Title

  Test IKEv2.EN.R.1.1.3.6: Receiving Delete Payload for CHILD_SA
  Part A: (BASIC)


Purpose

  To verify an IKEv2 device can respond to INFORMATIONAL request with a Delete Payload,
  when CHILD_SAs are deleted.


References

  * [RFC 4306] - Sections 2.4 and 3.11


Test Setup


  * Network Topology
      Connect the devices according to the Common Topology.
  * Configuration
      In each part, configure the devices according to the Common Configuration.
  * Pre-Sequence and Cleanup Sequence
      IKEv2 on the NUT is disabled after each part.


Procedure

   NUT                  TN1
(End-Node)           (End-Node)
    |                    |
    |<-------------------| IKE_SA_INIT request (HDR, SAi1, KEi, Ni)
    |                    | (Packet #1)
    |------------------->| IKE_SA_INIT response (HDR, SAr1, KEr, Nr)
    |                    | (Judgement #1)
    |                    |
    |<-------------------| IKE_AUTH request (HDR, SK {IDi, AUTH, N, SAi2, TSi, TSr})
    |                    | (Packet #2)
    |------------------->| IKE_AUTH response (HDR, SK {IDr, AUTH, N, SAr2, TSi, TSr})
    |                    | (Judgement #2)
    |                    |
    |<-------------------| INFORMATIONAL request (HDR, SK {D})
    |                    | (Packet #3)
    |------------------->| INFORMATIONAL response (HDR, SK {D})
    |                    | (Judgement #3)
    |                    |
    V                    V

N: USE_TRANSPORT_MODE
Packet #1 See Common Packet #1
Packet #2 See Common Packet #3
Packet #3 See below
* Packet #3: INFORMATIONAL request
IPv6 Header Source Address TN1's Global Address on Link X
Destination Address NUT's Global Address on Link A
UDP Header Source Port 500
Destination Port 500
IKEv2 Header IKE_SA Initiator's SPI any
IKE_SA Responder's SPI any
Next Payload 46 (E)
Major Version 2
Minor Version 0
Exchange Type 37 (INFORMATIONAL)
X (bits 0-2 of Flags) 0
I (bit 3 of Flags) any
V (bit 4 of Flags) 0
R (bit 5 of Flags) 0
X (bits 6-7 Flags) 0
Message ID 2
Length any
E Payload Next Payload 42 (D)
Critical 0
Reserved 0
Payload Length any
Initialization Vector The same value as block length of the underlying encryption algorithm
Encrypted IKE Payloads Subsequent payloads encrypted by underlying encryption algorithm
Padding Any value which to be a multiple of the encryption block size
Pad Length The length of the Padding field
Integrity Checksum Data The Cryptographic checksum of the entire message
D Payload Next Payload 0
Critical 0
Reserved 0
Payload Length 12
Protocol ID 3 (ESP)
SPI Size 4
# of SPIs 1
Security Parameter Index NUT's inbound CHILD_SA SPI value to be deleteD
  Part A: (BASIC)
       1. TN1 starts to negotiate with NUT by sending IKE_SA_INIT request.
       2. Observe the messages transmitted on Link A.
       3. After reception of IKE_AUTH response from the NUT, TN1 transmits an IKE_AUTH
          request to the NUT.
       4. Observe the messages transmitted on Link A.
       5. TN1 transmits an INFORMATIONAL request with a Delete payload including 3 (ESP) as
          Protocol ID, 4 as SPI Size and the TN1's inbound SPI value to be deleted as SPI value.
       6. Observe the messages transmitted on Link A.


Observable Result

  Part A
    Step 2: Judgment #1
      The NUT transmits an IKE_SA_INIT response including "ENCR_3DES",
      "PRF_HMAC_SHA1", "AUTH_HMAC_SHA1_96" and "D-H group 2" as accepted
      algorithms.
  
    Step 4: Judgment #2
      The NUT transmits an IKE_AUTH response including "ENCR_3DES",
      "AUTH_HMAC_SHA1_96" and "No Extended Sequence Numbers" as accepted algorithms.
  
    Step 7: Judgment #3
      The NUT transmits an INFORMATIONAL response with a Delete payload including 3
      (ESP) as Protocol ID, 4 as SPI Size and the NUT's inbound SPI value to be deleted as SPI
      value.


Possible Problems

  * None.