<div dir="ltr">Dear Martin Willi,<div><br><div> Thank you for clarifying this.</div><div> Reason I asked this is I see some code in derive_keys() function in file ike_init.c</div><div><br></div><div><div>if (!this->keymat->derive_ike_keys(this->keymat, this->proposal, this->dh,</div><div><span class="" style="white-space:pre"> </span> nonce_i, nonce_r, id, prf_alg, skd))</div><div><span class="" style="white-space:pre"> </span>{</div><div><span class="" style="white-space:pre"> </span>return FALSE;</div><div><span class="" style="white-space:pre"> </span>}</div><div><span class="" style="white-space:pre"> </span>charon->bus->ike_keys(charon->bus, this->ike_sa, this->dh, chunk_empty,</div><div><span class="" style="white-space:pre"> </span> nonce_i, nonce_r, this->old_sa, NULL);</div></div></div><div><br></div><div>My query here was, how the keys which are computed in derive_ike_keys function get stored in the IKE_SA.</div><div>As I see this function updates the keys in 'this->keymat' Here 'this' refers to ike_sa_init_t // which is the ike sa init task..created for performing IKE_SA_INIT exchange. How is the change of keymat in IKE_SA_INIT task affecting the IKE_SA.</div><div><br></div><div>I was thinking the call to 'charonn->bus->ike_keys' updates the keys in IKE_SA. This function ike_keys has been added by HA plugin. Now that you confirmed that HA plugin is not activated in android, Now i am back to my to square one. </div><div><br></div><div>Could you help me point to the potential code which updates the IKE_SA keys computed after IKE_SA_INIT exchange into IKE_SA</div><div>Your input is highly appreciated.</div><div><br></div><div>Thanks,</div><div>Ravikanth</div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Jan 8, 2015 at 5:42 AM, Martin Willi <span dir="ltr"><<a href="mailto:martin@strongswan.org" target="_blank">martin@strongswan.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>
<span class=""><br>
> 1) There is only one node.. i.e the android client. Why would be the<br>
> need to use a HA plugin here.<br>
<br>
</span>There really is none. The HA plugin synchronizes SA state between nodes<br>
in a gateway cluster. It really makes no sense to enable the plugin on<br>
your Android client device.<br>
<br>
Regards<br>
<span class="HOEnZb"><font color="#888888">Martin<br>
<br>
</font></span></blockquote></div><br clear="all"><div><br></div><br><div class="gmail_signature"><div dir="ltr"><div></div></div></div>
</div></div>