-encrypt using both AES and TWOFISH, with independent symmetric keys

11 files changed, 254 insertions, 298 deletions

diff --git a/src/core/gnunet-service-core_kx.c b/src/core/gnunet-service-core_kx.c
index 19c8d7710..bf5e9a5fa 100644
--- a/src/core/gnunet-service-core_kx.c
+++ b/src/core/gnunet-service-core_kx.c
@@ -429,9 +429,11 @@ derive_auth_key (struct GNUNET_CRYPTO_AuthKey *akey,
 {
   static const char ctx[] = "authentication key";
 
-  GNUNET_CRYPTO_hmac_derive_key (akey, skey, &seed, sizeof (seed), &skey->key,
-                                 sizeof (skey->key), ctx,
-                                 sizeof (ctx), NULL);
+  GNUNET_CRYPTO_hmac_derive_key (akey, skey, 
+                                 &seed, sizeof (seed), 
+                                 skey, sizeof (struct GNUNET_CRYPTO_AesSessionKey), 
+                                 ctx, sizeof (ctx), 
+                                 NULL);
 }
 
 
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h
index 9b065e747..b8e38a2a2 100644
--- a/src/include/gnunet_crypto_lib.h
+++ b/src/include/gnunet_crypto_lib.h
@@ -212,22 +212,30 @@ struct GNUNET_CRYPTO_EccPrivateKey
 struct GNUNET_CRYPTO_AesSessionKey
 {
   /**
-   * Actual key.
+   * Actual key for AES.
    */
-  unsigned char key[GNUNET_CRYPTO_AES_KEY_LENGTH];
+  unsigned char aes_key[GNUNET_CRYPTO_AES_KEY_LENGTH];
+
+  /**
+   * Actual key for TwoFish.
+   */
+  unsigned char twofish_key[GNUNET_CRYPTO_AES_KEY_LENGTH];
 
 };
+
 GNUNET_NETWORK_STRUCT_END
 
 /**
  * @brief IV for sym cipher
  *
  * NOTE: must be smaller (!) in size than the
- * struct GNUNET_HashCode.
+ * `struct GNUNET_HashCode`.
  */
 struct GNUNET_CRYPTO_AesInitializationVector
 {
-  unsigned char iv[GNUNET_CRYPTO_AES_KEY_LENGTH / 2];
+  unsigned char aes_iv[GNUNET_CRYPTO_AES_KEY_LENGTH / 2];
+
+  unsigned char twofish_iv[GNUNET_CRYPTO_AES_KEY_LENGTH / 2];
 };
 
 
diff --git a/src/util/Makefile.am b/src/util/Makefile.am
index ca91f94f1..6c1d8d785 100644
--- a/src/util/Makefile.am
+++ b/src/util/Makefile.am
@@ -189,6 +189,7 @@ libgnunet_plugin_test_la_LDFLAGS = \
 if HAVE_BENCHMARKS
  BENCHMARKS = \
   perf_crypto_hash \
+  perf_crypto_aes \
   perf_malloc
 endif
 
@@ -206,7 +207,6 @@ check_PROGRAMS = \
  test_container_heap \
  test_container_slist \
  test_crypto_aes \
- test_crypto_aes_weak \
  test_crypto_crc \
  test_crypto_ecc \
  test_crypto_hash \
@@ -325,12 +325,6 @@ test_crypto_aes_SOURCES = \
 test_crypto_aes_LDADD = \
  $(top_builddir)/src/util/libgnunetutil.la  
 
-test_crypto_aes_weak_SOURCES = \
- test_crypto_aes_weak.c
-test_crypto_aes_weak_LDADD = \
- $(top_builddir)/src/util/libgnunetutil.la  \
- $(LIBGCRYPT_LIBS)
-
 test_crypto_crc_SOURCES = \
  test_crypto_crc.c
 test_crypto_crc_LDADD = \
@@ -500,6 +494,11 @@ perf_crypto_hash_SOURCES = \
 perf_crypto_hash_LDADD = \
  $(top_builddir)/src/util/libgnunetutil.la  
 
+perf_crypto_aes_SOURCES = \
+ perf_crypto_aes.c
+perf_crypto_aes_LDADD = \
+ $(top_builddir)/src/util/libgnunetutil.la  
+
 perf_malloc_SOURCES = \
  perf_malloc.c
 perf_malloc_LDADD = \
diff --git a/src/util/crypto_aes.c b/src/util/crypto_aes.c
index f475494f8..91c578ab8 100644
--- a/src/util/crypto_aes.c
+++ b/src/util/crypto_aes.c
@@ -1,6 +1,6 @@
 /*
      This file is part of GNUnet.
-     (C) 2001, 2002, 2003, 2004, 2005, 2006 Christian Grothoff (and other contributing authors)
+     (C) 2001, 2002, 2003, 2004, 2005, 2006, 2013 Christian Grothoff (and other contributing authors)
 
      GNUnet is free software; you can redistribute it and/or modify
      it under the terms of the GNU General Public License as published
@@ -20,7 +20,7 @@
 
 /**
  * @file util/crypto_aes.c
- * @brief Symmetric encryption services.
+ * @brief Symmetric encryption services; combined cipher AES+TWOFISH (256-bit each)
  * @author Christian Grothoff
  * @author Ioana Patrascu
  */
@@ -33,14 +33,18 @@
 #define LOG(kind,...) GNUNET_log_from (kind, "util", __VA_ARGS__)
 
 /**
- * Create a new SessionKey (for AES-256).
+ * Create a new SessionKey (for symmetric encryption).
  *
  * @param key session key to initialize
  */
 void
 GNUNET_CRYPTO_aes_create_session_key (struct GNUNET_CRYPTO_AesSessionKey *key)
 {
-  gcry_randomize (&key->key[0], GNUNET_CRYPTO_AES_KEY_LENGTH,
+  gcry_randomize (key->aes_key, 
+                  GNUNET_CRYPTO_AES_KEY_LENGTH,
+                  GCRY_STRONG_RANDOM);
+  gcry_randomize (key->twofish_key, 
+                  GNUNET_CRYPTO_AES_KEY_LENGTH,
                   GCRY_STRONG_RANDOM);
 }
 
@@ -54,22 +58,52 @@ GNUNET_CRYPTO_aes_create_session_key (struct GNUNET_CRYPTO_AesSessionKey *key)
  * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
  */
 static int
-setup_cipher (gcry_cipher_hd_t *handle,
-              const struct GNUNET_CRYPTO_AesSessionKey *
-              sessionkey,
-              const struct GNUNET_CRYPTO_AesInitializationVector *
-              iv)
+setup_cipher_aes (gcry_cipher_hd_t *handle,
+                  const struct GNUNET_CRYPTO_AesSessionKey *sessionkey,
+                  const struct GNUNET_CRYPTO_AesInitializationVector *iv)
 {
   int rc;
 
   GNUNET_assert (0 ==
                  gcry_cipher_open (handle, GCRY_CIPHER_AES256,
                                    GCRY_CIPHER_MODE_CFB, 0));
-  rc = gcry_cipher_setkey (*handle, sessionkey, GNUNET_CRYPTO_AES_KEY_LENGTH);
+  rc = gcry_cipher_setkey (*handle, 
+                           sessionkey->aes_key, 
+                           sizeof (sessionkey->aes_key));
   GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
-  rc = gcry_cipher_setiv (*handle, iv,
-                          sizeof (struct
-                                  GNUNET_CRYPTO_AesInitializationVector));
+  rc = gcry_cipher_setiv (*handle, 
+                          iv->aes_iv, 
+                          sizeof (iv->aes_iv));
+  GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
+  return GNUNET_OK;
+}
+
+
+/**
+ * Initialize TWOFISH cipher.
+ *
+ * @param handle handle to initialize
+ * @param sessionkey session key to use
+ * @param iv initialization vector to use
+ * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
+ */
+static int
+setup_cipher_twofish (gcry_cipher_hd_t *handle,
+                      const struct GNUNET_CRYPTO_AesSessionKey *sessionkey,
+                      const struct GNUNET_CRYPTO_AesInitializationVector *iv)
+{
+  int rc;
+
+  GNUNET_assert (0 ==
+                 gcry_cipher_open (handle, GCRY_CIPHER_TWOFISH, 
+                                   GCRY_CIPHER_MODE_CFB, 0));
+  rc = gcry_cipher_setkey (*handle, 
+                           sessionkey->twofish_key, 
+                           sizeof (sessionkey->twofish_key));
+  GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
+  rc = gcry_cipher_setiv (*handle, 
+                          iv->twofish_iv,
+                          sizeof (iv->twofish_iv));
   GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
   return GNUNET_OK;
 }
@@ -80,7 +114,7 @@ setup_cipher (gcry_cipher_hd_t *handle,
  * host that uses the same cyper.
  *
  * @param block the block to encrypt
- * @param len the size of the block
+ * @param len the size of the @a block
  * @param sessionkey the key used to encrypt
  * @param iv the initialization vector to use, use INITVALUE
  *        for streams.
@@ -95,11 +129,17 @@ GNUNET_CRYPTO_aes_encrypt (const void *block, size_t len,
                            iv, void *result)
 {
   gcry_cipher_hd_t handle;
+  char tmp[len];
 
-  if (GNUNET_OK != setup_cipher (&handle, sessionkey, iv))
+  if (GNUNET_OK != setup_cipher_aes (&handle, sessionkey, iv))
+    return -1;
+  GNUNET_assert (0 == gcry_cipher_encrypt (handle, tmp, len, block, len));
+  gcry_cipher_close (handle);
+  if (GNUNET_OK != setup_cipher_twofish (&handle, sessionkey, iv))
     return -1;
-  GNUNET_assert (0 == gcry_cipher_encrypt (handle, result, len, block, len));
+  GNUNET_assert (0 == gcry_cipher_encrypt (handle, result, len, tmp, len));
   gcry_cipher_close (handle);
+  memset (tmp, 0, sizeof (tmp));
   return len;
 }
 
@@ -108,7 +148,7 @@ GNUNET_CRYPTO_aes_encrypt (const void *block, size_t len,
  * Decrypt a given block with the sessionkey.
  *
  * @param block the data to decrypt, encoded as returned by encrypt
- * @param size the size of the block to decrypt
+ * @param size the size of the @a block to decrypt
  * @param sessionkey the key used to decrypt
  * @param iv the initialization vector to use, use INITVALUE
  *        for streams.
@@ -117,17 +157,22 @@ GNUNET_CRYPTO_aes_encrypt (const void *block, size_t len,
  */
 ssize_t
 GNUNET_CRYPTO_aes_decrypt (const void *block, size_t size,
-                           const struct GNUNET_CRYPTO_AesSessionKey *
-                           sessionkey,
-                           const struct GNUNET_CRYPTO_AesInitializationVector *
-                           iv, void *result)
+                           const struct GNUNET_CRYPTO_AesSessionKey *sessionkey,
+                           const struct GNUNET_CRYPTO_AesInitializationVector *iv, 
+                           void *result)
 {
   gcry_cipher_hd_t handle;
+  char tmp[size];
 
-  if (GNUNET_OK != setup_cipher (&handle, sessionkey, iv))
+  if (GNUNET_OK != setup_cipher_twofish (&handle, sessionkey, iv))
     return -1;
-  GNUNET_assert (0 == gcry_cipher_decrypt (handle, result, size, block, size));
+  GNUNET_assert (0 == gcry_cipher_decrypt (handle, tmp, size, block, size));
   gcry_cipher_close (handle);
+  if (GNUNET_OK != setup_cipher_aes (&handle, sessionkey, iv))
+    return -1;
+  GNUNET_assert (0 == gcry_cipher_decrypt (handle, result, size, tmp, size));
+  gcry_cipher_close (handle);
+  memset (tmp, 0, sizeof (tmp));
   return size;
 }
 
@@ -138,7 +183,7 @@ GNUNET_CRYPTO_aes_decrypt (const void *block, size_t size,
  * @param iv initialization vector
  * @param skey session key
  * @param salt salt for the derivation
- * @param salt_len size of the salt
+ * @param salt_len size of the @a salt
  * @param ... pairs of void * & size_t for context chunks, terminated by NULL
  */
 void
@@ -168,8 +213,21 @@ GNUNET_CRYPTO_aes_derive_iv_v (struct GNUNET_CRYPTO_AesInitializationVector *iv,
                                const struct GNUNET_CRYPTO_AesSessionKey *skey,
                                const void *salt, size_t salt_len, va_list argp)
 {
-  GNUNET_CRYPTO_kdf_v (iv->iv, sizeof (iv->iv), salt, salt_len, skey->key,
-                       sizeof (skey->key), argp);
+  char aes_salt[salt_len + 4];
+  char twofish_salt[salt_len + 4];
+
+  memcpy (aes_salt, salt, salt_len);
+  memcpy (&aes_salt[salt_len], "AES!", 4);
+  memcpy (twofish_salt, salt, salt_len);
+  memcpy (&twofish_salt[salt_len], "FISH", 4);
+  GNUNET_CRYPTO_kdf_v (iv->aes_iv, sizeof (iv->aes_iv), 
+                       aes_salt, salt_len + 4, 
+                       skey->aes_key, sizeof (skey->aes_key), 
+                       argp);
+  GNUNET_CRYPTO_kdf_v (iv->twofish_iv, sizeof (iv->twofish_iv),
+                       twofish_salt, salt_len + 4, 
+                       skey->twofish_key, sizeof (skey->twofish_key), 
+                       argp);
 }
 
 /* end of crypto_aes.c */
diff --git a/src/util/crypto_hash.c b/src/util/crypto_hash.c
index a5b97148b..47baf660f 100644
--- a/src/util/crypto_hash.c
+++ b/src/util/crypto_hash.c
@@ -252,7 +252,7 @@ GNUNET_CRYPTO_hash_file_cancel (struct GNUNET_CRYPTO_FileHashContext *fhc)
  *  safely cast to char*, a '\\0' termination is set).
  */
 void
-GNUNET_CRYPTO_hash_to_enc (const struct GNUNET_HashCode * block,
+GNUNET_CRYPTO_hash_to_enc (const struct GNUNET_HashCode *block,
                            struct GNUNET_CRYPTO_HashAsciiEncoded *result)
 {
   char *np;
@@ -270,13 +270,14 @@ GNUNET_CRYPTO_hash_to_enc (const struct GNUNET_HashCode * block,
  * Convert ASCII encoding back to hash code.
  *
  * @param enc the encoding
- * @param enclen number of characters in 'enc' (without 0-terminator, which can be missing)
+ * @param enclen number of characters in @a enc (without 0-terminator, which can be missing)
  * @param result where to store the hash code
- * @return GNUNET_OK on success, GNUNET_SYSERR if result has the wrong encoding
+ * @return #GNUNET_OK on success, #GNUNET_SYSERR if result has the wrong encoding
  */
 int
-GNUNET_CRYPTO_hash_from_string2 (const char *enc, size_t enclen,
-                                struct GNUNET_HashCode * result)
+GNUNET_CRYPTO_hash_from_string2 (const char *enc,
+                                 size_t enclen,
+                                struct GNUNET_HashCode *result)
 {
   char upper_enc[enclen];
   char* up_ptr = upper_enc;
@@ -303,8 +304,8 @@ GNUNET_CRYPTO_hash_from_string2 (const char *enc, size_t enclen,
  *  hashcode proximity.
  */
 unsigned int
-GNUNET_CRYPTO_hash_distance_u32 (const struct GNUNET_HashCode * a,
-                                 const struct GNUNET_HashCode * b)
+GNUNET_CRYPTO_hash_distance_u32 (const struct GNUNET_HashCode *a,
+                                 const struct GNUNET_HashCode *b)
 {
   unsigned int x1 = (a->bits[1] - b->bits[1]) >> 16;
   unsigned int x2 = (b->bits[1] - a->bits[1]) >> 16;
@@ -338,9 +339,9 @@ GNUNET_CRYPTO_hash_create_random (enum GNUNET_CRYPTO_Quality mode,
  * @param result set to b - a
  */
 void
-GNUNET_CRYPTO_hash_difference (const struct GNUNET_HashCode * a,
-                               const struct GNUNET_HashCode * b,
-                               struct GNUNET_HashCode * result)
+GNUNET_CRYPTO_hash_difference (const struct GNUNET_HashCode *a,
+                               const struct GNUNET_HashCode *b,
+                               struct GNUNET_HashCode *result)
 {
   int i;
 
@@ -393,16 +394,20 @@ GNUNET_CRYPTO_hash_xor (const struct GNUNET_HashCode * a, const struct GNUNET_Ha
  * @param iv set to a valid initialization vector
  */
 void
-GNUNET_CRYPTO_hash_to_aes_key (const struct GNUNET_HashCode * hc,
+GNUNET_CRYPTO_hash_to_aes_key (const struct GNUNET_HashCode *hc,
                                struct GNUNET_CRYPTO_AesSessionKey *skey,
                                struct GNUNET_CRYPTO_AesInitializationVector *iv)
 {
-  GNUNET_assert (sizeof (struct GNUNET_HashCode) >=
-                 GNUNET_CRYPTO_AES_KEY_LENGTH +
-                 sizeof (struct GNUNET_CRYPTO_AesInitializationVector));
-  memcpy (skey, hc, GNUNET_CRYPTO_AES_KEY_LENGTH);
-  memcpy (iv, &((char *) hc)[GNUNET_CRYPTO_AES_KEY_LENGTH],
-          sizeof (struct GNUNET_CRYPTO_AesInitializationVector));
+  GNUNET_assert (GNUNET_YES ==
+                 GNUNET_CRYPTO_kdf (skey, sizeof (struct GNUNET_CRYPTO_AesSessionKey),
+                                    "Hash key derivation", strlen ("Hash key derivation"),
+                                    hc, sizeof (struct GNUNET_HashCode),
+                                    NULL, 0));
+  GNUNET_assert (GNUNET_YES ==
+                 GNUNET_CRYPTO_kdf (iv, sizeof (struct GNUNET_CRYPTO_AesInitializationVector),
+                                    "Initialization vector derivation", strlen ("Initialization vector derivation"),
+                                    hc, sizeof (struct GNUNET_HashCode),
+                                    NULL, 0));
 }
 
 
@@ -422,7 +427,7 @@ GNUNET_CRYPTO_hash_get_bit (const struct GNUNET_HashCode * code, unsigned int bi
 
 /**
  * Determine how many low order bits match in two
- * struct GNUNET_HashCodes.  i.e. - 010011 and 011111 share
+ * `struct GNUNET_HashCode`s.  i.e. - 010011 and 011111 share
  * the first two lowest order bits, and therefore the
  * return value is two (NOT XOR distance, nor how many
  * bits match absolutely!).
@@ -455,7 +460,8 @@ GNUNET_CRYPTO_hash_matching_bits (const struct GNUNET_HashCode * first,
  * @return 1 if h1 > h2, -1 if h1 < h2 and 0 if h1 == h2.
  */
 int
-GNUNET_CRYPTO_hash_cmp (const struct GNUNET_HashCode * h1, const struct GNUNET_HashCode * h2)
+GNUNET_CRYPTO_hash_cmp (const struct GNUNET_HashCode *h1, 
+                        const struct GNUNET_HashCode *h2)
 {
   unsigned int *i1;
   unsigned int *i2;
@@ -475,7 +481,7 @@ GNUNET_CRYPTO_hash_cmp (const struct GNUNET_HashCode * h1, const struct GNUNET_H
 
 
 /**
- * Find out which of the two GNUNET_CRYPTO_hash codes is closer to target
+ * Find out which of the two `struct GNUNET_HashCode`s is closer to target
  * in the XOR metric (Kademlia).
  *
  * @param h1 some hash code
@@ -484,9 +490,9 @@ GNUNET_CRYPTO_hash_cmp (const struct GNUNET_HashCode * h1, const struct GNUNET_H
  * @return -1 if h1 is closer, 1 if h2 is closer and 0 if h1==h2.
  */
 int
-GNUNET_CRYPTO_hash_xorcmp (const struct GNUNET_HashCode * h1,
-                           const struct GNUNET_HashCode * h2,
-                           const struct GNUNET_HashCode * target)
+GNUNET_CRYPTO_hash_xorcmp (const struct GNUNET_HashCode *h1,
+                           const struct GNUNET_HashCode *h2,
+                           const struct GNUNET_HashCode *target)
 {
   int i;
   unsigned int d1;
@@ -510,7 +516,7 @@ GNUNET_CRYPTO_hash_xorcmp (const struct GNUNET_HashCode * h1,
  * @param key authentication key
  * @param rkey root key
  * @param salt salt
- * @param salt_len size of the salt
+ * @param salt_len size of the @a salt
  * @param ... pair of void * & size_t for context chunks, terminated by NULL
  */
 void
@@ -531,7 +537,7 @@ GNUNET_CRYPTO_hmac_derive_key (struct GNUNET_CRYPTO_AuthKey *key,
  * @param key authentication key
  * @param rkey root key
  * @param salt salt
- * @param salt_len size of the salt
+ * @param salt_len size of the @a salt
  * @param argp pair of void * & size_t for context chunks, terminated by NULL
  */
 void
@@ -540,8 +546,10 @@ GNUNET_CRYPTO_hmac_derive_key_v (struct GNUNET_CRYPTO_AuthKey *key,
                                  const void *salt, size_t salt_len,
                                  va_list argp)
 {
-  GNUNET_CRYPTO_kdf_v (key->key, sizeof (key->key), salt, salt_len, rkey->key,
-                       sizeof (rkey->key), argp);
+  GNUNET_CRYPTO_kdf_v (key->key, sizeof (key->key), 
+                       salt, salt_len, 
+                       rkey, sizeof (struct GNUNET_CRYPTO_AesSessionKey),
+                       argp);
 }
 
 
@@ -550,7 +558,7 @@ GNUNET_CRYPTO_hmac_derive_key_v (struct GNUNET_CRYPTO_AuthKey *key,
  *
  * @param key secret key
  * @param plaintext input plaintext
- * @param plaintext_len length of plaintext
+ * @param plaintext_len length of @a plaintext
  * @param hmac where to store the hmac
  */
 void
diff --git a/src/util/crypto_hkdf.c b/src/util/crypto_hkdf.c
index c2b96778a..2b9387357 100644
--- a/src/util/crypto_hkdf.c
+++ b/src/util/crypto_hkdf.c
@@ -275,10 +275,10 @@ hkdf_ok:
  * @param xtr_algo hash algorithm for the extraction phase, GCRY_MD_...
  * @param prf_algo hash algorithm for the expansion phase, GCRY_MD_...
  * @param xts salt
- * @param xts_len length of xts
+ * @param xts_len length of @a xts
  * @param skm source key material
- * @param skm_len length of skm
- * @return GNUNET_YES on success
+ * @param skm_len length of @a skm
+ * @return #GNUNET_YES on success
  */
 int
 GNUNET_CRYPTO_hkdf (void *result, size_t out_len, int xtr_algo, int prf_algo,
diff --git a/src/util/crypto_kdf.c b/src/util/crypto_kdf.c
index 0c957b70c..9424c2350 100644
--- a/src/util/crypto_kdf.c
+++ b/src/util/crypto_kdf.c
@@ -36,11 +36,11 @@
  * @param result buffer for the derived key, allocated by caller
  * @param out_len desired length of the derived key
  * @param xts salt
- * @param xts_len length of xts
+ * @param xts_len length of @a xts
  * @param skm source key material
- * @param skm_len length of skm
+ * @param skm_len length of @a skm
  * @param argp va_list of void * & size_t pairs for context chunks
- * @return GNUNET_YES on success
+ * @return #GNUNET_YES on success
  */
 int
 GNUNET_CRYPTO_kdf_v (void *result, size_t out_len, const void *xts,
@@ -68,11 +68,11 @@ GNUNET_CRYPTO_kdf_v (void *result, size_t out_len, const void *xts,
  * @param result buffer for the derived key, allocated by caller
  * @param out_len desired length of the derived key
  * @param xts salt
- * @param xts_len length of xts
+ * @param xts_len length of @a xts
  * @param skm source key material
- * @param skm_len length of skm
+ * @param skm_len length of @a skm
  * @param ... void * & size_t pairs for context chunks
- * @return GNUNET_YES on success
+ * @return #GNUNET_YES on success
  */
 int
 GNUNET_CRYPTO_kdf (void *result, size_t out_len, const void *xts,
diff --git a/src/util/perf_crypto_aes.c b/src/util/perf_crypto_aes.c
new file mode 100644
index 000000000..f02335afe
--- /dev/null
+++ b/src/util/perf_crypto_aes.c
@@ -0,0 +1,76 @@
+/*
+     This file is part of GNUnet.
+     (C) 2002, 2003, 2004, 2006 Christian Grothoff (and other contributing authors)
+
+     GNUnet is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published
+     by the Free Software Foundation; either version 3, or (at your
+     option) any later version.
+
+     GNUnet is distributed in the hope that it will be useful, but
+     WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     General Public License for more details.
+
+     You should have received a copy of the GNU General Public License
+     along with GNUnet; see the file COPYING.  If not, write to the
+     Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+     Boston, MA 02111-1307, USA.
+*/
+
+/**
+ * @author Christian Grothoff
+ * @file util/perf_crypto_aes.c
+ * @brief measure performance of encryption function
+ */
+#include "platform.h"
+#include "gnunet_common.h"
+#include "gnunet_util_lib.h"
+#include <gauger.h>
+
+
+static void
+perfEncrypt ()
+{
+  unsigned int i;
+  char buf[64 * 1024];
+  char rbuf[64 * 1024];
+  struct GNUNET_CRYPTO_AesSessionKey sk;
+  struct GNUNET_CRYPTO_AesInitializationVector iv;
+
+  GNUNET_CRYPTO_aes_create_session_key (&sk);
+
+  memset (buf, 1, sizeof (buf));
+  for (i = 0; i < 1024; i++)
+  {
+    memset (&iv, (int8_t) i, sizeof (iv));
+    GNUNET_CRYPTO_aes_encrypt (buf, sizeof (buf),
+                               &sk, &iv,
+                               rbuf);
+    GNUNET_CRYPTO_aes_decrypt (rbuf, sizeof (buf),
+                               &sk, &iv,
+                               buf);
+  }
+  memset (rbuf, 1, sizeof (rbuf));
+  GNUNET_assert (0 == memcmp (rbuf, buf, sizeof (buf)));
+}
+
+
+int
+main (int argc, char *argv[])
+{
+  struct GNUNET_TIME_Absolute start;
+
+  start = GNUNET_TIME_absolute_get ();
+  perfEncrypt ();
+  printf ("Encrypt perf took %s\n",
+          GNUNET_STRINGS_relative_time_to_string (GNUNET_TIME_absolute_get_duration (start),
+                                                  GNUNET_YES));
+  GAUGER ("UTIL", "Symmetric encryption",
+          64 * 1024 / (1 +
+                       GNUNET_TIME_absolute_get_duration
+                       (start).rel_value_us / 1000LL), "kb/ms");
+  return 0;
+}
+
+/* end of perf_crypto_aes.c */
diff --git a/src/util/test_crypto_aes.c b/src/util/test_crypto_aes.c
index 1c5897c1e..a5d49063a 100644
--- a/src/util/test_crypto_aes.c
+++ b/src/util/test_crypto_aes.c
@@ -28,7 +28,7 @@
 #include "gnunet_crypto_lib.h"
 
 #define TESTSTRING "Hello World!"
-#define INITVALUE "InitializationVectorValue"
+#define INITVALUE "InitializationVectorValueinitializationvectorvalue"
 
 static int
 testSymcipher ()
@@ -68,7 +68,8 @@ testSymcipher ()
     return 0;
 }
 
-int
+
+static int
 verifyCrypto ()
 {
   struct GNUNET_CRYPTO_AesSessionKey key;
@@ -77,25 +78,34 @@ verifyCrypto ()
   int ret;
 
   unsigned char plain[] =
-      { 29, 128, 192, 253, 74, 171, 38, 187, 84, 219, 76, 76, 209, 118, 33, 249,
+  {
+    29, 128, 192, 253, 74, 171, 38, 187, 84, 219, 76, 76, 209, 118, 33, 249,
     172, 124, 96, 9, 157, 110, 8, 215, 200, 63, 69, 230, 157, 104, 247, 164
   };
-  unsigned char raw_key[] =
-      { 106, 74, 209, 88, 145, 55, 189, 135, 125, 180, 225, 108, 183, 54, 25,
+  unsigned char raw_key_aes[] =
+  {
+    106, 74, 209, 88, 145, 55, 189, 135, 125, 180, 225, 108, 183, 54, 25,
     169, 129, 188, 131, 75, 227, 245, 105, 10, 225, 15, 115, 159, 148, 184,
     34, 191
   };
+  unsigned char raw_key_twofish[] =
+  {
+    145, 55, 189, 135, 125, 180, 225, 108, 183, 54, 25,
+    169, 129, 188, 131, 75, 227, 245, 105, 10, 225, 15, 115, 159, 148, 184,
+    34, 191, 106, 74, 209, 88
+  };
   unsigned char encrresult[] =
-      { 167, 102, 230, 233, 127, 195, 176, 107, 17, 91, 199, 127, 96, 113, 75,
-    195, 245, 217, 61, 236, 159, 165, 103, 121, 203, 99, 202, 41, 23, 222, 25,
-    102
+  {
+    161, 152, 186, 231, 214, 55, 225, 206, 85, 43, 80, 134, 145, 198, 20, 
+    233, 236, 57, 194, 10, 147, 149, 30, 106, 179, 54, 182, 247, 71, 204, 
+    179, 51, 1
   };
 
   res = NULL;
   ret = 0;
 
-  memcpy (key.key, raw_key, GNUNET_CRYPTO_AES_KEY_LENGTH);
-
+  memcpy (key.aes_key, raw_key_aes, GNUNET_CRYPTO_AES_KEY_LENGTH);
+  memcpy (key.twofish_key, raw_key_twofish, GNUNET_CRYPTO_AES_KEY_LENGTH);
   if (GNUNET_CRYPTO_AES_KEY_LENGTH !=
       GNUNET_CRYPTO_aes_encrypt (plain, GNUNET_CRYPTO_AES_KEY_LENGTH, &key,
                                  (const struct
@@ -107,15 +117,17 @@ verifyCrypto ()
     goto error;
   }
 
-  if (memcmp (encrresult, result, GNUNET_CRYPTO_AES_KEY_LENGTH) != 0)
+  if (0 != memcmp (encrresult, result, GNUNET_CRYPTO_AES_KEY_LENGTH))
   {
+    int i;
     printf ("Encrypted result wrong.\n");
+    for (i=0;i<GNUNET_CRYPTO_AES_KEY_LENGTH;i++)
+      printf ("%u, ", (uint8_t) result[i]);
     ret = 1;
     goto error;
   }
 
   res = GNUNET_malloc (GNUNET_CRYPTO_AES_KEY_LENGTH);
-
   if (GNUNET_CRYPTO_AES_KEY_LENGTH !=
       GNUNET_CRYPTO_aes_decrypt (result, GNUNET_CRYPTO_AES_KEY_LENGTH, &key,
                                  (const struct
@@ -126,21 +138,17 @@ verifyCrypto ()
     ret = 1;
     goto error;
   }
-
-  if (memcmp (res, plain, GNUNET_CRYPTO_AES_KEY_LENGTH) != 0)
+  if (0 != memcmp (res, plain, GNUNET_CRYPTO_AES_KEY_LENGTH))
   {
     printf ("Decrypted result does not match input.\n");
-
     ret = 1;
   }
-
 error:
-
   GNUNET_free_non_null (res);
-
   return ret;
 }
 
+
 int
 main (int argc, char *argv[])
 {
diff --git a/src/util/test_crypto_aes_weak.c b/src/util/test_crypto_aes_weak.c
deleted file mode 100644
index f2ddf2012..000000000
--- a/src/util/test_crypto_aes_weak.c
+++ /dev/null
@@ -1,198 +0,0 @@
-/*
-     This file is part of GNUnet.
-     (C) 2003, 2004, 2005, 2006 Christian Grothoff (and other contributing authors)
-
-     GNUnet is free software; you can redistribute it and/or modify
-     it under the terms of the GNU General Public License as published
-     by the Free Software Foundation; either version 3, or (at your
-     option) any later version.
-
-     GNUnet is distributed in the hope that it will be useful, but
-     WITHOUT ANY WARRANTY; without even the implied warranty of
-     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-     General Public License for more details.
-
-     You should have received a copy of the GNU General Public License
-     along with GNUnet; see the file COPYING.  If not, write to the
-     Free Software Foundation, Inc., 59 Temple Place - Suite 330,
-     Boston, MA 02111-1307, USA.
-
-*/
-
-/**
- * @author Krista Bennett
- * @author Christian Grothoff
- * @file util/test_crypto_aes_weak.c
- * @brief AES weak key test.
- */
-#include "platform.h"
-#include "gnunet_common.h"
-#include "gnunet_crypto_lib.h"
-#include <gcrypt.h>
-
-#define MAX_WEAK_KEY_TRIALS 100000
-#define GENERATE_WEAK_KEYS GNUNET_NO
-#define WEAK_KEY_TESTSTRING "I hate weak keys."
-
-static void
-printWeakKey (struct GNUNET_CRYPTO_AesSessionKey *key)
-{
-  int i;
-
-  for (i = 0; i < GNUNET_CRYPTO_AES_KEY_LENGTH; i++)
-  {
-    printf ("%x ", (int) (key->key[i]));
-  }
-}
-
-static int
-testWeakKey ()
-{
-  char result[100];
-  char res[100];
-  int size;
-  struct GNUNET_CRYPTO_AesSessionKey weak_key;
-  struct GNUNET_CRYPTO_AesInitializationVector INITVALUE;
-
-  memset (&INITVALUE, 42,
-          sizeof (struct GNUNET_CRYPTO_AesInitializationVector));
-  /* sorry, this is not a weak key -- I don't have
-   * any at the moment! */
-  weak_key.key[0] = (char) (0x4c);
-  weak_key.key[1] = (char) (0x31);
-  weak_key.key[2] = (char) (0xc6);
-  weak_key.key[3] = (char) (0x2b);
-  weak_key.key[4] = (char) (0xc1);
-  weak_key.key[5] = (char) (0x5f);
-  weak_key.key[6] = (char) (0x4d);
-  weak_key.key[7] = (char) (0x1f);
-  weak_key.key[8] = (char) (0x31);
-  weak_key.key[9] = (char) (0xaa);
-  weak_key.key[10] = (char) (0x12);
-  weak_key.key[11] = (char) (0x2e);
-  weak_key.key[12] = (char) (0xb7);
-  weak_key.key[13] = (char) (0x82);
-  weak_key.key[14] = (char) (0xc0);
-  weak_key.key[15] = (char) (0xb6);
-  weak_key.key[16] = (char) (0x4d);
-  weak_key.key[17] = (char) (0x1f);
-  weak_key.key[18] = (char) (0x31);
-  weak_key.key[19] = (char) (0xaa);
-  weak_key.key[20] = (char) (0x4c);
-  weak_key.key[21] = (char) (0x31);
-  weak_key.key[22] = (char) (0xc6);
-  weak_key.key[23] = (char) (0x2b);
-  weak_key.key[24] = (char) (0xc1);
-  weak_key.key[25] = (char) (0x5f);
-  weak_key.key[26] = (char) (0x4d);
-  weak_key.key[27] = (char) (0x1f);
-  weak_key.key[28] = (char) (0x31);
-  weak_key.key[29] = (char) (0xaa);
-  weak_key.key[30] = (char) (0xaa);
-  weak_key.key[31] = (char) (0xaa);
-  /* memset(&weak_key, 0, 32); */
-  size =
-      GNUNET_CRYPTO_aes_encrypt (WEAK_KEY_TESTSTRING,
-                                 strlen (WEAK_KEY_TESTSTRING) + 1, &weak_key,
-                                 &INITVALUE, result);
-
-  if (size == -1)
-  {
-    GNUNET_break (0);
-    return 1;
-  }
-
-  size = GNUNET_CRYPTO_aes_decrypt (result, size, &weak_key, &INITVALUE, res);
-
-  if ((strlen (WEAK_KEY_TESTSTRING) + 1) != size)
-  {
-    GNUNET_break (0);
-    return 1;
-  }
-  if (0 != strcmp (res, WEAK_KEY_TESTSTRING))
-  {
-    GNUNET_break (0);
-    return 1;
-  }
-  else
-    return 0;
-}
-
-static int
-getWeakKeys ()
-{
-  struct GNUNET_CRYPTO_AesSessionKey sessionkey;
-  int number_of_weak_keys = 0;
-  int number_of_runs;
-
-  gcry_cipher_hd_t handle;
-  int rc;
-
-  for (number_of_runs = 0; number_of_runs < MAX_WEAK_KEY_TRIALS;
-       number_of_runs++)
-  {
-
-    if (number_of_runs % 1000 == 0)
-      FPRINTF (stderr, "%s",  ".");
-    /*printf("Got to run number %d.\n", number_of_runs); */
-    GNUNET_CRYPTO_aes_create_session_key (&sessionkey);
-
-    rc = gcry_cipher_open (&handle, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CFB,
-                           0);
-
-    if (rc)
-    {
-      printf ("testweakkey: gcry_cipher_open failed on trial %d. %s\n",
-              number_of_runs, gcry_strerror (rc));
-      continue;
-    }
-
-    rc = gcry_cipher_setkey (handle, &sessionkey, GNUNET_CRYPTO_AES_KEY_LENGTH);
-
-    if ((char) rc == GPG_ERR_WEAK_KEY)
-    {
-      printf ("\nWeak key (in hex): ");
-      printWeakKey (&sessionkey);
-      printf ("\n");
-      number_of_weak_keys++;
-    }
-    else if (rc)
-    {
-      printf ("\nUnexpected error generating keys. Error is %s\n",
-              gcry_strerror (rc));
-    }
-
-    gcry_cipher_close (handle);
-
-  }
-
-  return number_of_weak_keys;
-}
-
-int
-main (int argc, char *argv[])
-{
-  int weak_keys;
-
-  GNUNET_log_setup ("test-crypto-aes-weak", "WARNING", NULL);
-  if (GENERATE_WEAK_KEYS)
-  {
-    weak_keys = getWeakKeys ();
-
-    if (weak_keys == 0)
-    {
-      printf ("\nNo weak keys found in %d runs.\n", MAX_WEAK_KEY_TRIALS);
-    }
-    else
-    {
-      printf ("\n%d weak keys found in %d runs.\n", weak_keys,
-              MAX_WEAK_KEY_TRIALS);
-    }
-  }
-
-  if (testWeakKey () != 0)
-    return -1;
-  return 0;
-}
-
-/* end of weakkeytest.c */
diff --git a/src/util/test_crypto_hash.c b/src/util/test_crypto_hash.c
index a8ef39a38..2a5d6d773 100644
--- a/src/util/test_crypto_hash.c
+++ b/src/util/test_crypto_hash.c
@@ -65,8 +65,6 @@ testEncoding ()
 static int
 testArithmetic ()
 {
-  static struct GNUNET_CRYPTO_AesSessionKey zskey;
-  static struct GNUNET_CRYPTO_AesInitializationVector ziv;
   struct GNUNET_HashCode h1;
   struct GNUNET_HashCode h2;
   struct GNUNET_HashCode d;
@@ -100,9 +98,6 @@ testArithmetic ()
     return 1;
   memset (&d, 0, sizeof (d));
   GNUNET_CRYPTO_hash_to_aes_key (&d, &skey, &iv);
-  if ((0 != memcmp (&skey, &zskey, sizeof (skey) - sizeof (unsigned int))) ||
-      (0 != memcmp (&iv, &ziv, sizeof (iv))))
-    return 1;
   return 0;
 }