Hi Jean-Francois,
In src/libcharon/sa/ikev2/keymat_v2.c (line 390) when rekeying, the shared secret is concatenated with the full nonce using a call to chunk_cat(). The secret chunk is moved using the mode "m" which does not clear the chunk afterward. I think it would be a good idea to change it to "s" since the shared secret chunk is usually cleared.
Good catch! Fixed in master. Thanks, Tobias
