c3 31 23 16 6f c2 d1 d7
00000010: 07 8b 99 fb 24 cf 24 30 a3 ce a6 fe d3 0f 20 9b
(2) Generates ephemeral private key
00000000: 2f b9 df 43 dc 50 f5 17 59 c0 c7 21 ac ca 03 7a
00000010: 55 87 f9 bb a6 5a 9e d4 46 98 15 c9 3a 6b 40 91
00000020: e6 99 f4 f2 e5 88 14 e7 d8 9f 98 b1 59 21 05 52
00000030: f0 b0 ce dc 8e c6 db 1f 9d a9 4a 6d 95 f2 cb 3d
(3) Computes public key
Smyslov Expires 9 June 2023 [Page 40]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: 1c 55 08 b9 01 f5 76 6a 01 27 97 2d 38 b1 4a 5c
00000010: b7 43 f1 64 24 ef 76 75 50 ce 4f 6f 59 ca 96 ae
00000020: 54 85 9c 94 8d 04 91 62 3a 0c b6 6e 77 59 81 40
00000030: 69 bf bb 80 f7 7c 29 ee 9f 9e 0c 83 b6 08 fc 43
00000040: b8 c6 66 36 e5 eb a0 43 c2 56 fa 52 f9 99 b6 95
00000050: 34 4c cd 49 1f c7 83 9e d7 d9 ca e3 a5 d0 3c aa
00000060: e8 ee ed 2c dd 5c 81 49 ab 3c d4 fa 15 4e 29 5f
00000070: 7c cd b2 f1 c1 d2 6f 8f a7 74 4d 6a d8 8a c3 60
(4) Selects SPI for new incoming ESP SA
00000000: a4 fe 65 a1
(5) Creates message
Create Child SA
4387648D6C9E28FF.82D9FAF87449B936.00000000 IKEv2 R<-I[341]
E[313]{
N[12](ESP:0ADE5FCD:REKEY_SA),
SA[40]{
P[36](#1:ESP:A4FE65A1:3#){
Encryption=ENCR_KUZNYECHIK_MGM_KTREE,
KE=GOST3410_2012_512,
ESN=Off}},
NONCE[36]{5952B2...0F209B},
KE[136](GOST3410_2012_512){1C5508...8AC360},
TSi[24](1#){10.1.1.2},
TSr[24](1#){10.0.0.0-10.0.0.255},
N[8](ESP_TFC_PADDING_NOT_SUPPORTED),
N[8](NON_FIRST_FRAGMENTS_ALSO)}
(6) Computes K1i (i1 = 0)
00000000: 17 ec f1 84 33 9a c3 e3 93 e1 21 d7 65 3b 6c 83
00000010: d4 ae 9c 29 5b 12 cc b3 c5 0c 48 19 49 eb c0 ba
(7) Computes K2i (i2 = 0)
00000000: 2d 33 c0 55 87 f2 ee ce ac 1a f2 28 64 c6 f5 ad
00000010: de 2d be 7a a8 92 d0 a6 20 bc ef 25 29 7b 56 9f
(8) Computes K3i (i3 = 0)
00000000: c9 41 22 b5 39 b7 d2 3f c4 4d a6 ae 88 2e ff b4
00000010: f4 c0 90 9c bd bc 63 56 14 62 e8 8f 90 1a e7 eb
(9) Composes MGM nonce
Smyslov Expires 9 June 2023 [Page 41]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: 00 00 00 00 03 a0 05 b7 b2 2d f9 90 bb 6c ff ca
(10) Composes AAD
00000000: 43 87 64 8d 6c 9e 28 ff 82 d9 fa f8 74 49 b9 36
00000010: 2e 20 24 08 00 00 00 00 00 00 01 55 29 00 01 39
(11) Composes plaintext
00000000: 21 00 00 0c 03 04 40 09 0a de 5f cd 28 00 00 28
00000010: 00 00 00 24 01 03 04 03 a4 fe 65 a1 03 00 00 08
00000020: 01 00 00 20 03 00 00 08 04 00 00 22 00 00 00 08
00000030: 05 00 00 00 22 00 00 24 59 52 b2 58 00 b7 d3 f9
00000040: c3 31 23 16 6f c2 d1 d7 07 8b 99 fb 24 cf 24 30
00000050: a3 ce a6 fe d3 0f 20 9b 2c 00 00 88 00 22 00 00
00000060: 1c 55 08 b9 01 f5 76 6a 01 27 97 2d 38 b1 4a 5c
00000070: b7 43 f1 64 24 ef 76 75 50 ce 4f 6f 59 ca 96 ae
00000080: 54 85 9c 94 8d 04 91 62 3a 0c b6 6e 77 59 81 40
00000090: 69 bf bb 80 f7 7c 29 ee 9f 9e 0c 83 b6 08 fc 43
000000A0: b8 c6 66 36 e5 eb a0 43 c2 56 fa 52 f9 99 b6 95
000000B0: 34 4c cd 49 1f c7 83 9e d7 d9 ca e3 a5 d0 3c aa
000000C0: e8 ee ed 2c dd 5c 81 49 ab 3c d4 fa 15 4e 29 5f
000000D0: 7c cd b2 f1 c1 d2 6f 8f a7 74 4d 6a d8 8a c3 60
000000E0: 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff
000000F0: 0a 01 01 02 0a 01 01 02 29 00 00 18 01 00 00 00
00000100: 07 00 00 10 00 00 ff ff 0a 00 00 00 0a 00 00 ff
00000110: 29 00 00 08 00 00 40 0a 00 00 00 08 00 00 40 0b
00000120: 00
(12) Encrypts plaintext using K3i as K_msg, resulted in ciphertext
Smyslov Expires 9 June 2023 [Page 42]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: 00 9b 13 cb cb f1 18 53 fc 81 2e 75 c3 03 e0 ca
00000010: 55 c1 fb 55 c0 29 40 48 fc 20 f4 a8 51 5b 97 6b
00000020: c6 07 4c 7d 45 54 51 0f 18 7f 43 a4 df 4b e8 e3
00000030: b4 eb 68 24 4b f0 1c df 8f 1e a2 21 31 02 29 68
00000040: 38 4d 68 fd 42 66 34 3e 82 46 f0 17 02 bf 65 19
00000050: b0 f7 09 62 0d 12 6a 7e ad 76 57 0d 19 55 cf 01
00000060: 89 9c 7e f5 5a fa 20 4f 8c 6d a4 83 b9 94 ad 4e
00000070: 2a 46 08 5a 58 a1 4b 8e 53 2b a4 e6 3b fc 33 de
00000080: cf cb ee 50 6d a1 9f e4 94 06 19 39 39 6b 7e 4b
00000090: 83 f7 07 c0 bb 15 21 8d 8f 2d 5f 6c f6 97 68 21
000000A0: 3c ce c6 67 82 00 8f f3 d7 d6 c3 f2 87 47 b8 b9
000000B0: a3 0f f8 e2 0a 62 e8 f5 98 df bc f0 02 6a 3f 47
000000C0: c4 f0 24 a4 80 95 bf cf 32 5a a5 22 3c a5 a8 f1
000000D0: 57 d6 3b b8 06 1c b6 d7 c7 b3 58 e7 ee 69 eb 31
000000E0: d6 09 db 8b 8a 1d 2b a1 f7 46 e5 b9 99 13 73 30
000000F0: 1f ed 0c 82 4b cc ce 5e 25 79 1b ff 8b ca f0 b2
00000100: 1e 7e 70 03 66 c7 7b 6c 10 92 f2 34 b6 e9 ce bb
00000110: 65 ce d4 b5 99 f3 70 78 5f 06 f4 fe 0a 3c 00 28
00000120: 68
(13) Computes ICV using K3i as K_msg
00000000: fc 85 a4 7e 0b 41 77 54 ef 1a 03 cb
(14) Composes IV
00000000: 00 00 00 00 00 00 00 00
(15) Sends message, peer receives message
Smyslov Expires 9 June 2023 [Page 43]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
10.111.10.171:54294->10.111.15.45:500 [341]
00000000: 43 87 64 8d 6c 9e 28 ff 82 d9 fa f8 74 49 b9 36
00000010: 2e 20 24 08 00 00 00 00 00 00 01 55 29 00 01 39
00000020: 00 00 00 00 00 00 00 00 00 9b 13 cb cb f1 18 53
00000030: fc 81 2e 75 c3 03 e0 ca 55 c1 fb 55 c0 29 40 48
00000040: fc 20 f4 a8 51 5b 97 6b c6 07 4c 7d 45 54 51 0f
00000050: 18 7f 43 a4 df 4b e8 e3 b4 eb 68 24 4b f0 1c df
00000060: 8f 1e a2 21 31 02 29 68 38 4d 68 fd 42 66 34 3e
00000070: 82 46 f0 17 02 bf 65 19 b0 f7 09 62 0d 12 6a 7e
00000080: ad 76 57 0d 19 55 cf 01 89 9c 7e f5 5a fa 20 4f
00000090: 8c 6d a4 83 b9 94 ad 4e 2a 46 08 5a 58 a1 4b 8e
000000A0: 53 2b a4 e6 3b fc 33 de cf cb ee 50 6d a1 9f e4
000000B0: 94 06 19 39 39 6b 7e 4b 83 f7 07 c0 bb 15 21 8d
000000C0: 8f 2d 5f 6c f6 97 68 21 3c ce c6 67 82 00 8f f3
000000D0: d7 d6 c3 f2 87 47 b8 b9 a3 0f f8 e2 0a 62 e8 f5
000000E0: 98 df bc f0 02 6a 3f 47 c4 f0 24 a4 80 95 bf cf
000000F0: 32 5a a5 22 3c a5 a8 f1 57 d6 3b b8 06 1c b6 d7
00000100: c7 b3 58 e7 ee 69 eb 31 d6 09 db 8b 8a 1d 2b a1
00000110: f7 46 e5 b9 99 13 73 30 1f ed 0c 82 4b cc ce 5e
00000120: 25 79 1b ff 8b ca f0 b2 1e 7e 70 03 66 c7 7b 6c
00000130: 10 92 f2 34 b6 e9 ce bb 65 ce d4 b5 99 f3 70 78
00000140: 5f 06 f4 fe 0a 3c 00 28 68 fc 85 a4 7e 0b 41 77
00000150: 54 ef 1a 03 cb
Responder's actions:
(16) Extracts IV from message
00000000: 00 00 00 00 00 00 00 00
(17) Computes K1i (i1 = 0)
00000000: 17 ec f1 84 33 9a c3 e3 93 e1 21 d7 65 3b 6c 83
00000010: d4 ae 9c 29 5b 12 cc b3 c5 0c 48 19 49 eb c0 ba
(18) Computes K2i (i2 = 0)
00000000: 2d 33 c0 55 87 f2 ee ce ac 1a f2 28 64 c6 f5 ad
00000010: de 2d be 7a a8 92 d0 a6 20 bc ef 25 29 7b 56 9f
(19) Computes K3i (i3 = 0)
00000000: c9 41 22 b5 39 b7 d2 3f c4 4d a6 ae 88 2e ff b4
00000010: f4 c0 90 9c bd bc 63 56 14 62 e8 8f 90 1a e7 eb
(20) Composes MGM nonce
Smyslov Expires 9 June 2023 [Page 44]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: 00 00 00 00 03 a0 05 b7 b2 2d f9 90 bb 6c ff ca
(21) Extracts ICV from message
00000000: fc 85 a4 7e 0b 41 77 54 ef 1a 03 cb
(22) Extracts AAD from message
00000000: 43 87 64 8d 6c 9e 28 ff 82 d9 fa f8 74 49 b9 36
00000010: 2e 20 24 08 00 00 00 00 00 00 01 55 29 00 01 39
(23) Extracts ciphertext from message
00000000: 00 9b 13 cb cb f1 18 53 fc 81 2e 75 c3 03 e0 ca
00000010: 55 c1 fb 55 c0 29 40 48 fc 20 f4 a8 51 5b 97 6b
00000020: c6 07 4c 7d 45 54 51 0f 18 7f 43 a4 df 4b e8 e3
00000030: b4 eb 68 24 4b f0 1c df 8f 1e a2 21 31 02 29 68
00000040: 38 4d 68 fd 42 66 34 3e 82 46 f0 17 02 bf 65 19
00000050: b0 f7 09 62 0d 12 6a 7e ad 76 57 0d 19 55 cf 01
00000060: 89 9c 7e f5 5a fa 20 4f 8c 6d a4 83 b9 94 ad 4e
00000070: 2a 46 08 5a 58 a1 4b 8e 53 2b a4 e6 3b fc 33 de
00000080: cf cb ee 50 6d a1 9f e4 94 06 19 39 39 6b 7e 4b
00000090: 83 f7 07 c0 bb 15 21 8d 8f 2d 5f 6c f6 97 68 21
000000A0: 3c ce c6 67 82 00 8f f3 d7 d6 c3 f2 87 47 b8 b9
000000B0: a3 0f f8 e2 0a 62 e8 f5 98 df bc f0 02 6a 3f 47
000000C0: c4 f0 24 a4 80 95 bf cf 32 5a a5 22 3c a5 a8 f1
000000D0: 57 d6 3b b8 06 1c b6 d7 c7 b3 58 e7 ee 69 eb 31
000000E0: d6 09 db 8b 8a 1d 2b a1 f7 46 e5 b9 99 13 73 30
000000F0: 1f ed 0c 82 4b cc ce 5e 25 79 1b ff 8b ca f0 b2
00000100: 1e 7e 70 03 66 c7 7b 6c 10 92 f2 34 b6 e9 ce bb
00000110: 65 ce d4 b5 99 f3 70 78 5f 06 f4 fe 0a 3c 00 28
00000120: 68
(24) Decrypts ciphertext and verifies ICV using K3i as K_msg,
resulted in plaintext
Smyslov Expires 9 June 2023 [Page 45]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: 21 00 00 0c 03 04 40 09 0a de 5f cd 28 00 00 28
00000010: 00 00 00 24 01 03 04 03 a4 fe 65 a1 03 00 00 08
00000020: 01 00 00 20 03 00 00 08 04 00 00 22 00 00 00 08
00000030: 05 00 00 00 22 00 00 24 59 52 b2 58 00 b7 d3 f9
00000040: c3 31 23 16 6f c2 d1 d7 07 8b 99 fb 24 cf 24 30
00000050: a3 ce a6 fe d3 0f 20 9b 2c 00 00 88 00 22 00 00
00000060: 1c 55 08 b9 01 f5 76 6a 01 27 97 2d 38 b1 4a 5c
00000070: b7 43 f1 64 24 ef 76 75 50 ce 4f 6f 59 ca 96 ae
00000080: 54 85 9c 94 8d 04 91 62 3a 0c b6 6e 77 59 81 40
00000090: 69 bf bb 80 f7 7c 29 ee 9f 9e 0c 83 b6 08 fc 43
000000A0: b8 c6 66 36 e5 eb a0 43 c2 56 fa 52 f9 99 b6 95
000000B0: 34 4c cd 49 1f c7 83 9e d7 d9 ca e3 a5 d0 3c aa
000000C0: e8 ee ed 2c dd 5c 81 49 ab 3c d4 fa 15 4e 29 5f
000000D0: 7c cd b2 f1 c1 d2 6f 8f a7 74 4d 6a d8 8a c3 60
000000E0: 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff
000000F0: 0a 01 01 02 0a 01 01 02 29 00 00 18 01 00 00 00
00000100: 07 00 00 10 00 00 ff ff 0a 00 00 00 0a 00 00 ff
00000110: 29 00 00 08 00 00 40 0a 00 00 00 08 00 00 40 0b
00000120: 00
(25) Parses received message
Create Child SA
4387648D6C9E28FF.82D9FAF87449B936.00000000 IKEv2 I->R[341]
E[313]{
N[12](ESP:0ADE5FCD:REKEY_SA),
SA[40]{
P[36](#1:ESP:A4FE65A1:3#){
Encryption=ENCR_KUZNYECHIK_MGM_KTREE,
KE=GOST3410_2012_512,
ESN=Off}},
NONCE[36]{5952B2...0F209B},
KE[136](GOST3410_2012_512){1C5508...8AC360},
TSi[24](1#){10.1.1.2},
TSr[24](1#){10.0.0.0-10.0.0.255},
N[8](ESP_TFC_PADDING_NOT_SUPPORTED),
N[8](NON_FIRST_FRAGMENTS_ALSO)}
(26) Generates random IKE nonce Nr
00000000: f1 c1 3f 5e c4 c9 70 81 cb 1f 57 fe af 3d 80 37
00000010: 92 a9 ff 96 db 8f 3f 31 0a db 84 d1 24 d5 94 12
(27) Generates ephemeral private key
Smyslov Expires 9 June 2023 [Page 46]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: 2e 75 2f 5d 6c f0 9a 59 af 47 8d e1 2a a5 aa f5
00000010: c1 ef 9a fb e0 16 5e d9 59 6a c5 96 e8 88 14 62
00000020: 03 81 90 4f 18 d1 60 18 fe dc 9a a1 61 b3 8b c0
00000030: bf e0 d9 a0 d5 2b f2 7b 6b 60 f5 b9 4d e9 0b 36
(28) Computes public key
00000000: de 1d 91 64 c3 3e 58 4a b3 3e 55 5d 3e f6 5b cb
00000010: b5 c6 1c 09 cb 9a 17 91 81 13 5f 46 ce 52 98 c5
00000020: 1e bb 77 96 c9 04 03 2d f4 e5 23 f9 75 e3 ef a8
00000030: 53 52 b4 75 9c 00 55 7b 09 75 49 55 c1 65 7c 4d
00000040: 67 77 00 0a bc cd bc 4c 34 c3 b3 85 ed 86 7d 3b
00000050: 9f f7 15 ea 55 b5 e4 1e 45 d9 b0 4f 69 3f ee 7c
00000060: 89 0e 09 3d 4b 35 2e 8a 3c 0c 33 20 c3 54 7b 44
00000070: db 9f c7 96 a0 1e 9e ae b4 bd 29 73 b6 80 2d 00
(29) Selects SPI for new incoming ESP SA
00000000: 29 0a 8e 3f
(30) Computes keys for new ESP SAs
00000000: 4e c4 99 c2 d9 e8 fc 7f 26 fa cf df 20 8f a2 5c
00000010: 85 f8 e3 0c f7 fd 11 5b 5f 80 ba c4 e6 70 8b e4
00000020: 0b 90 d7 8f bd d4 c5 bd c4 31 6f 0b
00000000: 3c cc d8 46 72 44 68 c6 41 84 d2 22 ea 39 7c e8
00000010: aa 83 66 11 3a 26 4d 7b 07 52 6b c7 65 25 73 9d
00000020: 0f 3d 80 bc 8c 34 ff 07 31 11 5e d2
(31) Creates message
Create Child SA
4387648D6C9E28FF.82D9FAF87449B936.00000000 IKEv2 I<=R[337]
E[309]{
SA[40]{
P[36](#1:ESP:290A8E3F:3#){
Encryption=ENCR_KUZNYECHIK_MGM_KTREE,
KE=GOST3410_2012_512,
ESN=Off}},
NONCE[36]{F1C13F...D59412},
KE[136](GOST3410_2012_512){DE1D91...802D00},
TSi[24](1#){10.1.1.2},
TSr[24](1#){10.0.0.0-10.0.0.255},
N[8](ADDITIONAL_TS_POSSIBLE),
N[8](ESP_TFC_PADDING_NOT_SUPPORTED),
N[8](NON_FIRST_FRAGMENTS_ALSO)}
(32) Computes K1r (i1 = 0)
Smyslov Expires 9 June 2023 [Page 47]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: 0c 45 d2 29 64 b8 72 57 11 10 3b a0 c2 66 d8 63
00000010: 34 f5 22 43 bf 6b 9a 1b 67 d6 d2 d8 fc 87 75 38
(33) Computes K2r (i2 = 0)
00000000: a9 92 d9 92 1f 15 13 bd db 61 83 43 58 2d dd e6
00000010: 66 28 4f 5d 71 47 a9 d4 8e 31 2e 95 37 f8 c5 d2
(34) Computes K3r (i3 = 0)
00000000: c1 ca 4f dd 2d 02 55 a4 11 9a 10 08 43 2d 61 ea
00000010: 52 68 83 c5 ec 92 53 24 01 b0 a2 0b d2 8f 72 78
(35) Composes MGM nonce
00000000: 00 00 00 00 84 57 87 2b 38 70 63 27 8c dd 88 78
(36) Composes AAD
00000000: 43 87 64 8d 6c 9e 28 ff 82 d9 fa f8 74 49 b9 36
00000010: 2e 20 24 20 00 00 00 00 00 00 01 51 21 00 01 35
(37) Composes plaintext
00000000: 28 00 00 28 00 00 00 24 01 03 04 03 29 0a 8e 3f
00000010: 03 00 00 08 01 00 00 20 03 00 00 08 04 00 00 22
00000020: 00 00 00 08 05 00 00 00 22 00 00 24 f1 c1 3f 5e
00000030: c4 c9 70 81 cb 1f 57 fe af 3d 80 37 92 a9 ff 96
00000040: db 8f 3f 31 0a db 84 d1 24 d5 94 12 2c 00 00 88
00000050: 00 22 00 00 de 1d 91 64 c3 3e 58 4a b3 3e 55 5d
00000060: 3e f6 5b cb b5 c6 1c 09 cb 9a 17 91 81 13 5f 46
00000070: ce 52 98 c5 1e bb 77 96 c9 04 03 2d f4 e5 23 f9
00000080: 75 e3 ef a8 53 52 b4 75 9c 00 55 7b 09 75 49 55
00000090: c1 65 7c 4d 67 77 00 0a bc cd bc 4c 34 c3 b3 85
000000A0: ed 86 7d 3b 9f f7 15 ea 55 b5 e4 1e 45 d9 b0 4f
000000B0: 69 3f ee 7c 89 0e 09 3d 4b 35 2e 8a 3c 0c 33 20
000000C0: c3 54 7b 44 db 9f c7 96 a0 1e 9e ae b4 bd 29 73
000000D0: b6 80 2d 00 2d 00 00 18 01 00 00 00 07 00 00 10
000000E0: 00 00 ff ff 0a 01 01 02 0a 01 01 02 29 00 00 18
000000F0: 01 00 00 00 07 00 00 10 00 00 ff ff 0a 00 00 00
00000100: 0a 00 00 ff 29 00 00 08 00 00 40 02 29 00 00 08
00000110: 00 00 40 0a 00 00 00 08 00 00 40 0b 00
(38) Encrypts plaintext using K3r as K_msg, resulted in ciphertext
Smyslov Expires 9 June 2023 [Page 48]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: 42 73 5f 2b 14 a0 27 ca 3c 90 67 80 3c 3d 99 02
00000010: 1c 08 c8 67 03 0f 69 f1 c3 64 43 a6 59 74 ce b0
00000020: d7 5d 29 58 53 3a f6 c3 20 04 56 ba 2e af 14 9b
00000030: 2d a3 93 15 2c e5 15 e6 59 2b 7f 47 94 7f 90 82
00000040: ce d3 64 cc 89 92 04 c6 bc 7b ce 61 c6 1d 7f a5
00000050: 45 1c 27 e6 0b 78 1a f2 75 8f 3e 47 53 8e d7 16
00000060: 11 f4 26 04 ae 5e d5 b8 84 b6 ac e6 20 28 da ca
00000070: da 84 fe 0d c4 4d 29 2f 58 30 fe 93 f6 59 04 4a
00000080: 9b aa 97 99 5b 5e 74 9c 5d 45 d5 99 42 16 8c ab
00000090: 62 cb 9f 14 5f f5 25 92 34 5c 8d 61 45 44 55 6d
000000A0: 3d 80 b0 39 f0 39 0b 43 8a f9 b7 b7 17 41 34 ce
000000B0: 36 bf e3 e7 1a 68 61 72 0e f1 91 24 89 ab d7 e9
000000C0: a9 b1 87 38 a1 c0 4c 42 4e 47 62 28 9e d7 1f 02
000000D0: 13 40 69 38 31 f1 91 87 ec 54 11 0a 2d d9 25 15
000000E0: 15 16 37 b7 71 94 11 49 5e f7 28 90 c5 1e 6b 07
000000F0: d9 cf 06 a2 a2 33 0e e0 25 67 db a6 17 11 27 60
00000100: c8 21 f7 79 63 aa b0 f9 7b 95 03 a7 8d 2e d7 df
00000110: 58 e7 30 ab d3 c8 f1 24 40 69 fc 3f bf
(39) Computes ICV using K3r as K_msg
00000000: 3a 2d 3c 6b 87 43 ed 6e 80 ab 27 e2
(40) Composes IV
00000000: 00 00 00 00 00 00 00 00
(41) Sends message, peer receives message
Smyslov Expires 9 June 2023 [Page 49]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
10.111.10.171:54294<-10.111.15.45:500 [337]
00000000: 43 87 64 8d 6c 9e 28 ff 82 d9 fa f8 74 49 b9 36
00000010: 2e 20 24 20 00 00 00 00 00 00 01 51 21 00 01 35
00000020: 00 00 00 00 00 00 00 00 42 73 5f 2b 14 a0 27 ca
00000030: 3c 90 67 80 3c 3d 99 02 1c 08 c8 67 03 0f 69 f1
00000040: c3 64 43 a6 59 74 ce b0 d7 5d 29 58 53 3a f6 c3
00000050: 20 04 56 ba 2e af 14 9b 2d a3 93 15 2c e5 15 e6
00000060: 59 2b 7f 47 94 7f 90 82 ce d3 64 cc 89 92 04 c6
00000070: bc 7b ce 61 c6 1d 7f a5 45 1c 27 e6 0b 78 1a f2
00000080: 75 8f 3e 47 53 8e d7 16 11 f4 26 04 ae 5e d5 b8
00000090: 84 b6 ac e6 20 28 da ca da 84 fe 0d c4 4d 29 2f
000000A0: 58 30 fe 93 f6 59 04 4a 9b aa 97 99 5b 5e 74 9c
000000B0: 5d 45 d5 99 42 16 8c ab 62 cb 9f 14 5f f5 25 92
000000C0: 34 5c 8d 61 45 44 55 6d 3d 80 b0 39 f0 39 0b 43
000000D0: 8a f9 b7 b7 17 41 34 ce 36 bf e3 e7 1a 68 61 72
000000E0: 0e f1 91 24 89 ab d7 e9 a9 b1 87 38 a1 c0 4c 42
000000F0: 4e 47 62 28 9e d7 1f 02 13 40 69 38 31 f1 91 87
00000100: ec 54 11 0a 2d d9 25 15 15 16 37 b7 71 94 11 49
00000110: 5e f7 28 90 c5 1e 6b 07 d9 cf 06 a2 a2 33 0e e0
00000120: 25 67 db a6 17 11 27 60 c8 21 f7 79 63 aa b0 f9
00000130: 7b 95 03 a7 8d 2e d7 df 58 e7 30 ab d3 c8 f1 24
00000140: 40 69 fc 3f bf 3a 2d 3c 6b 87 43 ed 6e 80 ab 27
00000150: e2
Initiator's actions:
(42) Extracts IV from message
00000000: 00 00 00 00 00 00 00 00
(43) Computes K1r (i1 = 0)
00000000: 0c 45 d2 29 64 b8 72 57 11 10 3b a0 c2 66 d8 63
00000010: 34 f5 22 43 bf 6b 9a 1b 67 d6 d2 d8 fc 87 75 38
(44) Computes K2r (i2 = 0)
00000000: a9 92 d9 92 1f 15 13 bd db 61 83 43 58 2d dd e6
00000010: 66 28 4f 5d 71 47 a9 d4 8e 31 2e 95 37 f8 c5 d2
(45) Computes K3r (i3 = 0)
00000000: c1 ca 4f dd 2d 02 55 a4 11 9a 10 08 43 2d 61 ea
00000010: 52 68 83 c5 ec 92 53 24 01 b0 a2 0b d2 8f 72 78
(46) Composes MGM nonce
Smyslov Expires 9 June 2023 [Page 50]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: 00 00 00 00 84 57 87 2b 38 70 63 27 8c dd 88 78
(47) Extracts ICV from message
00000000: 3a 2d 3c 6b 87 43 ed 6e 80 ab 27 e2
(48) Extracts AAD from message
00000000: 43 87 64 8d 6c 9e 28 ff 82 d9 fa f8 74 49 b9 36
00000010: 2e 20 24 20 00 00 00 00 00 00 01 51 21 00 01 35
(49) Extracts ciphertext from message
00000000: 42 73 5f 2b 14 a0 27 ca 3c 90 67 80 3c 3d 99 02
00000010: 1c 08 c8 67 03 0f 69 f1 c3 64 43 a6 59 74 ce b0
00000020: d7 5d 29 58 53 3a f6 c3 20 04 56 ba 2e af 14 9b
00000030: 2d a3 93 15 2c e5 15 e6 59 2b 7f 47 94 7f 90 82
00000040: ce d3 64 cc 89 92 04 c6 bc 7b ce 61 c6 1d 7f a5
00000050: 45 1c 27 e6 0b 78 1a f2 75 8f 3e 47 53 8e d7 16
00000060: 11 f4 26 04 ae 5e d5 b8 84 b6 ac e6 20 28 da ca
00000070: da 84 fe 0d c4 4d 29 2f 58 30 fe 93 f6 59 04 4a
00000080: 9b aa 97 99 5b 5e 74 9c 5d 45 d5 99 42 16 8c ab
00000090: 62 cb 9f 14 5f f5 25 92 34 5c 8d 61 45 44 55 6d
000000A0: 3d 80 b0 39 f0 39 0b 43 8a f9 b7 b7 17 41 34 ce
000000B0: 36 bf e3 e7 1a 68 61 72 0e f1 91 24 89 ab d7 e9
000000C0: a9 b1 87 38 a1 c0 4c 42 4e 47 62 28 9e d7 1f 02
000000D0: 13 40 69 38 31 f1 91 87 ec 54 11 0a 2d d9 25 15
000000E0: 15 16 37 b7 71 94 11 49 5e f7 28 90 c5 1e 6b 07
000000F0: d9 cf 06 a2 a2 33 0e e0 25 67 db a6 17 11 27 60
00000100: c8 21 f7 79 63 aa b0 f9 7b 95 03 a7 8d 2e d7 df
00000110: 58 e7 30 ab d3 c8 f1 24 40 69 fc 3f bf
(50) Decrypts ciphertext and verifies ICV using K3r as K_msg,
resulted in plaintext
Smyslov Expires 9 June 2023 [Page 51]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: 28 00 00 28 00 00 00 24 01 03 04 03 29 0a 8e 3f
00000010: 03 00 00 08 01 00 00 20 03 00 00 08 04 00 00 22
00000020: 00 00 00 08 05 00 00 00 22 00 00 24 f1 c1 3f 5e
00000030: c4 c9 70 81 cb 1f 57 fe af 3d 80 37 92 a9 ff 96
00000040: db 8f 3f 31 0a db 84 d1 24 d5 94 12 2c 00 00 88
00000050: 00 22 00 00 de 1d 91 64 c3 3e 58 4a b3 3e 55 5d
00000060: 3e f6 5b cb b5 c6 1c 09 cb 9a 17 91 81 13 5f 46
00000070: ce 52 98 c5 1e bb 77 96 c9 04 03 2d f4 e5 23 f9
00000080: 75 e3 ef a8 53 52 b4 75 9c 00 55 7b 09 75 49 55
00000090: c1 65 7c 4d 67 77 00 0a bc cd bc 4c 34 c3 b3 85
000000A0: ed 86 7d 3b 9f f7 15 ea 55 b5 e4 1e 45 d9 b0 4f
000000B0: 69 3f ee 7c 89 0e 09 3d 4b 35 2e 8a 3c 0c 33 20
000000C0: c3 54 7b 44 db 9f c7 96 a0 1e 9e ae b4 bd 29 73
000000D0: b6 80 2d 00 2d 00 00 18 01 00 00 00 07 00 00 10
000000E0: 00 00 ff ff 0a 01 01 02 0a 01 01 02 29 00 00 18
000000F0: 01 00 00 00 07 00 00 10 00 00 ff ff 0a 00 00 00
00000100: 0a 00 00 ff 29 00 00 08 00 00 40 02 29 00 00 08
00000110: 00 00 40 0a 00 00 00 08 00 00 40 0b 00
(51) Parses received message
Create Child SA
4387648D6C9E28FF.82D9FAF87449B936.00000000 IKEv2 R=>I[337]
E[309]{
SA[40]{
P[36](#1:ESP:290A8E3F:3#){
Encryption=ENCR_KUZNYECHIK_MGM_KTREE,
KE=GOST3410_2012_512,
ESN=Off}},
NONCE[36]{F1C13F...D59412},
KE[136](GOST3410_2012_512){DE1D91...802D00},
TSi[24](1#){10.1.1.2},
TSr[24](1#){10.0.0.0-10.0.0.255},
N[8](ADDITIONAL_TS_POSSIBLE),
N[8](ESP_TFC_PADDING_NOT_SUPPORTED),
N[8](NON_FIRST_FRAGMENTS_ALSO)}
(52) Computes keys for new ESP SAs
00000000: 4e c4 99 c2 d9 e8 fc 7f 26 fa cf df 20 8f a2 5c
00000010: 85 f8 e3 0c f7 fd 11 5b 5f 80 ba c4 e6 70 8b e4
00000020: 0b 90 d7 8f bd d4 c5 bd c4 31 6f 0b
00000000: 3c cc d8 46 72 44 68 c6 41 84 d2 22 ea 39 7c e8
00000010: aa 83 66 11 3a 26 4d 7b 07 52 6b c7 65 25 73 9d
00000020: 0f 3d 80 bc 8c 34 ff 07 31 11 5e d2
Smyslov Expires 9 June 2023 [Page 52]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
Sub-scenario 4: IKE SA deletion using the INFORMATIONAL exchange.
Initiator Responder
HDR, SK {D} --->
<--- HDR, SK { }
Initiator's actions:
(1) Creates message
Informational
4387648D6C9E28FF.82D9FAF87449B936.00000003 IKEv2 R<-I[61]
E[33]{
D[8](IKE)}
(2) Uses previously computed key K3i
00000000: c9 41 22 b5 39 b7 d2 3f c4 4d a6 ae 88 2e ff b4
00000010: f4 c0 90 9c bd bc 63 56 14 62 e8 8f 90 1a e7 eb
(3) Composes MGM nonce
00000000: 00 00 00 03 03 a0 05 b7 b2 2d f9 90 bb 6c ff ca
(4) Composes AAD
00000000: 43 87 64 8d 6c 9e 28 ff 82 d9 fa f8 74 49 b9 36
00000010: 2e 20 25 08 00 00 00 03 00 00 00 3d 2a 00 00 21
(5) Composes plaintext
00000000: 00 00 00 08 01 00 00 00 00
(6) Encrypts plaintext using K3i as K_msg, resulted in ciphertext
00000000: 3e 17 6f 6c 23 48 06 e9 fd
(7) Computes ICV using K3i as K_msg
00000000: 23 7b a2 fc d5 1c 6f 2c c0 1e 21 e4
(8) Composes IV
00000000: 00 00 00 00 00 00 00 03
(9) Sends message, peer receives message
Smyslov Expires 9 June 2023 [Page 53]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
10.111.10.171:54294->10.111.15.45:500 [61]
00000000: 43 87 64 8d 6c 9e 28 ff 82 d9 fa f8 74 49 b9 36
00000010: 2e 20 25 08 00 00 00 03 00 00 00 3d 2a 00 00 21
00000020: 00 00 00 00 00 00 00 03 3e 17 6f 6c 23 48 06 e9
00000030: fd 23 7b a2 fc d5 1c 6f 2c c0 1e 21 e4
Responder's actions:
(10) Extracts IV from message
00000000: 00 00 00 00 00 00 00 03
(11) Uses previously computed key K3i
00000000: c9 41 22 b5 39 b7 d2 3f c4 4d a6 ae 88 2e ff b4
00000010: f4 c0 90 9c bd bc 63 56 14 62 e8 8f 90 1a e7 eb
(12) Composes MGM nonce
00000000: 00 00 00 03 03 a0 05 b7 b2 2d f9 90 bb 6c ff ca
(13) Extracts ICV from message
00000000: 23 7b a2 fc d5 1c 6f 2c c0 1e 21 e4
(14) Extracts AAD from message
00000000: 43 87 64 8d 6c 9e 28 ff 82 d9 fa f8 74 49 b9 36
00000010: 2e 20 25 08 00 00 00 03 00 00 00 3d 2a 00 00 21
(15) Extracts ciphertext from message
00000000: 3e 17 6f 6c 23 48 06 e9 fd
(16) Decrypts ciphertext and verifies ICV using K3i as K_msg,
resulted in plaintext
00000000: 00 00 00 08 01 00 00 00 00
(17) Parses received message
Informational
4387648D6C9E28FF.82D9FAF87449B936.00000003 IKEv2 I->R[61]
E[33]{
D[8](IKE)}
(18) Creates message
Smyslov Expires 9 June 2023 [Page 54]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
Informational
4387648D6C9E28FF.82D9FAF87449B936.00000003 IKEv2 I<=R[53]
E[25]{}
(19) Uses previously computed key K3r
00000000: c1 ca 4f dd 2d 02 55 a4 11 9a 10 08 43 2d 61 ea
00000010: 52 68 83 c5 ec 92 53 24 01 b0 a2 0b d2 8f 72 78
(20) Composes MGM nonce
00000000: 00 00 00 03 84 57 87 2b 38 70 63 27 8c dd 88 78
(21) Composes AAD
00000000: 43 87 64 8d 6c 9e 28 ff 82 d9 fa f8 74 49 b9 36
00000010: 2e 20 25 20 00 00 00 03 00 00 00 35 00 00 00 19
(22) Composes plaintext
00000000: 00
(23) Encrypts plaintext using K3r as K_msg, resulted in ciphertext
00000000: f1
(24) Computes ICV using K3r as K_msg
00000000: 38 3b 47 ed 04 4d af 44 b8 59 9a ce
(25) Composes IV
00000000: 00 00 00 00 00 00 00 03
(26) Sends message, peer receives message
10.111.10.171:54294<-10.111.15.45:500 [53]
00000000: 43 87 64 8d 6c 9e 28 ff 82 d9 fa f8 74 49 b9 36
00000010: 2e 20 25 20 00 00 00 03 00 00 00 35 00 00 00 19
00000020: 00 00 00 00 00 00 00 03 f1 38 3b 47 ed 04 4d af
00000030: 44 b8 59 9a ce
Initiator's actions:
(27) Extracts IV from message
00000000: 00 00 00 00 00 00 00 03
Smyslov Expires 9 June 2023 [Page 55]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
(28) Uses previously computed key K3r
00000000: c1 ca 4f dd 2d 02 55 a4 11 9a 10 08 43 2d 61 ea
00000010: 52 68 83 c5 ec 92 53 24 01 b0 a2 0b d2 8f 72 78
(29) Composes MGM nonce
00000000: 00 00 00 03 84 57 87 2b 38 70 63 27 8c dd 88 78
(30) Extracts ICV from message
00000000: 38 3b 47 ed 04 4d af 44 b8 59 9a ce
(31) Extracts AAD from message
00000000: 43 87 64 8d 6c 9e 28 ff 82 d9 fa f8 74 49 b9 36
00000010: 2e 20 25 20 00 00 00 03 00 00 00 35 00 00 00 19
(32) Extracts ciphertext from message
00000000: f1
(33) Decrypts ciphertext and verifies ICV using K3r as K_msg,
resulted in plaintext
00000000: 00
(34) Parses received message
Informational
4387648D6C9E28FF.82D9FAF87449B936.00000003 IKEv2 R=>I[53]
E[25]{}
A.2. Scenario 2
With this scenario peers establish, rekey and delete IKE SA and ESP
SAs using the following prerequisites:
* Peers authenticate each other using digital signatures
* Initiator's ID is "CN=IKE Interop Test Client, O=ELVIS-PLUS, C=RU"
of type ID_DER_ASN1_DN:
00000010: 30 44 31 20 30 1e 06 03 55 04 03 13 17 49 4b 45
00000020: 20 49 6e 74 65 72 6f 70 20 54 65 73 74 20 43 6c
00000030: 69 65 6e 74 31 13 30 11 06 03 55 04 0a 13 0a 45
00000040: 4c 56 49 53 2d 50 4c 55 53 31 0b 30 09 06 03 55
00000050: 04 06 13 02 52 55
Smyslov Expires 9 June 2023 [Page 56]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
* Responder's ID is "CN=IKE Interop Test Server, O=ELVIS-PLUS, C=RU"
of type ID_DER_ASN1_DN:
00000010: 30 44 31 20 30 1e 06 03 55 04 03 13 17 49 4b 45
00000020: 20 49 6e 74 65 72 6f 70 20 54 65 73 74 20 53 65
00000030: 72 76 65 72 31 13 30 11 06 03 55 04 0a 13 0a 45
00000040: 4c 56 49 53 2d 50 4c 55 53 31 0b 30 09 06 03 55
00000050: 04 06 13 02 52 55
* No NAT is present between the peers, but using UDP encapsulation
is forced by the initiator by setting NAT_DETECTION_SOURCE_IP
notify to all zeroes
* IKE fragmentation is used in the IKE_AUTH exchange
* IKE SA is created with the following transforms:
- ENCR_MAGMA_MGM_KTREE
- PRF_HMAC_STREEBOG_512
- GOST3410_2012_256
* ESP SAs are created with the following transforms:
- ENCR_MAGMA_MGM_KTREE
- ESN off
The certificates for this scenatio were obtained from the public
testing CA service https://testgost2012.cryptopro.ru/certsrv/
The initiator's certificate private key (little endian):
0000000000: 76 e9 dd b3 f3 a2 08 a2 4e a5 81 9c ae 41 da b4
0000000010: 77 3c 1d d5 dc eb af e6 58 b1 47 d2 d8 29 ce 71
0000000020: 18 a9 85 5d 28 5b 3c e3 23 bd 80 ac 2f 00 cc b6
0000000030: 61 4c 42 a1 65 61 02 cf 33 eb 1f 5f 02 ce 8a b9
The initiator's certificate:
0000000000: 30 82 04 f7 30 82 04 a4 a0 03 02 01 02 02 13 7c
0000000010: 00 03 da a8 9e 1e ff 9e 79 05 fb bb 00 01 00 03
0000000020: da a8 30 0a 06 08 2a 85 03 07 01 01 03 02 30 82
0000000030: 01 0a 31 18 30 16 06 05 2a 85 03 64 01 12 0d 31
0000000040: 32 33 34 35 36 37 38 39 30 31 32 33 31 1a 30 18
0000000050: 06 08 2a 85 03 03 81 03 01 01 12 0c 30 30 31 32
0000000060: 33 34 35 36 37 38 39 30 31 2f 30 2d 06 03 55 04
Smyslov Expires 9 June 2023 [Page 57]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
0000000070: 09 0c 26 d1 83 d0 bb 2e 20 d0 a1 d1 83 d1 89 d1
0000000080: 91 d0 b2 d1 81 d0 ba d0 b8 d0 b9 20 d0 b2 d0 b0
0000000090: d0 bb 20 d0 b4 2e 20 31 38 31 0b 30 09 06 03 55
00000000A0: 04 06 13 02 52 55 31 19 30 17 06 03 55 04 08 0c
00000000B0: 10 d0 b3 2e 20 d0 9c d0 be d1 81 d0 ba d0 b2 d0
00000000C0: b0 31 15 30 13 06 03 55 04 07 0c 0c d0 9c d0 be
00000000D0: d1 81 d0 ba d0 b2 d0 b0 31 25 30 23 06 03 55 04
00000000E0: 0a 0c 1c d0 9e d0 9e d0 9e 20 22 d0 9a d0 a0 d0
00000000F0: 98 d0 9f d0 a2 d0 9e 2d d0 9f d0 a0 d0 9e 22 31
0000000100: 3b 30 39 06 03 55 04 03 0c 32 d0 a2 d0 b5 d1 81
0000000110: d1 82 d0 be d0 b2 d1 8b d0 b9 20 d0 a3 d0 a6 20
0000000120: d0 9e d0 9e d0 9e 20 22 d0 9a d0 a0 d0 98 d0 9f
0000000130: d0 a2 d0 9e 2d d0 9f d0 a0 d0 9e 22 30 1e 17 0d
0000000140: 32 31 31 30 30 31 30 36 31 30 31 30 5a 17 0d 32
0000000150: 32 30 31 30 31 30 36 32 30 31 30 5a 30 44 31 20
0000000160: 30 1e 06 03 55 04 03 13 17 49 4b 45 20 49 6e 74
0000000170: 65 72 6f 70 20 54 65 73 74 20 43 6c 69 65 6e 74
0000000180: 31 13 30 11 06 03 55 04 0a 13 0a 45 4c 56 49 53
0000000190: 2d 50 4c 55 53 31 0b 30 09 06 03 55 04 06 13 02
00000001A0: 52 55 30 81 aa 30 21 06 08 2a 85 03 07 01 01 01
00000001B0: 02 30 15 06 09 2a 85 03 07 01 02 01 02 01 06 08
00000001C0: 2a 85 03 07 01 01 02 03 03 81 84 00 04 81 80 ee
00000001D0: 2f 0a 0e 09 1e 7e 04 ef ba 5b 62 a2 52 86 e1 9c
00000001E0: 24 50 30 50 b0 b4 8a 37 35 b5 fc af 28 94 ec b5
00000001F0: 9b 92 41 5b 69 e2 c9 ba 24 de 6a 72 c4 ef 44 bb
0000000200: 89 a1 05 14 1b 87 3d 6a a3 72 3e 17 ca 7f 39 28
0000000210: ce 16 8b dd 07 52 87 6a 0d 77 42 6d 99 2b 46 2c
0000000220: fd 4b b2 7c d7 c7 17 08 12 54 63 47 9d 14 3d 61
0000000230: ed f2 95 ab 11 80 69 02 a7 66 60 50 7e a4 53 6d
0000000240: ad 01 49 b2 16 8a 95 1d cf 1a 57 93 56 14 5e a3
0000000250: 82 02 59 30 82 02 55 30 0e 06 03 55 1d 0f 01 01
0000000260: ff 04 04 03 02 05 a0 30 13 06 03 55 1d 25 04 0c
0000000270: 30 0a 06 08 2b 06 01 05 05 07 03 11 30 1d 06 03
0000000280: 55 1d 0e 04 16 04 14 40 81 b1 d1 18 75 f0 da 6b
0000000290: 3c 50 5f cd 73 1d d9 77 f2 d7 c1 30 1f 06 03 55
00000002A0: 1d 23 04 18 30 16 80 14 9b 85 5e fb 81 dc 4d 59
00000002B0: 07 51 63 cf be df da 2c 7f c9 44 3c 30 82 01 0f
00000002C0: 06 03 55 1d 1f 04 82 01 06 30 82 01 02 30 81 ff
00000002D0: a0 81 fc a0 81 f9 86 81 b5 68 74 74 70 3a 2f 2f
00000002E0: 74 65 73 74 67 6f 73 74 32 30 31 32 2e 63 72 79
00000002F0: 70 74 6f 70 72 6f 2e 72 75 2f 43 65 72 74 45 6e
0000000300: 72 6f 6c 6c 2f 21 30 34 32 32 21 30 34 33 35 21
0000000310: 30 34 34 31 21 30 34 34 32 21 30 34 33 65 21 30
0000000320: 34 33 32 21 30 34 34 62 21 30 34 33 39 25 32 30
0000000330: 21 30 34 32 33 21 30 34 32 36 25 32 30 21 30 34
0000000340: 31 65 21 30 34 31 65 21 30 34 31 65 25 32 30 21
0000000350: 30 30 32 32 21 30 34 31 61 21 30 34 32 30 21 30
0000000360: 34 31 38 21 30 34 31 66 21 30 34 32 32 21 30 34
Smyslov Expires 9 June 2023 [Page 58]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
0000000370: 31 65 2d 21 30 34 31 66 21 30 34 32 30 21 30 34
0000000380: 31 65 21 30 30 32 32 28 31 29 2e 63 72 6c 86 3f
0000000390: 68 74 74 70 3a 2f 2f 74 65 73 74 67 6f 73 74 32
00000003A0: 30 31 32 2e 63 72 79 70 74 6f 70 72 6f 2e 72 75
00000003B0: 2f 43 65 72 74 45 6e 72 6f 6c 6c 2f 74 65 73 74
00000003C0: 67 6f 73 74 32 30 31 32 28 31 29 2e 63 72 6c 30
00000003D0: 81 da 06 08 2b 06 01 05 05 07 01 01 04 81 cd 30
00000003E0: 81 ca 30 44 06 08 2b 06 01 05 05 07 30 02 86 38
00000003F0: 68 74 74 70 3a 2f 2f 74 65 73 74 67 6f 73 74 32
0000000400: 30 31 32 2e 63 72 79 70 74 6f 70 72 6f 2e 72 75
0000000410: 2f 43 65 72 74 45 6e 72 6f 6c 6c 2f 72 6f 6f 74
0000000420: 32 30 31 38 2e 63 72 74 30 3f 06 08 2b 06 01 05
0000000430: 05 07 30 01 86 33 68 74 74 70 3a 2f 2f 74 65 73
0000000440: 74 67 6f 73 74 32 30 31 32 2e 63 72 79 70 74 6f
0000000450: 70 72 6f 2e 72 75 2f 6f 63 73 70 32 30 31 32 67
0000000460: 2f 6f 63 73 70 2e 73 72 66 30 41 06 08 2b 06 01
0000000470: 05 05 07 30 01 86 35 68 74 74 70 3a 2f 2f 74 65
0000000480: 73 74 67 6f 73 74 32 30 31 32 2e 63 72 79 70 74
0000000490: 6f 70 72 6f 2e 72 75 2f 6f 63 73 70 32 30 31 32
00000004A0: 67 73 74 2f 6f 63 73 70 2e 73 72 66 30 0a 06 08
00000004B0: 2a 85 03 07 01 01 03 02 03 41 00 21 ee 3b e1 fd
00000004C0: 0f 36 90 92 c4 a2 35 26 e8 dc 4e b8 ef 89 40 70
00000004D0: d2 91 39 bc 79 a6 e2 f7 c1 06 bd d5 d6 ff 72 a5
00000004E0: 6c f2 c0 c3 75 e9 ca 67 81 c1 93 96 b4 bd 18 12
00000004F0: 4c 37 f7 d9 73 d6 4c 8a a6 c4 0a
0 1271: SEQUENCE {
4 1188: SEQUENCE {
8 3: [0] {
10 1: INTEGER 2
: }
13 19: INTEGER
: 7c 00 03 da a8 9e 1e ff 9e 79 05 fb bb 00 01 00
: 03 da a8
34 10: SEQUENCE {
36 8: OBJECT IDENTIFIER
: gost2012Signature256 (1 2 643 7 1 1 3 2)
: }
46 266: SEQUENCE {
50 24: SET {
52 22: SEQUENCE {
54 5: OBJECT IDENTIFIER '1 2 643 100 1'
61 13: NumericString '1234567890123'
: }
: }
76 26: SET {
78 24: SEQUENCE {
80 8: OBJECT IDENTIFIER '1 2 643 3 131 1 1'
Smyslov Expires 9 June 2023 [Page 59]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
90 12: NumericString '001234567890'
: }
: }
104 47: SET {
106 45: SEQUENCE {
108 3: OBJECT IDENTIFIER
: streetAddress (2 5 4 9)
113 38: UTF8String 'ул. Сущёвский вал д. 18'
: }
: }
153 11: SET {
155 9: SEQUENCE {
157 3: OBJECT IDENTIFIER
: countryName (2 5 4 6)
162 2: PrintableString 'RU'
: }
: }
166 25: SET {
168 23: SEQUENCE {
170 3: OBJECT IDENTIFIER
: stateOrProvinceName (2 5 4 8)
175 16: UTF8String 'г. Москва'
: }
: }
193 21: SET {
195 19: SEQUENCE {
197 3: OBJECT IDENTIFIER
: localityName (2 5 4 7)
202 12: UTF8String 'Москва'
: }
: }
216 37: SET {
218 35: SEQUENCE {
220 3: OBJECT IDENTIFIER
: organizationName (2 5 4 10)
225 28: UTF8String 'ООО "КРИПТО-ПРО"'
: }
: }
255 59: SET {
257 57: SEQUENCE {
259 3: OBJECT IDENTIFIER
: commonName (2 5 4 3)
264 50: UTF8String
: 'Тестовый УЦ ООО "КРИПТО-ПРО"'
: }
: }
: }
316 30: SEQUENCE {
Smyslov Expires 9 June 2023 [Page 60]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
318 13: UTCTime 01/10/2021 06:10:10 GMT
333 13: UTCTime 01/01/2022 06:20:10 GMT
: }
348 68: SEQUENCE {
350 32: SET {
352 30: SEQUENCE {
354 3: OBJECT IDENTIFIER
: commonName (2 5 4 3)
359 23: PrintableString 'IKE Interop Test Client'
: }
: }
384 19: SET {
386 17: SEQUENCE {
388 3: OBJECT IDENTIFIER
: organizationName (2 5 4 10)
393 10: PrintableString 'ELVIS-PLUS'
: }
: }
405 11: SET {
407 9: SEQUENCE {
409 3: OBJECT IDENTIFIER
: countryName (2 5 4 6)
414 2: PrintableString 'RU'
: }
: }
: }
418 170: SEQUENCE {
421 33: SEQUENCE {
423 8: OBJECT IDENTIFIER
: gost2012PublicKey512 (1 2 643 7 1 1 1 2)
433 21: SEQUENCE {
435 9: OBJECT IDENTIFIER
: cryptoPro2012Sign512A (1 2 643 7 1 2 1 2 1)
446 8: OBJECT IDENTIFIER
: gost2012Digest512 (1 2 643 7 1 1 2 3)
: }
: }
456 132: BIT STRING, encapsulates {
460 128: OCTET STRING
: ee 2f 0a 0e 09 1e 7e 04 ef ba 5b 62 a2 52 86 e1
: 9c 24 50 30 50 b0 b4 8a 37 35 b5 fc af 28 94 ec
: b5 9b 92 41 5b 69 e2 c9 ba 24 de 6a 72 c4 ef 44
: bb 89 a1 05 14 1b 87 3d 6a a3 72 3e 17 ca 7f 39
: 28 ce 16 8b dd 07 52 87 6a 0d 77 42 6d 99 2b 46
: 2c fd 4b b2 7c d7 c7 17 08 12 54 63 47 9d 14 3d
: 61 ed f2 95 ab 11 80 69 02 a7 66 60 50 7e a4 53
: 6d ad 01 49 b2 16 8a 95 1d cf 1a 57 93 56 14 5e
: }
Smyslov Expires 9 June 2023 [Page 61]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
: }
591 601: [3] {
595 597: SEQUENCE {
599 14: SEQUENCE {
601 3: OBJECT IDENTIFIER
: keyUsage (2 5 29 15)
606 1: BOOLEAN TRUE
609 4: OCTET STRING, encapsulates {
611 2: BIT STRING 5 unused bits
: '101'B
: }
: }
615 19: SEQUENCE {
617 3: OBJECT IDENTIFIER
: extKeyUsage (2 5 29 37)
622 12: OCTET STRING, encapsulates {
624 10: SEQUENCE {
626 8: OBJECT IDENTIFIER
: ipsecIKE (1 3 6 1 5 5 7 3 17)
: }
: }
: }
636 29: SEQUENCE {
638 3: OBJECT IDENTIFIER
: subjectKeyIdentifier (2 5 29 14)
643 22: OCTET STRING, encapsulates {
645 20: OCTET STRING
: 40 81 b1 d1 18 75 f0 da 6b 3c 50 5f cd 73 1d d9
: 77 f2 d7 c1
: }
: }
667 31: SEQUENCE {
669 3: OBJECT IDENTIFIER
: authorityKeyIdentifier (2 5 29 35)
674 24: OCTET STRING, encapsulates {
676 22: SEQUENCE {
678 20: [0]
: 9b 85 5e fb 81 dc 4d 59 07 51 63 cf be df da 2c
: 7f c9 44 3c
: }
: }
: }
700 271: SEQUENCE {
704 3: OBJECT IDENTIFIER
: cRLDistributionPoints (2 5 29 31)
709 262: OCTET STRING, encapsulates {
713 258: SEQUENCE {
717 255: SEQUENCE {
Smyslov Expires 9 June 2023 [Page 62]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
720 252: [0] {
723 249: [0] {
726 181: [6]
: 'http://testgost2012.cryptopro.ru/CertEnroll/!042'
: '2!0435!0441!0442!043e!0432!044b!0439%20!0423!042'
: '6%20!041e!041e!041e%20!0022!041a!0420!0418!041f!'
: '0422!041e-!041f!0420!041e!0022(1).crl'
910 63: [6]
: 'http://testgost2012.cryptopro.ru/CertEnroll/test'
: 'gost2012(1).crl'
: }
: }
: }
: }
: }
: }
975 218: SEQUENCE {
978 8: OBJECT IDENTIFIER
: authorityInfoAccess (1 3 6 1 5 5 7 1 1)
988 205: OCTET STRING, encapsulates {
991 202: SEQUENCE {
994 68: SEQUENCE {
996 8: OBJECT IDENTIFIER
: caIssuers (1 3 6 1 5 5 7 48 2)
1006 56: [6]
: 'http://testgost2012.cryptopro.ru/CertEnroll/root'
: '2018.crt'
: }
1064 63: SEQUENCE {
1066 8: OBJECT IDENTIFIER
: ocsp (1 3 6 1 5 5 7 48 1)
1076 51: [6]
: 'http://testgost2012.cryptopro.ru/ocsp2012g/ocsp.'
: 'srf'
: }
1129 65: SEQUENCE {
1131 8: OBJECT IDENTIFIER
: ocsp (1 3 6 1 5 5 7 48 1)
1141 53: [6]
: 'http://testgost2012.cryptopro.ru/ocsp2012gst/ocs'
: 'p.srf'
: }
: }
: }
: }
: }
: }
: }
Smyslov Expires 9 June 2023 [Page 63]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
1196 10: SEQUENCE {
1198 8: OBJECT IDENTIFIER
: gost2012Signature256 (1 2 643 7 1 1 3 2)
: }
1208 65: BIT STRING
: 21 ee 3b e1 fd 0f 36 90 92 c4 a2 35 26 e8 dc 4e
: b8 ef 89 40 70 d2 91 39 bc 79 a6 e2 f7 c1 06 bd
: d5 d6 ff 72 a5 6c f2 c0 c3 75 e9 ca 67 81 c1 93
: 96 b4 bd 18 12 4c 37 f7 d9 73 d6 4c 8a a6 c4 0a
: }
The responder's certificate private key (little endian):
0000000000: cb 73 0c 81 6f ac 6d 81 9f 82 ae 15 a9 08 12 17
0000000010: d3 1b 97 64 b7 1c 34 0d d3 dd 90 1f 15 8c 9b 06
The responder's certificate:
0000000000: 30 82 04 b2 30 82 04 5f a0 03 02 01 02 02 13 7c
0000000010: 00 03 d9 02 ec f9 34 3e c8 aa d6 59 00 01 00 03
0000000020: d9 02 30 0a 06 08 2a 85 03 07 01 01 03 02 30 82
0000000030: 01 0a 31 18 30 16 06 05 2a 85 03 64 01 12 0d 31
0000000040: 32 33 34 35 36 37 38 39 30 31 32 33 31 1a 30 18
0000000050: 06 08 2a 85 03 03 81 03 01 01 12 0c 30 30 31 32
0000000060: 33 34 35 36 37 38 39 30 31 2f 30 2d 06 03 55 04
0000000070: 09 0c 26 d1 83 d0 bb 2e 20 d0 a1 d1 83 d1 89 d1
0000000080: 91 d0 b2 d1 81 d0 ba d0 b8 d0 b9 20 d0 b2 d0 b0
0000000090: d0 bb 20 d0 b4 2e 20 31 38 31 0b 30 09 06 03 55
00000000A0: 04 06 13 02 52 55 31 19 30 17 06 03 55 04 08 0c
00000000B0: 10 d0 b3 2e 20 d0 9c d0 be d1 81 d0 ba d0 b2 d0
00000000C0: b0 31 15 30 13 06 03 55 04 07 0c 0c d0 9c d0 be
00000000D0: d1 81 d0 ba d0 b2 d0 b0 31 25 30 23 06 03 55 04
00000000E0: 0a 0c 1c d0 9e d0 9e d0 9e 20 22 d0 9a d0 a0 d0
00000000F0: 98 d0 9f d0 a2 d0 9e 2d d0 9f d0 a0 d0 9e 22 31
0000000100: 3b 30 39 06 03 55 04 03 0c 32 d0 a2 d0 b5 d1 81
0000000110: d1 82 d0 be d0 b2 d1 8b d0 b9 20 d0 a3 d0 a6 20
0000000120: d0 9e d0 9e d0 9e 20 22 d0 9a d0 a0 d0 98 d0 9f
0000000130: d0 a2 d0 9e 2d d0 9f d0 a0 d0 9e 22 30 1e 17 0d
0000000140: 32 31 30 39 33 30 31 33 32 34 30 36 5a 17 0d 32
0000000150: 31 31 32 33 30 31 33 33 34 30 36 5a 30 44 31 20
0000000160: 30 1e 06 03 55 04 03 13 17 49 4b 45 20 49 6e 74
0000000170: 65 72 6f 70 20 54 65 73 74 20 53 65 72 76 65 72
0000000180: 31 13 30 11 06 03 55 04 0a 13 0a 45 4c 56 49 53
0000000190: 2d 50 4c 55 53 31 0b 30 09 06 03 55 04 06 13 02
00000001A0: 52 55 30 66 30 1f 06 08 2a 85 03 07 01 01 01 01
00000001B0: 30 13 06 07 2a 85 03 02 02 24 00 06 08 2a 85 03
00000001C0: 07 01 01 02 02 03 43 00 04 40 5b b3 14 3e f4 70
00000001D0: c1 70 d7 f3 27 25 d8 53 7c e6 de 6d 8c 29 f6 b2
Smyslov Expires 9 June 2023 [Page 64]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000001E0: 32 64 56 dc b1 77 f2 3d fa f4 2a 5c f3 74 86 7f
00000001F0: 04 72 51 c1 cf b3 43 36 f5 95 a2 af 05 47 57 1a
0000000200: 55 c0 78 a4 9d 64 26 b8 61 14 a3 82 02 59 30 82
0000000210: 02 55 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02
0000000220: 05 a0 30 13 06 03 55 1d 25 04 0c 30 0a 06 08 2b
0000000230: 06 01 05 05 07 03 11 30 1d 06 03 55 1d 0e 04 16
0000000240: 04 14 e0 d3 f0 09 ad ce 6c a5 47 ba 9b f7 a6 a5
0000000250: 1b 06 14 ba a5 43 30 1f 06 03 55 1d 23 04 18 30
0000000260: 16 80 14 9b 85 5e fb 81 dc 4d 59 07 51 63 cf be
0000000270: df da 2c 7f c9 44 3c 30 82 01 0f 06 03 55 1d 1f
0000000280: 04 82 01 06 30 82 01 02 30 81 ff a0 81 fc a0 81
0000000290: f9 86 81 b5 68 74 74 70 3a 2f 2f 74 65 73 74 67
00000002A0: 6f 73 74 32 30 31 32 2e 63 72 79 70 74 6f 70 72
00000002B0: 6f 2e 72 75 2f 43 65 72 74 45 6e 72 6f 6c 6c 2f
00000002C0: 21 30 34 32 32 21 30 34 33 35 21 30 34 34 31 21
00000002D0: 30 34 34 32 21 30 34 33 65 21 30 34 33 32 21 30
00000002E0: 34 34 62 21 30 34 33 39 25 32 30 21 30 34 32 33
00000002F0: 21 30 34 32 36 25 32 30 21 30 34 31 65 21 30 34
0000000300: 31 65 21 30 34 31 65 25 32 30 21 30 30 32 32 21
0000000310: 30 34 31 61 21 30 34 32 30 21 30 34 31 38 21 30
0000000320: 34 31 66 21 30 34 32 32 21 30 34 31 65 2d 21 30
0000000330: 34 31 66 21 30 34 32 30 21 30 34 31 65 21 30 30
0000000340: 32 32 28 31 29 2e 63 72 6c 86 3f 68 74 74 70 3a
0000000350: 2f 2f 74 65 73 74 67 6f 73 74 32 30 31 32 2e 63
0000000360: 72 79 70 74 6f 70 72 6f 2e 72 75 2f 43 65 72 74
0000000370: 45 6e 72 6f 6c 6c 2f 74 65 73 74 67 6f 73 74 32
0000000380: 30 31 32 28 31 29 2e 63 72 6c 30 81 da 06 08 2b
0000000390: 06 01 05 05 07 01 01 04 81 cd 30 81 ca 30 44 06
00000003A0: 08 2b 06 01 05 05 07 30 02 86 38 68 74 74 70 3a
00000003B0: 2f 2f 74 65 73 74 67 6f 73 74 32 30 31 32 2e 63
00000003C0: 72 79 70 74 6f 70 72 6f 2e 72 75 2f 43 65 72 74
00000003D0: 45 6e 72 6f 6c 6c 2f 72 6f 6f 74 32 30 31 38 2e
00000003E0: 63 72 74 30 3f 06 08 2b 06 01 05 05 07 30 01 86
00000003F0: 33 68 74 74 70 3a 2f 2f 74 65 73 74 67 6f 73 74
0000000400: 32 30 31 32 2e 63 72 79 70 74 6f 70 72 6f 2e 72
0000000410: 75 2f 6f 63 73 70 32 30 31 32 67 2f 6f 63 73 70
0000000420: 2e 73 72 66 30 41 06 08 2b 06 01 05 05 07 30 01
0000000430: 86 35 68 74 74 70 3a 2f 2f 74 65 73 74 67 6f 73
0000000440: 74 32 30 31 32 2e 63 72 79 70 74 6f 70 72 6f 2e
0000000450: 72 75 2f 6f 63 73 70 32 30 31 32 67 73 74 2f 6f
0000000460: 63 73 70 2e 73 72 66 30 0a 06 08 2a 85 03 07 01
0000000470: 01 03 02 03 41 00 a5 39 5f ca 48 e1 c2 93 c1 e0
0000000480: 8a 64 74 0f 6b 86 a2 15 9b 46 29 d0 42 71 4f ce
0000000490: e7 52 d7 d7 3d aa 47 ce cf 52 63 8f 26 b2 17 5f
00000004A0: ad 96 57 76 ea 5f d0 87 bb 12 29 e4 06 0e e1 5f
00000004B0: fd 59 81 fb 34 6d
Smyslov Expires 9 June 2023 [Page 65]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
0 1202: SEQUENCE {
4 1119: SEQUENCE {
8 3: [0] {
10 1: INTEGER 2
: }
13 19: INTEGER
: 7c 00 03 d9 02 ec f9 34 3e c8 aa d6 59 00 01 00
: 03 d9 02
34 10: SEQUENCE {
36 8: OBJECT IDENTIFIER
: gost2012Signature256 (1 2 643 7 1 1 3 2)
: }
46 266: SEQUENCE {
50 24: SET {
52 22: SEQUENCE {
54 5: OBJECT IDENTIFIER '1 2 643 100 1'
61 13: NumericString '1234567890123'
: }
: }
76 26: SET {
78 24: SEQUENCE {
80 8: OBJECT IDENTIFIER '1 2 643 3 131 1 1'
90 12: NumericString '001234567890'
: }
: }
104 47: SET {
106 45: SEQUENCE {
108 3: OBJECT IDENTIFIER
: streetAddress (2 5 4 9)
113 38: UTF8String 'ул. Сущёвский вал д. 18'
: }
: }
153 11: SET {
155 9: SEQUENCE {
157 3: OBJECT IDENTIFIER
: countryName (2 5 4 6)
162 2: PrintableString 'RU'
: }
: }
166 25: SET {
168 23: SEQUENCE {
170 3: OBJECT IDENTIFIER
: stateOrProvinceName (2 5 4 8)
175 16: UTF8String 'г. Москва'
: }
: }
193 21: SET {
195 19: SEQUENCE {
Smyslov Expires 9 June 2023 [Page 66]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
197 3: OBJECT IDENTIFIER
: localityName (2 5 4 7)
202 12: UTF8String 'Москва'
: }
: }
216 37: SET {
218 35: SEQUENCE {
220 3: OBJECT IDENTIFIER
: organizationName (2 5 4 10)
225 28: UTF8String 'ООО "КРИПТО-ПРО"'
: }
: }
255 59: SET {
257 57: SEQUENCE {
259 3: OBJECT IDENTIFIER
: commonName (2 5 4 3)
264 50: UTF8String
: 'Тестовый УЦ ООО "КРИПТО-ПРО"'
: }
: }
: }
316 30: SEQUENCE {
318 13: UTCTime 30/09/2021 13:24:06 GMT
333 13: UTCTime 30/12/2021 13:34:06 GMT
: }
348 68: SEQUENCE {
350 32: SET {
352 30: SEQUENCE {
354 3: OBJECT IDENTIFIER
: commonName (2 5 4 3)
359 23: PrintableString 'IKE Interop Test Server'
: }
: }
384 19: SET {
386 17: SEQUENCE {
388 3: OBJECT IDENTIFIER
: organizationName (2 5 4 10)
393 10: PrintableString 'ELVIS-PLUS'
: }
: }
405 11: SET {
407 9: SEQUENCE {
409 3: OBJECT IDENTIFIER
: countryName (2 5 4 6)
414 2: PrintableString 'RU'
: }
: }
: }
Smyslov Expires 9 June 2023 [Page 67]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
418 102: SEQUENCE {
420 31: SEQUENCE {
422 8: OBJECT IDENTIFIER
: gost2012PublicKey256 (1 2 643 7 1 1 1 1)
432 19: SEQUENCE {
434 7: OBJECT IDENTIFIER
: cryptoProSignXA (1 2 643 2 2 36 0)
443 8: OBJECT IDENTIFIER
: gost2012Digest256 (1 2 643 7 1 1 2 2)
: }
: }
453 67: BIT STRING, encapsulates {
456 64: OCTET STRING
: 5b b3 14 3e f4 70 c1 70 d7 f3 27 25 d8 53 7c e6
: de 6d 8c 29 f6 b2 32 64 56 dc b1 77 f2 3d fa f4
: 2a 5c f3 74 86 7f 04 72 51 c1 cf b3 43 36 f5 95
: a2 af 05 47 57 1a 55 c0 78 a4 9d 64 26 b8 61 14
: }
: }
522 601: [3] {
526 597: SEQUENCE {
530 14: SEQUENCE {
532 3: OBJECT IDENTIFIER
: keyUsage (2 5 29 15)
537 1: BOOLEAN TRUE
540 4: OCTET STRING, encapsulates {
542 2: BIT STRING 5 unused bits
: '101'B
: }
: }
546 19: SEQUENCE {
548 3: OBJECT IDENTIFIER
: extKeyUsage (2 5 29 37)
553 12: OCTET STRING, encapsulates {
555 10: SEQUENCE {
557 8: OBJECT IDENTIFIER
: ipsecIKE (1 3 6 1 5 5 7 3 17)
: }
: }
: }
567 29: SEQUENCE {
569 3: OBJECT IDENTIFIER
: subjectKeyIdentifier (2 5 29 14)
574 22: OCTET STRING, encapsulates {
576 20: OCTET STRING
: e0 d3 f0 09 ad ce 6c a5 47 ba 9b f7 a6 a5 1b 06
: 14 ba a5 43
: }
Smyslov Expires 9 June 2023 [Page 68]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
: }
598 31: SEQUENCE {
600 3: OBJECT IDENTIFIER
: authorityKeyIdentifier (2 5 29 35)
605 24: OCTET STRING, encapsulates {
607 22: SEQUENCE {
609 20: [0]
: 9b 85 5e fb 81 dc 4d 59 07 51 63 cf be df dA 2C
: 7f C9 44 3c
: }
: }
: }
631 271: SEQUENCE {
635 3: OBJECT IDENTIFIER
: cRLDistributionPoints (2 5 29 31)
640 262: OCTET STRING, encapsulates {
644 258: SEQUENCE {
648 255: SEQUENCE {
651 252: [0] {
654 249: [0] {
657 181: [6]
: 'http://testgost2012.cryptopro.ru/CertEnroll/!042'
: '2!0435!0441!0442!043e!0432!044b!0439%20!0423!042'
: '6%20!041e!041e!041e%20!0022!041a!0420!0418!041f!'
: '0422!041e-!041f!0420!041e!0022(1).crl'
841 63: [6]
: 'http://testgost2012.cryptopro.ru/CertEnroll/test'
: 'gost2012(1).crl'
: }
: }
: }
: }
: }
: }
906 218: SEQUENCE {
909 8: OBJECT IDENTIFIER
: authorityInfoAccess (1 3 6 1 5 5 7 1 1)
919 205: OCTET STRING, encapsulates {
922 202: SEQUENCE {
925 68: SEQUENCE {
927 8: OBJECT IDENTIFIER
: caIssuers (1 3 6 1 5 5 7 48 2)
937 56: [6]
: 'http://testgost2012.cryptopro.ru/CertEnroll/root'
: '2018.crt'
: }
995 63: SEQUENCE {
997 8: OBJECT IDENTIFIER
Smyslov Expires 9 June 2023 [Page 69]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
: ocsp (1 3 6 1 5 5 7 48 1)
1007 51: [6]
: 'http://testgost2012.cryptopro.ru/ocsp2012g/ocsp.'
: 'srf'
: }
1060 65: SEQUENCE {
1062 8: OBJECT IDENTIFIER
: ocsp (1 3 6 1 5 5 7 48 1)
1072 53: [6]
: 'http://testgost2012.cryptopro.ru/ocsp2012gst/ocs'
: 'p.srf'
: }
: }
: }
: }
: }
: }
: }
1127 10: SEQUENCE {
1129 8: OBJECT IDENTIFIER
: gost2012Signature256 (1 2 643 7 1 1 3 2)
: }
1139 65: BIT STRING
: a5 39 5f ca 48 e1 c2 93 c1 e0 8a 64 74 0f 6b 86
: a2 15 9b 46 29 d0 42 71 4f ce e7 52 d7 d7 3d aa
: 47 ce cf 52 63 8f 26 b2 17 5f ad 96 57 76 ea 5f
: d0 87 bb 12 29 e4 06 0e e1 5f fd 59 81 fb 34 6d
: }
CA certificate:
0000000000: 30 82 05 1c 30 82 04 c9 a0 03 02 01 02 02 10 3b
0000000010: 20 8a e5 fd 46 68 86 49 a0 50 fa af a8 83 93 30
0000000020: 0a 06 08 2a 85 03 07 01 01 03 02 30 82 01 0a 31
0000000030: 18 30 16 06 05 2a 85 03 64 01 12 0d 31 32 33 34
0000000040: 35 36 37 38 39 30 31 32 33 31 1a 30 18 06 08 2a
0000000050: 85 03 03 81 03 01 01 12 0c 30 30 31 32 33 34 35
0000000060: 36 37 38 39 30 31 2f 30 2d 06 03 55 04 09 0c 26
0000000070: d1 83 d0 bb 2e 20 d0 a1 d1 83 d1 89 d1 91 d0 b2
0000000080: d1 81 d0 ba d0 b8 d0 b9 20 d0 b2 d0 b0 d0 bb 20
0000000090: d0 b4 2e 20 31 38 31 0b 30 09 06 03 55 04 06 13
00000000A0: 02 52 55 31 19 30 17 06 03 55 04 08 0c 10 d0 b3
00000000B0: 2e 20 d0 9c d0 be d1 81 d0 ba d0 b2 d0 b0 31 15
00000000C0: 30 13 06 03 55 04 07 0c 0c d0 9c d0 be d1 81 d0
00000000D0: ba d0 b2 d0 b0 31 25 30 23 06 03 55 04 0a 0c 1c
00000000E0: d0 9e d0 9e d0 9e 20 22 d0 9a d0 a0 d0 98 d0 9f
00000000F0: d0 a2 d0 9e 2d d0 9f d0 a0 d0 9e 22 31 3b 30 39
0000000100: 06 03 55 04 03 0c 32 d0 a2 d0 b5 d1 81 d1 82 d0
Smyslov Expires 9 June 2023 [Page 70]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
0000000110: be d0 b2 d1 8b d0 b9 20 d0 a3 d0 a6 20 d0 9e d0
0000000120: 9e d0 9e 20 22 d0 9a d0 a0 d0 98 d0 9f d0 a2 d0
0000000130: 9e 2d d0 9f d0 a0 d0 9e 22 30 1e 17 0d 31 38 30
0000000140: 39 31 32 31 30 31 39 33 30 5a 17 0d 32 33 30 39
0000000150: 31 32 31 30 32 38 35 35 5a 30 82 01 0a 31 18 30
0000000160: 16 06 05 2a 85 03 64 01 12 0d 31 32 33 34 35 36
0000000170: 37 38 39 30 31 32 33 31 1a 30 18 06 08 2a 85 03
0000000180: 03 81 03 01 01 12 0c 30 30 31 32 33 34 35 36 37
0000000190: 38 39 30 31 2f 30 2d 06 03 55 04 09 0c 26 d1 83
00000001A0: d0 bb 2e 20 d0 a1 d1 83 d1 89 d1 91 d0 b2 d1 81
00000001B0: d0 ba d0 b8 d0 b9 20 d0 b2 d0 b0 d0 bb 20 d0 b4
00000001C0: 2e 20 31 38 31 0b 30 09 06 03 55 04 06 13 02 52
00000001D0: 55 31 19 30 17 06 03 55 04 08 0c 10 d0 b3 2e 20
00000001E0: d0 9c d0 be d1 81 d0 ba d0 b2 d0 b0 31 15 30 13
00000001F0: 06 03 55 04 07 0c 0c d0 9c d0 be d1 81 d0 ba d0
0000000200: b2 d0 b0 31 25 30 23 06 03 55 04 0a 0c 1c d0 9e
0000000210: d0 9e d0 9e 20 22 d0 9a d0 a0 d0 98 d0 9f d0 a2
0000000220: d0 9e 2d d0 9f d0 a0 d0 9e 22 31 3b 30 39 06 03
0000000230: 55 04 03 0c 32 d0 a2 d0 b5 d1 81 d1 82 d0 be d0
0000000240: b2 d1 8b d0 b9 20 d0 a3 d0 a6 20 d0 9e d0 9e d0
0000000250: 9e 20 22 d0 9a d0 a0 d0 98 d0 9f d0 a2 d0 9e 2d
0000000260: d0 9f d0 a0 d0 9e 22 30 66 30 1f 06 08 2a 85 03
0000000270: 07 01 01 01 01 30 13 06 07 2a 85 03 02 02 23 01
0000000280: 06 08 2a 85 03 07 01 01 02 02 03 43 00 04 40 98
0000000290: 1f fd a9 50 cd 21 86 30 f4 59 06 72 a9 d6 3d 6b
00000002A0: c0 33 82 06 46 37 e3 dc 21 4a b1 f8 9f b7 56 ec
00000002B0: a5 2d b5 81 87 b6 9d c2 2e df fd 09 33 53 9c 18
00000002C0: 32 ac d7 42 2e 09 a5 f4 36 a3 a5 c1 d2 22 f0 a3
00000002D0: 82 01 fe 30 82 01 fa 30 36 06 05 2a 85 03 64 6f
00000002E0: 04 2d 0c 2b 22 d0 9a d1 80 d0 b8 d0 bf d1 82 d0
00000002F0: be d0 9f d1 80 d0 be 20 43 53 50 22 20 28 d0 b2
0000000300: d0 b5 d1 80 d1 81 d0 b8 d1 8f 20 34 2e 30 29 30
0000000310: 82 01 21 06 05 2a 85 03 64 70 04 82 01 16 30 82
0000000320: 01 12 0c 2b 22 d0 9a d1 80 d0 b8 d0 bf d1 82 d0
0000000330: be d0 9f d1 80 d0 be 20 43 53 50 22 20 28 d0 b2
0000000340: d0 b5 d1 80 d1 81 d0 b8 d1 8f 20 34 2e 30 29 0c
0000000350: 41 d0 a3 d0 b4 d0 be d1 81 d1 82 d0 be d0 b2 d0
0000000360: b5 d1 80 d1 8f d1 8e d1 89 d0 b8 d0 b9 20 d1 86
0000000370: d0 b5 d0 bd d1 82 d1 80 20 22 d0 9a d1 80 d0 b8
0000000380: d0 bf d1 82 d0 be d0 9f d1 80 d0 be 20 d0 a3 d0
0000000390: a6 22 0c 4f d0 a1 d0 b5 d1 80 d1 82 d0 b8 d1 84
00000003A0: d0 b8 d0 ba d0 b0 d1 82 20 d1 81 d0 be d0 be d1
00000003B0: 82 d0 b2 d0 b5 d1 82 d1 81 d1 82 d0 b2 d0 b8 d1
00000003C0: 8f 20 e2 84 96 20 d0 a1 d0 a4 2f 30 30 30 2d 30
00000003D0: 30 30 30 20 d0 be d1 82 20 30 30 2e 30 30 2e 30
00000003E0: 30 30 30 0c 4f d0 a1 d0 b5 d1 80 d1 82 d0 b8 d1
00000003F0: 84 d0 b8 d0 ba d0 b0 d1 82 20 d1 81 d0 be d0 be
0000000400: d1 82 d0 b2 d0 b5 d1 82 d1 81 d1 82 d0 b2 d0 b8
Smyslov Expires 9 June 2023 [Page 71]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
0000000410: d1 8f 20 e2 84 96 20 d0 a1 d0 a4 2f 30 30 30 2d
0000000420: 30 30 30 30 20 d0 be d1 82 20 30 30 2e 30 30 2e
0000000430: 30 30 30 30 30 0b 06 03 55 1d 0f 04 04 03 02 01
0000000440: 86 30 0f 06 03 55 1d 13 01 01 ff 04 05 30 03 01
0000000450: 01 ff 30 1d 06 03 55 1d 0e 04 16 04 14 9b 85 5e
0000000460: fb 81 dc 4d 59 07 51 63 cf be df da 2c 7f c9 44
0000000470: 3c 30 12 06 09 2b 06 01 04 01 82 37 15 01 04 05
0000000480: 02 03 01 00 01 30 25 06 03 55 1d 20 04 1e 30 1c
0000000490: 30 08 06 06 2a 85 03 64 71 01 30 08 06 06 2a 85
00000004A0: 03 64 71 02 30 06 06 04 55 1d 20 00 30 23 06 09
00000004B0: 2b 06 01 04 01 82 37 15 02 04 16 04 14 c8 da 66
00000004C0: cb b6 97 d2 3e c9 67 1d c2 5b 64 3a ab dc bb cf
00000004D0: 69 30 0a 06 08 2a 85 03 07 01 01 03 02 03 41 00
00000004E0: 3e 95 cd d8 1f 95 bd 09 ab 73 82 f5 04 e0 f2 66
00000004F0: 12 32 82 9b 2b 03 cc 4b c0 b3 73 f8 e7 0d d6 bd
0000000500: 83 c8 27 2d 01 c1 ec ef 65 5d ac 77 fd dd da 9d
0000000510: 04 e2 bf e8 02 7f 87 36 1b cf ac 7a 28 9c 21 fe
0 1308: SEQUENCE {
4 1225: SEQUENCE {
8 3: [0] {
10 1: INTEGER 2
: }
13 16: INTEGER
: 3b 20 8a e5 fd 46 68 86 49 a0 50 fa af a8 83 93
31 10: SEQUENCE {
33 8: OBJECT IDENTIFIER
: gost2012Signature256 (1 2 643 7 1 1 3 2)
: }
43 266: SEQUENCE {
47 24: SET {
49 22: SEQUENCE {
51 5: OBJECT IDENTIFIER '1 2 643 100 1'
58 13: NumericString '1234567890123'
: }
: }
73 26: SET {
75 24: SEQUENCE {
77 8: OBJECT IDENTIFIER '1 2 643 3 131 1 1'
87 12: NumericString '001234567890'
: }
: }
101 47: SET {
103 45: SEQUENCE {
105 3: OBJECT IDENTIFIER
: streetAddress (2 5 4 9)
110 38: UTF8String 'ул. Сущёвский вал д. 18'
: }
Smyslov Expires 9 June 2023 [Page 72]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
: }
150 11: SET {
152 9: SEQUENCE {
154 3: OBJECT IDENTIFIER
: countryName (2 5 4 6)
159 2: PrintableString 'RU'
: }
: }
163 25: SET {
165 23: SEQUENCE {
167 3: OBJECT IDENTIFIER
: stateOrProvinceName (2 5 4 8)
172 16: UTF8String 'г. Москва'
: }
: }
190 21: SET {
192 19: SEQUENCE {
194 3: OBJECT IDENTIFIER
: localityName (2 5 4 7)
199 12: UTF8String 'Москва'
: }
: }
213 37: SET {
215 35: SEQUENCE {
217 3: OBJECT IDENTIFIER
: organizationName (2 5 4 10)
222 28: UTF8String 'ООО "КРИПТО-ПРО"'
: }
: }
252 59: SET {
254 57: SEQUENCE {
256 3: OBJECT IDENTIFIER
: commonName (2 5 4 3)
261 50: UTF8String
: 'Тестовый УЦ ООО "КРИПТО-ПРО"'
: }
: }
: }
313 30: SEQUENCE {
315 13: UTCTime 12/09/2018 10:19:30 GMT
330 13: UTCTime 12/09/2023 10:28:55 GMT
: }
345 266: SEQUENCE {
349 24: SET {
351 22: SEQUENCE {
353 5: OBJECT IDENTIFIER '1 2 643 100 1'
360 13: NumericString '1234567890123'
: }
Smyslov Expires 9 June 2023 [Page 73]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
: }
375 26: SET {
377 24: SEQUENCE {
379 8: OBJECT IDENTIFIER '1 2 643 3 131 1 1'
389 12: NumericString '001234567890'
: }
: }
403 47: SET {
405 45: SEQUENCE {
407 3: OBJECT IDENTIFIER
: streetAddress (2 5 4 9)
412 38: UTF8String 'ул. Сущёвский вал д. 18'
: }
: }
452 11: SET {
454 9: SEQUENCE {
456 3: OBJECT IDENTIFIER
: countryName (2 5 4 6)
461 2: PrintableString 'RU'
: }
: }
465 25: SET {
467 23: SEQUENCE {
469 3: OBJECT IDENTIFIER
: stateOrProvinceName (2 5 4 8)
474 16: UTF8String 'г. Москва'
: }
: }
492 21: SET {
494 19: SEQUENCE {
496 3: OBJECT IDENTIFIER
: localityName (2 5 4 7)
501 12: UTF8String 'Москва'
: }
: }
515 37: SET {
517 35: SEQUENCE {
519 3: OBJECT IDENTIFIER
: organizationName (2 5 4 10)
524 28: UTF8String 'ООО "КРИПТО-ПРО"'
: }
: }
554 59: SET {
556 57: SEQUENCE {
558 3: OBJECT IDENTIFIER
: commonName (2 5 4 3)
563 50: UTF8String
: 'Тестовый УЦ ООО "КРИПТО-ПРО"'
Smyslov Expires 9 June 2023 [Page 74]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
: }
: }
: }
615 102: SEQUENCE {
617 31: SEQUENCE {
619 8: OBJECT IDENTIFIER
: gost2012PublicKey256 (1 2 643 7 1 1 1 1)
629 19: SEQUENCE {
631 7: OBJECT IDENTIFIER
: cryptoProSignA (1 2 643 2 2 35 1)
640 8: OBJECT IDENTIFIER
: gost2012Digest256 (1 2 643 7 1 1 2 2)
: }
: }
650 67: BIT STRING, encapsulates {
653 64: OCTET STRING
: 98 1f fd a9 50 cd 21 86 30 f4 59 06 72 a9 d6 3d
: 6b c0 33 82 06 46 37 e3 dc 21 4a b1 f8 9f b7 56
: ec a5 2d b5 81 87 b6 9d c2 2e df fd 09 33 53 9c
: 18 32 ac d7 42 2e 09 a5 f4 36 a3 a5 c1 d2 22 f0
: }
: }
719 510: [3] {
723 506: SEQUENCE {
727 54: SEQUENCE {
729 5: OBJECT IDENTIFIER '1 2 643 100 111'
736 45: OCTET STRING, encapsulates {
738 43: UTF8String
: '"КриптоПро CSP" (версия 4.0)'
: }
: }
783 289: SEQUENCE {
787 5: OBJECT IDENTIFIER '1 2 643 100 112'
794 278: OCTET STRING, encapsulates {
798 274: SEQUENCE {
802 43: UTF8String
: '"КриптоПро CSP" (версия 4.0)'
847 65: UTF8String
: 'Удостоверяющий центр "КриптоПро УЦ"'
914 79: UTF8String
: 'Сертификат соответствия № СФ/000-0000 от 00.00.'
: '0000'
995 79: UTF8String
: 'Сертификат соответствия № СФ/000-0000 от 00.00.'
: '0000'
: }
: }
: }
Smyslov Expires 9 June 2023 [Page 75]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
1076 11: SEQUENCE {
1078 3: OBJECT IDENTIFIER
: keyUsage (2 5 29 15)
1083 4: OCTET STRING, encapsulates {
1085 2: BIT STRING 1 unused bit
: '1100001'B
: }
: }
1089 15: SEQUENCE {
1091 3: OBJECT IDENTIFIER
: basicConstraints (2 5 29 19)
1096 1: BOOLEAN TRUE
1099 5: OCTET STRING, encapsulates {
1101 3: SEQUENCE {
1103 1: BOOLEAN TRUE
: }
: }
: }
1106 29: SEQUENCE {
1108 3: OBJECT IDENTIFIER
: subjectKeyIdentifier (2 5 29 14)
1113 22: OCTET STRING, encapsulates {
1115 20: OCTET STRING
: 9b 85 5e fb 81 dc 4d 59 07 51 63 cf be df da 2c
: 7f c9 44 3c
: }
: }
1137 18: SEQUENCE {
1139 9: OBJECT IDENTIFIER
: cAKeyCertIndexPair (1 3 6 1 4 1 311 21 1)
1150 5: OCTET STRING, encapsulates {
1152 3: INTEGER 65537
: }
: }
1157 37: SEQUENCE {
1159 3: OBJECT IDENTIFIER
: certificatePolicies (2 5 29 32)
1164 30: OCTET STRING, encapsulates {
1166 28: SEQUENCE {
1168 8: SEQUENCE {
1170 6: OBJECT IDENTIFIER '1 2 643 100 113 1'
: }
1178 8: SEQUENCE {
1180 6: OBJECT IDENTIFIER '1 2 643 100 113 2'
: }
1188 6: SEQUENCE {
1190 4: OBJECT IDENTIFIER
: anyPolicy (2 5 29 32 0)
Smyslov Expires 9 June 2023 [Page 76]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
: }
: }
: }
: }
1196 35: SEQUENCE {
1198 9: OBJECT IDENTIFIER
: certSrvPreviousCertHash (1 3 6 1 4 1 311 21 2)
1209 22: OCTET STRING, encapsulates {
1211 20: OCTET STRING
: c8 da 66 cb b6 97 d2 3e c9 67 1d c2 5b 64 3a ab
: dc bb cf 69
: }
: }
: }
: }
: }
1233 10: SEQUENCE {
1235 8: OBJECT IDENTIFIER
: gost2012Signature256 (1 2 643 7 1 1 3 2)
: }
1245 65: BIT STRING
: 3e 95 cd d8 1f 95 bd 09 ab 73 82 f5 04 e0 f2 66
: 12 32 82 9b 2b 03 cc 4b c0 b3 73 f8 e7 0d d6 bd
: 83 c8 27 2d 01 c1 ec ef 65 5d ac 77 fd dd da 9d
: 04 e2 bf e8 02 7f 87 36 1b cf ac 7a 28 9c 21 fe
: }
This scenario includes four sub-scenarios.
Sub-scenario 1: Establishing of IKE and ESP SAs using the
IKE_SA_INIT and the IKE_AUTH exchanges.
Initiator Responder
HDR, SAi1, KEi, Ni [,N+] --->
<--- HDR, N(INVALID_KE_PAYLOAD)
HDR, SAi1, KEi, Ni [,N+] --->
<--- HDR, SAr1, KEr, Nr
[,CERTREQ] [,N+]
HDR, SK {IDi, [CERT,]
[CERTREQ,] [IDr,] [N+,]
AUTH, SAi2, TSi, TSr} --->
<--- HDR, SK {IDr, [CERT,] [N+,]
AUTH, SAr2, TSi, TSr}
Initiator's actions:
Smyslov Expires 9 June 2023 [Page 77]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
(1) Generates random SPIi for IKE SA
00000000: 92 80 e0 82 2e 75 87 78
(2) Generates random IKE nonce Ni
00000000: 98 44 d5 40 ef 89 46 f4 55 20 0a 55 73 dc ad 73
00000010: dd 2a 6f a8 31 f8 49 05 f5 8e 17 a2 6c cc 01 1f
(3) Generates ephemeral private key (512 bit)
00000000: 82 fb 1c 90 c3 a3 c2 16 7f 76 15 5d 69 06 f8 47
00000010: 3e fe 83 3e 21 cd e7 a4 e5 cd d9 71 ef d3 c5 db
00000020: 7e de 50 70 48 96 90 01 0c 81 02 b9 4b 56 f6 47
00000030: cb 27 40 25 58 55 80 32 e9 59 17 10 3b 0f eb 3b
(4) Computes public key
00000000: 89 77 c6 d7 2b 08 5d d5 48 b1 ea 5d 99 c5 03 09
00000010: c6 62 fe d7 7d 84 a4 d8 8b 9b a5 c8 3a 7a 05 86
00000020: e2 0d 8d 9b 5d ce 01 18 e2 d2 da 73 83 ee 30 ad
00000030: 49 88 44 6f bd 18 78 b4 bb da c9 df 1a ca d1 2a
00000040: 05 98 75 da 9e 9a 21 e4 db 71 8f af d1 96 c7 8b
00000050: de 9a b2 98 f7 55 bb 74 38 34 a4 da 47 ab 86 15
00000060: d4 c8 33 70 b7 02 79 b8 7f c2 97 6d 03 8f 2d 08
00000070: d7 ab ac 85 4c bf 5a f6 27 57 ad fe 61 50 5e 45
(5) Creates message
IKE SA Init
9280E0822E758778.0000000000000000.00000000 IKEv2 R<-I[328]
SA[52]{
P[48](#1:IKE::5#){
Encryption=ENCR_KUZNYECHIK_MGM_KTREE,
ENCR_MAGMA_MGM_KTREE,
PRF=PRF_HMAC_STREEBOG_512,
KE=GOST3410_2012_512,
GOST3410_2012_256}},
KE[136](GOST3410_2012_512){8977C6...505E45},
NONCE[36]{9844D5...CC011F},
N[28](NAT_DETECTION_SOURCE_IP){000000...000000},
N[28](NAT_DETECTION_DESTINATION_IP){7D2124...4E6F10},
N[8](IKEV2_FRAGMENTATION_SUPPORTED),
N[12](SIGNATURE_HASH_ALGORITHMS){STREEBOG_256, STREEBOG_512}
(6) Sends message, peer receives message
Smyslov Expires 9 June 2023 [Page 78]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
10.111.10.171:54294->10.111.15.45:500 [328]
00000000: 92 80 e0 82 2e 75 87 78 00 00 00 00 00 00 00 00
00000010: 21 20 22 08 00 00 00 00 00 00 01 48 22 00 00 34
00000020: 00 00 00 30 01 01 00 05 03 00 00 08 01 00 00 20
00000030: 03 00 00 08 01 00 00 21 03 00 00 08 02 00 00 09
00000040: 03 00 00 08 04 00 00 22 00 00 00 08 04 00 00 21
00000050: 28 00 00 88 00 22 00 00 89 77 c6 d7 2b 08 5d d5
00000060: 48 b1 ea 5d 99 c5 03 09 c6 62 fe d7 7d 84 a4 d8
00000070: 8b 9b a5 c8 3a 7a 05 86 e2 0d 8d 9b 5d ce 01 18
00000080: e2 d2 da 73 83 ee 30 ad 49 88 44 6f bd 18 78 b4
00000090: bb da c9 df 1a ca d1 2a 05 98 75 da 9e 9a 21 e4
000000A0: db 71 8f af d1 96 c7 8b de 9a b2 98 f7 55 bb 74
000000B0: 38 34 a4 da 47 ab 86 15 d4 c8 33 70 b7 02 79 b8
000000C0: 7f c2 97 6d 03 8f 2d 08 d7 ab ac 85 4c bf 5a f6
000000D0: 27 57 ad fe 61 50 5e 45 29 00 00 24 98 44 d5 40
000000E0: ef 89 46 f4 55 20 0a 55 73 dc ad 73 dd 2a 6f a8
000000F0: 31 f8 49 05 f5 8e 17 a2 6c cc 01 1f 29 00 00 1c
00000100: 00 00 40 04 00 00 00 00 00 00 00 00 00 00 00 00
00000110: 00 00 00 00 00 00 00 00 29 00 00 1c 00 00 40 05
00000120: 7d 21 24 87 89 d7 95 71 bd a2 2d 22 9d 51 d0 71
00000130: e9 4e 6f 10 29 00 00 08 00 00 40 2e 00 00 00 0c
00000140: 00 00 40 2f 00 06 00 07
Responder's actions:
(7) Parses received message
IKE SA Init
9280E0822E758778.0000000000000000.00000000 IKEv2 I->R[328]
SA[52]{
P[48](#1:IKE::5#){
Encryption=ENCR_KUZNYECHIK_MGM_KTREE,
ENCR_MAGMA_MGM_KTREE,
PRF=PRF_HMAC_STREEBOG_512,
KE=GOST3410_2012_512,
GOST3410_2012_256}},
KE[136](GOST3410_2012_512){8977C6...505E45},
NONCE[36]{9844D5...CC011F},
N[28](NAT_DETECTION_SOURCE_IP){000000...000000},
N[28](NAT_DETECTION_DESTINATION_IP){7D2124...4E6F10},
N[8](IKEV2_FRAGMENTATION_SUPPORTED),
N[12](SIGNATURE_HASH_ALGORITHMS){STREEBOG_256, STREEBOG_512}
(8) Creates message
Smyslov Expires 9 June 2023 [Page 79]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
IKE SA Init
9280E0822E758778.0000000000000000.00000000 IKEv2 I<=R[38]
N[10](INVALID_KE_PAYLOAD){GOST3410_2012_256}
(9) Sends message, peer receives message
10.111.10.171:54294<-10.111.15.45:500 [38]
00000000: 92 80 e0 82 2e 75 87 78 00 00 00 00 00 00 00 00
00000010: 29 20 22 20 00 00 00 00 00 00 00 26 00 00 00 0a
00000020: 00 00 00 11 00 21
Initiator's actions:
(10) Parses received message
IKE SA Init
9280E0822E758778.0000000000000000.00000000 IKEv2 R=>I[38]
N[10](INVALID_KE_PAYLOAD){GOST3410_2012_256}}
(11) Generates ephemeral private key (256 bit)
00000000: b9 7c ac df 01 43 44 dd 54 92 33 63 4a 6e da 64
00000010: 38 5b 6a 9c c0 3c 6c 41 c5 02 eb 63 d1 e6 24 21
(12) Computes public key
00000000: 7d b0 49 81 88 6d 1b 02 b2 a6 35 c5 8b ea 90 8c
00000010: 3e 16 de e5 43 13 22 0b ad f5 89 9f 7f 85 54 2d
00000020: 3e db 1e de 85 f7 d5 5d 6f 83 c5 d0 31 bd 31 49
00000030: dd 29 c5 16 16 7d ec 86 16 d8 85 e6 e4 50 ab 46
(13) Creates message
Smyslov Expires 9 June 2023 [Page 80]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
IKE SA Init
9280E0822E758778.0000000000000000.00000000 IKEv2 R<-I[264]
SA[52]{
P[48](#1:IKE::5#){
Encryption=ENCR_KUZNYECHIK_MGM_KTREE,
ENCR_MAGMA_MGM_KTREE,
PRF=PRF_HMAC_STREEBOG_512,
KE=GOST3410_2012_512,
GOST3410_2012_256}},
KE[72](GOST3410_2012_256){7DB049...50AB46},
NONCE[36]{9844D5...CC011F},
N[28](NAT_DETECTION_SOURCE_IP){000000...000000},
N[28](NAT_DETECTION_DESTINATION_IP){7D2124...4E6F10},
N[8](IKEV2_FRAGMENTATION_SUPPORTED),
N[12](SIGNATURE_HASH_ALGORITHMS){STREEBOG_256, STREEBOG_512}
(14) Sends message, peer receives message
10.111.10.171:54294->10.111.15.45:500 [264]
00000000: 92 80 e0 82 2e 75 87 78 00 00 00 00 00 00 00 00
00000010: 21 20 22 08 00 00 00 00 00 00 01 08 22 00 00 34
00000020: 00 00 00 30 01 01 00 05 03 00 00 08 01 00 00 20
00000030: 03 00 00 08 01 00 00 21 03 00 00 08 02 00 00 09
00000040: 03 00 00 08 04 00 00 22 00 00 00 08 04 00 00 21
00000050: 28 00 00 48 00 21 00 00 7d b0 49 81 88 6d 1b 02
00000060: b2 a6 35 c5 8b ea 90 8c 3e 16 de e5 43 13 22 0b
00000070: ad f5 89 9f 7f 85 54 2d 3e db 1e de 85 f7 d5 5d
00000080: 6f 83 c5 d0 31 bd 31 49 dd 29 c5 16 16 7d ec 86
00000090: 16 d8 85 e6 e4 50 ab 46 29 00 00 24 98 44 d5 40
000000A0: ef 89 46 f4 55 20 0a 55 73 dc ad 73 dd 2a 6f a8
000000B0: 31 f8 49 05 f5 8e 17 a2 6c cc 01 1f 29 00 00 1c
000000C0: 00 00 40 04 00 00 00 00 00 00 00 00 00 00 00 00
000000D0: 00 00 00 00 00 00 00 00 29 00 00 1c 00 00 40 05
000000E0: 7d 21 24 87 89 d7 95 71 bd a2 2d 22 9d 51 d0 71
000000F0: e9 4e 6f 10 29 00 00 08 00 00 40 2e 00 00 00 0c
00000100: 00 00 40 2f 00 06 00 07
Responder's actions:
(15) Parses received message
Smyslov Expires 9 June 2023 [Page 81]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
IKE SA Init
9280E0822E758778.0000000000000000.00000000 IKEv2 I->R[264]
SA[52]{
P[48](#1:IKE::5#){
Encryption=ENCR_KUZNYECHIK_MGM_KTREE,
ENCR_MAGMA_MGM_KTREE,
PRF=PRF_HMAC_STREEBOG_512,
KE=GOST3410_2012_512,
GOST3410_2012_256}},
KE[72](GOST3410_2012_256){7DB049...50AB46},
NONCE[36]{9844D5...CC011F},
N[28](NAT_DETECTION_SOURCE_IP){000000...000000},
N[28](NAT_DETECTION_DESTINATION_IP){7D2124...4E6F10},
N[8](IKEV2_FRAGMENTATION_SUPPORTED),
N[12](SIGNATURE_HASH_ALGORITHMS){STREEBOG_256, STREEBOG_512}
(16) Generates random SPIr for IKE SA
00000000: db 57 8d 97 de 11 9d 1e
(17) Generates random IKE nonce Nr
00000000: 6c de 24 c1 2c 0a 10 d5 c3 fe 55 e8 7e 90 30 66
00000010: ee 54 5b 24 1c 3c 01 dd b3 98 06 ae d3 b5 00 48
(18) Generates ephemeral private key
00000000: 46 fd 19 da 1c 77 e8 4c 12 69 cf c8 a2 2a 0b e9
00000010: 70 db c1 2c 9f 6d 88 0a 70 71 22 03 68 c6 fd 2d
(19) Computes public key
00000000: 49 c2 40 f6 ac 35 f1 70 a7 c2 37 5e 9a 78 3c 09
00000010: 59 8d 55 3b 30 5b 64 58 db 2f 3c 36 f4 b1 db ad
00000020: ff c8 f4 b2 bd 14 cf 96 5b b2 d6 80 51 69 67 06
00000030: bd 16 39 0e 6d 07 83 e4 9d ed fd 04 f1 9e 07 a2
(20) Computes hash of CA public key
00000000: 5e 9e 50 5f 58 b0 a5 7a 33 45 83 49 66 0f 1c 3c
00000010: 7a 67 71 98
(21) Creates message
Smyslov Expires 9 June 2023 [Page 82]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
IKE SA Init
9280E0822E758778.DB578D97DE119D1E.00000000 IKEv2 I<=R[273]
SA[36]{
P[32](#1:IKE::3#){
Encryption=ENCR_MAGMA_MGM_KTREE,
PRF=PRF_HMAC_STREEBOG_512,
KE=GOST3410_2012_256}},
KE[72](GOST3410_2012_256){49C240...9E07A2},
NONCE[36]{6CDE24...B50048},
N[28](NAT_DETECTION_SOURCE_IP){A4DCA3...2F5B3F},
N[28](NAT_DETECTION_DESTINATION_IP){BA7D7A...7AB7C9},
CERTREQ[25](X.509 Cert){5E9E50...677198},
N[8](IKEV2_FRAGMENTATION_SUPPORTED),
N[12](SIGNATURE_HASH_ALGORITHMS){STREEBOG_256, STREEBOG_512}
(22) Sends message, peer receives message
10.111.10.171:54294<-10.111.15.45:500 [273]
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 21 20 22 20 00 00 00 00 00 00 01 11 22 00 00 24
00000020: 00 00 00 20 01 01 00 03 03 00 00 08 01 00 00 21
00000030: 03 00 00 08 02 00 00 09 00 00 00 08 04 00 00 21
00000040: 28 00 00 48 00 21 00 00 49 c2 40 f6 ac 35 f1 70
00000050: a7 c2 37 5e 9a 78 3c 09 59 8d 55 3b 30 5b 64 58
00000060: db 2f 3c 36 f4 b1 db ad ff c8 f4 b2 bd 14 cf 96
00000070: 5b b2 d6 80 51 69 67 06 bd 16 39 0e 6d 07 83 e4
00000080: 9d ed fd 04 f1 9e 07 a2 29 00 00 24 6c de 24 c1
00000090: 2c 0a 10 d5 c3 fe 55 e8 7e 90 30 66 ee 54 5b 24
000000A0: 1c 3c 01 dd b3 98 06 ae d3 b5 00 48 29 00 00 1c
000000B0: 00 00 40 04 a4 dc a3 62 54 e8 4b 53 2b ff e7 d2
000000C0: 26 83 f3 8f 28 2f 5b 3f 26 00 00 1c 00 00 40 05
000000D0: ba 7d 7a b8 48 82 72 f6 30 91 b6 ae 2b dd fb 48
000000E0: ba 7a b7 c9 29 00 00 19 04 5e 9e 50 5f 58 b0 a5
000000F0: 7a 33 45 83 49 66 0f 1c 3c 7a 67 71 98 29 00 00
00000100: 08 00 00 40 2e 00 00 00 0c 00 00 40 2f 00 06 00
00000110: 07
Initiator's actions:
(23) Parses received message
Smyslov Expires 9 June 2023 [Page 83]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
IKE SA Init
9280E0822E758778.DB578D97DE119D1E.00000000 IKEv2 R=>I[273]
SA[36]{
P[32](#1:IKE::3#){
Encryption=ENCR_MAGMA_MGM_KTREE,
PRF=PRF_HMAC_STREEBOG_512,
KE=GOST3410_2012_256}},
KE[72](GOST3410_2012_256){49C240...9E07A2},
NONCE[36]{6CDE24...B50048},
N[28](NAT_DETECTION_SOURCE_IP){A4DCA3...2F5B3F},
N[28](NAT_DETECTION_DESTINATION_IP){BA7D7A...7AB7C9},
CERTREQ[25](X.509 Cert){5E9E50...677198},
N[8](IKEV2_FRAGMENTATION_SUPPORTED),
N[12](SIGNATURE_HASH_ALGORITHMS){STREEBOG_256, STREEBOG_512}
(24) Computes shared key
00000000: bd 04 9d 0f 9c 5f 58 af c7 e4 01 bc 18 59 01 7c
00000010: 88 28 f9 f2 9f 33 01 5d 49 9a 7d 14 74 d4 31 ac
(25) Computes SKEYSEED
00000000: 9b ed 6c 79 64 b3 de 3a e4 9e dd 62 04 5a f0 8b
00000010: 43 88 33 d4 e6 9e 73 16 a1 1a 9e b2 b4 19 13 c5
00000020: d0 6d fb 86 40 11 c3 02 bb e5 a3 b5 e4 4a c4 c0
00000030: 9d 18 c6 94 de c3 c5 14 82 e7 a2 51 fe c4 98 ca
(26) Computes SK_d
00000000: c2 21 15 fd d3 99 3b 2a 43 60 c4 59 34 b0 be 3f
00000010: 53 ef 6e b1 dd 88 ad 72 55 dd 83 22 5c 6f e1 d6
00000020: 1f 1e ab 06 f9 41 cb c8 ea f9 dc fc 19 a0 2d bf
00000030: 9a 0a 3f 3a 9a 45 1f 08 b6 a9 2c 62 52 b7 26 34
(27) Computes SK_ei
00000000: 18 4e 4e 0f 36 28 bf 3c 9c 04 8e 93 bf a0 77 53
00000010: 91 34 12 81 42 e6 4e 62 7f db a5 ed 98 60 50 ff
00000020: b4 e1 3e 23
(28) Computes SK_er
00000000: e9 27 59 2f 09 49 68 1e 0e 62 db c6 19 06 73 13
00000010: cf da 5c 02 27 3e 4a b4 78 98 b4 86 d0 e9 34 f4
00000020: a5 bb 18 2f
(29) Computes SK_pi
Smyslov Expires 9 June 2023 [Page 84]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: 30 2c 10 8d 0f 61 47 00 f1 40 4f a9 4f af b5 30
00000010: 11 ba 5f 24 39 32 85 12 4e 7e 71 75 50 15 a6 93
00000020: c3 d0 5e 40 2e 21 8e b1 59 09 cd a4 eb b4 91 68
00000030: 29 42 fe e2 d8 76 8f a6 96 55 1f ab 6c 9b 00 f8
(30) Computes SK_pr
00000000: 6f 81 72 cb 96 58 fb 0e 17 70 b6 b9 1f a9 69 a9
00000010: fc c7 27 4f b4 e1 85 90 a0 c7 9f f9 72 11 61 2a
00000020: 35 b7 b7 96 d3 6a bb a5 aa b1 b8 34 8d 99 c6 f3
00000030: 2b fc 32 56 c1 94 71 04 55 bd 89 6a bf c3 8b fe
(31) Computes prf(SK_pi, IDi)
00000000: ce e8 8b d1 7e 3c 83 32 eb d1 29 08 de dc 71 f4
00000010: 8f ba 09 b8 ca 5b 10 e2 f4 44 29 5c 97 7b 26 01
00000020: a4 ba 83 c8 ea 40 92 0f 88 18 bd e7 e1 c9 45 cf
00000030: ff 99 48 05 0d f4 93 a6 cd 54 46 d7 eb 7a 52 94
(32) Uses private key for signing (little endian)
00000000: 76 E9 DD B3 F3 A2 08 A2 4E A5 81 9C AE 41 DA B4
00000010: 77 3C 1D D5 DC EB AF E6 58 B1 47 D2 D8 29 CE 71
00000020: 18 A9 85 5D 28 5B 3C E3 23 BD 80 AC 2F 00 CC B6
00000030: 61 4C 42 A1 65 61 02 CF 33 EB 1F 5F 02 CE 8A B9
(33) Uses random number for signing
00000000: 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01
00000010: 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01
00000020: 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01
00000030: 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01
(34) Computes signature using algorithm id-tc26-signwithdigest-
gost3410-12-512
00000000: 6a 3e 59 0d 72 1e 55 a3 c0 d1 2f 8a 9b 4e 44 10
00000010: 58 59 bd 62 9e e7 12 31 e5 7d 01 53 f3 84 40 dd
00000020: ac 73 ed 09 3a 10 d9 6e 7f eb 80 6c 11 9e 91 f3
00000030: 7c 3c b0 55 f7 4b ec 0e 78 36 10 95 02 09 86 b3
00000040: 27 04 2a 83 3c 89 36 1b 73 cf 7b c9 e0 df a2 07
00000050: 12 1e 69 52 4d 89 1b de 6e 48 d1 34 fa 21 78 22
00000060: 88 2e 30 86 c0 80 0a 2d 74 af 08 ff 35 75 a5 79
00000070: e3 85 40 22 6b a8 42 f6 72 24 bf 29 87 58 a8 20
(35) Computes K1i (i1 = 0)
Smyslov Expires 9 June 2023 [Page 85]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: 3c 57 d7 c8 9f 50 98 fc 86 81 d6 8a 4e 5d 83 c6
00000010: 1e 42 e6 e7 60 67 05 8d f5 2e 10 13 12 15 32 58
(36) Computes K2i (i2 = 0)
00000000: 0b 88 0a 1b c8 3e 61 79 82 08 db 13 31 08 63 3c
00000010: 17 62 17 cb 7d 18 ce 70 37 84 85 f4 89 49 d0 06
(37) Computes K3i (i3 = 0)
00000000: 18 63 41 67 49 6e cf 48 56 71 4d aa 42 63 5c 11
00000010: 2e 26 5b e2 7b c7 53 a4 09 82 e5 5a 7e f4 65 4d
(38) Selects SPI for incoming ESP SA
00000000: 6c 0c a5 70
(39) Computes hash of CA public key
00000000: 5e 9e 50 5f 58 b0 a5 7a 33 45 83 49 66 0f 1c 3c
00000010: 7a 67 71 98
(40) Creates message splitting it into 4 fragments
IKE SA Auth
#9280E0822E758778.DB578D97DE119D1E.00000001 IKEv2 R<-I[1847]
E[1819]->4*EF[...]{
IDi[78](DN){CN=IKE Interop Test Client,O=ELVIS-PLUS,C=RU},
CERT[1280](X.509 Cert){308204...A6C40A},
CERTREQ[25](X.509 Cert){5E9E50...677198},
IDr[78](DN){CN=IKE Interop Test Server,O=ELVIS-PLUS,C=RU},
AUTH[149](Sig){id-tc26-signwithdigest-gost3410-12-512[12]:
6A3E59...58A820},
N[8](INITIAL_CONTACT),
N[12](SET_WINDOW_SIZE){4},
CP[16](REQUEST){IP4.Address[0], IP4.DNS[0]},
SA[56]{
P[52](#1:ESP:6C0CA570:5#){
Encryption=ENCR_KUZNYECHIK_MGM_KTREE,
ENCR_MAGMA_MGM_KTREE,
ENCR_KUZNYECHIK_MGM_MAC_KTREE,
ENCR_MAGMA_MGM_MAC_KTREE,
ESN=Off}},
TSi[40](2#){10.111.10.171:icmp:8.0, 0.0.0.0-255.255.255.255},
TSr[40](2#){10.0.0.2:icmp:8.0, 10.0.0.0-10.0.0.255},
N[8](ESP_TFC_PADDING_NOT_SUPPORTED),
N[8](NON_FIRST_FRAGMENTS_ALSO)}
Smyslov Expires 9 June 2023 [Page 86]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
(41) Composes MGM nonce (fragment 1)
00000000: 00 00 00 00 b4 e1 3e 23
(42) Composes AAD (fragment 1)
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 35 20 23 08 00 00 00 01 00 00 02 20 23 00 02 04
00000020: 00 01 00 04
(43) Composes plaintext (fragment 1)
00000000: 25 00 00 4e 09 00 00 00 30 44 31 20 30 1e 06 03
00000010: 55 04 03 13 17 49 4b 45 20 49 6e 74 65 72 6f 70
00000020: 20 54 65 73 74 20 43 6c 69 65 6e 74 31 13 30 11
00000030: 06 03 55 04 0a 13 0a 45 4c 56 49 53 2d 50 4c 55
00000040: 53 31 0b 30 09 06 03 55 04 06 13 02 52 55 26 00
00000050: 05 00 04 30 82 04 f7 30 82 04 a4 a0 03 02 01 02
00000060: 02 13 7c 00 03 da a8 9e 1e ff 9e 79 05 fb bb 00
00000070: 01 00 03 da a8 30 0a 06 08 2a 85 03 07 01 01 03
00000080: 02 30 82 01 0a 31 18 30 16 06 05 2a 85 03 64 01
00000090: 12 0d 31 32 33 34 35 36 37 38 39 30 31 32 33 31
000000A0: 1a 30 18 06 08 2a 85 03 03 81 03 01 01 12 0c 30
000000B0: 30 31 32 33 34 35 36 37 38 39 30 31 2f 30 2d 06
000000C0: 03 55 04 09 0c 26 d1 83 d0 bb 2e 20 d0 a1 d1 83
000000D0: d1 89 d1 91 d0 b2 d1 81 d0 ba d0 b8 d0 b9 20 d0
000000E0: b2 d0 b0 d0 bb 20 d0 b4 2e 20 31 38 31 0b 30 09
000000F0: 06 03 55 04 06 13 02 52 55 31 19 30 17 06 03 55
00000100: 04 08 0c 10 d0 b3 2e 20 d0 9c d0 be d1 81 d0 ba
00000110: d0 b2 d0 b0 31 15 30 13 06 03 55 04 07 0c 0c d0
00000120: 9c d0 be d1 81 d0 ba d0 b2 d0 b0 31 25 30 23 06
00000130: 03 55 04 0a 0c 1c d0 9e d0 9e d0 9e 20 22 d0 9a
00000140: d0 a0 d0 98 d0 9f d0 a2 d0 9e 2d d0 9f d0 a0 d0
00000150: 9e 22 31 3b 30 39 06 03 55 04 03 0c 32 d0 a2 d0
00000160: b5 d1 81 d1 82 d0 be d0 b2 d1 8b d0 b9 20 d0 a3
00000170: d0 a6 20 d0 9e d0 9e d0 9e 20 22 d0 9a d0 a0 d0
00000180: 98 d0 9f d0 a2 d0 9e 2d d0 9f d0 a0 d0 9e 22 30
00000190: 1e 17 0d 32 31 31 30 30 31 30 36 31 30 31 30 5a
000001A0: 17 0d 32 32 30 31 30 31 30 36 32 30 31 30 5a 30
000001B0: 44 31 20 30 1e 06 03 55 04 03 13 17 49 4b 45 20
000001C0: 49 6e 74 65 72 6f 70 20 54 65 73 74 20 43 6c 69
000001D0: 65 6e 74 31 13 30 11 06 03 55 04 0a 13 0a 45 4c
000001E0: 56 49 53 2d 50 4c 55 53 31 0b 30 00
(44) Encrypts plaintext using K3i as K_msg, resulted in ciphertext
(fragment 1)
Smyslov Expires 9 June 2023 [Page 87]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: 03 45 60 11 15 25 f5 45 bb 0e f4 25 26 e2 14 8c
00000010: a7 01 82 f6 9c 6e 42 f1 a3 9b 9e ac a6 dd 0d 9c
00000020: ff 79 15 ed b9 0c 81 a0 b4 29 61 fb 55 1b c1 73
00000030: 4d de 1f b2 5f 1f cb 84 5d 12 24 85 52 c4 f2 1d
00000040: 01 a7 92 ad 55 4d 90 d0 58 d2 1a 5e f6 dc 4e 73
00000050: d4 9b 08 66 d7 64 de 10 e6 75 69 20 e3 7b 6c f0
00000060: 4b 8b ff 60 39 f1 19 31 72 dd c1 09 33 5b 1d 56
00000070: ee 0c 1c 42 d7 f3 04 d3 5b 9a 6e cf 7f b3 1f ac
00000080: 34 a6 ee e0 ac 87 b8 88 99 75 a6 ae dc b5 30 38
00000090: eb 3d 48 fd cc 69 64 f8 c6 61 ce e9 e1 24 ba aa
000000A0: 25 5e e6 ea 8b 0c ef 20 31 bf a9 ae 6d e2 82 d4
000000B0: ab 2c d7 af ca 62 fe bd 7c 8f a9 dc d3 63 05 d7
000000C0: ba 92 56 66 44 ad 5d 9d 1e 9a 27 2e 22 6e 5b 0c
000000D0: af 84 6b c6 a7 cf ca 72 f8 8e d3 a1 bc d4 7c 5b
000000E0: 7e 26 7f b3 05 d8 62 ef ad d6 07 70 d7 4b 33 e4
000000F0: 26 84 e6 eb 5b 65 5c a7 71 29 45 15 d9 b0 83 6a
00000100: 52 5f a9 d8 dd f1 d8 62 c7 d7 3d e9 69 0e c5 b1
00000110: e1 de 20 6c 3d 5f f7 f7 9f f6 a5 7b 4d a5 4e e9
00000120: b4 c4 c2 7d cc 43 62 77 57 37 d3 40 48 b2 c0 5b
00000130: 48 ab d0 94 79 ef 3d 04 e3 d8 6d 42 56 ed cd 94
00000140: b4 23 2c fa f0 6b 39 ad 41 a3 b3 8f ec b8 6c ef
00000150: e1 98 3a b2 fb a8 fd 21 96 8a bf 3a 65 47 8a e9
00000160: 69 60 44 02 2c ec 7a 86 74 fe 1d 9b 08 5e b8 5e
00000170: f8 ca 37 20 5f a7 74 8c 12 88 f2 d8 9e d4 94 29
00000180: c2 db f9 fb 35 a0 cf 21 2b da 8b 9e cc 52 84 eb
00000190: c4 12 39 3e e6 18 fb f7 57 6c b5 1e 10 3d 11 9c
000001A0: 29 9c 41 73 69 d8 d0 9d 71 2b 77 66 87 65 51 19
000001B0: db 27 a0 dd aa 64 ba fd c0 5f e1 4e da 7c 20 fc
000001C0: 8c 13 ab 2d c2 9c 37 9d 7e 51 cb 29 03 10 52 dc
000001D0: f8 09 61 cc 12 9a a0 8e 1b e4 52 f8 72 bd 7a 86
000001E0: db 93 7c 55 b8 1e 7f 21 d4 e6 02 f2
(45) Computes ICV using K3i as K_msg (fragment 1)
00000000: b1 51 cd e6 dc 64 12 1c
(46) Composes IV (fragment 1)
00000000: 00 00 00 00 00 00 00 00
(47) Composes MGM nonce (fragment 2)
00000000: 00 00 00 01 b4 e1 3e 23
(48) Composes AAD (fragment 2)
Smyslov Expires 9 June 2023 [Page 88]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 35 20 23 08 00 00 00 01 00 00 02 20 00 00 02 04
00000020: 00 02 00 04
(49) Composes plaintext (fragment 2)
00000000: 09 06 03 55 04 06 13 02 52 55 30 81 aa 30 21 06
00000010: 08 2a 85 03 07 01 01 01 02 30 15 06 09 2a 85 03
00000020: 07 01 02 01 02 01 06 08 2a 85 03 07 01 01 02 03
00000030: 03 81 84 00 04 81 80 ee 2f 0a 0e 09 1e 7e 04 ef
00000040: ba 5b 62 a2 52 86 e1 9c 24 50 30 50 b0 b4 8a 37
00000050: 35 b5 fc af 28 94 ec b5 9b 92 41 5b 69 e2 c9 ba
00000060: 24 de 6a 72 c4 ef 44 bb 89 a1 05 14 1b 87 3d 6a
00000070: a3 72 3e 17 ca 7f 39 28 ce 16 8b dd 07 52 87 6a
00000080: 0d 77 42 6d 99 2b 46 2c fd 4b b2 7c d7 c7 17 08
00000090: 12 54 63 47 9d 14 3d 61 ed f2 95 ab 11 80 69 02
000000A0: a7 66 60 50 7e a4 53 6d ad 01 49 b2 16 8a 95 1d
000000B0: cf 1a 57 93 56 14 5e a3 82 02 59 30 82 02 55 30
000000C0: 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 a0 30
000000D0: 13 06 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05
000000E0: 05 07 03 11 30 1d 06 03 55 1d 0e 04 16 04 14 40
000000F0: 81 b1 d1 18 75 f0 da 6b 3c 50 5f cd 73 1d d9 77
00000100: f2 d7 c1 30 1f 06 03 55 1d 23 04 18 30 16 80 14
00000110: 9b 85 5e fb 81 dc 4d 59 07 51 63 cf be df da 2c
00000120: 7f c9 44 3c 30 82 01 0f 06 03 55 1d 1f 04 82 01
00000130: 06 30 82 01 02 30 81 ff a0 81 fc a0 81 f9 86 81
00000140: b5 68 74 74 70 3a 2f 2f 74 65 73 74 67 6f 73 74
00000150: 32 30 31 32 2e 63 72 79 70 74 6f 70 72 6f 2e 72
00000160: 75 2f 43 65 72 74 45 6e 72 6f 6c 6c 2f 21 30 34
00000170: 32 32 21 30 34 33 35 21 30 34 34 31 21 30 34 34
00000180: 32 21 30 34 33 65 21 30 34 33 32 21 30 34 34 62
00000190: 21 30 34 33 39 25 32 30 21 30 34 32 33 21 30 34
000001A0: 32 36 25 32 30 21 30 34 31 65 21 30 34 31 65 21
000001B0: 30 34 31 65 25 32 30 21 30 30 32 32 21 30 34 31
000001C0: 61 21 30 34 32 30 21 30 34 31 38 21 30 34 31 66
000001D0: 21 30 34 32 32 21 30 34 31 65 2d 21 30 34 31 66
000001E0: 21 30 34 32 30 21 30 34 31 65 21 00
(50) Encrypts plaintext using K3i as K_msg, resulted in ciphertext
(fragment 2)
Smyslov Expires 9 June 2023 [Page 89]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: 3c b1 b4 aa 04 56 27 1b 45 04 f7 70 1b 17 16 16
00000010: 85 16 ee b3 88 7d 08 64 2d 24 b8 1d 7e ac c9 72
00000020: 73 07 d3 d9 ef 5d 08 8b 47 97 5a 98 53 00 ec 13
00000030: cc 5a 46 7b 16 a2 14 6a f1 ea 17 71 9b 75 1d 46
00000040: 9d 6d 8c 3a a2 b2 75 c5 c9 4c 16 56 73 03 16 40
00000050: 42 fe a2 5a cc c7 ed 37 91 b1 eb e5 56 2a 01 bc
00000060: a2 83 ac 05 f1 a7 56 e5 f2 bb f4 18 7f 05 82 14
00000070: 70 de af 44 d4 cc a9 0a 95 6d c1 96 11 3d cf e1
00000080: aa 27 f1 87 60 d2 32 c1 1e 91 bf 60 00 5f d3 fb
00000090: a4 55 2e f0 0b 08 14 ed a3 63 54 4c b8 7b 5c 71
000000A0: 69 d1 3b 0c 6c 93 f3 99 2e fe 36 98 90 a1 05 ee
000000B0: 35 d2 da f8 81 59 f5 17 23 33 40 99 99 42 37 b0
000000C0: 0d 94 0a bd 00 cf 1c be 0e d0 13 93 e2 27 5a a5
000000D0: c5 e8 a0 25 5a 2d ad 6c b4 bc 64 37 05 ac cd 22
000000E0: 92 13 83 ab e8 87 93 29 82 dc 47 b4 1c 92 4d 36
000000F0: ef ba 10 3d 42 2d d6 2c d5 6b 95 99 2d 17 61 c4
00000100: c5 13 ed 55 a5 e5 b2 65 ac 25 24 21 c4 25 7f 6f
00000110: 68 fb ce 8f 17 60 e9 ac 9c 52 9f d5 d4 a7 14 35
00000120: 89 a4 1f de 21 a9 51 3c 1d 73 00 10 ba a6 7c 24
00000130: fb b9 20 21 5e df 63 8a c8 1f b1 55 05 5a 70 a8
00000140: b5 f4 23 9e 22 c0 2a 7c a5 11 01 c3 5e 3d 52 2a
00000150: b8 1d c5 19 b5 55 cc 8e f0 8d 6e 93 36 10 cd e3
00000160: c8 a5 a6 2e 90 53 fa 92 64 16 6c 4f da 9b e5 f8
00000170: 91 c5 ea b4 60 64 db ed d5 bc fc 3a 73 62 ce b2
00000180: ff 7a 15 95 0d 77 00 ee 5c a8 c5 89 2f 39 13 59
00000190: dd 52 ea 11 ae 28 82 36 be aa 29 68 4c f6 63 d5
000001A0: 93 a5 54 3d 8f 13 26 0a 87 34 b9 81 1c 2c cd d5
000001B0: 79 3a 65 6d 1c 6e 32 be b0 77 b7 b3 e4 ae b8 72
000001C0: f9 44 59 e9 14 46 67 56 93 ca 70 d1 ac 25 05 62
000001D0: f7 55 c2 9e 2e 11 a7 29 01 24 77 4a 6f 1c ba f6
000001E0: 4a 4f 83 75 29 1e c7 a9 68 29 02 d0
(51) Computes ICV using K3i as K_msg (fragment 2)
00000000: b4 68 c7 4d eb dd bd 92
(52) Composes IV (fragment 2)
00000000: 00 00 00 00 00 00 00 01
(53) Composes MGM nonce (fragment 3)
00000000: 00 00 00 02 b4 e1 3e 23
(54) Composes AAD (fragment 3)
Smyslov Expires 9 June 2023 [Page 90]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 35 20 23 08 00 00 00 01 00 00 02 20 00 00 02 04
00000020: 00 03 00 04
(55) Composes plaintext (fragment 3)
00000000: 30 30 32 32 28 31 29 2e 63 72 6c 86 3f 68 74 74
00000010: 70 3a 2f 2f 74 65 73 74 67 6f 73 74 32 30 31 32
00000020: 2e 63 72 79 70 74 6f 70 72 6f 2e 72 75 2f 43 65
00000030: 72 74 45 6e 72 6f 6c 6c 2f 74 65 73 74 67 6f 73
00000040: 74 32 30 31 32 28 31 29 2e 63 72 6c 30 81 da 06
00000050: 08 2b 06 01 05 05 07 01 01 04 81 cd 30 81 ca 30
00000060: 44 06 08 2b 06 01 05 05 07 30 02 86 38 68 74 74
00000070: 70 3a 2f 2f 74 65 73 74 67 6f 73 74 32 30 31 32
00000080: 2e 63 72 79 70 74 6f 70 72 6f 2e 72 75 2f 43 65
00000090: 72 74 45 6e 72 6f 6c 6c 2f 72 6f 6f 74 32 30 31
000000A0: 38 2e 63 72 74 30 3f 06 08 2b 06 01 05 05 07 30
000000B0: 01 86 33 68 74 74 70 3a 2f 2f 74 65 73 74 67 6f
000000C0: 73 74 32 30 31 32 2e 63 72 79 70 74 6f 70 72 6f
000000D0: 2e 72 75 2f 6f 63 73 70 32 30 31 32 67 2f 6f 63
000000E0: 73 70 2e 73 72 66 30 41 06 08 2b 06 01 05 05 07
000000F0: 30 01 86 35 68 74 74 70 3a 2f 2f 74 65 73 74 67
00000100: 6f 73 74 32 30 31 32 2e 63 72 79 70 74 6f 70 72
00000110: 6f 2e 72 75 2f 6f 63 73 70 32 30 31 32 67 73 74
00000120: 2f 6f 63 73 70 2e 73 72 66 30 0a 06 08 2a 85 03
00000130: 07 01 01 03 02 03 41 00 21 ee 3b e1 fd 0f 36 90
00000140: 92 c4 a2 35 26 e8 dc 4e b8 ef 89 40 70 d2 91 39
00000150: bc 79 a6 e2 f7 c1 06 bd d5 d6 ff 72 a5 6c f2 c0
00000160: c3 75 e9 ca 67 81 c1 93 96 b4 bd 18 12 4c 37 f7
00000170: d9 73 d6 4c 8a a6 c4 0a 24 00 00 19 04 5e 9e 50
00000180: 5f 58 b0 a5 7a 33 45 83 49 66 0f 1c 3c 7a 67 71
00000190: 98 27 00 00 4e 09 00 00 00 30 44 31 20 30 1e 06
000001A0: 03 55 04 03 13 17 49 4b 45 20 49 6e 74 65 72 6f
000001B0: 70 20 54 65 73 74 20 53 65 72 76 65 72 31 13 30
000001C0: 11 06 03 55 04 0a 13 0a 45 4c 56 49 53 2d 50 4c
000001D0: 55 53 31 0b 30 09 06 03 55 04 06 13 02 52 55 29
000001E0: 00 00 95 0e 00 00 00 0c 30 0a 06 00
(56) Encrypts plaintext using K3i as K_msg, resulted in ciphertext
(fragment 3)
Smyslov Expires 9 June 2023 [Page 91]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: e7 72 d9 51 90 b1 a2 bc 81 8d d6 56 bf 7a 81 e0
00000010: 1a a1 70 8b 35 a0 7e 5f e8 df 58 3d 75 5d d2 4c
00000020: 4c ce 17 77 3f 28 9c ca 7a a4 23 23 f0 c7 ff ff
00000030: 98 ee e3 1a 27 39 4d 90 1a b7 5b 44 11 16 11 3a
00000040: ea bf 83 66 da 92 2a 3a 3d bd b5 40 c8 bc f6 ed
00000050: cb 1d 5a 8e 30 f0 06 72 dc 6c da c1 45 7b e8 25
00000060: ca 93 2a b2 fe 4a db 00 90 e3 31 78 26 8d ae c8
00000070: 39 66 80 7d e5 01 5f 21 d6 c3 40 46 19 e4 43 9d
00000080: 23 c6 c1 18 06 49 bd f5 dc 8c 1b 19 b0 60 0c a3
00000090: ad f5 5c 57 e8 8e 37 e6 ea b6 79 11 b8 f1 16 ba
000000A0: a6 d9 09 1f 0d e0 3c 07 b8 ce 9d 11 a3 c6 f7 e4
000000B0: 62 e8 94 7b ad b9 8a 6b 9c f1 f8 43 cf 7e fc 5e
000000C0: 44 ab bf b1 88 f5 67 1e 84 5f 82 63 f3 13 89 55
000000D0: f5 ef 86 c3 db 48 37 f8 26 3c c4 6d a5 fc b5 69
000000E0: 56 0d 2d f3 c0 98 dd e7 53 da 0a 28 87 2f 38 ab
000000F0: a9 ec 60 a6 c4 54 c6 68 e7 6b e3 4b 54 bf b5 82
00000100: 44 c9 b9 45 bc 9e f5 58 d8 76 63 92 cd 52 ec 82
00000110: 80 d6 43 86 10 16 eb 7b 32 e4 ee ba ec 09 b6 4f
00000120: 35 1a bf da d7 de 40 fa b5 d2 40 f2 73 09 2d 52
00000130: 83 bd 56 a6 6b d3 9f 8a c2 c5 66 c6 6b 22 fb 6a
00000140: 00 b2 8a ac 9d 8b fc 8d 41 af 80 92 16 51 e2 cb
00000150: 89 62 9b 77 2b 1e 38 01 df fc 1f 81 2d 95 8b 9e
00000160: 1d 1e ad 9c c0 0d fc 77 6e 35 13 16 26 28 1a 29
00000170: 19 7f f8 08 5a 0f 09 4f 6f ba 7f 4c 5b cd 0c c2
00000180: 71 ab ea 82 a2 d2 d1 1b 17 fd dc c3 54 03 85 14
00000190: f4 90 47 2e 67 d7 93 c3 67 7e 8a f7 43 1a b3 41
000001A0: 32 f7 b0 58 38 6e 24 c8 96 d9 94 d3 54 89 2d 61
000001B0: 10 a9 9c 22 51 52 02 c9 b7 8d cc 5b 28 6d cb 55
000001C0: 5d 2f 97 8a 8f 3f 27 56 73 eb ec 5d e4 64 91 49
000001D0: 3b 88 f2 0a fc ed a5 67 a9 e3 71 ef 31 ce a0 33
000001E0: fc d8 ea 4d 1e 3f dc 89 c8 89 e2 c3
(57) Computes ICV using K3i as K_msg (fragment 3)
00000000: 54 4f 9b aa dd af bd ca
(58) Composes IV (fragment 3)
00000000: 00 00 00 00 00 00 00 02
(59) Composes MGM nonce (fragment 4)
00000000: 00 00 00 03 b4 e1 3e 23
(60) Composes AAD (fragment 4)
Smyslov Expires 9 June 2023 [Page 92]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 35 20 23 08 00 00 00 01 00 00 01 7a 00 00 01 5e
00000020: 00 04 00 04
(61) Composes plaintext (fragment 4)
00000000: 08 2a 85 03 07 01 01 03 03 6a 3e 59 0d 72 1e 55
00000010: a3 c0 d1 2f 8a 9b 4e 44 10 58 59 bd 62 9e e7 12
00000020: 31 e5 7d 01 53 f3 84 40 dd ac 73 ed 09 3a 10 d9
00000030: 6e 7f eb 80 6c 11 9e 91 f3 7c 3c b0 55 f7 4b ec
00000040: 0e 78 36 10 95 02 09 86 b3 27 04 2a 83 3c 89 36
00000050: 1b 73 cf 7b c9 e0 df a2 07 12 1e 69 52 4d 89 1b
00000060: de 6e 48 d1 34 fa 21 78 22 88 2e 30 86 c0 80 0a
00000070: 2d 74 af 08 ff 35 75 a5 79 e3 85 40 22 6b a8 42
00000080: f6 72 24 bf 29 87 58 a8 20 29 00 00 08 00 00 40
00000090: 00 2f 00 00 0c 00 00 40 01 00 00 00 04 21 00 00
000000A0: 10 01 00 00 00 00 01 00 00 00 03 00 00 2c 00 00
000000B0: 38 00 00 00 34 01 03 04 05 6c 0c a5 70 03 00 00
000000C0: 08 01 00 00 20 03 00 00 08 01 00 00 21 03 00 00
000000D0: 08 01 00 00 22 03 00 00 08 01 00 00 23 00 00 00
000000E0: 08 05 00 00 00 2d 00 00 28 02 00 00 00 07 01 00
000000F0: 10 08 00 08 00 0a 6f 0a ab 0a 6f 0a ab 07 00 00
00000100: 10 00 00 ff ff 00 00 00 00 ff ff ff ff 29 00 00
00000110: 28 02 00 00 00 07 01 00 10 08 00 08 00 0a 00 00
00000120: 02 0a 00 00 02 07 00 00 10 00 00 ff ff 0a 00 00
00000130: 00 0a 00 00 ff 29 00 00 08 00 00 40 0a 00 00 00
00000140: 08 00 00 40 0b 00
(62) Encrypts plaintext using K3i as K_msg, resulted in ciphertext
(fragment 4)
Smyslov Expires 9 June 2023 [Page 93]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: e0 8a 0b 04 ee f8 47 c2 52 96 71 9f 9d 39 0c 91
00000010: ea 6a 16 7c 80 31 a0 fd 76 cc c4 f1 8f 1a d3 be
00000020: fa 78 6b df c1 c6 73 83 be 36 69 c4 8a 87 ed 11
00000030: 90 31 a8 fd f9 0a 5c e4 d4 23 c9 e6 b3 96 ac b6
00000040: 8e bd fc 27 58 79 9f cc 8b ac 6b 59 e4 70 4b 05
00000050: 23 16 ed 49 25 f3 de 02 2e ce ae 86 e8 b4 ca b4
00000060: 96 ad 5b f6 2b c2 47 33 6f da f3 97 3c 13 ed 1f
00000070: 7a da 93 b5 69 6a b5 10 93 38 75 ea b7 34 a3 87
00000080: b6 83 c7 da 8a a1 d9 2a 0b 22 e2 ab 63 2b 57 2b
00000090: 88 e3 ea be 7b fc dc 26 ac b8 bb 15 96 f9 c2 f4
000000A0: 60 17 e4 09 18 ae 78 b8 73 02 6b 0e 20 cc b1 cd
000000B0: b4 4d 94 7f f3 16 28 9a d2 bd 26 77 4b a5 85 56
000000C0: b1 81 8b 9c c3 0a 7f 67 fe 6a 61 15 f1 45 66 f3
000000D0: 36 fc a5 bb 1f d7 6d e7 1d 9f 3f b5 cc 60 19 48
000000E0: 17 f7 08 28 1c 58 9f 2b 7a 0b b9 50 bd 02 ea b8
000000F0: 1e 03 1f 52 6a 7a fc e5 b4 6b 00 cf 0d 83 1f d2
00000100: 3f f2 ad 43 d4 86 6e c1 88 d2 87 d6 1f ac a3 30
00000110: 7b c1 5b 6a 3d 4c 20 72 5d 2c ca bf 87 a2 ce 1d
00000120: b3 fa c7 7c 22 cd 66 fc be 49 22 32 17 ee 6e 5e
00000130: 62 c1 ca 12 2b 5d 3d 7b ae b5 3e 53 c5 98 05 1f
00000140: 42 53 49 d1 2c c2
(63) Computes ICV using K3i as K_msg (fragment 4)
00000000: d2 25 f1 d0 38 65 b7 b6
(64) Composes IV (fragment 4)
00000000: 00 00 00 00 00 00 00 03
(65) Sends message fragment (1) , peer receives message fragment (1)
Smyslov Expires 9 June 2023 [Page 94]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
10.111.10.171:54295->10.111.15.45:4500 [548]
00000000: 00 00 00 00 92 80 e0 82 2e 75 87 78 db 57 8d 97
00000010: de 11 9d 1e 35 20 23 08 00 00 00 01 00 00 02 20
00000020: 23 00 02 04 00 01 00 04 00 00 00 00 00 00 00 00
00000030: 03 45 60 11 15 25 f5 45 bb 0e f4 25 26 e2 14 8c
00000040: a7 01 82 f6 9c 6e 42 f1 a3 9b 9e ac a6 dd 0d 9c
00000050: ff 79 15 ed b9 0c 81 a0 b4 29 61 fb 55 1b c1 73
00000060: 4d de 1f b2 5f 1f cb 84 5d 12 24 85 52 c4 f2 1d
00000070: 01 a7 92 ad 55 4d 90 d0 58 d2 1a 5e f6 dc 4e 73
00000080: d4 9b 08 66 d7 64 de 10 e6 75 69 20 e3 7b 6c f0
00000090: 4b 8b ff 60 39 f1 19 31 72 dd c1 09 33 5b 1d 56
000000A0: ee 0c 1c 42 d7 f3 04 d3 5b 9a 6e cf 7f b3 1f ac
000000B0: 34 a6 ee e0 ac 87 b8 88 99 75 a6 ae dc b5 30 38
000000C0: eb 3d 48 fd cc 69 64 f8 c6 61 ce e9 e1 24 ba aa
000000D0: 25 5e e6 ea 8b 0c ef 20 31 bf a9 ae 6d e2 82 d4
000000E0: ab 2c d7 af ca 62 fe bd 7c 8f a9 dc d3 63 05 d7
000000F0: ba 92 56 66 44 ad 5d 9d 1e 9a 27 2e 22 6e 5b 0c
00000100: af 84 6b c6 a7 cf ca 72 f8 8e d3 a1 bc d4 7c 5b
00000110: 7e 26 7f b3 05 d8 62 ef ad d6 07 70 d7 4b 33 e4
00000120: 26 84 e6 eb 5b 65 5c a7 71 29 45 15 d9 b0 83 6a
00000130: 52 5f a9 d8 dd f1 d8 62 c7 d7 3d e9 69 0e c5 b1
00000140: e1 de 20 6c 3d 5f f7 f7 9f f6 a5 7b 4d a5 4e e9
00000150: b4 c4 c2 7d cc 43 62 77 57 37 d3 40 48 b2 c0 5b
00000160: 48 ab d0 94 79 ef 3d 04 e3 d8 6d 42 56 ed cd 94
00000170: b4 23 2c fa f0 6b 39 ad 41 a3 b3 8f ec b8 6c ef
00000180: e1 98 3a b2 fb a8 fd 21 96 8a bf 3a 65 47 8a e9
00000190: 69 60 44 02 2c ec 7a 86 74 fe 1d 9b 08 5e b8 5e
000001A0: f8 ca 37 20 5f a7 74 8c 12 88 f2 d8 9e d4 94 29
000001B0: c2 db f9 fb 35 a0 cf 21 2b da 8b 9e cc 52 84 eb
000001C0: c4 12 39 3e e6 18 fb f7 57 6c b5 1e 10 3d 11 9c
000001D0: 29 9c 41 73 69 d8 d0 9d 71 2b 77 66 87 65 51 19
000001E0: db 27 a0 dd aa 64 ba fd c0 5f e1 4e da 7c 20 fc
000001F0: 8c 13 ab 2d c2 9c 37 9d 7e 51 cb 29 03 10 52 dc
00000200: f8 09 61 cc 12 9a a0 8e 1b e4 52 f8 72 bd 7a 86
00000210: db 93 7c 55 b8 1e 7f 21 d4 e6 02 f2 b1 51 cd e6
00000220: dc 64 12 1c
(66) Sends message fragment (2) , peer receives message fragment (2)
Smyslov Expires 9 June 2023 [Page 95]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
10.111.10.171:54295->10.111.15.45:4500 [548]
00000000: 00 00 00 00 92 80 e0 82 2e 75 87 78 db 57 8d 97
00000010: de 11 9d 1e 35 20 23 08 00 00 00 01 00 00 02 20
00000020: 00 00 02 04 00 02 00 04 00 00 00 00 00 00 00 01
00000030: 3c b1 b4 aa 04 56 27 1b 45 04 f7 70 1b 17 16 16
00000040: 85 16 ee b3 88 7d 08 64 2d 24 b8 1d 7e ac c9 72
00000050: 73 07 d3 d9 ef 5d 08 8b 47 97 5a 98 53 00 ec 13
00000060: cc 5a 46 7b 16 a2 14 6a f1 ea 17 71 9b 75 1d 46
00000070: 9d 6d 8c 3a a2 b2 75 c5 c9 4c 16 56 73 03 16 40
00000080: 42 fe a2 5a cc c7 ed 37 91 b1 eb e5 56 2a 01 bc
00000090: a2 83 ac 05 f1 a7 56 e5 f2 bb f4 18 7f 05 82 14
000000A0: 70 de af 44 d4 cc a9 0a 95 6d c1 96 11 3d cf e1
000000B0: aa 27 f1 87 60 d2 32 c1 1e 91 bf 60 00 5f d3 fb
000000C0: a4 55 2e f0 0b 08 14 ed a3 63 54 4c b8 7b 5c 71
000000D0: 69 d1 3b 0c 6c 93 f3 99 2e fe 36 98 90 a1 05 ee
000000E0: 35 d2 da f8 81 59 f5 17 23 33 40 99 99 42 37 b0
000000F0: 0d 94 0a bd 00 cf 1c be 0e d0 13 93 e2 27 5a a5
00000100: c5 e8 a0 25 5a 2d ad 6c b4 bc 64 37 05 ac cd 22
00000110: 92 13 83 ab e8 87 93 29 82 dc 47 b4 1c 92 4d 36
00000120: ef ba 10 3d 42 2d d6 2c d5 6b 95 99 2d 17 61 c4
00000130: c5 13 ed 55 a5 e5 b2 65 ac 25 24 21 c4 25 7f 6f
00000140: 68 fb ce 8f 17 60 e9 ac 9c 52 9f d5 d4 a7 14 35
00000150: 89 a4 1f de 21 a9 51 3c 1d 73 00 10 ba a6 7c 24
00000160: fb b9 20 21 5e df 63 8a c8 1f b1 55 05 5a 70 a8
00000170: b5 f4 23 9e 22 c0 2a 7c a5 11 01 c3 5e 3d 52 2a
00000180: b8 1d c5 19 b5 55 cc 8e f0 8d 6e 93 36 10 cd e3
00000190: c8 a5 a6 2e 90 53 fa 92 64 16 6c 4f da 9b e5 f8
000001A0: 91 c5 ea b4 60 64 db ed d5 bc fc 3a 73 62 ce b2
000001B0: ff 7a 15 95 0d 77 00 ee 5c a8 c5 89 2f 39 13 59
000001C0: dd 52 ea 11 ae 28 82 36 be aa 29 68 4c f6 63 d5
000001D0: 93 a5 54 3d 8f 13 26 0a 87 34 b9 81 1c 2c cd d5
000001E0: 79 3a 65 6d 1c 6e 32 be b0 77 b7 b3 e4 ae b8 72
000001F0: f9 44 59 e9 14 46 67 56 93 ca 70 d1 ac 25 05 62
00000200: f7 55 c2 9e 2e 11 a7 29 01 24 77 4a 6f 1c ba f6
00000210: 4a 4f 83 75 29 1e c7 a9 68 29 02 d0 b4 68 c7 4d
00000220: eb dd bd 92
(67) Sends message fragment (3) , peer receives message fragment (3)
Smyslov Expires 9 June 2023 [Page 96]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
10.111.10.171:54295->10.111.15.45:4500 [548]
00000000: 00 00 00 00 92 80 e0 82 2e 75 87 78 db 57 8d 97
00000010: de 11 9d 1e 35 20 23 08 00 00 00 01 00 00 02 20
00000020: 00 00 02 04 00 03 00 04 00 00 00 00 00 00 00 02
00000030: e7 72 d9 51 90 b1 a2 bc 81 8d d6 56 bf 7a 81 e0
00000040: 1a a1 70 8b 35 a0 7e 5f e8 df 58 3d 75 5d d2 4c
00000050: 4c ce 17 77 3f 28 9c ca 7a a4 23 23 f0 c7 ff ff
00000060: 98 ee e3 1a 27 39 4d 90 1a b7 5b 44 11 16 11 3a
00000070: ea bf 83 66 da 92 2a 3a 3d bd b5 40 c8 bc f6 ed
00000080: cb 1d 5a 8e 30 f0 06 72 dc 6c da c1 45 7b e8 25
00000090: ca 93 2a b2 fe 4a db 00 90 e3 31 78 26 8d ae c8
000000A0: 39 66 80 7d e5 01 5f 21 d6 c3 40 46 19 e4 43 9d
000000B0: 23 c6 c1 18 06 49 bd f5 dc 8c 1b 19 b0 60 0c a3
000000C0: ad f5 5c 57 e8 8e 37 e6 ea b6 79 11 b8 f1 16 ba
000000D0: a6 d9 09 1f 0d e0 3c 07 b8 ce 9d 11 a3 c6 f7 e4
000000E0: 62 e8 94 7b ad b9 8a 6b 9c f1 f8 43 cf 7e fc 5e
000000F0: 44 ab bf b1 88 f5 67 1e 84 5f 82 63 f3 13 89 55
00000100: f5 ef 86 c3 db 48 37 f8 26 3c c4 6d a5 fc b5 69
00000110: 56 0d 2d f3 c0 98 dd e7 53 da 0a 28 87 2f 38 ab
00000120: a9 ec 60 a6 c4 54 c6 68 e7 6b e3 4b 54 bf b5 82
00000130: 44 c9 b9 45 bc 9e f5 58 d8 76 63 92 cd 52 ec 82
00000140: 80 d6 43 86 10 16 eb 7b 32 e4 ee ba ec 09 b6 4f
00000150: 35 1a bf da d7 de 40 fa b5 d2 40 f2 73 09 2d 52
00000160: 83 bd 56 a6 6b d3 9f 8a c2 c5 66 c6 6b 22 fb 6a
00000170: 00 b2 8a ac 9d 8b fc 8d 41 af 80 92 16 51 e2 cb
00000180: 89 62 9b 77 2b 1e 38 01 df fc 1f 81 2d 95 8b 9e
00000190: 1d 1e ad 9c c0 0d fc 77 6e 35 13 16 26 28 1a 29
000001A0: 19 7f f8 08 5a 0f 09 4f 6f ba 7f 4c 5b cd 0c c2
000001B0: 71 ab ea 82 a2 d2 d1 1b 17 fd dc c3 54 03 85 14
000001C0: f4 90 47 2e 67 d7 93 c3 67 7e 8a f7 43 1a b3 41
000001D0: 32 f7 b0 58 38 6e 24 c8 96 d9 94 d3 54 89 2d 61
000001E0: 10 a9 9c 22 51 52 02 c9 b7 8d cc 5b 28 6d cb 55
000001F0: 5d 2f 97 8a 8f 3f 27 56 73 eb ec 5d e4 64 91 49
00000200: 3b 88 f2 0a fc ed a5 67 a9 e3 71 ef 31 ce a0 33
00000210: fc d8 ea 4d 1e 3f dc 89 c8 89 e2 c3 54 4f 9b aa
00000220: dd af bd ca
(68) Sends message fragment (4) , peer receives message fragment (4)
Smyslov Expires 9 June 2023 [Page 97]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
10.111.10.171:54295->10.111.15.45:4500 [382]
00000000: 00 00 00 00 92 80 e0 82 2e 75 87 78 db 57 8d 97
00000010: de 11 9d 1e 35 20 23 08 00 00 00 01 00 00 01 7a
00000020: 00 00 01 5e 00 04 00 04 00 00 00 00 00 00 00 03
00000030: e0 8a 0b 04 ee f8 47 c2 52 96 71 9f 9d 39 0c 91
00000040: ea 6a 16 7c 80 31 a0 fd 76 cc c4 f1 8f 1a d3 be
00000050: fa 78 6b df c1 c6 73 83 be 36 69 c4 8a 87 ed 11
00000060: 90 31 a8 fd f9 0a 5c e4 d4 23 c9 e6 b3 96 ac b6
00000070: 8e bd fc 27 58 79 9f cc 8b ac 6b 59 e4 70 4b 05
00000080: 23 16 ed 49 25 f3 de 02 2e ce ae 86 e8 b4 ca b4
00000090: 96 ad 5b f6 2b c2 47 33 6f da f3 97 3c 13 ed 1f
000000A0: 7a da 93 b5 69 6a b5 10 93 38 75 ea b7 34 a3 87
000000B0: b6 83 c7 da 8a a1 d9 2a 0b 22 e2 ab 63 2b 57 2b
000000C0: 88 e3 ea be 7b fc dc 26 ac b8 bb 15 96 f9 c2 f4
000000D0: 60 17 e4 09 18 ae 78 b8 73 02 6b 0e 20 cc b1 cd
000000E0: b4 4d 94 7f f3 16 28 9a d2 bd 26 77 4b a5 85 56
000000F0: b1 81 8b 9c c3 0a 7f 67 fe 6a 61 15 f1 45 66 f3
00000100: 36 fc a5 bb 1f d7 6d e7 1d 9f 3f b5 cc 60 19 48
00000110: 17 f7 08 28 1c 58 9f 2b 7a 0b b9 50 bd 02 ea b8
00000120: 1e 03 1f 52 6a 7a fc e5 b4 6b 00 cf 0d 83 1f d2
00000130: 3f f2 ad 43 d4 86 6e c1 88 d2 87 d6 1f ac a3 30
00000140: 7b c1 5b 6a 3d 4c 20 72 5d 2c ca bf 87 a2 ce 1d
00000150: b3 fa c7 7c 22 cd 66 fc be 49 22 32 17 ee 6e 5e
00000160: 62 c1 ca 12 2b 5d 3d 7b ae b5 3e 53 c5 98 05 1f
00000170: 42 53 49 d1 2c c2 d2 25 f1 d0 38 65 b7 b6
Responder's actions:
(69) Computes shared key
00000000: bd 04 9d 0f 9c 5f 58 af c7 e4 01 bc 18 59 01 7c
00000010: 88 28 f9 f2 9f 33 01 5d 49 9a 7d 14 74 d4 31 ac
(70) Computes SKEYSEED
00000000: 9b ed 6c 79 64 b3 de 3a e4 9e dd 62 04 5a f0 8b
00000010: 43 88 33 d4 e6 9e 73 16 a1 1a 9e b2 b4 19 13 c5
00000020: d0 6d fb 86 40 11 c3 02 bb e5 a3 b5 e4 4a c4 c0
00000030: 9d 18 c6 94 de c3 c5 14 82 e7 a2 51 fe c4 98 ca
(71) Computes SK_d
00000000: c2 21 15 fd d3 99 3b 2a 43 60 c4 59 34 b0 be 3f
00000010: 53 ef 6e b1 dd 88 ad 72 55 dd 83 22 5c 6f e1 d6
00000020: 1f 1e ab 06 f9 41 cb c8 ea f9 dc fc 19 a0 2d bf
00000030: 9a 0a 3f 3a 9a 45 1f 08 b6 a9 2c 62 52 b7 26 34
Smyslov Expires 9 June 2023 [Page 98]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
(72) Computes SK_ei
00000000: 18 4e 4e 0f 36 28 bf 3c 9c 04 8e 93 bf a0 77 53
00000010: 91 34 12 81 42 e6 4e 62 7f db a5 ed 98 60 50 ff
00000020: b4 e1 3e 23
(73) Computes SK_er
00000000: e9 27 59 2f 09 49 68 1e 0e 62 db c6 19 06 73 13
00000010: cf da 5c 02 27 3e 4a b4 78 98 b4 86 d0 e9 34 f4
00000020: a5 bb 18 2f
(74) Computes SK_pi
00000000: 30 2c 10 8d 0f 61 47 00 f1 40 4f a9 4f af b5 30
00000010: 11 ba 5f 24 39 32 85 12 4e 7e 71 75 50 15 a6 93
00000020: c3 d0 5e 40 2e 21 8e b1 59 09 cd a4 eb b4 91 68
00000030: 29 42 fe e2 d8 76 8f a6 96 55 1f ab 6c 9b 00 f8
(75) Computes SK_pr
00000000: 6f 81 72 cb 96 58 fb 0e 17 70 b6 b9 1f a9 69 a9
00000010: fc c7 27 4f b4 e1 85 90 a0 c7 9f f9 72 11 61 2a
00000020: 35 b7 b7 96 d3 6a bb a5 aa b1 b8 34 8d 99 c6 f3
00000030: 2b fc 32 56 c1 94 71 04 55 bd 89 6a bf c3 8b fe
(76) Extracts IV from message (fragment 1)
00000000: 00 00 00 00 00 00 00 00
(77) Computes K1i (i1 = 0)
00000000: 3c 57 d7 c8 9f 50 98 fc 86 81 d6 8a 4e 5d 83 c6
00000010: 1e 42 e6 e7 60 67 05 8d f5 2e 10 13 12 15 32 58
(78) Computes K2i (i2 = 0)
00000000: 0b 88 0a 1b c8 3e 61 79 82 08 db 13 31 08 63 3c
00000010: 17 62 17 cb 7d 18 ce 70 37 84 85 f4 89 49 d0 06
(79) Computes K3i (i3 = 0)
00000000: 18 63 41 67 49 6e cf 48 56 71 4d aa 42 63 5c 11
00000010: 2e 26 5b e2 7b c7 53 a4 09 82 e5 5a 7e f4 65 4d
(80) Composes MGM nonce (fragment 1)
00000000: 00 00 00 00 b4 e1 3e 23
Smyslov Expires 9 June 2023 [Page 99]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
(81) Extracts ICV from message (fragment 1)
00000000: b1 51 cd e6 dc 64 12 1c
(82) Extracts AAD from message (fragment 1)
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 35 20 23 08 00 00 00 01 00 00 02 20 23 00 02 04
00000020: 00 01 00 04
(83) Extracts ciphertext from message (fragment 1)
00000000: 03 45 60 11 15 25 f5 45 bb 0e f4 25 26 e2 14 8c
00000010: a7 01 82 f6 9c 6e 42 f1 a3 9b 9e ac a6 dd 0d 9c
00000020: ff 79 15 ed b9 0c 81 a0 b4 29 61 fb 55 1b c1 73
00000030: 4d de 1f b2 5f 1f cb 84 5d 12 24 85 52 c4 f2 1d
00000040: 01 a7 92 ad 55 4d 90 d0 58 d2 1a 5e f6 dc 4e 73
00000050: d4 9b 08 66 d7 64 de 10 e6 75 69 20 e3 7b 6c f0
00000060: 4b 8b ff 60 39 f1 19 31 72 dd c1 09 33 5b 1d 56
00000070: ee 0c 1c 42 d7 f3 04 d3 5b 9a 6e cf 7f b3 1f ac
00000080: 34 a6 ee e0 ac 87 b8 88 99 75 a6 ae dc b5 30 38
00000090: eb 3d 48 fd cc 69 64 f8 c6 61 ce e9 e1 24 ba aa
000000A0: 25 5e e6 ea 8b 0c ef 20 31 bf a9 ae 6d e2 82 d4
000000B0: ab 2c d7 af ca 62 fe bd 7c 8f a9 dc d3 63 05 d7
000000C0: ba 92 56 66 44 ad 5d 9d 1e 9a 27 2e 22 6e 5b 0c
000000D0: af 84 6b c6 a7 cf ca 72 f8 8e d3 a1 bc d4 7c 5b
000000E0: 7e 26 7f b3 05 d8 62 ef ad d6 07 70 d7 4b 33 e4
000000F0: 26 84 e6 eb 5b 65 5c a7 71 29 45 15 d9 b0 83 6a
00000100: 52 5f a9 d8 dd f1 d8 62 c7 d7 3d e9 69 0e c5 b1
00000110: e1 de 20 6c 3d 5f f7 f7 9f f6 a5 7b 4d a5 4e e9
00000120: b4 c4 c2 7d cc 43 62 77 57 37 d3 40 48 b2 c0 5b
00000130: 48 ab d0 94 79 ef 3d 04 e3 d8 6d 42 56 ed cd 94
00000140: b4 23 2c fa f0 6b 39 ad 41 a3 b3 8f ec b8 6c ef
00000150: e1 98 3a b2 fb a8 fd 21 96 8a bf 3a 65 47 8a e9
00000160: 69 60 44 02 2c ec 7a 86 74 fe 1d 9b 08 5e b8 5e
00000170: f8 ca 37 20 5f a7 74 8c 12 88 f2 d8 9e d4 94 29
00000180: c2 db f9 fb 35 a0 cf 21 2b da 8b 9e cc 52 84 eb
00000190: c4 12 39 3e e6 18 fb f7 57 6c b5 1e 10 3d 11 9c
000001A0: 29 9c 41 73 69 d8 d0 9d 71 2b 77 66 87 65 51 19
000001B0: db 27 a0 dd aa 64 ba fd c0 5f e1 4e da 7c 20 fc
000001C0: 8c 13 ab 2d c2 9c 37 9d 7e 51 cb 29 03 10 52 dc
000001D0: f8 09 61 cc 12 9a a0 8e 1b e4 52 f8 72 bd 7a 86
000001E0: db 93 7c 55 b8 1e 7f 21 d4 e6 02 f2
(84) Decrypts ciphertext and verifies ICV using K3i as K_msg,
resulted in plaintext (fragment 1)
Smyslov Expires 9 June 2023 [Page 100]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: 25 00 00 4e 09 00 00 00 30 44 31 20 30 1e 06 03
00000010: 55 04 03 13 17 49 4b 45 20 49 6e 74 65 72 6f 70
00000020: 20 54 65 73 74 20 43 6c 69 65 6e 74 31 13 30 11
00000030: 06 03 55 04 0a 13 0a 45 4c 56 49 53 2d 50 4c 55
00000040: 53 31 0b 30 09 06 03 55 04 06 13 02 52 55 26 00
00000050: 05 00 04 30 82 04 f7 30 82 04 a4 a0 03 02 01 02
00000060: 02 13 7c 00 03 da a8 9e 1e ff 9e 79 05 fb bb 00
00000070: 01 00 03 da a8 30 0a 06 08 2a 85 03 07 01 01 03
00000080: 02 30 82 01 0a 31 18 30 16 06 05 2a 85 03 64 01
00000090: 12 0d 31 32 33 34 35 36 37 38 39 30 31 32 33 31
000000A0: 1a 30 18 06 08 2a 85 03 03 81 03 01 01 12 0c 30
000000B0: 30 31 32 33 34 35 36 37 38 39 30 31 2f 30 2d 06
000000C0: 03 55 04 09 0c 26 d1 83 d0 bb 2e 20 d0 a1 d1 83
000000D0: d1 89 d1 91 d0 b2 d1 81 d0 ba d0 b8 d0 b9 20 d0
000000E0: b2 d0 b0 d0 bb 20 d0 b4 2e 20 31 38 31 0b 30 09
000000F0: 06 03 55 04 06 13 02 52 55 31 19 30 17 06 03 55
00000100: 04 08 0c 10 d0 b3 2e 20 d0 9c d0 be d1 81 d0 ba
00000110: d0 b2 d0 b0 31 15 30 13 06 03 55 04 07 0c 0c d0
00000120: 9c d0 be d1 81 d0 ba d0 b2 d0 b0 31 25 30 23 06
00000130: 03 55 04 0a 0c 1c d0 9e d0 9e d0 9e 20 22 d0 9a
00000140: d0 a0 d0 98 d0 9f d0 a2 d0 9e 2d d0 9f d0 a0 d0
00000150: 9e 22 31 3b 30 39 06 03 55 04 03 0c 32 d0 a2 d0
00000160: b5 d1 81 d1 82 d0 be d0 b2 d1 8b d0 b9 20 d0 a3
00000170: d0 a6 20 d0 9e d0 9e d0 9e 20 22 d0 9a d0 a0 d0
00000180: 98 d0 9f d0 a2 d0 9e 2d d0 9f d0 a0 d0 9e 22 30
00000190: 1e 17 0d 32 31 31 30 30 31 30 36 31 30 31 30 5a
000001A0: 17 0d 32 32 30 31 30 31 30 36 32 30 31 30 5a 30
000001B0: 44 31 20 30 1e 06 03 55 04 03 13 17 49 4b 45 20
000001C0: 49 6e 74 65 72 6f 70 20 54 65 73 74 20 43 6c 69
000001D0: 65 6e 74 31 13 30 11 06 03 55 04 0a 13 0a 45 4c
000001E0: 56 49 53 2d 50 4c 55 53 31 0b 30 00
(85) Extracts IV from message (fragment 2)
00000000: 00 00 00 00 00 00 00 01
(86) Uses previously computed key K3i
00000000: 18 63 41 67 49 6e cf 48 56 71 4d aa 42 63 5c 11
00000010: 2e 26 5b e2 7b c7 53 a4 09 82 e5 5a 7e f4 65 4d
(87) Composes MGM nonce (fragment 2)
00000000: 00 00 00 01 b4 e1 3e 23
(88) Extracts ICV from message (fragment 2)
00000000: b4 68 c7 4d eb dd bd 92
Smyslov Expires 9 June 2023 [Page 101]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
(89) Extracts AAD from message (fragment 2)
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 35 20 23 08 00 00 00 01 00 00 02 20 00 00 02 04
00000020: 00 02 00 04
(90) Extracts ciphertext from message (fragment 2)
00000000: 3c b1 b4 aa 04 56 27 1b 45 04 f7 70 1b 17 16 16
00000010: 85 16 ee b3 88 7d 08 64 2d 24 b8 1d 7e ac c9 72
00000020: 73 07 d3 d9 ef 5d 08 8b 47 97 5a 98 53 00 ec 13
00000030: cc 5a 46 7b 16 a2 14 6a f1 ea 17 71 9b 75 1d 46
00000040: 9d 6d 8c 3a a2 b2 75 c5 c9 4c 16 56 73 03 16 40
00000050: 42 fe a2 5a cc c7 ed 37 91 b1 eb e5 56 2a 01 bc
00000060: a2 83 ac 05 f1 a7 56 e5 f2 bb f4 18 7f 05 82 14
00000070: 70 de af 44 d4 cc a9 0a 95 6d c1 96 11 3d cf e1
00000080: aa 27 f1 87 60 d2 32 c1 1e 91 bf 60 00 5f d3 fb
00000090: a4 55 2e f0 0b 08 14 ed a3 63 54 4c b8 7b 5c 71
000000A0: 69 d1 3b 0c 6c 93 f3 99 2e fe 36 98 90 a1 05 ee
000000B0: 35 d2 da f8 81 59 f5 17 23 33 40 99 99 42 37 b0
000000C0: 0d 94 0a bd 00 cf 1c be 0e d0 13 93 e2 27 5a a5
000000D0: c5 e8 a0 25 5a 2d ad 6c b4 bc 64 37 05 ac cd 22
000000E0: 92 13 83 ab e8 87 93 29 82 dc 47 b4 1c 92 4d 36
000000F0: ef ba 10 3d 42 2d d6 2c d5 6b 95 99 2d 17 61 c4
00000100: c5 13 ed 55 a5 e5 b2 65 ac 25 24 21 c4 25 7f 6f
00000110: 68 fb ce 8f 17 60 e9 ac 9c 52 9f d5 d4 a7 14 35
00000120: 89 a4 1f de 21 a9 51 3c 1d 73 00 10 ba a6 7c 24
00000130: fb b9 20 21 5e df 63 8a c8 1f b1 55 05 5a 70 a8
00000140: b5 f4 23 9e 22 c0 2a 7c a5 11 01 c3 5e 3d 52 2a
00000150: b8 1d c5 19 b5 55 cc 8e f0 8d 6e 93 36 10 cd e3
00000160: c8 a5 a6 2e 90 53 fa 92 64 16 6c 4f da 9b e5 f8
00000170: 91 c5 ea b4 60 64 db ed d5 bc fc 3a 73 62 ce b2
00000180: ff 7a 15 95 0d 77 00 ee 5c a8 c5 89 2f 39 13 59
00000190: dd 52 ea 11 ae 28 82 36 be aa 29 68 4c f6 63 d5
000001A0: 93 a5 54 3d 8f 13 26 0a 87 34 b9 81 1c 2c cd d5
000001B0: 79 3a 65 6d 1c 6e 32 be b0 77 b7 b3 e4 ae b8 72
000001C0: f9 44 59 e9 14 46 67 56 93 ca 70 d1 ac 25 05 62
000001D0: f7 55 c2 9e 2e 11 a7 29 01 24 77 4a 6f 1c ba f6
000001E0: 4a 4f 83 75 29 1e c7 a9 68 29 02 d0
(91) Decrypts ciphertext and verifies ICV using K3i as K_msg,
resulted in plaintext (fragment 2)
Smyslov Expires 9 June 2023 [Page 102]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: 09 06 03 55 04 06 13 02 52 55 30 81 aa 30 21 06
00000010: 08 2a 85 03 07 01 01 01 02 30 15 06 09 2a 85 03
00000020: 07 01 02 01 02 01 06 08 2a 85 03 07 01 01 02 03
00000030: 03 81 84 00 04 81 80 ee 2f 0a 0e 09 1e 7e 04 ef
00000040: ba 5b 62 a2 52 86 e1 9c 24 50 30 50 b0 b4 8a 37
00000050: 35 b5 fc af 28 94 ec b5 9b 92 41 5b 69 e2 c9 ba
00000060: 24 de 6a 72 c4 ef 44 bb 89 a1 05 14 1b 87 3d 6a
00000070: a3 72 3e 17 ca 7f 39 28 ce 16 8b dd 07 52 87 6a
00000080: 0d 77 42 6d 99 2b 46 2c fd 4b b2 7c d7 c7 17 08
00000090: 12 54 63 47 9d 14 3d 61 ed f2 95 ab 11 80 69 02
000000A0: a7 66 60 50 7e a4 53 6d ad 01 49 b2 16 8a 95 1d
000000B0: cf 1a 57 93 56 14 5e a3 82 02 59 30 82 02 55 30
000000C0: 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 a0 30
000000D0: 13 06 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05
000000E0: 05 07 03 11 30 1d 06 03 55 1d 0e 04 16 04 14 40
000000F0: 81 b1 d1 18 75 f0 da 6b 3c 50 5f cd 73 1d d9 77
00000100: f2 d7 c1 30 1f 06 03 55 1d 23 04 18 30 16 80 14
00000110: 9b 85 5e fb 81 dc 4d 59 07 51 63 cf be df da 2c
00000120: 7f c9 44 3c 30 82 01 0f 06 03 55 1d 1f 04 82 01
00000130: 06 30 82 01 02 30 81 ff a0 81 fc a0 81 f9 86 81
00000140: b5 68 74 74 70 3a 2f 2f 74 65 73 74 67 6f 73 74
00000150: 32 30 31 32 2e 63 72 79 70 74 6f 70 72 6f 2e 72
00000160: 75 2f 43 65 72 74 45 6e 72 6f 6c 6c 2f 21 30 34
00000170: 32 32 21 30 34 33 35 21 30 34 34 31 21 30 34 34
00000180: 32 21 30 34 33 65 21 30 34 33 32 21 30 34 34 62
00000190: 21 30 34 33 39 25 32 30 21 30 34 32 33 21 30 34
000001A0: 32 36 25 32 30 21 30 34 31 65 21 30 34 31 65 21
000001B0: 30 34 31 65 25 32 30 21 30 30 32 32 21 30 34 31
000001C0: 61 21 30 34 32 30 21 30 34 31 38 21 30 34 31 66
000001D0: 21 30 34 32 32 21 30 34 31 65 2d 21 30 34 31 66
000001E0: 21 30 34 32 30 21 30 34 31 65 21 00
(92) Extracts IV from message (fragment 3)
00000000: 00 00 00 00 00 00 00 02
(93) Uses previously computed key K3i
00000000: 18 63 41 67 49 6e cf 48 56 71 4d aa 42 63 5c 11
00000010: 2e 26 5b e2 7b c7 53 a4 09 82 e5 5a 7e f4 65 4d
(94) Composes MGM nonce (fragment 3)
00000000: 00 00 00 02 b4 e1 3e 23
(95) Extracts ICV from message (fragment 3)
00000000: 54 4f 9b aa dd af bd ca
Smyslov Expires 9 June 2023 [Page 103]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
(96) Extracts AAD from message (fragment 3)
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 35 20 23 08 00 00 00 01 00 00 02 20 00 00 02 04
00000020: 00 03 00 04
(97) Extracts ciphertext from message (fragment 3)
00000000: e7 72 d9 51 90 b1 a2 bc 81 8d d6 56 bf 7a 81 e0
00000010: 1a a1 70 8b 35 a0 7e 5f e8 df 58 3d 75 5d d2 4c
00000020: 4c ce 17 77 3f 28 9c ca 7a a4 23 23 f0 c7 ff ff
00000030: 98 ee e3 1a 27 39 4d 90 1a b7 5b 44 11 16 11 3a
00000040: ea bf 83 66 da 92 2a 3a 3d bd b5 40 c8 bc f6 ed
00000050: cb 1d 5a 8e 30 f0 06 72 dc 6c da c1 45 7b e8 25
00000060: ca 93 2a b2 fe 4a db 00 90 e3 31 78 26 8d ae c8
00000070: 39 66 80 7d e5 01 5f 21 d6 c3 40 46 19 e4 43 9d
00000080: 23 c6 c1 18 06 49 bd f5 dc 8c 1b 19 b0 60 0c a3
00000090: ad f5 5c 57 e8 8e 37 e6 ea b6 79 11 b8 f1 16 ba
000000A0: a6 d9 09 1f 0d e0 3c 07 b8 ce 9d 11 a3 c6 f7 e4
000000B0: 62 e8 94 7b ad b9 8a 6b 9c f1 f8 43 cf 7e fc 5e
000000C0: 44 ab bf b1 88 f5 67 1e 84 5f 82 63 f3 13 89 55
000000D0: f5 ef 86 c3 db 48 37 f8 26 3c c4 6d a5 fc b5 69
000000E0: 56 0d 2d f3 c0 98 dd e7 53 da 0a 28 87 2f 38 ab
000000F0: a9 ec 60 a6 c4 54 c6 68 e7 6b e3 4b 54 bf b5 82
00000100: 44 c9 b9 45 bc 9e f5 58 d8 76 63 92 cd 52 ec 82
00000110: 80 d6 43 86 10 16 eb 7b 32 e4 ee ba ec 09 b6 4f
00000120: 35 1a bf da d7 de 40 fa b5 d2 40 f2 73 09 2d 52
00000130: 83 bd 56 a6 6b d3 9f 8a c2 c5 66 c6 6b 22 fb 6a
00000140: 00 b2 8a ac 9d 8b fc 8d 41 af 80 92 16 51 e2 cb
00000150: 89 62 9b 77 2b 1e 38 01 df fc 1f 81 2d 95 8b 9e
00000160: 1d 1e ad 9c c0 0d fc 77 6e 35 13 16 26 28 1a 29
00000170: 19 7f f8 08 5a 0f 09 4f 6f ba 7f 4c 5b cd 0c c2
00000180: 71 ab ea 82 a2 d2 d1 1b 17 fd dc c3 54 03 85 14
00000190: f4 90 47 2e 67 d7 93 c3 67 7e 8a f7 43 1a b3 41
000001A0: 32 f7 b0 58 38 6e 24 c8 96 d9 94 d3 54 89 2d 61
000001B0: 10 a9 9c 22 51 52 02 c9 b7 8d cc 5b 28 6d cb 55
000001C0: 5d 2f 97 8a 8f 3f 27 56 73 eb ec 5d e4 64 91 49
000001D0: 3b 88 f2 0a fc ed a5 67 a9 e3 71 ef 31 ce a0 33
000001E0: fc d8 ea 4d 1e 3f dc 89 c8 89 e2 c3
(98) Decrypts ciphertext and verifies ICV using K3i as K_msg,
resulted in plaintext (fragment 3)
Smyslov Expires 9 June 2023 [Page 104]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: 30 30 32 32 28 31 29 2e 63 72 6c 86 3f 68 74 74
00000010: 70 3a 2f 2f 74 65 73 74 67 6f 73 74 32 30 31 32
00000020: 2e 63 72 79 70 74 6f 70 72 6f 2e 72 75 2f 43 65
00000030: 72 74 45 6e 72 6f 6c 6c 2f 74 65 73 74 67 6f 73
00000040: 74 32 30 31 32 28 31 29 2e 63 72 6c 30 81 da 06
00000050: 08 2b 06 01 05 05 07 01 01 04 81 cd 30 81 ca 30
00000060: 44 06 08 2b 06 01 05 05 07 30 02 86 38 68 74 74
00000070: 70 3a 2f 2f 74 65 73 74 67 6f 73 74 32 30 31 32
00000080: 2e 63 72 79 70 74 6f 70 72 6f 2e 72 75 2f 43 65
00000090: 72 74 45 6e 72 6f 6c 6c 2f 72 6f 6f 74 32 30 31
000000A0: 38 2e 63 72 74 30 3f 06 08 2b 06 01 05 05 07 30
000000B0: 01 86 33 68 74 74 70 3a 2f 2f 74 65 73 74 67 6f
000000C0: 73 74 32 30 31 32 2e 63 72 79 70 74 6f 70 72 6f
000000D0: 2e 72 75 2f 6f 63 73 70 32 30 31 32 67 2f 6f 63
000000E0: 73 70 2e 73 72 66 30 41 06 08 2b 06 01 05 05 07
000000F0: 30 01 86 35 68 74 74 70 3a 2f 2f 74 65 73 74 67
00000100: 6f 73 74 32 30 31 32 2e 63 72 79 70 74 6f 70 72
00000110: 6f 2e 72 75 2f 6f 63 73 70 32 30 31 32 67 73 74
00000120: 2f 6f 63 73 70 2e 73 72 66 30 0a 06 08 2a 85 03
00000130: 07 01 01 03 02 03 41 00 21 ee 3b e1 fd 0f 36 90
00000140: 92 c4 a2 35 26 e8 dc 4e b8 ef 89 40 70 d2 91 39
00000150: bc 79 a6 e2 f7 c1 06 bd d5 d6 ff 72 a5 6c f2 c0
00000160: c3 75 e9 ca 67 81 c1 93 96 b4 bd 18 12 4c 37 f7
00000170: d9 73 d6 4c 8a a6 c4 0a 24 00 00 19 04 5e 9e 50
00000180: 5f 58 b0 a5 7a 33 45 83 49 66 0f 1c 3c 7a 67 71
00000190: 98 27 00 00 4e 09 00 00 00 30 44 31 20 30 1e 06
000001A0: 03 55 04 03 13 17 49 4b 45 20 49 6e 74 65 72 6f
000001B0: 70 20 54 65 73 74 20 53 65 72 76 65 72 31 13 30
000001C0: 11 06 03 55 04 0a 13 0a 45 4c 56 49 53 2d 50 4c
000001D0: 55 53 31 0b 30 09 06 03 55 04 06 13 02 52 55 29
000001E0: 00 00 95 0e 00 00 00 0c 30 0a 06 00
(99) Extracts IV from message (fragment 4)
00000000: 00 00 00 00 00 00 00 03
(100) Uses previously computed key K3i
00000000: 18 63 41 67 49 6e cf 48 56 71 4d aa 42 63 5c 11
00000010: 2e 26 5b e2 7b c7 53 a4 09 82 e5 5a 7e f4 65 4d
(101) Composes MGM nonce (fragment 4)
00000000: 00 00 00 03 b4 e1 3e 23
(102) Extracts ICV from message (fragment 4)
00000000: d2 25 f1 d0 38 65 b7 b6
Smyslov Expires 9 June 2023 [Page 105]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
(103) Extracts AAD from message (fragment 4)
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 35 20 23 08 00 00 00 01 00 00 01 7a 00 00 01 5e
00000020: 00 04 00 04
(104) Extracts ciphertext from message (fragment 4)
00000000: e0 8a 0b 04 ee f8 47 c2 52 96 71 9f 9d 39 0c 91
00000010: ea 6a 16 7c 80 31 a0 fd 76 cc c4 f1 8f 1a d3 be
00000020: fa 78 6b df c1 c6 73 83 be 36 69 c4 8a 87 ed 11
00000030: 90 31 a8 fd f9 0a 5c e4 d4 23 c9 e6 b3 96 ac b6
00000040: 8e bd fc 27 58 79 9f cc 8b ac 6b 59 e4 70 4b 05
00000050: 23 16 ed 49 25 f3 de 02 2e ce ae 86 e8 b4 ca b4
00000060: 96 ad 5b f6 2b c2 47 33 6f da f3 97 3c 13 ed 1f
00000070: 7a da 93 b5 69 6a b5 10 93 38 75 ea b7 34 a3 87
00000080: b6 83 c7 da 8a a1 d9 2a 0b 22 e2 ab 63 2b 57 2b
00000090: 88 e3 ea be 7b fc dc 26 ac b8 bb 15 96 f9 c2 f4
000000A0: 60 17 e4 09 18 ae 78 b8 73 02 6b 0e 20 cc b1 cd
000000B0: b4 4d 94 7f f3 16 28 9a d2 bd 26 77 4b a5 85 56
000000C0: b1 81 8b 9c c3 0a 7f 67 fe 6a 61 15 f1 45 66 f3
000000D0: 36 fc a5 bb 1f d7 6d e7 1d 9f 3f b5 cc 60 19 48
000000E0: 17 f7 08 28 1c 58 9f 2b 7a 0b b9 50 bd 02 ea b8
000000F0: 1e 03 1f 52 6a 7a fc e5 b4 6b 00 cf 0d 83 1f d2
00000100: 3f f2 ad 43 d4 86 6e c1 88 d2 87 d6 1f ac a3 30
00000110: 7b c1 5b 6a 3d 4c 20 72 5d 2c ca bf 87 a2 ce 1d
00000120: b3 fa c7 7c 22 cd 66 fc be 49 22 32 17 ee 6e 5e
00000130: 62 c1 ca 12 2b 5d 3d 7b ae b5 3e 53 c5 98 05 1f
00000140: 42 53 49 d1 2c c2
(105) Decrypts ciphertext and verifies ICV using K3i as K_msg,
resulted in plaintext (fragment 4)
Smyslov Expires 9 June 2023 [Page 106]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: 08 2a 85 03 07 01 01 03 03 6a 3e 59 0d 72 1e 55
00000010: a3 c0 d1 2f 8a 9b 4e 44 10 58 59 bd 62 9e e7 12
00000020: 31 e5 7d 01 53 f3 84 40 dd ac 73 ed 09 3a 10 d9
00000030: 6e 7f eb 80 6c 11 9e 91 f3 7c 3c b0 55 f7 4b ec
00000040: 0e 78 36 10 95 02 09 86 b3 27 04 2a 83 3c 89 36
00000050: 1b 73 cf 7b c9 e0 df a2 07 12 1e 69 52 4d 89 1b
00000060: de 6e 48 d1 34 fa 21 78 22 88 2e 30 86 c0 80 0a
00000070: 2d 74 af 08 ff 35 75 a5 79 e3 85 40 22 6b a8 42
00000080: f6 72 24 bf 29 87 58 a8 20 29 00 00 08 00 00 40
00000090: 00 2f 00 00 0c 00 00 40 01 00 00 00 04 21 00 00
000000A0: 10 01 00 00 00 00 01 00 00 00 03 00 00 2c 00 00
000000B0: 38 00 00 00 34 01 03 04 05 6c 0c a5 70 03 00 00
000000C0: 08 01 00 00 20 03 00 00 08 01 00 00 21 03 00 00
000000D0: 08 01 00 00 22 03 00 00 08 01 00 00 23 00 00 00
000000E0: 08 05 00 00 00 2d 00 00 28 02 00 00 00 07 01 00
000000F0: 10 08 00 08 00 0a 6f 0a ab 0a 6f 0a ab 07 00 00
00000100: 10 00 00 ff ff 00 00 00 00 ff ff ff ff 29 00 00
00000110: 28 02 00 00 00 07 01 00 10 08 00 08 00 0a 00 00
00000120: 02 0a 00 00 02 07 00 00 10 00 00 ff ff 0a 00 00
00000130: 00 0a 00 00 ff 29 00 00 08 00 00 40 0a 00 00 00
00000140: 08 00 00 40 0b 00
(106) Reassembles message from received fragments and parses it
IKE SA Auth
#9280E0822E758778.DB578D97DE119D1E.00000001 IKEv2 I->R[1847]
4*EF[...]->E[1819]{
IDi[78](DN){CN=IKE Interop Test Client,O=ELVIS-PLUS,C=RU},
CERT[1280](X.509 Cert){308204...A6C40A},
CERTREQ[25](X.509 Cert){5E9E50...677198},
IDr[78](DN){CN=IKE Interop Test Server,O=ELVIS-PLUS,C=RU},
AUTH[149](Sig){id-tc26-signwithdigest-gost3410-12-512[12]:
6A3E59...58A820},
N[8](INITIAL_CONTACT),
N[12](SET_WINDOW_SIZE){4},
CP[16](REQUEST){IP4.Address[0], IP4.DNS[0]},
SA[56]{
P[52](#1:ESP:6C0CA570:5#){
Encryption=ENCR_KUZNYECHIK_MGM_KTREE,
ENCR_MAGMA_MGM_KTREE,
ENCR_KUZNYECHIK_MGM_MAC_KTREE,
ENCR_MAGMA_MGM_MAC_KTREE,
ESN=Off}},
TSi[40](2#){10.111.10.171:icmp:8.0, 0.0.0.0-255.255.255.255},
TSr[40](2#){10.0.0.2:icmp:8.0, 10.0.0.0-10.0.0.255},
N[8](ESP_TFC_PADDING_NOT_SUPPORTED),
N[8](NON_FIRST_FRAGMENTS_ALSO)}
Smyslov Expires 9 June 2023 [Page 107]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
(107) Computes prf(SK_pi, IDi)
00000000: ce e8 8b d1 7e 3c 83 32 eb d1 29 08 de dc 71 f4
00000010: 8f ba 09 b8 ca 5b 10 e2 f4 44 29 5c 97 7b 26 01
00000020: a4 ba 83 c8 ea 40 92 0f 88 18 bd e7 e1 c9 45 cf
00000030: ff 99 48 05 0d f4 93 a6 cd 54 46 d7 eb 7a 52 94
(108) Uses initiator's public key
00000010: EE 2F 0A 0E 09 1E 7E 04 EF BA 5B 62 A2 52 86 E1
00000020: 9C 24 50 30 50 B0 B4 8A 37 35 B5 FC AF 28 94 EC
00000030: B5 9B 92 41 5B 69 E2 C9 BA 24 DE 6A 72 C4 EF 44
00000040: BB 89 A1 05 14 1B 87 3D 6A A3 72 3E 17 CA 7F 39
00000050: 28 CE 16 8B DD 07 52 87 6A 0D 77 42 6D 99 2B 46
00000060: 2C FD 4B B2 7C D7 C7 17 08 12 54 63 47 9D 14 3D
00000070: 61 ED F2 95 AB 11 80 69 02 A7 66 60 50 7E A4 53
00000080: 6D AD 01 49 B2 16 8A 95 1D CF 1A 57 93 56 14 5E
(109) Verifies signature from AUTH payload using algorithm id-tc26-
signwithdigest-gost3410-12-512
00000000: 6a 3e 59 0d 72 1e 55 a3 c0 d1 2f 8a 9b 4e 44 10
00000010: 58 59 bd 62 9e e7 12 31 e5 7d 01 53 f3 84 40 dd
00000020: ac 73 ed 09 3a 10 d9 6e 7f eb 80 6c 11 9e 91 f3
00000030: 7c 3c b0 55 f7 4b ec 0e 78 36 10 95 02 09 86 b3
00000040: 27 04 2a 83 3c 89 36 1b 73 cf 7b c9 e0 df a2 07
00000050: 12 1e 69 52 4d 89 1b de 6e 48 d1 34 fa 21 78 22
00000060: 88 2e 30 86 c0 80 0a 2d 74 af 08 ff 35 75 a5 79
00000070: e3 85 40 22 6b a8 42 f6 72 24 bf 29 87 58 a8 20
(110) Computes keys for ESP SAs
00000000: 98 ab 7e db 78 03 a1 e6 c7 21 43 ee b9 7f 5f 56
00000010: 45 bb 51 cd 0b b7 09 a1 af 34 02 87 69 4d 7b a0
00000020: 1d 14 a0 cc
00000000: 70 31 4d 57 94 8b 7e 5c 6f 29 d5 68 1b fd 43 2b
00000010: 19 4e 64 6d 8f 8a 8d 1e ba 72 24 59 c7 0c de 81
00000020: e2 04 84 af
(111) Computes prf(SK_pr,IDr)
00000000: 7d c8 6a 33 12 02 5c 21 1f ab dc 83 0b 01 a5 27
00000010: 82 a2 f2 1f 64 c6 e9 5e 0e c0 4c e5 d9 11 8d 8e
00000020: b9 5c ef fa b0 a3 37 75 94 20 7c e4 60 60 ed 9d
00000030: fa 5e cb 7e e7 79 05 ab fb 51 1b 03 a8 2c c5 6a
(112) Uses private key for signing (little endian)
Smyslov Expires 9 June 2023 [Page 108]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: CB 73 0C 81 6F AC 6D 81 9F 82 AE 15 A9 08 12 17
00000010: D3 1B 97 64 B7 1C 34 0D D3 DD 90 1F 15 8C 9B 06
(113) Uses random number for signing
00000000: 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02
00000010: 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02
(114) Computes signature using algorithm id-tc26-signwithdigest-
gost3410-12-256
00000000: c8 40 af f7 46 6f 7b eb d2 b9 1c 5a 80 d0 00 93
00000010: c2 5e 44 16 40 47 f7 8e 61 9c da a5 16 94 83 c5
00000020: 68 5f e8 4d 03 e7 c2 cd 08 07 b8 f3 46 66 6d 05
00000030: 76 c0 d5 e7 60 1d 59 49 09 45 52 c4 95 a7 5a d3
(115) Computes K1r (i1 = 0)
00000000: 35 e4 d1 65 2e ec 24 89 e4 c9 58 b1 b9 05 1b 83
00000010: 62 5e 65 d7 61 73 d9 1c cf 84 60 64 b9 f2 e7 51
(116) Computes K2r (i2 = 0)
00000000: 86 8c 89 42 41 d7 30 da 1a 4a 67 69 3a 32 4d 38
00000010: f3 54 02 9f f7 7d b7 bc 5a ee 3b 60 2b 3f 05 56
(117) Computes K3r (i3 = 0)
00000000: 31 95 e8 c6 67 af 42 d8 ce f1 e8 99 c6 8b 2a c2
00000010: 29 aa 3d c0 ff 18 5f 3d 79 4a 14 6b 9f ac d0 bb
(118) Selects SPI for incoming ESP SA
00000000: 34 ff 8a 25
(119) Creates message splitting it into 4 fragments
Smyslov Expires 9 June 2023 [Page 109]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
IKE SA Auth
#9280E0822E758778.DB578D97DE119D1E.00000001 IKEv2 I<=R[1563]
E[1535]->4*EF[...]{
IDr[78](DN){CN=IKE Interop Test Server,O=ELVIS-PLUS,C=RU},
CERT[1211](X.509 Cert){308204...FB346D},
AUTH[85](Sig){id-tc26-signwithdigest-gost3410-12-256[12]:
C840AF...A75AD3},
N[8](INITIAL_CONTACT),
N[12](SET_WINDOW_SIZE){64},
CP[16](REPLY){IP4.Address[4]=10.1.1.3},
SA[32]{
P[28](#1:ESP:34FF8A25:2#){
Encryption=ENCR_MAGMA_MGM_KTREE,
ESN=Off}},
TSi[24](1#){10.1.1.3},
TSr[24](1#){10.0.0.0-10.0.0.255},
N[8](ADDITIONAL_TS_POSSIBLE),
N[8](ESP_TFC_PADDING_NOT_SUPPORTED),
N[8](NON_FIRST_FRAGMENTS_ALSO)}
(120) Composes MGM nonce (fragment 1)
00000000: 00 00 00 00 a5 bb 18 2f
(121) Composes AAD (fragment 1)
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 35 20 23 20 00 00 00 01 00 00 02 20 24 00 02 04
00000020: 00 01 00 04
(122) Composes plaintext (fragment 1)
Smyslov Expires 9 June 2023 [Page 110]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: 25 00 00 4e 09 00 00 00 30 44 31 20 30 1e 06 03
00000010: 55 04 03 13 17 49 4b 45 20 49 6e 74 65 72 6f 70
00000020: 20 54 65 73 74 20 53 65 72 76 65 72 31 13 30 11
00000030: 06 03 55 04 0a 13 0a 45 4c 56 49 53 2d 50 4c 55
00000040: 53 31 0b 30 09 06 03 55 04 06 13 02 52 55 27 00
00000050: 04 bb 04 30 82 04 b2 30 82 04 5f a0 03 02 01 02
00000060: 02 13 7c 00 03 d9 02 ec f9 34 3e c8 aa d6 59 00
00000070: 01 00 03 d9 02 30 0a 06 08 2a 85 03 07 01 01 03
00000080: 02 30 82 01 0a 31 18 30 16 06 05 2a 85 03 64 01
00000090: 12 0d 31 32 33 34 35 36 37 38 39 30 31 32 33 31
000000A0: 1a 30 18 06 08 2a 85 03 03 81 03 01 01 12 0c 30
000000B0: 30 31 32 33 34 35 36 37 38 39 30 31 2f 30 2d 06
000000C0: 03 55 04 09 0c 26 d1 83 d0 bb 2e 20 d0 a1 d1 83
000000D0: d1 89 d1 91 d0 b2 d1 81 d0 ba d0 b8 d0 b9 20 d0
000000E0: b2 d0 b0 d0 bb 20 d0 b4 2e 20 31 38 31 0b 30 09
000000F0: 06 03 55 04 06 13 02 52 55 31 19 30 17 06 03 55
00000100: 04 08 0c 10 d0 b3 2e 20 d0 9c d0 be d1 81 d0 ba
00000110: d0 b2 d0 b0 31 15 30 13 06 03 55 04 07 0c 0c d0
00000120: 9c d0 be d1 81 d0 ba d0 b2 d0 b0 31 25 30 23 06
00000130: 03 55 04 0a 0c 1c d0 9e d0 9e d0 9e 20 22 d0 9a
00000140: d0 a0 d0 98 d0 9f d0 a2 d0 9e 2d d0 9f d0 a0 d0
00000150: 9e 22 31 3b 30 39 06 03 55 04 03 0c 32 d0 a2 d0
00000160: b5 d1 81 d1 82 d0 be d0 b2 d1 8b d0 b9 20 d0 a3
00000170: d0 a6 20 d0 9e d0 9e d0 9e 20 22 d0 9a d0 a0 d0
00000180: 98 d0 9f d0 a2 d0 9e 2d d0 9f d0 a0 d0 9e 22 30
00000190: 1e 17 0d 32 31 30 39 33 30 31 33 32 34 30 36 5a
000001A0: 17 0d 32 31 31 32 33 30 31 33 33 34 30 36 5a 30
000001B0: 44 31 20 30 1e 06 03 55 04 03 13 17 49 4b 45 20
000001C0: 49 6e 74 65 72 6f 70 20 54 65 73 74 20 53 65 72
000001D0: 76 65 72 31 13 30 11 06 03 55 04 0a 13 0a 45 4c
000001E0: 56 49 53 2d 50 4c 55 53 31 0b 30 00
(123) Encrypts plaintext using K3r as K_msg, resulted in ciphertext
(fragment 1)
Smyslov Expires 9 June 2023 [Page 111]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: 73 f2 45 3e fb 6a 26 28 67 7d 14 e3 bf 0a 90 74
00000010: c9 95 6a 40 d5 4e a6 77 cf 58 2e b8 ae 52 f4 25
00000020: f7 82 bc d9 f0 74 4e 38 51 90 07 70 27 f8 01 27
00000030: 17 da f4 ba bc 1e 02 0b 73 ec cc 7b f8 b3 68 64
00000040: f3 48 65 33 3b ab ac 19 11 d3 f7 78 b4 f8 d1 3f
00000050: 6d 46 93 37 a6 58 48 3a 7d d0 8a 9c 84 ab de eb
00000060: 0d d4 8d ab 75 20 18 27 42 fe 24 ee ba c4 a4 6e
00000070: db 80 68 3c 84 7e d6 36 50 d4 1b 1c bc c5 9f 18
00000080: 41 af 48 52 c1 7e a2 f0 e4 bc 0a 3c 64 34 81 ca
00000090: df 96 ba 51 91 f1 06 13 b2 04 23 c8 70 3a ea 64
000000A0: e9 ea ce c2 db aa 12 90 28 0c 9d f9 89 02 a8 5e
000000B0: 66 f5 6e ce dd e7 2c 4a 45 54 de 5e b8 76 73 67
000000C0: 2d a3 a0 52 91 74 ff b7 eb e4 ea d1 2b 04 76 f7
000000D0: ff 4b 1c b8 45 7e 8a 60 e7 1e ec 13 3e c1 d8 d0
000000E0: 78 be f4 79 77 06 ce 76 04 64 ad e7 10 19 65 2b
000000F0: 45 66 23 3d 34 7a 40 6c 36 c0 20 73 47 d8 7a b6
00000100: 2b 0f 56 04 7a c0 41 ab 18 23 11 78 7f 4f d4 f5
00000110: 7d 2e 06 a5 15 ee de 84 9f c2 0a f6 c8 1e a4 30
00000120: 70 42 07 c8 5e 97 08 69 12 27 58 c3 c7 b7 db 7a
00000130: 8c 50 3a 3a 5c bf 3a a7 73 40 8f 9c 18 f6 13 77
00000140: 63 c1 60 06 36 a1 43 ab 88 08 c9 cc ad f2 88 ca
00000150: 84 bd 45 e0 8e d9 27 a3 07 f2 63 79 b0 a8 62 9f
00000160: 5f ba dc a7 f5 54 b8 4f 4f bb 1e a2 16 4b 4f 2d
00000170: d4 08 4e 45 c2 c0 60 3b 73 df 6b 35 3a fe 38 2e
00000180: 25 75 fc be 89 4c d2 7a 9c 1f b4 41 a6 31 d3 3d
00000190: 39 a6 d1 c4 47 94 44 30 3a 2b 23 22 ba c0 a9 df
000001A0: dc 1c 90 8d d1 e8 13 f9 08 68 5a 94 98 c7 3f 47
000001B0: 77 79 b5 bb fb 22 56 4b 38 55 48 e8 14 d4 01 eb
000001C0: 63 e9 17 da 24 69 9a 6d dc 1e 25 06 ef 77 10 46
000001D0: ad 99 ad 9c 54 4f d4 68 64 ea 05 1d ef 29 ea 0e
000001E0: 3c 1c 7e 27 cf 59 76 42 5b 02 04 b8
(124) Computes ICV using K3r as K_msg (fragment 1)
00000000: 96 08 17 ed ef 01 4d a0
(125) Composes IV (fragment 1)
00000000: 00 00 00 00 00 00 00 00
(126) Composes MGM nonce (fragment 2)
00000000: 00 00 00 01 a5 bb 18 2f
(127) Composes AAD (fragment 2)
Smyslov Expires 9 June 2023 [Page 112]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 35 20 23 20 00 00 00 01 00 00 02 20 00 00 02 04
00000020: 00 02 00 04
(128) Composes plaintext (fragment 2)
00000000: 09 06 03 55 04 06 13 02 52 55 30 66 30 1f 06 08
00000010: 2a 85 03 07 01 01 01 01 30 13 06 07 2a 85 03 02
00000020: 02 24 00 06 08 2a 85 03 07 01 01 02 02 03 43 00
00000030: 04 40 5b b3 14 3e f4 70 c1 70 d7 f3 27 25 d8 53
00000040: 7c e6 de 6d 8c 29 f6 b2 32 64 56 dc b1 77 f2 3d
00000050: fa f4 2a 5c f3 74 86 7f 04 72 51 c1 cf b3 43 36
00000060: f5 95 a2 af 05 47 57 1a 55 c0 78 a4 9d 64 26 b8
00000070: 61 14 a3 82 02 59 30 82 02 55 30 0e 06 03 55 1d
00000080: 0f 01 01 ff 04 04 03 02 05 a0 30 13 06 03 55 1d
00000090: 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 11 30
000000A0: 1d 06 03 55 1d 0e 04 16 04 14 e0 d3 f0 09 ad ce
000000B0: 6c a5 47 ba 9b f7 a6 a5 1b 06 14 ba a5 43 30 1f
000000C0: 06 03 55 1d 23 04 18 30 16 80 14 9b 85 5e fb 81
000000D0: dc 4d 59 07 51 63 cf be df da 2c 7f c9 44 3c 30
000000E0: 82 01 0f 06 03 55 1d 1f 04 82 01 06 30 82 01 02
000000F0: 30 81 ff a0 81 fc a0 81 f9 86 81 b5 68 74 74 70
00000100: 3a 2f 2f 74 65 73 74 67 6f 73 74 32 30 31 32 2e
00000110: 63 72 79 70 74 6f 70 72 6f 2e 72 75 2f 43 65 72
00000120: 74 45 6e 72 6f 6c 6c 2f 21 30 34 32 32 21 30 34
00000130: 33 35 21 30 34 34 31 21 30 34 34 32 21 30 34 33
00000140: 65 21 30 34 33 32 21 30 34 34 62 21 30 34 33 39
00000150: 25 32 30 21 30 34 32 33 21 30 34 32 36 25 32 30
00000160: 21 30 34 31 65 21 30 34 31 65 21 30 34 31 65 25
00000170: 32 30 21 30 30 32 32 21 30 34 31 61 21 30 34 32
00000180: 30 21 30 34 31 38 21 30 34 31 66 21 30 34 32 32
00000190: 21 30 34 31 65 2d 21 30 34 31 66 21 30 34 32 30
000001A0: 21 30 34 31 65 21 30 30 32 32 28 31 29 2e 63 72
000001B0: 6c 86 3f 68 74 74 70 3a 2f 2f 74 65 73 74 67 6f
000001C0: 73 74 32 30 31 32 2e 63 72 79 70 74 6f 70 72 6f
000001D0: 2e 72 75 2f 43 65 72 74 45 6e 72 6f 6c 6c 2f 74
000001E0: 65 73 74 67 6f 73 74 32 30 31 32 00
(129) Encrypts plaintext using K3r as K_msg, resulted in ciphertext
(fragment 2)
Smyslov Expires 9 June 2023 [Page 113]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: b1 c8 8d ae d9 6f 91 7e 5a 6a 2d 8c e0 d6 28 3e
00000010: 10 59 46 12 a1 1e fa 53 c3 58 ec 4e a9 a5 92 0c
00000020: fa 5e cf a3 33 4a 8b b7 56 66 54 d9 9c 64 2e b6
00000030: 4d 03 3f 77 a8 17 88 f6 23 e0 2e 56 a6 a2 4c 4d
00000040: 6e e3 09 8a 2e 31 a1 85 1c cf ce 95 e7 73 93 8e
00000050: 9c 5a 7b 3b 49 75 96 69 d4 b0 46 f7 74 b0 0d 5d
00000060: 91 3b 6d 2b a4 46 cc 5c d9 a8 38 c0 6b ad 73 35
00000070: 09 aa c7 4c 91 8a 84 1c dd 3f e1 44 f7 c5 9c 61
00000080: 0e b7 03 6b 84 cc 8e 93 5b d5 f6 7e 71 3a f4 2c
00000090: 98 14 ad 47 e3 c3 70 dc e3 3e c0 a5 e0 e4 6d 01
000000A0: 44 78 7f e3 b7 6c cb 44 29 59 96 e9 84 6d 9d 18
000000B0: 89 66 16 07 46 a4 cd 72 a6 0e bd d2 a7 1c f7 21
000000C0: f0 d1 67 a9 0d 1c c4 c8 30 bd 26 1f 53 7d 61 8b
000000D0: ad 6f ef 3e 2c 6e 7e 69 b9 92 72 66 65 b6 06 22
000000E0: 49 a1 a8 f1 2f 02 dd 41 bf f5 d1 f6 7c 93 25 6e
000000F0: 52 8b a9 3f b5 40 97 02 bb 7c f5 33 a6 60 52 b8
00000100: 4f 3e 80 6c 38 cf e4 8b 15 fd d0 66 75 c1 bf bb
00000110: ac fc ac 01 c3 11 8e 0b 3e e9 2c 1b 5d b9 9f f6
00000120: 2f d7 e8 3c c7 a9 25 8b aa 6e c6 49 6d 6f df 42
00000130: 53 0e ba 70 54 d2 af c3 4d 02 e1 48 42 c5 45 53
00000140: 25 59 66 25 c7 3c c6 c2 e2 99 e2 bb 47 a4 a7 be
00000150: 6c 92 0d 3b 4c ab 6e d7 23 05 ea 73 07 62 e8 c0
00000160: e8 78 47 af 54 c8 67 8f dd 32 59 8d 87 ac 42 0e
00000170: 21 15 c4 f7 66 dc 02 cf 55 c2 e3 4d 8e 91 7a fd
00000180: d7 4d 20 b0 6f 67 78 58 08 9c ba 05 8b b0 9c 16
00000190: 20 51 75 12 96 e2 d5 28 ac 3e 50 26 04 6f 59 02
000001A0: 28 e0 ec 2c da 70 4a 9c 15 5a 2e 52 01 e6 4e 1e
000001B0: 10 6d 8d 5d 2a 81 69 0e 54 d0 5e 13 82 82 84 9a
000001C0: ac a6 0e 69 4e 17 5c c1 8a 71 f8 b4 80 3b 7a e5
000001D0: b8 1f 09 4a 02 14 24 07 af 6a 14 d9 52 8e da d3
000001E0: 58 23 68 71 27 b2 9a 03 09 f7 80 51
(130) Computes ICV using K3r as K_msg (fragment 2)
00000000: 89 bd 07 12 fc 3f 15 8d
(131) Composes IV (fragment 2)
00000000: 00 00 00 00 00 00 00 01
(132) Composes MGM nonce (fragment 3)
00000000: 00 00 00 02 a5 bb 18 2f
(133) Composes AAD (fragment 3)
Smyslov Expires 9 June 2023 [Page 114]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 35 20 23 20 00 00 00 01 00 00 02 20 00 00 02 04
00000020: 00 03 00 04
(134) Composes plaintext (fragment 3)
00000000: 28 31 29 2e 63 72 6c 30 81 da 06 08 2b 06 01 05
00000010: 05 07 01 01 04 81 cd 30 81 ca 30 44 06 08 2b 06
00000020: 01 05 05 07 30 02 86 38 68 74 74 70 3a 2f 2f 74
00000030: 65 73 74 67 6f 73 74 32 30 31 32 2e 63 72 79 70
00000040: 74 6f 70 72 6f 2e 72 75 2f 43 65 72 74 45 6e 72
00000050: 6f 6c 6c 2f 72 6f 6f 74 32 30 31 38 2e 63 72 74
00000060: 30 3f 06 08 2b 06 01 05 05 07 30 01 86 33 68 74
00000070: 74 70 3a 2f 2f 74 65 73 74 67 6f 73 74 32 30 31
00000080: 32 2e 63 72 79 70 74 6f 70 72 6f 2e 72 75 2f 6f
00000090: 63 73 70 32 30 31 32 67 2f 6f 63 73 70 2e 73 72
000000A0: 66 30 41 06 08 2b 06 01 05 05 07 30 01 86 35 68
000000B0: 74 74 70 3a 2f 2f 74 65 73 74 67 6f 73 74 32 30
000000C0: 31 32 2e 63 72 79 70 74 6f 70 72 6f 2e 72 75 2f
000000D0: 6f 63 73 70 32 30 31 32 67 73 74 2f 6f 63 73 70
000000E0: 2e 73 72 66 30 0a 06 08 2a 85 03 07 01 01 03 02
000000F0: 03 41 00 a5 39 5f ca 48 e1 c2 93 c1 e0 8a 64 74
00000100: 0f 6b 86 a2 15 9b 46 29 d0 42 71 4f ce e7 52 d7
00000110: d7 3d aa 47 ce cf 52 63 8f 26 b2 17 5f ad 96 57
00000120: 76 ea 5f d0 87 bb 12 29 e4 06 0e e1 5f fd 59 81
00000130: fb 34 6d 29 00 00 55 0e 00 00 00 0c 30 0a 06 08
00000140: 2a 85 03 07 01 01 03 02 c8 40 af f7 46 6f 7b eb
00000150: d2 b9 1c 5a 80 d0 00 93 c2 5e 44 16 40 47 f7 8e
00000160: 61 9c da a5 16 94 83 c5 68 5f e8 4d 03 e7 c2 cd
00000170: 08 07 b8 f3 46 66 6d 05 76 c0 d5 e7 60 1d 59 49
00000180: 09 45 52 c4 95 a7 5a d3 29 00 00 08 00 00 40 00
00000190: 2f 00 00 0c 00 00 40 01 00 00 00 40 21 00 00 10
000001A0: 02 00 00 00 00 01 00 04 0a 01 01 03 2c 00 00 20
000001B0: 00 00 00 1c 01 03 04 02 34 ff 8a 25 03 00 00 08
000001C0: 01 00 00 21 00 00 00 08 05 00 00 00 2d 00 00 18
000001D0: 01 00 00 00 07 00 00 10 00 00 ff ff 0a 01 01 03
000001E0: 0a 01 01 03 29 00 00 18 01 00 00 00
(135) Encrypts plaintext using K3r as K_msg, resulted in ciphertext
(fragment 3)
Smyslov Expires 9 June 2023 [Page 115]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: 08 e0 86 04 1f 8a c9 b5 68 cd 96 10 ab 59 99 3a
00000010: 54 7b a9 fa d7 60 46 ec c3 bf bd 8f fa 03 ed 41
00000020: 49 13 ca 8c 9c b8 0c df 81 25 e2 30 ca cb 65 b9
00000030: 16 55 8e 67 f4 b3 7c b8 91 66 76 7c a4 15 98 a3
00000040: 3a c9 48 64 e4 ce 9f 64 67 5d bb 7c 03 23 9e c9
00000050: 81 3f da 48 ee a6 2a d8 fb ac 77 ce ed c2 a4 d9
00000060: 24 d3 71 99 fc 71 2b 6c 10 d3 c3 4b b5 37 e2 55
00000070: 5f d5 ee c0 d6 ff 66 15 8c e5 63 26 96 cd 3f 49
00000080: 2b da 51 94 55 6e 2e e5 2e d1 b4 91 81 50 85 8a
00000090: 84 bd fe 52 ec ce 1b 6b bd 7d 12 b4 de a5 88 c4
000000A0: b7 78 d3 3d 2d 46 ef dc 0f 91 43 be 08 7a ba fa
000000B0: b3 2a c2 17 30 99 79 ae 3a 00 f0 3f 47 4a 9b 11
000000C0: 4d 7b 1b 28 0a 44 5b 1a af 35 4d c3 2b 6b be 11
000000D0: 89 03 b9 de cf 37 57 53 1e a4 f3 3f ce 52 a6 d8
000000E0: 7e 9d d8 d4 2f 9f f5 8f 3c c6 cb 2f 56 e0 97 2d
000000F0: b2 0e 10 66 3b 3c ec 34 50 99 a3 7d 42 ec 96 eb
00000100: 87 48 72 2c 0a 6d af b9 4b 62 48 89 36 01 21 ab
00000110: 8e 79 10 54 9c 83 ab a9 8a 6c 37 c7 ac dc a1 7e
00000120: 41 0e 58 de da aa 95 71 fb 34 50 8a ef 37 0b c4
00000130: 56 ca 4b 2c 75 b7 c7 d9 74 22 c2 65 1a e4 4f 94
00000140: 20 f6 e9 44 f1 69 5e d2 18 d3 30 2e 85 74 25 be
00000150: 2a 88 e2 ce fe 75 ca fa 25 f9 2e 88 8c ed 6f dd
00000160: c3 c5 53 2e da 14 fd 96 28 4a b7 81 3a b3 d5 44
00000170: 26 e2 84 21 f2 5c 0a ed bf c4 34 1c a4 91 5e f3
00000180: 47 ef 0e 9e fb ee 34 95 5d 21 72 43 c9 63 af b4
00000190: f2 98 4a 36 57 77 fc e7 57 52 b2 4d bf 34 2a 98
000001A0: ea 70 cd d7 a9 da 4c 0d 19 05 d4 1e dd 36 c7 c4
000001B0: 31 54 18 2a ef 0e 30 44 97 31 15 57 cd d4 88 52
000001C0: 4e 42 c8 20 89 8d 35 7b 8e 03 96 b4 74 fb ec 3b
000001D0: 14 c2 64 49 92 f2 1f 3d ff 84 2d 92 4c b9 01 04
000001E0: 3d 0a 2a 28 33 de 43 44 6b cf 79 0e
(136) Computes ICV using K3r as K_msg (fragment 3)
00000000: 7d 7c 57 8f 91 d0 c9 eb
(137) Composes IV (fragment 3)
00000000: 00 00 00 00 00 00 00 02
(138) Composes MGM nonce (fragment 4)
00000000: 00 00 00 03 a5 bb 18 2f
(139) Composes AAD (fragment 4)
Smyslov Expires 9 June 2023 [Page 116]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 35 20 23 20 00 00 00 01 00 00 00 5e 00 00 00 42
00000020: 00 04 00 04
(140) Composes plaintext (fragment 4)
00000000: 00 07 00 00 10 00 00 ff ff 0a 00 00 00 0a 00 00
00000010: ff 29 00 00 08 00 00 40 02 29 00 00 08 00 00 40
00000020: 0a 00 00 00 08 00 00 40 0b 00
(141) Encrypts plaintext using K3r as K_msg, resulted in ciphertext
(fragment 4)
00000000: 81 fa 5d 7a 67 13 b7 93 f4 2c 01 b8 d1 02 8c ab
00000010: 8e 80 47 25 6e c5 69 e3 0c 84 cd 35 9a 0f 7a cc
00000020: 0a 92 7a 74 77 dc ba 60 ac 4a
(142) Computes ICV using K3r as K_msg (fragment 4)
00000000: 6c 27 70 e0 8a 82 bd 4b
(143) Composes IV (fragment 4)
00000000: 00 00 00 00 00 00 00 03
(144) Sends message fragment (1) , peer receives message fragment (1)
Smyslov Expires 9 June 2023 [Page 117]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
10.111.10.171:54295<-10.111.15.45:4500 [548]
00000000: 00 00 00 00 92 80 e0 82 2e 75 87 78 db 57 8d 97
00000010: de 11 9d 1e 35 20 23 20 00 00 00 01 00 00 02 20
00000020: 24 00 02 04 00 01 00 04 00 00 00 00 00 00 00 00
00000030: 73 f2 45 3e fb 6a 26 28 67 7d 14 e3 bf 0a 90 74
00000040: c9 95 6a 40 d5 4e a6 77 cf 58 2e b8 ae 52 f4 25
00000050: f7 82 bc d9 f0 74 4e 38 51 90 07 70 27 f8 01 27
00000060: 17 da f4 ba bc 1e 02 0b 73 ec cc 7b f8 b3 68 64
00000070: f3 48 65 33 3b ab ac 19 11 d3 f7 78 b4 f8 d1 3f
00000080: 6d 46 93 37 a6 58 48 3a 7d d0 8a 9c 84 ab de eb
00000090: 0d d4 8d ab 75 20 18 27 42 fe 24 ee ba c4 a4 6e
000000A0: db 80 68 3c 84 7e d6 36 50 d4 1b 1c bc c5 9f 18
000000B0: 41 af 48 52 c1 7e a2 f0 e4 bc 0a 3c 64 34 81 ca
000000C0: df 96 ba 51 91 f1 06 13 b2 04 23 c8 70 3a ea 64
000000D0: e9 ea ce c2 db aa 12 90 28 0c 9d f9 89 02 a8 5e
000000E0: 66 f5 6e ce dd e7 2c 4a 45 54 de 5e b8 76 73 67
000000F0: 2d a3 a0 52 91 74 ff b7 eb e4 ea d1 2b 04 76 f7
00000100: ff 4b 1c b8 45 7e 8a 60 e7 1e ec 13 3e c1 d8 d0
00000110: 78 be f4 79 77 06 ce 76 04 64 ad e7 10 19 65 2b
00000120: 45 66 23 3d 34 7a 40 6c 36 c0 20 73 47 d8 7a b6
00000130: 2b 0f 56 04 7a c0 41 ab 18 23 11 78 7f 4f d4 f5
00000140: 7d 2e 06 a5 15 ee de 84 9f c2 0a f6 c8 1e a4 30
00000150: 70 42 07 c8 5e 97 08 69 12 27 58 c3 c7 b7 db 7a
00000160: 8c 50 3a 3a 5c bf 3a a7 73 40 8f 9c 18 f6 13 77
00000170: 63 c1 60 06 36 a1 43 ab 88 08 c9 cc ad f2 88 ca
00000180: 84 bd 45 e0 8e d9 27 a3 07 f2 63 79 b0 a8 62 9f
00000190: 5f ba dc a7 f5 54 b8 4f 4f bb 1e a2 16 4b 4f 2d
000001A0: d4 08 4e 45 c2 c0 60 3b 73 df 6b 35 3a fe 38 2e
000001B0: 25 75 fc be 89 4c d2 7a 9c 1f b4 41 a6 31 d3 3d
000001C0: 39 a6 d1 c4 47 94 44 30 3a 2b 23 22 ba c0 a9 df
000001D0: dc 1c 90 8d d1 e8 13 f9 08 68 5a 94 98 c7 3f 47
000001E0: 77 79 b5 bb fb 22 56 4b 38 55 48 e8 14 d4 01 eb
000001F0: 63 e9 17 da 24 69 9a 6d dc 1e 25 06 ef 77 10 46
00000200: ad 99 ad 9c 54 4f d4 68 64 ea 05 1d ef 29 ea 0e
00000210: 3c 1c 7e 27 cf 59 76 42 5b 02 04 b8 96 08 17 ed
00000220: ef 01 4d a0
(145) Sends message fragment (2) , peer receives message fragment (2)
Smyslov Expires 9 June 2023 [Page 118]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
10.111.10.171:54295<-10.111.15.45:4500 [548]
00000000: 00 00 00 00 92 80 e0 82 2e 75 87 78 db 57 8d 97
00000010: de 11 9d 1e 35 20 23 20 00 00 00 01 00 00 02 20
00000020: 00 00 02 04 00 02 00 04 00 00 00 00 00 00 00 01
00000030: b1 c8 8d ae d9 6f 91 7e 5a 6a 2d 8c e0 d6 28 3e
00000040: 10 59 46 12 a1 1e fa 53 c3 58 ec 4e a9 a5 92 0c
00000050: fa 5e cf a3 33 4a 8b b7 56 66 54 d9 9c 64 2e b6
00000060: 4d 03 3f 77 a8 17 88 f6 23 e0 2e 56 a6 a2 4c 4d
00000070: 6e e3 09 8a 2e 31 a1 85 1c cf ce 95 e7 73 93 8e
00000080: 9c 5a 7b 3b 49 75 96 69 d4 b0 46 f7 74 b0 0d 5d
00000090: 91 3b 6d 2b a4 46 cc 5c d9 a8 38 c0 6b ad 73 35
000000A0: 09 aa c7 4c 91 8a 84 1c dd 3f e1 44 f7 c5 9c 61
000000B0: 0e b7 03 6b 84 cc 8e 93 5b d5 f6 7e 71 3a f4 2c
000000C0: 98 14 ad 47 e3 c3 70 dc e3 3e c0 a5 e0 e4 6d 01
000000D0: 44 78 7f e3 b7 6c cb 44 29 59 96 e9 84 6d 9d 18
000000E0: 89 66 16 07 46 a4 cd 72 a6 0e bd d2 a7 1c f7 21
000000F0: f0 d1 67 a9 0d 1c c4 c8 30 bd 26 1f 53 7d 61 8b
00000100: ad 6f ef 3e 2c 6e 7e 69 b9 92 72 66 65 b6 06 22
00000110: 49 a1 a8 f1 2f 02 dd 41 bf f5 d1 f6 7c 93 25 6e
00000120: 52 8b a9 3f b5 40 97 02 bb 7c f5 33 a6 60 52 b8
00000130: 4f 3e 80 6c 38 cf e4 8b 15 fd d0 66 75 c1 bf bb
00000140: ac fc ac 01 c3 11 8e 0b 3e e9 2c 1b 5d b9 9f f6
00000150: 2f d7 e8 3c c7 a9 25 8b aa 6e c6 49 6d 6f df 42
00000160: 53 0e ba 70 54 d2 af c3 4d 02 e1 48 42 c5 45 53
00000170: 25 59 66 25 c7 3c c6 c2 e2 99 e2 bb 47 a4 a7 be
00000180: 6c 92 0d 3b 4c ab 6e d7 23 05 ea 73 07 62 e8 c0
00000190: e8 78 47 af 54 c8 67 8f dd 32 59 8d 87 ac 42 0e
000001A0: 21 15 c4 f7 66 dc 02 cf 55 c2 e3 4d 8e 91 7a fd
000001B0: d7 4d 20 b0 6f 67 78 58 08 9c ba 05 8b b0 9c 16
000001C0: 20 51 75 12 96 e2 d5 28 ac 3e 50 26 04 6f 59 02
000001D0: 28 e0 ec 2c da 70 4a 9c 15 5a 2e 52 01 e6 4e 1e
000001E0: 10 6d 8d 5d 2a 81 69 0e 54 d0 5e 13 82 82 84 9a
000001F0: ac a6 0e 69 4e 17 5c c1 8a 71 f8 b4 80 3b 7a e5
00000200: b8 1f 09 4a 02 14 24 07 af 6a 14 d9 52 8e da d3
00000210: 58 23 68 71 27 b2 9a 03 09 f7 80 51 89 bd 07 12
00000220: fc 3f 15 8d
(146) Sends message fragment (3) , peer receives message fragment (3)
Smyslov Expires 9 June 2023 [Page 119]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
10.111.10.171:54295<-10.111.15.45:4500 [548]
00000000: 00 00 00 00 92 80 e0 82 2e 75 87 78 db 57 8d 97
00000010: de 11 9d 1e 35 20 23 20 00 00 00 01 00 00 02 20
00000020: 00 00 02 04 00 03 00 04 00 00 00 00 00 00 00 02
00000030: 08 e0 86 04 1f 8a c9 b5 68 cd 96 10 ab 59 99 3a
00000040: 54 7b a9 fa d7 60 46 ec c3 bf bd 8f fa 03 ed 41
00000050: 49 13 ca 8c 9c b8 0c df 81 25 e2 30 ca cb 65 b9
00000060: 16 55 8e 67 f4 b3 7c b8 91 66 76 7c a4 15 98 a3
00000070: 3a c9 48 64 e4 ce 9f 64 67 5d bb 7c 03 23 9e c9
00000080: 81 3f da 48 ee a6 2a d8 fb ac 77 ce ed c2 a4 d9
00000090: 24 d3 71 99 fc 71 2b 6c 10 d3 c3 4b b5 37 e2 55
000000A0: 5f d5 ee c0 d6 ff 66 15 8c e5 63 26 96 cd 3f 49
000000B0: 2b da 51 94 55 6e 2e e5 2e d1 b4 91 81 50 85 8a
000000C0: 84 bd fe 52 ec ce 1b 6b bd 7d 12 b4 de a5 88 c4
000000D0: b7 78 d3 3d 2d 46 ef dc 0f 91 43 be 08 7a ba fa
000000E0: b3 2a c2 17 30 99 79 ae 3a 00 f0 3f 47 4a 9b 11
000000F0: 4d 7b 1b 28 0a 44 5b 1a af 35 4d c3 2b 6b be 11
00000100: 89 03 b9 de cf 37 57 53 1e a4 f3 3f ce 52 a6 d8
00000110: 7e 9d d8 d4 2f 9f f5 8f 3c c6 cb 2f 56 e0 97 2d
00000120: b2 0e 10 66 3b 3c ec 34 50 99 a3 7d 42 ec 96 eb
00000130: 87 48 72 2c 0a 6d af b9 4b 62 48 89 36 01 21 ab
00000140: 8e 79 10 54 9c 83 ab a9 8a 6c 37 c7 ac dc a1 7e
00000150: 41 0e 58 de da aa 95 71 fb 34 50 8a ef 37 0b c4
00000160: 56 ca 4b 2c 75 b7 c7 d9 74 22 c2 65 1a e4 4f 94
00000170: 20 f6 e9 44 f1 69 5e d2 18 d3 30 2e 85 74 25 be
00000180: 2a 88 e2 ce fe 75 ca fa 25 f9 2e 88 8c ed 6f dd
00000190: c3 c5 53 2e da 14 fd 96 28 4a b7 81 3a b3 d5 44
000001A0: 26 e2 84 21 f2 5c 0a ed bf c4 34 1c a4 91 5e f3
000001B0: 47 ef 0e 9e fb ee 34 95 5d 21 72 43 c9 63 af b4
000001C0: f2 98 4a 36 57 77 fc e7 57 52 b2 4d bf 34 2a 98
000001D0: ea 70 cd d7 a9 da 4c 0d 19 05 d4 1e dd 36 c7 c4
000001E0: 31 54 18 2a ef 0e 30 44 97 31 15 57 cd d4 88 52
000001F0: 4e 42 c8 20 89 8d 35 7b 8e 03 96 b4 74 fb ec 3b
00000200: 14 c2 64 49 92 f2 1f 3d ff 84 2d 92 4c b9 01 04
00000210: 3d 0a 2a 28 33 de 43 44 6b cf 79 0e 7d 7c 57 8f
00000220: 91 d0 c9 eb
(147) Sends message fragment (4) , peer receives message fragment (4)
Smyslov Expires 9 June 2023 [Page 120]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
10.111.10.171:54295<-10.111.15.45:4500 [98]
00000000: 00 00 00 00 92 80 e0 82 2e 75 87 78 db 57 8d 97
00000010: de 11 9d 1e 35 20 23 20 00 00 00 01 00 00 00 5e
00000020: 00 00 00 42 00 04 00 04 00 00 00 00 00 00 00 03
00000030: 81 fa 5d 7a 67 13 b7 93 f4 2c 01 b8 d1 02 8c ab
00000040: 8e 80 47 25 6e c5 69 e3 0c 84 cd 35 9a 0f 7a cc
00000050: 0a 92 7a 74 77 dc ba 60 ac 4a 6c 27 70 e0 8a 82
00000060: bd 4b
Initiator's actions:
(148) Extracts IV from message (fragment 1)
00000000: 00 00 00 00 00 00 00 00
(149) Computes K1r (i1 = 0)
00000000: 35 e4 d1 65 2e ec 24 89 e4 c9 58 b1 b9 05 1b 83
00000010: 62 5e 65 d7 61 73 d9 1c cf 84 60 64 b9 f2 e7 51
(150) Computes K2r (i2 = 0)
00000000: 86 8c 89 42 41 d7 30 da 1a 4a 67 69 3a 32 4d 38
00000010: f3 54 02 9f f7 7d b7 bc 5a ee 3b 60 2b 3f 05 56
(151) Computes K3r (i3 = 0)
00000000: 31 95 e8 c6 67 af 42 d8 ce f1 e8 99 c6 8b 2a c2
00000010: 29 aa 3d c0 ff 18 5f 3d 79 4a 14 6b 9f ac d0 bb
(152) Composes MGM nonce (fragment 1)
00000000: 00 00 00 00 a5 bb 18 2f
(153) Extracts ICV from message (fragment 1)
00000000: 96 08 17 ed ef 01 4d a0
(154) Extracts AAD from message (fragment 1)
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 35 20 23 20 00 00 00 01 00 00 02 20 24 00 02 04
00000020: 00 01 00 04
(155) Extracts ciphertext from message (fragment 1)
Smyslov Expires 9 June 2023 [Page 121]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: 73 f2 45 3e fb 6a 26 28 67 7d 14 e3 bf 0a 90 74
00000010: c9 95 6a 40 d5 4e a6 77 cf 58 2e b8 ae 52 f4 25
00000020: f7 82 bc d9 f0 74 4e 38 51 90 07 70 27 f8 01 27
00000030: 17 da f4 ba bc 1e 02 0b 73 ec cc 7b f8 b3 68 64
00000040: f3 48 65 33 3b ab ac 19 11 d3 f7 78 b4 f8 d1 3f
00000050: 6d 46 93 37 a6 58 48 3a 7d d0 8a 9c 84 ab de eb
00000060: 0d d4 8d ab 75 20 18 27 42 fe 24 ee ba c4 a4 6e
00000070: db 80 68 3c 84 7e d6 36 50 d4 1b 1c bc c5 9f 18
00000080: 41 af 48 52 c1 7e a2 f0 e4 bc 0a 3c 64 34 81 ca
00000090: df 96 ba 51 91 f1 06 13 b2 04 23 c8 70 3a ea 64
000000A0: e9 ea ce c2 db aa 12 90 28 0c 9d f9 89 02 a8 5e
000000B0: 66 f5 6e ce dd e7 2c 4a 45 54 de 5e b8 76 73 67
000000C0: 2d a3 a0 52 91 74 ff b7 eb e4 ea d1 2b 04 76 f7
000000D0: ff 4b 1c b8 45 7e 8a 60 e7 1e ec 13 3e c1 d8 d0
000000E0: 78 be f4 79 77 06 ce 76 04 64 ad e7 10 19 65 2b
000000F0: 45 66 23 3d 34 7a 40 6c 36 c0 20 73 47 d8 7a b6
00000100: 2b 0f 56 04 7a c0 41 ab 18 23 11 78 7f 4f d4 f5
00000110: 7d 2e 06 a5 15 ee de 84 9f c2 0a f6 c8 1e a4 30
00000120: 70 42 07 c8 5e 97 08 69 12 27 58 c3 c7 b7 db 7a
00000130: 8c 50 3a 3a 5c bf 3a a7 73 40 8f 9c 18 f6 13 77
00000140: 63 c1 60 06 36 a1 43 ab 88 08 c9 cc ad f2 88 ca
00000150: 84 bd 45 e0 8e d9 27 a3 07 f2 63 79 b0 a8 62 9f
00000160: 5f ba dc a7 f5 54 b8 4f 4f bb 1e a2 16 4b 4f 2d
00000170: d4 08 4e 45 c2 c0 60 3b 73 df 6b 35 3a fe 38 2e
00000180: 25 75 fc be 89 4c d2 7a 9c 1f b4 41 a6 31 d3 3d
00000190: 39 a6 d1 c4 47 94 44 30 3a 2b 23 22 ba c0 a9 df
000001A0: dc 1c 90 8d d1 e8 13 f9 08 68 5a 94 98 c7 3f 47
000001B0: 77 79 b5 bb fb 22 56 4b 38 55 48 e8 14 d4 01 eb
000001C0: 63 e9 17 da 24 69 9a 6d dc 1e 25 06 ef 77 10 46
000001D0: ad 99 ad 9c 54 4f d4 68 64 ea 05 1d ef 29 ea 0e
000001E0: 3c 1c 7e 27 cf 59 76 42 5b 02 04 b8
(156) Decrypts ciphertext and verifies ICV using K3r as K_msg,
resulted in plaintext (fragment 1)
Smyslov Expires 9 June 2023 [Page 122]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: 25 00 00 4e 09 00 00 00 30 44 31 20 30 1e 06 03
00000010: 55 04 03 13 17 49 4b 45 20 49 6e 74 65 72 6f 70
00000020: 20 54 65 73 74 20 53 65 72 76 65 72 31 13 30 11
00000030: 06 03 55 04 0a 13 0a 45 4c 56 49 53 2d 50 4c 55
00000040: 53 31 0b 30 09 06 03 55 04 06 13 02 52 55 27 00
00000050: 04 bb 04 30 82 04 b2 30 82 04 5f a0 03 02 01 02
00000060: 02 13 7c 00 03 d9 02 ec f9 34 3e c8 aa d6 59 00
00000070: 01 00 03 d9 02 30 0a 06 08 2a 85 03 07 01 01 03
00000080: 02 30 82 01 0a 31 18 30 16 06 05 2a 85 03 64 01
00000090: 12 0d 31 32 33 34 35 36 37 38 39 30 31 32 33 31
000000A0: 1a 30 18 06 08 2a 85 03 03 81 03 01 01 12 0c 30
000000B0: 30 31 32 33 34 35 36 37 38 39 30 31 2f 30 2d 06
000000C0: 03 55 04 09 0c 26 d1 83 d0 bb 2e 20 d0 a1 d1 83
000000D0: d1 89 d1 91 d0 b2 d1 81 d0 ba d0 b8 d0 b9 20 d0
000000E0: b2 d0 b0 d0 bb 20 d0 b4 2e 20 31 38 31 0b 30 09
000000F0: 06 03 55 04 06 13 02 52 55 31 19 30 17 06 03 55
00000100: 04 08 0c 10 d0 b3 2e 20 d0 9c d0 be d1 81 d0 ba
00000110: d0 b2 d0 b0 31 15 30 13 06 03 55 04 07 0c 0c d0
00000120: 9c d0 be d1 81 d0 ba d0 b2 d0 b0 31 25 30 23 06
00000130: 03 55 04 0a 0c 1c d0 9e d0 9e d0 9e 20 22 d0 9a
00000140: d0 a0 d0 98 d0 9f d0 a2 d0 9e 2d d0 9f d0 a0 d0
00000150: 9e 22 31 3b 30 39 06 03 55 04 03 0c 32 d0 a2 d0
00000160: b5 d1 81 d1 82 d0 be d0 b2 d1 8b d0 b9 20 d0 a3
00000170: d0 a6 20 d0 9e d0 9e d0 9e 20 22 d0 9a d0 a0 d0
00000180: 98 d0 9f d0 a2 d0 9e 2d d0 9f d0 a0 d0 9e 22 30
00000190: 1e 17 0d 32 31 30 39 33 30 31 33 32 34 30 36 5a
000001A0: 17 0d 32 31 31 32 33 30 31 33 33 34 30 36 5a 30
000001B0: 44 31 20 30 1e 06 03 55 04 03 13 17 49 4b 45 20
000001C0: 49 6e 74 65 72 6f 70 20 54 65 73 74 20 53 65 72
000001D0: 76 65 72 31 13 30 11 06 03 55 04 0a 13 0a 45 4c
000001E0: 56 49 53 2d 50 4c 55 53 31 0b 30 00
(157) Extracts IV from message (fragment 2)
00000000: 00 00 00 00 00 00 00 01
(158) Uses previously computed key K3r
00000000: 31 95 e8 c6 67 af 42 d8 ce f1 e8 99 c6 8b 2a c2
00000010: 29 aa 3d c0 ff 18 5f 3d 79 4a 14 6b 9f ac d0 bb
(159) Composes MGM nonce (fragment 2)
00000000: 00 00 00 01 a5 bb 18 2f
(160) Extracts ICV from message (fragment 2)
00000000: 89 bd 07 12 fc 3f 15 8d
Smyslov Expires 9 June 2023 [Page 123]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
(161) Extracts AAD from message (fragment 2)
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 35 20 23 20 00 00 00 01 00 00 02 20 00 00 02 04
00000020: 00 02 00 04
(162) Extracts ciphertext from message (fragment 2)
00000000: b1 c8 8d ae d9 6f 91 7e 5a 6a 2d 8c e0 d6 28 3e
00000010: 10 59 46 12 a1 1e fa 53 c3 58 ec 4e a9 a5 92 0c
00000020: fa 5e cf a3 33 4a 8b b7 56 66 54 d9 9c 64 2e b6
00000030: 4d 03 3f 77 a8 17 88 f6 23 e0 2e 56 a6 a2 4c 4d
00000040: 6e e3 09 8a 2e 31 a1 85 1c cf ce 95 e7 73 93 8e
00000050: 9c 5a 7b 3b 49 75 96 69 d4 b0 46 f7 74 b0 0d 5d
00000060: 91 3b 6d 2b a4 46 cc 5c d9 a8 38 c0 6b ad 73 35
00000070: 09 aa c7 4c 91 8a 84 1c dd 3f e1 44 f7 c5 9c 61
00000080: 0e b7 03 6b 84 cc 8e 93 5b d5 f6 7e 71 3a f4 2c
00000090: 98 14 ad 47 e3 c3 70 dc e3 3e c0 a5 e0 e4 6d 01
000000A0: 44 78 7f e3 b7 6c cb 44 29 59 96 e9 84 6d 9d 18
000000B0: 89 66 16 07 46 a4 cd 72 a6 0e bd d2 a7 1c f7 21
000000C0: f0 d1 67 a9 0d 1c c4 c8 30 bd 26 1f 53 7d 61 8b
000000D0: ad 6f ef 3e 2c 6e 7e 69 b9 92 72 66 65 b6 06 22
000000E0: 49 a1 a8 f1 2f 02 dd 41 bf f5 d1 f6 7c 93 25 6e
000000F0: 52 8b a9 3f b5 40 97 02 bb 7c f5 33 a6 60 52 b8
00000100: 4f 3e 80 6c 38 cf e4 8b 15 fd d0 66 75 c1 bf bb
00000110: ac fc ac 01 c3 11 8e 0b 3e e9 2c 1b 5d b9 9f f6
00000120: 2f d7 e8 3c c7 a9 25 8b aa 6e c6 49 6d 6f df 42
00000130: 53 0e ba 70 54 d2 af c3 4d 02 e1 48 42 c5 45 53
00000140: 25 59 66 25 c7 3c c6 c2 e2 99 e2 bb 47 a4 a7 be
00000150: 6c 92 0d 3b 4c ab 6e d7 23 05 ea 73 07 62 e8 c0
00000160: e8 78 47 af 54 c8 67 8f dd 32 59 8d 87 ac 42 0e
00000170: 21 15 c4 f7 66 dc 02 cf 55 c2 e3 4d 8e 91 7a fd
00000180: d7 4d 20 b0 6f 67 78 58 08 9c ba 05 8b b0 9c 16
00000190: 20 51 75 12 96 e2 d5 28 ac 3e 50 26 04 6f 59 02
000001A0: 28 e0 ec 2c da 70 4a 9c 15 5a 2e 52 01 e6 4e 1e
000001B0: 10 6d 8d 5d 2a 81 69 0e 54 d0 5e 13 82 82 84 9a
000001C0: ac a6 0e 69 4e 17 5c c1 8a 71 f8 b4 80 3b 7a e5
000001D0: b8 1f 09 4a 02 14 24 07 af 6a 14 d9 52 8e da d3
000001E0: 58 23 68 71 27 b2 9a 03 09 f7 80 51
(163) Decrypts ciphertext and verifies ICV using K3r as K_msg,
resulted in plaintext (fragment 2)
Smyslov Expires 9 June 2023 [Page 124]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: 09 06 03 55 04 06 13 02 52 55 30 66 30 1f 06 08
00000010: 2a 85 03 07 01 01 01 01 30 13 06 07 2a 85 03 02
00000020: 02 24 00 06 08 2a 85 03 07 01 01 02 02 03 43 00
00000030: 04 40 5b b3 14 3e f4 70 c1 70 d7 f3 27 25 d8 53
00000040: 7c e6 de 6d 8c 29 f6 b2 32 64 56 dc b1 77 f2 3d
00000050: fa f4 2a 5c f3 74 86 7f 04 72 51 c1 cf b3 43 36
00000060: f5 95 a2 af 05 47 57 1a 55 c0 78 a4 9d 64 26 b8
00000070: 61 14 a3 82 02 59 30 82 02 55 30 0e 06 03 55 1d
00000080: 0f 01 01 ff 04 04 03 02 05 a0 30 13 06 03 55 1d
00000090: 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 11 30
000000A0: 1d 06 03 55 1d 0e 04 16 04 14 e0 d3 f0 09 ad ce
000000B0: 6c a5 47 ba 9b f7 a6 a5 1b 06 14 ba a5 43 30 1f
000000C0: 06 03 55 1d 23 04 18 30 16 80 14 9b 85 5e fb 81
000000D0: dc 4d 59 07 51 63 cf be df da 2c 7f c9 44 3c 30
000000E0: 82 01 0f 06 03 55 1d 1f 04 82 01 06 30 82 01 02
000000F0: 30 81 ff a0 81 fc a0 81 f9 86 81 b5 68 74 74 70
00000100: 3a 2f 2f 74 65 73 74 67 6f 73 74 32 30 31 32 2e
00000110: 63 72 79 70 74 6f 70 72 6f 2e 72 75 2f 43 65 72
00000120: 74 45 6e 72 6f 6c 6c 2f 21 30 34 32 32 21 30 34
00000130: 33 35 21 30 34 34 31 21 30 34 34 32 21 30 34 33
00000140: 65 21 30 34 33 32 21 30 34 34 62 21 30 34 33 39
00000150: 25 32 30 21 30 34 32 33 21 30 34 32 36 25 32 30
00000160: 21 30 34 31 65 21 30 34 31 65 21 30 34 31 65 25
00000170: 32 30 21 30 30 32 32 21 30 34 31 61 21 30 34 32
00000180: 30 21 30 34 31 38 21 30 34 31 66 21 30 34 32 32
00000190: 21 30 34 31 65 2d 21 30 34 31 66 21 30 34 32 30
000001A0: 21 30 34 31 65 21 30 30 32 32 28 31 29 2e 63 72
000001B0: 6c 86 3f 68 74 74 70 3a 2f 2f 74 65 73 74 67 6f
000001C0: 73 74 32 30 31 32 2e 63 72 79 70 74 6f 70 72 6f
000001D0: 2e 72 75 2f 43 65 72 74 45 6e 72 6f 6c 6c 2f 74
000001E0: 65 73 74 67 6f 73 74 32 30 31 32 00
(164) Extracts IV from message (fragment 3)
00000000: 00 00 00 00 00 00 00 02
(165) Uses previously computed key K3r
00000000: 31 95 e8 c6 67 af 42 d8 ce f1 e8 99 c6 8b 2a c2
00000010: 29 aa 3d c0 ff 18 5f 3d 79 4a 14 6b 9f ac d0 bb
(166) Composes MGM nonce (fragment 3)
00000000: 00 00 00 02 a5 bb 18 2f
(167) Extracts ICV from message (fragment 3)
00000000: 7d 7c 57 8f 91 d0 c9 eb
Smyslov Expires 9 June 2023 [Page 125]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
(168) Extracts AAD from message (fragment 3)
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 35 20 23 20 00 00 00 01 00 00 02 20 00 00 02 04
00000020: 00 03 00 04
(169) Extracts ciphertext from message (fragment 3)
00000000: 08 e0 86 04 1f 8a c9 b5 68 cd 96 10 ab 59 99 3a
00000010: 54 7b a9 fa d7 60 46 ec c3 bf bd 8f fa 03 ed 41
00000020: 49 13 ca 8c 9c b8 0c df 81 25 e2 30 ca cb 65 b9
00000030: 16 55 8e 67 f4 b3 7c b8 91 66 76 7c a4 15 98 a3
00000040: 3a c9 48 64 e4 ce 9f 64 67 5d bb 7c 03 23 9e c9
00000050: 81 3f da 48 ee a6 2a d8 fb ac 77 ce ed c2 a4 d9
00000060: 24 d3 71 99 fc 71 2b 6c 10 d3 c3 4b b5 37 e2 55
00000070: 5f d5 ee c0 d6 ff 66 15 8c e5 63 26 96 cd 3f 49
00000080: 2b da 51 94 55 6e 2e e5 2e d1 b4 91 81 50 85 8a
00000090: 84 bd fe 52 ec ce 1b 6b bd 7d 12 b4 de a5 88 c4
000000A0: b7 78 d3 3d 2d 46 ef dc 0f 91 43 be 08 7a ba fa
000000B0: b3 2a c2 17 30 99 79 ae 3a 00 f0 3f 47 4a 9b 11
000000C0: 4d 7b 1b 28 0a 44 5b 1a af 35 4d c3 2b 6b be 11
000000D0: 89 03 b9 de cf 37 57 53 1e a4 f3 3f ce 52 a6 d8
000000E0: 7e 9d d8 d4 2f 9f f5 8f 3c c6 cb 2f 56 e0 97 2d
000000F0: b2 0e 10 66 3b 3c ec 34 50 99 a3 7d 42 ec 96 eb
00000100: 87 48 72 2c 0a 6d af b9 4b 62 48 89 36 01 21 ab
00000110: 8e 79 10 54 9c 83 ab a9 8a 6c 37 c7 ac dc a1 7e
00000120: 41 0e 58 de da aa 95 71 fb 34 50 8a ef 37 0b c4
00000130: 56 ca 4b 2c 75 b7 c7 d9 74 22 c2 65 1a e4 4f 94
00000140: 20 f6 e9 44 f1 69 5e d2 18 d3 30 2e 85 74 25 be
00000150: 2a 88 e2 ce fe 75 ca fa 25 f9 2e 88 8c ed 6f dd
00000160: c3 c5 53 2e da 14 fd 96 28 4a b7 81 3a b3 d5 44
00000170: 26 e2 84 21 f2 5c 0a ed bf c4 34 1c a4 91 5e f3
00000180: 47 ef 0e 9e fb ee 34 95 5d 21 72 43 c9 63 af b4
00000190: f2 98 4a 36 57 77 fc e7 57 52 b2 4d bf 34 2a 98
000001A0: ea 70 cd d7 a9 da 4c 0d 19 05 d4 1e dd 36 c7 c4
000001B0: 31 54 18 2a ef 0e 30 44 97 31 15 57 cd d4 88 52
000001C0: 4e 42 c8 20 89 8d 35 7b 8e 03 96 b4 74 fb ec 3b
000001D0: 14 c2 64 49 92 f2 1f 3d ff 84 2d 92 4c b9 01 04
000001E0: 3d 0a 2a 28 33 de 43 44 6b cf 79 0e
(170) Decrypts ciphertext and verifies ICV using K3r as K_msg,
resulted in plaintext (fragment 3)
Smyslov Expires 9 June 2023 [Page 126]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: 28 31 29 2e 63 72 6c 30 81 da 06 08 2b 06 01 05
00000010: 05 07 01 01 04 81 cd 30 81 ca 30 44 06 08 2b 06
00000020: 01 05 05 07 30 02 86 38 68 74 74 70 3a 2f 2f 74
00000030: 65 73 74 67 6f 73 74 32 30 31 32 2e 63 72 79 70
00000040: 74 6f 70 72 6f 2e 72 75 2f 43 65 72 74 45 6e 72
00000050: 6f 6c 6c 2f 72 6f 6f 74 32 30 31 38 2e 63 72 74
00000060: 30 3f 06 08 2b 06 01 05 05 07 30 01 86 33 68 74
00000070: 74 70 3a 2f 2f 74 65 73 74 67 6f 73 74 32 30 31
00000080: 32 2e 63 72 79 70 74 6f 70 72 6f 2e 72 75 2f 6f
00000090: 63 73 70 32 30 31 32 67 2f 6f 63 73 70 2e 73 72
000000A0: 66 30 41 06 08 2b 06 01 05 05 07 30 01 86 35 68
000000B0: 74 74 70 3a 2f 2f 74 65 73 74 67 6f 73 74 32 30
000000C0: 31 32 2e 63 72 79 70 74 6f 70 72 6f 2e 72 75 2f
000000D0: 6f 63 73 70 32 30 31 32 67 73 74 2f 6f 63 73 70
000000E0: 2e 73 72 66 30 0a 06 08 2a 85 03 07 01 01 03 02
000000F0: 03 41 00 a5 39 5f ca 48 e1 c2 93 c1 e0 8a 64 74
00000100: 0f 6b 86 a2 15 9b 46 29 d0 42 71 4f ce e7 52 d7
00000110: d7 3d aa 47 ce cf 52 63 8f 26 b2 17 5f ad 96 57
00000120: 76 ea 5f d0 87 bb 12 29 e4 06 0e e1 5f fd 59 81
00000130: fb 34 6d 29 00 00 55 0e 00 00 00 0c 30 0a 06 08
00000140: 2a 85 03 07 01 01 03 02 c8 40 af f7 46 6f 7b eb
00000150: d2 b9 1c 5a 80 d0 00 93 c2 5e 44 16 40 47 f7 8e
00000160: 61 9c da a5 16 94 83 c5 68 5f e8 4d 03 e7 c2 cd
00000170: 08 07 b8 f3 46 66 6d 05 76 c0 d5 e7 60 1d 59 49
00000180: 09 45 52 c4 95 a7 5a d3 29 00 00 08 00 00 40 00
00000190: 2f 00 00 0c 00 00 40 01 00 00 00 40 21 00 00 10
000001A0: 02 00 00 00 00 01 00 04 0a 01 01 03 2c 00 00 20
000001B0: 00 00 00 1c 01 03 04 02 34 ff 8a 25 03 00 00 08
000001C0: 01 00 00 21 00 00 00 08 05 00 00 00 2d 00 00 18
000001D0: 01 00 00 00 07 00 00 10 00 00 ff ff 0a 01 01 03
000001E0: 0a 01 01 03 29 00 00 18 01 00 00 00
(171) Extracts IV from message (fragment 4)
00000000: 00 00 00 00 00 00 00 03
(172) Uses previously computed key K3r
00000000: 31 95 e8 c6 67 af 42 d8 ce f1 e8 99 c6 8b 2a c2
00000010: 29 aa 3d c0 ff 18 5f 3d 79 4a 14 6b 9f ac d0 bb
(173) Composes MGM nonce (fragment 4)
00000000: 00 00 00 03 a5 bb 18 2f
(174) Extracts ICV from message (fragment 4)
00000000: 6c 27 70 e0 8a 82 bd 4b
Smyslov Expires 9 June 2023 [Page 127]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
(175) Extracts AAD from message (fragment 4)
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 35 20 23 20 00 00 00 01 00 00 00 5e 00 00 00 42
00000020: 00 04 00 04
(176) Extracts ciphertext from message (fragment 4)
00000000: 81 fa 5d 7a 67 13 b7 93 f4 2c 01 b8 d1 02 8c ab
00000010: 8e 80 47 25 6e c5 69 e3 0c 84 cd 35 9a 0f 7a cc
00000020: 0a 92 7a 74 77 dc ba 60 ac 4a
(177) Decrypts ciphertext and verifies ICV using K3r as K_msg,
resulted in plaintext (fragment 4)
00000000: 00 07 00 00 10 00 00 ff ff 0a 00 00 00 0a 00 00
00000010: ff 29 00 00 08 00 00 40 02 29 00 00 08 00 00 40
00000020: 0a 00 00 00 08 00 00 40 0b 00
(178) Reassembles message from received fragments and parses it
IKE SA Auth
#9280E0822E758778.DB578D97DE119D1E.00000001 IKEv2 R=>I[1563]
4*EF[...]->E[1535]{
IDr[78](DN){CN=IKE Interop Test Server,O=ELVIS-PLUS,C=RU},
CERT[1211](X.509 Cert){308204...FB346D},
AUTH[85](Sig){id-tc26-signwithdigest-gost3410-12-256[12]:
C840AF...A75AD3},
N[8](INITIAL_CONTACT),
N[12](SET_WINDOW_SIZE){64},
CP[16](REPLY){IP4.Address[4]=10.1.1.3},
SA[32]{
P[28](#1:ESP:34FF8A25:2#){
Encryption=ENCR_MAGMA_MGM_KTREE,
ESN=Off}},
TSi[24](1#){10.1.1.3},
TSr[24](1#){10.0.0.0-10.0.0.255},
N[8](ADDITIONAL_TS_POSSIBLE),
N[8](ESP_TFC_PADDING_NOT_SUPPORTED),
N[8](NON_FIRST_FRAGMENTS_ALSO)}
(179) Computes prf(SK_pr, IDr)
00000000: 7d c8 6a 33 12 02 5c 21 1f ab dc 83 0b 01 a5 27
00000010: 82 a2 f2 1f 64 c6 e9 5e 0e c0 4c e5 d9 11 8d 8e
00000020: b9 5c ef fa b0 a3 37 75 94 20 7c e4 60 60 ed 9d
00000030: fa 5e cb 7e e7 79 05 ab fb 51 1b 03 a8 2c c5 6a
Smyslov Expires 9 June 2023 [Page 128]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
(180) Uses responder's public key
00000000: 5B B3 14 3E F4 70 C1 70 D7 F3 27 25 D8 53 7C E6
00000010: DE 6D 8C 29 F6 B2 32 64 56 DC B1 77 F2 3D FA F4
00000020: 2A 5C F3 74 86 7F 04 72 51 C1 CF B3 43 36 F5 95
00000030: A2 AF 05 47 57 1A 55 C0 78 A4 9D 64 26 B8 61 14
(181) Verifies signature from AUTH payload using algorithm id-tc26-
signwithdigest-gost3410-12-256
00000000: c8 40 af f7 46 6f 7b eb d2 b9 1c 5a 80 d0 00 93
00000010: c2 5e 44 16 40 47 f7 8e 61 9c da a5 16 94 83 c5
00000020: 68 5f e8 4d 03 e7 c2 cd 08 07 b8 f3 46 66 6d 05
00000030: 76 c0 d5 e7 60 1d 59 49 09 45 52 c4 95 a7 5a d3
(182) Computes keys for ESP SAs
00000000: 98 ab 7e db 78 03 a1 e6 c7 21 43 ee b9 7f 5f 56
00000010: 45 bb 51 cd 0b b7 09 a1 af 34 02 87 69 4d 7b a0
00000020: 1d 14 a0 cc
00000000: 70 31 4d 57 94 8b 7e 5c 6f 29 d5 68 1b fd 43 2b
00000010: 19 4e 64 6d 8f 8a 8d 1e ba 72 24 59 c7 0c de 81
00000020: e2 04 84 af
Sub-scenario 2: IKE SA rekeying using the CREATE_CHILD_SA exchange.
Initiator Responder
HDR, SK {SAi, Ni, KEi [,N+]} --->
<--- HDR, SK {SAr, Nr, KEr [,N+]}
Initiator's actions:
(1) Generates random SPIi for new IKE SA
00000000: fd d9 35 89 50 d5 db 22
(2) Generates random IKE nonce Ni
00000000: 2e 98 99 76 4a 67 1e d9 17 27 32 f2 6d 3a 93 3c
00000010: 7f 21 2b 0e 59 90 cf 2a 7f 85 53 c5 ed 8a ec 37
(3) Generates ephemeral private key
Smyslov Expires 9 June 2023 [Page 129]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: 29 2c 72 52 e0 6c fd 39 1d 55 04 e9 cf af 82 29
00000010: 89 09 ff 1c ab b2 dd a5 88 f0 34 fd 2c 57 d2 28
(4) Computes public key
00000000: 13 78 88 b1 0f 09 65 43 94 53 b7 26 5d 2a 8b 29
00000010: 5f a9 d6 73 a2 d0 64 6c 98 0f 02 44 d5 5a 1d 13
00000020: 7b b4 4d 18 81 c3 ee 48 35 18 a7 71 ce 4f fa 45
00000030: b0 e9 74 63 37 58 32 7c ff a5 e4 98 b5 02 d4 ef
(5) Creates message
Create Child SA
#9280E0822E758778.DB578D97DE119D1E.00000002 IKEv2 R<-I[213]
E[185]{
SA[44]{
P[40](#1:IKE:FDD9358950D5DB22:3#){
Encryption=ENCR_MAGMA_MGM_KTREE,
PRF=PRF_HMAC_STREEBOG_512,
KE=GOST3410_2012_256}},
NONCE[36]{2E9899...8AEC37},
KE[72](GOST3410_2012_256){137888...02D4EF},
N[12](SET_WINDOW_SIZE){4}}
(6) Computes K3i (i3 = 1)
00000000: da 26 f7 b5 4c 4c 97 23 3f e2 cb 53 23 82 1b 2a
00000010: 40 3c 95 e1 78 2a 8f 3d 1b 0f a4 d3 ab c3 98 3d
(7) Composes MGM nonce
00000000: 00 00 00 00 b4 e1 3e 23
(8) Composes AAD
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 2e 20 24 08 00 00 00 02 00 00 00 d5 21 00 00 b9
(9) Composes plaintext
Smyslov Expires 9 June 2023 [Page 130]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: 28 00 00 2c 00 00 00 28 01 01 08 03 fd d9 35 89
00000010: 50 d5 db 22 03 00 00 08 01 00 00 21 03 00 00 08
00000020: 02 00 00 09 00 00 00 08 04 00 00 21 22 00 00 24
00000030: 2e 98 99 76 4a 67 1e d9 17 27 32 f2 6d 3a 93 3c
00000040: 7f 21 2b 0e 59 90 cf 2a 7f 85 53 c5 ed 8a ec 37
00000050: 29 00 00 48 00 21 00 00 13 78 88 b1 0f 09 65 43
00000060: 94 53 b7 26 5d 2a 8b 29 5f a9 d6 73 a2 d0 64 6c
00000070: 98 0f 02 44 d5 5a 1d 13 7b b4 4d 18 81 c3 ee 48
00000080: 35 18 a7 71 ce 4f fa 45 b0 e9 74 63 37 58 32 7c
00000090: ff a5 e4 98 b5 02 d4 ef 00 00 00 0c 00 00 40 01
000000A0: 00 00 00 04 00
(10) Encrypts plaintext using K3i as K_msg, resulted in ciphertext
00000000: f4 d1 2b 1e 51 65 d1 0b 7f 38 c6 16 3f 6e 5e f7
00000010: e0 48 24 15 6a 45 50 51 1a 6e fb 1c 1d b8 52 75
00000020: 80 56 e4 da fb e5 fe 42 08 71 79 99 ef 17 7a 03
00000030: fc c3 c6 b0 15 a5 72 a4 1b de e2 b5 e6 46 56 73
00000040: 3f 78 57 9e 6b b4 05 4c 86 91 c3 61 00 2d 9b 89
00000050: c0 0c 8b 11 0b 41 e7 92 16 7f f8 f6 5d ef f4 29
00000060: 27 ef ba 8c 5f 30 fd a9 12 4c 5f 8d e9 39 97 48
00000070: 9a e1 6a 91 01 c7 8c 94 aa 3b 89 bb 54 40 3b f1
00000080: 8d 2b 0e 75 d8 f6 98 d2 74 e4 b7 2f f5 ac a0 41
00000090: df 73 7f 1c 37 18 b9 79 8e 9d 6f ea e5 8a b6 9f
000000A0: 35 d9 d4 b3 cd
(11) Computes ICV using K3i as K_msg
00000000: 49 96 ac 4c 3f c4 fc 1d
(12) Composes IV
00000000: 00 00 00 00 01 00 00 00
(13) Sends message, peer receives message
Smyslov Expires 9 June 2023 [Page 131]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
10.111.10.171:54295->10.111.15.45:4500 [217]
00000000: 00 00 00 00 92 80 e0 82 2e 75 87 78 db 57 8d 97
00000010: de 11 9d 1e 2e 20 24 08 00 00 00 02 00 00 00 d5
00000020: 21 00 00 b9 00 00 00 00 01 00 00 00 f4 d1 2b 1e
00000030: 51 65 d1 0b 7f 38 c6 16 3f 6e 5e f7 e0 48 24 15
00000040: 6a 45 50 51 1a 6e fb 1c 1d b8 52 75 80 56 e4 da
00000050: fb e5 fe 42 08 71 79 99 ef 17 7a 03 fc c3 c6 b0
00000060: 15 a5 72 a4 1b de e2 b5 e6 46 56 73 3f 78 57 9e
00000070: 6b b4 05 4c 86 91 c3 61 00 2d 9b 89 c0 0c 8b 11
00000080: 0b 41 e7 92 16 7f f8 f6 5d ef f4 29 27 ef ba 8c
00000090: 5f 30 fd a9 12 4c 5f 8d e9 39 97 48 9a e1 6a 91
000000A0: 01 c7 8c 94 aa 3b 89 bb 54 40 3b f1 8d 2b 0e 75
000000B0: d8 f6 98 d2 74 e4 b7 2f f5 ac a0 41 df 73 7f 1c
000000C0: 37 18 b9 79 8e 9d 6f ea e5 8a b6 9f 35 d9 d4 b3
000000D0: cd 49 96 ac 4c 3f c4 fc 1d
Responder's actions:
(14) Extracts IV from message
00000000: 00 00 00 00 01 00 00 00
(15) Computes K3i (I = 1)
00000000: da 26 f7 b5 4c 4c 97 23 3f e2 cb 53 23 82 1b 2a
00000010: 40 3c 95 e1 78 2a 8f 3d 1b 0f a4 d3 ab c3 98 3d
(16) Composes MGM nonce
00000000: 00 00 00 00 b4 e1 3e 23
(17) Extracts ICV from message
00000000: 49 96 ac 4c 3f c4 fc 1d
(18) Extracts AAD from message
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 2e 20 24 08 00 00 00 02 00 00 00 d5 21 00 00 b9
(19) Extracts ciphertext from message
Smyslov Expires 9 June 2023 [Page 132]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: f4 d1 2b 1e 51 65 d1 0b 7f 38 c6 16 3f 6e 5e f7
00000010: e0 48 24 15 6a 45 50 51 1a 6e fb 1c 1d b8 52 75
00000020: 80 56 e4 da fb e5 fe 42 08 71 79 99 ef 17 7a 03
00000030: fc c3 c6 b0 15 a5 72 a4 1b de e2 b5 e6 46 56 73
00000040: 3f 78 57 9e 6b b4 05 4c 86 91 c3 61 00 2d 9b 89
00000050: c0 0c 8b 11 0b 41 e7 92 16 7f f8 f6 5d ef f4 29
00000060: 27 ef ba 8c 5f 30 fd a9 12 4c 5f 8d e9 39 97 48
00000070: 9a e1 6a 91 01 c7 8c 94 aa 3b 89 bb 54 40 3b f1
00000080: 8d 2b 0e 75 d8 f6 98 d2 74 e4 b7 2f f5 ac a0 41
00000090: df 73 7f 1c 37 18 b9 79 8e 9d 6f ea e5 8a b6 9f
000000A0: 35 d9 d4 b3 cd
(20) Decrypts ciphertext and verifies ICV using K3i as K_msg,
resulted in plaintext
00000000: 28 00 00 2c 00 00 00 28 01 01 08 03 fd d9 35 89
00000010: 50 d5 db 22 03 00 00 08 01 00 00 21 03 00 00 08
00000020: 02 00 00 09 00 00 00 08 04 00 00 21 22 00 00 24
00000030: 2e 98 99 76 4a 67 1e d9 17 27 32 f2 6d 3a 93 3c
00000040: 7f 21 2b 0e 59 90 cf 2a 7f 85 53 c5 ed 8a ec 37
00000050: 29 00 00 48 00 21 00 00 13 78 88 b1 0f 09 65 43
00000060: 94 53 b7 26 5d 2a 8b 29 5f a9 d6 73 a2 d0 64 6c
00000070: 98 0f 02 44 d5 5a 1d 13 7b b4 4d 18 81 c3 ee 48
00000080: 35 18 a7 71 ce 4f fa 45 b0 e9 74 63 37 58 32 7c
00000090: ff a5 e4 98 b5 02 d4 ef 00 00 00 0c 00 00 40 01
000000A0: 00 00 00 04 00
(21) Parses received message
Create Child SA
#9280E0822E758778.DB578D97DE119D1E.00000002 IKEv2 I->R[213]
E[185]{
SA[44]{
P[40](#1:IKE:FDD9358950D5DB22:3#){
Encryption=ENCR_MAGMA_MGM_KTREE,
PRF=PRF_HMAC_STREEBOG_512,
KE=GOST3410_2012_256}},
NONCE[36]{2E9899...8AEC37},
KE[72](GOST3410_2012_256){137888...02D4EF},
N[12](SET_WINDOW_SIZE){4}}
(22) Generates random SPIr for new IKE SA
00000000: 81 27 5d a2 98 90 1a 06
(23) Generates random IKE nonce Nr
Smyslov Expires 9 June 2023 [Page 133]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: cf 8e 80 0f 84 c9 d8 50 06 a4 02 b5 19 2a 0f a0
00000010: d7 f4 db 70 ca f1 2b 9b 02 ce 92 8d 97 20 43 96
(24) Generates ephemeral private key
00000000: af 9a 62 7d d3 b8 23 d2 49 7f f9 0a 9d f2 55 8c
00000010: ae 9c 48 ad f5 a4 ee a5 f6 24 5f 48 3c f8 42 0d
(25) Computes public key
00000000: ba 9c bb 8d c4 51 68 1c 63 50 9c 5b 78 c2 93 be
00000010: 52 9b 7a a0 6b 14 1e 0f 52 d4 a3 0e 71 d7 5b 4c
00000020: aa 58 af 26 21 d9 b2 92 87 1c d9 7a 89 6f c2 7d
00000030: 7d 95 96 39 a2 36 37 8f f4 b9 1d 2f a8 b7 f5 c9
(26) Computes shared key
00000000: ae 27 a3 df af 7d bb ad f4 5c 19 64 c9 27 eb 41
00000010: 14 fc 1a f8 25 cc 93 50 a2 64 5f 04 67 0a 74 cb
(27) Computes SKEYSEED for new SA
00000000: 31 2b 7f 6a 24 23 8f ed b6 ac 40 a7 58 2e 28 54
00000010: 47 53 76 20 05 c7 00 c8 87 c1 51 68 93 40 7e 2d
00000020: ed 14 c4 78 9a f4 12 e7 f0 19 4d 4d 12 45 0d 42
00000030: e4 b2 29 e5 57 b4 90 cc cf d5 94 84 b4 59 5e b9
(28) Computes SK_d for new SA
00000000: 38 ec b5 1c 33 77 f8 62 29 9f 00 d9 98 5f a4 4c
00000010: ea c7 97 31 01 b9 39 ce 16 2c 1c 30 dd 53 d8 97
00000020: 48 49 cd ca 82 7b 57 55 e4 5a 33 1c 80 e6 b9 1f
00000030: 2c 80 b2 e5 48 8a 23 9d 8e 42 32 ed 4f 63 3a f1
(29) Computes SK_ei for new SA
00000000: 17 1c 7c 08 bd 1a 3d 50 58 e1 13 58 9d c4 21 c6
00000010: a3 44 e5 c1 f5 14 e8 22 ed 94 03 2e 76 47 b1 8d
00000020: 2b 3d 3b 2f
(30) Computes SK_er for new SA
00000000: 4a a9 b7 36 1d 2c e1 e0 dc 55 b6 45 0a 38 f1 9a
00000010: 83 cb 8f 79 57 5e df d8 5f 5e 22 a8 36 bd 3a 4a
00000020: d2 f6 27 21
(31) Creates message
Smyslov Expires 9 June 2023 [Page 134]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
Create Child SA
#9280E0822E758778.DB578D97DE119D1E.00000002 IKEv2 I<=R[213]
E[185]{
SA[44]{
P[40](#1:IKE:81275DA298901A06:3#){
Encryption=ENCR_MAGMA_MGM_KTREE,
PRF=PRF_HMAC_STREEBOG_512,
KE=GOST3410_2012_256}},
NONCE[36]{CF8E80...204396},
KE[72](GOST3410_2012_256){BA9CBB...B7F5C9},
N[12](SET_WINDOW_SIZE){64}}
(32) Computes K3r (i3 = 1)
00000000: 9b 6c de 40 b4 63 c4 85 db 09 b7 24 f4 60 fa d0
00000010: 1f d3 f3 fa e9 f8 e9 03 0c 34 cb 51 52 51 5b 56
(33) Composes MGM nonce
00000000: 00 00 00 00 a5 bb 18 2f
(34) Composes AAD
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 2e 20 24 20 00 00 00 02 00 00 00 d5 21 00 00 b9
(35) Composes plaintext
00000000: 28 00 00 2c 00 00 00 28 01 01 08 03 81 27 5d a2
00000010: 98 90 1a 06 03 00 00 08 01 00 00 21 03 00 00 08
00000020: 02 00 00 09 00 00 00 08 04 00 00 21 22 00 00 24
00000030: cf 8e 80 0f 84 c9 d8 50 06 a4 02 b5 19 2a 0f a0
00000040: d7 f4 db 70 ca f1 2b 9b 02 ce 92 8d 97 20 43 96
00000050: 29 00 00 48 00 21 00 00 ba 9c bb 8d c4 51 68 1c
00000060: 63 50 9c 5b 78 c2 93 be 52 9b 7a a0 6b 14 1e 0f
00000070: 52 d4 a3 0e 71 d7 5b 4c aa 58 af 26 21 d9 b2 92
00000080: 87 1c d9 7a 89 6f c2 7d 7d 95 96 39 a2 36 37 8f
00000090: f4 b9 1d 2f a8 b7 f5 c9 00 00 00 0c 00 00 40 01
000000A0: 00 00 00 40 00
(36) Encrypts plaintext using K3r as K_msg, resulted in ciphertext
Smyslov Expires 9 June 2023 [Page 135]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: 6e a0 bc 5e 58 16 91 db 1f e0 22 20 b6 75 fd e6
00000010: e0 01 a7 86 0c 9c a6 77 ef cd f6 be e4 c8 31 18
00000020: c7 7f 68 58 d8 85 75 6c 1d 4a 0e 66 09 86 7c 84
00000030: 30 a7 2e f0 26 2b 19 da c5 25 34 5b 19 f0 97 86
00000040: 54 ca 08 92 65 9c e3 92 4d ee 92 0a a0 86 d7 3f
00000050: 4d d9 f2 7e 32 48 b3 9f ea 54 d2 96 99 42 30 6b
00000060: b0 b4 fe 5d 4a fc 8c ff 54 f6 2f b7 ca 7b 83 01
00000070: 36 85 57 78 b3 74 84 72 9d 94 2f 6f ae 4e 26 bb
00000080: 6e 06 84 2b ac f8 99 29 31 ad 7b dc db c0 0f 19
00000090: 5f 06 42 2d 90 d2 6a 05 8a 41 ee 24 e2 49 a5 b6
000000A0: 61 e8 cb 46 3c
(37) Computes ICV using K3r as K_msg
00000000: dc c4 ca 6d 07 cf 31 a8
(38) Composes IV
00000000: 00 00 00 00 01 00 00 00
(39) Sends message, peer receives message
10.111.10.171:54295<-10.111.15.45:4500 [217]
00000000: 00 00 00 00 92 80 e0 82 2e 75 87 78 db 57 8d 97
00000010: de 11 9d 1e 2e 20 24 20 00 00 00 02 00 00 00 d5
00000020: 21 00 00 b9 00 00 00 00 01 00 00 00 6e a0 bc 5e
00000030: 58 16 91 db 1f e0 22 20 b6 75 fd e6 e0 01 a7 86
00000040: 0c 9c a6 77 ef cd f6 be e4 c8 31 18 c7 7f 68 58
00000050: d8 85 75 6c 1d 4a 0e 66 09 86 7c 84 30 a7 2e f0
00000060: 26 2b 19 da c5 25 34 5b 19 f0 97 86 54 ca 08 92
00000070: 65 9c e3 92 4d ee 92 0a a0 86 d7 3f 4d d9 f2 7e
00000080: 32 48 b3 9f ea 54 d2 96 99 42 30 6b b0 b4 fe 5d
00000090: 4a fc 8c ff 54 f6 2f b7 ca 7b 83 01 36 85 57 78
000000A0: b3 74 84 72 9d 94 2f 6f ae 4e 26 bb 6e 06 84 2b
000000B0: ac f8 99 29 31 ad 7b dc db c0 0f 19 5f 06 42 2d
000000C0: 90 d2 6a 05 8a 41 ee 24 e2 49 a5 b6 61 e8 cb 46
000000D0: 3c dc c4 ca 6d 07 cf 31 a8
Initiator's actions:
(40) Extracts IV from message
00000000: 00 00 00 00 01 00 00 00
(41) Computes K3r (i3 = 1)
Smyslov Expires 9 June 2023 [Page 136]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: 9b 6c de 40 b4 63 c4 85 db 09 b7 24 f4 60 fa d0
00000010: 1f d3 f3 fa e9 f8 e9 03 0c 34 cb 51 52 51 5b 56
(42) Composes MGM nonce
00000000: 00 00 00 00 a5 bb 18 2f
(43) Extracts ICV from message
00000000: dc c4 ca 6d 07 cf 31 a8
(44) Extracts AAD from message
00000000: 92 80 e0 82 2e 75 87 78 db 57 8d 97 de 11 9d 1e
00000010: 2e 20 24 20 00 00 00 02 00 00 00 d5 21 00 00 b9
(45) Extracts ciphertext from message
00000000: 6e a0 bc 5e 58 16 91 db 1f e0 22 20 b6 75 fd e6
00000010: e0 01 a7 86 0c 9c a6 77 ef cd f6 be e4 c8 31 18
00000020: c7 7f 68 58 d8 85 75 6c 1d 4a 0e 66 09 86 7c 84
00000030: 30 a7 2e f0 26 2b 19 da c5 25 34 5b 19 f0 97 86
00000040: 54 ca 08 92 65 9c e3 92 4d ee 92 0a a0 86 d7 3f
00000050: 4d d9 f2 7e 32 48 b3 9f ea 54 d2 96 99 42 30 6b
00000060: b0 b4 fe 5d 4a fc 8c ff 54 f6 2f b7 ca 7b 83 01
00000070: 36 85 57 78 b3 74 84 72 9d 94 2f 6f ae 4e 26 bb
00000080: 6e 06 84 2b ac f8 99 29 31 ad 7b dc db c0 0f 19
00000090: 5f 06 42 2d 90 d2 6a 05 8a 41 ee 24 e2 49 a5 b6
000000A0: 61 e8 cb 46 3c
(46) Decrypts ciphertext and verifies ICV using K3r as K_msg,
resulted in plaintext
00000000: 28 00 00 2c 00 00 00 28 01 01 08 03 81 27 5d a2
00000010: 98 90 1a 06 03 00 00 08 01 00 00 21 03 00 00 08
00000020: 02 00 00 09 00 00 00 08 04 00 00 21 22 00 00 24
00000030: cf 8e 80 0f 84 c9 d8 50 06 a4 02 b5 19 2a 0f a0
00000040: d7 f4 db 70 ca f1 2b 9b 02 ce 92 8d 97 20 43 96
00000050: 29 00 00 48 00 21 00 00 ba 9c bb 8d c4 51 68 1c
00000060: 63 50 9c 5b 78 c2 93 be 52 9b 7a a0 6b 14 1e 0f
00000070: 52 d4 a3 0e 71 d7 5b 4c aa 58 af 26 21 d9 b2 92
00000080: 87 1c d9 7a 89 6f c2 7d 7d 95 96 39 a2 36 37 8f
00000090: f4 b9 1d 2f a8 b7 f5 c9 00 00 00 0c 00 00 40 01
000000A0: 00 00 00 40 00
(47) Parses received message
Smyslov Expires 9 June 2023 [Page 137]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
Create Child SA
#9280E0822E758778.DB578D97DE119D1E.00000002 IKEv2 R=>I[213]
E[185]{
SA[44]{
P[40](#1:IKE:81275DA298901A06:3#){
Encryption=ENCR_MAGMA_MGM_KTREE,
PRF=PRF_HMAC_STREEBOG_512,
KE=GOST3410_2012_256}},
NONCE[36]{CF8E80...204396},
KE[72](GOST3410_2012_256){BA9CBB...B7F5C9},
N[12](SET_WINDOW_SIZE){64}}
(48) Computes shared key
00000000: ae 27 a3 df af 7d bb ad f4 5c 19 64 c9 27 eb 41
00000010: 14 fc 1a f8 25 cc 93 50 a2 64 5f 04 67 0a 74 cb
(49) Computes SKEYSEED for new SA
00000000: 31 2b 7f 6a 24 23 8f ed b6 ac 40 a7 58 2e 28 54
00000010: 47 53 76 20 05 c7 00 c8 87 c1 51 68 93 40 7e 2d
00000020: ed 14 c4 78 9a f4 12 e7 f0 19 4d 4d 12 45 0d 42
00000030: e4 b2 29 e5 57 b4 90 cc cf d5 94 84 b4 59 5e b9
(50) Computes SK_d for new SA
00000000: 38 ec b5 1c 33 77 f8 62 29 9f 00 d9 98 5f a4 4c
00000010: ea c7 97 31 01 b9 39 ce 16 2c 1c 30 dd 53 d8 97
00000020: 48 49 cd ca 82 7b 57 55 e4 5a 33 1c 80 e6 b9 1f
00000030: 2c 80 b2 e5 48 8a 23 9d 8e 42 32 ed 4f 63 3a f1
(51) Computes SK_ei for new SA
00000000: 17 1c 7c 08 bd 1a 3d 50 58 e1 13 58 9d c4 21 c6
00000010: a3 44 e5 c1 f5 14 e8 22 ed 94 03 2e 76 47 b1 8d
00000020: 2b 3d 3b 2f
(52) Computes SK_er for new SA
00000000: 4a a9 b7 36 1d 2c e1 e0 dc 55 b6 45 0a 38 f1 9a
00000010: 83 cb 8f 79 57 5e df d8 5f 5e 22 a8 36 bd 3a 4a
00000020: d2 f6 27 21
Sub-scenario 3: ESP SAs rekeying without PFS using the
CREATE_CHILD_SA exchange.
Smyslov Expires 9 June 2023 [Page 138]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
Initiator Responder
HDR, SK {N(REKEY_SA), SAi, Ni,
TSi, TSr [,N+]} --->
<--- HDR, SK {SAr, Nr,
TSi, TSr [,N+]}
Initiator's actions:
(1) Generates random IKE nonce Ni
00000000: b5 48 18 7d 30 d8 ea 49 20 d0 9d 42 de 9e 91 ce
00000010: b3 1c 41 85 37 66 d8 9e c6 a6 f8 08 93 f4 48 23
(2) Computes K1i (i1 = 0)
00000000: 28 b9 3c 93 ea db 74 38 64 87 8a 28 8d e0 38 5c
00000010: 14 cb ea 9f 67 58 a6 ee e2 2d c9 37 bb c8 41 69
(3) Computes K2i (i2 = 0)
00000000: 75 11 35 65 e6 29 70 2a d9 7d 38 a8 3a e3 aa 8a
00000010: 9e fb 80 af f5 52 71 be c9 c6 c3 4b 4b 40 96 44
(4) Computes K3i (i3 = 0)
00000000: 45 6f 03 f7 ad 75 eb e9 52 b8 8f 0d e8 36 47 69
00000010: 4d 2e f2 ba 15 e6 8c 89 1c 99 62 64 fb 0e 70 0a
(5) Selects SPI for new incoming ESP SA
00000000: 9a 8c 6a 9b
(6) Creates message
Create Child SA
#FDD9358950D5DB22.81275DA298901A06.00000000 IKEv2 R<-I[193]
E[165]{
N[12](ESP:6C0CA570:REKEY_SA),
SA[32]{
P[28](#1:ESP:9A8C6A9B:2#){
Encryption=ENCR_MAGMA_MGM_KTREE,
ESN=Off}},
NONCE[36]{B54818...F44823},
TSi[24](1#){10.1.1.3},
TSr[24](1#){10.0.0.0-10.0.0.255},
N[8](ESP_TFC_PADDING_NOT_SUPPORTED),
N[8](NON_FIRST_FRAGMENTS_ALSO)}
Smyslov Expires 9 June 2023 [Page 139]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
(7) Composes MGM nonce
00000000: 00 00 00 00 2b 3d 3b 2f
(8) Composes AAD
00000000: fd d9 35 89 50 d5 db 22 81 27 5d a2 98 90 1a 06
00000010: 2e 20 24 08 00 00 00 00 00 00 00 c1 29 00 00 a5
(9) Composes plaintext
00000000: 21 00 00 0c 03 04 40 09 6c 0c a5 70 28 00 00 20
00000010: 00 00 00 1c 01 03 04 02 9a 8c 6a 9b 03 00 00 08
00000020: 01 00 00 21 00 00 00 08 05 00 00 00 2c 00 00 24
00000030: b5 48 18 7d 30 d8 ea 49 20 d0 9d 42 de 9e 91 ce
00000040: b3 1c 41 85 37 66 d8 9e c6 a6 f8 08 93 f4 48 23
00000050: 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff
00000060: 0a 01 01 03 0a 01 01 03 29 00 00 18 01 00 00 00
00000070: 07 00 00 10 00 00 ff ff 0a 00 00 00 0a 00 00 ff
00000080: 29 00 00 08 00 00 40 0a 00 00 00 08 00 00 40 0b
00000090: 00
(10) Encrypts plaintext using K3i as K_msg, resulted in ciphertext
00000000: 47 71 bb 57 2a 1a 58 a6 44 cb 60 d4 8e 5c cc 0a
00000010: b9 34 0f 34 80 cf a2 38 54 f6 70 3b 98 4e 8f 9f
00000020: 3b 5c 5a 04 06 dc e9 d4 d3 54 c6 4d 73 09 10 c5
00000030: 4e 26 c4 27 fd cb 54 e1 cf e0 fd b4 9f f8 00 41
00000040: 41 c8 58 b2 c9 3a d8 e0 19 40 a3 89 ee 26 d4 84
00000050: 69 e9 52 68 d5 e1 ee f0 89 6e d3 95 34 62 ad 2e
00000060: e6 77 17 b8 6c 25 52 7f d8 70 9c 36 0b c8 1d 1a
00000070: 43 50 82 2a be b6 31 ff 2f 43 11 f7 d0 60 bf 62
00000080: b9 08 c3 09 a3 78 fb 5e 76 57 91 5d 48 1c aa d2
00000090: a3
(11) Computes ICV using K3i as K_msg
00000000: b3 05 bd 43 2f 87 0c 3f
(12) Composes IV
00000000: 00 00 00 00 00 00 00 00
(13) Sends message, peer receives message
Smyslov Expires 9 June 2023 [Page 140]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
10.111.10.171:54295->10.111.15.45:4500 [197]
00000000: 00 00 00 00 fd d9 35 89 50 d5 db 22 81 27 5d a2
00000010: 98 90 1a 06 2e 20 24 08 00 00 00 00 00 00 00 c1
00000020: 29 00 00 a5 00 00 00 00 00 00 00 00 47 71 bb 57
00000030: 2a 1a 58 a6 44 cb 60 d4 8e 5c cc 0a b9 34 0f 34
00000040: 80 cf a2 38 54 f6 70 3b 98 4e 8f 9f 3b 5c 5a 04
00000050: 06 dc e9 d4 d3 54 c6 4d 73 09 10 c5 4e 26 c4 27
00000060: fd cb 54 e1 cf e0 fd b4 9f f8 00 41 41 c8 58 b2
00000070: c9 3a d8 e0 19 40 a3 89 ee 26 d4 84 69 e9 52 68
00000080: d5 e1 ee f0 89 6e d3 95 34 62 ad 2e e6 77 17 b8
00000090: 6c 25 52 7f d8 70 9c 36 0b c8 1d 1a 43 50 82 2a
000000A0: be b6 31 ff 2f 43 11 f7 d0 60 bf 62 b9 08 c3 09
000000B0: a3 78 fb 5e 76 57 91 5d 48 1c aa d2 a3 b3 05 bd
000000C0: 43 2f 87 0c 3f
Responder's actions:
(14) Extracts IV from message
00000000: 00 00 00 00 00 00 00 00
(15) Computes K1i (i1 = 0)
00000000: 28 b9 3c 93 ea db 74 38 64 87 8a 28 8d e0 38 5c
00000010: 14 cb ea 9f 67 58 a6 ee e2 2d c9 37 bb c8 41 69
(16) Computes K2i (i2 = 0)
00000000: 75 11 35 65 e6 29 70 2a d9 7d 38 a8 3a e3 aa 8a
00000010: 9e fb 80 af f5 52 71 be c9 c6 c3 4b 4b 40 96 44
(17) Computes K3i (i3 = 0)
00000000: 45 6f 03 f7 ad 75 eb e9 52 b8 8f 0d e8 36 47 69
00000010: 4d 2e f2 ba 15 e6 8c 89 1c 99 62 64 fb 0e 70 0a
(18) Composes MGM nonce
00000000: 00 00 00 00 2b 3d 3b 2f
(19) Extracts ICV from message
00000000: b3 05 bd 43 2f 87 0c 3f
(20) Extracts AAD from message
Smyslov Expires 9 June 2023 [Page 141]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: fd d9 35 89 50 d5 db 22 81 27 5d a2 98 90 1a 06
00000010: 2e 20 24 08 00 00 00 00 00 00 00 c1 29 00 00 a5
(21) Extracts ciphertext from message
00000000: 47 71 bb 57 2a 1a 58 a6 44 cb 60 d4 8e 5c cc 0a
00000010: b9 34 0f 34 80 cf a2 38 54 f6 70 3b 98 4e 8f 9f
00000020: 3b 5c 5a 04 06 dc e9 d4 d3 54 c6 4d 73 09 10 c5
00000030: 4e 26 c4 27 fd cb 54 e1 cf e0 fd b4 9f f8 00 41
00000040: 41 c8 58 b2 c9 3a d8 e0 19 40 a3 89 ee 26 d4 84
00000050: 69 e9 52 68 d5 e1 ee f0 89 6e d3 95 34 62 ad 2e
00000060: e6 77 17 b8 6c 25 52 7f d8 70 9c 36 0b c8 1d 1a
00000070: 43 50 82 2a be b6 31 ff 2f 43 11 f7 d0 60 bf 62
00000080: b9 08 c3 09 a3 78 fb 5e 76 57 91 5d 48 1c aa d2
00000090: a3
(22) Decrypts ciphertext and verifies ICV using K3i as K_msg,
resulted in plaintext
00000000: 21 00 00 0c 03 04 40 09 6c 0c a5 70 28 00 00 20
00000010: 00 00 00 1c 01 03 04 02 9a 8c 6a 9b 03 00 00 08
00000020: 01 00 00 21 00 00 00 08 05 00 00 00 2c 00 00 24
00000030: b5 48 18 7d 30 d8 ea 49 20 d0 9d 42 de 9e 91 ce
00000040: b3 1c 41 85 37 66 d8 9e c6 a6 f8 08 93 f4 48 23
00000050: 2d 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff
00000060: 0a 01 01 03 0a 01 01 03 29 00 00 18 01 00 00 00
00000070: 07 00 00 10 00 00 ff ff 0a 00 00 00 0a 00 00 ff
00000080: 29 00 00 08 00 00 40 0a 00 00 00 08 00 00 40 0b
00000090: 00
(23) Parses received message
Create Child SA
#FDD9358950D5DB22.81275DA298901A06.00000000 IKEv2 I->R[193]
E[165]{
N[12](ESP:6C0CA570:REKEY_SA),
SA[32]{
P[28](#1:ESP:9A8C6A9B:2#){
Encryption=ENCR_MAGMA_MGM_KTREE,
ESN=Off}},
NONCE[36]{B54818...F44823},
TSi[24](1#){10.1.1.3},
TSr[24](1#){10.0.0.0-10.0.0.255},
N[8](ESP_TFC_PADDING_NOT_SUPPORTED),
N[8](NON_FIRST_FRAGMENTS_ALSO)}
(24) Generates random IKE nonce Nr
Smyslov Expires 9 June 2023 [Page 142]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: 41 5e a7 ed 7e 65 d3 ff d3 df ed 5f b5 c8 5c 60
00000010: 2b 9c 15 14 eb 52 97 b7 fc aa 33 c4 64 f3 58 06
(25) Selects SPI for new incoming ESP SA
00000000: 15 4f 35 39
(26) Computes keys for new ESP SAs
00000000: 6a b6 a0 e7 05 d3 51 16 6f 4f b9 d6 59 0c c8 69
00000010: 43 70 cf 6f 0d 32 c3 7d 92 75 00 4b 0a 76 35 67
00000020: 64 0e 3a fe
00000000: 65 56 1c 79 27 cb c6 d6 8c b8 69 0f 40 00 d2 0a
00000010: c1 49 1c d1 86 88 db 88 ae f3 be 82 0c 71 b7 c9
00000020: 6c cf a3 64
(27) Creates message
Create Child SA
#FDD9358950D5DB22.81275DA298901A06.00000000 IKEv2 I<=R[189]
E[161]{
SA[32]{
P[28](#1:ESP:154F3539:2#){
Encryption=ENCR_MAGMA_MGM_KTREE,
ESN=Off}},
NONCE[36]{415EA7...F35806},
TSi[24](1#){10.1.1.3},
TSr[24](1#){10.0.0.0-10.0.0.255},
N[8](ADDITIONAL_TS_POSSIBLE),
N[8](ESP_TFC_PADDING_NOT_SUPPORTED),
N[8](NON_FIRST_FRAGMENTS_ALSO)}
(28) Computes K1r (i1 = 0)
00000000: 51 49 d5 41 33 91 45 dd ff 04 f5 05 e5 21 39 f2
00000010: 3a 71 1c 18 ef 39 94 1e dd 0c 70 e5 14 12 43 0a
(29) Computes K2r (i2 = 0)
00000000: 0e 8f 21 54 2e fc 81 79 57 c4 c9 0b e0 25 9a 59
00000010: 29 26 0e 86 20 bf d4 e6 00 32 23 43 ae f0 11 52
(30) Computes K3r (i3 = 0)
00000000: 92 b8 b2 d6 7a 2d e1 db 5f e1 39 d2 57 c8 24 5f
00000010: f6 22 54 de fc 35 35 c9 24 cf a5 4a e1 5d 75 71
(31) Composes MGM nonce
Smyslov Expires 9 June 2023 [Page 143]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: 00 00 00 00 d2 f6 27 21
(32) Composes AAD
00000000: fd d9 35 89 50 d5 db 22 81 27 5d a2 98 90 1a 06
00000010: 2e 20 24 20 00 00 00 00 00 00 00 bd 21 00 00 a1
(33) Composes plaintext
00000000: 28 00 00 20 00 00 00 1c 01 03 04 02 15 4f 35 39
00000010: 03 00 00 08 01 00 00 21 00 00 00 08 05 00 00 00
00000020: 2c 00 00 24 41 5e a7 ed 7e 65 d3 ff d3 df ed 5f
00000030: b5 c8 5c 60 2b 9c 15 14 eb 52 97 b7 fc aa 33 c4
00000040: 64 f3 58 06 2d 00 00 18 01 00 00 00 07 00 00 10
00000050: 00 00 ff ff 0a 01 01 03 0a 01 01 03 29 00 00 18
00000060: 01 00 00 00 07 00 00 10 00 00 ff ff 0a 00 00 00
00000070: 0a 00 00 ff 29 00 00 08 00 00 40 02 29 00 00 08
00000080: 00 00 40 0a 00 00 00 08 00 00 40 0b 00
(34) Encrypts plaintext using K3r as K_msg, resulted in ciphertext
00000000: 2e c7 13 73 4c cc f8 f3 51 71 ac d9 7a 6e 20 2c
00000010: 68 70 bb 8f 82 42 2a 14 e3 8d b8 25 10 9a 1f b6
00000020: 51 ef c5 35 50 bf df 8e 96 bc 94 5a e5 4d 9d 99
00000030: 9a 14 36 d1 4b 61 e1 de 3b 0d 12 94 e5 72 60 00
00000040: 0f 9d dd 2b e1 97 25 4c 5c ee 48 2e 9b f7 d8 9e
00000050: 01 6b 1d 92 b7 c1 7f 16 81 0f e2 e3 14 1c 27 c7
00000060: 35 e9 e3 fd b8 fc 5d fb a2 ee 2f f9 b0 17 39 ca
00000070: f1 2e b1 13 99 e0 da 10 1a 29 74 26 a3 63 ce 09
00000080: 6a f9 1b 67 4a f2 fb 0f 17 5e 48 1a 93
(35) Computes ICV using K3r as K_msg
00000000: 57 b4 30 41 07 50 b1 cc
(36) Composes IV
00000000: 00 00 00 00 00 00 00 00
(37) Sends message, peer receives message
Smyslov Expires 9 June 2023 [Page 144]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
10.111.10.171:54295<-10.111.15.45:4500 [193]
00000000: 00 00 00 00 fd d9 35 89 50 d5 db 22 81 27 5d a2
00000010: 98 90 1a 06 2e 20 24 20 00 00 00 00 00 00 00 bd
00000020: 21 00 00 a1 00 00 00 00 00 00 00 00 2e c7 13 73
00000030: 4c cc f8 f3 51 71 ac d9 7a 6e 20 2c 68 70 bb 8f
00000040: 82 42 2a 14 e3 8d b8 25 10 9a 1f b6 51 ef c5 35
00000050: 50 bf df 8e 96 bc 94 5a e5 4d 9d 99 9a 14 36 d1
00000060: 4b 61 e1 de 3b 0d 12 94 e5 72 60 00 0f 9d dd 2b
00000070: e1 97 25 4c 5c ee 48 2e 9b f7 d8 9e 01 6b 1d 92
00000080: b7 c1 7f 16 81 0f e2 e3 14 1c 27 c7 35 e9 e3 fd
00000090: b8 fc 5d fb a2 ee 2f f9 b0 17 39 ca f1 2e b1 13
000000A0: 99 e0 da 10 1a 29 74 26 a3 63 ce 09 6a f9 1b 67
000000B0: 4a f2 fb 0f 17 5e 48 1a 93 57 b4 30 41 07 50 b1
000000C0: cc
Initiator's actions:
(38) Extracts IV from message
00000000: 00 00 00 00 00 00 00 00
(39) Computes K1r (i1 = 0)
00000000: 51 49 d5 41 33 91 45 dd ff 04 f5 05 e5 21 39 f2
00000010: 3a 71 1c 18 ef 39 94 1e dd 0c 70 e5 14 12 43 0a
(40) Computes K2r (i2 = 0)
00000000: 0e 8f 21 54 2e fc 81 79 57 c4 c9 0b e0 25 9a 59
00000010: 29 26 0e 86 20 bf d4 e6 00 32 23 43 ae f0 11 52
(41) Computes K3r (i3 = 0)
00000000: 92 b8 b2 d6 7a 2d e1 db 5f e1 39 d2 57 c8 24 5f
00000010: f6 22 54 de fc 35 35 c9 24 cf a5 4a e1 5d 75 71
(42) Composes MGM nonce
00000000: 00 00 00 00 d2 f6 27 21
(43) Extracts ICV from message
00000000: 57 b4 30 41 07 50 b1 cc
(44) Extracts AAD from message
Smyslov Expires 9 June 2023 [Page 145]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: fd d9 35 89 50 d5 db 22 81 27 5d a2 98 90 1a 06
00000010: 2e 20 24 20 00 00 00 00 00 00 00 bd 21 00 00 a1
(45) Extracts ciphertext from message
00000000: 2e c7 13 73 4c cc f8 f3 51 71 ac d9 7a 6e 20 2c
00000010: 68 70 bb 8f 82 42 2a 14 e3 8d b8 25 10 9a 1f b6
00000020: 51 ef c5 35 50 bf df 8e 96 bc 94 5a e5 4d 9d 99
00000030: 9a 14 36 d1 4b 61 e1 de 3b 0d 12 94 e5 72 60 00
00000040: 0f 9d dd 2b e1 97 25 4c 5c ee 48 2e 9b f7 d8 9e
00000050: 01 6b 1d 92 b7 c1 7f 16 81 0f e2 e3 14 1c 27 c7
00000060: 35 e9 e3 fd b8 fc 5d fb a2 ee 2f f9 b0 17 39 ca
00000070: f1 2e b1 13 99 e0 da 10 1a 29 74 26 a3 63 ce 09
00000080: 6a f9 1b 67 4a f2 fb 0f 17 5e 48 1a 93
(46) Decrypts ciphertext and verifies ICV using K3r as K_msg,
resulted in plaintext
00000000: 28 00 00 20 00 00 00 1c 01 03 04 02 15 4f 35 39
00000010: 03 00 00 08 01 00 00 21 00 00 00 08 05 00 00 00
00000020: 2c 00 00 24 41 5e a7 ed 7e 65 d3 ff d3 df ed 5f
00000030: b5 c8 5c 60 2b 9c 15 14 eb 52 97 b7 fc aa 33 c4
00000040: 64 f3 58 06 2d 00 00 18 01 00 00 00 07 00 00 10
00000050: 00 00 ff ff 0a 01 01 03 0a 01 01 03 29 00 00 18
00000060: 01 00 00 00 07 00 00 10 00 00 ff ff 0a 00 00 00
00000070: 0a 00 00 ff 29 00 00 08 00 00 40 02 29 00 00 08
00000080: 00 00 40 0a 00 00 00 08 00 00 40 0b 00
(47) Parses received message
Create Child SA
#FDD9358950D5DB22.81275DA298901A06.00000000 IKEv2 R=>I[189]
E[161]{
SA[32]{
P[28](#1:ESP:154F3539:2#){
Encryption=ENCR_MAGMA_MGM_KTREE,
ESN=Off}},
NONCE[36]{415EA7...F35806},
TSi[24](1#){10.1.1.3},
TSr[24](1#){10.0.0.0-10.0.0.255},
N[8](ADDITIONAL_TS_POSSIBLE),
N[8](ESP_TFC_PADDING_NOT_SUPPORTED),
N[8](NON_FIRST_FRAGMENTS_ALSO)}
(48) Computes keys for new ESP SAs
Smyslov Expires 9 June 2023 [Page 146]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: 6a b6 a0 e7 05 d3 51 16 6f 4f b9 d6 59 0c c8 69
00000010: 43 70 cf 6f 0d 32 c3 7d 92 75 00 4b 0a 76 35 67
00000020: 64 0e 3a fe
00000000: 65 56 1c 79 27 cb c6 d6 8c b8 69 0f 40 00 d2 0a
00000010: c1 49 1c d1 86 88 db 88 ae f3 be 82 0c 71 b7 c9
00000020: 6c cf a3 64
Sub-scenario 4: IKE SA deletion using the INFORMATIONAL exchange.
Initiator Responder
HDR, SK {D} --->
<--- HDR, SK { }
Initiator's actions:
(1) Creates message
Informational
#FDD9358950D5DB22.81275DA298901A06.00000003 IKEv2 R<-I[57]
E[29]{
D[8](IKE)}
(2) Uses previously computed key K3i
00000000: 45 6f 03 f7 ad 75 eb e9 52 b8 8f 0d e8 36 47 69
00000010: 4d 2e f2 ba 15 e6 8c 89 1c 99 62 64 fb 0e 70 0a
(3) Composes MGM nonce
00000000: 00 00 00 03 2b 3d 3b 2f
(4) Composes AAD
00000000: fd d9 35 89 50 d5 db 22 81 27 5d a2 98 90 1a 06
00000010: 2e 20 25 08 00 00 00 03 00 00 00 39 2a 00 00 1d
(5) Composes plaintext
00000000: 00 00 00 08 01 00 00 00 00
(6) Encrypts plaintext using K3i as K_msg, resulted in ciphertext
00000000: 4f ff 67 66 41 9c d3 ec 8e
Smyslov Expires 9 June 2023 [Page 147]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
(7) Computes ICV using K3i as K_msg
00000000: d2 bf 0e b7 8f c5 53 03
(8) Composes IV
00000000: 00 00 00 00 00 00 00 03
(9) Sends message, peer receives message
10.111.10.171:54295->10.111.15.45:4500 [61]
00000000: 00 00 00 00 fd d9 35 89 50 d5 db 22 81 27 5d a2
00000010: 98 90 1a 06 2e 20 25 08 00 00 00 03 00 00 00 39
00000020: 2a 00 00 1d 00 00 00 00 00 00 00 03 4f ff 67 66
00000030: 41 9c d3 ec 8e d2 bf 0e b7 8f c5 53 03
Responder's actions:
(10) Extracts IV from message
00000000: 00 00 00 00 00 00 00 03
(11) Uses previously computed key K3i
00000000: 45 6f 03 f7 ad 75 eb e9 52 b8 8f 0d e8 36 47 69
00000010: 4d 2e f2 ba 15 e6 8c 89 1c 99 62 64 fb 0e 70 0a
(12) Composes MGM nonce
00000000: 00 00 00 03 2b 3d 3b 2f
(13) Extracts ICV from message
00000000: d2 bf 0e b7 8f c5 53 03
(14) Extracts AAD from message
00000000: fd d9 35 89 50 d5 db 22 81 27 5d a2 98 90 1a 06
00000010: 2e 20 25 08 00 00 00 03 00 00 00 39 2a 00 00 1d
(15) Extracts ciphertext from message
00000000: 4f ff 67 66 41 9c d3 ec 8e
(16) Decrypts ciphertext and verifies ICV using K3i as K_msg,
resulted in plaintext
Smyslov Expires 9 June 2023 [Page 148]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
00000000: 00 00 00 08 01 00 00 00 00
(17) Parses received message
Informational
#FDD9358950D5DB22.81275DA298901A06.00000003 IKEv2 I->R[57]
E[29]{
D[8](IKE)}
(18) Creates message
Informational
#FDD9358950D5DB22.81275DA298901A06.00000003 IKEv2 I<=R[49]
E[21]{}
(19) Uses previously computed key K3r
00000000: 92 b8 b2 d6 7a 2d e1 db 5f e1 39 d2 57 c8 24 5f
00000010: f6 22 54 de fc 35 35 c9 24 cf a5 4a e1 5d 75 71
(20) Composes MGM nonce
00000000: 00 00 00 03 d2 f6 27 21
(21) Composes AAD
00000000: fd d9 35 89 50 d5 db 22 81 27 5d a2 98 90 1a 06
00000010: 2e 20 25 20 00 00 00 03 00 00 00 31 00 00 00 15
(22) Composes plaintext
00000000: 00
(23) Encrypts plaintext using K3r as K_msg, resulted in ciphertext
00000000: a8
(24) Computes ICV using K3r as K_msg
00000000: ef 77 21 c9 8b c1 eb 98
(25) Composes IV
00000000: 00 00 00 00 00 00 00 03
(26) Sends message, peer receives message
Smyslov Expires 9 June 2023 [Page 149]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
10.111.10.171:54295<-10.111.15.45:4500 [53]
00000000: 00 00 00 00 fd d9 35 89 50 d5 db 22 81 27 5d a2
00000010: 98 90 1a 06 2e 20 25 20 00 00 00 03 00 00 00 31
00000020: 00 00 00 15 00 00 00 00 00 00 00 03 a8 ef 77 21
00000030: c9 8b c1 eb 98
Initiator's actions:
(27) Extracts IV from message
00000000: 00 00 00 00 00 00 00 03
(28) Uses previously computed key K3r
00000000: 92 b8 b2 d6 7a 2d e1 db 5f e1 39 d2 57 c8 24 5f
00000010: f6 22 54 de fc 35 35 c9 24 cf a5 4a e1 5d 75 71
(29) Composes MGM nonce
00000000: 00 00 00 03 d2 f6 27 21
(30) Extracts ICV from message
00000000: ef 77 21 c9 8b c1 eb 98
(31) Extracts AAD from message
00000000: fd d9 35 89 50 d5 db 22 81 27 5d a2 98 90 1a 06
00000010: 2e 20 25 20 00 00 00 03 00 00 00 31 00 00 00 15
(32) Extracts ciphertext from message
00000000: a8
(33) Decrypts ciphertext and verifies ICV using K3r as K_msg,
resulted in plaintext
00000000: 00
(34) Parses received message
Informational
#FDD9358950D5DB22.81275DA298901A06.00000003 IKEv2 R=>I[49]
E[21]{}
Author's Address
Smyslov Expires 9 June 2023 [Page 150]
�
Internet-Draft GOST algorithms in IKEv2 December 2022
Valery Smyslov
ELVIS-PLUS
PO Box 81
Moscow (Zelenograd)
124460
Russian Federation
Phone: +7 495 276 0211
Email: svan@elvis.ru
Smyslov Expires 9 June 2023 [Page 151]
