[strongSwan] how to find initiator cookie in packet dump

Mirko Parthey

2018-11-16 20:27:26 UTC

I was trying to decrypt IKEv1 packets using wireshark 2.6.
For decryption of Ikev1 one needs Initiator cookie and encryption key. I have
enabled log level for ike = 4 in strongswan.conf.
I can see complete dump in log files, where I could find encryption key.
But I was unable to find initiator cookie without which I am unable to decrypt
the packet.
I am using strongswan version 5.5.2.

tcpdump -vv shows the cookies.
In both wireshark and charon, the cookies are called "SPI".

With an IKE capture file loaded into wireshark, they are shown as ISAKMP
Initiator/Responder SPI in the packet dissection pane.

To make charon log them, set the loglevel "enc = 3".
The cookies are labeled as "IKE_SPI" in the logfile.
The first IKE_SPI is the initiator cookie, and the second is the responder
cookie; this is independent of who sent the message.

For example, the following was logged by an IKEv1 initiator
(without the comments):

# message sent by the initiator (3rd message of Main Mode):
[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
[ENC] not encrypting payloads
[ENC] generating payload of type HEADER
[ENC] generating rule 0 IKE_SPI
[ENC] => 8 bytes @ 0x7f5a20003f68
[ENC] 0: E7 91 90 11 9E 1D 31 8B # Initiator Cookie
[ENC] generating rule 1 IKE_SPI
[ENC] => 8 bytes @ 0x7f5a20003f70
[ENC] 0: B6 4B 3B B0 22 CB 9E 86 # Responder Cookie

# message received from the responder (4th message of Main Mode)
[ENC] parsing rule 0 IKE_SPI
[ENC] => 8 bytes @ 0x7f5a300019d8
[ENC] 0: E7 91 90 11 9E 1D 31 8B # Initiator Cookie
[ENC] parsing rule 1 IKE_SPI
[ENC] => 8 bytes @ 0x7f5a300019e0
[ENC] 0: B6 4B 3B B0 22 CB 9E 86 # Responder Cookie

Regards
Mirko