New upstream version 5.5.1

13 files changed, 151 insertions, 86 deletions

diff --git a/src/libstrongswan/plugins/ntru/Makefile.in b/src/libstrongswan/plugins/ntru/Makefile.in
index fd123a118..5cbba3920 100644
--- a/src/libstrongswan/plugins/ntru/Makefile.in
+++ b/src/libstrongswan/plugins/ntru/Makefile.in
@@ -352,7 +352,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -386,8 +385,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -441,6 +438,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/ntru/ntru_ke.c b/src/libstrongswan/plugins/ntru/ntru_ke.c
index efc660bed..17309b149 100644
--- a/src/libstrongswan/plugins/ntru/ntru_ke.c
+++ b/src/libstrongswan/plugins/ntru/ntru_ke.c
@@ -25,22 +25,22 @@
 typedef struct private_ntru_ke_t private_ntru_ke_t;
 
 /* Best bandwidth and speed, no X9.98 compatibility */
-static ntru_param_set_id_t param_sets_optimum[] = {
+static const ntru_param_set_id_t param_sets_optimum[] = {
 	NTRU_EES401EP2, NTRU_EES439EP1, NTRU_EES593EP1, NTRU_EES743EP1
 };
 
 /* X9.98/IEEE 1363.1 parameter sets for best speed */
-static ntru_param_set_id_t param_sets_x9_98_speed[] = {
+static const ntru_param_set_id_t param_sets_x9_98_speed[] = {
 	NTRU_EES659EP1, NTRU_EES761EP1, NTRU_EES1087EP1, NTRU_EES1499EP1
 };
 
 /* X9.98/IEEE 1363.1 parameter sets for best bandwidth (smallest size) */
-static ntru_param_set_id_t param_sets_x9_98_bandwidth[] = {
+static const ntru_param_set_id_t param_sets_x9_98_bandwidth[] = {
 	NTRU_EES401EP1, NTRU_EES449EP1, NTRU_EES677EP1, NTRU_EES1087EP2
 };
 
 /* X9.98/IEEE 1363.1 parameter sets balancing speed and bandwidth */
-static ntru_param_set_id_t param_sets_x9_98_balance[] = {
+static const ntru_param_set_id_t param_sets_x9_98_balance[] = {
 	NTRU_EES541EP1, NTRU_EES613EP1, NTRU_EES887EP1, NTRU_EES1171EP1
 };
 
@@ -61,7 +61,7 @@ struct private_ntru_ke_t {
 	/**
 	 * NTRU Parameter Set
 	 */
-	ntru_param_set_t *param_set;
+	const ntru_param_set_t *param_set;
 
 	/**
 	 * Cryptographical strength in bits of the NTRU Parameter Set
@@ -243,7 +243,8 @@ METHOD(diffie_hellman_t, destroy, void,
 ntru_ke_t *ntru_ke_create(diffie_hellman_group_t group, chunk_t g, chunk_t p)
 {
 	private_ntru_ke_t *this;
-	ntru_param_set_id_t *param_sets, param_set_id;
+	const ntru_param_set_id_t *param_sets;
+	ntru_param_set_id_t param_set_id;
 	rng_t *entropy;
 	ntru_drbg_t *drbg;
 	char *parameter_set;
diff --git a/src/libstrongswan/plugins/ntru/ntru_param_set.c b/src/libstrongswan/plugins/ntru/ntru_param_set.c
index 4af1e3091..3b2716e28 100644
--- a/src/libstrongswan/plugins/ntru/ntru_param_set.c
+++ b/src/libstrongswan/plugins/ntru/ntru_param_set.c
@@ -41,7 +41,7 @@ ENUM(ntru_param_set_id_names, NTRU_EES401EP1, NTRU_EES743EP1,
 /**
  * NTRU encryption parameter set definitions
  */
-static ntru_param_set_t ntru_param_sets[] = {
+static const ntru_param_set_t ntru_param_sets[] = {
 
 	/* X9.98/IEEE 1363.1 parameter sets for best bandwidth (smallest size) */
     {
@@ -340,7 +340,7 @@ static ntru_param_set_t ntru_param_sets[] = {
 /**
  * See header.
  */
-ntru_param_set_t* ntru_param_set_get_by_id(ntru_param_set_id_t id)
+const ntru_param_set_t* ntru_param_set_get_by_id(ntru_param_set_id_t id)
 {
 	int i;
 
@@ -358,7 +358,7 @@ ntru_param_set_t* ntru_param_set_get_by_id(ntru_param_set_id_t id)
 /**
  * See header.
  */
-ntru_param_set_t* ntru_param_set_get_by_oid(uint8_t const *oid)
+const ntru_param_set_t* ntru_param_set_get_by_oid(uint8_t const *oid)
 {
 	int i;
 
diff --git a/src/libstrongswan/plugins/ntru/ntru_param_set.h b/src/libstrongswan/plugins/ntru/ntru_param_set.h
index df4e55333..3ec0f833f 100644
--- a/src/libstrongswan/plugins/ntru/ntru_param_set.h
+++ b/src/libstrongswan/plugins/ntru/ntru_param_set.h
@@ -80,23 +80,81 @@ extern enum_name_t *ntru_param_set_id_names;
  * NTRU encryption parameter set definitions
  */
 struct ntru_param_set_t {
-	ntru_param_set_id_t id;     /* NTRU parameter set ID */
-	uint8_t  oid[NTRU_OID_LEN]; /* pointer to OID */
-	uint8_t  der_id;            /* parameter-set DER id */
-	uint8_t  N_bits;            /* no. of bits in N (i.e. in an index */
-	uint16_t N;                 /* ring dimension */
-	uint16_t sec_strength_len;  /* no. of octets of security strength */
-	uint16_t q;                 /* big modulus */
-	uint8_t  q_bits;            /* no. of bits in q (i.e. in a coefficient */
-	bool     is_product_form;   /* if product form used */
-	uint32_t dF_r;              /* no. of +1 or -1 coefficients in ring elements
-                                   F, r */
-	uint16_t dg;                /* no. - 1 of +1 coefficients or
-                                   no. of -1 coefficients in ring element g */
-	uint16_t m_len_max;         /* max no. of plaintext octets */
-	uint16_t min_msg_rep_wt;    /* min. message representative weight */
-	uint8_t  c_bits;            /* no. bits in candidate for deriving an index */
-	uint8_t  m_len_len;         /* no. of octets to hold mLenOctets */
+
+    /**
+	 * NTRU parameter set ID
+	 */
+	const ntru_param_set_id_t id;
+
+	/**
+	 * pointer to OID
+	 */
+	const uint8_t oid[NTRU_OID_LEN];
+
+	/**
+	 * parameter-set DER id
+	 */
+	const uint8_t der_id;
+
+	/**
+	 * no. of bits in N (i.e. in an index
+	 */
+	const uint8_t N_bits;
+
+	/**
+	 * ring dimension
+	 */
+	const uint16_t N;
+
+	/**
+	 * no. of octets of security strength
+	 */
+	const uint16_t sec_strength_len;
+
+	/**
+	 * big modulus
+	 */
+	const uint16_t q;
+
+	/**
+	 * no. of bits in q (i.e. in a coefficient)
+	 */
+	const uint8_t q_bits;
+
+	/**
+	 * if product form used
+	 */
+	const bool is_product_form;
+
+	/**
+	 * no. of +1 or -1 coefficients in ring elements F, r
+	 */
+	const uint32_t dF_r;
+
+	/**
+	 * no. - 1 of +1 coefficients or no. of -1 coefficients in ring element g
+	 */
+	const uint16_t dg;
+
+	/**
+	 * max no. of plaintext octets
+	 */
+	const uint16_t m_len_max;
+
+	/**
+	 * min. message representative weight
+	 */
+	const uint16_t min_msg_rep_wt;
+
+	/**
+	 * no. bits in candidate for deriving an index
+	 */
+	const uint8_t  c_bits;
+
+	/**
+	 * no. of octets to hold mLenOctets
+	 */
+	const uint8_t  m_len_len;
 };
 
 /**
@@ -105,7 +163,7 @@ struct ntru_param_set_t {
  * @param id	NTRU parameter set ID
  * @return		NTRU parameter set
 */
-ntru_param_set_t* ntru_param_set_get_by_id(ntru_param_set_id_t id);
+const ntru_param_set_t* ntru_param_set_get_by_id(ntru_param_set_id_t id);
 
 /**
  * Get NTRU encryption parameter set by NTRU parameter set OID
@@ -113,6 +171,6 @@ ntru_param_set_t* ntru_param_set_get_by_id(ntru_param_set_id_t id);
  * @param oid	NTRU parameter set OID
  * @return		NTRU parameter set
 */
-ntru_param_set_t* ntru_param_set_get_by_oid(uint8_t const *oid);
+const ntru_param_set_t* ntru_param_set_get_by_oid(uint8_t const *oid);
 
 #endif /** NTRU_PARAM_SET_H_ @}*/
diff --git a/src/libstrongswan/plugins/ntru/ntru_plugin.c b/src/libstrongswan/plugins/ntru/ntru_plugin.c
index 66be7c75b..dc6bd3167 100644
--- a/src/libstrongswan/plugins/ntru/ntru_plugin.c
+++ b/src/libstrongswan/plugins/ntru/ntru_plugin.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2016 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -43,13 +43,21 @@ METHOD(plugin_t, get_features, int,
 	static plugin_feature_t f[] = {
 		PLUGIN_REGISTER(DH, ntru_ke_create),
 			PLUGIN_PROVIDE(DH, NTRU_112_BIT),
+				PLUGIN_DEPENDS(RNG, RNG_TRUE),
+				PLUGIN_DEPENDS(SIGNER, AUTH_HMAC_SHA2_256_256),
+				PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA1),
 			PLUGIN_PROVIDE(DH, NTRU_128_BIT),
+				PLUGIN_DEPENDS(RNG, RNG_TRUE),
+				PLUGIN_DEPENDS(SIGNER, AUTH_HMAC_SHA2_256_256),
+				PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA1),
 			PLUGIN_PROVIDE(DH, NTRU_192_BIT),
+				PLUGIN_DEPENDS(RNG, RNG_TRUE),
+				PLUGIN_DEPENDS(SIGNER, AUTH_HMAC_SHA2_256_256),
+				PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA256),
 			PLUGIN_PROVIDE(DH, NTRU_256_BIT),
 				PLUGIN_DEPENDS(RNG, RNG_TRUE),
 				PLUGIN_DEPENDS(SIGNER, AUTH_HMAC_SHA2_256_256),
-				PLUGIN_DEPENDS(HASHER, HASH_SHA256),
-				PLUGIN_SDEPEND(HASHER, HASH_SHA1)
+				PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA256),
 	};
 	*features = f;
 
diff --git a/src/libstrongswan/plugins/ntru/ntru_poly.c b/src/libstrongswan/plugins/ntru/ntru_poly.c
index cb11601cd..b2fca2f7f 100644
--- a/src/libstrongswan/plugins/ntru/ntru_poly.c
+++ b/src/libstrongswan/plugins/ntru/ntru_poly.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014 Andreas Steffen
+ * Copyright (C) 2014-2016 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2009-2013  Security Innovation
@@ -17,7 +17,7 @@
 
 #include "ntru_poly.h"
 
-#include <crypto/mgf1/mgf1_bitspender.h>
+#include <crypto/xofs/xof_bitspender.h>
 #include <utils/debug.h>
 #include <utils/test.h>
 
@@ -290,8 +290,9 @@ static private_ntru_poly_t* ntru_poly_create(uint16_t N, uint16_t q,
 /*
  * Described in header.
  */
-ntru_poly_t *ntru_poly_create_from_seed(hash_algorithm_t alg, chunk_t seed,
-										uint8_t c_bits, uint16_t N, uint16_t q,
+ntru_poly_t *ntru_poly_create_from_seed(ext_out_function_t mgf1_type,
+										chunk_t seed, uint8_t c_bits,
+										uint16_t N, uint16_t q,
 										uint32_t indices_len_p,
 										uint32_t indices_len_m,
 										bool is_product_form)
@@ -300,9 +301,9 @@ ntru_poly_t *ntru_poly_create_from_seed(hash_algorithm_t alg, chunk_t seed,
 	int n, num_indices, index_i = 0;
 	uint32_t index, limit;
 	uint8_t *used;
-	mgf1_bitspender_t *bitspender;
+	xof_bitspender_t *bitspender;
 
-	bitspender = mgf1_bitspender_create(alg, seed, TRUE);
+	bitspender = xof_bitspender_create(mgf1_type, seed, TRUE);
 	if (!bitspender)
 	{
 	    return NULL;
diff --git a/src/libstrongswan/plugins/ntru/ntru_poly.h b/src/libstrongswan/plugins/ntru/ntru_poly.h
index 87c77103c..765b72bdd 100644
--- a/src/libstrongswan/plugins/ntru/ntru_poly.h
+++ b/src/libstrongswan/plugins/ntru/ntru_poly.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014 Andreas Steffen
+ * Copyright (C) 2014-2016 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -24,6 +24,7 @@
 typedef struct ntru_poly_t ntru_poly_t;
 
 #include <library.h>
+#include <crypto/xofs/xof.h>
 
 /**
  * Implements a trinary polynomial storing the indices of non-zero coefficients 
@@ -63,9 +64,9 @@ struct ntru_poly_t {
 };
 
 /**
- * Create a trits polynomial from a seed using MGF1 with a base hash function
+ * Create a trits polynomial from a seed using MGF1
  *
- * @param alg				hash algorithm to be used by MGF1
+ * @param alg				MGF1 algorithm used(XOF_MGF1_SHA1 or XOF_MGF_SHA256)
  * @param seed				seed used by MGF1 to generate trits from
  * @param N					ring dimension, number of polynomial coefficients
  * @param q					large modulus
@@ -74,7 +75,7 @@ struct ntru_poly_t {
  * @param indices_len_m		number of indices for -1 coefficients
  * @param is_product_form	generate multiple polynomials
  */
-ntru_poly_t *ntru_poly_create_from_seed(hash_algorithm_t alg, chunk_t seed,
+ntru_poly_t *ntru_poly_create_from_seed(ext_out_function_t alg,	chunk_t seed,
 										uint8_t c_bits, uint16_t N, uint16_t q,
 										uint32_t indices_len_p,
 										uint32_t indices_len_m,
diff --git a/src/libstrongswan/plugins/ntru/ntru_private_key.c b/src/libstrongswan/plugins/ntru/ntru_private_key.c
index fa87fe9c3..844c8baf3 100644
--- a/src/libstrongswan/plugins/ntru/ntru_private_key.c
+++ b/src/libstrongswan/plugins/ntru/ntru_private_key.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014 Andreas Steffen
+ * Copyright (C) 2014-2016 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2009-2013  Security Innovation
@@ -38,7 +38,7 @@ struct private_ntru_private_key_t {
 	/**
 	 * NTRU Parameter Set
 	 */
-	ntru_param_set_t *params;
+	const ntru_param_set_t *params;
 
 	/**
 	 * Polynomial F which is the private key
@@ -178,7 +178,7 @@ bool ntru_check_min_weight(uint16_t N, uint8_t  *t, uint16_t min_wt)
 METHOD(ntru_private_key_t, decrypt, bool,
 	private_ntru_private_key_t *this, chunk_t ciphertext, chunk_t *plaintext)
 {
-	hash_algorithm_t hash_algid;
+	ext_out_function_t alg;
 	size_t t_len, seed1_len, seed2_len;
 	uint16_t *t1, *t2, *t = NULL;
     uint16_t mod_q_mask, q_mod_p, cmprime_len, cm_len = 0, num_zeros;
@@ -206,9 +206,9 @@ METHOD(ntru_private_key_t, decrypt, bool,
 	Mtrin = (uint8_t *)t1;
 	M = Mtrin + this->params->N;
 
-	/* set hash algorithm based on security strength */
-	hash_algid = (this->params->sec_strength_len <= 20) ? HASH_SHA1 :
-														  HASH_SHA256;
+	/* set MGF1 algorithm type based on security strength */
+	alg = (this->params->sec_strength_len <= 20) ? XOF_MGF1_SHA1 :
+												   XOF_MGF1_SHA256;
 
 	/* set constants */
 	mod_q_mask = this->params->q - 1;
@@ -307,7 +307,7 @@ METHOD(ntru_private_key_t, decrypt, bool,
 	ntru_coeffs_mod4_2_octets(this->params->N, t2, seed.ptr);
 
 	/* form mask */
-	mask = ntru_trits_create(this->params->N, hash_algid, seed);
+	mask = ntru_trits_create(this->params->N, alg, seed);
 	if (!mask)
 	{
 		DBG1(DBG_LIB, "mask creation failed");
@@ -390,9 +390,8 @@ METHOD(ntru_private_key_t, decrypt, bool,
 
 	/* generate cr */
 	DBG2(DBG_LIB, "generate polynomial r");
-	r_poly = ntru_poly_create_from_seed(hash_algid, seed,
-						this->params->c_bits, this->params->N,
-						this->params->q, this->params->dF_r,
+	r_poly = ntru_poly_create_from_seed(alg, seed, this->params->c_bits,
+						this->params->N, this->params->q, this->params->dF_r,
 						this->params->dF_r, this->params->is_product_form);
 	if (!r_poly)
 	{
@@ -642,13 +641,13 @@ static bool ring_inv(uint16_t *a, uint16_t N, uint16_t q, uint16_t *t,
  * Described in header.
  */
 ntru_private_key_t *ntru_private_key_create(ntru_drbg_t *drbg,
-											ntru_param_set_t *params)
+											const ntru_param_set_t *params)
 {
 	private_ntru_private_key_t *this;
 	size_t t_len;
 	uint16_t *t1, *t2, *t = NULL;
 	uint16_t mod_q_mask;
-    hash_algorithm_t hash_algid;
+    ext_out_function_t alg;
 	ntru_poly_t *g_poly;
 	chunk_t	seed;
 	int i;
@@ -667,14 +666,8 @@ ntru_private_key_t *ntru_private_key_create(ntru_drbg_t *drbg,
 	);
 
 	/* set hash algorithm and seed length based on security strength */
-	if (params->sec_strength_len <= 20)
-	{
-		hash_algid = HASH_SHA1;
-	}
-	else
-	{
-		hash_algid = HASH_SHA256;
-	}
+	alg = (params->sec_strength_len <= 20) ? XOF_MGF1_SHA1 :
+											 XOF_MGF1_SHA256;
 	seed =chunk_alloc(params->sec_strength_len + 8);
 
 	/* get random seed for generating trinary F as a list of indices */
@@ -685,7 +678,7 @@ ntru_private_key_t *ntru_private_key_create(ntru_drbg_t *drbg,
 	}
 
 	DBG2(DBG_LIB, "generate polynomial F");
-	this->privkey = ntru_poly_create_from_seed(hash_algid, seed, params->c_bits,
+	this->privkey = ntru_poly_create_from_seed(alg, seed, params->c_bits,
 											   params->N, params->q,
 											   params->dF_r, params->dF_r,
 											   params->is_product_form);
@@ -729,7 +722,7 @@ ntru_private_key_t *ntru_private_key_create(ntru_drbg_t *drbg,
 	}
 
 	DBG2(DBG_LIB, "generate polynomial g");
-	g_poly = ntru_poly_create_from_seed(hash_algid, seed, params->c_bits,
+	g_poly = ntru_poly_create_from_seed(alg, seed, params->c_bits,
 										params->N, params->q, params->dg + 1,
 										params->dg, FALSE);
 	if (!g_poly)
@@ -775,7 +768,7 @@ ntru_private_key_t *ntru_private_key_create_from_data(ntru_drbg_t *drbg,
 	size_t privkey_packed_trits_len, privkey_packed_indices_len;
 	uint8_t *privkey_packed, tag;
 	uint16_t *indices, dF;
-	ntru_param_set_t *params;
+	const ntru_param_set_t *params;
 
 	header_len = 2 + NTRU_OID_LEN;
 
diff --git a/src/libstrongswan/plugins/ntru/ntru_private_key.h b/src/libstrongswan/plugins/ntru/ntru_private_key.h
index c6f08440f..ced806d7a 100644
--- a/src/libstrongswan/plugins/ntru/ntru_private_key.h
+++ b/src/libstrongswan/plugins/ntru/ntru_private_key.h
@@ -77,7 +77,8 @@ struct ntru_private_key_t {
  * @param drbg			Digital Random Bit Generator used for key generation
  * @param params		NTRU encryption parameter set to be used
  */
-ntru_private_key_t *ntru_private_key_create(ntru_drbg_t *drbg, ntru_param_set_t *params);
+ntru_private_key_t *ntru_private_key_create(ntru_drbg_t *drbg,
+											const ntru_param_set_t *params);
 
 /**
  * Creates an NTRU encryption private key from encoding
diff --git a/src/libstrongswan/plugins/ntru/ntru_public_key.c b/src/libstrongswan/plugins/ntru/ntru_public_key.c
index a2ff1b2b0..36d9abf0a 100644
--- a/src/libstrongswan/plugins/ntru/ntru_public_key.c
+++ b/src/libstrongswan/plugins/ntru/ntru_public_key.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014 Andreas Steffen
+ * Copyright (C) 2014-2016 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * Copyright (C) 2009-2013  Security Innovation
@@ -37,7 +37,7 @@ struct private_ntru_public_key_t {
 	/**
 	 * NTRU Parameter Set
 	 */
-	ntru_param_set_t *params;
+	const ntru_param_set_t *params;
 
 	/**
 	 * Polynomial h which is the public key
@@ -102,7 +102,7 @@ extern bool ntru_check_min_weight(uint16_t N, uint8_t  *t, uint16_t min_wt);
 METHOD(ntru_public_key_t, encrypt, bool,
 	private_ntru_public_key_t *this, chunk_t plaintext, chunk_t *ciphertext)
 {
-	hash_algorithm_t hash_algid;
+	ext_out_function_t alg;
 	size_t t_len, seed1_len, seed2_len;
 	uint16_t *t1, *t = NULL;
 	uint8_t b[MAX_SEC_STRENGTH_LEN];
@@ -139,8 +139,8 @@ METHOD(ntru_public_key_t, encrypt, bool,
 	M = Mtrin + this->params->N;
 
 	/* set hash algorithm based on security strength */
-	hash_algid = (this->params->sec_strength_len <= 20) ? HASH_SHA1 :
-														  HASH_SHA256;
+	alg = (this->params->sec_strength_len <= 20) ? XOF_MGF1_SHA1 :
+												   XOF_MGF1_SHA256;
 	/* set constants */
 	mod_q_mask = this->params->q - 1;
 
@@ -173,7 +173,7 @@ METHOD(ntru_public_key_t, encrypt, bool,
 		seed.len = seed2_len;
 
 		DBG2(DBG_LIB, "generate polynomial r");
-		r_poly = ntru_poly_create_from_seed(hash_algid, seed, this->params->c_bits,
+		r_poly = ntru_poly_create_from_seed(alg, seed, this->params->c_bits,
 											this->params->N, this->params->q,
 											this->params->dF_r, this->params->dF_r,
 											this->params->is_product_form);
@@ -191,7 +191,7 @@ METHOD(ntru_public_key_t, encrypt, bool,
 		seed.len = seed1_len;
 
 		/* form mask */
-		mask = ntru_trits_create(this->params->N, hash_algid, seed);
+		mask = ntru_trits_create(this->params->N, alg, seed);
 		if (!mask)
 		{
 			DBG1(DBG_LIB, "mask creation failed");
@@ -320,7 +320,7 @@ METHOD(ntru_public_key_t, destroy, void,
  * Described in header.
  */
 ntru_public_key_t *ntru_public_key_create(ntru_drbg_t *drbg,
-										  ntru_param_set_t *params,
+										  const ntru_param_set_t *params,
 										  uint16_t *pubkey)
 {
 	private_ntru_public_key_t *this;
@@ -357,7 +357,7 @@ ntru_public_key_t *ntru_public_key_create_from_data(ntru_drbg_t *drbg,
 {
 	private_ntru_public_key_t *this;
 	size_t header_len, pubkey_packed_len;
-	ntru_param_set_t *params;
+	const ntru_param_set_t *params;
 
 	header_len = 2 + NTRU_OID_LEN;
 
diff --git a/src/libstrongswan/plugins/ntru/ntru_public_key.h b/src/libstrongswan/plugins/ntru/ntru_public_key.h
index baa8eabcd..4f098f28c 100644
--- a/src/libstrongswan/plugins/ntru/ntru_public_key.h
+++ b/src/libstrongswan/plugins/ntru/ntru_public_key.h
@@ -71,7 +71,7 @@ struct ntru_public_key_t {
  * @param pubkey		Coefficients of public key polynomial h
  */
 ntru_public_key_t *ntru_public_key_create(ntru_drbg_t *drbg,
-										  ntru_param_set_t *params,
+										  const ntru_param_set_t *params,
 										  uint16_t *pubkey);
 
 /**
diff --git a/src/libstrongswan/plugins/ntru/ntru_trits.c b/src/libstrongswan/plugins/ntru/ntru_trits.c
index 57b3532ef..0bbbcc178 100644
--- a/src/libstrongswan/plugins/ntru/ntru_trits.c
+++ b/src/libstrongswan/plugins/ntru/ntru_trits.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013-2014 Andreas Steffen
+ * Copyright (C) 2013-2016 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -16,7 +16,7 @@
 #include "ntru_trits.h"
 #include "ntru_convert.h"
 
-#include <crypto/mgf1/mgf1_bitspender.h>
+#include <crypto/xofs/xof_bitspender.h>
 #include <utils/debug.h>
 #include <utils/test.h>
 
@@ -67,14 +67,15 @@ METHOD(ntru_trits_t, destroy, void,
 /*
  * Described in header.
  */
-ntru_trits_t *ntru_trits_create(size_t len, hash_algorithm_t alg, chunk_t seed)
+ntru_trits_t *ntru_trits_create(size_t len, ext_out_function_t alg,
+								chunk_t seed)
 {
 	private_ntru_trits_t *this;
 	uint8_t octet, buf[5], *trits;
 	size_t trits_needed;
-	mgf1_bitspender_t *bitspender;
+	xof_bitspender_t *bitspender;
 
-	bitspender = mgf1_bitspender_create(alg, seed, TRUE);
+	bitspender = xof_bitspender_create(alg, seed, TRUE);
 	if (!bitspender)
 	{
 	    return NULL;
diff --git a/src/libstrongswan/plugins/ntru/ntru_trits.h b/src/libstrongswan/plugins/ntru/ntru_trits.h
index 524c51bac..e489aae7a 100644
--- a/src/libstrongswan/plugins/ntru/ntru_trits.h
+++ b/src/libstrongswan/plugins/ntru/ntru_trits.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2013-2016 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -24,6 +24,7 @@
 typedef struct ntru_trits_t ntru_trits_t;
 
 #include <library.h>
+#include <crypto/xofs/xof.h>
 
 /**
  * Implements an array of trinary elements (trits) 
@@ -52,10 +53,11 @@ struct ntru_trits_t {
  * Create a trits array from a seed using MGF1 with a base hash function
  *
  * @param size			size of the trits array
- * @param alg			hash algorithm to be used by MGF1
+ * @param alg			MGF1 algorithm used (XOF_MGF1_SHA1 or XOF_MGF_SHA256)
  * @param seed			seed used by MGF1 to generate trits from
  */
-ntru_trits_t *ntru_trits_create(size_t size, hash_algorithm_t alg, chunk_t seed);
+ntru_trits_t *ntru_trits_create(size_t size, ext_out_function_t alg,
+								chunk_t seed);
 
 #endif /** NTRU_TRITS_H_ @}*/