1

I need to fully understand the IPSec Phase 1 negotiation. now, I break this to 3 steps:

  1. Algorithm negotiations
  2. Key Exchange Data
  3. Identification

I'm using Wireshark to investigate the process and so far I fully understand the first part (Algorithm Negotiations).

My current problem lies in the 2nd part: Key Exchange Data.

The algorithms in use are AES-CBC-256bit, Pre-shared key, MD5 & 1024 bit Group.

The "ISAKMP Payload"->"KeyExchange Payload"->"KeyExchangeData" is beyond me... I have no clue what it is.. an MD5'ed pre-shared key? Is it encrypted?

Paŭlo Ebermann
  • 73,284
  • 20
  • 146
  • 210
Tal A.
  • 397
  • 1
  • 2
  • 15
  • Which description are you looking at? Are you familiar with Diffie-Hellman key exchange? – oggy Nov 04 '09 at 14:15
  • IPSec is easy to figure out. Women, now that's hard! – Matt Ball Nov 04 '09 at 14:46
  • I wrote the D-H algorithm from scratch, so I belive i do know it, but what I am tring to do is building a complete IPSec suit, i have a costum unix OS which is being used as my platform – Tal A. Nov 04 '09 at 17:53
  • 1
    @John: Is this still an open question? If you did find a solution yourself, could you add it as an answer here? – Paŭlo Ebermann Aug 22 '11 at 16:29

2 Answers2

1

See draft-kivinen-ipsecme-ikev2-minimal-01. It does a pretty good job explaining on what is needed for IKEv2 protocol

ISAKMP / IKEv1 / IPSec phase 1 is a bit more complicated, but most things in IKEv2 are somewhat analogous to the older version - and certainly help in learning the more complex stuff.

Key exchange data in the KE payload is just the Diffie-Hellman "shared secret". If you are literate with python code, see this project. There is also a module that can do the math and has some of the most used DH group's primes.

Community
  • 1
  • 1
Kimvais
  • 38,306
  • 16
  • 108
  • 142
0

This page should help to understand IPSec.

Aaron Digulla
  • 321,842
  • 108
  • 597
  • 820
  • m.. that was sort of a summary for what i know... i need it more on the porgramming side... it's kind of a task I need to do in order to get my P.E. diploma, well, it's part of my task at least... – Tal A. Nov 04 '09 at 13:55