I have established IPsec/L2TP tunnel. I can retrieve all secret information, using the
ip xfrm state command.
Example of output:
src 192.168.1.105 dst 188.8.131.52 proto esp spi 0x047b9a7f reqid 1 mode transport replay-window 32 auth-trunc hmac(sha1) 0x4e7b5739049a9ed7bc43255991bc1ff71b02de0b 96 enc cbc(aes) 0x50d5bbef1c5e5ccda33113f76140901b753318d0c1c10e2588137fa454a39076 encap type espinudp sport 4500 dport 4500 addr 0.0.0.0 anti-replay context: seq 0x0, oseq 0x98, bitmap 0x00000000 sel src 192.168.1.105/32 dst 184.108.40.206/32 src 220.127.116.11 dst 192.168.1.105 proto esp spi 0xcae006a5 reqid 1 mode transport replay-window 32 auth-trunc hmac(sha1) 0xe9a8965b5ddb4a2939f1fc06d29eb2b107ca42e3 96 enc cbc(aes) 0x9aca454871a9f7d2468ec5df57aa4a24f9fc64ab5dc927ccaf5087d359e65433 encap type espinudp sport 4500 dport 4500 addr 0.0.0.0 anti-replay context: seq 0x18f, oseq 0x0, bitmap 0xffffffff sel src 18.104.22.168/32 dst 192.168.1.105/32
I was wondering if it is possible to calculate
auth-trunc if I know the following: encryption algorithm (AES), session's encryption key, pre-shared key (PSK), authentication algorithm (SHA-1)?
session's encryption key, pre-shared key (PSK)
So it seems you use IKE or similar protocol to establish SAs for your IPsec tunnel.
If that's the case then all the details on how keying material for an SA is generated can probably be found in the standard for your algorithm.
For example in IKEv2 the keying material is computed by negotiated PRF and uses nonces and secrets established via DH.
User contributions licensed under CC BY-SA 3.0