IKEv2 Rekeying of IKE_SA using CREATE_CHILD_SA mes

2019-05-25 06:57发布

问题:

I have a Confusion regarding rekeying Procedure of IKE_SA in IKEv2. MY confusion is when rekeying of IKE_SA is done whether its repective Keys of CHILD_SAs ie. ESP or AH SAs would be change or not. As per rfc 7296, in rekeying procedure of IKE_SA new SKEYSEED would be generate and then new set of {SK_d | SK_ai | SK_ar | SK_ei | SK_er | SK_pi | SK_pr} = prf+ (SKEYSEED, Ni | Nr | SPIi | SPIr). i.e. new Sk_d is generated.So, using these new values whether new keymat would be generated or not by this way, KEYMAT = prf+(SK_d, g^ir (new) | Ni | Nr). and would using this new ESP/AH Keys would be generated or enforced or not.. Does anyone can say something on this note..I need quick response.. Please Comment if you know about this..

回答1:

I think the underlying SAs are not rekeyed -- they are just inherited by the newly established IKE SA (i.e. they will be managed using this new IKE SA).

Citing RFC 7296:

To rekey an IKE SA, establish a new equivalent IKE SA (see Section 2.18 below) with the peer to whom the old IKE SA is shared using a CREATE_CHILD_SA within the existing IKE SA. An IKE SA so created inherits all of the original IKE SA's Child SAs, and the new IKE SA is used for all control messages needed to maintain those Child SAs. After the new equivalent IKE SA is created, the initiator deletes the old IKE SA, and the Delete payload to delete itself MUST be the last request sent over the old IKE SA.

The SA keys must be fixed during the whole SA lifetime -- there would be a gap when packets belonging to the same SA would be refused (packets sent before the rekeying took place that arrived after the rekeying finished would fail the integrity check).

Desclaimer: It has been some time since I was dealing with this, so please do validate my thoughts.