7 files changed, 169 insertions, 87 deletions

diff --git a/configure.ac b/configure.ac
index b30141564..3439a6d6f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -212,6 +212,10 @@ AC_UNALIGNED_64_ACCESS
 AC_SEARCH_LIBS([gethostbyname], [nsl ws2_32])
 AC_SEARCH_LIBS([memrchr], [],
                AC_DEFINE(HAVE_MEMRCHR,1,[memrchr supported]), [])
+AC_SEARCH_LIBS([memset_s], [],
+               AC_DEFINE(HAVE_MEMSET_S,1,[memset_s supported]), [])
+AC_SEARCH_LIBS([memset_s], [],
+               AC_DEFINE(HAVE_EXPLICIT_BZERO,1,[explicit_bzero supported]), [])
 AC_CHECK_LIB(socket, socket)
 AC_CHECK_LIB(m, log)
 AC_CHECK_LIB(c, getloadavg, AC_DEFINE(HAVE_GETLOADAVG,1,[getloadavg supported]))
diff --git a/po/POTFILES.in b/po/POTFILES.in
index f9000c654..f37590613 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -4,14 +4,6 @@ src/arm/arm_monitor_api.c
 src/arm/gnunet-arm.c
 src/arm/gnunet-service-arm.c
 src/arm/mockup-service.c
-src/ats-tests/ats-testing-experiment.c
-src/ats-tests/ats-testing-log.c
-src/ats-tests/ats-testing-preferences.c
-src/ats-tests/ats-testing-traffic.c
-src/ats-tests/ats-testing.c
-src/ats-tests/gnunet-ats-sim.c
-src/ats-tests/gnunet-solver-eval.c
-src/ats-tool/gnunet-ats.c
 src/ats/ats_api2_application.c
 src/ats/ats_api2_transport.c
 src/ats/ats_api_connectivity.c
@@ -19,10 +11,10 @@ src/ats/ats_api_performance.c
 src/ats/ats_api_scanner.c
 src/ats/ats_api_scheduling.c
 src/ats/gnunet-ats-solver-eval.c
-src/ats/gnunet-service-ats-new.c
-src/ats/gnunet-service-ats.c
 src/ats/gnunet-service-ats_addresses.c
+src/ats/gnunet-service-ats.c
 src/ats/gnunet-service-ats_connectivity.c
+src/ats/gnunet-service-ats-new.c
 src/ats/gnunet-service-ats_normalization.c
 src/ats/gnunet-service-ats_performance.c
 src/ats/gnunet-service-ats_plugins.c
@@ -34,6 +26,14 @@ src/ats/plugin_ats2_simple.c
 src/ats/plugin_ats_mlp.c
 src/ats/plugin_ats_proportional.c
 src/ats/plugin_ats_ril.c
+src/ats-tests/ats-testing.c
+src/ats-tests/ats-testing-experiment.c
+src/ats-tests/ats-testing-log.c
+src/ats-tests/ats-testing-preferences.c
+src/ats-tests/ats-testing-traffic.c
+src/ats-tests/gnunet-ats-sim.c
+src/ats-tests/gnunet-solver-eval.c
+src/ats-tool/gnunet-ats.c
 src/auction/gnunet-auction-create.c
 src/auction/gnunet-auction-info.c
 src/auction/gnunet-auction-join.c
@@ -50,8 +50,8 @@ src/cadet/cadet_api_list_peers.c
 src/cadet/cadet_api_list_tunnels.c
 src/cadet/cadet_test_lib.c
 src/cadet/desirability_table.c
-src/cadet/gnunet-cadet-profiler.c
 src/cadet/gnunet-cadet.c
+src/cadet/gnunet-cadet-profiler.c
 src/cadet/gnunet-service-cadet.c
 src/cadet/gnunet-service-cadet_channel.c
 src/cadet/gnunet-service-cadet_connection.c
@@ -67,15 +67,15 @@ src/consensus/gnunet-service-consensus.c
 src/consensus/plugin_block_consensus.c
 src/conversation/conversation_api.c
 src/conversation/conversation_api_call.c
-src/conversation/gnunet-conversation-test.c
 src/conversation/gnunet-conversation.c
-src/conversation/gnunet-helper-audio-playback-gst.c
+src/conversation/gnunet-conversation-test.c
+src/conversation/gnunet_gst.c
+src/conversation/gnunet_gst_test.c
 src/conversation/gnunet-helper-audio-playback.c
-src/conversation/gnunet-helper-audio-record-gst.c
+src/conversation/gnunet-helper-audio-playback-gst.c
 src/conversation/gnunet-helper-audio-record.c
+src/conversation/gnunet-helper-audio-record-gst.c
 src/conversation/gnunet-service-conversation.c
-src/conversation/gnunet_gst.c
-src/conversation/gnunet_gst_test.c
 src/conversation/microphone.c
 src/conversation/plugin_gnsrecord_conversation.c
 src/conversation/speaker.c
@@ -112,6 +112,7 @@ src/dht/dht_api.c
 src/dht/dht_test_lib.c
 src/dht/gnunet-dht-get.c
 src/dht/gnunet-dht-monitor.c
+src/dht/gnunet_dht_profiler.c
 src/dht/gnunet-dht-put.c
 src/dht/gnunet-service-dht.c
 src/dht/gnunet-service-dht_clients.c
@@ -120,7 +121,6 @@ src/dht/gnunet-service-dht_hello.c
 src/dht/gnunet-service-dht_neighbours.c
 src/dht/gnunet-service-dht_nse.c
 src/dht/gnunet-service-dht_routing.c
-src/dht/gnunet_dht_profiler.c
 src/dht/plugin_block_dht.c
 src/dns/dns_api.c
 src/dns/gnunet-dns-monitor.c
@@ -130,8 +130,8 @@ src/dns/gnunet-service-dns.c
 src/dns/gnunet-zonewalk.c
 src/dns/plugin_block_dns.c
 src/exit/gnunet-daemon-exit.c
-src/exit/gnunet-helper-exit-windows.c
 src/exit/gnunet-helper-exit.c
+src/exit/gnunet-helper-exit-windows.c
 src/fragmentation/defragmentation.c
 src/fragmentation/fragmentation.c
 src/fs/fs_api.c
@@ -156,8 +156,8 @@ src/fs/gnunet-auto-share.c
 src/fs/gnunet-daemon-fsprofiler.c
 src/fs/gnunet-directory.c
 src/fs/gnunet-download.c
-src/fs/gnunet-fs-profiler.c
 src/fs/gnunet-fs.c
+src/fs/gnunet-fs-profiler.c
 src/fs/gnunet-helper-fs-publish.c
 src/fs/gnunet-publish.c
 src/fs/gnunet-search.c
@@ -177,10 +177,10 @@ src/gns/gns_tld_api.c
 src/gns/gnunet-bcd.c
 src/gns/gnunet-dns2gns.c
 src/gns/gnunet-gns-benchmark.c
+src/gns/gnunet-gns.c
 src/gns/gnunet-gns-helper-service-w32.c
 src/gns/gnunet-gns-import.c
 src/gns/gnunet-gns-proxy.c
-src/gns/gnunet-gns.c
 src/gns/gnunet-service-gns.c
 src/gns/gnunet-service-gns_interceptor.c
 src/gns/gnunet-service-gns_resolver.c
@@ -189,19 +189,19 @@ src/gns/nss/nss_gns_query.c
 src/gns/plugin_block_gns.c
 src/gns/plugin_gnsrecord_gns.c
 src/gns/plugin_rest_gns.c
-src/gns/w32nsp-install.c
-src/gns/w32nsp-resolve.c
-src/gns/w32nsp-uninstall.c
-src/gns/w32nsp.c
 src/gnsrecord/gnsrecord.c
 src/gnsrecord/gnsrecord_crypto.c
 src/gnsrecord/gnsrecord_misc.c
 src/gnsrecord/gnsrecord_serialization.c
 src/gnsrecord/plugin_gnsrecord_dns.c
+src/gns/w32nsp.c
+src/gns/w32nsp-install.c
+src/gns/w32nsp-resolve.c
+src/gns/w32nsp-uninstall.c
 src/hello/address.c
 src/hello/gnunet-hello.c
-src/hello/hello-ng.c
 src/hello/hello.c
+src/hello/hello-ng.c
 src/hostlist/gnunet-daemon-hostlist.c
 src/hostlist/gnunet-daemon-hostlist_client.c
 src/hostlist/gnunet-daemon-hostlist_server.c
@@ -225,8 +225,8 @@ src/namecache/namecache_api.c
 src/namecache/plugin_namecache_flat.c
 src/namecache/plugin_namecache_postgres.c
 src/namecache/plugin_namecache_sqlite.c
-src/namestore/gnunet-namestore-fcfsd.c
 src/namestore/gnunet-namestore.c
+src/namestore/gnunet-namestore-fcfsd.c
 src/namestore/gnunet-service-namestore.c
 src/namestore/gnunet-zoneimport.c
 src/namestore/namestore_api.c
@@ -242,10 +242,10 @@ src/nat-auto/gnunet-service-nat-auto.c
 src/nat-auto/gnunet-service-nat-auto_legacy.c
 src/nat-auto/nat_auto_api.c
 src/nat-auto/nat_auto_api_test.c
-src/nat/gnunet-helper-nat-client-windows.c
 src/nat/gnunet-helper-nat-client.c
-src/nat/gnunet-helper-nat-server-windows.c
+src/nat/gnunet-helper-nat-client-windows.c
 src/nat/gnunet-helper-nat-server.c
+src/nat/gnunet-helper-nat-server-windows.c
 src/nat/gnunet-nat.c
 src/nat/gnunet-service-nat.c
 src/nat/gnunet-service-nat_externalip.c
@@ -254,17 +254,17 @@ src/nat/gnunet-service-nat_mini.c
 src/nat/gnunet-service-nat_stun.c
 src/nat/nat_api.c
 src/nat/nat_api_stun.c
-src/nse/gnunet-nse-profiler.c
 src/nse/gnunet-nse.c
+src/nse/gnunet-nse-profiler.c
 src/nse/gnunet-service-nse.c
 src/nse/nse_api.c
 src/nt/nt.c
-src/peerinfo-tool/gnunet-peerinfo.c
-src/peerinfo-tool/gnunet-peerinfo_plugins.c
-src/peerinfo-tool/plugin_rest_peerinfo.c
 src/peerinfo/gnunet-service-peerinfo.c
 src/peerinfo/peerinfo_api.c
 src/peerinfo/peerinfo_api_notify.c
+src/peerinfo-tool/gnunet-peerinfo.c
+src/peerinfo-tool/gnunet-peerinfo_plugins.c
+src/peerinfo-tool/plugin_rest_peerinfo.c
 src/peerstore/gnunet-peerstore.c
 src/peerstore/gnunet-service-peerstore.c
 src/peerstore/peerstore_api.c
@@ -311,22 +311,22 @@ src/revocation/gnunet-revocation.c
 src/revocation/gnunet-service-revocation.c
 src/revocation/plugin_block_revocation.c
 src/revocation/revocation_api.c
-src/rps/gnunet-rps-profiler.c
 src/rps/gnunet-rps.c
+src/rps/gnunet-rps-profiler.c
 src/rps/gnunet-service-rps.c
 src/rps/gnunet-service-rps_custommap.c
 src/rps/gnunet-service-rps_sampler.c
 src/rps/gnunet-service-rps_sampler_elem.c
 src/rps/gnunet-service-rps_view.c
+src/rps/rps_api.c
 src/rps/rps-sampler_client.c
 src/rps/rps-sampler_common.c
 src/rps/rps-test_util.c
-src/rps/rps_api.c
 src/scalarproduct/gnunet-scalarproduct.c
-src/scalarproduct/gnunet-service-scalarproduct-ecc_alice.c
-src/scalarproduct/gnunet-service-scalarproduct-ecc_bob.c
 src/scalarproduct/gnunet-service-scalarproduct_alice.c
 src/scalarproduct/gnunet-service-scalarproduct_bob.c
+src/scalarproduct/gnunet-service-scalarproduct-ecc_alice.c
+src/scalarproduct/gnunet-service-scalarproduct-ecc_bob.c
 src/scalarproduct/scalarproduct_api.c
 src/secretsharing/gnunet-secretsharing-profiler.c
 src/secretsharing/gnunet-service-secretsharing.c
@@ -352,16 +352,15 @@ src/statistics/gnunet-statistics.c
 src/statistics/statistics_api.c
 src/template/gnunet-service-template.c
 src/template/gnunet-template.c
-src/testbed-logger/gnunet-service-testbed-logger.c
-src/testbed-logger/testbed_logger_api.c
 src/testbed/generate-underlay-topology.c
 src/testbed/gnunet-daemon-latency-logger.c
 src/testbed/gnunet-daemon-testbed-blacklist.c
 src/testbed/gnunet-daemon-testbed-underlay.c
 src/testbed/gnunet-helper-testbed.c
+src/testbed/gnunet_mpi_test.c
 src/testbed/gnunet-service-test-barriers.c
-src/testbed/gnunet-service-testbed.c
 src/testbed/gnunet-service-testbed_barriers.c
+src/testbed/gnunet-service-testbed.c
 src/testbed/gnunet-service-testbed_cache.c
 src/testbed/gnunet-service-testbed_connectionpool.c
 src/testbed/gnunet-service-testbed_cpustatus.c
@@ -369,19 +368,20 @@ src/testbed/gnunet-service-testbed_links.c
 src/testbed/gnunet-service-testbed_meminfo.c
 src/testbed/gnunet-service-testbed_oc.c
 src/testbed/gnunet-service-testbed_peers.c
-src/testbed/gnunet-testbed-profiler.c
-src/testbed/gnunet_mpi_test.c
 src/testbed/gnunet_testbed_mpi_spawn.c
-src/testbed/testbed_api.c
+src/testbed/gnunet-testbed-profiler.c
+src/testbed-logger/gnunet-service-testbed-logger.c
+src/testbed-logger/testbed_logger_api.c
 src/testbed/testbed_api_barriers.c
+src/testbed/testbed_api.c
 src/testbed/testbed_api_hosts.c
 src/testbed/testbed_api_operations.c
 src/testbed/testbed_api_peers.c
 src/testbed/testbed_api_sd.c
 src/testbed/testbed_api_services.c
 src/testbed/testbed_api_statistics.c
-src/testbed/testbed_api_test.c
 src/testbed/testbed_api_testbed.c
+src/testbed/testbed_api_test.c
 src/testbed/testbed_api_topology.c
 src/testbed/testbed_api_underlay.c
 src/testing/gnunet-testing.c
@@ -393,40 +393,35 @@ src/transport/gnunet-communicator-tcp.c
 src/transport/gnunet-communicator-udp.c
 src/transport/gnunet-communicator-unix.c
 src/transport/gnunet-helper-transport-bluetooth.c
-src/transport/gnunet-helper-transport-wlan-dummy.c
 src/transport/gnunet-helper-transport-wlan.c
+src/transport/gnunet-helper-transport-wlan-dummy.c
 src/transport/gnunet-service-tng.c
-src/transport/gnunet-service-transport.c
 src/transport/gnunet-service-transport_ats.c
+src/transport/gnunet-service-transport.c
 src/transport/gnunet-service-transport_hello.c
 src/transport/gnunet-service-transport_manipulation.c
 src/transport/gnunet-service-transport_neighbours.c
 src/transport/gnunet-service-transport_plugins.c
 src/transport/gnunet-service-transport_validation.c
+src/transport/gnunet-transport.c
 src/transport/gnunet-transport-certificate-creation.c
 src/transport/gnunet-transport-profiler.c
 src/transport/gnunet-transport-wlan-receiver.c
 src/transport/gnunet-transport-wlan-sender.c
-src/transport/gnunet-transport.c
 src/transport/plugin_transport_http_client.c
 src/transport/plugin_transport_http_common.c
 src/transport/plugin_transport_http_server.c
 src/transport/plugin_transport_smtp.c
 src/transport/plugin_transport_tcp.c
 src/transport/plugin_transport_template.c
-src/transport/plugin_transport_udp.c
 src/transport/plugin_transport_udp_broadcasting.c
+src/transport/plugin_transport_udp.c
 src/transport/plugin_transport_unix.c
 src/transport/plugin_transport_wlan.c
 src/transport/tcp_connection_legacy.c
 src/transport/tcp_server_legacy.c
 src/transport/tcp_server_mst_legacy.c
 src/transport/tcp_service_legacy.c
-src/transport/transport-testing-filenames.c
-src/transport/transport-testing-loggers.c
-src/transport/transport-testing-main.c
-src/transport/transport-testing-send.c
-src/transport/transport-testing.c
 src/transport/transport_api2_address.c
 src/transport/transport_api2_application.c
 src/transport/transport_api2_communication.c
@@ -440,6 +435,11 @@ src/transport/transport_api_manipulation.c
 src/transport/transport_api_monitor_peers.c
 src/transport/transport_api_monitor_plugins.c
 src/transport/transport_api_offer_hello.c
+src/transport/transport-testing.c
+src/transport/transport-testing-filenames.c
+src/transport/transport-testing-loggers.c
+src/transport/transport-testing-main.c
+src/transport/transport-testing-send.c
 src/util/bandwidth.c
 src/util/benchmark.c
 src/util/bio.c
@@ -452,8 +452,8 @@ src/util/configuration_loader.c
 src/util/container_bloomfilter.c
 src/util/container_heap.c
 src/util/container_meta_data.c
-src/util/container_multihashmap.c
 src/util/container_multihashmap32.c
+src/util/container_multihashmap.c
 src/util/container_multipeermap.c
 src/util/container_multishortmap.c
 src/util/crypto_abe.c
@@ -475,16 +475,16 @@ src/util/dnsparser.c
 src/util/dnsstub.c
 src/util/getopt.c
 src/util/getopt_helpers.c
-src/util/gnunet-config-diff.c
 src/util/gnunet-config.c
+src/util/gnunet-config-diff.c
 src/util/gnunet-ecc.c
 src/util/gnunet-helper-w32-console.c
 src/util/gnunet-qr.c
 src/util/gnunet-resolver.c
 src/util/gnunet-scrypt.c
 src/util/gnunet-service-resolver.c
-src/util/gnunet-timeout-w32.c
 src/util/gnunet-timeout.c
+src/util/gnunet-timeout-w32.c
 src/util/gnunet-uri.c
 src/util/helper.c
 src/util/load.c
@@ -513,13 +513,13 @@ src/util/tun.c
 src/util/w32cat.c
 src/util/win.c
 src/util/winproc.c
-src/vpn/gnunet-helper-vpn-windows.c
 src/vpn/gnunet-helper-vpn.c
+src/vpn/gnunet-helper-vpn-windows.c
 src/vpn/gnunet-service-vpn.c
 src/vpn/gnunet-vpn.c
 src/vpn/vpn_api.c
-src/zonemaster/gnunet-service-zonemaster-monitor.c
 src/zonemaster/gnunet-service-zonemaster.c
+src/zonemaster/gnunet-service-zonemaster-monitor.c
 src/fs/fs_api.h
 src/include/compat.h
 src/include/gnunet_common.h
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h
index 6822de2f1..45da5f6ba 100644
--- a/src/include/gnunet_crypto_lib.h
+++ b/src/include/gnunet_crypto_lib.h
@@ -456,6 +456,18 @@ int32_t
 GNUNET_CRYPTO_crc32_n (const void *buf,
                        size_t len);
 
+/**
+ * @ingroup crypto
+ * Zero out @a buffer, securely against compiler optimizations.
+ * Used to delete key material.
+ *
+ * @param buffer the buffer to zap
+ * @param length buffer length
+ */
+void
+GNUNET_CRYPTO_zero_keys (void *buffer,
+                         size_t length);
+
 
 /**
  * @ingroup crypto
@@ -721,8 +733,8 @@ GNUNET_CRYPTO_hash_context_abort (struct GNUNET_HashContext *hc);
  */
 void
 GNUNET_CRYPTO_hmac_raw (const void *key, size_t key_len,
-                        const void *plaintext, size_t plaintext_len,
-                        struct GNUNET_HashCode *hmac);
+                        const void *plaintext, size_t plaintext_len,
+                        struct GNUNET_HashCode *hmac);
 
 
 /**
@@ -1866,7 +1878,7 @@ GNUNET_CRYPTO_rsa_private_key_free (struct GNUNET_CRYPTO_RsaPrivateKey *key);
  */
 size_t
 GNUNET_CRYPTO_rsa_private_key_encode (const struct GNUNET_CRYPTO_RsaPrivateKey *key,
-                                      char **buffer);
+                                      char **buffer);
 
 
 /**
@@ -1879,7 +1891,7 @@ GNUNET_CRYPTO_rsa_private_key_encode (const struct GNUNET_CRYPTO_RsaPrivateKey *
  */
 struct GNUNET_CRYPTO_RsaPrivateKey *
 GNUNET_CRYPTO_rsa_private_key_decode (const char *buf,
-                                      size_t len);
+                                      size_t len);
 
 
 /**
diff --git a/src/transport/Makefile.am b/src/transport/Makefile.am
index f83fa669c..53fd9c973 100644
--- a/src/transport/Makefile.am
+++ b/src/transport/Makefile.am
@@ -374,6 +374,7 @@ gnunet_service_tng_LDADD = \
   $(top_builddir)/src/hello/libgnunethello.la \
   $(top_builddir)/src/statistics/libgnunetstatistics.la \
   $(top_builddir)/src/util/libgnunetutil.la \
+  $(LIBGCRYPT_LIBS) \
   $(GN_LIBINTL)
 
 plugin_LTLIBRARIES = \
diff --git a/src/transport/gnunet-communicator-tcp.c b/src/transport/gnunet-communicator-tcp.c
index a8f88c5e4..e9223401f 100644
--- a/src/transport/gnunet-communicator-tcp.c
+++ b/src/transport/gnunet-communicator-tcp.c
@@ -814,9 +814,9 @@ pass_plaintext_to_core (struct Queue *queue,
  */
 static void
 setup_cipher (const struct GNUNET_HashCode *dh,
-              const struct GNUNET_PeerIdentity *pid,
-              gcry_cipher_hd_t *cipher,
-              struct GNUNET_HashCode *hmac_key)
+              const struct GNUNET_PeerIdentity *pid,
+              gcry_cipher_hd_t *cipher,
+              struct GNUNET_HashCode *hmac_key)
 {
   char key[256/8];
   char ctr[128/8];
@@ -872,7 +872,7 @@ setup_cipher (const struct GNUNET_HashCode *dh,
  */
 static void
 setup_in_cipher (const struct GNUNET_CRYPTO_EcdhePublicKey *ephemeral,
-                 struct Queue *queue)
+                 struct Queue *queue)
 {
   struct GNUNET_HashCode dh;
 
@@ -896,7 +896,7 @@ setup_in_cipher (const struct GNUNET_CRYPTO_EcdhePublicKey *ephemeral,
  */
 static void
 do_rekey (struct Queue *queue,
-          const struct TCPRekey *rekey)
+          const struct TCPRekey *rekey)
 {
   struct TcpHandshakeSignature thp;
 
diff --git a/src/transport/gnunet-service-tng.c b/src/transport/gnunet-service-tng.c
index bb1656876..53b9ba0c8 100644
--- a/src/transport/gnunet-service-tng.c
+++ b/src/transport/gnunet-service-tng.c
@@ -33,7 +33,6 @@
  *       transport-to-transport traffic)
  *
  * Implement next:
- * - backchannel message encryption & decryption
  * - DV data structures:
  *   + using DV routes!
  *     - handling of DV-boxed messages that need to be forwarded
@@ -59,7 +58,6 @@
  * FIXME (without marks in the code!):
  * - proper use/initialization of timestamps in messages exchanged
  *   during DV learning
- * -
  *
  * Optimizations:
  * - use shorthashmap on msg_uuid's when matching reliability/fragment ACKs
@@ -3238,21 +3236,32 @@ route_message (const struct GNUNET_PeerIdentity *target,
  */
 struct BackchannelKeyState
 {
-  // FIXME: actual data types in this struct are likely still totally wrong
   /**
-   *
+   * State of our block cipher.
    */
-  char hdr_key[128];
+  gcry_cipher_hd_t cipher;
 
   /**
-   *
+   * Actual key material.
    */
-  char body_key[128];
+  struct {
 
-  /**
-   *
-   */
-  char hmac_key[128];
+    /**
+     * Key used for HMAC calculations (via #GNUNET_CRYPTO_hmac()).
+     */
+    struct GNUNET_CRYPTO_AuthKey hmac_key;
+
+    /**
+     * Symmetric key to use for encryption.
+     */
+    char aes_key[256/8];
+
+    /**
+     * Counter value to use during setup.
+     */
+    char aes_ctr[128/8];
+
+  } material;
 };
 
 
@@ -3263,14 +3272,24 @@ bc_setup_key_state_from_km (const struct GNUNET_HashCode *km,
 {
   /* must match #dh_key_derive_eph_pub */
   GNUNET_assert (GNUNET_YES ==
-                 GNUNET_CRYPTO_kdf (key,
-                                    sizeof (*key),
+                 GNUNET_CRYPTO_kdf (&key->material,
+                                    sizeof (key->material),
                                     "transport-backchannel-key",
                                     strlen ("transport-backchannel-key"),
                                     &km,
                                     sizeof (km),
                                     iv,
                                     sizeof (*iv)));
+  gcry_cipher_open (&key->cipher,
+                    GCRY_CIPHER_AES256 /* low level: go for speed */,
+                    GCRY_CIPHER_MODE_CTR,
+                    0 /* flags */);
+  gcry_cipher_setkey (key->cipher,
+                      &key->material.aes_key,
+                      sizeof (key->material.aes_key));
+  gcry_cipher_setctr (key->cipher,
+                      &key->material.aes_ctr,
+                      sizeof (key->material.aes_ctr));
 }
 
 
@@ -3342,7 +3361,10 @@ bc_hmac (const struct BackchannelKeyState *key,
          const void *data,
          size_t data_size)
 {
-  // FIXME!
+  GNUNET_CRYPTO_hmac (&key->material.hmac_key,
+                      data,
+                      data_size,
+                      hmac);
 }
 
 
@@ -3361,7 +3383,12 @@ bc_encrypt (struct BackchannelKeyState *key,
             void *dst,
             size_t in_size)
 {
-  // FIXME!
+  GNUNET_assert (0 ==
+                 gcry_cipher_encrypt (key->cipher,
+                                      dst,
+                                      in_size,
+                                      in,
+                                      in_size));
 }
 
 
@@ -3380,7 +3407,12 @@ bc_decrypt (struct BackchannelKeyState *key,
             const void *ciph,
             size_t out_size)
 {
-  // FIXME!
+  GNUNET_assert (0 ==
+                 gcry_cipher_decrypt (key->cipher,
+                                      out,
+                                      out_size,
+                                      ciph,
+                                      out_size));
 }
 
 
@@ -3392,7 +3424,9 @@ bc_decrypt (struct BackchannelKeyState *key,
 static void
 bc_key_clean (struct BackchannelKeyState *key)
 {
-  // FIXME!
+  gcry_cipher_close (key->cipher);
+  GNUNET_CRYPTO_zero_keys (&key->material,
+                           sizeof (key->material));
 }
 
 
diff --git a/src/util/crypto_random.c b/src/util/crypto_random.c
index 54bea58e1..8bb5f0587 100644
--- a/src/util/crypto_random.c
+++ b/src/util/crypto_random.c
@@ -98,6 +98,34 @@ GNUNET_CRYPTO_seed_weak_random (int32_t seed)
 
 /**
  * @ingroup crypto
+ * Zero out @a buffer, securely against compiler optimizations.
+ * Used to delete key material.
+ *
+ * @param buffer the buffer to zap
+ * @param length buffer length
+ */
+void
+GNUNET_CRYPTO_zero_keys (void *buffer,
+                         size_t length)
+{
+#if HAVE_MEMSET_S
+  memset_s (buffer,
+            length,
+            0,
+            length);
+#elif HAVE_EXPLICIT_BZERO
+  explicit_bzero (buffer,
+                  length);
+#else
+  volatile unsigned char *p = buffer;
+  while (length--)
+    *p++ = 0;
+#endif
+}
+
+
+/**
+ * @ingroup crypto
  * Fill block with a random values.
  *
  * @param mode desired quality of the random number
@@ -105,7 +133,9 @@ GNUNET_CRYPTO_seed_weak_random (int32_t seed)
  * @param length buffer length
  */
 void
-GNUNET_CRYPTO_random_block (enum GNUNET_CRYPTO_Quality mode, void *buffer, size_t length)
+GNUNET_CRYPTO_random_block (enum GNUNET_CRYPTO_Quality mode,
+                            void *buffer,
+                            size_t length)
 {
 #ifdef gcry_fast_random_poll
   static unsigned int invokeCount;
@@ -146,7 +176,7 @@ GNUNET_CRYPTO_random_block (enum GNUNET_CRYPTO_Quality mode, void *buffer, size_
  */
 uint32_t
 GNUNET_CRYPTO_random_u32 (enum GNUNET_CRYPTO_Quality mode,
-                          uint32_t i)
+                          uint32_t i)
 {
 #ifdef gcry_fast_random_poll
   static unsigned int invokeCount;
@@ -202,7 +232,7 @@ GNUNET_CRYPTO_random_u32 (enum GNUNET_CRYPTO_Quality mode,
  */
 unsigned int *
 GNUNET_CRYPTO_random_permute (enum GNUNET_CRYPTO_Quality mode,
-                              unsigned int n)
+                              unsigned int n)
 {
   unsigned int *ret;
   unsigned int i;
@@ -232,7 +262,8 @@ GNUNET_CRYPTO_random_permute (enum GNUNET_CRYPTO_Quality mode,
  * @return random 64-bit number
  */
 uint64_t
-GNUNET_CRYPTO_random_u64 (enum GNUNET_CRYPTO_Quality mode, uint64_t max)
+GNUNET_CRYPTO_random_u64 (enum GNUNET_CRYPTO_Quality mode,
+                          uint64_t max)
 {
   uint64_t ret;
   uint64_t ul;