Title

  Test IKEv2.EN.I.1.2.3.7: Perfect Forward Secrecy
  Part A: (BASIC)


Purpose

  To verify an IKEv2 device properly rekeys CHILD_SA when Perfect Forward Secrecy
  enables.


References

  * [RFC 4306] - Sections 2.12


Test Setup

  * Network Topology
      Connect the devices according to the Common Topology.
  * Configuration
      In each part, configure the devices according to the Common Configuration.
      In addition, set IKE_SA Lifetime to 300 seconds and set CHILD_SA Lifetime to 30
      seconds. Enable PFS.
  * Pre-Sequence and Cleanup Sequence
      IKEv2 on the NUT is disabled after each part.


Procedure

   NUT                  TN1
(End-Node)           (End-Node)
    |                    |
    |------------------->| IKE_SA_INIT request (HDR, SAi1, KEi, Ni)
    |                    | (Judgement #1)
    |<-------------------| IKE_SA_INIT Response (HDR, SAr1, KEr, Nr)
    |                    | (Packet #1)
    |                    |
    |------------------->| IKE_AUTH request (HDR, SK {IDi, AUTH, N+, SAi2, TSi, TSr})
    |                    | (Judgement #2)
    |<-------------------| IKE_AUTH Response (HDR, SK {IDr, AUTH, N+, SAr2, TSi, TSr})
    |                    | (Packet #2)
    |                    |
   ---                  ---
    |                    |                       ---
    |<-------------------| IPSec {Echo Request}   |
    |                    | (Packet #3)            |
    |------------------->| IPSec {Echo Reply}     | repeat Echo exchange until lifetime of SA is expired
    |                    | (Judgement #3)         |
    |                    |                       ---
   ---                  ---
    |                    |
    |------------------->| CREATE_CHILD_SA request (HDR, SK {N, N+, SA, Ni, KEi, TSi, TSr})
    |                    | (Judgement #4)
    |<-------------------| CREATE_CHILD_SA response (HDR, SK {N+, SA, Nr, KEr, TSi, TSr})
    |                    | (Packet #4)
    |                    |
    |------------------->| INFORMATIONAL request (HDR, SK {D})
    |                    | (Judgement #5)
    |<-------------------| INFORMATIONAL Response (HDR, SK {D})
    |                    | (Packet #5)
    |                    |
    |<-------------------| IPsec {Echo Request}
    |                    | (Packet #6)
    |------------------->| IPsec {Echo Reply}
    |                    | (Judgement #6)
    |                    |
    V                    V
N: REKEY_SA N+: USE_TRANSPORT_MODE
Packet #1 See Common Packet #2
Packet #2 See Common Packet #4
Packet #3 See Common Packet #19
Packet #4 See below
Packet #5 See below
Packet #6 See Common Packet #19
This packet is cryptographically protected by
the new CHILD_SA negotiated at Step 10.
Packet #4: CREATE_CHILD_SA response
IPv6 Header Same as Common Packet #14
UDP Header Same as Common Packet #14
IKEv2 Header Same as Common Packet #14
E Payload Same as Common Packet #14
N Payload Same as Common Packet #14
N Payload Same as Common Packet #14
SA Payload Same as Common Packet #14
Nr Payload Next Payload 34 (KE)
KEr Payload Next Payload 44 (TSi)
Critical 0
Reserved 0
Payload Length 136
DH Group # 2
Reserved 0
Key Exchange Data any
TSi Payload Same as Common Packet #14
TSr Payload Same as Common Packet #14
Packet #5: INFORMATIONAL response
IPv6 Header Same as the Common Packet #18
UDP Header Same as the Common Packet #18
IKEv2 Header Same as the Common Packet #18
E Payload Other fields are same as the Common Packet #18
Next Payload 42 (Delete)
Delete Payload Next Payload 0(last)
Critical 0
Reserved 0
Payload Length 12
Protocol ID 3(ESP)
SPI Size 4
# of SPIs 1
Security Parameter Index(es) (SPI) SPI negotiated by Initial Exchange
  Part A: (BASIC)
     1. NUT starts to negotiate with TN1 by sending IKE_SA_INIT request.
     2. Observe the messages transmitted on Link A.
     3. TN1 responds with an IKE_SA_INIT response to the NUT.
     4. Observe the messages transmitted on Link A.
     5. After reception of IKE_AUTH request from the NUT, TN1 responds with an IKE_AUTH
         response to the NUT
     6. TN1 transmits an Echo Request with IPsec ESP using the first negotiated algorithms to NUT.
     7. Observe the messages transmitted on Link A.
     8. Repeat Steps 6 and 7 until lifetime of SA is expired.
     9. Observe the messages transmitted on Link A.
     10. After reception of CREATE_CHILD_SA request for rekeying from the NUT, TN1 responds
         with a CREATE_CHILD_SA response to the NUT.
     11. Observe the messages transmitted on Link A.
     12. TN1 responds with an INFORMATIONAL response with a Delete payload to the NUT.
     13. TN1 transmits an Echo Request with IPsec ESP using the second negotiated algorithms to
         the NUT.
     14. Observe the messages transmitted on Link A.


Observable Result

  Part A
       Step 2: Judgment #1
       The NUT transmits an IKE_SA_INIT request including "ENCR_3DES",
       "PRF_HMAC_SHA1", "AUTH_HMAC_SHA1_96" and "D-H group 2" as proposed
       algorithms.
       Step 4: Judgment #2
       The NUT transmits an IKE_AUTH request including "ENCR_3DES",
       "AUTH_HMAC_SHA1_96" and "No Extended Sequence Numbers" as proposed algorithms.
       Step 7: Judgment #3
       The NUT transmits an Echo Reply with IPsec ESP using corresponding algorithms.
       Step 9: Judgment #4
       The NUT transmits a CREATE_CHILD_SA request including "ENCR_3DES",
       "AUTH_HMAC_SHA1_96" and "No Extended Sequence Numbers" as proposed
       algorithms. And the CREATE_CHILD_SA request includes a Notify payload of type
       REKEY_SA containing rekeyed CHILD_SA's SPI value in the SPI field.
       Step 11: Judgment #5
       The NUT transmits an INFORMATIONAL request with a Delete payload. The Delete
       payload includes 3 (ESP) as Protocol ID, 4 as SPI Size and the inblund SPI value to be
       deleted as SPI.
       Step 14: Judgment #6
       The NUT transmits an Echo Reply with IPsec ESP using the second negotiated algorithms.


Possible Problems

  * Each NUT has the different lifetime of SA.