IPSec协议验证

已于 2024-11-10 21:22:15 修改
阅读量1k 收藏 16
点赞数 26
文章标签: android
于 2024-11-10 20:55:05 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_72688684/article/details/143635942
版权

文章目录

1. 参考云班课课程资源中“ch03 密码技术-协议验证”的“VPN协议验证.pdf”和“ch03 密码技术-10-密码协议验证IPSec.mp4”,对 IPSec 协议进行验证,提交验证过程。

IPSec协议验证-第一阶段发起方的验证

  • 使用工具解析发起方加密私钥文件“left_enc.key”,得到发起方加密公私钥对内容
  • left_enc.key
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQgLrRk3CWTe+WZOFSf
TMYwbOocLs3MSRpOO0/AvSmvH5mhRANCAAR9vqVFQ0WBcr07aI5QnC31RYas4AtY
7JQUmflKUKWMZ11vmtr/CJ6BN6djQ6zS81yjCopcz4G3zc5SZqAWueNk
-----END PRIVATE KEY-----
  • 发起方加密私钥prv_i
2eb464dc25937be59938549f4cc6306cea1c2ecdcc491a4e3b4fc0bd29af1f99
  • 发起方加密公钥pub_i
7dbea54543458172bd3b688e509c2df54586ace00b58ec941499f94a50a58c675d6f9adaff089e8137a76343acd2f35ca30a8a5ccf81b7cdce5266a016b9e364

在这里插入图片描述

  • 在Wireshark中打开“left.pcapng”包,用isakmp协议过滤一下数据包

在这里插入图片描述

  • 导出SKi密文
307902210083e6ecef3fb62d7d4683132d920a298dd88efc8342256fb751987a5c37300cd30220398674a09fc955c21d9218a5016994738d9eddb2939b133e8ed2273aa3a215d30420cf1f2e14abe2de8c81fc9f2fbf028648570af88dcdaa98659a4c3eb1f96975100410ac34d8306c55b50003a96045184deb81
  • 按TLV分割
3079 TL
022100 TL
83e6ecef3fb62d7d4683132d920a298dd88efc8342256fb751987a5c37300cd3 X
0220 TL
398674a09fc955c21d9218a5016994738d9eddb2939b133e8ed2273aa3a215d3 Y
0420 TL
cf1f2e14abe2de8c81fc9f2fbf028648570af88dcdaa98659a4c3eb1f9697510 Hash
0410 TL
ac34d8306c55b50003a96045184deb81 C
  • SKi密文为X||Y||Hash||C
83e6ecef3fb62d7d4683132d920a298dd88efc8342256fb751987a5c37300cd3398674a09fc955c21d9218a5016994738d9eddb2939b133e8ed2273aa3a215d3cf1f2e14abe2de8c81fc9f2fbf028648570af88dcdaa98659a4c3eb1f9697510ac34d8306c55b50003a96045184deb81
  • 用prv_i解密,明文为:
e6b74813213bfe4759c20225ade2678e

在这里插入图片描述

  • 在wireshark中导出Ni密文
a73cb7e86cc9b2020ecb43baa4e96cf8fb83d3a176a3e11b618206b32b958c69
  • 使用工具解密Ni密文:SM4算法,CBC模式密钥为Ski,iv为00000000000000000000000000000000
    在这里插入图片描述
450be90d637a4c714d129d13e15642370000000000000000000000000000000f
  • 在Wireshark中通过导出获取IDi密文,注意Wireshark对IDi的解析有错误,IDi为identificationpayload去掉前3项后的所有数据
  • IDi密文
eff5aaaddbce5efb2d9daca6f1de48c88096f24ada20e090aa45dc2e46a90517140fe404e0fa5c362423b9559a7dccb08d95ed049d05bf40fbe654ba7d0fae70a583343b9cb2a417d66032ca9a786ff901f6987c86bf733851bf8a46ea92a3ef
  • IDi明文
09000000304a310b3009060355040613024141310b3009060355040813024242310b3009060355040a13024343310b3009060355040b13024444311430120603550403130b636c69656e74207369676e0000000000000000000000000000000f
  • iv
fb83d3a176a3e11b618206b32b958c69

在这里插入图片描述

  • 在Wireshark中通过导出获取发起方加密证书CERT_enc_i
05308201ed30820192a00302010202145b2ebfa257b547c1b04ebce83ad65e6c595addaa300a06082a811ccf550183753045310b3009060355040613024141310b300906035504080c024242310b3009060355040a0c024343310b3009060355040b0c024444310f300d06035504030c067375622063613020170d3233303232323032333031345a180f32313233303132393032333031345a3049310b3009060355040613024141310b300906035504080c024242310b3009060355040a0c024343310b3009060355040b0c0244443113301106035504030c0a636c69656e7420656e633059301306072a8648ce3d020106082a811ccf5501822d034200042920dde9348041de867e49a5caa1936d3241f9b79cb5dcc5c6d59b31f8d88467b05b38505b101f7dbf242bcba73daf394cf0879d3f0e8ec08739f1db00fa770ca35a305830090603551d1304023000300b0603551d0f040403020338301d0603551d0e041604147cf13c4f768f4733a2ffe2e259346b90cfb474a8301f0603551d23041830168014ac61eb22806259083e96c8d17fce745c02af3c99300a06082a811ccf550183750349003046022100e2131845079c82d4a4b09b4990b21bc4e281899b83b226c9916d5c5fee12139f022100e7d3e711561a7a0be92392ed9f94f63ca2aa899d9039611f4472488bf14565ea
  • 得到签名原文SKi||Ni||IDi||CERT_enc_i
e6b74813213bfe4759c20225ade2678e450be90d637a4c714d129d13e156423709000000304a310b3009060355040613024141310b3009060355040813024242310b3009060355040a13024343310b3009060355040b13024444311430120603550403130b636c69656e74207369676e05308201ed30820192a00302010202145b2ebfa257b547c1b04ebce83ad65e6c595addaa300a06082a811ccf550183753045310b3009060355040613024141310b300906035504080c024242310b3009060355040a0c024343310b3009060355040b0c024444310f300d06035504030c067375622063613020170d3233303232323032333031345a180f32313233303132393032333031345a3049310b3009060355040613024141310b300906035504080c024242310b3009060355040a0c024343310b3009060355040b0c0244443113301106035504030c0a636c69656e7420656e633059301306072a8648ce3d020106082a811ccf5501822d034200042920dde9348041de867e49a5caa1936d3241f9b79cb5dcc5c6d59b31f8d88467b05b38505b101f7dbf242bcba73daf394cf0879d3f0e8ec08739f1db00fa770ca35a305830090603551d1304023000300b0603551d0f040403020338301d0603551d0e041604147cf13c4f768f4733a2ffe2e259346b90cfb474a8301f0603551d23041830168014ac61eb22806259083e96c8d17fce745c02af3c99300a06082a811ccf550183750349003046022100e2131845079c82d4a4b09b4990b21bc4e281899b83b226c9916d5c5fee12139f022100e7d3e711561a7a0be92
最低0.47元/天 解锁文章
南嘉560
关注
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值