Imported Upstream version 5.3.0

7 files changed, 52 insertions, 359 deletions

diff --git a/src/libstrongswan/plugins/ntru/Makefile.am b/src/libstrongswan/plugins/ntru/Makefile.am
index b959afa8e..c9fcee982 100644
--- a/src/libstrongswan/plugins/ntru/Makefile.am
+++ b/src/libstrongswan/plugins/ntru/Makefile.am
@@ -16,7 +16,6 @@ libstrongswan_ntru_la_SOURCES = \
 	ntru_convert.h ntru_convert.c \
 	ntru_drbg.h ntru_drbg.c \
 	ntru_ke.h ntru_ke.c \
-	ntru_mgf1.h ntru_mgf1.c \
 	ntru_param_set.h ntru_param_set.c \
 	ntru_poly.h ntru_poly.c \
 	ntru_public_key.h ntru_public_key.c \
diff --git a/src/libstrongswan/plugins/ntru/Makefile.in b/src/libstrongswan/plugins/ntru/Makefile.in
index e57a3673e..5636692ab 100644
--- a/src/libstrongswan/plugins/ntru/Makefile.in
+++ b/src/libstrongswan/plugins/ntru/Makefile.in
@@ -129,9 +129,8 @@ am__installdirs = "$(DESTDIR)$(plugindir)"
 LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
 libstrongswan_ntru_la_LIBADD =
 am_libstrongswan_ntru_la_OBJECTS = ntru_plugin.lo ntru_convert.lo \
-	ntru_drbg.lo ntru_ke.lo ntru_mgf1.lo ntru_param_set.lo \
-	ntru_poly.lo ntru_public_key.lo ntru_private_key.lo \
-	ntru_trits.lo
+	ntru_drbg.lo ntru_ke.lo ntru_param_set.lo ntru_poly.lo \
+	ntru_public_key.lo ntru_private_key.lo ntru_trits.lo
 libstrongswan_ntru_la_OBJECTS = $(am_libstrongswan_ntru_la_OBJECTS)
 AM_V_lt = $(am__v_lt_@AM_V@)
 am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
@@ -229,6 +228,7 @@ DLLIB = @DLLIB@
 DLLTOOL = @DLLTOOL@
 DSYMUTIL = @DSYMUTIL@
 DUMPBIN = @DUMPBIN@
+EASY_INSTALL = @EASY_INSTALL@
 ECHO_C = @ECHO_C@
 ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
@@ -289,10 +289,12 @@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
 PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
 PTHREADLIB = @PTHREADLIB@
 PYTHON = @PYTHON@
+PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
 PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
 PYTHON_PLATFORM = @PYTHON_PLATFORM@
 PYTHON_PREFIX = @PYTHON_PREFIX@
 PYTHON_VERSION = @PYTHON_VERSION@
+PY_TEST = @PY_TEST@
 RANLIB = @RANLIB@
 RTLIB = @RTLIB@
 RUBY = @RUBY@
@@ -366,6 +368,8 @@ json_CFLAGS = @json_CFLAGS@
 json_LIBS = @json_LIBS@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libiptc_CFLAGS = @libiptc_CFLAGS@
+libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
@@ -438,7 +442,6 @@ libstrongswan_ntru_la_SOURCES = \
 	ntru_convert.h ntru_convert.c \
 	ntru_drbg.h ntru_drbg.c \
 	ntru_ke.h ntru_ke.c \
-	ntru_mgf1.h ntru_mgf1.c \
 	ntru_param_set.h ntru_param_set.c \
 	ntru_poly.h ntru_poly.c \
 	ntru_public_key.h ntru_public_key.c \
@@ -539,7 +542,6 @@ distclean-compile:
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ntru_convert.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ntru_drbg.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ntru_ke.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ntru_mgf1.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ntru_param_set.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ntru_plugin.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ntru_poly.Plo@am__quote@
diff --git a/src/libstrongswan/plugins/ntru/ntru_ke.c b/src/libstrongswan/plugins/ntru/ntru_ke.c
index abaa22336..3b5df81d9 100644
--- a/src/libstrongswan/plugins/ntru/ntru_ke.c
+++ b/src/libstrongswan/plugins/ntru/ntru_ke.c
@@ -56,7 +56,7 @@ struct private_ntru_ke_t {
 	/**
 	 * Diffie Hellman group number.
 	 */
-	u_int16_t group;
+	diffie_hellman_group_t group;
 
 	/**
 	 * NTRU Parameter Set
@@ -106,10 +106,10 @@ struct private_ntru_ke_t {
 	/**
 	 * Deterministic Random Bit Generator
 	 */
-    ntru_drbg_t *drbg;
+	ntru_drbg_t *drbg;
 };
 
-METHOD(diffie_hellman_t, get_my_public_value, void,
+METHOD(diffie_hellman_t, get_my_public_value, bool,
 	private_ntru_ke_t *this, chunk_t *value)
 {
 	*value = chunk_empty;
@@ -130,30 +130,30 @@ METHOD(diffie_hellman_t, get_my_public_value, void,
 			if (!this->privkey)
 			{
 				DBG1(DBG_LIB, "NTRU keypair generation failed");
-				return;
+				return FALSE;
 			}
 			this->pubkey = this->privkey->get_public_key(this->privkey);
 		}
 		*value = chunk_clone(this->pubkey->get_encoding(this->pubkey));
 		DBG3(DBG_LIB, "NTRU public key: %B", value);
 	}
+	return TRUE;
 }
 
-METHOD(diffie_hellman_t, get_shared_secret, status_t,
+METHOD(diffie_hellman_t, get_shared_secret, bool,
 	private_ntru_ke_t *this, chunk_t *secret)
 {
 	if (!this->computed || !this->shared_secret.len)
 	{
 		*secret = chunk_empty;
-		return FAILED;
+		return FALSE;
 	}
 	*secret = chunk_clone(this->shared_secret);
 
-	return SUCCESS;
+	return TRUE;
 }
 
-
-METHOD(diffie_hellman_t, set_other_public_value, void,
+METHOD(diffie_hellman_t, set_other_public_value, bool,
 	private_ntru_ke_t *this, chunk_t value)
 {
 	if (this->privkey)
@@ -162,15 +162,15 @@ METHOD(diffie_hellman_t, set_other_public_value, void,
 		if (value.len == 0)
 		{
 			DBG1(DBG_LIB, "empty NTRU ciphertext");
-			return;
+			return FALSE;
 		}
 		DBG3(DBG_LIB, "NTRU ciphertext: %B", &value);
 
 		/* decrypt the shared secret */
- 		if (!this->privkey->decrypt(this->privkey, value, &this->shared_secret))
+		if (!this->privkey->decrypt(this->privkey, value, &this->shared_secret))
 		{
 			DBG1(DBG_LIB, "NTRU decryption of shared secret failed");
-			return;
+			return FALSE;
 		}
 		this->computed = TRUE;
 	}
@@ -185,13 +185,13 @@ METHOD(diffie_hellman_t, set_other_public_value, void,
 		pubkey = ntru_public_key_create_from_data(this->drbg, value);
 		if (!pubkey)
 		{
-			return;
+			return FALSE;
 		}
 		if (pubkey->get_id(pubkey) != this->param_set->id)
 		{
 			DBG1(DBG_LIB, "received NTRU public key with wrong OUI");
 			pubkey->destroy(pubkey);
-			return;
+			return FALSE;
 		}
 		this->pubkey = pubkey;
 
@@ -204,7 +204,7 @@ METHOD(diffie_hellman_t, set_other_public_value, void,
 		{
 			DBG1(DBG_LIB, "generation of shared secret failed");
 			chunk_free(&this->shared_secret);
-			return;
+			return FALSE;
 		}
 		this->computed = TRUE;
 
@@ -212,10 +212,11 @@ METHOD(diffie_hellman_t, set_other_public_value, void,
 		if (!pubkey->encrypt(pubkey, this->shared_secret, &this->ciphertext))
 		{
 			DBG1(DBG_LIB, "NTRU encryption of shared secret failed");
-			return;
+			return FALSE;
 		}
 		DBG3(DBG_LIB, "NTRU ciphertext: %B", &this->ciphertext);
 	}
+	return this->computed;
 }
 
 METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t,
@@ -301,10 +302,10 @@ ntru_ke_t *ntru_ke_create(diffie_hellman_group_t group, chunk_t g, chunk_t p)
 
 	drbg = ntru_drbg_create(strength, chunk_from_str("IKE NTRU-KE"), entropy);
 	if (!drbg)
- 	{
+	{
 		DBG1(DBG_LIB, "could not instantiate DRBG at %u bit security", strength);
 		entropy->destroy(entropy);
-        return NULL;
+		return NULL;
 	}
 
 	INIT(this,
@@ -326,4 +327,3 @@ ntru_ke_t *ntru_ke_create(diffie_hellman_group_t group, chunk_t g, chunk_t p)
 
 	return &this->public;
 }
-
diff --git a/src/libstrongswan/plugins/ntru/ntru_mgf1.c b/src/libstrongswan/plugins/ntru/ntru_mgf1.c
deleted file mode 100644
index 2338db208..000000000
--- a/src/libstrongswan/plugins/ntru/ntru_mgf1.c
+++ /dev/null
@@ -1,182 +0,0 @@
-/*
- * Copyright (C) 2013 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include "ntru_mgf1.h"
-
-#include <crypto/hashers/hasher.h>
-#include <utils/debug.h>
-#include <utils/test.h>
-
-typedef struct private_ntru_mgf1_t private_ntru_mgf1_t;
-
-/**
- * Private data of an ntru_mgf1_t object.
- */
-struct private_ntru_mgf1_t {
-
-	/**
-	 * Public ntru_mgf1_t interface.
-	 */
-	ntru_mgf1_t public;
-
-	/**
-	 * Hasher the MGF1 Mask Generation Function is based on
-	 */
-	hasher_t *hasher;
-
-	/**
-	 * Counter
-	 */
-	u_int32_t counter;
-
-	/**
-	 * Set if counter has reached 2^32
-	 */
-	bool overflow;
-
-	/**
-	 * Current state to be hashed
-	 */
-	chunk_t state;
-
-	/**
-	 * Position of the 4 octet counter string
-	 */
-	u_char *ctr_str;
-
-};
-
-METHOD(ntru_mgf1_t, get_hash_size, size_t,
-	private_ntru_mgf1_t *this)
-{
-	return this->hasher->get_hash_size(this->hasher);
-}
-
-METHOD(ntru_mgf1_t, get_mask, bool,
-	private_ntru_mgf1_t *this, size_t mask_len, u_char *mask)
-{
-	u_char buf[HASH_SIZE_SHA512];
-	size_t hash_len;
-
-	hash_len = this->hasher->get_hash_size(this->hasher);
-
-	while (mask_len > 0)
-	{
-		/* detect overflow, set counter string and increment counter */
-		if (this->overflow)
-		{
-			return FALSE;
-		}
-		htoun32(this->ctr_str, this->counter++);
-		if (this->counter == 0)
-		{
-			this->overflow = TRUE;
-		}
-
-		/* get the next or final mask block from the hash function */
-		if (!this->hasher->get_hash(this->hasher, this->state,
-								   (mask_len < hash_len) ? buf : mask))
-		{
-			return FALSE;
-		}
-		if (mask_len < hash_len)
-		{
-			memcpy(mask, buf, mask_len);
-			return TRUE;
-		}
-		mask_len -= hash_len;
-		mask += hash_len;
-	}
-	return TRUE;
-}
-
-METHOD(ntru_mgf1_t, allocate_mask, bool,
-	private_ntru_mgf1_t *this, size_t mask_len, chunk_t *mask)
-{
-	if (mask_len == 0)
-	{
-		*mask = chunk_empty;
-		return TRUE;
-	}
-	*mask = chunk_alloc(mask_len);
-
-	return get_mask(this, mask_len, mask->ptr);
-}
-
-METHOD(ntru_mgf1_t, destroy, void,
-	private_ntru_mgf1_t *this)
-{
-	this->hasher->destroy(this->hasher);
-	chunk_clear(&this->state);
-	free(this);
-}
-
-/*
- * Described in header.
- */
-ntru_mgf1_t *ntru_mgf1_create(hash_algorithm_t alg, chunk_t seed,
-							  bool hash_seed)
-{
-	private_ntru_mgf1_t *this;
-	hasher_t *hasher;
-	size_t state_len;
-
-	if (seed.len == 0)
-	{
-		DBG1(DBG_LIB, "empty seed for MGF1");
-		return NULL;
-	}
-
-	hasher = lib->crypto->create_hasher(lib->crypto, alg);
-	if (!hasher)
-	{
-		DBG1(DBG_LIB, "failed to create %N hasher for MGF1",
-			 hash_algorithm_names, alg);
-		return NULL;
-	}
-	state_len = (hash_seed ? hasher->get_hash_size(hasher) : seed.len) + 4;
-	
-	INIT(this,
-		.public = {
-			.get_hash_size = _get_hash_size,
-			.allocate_mask = _allocate_mask,
-			.get_mask = _get_mask,
-			.destroy = _destroy,
-		},
-		.hasher = hasher,
-		.state = chunk_alloc(state_len),
-	);
-
-	/* determine position of the 4 octet counter string */
-	this->ctr_str = this->state.ptr + state_len - 4;
-
-	if (hash_seed)
-	{
-		if (!hasher->get_hash(hasher, seed, this->state.ptr))
-		{
-			DBG1(DBG_LIB, "failed to hash seed for MGF1");
-			destroy(this);
-			return NULL;
-		}
-	}
-	else
-	{
-		memcpy(this->state.ptr, seed.ptr, seed.len);
-	}
-
-	return &this->public;
-}
-
-EXPORT_FUNCTION_FOR_TESTS(ntru, ntru_mgf1_create);
diff --git a/src/libstrongswan/plugins/ntru/ntru_mgf1.h b/src/libstrongswan/plugins/ntru/ntru_mgf1.h
deleted file mode 100644
index 53e90412a..000000000
--- a/src/libstrongswan/plugins/ntru/ntru_mgf1.h
+++ /dev/null
@@ -1,77 +0,0 @@
-/*
- * Copyright (C) 2013 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup ntru_mgf1 ntru_mgf1
- * @{ @ingroup ntru_p
- */
-
-#ifndef NTRU_MGF1_H_
-#define NTRU_MGF1_H_
-
-typedef struct ntru_mgf1_t ntru_mgf1_t;
-
-#include <library.h>
-
-/**
- * Implements the PKCS#1 MGF1 Mask Generation Function based on a hash function
- * defined in section 10.2.1 of RFC 2437 
- */
-struct ntru_mgf1_t {
-
-	/**
-	 * Get the hash size of the underlying hash function
-	 *
-	 * @return			hash size in bytes
-	 */
-	size_t (*get_hash_size)(ntru_mgf1_t *this);
-
-	/**
-	 * Generate a mask pattern and copy it to an output buffer
-	 * If the maximum number of requests has been reached, reseeding occurs
-	 *
-	 * @param mask_len	number of mask bytes to generate
-	 * @param mask		output buffer of minimum size mask_len
-	 * @return			TRUE if successful
-	 */
-	bool (*get_mask)(ntru_mgf1_t *this, size_t mask_len, u_char *mask);
-
-	/**
-	 * Generate a mask pattern and return it in an allocated chunk
-	 *
-	 * @param mask_len	number of mask bytes to generate
-	 * @param mask		chunk containing generated mask
-	 * @return			TRUE if successful
-	 */
-	bool (*allocate_mask)(ntru_mgf1_t *this, size_t mask_len, chunk_t *mask);
-
-	/**
-	 * Destroy the MGF1 object
-	 */
-	void (*destroy)(ntru_mgf1_t *this);
-};
-
-/**
- * Create an MGF1 object
- *
- * @param alg			hash algorithm to be used by MGF1
- * @param seed			seed used by MGF1 to generate mask from
- * @param hash_seed		hash seed before using it as a seed from MGF1
- */
-ntru_mgf1_t *ntru_mgf1_create(hash_algorithm_t alg, chunk_t seed,
-							  bool hash_seed);
-
-#endif /** NTRU_MGF1_H_ @}*/
-
diff --git a/src/libstrongswan/plugins/ntru/ntru_poly.c b/src/libstrongswan/plugins/ntru/ntru_poly.c
index 77ab54a5c..cb11601cd 100644
--- a/src/libstrongswan/plugins/ntru/ntru_poly.c
+++ b/src/libstrongswan/plugins/ntru/ntru_poly.c
@@ -16,8 +16,8 @@
  */
 
 #include "ntru_poly.h"
-#include "ntru_mgf1.h"
 
+#include <crypto/mgf1/mgf1_bitspender.h>
 #include <utils/debug.h>
 #include <utils/test.h>
 
@@ -297,22 +297,17 @@ ntru_poly_t *ntru_poly_create_from_seed(hash_algorithm_t alg, chunk_t seed,
 										bool is_product_form)
 {
 	private_ntru_poly_t *this;
-	size_t hash_len, octet_count = 0, i;
-	uint8_t octets[HASH_SIZE_SHA512], *used, num_left = 0, num_needed;
-	uint16_t index, limit, left = 0;
 	int n, num_indices, index_i = 0;
-	ntru_mgf1_t *mgf1;
+	uint32_t index, limit;
+	uint8_t *used;
+	mgf1_bitspender_t *bitspender;
 
-	DBG2(DBG_LIB, "MGF1 is seeded with %u bytes", seed.len);
-	mgf1 = ntru_mgf1_create(alg, seed, TRUE);
-	if (!mgf1)
+	bitspender = mgf1_bitspender_create(alg, seed, TRUE);
+	if (!bitspender)
 	{
 	    return NULL;
 	}
-	i = hash_len = mgf1->get_hash_size(mgf1);
-
 	this = ntru_poly_create(N, q, indices_len_p, indices_len_m, is_product_form);
-
 	used = malloc(N);
 	limit = N * ((1 << c_bits) / N);
 
@@ -328,43 +323,12 @@ ntru_poly_t *ntru_poly_create_from_seed(hash_algorithm_t alg, chunk_t seed,
 			/* generate a random candidate index with a size of c_bits */		
 			do
 			{
-				/* use any leftover bits first */
-				index = num_left ? left << (c_bits - num_left) : 0;
-
-				/* get the rest of the bits needed from new octets */
-				num_needed = c_bits - num_left;
-
-				while (num_needed)
+				if (!bitspender->get_bits(bitspender, c_bits, &index))
 				{
-					if (i == hash_len)
-					{
-						/* get another block from MGF1 */
-						if (!mgf1->get_mask(mgf1, hash_len, octets))
-						{
-							mgf1->destroy(mgf1);
-							destroy(this);
-							free(used);
-							return NULL;
-						}
-						octet_count += hash_len;
-						i = 0;
-					}
-					left = octets[i++];
-
-					if (num_needed <= 8)
-					{
-						/* all bits needed to fill the index are in this octet */
-						index |= left >> (8 - num_needed);
-						num_left = 8 - num_needed;
-						num_needed = 0;
-						left &= 0xff >> (8 - num_left);
-					}
-					else
-					{
-						/* more than one octet will be needed */
-						index |= left << (num_needed - 8);
-						num_needed -= 8;
-					}
+					bitspender->destroy(bitspender);
+					destroy(this);
+					free(used);
+					return NULL;
 				}
 			}
 			while (index >= limit);
@@ -380,9 +344,7 @@ ntru_poly_t *ntru_poly_create_from_seed(hash_algorithm_t alg, chunk_t seed,
 		}
 	}
 
-	DBG2(DBG_LIB, "MGF1 generates %u octets to derive %u indices",
-				   octet_count, this->num_indices);
-	mgf1->destroy(mgf1);
+	bitspender->destroy(bitspender);
 	free(used);
 
 	return &this->public;
diff --git a/src/libstrongswan/plugins/ntru/ntru_trits.c b/src/libstrongswan/plugins/ntru/ntru_trits.c
index 1abb7671c..57b3532ef 100644
--- a/src/libstrongswan/plugins/ntru/ntru_trits.c
+++ b/src/libstrongswan/plugins/ntru/ntru_trits.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2014 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -14,9 +14,9 @@
  */
 
 #include "ntru_trits.h"
-#include "ntru_mgf1.h"
 #include "ntru_convert.h"
 
+#include <crypto/mgf1/mgf1_bitspender.h>
 #include <utils/debug.h>
 #include <utils/test.h>
 
@@ -70,17 +70,15 @@ METHOD(ntru_trits_t, destroy, void,
 ntru_trits_t *ntru_trits_create(size_t len, hash_algorithm_t alg, chunk_t seed)
 {
 	private_ntru_trits_t *this;
-	uint8_t octets[HASH_SIZE_SHA512], buf[5], *trits;
-	size_t hash_len, octet_count = 0, trits_needed, i;
-	ntru_mgf1_t *mgf1;
+	uint8_t octet, buf[5], *trits;
+	size_t trits_needed;
+	mgf1_bitspender_t *bitspender;
 
-	DBG2(DBG_LIB, "MGF1 is seeded with %u bytes", seed.len);
-	mgf1 = ntru_mgf1_create(alg, seed, TRUE);
-	if (!mgf1)
+	bitspender = mgf1_bitspender_create(alg, seed, TRUE);
+	if (!bitspender)
 	{
 	    return NULL;
 	}
-	i = hash_len = mgf1->get_hash_size(mgf1);
 
 	INIT(this,
 		.public = {
@@ -97,21 +95,15 @@ ntru_trits_t *ntru_trits_create(size_t len, hash_algorithm_t alg, chunk_t seed)
 
 	while (trits_needed > 0)
 	{
-		if (i == hash_len)
+		if (!bitspender->get_byte(bitspender, &octet))
 		{
-			/* get another block from MGF1 */
-			if (!mgf1->get_mask(mgf1, hash_len, octets))
-			{
-				mgf1->destroy(mgf1);
-				destroy(this);
-				return NULL;
-			}
-			octet_count += hash_len;
-			i = 0;
+			bitspender->destroy(bitspender);
+			destroy(this);
+			return NULL;
 		}
-		if (octets[i] < 243)  /* 243 = 3^5 */ 
+		if (octet < 243)  /* 243 = 3^5 */
 		{		
-			ntru_octet_2_trits(octets[i], (trits_needed < 5) ? buf : trits);
+			ntru_octet_2_trits(octet, (trits_needed < 5) ? buf : trits);
 			if (trits_needed < 5)
 			{
 				memcpy(trits, buf, trits_needed);
@@ -120,11 +112,8 @@ ntru_trits_t *ntru_trits_create(size_t len, hash_algorithm_t alg, chunk_t seed)
 			trits += 5;
 			trits_needed -= 5;
 		}
-		i++;
 	}
-	DBG2(DBG_LIB, "MGF1 generates %u octets to extract %u trits",
-				   octet_count, len);
-	mgf1->destroy(mgf1);
+	bitspender->destroy(bitspender);
 
 	return &this->public;
 }