algparse Initializing NSS
algparse FIPS Product: NO
algparse FIPS Kernel: NO
algparse FIPS Mode: NO
algparse Encryption algorithms:
algparse   AES_CCM_16         IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  (aes_ccm aes_ccm_c)
algparse   AES_CCM_12         IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  (aes_ccm_b)
algparse   AES_CCM_8          IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  (aes_ccm_a)
algparse   3DES_CBC           IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  [*192]  (3des)
algparse   CAMELLIA_CTR       IKEv1:     ESP     IKEv2:     ESP           {256,192,*128}
algparse   CAMELLIA_CBC       IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  (camellia)
algparse   AES_GCM_16         IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  (aes_gcm aes_gcm_c)
algparse   AES_GCM_12         IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  (aes_gcm_b)
algparse   AES_GCM_8          IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  (aes_gcm_a)
algparse   AES_CTR            IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  (aesctr)
algparse   AES_CBC            IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  (aes)
algparse   SERPENT_CBC        IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  (serpent)
algparse   TWOFISH_CBC        IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  (twofish)
algparse   TWOFISH_SSH        IKEv1: IKE         IKEv2: IKE ESP           {256,192,*128}  (twofish_cbc_ssh)
algparse   CAST_CBC           IKEv1:     ESP     IKEv2:     ESP           {*128}  (cast)
algparse   NULL               IKEv1:     ESP     IKEv2:     ESP           []
algparse Hash algorithms:
algparse   MD5                IKEv1: IKE         IKEv2:                 
algparse   SHA1               IKEv1: IKE         IKEv2:             FIPS  (sha)
algparse   SHA2_256           IKEv1: IKE         IKEv2:             FIPS  (sha2 sha256)
algparse   SHA2_384           IKEv1: IKE         IKEv2:             FIPS  (sha384)
algparse   SHA2_512           IKEv1: IKE         IKEv2:             FIPS  (sha512)
algparse PRF algorithms:
algparse   HMAC_MD5           IKEv1: IKE         IKEv2: IKE               (md5)
algparse   HMAC_SHA1          IKEv1: IKE         IKEv2: IKE         FIPS  (sha sha1)
algparse   HMAC_SHA2_256      IKEv1: IKE         IKEv2: IKE         FIPS  (sha2 sha256 sha2_256)
algparse   HMAC_SHA2_384      IKEv1: IKE         IKEv2: IKE         FIPS  (sha384 sha2_384)
algparse   HMAC_SHA2_512      IKEv1: IKE         IKEv2: IKE         FIPS  (sha512 sha2_512)
algparse Integrity algorithms:
algparse   HMAC_MD5_96        IKEv1: IKE ESP AH  IKEv2: IKE ESP AH        (md5 hmac_md5)
algparse   HMAC_SHA1_96       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  (sha sha1 sha1_96 hmac_sha1)
algparse   HMAC_SHA2_512_256  IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  (sha512 sha2_512 hmac_sha2_512)
algparse   HMAC_SHA2_384_192  IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  (sha384 sha2_384 hmac_sha2_384)
algparse   HMAC_SHA2_256_128  IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  (sha2 sha256 sha2_256 hmac_sha2_256)
algparse   AES_XCBC_96        IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS  (aes_xcbc)
algparse   AES_CMAC_96        IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS  (aes_cmac)
algparse DH algorithms:
algparse   MODP1024           IKEv1: IKE ESP AH  IKEv2: IKE ESP AH        (dh2)
algparse   MODP1536           IKEv1: IKE ESP AH  IKEv2: IKE ESP AH        (dh5)
algparse   MODP2048           IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  (dh14)
algparse   MODP3072           IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  (dh15)
algparse   MODP4096           IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  (dh16)
algparse   MODP6144           IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  (dh17)
algparse   MODP8192           IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  (dh18)
algparse   DH19               IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  (ecp_256)
algparse   DH20               IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  (ecp_384)
algparse   DH21               IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  (ecp_521)
algparse   DH23               IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS
algparse   DH24               IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS

---- ESP tests that should succeed ----
[esp=]
	AES_CBC-HMAC_SHA1_96
[esp=aes_gcm_a-128-null]
	AES_GCM_8_128
[esp=3des-sha1;modp1024]
	3DES_CBC-HMAC_SHA1_96-MODP1024
[esp=3des-sha1;modp1536]
	3DES_CBC-HMAC_SHA1_96-MODP1536
[esp=3des-sha1;modp2048]
	3DES_CBC-HMAC_SHA1_96-MODP2048
[esp=3des-sha1;dh21]
	3DES_CBC-HMAC_SHA1_96-DH21
[esp=3des-sha1;ecp_521]
	3DES_CBC-HMAC_SHA1_96-DH21
[esp=3des-sha1;dh23]
	3DES_CBC-HMAC_SHA1_96-DH23
[esp=3des-sha1;dh24]
	3DES_CBC-HMAC_SHA1_96-DH24
[esp=3des-sha1]
	3DES_CBC-HMAC_SHA1_96
[esp=null-sha1]
	NULL-HMAC_SHA1_96
[esp=aes]
	AES_CBC-HMAC_SHA1_96
[esp=aes_cbc]
	AES_CBC-HMAC_SHA1_96
[esp=aes-sha]
	AES_CBC-HMAC_SHA1_96
[esp=aes-sha1]
	AES_CBC-HMAC_SHA1_96
[esp=aes-sha2]
	AES_CBC-HMAC_SHA2_256_128
[esp=aes-sha256]
	AES_CBC-HMAC_SHA2_256_128
[esp=aes-sha384]
	AES_CBC-HMAC_SHA2_384_192
[esp=aes-sha512]
	AES_CBC-HMAC_SHA2_512_256
[esp=aes128-sha1]
	AES_CBC_128-HMAC_SHA1_96
[esp=aes128-aes_xcbc]
	AES_CBC_128-AES_XCBC_96
[esp=aes192-sha1]
	AES_CBC_192-HMAC_SHA1_96
[esp=aes256-sha1]
	AES_CBC_256-HMAC_SHA1_96
[esp=aes256-sha]
	AES_CBC_256-HMAC_SHA1_96
[esp=aes256-sha2]
	AES_CBC_256-HMAC_SHA2_256_128
[esp=aes256-sha2_256]
	AES_CBC_256-HMAC_SHA2_256_128
[esp=aes256-sha2_384]
	AES_CBC_256-HMAC_SHA2_384_192
[esp=aes256-sha2_512]
	AES_CBC_256-HMAC_SHA2_512_256
[esp=camellia]
	CAMELLIA_CBC-HMAC_SHA1_96
[esp=camellia128]
	CAMELLIA_CBC_128-HMAC_SHA1_96
[esp=camellia192]
	CAMELLIA_CBC_192-HMAC_SHA1_96
[esp=camellia256]
	CAMELLIA_CBC_256-HMAC_SHA1_96
[esp=aes_ccm_a-128-null]
	AES_CCM_8_128
[esp=aes_ccm_a-192-null]
	AES_CCM_8_192
[esp=aes_ccm_a-256-null]
	AES_CCM_8_256
[esp=aes_ccm_b-128-null]
	AES_CCM_12_128
[esp=aes_ccm_b-192-null]
	AES_CCM_12_192
[esp=aes_ccm_b-256-null]
	AES_CCM_12_256
[esp=aes_ccm_c-128-null]
	AES_CCM_16_128
[esp=aes_ccm_c-192-null]
	AES_CCM_16_192
[esp=aes_ccm_c-256-null]
	AES_CCM_16_256
[esp=aes_gcm_a-128-null]
	AES_GCM_8_128
[esp=aes_gcm_a-192-null]
	AES_GCM_8_192
[esp=aes_gcm_a-256-null]
	AES_GCM_8_256
[esp=aes_gcm_b-128-null]
	AES_GCM_12_128
[esp=aes_gcm_b-192-null]
	AES_GCM_12_192
[esp=aes_gcm_b-256-null]
	AES_GCM_12_256
[esp=aes_gcm_c-128-null]
	AES_GCM_16_128
[esp=aes_gcm_c-192-null]
	AES_GCM_16_192
[esp=aes_gcm_c-256-null]
	AES_GCM_16_256
[esp=aes_ccm_a-null]
	AES_CCM_8
[esp=aes_ccm_b-null]
	AES_CCM_12
[esp=aes_ccm_c-null]
	AES_CCM_16
[esp=aes_gcm_a-null]
	AES_GCM_8
[esp=aes_gcm_b-null]
	AES_GCM_12
[esp=aes_gcm_c-null]
	AES_GCM_16
[esp=aes_ccm-null]
	AES_CCM_16
[esp=aes_gcm-null]
	AES_GCM_16
[esp=aes_ccm-256-null]
	AES_CCM_16_256
[esp=aes_gcm-192-null]
	AES_GCM_16_192
[esp=aes_ccm_256-null]
	AES_CCM_16_256
[esp=aes_gcm_192-null]
	AES_GCM_16_192
[esp=aes_ccm_8-null]
	AES_CCM_8
[esp=aes_ccm_12-null]
	AES_CCM_12
[esp=aes_ccm_16-null]
	AES_CCM_16
[esp=aes_gcm_8-null]
	AES_GCM_8
[esp=aes_gcm_12-null]
	AES_GCM_12
[esp=aes_gcm_16-null]
	AES_GCM_16
[esp=aes_ccm_8-128-null]
	AES_CCM_8_128
[esp=aes_ccm_12-192-null]
	AES_CCM_12_192
[esp=aes_ccm_16-256-null]
	AES_CCM_16_256
[esp=aes_gcm_8-128-null]
	AES_GCM_8_128
[esp=aes_gcm_12-192-null]
	AES_GCM_12_192
[esp=aes_gcm_16-256-null]
	AES_GCM_16_256
[esp=aes_ccm_8_128-null]
	AES_CCM_8_128
[esp=aes_ccm_12_192-null]
	AES_CCM_12_192
[esp=aes_ccm_16_256-null]
	AES_CCM_16_256
[esp=aes_gcm_8_128-null]
	AES_GCM_8_128
[esp=aes_gcm_12_192-null]
	AES_GCM_12_192
[esp=aes_gcm_16_256-null]
	AES_GCM_16_256
[esp=aes_ctr]
	AES_CTR-HMAC_SHA1_96
[esp=aesctr]
	AES_CTR-HMAC_SHA1_96
[esp=aes_ctr128]
	AES_CTR_128-HMAC_SHA1_96
[esp=aes_ctr192]
	AES_CTR_192-HMAC_SHA1_96
[esp=aes_ctr256]
	AES_CTR_256-HMAC_SHA1_96
[esp=serpent]
	SERPENT_CBC-HMAC_SHA1_96
[esp=twofish]
	TWOFISH_CBC-HMAC_SHA1_96
[esp=camellia_cbc_256-hmac_sha2_512_256;modp8192]
	CAMELLIA_CBC_256-HMAC_SHA2_512_256-MODP8192

---- ESP tests that should fail----
[esp=3des168-sha1]
	ERROR: 3DES does not take variable key lengths, enc_alg="3des"(168), auth_alg="sha1", modp=""
[esp=3des-null]
	ERROR: non-AEAD ESP encryption algorithm '3des_cbc' cannot have a 'null' integrity algorithm, enc_alg="3des"(0), auth_alg="null", modp=""
[esp=aes128-null]
	ERROR: non-AEAD ESP encryption algorithm 'aes' cannot have a 'null' integrity algorithm, enc_alg="aes"(128), auth_alg="null", modp=""
[esp=aes224-sha1]
	ERROR: wrong encryption key length - key size must be 128 (default), 192 or 256, enc_alg="aes"(224), auth_alg="sha1", modp=""
[esp=aes512-sha1]
	ERROR: wrong encryption key length - key size must be 128 (default), 192 or 256, enc_alg="aes"(512), auth_alg="sha1", modp=""
[esp=aes-sha1555]
	ERROR: ESP integrity algorithm 'sha1555' is not recognized, enc_alg="aes"(0), auth_alg="sha1555", modp=""
[esp=camellia666-sha1]
	ERROR: wrong encryption key length - key size must be 128 (default), 192 or 256, enc_alg="camellia"(666), auth_alg="sha1", modp=""
[esp=blowfish]
	ERROR: ESP encryption algorithm 'blowfish' is not supported, enc_alg="blowfish"(0), auth_alg="", modp=""
[esp=des-sha1]
	ERROR: ESP encryption algorithm 'des' is not supported, enc_alg="des"(0), auth_alg="sha1", modp=""
[esp=aes_ctr666]
	ERROR: wrong encryption key length - key size must be 128 (default), 192 or 256, enc_alg="aes_ctr"(666), auth_alg="", modp=""
[esp=aes128-sha2_128]
	ERROR: ESP integrity algorithm 'sha2_128' is not recognized, enc_alg="aes"(128), auth_alg="sha2_128", modp=""
[esp=aes256-sha2_256-4096]
	ERROR: Invalid modulus, just after "aes256-sha2_256-" (state=ST_AA_END)
[esp=aes256-sha2_256-128]
	ERROR: Invalid modulus, just after "aes256-sha2_256-" (state=ST_AA_END)
[esp=vanitycipher]
	ERROR: ESP encryption algorithm 'vanitycipher' is not recognized, enc_alg="vanitycipher"(0), auth_alg="", modp=""
[esp=ase-sah]
	ERROR: ESP encryption algorithm 'ase' is not recognized, enc_alg="ase"(0), auth_alg="sah", modp=""
[esp=aes-sah1]
	ERROR: ESP integrity algorithm 'sah1' is not recognized, enc_alg="aes"(0), auth_alg="sah1", modp=""
[esp=id3]
	ERROR: ESP encryption algorithm 'id' is not recognized, enc_alg="id"(3), auth_alg="", modp=""
[esp=aes-id3]
	ERROR: ESP integrity algorithm 'id3' is not recognized, enc_alg="aes"(0), auth_alg="id3", modp=""
[esp=aes_gcm-md5]
	ERROR: AEAD ESP encryption algorithm 'aes_gcm_16' must have a 'null' integrity algorithm, enc_alg="aes_gcm"(0), auth_alg="md5", modp=""
[esp=mars]
	ERROR: ESP encryption algorithm 'mars' is not supported, enc_alg="mars"(0), auth_alg="", modp=""
[esp=3des-sha1;dh22]
	ERROR: ESP DH algorithm 'dh22' is not supported, enc_alg="3des"(0), auth_alg="sha1", modp="dh22"
[esp=3des-sha1-dh21]
	ERROR: ESP DH algorithm 'DH21' must be separated using a ';'
[esp=3des-sha1;dh21,3des-sha2]
	ERROR: ESP DH algorithm 'DH21' must be specified last
[esp=aes_gcm-16]
	ERROR: wrong encryption key length - key size must be 128 (default), 192 or 256, enc_alg="aes_gcm"(16), auth_alg="", modp=""
[esp=aes_gcm-0]
	ERROR: encryption key length is zero, enc_alg="aes_gcm"(0), auth_alg="", modp=""
[esp=aes_gcm-123456789012345]
	ERROR: encryption key length '123456789012345' WAY too big, enc_alg="aes_gcm"(123456789012345), auth_alg="", modp=""

---- AH tests that should succeed ----
[ah=]
	HMAC_SHA1_96
[ah=md5]
	HMAC_MD5_96
[ah=sha]
	HMAC_SHA1_96
[ah=sha1]
	HMAC_SHA1_96
[ah=sha2]
	HMAC_SHA2_256_128
[ah=sha256]
	HMAC_SHA2_256_128
[ah=sha384]
	HMAC_SHA2_384_192
[ah=sha512]
	HMAC_SHA2_512_256
[ah=sha2_256]
	HMAC_SHA2_256_128
[ah=sha2_384]
	HMAC_SHA2_384_192
[ah=sha2_512]
	HMAC_SHA2_512_256
[ah=aes_xcbc]
	AES_XCBC_96

---- AH tests that should fail ----
[ah=aes-sha1]
	ERROR: AH integrity algorithm 'aes' is not recognized, enc_alg=""(0), auth_alg="aes", modp="sha1"
[ah=vanityhash1]
	ERROR: AH integrity algorithm 'vanityhash1' is not recognized, enc_alg=""(0), auth_alg="vanityhash1", modp=""
[ah=aes_gcm_c-256]
	ERROR: Invalid modulus, just after "aes_gcm_c-" (state=ST_AA_END)
[ah=id3]
	ERROR: AH integrity algorithm 'id3' is not recognized, enc_alg=""(0), auth_alg="id3", modp=""
[ah=3des]
	ERROR: AH integrity algorithm '3des' is not recognized, enc_alg=""(0), auth_alg="3des", modp=""
[ah=null]
	ERROR: AH cannot have a 'null' integrity algorithm, enc_alg=""(0), auth_alg="null", modp=""
[ah=aes_gcm]
	ERROR: AH integrity algorithm 'aes_gcm' is not recognized, enc_alg=""(0), auth_alg="aes_gcm", modp=""
[ah=aes_ccm]
	ERROR: AH integrity algorithm 'aes_ccm' is not recognized, enc_alg=""(0), auth_alg="aes_ccm", modp=""
[ah=ripemd]
	ERROR: AH integrity algorithm 'ripemd' is not recognized, enc_alg=""(0), auth_alg="ripemd", modp=""

---- IKE tests that should succeed ----
[ike=]
	AES_CBC-HMAC_SHA2_256-MODP2048
	AES_CBC-HMAC_SHA2_512-MODP2048
	AES_CBC-HMAC_SHA1-MODP2048
	3DES_CBC-HMAC_SHA2_256-MODP2048
	3DES_CBC-HMAC_SHA2_512-MODP2048
	3DES_CBC-HMAC_SHA1-MODP2048
[ike=3des-sha1]
	3DES_CBC-HMAC_SHA1-MODP2048
[ike=3des-sha1]
	3DES_CBC-HMAC_SHA1-MODP2048
[ike=3des-sha1;modp1536]
	3DES_CBC-HMAC_SHA1-MODP1536
[ike=3des-sha1;dh21]
	3DES_CBC-HMAC_SHA1-DH21
[ike=3des-sha1-ecp_521]
	3DES_CBC-HMAC_SHA1-DH21
[ike=aes_gcm]
	AES_GCM_16-HMAC_SHA2_256-MODP2048
	AES_GCM_16-HMAC_SHA2_512-MODP2048
	AES_GCM_16-HMAC_SHA1-MODP2048

---- IKE tests that should fail ----
[ike=id2]
	ERROR: IKE encryption algorithm 'id' is not recognized, enc_alg="id"(2), auth_alg="", modp=""
[ike=3des-id2]
	ERROR: IKE PRF algorithm 'id2' is not recognized, enc_alg="3des"(0), auth_alg="id2", modp=""
algparse leak detective found no leaks
