[Pkg-swan-devel] [strongswan] 01/09: New upstream version 5.5.1

Yves-Alexis Perez corsac at moszumanska.debian.org
Sat Oct 22 19:38:26 UTC 2016


This is an automated email from the git hooks/post-receive script.

corsac pushed a commit to branch master
in repository strongswan.

commit 25663e04c3ab01ef8dc9f906608282319cfea2db
Author: Yves-Alexis Perez <corsac at debian.org>
Date:   Thu Oct 20 16:18:38 2016 +0200

    New upstream version 5.5.1
---
 Android.common.mk                                  |    2 +-
 Makefile.am                                        |    2 +-
 Makefile.in                                        |    7 +-
 NEWS                                               |   36 +
 conf/Makefile.am                                   |    2 +
 conf/Makefile.in                                   |    7 +-
 conf/options/aikpub2.conf                          |    7 +
 conf/options/aikpub2.opt                           |    2 +
 conf/options/charon-nm.conf                        |    8 +
 conf/options/charon-nm.opt                         |    3 +
 conf/options/charon.conf                           |   15 +-
 conf/options/charon.opt                            |   15 +-
 conf/plugins/kernel-netlink.conf                   |   27 +-
 conf/plugins/kernel-netlink.opt                    |   43 +-
 conf/strongswan.conf.5.main                        |   69 +-
 config.h.in                                        |    5 +-
 configure                                          |  470 ++--
 configure.ac                                       |   54 +-
 init/Makefile.in                                   |    5 +-
 init/systemd-swanctl/Makefile.in                   |    5 +-
 init/systemd/Makefile.in                           |    5 +-
 man/Makefile.in                                    |    5 +-
 man/ipsec.conf.5.in                                |   36 +-
 scripts/Makefile.in                                |    5 +-
 src/Makefile.in                                    |    5 +-
 src/_copyright/Makefile.in                         |    5 +-
 src/_updown/Makefile.in                            |    5 +-
 src/aikgen/Makefile.in                             |    5 +-
 src/aikpub2/Makefile.in                            |    5 +-
 src/charon-cmd/Makefile.in                         |    5 +-
 src/charon-nm/Makefile.am                          |    5 +
 src/charon-nm/Makefile.in                          |   83 +-
 src/charon-nm/nm-strongswan-service.conf           |   15 +
 src/charon-nm/nm/nm_service.c                      |   56 +-
 src/charon-svc/Makefile.in                         |    5 +-
 src/charon-systemd/Makefile.in                     |    5 +-
 src/charon-tkm/Makefile.in                         |    5 +-
 src/charon-tkm/build_common.gpr                    |    3 +-
 src/charon-tkm/src/charon-tkm.c                    |    5 +-
 src/charon/Makefile.in                             |    5 +-
 src/checksum/Makefile.am                           |    9 +
 src/checksum/Makefile.in                           |   65 +-
 src/conftest/Makefile.in                           |    5 +-
 src/dumm/Makefile.in                               |    5 +-
 src/include/Makefile.in                            |    5 +-
 src/include/linux/xfrm.h                           |   22 +
 src/ipsec/Makefile.in                              |    5 +-
 src/ipsec/_ipsec.8                                 |    2 +-
 src/libcharon/Makefile.am                          |    7 -
 src/libcharon/Makefile.in                          |  141 +-
 src/libcharon/bus/bus.c                            |  101 +-
 src/libcharon/bus/bus.h                            |   35 +-
 src/libcharon/bus/listeners/listener.h             |   38 +-
 src/libcharon/config/child_cfg.c                   |   14 +
 src/libcharon/config/child_cfg.h                   |   10 +
 src/libcharon/config/ike_cfg.h                     |    2 +-
 src/libcharon/config/proposal.c                    |  127 +-
 src/libcharon/encoding/message.c                   |    4 +-
 .../encoding/payloads/proposal_substructure.c      |   15 +-
 src/libcharon/plugins/addrblock/Makefile.in        |    5 +-
 src/libcharon/plugins/android_dns/Makefile.in      |    5 +-
 src/libcharon/plugins/android_log/Makefile.in      |    5 +-
 src/libcharon/plugins/attr/Makefile.in             |    5 +-
 src/libcharon/plugins/attr_sql/Makefile.in         |    5 +-
 src/libcharon/plugins/certexpire/Makefile.in       |    5 +-
 src/libcharon/plugins/connmark/Makefile.in         |    5 +-
 src/libcharon/plugins/coupling/Makefile.in         |    5 +-
 src/libcharon/plugins/dhcp/Makefile.in             |    5 +-
 src/libcharon/plugins/dnscert/Makefile.in          |    5 +-
 src/libcharon/plugins/dnscert/dnscert_cred.c       |   19 +-
 src/libcharon/plugins/duplicheck/Makefile.in       |    5 +-
 src/libcharon/plugins/eap_aka/Makefile.in          |    5 +-
 src/libcharon/plugins/eap_aka_3gpp2/Makefile.in    |    5 +-
 src/libcharon/plugins/eap_dynamic/Makefile.in      |    5 +-
 src/libcharon/plugins/eap_gtc/Makefile.in          |    5 +-
 src/libcharon/plugins/eap_identity/Makefile.in     |    5 +-
 src/libcharon/plugins/eap_md5/Makefile.in          |    5 +-
 src/libcharon/plugins/eap_mschapv2/Makefile.in     |    5 +-
 src/libcharon/plugins/eap_peap/Makefile.in         |    5 +-
 src/libcharon/plugins/eap_peap/eap_peap_server.c   |    4 +-
 src/libcharon/plugins/eap_radius/Makefile.in       |    5 +-
 src/libcharon/plugins/eap_sim/Makefile.in          |    5 +-
 src/libcharon/plugins/eap_sim_file/Makefile.in     |    5 +-
 src/libcharon/plugins/eap_sim_pcsc/Makefile.in     |    5 +-
 .../plugins/eap_simaka_pseudonym/Makefile.in       |    5 +-
 .../plugins/eap_simaka_reauth/Makefile.in          |    5 +-
 src/libcharon/plugins/eap_simaka_sql/Makefile.in   |    5 +-
 src/libcharon/plugins/eap_tls/Makefile.in          |    5 +-
 src/libcharon/plugins/eap_tnc/Makefile.in          |    5 +-
 src/libcharon/plugins/eap_ttls/Makefile.in         |    5 +-
 src/libcharon/plugins/error_notify/Makefile.in     |    5 +-
 src/libcharon/plugins/ext_auth/Makefile.in         |    5 +-
 src/libcharon/plugins/farp/Makefile.in             |    5 +-
 src/libcharon/plugins/forecast/Makefile.in         |    5 +-
 src/libcharon/plugins/ha/Makefile.in               |    5 +-
 src/libcharon/plugins/ipseckey/Makefile.in         |    5 +-
 src/libcharon/plugins/ipseckey/ipseckey_cred.c     |   28 +-
 src/libcharon/plugins/kernel_iph/Makefile.in       |    5 +-
 src/libcharon/plugins/kernel_libipsec/Makefile.in  |    5 +-
 src/libcharon/plugins/kernel_netlink/Makefile.in   |    5 +-
 .../plugins/kernel_netlink/kernel_netlink_ipsec.c  |  113 +-
 .../plugins/kernel_netlink/kernel_netlink_net.c    |  190 +-
 src/libcharon/plugins/kernel_pfkey/Makefile.in     |    5 +-
 src/libcharon/plugins/kernel_pfroute/Makefile.in   |    5 +-
 src/libcharon/plugins/kernel_wfp/Makefile.in       |    5 +-
 src/libcharon/plugins/led/Makefile.in              |    5 +-
 src/libcharon/plugins/load_tester/Makefile.in      |    5 +-
 src/libcharon/plugins/lookip/Makefile.in           |    5 +-
 src/libcharon/plugins/maemo/Makefile.am            |   29 -
 src/libcharon/plugins/maemo/Makefile.in            |  830 -------
 src/libcharon/plugins/maemo/maemo_service.c        |  530 -----
 .../plugins/maemo/org.strongswan.charon.service.in |    4 -
 src/libcharon/plugins/medcli/Makefile.in           |    5 +-
 src/libcharon/plugins/medsrv/Makefile.in           |    5 +-
 src/libcharon/plugins/osx_attr/Makefile.in         |    5 +-
 src/libcharon/plugins/p_cscf/Makefile.in           |    5 +-
 src/libcharon/plugins/radattr/Makefile.in          |    5 +-
 src/libcharon/plugins/resolve/Makefile.in          |    5 +-
 src/libcharon/plugins/smp/Makefile.in              |    5 +-
 src/libcharon/plugins/socket_default/Makefile.in   |    5 +-
 src/libcharon/plugins/socket_dynamic/Makefile.in   |    5 +-
 src/libcharon/plugins/socket_win/Makefile.in       |    5 +-
 src/libcharon/plugins/sql/Makefile.in              |    5 +-
 src/libcharon/plugins/stroke/Makefile.in           |    5 +-
 src/libcharon/plugins/stroke/stroke_cred.c         |   12 +-
 src/libcharon/plugins/stroke/stroke_list.c         |    9 +
 src/libcharon/plugins/stroke/stroke_socket.c       |    2 +-
 src/libcharon/plugins/systime_fix/Makefile.in      |    5 +-
 src/libcharon/plugins/tnc_ifmap/Makefile.in        |    5 +-
 src/libcharon/plugins/tnc_pdp/Makefile.in          |    5 +-
 src/libcharon/plugins/uci/Makefile.in              |    5 +-
 src/libcharon/plugins/unity/Makefile.in            |    5 +-
 src/libcharon/plugins/updown/Makefile.in           |    5 +-
 src/libcharon/plugins/vici/Makefile.am             |    1 +
 src/libcharon/plugins/vici/Makefile.in             |    6 +-
 src/libcharon/plugins/vici/README.md               |   13 +
 src/libcharon/plugins/vici/perl/Makefile.in        |    5 +-
 .../plugins/vici/perl/Vici-Session/README.pod      |   15 +
 .../vici/perl/Vici-Session/lib/Vici/Session.pm     |    4 +
 src/libcharon/plugins/vici/python/Makefile.in      |    5 +-
 src/libcharon/plugins/vici/python/vici/session.py  |   11 +
 src/libcharon/plugins/vici/ruby/Makefile.in        |    5 +-
 src/libcharon/plugins/vici/ruby/lib/vici.rb        |    6 +
 src/libcharon/plugins/vici/vici_config.c           |   64 +-
 src/libcharon/plugins/vici/vici_cred.c             |   86 +-
 src/libcharon/plugins/vici/vici_cred.h             |   10 +
 src/libcharon/plugins/vici/vici_plugin.c           |    4 +-
 src/libcharon/plugins/vici/vici_query.c            |   10 +
 src/libcharon/plugins/whitelist/Makefile.in        |    5 +-
 src/libcharon/plugins/xauth_eap/Makefile.in        |    5 +-
 src/libcharon/plugins/xauth_generic/Makefile.in    |    5 +-
 src/libcharon/plugins/xauth_noauth/Makefile.in     |    5 +-
 src/libcharon/plugins/xauth_pam/Makefile.in        |    5 +-
 src/libcharon/sa/child_sa.c                        |   41 +-
 src/libcharon/sa/ike_sa.c                          |   19 +-
 src/libcharon/sa/ikev1/keymat_v1.c                 |   25 +-
 src/libcharon/sa/ikev1/task_manager_v1.c           |   17 +-
 src/libcharon/sa/ikev1/tasks/isakmp_vendor.c       |    3 +
 src/libcharon/sa/ikev1/tasks/quick_mode.c          |   40 +-
 .../sa/ikev2/authenticators/pubkey_authenticator.c |    4 +-
 src/libcharon/sa/ikev2/keymat_v2.c                 |   56 +-
 src/libcharon/sa/ikev2/task_manager_v2.c           |   25 +-
 src/libcharon/sa/ikev2/tasks/child_create.c        |   69 +-
 src/libcharon/sa/ikev2/tasks/ike_init.c            |    8 +-
 src/libcharon/tests/Makefile.in                    |    5 +-
 src/libcharon/tests/libcharon_tests.c              |   17 +
 src/libcharon/tests/suites/test_proposal.c         |  100 +-
 src/libfast/Makefile.in                            |    5 +-
 src/libimcv/Makefile.in                            |    5 +-
 src/libimcv/imv/data.sql                           |   18 +
 src/libimcv/plugins/imc_attestation/Makefile.in    |    5 +-
 src/libimcv/plugins/imc_hcd/Makefile.in            |    5 +-
 src/libimcv/plugins/imc_os/Makefile.in             |    5 +-
 src/libimcv/plugins/imc_scanner/Makefile.in        |    5 +-
 src/libimcv/plugins/imc_swid/Makefile.in           |    5 +-
 src/libimcv/plugins/imc_test/Makefile.in           |    5 +-
 src/libimcv/plugins/imv_attestation/Makefile.in    |    5 +-
 src/libimcv/plugins/imv_hcd/Makefile.in            |    5 +-
 src/libimcv/plugins/imv_os/Makefile.in             |    5 +-
 src/libimcv/plugins/imv_scanner/Makefile.in        |    5 +-
 src/libimcv/plugins/imv_swid/Makefile.in           |    5 +-
 src/libimcv/plugins/imv_test/Makefile.in           |    5 +-
 src/libimcv/pts/pts.c                              |   44 +-
 src/libipsec/Makefile.in                           |    5 +-
 src/libipsec/tests/Makefile.in                     |    5 +-
 src/libpttls/Makefile.in                           |    5 +-
 src/libradius/Makefile.in                          |    5 +-
 src/libsimaka/Makefile.in                          |    5 +-
 src/libstrongswan/Android.mk                       |    2 +-
 src/libstrongswan/Makefile.am                      |   45 +-
 src/libstrongswan/Makefile.in                      |  494 ++--
 src/libstrongswan/asn1/oid.c                       |  969 ++++----
 src/libstrongswan/asn1/oid.h                       |   40 +-
 src/libstrongswan/asn1/oid.txt                     |   11 +-
 src/libstrongswan/credentials/auth_cfg.c           |   11 +-
 src/libstrongswan/credentials/keys/public_key.c    |   64 +-
 src/libstrongswan/credentials/keys/public_key.h    |   26 +-
 .../credentials/sets/auth_cfg_wrapper.c            |    2 +-
 src/libstrongswan/credentials/sets/mem_cred.c      |   38 +-
 src/libstrongswan/crypto/crypto_factory.c          |  110 +-
 src/libstrongswan/crypto/crypto_factory.h          |   42 +-
 src/libstrongswan/crypto/crypto_tester.c           |  155 ++
 src/libstrongswan/crypto/crypto_tester.h           |   32 +
 src/libstrongswan/crypto/diffie_hellman.c          |    5 +-
 src/libstrongswan/crypto/diffie_hellman.h          |    1 +
 src/libstrongswan/crypto/hashers/hasher.c          |   27 +-
 src/libstrongswan/crypto/mgf1/mgf1.c               |  180 --
 src/libstrongswan/crypto/mgf1/mgf1.h               |   77 -
 src/libstrongswan/crypto/mgf1/mgf1_bitspender.c    |  208 --
 .../crypto/proposal/proposal_keywords.c            |    2 +-
 .../crypto/proposal/proposal_keywords_static.c     |  239 +-
 .../crypto/proposal/proposal_keywords_static.txt   |    1 +
 src/libstrongswan/crypto/transform.c               |   10 +-
 src/libstrongswan/crypto/transform.h               |    1 +
 src/libstrongswan/crypto/xofs/mgf1.h               |   47 +
 .../tests/bliss_tests.h => crypto/xofs/xof.c}      |   20 +-
 src/libstrongswan/crypto/xofs/xof.h                |  114 +
 src/libstrongswan/crypto/xofs/xof_bitspender.c     |  213 ++
 .../mgf1_bitspender.h => xofs/xof_bitspender.h}    |   38 +-
 src/libstrongswan/library.c                        |   46 +-
 src/libstrongswan/math/libnttfft/Makefile.am       |   15 +
 .../math/libnttfft}/Makefile.in                    |   50 +-
 .../bliss/bliss_fft.c => math/libnttfft/ntt_fft.c} |   66 +-
 .../bliss/bliss_fft.h => math/libnttfft/ntt_fft.h} |   38 +-
 src/libstrongswan/math/libnttfft/ntt_fft_params.c  |  652 +++++
 src/libstrongswan/math/libnttfft/ntt_fft_params.h  |  115 +
 .../libnttfft/ntt_fft_reduce.h}                    |   35 +-
 src/libstrongswan/math/libnttfft/tests/Makefile.am |   21 +
 .../math/libnttfft}/tests/Makefile.in              |  106 +-
 .../math/libnttfft/tests/ntt_fft_tests.c}          |   26 +-
 .../libnttfft/tests/ntt_fft_tests.h}               |   10 +-
 .../libnttfft/tests/suites/test_ntt_fft.c}         |   78 +-
 src/libstrongswan/plugins/acert/Makefile.in        |    5 +-
 src/libstrongswan/plugins/aes/Makefile.in          |    5 +-
 src/libstrongswan/plugins/aesni/Makefile.in        |    5 +-
 src/libstrongswan/plugins/af_alg/Makefile.in       |    5 +-
 src/libstrongswan/plugins/agent/Makefile.in        |    5 +-
 src/libstrongswan/plugins/bliss/Makefile.am        |   21 +-
 src/libstrongswan/plugins/bliss/Makefile.in        |   42 +-
 src/libstrongswan/plugins/bliss/bliss_fft_params.c |  215 --
 src/libstrongswan/plugins/bliss/bliss_fft_params.h |   75 -
 src/libstrongswan/plugins/bliss/bliss_huffman.c    |    2 +-
 src/libstrongswan/plugins/bliss/bliss_param_set.c  |   24 +-
 src/libstrongswan/plugins/bliss/bliss_param_set.h  |   58 +-
 src/libstrongswan/plugins/bliss/bliss_plugin.c     |   16 +-
 .../plugins/bliss/bliss_private_key.c              |   80 +-
 src/libstrongswan/plugins/bliss/bliss_public_key.c |   42 +-
 src/libstrongswan/plugins/bliss/bliss_public_key.h |    8 +-
 src/libstrongswan/plugins/bliss/bliss_sampler.c    |   17 +-
 src/libstrongswan/plugins/bliss/bliss_sampler.h    |    6 +-
 src/libstrongswan/plugins/bliss/bliss_signature.c  |    6 +-
 src/libstrongswan/plugins/bliss/bliss_signature.h  |    4 +-
 src/libstrongswan/plugins/bliss/bliss_utils.c      |   18 +-
 src/libstrongswan/plugins/bliss/bliss_utils.h      |   28 +-
 src/libstrongswan/plugins/bliss/tests/Makefile.am  |    3 +-
 src/libstrongswan/plugins/bliss/tests/Makefile.in  |   28 +-
 .../plugins/bliss/tests/bliss_tests.h              |    3 +-
 .../bliss/tests/suites/test_bliss_sampler.c        |    6 +-
 .../bliss/tests/suites/test_bliss_signature.c      |    4 +-
 src/libstrongswan/plugins/blowfish/Makefile.in     |    5 +-
 src/libstrongswan/plugins/ccm/Makefile.in          |    5 +-
 src/libstrongswan/plugins/chapoly/Makefile.am      |    3 +-
 src/libstrongswan/plugins/chapoly/Makefile.in      |   11 +-
 src/libstrongswan/plugins/chapoly/chapoly_plugin.c |    3 +
 src/libstrongswan/plugins/chapoly/chapoly_xof.c    |  173 ++
 src/libstrongswan/plugins/chapoly/chapoly_xof.h    |   49 +
 src/libstrongswan/plugins/cmac/Makefile.in         |    5 +-
 src/libstrongswan/plugins/constraints/Makefile.in  |    5 +-
 src/libstrongswan/plugins/ctr/Makefile.in          |    5 +-
 src/libstrongswan/plugins/curl/Makefile.in         |    5 +-
 src/libstrongswan/plugins/des/Makefile.in          |    5 +-
 src/libstrongswan/plugins/dnskey/Makefile.in       |    5 +-
 src/libstrongswan/plugins/files/Makefile.in        |    5 +-
 src/libstrongswan/plugins/fips_prf/Makefile.in     |    5 +-
 src/libstrongswan/plugins/gcm/Makefile.in          |    5 +-
 src/libstrongswan/plugins/gcrypt/Makefile.in       |    5 +-
 .../plugins/gcrypt/gcrypt_rsa_private_key.c        |   12 +-
 .../plugins/gcrypt/gcrypt_rsa_public_key.c         |   16 +-
 src/libstrongswan/plugins/gmp/Makefile.in          |    5 +-
 src/libstrongswan/plugins/gmp/gmp_plugin.c         |   40 +-
 .../plugins/gmp/gmp_rsa_private_key.c              |   20 +-
 src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c |   24 +-
 src/libstrongswan/plugins/hmac/Makefile.in         |    5 +-
 src/libstrongswan/plugins/keychain/Makefile.in     |    5 +-
 src/libstrongswan/plugins/ldap/Makefile.in         |    5 +-
 src/libstrongswan/plugins/ldap/ldap_fetcher.c      |    3 +-
 src/libstrongswan/plugins/md4/Makefile.in          |    5 +-
 src/libstrongswan/plugins/md5/Makefile.in          |    5 +-
 src/libstrongswan/plugins/mgf1/Makefile.am         |   17 +
 .../plugins/{xcbc => mgf1}/Makefile.in             |   48 +-
 .../{sha3/sha3_plugin.c => mgf1/mgf1_plugin.c}     |   38 +-
 .../plugins/mgf1/mgf1_plugin.h}                    |   24 +-
 src/libstrongswan/plugins/mgf1/mgf1_xof.c          |  285 +++
 src/libstrongswan/plugins/mgf1/mgf1_xof.h          |   49 +
 src/libstrongswan/plugins/mysql/Makefile.in        |    5 +-
 src/libstrongswan/plugins/newhope/Makefile.am      |   33 +
 .../plugins/{unbound => newhope}/Makefile.in       |   89 +-
 src/libstrongswan/plugins/newhope/newhope_ke.c     |  622 +++++
 src/libstrongswan/plugins/newhope/newhope_ke.h     |   50 +
 src/libstrongswan/plugins/newhope/newhope_noise.c  |  160 ++
 src/libstrongswan/plugins/newhope/newhope_noise.h  |   70 +
 .../plugins/newhope/newhope_plugin.c}              |   53 +-
 .../plugins/newhope/newhope_plugin.h}              |   39 +-
 .../plugins/newhope/newhope_reconciliation.c       |  217 ++
 .../plugins/newhope/newhope_reconciliation.h       |   70 +
 .../plugins/newhope/tests/Makefile.am              |   25 +
 .../plugins/newhope}/tests/Makefile.in             |  161 +-
 .../plugins/newhope/tests/newhope_tests.c}         |   26 +-
 .../tests/newhope_tests.h}                         |   13 +-
 .../plugins/newhope/tests/suites/test_newhope_ke.c |  193 ++
 .../newhope/tests/suites/test_newhope_noise.c      |  676 ++++++
 .../tests/suites/test_newhope_reconciliation.c     |  344 +++
 src/libstrongswan/plugins/nonce/Makefile.in        |    5 +-
 src/libstrongswan/plugins/ntru/Makefile.in         |    5 +-
 src/libstrongswan/plugins/ntru/ntru_ke.c           |   13 +-
 src/libstrongswan/plugins/ntru/ntru_param_set.c    |    6 +-
 src/libstrongswan/plugins/ntru/ntru_param_set.h    |   96 +-
 src/libstrongswan/plugins/ntru/ntru_plugin.c       |   14 +-
 src/libstrongswan/plugins/ntru/ntru_poly.c         |   13 +-
 src/libstrongswan/plugins/ntru/ntru_poly.h         |    9 +-
 src/libstrongswan/plugins/ntru/ntru_private_key.c  |   39 +-
 src/libstrongswan/plugins/ntru/ntru_private_key.h  |    3 +-
 src/libstrongswan/plugins/ntru/ntru_public_key.c   |   18 +-
 src/libstrongswan/plugins/ntru/ntru_public_key.h   |    2 +-
 src/libstrongswan/plugins/ntru/ntru_trits.c        |   11 +-
 src/libstrongswan/plugins/ntru/ntru_trits.h        |    8 +-
 src/libstrongswan/plugins/openssl/Makefile.in      |    5 +-
 .../plugins/openssl/openssl_ec_private_key.c       |   25 +-
 .../plugins/openssl/openssl_ec_private_key.h       |   14 +-
 src/libstrongswan/plugins/openssl/openssl_gcm.c    |    6 +-
 src/libstrongswan/plugins/openssl/openssl_pkcs12.c |    4 -
 src/libstrongswan/plugins/openssl/openssl_plugin.c |   70 +-
 .../plugins/openssl/openssl_rsa_private_key.c      |   41 +-
 .../plugins/openssl/openssl_rsa_private_key.h      |   14 +-
 .../plugins/openssl/openssl_rsa_public_key.c       |   12 +-
 src/libstrongswan/plugins/openssl/openssl_util.h   |    7 +
 src/libstrongswan/plugins/padlock/Makefile.in      |    5 +-
 .../plugins/padlock/padlock_sha1_hasher.c          |   11 +-
 src/libstrongswan/plugins/pem/Makefile.in          |    5 +-
 src/libstrongswan/plugins/pgp/Makefile.in          |    5 +-
 src/libstrongswan/plugins/pkcs1/Makefile.in        |    5 +-
 src/libstrongswan/plugins/pkcs1/pkcs1_builder.c    |   72 +-
 src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c     |    6 +-
 src/libstrongswan/plugins/pkcs11/Makefile.in       |    5 +-
 .../plugins/pkcs11/pkcs11_private_key.c            |  164 +-
 src/libstrongswan/plugins/pkcs12/Makefile.in       |    5 +-
 src/libstrongswan/plugins/pkcs7/Makefile.in        |    5 +-
 src/libstrongswan/plugins/pkcs8/Makefile.in        |    5 +-
 src/libstrongswan/plugins/plugin_feature.c         |   21 +
 src/libstrongswan/plugins/plugin_feature.h         |    6 +
 src/libstrongswan/plugins/pubkey/Makefile.in       |    5 +-
 src/libstrongswan/plugins/random/Makefile.in       |    5 +-
 src/libstrongswan/plugins/rc2/Makefile.in          |    5 +-
 src/libstrongswan/plugins/rdrand/Makefile.in       |    5 +-
 src/libstrongswan/plugins/revocation/Makefile.in   |    5 +-
 .../plugins/revocation/revocation_validator.c      |   35 +-
 src/libstrongswan/plugins/sha1/Makefile.in         |    5 +-
 src/libstrongswan/plugins/sha2/Makefile.in         |    5 +-
 src/libstrongswan/plugins/sha3/Makefile.am         |    5 +-
 src/libstrongswan/plugins/sha3/Makefile.in         |   15 +-
 src/libstrongswan/plugins/sha3/sha3_hasher.c       |  447 +---
 .../plugins/sha3/{sha3_hasher.c => sha3_keccak.c}  |  137 +-
 src/libstrongswan/plugins/sha3/sha3_keccak.h       |   82 +
 src/libstrongswan/plugins/sha3/sha3_plugin.c       |    6 +-
 src/libstrongswan/plugins/sha3/sha3_shake.c        |  143 ++
 src/libstrongswan/plugins/sha3/sha3_shake.h        |   48 +
 src/libstrongswan/plugins/soup/Makefile.in         |    5 +-
 src/libstrongswan/plugins/sqlite/Makefile.in       |    5 +-
 src/libstrongswan/plugins/sshkey/Makefile.in       |    5 +-
 src/libstrongswan/plugins/test_vectors/Makefile.am |    2 +
 src/libstrongswan/plugins/test_vectors/Makefile.in |   28 +-
 .../plugins/test_vectors/test_vectors.h            |   15 +
 .../test_vectors/test_vectors/chacha20_xof.c       |   81 +
 .../plugins/test_vectors/test_vectors/sha3.c       |    1 -
 .../plugins/test_vectors/test_vectors/sha3_shake.c |  472 ++++
 .../plugins/test_vectors/test_vectors_plugin.c     |   16 +
 src/libstrongswan/plugins/unbound/Makefile.in      |    5 +-
 .../plugins/unbound/unbound_response.c             |    3 +-
 src/libstrongswan/plugins/unbound/unbound_rr.c     |    2 +
 src/libstrongswan/plugins/winhttp/Makefile.in      |    5 +-
 src/libstrongswan/plugins/x509/Makefile.in         |    5 +-
 src/libstrongswan/plugins/xcbc/Makefile.in         |    5 +-
 src/libstrongswan/processing/watcher.c             |  120 +-
 src/libstrongswan/tests/Makefile.in                |    5 +-
 src/libstrongswan/tests/suites/test_auth_cfg.c     |   18 +-
 src/libstrongswan/tests/suites/test_hasher.c       |   50 +-
 src/libstrongswan/tests/suites/test_mgf1.c         |   88 +-
 src/libstrongswan/tests/suites/test_ntru.c         |   16 +-
 src/libstrongswan/tests/suites/test_rsa.c          |    8 +-
 src/libstrongswan/tests/suites/test_utils.c        |   23 +-
 src/libstrongswan/tests/tests.h                    |    4 +-
 src/libstrongswan/utils/leak_detective.c           |   24 +-
 src/libstrongswan/utils/utils.h                    |    6 +-
 src/libstrongswan/utils/utils/byteorder.h          |   42 +
 src/libtls/Makefile.in                             |    5 +-
 src/libtls/tests/Makefile.in                       |    5 +-
 src/libtls/tls_crypto.c                            |   20 +-
 src/libtnccs/Makefile.in                           |    5 +-
 src/libtnccs/plugins/tnc_imc/Makefile.in           |    5 +-
 src/libtnccs/plugins/tnc_imv/Makefile.in           |    5 +-
 src/libtnccs/plugins/tnc_tnccs/Makefile.in         |    5 +-
 src/libtnccs/plugins/tnccs_11/Makefile.in          |    5 +-
 src/libtnccs/plugins/tnccs_20/Makefile.in          |    5 +-
 src/libtnccs/plugins/tnccs_dynamic/Makefile.in     |    5 +-
 src/libtncif/Makefile.in                           |    5 +-
 src/libtpmtss/Makefile.am                          |    5 +-
 src/libtpmtss/Makefile.in                          |   13 +-
 src/libtpmtss/tpm_tss_tss2.c                       |    7 +-
 src/libtpmtss/tpm_tss_tss2_names.c                 |    2 +-
 src/manager/Makefile.in                            |    5 +-
 src/medsrv/Makefile.in                             |    5 +-
 src/pki/Makefile.in                                |    5 +-
 src/pki/commands/issue.c                           |    7 +-
 src/pki/commands/keyid.c                           |   20 +-
 src/pki/commands/print.c                           |   16 +-
 src/pki/commands/pub.c                             |   11 +-
 src/pki/commands/req.c                             |   10 +-
 src/pki/commands/self.c                            |    8 +-
 src/pki/commands/signcrl.c                         |   18 +-
 src/pki/commands/verify.c                          |   18 +-
 src/pki/man/Makefile.in                            |    5 +-
 src/pki/man/pki---issue.1.in                       |    7 +-
 src/pki/man/pki---keyid.1.in                       |    7 +-
 src/pki/man/pki---print.1.in                       |    9 +-
 src/pki/man/pki---pub.1.in                         |    7 +-
 src/pki/man/pki---req.1.in                         |    3 +-
 src/pki/man/pki---self.1.in                        |    3 +-
 src/pki/man/pki---verify.1.in                      |    6 +-
 src/pool/Makefile.in                               |    5 +-
 src/pool/pool.c                                    |   59 +-
 src/pt-tls-client/Makefile.in                      |    5 +-
 src/pt-tls-client/pt-tls-client.c                  |   30 +-
 src/scepclient/Makefile.in                         |    5 +-
 src/starter/Makefile.am                            |    7 +-
 src/starter/Makefile.in                            |   12 +-
 src/starter/confread.c                             |    1 +
 src/starter/ipsec.secrets                          |    1 +
 src/starter/starter.c                              |   66 -
 src/starter/tests/Makefile.in                      |    5 +-
 src/stroke/Makefile.in                             |    5 +-
 src/swanctl/Makefile.am                            |    2 +
 src/swanctl/Makefile.in                            |   12 +-
 src/swanctl/command.h                              |    2 +-
 src/swanctl/commands/flush_certs.c                 |   90 +
 src/swanctl/commands/load_conns.c                  |    2 +-
 src/swanctl/commands/load_creds.c                  |   15 +-
 src/swanctl/swanctl.8.in                           |    7 +-
 src/swanctl/swanctl.conf                           |   17 +-
 src/swanctl/swanctl.conf.5.main                    |   63 +-
 src/swanctl/swanctl.h                              |    6 +
 src/swanctl/swanctl.opt                            |   41 +-
 testing/Makefile.in                                |    5 +-
 testing/config/kernel/config-4.7                   | 2460 +++++++++++++++++++
 testing/config/kernel/config-4.8                   | 2484 ++++++++++++++++++++
 testing/config/kvm/winnetou.xml                    |    5 +
 testing/do-tests                                   |  137 +-
 testing/hosts/default/etc/ssh/sshd_config          |    1 +
 .../etc/apache2/sites-available/000-default.conf   |    3 +
 testing/hosts/winnetou/etc/openssl/generate-crl    |    9 +
 testing/hosts/winnetou/etc/openssl/index.txt       |    9 +-
 testing/hosts/winnetou/etc/openssl/index.txt.old   |    9 +-
 testing/hosts/winnetou/etc/openssl/newcerts/35.pem |   25 +
 testing/hosts/winnetou/etc/openssl/newcerts/36.pem |   25 +
 testing/hosts/winnetou/etc/openssl/newcerts/37.pem |   25 +
 testing/hosts/winnetou/etc/openssl/serial          |    2 +-
 testing/hosts/winnetou/etc/openssl/serial.old      |    2 +-
 .../winnetou/etc/openssl/sha3-rsa/carolCert.pem    |   28 +
 .../winnetou/etc/openssl/sha3-rsa/carolKey.pem     |   39 +
 .../winnetou/etc/openssl/sha3-rsa/daveCert.pem     |   28 +
 .../winnetou/etc/openssl/sha3-rsa/daveKey.pem      |   39 +
 .../winnetou/etc/openssl/sha3-rsa/moonCert.pem     |   28 +
 .../winnetou/etc/openssl/sha3-rsa/moonKey.pem      |   39 +
 .../etc/openssl/sha3-rsa/strongswanCert.pem        |   26 +
 .../etc/openssl/sha3-rsa/strongswanKey.pem         |   39 +
 .../winnetou/etc/openssl/sha3-rsa/sunCert.pem      |   28 +
 .../hosts/winnetou/etc/openssl/sha3-rsa/sunKey.pem |   39 +
 testing/hosts/winnetou/etc/strongswan.conf         |    5 +
 testing/scripts/build-guestimages                  |    4 +
 testing/scripts/recipes/013_strongswan.mk          |    3 +-
 testing/ssh_config                                 |    1 +
 testing/start-testing                              |    5 +
 testing/stop-testing                               |    4 +
 testing/testing.conf                               |    6 +-
 .../hosts/moon/etc/strongswan.conf                 |    2 +-
 .../hosts/sun/etc/strongswan.conf                  |    3 +-
 .../rw-ntru-psk/hosts/carol/etc/strongswan.conf    |    2 +-
 .../rw-ntru-psk/hosts/dave/etc/strongswan.conf     |    2 +-
 .../rw-ntru-psk/hosts/moon/etc/strongswan.conf     |    2 +-
 .../hosts/carol/etc/strongswan.conf                |    2 +-
 .../hosts/moon/etc/strongswan.conf                 |    2 +-
 .../ikev2/crl-from-cache/hosts/moon/etc/ipsec.conf |    1 -
 .../crl-from-cache/hosts/moon/etc/strongswan.conf  |    2 +
 .../ikev2/crl-to-cache/hosts/moon/etc/ipsec.conf   |    1 -
 .../crl-to-cache/hosts/moon/etc/strongswan.conf    |    2 +
 testing/tests/ikev2/default-keys/description.txt   |    8 -
 testing/tests/ikev2/default-keys/evaltest.dat      |    9 -
 .../default-keys/hosts/carol/etc/strongswan.conf   |    9 -
 .../default-keys/hosts/moon/etc/iptables.rules     |   30 -
 .../default-keys/hosts/moon/etc/strongswan.conf    |    9 -
 testing/tests/ikev2/default-keys/posttest.dat      |    8 -
 testing/tests/ikev2/default-keys/pretest.dat       |   20 -
 testing/tests/ikev2/net2net-cert-sha2/evaltest.dat |    4 +-
 .../tests/ikev2/net2net-multicast/description.txt  |    7 +
 testing/tests/ikev2/net2net-multicast/evaltest.dat |   16 +
 .../hosts/moon/etc/ipsec.conf                      |   13 +-
 .../hosts/moon/etc/strongswan.conf                 |   13 +
 .../net2net-multicast/hosts/sun/etc/ipsec.conf     |   23 +
 .../hosts/sun/etc/strongswan.conf                  |   13 +
 testing/tests/ikev2/net2net-multicast/posttest.dat |    2 +
 testing/tests/ikev2/net2net-multicast/pretest.dat  |    7 +
 .../{default-keys => net2net-multicast}/test.conf  |   10 +-
 .../hosts/moon/etc/strongswan.conf                 |    2 +-
 .../hosts/sun/etc/strongswan.conf                  |    2 +-
 .../hosts/moon/etc/strongswan.conf                 |    2 +-
 .../hosts/sun/etc/strongswan.conf                  |    2 +-
 .../ikev2/rw-cert/hosts/carol/etc/strongswan.conf  |    2 +-
 .../ikev2/rw-cert/hosts/dave/etc/strongswan.conf   |    2 +-
 .../ikev2/rw-cert/hosts/moon/etc/strongswan.conf   |    2 +-
 .../tests/ikev2/rw-newhope-bliss/description.txt   |   15 +
 testing/tests/ikev2/rw-newhope-bliss/evaltest.dat  |   26 +
 .../hosts/carol/etc/ipsec.conf                     |   13 +-
 .../etc/ipsec.d/cacerts/strongswan_blissCert.der   |  Bin 0 -> 2086 bytes
 .../hosts/carol/etc/ipsec.d/certs/carolCert.der    |  Bin 0 -> 2175 bytes
 .../hosts/carol/etc/ipsec.d/private/carolKey.der   |  Bin 0 -> 1182 bytes
 .../rw-newhope-bliss/hosts/carol/etc/ipsec.secrets |    3 +
 .../hosts/carol/etc/strongswan.conf                |    7 +
 .../hosts/dave}/etc/ipsec.conf                     |   15 +-
 .../etc/ipsec.d/cacerts/strongswan_blissCert.der   |  Bin 0 -> 2086 bytes
 .../hosts/dave/etc/ipsec.d/certs/daveCert.der      |  Bin 0 -> 2179 bytes
 .../hosts/dave/etc/ipsec.d/private/daveKey.der     |  Bin 0 -> 1310 bytes
 .../rw-newhope-bliss/hosts/dave/etc/ipsec.secrets  |    3 +
 .../hosts/dave/etc/strongswan.conf                 |    7 +
 .../hosts/moon/etc/ipsec.conf                      |   15 +-
 .../etc/ipsec.d/cacerts/strongswan_blissCert.der   |  Bin 0 -> 2086 bytes
 .../hosts/moon/etc/ipsec.d/certs/moonCert.der      |  Bin 0 -> 2200 bytes
 .../hosts/moon/etc/ipsec.d/private/moonKey.der     |  Bin 0 -> 1310 bytes
 .../rw-newhope-bliss/hosts/moon/etc/ipsec.secrets  |    3 +
 .../hosts/moon/etc/strongswan.conf                 |    7 +
 testing/tests/ikev2/rw-newhope-bliss/posttest.dat  |    9 +
 testing/tests/ikev2/rw-newhope-bliss/pretest.dat   |   14 +
 .../{default-keys => rw-newhope-bliss}/test.conf   |    8 +-
 .../rw-ntru-bliss/hosts/carol/etc/strongswan.conf  |    2 +-
 .../rw-ntru-bliss/hosts/dave/etc/strongswan.conf   |    2 +-
 .../rw-ntru-bliss/hosts/moon/etc/strongswan.conf   |    2 +-
 .../rw-ntru-psk/hosts/carol/etc/strongswan.conf    |    2 +-
 .../rw-ntru-psk/hosts/dave/etc/strongswan.conf     |    2 +-
 .../rw-ntru-psk/hosts/moon/etc/strongswan.conf     |    2 +-
 testing/tests/ikev2/rw-sig-auth/evaltest.dat       |    4 +-
 .../carol/etc/ipsec.d/certs/carolCert-sha384.pem   |   36 +-
 .../carol/etc/ipsec.d/private/carolKey-aes192.pem  |   52 +-
 .../dave/etc/ipsec.d/certs/daveCert-sha512.pem     |   36 +-
 .../dave/etc/ipsec.d/private/daveKey-aes256.pem    |   52 +-
 .../moon/etc/ipsec.d/certs/moonCert-sha224.pem     |   36 +-
 .../moon/etc/ipsec.d/private/moonKey-aes128.pem    |   52 +-
 .../rw-suite-b/hosts/carol/etc/strongswan.conf     |    2 +-
 .../rw-suite-b/hosts/dave/etc/strongswan.conf      |    2 +-
 .../rw-suite-b/hosts/moon/etc/strongswan.conf      |    2 +-
 testing/tests/swanctl/crl-to-cache/description.txt |    8 +
 testing/tests/swanctl/crl-to-cache/evaltest.dat    |    8 +
 .../crl-to-cache/hosts/carol/etc/strongswan.conf   |   16 +
 .../hosts/carol/etc/swanctl/swanctl.conf           |   23 +
 .../hosts/carol/etc/swanctl/x509/carolCert.pem     |   22 +
 .../crl-to-cache/hosts/moon/etc/strongswan.conf    |   16 +
 .../hosts/moon/etc/swanctl/swanctl.conf            |   21 +
 .../hosts/moon/etc/swanctl/x509/moonCert.pem       |   22 +
 testing/tests/swanctl/crl-to-cache/posttest.dat    |    4 +
 testing/tests/swanctl/crl-to-cache/pretest.dat     |    5 +
 .../crl-to-cache}/test.conf                        |    9 +-
 .../hosts/moon/etc/swanctl/swanctl.conf            |   11 +-
 .../swanctl/net2net-multicast/description.txt      |    7 +
 .../tests/swanctl/net2net-multicast/evaltest.dat   |   14 +
 .../hosts/moon/etc/strongswan.conf                 |   22 +
 .../hosts/moon/etc/swanctl/swanctl.conf            |   35 +
 .../hosts/sun/etc/strongswan.conf                  |   18 +
 .../hosts/sun/etc/swanctl/swanctl.conf             |   35 +
 .../tests/swanctl/net2net-multicast/posttest.dat   |    3 +
 .../tests/swanctl/net2net-multicast/pretest.dat    |    7 +
 .../net2net-multicast}/test.conf                   |   14 +-
 .../swanctl/net2net-sha3-rsa-cert/description.txt  |    8 +
 .../swanctl/net2net-sha3-rsa-cert/evaltest.dat     |    5 +
 .../hosts/moon/etc/strongswan.conf                 |   14 +
 .../hosts/moon/etc/swanctl/rsa/moonKey.pem         |   39 +
 .../hosts/moon/etc/swanctl/swanctl.conf            |   33 +
 .../hosts/moon/etc/swanctl/x509/moonCert.pem       |   28 +
 .../moon/etc/swanctl/x509ca/strongswanCert.pem     |   26 +
 .../hosts/sun/etc/strongswan.conf                  |   14 +
 .../hosts/sun/etc/swanctl/rsa/sunKey.pem           |   39 +
 .../hosts/sun/etc/swanctl/swanctl.conf             |   33 +
 .../hosts/sun/etc/swanctl/x509/sunCert.pem         |   28 +
 .../sun/etc/swanctl/x509ca/strongswanCert.pem      |   26 +
 .../swanctl/net2net-sha3-rsa-cert/posttest.dat     |    5 +
 .../swanctl/net2net-sha3-rsa-cert/pretest.dat      |    7 +
 .../net2net-sha3-rsa-cert}/test.conf               |   14 +-
 .../swanctl/rw-eap-tls-sha3-rsa/description.txt    |    8 +
 .../tests/swanctl/rw-eap-tls-sha3-rsa/evaltest.dat |   10 +
 .../hosts/carol/etc/strongswan.conf                |   18 +
 .../hosts/carol/etc/swanctl/rsa/carolKey.pem       |   39 +
 .../hosts/carol/etc/swanctl/swanctl.conf           |   28 +
 .../hosts/carol/etc/swanctl/x509/carolCert.pem     |   28 +
 .../carol/etc/swanctl/x509ca/strongswanCert.pem    |   26 +
 .../hosts/dave/etc/strongswan.conf                 |   18 +
 .../hosts/dave/etc/swanctl/rsa/daveKey.pem         |   39 +
 .../hosts/dave/etc/swanctl/swanctl.conf            |   28 +
 .../hosts/dave/etc/swanctl/x509/daveCert.pem       |   28 +
 .../dave/etc/swanctl/x509ca/strongswanCert.pem     |   26 +
 .../hosts/moon/etc/strongswan.conf                 |   14 +
 .../hosts/moon/etc/swanctl/rsa/moonKey.pem         |   39 +
 .../hosts/moon/etc/swanctl/swanctl.conf            |   26 +
 .../hosts/moon/etc/swanctl/x509/moonCert.pem       |   28 +
 .../moon/etc/swanctl/x509ca/strongswanCert.pem     |   26 +
 .../tests/swanctl/rw-eap-tls-sha3-rsa/posttest.dat |    8 +
 .../tests/swanctl/rw-eap-tls-sha3-rsa/pretest.dat  |   11 +
 .../rw-eap-tls-sha3-rsa}/test.conf                 |   10 +-
 .../tests/swanctl/rw-newhope-bliss/description.txt |   14 +
 .../tests/swanctl/rw-newhope-bliss/evaltest.dat    |   10 +
 .../hosts/carol/etc/strongswan.conf                |   17 +
 .../hosts/carol/etc/swanctl/bliss/carolKey.der     |  Bin 0 -> 1182 bytes
 .../hosts/carol/etc/swanctl/swanctl.conf           |   29 +
 .../hosts/carol/etc/swanctl/x509/carolCert.der     |  Bin 0 -> 2175 bytes
 .../etc/swanctl/x509ca/strongswan_blissCert.der    |  Bin 0 -> 2086 bytes
 .../hosts/dave/etc/strongswan.conf                 |   17 +
 .../hosts/dave/etc/swanctl/bliss/daveKey.der       |  Bin 0 -> 1310 bytes
 .../hosts/dave/etc/swanctl/swanctl.conf            |   29 +
 .../hosts/dave/etc/swanctl/x509/daveCert.der       |  Bin 0 -> 2179 bytes
 .../etc/swanctl/x509ca/strongswan_blissCert.der    |  Bin 0 -> 2086 bytes
 .../hosts/moon/etc/strongswan.conf                 |   18 +
 .../hosts/moon/etc/swanctl/bliss/moonKey.der       |  Bin 0 -> 1310 bytes
 .../hosts/moon/etc/swanctl/swanctl.conf            |   33 +
 .../hosts/moon/etc/swanctl/x509/moonCert.der       |  Bin 0 -> 2200 bytes
 .../etc/swanctl/x509ca/strongswan_blissCert.der    |  Bin 0 -> 2086 bytes
 .../tests/swanctl/rw-newhope-bliss/posttest.dat    |    8 +
 testing/tests/swanctl/rw-newhope-bliss/pretest.dat |   14 +
 .../rw-newhope-bliss}/test.conf                    |   10 +-
 .../rw-ntru-bliss/hosts/carol/etc/strongswan.conf  |    2 +-
 .../rw-ntru-bliss/hosts/dave/etc/strongswan.conf   |    2 +-
 .../rw-ntru-bliss/hosts/moon/etc/strongswan.conf   |    2 +-
 636 files changed, 18165 insertions(+), 6427 deletions(-)

diff --git a/Android.common.mk b/Android.common.mk
index 1c12487..3447d5b 100644
--- a/Android.common.mk
+++ b/Android.common.mk
@@ -26,5 +26,5 @@ add_plugin_subdirs = $(if $(call plugin_enabled,$(1)), \
               )
 
 # strongSwan version, replaced by top Makefile
-strongswan_VERSION := "5.5.0"
+strongswan_VERSION := "5.5.1"
 
diff --git a/Makefile.am b/Makefile.am
index 898b262..64b858d 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -21,7 +21,7 @@ nodist_config_include_HEADERS = config.h
 endif
 
 # we leave config files behind intentionally so prevent distcheck from complaining
-distuninstallcheck_listfiles = find . -type f \! -name '*.conf' -print
+distuninstallcheck_listfiles = find . -type f \! -name '*.conf' \! -name '*.secrets' -print
 
 Android.common.mk :	Android.common.mk.in configure.ac
 		$(AM_V_GEN) \
diff --git a/Makefile.in b/Makefile.in
index 2df942a..c85aa44 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -381,7 +381,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -415,8 +414,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -470,6 +467,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
@@ -484,7 +483,7 @@ MAINTAINERCLEANFILES = Android.common.mk
 @USE_DEV_HEADERS_TRUE at nodist_config_include_HEADERS = config.h
 
 # we leave config files behind intentionally so prevent distcheck from complaining
-distuninstallcheck_listfiles = find . -type f \! -name '*.conf' -print
+distuninstallcheck_listfiles = find . -type f \! -name '*.conf' \! -name '*.secrets' -print
 all: $(BUILT_SOURCES) config.h
 	$(MAKE) $(AM_MAKEFLAGS) all-recursive
 
diff --git a/NEWS b/NEWS
index db30df1..3a7aba8 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,39 @@
+strongswan-5.5.1
+----------------
+
+- The newhope plugin implements the post-quantum NewHope key exchange algorithm
+  proposed in their 2015 paper by Erdem Alkim, Léo Ducas, Thomas Pöppelmann and
+  Peter Schwabe.
+
+- The libstrongswan crypto factory now offers the registration of Extended
+  Output Functions (XOFs). Currently supported XOFs are SHAKE128 and SHAKE256
+  implemented by the sha3 plugin, ChaCHa20 implemented by the chapoly plugin
+  and the more traditional MGF1 Mask Generation Functions based on the SHA-1,
+  SHA-256 and SHA-512 hash algorithms implemented by the new mgf1 plugin.
+
+- The pki tool, with help of the pkcs1 or openssl plugins, can parse private
+  keys in any of the supported formats without having to know the exact type.
+  So instead of having to specify rsa or ecdsa explicitly the keyword priv may
+  be used to indicate a private key of any type. Similarly, swanctl can load
+  any type of private key from the swanctl/private directory.
+
+- The pki tool can handle RSASSA-PKCS1v1.5-with-SHA-3 signatures using the
+  sha3 and gmp plugins.
+
+- The VICI flush-certs command flushes certificates from the volatile
+  certificate cache. Optionally the type of the certificates to be
+  flushed  (e.g. type = x509_crl) can be specified.
+
+- Setting cache_crls = yes in strongswan.conf the vici plugin saves regular,
+  base and delta CRLs to disk.
+
+- IKE fragmentation is now enabled by default with the default fragment size
+  set to 1280 bytes for both IP address families.
+
+- libtpmtss: In the TSS2 API the function TeardownSocketTcti() was replaced by
+  tss2_tcti_finalize().
+
+
 strongswan-5.5.0
 ----------------
 
diff --git a/conf/Makefile.am b/conf/Makefile.am
index b7edaa8..4588b09 100644
--- a/conf/Makefile.am
+++ b/conf/Makefile.am
@@ -9,9 +9,11 @@ pluginstemplatedir = $(templatesdir)/plugins
 
 options = \
 	options/aikgen.opt \
+	options/aikpub2.opt \
 	options/attest.opt \
 	options/charon.opt \
 	options/charon-logging.opt \
+	options/charon-nm.opt \
 	options/charon-systemd.opt \
 	options/imcv.opt \
 	options/imv_policy_manager.opt \
diff --git a/conf/Makefile.in b/conf/Makefile.in
index 6804d91..e6d66a2 100644
--- a/conf/Makefile.in
+++ b/conf/Makefile.in
@@ -305,7 +305,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -339,8 +338,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -394,6 +391,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
@@ -408,9 +407,11 @@ optionstemplatedir = $(templatesdir)/strongswan.d
 pluginstemplatedir = $(templatesdir)/plugins
 options = \
 	options/aikgen.opt \
+	options/aikpub2.opt \
 	options/attest.opt \
 	options/charon.opt \
 	options/charon-logging.opt \
+	options/charon-nm.opt \
 	options/charon-systemd.opt \
 	options/imcv.opt \
 	options/imv_policy_manager.opt \
diff --git a/conf/options/aikpub2.conf b/conf/options/aikpub2.conf
new file mode 100644
index 0000000..fd48f2c
--- /dev/null
+++ b/conf/options/aikpub2.conf
@@ -0,0 +1,7 @@
+aikpub2 {
+
+    # Plugins to load in aikpub2 tool.
+    # load =
+
+}
+
diff --git a/conf/options/aikpub2.opt b/conf/options/aikpub2.opt
new file mode 100644
index 0000000..6a755d2
--- /dev/null
+++ b/conf/options/aikpub2.opt
@@ -0,0 +1,2 @@
+aikpub2.load =
+	Plugins to load in aikpub2 tool.
diff --git a/conf/options/charon-nm.conf b/conf/options/charon-nm.conf
new file mode 100644
index 0000000..85d6448
--- /dev/null
+++ b/conf/options/charon-nm.conf
@@ -0,0 +1,8 @@
+charon-nm {
+
+    # Directory from which to load CA certificates if no certificate is
+    # configured.
+    # ca_dir = <default>
+
+}
+
diff --git a/conf/options/charon-nm.opt b/conf/options/charon-nm.opt
new file mode 100644
index 0000000..6372934
--- /dev/null
+++ b/conf/options/charon-nm.opt
@@ -0,0 +1,3 @@
+charon-nm.ca_dir = <default>
+	Directory from which to load CA certificates if no certificate is
+	configured.
diff --git a/conf/options/charon.conf b/conf/options/charon.conf
index 7841125..f72041e 100644
--- a/conf/options/charon.conf
+++ b/conf/options/charon.conf
@@ -7,6 +7,12 @@ charon {
     # Maximum number of half-open IKE_SAs for a single peer IP.
     # block_threshold = 5
 
+    # Whether Certicate Revocation Lists (CRLs) fetched via HTTP or LDAP should
+    # be saved under a unique file name derived from the public key of the
+    # Certification Authority (CA) to /etc/ipsec.d/crls (stroke) or
+    # /etc/swanctl/x509crl (vici), respectively.
+    # cache_crls = no
+
     # Whether relations in validated certificate chains should be cached in
     # memory.
     # cert_cache = yes
@@ -51,10 +57,11 @@ charon {
     # follow_redirects = yes
 
     # Maximum size (complete IP datagram size in bytes) of a sent IKE fragment
-    # when using proprietary IKEv1 or standardized IKEv2 fragmentation (0 for
-    # address family specific        default values). If specified this limit is
-    # used for both IPv4 and IPv6.
-    # fragment_size = 0
+    # when using proprietary IKEv1 or standardized IKEv2 fragmentation, defaults
+    # to 1280 (use 0 for address family specific default values, which uses a
+    # lower value for IPv4).  If specified this limit is used for both IPv4 and
+    # IPv6.
+    # fragment_size = 1280
 
     # Name of the group the daemon changes to after startup.
     # group =
diff --git a/conf/options/charon.opt b/conf/options/charon.opt
index 3970012..6e0b37c 100644
--- a/conf/options/charon.opt
+++ b/conf/options/charon.opt
@@ -30,6 +30,12 @@ charon.cert_cache = yes
 	Whether relations in validated certificate chains should be cached in
 	memory.
 
+charon.cache_crls = no
+	Whether Certicate Revocation Lists (CRLs) fetched via HTTP or LDAP should
+	be saved under a unique file name derived from the public key of the
+	Certification Authority (CA) to **/etc/ipsec.d/crls** (stroke) or
+	**/etc/swanctl/x509crl** (vici), respectively.
+
 charon.cisco_unity = no
 	Send Cisco Unity vendor ID payload (IKEv1 only).
 
@@ -100,11 +106,12 @@ charon.flush_auth_cfg = no
 charon.follow_redirects = yes
 	Whether to follow IKEv2 redirects (RFC 5685).
 
-charon.fragment_size = 0
+charon.fragment_size = 1280
 	Maximum size (complete IP datagram size in bytes) of a sent IKE fragment
-	when using proprietary IKEv1 or standardized IKEv2 fragmentation (0 for
-	address family specific	default values). If specified this limit is used
-	for both IPv4 and IPv6.
+	when using proprietary IKEv1 or standardized IKEv2 fragmentation, defaults
+	to 1280 (use 0 for address family specific default values, which uses a
+	lower value for IPv4).  If specified this limit is used for both IPv4 and
+	IPv6.
 
 charon.group
 	Name of the group the daemon changes to after startup.
diff --git a/conf/plugins/kernel-netlink.conf b/conf/plugins/kernel-netlink.conf
index 3997dc7..47f7d58 100644
--- a/conf/plugins/kernel-netlink.conf
+++ b/conf/plugins/kernel-netlink.conf
@@ -46,8 +46,33 @@ kernel-netlink {
     # Netlink message retransmission timeout, 0 to disable retransmissions.
     # timeout = 0
 
-    # Lifetime of XFRM acquire state in kernel.
+    # Lifetime of XFRM acquire state and allocated SPIs in kernel.
     # xfrm_acq_expires = 165
 
+    # XFRM policy hashing threshold configuration for IPv4 and IPv6.
+    spdh_thresh {
+
+        ipv4 {
+
+            # Local subnet XFRM policy hashing threshold for IPv4.
+            # lbits = 32
+
+            # Remote subnet XFRM policy hashing threshold for IPv4.
+            # rbits = 32
+
+        }
+
+        ipv6 {
+
+            # Local subnet XFRM policy hashing threshold for IPv6.
+            # lbits = 128
+
+            # Remote subnet XFRM policy hashing threshold for IPv6.
+            # rbits = 128
+
+        }
+
+    }
+
 }
 
diff --git a/conf/plugins/kernel-netlink.opt b/conf/plugins/kernel-netlink.opt
index 6adefd8..77ba6ea 100644
--- a/conf/plugins/kernel-netlink.opt
+++ b/conf/plugins/kernel-netlink.opt
@@ -51,6 +51,35 @@ charon.plugins.kernel-netlink.set_proto_port_transport_sa = no
 	traffic, it also prevents the use of a single IPsec SA by more than one
 	traffic selector.
 
+charon.plugins.kernel-netlink.spdh_thresh {}
+	XFRM policy hashing threshold configuration for IPv4 and IPv6.
+
+	XFRM policy hashing threshold configuration for IPv4 and IPv6.
+
+	The section defines hashing thresholds to configure in the kernel during
+	daemon startup. Each address family takes a threshold for the local subnet
+	of an IPsec policy (src in out-policies, dst in in- and forward-policies)
+	and the remote subnet (dst in out-policies, src in in- and
+	forward-policies).
+
+	If the subnet has more or equal net bits than the threshold, the first
+	threshold bits are used to calculate a hash to lookup the policy.
+
+	Policy hashing thresholds are not supported before Linux 3.18 and might
+	conflict with socket policies before Linux 4.8.
+
+charon.plugins.kernel-netlink.spdh_thresh.ipv4.lbits = 32
+	Local subnet XFRM policy hashing threshold for IPv4.
+
+charon.plugins.kernel-netlink.spdh_thresh.ipv4.rbits = 32
+	Remote subnet XFRM policy hashing threshold for IPv4.
+
+charon.plugins.kernel-netlink.spdh_thresh.ipv6.lbits = 128
+	Local subnet XFRM policy hashing threshold for IPv6.
+
+charon.plugins.kernel-netlink.spdh_thresh.ipv6.rbits = 128
+	Remote subnet XFRM policy hashing threshold for IPv6.
+
 charon.plugins.kernel-netlink.retries = 0
 	Number of Netlink message retransmissions to send on timeout.
 
@@ -61,8 +90,12 @@ charon.plugins.kernel-netlink.ignore_retransmit_errors = no
 	Whether to ignore errors potentially resulting from a retransmission.
 
 charon.plugins.kernel-netlink.xfrm_acq_expires = 165
-	Lifetime of XFRM acquire state in kernel.
-
-	Lifetime of XFRM acquire state in kernel. The value gets written to
-	/proc/sys/net/core/xfrm_acq_expires. Indirectly controls the delay of XFRM
-	acquire messages sent.
+	Lifetime of XFRM acquire state and allocated SPIs in kernel.
+
+	Lifetime of XFRM acquire state created by the kernel when traffic matches a
+	trap policy. The value gets written to /proc/sys/net/core/xfrm_acq_expires.
+	Indirectly controls the delay between XFRM acquire messages triggered by the
+	kernel for a trap policy. The same value is used as timeout for SPIs
+	allocated by the kernel. The default value equals the default total
+	retransmission timeout for IKE messages, see IKEv2 RETRANSMISSION
+	in **strongswan.conf**(5).
diff --git a/conf/strongswan.conf.5.main b/conf/strongswan.conf.5.main
index 3d03f20..c0ecbb7 100644
--- a/conf/strongswan.conf.5.main
+++ b/conf/strongswan.conf.5.main
@@ -3,6 +3,10 @@
 Plugins to load in ipsec aikgen tool.
 
 .TP
+.BR aikpub2.load " []"
+Plugins to load in aikpub2 tool.
+
+.TP
 .BR attest.database " []"
 File measurement information database URI. If it contains a password, make sure
 to adjust the permissions of the config file accordingly.
@@ -50,6 +54,16 @@ SonicWall boxes).
 Maximum number of half\-open IKE_SAs for a single peer IP.
 
 .TP
+.BR charon.cache_crls " [no]"
+Whether Certicate Revocation Lists (CRLs) fetched via HTTP or LDAP should be
+saved under a unique file name derived from the public key of the Certification
+Authority (CA) to
+.RB "" "/etc/ipsec.d/crls" ""
+(stroke) or
+.RB "" "/etc/swanctl/x509crl" ""
+(vici), respectively.
+
+.TP
 .BR charon.cert_cache " [yes]"
 Whether relations in validated certificate chains should be cached in memory.
 
@@ -188,11 +202,11 @@ conflict with plugins that later need access to e.g. the used certificates.
 Whether to follow IKEv2 redirects (RFC 5685).
 
 .TP
-.BR charon.fragment_size " [0]"
+.BR charon.fragment_size " [1280]"
 Maximum size (complete IP datagram size in bytes) of a sent IKE fragment when
-using proprietary IKEv1 or standardized IKEv2 fragmentation (0 for address
-family specific        default values). If specified this limit is used for both
-IPv4 and IPv6.
+using proprietary IKEv1 or standardized IKEv2 fragmentation, defaults to 1280
+(use 0 for address family specific default values, which uses a lower value for
+IPv4).  If specified this limit is used for both IPv4 and IPv6.
 
 .TP
 .BR charon.group " []"
@@ -962,14 +976,51 @@ IPsec SAs in the kernel. While doing so enforces policies for inbound traffic,
 it also prevents the use of a single IPsec SA by more than one traffic selector.
 
 .TP
+.B charon.plugins.kernel-netlink.spdh_thresh
+.br
+XFRM policy hashing threshold configuration for IPv4 and IPv6.
+
+The section defines hashing thresholds to configure in the kernel during daemon
+startup. Each address family takes a threshold for the local subnet of an IPsec
+policy (src in out\-policies, dst in in\- and forward\-policies) and the remote
+subnet (dst in out\-policies, src in in\- and forward\-policies).
+
+If the subnet has more or equal net bits than the threshold, the first threshold
+bits are used to calculate a hash to lookup the policy.
+
+Policy hashing thresholds are not supported before Linux 3.18 and might conflict
+with socket policies before Linux 4.8.
+
+.TP
+.BR charon.plugins.kernel-netlink.spdh_thresh.ipv4.lbits " [32]"
+Local subnet XFRM policy hashing threshold for IPv4.
+
+.TP
+.BR charon.plugins.kernel-netlink.spdh_thresh.ipv4.rbits " [32]"
+Remote subnet XFRM policy hashing threshold for IPv4.
+
+.TP
+.BR charon.plugins.kernel-netlink.spdh_thresh.ipv6.lbits " [128]"
+Local subnet XFRM policy hashing threshold for IPv6.
+
+.TP
+.BR charon.plugins.kernel-netlink.spdh_thresh.ipv6.rbits " [128]"
+Remote subnet XFRM policy hashing threshold for IPv6.
+
+.TP
 .BR charon.plugins.kernel-netlink.timeout " [0]"
 Netlink message retransmission timeout, 0 to disable retransmissions.
 
 .TP
 .BR charon.plugins.kernel-netlink.xfrm_acq_expires " [165]"
-Lifetime of XFRM acquire state in kernel. The value gets written to
-/proc/sys/net/core/xfrm_acq_expires. Indirectly controls the delay of XFRM
-acquire messages sent.
+Lifetime of XFRM acquire state created by the kernel when traffic matches a trap
+policy. The value gets written to /proc/sys/net/core/xfrm_acq_expires.
+Indirectly controls the delay between XFRM acquire messages triggered by the
+kernel for a trap policy. The same value is used as timeout for SPIs allocated
+by the kernel. The default value equals the default total retransmission timeout
+for IKE messages, see IKEv2 RETRANSMISSION in
+.RB "" "strongswan.conf" "(5)."
+
 
 .TP
 .BR charon.plugins.kernel-pfkey.events_buffer_size " [0]"
@@ -1731,6 +1782,10 @@ Name of the user the daemon changes to after startup.
 Discard certificates with unsupported or unknown critical extensions.
 
 .TP
+.BR charon-nm.ca_dir " [<default>]"
+Directory from which to load CA certificates if no certificate is configured.
+
+.TP
 .B charon-systemd.journal
 .br
 Section to configure native systemd journal logger, very similar to the syslog
diff --git a/config.h.in b/config.h.in
index 1e513da..477cc2b 100644
--- a/config.h.in
+++ b/config.h.in
@@ -248,6 +248,9 @@
 /* have syscall(SYS_gettid) */
 #undef HAVE_SYS_GETTID
 
+/* Define to 1 if you have the <sys/param.h> header file. */
+#undef HAVE_SYS_PARAM_H
+
 /* Define to 1 if you have the <sys/sockio.h> header file. */
 #undef HAVE_SYS_SOCKIO_H
 
@@ -319,7 +322,7 @@
 /* use TrouSerS library libtspi */
 #undef TSS_TROUSERS
 
-/* use TSS 2.0 library libtss2 */
+/* use TSS 2.0 libraries */
 #undef TSS_TSS2
 
 /* using builtin printf for printf hooks */
diff --git a/configure b/configure
index be9df97..52a1971 100755
--- a/configure
+++ b/configure
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for strongSwan 5.5.0.
+# Generated by GNU Autoconf 2.69 for strongSwan 5.5.1.
 #
 #
 # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
@@ -587,8 +587,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='strongSwan'
 PACKAGE_TARNAME='strongswan'
-PACKAGE_VERSION='5.5.0'
-PACKAGE_STRING='strongSwan 5.5.0'
+PACKAGE_VERSION='5.5.1'
+PACKAGE_STRING='strongSwan 5.5.1'
 PACKAGE_BUGREPORT=''
 PACKAGE_URL=''
 
@@ -695,6 +695,8 @@ USE_LIBTNCCS_FALSE
 USE_LIBTNCCS_TRUE
 USE_LIBTNCIF_FALSE
 USE_LIBTNCIF_TRUE
+USE_LIBNTTFFT_FALSE
+USE_LIBNTTFFT_TRUE
 USE_LIBIPSEC_FALSE
 USE_LIBIPSEC_TRUE
 USE_LIBCHARON_FALSE
@@ -891,8 +893,6 @@ USE_SQL_FALSE
 USE_SQL_TRUE
 USE_SMP_FALSE
 USE_SMP_TRUE
-USE_MAEMO_FALSE
-USE_MAEMO_TRUE
 USE_ANDROID_LOG_FALSE
 USE_ANDROID_LOG_TRUE
 USE_ANDROID_DNS_FALSE
@@ -913,6 +913,8 @@ USE_STROKE_FALSE
 USE_STROKE_TRUE
 USE_BLISS_FALSE
 USE_BLISS_TRUE
+USE_NEWHOPE_FALSE
+USE_NEWHOPE_TRUE
 USE_NTRU_FALSE
 USE_NTRU_TRUE
 USE_AF_ALG_FALSE
@@ -985,6 +987,8 @@ USE_GMP_FALSE
 USE_GMP_TRUE
 USE_FIPS_PRF_FALSE
 USE_FIPS_PRF_TRUE
+USE_MGF1_FALSE
+USE_MGF1_TRUE
 USE_SHA3_FALSE
 USE_SHA3_TRUE
 USE_SHA2_FALSE
@@ -1061,9 +1065,6 @@ nm_LIBS
 nm_CFLAGS
 pcsclite_LIBS
 pcsclite_CFLAGS
-dbusservicedir
-maemo_LIBS
-maemo_CFLAGS
 MYSQLCFLAG
 MYSQLCONFIG
 MYSQLLIB
@@ -1075,6 +1076,8 @@ gtk_LIBS
 gtk_CFLAGS
 json_LIBS
 json_CFLAGS
+tss2_LIBS
+tss2_CFLAGS
 systemd_journal_LIBS
 systemd_journal_CFLAGS
 systemd_daemon_LIBS
@@ -1306,6 +1309,8 @@ enable_gmp
 enable_hmac
 enable_md4
 enable_md5
+enable_mgf1
+enable_newhope
 enable_nonce
 enable_ntru
 enable_openssl
@@ -1422,7 +1427,6 @@ enable_ha
 enable_led
 enable_load_tester
 enable_lookip
-enable_maemo
 enable_radattr
 enable_systime_fix
 enable_test_vectors
@@ -1506,12 +1510,12 @@ systemd_daemon_CFLAGS
 systemd_daemon_LIBS
 systemd_journal_CFLAGS
 systemd_journal_LIBS
+tss2_CFLAGS
+tss2_LIBS
 json_CFLAGS
 json_LIBS
 gtk_CFLAGS
 gtk_LIBS
-maemo_CFLAGS
-maemo_LIBS
 pcsclite_CFLAGS
 pcsclite_LIBS
 nm_CFLAGS
@@ -2068,7 +2072,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures strongSwan 5.5.0 to adapt to many kinds of systems.
+\`configure' configures strongSwan 5.5.1 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -2139,7 +2143,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of strongSwan 5.5.0:";;
+     short | recursive ) echo "Configuration of strongSwan 5.5.1:";;
    esac
   cat <<\_ACEOF
 
@@ -2166,6 +2170,8 @@ Optional Features:
   --disable-hmac          disable HMAC crypto implementation plugin.
   --enable-md4            enable MD4 software implementation plugin.
   --disable-md5           disable MD5 software implementation plugin.
+  --enable-mgf1           enable the MGF1 software implementation plugin.
+  --enable-newhope        enable New Hope crypto plugin.
   --disable-nonce         disable nonce generation plugin.
   --enable-ntru           enables the NTRU crypto plugin.
   --enable-openssl        enables the OpenSSL crypto plugin.
@@ -2317,7 +2323,6 @@ Optional Features:
   --enable-load-tester    enable load testing plugin for IKEv2 daemon.
   --enable-lookip         enable fast virtual IP lookup and notification
                           plugin.
-  --enable-maemo          enable Maemo specific plugin.
   --enable-radattr        enable plugin to inject and process custom RADIUS
                           attributes as IKEv2 client.
   --enable-systime-fix    enable plugin to handle cert lifetimes with invalid
@@ -2516,13 +2521,12 @@ Some influential environment variables:
               C compiler flags for systemd_journal, overriding pkg-config
   systemd_journal_LIBS
               linker flags for systemd_journal, overriding pkg-config
+  tss2_CFLAGS C compiler flags for tss2, overriding pkg-config
+  tss2_LIBS   linker flags for tss2, overriding pkg-config
   json_CFLAGS C compiler flags for json, overriding pkg-config
   json_LIBS   linker flags for json, overriding pkg-config
   gtk_CFLAGS  C compiler flags for gtk, overriding pkg-config
   gtk_LIBS    linker flags for gtk, overriding pkg-config
-  maemo_CFLAGS
-              C compiler flags for maemo, overriding pkg-config
-  maemo_LIBS  linker flags for maemo, overriding pkg-config
   pcsclite_CFLAGS
               C compiler flags for pcsclite, overriding pkg-config
   pcsclite_LIBS
@@ -2600,7 +2604,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-strongSwan configure 5.5.0
+strongSwan configure 5.5.1
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -3122,7 +3126,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by strongSwan $as_me 5.5.0, which was
+It was created by strongSwan $as_me 5.5.1, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -3985,7 +3989,7 @@ fi
 
 # Define the identity of the package.
  PACKAGE='strongswan'
- VERSION='5.5.0'
+ VERSION='5.5.1'
 
 
 cat >>confdefs.h <<_ACEOF
@@ -5084,6 +5088,38 @@ fi
 
 	enabled_by_default=${enabled_by_default}" md5"
 
+# Check whether --enable-mgf1 was given.
+if test "${enable_mgf1+set}" = set; then :
+  enableval=$enable_mgf1; mgf1_given=true
+		if test x$enableval = xyes; then
+			mgf1=true
+		 else
+			mgf1=false
+		fi
+else
+  mgf1=false
+		mgf1_given=false
+
+fi
+
+	disabled_by_default=${disabled_by_default}" mgf1"
+
+# Check whether --enable-newhope was given.
+if test "${enable_newhope+set}" = set; then :
+  enableval=$enable_newhope; newhope_given=true
+		if test x$enableval = xyes; then
+			newhope=true
+		 else
+			newhope=false
+		fi
+else
+  newhope=false
+		newhope_given=false
+
+fi
+
+	disabled_by_default=${disabled_by_default}" newhope"
+
 # Check whether --enable-nonce was given.
 if test "${enable_nonce+set}" = set; then :
   enableval=$enable_nonce; nonce_given=true
@@ -6949,22 +6985,6 @@ fi
 
 	disabled_by_default=${disabled_by_default}" lookip"
 
-# Check whether --enable-maemo was given.
-if test "${enable_maemo+set}" = set; then :
-  enableval=$enable_maemo; maemo_given=true
-		if test x$enableval = xyes; then
-			maemo=true
-		 else
-			maemo=false
-		fi
-else
-  maemo=false
-		maemo_given=false
-
-fi
-
-	disabled_by_default=${disabled_by_default}" maemo"
-
 # Check whether --enable-radattr was given.
 if test "${enable_radattr+set}" = set; then :
   enableval=$enable_radattr; radattr_given=true
@@ -17992,6 +18012,10 @@ if test x$aikpub2 = xtrue; then
 	tss_tss2=true
 fi
 
+if test x$ntru = xtrue -o x$bliss = xtrue; then
+	mgf1=true
+fi
+
 # ===========================================
 #  check required libraries and header files
 # ===========================================
@@ -18676,64 +18700,52 @@ fi
 
 
 
-# uClibc requires explicit -latomic for __atomic_* operations
+# Some architectures require explicit -latomic for __atomic_* operations
+# AC_SEARCH_LIBS() does not work when checking built-ins due to conflicting types
 LIBS=""
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing __atomic_load" >&5
-$as_echo_n "checking for library containing __atomic_load... " >&6; }
-if ${ac_cv_search___atomic_load+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  ac_func_search_save_LIBS=$LIBS
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing __atomic_and_fetch" >&5
+$as_echo_n "checking for library containing __atomic_and_fetch... " >&6; }
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char __atomic_load ();
 int
 main ()
 {
-return __atomic_load ();
+int x; __atomic_and_fetch(&x, 1, __ATOMIC_RELAXED);
   ;
   return 0;
 }
 _ACEOF
-for ac_lib in '' atomic; do
-  if test -z "$ac_lib"; then
-    ac_res="none required"
-  else
-    ac_res=-l$ac_lib
-    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
-  fi
-  if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_search___atomic_load=$ac_res
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext
-  if ${ac_cv_search___atomic_load+:} false; then :
-  break
-fi
-done
-if ${ac_cv_search___atomic_load+:} false; then :
+if ac_fn_c_try_link "$LINENO"; then :
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: none required" >&5
+$as_echo "none required" >&6; }
+else
+  LIBS="-latomic";
+	 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
 
+int
+main ()
+{
+int x; __atomic_and_fetch(&x, 1, __ATOMIC_RELAXED);
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: -latomic" >&5
+$as_echo "-latomic" >&6; }; ATOMICLIB=$LIBS
 else
-  ac_cv_search___atomic_load=no
-fi
-rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search___atomic_load" >&5
-$as_echo "$ac_cv_search___atomic_load" >&6; }
-ac_res=$ac_cv_search___atomic_load
-if test "$ac_res" != no; then :
-  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
-  ATOMICLIB=$LIBS
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
 fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+
 
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
 
 
 LIBS=$saved_LIBS
@@ -19046,7 +19058,7 @@ else
 fi
 
 
-for ac_header in sys/sockio.h sys/syscall.h glob.h net/if_tun.h
+for ac_header in sys/sockio.h sys/syscall.h sys/param.h glob.h net/if_tun.h
 do :
   as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
 ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
@@ -20715,54 +20727,103 @@ $as_echo "#define TSS_TROUSERS /**/" >>confdefs.h
 fi
 
 if test x$tss_tss2 = xtrue; then
-	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -ltss2" >&5
-$as_echo_n "checking for main in -ltss2... " >&6; }
-if ${ac_cv_lib_tss2_main+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-ltss2  $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
 
+pkg_failed=no
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for tss2" >&5
+$as_echo_n "checking for tss2... " >&6; }
 
-int
-main ()
-{
-return main ();
-  ;
-  return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_lib_tss2_main=yes
+if test -n "$tss2_CFLAGS"; then
+    pkg_cv_tss2_CFLAGS="$tss2_CFLAGS"
+ elif test -n "$PKG_CONFIG"; then
+    if test -n "$PKG_CONFIG" && \
+    { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tcti-socket\""; } >&5
+  ($PKG_CONFIG --exists --print-errors "tcti-socket") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; then
+  pkg_cv_tss2_CFLAGS=`$PKG_CONFIG --cflags "tcti-socket" 2>/dev/null`
+		      test "x$?" != "x0" && pkg_failed=yes
 else
-  ac_cv_lib_tss2_main=no
+  pkg_failed=yes
 fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
+ else
+    pkg_failed=untried
 fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_tss2_main" >&5
-$as_echo "$ac_cv_lib_tss2_main" >&6; }
-if test "x$ac_cv_lib_tss2_main" = xyes; then :
-  LIBS="$LIBS"
+if test -n "$tss2_LIBS"; then
+    pkg_cv_tss2_LIBS="$tss2_LIBS"
+ elif test -n "$PKG_CONFIG"; then
+    if test -n "$PKG_CONFIG" && \
+    { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tcti-socket\""; } >&5
+  ($PKG_CONFIG --exists --print-errors "tcti-socket") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; then
+  pkg_cv_tss2_LIBS=`$PKG_CONFIG --libs "tcti-socket" 2>/dev/null`
+		      test "x$?" != "x0" && pkg_failed=yes
 else
-  as_fn_error $? "TTS 2.0 library libtss2 not found" "$LINENO" 5
+  pkg_failed=yes
 fi
+ else
+    pkg_failed=untried
+fi
+
 
-	ac_fn_c_check_header_mongrel "$LINENO" "tss2/tpm20.h" "ac_cv_header_tss2_tpm20_h" "$ac_includes_default"
-if test "x$ac_cv_header_tss2_tpm20_h" = xyes; then :
 
+if test $pkg_failed = yes; then
+   	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
+        _pkg_short_errors_supported=yes
 else
-  as_fn_error $? "TSS 2.0 header tss2/tpm20.h not found!" "$LINENO" 5
+        _pkg_short_errors_supported=no
 fi
+        if test $_pkg_short_errors_supported = yes; then
+	        tss2_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "tcti-socket" 2>&1`
+        else
+	        tss2_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "tcti-socket" 2>&1`
+        fi
+	# Put the nasty error message in config.log where it belongs
+	echo "$tss2_PKG_ERRORS" >&5
 
+	as_fn_error $? "Package requirements (tcti-socket) were not met:
 
+$tss2_PKG_ERRORS
+
+Consider adjusting the PKG_CONFIG_PATH environment variable if you
+installed software in a non-standard prefix.
+
+Alternatively, you may set the environment variables tss2_CFLAGS
+and tss2_LIBS to avoid the need to call pkg-config.
+See the pkg-config man page for more details." "$LINENO" 5
+elif test $pkg_failed = untried; then
+     	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+	{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "The pkg-config script could not be found or is too old.  Make sure it
+is in your PATH or set the PKG_CONFIG environment variable to the full
+path to pkg-config.
+
+Alternatively, you may set the environment variables tss2_CFLAGS
+and tss2_LIBS to avoid the need to call pkg-config.
+See the pkg-config man page for more details.
+
+To get pkg-config, see <http://pkg-config.freedesktop.org/>.
+See \`config.log' for more details" "$LINENO" 5; }
+else
+	tss2_CFLAGS=$pkg_cv_tss2_CFLAGS
+	tss2_LIBS=$pkg_cv_tss2_LIBS
+        { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
 
 $as_echo "#define TSS_TSS2 /**/" >>confdefs.h
 
 fi
+
+
+fi
+
 if test x$imv_swid = xtrue; then
 
 pkg_failed=no
@@ -21795,104 +21856,6 @@ fi
 
 fi
 
-if test x$maemo = xtrue; then
-
-pkg_failed=no
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for maemo" >&5
-$as_echo_n "checking for maemo... " >&6; }
-
-if test -n "$maemo_CFLAGS"; then
-    pkg_cv_maemo_CFLAGS="$maemo_CFLAGS"
- elif test -n "$PKG_CONFIG"; then
-    if test -n "$PKG_CONFIG" && \
-    { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"glib-2.0 gthread-2.0 libosso osso-af-settings\""; } >&5
-  ($PKG_CONFIG --exists --print-errors "glib-2.0 gthread-2.0 libosso osso-af-settings") 2>&5
-  ac_status=$?
-  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
-  test $ac_status = 0; }; then
-  pkg_cv_maemo_CFLAGS=`$PKG_CONFIG --cflags "glib-2.0 gthread-2.0 libosso osso-af-settings" 2>/dev/null`
-		      test "x$?" != "x0" && pkg_failed=yes
-else
-  pkg_failed=yes
-fi
- else
-    pkg_failed=untried
-fi
-if test -n "$maemo_LIBS"; then
-    pkg_cv_maemo_LIBS="$maemo_LIBS"
- elif test -n "$PKG_CONFIG"; then
-    if test -n "$PKG_CONFIG" && \
-    { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"glib-2.0 gthread-2.0 libosso osso-af-settings\""; } >&5
-  ($PKG_CONFIG --exists --print-errors "glib-2.0 gthread-2.0 libosso osso-af-settings") 2>&5
-  ac_status=$?
-  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
-  test $ac_status = 0; }; then
-  pkg_cv_maemo_LIBS=`$PKG_CONFIG --libs "glib-2.0 gthread-2.0 libosso osso-af-settings" 2>/dev/null`
-		      test "x$?" != "x0" && pkg_failed=yes
-else
-  pkg_failed=yes
-fi
- else
-    pkg_failed=untried
-fi
-
-
-
-if test $pkg_failed = yes; then
-   	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-
-if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
-        _pkg_short_errors_supported=yes
-else
-        _pkg_short_errors_supported=no
-fi
-        if test $_pkg_short_errors_supported = yes; then
-	        maemo_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "glib-2.0 gthread-2.0 libosso osso-af-settings" 2>&1`
-        else
-	        maemo_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "glib-2.0 gthread-2.0 libosso osso-af-settings" 2>&1`
-        fi
-	# Put the nasty error message in config.log where it belongs
-	echo "$maemo_PKG_ERRORS" >&5
-
-	as_fn_error $? "Package requirements (glib-2.0 gthread-2.0 libosso osso-af-settings) were not met:
-
-$maemo_PKG_ERRORS
-
-Consider adjusting the PKG_CONFIG_PATH environment variable if you
-installed software in a non-standard prefix.
-
-Alternatively, you may set the environment variables maemo_CFLAGS
-and maemo_LIBS to avoid the need to call pkg-config.
-See the pkg-config man page for more details." "$LINENO" 5
-elif test $pkg_failed = untried; then
-     	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-	{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "The pkg-config script could not be found or is too old.  Make sure it
-is in your PATH or set the PKG_CONFIG environment variable to the full
-path to pkg-config.
-
-Alternatively, you may set the environment variables maemo_CFLAGS
-and maemo_LIBS to avoid the need to call pkg-config.
-See the pkg-config man page for more details.
-
-To get pkg-config, see <http://pkg-config.freedesktop.org/>.
-See \`config.log' for more details" "$LINENO" 5; }
-else
-	maemo_CFLAGS=$pkg_cv_maemo_CFLAGS
-	maemo_LIBS=$pkg_cv_maemo_LIBS
-        { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
-
-fi
-
-
-	dbusservicedir="/usr/share/dbus-1/system-services"
-
-fi
-
 if test x$eap_sim_pcsc = xtrue; then
 
 pkg_failed=no
@@ -23088,6 +23051,20 @@ if test x$md5 = xtrue; then
 
 	fi
 
+if test x$mgf1 = xtrue; then
+		s_plugins=${s_plugins}" mgf1"
+		charon_plugins=${charon_plugins}" mgf1"
+		scepclient_plugins=${scepclient_plugins}" mgf1"
+		pki_plugins=${pki_plugins}" mgf1"
+		scripts_plugins=${scripts_plugins}" mgf1"
+		medsrv_plugins=${medsrv_plugins}" mgf1"
+		attest_plugins=${attest_plugins}" mgf1"
+		nm_plugins=${nm_plugins}" mgf1"
+		cmd_plugins=${cmd_plugins}" mgf1"
+		aikgen_plugins=${aikgen_plugins}" mgf1"
+
+	fi
+
 if test x$rdrand = xtrue; then
 		s_plugins=${s_plugins}" rdrand"
 		charon_plugins=${charon_plugins}" rdrand"
@@ -23428,6 +23405,15 @@ if test x$ntru = xtrue; then
 
 	fi
 
+if test x$newhope = xtrue; then
+		s_plugins=${s_plugins}" newhope"
+		charon_plugins=${charon_plugins}" newhope"
+		scripts_plugins=${scripts_plugins}" newhope"
+		nm_plugins=${nm_plugins}" newhope"
+		cmd_plugins=${cmd_plugins}" newhope"
+
+	fi
+
 if test x$bliss = xtrue; then
 		s_plugins=${s_plugins}" bliss"
 		charon_plugins=${charon_plugins}" bliss"
@@ -23943,12 +23929,6 @@ if test x$radattr = xtrue; then
 
 	fi
 
-if test x$maemo = xtrue; then
-		c_plugins=${c_plugins}" maemo"
-		charon_plugins=${charon_plugins}" maemo"
-
-	fi
-
 if test x$uci = xtrue; then
 		c_plugins=${c_plugins}" uci"
 		charon_plugins=${charon_plugins}" uci"
@@ -24120,6 +24100,14 @@ else
   USE_SHA3_FALSE=
 fi
 
+ if test x$mgf1 = xtrue; then
+  USE_MGF1_TRUE=
+  USE_MGF1_FALSE='#'
+else
+  USE_MGF1_TRUE='#'
+  USE_MGF1_FALSE=
+fi
+
  if test x$fips_prf = xtrue; then
   USE_FIPS_PRF_TRUE=
   USE_FIPS_PRF_FALSE='#'
@@ -24408,6 +24396,14 @@ else
   USE_NTRU_FALSE=
 fi
 
+ if test x$newhope = xtrue; then
+  USE_NEWHOPE_TRUE=
+  USE_NEWHOPE_FALSE='#'
+else
+  USE_NEWHOPE_TRUE='#'
+  USE_NEWHOPE_FALSE=
+fi
+
  if test x$bliss = xtrue; then
   USE_BLISS_TRUE=
   USE_BLISS_FALSE='#'
@@ -24491,14 +24487,6 @@ else
   USE_ANDROID_LOG_FALSE=
 fi
 
- if test x$maemo = xtrue; then
-  USE_MAEMO_TRUE=
-  USE_MAEMO_FALSE='#'
-else
-  USE_MAEMO_TRUE='#'
-  USE_MAEMO_FALSE=
-fi
-
  if test x$smp = xtrue; then
   USE_SMP_TRUE=
   USE_SMP_FALSE='#'
@@ -25286,6 +25274,14 @@ else
   USE_LIBIPSEC_FALSE=
 fi
 
+ if test x$bliss = xtrue -o x$newhope = xtrue; then
+  USE_LIBNTTFFT_TRUE=
+  USE_LIBNTTFFT_FALSE='#'
+else
+  USE_LIBNTTFFT_TRUE='#'
+  USE_LIBNTTFFT_FALSE=
+fi
+
  if test x$tnc_tnccs = xtrue -o x$imcv = xtrue; then
   USE_LIBTNCIF_TRUE=
   USE_LIBTNCIF_FALSE='#'
@@ -25625,7 +25621,7 @@ fi
 #  build Makefiles
 # =================
 
-ac_config_files="$ac_config_files Makefile conf/Makefile man/Makefile init/Makefile init/systemd/Makefile init/systemd-swanctl/Makefile src/Makefile src/include/Makefile src/libstrongswan/Makefile src/libstrongswan/plugins/aes/Makefile src/libstrongswan/plugins/cmac/Makefile src/libstrongswan/plugins/des/Makefile src/libstrongswan/plugins/blowfish/Makefile src/libstrongswan/plugins/rc2/Makefile src/libstrongswan/plugins/md4/Makefile src/libstrongswan/plugins/md5/Makefile src/libstrongswa [...]
+ac_config_files="$ac_config_files Makefile conf/Makefile man/Makefile init/Makefile init/systemd/Makefile init/systemd-swanctl/Makefile src/Makefile src/include/Makefile src/libstrongswan/Makefile src/libstrongswan/math/libnttfft/Makefile src/libstrongswan/math/libnttfft/tests/Makefile src/libstrongswan/plugins/aes/Makefile src/libstrongswan/plugins/cmac/Makefile src/libstrongswan/plugins/des/Makefile src/libstrongswan/plugins/blowfish/Makefile src/libstrongswan/plugins/rc2/Makefile src/ [...]
 
 
 # =================
@@ -25861,6 +25857,10 @@ if test -z "${USE_SHA3_TRUE}" && test -z "${USE_SHA3_FALSE}"; then
   as_fn_error $? "conditional \"USE_SHA3\" was never defined.
 Usually this means the macro was only invoked conditionally." "$LINENO" 5
 fi
+if test -z "${USE_MGF1_TRUE}" && test -z "${USE_MGF1_FALSE}"; then
+  as_fn_error $? "conditional \"USE_MGF1\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
 if test -z "${USE_FIPS_PRF_TRUE}" && test -z "${USE_FIPS_PRF_FALSE}"; then
   as_fn_error $? "conditional \"USE_FIPS_PRF\" was never defined.
 Usually this means the macro was only invoked conditionally." "$LINENO" 5
@@ -26005,6 +26005,10 @@ if test -z "${USE_NTRU_TRUE}" && test -z "${USE_NTRU_FALSE}"; then
   as_fn_error $? "conditional \"USE_NTRU\" was never defined.
 Usually this means the macro was only invoked conditionally." "$LINENO" 5
 fi
+if test -z "${USE_NEWHOPE_TRUE}" && test -z "${USE_NEWHOPE_FALSE}"; then
+  as_fn_error $? "conditional \"USE_NEWHOPE\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
 if test -z "${USE_BLISS_TRUE}" && test -z "${USE_BLISS_FALSE}"; then
   as_fn_error $? "conditional \"USE_BLISS\" was never defined.
 Usually this means the macro was only invoked conditionally." "$LINENO" 5
@@ -26045,10 +26049,6 @@ if test -z "${USE_ANDROID_LOG_TRUE}" && test -z "${USE_ANDROID_LOG_FALSE}"; then
   as_fn_error $? "conditional \"USE_ANDROID_LOG\" was never defined.
 Usually this means the macro was only invoked conditionally." "$LINENO" 5
 fi
-if test -z "${USE_MAEMO_TRUE}" && test -z "${USE_MAEMO_FALSE}"; then
-  as_fn_error $? "conditional \"USE_MAEMO\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
 if test -z "${USE_SMP_TRUE}" && test -z "${USE_SMP_FALSE}"; then
   as_fn_error $? "conditional \"USE_SMP\" was never defined.
 Usually this means the macro was only invoked conditionally." "$LINENO" 5
@@ -26441,6 +26441,10 @@ if test -z "${USE_LIBIPSEC_TRUE}" && test -z "${USE_LIBIPSEC_FALSE}"; then
   as_fn_error $? "conditional \"USE_LIBIPSEC\" was never defined.
 Usually this means the macro was only invoked conditionally." "$LINENO" 5
 fi
+if test -z "${USE_LIBNTTFFT_TRUE}" && test -z "${USE_LIBNTTFFT_FALSE}"; then
+  as_fn_error $? "conditional \"USE_LIBNTTFFT\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
 if test -z "${USE_LIBTNCIF_TRUE}" && test -z "${USE_LIBTNCIF_FALSE}"; then
   as_fn_error $? "conditional \"USE_LIBTNCIF\" was never defined.
 Usually this means the macro was only invoked conditionally." "$LINENO" 5
@@ -26962,7 +26966,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by strongSwan $as_me 5.5.0, which was
+This file was extended by strongSwan $as_me 5.5.1, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -27028,7 +27032,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-strongSwan config.status 5.5.0
+strongSwan config.status 5.5.1
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 
@@ -27452,6 +27456,8 @@ do
     "src/Makefile") CONFIG_FILES="$CONFIG_FILES src/Makefile" ;;
     "src/include/Makefile") CONFIG_FILES="$CONFIG_FILES src/include/Makefile" ;;
     "src/libstrongswan/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/Makefile" ;;
+    "src/libstrongswan/math/libnttfft/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/math/libnttfft/Makefile" ;;
+    "src/libstrongswan/math/libnttfft/tests/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/math/libnttfft/tests/Makefile" ;;
     "src/libstrongswan/plugins/aes/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/aes/Makefile" ;;
     "src/libstrongswan/plugins/cmac/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/cmac/Makefile" ;;
     "src/libstrongswan/plugins/des/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/des/Makefile" ;;
@@ -27462,6 +27468,7 @@ do
     "src/libstrongswan/plugins/sha1/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/sha1/Makefile" ;;
     "src/libstrongswan/plugins/sha2/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/sha2/Makefile" ;;
     "src/libstrongswan/plugins/sha3/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/sha3/Makefile" ;;
+    "src/libstrongswan/plugins/mgf1/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/mgf1/Makefile" ;;
     "src/libstrongswan/plugins/fips_prf/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/fips_prf/Makefile" ;;
     "src/libstrongswan/plugins/gmp/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/gmp/Makefile" ;;
     "src/libstrongswan/plugins/rdrand/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/rdrand/Makefile" ;;
@@ -27505,6 +27512,8 @@ do
     "src/libstrongswan/plugins/ntru/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/ntru/Makefile" ;;
     "src/libstrongswan/plugins/bliss/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/bliss/Makefile" ;;
     "src/libstrongswan/plugins/bliss/tests/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/bliss/tests/Makefile" ;;
+    "src/libstrongswan/plugins/newhope/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/newhope/Makefile" ;;
+    "src/libstrongswan/plugins/newhope/tests/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/newhope/tests/Makefile" ;;
     "src/libstrongswan/plugins/test_vectors/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/test_vectors/Makefile" ;;
     "src/libstrongswan/tests/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/tests/Makefile" ;;
     "src/libipsec/Makefile") CONFIG_FILES="$CONFIG_FILES src/libipsec/Makefile" ;;
@@ -27602,7 +27611,6 @@ do
     "src/libcharon/plugins/p_cscf/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/p_cscf/Makefile" ;;
     "src/libcharon/plugins/android_dns/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/android_dns/Makefile" ;;
     "src/libcharon/plugins/android_log/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/android_log/Makefile" ;;
-    "src/libcharon/plugins/maemo/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/maemo/Makefile" ;;
     "src/libcharon/plugins/stroke/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/stroke/Makefile" ;;
     "src/libcharon/plugins/vici/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/vici/Makefile" ;;
     "src/libcharon/plugins/vici/ruby/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/vici/ruby/Makefile" ;;
diff --git a/configure.ac b/configure.ac
index 3aa7d91..622c79a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -19,7 +19,7 @@
 #  initialize & set some vars
 # ============================
 
-AC_INIT([strongSwan],[5.5.0])
+AC_INIT([strongSwan],[5.5.1])
 AM_INIT_AUTOMAKE(m4_esyscmd([
 	echo tar-ustar
 	echo subdir-objects
@@ -136,6 +136,8 @@ ARG_DISBL_SET([gmp],            [disable GNU MP (libgmp) based crypto implementa
 ARG_DISBL_SET([hmac],           [disable HMAC crypto implementation plugin.])
 ARG_ENABL_SET([md4],            [enable MD4 software implementation plugin.])
 ARG_DISBL_SET([md5],            [disable MD5 software implementation plugin.])
+ARG_ENABL_SET([mgf1],           [enable the MGF1 software implementation plugin.])
+ARG_ENABL_SET([newhope],        [enable New Hope crypto plugin.])
 ARG_DISBL_SET([nonce],          [disable nonce generation plugin.])
 ARG_ENABL_SET([ntru],           [enables the NTRU crypto plugin.])
 ARG_ENABL_SET([openssl],        [enables the OpenSSL crypto plugin.])
@@ -261,7 +263,6 @@ ARG_ENABL_SET([ha],             [enable high availability cluster plugin.])
 ARG_ENABL_SET([led],            [enable plugin to control LEDs on IKEv2 activity using the Linux kernel LED subsystem.])
 ARG_ENABL_SET([load-tester],    [enable load testing plugin for IKEv2 daemon.])
 ARG_ENABL_SET([lookip],         [enable fast virtual IP lookup and notification plugin.])
-ARG_ENABL_SET([maemo],          [enable Maemo specific plugin.])
 ARG_ENABL_SET([radattr],        [enable plugin to inject and process custom RADIUS attributes as IKEv2 client.])
 ARG_ENABL_SET([systime-fix],    [enable plugin to handle cert lifetimes with invalid system time gracefully.])
 ARG_ENABL_SET([test-vectors],   [enable plugin providing crypto test vectors.])
@@ -465,6 +466,10 @@ if test x$aikpub2 = xtrue; then
 	tss_tss2=true
 fi
 
+if test x$ntru = xtrue -o x$bliss = xtrue; then
+	mgf1=true
+fi
+
 # ===========================================
 #  check required libraries and header files
 # ===========================================
@@ -500,9 +505,20 @@ LIBS=$DLLIB
 AC_SEARCH_LIBS(pthread_create, pthread, [PTHREADLIB=$LIBS])
 AC_SUBST(PTHREADLIB)
 
-# uClibc requires explicit -latomic for __atomic_* operations
+# Some architectures require explicit -latomic for __atomic_* operations
+# AC_SEARCH_LIBS() does not work when checking built-ins due to conflicting types
 LIBS=""
-AC_SEARCH_LIBS(__atomic_load, atomic, [ATOMICLIB=$LIBS])
+AC_MSG_CHECKING(for library containing __atomic_and_fetch)
+AC_LINK_IFELSE(
+	[AC_LANG_PROGRAM([[]], [[int x; __atomic_and_fetch(&x, 1, __ATOMIC_RELAXED);]])],
+	[AC_MSG_RESULT([none required])],
+	[LIBS="-latomic";
+	 AC_LINK_IFELSE(
+		[AC_LANG_PROGRAM([[]], [[int x; __atomic_and_fetch(&x, 1, __ATOMIC_RELAXED);]])],
+		[AC_MSG_RESULT([-latomic]); ATOMICLIB=$LIBS],
+		[AC_MSG_RESULT([no])])
+	]
+)
 AC_SUBST(ATOMICLIB)
 
 LIBS=$saved_LIBS
@@ -617,7 +633,7 @@ AC_CHECK_FUNC([syslog], [
 ])
 AM_CONDITIONAL(USE_SYSLOG, [test "x$syslog" = xtrue])
 
-AC_CHECK_HEADERS(sys/sockio.h sys/syscall.h glob.h net/if_tun.h)
+AC_CHECK_HEADERS(sys/sockio.h sys/syscall.h sys/param.h glob.h net/if_tun.h)
 AC_CHECK_HEADERS(net/pfkeyv2.h netipsec/ipsec.h netinet6/ipsec.h linux/udp.h)
 AC_CHECK_HEADERS([netinet/ip6.h linux/fib_rules.h], [], [],
 [
@@ -977,10 +993,11 @@ if test x$tss_trousers = xtrue; then
 fi
 
 if test x$tss_tss2 = xtrue; then
-	AC_CHECK_LIB([tss2],[main],[LIBS="$LIBS"],[AC_MSG_ERROR([TTS 2.0 library libtss2 not found])],[])
-	AC_CHECK_HEADER([tss2/tpm20.h],,[AC_MSG_ERROR([TSS 2.0 header tss2/tpm20.h not found!])])
-	AC_DEFINE([TSS_TSS2], [], [use TSS 2.0 library libtss2])
+	PKG_CHECK_MODULES(tss2, [tcti-socket], [AC_DEFINE([TSS_TSS2], [], [use TSS 2.0 libraries])])
+	AC_SUBST(tss2_CFLAGS)
+	AC_SUBST(tss2_LIBS)
 fi
+
 if test x$imv_swid = xtrue; then
 	PKG_CHECK_MODULES(json, [json-c], [],
 		[PKG_CHECK_MODULES(json, [json])])
@@ -1127,14 +1144,6 @@ if test x$android_dns = xtrue; then
 	AC_SUBST(DLLIB)
 fi
 
-if test x$maemo = xtrue; then
-	PKG_CHECK_MODULES(maemo, [glib-2.0 gthread-2.0 libosso osso-af-settings])
-	AC_SUBST(maemo_CFLAGS)
-	AC_SUBST(maemo_LIBS)
-	dbusservicedir="/usr/share/dbus-1/system-services"
-	AC_SUBST(dbusservicedir)
-fi
-
 if test x$eap_sim_pcsc = xtrue; then
 	PKG_CHECK_MODULES(pcsclite, [libpcsclite])
 	AC_SUBST(pcsclite_CFLAGS)
@@ -1323,6 +1332,7 @@ ADD_PLUGIN([sha3],                 [s charon scepclient pki scripts medsrv attes
 ADD_PLUGIN([sha1],                 [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen])
 ADD_PLUGIN([md4],                  [s charon scepclient pki nm cmd])
 ADD_PLUGIN([md5],                  [s charon scepclient pki scripts attest nm cmd aikgen])
+ADD_PLUGIN([mgf1],                 [s charon scepclient pki scripts medsrv attest nm cmd aikgen])
 ADD_PLUGIN([rdrand],               [s charon scepclient pki scripts medsrv attest nm cmd aikgen])
 ADD_PLUGIN([random],               [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen])
 ADD_PLUGIN([nonce],                [s charon nm cmd aikgen])
@@ -1357,6 +1367,7 @@ ADD_PLUGIN([ctr],                  [s charon scripts nm cmd])
 ADD_PLUGIN([ccm],                  [s charon scripts nm cmd])
 ADD_PLUGIN([gcm],                  [s charon scripts nm cmd])
 ADD_PLUGIN([ntru],                 [s charon scripts nm cmd])
+ADD_PLUGIN([newhope],              [s charon scripts nm cmd])
 ADD_PLUGIN([bliss],                [s charon pki scripts nm cmd])
 ADD_PLUGIN([curl],                 [s charon scepclient pki scripts nm cmd])
 ADD_PLUGIN([files],                [s charon scepclient pki scripts nm cmd])
@@ -1433,7 +1444,6 @@ ADD_PLUGIN([led],                  [c charon])
 ADD_PLUGIN([duplicheck],           [c charon])
 ADD_PLUGIN([coupling],             [c charon])
 ADD_PLUGIN([radattr],              [c charon])
-ADD_PLUGIN([maemo],                [c charon])
 ADD_PLUGIN([uci],                  [c charon])
 ADD_PLUGIN([addrblock],            [c charon])
 ADD_PLUGIN([unity],                [c charon])
@@ -1478,6 +1488,7 @@ AM_CONDITIONAL(USE_MD5, test x$md5 = xtrue)
 AM_CONDITIONAL(USE_SHA1, test x$sha1 = xtrue)
 AM_CONDITIONAL(USE_SHA2, test x$sha2 = xtrue)
 AM_CONDITIONAL(USE_SHA3, test x$sha3 = xtrue)
+AM_CONDITIONAL(USE_MGF1, test x$mgf1 = xtrue)
 AM_CONDITIONAL(USE_FIPS_PRF, test x$fips_prf = xtrue)
 AM_CONDITIONAL(USE_GMP, test x$gmp = xtrue)
 AM_CONDITIONAL(USE_RDRAND, test x$rdrand = xtrue)
@@ -1514,6 +1525,7 @@ AM_CONDITIONAL(USE_CCM, test x$ccm = xtrue)
 AM_CONDITIONAL(USE_GCM, test x$gcm = xtrue)
 AM_CONDITIONAL(USE_AF_ALG, test x$af_alg = xtrue)
 AM_CONDITIONAL(USE_NTRU, test x$ntru = xtrue)
+AM_CONDITIONAL(USE_NEWHOPE, test x$newhope = xtrue)
 AM_CONDITIONAL(USE_BLISS, test x$bliss = xtrue)
 
 #  charon plugins
@@ -1527,7 +1539,6 @@ AM_CONDITIONAL(USE_OSX_ATTR, test x$osx_attr = xtrue)
 AM_CONDITIONAL(USE_P_CSCF, test x$p_cscf = xtrue)
 AM_CONDITIONAL(USE_ANDROID_DNS, test x$android_dns = xtrue)
 AM_CONDITIONAL(USE_ANDROID_LOG, test x$android_log = xtrue)
-AM_CONDITIONAL(USE_MAEMO, test x$maemo = xtrue)
 AM_CONDITIONAL(USE_SMP, test x$smp = xtrue)
 AM_CONDITIONAL(USE_SQL, test x$sql = xtrue)
 AM_CONDITIONAL(USE_DNSCERT, test x$dnscert = xtrue)
@@ -1629,6 +1640,7 @@ AM_CONDITIONAL(USE_CONFTEST, test x$conftest = xtrue)
 AM_CONDITIONAL(USE_LIBSTRONGSWAN, test x$charon = xtrue -o x$pki = xtrue -o x$scepclient = xtrue -o x$conftest = xtrue -o x$fast = xtrue -o x$imcv = xtrue -o x$nm = xtrue -o x$tkm = xtrue -o x$cmd = xtrue -o x$tls = xtrue -o x$tnc_tnccs = xtrue -o x$aikgen = xtrue -o x$aikpub2 = xtrue -o x$svc = xtrue -o x$systemd = xtrue)
 AM_CONDITIONAL(USE_LIBCHARON, test x$charon = xtrue -o x$conftest = xtrue -o x$nm = xtrue -o x$tkm = xtrue -o x$cmd = xtrue -o x$svc = xtrue -o x$systemd = xtrue)
 AM_CONDITIONAL(USE_LIBIPSEC, test x$libipsec = xtrue)
+AM_CONDITIONAL(USE_LIBNTTFFT, test x$bliss = xtrue -o x$newhope = xtrue)
 AM_CONDITIONAL(USE_LIBTNCIF, test x$tnc_tnccs = xtrue -o x$imcv = xtrue)
 AM_CONDITIONAL(USE_LIBTNCCS, test x$tnc_tnccs = xtrue)
 AM_CONDITIONAL(USE_LIBPTTLS, test x$tnc_tnccs = xtrue)
@@ -1721,6 +1733,8 @@ AC_CONFIG_FILES([
 	src/Makefile
 	src/include/Makefile
 	src/libstrongswan/Makefile
+	src/libstrongswan/math/libnttfft/Makefile
+	src/libstrongswan/math/libnttfft/tests/Makefile
 	src/libstrongswan/plugins/aes/Makefile
 	src/libstrongswan/plugins/cmac/Makefile
 	src/libstrongswan/plugins/des/Makefile
@@ -1731,6 +1745,7 @@ AC_CONFIG_FILES([
 	src/libstrongswan/plugins/sha1/Makefile
 	src/libstrongswan/plugins/sha2/Makefile
 	src/libstrongswan/plugins/sha3/Makefile
+	src/libstrongswan/plugins/mgf1/Makefile
 	src/libstrongswan/plugins/fips_prf/Makefile
 	src/libstrongswan/plugins/gmp/Makefile
 	src/libstrongswan/plugins/rdrand/Makefile
@@ -1774,6 +1789,8 @@ AC_CONFIG_FILES([
 	src/libstrongswan/plugins/ntru/Makefile
 	src/libstrongswan/plugins/bliss/Makefile
 	src/libstrongswan/plugins/bliss/tests/Makefile
+	src/libstrongswan/plugins/newhope/Makefile
+	src/libstrongswan/plugins/newhope/tests/Makefile
 	src/libstrongswan/plugins/test_vectors/Makefile
 	src/libstrongswan/tests/Makefile
 	src/libipsec/Makefile
@@ -1871,7 +1888,6 @@ AC_CONFIG_FILES([
 	src/libcharon/plugins/p_cscf/Makefile
 	src/libcharon/plugins/android_dns/Makefile
 	src/libcharon/plugins/android_log/Makefile
-	src/libcharon/plugins/maemo/Makefile
 	src/libcharon/plugins/stroke/Makefile
 	src/libcharon/plugins/vici/Makefile
 	src/libcharon/plugins/vici/ruby/Makefile
diff --git a/init/Makefile.in b/init/Makefile.in
index a7c723a..9ae5e47 100644
--- a/init/Makefile.in
+++ b/init/Makefile.in
@@ -329,7 +329,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -363,8 +362,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -418,6 +415,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/init/systemd-swanctl/Makefile.in b/init/systemd-swanctl/Makefile.in
index ceb0563..190eb8f 100644
--- a/init/systemd-swanctl/Makefile.in
+++ b/init/systemd-swanctl/Makefile.in
@@ -297,7 +297,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -331,8 +330,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -386,6 +383,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/init/systemd/Makefile.in b/init/systemd/Makefile.in
index a3a7963..325a4e3 100644
--- a/init/systemd/Makefile.in
+++ b/init/systemd/Makefile.in
@@ -297,7 +297,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -331,8 +330,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -386,6 +383,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/man/Makefile.in b/man/Makefile.in
index a473efd..4d04d25 100644
--- a/man/Makefile.in
+++ b/man/Makefile.in
@@ -303,7 +303,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -337,8 +336,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -392,6 +389,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/man/ipsec.conf.5.in b/man/ipsec.conf.5.in
index 54440c0..6f80709 100644
--- a/man/ipsec.conf.5.in
+++ b/man/ipsec.conf.5.in
@@ -247,7 +247,9 @@ can be added at the end.
 If
 .B dh-group
 is specified, CHILD_SA/Quick Mode setup and rekeying include a separate
-Diffie-Hellman exchange.
+Diffie-Hellman exchange (refer to the
+.B esp
+keyword for details).
 .TP
 .BR also " = <name>"
 includes conn section
@@ -410,18 +412,27 @@ exclamation mark
 can be added at the end.
 
 .BR Note :
-As a responder the daemon accepts the first supported proposal received from
-the peer. In order to restrict a responder to only accept specific cipher
-suites, the strict flag
+As a responder, the daemon defaults to selecting the first configured proposal
+that's also supported by the peer. This may be changed via
+.BR strongswan.conf (5)
+to selecting the first acceptable proposal sent by the peer instead. In order to
+restrict a responder to only accept specific cipher suites, the strict flag
 .RB ( ! ,
 exclamation mark) can be used, e.g: aes256-sha512-modp4096!
-.br
+
 If
 .B dh-group
-is specified, CHILD_SA/Quick Mode setup and rekeying include a separate
-Diffie-Hellman exchange.  Valid values for
+is specified, CHILD_SA/Quick Mode rekeying and initial negotiation use a
+separate Diffie-Hellman exchange using the specified group. However, for IKEv2,
+the keys of the CHILD_SA created implicitly with the IKE_SA will always be
+derived from the IKE_SA's key material. So any DH group specified here will only
+apply when the CHILD_SA is later rekeyed or is created with a separate
+CREATE_CHILD_SA exchange.  Therefore, a proposal mismatch might not immediately
+be noticed when the SA is established, but may later cause rekeying to fail.
+
+Valid values for
 .B esnmode
-(IKEv2 only) are
+are
 .B esn
 and
 .BR noesn .
@@ -434,14 +445,15 @@ force UDP encapsulation for ESP packets even if no NAT situation is detected.
 This may help to surmount restrictive firewalls. In order to force the peer to
 encapsulate packets, NAT detection payloads are faked.
 .TP
-.BR fragmentation " = yes | force | " no
+.BR fragmentation " = " yes "  | force | no"
 whether to use IKE fragmentation (proprietary IKEv1 extension or IKEv2
 fragmentation as per RFC 7383).  Acceptable values are
-.BR yes ,
+.B yes
+(the default),
 .B force
 and
-.B no
-(the default). Fragmented IKE messages sent by a peer are always accepted
+.BR no .
+Fragmented IKE messages sent by a peer are always accepted
 irrespective of the value of this option. If set to
 .BR yes ,
 and the peer supports it, larger IKE messages will be sent in fragments.
diff --git a/scripts/Makefile.in b/scripts/Makefile.in
index 0c73dfa..606efcf 100644
--- a/scripts/Makefile.in
+++ b/scripts/Makefile.in
@@ -411,7 +411,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -445,8 +444,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -500,6 +497,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/Makefile.in b/src/Makefile.in
index 5131738..16b1d28 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -367,7 +367,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -401,8 +400,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -456,6 +453,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/_copyright/Makefile.in b/src/_copyright/Makefile.in
index 5f7d50f..ce9ce1f 100644
--- a/src/_copyright/Makefile.in
+++ b/src/_copyright/Makefile.in
@@ -319,7 +319,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -353,8 +352,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -408,6 +405,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/_updown/Makefile.in b/src/_updown/Makefile.in
index 1d15c0c..37a57af 100644
--- a/src/_updown/Makefile.in
+++ b/src/_updown/Makefile.in
@@ -297,7 +297,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -331,8 +330,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -386,6 +383,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/aikgen/Makefile.in b/src/aikgen/Makefile.in
index 1e2b7dd..149e739 100644
--- a/src/aikgen/Makefile.in
+++ b/src/aikgen/Makefile.in
@@ -320,7 +320,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -354,8 +353,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -409,6 +406,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/aikpub2/Makefile.in b/src/aikpub2/Makefile.in
index adb40e4..62be867 100644
--- a/src/aikpub2/Makefile.in
+++ b/src/aikpub2/Makefile.in
@@ -320,7 +320,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -354,8 +353,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -409,6 +406,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/charon-cmd/Makefile.in b/src/charon-cmd/Makefile.in
index 098eb94..fb43e4e 100644
--- a/src/charon-cmd/Makefile.in
+++ b/src/charon-cmd/Makefile.in
@@ -357,7 +357,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -391,8 +390,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -446,6 +443,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/charon-nm/Makefile.am b/src/charon-nm/Makefile.am
index 6ab7f27..4abfc74 100644
--- a/src/charon-nm/Makefile.am
+++ b/src/charon-nm/Makefile.am
@@ -22,3 +22,8 @@ charon_nm_LDADD = \
 	$(top_builddir)/src/libstrongswan/libstrongswan.la \
 	$(top_builddir)/src/libcharon/libcharon.la \
 	-lm $(PTHREADLIB) $(ATOMICLIB) $(DLLIB) ${nm_LIBS}
+
+dbusservicedir = $(sysconfdir)/dbus-1/system.d
+dbusservice_DATA = nm-strongswan-service.conf
+
+EXTRA_DIST = $(dbusservice_DATA)
diff --git a/src/charon-nm/Makefile.in b/src/charon-nm/Makefile.in
index 715412a..7f05b35 100644
--- a/src/charon-nm/Makefile.in
+++ b/src/charon-nm/Makefile.in
@@ -14,6 +14,7 @@
 
 @SET_MAKE@
 
+
 VPATH = @srcdir@
 am__is_gnu_make = { \
   if test -z '$(MAKELEVEL)'; then \
@@ -108,7 +109,8 @@ mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
 CONFIG_CLEAN_VPATH_FILES =
-am__installdirs = "$(DESTDIR)$(ipsecdir)"
+am__installdirs = "$(DESTDIR)$(ipsecdir)" \
+	"$(DESTDIR)$(dbusservicedir)"
 PROGRAMS = $(ipsec_PROGRAMS)
 am__dirstamp = $(am__leading_dot)dirstamp
 am_charon_nm_OBJECTS = charon-nm.$(OBJEXT) nm/nm_backend.$(OBJEXT) \
@@ -166,6 +168,34 @@ am__can_run_installinfo = \
     n|no|NO) false;; \
     *) (install-info --version) >/dev/null 2>&1;; \
   esac
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+    *) f=$$p;; \
+  esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+  for p in $$list; do echo "$$p $$p"; done | \
+  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+    if (++n[$$2] == $(am__install_max)) \
+      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+    END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+  test -z "$$files" \
+    || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+    || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+         $(am__cd) "$$dir" && rm -f $$files; }; \
+  }
+DATA = $(dbusservice_DATA)
 am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
 # Read a list of newline-separated strings from the standard input,
 # and print each of them once, without duplicates.  Input order is
@@ -326,7 +356,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -360,8 +389,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -415,6 +442,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
@@ -441,6 +470,9 @@ charon_nm_LDADD = \
 	$(top_builddir)/src/libcharon/libcharon.la \
 	-lm $(PTHREADLIB) $(ATOMICLIB) $(DLLIB) ${nm_LIBS}
 
+dbusservicedir = $(sysconfdir)/dbus-1/system.d
+dbusservice_DATA = nm-strongswan-service.conf
+EXTRA_DIST = $(dbusservice_DATA)
 all: all-am
 
 .SUFFIXES:
@@ -583,6 +615,27 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
+install-dbusserviceDATA: $(dbusservice_DATA)
+	@$(NORMAL_INSTALL)
+	@list='$(dbusservice_DATA)'; test -n "$(dbusservicedir)" || list=; \
+	if test -n "$$list"; then \
+	  echo " $(MKDIR_P) '$(DESTDIR)$(dbusservicedir)'"; \
+	  $(MKDIR_P) "$(DESTDIR)$(dbusservicedir)" || exit 1; \
+	fi; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; \
+	done | $(am__base_list) | \
+	while read files; do \
+	  echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(dbusservicedir)'"; \
+	  $(INSTALL_DATA) $$files "$(DESTDIR)$(dbusservicedir)" || exit $$?; \
+	done
+
+uninstall-dbusserviceDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(dbusservice_DATA)'; test -n "$(dbusservicedir)" || list=; \
+	files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+	dir='$(DESTDIR)$(dbusservicedir)'; $(am__uninstall_files_from_dir)
 
 ID: $(am__tagged_files)
 	$(am__define_uniq_tagged_files); mkid -fID $$unique
@@ -668,9 +721,9 @@ distdir: $(DISTFILES)
 	done
 check-am: all-am
 check: check-am
-all-am: Makefile $(PROGRAMS)
+all-am: Makefile $(PROGRAMS) $(DATA)
 installdirs:
-	for dir in "$(DESTDIR)$(ipsecdir)"; do \
+	for dir in "$(DESTDIR)$(ipsecdir)" "$(DESTDIR)$(dbusservicedir)"; do \
 	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
 	done
 install: install-am
@@ -728,7 +781,7 @@ info: info-am
 
 info-am:
 
-install-data-am: install-ipsecPROGRAMS
+install-data-am: install-dbusserviceDATA install-ipsecPROGRAMS
 
 install-dvi: install-dvi-am
 
@@ -774,7 +827,7 @@ ps: ps-am
 
 ps-am:
 
-uninstall-am: uninstall-ipsecPROGRAMS
+uninstall-am: uninstall-dbusserviceDATA uninstall-ipsecPROGRAMS
 
 .MAKE: install-am install-strip
 
@@ -783,14 +836,16 @@ uninstall-am: uninstall-ipsecPROGRAMS
 	distclean distclean-compile distclean-generic \
 	distclean-libtool distclean-tags distdir dvi dvi-am html \
 	html-am info info-am install install-am install-data \
-	install-data-am install-dvi install-dvi-am install-exec \
-	install-exec-am install-html install-html-am install-info \
-	install-info-am install-ipsecPROGRAMS install-man install-pdf \
-	install-pdf-am install-ps install-ps-am install-strip \
-	installcheck installcheck-am installdirs maintainer-clean \
+	install-data-am install-dbusserviceDATA install-dvi \
+	install-dvi-am install-exec install-exec-am install-html \
+	install-html-am install-info install-info-am \
+	install-ipsecPROGRAMS install-man install-pdf install-pdf-am \
+	install-ps install-ps-am install-strip installcheck \
+	installcheck-am installdirs maintainer-clean \
 	maintainer-clean-generic mostlyclean mostlyclean-compile \
 	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags tags-am uninstall uninstall-am uninstall-ipsecPROGRAMS
+	tags tags-am uninstall uninstall-am uninstall-dbusserviceDATA \
+	uninstall-ipsecPROGRAMS
 
 .PRECIOUS: Makefile
 
diff --git a/src/charon-nm/nm-strongswan-service.conf b/src/charon-nm/nm-strongswan-service.conf
new file mode 100644
index 0000000..a630f34
--- /dev/null
+++ b/src/charon-nm/nm-strongswan-service.conf
@@ -0,0 +1,15 @@
+<!DOCTYPE busconfig PUBLIC
+ "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+	<policy user="root">
+		<allow own="org.freedesktop.NetworkManager.strongswan"/>
+		<allow send_destination="org.freedesktop.NetworkManager.strongswan"/>
+		<allow send_interface="org.freedesktop.NetworkManager.strongswan"/>
+	</policy>
+	<policy context="default">
+		<deny own="org.freedesktop.NetworkManager.strongswan"/>
+		<deny send_destination="org.freedesktop.NetworkManager.strongswan"/>
+	</policy>
+</busconfig>
+
diff --git a/src/charon-nm/nm/nm_service.c b/src/charon-nm/nm/nm_service.c
index 5991c24..571c0ed 100644
--- a/src/charon-nm/nm/nm_service.c
+++ b/src/charon-nm/nm/nm_service.c
@@ -23,7 +23,6 @@
 #include <utils/identification.h>
 #include <config/peer_cfg.h>
 #include <credentials/certificates/x509.h>
-#include <networking/tun_device.h>
 
 #include <stdio.h>
 
@@ -43,8 +42,6 @@ typedef struct {
 	nm_creds_t *creds;
 	/* attribute handler for DNS/NBNS server information */
 	nm_handler_t *handler;
-	/* dummy TUN device */
-	tun_device_t *tun;
 	/* name of the connection */
 	char *name;
 } NMStrongswanPluginPrivate;
@@ -88,19 +85,18 @@ static void signal_ipv4_config(NMVPNPlugin *plugin,
 	GValue *val;
 	GHashTable *config;
 	enumerator_t *enumerator;
-	host_t *me;
+	host_t *me, *other;
 	nm_handler_t *handler;
 
 	config = g_hash_table_new(g_str_hash, g_str_equal);
 	handler = priv->handler;
 
-	/* NM requires a tundev, but netkey does not use one. Passing the physical
-	 * interface does not work, as NM fiddles around with it. So we pass a dummy
-	 * TUN device along for NM to play with... */
+	/* NM apparently requires to know the gateway */
 	val = g_slice_new0 (GValue);
-	g_value_init (val, G_TYPE_STRING);
-	g_value_set_string (val, priv->tun->get_name(priv->tun));
-	g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV, val);
+	g_value_init (val, G_TYPE_UINT);
+	other = ike_sa->get_other_host(ike_sa);
+	g_value_set_uint (val, *(uint32_t*)other->get_address(other).ptr);
+	g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_EXT_GATEWAY, val);
 
 	/* NM installs this IP address on the interface above, so we use the VIP if
 	 * we got one.
@@ -336,12 +332,6 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
 		 priv->name);
 	DBG4(DBG_CFG, "%s",
 		 nm_setting_to_string(NM_SETTING(vpn)));
-	if (!priv->tun)
-	{
-		g_set_error(err, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED,
-					"Failed to create dummy TUN device.");
-		return FALSE;
-	}
 	address = nm_setting_vpn_get_data_item(vpn, "address");
 	if (!address || !*address)
 	{
@@ -406,7 +396,8 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
 	else
 	{
 		/* no certificate defined, fall back to system-wide CA certificates */
-		priv->creds->load_ca_dir(priv->creds, NM_CA_DIR);
+		priv->creds->load_ca_dir(priv->creds, lib->settings->get_str(
+								 lib->settings, "charon-nm.ca_dir", NM_CA_DIR));
 	}
 	if (!gateway)
 	{
@@ -428,6 +419,16 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
 		{
 			user = identification_create_from_string((char*)str);
 			str = nm_setting_vpn_get_secret(vpn, "password");
+			if (auth_class == AUTH_CLASS_PSK &&
+				strlen(str) < 20)
+			{
+				g_set_error(err, NM_VPN_PLUGIN_ERROR,
+							NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
+							"pre-shared key is too short.");
+				gateway->destroy(gateway);
+				user->destroy(user);
+				return FALSE;
+			}
 			priv->creds->set_username_password(priv->creds, user, (char*)str);
 		}
 	}
@@ -538,7 +539,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
 	ike_cfg = ike_cfg_create(IKEV2, TRUE, encap, "0.0.0.0",
 							 charon->socket->get_port(charon->socket, FALSE),
 							(char*)address, IKEV2_UDP_PORT,
-							 FRAGMENTATION_NO, 0);
+							 FRAGMENTATION_YES, 0);
 	ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
 	ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE));
 
@@ -722,28 +723,10 @@ static void nm_strongswan_plugin_init(NMStrongswanPlugin *plugin)
 	memset(&priv->listener, 0, sizeof(listener_t));
 	priv->listener.child_updown = child_updown;
 	priv->listener.ike_rekey = ike_rekey;
-	priv->tun = tun_device_create(NULL);
 	priv->name = NULL;
 }
 
 /**
- * Destructor
- */
-static void nm_strongswan_plugin_dispose(GObject *obj)
-{
-	NMStrongswanPlugin *plugin;
-	NMStrongswanPluginPrivate *priv;
-
-	plugin = NM_STRONGSWAN_PLUGIN(obj);
-	priv = NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin);
-	if (priv->tun)
-	{
-		priv->tun->destroy(priv->tun);
-		priv->tun = NULL;
-	}
-}
-
-/**
  * Class constructor
  */
 static void nm_strongswan_plugin_class_init(
@@ -756,7 +739,6 @@ static void nm_strongswan_plugin_class_init(
 	parent_class->connect = connect_;
 	parent_class->need_secrets = need_secrets;
 	parent_class->disconnect = disconnect;
-	G_OBJECT_CLASS(strongswan_class)->dispose = nm_strongswan_plugin_dispose;
 }
 
 /**
diff --git a/src/charon-svc/Makefile.in b/src/charon-svc/Makefile.in
index 4afa625..e9cb266 100644
--- a/src/charon-svc/Makefile.in
+++ b/src/charon-svc/Makefile.in
@@ -320,7 +320,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -354,8 +353,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -409,6 +406,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/charon-systemd/Makefile.in b/src/charon-systemd/Makefile.in
index 3dcf3d7..c1aa833 100644
--- a/src/charon-systemd/Makefile.in
+++ b/src/charon-systemd/Makefile.in
@@ -324,7 +324,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -358,8 +357,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -413,6 +410,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/charon-tkm/Makefile.in b/src/charon-tkm/Makefile.in
index 1eaf46a..30a3ac8 100644
--- a/src/charon-tkm/Makefile.in
+++ b/src/charon-tkm/Makefile.in
@@ -267,7 +267,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -301,8 +300,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -356,6 +353,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/charon-tkm/build_common.gpr b/src/charon-tkm/build_common.gpr
index 102f6b7..4595195 100644
--- a/src/charon-tkm/build_common.gpr
+++ b/src/charon-tkm/build_common.gpr
@@ -9,7 +9,8 @@ project Build_Common is
 
    C_Compiler_Switches   := ("-W",
                              "-Wall",
-                             "-Wno-unused-parameter");
+                             "-Wno-unused-parameter",
+                             "-g");
    Ada_Compiler_Switches := ("-gnatwale",
                              "-gnatygAdISuxo",
                              "-gnata",
diff --git a/src/charon-tkm/src/charon-tkm.c b/src/charon-tkm/src/charon-tkm.c
index 13352e5..4a6d2ae 100644
--- a/src/charon-tkm/src/charon-tkm.c
+++ b/src/charon-tkm/src/charon-tkm.c
@@ -286,7 +286,7 @@ int main(int argc, char *argv[])
 		PLUGIN_REGISTER(PUBKEY, tkm_public_key_load, TRUE),
 			PLUGIN_PROVIDE(PUBKEY, KEY_RSA),
 			PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1),
-			PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA256),
+			PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_256),
 		PLUGIN_CALLBACK(kernel_ipsec_register, tkm_kernel_ipsec_create),
 			PLUGIN_PROVIDE(CUSTOM, "kernel-ipsec"),
 		PLUGIN_CALLBACK(tkm_spi_generator_register, NULL),
@@ -373,6 +373,7 @@ int main(int argc, char *argv[])
 	run();
 
 	unlink_pidfile();
+	free(pidfile_name);
 	status = 0;
 	charon->bus->remove_listener(charon->bus, &listener->listener);
 	listener->destroy(listener);
@@ -382,7 +383,7 @@ int main(int argc, char *argv[])
 deinit:
 	destroy_dh_mapping();
 	libcharon_deinit();
-	library_deinit();
 	tkm_deinit();
+	library_deinit();
 	return status;
 }
diff --git a/src/charon/Makefile.in b/src/charon/Makefile.in
index 51f62fc..d07ea5c 100644
--- a/src/charon/Makefile.in
+++ b/src/charon/Makefile.in
@@ -323,7 +323,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -357,8 +356,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -412,6 +409,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/checksum/Makefile.am b/src/checksum/Makefile.am
index 87bbf9f..8821090 100644
--- a/src/checksum/Makefile.am
+++ b/src/checksum/Makefile.am
@@ -48,6 +48,11 @@ if USE_RADIUS
   libs += $(DESTDIR)$(ipseclibdir)/libradius.so
 endif
 
+if USE_LIBNTTFFT
+  deps += $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la
+  libs += $(DESTDIR)$(ipseclibdir)/libnttfft.so
+endif
+
 if USE_LIBPTTLS
   deps += $(top_builddir)/src/libpttls/libpttls.la
   libs += $(DESTDIR)$(ipseclibdir)/libpttls.so
@@ -89,6 +94,10 @@ if USE_CMD
   exes += $(DESTDIR)$(sbindir)/charon-cmd
 endif
 
+if USE_SYSTEMD
+  exes += $(DESTDIR)$(sbindir)/charon-systemd
+endif
+
 if USE_SCEPCLIENT
   exes += $(DESTDIR)$(ipsecdir)/scepclient
 endif
diff --git a/src/checksum/Makefile.in b/src/checksum/Makefile.in
index ef14d12..7644e1b 100644
--- a/src/checksum/Makefile.in
+++ b/src/checksum/Makefile.in
@@ -96,27 +96,30 @@ EXTRA_PROGRAMS = checksum_builder$(EXEEXT)
 @USE_TLS_TRUE at am__append_5 = $(DESTDIR)$(ipseclibdir)/libtls.so
 @USE_RADIUS_TRUE at am__append_6 = $(top_builddir)/src/libradius/libradius.la
 @USE_RADIUS_TRUE at am__append_7 = $(DESTDIR)$(ipseclibdir)/libradius.so
- at USE_LIBPTTLS_TRUE@am__append_8 = $(top_builddir)/src/libpttls/libpttls.la
- at USE_LIBPTTLS_TRUE@am__append_9 = $(DESTDIR)$(ipseclibdir)/libpttls.so
- at USE_LIBTPMTSS_TRUE@am__append_10 = $(top_builddir)/src/libtpmtss/libtpmtss.la
- at USE_LIBTPMTSS_TRUE@am__append_11 = $(DESTDIR)$(ipseclibdir)/libtpmtss.so
- at USE_LIBTNCCS_TRUE@am__append_12 = $(top_builddir)/src/libtnccs/libtnccs.la
- at USE_LIBTNCCS_TRUE@am__append_13 = $(DESTDIR)$(ipseclibdir)/libtnccs.so
- at MONOLITHIC_FALSE@@USE_LIBTNCCS_TRUE at am__append_14 = -DT_PLUGINS=\""${t_plugins}\""
- at USE_SIMAKA_TRUE@am__append_15 = $(top_builddir)/src/libsimaka/libsimaka.la
- at USE_SIMAKA_TRUE@am__append_16 = $(DESTDIR)$(ipseclibdir)/libsimaka.so
- at USE_IMCV_TRUE@am__append_17 = $(top_builddir)/src/libimcv/libimcv.la
- at USE_IMCV_TRUE@am__append_18 = $(DESTDIR)$(ipseclibdir)/libimcv.so
- at USE_CHARON_TRUE@am__append_19 = $(top_builddir)/src/libcharon/libcharon.la
- at USE_CHARON_TRUE@am__append_20 = $(DESTDIR)$(ipseclibdir)/libcharon.so
- at USE_CHARON_TRUE@am__append_21 = $(DESTDIR)$(ipsecdir)/charon
- at MONOLITHIC_FALSE@@USE_CHARON_TRUE at am__append_22 = -DC_PLUGINS=\""${c_plugins}\""
- at USE_CMD_TRUE@am__append_23 = $(DESTDIR)$(sbindir)/charon-cmd
- at USE_SCEPCLIENT_TRUE@am__append_24 = $(DESTDIR)$(ipsecdir)/scepclient
- at USE_PKI_TRUE@am__append_25 = $(DESTDIR)$(bindir)/pki
- at USE_SWANCTL_TRUE@am__append_26 = $(DESTDIR)$(sbindir)/swanctl
- at USE_ATTR_SQL_TRUE@am__append_27 = $(DESTDIR)$(ipsecdir)/pool
- at USE_IMV_ATTESTATION_TRUE@am__append_28 = $(DESTDIR)$(ipsecdir)/attest
+ at USE_LIBNTTFFT_TRUE@am__append_8 = $(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la
+ at USE_LIBNTTFFT_TRUE@am__append_9 = $(DESTDIR)$(ipseclibdir)/libnttfft.so
+ at USE_LIBPTTLS_TRUE@am__append_10 = $(top_builddir)/src/libpttls/libpttls.la
+ at USE_LIBPTTLS_TRUE@am__append_11 = $(DESTDIR)$(ipseclibdir)/libpttls.so
+ at USE_LIBTPMTSS_TRUE@am__append_12 = $(top_builddir)/src/libtpmtss/libtpmtss.la
+ at USE_LIBTPMTSS_TRUE@am__append_13 = $(DESTDIR)$(ipseclibdir)/libtpmtss.so
+ at USE_LIBTNCCS_TRUE@am__append_14 = $(top_builddir)/src/libtnccs/libtnccs.la
+ at USE_LIBTNCCS_TRUE@am__append_15 = $(DESTDIR)$(ipseclibdir)/libtnccs.so
+ at MONOLITHIC_FALSE@@USE_LIBTNCCS_TRUE at am__append_16 = -DT_PLUGINS=\""${t_plugins}\""
+ at USE_SIMAKA_TRUE@am__append_17 = $(top_builddir)/src/libsimaka/libsimaka.la
+ at USE_SIMAKA_TRUE@am__append_18 = $(DESTDIR)$(ipseclibdir)/libsimaka.so
+ at USE_IMCV_TRUE@am__append_19 = $(top_builddir)/src/libimcv/libimcv.la
+ at USE_IMCV_TRUE@am__append_20 = $(DESTDIR)$(ipseclibdir)/libimcv.so
+ at USE_CHARON_TRUE@am__append_21 = $(top_builddir)/src/libcharon/libcharon.la
+ at USE_CHARON_TRUE@am__append_22 = $(DESTDIR)$(ipseclibdir)/libcharon.so
+ at USE_CHARON_TRUE@am__append_23 = $(DESTDIR)$(ipsecdir)/charon
+ at MONOLITHIC_FALSE@@USE_CHARON_TRUE at am__append_24 = -DC_PLUGINS=\""${c_plugins}\""
+ at USE_CMD_TRUE@am__append_25 = $(DESTDIR)$(sbindir)/charon-cmd
+ at USE_SYSTEMD_TRUE@am__append_26 = $(DESTDIR)$(sbindir)/charon-systemd
+ at USE_SCEPCLIENT_TRUE@am__append_27 = $(DESTDIR)$(ipsecdir)/scepclient
+ at USE_PKI_TRUE@am__append_28 = $(DESTDIR)$(bindir)/pki
+ at USE_SWANCTL_TRUE@am__append_29 = $(DESTDIR)$(sbindir)/swanctl
+ at USE_ATTR_SQL_TRUE@am__append_30 = $(DESTDIR)$(ipsecdir)/pool
+ at USE_IMV_ATTESTATION_TRUE@am__append_31 = $(DESTDIR)$(ipsecdir)/attest
 subdir = src/checksum
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -388,7 +391,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -422,8 +424,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -477,6 +477,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
@@ -497,7 +499,7 @@ CLEANFILES = checksum.c $(EXTRA_PROGRAMS)
 AM_CPPFLAGS = -I$(top_srcdir)/src/libstrongswan \
 	-I$(top_srcdir)/src/libcharon \
 	-DPLUGINDIR=\"${DESTDIR}${plugindir}\" $(am__append_1) \
-	$(am__append_14) $(am__append_22)
+	$(am__append_16) $(am__append_24)
 AM_CFLAGS = \
 	$(PLUGIN_CFLAGS)
 
@@ -508,14 +510,15 @@ AM_CFLAGS = \
 deps = $(top_builddir)/src/libstrongswan/libstrongswan.la \
 	$(am__append_2) $(am__append_4) $(am__append_6) \
 	$(am__append_8) $(am__append_10) $(am__append_12) \
-	$(am__append_15) $(am__append_17) $(am__append_19)
+	$(am__append_14) $(am__append_17) $(am__append_19) \
+	$(am__append_21)
 libs = $(DESTDIR)$(ipseclibdir)/libstrongswan.so $(am__append_3) \
 	$(am__append_5) $(am__append_7) $(am__append_9) \
-	$(am__append_11) $(am__append_13) $(am__append_16) \
-	$(am__append_18) $(am__append_20)
-exes = $(am__append_21) $(am__append_23) $(am__append_24) \
-	$(am__append_25) $(am__append_26) $(am__append_27) \
-	$(am__append_28)
+	$(am__append_11) $(am__append_13) $(am__append_15) \
+	$(am__append_18) $(am__append_20) $(am__append_22)
+exes = $(am__append_23) $(am__append_25) $(am__append_26) \
+	$(am__append_27) $(am__append_28) $(am__append_29) \
+	$(am__append_30) $(am__append_31)
 all: all-am
 
 .SUFFIXES:
diff --git a/src/conftest/Makefile.in b/src/conftest/Makefile.in
index 7b49989..9c55b50 100644
--- a/src/conftest/Makefile.in
+++ b/src/conftest/Makefile.in
@@ -337,7 +337,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -371,8 +370,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -426,6 +423,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/dumm/Makefile.in b/src/dumm/Makefile.in
index d3bb11f..38681f4 100644
--- a/src/dumm/Makefile.in
+++ b/src/dumm/Makefile.in
@@ -358,7 +358,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -392,8 +391,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -447,6 +444,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/include/Makefile.in b/src/include/Makefile.in
index c909af9..4fa90fd 100644
--- a/src/include/Makefile.in
+++ b/src/include/Makefile.in
@@ -267,7 +267,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -301,8 +300,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -356,6 +353,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/include/linux/xfrm.h b/src/include/linux/xfrm.h
index 22e61fd..02d5125 100644
--- a/src/include/linux/xfrm.h
+++ b/src/include/linux/xfrm.h
@@ -84,6 +84,8 @@ struct xfrm_replay_state {
 	__u32	bitmap;
 };
 
+#define XFRMA_REPLAY_ESN_MAX	4096
+
 struct xfrm_replay_state_esn {
 	unsigned int	bmp_len;
 	__u32		oseq;
@@ -295,6 +297,9 @@ enum xfrm_attr_type_t {
 	XFRMA_MARK,		/* struct xfrm_mark */
 	XFRMA_TFCPAD,		/* __u32 */
 	XFRMA_REPLAY_ESN_VAL,	/* struct xfrm_replay_esn */
+	XFRMA_SA_EXTRA_FLAGS,	/* __u32 */
+	XFRMA_PROTO,		/* __u8 */
+	XFRMA_ADDRESS_FILTER,	/* struct xfrm_address_filter */
 	__XFRMA_MAX
 
 #define XFRMA_MAX (__XFRMA_MAX - 1)
@@ -323,6 +328,8 @@ enum xfrm_spdattr_type_t {
 	XFRMA_SPD_UNSPEC,
 	XFRMA_SPD_INFO,
 	XFRMA_SPD_HINFO,
+	XFRMA_SPD_IPV4_HTHRESH,
+	XFRMA_SPD_IPV6_HTHRESH,
 	__XFRMA_SPD_MAX
 
 #define XFRMA_SPD_MAX (__XFRMA_SPD_MAX - 1)
@@ -342,6 +349,11 @@ struct xfrmu_spdhinfo {
 	__u32 spdhmcnt;
 };
 
+struct xfrmu_spdhthresh {
+	__u8 lbits;
+	__u8 rbits;
+};
+
 struct xfrm_usersa_info {
 	struct xfrm_selector		sel;
 	struct xfrm_id			id;
@@ -365,6 +377,8 @@ struct xfrm_usersa_info {
 #define XFRM_STATE_ESN		128
 };
 
+#define XFRM_SA_XFLAG_DONT_ENCAP_DSCP	1
+
 struct xfrm_usersa_id {
 	xfrm_address_t			daddr;
 	__be32				spi;
@@ -469,6 +483,14 @@ struct xfrm_user_mapping {
 	__be16				new_sport;
 };
 
+struct xfrm_address_filter {
+	xfrm_address_t			saddr;
+	xfrm_address_t			daddr;
+	__u16				family;
+	__u8				splen;
+	__u8				dplen;
+};
+
 #ifndef __KERNEL__
 /* backwards compatibility for userspace */
 #define XFRMGRP_ACQUIRE		1
diff --git a/src/ipsec/Makefile.in b/src/ipsec/Makefile.in
index c4cb5af..7512472 100644
--- a/src/ipsec/Makefile.in
+++ b/src/ipsec/Makefile.in
@@ -300,7 +300,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -334,8 +333,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -389,6 +386,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/ipsec/_ipsec.8 b/src/ipsec/_ipsec.8
index b0acc6c..388a492 100644
--- a/src/ipsec/_ipsec.8
+++ b/src/ipsec/_ipsec.8
@@ -1,4 +1,4 @@
-.TH IPSEC 8 "2013-10-29" "5.5.0rc1" "strongSwan"
+.TH IPSEC 8 "2013-10-29" "5.5.1dr3" "strongSwan"
 .
 .SH NAME
 .
diff --git a/src/libcharon/Makefile.am b/src/libcharon/Makefile.am
index 550f6eb..e530205 100644
--- a/src/libcharon/Makefile.am
+++ b/src/libcharon/Makefile.am
@@ -513,13 +513,6 @@ if MONOLITHIC
 endif
 endif
 
-if USE_MAEMO
-  SUBDIRS += plugins/maemo
-if MONOLITHIC
-  libcharon_la_LIBADD += plugins/maemo/libstrongswan-maemo.la
-endif
-endif
-
 if USE_HA
   SUBDIRS += plugins/ha
 if MONOLITHIC
diff --git a/src/libcharon/Makefile.in b/src/libcharon/Makefile.in
index 3ea9b80..e82e67b 100644
--- a/src/libcharon/Makefile.in
+++ b/src/libcharon/Makefile.in
@@ -239,60 +239,58 @@ host_triplet = @host@
 @MONOLITHIC_TRUE@@USE_ANDROID_DNS_TRUE at am__append_91 = plugins/android_dns/libstrongswan-android-dns.la
 @USE_ANDROID_LOG_TRUE at am__append_92 = plugins/android_log
 @MONOLITHIC_TRUE@@USE_ANDROID_LOG_TRUE at am__append_93 = plugins/android_log/libstrongswan-android-log.la
- at USE_MAEMO_TRUE@am__append_94 = plugins/maemo
- at MONOLITHIC_TRUE@@USE_MAEMO_TRUE at am__append_95 = plugins/maemo/libstrongswan-maemo.la
- at USE_HA_TRUE@am__append_96 = plugins/ha
- at MONOLITHIC_TRUE@@USE_HA_TRUE at am__append_97 = plugins/ha/libstrongswan-ha.la
- at USE_KERNEL_PFKEY_TRUE@am__append_98 = plugins/kernel_pfkey
- at MONOLITHIC_TRUE@@USE_KERNEL_PFKEY_TRUE at am__append_99 = plugins/kernel_pfkey/libstrongswan-kernel-pfkey.la
- at USE_KERNEL_PFROUTE_TRUE@am__append_100 = plugins/kernel_pfroute
- at MONOLITHIC_TRUE@@USE_KERNEL_PFROUTE_TRUE at am__append_101 = plugins/kernel_pfroute/libstrongswan-kernel-pfroute.la
- at USE_KERNEL_NETLINK_TRUE@am__append_102 = plugins/kernel_netlink
- at MONOLITHIC_TRUE@@USE_KERNEL_NETLINK_TRUE at am__append_103 = plugins/kernel_netlink/libstrongswan-kernel-netlink.la
- at USE_KERNEL_LIBIPSEC_TRUE@am__append_104 = plugins/kernel_libipsec
- at MONOLITHIC_TRUE@@USE_KERNEL_LIBIPSEC_TRUE at am__append_105 = plugins/kernel_libipsec/libstrongswan-kernel-libipsec.la
- at USE_KERNEL_WFP_TRUE@am__append_106 = plugins/kernel_wfp
- at MONOLITHIC_TRUE@@USE_KERNEL_WFP_TRUE at am__append_107 = plugins/kernel_wfp/libstrongswan-kernel-wfp.la
- at USE_KERNEL_IPH_TRUE@am__append_108 = plugins/kernel_iph
- at MONOLITHIC_TRUE@@USE_KERNEL_IPH_TRUE at am__append_109 = plugins/kernel_iph/libstrongswan-kernel-iph.la
- at USE_WHITELIST_TRUE@am__append_110 = plugins/whitelist
- at MONOLITHIC_TRUE@@USE_WHITELIST_TRUE at am__append_111 = plugins/whitelist/libstrongswan-whitelist.la
- at USE_LOOKIP_TRUE@am__append_112 = plugins/lookip
- at MONOLITHIC_TRUE@@USE_LOOKIP_TRUE at am__append_113 = plugins/lookip/libstrongswan-lookip.la
- at USE_ERROR_NOTIFY_TRUE@am__append_114 = plugins/error_notify
- at MONOLITHIC_TRUE@@USE_ERROR_NOTIFY_TRUE at am__append_115 = plugins/error_notify/libstrongswan-error-notify.la
- at USE_CERTEXPIRE_TRUE@am__append_116 = plugins/certexpire
- at MONOLITHIC_TRUE@@USE_CERTEXPIRE_TRUE at am__append_117 = plugins/certexpire/libstrongswan-certexpire.la
- at USE_SYSTIME_FIX_TRUE@am__append_118 = plugins/systime_fix
- at MONOLITHIC_TRUE@@USE_SYSTIME_FIX_TRUE at am__append_119 = plugins/systime_fix/libstrongswan-systime-fix.la
- at USE_LED_TRUE@am__append_120 = plugins/led
- at MONOLITHIC_TRUE@@USE_LED_TRUE at am__append_121 = plugins/led/libstrongswan-led.la
- at USE_DUPLICHECK_TRUE@am__append_122 = plugins/duplicheck
- at MONOLITHIC_TRUE@@USE_DUPLICHECK_TRUE at am__append_123 = plugins/duplicheck/libstrongswan-duplicheck.la
- at USE_COUPLING_TRUE@am__append_124 = plugins/coupling
- at MONOLITHIC_TRUE@@USE_COUPLING_TRUE at am__append_125 = plugins/coupling/libstrongswan-coupling.la
- at USE_RADATTR_TRUE@am__append_126 = plugins/radattr
- at MONOLITHIC_TRUE@@USE_RADATTR_TRUE at am__append_127 = plugins/radattr/libstrongswan-radattr.la
- at USE_UCI_TRUE@am__append_128 = plugins/uci
- at MONOLITHIC_TRUE@@USE_UCI_TRUE at am__append_129 = plugins/uci/libstrongswan-uci.la
- at USE_ADDRBLOCK_TRUE@am__append_130 = plugins/addrblock
- at MONOLITHIC_TRUE@@USE_ADDRBLOCK_TRUE at am__append_131 = plugins/addrblock/libstrongswan-addrblock.la
- at USE_UNITY_TRUE@am__append_132 = plugins/unity
- at MONOLITHIC_TRUE@@USE_UNITY_TRUE at am__append_133 = plugins/unity/libstrongswan-unity.la
- at USE_XAUTH_GENERIC_TRUE@am__append_134 = plugins/xauth_generic
- at MONOLITHIC_TRUE@@USE_XAUTH_GENERIC_TRUE at am__append_135 = plugins/xauth_generic/libstrongswan-xauth-generic.la
- at USE_XAUTH_EAP_TRUE@am__append_136 = plugins/xauth_eap
- at MONOLITHIC_TRUE@@USE_XAUTH_EAP_TRUE at am__append_137 = plugins/xauth_eap/libstrongswan-xauth-eap.la
- at USE_XAUTH_PAM_TRUE@am__append_138 = plugins/xauth_pam
- at MONOLITHIC_TRUE@@USE_XAUTH_PAM_TRUE at am__append_139 = plugins/xauth_pam/libstrongswan-xauth-pam.la
- at USE_XAUTH_NOAUTH_TRUE@am__append_140 = plugins/xauth_noauth
- at MONOLITHIC_TRUE@@USE_XAUTH_NOAUTH_TRUE at am__append_141 = plugins/xauth_noauth/libstrongswan-xauth-noauth.la
- at USE_RESOLVE_TRUE@am__append_142 = plugins/resolve
- at MONOLITHIC_TRUE@@USE_RESOLVE_TRUE at am__append_143 = plugins/resolve/libstrongswan-resolve.la
- at USE_ATTR_TRUE@am__append_144 = plugins/attr
- at MONOLITHIC_TRUE@@USE_ATTR_TRUE at am__append_145 = plugins/attr/libstrongswan-attr.la
- at USE_ATTR_SQL_TRUE@am__append_146 = plugins/attr_sql
- at MONOLITHIC_TRUE@@USE_ATTR_SQL_TRUE at am__append_147 = plugins/attr_sql/libstrongswan-attr-sql.la
+ at USE_HA_TRUE@am__append_94 = plugins/ha
+ at MONOLITHIC_TRUE@@USE_HA_TRUE at am__append_95 = plugins/ha/libstrongswan-ha.la
+ at USE_KERNEL_PFKEY_TRUE@am__append_96 = plugins/kernel_pfkey
+ at MONOLITHIC_TRUE@@USE_KERNEL_PFKEY_TRUE at am__append_97 = plugins/kernel_pfkey/libstrongswan-kernel-pfkey.la
+ at USE_KERNEL_PFROUTE_TRUE@am__append_98 = plugins/kernel_pfroute
+ at MONOLITHIC_TRUE@@USE_KERNEL_PFROUTE_TRUE at am__append_99 = plugins/kernel_pfroute/libstrongswan-kernel-pfroute.la
+ at USE_KERNEL_NETLINK_TRUE@am__append_100 = plugins/kernel_netlink
+ at MONOLITHIC_TRUE@@USE_KERNEL_NETLINK_TRUE at am__append_101 = plugins/kernel_netlink/libstrongswan-kernel-netlink.la
+ at USE_KERNEL_LIBIPSEC_TRUE@am__append_102 = plugins/kernel_libipsec
+ at MONOLITHIC_TRUE@@USE_KERNEL_LIBIPSEC_TRUE at am__append_103 = plugins/kernel_libipsec/libstrongswan-kernel-libipsec.la
+ at USE_KERNEL_WFP_TRUE@am__append_104 = plugins/kernel_wfp
+ at MONOLITHIC_TRUE@@USE_KERNEL_WFP_TRUE at am__append_105 = plugins/kernel_wfp/libstrongswan-kernel-wfp.la
+ at USE_KERNEL_IPH_TRUE@am__append_106 = plugins/kernel_iph
+ at MONOLITHIC_TRUE@@USE_KERNEL_IPH_TRUE at am__append_107 = plugins/kernel_iph/libstrongswan-kernel-iph.la
+ at USE_WHITELIST_TRUE@am__append_108 = plugins/whitelist
+ at MONOLITHIC_TRUE@@USE_WHITELIST_TRUE at am__append_109 = plugins/whitelist/libstrongswan-whitelist.la
+ at USE_LOOKIP_TRUE@am__append_110 = plugins/lookip
+ at MONOLITHIC_TRUE@@USE_LOOKIP_TRUE at am__append_111 = plugins/lookip/libstrongswan-lookip.la
+ at USE_ERROR_NOTIFY_TRUE@am__append_112 = plugins/error_notify
+ at MONOLITHIC_TRUE@@USE_ERROR_NOTIFY_TRUE at am__append_113 = plugins/error_notify/libstrongswan-error-notify.la
+ at USE_CERTEXPIRE_TRUE@am__append_114 = plugins/certexpire
+ at MONOLITHIC_TRUE@@USE_CERTEXPIRE_TRUE at am__append_115 = plugins/certexpire/libstrongswan-certexpire.la
+ at USE_SYSTIME_FIX_TRUE@am__append_116 = plugins/systime_fix
+ at MONOLITHIC_TRUE@@USE_SYSTIME_FIX_TRUE at am__append_117 = plugins/systime_fix/libstrongswan-systime-fix.la
+ at USE_LED_TRUE@am__append_118 = plugins/led
+ at MONOLITHIC_TRUE@@USE_LED_TRUE at am__append_119 = plugins/led/libstrongswan-led.la
+ at USE_DUPLICHECK_TRUE@am__append_120 = plugins/duplicheck
+ at MONOLITHIC_TRUE@@USE_DUPLICHECK_TRUE at am__append_121 = plugins/duplicheck/libstrongswan-duplicheck.la
+ at USE_COUPLING_TRUE@am__append_122 = plugins/coupling
+ at MONOLITHIC_TRUE@@USE_COUPLING_TRUE at am__append_123 = plugins/coupling/libstrongswan-coupling.la
+ at USE_RADATTR_TRUE@am__append_124 = plugins/radattr
+ at MONOLITHIC_TRUE@@USE_RADATTR_TRUE at am__append_125 = plugins/radattr/libstrongswan-radattr.la
+ at USE_UCI_TRUE@am__append_126 = plugins/uci
+ at MONOLITHIC_TRUE@@USE_UCI_TRUE at am__append_127 = plugins/uci/libstrongswan-uci.la
+ at USE_ADDRBLOCK_TRUE@am__append_128 = plugins/addrblock
+ at MONOLITHIC_TRUE@@USE_ADDRBLOCK_TRUE at am__append_129 = plugins/addrblock/libstrongswan-addrblock.la
+ at USE_UNITY_TRUE@am__append_130 = plugins/unity
+ at MONOLITHIC_TRUE@@USE_UNITY_TRUE at am__append_131 = plugins/unity/libstrongswan-unity.la
+ at USE_XAUTH_GENERIC_TRUE@am__append_132 = plugins/xauth_generic
+ at MONOLITHIC_TRUE@@USE_XAUTH_GENERIC_TRUE at am__append_133 = plugins/xauth_generic/libstrongswan-xauth-generic.la
+ at USE_XAUTH_EAP_TRUE@am__append_134 = plugins/xauth_eap
+ at MONOLITHIC_TRUE@@USE_XAUTH_EAP_TRUE at am__append_135 = plugins/xauth_eap/libstrongswan-xauth-eap.la
+ at USE_XAUTH_PAM_TRUE@am__append_136 = plugins/xauth_pam
+ at MONOLITHIC_TRUE@@USE_XAUTH_PAM_TRUE at am__append_137 = plugins/xauth_pam/libstrongswan-xauth-pam.la
+ at USE_XAUTH_NOAUTH_TRUE@am__append_138 = plugins/xauth_noauth
+ at MONOLITHIC_TRUE@@USE_XAUTH_NOAUTH_TRUE at am__append_139 = plugins/xauth_noauth/libstrongswan-xauth-noauth.la
+ at USE_RESOLVE_TRUE@am__append_140 = plugins/resolve
+ at MONOLITHIC_TRUE@@USE_RESOLVE_TRUE at am__append_141 = plugins/resolve/libstrongswan-resolve.la
+ at USE_ATTR_TRUE@am__append_142 = plugins/attr
+ at MONOLITHIC_TRUE@@USE_ATTR_TRUE at am__append_143 = plugins/attr/libstrongswan-attr.la
+ at USE_ATTR_SQL_TRUE@am__append_144 = plugins/attr_sql
+ at MONOLITHIC_TRUE@@USE_ATTR_SQL_TRUE at am__append_145 = plugins/attr_sql/libstrongswan-attr-sql.la
 subdir = src/libcharon
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -370,7 +368,7 @@ libcharon_la_DEPENDENCIES =  \
 	$(am__append_127) $(am__append_129) $(am__append_131) \
 	$(am__append_133) $(am__append_135) $(am__append_137) \
 	$(am__append_139) $(am__append_141) $(am__append_143) \
-	$(am__append_145) $(am__append_147)
+	$(am__append_145)
 am__libcharon_la_SOURCES_DIST = attributes/attributes.c \
 	attributes/attributes.h attributes/attribute_provider.h \
 	attributes/attribute_handler.h attributes/attribute_manager.c \
@@ -747,16 +745,15 @@ DIST_SUBDIRS = . plugins/load_tester plugins/socket_default \
 	plugins/eap_tnc plugins/tnc_ifmap plugins/tnc_pdp \
 	plugins/medsrv plugins/medcli plugins/dhcp plugins/osx_attr \
 	plugins/p_cscf plugins/android_dns plugins/android_log \
-	plugins/maemo plugins/ha plugins/kernel_pfkey \
-	plugins/kernel_pfroute plugins/kernel_netlink \
-	plugins/kernel_libipsec plugins/kernel_wfp plugins/kernel_iph \
-	plugins/whitelist plugins/lookip plugins/error_notify \
-	plugins/certexpire plugins/systime_fix plugins/led \
-	plugins/duplicheck plugins/coupling plugins/radattr \
-	plugins/uci plugins/addrblock plugins/unity \
-	plugins/xauth_generic plugins/xauth_eap plugins/xauth_pam \
-	plugins/xauth_noauth plugins/resolve plugins/attr \
-	plugins/attr_sql tests
+	plugins/ha plugins/kernel_pfkey plugins/kernel_pfroute \
+	plugins/kernel_netlink plugins/kernel_libipsec \
+	plugins/kernel_wfp plugins/kernel_iph plugins/whitelist \
+	plugins/lookip plugins/error_notify plugins/certexpire \
+	plugins/systime_fix plugins/led plugins/duplicheck \
+	plugins/coupling plugins/radattr plugins/uci plugins/addrblock \
+	plugins/unity plugins/xauth_generic plugins/xauth_eap \
+	plugins/xauth_pam plugins/xauth_noauth plugins/resolve \
+	plugins/attr plugins/attr_sql tests
 am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 am__relativize = \
@@ -923,7 +920,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -957,8 +953,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -1012,6 +1006,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
@@ -1159,8 +1155,7 @@ libcharon_la_LIBADD =  \
 	$(am__append_123) $(am__append_125) $(am__append_127) \
 	$(am__append_129) $(am__append_131) $(am__append_133) \
 	$(am__append_135) $(am__append_137) $(am__append_139) \
-	$(am__append_141) $(am__append_143) $(am__append_145) \
-	$(am__append_147)
+	$(am__append_141) $(am__append_143) $(am__append_145)
 EXTRA_DIST = Android.mk
 @MONOLITHIC_FALSE at SUBDIRS = . $(am__append_6) $(am__append_8) \
 @MONOLITHIC_FALSE@	$(am__append_10) $(am__append_12) \
@@ -1195,8 +1190,7 @@ EXTRA_DIST = Android.mk
 @MONOLITHIC_FALSE@	$(am__append_130) $(am__append_132) \
 @MONOLITHIC_FALSE@	$(am__append_134) $(am__append_136) \
 @MONOLITHIC_FALSE@	$(am__append_138) $(am__append_140) \
- at MONOLITHIC_FALSE@	$(am__append_142) $(am__append_144) \
- at MONOLITHIC_FALSE@	$(am__append_146) tests
+ at MONOLITHIC_FALSE@	$(am__append_142) $(am__append_144) tests
 
 # build optional plugins
 ########################
@@ -1233,8 +1227,7 @@ EXTRA_DIST = Android.mk
 @MONOLITHIC_TRUE@	$(am__append_130) $(am__append_132) \
 @MONOLITHIC_TRUE@	$(am__append_134) $(am__append_136) \
 @MONOLITHIC_TRUE@	$(am__append_138) $(am__append_140) \
- at MONOLITHIC_TRUE@	$(am__append_142) $(am__append_144) \
- at MONOLITHIC_TRUE@	$(am__append_146) . tests
+ at MONOLITHIC_TRUE@	$(am__append_142) $(am__append_144) . tests
 all: all-recursive
 
 .SUFFIXES:
diff --git a/src/libcharon/bus/bus.c b/src/libcharon/bus/bus.c
index e17d629..6b3cea8 100644
--- a/src/libcharon/bus/bus.c
+++ b/src/libcharon/bus/bus.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2015 Tobias Brunner
+ * Copyright (C) 2011-2016 Tobias Brunner
  * Copyright (C) 2006 Martin Willi
  * Hochschule fuer Technik Rapperswil
  *
@@ -208,6 +208,24 @@ static inline void register_logger(private_bus_t *this, debug_t group,
 }
 
 /**
+ * Find the log level of the first registered logger that implements log or
+ * vlog (or both).
+ */
+static bool find_max_levels(log_entry_t *entry, debug_t *group, level_t *level,
+							level_t *vlevel)
+{
+	if (entry->logger->log && *level == LEVEL_SILENT)
+	{
+		*level = entry->levels[*group];
+	}
+	if (entry->logger->vlog && *vlevel == LEVEL_SILENT)
+	{
+		*vlevel = entry->levels[*group];
+	}
+	return *level > LEVEL_SILENT && *vlevel > LEVEL_SILENT;
+}
+
+/**
  * Unregister a logger from all log groups (destroys the log_entry_t)
  */
 static inline void unregister_logger(private_bus_t *this, logger_t *logger)
@@ -240,18 +258,8 @@ static inline void unregister_logger(private_bus_t *this, logger_t *logger)
 			{
 				loggers = this->loggers[group];
 				loggers->remove(loggers, found, NULL);
-
-				if (loggers->get_first(loggers, (void**)&entry) == SUCCESS)
-				{
-					if (entry->logger->log)
-					{
-						level = entry->levels[group];
-					}
-					if (entry->logger->vlog)
-					{
-						vlevel = entry->levels[group];
-					}
-				}
+				loggers->find_first(loggers, (linked_list_match_t)find_max_levels, NULL,
+									&group, &level, &vlevel);
 				set_level(&this->max_level[group], level);
 				set_level(&this->max_vlevel[group], vlevel);
 			}
@@ -593,6 +601,38 @@ METHOD(bus_t, ike_keys, void,
 	this->mutex->unlock(this->mutex);
 }
 
+METHOD(bus_t, ike_derived_keys, void,
+	private_bus_t *this, chunk_t sk_ei, chunk_t sk_er, chunk_t sk_ai,
+	chunk_t sk_ar)
+{
+	enumerator_t *enumerator;
+	ike_sa_t *ike_sa;
+	entry_t *entry;
+	bool keep;
+
+	ike_sa = this->thread_sa->get(this->thread_sa);
+
+	this->mutex->lock(this->mutex);
+	enumerator = this->listeners->create_enumerator(this->listeners);
+	while (enumerator->enumerate(enumerator, &entry))
+	{
+		if (entry->calling || !entry->listener->ike_derived_keys)
+		{
+			continue;
+		}
+		entry->calling++;
+		keep = entry->listener->ike_derived_keys(entry->listener, ike_sa, sk_ei,
+												 sk_er, sk_ai, sk_ar);
+		entry->calling--;
+		if (!keep)
+		{
+			unregister_listener(this, entry, enumerator);
+		}
+	}
+	enumerator->destroy(enumerator);
+	this->mutex->unlock(this->mutex);
+}
+
 METHOD(bus_t, child_keys, void,
 	private_bus_t *this, child_sa_t *child_sa, bool initiator,
 	diffie_hellman_t *dh, chunk_t nonce_i, chunk_t nonce_r)
@@ -625,6 +665,39 @@ METHOD(bus_t, child_keys, void,
 	this->mutex->unlock(this->mutex);
 }
 
+METHOD(bus_t, child_derived_keys, void,
+	private_bus_t *this, child_sa_t *child_sa, bool initiator,
+	chunk_t encr_i, chunk_t encr_r, chunk_t integ_i, chunk_t integ_r)
+{
+	enumerator_t *enumerator;
+	ike_sa_t *ike_sa;
+	entry_t *entry;
+	bool keep;
+
+	ike_sa = this->thread_sa->get(this->thread_sa);
+
+	this->mutex->lock(this->mutex);
+	enumerator = this->listeners->create_enumerator(this->listeners);
+	while (enumerator->enumerate(enumerator, &entry))
+	{
+		if (entry->calling || !entry->listener->child_derived_keys)
+		{
+			continue;
+		}
+		entry->calling++;
+		keep = entry->listener->child_derived_keys(entry->listener, ike_sa,
+											child_sa, initiator, encr_i, encr_r,
+											integ_i, integ_r);
+		entry->calling--;
+		if (!keep)
+		{
+			unregister_listener(this, entry, enumerator);
+		}
+	}
+	enumerator->destroy(enumerator);
+	this->mutex->unlock(this->mutex);
+}
+
 METHOD(bus_t, child_updown, void,
 	private_bus_t *this, child_sa_t *child_sa, bool up)
 {
@@ -1061,7 +1134,9 @@ bus_t *bus_create()
 			.child_state_change = _child_state_change,
 			.message = _message,
 			.ike_keys = _ike_keys,
+			.ike_derived_keys = _ike_derived_keys,
 			.child_keys = _child_keys,
+			.child_derived_keys = _child_derived_keys,
 			.ike_updown = _ike_updown,
 			.ike_rekey = _ike_rekey,
 			.ike_update = _ike_update,
diff --git a/src/libcharon/bus/bus.h b/src/libcharon/bus/bus.h
index 305cbe4..1e810a4 100644
--- a/src/libcharon/bus/bus.h
+++ b/src/libcharon/bus/bus.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2012-2015 Tobias Brunner
+ * Copyright (C) 2012-2016 Tobias Brunner
  * Copyright (C) 2006-2009 Martin Willi
  * Hochschule fuer Technik Rapperswil
  *
@@ -349,8 +349,8 @@ struct bus_t {
 	 * @param ike_sa	IKE_SA this keymat belongs to
 	 * @param dh		diffie hellman shared secret
 	 * @param dh_other	others DH public value (IKEv1 only)
-	 * @param nonce_i	initiators nonce
-	 * @param nonce_r	responders nonce
+	 * @param nonce_i	initiator's nonce
+	 * @param nonce_r	responder's nonce
 	 * @param rekey		IKE_SA we are rekeying, if any (IKEv2 only)
 	 * @param shared	shared key used for key derivation (IKEv1-PSK only)
 	 */
@@ -359,18 +359,43 @@ struct bus_t {
 					 ike_sa_t *rekey, shared_key_t *shared);
 
 	/**
+	 * IKE_SA derived keys hook.
+	 *
+	 * @param sk_ei		SK_ei, or Ka for IKEv1
+	 * @param sk_er		SK_er
+	 * @param sk_ai		SK_ai, or SKEYID_a for IKEv1
+	 * @param sk_ar		SK_ar
+	 */
+	void (*ike_derived_keys)(bus_t *this, chunk_t sk_ei, chunk_t sk_er,
+							 chunk_t sk_ai, chunk_t sk_ar);
+
+	/**
 	 * CHILD_SA keymat hook.
 	 *
 	 * @param child_sa	CHILD_SA this keymat is used for
 	 * @param initiator	initiator of the CREATE_CHILD_SA exchange
 	 * @param dh		diffie hellman shared secret
-	 * @param nonce_i	initiators nonce
-	 * @param nonce_r	responders nonce
+	 * @param nonce_i	initiator's nonce
+	 * @param nonce_r	responder's nonce
 	 */
 	void (*child_keys)(bus_t *this, child_sa_t *child_sa, bool initiator,
 					   diffie_hellman_t *dh, chunk_t nonce_i, chunk_t nonce_r);
 
 	/**
+	 * CHILD_SA derived keys hook.
+	 *
+	 * @param child_sa	CHILD_SA these keys are used for
+	 * @param initiator	initiator of the CREATE_CHILD_SA exchange
+	 * @param encr_i	initiator's encryption key
+	 * @param encr_o	responder's encryption key
+	 * @param integ_i	initiator's integrity key
+	 * @param integ_r	responder's integrity key
+	 */
+	void (*child_derived_keys)(bus_t *this, child_sa_t *child_sa,
+							   bool initiator, chunk_t encr_i, chunk_t encr_r,
+							   chunk_t integ_i, chunk_t integ_r);
+
+	/**
 	 * IKE_SA up/down hook.
 	 *
 	 * @param ike_sa	IKE_SA coming up/going down
diff --git a/src/libcharon/bus/listeners/listener.h b/src/libcharon/bus/listeners/listener.h
index be2726e..be0dfbe 100644
--- a/src/libcharon/bus/listeners/listener.h
+++ b/src/libcharon/bus/listeners/listener.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2015 Tobias Brunner
+ * Copyright (C) 2011-2016 Tobias Brunner
  * Copyright (C) 2009 Martin Willi
  * Hochschule fuer Technik Rapperswil
  *
@@ -84,8 +84,8 @@ struct listener_t {
 	 * @param ike_sa	IKE_SA this keymat belongs to
 	 * @param dh		diffie hellman shared secret
 	 * @param dh_other	others DH public value (IKEv1 only)
-	 * @param nonce_i	initiators nonce
-	 * @param nonce_r	responders nonce
+	 * @param nonce_i	initiator's nonce
+	 * @param nonce_r	responder's nonce
 	 * @param rekey		IKE_SA we are rekeying, if any (IKEv2 only)
 	 * @param shared	shared key used for key derivation (IKEv1-PSK only)
 	 * @return			TRUE to stay registered, FALSE to unregister
@@ -95,14 +95,26 @@ struct listener_t {
 					 ike_sa_t *rekey, shared_key_t *shared);
 
 	/**
+	 * Hook called with derived IKE_SA keys.
+	 *
+	 * @param ike_sa	IKE_SA these keys belong to
+	 * @param sk_ei		SK_ei, or Ka for IKEv1
+	 * @param sk_er		SK_er
+	 * @param sk_ai		SK_ai, or SKEYID_a for IKEv1
+	 * @param sk_ar		SK_ar
+	 */
+	bool (*ike_derived_keys)(listener_t *this, ike_sa_t *ike_sa, chunk_t sk_ei,
+							 chunk_t sk_er, chunk_t sk_ai, chunk_t sk_ar);
+
+	/**
 	 * Hook called with CHILD_SA key material.
 	 *
 	 * @param ike_sa	IKE_SA the child sa belongs to
 	 * @param child_sa	CHILD_SA this keymat is used for
 	 * @param initiator	initiator of the CREATE_CHILD_SA exchange
 	 * @param dh		diffie hellman shared secret
-	 * @param nonce_i	initiators nonce
-	 * @param nonce_r	responders nonce
+	 * @param nonce_i	initiator's nonce
+	 * @param nonce_r	responder's nonce
 	 * @return			TRUE to stay registered, FALSE to unregister
 	 */
 	bool (*child_keys)(listener_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa,
@@ -110,6 +122,22 @@ struct listener_t {
 					   chunk_t nonce_i, chunk_t nonce_r);
 
 	/**
+	 * Hook called with derived CHILD_SA keys.
+	 *
+	 * @param ike_sa	IKE_SA the child sa belongs to
+	 * @param child_sa	CHILD_SA these keys are used for
+	 * @param initiator	initiator of the CREATE_CHILD_SA exchange
+	 * @param encr_i	initiator's encryption key
+	 * @param encr_o	responder's encryption key
+	 * @param integ_i	initiator's integrity key
+	 * @param integ_r	responder's integrity key
+	 */
+	bool (*child_derived_keys)(listener_t *this, ike_sa_t *ike_sa,
+							   child_sa_t *child_sa, bool initiator,
+							   chunk_t encr_i, chunk_t encr_r,
+							   chunk_t integ_i, chunk_t integ_r);
+
+	/**
 	 * Hook called if an IKE_SA gets up or down.
 	 *
 	 * @param ike_sa	IKE_SA coming up/going down
diff --git a/src/libcharon/config/child_cfg.c b/src/libcharon/config/child_cfg.c
index 76d7f2c..6a9c342 100644
--- a/src/libcharon/config/child_cfg.c
+++ b/src/libcharon/config/child_cfg.c
@@ -154,6 +154,11 @@ struct private_child_cfg_t {
 	bool install_policy;
 
 	/**
+	 * Install outbound FWD policies
+	 */
+	bool fwd_out_policy;
+
+	/**
 	 * anti-replay window size
 	 */
 	uint32_t replay_window;
@@ -564,6 +569,12 @@ METHOD(child_cfg_t, install_policy, bool,
 	return this->install_policy;
 }
 
+METHOD(child_cfg_t, install_fwd_out_policy, bool,
+	private_child_cfg_t *this)
+{
+	return this->fwd_out_policy;
+}
+
 #define LT_PART_EQUALS(a, b) ({ a.life == b.life && a.rekey == b.rekey && a.jitter == b.jitter; })
 #define LIFETIME_EQUALS(a, b) ({ LT_PART_EQUALS(a.time, b.time) && LT_PART_EQUALS(a.bytes, b.bytes) && LT_PART_EQUALS(a.packets, b.packets); })
 
@@ -613,6 +624,7 @@ METHOD(child_cfg_t, equals, bool,
 		this->replay_window == other->replay_window &&
 		this->proxy_mode == other->proxy_mode &&
 		this->install_policy == other->install_policy &&
+		this->fwd_out_policy == other->fwd_out_policy &&
 		streq(this->updown, other->updown) &&
 		streq(this->interface, other->interface);
 }
@@ -673,6 +685,7 @@ child_cfg_t *child_cfg_create(char *name, child_cfg_create_t *data)
 			.set_replay_window = _set_replay_window,
 			.use_proxy_mode = _use_proxy_mode,
 			.install_policy = _install_policy,
+			.install_fwd_out_policy = _install_fwd_out_policy,
 			.equals = _equals,
 			.get_ref = _get_ref,
 			.destroy = _destroy,
@@ -695,6 +708,7 @@ child_cfg_t *child_cfg_create(char *name, child_cfg_create_t *data)
 		.manual_prio = data->priority,
 		.interface = strdupnull(data->interface),
 		.install_policy = !data->suppress_policies,
+		.fwd_out_policy = data->fwd_out_policies,
 		.refcount = 1,
 		.proposals = linked_list_create(),
 		.my_ts = linked_list_create(),
diff --git a/src/libcharon/config/child_cfg.h b/src/libcharon/config/child_cfg.h
index e736b27..b85bfd9 100644
--- a/src/libcharon/config/child_cfg.h
+++ b/src/libcharon/config/child_cfg.h
@@ -284,6 +284,14 @@ struct child_cfg_t {
 	bool (*install_policy)(child_cfg_t *this);
 
 	/**
+	 * Check whether outbound FWD IPsec policies should be installed.
+	 *
+	 * @return				TRUE, if outbound FWD policies should be installed
+	 *						FALSE, otherwise
+	 */
+	bool (*install_fwd_out_policy)(child_cfg_t *this);
+
+	/**
 	 * Check if two child_cfg objects are equal.
 	 *
 	 * @param other			candidate to check for equality against this
@@ -346,6 +354,8 @@ struct child_cfg_create_t {
 	bool hostaccess;
 	/** Don't install IPsec policies */
 	bool suppress_policies;
+	/** Install outbound FWD IPsec policies to bypass drop policies */
+	bool fwd_out_policies;
 };
 
 /**
diff --git a/src/libcharon/config/ike_cfg.h b/src/libcharon/config/ike_cfg.h
index 5655a34..afcb772 100644
--- a/src/libcharon/config/ike_cfg.h
+++ b/src/libcharon/config/ike_cfg.h
@@ -256,7 +256,7 @@ ike_cfg_t *ike_cfg_create(ike_version_t version, bool certreq, bool force_encap,
 						  fragmentation_t fragmentation, uint8_t dscp);
 
 /**
- * Determine the address family of the local or remtoe address(es).  If multiple
+ * Determine the address family of the local or remote address(es).  If multiple
  * families are configured AF_UNSPEC is returned.  %any is ignored (%any4|6 are
  * not though).
  *
diff --git a/src/libcharon/config/proposal.c b/src/libcharon/config/proposal.c
index a83acec..011c0b8 100644
--- a/src/libcharon/config/proposal.c
+++ b/src/libcharon/config/proposal.c
@@ -420,24 +420,40 @@ static const struct {
 };
 
 /**
+ * Remove all entries of the given transform type
+ */
+static void remove_transform(private_proposal_t *this, transform_type_t type)
+{
+	enumerator_t *e;
+	entry_t *entry;
+
+	e = array_create_enumerator(this->transforms);
+	while (e->enumerate(e, &entry))
+	{
+		if (entry->type == type)
+		{
+			array_remove_at(this->transforms, e);
+		}
+	}
+	e->destroy(e);
+}
+
+/**
  * Checks the proposal read from a string.
  */
-static void check_proposal(private_proposal_t *this)
+static bool check_proposal(private_proposal_t *this)
 {
 	enumerator_t *e;
 	entry_t *entry;
 	uint16_t alg, ks;
-	bool all_aead = TRUE;
+	bool all_aead = TRUE, any_aead = FALSE, any_enc = FALSE;
 	int i;
 
 	if (this->protocol == PROTO_IKE)
 	{
-		e = create_enumerator(this, PSEUDO_RANDOM_FUNCTION);
-		if (!e->enumerate(e, &alg, &ks))
-		{
-			/* No explicit PRF found. We assume the same algorithm as used
-			 * for integrity checking */
-			e->destroy(e);
+		if (!get_algorithm(this, PSEUDO_RANDOM_FUNCTION, NULL, NULL))
+		{	/* No explicit PRF found. We assume the same algorithm as used
+			 * for integrity checking. */
 			e = create_enumerator(this, INTEGRITY_ALGORITHM);
 			while (e->enumerate(e, &alg, &ks))
 			{
@@ -451,8 +467,13 @@ static void check_proposal(private_proposal_t *this)
 					}
 				}
 			}
+			e->destroy(e);
+		}
+		if (!get_algorithm(this, PSEUDO_RANDOM_FUNCTION, NULL, NULL))
+		{
+			DBG1(DBG_CFG, "a PRF algorithm is mandatory in IKE proposals");
+			return FALSE;
 		}
-		e->destroy(e);
 		/* remove MODP_NONE from IKE proposal */
 		e = array_create_enumerator(this->transforms);
 		while (e->enumerate(e, &entry))
@@ -463,48 +484,103 @@ static void check_proposal(private_proposal_t *this)
 			}
 		}
 		e->destroy(e);
+		if (!get_algorithm(this, DIFFIE_HELLMAN_GROUP, NULL, NULL))
+		{
+			DBG1(DBG_CFG, "a DH group is mandatory in IKE proposals");
+			return FALSE;
+		}
+	}
+	else
+	{	/* remove PRFs from ESP/AH proposals */
+		remove_transform(this, PSEUDO_RANDOM_FUNCTION);
 	}
 
-	if (this->protocol == PROTO_ESP)
+	if (this->protocol == PROTO_IKE || this->protocol == PROTO_ESP)
 	{
 		e = create_enumerator(this, ENCRYPTION_ALGORITHM);
 		while (e->enumerate(e, &alg, &ks))
 		{
-			if (!encryption_algorithm_is_aead(alg))
+			any_enc = TRUE;
+			if (encryption_algorithm_is_aead(alg))
 			{
-				all_aead = FALSE;
-				break;
+				any_aead = TRUE;
+				continue;
 			}
+			all_aead = FALSE;
 		}
 		e->destroy(e);
 
-		if (all_aead)
+		if (!any_enc)
+		{
+			DBG1(DBG_CFG, "an encryption algorithm is mandatory in %N proposals",
+				 protocol_id_names, this->protocol);
+			return FALSE;
+		}
+		else if (any_aead && !all_aead)
 		{
-			/* if all encryption algorithms in the proposal are AEADs,
+			DBG1(DBG_CFG, "classic and combined-mode (AEAD) encryption "
+				 "algorithms can't be contained in the same %N proposal",
+				 protocol_id_names, this->protocol);
+			return FALSE;
+		}
+		else if (all_aead)
+		{	/* if all encryption algorithms in the proposal are AEADs,
 			 * we MUST NOT propose any integrity algorithms */
-			e = array_create_enumerator(this->transforms);
-			while (e->enumerate(e, &entry))
+			remove_transform(this, INTEGRITY_ALGORITHM);
+		}
+	}
+	else
+	{	/* AES-GMAC is parsed as encryption algorithm, so we map that to the
+		 * proper integrity algorithm */
+		e = array_create_enumerator(this->transforms);
+		while (e->enumerate(e, &entry))
+		{
+			if (entry->type == ENCRYPTION_ALGORITHM)
 			{
-				if (entry->type == INTEGRITY_ALGORITHM)
+				if (entry->alg == ENCR_NULL_AUTH_AES_GMAC)
 				{
-					array_remove_at(this->transforms, e);
+					entry->type = INTEGRITY_ALGORITHM;
+					ks = entry->key_size;
+					entry->key_size = 0;
+					switch (ks)
+					{
+						case 128:
+							entry->alg = AUTH_AES_128_GMAC;
+							continue;
+						case 192:
+							entry->alg = AUTH_AES_192_GMAC;
+							continue;
+						case 256:
+							entry->alg = AUTH_AES_256_GMAC;
+							continue;
+						default:
+							break;
+					}
 				}
+				/* remove all other encryption algorithms */
+				array_remove_at(this->transforms, e);
 			}
-			e->destroy(e);
+		}
+		e->destroy(e);
+
+		if (!get_algorithm(this, INTEGRITY_ALGORITHM, NULL, NULL))
+		{
+			DBG1(DBG_CFG, "an integrity algorithm is mandatory in AH "
+				 "proposals");
+			return FALSE;
 		}
 	}
 
 	if (this->protocol == PROTO_AH || this->protocol == PROTO_ESP)
 	{
-		e = create_enumerator(this, EXTENDED_SEQUENCE_NUMBERS);
-		if (!e->enumerate(e, NULL, NULL))
+		if (!get_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NULL, NULL))
 		{	/* ESN not specified, assume not supported */
 			add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
 		}
-		e->destroy(e);
 	}
 
 	array_compress(this->transforms);
+	return TRUE;
 }
 
 /**
@@ -842,6 +918,7 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
 			case NTRU_128_BIT:
 			case NTRU_192_BIT:
 			case NTRU_256_BIT:
+			case NH_128_BIT:
 				add_algorithm(this, DIFFIE_HELLMAN_GROUP, group, 0);
 				break;
 			default:
@@ -999,13 +1076,11 @@ proposal_t *proposal_create_from_string(protocol_id_t protocol, const char *algs
 	}
 	enumerator->destroy(enumerator);
 
-	if (failed)
+	if (failed || !check_proposal(this))
 	{
 		destroy(this);
 		return NULL;
 	}
 
-	check_proposal(this);
-
 	return &this->public;
 }
diff --git a/src/libcharon/encoding/message.c b/src/libcharon/encoding/message.c
index 1fd6442..50dab9e 100644
--- a/src/libcharon/encoding/message.c
+++ b/src/libcharon/encoding/message.c
@@ -535,7 +535,7 @@ static payload_rule_t aggressive_i_rules[] = {
 	{PLV1_NAT_D,					0,	MAX_NAT_D_PAYLOADS,		FALSE,	FALSE},
 	{PLV1_NAT_D_DRAFT_00_03,		0,	MAX_NAT_D_PAYLOADS,		FALSE,	FALSE},
 	{PLV1_ID,						0,	1,						FALSE,	FALSE},
-	{PLV1_CERTIFICATE,				0,	1,						TRUE,	FALSE},
+	{PLV1_CERTIFICATE,				0,	MAX_CERT_PAYLOADS,		TRUE,	FALSE},
 	{PLV1_SIGNATURE,				0,	1,						TRUE,	FALSE},
 	{PLV1_HASH,						0,	1,						TRUE,	FALSE},
 	{PLV1_FRAGMENT,					0,	1,						FALSE,	TRUE},
@@ -575,7 +575,7 @@ static payload_rule_t aggressive_r_rules[] = {
 	{PLV1_NAT_D,					0,	MAX_NAT_D_PAYLOADS,		FALSE,	FALSE},
 	{PLV1_NAT_D_DRAFT_00_03,		0,	MAX_NAT_D_PAYLOADS,		FALSE,	FALSE},
 	{PLV1_ID,						0,	1,						FALSE,	FALSE},
-	{PLV1_CERTIFICATE,				0,	1,						FALSE,	FALSE},
+	{PLV1_CERTIFICATE,				0,	MAX_CERT_PAYLOADS,		FALSE,	FALSE},
 	{PLV1_SIGNATURE,				0,	1,						FALSE,	FALSE},
 	{PLV1_HASH,						0,	1,						FALSE,	FALSE},
 	{PLV1_FRAGMENT,					0,	1,						FALSE,	TRUE},
diff --git a/src/libcharon/encoding/payloads/proposal_substructure.c b/src/libcharon/encoding/payloads/proposal_substructure.c
index 1a435a8..55641e1 100644
--- a/src/libcharon/encoding/payloads/proposal_substructure.c
+++ b/src/libcharon/encoding/payloads/proposal_substructure.c
@@ -1360,18 +1360,21 @@ static void set_from_proposal_v1(private_proposal_substructure_t *this,
 	enumerator = proposal->create_enumerator(proposal, INTEGRITY_ALGORITHM);
 	if (enumerator->enumerate(enumerator, &alg, &key_size))
 	{
-		transid = get_ikev1_transid_from_alg(INTEGRITY_ALGORITHM, alg);
 		alg = get_ikev1_auth_from_alg(alg);
-		if (transid && alg)
+		if (alg)
 		{
-			if (!transform)
+			transid = get_ikev1_transid_from_alg(INTEGRITY_ALGORITHM, alg);
+			if (!transform && transid)
 			{
 				transform = transform_substructure_create_type(
 								PLV1_TRANSFORM_SUBSTRUCTURE, number, transid);
 			}
-			transform->add_transform_attribute(transform,
-				transform_attribute_create_value(PLV1_TRANSFORM_ATTRIBUTE,
-									TATTR_PH2_AUTH_ALGORITHM, alg));
+			if (transform)
+			{
+				transform->add_transform_attribute(transform,
+					transform_attribute_create_value(PLV1_TRANSFORM_ATTRIBUTE,
+										TATTR_PH2_AUTH_ALGORITHM, alg));
+			}
 		}
 	}
 	enumerator->destroy(enumerator);
diff --git a/src/libcharon/plugins/addrblock/Makefile.in b/src/libcharon/plugins/addrblock/Makefile.in
index 3b49a85..7917d45 100644
--- a/src/libcharon/plugins/addrblock/Makefile.in
+++ b/src/libcharon/plugins/addrblock/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/android_dns/Makefile.in b/src/libcharon/plugins/android_dns/Makefile.in
index 5f6ecbf..3560d36 100644
--- a/src/libcharon/plugins/android_dns/Makefile.in
+++ b/src/libcharon/plugins/android_dns/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/android_log/Makefile.in b/src/libcharon/plugins/android_log/Makefile.in
index bee30d9..9d3f2f5 100644
--- a/src/libcharon/plugins/android_log/Makefile.in
+++ b/src/libcharon/plugins/android_log/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/attr/Makefile.in b/src/libcharon/plugins/attr/Makefile.in
index 607fe3f..4b900d1 100644
--- a/src/libcharon/plugins/attr/Makefile.in
+++ b/src/libcharon/plugins/attr/Makefile.in
@@ -350,7 +350,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -384,8 +383,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -439,6 +436,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/attr_sql/Makefile.in b/src/libcharon/plugins/attr_sql/Makefile.in
index d533a56..077e2f3 100644
--- a/src/libcharon/plugins/attr_sql/Makefile.in
+++ b/src/libcharon/plugins/attr_sql/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/certexpire/Makefile.in b/src/libcharon/plugins/certexpire/Makefile.in
index 31e7861..30873fa 100644
--- a/src/libcharon/plugins/certexpire/Makefile.in
+++ b/src/libcharon/plugins/certexpire/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/connmark/Makefile.in b/src/libcharon/plugins/connmark/Makefile.in
index c312821..3c9ba80 100644
--- a/src/libcharon/plugins/connmark/Makefile.in
+++ b/src/libcharon/plugins/connmark/Makefile.in
@@ -354,7 +354,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -388,8 +387,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -443,6 +440,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/coupling/Makefile.in b/src/libcharon/plugins/coupling/Makefile.in
index a71d755..61dd852 100644
--- a/src/libcharon/plugins/coupling/Makefile.in
+++ b/src/libcharon/plugins/coupling/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/dhcp/Makefile.in b/src/libcharon/plugins/dhcp/Makefile.in
index 843d05e..856ebaa 100644
--- a/src/libcharon/plugins/dhcp/Makefile.in
+++ b/src/libcharon/plugins/dhcp/Makefile.in
@@ -351,7 +351,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -385,8 +384,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -440,6 +437,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/dnscert/Makefile.in b/src/libcharon/plugins/dnscert/Makefile.in
index 5f035ba..fd47162 100644
--- a/src/libcharon/plugins/dnscert/Makefile.in
+++ b/src/libcharon/plugins/dnscert/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/dnscert/dnscert_cred.c b/src/libcharon/plugins/dnscert/dnscert_cred.c
index 7902526..d32794c 100644
--- a/src/libcharon/plugins/dnscert/dnscert_cred.c
+++ b/src/libcharon/plugins/dnscert/dnscert_cred.c
@@ -70,6 +70,8 @@ typedef struct {
 	enumerator_t *inner;
 	/** response of the DNS resolver which contains the CERTs */
 	resolver_response_t *response;
+	/** most recently enumerated certificate */
+	certificate_t *cert;
 } cert_enumerator_t;
 
 METHOD(enumerator_t, cert_enumerator_enumerate, bool,
@@ -101,17 +103,17 @@ METHOD(enumerator_t, cert_enumerator_enumerate, bool,
 		/* Try to parse PEM certificate container. Both x509 and PGP should
 		 * presumably come as PEM encoded certs. */
 		certificate = cur_crt->get_certificate(cur_crt);
-		*cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_ANY,
-								   BUILD_BLOB_PEM, certificate,
-								   BUILD_END);
-		if (*cert == NULL)
+		DESTROY_IF(this->cert);
+		this->cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_ANY,
+										BUILD_BLOB_PEM, certificate,
+										BUILD_END);
+		cur_crt->destroy(cur_crt);
+		if (!this->cert)
 		{
-			DBG1(DBG_CFG, "  unable to parse certificate, skipping",
-				 cur_crt->get_cert_type(cur_crt));
-			cur_crt->destroy(cur_crt);
+			DBG1(DBG_CFG, "  unable to parse certificate, skipping");
 			continue;
 		}
-		cur_crt->destroy(cur_crt);
+		*cert = this->cert;
 		return TRUE;
 	}
 	return FALSE;
@@ -120,6 +122,7 @@ METHOD(enumerator_t, cert_enumerator_enumerate, bool,
 METHOD(enumerator_t, cert_enumerator_destroy, void,
 	cert_enumerator_t *this)
 {
+	DESTROY_IF(this->cert);
 	this->inner->destroy(this->inner);
 	this->response->destroy(this->response);
 	free(this);
diff --git a/src/libcharon/plugins/duplicheck/Makefile.in b/src/libcharon/plugins/duplicheck/Makefile.in
index 9e3133b..866af82 100644
--- a/src/libcharon/plugins/duplicheck/Makefile.in
+++ b/src/libcharon/plugins/duplicheck/Makefile.in
@@ -360,7 +360,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -394,8 +393,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -449,6 +446,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/eap_aka/Makefile.in b/src/libcharon/plugins/eap_aka/Makefile.in
index 8ac12c1..6ff71c2 100644
--- a/src/libcharon/plugins/eap_aka/Makefile.in
+++ b/src/libcharon/plugins/eap_aka/Makefile.in
@@ -354,7 +354,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -388,8 +387,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -443,6 +440,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in
index 7dc9003..eabe0b4 100644
--- a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in
+++ b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in
@@ -355,7 +355,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -389,8 +388,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -444,6 +441,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/eap_dynamic/Makefile.in b/src/libcharon/plugins/eap_dynamic/Makefile.in
index f81d54f..e6877f7 100644
--- a/src/libcharon/plugins/eap_dynamic/Makefile.in
+++ b/src/libcharon/plugins/eap_dynamic/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/eap_gtc/Makefile.in b/src/libcharon/plugins/eap_gtc/Makefile.in
index f11d860..a1ebc2b 100644
--- a/src/libcharon/plugins/eap_gtc/Makefile.in
+++ b/src/libcharon/plugins/eap_gtc/Makefile.in
@@ -352,7 +352,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -386,8 +385,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -441,6 +438,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/eap_identity/Makefile.in b/src/libcharon/plugins/eap_identity/Makefile.in
index e9755aa..e2431fe 100644
--- a/src/libcharon/plugins/eap_identity/Makefile.in
+++ b/src/libcharon/plugins/eap_identity/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/eap_md5/Makefile.in b/src/libcharon/plugins/eap_md5/Makefile.in
index 82ba96d..2a47218 100644
--- a/src/libcharon/plugins/eap_md5/Makefile.in
+++ b/src/libcharon/plugins/eap_md5/Makefile.in
@@ -352,7 +352,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -386,8 +385,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -441,6 +438,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/eap_mschapv2/Makefile.in b/src/libcharon/plugins/eap_mschapv2/Makefile.in
index c3b31cd..42c0795 100644
--- a/src/libcharon/plugins/eap_mschapv2/Makefile.in
+++ b/src/libcharon/plugins/eap_mschapv2/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/eap_peap/Makefile.in b/src/libcharon/plugins/eap_peap/Makefile.in
index 2a01a36..23d9d1d 100644
--- a/src/libcharon/plugins/eap_peap/Makefile.in
+++ b/src/libcharon/plugins/eap_peap/Makefile.in
@@ -354,7 +354,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -388,8 +387,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -443,6 +440,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/eap_peap/eap_peap_server.c b/src/libcharon/plugins/eap_peap/eap_peap_server.c
index 7f8348e..d51d0d0 100644
--- a/src/libcharon/plugins/eap_peap/eap_peap_server.c
+++ b/src/libcharon/plugins/eap_peap/eap_peap_server.c
@@ -211,7 +211,7 @@ METHOD(tls_application_t, process, status_t,
 	{
 		DBG1(DBG_IKE, "received tunneled EAP-PEAP AVP [EAP/%N]",
 								eap_code_short_names, code);
-
+		in->destroy(in);
 		/* if EAP_SUCCESS check if to continue phase2 with EAP-TNC */
 		return (this->phase2_result == EAP_SUCCESS && code == EAP_SUCCESS) ?
 			   start_phase2_tnc(this) : FAILED;
@@ -250,6 +250,7 @@ METHOD(tls_application_t, process, status_t,
 			{
 				DBG1(DBG_IKE, "%N method not available",
 							   eap_type_names, EAP_IDENTITY);
+				in->destroy(in);
 				return FAILED;
 			}
 		}
@@ -258,6 +259,7 @@ METHOD(tls_application_t, process, status_t,
 		{
 
 			DBG1(DBG_IKE, "%N method failed", eap_type_names, EAP_IDENTITY);
+			in->destroy(in);
 			return FAILED;
 		}
 
diff --git a/src/libcharon/plugins/eap_radius/Makefile.in b/src/libcharon/plugins/eap_radius/Makefile.in
index cdba38c..7d0614d 100644
--- a/src/libcharon/plugins/eap_radius/Makefile.in
+++ b/src/libcharon/plugins/eap_radius/Makefile.in
@@ -355,7 +355,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -389,8 +388,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -444,6 +441,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/eap_sim/Makefile.in b/src/libcharon/plugins/eap_sim/Makefile.in
index f1b8adb..ba20c08 100644
--- a/src/libcharon/plugins/eap_sim/Makefile.in
+++ b/src/libcharon/plugins/eap_sim/Makefile.in
@@ -354,7 +354,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -388,8 +387,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -443,6 +440,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/eap_sim_file/Makefile.in b/src/libcharon/plugins/eap_sim_file/Makefile.in
index 40ff9f2..5d93852 100644
--- a/src/libcharon/plugins/eap_sim_file/Makefile.in
+++ b/src/libcharon/plugins/eap_sim_file/Makefile.in
@@ -355,7 +355,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -389,8 +388,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -444,6 +441,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/eap_sim_pcsc/Makefile.in b/src/libcharon/plugins/eap_sim_pcsc/Makefile.in
index 354c7a1..8d0cd71 100644
--- a/src/libcharon/plugins/eap_sim_pcsc/Makefile.in
+++ b/src/libcharon/plugins/eap_sim_pcsc/Makefile.in
@@ -356,7 +356,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -390,8 +389,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -445,6 +442,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in
index 4e3105f..60b7ef3 100644
--- a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in
+++ b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in
@@ -356,7 +356,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -390,8 +389,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -445,6 +442,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/eap_simaka_reauth/Makefile.in b/src/libcharon/plugins/eap_simaka_reauth/Makefile.in
index 2d5747e..8608587 100644
--- a/src/libcharon/plugins/eap_simaka_reauth/Makefile.in
+++ b/src/libcharon/plugins/eap_simaka_reauth/Makefile.in
@@ -355,7 +355,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -389,8 +388,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -444,6 +441,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/eap_simaka_sql/Makefile.in b/src/libcharon/plugins/eap_simaka_sql/Makefile.in
index a491899..4cf739e 100644
--- a/src/libcharon/plugins/eap_simaka_sql/Makefile.in
+++ b/src/libcharon/plugins/eap_simaka_sql/Makefile.in
@@ -354,7 +354,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -388,8 +387,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -443,6 +440,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/eap_tls/Makefile.in b/src/libcharon/plugins/eap_tls/Makefile.in
index c912f9f..d125c13 100644
--- a/src/libcharon/plugins/eap_tls/Makefile.in
+++ b/src/libcharon/plugins/eap_tls/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/eap_tnc/Makefile.in b/src/libcharon/plugins/eap_tnc/Makefile.in
index efef3af..c32671a 100644
--- a/src/libcharon/plugins/eap_tnc/Makefile.in
+++ b/src/libcharon/plugins/eap_tnc/Makefile.in
@@ -354,7 +354,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -388,8 +387,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -443,6 +440,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/eap_ttls/Makefile.in b/src/libcharon/plugins/eap_ttls/Makefile.in
index 6f39b84..20a3dd8 100644
--- a/src/libcharon/plugins/eap_ttls/Makefile.in
+++ b/src/libcharon/plugins/eap_ttls/Makefile.in
@@ -355,7 +355,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -389,8 +388,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -444,6 +441,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/error_notify/Makefile.in b/src/libcharon/plugins/error_notify/Makefile.in
index d3fd2a1..96c6a63 100644
--- a/src/libcharon/plugins/error_notify/Makefile.in
+++ b/src/libcharon/plugins/error_notify/Makefile.in
@@ -361,7 +361,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -395,8 +394,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -450,6 +447,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/ext_auth/Makefile.in b/src/libcharon/plugins/ext_auth/Makefile.in
index c49c55f..1178d65 100644
--- a/src/libcharon/plugins/ext_auth/Makefile.in
+++ b/src/libcharon/plugins/ext_auth/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/farp/Makefile.in b/src/libcharon/plugins/farp/Makefile.in
index 4674a78..f37ca65 100644
--- a/src/libcharon/plugins/farp/Makefile.in
+++ b/src/libcharon/plugins/farp/Makefile.in
@@ -351,7 +351,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -385,8 +384,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -440,6 +437,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/forecast/Makefile.in b/src/libcharon/plugins/forecast/Makefile.in
index d29134f..2f78e77 100644
--- a/src/libcharon/plugins/forecast/Makefile.in
+++ b/src/libcharon/plugins/forecast/Makefile.in
@@ -354,7 +354,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -388,8 +387,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -443,6 +440,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/ha/Makefile.in b/src/libcharon/plugins/ha/Makefile.in
index 420b8bd..2be7ee4 100644
--- a/src/libcharon/plugins/ha/Makefile.in
+++ b/src/libcharon/plugins/ha/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/ipseckey/Makefile.in b/src/libcharon/plugins/ipseckey/Makefile.in
index 38a63ea..971b72c 100644
--- a/src/libcharon/plugins/ipseckey/Makefile.in
+++ b/src/libcharon/plugins/ipseckey/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/ipseckey/ipseckey_cred.c b/src/libcharon/plugins/ipseckey/ipseckey_cred.c
index 6c041ce..ff50d8a 100644
--- a/src/libcharon/plugins/ipseckey/ipseckey_cred.c
+++ b/src/libcharon/plugins/ipseckey/ipseckey_cred.c
@@ -57,6 +57,8 @@ typedef struct {
 	time_t notAfter;
 	/* identity to which the IPSECKEY belongs */
 	identification_t *identity;
+	/** most recently enumerated certificate */
+	certificate_t *cert;
 } cert_enumerator_t;
 
 METHOD(enumerator_t, cert_enumerator_enumerate, bool,
@@ -91,28 +93,27 @@ METHOD(enumerator_t, cert_enumerator_enumerate, bool,
 		public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA,
 									BUILD_BLOB_DNSKEY, key,
 									BUILD_END);
+		cur_ipseckey->destroy(cur_ipseckey);
 		if (!public)
 		{
 			DBG1(DBG_CFG, "  failed to create public key from IPSECKEY");
-			cur_ipseckey->destroy(cur_ipseckey);
 			continue;
 		}
-
-		*cert = lib->creds->create(lib->creds, CRED_CERTIFICATE,
-								   CERT_TRUSTED_PUBKEY,
-								   BUILD_PUBLIC_KEY, public,
-								   BUILD_SUBJECT, this->identity,
-								   BUILD_NOT_BEFORE_TIME, this->notBefore,
-								   BUILD_NOT_AFTER_TIME, this->notAfter,
-								   BUILD_END);
-		if (*cert == NULL)
+		DESTROY_IF(this->cert);
+		this->cert = lib->creds->create(lib->creds, CRED_CERTIFICATE,
+										CERT_TRUSTED_PUBKEY,
+										BUILD_PUBLIC_KEY, public,
+										BUILD_SUBJECT, this->identity,
+										BUILD_NOT_BEFORE_TIME, this->notBefore,
+										BUILD_NOT_AFTER_TIME, this->notAfter,
+										BUILD_END);
+		public->destroy(public);
+		if (!this->cert)
 		{
 			DBG1(DBG_CFG, "  failed to create certificate from IPSECKEY");
-			cur_ipseckey->destroy(cur_ipseckey);
-			public->destroy(public);
 			continue;
 		}
-		cur_ipseckey->destroy(cur_ipseckey);
+		*cert = this->cert;
 		return TRUE;
 	}
 	return FALSE;
@@ -121,6 +122,7 @@ METHOD(enumerator_t, cert_enumerator_enumerate, bool,
 METHOD(enumerator_t, cert_enumerator_destroy, void,
 	cert_enumerator_t *this)
 {
+	DESTROY_IF(this->cert);
 	this->inner->destroy(this->inner);
 	this->response->destroy(this->response);
 	free(this);
diff --git a/src/libcharon/plugins/kernel_iph/Makefile.in b/src/libcharon/plugins/kernel_iph/Makefile.in
index 19e7701..a2c8d22 100644
--- a/src/libcharon/plugins/kernel_iph/Makefile.in
+++ b/src/libcharon/plugins/kernel_iph/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/kernel_libipsec/Makefile.in b/src/libcharon/plugins/kernel_libipsec/Makefile.in
index 9bfdb95..011ec3f 100644
--- a/src/libcharon/plugins/kernel_libipsec/Makefile.in
+++ b/src/libcharon/plugins/kernel_libipsec/Makefile.in
@@ -355,7 +355,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -389,8 +388,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -444,6 +441,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/kernel_netlink/Makefile.in b/src/libcharon/plugins/kernel_netlink/Makefile.in
index 2435dea..b2df52a 100644
--- a/src/libcharon/plugins/kernel_netlink/Makefile.in
+++ b/src/libcharon/plugins/kernel_netlink/Makefile.in
@@ -392,7 +392,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -426,8 +425,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -481,6 +478,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
index 9c2a7c3..f3846ec 100644
--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -1245,7 +1245,7 @@ METHOD(kernel_ipsec_t, get_cpi, status_t,
  */
 static void format_mark(char *buf, int buflen, mark_t mark)
 {
-	if (mark.value)
+	if (mark.value | mark.mask)
 	{
 		snprintf(buf, buflen, " (mark %u/0x%08x)", mark.value, mark.mask);
 	}
@@ -1256,7 +1256,7 @@ static void format_mark(char *buf, int buflen, mark_t mark)
  */
 static bool add_mark(struct nlmsghdr *hdr, int buflen, mark_t mark)
 {
-	if (mark.value)
+	if (mark.value | mark.mask)
 	{
 		struct xfrm_mark *xmrk;
 
@@ -2528,6 +2528,7 @@ METHOD(kernel_ipsec_t, add_policy, status_t,
 			 id->dir, markstr, cur_priority, use_count);
 		return SUCCESS;
 	}
+	policy->reqid = assigned_sa->sa->cfg.reqid;
 
 	if (this->policy_update)
 	{
@@ -2720,6 +2721,7 @@ METHOD(kernel_ipsec_t, del_policy, status_t,
 			return SUCCESS;
 		}
 		current->used_by->get_first(current->used_by, (void**)&mapping);
+		current->reqid = mapping->sa->cfg.reqid;
 
 		DBG2(DBG_KNL, "updating policy %R === %R %N%s [priority %u, "
 			 "refcount %d]", id->src_ts, id->dst_ts, policy_dir_names, id->dir,
@@ -3044,6 +3046,110 @@ METHOD(kernel_ipsec_t, destroy, void,
 	free(this);
 }
 
+/**
+ * Get the currently configured SPD hashing thresholds for an address family
+ */
+static bool get_spd_hash_thresh(private_kernel_netlink_ipsec_t *this,
+								int type, uint8_t *lbits, uint8_t *rbits)
+{
+	netlink_buf_t request;
+	struct nlmsghdr *hdr, *out;
+	struct xfrmu_spdhthresh *thresh;
+	struct rtattr *rta;
+	size_t len, rtasize;
+	bool success = FALSE;
+
+	memset(&request, 0, sizeof(request));
+
+	hdr = &request.hdr;
+	hdr->nlmsg_flags = NLM_F_REQUEST;
+	hdr->nlmsg_type = XFRM_MSG_GETSPDINFO;
+	hdr->nlmsg_len = NLMSG_LENGTH(sizeof(uint32_t));
+
+	if (this->socket_xfrm->send(this->socket_xfrm, hdr, &out, &len) == SUCCESS)
+	{
+		hdr = out;
+		while (NLMSG_OK(hdr, len))
+		{
+			switch (hdr->nlmsg_type)
+			{
+				case XFRM_MSG_NEWSPDINFO:
+				{
+					rta = XFRM_RTA(hdr, uint32_t);
+					rtasize = XFRM_PAYLOAD(hdr, uint32_t);
+					while (RTA_OK(rta, rtasize))
+					{
+						if (rta->rta_type == type &&
+							RTA_PAYLOAD(rta) == sizeof(*thresh))
+						{
+							thresh = RTA_DATA(rta);
+							*lbits = thresh->lbits;
+							*rbits = thresh->rbits;
+							success = TRUE;
+							break;
+						}
+						rta = RTA_NEXT(rta, rtasize);
+					}
+					break;
+				}
+				case NLMSG_ERROR:
+				{
+					struct nlmsgerr *err = NLMSG_DATA(hdr);
+					DBG1(DBG_KNL, "getting SPD hash threshold failed: %s (%d)",
+						 strerror(-err->error), -err->error);
+					break;
+				}
+				default:
+					hdr = NLMSG_NEXT(hdr, len);
+					continue;
+				case NLMSG_DONE:
+					break;
+			}
+			break;
+		}
+		free(out);
+	}
+	return success;
+}
+
+/**
+ * Configure SPD hashing threshold for an address family
+ */
+static void setup_spd_hash_thresh(private_kernel_netlink_ipsec_t *this,
+								  char *key, int type, uint8_t def)
+{
+	struct xfrmu_spdhthresh *thresh;
+	struct nlmsghdr *hdr;
+	netlink_buf_t request;
+	uint8_t lbits, rbits;
+
+	if (!get_spd_hash_thresh(this, type, &lbits, &rbits))
+	{
+		return;
+	}
+	memset(&request, 0, sizeof(request));
+
+	hdr = &request.hdr;
+	hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK;
+	hdr->nlmsg_type = XFRM_MSG_NEWSPDINFO;
+	hdr->nlmsg_len = NLMSG_LENGTH(sizeof(uint32_t));
+
+	thresh = netlink_reserve(hdr, sizeof(request), type, sizeof(*thresh));
+	thresh->lbits = lib->settings->get_int(lib->settings,
+							"%s.plugins.kernel-netlink.spdh_thresh.%s.lbits",
+							def, lib->ns, key);
+	thresh->rbits = lib->settings->get_int(lib->settings,
+							"%s.plugins.kernel-netlink.spdh_thresh.%s.rbits",
+							def, lib->ns, key);
+	if (thresh->lbits != lbits || thresh->rbits != rbits)
+	{
+		if (this->socket_xfrm->send_ack(this->socket_xfrm, hdr) != SUCCESS)
+		{
+			DBG1(DBG_KNL, "setting SPD hash threshold failed");
+		}
+	}
+}
+
 /*
  * Described in header.
  */
@@ -3114,6 +3220,9 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create()
 		return NULL;
 	}
 
+	setup_spd_hash_thresh(this, "ipv4", XFRMA_SPD_IPV4_HTHRESH, 32);
+	setup_spd_hash_thresh(this, "ipv6", XFRMA_SPD_IPV6_HTHRESH, 128);
+
 	if (register_for_events)
 	{
 		struct sockaddr_nl addr;
diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
index 93c2ccc..0132f72 100644
--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
@@ -702,6 +702,54 @@ static void addr_map_entry_remove(hashtable_t *map, addr_entry_t *addr,
 }
 
 /**
+ * Check if an address or net (addr with prefix net bits) is in
+ * subnet (net with net_len net bits)
+ */
+static bool addr_in_subnet(chunk_t addr, int prefix, chunk_t net, int net_len)
+{
+	static const u_char mask[] = { 0x00, 0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe };
+	int byte = 0;
+
+	if (net_len == 0)
+	{	/* any address matches a /0 network */
+		return TRUE;
+	}
+	if (addr.len != net.len || net_len > 8 * net.len || prefix < net_len)
+	{
+		return FALSE;
+	}
+	/* scan through all bytes in network order */
+	while (net_len > 0)
+	{
+		if (net_len < 8)
+		{
+			return (mask[net_len] & addr.ptr[byte]) == (mask[net_len] & net.ptr[byte]);
+		}
+		else
+		{
+			if (addr.ptr[byte] != net.ptr[byte])
+			{
+				return FALSE;
+			}
+			byte++;
+			net_len -= 8;
+		}
+	}
+	return TRUE;
+}
+
+/**
+ * Check if the given address is in subnet (net with net_len net bits)
+ */
+static bool host_in_subnet(host_t *host, chunk_t net, int net_len)
+{
+	chunk_t addr;
+
+	addr = host->get_address(host);
+	return addr_in_subnet(addr, addr.len * 8, net, net_len);
+}
+
+/**
  * Determine the type or scope of the given unicast IP address.  This is not
  * the same thing returned in rtm_scope/ifa_scope.
  *
@@ -837,7 +885,8 @@ static bool is_address_better(private_kernel_netlink_net_t *this,
 }
 
 /**
- * Get a non-virtual IP address on the given interface.
+ * Get a non-virtual IP address on the given interfaces and optionally in a
+ * given subnet.
  *
  * If a candidate address is given, we first search for that address and if not
  * found return the address as above.
@@ -845,19 +894,21 @@ static bool is_address_better(private_kernel_netlink_net_t *this,
  *
  * this->lock must be held when calling this function.
  */
-static host_t *get_interface_address(private_kernel_netlink_net_t *this,
-									 int ifindex, int family, host_t *dest,
-									 host_t *candidate)
+static host_t *get_matching_address(private_kernel_netlink_net_t *this,
+									int *ifindex, int family, chunk_t net,
+									uint8_t mask, host_t *dest,
+									host_t *candidate)
 {
+	enumerator_t *ifaces, *addrs;
 	iface_entry_t *iface;
-	enumerator_t *addrs;
 	addr_entry_t *addr, *best = NULL;
+	bool candidate_matched = FALSE;
 
-	if (this->ifaces->find_first(this->ifaces, (void*)iface_entry_by_index,
-								 (void**)&iface, &ifindex) == SUCCESS)
+	ifaces = this->ifaces->create_enumerator(this->ifaces);
+	while (ifaces->enumerate(ifaces, &iface))
 	{
-		if (iface->usable)
-		{	/* only use interfaces not excluded by config */
+		if (iface->usable && (!ifindex || iface->ifindex == *ifindex))
+		{	/* only use matching interfaces not excluded by config */
 			addrs = iface->addrs->create_enumerator(iface->addrs);
 			while (addrs->enumerate(addrs, &addr))
 			{
@@ -866,9 +917,14 @@ static host_t *get_interface_address(private_kernel_netlink_net_t *this,
 				{	/* ignore virtual IP addresses and ensure family matches */
 					continue;
 				}
+				if (net.ptr && !host_in_subnet(addr->ip, net, mask))
+				{	/* optionally match a subnet */
+					continue;
+				}
 				if (candidate && candidate->ip_equals(candidate, addr->ip))
 				{	/* stop if we find the candidate */
 					best = addr;
+					candidate_matched = TRUE;
 					break;
 				}
 				else if (!best || is_address_better(this, best, addr, dest))
@@ -877,12 +933,50 @@ static host_t *get_interface_address(private_kernel_netlink_net_t *this,
 				}
 			}
 			addrs->destroy(addrs);
+			if (ifindex || candidate_matched)
+			{
+				break;
+			}
 		}
 	}
+	ifaces->destroy(ifaces);
 	return best ? best->ip->clone(best->ip) : NULL;
 }
 
 /**
+ * Get a non-virtual IP address on the given interface.
+ *
+ * If a candidate address is given, we first search for that address and if not
+ * found return the address as above.
+ * Returned host is a clone, has to be freed by caller.
+ *
+ * this->lock must be held when calling this function.
+ */
+static host_t *get_interface_address(private_kernel_netlink_net_t *this,
+									 int ifindex, int family, host_t *dest,
+									 host_t *candidate)
+{
+	return get_matching_address(this, &ifindex, family, chunk_empty, 0, dest,
+								candidate);
+}
+
+/**
+ * Get a non-virtual IP address in the given subnet.
+ *
+ * If a candidate address is given, we first search for that address and if not
+ * found return the address as above.
+ * Returned host is a clone, has to be freed by caller.
+ *
+ * this->lock must be held when calling this function.
+ */
+static host_t *get_subnet_address(private_kernel_netlink_net_t *this,
+								  int family, chunk_t net, uint8_t mask,
+								  host_t *dest, host_t *candidate)
+{
+	return get_matching_address(this, NULL, family, net, mask, dest, candidate);
+}
+
+/**
  * callback function that raises the delayed roam event
  */
 static job_requeue_t roam_event(private_kernel_netlink_net_t *this)
@@ -1528,51 +1622,16 @@ static char *get_interface_name_by_index(private_kernel_netlink_net_t *this,
 }
 
 /**
- * check if an address or net (addr with prefix net bits) is in
- * subnet (net with net_len net bits)
- */
-static bool addr_in_subnet(chunk_t addr, int prefix, chunk_t net, int net_len)
-{
-	static const u_char mask[] = { 0x00, 0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe };
-	int byte = 0;
-
-	if (net_len == 0)
-	{	/* any address matches a /0 network */
-		return TRUE;
-	}
-	if (addr.len != net.len || net_len > 8 * net.len || prefix < net_len)
-	{
-		return FALSE;
-	}
-	/* scan through all bytes in network order */
-	while (net_len > 0)
-	{
-		if (net_len < 8)
-		{
-			return (mask[net_len] & addr.ptr[byte]) == (mask[net_len] & net.ptr[byte]);
-		}
-		else
-		{
-			if (addr.ptr[byte] != net.ptr[byte])
-			{
-				return FALSE;
-			}
-			byte++;
-			net_len -= 8;
-		}
-	}
-	return TRUE;
-}
-
-/**
  * Store information about a route retrieved via RTNETLINK
  */
 typedef struct {
 	chunk_t gtw;
-	chunk_t src;
+	chunk_t pref_src;
 	chunk_t dst;
+	chunk_t src;
 	host_t *src_host;
 	uint8_t dst_len;
+	uint8_t src_len;
 	uint32_t table;
 	uint32_t oif;
 	uint32_t priority;
@@ -1626,9 +1685,11 @@ static rt_entry_t *parse_route(struct nlmsghdr *hdr, rt_entry_t *route)
 	if (route)
 	{
 		route->gtw = chunk_empty;
-		route->src = chunk_empty;
+		route->pref_src = chunk_empty;
 		route->dst = chunk_empty;
 		route->dst_len = msg->rtm_dst_len;
+		route->src = chunk_empty;
+		route->src_len = msg->rtm_src_len;
 		route->table = msg->rtm_table;
 		route->oif = 0;
 		route->priority = 0;
@@ -1637,6 +1698,7 @@ static rt_entry_t *parse_route(struct nlmsghdr *hdr, rt_entry_t *route)
 	{
 		INIT(route,
 			.dst_len = msg->rtm_dst_len,
+			.src_len = msg->rtm_src_len,
 			.table = msg->rtm_table,
 		);
 	}
@@ -1646,7 +1708,7 @@ static rt_entry_t *parse_route(struct nlmsghdr *hdr, rt_entry_t *route)
 		switch (rta->rta_type)
 		{
 			case RTA_PREFSRC:
-				route->src = chunk_create(RTA_DATA(rta), RTA_PAYLOAD(rta));
+				route->pref_src = chunk_create(RTA_DATA(rta), RTA_PAYLOAD(rta));
 				break;
 			case RTA_GATEWAY:
 				route->gtw = chunk_create(RTA_DATA(rta), RTA_PAYLOAD(rta));
@@ -1654,6 +1716,9 @@ static rt_entry_t *parse_route(struct nlmsghdr *hdr, rt_entry_t *route)
 			case RTA_DST:
 				route->dst = chunk_create(RTA_DATA(rta), RTA_PAYLOAD(rta));
 				break;
+			case RTA_SRC:
+				route->src = chunk_create(RTA_DATA(rta), RTA_PAYLOAD(rta));
+				break;
 			case RTA_OIF:
 				if (RTA_PAYLOAD(rta) == sizeof(route->oif))
 				{
@@ -1790,10 +1855,10 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest,
 				{	/* route destination does not contain dest */
 					continue;
 				}
-				if (route->src.ptr)
+				if (route->pref_src.ptr)
 				{	/* verify source address, if any */
 					host_t *src = host_create_from_chunk(msg->rtm_family,
-														 route->src, 0);
+														 route->pref_src, 0);
 					if (src && is_known_vip(this, src))
 					{	/* ignore routes installed by us */
 						src->destroy(src);
@@ -1863,12 +1928,29 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest,
 			best = best ?: route;
 			continue;
 		}
+		if (route->src.ptr)
+		{	/* no src, but a source selector, try to find a matching address */
+			route->src_host = get_subnet_address(this, msg->rtm_family,
+											route->src, route->src_len, dest,
+											candidate);
+			if (route->src_host)
+			{	/* we handle this address the same as the one above */
+				if (!candidate ||
+					 candidate->ip_equals(candidate, route->src_host))
+				{
+					best = route;
+					break;
+				}
+				best = best ?: route;
+				continue;
+			}
+		}
 		if (route->oif)
 		{	/* no src, but an interface - get address from it */
 			route->src_host = get_interface_address(this, route->oif,
 											msg->rtm_family, dest, candidate);
 			if (route->src_host)
-			{	/* we handle this address the same as the one above */
+			{	/* more of the same */
 				if (!candidate ||
 					 candidate->ip_equals(candidate, route->src_host))
 				{
@@ -1913,9 +1995,9 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest,
 		if (best || routes->get_first(routes, (void**)&best) == SUCCESS)
 		{
 			addr = host_create_from_chunk(msg->rtm_family, best->gtw, 0);
-			if (iface && route->oif)
+			if (iface && best->oif)
 			{
-				*iface = get_interface_name_by_index(this, route->oif);
+				*iface = get_interface_name_by_index(this, best->oif);
 			}
 		}
 		if (!addr && !match_net)
diff --git a/src/libcharon/plugins/kernel_pfkey/Makefile.in b/src/libcharon/plugins/kernel_pfkey/Makefile.in
index 8866f13..d00e8b3 100644
--- a/src/libcharon/plugins/kernel_pfkey/Makefile.in
+++ b/src/libcharon/plugins/kernel_pfkey/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/kernel_pfroute/Makefile.in b/src/libcharon/plugins/kernel_pfroute/Makefile.in
index 1c3f491..fb1520d 100644
--- a/src/libcharon/plugins/kernel_pfroute/Makefile.in
+++ b/src/libcharon/plugins/kernel_pfroute/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/kernel_wfp/Makefile.in b/src/libcharon/plugins/kernel_wfp/Makefile.in
index e002b4f..2adb924 100644
--- a/src/libcharon/plugins/kernel_wfp/Makefile.in
+++ b/src/libcharon/plugins/kernel_wfp/Makefile.in
@@ -361,7 +361,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -395,8 +394,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -450,6 +447,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/led/Makefile.in b/src/libcharon/plugins/led/Makefile.in
index e0c2cba..857e629 100644
--- a/src/libcharon/plugins/led/Makefile.in
+++ b/src/libcharon/plugins/led/Makefile.in
@@ -350,7 +350,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -384,8 +383,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -439,6 +436,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/load_tester/Makefile.in b/src/libcharon/plugins/load_tester/Makefile.in
index 856bdd8..f5f3df6 100644
--- a/src/libcharon/plugins/load_tester/Makefile.in
+++ b/src/libcharon/plugins/load_tester/Makefile.in
@@ -363,7 +363,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -397,8 +396,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -452,6 +449,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/lookip/Makefile.in b/src/libcharon/plugins/lookip/Makefile.in
index 69aa379..00258c3 100644
--- a/src/libcharon/plugins/lookip/Makefile.in
+++ b/src/libcharon/plugins/lookip/Makefile.in
@@ -359,7 +359,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -393,8 +392,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -448,6 +445,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/maemo/Makefile.am b/src/libcharon/plugins/maemo/Makefile.am
deleted file mode 100644
index 02c283f..0000000
--- a/src/libcharon/plugins/maemo/Makefile.am
+++ /dev/null
@@ -1,29 +0,0 @@
-AM_CPPFLAGS = \
-	-I$(top_srcdir)/src/libstrongswan \
-	-I$(top_srcdir)/src/libcharon
-
-AM_CFLAGS = \
-	${maemo_CFLAGS} \
-	$(PLUGIN_CFLAGS)
-
-if MONOLITHIC
-noinst_LTLIBRARIES = libstrongswan-maemo.la
-else
-plugin_LTLIBRARIES = libstrongswan-maemo.la
-endif
-
-libstrongswan_maemo_la_SOURCES = \
-	maemo_plugin.h maemo_plugin.c \
-	maemo_service.h maemo_service.c
-
-libstrongswan_maemo_la_LDFLAGS = -module -avoid-version
-libstrongswan_maemo_la_LIBADD  = ${maemo_LIBS}
-
-dbusservice_DATA = org.strongswan.charon.service
-
-org.strongswan.charon.service: $(srcdir)/org.strongswan.charon.service.in
-	$(AM_V_GEN) \
-	sed -e 's|[@]LIBEXECDIR[@]|$(libexecdir)|' $< >$@
-
-EXTRA_DIST = org.strongswan.charon.service.in
-CLEANFILES = $(dbusservice_DATA)
diff --git a/src/libcharon/plugins/maemo/Makefile.in b/src/libcharon/plugins/maemo/Makefile.in
deleted file mode 100644
index 78525bf..0000000
--- a/src/libcharon/plugins/maemo/Makefile.in
+++ /dev/null
@@ -1,830 +0,0 @@
-# Makefile.in generated by automake 1.15 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994-2014 Free Software Foundation, Inc.
-
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
- at SET_MAKE@
-
-
-VPATH = @srcdir@
-am__is_gnu_make = { \
-  if test -z '$(MAKELEVEL)'; then \
-    false; \
-  elif test -n '$(MAKE_HOST)'; then \
-    true; \
-  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
-    true; \
-  else \
-    false; \
-  fi; \
-}
-am__make_running_with_option = \
-  case $${target_option-} in \
-      ?) ;; \
-      *) echo "am__make_running_with_option: internal error: invalid" \
-              "target option '$${target_option-}' specified" >&2; \
-         exit 1;; \
-  esac; \
-  has_opt=no; \
-  sane_makeflags=$$MAKEFLAGS; \
-  if $(am__is_gnu_make); then \
-    sane_makeflags=$$MFLAGS; \
-  else \
-    case $$MAKEFLAGS in \
-      *\\[\ \	]*) \
-        bs=\\; \
-        sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
-          | sed "s/$$bs$$bs[$$bs $$bs	]*//g"`;; \
-    esac; \
-  fi; \
-  skip_next=no; \
-  strip_trailopt () \
-  { \
-    flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
-  }; \
-  for flg in $$sane_makeflags; do \
-    test $$skip_next = yes && { skip_next=no; continue; }; \
-    case $$flg in \
-      *=*|--*) continue;; \
-        -*I) strip_trailopt 'I'; skip_next=yes;; \
-      -*I?*) strip_trailopt 'I';; \
-        -*O) strip_trailopt 'O'; skip_next=yes;; \
-      -*O?*) strip_trailopt 'O';; \
-        -*l) strip_trailopt 'l'; skip_next=yes;; \
-      -*l?*) strip_trailopt 'l';; \
-      -[dEDm]) skip_next=yes;; \
-      -[JT]) skip_next=yes;; \
-    esac; \
-    case $$flg in \
-      *$$target_option*) has_opt=yes; break;; \
-    esac; \
-  done; \
-  test $$has_opt = yes
-am__make_dryrun = (target_option=n; $(am__make_running_with_option))
-am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
-pkgdatadir = $(datadir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkglibexecdir = $(libexecdir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-subdir = src/libcharon/plugins/maemo
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
-	$(top_srcdir)/m4/config/ltoptions.m4 \
-	$(top_srcdir)/m4/config/ltsugar.m4 \
-	$(top_srcdir)/m4/config/ltversion.m4 \
-	$(top_srcdir)/m4/config/lt~obsolete.m4 \
-	$(top_srcdir)/m4/macros/split-package-version.m4 \
-	$(top_srcdir)/m4/macros/with.m4 \
-	$(top_srcdir)/m4/macros/enable-disable.m4 \
-	$(top_srcdir)/m4/macros/add-plugin.m4 \
-	$(top_srcdir)/configure.ac
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/config.h
-CONFIG_CLEAN_FILES =
-CONFIG_CLEAN_VPATH_FILES =
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
-    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
-    *) f=$$p;; \
-  esac;
-am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
-am__install_max = 40
-am__nobase_strip_setup = \
-  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
-am__nobase_strip = \
-  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
-am__nobase_list = $(am__nobase_strip_setup); \
-  for p in $$list; do echo "$$p $$p"; done | \
-  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
-  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
-    if (++n[$$2] == $(am__install_max)) \
-      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
-    END { for (dir in files) print dir, files[dir] }'
-am__base_list = \
-  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
-  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
-am__uninstall_files_from_dir = { \
-  test -z "$$files" \
-    || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
-    || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
-         $(am__cd) "$$dir" && rm -f $$files; }; \
-  }
-am__installdirs = "$(DESTDIR)$(plugindir)" \
-	"$(DESTDIR)$(dbusservicedir)"
-LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
-am__DEPENDENCIES_1 =
-libstrongswan_maemo_la_DEPENDENCIES = $(am__DEPENDENCIES_1)
-am_libstrongswan_maemo_la_OBJECTS = maemo_plugin.lo maemo_service.lo
-libstrongswan_maemo_la_OBJECTS = $(am_libstrongswan_maemo_la_OBJECTS)
-AM_V_lt = $(am__v_lt_ at AM_V@)
-am__v_lt_ = $(am__v_lt_ at AM_DEFAULT_V@)
-am__v_lt_0 = --silent
-am__v_lt_1 = 
-libstrongswan_maemo_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
-	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
-	$(AM_CFLAGS) $(CFLAGS) $(libstrongswan_maemo_la_LDFLAGS) \
-	$(LDFLAGS) -o $@
- at MONOLITHIC_FALSE@am_libstrongswan_maemo_la_rpath = -rpath \
- at MONOLITHIC_FALSE@	$(plugindir)
- at MONOLITHIC_TRUE@am_libstrongswan_maemo_la_rpath =
-AM_V_P = $(am__v_P_ at AM_V@)
-am__v_P_ = $(am__v_P_ at AM_DEFAULT_V@)
-am__v_P_0 = false
-am__v_P_1 = :
-AM_V_GEN = $(am__v_GEN_ at AM_V@)
-am__v_GEN_ = $(am__v_GEN_ at AM_DEFAULT_V@)
-am__v_GEN_0 = @echo "  GEN     " $@;
-am__v_GEN_1 = 
-AM_V_at = $(am__v_at_ at AM_V@)
-am__v_at_ = $(am__v_at_ at AM_DEFAULT_V@)
-am__v_at_0 = @
-am__v_at_1 = 
-DEFAULT_INCLUDES = -I. at am__isrc@ -I$(top_builddir)
-depcomp = $(SHELL) $(top_srcdir)/depcomp
-am__depfiles_maybe = depfiles
-am__mv = mv -f
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
-	$(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
-	$(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
-	$(AM_CFLAGS) $(CFLAGS)
-AM_V_CC = $(am__v_CC_ at AM_V@)
-am__v_CC_ = $(am__v_CC_ at AM_DEFAULT_V@)
-am__v_CC_0 = @echo "  CC      " $@;
-am__v_CC_1 = 
-CCLD = $(CC)
-LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
-	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-AM_V_CCLD = $(am__v_CCLD_ at AM_V@)
-am__v_CCLD_ = $(am__v_CCLD_ at AM_DEFAULT_V@)
-am__v_CCLD_0 = @echo "  CCLD    " $@;
-am__v_CCLD_1 = 
-SOURCES = $(libstrongswan_maemo_la_SOURCES)
-DIST_SOURCES = $(libstrongswan_maemo_la_SOURCES)
-am__can_run_installinfo = \
-  case $$AM_UPDATE_INFO_DIR in \
-    n|no|NO) false;; \
-    *) (install-info --version) >/dev/null 2>&1;; \
-  esac
-DATA = $(dbusservice_DATA)
-am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
-# Read a list of newline-separated strings from the standard input,
-# and print each of them once, without duplicates.  Input order is
-# *not* preserved.
-am__uniquify_input = $(AWK) '\
-  BEGIN { nonempty = 0; } \
-  { items[$$0] = 1; nonempty = 1; } \
-  END { if (nonempty) { for (i in items) print i; }; } \
-'
-# Make sure the list of sources is unique.  This is necessary because,
-# e.g., the same source file might be shared among _SOURCES variables
-# for different programs/libraries.
-am__define_uniq_tagged_files = \
-  list='$(am__tagged_files)'; \
-  unique=`for i in $$list; do \
-    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-  done | $(am__uniquify_input)`
-ETAGS = etags
-CTAGS = ctags
-am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-ALLOCA = @ALLOCA@
-AMTAR = @AMTAR@
-AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
-AR = @AR@
-ATOMICLIB = @ATOMICLIB@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-BFDLIB = @BFDLIB@
-BTLIB = @BTLIB@
-CC = @CC@
-CCDEPMODE = @CCDEPMODE@
-CFLAGS = @CFLAGS@
-COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
-COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DEFS = @DEFS@
-DEPDIR = @DEPDIR@
-DLLIB = @DLLIB@
-DLLTOOL = @DLLTOOL@
-DSYMUTIL = @DSYMUTIL@
-DUMPBIN = @DUMPBIN@
-EASY_INSTALL = @EASY_INSTALL@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-FGREP = @FGREP@
-GEM = @GEM@
-GENHTML = @GENHTML@
-GPERF = @GPERF@
-GPRBUILD = @GPRBUILD@
-GREP = @GREP@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LCOV = @LCOV@
-LD = @LD@
-LDFLAGS = @LDFLAGS@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIPO = @LIPO@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
-MAKEINFO = @MAKEINFO@
-MANIFEST_TOOL = @MANIFEST_TOOL@
-MKDIR_P = @MKDIR_P@
-MYSQLCFLAG = @MYSQLCFLAG@
-MYSQLCONFIG = @MYSQLCONFIG@
-MYSQLLIB = @MYSQLLIB@
-NM = @NM@
-NMEDIT = @NMEDIT@
-OBJDUMP = @OBJDUMP@
-OBJEXT = @OBJEXT@
-OPENSSL_LIB = @OPENSSL_LIB@
-OTOOL = @OTOOL@
-OTOOL64 = @OTOOL64@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_URL = @PACKAGE_URL@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@
-PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@
-PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@
-PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PERL = @PERL@
-PKG_CONFIG = @PKG_CONFIG@
-PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
-PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
-PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
-PTHREADLIB = @PTHREADLIB@
-PYTHON = @PYTHON@
-PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
-PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
-PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
-PYTHON_PLATFORM = @PYTHON_PLATFORM@
-PYTHON_PREFIX = @PYTHON_PREFIX@
-PYTHON_VERSION = @PYTHON_VERSION@
-PY_TEST = @PY_TEST@
-RANLIB = @RANLIB@
-RTLIB = @RTLIB@
-RUBY = @RUBY@
-RUBYGEMDIR = @RUBYGEMDIR@
-RUBYINCLUDE = @RUBYINCLUDE@
-RUBYLIB = @RUBYLIB@
-SED = @SED@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-SOCKLIB = @SOCKLIB@
-STRIP = @STRIP@
-UNWINDLIB = @UNWINDLIB@
-VERSION = @VERSION@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_AR = @ac_ct_AR@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
-aikgen_plugins = @aikgen_plugins@
-am__include = @am__include@
-am__leading_dot = @am__leading_dot@
-am__quote = @am__quote@
-am__tar = @am__tar@
-am__untar = @am__untar@
-attest_plugins = @attest_plugins@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-c_plugins = @c_plugins@
-charon_natt_port = @charon_natt_port@
-charon_plugins = @charon_plugins@
-charon_udp_port = @charon_udp_port@
-clearsilver_LIBS = @clearsilver_LIBS@
-cmd_plugins = @cmd_plugins@
-datadir = @datadir@
-datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
-dev_headers = @dev_headers@
-docdir = @docdir@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-fips_mode = @fips_mode@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
-h_plugins = @h_plugins@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-imcvdir = @imcvdir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-ipsec_script = @ipsec_script@
-ipsec_script_upper = @ipsec_script_upper@
-ipsecdir = @ipsecdir@
-ipsecgroup = @ipsecgroup@
-ipseclibdir = @ipseclibdir@
-ipsecuser = @ipsecuser@
-json_CFLAGS = @json_CFLAGS@
-json_LIBS = @json_LIBS@
-libdir = @libdir@
-libexecdir = @libexecdir@
-libiptc_CFLAGS = @libiptc_CFLAGS@
-libiptc_LIBS = @libiptc_LIBS@
-linux_headers = @linux_headers@
-localedir = @localedir@
-localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
-manager_plugins = @manager_plugins@
-mandir = @mandir@
-medsrv_plugins = @medsrv_plugins@
-mkdir_p = @mkdir_p@
-nm_CFLAGS = @nm_CFLAGS@
-nm_LIBS = @nm_LIBS@
-nm_ca_dir = @nm_ca_dir@
-nm_plugins = @nm_plugins@
-oldincludedir = @oldincludedir@
-pcsclite_CFLAGS = @pcsclite_CFLAGS@
-pcsclite_LIBS = @pcsclite_LIBS@
-pdfdir = @pdfdir@
-piddir = @piddir@
-pkgpyexecdir = @pkgpyexecdir@
-pkgpythondir = @pkgpythondir@
-pki_plugins = @pki_plugins@
-plugindir = @plugindir@
-pool_plugins = @pool_plugins@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-pyexecdir = @pyexecdir@
-pythondir = @pythondir@
-random_device = @random_device@
-resolv_conf = @resolv_conf@
-routing_table = @routing_table@
-routing_table_prio = @routing_table_prio@
-runstatedir = @runstatedir@
-s_plugins = @s_plugins@
-sbindir = @sbindir@
-scepclient_plugins = @scepclient_plugins@
-scripts_plugins = @scripts_plugins@
-sharedstatedir = @sharedstatedir@
-soup_CFLAGS = @soup_CFLAGS@
-soup_LIBS = @soup_LIBS@
-srcdir = @srcdir@
-starter_plugins = @starter_plugins@
-strongswan_conf = @strongswan_conf@
-strongswan_options = @strongswan_options@
-swanctldir = @swanctldir@
-sysconfdir = @sysconfdir@
-systemd_CFLAGS = @systemd_CFLAGS@
-systemd_LIBS = @systemd_LIBS@
-systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
-systemd_daemon_LIBS = @systemd_daemon_LIBS@
-systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
-systemd_journal_LIBS = @systemd_journal_LIBS@
-systemdsystemunitdir = @systemdsystemunitdir@
-t_plugins = @t_plugins@
-target_alias = @target_alias@
-top_build_prefix = @top_build_prefix@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-urandom_device = @urandom_device@
-xml_CFLAGS = @xml_CFLAGS@
-xml_LIBS = @xml_LIBS@
-AM_CPPFLAGS = \
-	-I$(top_srcdir)/src/libstrongswan \
-	-I$(top_srcdir)/src/libcharon
-
-AM_CFLAGS = \
-	${maemo_CFLAGS} \
-	$(PLUGIN_CFLAGS)
-
- at MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-maemo.la
- at MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-maemo.la
-libstrongswan_maemo_la_SOURCES = \
-	maemo_plugin.h maemo_plugin.c \
-	maemo_service.h maemo_service.c
-
-libstrongswan_maemo_la_LDFLAGS = -module -avoid-version
-libstrongswan_maemo_la_LIBADD = ${maemo_LIBS}
-dbusservice_DATA = org.strongswan.charon.service
-EXTRA_DIST = org.strongswan.charon.service.in
-CLEANFILES = $(dbusservice_DATA)
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .c .lo .o .obj
-$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
-	        && { if test -f $@; then exit 0; else break; fi; }; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/maemo/Makefile'; \
-	$(am__cd) $(top_srcdir) && \
-	  $(AUTOMAKE) --gnu src/libcharon/plugins/maemo/Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure:  $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(am__aclocal_m4_deps):
-
-clean-noinstLTLIBRARIES:
-	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
-	@list='$(noinst_LTLIBRARIES)'; \
-	locs=`for p in $$list; do echo $$p; done | \
-	      sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
-	      sort -u`; \
-	test -z "$$locs" || { \
-	  echo rm -f $${locs}; \
-	  rm -f $${locs}; \
-	}
-
-install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
-	@$(NORMAL_INSTALL)
-	@list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
-	list2=; for p in $$list; do \
-	  if test -f $$p; then \
-	    list2="$$list2 $$p"; \
-	  else :; fi; \
-	done; \
-	test -z "$$list2" || { \
-	  echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \
-	  $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \
-	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \
-	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \
-	}
-
-uninstall-pluginLTLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
-	for p in $$list; do \
-	  $(am__strip_dir) \
-	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \
-	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \
-	done
-
-clean-pluginLTLIBRARIES:
-	-test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES)
-	@list='$(plugin_LTLIBRARIES)'; \
-	locs=`for p in $$list; do echo $$p; done | \
-	      sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
-	      sort -u`; \
-	test -z "$$locs" || { \
-	  echo rm -f $${locs}; \
-	  rm -f $${locs}; \
-	}
-
-libstrongswan-maemo.la: $(libstrongswan_maemo_la_OBJECTS) $(libstrongswan_maemo_la_DEPENDENCIES) $(EXTRA_libstrongswan_maemo_la_DEPENDENCIES) 
-	$(AM_V_CCLD)$(libstrongswan_maemo_la_LINK) $(am_libstrongswan_maemo_la_rpath) $(libstrongswan_maemo_la_OBJECTS) $(libstrongswan_maemo_la_LIBADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT)
-
-distclean-compile:
-	-rm -f *.tab.c
-
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/maemo_plugin.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/maemo_service.Plo at am__quote@
-
-.c.o:
- at am__fastdepCC_TRUE@	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
- at am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
- at am__fastdepCC_TRUE@	$(am__mv) $$depbase.Tpo $$depbase.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
- at AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@	$(AM_V_CC at am__nodep@)$(COMPILE) -c -o $@ $<
-
-.c.obj:
- at am__fastdepCC_TRUE@	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
- at am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
- at am__fastdepCC_TRUE@	$(am__mv) $$depbase.Tpo $$depbase.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
- at AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@	$(AM_V_CC at am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
-
-.c.lo:
- at am__fastdepCC_TRUE@	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
- at am__fastdepCC_TRUE@	$(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
- at am__fastdepCC_TRUE@	$(am__mv) $$depbase.Tpo $$depbase.Plo
- at AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
- at AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@	$(AM_V_CC at am__nodep@)$(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-install-dbusserviceDATA: $(dbusservice_DATA)
-	@$(NORMAL_INSTALL)
-	@list='$(dbusservice_DATA)'; test -n "$(dbusservicedir)" || list=; \
-	if test -n "$$list"; then \
-	  echo " $(MKDIR_P) '$(DESTDIR)$(dbusservicedir)'"; \
-	  $(MKDIR_P) "$(DESTDIR)$(dbusservicedir)" || exit 1; \
-	fi; \
-	for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  echo "$$d$$p"; \
-	done | $(am__base_list) | \
-	while read files; do \
-	  echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(dbusservicedir)'"; \
-	  $(INSTALL_DATA) $$files "$(DESTDIR)$(dbusservicedir)" || exit $$?; \
-	done
-
-uninstall-dbusserviceDATA:
-	@$(NORMAL_UNINSTALL)
-	@list='$(dbusservice_DATA)'; test -n "$(dbusservicedir)" || list=; \
-	files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
-	dir='$(DESTDIR)$(dbusservicedir)'; $(am__uninstall_files_from_dir)
-
-ID: $(am__tagged_files)
-	$(am__define_uniq_tagged_files); mkid -fID $$unique
-tags: tags-am
-TAGS: tags
-
-tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
-	set x; \
-	here=`pwd`; \
-	$(am__define_uniq_tagged_files); \
-	shift; \
-	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  if test $$# -gt 0; then \
-	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	      "$$@" $$unique; \
-	  else \
-	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	      $$unique; \
-	  fi; \
-	fi
-ctags: ctags-am
-
-CTAGS: ctags
-ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
-	$(am__define_uniq_tagged_files); \
-	test -z "$(CTAGS_ARGS)$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && $(am__cd) $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) "$$here"
-cscopelist: cscopelist-am
-
-cscopelist-am: $(am__tagged_files)
-	list='$(am__tagged_files)'; \
-	case "$(srcdir)" in \
-	  [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
-	  *) sdir=$(subdir)/$(srcdir) ;; \
-	esac; \
-	for i in $$list; do \
-	  if test -f "$$i"; then \
-	    echo "$(subdir)/$$i"; \
-	  else \
-	    echo "$$sdir/$$i"; \
-	  fi; \
-	done >> $(top_builddir)/cscope.files
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d "$(distdir)/$$file"; then \
-	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
-	    fi; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
-	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
-	    fi; \
-	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
-	  else \
-	    test -f "$(distdir)/$$file" \
-	    || cp -p $$d/$$file "$(distdir)/$$file" \
-	    || exit 1; \
-	  fi; \
-	done
-check-am: all-am
-check: check-am
-all-am: Makefile $(LTLIBRARIES) $(DATA)
-installdirs:
-	for dir in "$(DESTDIR)$(plugindir)" "$(DESTDIR)$(dbusservicedir)"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	if test -z '$(STRIP)'; then \
-	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	      install; \
-	else \
-	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	    "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
-	fi
-mostlyclean-generic:
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
-	clean-pluginLTLIBRARIES mostlyclean-am
-
-distclean: distclean-am
-	-rm -rf ./$(DEPDIR)
-	-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-html-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-dbusserviceDATA install-pluginLTLIBRARIES
-
-install-dvi: install-dvi-am
-
-install-dvi-am:
-
-install-exec-am:
-
-install-html: install-html-am
-
-install-html-am:
-
-install-info: install-info-am
-
-install-info-am:
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-pdf-am:
-
-install-ps: install-ps-am
-
-install-ps-am:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-	-rm -rf ./$(DEPDIR)
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-dbusserviceDATA uninstall-pluginLTLIBRARIES
-
-.MAKE: install-am install-strip
-
-.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
-	cscopelist-am ctags ctags-am distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am html html-am info info-am install install-am \
-	install-data install-data-am install-dbusserviceDATA \
-	install-dvi install-dvi-am install-exec install-exec-am \
-	install-html install-html-am install-info install-info-am \
-	install-man install-pdf install-pdf-am \
-	install-pluginLTLIBRARIES install-ps install-ps-am \
-	install-strip installcheck installcheck-am installdirs \
-	maintainer-clean maintainer-clean-generic mostlyclean \
-	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
-	pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \
-	uninstall-dbusserviceDATA uninstall-pluginLTLIBRARIES
-
-.PRECIOUS: Makefile
-
-
-org.strongswan.charon.service: $(srcdir)/org.strongswan.charon.service.in
-	$(AM_V_GEN) \
-	sed -e 's|[@]LIBEXECDIR[@]|$(libexecdir)|' $< >$@
-
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/src/libcharon/plugins/maemo/maemo_service.c b/src/libcharon/plugins/maemo/maemo_service.c
deleted file mode 100644
index 3e5861b..0000000
--- a/src/libcharon/plugins/maemo/maemo_service.c
+++ /dev/null
@@ -1,530 +0,0 @@
-/*
- * Copyright (C) 2010 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include <glib.h>
-#include <libosso.h>
-#include <sys/stat.h>
-
-#include "maemo_service.h"
-
-#include <daemon.h>
-#include <credentials/sets/mem_cred.h>
-#include <processing/jobs/callback_job.h>
-
-#define OSSO_STATUS_NAME	"status"
-#define OSSO_STATUS_SERVICE	"org.strongswan."OSSO_STATUS_NAME
-#define OSSO_STATUS_OBJECT	"/org/strongswan/"OSSO_STATUS_NAME
-#define OSSO_STATUS_IFACE	"org.strongswan."OSSO_STATUS_NAME
-
-#define OSSO_CHARON_NAME	"charon"
-#define OSSO_CHARON_SERVICE	"org.strongswan."OSSO_CHARON_NAME
-#define OSSO_CHARON_OBJECT	"/org/strongswan/"OSSO_CHARON_NAME
-#define OSSO_CHARON_IFACE	"org.strongswan."OSSO_CHARON_NAME
-
-#define MAEMO_COMMON_CA_DIR	"/etc/certs/common-ca"
-#define MAEMO_USER_CA_DIR	"/home/user/.maemosec-certs/wifi-ca"
-/* there is also an smime-ca and an ssl-ca sub-directory and the same for
- * ...-user, which store end user/server certificates */
-
-typedef enum {
-	VPN_STATUS_DISCONNECTED,
-	VPN_STATUS_CONNECTING,
-	VPN_STATUS_CONNECTED,
-	VPN_STATUS_AUTH_FAILED,
-	VPN_STATUS_CONNECTION_FAILED,
-} vpn_status_t;
-
-typedef struct private_maemo_service_t private_maemo_service_t;
-
-/**
- * private data of maemo service
- */
-struct private_maemo_service_t {
-
-	/**
-	 * public interface
-	 */
-	maemo_service_t public;
-
-	/**
-	 * credentials
-	 */
-	mem_cred_t *creds;
-
-	/**
-	 * Glib main loop for a thread, handles DBUS calls
-	 */
-	GMainLoop *loop;
-
-	/**
-	 * Context for OSSO
-	 */
-	osso_context_t *context;
-
-	/**
-	 * Current IKE_SA
-	 */
-	ike_sa_t *ike_sa;
-
-	/**
-	 * Status of the current connection
-	 */
-	vpn_status_t status;
-
-	/**
-	 * Name of the current connection
-	 */
-	gchar *current;
-
-};
-
-static gint change_status(private_maemo_service_t *this, int status)
-{
-	osso_rpc_t retval;
-	gint res;
-	this->status = status;
-	res = osso_rpc_run (this->context, OSSO_STATUS_SERVICE, OSSO_STATUS_OBJECT,
-						OSSO_STATUS_IFACE, "StatusChanged", &retval,
-						DBUS_TYPE_INT32, status,
-						DBUS_TYPE_INVALID);
-	return res;
-}
-
-METHOD(listener_t, ike_updown, bool,
-	   private_maemo_service_t *this, ike_sa_t *ike_sa, bool up)
-{
-	/* this callback is only registered during initiation, so if the IKE_SA
-	 * goes down we assume an authentication error */
-	if (this->ike_sa == ike_sa && !up)
-	{
-		change_status(this, VPN_STATUS_AUTH_FAILED);
-		return FALSE;
-	}
-	return TRUE;
-}
-
-METHOD(listener_t, ike_state_change, bool,
-	   private_maemo_service_t *this, ike_sa_t *ike_sa, ike_sa_state_t state)
-{
-	/* this call back is only registered during initiation */
-	if (this->ike_sa == ike_sa && state == IKE_DESTROYING)
-	{
-		change_status(this, VPN_STATUS_CONNECTION_FAILED);
-		return FALSE;
-	}
-	return TRUE;
-}
-
-METHOD(listener_t, child_updown, bool,
-	   private_maemo_service_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa,
-	   bool up)
-{
-	if (this->ike_sa == ike_sa)
-	{
-		if (up)
-		{
-			/* disable hooks registered to catch initiation failures */
-			this->public.listener.ike_updown = NULL;
-			this->public.listener.ike_state_change = NULL;
-			change_status(this, VPN_STATUS_CONNECTED);
-		}
-		else
-		{
-			change_status(this, VPN_STATUS_CONNECTION_FAILED);
-			return FALSE;
-		}
-	}
-	return TRUE;
-}
-
-METHOD(listener_t, ike_rekey, bool,
-	   private_maemo_service_t *this, ike_sa_t *old, ike_sa_t *new)
-{
-	if (this->ike_sa == old)
-	{
-		this->ike_sa = new;
-	}
-	return TRUE;
-}
-
-/**
- * load all CA certificates in the given directory
- */
-static void load_ca_dir(private_maemo_service_t *this, char *dir)
-{
-	enumerator_t *enumerator;
-	char *rel, *abs;
-	struct stat st;
-
-	enumerator = enumerator_create_directory(dir);
-	if (enumerator)
-	{
-		while (enumerator->enumerate(enumerator, &rel, &abs, &st))
-		{
-			if (rel[0] != '.')
-			{
-				if (S_ISREG(st.st_mode))
-				{
-					certificate_t *cert;
-					cert = lib->creds->create(lib->creds, CRED_CERTIFICATE,
-											  CERT_X509, BUILD_FROM_FILE, abs,
-											  BUILD_END);
-					if (!cert)
-					{
-						DBG1(DBG_CFG, "loading CA certificate '%s' failed",
-							 abs);
-						continue;
-					}
-					DBG2(DBG_CFG, "loaded CA certificate '%Y'",
-						 cert->get_subject(cert));
-					this->creds->add_cert(this->creds, TRUE, cert);
-				}
-			}
-		}
-		enumerator->destroy(enumerator);
-	}
-}
-
-static void disconnect(private_maemo_service_t *this)
-{
-	ike_sa_t *ike_sa;
-	u_int id;
-
-	if (!this->current)
-	{
-		return;
-	}
-
-	/* avoid status updates, as this is called from the Glib main loop */
-	charon->bus->remove_listener(charon->bus, &this->public.listener);
-
-	ike_sa = charon->ike_sa_manager->checkout_by_name(charon->ike_sa_manager,
-													  this->current, FALSE);
-	if (ike_sa)
-	{
-		id = ike_sa->get_unique_id(ike_sa);
-		charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
-		charon->controller->terminate_ike(charon->controller, id,
-										  NULL, NULL, 0);
-	}
-	this->current = (g_free(this->current), NULL);
-	this->status = VPN_STATUS_DISCONNECTED;
-}
-
-static gboolean initiate_connection(private_maemo_service_t *this,
-									GArray *arguments)
-{
-	gint i;
-	gchar *hostname = NULL, *cacert = NULL, *username = NULL, *password = NULL;
-	identification_t *gateway = NULL, *user = NULL;
-	ike_sa_t *ike_sa;
-	ike_cfg_t *ike_cfg;
-	peer_cfg_t *peer_cfg;
-	child_cfg_t *child_cfg;
-	traffic_selector_t *ts;
-	auth_cfg_t *auth;
-	certificate_t *cert;
-	peer_cfg_create_t peer = {
-		.cert_policy = CERT_SEND_IF_ASKED,
-		.unique = UNIQUE_REPLACE,
-		.keyingtries = 1,
-		.rekey_time = 36000, /* 10h */
-		.jitter_time = 600, /* 10min */
-		.over_time = 600, /* 10min */
-	};
-	child_cfg_create_t child = {
-		.lifetime = {
-			.time = {
-				.life = 10800, /* 3h */
-				.rekey = 10200, /* 2h50min */
-				.jitter = 300 /* 5min */
-			},
-		},
-		.mode = MODE_TUNNEL,
-	};
-
-	if (this->status == VPN_STATUS_CONNECTED ||
-		this->status == VPN_STATUS_CONNECTING)
-	{
-		DBG1(DBG_CFG, "currently connected to '%s', disconnecting first",
-			 this->current);
-		disconnect (this);
-	}
-
-	if (arguments->len != 5)
-	{
-		DBG1(DBG_CFG, "wrong number of arguments: %d", arguments->len);
-		return FALSE;
-	}
-
-	for (i = 0; i < arguments->len; i++)
-	{
-		osso_rpc_t *arg = &g_array_index(arguments, osso_rpc_t, i);
-		if (arg->type != DBUS_TYPE_STRING)
-		{
-			DBG1(DBG_CFG, "invalid argument [%d]: %d", i, arg->type);
-			return FALSE;
-		}
-		switch (i)
-		{
-			case 0: /* name */
-				this->current = (g_free(this->current), NULL);
-				this->current = g_strdup(arg->value.s);
-				break;
-			case 1: /* hostname */
-				hostname = arg->value.s;
-				break;
-			case 2: /* CA certificate path */
-				cacert = arg->value.s;
-				break;
-			case 3: /* username */
-				username = arg->value.s;
-				break;
-			case 4: /* password */
-				password = arg->value.s;
-				break;
-		}
-	}
-
-	DBG1(DBG_CFG, "received initiate for connection '%s'", this->current);
-
-	this->creds->clear(this->creds);
-
-	if (cacert && !streq(cacert, ""))
-	{
-		cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
-								  BUILD_FROM_FILE, cacert, BUILD_END);
-		if (cert)
-		{
-			this->creds->add_cert(this->creds, TRUE, cert);
-		}
-		else
-		{
-			DBG1(DBG_CFG, "failed to load CA certificate");
-		}
-		/* if this is a server cert we could use the cert subject as id */
-	}
-	else
-	{
-		load_ca_dir(this, MAEMO_COMMON_CA_DIR);
-		load_ca_dir(this, MAEMO_USER_CA_DIR);
-	}
-
-	gateway = identification_create_from_string(hostname);
-	DBG1(DBG_CFG, "using CA certificate, gateway identitiy '%Y'", gateway);
-
-	{
-		shared_key_t *shared_key;
-		chunk_t secret = chunk_create(password, strlen(password));
-		user = identification_create_from_string(username);
-		shared_key = shared_key_create(SHARED_EAP, chunk_clone(secret));
-		this->creds->add_shared(this->creds, shared_key, user->clone(user),
-								NULL);
-	}
-
-	ike_cfg = ike_cfg_create(IKEV2, TRUE, FALSE, "0.0.0.0",
-							 charon->socket->get_port(charon->socket, FALSE),
-							 hostname, IKEV2_UDP_PORT, FRAGMENTATION_NO, 0);
-	ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
-	ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE));
-
-	peer_cfg = peer_cfg_create(this->current, ike_cfg, &peer);
-	peer_cfg->add_virtual_ip(peer_cfg,  host_create_from_string("0.0.0.0", 0));
-
-	auth = auth_cfg_create();
-	auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_EAP);
-	auth->add(auth, AUTH_RULE_IDENTITY, user);
-	peer_cfg->add_auth_cfg(peer_cfg, auth, TRUE);
-	auth = auth_cfg_create();
-	auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
-	auth->add(auth, AUTH_RULE_IDENTITY, gateway);
-	peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
-
-	child_cfg = child_cfg_create(this->current, &child);
-	child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
-	child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP));
-	ts = traffic_selector_create_dynamic(0, 0, 65535);
-	child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
-	ts = traffic_selector_create_from_string(0, TS_IPV4_ADDR_RANGE, "0.0.0.0",
-											 0, "255.255.255.255", 65535);
-	child_cfg->add_traffic_selector(child_cfg, FALSE, ts);
-	peer_cfg->add_child_cfg(peer_cfg, child_cfg);
-
-	/* get us an IKE_SA */
-	ike_sa = charon->ike_sa_manager->checkout_by_config(charon->ike_sa_manager,
-														peer_cfg);
-	if (!ike_sa)
-	{
-		peer_cfg->destroy(peer_cfg);
-		this->status = VPN_STATUS_CONNECTION_FAILED;
-		return FALSE;
-	}
-	if (!ike_sa->get_peer_cfg(ike_sa))
-	{
-		ike_sa->set_peer_cfg(ike_sa, peer_cfg);
-	}
-	peer_cfg->destroy(peer_cfg);
-
-	/* store the IKE_SA, so we can track its progress */
-	this->ike_sa = ike_sa;
-	this->status = VPN_STATUS_CONNECTING;
-	this->public.listener.ike_updown = _ike_updown;
-	this->public.listener.ike_state_change = _ike_state_change;
-	charon->bus->add_listener(charon->bus, &this->public.listener);
-
-	/* get an additional reference because initiate consumes one */
-	child_cfg->get_ref(child_cfg);
-	if (ike_sa->initiate(ike_sa, child_cfg, 0, NULL, NULL) != SUCCESS)
-	{
-		DBG1(DBG_CFG, "failed to initiate tunnel");
-		charon->bus->remove_listener(charon->bus, &this->public.listener);
-		charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager,
-													ike_sa);
-		this->status = VPN_STATUS_CONNECTION_FAILED;
-		return FALSE;
-	}
-	charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
-	return TRUE;
-}
-
-/**
- * Callback for libosso dbus wrapper
- */
-static gint dbus_req_handler(const gchar *interface, const gchar *method,
-							 GArray *arguments, private_maemo_service_t *this,
-							 osso_rpc_t *retval)
-{
-	if (streq(method, "Start"))
-	{	/* void start (void), dummy function to start charon as root */
-		return OSSO_OK;
-	}
-	else if (streq(method, "Connect"))
-	{	/* bool connect (name, host, cert, user, pass) */
-		retval->value.b = initiate_connection(this, arguments);
-		retval->type = DBUS_TYPE_BOOLEAN;
-	}
-	else if (streq(method, "Disconnect"))
-	{	/* void disconnect (void) */
-		disconnect(this);
-	}
-	else
-	{
-		return OSSO_ERROR;
-	}
-	return OSSO_OK;
-}
-
-/**
- * Main loop to handle D-BUS messages.
- */
-static job_requeue_t run(private_maemo_service_t *this)
-{
-	this->loop = g_main_loop_new(NULL, FALSE);
-	g_main_loop_run(this->loop);
-	return JOB_REQUEUE_NONE;
-}
-
-/**
- * Cancel the GLib Main Event Loop
- */
-static bool cancel(private_maemo_service_t *this)
-{
-	if (this->loop)
-	{
-		if (g_main_loop_is_running(this->loop))
-		{
-			g_main_loop_quit(this->loop);
-		}
-		g_main_loop_unref(this->loop);
-	}
-	return TRUE;
-}
-
-METHOD(maemo_service_t, destroy, void,
-	   private_maemo_service_t *this)
-{
-	if (this->context)
-	{
-		osso_rpc_unset_cb_f(this->context,
-							OSSO_CHARON_SERVICE,
-							OSSO_CHARON_OBJECT,
-							OSSO_CHARON_IFACE,
-							(osso_rpc_cb_f*)dbus_req_handler,
-							this);
-		osso_deinitialize(this->context);
-	}
-	charon->bus->remove_listener(charon->bus, &this->public.listener);
-	lib->credmgr->remove_set(lib->credmgr, &this->creds->set);
-	this->creds->destroy(this->creds);
-	this->current = (g_free(this->current), NULL);
-	free(this);
-}
-
-/*
- * See header
- */
-maemo_service_t *maemo_service_create()
-{
-	osso_return_t result;
-	private_maemo_service_t *this;
-
-	INIT(this,
-		.public = {
-			.listener = {
-				.ike_updown = _ike_updown,
-				.ike_state_change = _ike_state_change,
-				.child_updown = _child_updown,
-				.ike_rekey = _ike_rekey,
-			},
-			.destroy = _destroy,
-		},
-		.creds = mem_cred_create(),
-	);
-
-	lib->credmgr->add_set(lib->credmgr, &this->creds->set);
-
-	this->context = osso_initialize(OSSO_CHARON_SERVICE, "0.0.1", TRUE, NULL);
-	if (!this->context)
-	{
-		DBG1(DBG_CFG, "failed to initialize OSSO context");
-		destroy(this);
-		return NULL;
-	}
-
-	result = osso_rpc_set_cb_f(this->context,
-							   OSSO_CHARON_SERVICE,
-							   OSSO_CHARON_OBJECT,
-							   OSSO_CHARON_IFACE,
-							   (osso_rpc_cb_f*)dbus_req_handler,
-							   this);
-	if (result != OSSO_OK)
-	{
-		DBG1(DBG_CFG, "failed to set D-BUS callback (%d)", result);
-		destroy(this);
-		return NULL;
-	}
-
-	this->loop = NULL;
-	if (!g_thread_supported())
-	{
-		g_thread_init(NULL);
-	}
-
-	lib->processor->queue_job(lib->processor,
-		(job_t*)callback_job_create_with_prio((callback_job_cb_t)run, this,
-				NULL, (callback_job_cancel_t)cancel, JOB_PRIO_CRITICAL));
-
-	return &this->public;
-}
diff --git a/src/libcharon/plugins/maemo/org.strongswan.charon.service.in b/src/libcharon/plugins/maemo/org.strongswan.charon.service.in
deleted file mode 100644
index 8fa83af..0000000
--- a/src/libcharon/plugins/maemo/org.strongswan.charon.service.in
+++ /dev/null
@@ -1,4 +0,0 @@
-[D-BUS Service]
-Name=org.strongswan.charon
-Exec=/usr/bin/run-standalone.sh @LIBEXECDIR@/ipsec/charon
-User=root
diff --git a/src/libcharon/plugins/medcli/Makefile.in b/src/libcharon/plugins/medcli/Makefile.in
index fe301a7..eb7efd2 100644
--- a/src/libcharon/plugins/medcli/Makefile.in
+++ b/src/libcharon/plugins/medcli/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/medsrv/Makefile.in b/src/libcharon/plugins/medsrv/Makefile.in
index d4154fe..3dd849b 100644
--- a/src/libcharon/plugins/medsrv/Makefile.in
+++ b/src/libcharon/plugins/medsrv/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/osx_attr/Makefile.in b/src/libcharon/plugins/osx_attr/Makefile.in
index ec488de..83850fc 100644
--- a/src/libcharon/plugins/osx_attr/Makefile.in
+++ b/src/libcharon/plugins/osx_attr/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/p_cscf/Makefile.in b/src/libcharon/plugins/p_cscf/Makefile.in
index 67ab4bf..619bff1 100644
--- a/src/libcharon/plugins/p_cscf/Makefile.in
+++ b/src/libcharon/plugins/p_cscf/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/radattr/Makefile.in b/src/libcharon/plugins/radattr/Makefile.in
index 9b7ab4c..9d227a1 100644
--- a/src/libcharon/plugins/radattr/Makefile.in
+++ b/src/libcharon/plugins/radattr/Makefile.in
@@ -354,7 +354,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -388,8 +387,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -443,6 +440,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/resolve/Makefile.in b/src/libcharon/plugins/resolve/Makefile.in
index 38b709e..53af31f 100644
--- a/src/libcharon/plugins/resolve/Makefile.in
+++ b/src/libcharon/plugins/resolve/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/smp/Makefile.in b/src/libcharon/plugins/smp/Makefile.in
index 72a168c..d08a6f4 100644
--- a/src/libcharon/plugins/smp/Makefile.in
+++ b/src/libcharon/plugins/smp/Makefile.in
@@ -351,7 +351,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -385,8 +384,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -440,6 +437,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/socket_default/Makefile.in b/src/libcharon/plugins/socket_default/Makefile.in
index 112d8d2..dd1da8b 100644
--- a/src/libcharon/plugins/socket_default/Makefile.in
+++ b/src/libcharon/plugins/socket_default/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/socket_dynamic/Makefile.in b/src/libcharon/plugins/socket_dynamic/Makefile.in
index 9f5f4a2..b6152af 100644
--- a/src/libcharon/plugins/socket_dynamic/Makefile.in
+++ b/src/libcharon/plugins/socket_dynamic/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/socket_win/Makefile.in b/src/libcharon/plugins/socket_win/Makefile.in
index 1b6b9f6..ed0af93 100644
--- a/src/libcharon/plugins/socket_win/Makefile.in
+++ b/src/libcharon/plugins/socket_win/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/sql/Makefile.in b/src/libcharon/plugins/sql/Makefile.in
index b9cae90..0a4000e 100644
--- a/src/libcharon/plugins/sql/Makefile.in
+++ b/src/libcharon/plugins/sql/Makefile.in
@@ -351,7 +351,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -385,8 +384,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -440,6 +437,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/stroke/Makefile.in b/src/libcharon/plugins/stroke/Makefile.in
index 9f63cb0..7eacc51 100644
--- a/src/libcharon/plugins/stroke/Makefile.in
+++ b/src/libcharon/plugins/stroke/Makefile.in
@@ -355,7 +355,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -389,8 +388,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -444,6 +441,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/stroke/stroke_cred.c b/src/libcharon/plugins/stroke/stroke_cred.c
index 929e6fc..77911c7 100644
--- a/src/libcharon/plugins/stroke/stroke_cred.c
+++ b/src/libcharon/plugins/stroke/stroke_cred.c
@@ -562,7 +562,7 @@ static void load_certdir(private_stroke_cred_t *this, char *path,
 	}
 }
 
-METHOD(stroke_cred_t, cache_cert, void,
+METHOD(credential_set_t, cache_cert, void,
 	private_stroke_cred_t *this, certificate_t *cert)
 {
 	if (cert->get_type(cert) == CERT_X509_CRL && this->cachecrl)
@@ -575,10 +575,14 @@ METHOD(stroke_cred_t, cache_cert, void,
 		{
 			char buf[BUF_LEN];
 			chunk_t chunk, hex;
+			bool is_delta_crl;
+
+			is_delta_crl = crl->is_delta_crl(crl, NULL);
 
 			chunk = crl->get_authKeyIdentifier(crl);
 			hex = chunk_to_hex(chunk, NULL, FALSE);
-			snprintf(buf, sizeof(buf), "%s/%s.crl", CRL_DIR, hex.ptr);
+			snprintf(buf, sizeof(buf), "%s/%s%s.crl", CRL_DIR, hex.ptr,
+										is_delta_crl ? "_delta" : "");
 			free(hex.ptr);
 
 			if (cert->get_encoding(cert, CERT_ASN1_DER, &chunk))
@@ -1497,6 +1501,10 @@ stroke_cred_t *stroke_cred_create(stroke_ca_t *ca)
 		.ca = ca,
 	);
 
+	if (lib->settings->get_bool(lib->settings, "%s.cache_crls", FALSE, lib->ns))
+	{
+		cachecrl(this, TRUE);
+	}
 	lib->credmgr->add_set(lib->credmgr, &this->creds->set);
 	lib->credmgr->add_set(lib->credmgr, &this->aacerts->set);
 
diff --git a/src/libcharon/plugins/stroke/stroke_list.c b/src/libcharon/plugins/stroke/stroke_list.c
index 6c5703a..cec2657 100644
--- a/src/libcharon/plugins/stroke/stroke_list.c
+++ b/src/libcharon/plugins/stroke/stroke_list.c
@@ -844,6 +844,7 @@ static void list_algs(FILE *out)
 	integrity_algorithm_t integrity;
 	hash_algorithm_t hash;
 	pseudo_random_function_t prf;
+	ext_out_function_t xof;
 	diffie_hellman_group_t group;
 	rng_quality_t quality;
 	const char *plugin_name;
@@ -891,6 +892,14 @@ static void list_algs(FILE *out)
 		print_alg(out, &len, pseudo_random_function_names, prf, plugin_name);
 	}
 	enumerator->destroy(enumerator);
+	fprintf(out, "\n  xof:       ");
+	len = 13;
+	enumerator = lib->crypto->create_xof_enumerator(lib->crypto);
+	while (enumerator->enumerate(enumerator, &xof, &plugin_name))
+	{
+		print_alg(out, &len, ext_out_function_names, xof, plugin_name);
+	}
+	enumerator->destroy(enumerator);
 	fprintf(out, "\n  dh-group:  ");
 	len = 13;
 	enumerator = lib->crypto->create_dh_enumerator(lib->crypto);
diff --git a/src/libcharon/plugins/stroke/stroke_socket.c b/src/libcharon/plugins/stroke/stroke_socket.c
index 4f74836..46de90c 100644
--- a/src/libcharon/plugins/stroke/stroke_socket.c
+++ b/src/libcharon/plugins/stroke/stroke_socket.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2011-2013 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/plugins/systime_fix/Makefile.in b/src/libcharon/plugins/systime_fix/Makefile.in
index 125e3c1..e219159 100644
--- a/src/libcharon/plugins/systime_fix/Makefile.in
+++ b/src/libcharon/plugins/systime_fix/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/tnc_ifmap/Makefile.in b/src/libcharon/plugins/tnc_ifmap/Makefile.in
index 0ea265e..60618c0 100644
--- a/src/libcharon/plugins/tnc_ifmap/Makefile.in
+++ b/src/libcharon/plugins/tnc_ifmap/Makefile.in
@@ -356,7 +356,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -390,8 +389,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -445,6 +442,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/tnc_pdp/Makefile.in b/src/libcharon/plugins/tnc_pdp/Makefile.in
index f2398c3..2b6c34c 100644
--- a/src/libcharon/plugins/tnc_pdp/Makefile.in
+++ b/src/libcharon/plugins/tnc_pdp/Makefile.in
@@ -357,7 +357,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -391,8 +390,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -446,6 +443,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/uci/Makefile.in b/src/libcharon/plugins/uci/Makefile.in
index 84eed9a..2f79391 100644
--- a/src/libcharon/plugins/uci/Makefile.in
+++ b/src/libcharon/plugins/uci/Makefile.in
@@ -351,7 +351,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -385,8 +384,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -440,6 +437,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/unity/Makefile.in b/src/libcharon/plugins/unity/Makefile.in
index cfc1c5f..fc9bff7 100644
--- a/src/libcharon/plugins/unity/Makefile.in
+++ b/src/libcharon/plugins/unity/Makefile.in
@@ -352,7 +352,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -386,8 +385,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -441,6 +438,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/updown/Makefile.in b/src/libcharon/plugins/updown/Makefile.in
index 612535d..a2dd067 100644
--- a/src/libcharon/plugins/updown/Makefile.in
+++ b/src/libcharon/plugins/updown/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/vici/Makefile.am b/src/libcharon/plugins/vici/Makefile.am
index ca9b499..af0b65c 100644
--- a/src/libcharon/plugins/vici/Makefile.am
+++ b/src/libcharon/plugins/vici/Makefile.am
@@ -2,6 +2,7 @@ AM_CPPFLAGS = \
 	-I$(top_srcdir)/src/libstrongswan \
 	-I$(top_srcdir)/src/libstrongswan/plugins/pubkey \
 	-I$(top_srcdir)/src/libcharon \
+	-DSWANCTLDIR=\""${swanctldir}\"" \
 	-DIPSEC_PIDDIR=\"${piddir}\"
 
 AM_CFLAGS = \
diff --git a/src/libcharon/plugins/vici/Makefile.in b/src/libcharon/plugins/vici/Makefile.in
index b943c09..ce15204 100644
--- a/src/libcharon/plugins/vici/Makefile.in
+++ b/src/libcharon/plugins/vici/Makefile.in
@@ -449,7 +449,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -483,8 +482,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -538,6 +535,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
@@ -545,6 +544,7 @@ AM_CPPFLAGS = \
 	-I$(top_srcdir)/src/libstrongswan \
 	-I$(top_srcdir)/src/libstrongswan/plugins/pubkey \
 	-I$(top_srcdir)/src/libcharon \
+	-DSWANCTLDIR=\""${swanctldir}\"" \
 	-DIPSEC_PIDDIR=\"${piddir}\"
 
 AM_CFLAGS = \
diff --git a/src/libcharon/plugins/vici/README.md b/src/libcharon/plugins/vici/README.md
index cf5a85a..18a3ef7 100644
--- a/src/libcharon/plugins/vici/README.md
+++ b/src/libcharon/plugins/vici/README.md
@@ -481,6 +481,19 @@ Load a shared IKE PSK, EAP or XAuth secret into the daemon.
 		errmsg = <error string on failure>
 	}
 
+### flush-certs() ###
+
+Flushes the certificate cache. The optional type argument allows to flush
+only certificates of a given type, e.g. all cached CRLs.
+
+	{
+		type = <certificate type to filter for, X509|X509_AC|X509_CRL|
+												OCSP_RESPONSE|PUBKEY or ANY>
+	} => {
+		success = <yes or no>
+		errmsg = <error string on failure>
+	}
+
 ### clear-creds() ###
 
 Clear all loaded certificate, private key and shared key credentials. This
diff --git a/src/libcharon/plugins/vici/perl/Makefile.in b/src/libcharon/plugins/vici/perl/Makefile.in
index e32e966..523868c 100644
--- a/src/libcharon/plugins/vici/perl/Makefile.in
+++ b/src/libcharon/plugins/vici/perl/Makefile.in
@@ -267,7 +267,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -301,8 +300,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -356,6 +353,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/vici/perl/Vici-Session/README.pod b/src/libcharon/plugins/vici/perl/Vici-Session/README.pod
index de374aa..d197397 100644
--- a/src/libcharon/plugins/vici/perl/Vici-Session/README.pod
+++ b/src/libcharon/plugins/vici/perl/Vici-Session/README.pod
@@ -560,6 +560,21 @@ print "----- unload-authority -----\n";
 ($res, $errmsg) = $session->unload_authority(Vici::Message->new(\%vars));
 print $res ? "ok\n" : "failed: $errmsg\n";
 
+=item flush_certs()
+
+flushes the volatile certificate cache. Optionally only a given certificate
+type is flushed.
+
+  my %vars = ( type => 'x509_crl' );
+  my ($res, $errmsg) = $session->flush_certs(Vici::Message->new(\%vars));
+
+=cut
+
+print "----- flush-certs -----\n";
+%vars = ( type => 'x509_crl' );
+($res, $errmsg) = $session->flush_certs(Vici::Message->new(\%vars));
+print $res ? "ok\n" : "failed: $errmsg\n";
+
 =item clear_creds()
 
 clears all loaded certificate, private key and shared key credentials. This
diff --git a/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Session.pm b/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Session.pm
index 7819713..5c09b14 100644
--- a/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Session.pm
+++ b/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Session.pm
@@ -96,6 +96,10 @@ sub load_shared {
     return request_vars_res('load-shared', @_);
 }
 
+sub flush_certs {
+    return request_vars_res('flush-certs', @_);
+}
+
 sub clear_creds {
    return request_res('clear-creds', @_);
 }
diff --git a/src/libcharon/plugins/vici/python/Makefile.in b/src/libcharon/plugins/vici/python/Makefile.in
index 7d1c642..4f1a917 100644
--- a/src/libcharon/plugins/vici/python/Makefile.in
+++ b/src/libcharon/plugins/vici/python/Makefile.in
@@ -289,7 +289,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -323,8 +322,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -378,6 +375,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/vici/python/vici/session.py b/src/libcharon/plugins/vici/python/vici/session.py
index 66de859..5bd4b7c 100644
--- a/src/libcharon/plugins/vici/python/vici/session.py
+++ b/src/libcharon/plugins/vici/python/vici/session.py
@@ -166,6 +166,17 @@ class Session(object):
         """
         self.handler.request("load-shared", secret)
 
+    def flush_certs(self, filter=None):
+        """Flush the volatile certificate cache.
+
+        Flush the certificate stored temporarily in the cache. The filter
+        allows to flush only a certain type of certificates, e.g. CRLs.
+
+        :param filter: flush only certificates of a given type (optional)
+        :type filter: dict
+        """
+        self.handler.request("flush-certs", filter)
+
     def clear_creds(self):
         """Clear credentials loaded over vici.
 
diff --git a/src/libcharon/plugins/vici/ruby/Makefile.in b/src/libcharon/plugins/vici/ruby/Makefile.in
index aceb28a..e176285 100644
--- a/src/libcharon/plugins/vici/ruby/Makefile.in
+++ b/src/libcharon/plugins/vici/ruby/Makefile.in
@@ -267,7 +267,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -301,8 +300,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -356,6 +353,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/vici/ruby/lib/vici.rb b/src/libcharon/plugins/vici/ruby/lib/vici.rb
index 018f507..1a95fc3 100644
--- a/src/libcharon/plugins/vici/ruby/lib/vici.rb
+++ b/src/libcharon/plugins/vici/ruby/lib/vici.rb
@@ -449,6 +449,12 @@ module Vici
     end
 
     ##
+    # Flush credential cache.
+    def flush_certs((match = nil)
+      check_success(@transp.request("flush-certs", Message.new(match)))
+    end
+
+    ##
     # Clear all loaded credentials.
     def clear_creds()
       check_success(@transp.request("clear-creds"))
diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c
index d919e1d..2110fd3 100644
--- a/src/libcharon/plugins/vici/vici_config.c
+++ b/src/libcharon/plugins/vici/vici_config.c
@@ -437,6 +437,7 @@ typedef struct {
 	linked_list_t *remote_ts;
 	uint32_t replay_window;
 	bool policies;
+	bool policies_fwd_out;
 	child_cfg_create_t cfg;
 } child_data_t;
 
@@ -462,6 +463,7 @@ static void log_child_data(child_data_t *data, char *name)
 	DBG2(DBG_CFG, "   ipcomp = %u", cfg->ipcomp);
 	DBG2(DBG_CFG, "   mode = %N", ipsec_mode_names, cfg->mode);
 	DBG2(DBG_CFG, "   policies = %u", data->policies);
+	DBG2(DBG_CFG, "   policies_fwd_out = %u", data->policies_fwd_out);
 	if (data->replay_window != REPLAY_UNDEFINED)
 	{
 		DBG2(DBG_CFG, "   replay_window = %u", data->replay_window);
@@ -503,7 +505,7 @@ static void free_child_data(child_data_t *data)
  */
 static bool parse_proposal(linked_list_t *list, protocol_id_t proto, chunk_t v)
 {
-	char buf[128];
+	char buf[BUF_LEN];
 	proposal_t *proposal;
 
 	if (!vici_stringify(v, buf, sizeof(buf)))
@@ -566,7 +568,7 @@ CALLBACK(parse_ah_proposal, bool,
 CALLBACK(parse_ts, bool,
 	linked_list_t *out, chunk_t v)
 {
-	char buf[128], *protoport, *sep, *port = "", *end;
+	char buf[BUF_LEN], *protoport, *sep, *port = "", *end;
 	traffic_selector_t *ts = NULL;
 	struct protoent *protoent;
 	struct servent *svc;
@@ -720,7 +722,7 @@ typedef struct {
  */
 static bool parse_map(enum_map_t *map, int count, int *out, chunk_t v)
 {
-	char buf[128];
+	char buf[BUF_LEN];
 	int i;
 
 	if (!vici_stringify(v, buf, sizeof(buf)))
@@ -1051,7 +1053,7 @@ CALLBACK(parse_auth, bool,
  */
 static bool parse_id(auth_cfg_t *cfg, auth_rule_t rule, chunk_t v)
 {
-	char buf[256];
+	char buf[BUF_LEN];
 
 	if (!vici_stringify(v, buf, sizeof(buf)))
 	{
@@ -1330,31 +1332,32 @@ CALLBACK(child_kv, bool,
 	child_data_t *child, vici_message_t *message, char *name, chunk_t value)
 {
 	parse_rule_t rules[] = {
-		{ "updown",			parse_string,		&child->cfg.updown					},
-		{ "hostaccess",		parse_bool,			&child->cfg.hostaccess				},
-		{ "mode",			parse_mode,			&child->cfg.mode					},
-		{ "policies",		parse_bool,			&child->policies					},
-		{ "replay_window",	parse_uint32,		&child->replay_window				},
-		{ "rekey_time",		parse_time,			&child->cfg.lifetime.time.rekey		},
-		{ "life_time",		parse_time,			&child->cfg.lifetime.time.life		},
-		{ "rand_time",		parse_time,			&child->cfg.lifetime.time.jitter	},
-		{ "rekey_bytes",	parse_bytes,		&child->cfg.lifetime.bytes.rekey	},
-		{ "life_bytes",		parse_bytes,		&child->cfg.lifetime.bytes.life		},
-		{ "rand_bytes",		parse_bytes,		&child->cfg.lifetime.bytes.jitter	},
-		{ "rekey_packets",	parse_uint64,		&child->cfg.lifetime.packets.rekey	},
-		{ "life_packets",	parse_uint64,		&child->cfg.lifetime.packets.life	},
-		{ "rand_packets",	parse_uint64,		&child->cfg.lifetime.packets.jitter	},
-		{ "dpd_action",		parse_action,		&child->cfg.dpd_action				},
-		{ "start_action",	parse_action,		&child->cfg.start_action			},
-		{ "close_action",	parse_action,		&child->cfg.close_action			},
-		{ "ipcomp",			parse_bool,			&child->cfg.ipcomp					},
-		{ "inactivity",		parse_time,			&child->cfg.inactivity				},
-		{ "reqid",			parse_uint32,		&child->cfg.reqid					},
-		{ "mark_in",		parse_mark,			&child->cfg.mark_in					},
-		{ "mark_out",		parse_mark,			&child->cfg.mark_out				},
-		{ "tfc_padding",	parse_tfc,			&child->cfg.tfc						},
-		{ "priority",		parse_uint32,		&child->cfg.priority				},
-		{ "interface",		parse_string,		&child->cfg.interface				},
+		{ "updown",				parse_string,		&child->cfg.updown					},
+		{ "hostaccess",			parse_bool,			&child->cfg.hostaccess				},
+		{ "mode",				parse_mode,			&child->cfg.mode					},
+		{ "policies",			parse_bool,			&child->policies					},
+		{ "policies_fwd_out",	parse_bool,			&child->policies_fwd_out			},
+		{ "replay_window",		parse_uint32,		&child->replay_window				},
+		{ "rekey_time",			parse_time,			&child->cfg.lifetime.time.rekey		},
+		{ "life_time",			parse_time,			&child->cfg.lifetime.time.life		},
+		{ "rand_time",			parse_time,			&child->cfg.lifetime.time.jitter	},
+		{ "rekey_bytes",		parse_bytes,		&child->cfg.lifetime.bytes.rekey	},
+		{ "life_bytes",			parse_bytes,		&child->cfg.lifetime.bytes.life		},
+		{ "rand_bytes",			parse_bytes,		&child->cfg.lifetime.bytes.jitter	},
+		{ "rekey_packets",		parse_uint64,		&child->cfg.lifetime.packets.rekey	},
+		{ "life_packets",		parse_uint64,		&child->cfg.lifetime.packets.life	},
+		{ "rand_packets",		parse_uint64,		&child->cfg.lifetime.packets.jitter	},
+		{ "dpd_action",			parse_action,		&child->cfg.dpd_action				},
+		{ "start_action",		parse_action,		&child->cfg.start_action			},
+		{ "close_action",		parse_action,		&child->cfg.close_action			},
+		{ "ipcomp",				parse_bool,			&child->cfg.ipcomp					},
+		{ "inactivity",			parse_time,			&child->cfg.inactivity				},
+		{ "reqid",				parse_uint32,		&child->cfg.reqid					},
+		{ "mark_in",			parse_mark,			&child->cfg.mark_in					},
+		{ "mark_out",			parse_mark,			&child->cfg.mark_out				},
+		{ "tfc_padding",		parse_tfc,			&child->cfg.tfc						},
+		{ "priority",			parse_uint32,		&child->cfg.priority				},
+		{ "interface",			parse_string,		&child->cfg.interface				},
 	};
 
 	return parse_rules(rules, countof(rules), name, value,
@@ -1537,6 +1540,7 @@ CALLBACK(children_sn, bool,
 		}
 	}
 	child.cfg.suppress_policies = !child.policies;
+	child.cfg.fwd_out_policies = child.policies_fwd_out;
 
 	check_lifetimes(&child.cfg.lifetime);
 
@@ -1976,7 +1980,7 @@ CALLBACK(config_sn, bool,
 		.send_cert = CERT_SEND_IF_ASKED,
 		.version = IKE_ANY,
 		.remote_port = IKEV2_UDP_PORT,
-		.fragmentation = FRAGMENTATION_NO,
+		.fragmentation = FRAGMENTATION_YES,
 		.unique = UNIQUE_NO,
 		.keyingtries = 1,
 		.rekey_time = LFT_UNDEFINED,
diff --git a/src/libcharon/plugins/vici/vici_cred.c b/src/libcharon/plugins/vici/vici_cred.c
index 3411b7d..baf285f 100644
--- a/src/libcharon/plugins/vici/vici_cred.c
+++ b/src/libcharon/plugins/vici/vici_cred.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2014 Martin Willi
  * Copyright (C) 2014 revosec AG
  *
- * Copyright (C) 2015 Andreas Steffen
+ * Copyright (C) 2015-2016 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -25,9 +25,16 @@
 #include <credentials/certificates/crl.h>
 #include <credentials/certificates/x509.h>
 
+#include <errno.h>
+
 typedef struct private_vici_cred_t private_vici_cred_t;
 
 /**
+ * Directory for saved X.509 CRLs
+ */
+#define CRL_DIR SWANCTLDIR "/x509crl"
+
+/**
  * Private data of an vici_cred_t object.
  */
 struct private_vici_cred_t {
@@ -46,8 +53,54 @@ struct private_vici_cred_t {
 	 * credentials
 	 */
 	mem_cred_t *creds;
+
+	/**
+	 * cache CRLs to disk?
+	 */
+	bool cachecrl;
+
 };
 
+METHOD(credential_set_t, cache_cert, void,
+	private_vici_cred_t *this, certificate_t *cert)
+{
+	if (cert->get_type(cert) == CERT_X509_CRL && this->cachecrl)
+	{
+		/* CRLs get written to /etc/swanctl/x509crl/<authkeyId>.crl */
+		crl_t *crl = (crl_t*)cert;
+
+		cert->get_ref(cert);
+		if (this->creds->add_crl(this->creds, crl))
+		{
+			char buf[BUF_LEN];
+			chunk_t chunk, hex;
+			bool is_delta_crl;
+
+			is_delta_crl = crl->is_delta_crl(crl, NULL);
+			chunk = crl->get_authKeyIdentifier(crl);
+			hex = chunk_to_hex(chunk, NULL, FALSE);
+			snprintf(buf, sizeof(buf), "%s/%s%s.crl", CRL_DIR, hex.ptr,
+										is_delta_crl ? "_delta" : "");
+			free(hex.ptr);
+
+			if (cert->get_encoding(cert, CERT_ASN1_DER, &chunk))
+			{
+				if (chunk_write(chunk, buf, 022, TRUE))
+				{
+					DBG1(DBG_CFG, "  written crl file '%s' (%d bytes)",
+						 buf, chunk.len);
+				}
+				else
+				{
+					DBG1(DBG_CFG, "  writing crl file '%s' failed: %s",
+						 buf, strerror(errno));
+				}
+				free(chunk.ptr);
+			}
+		}
+	}
+}
+
 /**
  * Create a (error) reply message
  */
@@ -287,6 +340,24 @@ CALLBACK(clear_creds, vici_message_t*,
 	return create_reply(NULL);
 }
 
+CALLBACK(flush_certs, vici_message_t*,
+	private_vici_cred_t *this, char *name, u_int id, vici_message_t *message)
+{
+	certificate_type_t type = CERT_ANY;
+	x509_flag_t flag = X509_NONE;
+	char *str;
+
+	str = message->get_str(message, NULL, "type");
+	if (str && !enum_from_name(certificate_type_names, str, &type) &&
+			   !vici_cert_info_from_str(str, &type, &flag))
+	{
+		return create_reply("invalid certificate type '%s'", str);
+	}
+	lib->credmgr->flush_cache(lib->credmgr, type);
+
+	return create_reply(NULL);
+}
+
 static void manage_command(private_vici_cred_t *this,
 						   char *name, vici_command_cb_t cb, bool reg)
 {
@@ -300,6 +371,7 @@ static void manage_command(private_vici_cred_t *this,
 static void manage_commands(private_vici_cred_t *this, bool reg)
 {
 	manage_command(this, "clear-creds", clear_creds, reg);
+	manage_command(this, "flush-certs", flush_certs, reg);
 	manage_command(this, "load-cert", load_cert, reg);
 	manage_command(this, "load-key", load_key, reg);
 	manage_command(this, "load-shared", load_shared, reg);
@@ -330,6 +402,13 @@ vici_cred_t *vici_cred_create(vici_dispatcher_t *dispatcher)
 
 	INIT(this,
 		.public = {
+			.set = {
+				.create_private_enumerator = (void*)return_null,
+				.create_cert_enumerator = (void*)return_null,
+				.create_shared_enumerator = (void*)return_null,
+				.create_cdp_enumerator = (void*)return_null,
+				.cache_cert = (void*)_cache_cert,
+			},
 			.add_cert = _add_cert,
 			.destroy = _destroy,
 		},
@@ -337,6 +416,11 @@ vici_cred_t *vici_cred_create(vici_dispatcher_t *dispatcher)
 		.creds = mem_cred_create(),
 	);
 
+	if (lib->settings->get_bool(lib->settings, "%s.cache_crls", FALSE, lib->ns))
+	{
+		this->cachecrl = TRUE;
+		DBG1(DBG_CFG, "crl caching to %s enabled", CRL_DIR);
+	}
 	lib->credmgr->add_set(lib->credmgr, &this->creds->set);
 
 	manage_commands(this, TRUE);
diff --git a/src/libcharon/plugins/vici/vici_cred.h b/src/libcharon/plugins/vici/vici_cred.h
index 8359c0e..6ce5147 100644
--- a/src/libcharon/plugins/vici/vici_cred.h
+++ b/src/libcharon/plugins/vici/vici_cred.h
@@ -2,6 +2,9 @@
  * Copyright (C) 2014 Martin Willi
  * Copyright (C) 2014 revosec AG
  *
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
  * Free Software Foundation; either version 2 of the License, or (at your
@@ -23,6 +26,8 @@
 
 #include "vici_dispatcher.h"
 
+#include <credentials/credential_set.h>
+
 typedef struct vici_cred_t vici_cred_t;
 
 /**
@@ -31,6 +36,11 @@ typedef struct vici_cred_t vici_cred_t;
 struct vici_cred_t {
 
 	/**
+	 * Implements credential_set_t
+	 */
+	credential_set_t set;
+
+	/**
 	 * Add a certificate to the certificate store
 	 *
 	 * @param cert	certificate to be added to store
diff --git a/src/libcharon/plugins/vici/vici_plugin.c b/src/libcharon/plugins/vici/vici_plugin.c
index ed7c743..1366512 100644
--- a/src/libcharon/plugins/vici/vici_plugin.c
+++ b/src/libcharon/plugins/vici/vici_plugin.c
@@ -2,7 +2,7 @@
  * Copyright (C) 2014 Martin Willi
  * Copyright (C) 2014 revosec AG
  *
- * Copyright (C) 2015 Andreas Steffen
+ * Copyright (C) 2015-2016 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -130,6 +130,7 @@ static bool register_vici(private_vici_plugin_t *this,
 			this->cred = vici_cred_create(this->dispatcher);
 			this->authority = vici_authority_create(this->dispatcher,
 													this->cred);
+			lib->credmgr->add_set(lib->credmgr, &this->cred->set);
 			lib->credmgr->add_set(lib->credmgr, &this->authority->set);
 			this->config = vici_config_create(this->dispatcher, this->authority,
 											  this->cred);
@@ -158,6 +159,7 @@ static bool register_vici(private_vici_plugin_t *this,
 		this->logger->destroy(this->logger);
 		this->attrs->destroy(this->attrs);
 		this->config->destroy(this->config);
+		lib->credmgr->remove_set(lib->credmgr, &this->cred->set);
 		lib->credmgr->remove_set(lib->credmgr, &this->authority->set);
 		this->authority->destroy(this->authority);
 		this->cred->destroy(this->cred);
diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vici/vici_query.c
index 04cea00..828b619 100644
--- a/src/libcharon/plugins/vici/vici_query.c
+++ b/src/libcharon/plugins/vici/vici_query.c
@@ -1072,6 +1072,7 @@ CALLBACK(get_algorithms, vici_message_t*,
 	integrity_algorithm_t integrity;
 	hash_algorithm_t hash;
 	pseudo_random_function_t prf;
+	ext_out_function_t xof;
 	diffie_hellman_group_t group;
 	rng_quality_t quality;
 	const char *plugin_name;
@@ -1123,6 +1124,15 @@ CALLBACK(get_algorithms, vici_message_t*,
 	enumerator->destroy(enumerator);
 	b->end_section(b);
 
+	b->begin_section(b, "xof");
+	enumerator = lib->crypto->create_xof_enumerator(lib->crypto);
+	while (enumerator->enumerate(enumerator, &xof, &plugin_name))
+	{
+		add_algorithm(b, ext_out_function_names, xof, plugin_name);
+	}
+	enumerator->destroy(enumerator);
+	b->end_section(b);
+
 	b->begin_section(b, "dh");
 	enumerator = lib->crypto->create_dh_enumerator(lib->crypto);
 	while (enumerator->enumerate(enumerator, &group, &plugin_name))
diff --git a/src/libcharon/plugins/whitelist/Makefile.in b/src/libcharon/plugins/whitelist/Makefile.in
index 47fcf91..2e7bf02 100644
--- a/src/libcharon/plugins/whitelist/Makefile.in
+++ b/src/libcharon/plugins/whitelist/Makefile.in
@@ -360,7 +360,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -394,8 +393,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -449,6 +446,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/xauth_eap/Makefile.in b/src/libcharon/plugins/xauth_eap/Makefile.in
index 0e88f8e..541bec9 100644
--- a/src/libcharon/plugins/xauth_eap/Makefile.in
+++ b/src/libcharon/plugins/xauth_eap/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/xauth_generic/Makefile.in b/src/libcharon/plugins/xauth_generic/Makefile.in
index e20b46f..50a6c80 100644
--- a/src/libcharon/plugins/xauth_generic/Makefile.in
+++ b/src/libcharon/plugins/xauth_generic/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/xauth_noauth/Makefile.in b/src/libcharon/plugins/xauth_noauth/Makefile.in
index b8adbbf..e2353a4 100644
--- a/src/libcharon/plugins/xauth_noauth/Makefile.in
+++ b/src/libcharon/plugins/xauth_noauth/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/plugins/xauth_pam/Makefile.in b/src/libcharon/plugins/xauth_pam/Makefile.in
index 79c4666..048e4d5 100644
--- a/src/libcharon/plugins/xauth_pam/Makefile.in
+++ b/src/libcharon/plugins/xauth_pam/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c
index 8a405d9..e4364de 100644
--- a/src/libcharon/sa/child_sa.c
+++ b/src/libcharon/sa/child_sa.c
@@ -111,12 +111,17 @@ struct private_child_sa_t {
 	 */
 	bool static_reqid;
 
-	/*
+	/**
 	 * Unique CHILD_SA identifier
 	 */
 	uint32_t unique_id;
 
 	/**
+	 * Whether FWD policieis in the outbound direction should be installed
+	 */
+	bool policies_fwd_out;
+
+	/**
 	 * inbound mark used for this child_sa
 	 */
 	mark_t mark_in;
@@ -931,15 +936,19 @@ static status_t install_policies_internal(private_child_sa_t *this,
 		 * policies of two SAs we install them with reduced priority.  As they
 		 * basically act as bypass policies for drop policies we use a higher
 		 * priority than is used for them. */
-		out_id.dir = POLICY_FWD;
-		other_sa->reqid = 0;
-		if (priority == POLICY_PRIORITY_DEFAULT)
+		if (this->policies_fwd_out)
 		{
-			out_policy.prio = POLICY_PRIORITY_ROUTED;
+			out_id.dir = POLICY_FWD;
+			other_sa->reqid = 0;
+			if (priority == POLICY_PRIORITY_DEFAULT)
+			{
+				out_policy.prio = POLICY_PRIORITY_ROUTED;
+			}
+			status |= charon->kernel->add_policy(charon->kernel, &out_id,
+												 &out_policy);
+			/* reset the reqid for any other further policies */
+			other_sa->reqid = this->reqid;
 		}
-		status |= charon->kernel->add_policy(charon->kernel, &out_id, &out_policy);
-		/* reset the reqid for any other further policies */
-		other_sa->reqid = this->reqid;
 	}
 	return status;
 }
@@ -988,14 +997,17 @@ static void del_policies_internal(private_child_sa_t *this,
 		in_id.dir = POLICY_FWD;
 		charon->kernel->del_policy(charon->kernel, &in_id, &in_policy);
 
-		out_id.dir = POLICY_FWD;
-		other_sa->reqid = 0;
-		if (priority == POLICY_PRIORITY_DEFAULT)
+		if (this->policies_fwd_out)
 		{
-			out_policy.prio = POLICY_PRIORITY_ROUTED;
+			out_id.dir = POLICY_FWD;
+			other_sa->reqid = 0;
+			if (priority == POLICY_PRIORITY_DEFAULT)
+			{
+				out_policy.prio = POLICY_PRIORITY_ROUTED;
+			}
+			charon->kernel->del_policy(charon->kernel, &out_id, &out_policy);
+			other_sa->reqid = this->reqid;
 		}
-		charon->kernel->del_policy(charon->kernel, &out_id, &out_policy);
-		other_sa->reqid = this->reqid;
 	}
 }
 
@@ -1443,6 +1455,7 @@ child_sa_t * child_sa_create(host_t *me, host_t* other,
 		.mark_in = config->get_mark(config, TRUE),
 		.mark_out = config->get_mark(config, FALSE),
 		.install_time = time_monotonic(NULL),
+		.policies_fwd_out = config->install_fwd_out_policy(config),
 	);
 
 	this->config = config;
diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index 009277d..7b87918 100644
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -921,6 +921,7 @@ METHOD(ike_sa_t, reset, void,
 							this->ike_sa_id->is_initiator(this->ike_sa_id));
 
 	this->task_manager->reset(this->task_manager, 0, 0);
+	this->task_manager->queue_ike(this->task_manager);
 }
 
 METHOD(ike_sa_t, get_keymat, keymat_t*,
@@ -1780,16 +1781,12 @@ METHOD(ike_sa_t, delete_, status_t,
 {
 	switch (this->state)
 	{
-		case IKE_REKEYING:
-			if (this->version == IKEV1)
-			{	/* SA has been reauthenticated, delete */
-				charon->bus->ike_updown(charon->bus, &this->public, FALSE);
-				break;
-			}
-			/* FALL */
 		case IKE_ESTABLISHED:
-			if (time_monotonic(NULL) >= this->stats[STAT_DELETE])
-			{	/* IKE_SA hard lifetime hit */
+		case IKE_REKEYING:
+			if (time_monotonic(NULL) >= this->stats[STAT_DELETE] &&
+				!(this->version == IKEV1 && this->state == IKE_REKEYING))
+			{	/* IKE_SA hard lifetime hit, ignored for reauthenticated
+				 * IKEv1 SAs */
 				charon->bus->alert(charon->bus, ALERT_IKE_SA_EXPIRED);
 			}
 			this->task_manager->queue_ike_delete(this->task_manager);
@@ -1831,7 +1828,6 @@ METHOD(ike_sa_t, reauth, status_t,
 		DBG0(DBG_IKE, "reinitiating IKE_SA %s[%d]",
 			 get_name(this), this->unique_id);
 		reset(this);
-		this->task_manager->queue_ike(this->task_manager);
 		return this->task_manager->initiate(this->task_manager);
 	}
 	/* we can't reauthenticate as responder when we use EAP or virtual IPs.
@@ -2335,7 +2331,6 @@ METHOD(ike_sa_t, retransmit, status_t,
 						 this->keyingtry + 1, tries);
 					reset(this);
 					resolve_hosts(this);
-					this->task_manager->queue_ike(this->task_manager);
 					return this->task_manager->initiate(this->task_manager);
 				}
 				DBG1(DBG_IKE, "establishing IKE_SA failed, peer not responding");
@@ -2980,7 +2975,7 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id, bool initiator,
 		.flush_auth_cfg = lib->settings->get_bool(lib->settings,
 								"%s.flush_auth_cfg", FALSE, lib->ns),
 		.fragment_size = lib->settings->get_int(lib->settings,
-								"%s.fragment_size", 0, lib->ns),
+								"%s.fragment_size", 1280, lib->ns),
 		.follow_redirects = lib->settings->get_bool(lib->settings,
 								"%s.follow_redirects", TRUE, lib->ns),
 	);
diff --git a/src/libcharon/sa/ikev1/keymat_v1.c b/src/libcharon/sa/ikev1/keymat_v1.c
index be6b03b..d1d4cbd 100644
--- a/src/libcharon/sa/ikev1/keymat_v1.c
+++ b/src/libcharon/sa/ikev1/keymat_v1.c
@@ -75,11 +75,6 @@ struct private_keymat_v1_t {
 	hasher_t *hasher;
 
 	/**
-	 * Key used for authentication during main mode
-	 */
-	chunk_t skeyid;
-
-	/**
 	 * Key to derive key material from for non-ISAKMP SAs, rekeying
 	 */
 	chunk_t skeyid_d;
@@ -269,12 +264,12 @@ static bool expand_skeyid_e(chunk_t skeyid_e, size_t key_size, prf_t *prf,
  * Create a simple implementation of the aead_t interface which only encrypts
  * or decrypts data.
  */
-static aead_t *create_aead(proposal_t *proposal, prf_t *prf, chunk_t skeyid_e)
+static aead_t *create_aead(proposal_t *proposal, prf_t *prf, chunk_t skeyid_e,
+						   chunk_t *ka)
 {
 	private_aead_t *this;
 	uint16_t alg, key_size;
 	crypter_t *crypter;
-	chunk_t ka;
 
 	if (!proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &alg,
 								 &key_size))
@@ -292,17 +287,16 @@ static aead_t *create_aead(proposal_t *proposal, prf_t *prf, chunk_t skeyid_e)
 		return NULL;
 	}
 	key_size = crypter->get_key_size(crypter);
-	if (!expand_skeyid_e(skeyid_e, crypter->get_key_size(crypter), prf, &ka))
+	if (!expand_skeyid_e(skeyid_e, crypter->get_key_size(crypter), prf, ka))
 	{
 		return NULL;
 	}
-	DBG4(DBG_IKE, "encryption key Ka %B", &ka);
-	if (!crypter->set_key(crypter, ka))
+	DBG4(DBG_IKE, "encryption key Ka %B", ka);
+	if (!crypter->set_key(crypter, *ka))
 	{
-		chunk_clear(&ka);
+		chunk_clear(ka);
 		return NULL;
 	}
-	chunk_clear(&ka);
 
 	INIT(this,
 		.aead = {
@@ -392,7 +386,7 @@ METHOD(keymat_v1_t, derive_ike_keys, bool,
 	auth_method_t auth, shared_key_t *shared_key)
 {
 	chunk_t g_xy, g_xi, g_xr, dh_me, spi_i, spi_r, nonces, data, skeyid_e;
-	chunk_t skeyid;
+	chunk_t skeyid, ka;
 	uint16_t alg;
 
 	spi_i = chunk_alloca(sizeof(uint64_t));
@@ -550,11 +544,14 @@ METHOD(keymat_v1_t, derive_ike_keys, bool,
 	}
 	chunk_clear(&skeyid);
 
-	this->aead = create_aead(proposal, this->prf, skeyid_e);
+	this->aead = create_aead(proposal, this->prf, skeyid_e, &ka);
 	if (!this->aead)
 	{
 		return FALSE;
 	}
+	charon->bus->ike_derived_keys(charon->bus, ka, chunk_empty, this->skeyid_a,
+								  chunk_empty);
+	chunk_clear(&ka);
 	if (!this->hasher && !this->public.create_hasher(&this->public, proposal))
 	{
 		return FALSE;
diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c
index b0c4f5f..3b0c1cf 100644
--- a/src/libcharon/sa/ikev1/task_manager_v1.c
+++ b/src/libcharon/sa/ikev1/task_manager_v1.c
@@ -515,13 +515,13 @@ METHOD(task_manager_t, initiate, status_t,
 					new_mid = TRUE;
 					break;
 				}
-				if (activate_task(this, TASK_ISAKMP_DELETE))
+				if (activate_task(this, TASK_QUICK_DELETE))
 				{
 					exchange = INFORMATIONAL_V1;
 					new_mid = TRUE;
 					break;
 				}
-				if (activate_task(this, TASK_QUICK_DELETE))
+				if (activate_task(this, TASK_ISAKMP_DELETE))
 				{
 					exchange = INFORMATIONAL_V1;
 					new_mid = TRUE;
@@ -547,6 +547,14 @@ METHOD(task_manager_t, initiate, status_t,
 					break;
 				}
 				break;
+			case IKE_REKEYING:
+				if (activate_task(this, TASK_ISAKMP_DELETE))
+				{
+					exchange = INFORMATIONAL_V1;
+					new_mid = TRUE;
+					break;
+				}
+				break;
 			default:
 				break;
 		}
@@ -1181,7 +1189,7 @@ static status_t process_response(private_task_manager_t *this,
 	}
 	enumerator->destroy(enumerator);
 
-	if (this->initiating.retransmitted)
+	if (this->initiating.retransmitted > 1)
 	{
 		packet_t *packet = NULL;
 		array_get(this->initiating.packets, 0, &packet);
@@ -1661,6 +1669,9 @@ METHOD(task_manager_t, queue_ike_delete, void,
 	enumerator_t *enumerator;
 	child_sa_t *child_sa;
 
+	/* cancel any currently active task to get the DELETE done quickly */
+	flush_queue(this, TASK_QUEUE_ACTIVE);
+
 	enumerator = this->ike_sa->create_child_sa_enumerator(this->ike_sa);
 	while (enumerator->enumerate(enumerator, &child_sa))
 	{
diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c b/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c
index f28b83e..dc86fc5 100644
--- a/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c
+++ b/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c
@@ -102,6 +102,7 @@ static struct {
 	{ "DPD", EXT_DPD, TRUE, 16,
 	  "\xaf\xca\xd7\x13\x68\xa1\xf1\xc9\x6b\x86\x96\xfc\x77\x57\x01\x00"},
 
+	/* CISCO-UNITY, similar to DPD the last two bytes indicate the version */
 	{ "Cisco Unity", EXT_CISCO_UNITY, FALSE, 16,
 	  "\x12\xf5\xf2\x8c\x45\x71\x68\xa9\x70\x2d\x9f\xe2\x74\xcc\x01\x00"},
 
@@ -190,6 +191,8 @@ static bool is_known_vid(chunk_t data, int i)
 			break;
 		case EXT_MS_WINDOWS:
 			return data.len == 20 && memeq(data.ptr, vendor_ids[i].id, 16);
+		case EXT_CISCO_UNITY:
+			return data.len == 16 && memeq(data.ptr, vendor_ids[i].id, 14);
 		default:
 			return chunk_equals(data, chunk_create(vendor_ids[i].id,
 												   vendor_ids[i].len));
diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.c b/src/libcharon/sa/ikev1/tasks/quick_mode.c
index bbd1cb0..6b89641 100644
--- a/src/libcharon/sa/ikev1/tasks/quick_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/quick_mode.c
@@ -348,10 +348,6 @@ static bool install(private_quick_mode_t *this)
 									this->initiator, FALSE, FALSE, tsr, tsi);
 		}
 	}
-	chunk_clear(&integ_i);
-	chunk_clear(&integ_r);
-	chunk_clear(&encr_i);
-	chunk_clear(&encr_r);
 
 	if (status_i != SUCCESS || status_o != SUCCESS)
 	{
@@ -361,22 +357,38 @@ static bool install(private_quick_mode_t *this)
 			(status_o != SUCCESS) ? "outbound " : "");
 		tsi->destroy_offset(tsi, offsetof(traffic_selector_t, destroy));
 		tsr->destroy_offset(tsr, offsetof(traffic_selector_t, destroy));
-		return FALSE;
-	}
-
-	if (this->initiator)
-	{
-		status = this->child_sa->add_policies(this->child_sa, tsi, tsr);
+		status = FAILED;
 	}
 	else
 	{
-		status = this->child_sa->add_policies(this->child_sa, tsr, tsi);
+		if (this->initiator)
+		{
+			status = this->child_sa->add_policies(this->child_sa, tsi, tsr);
+		}
+		else
+		{
+			status = this->child_sa->add_policies(this->child_sa, tsr, tsi);
+		}
+		tsi->destroy_offset(tsi, offsetof(traffic_selector_t, destroy));
+		tsr->destroy_offset(tsr, offsetof(traffic_selector_t, destroy));
+		if (status != SUCCESS)
+		{
+			DBG1(DBG_IKE, "unable to install IPsec policies (SPD) in kernel");
+		}
+		else
+		{
+			charon->bus->child_derived_keys(charon->bus, this->child_sa,
+											this->initiator, encr_i, encr_r,
+											integ_i, integ_r);
+		}
 	}
-	tsi->destroy_offset(tsi, offsetof(traffic_selector_t, destroy));
-	tsr->destroy_offset(tsr, offsetof(traffic_selector_t, destroy));
+	chunk_clear(&integ_i);
+	chunk_clear(&integ_r);
+	chunk_clear(&encr_i);
+	chunk_clear(&encr_r);
+
 	if (status != SUCCESS)
 	{
-		DBG1(DBG_IKE, "unable to install IPsec policies (SPD) in kernel");
 		return FALSE;
 	}
 
diff --git a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
index 6fd34e0..592f497 100644
--- a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
+++ b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
@@ -161,8 +161,8 @@ static array_t *select_signature_schemes(keymat_v2_t *keymat,
 		if (key_type == KEY_RSA)
 		{
 			signature_scheme_t schemes[] = {
-				SIGN_RSA_EMSA_PKCS1_SHA384,
-				SIGN_RSA_EMSA_PKCS1_SHA256,
+				SIGN_RSA_EMSA_PKCS1_SHA2_384,
+				SIGN_RSA_EMSA_PKCS1_SHA2_256,
 				SIGN_RSA_EMSA_PKCS1_SHA1,
 			}, contained;
 			bool found;
diff --git a/src/libcharon/sa/ikev2/keymat_v2.c b/src/libcharon/sa/ikev2/keymat_v2.c
index e373998..58efdba 100644
--- a/src/libcharon/sa/ikev2/keymat_v2.c
+++ b/src/libcharon/sa/ikev2/keymat_v2.c
@@ -103,7 +103,7 @@ static bool derive_ike_aead(private_keymat_v2_t *this, uint16_t alg,
 							uint16_t key_size, prf_plus_t *prf_plus)
 {
 	aead_t *aead_i, *aead_r;
-	chunk_t key = chunk_empty;
+	chunk_t sk_ei = chunk_empty, sk_er = chunk_empty;
 	u_int salt_size;
 
 	switch (alg)
@@ -146,23 +146,22 @@ static bool derive_ike_aead(private_keymat_v2_t *this, uint16_t alg,
 	{
 		goto failure;
 	}
-	if (!prf_plus->allocate_bytes(prf_plus, key_size, &key))
+	if (!prf_plus->allocate_bytes(prf_plus, key_size, &sk_ei))
 	{
 		goto failure;
 	}
-	DBG4(DBG_IKE, "Sk_ei secret %B", &key);
-	if (!aead_i->set_key(aead_i, key))
+	DBG4(DBG_IKE, "Sk_ei secret %B", &sk_ei);
+	if (!aead_i->set_key(aead_i, sk_ei))
 	{
 		goto failure;
 	}
-	chunk_clear(&key);
 
-	if (!prf_plus->allocate_bytes(prf_plus, key_size, &key))
+	if (!prf_plus->allocate_bytes(prf_plus, key_size, &sk_er))
 	{
 		goto failure;
 	}
-	DBG4(DBG_IKE, "Sk_er secret %B", &key);
-	if (!aead_r->set_key(aead_r, key))
+	DBG4(DBG_IKE, "Sk_er secret %B", &sk_er);
+	if (!aead_r->set_key(aead_r, sk_er))
 	{
 		goto failure;
 	}
@@ -178,11 +177,14 @@ static bool derive_ike_aead(private_keymat_v2_t *this, uint16_t alg,
 		this->aead_out = aead_r;
 	}
 	aead_i = aead_r = NULL;
+	charon->bus->ike_derived_keys(charon->bus, sk_ei, sk_er, chunk_empty,
+								  chunk_empty);
 
 failure:
 	DESTROY_IF(aead_i);
 	DESTROY_IF(aead_r);
-	chunk_clear(&key);
+	chunk_clear(&sk_ei);
+	chunk_clear(&sk_er);
 	return this->aead_in && this->aead_out;
 }
 
@@ -196,7 +198,8 @@ static bool derive_ike_traditional(private_keymat_v2_t *this, uint16_t enc_alg,
 	signer_t *signer_i, *signer_r;
 	iv_gen_t *ivg_i, *ivg_r;
 	size_t key_size;
-	chunk_t key = chunk_empty;
+	chunk_t sk_ei = chunk_empty, sk_er = chunk_empty,
+			sk_ai = chunk_empty, sk_ar = chunk_empty;
 
 	signer_i = lib->crypto->create_signer(lib->crypto, int_alg);
 	signer_r = lib->crypto->create_signer(lib->crypto, int_alg);
@@ -220,48 +223,45 @@ static bool derive_ike_traditional(private_keymat_v2_t *this, uint16_t enc_alg,
 	/* SK_ai/SK_ar used for integrity protection */
 	key_size = signer_i->get_key_size(signer_i);
 
-	if (!prf_plus->allocate_bytes(prf_plus, key_size, &key))
+	if (!prf_plus->allocate_bytes(prf_plus, key_size, &sk_ai))
 	{
 		goto failure;
 	}
-	DBG4(DBG_IKE, "Sk_ai secret %B", &key);
-	if (!signer_i->set_key(signer_i, key))
+	DBG4(DBG_IKE, "Sk_ai secret %B", &sk_ai);
+	if (!signer_i->set_key(signer_i, sk_ai))
 	{
 		goto failure;
 	}
-	chunk_clear(&key);
 
-	if (!prf_plus->allocate_bytes(prf_plus, key_size, &key))
+	if (!prf_plus->allocate_bytes(prf_plus, key_size, &sk_ar))
 	{
 		goto failure;
 	}
-	DBG4(DBG_IKE, "Sk_ar secret %B", &key);
-	if (!signer_r->set_key(signer_r, key))
+	DBG4(DBG_IKE, "Sk_ar secret %B", &sk_ar);
+	if (!signer_r->set_key(signer_r, sk_ar))
 	{
 		goto failure;
 	}
-	chunk_clear(&key);
 
 	/* SK_ei/SK_er used for encryption */
 	key_size = crypter_i->get_key_size(crypter_i);
 
-	if (!prf_plus->allocate_bytes(prf_plus, key_size, &key))
+	if (!prf_plus->allocate_bytes(prf_plus, key_size, &sk_ei))
 	{
 		goto failure;
 	}
-	DBG4(DBG_IKE, "Sk_ei secret %B", &key);
-	if (!crypter_i->set_key(crypter_i, key))
+	DBG4(DBG_IKE, "Sk_ei secret %B", &sk_ei);
+	if (!crypter_i->set_key(crypter_i, sk_ei))
 	{
 		goto failure;
 	}
-	chunk_clear(&key);
 
-	if (!prf_plus->allocate_bytes(prf_plus, key_size, &key))
+	if (!prf_plus->allocate_bytes(prf_plus, key_size, &sk_er))
 	{
 		goto failure;
 	}
-	DBG4(DBG_IKE, "Sk_er secret %B", &key);
-	if (!crypter_r->set_key(crypter_r, key))
+	DBG4(DBG_IKE, "Sk_er secret %B", &sk_er);
+	if (!crypter_r->set_key(crypter_r, sk_er))
 	{
 		goto failure;
 	}
@@ -284,9 +284,13 @@ static bool derive_ike_traditional(private_keymat_v2_t *this, uint16_t enc_alg,
 	}
 	signer_i = signer_r = NULL;
 	crypter_i = crypter_r = NULL;
+	charon->bus->ike_derived_keys(charon->bus, sk_ei, sk_er, sk_ai, sk_ar);
 
 failure:
-	chunk_clear(&key);
+	chunk_clear(&sk_ai);
+	chunk_clear(&sk_ar);
+	chunk_clear(&sk_ei);
+	chunk_clear(&sk_er);
 	DESTROY_IF(signer_i);
 	DESTROY_IF(signer_r);
 	DESTROY_IF(crypter_i);
diff --git a/src/libcharon/sa/ikev2/task_manager_v2.c b/src/libcharon/sa/ikev2/task_manager_v2.c
index 41a4e1b..60a262f 100644
--- a/src/libcharon/sa/ikev2/task_manager_v2.c
+++ b/src/libcharon/sa/ikev2/task_manager_v2.c
@@ -709,7 +709,7 @@ static status_t process_response(private_task_manager_t *this,
 	}
 	enumerator->destroy(enumerator);
 
-	if (this->initiating.retransmitted)
+	if (this->initiating.retransmitted > 1)
 	{
 		packet_t *packet = NULL;
 		array_get(this->initiating.packets, 0, &packet);
@@ -1827,15 +1827,22 @@ METHOD(task_manager_t, queue_dpd, void,
 	if (this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE) &&
 		this->ike_sa->has_condition(this->ike_sa, COND_NAT_HERE))
 	{
-		/* use mobike enabled DPD to detect NAT mapping changes */
-		mobike = ike_mobike_create(this->ike_sa, TRUE);
-		mobike->dpd(mobike);
-		queue_task(this, &mobike->task);
-	}
-	else
-	{
-		queue_task(this, (task_t*)ike_dpd_create(TRUE));
+#ifdef ME
+		peer_cfg_t *cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
+		if (cfg->get_peer_id(cfg) ||
+			this->ike_sa->has_condition(this->ike_sa, COND_ORIGINAL_INITIATOR))
+#else
+		if (this->ike_sa->has_condition(this->ike_sa, COND_ORIGINAL_INITIATOR))
+#endif
+		{
+			/* use mobike enabled DPD to detect NAT mapping changes */
+			mobike = ike_mobike_create(this->ike_sa, TRUE);
+			mobike->dpd(mobike);
+			queue_task(this, &mobike->task);
+			return;
+		}
 	}
+	queue_task(this, (task_t*)ike_dpd_create(TRUE));
 }
 
 METHOD(task_manager_t, adopt_tasks, void,
diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c
index 64a8285..71cb6b8 100644
--- a/src/libcharon/sa/ikev2/tasks/child_create.c
+++ b/src/libcharon/sa/ikev2/tasks/child_create.c
@@ -666,10 +666,6 @@ static status_t select_and_install(private_child_create_t *this,
 							FALSE, this->tfcv3, my_ts, other_ts);
 		}
 	}
-	chunk_clear(&integ_i);
-	chunk_clear(&integ_r);
-	chunk_clear(&encr_i);
-	chunk_clear(&encr_r);
 
 	if (status_i != SUCCESS || status_o != SUCCESS)
 	{
@@ -679,41 +675,62 @@ static status_t select_and_install(private_child_create_t *this,
 			(status_o != SUCCESS) ? "outbound " : "");
 		charon->bus->alert(charon->bus, ALERT_INSTALL_CHILD_SA_FAILED,
 						   this->child_sa);
-		return FAILED;
-	}
-
-	if (this->initiator)
-	{
-		status = this->child_sa->add_policies(this->child_sa, my_ts, other_ts);
+		status = FAILED;
 	}
 	else
 	{
-		/* use a copy of the traffic selectors, as the POST hook should not
-		 * change payloads */
-		my_ts = this->tsr->clone_offset(this->tsr,
+		if (this->initiator)
+		{
+			status = this->child_sa->add_policies(this->child_sa,
+												  my_ts, other_ts);
+		}
+		else
+		{
+			/* use a copy of the traffic selectors, as the POST hook should not
+			 * change payloads */
+			my_ts = this->tsr->clone_offset(this->tsr,
 										offsetof(traffic_selector_t, clone));
-		other_ts = this->tsi->clone_offset(this->tsi,
+			other_ts = this->tsi->clone_offset(this->tsi,
 										offsetof(traffic_selector_t, clone));
-		charon->bus->narrow(charon->bus, this->child_sa,
-							NARROW_RESPONDER_POST, my_ts, other_ts);
-		if (my_ts->get_count(my_ts) == 0 || other_ts->get_count(other_ts) == 0)
+			charon->bus->narrow(charon->bus, this->child_sa,
+								NARROW_RESPONDER_POST, my_ts, other_ts);
+			if (my_ts->get_count(my_ts) == 0 ||
+				other_ts->get_count(other_ts) == 0)
+			{
+				status = FAILED;
+			}
+			else
+			{
+				status = this->child_sa->add_policies(this->child_sa,
+													  my_ts, other_ts);
+			}
+			my_ts->destroy_offset(my_ts,
+								  offsetof(traffic_selector_t, destroy));
+			other_ts->destroy_offset(other_ts,
+								  offsetof(traffic_selector_t, destroy));
+		}
+		if (status != SUCCESS)
 		{
-			status = FAILED;
+			DBG1(DBG_IKE, "unable to install IPsec policies (SPD) in kernel");
+			charon->bus->alert(charon->bus, ALERT_INSTALL_CHILD_POLICY_FAILED,
+							   this->child_sa);
+			status = NOT_FOUND;
 		}
 		else
 		{
-			status = this->child_sa->add_policies(this->child_sa,
-												   my_ts, other_ts);
+			charon->bus->child_derived_keys(charon->bus, this->child_sa,
+											this->initiator, encr_i, encr_r,
+											integ_i, integ_r);
 		}
-		my_ts->destroy_offset(my_ts, offsetof(traffic_selector_t, destroy));
-		other_ts->destroy_offset(other_ts, offsetof(traffic_selector_t, destroy));
 	}
+	chunk_clear(&integ_i);
+	chunk_clear(&integ_r);
+	chunk_clear(&encr_i);
+	chunk_clear(&encr_r);
+
 	if (status != SUCCESS)
 	{
-		DBG1(DBG_IKE, "unable to install IPsec policies (SPD) in kernel");
-		charon->bus->alert(charon->bus, ALERT_INSTALL_CHILD_POLICY_FAILED,
-						   this->child_sa);
-		return NOT_FOUND;
+		return status;
 	}
 
 	charon->bus->child_keys(charon->bus, this->child_sa, this->initiator,
diff --git a/src/libcharon/sa/ikev2/tasks/ike_init.c b/src/libcharon/sa/ikev2/tasks/ike_init.c
index 801b6d8..d82e206 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_init.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_init.c
@@ -457,6 +457,11 @@ static void process_payloads(private_ike_init_t *this, message_t *message)
 	}
 	enumerator->destroy(enumerator);
 
+	if (this->proposal)
+	{
+		this->ike_sa->set_proposal(this->ike_sa, this->proposal);
+	}
+
 	if (ke_payload && this->proposal &&
 		this->proposal->has_dh_group(this->proposal, this->dh_group))
 	{
@@ -614,7 +619,6 @@ METHOD(task_t, build_r, status_t,
 		message->add_notify(message, TRUE, NO_PROPOSAL_CHOSEN, chunk_empty);
 		return FAILED;
 	}
-	this->ike_sa->set_proposal(this->ike_sa, this->proposal);
 
 	/* check if we'd have to redirect the client */
 	if (!this->old_sa &&
@@ -651,6 +655,7 @@ METHOD(task_t, build_r, status_t,
 		else
 		{
 			DBG1(DBG_IKE, "no acceptable proposal found");
+			message->add_notify(message, TRUE, NO_PROPOSAL_CHOSEN, chunk_empty);
 		}
 		return FAILED;
 	}
@@ -849,7 +854,6 @@ METHOD(task_t, process_i, status_t,
 		DBG1(DBG_IKE, "peers proposal selection invalid");
 		return FAILED;
 	}
-	this->ike_sa->set_proposal(this->ike_sa, this->proposal);
 
 	if (this->dh == NULL ||
 		!this->proposal->has_dh_group(this->proposal, this->dh_group))
diff --git a/src/libcharon/tests/Makefile.in b/src/libcharon/tests/Makefile.in
index 7a0d342..7b6beae 100644
--- a/src/libcharon/tests/Makefile.in
+++ b/src/libcharon/tests/Makefile.in
@@ -374,7 +374,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -408,8 +407,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -463,6 +460,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libcharon/tests/libcharon_tests.c b/src/libcharon/tests/libcharon_tests.c
index e25e543..1ef13e9 100644
--- a/src/libcharon/tests/libcharon_tests.c
+++ b/src/libcharon/tests/libcharon_tests.c
@@ -32,6 +32,22 @@ static test_configuration_t tests[] = {
 	{ .suite = NULL, }
 };
 
+static void initialize_logging()
+{
+	int level = LEVEL_SILENT;
+	char *verbosity;
+
+	verbosity = getenv("TESTS_VERBOSITY");
+	if (verbosity)
+	{
+		level = atoi(verbosity);
+	}
+	lib->settings->set_int(lib->settings, "%s.filelog.stderr.default",
+			lib->settings->get_int(lib->settings, "%s.filelog.stderr.default",
+								   level, lib->ns), lib->ns);
+	charon->load_loggers(charon, NULL, TRUE);
+}
+
 static bool test_runner_init(bool init)
 {
 	if (init)
@@ -39,6 +55,7 @@ static bool test_runner_init(bool init)
 		char *plugins, *plugindir;
 
 		libcharon_init();
+		initialize_logging();
 
 		plugins = getenv("TESTS_PLUGINS") ?:
 					lib->settings->get_str(lib->settings,
diff --git a/src/libcharon/tests/suites/test_proposal.c b/src/libcharon/tests/suites/test_proposal.c
index a6226f6..19f4cd1 100644
--- a/src/libcharon/tests/suites/test_proposal.c
+++ b/src/libcharon/tests/suites/test_proposal.c
@@ -18,38 +18,100 @@
 #include <config/proposal.h>
 
 static struct {
+	protocol_id_t proto;
+	char *proposal;
+	char *expected;
+} create_data[] = {
+	{ PROTO_IKE, "", NULL },
+	{ PROTO_IKE, "sha256", NULL },
+	{ PROTO_IKE, "sha256-modp3072", NULL },
+	{ PROTO_IKE, "null-sha256-modp3072", "IKE:NULL/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072" },
+	{ PROTO_IKE, "aes128", NULL },
+	{ PROTO_IKE, "aes128-sha256", NULL },
+	{ PROTO_IKE, "aes128-sha256-modpnone", NULL },
+	{ PROTO_IKE, "aes128-sha256-modp3072", "IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072" },
+	{ PROTO_IKE, "aes128-sha256-prfsha384-modp3072", "IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_384/MODP_3072" },
+	{ PROTO_IKE, "aes128gcm16-modp3072", NULL },
+	{ PROTO_IKE, "aes128gcm16-prfsha256-modp3072", "IKE:AES_GCM_16_128/PRF_HMAC_SHA2_256/MODP_3072" },
+	{ PROTO_IKE, "aes128gcm16-sha256-modp3072", "IKE:AES_GCM_16_128/PRF_HMAC_SHA2_256/MODP_3072" },
+	{ PROTO_IKE, "aes128gcm16-aes128-modp3072", NULL },
+	{ PROTO_IKE, "aes128gcm16-aes128-sha256-modp3072", NULL },
+	{ PROTO_ESP, "", NULL },
+	{ PROTO_ESP, "sha256", NULL },
+	{ PROTO_ESP, "aes128-sha256", "ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ" },
+	{ PROTO_ESP, "aes128-sha256-esn", "ESP:AES_CBC_128/HMAC_SHA2_256_128/EXT_SEQ" },
+	{ PROTO_ESP, "aes128-sha256-noesn", "ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ" },
+	{ PROTO_ESP, "aes128-sha256-esn-noesn", "ESP:AES_CBC_128/HMAC_SHA2_256_128/EXT_SEQ/NO_EXT_SEQ" },
+	{ PROTO_ESP, "aes128-sha256-prfsha256-modp3072", "ESP:AES_CBC_128/HMAC_SHA2_256_128/MODP_3072/NO_EXT_SEQ" },
+	{ PROTO_ESP, "aes128gcm16-aes128-sha256-modp3072", NULL },
+	{ PROTO_ESP, "aes128gmac", "ESP:NULL_AES_GMAC_128/NO_EXT_SEQ" },
+	{ PROTO_AH,  "", NULL },
+	{ PROTO_AH,  "aes128", NULL },
+	{ PROTO_AH,  "aes128-sha256", "AH:HMAC_SHA2_256_128/NO_EXT_SEQ" },
+	{ PROTO_AH,  "sha256-sha1", "AH:HMAC_SHA2_256_128/HMAC_SHA1_96/NO_EXT_SEQ" },
+	{ PROTO_AH,  "aes128gmac-sha256", "AH:AES_128_GMAC/HMAC_SHA2_256_128/NO_EXT_SEQ" },
+	{ PROTO_AH,  "aes128gmac-sha256-prfsha256", "AH:AES_128_GMAC/HMAC_SHA2_256_128/NO_EXT_SEQ" },
+	{ PROTO_AH,  "aes128gmac-aes256gmac-aes128-sha256", "AH:AES_128_GMAC/AES_256_GMAC/HMAC_SHA2_256_128/NO_EXT_SEQ" },
+	{ PROTO_AH,  "sha256-esn", "AH:HMAC_SHA2_256_128/EXT_SEQ" },
+	{ PROTO_AH,  "sha256-noesn", "AH:HMAC_SHA2_256_128/NO_EXT_SEQ" },
+	{ PROTO_AH,  "sha256-esn-noesn", "AH:HMAC_SHA2_256_128/EXT_SEQ/NO_EXT_SEQ" },
+};
+
+START_TEST(test_create_from_string)
+{
+	proposal_t *proposal;
+	char str[BUF_LEN];
+
+	proposal = proposal_create_from_string(create_data[_i].proto,
+										   create_data[_i].proposal);
+	if (!create_data[_i].expected)
+	{
+		ck_assert(!proposal);
+		return;
+	}
+	snprintf(str, sizeof(str), "%P", proposal);
+	ck_assert_str_eq(create_data[_i].expected, str);
+	proposal->destroy(proposal);
+}
+END_TEST
+
+static struct {
+	protocol_id_t proto;
 	char *self;
 	char *other;
 	char *expected;
 } select_data[] = {
-	{ "aes128", "aes128", "aes128" },
-	{ "aes128", "aes256", NULL },
-	{ "aes128-aes256", "aes256-aes128", "aes128" },
-	{ "aes256-aes128", "aes128-aes256", "aes256" },
-	{ "aes128-aes256-sha1-sha256", "aes256-aes128-sha256-sha1", "aes128-sha1" },
-	{ "aes256-aes128-sha256-sha1", "aes128-aes256-sha1-sha256", "aes256-sha256" },
-	{ "aes128-sha256-modp3072", "aes128-sha256", NULL },
-	{ "aes128-sha256", "aes128-sha256-modp3072", NULL },
-	{ "aes128-sha256-modp3072", "aes128-sha256-modpnone", NULL },
-	{ "aes128-sha256-modpnone", "aes128-sha256-modp3072", NULL },
-	{ "aes128-sha256-modp3072-modpnone", "aes128-sha256", "aes128-sha256" },
-	{ "aes128-sha256", "aes128-sha256-modp3072-modpnone", "aes128-sha256" },
-	{ "aes128-sha256-modp3072-modpnone", "aes128-sha256-modpnone-modp3072", "aes128-sha256-modp3072" },
-	{ "aes128-sha256-modpnone-modp3072", "aes128-sha256-modp3072-modpnone", "aes128-sha256-modpnone" },
+	{ PROTO_ESP, "aes128", "aes128", "aes128" },
+	{ PROTO_ESP, "aes128", "aes256", NULL },
+	{ PROTO_ESP, "aes128-aes256", "aes256-aes128", "aes128" },
+	{ PROTO_ESP, "aes256-aes128", "aes128-aes256", "aes256" },
+	{ PROTO_ESP, "aes128-aes256-sha1-sha256", "aes256-aes128-sha256-sha1", "aes128-sha1" },
+	{ PROTO_ESP, "aes256-aes128-sha256-sha1", "aes128-aes256-sha1-sha256", "aes256-sha256" },
+	{ PROTO_ESP, "aes128-sha256-modp3072", "aes128-sha256", NULL },
+	{ PROTO_ESP, "aes128-sha256", "aes128-sha256-modp3072", NULL },
+	{ PROTO_ESP, "aes128-sha256-modp3072", "aes128-sha256-modpnone", NULL },
+	{ PROTO_ESP, "aes128-sha256-modpnone", "aes128-sha256-modp3072", NULL },
+	{ PROTO_ESP, "aes128-sha256-modp3072-modpnone", "aes128-sha256", "aes128-sha256" },
+	{ PROTO_ESP, "aes128-sha256", "aes128-sha256-modp3072-modpnone", "aes128-sha256" },
+	{ PROTO_ESP, "aes128-sha256-modp3072-modpnone", "aes128-sha256-modpnone-modp3072", "aes128-sha256-modp3072" },
+	{ PROTO_ESP, "aes128-sha256-modpnone-modp3072", "aes128-sha256-modp3072-modpnone", "aes128-sha256-modpnone" },
+	{ PROTO_IKE, "aes128-sha256-modp3072", "aes128-sha256-modp3072", "aes128-sha256-modp3072" },
+	{ PROTO_IKE, "aes128-sha256-modp3072", "aes128-sha256-modp3072-modpnone", "aes128-sha256-modp3072" },
+	{ PROTO_IKE, "aes128-sha256-modp3072-modpnone", "aes128-sha256-modp3072", "aes128-sha256-modp3072" },
 };
 
 START_TEST(test_select)
 {
 	proposal_t *self, *other, *selected, *expected;
 
-	self = proposal_create_from_string(PROTO_ESP,
+	self = proposal_create_from_string(select_data[_i].proto,
 									   select_data[_i].self);
-	other = proposal_create_from_string(PROTO_ESP,
+	other = proposal_create_from_string(select_data[_i].proto,
 										select_data[_i].other);
 	selected = self->select(self, other, FALSE);
 	if (select_data[_i].expected)
 	{
-		expected = proposal_create_from_string(PROTO_ESP,
+		expected = proposal_create_from_string(select_data[_i].proto,
 											   select_data[_i].expected);
 		ck_assert(selected);
 		ck_assert_msg(expected->equals(expected, selected), "proposal %P does "
@@ -73,6 +135,10 @@ Suite *proposal_suite_create()
 
 	s = suite_create("proposal");
 
+	tc = tcase_create("create_from_string");
+	tcase_add_loop_test(tc, test_create_from_string, 0, countof(create_data));
+	suite_add_tcase(s, tc);
+
 	tc = tcase_create("select");
 	tcase_add_loop_test(tc, test_select, 0, countof(select_data));
 	suite_add_tcase(s, tc);
diff --git a/src/libfast/Makefile.in b/src/libfast/Makefile.in
index 4c489db..79a9d74 100644
--- a/src/libfast/Makefile.in
+++ b/src/libfast/Makefile.in
@@ -356,7 +356,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -390,8 +389,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -445,6 +442,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libimcv/Makefile.in b/src/libimcv/Makefile.in
index 7983b77..4e5be54 100644
--- a/src/libimcv/Makefile.in
+++ b/src/libimcv/Makefile.in
@@ -525,7 +525,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -559,8 +558,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -614,6 +611,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libimcv/imv/data.sql b/src/libimcv/imv/data.sql
index 6f88e17..fb0db91 100644
--- a/src/libimcv/imv/data.sql
+++ b/src/libimcv/imv/data.sql
@@ -496,6 +496,18 @@ INSERT INTO products (          /* 83 */
  'Debian 8.5 x86_64'
 );
 
+INSERT INTO products (          /* 84 */
+  name
+) VALUES (
+ 'Debian 8.6 i686'
+);
+
+INSERT INTO products (          /* 85 */
+  name
+) VALUES (
+ 'Debian 8.6 x86_64'
+);
+
 /* Directories */
 
 INSERT INTO directories (		/*  1 */
@@ -1093,6 +1105,12 @@ INSERT INTO groups_product_defaults (
 INSERT INTO groups_product_defaults (
   group_id, product_id
 ) VALUES (
+  5, 85
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
   6, 9
 );
 
diff --git a/src/libimcv/plugins/imc_attestation/Makefile.in b/src/libimcv/plugins/imc_attestation/Makefile.in
index d2b8168..f5c73ef 100644
--- a/src/libimcv/plugins/imc_attestation/Makefile.in
+++ b/src/libimcv/plugins/imc_attestation/Makefile.in
@@ -351,7 +351,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -385,8 +384,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -440,6 +437,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libimcv/plugins/imc_hcd/Makefile.in b/src/libimcv/plugins/imc_hcd/Makefile.in
index 44aaf87..ffc5710 100644
--- a/src/libimcv/plugins/imc_hcd/Makefile.in
+++ b/src/libimcv/plugins/imc_hcd/Makefile.in
@@ -348,7 +348,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -382,8 +381,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -437,6 +434,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libimcv/plugins/imc_os/Makefile.in b/src/libimcv/plugins/imc_os/Makefile.in
index 93d532d..4d6eff5 100644
--- a/src/libimcv/plugins/imc_os/Makefile.in
+++ b/src/libimcv/plugins/imc_os/Makefile.in
@@ -348,7 +348,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -382,8 +381,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -437,6 +434,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libimcv/plugins/imc_scanner/Makefile.in b/src/libimcv/plugins/imc_scanner/Makefile.in
index 44d8279..7e18b3c 100644
--- a/src/libimcv/plugins/imc_scanner/Makefile.in
+++ b/src/libimcv/plugins/imc_scanner/Makefile.in
@@ -349,7 +349,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -383,8 +382,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -438,6 +435,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libimcv/plugins/imc_swid/Makefile.in b/src/libimcv/plugins/imc_swid/Makefile.in
index 5eec531..f97a7ba 100644
--- a/src/libimcv/plugins/imc_swid/Makefile.in
+++ b/src/libimcv/plugins/imc_swid/Makefile.in
@@ -351,7 +351,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -385,8 +384,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -440,6 +437,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libimcv/plugins/imc_test/Makefile.in b/src/libimcv/plugins/imc_test/Makefile.in
index 508f7fe..95acd4b 100644
--- a/src/libimcv/plugins/imc_test/Makefile.in
+++ b/src/libimcv/plugins/imc_test/Makefile.in
@@ -348,7 +348,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -382,8 +381,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -437,6 +434,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libimcv/plugins/imv_attestation/Makefile.in b/src/libimcv/plugins/imv_attestation/Makefile.in
index 61b92e0..2be4e15 100644
--- a/src/libimcv/plugins/imv_attestation/Makefile.in
+++ b/src/libimcv/plugins/imv_attestation/Makefile.in
@@ -362,7 +362,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -396,8 +395,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -451,6 +448,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libimcv/plugins/imv_hcd/Makefile.in b/src/libimcv/plugins/imv_hcd/Makefile.in
index 4fdbbf4..1c3d0ac 100644
--- a/src/libimcv/plugins/imv_hcd/Makefile.in
+++ b/src/libimcv/plugins/imv_hcd/Makefile.in
@@ -348,7 +348,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -382,8 +381,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -437,6 +434,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libimcv/plugins/imv_os/Makefile.in b/src/libimcv/plugins/imv_os/Makefile.in
index d2997a9..b119559 100644
--- a/src/libimcv/plugins/imv_os/Makefile.in
+++ b/src/libimcv/plugins/imv_os/Makefile.in
@@ -356,7 +356,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -390,8 +389,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -445,6 +442,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libimcv/plugins/imv_scanner/Makefile.in b/src/libimcv/plugins/imv_scanner/Makefile.in
index ffca30c..22eb4ae 100644
--- a/src/libimcv/plugins/imv_scanner/Makefile.in
+++ b/src/libimcv/plugins/imv_scanner/Makefile.in
@@ -350,7 +350,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -384,8 +383,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -439,6 +436,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libimcv/plugins/imv_swid/Makefile.in b/src/libimcv/plugins/imv_swid/Makefile.in
index aea48e7..21bbe4a 100644
--- a/src/libimcv/plugins/imv_swid/Makefile.in
+++ b/src/libimcv/plugins/imv_swid/Makefile.in
@@ -351,7 +351,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -385,8 +384,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -440,6 +437,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libimcv/plugins/imv_test/Makefile.in b/src/libimcv/plugins/imv_test/Makefile.in
index 30fa3c7..a32a465 100644
--- a/src/libimcv/plugins/imv_test/Makefile.in
+++ b/src/libimcv/plugins/imv_test/Makefile.in
@@ -349,7 +349,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -383,8 +382,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -438,6 +435,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libimcv/pts/pts.c b/src/libimcv/pts/pts.c
index 2ba949e..d771d07 100644
--- a/src/libimcv/pts/pts.c
+++ b/src/libimcv/pts/pts.c
@@ -388,26 +388,29 @@ static void load_aik(private_pts_t *this)
 			DBG1(DBG_PTS, "AIK Blob is not available");
 		}
 
-		/* get AIK public key */
-		if (key_path)
+		/* get AIK public key if no AIK certificate is available */
+		if (!this->aik_cert)
 		{
-			map = chunk_map(key_path, FALSE);
-			if (map)
+			if (key_path)
 			{
-				DBG2(DBG_PTS, "loaded AIK public key from '%s'", key_path);
-				aik_pubkey = chunk_clone(*map);
-				chunk_unmap(map);
+				map = chunk_map(key_path, FALSE);
+				if (map)
+				{
+					DBG2(DBG_PTS, "loaded AIK public key from '%s'", key_path);
+					aik_pubkey = chunk_clone(*map);
+					chunk_unmap(map);
+				}
+				else
+				{
+					DBG1(DBG_PTS, "unable to map AIK public key file '%s': %s",
+								   key_path, strerror(errno));
+				}
 			}
 			else
 			{
-				DBG1(DBG_PTS, "unable to map AIK public key file '%s': %s",
-							   key_path, strerror(errno));
+				DBG1(DBG_PTS, "AIK public key is not available");
 			}
 		}
-		else
-		{
-			DBG1(DBG_PTS, "AIK public key is not available");
-		}
 
 		/* Load AIK item into TPM 1.2 object */
 		tpm_12 = (tpm_tss_trousers_t *)this->tpm;
@@ -716,13 +719,22 @@ METHOD(pts_t, verify_quote_signature, bool,
 					scheme = SIGN_RSA_EMSA_PKCS1_SHA1;
 					break;
 				case HASH_SHA256:
-					scheme = SIGN_RSA_EMSA_PKCS1_SHA256;
+					scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256;
 					break;
 				case HASH_SHA384:
-					scheme = SIGN_RSA_EMSA_PKCS1_SHA384;
+					scheme = SIGN_RSA_EMSA_PKCS1_SHA2_384;
 					break;
 				case HASH_SHA512:
-					scheme = SIGN_RSA_EMSA_PKCS1_SHA512;
+					scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512;
+					break;
+				case HASH_SHA3_256:
+					scheme = SIGN_RSA_EMSA_PKCS1_SHA3_256;
+					break;
+				case HASH_SHA3_384:
+					scheme = SIGN_RSA_EMSA_PKCS1_SHA3_384;
+					break;
+				case HASH_SHA3_512:
+					scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512;
 					break;
 				default:
 					scheme = SIGN_UNKNOWN;
diff --git a/src/libipsec/Makefile.in b/src/libipsec/Makefile.in
index 19a2577..ea73c60 100644
--- a/src/libipsec/Makefile.in
+++ b/src/libipsec/Makefile.in
@@ -390,7 +390,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -424,8 +423,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -479,6 +476,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libipsec/tests/Makefile.in b/src/libipsec/tests/Makefile.in
index db73e1f..0c1d858 100644
--- a/src/libipsec/tests/Makefile.in
+++ b/src/libipsec/tests/Makefile.in
@@ -346,7 +346,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -380,8 +379,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -435,6 +432,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libpttls/Makefile.in b/src/libpttls/Makefile.in
index a4d4b33..14e4a6b 100644
--- a/src/libpttls/Makefile.in
+++ b/src/libpttls/Makefile.in
@@ -351,7 +351,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -385,8 +384,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -440,6 +437,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libradius/Makefile.in b/src/libradius/Makefile.in
index f5a5d12..8106295 100644
--- a/src/libradius/Makefile.in
+++ b/src/libradius/Makefile.in
@@ -346,7 +346,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -380,8 +379,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -435,6 +432,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libsimaka/Makefile.in b/src/libsimaka/Makefile.in
index a7bc8e3..ea053a3 100644
--- a/src/libsimaka/Makefile.in
+++ b/src/libsimaka/Makefile.in
@@ -349,7 +349,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -383,8 +382,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -438,6 +435,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/Android.mk b/src/libstrongswan/Android.mk
index da5f34e..0e8f7f3 100644
--- a/src/libstrongswan/Android.mk
+++ b/src/libstrongswan/Android.mk
@@ -16,7 +16,7 @@ crypto/signers/mac_signer.c crypto/crypto_factory.c crypto/crypto_tester.c \
 crypto/diffie_hellman.c crypto/aead.c crypto/transform.c \
 crypto/iv/iv_gen.c crypto/iv/iv_gen_rand.c crypto/iv/iv_gen_seq.c \
 crypto/iv/iv_gen_null.c \
-crypto/mgf1/mgf1.c crypto/mgf1/mgf1_bitspender.c \
+crypto/xofs/xof.c crypto/xofs/xof_bitspender.c \
 credentials/credential_factory.c credentials/builder.c \
 credentials/cred_encoding.c credentials/keys/private_key.c \
 credentials/keys/public_key.c credentials/keys/shared_key.c \
diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am
index 9be93f1..52ae7c6 100644
--- a/src/libstrongswan/Makefile.am
+++ b/src/libstrongswan/Makefile.am
@@ -14,7 +14,7 @@ crypto/signers/mac_signer.c crypto/crypto_factory.c crypto/crypto_tester.c \
 crypto/diffie_hellman.c crypto/aead.c crypto/transform.c \
 crypto/iv/iv_gen.c crypto/iv/iv_gen_rand.c crypto/iv/iv_gen_seq.c \
 crypto/iv/iv_gen_null.c \
-crypto/mgf1/mgf1.c crypto/mgf1/mgf1_bitspender.c \
+crypto/xofs/xof.c crypto/xofs/xof_bitspender.c \
 credentials/credential_factory.c credentials/builder.c \
 credentials/cred_encoding.c credentials/keys/private_key.c \
 credentials/keys/public_key.c credentials/keys/shared_key.c \
@@ -75,7 +75,7 @@ crypto/prf_plus.h crypto/signers/signer.h crypto/signers/mac_signer.h \
 crypto/crypto_factory.h crypto/crypto_tester.h crypto/diffie_hellman.h \
 crypto/aead.h crypto/transform.h crypto/pkcs5.h crypto/iv/iv_gen.h \
 crypto/iv/iv_gen_rand.h crypto/iv/iv_gen_seq.h crypto/iv/iv_gen_null.h \
-crypto/mgf1/mgf1.h crypto/mgf1/mgf1_bitspender.h \
+crypto/xofs/xof.h crypto/xofs/xof_bitspender.h crypto/xofs/mgf1.h \
 credentials/credential_factory.h credentials/builder.h \
 credentials/cred_encoding.h credentials/keys/private_key.h \
 credentials/keys/public_key.h credentials/keys/shared_key.h \
@@ -220,16 +220,22 @@ $(srcdir)/crypto/proposal/proposal_keywords_static.c:	$(srcdir)/crypto/proposal/
 		$(GPERF) -N proposal_get_token_static -m 10 -C -G -c -t -D < \
 												$(srcdir)/crypto/proposal/proposal_keywords_static.txt > $@
 
-
-# build plugins with their own Makefile
-#######################################
-
 if MONOLITHIC
 SUBDIRS =
 else
 SUBDIRS = .
 endif
 
+# build libnttfft used by some plugins
+######################################
+
+if USE_LIBNTTFFT
+  SUBDIRS += math/libnttfft
+endif
+
+# build plugins with their own Makefile
+#######################################
+
 if USE_AF_ALG
   SUBDIRS += plugins/af_alg
 if MONOLITHIC
@@ -580,6 +586,13 @@ if MONOLITHIC
 endif
 endif
 
+if USE_MGF1
+  SUBDIRS += plugins/mgf1
+if MONOLITHIC
+  libstrongswan_la_LIBADD += plugins/mgf1/libstrongswan-mgf1.la
+endif
+endif
+
 if USE_NTRU
   SUBDIRS += plugins/ntru
 if MONOLITHIC
@@ -594,6 +607,13 @@ if MONOLITHIC
 endif
 endif
 
+if USE_NEWHOPE
+  SUBDIRS += plugins/newhope
+if MONOLITHIC
+  libstrongswan_la_LIBADD += plugins/newhope/libstrongswan-newhope.la
+endif
+endif
+
 if USE_TEST_VECTORS
   SUBDIRS += plugins/test_vectors
 if MONOLITHIC
@@ -604,7 +624,20 @@ endif
 if MONOLITHIC
   SUBDIRS += .
 endif
+
+# build unit tests
+##################
+
 SUBDIRS += tests
+
+if USE_LIBNTTFFT
+  SUBDIRS += math/libnttfft/tests
+endif
+
 if USE_BLISS
   SUBDIRS += plugins/bliss/tests
 endif
+
+if USE_NEWHOPE
+  SUBDIRS += plugins/newhope/tests
+endif
diff --git a/src/libstrongswan/Makefile.in b/src/libstrongswan/Makefile.in
index d1b65bd..3eec966 100644
--- a/src/libstrongswan/Makefile.in
+++ b/src/libstrongswan/Makefile.in
@@ -123,113 +123,126 @@ host_triplet = @host@
 @USE_BUILTIN_PRINTF_TRUE at am__append_15 = -lm
 @USE_BUILTIN_PRINTF_FALSE@@USE_VSTR_FALSE at am__append_16 = utils/printf_hook/printf_hook_glibc.c
 @USE_LIBCAP_TRUE at am__append_17 = -lcap
- at USE_AF_ALG_TRUE@am__append_18 = plugins/af_alg
- at MONOLITHIC_TRUE@@USE_AF_ALG_TRUE at am__append_19 = plugins/af_alg/libstrongswan-af-alg.la
- at USE_AES_TRUE@am__append_20 = plugins/aes
- at MONOLITHIC_TRUE@@USE_AES_TRUE at am__append_21 = plugins/aes/libstrongswan-aes.la
- at USE_DES_TRUE@am__append_22 = plugins/des
- at MONOLITHIC_TRUE@@USE_DES_TRUE at am__append_23 = plugins/des/libstrongswan-des.la
- at USE_BLOWFISH_TRUE@am__append_24 = plugins/blowfish
- at MONOLITHIC_TRUE@@USE_BLOWFISH_TRUE at am__append_25 = plugins/blowfish/libstrongswan-blowfish.la
- at USE_RC2_TRUE@am__append_26 = plugins/rc2
- at MONOLITHIC_TRUE@@USE_RC2_TRUE at am__append_27 = plugins/rc2/libstrongswan-rc2.la
- at USE_MD4_TRUE@am__append_28 = plugins/md4
- at MONOLITHIC_TRUE@@USE_MD4_TRUE at am__append_29 = plugins/md4/libstrongswan-md4.la
- at USE_MD5_TRUE@am__append_30 = plugins/md5
- at MONOLITHIC_TRUE@@USE_MD5_TRUE at am__append_31 = plugins/md5/libstrongswan-md5.la
- at USE_SHA1_TRUE@am__append_32 = plugins/sha1
- at MONOLITHIC_TRUE@@USE_SHA1_TRUE at am__append_33 = plugins/sha1/libstrongswan-sha1.la
- at USE_SHA2_TRUE@am__append_34 = plugins/sha2
- at MONOLITHIC_TRUE@@USE_SHA2_TRUE at am__append_35 = plugins/sha2/libstrongswan-sha2.la
- at USE_SHA3_TRUE@am__append_36 = plugins/sha3
- at MONOLITHIC_TRUE@@USE_SHA3_TRUE at am__append_37 = plugins/sha3/libstrongswan-sha3.la
- at USE_GMP_TRUE@am__append_38 = plugins/gmp
- at MONOLITHIC_TRUE@@USE_GMP_TRUE at am__append_39 = plugins/gmp/libstrongswan-gmp.la
- at USE_RDRAND_TRUE@am__append_40 = plugins/rdrand
- at MONOLITHIC_TRUE@@USE_RDRAND_TRUE at am__append_41 = plugins/rdrand/libstrongswan-rdrand.la
- at USE_AESNI_TRUE@am__append_42 = plugins/aesni
- at MONOLITHIC_TRUE@@USE_AESNI_TRUE at am__append_43 = plugins/aesni/libstrongswan-aesni.la
- at USE_RANDOM_TRUE@am__append_44 = plugins/random
- at MONOLITHIC_TRUE@@USE_RANDOM_TRUE at am__append_45 = plugins/random/libstrongswan-random.la
- at USE_NONCE_TRUE@am__append_46 = plugins/nonce
- at MONOLITHIC_TRUE@@USE_NONCE_TRUE at am__append_47 = plugins/nonce/libstrongswan-nonce.la
- at USE_HMAC_TRUE@am__append_48 = plugins/hmac
- at MONOLITHIC_TRUE@@USE_HMAC_TRUE at am__append_49 = plugins/hmac/libstrongswan-hmac.la
- at USE_CMAC_TRUE@am__append_50 = plugins/cmac
- at MONOLITHIC_TRUE@@USE_CMAC_TRUE at am__append_51 = plugins/cmac/libstrongswan-cmac.la
- at USE_XCBC_TRUE@am__append_52 = plugins/xcbc
- at MONOLITHIC_TRUE@@USE_XCBC_TRUE at am__append_53 = plugins/xcbc/libstrongswan-xcbc.la
- at USE_X509_TRUE@am__append_54 = plugins/x509
- at MONOLITHIC_TRUE@@USE_X509_TRUE at am__append_55 = plugins/x509/libstrongswan-x509.la
- at USE_REVOCATION_TRUE@am__append_56 = plugins/revocation
- at MONOLITHIC_TRUE@@USE_REVOCATION_TRUE at am__append_57 = plugins/revocation/libstrongswan-revocation.la
- at USE_CONSTRAINTS_TRUE@am__append_58 = plugins/constraints
- at MONOLITHIC_TRUE@@USE_CONSTRAINTS_TRUE at am__append_59 = plugins/constraints/libstrongswan-constraints.la
- at USE_ACERT_TRUE@am__append_60 = plugins/acert
- at MONOLITHIC_TRUE@@USE_ACERT_TRUE at am__append_61 = plugins/acert/libstrongswan-acert.la
- at USE_PUBKEY_TRUE@am__append_62 = plugins/pubkey
- at MONOLITHIC_TRUE@@USE_PUBKEY_TRUE at am__append_63 = plugins/pubkey/libstrongswan-pubkey.la
- at USE_PKCS1_TRUE@am__append_64 = plugins/pkcs1
- at MONOLITHIC_TRUE@@USE_PKCS1_TRUE at am__append_65 = plugins/pkcs1/libstrongswan-pkcs1.la
- at USE_PKCS7_TRUE@am__append_66 = plugins/pkcs7
- at MONOLITHIC_TRUE@@USE_PKCS7_TRUE at am__append_67 = plugins/pkcs7/libstrongswan-pkcs7.la
- at USE_PKCS8_TRUE@am__append_68 = plugins/pkcs8
- at MONOLITHIC_TRUE@@USE_PKCS8_TRUE at am__append_69 = plugins/pkcs8/libstrongswan-pkcs8.la
- at USE_PKCS12_TRUE@am__append_70 = plugins/pkcs12
- at MONOLITHIC_TRUE@@USE_PKCS12_TRUE at am__append_71 = plugins/pkcs12/libstrongswan-pkcs12.la
- at USE_PGP_TRUE@am__append_72 = plugins/pgp
- at MONOLITHIC_TRUE@@USE_PGP_TRUE at am__append_73 = plugins/pgp/libstrongswan-pgp.la
- at USE_DNSKEY_TRUE@am__append_74 = plugins/dnskey
- at MONOLITHIC_TRUE@@USE_DNSKEY_TRUE at am__append_75 = plugins/dnskey/libstrongswan-dnskey.la
- at USE_SSHKEY_TRUE@am__append_76 = plugins/sshkey
- at MONOLITHIC_TRUE@@USE_SSHKEY_TRUE at am__append_77 = plugins/sshkey/libstrongswan-sshkey.la
- at USE_PEM_TRUE@am__append_78 = plugins/pem
- at MONOLITHIC_TRUE@@USE_PEM_TRUE at am__append_79 = plugins/pem/libstrongswan-pem.la
- at USE_CURL_TRUE@am__append_80 = plugins/curl
- at MONOLITHIC_TRUE@@USE_CURL_TRUE at am__append_81 = plugins/curl/libstrongswan-curl.la
- at USE_FILES_TRUE@am__append_82 = plugins/files
- at MONOLITHIC_TRUE@@USE_FILES_TRUE at am__append_83 = plugins/files/libstrongswan-files.la
- at USE_WINHTTP_TRUE@am__append_84 = plugins/winhttp
- at MONOLITHIC_TRUE@@USE_WINHTTP_TRUE at am__append_85 = plugins/winhttp/libstrongswan-winhttp.la
- at USE_UNBOUND_TRUE@am__append_86 = plugins/unbound
- at MONOLITHIC_TRUE@@USE_UNBOUND_TRUE at am__append_87 = plugins/unbound/libstrongswan-unbound.la
- at USE_SOUP_TRUE@am__append_88 = plugins/soup
- at MONOLITHIC_TRUE@@USE_SOUP_TRUE at am__append_89 = plugins/soup/libstrongswan-soup.la
- at USE_LDAP_TRUE@am__append_90 = plugins/ldap
- at MONOLITHIC_TRUE@@USE_LDAP_TRUE at am__append_91 = plugins/ldap/libstrongswan-ldap.la
- at USE_MYSQL_TRUE@am__append_92 = plugins/mysql
- at MONOLITHIC_TRUE@@USE_MYSQL_TRUE at am__append_93 = plugins/mysql/libstrongswan-mysql.la
- at USE_SQLITE_TRUE@am__append_94 = plugins/sqlite
- at MONOLITHIC_TRUE@@USE_SQLITE_TRUE at am__append_95 = plugins/sqlite/libstrongswan-sqlite.la
- at USE_PADLOCK_TRUE@am__append_96 = plugins/padlock
- at MONOLITHIC_TRUE@@USE_PADLOCK_TRUE at am__append_97 = plugins/padlock/libstrongswan-padlock.la
- at USE_OPENSSL_TRUE@am__append_98 = plugins/openssl
- at MONOLITHIC_TRUE@@USE_OPENSSL_TRUE at am__append_99 = plugins/openssl/libstrongswan-openssl.la
- at USE_GCRYPT_TRUE@am__append_100 = plugins/gcrypt
- at MONOLITHIC_TRUE@@USE_GCRYPT_TRUE at am__append_101 = plugins/gcrypt/libstrongswan-gcrypt.la
- at USE_FIPS_PRF_TRUE@am__append_102 = plugins/fips_prf
- at MONOLITHIC_TRUE@@USE_FIPS_PRF_TRUE at am__append_103 = plugins/fips_prf/libstrongswan-fips-prf.la
- at USE_AGENT_TRUE@am__append_104 = plugins/agent
- at MONOLITHIC_TRUE@@USE_AGENT_TRUE at am__append_105 = plugins/agent/libstrongswan-agent.la
- at USE_KEYCHAIN_TRUE@am__append_106 = plugins/keychain
- at MONOLITHIC_TRUE@@USE_KEYCHAIN_TRUE at am__append_107 = plugins/keychain/libstrongswan-keychain.la
- at USE_PKCS11_TRUE@am__append_108 = plugins/pkcs11
- at MONOLITHIC_TRUE@@USE_PKCS11_TRUE at am__append_109 = plugins/pkcs11/libstrongswan-pkcs11.la
- at USE_CHAPOLY_TRUE@am__append_110 = plugins/chapoly
- at MONOLITHIC_TRUE@@USE_CHAPOLY_TRUE at am__append_111 = plugins/chapoly/libstrongswan-chapoly.la
- at USE_CTR_TRUE@am__append_112 = plugins/ctr
- at MONOLITHIC_TRUE@@USE_CTR_TRUE at am__append_113 = plugins/ctr/libstrongswan-ctr.la
- at USE_CCM_TRUE@am__append_114 = plugins/ccm
- at MONOLITHIC_TRUE@@USE_CCM_TRUE at am__append_115 = plugins/ccm/libstrongswan-ccm.la
- at USE_GCM_TRUE@am__append_116 = plugins/gcm
- at MONOLITHIC_TRUE@@USE_GCM_TRUE at am__append_117 = plugins/gcm/libstrongswan-gcm.la
- at USE_NTRU_TRUE@am__append_118 = plugins/ntru
- at MONOLITHIC_TRUE@@USE_NTRU_TRUE at am__append_119 = plugins/ntru/libstrongswan-ntru.la
- at USE_BLISS_TRUE@am__append_120 = plugins/bliss
- at MONOLITHIC_TRUE@@USE_BLISS_TRUE at am__append_121 = plugins/bliss/libstrongswan-bliss.la
- at USE_TEST_VECTORS_TRUE@am__append_122 = plugins/test_vectors
- at MONOLITHIC_TRUE@@USE_TEST_VECTORS_TRUE at am__append_123 = plugins/test_vectors/libstrongswan-test-vectors.la
- at USE_BLISS_TRUE@am__append_124 = plugins/bliss/tests
+
+# build libnttfft used by some plugins
+######################################
+ at USE_LIBNTTFFT_TRUE@am__append_18 = math/libnttfft
+
+# build plugins with their own Makefile
+#######################################
+ at USE_AF_ALG_TRUE@am__append_19 = plugins/af_alg
+ at MONOLITHIC_TRUE@@USE_AF_ALG_TRUE at am__append_20 = plugins/af_alg/libstrongswan-af-alg.la
+ at USE_AES_TRUE@am__append_21 = plugins/aes
+ at MONOLITHIC_TRUE@@USE_AES_TRUE at am__append_22 = plugins/aes/libstrongswan-aes.la
+ at USE_DES_TRUE@am__append_23 = plugins/des
+ at MONOLITHIC_TRUE@@USE_DES_TRUE at am__append_24 = plugins/des/libstrongswan-des.la
+ at USE_BLOWFISH_TRUE@am__append_25 = plugins/blowfish
+ at MONOLITHIC_TRUE@@USE_BLOWFISH_TRUE at am__append_26 = plugins/blowfish/libstrongswan-blowfish.la
+ at USE_RC2_TRUE@am__append_27 = plugins/rc2
+ at MONOLITHIC_TRUE@@USE_RC2_TRUE at am__append_28 = plugins/rc2/libstrongswan-rc2.la
+ at USE_MD4_TRUE@am__append_29 = plugins/md4
+ at MONOLITHIC_TRUE@@USE_MD4_TRUE at am__append_30 = plugins/md4/libstrongswan-md4.la
+ at USE_MD5_TRUE@am__append_31 = plugins/md5
+ at MONOLITHIC_TRUE@@USE_MD5_TRUE at am__append_32 = plugins/md5/libstrongswan-md5.la
+ at USE_SHA1_TRUE@am__append_33 = plugins/sha1
+ at MONOLITHIC_TRUE@@USE_SHA1_TRUE at am__append_34 = plugins/sha1/libstrongswan-sha1.la
+ at USE_SHA2_TRUE@am__append_35 = plugins/sha2
+ at MONOLITHIC_TRUE@@USE_SHA2_TRUE at am__append_36 = plugins/sha2/libstrongswan-sha2.la
+ at USE_SHA3_TRUE@am__append_37 = plugins/sha3
+ at MONOLITHIC_TRUE@@USE_SHA3_TRUE at am__append_38 = plugins/sha3/libstrongswan-sha3.la
+ at USE_GMP_TRUE@am__append_39 = plugins/gmp
+ at MONOLITHIC_TRUE@@USE_GMP_TRUE at am__append_40 = plugins/gmp/libstrongswan-gmp.la
+ at USE_RDRAND_TRUE@am__append_41 = plugins/rdrand
+ at MONOLITHIC_TRUE@@USE_RDRAND_TRUE at am__append_42 = plugins/rdrand/libstrongswan-rdrand.la
+ at USE_AESNI_TRUE@am__append_43 = plugins/aesni
+ at MONOLITHIC_TRUE@@USE_AESNI_TRUE at am__append_44 = plugins/aesni/libstrongswan-aesni.la
+ at USE_RANDOM_TRUE@am__append_45 = plugins/random
+ at MONOLITHIC_TRUE@@USE_RANDOM_TRUE at am__append_46 = plugins/random/libstrongswan-random.la
+ at USE_NONCE_TRUE@am__append_47 = plugins/nonce
+ at MONOLITHIC_TRUE@@USE_NONCE_TRUE at am__append_48 = plugins/nonce/libstrongswan-nonce.la
+ at USE_HMAC_TRUE@am__append_49 = plugins/hmac
+ at MONOLITHIC_TRUE@@USE_HMAC_TRUE at am__append_50 = plugins/hmac/libstrongswan-hmac.la
+ at USE_CMAC_TRUE@am__append_51 = plugins/cmac
+ at MONOLITHIC_TRUE@@USE_CMAC_TRUE at am__append_52 = plugins/cmac/libstrongswan-cmac.la
+ at USE_XCBC_TRUE@am__append_53 = plugins/xcbc
+ at MONOLITHIC_TRUE@@USE_XCBC_TRUE at am__append_54 = plugins/xcbc/libstrongswan-xcbc.la
+ at USE_X509_TRUE@am__append_55 = plugins/x509
+ at MONOLITHIC_TRUE@@USE_X509_TRUE at am__append_56 = plugins/x509/libstrongswan-x509.la
+ at USE_REVOCATION_TRUE@am__append_57 = plugins/revocation
+ at MONOLITHIC_TRUE@@USE_REVOCATION_TRUE at am__append_58 = plugins/revocation/libstrongswan-revocation.la
+ at USE_CONSTRAINTS_TRUE@am__append_59 = plugins/constraints
+ at MONOLITHIC_TRUE@@USE_CONSTRAINTS_TRUE at am__append_60 = plugins/constraints/libstrongswan-constraints.la
+ at USE_ACERT_TRUE@am__append_61 = plugins/acert
+ at MONOLITHIC_TRUE@@USE_ACERT_TRUE at am__append_62 = plugins/acert/libstrongswan-acert.la
+ at USE_PUBKEY_TRUE@am__append_63 = plugins/pubkey
+ at MONOLITHIC_TRUE@@USE_PUBKEY_TRUE at am__append_64 = plugins/pubkey/libstrongswan-pubkey.la
+ at USE_PKCS1_TRUE@am__append_65 = plugins/pkcs1
+ at MONOLITHIC_TRUE@@USE_PKCS1_TRUE at am__append_66 = plugins/pkcs1/libstrongswan-pkcs1.la
+ at USE_PKCS7_TRUE@am__append_67 = plugins/pkcs7
+ at MONOLITHIC_TRUE@@USE_PKCS7_TRUE at am__append_68 = plugins/pkcs7/libstrongswan-pkcs7.la
+ at USE_PKCS8_TRUE@am__append_69 = plugins/pkcs8
+ at MONOLITHIC_TRUE@@USE_PKCS8_TRUE at am__append_70 = plugins/pkcs8/libstrongswan-pkcs8.la
+ at USE_PKCS12_TRUE@am__append_71 = plugins/pkcs12
+ at MONOLITHIC_TRUE@@USE_PKCS12_TRUE at am__append_72 = plugins/pkcs12/libstrongswan-pkcs12.la
+ at USE_PGP_TRUE@am__append_73 = plugins/pgp
+ at MONOLITHIC_TRUE@@USE_PGP_TRUE at am__append_74 = plugins/pgp/libstrongswan-pgp.la
+ at USE_DNSKEY_TRUE@am__append_75 = plugins/dnskey
+ at MONOLITHIC_TRUE@@USE_DNSKEY_TRUE at am__append_76 = plugins/dnskey/libstrongswan-dnskey.la
+ at USE_SSHKEY_TRUE@am__append_77 = plugins/sshkey
+ at MONOLITHIC_TRUE@@USE_SSHKEY_TRUE at am__append_78 = plugins/sshkey/libstrongswan-sshkey.la
+ at USE_PEM_TRUE@am__append_79 = plugins/pem
+ at MONOLITHIC_TRUE@@USE_PEM_TRUE at am__append_80 = plugins/pem/libstrongswan-pem.la
+ at USE_CURL_TRUE@am__append_81 = plugins/curl
+ at MONOLITHIC_TRUE@@USE_CURL_TRUE at am__append_82 = plugins/curl/libstrongswan-curl.la
+ at USE_FILES_TRUE@am__append_83 = plugins/files
+ at MONOLITHIC_TRUE@@USE_FILES_TRUE at am__append_84 = plugins/files/libstrongswan-files.la
+ at USE_WINHTTP_TRUE@am__append_85 = plugins/winhttp
+ at MONOLITHIC_TRUE@@USE_WINHTTP_TRUE at am__append_86 = plugins/winhttp/libstrongswan-winhttp.la
+ at USE_UNBOUND_TRUE@am__append_87 = plugins/unbound
+ at MONOLITHIC_TRUE@@USE_UNBOUND_TRUE at am__append_88 = plugins/unbound/libstrongswan-unbound.la
+ at USE_SOUP_TRUE@am__append_89 = plugins/soup
+ at MONOLITHIC_TRUE@@USE_SOUP_TRUE at am__append_90 = plugins/soup/libstrongswan-soup.la
+ at USE_LDAP_TRUE@am__append_91 = plugins/ldap
+ at MONOLITHIC_TRUE@@USE_LDAP_TRUE at am__append_92 = plugins/ldap/libstrongswan-ldap.la
+ at USE_MYSQL_TRUE@am__append_93 = plugins/mysql
+ at MONOLITHIC_TRUE@@USE_MYSQL_TRUE at am__append_94 = plugins/mysql/libstrongswan-mysql.la
+ at USE_SQLITE_TRUE@am__append_95 = plugins/sqlite
+ at MONOLITHIC_TRUE@@USE_SQLITE_TRUE at am__append_96 = plugins/sqlite/libstrongswan-sqlite.la
+ at USE_PADLOCK_TRUE@am__append_97 = plugins/padlock
+ at MONOLITHIC_TRUE@@USE_PADLOCK_TRUE at am__append_98 = plugins/padlock/libstrongswan-padlock.la
+ at USE_OPENSSL_TRUE@am__append_99 = plugins/openssl
+ at MONOLITHIC_TRUE@@USE_OPENSSL_TRUE at am__append_100 = plugins/openssl/libstrongswan-openssl.la
+ at USE_GCRYPT_TRUE@am__append_101 = plugins/gcrypt
+ at MONOLITHIC_TRUE@@USE_GCRYPT_TRUE at am__append_102 = plugins/gcrypt/libstrongswan-gcrypt.la
+ at USE_FIPS_PRF_TRUE@am__append_103 = plugins/fips_prf
+ at MONOLITHIC_TRUE@@USE_FIPS_PRF_TRUE at am__append_104 = plugins/fips_prf/libstrongswan-fips-prf.la
+ at USE_AGENT_TRUE@am__append_105 = plugins/agent
+ at MONOLITHIC_TRUE@@USE_AGENT_TRUE at am__append_106 = plugins/agent/libstrongswan-agent.la
+ at USE_KEYCHAIN_TRUE@am__append_107 = plugins/keychain
+ at MONOLITHIC_TRUE@@USE_KEYCHAIN_TRUE at am__append_108 = plugins/keychain/libstrongswan-keychain.la
+ at USE_PKCS11_TRUE@am__append_109 = plugins/pkcs11
+ at MONOLITHIC_TRUE@@USE_PKCS11_TRUE at am__append_110 = plugins/pkcs11/libstrongswan-pkcs11.la
+ at USE_CHAPOLY_TRUE@am__append_111 = plugins/chapoly
+ at MONOLITHIC_TRUE@@USE_CHAPOLY_TRUE at am__append_112 = plugins/chapoly/libstrongswan-chapoly.la
+ at USE_CTR_TRUE@am__append_113 = plugins/ctr
+ at MONOLITHIC_TRUE@@USE_CTR_TRUE at am__append_114 = plugins/ctr/libstrongswan-ctr.la
+ at USE_CCM_TRUE@am__append_115 = plugins/ccm
+ at MONOLITHIC_TRUE@@USE_CCM_TRUE at am__append_116 = plugins/ccm/libstrongswan-ccm.la
+ at USE_GCM_TRUE@am__append_117 = plugins/gcm
+ at MONOLITHIC_TRUE@@USE_GCM_TRUE at am__append_118 = plugins/gcm/libstrongswan-gcm.la
+ at USE_MGF1_TRUE@am__append_119 = plugins/mgf1
+ at MONOLITHIC_TRUE@@USE_MGF1_TRUE at am__append_120 = plugins/mgf1/libstrongswan-mgf1.la
+ at USE_NTRU_TRUE@am__append_121 = plugins/ntru
+ at MONOLITHIC_TRUE@@USE_NTRU_TRUE at am__append_122 = plugins/ntru/libstrongswan-ntru.la
+ at USE_BLISS_TRUE@am__append_123 = plugins/bliss
+ at MONOLITHIC_TRUE@@USE_BLISS_TRUE at am__append_124 = plugins/bliss/libstrongswan-bliss.la
+ at USE_NEWHOPE_TRUE@am__append_125 = plugins/newhope
+ at MONOLITHIC_TRUE@@USE_NEWHOPE_TRUE at am__append_126 = plugins/newhope/libstrongswan-newhope.la
+ at USE_TEST_VECTORS_TRUE@am__append_127 = plugins/test_vectors
+ at MONOLITHIC_TRUE@@USE_TEST_VECTORS_TRUE at am__append_128 = plugins/test_vectors/libstrongswan-test-vectors.la
+ at USE_LIBNTTFFT_TRUE@am__append_129 = math/libnttfft/tests
+ at USE_BLISS_TRUE@am__append_130 = plugins/bliss/tests
+ at USE_NEWHOPE_TRUE@am__append_131 = plugins/newhope/tests
 subdir = src/libstrongswan
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -289,25 +302,25 @@ libstrongswan_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_19) \
-	$(am__append_21) $(am__append_23) $(am__append_25) \
-	$(am__append_27) $(am__append_29) $(am__append_31) \
-	$(am__append_33) $(am__append_35) $(am__append_37) \
-	$(am__append_39) $(am__append_41) $(am__append_43) \
-	$(am__append_45) $(am__append_47) $(am__append_49) \
-	$(am__append_51) $(am__append_53) $(am__append_55) \
-	$(am__append_57) $(am__append_59) $(am__append_61) \
-	$(am__append_63) $(am__append_65) $(am__append_67) \
-	$(am__append_69) $(am__append_71) $(am__append_73) \
-	$(am__append_75) $(am__append_77) $(am__append_79) \
-	$(am__append_81) $(am__append_83) $(am__append_85) \
-	$(am__append_87) $(am__append_89) $(am__append_91) \
-	$(am__append_93) $(am__append_95) $(am__append_97) \
-	$(am__append_99) $(am__append_101) $(am__append_103) \
-	$(am__append_105) $(am__append_107) $(am__append_109) \
-	$(am__append_111) $(am__append_113) $(am__append_115) \
-	$(am__append_117) $(am__append_119) $(am__append_121) \
-	$(am__append_123)
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_20) \
+	$(am__append_22) $(am__append_24) $(am__append_26) \
+	$(am__append_28) $(am__append_30) $(am__append_32) \
+	$(am__append_34) $(am__append_36) $(am__append_38) \
+	$(am__append_40) $(am__append_42) $(am__append_44) \
+	$(am__append_46) $(am__append_48) $(am__append_50) \
+	$(am__append_52) $(am__append_54) $(am__append_56) \
+	$(am__append_58) $(am__append_60) $(am__append_62) \
+	$(am__append_64) $(am__append_66) $(am__append_68) \
+	$(am__append_70) $(am__append_72) $(am__append_74) \
+	$(am__append_76) $(am__append_78) $(am__append_80) \
+	$(am__append_82) $(am__append_84) $(am__append_86) \
+	$(am__append_88) $(am__append_90) $(am__append_92) \
+	$(am__append_94) $(am__append_96) $(am__append_98) \
+	$(am__append_100) $(am__append_102) $(am__append_104) \
+	$(am__append_106) $(am__append_108) $(am__append_110) \
+	$(am__append_112) $(am__append_114) $(am__append_116) \
+	$(am__append_118) $(am__append_120) $(am__append_122) \
+	$(am__append_124) $(am__append_126) $(am__append_128)
 am__libstrongswan_la_SOURCES_DIST = library.c asn1/asn1.c \
 	asn1/asn1_parser.c asn1/oid.c bio/bio_reader.c \
 	bio/bio_writer.c collections/blocking_queue.c \
@@ -323,7 +336,7 @@ am__libstrongswan_la_SOURCES_DIST = library.c asn1/asn1.c \
 	crypto/crypto_tester.c crypto/diffie_hellman.c crypto/aead.c \
 	crypto/transform.c crypto/iv/iv_gen.c crypto/iv/iv_gen_rand.c \
 	crypto/iv/iv_gen_seq.c crypto/iv/iv_gen_null.c \
-	crypto/mgf1/mgf1.c crypto/mgf1/mgf1_bitspender.c \
+	crypto/xofs/xof.c crypto/xofs/xof_bitspender.c \
 	credentials/credential_factory.c credentials/builder.c \
 	credentials/cred_encoding.c credentials/keys/private_key.c \
 	credentials/keys/public_key.c credentials/keys/shared_key.c \
@@ -409,8 +422,8 @@ am_libstrongswan_la_OBJECTS = library.lo asn1/asn1.lo \
 	crypto/crypto_tester.lo crypto/diffie_hellman.lo \
 	crypto/aead.lo crypto/transform.lo crypto/iv/iv_gen.lo \
 	crypto/iv/iv_gen_rand.lo crypto/iv/iv_gen_seq.lo \
-	crypto/iv/iv_gen_null.lo crypto/mgf1/mgf1.lo \
-	crypto/mgf1/mgf1_bitspender.lo \
+	crypto/iv/iv_gen_null.lo crypto/xofs/xof.lo \
+	crypto/xofs/xof_bitspender.lo \
 	credentials/credential_factory.lo credentials/builder.lo \
 	credentials/cred_encoding.lo credentials/keys/private_key.lo \
 	credentials/keys/public_key.lo credentials/keys/shared_key.lo \
@@ -539,11 +552,11 @@ am__nobase_strongswan_include_HEADERS_DIST = library.h asn1/asn1.h \
 	crypto/crypto_tester.h crypto/diffie_hellman.h crypto/aead.h \
 	crypto/transform.h crypto/pkcs5.h crypto/iv/iv_gen.h \
 	crypto/iv/iv_gen_rand.h crypto/iv/iv_gen_seq.h \
-	crypto/iv/iv_gen_null.h crypto/mgf1/mgf1.h \
-	crypto/mgf1/mgf1_bitspender.h credentials/credential_factory.h \
-	credentials/builder.h credentials/cred_encoding.h \
-	credentials/keys/private_key.h credentials/keys/public_key.h \
-	credentials/keys/shared_key.h \
+	crypto/iv/iv_gen_null.h crypto/xofs/xof.h \
+	crypto/xofs/xof_bitspender.h crypto/xofs/mgf1.h \
+	credentials/credential_factory.h credentials/builder.h \
+	credentials/cred_encoding.h credentials/keys/private_key.h \
+	credentials/keys/public_key.h credentials/keys/shared_key.h \
 	credentials/certificates/certificate.h \
 	credentials/certificates/x509.h credentials/certificates/ac.h \
 	credentials/certificates/crl.h \
@@ -625,7 +638,7 @@ am__define_uniq_tagged_files = \
   done | $(am__uniquify_input)`
 ETAGS = etags
 CTAGS = ctags
-DIST_SUBDIRS = . plugins/af_alg plugins/aes plugins/des \
+DIST_SUBDIRS = . math/libnttfft plugins/af_alg plugins/aes plugins/des \
 	plugins/blowfish plugins/rc2 plugins/md4 plugins/md5 \
 	plugins/sha1 plugins/sha2 plugins/sha3 plugins/gmp \
 	plugins/rdrand plugins/aesni plugins/random plugins/nonce \
@@ -638,8 +651,9 @@ DIST_SUBDIRS = . plugins/af_alg plugins/aes plugins/des \
 	plugins/sqlite plugins/padlock plugins/openssl plugins/gcrypt \
 	plugins/fips_prf plugins/agent plugins/keychain plugins/pkcs11 \
 	plugins/chapoly plugins/ctr plugins/ccm plugins/gcm \
-	plugins/ntru plugins/bliss plugins/test_vectors tests \
-	plugins/bliss/tests
+	plugins/mgf1 plugins/ntru plugins/bliss plugins/newhope \
+	plugins/test_vectors tests math/libnttfft/tests \
+	plugins/bliss/tests plugins/newhope/tests
 am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp \
 	$(top_srcdir)/ylwrap settings/settings_lexer.c \
 	settings/settings_parser.c settings/settings_parser.h
@@ -808,7 +822,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -842,8 +855,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -897,6 +908,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
@@ -915,7 +928,7 @@ libstrongswan_la_SOURCES = library.c asn1/asn1.c asn1/asn1_parser.c \
 	crypto/crypto_tester.c crypto/diffie_hellman.c crypto/aead.c \
 	crypto/transform.c crypto/iv/iv_gen.c crypto/iv/iv_gen_rand.c \
 	crypto/iv/iv_gen_seq.c crypto/iv/iv_gen_null.c \
-	crypto/mgf1/mgf1.c crypto/mgf1/mgf1_bitspender.c \
+	crypto/xofs/xof.c crypto/xofs/xof_bitspender.c \
 	credentials/credential_factory.c credentials/builder.c \
 	credentials/cred_encoding.c credentials/keys/private_key.c \
 	credentials/keys/public_key.c credentials/keys/shared_key.c \
@@ -976,7 +989,7 @@ settings/settings_types.h
 @USE_DEV_HEADERS_TRUE at crypto/crypto_factory.h crypto/crypto_tester.h crypto/diffie_hellman.h \
 @USE_DEV_HEADERS_TRUE at crypto/aead.h crypto/transform.h crypto/pkcs5.h crypto/iv/iv_gen.h \
 @USE_DEV_HEADERS_TRUE at crypto/iv/iv_gen_rand.h crypto/iv/iv_gen_seq.h crypto/iv/iv_gen_null.h \
- at USE_DEV_HEADERS_TRUE@crypto/mgf1/mgf1.h crypto/mgf1/mgf1_bitspender.h \
+ at USE_DEV_HEADERS_TRUE@crypto/xofs/xof.h crypto/xofs/xof_bitspender.h crypto/xofs/mgf1.h \
 @USE_DEV_HEADERS_TRUE at credentials/credential_factory.h credentials/builder.h \
 @USE_DEV_HEADERS_TRUE at credentials/cred_encoding.h credentials/keys/private_key.h \
 @USE_DEV_HEADERS_TRUE at credentials/keys/public_key.h credentials/keys/shared_key.h \
@@ -1021,25 +1034,25 @@ settings/settings_types.h
 libstrongswan_la_LIBADD = $(DLLIB) $(ATOMICLIB) $(BTLIB) $(SOCKLIB) \
 	$(RTLIB) $(BFDLIB) $(UNWINDLIB) $(am__append_2) \
 	$(am__append_4) $(am__append_5) $(am__append_13) \
-	$(am__append_15) $(am__append_17) $(am__append_19) \
-	$(am__append_21) $(am__append_23) $(am__append_25) \
-	$(am__append_27) $(am__append_29) $(am__append_31) \
-	$(am__append_33) $(am__append_35) $(am__append_37) \
-	$(am__append_39) $(am__append_41) $(am__append_43) \
-	$(am__append_45) $(am__append_47) $(am__append_49) \
-	$(am__append_51) $(am__append_53) $(am__append_55) \
-	$(am__append_57) $(am__append_59) $(am__append_61) \
-	$(am__append_63) $(am__append_65) $(am__append_67) \
-	$(am__append_69) $(am__append_71) $(am__append_73) \
-	$(am__append_75) $(am__append_77) $(am__append_79) \
-	$(am__append_81) $(am__append_83) $(am__append_85) \
-	$(am__append_87) $(am__append_89) $(am__append_91) \
-	$(am__append_93) $(am__append_95) $(am__append_97) \
-	$(am__append_99) $(am__append_101) $(am__append_103) \
-	$(am__append_105) $(am__append_107) $(am__append_109) \
-	$(am__append_111) $(am__append_113) $(am__append_115) \
-	$(am__append_117) $(am__append_119) $(am__append_121) \
-	$(am__append_123)
+	$(am__append_15) $(am__append_17) $(am__append_20) \
+	$(am__append_22) $(am__append_24) $(am__append_26) \
+	$(am__append_28) $(am__append_30) $(am__append_32) \
+	$(am__append_34) $(am__append_36) $(am__append_38) \
+	$(am__append_40) $(am__append_42) $(am__append_44) \
+	$(am__append_46) $(am__append_48) $(am__append_50) \
+	$(am__append_52) $(am__append_54) $(am__append_56) \
+	$(am__append_58) $(am__append_60) $(am__append_62) \
+	$(am__append_64) $(am__append_66) $(am__append_68) \
+	$(am__append_70) $(am__append_72) $(am__append_74) \
+	$(am__append_76) $(am__append_78) $(am__append_80) \
+	$(am__append_82) $(am__append_84) $(am__append_86) \
+	$(am__append_88) $(am__append_90) $(am__append_92) \
+	$(am__append_94) $(am__append_96) $(am__append_98) \
+	$(am__append_100) $(am__append_102) $(am__append_104) \
+	$(am__append_106) $(am__append_108) $(am__append_110) \
+	$(am__append_112) $(am__append_114) $(am__append_116) \
+	$(am__append_118) $(am__append_120) $(am__append_122) \
+	$(am__append_124) $(am__append_126) $(am__append_128)
 AM_CPPFLAGS = -I$(top_srcdir)/src/libstrongswan \
 	-DIPSEC_DIR=\"${ipsecdir}\" -DIPSEC_LIB_DIR=\"${ipseclibdir}\" \
 	-DPLUGINDIR=\"${plugindir}\" \
@@ -1066,63 +1079,72 @@ MAINTAINERCLEANFILES = \
 $(srcdir)/asn1/oid.c $(srcdir)/asn1/oid.h \
 $(srcdir)/crypto/proposal/proposal_keywords_static.c
 
- at MONOLITHIC_FALSE@SUBDIRS = . $(am__append_18) $(am__append_20) \
- at MONOLITHIC_FALSE@	$(am__append_22) $(am__append_24) \
- at MONOLITHIC_FALSE@	$(am__append_26) $(am__append_28) \
- at MONOLITHIC_FALSE@	$(am__append_30) $(am__append_32) \
- at MONOLITHIC_FALSE@	$(am__append_34) $(am__append_36) \
- at MONOLITHIC_FALSE@	$(am__append_38) $(am__append_40) \
- at MONOLITHIC_FALSE@	$(am__append_42) $(am__append_44) \
- at MONOLITHIC_FALSE@	$(am__append_46) $(am__append_48) \
- at MONOLITHIC_FALSE@	$(am__append_50) $(am__append_52) \
- at MONOLITHIC_FALSE@	$(am__append_54) $(am__append_56) \
- at MONOLITHIC_FALSE@	$(am__append_58) $(am__append_60) \
- at MONOLITHIC_FALSE@	$(am__append_62) $(am__append_64) \
- at MONOLITHIC_FALSE@	$(am__append_66) $(am__append_68) \
- at MONOLITHIC_FALSE@	$(am__append_70) $(am__append_72) \
- at MONOLITHIC_FALSE@	$(am__append_74) $(am__append_76) \
- at MONOLITHIC_FALSE@	$(am__append_78) $(am__append_80) \
- at MONOLITHIC_FALSE@	$(am__append_82) $(am__append_84) \
- at MONOLITHIC_FALSE@	$(am__append_86) $(am__append_88) \
- at MONOLITHIC_FALSE@	$(am__append_90) $(am__append_92) \
- at MONOLITHIC_FALSE@	$(am__append_94) $(am__append_96) \
- at MONOLITHIC_FALSE@	$(am__append_98) $(am__append_100) \
- at MONOLITHIC_FALSE@	$(am__append_102) $(am__append_104) \
- at MONOLITHIC_FALSE@	$(am__append_106) $(am__append_108) \
- at MONOLITHIC_FALSE@	$(am__append_110) $(am__append_112) \
- at MONOLITHIC_FALSE@	$(am__append_114) $(am__append_116) \
- at MONOLITHIC_FALSE@	$(am__append_118) $(am__append_120) \
- at MONOLITHIC_FALSE@	$(am__append_122) tests $(am__append_124)
 
-# build plugins with their own Makefile
-#######################################
- at MONOLITHIC_TRUE@SUBDIRS = $(am__append_18) $(am__append_20) \
- at MONOLITHIC_TRUE@	$(am__append_22) $(am__append_24) \
- at MONOLITHIC_TRUE@	$(am__append_26) $(am__append_28) \
- at MONOLITHIC_TRUE@	$(am__append_30) $(am__append_32) \
- at MONOLITHIC_TRUE@	$(am__append_34) $(am__append_36) \
- at MONOLITHIC_TRUE@	$(am__append_38) $(am__append_40) \
- at MONOLITHIC_TRUE@	$(am__append_42) $(am__append_44) \
- at MONOLITHIC_TRUE@	$(am__append_46) $(am__append_48) \
- at MONOLITHIC_TRUE@	$(am__append_50) $(am__append_52) \
- at MONOLITHIC_TRUE@	$(am__append_54) $(am__append_56) \
- at MONOLITHIC_TRUE@	$(am__append_58) $(am__append_60) \
- at MONOLITHIC_TRUE@	$(am__append_62) $(am__append_64) \
- at MONOLITHIC_TRUE@	$(am__append_66) $(am__append_68) \
- at MONOLITHIC_TRUE@	$(am__append_70) $(am__append_72) \
- at MONOLITHIC_TRUE@	$(am__append_74) $(am__append_76) \
- at MONOLITHIC_TRUE@	$(am__append_78) $(am__append_80) \
- at MONOLITHIC_TRUE@	$(am__append_82) $(am__append_84) \
- at MONOLITHIC_TRUE@	$(am__append_86) $(am__append_88) \
- at MONOLITHIC_TRUE@	$(am__append_90) $(am__append_92) \
- at MONOLITHIC_TRUE@	$(am__append_94) $(am__append_96) \
- at MONOLITHIC_TRUE@	$(am__append_98) $(am__append_100) \
- at MONOLITHIC_TRUE@	$(am__append_102) $(am__append_104) \
- at MONOLITHIC_TRUE@	$(am__append_106) $(am__append_108) \
- at MONOLITHIC_TRUE@	$(am__append_110) $(am__append_112) \
- at MONOLITHIC_TRUE@	$(am__append_114) $(am__append_116) \
- at MONOLITHIC_TRUE@	$(am__append_118) $(am__append_120) \
- at MONOLITHIC_TRUE@	$(am__append_122) . tests $(am__append_124)
+# build unit tests
+##################
+ at MONOLITHIC_FALSE@SUBDIRS = . $(am__append_18) $(am__append_19) \
+ at MONOLITHIC_FALSE@	$(am__append_21) $(am__append_23) \
+ at MONOLITHIC_FALSE@	$(am__append_25) $(am__append_27) \
+ at MONOLITHIC_FALSE@	$(am__append_29) $(am__append_31) \
+ at MONOLITHIC_FALSE@	$(am__append_33) $(am__append_35) \
+ at MONOLITHIC_FALSE@	$(am__append_37) $(am__append_39) \
+ at MONOLITHIC_FALSE@	$(am__append_41) $(am__append_43) \
+ at MONOLITHIC_FALSE@	$(am__append_45) $(am__append_47) \
+ at MONOLITHIC_FALSE@	$(am__append_49) $(am__append_51) \
+ at MONOLITHIC_FALSE@	$(am__append_53) $(am__append_55) \
+ at MONOLITHIC_FALSE@	$(am__append_57) $(am__append_59) \
+ at MONOLITHIC_FALSE@	$(am__append_61) $(am__append_63) \
+ at MONOLITHIC_FALSE@	$(am__append_65) $(am__append_67) \
+ at MONOLITHIC_FALSE@	$(am__append_69) $(am__append_71) \
+ at MONOLITHIC_FALSE@	$(am__append_73) $(am__append_75) \
+ at MONOLITHIC_FALSE@	$(am__append_77) $(am__append_79) \
+ at MONOLITHIC_FALSE@	$(am__append_81) $(am__append_83) \
+ at MONOLITHIC_FALSE@	$(am__append_85) $(am__append_87) \
+ at MONOLITHIC_FALSE@	$(am__append_89) $(am__append_91) \
+ at MONOLITHIC_FALSE@	$(am__append_93) $(am__append_95) \
+ at MONOLITHIC_FALSE@	$(am__append_97) $(am__append_99) \
+ at MONOLITHIC_FALSE@	$(am__append_101) $(am__append_103) \
+ at MONOLITHIC_FALSE@	$(am__append_105) $(am__append_107) \
+ at MONOLITHIC_FALSE@	$(am__append_109) $(am__append_111) \
+ at MONOLITHIC_FALSE@	$(am__append_113) $(am__append_115) \
+ at MONOLITHIC_FALSE@	$(am__append_117) $(am__append_119) \
+ at MONOLITHIC_FALSE@	$(am__append_121) $(am__append_123) \
+ at MONOLITHIC_FALSE@	$(am__append_125) $(am__append_127) tests \
+ at MONOLITHIC_FALSE@	$(am__append_129) $(am__append_130) \
+ at MONOLITHIC_FALSE@	$(am__append_131)
+
+# build unit tests
+##################
+ at MONOLITHIC_TRUE@SUBDIRS = $(am__append_18) $(am__append_19) \
+ at MONOLITHIC_TRUE@	$(am__append_21) $(am__append_23) \
+ at MONOLITHIC_TRUE@	$(am__append_25) $(am__append_27) \
+ at MONOLITHIC_TRUE@	$(am__append_29) $(am__append_31) \
+ at MONOLITHIC_TRUE@	$(am__append_33) $(am__append_35) \
+ at MONOLITHIC_TRUE@	$(am__append_37) $(am__append_39) \
+ at MONOLITHIC_TRUE@	$(am__append_41) $(am__append_43) \
+ at MONOLITHIC_TRUE@	$(am__append_45) $(am__append_47) \
+ at MONOLITHIC_TRUE@	$(am__append_49) $(am__append_51) \
+ at MONOLITHIC_TRUE@	$(am__append_53) $(am__append_55) \
+ at MONOLITHIC_TRUE@	$(am__append_57) $(am__append_59) \
+ at MONOLITHIC_TRUE@	$(am__append_61) $(am__append_63) \
+ at MONOLITHIC_TRUE@	$(am__append_65) $(am__append_67) \
+ at MONOLITHIC_TRUE@	$(am__append_69) $(am__append_71) \
+ at MONOLITHIC_TRUE@	$(am__append_73) $(am__append_75) \
+ at MONOLITHIC_TRUE@	$(am__append_77) $(am__append_79) \
+ at MONOLITHIC_TRUE@	$(am__append_81) $(am__append_83) \
+ at MONOLITHIC_TRUE@	$(am__append_85) $(am__append_87) \
+ at MONOLITHIC_TRUE@	$(am__append_89) $(am__append_91) \
+ at MONOLITHIC_TRUE@	$(am__append_93) $(am__append_95) \
+ at MONOLITHIC_TRUE@	$(am__append_97) $(am__append_99) \
+ at MONOLITHIC_TRUE@	$(am__append_101) $(am__append_103) \
+ at MONOLITHIC_TRUE@	$(am__append_105) $(am__append_107) \
+ at MONOLITHIC_TRUE@	$(am__append_109) $(am__append_111) \
+ at MONOLITHIC_TRUE@	$(am__append_113) $(am__append_115) \
+ at MONOLITHIC_TRUE@	$(am__append_117) $(am__append_119) \
+ at MONOLITHIC_TRUE@	$(am__append_121) $(am__append_123) \
+ at MONOLITHIC_TRUE@	$(am__append_125) $(am__append_127) . tests \
+ at MONOLITHIC_TRUE@	$(am__append_129) $(am__append_130) \
+ at MONOLITHIC_TRUE@	$(am__append_131)
 all: $(BUILT_SOURCES)
 	$(MAKE) $(AM_MAKEFLAGS) all-recursive
 
@@ -1317,16 +1339,16 @@ crypto/iv/iv_gen_seq.lo: crypto/iv/$(am__dirstamp) \
 	crypto/iv/$(DEPDIR)/$(am__dirstamp)
 crypto/iv/iv_gen_null.lo: crypto/iv/$(am__dirstamp) \
 	crypto/iv/$(DEPDIR)/$(am__dirstamp)
-crypto/mgf1/$(am__dirstamp):
-	@$(MKDIR_P) crypto/mgf1
-	@: > crypto/mgf1/$(am__dirstamp)
-crypto/mgf1/$(DEPDIR)/$(am__dirstamp):
-	@$(MKDIR_P) crypto/mgf1/$(DEPDIR)
-	@: > crypto/mgf1/$(DEPDIR)/$(am__dirstamp)
-crypto/mgf1/mgf1.lo: crypto/mgf1/$(am__dirstamp) \
-	crypto/mgf1/$(DEPDIR)/$(am__dirstamp)
-crypto/mgf1/mgf1_bitspender.lo: crypto/mgf1/$(am__dirstamp) \
-	crypto/mgf1/$(DEPDIR)/$(am__dirstamp)
+crypto/xofs/$(am__dirstamp):
+	@$(MKDIR_P) crypto/xofs
+	@: > crypto/xofs/$(am__dirstamp)
+crypto/xofs/$(DEPDIR)/$(am__dirstamp):
+	@$(MKDIR_P) crypto/xofs/$(DEPDIR)
+	@: > crypto/xofs/$(DEPDIR)/$(am__dirstamp)
+crypto/xofs/xof.lo: crypto/xofs/$(am__dirstamp) \
+	crypto/xofs/$(DEPDIR)/$(am__dirstamp)
+crypto/xofs/xof_bitspender.lo: crypto/xofs/$(am__dirstamp) \
+	crypto/xofs/$(DEPDIR)/$(am__dirstamp)
 credentials/$(am__dirstamp):
 	@$(MKDIR_P) credentials
 	@: > credentials/$(am__dirstamp)
@@ -1697,8 +1719,6 @@ mostlyclean-compile:
 	-rm -f crypto/hashers/*.lo
 	-rm -f crypto/iv/*.$(OBJEXT)
 	-rm -f crypto/iv/*.lo
-	-rm -f crypto/mgf1/*.$(OBJEXT)
-	-rm -f crypto/mgf1/*.lo
 	-rm -f crypto/prfs/*.$(OBJEXT)
 	-rm -f crypto/prfs/*.lo
 	-rm -f crypto/proposal/*.$(OBJEXT)
@@ -1707,6 +1727,8 @@ mostlyclean-compile:
 	-rm -f crypto/rngs/*.lo
 	-rm -f crypto/signers/*.$(OBJEXT)
 	-rm -f crypto/signers/*.lo
+	-rm -f crypto/xofs/*.$(OBJEXT)
+	-rm -f crypto/xofs/*.lo
 	-rm -f database/*.$(OBJEXT)
 	-rm -f database/*.lo
 	-rm -f eap/*.$(OBJEXT)
@@ -1794,8 +1816,6 @@ distclean-compile:
 @AMDEP_TRUE@@am__include@ @am__quote at crypto/iv/$(DEPDIR)/iv_gen_null.Plo at am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote at crypto/iv/$(DEPDIR)/iv_gen_rand.Plo at am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote at crypto/iv/$(DEPDIR)/iv_gen_seq.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at crypto/mgf1/$(DEPDIR)/mgf1.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at crypto/mgf1/$(DEPDIR)/mgf1_bitspender.Plo at am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote at crypto/prfs/$(DEPDIR)/mac_prf.Plo at am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote at crypto/prfs/$(DEPDIR)/prf.Plo at am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote at crypto/proposal/$(DEPDIR)/proposal_keywords.Plo at am__quote@
@@ -1803,6 +1823,8 @@ distclean-compile:
 @AMDEP_TRUE@@am__include@ @am__quote at crypto/rngs/$(DEPDIR)/rng.Plo at am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote at crypto/signers/$(DEPDIR)/mac_signer.Plo at am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote at crypto/signers/$(DEPDIR)/signer.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at crypto/xofs/$(DEPDIR)/xof.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at crypto/xofs/$(DEPDIR)/xof_bitspender.Plo at am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote at database/$(DEPDIR)/database.Plo at am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote at database/$(DEPDIR)/database_factory.Plo at am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote at eap/$(DEPDIR)/eap.Plo at am__quote@
@@ -1923,11 +1945,11 @@ clean-libtool:
 	-rm -rf crypto/crypters/.libs crypto/crypters/_libs
 	-rm -rf crypto/hashers/.libs crypto/hashers/_libs
 	-rm -rf crypto/iv/.libs crypto/iv/_libs
-	-rm -rf crypto/mgf1/.libs crypto/mgf1/_libs
 	-rm -rf crypto/prfs/.libs crypto/prfs/_libs
 	-rm -rf crypto/proposal/.libs crypto/proposal/_libs
 	-rm -rf crypto/rngs/.libs crypto/rngs/_libs
 	-rm -rf crypto/signers/.libs crypto/signers/_libs
+	-rm -rf crypto/xofs/.libs crypto/xofs/_libs
 	-rm -rf database/.libs database/_libs
 	-rm -rf eap/.libs eap/_libs
 	-rm -rf fetcher/.libs fetcher/_libs
@@ -2186,8 +2208,6 @@ distclean-generic:
 	-rm -f crypto/hashers/$(am__dirstamp)
 	-rm -f crypto/iv/$(DEPDIR)/$(am__dirstamp)
 	-rm -f crypto/iv/$(am__dirstamp)
-	-rm -f crypto/mgf1/$(DEPDIR)/$(am__dirstamp)
-	-rm -f crypto/mgf1/$(am__dirstamp)
 	-rm -f crypto/prfs/$(DEPDIR)/$(am__dirstamp)
 	-rm -f crypto/prfs/$(am__dirstamp)
 	-rm -f crypto/proposal/$(DEPDIR)/$(am__dirstamp)
@@ -2196,6 +2216,8 @@ distclean-generic:
 	-rm -f crypto/rngs/$(am__dirstamp)
 	-rm -f crypto/signers/$(DEPDIR)/$(am__dirstamp)
 	-rm -f crypto/signers/$(am__dirstamp)
+	-rm -f crypto/xofs/$(DEPDIR)/$(am__dirstamp)
+	-rm -f crypto/xofs/$(am__dirstamp)
 	-rm -f database/$(DEPDIR)/$(am__dirstamp)
 	-rm -f database/$(am__dirstamp)
 	-rm -f eap/$(DEPDIR)/$(am__dirstamp)
@@ -2249,7 +2271,7 @@ clean-am: clean-generic clean-ipseclibLTLIBRARIES clean-libtool \
 	mostlyclean-am
 
 distclean: distclean-recursive
-	-rm -rf ./$(DEPDIR) asn1/$(DEPDIR) bio/$(DEPDIR) collections/$(DEPDIR) credentials/$(DEPDIR) credentials/certificates/$(DEPDIR) credentials/containers/$(DEPDIR) credentials/keys/$(DEPDIR) credentials/sets/$(DEPDIR) crypto/$(DEPDIR) crypto/crypters/$(DEPDIR) crypto/hashers/$(DEPDIR) crypto/iv/$(DEPDIR) crypto/mgf1/$(DEPDIR) crypto/prfs/$(DEPDIR) crypto/proposal/$(DEPDIR) crypto/rngs/$(DEPDIR) crypto/signers/$(DEPDIR) database/$(DEPDIR) eap/$(DEPDIR) fetcher/$(DEPDIR) ipsec/$(DEPDIR) netw [...]
+	-rm -rf ./$(DEPDIR) asn1/$(DEPDIR) bio/$(DEPDIR) collections/$(DEPDIR) credentials/$(DEPDIR) credentials/certificates/$(DEPDIR) credentials/containers/$(DEPDIR) credentials/keys/$(DEPDIR) credentials/sets/$(DEPDIR) crypto/$(DEPDIR) crypto/crypters/$(DEPDIR) crypto/hashers/$(DEPDIR) crypto/iv/$(DEPDIR) crypto/prfs/$(DEPDIR) crypto/proposal/$(DEPDIR) crypto/rngs/$(DEPDIR) crypto/signers/$(DEPDIR) crypto/xofs/$(DEPDIR) database/$(DEPDIR) eap/$(DEPDIR) fetcher/$(DEPDIR) ipsec/$(DEPDIR) netw [...]
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-tags
@@ -2296,7 +2318,7 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-recursive
-	-rm -rf ./$(DEPDIR) asn1/$(DEPDIR) bio/$(DEPDIR) collections/$(DEPDIR) credentials/$(DEPDIR) credentials/certificates/$(DEPDIR) credentials/containers/$(DEPDIR) credentials/keys/$(DEPDIR) credentials/sets/$(DEPDIR) crypto/$(DEPDIR) crypto/crypters/$(DEPDIR) crypto/hashers/$(DEPDIR) crypto/iv/$(DEPDIR) crypto/mgf1/$(DEPDIR) crypto/prfs/$(DEPDIR) crypto/proposal/$(DEPDIR) crypto/rngs/$(DEPDIR) crypto/signers/$(DEPDIR) database/$(DEPDIR) eap/$(DEPDIR) fetcher/$(DEPDIR) ipsec/$(DEPDIR) netw [...]
+	-rm -rf ./$(DEPDIR) asn1/$(DEPDIR) bio/$(DEPDIR) collections/$(DEPDIR) credentials/$(DEPDIR) credentials/certificates/$(DEPDIR) credentials/containers/$(DEPDIR) credentials/keys/$(DEPDIR) credentials/sets/$(DEPDIR) crypto/$(DEPDIR) crypto/crypters/$(DEPDIR) crypto/hashers/$(DEPDIR) crypto/iv/$(DEPDIR) crypto/prfs/$(DEPDIR) crypto/proposal/$(DEPDIR) crypto/rngs/$(DEPDIR) crypto/signers/$(DEPDIR) crypto/xofs/$(DEPDIR) database/$(DEPDIR) eap/$(DEPDIR) fetcher/$(DEPDIR) ipsec/$(DEPDIR) netw [...]
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
 
diff --git a/src/libstrongswan/asn1/oid.c b/src/libstrongswan/asn1/oid.c
index c23746e..4017444 100644
--- a/src/libstrongswan/asn1/oid.c
+++ b/src/libstrongswan/asn1/oid.c
@@ -10,484 +10,493 @@
 #include "oid.h"
 
 const oid_t oid_names[] = {
- {0x02,                         7, 1,  0, "ITU-T Administration"           }, /*   0 */
- {  0x82,                       0, 1,  1, ""                               }, /*   1 */
- {    0x06,                     0, 1,  2, "Germany ITU-T member"           }, /*   2 */
- {      0x01,                   0, 1,  3, "Deutsche Telekom AG"            }, /*   3 */
- {        0x0A,                 0, 1,  4, ""                               }, /*   4 */
- {          0x07,               0, 1,  5, ""                               }, /*   5 */
- {            0x14,             0, 0,  6, "ND"                             }, /*   6 */
- {0x09,                        18, 1,  0, "data"                           }, /*   7 */
- {  0x92,                       0, 1,  1, ""                               }, /*   8 */
- {    0x26,                     0, 1,  2, ""                               }, /*   9 */
- {      0x89,                   0, 1,  3, ""                               }, /*  10 */
- {        0x93,                 0, 1,  4, ""                               }, /*  11 */
- {          0xF2,               0, 1,  5, ""                               }, /*  12 */
- {            0x2C,             0, 1,  6, ""                               }, /*  13 */
- {              0x64,           0, 1,  7, "pilot"                          }, /*  14 */
- {                0x01,         0, 1,  8, "pilotAttributeType"             }, /*  15 */
- {                  0x01,      17, 0,  9, "UID"                            }, /*  16 */
- {                  0x19,       0, 0,  9, "DC"                             }, /*  17 */
- {0x55,                        67, 1,  0, "X.500"                          }, /*  18 */
- {  0x04,                      39, 1,  1, "X.509"                          }, /*  19 */
- {    0x03,                    21, 0,  2, "CN"                             }, /*  20 */
- {    0x04,                    22, 0,  2, "S"                              }, /*  21 */
- {    0x05,                    23, 0,  2, "SN"                             }, /*  22 */
- {    0x06,                    24, 0,  2, "C"                              }, /*  23 */
- {    0x07,                    25, 0,  2, "L"                              }, /*  24 */
- {    0x08,                    26, 0,  2, "ST"                             }, /*  25 */
- {    0x0A,                    27, 0,  2, "O"                              }, /*  26 */
- {    0x0B,                    28, 0,  2, "OU"                             }, /*  27 */
- {    0x0C,                    29, 0,  2, "T"                              }, /*  28 */
- {    0x0D,                    30, 0,  2, "D"                              }, /*  29 */
- {    0x24,                    31, 0,  2, "userCertificate"                }, /*  30 */
- {    0x29,                    32, 0,  2, "N"                              }, /*  31 */
- {    0x2A,                    33, 0,  2, "G"                              }, /*  32 */
- {    0x2B,                    34, 0,  2, "I"                              }, /*  33 */
- {    0x2D,                    35, 0,  2, "ID"                             }, /*  34 */
- {    0x2E,                    36, 0,  2, "dnQualifier"                    }, /*  35 */
- {    0x36,                    37, 0,  2, "dmdName"                        }, /*  36 */
- {    0x41,                    38, 0,  2, "pseudonym"                      }, /*  37 */
- {    0x48,                     0, 0,  2, "role"                           }, /*  38 */
- {  0x1D,                       0, 1,  1, "id-ce"                          }, /*  39 */
- {    0x09,                    41, 0,  2, "subjectDirectoryAttrs"          }, /*  40 */
- {    0x0E,                    42, 0,  2, "subjectKeyIdentifier"           }, /*  41 */
- {    0x0F,                    43, 0,  2, "keyUsage"                       }, /*  42 */
- {    0x10,                    44, 0,  2, "privateKeyUsagePeriod"          }, /*  43 */
- {    0x11,                    45, 0,  2, "subjectAltName"                 }, /*  44 */
- {    0x12,                    46, 0,  2, "issuerAltName"                  }, /*  45 */
- {    0x13,                    47, 0,  2, "basicConstraints"               }, /*  46 */
- {    0x14,                    48, 0,  2, "crlNumber"                      }, /*  47 */
- {    0x15,                    49, 0,  2, "reasonCode"                     }, /*  48 */
- {    0x17,                    50, 0,  2, "holdInstructionCode"            }, /*  49 */
- {    0x18,                    51, 0,  2, "invalidityDate"                 }, /*  50 */
- {    0x1B,                    52, 0,  2, "deltaCrlIndicator"              }, /*  51 */
- {    0x1C,                    53, 0,  2, "issuingDistributionPoint"       }, /*  52 */
- {    0x1D,                    54, 0,  2, "certificateIssuer"              }, /*  53 */
- {    0x1E,                    55, 0,  2, "nameConstraints"                }, /*  54 */
- {    0x1F,                    56, 0,  2, "crlDistributionPoints"          }, /*  55 */
- {    0x20,                    58, 1,  2, "certificatePolicies"            }, /*  56 */
- {      0x00,                   0, 0,  3, "anyPolicy"                      }, /*  57 */
- {    0x21,                    59, 0,  2, "policyMappings"                 }, /*  58 */
- {    0x23,                    60, 0,  2, "authorityKeyIdentifier"         }, /*  59 */
- {    0x24,                    61, 0,  2, "policyConstraints"              }, /*  60 */
- {    0x25,                    63, 1,  2, "extendedKeyUsage"               }, /*  61 */
- {      0x00,                   0, 0,  3, "anyExtendedKeyUsage"            }, /*  62 */
- {    0x2E,                    64, 0,  2, "freshestCRL"                    }, /*  63 */
- {    0x36,                    65, 0,  2, "inhibitAnyPolicy"               }, /*  64 */
- {    0x37,                    66, 0,  2, "targetInformation"              }, /*  65 */
- {    0x38,                     0, 0,  2, "noRevAvail"                     }, /*  66 */
- {0x2A,                       191, 1,  0, ""                               }, /*  67 */
- {  0x83,                      80, 1,  1, ""                               }, /*  68 */
- {    0x08,                     0, 1,  2, "jp"                             }, /*  69 */
- {      0x8C,                   0, 1,  3, ""                               }, /*  70 */
- {        0x9A,                 0, 1,  4, ""                               }, /*  71 */
- {          0x4B,               0, 1,  5, ""                               }, /*  72 */
- {            0x3D,             0, 1,  6, ""                               }, /*  73 */
- {              0x01,           0, 1,  7, "security"                       }, /*  74 */
- {                0x01,         0, 1,  8, "algorithm"                      }, /*  75 */
- {                  0x01,       0, 1,  9, "symm-encryption-alg"            }, /*  76 */
- {                    0x02,    78, 0, 10, "camellia128-cbc"                }, /*  77 */
- {                    0x03,    79, 0, 10, "camellia192-cbc"                }, /*  78 */
- {                    0x04,     0, 0, 10, "camellia256-cbc"                }, /*  79 */
- {  0x86,                       0, 1,  1, ""                               }, /*  80 */
- {    0x48,                     0, 1,  2, "us"                             }, /*  81 */
- {      0x86,                 150, 1,  3, ""                               }, /*  82 */
- {        0xF6,                88, 1,  4, ""                               }, /*  83 */
- {          0x7D,               0, 1,  5, "NortelNetworks"                 }, /*  84 */
- {            0x07,             0, 1,  6, "Entrust"                        }, /*  85 */
- {              0x41,           0, 1,  7, "nsn-ce"                         }, /*  86 */
- {                0x00,         0, 0,  8, "entrustVersInfo"                }, /*  87 */
- {        0xF7,                 0, 1,  4, ""                               }, /*  88 */
- {          0x0D,               0, 1,  5, "RSADSI"                         }, /*  89 */
- {            0x01,           145, 1,  6, "PKCS"                           }, /*  90 */
- {              0x01,         103, 1,  7, "PKCS-1"                         }, /*  91 */
- {                0x01,        93, 0,  8, "rsaEncryption"                  }, /*  92 */
- {                0x02,        94, 0,  8, "md2WithRSAEncryption"           }, /*  93 */
- {                0x04,        95, 0,  8, "md5WithRSAEncryption"           }, /*  94 */
- {                0x05,        96, 0,  8, "sha-1WithRSAEncryption"         }, /*  95 */
- {                0x07,        97, 0,  8, "id-RSAES-OAEP"                  }, /*  96 */
- {                0x08,        98, 0,  8, "id-mgf1"                        }, /*  97 */
- {                0x09,        99, 0,  8, "id-pSpecified"                  }, /*  98 */
- {                0x0B,       100, 0,  8, "sha256WithRSAEncryption"        }, /*  99 */
- {                0x0C,       101, 0,  8, "sha384WithRSAEncryption"        }, /* 100 */
- {                0x0D,       102, 0,  8, "sha512WithRSAEncryption"        }, /* 101 */
- {                0x0E,         0, 0,  8, "sha224WithRSAEncryption"        }, /* 102 */
- {              0x05,         108, 1,  7, "PKCS-5"                         }, /* 103 */
- {                0x03,       105, 0,  8, "pbeWithMD5AndDES-CBC"           }, /* 104 */
- {                0x0A,       106, 0,  8, "pbeWithSHA1AndDES-CBC"          }, /* 105 */
- {                0x0C,       107, 0,  8, "id-PBKDF2"                      }, /* 106 */
- {                0x0D,         0, 0,  8, "id-PBES2"                       }, /* 107 */
- {              0x07,         115, 1,  7, "PKCS-7"                         }, /* 108 */
- {                0x01,       110, 0,  8, "data"                           }, /* 109 */
- {                0x02,       111, 0,  8, "signedData"                     }, /* 110 */
- {                0x03,       112, 0,  8, "envelopedData"                  }, /* 111 */
- {                0x04,       113, 0,  8, "signedAndEnvelopedData"         }, /* 112 */
- {                0x05,       114, 0,  8, "digestedData"                   }, /* 113 */
- {                0x06,         0, 0,  8, "encryptedData"                  }, /* 114 */
- {              0x09,         129, 1,  7, "PKCS-9"                         }, /* 115 */
- {                0x01,       117, 0,  8, "E"                              }, /* 116 */
- {                0x02,       118, 0,  8, "unstructuredName"               }, /* 117 */
- {                0x03,       119, 0,  8, "contentType"                    }, /* 118 */
- {                0x04,       120, 0,  8, "messageDigest"                  }, /* 119 */
- {                0x05,       121, 0,  8, "signingTime"                    }, /* 120 */
- {                0x06,       122, 0,  8, "counterSignature"               }, /* 121 */
- {                0x07,       123, 0,  8, "challengePassword"              }, /* 122 */
- {                0x08,       124, 0,  8, "unstructuredAddress"            }, /* 123 */
- {                0x0E,       125, 0,  8, "extensionRequest"               }, /* 124 */
- {                0x0F,       126, 0,  8, "S/MIME Capabilities"            }, /* 125 */
- {                0x16,         0, 1,  8, "certTypes"                      }, /* 126 */
- {                  0x01,     128, 0,  9, "X.509"                          }, /* 127 */
- {                  0x02,       0, 0,  9, "SDSI"                           }, /* 128 */
- {              0x0c,           0, 1,  7, "PKCS-12"                        }, /* 129 */
- {                0x01,       137, 1,  8, "pbeIds"                         }, /* 130 */
- {                  0x01,     132, 0,  9, "pbeWithSHAAnd128BitRC4"         }, /* 131 */
- {                  0x02,     133, 0,  9, "pbeWithSHAAnd40BitRC4"          }, /* 132 */
- {                  0x03,     134, 0,  9, "pbeWithSHAAnd3-KeyTripleDES-CBC"}, /* 133 */
- {                  0x04,     135, 0,  9, "pbeWithSHAAnd2-KeyTripleDES-CBC"}, /* 134 */
- {                  0x05,     136, 0,  9, "pbeWithSHAAnd128BitRC2-CBC"     }, /* 135 */
- {                  0x06,       0, 0,  9, "pbeWithSHAAnd40BitRC2-CBC"      }, /* 136 */
- {                0x0a,         0, 1,  8, "PKCS-12v1"                      }, /* 137 */
- {                  0x01,       0, 1,  9, "bagIds"                         }, /* 138 */
- {                    0x01,   140, 0, 10, "keyBag"                         }, /* 139 */
- {                    0x02,   141, 0, 10, "pkcs8ShroudedKeyBag"            }, /* 140 */
- {                    0x03,   142, 0, 10, "certBag"                        }, /* 141 */
- {                    0x04,   143, 0, 10, "crlBag"                         }, /* 142 */
- {                    0x05,   144, 0, 10, "secretBag"                      }, /* 143 */
- {                    0x06,     0, 0, 10, "safeContentsBag"                }, /* 144 */
- {            0x02,           148, 1,  6, "digestAlgorithm"                }, /* 145 */
- {              0x02,         147, 0,  7, "md2"                            }, /* 146 */
- {              0x05,           0, 0,  7, "md5"                            }, /* 147 */
- {            0x03,             0, 1,  6, "encryptionAlgorithm"            }, /* 148 */
- {              0x07,           0, 0,  7, "3des-ede-cbc"                   }, /* 149 */
- {      0xCE,                   0, 1,  3, ""                               }, /* 150 */
- {        0x3D,                 0, 1,  4, "ansi-X9-62"                     }, /* 151 */
- {          0x02,             154, 1,  5, "id-publicKeyType"               }, /* 152 */
- {            0x01,             0, 0,  6, "id-ecPublicKey"                 }, /* 153 */
- {          0x03,             184, 1,  5, "ellipticCurve"                  }, /* 154 */
- {            0x00,           176, 1,  6, "c-TwoCurve"                     }, /* 155 */
- {              0x01,         157, 0,  7, "c2pnb163v1"                     }, /* 156 */
- {              0x02,         158, 0,  7, "c2pnb163v2"                     }, /* 157 */
- {              0x03,         159, 0,  7, "c2pnb163v3"                     }, /* 158 */
- {              0x04,         160, 0,  7, "c2pnb176w1"                     }, /* 159 */
- {              0x05,         161, 0,  7, "c2tnb191v1"                     }, /* 160 */
- {              0x06,         162, 0,  7, "c2tnb191v2"                     }, /* 161 */
- {              0x07,         163, 0,  7, "c2tnb191v3"                     }, /* 162 */
- {              0x08,         164, 0,  7, "c2onb191v4"                     }, /* 163 */
- {              0x09,         165, 0,  7, "c2onb191v5"                     }, /* 164 */
- {              0x0A,         166, 0,  7, "c2pnb208w1"                     }, /* 165 */
- {              0x0B,         167, 0,  7, "c2tnb239v1"                     }, /* 166 */
- {              0x0C,         168, 0,  7, "c2tnb239v2"                     }, /* 167 */
- {              0x0D,         169, 0,  7, "c2tnb239v3"                     }, /* 168 */
- {              0x0E,         170, 0,  7, "c2onb239v4"                     }, /* 169 */
- {              0x0F,         171, 0,  7, "c2onb239v5"                     }, /* 170 */
- {              0x10,         172, 0,  7, "c2pnb272w1"                     }, /* 171 */
- {              0x11,         173, 0,  7, "c2pnb304w1"                     }, /* 172 */
- {              0x12,         174, 0,  7, "c2tnb359v1"                     }, /* 173 */
- {              0x13,         175, 0,  7, "c2pnb368w1"                     }, /* 174 */
- {              0x14,           0, 0,  7, "c2tnb431r1"                     }, /* 175 */
- {            0x01,             0, 1,  6, "primeCurve"                     }, /* 176 */
- {              0x01,         178, 0,  7, "prime192v1"                     }, /* 177 */
- {              0x02,         179, 0,  7, "prime192v2"                     }, /* 178 */
- {              0x03,         180, 0,  7, "prime192v3"                     }, /* 179 */
- {              0x04,         181, 0,  7, "prime239v1"                     }, /* 180 */
- {              0x05,         182, 0,  7, "prime239v2"                     }, /* 181 */
- {              0x06,         183, 0,  7, "prime239v3"                     }, /* 182 */
- {              0x07,           0, 0,  7, "prime256v1"                     }, /* 183 */
- {          0x04,               0, 1,  5, "id-ecSigType"                   }, /* 184 */
- {            0x01,           186, 0,  6, "ecdsa-with-SHA1"                }, /* 185 */
- {            0x03,             0, 1,  6, "ecdsa-with-Specified"           }, /* 186 */
- {              0x01,         188, 0,  7, "ecdsa-with-SHA224"              }, /* 187 */
- {              0x02,         189, 0,  7, "ecdsa-with-SHA256"              }, /* 188 */
- {              0x03,         190, 0,  7, "ecdsa-with-SHA384"              }, /* 189 */
- {              0x04,           0, 0,  7, "ecdsa-with-SHA512"              }, /* 190 */
- {0x2B,                       418, 1,  0, ""                               }, /* 191 */
- {  0x06,                     332, 1,  1, "dod"                            }, /* 192 */
- {    0x01,                     0, 1,  2, "internet"                       }, /* 193 */
- {      0x04,                 283, 1,  3, "private"                        }, /* 194 */
- {        0x01,                 0, 1,  4, "enterprise"                     }, /* 195 */
- {          0x82,             233, 1,  5, ""                               }, /* 196 */
- {            0x37,           209, 1,  6, "Microsoft"                      }, /* 197 */
- {              0x0A,         202, 1,  7, ""                               }, /* 198 */
- {                0x03,         0, 1,  8, ""                               }, /* 199 */
- {                  0x03,     201, 0,  9, "msSGC"                          }, /* 200 */
- {                  0x04,       0, 0,  9, "msEncryptingFileSystem"         }, /* 201 */
- {              0x14,         206, 1,  7, "msEnrollmentInfrastructure"     }, /* 202 */
- {                0x02,         0, 1,  8, "msCertificateTypeExtension"     }, /* 203 */
- {                  0x02,     205, 0,  9, "msSmartcardLogon"               }, /* 204 */
- {                  0x03,       0, 0,  9, "msUPN"                          }, /* 205 */
- {              0x15,           0, 1,  7, "msCertSrvInfrastructure"        }, /* 206 */
- {                0x07,       208, 0,  8, "msCertTemplate"                 }, /* 207 */
- {                0x0A,         0, 0,  8, "msApplicationCertPolicies"      }, /* 208 */
- {            0xA0,             0, 1,  6, ""                               }, /* 209 */
- {              0x2A,           0, 1,  7, "ITA"                            }, /* 210 */
- {                0x01,       212, 0,  8, "strongSwan"                     }, /* 211 */
- {                0x02,       213, 0,  8, "cps"                            }, /* 212 */
- {                0x03,       214, 0,  8, "e-voting"                       }, /* 213 */
- {                0x05,         0, 1,  8, "BLISS"                          }, /* 214 */
- {                  0x01,     217, 1,  9, "keyType"                        }, /* 215 */
- {                    0x01,     0, 0, 10, "blissPublicKey"                 }, /* 216 */
- {                  0x02,     226, 1,  9, "parameters"                     }, /* 217 */
- {                    0x01,   219, 0, 10, "BLISS-I"                        }, /* 218 */
- {                    0x02,   220, 0, 10, "BLISS-II"                       }, /* 219 */
- {                    0x03,   221, 0, 10, "BLISS-III"                      }, /* 220 */
- {                    0x04,   222, 0, 10, "BLISS-IV"                       }, /* 221 */
- {                    0x05,   223, 0, 10, "BLISS-B-I"                      }, /* 222 */
- {                    0x06,   224, 0, 10, "BLISS-B-II"                     }, /* 223 */
- {                    0x07,   225, 0, 10, "BLISS-B-III"                    }, /* 224 */
- {                    0x08,     0, 0, 10, "BLISS-B-IV"                     }, /* 225 */
- {                  0x03,       0, 1,  9, "blissSigType"                   }, /* 226 */
- {                    0x01,   228, 0, 10, "BLISS-with-SHA2-512"            }, /* 227 */
- {                    0x02,   229, 0, 10, "BLISS-with-SHA2-384"            }, /* 228 */
- {                    0x03,   230, 0, 10, "BLISS-with-SHA2-256"            }, /* 229 */
- {                    0x04,   231, 0, 10, "BLISS-with-SHA3-512"            }, /* 230 */
- {                    0x05,   232, 0, 10, "BLISS-with-SHA3-384"            }, /* 231 */
- {                    0x06,     0, 0, 10, "BLISS-with-SHA3-256"            }, /* 232 */
- {          0x89,             240, 1,  5, ""                               }, /* 233 */
- {            0x31,             0, 1,  6, ""                               }, /* 234 */
- {              0x01,           0, 1,  7, ""                               }, /* 235 */
- {                0x01,         0, 1,  8, ""                               }, /* 236 */
- {                  0x02,       0, 1,  9, ""                               }, /* 237 */
- {                    0x02,     0, 1, 10, ""                               }, /* 238 */
- {                      0x4B,   0, 0, 11, "TCGID"                          }, /* 239 */
- {          0x97,             244, 1,  5, ""                               }, /* 240 */
- {            0x55,             0, 1,  6, ""                               }, /* 241 */
- {              0x01,           0, 1,  7, ""                               }, /* 242 */
- {                0x02,         0, 0,  8, "blowfish-cbc"                   }, /* 243 */
- {          0xC1,               0, 1,  5, ""                               }, /* 244 */
- {            0x16,             0, 1,  6, "ntruCryptosystems"              }, /* 245 */
- {              0x01,           0, 1,  7, "eess"                           }, /* 246 */
- {                0x01,         0, 1,  8, "eess1"                          }, /* 247 */
- {                  0x01,     252, 1,  9, "eess1-algs"                     }, /* 248 */
- {                    0x01,   250, 0, 10, "ntru-EESS1v1-SVES"              }, /* 249 */
- {                    0x02,   251, 0, 10, "ntru-EESS1v1-SVSSA"             }, /* 250 */
- {                    0x03,     0, 0, 10, "ntru-EESS1v1-NTRUSign"          }, /* 251 */
- {                  0x02,     282, 1,  9, "eess1-params"                   }, /* 252 */
- {                    0x01,   254, 0, 10, "ees251ep1"                      }, /* 253 */
- {                    0x02,   255, 0, 10, "ees347ep1"                      }, /* 254 */
- {                    0x03,   256, 0, 10, "ees503ep1"                      }, /* 255 */
- {                    0x07,   257, 0, 10, "ees251sp2"                      }, /* 256 */
- {                    0x0C,   258, 0, 10, "ees251ep4"                      }, /* 257 */
- {                    0x0D,   259, 0, 10, "ees251ep5"                      }, /* 258 */
- {                    0x0E,   260, 0, 10, "ees251sp3"                      }, /* 259 */
- {                    0x0F,   261, 0, 10, "ees251sp4"                      }, /* 260 */
- {                    0x10,   262, 0, 10, "ees251sp5"                      }, /* 261 */
- {                    0x11,   263, 0, 10, "ees251sp6"                      }, /* 262 */
- {                    0x12,   264, 0, 10, "ees251sp7"                      }, /* 263 */
- {                    0x13,   265, 0, 10, "ees251sp8"                      }, /* 264 */
- {                    0x14,   266, 0, 10, "ees251sp9"                      }, /* 265 */
- {                    0x22,   267, 0, 10, "ees401ep1"                      }, /* 266 */
- {                    0x23,   268, 0, 10, "ees449ep1"                      }, /* 267 */
- {                    0x24,   269, 0, 10, "ees677ep1"                      }, /* 268 */
- {                    0x25,   270, 0, 10, "ees1087ep2"                     }, /* 269 */
- {                    0x26,   271, 0, 10, "ees541ep1"                      }, /* 270 */
- {                    0x27,   272, 0, 10, "ees613ep1"                      }, /* 271 */
- {                    0x28,   273, 0, 10, "ees887ep1"                      }, /* 272 */
- {                    0x29,   274, 0, 10, "ees1171ep1"                     }, /* 273 */
- {                    0x2A,   275, 0, 10, "ees659ep1"                      }, /* 274 */
- {                    0x2B,   276, 0, 10, "ees761ep1"                      }, /* 275 */
- {                    0x2C,   277, 0, 10, "ees1087ep1"                     }, /* 276 */
- {                    0x2D,   278, 0, 10, "ees1499ep1"                     }, /* 277 */
- {                    0x2E,   279, 0, 10, "ees401ep2"                      }, /* 278 */
- {                    0x2F,   280, 0, 10, "ees439ep1"                      }, /* 279 */
- {                    0x30,   281, 0, 10, "ees593ep1"                      }, /* 280 */
- {                    0x31,     0, 0, 10, "ees743ep1"                      }, /* 281 */
- {                  0x03,       0, 0,  9, "eess1-encodingMethods"          }, /* 282 */
- {      0x05,                   0, 1,  3, "security"                       }, /* 283 */
- {        0x05,                 0, 1,  4, "mechanisms"                     }, /* 284 */
- {          0x07,             329, 1,  5, "id-pkix"                        }, /* 285 */
- {            0x01,           290, 1,  6, "id-pe"                          }, /* 286 */
- {              0x01,         288, 0,  7, "authorityInfoAccess"            }, /* 287 */
- {              0x03,         289, 0,  7, "qcStatements"                   }, /* 288 */
- {              0x07,           0, 0,  7, "ipAddrBlocks"                   }, /* 289 */
- {            0x02,           293, 1,  6, "id-qt"                          }, /* 290 */
- {              0x01,         292, 0,  7, "cps"                            }, /* 291 */
- {              0x02,           0, 0,  7, "unotice"                        }, /* 292 */
- {            0x03,           303, 1,  6, "id-kp"                          }, /* 293 */
- {              0x01,         295, 0,  7, "serverAuth"                     }, /* 294 */
- {              0x02,         296, 0,  7, "clientAuth"                     }, /* 295 */
- {              0x03,         297, 0,  7, "codeSigning"                    }, /* 296 */
- {              0x04,         298, 0,  7, "emailProtection"                }, /* 297 */
- {              0x05,         299, 0,  7, "ipsecEndSystem"                 }, /* 298 */
- {              0x06,         300, 0,  7, "ipsecTunnel"                    }, /* 299 */
- {              0x07,         301, 0,  7, "ipsecUser"                      }, /* 300 */
- {              0x08,         302, 0,  7, "timeStamping"                   }, /* 301 */
- {              0x09,           0, 0,  7, "ocspSigning"                    }, /* 302 */
- {            0x08,           311, 1,  6, "id-otherNames"                  }, /* 303 */
- {              0x01,         305, 0,  7, "personalData"                   }, /* 304 */
- {              0x02,         306, 0,  7, "userGroup"                      }, /* 305 */
- {              0x03,         307, 0,  7, "id-on-permanentIdentifier"      }, /* 306 */
- {              0x04,         308, 0,  7, "id-on-hardwareModuleName"       }, /* 307 */
- {              0x05,         309, 0,  7, "xmppAddr"                       }, /* 308 */
- {              0x06,         310, 0,  7, "id-on-SIM"                      }, /* 309 */
- {              0x07,           0, 0,  7, "id-on-dnsSRV"                   }, /* 310 */
- {            0x0A,           316, 1,  6, "id-aca"                         }, /* 311 */
- {              0x01,         313, 0,  7, "authenticationInfo"             }, /* 312 */
- {              0x02,         314, 0,  7, "accessIdentity"                 }, /* 313 */
- {              0x03,         315, 0,  7, "chargingIdentity"               }, /* 314 */
- {              0x04,           0, 0,  7, "group"                          }, /* 315 */
- {            0x0B,           317, 0,  6, "subjectInfoAccess"              }, /* 316 */
- {            0x30,             0, 1,  6, "id-ad"                          }, /* 317 */
- {              0x01,         326, 1,  7, "ocsp"                           }, /* 318 */
- {                0x01,       320, 0,  8, "basic"                          }, /* 319 */
- {                0x02,       321, 0,  8, "nonce"                          }, /* 320 */
- {                0x03,       322, 0,  8, "crl"                            }, /* 321 */
- {                0x04,       323, 0,  8, "response"                       }, /* 322 */
- {                0x05,       324, 0,  8, "noCheck"                        }, /* 323 */
- {                0x06,       325, 0,  8, "archiveCutoff"                  }, /* 324 */
- {                0x07,         0, 0,  8, "serviceLocator"                 }, /* 325 */
- {              0x02,         327, 0,  7, "caIssuers"                      }, /* 326 */
- {              0x03,         328, 0,  7, "timeStamping"                   }, /* 327 */
- {              0x05,           0, 0,  7, "caRepository"                   }, /* 328 */
- {          0x08,               0, 1,  5, "ipsec"                          }, /* 329 */
- {            0x02,             0, 1,  6, "certificate"                    }, /* 330 */
- {              0x02,           0, 0,  7, "iKEIntermediate"                }, /* 331 */
- {  0x0E,                     338, 1,  1, "oiw"                            }, /* 332 */
- {    0x03,                     0, 1,  2, "secsig"                         }, /* 333 */
- {      0x02,                   0, 1,  3, "algorithms"                     }, /* 334 */
- {        0x07,               336, 0,  4, "des-cbc"                        }, /* 335 */
- {        0x1A,               337, 0,  4, "sha-1"                          }, /* 336 */
- {        0x1D,                 0, 0,  4, "sha-1WithRSASignature"          }, /* 337 */
- {  0x24,                     384, 1,  1, "TeleTrusT"                      }, /* 338 */
- {    0x03,                     0, 1,  2, "algorithm"                      }, /* 339 */
- {      0x03,                   0, 1,  3, "signatureAlgorithm"             }, /* 340 */
- {        0x01,               345, 1,  4, "rsaSignature"                   }, /* 341 */
- {          0x02,             343, 0,  5, "rsaSigWithripemd160"            }, /* 342 */
- {          0x03,             344, 0,  5, "rsaSigWithripemd128"            }, /* 343 */
- {          0x04,               0, 0,  5, "rsaSigWithripemd256"            }, /* 344 */
- {        0x02,                 0, 1,  4, "ecSign"                         }, /* 345 */
- {          0x01,             347, 0,  5, "ecSignWithsha1"                 }, /* 346 */
- {          0x02,             348, 0,  5, "ecSignWithripemd160"            }, /* 347 */
- {          0x03,             349, 0,  5, "ecSignWithmd2"                  }, /* 348 */
- {          0x04,             350, 0,  5, "ecSignWithmd5"                  }, /* 349 */
- {          0x05,             367, 1,  5, "ttt-ecg"                        }, /* 350 */
- {            0x01,           355, 1,  6, "fieldType"                      }, /* 351 */
- {              0x01,           0, 1,  7, "characteristictwoField"         }, /* 352 */
- {                0x01,         0, 1,  8, "basisType"                      }, /* 353 */
- {                  0x01,       0, 0,  9, "ipBasis"                        }, /* 354 */
- {            0x02,           357, 1,  6, "keyType"                        }, /* 355 */
- {              0x01,           0, 0,  7, "ecgPublicKey"                   }, /* 356 */
- {            0x03,           358, 0,  6, "curve"                          }, /* 357 */
- {            0x04,           365, 1,  6, "signatures"                     }, /* 358 */
- {              0x01,         360, 0,  7, "ecgdsa-with-RIPEMD160"          }, /* 359 */
- {              0x02,         361, 0,  7, "ecgdsa-with-SHA1"               }, /* 360 */
- {              0x03,         362, 0,  7, "ecgdsa-with-SHA224"             }, /* 361 */
- {              0x04,         363, 0,  7, "ecgdsa-with-SHA256"             }, /* 362 */
- {              0x05,         364, 0,  7, "ecgdsa-with-SHA384"             }, /* 363 */
- {              0x06,           0, 0,  7, "ecgdsa-with-SHA512"             }, /* 364 */
- {            0x05,             0, 1,  6, "module"                         }, /* 365 */
- {              0x01,           0, 0,  7, "1"                              }, /* 366 */
- {          0x08,               0, 1,  5, "ecStdCurvesAndGeneration"       }, /* 367 */
- {            0x01,             0, 1,  6, "ellipticCurve"                  }, /* 368 */
- {              0x01,           0, 1,  7, "versionOne"                     }, /* 369 */
- {                0x01,       371, 0,  8, "brainpoolP160r1"                }, /* 370 */
- {                0x02,       372, 0,  8, "brainpoolP160t1"                }, /* 371 */
- {                0x03,       373, 0,  8, "brainpoolP192r1"                }, /* 372 */
- {                0x04,       374, 0,  8, "brainpoolP192t1"                }, /* 373 */
- {                0x05,       375, 0,  8, "brainpoolP224r1"                }, /* 374 */
- {                0x06,       376, 0,  8, "brainpoolP224t1"                }, /* 375 */
- {                0x07,       377, 0,  8, "brainpoolP256r1"                }, /* 376 */
- {                0x08,       378, 0,  8, "brainpoolP256t1"                }, /* 377 */
- {                0x09,       379, 0,  8, "brainpoolP320r1"                }, /* 378 */
- {                0x0A,       380, 0,  8, "brainpoolP320t1"                }, /* 379 */
- {                0x0B,       381, 0,  8, "brainpoolP384r1"                }, /* 380 */
- {                0x0C,       382, 0,  8, "brainpoolP384t1"                }, /* 381 */
- {                0x0D,       383, 0,  8, "brainpoolP512r1"                }, /* 382 */
- {                0x0E,         0, 0,  8, "brainpoolP512t1"                }, /* 383 */
- {  0x81,                       0, 1,  1, ""                               }, /* 384 */
- {    0x04,                     0, 1,  2, "Certicom"                       }, /* 385 */
- {      0x00,                   0, 1,  3, "curve"                          }, /* 386 */
- {        0x01,               388, 0,  4, "sect163k1"                      }, /* 387 */
- {        0x02,               389, 0,  4, "sect163r1"                      }, /* 388 */
- {        0x03,               390, 0,  4, "sect239k1"                      }, /* 389 */
- {        0x04,               391, 0,  4, "sect113r1"                      }, /* 390 */
- {        0x05,               392, 0,  4, "sect113r2"                      }, /* 391 */
- {        0x06,               393, 0,  4, "secp112r1"                      }, /* 392 */
- {        0x07,               394, 0,  4, "secp112r2"                      }, /* 393 */
- {        0x08,               395, 0,  4, "secp160r1"                      }, /* 394 */
- {        0x09,               396, 0,  4, "secp160k1"                      }, /* 395 */
- {        0x0A,               397, 0,  4, "secp256k1"                      }, /* 396 */
- {        0x0F,               398, 0,  4, "sect163r2"                      }, /* 397 */
- {        0x10,               399, 0,  4, "sect283k1"                      }, /* 398 */
- {        0x11,               400, 0,  4, "sect283r1"                      }, /* 399 */
- {        0x16,               401, 0,  4, "sect131r1"                      }, /* 400 */
- {        0x17,               402, 0,  4, "sect131r2"                      }, /* 401 */
- {        0x18,               403, 0,  4, "sect193r1"                      }, /* 402 */
- {        0x19,               404, 0,  4, "sect193r2"                      }, /* 403 */
- {        0x1A,               405, 0,  4, "sect233k1"                      }, /* 404 */
- {        0x1B,               406, 0,  4, "sect233r1"                      }, /* 405 */
- {        0x1C,               407, 0,  4, "secp128r1"                      }, /* 406 */
- {        0x1D,               408, 0,  4, "secp128r2"                      }, /* 407 */
- {        0x1E,               409, 0,  4, "secp160r2"                      }, /* 408 */
- {        0x1F,               410, 0,  4, "secp192k1"                      }, /* 409 */
- {        0x20,               411, 0,  4, "secp224k1"                      }, /* 410 */
- {        0x21,               412, 0,  4, "secp224r1"                      }, /* 411 */
- {        0x22,               413, 0,  4, "secp384r1"                      }, /* 412 */
- {        0x23,               414, 0,  4, "secp521r1"                      }, /* 413 */
- {        0x24,               415, 0,  4, "sect409k1"                      }, /* 414 */
- {        0x25,               416, 0,  4, "sect409r1"                      }, /* 415 */
- {        0x26,               417, 0,  4, "sect571k1"                      }, /* 416 */
- {        0x27,                 0, 0,  4, "sect571r1"                      }, /* 417 */
- {0x60,                       472, 1,  0, ""                               }, /* 418 */
- {  0x86,                       0, 1,  1, ""                               }, /* 419 */
- {    0x48,                     0, 1,  2, ""                               }, /* 420 */
- {      0x01,                   0, 1,  3, "organization"                   }, /* 421 */
- {        0x65,               448, 1,  4, "gov"                            }, /* 422 */
- {          0x03,               0, 1,  5, "csor"                           }, /* 423 */
- {            0x04,             0, 1,  6, "nistalgorithm"                  }, /* 424 */
- {              0x01,         435, 1,  7, "aes"                            }, /* 425 */
- {                0x02,       427, 0,  8, "id-aes128-CBC"                  }, /* 426 */
- {                0x06,       428, 0,  8, "id-aes128-GCM"                  }, /* 427 */
- {                0x07,       429, 0,  8, "id-aes128-CCM"                  }, /* 428 */
- {                0x16,       430, 0,  8, "id-aes192-CBC"                  }, /* 429 */
- {                0x1A,       431, 0,  8, "id-aes192-GCM"                  }, /* 430 */
- {                0x1B,       432, 0,  8, "id-aes192-CCM"                  }, /* 431 */
- {                0x2A,       433, 0,  8, "id-aes256-CBC"                  }, /* 432 */
- {                0x2E,       434, 0,  8, "id-aes256-GCM"                  }, /* 433 */
- {                0x2F,         0, 0,  8, "id-aes256-CCM"                  }, /* 434 */
- {              0x02,           0, 1,  7, "hashalgs"                       }, /* 435 */
- {                0x01,       437, 0,  8, "id-sha256"                      }, /* 436 */
- {                0x02,       438, 0,  8, "id-sha384"                      }, /* 437 */
- {                0x03,       439, 0,  8, "id-sha512"                      }, /* 438 */
- {                0x04,       440, 0,  8, "id-sha224"                      }, /* 439 */
- {                0x05,       441, 0,  8, "id-sha512-224"                  }, /* 440 */
- {                0x06,       442, 0,  8, "id-sha512-256"                  }, /* 441 */
- {                0x07,       443, 0,  8, "id-sha3-224"                    }, /* 442 */
- {                0x08,       444, 0,  8, "id-sha3-256"                    }, /* 443 */
- {                0x09,       445, 0,  8, "id-sha3-384"                    }, /* 444 */
- {                0x0A,       446, 0,  8, "id-sha3-512"                    }, /* 445 */
- {                0x0B,       447, 0,  8, "id-shake128"                    }, /* 446 */
- {                0x0C,         0, 0,  8, "id-shake256"                    }, /* 447 */
- {        0x86,                 0, 1,  4, ""                               }, /* 448 */
- {          0xf8,               0, 1,  5, ""                               }, /* 449 */
- {            0x42,           462, 1,  6, "netscape"                       }, /* 450 */
- {              0x01,         457, 1,  7, ""                               }, /* 451 */
- {                0x01,       453, 0,  8, "nsCertType"                     }, /* 452 */
- {                0x03,       454, 0,  8, "nsRevocationUrl"                }, /* 453 */
- {                0x04,       455, 0,  8, "nsCaRevocationUrl"              }, /* 454 */
- {                0x08,       456, 0,  8, "nsCaPolicyUrl"                  }, /* 455 */
- {                0x0d,         0, 0,  8, "nsComment"                      }, /* 456 */
- {              0x03,         460, 1,  7, "directory"                      }, /* 457 */
- {                0x01,         0, 1,  8, ""                               }, /* 458 */
- {                  0x03,       0, 0,  9, "employeeNumber"                 }, /* 459 */
- {              0x04,           0, 1,  7, "policy"                         }, /* 460 */
- {                0x01,         0, 0,  8, "nsSGC"                          }, /* 461 */
- {            0x45,             0, 1,  6, "verisign"                       }, /* 462 */
- {              0x01,           0, 1,  7, "pki"                            }, /* 463 */
- {                0x09,         0, 1,  8, "attributes"                     }, /* 464 */
- {                  0x02,     466, 0,  9, "messageType"                    }, /* 465 */
- {                  0x03,     467, 0,  9, "pkiStatus"                      }, /* 466 */
- {                  0x04,     468, 0,  9, "failInfo"                       }, /* 467 */
- {                  0x05,     469, 0,  9, "senderNonce"                    }, /* 468 */
- {                  0x06,     470, 0,  9, "recipientNonce"                 }, /* 469 */
- {                  0x07,     471, 0,  9, "transID"                        }, /* 470 */
- {                  0x08,       0, 0,  9, "extensionReq"                   }, /* 471 */
- {0x67,                         0, 1,  0, ""                               }, /* 472 */
- {  0x81,                       0, 1,  1, ""                               }, /* 473 */
- {    0x05,                     0, 1,  2, ""                               }, /* 474 */
- {      0x02,                   0, 1,  3, "tcg-attribute"                  }, /* 475 */
- {        0x01,               477, 0,  4, "tcg-at-tpmManufacturer"         }, /* 476 */
- {        0x02,               478, 0,  4, "tcg-at-tpmModel"                }, /* 477 */
- {        0x03,               479, 0,  4, "tcg-at-tpmVersion"              }, /* 478 */
- {        0x0F,                 0, 0,  4, "tcg-at-tpmIdLabel"              }  /* 479 */
+ {0x02,                         7, 1,  0, "ITU-T Administration"            }, /*   0 */
+ {  0x82,                       0, 1,  1, ""                                }, /*   1 */
+ {    0x06,                     0, 1,  2, "Germany ITU-T member"            }, /*   2 */
+ {      0x01,                   0, 1,  3, "Deutsche Telekom AG"             }, /*   3 */
+ {        0x0A,                 0, 1,  4, ""                                }, /*   4 */
+ {          0x07,               0, 1,  5, ""                                }, /*   5 */
+ {            0x14,             0, 0,  6, "ND"                              }, /*   6 */
+ {0x09,                        18, 1,  0, "data"                            }, /*   7 */
+ {  0x92,                       0, 1,  1, ""                                }, /*   8 */
+ {    0x26,                     0, 1,  2, ""                                }, /*   9 */
+ {      0x89,                   0, 1,  3, ""                                }, /*  10 */
+ {        0x93,                 0, 1,  4, ""                                }, /*  11 */
+ {          0xF2,               0, 1,  5, ""                                }, /*  12 */
+ {            0x2C,             0, 1,  6, ""                                }, /*  13 */
+ {              0x64,           0, 1,  7, "pilot"                           }, /*  14 */
+ {                0x01,         0, 1,  8, "pilotAttributeType"              }, /*  15 */
+ {                  0x01,      17, 0,  9, "UID"                             }, /*  16 */
+ {                  0x19,       0, 0,  9, "DC"                              }, /*  17 */
+ {0x55,                        67, 1,  0, "X.500"                           }, /*  18 */
+ {  0x04,                      39, 1,  1, "X.509"                           }, /*  19 */
+ {    0x03,                    21, 0,  2, "CN"                              }, /*  20 */
+ {    0x04,                    22, 0,  2, "S"                               }, /*  21 */
+ {    0x05,                    23, 0,  2, "SN"                              }, /*  22 */
+ {    0x06,                    24, 0,  2, "C"                               }, /*  23 */
+ {    0x07,                    25, 0,  2, "L"                               }, /*  24 */
+ {    0x08,                    26, 0,  2, "ST"                              }, /*  25 */
+ {    0x0A,                    27, 0,  2, "O"                               }, /*  26 */
+ {    0x0B,                    28, 0,  2, "OU"                              }, /*  27 */
+ {    0x0C,                    29, 0,  2, "T"                               }, /*  28 */
+ {    0x0D,                    30, 0,  2, "D"                               }, /*  29 */
+ {    0x24,                    31, 0,  2, "userCertificate"                 }, /*  30 */
+ {    0x29,                    32, 0,  2, "N"                               }, /*  31 */
+ {    0x2A,                    33, 0,  2, "G"                               }, /*  32 */
+ {    0x2B,                    34, 0,  2, "I"                               }, /*  33 */
+ {    0x2D,                    35, 0,  2, "ID"                              }, /*  34 */
+ {    0x2E,                    36, 0,  2, "dnQualifier"                     }, /*  35 */
+ {    0x36,                    37, 0,  2, "dmdName"                         }, /*  36 */
+ {    0x41,                    38, 0,  2, "pseudonym"                       }, /*  37 */
+ {    0x48,                     0, 0,  2, "role"                            }, /*  38 */
+ {  0x1D,                       0, 1,  1, "id-ce"                           }, /*  39 */
+ {    0x09,                    41, 0,  2, "subjectDirectoryAttrs"           }, /*  40 */
+ {    0x0E,                    42, 0,  2, "subjectKeyIdentifier"            }, /*  41 */
+ {    0x0F,                    43, 0,  2, "keyUsage"                        }, /*  42 */
+ {    0x10,                    44, 0,  2, "privateKeyUsagePeriod"           }, /*  43 */
+ {    0x11,                    45, 0,  2, "subjectAltName"                  }, /*  44 */
+ {    0x12,                    46, 0,  2, "issuerAltName"                   }, /*  45 */
+ {    0x13,                    47, 0,  2, "basicConstraints"                }, /*  46 */
+ {    0x14,                    48, 0,  2, "crlNumber"                       }, /*  47 */
+ {    0x15,                    49, 0,  2, "reasonCode"                      }, /*  48 */
+ {    0x17,                    50, 0,  2, "holdInstructionCode"             }, /*  49 */
+ {    0x18,                    51, 0,  2, "invalidityDate"                  }, /*  50 */
+ {    0x1B,                    52, 0,  2, "deltaCrlIndicator"               }, /*  51 */
+ {    0x1C,                    53, 0,  2, "issuingDistributionPoint"        }, /*  52 */
+ {    0x1D,                    54, 0,  2, "certificateIssuer"               }, /*  53 */
+ {    0x1E,                    55, 0,  2, "nameConstraints"                 }, /*  54 */
+ {    0x1F,                    56, 0,  2, "crlDistributionPoints"           }, /*  55 */
+ {    0x20,                    58, 1,  2, "certificatePolicies"             }, /*  56 */
+ {      0x00,                   0, 0,  3, "anyPolicy"                       }, /*  57 */
+ {    0x21,                    59, 0,  2, "policyMappings"                  }, /*  58 */
+ {    0x23,                    60, 0,  2, "authorityKeyIdentifier"          }, /*  59 */
+ {    0x24,                    61, 0,  2, "policyConstraints"               }, /*  60 */
+ {    0x25,                    63, 1,  2, "extendedKeyUsage"                }, /*  61 */
+ {      0x00,                   0, 0,  3, "anyExtendedKeyUsage"             }, /*  62 */
+ {    0x2E,                    64, 0,  2, "freshestCRL"                     }, /*  63 */
+ {    0x36,                    65, 0,  2, "inhibitAnyPolicy"                }, /*  64 */
+ {    0x37,                    66, 0,  2, "targetInformation"               }, /*  65 */
+ {    0x38,                     0, 0,  2, "noRevAvail"                      }, /*  66 */
+ {0x2A,                       191, 1,  0, ""                                }, /*  67 */
+ {  0x83,                      80, 1,  1, ""                                }, /*  68 */
+ {    0x08,                     0, 1,  2, "jp"                              }, /*  69 */
+ {      0x8C,                   0, 1,  3, ""                                }, /*  70 */
+ {        0x9A,                 0, 1,  4, ""                                }, /*  71 */
+ {          0x4B,               0, 1,  5, ""                                }, /*  72 */
+ {            0x3D,             0, 1,  6, ""                                }, /*  73 */
+ {              0x01,           0, 1,  7, "security"                        }, /*  74 */
+ {                0x01,         0, 1,  8, "algorithm"                       }, /*  75 */
+ {                  0x01,       0, 1,  9, "symm-encryption-alg"             }, /*  76 */
+ {                    0x02,    78, 0, 10, "camellia128-cbc"                 }, /*  77 */
+ {                    0x03,    79, 0, 10, "camellia192-cbc"                 }, /*  78 */
+ {                    0x04,     0, 0, 10, "camellia256-cbc"                 }, /*  79 */
+ {  0x86,                       0, 1,  1, ""                                }, /*  80 */
+ {    0x48,                     0, 1,  2, "us"                              }, /*  81 */
+ {      0x86,                 150, 1,  3, ""                                }, /*  82 */
+ {        0xF6,                88, 1,  4, ""                                }, /*  83 */
+ {          0x7D,               0, 1,  5, "NortelNetworks"                  }, /*  84 */
+ {            0x07,             0, 1,  6, "Entrust"                         }, /*  85 */
+ {              0x41,           0, 1,  7, "nsn-ce"                          }, /*  86 */
+ {                0x00,         0, 0,  8, "entrustVersInfo"                 }, /*  87 */
+ {        0xF7,                 0, 1,  4, ""                                }, /*  88 */
+ {          0x0D,               0, 1,  5, "RSADSI"                          }, /*  89 */
+ {            0x01,           145, 1,  6, "PKCS"                            }, /*  90 */
+ {              0x01,         103, 1,  7, "PKCS-1"                          }, /*  91 */
+ {                0x01,        93, 0,  8, "rsaEncryption"                   }, /*  92 */
+ {                0x02,        94, 0,  8, "md2WithRSAEncryption"            }, /*  93 */
+ {                0x04,        95, 0,  8, "md5WithRSAEncryption"            }, /*  94 */
+ {                0x05,        96, 0,  8, "sha-1WithRSAEncryption"          }, /*  95 */
+ {                0x07,        97, 0,  8, "id-RSAES-OAEP"                   }, /*  96 */
+ {                0x08,        98, 0,  8, "id-mgf1"                         }, /*  97 */
+ {                0x09,        99, 0,  8, "id-pSpecified"                   }, /*  98 */
+ {                0x0B,       100, 0,  8, "sha256WithRSAEncryption"         }, /*  99 */
+ {                0x0C,       101, 0,  8, "sha384WithRSAEncryption"         }, /* 100 */
+ {                0x0D,       102, 0,  8, "sha512WithRSAEncryption"         }, /* 101 */
+ {                0x0E,         0, 0,  8, "sha224WithRSAEncryption"         }, /* 102 */
+ {              0x05,         108, 1,  7, "PKCS-5"                          }, /* 103 */
+ {                0x03,       105, 0,  8, "pbeWithMD5AndDES-CBC"            }, /* 104 */
+ {                0x0A,       106, 0,  8, "pbeWithSHA1AndDES-CBC"           }, /* 105 */
+ {                0x0C,       107, 0,  8, "id-PBKDF2"                       }, /* 106 */
+ {                0x0D,         0, 0,  8, "id-PBES2"                        }, /* 107 */
+ {              0x07,         115, 1,  7, "PKCS-7"                          }, /* 108 */
+ {                0x01,       110, 0,  8, "data"                            }, /* 109 */
+ {                0x02,       111, 0,  8, "signedData"                      }, /* 110 */
+ {                0x03,       112, 0,  8, "envelopedData"                   }, /* 111 */
+ {                0x04,       113, 0,  8, "signedAndEnvelopedData"          }, /* 112 */
+ {                0x05,       114, 0,  8, "digestedData"                    }, /* 113 */
+ {                0x06,         0, 0,  8, "encryptedData"                   }, /* 114 */
+ {              0x09,         129, 1,  7, "PKCS-9"                          }, /* 115 */
+ {                0x01,       117, 0,  8, "E"                               }, /* 116 */
+ {                0x02,       118, 0,  8, "unstructuredName"                }, /* 117 */
+ {                0x03,       119, 0,  8, "contentType"                     }, /* 118 */
+ {                0x04,       120, 0,  8, "messageDigest"                   }, /* 119 */
+ {                0x05,       121, 0,  8, "signingTime"                     }, /* 120 */
+ {                0x06,       122, 0,  8, "counterSignature"                }, /* 121 */
+ {                0x07,       123, 0,  8, "challengePassword"               }, /* 122 */
+ {                0x08,       124, 0,  8, "unstructuredAddress"             }, /* 123 */
+ {                0x0E,       125, 0,  8, "extensionRequest"                }, /* 124 */
+ {                0x0F,       126, 0,  8, "S/MIME Capabilities"             }, /* 125 */
+ {                0x16,         0, 1,  8, "certTypes"                       }, /* 126 */
+ {                  0x01,     128, 0,  9, "X.509"                           }, /* 127 */
+ {                  0x02,       0, 0,  9, "SDSI"                            }, /* 128 */
+ {              0x0c,           0, 1,  7, "PKCS-12"                         }, /* 129 */
+ {                0x01,       137, 1,  8, "pbeIds"                          }, /* 130 */
+ {                  0x01,     132, 0,  9, "pbeWithSHAAnd128BitRC4"          }, /* 131 */
+ {                  0x02,     133, 0,  9, "pbeWithSHAAnd40BitRC4"           }, /* 132 */
+ {                  0x03,     134, 0,  9, "pbeWithSHAAnd3-KeyTripleDES-CBC" }, /* 133 */
+ {                  0x04,     135, 0,  9, "pbeWithSHAAnd2-KeyTripleDES-CBC" }, /* 134 */
+ {                  0x05,     136, 0,  9, "pbeWithSHAAnd128BitRC2-CBC"      }, /* 135 */
+ {                  0x06,       0, 0,  9, "pbeWithSHAAnd40BitRC2-CBC"       }, /* 136 */
+ {                0x0a,         0, 1,  8, "PKCS-12v1"                       }, /* 137 */
+ {                  0x01,       0, 1,  9, "bagIds"                          }, /* 138 */
+ {                    0x01,   140, 0, 10, "keyBag"                          }, /* 139 */
+ {                    0x02,   141, 0, 10, "pkcs8ShroudedKeyBag"             }, /* 140 */
+ {                    0x03,   142, 0, 10, "certBag"                         }, /* 141 */
+ {                    0x04,   143, 0, 10, "crlBag"                          }, /* 142 */
+ {                    0x05,   144, 0, 10, "secretBag"                       }, /* 143 */
+ {                    0x06,     0, 0, 10, "safeContentsBag"                 }, /* 144 */
+ {            0x02,           148, 1,  6, "digestAlgorithm"                 }, /* 145 */
+ {              0x02,         147, 0,  7, "md2"                             }, /* 146 */
+ {              0x05,           0, 0,  7, "md5"                             }, /* 147 */
+ {            0x03,             0, 1,  6, "encryptionAlgorithm"             }, /* 148 */
+ {              0x07,           0, 0,  7, "3des-ede-cbc"                    }, /* 149 */
+ {      0xCE,                   0, 1,  3, ""                                }, /* 150 */
+ {        0x3D,                 0, 1,  4, "ansi-X9-62"                      }, /* 151 */
+ {          0x02,             154, 1,  5, "id-publicKeyType"                }, /* 152 */
+ {            0x01,             0, 0,  6, "id-ecPublicKey"                  }, /* 153 */
+ {          0x03,             184, 1,  5, "ellipticCurve"                   }, /* 154 */
+ {            0x00,           176, 1,  6, "c-TwoCurve"                      }, /* 155 */
+ {              0x01,         157, 0,  7, "c2pnb163v1"                      }, /* 156 */
+ {              0x02,         158, 0,  7, "c2pnb163v2"                      }, /* 157 */
+ {              0x03,         159, 0,  7, "c2pnb163v3"                      }, /* 158 */
+ {              0x04,         160, 0,  7, "c2pnb176w1"                      }, /* 159 */
+ {              0x05,         161, 0,  7, "c2tnb191v1"                      }, /* 160 */
+ {              0x06,         162, 0,  7, "c2tnb191v2"                      }, /* 161 */
+ {              0x07,         163, 0,  7, "c2tnb191v3"                      }, /* 162 */
+ {              0x08,         164, 0,  7, "c2onb191v4"                      }, /* 163 */
+ {              0x09,         165, 0,  7, "c2onb191v5"                      }, /* 164 */
+ {              0x0A,         166, 0,  7, "c2pnb208w1"                      }, /* 165 */
+ {              0x0B,         167, 0,  7, "c2tnb239v1"                      }, /* 166 */
+ {              0x0C,         168, 0,  7, "c2tnb239v2"                      }, /* 167 */
+ {              0x0D,         169, 0,  7, "c2tnb239v3"                      }, /* 168 */
+ {              0x0E,         170, 0,  7, "c2onb239v4"                      }, /* 169 */
+ {              0x0F,         171, 0,  7, "c2onb239v5"                      }, /* 170 */
+ {              0x10,         172, 0,  7, "c2pnb272w1"                      }, /* 171 */
+ {              0x11,         173, 0,  7, "c2pnb304w1"                      }, /* 172 */
+ {              0x12,         174, 0,  7, "c2tnb359v1"                      }, /* 173 */
+ {              0x13,         175, 0,  7, "c2pnb368w1"                      }, /* 174 */
+ {              0x14,           0, 0,  7, "c2tnb431r1"                      }, /* 175 */
+ {            0x01,             0, 1,  6, "primeCurve"                      }, /* 176 */
+ {              0x01,         178, 0,  7, "prime192v1"                      }, /* 177 */
+ {              0x02,         179, 0,  7, "prime192v2"                      }, /* 178 */
+ {              0x03,         180, 0,  7, "prime192v3"                      }, /* 179 */
+ {              0x04,         181, 0,  7, "prime239v1"                      }, /* 180 */
+ {              0x05,         182, 0,  7, "prime239v2"                      }, /* 181 */
+ {              0x06,         183, 0,  7, "prime239v3"                      }, /* 182 */
+ {              0x07,           0, 0,  7, "prime256v1"                      }, /* 183 */
+ {          0x04,               0, 1,  5, "id-ecSigType"                    }, /* 184 */
+ {            0x01,           186, 0,  6, "ecdsa-with-SHA1"                 }, /* 185 */
+ {            0x03,             0, 1,  6, "ecdsa-with-Specified"            }, /* 186 */
+ {              0x01,         188, 0,  7, "ecdsa-with-SHA224"               }, /* 187 */
+ {              0x02,         189, 0,  7, "ecdsa-with-SHA256"               }, /* 188 */
+ {              0x03,         190, 0,  7, "ecdsa-with-SHA384"               }, /* 189 */
+ {              0x04,           0, 0,  7, "ecdsa-with-SHA512"               }, /* 190 */
+ {0x2B,                       418, 1,  0, ""                                }, /* 191 */
+ {  0x06,                     332, 1,  1, "dod"                             }, /* 192 */
+ {    0x01,                     0, 1,  2, "internet"                        }, /* 193 */
+ {      0x04,                 283, 1,  3, "private"                         }, /* 194 */
+ {        0x01,                 0, 1,  4, "enterprise"                      }, /* 195 */
+ {          0x82,             233, 1,  5, ""                                }, /* 196 */
+ {            0x37,           209, 1,  6, "Microsoft"                       }, /* 197 */
+ {              0x0A,         202, 1,  7, ""                                }, /* 198 */
+ {                0x03,         0, 1,  8, ""                                }, /* 199 */
+ {                  0x03,     201, 0,  9, "msSGC"                           }, /* 200 */
+ {                  0x04,       0, 0,  9, "msEncryptingFileSystem"          }, /* 201 */
+ {              0x14,         206, 1,  7, "msEnrollmentInfrastructure"      }, /* 202 */
+ {                0x02,         0, 1,  8, "msCertificateTypeExtension"      }, /* 203 */
+ {                  0x02,     205, 0,  9, "msSmartcardLogon"                }, /* 204 */
+ {                  0x03,       0, 0,  9, "msUPN"                           }, /* 205 */
+ {              0x15,           0, 1,  7, "msCertSrvInfrastructure"         }, /* 206 */
+ {                0x07,       208, 0,  8, "msCertTemplate"                  }, /* 207 */
+ {                0x0A,         0, 0,  8, "msApplicationCertPolicies"       }, /* 208 */
+ {            0xA0,             0, 1,  6, ""                                }, /* 209 */
+ {              0x2A,           0, 1,  7, "ITA"                             }, /* 210 */
+ {                0x01,       212, 0,  8, "strongSwan"                      }, /* 211 */
+ {                0x02,       213, 0,  8, "cps"                             }, /* 212 */
+ {                0x03,       214, 0,  8, "e-voting"                        }, /* 213 */
+ {                0x05,         0, 1,  8, "BLISS"                           }, /* 214 */
+ {                  0x01,     217, 1,  9, "keyType"                         }, /* 215 */
+ {                    0x01,     0, 0, 10, "blissPublicKey"                  }, /* 216 */
+ {                  0x02,     226, 1,  9, "parameters"                      }, /* 217 */
+ {                    0x01,   219, 0, 10, "BLISS-I"                         }, /* 218 */
+ {                    0x02,   220, 0, 10, "BLISS-II"                        }, /* 219 */
+ {                    0x03,   221, 0, 10, "BLISS-III"                       }, /* 220 */
+ {                    0x04,   222, 0, 10, "BLISS-IV"                        }, /* 221 */
+ {                    0x05,   223, 0, 10, "BLISS-B-I"                       }, /* 222 */
+ {                    0x06,   224, 0, 10, "BLISS-B-II"                      }, /* 223 */
+ {                    0x07,   225, 0, 10, "BLISS-B-III"                     }, /* 224 */
+ {                    0x08,     0, 0, 10, "BLISS-B-IV"                      }, /* 225 */
+ {                  0x03,       0, 1,  9, "blissSigType"                    }, /* 226 */
+ {                    0x01,   228, 0, 10, "BLISS-with-SHA2-512"             }, /* 227 */
+ {                    0x02,   229, 0, 10, "BLISS-with-SHA2-384"             }, /* 228 */
+ {                    0x03,   230, 0, 10, "BLISS-with-SHA2-256"             }, /* 229 */
+ {                    0x04,   231, 0, 10, "BLISS-with-SHA3-512"             }, /* 230 */
+ {                    0x05,   232, 0, 10, "BLISS-with-SHA3-384"             }, /* 231 */
+ {                    0x06,     0, 0, 10, "BLISS-with-SHA3-256"             }, /* 232 */
+ {          0x89,             240, 1,  5, ""                                }, /* 233 */
+ {            0x31,             0, 1,  6, ""                                }, /* 234 */
+ {              0x01,           0, 1,  7, ""                                }, /* 235 */
+ {                0x01,         0, 1,  8, ""                                }, /* 236 */
+ {                  0x02,       0, 1,  9, ""                                }, /* 237 */
+ {                    0x02,     0, 1, 10, ""                                }, /* 238 */
+ {                      0x4B,   0, 0, 11, "TCGID"                           }, /* 239 */
+ {          0x97,             244, 1,  5, ""                                }, /* 240 */
+ {            0x55,             0, 1,  6, ""                                }, /* 241 */
+ {              0x01,           0, 1,  7, ""                                }, /* 242 */
+ {                0x02,         0, 0,  8, "blowfish-cbc"                    }, /* 243 */
+ {          0xC1,               0, 1,  5, ""                                }, /* 244 */
+ {            0x16,             0, 1,  6, "ntruCryptosystems"               }, /* 245 */
+ {              0x01,           0, 1,  7, "eess"                            }, /* 246 */
+ {                0x01,         0, 1,  8, "eess1"                           }, /* 247 */
+ {                  0x01,     252, 1,  9, "eess1-algs"                      }, /* 248 */
+ {                    0x01,   250, 0, 10, "ntru-EESS1v1-SVES"               }, /* 249 */
+ {                    0x02,   251, 0, 10, "ntru-EESS1v1-SVSSA"              }, /* 250 */
+ {                    0x03,     0, 0, 10, "ntru-EESS1v1-NTRUSign"           }, /* 251 */
+ {                  0x02,     282, 1,  9, "eess1-params"                    }, /* 252 */
+ {                    0x01,   254, 0, 10, "ees251ep1"                       }, /* 253 */
+ {                    0x02,   255, 0, 10, "ees347ep1"                       }, /* 254 */
+ {                    0x03,   256, 0, 10, "ees503ep1"                       }, /* 255 */
+ {                    0x07,   257, 0, 10, "ees251sp2"                       }, /* 256 */
+ {                    0x0C,   258, 0, 10, "ees251ep4"                       }, /* 257 */
+ {                    0x0D,   259, 0, 10, "ees251ep5"                       }, /* 258 */
+ {                    0x0E,   260, 0, 10, "ees251sp3"                       }, /* 259 */
+ {                    0x0F,   261, 0, 10, "ees251sp4"                       }, /* 260 */
+ {                    0x10,   262, 0, 10, "ees251sp5"                       }, /* 261 */
+ {                    0x11,   263, 0, 10, "ees251sp6"                       }, /* 262 */
+ {                    0x12,   264, 0, 10, "ees251sp7"                       }, /* 263 */
+ {                    0x13,   265, 0, 10, "ees251sp8"                       }, /* 264 */
+ {                    0x14,   266, 0, 10, "ees251sp9"                       }, /* 265 */
+ {                    0x22,   267, 0, 10, "ees401ep1"                       }, /* 266 */
+ {                    0x23,   268, 0, 10, "ees449ep1"                       }, /* 267 */
+ {                    0x24,   269, 0, 10, "ees677ep1"                       }, /* 268 */
+ {                    0x25,   270, 0, 10, "ees1087ep2"                      }, /* 269 */
+ {                    0x26,   271, 0, 10, "ees541ep1"                       }, /* 270 */
+ {                    0x27,   272, 0, 10, "ees613ep1"                       }, /* 271 */
+ {                    0x28,   273, 0, 10, "ees887ep1"                       }, /* 272 */
+ {                    0x29,   274, 0, 10, "ees1171ep1"                      }, /* 273 */
+ {                    0x2A,   275, 0, 10, "ees659ep1"                       }, /* 274 */
+ {                    0x2B,   276, 0, 10, "ees761ep1"                       }, /* 275 */
+ {                    0x2C,   277, 0, 10, "ees1087ep1"                      }, /* 276 */
+ {                    0x2D,   278, 0, 10, "ees1499ep1"                      }, /* 277 */
+ {                    0x2E,   279, 0, 10, "ees401ep2"                       }, /* 278 */
+ {                    0x2F,   280, 0, 10, "ees439ep1"                       }, /* 279 */
+ {                    0x30,   281, 0, 10, "ees593ep1"                       }, /* 280 */
+ {                    0x31,     0, 0, 10, "ees743ep1"                       }, /* 281 */
+ {                  0x03,       0, 0,  9, "eess1-encodingMethods"           }, /* 282 */
+ {      0x05,                   0, 1,  3, "security"                        }, /* 283 */
+ {        0x05,                 0, 1,  4, "mechanisms"                      }, /* 284 */
+ {          0x07,             329, 1,  5, "id-pkix"                         }, /* 285 */
+ {            0x01,           290, 1,  6, "id-pe"                           }, /* 286 */
+ {              0x01,         288, 0,  7, "authorityInfoAccess"             }, /* 287 */
+ {              0x03,         289, 0,  7, "qcStatements"                    }, /* 288 */
+ {              0x07,           0, 0,  7, "ipAddrBlocks"                    }, /* 289 */
+ {            0x02,           293, 1,  6, "id-qt"                           }, /* 290 */
+ {              0x01,         292, 0,  7, "cps"                             }, /* 291 */
+ {              0x02,           0, 0,  7, "unotice"                         }, /* 292 */
+ {            0x03,           303, 1,  6, "id-kp"                           }, /* 293 */
+ {              0x01,         295, 0,  7, "serverAuth"                      }, /* 294 */
+ {              0x02,         296, 0,  7, "clientAuth"                      }, /* 295 */
+ {              0x03,         297, 0,  7, "codeSigning"                     }, /* 296 */
+ {              0x04,         298, 0,  7, "emailProtection"                 }, /* 297 */
+ {              0x05,         299, 0,  7, "ipsecEndSystem"                  }, /* 298 */
+ {              0x06,         300, 0,  7, "ipsecTunnel"                     }, /* 299 */
+ {              0x07,         301, 0,  7, "ipsecUser"                       }, /* 300 */
+ {              0x08,         302, 0,  7, "timeStamping"                    }, /* 301 */
+ {              0x09,           0, 0,  7, "ocspSigning"                     }, /* 302 */
+ {            0x08,           311, 1,  6, "id-otherNames"                   }, /* 303 */
+ {              0x01,         305, 0,  7, "personalData"                    }, /* 304 */
+ {              0x02,         306, 0,  7, "userGroup"                       }, /* 305 */
+ {              0x03,         307, 0,  7, "id-on-permanentIdentifier"       }, /* 306 */
+ {              0x04,         308, 0,  7, "id-on-hardwareModuleName"        }, /* 307 */
+ {              0x05,         309, 0,  7, "xmppAddr"                        }, /* 308 */
+ {              0x06,         310, 0,  7, "id-on-SIM"                       }, /* 309 */
+ {              0x07,           0, 0,  7, "id-on-dnsSRV"                    }, /* 310 */
+ {            0x0A,           316, 1,  6, "id-aca"                          }, /* 311 */
+ {              0x01,         313, 0,  7, "authenticationInfo"              }, /* 312 */
+ {              0x02,         314, 0,  7, "accessIdentity"                  }, /* 313 */
+ {              0x03,         315, 0,  7, "chargingIdentity"                }, /* 314 */
+ {              0x04,           0, 0,  7, "group"                           }, /* 315 */
+ {            0x0B,           317, 0,  6, "subjectInfoAccess"               }, /* 316 */
+ {            0x30,             0, 1,  6, "id-ad"                           }, /* 317 */
+ {              0x01,         326, 1,  7, "ocsp"                            }, /* 318 */
+ {                0x01,       320, 0,  8, "basic"                           }, /* 319 */
+ {                0x02,       321, 0,  8, "nonce"                           }, /* 320 */
+ {                0x03,       322, 0,  8, "crl"                             }, /* 321 */
+ {                0x04,       323, 0,  8, "response"                        }, /* 322 */
+ {                0x05,       324, 0,  8, "noCheck"                         }, /* 323 */
+ {                0x06,       325, 0,  8, "archiveCutoff"                   }, /* 324 */
+ {                0x07,         0, 0,  8, "serviceLocator"                  }, /* 325 */
+ {              0x02,         327, 0,  7, "caIssuers"                       }, /* 326 */
+ {              0x03,         328, 0,  7, "timeStamping"                    }, /* 327 */
+ {              0x05,           0, 0,  7, "caRepository"                    }, /* 328 */
+ {          0x08,               0, 1,  5, "ipsec"                           }, /* 329 */
+ {            0x02,             0, 1,  6, "certificate"                     }, /* 330 */
+ {              0x02,           0, 0,  7, "iKEIntermediate"                 }, /* 331 */
+ {  0x0E,                     338, 1,  1, "oiw"                             }, /* 332 */
+ {    0x03,                     0, 1,  2, "secsig"                          }, /* 333 */
+ {      0x02,                   0, 1,  3, "algorithms"                      }, /* 334 */
+ {        0x07,               336, 0,  4, "des-cbc"                         }, /* 335 */
+ {        0x1A,               337, 0,  4, "sha-1"                           }, /* 336 */
+ {        0x1D,                 0, 0,  4, "sha-1WithRSASignature"           }, /* 337 */
+ {  0x24,                     384, 1,  1, "TeleTrusT"                       }, /* 338 */
+ {    0x03,                     0, 1,  2, "algorithm"                       }, /* 339 */
+ {      0x03,                   0, 1,  3, "signatureAlgorithm"              }, /* 340 */
+ {        0x01,               345, 1,  4, "rsaSignature"                    }, /* 341 */
+ {          0x02,             343, 0,  5, "rsaSigWithripemd160"             }, /* 342 */
+ {          0x03,             344, 0,  5, "rsaSigWithripemd128"             }, /* 343 */
+ {          0x04,               0, 0,  5, "rsaSigWithripemd256"             }, /* 344 */
+ {        0x02,                 0, 1,  4, "ecSign"                          }, /* 345 */
+ {          0x01,             347, 0,  5, "ecSignWithsha1"                  }, /* 346 */
+ {          0x02,             348, 0,  5, "ecSignWithripemd160"             }, /* 347 */
+ {          0x03,             349, 0,  5, "ecSignWithmd2"                   }, /* 348 */
+ {          0x04,             350, 0,  5, "ecSignWithmd5"                   }, /* 349 */
+ {          0x05,             367, 1,  5, "ttt-ecg"                         }, /* 350 */
+ {            0x01,           355, 1,  6, "fieldType"                       }, /* 351 */
+ {              0x01,           0, 1,  7, "characteristictwoField"          }, /* 352 */
+ {                0x01,         0, 1,  8, "basisType"                       }, /* 353 */
+ {                  0x01,       0, 0,  9, "ipBasis"                         }, /* 354 */
+ {            0x02,           357, 1,  6, "keyType"                         }, /* 355 */
+ {              0x01,           0, 0,  7, "ecgPublicKey"                    }, /* 356 */
+ {            0x03,           358, 0,  6, "curve"                           }, /* 357 */
+ {            0x04,           365, 1,  6, "signatures"                      }, /* 358 */
+ {              0x01,         360, 0,  7, "ecgdsa-with-RIPEMD160"           }, /* 359 */
+ {              0x02,         361, 0,  7, "ecgdsa-with-SHA1"                }, /* 360 */
+ {              0x03,         362, 0,  7, "ecgdsa-with-SHA224"              }, /* 361 */
+ {              0x04,         363, 0,  7, "ecgdsa-with-SHA256"              }, /* 362 */
+ {              0x05,         364, 0,  7, "ecgdsa-with-SHA384"              }, /* 363 */
+ {              0x06,           0, 0,  7, "ecgdsa-with-SHA512"              }, /* 364 */
+ {            0x05,             0, 1,  6, "module"                          }, /* 365 */
+ {              0x01,           0, 0,  7, "1"                               }, /* 366 */
+ {          0x08,               0, 1,  5, "ecStdCurvesAndGeneration"        }, /* 367 */
+ {            0x01,             0, 1,  6, "ellipticCurve"                   }, /* 368 */
+ {              0x01,           0, 1,  7, "versionOne"                      }, /* 369 */
+ {                0x01,       371, 0,  8, "brainpoolP160r1"                 }, /* 370 */
+ {                0x02,       372, 0,  8, "brainpoolP160t1"                 }, /* 371 */
+ {                0x03,       373, 0,  8, "brainpoolP192r1"                 }, /* 372 */
+ {                0x04,       374, 0,  8, "brainpoolP192t1"                 }, /* 373 */
+ {                0x05,       375, 0,  8, "brainpoolP224r1"                 }, /* 374 */
+ {                0x06,       376, 0,  8, "brainpoolP224t1"                 }, /* 375 */
+ {                0x07,       377, 0,  8, "brainpoolP256r1"                 }, /* 376 */
+ {                0x08,       378, 0,  8, "brainpoolP256t1"                 }, /* 377 */
+ {                0x09,       379, 0,  8, "brainpoolP320r1"                 }, /* 378 */
+ {                0x0A,       380, 0,  8, "brainpoolP320t1"                 }, /* 379 */
+ {                0x0B,       381, 0,  8, "brainpoolP384r1"                 }, /* 380 */
+ {                0x0C,       382, 0,  8, "brainpoolP384t1"                 }, /* 381 */
+ {                0x0D,       383, 0,  8, "brainpoolP512r1"                 }, /* 382 */
+ {                0x0E,         0, 0,  8, "brainpoolP512t1"                 }, /* 383 */
+ {  0x81,                       0, 1,  1, ""                                }, /* 384 */
+ {    0x04,                     0, 1,  2, "Certicom"                        }, /* 385 */
+ {      0x00,                   0, 1,  3, "curve"                           }, /* 386 */
+ {        0x01,               388, 0,  4, "sect163k1"                       }, /* 387 */
+ {        0x02,               389, 0,  4, "sect163r1"                       }, /* 388 */
+ {        0x03,               390, 0,  4, "sect239k1"                       }, /* 389 */
+ {        0x04,               391, 0,  4, "sect113r1"                       }, /* 390 */
+ {        0x05,               392, 0,  4, "sect113r2"                       }, /* 391 */
+ {        0x06,               393, 0,  4, "secp112r1"                       }, /* 392 */
+ {        0x07,               394, 0,  4, "secp112r2"                       }, /* 393 */
+ {        0x08,               395, 0,  4, "secp160r1"                       }, /* 394 */
+ {        0x09,               396, 0,  4, "secp160k1"                       }, /* 395 */
+ {        0x0A,               397, 0,  4, "secp256k1"                       }, /* 396 */
+ {        0x0F,               398, 0,  4, "sect163r2"                       }, /* 397 */
+ {        0x10,               399, 0,  4, "sect283k1"                       }, /* 398 */
+ {        0x11,               400, 0,  4, "sect283r1"                       }, /* 399 */
+ {        0x16,               401, 0,  4, "sect131r1"                       }, /* 400 */
+ {        0x17,               402, 0,  4, "sect131r2"                       }, /* 401 */
+ {        0x18,               403, 0,  4, "sect193r1"                       }, /* 402 */
+ {        0x19,               404, 0,  4, "sect193r2"                       }, /* 403 */
+ {        0x1A,               405, 0,  4, "sect233k1"                       }, /* 404 */
+ {        0x1B,               406, 0,  4, "sect233r1"                       }, /* 405 */
+ {        0x1C,               407, 0,  4, "secp128r1"                       }, /* 406 */
+ {        0x1D,               408, 0,  4, "secp128r2"                       }, /* 407 */
+ {        0x1E,               409, 0,  4, "secp160r2"                       }, /* 408 */
+ {        0x1F,               410, 0,  4, "secp192k1"                       }, /* 409 */
+ {        0x20,               411, 0,  4, "secp224k1"                       }, /* 410 */
+ {        0x21,               412, 0,  4, "secp224r1"                       }, /* 411 */
+ {        0x22,               413, 0,  4, "secp384r1"                       }, /* 412 */
+ {        0x23,               414, 0,  4, "secp521r1"                       }, /* 413 */
+ {        0x24,               415, 0,  4, "sect409k1"                       }, /* 414 */
+ {        0x25,               416, 0,  4, "sect409r1"                       }, /* 415 */
+ {        0x26,               417, 0,  4, "sect571k1"                       }, /* 416 */
+ {        0x27,                 0, 0,  4, "sect571r1"                       }, /* 417 */
+ {0x60,                       481, 1,  0, ""                                }, /* 418 */
+ {  0x86,                       0, 1,  1, ""                                }, /* 419 */
+ {    0x48,                     0, 1,  2, ""                                }, /* 420 */
+ {      0x01,                   0, 1,  3, "organization"                    }, /* 421 */
+ {        0x65,               457, 1,  4, "gov"                             }, /* 422 */
+ {          0x03,               0, 1,  5, "csor"                            }, /* 423 */
+ {            0x04,             0, 1,  6, "nistalgorithm"                   }, /* 424 */
+ {              0x01,         435, 1,  7, "aes"                             }, /* 425 */
+ {                0x02,       427, 0,  8, "id-aes128-CBC"                   }, /* 426 */
+ {                0x06,       428, 0,  8, "id-aes128-GCM"                   }, /* 427 */
+ {                0x07,       429, 0,  8, "id-aes128-CCM"                   }, /* 428 */
+ {                0x16,       430, 0,  8, "id-aes192-CBC"                   }, /* 429 */
+ {                0x1A,       431, 0,  8, "id-aes192-GCM"                   }, /* 430 */
+ {                0x1B,       432, 0,  8, "id-aes192-CCM"                   }, /* 431 */
+ {                0x2A,       433, 0,  8, "id-aes256-CBC"                   }, /* 432 */
+ {                0x2E,       434, 0,  8, "id-aes256-GCM"                   }, /* 433 */
+ {                0x2F,         0, 0,  8, "id-aes256-CCM"                   }, /* 434 */
+ {              0x02,         448, 1,  7, "hashAlgs"                        }, /* 435 */
+ {                0x01,       437, 0,  8, "id-sha256"                       }, /* 436 */
+ {                0x02,       438, 0,  8, "id-sha384"                       }, /* 437 */
+ {                0x03,       439, 0,  8, "id-sha512"                       }, /* 438 */
+ {                0x04,       440, 0,  8, "id-sha224"                       }, /* 439 */
+ {                0x05,       441, 0,  8, "id-sha512-224"                   }, /* 440 */
+ {                0x06,       442, 0,  8, "id-sha512-256"                   }, /* 441 */
+ {                0x07,       443, 0,  8, "id-sha3-224"                     }, /* 442 */
+ {                0x08,       444, 0,  8, "id-sha3-256"                     }, /* 443 */
+ {                0x09,       445, 0,  8, "id-sha3-384"                     }, /* 444 */
+ {                0x0A,       446, 0,  8, "id-sha3-512"                     }, /* 445 */
+ {                0x0B,       447, 0,  8, "id-shake128"                     }, /* 446 */
+ {                0x0C,         0, 0,  8, "id-shake256"                     }, /* 447 */
+ {              0x03,           0, 1,  7, "sigAlgs"                         }, /* 448 */
+ {                0x09,       450, 0,  8, "id-ecdsa-with-sha3-224"          }, /* 449 */
+ {                0x0A,       451, 0,  8, "id-ecdsa-with-sha3-256"          }, /* 450 */
+ {                0x0B,       452, 0,  8, "id-ecdsa-with-sha3-384"          }, /* 451 */
+ {                0x0C,       453, 0,  8, "id-ecdsa-with-sha3-512"          }, /* 452 */
+ {                0x0D,       454, 0,  8, "id-rsassa-pkcs1v15-with-sha3-224"}, /* 453 */
+ {                0x0E,       455, 0,  8, "id-rsassa-pkcs1v15-with-sha3-256"}, /* 454 */
+ {                0x0F,       456, 0,  8, "id-rsassa-pkcs1v15-with-sha3-384"}, /* 455 */
+ {                0x10,         0, 0,  8, "id-rsassa-pkcs1v15-with-sha3-512"}, /* 456 */
+ {        0x86,                 0, 1,  4, ""                                }, /* 457 */
+ {          0xf8,               0, 1,  5, ""                                }, /* 458 */
+ {            0x42,           471, 1,  6, "netscape"                        }, /* 459 */
+ {              0x01,         466, 1,  7, ""                                }, /* 460 */
+ {                0x01,       462, 0,  8, "nsCertType"                      }, /* 461 */
+ {                0x03,       463, 0,  8, "nsRevocationUrl"                 }, /* 462 */
+ {                0x04,       464, 0,  8, "nsCaRevocationUrl"               }, /* 463 */
+ {                0x08,       465, 0,  8, "nsCaPolicyUrl"                   }, /* 464 */
+ {                0x0d,         0, 0,  8, "nsComment"                       }, /* 465 */
+ {              0x03,         469, 1,  7, "directory"                       }, /* 466 */
+ {                0x01,         0, 1,  8, ""                                }, /* 467 */
+ {                  0x03,       0, 0,  9, "employeeNumber"                  }, /* 468 */
+ {              0x04,           0, 1,  7, "policy"                          }, /* 469 */
+ {                0x01,         0, 0,  8, "nsSGC"                           }, /* 470 */
+ {            0x45,             0, 1,  6, "verisign"                        }, /* 471 */
+ {              0x01,           0, 1,  7, "pki"                             }, /* 472 */
+ {                0x09,         0, 1,  8, "attributes"                      }, /* 473 */
+ {                  0x02,     475, 0,  9, "messageType"                     }, /* 474 */
+ {                  0x03,     476, 0,  9, "pkiStatus"                       }, /* 475 */
+ {                  0x04,     477, 0,  9, "failInfo"                        }, /* 476 */
+ {                  0x05,     478, 0,  9, "senderNonce"                     }, /* 477 */
+ {                  0x06,     479, 0,  9, "recipientNonce"                  }, /* 478 */
+ {                  0x07,     480, 0,  9, "transID"                         }, /* 479 */
+ {                  0x08,       0, 0,  9, "extensionReq"                    }, /* 480 */
+ {0x67,                         0, 1,  0, ""                                }, /* 481 */
+ {  0x81,                       0, 1,  1, ""                                }, /* 482 */
+ {    0x05,                     0, 1,  2, ""                                }, /* 483 */
+ {      0x02,                   0, 1,  3, "tcg-attribute"                   }, /* 484 */
+ {        0x01,               486, 0,  4, "tcg-at-tpmManufacturer"          }, /* 485 */
+ {        0x02,               487, 0,  4, "tcg-at-tpmModel"                 }, /* 486 */
+ {        0x03,               488, 0,  4, "tcg-at-tpmVersion"               }, /* 487 */
+ {        0x0F,                 0, 0,  4, "tcg-at-tpmIdLabel"               }  /* 488 */
 };
diff --git a/src/libstrongswan/asn1/oid.h b/src/libstrongswan/asn1/oid.h
index 042f108..bca2999 100644
--- a/src/libstrongswan/asn1/oid.h
+++ b/src/libstrongswan/asn1/oid.h
@@ -240,22 +240,30 @@ extern const oid_t oid_names[];
 #define OID_SHA3_256						443
 #define OID_SHA3_384						444
 #define OID_SHA3_512						445
-#define OID_NS_REVOCATION_URL				453
-#define OID_NS_CA_REVOCATION_URL			454
-#define OID_NS_CA_POLICY_URL				455
-#define OID_NS_COMMENT						456
-#define OID_EMPLOYEE_NUMBER					459
-#define OID_PKI_MESSAGE_TYPE				465
-#define OID_PKI_STATUS						466
-#define OID_PKI_FAIL_INFO					467
-#define OID_PKI_SENDER_NONCE				468
-#define OID_PKI_RECIPIENT_NONCE				469
-#define OID_PKI_TRANS_ID					470
-#define OID_TPM_MANUFACTURER				476
-#define OID_TPM_MODEL						477
-#define OID_TPM_VERSION						478
-#define OID_TPM_ID_LABEL					479
+#define OID_ECDSA_WITH_SHA3_224				449
+#define OID_ECDSA_WITH_SHA3_256				450
+#define OID_ECDSA_WITH_SHA3_384				451
+#define OID_ECDSA_WITH_SHA3_512				452
+#define OID_RSASSA_PKCS1V15_WITH_SHA3_224	453
+#define OID_RSASSA_PKCS1V15_WITH_SHA3_256	454
+#define OID_RSASSA_PKCS1V15_WITH_SHA3_384	455
+#define OID_RSASSA_PKCS1V15_WITH_SHA3_512	456
+#define OID_NS_REVOCATION_URL				462
+#define OID_NS_CA_REVOCATION_URL			463
+#define OID_NS_CA_POLICY_URL				464
+#define OID_NS_COMMENT						465
+#define OID_EMPLOYEE_NUMBER					468
+#define OID_PKI_MESSAGE_TYPE				474
+#define OID_PKI_STATUS						475
+#define OID_PKI_FAIL_INFO					476
+#define OID_PKI_SENDER_NONCE				477
+#define OID_PKI_RECIPIENT_NONCE				478
+#define OID_PKI_TRANS_ID					479
+#define OID_TPM_MANUFACTURER				485
+#define OID_TPM_MODEL						486
+#define OID_TPM_VERSION						487
+#define OID_TPM_ID_LABEL					488
 
-#define OID_MAX								480
+#define OID_MAX								489
 
 #endif /* OID_H_ */
diff --git a/src/libstrongswan/asn1/oid.txt b/src/libstrongswan/asn1/oid.txt
index eeeb234..761a38a 100644
--- a/src/libstrongswan/asn1/oid.txt
+++ b/src/libstrongswan/asn1/oid.txt
@@ -433,7 +433,7 @@
                 0x2A         "id-aes256-CBC"			OID_AES256_CBC
                 0x2E         "id-aes256-GCM"			OID_AES256_GCM
                 0x2F         "id-aes256-CCM"			OID_AES256_CCM
-              0x02           "hashalgs"
+              0x02           "hashAlgs"
                 0x01         "id-sha256"				OID_SHA256
                 0x02         "id-sha384"				OID_SHA384
                 0x03         "id-sha512"				OID_SHA512
@@ -446,6 +446,15 @@
                 0x0A         "id-sha3-512"				OID_SHA3_512
                 0x0B         "id-shake128"
                 0x0C         "id-shake256"
+              0x03           "sigAlgs"
+                0x09         "id-ecdsa-with-sha3-224"			OID_ECDSA_WITH_SHA3_224
+                0x0A         "id-ecdsa-with-sha3-256"			OID_ECDSA_WITH_SHA3_256
+                0x0B         "id-ecdsa-with-sha3-384"			OID_ECDSA_WITH_SHA3_384
+                0x0C         "id-ecdsa-with-sha3-512"			OID_ECDSA_WITH_SHA3_512
+                0x0D         "id-rsassa-pkcs1v15-with-sha3-224"	OID_RSASSA_PKCS1V15_WITH_SHA3_224
+                0x0E         "id-rsassa-pkcs1v15-with-sha3-256"	OID_RSASSA_PKCS1V15_WITH_SHA3_256
+                0x0F         "id-rsassa-pkcs1v15-with-sha3-384"	OID_RSASSA_PKCS1V15_WITH_SHA3_384
+                0x10         "id-rsassa-pkcs1v15-with-sha3-512"	OID_RSASSA_PKCS1V15_WITH_SHA3_512
         0x86                 ""
           0xf8               ""
             0x42             "netscape"
diff --git a/src/libstrongswan/credentials/auth_cfg.c b/src/libstrongswan/credentials/auth_cfg.c
index 956ce08..3ec9491 100644
--- a/src/libstrongswan/credentials/auth_cfg.c
+++ b/src/libstrongswan/credentials/auth_cfg.c
@@ -1,7 +1,8 @@
 /*
  * Copyright (C) 2008-2016 Tobias Brunner
  * Copyright (C) 2007-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2016 Andreas Steffeb
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -548,10 +549,10 @@ METHOD(auth_cfg_t, add_pubkey_constraints, void,
 		} schemes[] = {
 			{ "md5",		SIGN_RSA_EMSA_PKCS1_MD5,		KEY_RSA,	},
 			{ "sha1",		SIGN_RSA_EMSA_PKCS1_SHA1,		KEY_RSA,	},
-			{ "sha224",		SIGN_RSA_EMSA_PKCS1_SHA224,		KEY_RSA,	},
-			{ "sha256",		SIGN_RSA_EMSA_PKCS1_SHA256,		KEY_RSA,	},
-			{ "sha384",		SIGN_RSA_EMSA_PKCS1_SHA384,		KEY_RSA,	},
-			{ "sha512",		SIGN_RSA_EMSA_PKCS1_SHA512,		KEY_RSA,	},
+			{ "sha224",		SIGN_RSA_EMSA_PKCS1_SHA2_224,	KEY_RSA,	},
+			{ "sha256",		SIGN_RSA_EMSA_PKCS1_SHA2_256,	KEY_RSA,	},
+			{ "sha384",		SIGN_RSA_EMSA_PKCS1_SHA2_384,	KEY_RSA,	},
+			{ "sha512",		SIGN_RSA_EMSA_PKCS1_SHA2_512,	KEY_RSA,	},
 			{ "sha1",		SIGN_ECDSA_WITH_SHA1_DER,		KEY_ECDSA,	},
 			{ "sha256",		SIGN_ECDSA_WITH_SHA256_DER,		KEY_ECDSA,	},
 			{ "sha384",		SIGN_ECDSA_WITH_SHA384_DER,		KEY_ECDSA,	},
diff --git a/src/libstrongswan/credentials/keys/public_key.c b/src/libstrongswan/credentials/keys/public_key.c
index d6f211a..03f93b1 100644
--- a/src/libstrongswan/credentials/keys/public_key.c
+++ b/src/libstrongswan/credentials/keys/public_key.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2015 Tobias Brunner
  * Copyright (C) 2007 Martin Willi
- * Copyright (C) 2014-2015 Andreas Steffen
+ * Copyright (C) 2014-2016 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -32,10 +32,14 @@ ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_BLISS_WITH_SHA3_512,
 	"RSA_EMSA_PKCS1_NULL",
 	"RSA_EMSA_PKCS1_MD5",
 	"RSA_EMSA_PKCS1_SHA1",
-	"RSA_EMSA_PKCS1_SHA224",
-	"RSA_EMSA_PKCS1_SHA256",
-	"RSA_EMSA_PKCS1_SHA384",
-	"RSA_EMSA_PKCS1_SHA512",
+	"RSA_EMSA_PKCS1_SHA2_224",
+	"RSA_EMSA_PKCS1_SHA2_256",
+	"RSA_EMSA_PKCS1_SHA2_384",
+	"RSA_EMSA_PKCS1_SHA2_512",
+	"RSA_EMSA_PKCS1_SHA3_224",
+	"RSA_EMSA_PKCS1_SHA3_256",
+	"RSA_EMSA_PKCS1_SHA3_384",
+	"RSA_EMSA_PKCS1_SHA3_512",
 	"ECDSA_WITH_SHA1_DER",
 	"ECDSA_WITH_SHA256_DER",
 	"ECDSA_WITH_SHA384_DER",
@@ -120,16 +124,24 @@ signature_scheme_t signature_scheme_from_oid(int oid)
 			return SIGN_RSA_EMSA_PKCS1_SHA1;
 		case OID_SHA224_WITH_RSA:
 		case OID_SHA224:
-			return SIGN_RSA_EMSA_PKCS1_SHA224;
+			return SIGN_RSA_EMSA_PKCS1_SHA2_224;
 		case OID_SHA256_WITH_RSA:
 		case OID_SHA256:
-			return SIGN_RSA_EMSA_PKCS1_SHA256;
+			return SIGN_RSA_EMSA_PKCS1_SHA2_256;
 		case OID_SHA384_WITH_RSA:
 		case OID_SHA384:
-			return SIGN_RSA_EMSA_PKCS1_SHA384;
+			return SIGN_RSA_EMSA_PKCS1_SHA2_384;
 		case OID_SHA512_WITH_RSA:
 		case OID_SHA512:
-			return SIGN_RSA_EMSA_PKCS1_SHA512;
+			return SIGN_RSA_EMSA_PKCS1_SHA2_512;
+		case OID_RSASSA_PKCS1V15_WITH_SHA3_224:
+			return SIGN_RSA_EMSA_PKCS1_SHA3_224;
+		case OID_RSASSA_PKCS1V15_WITH_SHA3_256:
+			return SIGN_RSA_EMSA_PKCS1_SHA3_256;
+		case OID_RSASSA_PKCS1V15_WITH_SHA3_384:
+			return SIGN_RSA_EMSA_PKCS1_SHA3_384;
+		case OID_RSASSA_PKCS1V15_WITH_SHA3_512:
+			return SIGN_RSA_EMSA_PKCS1_SHA3_512;
 		case OID_ECDSA_WITH_SHA1:
 		case OID_EC_PUBLICKEY:
 			return SIGN_ECDSA_WITH_SHA1_DER;
@@ -174,14 +186,22 @@ int signature_scheme_to_oid(signature_scheme_t scheme)
 			return OID_MD5_WITH_RSA;
 		case SIGN_RSA_EMSA_PKCS1_SHA1:
 			return OID_SHA1_WITH_RSA;
-		case SIGN_RSA_EMSA_PKCS1_SHA224:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_224:
 			return OID_SHA224_WITH_RSA;
-		case SIGN_RSA_EMSA_PKCS1_SHA256:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_256:
 			return OID_SHA256_WITH_RSA;
-		case SIGN_RSA_EMSA_PKCS1_SHA384:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_384:
 			return OID_SHA384_WITH_RSA;
-		case SIGN_RSA_EMSA_PKCS1_SHA512:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_512:
 			return OID_SHA512_WITH_RSA;
+		case SIGN_RSA_EMSA_PKCS1_SHA3_224:
+			return OID_RSASSA_PKCS1V15_WITH_SHA3_224;
+		case SIGN_RSA_EMSA_PKCS1_SHA3_256:
+			return OID_RSASSA_PKCS1V15_WITH_SHA3_256;
+		case SIGN_RSA_EMSA_PKCS1_SHA3_384:
+			return OID_RSASSA_PKCS1V15_WITH_SHA3_384;
+		case SIGN_RSA_EMSA_PKCS1_SHA3_512:
+			return OID_RSASSA_PKCS1V15_WITH_SHA3_384;
 		case SIGN_ECDSA_WITH_SHA1_DER:
 			return OID_ECDSA_WITH_SHA1;
 		case SIGN_ECDSA_WITH_SHA256_DER:
@@ -216,9 +236,9 @@ static struct {
 	key_type_t type;
 	int max_keysize;
 } scheme_map[] = {
-	{ SIGN_RSA_EMSA_PKCS1_SHA256, KEY_RSA,   3072 },
-	{ SIGN_RSA_EMSA_PKCS1_SHA384, KEY_RSA,   7680 },
-	{ SIGN_RSA_EMSA_PKCS1_SHA512, KEY_RSA,   0 },
+	{ SIGN_RSA_EMSA_PKCS1_SHA2_256, KEY_RSA, 3072 },
+	{ SIGN_RSA_EMSA_PKCS1_SHA2_384, KEY_RSA, 7680 },
+	{ SIGN_RSA_EMSA_PKCS1_SHA2_512, KEY_RSA, 0 },
 	{ SIGN_ECDSA_WITH_SHA256_DER, KEY_ECDSA, 256 },
 	{ SIGN_ECDSA_WITH_SHA384_DER, KEY_ECDSA, 384 },
 	{ SIGN_ECDSA_WITH_SHA512_DER, KEY_ECDSA, 0 },
@@ -285,10 +305,14 @@ key_type_t key_type_from_signature_scheme(signature_scheme_t scheme)
 		case SIGN_RSA_EMSA_PKCS1_NULL:
 		case SIGN_RSA_EMSA_PKCS1_MD5:
 		case SIGN_RSA_EMSA_PKCS1_SHA1:
-		case SIGN_RSA_EMSA_PKCS1_SHA224:
-		case SIGN_RSA_EMSA_PKCS1_SHA256:
-		case SIGN_RSA_EMSA_PKCS1_SHA384:
-		case SIGN_RSA_EMSA_PKCS1_SHA512:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_224:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_256:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_384:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_512:
+		case SIGN_RSA_EMSA_PKCS1_SHA3_224:
+		case SIGN_RSA_EMSA_PKCS1_SHA3_256:
+		case SIGN_RSA_EMSA_PKCS1_SHA3_384:
+		case SIGN_RSA_EMSA_PKCS1_SHA3_512:
 			return KEY_RSA;
 		case SIGN_ECDSA_WITH_SHA1_DER:
 		case SIGN_ECDSA_WITH_SHA256_DER:
diff --git a/src/libstrongswan/credentials/keys/public_key.h b/src/libstrongswan/credentials/keys/public_key.h
index ce48f9b..2361282 100644
--- a/src/libstrongswan/credentials/keys/public_key.h
+++ b/src/libstrongswan/credentials/keys/public_key.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2015 Tobias Brunner
  * Copyright (C) 2007 Martin Willi
- * Copyright (C) 2014-2015 Andreas Steffen
+ * Copyright (C) 2014-2016 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -70,14 +70,22 @@ enum signature_scheme_t {
 	SIGN_RSA_EMSA_PKCS1_MD5,
 	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-1     */
 	SIGN_RSA_EMSA_PKCS1_SHA1,
-	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-224   */
-	SIGN_RSA_EMSA_PKCS1_SHA224,
-	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-256   */
-	SIGN_RSA_EMSA_PKCS1_SHA256,
-	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-384   */
-	SIGN_RSA_EMSA_PKCS1_SHA384,
-	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-512   */
-	SIGN_RSA_EMSA_PKCS1_SHA512,
+	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_224 */
+	SIGN_RSA_EMSA_PKCS1_SHA2_224,
+	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_256 */
+	SIGN_RSA_EMSA_PKCS1_SHA2_256,
+	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_384 */
+	SIGN_RSA_EMSA_PKCS1_SHA2_384,
+	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-2_512 */
+	SIGN_RSA_EMSA_PKCS1_SHA2_512,
+	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_224 */
+	SIGN_RSA_EMSA_PKCS1_SHA3_224,
+	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_256 */
+	SIGN_RSA_EMSA_PKCS1_SHA3_256,
+	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_384 */
+	SIGN_RSA_EMSA_PKCS1_SHA3_384,
+	/** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-3_512 */
+	SIGN_RSA_EMSA_PKCS1_SHA3_512,
 	/** ECDSA with SHA-1 using DER encoding as in RFC 3279             */
 	SIGN_ECDSA_WITH_SHA1_DER,
 	/** ECDSA with SHA-256 using DER encoding as in RFC 3279           */
diff --git a/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c b/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c
index c6b8d0c..8393d5b 100644
--- a/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c
+++ b/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c
@@ -108,7 +108,7 @@ static bool fetch_cert(wrapper_enumerator_t *enumerator,
 	}
 	*value = cert;
 	enumerator->auth->replace(enumerator->auth, enumerator->inner,
-							  *rule, cert->get_ref(cert));
+							  *rule, cert);
 	return TRUE;
 }
 
diff --git a/src/libstrongswan/credentials/sets/mem_cred.c b/src/libstrongswan/credentials/sets/mem_cred.c
index 988e709..0f8bff2 100644
--- a/src/libstrongswan/credentials/sets/mem_cred.c
+++ b/src/libstrongswan/credentials/sets/mem_cred.c
@@ -1,6 +1,7 @@
 /*
- * Copyright (C) 2010-2015 Tobias Brunner
- * Hochschule fuer Technik Rapperwsil
+ * Copyright (C) 2010-2016 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperwsil
+ *
  * Copyright (C) 2010 Martin Willi
  * Copyright (C) 2010 revosec AG
  *
@@ -223,6 +224,7 @@ METHOD(mem_cred_t, add_crl, bool,
 	{
 		if (current->get_type(current) == CERT_X509_CRL)
 		{
+			chunk_t base;
 			bool found = FALSE;
 			crl_t *crl_c = (crl_t*)current;
 			chunk_t authkey = crl->get_authKeyIdentifier(crl);
@@ -246,17 +248,37 @@ METHOD(mem_cred_t, add_crl, bool,
 			}
 			if (found)
 			{
-				new = crl_is_newer(crl, crl_c);
-				if (new)
+				/* we keep at most one delta CRL for each base CRL */
+				if (crl->is_delta_crl(crl, &base))
 				{
-					this->untrusted->remove_at(this->untrusted, enumerator);
-					current->destroy(current);
+					if (!crl_c->is_delta_crl(crl_c, NULL))
+					{
+						if (chunk_equals(base, crl_c->get_serial(crl_c)))
+						{	/* keep the added delta and the existing base CRL
+							 * but check if this is the newest delta CRL for
+							 * the same base */
+							continue;
+						}
+					}
 				}
-				else
+				else if (crl_c->is_delta_crl(crl_c, &base))
+				{
+					if (chunk_equals(base, crl->get_serial(crl)))
+					{	/* keep the existing delta and the added base CRL,
+						 * but check if we don't store it already */
+						continue;
+					}
+				}
+				new = crl_is_newer(crl, crl_c);
+				if (!new)
 				{
 					cert->destroy(cert);
+					break;
 				}
-				break;
+				/* we remove the existing older CRL but there might be other
+				 * delta or base CRLs we can replace */
+				this->untrusted->remove_at(this->untrusted, enumerator);
+				current->destroy(current);
 			}
 		}
 	}
diff --git a/src/libstrongswan/crypto/crypto_factory.c b/src/libstrongswan/crypto/crypto_factory.c
index 35dcf25..bab59a0 100644
--- a/src/libstrongswan/crypto/crypto_factory.c
+++ b/src/libstrongswan/crypto/crypto_factory.c
@@ -1,7 +1,8 @@
 /*
  * Copyright (C) 2013-2014 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -51,6 +52,7 @@ struct entry_t {
 		signer_constructor_t create_signer;
 		hasher_constructor_t create_hasher;
 		prf_constructor_t create_prf;
+		xof_constructor_t create_xof;
 		rng_constructor_t create_rng;
 		nonce_gen_constructor_t create_nonce_gen;
 		dh_constructor_t create_dh;
@@ -96,6 +98,11 @@ struct private_crypto_factory_t {
 	linked_list_t *prfs;
 
 	/**
+	 * registered xofs, as entry_t
+	 */
+	linked_list_t *xofs;
+
+	/**
 	 * registered rngs, as entry_t
 	 */
 	linked_list_t *rngs;
@@ -303,6 +310,38 @@ METHOD(crypto_factory_t, create_prf, prf_t*,
 	return prf;
 }
 
+METHOD(crypto_factory_t, create_xof, xof_t*,
+	private_crypto_factory_t *this, ext_out_function_t algo)
+{
+	enumerator_t *enumerator;
+	entry_t *entry;
+	xof_t *xof = NULL;
+
+	this->lock->read_lock(this->lock);
+	enumerator = this->xofs->create_enumerator(this->xofs);
+	while (enumerator->enumerate(enumerator, &entry))
+	{
+		if (entry->algo == algo)
+		{
+			if (this->test_on_create &&
+				!this->tester->test_xof(this->tester, algo,
+										entry->create_xof, NULL,
+										default_plugin_name))
+			{
+				continue;
+			}
+			xof = entry->create_xof(algo);
+			if (xof)
+			{
+				break;
+			}
+		}
+	}
+	enumerator->destroy(enumerator);
+	this->lock->unlock(this->lock);
+	return xof;
+}
+
 METHOD(crypto_factory_t, create_rng, rng_t*,
 	private_crypto_factory_t *this, rng_quality_t quality)
 {
@@ -633,6 +672,43 @@ METHOD(crypto_factory_t, remove_prf, void,
 	this->lock->unlock(this->lock);
 }
 
+METHOD(crypto_factory_t, add_xof, bool,
+	private_crypto_factory_t *this, ext_out_function_t algo,
+	const char *plugin_name, xof_constructor_t create)
+{
+	u_int speed = 0;
+
+	if (!this->test_on_add ||
+		this->tester->test_xof(this->tester, algo, create,
+							   this->bench ? &speed : NULL, plugin_name))
+	{
+		add_entry(this, this->xofs, algo, plugin_name, speed, create);
+		return TRUE;
+	}
+	this->test_failures++;
+	return FALSE;
+}
+
+METHOD(crypto_factory_t, remove_xof, void,
+	private_crypto_factory_t *this, xof_constructor_t create)
+{
+	entry_t *entry;
+	enumerator_t *enumerator;
+
+	this->lock->write_lock(this->lock);
+	enumerator = this->xofs->create_enumerator(this->xofs);
+	while (enumerator->enumerate(enumerator, &entry))
+	{
+		if (entry->create_xof == create)
+		{
+			this->xofs->remove_at(this->xofs, enumerator);
+			free(entry);
+		}
+	}
+	enumerator->destroy(enumerator);
+	this->lock->unlock(this->lock);
+}
+
 METHOD(crypto_factory_t, add_rng, bool,
 	private_crypto_factory_t *this, rng_quality_t quality,
 	const char *plugin_name, rng_constructor_t create)
@@ -846,6 +922,23 @@ METHOD(crypto_factory_t, create_prf_enumerator, enumerator_t*,
 }
 
 /**
+ * Filter function to enumerate algorithm, not entry
+ */
+static bool xof_filter(void *n, entry_t **entry, ext_out_function_t *algo,
+					   void *i2, const char **plugin_name)
+{
+	*algo = (*entry)->algo;
+	*plugin_name = (*entry)->plugin_name;
+	return TRUE;
+}
+
+METHOD(crypto_factory_t, create_xof_enumerator, enumerator_t*,
+	private_crypto_factory_t *this)
+{
+	return create_enumerator(this, this->xofs, xof_filter);
+}
+
+/**
  * Filter function to enumerate group, not entry
  */
 static bool dh_filter(void *n, entry_t **entry, diffie_hellman_group_t *group,
@@ -909,6 +1002,8 @@ METHOD(crypto_factory_t, add_test_vector, void,
 			return this->tester->add_hasher_vector(this->tester, vector);
 		case PSEUDO_RANDOM_FUNCTION:
 			return this->tester->add_prf_vector(this->tester, vector);
+		case EXTENDED_OUTPUT_FUNCTION:
+			return this->tester->add_xof_vector(this->tester, vector);
 		case RANDOM_NUMBER_GENERATOR:
 			return this->tester->add_rng_vector(this->tester, vector);
 		case DIFFIE_HELLMAN_GROUP:
@@ -961,6 +1056,10 @@ METHOD(enumerator_t, verify_enumerate, bool,
 			*valid = this->tester->test_prf(this->tester, entry->algo,
 							entry->create_prf, NULL, entry->plugin_name);
 			break;
+		case EXTENDED_OUTPUT_FUNCTION:
+			*valid = this->tester->test_xof(this->tester, entry->algo,
+							entry->create_xof, NULL, entry->plugin_name);
+			break;
 		case RANDOM_NUMBER_GENERATOR:
 			*valid = this->tester->test_rng(this->tester, entry->algo,
 							entry->create_rng, NULL, entry->plugin_name);
@@ -1009,6 +1108,9 @@ METHOD(crypto_factory_t, create_verify_enumerator, enumerator_t*,
 		case PSEUDO_RANDOM_FUNCTION:
 			inner = this->prfs->create_enumerator(this->prfs);
 			break;
+		case EXTENDED_OUTPUT_FUNCTION:
+			inner = this->xofs->create_enumerator(this->xofs);
+			break;
 		case RANDOM_NUMBER_GENERATOR:
 			inner = this->rngs->create_enumerator(this->rngs);
 			break;
@@ -1040,6 +1142,7 @@ METHOD(crypto_factory_t, destroy, void,
 	this->signers->destroy(this->signers);
 	this->hashers->destroy(this->hashers);
 	this->prfs->destroy(this->prfs);
+	this->xofs->destroy(this->xofs);
 	this->rngs->destroy(this->rngs);
 	this->nonce_gens->destroy(this->nonce_gens);
 	this->dhs->destroy(this->dhs);
@@ -1062,6 +1165,7 @@ crypto_factory_t *crypto_factory_create()
 			.create_signer = _create_signer,
 			.create_hasher = _create_hasher,
 			.create_prf = _create_prf,
+			.create_xof = _create_xof,
 			.create_rng = _create_rng,
 			.create_nonce_gen = _create_nonce_gen,
 			.create_dh = _create_dh,
@@ -1075,6 +1179,8 @@ crypto_factory_t *crypto_factory_create()
 			.remove_hasher = _remove_hasher,
 			.add_prf = _add_prf,
 			.remove_prf = _remove_prf,
+			.add_xof = _add_xof,
+			.remove_xof = _remove_xof,
 			.add_rng = _add_rng,
 			.remove_rng = _remove_rng,
 			.add_nonce_gen = _add_nonce_gen,
@@ -1086,6 +1192,7 @@ crypto_factory_t *crypto_factory_create()
 			.create_signer_enumerator = _create_signer_enumerator,
 			.create_hasher_enumerator = _create_hasher_enumerator,
 			.create_prf_enumerator = _create_prf_enumerator,
+			.create_xof_enumerator = _create_xof_enumerator,
 			.create_dh_enumerator = _create_dh_enumerator,
 			.create_rng_enumerator = _create_rng_enumerator,
 			.create_nonce_gen_enumerator = _create_nonce_gen_enumerator,
@@ -1098,6 +1205,7 @@ crypto_factory_t *crypto_factory_create()
 		.signers = linked_list_create(),
 		.hashers = linked_list_create(),
 		.prfs = linked_list_create(),
+		.xofs = linked_list_create(),
 		.rngs = linked_list_create(),
 		.nonce_gens = linked_list_create(),
 		.dhs = linked_list_create(),
diff --git a/src/libstrongswan/crypto/crypto_factory.h b/src/libstrongswan/crypto/crypto_factory.h
index e039156..4f61ba1 100644
--- a/src/libstrongswan/crypto/crypto_factory.h
+++ b/src/libstrongswan/crypto/crypto_factory.h
@@ -1,6 +1,7 @@
 /*
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -31,6 +32,7 @@ typedef struct crypto_factory_t crypto_factory_t;
 #include <crypto/hashers/hasher.h>
 #include <crypto/prfs/prf.h>
 #include <crypto/rngs/rng.h>
+#include <crypto/xofs/xof.h>
 #include <crypto/nonce_gen.h>
 #include <crypto/diffie_hellman.h>
 #include <crypto/transform.h>
@@ -63,6 +65,11 @@ typedef hasher_t* (*hasher_constructor_t)(hash_algorithm_t algo);
 typedef prf_t* (*prf_constructor_t)(pseudo_random_function_t algo);
 
 /**
+ * Constructor function for pseudo random functions
+ */
+typedef xof_t* (*xof_constructor_t)(ext_out_function_t algo);
+
+/**
  * Constructor function for source of randomness
  */
 typedef rng_t* (*rng_constructor_t)(rng_quality_t quality);
@@ -133,6 +140,14 @@ struct crypto_factory_t {
 	prf_t* (*create_prf)(crypto_factory_t *this, pseudo_random_function_t algo);
 
 	/**
+	 * Create an extended output function instance.
+	 *
+	 * @param algo			XOF algorithm to use
+	 * @return				xof_t instance, NULL if not supported
+	 */
+	xof_t* (*create_xof)(crypto_factory_t *this, ext_out_function_t algo);
+
+	/**
 	 * Create a source of randomness.
 	 *
 	 * @param quality		required randomness quality
@@ -253,6 +268,24 @@ struct crypto_factory_t {
 	void (*remove_prf)(crypto_factory_t *this, prf_constructor_t create);
 
 	/**
+	 * Register an xof constructor.
+	 *
+	 * @param algo			algorithm to constructor
+	 * @param plugin_name	plugin that registered this algorithm
+	 * @param create		constructor function for that algorithm
+	 * @return				TRUE if registered, FALSE if test vector failed
+	 */
+	bool (*add_xof)(crypto_factory_t *this, ext_out_function_t algo,
+					const char *plugin_name, xof_constructor_t create);
+
+	/**
+	 * Unregister an xof constructor.
+	 *
+	 * @param create		constructor function to unregister
+	 */
+	void (*remove_xof)(crypto_factory_t *this, xof_constructor_t create);
+
+	/**
 	 * Register a source of randomness.
 	 *
 	 * @param quality		quality of randomness this RNG serves
@@ -342,6 +375,13 @@ struct crypto_factory_t {
 	enumerator_t* (*create_prf_enumerator)(crypto_factory_t *this);
 
 	/**
+	 * Create an enumerator over all registered XOFs.
+	 *
+	 * @return				enumerator over ext_out_function_t, plugin
+	 */
+	enumerator_t* (*create_xof_enumerator)(crypto_factory_t *this);
+
+	/**
 	 * Create an enumerator over all registered diffie hellman groups.
 	 *
 	 * @return				enumerator over diffie_hellman_group_t, plugin
diff --git a/src/libstrongswan/crypto/crypto_tester.c b/src/libstrongswan/crypto/crypto_tester.c
index 5607d35..e86e7ae 100644
--- a/src/libstrongswan/crypto/crypto_tester.c
+++ b/src/libstrongswan/crypto/crypto_tester.c
@@ -63,6 +63,11 @@ struct private_crypto_tester_t {
 	linked_list_t *prf;
 
 	/**
+	 * List of XOF test vectors
+	 */
+	linked_list_t *xof;
+
+	/**
 	 * List of RNG test vectors
 	 */
 	linked_list_t *rng;
@@ -1035,6 +1040,146 @@ failure:
 }
 
 /**
+ * Benchmark an XOF
+ */
+static u_int bench_xof(private_crypto_tester_t *this,
+					   ext_out_function_t alg, xof_constructor_t create)
+{
+	xof_t *xof;
+
+	xof = create(alg);
+	if (xof)
+	{
+		char seed[xof->get_seed_size(xof)];
+		char bytes[xof->get_block_size(xof)];
+		struct timespec start;
+		u_int runs;
+
+		memset(seed, 0x56, xof->get_seed_size(xof));
+		if (!xof->set_seed(xof, chunk_create(seed, xof->get_seed_size(xof))))
+		{
+			xof->destroy(xof);
+			return 0;
+		}
+
+		runs = 0;
+		start_timing(&start);
+		while (end_timing(&start) < this->bench_time)
+		{
+			if (xof->get_bytes(xof, xof->get_block_size(xof), bytes))
+			{
+				runs++;
+			}
+		}
+		xof->destroy(xof);
+
+		return runs;
+	}
+	return 0;
+}
+
+METHOD(crypto_tester_t, test_xof, bool,
+	private_crypto_tester_t *this, ext_out_function_t alg,
+	xof_constructor_t create, u_int *speed, const char *plugin_name)
+{
+	enumerator_t *enumerator;
+	xof_test_vector_t *vector;
+	bool failed = FALSE;
+	u_int tested = 0;
+
+	enumerator = this->xof->create_enumerator(this->xof);
+	while (enumerator->enumerate(enumerator, &vector))
+	{
+		xof_t *xof;
+		chunk_t seed, out = chunk_empty;
+
+		if (vector->alg != alg)
+		{
+			continue;
+		}
+
+		tested++;
+		failed = TRUE;
+		xof = create(alg);
+		if (!xof)
+		{
+			DBG1(DBG_LIB, "disabled %N[%s]: creating instance failed",
+				 ext_out_function_names, alg, plugin_name);
+			break;
+		}
+
+		seed = chunk_create(vector->seed, vector->len);
+		if (!xof->set_seed(xof, seed))
+		{
+			goto failure;
+		}
+		/* allocated bytes */
+		if (!xof->allocate_bytes(xof, vector->out_len, &out))
+		{
+			goto failure;
+		}
+		if (out.len != vector->out_len)
+		{
+			goto failure;
+		}
+		if (!memeq(vector->out, out.ptr, out.len))
+		{
+			goto failure;
+		}
+		/* bytes to existing buffer */
+		memset(out.ptr, 0, out.len);
+		if (!xof->set_seed(xof, seed))
+		{
+			goto failure;
+		}
+		if (!xof->get_bytes(xof, vector->out_len, out.ptr))
+		{
+			goto failure;
+		}
+		if (!memeq(vector->out, out.ptr, vector->out_len))
+		{
+			goto failure;
+		}
+		/* bytes to existing buffer, using append mode */
+		/* TODO */
+
+		failed = FALSE;
+failure:
+		xof->destroy(xof);
+		chunk_free(&out);
+		if (failed)
+		{
+			DBG1(DBG_LIB, "disabled %N[%s]: %s test vector failed",
+				 ext_out_function_names, alg, plugin_name, get_name(vector));
+			break;
+		}
+	}
+	enumerator->destroy(enumerator);
+	if (!tested)
+	{
+		DBG1(DBG_LIB, "%s %N[%s]: no test vectors found",
+			 this->required ? "disabled" : "enabled ",
+			 ext_out_function_names, alg, plugin_name);
+		return !this->required;
+	}
+	if (!failed)
+	{
+		if (speed)
+		{
+			*speed = bench_xof(this, alg, create);
+			DBG1(DBG_LIB, "enabled  %N[%s]: passed %u test vectors, %d points",
+				 ext_out_function_names, alg, plugin_name, tested, *speed);
+		}
+		else
+		{
+			DBG1(DBG_LIB, "enabled  %N[%s]: passed %u test vectors",
+				 ext_out_function_names, alg, plugin_name, tested);
+		}
+	}
+	return !failed;
+}
+
+/**
  * Benchmark a RNG
  */
 static u_int bench_rng(private_crypto_tester_t *this,
@@ -1338,6 +1483,12 @@ METHOD(crypto_tester_t, add_prf_vector, void,
 	this->prf->insert_last(this->prf, vector);
 }
 
+METHOD(crypto_tester_t, add_xof_vector, void,
+	private_crypto_tester_t *this, xof_test_vector_t *vector)
+{
+	this->xof->insert_last(this->xof, vector);
+}
+
 METHOD(crypto_tester_t, add_rng_vector, void,
 	private_crypto_tester_t *this, rng_test_vector_t *vector)
 {
@@ -1358,6 +1509,7 @@ METHOD(crypto_tester_t, destroy, void,
 	this->signer->destroy(this->signer);
 	this->hasher->destroy(this->hasher);
 	this->prf->destroy(this->prf);
+	this->xof->destroy(this->xof);
 	this->rng->destroy(this->rng);
 	this->dh->destroy(this->dh);
 	free(this);
@@ -1377,6 +1529,7 @@ crypto_tester_t *crypto_tester_create()
 			.test_signer = _test_signer,
 			.test_hasher = _test_hasher,
 			.test_prf = _test_prf,
+			.test_xof = _test_xof,
 			.test_rng = _test_rng,
 			.test_dh = _test_dh,
 			.add_crypter_vector = _add_crypter_vector,
@@ -1384,6 +1537,7 @@ crypto_tester_t *crypto_tester_create()
 			.add_signer_vector = _add_signer_vector,
 			.add_hasher_vector = _add_hasher_vector,
 			.add_prf_vector = _add_prf_vector,
+			.add_xof_vector = _add_xof_vector,
 			.add_rng_vector = _add_rng_vector,
 			.add_dh_vector = _add_dh_vector,
 			.destroy = _destroy,
@@ -1393,6 +1547,7 @@ crypto_tester_t *crypto_tester_create()
 		.signer = linked_list_create(),
 		.hasher = linked_list_create(),
 		.prf = linked_list_create(),
+		.xof = linked_list_create(),
 		.rng = linked_list_create(),
 		.dh = linked_list_create(),
 
diff --git a/src/libstrongswan/crypto/crypto_tester.h b/src/libstrongswan/crypto/crypto_tester.h
index 6cc9b0d..34dfa94 100644
--- a/src/libstrongswan/crypto/crypto_tester.h
+++ b/src/libstrongswan/crypto/crypto_tester.h
@@ -30,6 +30,7 @@ typedef struct aead_test_vector_t aead_test_vector_t;
 typedef struct signer_test_vector_t signer_test_vector_t;
 typedef struct hasher_test_vector_t hasher_test_vector_t;
 typedef struct prf_test_vector_t prf_test_vector_t;
+typedef struct xof_test_vector_t xof_test_vector_t;
 typedef struct rng_test_vector_t rng_test_vector_t;
 typedef struct dh_test_vector_t dh_test_vector_t;
 
@@ -114,6 +115,19 @@ struct prf_test_vector_t {
 	u_char *out;
 };
 
+struct xof_test_vector_t {
+	/** xof algorithm this test vector tests */
+	ext_out_function_t alg;
+	/** size of the seed data */
+	size_t len;
+	/** seed data */
+	u_char *seed;
+	/** size of the output */
+	size_t out_len;
+	/** expected output of size*/
+	u_char *out;
+};
+
 /**
  * Test vector for a RNG.
  *
@@ -217,6 +231,17 @@ struct crypto_tester_t {
 					 prf_constructor_t create,
 					 u_int *speed, const char *plugin_name);
 	/**
+	 * Test an XOF algorithm.
+	 *
+	 * @param alg			algorithm to test
+	 * @param create		constructor function for the XOF
+	 * @param speed			speed test result, NULL to omit
+	 * @return				TRUE if test passed
+	 */
+	bool (*test_xof)(crypto_tester_t *this, ext_out_function_t alg,
+					 xof_constructor_t create,
+					 u_int *speed, const char *plugin_name);
+	/**
 	 * Test a RNG implementation.
 	 *
 	 * @param alg			algorithm to test
@@ -275,6 +300,13 @@ struct crypto_tester_t {
 	void (*add_prf_vector)(crypto_tester_t *this, prf_test_vector_t *vector);
 
 	/**
+	 * Add a test vector to test an XOF.
+	 *
+	 * @param vector		pointer to test vector
+	 */
+	void (*add_xof_vector)(crypto_tester_t *this, xof_test_vector_t *vector);
+
+	/**
 	 * Add a test vector to test a RNG.
 	 *
 	 * @param vector		pointer to test vector
diff --git a/src/libstrongswan/crypto/diffie_hellman.c b/src/libstrongswan/crypto/diffie_hellman.c
index 0d4cd91..6dcb6cb 100644
--- a/src/libstrongswan/crypto/diffie_hellman.c
+++ b/src/libstrongswan/crypto/diffie_hellman.c
@@ -49,7 +49,9 @@ ENUM_NEXT(diffie_hellman_group_names, NTRU_112_BIT, NTRU_256_BIT, MODP_NULL,
 	"NTRU_128",
 	"NTRU_192",
 	"NTRU_256");
-ENUM_NEXT(diffie_hellman_group_names, MODP_CUSTOM, MODP_CUSTOM, NTRU_256_BIT,
+ENUM_NEXT(diffie_hellman_group_names, NH_128_BIT, NH_128_BIT, NTRU_256_BIT,
+	"NEWHOPE_128");
+ENUM_NEXT(diffie_hellman_group_names, MODP_CUSTOM, MODP_CUSTOM, NH_128_BIT,
 	"MODP_CUSTOM");
 ENUM_END(diffie_hellman_group_names, MODP_CUSTOM);
 
@@ -554,6 +556,7 @@ bool diffie_hellman_verify_value(diffie_hellman_group_t group, chunk_t value)
 		case NTRU_128_BIT:
 		case NTRU_192_BIT:
 		case NTRU_256_BIT:
+		case NH_128_BIT:
 			/* verification currently not supported, do in plugin */
 			valid = FALSE;
 			break;
diff --git a/src/libstrongswan/crypto/diffie_hellman.h b/src/libstrongswan/crypto/diffie_hellman.h
index abebd66..f457153 100644
--- a/src/libstrongswan/crypto/diffie_hellman.h
+++ b/src/libstrongswan/crypto/diffie_hellman.h
@@ -68,6 +68,7 @@ enum diffie_hellman_group_t {
 	NTRU_128_BIT = 1031,
 	NTRU_192_BIT = 1032,
 	NTRU_256_BIT = 1033,
+	NH_128_BIT   = 1040,
 	/** internally used DH group with additional parameters g and p, outside
 	 * of PRIVATE USE (i.e. IKEv2 DH group range) so it can't be negotiated */
 	MODP_CUSTOM = 65536,
diff --git a/src/libstrongswan/crypto/hashers/hasher.c b/src/libstrongswan/crypto/hashers/hasher.c
index e220593..d136799 100644
--- a/src/libstrongswan/crypto/hashers/hasher.c
+++ b/src/libstrongswan/crypto/hashers/hasher.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012-2015 Tobias Brunner
- * Copyright (C) 2015 Andreas Steffen
+ * Copyright (C) 2015-2016 Andreas Steffen
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
  * HSR Hochschule fuer Technik Rapperswil
@@ -83,12 +83,16 @@ hash_algorithm_t hasher_algorithm_from_oid(int oid)
 		case OID_SHA512_WITH_RSA:
 			return HASH_SHA512;
 		case OID_SHA3_224:
+		case OID_RSASSA_PKCS1V15_WITH_SHA3_224:
 			return HASH_SHA3_224;
 		case OID_SHA3_256:
+		case OID_RSASSA_PKCS1V15_WITH_SHA3_256:
 			return HASH_SHA3_256;
 		case OID_SHA3_384:
+		case OID_RSASSA_PKCS1V15_WITH_SHA3_384:
 			return HASH_SHA3_384;
 		case OID_SHA3_512:
+		case OID_RSASSA_PKCS1V15_WITH_SHA3_512:
 			return HASH_SHA3_512;
 		default:
 			return HASH_UNKNOWN;
@@ -367,6 +371,14 @@ int hasher_signature_algorithm_to_oid(hash_algorithm_t alg, key_type_t key)
 					return OID_SHA384_WITH_RSA;
 				case HASH_SHA512:
 					return OID_SHA512_WITH_RSA;
+				case HASH_SHA3_224:
+					return OID_RSASSA_PKCS1V15_WITH_SHA3_224;
+				case HASH_SHA3_256:
+					return OID_RSASSA_PKCS1V15_WITH_SHA3_256;
+				case HASH_SHA3_384:
+					return OID_RSASSA_PKCS1V15_WITH_SHA3_384;
+				case HASH_SHA3_512:
+					return OID_RSASSA_PKCS1V15_WITH_SHA3_512;
 				default:
 					return OID_UNKNOWN;
 			}
@@ -423,27 +435,32 @@ hash_algorithm_t hasher_from_signature_scheme(signature_scheme_t scheme)
 		case SIGN_RSA_EMSA_PKCS1_SHA1:
 		case SIGN_ECDSA_WITH_SHA1_DER:
 			return HASH_SHA1;
-		case SIGN_RSA_EMSA_PKCS1_SHA224:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_224:
 			return HASH_SHA224;
-		case SIGN_RSA_EMSA_PKCS1_SHA256:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_256:
 		case SIGN_ECDSA_WITH_SHA256_DER:
 		case SIGN_ECDSA_256:
 		case SIGN_BLISS_WITH_SHA2_256:
 			return HASH_SHA256;
-		case SIGN_RSA_EMSA_PKCS1_SHA384:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_384:
 		case SIGN_ECDSA_WITH_SHA384_DER:
 		case SIGN_ECDSA_384:
 		case SIGN_BLISS_WITH_SHA2_384:
 			return HASH_SHA384;
-		case SIGN_RSA_EMSA_PKCS1_SHA512:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_512:
 		case SIGN_ECDSA_WITH_SHA512_DER:
 		case SIGN_ECDSA_521:
 		case SIGN_BLISS_WITH_SHA2_512:
 			return HASH_SHA512;
+		case SIGN_RSA_EMSA_PKCS1_SHA3_224:
+			return HASH_SHA3_224;
+		case SIGN_RSA_EMSA_PKCS1_SHA3_256:
 		case SIGN_BLISS_WITH_SHA3_256:
 			return HASH_SHA3_256;
+		case SIGN_RSA_EMSA_PKCS1_SHA3_384:
 		case SIGN_BLISS_WITH_SHA3_384:
 			return HASH_SHA3_384;
+		case SIGN_RSA_EMSA_PKCS1_SHA3_512:
 		case SIGN_BLISS_WITH_SHA3_512:
 			return HASH_SHA3_512;
 	}
diff --git a/src/libstrongswan/crypto/mgf1/mgf1.c b/src/libstrongswan/crypto/mgf1/mgf1.c
deleted file mode 100644
index 5116dfe..0000000
--- a/src/libstrongswan/crypto/mgf1/mgf1.c
+++ /dev/null
@@ -1,180 +0,0 @@
-/*
- * Copyright (C) 2013-2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include "mgf1.h"
-
-#include "crypto/hashers/hasher.h"
-#include "utils/debug.h"
-#include "utils/test.h"
-
-typedef struct private_mgf1_t private_mgf1_t;
-
-/**
- * Private data of an mgf1_t object.
- */
-struct private_mgf1_t {
-
-	/**
-	 * Public mgf1_t interface.
-	 */
-	mgf1_t public;
-
-	/**
-	 * Hasher the MGF1 Mask Generation Function is based on
-	 */
-	hasher_t *hasher;
-
-	/**
-	 * Counter
-	 */
-	uint32_t counter;
-
-	/**
-	 * Set if counter has reached 2^32
-	 */
-	bool overflow;
-
-	/**
-	 * Current state to be hashed
-	 */
-	chunk_t state;
-
-	/**
-	 * Position of the 4 octet counter string
-	 */
-	u_char *ctr_str;
-
-};
-
-METHOD(mgf1_t, get_hash_size, size_t,
-	private_mgf1_t *this)
-{
-	return this->hasher->get_hash_size(this->hasher);
-}
-
-METHOD(mgf1_t, get_mask, bool,
-	private_mgf1_t *this, size_t mask_len, u_char *mask)
-{
-	u_char buf[HASH_SIZE_SHA512];
-	size_t hash_len;
-
-	hash_len = this->hasher->get_hash_size(this->hasher);
-
-	while (mask_len > 0)
-	{
-		/* detect overflow, set counter string and increment counter */
-		if (this->overflow)
-		{
-			return FALSE;
-		}
-		htoun32(this->ctr_str, this->counter++);
-		if (this->counter == 0)
-		{
-			this->overflow = TRUE;
-		}
-
-		/* get the next or final mask block from the hash function */
-		if (!this->hasher->get_hash(this->hasher, this->state,
-								   (mask_len < hash_len) ? buf : mask))
-		{
-			return FALSE;
-		}
-		if (mask_len < hash_len)
-		{
-			memcpy(mask, buf, mask_len);
-			return TRUE;
-		}
-		mask_len -= hash_len;
-		mask += hash_len;
-	}
-	return TRUE;
-}
-
-METHOD(mgf1_t, allocate_mask, bool,
-	private_mgf1_t *this, size_t mask_len, chunk_t *mask)
-{
-	if (mask_len == 0)
-	{
-		*mask = chunk_empty;
-		return TRUE;
-	}
-	*mask = chunk_alloc(mask_len);
-
-	return get_mask(this, mask_len, mask->ptr);
-}
-
-METHOD(mgf1_t, destroy, void,
-	private_mgf1_t *this)
-{
-	this->hasher->destroy(this->hasher);
-	chunk_clear(&this->state);
-	free(this);
-}
-
-/*
- * Described in header.
- */
-mgf1_t *mgf1_create(hash_algorithm_t alg, chunk_t seed,
-							  bool hash_seed)
-{
-	private_mgf1_t *this;
-	hasher_t *hasher;
-	size_t state_len;
-
-	if (seed.len == 0)
-	{
-		DBG1(DBG_LIB, "empty seed for MGF1");
-		return NULL;
-	}
-
-	hasher = lib->crypto->create_hasher(lib->crypto, alg);
-	if (!hasher)
-	{
-		DBG1(DBG_LIB, "failed to create %N hasher for MGF1",
-			 hash_algorithm_names, alg);
-		return NULL;
-	}
-	state_len = (hash_seed ? hasher->get_hash_size(hasher) : seed.len) + 4;
-	
-	INIT(this,
-		.public = {
-			.get_hash_size = _get_hash_size,
-			.allocate_mask = _allocate_mask,
-			.get_mask = _get_mask,
-			.destroy = _destroy,
-		},
-		.hasher = hasher,
-		.state = chunk_alloc(state_len),
-	);
-
-	/* determine position of the 4 octet counter string */
-	this->ctr_str = this->state.ptr + state_len - 4;
-
-	if (hash_seed)
-	{
-		if (!hasher->get_hash(hasher, seed, this->state.ptr))
-		{
-			DBG1(DBG_LIB, "failed to hash seed for MGF1");
-			destroy(this);
-			return NULL;
-		}
-	}
-	else
-	{
-		memcpy(this->state.ptr, seed.ptr, seed.len);
-	}
-
-	return &this->public;
-}
diff --git a/src/libstrongswan/crypto/mgf1/mgf1.h b/src/libstrongswan/crypto/mgf1/mgf1.h
deleted file mode 100644
index 592d315..0000000
--- a/src/libstrongswan/crypto/mgf1/mgf1.h
+++ /dev/null
@@ -1,77 +0,0 @@
-/*
- * Copyright (C) 2013-2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup mgf1 mgf1
- * @{ @ingroup crypto
- */
-
-#ifndef MGF1_H_
-#define MGF1_H_
-
-typedef struct mgf1_t mgf1_t;
-
-#include <library.h>
-
-/**
- * Implements the PKCS#1 MGF1 Mask Generation Function based on a hash function
- * defined in section 10.2.1 of RFC 2437
- */
-struct mgf1_t {
-
-	/**
-	 * Get the hash size of the underlying hash function
-	 *
-	 * @return			hash size in bytes
-	 */
-	size_t (*get_hash_size)(mgf1_t *this);
-
-	/**
-	 * Generate a mask pattern and copy it to an output buffer
-	 * If the maximum number of requests has been reached, reseeding occurs
-	 *
-	 * @param mask_len	number of mask bytes to generate
-	 * @param mask		output buffer of minimum size mask_len
-	 * @return			TRUE if successful
-	 */
-	bool (*get_mask)(mgf1_t *this, size_t mask_len, u_char *mask);
-
-	/**
-	 * Generate a mask pattern and return it in an allocated chunk
-	 *
-	 * @param mask_len	number of mask bytes to generate
-	 * @param mask		chunk containing generated mask
-	 * @return			TRUE if successful
-	 */
-	bool (*allocate_mask)(mgf1_t *this, size_t mask_len, chunk_t *mask);
-
-	/**
-	 * Destroy the MGF1 object
-	 */
-	void (*destroy)(mgf1_t *this);
-};
-
-/**
- * Create an MGF1 object
- *
- * @param alg			hash algorithm to be used by MGF1
- * @param seed			seed used by MGF1 to generate mask from
- * @param hash_seed		hash seed before using it as a seed for MGF1
- */
-mgf1_t *mgf1_create(hash_algorithm_t alg, chunk_t seed,
-							  bool hash_seed);
-
-#endif /** MGF1_H_ @}*/
-
diff --git a/src/libstrongswan/crypto/mgf1/mgf1_bitspender.c b/src/libstrongswan/crypto/mgf1/mgf1_bitspender.c
deleted file mode 100644
index ef0a2bd..0000000
--- a/src/libstrongswan/crypto/mgf1/mgf1_bitspender.c
+++ /dev/null
@@ -1,208 +0,0 @@
-/*
- * Copyright (C) 2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include "mgf1_bitspender.h"
-
-#include <crypto/mgf1/mgf1.h>
-
-typedef struct private_mgf1_bitspender_t private_mgf1_bitspender_t;
-
-/**
- * Private data structure for mgf1_bitspender_t object
- */
-struct private_mgf1_bitspender_t {
-	/**
-	 * Public interface.
-	 */
-	mgf1_bitspender_t public;
-
-	/**
-	 * MGF1 bit mask generator
-	 */
-	mgf1_t *mgf1;
-
-	/**
-	 * Octet storage (accommodates up to 64 octets)
-	 */
-	uint8_t octets[HASH_SIZE_SHA512];
-
-	/**
-	 * Length of the returned hash value in octets
-	 */
-	int hash_len;
-
-	/**
-	 * Number of generated octets
-	 */
-	int octets_count;
-
-	/**
-	 * Number of available octets
-	 */
-	int octets_left;
-
-	/**
-	 * Bit storage (accommodates up to 32 bits)
-	 */
-	uint32_t bits;
-
-	/**
-	 * Number of available bits
-	 */
-	int bits_left;
-
-	/**
-	 * Byte storage (accommodates up to 4 bytes)
-	 */
-	uint8_t bytes[4];
-
-	/**
-	 * Number of available bytes
-	 */
-	int bytes_left;
-
-};
-
-METHOD(mgf1_bitspender_t, get_bits, bool,
-	private_mgf1_bitspender_t *this, int bits_needed, uint32_t *bits)
-{
-	int bits_now;
-
-	*bits = 0x00000000;
-
-	if (bits_needed == 0)
-	{
-		/* trivial */
-		return TRUE;
-	}
-	if (bits_needed > 32)
-	{
-		/* too many bits requested */
-		return FALSE;
-	}
-
-	while (bits_needed)
-	{
-		if (this->bits_left == 0)
-		{
-			if (this->octets_left == 0)
-			{
-				/* get another block from MGF1 */
-				if (!this->mgf1->get_mask(this->mgf1, this->hash_len,
-													  this->octets))
-				{
-					/* no block available */
-					return FALSE;
-				}
-				this->octets_left = this->hash_len;
-				this->octets_count += this->hash_len;
-			}
-			this->bits = untoh32(this->octets + this->hash_len -
-												this->octets_left);
-			this->bits_left = 32;
-			this->octets_left -= 4;
-		}
-		if (bits_needed > this->bits_left)
-		{
-			bits_now = this->bits_left;
-			this->bits_left = 0;
-			bits_needed -= bits_now;
-		}
-		else
-		{
-			bits_now = bits_needed;
-			this->bits_left -= bits_needed;
-			bits_needed = 0;
-		}
-		if (bits_now == 32)
-		{
-			*bits = this->bits;
-		}
-		else
-		{
-			*bits <<= bits_now;
-			*bits |= this->bits >> this->bits_left;
-			if (this->bits_left)
-			{
-				this->bits &= 0xffffffff >> (32 - this->bits_left);
-			}
-		}
-	}
-	return TRUE;
-}
-
-METHOD(mgf1_bitspender_t, get_byte, bool,
-	private_mgf1_bitspender_t *this, uint8_t *byte)
-{
-	if (this->bytes_left == 0)
-	{
-		if (this->octets_left == 0)
-		{
-			/* get another block from MGF1 */
-			if (!this->mgf1->get_mask(this->mgf1, this->hash_len, this->octets))
-			{
-				/* no block available */
-				return FALSE;
-			}
-			this->octets_left = this->hash_len;
-			this->octets_count += this->hash_len;
-		}
-		memcpy(this->bytes, this->octets + this->hash_len -	this->octets_left, 4);
-		this->bytes_left = 4;
-		this->octets_left -= 4;
-	}
-	*byte = this->bytes[4 - this->bytes_left--];
-
-	return TRUE;
-}
-
-METHOD(mgf1_bitspender_t, destroy, void,
-	private_mgf1_bitspender_t *this)
-{
-	DBG2(DBG_LIB, "mgf1 generated %u octets", this->octets_count);
-	memwipe(this->octets, sizeof(this->octets));
-	this->mgf1->destroy(this->mgf1);
-	free(this);
-}
-
-/**
- * See header.
- */
-mgf1_bitspender_t *mgf1_bitspender_create(hash_algorithm_t alg, chunk_t seed,
-										  bool hash_seed)
-{
-	private_mgf1_bitspender_t *this;
-	mgf1_t *mgf1;
-
-	mgf1 = mgf1_create(alg, seed, hash_seed);
-	if (!mgf1)
-	{
-	    return NULL;
-	}
-	DBG2(DBG_LIB, "mgf1 based on %N is seeded with %u octets",
-				   hash_algorithm_short_names, alg, seed.len);
-
-	INIT(this,
-		.public = {
-			.get_bits = _get_bits,
-			.get_byte = _get_byte,
-			.destroy = _destroy,
-		},
-		.mgf1 = mgf1,
-		.hash_len = mgf1->get_hash_size(mgf1),
-	);
-
-	return &this->public;
-}
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.c b/src/libstrongswan/crypto/proposal/proposal_keywords.c
index 282d40e..cd4e576 100644
--- a/src/libstrongswan/crypto/proposal/proposal_keywords.c
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords.c
@@ -154,7 +154,7 @@ METHOD(proposal_keywords_t, register_algname_parser, void,
 	private_proposal_keywords_t *this, proposal_algname_parser_t parser)
 {
 	this->lock->write_lock(this->lock);
-	this->tokens->insert_first(this->parsers, parser);
+	this->parsers->insert_first(this->parsers, parser);
 	this->lock->unlock(this->lock);
 }
 
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.c b/src/libstrongswan/crypto/proposal/proposal_keywords_static.c
index ba4c895..b058ad2 100644
--- a/src/libstrongswan/crypto/proposal/proposal_keywords_static.c
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.c
@@ -59,12 +59,12 @@ struct proposal_token {
 	uint16_t          keysize;
 };
 
-#define TOTAL_KEYWORDS 140
+#define TOTAL_KEYWORDS 141
 #define MIN_WORD_LENGTH 3
 #define MAX_WORD_LENGTH 17
-#define MIN_HASH_VALUE 11
-#define MAX_HASH_VALUE 266
-/* maximum key range = 256, duplicates = 0 */
+#define MIN_HASH_VALUE 7
+#define MAX_HASH_VALUE 282
+/* maximum key range = 276, duplicates = 0 */
 
 #ifdef __GNUC__
 __inline
@@ -80,32 +80,32 @@ hash (str, len)
 {
   static const unsigned short asso_values[] =
     {
-      267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
-      267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
-      267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
-      267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
-      267, 267, 267, 267, 267, 267, 267, 267,  71,   4,
-       20,   6,  48,  32,  10,  30,   5,   3, 267, 267,
-      267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
-      267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
-      267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
-      267, 267, 267, 267, 267,  97, 267,   4,   8,  18,
-       56, 107, 107,  78,  10,   4, 267, 267,   3,   5,
-        7,   4,  30,  92, 104,   3,  32, 145, 267, 267,
-        3, 267, 267, 267, 267, 267, 267, 267, 267, 267,
-      267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
-      267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
-      267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
-      267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
-      267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
-      267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
-      267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
-      267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
-      267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
-      267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
-      267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
-      267, 267, 267, 267, 267, 267, 267, 267, 267, 267,
-      267, 267, 267, 267, 267, 267, 267
+      283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+      283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+      283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+      283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+      283, 283, 283, 283, 283, 283, 283, 283,  75,   2,
+       16,  16,  30,  26,   8,  35,   3,   1, 283, 283,
+      283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+      283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+      283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+      283, 283, 283, 283, 283,  29, 283,  10,   2,  16,
+       46,   1,  23,  78,   4,   4, 283, 283,   1,   9,
+        5,   2, 124, 117,  77, 106,  85,  27, 283, 283,
+        1, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+      283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+      283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+      283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+      283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+      283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+      283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+      283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+      283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+      283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+      283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+      283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+      283, 283, 283, 283, 283, 283, 283, 283, 283, 283,
+      283, 283, 283, 283, 283, 283, 283
     };
   register int hval = len;
 
@@ -145,23 +145,20 @@ hash (str, len)
 static const struct proposal_token wordlist[] =
   {
     {"null",             ENCRYPTION_ALGORITHM, ENCR_NULL,                 0},
-    {"aes",              ENCRYPTION_ALGORITHM, ENCR_AES_CBC,            128},
     {"noesn",            EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS,   0},
-    {"sha",              INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA1_96,         0},
-    {"sha1",             INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA1_96,         0},
-    {"md5",              INTEGRITY_ALGORITHM,  AUTH_HMAC_MD5_96,          0},
+    {"modpnone",         DIFFIE_HELLMAN_GROUP, MODP_NONE,                 0},
     {"aes128",           ENCRYPTION_ALGORITHM, ENCR_AES_CBC,            128},
+    {"esn",              EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS,      0},
     {"ntru128",          DIFFIE_HELLMAN_GROUP, NTRU_128_BIT,              0},
+    {"md5",              INTEGRITY_ALGORITHM,  AUTH_HMAC_MD5_96,          0},
     {"modp8192",         DIFFIE_HELLMAN_GROUP, MODP_8192_BIT,             0},
     {"md5_128",          INTEGRITY_ALGORITHM,  AUTH_HMAC_MD5_128,         0},
-    {"3des",             ENCRYPTION_ALGORITHM, ENCR_3DES,                 0},
     {"aes192",           ENCRYPTION_ALGORITHM, ENCR_AES_CBC,            192},
     {"ntru192",          DIFFIE_HELLMAN_GROUP, NTRU_192_BIT,              0},
     {"ntru112",          DIFFIE_HELLMAN_GROUP, NTRU_112_BIT,              0},
-    {"aescmac",          INTEGRITY_ALGORITHM,  AUTH_AES_CMAC_96,          0},
-    {"modp768",          DIFFIE_HELLMAN_GROUP, MODP_768_BIT,              0},
+    {"modpnull",         DIFFIE_HELLMAN_GROUP, MODP_NULL,                 0},
+    {"ecp521",           DIFFIE_HELLMAN_GROUP, ECP_521_BIT,               0},
     {"aes256",           ENCRYPTION_ALGORITHM, ENCR_AES_CBC,            256},
-    {"modp1536",         DIFFIE_HELLMAN_GROUP, MODP_1536_BIT,             0},
     {"aes192ccm8",       ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8,       192},
     {"aes192ccm128",     ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16,      192},
     {"aes128ccm8",       ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8,       128},
@@ -171,14 +168,17 @@ static const struct proposal_token wordlist[] =
     {"aes128ccm96",      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12,      128},
     {"aes128ccm16",      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16,      128},
     {"aesxcbc",          INTEGRITY_ALGORITHM,  AUTH_AES_XCBC_96,          0},
-    {"camellia",         ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC,       128},
-    {"sha512",           INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_512_256,    0},
-    {"ntru256",          DIFFIE_HELLMAN_GROUP, NTRU_256_BIT,              0},
+    {"aescmac",          INTEGRITY_ALGORITHM,  AUTH_AES_CMAC_96,          0},
+    {"modp768",          DIFFIE_HELLMAN_GROUP, MODP_768_BIT,              0},
+    {"ecp192",           DIFFIE_HELLMAN_GROUP, ECP_192_BIT,               0},
     {"aes192ccm12",      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12,      192},
+    {"modp1536",         DIFFIE_HELLMAN_GROUP, MODP_1536_BIT,             0},
     {"aes128ccm12",      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12,      128},
+    {"ntru256",          DIFFIE_HELLMAN_GROUP, NTRU_256_BIT,              0},
     {"aes256ccm8",       ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8,       256},
     {"aes256ccm128",     ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16,      256},
-    {"sha256",           INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_256_128,    0},
+    {"camellia",         ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC,       128},
+    {"ecp256",           DIFFIE_HELLMAN_GROUP, ECP_256_BIT,               0},
     {"aes256ccm96",      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12,      256},
     {"aes256ccm16",      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16,      256},
     {"camellia192ccm8",  ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8,  192},
@@ -187,26 +187,32 @@ static const struct proposal_token wordlist[] =
     {"camellia192ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 192},
     {"camellia192ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 192},
     {"camellia192",      ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC,       192},
-    {"camellia128",      ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC,       128},
     {"aes256ccm12",      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12,      256},
+    {"camellia128",      ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC,       128},
+    {"modp6144",         DIFFIE_HELLMAN_GROUP, MODP_6144_BIT,             0},
+    {"aes192ccm64",      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8,       192},
+    {"aes128ccm64",      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8,       128},
     {"camellia192ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 192},
     {"camellia128ccm8",  ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8,  128},
     {"camellia128ccm128",ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 128},
-    {"des",              ENCRYPTION_ALGORITHM, ENCR_DES,                  0},
-    {"camelliaxcbc",     INTEGRITY_ALGORITHM,  AUTH_CAMELLIA_XCBC_96,     0},
+    {"sha1",             INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA1_96,         0},
+    {"ecp384",           DIFFIE_HELLMAN_GROUP, ECP_384_BIT,               0},
     {"camellia128ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 128},
     {"camellia128ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 128},
-    {"esn",              EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS,      0},
-    {"aes192ccm64",      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8,       192},
+    {"camelliaxcbc",     INTEGRITY_ALGORITHM,  AUTH_CAMELLIA_XCBC_96,     0},
     {"camellia256",      ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC,       256},
-    {"aes128ccm64",      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8,       128},
-    {"prfsha1",          PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA1,           0},
+    {"sha",              INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA1_96,         0},
     {"camellia256ccm8",  ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8,  256},
     {"camellia256ccm128",ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 256},
-    {"modp6144",         DIFFIE_HELLMAN_GROUP, MODP_6144_BIT,             0},
+    {"aes256ccm64",      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8,       256},
     {"camellia128ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 128},
     {"camellia256ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256},
     {"camellia256ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 256},
+    {"ecp224",           DIFFIE_HELLMAN_GROUP, ECP_224_BIT,               0},
+    {"camellia192ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8,  192},
+    {"des",              ENCRYPTION_ALGORITHM, ENCR_DES,                  0},
+    {"aes",              ENCRYPTION_ALGORITHM, ENCR_AES_CBC,            128},
+    {"camellia256ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256},
     {"aes192gcm8",       ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8,       192},
     {"aes192gcm128",     ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16,      192},
     {"aes128gcm8",       ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8,       128},
@@ -215,106 +221,103 @@ static const struct proposal_token wordlist[] =
     {"aes192gcm16",      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16,      192},
     {"aes128gcm96",      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12,      128},
     {"aes128gcm16",      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16,      128},
-    {"aes256ccm64",      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8,       256},
-    {"camellia256ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256},
-    {"sha384",           INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_384_192,    0},
-    {"modpnone",         DIFFIE_HELLMAN_GROUP, MODP_NONE,                 0},
-    {"ecp521",           DIFFIE_HELLMAN_GROUP, ECP_521_BIT,               0},
-    {"modp3072",         DIFFIE_HELLMAN_GROUP, MODP_3072_BIT,             0},
-    {"camellia192ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8,  192},
+    {"aes192ctr",        ENCRYPTION_ALGORITHM, ENCR_AES_CTR,            192},
+    {"camellia128ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8,  128},
+    {"aes128ctr",        ENCRYPTION_ALGORITHM, ENCR_AES_CTR,            128},
+    {"sha512",           INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_512_256,    0},
     {"aes192gcm12",      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12,      192},
-    {"prfsha256",        PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_256,       0},
-    {"aes128gcm12",      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12,      128},
     {"modp4096",         DIFFIE_HELLMAN_GROUP, MODP_4096_BIT,             0},
+    {"aes128gcm12",      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12,      128},
     {"aes256gcm8",       ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8,       256},
     {"aes256gcm128",     ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16,      256},
-    {"blowfish",         ENCRYPTION_ALGORITHM, ENCR_BLOWFISH,           128},
+    {"camellia256ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8,  256},
+    {"sha256",           INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_256_128,    0},
     {"aes256gcm96",      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12,      256},
     {"aes256gcm16",      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16,      256},
-    {"aes192gmac",       ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 192},
-    {"ecp192",           DIFFIE_HELLMAN_GROUP, ECP_192_BIT,               0},
-    {"aes128gmac",       ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 128},
     {"modp1024",         DIFFIE_HELLMAN_GROUP, MODP_1024_BIT,             0},
     {"modp2048",         DIFFIE_HELLMAN_GROUP, MODP_2048_BIT,             0},
-    {"camellia128ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8,  128},
-    {"aes192ctr",        ENCRYPTION_ALGORITHM, ENCR_AES_CTR,            192},
+    {"aes256ctr",        ENCRYPTION_ALGORITHM, ENCR_AES_CTR,            256},
+    {"aes192gmac",       ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 192},
+    {"3des",             ENCRYPTION_ALGORITHM, ENCR_3DES,                 0},
+    {"aes128gmac",       ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 128},
+    {"prfsha1",          PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA1,           0},
     {"aes256gcm12",      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12,      256},
-    {"aes128ctr",        ENCRYPTION_ALGORITHM, ENCR_AES_CTR,            128},
-    {"ecp256",           DIFFIE_HELLMAN_GROUP, ECP_256_BIT,               0},
-    {"blowfish192",      ENCRYPTION_ALGORITHM, ENCR_BLOWFISH,           192},
-    {"prfsha512",        PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_512,       0},
-    {"blowfish128",      ENCRYPTION_ALGORITHM, ENCR_BLOWFISH,           128},
-    {"prfsha384",        PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_384,       0},
-    {"camellia256ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8,  256},
-    {"modpnull",         DIFFIE_HELLMAN_GROUP, MODP_NULL,                 0},
-    {"aes256gmac",       ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 256},
-    {"ecp512bp",         DIFFIE_HELLMAN_GROUP, ECP_512_BP,                0},
+    {"camellia192ctr",   ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR,       192},
+    {"newhope128",       DIFFIE_HELLMAN_GROUP, NH_128_BIT,                0},
     {"aes192gcm64",      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8,       192},
-    {"twofish",          ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC,        128},
     {"aes128gcm64",      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8,       128},
-    {"aes256ctr",        ENCRYPTION_ALGORITHM, ENCR_AES_CTR,            256},
+    {"twofish",          ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC,        128},
+    {"sha384",           INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_384_192,    0},
+    {"modp3072",         DIFFIE_HELLMAN_GROUP, MODP_3072_BIT,             0},
+    {"aes256gmac",       ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 256},
     {"twofish128",       ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC,        128},
-    {"blowfish256",      ENCRYPTION_ALGORITHM, ENCR_BLOWFISH,           256},
-    {"camellia192ctr",   ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR,       192},
+    {"camellia128ctr",   ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR,       128},
+    {"blowfish",         ENCRYPTION_ALGORITHM, ENCR_BLOWFISH,           128},
     {"modp2048s256",     DIFFIE_HELLMAN_GROUP, MODP_2048_256,             0},
-    {"modp1024s160",     DIFFIE_HELLMAN_GROUP, MODP_1024_160,             0},
+    {"aes256gcm64",      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8,       256},
+    {"prfsha256",        PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_256,       0},
     {"sha256_96",        INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_256_96,     0},
-    {"twofish256",       ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC,        256},
     {"sha2_512",         INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_512_256,    0},
-    {"ecp256bp",         DIFFIE_HELLMAN_GROUP, ECP_256_BP,                0},
+    {"twofish256",       ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC,        256},
+    {"camellia256ctr",   ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR,       256},
     {"sha2_384",         INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_384_192,    0},
-    {"aes256gcm64",      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8,       256},
-    {"serpent128",       ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC,        128},
     {"sha2_256",         INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_256_128,    0},
-    {"camellia128ctr",   ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR,       128},
+    {"ecp512bp",         DIFFIE_HELLMAN_GROUP, ECP_512_BP,                0},
     {"sha2_256_96",      INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_256_96,     0},
-    {"ecp384bp",         DIFFIE_HELLMAN_GROUP, ECP_384_BP,                0},
-    {"serpent256",       ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC,        256},
+    {"blowfish192",      ENCRYPTION_ALGORITHM, ENCR_BLOWFISH,           192},
+    {"blowfish128",      ENCRYPTION_ALGORITHM, ENCR_BLOWFISH,           128},
+    {"prfsha512",        PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_512,       0},
     {"twofish192",       ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC,        192},
+    {"modp2048s224",     DIFFIE_HELLMAN_GROUP, MODP_2048_224,             0},
+    {"prfsha384",        PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_384,       0},
+    {"modp1024s160",     DIFFIE_HELLMAN_GROUP, MODP_1024_160,             0},
+    {"prfcamelliaxcbc",  PSEUDO_RANDOM_FUNCTION, PRF_CAMELLIA128_XCBC,    0},
+    {"ecp384bp",         DIFFIE_HELLMAN_GROUP, ECP_384_BP,                0},
+    {"ecp256bp",         DIFFIE_HELLMAN_GROUP, ECP_256_BP,                0},
+    {"serpent128",       ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC,        128},
+    {"blowfish256",      ENCRYPTION_ALGORITHM, ENCR_BLOWFISH,           256},
     {"chacha20poly1305", ENCRYPTION_ALGORITHM, ENCR_CHACHA20_POLY1305,  256},
-    {"ecp384",           DIFFIE_HELLMAN_GROUP, ECP_384_BIT,               0},
-    {"camellia256ctr",   ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR,       256},
-    {"serpent",          ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC,        128},
-    {"prfmd5",           PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5,            0},
+    {"serpent256",       ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC,        256},
     {"ecp224bp",         DIFFIE_HELLMAN_GROUP, ECP_224_BP,                0},
     {"sha1_160",         INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA1_160,        0},
-    {"modp2048s224",     DIFFIE_HELLMAN_GROUP, MODP_2048_224,             0},
     {"serpent192",       ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC,        192},
-    {"ecp224",           DIFFIE_HELLMAN_GROUP, ECP_224_BIT,               0},
+    {"prfmd5",           PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5,            0},
     {"prfaesxcbc",       PSEUDO_RANDOM_FUNCTION, PRF_AES128_XCBC,         0},
-    {"prfcamelliaxcbc",  PSEUDO_RANDOM_FUNCTION, PRF_CAMELLIA128_XCBC,    0},
+    {"serpent",          ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC,        128},
     {"prfaescmac",       PSEUDO_RANDOM_FUNCTION, PRF_AES128_CMAC,         0}
   };
 
 static const short lookup[] =
   {
+     -1,  -1,  -1,  -1,  -1,  -1,  -1,   0,  -1,  -1,
+     -1,  -1,  -1,  -1,  -1,  -1,  -1,   1,  -1,  -1,
+     -1,  -1,  -1,  -1,  -1,  -1,   2,  -1,  -1,  -1,
+      3,   4,  -1,   5,   6,   7,   8,  -1,  -1,  -1,
+     -1,   9,  -1,  -1,  10,  11,  -1,  12,  -1,  13,
+     14,  15,  16,  17,  18,  19,  20,  21,  22,  23,
+     24,  25,  26,  -1,  27,  28,  29,  30,  31,  32,
+     33,  34,  35,  36,  37,  38,  -1,  39,  40,  41,
+     42,  43,  44,  45,  46,  -1,  47,  48,  -1,  49,
+     50,  51,  52,  53,  54,  -1,  55,  56,  57,  58,
+     59,  60,  61,  62,  63,  64,  -1,  65,  -1,  -1,
+     66,  67,  68,  69,  70,  71,  72,  73,  74,  75,
+     76,  77,  78,  79,  -1,  80,  81,  82,  83,  -1,
+     84,  85,  86,  87,  88,  89,  90,  91,  92,  93,
+     94,  95,  96,  97,  98,  99, 100,  -1, 101,  -1,
+     -1,  -1, 102,  -1, 103, 104, 105, 106,  -1, 107,
+     -1, 108, 109, 110, 111, 112, 113, 114,  -1, 115,
+     -1, 116, 117,  -1,  -1, 118, 119, 120,  -1, 121,
+     -1,  -1, 122, 123, 124,  -1, 125, 126, 127,  -1,
+    128, 129, 130,  -1, 131, 132,  -1,  -1,  -1,  -1,
+     -1,  -1, 133, 134,  -1,  -1,  -1, 135,  -1,  -1,
+     -1,  -1,  -1,  -1,  -1,  -1,  -1,  -1, 136,  -1,
+     -1, 137,  -1,  -1,  -1,  -1,  -1,  -1,  -1,  -1,
      -1,  -1,  -1,  -1,  -1,  -1,  -1,  -1,  -1,  -1,
-     -1,   0,  -1,  -1,   1,  -1,  -1,  -1,  -1,  -1,
-     -1,  -1,  -1,   2,  -1,  -1,  -1,  -1,  -1,  -1,
-     -1,  -1,  -1,  -1,  -1,  -1,  -1,  -1,  -1,   3,
-      4,  -1,   5,  -1,   6,   7,  -1,   8,   9,  -1,
-     -1,  -1,  -1,  -1,  -1,  10,  -1,  11,  12,  13,
-     14,  -1,  -1,  -1,  15,  -1,  16,  17,  -1,  18,
-     19,  20,  21,  22,  23,  24,  25,  26,  27,  -1,
-     -1,  -1,  28,  29,  30,  -1,  31,  -1,  32,  33,
-     34,  -1,  35,  36,  37,  38,  -1,  39,  40,  41,
-     42,  -1,  43,  44,  -1,  -1,  -1,  -1,  -1,  45,
-     -1,  46,  47,  48,  49,  50,  51,  52,  53,  54,
-     55,  56,  -1,  57,  58,  59,  60,  61,  62,  63,
-     64,  65,  66,  67,  68,  69,  70,  71,  72,  73,
-     74,  75,  76,  77,  78,  79,  80,  81,  82,  83,
-     84,  -1,  85,  86,  -1,  87,  88,  89,  90,  91,
-     92,  -1,  93,  94,  95,  96,  97,  98,  99, 100,
-     -1,  -1, 101, 102, 103,  -1,  -1, 104, 105, 106,
-    107, 108, 109,  -1,  -1, 110,  -1, 111, 112, 113,
-    114,  -1, 115, 116,  -1, 117, 118, 119, 120, 121,
-     -1,  -1,  -1,  -1, 122, 123, 124,  -1, 125,  -1,
-     -1,  -1, 126, 127, 128,  -1, 129, 130, 131,  -1,
-     -1, 132, 133,  -1,  -1,  -1, 134,  -1, 135, 136,
      -1,  -1,  -1,  -1,  -1,  -1,  -1,  -1,  -1,  -1,
      -1,  -1,  -1,  -1,  -1,  -1,  -1,  -1,  -1,  -1,
-     -1, 137,  -1,  -1,  -1,  -1,  -1,  -1,  -1,  -1,
-     -1,  -1,  -1, 138,  -1,  -1, 139
+     -1,  -1,  -1,  -1,  -1,  -1,  -1, 138, 139,  -1,
+     -1,  -1,  -1,  -1,  -1,  -1,  -1,  -1,  -1,  -1,
+     -1,  -1, 140
   };
 
 #ifdef __GNUC__
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt b/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt
index 8760243..3ac7729 100644
--- a/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt
@@ -167,5 +167,6 @@ ntru112,          DIFFIE_HELLMAN_GROUP, NTRU_112_BIT,              0
 ntru128,          DIFFIE_HELLMAN_GROUP, NTRU_128_BIT,              0
 ntru192,          DIFFIE_HELLMAN_GROUP, NTRU_192_BIT,              0
 ntru256,          DIFFIE_HELLMAN_GROUP, NTRU_256_BIT,              0
+newhope128,       DIFFIE_HELLMAN_GROUP, NH_128_BIT,                0
 noesn,            EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS,   0
 esn,              EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS,      0
diff --git a/src/libstrongswan/crypto/transform.c b/src/libstrongswan/crypto/transform.c
index 7c6678b..808cb99 100644
--- a/src/libstrongswan/crypto/transform.c
+++ b/src/libstrongswan/crypto/transform.c
@@ -17,13 +17,15 @@
 #include <crypto/hashers/hasher.h>
 #include <crypto/rngs/rng.h>
 
-ENUM_BEGIN(transform_type_names, UNDEFINED_TRANSFORM_TYPE, COMPRESSION_ALGORITHM,
+ENUM_BEGIN(transform_type_names, UNDEFINED_TRANSFORM_TYPE, EXTENDED_OUTPUT_FUNCTION,
 	"UNDEFINED_TRANSFORM_TYPE",
 	"HASH_ALGORITHM",
 	"RANDOM_NUMBER_GENERATOR",
 	"AEAD_ALGORITHM",
-	"COMPRESSION_ALGORITHM");
-ENUM_NEXT(transform_type_names, ENCRYPTION_ALGORITHM, EXTENDED_SEQUENCE_NUMBERS, COMPRESSION_ALGORITHM,
+	"COMPRESSION_ALGORITHM",
+	"EXTENDED OUTPUT FUNCTION");
+ENUM_NEXT(transform_type_names, ENCRYPTION_ALGORITHM, EXTENDED_SEQUENCE_NUMBERS,
+								EXTENDED_OUTPUT_FUNCTION,
 	"ENCRYPTION_ALGORITHM",
 	"PSEUDO_RANDOM_FUNCTION",
 	"INTEGRITY_ALGORITHM",
@@ -60,6 +62,8 @@ enum_name_t* transform_get_enum_names(transform_type_t type)
 			return diffie_hellman_group_names;
 		case EXTENDED_SEQUENCE_NUMBERS:
 			return extended_sequence_numbers_names;
+		case EXTENDED_OUTPUT_FUNCTION:
+			return ext_out_function_names;
 		case UNDEFINED_TRANSFORM_TYPE:
 		case COMPRESSION_ALGORITHM:
 			break;
diff --git a/src/libstrongswan/crypto/transform.h b/src/libstrongswan/crypto/transform.h
index 0cb84f0..e043e60 100644
--- a/src/libstrongswan/crypto/transform.h
+++ b/src/libstrongswan/crypto/transform.h
@@ -34,6 +34,7 @@ enum transform_type_t {
 	RANDOM_NUMBER_GENERATOR = 243,
 	AEAD_ALGORITHM = 244,
 	COMPRESSION_ALGORITHM = 245,
+	EXTENDED_OUTPUT_FUNCTION = 246,
 	ENCRYPTION_ALGORITHM = 1,
 	PSEUDO_RANDOM_FUNCTION = 2,
 	INTEGRITY_ALGORITHM = 3,
diff --git a/src/libstrongswan/crypto/xofs/mgf1.h b/src/libstrongswan/crypto/xofs/mgf1.h
new file mode 100644
index 0000000..5ad3a51
--- /dev/null
+++ b/src/libstrongswan/crypto/xofs/mgf1.h
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup mgf1 mgf1
+ * @{ @ingroup crypto
+ */
+
+#ifndef MGF1_H_
+#define MGF1_H_
+
+typedef struct mgf1_t mgf1_t;
+
+#include "xof.h"
+
+/**
+ * Implements the PKCS#1 MGF1 Mask Generation Function based on a hash function
+ * defined in section 10.2.1 of RFC 2437
+ */
+struct mgf1_t {
+
+	/**
+	 * Generic xof_t interface for this Extended Output Function (XOF).
+	 */
+	xof_t xof_interface;
+
+	/**
+	 * Hash the seed before using it as a seed for MGF1
+	 * 
+	 * @param yes		TRUE if seed has to be hashed first
+	 */
+	void (*set_hash_seed)(mgf1_t *this, bool yes);
+};
+
+#endif /** MGF1_H_ @}*/
diff --git a/src/libstrongswan/plugins/bliss/tests/bliss_tests.h b/src/libstrongswan/crypto/xofs/xof.c
similarity index 65%
copy from src/libstrongswan/plugins/bliss/tests/bliss_tests.h
copy to src/libstrongswan/crypto/xofs/xof.c
index f0959cc..1e9c283 100644
--- a/src/libstrongswan/plugins/bliss/tests/bliss_tests.h
+++ b/src/libstrongswan/crypto/xofs/xof.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2015 Andreas Steffen
+ * Copyright (C) 2016 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -13,11 +13,15 @@
  * for more details.
  */
 
-TEST_SUITE(bliss_fft_suite_create)
-TEST_SUITE(bliss_bitpacker_suite_create)
-TEST_SUITE(bliss_huffman_suite_create)
-TEST_SUITE(bliss_keys_suite_create)
-TEST_SUITE(bliss_sampler_suite_create)
-TEST_SUITE(bliss_signature_suite_create)
-TEST_SUITE(bliss_sign_suite_create)
+#include "xof.h"
+
+ENUM(ext_out_function_names, XOF_UNDEFINED, XOF_CHACHA20,
+	"XOF_UNDEFINED",
+	"XOF_MGF1_SHA1",
+	"XOF_MGF1_SHA256",
+	"XOF_MGF1_SHA512",
+	"XOF_SHAKE128",
+	"XOF_SHAKE256",
+	"XOF_CHACHA20"
+);
 
diff --git a/src/libstrongswan/crypto/xofs/xof.h b/src/libstrongswan/crypto/xofs/xof.h
new file mode 100644
index 0000000..8c9ae01
--- /dev/null
+++ b/src/libstrongswan/crypto/xofs/xof.h
@@ -0,0 +1,114 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup xof xof
+ * @{ @ingroup crypto
+ */
+
+#ifndef XOF_H_
+#define XOF_H_
+
+typedef enum ext_out_function_t ext_out_function_t;
+typedef struct xof_t xof_t;
+
+#include <library.h>
+
+/**
+ * Extendable Output Functions.
+ */
+enum ext_out_function_t {
+	XOF_UNDEFINED,
+	/** RFC 2437 PKCS#1 */
+	XOF_MGF1_SHA1,
+	/** RFC 2437 PKCS#1 */
+	XOF_MGF1_SHA256,
+	/** RFC 2437 PKCS#1 */
+	XOF_MGF1_SHA512,
+	/** FIPS 202 */
+	XOF_SHAKE_128,
+	/** FIPS 202 */
+	XOF_SHAKE_256,
+	/** RFC 7539 ChaCha20 */
+	XOF_CHACHA20,
+};
+
+/**
+ * enum name for ext_out_function_t.
+ */
+extern enum_name_t *ext_out_function_names;
+
+/**
+ * Generic interface for Extended Output Function (XOF)
+ */
+struct xof_t {
+
+	/**
+	 * Return the type of the Extended Output Function
+	 *
+	 * @return			XOF type
+	 */
+	ext_out_function_t (*get_type)(xof_t *this);
+
+	/**
+	 * Generates pseudo random bytes and writes them in the buffer.
+	 *
+	 * @param out_len	number of output bytes requested
+	 * @param buffer	pointer where the generated bytes will be written
+	 * @return			TRUE if bytes generated successfully
+	 */
+	bool (*get_bytes)(xof_t *this, size_t out_len,
+					  uint8_t *buffer) __attribute__((warn_unused_result));
+
+	/**
+	 * Generates pseudo random bytes and allocate space for them.
+	 *
+	 * @param out_len	number of output bytes requested
+	 * @param chunk		chunk which will hold generated bytes
+	 * @return			TRUE if bytes allocated and generated successfully
+	 */
+	bool (*allocate_bytes)(xof_t *this, size_t out_len,
+						   chunk_t *chunk) __attribute__((warn_unused_result));
+
+	/**
+	 * Get the output block size
+	 *
+	 * @return			block size in bytes
+	 */
+	size_t (*get_block_size)(xof_t *this);
+
+	/**
+	 * Get the recommended minimum seed size
+	 *
+	 * @return			seed size in bytes
+	 */
+	size_t (*get_seed_size)(xof_t *this);
+
+	/**
+	 * Set the key for this xof_t object.
+	 *
+	 * @param sed		seed to set
+	 * @return			TRUE if XOF initialized with seed successfully
+	 */
+	bool (*set_seed)(xof_t *this,
+					 chunk_t seed) __attribute__((warn_unused_result));
+
+	/**
+	 * Destroys a xof object.
+	 */
+	void (*destroy)(xof_t *this);
+};
+
+#endif /** XOF_H_ @}*/
diff --git a/src/libstrongswan/crypto/xofs/xof_bitspender.c b/src/libstrongswan/crypto/xofs/xof_bitspender.c
new file mode 100644
index 0000000..f18b806
--- /dev/null
+++ b/src/libstrongswan/crypto/xofs/xof_bitspender.c
@@ -0,0 +1,213 @@
+/*
+ * Copyright (C) 2014-2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "xof_bitspender.h"
+#include "mgf1.h"
+
+typedef struct private_xof_bitspender_t private_xof_bitspender_t;
+
+/**
+ * Private data structure for xof_bitspender_t object
+ */
+struct private_xof_bitspender_t {
+	/**
+	 * Public interface.
+	 */
+	xof_bitspender_t public;
+
+	/**
+	 * Extended Output Function (XOF)
+	 */
+	xof_t *xof;
+
+	/**
+	 * Length of the returned hash value in octets
+	 */
+	int hash_len;
+
+	/**
+	 * Bit storage (accommodates up to 32 bits)
+	 */
+	uint32_t bits;
+
+	/**
+	 * Number of available bits
+	 */
+	int bits_left;
+
+	/**
+	 * Byte storage (accommodates up to 4 bytes)
+	 */
+	uint8_t bytes[4];
+
+	/**
+	 * Number of available bytes
+	 */
+	int bytes_left;
+
+	/**
+	 * Number of octets spent
+	 */
+	int octet_count;
+
+};
+
+static bool get_next_block(private_xof_bitspender_t *this, uint8_t *buffer)
+{
+	if (!this->xof->get_bytes(this->xof, 4, buffer))
+	{
+		/* no block available */
+		return FALSE;
+	}
+	this->octet_count += 4;
+
+	return TRUE;
+}
+
+METHOD(xof_bitspender_t, get_bits, bool,
+	private_xof_bitspender_t *this, int bits_needed, uint32_t *bits)
+{
+	int bits_now;
+
+	*bits = 0x00000000;
+
+	if (bits_needed == 0)
+	{
+		/* trivial */
+		return TRUE;
+	}
+	if (bits_needed > 32)
+	{
+		/* too many bits requested */
+		return FALSE;
+	}
+
+	while (bits_needed)
+	{
+		if (this->bits_left == 0)
+		{
+			uint8_t buf[4];
+
+			if (!get_next_block(this, buf))
+			{
+				return FALSE;
+			}
+			this->bits = untoh32(buf);
+			this->bits_left = 32;
+		}
+		if (bits_needed > this->bits_left)
+		{
+			bits_now = this->bits_left;
+			this->bits_left = 0;
+			bits_needed -= bits_now;
+		}
+		else
+		{
+			bits_now = bits_needed;
+			this->bits_left -= bits_needed;
+			bits_needed = 0;
+		}
+		if (bits_now == 32)
+		{
+			*bits = this->bits;
+		}
+		else
+		{
+			*bits <<= bits_now;
+			*bits |= this->bits >> this->bits_left;
+			if (this->bits_left)
+			{
+				this->bits &= 0xffffffff >> (32 - this->bits_left);
+			}
+		}
+	}
+
+	return TRUE;
+}
+
+METHOD(xof_bitspender_t, get_byte, bool,
+	private_xof_bitspender_t *this, uint8_t *byte)
+{
+	if (this->bytes_left == 0)
+	{
+		if (!get_next_block(this, this->bytes))
+		{
+			return FALSE;
+		}
+		this->bytes_left = 4;
+	}
+	*byte = this->bytes[4 - this->bytes_left--];
+
+	return TRUE;
+}
+
+METHOD(xof_bitspender_t, destroy, void,
+	private_xof_bitspender_t *this)
+{
+	DBG2(DBG_LIB, "%N generated %u octets", ext_out_function_names,
+				   this->xof->get_type(this->xof), this->octet_count);
+	memwipe(this->bytes, 4);
+	this->xof->destroy(this->xof);
+	free(this);
+}
+
+/**
+ * See header.
+ */
+xof_bitspender_t *xof_bitspender_create(ext_out_function_t alg, chunk_t seed,
+										bool hash_seed)
+{
+	private_xof_bitspender_t *this;
+	xof_t *xof;
+
+	xof = lib->crypto->create_xof(lib->crypto, alg);
+	if (!xof)
+	{
+		return NULL;
+	}
+
+	switch (alg)
+	{
+		case XOF_MGF1_SHA1:
+		case XOF_MGF1_SHA256:
+		case XOF_MGF1_SHA512:
+		{
+			mgf1_t *mgf1 = (mgf1_t*)xof;
+
+			mgf1->set_hash_seed(mgf1, hash_seed);
+			break;
+		}
+		default:
+			break;
+	}
+	if (!xof->set_seed(xof, seed))
+	{
+		xof->destroy(xof);
+		return NULL;
+	}
+	DBG2(DBG_LIB, "%N is seeded with %u octets", ext_out_function_names,
+				   alg, seed.len);
+
+	INIT(this,
+		.public = {
+			.get_bits = _get_bits,
+			.get_byte = _get_byte,
+			.destroy = _destroy,
+		},
+		.xof = xof,
+	);
+
+	return &this->public;
+}
diff --git a/src/libstrongswan/crypto/mgf1/mgf1_bitspender.h b/src/libstrongswan/crypto/xofs/xof_bitspender.h
similarity index 60%
rename from src/libstrongswan/crypto/mgf1/mgf1_bitspender.h
rename to src/libstrongswan/crypto/xofs/xof_bitspender.h
index f7df8e8..f422079 100644
--- a/src/libstrongswan/crypto/mgf1/mgf1_bitspender.h
+++ b/src/libstrongswan/crypto/xofs/xof_bitspender.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014 Andreas Steffen
+ * Copyright (C) 2014-2016 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -14,22 +14,24 @@
  */
 
 /**
- * @defgroup mgf1_bitspender mgf1_bitspender
+ * @defgroup xof_bitspender xof_bitspender
  * @{ @ingroup mgf1
  */
 
-#ifndef MGF1_BITSPENDER_H_
-#define MGF1_BITSPENDER_H_
+#ifndef XOF_BITSPENDER_H_
+#define XOF_BITSPENDER_H_
+
+#include "xof.h"
 
 #include <library.h>
-#include <crypto/hashers/hasher.h>
 
-typedef struct mgf1_bitspender_t mgf1_bitspender_t;
+typedef struct xof_bitspender_t xof_bitspender_t;
 
 /**
- * Generates a given number of pseudo-random bits at a time using MGF1
+ * Generates a given number of pseudo-random bits at a time using an
+ * Extended Output Function (XOF)
  */
-struct mgf1_bitspender_t {
+struct xof_bitspender_t {
 
 	/**
 	 * Get pseudo-random bits
@@ -38,7 +40,7 @@ struct mgf1_bitspender_t {
 	 * @param bits			Pseudo-random bits
 	 * @result				FALSE if internal MGF1 error occurred
 	 */
-	bool (*get_bits)(mgf1_bitspender_t *this, int bits_needed, uint32_t *bits);
+	bool (*get_bits)(xof_bitspender_t *this, int bits_needed, uint32_t *bits);
 
 	/**
 	 * Get a pseudo-random byte
@@ -46,22 +48,22 @@ struct mgf1_bitspender_t {
 	 * @param byte			Pseudo-random byte
 	 * @result				FALSE if internal MGF1 error occurred
 	 */
-	bool (*get_byte)(mgf1_bitspender_t *this, uint8_t *byte);
+	bool (*get_byte)(xof_bitspender_t *this, uint8_t *byte);
 
 	/**
-	 * Destroy mgf1_bitspender_t object
+	 * Destroy xof_bitspender_t object
 	 */
-	void (*destroy)(mgf1_bitspender_t *this);
+	void (*destroy)(xof_bitspender_t *this);
 };
 
 /**
- * Create a mgf1_bitspender_t object
+ * Create a xof_bitspender_t object
  *
- * @param alg				Hash algorithm to be used with MGF1
- * @param seed				Seed used to initialize MGF1
+ * @param alg				XOF to be used
+ * @param seed				Seed used to initialize XOF
  * @param hash_seed			Hash seed before using it as a seed for MFG1
  */
-mgf1_bitspender_t *mgf1_bitspender_create(hash_algorithm_t alg, chunk_t seed,
-										  bool hash_seed);
+xof_bitspender_t *xof_bitspender_create(ext_out_function_t alg, chunk_t seed,
+										bool hash_seed);
 
-#endif /** MGF1_BITSPENDER_H_ @}*/
+#endif /** XOF_BITSPENDER_H_ @}*/
diff --git a/src/libstrongswan/library.c b/src/libstrongswan/library.c
index e130b93..4f79dcc 100644
--- a/src/libstrongswan/library.c
+++ b/src/libstrongswan/library.c
@@ -55,6 +55,13 @@ struct private_library_t {
 	 */
 	bool integrity_failed;
 
+#ifdef LEAK_DETECTIVE
+	/**
+	 * Where to write leak detective output to
+	 */
+	FILE *ld_out;
+#endif
+
 	/**
 	 * Number of times we have been initialized
 	 */
@@ -95,32 +102,34 @@ library_t *lib = NULL;
 /**
  * Default leak report callback
  */
-static void report_leaks(void *user, int count, size_t bytes,
-						 backtrace_t *bt, bool detailed)
+CALLBACK(report_leaks, void,
+	private_library_t *this, int count, size_t bytes, backtrace_t *bt,
+	bool detailed)
 {
-	fprintf(stderr, "%zu bytes total, %d allocations, %zu bytes average:\n",
+	fprintf(this->ld_out, "%zu bytes total, %d allocations, %zu bytes average:\n",
 			bytes, count, bytes / count);
-	bt->log(bt, stderr, detailed);
+	bt->log(bt, this->ld_out, detailed);
 }
 
 /**
  * Default leak report summary callback
  */
-static void sum_leaks(void* user, int count, size_t bytes, int whitelisted)
+CALLBACK(sum_leaks, void,
+	private_library_t *this, int count, size_t bytes, int whitelisted)
 {
 	switch (count)
 	{
 		case 0:
-			fprintf(stderr, "No leaks detected");
+			fprintf(this->ld_out, "No leaks detected");
 			break;
 		case 1:
-			fprintf(stderr, "One leak detected");
+			fprintf(this->ld_out, "One leak detected");
 			break;
 		default:
-			fprintf(stderr, "%d leaks detected, %zu bytes", count, bytes);
+			fprintf(this->ld_out, "%d leaks detected, %zu bytes", count, bytes);
 			break;
 	}
-	fprintf(stderr, ", %d suppressed by whitelist\n", whitelisted);
+	fprintf(this->ld_out, ", %d suppressed by whitelist\n", whitelisted);
 }
 #endif /* LEAK_DETECTIVE */
 
@@ -172,6 +181,12 @@ void library_deinit()
 		lib->leak_detective->destroy(lib->leak_detective);
 		lib->leak_detective = NULL;
 	}
+#ifdef LEAK_DETECTIVE
+	if (this->ld_out && this->ld_out != stderr)
+	{
+		fclose(this->ld_out);
+	}
+#endif /* LEAK_DETECTIVE */
 
 	backtrace_deinit();
 	arrays_deinit();
@@ -301,11 +316,22 @@ bool library_init(char *settings, const char *namespace)
 	backtrace_init();
 
 #ifdef LEAK_DETECTIVE
+	{
+		FILE *out = NULL;
+		char *log;
+
+		log = getenv("LEAK_DETECTIVE_LOG");
+		if (log)
+		{
+			out = fopen(log, "a");
+		}
+		this->ld_out = out ?: stderr;
+	}
 	lib->leak_detective = leak_detective_create();
 	if (lib->leak_detective)
 	{
 		lib->leak_detective->set_report_cb(lib->leak_detective,
-										   report_leaks, sum_leaks, NULL);
+										   report_leaks, sum_leaks, this);
 	}
 #endif /* LEAK_DETECTIVE */
 
diff --git a/src/libstrongswan/math/libnttfft/Makefile.am b/src/libstrongswan/math/libnttfft/Makefile.am
new file mode 100644
index 0000000..ec98abe
--- /dev/null
+++ b/src/libstrongswan/math/libnttfft/Makefile.am
@@ -0,0 +1,15 @@
+AM_CPPFLAGS = \
+	-I$(top_srcdir)/src/libstrongswan
+
+AM_CFLAGS = \
+	@COVERAGE_CFLAGS@
+
+AM_LDFLAGS = \
+	-no-undefined
+
+ipseclib_LTLIBRARIES = libnttfft.la
+
+libnttfft_la_SOURCES = \
+	ntt_fft_reduce.h ntt_fft.h ntt_fft.c \
+	ntt_fft_params.h ntt_fft_params.c
+
diff --git a/src/libradius/Makefile.in b/src/libstrongswan/math/libnttfft/Makefile.in
similarity index 94%
copy from src/libradius/Makefile.in
copy to src/libstrongswan/math/libnttfft/Makefile.in
index f5a5d12..1a56213 100644
--- a/src/libradius/Makefile.in
+++ b/src/libstrongswan/math/libnttfft/Makefile.in
@@ -88,7 +88,7 @@ PRE_UNINSTALL = :
 POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
-subdir = src/libradius
+subdir = src/libstrongswan/math/libnttfft
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
 	$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -136,11 +136,9 @@ am__uninstall_files_from_dir = { \
   }
 am__installdirs = "$(DESTDIR)$(ipseclibdir)"
 LTLIBRARIES = $(ipseclib_LTLIBRARIES)
-libradius_la_DEPENDENCIES =  \
-	$(top_builddir)/src/libstrongswan/libstrongswan.la
-am_libradius_la_OBJECTS = radius_message.lo radius_socket.lo \
-	radius_client.lo radius_config.lo
-libradius_la_OBJECTS = $(am_libradius_la_OBJECTS)
+libnttfft_la_LIBADD =
+am_libnttfft_la_OBJECTS = ntt_fft.lo ntt_fft_params.lo
+libnttfft_la_OBJECTS = $(am_libnttfft_la_OBJECTS)
 AM_V_lt = $(am__v_lt_ at AM_V@)
 am__v_lt_ = $(am__v_lt_ at AM_DEFAULT_V@)
 am__v_lt_0 = --silent
@@ -179,8 +177,8 @@ AM_V_CCLD = $(am__v_CCLD_ at AM_V@)
 am__v_CCLD_ = $(am__v_CCLD_ at AM_DEFAULT_V@)
 am__v_CCLD_0 = @echo "  CCLD    " $@;
 am__v_CCLD_1 = 
-SOURCES = $(libradius_la_SOURCES)
-DIST_SOURCES = $(libradius_la_SOURCES)
+SOURCES = $(libnttfft_la_SOURCES)
+DIST_SOURCES = $(libnttfft_la_SOURCES)
 am__can_run_installinfo = \
   case $$AM_UPDATE_INFO_DIR in \
     n|no|NO) false;; \
@@ -346,7 +344,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -380,8 +377,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -435,25 +430,24 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
 AM_CPPFLAGS = \
 	-I$(top_srcdir)/src/libstrongswan
 
+AM_CFLAGS = \
+	@COVERAGE_CFLAGS@
+
 AM_LDFLAGS = \
 	-no-undefined
 
-ipseclib_LTLIBRARIES = libradius.la
-libradius_la_LIBADD = \
-	$(top_builddir)/src/libstrongswan/libstrongswan.la -lm
-
-libradius_la_SOURCES = \
-	radius_message.h radius_message.c \
-	radius_socket.h radius_socket.c \
-	radius_client.h radius_client.c \
-	radius_config.h radius_config.c \
-	radius_mppe.h
+ipseclib_LTLIBRARIES = libnttfft.la
+libnttfft_la_SOURCES = \
+	ntt_fft_reduce.h ntt_fft.h ntt_fft.c \
+	ntt_fft_params.h ntt_fft_params.c
 
 all: all-am
 
@@ -468,9 +462,9 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	      exit 1;; \
 	  esac; \
 	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libradius/Makefile'; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/math/libnttfft/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
-	  $(AUTOMAKE) --gnu src/libradius/Makefile
+	  $(AUTOMAKE) --gnu src/libstrongswan/math/libnttfft/Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
@@ -524,8 +518,8 @@ clean-ipseclibLTLIBRARIES:
 	  rm -f $${locs}; \
 	}
 
-libradius.la: $(libradius_la_OBJECTS) $(libradius_la_DEPENDENCIES) $(EXTRA_libradius_la_DEPENDENCIES) 
-	$(AM_V_CCLD)$(LINK) -rpath $(ipseclibdir) $(libradius_la_OBJECTS) $(libradius_la_LIBADD) $(LIBS)
+libnttfft.la: $(libnttfft_la_OBJECTS) $(libnttfft_la_DEPENDENCIES) $(EXTRA_libnttfft_la_DEPENDENCIES) 
+	$(AM_V_CCLD)$(LINK) -rpath $(ipseclibdir) $(libnttfft_la_OBJECTS) $(libnttfft_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -533,10 +527,8 @@ mostlyclean-compile:
 distclean-compile:
 	-rm -f *.tab.c
 
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/radius_client.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/radius_config.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/radius_message.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/radius_socket.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/ntt_fft.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/ntt_fft_params.Plo at am__quote@
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
diff --git a/src/libstrongswan/plugins/bliss/bliss_fft.c b/src/libstrongswan/math/libnttfft/ntt_fft.c
similarity index 67%
rename from src/libstrongswan/plugins/bliss/bliss_fft.c
rename to src/libstrongswan/math/libnttfft/ntt_fft.c
index 033c214..f83dbfc 100644
--- a/src/libstrongswan/plugins/bliss/bliss_fft.c
+++ b/src/libstrongswan/math/libnttfft/ntt_fft.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014 Andreas Steffen
+ * Copyright (C) 2014-2016 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -13,34 +13,44 @@
  * for more details.
  */
 
-#include "bliss_fft.h"
+#include "ntt_fft.h"
+#include "ntt_fft_reduce.h"
 
-typedef struct private_bliss_fft_t private_bliss_fft_t;
+/**
+ * Described in header.
+ */
+void libnttfft_init(void)
+{
+	/* empty */
+}
+
+typedef struct private_ntt_fft_t private_ntt_fft_t;
 
 /**
- * Private data structure for bliss_fft_t object
+ * Private data structure for ntt_fft_t object
  */
-struct private_bliss_fft_t {
+struct private_ntt_fft_t {
+
 	/**
 	 * Public interface.
 	 */
-	bliss_fft_t public;
+	ntt_fft_t public;
 
 	/**
 	 * FFT parameter set used as constants
 	 */
-	bliss_fft_params_t *p;
+	const ntt_fft_params_t *p;
 
 };
 
-METHOD(bliss_fft_t, get_size, uint16_t,
-	private_bliss_fft_t *this)
+METHOD(ntt_fft_t, get_size, uint16_t,
+	private_ntt_fft_t *this)
 {
 	return this->p->n;
 }
 
-METHOD(bliss_fft_t, get_modulus, uint16_t,
-	private_bliss_fft_t *this)
+METHOD(ntt_fft_t, get_modulus, uint16_t,
+	private_ntt_fft_t *this)
 {
 	return this->p->q;
 }
@@ -54,8 +64,7 @@ METHOD(bliss_fft_t, get_modulus, uint16_t,
  * x[i2] ---|-|--|*|-- x[i2]
  *
  */
-static void butterfly(private_bliss_fft_t *this, uint32_t *x, int i1,int i2,
-															  int iw)
+static void butterfly(private_ntt_fft_t *this, uint32_t *x, int i1,int i2, int iw)
 {
 	uint32_t xp, xm;
 
@@ -65,14 +74,14 @@ static void butterfly(private_bliss_fft_t *this, uint32_t *x, int i1,int i2,
 	{
 		xp -= this->p->q;
 	}
-	x[i1] =  xp;
-	x[i2] = (xm * this->p->w[iw]) % this->p->q;
+	x[i1] = xp;
+	x[i2] = ntt_fft_mreduce(xm * this->p->wr[iw], this->p);
 }
 
 /**
  * Trivial butterfly operation of last FFT stage
  */
-static void butterfly_last(private_bliss_fft_t *this, uint32_t *x, int i1)
+static void butterfly_last(private_ntt_fft_t *this, uint32_t *x, int i1)
 {
 	uint32_t xp, xm;
 	int i2 = i1 + 1;
@@ -91,23 +100,22 @@ static void butterfly_last(private_bliss_fft_t *this, uint32_t *x, int i1)
 	x[i2] = xm;
 }
 
-METHOD(bliss_fft_t, transform, void,
-	private_bliss_fft_t *this, uint32_t *a, uint32_t *b, bool inverse)
+METHOD(ntt_fft_t, transform, void,
+	private_ntt_fft_t *this, uint32_t *a, uint32_t *b, bool inverse)
 {
-	int stage, i, j, k, m, n, t, iw, i_rev;
-	uint16_t q;
+	int stage, i, j, k, m, n, s, t, iw, i_rev;
 	uint32_t tmp;
 
-	/* we are going to use the transform size n and the modulus q a lot */
+	/* we are going to use the transform size n a lot */
 	n = this->p->n;
-	q = this->p->q;
+	s = this->p->s;
 
 	if (!inverse)
 	{
 		/* apply linear phase needed for negative wrapped convolution */
 		for (i = 0; i < n; i++)
 		{
-			b[i] = (a[i] * this->p->w[i]) % q;
+			b[i] = ntt_fft_mreduce(a[i] * this->p->wf[s*i], this->p);
 		}
 	}
 	else if (a != b)
@@ -137,7 +145,7 @@ METHOD(bliss_fft_t, transform, void,
 			{
 				for (i = 0; i < m; i++)
 				{
-					iw = 2 * (inverse ? (n - i * k) : (i * k));
+					iw = s * (inverse ? (n - i * k) : (i * k));
 					butterfly(this, b, t + i, t + i + m, iw);
 				}				
 			}
@@ -167,13 +175,13 @@ METHOD(bliss_fft_t, transform, void,
 	{
 		for (i = 0; i < n; i++)
 		{
-			b[i] = (((b[i] * this->p->w[2*n - i]) % q) * this->p->n_inv) % q;
+			b[i] = ntt_fft_mreduce(b[i] * this->p->wi[i], this->p);
 		}
 	}
 }
 
-METHOD(bliss_fft_t, destroy, void,
-	private_bliss_fft_t *this)
+METHOD(ntt_fft_t, destroy, void,
+	private_ntt_fft_t *this)
 {
 	free(this);
 }
@@ -181,9 +189,9 @@ METHOD(bliss_fft_t, destroy, void,
 /**
  * See header.
  */
-bliss_fft_t *bliss_fft_create(bliss_fft_params_t *params)
+ntt_fft_t *ntt_fft_create(const ntt_fft_params_t *params)
 {
-	private_bliss_fft_t *this;
+	private_ntt_fft_t *this;
 
 	INIT(this,
 		.public = {
diff --git a/src/libstrongswan/plugins/bliss/bliss_fft.h b/src/libstrongswan/math/libnttfft/ntt_fft.h
similarity index 64%
rename from src/libstrongswan/plugins/bliss/bliss_fft.h
rename to src/libstrongswan/math/libnttfft/ntt_fft.h
index a79edd2..c05bb4e 100644
--- a/src/libstrongswan/plugins/bliss/bliss_fft.h
+++ b/src/libstrongswan/math/libnttfft/ntt_fft.h
@@ -14,37 +14,39 @@
  */
 
 /**
- * @defgroup bliss_fft bliss_fft
- * @{ @ingroup bliss_p
+ * @defgroup ntt_p libnttfft
+ *
+ * @defgroup ntt_fft ntt_fft
+ * @{ @ingroup ntt_p
  */
 
-#ifndef BLISS_FFT_H_
-#define BLISS_FFT_H_
+#ifndef NTT_FFT_H_
+#define NTT_FFT_H_
 
-#include "bliss_fft_params.h"
+#include "ntt_fft_params.h"
 
 #include <library.h>
 
-typedef struct bliss_fft_t bliss_fft_t;
+typedef struct ntt_fft_t ntt_fft_t;
 
 /**
  * Implements a Number Theoretic Transform (NTT) via the FFT algorithm
  */
-struct bliss_fft_t {
+struct ntt_fft_t {
 
 	/**
 	 * Get the size of the Number Theoretic Transform
 	 *
 	 * @result			Transform size
 	 */
-	uint16_t (*get_size)(bliss_fft_t *this);
+	uint16_t (*get_size)(ntt_fft_t *this);
 
 	/**
 	 * Get the prime modulus of the Number Theoretic Transform
 	 *
 	 * @result			Prime modulus
 	 */
-	uint16_t (*get_modulus)(bliss_fft_t *this);
+	uint16_t (*get_modulus)(ntt_fft_t *this);
 
 	/**
 	 * Compute the [inverse] NTT of a polynomial
@@ -53,19 +55,25 @@ struct bliss_fft_t {
 	 * @param b			Coefficient of output polynomial
 	 * @param inverse	TRUE if the inverse NTT has to be computed
 	 */
-	void (*transform)(bliss_fft_t *this, uint32_t *a, uint32_t *b, bool inverse);
+	void (*transform)(ntt_fft_t *this, uint32_t *a, uint32_t *b, bool inverse);
 
 	/**
-	 * Destroy bliss_fft_t object
+	 * Destroy ntt_fft_t object
 	 */
-	void (*destroy)(bliss_fft_t *this);
+	void (*destroy)(ntt_fft_t *this);
 };
 
 /**
- * Create a bliss_fft_t object for a given FFT parameter set
+ * Create a ntt_fft_t object for a given FFT parameter set
  *
  * @param params		FFT parameters
  */
-bliss_fft_t *bliss_fft_create(bliss_fft_params_t *params);
+ntt_fft_t *ntt_fft_create(const ntt_fft_params_t *params);
+
+/**
+ * Dummy libnttfft initialization function needed for integrity test
+ */
+void libnttfft_init(void);
+
 
-#endif /** BLISS_FFT_H_ @}*/
+#endif /** NTT_FFT_H_ @}*/
diff --git a/src/libstrongswan/math/libnttfft/ntt_fft_params.c b/src/libstrongswan/math/libnttfft/ntt_fft_params.c
new file mode 100644
index 0000000..4daac27
--- /dev/null
+++ b/src/libstrongswan/math/libnttfft/ntt_fft_params.c
@@ -0,0 +1,652 @@
+/*
+ * Copyright (C) 2014-2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "ntt_fft_params.h"
+
+/**
+ * FFT twiddle factors in Montgomery form for q = 12289 and n = 1024
+ */
+static const uint16_t wr_12289_1024[] = {
+	 4075,  3051,  2031,  1207,  9987, 10092,  2948,  9273, 11973,  9094,
+	 3202,  9430,  7377,  5092,  3728, 10626,  4536,  1062,  2882,  6039,
+	  975, 10908,  6065,  2249, 11889,  4978, 10431,  7270, 12138,  4890,
+	 6119,  4895,  6364,  4611,  4737, 10911,  6212,  9452,  8455,  8758,
+	11316,  1479, 11026, 11847,  2920,  7901,  6190,  8374,  4789,  1170,
+	 8174,  7278,   241, 11809,  1058,  2686,  8724,  9650,  5868,  4885,
+	 5874,  5179,  7991, 10600,  3262,    81,  3969, 10146,  5594,  3748,
+	11606,  3400,  6843,  3504, 11939,  7428,  7591,  3289,  1404,  7351,
+	 3818,  2747, 11713,  8643,  5681,  8011, 11580,  2126,  5862,  4591,
+	 3757, 12047,   431,  8830,  2555,  2305,  2344,  4255, 11871,  4096,
+
+	 4080,  3296,  1747, 11869,  3998, 11567,  1489, 11516, 11279, 11955,
+	 8212,  9140,  5456,  9275, 12071,  1607,  5009, 11950,  7967,  9424,
+	 7083,  2975, 10596,  3066,  2766,   355,  5106,  4414,  7373,  4896,
+	 6413,  7012, 11785, 12171,  6507, 11618,  3988, 11077,  2057,  2481,
+	10968,  9005, 11130,  4654,  6844,  3553,  2051,  2187,  8851,  3584,
+	 3570,  2884,  6137,  5777,   426,  8585,  2839,  3932,  8333,  2780,
+	 1041,  1853,  4774,   435,  9026, 12159,  5919,  7384,  5435,  8246,
+	10806,  1067,  3127,  5755, 11637,  4919,  7540,   790,  1843,  4284,
+	 1003, 12280, 11848,  2969, 10302,   949,  9634,  5084,  3336,  3707,
+	 9597,  3271,   522,  1000, 12133,  4645,  6403,  6522,    64,  3136,
+
+	 6196,  8668,  6906,  6591,  3445,  9048,   948,  9585,  2683,  8577,
+	 2447,  9302,  1105,  4989, 10970,  9103,  3643,  6461,  9364,  4143,
+	 6383,  5542,  1200,  9644,  5574,  2768,   453,  9908,  6221,  9893,
+	 5486, 10745, 10367,  4134,  5942,  8511, 11502, 10593,  2919,  7852,
+	 3789,  1326,  3529,   875,  6008, 11745, 10211,  8779,    56,  2744,
+	11566,  1440,  9115,  4231, 10695,  7917,  6974,  9923,  6956,  9041,
+	  605,  5067,  2503, 12046,   382,  6429,  7796,  1045,  2049,  2089,
+	 4049,  1777,  1050,  2294,  1805,  2422,  8077,  2525,   835,  4048,
+	 1728, 10938,  7535,   545,  2127,  5911,  6992, 10805,  1018,   726,
+	10996, 10377,  4624,  5374,  5257, 11813,  1254,     1,    49,  2401,
+
+	 7048,  1260,   295,  2166,  7822,  2319,  3030,  1002, 12231,  9447,
+	 8210,  9042,   654,  7468,  9551,  1017,   677,  8595,  3329,  3364,
+	 5079,  3091,  3991, 11224,  9260, 11336,  2459,  9890,  5339,  3542,
+	 1512,   354,  5057,  2013,   325,  3636,  6118,  4846,  3963,  9852,
+	 3477, 10616,  4046,  1630,  6136,  5728, 10314,  1537,  1579,  3637,
+	 6167,  7247, 11011, 11112,  3772,   493, 11868,  3949,  9166,  6730,
+	10256, 10984,  9789,   390,  6821,  2426,  8273, 12129,  4449,  9088,
+	 2908,  7313,  1956,  9821,  1958,  9919,  6760, 11726,  9280,    27,
+	 1323,  3382,  5961,  9442,  7965,  9326,  2281,  1168,  8076,  2476,
+	10723,  9289,   468, 10643,  5369,  5012, 12097,  2881,  5990, 10863,
+
+	 3860,  4805,  1954,  9723,  9445,  8112,  4240, 11136,  4948,  8961,
+	 8974,  9611,  3957,  9558,  1360,  5195,  8775, 12149,  5429,  7952,
+	 8689,  7935,  7856,  3985, 10930,  7143,  5915,  7188,  8120,  4632,
+	 5766, 12176,  6752, 11334,  2361,  5088,  3532,  1022,   922,  8311,
+	 1702,  9664,  6554,  1632,  6234, 10530, 12121,  4057,  2169,  7969,
+	 9522, 11885,  4782,   827,  3656,  7098,  3710,  9744, 10474,  9377,
+	 4780,   729, 11143,  5291,  1190,  9154,  6142,  6022,   142,  6958,
+	 9139,  5407,  6874,  5023,   347,  4714,  9784,   145,  7105,  4053,
+	 1973, 10654,  5908,  6845,  3602,  4452,  9235, 10111,  3879,  5736,
+	10706,  8456,  8807,  1428,  8527, 12286, 12142,  5086,  3434,  8509,
+
+	11404,  5791,  1112,  5332,  3199,  9283,   174,  8526, 12237,  9741,
+	10327,  2174,  8214,  9238, 10258, 11082,  2302,  2197,  9341,  3016,
+	  316,  3195,  9087,  2859,  4912,  7197,  8561,  1663,  7753, 11227,
+	 9407,  6250, 11314,  1381,  6224, 10040,   400,  7311,  1858,  5019,
+	  151,  7399,  6170,  7394,  5925,  7678,  7552,  1378,  6077,  2837,
+	 3834,  3531,   973, 10810,  1263,   442,  9369,  4388,  6099,  3915,
+	 7500, 11119,  4115,  5011, 12048,   480, 11231,  9603,  3565,  2639,
+	 6421,  7404,  6415,  7110,  4298,  1689,  9027, 12208,  8320,  2143,
+	 6695,  8541,   683,  8889,  5446,  8785,   350,  4861,  4698,  9000,
+	10885,  4938,  8471,  9542,   576,  3646,  6608,  4278,   709, 10163,
+
+	 6427,  7698,  8532,   242, 11858,  3459,  9734,  9984,  9945,  8034,
+	  418,  8193,  8209,  8993, 10542,   420,  8291,   722, 10800,   773,
+	 1010,   334,  4077,  3149,  6833,  3014,   218, 10682,  7280,   339,
+	 4322,  2865,  5206,  9314,  1693,  9223,  9523, 11934,  7183,  7875,
+	 4916,  7393,  5876,  5277,   504,   118,  5782,   671,  8301,  1212,
+	10232,  9808,  1321,  3284,  1159,  7635,  5445,  8736, 10238, 10102,
+	 3438,  8705,  8719,  9405,  6152,  6512, 11863,  3704,  9450,  8357,
+	 3956,  9509, 11248, 10436,  7515, 11854,  3263,   130,  6370,  4905,
+	 6854,  4043,  1483, 11222,  9162,  6534,   652,  7370,  4749, 11499,
+	10446,  8005, 11286,     9,   441,  9320,  1987, 11340,  2655,  7205,
+
+	 8953,  8582,  2692,  9018, 11767, 11289,   156,  7644,  5886,  5767,
+	12225,  9153,  6093,  3621,  5383,  5698,  8844,  3241, 11341,  2704,
+	 9606,  3712,  9842,  2987, 11184,  7300,  1319,  3186,  8646,  5828,
+	 2925,  8146,  5906,  6747, 11089,  2645,  6715,  9521, 11836,  2381,
+	 6068,  2396,  6803,  1544,  1922,  8155,  6347,  3778,   787,  1696,
+	 9370,  4437,  8500, 10963,  8760, 11414,  6281,   544,  2078,  3510,
+	12233,  9545,   723, 10849,  3174,  8058,  1594,  4372,  5315,  2366,
+	 5333,  3248, 11684,  7222,  9786,   243, 11907,  5860,  4493, 11244,
+	10240, 10200,  8240, 10512, 11239,  9995, 10484,  9867,  4212,  9764,
+	11454,  8241, 10561,  1351,  4754, 11744, 10162,  6378,  5297,  1484,
+
+	11271, 11563,  1293,  1912,  7665,  6915,  7032,   476, 11035, 12288,
+	12240,  9888,  5241, 11029, 11994, 10123,  4467,  9970,  9259, 11287,
+	   58,  2842,  4079,  3247, 11635,  4821,  2738, 11272, 11612,  3694,
+	 8960,  8925,  7210,  9198,  8298,  1065,  3029,   953,  9830,  2399,
+	 6950,  8747, 10777, 11935,  7232, 10276, 11964,  8653,  6171,  7443,
+	 8326,  2437,  8812,  1673,  8243, 10659,  6153,  6561,  1975, 10752,
+	10710,  8652,  6122,  5042,  1278,  1177,  8517, 11796,   421,  8340,
+	 3123,  5559,  2033,  1305,  2500, 11899,  5468,  9863,  4016,   160,
+	 7840,  3201,  9381,  4976, 10333,  2468, 10331,  2370,  5529,   563,
+	 3009, 12262, 10966,  8907,  6328,  2847,  4324,  2963, 10008, 11121,
+
+	 4213,  9813,  1566,  3000, 11821,  1646,  6920,  7277,   192,  9408,
+	 6299,  1426,  8429,  7484, 10335,  2566,  2844,  4177,  8049,  1153,
+	 7341,  3328,  3315,  2678,  8332,  2731, 10929,  7094,  3514,   140,
+	 6860,  4337,  3600,  4354,  4433,  8304,  1359,  5146,  6374,  5101,
+	 4169,  7657,  6523,   113,  5537,   955,  9928,  7201,  8757, 11267,
+	11367,  3978, 10587,  2625,  5735, 10657,  6055,  1759,   168,  8232,
+	10120,  4320,  2767,   404,  7507, 11462,  8633,  5191,  8579,  2545,
+	 1815,  2912,  7509, 11560,  1146,  6998, 11099,  3135,  6147,  6267,
+	12147,  5331,  3150,  6882,  5415,  7266, 11942,  7575,  2505, 12144,
+	 5184,  8236, 10316,  1635,  6381,  5444,  8687,  7837,  3054,  2178,
+
+	 8410,  6553,  1583,  3833,  3482, 10861,  3762,     3,   147,  7203,
+	 8855,  3780,   885,  6498, 11177,  6957,  9090,  3006, 12115,  3763,
+	   52,  2548,  1962, 10115,  4075
+};
+
+/**
+ * FFT phase shift in forward transform for q = 12289 and n = 1024
+ */
+static const uint16_t wf_12289_1024[] = {
+	 3186, 10013,  8646, 11366,  5828,  3929,  2925,  8186,  8146,  7866,
+	 5906,  4475,  6747, 10362, 11089,  3889,  2645,  6226,  6715, 10138,
+	 9521,  5202, 11836,  9118,  2381,  4378,  6068,  5609,  2396,  4483,
+	 6803, 10754,  1544, 10808,  1922,  1165,  8155,  7929,  6347,  7562,
+	 3778,  1868,   787,  5509,  1696, 11872,  9370,  4145,  4437,  6481,
+	 8500, 10344, 10963,  3007,  8760, 12164, 11414,  6164,  6281,  7100,
+	  544,  3808,  2078,  2257,  3510, 12281, 12233, 11897,  9545,  5370,
+	  723,  5061, 10849,  2209,  3174,  9929,  8058,  7250,  1594, 11158,
+	 4372,  6026,  5315,   338,  2366,  4273,  5333,   464,  3248, 10447,
+	11684,  8054,  7222,  1398,  9786,  7057,   243,  1701, 11907,  9615,
+
+	 5860,  4153,  4493,  6873, 11244,  4974, 10240, 10235, 10200,  9955,
+	 8240,  8524, 10512, 12139, 11239,  4939,  9995,  8520, 10484, 11943,
+	 9867,  7624,  4212,  4906,  9764,  6903, 11454,  6444,  8241,  8531,
+	10561,   193,  1351,  9457,  4754,  8700, 11744,  8474, 10162,  9689,
+	 6378,  7779,  5297,   212,  1484, 10388, 11271,  5163, 11563,  7207,
+	 1293,  9051,  1912,  1095,  7665,  4499,  6915, 11538,  7032,    68,
+	  476,  3332, 11035,  3511, 12288, 12282, 12240, 11946,  9888,  7771,
+	 5241, 12109, 11029,  3469, 11994, 10224, 10123,  9416,  4467,  6691,
+	 9970,  8345,  9259,  3368, 11287,  5275,    58,   406,  2842,  7605,
+	 4079,  3975,  3247, 10440, 11635,  7711,  4821,  9169,  2738,  6877,
+
+	11272,  5170, 11612,  7550,  3694,  1280,  8960,  1275,  8925,  1030,
+	 7210,  1314,  9198,  2941,  8298,  8930,  1065,  7455,  3029,  8914,
+	  953,  6671,  9830,  7365,  2399,  4504,  6950, 11783,  8747, 12073,
+	10777,  1705, 11935,  9811,  7232,  1468, 10276, 10487, 11964, 10014,
+	 8653, 11415,  6171,  6330,  7443,  2945,  8326,  9126,  2437,  4770,
+	 8812,   239,  1673, 11711,  8243,  8545, 10659,   879,  6153,  6204,
+	 6561,  9060,  1975,  1536, 10752,  1530, 10710,  1236,  8652, 11408,
+	 6122,  5987,  5042, 10716,  1278,  8946,  1177,  8239,  8517, 10463,
+	11796,  8838,   421,  2947,  8340,  9224,  3123,  9572,  5559,  2046,
+	 2033,  1942,  1305,  9135,  2500,  5211, 11899,  9559,  5468,  1409,
+
+	 9863,  7596,  4016,  3534,   160,  1120,  7840,  5724,  3201, 10118,
+	 9381,  4222,  4976, 10254, 10333, 10886,  2468,  4987, 10331, 10872,
+	 2370,  4301,  5529,  1836,   563,  3941,  3009,  8774, 12262, 12100,
+	10966,  3028,  8907,   904,  6328,  7429,  2847,  7640,  4324,  5690,
+	 2963,  8452, 10008,  8611, 11121,  4113,  4213,  4913,  9813,  7246,
+	 1566, 10962,  3000,  8711, 11821,  9013,  1646, 11522,  6920, 11573,
+	 7277,  1783,   192,  1344,  9408,  4411,  6299,  7226,  1426,  9982,
+	 8429,  9847,  7484,  3232, 10335, 10900,  2566,  5673,  2844,  7619,
+	 4177,  4661,  8049,  7187,  1153,  8071,  7341,  2231,  3328, 11007,
+	 3315, 10916,  2678,  6457,  8332,  9168,  2731,  6828, 10929,  2769,
+
+	 7094,   502,  3514,    20,   140,   980,  6860, 11153,  4337,  5781,
+	 3600,   622,  4354,  5900,  4433,  6453,  8304,  8972,  1359,  9513,
+	 5146, 11444,  6374,  7751,  5101, 11129,  4169,  4605,  7657,  4443,
+	 6523,  8794,   113,   791,  5537,  1892,   955,  6685,  9928,  8051,
+	 7201,  1251,  8757, 12143, 11267,  5135, 11367,  5835,  3978,  3268,
+	10587,   375,  2625,  6086,  5735,  3278, 10657,   865,  6055,  5518,
+	 1759,    24,   168,  1176,  8232,  8468, 10120,  9395,  4320,  5662,
+	 2767,  7080,   404,  2828,  7507,  3393, 11462,  6500,  8633, 11275,
+	 5191, 11759,  8579, 10897,  2545,  5526,  1815,   416,  2912,  8095,
+	 7509,  3407, 11560,  7186,  1146,  8022,  6998, 12119, 11099,  3959,
+
+	 3135,  9656,  6147,  6162,  6267,  7002, 12147, 11295,  5331,   450,
+	 3150,  9761,  6882, 11307,  5415,  1038,  7266,  1706, 11942,  9860,
+	 7575,  3869,  2505,  5246, 12144, 11274,  5184, 11710,  8236,  8496,
+	10316, 10767,  1635, 11445,  6381,  7800,  5444,  1241,  8687, 11653,
+	 7837,  5703,  3054,  9089,  2178,  2957,  8410,  9714,  6553,  9004,
+	 1583, 11081,  3833,  2253,  3482, 12085, 10861,  2293,  3762,  1756,
+	    3,    21,   147,  1029,  7203,  1265,  8855,   540,  3780,  1882,
+	  885,  6195,  6498,  8619, 11177,  4505,  6957, 11832,  9090,  2185,
+	 3006,  8753, 12115, 11071,  3763,  1763,    52,   364,  2548,  5547,
+	 1962,  1445, 10115,  9360,  4075,  3947,  3051,  9068,  2031,  1928,
+
+	 1207,  8449,  9987,  8464, 10092,  9199,  2948,  8347,  9273,  3466,
+	11973, 10077,  9094,  2213,  3202, 10125,  9430,  4565,  7377,  2483,
+	 5092, 11066,  3728,  1518, 10626,   648,  4536,  7174,  1062,  7434,
+	 2882,  7885,  6039,  5406,   975,  6825, 10908,  2622,  6065,  5588,
+	 2249,  3454, 11889,  9489,  4978, 10268, 10431, 11572,  7270,  1734,
+	12138, 11232,  4890,  9652,  6119,  5966,  4895,  9687,  6364,  7681,
+	 4611,  7699,  4737,  8581, 10911,  2643,  6212,  6617,  9452,  4719,
+	 8455, 10029,  8758, 12150, 11316,  5478,  1479, 10353, 11026,  3448,
+	11847,  9195,  2920,  8151,  7901,  6151,  6190,  6463,  8374,  9462,
+	 4789,  8945,  1170,  8190,  8174,  8062,  7278,  1790,   241,  1687,
+
+	11809,  8929,  1058,  7406,  2686,  6513,  8724, 11912,  9650,  6105,
+	 5868,  4209,  4885,  9617,  5874,  4251,  5179, 11675,  7991,  6781,
+	10600,   466,  3262, 10545,    81,   567,  3969,  3205, 10146,  9577,
+	 5594,  2291,  3748,  1658, 11606,  7508,  3400, 11511,  6843, 11034,
+	 3504, 12239, 11939,  9839,  7428,  2840,  7591,  3981,  3289, 10734,
+	 1404,  9828,  7351,  2301,  3818,  2148,  2747,  6940, 11713,  8257,
+	 8643, 11345,  5681,  2900,  8011,  6921, 11580,  7326,  2126,  2593,
+	 5862,  4167,  4591,  7559,  3757,  1721, 12047, 10595,   431,  3017,
+	 8830,   365,  2555,  5596,  2305,  3846,  2344,  4119,  4255,  5207,
+	11871,  9363,  4096,  4094,  4080,  3982,  3296, 10783,  1747, 12229,
+
+	11869,  9349,  3998,  3408, 11567,  7235,  1489, 10423, 11516,  6878,
+	11279,  5219, 11955,  9951,  8212,  8328,  9140,  2535,  5456,  1325,
+	 9275,  3480, 12071, 10763,  1607, 11249,  5009, 10485, 11950,  9916,
+	 7967,  6613,  9424,  4523,  7083,   425,  2975,  8536, 10596,   438,
+	 3066,  9173,  2766,  7073,   355,  2485,  5106, 11164,  4414,  6320,
+	 7373,  2455,  4896,  9694,  6413,  8024,  7012, 12217, 11785,  8761,
+	12171, 11463,  6507,  8682, 11618,  7592,  3988,  3338, 11077,  3805,
+	 2057,  2110,  2481,  5078, 10968,  3042,  9005,  1590, 11130,  4176,
+	 4654,  8000,  6844, 11041,  3553,   293,  2051,  2068,  2187,  3020,
+	 8851,   512,  3584,   510,  3570,   412,  2884,  7899,  6137,  6092,
+
+	 5777,  3572,   426,  2982,  8585, 10939,  2839,  7584,  3932,  2946,
+	 8333,  9175,  2780,  7171,  1041,  7287,  1853,   682,  4774,  8840,
+	  435,  3045,  9026,  1737, 12159, 11379,  5919,  4566,  7384,  2532,
+	 5435,  1178,  8246,  8566, 10806,  1908,  1067,  7469,  3127,  9600,
+	 5755,  3418, 11637,  7725,  4919,  9855,  7540,  3624,   790,  5530,
+	 1843,   612,  4284,  5410,  1003,  7021, 12280, 12226, 11848,  9202,
+	 2969,  8494, 10302, 10669,   949,  6643,  9634,  5993,  5084, 11010,
+	 3336, 11063,  3707,  1371,  9597,  5734,  3271, 10608,   522,  3654,
+	 1000,  7000, 12133, 11197,  4645,  7937,  6403,  7954,  6522,  8787,
+	   64,   448,  3136,  9663,  6196,  6505,  8668, 11520,  6906, 11475,
+
+	 6591,  9270,  3445, 11826,  9048,  1891,   948,  6636,  9585,  5650,
+	 2683,  6492,  8577, 10883,  2447,  4840,  9302,  3669,  1105,  7735,
+	 4989, 10345, 10970,  3056
+};
+
+/**
+ * FFT phase shift and scaling inverse transform for q = 12289 and n = 1024
+ */
+static const uint16_t wi_12289_1024[] = {
+	12277,  5265,  9530,  3117,  5712,   816, 10650,  3277,  9246,  4832,
+	 5957,   851, 10655, 10300,  3227,   461,  3577,   511,    73,  1766,
+	 5519,  2544,  2119,  7325,  2802,  5667, 11343,  3376,  5749,  6088,
+	 7892,  2883,  3923,  2316,  3842,  4060,   580,  3594,  2269,  9102,
+	 6567,  9716,  1388,  5465,  7803,  8137,  2918,  3928,  9339, 10112,
+	11978, 10489,  3254,  3976,   568,  8859, 11799, 12219, 12279, 10532,
+	12038,  8742,  4760,   680,  8875,  4779,  7705,  8123,  2916, 10950,
+	 6831,  4487,   641, 10625,  5029,  2474,  2109,  5568,  2551,  2120,
+	 3814,  4056,  2335, 10867,  3308, 11006,  6839,   977, 10673,  8547,
+	 1221,  1930,  7298, 11576,  8676,  2995,  3939,  7585, 11617, 12193,
+
+	 5253,  2506,   358,  8829,  6528, 11466,  1638,   234,  1789, 10789,
+	 6808, 11506,  8666,  1238,  3688,  4038,  4088,   584,  1839,  7285,
+	 8063,  4663,  9444, 10127,  8469,  4721,  2430,  9125, 11837,  1691,
+	10775,  6806,  6239,  6158,  7902,  4640,  4174,  5863, 11371,  3380,
+	 3994, 11104,  6853,   979,  3651, 11055,  6846,   978,  7162,  9801,
+	10178,  1454,  7230,  4544,  9427,  8369, 11729, 12209, 10522, 10281,
+	 8491,  1213,  5440,  9555,  1365,   195,  3539, 11039,  1577,  5492,
+	11318,  5128, 11266,  3365,  7503,  4583,  7677,  8119,  4671,  5934,
+	 7870,  6391,   913,  1886,  2025,  5556,  7816, 11650,  6931,  9768,
+	 3151,  9228,  6585,  7963, 11671,  6934, 11524,  6913, 11521,  5157,
+
+	 7759,  2864,  9187,  3068,  5705,   815,  1872,  2023,   289,  5308,
+	 6025,  7883,  9904,  4926,  7726,  8126,  4672,  2423,  9124,  3059,
+	  437,  1818,  7282,  6307,   901,  7151, 11555,  8673,  1239,   177,
+	 5292,   756,   108,  1771,   253,  8814, 10037,  4945,  2462,  7374,
+	 2809,  5668,  7832,  4630,  2417,  5612,  7824,  8140,  4674,  7690,
+	11632,  8684, 11774,  1682,  5507,  7809, 11649, 10442,  8514,  6483,
+	 9704,  6653,  2706, 10920,  1560,  3734,  2289,   327,  7069,  4521,
+	 4157,  4105,  2342, 10868, 12086, 12260,  3507,   501, 10605,  1515,
+	 1972,  7304,  2799,  3911,  7581,  1083,  7177,  6292,  4410,   630,
+	   90,  3524,  2259,  7345,  6316,  6169,  6148,  6145,  4389,   627,
+
+	10623, 12051, 12255,  8773,  6520,  2687,  3895,  2312,  5597, 11333,
+	 1619,  5498,  2541,   363,  3563,   509,  7095, 11547, 12183,  3496,
+	 2255,  9100,  1300,  7208,  8052,  6417,  7939,  9912,  1416,  5469,
+	 6048,   864,  1879,  2024,  9067,  6562,  2693,  7407,  9836, 10183,
+	 8477,  1211,   173,  7047,  8029,  1147,  3675,   525,    75,  7033,
+	 8027,  8169,  1167,  7189,  1027,  7169,  9802,  6667,  2708,  3898,
+	 4068,  9359,  1337,   191,  5294,  6023,  2616,  7396, 11590,  8678,
+	 8262,  6447,   921, 10665, 12057,  3478,  4008, 11106, 12120,  3487,
+	 9276, 10103,  6710, 11492,  8664,  8260,  1180, 10702,  5040,   720,
+	 3614,  5783,  9604,  1372,   196,    28,     4, 10534,  5016, 11250,
+
+	10385, 12017,  8739,  3004,  9207,  6582,  6207,  7909,  4641,   663,
+	 7117,  8039,  2904,  3926,  4072,  7604,  6353, 11441,  3390,  5751,
+	11355, 10400,  8508,  2971,  2180,  2067,  5562, 11328,  6885, 11517,
+	 6912,  2743,  3903, 11091,  3340,  9255, 10100,  4954,  7730,  6371,
+	 9688,  1384,  7220,  2787,  9176,  4822,  4200,   600,  7108,  2771,
+	 3907,  9336,  8356,  8216,  8196,  4682,  4180,  9375,  6606,  7966,
+	 1138, 10696,  1528,  5485, 11317,  8639, 10012,  6697,  7979,  4651,
+	 2420,  7368, 11586, 10433,  3246,  7486,  2825, 10937,  3318,   474,
+	 7090,  4524,  5913,  7867,  4635,  9440, 11882,  3453,  5760,  4334,
+	 9397,  3098, 10976,  1568,   224,    32, 10538,  3261,  3977,  9346,
+
+	10113,  8467, 11743, 12211,  3500,   500,  1827,   261,  5304,  7780,
+	 2867, 10943,  6830,  7998, 11676,  1668,  5505,  2542,  9141,  4817,
+	 9466,  6619, 11479,  5151,  4247,  7629,  4601,  5924,  6113,  6140,
+	 9655,  6646,  2705,  2142,   306,  7066,  2765,   395,  1812,  3770,
+	11072,  8604, 10007, 11963,  1709,  9022,  4800,  7708,  9879,  6678,
+	  954,  5403,  4283,  4123,   589,  8862,  1266,  3692,  2283,  9104,
+	11834, 12224,  7013,  4513,  7667,  6362,  4420,  2387,   341,  7071,
+	 9788,  6665,  9730,  1390, 10732, 10311,  1473,  1966,  3792,  7564,
+	11614, 10437,  1491,   213,  1786,  9033,  3046,  9213, 10094,  1442,
+	  206,  1785,   255,  1792,   256, 10570,  1510,  7238,  1034,  7170,
+
+	 6291,  7921, 11665,  3422,  4000,  2327,  2088,  5565,   795, 10647,
+	 1521,  5484,  2539,  7385,  1055,  7173,  8047, 11683,  1669,  1994,
+	 3796,  5809,  4341,  9398, 11876, 12230, 10525, 12037, 12253,  3506,
+	 4012,  9351,  4847,  2448,  7372,  9831,  3160,  2207,  5582,  2553,
+	 7387,  6322,  9681,  1383, 10731,  1533,   219,  5298,  4268,  7632,
+	 6357,  9686,  8406,  4712,  9451, 10128,  4958,  5975, 11387,  8649,
+	11769,  6948, 11526, 12180,  1740, 10782,  6807,  2728,  7412,  4570,
+	 4164,  4106, 11120, 12122,  8754, 11784,  3439,  5758, 11356,  6889,
+	 9762, 11928,  1704,  1999, 10819, 12079, 12259,  7018, 11536,  1648,
+	 1991,  2040,  2047,  2048, 10826, 12080,  8748,  8272,  8204,  1172,
+
+	 1923,  7297,  2798,  7422,  6327,  4415,  7653,  6360, 11442, 12168,
+	 7005,  8023,  9924,  8440,  8228,  2931,  7441,  1063,  3663,  5790,
+	 9605, 10150,  1450,  8985, 11817, 10466, 10273, 12001,  3470,  7518,
+	 1074,  1909,  7295,  9820,  4914,   702,  5367,  7789,  8135,  9940,
+	 1420,  3714, 11064, 12114, 12264,  1752,  5517,  9566, 11900,  1700,
+	 3754,  5803,   829,  1874,  7290,  2797, 10933,  5073,  7747,  8129,
+	 6428,  6185, 11417,  1631,   233,  5300,  9535, 10140, 11982,  8734,
+	 8270,  2937, 10953,  8587,  8249,  2934,  9197,  4825,  5956,  4362,
+	 9401,  1343,  3703,   529, 10609, 12049,  6988,  6265,   895,  3639,
+	 4031,  4087,  4095,   585, 10617,  8539,  4731,  4187,  9376,  3095,
+
+	 9220, 10095, 10220,  1460, 10742, 12068,  1724,  5513, 11321,  6884,
+	 2739,  5658,  6075,  4379, 11159, 10372,  8504,  4726,  9453,  3106,
+	 7466, 11600, 10435,  8513,  9994,  8450,  9985,  3182, 10988,  8592,
+	 2983,  9204,  4826,  2445,  5616,  6069,   867,  3635,  5786, 11360,
+	 5134,  2489, 10889, 12089,  1727,  7269,  2794,  9177,  1311,  5454,
+	 9557,  6632,  2703,  9164, 10087,  1441,  3717,   531,  3587,  2268,
+	  324,  5313,   759,  1864,  5533,  2546,  7386,  9833,  8427,  4715,
+	11207,  1601,  7251,  4547, 11183, 12131,  1733, 10781, 10318,  1474,
+	10744,  5046,  4232, 11138, 10369,  6748,   964,  7160,  4534,  7670,
+	 8118,  8182,  4680, 11202,  6867,   981,  8918,  1274,   182,    26,
+
+	 7026,  8026, 11680, 12202, 10521,  1503,  7237,  4545,  5916,  9623,
+	 8397, 11733, 10454,  3249,  9242,  6587,   941,  1890,   270, 10572,
+	 6777,  9746,  6659,  6218,  6155,  6146,   878,  1881,  7291, 11575,
+	12187,  1741,  7271,  8061, 11685,  6936,  4502,  9421,  4857,  4205,
+	 7623,  1089, 10689,  1527,  8996, 10063, 11971, 10488,  6765,  2722,
+	 3900,  9335, 11867,  6962, 11528,  5158,  4248,  4118,  5855,  2592,
+	 5637,  6072,  2623,  7397,  8079,  9932,  4930,  5971,   853,  3633,
+	  519,  8852, 11798,  3441, 11025,  1575,   225,  8810, 11792, 12218,
+	 3501,  9278,  3081,  9218,  4828,  7712,  8124, 11694, 12204,  3499,
+	 4011,   573,  3593,  5780,  7848,  9899, 10192,  1456,   208,  7052,
+
+	 2763,  7417, 11593, 10434, 12024,  8740, 11782, 10461,  3250,  5731,
+	 7841,  9898,  1414,   202,  3540,  7528,  2831,  2160, 10842,  5060,
+	 4234,  4116,   588,    84
+};
+
+/**
+ * Bit-reversed indices for n = 1024
+ */
+static const uint16_t rev_1024[] = {
+	   0,  512,  256,  768,  128,  640,  384,  896,   64,  576,
+	 320,  832,  192,  704,  448,  960,   32,  544,  288,  800,
+	 160,  672,  416,  928,   96,  608,  352,  864,  224,  736,
+	 480,  992,   16,  528,  272,  784,  144,  656,  400,  912,
+	  80,  592,  336,  848,  208,  720,  464,  976,   48,  560,
+	 304,  816,  176,  688,  432,  944,  112,  624,  368,  880,
+	 240,  752,  496, 1008,    8,  520,  264,  776,  136,  648,
+	 392,  904,   72,  584,  328,  840,  200,  712,  456,  968,
+	  40,  552,  296,  808,  168,  680,  424,  936,  104,  616,
+	 360,  872,  232,  744,  488, 1000,   24,  536,  280,  792,
+
+	 152,  664,  408,  920,   88,  600,  344,  856,  216,  728,
+	 472,  984,   56,  568,  312,  824,  184,  696,  440,  952,
+	 120,  632,  376,  888,  248,  760,  504, 1016,    4,  516,
+	 260,  772,  132,  644,  388,  900,   68,  580,  324,  836,
+	 196,  708,  452,  964,   36,  548,  292,  804,  164,  676,
+	 420,  932,  100,  612,  356,  868,  228,  740,  484,  996,
+	  20,  532,  276,  788,  148,  660,  404,  916,   84,  596,
+	 340,  852,  212,  724,  468,  980,   52,  564,  308,  820,
+	 180,  692,  436,  948,  116,  628,  372,  884,  244,  756,
+	 500, 1012,   12,  524,  268,  780,  140,  652,  396,  908,
+
+	  76,  588,  332,  844,  204,  716,  460,  972,   44,  556,
+	 300,  812,  172,  684,  428,  940,  108,  620,  364,  876,
+	 236,  748,  492, 1004,   28,  540,  284,  796,  156,  668,
+	 412,  924,   92,  604,  348,  860,  220,  732,  476,  988,
+	  60,  572,  316,  828,  188,  700,  444,  956,  124,  636,
+	 380,  892,  252,  764,  508, 1020,    2,  514,  258,  770,
+	 130,  642,  386,  898,   66,  578,  322,  834,  194,  706,
+	 450,  962,   34,  546,  290,  802,  162,  674,  418,  930,
+	  98,  610,  354,  866,  226,  738,  482,  994,   18,  530,
+	 274,  786,  146,  658,  402,  914,   82,  594,  338,  850,
+
+	 210,  722,  466,  978,   50,  562,  306,  818,  178,  690,
+	 434,  946,  114,  626,  370,  882,  242,  754,  498, 1010,
+	  10,  522,  266,  778,  138,  650,  394,  906,   74,  586,
+	 330,  842,  202,  714,  458,  970,   42,  554,  298,  810,
+	 170,  682,  426,  938,  106,  618,  362,  874,  234,  746,
+	 490, 1002,   26,  538,  282,  794,  154,  666,  410,  922,
+	  90,  602,  346,  858,  218,  730,  474,  986,   58,  570,
+	 314,  826,  186,  698,  442,  954,  122,  634,  378,  890,
+	 250,  762,  506, 1018,    6,  518,  262,  774,  134,  646,
+	 390,  902,   70,  582,  326,  838,  198,  710,  454,  966,
+
+	  38,  550,  294,  806,  166,  678,  422,  934,  102,  614,
+	 358,  870,  230,  742,  486,  998,   22,  534,  278,  790,
+	 150,  662,  406,  918,   86,  598,  342,  854,  214,  726,
+	 470,  982,   54,  566,  310,  822,  182,  694,  438,  950,
+	 118,  630,  374,  886,  246,  758,  502, 1014,   14,  526,
+	 270,  782,  142,  654,  398,  910,   78,  590,  334,  846,
+	 206,  718,  462,  974,   46,  558,  302,  814,  174,  686,
+	 430,  942,  110,  622,  366,  878,  238,  750,  494, 1006,
+	  30,  542,  286,  798,  158,  670,  414,  926,   94,  606,
+	 350,  862,  222,  734,  478,  990,   62,  574,  318,  830,
+
+	 190,  702,  446,  958,  126,  638,  382,  894,  254,  766,
+	 510, 1022,    1,  513,  257,  769,  129,  641,  385,  897,
+	  65,  577,  321,  833,  193,  705,  449,  961,   33,  545,
+	 289,  801,  161,  673,  417,  929,   97,  609,  353,  865,
+	 225,  737,  481,  993,   17,  529,  273,  785,  145,  657,
+	 401,  913,   81,  593,  337,  849,  209,  721,  465,  977,
+	  49,  561,  305,  817,  177,  689,  433,  945,  113,  625,
+	 369,  881,  241,  753,  497, 1009,    9,  521,  265,  777,
+	 137,  649,  393,  905,   73,  585,  329,  841,  201,  713,
+	 457,  969,   41,  553,  297,  809,  169,  681,  425,  937,
+
+	 105,  617,  361,  873,  233,  745,  489, 1001,   25,  537,
+	 281,  793,  153,  665,  409,  921,   89,  601,  345,  857,
+	 217,  729,  473,  985,   57,  569,  313,  825,  185,  697,
+	 441,  953,  121,  633,  377,  889,  249,  761,  505, 1017,
+	   5,  517,  261,  773,  133,  645,  389,  901,   69,  581,
+	 325,  837,  197,  709,  453,  965,   37,  549,  293,  805,
+	 165,  677,  421,  933,  101,  613,  357,  869,  229,  741,
+	 485,  997,   21,  533,  277,  789,  149,  661,  405,  917,
+	  85,  597,  341,  853,  213,  725,  469,  981,   53,  565,
+	 309,  821,  181,  693,  437,  949,  117,  629,  373,  885,
+
+	 245,  757,  501, 1013,   13,  525,  269,  781,  141,  653,
+	 397,  909,   77,  589,  333,  845,  205,  717,  461,  973,
+	  45,  557,  301,  813,  173,  685,  429,  941,  109,  621,
+	 365,  877,  237,  749,  493, 1005,   29,  541,  285,  797,
+	 157,  669,  413,  925,   93,  605,  349,  861,  221,  733,
+	 477,  989,   61,  573,  317,  829,  189,  701,  445,  957,
+	 125,  637,  381,  893,  253,  765,  509, 1021,    3,  515,
+	 259,  771,  131,  643,  387,  899,   67,  579,  323,  835,
+	 195,  707,  451,  963,   35,  547,  291,  803,  163,  675,
+	 419,  931,   99,  611,  355,  867,  227,  739,  483,  995,
+
+	  19,  531,  275,  787,  147,  659,  403,  915,   83,  595,
+	 339,  851,  211,  723,  467,  979,   51,  563,  307,  819,
+	 179,  691,  435,  947,  115,  627,  371,  883,  243,  755,
+	 499, 1011,   11,  523,  267,  779,  139,  651,  395,  907,
+	  75,  587,  331,  843,  203,  715,  459,  971,   43,  555,
+	 299,  811,  171,  683,  427,  939,  107,  619,  363,  875,
+	 235,  747,  491, 1003,   27,  539,  283,  795,  155,  667,
+	 411,  923,   91,  603,  347,  859,  219,  731,  475,  987,
+	  59,  571,  315,  827,  187,  699,  443,  955,  123,  635,
+	 379,  891,  251,  763,  507, 1019,    7,  519,  263,  775,
+
+	 135,  647,  391,  903,   71,  583,  327,  839,  199,  711,
+	 455,  967,   39,  551,  295,  807,  167,  679,  423,  935,
+	 103,  615,  359,  871,  231,  743,  487,  999,   23,  535,
+	 279,  791,  151,  663,  407,  919,   87,  599,  343,  855,
+	 215,  727,  471,  983,   55,  567,  311,  823,  183,  695,
+	 439,  951,  119,  631,  375,  887,  247,  759,  503, 1015,
+	  15,  527,  271,  783,  143,  655,  399,  911,   79,  591,
+	 335,  847,  207,  719,  463,  975,   47,  559,  303,  815,
+	 175,  687,  431,  943,  111,  623,  367,  879,  239,  751,
+	 495, 1007,   31,  543,  287,  799,  159,  671,  415,  927,
+
+	  95,  607,  351,  863,  223,  735,  479,  991,   63,  575,
+	 319,  831,  191,  703,  447,  959,  127,  639,  383,  895,
+	 255,  767,  511, 1023
+};
+
+const ntt_fft_params_t ntt_fft_12289_1024 = {
+	12289, 12287, 18, 3186, (1<<18)-1, 1024, 12277, 10,
+	wr_12289_1024, wf_12289_1024, wi_12289_1024, 1, rev_1024
+};
+
+/**
+ * FFT phase shift and scaling inverse transform for q = 12289 and n = 512
+ */
+static const uint16_t wi_12289_512[] = {
+	12265,  6771, 11424,  9011,  6203, 11914,  9021,  6454,  7154,   146,
+	11038,  4238,  5604, 10397, 11498,  3495,  7846,  7684,  1160,  4538,
+	  845,  2776,  3317,  5836,  6389, 11667,  6508,  1136, 11309, 12269,
+	11787,  9520,  5461,  3121,  5832,  1373,  1282, 10058,  4218,  5102,
+	 7628,  4670,  6616,  1389,  9057,  2442,  2307,  5063,  7878, 10945,
+	10506,   716,   767,  3276,  3578,  1327,  5043,  7376,  8176,  3678,
+	 3837,  6599,  4649,  4860, 11385,  9261,   189,  3515,  8348, 10453,
+	 7988,  1417,  7302,  1403,  2035,  8067,  2171,  6565, 11169,  8755,
+	 4693, 10880,  2730,  7078,  3154, 10347, 10243,  2717,  3065,  9342,
+	 3451,  1826,  4050,  3343,  1573,  6302,   881, 11053, 10759, 10753,
+
+	 3229,  6085, 11410,  3744,   578, 12050,  7519,  3163,  9344,  5959,
+	  874,  2275,  1802, 10821,  2478, 10584,   216,   506,  7785,  4924,
+	 5618,  3375,  4834,  3359,  9348, 10975, 11259, 11014, 11009,  4739,
+	 7119,  5412,  3120,  4578,  1849,  8314,  4684, 11883,  7014,  8921,
+	 3944,  5598,  2873,  2065,  8820,   180,  4518,   343,     7,  8778,
+	 8957, 12221,   751,  7790, 11194,  3238,  5082,  7126,  1901, 12077,
+	 4510,  2600,  3815,  3589,  2832, 12096,  3758,  5845,  5386,  7383,
+	 4665,   346,  3769,  7350,   150,  3765,  2334,  2054,  7315,  5416,
+	 8136,  2674, 10588,  5232, 10891,  4235,  1842, 11825,  8016, 11951,
+	 6263,  1131,  5039,  2360, 10080,  7228,  6919,   392,     8, 10032,
+
+	 8481,  5189,  6125,   125,  9282,  1945,  5808,  8144,   417,  6780,
+	10421,  4727,  4360, 11124,  1481,  1535,  7806,  6680,  7911,  3171,
+	 7087,  2151,  6063,  8400,  1927,  7814,  4423,  4103,  8360,   923,
+	 2276,  3056, 10345,  7735,  3669,  4840, 10883,  6492,  5650,  6636,
+	 1891, 11826,  9270, 11475, 11520,  6505,  9663,   448,  8787,  7954,
+	 7937, 11197,  7000,  3654, 10608,  5734,  1371, 11063, 11010,  5993,
+	 6643, 10669,  8494,  9202, 12226,  7021,  5410,   612,  5530,  3624,
+	 9855,  7725,  3418,  9600,  7469,  1908,  8566,  1178,  2532,  4566,
+	11379,  1737,  3045,  8840,   682,  7287,  7171,  9175,  2946,  7584,
+	10939,  2982,  3572,  6092,  7899,   412,   510,   512,  3020,  2068,
+
+	  293, 11041,  8000,  4176,  1590,  3042,  5078,  2110,  3805,  3338,
+	 7592,  8682, 11463,  8761, 12217,  8024,  9694,  2455,  6320, 11164,
+	 2485,  7073,  9173,   438,  8536,   425,  4523,  6613,  9916, 10485,
+	11249, 10763,  3480,  1325,  2535,  8328,  9951,  5219,  6878, 10423,
+	 7235,  3408,  9349, 12229, 10783,  3982,  4094,  9363,  5207,  4119,
+	 3846,  5596,   365,  3017, 10595,  1721,  7559,  4167,  2593,  7326,
+	 6921,  2900, 11345,  8257,  6940,  2148,  2301,  9828, 10734,  3981,
+	 2840,  9839, 12239, 11034, 11511,  7508,  1658,  2291,  9577,  3205,
+	  567, 10545,   466,  6781, 11675,  4251,  9617,  4209,  6105, 11912,
+	 6513,  7406,  8929,  1687,  1790,  8062,  8190,  8945,  9462,  6463,
+
+	 6151,  8151,  9195,  3448, 10353,  5478, 12150, 10029,  4719,  6617,
+	 2643,  8581,  7699,  7681,  9687,  5966,  9652, 11232,  1734, 11572,
+	10268,  9489,  3454,  5588,  2622,  6825,  5406,  7885,  7434,  7174,
+	  648,  1518, 11066,  2483,  4565, 10125,  2213, 10077,  3466,  8347,
+	 9199,  8464,  8449,  1928,  9068,  3947,  9360,  1445,  5547,   364,
+	 1763, 11071,  8753,  2185, 11832,  4505,  8619,  6195,  1882,   540,
+	 1265,  1029,    21,  1756,  2293, 12085,  2253, 11081,  9004,  9714,
+	 2957,  9089,  5703, 11653,  1241,  7800, 11445, 10767,  8496, 11710,
+	11274,  5246,  3869,  9860,  1706,  1038, 11307,  9761,   450, 11295,
+	 7002,  6162,  9656,  3959, 12119,  8022,  7186,  3407,  8095,   416,
+
+	 5526, 10897, 11759, 11275,  6500,  3393,  2828,  7080,  5662,  9395,
+	 8468,  1176
+};
+
+/**
+ * Bit-reversed indices for n = 512
+ */
+static const uint16_t rev_512[] = {
+	  0, 256, 128, 384,  64, 320, 192, 448,  32, 288, 
+	160, 416,  96, 352, 224, 480,  16, 272, 144, 400,
+	 80, 336, 208, 464,  48, 304, 176, 432, 112, 368,
+	240, 496,   8, 264, 136, 392,  72, 328, 200, 456,
+	 40, 296, 168, 424, 104, 360, 232, 488,  24, 280,
+	152, 408,  88, 344, 216, 472,  56, 312, 184, 440,
+	120, 376, 248, 504,   4, 260, 132, 388,  68, 324,
+	196, 452,  36, 292, 164, 420, 100, 356, 228, 484,
+	 20, 276, 148, 404,  84, 340, 212, 468,  52, 308,
+	180, 436, 116, 372, 244, 500,  12, 268, 140, 396,
+
+	 76, 332, 204, 460,  44, 300, 172, 428, 108, 364,
+	236, 492,  28, 284, 156, 412,  92, 348, 220, 476,
+	 60, 316, 188, 444, 124, 380, 252, 508,   2, 258,
+	130, 386,  66, 322, 194, 450,  34, 290, 162, 418,
+	 98, 354, 226, 482,  18, 274, 146, 402,  82, 338,
+	210, 466,  50, 306, 178, 434, 114, 370, 242, 498,
+	 10, 266, 138, 394,  74, 330, 202, 458,  42, 298,
+	170, 426, 106, 362, 234, 490,  26, 282, 154, 410,
+	 90, 346, 218, 474,  58, 314, 186, 442, 122, 378,
+	250, 506,   6, 262, 134, 390,  70, 326, 198, 454,
+
+	 38, 294, 166, 422, 102, 358, 230, 486,  22, 278,
+	150, 406,  86, 342, 214, 470,  54, 310, 182, 438,
+	118, 374, 246, 502,  14, 270, 142, 398,  78, 334,
+	206, 462,  46, 302, 174, 430, 110, 366, 238, 494,
+	 30, 286, 158, 414,  94, 350, 222, 478,  62, 318,
+	190, 446, 126, 382, 254, 510,   1, 257, 129, 385,
+	 65, 321, 193, 449,  33, 289, 161, 417,  97, 353,
+	225, 481,  17, 273, 145, 401,  81, 337, 209, 465,
+	 49, 305, 177, 433, 113, 369, 241, 497,   9, 265,
+	137, 393,  73, 329, 201, 457,  41, 297, 169, 425,
+
+	105, 361, 233, 489,  25, 281, 153, 409,  89, 345,
+	217, 473,  57, 313, 185, 441, 121, 377, 249, 505,
+	  5, 261, 133, 389,  69, 325, 197, 453,  37, 293,
+	165, 421, 101, 357, 229, 485,  21, 277, 149, 405,
+	 85, 341, 213, 469,  53, 309, 181, 437, 117, 373,
+	245, 501,  13, 269, 141, 397,  77, 333, 205, 461,
+	 45, 301, 173, 429, 109, 365, 237, 493,  29, 285,
+	157, 413,  93, 349, 221, 477,  61, 317, 189, 445,
+	125, 381, 253, 509,   3, 259, 131, 387,  67, 323,
+	195, 451,  35, 291, 163, 419,  99, 355, 227, 483,
+
+	 19, 275, 147, 403,  83, 339, 211, 467,  51, 307,
+	179, 435, 115, 371, 243, 499,  11, 267, 139, 395,
+	 75, 331, 203, 459,  43, 299, 171, 427, 107, 363,
+	235, 491,  27, 283, 155, 411,  91, 347, 219, 475,
+	 59, 315, 187, 443, 123, 379, 251, 507,   7, 263,
+	135, 391,  71, 327, 199, 455,  39, 295, 167, 423,
+	103, 359, 231, 487,  23, 279, 151, 407,  87, 343,
+	215, 471,  55, 311, 183, 439, 119, 375, 247, 503,
+	 15, 271, 143, 399,  79, 335, 207, 463,  47, 303,
+	175, 431, 111, 367, 239, 495,  31, 287, 159, 415,
+
+	 95, 351, 223, 479,  63, 319, 191, 447, 127, 383,
+	255, 511
+};
+
+const ntt_fft_params_t ntt_fft_12289_512 = {
+	12289, 12287, 18, 3186, (1<<18)-1, 512, 12265, 9,
+	wr_12289_1024, wf_12289_1024, wi_12289_512, 2, rev_512
+};
+
+/**
+ * FFT twiddle factors in Montgomery form for q = 17 and n = 8
+ */
+static const uint16_t wr_17_8[] = { 15, 16, 8, 4, 2, 1, 9, 13, 15 };
+
+/**
+ * FFT phase shift in forward transform for q = 17 and n = 8
+ */
+static const uint16_t wf_17_8[] = { 4, 12, 2, 6, 1, 3, 9, 10 };
+
+/**
+ * FFT phase shift and scaling inverse transform for q = 17 and n = 8
+ */
+static const uint16_t wi_17_8[] = { 15, 5, 13, 10, 9, 3, 1, 6 };
+
+/**
+ * Bit-reversed indices for n = 8
+ */
+static const uint16_t rev_8[] = { 0, 4, 2, 6, 1, 5, 3, 7 };
+
+const ntt_fft_params_t ntt_fft_17_8 = {
+	17, 15, 5, 4, (1<<5)-1, 8, 15, 3, wr_17_8, wf_17_8, wi_17_8, 1, rev_8
+};
diff --git a/src/libstrongswan/math/libnttfft/ntt_fft_params.h b/src/libstrongswan/math/libnttfft/ntt_fft_params.h
new file mode 100644
index 0000000..27fabe7
--- /dev/null
+++ b/src/libstrongswan/math/libnttfft/ntt_fft_params.h
@@ -0,0 +1,115 @@
+/*
+ * Copyright (C) 2014-2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ntt_fft_params ntt_fft_params
+ * @{ @ingroup ntt_p
+ */
+
+#ifndef NTT_FFT_PARAMS_H_
+#define NTT_FFT_PARAMS_H_
+
+#include <library.h>
+
+typedef struct ntt_fft_params_t ntt_fft_params_t;
+
+/**
+ * Defines the parameters for an NTT computed via the FFT algorithm
+ */
+struct ntt_fft_params_t {
+
+	/**
+	 * Prime modulus
+	 */
+	uint16_t q;
+
+	/**
+	 * Inverse of Prime modulus (-q_inv * q mod r = 1)
+	 */
+	uint16_t q_inv;
+
+	/**
+	 * Logarithm of Montgomery radix: log2(r)
+	 */
+	uint16_t rlog;
+
+	/**
+	 * Square of Montgomery radix: r^2 mod q
+	 */
+	const uint32_t r2;
+
+	/**
+	 * Montgomery radix mask: (1<<rlog) - 1
+	 */
+	const uint32_t rmask;
+
+	/**
+	 * Size of the FFT with the condition k * n = q-1
+	 */
+	const uint16_t n;
+
+	/**
+	 * Inverse of n mod q used for normalization of the FFT
+	 */
+	const uint16_t n_inv;
+
+	/**
+	 * Number of FFT stages  stages = log2(n)
+	 */
+	const uint16_t stages;
+
+	/**
+	 * FFT twiddle factors (n-th roots of unity) in Montgomery form
+	 */
+	const uint16_t *wr;
+
+	/**
+	 * FFT phase shift (2n-th roots of unity) in forward transform
+	 */
+	const uint16_t *wf;
+
+	/**
+	 * FFT phase shift (2n-th roots of unity) and scaling in inverse transform
+	 */
+	const uint16_t *wi;
+
+	/**
+	 * Subsampling of FFT twiddle factors table
+	 */
+	const uint16_t s;
+
+	/**
+	 * FFT bit reversal
+	 */
+	const uint16_t *rev;
+
+};
+
+/**
+ * FFT parameters for q = 12289 and n = 1024
+ */
+extern const ntt_fft_params_t ntt_fft_12289_1024;
+
+/**
+ * FFT parameters for q = 12289 and n = 512
+ */
+extern const ntt_fft_params_t ntt_fft_12289_512;
+
+/**
+ * FFT parameters for q = 17 and n = 8
+ */
+extern const ntt_fft_params_t ntt_fft_17_8;
+
+#endif /** NTT_FFT_PARAMS_H_ @}*/
diff --git a/src/libstrongswan/plugins/bliss/tests/bliss_tests.h b/src/libstrongswan/math/libnttfft/ntt_fft_reduce.h
similarity index 51%
copy from src/libstrongswan/plugins/bliss/tests/bliss_tests.h
copy to src/libstrongswan/math/libnttfft/ntt_fft_reduce.h
index f0959cc..5ff2b95 100644
--- a/src/libstrongswan/plugins/bliss/tests/bliss_tests.h
+++ b/src/libstrongswan/math/libnttfft/ntt_fft_reduce.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2015 Andreas Steffen
+ * Copyright (C) 2016 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -13,11 +13,30 @@
  * for more details.
  */
 
-TEST_SUITE(bliss_fft_suite_create)
-TEST_SUITE(bliss_bitpacker_suite_create)
-TEST_SUITE(bliss_huffman_suite_create)
-TEST_SUITE(bliss_keys_suite_create)
-TEST_SUITE(bliss_sampler_suite_create)
-TEST_SUITE(bliss_signature_suite_create)
-TEST_SUITE(bliss_sign_suite_create)
+/**
+ * @defgroup ntt_fft ntt_fft
+ * @{ @ingroup ntt_p
+ */
+
+#ifndef NTT_REDUCE_H_
+#define NTT_REDUCE_H_
+
+#include "ntt_fft_params.h"
+
+/**
+ * Montgomery Reduction
+ *
+ * Montgomery, P. L. Modular multiplication without trial division.
+ * Mathematics of Computation 44, 170 (1985), 519–521.
+ */
+static inline uint32_t ntt_fft_mreduce(uint32_t x, const ntt_fft_params_t *p)
+{
+	uint32_t m, t;
+	
+	m = (x * p->q_inv) & p->rmask;
+	t = (x + m * p->q) >> p->rlog;
+
+	return (t < p->q) ? t : t - p->q;
+}
 
+#endif /** NTT_REDUCE_H_ @}*/
diff --git a/src/libstrongswan/math/libnttfft/tests/Makefile.am b/src/libstrongswan/math/libnttfft/tests/Makefile.am
new file mode 100644
index 0000000..55e6fff
--- /dev/null
+++ b/src/libstrongswan/math/libnttfft/tests/Makefile.am
@@ -0,0 +1,21 @@
+TESTS = ntt_fft_tests
+
+check_PROGRAMS = $(TESTS)
+
+ntt_fft_tests_SOURCES = \
+	suites/test_ntt_fft.c \
+	ntt_fft_tests.h ntt_fft_tests.c
+
+ntt_fft_tests_CFLAGS = \
+	-I$(top_srcdir)/src/libstrongswan \
+	-I$(top_srcdir)/src/libstrongswan/tests \
+	-I$(top_srcdir)/src/libstrongswan/math/libnttfft \
+	-DPLUGINDIR=\""$(abs_top_builddir)/src/libstrongswan/plugins\"" \
+	-DPLUGINS=\""${s_plugins}\"" \
+	@COVERAGE_CFLAGS@
+
+ntt_fft_tests_LDFLAGS = @COVERAGE_LDFLAGS@
+ntt_fft_tests_LDADD = \
+	$(top_builddir)/src/libstrongswan/libstrongswan.la \
+	$(top_builddir)/src/libstrongswan/tests/libtest.la \
+	../libnttfft.la
diff --git a/src/starter/tests/Makefile.in b/src/libstrongswan/math/libnttfft/tests/Makefile.in
similarity index 83%
copy from src/starter/tests/Makefile.in
copy to src/libstrongswan/math/libnttfft/tests/Makefile.in
index 25e3e74..54e02ed 100644
--- a/src/starter/tests/Makefile.in
+++ b/src/libstrongswan/math/libnttfft/tests/Makefile.in
@@ -87,9 +87,9 @@ PRE_UNINSTALL = :
 POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
-TESTS = starter_tests$(EXEEXT)
+TESTS = ntt_fft_tests$(EXEEXT)
 check_PROGRAMS = $(am__EXEEXT_1)
-subdir = src/starter/tests
+subdir = src/libstrongswan/math/libnttfft/tests
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
 	$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -108,22 +108,23 @@ mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
 CONFIG_CLEAN_VPATH_FILES =
-am__EXEEXT_1 = starter_tests$(EXEEXT)
+am__EXEEXT_1 = ntt_fft_tests$(EXEEXT)
 am__dirstamp = $(am__leading_dot)dirstamp
-am_starter_tests_OBJECTS = suites/starter_tests-test_parser.$(OBJEXT) \
-	starter_tests-starter_tests.$(OBJEXT)
-starter_tests_OBJECTS = $(am_starter_tests_OBJECTS)
-starter_tests_DEPENDENCIES =  \
+am_ntt_fft_tests_OBJECTS =  \
+	suites/ntt_fft_tests-test_ntt_fft.$(OBJEXT) \
+	ntt_fft_tests-ntt_fft_tests.$(OBJEXT)
+ntt_fft_tests_OBJECTS = $(am_ntt_fft_tests_OBJECTS)
+ntt_fft_tests_DEPENDENCIES =  \
 	$(top_builddir)/src/libstrongswan/libstrongswan.la \
 	$(top_builddir)/src/libstrongswan/tests/libtest.la \
-	../libstarter.la
+	../libnttfft.la
 AM_V_lt = $(am__v_lt_ at AM_V@)
 am__v_lt_ = $(am__v_lt_ at AM_DEFAULT_V@)
 am__v_lt_0 = --silent
 am__v_lt_1 = 
-starter_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
-	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(starter_tests_CFLAGS) \
-	$(CFLAGS) $(starter_tests_LDFLAGS) $(LDFLAGS) -o $@
+ntt_fft_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(ntt_fft_tests_CFLAGS) \
+	$(CFLAGS) $(ntt_fft_tests_LDFLAGS) $(LDFLAGS) -o $@
 AM_V_P = $(am__v_P_ at AM_V@)
 am__v_P_ = $(am__v_P_ at AM_DEFAULT_V@)
 am__v_P_0 = false
@@ -158,8 +159,8 @@ AM_V_CCLD = $(am__v_CCLD_ at AM_V@)
 am__v_CCLD_ = $(am__v_CCLD_ at AM_DEFAULT_V@)
 am__v_CCLD_0 = @echo "  CCLD    " $@;
 am__v_CCLD_1 = 
-SOURCES = $(starter_tests_SOURCES)
-DIST_SOURCES = $(starter_tests_SOURCES)
+SOURCES = $(ntt_fft_tests_SOURCES)
+DIST_SOURCES = $(ntt_fft_tests_SOURCES)
 am__can_run_installinfo = \
   case $$AM_UPDATE_INFO_DIR in \
     n|no|NO) false;; \
@@ -347,7 +348,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -381,8 +381,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -436,24 +434,28 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
-starter_tests_SOURCES = \
-	suites/test_parser.c \
-	starter_tests.h starter_tests.c
+ntt_fft_tests_SOURCES = \
+	suites/test_ntt_fft.c \
+	ntt_fft_tests.h ntt_fft_tests.c
 
-starter_tests_CFLAGS = \
+ntt_fft_tests_CFLAGS = \
 	-I$(top_srcdir)/src/libstrongswan \
 	-I$(top_srcdir)/src/libstrongswan/tests \
-	-I$(top_srcdir)/src/starter \
+	-I$(top_srcdir)/src/libstrongswan/math/libnttfft \
+	-DPLUGINDIR=\""$(abs_top_builddir)/src/libstrongswan/plugins\"" \
+	-DPLUGINS=\""${s_plugins}\"" \
 	@COVERAGE_CFLAGS@
 
-starter_tests_LDFLAGS = @COVERAGE_LDFLAGS@
-starter_tests_LDADD = \
+ntt_fft_tests_LDFLAGS = @COVERAGE_LDFLAGS@
+ntt_fft_tests_LDADD = \
 	$(top_builddir)/src/libstrongswan/libstrongswan.la \
 	$(top_builddir)/src/libstrongswan/tests/libtest.la \
-	../libstarter.la
+	../libnttfft.la
 
 all: all-am
 
@@ -468,9 +470,9 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	      exit 1;; \
 	  esac; \
 	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/starter/tests/Makefile'; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/math/libnttfft/tests/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
-	  $(AUTOMAKE) --gnu src/starter/tests/Makefile
+	  $(AUTOMAKE) --gnu src/libstrongswan/math/libnttfft/tests/Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
@@ -503,12 +505,12 @@ suites/$(am__dirstamp):
 suites/$(DEPDIR)/$(am__dirstamp):
 	@$(MKDIR_P) suites/$(DEPDIR)
 	@: > suites/$(DEPDIR)/$(am__dirstamp)
-suites/starter_tests-test_parser.$(OBJEXT): suites/$(am__dirstamp) \
+suites/ntt_fft_tests-test_ntt_fft.$(OBJEXT): suites/$(am__dirstamp) \
 	suites/$(DEPDIR)/$(am__dirstamp)
 
-starter_tests$(EXEEXT): $(starter_tests_OBJECTS) $(starter_tests_DEPENDENCIES) $(EXTRA_starter_tests_DEPENDENCIES) 
-	@rm -f starter_tests$(EXEEXT)
-	$(AM_V_CCLD)$(starter_tests_LINK) $(starter_tests_OBJECTS) $(starter_tests_LDADD) $(LIBS)
+ntt_fft_tests$(EXEEXT): $(ntt_fft_tests_OBJECTS) $(ntt_fft_tests_DEPENDENCIES) $(EXTRA_ntt_fft_tests_DEPENDENCIES) 
+	@rm -f ntt_fft_tests$(EXEEXT)
+	$(AM_V_CCLD)$(ntt_fft_tests_LINK) $(ntt_fft_tests_OBJECTS) $(ntt_fft_tests_LDADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -517,8 +519,8 @@ mostlyclean-compile:
 distclean-compile:
 	-rm -f *.tab.c
 
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/starter_tests-starter_tests.Po at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/starter_tests-test_parser.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/ntt_fft_tests-ntt_fft_tests.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/ntt_fft_tests-test_ntt_fft.Po at am__quote@
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
@@ -544,33 +546,33 @@ distclean-compile:
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC at am__nodep@)$(LTCOMPILE) -c -o $@ $<
 
-suites/starter_tests-test_parser.o: suites/test_parser.c
- at am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(starter_tests_CFLAGS) $(CFLAGS) -MT suites/starter_tests-test_parser.o -MD -MP -MF suites/$(DEPDIR)/starter_tests-test_parser.Tpo -c -o suites/starter_tests-test_parser.o `test -f 'suites/test_parser.c' || echo '$(srcdir)/'`suites/test_parser.c
- at am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) suites/$(DEPDIR)/starter_tests-test_parser.Tpo suites/$(DEPDIR)/starter_tests-test_parser.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='suites/test_parser.c' object='suites/starter_tests-test_parser.o' libtool=no @AMDEPBACKSLASH@
+suites/ntt_fft_tests-test_ntt_fft.o: suites/test_ntt_fft.c
+ at am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ntt_fft_tests_CFLAGS) $(CFLAGS) -MT suites/ntt_fft_tests-test_ntt_fft.o -MD -MP -MF suites/$(DEPDIR)/ntt_fft_tests-test_ntt_fft.Tpo -c -o suites/ntt_fft_tests-test_ntt_fft.o `test -f 'suites/test_ntt_fft.c' || echo '$(srcdir)/'`suites/test_ntt_fft.c
+ at am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) suites/$(DEPDIR)/ntt_fft_tests-test_ntt_fft.Tpo suites/$(DEPDIR)/ntt_fft_tests-test_ntt_fft.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='suites/test_ntt_fft.c' object='suites/ntt_fft_tests-test_ntt_fft.o' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@	$(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(starter_tests_CFLAGS) $(CFLAGS) -c -o suites/starter_tests-test_parser.o `test -f 'suites/test_parser.c' || echo '$(srcdir)/'`suites/test_parser.c
+ at am__fastdepCC_FALSE@	$(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ntt_fft_tests_CFLAGS) $(CFLAGS) -c -o suites/ntt_fft_tests-test_ntt_fft.o `test -f 'suites/test_ntt_fft.c' || echo '$(srcdir)/'`suites/test_ntt_fft.c
 
-suites/starter_tests-test_parser.obj: suites/test_parser.c
- at am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(starter_tests_CFLAGS) $(CFLAGS) -MT suites/starter_tests-test_parser.obj -MD -MP -MF suites/$(DEPDIR)/starter_tests-test_parser.Tpo -c -o suites/starter_tests-test_parser.obj `if test -f 'suites/test_parser.c'; then $(CYGPATH_W) 'suites/test_parser.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_parser.c'; fi`
- at am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) suites/$(DEPDIR)/starter_tests-test_parser.Tpo suites/$(DEPDIR)/starter_tests-test_parser.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='suites/test_parser.c' object='suites/starter_tests-test_parser.obj' libtool=no @AMDEPBACKSLASH@
+suites/ntt_fft_tests-test_ntt_fft.obj: suites/test_ntt_fft.c
+ at am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ntt_fft_tests_CFLAGS) $(CFLAGS) -MT suites/ntt_fft_tests-test_ntt_fft.obj -MD -MP -MF suites/$(DEPDIR)/ntt_fft_tests-test_ntt_fft.Tpo -c -o suites/ntt_fft_tests-test_ntt_fft.obj `if test -f 'suites/test_ntt_fft.c'; then $(CYGPATH_W) 'suites/test_ntt_fft.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_ntt_fft.c'; fi`
+ at am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) suites/$(DEPDIR)/ntt_fft_tests-test_ntt_fft.Tpo suites/$(DEPDIR)/ntt_fft_tests-test_ntt_fft.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='suites/test_ntt_fft.c' object='suites/ntt_fft_tests-test_ntt_fft.obj' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@	$(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(starter_tests_CFLAGS) $(CFLAGS) -c -o suites/starter_tests-test_parser.obj `if test -f 'suites/test_parser.c'; then $(CYGPATH_W) 'suites/test_parser.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_parser.c'; fi`
+ at am__fastdepCC_FALSE@	$(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ntt_fft_tests_CFLAGS) $(CFLAGS) -c -o suites/ntt_fft_tests-test_ntt_fft.obj `if test -f 'suites/test_ntt_fft.c'; then $(CYGPATH_W) 'suites/test_ntt_fft.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_ntt_fft.c'; fi`
 
-starter_tests-starter_tests.o: starter_tests.c
- at am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(starter_tests_CFLAGS) $(CFLAGS) -MT starter_tests-starter_tests.o -MD -MP -MF $(DEPDIR)/starter_tests-starter_tests.Tpo -c -o starter_tests-starter_tests.o `test -f 'starter_tests.c' || echo '$(srcdir)/'`starter_tests.c
- at am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/starter_tests-starter_tests.Tpo $(DEPDIR)/starter_tests-starter_tests.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='starter_tests.c' object='starter_tests-starter_tests.o' libtool=no @AMDEPBACKSLASH@
+ntt_fft_tests-ntt_fft_tests.o: ntt_fft_tests.c
+ at am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ntt_fft_tests_CFLAGS) $(CFLAGS) -MT ntt_fft_tests-ntt_fft_tests.o -MD -MP -MF $(DEPDIR)/ntt_fft_tests-ntt_fft_tests.Tpo -c -o ntt_fft_tests-ntt_fft_tests.o `test -f 'ntt_fft_tests.c' || echo '$(srcdir)/'`ntt_fft_tests.c
+ at am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/ntt_fft_tests-ntt_fft_tests.Tpo $(DEPDIR)/ntt_fft_tests-ntt_fft_tests.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='ntt_fft_tests.c' object='ntt_fft_tests-ntt_fft_tests.o' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@	$(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(starter_tests_CFLAGS) $(CFLAGS) -c -o starter_tests-starter_tests.o `test -f 'starter_tests.c' || echo '$(srcdir)/'`starter_tests.c
+ at am__fastdepCC_FALSE@	$(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ntt_fft_tests_CFLAGS) $(CFLAGS) -c -o ntt_fft_tests-ntt_fft_tests.o `test -f 'ntt_fft_tests.c' || echo '$(srcdir)/'`ntt_fft_tests.c
 
-starter_tests-starter_tests.obj: starter_tests.c
- at am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(starter_tests_CFLAGS) $(CFLAGS) -MT starter_tests-starter_tests.obj -MD -MP -MF $(DEPDIR)/starter_tests-starter_tests.Tpo -c -o starter_tests-starter_tests.obj `if test -f 'starter_tests.c'; then $(CYGPATH_W) 'starter_tests.c'; else $(CYGPATH_W) '$(srcdir)/starter_tests.c'; fi`
- at am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/starter_tests-starter_tests.Tpo $(DEPDIR)/starter_tests-starter_tests.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='starter_tests.c' object='starter_tests-starter_tests.obj' libtool=no @AMDEPBACKSLASH@
+ntt_fft_tests-ntt_fft_tests.obj: ntt_fft_tests.c
+ at am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ntt_fft_tests_CFLAGS) $(CFLAGS) -MT ntt_fft_tests-ntt_fft_tests.obj -MD -MP -MF $(DEPDIR)/ntt_fft_tests-ntt_fft_tests.Tpo -c -o ntt_fft_tests-ntt_fft_tests.obj `if test -f 'ntt_fft_tests.c'; then $(CYGPATH_W) 'ntt_fft_tests.c'; else $(CYGPATH_W) '$(srcdir)/ntt_fft_tests.c'; fi`
+ at am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/ntt_fft_tests-ntt_fft_tests.Tpo $(DEPDIR)/ntt_fft_tests-ntt_fft_tests.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='ntt_fft_tests.c' object='ntt_fft_tests-ntt_fft_tests.obj' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@	$(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(starter_tests_CFLAGS) $(CFLAGS) -c -o starter_tests-starter_tests.obj `if test -f 'starter_tests.c'; then $(CYGPATH_W) 'starter_tests.c'; else $(CYGPATH_W) '$(srcdir)/starter_tests.c'; fi`
+ at am__fastdepCC_FALSE@	$(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ntt_fft_tests_CFLAGS) $(CFLAGS) -c -o ntt_fft_tests-ntt_fft_tests.obj `if test -f 'ntt_fft_tests.c'; then $(CYGPATH_W) 'ntt_fft_tests.c'; else $(CYGPATH_W) '$(srcdir)/ntt_fft_tests.c'; fi`
 
 mostlyclean-libtool:
 	-rm -f *.lo
diff --git a/src/libcharon/tests/libcharon_tests.c b/src/libstrongswan/math/libnttfft/tests/ntt_fft_tests.c
similarity index 70%
copy from src/libcharon/tests/libcharon_tests.c
copy to src/libstrongswan/math/libnttfft/tests/ntt_fft_tests.c
index e25e543..71f5664 100644
--- a/src/libcharon/tests/libcharon_tests.c
+++ b/src/libstrongswan/math/libnttfft/tests/ntt_fft_tests.c
@@ -1,6 +1,6 @@
 /*
- * Copyright (C) 2014 Martin Willi
- * Copyright (C) 2014 revosec AG
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -14,21 +14,18 @@
  */
 
 #include <test_runner.h>
-#include <daemon.h>
+
+#include <library.h>
 
 /* declare test suite constructors */
 #define TEST_SUITE(x) test_suite_t* x();
-#define TEST_SUITE_DEPEND(x, ...) TEST_SUITE(x)
-#include "libcharon_tests.h"
+#include "ntt_fft_tests.h"
 #undef TEST_SUITE
-#undef TEST_SUITE_DEPEND
 
 static test_configuration_t tests[] = {
 #define TEST_SUITE(x) \
 	{ .suite = x, },
-#define TEST_SUITE_DEPEND(x, type, ...) \
-	{ .suite = x, .feature = PLUGIN_DEPENDS(type, __VA_ARGS__) },
-#include "libcharon_tests.h"
+#include "ntt_fft_tests.h"
 	{ .suite = NULL, }
 };
 
@@ -38,10 +35,7 @@ static bool test_runner_init(bool init)
 	{
 		char *plugins, *plugindir;
 
-		libcharon_init();
-
-		plugins = getenv("TESTS_PLUGINS") ?:
-					lib->settings->get_str(lib->settings,
+		plugins = lib->settings->get_str(lib->settings,
 										"tests.load", PLUGINS);
 		plugindir = lib->settings->get_str(lib->settings,
 										"tests.plugindir", PLUGINDIR);
@@ -53,12 +47,14 @@ static bool test_runner_init(bool init)
 	}
 	else
 	{
-		libcharon_deinit();
+		lib->processor->set_threads(lib->processor, 0);
+		lib->processor->cancel(lib->processor);
+		lib->plugins->unload(lib->plugins);
 	}
 	return TRUE;
 }
 
 int main(int argc, char *argv[])
 {
-	return test_runner_run("libcharon", tests, test_runner_init);
+	return test_runner_run("ntt_fft", tests, test_runner_init);
 }
diff --git a/src/libstrongswan/plugins/bliss/tests/bliss_tests.h b/src/libstrongswan/math/libnttfft/tests/ntt_fft_tests.h
similarity index 65%
copy from src/libstrongswan/plugins/bliss/tests/bliss_tests.h
copy to src/libstrongswan/math/libnttfft/tests/ntt_fft_tests.h
index f0959cc..200b5b0 100644
--- a/src/libstrongswan/plugins/bliss/tests/bliss_tests.h
+++ b/src/libstrongswan/math/libnttfft/tests/ntt_fft_tests.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2015 Andreas Steffen
+ * Copyright (C) 2016 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -13,11 +13,5 @@
  * for more details.
  */
 
-TEST_SUITE(bliss_fft_suite_create)
-TEST_SUITE(bliss_bitpacker_suite_create)
-TEST_SUITE(bliss_huffman_suite_create)
-TEST_SUITE(bliss_keys_suite_create)
-TEST_SUITE(bliss_sampler_suite_create)
-TEST_SUITE(bliss_signature_suite_create)
-TEST_SUITE(bliss_sign_suite_create)
+TEST_SUITE(ntt_fft_suite_create)
 
diff --git a/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_fft.c b/src/libstrongswan/math/libnttfft/tests/suites/test_ntt_fft.c
similarity index 51%
rename from src/libstrongswan/plugins/bliss/tests/suites/test_bliss_fft.c
rename to src/libstrongswan/math/libnttfft/tests/suites/test_ntt_fft.c
index 009aaf8..d827718 100644
--- a/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_fft.c
+++ b/src/libstrongswan/math/libnttfft/tests/suites/test_ntt_fft.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014 Andreas Steffen
+ * Copyright (C) 2014-2016 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -15,17 +15,22 @@
 
 #include "test_suite.h"
 
-#include <bliss_fft.h>
+#include <ntt_fft.h>
+#include <ntt_fft_reduce.h>
 
-static bliss_fft_params_t *fft_params[] = {
-	&bliss_fft_17_8,
-	&bliss_fft_12289_512
+#include <time.h>
+
+static const ntt_fft_params_t *fft_params[] = {
+	&ntt_fft_17_8,
+	&ntt_fft_12289_512,
+	&ntt_fft_12289_1024
 };
 
-START_TEST(test_bliss_fft_impulse)
+START_TEST(test_ntt_fft_impulse)
 {
-	bliss_fft_t *fft;
+	ntt_fft_t *fft;
 	uint16_t n = fft_params[_i]->n;
+	uint32_t rq = (1 << fft_params[_i]->rlog) % fft_params[_i]->q;
 	uint32_t x[n], X[n];
 	int i;
 
@@ -35,12 +40,12 @@ START_TEST(test_bliss_fft_impulse)
 	}
 	x[0] = 1;
  
-	fft = bliss_fft_create(fft_params[_i]);
+	fft = ntt_fft_create(fft_params[_i]);
 	fft->transform(fft, x, X, FALSE);
 
 	for (i = 0; i < n; i++)
 	{
-		ck_assert(X[i] == 1);
+		ck_assert(X[i] == rq);
 	}
 	fft->transform(fft, X, x, TRUE);
 
@@ -52,9 +57,9 @@ START_TEST(test_bliss_fft_impulse)
 }
 END_TEST
 
-START_TEST(test_bliss_fft_wrap)
+START_TEST(test_ntt_fft_wrap)
 {
-	bliss_fft_t *fft;
+	ntt_fft_t *fft;
 	uint16_t n = fft_params[_i]->n;
 	uint16_t q = fft_params[_i]->q;
 	uint32_t x[n],y[n], X[n], Y[n];
@@ -65,7 +70,7 @@ START_TEST(test_bliss_fft_wrap)
 		x[i] = i;
 		y[i] = 0;
 	}
-	fft = bliss_fft_create(fft_params[_i]);
+	fft = ntt_fft_create(fft_params[_i]);
 	ck_assert(fft->get_size(fft) == n);
 	ck_assert(fft->get_modulus(fft) == q); 
 	fft->transform(fft, x, X, FALSE);
@@ -77,7 +82,7 @@ START_TEST(test_bliss_fft_wrap)
 
 		for (i = 0; i < n; i++)
 		{
-			Y[i] = (X[i] * Y[i]) % q;
+			Y[i] = ntt_fft_mreduce(X[i] * Y[i], fft_params[_i]);
 		}
 		fft->transform(fft, Y, Y, TRUE);
 
@@ -91,19 +96,58 @@ START_TEST(test_bliss_fft_wrap)
 }
 END_TEST
 
-Suite *bliss_fft_suite_create()
+START_TEST(test_ntt_fft_speed)
+{
+	ntt_fft_t *fft;
+	struct timespec start, stop;
+	int i, m, count = 10000;
+	int n = fft_params[_i]->n;
+	uint32_t x[n], X[n];
+
+	for (i = 0; i < n; i++)
+	{
+		x[i] = i;
+	}
+	fft = ntt_fft_create(fft_params[_i]);
+
+	clock_gettime(CLOCK_THREAD_CPUTIME_ID, &start);
+	for (m = 0; m < count; m++)
+	{
+		fft->transform(fft, x, X, FALSE);
+		fft->transform(fft, X, x, TRUE);
+	}
+	clock_gettime(CLOCK_THREAD_CPUTIME_ID, &stop);
+
+	DBG0(DBG_LIB, "%d FFT-%d loops in %d ms\n", count, n,
+				  (stop.tv_nsec - start.tv_nsec) / 1000000 +
+				  (stop.tv_sec - start.tv_sec) * 1000);
+
+	for (i = 0; i < n; i++)
+	{
+		ck_assert(x[i] == i);
+	}
+	fft->destroy(fft);
+}
+END_TEST
+
+Suite *ntt_fft_suite_create()
 {
 	Suite *s;
 	TCase *tc;
 
-	s = suite_create("bliss_fft");
+	s = suite_create("ntt_fft");
 
 	tc = tcase_create("impulse");
-	tcase_add_loop_test(tc, test_bliss_fft_impulse, 0, countof(fft_params));
+	tcase_add_loop_test(tc, test_ntt_fft_impulse, 0, countof(fft_params));
 	suite_add_tcase(s, tc);
 
 	tc = tcase_create("negative_wrap");
-	tcase_add_loop_test(tc, test_bliss_fft_wrap, 0, countof(fft_params));
+	tcase_add_loop_test(tc, test_ntt_fft_wrap, 0, countof(fft_params));
+	suite_add_tcase(s, tc);
+
+	tc = tcase_create("speed");
+	tcase_set_timeout(tc, 10);
+	tcase_add_loop_test(tc, test_ntt_fft_speed, 1, countof(fft_params));
 	suite_add_tcase(s, tc);
 
 	return s;
diff --git a/src/libstrongswan/plugins/acert/Makefile.in b/src/libstrongswan/plugins/acert/Makefile.in
index a1ee0f8..210d7c2 100644
--- a/src/libstrongswan/plugins/acert/Makefile.in
+++ b/src/libstrongswan/plugins/acert/Makefile.in
@@ -351,7 +351,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -385,8 +384,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -440,6 +437,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/aes/Makefile.in b/src/libstrongswan/plugins/aes/Makefile.in
index 02cd0f8..9e926ac 100644
--- a/src/libstrongswan/plugins/aes/Makefile.in
+++ b/src/libstrongswan/plugins/aes/Makefile.in
@@ -350,7 +350,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -384,8 +383,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -439,6 +436,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/aesni/Makefile.in b/src/libstrongswan/plugins/aesni/Makefile.in
index 576b6da..ea41ab3 100644
--- a/src/libstrongswan/plugins/aesni/Makefile.in
+++ b/src/libstrongswan/plugins/aesni/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/af_alg/Makefile.in b/src/libstrongswan/plugins/af_alg/Makefile.in
index 1f09228..aa3be42 100644
--- a/src/libstrongswan/plugins/af_alg/Makefile.in
+++ b/src/libstrongswan/plugins/af_alg/Makefile.in
@@ -354,7 +354,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -388,8 +387,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -443,6 +440,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/agent/Makefile.in b/src/libstrongswan/plugins/agent/Makefile.in
index 5e1b1f3..4441558 100644
--- a/src/libstrongswan/plugins/agent/Makefile.in
+++ b/src/libstrongswan/plugins/agent/Makefile.in
@@ -352,7 +352,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -386,8 +385,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -441,6 +438,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/bliss/Makefile.am b/src/libstrongswan/plugins/bliss/Makefile.am
index e2aaaf5..b2d0942 100644
--- a/src/libstrongswan/plugins/bliss/Makefile.am
+++ b/src/libstrongswan/plugins/bliss/Makefile.am
@@ -1,5 +1,6 @@
 AM_CPPFLAGS = \
-	-I$(top_srcdir)/src/libstrongswan
+	-I$(top_srcdir)/src/libstrongswan \
+	-I$(top_srcdir)/src/libstrongswan/math/libnttfft
 
 AM_CFLAGS = \
 	$(PLUGIN_CFLAGS) \
@@ -7,9 +8,12 @@ AM_CFLAGS = \
 
 # these file are also used by bliss_huffman
 noinst_LTLIBRARIES = libbliss-params.la
+
 libbliss_params_la_SOURCES = \
-	bliss_param_set.h bliss_param_set.c \
-	bliss_fft_params.h bliss_fft_params.c
+	bliss_param_set.h bliss_param_set.c
+
+libbliss_params_la_LIBADD = \
+	$(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la
 
 # these files are also used by the tests, we can't directly refer to them
 # because of the subdirectory, which would cause distclean to fail
@@ -20,12 +24,14 @@ libbliss_la_SOURCES = \
 	bliss_signature.h bliss_signature.c \
 	bliss_utils.h bliss_utils.c \
 	bliss_bitpacker.h bliss_bitpacker.c \
-	bliss_fft.h bliss_fft.c \
 	bliss_huffman_code.h bliss_huffman_code.c \
 	bliss_huffman_code_1.c bliss_huffman_code_3.c bliss_huffman_code_4.c \
 	bliss_huffman_coder.h bliss_huffman_coder.c \
 	bliss_sampler.h bliss_sampler.c
-libbliss_la_LIBADD = libbliss-params.la
+
+libbliss_la_LIBADD = \
+	$(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la \
+	libbliss-params.la
 
 if MONOLITHIC
 noinst_LTLIBRARIES += libstrongswan-bliss.la
@@ -43,7 +49,10 @@ libstrongswan_bliss_la_LIBADD = libbliss.la
 noinst_PROGRAMS = bliss_huffman
 
 bliss_huffman_SOURCES = bliss_huffman.c
-bliss_huffman_LDADD = -lm libbliss-params.la
+
+bliss_huffman_LDADD = -lm \
+	$(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la \
+	libbliss-params.la
 
 recreate-bliss-huffman :	bliss_huffman bliss_huffman_code.h
 	$(AM_V_GEN) \
diff --git a/src/libstrongswan/plugins/bliss/Makefile.in b/src/libstrongswan/plugins/bliss/Makefile.in
index 389e20e..746709b 100644
--- a/src/libstrongswan/plugins/bliss/Makefile.in
+++ b/src/libstrongswan/plugins/bliss/Makefile.in
@@ -139,17 +139,20 @@ am__uninstall_files_from_dir = { \
   }
 am__installdirs = "$(DESTDIR)$(plugindir)"
 LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
-libbliss_params_la_LIBADD =
-am_libbliss_params_la_OBJECTS = bliss_param_set.lo bliss_fft_params.lo
+libbliss_params_la_DEPENDENCIES =  \
+	$(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la
+am_libbliss_params_la_OBJECTS = bliss_param_set.lo
 libbliss_params_la_OBJECTS = $(am_libbliss_params_la_OBJECTS)
 AM_V_lt = $(am__v_lt_ at AM_V@)
 am__v_lt_ = $(am__v_lt_ at AM_DEFAULT_V@)
 am__v_lt_0 = --silent
 am__v_lt_1 = 
-libbliss_la_DEPENDENCIES = libbliss-params.la
+libbliss_la_DEPENDENCIES =  \
+	$(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la \
+	libbliss-params.la
 am_libbliss_la_OBJECTS = bliss_private_key.lo bliss_public_key.lo \
 	bliss_signature.lo bliss_utils.lo bliss_bitpacker.lo \
-	bliss_fft.lo bliss_huffman_code.lo bliss_huffman_code_1.lo \
+	bliss_huffman_code.lo bliss_huffman_code_1.lo \
 	bliss_huffman_code_3.lo bliss_huffman_code_4.lo \
 	bliss_huffman_coder.lo bliss_sampler.lo
 libbliss_la_OBJECTS = $(am_libbliss_la_OBJECTS)
@@ -166,7 +169,9 @@ libstrongswan_bliss_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
 PROGRAMS = $(noinst_PROGRAMS)
 am_bliss_huffman_OBJECTS = bliss_huffman.$(OBJEXT)
 bliss_huffman_OBJECTS = $(am_bliss_huffman_OBJECTS)
-bliss_huffman_DEPENDENCIES = libbliss-params.la
+bliss_huffman_DEPENDENCIES =  \
+	$(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la \
+	libbliss-params.la
 AM_V_P = $(am__v_P_ at AM_V@)
 am__v_P_ = $(am__v_P_ at AM_DEFAULT_V@)
 am__v_P_0 = false
@@ -370,7 +375,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -404,8 +408,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -459,11 +461,14 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
 AM_CPPFLAGS = \
-	-I$(top_srcdir)/src/libstrongswan
+	-I$(top_srcdir)/src/libstrongswan \
+	-I$(top_srcdir)/src/libstrongswan/math/libnttfft
 
 AM_CFLAGS = \
 	$(PLUGIN_CFLAGS) \
@@ -476,8 +481,10 @@ AM_CFLAGS = \
 # because of the subdirectory, which would cause distclean to fail
 noinst_LTLIBRARIES = libbliss-params.la libbliss.la $(am__append_1)
 libbliss_params_la_SOURCES = \
-	bliss_param_set.h bliss_param_set.c \
-	bliss_fft_params.h bliss_fft_params.c
+	bliss_param_set.h bliss_param_set.c
+
+libbliss_params_la_LIBADD = \
+	$(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la
 
 libbliss_la_SOURCES = \
 	bliss_private_key.h bliss_private_key.c \
@@ -485,13 +492,15 @@ libbliss_la_SOURCES = \
 	bliss_signature.h bliss_signature.c \
 	bliss_utils.h bliss_utils.c \
 	bliss_bitpacker.h bliss_bitpacker.c \
-	bliss_fft.h bliss_fft.c \
 	bliss_huffman_code.h bliss_huffman_code.c \
 	bliss_huffman_code_1.c bliss_huffman_code_3.c bliss_huffman_code_4.c \
 	bliss_huffman_coder.h bliss_huffman_coder.c \
 	bliss_sampler.h bliss_sampler.c
 
-libbliss_la_LIBADD = libbliss-params.la
+libbliss_la_LIBADD = \
+	$(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la \
+	libbliss-params.la
+
 @MONOLITHIC_FALSE at plugin_LTLIBRARIES = libstrongswan-bliss.la
 libstrongswan_bliss_la_SOURCES = \
 	bliss_plugin.h bliss_plugin.c
@@ -499,7 +508,10 @@ libstrongswan_bliss_la_SOURCES = \
 libstrongswan_bliss_la_LDFLAGS = -module -avoid-version
 libstrongswan_bliss_la_LIBADD = libbliss.la
 bliss_huffman_SOURCES = bliss_huffman.c
-bliss_huffman_LDADD = -lm libbliss-params.la
+bliss_huffman_LDADD = -lm \
+	$(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la \
+	libbliss-params.la
+
 all: all-am
 
 .SUFFIXES:
@@ -609,8 +621,6 @@ distclean-compile:
 	-rm -f *.tab.c
 
 @AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/bliss_bitpacker.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/bliss_fft.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/bliss_fft_params.Plo at am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/bliss_huffman.Po at am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/bliss_huffman_code.Plo at am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/bliss_huffman_code_1.Plo at am__quote@
diff --git a/src/libstrongswan/plugins/bliss/bliss_fft_params.c b/src/libstrongswan/plugins/bliss/bliss_fft_params.c
deleted file mode 100644
index c892c06..0000000
--- a/src/libstrongswan/plugins/bliss/bliss_fft_params.c
+++ /dev/null
@@ -1,215 +0,0 @@
-/*
- * Copyright (C) 2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include "bliss_fft_params.h"
-
-/**
- * FFT parameters for q = 12289 and 2n = 1024
- */
-static uint16_t w_12289_1024[] = {
-	    1,    49,  2401,  7048,  1260,   295,  2166,  7822,  2319,  3030,
-	 1002, 12231,  9447,  8210,  9042,   654,  7468,  9551,  1017,   677,
-	 8595,  3329,  3364,  5079,  3091,  3991, 11224,  9260, 11336,  2459,
-	 9890,  5339,  3542,  1512,   354,  5057,  2013,   325,  3636,  6118,
-	 4846,  3963,  9852,  3477, 10616,  4046,  1630,  6136,  5728, 10314,
-	 1537,  1579,  3637,  6167,  7247, 11011, 11112,  3772,   493, 11868,
-	 3949,  9166,  6730, 10256, 10984,  9789,   390,  6821,  2426,  8273,
-	12129,  4449,  9088,  2908,  7313,  1956,  9821,  1958,  9919,  6760,
-	11726,  9280,    27,  1323,  3382,  5961,  9442,  7965,  9326,  2281,
-	 1168,  8076,  2476, 10723,  9289,   468, 10643,  5369,  5012, 12097,
-
-	 2881,  5990, 10863,  3860,  4805,  1954,  9723,  9445,  8112,  4240,
-	11136,  4948,  8961,  8974,  9611,  3957,  9558,  1360,  5195,  8775,
-	12149,  5429,  7952,  8689,  7935,  7856,  3985, 10930,  7143,  5915,
-	 7188,  8120,  4632,  5766, 12176,  6752, 11334,  2361,  5088,  3532,
-	 1022,   922,  8311,  1702,  9664,  6554,  1632,  6234, 10530, 12121,
-	 4057,  2169,  7969,  9522, 11885,  4782,   827,  3656,  7098,  3710,
-	 9744, 10474,  9377,  4780,   729, 11143,  5291,  1190,  9154,  6142,
-	 6022,   142,  6958,  9139,  5407,  6874,  5023,   347,  4714,  9784,
-	  145,  7105,  4053,  1973, 10654,  5908,  6845,  3602,  4452,  9235,
-	10111,  3879,  5736, 10706,  8456,  8807,  1428,  8527, 12286, 12142,
-
-	 5086,  3434,  8509, 11404,  5791,  1112,  5332,  3199,  9283,   174,
-	 8526, 12237,  9741, 10327,  2174,  8214,  9238, 10258, 11082,  2302,
-	 2197,  9341,  3016,   316,  3195,  9087,  2859,  4912,  7197,  8561,
-	 1663,  7753, 11227,  9407,  6250, 11314,  1381,  6224, 10040,   400,
-     7311,  1858,  5019,   151,  7399,  6170,  7394,  5925,  7678,  7552,
-	 1378,  6077,  2837,  3834,  3531,   973, 10810,  1263,   442,  9369,
-	 4388,  6099,  3915,  7500, 11119,  4115,  5011, 12048,   480, 11231,
-	 9603,  3565,  2639,  6421,  7404,  6415,  7110,  4298,  1689,  9027,
-	12208,  8320,  2143,  6695,  8541,   683,  8889,  5446,  8785,   350,
-	 4861,  4698,  9000, 10885,  4938,  8471,  9542,   576,  3646,  6608,
-
-	 4278,   709, 10163,  6427,  7698,  8532,   242, 11858,  3459,  9734,
-	 9984,  9945,  8034,   418,  8193,  8209,  8993, 10542,   420,  8291,
-	  722, 10800,   773,  1010,   334,  4077,  3149,  6833,  3014,   218,
-	10682,  7280,   339,  4322,  2865,  5206,  9314,  1693,  9223,  9523,
-	11934,  7183,  7875,  4916,  7393,  5876,  5277,   504,   118,  5782,
-	  671,  8301,  1212, 10232,  9808,  1321,  3284,  1159,  7635,  5445,
-	 8736, 10238, 10102,  3438,  8705,  8719,  9405,  6152,  6512, 11863,
-	 3704,  9450,  8357,  3956,  9509, 11248, 10436,  7515, 11854,  3263,
-	  130,  6370,  4905,  6854,  4043,  1483, 11222,  9162,  6534,   652,
-	 7370,  4749, 11499, 10446,  8005, 11286,     9,   441,  9320,  1987,
-
-	11340,  2655,  7205,  8953,  8582,  2692,  9018, 11767, 11289,   156,
-	 7644,  5886,  5767, 12225,  9153,  6093,  3621,  5383,  5698,  8844,
-	 3241, 11341,  2704,  9606,  3712,  9842,  2987, 11184,  7300,  1319,
-	 3186,  8646,  5828,  2925,  8146,  5906,  6747, 11089,  2645,  6715,
-	 9521, 11836,  2381,  6068,  2396,  6803,  1544,  1922,  8155,  6347,
-	 3778,   787,  1696,  9370,  4437,  8500, 10963,  8760, 11414,  6281,
-	  544,  2078,  3510, 12233,  9545,   723, 10849,  3174,  8058,  1594,
-	 4372,  5315,  2366,  5333,  3248, 11684,  7222,  9786,   243, 11907,
-	 5860,  4493, 11244, 10240, 10200,  8240, 10512, 11239,  9995, 10484,
-	 9867,  4212,  9764, 11454,  8241, 10561,  1351,  4754, 11744, 10162,
-
-	 6378,  5297,  1484, 11271, 11563,  1293,  1912,  7665,  6915,  7032,
-	  476, 11035, 12288, 12240,  9888,  5241, 11029, 11994, 10123,  4467,
-	 9970,  9259, 11287,    58,  2842,  4079,  3247, 11635,  4821,  2738,
-	11272, 11612,  3694,  8960,  8925,  7210,  9198,  8298,  1065,  3029,
-	  953,  9830,  2399,  6950,  8747, 10777, 11935,  7232, 10276, 11964,
-	 8653,  6171,  7443,  8326,  2437,  8812,  1673,  8243, 10659,  6153,
-	 6561,  1975, 10752, 10710,  8652,  6122,  5042,  1278,  1177,  8517,
-	11796,   421,  8340,  3123,  5559,  2033,  1305,  2500, 11899,  5468,
-	 9863,  4016,   160,  7840,  3201,  9381,  4976, 10333,  2468, 10331,
-	 2370,  5529,  563,   3009, 12262, 10966,  8907,  6328,  2847,  4324,
-
-	 2963, 10008, 11121,  4213,  9813,  1566,  3000, 11821,  1646,  6920,
-	 7277,   192,  9408,  6299,  1426,  8429,  7484, 10335,  2566,  2844,
-	 4177,  8049,  1153,  7341,  3328,  3315,  2678,  8332,  2731, 10929,
-	 7094,  3514,   140,  6860,  4337,  3600,  4354,  4433,  8304,  1359,
-	 5146,  6374,  5101,  4169,  7657,  6523,   113,  5537,   955,  9928,
-	 7201,  8757, 11267, 11367,  3978, 10587,  2625,  5735, 10657,  6055,
-	 1759,   168,  8232, 10120,  4320,  2767,   404,  7507, 11462,  8633,
-	 5191,  8579,  2545,  1815,  2912,  7509, 11560,  1146,  6998, 11099,
-	 3135,  6147,  6267, 12147,  5331,  3150,  6882,  5415,  7266, 11942,
-	 7575,  2505, 12144,  5184,  8236, 10316,  1635,  6381,  5444,  8687,
-
-	 7837,  3054,  2178,  8410,  6553,  1583,  3833,  3482, 10861,  3762,
-	    3,   147,  7203,  8855,  3780,   885,  6498, 11177,  6957,  9090,
-	 3006, 12115,  3763,    52,  2548,  1962, 10115,  4075,  3051,  2031,
-	 1207,  9987, 10092,  2948,  9273, 11973,  9094,  3202,  9430,  7377,
-	 5092,  3728, 10626,  4536,  1062,  2882,  6039,   975, 10908,  6065,
-	 2249, 11889,  4978, 10431,  7270, 12138,  4890,  6119,  4895,  6364,
-	 4611,  4737, 10911,  6212,  9452,  8455,  8758, 11316,  1479, 11026,
-	11847,  2920,  7901,  6190,  8374,  4789,  1170,  8174,  7278,   241,
-	11809,  1058,  2686,  8724,  9650,  5868,  4885,  5874,  5179,  7991,
-	10600,  3262,    81,  3969, 10146,  5594,  3748, 11606,  3400,  6843,
-
-	 3504, 11939,  7428,  7591,  3289,  1404,  7351,  3818,  2747, 11713,
-	 8643,  5681,  8011, 11580,  2126,  5862,  4591,  3757, 12047,   431,
-	 8830,  2555,  2305,  2344,  4255, 11871,  4096,  4080,  3296,  1747,
-	11869,  3998, 11567,  1489, 11516, 11279, 11955,  8212,  9140,  5456,
-	 9275, 12071,  1607,  5009, 11950,  7967,  9424,  7083,  2975, 10596,
-	 3066,  2766,   355,  5106,  4414,  7373,  4896,  6413,  7012, 11785,
-	12171,  6507, 11618,  3988, 11077,  2057,  2481, 10968,  9005, 11130,
-	 4654,  6844,  3553,  2051,  2187,  8851,  3584,  3570,  2884,  6137,
-	 5777, 	 426,  8585,  2839,  3932,  8333,  2780,  1041,  1853,  4774,
-	  435,  9026, 12159,  5919,  7384,  5435,  8246, 10806,  1067,  3127,
-
-	 5755, 11637,  4919,  7540,   790,  1843,  4284,  1003, 12280, 11848,
-	 2969, 10302,   949,  9634,  5084,  3336,  3707,  9597,  3271,   522,
-	 1000, 12133,  4645,  6403,  6522,    64,  3136,  6196,  8668,  6906,
-	 6591,  3445,  9048,   948,  9585,  2683,  8577,  2447,  9302,  1105,
-	 4989, 10970,  9103,  3643,  6461,  9364,  4143,  6383,  5542,  1200,
-	 9644,  5574,  2768,   453,  9908,  6221,  9893,  5486, 10745, 10367,
-	 4134,  5942,  8511, 11502, 10593,  2919,  7852,  3789,  1326,  3529,
-	  875,  6008, 11745, 10211,  8779,    56,  2744, 11566,  1440,  9115,
-	 4231, 10695,  7917,  6974,  9923,  6956,  9041,   605,  5067,  2503,
-	12046,   382,  6429,  7796,  1045,  2049,  2089,  4049,  1777,  1050,
-
-	 2294,  1805,  2422,  8077,  2525,   835,  4048,  1728, 10938,  7535,
-	  545,  2127,  5911,  6992, 10805,  1018,   726, 10996, 10377,  4624,
-	  5374, 5257, 11813,  1254,     1
-};
-
-/**
- * Bit-reversed indices for n = 512
- */
-static uint16_t rev_512[] = {
-	  0, 256, 128, 384,  64, 320, 192, 448,  32, 288, 
-	160, 416,  96, 352, 224, 480,  16, 272, 144, 400,
-	 80, 336, 208, 464,  48, 304, 176, 432, 112, 368,
-	240, 496,   8, 264, 136, 392,  72, 328, 200, 456,
-	 40, 296, 168, 424, 104, 360, 232, 488,  24, 280,
-	152, 408,  88, 344, 216, 472,  56, 312, 184, 440,
-	120, 376, 248, 504,   4, 260, 132, 388,  68, 324,
-	196, 452,  36, 292, 164, 420, 100, 356, 228, 484,
-	 20, 276, 148, 404,  84, 340, 212, 468,  52, 308,
-	180, 436, 116, 372, 244, 500,  12, 268, 140, 396,
-
-	 76, 332, 204, 460,  44, 300, 172, 428, 108, 364,
-	236, 492,  28, 284, 156, 412,  92, 348, 220, 476,
-	 60, 316, 188, 444, 124, 380, 252, 508,   2, 258,
-	130, 386,  66, 322, 194, 450,  34, 290, 162, 418,
-	 98, 354, 226, 482,  18, 274, 146, 402,  82, 338,
-	210, 466,  50, 306, 178, 434, 114, 370, 242, 498,
-	 10, 266, 138, 394,  74, 330, 202, 458,  42, 298,
-	170, 426, 106, 362, 234, 490,  26, 282, 154, 410,
-	 90, 346, 218, 474,  58, 314, 186, 442, 122, 378,
-	250, 506,   6, 262, 134, 390,  70, 326, 198, 454,
-
-	 38, 294, 166, 422, 102, 358, 230, 486,  22, 278,
-	150, 406,  86, 342, 214, 470,  54, 310, 182, 438,
-	118, 374, 246, 502,  14, 270, 142, 398,  78, 334,
-	206, 462,  46, 302, 174, 430, 110, 366, 238, 494,
-	 30, 286, 158, 414,  94, 350, 222, 478,  62, 318,
-	190, 446, 126, 382, 254, 510,   1, 257, 129, 385,
-	 65, 321, 193, 449,  33, 289, 161, 417,  97, 353,
-	225, 481,  17, 273, 145, 401,  81, 337, 209, 465,
-	 49, 305, 177, 433, 113, 369, 241, 497,   9, 265,
-	137, 393,  73, 329, 201, 457,  41, 297, 169, 425,
-
-	105, 361, 233, 489,  25, 281, 153, 409,  89, 345,
-	217, 473,  57, 313, 185, 441, 121, 377, 249, 505,
-	  5, 261, 133, 389,  69, 325, 197, 453,  37, 293,
-	165, 421, 101, 357, 229, 485,  21, 277, 149, 405,
-	 85, 341, 213, 469,  53, 309, 181, 437, 117, 373,
-	245, 501,  13, 269, 141, 397,  77, 333, 205, 461,
-	 45, 301, 173, 429, 109, 365, 237, 493,  29, 285,
-	157, 413,  93, 349, 221, 477,  61, 317, 189, 445,
-	125, 381, 253, 509,   3, 259, 131, 387,  67, 323,
-	195, 451,  35, 291, 163, 419,  99, 355, 227, 483,
-
-	 19, 275, 147, 403,  83, 339, 211, 467,  51, 307,
-	179, 435, 115, 371, 243, 499,  11, 267, 139, 395,
-	 75, 331, 203, 459,  43, 299, 171, 427, 107, 363,
-	235, 491,  27, 283, 155, 411,  91, 347, 219, 475,
-	 59, 315, 187, 443, 123, 379, 251, 507,   7, 263,
-	135, 391,  71, 327, 199, 455,  39, 295, 167, 423,
-	103, 359, 231, 487,  23, 279, 151, 407,  87, 343,
-	215, 471,  55, 311, 183, 439, 119, 375, 247, 503,
-	 15, 271, 143, 399,  79, 335, 207, 463,  47, 303,
-	175, 431, 111, 367, 239, 495,  31, 287, 159, 415,
-
-	 95, 351, 223, 479,  63, 319, 191, 447, 127, 383,
-	255, 511
-};
-
-bliss_fft_params_t bliss_fft_12289_512 = {
-	12289, 512, 12265, 9, w_12289_1024, rev_512
-};
-
-/**
- * FFT parameters for q = 17 and n = 16
- */
-static uint16_t w_17_16[] = {
-	1, 3, 9, 10, 13, 5, 15, 11, 16, 14, 8, 7, 4, 12, 2, 6, 1 };
-
-/**
- * Bit-reversed indices for n = 8
- */
-static uint16_t rev_8[] = { 0, 4, 2, 6, 1, 5, 3, 7 };
-
-bliss_fft_params_t bliss_fft_17_8 = { 17, 8, 15, 3, w_17_16, rev_8 };
diff --git a/src/libstrongswan/plugins/bliss/bliss_fft_params.h b/src/libstrongswan/plugins/bliss/bliss_fft_params.h
deleted file mode 100644
index 31b151b..0000000
--- a/src/libstrongswan/plugins/bliss/bliss_fft_params.h
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
- * Copyright (C) 2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup bliss_fft_params bliss_fft_params
- * @{ @ingroup bliss_p
- */
-
-#ifndef BLISS_FFT_PARAMS_H_
-#define BLISS_FFT_PARAMS_H_
-
-#include <library.h>
-
-typedef struct bliss_fft_params_t bliss_fft_params_t;
-
-/**
- * Defines the parameters for an NTT computed via the FFT algorithm
- */
-struct bliss_fft_params_t {
-
-	/**
-	 * Prime modulus
-	 */
-	uint16_t q;
-
-	/**
-	 * Size of the FFT with the condition k * n = q-1
-	 */
-	uint16_t n;
-
-	/**
-	 * Inverse of n mod q used for normalization of the FFT
-	 */
-	uint16_t n_inv;
-
-	/**
-	 * Number of FFT stages  stages = log2(n)
-	 */
-	uint16_t stages;
-
-	/**
-	 * FFT twiddle factors (n-th roots of unity)
-	 */
-	uint16_t *w;
-
-	/**
-	 * FFT bit reversal
-	 */
-	uint16_t *rev;
-
-};
-
-/**
- * FFT parameters for q = 12289 and n = 512
- */
-extern bliss_fft_params_t bliss_fft_12289_512;
-
-/**
- * FFT parameters for q = 17 and n = 8
- */
-extern bliss_fft_params_t bliss_fft_17_8;
-
-#endif /** BLISS_FFT_PARAMS_H_ @}*/
diff --git a/src/libstrongswan/plugins/bliss/bliss_huffman.c b/src/libstrongswan/plugins/bliss/bliss_huffman.c
index 647234f..71e75d6 100644
--- a/src/libstrongswan/plugins/bliss/bliss_huffman.c
+++ b/src/libstrongswan/plugins/bliss/bliss_huffman.c
@@ -209,7 +209,7 @@ static void remove_node(node_t *list, node_t **last, node_t *node)
  */
 int main(int argc, char *argv[])
 {
-	bliss_param_set_t *set;
+	const bliss_param_set_t *set;
 	int dx, bliss_type, depth = 1, groups, groups_left, pairs = 1;
 	int i_max = 9, k_max = 8, index_max = (2*k_max - 1) * i_max;
 	int i, i_top, k, k_top;
diff --git a/src/libstrongswan/plugins/bliss/bliss_param_set.c b/src/libstrongswan/plugins/bliss/bliss_param_set.c
index 3781a58..b6649d7 100644
--- a/src/libstrongswan/plugins/bliss/bliss_param_set.c
+++ b/src/libstrongswan/plugins/bliss/bliss_param_set.c
@@ -33,7 +33,7 @@ ENUM(bliss_param_set_id_names, BLISS_I, BLISS_B_IV,
  *
  * c[i] = exp(-2^i/f), i = 0..20, with f = k_sigma^2 / ln 2 = 93'076.9
  */
-static uint8_t c_bliss_i[] = {
+static const uint8_t c_bliss_i[] = {
 	255, 255,  75, 191, 247,  94,  30,  51, 147, 246,  89,  59,  99, 248,  26, 128,
 	255, 254, 151, 128, 109, 166,  88, 143,  30, 175, 149,  20, 240,  81, 138, 111,
 	255, 253,  47,   2, 214, 243, 188,  76, 236, 235,  40,  62,  54,  35,  33, 205,
@@ -62,7 +62,7 @@ static uint8_t c_bliss_i[] = {
  *
  * c[i] = exp(-2^i/f), i = 0..20, with f = k_sigma^2 / ln 2 = 125'550.5
  */
-static uint8_t c_bliss_iii[] = {
+static const uint8_t c_bliss_iii[] = {
 	255, 255, 122,  95,  16, 128,  14, 195,  60,  90, 166, 191, 205,  26, 144, 204,
 	255, 254, 244, 190, 102, 192, 187, 141, 169,  92,  33,  30, 170, 141, 184,  56,
 	255, 253, 233, 125, 228, 131,  93, 148, 121,  92,  52, 122, 149,  96,  29,  66,
@@ -91,7 +91,7 @@ static uint8_t c_bliss_iii[] = {
  *
  * c[i] = exp(-2^i/f), i = 0..21, with f = k_sigma^2 / ln 2 = 147'732.0
  */
-static uint8_t c_bliss_iv[] = {
+static const uint8_t c_bliss_iv[] = {
 	255, 255, 142, 111, 102,   2, 141,  87, 150,  42,  18,  70,   6, 224,  18,  70,
 	255, 255,  28, 222, 254, 102,  20,  78, 133,  78, 189, 107,  29,   7,  23, 193,
 	255, 254,  57, 190, 198,  79, 181, 181, 108,  75, 142, 145,  45, 238, 193,  29,
@@ -119,7 +119,7 @@ static uint8_t c_bliss_iv[] = {
 /**
  * BLISS signature parameter set definitions
  */
-static bliss_param_set_t bliss_param_sets[] = {
+static const bliss_param_set_t bliss_param_sets[] = {
 
 	/* BLISS-I scheme */
 	{
@@ -131,7 +131,7 @@ static bliss_param_set_t bliss_param_sets[] = {
 		.q2_inv = 6145,
 		.n = 512,
 		.n_bits = 9,
-		.fft_params = &bliss_fft_12289_512,
+		.fft_params = &ntt_fft_12289_512,
 		.non_zero1 = 154,
 		.non_zero2 = 0,
 		.kappa = 23,
@@ -161,7 +161,7 @@ static bliss_param_set_t bliss_param_sets[] = {
 		.q2_inv = 6145,
 		.n = 512,
 		.n_bits = 9,
-		.fft_params = &bliss_fft_12289_512,
+		.fft_params = &ntt_fft_12289_512,
 		.non_zero1 = 216,
 		.non_zero2 = 16,
 		.kappa = 30,
@@ -191,7 +191,7 @@ static bliss_param_set_t bliss_param_sets[] = {
 		.q2_inv = 6145,
 		.n = 512,
 		.n_bits = 9,
-		.fft_params = &bliss_fft_12289_512,
+		.fft_params = &ntt_fft_12289_512,
 		.non_zero1 = 231,
 		.non_zero2 = 31,
 		.kappa = 39,
@@ -221,7 +221,7 @@ static bliss_param_set_t bliss_param_sets[] = {
 		.q2_inv = 6145,
 		.n = 512,
 		.n_bits = 9,
-		.fft_params = &bliss_fft_12289_512,
+		.fft_params = &ntt_fft_12289_512,
 		.non_zero1 = 154,
 		.non_zero2 = 0,
 		.kappa = 23,
@@ -251,7 +251,7 @@ static bliss_param_set_t bliss_param_sets[] = {
 		.q2_inv = 6145,
 		.n = 512,
 		.n_bits = 9,
-		.fft_params = &bliss_fft_12289_512,
+		.fft_params = &ntt_fft_12289_512,
 		.non_zero1 = 216,
 		.non_zero2 = 16,
 		.kappa = 30,
@@ -281,7 +281,7 @@ static bliss_param_set_t bliss_param_sets[] = {
 		.q2_inv = 6145,
 		.n = 512,
 		.n_bits = 9,
-		.fft_params = &bliss_fft_12289_512,
+		.fft_params = &ntt_fft_12289_512,
 		.non_zero1 = 231,
 		.non_zero2 = 31,
 		.kappa = 39,
@@ -306,7 +306,7 @@ static bliss_param_set_t bliss_param_sets[] = {
 /**
  * See header.
  */
-bliss_param_set_t* bliss_param_set_get_by_id(bliss_param_set_id_t id)
+const bliss_param_set_t* bliss_param_set_get_by_id(bliss_param_set_id_t id)
 {
 	int i;
 
@@ -324,7 +324,7 @@ bliss_param_set_t* bliss_param_set_get_by_id(bliss_param_set_id_t id)
 /**
  * See header.
  */
-bliss_param_set_t* bliss_param_set_get_by_oid(int oid)
+const bliss_param_set_t* bliss_param_set_get_by_oid(int oid)
 {
 	int i;
 
diff --git a/src/libstrongswan/plugins/bliss/bliss_param_set.h b/src/libstrongswan/plugins/bliss/bliss_param_set.h
index 33a8009..8c043b9 100644
--- a/src/libstrongswan/plugins/bliss/bliss_param_set.h
+++ b/src/libstrongswan/plugins/bliss/bliss_param_set.h
@@ -24,7 +24,7 @@
 typedef enum bliss_param_set_id_t bliss_param_set_id_t;
 typedef struct bliss_param_set_t bliss_param_set_t;
 
-#include "bliss_fft_params.h"
+#include "ntt_fft_params.h"
 #include "bliss_huffman_code.h"
 
 #include <library.h>
@@ -53,132 +53,132 @@ struct bliss_param_set_t {
 	/**
 	 * BLISS parameter set ID
 	 */
-	bliss_param_set_id_t id;
+	const bliss_param_set_id_t id;
 
 	/**
 	 * BLISS parameter set OID
 	 */
-	int oid;
+	const int oid;
 
 	/**
 	 * Security strength in bits
 	 */
-	uint16_t strength;
+	const uint16_t strength;
 
 	/**
 	 * Prime modulus
 	 */
-	uint16_t q;
+	const uint16_t q;
 
 	/**
 	 * Number of bits in q
 	 */
-	uint16_t q_bits;
+	const uint16_t q_bits;
 
 	/**
 	 * Inverse of (q + 2) mod 2q
 	 */
-	uint16_t q2_inv;
+	const uint16_t q2_inv;
 
 	/**
 	 * Ring dimension equal to the number of polynomial coefficients
 	 */
-	uint16_t n;
+	const uint16_t n;
 
 	/**
 	 * Number of bits in n
 	 */
-	uint16_t n_bits;
+	const uint16_t n_bits;
 
 	/**
 	 * FFT parameters
 	 */
-	bliss_fft_params_t *fft_params;
+	const ntt_fft_params_t *fft_params;
 
 	/**
 	 * Number of [-1, +1] secret key coefficients
 	 */
-	uint16_t non_zero1;
+	const uint16_t non_zero1;
 
 	/**
 	 * Number of [-2, +2] secret key coefficients
 	 */
-	uint16_t non_zero2;
+	const uint16_t non_zero2;
 
 	/**
 	 * Number of secret key terms that go into Nk(S) norm
 	 */
-	uint16_t kappa;
+	const uint16_t kappa;
 
 	/**
 	 * Maximum Nk(S) tolerable NK(S) norm (BLISS only)
 	 */
-	uint32_t nks_max;
+	const uint32_t nks_max;
 
 	/**
 	 * Maximum value Pmax for ||Sc'||^2 norm (BLISS-B only)
 	 */
-	uint32_t p_max;
+	const uint32_t p_max;
 
 	/**
 	 * Standard deviation sigma
 	 */
-	uint16_t sigma;
+	const uint16_t sigma;
 
 	/**
 	 *  k_sigma = ceiling[ sqrt(2*ln 2) * sigma ]
 	 */
-	uint16_t k_sigma;
+	const uint16_t k_sigma;
 
 	/**
 	 *  Number of bits in k_sigma
 	 */
-	uint16_t k_sigma_bits;
+	const uint16_t k_sigma_bits;
 
 	/**
 	 * Coefficients for Bernoulli sampling with exponential biases
 	 */
-	uint8_t *c;
+	const uint8_t *c;
 
 	/**
 	 * Number of columns in Bernoulli coefficient table
 	 */
-	size_t c_cols;
+	const size_t c_cols;
 
 	/**
 	 * Number of rows in Bernoulli coefficient table
 	 */
-	size_t c_rows;
+	const size_t c_rows;
 
 	/**
 	 * Number of bits in z1
 	 */
-	uint16_t z1_bits;
+	const uint16_t z1_bits;
 
 	/**
 	 * Number of z2 bits to be dropped after rounding
 	 */
-	uint16_t d;
+	const uint16_t d;
 
 	/**
 	 * Modulus p = floor(2q / 2^d) applied after bit dropping
 	 */
-	uint16_t p;
+	const uint16_t p;
 
 	/**
 	 * M = sigma^2 / alpha_rejection^2
 	 */
-	uint32_t M;
+	const uint32_t M;
 
 	/**
 	 * B_infinity bound
 	 */
-	uint16_t B_inf;
+	const uint16_t B_inf;
 
 	/**
 	 * B_verify bound
 	 */
-	uint32_t B_l2;
+	const uint32_t B_l2;
 
 };
 
@@ -188,7 +188,7 @@ struct bliss_param_set_t {
  * @param id	BLISS parameter set ID
  * @return		BLISS parameter set
 */
-bliss_param_set_t* bliss_param_set_get_by_id(bliss_param_set_id_t id);
+const bliss_param_set_t* bliss_param_set_get_by_id(bliss_param_set_id_t id);
 
 /**
  * Get BLISS signature parameter set by BLISS parameter set OID
@@ -196,6 +196,6 @@ bliss_param_set_t* bliss_param_set_get_by_id(bliss_param_set_id_t id);
  * @param oid	BLISS parameter set OID
  * @return		BLISS parameter set
 */
-bliss_param_set_t* bliss_param_set_get_by_oid(int oid);
+const bliss_param_set_t* bliss_param_set_get_by_oid(int oid);
 
 #endif /** BLISS_PARAM_SET_H_ @}*/
diff --git a/src/libstrongswan/plugins/bliss/bliss_plugin.c b/src/libstrongswan/plugins/bliss/bliss_plugin.c
index 4adcf1e..cdf3e96 100644
--- a/src/libstrongswan/plugins/bliss/bliss_plugin.c
+++ b/src/libstrongswan/plugins/bliss/bliss_plugin.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014 Andreas Steffen
+ * Copyright (C) 2014-2016 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -50,6 +50,8 @@ METHOD(plugin_t, get_features, int,
 		PLUGIN_REGISTER(PRIVKEY_GEN, bliss_private_key_gen, FALSE),
 			PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_BLISS),
 				PLUGIN_DEPENDS(RNG, RNG_TRUE),
+				PLUGIN_SDEPEND(XOF, XOF_MGF1_SHA1),
+				PLUGIN_SDEPEND(XOF, XOF_MGF1_SHA256),
 		PLUGIN_REGISTER(PUBKEY, bliss_public_key_load, TRUE),
 			PLUGIN_PROVIDE(PUBKEY, KEY_BLISS),
 		PLUGIN_REGISTER(PUBKEY, bliss_public_key_load, TRUE),
@@ -57,29 +59,41 @@ METHOD(plugin_t, get_features, int,
 		/* signature schemes, private */
 		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA2_256),
 			PLUGIN_DEPENDS(HASHER, HASH_SHA256),
+			PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512),
 		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA2_384),
 			PLUGIN_DEPENDS(HASHER, HASH_SHA384),
+			PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512),
 		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA2_512),
 			PLUGIN_DEPENDS(HASHER, HASH_SHA512),
+			PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512),
 		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA3_256),
 			PLUGIN_DEPENDS(HASHER, HASH_SHA3_256),
+			PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512),
 		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA3_384),
 			PLUGIN_DEPENDS(HASHER, HASH_SHA3_384),
+			PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512),
 		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA3_512),
 			PLUGIN_DEPENDS(HASHER, HASH_SHA3_512),
+			PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512),
 		/* signature verification schemes */
 		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA2_256),
 			PLUGIN_DEPENDS(HASHER, HASH_SHA256),
+			PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512),
 		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA2_384),
 			PLUGIN_DEPENDS(HASHER, HASH_SHA384),
+			PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512),
 		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA2_512),
 			PLUGIN_DEPENDS(HASHER, HASH_SHA512),
+			PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512),
 		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA3_256),
 			PLUGIN_DEPENDS(HASHER, HASH_SHA3_256),
+			PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512),
 		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA3_384),
 			PLUGIN_DEPENDS(HASHER, HASH_SHA3_384),
+			PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512),
 		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA3_512),
 			PLUGIN_DEPENDS(HASHER, HASH_SHA3_512),
+			PLUGIN_DEPENDS(XOF, XOF_MGF1_SHA512),
 	};
 	*features = f;
 
diff --git a/src/libstrongswan/plugins/bliss/bliss_private_key.c b/src/libstrongswan/plugins/bliss/bliss_private_key.c
index 20bbc6a..25253ed 100644
--- a/src/libstrongswan/plugins/bliss/bliss_private_key.c
+++ b/src/libstrongswan/plugins/bliss/bliss_private_key.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2015 Andreas Steffen
+ * Copyright (C) 2014-2016 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -20,9 +20,10 @@
 #include "bliss_sampler.h"
 #include "bliss_signature.h"
 #include "bliss_bitpacker.h"
-#include "bliss_fft.h"
+#include "ntt_fft.h"
+#include "ntt_fft_reduce.h"
 
-#include <crypto/mgf1/mgf1_bitspender.h>
+#include <crypto/xofs/xof_bitspender.h>
 #include <asn1/asn1.h>
 #include <asn1/asn1_parser.h>
 #include <asn1/oid.h>
@@ -46,7 +47,7 @@ struct private_bliss_private_key_t {
 	/**
 	 * BLISS signature parameter set
 	 */
-	bliss_param_set_t *set;
+	const bliss_param_set_t *set;
 
 	/**
 	 * BLISS secret key S1 (coefficients of polynomial f)
@@ -64,6 +65,11 @@ struct private_bliss_private_key_t {
 	uint32_t *A;
 
 	/**
+	 * NTT of BLISS public key in Montgomery representation Ar = rA mod
+	 */
+	uint32_t *Ar;
+
+	/**
 	 * reference count
 	 */
 	refcount_t ref;
@@ -163,12 +169,12 @@ static void greedy_sc(int8_t *s1, int8_t *s2, int n, uint16_t *c_indices,
 static bool sign_bliss(private_bliss_private_key_t *this, hash_algorithm_t alg,
 					   chunk_t data, chunk_t *signature)
 {
-	bliss_fft_t *fft;
+	ntt_fft_t *fft;
 	bliss_signature_t *sig;
 	bliss_sampler_t *sampler = NULL;
 	rng_t *rng;
 	hasher_t *hasher;
-	hash_algorithm_t mgf1_alg, oracle_alg;
+	ext_out_function_t mgf1_alg, oracle_alg;
 	size_t mgf1_seed_len;
 	uint8_t mgf1_seed_buf[HASH_SIZE_SHA512], data_hash_buf[HASH_SIZE_SHA512];
 	chunk_t mgf1_seed, data_hash;
@@ -203,12 +209,12 @@ static bool sign_bliss(private_bliss_private_key_t *this, hash_algorithm_t alg,
 	/* Set MGF1 hash algorithm and seed length based on security strength */
 	if (this->set->strength > 160)
 	{
-		mgf1_alg = HASH_SHA256;
+		mgf1_alg = XOF_MGF1_SHA256;
 		mgf1_seed_len = HASH_SIZE_SHA256;
 	}
 	else
 	{
-		mgf1_alg = HASH_SHA1;
+		mgf1_alg = XOF_MGF1_SHA1;
 		mgf1_seed_len = HASH_SIZE_SHA1;
 	}
 	mgf1_seed = chunk_create(mgf1_seed_buf, mgf1_seed_len);
@@ -220,7 +226,7 @@ static bool sign_bliss(private_bliss_private_key_t *this, hash_algorithm_t alg,
 	}
 
 	/* MGF1 hash algorithm to be used for random oracle */
-	oracle_alg = HASH_SHA512;
+	oracle_alg = XOF_MGF1_SHA512;
 
 	/* Initialize a couple of needed variables */
 	n  = this->set->n;
@@ -241,7 +247,7 @@ static bool sign_bliss(private_bliss_private_key_t *this, hash_algorithm_t alg,
 	y2 = z2;
 	ud = z2d;
 
-	fft = bliss_fft_create(this->set->fft_params);
+	fft = ntt_fft_create(this->set->fft_params);
 
 	/* Use of the enhanced BLISS-B signature algorithm? */
 	switch (this->set->id)
@@ -337,7 +343,7 @@ static bool sign_bliss(private_bliss_private_key_t *this, hash_algorithm_t alg,
 
 		for (i = 0; i < n; i++)
 		{
-			ay[i] = (this->A[i] * ay[i]) % q;
+			ay[i] = ntt_fft_mreduce(this->Ar[i] * ay[i], this->set->fft_params);
 		}
 		fft->transform(fft, ay, ay, TRUE);
 
@@ -668,6 +674,7 @@ METHOD(private_key_t, destroy, void,
 			free(this->s2);
 		}
 		free(this->A);
+		free(this->Ar);
 		free(this);
 	}
 }
@@ -795,13 +802,13 @@ static uint32_t nks_norm(int8_t *s1, int8_t *s2, int n, uint16_t kappa)
 /**
  * Compute the inverse x1 of x modulo q as x^(-1) = x^(q-2) mod q
  */
-static uint32_t invert(uint32_t x, uint16_t q)
+static uint32_t invert(private_bliss_private_key_t *this, uint32_t x)
 {
 	uint32_t x1, x2;
 	uint16_t q2;
 	int i, i_max;
 
-	q2 = q - 2;
+	q2 = this->set->q - 2;
 	x1 = (q2 & 1) ? x : 1;
 	x2 = x;
 	i_max = 15;
@@ -812,11 +819,11 @@ static uint32_t invert(uint32_t x, uint16_t q)
 	}
 	for (i = 1; i <= i_max; i++)
 	{
-		x2 = (x2 * x2) % q;
+		x2 = ntt_fft_mreduce(x2 * x2, this->set->fft_params);
 
 		if (q2 & (1 << i))
 		{
-			x1 = (x1 * x2) % q;
+			x1 = ntt_fft_mreduce(x1 * x2, this->set->fft_params);
 		}
 	}
 
@@ -827,14 +834,14 @@ static uint32_t invert(uint32_t x, uint16_t q)
  * Create a vector with sparse and small coefficients from seed
  */
 static int8_t* create_vector_from_seed(private_bliss_private_key_t *this,
-									   hash_algorithm_t alg, chunk_t seed)
+									   ext_out_function_t alg, chunk_t seed)
 {
-	mgf1_bitspender_t *bitspender;
+	xof_bitspender_t *bitspender;
 	uint32_t index, sign;
 	int8_t *vector;
 	int non_zero;
 
-	bitspender = mgf1_bitspender_create(alg, seed, FALSE);
+	bitspender = xof_bitspender_create(alg, seed, FALSE);
 	if (!bitspender)
 	{
 	    return NULL;
@@ -903,7 +910,7 @@ static bool create_secret(private_bliss_private_key_t *this, rng_t *rng,
 	int i, n;
 	chunk_t seed;
 	size_t seed_len;
-	hash_algorithm_t alg;
+	ext_out_function_t alg;
 
 	n = this->set->n;
 	*s1 = NULL;
@@ -912,12 +919,12 @@ static bool create_secret(private_bliss_private_key_t *this, rng_t *rng,
 	/* Set MGF1 hash algorithm and seed length based on security strength */
 	if (this->set->strength > 160)
 	{
-		alg = HASH_SHA256;
+		alg = XOF_MGF1_SHA256;
 		seed_len = HASH_SIZE_SHA256;
 	}
 	else
 	{
-		alg = HASH_SHA1;
+		alg = XOF_MGF1_SHA1;
 		seed_len = HASH_SIZE_SHA1;
 	}
 	seed = chunk_create(seed_buf, seed_len);
@@ -1000,8 +1007,8 @@ bliss_private_key_t *bliss_private_key_gen(key_type_t type, va_list args)
 	uint32_t *S1, *S2, *a;
 	uint16_t q;
 	bool success = FALSE;
-	bliss_param_set_t *set;
-	bliss_fft_t *fft;
+	const bliss_param_set_t *set;
+	ntt_fft_t *fft;
 	rng_t *rng;
 
 	while (TRUE)
@@ -1062,13 +1069,14 @@ bliss_private_key_t *bliss_private_key_gen(key_type_t type, va_list args)
 	this->set = set;
 
 	/* We derive the public key from the private key using the FFT */
-	fft = bliss_fft_create(set->fft_params);
+	fft = ntt_fft_create(set->fft_params);
 
 	/* Some vectors needed to derive the publi key */
 	S1 = malloc(n * sizeof(uint32_t));
 	S2 = malloc(n * sizeof(uint32_t));
 	a  = malloc(n * sizeof(uint32_t));
-	this->A = malloc(n * sizeof(uint32_t));
+	this->A  = malloc(n * sizeof(uint32_t));
+	this->Ar = malloc(n * sizeof(uint32_t));
 
 	/* Instantiate a true random generator */
 	rng = lib->crypto->create_rng(lib->crypto, RNG_TRUE);
@@ -1091,6 +1099,7 @@ bliss_private_key_t *bliss_private_key_gen(key_type_t type, va_list args)
 		fft->transform(fft, S2, S2, FALSE);
 
 		success = TRUE;
+
 		for (i = 0; i < n; i++)
 		{
 			if (S1[i] == 0)
@@ -1103,8 +1112,9 @@ bliss_private_key_t *bliss_private_key_gen(key_type_t type, va_list args)
 				success = FALSE;
 				break;
 			}
-			this->A[i] = invert(S1[i], q);
-			this->A[i] = (S2[i] * this->A[i]) % q;
+			this->Ar[i] = invert(this, S1[i]);
+			this->Ar[i] = ntt_fft_mreduce(S2[i] * this->Ar[i], set->fft_params);
+			this->A[i]  = ntt_fft_mreduce(this->Ar[i], set->fft_params);
 		}
 	}
 	while (!success && trials < SECRET_KEY_TRIALS_MAX);
@@ -1114,13 +1124,15 @@ bliss_private_key_t *bliss_private_key_gen(key_type_t type, va_list args)
 
 	if (success)
 	{
-		fft->transform(fft, this->A, a, TRUE);
+		fft->transform(fft, this->Ar, a, TRUE);
 
 		DBG4(DBG_LIB, "   i   f   g     a     F     G     A");
 		for (i = 0; i < n; i++)
 		{
 			DBG4(DBG_LIB, "%4d %3d %3d %5u %5u %5u %5u",
-				 i, this->s1[i], this->s2[i], a[i], S1[i], S2[i], this->A[i]);
+						  i, this->s1[i], this->s2[i],
+						  ntt_fft_mreduce(a[i], set->fft_params),
+				 		  S1[i], S2[i], this->A[i]);
 		}
 	}
 	else
@@ -1167,7 +1179,7 @@ bliss_private_key_t *bliss_private_key_load(key_type_t type, va_list args)
 	asn1_parser_t *parser;
 	size_t s_bits = 0;
 	int8_t s, s_min = 0, s_max = 0;
-	uint32_t s_sign = 0x02, s_mask = 0xfffffffc, value;
+	uint32_t s_sign = 0x02, s_mask = 0xfffffffc, value, r2;
 	bool success = FALSE;
 	int objectID, oid, i;
 
@@ -1248,6 +1260,14 @@ bliss_private_key_t *bliss_private_key_load(key_type_t type, va_list args)
 				{
 					goto end;
 				}
+				this->Ar = malloc(this->set->n * sizeof(uint32_t));
+				r2 = this->set->fft_params->r2;
+
+				for (i = 0; i < this->set->n; i++)
+				{
+					this->Ar[i] = ntt_fft_mreduce(this->A[i] * r2,
+												  this->set->fft_params);
+				}
 				break;
 			case PRIV_KEY_SECRET1:
 				if (object.len != 1 + (s_bits * this->set->n + 7)/8)
diff --git a/src/libstrongswan/plugins/bliss/bliss_public_key.c b/src/libstrongswan/plugins/bliss/bliss_public_key.c
index 93d1165..f7ddbbf 100644
--- a/src/libstrongswan/plugins/bliss/bliss_public_key.c
+++ b/src/libstrongswan/plugins/bliss/bliss_public_key.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014 Andreas Steffen
+ * Copyright (C) 2014-2016 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -16,7 +16,8 @@
 #include "bliss_public_key.h"
 #include "bliss_signature.h"
 #include "bliss_bitpacker.h"
-#include "bliss_fft.h"
+#include "ntt_fft.h"
+#include "ntt_fft_reduce.h"
 #include "bliss_utils.h"
 
 #include <asn1/asn1.h>
@@ -37,7 +38,7 @@ struct private_bliss_public_key_t {
 	/**
 	 * BLISS signature parameter set
 	 */
-	bliss_param_set_t *set;
+	const bliss_param_set_t *set;
 
 	/**
 	 * NTT of BLISS public key a (coefficients of polynomial (2g + 1)/f)
@@ -45,6 +46,11 @@ struct private_bliss_public_key_t {
 	uint32_t *A;
 
 	/**
+	 * NTT of BLISS public key in Montgomery representation Ar = rA mod
+	 */
+	uint32_t *Ar;
+
+	/**
 	 * reference counter
 	 */
 	refcount_t ref;
@@ -70,8 +76,8 @@ static bool verify_bliss(private_bliss_public_key_t *this, hash_algorithm_t alg,
 	uint8_t data_hash_buf[HASH_SIZE_SHA512];
 	chunk_t data_hash;
 	hasher_t *hasher;
-	hash_algorithm_t oracle_alg;
-	bliss_fft_t *fft;
+	ext_out_function_t oracle_alg;
+	ntt_fft_t *fft;
 	bliss_signature_t *sig;
 	bool success = FALSE;
 
@@ -104,7 +110,7 @@ static bool verify_bliss(private_bliss_public_key_t *this, hash_algorithm_t alg,
 	}
 
 	/* MGF1 hash algorithm to be used for random oracle */
-	oracle_alg = HASH_SHA512;
+	oracle_alg = XOF_MGF1_SHA512;
 
 	/* Initialize a couple of needed variables */
 	n  = this->set->n;
@@ -120,12 +126,12 @@ static bool verify_bliss(private_bliss_public_key_t *this, hash_algorithm_t alg,
 	{
 		az[i] = z1[i] < 0 ? q + z1[i] : z1[i];
 	}
-	fft = bliss_fft_create(this->set->fft_params);
+	fft = ntt_fft_create(this->set->fft_params);
 	fft->transform(fft, az, az, FALSE);
 
 	for (i = 0; i < n; i++)
 	{
-		az[i] = (this->A[i] * az[i]) % q;
+		az[i] = ntt_fft_mreduce(this->Ar[i] * az[i], this->set->fft_params);
 	}
 	fft->transform(fft, az, az, TRUE);
 
@@ -279,6 +285,7 @@ METHOD(public_key_t, destroy, void,
 	{
 		lib->encoding->clear_cache(lib->encoding, this);
 		free(this->A);
+		free(this->Ar);
 		free(this);
 	}
 }
@@ -304,7 +311,8 @@ bliss_public_key_t *bliss_public_key_load(key_type_t type, va_list args)
 	chunk_t blob = chunk_empty, object, param;
 	asn1_parser_t *parser;
 	bool success = FALSE;
-	int objectID, oid;
+	int objectID, oid, i;
+	uint32_t r2;
 
 	while (TRUE)
 	{
@@ -380,6 +388,14 @@ bliss_public_key_t *bliss_public_key_load(key_type_t type, va_list args)
 				{
 					goto end;
 				}
+				this->Ar = malloc(this->set->n * sizeof(uint32_t));
+				r2 = this->set->fft_params->r2;
+
+				for (i = 0; i < this->set->n; i++)
+				{
+					this->Ar[i] = ntt_fft_mreduce(this->A[i] * r2,
+												  this->set->fft_params);
+				}
 				break;
 		}
 	}
@@ -399,7 +415,7 @@ end:
 /**
  * See header.
  */
-bool bliss_public_key_from_asn1(chunk_t object, bliss_param_set_t *set,
+bool bliss_public_key_from_asn1(chunk_t object, const bliss_param_set_t *set,
 								uint32_t **pubkey)
 {
 	bliss_bitpacker_t *packer;
@@ -438,7 +454,7 @@ bool bliss_public_key_from_asn1(chunk_t object, bliss_param_set_t *set,
 /**
  * See header.
  */
-chunk_t bliss_public_key_encode(uint32_t *pubkey, bliss_param_set_t *set)
+chunk_t bliss_public_key_encode(uint32_t *pubkey, const bliss_param_set_t *set)
 {
 	bliss_bitpacker_t *packer;
 	chunk_t encoding;
@@ -460,7 +476,7 @@ chunk_t bliss_public_key_encode(uint32_t *pubkey, bliss_param_set_t *set)
  * See header.
  */
 chunk_t bliss_public_key_info_encode(int oid, uint32_t *pubkey,
-									 bliss_param_set_t *set)
+									 const bliss_param_set_t *set)
 {
 	chunk_t encoding, pubkey_encoding;
 
@@ -479,7 +495,7 @@ chunk_t bliss_public_key_info_encode(int oid, uint32_t *pubkey,
  * See header.
  */
 bool bliss_public_key_fingerprint(int oid, uint32_t *pubkey,
-								  bliss_param_set_t *set,
+								  const bliss_param_set_t *set,
 								  cred_encoding_type_t type, chunk_t *fp)
 {
 	hasher_t *hasher;
diff --git a/src/libstrongswan/plugins/bliss/bliss_public_key.h b/src/libstrongswan/plugins/bliss/bliss_public_key.h
index cd8f231..d8dd2df 100644
--- a/src/libstrongswan/plugins/bliss/bliss_public_key.h
+++ b/src/libstrongswan/plugins/bliss/bliss_public_key.h
@@ -61,7 +61,7 @@ bliss_public_key_t *bliss_public_key_load(key_type_t type, va_list args);
  * @param pubkey	coefficients of public key vector
  * @return			TRUE if parsing successful
  */
-bool bliss_public_key_from_asn1(chunk_t object, bliss_param_set_t *set,
+bool bliss_public_key_from_asn1(chunk_t object, const bliss_param_set_t *set,
 								uint32_t **pubkey);
 
 /**
@@ -71,7 +71,7 @@ bool bliss_public_key_from_asn1(chunk_t object, bliss_param_set_t *set,
  * @param set		BLISS parameter set for the public key vector
  * @result			ASN.1 encoded subjectPublicKey
  */
-chunk_t bliss_public_key_encode(uint32_t *pubkey, bliss_param_set_t *set);
+chunk_t bliss_public_key_encode(uint32_t *pubkey, const bliss_param_set_t *set);
 
 /**
  * Encode a BLISS subjectPublicKeyInfo record in ASN.1 DER format
@@ -82,7 +82,7 @@ chunk_t bliss_public_key_encode(uint32_t *pubkey, bliss_param_set_t *set);
  * @result			ASN.1 encoded subjectPublicKeyInfo record
  */
 chunk_t bliss_public_key_info_encode(int oid, uint32_t *pubkey,
-									 bliss_param_set_t *set);
+									 const bliss_param_set_t *set);
 
 /**
  * Generate a BLISS public key fingerprint
@@ -95,7 +95,7 @@ chunk_t bliss_public_key_info_encode(int oid, uint32_t *pubkey,
  * @result			TRUE if generation was successful
  */
 bool bliss_public_key_fingerprint(int oid, uint32_t *pubkey,
-								  bliss_param_set_t *set,
+								  const bliss_param_set_t *set,
 								  cred_encoding_type_t type, chunk_t *fp);
 
 #endif /** BLISS_PUBLIC_KEY_H_ @}*/
diff --git a/src/libstrongswan/plugins/bliss/bliss_sampler.c b/src/libstrongswan/plugins/bliss/bliss_sampler.c
index fa45a2f..fb29d66 100644
--- a/src/libstrongswan/plugins/bliss/bliss_sampler.c
+++ b/src/libstrongswan/plugins/bliss/bliss_sampler.c
@@ -17,7 +17,7 @@
 
 typedef struct private_bliss_sampler_t private_bliss_sampler_t;
 
-#include <crypto/mgf1/mgf1_bitspender.h>
+#include <crypto/xofs/xof_bitspender.h>
 
 /**
  * Private data of a bliss_sampler_t object.
@@ -32,12 +32,12 @@ struct private_bliss_sampler_t {
 	/**
 	 * BLISS parameter the rejection sampling is to be based on
 	 */
-	bliss_param_set_t *set;
+	const bliss_param_set_t *set;
 
 	/**
 	 * Bitspender used for random rejection sampling
 	 */
-	mgf1_bitspender_t *bitspender;
+	xof_bitspender_t *bitspender;
 
 };
 
@@ -45,7 +45,8 @@ METHOD(bliss_sampler_t, bernoulli_exp, bool,
 	private_bliss_sampler_t *this, uint32_t x, bool *accepted)
 {
 	uint32_t x_mask;
-	uint8_t *c, u;
+	uint8_t u;
+	const uint8_t *c;
 	int i;
 
 	x_mask = 1 << (this->set->c_rows - 1);
@@ -221,13 +222,13 @@ METHOD(bliss_sampler_t, destroy, void,
 /**
  * See header.
  */
-bliss_sampler_t *bliss_sampler_create(hash_algorithm_t alg, chunk_t seed,
-									  bliss_param_set_t *set)
+bliss_sampler_t *bliss_sampler_create(ext_out_function_t alg, chunk_t seed,
+									  const bliss_param_set_t *set)
 {
 	private_bliss_sampler_t *this;
-	mgf1_bitspender_t *bitspender;
+	xof_bitspender_t *bitspender;
 
-	bitspender = mgf1_bitspender_create(alg, seed, FALSE);
+	bitspender = xof_bitspender_create(alg, seed, FALSE);
 	if (!bitspender)
 	{
 		return NULL;
diff --git a/src/libstrongswan/plugins/bliss/bliss_sampler.h b/src/libstrongswan/plugins/bliss/bliss_sampler.h
index 2c75d44..3e6d3d0 100644
--- a/src/libstrongswan/plugins/bliss/bliss_sampler.h
+++ b/src/libstrongswan/plugins/bliss/bliss_sampler.h
@@ -84,11 +84,11 @@ struct bliss_sampler_t {
 /**
  * Create a bliss_sampler_t object.
  *
- * @param alg		Hash algorithm to be used for the internal bitspender
+ * @param alg		XOF to be used for the internal bitspender
  * @param seed		Seed used to initialize the internal bitspender
  * @param set		BLISS parameter set to be used
  */
-bliss_sampler_t *bliss_sampler_create(hash_algorithm_t alg, chunk_t seed,
-									  bliss_param_set_t *set);
+bliss_sampler_t *bliss_sampler_create(ext_out_function_t alg, chunk_t seed,
+									  const bliss_param_set_t *set);
 
 #endif /** BLISS_SAMPLER_H_ @}*/
diff --git a/src/libstrongswan/plugins/bliss/bliss_signature.c b/src/libstrongswan/plugins/bliss/bliss_signature.c
index e603da3..f4e1bff 100644
--- a/src/libstrongswan/plugins/bliss/bliss_signature.c
+++ b/src/libstrongswan/plugins/bliss/bliss_signature.c
@@ -32,7 +32,7 @@ struct private_bliss_signature_t {
 	/**
 	 * BLISS signature parameter set
 	 */
-	bliss_param_set_t *set;
+	const bliss_param_set_t *set;
 
 	/**
 	 * BLISS signature vector z1 of size n
@@ -134,7 +134,7 @@ METHOD(bliss_signature_t, destroy, void,
 /**
  * See header.
  */
-bliss_signature_t *bliss_signature_create(bliss_param_set_t *set)
+bliss_signature_t *bliss_signature_create(const bliss_param_set_t *set)
 {
 	private_bliss_signature_t *this;
 
@@ -156,7 +156,7 @@ bliss_signature_t *bliss_signature_create(bliss_param_set_t *set)
 /**
  * See header.
  */
-bliss_signature_t *bliss_signature_create_from_data(bliss_param_set_t *set,
+bliss_signature_t *bliss_signature_create_from_data(const bliss_param_set_t *set,
 													chunk_t encoding)
 {
 	private_bliss_signature_t *this;
diff --git a/src/libstrongswan/plugins/bliss/bliss_signature.h b/src/libstrongswan/plugins/bliss/bliss_signature.h
index d37f539..20ed6c0 100644
--- a/src/libstrongswan/plugins/bliss/bliss_signature.h
+++ b/src/libstrongswan/plugins/bliss/bliss_signature.h
@@ -61,7 +61,7 @@ struct bliss_signature_t {
  *
  * @param set			BLISS parameter set
  */
-bliss_signature_t *bliss_signature_create(bliss_param_set_t *set);
+bliss_signature_t *bliss_signature_create(const bliss_param_set_t *set);
 
 /**
  * Create a BLISS signature object from encoding.
@@ -69,7 +69,7 @@ bliss_signature_t *bliss_signature_create(bliss_param_set_t *set);
  * @param set			BLISS parameter set
  * @param encoding		binary signature encoding
  */
-bliss_signature_t *bliss_signature_create_from_data(bliss_param_set_t *set,
+bliss_signature_t *bliss_signature_create_from_data(const bliss_param_set_t *set,
 													chunk_t encoding);
 
 #endif /** BLISS_SIGNATURE_H_ @}*/
diff --git a/src/libstrongswan/plugins/bliss/bliss_utils.c b/src/libstrongswan/plugins/bliss/bliss_utils.c
index 5e313ff..5baa1f8 100644
--- a/src/libstrongswan/plugins/bliss/bliss_utils.c
+++ b/src/libstrongswan/plugins/bliss/bliss_utils.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014 Andreas Steffen
+ * Copyright (C) 2014-2016 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -17,7 +17,7 @@
 
 #include <asn1/asn1.h>
 #include <crypto/hashers/hasher.h>
-#include <crypto/mgf1/mgf1_bitspender.h>
+#include <crypto/xofs/xof_bitspender.h>
 #include <utils/debug.h>
 
 /**
@@ -39,7 +39,8 @@ int32_t bliss_utils_scalar_product(int32_t *x, int32_t *y, int n)
 /**
  * See header.
  */
-void bliss_utils_round_and_drop(bliss_param_set_t *set, int32_t *x, int16_t *xd)
+void bliss_utils_round_and_drop(const bliss_param_set_t *set,
+								int32_t *x, int16_t *xd)
 {
 	int32_t factor;
 	int i;
@@ -55,8 +56,8 @@ void bliss_utils_round_and_drop(bliss_param_set_t *set, int32_t *x, int16_t *xd)
 /**
  * See header.
  */
-bool bliss_utils_generate_c(hash_algorithm_t alg, chunk_t data_hash,
-							uint16_t *ud, bliss_param_set_t *set,
+bool bliss_utils_generate_c(ext_out_function_t alg, chunk_t data_hash,
+							uint16_t *ud, const bliss_param_set_t *set,
 							uint16_t *c_indices)
 {
 	int i, index_trials = 0, index_found = 0;
@@ -64,7 +65,7 @@ bool bliss_utils_generate_c(hash_algorithm_t alg, chunk_t data_hash,
 	uint32_t index;
 	uint8_t *seed_pos;
 	chunk_t seed;
-	mgf1_bitspender_t *bitspender;
+	xof_bitspender_t *bitspender;
 
 	seed = chunk_alloca(data_hash.len + set->n * sizeof(uint16_t));
 
@@ -79,7 +80,7 @@ bool bliss_utils_generate_c(hash_algorithm_t alg, chunk_t data_hash,
 		seed_pos += sizeof(uint16_t);
 	}
 
-	bitspender = mgf1_bitspender_create(alg, seed, FALSE);
+	bitspender = xof_bitspender_create(alg, seed, FALSE);
 	if (!bitspender)
 	{
 	    return NULL;
@@ -117,7 +118,8 @@ bool bliss_utils_generate_c(hash_algorithm_t alg, chunk_t data_hash,
 /**
  * See header.
  */
-bool bliss_utils_check_norms(bliss_param_set_t *set, int32_t *z1, int16_t *z2d)
+bool bliss_utils_check_norms(const bliss_param_set_t *set,
+							 int32_t *z1, int16_t *z2d)
 {
 	int32_t z2ds[set->n];
 	int32_t z1_min, z1_max, norm;
diff --git a/src/libstrongswan/plugins/bliss/bliss_utils.h b/src/libstrongswan/plugins/bliss/bliss_utils.h
index 156968d..bfaf3c4 100644
--- a/src/libstrongswan/plugins/bliss/bliss_utils.h
+++ b/src/libstrongswan/plugins/bliss/bliss_utils.h
@@ -42,29 +42,31 @@ int32_t bliss_utils_scalar_product(int32_t *x, int32_t *y, int n);
  * @param x			input vector x of size n
  * @param xd		rounded vector x with d bits dropped
  */
-void bliss_utils_round_and_drop(bliss_param_set_t *set,	int32_t *x, int16_t *xd);
+void bliss_utils_round_and_drop(const bliss_param_set_t *set,
+								int32_t *x, int16_t *xd);
 
 /**
  * Generate the binary challenge vector c as an array of kappa indices
  *
- * @param alg		hash algorithm to be used for the internal oracle
- * @param data_hash	hash of the data to be signed
- * @param ud		input vector ud of size n
- * @param set		BLISS parameter set to be used (n, n_bits, kappa)
- * @param c_indices	indexes of non-zero challenge coefficients
+ * @param alg			XOF to be used for the internal oracle
+ * @param data_hash		hash of the data to be signed
+ * @param ud			input vector ud of size n
+ * @param set			BLISS parameter set to be used (n, n_bits, kappa)
+ * @param c_indices		indexes of non-zero challenge coefficients
  */
-bool bliss_utils_generate_c(hash_algorithm_t alg, chunk_t data_hash,
-							uint16_t *ud, bliss_param_set_t *set,
+bool bliss_utils_generate_c(ext_out_function_t alg, chunk_t data_hash,
+							uint16_t *ud, const bliss_param_set_t *set,
 							uint16_t *c_indices);
 
 /**
  * Check the infinity and l2 norms of the vectors z1 and z2d << d
  *
- * @param set	BLISS parameter set
- * @param z1	input vector
- * @param z2d	input vector
- * @result		TRUE if infinite and l2 norms do not exceed boundaries
+ * @param set		BLISS parameter set
+ * @param z1		input vector
+ * @param z2d		input vector
+ * @result			TRUE if infinite and l2 norms do not exceed boundaries
  */
-bool bliss_utils_check_norms(bliss_param_set_t *set, int32_t *z1, int16_t *z2d);
+bool bliss_utils_check_norms(const bliss_param_set_t *set,
+							 int32_t *z1, int16_t *z2d);
 
 #endif /** BLISS_UTILS_H_ @}*/
diff --git a/src/libstrongswan/plugins/bliss/tests/Makefile.am b/src/libstrongswan/plugins/bliss/tests/Makefile.am
index bd87753..1ec8d55 100644
--- a/src/libstrongswan/plugins/bliss/tests/Makefile.am
+++ b/src/libstrongswan/plugins/bliss/tests/Makefile.am
@@ -3,7 +3,6 @@ TESTS = bliss_tests
 check_PROGRAMS = $(TESTS)
 
 bliss_tests_SOURCES = \
-	suites/test_bliss_fft.c \
 	suites/test_bliss_bitpacker.c \
 	suites/test_bliss_huffman.c \
 	suites/test_bliss_keys.c \
@@ -15,6 +14,7 @@ bliss_tests_SOURCES = \
 bliss_tests_CFLAGS = \
 	-I$(top_srcdir)/src/libstrongswan \
 	-I$(top_srcdir)/src/libstrongswan/tests \
+	-I$(top_srcdir)/src/libstrongswan/math/libnttfft \
 	-I$(top_srcdir)/src/libstrongswan/plugins/bliss \
 	-DPLUGINDIR=\""$(abs_top_builddir)/src/libstrongswan/plugins\"" \
 	-DPLUGINS=\""${s_plugins}\"" \
@@ -24,4 +24,5 @@ bliss_tests_LDFLAGS = @COVERAGE_LDFLAGS@
 bliss_tests_LDADD = \
 	$(top_builddir)/src/libstrongswan/libstrongswan.la \
 	$(top_builddir)/src/libstrongswan/tests/libtest.la \
+	$(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la \
 	../libbliss.la
diff --git a/src/libstrongswan/plugins/bliss/tests/Makefile.in b/src/libstrongswan/plugins/bliss/tests/Makefile.in
index 85619c5..05f95dc 100644
--- a/src/libstrongswan/plugins/bliss/tests/Makefile.in
+++ b/src/libstrongswan/plugins/bliss/tests/Makefile.in
@@ -110,7 +110,7 @@ CONFIG_CLEAN_FILES =
 CONFIG_CLEAN_VPATH_FILES =
 am__EXEEXT_1 = bliss_tests$(EXEEXT)
 am__dirstamp = $(am__leading_dot)dirstamp
-am_bliss_tests_OBJECTS = suites/bliss_tests-test_bliss_fft.$(OBJEXT) \
+am_bliss_tests_OBJECTS =  \
 	suites/bliss_tests-test_bliss_bitpacker.$(OBJEXT) \
 	suites/bliss_tests-test_bliss_huffman.$(OBJEXT) \
 	suites/bliss_tests-test_bliss_keys.$(OBJEXT) \
@@ -122,6 +122,7 @@ bliss_tests_OBJECTS = $(am_bliss_tests_OBJECTS)
 bliss_tests_DEPENDENCIES =  \
 	$(top_builddir)/src/libstrongswan/libstrongswan.la \
 	$(top_builddir)/src/libstrongswan/tests/libtest.la \
+	$(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la \
 	../libbliss.la
 AM_V_lt = $(am__v_lt_ at AM_V@)
 am__v_lt_ = $(am__v_lt_ at AM_DEFAULT_V@)
@@ -353,7 +354,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -387,8 +387,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -442,11 +440,12 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
 bliss_tests_SOURCES = \
-	suites/test_bliss_fft.c \
 	suites/test_bliss_bitpacker.c \
 	suites/test_bliss_huffman.c \
 	suites/test_bliss_keys.c \
@@ -458,6 +457,7 @@ bliss_tests_SOURCES = \
 bliss_tests_CFLAGS = \
 	-I$(top_srcdir)/src/libstrongswan \
 	-I$(top_srcdir)/src/libstrongswan/tests \
+	-I$(top_srcdir)/src/libstrongswan/math/libnttfft \
 	-I$(top_srcdir)/src/libstrongswan/plugins/bliss \
 	-DPLUGINDIR=\""$(abs_top_builddir)/src/libstrongswan/plugins\"" \
 	-DPLUGINS=\""${s_plugins}\"" \
@@ -467,6 +467,7 @@ bliss_tests_LDFLAGS = @COVERAGE_LDFLAGS@
 bliss_tests_LDADD = \
 	$(top_builddir)/src/libstrongswan/libstrongswan.la \
 	$(top_builddir)/src/libstrongswan/tests/libtest.la \
+	$(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la \
 	../libbliss.la
 
 all: all-am
@@ -517,8 +518,6 @@ suites/$(am__dirstamp):
 suites/$(DEPDIR)/$(am__dirstamp):
 	@$(MKDIR_P) suites/$(DEPDIR)
 	@: > suites/$(DEPDIR)/$(am__dirstamp)
-suites/bliss_tests-test_bliss_fft.$(OBJEXT): suites/$(am__dirstamp) \
-	suites/$(DEPDIR)/$(am__dirstamp)
 suites/bliss_tests-test_bliss_bitpacker.$(OBJEXT):  \
 	suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
 suites/bliss_tests-test_bliss_huffman.$(OBJEXT):  \
@@ -545,7 +544,6 @@ distclean-compile:
 
 @AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/bliss_tests-bliss_tests.Po at am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/bliss_tests-test_bliss_bitpacker.Po at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/bliss_tests-test_bliss_fft.Po at am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/bliss_tests-test_bliss_huffman.Po at am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/bliss_tests-test_bliss_keys.Po at am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/bliss_tests-test_bliss_sampler.Po at am__quote@
@@ -576,20 +574,6 @@ distclean-compile:
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC at am__nodep@)$(LTCOMPILE) -c -o $@ $<
 
-suites/bliss_tests-test_bliss_fft.o: suites/test_bliss_fft.c
- at am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bliss_tests_CFLAGS) $(CFLAGS) -MT suites/bliss_tests-test_bliss_fft.o -MD -MP -MF suites/$(DEPDIR)/bliss_tests-test_bliss_fft.Tpo -c -o suites/bliss_tests-test_bliss_fft.o `test -f 'suites/test_bliss_fft.c' || echo '$(srcdir)/'`suites/test_bliss_fft.c
- at am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) suites/$(DEPDIR)/bliss_tests-test_bliss_fft.Tpo suites/$(DEPDIR)/bliss_tests-test_bliss_fft.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='suites/test_bliss_fft.c' object='suites/bliss_tests-test_bliss_fft.o' libtool=no @AMDEPBACKSLASH@
- at AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@	$(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bliss_tests_CFLAGS) $(CFLAGS) -c -o suites/bliss_tests-test_bliss_fft.o `test -f 'suites/test_bliss_fft.c' || echo '$(srcdir)/'`suites/test_bliss_fft.c
-
-suites/bliss_tests-test_bliss_fft.obj: suites/test_bliss_fft.c
- at am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bliss_tests_CFLAGS) $(CFLAGS) -MT suites/bliss_tests-test_bliss_fft.obj -MD -MP -MF suites/$(DEPDIR)/bliss_tests-test_bliss_fft.Tpo -c -o suites/bliss_tests-test_bliss_fft.obj `if test -f 'suites/test_bliss_fft.c'; then $(CYGPATH_W) 'suites/test_bliss_fft.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_bliss_fft.c'; fi`
- at am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) suites/$(DEPDIR)/bliss_tests-test_bliss_fft.Tpo suites/$(DEPDIR)/bliss_tests-test_bliss_fft.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='suites/test_bliss_fft.c' object='suites/bliss_tests-test_bliss_fft.obj' libtool=no @AMDEPBACKSLASH@
- at AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@	$(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bliss_tests_CFLAGS) $(CFLAGS) -c -o suites/bliss_tests-test_bliss_fft.obj `if test -f 'suites/test_bliss_fft.c'; then $(CYGPATH_W) 'suites/test_bliss_fft.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_bliss_fft.c'; fi`
-
 suites/bliss_tests-test_bliss_bitpacker.o: suites/test_bliss_bitpacker.c
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bliss_tests_CFLAGS) $(CFLAGS) -MT suites/bliss_tests-test_bliss_bitpacker.o -MD -MP -MF suites/$(DEPDIR)/bliss_tests-test_bliss_bitpacker.Tpo -c -o suites/bliss_tests-test_bliss_bitpacker.o `test -f 'suites/test_bliss_bitpacker.c' || echo '$(srcdir)/'`suites/test_bliss_bitpacker.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) suites/$(DEPDIR)/bliss_tests-test_bliss_bitpacker.Tpo suites/$(DEPDIR)/bliss_tests-test_bliss_bitpacker.Po
diff --git a/src/libstrongswan/plugins/bliss/tests/bliss_tests.h b/src/libstrongswan/plugins/bliss/tests/bliss_tests.h
index f0959cc..61f37d5 100644
--- a/src/libstrongswan/plugins/bliss/tests/bliss_tests.h
+++ b/src/libstrongswan/plugins/bliss/tests/bliss_tests.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2015 Andreas Steffen
+ * Copyright (C) 2014-2016 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -13,7 +13,6 @@
  * for more details.
  */
 
-TEST_SUITE(bliss_fft_suite_create)
 TEST_SUITE(bliss_bitpacker_suite_create)
 TEST_SUITE(bliss_huffman_suite_create)
 TEST_SUITE(bliss_keys_suite_create)
diff --git a/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_sampler.c b/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_sampler.c
index 1bd1266..26c5b60 100644
--- a/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_sampler.c
+++ b/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_sampler.c
@@ -22,16 +22,16 @@ static u_int key_size[] = { 1, 3, 4};
 START_TEST(test_bliss_sampler_gaussian)
 {
 	bliss_sampler_t *sampler;
-	bliss_param_set_t *set;
+	const bliss_param_set_t *set;
 	int i, k, count;
 	uint32_t hist[8], sign[3];
 	int32_t z;
-	hash_algorithm_t alg;
+	ext_out_function_t alg;
 	size_t seed_len;
 	chunk_t seed;
 
 	set = bliss_param_set_get_by_id(key_size[_i]);
-	alg = HASH_SHA256;
+	alg = XOF_MGF1_SHA256;
 	seed_len = 32;
 	count = 10000000;
 
diff --git a/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_signature.c b/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_signature.c
index 2a2f48c..6f56650 100644
--- a/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_signature.c
+++ b/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_signature.c
@@ -95,8 +95,8 @@ static chunk_t data = chunk_from_chars(
 
 START_TEST(test_bliss_signature_fail)
 {
-	bliss_param_set_t set2 = { .id = BLISS_B_II };
-	bliss_param_set_t *set;
+	const bliss_param_set_t set2 = { .id = BLISS_B_II };
+	const bliss_param_set_t *set;
 	bliss_signature_t *signature;
 	chunk_t encoding;
 	int k;
diff --git a/src/libstrongswan/plugins/blowfish/Makefile.in b/src/libstrongswan/plugins/blowfish/Makefile.in
index d543311..895af62 100644
--- a/src/libstrongswan/plugins/blowfish/Makefile.in
+++ b/src/libstrongswan/plugins/blowfish/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/ccm/Makefile.in b/src/libstrongswan/plugins/ccm/Makefile.in
index d93b047..39caacd 100644
--- a/src/libstrongswan/plugins/ccm/Makefile.in
+++ b/src/libstrongswan/plugins/ccm/Makefile.in
@@ -350,7 +350,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -384,8 +383,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -439,6 +436,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/chapoly/Makefile.am b/src/libstrongswan/plugins/chapoly/Makefile.am
index 1753de0..d6d577c 100644
--- a/src/libstrongswan/plugins/chapoly/Makefile.am
+++ b/src/libstrongswan/plugins/chapoly/Makefile.am
@@ -15,7 +15,8 @@ libstrongswan_chapoly_la_SOURCES = \
 	chapoly_plugin.h chapoly_plugin.c \
 	chapoly_drv.h chapoly_drv.c \
 	chapoly_drv_portable.h chapoly_drv_portable.c \
-	chapoly_aead.h chapoly_aead.c
+	chapoly_aead.h chapoly_aead.c \
+	chapoly_xof.h chapoly_xof.c
 
 noinst_LTLIBRARIES += libchapoly-drv-ssse3.la
 libchapoly_drv_ssse3_la_SOURCES = chapoly_drv_ssse3.h chapoly_drv_ssse3.c
diff --git a/src/libstrongswan/plugins/chapoly/Makefile.in b/src/libstrongswan/plugins/chapoly/Makefile.in
index d5b77a9..c0de9d8 100644
--- a/src/libstrongswan/plugins/chapoly/Makefile.in
+++ b/src/libstrongswan/plugins/chapoly/Makefile.in
@@ -152,7 +152,7 @@ libchapoly_drv_ssse3_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
 	$(LDFLAGS) -o $@
 libstrongswan_chapoly_la_DEPENDENCIES = libchapoly-drv-ssse3.la
 am_libstrongswan_chapoly_la_OBJECTS = chapoly_plugin.lo chapoly_drv.lo \
-	chapoly_drv_portable.lo chapoly_aead.lo
+	chapoly_drv_portable.lo chapoly_aead.lo chapoly_xof.lo
 libstrongswan_chapoly_la_OBJECTS =  \
 	$(am_libstrongswan_chapoly_la_OBJECTS)
 libstrongswan_chapoly_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
@@ -365,7 +365,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -399,8 +398,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -454,6 +451,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
@@ -469,7 +468,8 @@ libstrongswan_chapoly_la_SOURCES = \
 	chapoly_plugin.h chapoly_plugin.c \
 	chapoly_drv.h chapoly_drv.c \
 	chapoly_drv_portable.h chapoly_drv_portable.c \
-	chapoly_aead.h chapoly_aead.c
+	chapoly_aead.h chapoly_aead.c \
+	chapoly_xof.h chapoly_xof.c
 
 libchapoly_drv_ssse3_la_SOURCES = chapoly_drv_ssse3.h chapoly_drv_ssse3.c
 @USE_X86X64_TRUE at libchapoly_drv_ssse3_la_CFLAGS = $(PLUGIN_CFLAGS) -mssse3
@@ -573,6 +573,7 @@ distclean-compile:
 @AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/chapoly_drv.Plo at am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/chapoly_drv_portable.Plo at am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/chapoly_plugin.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/chapoly_xof.Plo at am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/libchapoly_drv_ssse3_la-chapoly_drv_ssse3.Plo at am__quote@
 
 .c.o:
diff --git a/src/libstrongswan/plugins/chapoly/chapoly_plugin.c b/src/libstrongswan/plugins/chapoly/chapoly_plugin.c
index 02e7121..447960b 100644
--- a/src/libstrongswan/plugins/chapoly/chapoly_plugin.c
+++ b/src/libstrongswan/plugins/chapoly/chapoly_plugin.c
@@ -15,6 +15,7 @@
 
 #include "chapoly_plugin.h"
 #include "chapoly_aead.h"
+#include "chapoly_xof.h"
 
 #include <library.h>
 
@@ -43,6 +44,8 @@ METHOD(plugin_t, get_features, int,
 	static plugin_feature_t f[] = {
 		PLUGIN_REGISTER(AEAD, chapoly_aead_create),
 			PLUGIN_PROVIDE(AEAD, ENCR_CHACHA20_POLY1305, 32),
+		PLUGIN_REGISTER(XOF, chapoly_xof_create),
+			PLUGIN_PROVIDE(XOF, XOF_CHACHA20),
 	};
 	*features = f;
 	return countof(f);
diff --git a/src/libstrongswan/plugins/chapoly/chapoly_xof.c b/src/libstrongswan/plugins/chapoly/chapoly_xof.c
new file mode 100644
index 0000000..2740a55
--- /dev/null
+++ b/src/libstrongswan/plugins/chapoly/chapoly_xof.c
@@ -0,0 +1,173 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "chapoly_xof.h"
+#include "chapoly_drv.h"
+
+typedef struct private_chapoly_xof_t private_chapoly_xof_t;
+
+/**
+ * Private data of an chapoly_xof_t object.
+ */
+struct private_chapoly_xof_t {
+
+	/**
+	 * Public chapoly_xof_t interface.
+	 */
+	chapoly_xof_t public;
+
+	/**
+	 * Latest block of the ChaCha20 stream.
+	 */
+	uint8_t stream[CHACHA_BLOCK_SIZE];
+
+	/**
+	 * Index pointing to the current position in the stream
+	 */
+	u_int stream_index;
+
+	/**
+	 * Driver backend
+	 */
+	chapoly_drv_t *drv;
+};
+
+METHOD(xof_t, get_type, ext_out_function_t,
+	private_chapoly_xof_t *this)
+{
+	return XOF_CHACHA20;
+}
+
+METHOD(xof_t, get_bytes, bool,
+	private_chapoly_xof_t *this, size_t out_len, uint8_t *buffer)
+{
+	size_t index = 0, len, blocks;
+
+	/* empty the stream buffer first */
+	len = min(out_len, CHACHA_BLOCK_SIZE - this->stream_index);
+	if (len)
+	{
+		memcpy(buffer, this->stream + this->stream_index, len);
+		index += len;
+		this->stream_index += len;
+	}
+
+	/* copy whole stream blocks directly to output buffer */
+	blocks = (out_len - index) / CHACHA_BLOCK_SIZE;	
+	while (blocks--)
+	{
+		if (!this->drv->chacha(this->drv, buffer + index))
+		{
+			return FALSE;
+		}
+		index += CHACHA_BLOCK_SIZE;
+	}	
+	
+	/* refill the stream buffer if some more output bytes are needed */
+	len = out_len - index;
+	if (len)
+	{
+		if (!this->drv->chacha(this->drv, this->stream))
+		{
+			return FALSE;
+		}
+		memcpy(buffer + index, this->stream, len);
+		this->stream_index = len;
+	}		
+	
+	return TRUE;
+}
+
+METHOD(xof_t, allocate_bytes, bool,
+	private_chapoly_xof_t *this, size_t out_len, chunk_t *chunk)
+{
+	*chunk = chunk_alloc(out_len);
+
+	if (!get_bytes(this, out_len, chunk->ptr))
+	{
+		chunk_free(chunk);
+		return FALSE;
+	}
+
+	return TRUE;
+}
+
+METHOD(xof_t, get_block_size, size_t,
+	private_chapoly_xof_t *this)
+{
+	return CHACHA_BLOCK_SIZE;
+}
+
+METHOD(xof_t, get_seed_size, size_t,
+	private_chapoly_xof_t *this)
+{
+	return CHACHA_KEY_SIZE + CHACHA_SALT_SIZE + CHACHA_IV_SIZE;
+}
+
+METHOD(xof_t, set_seed, bool,
+	private_chapoly_xof_t *this, chunk_t seed)
+{
+	this->stream_index = CHACHA_BLOCK_SIZE;
+
+	return  seed.len == get_seed_size(this) &&
+			this->drv->set_key(this->drv, "expand 32-byte k",
+							seed.ptr, seed.ptr + CHACHA_KEY_SIZE) &&
+			this->drv->init(this->drv,
+						 	seed.ptr + CHACHA_KEY_SIZE + CHACHA_SALT_SIZE);
+}
+
+METHOD(xof_t, destroy, void,
+	private_chapoly_xof_t *this)
+{
+	this->drv->destroy(this->drv);
+	free(this);
+}
+
+/**
+ * See header
+ */
+chapoly_xof_t *chapoly_xof_create(ext_out_function_t algorithm)
+{
+	private_chapoly_xof_t *this;
+	chapoly_drv_t *drv;
+
+	if (algorithm != XOF_CHACHA20)
+	{
+		return NULL;
+	}
+
+	drv = chapoly_drv_probe();
+	if (!drv)
+	{
+		return NULL;
+	}
+
+	INIT(this,
+		.public = {
+			.xof_interface = {
+				.get_type = _get_type,
+				.get_bytes = _get_bytes,
+				.allocate_bytes = _allocate_bytes,
+				.get_block_size = _get_block_size,
+				.get_seed_size = _get_seed_size,
+				.set_seed = _set_seed,
+				.destroy = _destroy,
+			},
+		},
+		.drv = drv,
+	);
+
+	return &this->public;
+}
diff --git a/src/libstrongswan/plugins/chapoly/chapoly_xof.h b/src/libstrongswan/plugins/chapoly/chapoly_xof.h
new file mode 100644
index 0000000..cd0586f
--- /dev/null
+++ b/src/libstrongswan/plugins/chapoly/chapoly_xof.h
@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup chapoly_xof chapoly_xof
+ * @{ @ingroup chapoly
+ */
+
+#ifndef CHAPOLY_XOF_H_
+#define CHAPOLY_XOF_H_
+
+#include <crypto/aead.h>
+
+typedef struct chapoly_xof_t chapoly_xof_t;
+
+/**
+ * ChaCha20 XOF implementation
+ *
+ * Based on RFC 7539 ChaCha20 stream initialized with block counter = 1
+ */
+struct chapoly_xof_t {
+
+	/**
+	 * Generic xof_t interface for this Extended Output Function (XOF).
+	 */
+	xof_t xof_interface;
+};
+
+/**
+ * Create a chapoly_xof instance.
+ *
+ * @param algorithm		XOF_CHACHA20
+ * @return				chapoly_xof_t object, NULL if not supported
+ */
+chapoly_xof_t *chapoly_xof_create(ext_out_function_t algorithm);
+
+#endif /** CHAPOLY_XOF_H_ @}*/
diff --git a/src/libstrongswan/plugins/cmac/Makefile.in b/src/libstrongswan/plugins/cmac/Makefile.in
index 2703dc4..24702df 100644
--- a/src/libstrongswan/plugins/cmac/Makefile.in
+++ b/src/libstrongswan/plugins/cmac/Makefile.in
@@ -350,7 +350,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -384,8 +383,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -439,6 +436,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/constraints/Makefile.in b/src/libstrongswan/plugins/constraints/Makefile.in
index 90fd6bd..56b4835 100644
--- a/src/libstrongswan/plugins/constraints/Makefile.in
+++ b/src/libstrongswan/plugins/constraints/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/ctr/Makefile.in b/src/libstrongswan/plugins/ctr/Makefile.in
index 94a7f11..16d177e 100644
--- a/src/libstrongswan/plugins/ctr/Makefile.in
+++ b/src/libstrongswan/plugins/ctr/Makefile.in
@@ -350,7 +350,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -384,8 +383,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -439,6 +436,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/curl/Makefile.in b/src/libstrongswan/plugins/curl/Makefile.in
index 5092c54..7aad683 100644
--- a/src/libstrongswan/plugins/curl/Makefile.in
+++ b/src/libstrongswan/plugins/curl/Makefile.in
@@ -350,7 +350,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -384,8 +383,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -439,6 +436,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/des/Makefile.in b/src/libstrongswan/plugins/des/Makefile.in
index c2e49b6..7890585 100644
--- a/src/libstrongswan/plugins/des/Makefile.in
+++ b/src/libstrongswan/plugins/des/Makefile.in
@@ -350,7 +350,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -384,8 +383,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -439,6 +436,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/dnskey/Makefile.in b/src/libstrongswan/plugins/dnskey/Makefile.in
index 1481f8d..327ebd3 100644
--- a/src/libstrongswan/plugins/dnskey/Makefile.in
+++ b/src/libstrongswan/plugins/dnskey/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/files/Makefile.in b/src/libstrongswan/plugins/files/Makefile.in
index 7623a95..4bfe127 100644
--- a/src/libstrongswan/plugins/files/Makefile.in
+++ b/src/libstrongswan/plugins/files/Makefile.in
@@ -351,7 +351,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -385,8 +384,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -440,6 +437,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/fips_prf/Makefile.in b/src/libstrongswan/plugins/fips_prf/Makefile.in
index 7c2ae7c..cceb705 100644
--- a/src/libstrongswan/plugins/fips_prf/Makefile.in
+++ b/src/libstrongswan/plugins/fips_prf/Makefile.in
@@ -352,7 +352,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -386,8 +385,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -441,6 +438,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/gcm/Makefile.in b/src/libstrongswan/plugins/gcm/Makefile.in
index eb4a0ae..fb649f4 100644
--- a/src/libstrongswan/plugins/gcm/Makefile.in
+++ b/src/libstrongswan/plugins/gcm/Makefile.in
@@ -350,7 +350,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -384,8 +383,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -439,6 +436,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/gcrypt/Makefile.in b/src/libstrongswan/plugins/gcrypt/Makefile.in
index 727cc24..f2396f4 100644
--- a/src/libstrongswan/plugins/gcrypt/Makefile.in
+++ b/src/libstrongswan/plugins/gcrypt/Makefile.in
@@ -354,7 +354,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -388,8 +387,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -443,6 +440,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c
index 938a464..15b876b 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c
@@ -206,16 +206,16 @@ METHOD(private_key_t, sign, bool,
 	{
 		case SIGN_RSA_EMSA_PKCS1_NULL:
 			return sign_raw(this, data, sig);
-		case SIGN_RSA_EMSA_PKCS1_SHA1:
-			return sign_pkcs1(this, HASH_SHA1, "sha1", data, sig);
-		case SIGN_RSA_EMSA_PKCS1_SHA224:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_224:
 			return sign_pkcs1(this, HASH_SHA224, "sha224", data, sig);
-		case SIGN_RSA_EMSA_PKCS1_SHA256:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_256:
 			return sign_pkcs1(this, HASH_SHA256, "sha256", data, sig);
-		case SIGN_RSA_EMSA_PKCS1_SHA384:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_384:
 			return sign_pkcs1(this, HASH_SHA384, "sha384", data, sig);
-		case SIGN_RSA_EMSA_PKCS1_SHA512:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_512:
 			return sign_pkcs1(this, HASH_SHA512, "sha512", data, sig);
+		case SIGN_RSA_EMSA_PKCS1_SHA1:
+			return sign_pkcs1(this, HASH_SHA1, "sha1", data, sig);
 		case SIGN_RSA_EMSA_PKCS1_MD5:
 			return sign_pkcs1(this, HASH_MD5, "md5", data, sig);
 		default:
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c
index 291287a..90829e0 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c
@@ -173,18 +173,18 @@ METHOD(public_key_t, verify, bool,
 	{
 		case SIGN_RSA_EMSA_PKCS1_NULL:
 			return verify_raw(this, data, signature);
-		case SIGN_RSA_EMSA_PKCS1_MD5:
-			return verify_pkcs1(this, HASH_MD5, "md5", data, signature);
-		case SIGN_RSA_EMSA_PKCS1_SHA1:
-			return verify_pkcs1(this, HASH_SHA1, "sha1", data, signature);
-		case SIGN_RSA_EMSA_PKCS1_SHA224:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_224:
 			return verify_pkcs1(this, HASH_SHA224, "sha224", data, signature);
-		case SIGN_RSA_EMSA_PKCS1_SHA256:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_256:
 			return verify_pkcs1(this, HASH_SHA256, "sha256", data, signature);
-		case SIGN_RSA_EMSA_PKCS1_SHA384:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_384:
 			return verify_pkcs1(this, HASH_SHA384, "sha384", data, signature);
-		case SIGN_RSA_EMSA_PKCS1_SHA512:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_512:
 			return verify_pkcs1(this, HASH_SHA512, "sha512", data, signature);
+		case SIGN_RSA_EMSA_PKCS1_SHA1:
+			return verify_pkcs1(this, HASH_SHA1, "sha1", data, signature);
+		case SIGN_RSA_EMSA_PKCS1_MD5:
+			return verify_pkcs1(this, HASH_MD5, "md5", data, signature);
 		default:
 			DBG1(DBG_LIB, "signature scheme %N not supported in RSA",
 				 signature_scheme_names, scheme);
diff --git a/src/libstrongswan/plugins/gmp/Makefile.in b/src/libstrongswan/plugins/gmp/Makefile.in
index 32d5beb..bee1f80 100644
--- a/src/libstrongswan/plugins/gmp/Makefile.in
+++ b/src/libstrongswan/plugins/gmp/Makefile.in
@@ -351,7 +351,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -385,8 +384,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -440,6 +437,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/gmp/gmp_plugin.c b/src/libstrongswan/plugins/gmp/gmp_plugin.c
index ea75896..c759753 100644
--- a/src/libstrongswan/plugins/gmp/gmp_plugin.c
+++ b/src/libstrongswan/plugins/gmp/gmp_plugin.c
@@ -80,30 +80,46 @@ METHOD(plugin_t, get_features, int,
 			PLUGIN_PROVIDE(PUBKEY, KEY_RSA),
 		/* signature schemes, private */
 		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_NULL),
-		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA1),
-			PLUGIN_DEPENDS(HASHER, HASH_SHA1),
-		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA224),
+		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_224),
 			PLUGIN_DEPENDS(HASHER, HASH_SHA224),
-		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA256),
+		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_256),
 			PLUGIN_DEPENDS(HASHER, HASH_SHA256),
-		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA384),
+		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_384),
 			PLUGIN_DEPENDS(HASHER, HASH_SHA384),
-		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA512),
+		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_512),
 			PLUGIN_DEPENDS(HASHER, HASH_SHA512),
+		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA3_224),
+			PLUGIN_DEPENDS(HASHER, HASH_SHA3_224),
+		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA3_256),
+			PLUGIN_DEPENDS(HASHER, HASH_SHA3_256),
+		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA3_384),
+			PLUGIN_DEPENDS(HASHER, HASH_SHA3_384),
+		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA3_512),
+			PLUGIN_DEPENDS(HASHER, HASH_SHA3_512),
+		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA1),
+			PLUGIN_DEPENDS(HASHER, HASH_SHA1),
 		PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_MD5),
 			PLUGIN_DEPENDS(HASHER, HASH_MD5),
 		/* signature verification schemes */
 		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_NULL),
-		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1),
-			PLUGIN_DEPENDS(HASHER, HASH_SHA1),
-		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA224),
+		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_224),
 			PLUGIN_DEPENDS(HASHER, HASH_SHA224),
-		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA256),
+		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_256),
 			PLUGIN_DEPENDS(HASHER, HASH_SHA256),
-		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA384),
+		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_384),
 			PLUGIN_DEPENDS(HASHER, HASH_SHA384),
-		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA512),
+		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_512),
 			PLUGIN_DEPENDS(HASHER, HASH_SHA512),
+		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA3_224),
+			PLUGIN_DEPENDS(HASHER, HASH_SHA3_224),
+		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA3_256),
+			PLUGIN_DEPENDS(HASHER, HASH_SHA3_256),
+		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA3_384),
+			PLUGIN_DEPENDS(HASHER, HASH_SHA3_384),
+		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA3_512),
+			PLUGIN_DEPENDS(HASHER, HASH_SHA3_512),
+		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1),
+			PLUGIN_DEPENDS(HASHER, HASH_SHA1),
 		PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_MD5),
 			PLUGIN_DEPENDS(HASHER, HASH_MD5),
 		/* en-/decryption schemes */
diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
index e5d418e..21b4208 100644
--- a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
+++ b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
@@ -347,16 +347,24 @@ METHOD(private_key_t, sign, bool,
 	{
 		case SIGN_RSA_EMSA_PKCS1_NULL:
 			return build_emsa_pkcs1_signature(this, HASH_UNKNOWN, data, signature);
-		case SIGN_RSA_EMSA_PKCS1_SHA1:
-			return build_emsa_pkcs1_signature(this, HASH_SHA1, data, signature);
-		case SIGN_RSA_EMSA_PKCS1_SHA224:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_224:
 			return build_emsa_pkcs1_signature(this, HASH_SHA224, data, signature);
-		case SIGN_RSA_EMSA_PKCS1_SHA256:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_256:
 			return build_emsa_pkcs1_signature(this, HASH_SHA256, data, signature);
-		case SIGN_RSA_EMSA_PKCS1_SHA384:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_384:
 			return build_emsa_pkcs1_signature(this, HASH_SHA384, data, signature);
-		case SIGN_RSA_EMSA_PKCS1_SHA512:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_512:
 			return build_emsa_pkcs1_signature(this, HASH_SHA512, data, signature);
+		case SIGN_RSA_EMSA_PKCS1_SHA3_224:
+			return build_emsa_pkcs1_signature(this, HASH_SHA3_224, data, signature);
+		case SIGN_RSA_EMSA_PKCS1_SHA3_256:
+			return build_emsa_pkcs1_signature(this, HASH_SHA3_256, data, signature);
+		case SIGN_RSA_EMSA_PKCS1_SHA3_384:
+			return build_emsa_pkcs1_signature(this, HASH_SHA3_384, data, signature);
+		case SIGN_RSA_EMSA_PKCS1_SHA3_512:
+			return build_emsa_pkcs1_signature(this, HASH_SHA3_512, data, signature);
+		case SIGN_RSA_EMSA_PKCS1_SHA1:
+			return build_emsa_pkcs1_signature(this, HASH_SHA1, data, signature);
 		case SIGN_RSA_EMSA_PKCS1_MD5:
 			return build_emsa_pkcs1_signature(this, HASH_MD5, data, signature);
 		default:
diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
index e738908..2b2c7f2 100644
--- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
+++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
@@ -291,18 +291,26 @@ METHOD(public_key_t, verify, bool,
 	{
 		case SIGN_RSA_EMSA_PKCS1_NULL:
 			return verify_emsa_pkcs1_signature(this, HASH_UNKNOWN, data, signature);
-		case SIGN_RSA_EMSA_PKCS1_MD5:
-			return verify_emsa_pkcs1_signature(this, HASH_MD5, data, signature);
-		case SIGN_RSA_EMSA_PKCS1_SHA1:
-			return verify_emsa_pkcs1_signature(this, HASH_SHA1, data, signature);
-		case SIGN_RSA_EMSA_PKCS1_SHA224:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_224:
 			return verify_emsa_pkcs1_signature(this, HASH_SHA224, data, signature);
-		case SIGN_RSA_EMSA_PKCS1_SHA256:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_256:
 			return verify_emsa_pkcs1_signature(this, HASH_SHA256, data, signature);
-		case SIGN_RSA_EMSA_PKCS1_SHA384:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_384:
 			return verify_emsa_pkcs1_signature(this, HASH_SHA384, data, signature);
-		case SIGN_RSA_EMSA_PKCS1_SHA512:
+		case SIGN_RSA_EMSA_PKCS1_SHA2_512:
 			return verify_emsa_pkcs1_signature(this, HASH_SHA512, data, signature);
+		case SIGN_RSA_EMSA_PKCS1_SHA3_224:
+			return verify_emsa_pkcs1_signature(this, HASH_SHA3_224, data, signature);
+		case SIGN_RSA_EMSA_PKCS1_SHA3_256:
+			return verify_emsa_pkcs1_signature(this, HASH_SHA3_256, data, signature);
+		case SIGN_RSA_EMSA_PKCS1_SHA3_384:
+			return verify_emsa_pkcs1_signature(this, HASH_SHA3_384, data, signature);
+		case SIGN_RSA_EMSA_PKCS1_SHA3_512:
+			return verify_emsa_pkcs1_signature(this, HASH_SHA3_512, data, signature);
+		case SIGN_RSA_EMSA_PKCS1_SHA1:
+			return verify_emsa_pkcs1_signature(this, HASH_SHA1, data, signature);
+		case SIGN_RSA_EMSA_PKCS1_MD5:
+			return verify_emsa_pkcs1_signature(this, HASH_MD5, data, signature);
 		default:
 			DBG1(DBG_LIB, "signature scheme %N not supported in RSA",
 				 signature_scheme_names, scheme);
diff --git a/src/libstrongswan/plugins/hmac/Makefile.in b/src/libstrongswan/plugins/hmac/Makefile.in
index 6d8a845..c6e4e8d 100644
--- a/src/libstrongswan/plugins/hmac/Makefile.in
+++ b/src/libstrongswan/plugins/hmac/Makefile.in
@@ -350,7 +350,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -384,8 +383,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -439,6 +436,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/keychain/Makefile.in b/src/libstrongswan/plugins/keychain/Makefile.in
index e290c80..1f5ae35 100644
--- a/src/libstrongswan/plugins/keychain/Makefile.in
+++ b/src/libstrongswan/plugins/keychain/Makefile.in
@@ -353,7 +353,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -387,8 +386,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -442,6 +439,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/ldap/Makefile.in b/src/libstrongswan/plugins/ldap/Makefile.in
index 429cd9e..9c448cd 100644
--- a/src/libstrongswan/plugins/ldap/Makefile.in
+++ b/src/libstrongswan/plugins/ldap/Makefile.in
@@ -350,7 +350,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -384,8 +383,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -439,6 +436,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/ldap/ldap_fetcher.c b/src/libstrongswan/plugins/ldap/ldap_fetcher.c
index fe4c555..635d5fc 100644
--- a/src/libstrongswan/plugins/ldap/ldap_fetcher.c
+++ b/src/libstrongswan/plugins/ldap/ldap_fetcher.c
@@ -93,8 +93,7 @@ static bool parse(LDAP *ldap, LDAPMessage *result, chunk_t *response)
 	}
 	else
 	{
-		DBG1(DBG_LIB, "finding first LDAP entry failed: %s",
-			 ldap_err2string(ldap_result2error(ldap, entry, 0)));
+		DBG1(DBG_LIB, "finding first LDAP entry failed");
 	}
 	return success;
 }
diff --git a/src/libstrongswan/plugins/md4/Makefile.in b/src/libstrongswan/plugins/md4/Makefile.in
index 669856c..d336a53 100644
--- a/src/libstrongswan/plugins/md4/Makefile.in
+++ b/src/libstrongswan/plugins/md4/Makefile.in
@@ -350,7 +350,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -384,8 +383,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -439,6 +436,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/md5/Makefile.in b/src/libstrongswan/plugins/md5/Makefile.in
index d937ca3..a31d0a2 100644
--- a/src/libstrongswan/plugins/md5/Makefile.in
+++ b/src/libstrongswan/plugins/md5/Makefile.in
@@ -350,7 +350,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -384,8 +383,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -439,6 +436,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/mgf1/Makefile.am b/src/libstrongswan/plugins/mgf1/Makefile.am
new file mode 100644
index 0000000..8df227f
--- /dev/null
+++ b/src/libstrongswan/plugins/mgf1/Makefile.am
@@ -0,0 +1,17 @@
+AM_CPPFLAGS = \
+	-I$(top_srcdir)/src/libstrongswan
+
+AM_CFLAGS = \
+	$(PLUGIN_CFLAGS)
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-mgf1.la
+else
+plugin_LTLIBRARIES = libstrongswan-mgf1.la
+endif
+
+libstrongswan_mgf1_la_SOURCES = \
+	mgf1_plugin.h mgf1_plugin.c \
+	mgf1_xof.h mgf1_xof.c
+
+libstrongswan_mgf1_la_LDFLAGS = -module -avoid-version
diff --git a/src/libstrongswan/plugins/xcbc/Makefile.in b/src/libstrongswan/plugins/mgf1/Makefile.in
similarity index 94%
copy from src/libstrongswan/plugins/xcbc/Makefile.in
copy to src/libstrongswan/plugins/mgf1/Makefile.in
index 98fad6f..189e214 100644
--- a/src/libstrongswan/plugins/xcbc/Makefile.in
+++ b/src/libstrongswan/plugins/mgf1/Makefile.in
@@ -88,7 +88,7 @@ PRE_UNINSTALL = :
 POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
-subdir = src/libstrongswan/plugins/xcbc
+subdir = src/libstrongswan/plugins/mgf1
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
 	$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -136,19 +136,19 @@ am__uninstall_files_from_dir = { \
   }
 am__installdirs = "$(DESTDIR)$(plugindir)"
 LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
-libstrongswan_xcbc_la_LIBADD =
-am_libstrongswan_xcbc_la_OBJECTS = xcbc_plugin.lo xcbc.lo
-libstrongswan_xcbc_la_OBJECTS = $(am_libstrongswan_xcbc_la_OBJECTS)
+libstrongswan_mgf1_la_LIBADD =
+am_libstrongswan_mgf1_la_OBJECTS = mgf1_plugin.lo mgf1_xof.lo
+libstrongswan_mgf1_la_OBJECTS = $(am_libstrongswan_mgf1_la_OBJECTS)
 AM_V_lt = $(am__v_lt_ at AM_V@)
 am__v_lt_ = $(am__v_lt_ at AM_DEFAULT_V@)
 am__v_lt_0 = --silent
 am__v_lt_1 = 
-libstrongswan_xcbc_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
+libstrongswan_mgf1_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
 	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
-	$(AM_CFLAGS) $(CFLAGS) $(libstrongswan_xcbc_la_LDFLAGS) \
+	$(AM_CFLAGS) $(CFLAGS) $(libstrongswan_mgf1_la_LDFLAGS) \
 	$(LDFLAGS) -o $@
- at MONOLITHIC_FALSE@am_libstrongswan_xcbc_la_rpath = -rpath $(plugindir)
- at MONOLITHIC_TRUE@am_libstrongswan_xcbc_la_rpath =
+ at MONOLITHIC_FALSE@am_libstrongswan_mgf1_la_rpath = -rpath $(plugindir)
+ at MONOLITHIC_TRUE@am_libstrongswan_mgf1_la_rpath =
 AM_V_P = $(am__v_P_ at AM_V@)
 am__v_P_ = $(am__v_P_ at AM_DEFAULT_V@)
 am__v_P_0 = false
@@ -183,8 +183,8 @@ AM_V_CCLD = $(am__v_CCLD_ at AM_V@)
 am__v_CCLD_ = $(am__v_CCLD_ at AM_DEFAULT_V@)
 am__v_CCLD_0 = @echo "  CCLD    " $@;
 am__v_CCLD_1 = 
-SOURCES = $(libstrongswan_xcbc_la_SOURCES)
-DIST_SOURCES = $(libstrongswan_xcbc_la_SOURCES)
+SOURCES = $(libstrongswan_mgf1_la_SOURCES)
+DIST_SOURCES = $(libstrongswan_mgf1_la_SOURCES)
 am__can_run_installinfo = \
   case $$AM_UPDATE_INFO_DIR in \
     n|no|NO) false;; \
@@ -350,7 +350,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -384,8 +383,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -439,6 +436,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
@@ -448,12 +447,13 @@ AM_CPPFLAGS = \
 AM_CFLAGS = \
 	$(PLUGIN_CFLAGS)
 
- at MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-xcbc.la
- at MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-xcbc.la
-libstrongswan_xcbc_la_SOURCES = \
-	xcbc_plugin.h xcbc_plugin.c xcbc.h xcbc.c
+ at MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-mgf1.la
+ at MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-mgf1.la
+libstrongswan_mgf1_la_SOURCES = \
+	mgf1_plugin.h mgf1_plugin.c \
+	mgf1_xof.h mgf1_xof.c
 
-libstrongswan_xcbc_la_LDFLAGS = -module -avoid-version
+libstrongswan_mgf1_la_LDFLAGS = -module -avoid-version
 all: all-am
 
 .SUFFIXES:
@@ -467,9 +467,9 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	      exit 1;; \
 	  esac; \
 	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/xcbc/Makefile'; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/mgf1/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
-	  $(AUTOMAKE) --gnu src/libstrongswan/plugins/xcbc/Makefile
+	  $(AUTOMAKE) --gnu src/libstrongswan/plugins/mgf1/Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
@@ -534,8 +534,8 @@ clean-pluginLTLIBRARIES:
 	  rm -f $${locs}; \
 	}
 
-libstrongswan-xcbc.la: $(libstrongswan_xcbc_la_OBJECTS) $(libstrongswan_xcbc_la_DEPENDENCIES) $(EXTRA_libstrongswan_xcbc_la_DEPENDENCIES) 
-	$(AM_V_CCLD)$(libstrongswan_xcbc_la_LINK) $(am_libstrongswan_xcbc_la_rpath) $(libstrongswan_xcbc_la_OBJECTS) $(libstrongswan_xcbc_la_LIBADD) $(LIBS)
+libstrongswan-mgf1.la: $(libstrongswan_mgf1_la_OBJECTS) $(libstrongswan_mgf1_la_DEPENDENCIES) $(EXTRA_libstrongswan_mgf1_la_DEPENDENCIES) 
+	$(AM_V_CCLD)$(libstrongswan_mgf1_la_LINK) $(am_libstrongswan_mgf1_la_rpath) $(libstrongswan_mgf1_la_OBJECTS) $(libstrongswan_mgf1_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -543,8 +543,8 @@ mostlyclean-compile:
 distclean-compile:
 	-rm -f *.tab.c
 
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/xcbc.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/xcbc_plugin.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/mgf1_plugin.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/mgf1_xof.Plo at am__quote@
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
diff --git a/src/libstrongswan/plugins/sha3/sha3_plugin.c b/src/libstrongswan/plugins/mgf1/mgf1_plugin.c
similarity index 60%
copy from src/libstrongswan/plugins/sha3/sha3_plugin.c
copy to src/libstrongswan/plugins/mgf1/mgf1_plugin.c
index 28068f3..8df3ac2 100644
--- a/src/libstrongswan/plugins/sha3/sha3_plugin.c
+++ b/src/libstrongswan/plugins/mgf1/mgf1_plugin.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2015 Andreas Steffen
+ * Copyright (C) 2016 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -13,46 +13,48 @@
  * for more details.
  */
 
-#include "sha3_plugin.h"
+#include "mgf1_plugin.h"
+#include "mgf1_xof.h"
 
 #include <library.h>
-#include "sha3_hasher.h"
 
-typedef struct private_sha3_plugin_t private_sha3_plugin_t;
+typedef struct private_mgf1_plugin_t private_mgf1_plugin_t;
 
 /**
- * private data of sha3_plugin
+ * private data of mgf1_plugin
  */
-struct private_sha3_plugin_t {
+struct private_mgf1_plugin_t {
 
 	/**
 	 * public functions
 	 */
-	sha3_plugin_t public;
+	mgf1_plugin_t public;
 };
 
 METHOD(plugin_t, get_name, char*,
-	private_sha3_plugin_t *this)
+	private_mgf1_plugin_t *this)
 {
-	return "sha3";
+	return "mgf1";
 }
 
 METHOD(plugin_t, get_features, int,
-	private_sha3_plugin_t *this, plugin_feature_t *features[])
+	private_mgf1_plugin_t *this, plugin_feature_t *features[])
 {
 	static plugin_feature_t f[] = {
-		PLUGIN_REGISTER(HASHER, sha3_hasher_create),
-			PLUGIN_PROVIDE(HASHER, HASH_SHA3_224),
-			PLUGIN_PROVIDE(HASHER, HASH_SHA3_256),
-			PLUGIN_PROVIDE(HASHER, HASH_SHA3_384),
-			PLUGIN_PROVIDE(HASHER, HASH_SHA3_512),
+		PLUGIN_REGISTER(XOF, mgf1_xof_create),
+			PLUGIN_PROVIDE(XOF, XOF_MGF1_SHA1),
+				PLUGIN_DEPENDS(HASHER, HASH_SHA1),
+			PLUGIN_PROVIDE(XOF, XOF_MGF1_SHA256),
+				PLUGIN_DEPENDS(HASHER, HASH_SHA256),
+			PLUGIN_PROVIDE(XOF, XOF_MGF1_SHA512),
+				PLUGIN_DEPENDS(HASHER, HASH_SHA512),
 	};
 	*features = f;
 	return countof(f);
 }
 
 METHOD(plugin_t, destroy, void,
-	private_sha3_plugin_t *this)
+	private_mgf1_plugin_t *this)
 {
 	free(this);
 }
@@ -60,9 +62,9 @@ METHOD(plugin_t, destroy, void,
 /*
  * see header file
  */
-plugin_t *sha3_plugin_create()
+plugin_t *mgf1_plugin_create()
 {
-	private_sha3_plugin_t *this;
+	private_mgf1_plugin_t *this;
 
 	INIT(this,
 		.public = {
diff --git a/src/libcharon/plugins/maemo/maemo_plugin.h b/src/libstrongswan/plugins/mgf1/mgf1_plugin.h
similarity index 62%
rename from src/libcharon/plugins/maemo/maemo_plugin.h
rename to src/libstrongswan/plugins/mgf1/mgf1_plugin.h
index 23d139b..50105ca 100644
--- a/src/libcharon/plugins/maemo/maemo_plugin.h
+++ b/src/libstrongswan/plugins/mgf1/mgf1_plugin.h
@@ -1,6 +1,6 @@
 /*
- * Copyright (C) 2010 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -14,24 +14,24 @@
  */
 
 /**
- * @defgroup maemo maemo
- * @ingroup cplugins
+ * @defgroup mgf1_p mgf1
+ * @ingroup plugins
  *
- * @defgroup maemo_plugin maemo_plugin
- * @{ @ingroup maemo
+ * @defgroup mgf1_plugin mgf1_plugin
+ * @{ @ingroup mgf1_p
  */
 
-#ifndef MAEMO_PLUGIN_H_
-#define MAEMO_PLUGIN_H_
+#ifndef MGF1_PLUGIN_H_
+#define MGF1_PLUGIN_H_
 
 #include <plugins/plugin.h>
 
-typedef struct maemo_plugin_t maemo_plugin_t;
+typedef struct mgf1_plugin_t mgf1_plugin_t;
 
 /**
- * Maemo integration plugin.
+ * Plugin implementing the MGF1 Mask Generator Function in software.
  */
-struct maemo_plugin_t {
+struct mgf1_plugin_t {
 
 	/**
 	 * implements plugin interface
@@ -39,4 +39,4 @@ struct maemo_plugin_t {
 	plugin_t plugin;
 };
 
-#endif /** MAEMO_PLUGIN_H_ @}*/
+#endif /** MGF1_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/mgf1/mgf1_xof.c b/src/libstrongswan/plugins/mgf1/mgf1_xof.c
new file mode 100644
index 0000000..0f5fda9
--- /dev/null
+++ b/src/libstrongswan/plugins/mgf1/mgf1_xof.c
@@ -0,0 +1,285 @@
+/*
+ * Copyright (C) 2013-2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "mgf1_xof.h"
+
+#include "crypto/hashers/hasher.h"
+#include "utils/debug.h"
+
+typedef struct private_mgf1_xof_t private_mgf1_xof_t;
+
+/**
+ * Private data of an mgf1_xof_t object.
+ */
+struct private_mgf1_xof_t {
+
+	/**
+	 * Public mgf1_xof_t interface.
+	 */
+	mgf1_xof_t public;
+
+	/**
+	 * XOF type of the MGF1 Mask Generation Function
+	 */
+	ext_out_function_t type;
+
+	/**
+	 * Hasher the MGF1 Mask Generation Function is based on
+	 */
+	hasher_t *hasher;
+
+	/**
+	 * Is the seed hashed before using it as a seed for MGF1 ?
+	 */
+	bool hash_seed;
+
+	/**
+	 * Counter
+	 */
+	uint32_t counter;
+
+	/**
+	 * Set if counter has reached 2^32
+	 */
+	bool overflow;
+
+	/**
+	 * Current state to be hashed
+	 */
+	chunk_t state;
+
+	/**
+	 * Position of the 4 octet counter string
+	 */
+	uint8_t *ctr_str;
+
+	/**
+	 * Latest hash block
+	 */
+	uint8_t buf[HASH_SIZE_SHA512];
+
+	/**
+	 * Index pointing to the current position in the hash block
+	 */
+	size_t buf_index;
+
+};
+
+METHOD(xof_t, get_type, ext_out_function_t,
+	private_mgf1_xof_t *this)
+{
+	return this->type;
+}
+
+static bool get_next_block(private_mgf1_xof_t *this, uint8_t *buffer)
+{
+	/* detect overflow, set counter string and increment counter */
+	if (this->overflow)
+	{
+		DBG1(DBG_LIB, "MGF1 overflow occurred");
+		return FALSE;
+	}
+	htoun32(this->ctr_str, this->counter++);
+	if (this->counter == 0)
+	{
+		this->overflow = TRUE;
+	}
+
+	/* get the next block from the hash function */
+	if (!this->hasher->get_hash(this->hasher, this->state, buffer))
+	{
+		return FALSE;
+	}
+
+	return TRUE;
+}
+
+METHOD(xof_t, get_bytes, bool,
+	private_mgf1_xof_t *this, size_t out_len, uint8_t *buffer)
+{
+	size_t index = 0, blocks, len, hash_size;
+
+	hash_size = this->hasher->get_hash_size(this->hasher);
+
+	/* empty the current hash block buffer first */
+	len = min(out_len, hash_size - this->buf_index);
+	if (len)
+	{
+		memcpy(buffer, this->buf + this->buf_index, len);
+		index += len;
+		this->buf_index += len;
+	}
+
+	/* copy whole hash blocks directly to output buffer */
+	blocks = (out_len - index) / hash_size;
+	while (blocks--)
+	{
+		if (!get_next_block(this, buffer + index))
+		{
+			return FALSE;
+		}
+		index += hash_size;
+	}
+
+	/* get another hash block if some more output bytes are needed */
+	len = out_len - index;
+	if (len)
+	{
+		if (!get_next_block(this, this->buf))
+		{
+			return FALSE;
+		}
+		memcpy(buffer + index, this->buf, len);
+		this->buf_index = len;
+	}
+
+	return TRUE;
+}
+
+METHOD(xof_t, allocate_bytes, bool,
+	private_mgf1_xof_t *this, size_t out_len, chunk_t *chunk)
+{
+	*chunk = chunk_alloc(out_len);
+
+	if (!get_bytes(this, out_len, chunk->ptr))
+	{
+		chunk_free(chunk);
+		return FALSE;
+	}
+
+	return TRUE;
+}
+
+METHOD(xof_t, get_block_size, size_t,
+	private_mgf1_xof_t *this)
+{
+	return this->hasher->get_hash_size(this->hasher);
+}
+
+METHOD(xof_t, get_seed_size, size_t,
+	private_mgf1_xof_t *this)
+{
+	return this->hasher->get_hash_size(this->hasher);
+}
+
+METHOD(xof_t, set_seed, bool,
+	private_mgf1_xof_t *this, chunk_t seed)
+{
+	size_t hash_size, state_len;
+
+	if (seed.len == 0)
+	{
+		DBG1(DBG_LIB, "empty seed for MGF1");
+		return FALSE;
+	}
+
+	/* determine state size and allocate space accordingly */
+	hash_size = this->hasher->get_hash_size(this->hasher);
+	state_len = (this->hash_seed ? hash_size : seed.len) + 4;
+	chunk_clear(&this->state);
+	this->state = chunk_alloc(state_len);
+
+	/* hash block buffer is empty */
+	this->buf_index = hash_size;
+
+	/* reset counter */
+	this->counter = 0;
+
+	/* determine position of the 4 octet counter string */
+	this->ctr_str = this->state.ptr + state_len - 4;
+
+	if (this->hash_seed)
+	{
+		if (!this->hasher->get_hash(this->hasher, seed, this->state.ptr))
+		{
+			DBG1(DBG_LIB, "failed to hash seed for MGF1");
+			return FALSE;
+		}
+	}
+	else
+	{
+		memcpy(this->state.ptr, seed.ptr, seed.len);
+	}
+
+	return TRUE;
+}
+
+METHOD(xof_t, destroy, void,
+	private_mgf1_xof_t *this)
+{
+	this->hasher->destroy(this->hasher);
+	chunk_clear(&this->state);
+	free(this);
+}
+
+METHOD(mgf1_t, set_hash_seed, void,
+	private_mgf1_xof_t *this, bool yes)
+{
+	this->hash_seed = yes;
+}
+
+/*
+ * Described in header.
+ */
+mgf1_xof_t *mgf1_xof_create(ext_out_function_t algorithm)
+{
+	private_mgf1_xof_t *this;
+	hash_algorithm_t hash_alg;
+	hasher_t *hasher;
+
+	switch (algorithm)
+	{
+		case XOF_MGF1_SHA1:
+			hash_alg = HASH_SHA1;
+			break;
+		case XOF_MGF1_SHA256:
+			hash_alg = HASH_SHA256;
+			break;
+		case XOF_MGF1_SHA512:
+			hash_alg = HASH_SHA512;
+			break;
+		default:
+			return NULL;
+	}
+
+	hasher = lib->crypto->create_hasher(lib->crypto, hash_alg);
+	if (!hasher)
+	{
+		DBG1(DBG_LIB, "failed to create %N hasher for MGF1",
+			 hash_algorithm_names, hash_alg);
+		return NULL;
+	}
+	
+	INIT(this,
+		.public = {
+			.mgf1_interface = {
+				.xof_interface = {
+					.get_type = _get_type,
+					.get_bytes = _get_bytes,
+					.allocate_bytes = _allocate_bytes,
+					.get_block_size = _get_block_size,
+					.get_seed_size = _get_seed_size,
+					.set_seed = _set_seed,
+					.destroy = _destroy,
+				},
+				.set_hash_seed = _set_hash_seed,
+			},
+		},
+		.type = algorithm,
+		.hasher = hasher,
+	);
+
+	return &this->public;
+}
diff --git a/src/libstrongswan/plugins/mgf1/mgf1_xof.h b/src/libstrongswan/plugins/mgf1/mgf1_xof.h
new file mode 100644
index 0000000..9d60a80
--- /dev/null
+++ b/src/libstrongswan/plugins/mgf1/mgf1_xof.h
@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup mgf1_xof mgf1_xof
+ * @{ @ingroup crypto
+ */
+
+#ifndef MGF1_XOF_H_
+#define MGF1_XOF_H_
+
+typedef struct mgf1_xof_t mgf1_xof_t;
+
+#include <crypto/xofs/mgf1.h>
+
+/**
+ * Implements the PKCS#1 MGF1_XOF Mask Generation Function based on a hash
+ * function defined in section 10.2.1 of RFC 2437
+ */
+struct mgf1_xof_t {
+
+	/**
+	 * mgf1_t interface for this Extended Output Function (XOF).
+	 */
+	mgf1_t mgf1_interface;
+};
+
+/**
+ * Create an mgf1_xof_t object
+ *
+ * @param algorithm		XOF_MGF1_SHA1, XOF_MGF1_SHA256 or XOF_MGF1_SHA512
+ * @return				mgf1_xof_t object, NULL if not supported
+ */
+mgf1_xof_t *mgf1_xof_create(ext_out_function_t algorithm);
+
+#endif /** MGF1_XOF_H_ @}*/
+
diff --git a/src/libstrongswan/plugins/mysql/Makefile.in b/src/libstrongswan/plugins/mysql/Makefile.in
index 821dbc1..57dab35 100644
--- a/src/libstrongswan/plugins/mysql/Makefile.in
+++ b/src/libstrongswan/plugins/mysql/Makefile.in
@@ -352,7 +352,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -386,8 +385,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -441,6 +438,8 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
diff --git a/src/libstrongswan/plugins/newhope/Makefile.am b/src/libstrongswan/plugins/newhope/Makefile.am
new file mode 100644
index 0000000..b01987d
--- /dev/null
+++ b/src/libstrongswan/plugins/newhope/Makefile.am
@@ -0,0 +1,33 @@
+AM_CPPFLAGS = \
+	-I$(top_srcdir)/src/libstrongswan \
+	-I$(top_srcdir)/src/libstrongswan/math/libnttfft
+
+AM_CFLAGS = \
+	$(PLUGIN_CFLAGS) \
+	@COVERAGE_CFLAGS@
+
+# these files are also used by the tests, we can't directly refer to them
+# because of the subdirectory, which would cause distclean to fail
+noinst_LTLIBRARIES = libnewhope.la
+libnewhope_la_SOURCES = \
+	newhope_ke.h newhope_ke.c \
+	newhope_noise.h newhope_noise.c \
+	newhope_reconciliation.h newhope_reconciliation.c
+
+libnewhope_la_LIBADD = \
+	$(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la
+
+if MONOLITHIC
+noinst_LTLIBRARIES += libstrongswan-newhope.la
+else
+plugin_LTLIBRARIES = libstrongswan-newhope.la
+endif
+
+libstrongswan_newhope_la_SOURCES = \
+	newhope_plugin.h newhope_plugin.c
+
+libstrongswan_newhope_la_LDFLAGS = -module -avoid-version
+
+libstrongswan_newhope_la_LIBADD = libnewhope.la
+
+
diff --git a/src/libstrongswan/plugins/unbound/Makefile.in b/src/libstrongswan/plugins/newhope/Makefile.in
similarity index 90%
copy from src/libstrongswan/plugins/unbound/Makefile.in
copy to src/libstrongswan/plugins/newhope/Makefile.in
index ea27fd3..be31fb2 100644
--- a/src/libstrongswan/plugins/unbound/Makefile.in
+++ b/src/libstrongswan/plugins/newhope/Makefile.in
@@ -88,7 +88,8 @@ PRE_UNINSTALL = :
 POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
-subdir = src/libstrongswan/plugins/unbound
+ at MONOLITHIC_TRUE@am__append_1 = libstrongswan-newhope.la
+subdir = src/libstrongswan/plugins/newhope
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
 	$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -136,22 +137,26 @@ am__uninstall_files_from_dir = { \
   }
 am__installdirs = "$(DESTDIR)$(plugindir)"
 LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
-libstrongswan_unbound_la_DEPENDENCIES =
-am_libstrongswan_unbound_la_OBJECTS = unbound_plugin.lo \
-	unbound_resolver.lo unbound_rr.lo unbound_response.lo
-libstrongswan_unbound_la_OBJECTS =  \
-	$(am_libstrongswan_unbound_la_OBJECTS)
+libnewhope_la_DEPENDENCIES =  \
+	$(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la
+am_libnewhope_la_OBJECTS = newhope_ke.lo newhope_noise.lo \
+	newhope_reconciliation.lo
+libnewhope_la_OBJECTS = $(am_libnewhope_la_OBJECTS)
 AM_V_lt = $(am__v_lt_ at AM_V@)
 am__v_lt_ = $(am__v_lt_ at AM_DEFAULT_V@)
 am__v_lt_0 = --silent
 am__v_lt_1 = 
-libstrongswan_unbound_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
+libstrongswan_newhope_la_DEPENDENCIES = libnewhope.la
+am_libstrongswan_newhope_la_OBJECTS = newhope_plugin.lo
+libstrongswan_newhope_la_OBJECTS =  \
+	$(am_libstrongswan_newhope_la_OBJECTS)
+libstrongswan_newhope_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
 	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
-	$(AM_CFLAGS) $(CFLAGS) $(libstrongswan_unbound_la_LDFLAGS) \
+	$(AM_CFLAGS) $(CFLAGS) $(libstrongswan_newhope_la_LDFLAGS) \
 	$(LDFLAGS) -o $@
- at MONOLITHIC_FALSE@am_libstrongswan_unbound_la_rpath = -rpath \
+ at MONOLITHIC_FALSE@am_libstrongswan_newhope_la_rpath = -rpath \
 @MONOLITHIC_FALSE@	$(plugindir)
- at MONOLITHIC_TRUE@am_libstrongswan_unbound_la_rpath =
+ at MONOLITHIC_TRUE@am_libstrongswan_newhope_la_rpath =
 AM_V_P = $(am__v_P_ at AM_V@)
 am__v_P_ = $(am__v_P_ at AM_DEFAULT_V@)
 am__v_P_0 = false
@@ -186,8 +191,9 @@ AM_V_CCLD = $(am__v_CCLD_ at AM_V@)
 am__v_CCLD_ = $(am__v_CCLD_ at AM_DEFAULT_V@)
 am__v_CCLD_0 = @echo "  CCLD    " $@;
 am__v_CCLD_1 = 
-SOURCES = $(libstrongswan_unbound_la_SOURCES)
-DIST_SOURCES = $(libstrongswan_unbound_la_SOURCES)
+SOURCES = $(libnewhope_la_SOURCES) $(libstrongswan_newhope_la_SOURCES)
+DIST_SOURCES = $(libnewhope_la_SOURCES) \
+	$(libstrongswan_newhope_la_SOURCES)
 am__can_run_installinfo = \
   case $$AM_UPDATE_INFO_DIR in \
     n|no|NO) false;; \
@@ -353,7 +359,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -387,8 +392,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -442,26 +445,37 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
 AM_CPPFLAGS = \
 	-I$(top_srcdir)/src/libstrongswan \
-	-DIPSEC_CONFDIR=\"${sysconfdir}\"
+	-I$(top_srcdir)/src/libstrongswan/math/libnttfft
 
 AM_CFLAGS = \
-	$(PLUGIN_CFLAGS)
-
- at MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-unbound.la
- at MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-unbound.la
-libstrongswan_unbound_la_SOURCES = \
-	unbound_plugin.h unbound_plugin.c \
-	unbound_resolver.c unbound_resolver.h \
-	unbound_rr.h unbound_rr.c \
-	unbound_response.h unbound_response.c
-
-libstrongswan_unbound_la_LDFLAGS = -module -avoid-version
-libstrongswan_unbound_la_LIBADD = -lunbound -lldns
+	$(PLUGIN_CFLAGS) \
+	@COVERAGE_CFLAGS@
+
+
+# these files are also used by the tests, we can't directly refer to them
+# because of the subdirectory, which would cause distclean to fail
+noinst_LTLIBRARIES = libnewhope.la $(am__append_1)
+libnewhope_la_SOURCES = \
+	newhope_ke.h newhope_ke.c \
+	newhope_noise.h newhope_noise.c \
+	newhope_reconciliation.h newhope_reconciliation.c
+
+libnewhope_la_LIBADD = \
+	$(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la
+
+ at MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-newhope.la
+libstrongswan_newhope_la_SOURCES = \
+	newhope_plugin.h newhope_plugin.c
+
+libstrongswan_newhope_la_LDFLAGS = -module -avoid-version
+libstrongswan_newhope_la_LIBADD = libnewhope.la
 all: all-am
 
 .SUFFIXES:
@@ -475,9 +489,9 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	      exit 1;; \
 	  esac; \
 	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/unbound/Makefile'; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/newhope/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
-	  $(AUTOMAKE) --gnu src/libstrongswan/plugins/unbound/Makefile
+	  $(AUTOMAKE) --gnu src/libstrongswan/plugins/newhope/Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
@@ -542,8 +556,11 @@ clean-pluginLTLIBRARIES:
 	  rm -f $${locs}; \
 	}
 
-libstrongswan-unbound.la: $(libstrongswan_unbound_la_OBJECTS) $(libstrongswan_unbound_la_DEPENDENCIES) $(EXTRA_libstrongswan_unbound_la_DEPENDENCIES) 
-	$(AM_V_CCLD)$(libstrongswan_unbound_la_LINK) $(am_libstrongswan_unbound_la_rpath) $(libstrongswan_unbound_la_OBJECTS) $(libstrongswan_unbound_la_LIBADD) $(LIBS)
+libnewhope.la: $(libnewhope_la_OBJECTS) $(libnewhope_la_DEPENDENCIES) $(EXTRA_libnewhope_la_DEPENDENCIES) 
+	$(AM_V_CCLD)$(LINK)  $(libnewhope_la_OBJECTS) $(libnewhope_la_LIBADD) $(LIBS)
+
+libstrongswan-newhope.la: $(libstrongswan_newhope_la_OBJECTS) $(libstrongswan_newhope_la_DEPENDENCIES) $(EXTRA_libstrongswan_newhope_la_DEPENDENCIES) 
+	$(AM_V_CCLD)$(libstrongswan_newhope_la_LINK) $(am_libstrongswan_newhope_la_rpath) $(libstrongswan_newhope_la_OBJECTS) $(libstrongswan_newhope_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -551,10 +568,10 @@ mostlyclean-compile:
 distclean-compile:
 	-rm -f *.tab.c
 
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/unbound_plugin.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/unbound_resolver.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/unbound_response.Plo at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/unbound_rr.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/newhope_ke.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/newhope_noise.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/newhope_plugin.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/newhope_reconciliation.Plo at am__quote@
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
diff --git a/src/libstrongswan/plugins/newhope/newhope_ke.c b/src/libstrongswan/plugins/newhope/newhope_ke.c
new file mode 100644
index 0000000..28956d5
--- /dev/null
+++ b/src/libstrongswan/plugins/newhope/newhope_ke.c
@@ -0,0 +1,622 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * Based on public domain code by Erdem Alkim, Léo Ducas, Thomas Pöppelmann,
+ * and Peter Schwabe.
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "newhope_ke.h"
+#include "newhope_noise.h"
+#include "newhope_reconciliation.h"
+
+#include <ntt_fft.h>
+#include <ntt_fft_reduce.h>
+#include <crypto/diffie_hellman.h>
+#include <utils/debug.h>
+
+static const int seed_len =   32;  /* 256 bits */
+static const int poly_len = 1792;  /* size of 1024 packed 14-bit coefficients */
+static const int rec_len =   256;  /* size of 1024 packed  2-bit coefficients */
+
+typedef struct private_newhope_ke_t private_newhope_ke_t;
+
+/**
+ * Private data of an newhope_ke_t object.
+ */
+struct private_newhope_ke_t {
+
+	/**
+	 * Public newhope_ke_t interface.
+	 */
+	newhope_ke_t public;
+
+	/**
+	 * FFT parameter set
+	 */
+	const ntt_fft_params_t *params;
+
+	/**
+	 * Secret noise polynomial s
+	 */
+	uint32_t *s;
+
+	/**
+	 * Output polynomial u = a * NTT(s') + NTT(e')
+	 */
+	uint32_t *u;
+
+	/**
+	 * Error reconciliation help bits
+	 */
+	uint8_t *r;
+
+	/**
+	 * Shared secret
+	 */
+	chunk_t shared_secret;
+
+};
+
+/**
+ * Derive 14-bit coefficients of polynomial a from 256 bit random seed
+ * using the SHAKE128 extended output function
+ */
+static uint32_t* derive_a_poly(private_newhope_ke_t *this, chunk_t seed)
+{
+	uint32_t *a;
+	uint8_t x[2];
+	int i = 0;
+	xof_t *xof;
+
+	xof = lib->crypto->create_xof(lib->crypto, XOF_SHAKE_128);
+	if (!xof)
+	{
+		DBG1(DBG_LIB, "could not instantiate SHAKE128 XOF");
+		return NULL;
+	}
+
+	if (!xof->set_seed(xof, seed))
+	{
+		DBG1(DBG_LIB, "could not set seed of SHAKE128 XOF");
+		xof->destroy(xof);
+		return NULL;
+	}
+
+	/* allocate dynamic memory for polynomial a */
+	a = (uint32_t*)malloc(this->params->n * sizeof(uint32_t));
+
+	while (i < this->params->n)
+	{
+		if (!xof->get_bytes(xof, sizeof(x), x))
+		{
+			DBG1(DBG_LIB, "could not get bytes from SHAKE128 XOF");
+			xof->destroy(xof);
+			free(a);
+			return NULL;
+		}
+
+		/*
+		 * Treat x as a 16 bit unsigned little endian integer
+		 * and truncate to 14 bits
+		 */
+		a[i] = uletoh16(x) & 0x3fff;
+
+		if (a[i] < this->params->q)
+		{
+			i++;
+		}
+	}
+	xof->destroy(xof);
+
+	return a;
+}
+
+/**
+ * Pack four 14-bit coefficients into seven consecutive bytes
+ *
+ *                       1                   2                   3
+ *   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *  |L 0 0 0 0 0 0 0|L 1 H 0 0 0 0 0|M 1 1 1 1 1 1 1|L 2 2 2 H 1 1 1|
+ *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *  |M 2 2 2 2 2 2 2|L 3 3 3 3 3 H 2|H 3 3 3 3 3 3 3|L 0 0 0 0 0 0 0|
+ *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ */
+static void pack_poly(private_newhope_ke_t *this, uint8_t *x, uint32_t *p)
+{
+	int i;
+
+	for (i = 0; i < this->params->n; i += 4)
+	{
+		*x++ = (p[i] & 0xff );
+		*x++ = (p[i]   >>  8) | (p[i+1] << 6);
+		*x++ = (p[i+1] >>  2);
+		*x++ = (p[i+1] >> 10) | (p[i+2] << 4);
+		*x++ = (p[i+2] >>  4);
+		*x++ = (p[i+2] >> 12) | (p[i+3] << 2);
+		*x++ = (p[i+3] >>  6);
+	}
+}
+
+/**
+ * Unpack seven consecutive bytes into four 14-bit coefficients
+ */
+static uint32_t* unpack_poly(private_newhope_ke_t * this, uint8_t *x)
+{
+	uint32_t *p;
+	int i;
+
+	p = (uint32_t*)malloc(this->params->n * sizeof(uint32_t));
+
+	for (i = 0; i < this->params->n; i += 4)
+	{
+		p[i]   =  x[0]       | (((uint32_t)x[1] & 0x3f) <<  8);
+		p[i+1] = (x[1] >> 6) | (((uint32_t)x[2]) <<  2)
+							 | (((uint32_t)x[3] & 0x0f) << 10);
+		p[i+2] = (x[3] >> 4) | (((uint32_t)x[4]) <<  4)
+							 | (((uint32_t)x[5] & 0x03) << 12);
+		p[i+3] = (x[5] >> 2) | (((uint32_t)x[6]) <<  6);
+		x += 7;
+	}
+	for (i = 0; i < this->params->n; i++)
+	{
+		if (p[i] >= this->params->q)
+		{
+			DBG1(DBG_LIB, "polynomial coefficient must be smaller than %u",
+						   this->params->q);
+			free(p);
+			return NULL;
+		}
+	}
+	return p;
+}
+
+/**
+ * Multiply and add polynomials in the frequency domain
+ */
+static uint32_t* multiply_add_poly(private_newhope_ke_t *this,
+								   uint32_t *a, uint32_t *e)
+{
+	ntt_fft_t *fft;
+	uint32_t *b, t;
+	int i;
+
+	/* transform s and h to frequency domain */
+	fft = ntt_fft_create(this->params);
+	fft->transform(fft, this->s, this->s, FALSE);
+	fft->transform(fft, e, e, FALSE);
+	fft->destroy(fft);
+
+	b = (uint32_t*)malloc(this->params->n * sizeof(uint32_t));
+
+	/* compute  b = a * s + e in the frequency domain */
+	for (i = 0; i < this->params->n; i++)
+	{
+		/* convert a[i] to Montgomery domain */
+		t = ntt_fft_mreduce(a[i] * this->params->r2, this->params);
+
+		/* compute b[i] = a[i] * s[i] + e[i] in Montgomery domain */
+		t = ntt_fft_mreduce(t * this->s[i], this->params) + e[i];
+
+ 		/* exit Montgomery domain before transmitting polynomial b */
+		b[i] = ntt_fft_mreduce(t, this->params);
+	}
+	memwipe(e, this->params->n * sizeof(uint32_t));
+
+	return b;
+}
+
+/**
+ * Multiply polynomials in the frequency domain and return to time domain
+ */
+static uint32_t* multiply_ntt_inv_poly(private_newhope_ke_t *this, uint32_t *b)
+{
+	ntt_fft_t *fft;
+	uint32_t *v, t;
+	int i;
+
+	v = (uint32_t*)malloc(this->params->n * sizeof(uint32_t));
+
+	for (i = 0; i < this->params->n; i++)
+	{
+		/* convert b[i] to Montgomery domain */
+		t = ntt_fft_mreduce(b[i] * this->params->r2, this->params);
+
+		/* compute v[i] = b[i] * s[i] in Montgomery domain */
+		v[i] = ntt_fft_mreduce(t * this->s[i], this->params);
+	}
+
+	/* transform v back to time domain */
+	fft = ntt_fft_create(this->params);
+	fft->transform(fft, v, v, TRUE);
+	fft->destroy(fft);
+
+	return v;
+}
+
+/**
+ * Pack four 2-bit coefficents into one byte
+ */
+static void pack_rec(private_newhope_ke_t *this, uint8_t *x, uint8_t *r)
+{
+	int i;
+
+	for (i = 0; i < this->params->n; i += 4)
+	{
+		*x++ = r[i] | r[i+1] << 2 | r[i+2] << 4 | r[i+3] << 6;
+	}
+}
+
+static uint8_t* unpack_rec(private_newhope_ke_t *this, uint8_t *x)
+{
+	uint8_t *r;
+	int i;
+
+	r = (uint8_t*)malloc(this->params->n);
+
+	for (i = 0; i < this->params->n; i += 4)
+	{
+		r[i]   = (*x)      & 0x03;
+		r[i+1] = (*x >> 2) & 0x03;
+		r[i+2] = (*x >> 4) & 0x03;
+		r[i+3] = (*x >> 6) & 0x03;
+		x++;
+	}
+
+	return r;
+}
+
+METHOD(diffie_hellman_t, get_my_public_value, bool,
+	private_newhope_ke_t *this, chunk_t *value)
+{
+	uint16_t n, q;
+	int i;
+
+	/* Define some often-used constants */
+	n = this->params->n;
+	q = this->params->q;
+
+	/* are we the initiator? */
+	if (this->u == NULL)
+	{
+		rng_t *rng;
+		uint32_t *a = NULL, *b = NULL, *e = NULL;
+		uint8_t noise_seed_buf[seed_len];
+		chunk_t noise_seed = { noise_seed_buf, seed_len};
+		chunk_t a_seed;
+		newhope_noise_t *noise = NULL;
+		bool success = FALSE;
+
+		/* allocate space for public output value */
+		*value = chunk_alloc(poly_len + seed_len);
+		a_seed = chunk_create(value->ptr + poly_len, seed_len);
+
+		/* create polynomial a from 256 bit random seed */
+		rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
+		if (!rng)
+		{
+			DBG1(DBG_LIB, "could not instatiate random source");
+			return FALSE;
+		}
+		if (!rng->get_bytes(rng, seed_len, a_seed.ptr))
+		{
+			DBG1(DBG_LIB, "could not generate seed for polynomial a");
+			goto end;
+		}
+
+		a = derive_a_poly(this, a_seed);
+		if (a == NULL)
+		{
+			goto end;
+		}
+
+		/* generate random seed for the derivation of noise polynomials */
+		if (!rng->get_bytes(rng, seed_len, noise_seed.ptr))
+		{
+			DBG1(DBG_LIB, "could not generate seed for noise polynomials");
+			goto end;
+		}
+
+		/* create noise polynomial generator */
+		noise = newhope_noise_create(noise_seed);
+		if (!noise)
+		{
+			goto end;
+		}
+
+		/* create noise polynomial s from seed with nonce = 0x00 */
+		this->s = noise->get_binomial_words(noise, 0x00, n, q);
+		if (this->s == NULL)
+		{
+			goto end;
+		}
+
+		/* create noise polynomial e from seed with nonce = 0x01 */
+		e = noise->get_binomial_words(noise, 0x01, n, q);
+		if (e == NULL)
+		{
+			goto end;
+		}
+
+		/* compute b = a * NTT(s) + NTT(e) */
+		b = multiply_add_poly(this, a, e);
+
+		DBG3(DBG_LIB, "   i  a[i]  b[i]");
+		for (i = 0; i < n; i++)
+		{
+			DBG3(DBG_LIB, "%4d %5u %5u", i, a[i], b[i]);
+		}
+
+		/* pack coefficients of polynomial b */
+		pack_poly(this, value->ptr, b);
+		success = TRUE;
+
+	end:
+		rng->destroy(rng);
+		DESTROY_IF(noise);
+		free(a);
+		free(b);
+		free(e);
+
+		if (!success)
+		{
+		chunk_free(value);
+		}
+		return success;
+	}
+	else
+	{
+		DBG3(DBG_LIB, "   i  u[i]  r[i]");
+		for (i = 0; i < n; i++)
+		{
+			DBG3(DBG_LIB, "%4d %5u %5u", i, this->u[i], this->r[i]);
+		}
+
+		/* allocate space for public output value */
+		*value = chunk_alloc(poly_len + rec_len);
+
+		/* pack coefficients of polynomial u */
+		pack_poly(this, value->ptr, this->u);
+
+		/* pack coefficients of polynomial r */
+		pack_rec(this, value->ptr + poly_len, this->r);
+
+		return TRUE;
+	}
+}
+
+METHOD(diffie_hellman_t, get_shared_secret, bool,
+	private_newhope_ke_t *this, chunk_t *secret)
+{
+	if (this->shared_secret.len == 0)
+	{
+		*secret = chunk_empty;
+		return FALSE;
+	}
+	*secret = chunk_clone(this->shared_secret);
+
+	return TRUE;
+}
+
+METHOD(diffie_hellman_t, set_other_public_value, bool,
+	private_newhope_ke_t *this, chunk_t value)
+{
+	newhope_reconciliation_t * rec;
+	uint16_t n, q;
+	int i;
+
+	/* Define some often-used constants */
+	n = this->params->n;
+	q = this->params->q;
+
+	/* are we the responder? */
+	if (this->s == NULL)
+	{
+		uint32_t *a = NULL, *b = NULL, *e1 = NULL, *e2 = NULL, *v = NULL, t;
+		uint8_t *rbits = NULL;
+		uint8_t noise_seed_buf[seed_len];
+		chunk_t noise_seed = { noise_seed_buf, seed_len };
+		chunk_t a_seed;
+		newhope_noise_t *noise = NULL;
+		rng_t *rng = NULL;
+		bool success = FALSE;
+
+		if (value.len != poly_len + seed_len)
+		{
+			DBG1(DBG_LIB, "received %N KE payload of incorrect size",
+						   diffie_hellman_group_names, NH_128_BIT);
+			return FALSE;
+		}
+		a_seed = chunk_create(value.ptr + poly_len, seed_len);
+
+		a = derive_a_poly(this, a_seed);
+		if (a == NULL)
+		{
+			return FALSE;
+		}
+
+		b = unpack_poly(this, value.ptr);
+		if (b == NULL)
+		{
+			goto end;
+		}
+
+		/* debug output of polynomials a and b */
+		DBG3(DBG_LIB, "   i  a[i]  b[i]");
+		for (i = 0; i < n; i++)
+		{
+			DBG3(DBG_LIB, "%4d %5u %5u", i, a[i], b[i]);
+		}
+
+		/* generate random seed for the derivation of noise polynomials */
+		rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
+		if (!rng)
+		{
+			DBG1(DBG_LIB, "could not instatiate random source");
+			goto end;
+		}
+		if (!rng->get_bytes(rng, seed_len, noise_seed.ptr))
+		{
+			DBG1(DBG_LIB, "could not generate seed for noise polynomials");
+			goto end;
+		}
+
+		/* create noise polynomial generator */
+		noise = newhope_noise_create(noise_seed);
+		if (!noise)
+		{
+			goto end;
+		}
+
+		/* create noise polynomial s' from seed with nonce = 0x00 */
+		this->s = noise->get_binomial_words(noise, 0x00, n, q);
+		if (this->s == NULL)
+		{
+			goto end;
+		}
+
+		/* create noise polynomial e' from seed with nonce = 0x01 */
+		e1 = noise->get_binomial_words(noise, 0x01, n, q);
+		if (e1 == NULL)
+		{
+			goto end;
+		}
+
+		/* create noise polynomial e'' from seed with nonce = 0x02 */
+		e2 = noise->get_binomial_words(noise, 0x02, n, q);
+		if (e2 == NULL)
+		{
+			goto end;
+		}
+
+		/* compute u = a * NTT(s') + NTT(e') */
+		this->u = multiply_add_poly(this, a, e1);
+
+		/* compute v = NTT_inv( b * NTT(s') ) */
+		v = multiply_ntt_inv_poly(this, b);
+
+		/* compute v = v + e'' */
+		for (i = 0; i < n; i++)
+		{
+			t = v[i] + e2[i];
+			v[i] = (t < q) ? t : t - q;
+		}
+		memwipe(e2, n * sizeof(uint32_t));
+
+		/* create uniform noise bytes from seed with nonce = 0x02 */
+		rbits = noise->get_uniform_bytes(noise, 0x03, n/(4*8));
+
+		rec = newhope_reconciliation_create(n, q);
+		this->r = rec->help_reconcile(rec, v, rbits);
+		free(rbits);
+		this->shared_secret = rec->reconcile(rec, v, this->r);
+		rec->destroy(rec);
+
+		DBG4(DBG_LIB, "key: %B", &this->shared_secret);
+		success = TRUE;
+
+	end:
+		DESTROY_IF(rng);
+		DESTROY_IF(noise);
+		free(a);
+		free(b);
+		free(e1);
+		free(e2);
+		free(v);
+
+		return success;
+	}
+	else
+	{
+		uint32_t *v;
+
+		if (value.len != poly_len + rec_len)
+		{
+			DBG1(DBG_LIB, "received %N KE payload of incorrect size",
+						   diffie_hellman_group_names, NH_128_BIT);
+			return FALSE;
+		}
+
+		this->u = unpack_poly(this, value.ptr);
+		if (this->u == NULL)
+		{
+			return FALSE;
+		}
+
+		this->r = unpack_rec(this, value.ptr + poly_len);
+		if (this->r == NULL)
+		{
+			return FALSE;
+		}
+
+		DBG3(DBG_LIB, "   i  u[i]  r[i]");
+		for (i = 0; i < n; i++)
+		{
+			DBG3(DBG_LIB, "%4d %5u %5u", i, this->u[i], this->r[i]);
+		}
+
+		/* compute v' = NTT_inv( u * NTT(s) ) */
+		v = multiply_ntt_inv_poly(this, this->u);
+
+		rec = newhope_reconciliation_create(n, q);
+		this->shared_secret = rec->reconcile(rec, v, this->r);
+		free(v);
+		rec->destroy(rec);
+
+		DBG4(DBG_LIB, "key: %B", &this->shared_secret);
+
+		return TRUE;
+	}
+}
+
+METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t,
+	private_newhope_ke_t *this)
+{
+	return NH_128_BIT;
+}
+
+METHOD(diffie_hellman_t, destroy, void,
+	private_newhope_ke_t *this)
+{
+	chunk_clear(&this->shared_secret);
+	memwipe(this->s, this->params->n * sizeof(uint32_t));
+	free(this->s);
+	free(this->u);
+	free(this->r);
+	free(this);
+}
+
+/*
+ * Described in header.
+ */
+newhope_ke_t *newhope_ke_create(diffie_hellman_group_t group, chunk_t g, chunk_t p)
+{
+	private_newhope_ke_t *this;
+
+	INIT(this,
+		.public = {
+			.dh = {
+				.get_shared_secret = _get_shared_secret,
+				.set_other_public_value = _set_other_public_value,
+				.get_my_public_value = _get_my_public_value,
+				.get_dh_group = _get_dh_group,
+				.destroy = _destroy,
+			},
+		},
+		.params = &ntt_fft_12289_1024,
+
+	);
+
+	return &this->public;
+}
diff --git a/src/libstrongswan/plugins/newhope/newhope_ke.h b/src/libstrongswan/plugins/newhope/newhope_ke.h
new file mode 100644
index 0000000..677d04f
--- /dev/null
+++ b/src/libstrongswan/plugins/newhope/newhope_ke.h
@@ -0,0 +1,50 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup newhope_ke newhope_ke
+ * @{ @ingroup newhope_p
+ */
+
+#ifndef NEWHOPE_KE_H_
+#define NEWHOPE_KE_H_
+
+typedef struct newhope_ke_t newhope_ke_t;
+
+#include <library.h>
+
+/**
+ * Implementation of a key exchange algorithm using the New Hope algorithm
+ */
+struct newhope_ke_t {
+
+	/**
+	 * Implements diffie_hellman_t interface.
+	 */
+	diffie_hellman_t dh;
+};
+
+/**
+ * Creates a new newhope_ke_t object.
+ *
+ * @param group			New Hope DH group number
+ * @param g				not used
+ * @param p				not used
+ * @return				newhope_ke_t object, NULL if not supported
+ */
+newhope_ke_t *newhope_ke_create(diffie_hellman_group_t group, chunk_t g, chunk_t p);
+
+#endif /** NEWHOPE_KE_H_ @}*/
+
diff --git a/src/libstrongswan/plugins/newhope/newhope_noise.c b/src/libstrongswan/plugins/newhope/newhope_noise.c
new file mode 100644
index 0000000..5ba9f94
--- /dev/null
+++ b/src/libstrongswan/plugins/newhope/newhope_noise.c
@@ -0,0 +1,160 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * Based on public domain code by Erdem Alkim, Léo Ducas, Thomas Pöppelmann,
+ * and Peter Schwabe.
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "newhope_noise.h"
+
+typedef struct private_newhope_noise_t private_newhope_noise_t;
+
+static const int seed_len =   32;  /* 256 bits */
+static const int nonce_len =  12;  /*  96 bits */
+
+/**
+ * Private data of an newhope_noise_t object.
+ */
+struct private_newhope_noise_t {
+
+	/**
+	 * Public newhope_noise_t interface.
+	 */
+	newhope_noise_t public;
+
+	/**
+	 * 256 bit seed and 96 bit nonce (44 bytes)
+	 */
+	chunk_t seed;
+
+	/**
+	 * ChaCha20 stream
+	 */
+	xof_t *xof;
+
+};
+
+METHOD(newhope_noise_t, get_uniform_bytes, uint8_t*,
+	private_newhope_noise_t *this, uint8_t nonce, uint16_t n)
+{
+	uint8_t *bytes;
+
+	this->seed.ptr[seed_len] = nonce;
+	if (!this->xof->set_seed(this->xof, this->seed))
+	{
+		DBG1(DBG_LIB, "could not set seed of CHACHA20 XOF");
+		return NULL;
+	}
+
+	/* allocate dynamic memory for the noise polynomial */
+	bytes = (uint8_t*)malloc(n);
+
+	if (!this->xof->get_bytes(this->xof, n, bytes))
+	{
+		DBG1(DBG_LIB, "could not get bytes from SHAKE128 XOF");
+		free(bytes);
+		return NULL;
+	}
+
+	return bytes;
+}
+
+METHOD(newhope_noise_t, get_binomial_words, uint32_t*,
+	private_newhope_noise_t *this, uint8_t nonce, uint16_t n, uint16_t q)
+{
+	uint32_t *np, a, b, d, t;
+	uint8_t x[4];
+	int i = 0, j;
+
+	this->seed.ptr[seed_len] = nonce;
+	if (!this->xof->set_seed(this->xof, this->seed))
+	{
+		DBG1(DBG_LIB, "could not set seed of CHACHA20 XOF");
+		return NULL;
+	}
+
+	/* allocate dynamic memory for the noise polynomial */
+	np = (uint32_t*)malloc(n * sizeof(uint32_t));
+
+	for (i = 0; i < n; i++)
+	{
+		if (!this->xof->get_bytes(this->xof, sizeof(x), x))
+		{
+			DBG1(DBG_LIB, "could not get bytes from SHAKE128 XOF");
+			free(np);
+			return NULL;
+		}
+
+		/* Treat x as a 32 bit unsigned little endian integer */
+		t = uletoh32(x);
+
+		/* Compute Psi_16 distribution */
+		d = 0;
+		for (j = 0; j < 8; j++)
+		{
+			d += (t >> j) & 0x01010101;
+		}
+		a = ((d >>  8) & 0xff) + (d & 0xff);
+		b = ((d >> 16) & 0xff) + (d >> 24);
+		np[i] = (a >= b) ? a - b : a + q - b;
+	}
+
+	return np;
+}
+
+METHOD(newhope_noise_t, destroy, void,
+	private_newhope_noise_t *this)
+{
+	this->xof->destroy(this->xof);
+	chunk_free(&this->seed);
+	free(this);
+}
+
+/*
+ * Described in header.
+ */
+newhope_noise_t *newhope_noise_create(chunk_t seed)
+{
+	private_newhope_noise_t *this;
+	xof_t *xof;
+
+	if (seed.len != seed_len)
+	{
+		DBG1(DBG_LIB, "seed for ChaCha20 stream must be 256 bits");
+		return NULL;
+	}
+
+	xof = lib->crypto->create_xof(lib->crypto, XOF_CHACHA20);
+	if (!xof)
+	{
+		DBG1(DBG_LIB, "could not instantiate ChaCha20 stream");
+		return NULL;
+	}	
+
+	INIT(this,
+		.public = {
+			.get_uniform_bytes = _get_uniform_bytes,
+			.get_binomial_words = _get_binomial_words,
+			.destroy = _destroy,
+		},
+		.xof = xof,
+		.seed = chunk_alloc(seed_len + nonce_len),
+	);
+
+	/* initialize seed for ChaCha 20 stream */
+	memcpy(this->seed.ptr, seed.ptr, seed_len);
+	memset(this->seed.ptr + seed_len, 0x00, nonce_len);
+
+	return &this->public;
+}
diff --git a/src/libstrongswan/plugins/newhope/newhope_noise.h b/src/libstrongswan/plugins/newhope/newhope_noise.h
new file mode 100644
index 0000000..d7819d3
--- /dev/null
+++ b/src/libstrongswan/plugins/newhope/newhope_noise.h
@@ -0,0 +1,70 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup newhope_noise newhope_noise
+ * @{ @ingroup newhope_p
+ */
+
+#ifndef NEWHOPE_NOISE_H_
+#define NEWHOPE_NOISE_H_
+
+typedef struct newhope_noise_t newhope_noise_t;
+
+#include <library.h>
+
+/**
+ * Generate pseudo random noise using a ChaCha20 stream
+ * initialized with a 256 bit seed and an 8 bit nonce
+ */
+struct newhope_noise_t {
+
+	/**
+	 * Return n pseudo random bytes with a uniform distribution
+	 *
+	 * @param nonce		Nonce determining the pseudo random stream
+	 * @param n			Number of pseudo random bytes to be returned
+	 * @return			Return array with n peudo random bytes
+	 */
+	uint8_t* (*get_uniform_bytes)(newhope_noise_t *this, uint8_t nonce,
+								  uint16_t n);
+
+	/**
+	 * Return n pseudo random 32-bit words with a Psi16 binomial distribution
+	 *
+	 * @param nonce		Nonce determining the pseudo random stream
+	 * @param n			Number of pseudo random Psi16 words to be returned
+	 * @param q			Prime number q determining the ring
+	 * @return			Return array with n pseudo random 32 bit words
+	 */
+	uint32_t* (*get_binomial_words)(newhope_noise_t *this, uint8_t nonce,
+									uint16_t n, uint16_t q);
+
+	/**
+	 * Destroy a newhope_noise_t object
+	 */
+	void (*destroy)(newhope_noise_t *this);
+};
+
+/**
+ * Creates a new newhope_noise_t object.
+ *
+ * @param seed			256 bit seed (32 byte chunk)
+ * @return				newhope_noise_t object, NULL if not supported
+ */
+newhope_noise_t *newhope_noise_create(chunk_t seed);
+
+#endif /** NEWHOPE_NOISE_H_ @}*/
+
diff --git a/src/libcharon/plugins/maemo/maemo_plugin.c b/src/libstrongswan/plugins/newhope/newhope_plugin.c
similarity index 55%
rename from src/libcharon/plugins/maemo/maemo_plugin.c
rename to src/libstrongswan/plugins/newhope/newhope_plugin.c
index ddf9cdb..444e61a 100644
--- a/src/libcharon/plugins/maemo/maemo_plugin.c
+++ b/src/libstrongswan/plugins/newhope/newhope_plugin.c
@@ -1,6 +1,6 @@
 /*
- * Copyright (C) 2010 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -13,59 +13,56 @@
  * for more details.
  */
 
-#include "maemo_plugin.h"
-#include "maemo_service.h"
+#include "newhope_plugin.h"
+#include "newhope_ke.h"
 
-#include <daemon.h>
+#include <library.h>
 
-typedef struct private_maemo_plugin_t private_maemo_plugin_t;
+typedef struct private_newhope_plugin_t private_newhope_plugin_t;
 
 /**
- * private data of maemo plugin
+ * private data of newhope_plugin
  */
-struct private_maemo_plugin_t {
+struct private_newhope_plugin_t {
 
 	/**
-	 * implements plugin interface
+	 * public functions
 	 */
-	maemo_plugin_t public;
-
-	/**
-	 * service
-	 */
-	maemo_service_t *service;
+	newhope_plugin_t public;
 };
 
 METHOD(plugin_t, get_name, char*,
-	private_maemo_plugin_t *this)
+	private_newhope_plugin_t *this)
 {
-	return "maemo";
+	return "newhope";
 }
 
 METHOD(plugin_t, get_features, int,
-	private_maemo_plugin_t *this, plugin_feature_t *features[])
+	private_newhope_plugin_t *this, plugin_feature_t *features[])
 {
 	static plugin_feature_t f[] = {
-		PLUGIN_NOOP,
-			PLUGIN_PROVIDE(CUSTOM, "maemo"),
+		PLUGIN_REGISTER(DH, newhope_ke_create),
+			PLUGIN_PROVIDE(DH, NH_128_BIT),
+				PLUGIN_DEPENDS(XOF, XOF_SHAKE_128),
+				PLUGIN_DEPENDS(XOF, XOF_CHACHA20),
 	};
 	*features = f;
+
 	return countof(f);
 }
 
 METHOD(plugin_t, destroy, void,
-	private_maemo_plugin_t *this)
+	private_newhope_plugin_t *this)
 {
-	this->service->destroy(this->service);
 	free(this);
 }
 
 /*
- * See header
+ * see header file
  */
-plugin_t *maemo_plugin_create()
+plugin_t *newhope_plugin_create()
 {
-	private_maemo_plugin_t *this;
+	private_newhope_plugin_t *this;
 
 	INIT(this,
 		.public = {
@@ -77,11 +74,5 @@ plugin_t *maemo_plugin_create()
 		},
 	);
 
-	this->service = maemo_service_create();
-	if (!this->service)
-	{
-		return NULL;
-	}
-
 	return &this->public.plugin;
 }
diff --git a/src/libcharon/plugins/maemo/maemo_service.h b/src/libstrongswan/plugins/newhope/newhope_plugin.h
similarity index 50%
rename from src/libcharon/plugins/maemo/maemo_service.h
rename to src/libstrongswan/plugins/newhope/newhope_plugin.h
index b0240cb..b04792f 100644
--- a/src/libcharon/plugins/maemo/maemo_service.h
+++ b/src/libstrongswan/plugins/newhope/newhope_plugin.h
@@ -1,6 +1,6 @@
 /*
- * Copyright (C) 2010 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -14,36 +14,29 @@
  */
 
 /**
- * @defgroup maemo_service maemo_service
- * @{ @ingroup maemo
+ * @defgroup newhope_p newhope
+ * @ingroup plugins
+ *
+ * @defgroup newhope_plugin newhope_plugin
+ * @{ @ingroup newhope_p
  */
 
-#ifndef MAEMO_SERVICE_H_
-#define MAEMO_SERVICE_H_
+#ifndef NEWHOPE_PLUGIN_H_
+#define NEWHOPE_PLUGIN_H_
 
-#include <bus/listeners/listener.h>
+#include <plugins/plugin.h>
 
-typedef struct maemo_service_t maemo_service_t;
+typedef struct newhope_plugin_t newhope_plugin_t;
 
 /**
- * Maemo connection management.
+ * Plugin implementing New Hope-based key exchange
  */
-struct maemo_service_t {
-
-	/**
-	 * Implements listener_t.
-	 */
-	listener_t listener;
+struct newhope_plugin_t {
 
 	/**
-	 * Destroy a maemo_service_t.
+	 * implements plugin interface
 	 */
-	void (*destroy)(maemo_service_t *this);
+	plugin_t plugin;
 };
 
-/**
- * Create an instance of maemo_service_t.
- */
-maemo_service_t *maemo_service_create();
-
-#endif /** MAEMO_SERVICE_H_ @}*/
+#endif /** NEWHOPE_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/newhope/newhope_reconciliation.c b/src/libstrongswan/plugins/newhope/newhope_reconciliation.c
new file mode 100644
index 0000000..4aed60e
--- /dev/null
+++ b/src/libstrongswan/plugins/newhope/newhope_reconciliation.c
@@ -0,0 +1,217 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * Based on public domain code by Erdem Alkim, Léo Ducas, Thomas Pöppelmann,
+ * and Peter Schwabe.
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ * 
+ */
+
+#include "newhope_reconciliation.h"
+
+typedef struct private_newhope_reconciliation_t private_newhope_reconciliation_t;
+
+/**
+ * Private data of an newhope_reconciliation_t object.
+ */
+struct private_newhope_reconciliation_t {
+
+	/**
+	 * Public newhope_reconciliation_t interface.
+	 */
+	newhope_reconciliation_t public;
+
+	/**
+	 * Array sizes
+	 */
+	int n, n4;
+
+	/**
+	 * Multiples of modulus q
+	 */
+	int32_t q, q2, q4, q8, q16;
+};
+
+
+static inline int32_t rec_abs(int32_t v)
+{
+  int32_t mask = v >> 31;
+
+  return (v ^ mask) - mask;
+}
+
+/**
+ * Auxiliary function used by help_reconcile() method
+ */
+static int32_t rec_f(private_newhope_reconciliation_t *this,
+					 int32_t v, uint8_t r, int32_t *v0, int32_t *v1)
+{
+	int32_t x, xit, t, b;
+
+	x = 8 * v + 2 * r;
+
+	/* compute t = x/q */
+	b = x * 2730;
+	t = b >> 25;
+	b = x - t * this->q;
+	b = this->q - 1 - b;
+	b >>= 31;
+	t -= b;
+
+	r = t & 0x01;
+	xit = (t >> 1);
+	*v0 = xit + r ; /* v0 = round(x/(2q)) */
+
+	t -= 1;
+	r = t & 0x01;
+	*v1 = ( t>> 1) + r;
+
+	return rec_abs(x - (*v0) * this->q2);
+}
+
+/**
+ * Auxiliary function used by reconcile() method
+ */
+static int32_t rec_g(private_newhope_reconciliation_t *this, int32_t x)
+{
+	int32_t t, r, b;
+
+	/*  t = x/(4*q) */
+	b = x * 2730;
+	t = b >> 27;
+	b = x - t * this->q4;
+	b = this->q4 - 1 - b;
+	b >>= 31;
+	t -= b;
+
+	r = t & 0x01;
+	t = (t >> 1) + r; /* t = round(x/(8q)) */
+	t *= this->q8;
+
+  return abs(t - x);
+}
+
+METHOD(newhope_reconciliation_t, help_reconcile, uint8_t*,
+	private_newhope_reconciliation_t *this, uint32_t *v, uint8_t *rbits)
+{
+	int32_t v0[4], v1[4], v_tmp[4], k;
+	int i, i0, i1, i2, i3, j;
+	uint8_t *r, rbit;
+
+	/* allocate output vector */
+	r = (uint8_t*)malloc(this->n);
+
+	for (i = 0; i < this->n4/8; i++)
+	{
+		for (j = 0; j < 8; j++)
+		{
+			i0 = 8*i  + j;
+			i1 = i0 + this->n4;
+			i2 = i1 + this->n4;
+			i3 = i2 + this->n4;
+
+			/* iterate through all 256 random bits */
+			rbit = (rbits[i] >> j) & 0x01;
+
+			k  = rec_f(this, v[i0], rbit, &v0[0], &v1[0]);
+			k += rec_f(this, v[i1], rbit, &v0[1], &v1[1]);
+			k += rec_f(this, v[i2], rbit, &v0[2], &v1[2]);
+			k += rec_f(this, v[i3], rbit, &v0[3], &v1[3]);
+
+			k = (this->q2 - 1 - k) >> 31;
+
+			v_tmp[0] = ((~k) & v0[0]) ^ (k & v1[0]);
+			v_tmp[1] = ((~k) & v0[1]) ^ (k & v1[1]);
+			v_tmp[2] = ((~k) & v0[2]) ^ (k & v1[2]);
+			v_tmp[3] = ((~k) & v0[3]) ^ (k & v1[3]);
+
+			r[i0] = (v_tmp[0] -     v_tmp[3]) & 0x03;
+			r[i1] = (v_tmp[1] -     v_tmp[3]) & 0x03;
+			r[i2] = (v_tmp[2] -     v_tmp[3]) & 0x03;
+			r[i3] = (v_tmp[3] - k + v_tmp[3]) & 0x03;
+		}
+	}
+
+	return r;
+}
+
+METHOD(newhope_reconciliation_t, reconcile, chunk_t,
+	private_newhope_reconciliation_t *this, uint32_t *v, uint8_t *r)
+{
+	size_t key_len;
+	uint8_t *key;
+	int32_t tmp[4], t;
+	int i, i0, i1, i2, i3, j;
+
+	key_len = this->n4 / 8;
+	key = (uint8_t*)malloc(key_len);
+	memset(key, 0x00, key_len);
+
+	for (i = 0; i < key_len; i++)
+	{
+		for (j = 0; j < 8; j++)
+		{
+			i0 = 8*i + j;
+			i1 = i0 + this->n4;
+			i2 = i1 + this->n4;
+			i3 = i2 + this->n4;
+
+			tmp[0] = this->q16 + 8 * (int32_t)v[i0] - 
+					 this->q  * (2*r[i0] + r[i3]);
+			tmp[1] = this->q16 + 8 * (int32_t)v[i1] -
+					 this->q  * (2*r[i1] + r[i3]);
+			tmp[2] = this->q16 + 8 * (int32_t)v[i2] -
+					 this->q  * (2*r[i2] + r[i3]);
+			tmp[3] = this->q16 + 8 * (int32_t)v[i3] -
+					 this->q *  (          r[i3]);
+
+			t = rec_g(this, tmp[0]) + rec_g(this, tmp[1]) +
+				rec_g(this, tmp[2]) + rec_g(this, tmp[3]) - this->q8;
+
+			key[i] |= ((t >> 31) & 0x01) << j;
+		}
+	}
+
+	return chunk_create(key, key_len);
+}
+
+METHOD(newhope_reconciliation_t, destroy, void,
+	private_newhope_reconciliation_t *this)
+{
+	free(this);
+}
+
+/*
+ * Described in header.
+ */
+newhope_reconciliation_t *newhope_reconciliation_create(int n, int32_t q)
+{
+	private_newhope_reconciliation_t *this;
+
+	INIT(this,
+		.public = {
+			.help_reconcile = _help_reconcile,
+			.reconcile = _reconcile,
+			.destroy = _destroy,
+		},
+		.n   =  n,
+		.n4  =  n / 4,
+		.q   =      q,
+		.q2  =  2 * q,
+		.q4  =  4 * q,
+		.q8  =  8 * q,
+		.q16 = 16 * q,
+	);
+
+	return &this->public;
+}
diff --git a/src/libstrongswan/plugins/newhope/newhope_reconciliation.h b/src/libstrongswan/plugins/newhope/newhope_reconciliation.h
new file mode 100644
index 0000000..7cbf0d2
--- /dev/null
+++ b/src/libstrongswan/plugins/newhope/newhope_reconciliation.h
@@ -0,0 +1,70 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup newhope_reconciliation newhope_reconciliation
+ * @{ @ingroup newhope_p
+ */
+
+#ifndef NEWHOPE_RECONCILIATION_H_
+#define NEWHOPE_RECONCILIATION_H_
+
+typedef struct newhope_reconciliation_t newhope_reconciliation_t;
+
+#include <library.h>
+
+/**
+ * Class assisting the error reconciliation
+ * resulting in a key exchange error rate < 2^(-60)
+ */
+struct newhope_reconciliation_t {
+
+	/**
+	 * Generate reconciliation polynomial
+	 *
+	 * @param v			polynomial v
+	 * @param rbits		pseudo random bit array	
+	 * @return			return array with reconciliation polynomial
+	 */
+	uint8_t* (*help_reconcile)(newhope_reconciliation_t *this,
+							   uint32_t *v, uint8_t *rbits);
+
+	/**
+	 * Use reconciliation polynomial r to derive shared secret
+	 *
+	 * @param v			polynomial v or v'
+	 * @param r			reconciliation polynomial r
+	 * @return			Return shared secret
+	 */
+	chunk_t (*reconcile)(newhope_reconciliation_t *this,
+						uint32_t *v, uint8_t *r);
+
+	/**
+	 * Destroy a newhope_reconciliation_t object
+	 */
+	void (*destroy)(newhope_reconciliation_t *this);
+};
+
+/**
+ * Creates a new newhope_reconciliation_t object.
+ *
+ * @param n				array size
+ * @param q				prime modulus
+ * @return				newhope_reconciliation_t object
+ */
+newhope_reconciliation_t *newhope_reconciliation_create(int n, int32_t q);
+
+#endif /** NEWHOPE_RECONCILIATION_H_ @}*/
+
diff --git a/src/libstrongswan/plugins/newhope/tests/Makefile.am b/src/libstrongswan/plugins/newhope/tests/Makefile.am
new file mode 100644
index 0000000..3992e26
--- /dev/null
+++ b/src/libstrongswan/plugins/newhope/tests/Makefile.am
@@ -0,0 +1,25 @@
+TESTS = newhope_tests
+
+check_PROGRAMS = $(TESTS)
+
+newhope_tests_SOURCES = \
+	suites/test_newhope_ke.c \
+	suites/test_newhope_noise.c \
+	suites/test_newhope_reconciliation.c \
+	newhope_tests.h newhope_tests.c
+
+newhope_tests_CFLAGS = \
+	-I$(top_srcdir)/src/libstrongswan \
+	-I$(top_srcdir)/src/libstrongswan/tests \
+	-I$(top_srcdir)/src/libstrongswan/math/libnttfft \
+	-I$(top_srcdir)/src/libstrongswan/plugins/newhope \
+	-DPLUGINDIR=\""$(abs_top_builddir)/src/libstrongswan/plugins\"" \
+	-DPLUGINS=\""${s_plugins}\"" \
+	@COVERAGE_CFLAGS@
+
+newhope_tests_LDFLAGS = @COVERAGE_LDFLAGS@
+newhope_tests_LDADD = \
+	$(top_builddir)/src/libstrongswan/libstrongswan.la \
+	$(top_builddir)/src/libstrongswan/tests/libtest.la \
+	$(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la \
+	../libnewhope.la
diff --git a/src/libtls/tests/Makefile.in b/src/libstrongswan/plugins/newhope/tests/Makefile.in
similarity index 71%
copy from src/libtls/tests/Makefile.in
copy to src/libstrongswan/plugins/newhope/tests/Makefile.in
index e00de3f..07ded5d 100644
--- a/src/libtls/tests/Makefile.in
+++ b/src/libstrongswan/plugins/newhope/tests/Makefile.in
@@ -87,9 +87,9 @@ PRE_UNINSTALL = :
 POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
-TESTS = tls_tests$(EXEEXT)
+TESTS = newhope_tests$(EXEEXT)
 check_PROGRAMS = $(am__EXEEXT_1)
-subdir = src/libtls/tests
+subdir = src/libstrongswan/plugins/newhope/tests
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
 	$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -108,22 +108,26 @@ mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
 CONFIG_CLEAN_VPATH_FILES =
-am__EXEEXT_1 = tls_tests$(EXEEXT)
+am__EXEEXT_1 = newhope_tests$(EXEEXT)
 am__dirstamp = $(am__leading_dot)dirstamp
-am_tls_tests_OBJECTS = suites/tls_tests-test_socket.$(OBJEXT) \
-	suites/tls_tests-test_suites.$(OBJEXT) \
-	tls_tests-tls_tests.$(OBJEXT)
-tls_tests_OBJECTS = $(am_tls_tests_OBJECTS)
-tls_tests_DEPENDENCIES = $(top_builddir)/src/libtls/libtls.la \
+am_newhope_tests_OBJECTS =  \
+	suites/newhope_tests-test_newhope_ke.$(OBJEXT) \
+	suites/newhope_tests-test_newhope_noise.$(OBJEXT) \
+	suites/newhope_tests-test_newhope_reconciliation.$(OBJEXT) \
+	newhope_tests-newhope_tests.$(OBJEXT)
+newhope_tests_OBJECTS = $(am_newhope_tests_OBJECTS)
+newhope_tests_DEPENDENCIES =  \
 	$(top_builddir)/src/libstrongswan/libstrongswan.la \
-	$(top_builddir)/src/libstrongswan/tests/libtest.la
+	$(top_builddir)/src/libstrongswan/tests/libtest.la \
+	$(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la \
+	../libnewhope.la
 AM_V_lt = $(am__v_lt_ at AM_V@)
 am__v_lt_ = $(am__v_lt_ at AM_DEFAULT_V@)
 am__v_lt_0 = --silent
 am__v_lt_1 = 
-tls_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
-	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(tls_tests_CFLAGS) \
-	$(CFLAGS) $(tls_tests_LDFLAGS) $(LDFLAGS) -o $@
+newhope_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(newhope_tests_CFLAGS) \
+	$(CFLAGS) $(newhope_tests_LDFLAGS) $(LDFLAGS) -o $@
 AM_V_P = $(am__v_P_ at AM_V@)
 am__v_P_ = $(am__v_P_ at AM_DEFAULT_V@)
 am__v_P_0 = false
@@ -158,8 +162,8 @@ AM_V_CCLD = $(am__v_CCLD_ at AM_V@)
 am__v_CCLD_ = $(am__v_CCLD_ at AM_DEFAULT_V@)
 am__v_CCLD_0 = @echo "  CCLD    " $@;
 am__v_CCLD_1 = 
-SOURCES = $(tls_tests_SOURCES)
-DIST_SOURCES = $(tls_tests_SOURCES)
+SOURCES = $(newhope_tests_SOURCES)
+DIST_SOURCES = $(newhope_tests_SOURCES)
 am__can_run_installinfo = \
   case $$AM_UPDATE_INFO_DIR in \
     n|no|NO) false;; \
@@ -347,7 +351,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
 cmd_plugins = @cmd_plugins@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
 dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
@@ -381,8 +384,6 @@ libiptc_LIBS = @libiptc_LIBS@
 linux_headers = @linux_headers@
 localedir = @localedir@
 localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
 manager_plugins = @manager_plugins@
 mandir = @mandir@
 medsrv_plugins = @medsrv_plugins@
@@ -436,27 +437,32 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
-tls_tests_SOURCES = \
-	suites/test_socket.c \
-	suites/test_suites.c \
-	tls_tests.h tls_tests.c
+newhope_tests_SOURCES = \
+	suites/test_newhope_ke.c \
+	suites/test_newhope_noise.c \
+	suites/test_newhope_reconciliation.c \
+	newhope_tests.h newhope_tests.c
 
-tls_tests_CFLAGS = \
-	-I$(top_srcdir)/src/libtls \
+newhope_tests_CFLAGS = \
 	-I$(top_srcdir)/src/libstrongswan \
 	-I$(top_srcdir)/src/libstrongswan/tests \
+	-I$(top_srcdir)/src/libstrongswan/math/libnttfft \
+	-I$(top_srcdir)/src/libstrongswan/plugins/newhope \
 	-DPLUGINDIR=\""$(abs_top_builddir)/src/libstrongswan/plugins\"" \
 	-DPLUGINS=\""${s_plugins}\"" \
 	@COVERAGE_CFLAGS@
 
-tls_tests_LDFLAGS = @COVERAGE_LDFLAGS@
-tls_tests_LDADD = \
-	$(top_builddir)/src/libtls/libtls.la \
+newhope_tests_LDFLAGS = @COVERAGE_LDFLAGS@
+newhope_tests_LDADD = \
 	$(top_builddir)/src/libstrongswan/libstrongswan.la \
-	$(top_builddir)/src/libstrongswan/tests/libtest.la
+	$(top_builddir)/src/libstrongswan/tests/libtest.la \
+	$(top_builddir)/src/libstrongswan/math/libnttfft/libnttfft.la \
+	../libnewhope.la
 
 all: all-am
 
@@ -471,9 +477,9 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	      exit 1;; \
 	  esac; \
 	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libtls/tests/Makefile'; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/newhope/tests/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
-	  $(AUTOMAKE) --gnu src/libtls/tests/Makefile
+	  $(AUTOMAKE) --gnu src/libstrongswan/plugins/newhope/tests/Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
@@ -506,14 +512,16 @@ suites/$(am__dirstamp):
 suites/$(DEPDIR)/$(am__dirstamp):
 	@$(MKDIR_P) suites/$(DEPDIR)
 	@: > suites/$(DEPDIR)/$(am__dirstamp)
-suites/tls_tests-test_socket.$(OBJEXT): suites/$(am__dirstamp) \
-	suites/$(DEPDIR)/$(am__dirstamp)
-suites/tls_tests-test_suites.$(OBJEXT): suites/$(am__dirstamp) \
-	suites/$(DEPDIR)/$(am__dirstamp)
+suites/newhope_tests-test_newhope_ke.$(OBJEXT):  \
+	suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
+suites/newhope_tests-test_newhope_noise.$(OBJEXT):  \
+	suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
+suites/newhope_tests-test_newhope_reconciliation.$(OBJEXT):  \
+	suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
 
-tls_tests$(EXEEXT): $(tls_tests_OBJECTS) $(tls_tests_DEPENDENCIES) $(EXTRA_tls_tests_DEPENDENCIES) 
-	@rm -f tls_tests$(EXEEXT)
-	$(AM_V_CCLD)$(tls_tests_LINK) $(tls_tests_OBJECTS) $(tls_tests_LDADD) $(LIBS)
+newhope_tests$(EXEEXT): $(newhope_tests_OBJECTS) $(newhope_tests_DEPENDENCIES) $(EXTRA_newhope_tests_DEPENDENCIES) 
+	@rm -f newhope_tests$(EXEEXT)
+	$(AM_V_CCLD)$(newhope_tests_LINK) $(newhope_tests_OBJECTS) $(newhope_tests_LDADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -522,9 +530,10 @@ mostlyclean-compile:
 distclean-compile:
 	-rm -f *.tab.c
 
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/tls_tests-tls_tests.Po at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/tls_tests-test_socket.Po at am__quote@
- at AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/tls_tests-test_suites.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/newhope_tests-newhope_tests.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/newhope_tests-test_newhope_ke.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/newhope_tests-test_newhope_noise.Po at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at suites/$(DEPDIR)/newhope_tests-test_newhope_reconciliation.Po at am__quote@
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
@@ -550,47 +559,61 @@ distclean-compile:
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC at am__nodep@)$(LTCOMPILE) -c -o $@ $<
 
-suites/tls_tests-test_socket.o: suites/test_socket.c
- at am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tls_tests_CFLAGS) $(CFLAGS) -MT suites/tls_tests-test_socket.o -MD -MP -MF suites/$(DEPDIR)/tls_tests-test_socket.Tpo -c -o suites/tls_tests-test_socket.o `test -f 'suites/test_socket.c' || echo '$(srcdir)/'`suites/test_socket.c
- at am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) suites/$(DEPDIR)/tls_tests-test_socket.Tpo suites/$(DEPDIR)/tls_tests-test_socket.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='suites/test_socket.c' object='suites/tls_tests-test_socket.o' libtool=no @AMDEPBACKSLASH@
+suites/newhope_tests-test_newhope_ke.o: suites/test_newhope_ke.c
+ at am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(newhope_tests_CFLAGS) $(CFLAGS) -MT suites/newhope_tests-test_newhope_ke.o -MD -MP -MF suites/$(DEPDIR)/newhope_tests-test_newhope_ke.Tpo -c -o suites/newhope_tests-test_newhope_ke.o `test -f 'suites/test_newhope_ke.c' || echo '$(srcdir)/'`suites/test_newhope_ke.c
+ at am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) suites/$(DEPDIR)/newhope_tests-test_newhope_ke.Tpo suites/$(DEPDIR)/newhope_tests-test_newhope_ke.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='suites/test_newhope_ke.c' object='suites/newhope_tests-test_newhope_ke.o' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@	$(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tls_tests_CFLAGS) $(CFLAGS) -c -o suites/tls_tests-test_socket.o `test -f 'suites/test_socket.c' || echo '$(srcdir)/'`suites/test_socket.c
+ at am__fastdepCC_FALSE@	$(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(newhope_tests_CFLAGS) $(CFLAGS) -c -o suites/newhope_tests-test_newhope_ke.o `test -f 'suites/test_newhope_ke.c' || echo '$(srcdir)/'`suites/test_newhope_ke.c
 
-suites/tls_tests-test_socket.obj: suites/test_socket.c
- at am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tls_tests_CFLAGS) $(CFLAGS) -MT suites/tls_tests-test_socket.obj -MD -MP -MF suites/$(DEPDIR)/tls_tests-test_socket.Tpo -c -o suites/tls_tests-test_socket.obj `if test -f 'suites/test_socket.c'; then $(CYGPATH_W) 'suites/test_socket.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_socket.c'; fi`
- at am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) suites/$(DEPDIR)/tls_tests-test_socket.Tpo suites/$(DEPDIR)/tls_tests-test_socket.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='suites/test_socket.c' object='suites/tls_tests-test_socket.obj' libtool=no @AMDEPBACKSLASH@
+suites/newhope_tests-test_newhope_ke.obj: suites/test_newhope_ke.c
+ at am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(newhope_tests_CFLAGS) $(CFLAGS) -MT suites/newhope_tests-test_newhope_ke.obj -MD -MP -MF suites/$(DEPDIR)/newhope_tests-test_newhope_ke.Tpo -c -o suites/newhope_tests-test_newhope_ke.obj `if test -f 'suites/test_newhope_ke.c'; then $(CYGPATH_W) 'suites/test_newhope_ke.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_newhope_ke.c'; fi`
+ at am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) suites/$(DEPDIR)/newhope_tests-test_newhope_ke.Tpo suites/$(DEPDIR)/newhope_tests-test_newhope_ke.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='suites/test_newhope_ke.c' object='suites/newhope_tests-test_newhope_ke.obj' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@	$(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tls_tests_CFLAGS) $(CFLAGS) -c -o suites/tls_tests-test_socket.obj `if test -f 'suites/test_socket.c'; then $(CYGPATH_W) 'suites/test_socket.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_socket.c'; fi`
+ at am__fastdepCC_FALSE@	$(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(newhope_tests_CFLAGS) $(CFLAGS) -c -o suites/newhope_tests-test_newhope_ke.obj `if test -f 'suites/test_newhope_ke.c'; then $(CYGPATH_W) 'suites/test_newhope_ke.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_newhope_ke.c'; fi`
 
-suites/tls_tests-test_suites.o: suites/test_suites.c
- at am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tls_tests_CFLAGS) $(CFLAGS) -MT suites/tls_tests-test_suites.o -MD -MP -MF suites/$(DEPDIR)/tls_tests-test_suites.Tpo -c -o suites/tls_tests-test_suites.o `test -f 'suites/test_suites.c' || echo '$(srcdir)/'`suites/test_suites.c
- at am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) suites/$(DEPDIR)/tls_tests-test_suites.Tpo suites/$(DEPDIR)/tls_tests-test_suites.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='suites/test_suites.c' object='suites/tls_tests-test_suites.o' libtool=no @AMDEPBACKSLASH@
+suites/newhope_tests-test_newhope_noise.o: suites/test_newhope_noise.c
+ at am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(newhope_tests_CFLAGS) $(CFLAGS) -MT suites/newhope_tests-test_newhope_noise.o -MD -MP -MF suites/$(DEPDIR)/newhope_tests-test_newhope_noise.Tpo -c -o suites/newhope_tests-test_newhope_noise.o `test -f 'suites/test_newhope_noise.c' || echo '$(srcdir)/'`suites/test_newhope_noise.c
+ at am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) suites/$(DEPDIR)/newhope_tests-test_newhope_noise.Tpo suites/$(DEPDIR)/newhope_tests-test_newhope_noise.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='suites/test_newhope_noise.c' object='suites/newhope_tests-test_newhope_noise.o' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@	$(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tls_tests_CFLAGS) $(CFLAGS) -c -o suites/tls_tests-test_suites.o `test -f 'suites/test_suites.c' || echo '$(srcdir)/'`suites/test_suites.c
+ at am__fastdepCC_FALSE@	$(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(newhope_tests_CFLAGS) $(CFLAGS) -c -o suites/newhope_tests-test_newhope_noise.o `test -f 'suites/test_newhope_noise.c' || echo '$(srcdir)/'`suites/test_newhope_noise.c
 
-suites/tls_tests-test_suites.obj: suites/test_suites.c
- at am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tls_tests_CFLAGS) $(CFLAGS) -MT suites/tls_tests-test_suites.obj -MD -MP -MF suites/$(DEPDIR)/tls_tests-test_suites.Tpo -c -o suites/tls_tests-test_suites.obj `if test -f 'suites/test_suites.c'; then $(CYGPATH_W) 'suites/test_suites.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_suites.c'; fi`
- at am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) suites/$(DEPDIR)/tls_tests-test_suites.Tpo suites/$(DEPDIR)/tls_tests-test_suites.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='suites/test_suites.c' object='suites/tls_tests-test_suites.obj' libtool=no @AMDEPBACKSLASH@
+suites/newhope_tests-test_newhope_noise.obj: suites/test_newhope_noise.c
+ at am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(newhope_tests_CFLAGS) $(CFLAGS) -MT suites/newhope_tests-test_newhope_noise.obj -MD -MP -MF suites/$(DEPDIR)/newhope_tests-test_newhope_noise.Tpo -c -o suites/newhope_tests-test_newhope_noise.obj `if test -f 'suites/test_newhope_noise.c'; then $(CYGPATH_W) 'suites/test_newhope_noise.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_newhope_noise.c'; fi`
+ at am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) suites/$(DEPDIR)/newhope_tests-test_newhope_noise.Tpo suites/$(DEPDIR)/newhope_tests-test_newhope_noise.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='suites/test_newhope_noise.c' object='suites/newhope_tests-test_newhope_noise.obj' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@	$(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tls_tests_CFLAGS) $(CFLAGS) -c -o suites/tls_tests-test_suites.obj `if test -f 'suites/test_suites.c'; then $(CYGPATH_W) 'suites/test_suites.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_suites.c'; fi`
+ at am__fastdepCC_FALSE@	$(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(newhope_tests_CFLAGS) $(CFLAGS) -c -o suites/newhope_tests-test_newhope_noise.obj `if test -f 'suites/test_newhope_noise.c'; then $(CYGPATH_W) 'suites/test_newhope_noise.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_newhope_noise.c'; fi`
 
-tls_tests-tls_tests.o: tls_tests.c
- at am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tls_tests_CFLAGS) $(CFLAGS) -MT tls_tests-tls_tests.o -MD -MP -MF $(DEPDIR)/tls_tests-tls_tests.Tpo -c -o tls_tests-tls_tests.o `test -f 'tls_tests.c' || echo '$(srcdir)/'`tls_tests.c
- at am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/tls_tests-tls_tests.Tpo $(DEPDIR)/tls_tests-tls_tests.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='tls_tests.c' object='tls_tests-tls_tests.o' libtool=no @AMDEPBACKSLASH@
+suites/newhope_tests-test_newhope_reconciliation.o: suites/test_newhope_reconciliation.c
+ at am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(newhope_tests_CFLAGS) $(CFLAGS) -MT suites/newhope_tests-test_newhope_reconciliation.o -MD -MP -MF suites/$(DEPDIR)/newhope_tests-test_newhope_reconciliation.Tpo -c -o suites/newhope_tests-test_newhope_reconciliation.o `test -f 'suites/test_newhope_reconciliation.c' || echo '$(srcdir)/'`suites/test_newhope_reconciliation.c
+ at am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) suites/$(DEPDIR)/newhope_tests-test_newhope_reconciliation.Tpo suites/$(DEPDIR)/newhope_tests-test_newhope_reconciliation.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='suites/test_newhope_reconciliation.c' object='suites/newhope_tests-test_newhope_reconciliation.o' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@	$(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tls_tests_CFLAGS) $(CFLAGS) -c -o tls_tests-tls_tests.o `test -f 'tls_tests.c' || echo '$(srcdir)/'`tls_tests.c
+ at am__fastdepCC_FALSE@	$(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(newhope_tests_CFLAGS) $(CFLAGS) -c -o suites/newhope_tests-test_newhope_reconciliation.o `test -f 'suites/test_newhope_reconciliation.c' || echo '$(srcdir)/'`suites/test_newhope_reconciliation.c
 
-tls_tests-tls_tests.obj: tls_tests.c
- at am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tls_tests_CFLAGS) $(CFLAGS) -MT tls_tests-tls_tests.obj -MD -MP -MF $(DEPDIR)/tls_tests-tls_tests.Tpo -c -o tls_tests-tls_tests.obj `if test -f 'tls_tests.c'; then $(CYGPATH_W) 'tls_tests.c'; else $(CYGPATH_W) '$(srcdir)/tls_tests.c'; fi`
- at am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/tls_tests-tls_tests.Tpo $(DEPDIR)/tls_tests-tls_tests.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='tls_tests.c' object='tls_tests-tls_tests.obj' libtool=no @AMDEPBACKSLASH@
+suites/newhope_tests-test_newhope_reconciliation.obj: suites/test_newhope_reconciliation.c
+ at am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(newhope_tests_CFLAGS) $(CFLAGS) -MT suites/newhope_tests-test_newhope_reconciliation.obj -MD -MP -MF suites/$(DEPDIR)/newhope_tests-test_newhope_reconciliation.Tpo -c -o suites/newhope_tests-test_newhope_reconciliation.obj `if test -f 'suites/test_newhope_reconciliation.c'; then $(CYGPATH_W) 'suites/test_newhope_reconciliation.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_newhope_reco [...]
+ at am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) suites/$(DEPDIR)/newhope_tests-test_newhope_reconciliation.Tpo suites/$(DEPDIR)/newhope_tests-test_newhope_reconciliation.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='suites/test_newhope_reconciliation.c' object='suites/newhope_tests-test_newhope_reconciliation.obj' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@	$(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tls_tests_CFLAGS) $(CFLAGS) -c -o tls_tests-tls_tests.obj `if test -f 'tls_tests.c'; then $(CYGPATH_W) 'tls_tests.c'; else $(CYGPATH_W) '$(srcdir)/tls_tests.c'; fi`
+ at am__fastdepCC_FALSE@	$(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(newhope_tests_CFLAGS) $(CFLAGS) -c -o suites/newhope_tests-test_newhope_reconciliation.obj `if test -f 'suites/test_newhope_reconciliation.c'; then $(CYGPATH_W) 'suites/test_newhope_reconciliation.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_newhope_reconciliation.c'; fi`
+
+newhope_tests-newhope_tests.o: newhope_tests.c
+ at am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(newhope_tests_CFLAGS) $(CFLAGS) -MT newhope_tests-newhope_tests.o -MD -MP -MF $(DEPDIR)/newhope_tests-newhope_tests.Tpo -c -o newhope_tests-newhope_tests.o `test -f 'newhope_tests.c' || echo '$(srcdir)/'`newhope_tests.c
+ at am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/newhope_tests-newhope_tests.Tpo $(DEPDIR)/newhope_tests-newhope_tests.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='newhope_tests.c' object='newhope_tests-newhope_tests.o' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@	$(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(newhope_tests_CFLAGS) $(CFLAGS) -c -o newhope_tests-newhope_tests.o `test -f 'newhope_tests.c' || echo '$(srcdir)/'`newhope_tests.c
+
+newhope_tests-newhope_tests.obj: newhope_tests.c
+ at am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(newhope_tests_CFLAGS) $(CFLAGS) -MT newhope_tests-newhope_tests.obj -MD -MP -MF $(DEPDIR)/newhope_tests-newhope_tests.Tpo -c -o newhope_tests-newhope_tests.obj `if test -f 'newhope_tests.c'; then $(CYGPATH_W) 'newhope_tests.c'; else $(CYGPATH_W) '$(srcdir)/newhope_tests.c'; fi`
+ at am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/newhope_tests-newhope_tests.Tpo $(DEPDIR)/newhope_tests-newhope_tests.Po
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='newhope_tests.c' object='newhope_tests-newhope_tests.obj' libtool=no @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCC_FALSE@	$(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(newhope_tests_CFLAGS) $(CFLAGS) -c -o newhope_tests-newhope_tests.obj `if test -f 'newhope_tests.c'; then $(CYGPATH_W) 'newhope_tests.c'; else $(CYGPATH_W) '$(srcdir)/newhope_tests.c'; fi`
 
 mostlyclean-libtool:
 	-rm -f *.lo
diff --git a/src/libcharon/tests/libcharon_tests.c b/src/libstrongswan/plugins/newhope/tests/newhope_tests.c
similarity index 70%
copy from src/libcharon/tests/libcharon_tests.c
copy to src/libstrongswan/plugins/newhope/tests/newhope_tests.c
index e25e543..1cc9a2d 100644
--- a/src/libcharon/tests/libcharon_tests.c
+++ b/src/libstrongswan/plugins/newhope/tests/newhope_tests.c
@@ -1,6 +1,6 @@
 /*
- * Copyright (C) 2014 Martin Willi
- * Copyright (C) 2014 revosec AG
+ * Copyright (C) 2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -14,21 +14,18 @@
  */
 
 #include <test_runner.h>
-#include <daemon.h>
+
+#include <library.h>
 
 /* declare test suite constructors */
 #define TEST_SUITE(x) test_suite_t* x();
-#define TEST_SUITE_DEPEND(x, ...) TEST_SUITE(x)
-#include "libcharon_tests.h"
+#include "newhope_tests.h"
 #undef TEST_SUITE
-#undef TEST_SUITE_DEPEND
 
 static test_configuration_t tests[] = {
 #define TEST_SUITE(x) \
 	{ .suite = x, },
-#define TEST_SUITE_DEPEND(x, type, ...) \
-	{ .suite = x, .feature = PLUGIN_DEPENDS(type, __VA_ARGS__) },
-#include "libcharon_tests.h"
+#include "newhope_tests.h"
 	{ .suite = NULL, }
 };
 
@@ -38,10 +35,7 @@ static bool test_runner_init(bool init)
 	{
 		char *plugins, *plugindir;
 
-		libcharon_init();
-
-		plugins = getenv("TESTS_PLUGINS") ?:
-					lib->settings->get_str(lib->settings,
+		plugins = lib->settings->get_str(lib->settings,
 										"tests.load", PLUGINS);
 		plugindir = lib->settings->get_str(lib->settings,
 										"tests.plugindir", PLUGINDIR);
@@ -53,12 +47,14 @@ static bool test_runner_init(bool init)
 	}
 	else
 	{
-		libcharon_deinit();
+		lib->processor->set_threads(lib->processor, 0);
+		lib->processor->cancel(lib->processor);
+		lib->plugins->unload(lib->plugins);
 	}
 	return TRUE;
 }
 
 int main(int argc, char *argv[])
 {
-	return test_runner_run("libcharon", tests, test_runner_init);
+	return test_runner_run("newhope", tests, test_runner_init);
 }
diff --git a/src/libstrongswan/plugins/bliss/tests/bliss_tests.h b/src/libstrongswan/plugins/newhope/tests/newhope_tests.h
similarity index 65%
copy from src/libstrongswan/plugins/bliss/tests/bliss_tests.h
copy to src/libstrongswan/plugins/newhope/tests/newhope_tests.h
index f0959cc..3f81434 100644
--- a/src/libstrongswan/plugins/bliss/tests/bliss_tests.h
+++ b/src/libstrongswan/plugins/newhope/tests/newhope_tests.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2015 Andreas Steffen
+ * Copyright (C) 2016 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -13,11 +13,6 @@
  * for more details.
  */
 
-TEST_SUITE(bliss_fft_suite_create)
-TEST_SUITE(bliss_bitpacker_suite_create)
-TEST_SUITE(bliss_huffman_suite_create)
-TEST_SUITE(bliss_keys_suite_create)
-TEST_SUITE(bliss_sampler_suite_create)
-TEST_SUITE(bliss_signature_suite_create)
-TEST_SUITE(bliss_sign_suite_create)
-
+TEST_SUITE(newhope_ke_suite_create)
+TEST_SUITE(newhope_noise_suite_create)
+TEST_SUITE(newhope_reconciliation_suite_create)
diff --git a/src/libstrongswan/plugins/newhope/tests/suites/test_newhope_ke.c b/src/libstrongswan/plugins/newhope/tests/suites/test_newhope_ke.c
new file mode 100644
index 0000000..33b744f
--- /dev/null
+++ b/src/libstrongswan/plugins/newhope/tests/suites/test_newhope_ke.c
@@ -0,0 +1,193 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <newhope_ke.h>
+
+#include <library.h>
+
+#include <time.h>
+
+const int count = 1000;
+
+START_TEST(test_newhope_ke_good)
+{
+	chunk_t i_msg, r_msg, i_shared_secret, r_shared_secret;
+	diffie_hellman_t *i_nh, *r_nh;
+	struct timespec start, stop;
+	int i;
+
+	clock_gettime(CLOCK_THREAD_CPUTIME_ID, &start);
+
+	for (i = 0; i < count; i++)
+	{
+		i_nh = lib->crypto->create_dh(lib->crypto, NH_128_BIT);
+		ck_assert(i_nh != NULL);
+		ck_assert(i_nh->get_dh_group(i_nh) == NH_128_BIT);
+
+		ck_assert(i_nh->get_my_public_value(i_nh, &i_msg));
+		ck_assert(i_msg.len = 1824);
+
+		r_nh = lib->crypto->create_dh(lib->crypto, NH_128_BIT);
+		ck_assert(r_nh != NULL);
+
+		ck_assert(r_nh->set_other_public_value(r_nh, i_msg));
+		ck_assert(r_nh->get_my_public_value(r_nh, &r_msg));
+		ck_assert(r_msg.len == 2048);
+
+		ck_assert(r_nh->get_shared_secret(r_nh, &r_shared_secret));
+		ck_assert(r_shared_secret.len == 32);
+
+		ck_assert(i_nh->set_other_public_value(i_nh, r_msg));
+		ck_assert(i_nh->get_shared_secret(i_nh, &i_shared_secret));
+		ck_assert(i_shared_secret.len == 32);
+		ck_assert(chunk_equals(i_shared_secret, r_shared_secret));
+
+		/* cleanup */
+		chunk_clear(&i_shared_secret);
+		chunk_clear(&r_shared_secret);
+		chunk_free(&i_msg);
+		chunk_free(&r_msg);
+		i_nh->destroy(i_nh);
+		r_nh->destroy(r_nh);
+	}
+
+	clock_gettime(CLOCK_THREAD_CPUTIME_ID, &stop);
+
+	DBG0(DBG_LIB, "%d Newhope DH loops in %d ms\n", count,
+				  (stop.tv_nsec - start.tv_nsec) / 1000000 +
+				  (stop.tv_sec - start.tv_sec) * 1000);
+}
+END_TEST
+
+START_TEST(test_newhope_ke_wrong)
+{
+	chunk_t i_msg, r_msg, i_shared_secret, r_shared_secret;
+	diffie_hellman_t *i_nh, *r_nh;
+
+	i_nh = lib->crypto->create_dh(lib->crypto, NH_128_BIT);
+	ck_assert(i_nh != NULL);
+	ck_assert(i_nh->get_my_public_value(i_nh, &i_msg));
+
+	r_nh = lib->crypto->create_dh(lib->crypto, NH_128_BIT);
+	ck_assert(r_nh != NULL);
+	ck_assert(r_nh->set_other_public_value(r_nh, i_msg));
+	ck_assert(r_nh->get_my_public_value(r_nh, &r_msg));
+
+	/* destroy 1st instance of i_nh */
+	i_nh->destroy(i_nh);
+	chunk_free(&i_msg);
+
+	/* create 2nd instance of i_nh */
+	i_nh = lib->crypto->create_dh(lib->crypto, NH_128_BIT);
+	ck_assert(i_nh != NULL);
+	ck_assert(i_nh->get_my_public_value(i_nh, &i_msg));
+	ck_assert(i_nh->set_other_public_value(i_nh, r_msg));
+
+	ck_assert(r_nh->get_shared_secret(r_nh, &r_shared_secret));
+	ck_assert(i_nh->get_shared_secret(i_nh, &i_shared_secret));
+	ck_assert(!chunk_equals(i_shared_secret, r_shared_secret));
+
+	/* cleanup */
+	chunk_clear(&i_shared_secret);
+	chunk_clear(&r_shared_secret);
+	chunk_free(&i_msg);
+	chunk_free(&r_msg);
+	i_nh->destroy(i_nh);
+	r_nh->destroy(r_nh);
+}
+END_TEST
+
+START_TEST(test_newhope_ke_fail_i)
+{
+	diffie_hellman_t *i_nh;
+	char buf_ff[2048];
+	int i;
+
+	chunk_t i_msg;
+
+	chunk_t r_msg[] = {
+		chunk_empty,
+		chunk_from_chars(0x00),
+		chunk_create(buf_ff, 2047),
+		chunk_create(buf_ff, 2048),
+	};
+
+	memset(buf_ff, 0xff, sizeof(buf_ff));
+
+		for (i = 0; i < countof(r_msg); i++)
+	{
+		i_nh = lib->crypto->create_dh(lib->crypto, NH_128_BIT);
+		ck_assert(i_nh != NULL);
+		ck_assert(i_nh->get_my_public_value(i_nh, &i_msg));
+		ck_assert(!i_nh->set_other_public_value(i_nh, r_msg[i]));
+		chunk_free(&i_msg);
+		i_nh->destroy(i_nh);
+	}
+}
+END_TEST
+
+START_TEST(test_newhope_ke_fail_r)
+{
+	diffie_hellman_t *r_nh;
+	char buf_ff[1824];
+	int i;
+
+	chunk_t i_msg[] = {
+		chunk_empty,
+		chunk_from_chars(0x00),
+		chunk_create(buf_ff, 1823),
+		chunk_create(buf_ff, 1824),
+	};
+
+	memset(buf_ff, 0xff, sizeof(buf_ff));
+
+	for (i = 0; i < countof(i_msg); i++)
+	{
+		r_nh = lib->crypto->create_dh(lib->crypto, NH_128_BIT);
+		ck_assert(r_nh != NULL);
+		ck_assert(!r_nh->set_other_public_value(r_nh, i_msg[i]));
+		r_nh->destroy(r_nh);
+	}
+}
+END_TEST
+
+Suite *newhope_ke_suite_create()
+{
+	Suite *s;
+	TCase *tc;
+
+	s = suite_create("newhope_ke");
+
+	tc = tcase_create("ke_good");
+	test_case_set_timeout(tc, 30);
+	tcase_add_test(tc, test_newhope_ke_good);
+	suite_add_tcase(s, tc);
+
+	tc = tcase_create("ke_wrong");
+	tcase_add_test(tc, test_newhope_ke_wrong);
+	suite_add_tcase(s, tc);
+
+	tc = tcase_create("ke_fail_i");
+	tcase_add_test(tc, test_newhope_ke_fail_i);
+	suite_add_tcase(s, tc);
+
+	tc = tcase_create("ke_fail_r");
+	tcase_add_test(tc, test_newhope_ke_fail_r);
+	suite_add_tcase(s, tc);
+
+	return s;
+}
diff --git a/src/libstrongswan/plugins/newhope/tests/suites/test_newhope_noise.c b/src/libstrongswan/plugins/newhope/tests/suites/test_newhope_noise.c
new file mode 100644
index 0000000..96dd167
--- /dev/null
+++ b/src/libstrongswan/plugins/newhope/tests/suites/test_newhope_noise.c
@@ -0,0 +1,676 @@
+/*
+ * Copyright (C) 2016 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <newhope_noise.h>
+
+#include <library.h>
+
+static const uint16_t n = 1024;
+static const uint16_t q = 12289;
+
+static const size_t seed_len = 32;
+
+typedef struct {
+	uint8_t key;
+	uint8_t nonce;
+	uint8_t uniform[64];
+	uint32_t poly[1024];
+} noise_t;
+
+static noise_t noises[] = {
+	{ 0x00, 0x00,	/* polynomial s */
+	  { 0x9f, 0x07, 0xe7, 0xbe, 0x55, 0x51, 0x38, 0x7a, 0x98, 0xba,
+		0x97, 0x7c, 0x73, 0x2d, 0x08, 0x0d, 0xcb, 0x0f, 0x29, 0xa0,
+		0x48, 0xe3, 0x65, 0x69, 0x12, 0xc6, 0x53, 0x3e, 0x32, 0xee,
+		0x7a, 0xed, 0x29, 0xb7, 0x21, 0x76, 0x9c, 0xe6, 0x4e, 0x43,
+		0xd5, 0x71, 0x33, 0xb0, 0x74, 0xd8, 0x39, 0xd5, 0x31, 0xed,
+		0x1f, 0x28, 0x51, 0x0a, 0xfb, 0x45, 0xac, 0xe1, 0x0a, 0x1f,
+		0x4b, 0x79, 0x4d, 0x6f },
+	  { 12286, 12288, 12287,     5,     4, 12288, 12286, 12287,     2,     2,
+		    2, 12288,     2, 12284,     1, 12288, 12288, 12288,     6, 12288,
+		    0,     4,     1, 12285, 12286,     2, 12284, 12287,     1,     5,
+		    5, 12286, 12288,     2, 12286,     0,     3,     1,     0,     2,
+		    0,     0,     4, 12283, 12284,     4,     0, 12288,     3, 12288,
+		    0,     4,     1, 12288, 12286,     0,     3,     1, 12286, 12287,
+		12285,     3,     2,     3, 12286,     0,     6,     6, 12288, 12284,
+		    0, 12282,     1,     0,     4,     1,     0,     3,     2,     2,
+		    3,     3,     2, 12288,     3,     1, 12287, 12285,     0, 12288,
+		    0,     0, 12288, 12287, 12284, 12286,     0, 12288,     4,     4,
+		12288,     5, 12286,     2, 12288,     5,     1, 12283,     1, 12288,
+		    1, 12288, 12287, 12285,     2,     2, 12285, 12284,     0, 12285,
+		12287,     0,     1,     0,     2, 12288, 12288, 12287,     0,     4,
+		12288, 12285, 12288,     0,     2,     1, 12287,     3,     1,     3,
+		    5, 12286,     1,     0, 12286,     0,     4,     0, 12288,     1,
+		12288,     4,     5, 12283, 12288,     1,     3, 12283, 12286,     5,
+		    1, 12286, 12287, 12286,     0, 12287, 12285,     1,     0,     0,
+		    1,     3,     0,     0,     0, 12284, 12286,     2,     4, 12288,
+		    6,     1,     2, 12288,     1, 12287, 12286, 12284, 12287,     1,
+		    3, 12284,     0,     0,     6, 12286,     7,     5,     2,     3,
+		12285, 12287, 12285,     2,     3, 12283,     2, 12284, 12288,     3,
+		12288,     1,     4, 12287,     2, 12288, 12288,     1, 12286, 12284,
+		    2,     1,     5, 12286,     0, 12288,     0,     0,     0, 12287,
+		    1,     0,     3,     0,     0,     6,     2, 12283,     1,     3,
+		    3, 12284,     3,     1, 12286,     2, 12288,     0,     6,     1,
+		    1, 12285, 12287, 12288,     4,     2, 12288,     3, 12286, 12288,
+		12287,     3,     3,     2,     7,     4, 12287, 12286, 12287,     2,
+		    2, 12287,     1, 12288,     1, 12287, 12283, 12287, 12288,     1,
+		12283,     0, 12286, 12288,     4, 12287, 12286, 12286,     2,     2,
+		12287,     5, 12288,     4,     0, 12287,     1,     3, 12286,     2,
+		    1,     1, 12288, 12287,     5, 12288,     0,     0,     1,     0,
+		12286,     6,     2,     1,     2,     5, 12286,     6, 12286, 12288,
+		    0, 12286,     3, 12283, 12288, 12284,     0,     7,     2,     6,
+		    1, 12288, 12285, 12284,     1,     0,     0,     2, 12288, 12288,
+		12288,     3,     3,     1,     3, 12286,     4,     3, 12284,     4,
+		    1, 12287, 12287, 12285,     0, 12287, 12287, 12287, 12286, 12288,
+		    1, 12287,     1,     0, 12288,     2,     0,     4,     0, 12287,
+		12285, 12285,     5,     3, 12282,     0, 12287,     5, 12287,     1,
+		12283, 12288, 12288,     3,     1,     1,     3, 12288, 12283,     5,
+		12288, 12288,     5,     5,     1, 12286, 12286, 12288,     1,     2,
+		    1,     3, 12287, 12288, 12284, 12287,     1, 12287,     0, 12286,
+		12285,     1, 12287, 12282, 12286, 12287,     0, 12285,     4,     2,
+		    1, 12282,     0,     1, 12288, 12285, 12284, 12286, 12286, 12287,
+		12288,     1, 12288,     4, 12287,     4, 12287, 12287,     0,     1,
+		12287,     3,     1, 12286, 12286,     4,     6, 12288,     1, 12285,
+		12286, 12287,     0, 12287, 12287,     1, 12286,     5,     0,     2,
+		12283, 12284,     1, 12286,     0, 12287, 12286, 12288,     1,     4,
+		    4, 12283,     2,     6,     1, 12288, 12286,     2,     7,     2,
+		    1, 12288,     5, 12284, 12288, 12288,     1,     7,     3, 12283,
+		    1, 12286,     2, 12288, 12287,     1, 12286,     1, 12286, 12288,
+		12287,     3,     2,     2,     0, 12284, 12287,     1,     1, 12284,
+		12286,     1,     2,     1,     0, 12285,     1,     0,     1,     2,
+		    2,     4, 12288,     1, 12288,     5,     0, 12287, 12288,     2,
+		    0, 12288, 12287,     0, 12288, 12288,     0,     0, 12285,     4,
+		    2, 12288,     0,     2,     0, 12288,     1,     3, 12287, 12288,
+		12288, 12288, 12286,     0, 12285, 12286, 12287,     3,     0, 12286,
+		    2,     1, 12285,     2, 12288,     0,     5,     0,     1, 12288,
+		12288,     4,     3,     3, 12286,     2, 12288,     4, 12288,     6,
+		    2, 12286,     4, 12287,     2, 12287,     0, 12284, 12288,     0,
+		12286, 12288,     3,     4, 12286, 12288,     1,     3, 12286,     3,
+		    4,     1,     1,     6,     3,     1,     1,     0, 12288,     4,
+		    0, 12288,     0,     0,     0, 12288,     2,     4,     2, 12287,
+		    0,     0,     3,     2,     3,     4,     0,     3,     2, 12288,
+		    2,     4,     6, 12286, 12284, 12287,     1,     0,     0,     4,
+		    1,     3, 12282,     1,     2,     2,     0,     3, 12282,     2,
+		12287,     2, 12288,     4, 12288,     3,     3, 12283, 12288, 12288,
+		12286, 12287,     5,     4,     3,     3, 12288, 12284,     2,     2,
+		    0, 12288,     1,     3,     3,     4, 12284, 12288,     0,     1,
+		12284,     0, 12286, 12287,     0,     0, 12287,     0,     1,     6,
+		12288,     1, 12284, 12287, 12282, 12288,     4, 12287,     1, 12286,
+		    1, 12286, 12286,     1,     4,     0, 12288,     1, 12288,     1,
+		12285,     3,     1,     0,     1,     0, 12288, 12287,     2,     2,
+		    0, 12288,     3, 12284,     2, 12288, 12288, 12288, 12287,     3,
+		    3,     0, 12286, 12286,     1,     2, 12286, 12287,     0,     1,
+		12288, 12287, 12287, 12288, 12288,     1,     9,     1, 12288, 12287,
+		    2,     1,     1,     0, 12287, 12287,     2,     2, 12288, 12285,
+		    1, 12287,     4,     0,     2,     1,     1,     3, 12284, 12286,
+		    1,     2, 12288, 12287,     4,     1, 12285,     0,     1,     2,
+		12288,     1,     3,     0, 12286,     0, 12288, 12286, 12287, 12286,
+		    1, 12284,     1,     2,     2, 12288,     0, 12288,     1, 12284,
+		    2,     3, 12287,     1, 12285, 12288,     0,     1, 12284,     2,
+		12288, 12286, 12286,     3, 12288, 12282,     3, 12287, 12288, 12287,
+		    4, 12287,     1,     2,     9, 12283, 12286, 12286,     0,     4,
+		12288, 12288,     4,     0,     1,     1,     2, 12284,     1,     1,
+		    0, 12288,     1,     0, 12287,     1,     1,     5,     2,     1,
+		12288,     3, 12287,     5,     4,     1,     4, 12287, 12285,     3,
+		12286,     1,     3,     0, 12287,     0, 12286, 12287, 12287, 12287,
+		    3,     2, 12286, 12284,     2, 12288,     1,     1, 12288,     3,
+		    1,     3, 12284,     3, 12282, 12288,     3,     0,     2, 12288,
+		    0,     5,     0,     2,     0, 12281, 12285,     4,     3,     4,
+		    2, 12284,     0,     0,     2,     2, 12287, 12284,     2, 12286,
+		    1, 12288,     1, 12286, 12286, 12287,     4,     0,     6,     3,
+		    0,     3, 12288, 12288, 12288, 12287,     3,     1,     1,     1,
+		    2, 12287, 12284,     3, 12286, 12280,     3, 12284, 12287, 12288,
+		    5, 12288, 12284,     2, 12285,     4,     3, 12286,     6,     2,
+		    1, 12287,     0,     1,     2, 12286,     1,     0, 12287,     0,
+		    1,     1, 12286,     2, 12285,     0,     1, 12288,     0,     1,
+		12288,     1, 12288, 12287, 12287, 12285, 12282, 12288,     2, 12288,
+		    2, 12284,     1, 12284, 12287, 12286, 12288,     0, 12288,     1,
+		12283, 12286,     5,     3,     0, 12286, 12286,     3,     1,     0,
+		    1, 12288, 12288,     4,     1, 12286, 12287, 12285,     2,     0,
+		    2, 12287,     1, 12285, 12288, 12286, 12288,     2,     2, 12285,
+		    3, 12286, 12285, 12287 }
+	},
+	{ 0x00, 0x01,	/* polynomial e */
+	  { 0x46, 0xf0, 0xf6, 0xef, 0xee, 0x15, 0xc8, 0xf1, 0xb1, 0x98,
+		0xcb, 0x49, 0xd9, 0x2b, 0x99, 0x08, 0x67, 0x90, 0x51, 0x59,
+		0x44, 0x0c, 0xc7, 0x23, 0x91, 0x6d, 0xc0, 0x01, 0x28, 0x26,
+		0x98, 0x10, 0x39, 0xce, 0x17, 0x66, 0xaa, 0x25, 0x42, 0xb0,
+		0x5d, 0xb3, 0xbd, 0x80, 0x9a, 0xb1, 0x42, 0x48, 0x9d, 0x5d,
+		0xbf, 0xe1, 0x27, 0x3e, 0x73, 0x99, 0x63, 0x7b, 0x4b, 0x32,
+		0x13, 0x76, 0x8a, 0xaa }, 
+	  { 12283,     1, 12288,     4,     0, 12285,     5,     1,     1,     2,
+		    3,     4, 12288,     0,     3,     1,     1,     0, 12286,     6,
+		    1,     0,     1,     0,     4,     2, 12288,     3,     0,     5,
+		    1,     5,     2, 12285,     4, 12288,     3,     2, 12288,     2,
+		12288, 12285, 12287,     6, 12282,     1, 12286,     7, 12287,     4,
+		    2,     2, 12288, 12285,     0,     2,     0, 12288,     1, 12287,
+		12287,     2,     1,     2,     1, 12285, 12288, 12286,     1,     2,
+		12287, 12288, 12288,     1,     0, 12287,     0,     4,     2,     6,
+		12287, 12285, 12283, 12285,     5, 12283, 12286,     1, 12283,     2,
+		    3, 12286, 12285,     2,     5, 12286,     3,     0,     3, 12286,
+		    5, 12285, 12287, 12288,     1,     5,     3,     5,     1,     1,
+		    1, 12288,     5,     0, 12288,     3,     2, 12288, 12285, 12288,
+		    5,     6,     0,     2,     1, 12287, 12288, 12287,     3, 12284,
+		    2,     0,     3,     0,     0, 12288,     0,     2,     2,     2,
+		    0,     1,     2,     2,     0,     0, 12287, 12285,     0,     4,
+		    1, 12283,     3,     5, 12288, 12286, 12287,     6,     2,     0,
+		    0, 12287,     2,     2, 12288,     0,     2, 12288, 12287, 12288,
+		12288,     1, 12288,     1, 12288,     2,     4,     2,     1,     1,
+		    0, 12287,     3,     2,     6,     2,     1, 12288, 12285,     6,
+		    0,     1, 12284, 12287, 12287, 12286,     5,     4,     0,     5,
+		12287, 12286, 12288, 12286,     0,     3,     1, 12287, 12287, 12288,
+		12288, 12286,     1,     0,     3, 12287,     3,     1, 12283,     1,
+		12288,     5,     1,     4, 12286, 12287,     2,     0,     0,     0,
+		12281, 12286,     0,     8,     5,     0,     4,     0, 12287,     5,
+		    1,     3,     2, 12286, 12286, 12288, 12285, 12285, 12287,     0,
+		12284, 12287,     1,     0,     2,     1, 12286, 12288,     2, 12285,
+		    0,     0,     0,     1,     0,     6,     1, 12288, 12287, 12287,
+		    0,     3, 12288, 12288, 12287,     0, 12287,     1,     3,     0,
+		    0, 12286, 12286,     4,     4, 12287,     1,     3,     4, 12287,
+		12284,     2, 12288, 12286, 12283, 12285,     1,     3,     1, 12288,
+		    0,     3,     3, 12284, 12285,     5,     3, 12288,     3,     4,
+		    3,     1, 12288,     0, 12288,     1,     0,     0,     3,     0,
+		    3,     2, 12287, 12288,     0, 12288,     0,     2, 12285,     4,
+		    0, 12287, 12287,     1,     1,     1, 12287, 12285,     4, 12282,
+		    3,     1,     1, 12288,     2,     4, 12285, 12286,     3,     1,
+		    0, 12287, 12283, 12285,     2,     5,     1,     1, 12288, 12288,
+		    0,     8,     3, 12287, 12285, 12287, 12286, 12284,     1, 12286,
+		    1, 12288,     2,     3, 12288, 12288,     2, 12288, 12284, 12285,
+		    0,     3, 12288, 12288,     2,     3,     7, 12287,     3,     3,
+		    3, 12284,     0,     0,     1, 12283,     5,     0,     1, 12288,
+		    3, 12286, 12287, 12286,     0,     0, 12287, 12283,     4, 12283,
+		    0,     0,     3, 12285,     5, 12286, 12282, 12288,     1, 12287,
+		12288,     1,     5,     2, 12287,     2, 12288,     7, 12288,     3,
+		    5,     1,     0, 12287,     1, 12287,     3,     2,     4,     2,
+		12287, 12286, 12288,     2,     5,     1, 12286,     4,     0,     2,
+		    6, 12286,     2, 12286,     3, 12288,     5, 12285,     0,     2,
+		12287,     5, 12286, 12284,     7, 12285, 12286, 12284, 12287,     1,
+		12288, 12284, 12286,     2,     4,     2,     2, 12283, 12286,     2,
+		    2, 12283,     1, 12286,     1,     0, 12284,     3,     0,     4,
+		    1,     0,     4, 12288,     0, 12287, 12287, 12287, 12286, 12284,
+		12288,     3,     1, 12285,     0,     3,     8,     4,     2, 12288,
+		    3, 12287, 12287,     2,     3, 12288, 12286,     2, 12286, 12288,
+		    0,     1, 12287, 12285,     0, 12285, 12288, 12287,     1, 12287,
+		    0, 12284,     0,     1,     1, 12285,     0,     0,     0, 12287,
+		12287,     3,     0,     4, 12288,     1, 12288, 12285, 12283,     0,
+		12286, 12286, 12285, 12285, 12287,     1,     0,     2,     3,     1,
+		    2, 12286, 12288,     3, 12286, 12288, 12288,     6,     2,     2,
+		    0, 12288,     2,     5, 12288,     0, 12284, 12282, 12286,     1,
+		12288, 12288, 12286, 12288,     3, 12286,     2,     0, 12283,     0,
+		    4,     2, 12288,     0, 12286,     0,     4,     3, 12286, 12287,
+		    4, 12288,     3,     2, 12283,     1,     1,     1,     3, 12286,
+		    4,     0, 12288, 12285, 12287,     0,     0, 12286,     4,     0,
+		12286,     2, 12288, 12288, 12285, 12283,     5,     3, 12286, 12288,
+		    4,     1, 12283,     0, 12288,     0, 12287, 12287,     0,     3,
+		12287, 12287,     2,     2,     3,     0,     1,     4, 12288,     3,
+		    3,     0, 12284, 12285,     4, 12288,     1, 12287,     0,     1,
+		12283,     1, 12284, 12287, 12286, 12285,     0,     0,     3, 12285,
+		    3,     1, 12288, 12287, 12284, 12282,     5,     3,     3,     2,
+		12285,     4, 12288,     0,     3, 12288,     4,     0, 12283, 12288,
+		    2, 12285, 12288, 12282,     0,     2, 12285,     3,     1, 12284,
+		    1,     5,     7, 12286,     5, 12285,     1,     2,     0,     4,
+		12283, 12287, 12286,     2, 12280, 12287, 12288,     2, 12285, 12286,
+		    2,     1,     2,     1,     2,     2,     3,     3,     0,     0,
+		    4,     2, 12288, 12286,     4,     0,     1, 12288,     2, 12287,
+		12288, 12288,     1,     3, 12283, 12288,     1, 12287,     1,     1,
+		    3, 12288, 12288,     1,     2,     1,     1, 12283,     7, 12286,
+		12288,     1, 12288, 12287, 12284,     7,     2, 12285, 12286,     0,
+		    0,     0,     2,     4, 12288,     0, 12284, 12285, 12286,     2,
+		12284,     2,     4,     6,     3, 12287, 12288, 12285,     1,     2,
+		12286,     0,     0, 12287, 12288,     0, 12286,     2,     1,     1,
+		    1,     3,     1, 12285,     4,     0, 12287, 12288, 12287,     0,
+		12288, 12287, 12288, 12287, 12288, 12288,     0, 12287, 12284,     0,
+		12288, 12285,     3,     2,     4,     2, 12284,     3,     1,     3,
+		    4, 12288, 12285, 12284, 12287,     1,     4,     0,     2, 12288,
+		    4, 12288, 12287,     3,     1,     0,     0, 12284, 12287,     2,
+		    4, 12287,     2, 12288,     0,     2,     2,     3, 12287, 12286,
+		    8, 12286, 12285,     0, 12285,     2,     3,     5, 12287, 12288,
+		    6, 12288, 12284,     0,     0,     3,     1,     2, 12284,     2,
+		    1,     3,     2,     0,     0, 12288, 12287, 12288,     1, 12288,
+		    4,     3, 12284,     1,     3, 12288, 12283, 12288,     1,     1,
+		    2,     1,     1,     3,     1, 12288,     0, 12288,     2,     0,
+		    0, 12284, 12283,     3, 12288,     0,     2, 12287,     0,     0,
+		12286, 12286,     0,     0,     2,     4, 12288,     1,     2,     3,
+		    2, 12286, 12286,     1,     2,     4, 12288, 12288, 12284, 12287,
+		    6,     2, 12288, 12286,     0,     0,     3, 12286, 12288, 12287,
+		12286, 12287,     3,     1, 12286,     0,     4,     3, 12286,     5,
+		    2,     1, 12287, 12286,     4, 12287,     0,     5, 12288,     0,
+		12288,     2,     2,     1,     1,     0,     0, 12288, 12288, 12288,
+		    0,     0, 12288, 12287,     5,     1, 12288,     1,    10,     1,
+		    0,     0,     2,     2,     2,     0, 12288,     4,     2, 12283,
+		    3,     1,     1, 12285,     2, 12285,     5,     7,     5, 12288,
+		    0, 12287,     5,     1, 12288, 12286, 12287,     0,     0,     0,
+		12287,     1,     3, 12288 }
+	},
+	{ 0x01, 0x00,	/* polynomial s' */
+	  { 0x3a, 0xeb, 0x52, 0x24, 0xec, 0xf8, 0x49, 0x92, 0x9b, 0x9d,
+		0x82, 0x8d, 0xb1, 0xce, 0xd4, 0xdd, 0x83, 0x20, 0x25, 0xe8,
+		0x01, 0x8b, 0x81, 0x60, 0xb8, 0x22, 0x84, 0xf3, 0xc9, 0x49,
+		0xaa, 0x5a, 0x8e, 0xca, 0x00, 0xbb, 0xb4, 0xa7, 0x3b, 0xda,
+		0xd1, 0x92, 0xb5, 0xc4, 0x2f, 0x73, 0xf2, 0xfd, 0x4e, 0x27,
+		0x36, 0x44, 0xc8, 0xb3, 0x61, 0x25, 0xa6, 0x4a, 0xdd, 0xeb,
+		0x00, 0x6c, 0x13, 0xa0 }, 
+	  {     5,     4,     4, 12288, 12286,     1, 12287, 12288,     2, 12288,
+		12288, 12287,     2,     2, 12284, 12288, 12288,     3,     2,     3,
+		12287,     2,     2,     0,     0,     2,     5, 12285,     5, 12287,
+		    2, 12282, 12286,     2,     1,     2,     1,     1, 12288, 12285,
+		12287, 12286,     2,     0,     0, 12285,     0,     0, 12287, 12286,
+		12285, 12286,     2, 12288, 12288,     0,     1,     2, 12286,     2,
+		    1,     0,     0,     2,     1, 12288,     1, 12287,     1,     0,
+		    0,     2, 12285,     2,     2, 12288, 12286,     3, 12287,     0,
+		    1,     1,     0,     2, 12287,     2,     1,     2,     3,     0,
+		    0,     1, 12288, 12288,     2, 12287, 12286, 12286,     6, 12288,
+		    0,     0,     4,     0, 12286,     0,     4, 12288, 12288,     5,
+		12287, 12288, 12285,     2, 12285, 12288,     1,     0,     2, 12288,
+		12286,     1,     3, 12285,     2,     2,     1,     1, 12288, 12288,
+		12287,     1, 12288,     3,     0, 12285,     4, 12285, 12287,     2,
+		    2, 12287, 12287, 12286, 12288, 12284,     2, 12286,     4,     1,
+		    0, 12286, 12284,     3, 12286,     3, 12286,     3,     4,     1,
+		12288, 12282,     2,     2, 12284,     0, 12286, 12283,     3,     0,
+		    4,     2,     4,     2, 12285,    10, 12288,     8,     3,     2,
+		    2,     0,     1,     0,     0, 12286,     2, 12284,     4,     1,
+		12287, 12287,     1,     1, 12286,     1,     0, 12285, 12288, 12286,
+		12287,     2,     1, 12284, 12288, 12285, 12285,     3,     0,     1,
+		    4,     4,     1,     0,     2,     1, 12288,     1, 12287,     0,
+		12286,     4,     2,     3,     3, 12285, 12288, 12288,     5,     2,
+		    0,     4,     3, 12287, 12287,     5,     2,     3, 12284,     0,
+		    8,     1,     1,     0,     5, 12288, 12288, 12288, 12286,     6,
+		    3, 12288, 12286, 12287,     4, 12288,     2, 12288, 12284, 12287,
+		    4, 12288,     0,     0,     3,     0,     4,     4, 12287,     0,
+		    3,     0, 12285, 12287, 12288, 12288,     0,     0, 12287, 12288,
+		12286,     0,     0, 12285, 12288,     4, 12287,     1,     2, 12288,
+		12285,     5,     4, 12283,     2,     0, 12288,     2,     0,     0,
+		12286, 12284,     3,     3,     3, 12287,     1,     1,     0,     1,
+		    3, 12288,     4,     4,     0,     2,     0,     1, 12286, 12284,
+		    2,     2, 12287,     3,     2, 12288,     3, 12286,     2, 12286,
+		12288,     4,     3, 12288,     2, 12288,     2,     1, 12288, 12288,
+		    7, 12288, 12288,     0, 12288,     1, 12284, 12288, 12288, 12287,
+		12287,     1, 12285, 12287, 12287,     1,     0,     2, 12286,     3,
+		12288, 12288, 12287,     3,     5,     0,     0, 12287,     2, 12287,
+		12288,     8, 12287,     1,     2, 12288, 12284,     3,     0, 12287,
+		12284,     3,     0,     2,     1,     3,     4, 12287, 12286, 12288,
+		12286,     0,     0, 12287, 12285,     0, 12286,     2,     1, 12287,
+		12288,     5, 12287, 12287, 12286,     2, 12283,     0,     0, 12286,
+		    2, 12284,     5,     0,     1, 12287,     0,     3,     1, 12285,
+		12288,     0,     3, 12287,     2, 12286,     0,     1, 12288,     1,
+		12284, 12281, 12284, 12288, 12285,     2,     5,     4, 12286,     0,
+		12287, 12288, 12286, 12285,     3, 12282,     1, 12287,     2,     0,
+		    6, 12288,     4, 12286,     3, 12288, 12286, 12284,     3,     1,
+		    6,     3,     2,     1,     2,     1,     1, 12288, 12287,     1,
+		    3,     3,     1,     0,     0, 12288,     3, 12284, 12285, 12284,
+		    1,     3, 12286,     0,     1, 12285, 12287,     1, 12285,     2,
+		    0,     1, 12287,     1,     4,     3,     1, 12287,     0,     5,
+		    1, 12288,     2,     1,     1,     4,     3, 12286,     3,     3,
+		    2, 12287,     3, 12286,     0, 12288, 12285,     2,     3, 12286,
+		    0, 12287,     5,     4,     1,     1, 12287, 12288,     2,     0,
+		    0,     0,     2,     0, 12286,     4, 12288, 12288, 12285, 12286,
+		    2, 12288, 12288,     0, 12288, 12286, 12284, 12287,     1,     5,
+		    0, 12285, 12287,     2,     4,     3, 12285, 12287, 12288,     0,
+		12288, 12287, 12286,     2, 12288, 12286, 12284,     1,     2, 12287,
+		    4,     1,     4,     4, 12284,     2,     0, 12288,     3,     1,
+		    0,     4,     1,     6,     0, 12286, 12288, 12287, 12287,     0,
+		12284, 12285,     2, 12286,     1,     0,     3, 12288,     1,     2,
+		12284, 12286, 12285, 12283, 12285,     0, 12285,     2,     0,     2,
+		    1,     3,     1, 12286, 12288,     1,     4,     0,     0, 12287,
+		12287, 12286,     0,     1, 12286,     0,     2, 12288,     2, 12287,
+		    0,     0, 12286, 12287,     4,     6, 12286,     0, 12288,     0,
+		    0, 12287,     2,     3,     4,     1,     3, 12286,     4,     0,
+		12288, 12286, 12287, 12287, 12288,     4, 12285,     1, 12286, 12286,
+		    2, 12288,     0,     0,     1,     5, 12285,     1, 12281,     3,
+		12281,     2,     3,     0, 12284, 12288,     5,     0,     0, 12288,
+		    0,     0, 12288, 12286,     3, 12287,     0,     2, 12288,     0,
+		    3, 12288, 12286,     0, 12286, 12287, 12284,     0, 12286,     1,
+		12287, 12282, 12287, 12288,     0,     5, 12288,     2,     1, 12288,
+		    1, 12285,     5,     2, 12286, 12285, 12287,     0,     2, 12288,
+		    1, 12288,     1, 12286,     0,     2, 12287, 12287,     6, 12286,
+		12288,     0, 12286,     4,     6, 12287, 12287,     2,     2, 12285,
+		    1, 12288, 12285, 12286,     5, 12288,     1,     2,     1,     7,
+		12286,     5, 12288, 12287, 12286, 12284,     1,     2, 12287,     4,
+		    1,     1,     0,     1,     2, 12285,     2, 12288, 12284,     1,
+		    1, 12287, 12286, 12285, 12287,     1, 12287,     3,     1, 12286,
+		    0, 12286,     3,     3, 12288,     2, 12288,     5, 12288,     1,
+		    2,     0, 12287,     1, 12287,     7,     2,     3,     0, 12287,
+		    2, 12284, 12284, 12281, 12286, 12285, 12287, 12287,     0, 12288,
+		    3,     4,     3,     2,     3,     1, 12288, 12286,     0, 12288,
+		12286,     1, 12286,     6, 12287,     1,     6,     5,     3,     1,
+		12286,     2,     1,     3,     1, 12286, 12285,     3,     2,     0,
+		    0, 12284,     1,     1,     3,     3,     1,     1, 12288,     0,
+		12284,     1, 12288,     0,     0, 12287,     0,     4, 12285,     0,
+		    4, 12283,     1,     1,     0, 12285,     0, 12286,     0,     0,
+		    1,     0, 12286,     0, 12288,     3,     4,     0,     2,     1,
+		12287,     2, 12288,     1,     0, 12288,     0, 12288,     6, 12288,
+		12287, 12286,     3, 12284,     0, 12288, 12284, 12286, 12287, 12288,
+		12288, 12288,     4,     0,     2,     6, 12286,     1,     4, 12288,
+		    2,     1,     0,     5,     2,     1, 12285,     0,     0, 12285,
+		    4, 12286,     5,     1,     3,     2, 12287,     2,     0,     2,
+		    7, 12283, 12288, 12288,     3,     0,     3, 12288,     3, 12286,
+		12288, 12287, 12288,     3,     0,     2,     4,     1, 12284,     2,
+		12288, 12286, 12287,     1,     1, 12288,     0, 12288, 12283,     6,
+		    2,     1, 12288,     3, 12287, 12288,     1,     1, 12285,     0,
+		12286, 12287, 12288,     1,     2, 12287,     0,     4,     0, 12286,
+		    2,     1, 12288, 12285, 12287,     0,     2, 12287,     6,     2,
+		    0, 12287, 12288,     2, 12288, 12284, 12288, 12285,     4,     1,
+		12288, 12284, 12287,     4, 12284,     1,     3, 12284, 12282,     0,
+		12286, 12287,     2, 12286,     3,     4,     2, 12288,     3,     3,
+		    1,     3, 12287, 12283 } 
+	},
+	{ 0x01, 0x01,	/* polynomial e' */
+	  { 0x58, 0xd8, 0x6a, 0xcd, 0xe2, 0x79, 0x61, 0x98, 0xfd, 0xea,
+		0xcf, 0x2a, 0xc0, 0xfd, 0xf0, 0x72, 0x86, 0x32, 0xdc, 0xe9,
+		0xc6, 0x45, 0x81, 0x80, 0x67, 0x06, 0x72, 0x28, 0xa6, 0xfe,
+		0x41, 0x2b, 0x78, 0x88, 0x58, 0x6d, 0x58, 0x47, 0x3e, 0xb7,
+		0x46, 0x60, 0xd8, 0x2f, 0xa0, 0x83, 0xe4, 0xbc, 0x81, 0xdd,
+		0xc6, 0x29, 0x8b, 0xee, 0xf9, 0xec, 0x90, 0x39, 0x9d, 0x46,
+		0xbf, 0x2d, 0x7c, 0xdf }, 
+	  { 12287,     3,     3,     1, 12285,     4,     1,     5, 12287, 12285,
+		12285, 12285,     1, 12288, 12287, 12288,     2,     3, 12283, 12288,
+		12285,     0,     0, 12286, 12287, 12288, 12288, 12288, 12288,     1,
+		12288,     2,     2,     5,     5,     0, 12287, 12286,     3,     3,
+		    2,     2,     1,     0,     2, 12287, 12285,     3,     1,     3,
+		    5,     2, 12287, 12287,     2,     0,     4,     2,     0,     0,
+		    1,     5, 12288,     6,     4, 12287,     1,     0, 12283,     0,
+		    1, 12286,     2,     0,     2,     1, 12284, 12282,     0,     6,
+		    1,     2,     5, 12288,     6, 12288, 12284,     2,     1,     2,
+		12288, 12283, 12288,     3, 12288, 12288,     2, 12286, 12283,     1,
+		12285,     0,     0, 12286, 12288, 12286, 12288, 12286,     4,     0,
+		    1, 12285,     3,     1,     2, 12285, 12287, 12284, 12287, 12285,
+		12286,     1, 12288,     3,     5,     5,     3, 12285, 12286, 12288,
+		    0,     1, 12287, 12284,     2,     4, 12288, 12287,     0, 12288,
+		12288, 12285, 12288, 12284,     3,     0,     2,     0,     2,     0,
+		    1,     1,     1, 12287,     1, 12284, 12285,     0, 12284,     1,
+		12284,     2, 12288,     5,     4,     1,     1, 12284,     1,     3,
+		    2,     6,     3,     2,     3, 12284,     0,     0,     4,     2,
+		    6,     2,     2,     2,     6, 12288,     0,     1, 12286,     1,
+		    5,     1, 12283,     2,     0, 12284,     1, 12286,     4,     1,
+		    2,     4,     6, 12288, 12288, 12284,     1,     0,     3, 12286,
+		    1,     0,     3, 12288, 12287,     2,     2,     0, 12285, 12286,
+		    0, 12288,     4,     2, 12282, 12287,     1, 12288, 12287, 12286,
+		12284,     1,     4,     2,     7, 12288, 12283, 12288,     5, 12288,
+		12288, 12287,     3,     2, 12287,     5, 12287, 12286, 12288, 12287,
+		    0, 12282, 12288, 12288,     0,     3, 12287,     2, 12287, 12284,
+		    6, 12285,     2,     3,     3, 12284,     2,     4, 12286,     5,
+		    0,     2, 12287,     3,     0, 12284, 12286,     0,     2, 12286,
+		12287,     3,     1,     4,     1, 12286, 12288,     1,     2,     0,
+		12285, 12287,     2,     0,     0,     0,     3, 12286, 12287,     2,
+		    0,     0,     0, 12286,     4,     1, 12287,     0,     0,     2,
+		    5,     0, 12284,     1,     1, 12288,     2, 12286, 12288,     2,
+		    2, 12282,     1, 12286,     4, 12286,     3, 12287, 12287, 12286,
+		    5,     5,     0, 12288,     3, 12285,     1, 12287,     7, 12286,
+		    2, 12287,     1, 12285,     2, 12287, 12288,     0,     4, 12281,
+		    0, 12286,     3,     1, 12285,     2,     2, 12285,     5,     0,
+		12285,     2, 12288,     1,     3, 12287,     1, 12288,     1,     5,
+		12287,     1,     0,     3,     2, 12286, 12286, 12288,     3,     0,
+		12287, 12288,     0, 12286, 12285,     0, 12286, 12288,     3, 12287,
+		12288,     2,     6,     0,     2, 12285,     1,     1,     7,     7,
+		12284, 12284,     5,     0, 12288, 12288,     4,     3,     1,     2,
+		12287,     0, 12288, 12284,     2,     5,     1,     2,     0, 12288,
+		    1, 12284,     2,     3,     0, 12287, 12285,     2, 12288, 12288,
+		    7,     1, 12287,     1, 12286,     2,     3,     4, 12288, 12288,
+		12286, 12286,     3, 12288,     1, 12286, 12286,     0, 12283, 12288,
+		    2,     0,     7,     2, 12287,     0,     0, 12286,     4,     1,
+		12288, 12288,     1,     2, 12287, 12282,     3,     5,     0, 12288,
+		12288, 12286, 12286, 12286,     4,     2,     0,     1, 12284,     3,
+		12283,     5, 12287,     2,     2, 12288,     1, 12284,     1,     0,
+		    1,     3, 12288,     2, 12287,     1, 12286, 12288,     0, 12287,
+		12288,     2,     2, 12286,     0, 12287, 12288, 12284,     0,     2,
+		    2,     2,     1,     3, 12285, 12285,     1, 12285,     2,     6,
+		    2,     0, 12288,     0,     0,     3,     2, 12287,     1, 12286,
+		    0, 12287,     0,     1, 12285, 12287,     6, 12288,     2,     0,
+		12286,     2,     4, 12288,     2,     5, 12285, 12286,     0, 12284,
+		12288,     3,     3,     3, 12287,     4,     2,     0, 12283,     2,
+		12287,     0,     1, 12287,     2, 12288, 12287,     3,     2,     7,
+		    7,     1, 12287, 12288,     2,     6,     1,     3,     2,     0,
+		    2,     2,     3, 12288,     3,     4,     2,     0,     5, 12285,
+		    3, 12285,     3, 12285,     1,     1, 12287, 12285,     2, 12285,
+		    5,     0,     7,     2, 12284,     0, 12285,     7,     1, 12288,
+		12288,     0, 12288, 12287,     5,     0,     2,     0,     2, 12286,
+		    1, 12286,     0, 12286, 12285,     4, 12286,     2, 12288, 12287,
+		12287,     1, 12286, 12287, 12287, 12286, 12287, 12288,     6,     5,
+		    2,     5, 12283, 12286, 12286, 12288,     1,     0,     3, 12286,
+		    5,     0, 12287, 12288, 12288, 12287, 12286,     2,     1,     0,
+		    1,     2,     3,     1, 12286,     2,     1,     6, 12288,     1,
+		12286,     1, 12288,     0,     1,     0, 12283,     0,     2, 12288,
+		    3,     1, 12287, 12288,     4,     0,     3, 12286,     0,     1,
+		12283,     4,     1,     4, 12287,     5,     0, 12287, 12288,     3,
+		    3, 12282,     1,     4,     2,     3,     0,     2,     6, 12282,
+		12285, 12288, 12287, 12288,     2, 12285,     1,     0, 12287, 12288,
+		12286,     0,     0,     4, 12288, 12287,     1,     0,     2,     5,
+		    2, 12287,     1,     7, 12284,     0, 12287, 12286,     2,     1,
+		12287,     0,     1, 12284, 12287, 12287, 12285, 12285,     3, 12282,
+		12286,     1,     1, 12288, 12282, 12287,     1,     1,     2,     2,
+		    3,     1, 12287,     5, 12282,     0,     0, 12287,     1,     3,
+		12288,     3, 12285, 12286,     2,     0, 12288, 12288,     5, 12285,
+		    4, 12288, 12287,     0,     1,     4,     1,     2, 12288,     0,
+		    2,     1, 12288,     4,     6, 12288,     1, 12287,     4,     1,
+		12285, 12288,     3,     0, 12288, 12285,     2,     0, 12286,     2,
+		    1, 12288,     1, 12288, 12284,     3,     0,     2,     2, 12288,
+		12287, 12286,     4, 12288,     2,     0,     0,     3,     4,     0,
+		12288, 12282,     6,     2, 12283, 12287,     2,     6,     1,     2,
+		12288,     2, 12283,     3, 12287,     3,     4,     0,     0, 12285,
+		    0, 12288, 12287, 12284, 12286,     3,     1, 12286,     2,     0,
+		12287, 12286, 12286, 12288,     5,     2, 12288, 12286,     0, 12287,
+		    0,     3,     2, 12287, 12286,     0,     1, 12287,     2,     0,
+		12286,     5, 12285, 12288, 12288, 12288, 12286,     4,     1, 12285,
+		12284, 12288, 12286,     1,     1, 12287,     2, 12286,     3,     2,
+		12283, 12283,     4,     2, 12283,     5,     0,     1,     0,     5,
+		12287,     1,     1,     0,     3,    10, 12287,     3, 12288, 12288,
+		12287,     2,     2,     0,     4, 12288, 12283, 12288,     1, 12287,
+		    3,     0,     0,     1, 12288, 12284,     0, 12286, 12287,     0,
+		12287,     2,     1,     7, 12288, 12287,     0,     4, 12287, 12286,
+		    3,     4, 12287, 12288, 12285, 12287, 12288, 12285, 12286,     7,
+		    1,     1, 12288,     3, 12287,     3,     1,     4,     2,     5,
+		12282,     3,     0, 12286, 12288,     0, 12285,     0,     2,     3,
+		    0, 12286,     3,     2, 12285,     0,     0, 12287,     1,     0,
+		    0,     6,     2, 12287, 12284,     7,     5,     0,     1,     6,
+		    2,     4,     1, 12286, 12288,     2, 12287,     3,     4, 12283,
+		    0, 12288,     2,     2, 12286,     0,     2,     2, 12288, 12285,
+		12287, 12285, 12288,     0 }
+	},
+	{ 0x01, 0x02,	/* polynomial e'' */
+	  { 0x20, 0x37, 0x77, 0x8a, 0x9c, 0x19, 0xde, 0xf0, 0x65, 0x9e,
+		0x0f, 0xa5, 0xfc, 0x0e, 0x78, 0xfe, 0x55, 0x89, 0xc9, 0x88,
+		0x41, 0xa2, 0x5a, 0x1e, 0xa4, 0x66, 0xcd, 0x3a, 0x29, 0x42,
+		0xd1, 0x25, 0xf2, 0x84, 0xd7, 0xee, 0xd5, 0x53, 0x86, 0x5b,
+		0xa3, 0x93, 0x4e, 0xee, 0xc7, 0x5b, 0xe5, 0x52, 0x68, 0x19,
+		0xdf, 0x63, 0xfb, 0x91, 0x3d, 0xe9, 0x5d, 0xd6, 0xeb, 0x81,
+		0x3d, 0xac, 0xf1, 0xad }, 
+	  { 12286, 12286,     1, 12287,     1, 12286, 12287, 12287, 12284,     1,
+		12287,     2, 12284,     0,     2, 12288,     0,     1,     0, 12285,
+		12288,     4,     2, 12287, 12282, 12288, 12285, 12288,     2, 12288,
+		    6,     7, 12286, 12286,     1,     4, 12287, 12287,     3,     1,
+		    3,     3,     2, 12285,     0,     1, 12288,     1,     1, 12287,
+		    0,     0,     1,     0, 12287, 12283, 12283, 12288, 12287,     0,
+		    0,     2, 12286,     3,     3,     0, 12286, 12282,     3,     6,
+		    3,     3, 12285,     1,     1, 12288,     1,     0, 12288,     0,
+		12287,     4,     1,     0, 12285, 12288,     1,     1,     1,     3,
+		12286,     0, 12288,     0, 12287, 12287,     3,     5,     1, 12287,
+		12287,     0,     0,     0, 12283,     0,     0, 12288,     0, 12287,
+		12286, 12284, 12286,     0, 12286,     3,     5, 12287,     0, 12287,
+		    1,     3,     2,     6,     1, 12287,     1,     1, 12285,     4,
+		12282, 12288, 12288,     3,     2, 12287,     3,     3, 12288, 12286,
+		    2,     5, 12288, 12287, 12288,     3,     0, 12283,     3,     3,
+		    1,     0, 12288,     2,     2, 12287, 12286,     4, 12287, 12288,
+		    0,     0, 12286,     1,     4,     4, 12286, 12287,     4, 12288,
+		    2,     1,     1, 12288, 12287,     3, 12287, 12286, 12285, 12288,
+		    4,     1,     0, 12287,     3, 12286, 12287,     4,     0, 12287,
+		12286, 12287,     3,     1,     1, 12285, 12287,     0, 12285,     2,
+		    5,     2, 12285,     3,     2, 12285, 12287,     2,     0, 12288,
+		    2,     5,     2, 12283,     1,     1,     0, 12286, 12288,     3,
+		    1, 12286, 12283,     0,     1,     2,     2,     1, 12287, 12287,
+		    4,     4,     1,     0,     0, 12288, 12287, 12284, 12284,     7,
+		    0, 12288,     5,     4, 12288, 12288,     1,     0,     1,     1,
+		    2, 12288, 12288,     5,     1,     0, 12287,     3,     3,     0,
+		    1, 12288, 12288,     3, 12285, 12288,     3,     5,     4,     1,
+		12285, 12285, 12288, 12285, 12288, 12285,     4,     1,     3, 12285,
+		    4,     0, 12288, 12286,     5, 12287, 12285, 12288,     4, 12288,
+		    0, 12287, 12286,     0, 12286, 12283,     0, 12287, 12284,     1,
+		12288, 12288,     3, 12286,     1,     2, 12286,     3,     1, 12285,
+		12286, 12285,     0, 12285, 12288,     0,     2, 12283,     0,     1,
+		    2,     1,     2,     3,     3, 12285,     0,     0,     0, 12288,
+		12283,     4, 12286,     2,     1,     3,     3, 12284,     2,     4,
+		    3, 12286, 12282, 12286,     0, 12286, 12287,     3, 12288, 12288,
+		    2, 12287, 12286,     3,     0, 12286,     1,     1,     0, 12287,
+		    2,     0,     0,     1, 12286,     1,     0, 12283,     0, 12288,
+		    2,     5, 12288, 12287,     2,     1, 12288,     2,     2,     5,
+		    2, 12286, 12286,     2, 12284, 12287,     0, 12284,     0, 12284,
+		12286, 12286, 12288, 12287, 12287,     2,     1, 12287, 12287,     1,
+		    5,     0,     0, 12288,     2, 12285,     6,     2, 12288, 12288,
+		12286,     2, 1