Analysis of IKE and ISAKMP process in IPsec (main mode-message 1) - Programmer Sought
Analysis of IKE and ISAKMP process in IPsec (main mode-message 2) - Programmer Sought
Analysis of IKE and ISAKMP process in IPsec (main mode-message 3) - Programmer Sought
Analysis of IKE and ISAKMP process in IPsec (main mode-message 4) - Programmer Sought
IKE and ISAKMP process analysis in IPsec (quick mode-message 1) - Programmer Sought
stage | Target | process | information |
IKE Phase 1 | Create an ISAKMP SA | Realize the identity authentication and key exchange of double communication, and get the working key | (1)HDR,SA (2)HDR,SA,Cert_sig_r,Cert_enc_r (3) HDR, XCHi, SIGi (4)HDR,XCHr.SIGr (5) HDR*, HASHi (6) HDR*, HASHr |
IKE Phase 2 | Negotiate IPsec SAs | Realize the IPsec SA of both communication parties, and get the ipsec security policy and session key | (1)HDR*,HASH(1),SA,By (2)HDR*,HASH(2),SA,No (3)HDR*,HASH(3) |
The second stage message 2 is basically the same as message 1, the main difference is that a proposal payload is encapsulated in the SA payload for confirmation.
The packet capture data of message 2 is as follows. HDR is transmitted in plain text, and then SM4-CBC encryption is used starting from the HASH structure (the packet length is 16 bytes, and the key is 16 bytes). Here, the ciphertext length is 144 bytes, which includes 9 groups.