I have established IPsec/L2TP tunnel. I can retrieve all secret information, using the ip xfrm state
command.
Example of output:
src 192.168.1.105 dst 58.93.199.252
proto esp spi 0x047b9a7f reqid 1 mode transport
replay-window 32
auth-trunc hmac(sha1) 0x4e7b5739049a9ed7bc43255991bc1ff71b02de0b 96
enc cbc(aes) 0x50d5bbef1c5e5ccda33113f76140901b753318d0c1c10e2588137fa454a39076
encap type espinudp sport 4500 dport 4500 addr 0.0.0.0
anti-replay context: seq 0x0, oseq 0x98, bitmap 0x00000000
sel src 192.168.1.105/32 dst 58.93.199.252/32
src 58.93.199.252 dst 192.168.1.105
proto esp spi 0xcae006a5 reqid 1 mode transport
replay-window 32
auth-trunc hmac(sha1) 0xe9a8965b5ddb4a2939f1fc06d29eb2b107ca42e3 96
enc cbc(aes) 0x9aca454871a9f7d2468ec5df57aa4a24f9fc64ab5dc927ccaf5087d359e65433
encap type espinudp sport 4500 dport 4500 addr 0.0.0.0
anti-replay context: seq 0x18f, oseq 0x0, bitmap 0xffffffff
sel src 58.93.199.252/32 dst 192.168.1.105/32
I was wondering if it is possible to calculate auth-trunc
if I know the following: encryption algorithm (AES), session's encryption key, pre-shared key (PSK), authentication algorithm (SHA-1)?
You mention
session's encryption key, pre-shared key (PSK)
So it seems you use IKE or similar protocol to establish SAs for your IPsec tunnel.
If that's the case then all the details on how keying material for an SA is generated can probably be found in the standard for your algorithm.
For example in IKEv2 the keying material is computed by negotiated PRF and uses nonces and secrets established via DH.
User contributions licensed under CC BY-SA 3.0