I was testing the xfrm framework through the "ip xfrm" commands, and when testing the "state update" operation, I did not manage to change neither the encryption keys nor the authentication keys. A similar issue can be found in this
link.
I am not sure if this is intended behaviour to protect some how the SAD entries installed in the kernel or is some bug.
From my google research I did find out in the following
link that they define this issue as a bug and they fixed it. Still I am not sure if this is an intended behaviour or is something still not fixed in the linux kernel.