
Send KEY_LEGTH attribute for ESP ENCR for 3DES. This is invalid and should
be rejected or ignored on the remote side. It requires starting with
--impair-check-keysize which allows specifying bad key sizes.

curently: this is rejected by the other end, but west then sends another
packet which seems to contain garbage:

| *received 300 bytes from 192.1.2.45:500 on eth1 (port=500)
|   4e bd fb bc  0d c4 44 c2  8e 9e 21 ee  f5 1f f0 4a
|   08 10 20 01  66 1b 6a 0d  00 00 01 2c  0b 1f bd d3
|   55 ee cf 79  80 82 b6 c9  d8 3d fd 76  8e 2c e2 c6
|   32 62 54 a0  df 52 4c d8  b3 f0 03 57  8f cc 14 94
|   ab 15 4b 17  14 bf a0 45  a5 cf ce 1c  06 b6 4d 62
|   01 13 e8 ed  b9 80 7d e8  d6 1c 44 46  a2 65 0c d1
|   77 44 ee b2  83 d4 96 cb  0a b0 35 3c  06 2c 1f 5b
|   8d 14 7d 78  34 f2 1d 6a  50 34 64 0b  a9 f7 c4 cd
|   3c 69 50 a0  f0 4e 52 01  c6 38 cd f2  ff 0b f9 bd
|   7b c8 5b 61  b7 17 9d f7  c5 52 42 5b  98 af 75 17
|   cd fd cf 4e  10 f8 95 bb  16 89 7e 5e  e6 9e 3d f5
|   5c 5f 7d 0d  b0 69 20 a7  90 22 52 0d  ec ea 8c 16
|   8a 95 2b ea  0b 56 12 58  19 b7 de 87  cf 74 a4 18
|   cd 33 db 6c  4b 59 dc 26  d5 6a 73 20  34 d4 b0 e8
|   bf 61 c1 ad  9c 52 fc 4e  d8 16 46 ad  4e 76 87 d5
|   a9 53 2c 14  23 06 26 ed  74 ec 9c 0f  4e 8f 0e 45
|   0b 43 b3 39  fb b2 cb ce  9d b3 ea e2  76 f9 d9 6b
|   43 87 a7 60  c2 b0 4c 5c  b9 7f 80 08  03 58 35 7e
|   1c 04 61 b9  fc 3d fa 11  20 33 7f 87
| **parse ISAKMP Message:
|    initiator cookie:
|   4e bd fb bc  0d c4 44 c2
|    responder cookie:
|   8e 9e 21 ee  f5 1f f0 4a
|    next payload type: ISAKMP_NEXT_HASH
|    ISAKMP version: ISAKMP Version 1.0 (rfc2407)
|    exchange type: ISAKMP_XCHG_QUICK
|    flags: ISAKMP_FLAG_ENCRYPTION
|    message ID:  66 1b 6a 0d
|    length: 300
|  processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32)
| ICOOKIE:  4e bd fb bc  0d c4 44 c2
| RCOOKIE:  8e 9e 21 ee  f5 1f f0 4a
| state hash entry 22
| v1 peer and cookies match on #1, provided msgid 661b6a0d vs 00000000
| v1 state object not found
| ICOOKIE:  4e bd fb bc  0d c4 44 c2
| RCOOKIE:  8e 9e 21 ee  f5 1f f0 4a
| state hash entry 22
| v1 peer and cookies match on #1, provided msgid 00000000 vs 00000000
| v1 state object #1 found, in STATE_MAIN_R3
| processing connection westnet-eastnet-aes256
| last Phase 1 IV:  b6 fe f7 35  cd 8c 1a b7  a9 d5 d3 24  8e c9 68 43
| current Phase 1 IV:  b6 fe f7 35  cd 8c 1a b7  a9 d5 d3 24  8e c9 68 43
| computed Phase 2 IV:
|   cd c8 29 9f  0b bc e5 22  1d 7f b4 4f  9f 18 05 6e
|   c6 84 54 01
| received encrypted packet from 192.1.2.45:500
| decrypting 272 bytes using algorithm OAKLEY_AES_CBC
| NSS do_aes: enter
| NSS do_aes: exit
| decrypted:
|   01 00 00 18  7e d0 36 41  cf 04 aa 26  78 12 52 c7
|   60 47 7e e9  35 67 82 d7  0a 00 00 38  00 00 00 01
|   00 00 00 01  00 00 00 2c  00 03 04 01  ec 91 81 45
|   00 00 00 20  00 03 00 00  80 03 00 02  80 04 00 01
|   80 01 00 01  80 02 70 80  80 05 00 02  80 06 01 4d
|   04 00 00 14  f1 43 8f bc  42 70 1f 26  fa 94 85 ab
|   f9 dc 65 9d  05 00 00 84  eb c9 ae 38  dd 95 34 bb
|   bc 54 d3 26  a1 ec f3 5f  b9 cb 80 47  04 18 07 c8
|   7d 96 0a d5  e7 0f fa 06  c9 07 8d c5  46 c6 57 67
|   6d 1e ea d7  30 9f 1a 30  80 9f 7b 84  53 2b 69 e8
|   55 54 b0 90  a7 9a 67 00  27 3a 60 68  30 5b d7 39
|   5b 1d 1b 81  d5 00 1d f7  f6 39 6c 33  53 3a c2 fb
|   53 1d ec 63  b1 64 9b 8e  87 68 e0 f8  82 1a 00 59
|   91 1d 07 25  81 ad 77 86  dc 8a fa 49  b9 06 6a e5
|   2f 78 5d 4d  1e 0d e8 f0  05 00 00 10  04 00 00 00
|   c0 00 01 00  ff ff ff 00  00 00 00 10  04 00 00 00
|   c0 00 02 00  ff ff ff 00  00 00 00 00  00 00 00 00
| next IV:  03 58 35 7e  1c 04 61 b9  fc 3d fa 11  20 33 7f 87
| got payload 0x100  (ISAKMP_NEXT_HASH) needed: 0x502opt: 0x200030
| ***parse ISAKMP Hash Payload:
|    next payload type: ISAKMP_NEXT_SA
|    length: 24
| got payload 0x2  (ISAKMP_NEXT_SA) needed: 0x402opt: 0x200030
| ***parse ISAKMP Security Association Payload:
|    next payload type: ISAKMP_NEXT_NONCE
|    length: 56
|    DOI: ISAKMP_DOI_IPSEC
| got payload 0x400  (ISAKMP_NEXT_NONCE) needed: 0x400opt: 0x200030
| ***parse ISAKMP Nonce Payload:
|    next payload type: ISAKMP_NEXT_KE
|    length: 20
| got payload 0x10  (ISAKMP_NEXT_KE) needed: 0x0opt: 0x200030
| ***parse ISAKMP Key Exchange Payload:
|    next payload type: ISAKMP_NEXT_ID
|    length: 132
| got payload 0x20  (ISAKMP_NEXT_ID) needed: 0x0opt: 0x200030
| ***parse ISAKMP Identification Payload (IPsec DOI):
|    next payload type: ISAKMP_NEXT_ID
|    length: 16
|    ID type: ID_UNASSIGNED_ID4
|    Protocol ID: 0
|    port: 0
|      obj:   c0 00 01 00  ff ff ff 00
| got payload 0x20  (ISAKMP_NEXT_ID) needed: 0x0opt: 0x200030
| ***parse ISAKMP Identification Payload (IPsec DOI):
|    next payload type: ISAKMP_NEXT_NONE
|    length: 16
|    ID type: ID_UNASSIGNED_ID4
|    Protocol ID: 0
|    port: 0
|      obj:   c0 00 02 00  ff ff ff 00
| removing 8 bytes of padding
| hmac_update data value:
|   66 1b 6a 0d
| hmac_update: inside if
| hmac_update: after digest
| hmac_update: after assert
| hmac_update data value:
|   0a 00 00 38  00 00 00 01  00 00 00 01  00 00 00 2c
|   00 03 04 01  ec 91 81 45  00 00 00 20  00 03 00 00
|   80 03 00 02  80 04 00 01  80 01 00 01  80 02 70 80
|   80 05 00 02  80 06 01 4d  04 00 00 14  f1 43 8f bc
|   42 70 1f 26  fa 94 85 ab  f9 dc 65 9d  05 00 00 84
|   eb c9 ae 38  dd 95 34 bb  bc 54 d3 26  a1 ec f3 5f
|   b9 cb 80 47  04 18 07 c8  7d 96 0a d5  e7 0f fa 06
|   c9 07 8d c5  46 c6 57 67  6d 1e ea d7  30 9f 1a 30
|   80 9f 7b 84  53 2b 69 e8  55 54 b0 90  a7 9a 67 00
|   27 3a 60 68  30 5b d7 39  5b 1d 1b 81  d5 00 1d f7
|   f6 39 6c 33  53 3a c2 fb  53 1d ec 63  b1 64 9b 8e
|   87 68 e0 f8  82 1a 00 59  91 1d 07 25  81 ad 77 86
|   dc 8a fa 49  b9 06 6a e5  2f 78 5d 4d  1e 0d e8 f0
|   05 00 00 10  04 00 00 00  c0 00 01 00  ff ff ff 00
|   00 00 00 10  04 00 00 00  c0 00 02 00  ff ff ff 00
| hmac_update: inside if
| hmac_update: after digest
| hmac_update: after assert
| HASH(1) computed:

