Merge branch 'master' of ssh://git.gnunet.org/gnunet

29 files changed, 1642 insertions, 546 deletions

diff --git a/src/dhtu/Makefile.am b/src/dhtu/Makefile.am
index ebffa9ecf..4d210b71f 100644
--- a/src/dhtu/Makefile.am
+++ b/src/dhtu/Makefile.am
@@ -13,10 +13,11 @@ endif
 pkgcfg_DATA = \
   dhtu.conf
 
-
 plugin_LTLIBRARIES = \
-  libgnunet_plugin_dhtu_gnunet.la \
-  libgnunet_plugin_dhtu_ip.la
+  libgnunet_plugin_dhtu_gnunet.la
+
+if !OPENBSD
+plugin_LTLIBRARIES += libgnunet_plugin_dhtu_ip.la
 
 libgnunet_plugin_dhtu_ip_la_SOURCES = \
   plugin_dhtu_ip.c
@@ -26,7 +27,7 @@ libgnunet_plugin_dhtu_ip_la_LIBADD = \
   $(LTLIBINTL)
 libgnunet_plugin_dhtu_ip_la_LDFLAGS = \
  $(GN_PLUGIN_LDFLAGS)
-
+endif
 
 
 libgnunet_plugin_dhtu_gnunet_la_SOURCES = \
diff --git a/src/fs/test_fs_uri.c b/src/fs/test_fs_uri.c
index 30eafab9a..aac7b1b97 100644
--- a/src/fs/test_fs_uri.c
+++ b/src/fs/test_fs_uri.c
@@ -80,7 +80,7 @@ testLocation ()
   char *uric;
   struct GNUNET_FS_Uri *uri2;
   struct GNUNET_FS_Uri *baseURI;
-  char *emsg;
+  char *emsg = NULL;
   struct GNUNET_CRYPTO_EddsaPrivateKey pk;
 
   baseURI =
diff --git a/src/fs/test_plugin_block_fs.c b/src/fs/test_plugin_block_fs.c
index 727cc37c2..f15d10b17 100644
--- a/src/fs/test_plugin_block_fs.c
+++ b/src/fs/test_plugin_block_fs.c
@@ -43,7 +43,6 @@ test_fs (struct GNUNET_BLOCK_Context *ctx)
   if (GNUNET_OK !=
       GNUNET_BLOCK_check_block (ctx,
                                 GNUNET_BLOCK_TYPE_FS_DBLOCK,
-                                &key,
                                 block,
                                 sizeof(block)))
     return 2;
@@ -54,7 +53,7 @@ test_fs (struct GNUNET_BLOCK_Context *ctx)
                                 NULL, 0))
     return 4;
   GNUNET_log_skip (1, GNUNET_NO);
-  if (GNUNET_BLOCK_EVALUATION_REQUEST_INVALID !=
+  if (GNUNET_NO !=
       GNUNET_BLOCK_check_query (ctx,
                                 GNUNET_BLOCK_TYPE_FS_DBLOCK,
                                 &key,
diff --git a/src/gns/gnunet-service-gns_resolver.c b/src/gns/gnunet-service-gns_resolver.c
index 72b228f33..9d26e1777 100644
--- a/src/gns/gnunet-service-gns_resolver.c
+++ b/src/gns/gnunet-service-gns_resolver.c
@@ -623,6 +623,19 @@ resolver_lookup_get_next_label (struct GNS_ResolverHandle *rh)
     rp = rh->name;
     rh->name_resolution_pos = 0;
   }
+  else if (('_' == dot[1]) &&
+           ('_' == rh->name[0]) &&
+           (dot == memchr (rh->name, (int) '.', rh->name_resolution_pos)))
+  {
+    /**
+     * Do not advance a label. This seems to be a name only consisting
+     * of a BOX indicator (_443,_tcp).
+     * Which means, it is a BOX under the empty label.
+     * leaving name_resolution_pos as is and returning empty label.
+     */
+    rp = GNUNET_GNS_EMPTY_LABEL_AT;
+    len = strlen (GNUNET_GNS_EMPTY_LABEL_AT);
+  }
   else
   {
     /* advance by one label */
@@ -683,7 +696,7 @@ resolver_lookup_get_next_label (struct GNS_ResolverHandle *rh)
     }
     else
     {
-      rh->service = se->s_port;
+      rh->service = ntohs (se->s_port);
     }
     rh->protocol = pe->p_proto;
     GNUNET_free (proto_name);
@@ -2237,6 +2250,10 @@ handle_gns_resolution_result (void *cls,
             const struct GNUNET_GNSRECORD_BoxRecord *box;
 
             box = rd[i].data;
+            GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                        "Got BOX record, checking if parameters match... %u/%u vs %u/%u\n",
+                        ntohs (box->protocol), ntohs (box->service),
+                        rh->protocol, rh->service);
             if ((ntohs (box->protocol) == rh->protocol) &&
                 (ntohs (box->service) == rh->service))
             {
diff --git a/src/gns/plugin_block_gns.c b/src/gns/plugin_block_gns.c
index fd9c99cb4..ffca16b6f 100644
--- a/src/gns/plugin_block_gns.c
+++ b/src/gns/plugin_block_gns.c
@@ -181,7 +181,7 @@ block_plugin_gns_check_block (void *cls,
                               size_t block_size)
 {
   const struct GNUNET_GNSRECORD_Block *gblock;
-  
+
   if (GNUNET_BLOCK_TYPE_GNS_NAMERECORD != type)
   {
     GNUNET_break (0);
@@ -243,7 +243,7 @@ block_plugin_gns_check_reply (void *cls,
     return GNUNET_BLOCK_REPLY_TYPE_NOT_SUPPORTED;
   }
   GNUNET_assert (reply_block_size >= sizeof(struct GNUNET_GNSRECORD_Block));
-  GNUNET_assert (GNUNET_GNSRECORD_block_get_size (block) > reply_block_size);
+  GNUNET_assert (reply_block_size >= GNUNET_GNSRECORD_block_get_size (block));
   GNUNET_CRYPTO_hash (reply_block,
                       reply_block_size,
                       &chash);
diff --git a/src/gnsrecord/gnsrecord_crypto.c b/src/gnsrecord/gnsrecord_crypto.c
index ff92911de..b5e8be82b 100644
--- a/src/gnsrecord/gnsrecord_crypto.c
+++ b/src/gnsrecord/gnsrecord_crypto.c
@@ -219,7 +219,6 @@ block_create_ecdsa (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
                                                            rd);
   struct GNUNET_GNSRECORD_EcdsaBlock *ecblock;
   struct GNRBlockPS *gnr_block;
-  struct GNUNET_CRYPTO_EcdsaPrivateKey *dkey;
   unsigned char ctr[GNUNET_CRYPTO_AES_KEY_LENGTH / 2];
   unsigned char skey[GNUNET_CRYPTO_AES_KEY_LENGTH];
   struct GNUNET_GNSRECORD_Data rdc[GNUNET_NZL (rd_count)];
@@ -270,11 +269,10 @@ block_create_ecdsa (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
     gnr_block->expiration_time = GNUNET_TIME_absolute_hton (expire);
     ecblock->expiration_time = gnr_block->expiration_time;
     /* encrypt and sign */
-    dkey = GNUNET_CRYPTO_ecdsa_private_key_derive (key,
-                                                   label,
-                                                   "gns");
-    GNUNET_CRYPTO_ecdsa_key_get_public (dkey,
-                                        &ecblock->derived_key);
+    GNUNET_CRYPTO_ecdsa_public_key_derive (pkey,
+                                           label,
+                                           "gns",
+                                           &ecblock->derived_key);
     GNR_derive_block_aes_key (ctr,
                               skey,
                               label,
@@ -289,18 +287,18 @@ block_create_ecdsa (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
     GNUNET_memcpy (&gnr_block[1], &ecblock[1], payload_len);
   }
   if (GNUNET_OK !=
-      GNUNET_CRYPTO_ecdsa_sign_ (dkey,
-                                 &gnr_block->purpose,
-                                 &ecblock->signature))
+      GNUNET_CRYPTO_ecdsa_sign_derived (key,
+                                        label,
+                                        "gns",
+                                        &gnr_block->purpose,
+                                        &ecblock->signature))
   {
     GNUNET_break (0);
     GNUNET_free (*block);
-    GNUNET_free (dkey);
     GNUNET_free (gnr_block);
     return GNUNET_SYSERR;
   }
   GNUNET_free (gnr_block);
-  GNUNET_free (dkey);
   return GNUNET_OK;
 }
 
@@ -344,7 +342,6 @@ block_create_eddsa (const struct GNUNET_CRYPTO_EddsaPrivateKey *key,
                                                            rd);
   struct GNUNET_GNSRECORD_EddsaBlock *edblock;
   struct GNRBlockPS *gnr_block;
-  struct GNUNET_CRYPTO_EddsaPrivateScalar dkey;
   unsigned char nonce[crypto_secretbox_NONCEBYTES];
   unsigned char skey[crypto_secretbox_KEYBYTES];
   struct GNUNET_GNSRECORD_Data rdc[GNUNET_NZL (rd_count)];
@@ -402,12 +399,10 @@ block_create_eddsa (const struct GNUNET_CRYPTO_EddsaPrivateKey *key,
     gnr_block->expiration_time = GNUNET_TIME_absolute_hton (expire);
     edblock->expiration_time = gnr_block->expiration_time;
     /* encrypt and sign */
-    GNUNET_CRYPTO_eddsa_private_key_derive (key,
-                                            label,
-                                            "gns",
-                                            &dkey);
-    GNUNET_CRYPTO_eddsa_key_get_public_from_scalar (&dkey,
-                                                    &edblock->derived_key);
+    GNUNET_CRYPTO_eddsa_public_key_derive (pkey,
+                                           label,
+                                           "gns",
+                                           &edblock->derived_key);
     GNR_derive_block_xsalsa_key (nonce,
                                  skey,
                                  label,
@@ -422,9 +417,11 @@ block_create_eddsa (const struct GNUNET_CRYPTO_EddsaPrivateKey *key,
     GNUNET_memcpy (&gnr_block[1], &edblock[1],
                    payload_len + crypto_secretbox_MACBYTES);
 
-    GNUNET_CRYPTO_eddsa_sign_with_scalar (&dkey,
-                                          &gnr_block->purpose,
-                                          &edblock->signature);
+    GNUNET_CRYPTO_eddsa_sign_derived (key,
+                                      label,
+                                      "gns",
+                                      &gnr_block->purpose,
+                                      &edblock->signature);
   }
   return GNUNET_OK;
 }
diff --git a/src/gnsrecord/gnunet-gnsrecord-tvg.c b/src/gnsrecord/gnunet-gnsrecord-tvg.c
index 87de32066..7fef6f8e7 100644
--- a/src/gnsrecord/gnunet-gnsrecord-tvg.c
+++ b/src/gnsrecord/gnunet-gnsrecord-tvg.c
@@ -96,20 +96,22 @@ static void
 print_record (const struct GNUNET_GNSRECORD_Data *rd)
 {
   uint16_t flags = htons (rd->flags);
-  fprintf (stdout,
-           "EXPIRATION: %" PRIu64 "\n", rd->expiration_time);
-  fprintf (stdout,
-           "DATA_SIZE: %zu\n", rd->data_size);
-  fprintf (stdout,
-           "TYPE: %d\n", rd->record_type);
-  fprintf (stdout,
-           "FLAGS: ");
+  uint64_t abs_nbo = GNUNET_htonll (rd->expiration_time);
+  uint16_t size_nbo = htons (rd->data_size);
+  uint32_t type_nbo = htonl (rd->record_type);
+  printf ("EXPIRATION:\n");
+  print_bytes (&abs_nbo, sizeof (abs_nbo), 8);
+  printf ("\nDATA_SIZE:\n");
+  print_bytes (&size_nbo, sizeof (size_nbo), 8);
+  printf ("\nTYPE:\n");
+  print_bytes(&type_nbo, sizeof (type_nbo), 8);
+  printf ("\nFLAGS: ");
   print_bytes ((void*) &flags, sizeof (flags), 8);
   printf ("\n");
   fprintf (stdout,
            "DATA:\n");
   print_bytes ((char*) rd->data, rd->data_size, 8);
-  fprintf (stdout, "\n");
+  printf ("\n");
 }
 
 
@@ -133,6 +135,7 @@ run_pkey (struct GNUNET_GNSRECORD_Data *rd, int rd_count, const char *label)
   struct GNUNET_IDENTITY_PublicKey pkey_data;
   struct GNUNET_HashCode query;
   char *rdata;
+  char *conv_lbl;
   size_t rdata_size;
   char ztld[128];
   unsigned char ctr[GNUNET_CRYPTO_AES_KEY_LENGTH / 2];
@@ -146,34 +149,37 @@ run_pkey (struct GNUNET_GNSRECORD_Data *rd, int rd_count, const char *label)
 
   GNUNET_IDENTITY_key_get_public (&id_priv,
                                   &id_pub);
-  fprintf (stdout,
-           "Zone private key (d, big-endian):\n");
+  printf ("Zone private key (d, big-endian):\n");
   print_bytes_ (&id_priv.ecdsa_key,
                 sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey), 8, 1);
-  fprintf (stdout, "\n");
-  fprintf (stdout, "Zone identifier (ztype|zkey):\n");
+  printf ("\n");
+  printf ("Zone identifier (ztype|zkey):\n");
   GNUNET_assert (0 < GNUNET_IDENTITY_key_get_length (&id_pub));
   print_bytes (&id_pub, GNUNET_IDENTITY_key_get_length (&id_pub), 8);
   GNUNET_STRINGS_data_to_string (&id_pub,
                                  GNUNET_IDENTITY_key_get_length (&id_pub),
                                  ztld,
                                  sizeof (ztld));
-  fprintf (stdout, "\n");
-  fprintf (stdout, "zTLD:\n");
-  fprintf (stdout, "%s\n", ztld);
-  fprintf (stdout, "\n");
+  printf ("\n");
+  printf ("zTLD:\n");
+  printf ("%s\n", ztld);
+  printf ("\n");
 
   pkey_data_p.type = htonl (GNUNET_GNSRECORD_TYPE_PKEY);
   GNUNET_CRYPTO_ecdsa_key_create (&pkey_data_p.ecdsa_key);
   GNUNET_IDENTITY_key_get_public (&pkey_data_p,
                                   &pkey_data);
-  fprintf (stdout,
-           "Label: %s\nRRCOUNT: %d\n\n", label, rd_count);
+  conv_lbl = GNUNET_GNSRECORD_string_normalize (label);
+  printf ("Label:\n");
+  print_bytes (conv_lbl, strlen (conv_lbl), 8);
+  GNUNET_free (conv_lbl);
+  printf ("\nNumber of records (integer): %d\n\n", rd_count);
 
   for (int i = 0; i < rd_count; i++)
   {
-    fprintf (stdout, "Record #%d\n", i);
+    printf ("Record #%d := (\n", i);
     print_record (&rd[i]);
+    printf (")\n\n");
   }
 
   rdata_size = GNUNET_GNSRECORD_records_get_size (rd_count,
@@ -183,11 +189,11 @@ run_pkey (struct GNUNET_GNSRECORD_Data *rd, int rd_count, const char *label)
                                       rd,
                                       (size_t) rdata_size,
                                       rdata);
-  fprintf (stdout, "RDATA:\n");
+  printf ("RDATA:\n");
   print_bytes (rdata,
                (size_t) rdata_size,
                8);
-  fprintf (stdout, "\n");
+  printf ("\n");
   expire = GNUNET_GNSRECORD_record_get_expiration_time (rd_count, rd,
                                                         GNUNET_TIME_UNIT_ZERO_ABS);
   GNR_derive_block_aes_key (ctr,
@@ -197,18 +203,18 @@ run_pkey (struct GNUNET_GNSRECORD_Data *rd, int rd_count, const char *label)
                               expire).abs_value_us__,
                             &id_pub.ecdsa_key);
 
-  fprintf (stdout, "Encryption NONCE|EXPIRATION|BLOCK COUNTER:\n");
+  printf ("Encryption NONCE|EXPIRATION|BLOCK COUNTER:\n");
   print_bytes (ctr, sizeof (ctr), 8);
-  fprintf (stdout, "\n");
-  fprintf (stdout, "Encryption key (K):\n");
+  printf ("\n");
+  printf ("Encryption key (K):\n");
   print_bytes (skey, sizeof (skey), 8);
-  fprintf (stdout, "\n");
+  printf ("\n");
   GNUNET_GNSRECORD_query_from_public_key (&id_pub,
                                           label,
                                           &query);
-  fprintf (stdout, "Storage key (q):\n");
+  printf ("Storage key (q):\n");
   print_bytes (&query, sizeof (query), 8);
-  fprintf (stdout, "\n");
+  printf ("\n");
   GNUNET_assert (GNUNET_OK == GNUNET_GNSRECORD_block_create (&id_priv,
                                                              expire,
                                                              label,
@@ -219,12 +225,12 @@ run_pkey (struct GNUNET_GNSRECORD_Data *rd, int rd_count, const char *label)
                                                       GNUNET_GNSRECORD_Block);
 
   bdata = (char*) &(&rrblock->ecdsa_block)[1];
-  fprintf (stdout, "BDATA:\n");
+  printf ("BDATA:\n");
   print_bytes (bdata, bdata_size, 8);
-  fprintf (stdout, "\n");
-  fprintf (stdout, "RRBLOCK:\n");
+  printf ("\n");
+  printf ("RRBLOCK:\n");
   print_bytes (rrblock, ntohl (rrblock->size), 8);
-  fprintf (stdout, "\n");
+  printf ("\n");
   GNUNET_free (rdata);
 }
 
@@ -249,6 +255,7 @@ run_edkey (struct GNUNET_GNSRECORD_Data *rd, int rd_count, const char*label)
   struct GNUNET_IDENTITY_PublicKey pkey_data;
   struct GNUNET_HashCode query;
   char *rdata;
+  char *conv_lbl;
   size_t rdata_size;
 
   char ztld[128];
@@ -271,30 +278,35 @@ run_edkey (struct GNUNET_GNSRECORD_Data *rd, int rd_count, const char*label)
            "Zone private key (d):\n");
   print_bytes (&id_priv.eddsa_key, sizeof (struct
                                            GNUNET_CRYPTO_EddsaPrivateKey), 8);
-  fprintf (stdout, "\n");
-  fprintf (stdout, "Zone identifier (ztype|zkey):\n");
+  printf ("\n");
+  printf ("Zone identifier (ztype|zkey):\n");
   GNUNET_assert (0 < GNUNET_IDENTITY_key_get_length (&id_pub));
   print_bytes (&id_pub, GNUNET_IDENTITY_key_get_length (&id_pub), 8);
   GNUNET_STRINGS_data_to_string (&id_pub,
                                  GNUNET_IDENTITY_key_get_length (&id_pub),
                                  ztld,
                                  sizeof (ztld));
-  fprintf (stdout, "\n");
-  fprintf (stdout, "zTLD:\n");
-  fprintf (stdout, "%s\n", ztld);
-  fprintf (stdout, "\n");
+  printf ("\n");
+  printf ("zTLD:\n");
+  printf ("%s\n", ztld);
+  printf ("\n");
 
   pkey_data_p.type = htonl (GNUNET_GNSRECORD_TYPE_EDKEY);
   GNUNET_CRYPTO_eddsa_key_create (&pkey_data_p.eddsa_key);
   GNUNET_IDENTITY_key_get_public (&pkey_data_p,
                                   &pkey_data);
+  conv_lbl = GNUNET_GNSRECORD_string_normalize (label);
+  printf ("Label:\n");
+  print_bytes (conv_lbl, strlen (conv_lbl), 8);
+  GNUNET_free (conv_lbl);
   fprintf (stdout,
-           "Label: %s\nRRCOUNT: %d\n\n", label, rd_count);
+           "\nNumber of records (integer): %d\n\n", rd_count);
 
   for (int i = 0; i < rd_count; i++)
   {
-    fprintf (stdout, "Record #%d\n", i);
+    printf ("Record #%d := (\n", i);
     print_record (&rd[i]);
+    printf (")\n\n");
   }
 
   rdata_size = GNUNET_GNSRECORD_records_get_size (rd_count,
@@ -308,29 +320,29 @@ run_edkey (struct GNUNET_GNSRECORD_Data *rd, int rd_count, const char*label)
                                       rd,
                                       (size_t) rdata_size,
                                       rdata);
-  fprintf (stdout, "RDATA:\n");
+  printf ("RDATA:\n");
   print_bytes (rdata,
                (size_t) rdata_size,
                8);
-  fprintf (stdout, "\n");
+  printf ("\n");
   GNR_derive_block_xsalsa_key (nonce,
                                skey,
                                label,
                                GNUNET_TIME_absolute_hton (
                                  expire).abs_value_us__,
                                &id_pub.eddsa_key);
-  fprintf (stdout, "Encryption NONCE|EXPIRATION:\n");
+  printf ("Encryption NONCE|EXPIRATION:\n");
   print_bytes (nonce, sizeof (nonce), 8);
-  fprintf (stdout, "\n");
-  fprintf (stdout, "Encryption key (K):\n");
+  printf ("\n");
+  printf ("Encryption key (K):\n");
   print_bytes (skey, sizeof (skey), 8);
-  fprintf (stdout, "\n");
+  printf ("\n");
   GNUNET_GNSRECORD_query_from_public_key (&id_pub,
                                           label,
                                           &query);
-  fprintf (stdout, "Storage key (q):\n");
+  printf ("Storage key (q):\n");
   print_bytes (&query, sizeof (query), 8);
-  fprintf (stdout, "\n");
+  printf ("\n");
 
   GNUNET_assert (GNUNET_OK ==  GNUNET_GNSRECORD_block_create (&id_priv,
                                                               expire,
@@ -342,12 +354,12 @@ run_edkey (struct GNUNET_GNSRECORD_Data *rd, int rd_count, const char*label)
                                                       GNUNET_GNSRECORD_Block);
 
   bdata = (char*) &(&rrblock->eddsa_block)[1];
-  fprintf (stdout, "BDATA:\n");
+  printf ("BDATA:\n");
   print_bytes (bdata, bdata_size, 8);
-  fprintf (stdout, "\n");
-  fprintf (stdout, "RRBLOCK:\n");
+  printf ("\n");
+  printf ("RRBLOCK:\n");
   print_bytes (rrblock, ntohl (rrblock->size), 8);
-  fprintf (stdout, "\n");
+  printf ("\n");
   GNUNET_free (rdata);
 }
 
@@ -424,9 +436,9 @@ run (void *cls,
                 | GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION;
 
   run_pkey (&rd_pkey, 1, "testdelegation");
-  run_pkey (rd, 3, "namesystem");
+  run_pkey (rd, 3, "\u5929\u4e0b\u7121\u6575");
   run_edkey (&rd_pkey, 1, "testdelegation");
-  run_edkey (rd, 3, "namesystem");
+  run_edkey (rd, 3, "\u5929\u4e0b\u7121\u6575");
 }
 
 
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h
index 72d783148..582a58861 100644
--- a/src/include/gnunet_crypto_lib.h
+++ b/src/include/gnunet_crypto_lib.h
@@ -287,6 +287,59 @@ struct GNUNET_CRYPTO_EddsaPrivateScalar
   unsigned char s[512 / 8];
 };
 
+/**
+ * Private ECC key material encoded for transmission.  To be used only for
+ * Edx25519 signatures.  An inital key corresponds to data from the key
+ * expansion and clamping in the EdDSA key generation.
+ */
+struct GNUNET_CRYPTO_Edx25519PrivateKey
+{
+  /**
+   * a is a value mod n, where n has at most 256 bits.  It is the first half of
+   * the seed-expansion of EdDSA and will be clamped.
+   */
+  unsigned char a[256 / 8];
+
+  /**
+   * b consists of 32 bytes which where originally the lower 32bytes of the key
+   * expansion.  Subsequent calls to derive_private will change this value, too.
+   */
+  unsigned char b[256 / 8];
+};
+
+
+/**
+ * Public ECC key (always for curve Ed25519) encoded in a format suitable for
+ * network transmission and Edx25519 (same as EdDSA) signatures.  Refer to
+ * section 5.1.3 of rfc8032, for a thorough explanation of how this value maps
+ * to the x- and y-coordinates.
+ */
+struct GNUNET_CRYPTO_Edx25519PublicKey
+{
+  /**
+   * Point Q consists of a y-value mod p (256 bits); the x-value is
+   * always positive. The point is stored in Ed25519 standard
+   * compact format.
+   */
+  unsigned char q_y[256 / 8];
+};
+
+/**
+ * @brief an ECC signature using Edx25519 (same as in EdDSA).
+ */
+struct GNUNET_CRYPTO_Edx25519Signature
+{
+  /**
+   * R value.
+   */
+  unsigned char r[256 / 8];
+
+  /**
+   * S value.
+   */
+  unsigned char s[256 / 8];
+};
+
 
 /**
  * @brief type for session keys
@@ -1279,6 +1332,17 @@ GNUNET_CRYPTO_eddsa_key_get_public (
   const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
   struct GNUNET_CRYPTO_EddsaPublicKey *pub);
 
+/**
+ * @ingroup crypto
+ * Extract the public key for the given private key.
+ *
+ * @param priv the private key
+ * @param pub where to write the public key
+ */
+void
+GNUNET_CRYPTO_edx25519_key_get_public (
+  const struct GNUNET_CRYPTO_Edx25519PrivateKey *priv,
+  struct GNUNET_CRYPTO_Edx25519PublicKey *pub);
 
 /**
  * @ingroup crypto
@@ -1465,6 +1529,30 @@ GNUNET_CRYPTO_eddsa_key_create (struct GNUNET_CRYPTO_EddsaPrivateKey *pk);
 
 /**
  * @ingroup crypto
+ * Create a new private key.
+ *
+ * @param[out] pk private key to initialize
+ */
+void
+GNUNET_CRYPTO_edx25519_key_create (struct GNUNET_CRYPTO_Edx25519PrivateKey *pk);
+
+/**
+ * @ingroup crypto
+ * Create a new private key for Edx25519 from a given seed.  After expanding
+ * the seed, the first half of the key will be clamped according to EdDSA.
+ *
+ * @param seed seed input
+ * @param seedsize size of the seed in bytes
+ * @param[out] pk private key to initialize
+ */
+void
+GNUNET_CRYPTO_edx25519_key_create_from_seed (
+  const void *seed,
+  size_t seedsize,
+  struct GNUNET_CRYPTO_Edx25519PrivateKey *pk);
+
+/**
+ * @ingroup crypto
  * Create a new private key.  Clear with #GNUNET_CRYPTO_ecdhe_key_clear().
  *
  * @param[out] pk set to fresh private key;
@@ -1492,6 +1580,14 @@ GNUNET_CRYPTO_eddsa_key_clear (struct GNUNET_CRYPTO_EddsaPrivateKey *pk);
 void
 GNUNET_CRYPTO_ecdsa_key_clear (struct GNUNET_CRYPTO_EcdsaPrivateKey *pk);
 
+/**
+ * @ingroup crypto
+ * Clear memory that was used to store a private key.
+ *
+ * @param pk location of the key
+ */
+void
+GNUNET_CRYPTO_edx25519_key_clear (struct GNUNET_CRYPTO_Edx25519PrivateKey *pk);
 
 /**
  * @ingroup crypto
@@ -1874,6 +1970,53 @@ GNUNET_CRYPTO_ecdsa_sign_ (
                                               sig));               \
 } while (0)
 
+/**
+ * @ingroup crypto
+ * @brief Edx25519 sign a given block.
+ *
+ * The @a purpose data is the beginning of the data of which the signature is
+ * to be created. The `size` field in @a purpose must correctly indicate the
+ * number of bytes of the data structure, including its header.  If possible,
+ * use #GNUNET_CRYPTO_edx25519_sign() instead of this function (only if @a
+ * validate is not fixed-size, you must use this function directly).
+ *
+ * @param priv private key to use for the signing
+ * @param purpose what to sign (size, purpose)
+ * @param[out] sig where to write the signature
+ * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
+ */
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_edx25519_sign_ (
+  const struct GNUNET_CRYPTO_Edx25519PrivateKey *priv,
+  const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
+  struct GNUNET_CRYPTO_Edx25519Signature *sig);
+
+
+/**
+ * @ingroup crypto
+ * @brief Edx25519 sign a given block.  The resulting signature is compatible
+ * with EdDSA.
+ *
+ * The @a ps data must be a fixed-size struct for which the signature is to be
+ * created. The `size` field in @a ps->purpose must correctly indicate the
+ * number of bytes of the data structure, including its header.
+ *
+ * @param priv private key to use for the signing
+ * @param ps packed struct with what to sign, MUST begin with a purpose
+ * @param[out] sig where to write the signature
+ */
+#define GNUNET_CRYPTO_edx25519_sign(priv,ps,sig) do {              \
+    /* check size is set correctly */                              \
+    GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps)));  \
+    /* check 'ps' begins with the purpose */                       \
+    GNUNET_static_assert (((void*) (ps)) ==                        \
+                          ((void*) &(ps)->purpose));               \
+    GNUNET_assert (GNUNET_OK ==                                    \
+                   GNUNET_CRYPTO_edx25519_sign_ (priv,             \
+                                                 &(ps)->purpose,   \
+                                                 sig));            \
+} while (0)
+
 
 /**
  * @ingroup crypto
@@ -1917,7 +2060,7 @@ GNUNET_CRYPTO_eddsa_verify_ (
  */
 #define GNUNET_CRYPTO_eddsa_verify(purp,ps,sig,pub) ({             \
     /* check size is set correctly */                              \
-    GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps))); \
+    GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps)));  \
     /* check 'ps' begins with the purpose */                       \
     GNUNET_static_assert (((void*) (ps)) ==                        \
                           ((void*) &(ps)->purpose));               \
@@ -1927,7 +2070,6 @@ GNUNET_CRYPTO_eddsa_verify_ (
                                  pub);                             \
   })
 
-
 /**
  * @ingroup crypto
  * @brief Verify ECDSA signature.
@@ -1982,6 +2124,58 @@ GNUNET_CRYPTO_ecdsa_verify_ (
 
 /**
  * @ingroup crypto
+ * @brief Verify Edx25519 signature.
+ *
+ * The @a validate data is the beginning of the data of which the signature
+ * is to be verified. The `size` field in @a validate must correctly indicate
+ * the number of bytes of the data structure, including its header.  If @a
+ * purpose does not match the purpose given in @a validate (the latter must be
+ * in big endian), signature verification fails.  If possible, use
+ * #GNUNET_CRYPTO_edx25519_verify() instead of this function (only if @a
+ * validate is not fixed-size, you must use this function directly).
+ *
+ * @param purpose what is the purpose that the signature should have?
+ * @param validate block to validate (size, purpose, data)
+ * @param sig signature that is being validated
+ * @param pub public key of the signer
+ * @returns #GNUNET_OK if ok, #GNUNET_SYSERR if invalid
+ */
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_edx25519_verify_ (
+  uint32_t purpose,
+  const struct GNUNET_CRYPTO_EccSignaturePurpose *validate,
+  const struct GNUNET_CRYPTO_Edx25519Signature *sig,
+  const struct GNUNET_CRYPTO_Edx25519PublicKey *pub);
+
+
+/**
+ * @ingroup crypto
+ * @brief Verify Edx25519 signature.
+ *
+ * The @a ps data must be a fixed-size struct for which the signature is to be
+ * created. The `size` field in @a ps->purpose must correctly indicate the
+ * number of bytes of the data structure, including its header.
+ *
+ * @param purp purpose of the signature, must match 'ps->purpose.purpose'
+ *              (except in host byte order)
+ * @param priv private key to use for the signing
+ * @param ps packed struct with what to sign, MUST begin with a purpose
+ * @param sig where to write the signature
+ */
+#define GNUNET_CRYPTO_edx25519_verify(purp,ps,sig,pub) ({         \
+    /* check size is set correctly */                             \
+    GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps))); \
+    /* check 'ps' begins with the purpose */                      \
+    GNUNET_static_assert (((void*) (ps)) ==                       \
+                          ((void*) &(ps)->purpose));              \
+    GNUNET_CRYPTO_edx25519_verify_ (purp,                         \
+                                    &(ps)->purpose,               \
+                                    sig,                          \
+                                    pub);                         \
+  })
+
+/**
+ * @ingroup crypto
  * Derive a private key from a given private key and a label.
  * Essentially calculates a private key 'h = H(l,P) * d mod n'
  * where n is the size of the ECC group and P is the public
@@ -2018,6 +2212,26 @@ GNUNET_CRYPTO_ecdsa_public_key_derive (
   const char *context,
   struct GNUNET_CRYPTO_EcdsaPublicKey *result);
 
+/**
+ * This is a signature function for ECDSA which takes a
+ * private key, derives/blinds it and signs the message.
+ *
+ * @param pkey original private key
+ * @param label label to use for key deriviation
+ * @param context additional context to use for HKDF of 'h';
+ *        typically the name of the subsystem/application
+ * @param purp the signature purpose
+ * @param sig the resulting signature
+ * @return GNUNET_OK on success
+ */
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_ecdsa_sign_derived (
+  const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey,
+  const char *label,
+  const char *context,
+  const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
+  struct GNUNET_CRYPTO_EcdsaSignature *sig);
+
 
 /**
  * @ingroup crypto
@@ -2063,23 +2277,23 @@ GNUNET_CRYPTO_eddsa_public_key_derive (
 
 
 /**
- * This is a signature function for EdDSA which takes the
- * secret scalar sk instead of the private seed which is
- * usually the case for crypto APIs. We require this functionality
- * in order to use derived private keys for signatures we
- * cannot calculate the inverse of a sk to find the seed
- * efficiently.
+ * This is a signature function for EdDSA which takes a
+ * private key and derives it using the label and context
+ * before signing.
  *
- * The resulting signature is a standard EdDSA signature
- * which can be verified using the usual APIs.
- *
- * @param sk the secret scalar
+ * @param pkey original private key
+ * @param label label to use for key deriviation
+ * @param context additional context to use for HKDF of 'h';
+ *        typically the name of the subsystem/application
  * @param purp the signature purpose
  * @param sig the resulting signature
+ * @return GNUNET_OK on success
  */
-void
-GNUNET_CRYPTO_eddsa_sign_with_scalar (
-  const struct GNUNET_CRYPTO_EddsaPrivateScalar *priv,
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_eddsa_sign_derived (
+  const struct GNUNET_CRYPTO_EddsaPrivateKey *pkey,
+  const char *label,
+  const char *context,
   const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
   struct GNUNET_CRYPTO_EddsaSignature *sig);
 
@@ -2095,6 +2309,43 @@ GNUNET_CRYPTO_eddsa_key_get_public_from_scalar (
   const struct GNUNET_CRYPTO_EddsaPrivateScalar *s,
   struct GNUNET_CRYPTO_EddsaPublicKey *pkey);
 
+/**
+ * @ingroup crypto
+ * Derive a private scalar from a given private key and a label.
+ * Essentially calculates a private key 'h = H(l,P) * d mod n'
+ * where n is the size of the ECC group and P is the public
+ * key associated with the private key 'd'.
+ *
+ * @param priv original private key
+ * @param seed input seed
+ * @param seedsize size of the seed
+ * @param result derived private key
+ */
+void
+GNUNET_CRYPTO_edx25519_private_key_derive (
+  const struct GNUNET_CRYPTO_Edx25519PrivateKey *priv,
+  const void *seed,
+  size_t seedsize,
+  struct GNUNET_CRYPTO_Edx25519PrivateKey *result);
+
+
+/**
+ * @ingroup crypto
+ * Derive a public key from a given public key and a label.
+ * Essentially calculates a public key 'V = H(l,P) * P'.
+ *
+ * @param pub original public key
+ * @param seed input seed
+ * @param seedsize size of the seed
+ * @param result where to write the derived public key
+ */
+void
+GNUNET_CRYPTO_edx25519_public_key_derive (
+  const struct GNUNET_CRYPTO_Edx25519PublicKey *pub,
+  const void *seed,
+  size_t seedsize,
+  struct GNUNET_CRYPTO_Edx25519PublicKey *result);
+
 
 /**
  * Output the given MPI value to the given buffer in network
diff --git a/src/include/gnunet_messenger_service.h b/src/include/gnunet_messenger_service.h
index 96d48b411..f8bbc7398 100644
--- a/src/include/gnunet_messenger_service.h
+++ b/src/include/gnunet_messenger_service.h
@@ -1,6 +1,6 @@
 /*
    This file is part of GNUnet.
-   Copyright (C) 2020--2021 GNUnet e.V.
+   Copyright (C) 2020--2022 GNUnet e.V.
 
    GNUnet is free software: you can redistribute it and/or modify it
    under the terms of the GNU Affero General Public License as published
@@ -96,6 +96,27 @@ struct GNUNET_MESSENGER_RoomEntryRecord
 
 GNUNET_NETWORK_STRUCT_END
 
+GNUNET_NETWORK_STRUCT_BEGIN
+
+/**
+ * A room details record specifies a custom name for a given room and
+ * some additional space for flags.
+ */
+struct GNUNET_MESSENGER_RoomDetailsRecord
+{
+  /**
+   * The custom name for the room.
+   */
+  char name [256];
+
+  /**
+   * The flags of the room.
+   */
+  uint32_t flags;
+};
+
+GNUNET_NETWORK_STRUCT_END
+
 /**
  * Enum for the different supported kinds of messages
  */
diff --git a/src/include/gnunet_namestore_plugin.h b/src/include/gnunet_namestore_plugin.h
index 9cc8abc6e..3dca5a853 100644
--- a/src/include/gnunet_namestore_plugin.h
+++ b/src/include/gnunet_namestore_plugin.h
@@ -150,6 +150,71 @@ struct GNUNET_NAMESTORE_PluginFunctions
                    const struct GNUNET_IDENTITY_PublicKey *value_zone,
                    GNUNET_NAMESTORE_RecordIterator iter,
                    void *iter_cls);
+
+  /** Transaction-based API draft **/
+
+  /**
+   * Start a transaction in the database
+   *
+   * @param cls closure (internal context for the plugin)
+   * @return #GNUNET_OK on success, #GNUNET_NO if there were no results, #GNUNET_SYSERR on error
+   */
+  enum GNUNET_GenericReturnValue
+  (*transaction_begin) (void *cls);
+
+  /**
+   * Abort a transaction in the database
+   *
+   * @param cls closure (internal context for the plugin)
+   * @return #GNUNET_OK on success, #GNUNET_NO if there were no results, #GNUNET_SYSERR on error
+   */
+  enum GNUNET_GenericReturnValue
+  (*transaction_abort) (void *cls);
+
+  /**
+   * Commit a transaction in the database
+   *
+   * @param cls closure (internal context for the plugin)
+   * @return #GNUNET_OK on success, #GNUNET_NO if there were no results, #GNUNET_SYSERR on error
+   */
+  enum GNUNET_GenericReturnValue
+  (*transaction_commit) (void *cls);
+
+  /**
+   * Replace a record in the datastore for which we are the authority.
+   * Removes any existing record in the same zone with the same name.
+   *
+   * @param cls closure (internal context for the plugin)
+   * @param zone private key of the zone
+   * @param label name of the record in the zone
+   * @param rd_count number of entries in @a rd array, 0 to delete all records
+   * @param rd array of records with data to store
+   * @return #GNUNET_OK on success, else #GNUNET_SYSERR
+   */
+  int
+  (*replace_records) (void *cls,
+                    const struct GNUNET_IDENTITY_PrivateKey *zone,
+                    const char *label,
+                    unsigned int rd_count,
+                    const struct GNUNET_GNSRECORD_Data *rd);
+
+  /**
+   * Lookup records in the datastore for which we are the authority.
+   *
+   * @param cls closure (internal context for the plugin)
+   * @param zone private key of the zone
+   * @param label name of the record in the zone
+   * @param iter function to call with the result
+   * @param iter_cls closure for @a iter
+   * @return #GNUNET_OK on success, #GNUNET_NO for no results, else #GNUNET_SYSERR
+   */
+  int
+  (*select_records) (void *cls,
+                     const struct GNUNET_IDENTITY_PrivateKey *zone,
+                     const char *label,
+                     GNUNET_NAMESTORE_RecordIterator iter,
+                     void *iter_cls);
+
 };
 
 
diff --git a/src/include/gnunet_namestore_service.h b/src/include/gnunet_namestore_service.h
index 619b81aed..86572803f 100644
--- a/src/include/gnunet_namestore_service.h
+++ b/src/include/gnunet_namestore_service.h
@@ -212,61 +212,6 @@ GNUNET_NAMESTORE_records_lookup (struct GNUNET_NAMESTORE_Handle *h,
 
 
 /**
- * Open a record set for editing.
- * Retrieves an exclusive lock on this set.
- * Must be commited using @a GNUNET_NAMESTORE_records_commit
- *
- * @param h handle to the namestore
- * @param pkey private key of the zone
- * @param label name that is being mapped
- * @param error_cb function to call on error (i.e. disconnect or unable to get lock)
- *        the handle is afterwards invalid
- * @param error_cb_cls closure for @a error_cb
- * @param rm function to call with the result (with 0 records if we don't have that label)
- * @param rm_cls closure for @a rm
- * @return handle to abort the request
- */
-struct GNUNET_NAMESTORE_QueueEntry *
-GNUNET_NAMESTORE_records_open (struct GNUNET_NAMESTORE_Handle *h,
-                               const struct
-                               GNUNET_IDENTITY_PrivateKey *pkey,
-                               const char *label,
-                               GNUNET_SCHEDULER_TaskCallback error_cb,
-                               void *error_cb_cls,
-                               GNUNET_NAMESTORE_RecordMonitor rm,
-                               void *rm_cls);
-
-/**
- * Commit the record set to the namestore.
- * Releases the lock on the record set.
- * Use an empty array to
- * remove all records under the given name.
- *
- * The continuation is called after the value has been stored in the
- * database. Monitors may be notified asynchronously (basically with
- * a buffer). However, if any monitor is consistently too slow to
- * keep up with the changes, calling @a cont will be delayed until the
- * monitors do keep up.
- *
- * @param h handle to the namestore
- * @param pkey private key of the zone
- * @param label name that is being mapped
- * @param rd_count number of records in the 'rd' array
- * @param rd array of records with data to store
- * @param cont continuation to call when done
- * @param cont_cls closure for @a cont
- * @return handle to abort the request
- */
-struct GNUNET_NAMESTORE_QueueEntry *
-GNUNET_NAMESTORE_records_commit (struct GNUNET_NAMESTORE_Handle *h,
-                                 const struct GNUNET_IDENTITY_PrivateKey *pkey,
-                                 const char *label,
-                                 unsigned int rd_count,
-                                 const struct GNUNET_GNSRECORD_Data *rd,
-                                 GNUNET_NAMESTORE_ContinuationWithStatus cont,
-                                 void *cont_cls);
-
-/**
  * Look for an existing PKEY delegation record for a given public key.
  * Returns at most one result to the processor.
  *
@@ -448,6 +393,107 @@ void
 GNUNET_NAMESTORE_zone_monitor_stop (struct GNUNET_NAMESTORE_ZoneMonitor *zm);
 
 
+/**
+ * New API draft. Experimental
+ */
+
+/**
+ * Begin a namestore transaction.
+ *
+ * @param h handle to the namestore
+ * @param error_cb function to call on error (i.e. disconnect or unable to get lock)
+ *        the handle is afterwards invalid
+ * @param error_cb_cls closure for @a error_cb
+ * @return handle to abort the request
+ */
+struct GNUNET_NAMESTORE_QueueEntry *
+GNUNET_NAMESTORE_transaction_begin (struct GNUNET_NAMESTORE_Handle *h,
+                                    GNUNET_SCHEDULER_TaskCallback error_cb,
+                                    void *error_cb_cls);
+
+/**
+ * Begin rollback all actions in a transaction.
+ * Reverts all actions performed since #GNUNET_NAMESTORE_transaction_begin
+ *
+ * @param h handle to the namestore
+ * @param error_cb function to call on error (i.e. disconnect or unable to get lock)
+ *        the handle is afterwards invalid
+ * @param error_cb_cls closure for @a error_cb
+ * @return handle to abort the request
+ */
+struct GNUNET_NAMESTORE_QueueEntry *
+GNUNET_NAMESTORE_transaction_abort (struct GNUNET_NAMESTORE_Handle *h,
+                                    GNUNET_SCHEDULER_TaskCallback error_cb,
+                                    void *error_cb_cls);
+/**
+ * Commit a namestore transaction.
+ * Saves all actions performed since #GNUNET_NAMESTORE_transaction_begin
+ *
+ * @param h handle to the namestore
+ * @param error_cb function to call on error (i.e. disconnect or unable to get lock)
+ *        the handle is afterwards invalid
+ * @param error_cb_cls closure for @a error_cb
+ * @return handle to abort the request
+ */
+struct GNUNET_NAMESTORE_QueueEntry *
+GNUNET_NAMESTORE_transaction_commit (struct GNUNET_NAMESTORE_Handle *h,
+                                     GNUNET_SCHEDULER_TaskCallback error_cb,
+                                     void *error_cb_cls);
+
+/**
+ * Lookup an item in the namestore.
+ *
+ * @param h handle to the namestore
+ * @param pkey private key of the zone
+ * @param label name that is being mapped
+ * @param error_cb function to call on error (i.e. disconnect)
+ *        the handle is afterwards invalid
+ * @param error_cb_cls closure for @a error_cb
+ * @param rm function to call with the result (with 0 records if we don't have that label);
+ *        the handle is afterwards invalid
+ * @param rm_cls closure for @a rm
+ * @return handle to abort the request
+ */
+struct GNUNET_NAMESTORE_QueueEntry *
+GNUNET_NAMESTORE_records_select (struct GNUNET_NAMESTORE_Handle *h,
+                                 const struct
+                                 GNUNET_IDENTITY_PrivateKey *pkey,
+                                 const char *label,
+                                 GNUNET_SCHEDULER_TaskCallback error_cb,
+                                 void *error_cb_cls,
+                                 GNUNET_NAMESTORE_RecordMonitor rm,
+                                 void *rm_cls);
+
+
+/**
+ * Creates, deletes or updates an item in the namestore.
+ * If the item is already present, it is replaced with the new record set.
+ * Use an empty array to remove all records under the given name.
+ *
+ * The continuation is called after the value has been stored in the
+ * database. Monitors may be notified asynchronously (basically with
+ * a buffer). However, if any monitor is consistently too slow to
+ * keep up with the changes, calling @a cont will be delayed until the
+ * monitors do keep up.
+ *
+ * @param h handle to the namestore
+ * @param pkey private key of the zone
+ * @param label name that is being mapped
+ * @param rd_count number of records in the 'rd' array
+ * @param rd array of records with data to store
+ * @param cont continuation to call when done
+ * @param cont_cls closure for @a cont
+ * @return handle to abort the request
+ */
+struct GNUNET_NAMESTORE_QueueEntry *
+GNUNET_NAMESTORE_records_replace (struct GNUNET_NAMESTORE_Handle *h,
+                                  const struct GNUNET_IDENTITY_PrivateKey *pkey,
+                                  const char *label,
+                                  unsigned int rd_count,
+                                  const struct GNUNET_GNSRECORD_Data *rd,
+                                  GNUNET_NAMESTORE_ContinuationWithStatus cont,
+                                  void *cont_cls);
+
 #if 0                           /* keep Emacsens' auto-indent happy */
 {
 #endif
diff --git a/src/include/gnunet_time_lib.h b/src/include/gnunet_time_lib.h
index 96413c3cc..d59eb984d 100644
--- a/src/include/gnunet_time_lib.h
+++ b/src/include/gnunet_time_lib.h
@@ -1,6 +1,6 @@
 /*
      This file is part of GNUnet.
-     Copyright (C) 2001-2013 GNUnet e.V.
+     Copyright (C) 2001-2022 GNUnet e.V.
 
      GNUnet is free software: you can redistribute it and/or modify it
      under the terms of the GNU Affero General Public License as published
@@ -482,6 +482,18 @@ GNUNET_TIME_absolute_max (struct GNUNET_TIME_Absolute t1,
 
 
 /**
+ * Round down absolute time @a at to multiple of @a rt.
+ *
+ * @param at absolute time to round
+ * @param rt multiple to round to (non-zero)
+ * @return rounded time
+ */
+struct GNUNET_TIME_Absolute
+GNUNET_TIME_absolute_round_down (struct GNUNET_TIME_Absolute at,
+                                 struct GNUNET_TIME_Relative rt);
+
+
+/**
  * Return the maximum of two timestamps.
  *
  * @param t1 first timestamp
@@ -517,6 +529,21 @@ GNUNET_TIME_absolute_get_remaining (struct GNUNET_TIME_Absolute future);
 
 
 /**
+ * Test if @a a1 and @a a2 are equal within a margin of
+ * error of @a t.
+ *
+ * @param a1 time to compare
+ * @param a2 time to compare
+ * @param t tolerance to apply
+ * @return true if "|a1-a2|<=t" holds.
+ */
+bool
+GNUNET_TIME_absolute_approx_eq (struct GNUNET_TIME_Absolute a1,
+                                struct GNUNET_TIME_Absolute a2,
+                                struct GNUNET_TIME_Relative t);
+
+
+/**
  * Calculate the estimate time of arrival/completion
  * for an operation.
  *
diff --git a/src/messenger/plugin_gnsrecord_messenger.c b/src/messenger/plugin_gnsrecord_messenger.c
index 2219f0bde..e09a0330d 100644
--- a/src/messenger/plugin_gnsrecord_messenger.c
+++ b/src/messenger/plugin_gnsrecord_messenger.c
@@ -1,6 +1,6 @@
 /*
    This file is part of GNUnet.
-   Copyright (C) 2021 GNUnet e.V.
+   Copyright (C) 2021--2022 GNUnet e.V.
 
    GNUnet is free software: you can redistribute it and/or modify it
    under the terms of the GNU Affero General Public License as published
@@ -63,12 +63,30 @@ messenger_value_to_string (void *cls,
       char *key = GNUNET_STRINGS_data_to_string_alloc (&(record->key), sizeof(struct GNUNET_HashCode));
 
       char *ret;
-      GNUNET_asprintf (&ret, "%s-%s", door, key);
+      GNUNET_asprintf (&ret, "%s-%s", key, door);
       GNUNET_free (key);
       GNUNET_free (door);
       return ret;
     }
+  case GNUNET_GNSRECORD_TYPE_MESSENGER_ROOM_DETAILS:
+    {
+      if (data_size != sizeof(struct GNUNET_MESSENGER_RoomDetailsRecord))
+      {
+        GNUNET_break_op (0);
+        return NULL;
+      }
+
+      const struct GNUNET_MESSENGER_RoomDetailsRecord *record = data;
 
+      char *name = GNUNET_strndup(record->name, 256);
+      char *flags = GNUNET_STRINGS_data_to_string_alloc (&(record->flags), sizeof(uint32_t));
+
+      char *ret;
+      GNUNET_asprintf (&ret, "%s-%s", flags, name);
+      GNUNET_free (flags);
+      GNUNET_free (name);
+      return ret;
+    }
   default:
     return NULL;
   }
@@ -141,7 +159,43 @@ messenger_string_to_value (void *cls,
       *data_size = sizeof(struct GNUNET_MESSENGER_RoomEntryRecord);
       return GNUNET_OK;
     }
+  case GNUNET_GNSRECORD_TYPE_MESSENGER_ROOM_DETAILS:
+    {
+      char flags [7];
+      const char *dash;
+
+      if ((NULL == (dash = strchr (s, '-'))) ||
+          (1 != sscanf (s, "%7s-", flags)) ||
+          (strlen (dash + 1) > 256))
+      {
+        GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                    _ ("Unable to parse MESSENGER_ROOM_DETAILS record `%s'\n"),
+                    s);
+        return GNUNET_SYSERR;
+      }
+
+      struct GNUNET_MESSENGER_RoomDetailsRecord *record = GNUNET_new (
+          struct GNUNET_MESSENGER_RoomDetailsRecord
+      );
+
+      if (GNUNET_OK != GNUNET_STRINGS_string_to_data (flags,
+                                                      strlen (flags),
+                                                      &(record->flags),
+                                                      sizeof(uint32_t)))
+      {
+        GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                    _ ("Unable to parse MESSENGER_ROOM_DETAILS record `%s'\n"),
+                    s);
+        GNUNET_free (record);
+        return GNUNET_SYSERR;
+      }
 
+      GNUNET_memcpy(record->name, dash + 1, strlen(dash + 1));
+
+      *data = record;
+      *data_size = sizeof(struct GNUNET_MESSENGER_RoomDetailsRecord);
+      return GNUNET_OK;
+    }
   default:
     return GNUNET_SYSERR;
   }
@@ -158,6 +212,7 @@ static struct
   uint32_t number;
 } name_map[] = {
   { "MESSENGER_ROOM_ENTRY", GNUNET_GNSRECORD_TYPE_MESSENGER_ROOM_ENTRY },
+  { "MESSENGER_ROOM_DETAILS", GNUNET_GNSRECORD_TYPE_MESSENGER_ROOM_DETAILS },
   { NULL, UINT32_MAX }
 };
 
diff --git a/src/namestore/Makefile.am b/src/namestore/Makefile.am
index 2441b864a..51708dd67 100644
--- a/src/namestore/Makefile.am
+++ b/src/namestore/Makefile.am
@@ -39,7 +39,6 @@ if HAVE_SQLITE
 SQLITE_PLUGIN = libgnunet_plugin_namestore_sqlite.la
 SQLITE_TESTS = test_plugin_namestore_sqlite \
  test_namestore_api_store_sqlite \
- test_namestore_api_store_locking_sqlite \
  test_namestore_api_store_update_sqlite \
  test_namestore_api_zone_iteration_sqlite \
  test_namestore_api_remove_sqlite \
@@ -250,16 +249,6 @@ test_namestore_api_store_sqlite_LDADD = \
   $(top_builddir)/src/identity/libgnunetidentity.la \
   libgnunetnamestore.la
 
-test_namestore_api_store_locking_sqlite_SOURCES = \
- test_namestore_api_store_locking.c
-test_namestore_api_store_locking_sqlite_LDADD = \
-  $(top_builddir)/src/testing/libgnunettesting.la \
-  $(top_builddir)/src/util/libgnunetutil.la \
-  $(top_builddir)/src/gnsrecord/libgnunetgnsrecord.la \
-  $(top_builddir)/src/identity/libgnunetidentity.la \
-  libgnunetnamestore.la
-
-
 test_namestore_api_store_postgres_SOURCES = \
  test_namestore_api_store.c
 test_namestore_api_store_postgres_LDADD = \
diff --git a/src/namestore/gnunet-service-namestore.c b/src/namestore/gnunet-service-namestore.c
index d735822fb..95260ff9c 100644
--- a/src/namestore/gnunet-service-namestore.c
+++ b/src/namestore/gnunet-service-namestore.c
@@ -122,24 +122,6 @@ struct ZoneIteration
 };
 
 /**
- * Lock on a record set
- */
-struct RecordsLock
-{
-  /* DLL */
-  struct RecordsLock *prev;
-
-  /* DLL */
-  struct RecordsLock *next;
-
-  /* Hash of the locked label */
-  struct GNUNET_HashCode label_hash;
-
-  /* Client locking the zone */
-  struct NamestoreClient *client;
-};
-
-/**
  * A namestore client
  */
 struct NamestoreClient
@@ -411,16 +393,6 @@ static struct StoreActivity *sa_head;
 static struct StoreActivity *sa_tail;
 
 /**
- * Head of the DLL of record set locks
- */
-static struct RecordsLock *locks_head;
-
-/**
- * Tail of the DLL of record set locks
- */
-static struct RecordsLock *locks_tail;
-
-/**
  * Notification context shared by all monitors.
  */
 static struct GNUNET_NotificationContext *monitor_nc;
@@ -447,7 +419,6 @@ static void
 cleanup_task (void *cls)
 {
   struct CacheOperation *cop;
-  struct RecordsLock *lock;
 
   (void) cls;
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Stopping namestore service\n");
@@ -459,13 +430,6 @@ cleanup_task (void *cls)
     GNUNET_CONTAINER_DLL_remove (cop_head, cop_tail, cop);
     GNUNET_free (cop);
   }
-  while (NULL != (lock = locks_head))
-  {
-    GNUNET_CONTAINER_DLL_remove (locks_head,
-                                 locks_tail,
-                                 lock);
-    GNUNET_free (lock);
-  }
 
   if (NULL != namecache)
   {
@@ -1154,7 +1118,6 @@ client_disconnect_cb (void *cls,
   struct NamestoreClient *nc = app_ctx;
   struct ZoneIteration *no;
   struct CacheOperation *cop;
-  struct RecordsLock *lock;
 
   (void) cls;
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Client %p disconnected\n", client);
@@ -1205,15 +1168,6 @@ client_disconnect_cb (void *cls,
   for (cop = cop_head; NULL != cop; cop = cop->next)
     if (nc == cop->nc)
       cop->nc = NULL;
-  for (lock = locks_head; NULL != lock; lock = lock->next)
-  {
-    if (nc != lock->client)
-      continue;
-    GNUNET_CONTAINER_DLL_remove (locks_head,
-                                 locks_tail,
-                                 lock);
-    GNUNET_free (lock);
-  }
   GNUNET_free (nc);
 }
 
@@ -1407,105 +1361,6 @@ check_record_lookup (void *cls, const struct LabelLookupMessage *ll_msg)
   return GNUNET_OK;
 }
 
-static void
-calculate_lock_hash (const char *label,
-                     const struct GNUNET_IDENTITY_PrivateKey *zone,
-                     struct GNUNET_HashCode *result)
-{
-  struct GNUNET_HashContext *hctx;
-
-  hctx = GNUNET_CRYPTO_hash_context_start ();
-  GNUNET_CRYPTO_hash_context_read (hctx, label, strlen (label));
-  GNUNET_CRYPTO_hash_context_read (hctx, zone,
-                                   sizeof (*zone));
-  GNUNET_CRYPTO_hash_context_finish (hctx, result);
-}
-
-/**
- * Release a lock on a record set.
- * Does nothing if lock not held.
- *
- * @param label the label of the record set
- * @param zone the zone
- * @param nc the client releasing the lock
- */
-static void
-NST_label_lock_release (const char *label,
-                        const struct GNUNET_IDENTITY_PrivateKey *zone,
-                        const struct NamestoreClient *nc)
-{
-  struct GNUNET_HashCode label_hash;
-  struct RecordsLock *lock;
-
-  calculate_lock_hash (label, zone, &label_hash);
-  for (lock = locks_head; NULL != lock; lock = lock->next)
-    if (0 == memcmp (&label_hash, &lock->label_hash, sizeof (label_hash)))
-      break;
-  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-              "Record locked: %s\n", (NULL == lock) ? "No" : "Yes");
-  if (NULL == lock)
-    return;
-  if (lock->client != nc)
-  {
-    GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
-                "Lock is held by other client on `%s'\n", label);
-    return;
-  }
-  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-              "Unocking %s\n", GNUNET_h2s (&label_hash));
-  GNUNET_CONTAINER_DLL_remove (locks_head,
-                               locks_tail,
-                               lock);
-  GNUNET_free (lock);
-}
-
-/**
- * Get/set a lock on a record set.
- * May be called multiple times but will
- * not aquire additional locks.
- *
- * @param the label of the record set
- * @param the zone
- * @param the client doing the locking
- * @return GNUNET_YES if lock retrieved or set already.
- */
-static enum GNUNET_GenericReturnValue
-NST_label_lock (const char *label,
-                const struct GNUNET_IDENTITY_PrivateKey *zone,
-                struct NamestoreClient *nc)
-{
-  struct GNUNET_HashCode label_hash;
-  struct RecordsLock *lock;
-
-  calculate_lock_hash (label, zone, &label_hash);
-  for (lock = locks_head; NULL != lock; lock = lock->next)
-    if (0 == memcmp (&label_hash, &lock->label_hash, sizeof (label_hash)))
-      break;
-  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-              "Record locked: %s\n", (NULL == lock) ? "No" : "Yes");
-  if (NULL != lock)
-  {
-    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-                "Client holds lock: %s\n", (lock->client != nc) ? "No" : "Yes");
-    if (lock->client != nc)
-    {
-      GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
-                  "Lock is held by other client on `%s'\n", label);
-      return GNUNET_NO;
-    }
-    return GNUNET_YES;
-  }
-  lock = GNUNET_new (struct RecordsLock);
-  lock->client = nc;
-  memcpy (&lock->label_hash, &label_hash, sizeof (label_hash));
-  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-              "Locking %s\n", GNUNET_h2s (&label_hash));
-  GNUNET_CONTAINER_DLL_insert (locks_head,
-                               locks_tail,
-                               lock);
-  return GNUNET_YES;
-}
-
 
 /**
  * Handles a #GNUNET_MESSAGE_TYPE_NAMESTORE_RECORD_LOOKUP message
@@ -1520,7 +1375,6 @@ handle_record_lookup (void *cls, const struct LabelLookupMessage *ll_msg)
   struct GNUNET_MQ_Envelope *env;
   struct LabelLookupResponseMessage *llr_msg;
   struct RecordLookupContext rlc;
-  struct RecordsLock *lock;
   struct GNUNET_HashCode label_hash;
   const char *name_tmp;
   char *res_name;
@@ -1544,28 +1398,6 @@ handle_record_lookup (void *cls, const struct LabelLookupMessage *ll_msg)
     return;
   }
   name_len = strlen (conv_name) + 1;
-  if (GNUNET_YES == ntohl (ll_msg->locking))
-  {
-    if (GNUNET_NO == NST_label_lock (conv_name, &ll_msg->zone, nc))
-    {
-      GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
-                  "Lock is held by other client on `%s'\n", conv_name);
-      env =
-        GNUNET_MQ_msg_extra (llr_msg,
-                             name_len,
-                             GNUNET_MESSAGE_TYPE_NAMESTORE_RECORD_LOOKUP_RESPONSE);
-      llr_msg->gns_header.r_id = ll_msg->gns_header.r_id;
-      llr_msg->private_key = ll_msg->zone;
-      llr_msg->name_len = htons (name_len);
-      llr_msg->rd_count = htons (0);
-      llr_msg->rd_len = htons (0);
-      llr_msg->found = htons (GNUNET_SYSERR);
-      GNUNET_memcpy (&llr_msg[1], conv_name, name_len);
-      GNUNET_MQ_send (nc->mq, env);
-      GNUNET_free (conv_name);
-      return;
-    }
-  }
   rlc.label = conv_name;
   rlc.found = GNUNET_NO;
   rlc.res_rd_count = 0;
@@ -1699,7 +1531,6 @@ handle_record_store (void *cls, const struct RecordStoreMessage *rp_msg)
   unsigned int rd_count;
   int res;
   struct StoreActivity *sa;
-  struct RecordsLock *lock;
   struct GNUNET_HashCode label_hash;
   struct GNUNET_TIME_Absolute existing_block_exp;
   struct GNUNET_TIME_Absolute new_block_exp;
@@ -1753,20 +1584,6 @@ handle_record_store (void *cls, const struct RecordStoreMessage *rp_msg)
       GNUNET_SERVICE_client_continue (nc->client);
       return;
     }
-    if (GNUNET_YES == ntohl (rp_msg->locking))
-    {
-      if (GNUNET_NO == NST_label_lock (conv_name, &rp_msg->private_key, nc))
-      {
-        send_store_response (nc, GNUNET_SYSERR, _ ("Record set locked."), rid);
-        GNUNET_SERVICE_client_continue (nc->client);
-        GNUNET_free (conv_name);
-        return;
-      }
-      GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-                  "Client has lock on `%s', continuing.\n", conv_name);
-      if (GNUNET_YES == ntohl (rp_msg->locking))
-        NST_label_lock_release (conv_name, &rp_msg->private_key, nc);
-    }
 
     GNUNET_STATISTICS_update (statistics,
                               "Well-formed store requests received",
diff --git a/src/namestore/namestore.h b/src/namestore/namestore.h
index 0f3ffa837..583ec1e68 100644
--- a/src/namestore/namestore.h
+++ b/src/namestore/namestore.h
@@ -68,11 +68,6 @@ struct RecordStoreMessage
   struct GNUNET_TIME_AbsoluteNBO expire;
 
   /**
-   * Unock the label with this request.
-   */
-  uint32_t locking GNUNET_PACKED;
-
-  /**
    * Name length
    */
   uint16_t name_len GNUNET_PACKED;
@@ -151,11 +146,6 @@ struct LabelLookupMessage
   uint32_t label_len GNUNET_PACKED;
 
   /**
-   * Lock the label with this lookup
-   */
-  uint32_t locking GNUNET_PACKED;
-
-  /**
    * The private key of the zone to look up in
    */
   struct GNUNET_IDENTITY_PrivateKey zone;
diff --git a/src/namestore/namestore_api.c b/src/namestore/namestore_api.c
index a7380bbde..73f985803 100644
--- a/src/namestore/namestore_api.c
+++ b/src/namestore/namestore_api.c
@@ -411,7 +411,7 @@ handle_record_store_response (void *cls,
     return;
   if (NULL != qe->cont)
     qe->cont (qe->cont_cls, res,
-             (GNUNET_OK == res) ? NULL : emsg);
+              (GNUNET_OK == res) ? NULL : emsg);
   free_qe (qe);
 }
 
@@ -482,7 +482,7 @@ handle_lookup_result (void *cls, const struct LabelLookupResponseMessage *msg)
   int16_t found = (int16_t) ntohs (msg->found);
 
   LOG (GNUNET_ERROR_TYPE_DEBUG, "Received RECORD_LOOKUP_RESULT (found=%i)\n",
-        found);
+       found);
   qe = find_qe (h, ntohl (msg->gns_header.r_id));
   if (NULL == qe)
     return;
@@ -820,9 +820,9 @@ reconnect (struct GNUNET_NAMESTORE_Handle *h)
 {
   struct GNUNET_MQ_MessageHandler handlers[] =
   { GNUNET_MQ_hd_var_size (record_store_response,
-                             GNUNET_MESSAGE_TYPE_NAMESTORE_RECORD_STORE_RESPONSE,
-                             struct RecordStoreResponseMessage,
-                             h),
+                           GNUNET_MESSAGE_TYPE_NAMESTORE_RECORD_STORE_RESPONSE,
+                           struct RecordStoreResponseMessage,
+                           h),
     GNUNET_MQ_hd_var_size (zone_to_name_response,
                            GNUNET_MESSAGE_TYPE_NAMESTORE_ZONE_TO_NAME_RESPONSE,
                            struct ZoneToNameResponseMessage,
@@ -1013,16 +1013,16 @@ warn_delay (void *cls)
   GNUNET_NAMESTORE_cancel (qe);
 }
 
+
 struct GNUNET_NAMESTORE_QueueEntry *
-records_store_ (
+GNUNET_NAMESTORE_records_store (
   struct GNUNET_NAMESTORE_Handle *h,
   const struct GNUNET_IDENTITY_PrivateKey *pkey,
   const char *label,
   unsigned int rd_count,
   const struct GNUNET_GNSRECORD_Data *rd,
   GNUNET_NAMESTORE_ContinuationWithStatus cont,
-  void *cont_cls,
-  int locking)
+  void *cont_cls)
 {
   struct GNUNET_NAMESTORE_QueueEntry *qe;
   struct GNUNET_MQ_Envelope *env;
@@ -1067,9 +1067,8 @@ records_store_ (
   msg->name_len = htons (name_len);
   msg->rd_count = htons (rd_count);
   msg->rd_len = htons (rd_ser_len);
-  msg->reserved = ntohs(0);
+  msg->reserved = ntohs (0);
   msg->private_key = *pkey;
-  msg->locking = htonl (locking);
 
   name_tmp = (char *) &msg[1];
   GNUNET_memcpy (name_tmp, label, name_len);
@@ -1101,22 +1100,11 @@ records_store_ (
   return qe;
 }
 
+/**
+ * TODO: Experimental API will replace API above.
+ */
 struct GNUNET_NAMESTORE_QueueEntry *
-GNUNET_NAMESTORE_records_store (
-  struct GNUNET_NAMESTORE_Handle *h,
-  const struct GNUNET_IDENTITY_PrivateKey *pkey,
-  const char *label,
-  unsigned int rd_count,
-  const struct GNUNET_GNSRECORD_Data *rd,
-  GNUNET_NAMESTORE_ContinuationWithStatus cont,
-  void *cont_cls)
-{
-  return records_store_ (h, pkey, label,
-                         rd_count, rd, cont, cont_cls, GNUNET_NO);
-}
-
-struct GNUNET_NAMESTORE_QueueEntry *
-GNUNET_NAMESTORE_records_commit (
+GNUNET_NAMESTORE_records_replace (
   struct GNUNET_NAMESTORE_Handle *h,
   const struct GNUNET_IDENTITY_PrivateKey *pkey,
   const char *label,
@@ -1125,21 +1113,19 @@ GNUNET_NAMESTORE_records_commit (
   GNUNET_NAMESTORE_ContinuationWithStatus cont,
   void *cont_cls)
 {
-  return records_store_ (h, pkey, label,
-                         rd_count, rd, cont, cont_cls, GNUNET_YES);
+  return GNUNET_NAMESTORE_records_store (h, pkey, label, rd_count, rd,
+                                         cont, cont_cls);
 }
 
-
 struct GNUNET_NAMESTORE_QueueEntry *
-records_lookup_ (
+GNUNET_NAMESTORE_records_lookup (
   struct GNUNET_NAMESTORE_Handle *h,
   const struct GNUNET_IDENTITY_PrivateKey *pkey,
   const char *label,
   GNUNET_SCHEDULER_TaskCallback error_cb,
   void *error_cb_cls,
   GNUNET_NAMESTORE_RecordMonitor rm,
-  void *rm_cls,
-  int locking)
+  void *rm_cls)
 {
   struct GNUNET_NAMESTORE_QueueEntry *qe;
   struct GNUNET_MQ_Envelope *env;
@@ -1167,7 +1153,6 @@ records_lookup_ (
   msg->gns_header.r_id = htonl (qe->op_id);
   msg->zone = *pkey;
   msg->label_len = htonl (label_len);
-  msg->locking = htonl (locking);
   GNUNET_memcpy (&msg[1], label, label_len);
   if (NULL == h->mq)
     qe->env = env;
@@ -1176,22 +1161,12 @@ records_lookup_ (
   return qe;
 }
 
-struct GNUNET_NAMESTORE_QueueEntry *
-GNUNET_NAMESTORE_records_lookup (
-  struct GNUNET_NAMESTORE_Handle *h,
-  const struct GNUNET_IDENTITY_PrivateKey *pkey,
-  const char *label,
-  GNUNET_SCHEDULER_TaskCallback error_cb,
-  void *error_cb_cls,
-  GNUNET_NAMESTORE_RecordMonitor rm,
-  void *rm_cls)
-{
-  return records_lookup_ (h, pkey, label,
-                          error_cb, error_cb_cls, rm, rm_cls, GNUNET_NO);
-}
 
+/**
+ * TODO experimental API. Will replace old API above.
+ */
 struct GNUNET_NAMESTORE_QueueEntry *
-GNUNET_NAMESTORE_records_open (
+GNUNET_NAMESTORE_records_select (
   struct GNUNET_NAMESTORE_Handle *h,
   const struct GNUNET_IDENTITY_PrivateKey *pkey,
   const char *label,
@@ -1200,8 +1175,9 @@ GNUNET_NAMESTORE_records_open (
   GNUNET_NAMESTORE_RecordMonitor rm,
   void *rm_cls)
 {
-  return records_lookup_ (h, pkey, label,
-                          error_cb, error_cb_cls, rm, rm_cls, GNUNET_YES);
+  return GNUNET_NAMESTORE_records_lookup (h, pkey, label,
+                                          error_cb, error_cb_cls,
+                                          rm, rm_cls);
 }
 
 struct GNUNET_NAMESTORE_QueueEntry *
@@ -1364,5 +1340,48 @@ GNUNET_NAMESTORE_cancel (struct GNUNET_NAMESTORE_QueueEntry *qe)
   free_qe (qe);
 }
 
+/**
+ * New API draft. Experimental
+ */
+
+struct GNUNET_NAMESTORE_QueueEntry *
+GNUNET_NAMESTORE_transaction_begin (struct GNUNET_NAMESTORE_Handle *h,
+                                    GNUNET_SCHEDULER_TaskCallback error_cb,
+                                    void *error_cb_cls)
+{
+  GNUNET_break (0);
+  return NULL;
+}
+
+
+struct GNUNET_NAMESTORE_QueueEntry *
+GNUNET_NAMESTORE_transaction_abort (struct GNUNET_NAMESTORE_Handle *h,
+                                    GNUNET_SCHEDULER_TaskCallback error_cb,
+                                    void *error_cb_cls)
+{
+  GNUNET_break (0);
+  return NULL;
+}
+
+
+/**
+ * Commit a namestore transaction.
+ * Saves all actions performed since #GNUNET_NAMESTORE_transaction_begin
+ *
+ * @param h handle to the namestore
+ * @param error_cb function to call on error (i.e. disconnect or unable to get lock)
+ *        the handle is afterwards invalid
+ * @param error_cb_cls closure for @a error_cb
+ * @return handle to abort the request
+ */
+struct GNUNET_NAMESTORE_QueueEntry *
+GNUNET_NAMESTORE_transaction_commit (struct GNUNET_NAMESTORE_Handle *h,
+                                     GNUNET_SCHEDULER_TaskCallback error_cb,
+                                     void *error_cb_cls)
+{
+  GNUNET_break (0);
+  return NULL;
+}
+
 
 /* end of namestore_api.c */
diff --git a/src/pq/pq_result_helper.c b/src/pq/pq_result_helper.c
index 2c11f5202..f3d246c36 100644
--- a/src/pq/pq_result_helper.c
+++ b/src/pq/pq_result_helper.c
@@ -1086,6 +1086,12 @@ extract_uint64 (void *cls,
                    fnum))
   {
     GNUNET_break (0);
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Got length %u for field `%s'\n",
+                PQgetlength (result,
+                             row,
+                             fnum),
+                fname);
     return GNUNET_SYSERR;
   }
   res = (uint64_t *) PQgetvalue (result,
diff --git a/src/transport/Makefile.am b/src/transport/Makefile.am
index 69b05fb13..2b09ccf63 100644
--- a/src/transport/Makefile.am
+++ b/src/transport/Makefile.am
@@ -1528,6 +1528,7 @@ test_transport_simple_send_string.sh \
 test_transport_simple_send.sh \
 test_transport_simple_send_broadcast.sh \
 test_transport_udp_backchannel.sh \
+test_transport_simple_send_dv_circle.sh \
 gnunet-transport-certificate-creation.in \
 communicator-unix.conf \
 test_plugin_hostkey \
diff --git a/src/util/.gitignore b/src/util/.gitignore
index 51eab71db..0e3449fed 100644
--- a/src/util/.gitignore
+++ b/src/util/.gitignore
@@ -36,6 +36,7 @@ test_crypto_ecdh_eddsa
 test_crypto_ecdhe
 test_crypto_ecdsa
 test_crypto_eddsa
+test_crypto_edx25519
 test_crypto_hash
 test_crypto_hash_context
 test_crypto_hkdf
diff --git a/src/util/Makefile.am b/src/util/Makefile.am
index 406d42b1e..9cb7da15b 100644
--- a/src/util/Makefile.am
+++ b/src/util/Makefile.am
@@ -66,6 +66,7 @@ libgnunetutil_la_SOURCES = \
   crypto_ecc_gnsrecord.c \
   $(DLOG) \
   crypto_ecc_setup.c \
+  crypto_edx25519.c \
   crypto_hash.c \
   crypto_hash_file.c \
   crypto_hkdf.c \
@@ -297,6 +298,7 @@ check_PROGRAMS = \
  test_crypto_ecdhe \
  test_crypto_ecdh_eddsa \
  test_crypto_ecdh_ecdsa \
+ test_crypto_edx25519 \
  $(DLOG_TEST) \
  test_crypto_hash \
  test_crypto_hash_context \
@@ -470,6 +472,12 @@ test_crypto_eddsa_LDADD = \
  libgnunetutil.la \
  $(LIBGCRYPT_LIBS)
 
+test_crypto_edx25519_SOURCES = \
+ test_crypto_edx25519.c
+test_crypto_edx25519_LDADD = \
+ libgnunetutil.la \
+ $(LIBGCRYPT_LIBS)
+
 test_crypto_ecc_dlog_SOURCES = \
  test_crypto_ecc_dlog.c
 test_crypto_ecc_dlog_LDADD = \
diff --git a/src/util/crypto_ecc_gnsrecord.c b/src/util/crypto_ecc_gnsrecord.c
index ce41a4699..0ee0570c0 100644
--- a/src/util/crypto_ecc_gnsrecord.c
+++ b/src/util/crypto_ecc_gnsrecord.c
@@ -68,28 +68,15 @@ derive_h (const void *pub,
 }
 
 
-/**
- * This is a signature function for EdDSA which takes the
- * secret scalar sk instead of the private seed which is
- * usually the case for crypto APIs. We require this functionality
- * in order to use derived private keys for signatures we
- * cannot calculate the inverse of a sk to find the seed
- * efficiently.
- *
- * The resulting signature is a standard EdDSA signature
- * which can be verified using the usual APIs.
- *
- * @param sk the secret scalar
- * @param purp the signature purpose
- * @param sig the resulting signature
- */
-void
-GNUNET_CRYPTO_eddsa_sign_with_scalar (
-  const struct GNUNET_CRYPTO_EddsaPrivateScalar *priv,
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_eddsa_sign_derived (
+  const struct GNUNET_CRYPTO_EddsaPrivateKey *pkey,
+  const char *label,
+  const char *context,
   const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
   struct GNUNET_CRYPTO_EddsaSignature *sig)
 {
-
+  struct GNUNET_CRYPTO_EddsaPrivateScalar priv;
   crypto_hash_sha512_state hs;
   unsigned char sk[64];
   unsigned char r[64];
@@ -98,6 +85,14 @@ GNUNET_CRYPTO_eddsa_sign_with_scalar (
   unsigned char zk[32];
   unsigned char tmp[32];
 
+  /**
+   * Derive the private key
+   */
+  GNUNET_CRYPTO_eddsa_private_key_derive (pkey,
+                                          label,
+                                          context,
+                                          &priv);
+
   crypto_hash_sha512_init (&hs);
 
   /**
@@ -108,7 +103,7 @@ GNUNET_CRYPTO_eddsa_sign_with_scalar (
    * sk[0..31] = h * SHA512 (d)[0..31]
    * sk[32..63] = SHA512 (d)[32..63]
    */
-  memcpy (sk, priv->s, 64);
+  memcpy (sk, priv.s, 64);
 
   /**
    * Calculate the derived zone key zk' from the
@@ -172,8 +167,28 @@ GNUNET_CRYPTO_eddsa_sign_with_scalar (
   sodium_memzero (sk, sizeof (sk));
   sodium_memzero (r, sizeof (r));
   sodium_memzero (r_mod, sizeof (r_mod));
+  return GNUNET_OK;
 }
 
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_ecdsa_sign_derived (
+  const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
+  const char *label,
+  const char *context,
+  const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
+  struct GNUNET_CRYPTO_EcdsaSignature *sig)
+{
+  struct GNUNET_CRYPTO_EcdsaPrivateKey *key;
+  enum GNUNET_GenericReturnValue res;
+  key = GNUNET_CRYPTO_ecdsa_private_key_derive (priv,
+                                                label,
+                                                context);
+  res = GNUNET_CRYPTO_ecdsa_sign_ (key,
+                                   purpose,
+                                   sig);
+  GNUNET_free (key);
+  return res;
+}
 
 struct GNUNET_CRYPTO_EcdsaPrivateKey *
 GNUNET_CRYPTO_ecdsa_private_key_derive (
diff --git a/src/util/crypto_edx25519.c b/src/util/crypto_edx25519.c
new file mode 100644
index 000000000..26b45407e
--- /dev/null
+++ b/src/util/crypto_edx25519.c
@@ -0,0 +1,418 @@
+/*
+     This file is part of GNUnet.
+     Copyright (C) 2022 GNUnet e.V.
+
+     GNUnet is free software: you can redistribute it and/or modify it
+     under the terms of the GNU Affero General Public License as published
+     by the Free Software Foundation, either version 3 of the License,
+     or (at your option) any later version.
+
+     GNUnet is distributed in the hope that it will be useful, but
+     WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     Affero General Public License for more details.
+
+     You should have received a copy of the GNU Affero General Public License
+     along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+     SPDX-License-Identifier: AGPL3.0-or-later
+ */
+
+/**
+ * @file util/crypto_edx25519.c
+ * @brief An variant of EdDSA which allows for iterative derivation of key pairs.
+ * @author Özgür Kesim
+ * @author Christian Grothoff
+ * @author Florian Dold
+ * @author Martin Schanzenbach
+ */
+#include "platform.h"
+#include <gcrypt.h>
+#include <sodium.h>
+#include "gnunet_crypto_lib.h"
+#include "gnunet_strings_lib.h"
+
+#define CURVE "Ed25519"
+
+void
+GNUNET_CRYPTO_edx25519_key_clear (struct GNUNET_CRYPTO_Edx25519PrivateKey *pk)
+{
+  memset (pk, 0, sizeof(struct GNUNET_CRYPTO_Edx25519PrivateKey));
+}
+
+
+void
+GNUNET_CRYPTO_edx25519_key_create_from_seed (
+  const void *seed,
+  size_t seedsize,
+  struct GNUNET_CRYPTO_Edx25519PrivateKey *pk)
+{
+
+  GNUNET_static_assert (sizeof(*pk) == sizeof(struct GNUNET_HashCode));
+  GNUNET_CRYPTO_hash (seed,
+                      seedsize,
+                      (struct GNUNET_HashCode *) pk);
+
+  /* Clamp the first half of the key. The second half is used in the signature
+   * process. */
+  pk->a[0] &= 248;
+  pk->a[31] &= 127;
+  pk->a[31] |= 64;
+}
+
+
+void
+GNUNET_CRYPTO_edx25519_key_create (
+  struct GNUNET_CRYPTO_Edx25519PrivateKey *pk)
+{
+  char seed[256 / 8];
+  GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
+                              seed,
+                              sizeof (seed));
+  GNUNET_CRYPTO_edx25519_key_create_from_seed (seed,
+                                               sizeof(seed),
+                                               pk);
+}
+
+
+void
+GNUNET_CRYPTO_edx25519_key_get_public (
+  const struct GNUNET_CRYPTO_Edx25519PrivateKey *priv,
+  struct GNUNET_CRYPTO_Edx25519PublicKey *pub)
+{
+  crypto_scalarmult_ed25519_base_noclamp (pub->q_y,
+                                          priv->a);
+}
+
+
+/**
+ * This function operates the basically same way as the signature function for
+ * EdDSA. But instead of expanding a private seed (which is usually the case
+ * for crypto APIs) and using the resulting scalars, it takes the scalars
+ * directly from Edx25519PrivateKey.  We require this functionality in order to
+ * use derived private keys for signatures.
+ *
+ * The resulting signature is a standard EdDSA signature
+ * which can be verified using the usual APIs.
+ *
+ * @param priv the private key (containing two scalars .a and .b)
+ * @param purp the signature purpose
+ * @param sig the resulting signature
+ */
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_edx25519_sign_ (
+  const struct GNUNET_CRYPTO_Edx25519PrivateKey *priv,
+  const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
+  struct GNUNET_CRYPTO_Edx25519Signature *sig)
+{
+
+  crypto_hash_sha512_state hs;
+  unsigned char r[64];
+  unsigned char hram[64];
+  unsigned char P[32];
+  unsigned char r_mod[64];
+  unsigned char R[32];
+  unsigned char tmp[32];
+
+  crypto_hash_sha512_init (&hs);
+
+  /**
+   * Calculate the public key P from the private scalar in the key.
+   */
+  crypto_scalarmult_ed25519_base_noclamp (P,
+                                          priv->a);
+
+  /**
+   * Calculate r:
+   * r = SHA512 (b ∥ M)
+   * where M is our message (purpose).
+   */
+  crypto_hash_sha512_update (&hs,
+                             priv->b,
+                             sizeof(priv->b));
+  crypto_hash_sha512_update (&hs,
+                             (uint8_t*) purpose,
+                             ntohl (purpose->size));
+  crypto_hash_sha512_final (&hs,
+                            r);
+
+  /**
+   * Temporarily put P into S
+   */
+  memcpy (sig->s, P, 32);
+
+  /**
+   * Reduce the scalar value r
+   */
+  crypto_core_ed25519_scalar_reduce (r_mod, r);
+
+  /**
+   * Calculate R := r * G of the signature
+   */
+  crypto_scalarmult_ed25519_base_noclamp (R, r_mod);
+  memcpy (sig->r, R, sizeof (R));
+
+  /**
+   * Calculate
+   * hram := SHA512 (R ∥ P ∥ M)
+   */
+  crypto_hash_sha512_init (&hs);
+  crypto_hash_sha512_update (&hs, (uint8_t*) sig, 64);
+  crypto_hash_sha512_update (&hs, (uint8_t*) purpose,
+                             ntohl (purpose->size));
+  crypto_hash_sha512_final (&hs, hram);
+
+  /**
+   * Reduce the resulting scalar value
+   */
+  unsigned char hram_mod[64];
+  crypto_core_ed25519_scalar_reduce (hram_mod, hram);
+
+  /**
+   * Calculate
+   * S := r + hram * s mod L
+   */
+  crypto_core_ed25519_scalar_mul (tmp, hram_mod, priv->a);
+  crypto_core_ed25519_scalar_add (sig->s, tmp, r_mod);
+
+  sodium_memzero (r, sizeof (r));
+  sodium_memzero (r_mod, sizeof (r_mod));
+
+  return GNUNET_OK;
+}
+
+
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_edx25519_verify_ (
+  uint32_t purpose,
+  const struct GNUNET_CRYPTO_EccSignaturePurpose *validate,
+  const struct GNUNET_CRYPTO_Edx25519Signature *sig,
+  const struct GNUNET_CRYPTO_Edx25519PublicKey *pub)
+{
+  const unsigned char *m = (const void *) validate;
+  size_t mlen = ntohl (validate->size);
+  const unsigned char *s = (const void *) sig;
+
+  int res;
+
+  if (purpose != ntohl (validate->purpose))
+    return GNUNET_SYSERR; /* purpose mismatch */
+
+  res = crypto_sign_verify_detached (s, m, mlen, pub->q_y);
+  return (res == 0) ? GNUNET_OK : GNUNET_SYSERR;
+}
+
+
+/**
+ * Derive the 'h' value for key derivation, where
+ * 'h = H(P ∥ seed) mod n' and 'n' is the size of the cyclic subroup.
+ *
+ * @param pub public key for deriviation
+ * @param seed seed for key the deriviation
+ * @param seedsize the size of the seed
+ * @param n The value for the modulus 'n'
+ * @param[out] phc if not NULL, the output of H() will be written into
+ * return h_mod_n (allocated by this function)
+ */
+static gcry_mpi_t
+derive_h_mod_n (
+  const struct GNUNET_CRYPTO_Edx25519PublicKey *pub,
+  const void *seed,
+  size_t seedsize,
+  const gcry_mpi_t n,
+  struct GNUNET_HashCode *phc)
+{
+  static const char *const salt = "edx2559-derivation";
+  struct GNUNET_HashCode hc;
+  gcry_mpi_t h;
+  gcry_mpi_t h_mod_n;
+
+  if (NULL == phc)
+    phc = &hc;
+
+  GNUNET_CRYPTO_kdf (phc, sizeof(*phc),
+                     salt, strlen (salt),
+                     pub, sizeof(*pub),
+                     seed, seedsize,
+                     NULL, 0);
+
+  /* calculate h_mod_n = h % n */
+  GNUNET_CRYPTO_mpi_scan_unsigned (&h,
+                                   (unsigned char *) phc,
+                                   sizeof(*phc));
+  h_mod_n = gcry_mpi_new (256);
+  gcry_mpi_mod (h_mod_n, h, n);
+
+#ifdef CHECK_RARE_CASES
+  /**
+   * Note that the following cases would be problematic:
+   *    1.) h == 0 mod n
+   *    2.) h == 1 mod n
+   *    3.) [h] * P == E
+   * We assume that the probalities for these cases to occur are neglegible.
+   */
+  GNUNET_assert (! gcry_mpi_cmp_ui (h_mod_n, 0));
+  GNUNET_assert (! gcry_mpi_cmp_ui (h_mod_n, 1));
+#endif
+
+  gcry_mpi_release(h);
+  return h_mod_n;
+}
+
+
+void
+GNUNET_CRYPTO_edx25519_private_key_derive (
+  const struct GNUNET_CRYPTO_Edx25519PrivateKey *priv,
+  const void *seed,
+  size_t seedsize,
+  struct GNUNET_CRYPTO_Edx25519PrivateKey *result)
+{
+  struct GNUNET_CRYPTO_Edx25519PublicKey pub;
+  struct GNUNET_HashCode hc;
+  uint8_t a[32];
+  gcry_ctx_t ctx;
+  gcry_mpi_t h_mod_n;
+  gcry_mpi_t x;
+  gcry_mpi_t n;
+  gcry_mpi_t a1;
+  gcry_mpi_t a2;
+  gcry_mpi_t ap; // a'
+
+  GNUNET_CRYPTO_edx25519_key_get_public (priv, &pub);
+
+  /**
+   * Libsodium does not offer an API with arbitrary arithmetic.
+   * Hence we have to use libgcrypt here.
+   */
+  GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, NULL, "Ed25519"));
+
+  /**
+   * Get our modulo
+   */
+  n = gcry_mpi_ec_get_mpi ("n", ctx, 1);
+  GNUNET_assert (NULL != n);
+
+  /**
+   * Get h mod n
+   */
+  h_mod_n = derive_h_mod_n (&pub,
+                            seed,
+                            seedsize,
+                            n,
+                            &hc);
+
+  /* Convert priv->a scalar to big endian for libgcrypt */
+  for (size_t i = 0; i < 32; i++)
+    a[i] = priv->a[31 - i];
+
+  /**
+   * dc now contains the private scalar "a".
+   * We carefully remove the clamping and derive a'.
+   * Calculate:
+   * a1 := a / 8
+   * a2 := h * a1 mod n
+   * a' := a2 * 8 mod n
+   */
+  GNUNET_CRYPTO_mpi_scan_unsigned (&x, a, sizeof(a)); // a
+  a1 = gcry_mpi_new (256);
+  gcry_mpi_t eight = gcry_mpi_set_ui (NULL, 8);
+  gcry_mpi_div (a1, NULL, x, eight, 0); // a1 := a / 8
+  a2 = gcry_mpi_new (256);
+  gcry_mpi_mulm (a2, h_mod_n, a1, n); // a2 := h * a1 mod n
+  ap = gcry_mpi_new (256);
+  gcry_mpi_mul (ap, a2, eight); // a' := a2 * 8
+
+#ifdef CHECK_RARE_CASES
+  /* The likelihood for a' == 0 or a' == 1 is neglegible */
+  GNUNET_assert (! gcry_mpi_cmp_ui (ap, 0));
+  GNUNET_assert (! gcry_mpi_cmp_ui (ap, 1));
+#endif
+
+  gcry_mpi_release (h_mod_n);
+  gcry_mpi_release (eight);
+  gcry_mpi_release (x);
+  gcry_mpi_release (n);
+  gcry_mpi_release (a1);
+  gcry_mpi_release (a2);
+  gcry_ctx_release (ctx);
+  GNUNET_CRYPTO_mpi_print_unsigned (a, sizeof(a), ap);
+  gcry_mpi_release (ap);
+
+  /**
+   * We hash the derived "h" parameter with the other half of the expanded
+   * private key (that is: priv->b). This ensures that for signature
+   * generation, the "R" is derived from the same derivation path as "h" and is
+   * not reused.
+   */
+  {
+    crypto_hash_sha256_state hs;
+    crypto_hash_sha256_init (&hs);
+    crypto_hash_sha256_update (&hs, priv->b, sizeof(priv->b));
+    crypto_hash_sha256_update (&hs, (unsigned char*) &hc, sizeof (hc));
+    crypto_hash_sha256_final (&hs, result->b);
+  }
+
+  /* Convert to little endian for libsodium */
+  for (size_t i = 0; i < 32; i++)
+    result->a[i] = a[31 - i];
+
+  sodium_memzero (a, sizeof(a));
+}
+
+
+void
+GNUNET_CRYPTO_edx25519_public_key_derive (
+  const struct GNUNET_CRYPTO_Edx25519PublicKey *pub,
+  const void *seed,
+  size_t seedsize,
+  struct GNUNET_CRYPTO_Edx25519PublicKey *result)
+{
+  gcry_ctx_t ctx;
+  gcry_mpi_t q_y;
+  gcry_mpi_t n;
+  gcry_mpi_t h_mod_n;
+  gcry_mpi_point_t q;
+  gcry_mpi_point_t v;
+
+  GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, NULL, "Ed25519"));
+
+  /* obtain point 'q' from original public key.  The provided 'q' is
+     compressed thus we first store it in the context and then get it
+     back as a (decompresssed) point.  */
+  q_y = gcry_mpi_set_opaque_copy (NULL,
+                                  pub->q_y,
+                                  8 * sizeof(pub->q_y));
+  GNUNET_assert (NULL != q_y);
+  GNUNET_assert (0 == gcry_mpi_ec_set_mpi ("q", q_y, ctx));
+  gcry_mpi_release (q_y);
+  q = gcry_mpi_ec_get_point ("q", ctx, 0);
+  GNUNET_assert (q);
+
+  /**
+   * Get h mod n
+   */
+  n = gcry_mpi_ec_get_mpi ("n", ctx, 1);
+  GNUNET_assert (NULL != n);
+  GNUNET_assert (NULL != pub);
+  h_mod_n = derive_h_mod_n (pub,
+                            seed,
+                            seedsize,
+                            n,
+                            NULL /* We don't need hc here */);
+
+  /* calculate v = h_mod_n * q */
+  v = gcry_mpi_point_new (0);
+  gcry_mpi_ec_mul (v, h_mod_n, q, ctx);
+  gcry_mpi_release (h_mod_n);
+  gcry_mpi_release (n);
+  gcry_mpi_point_release (q);
+
+  /* convert point 'v' to public key that we return */
+  GNUNET_assert (0 == gcry_mpi_ec_set_point ("q", v, ctx));
+  gcry_mpi_point_release (v);
+  q_y = gcry_mpi_ec_get_mpi ("q@eddsa", ctx, 0);
+  GNUNET_assert (q_y);
+  GNUNET_CRYPTO_mpi_print_unsigned (result->q_y, sizeof(result->q_y), q_y);
+  gcry_mpi_release (q_y);
+  gcry_ctx_release (ctx);
+}
diff --git a/src/util/crypto_hkdf.c b/src/util/crypto_hkdf.c
index 4e4496819..838e37d8d 100644
--- a/src/util/crypto_hkdf.c
+++ b/src/util/crypto_hkdf.c
@@ -74,16 +74,21 @@
  * @return HMAC, freed by caller via gcry_md_close/_reset
  */
 static const void *
-doHMAC (gcry_md_hd_t mac, const void *key, size_t key_len, const void *buf,
+doHMAC (gcry_md_hd_t mac,
+        const void *key,
+        size_t key_len,
+        const void *buf,
         size_t buf_len)
 {
-  if (GPG_ERR_NO_ERROR != gcry_md_setkey (mac, key, key_len))
+  if (GPG_ERR_NO_ERROR !=
+      gcry_md_setkey (mac, key, key_len))
   {
     GNUNET_break (0);
     return NULL;
   }
-  gcry_md_write (mac, buf, buf_len);
-
+  gcry_md_write (mac,
+                 buf,
+                 buf_len);
   return (const void *) gcry_md_read (mac, 0);
 }
 
@@ -98,9 +103,13 @@ doHMAC (gcry_md_hd_t mac, const void *key, size_t key_len, const void *buf,
  * @param prk result buffer (allocated by caller; at least gcry_md_dlen() bytes)
  * @return #GNUNET_YES on success
  */
-static int
-getPRK (gcry_md_hd_t mac, const void *xts, size_t xts_len, const void *skm,
-        size_t skm_len, void *prk)
+static enum GNUNET_GenericReturnValue
+getPRK (gcry_md_hd_t mac,
+        const void *xts,
+        size_t xts_len,
+        const void *skm,
+        size_t skm_len,
+        void *prk)
 {
   const void *ret;
   size_t dlen;
@@ -114,9 +123,10 @@ getPRK (gcry_md_hd_t mac, const void *xts, size_t xts_len, const void *skm,
    * salt - optional salt value (a non-secret random value);
    * if not provided, it is set to a string of HashLen zeros. */
 
-  if (xts_len == 0)
+  if (0 == xts_len)
   {
     char zero_salt[dlen];
+    
     memset (zero_salt, 0, dlen);
     ret = doHMAC (mac, zero_salt, dlen, skm, skm_len);
   }
@@ -124,22 +134,23 @@ getPRK (gcry_md_hd_t mac, const void *xts, size_t xts_len, const void *skm,
   {
     ret = doHMAC (mac, xts, xts_len, skm, skm_len);
   }
-  if (ret == NULL)
+  if (NULL == ret)
     return GNUNET_SYSERR;
-  GNUNET_memcpy (prk, ret, dlen);
-
+  GNUNET_memcpy (prk,
+                 ret,
+                 dlen);
   return GNUNET_YES;
 }
 
 
 #if DEBUG_HKDF
 static void
-dump (const char *src, const void *p, unsigned int l)
+dump (const char *src,
+      const void *p,
+      unsigned int l)
 {
-  unsigned int i;
-
   printf ("\n%s: ", src);
-  for (i = 0; i < l; i++)
+  for (unsigned int i = 0; i < l; i++)
   {
     printf ("%2x", (int) ((const unsigned char *) p)[i]);
   }
@@ -150,23 +161,16 @@ dump (const char *src, const void *p, unsigned int l)
 #endif
 
 
-/**
- * @brief Derive key
- * @param result buffer for the derived key, allocated by caller
- * @param out_len desired length of the derived key
- * @param xtr_algo hash algorithm for the extraction phase, GCRY_MD_...
- * @param prf_algo hash algorithm for the expansion phase, GCRY_MD_...
- * @param xts salt
- * @param xts_len length of @a xts
- * @param skm source key material
- * @param skm_len length of @a skm
- * @param argp va_list of void * & size_t pairs for context chunks
- * @return #GNUNET_YES on success
- */
-int
-GNUNET_CRYPTO_hkdf_v (void *result, size_t out_len, int xtr_algo, int prf_algo,
-                      const void *xts, size_t xts_len, const void *skm,
-                      size_t skm_len, va_list argp)
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_hkdf_v (void *result,
+                      size_t out_len,
+                      int xtr_algo,
+                      int prf_algo,
+                      const void *xts,
+                      size_t xts_len,
+                      const void *skm,
+                      size_t skm_len,
+                      va_list argp)
 {
   gcry_md_hd_t xtr;
   gcry_md_hd_t prf;
@@ -186,10 +190,14 @@ GNUNET_CRYPTO_hkdf_v (void *result, size_t out_len, int xtr_algo, int prf_algo,
   if (0 == k)
     return GNUNET_SYSERR;
   if (GPG_ERR_NO_ERROR !=
-      gcry_md_open (&xtr, xtr_algo, GCRY_MD_FLAG_HMAC))
+      gcry_md_open (&xtr,
+                    xtr_algo,
+                    GCRY_MD_FLAG_HMAC))
     return GNUNET_SYSERR;
   if (GPG_ERR_NO_ERROR !=
-      gcry_md_open (&prf, prf_algo, GCRY_MD_FLAG_HMAC))
+      gcry_md_open (&prf,
+                    prf_algo,
+                    GCRY_MD_FLAG_HMAC))
   {
     gcry_md_close (xtr);
     return GNUNET_SYSERR;
@@ -221,7 +229,8 @@ GNUNET_CRYPTO_hkdf_v (void *result, size_t out_len, int xtr_algo, int prf_algo,
   }
 
   memset (result, 0, out_len);
-  if (getPRK (xtr, xts, xts_len, skm, skm_len, prk) != GNUNET_YES)
+  if (GNUNET_YES !=
+      getPRK (xtr, xts, xts_len, skm, skm_len, prk))
     goto hkdf_error;
 #if DEBUG_HKDF
   dump ("PRK", prk, xtr_len);
@@ -276,7 +285,7 @@ GNUNET_CRYPTO_hkdf_v (void *result, size_t out_len, int xtr_algo, int prf_algo,
       dump ("K(i+1)", plain, plain_len);
 #endif
       hc = doHMAC (prf, prk, xtr_len, plain, plain_len);
-      if (hc == NULL)
+      if (NULL == hc)
       {
         GNUNET_free (plain);
         goto hkdf_error;
@@ -327,32 +336,31 @@ hkdf_ok:
 }
 
 
-/**
- * @brief Derive key
- * @param result buffer for the derived key, allocated by caller
- * @param out_len desired length of the derived key
- * @param xtr_algo hash algorithm for the extraction phase, GCRY_MD_...
- * @param prf_algo hash algorithm for the expansion phase, GCRY_MD_...
- * @param xts salt
- * @param xts_len length of @a xts
- * @param skm source key material
- * @param skm_len length of @a skm
- * @return #GNUNET_YES on success
- */
-int
-GNUNET_CRYPTO_hkdf (void *result, size_t out_len, int xtr_algo, int prf_algo,
-                    const void *xts, size_t xts_len, const void *skm,
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_hkdf (void *result,
+                    size_t out_len,
+                    int xtr_algo,
+                    int prf_algo,
+                    const void *xts,
+                    size_t xts_len,
+                    const void *skm,
                     size_t skm_len, ...)
 {
   va_list argp;
-  int ret;
+  enum GNUNET_GenericReturnValue ret;
 
   va_start (argp, skm_len);
   ret =
-    GNUNET_CRYPTO_hkdf_v (result, out_len, xtr_algo, prf_algo, xts, xts_len,
-                          skm, skm_len, argp);
+    GNUNET_CRYPTO_hkdf_v (result,
+                          out_len,
+                          xtr_algo,
+                          prf_algo,
+                          xts,
+                          xts_len,
+                          skm,
+                          skm_len,
+                          argp);
   va_end (argp);
-
   return ret;
 }
 
diff --git a/src/util/crypto_kdf.c b/src/util/crypto_kdf.c
index 0dc734549..f577e0f7a 100644
--- a/src/util/crypto_kdf.c
+++ b/src/util/crypto_kdf.c
@@ -32,18 +32,8 @@
 
 #define LOG(kind, ...) GNUNET_log_from (kind, "util-crypto-kdf", __VA_ARGS__)
 
-/**
- * @brief Derive key
- * @param result buffer for the derived key, allocated by caller
- * @param out_len desired length of the derived key
- * @param xts salt
- * @param xts_len length of @a xts
- * @param skm source key material
- * @param skm_len length of @a skm
- * @param argp va_list of void * & size_t pairs for context chunks
- * @return #GNUNET_YES on success
- */
-int
+
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_kdf_v (void *result,
                      size_t out_len,
                      const void *xts,
@@ -62,7 +52,7 @@ GNUNET_CRYPTO_kdf_v (void *result,
    * hash function."
    *
    * http://eprint.iacr.org/2010/264
-   *///
+   */
   return GNUNET_CRYPTO_hkdf_v (result,
                                out_len,
                                GCRY_MD_SHA512,
@@ -75,18 +65,7 @@ GNUNET_CRYPTO_kdf_v (void *result,
 }
 
 
-/**
- * @brief Derive key
- * @param result buffer for the derived key, allocated by caller
- * @param out_len desired length of the derived key
- * @param xts salt
- * @param xts_len length of @a xts
- * @param skm source key material
- * @param skm_len length of @a skm
- * @param ... void * & size_t pairs for context chunks
- * @return #GNUNET_YES on success
- */
-int
+enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_kdf (void *result,
                    size_t out_len,
                    const void *xts,
@@ -111,18 +90,6 @@ GNUNET_CRYPTO_kdf (void *result,
 }
 
 
-/**
- * Deterministically generate a pseudo-random number uniformly from the
- * integers modulo a libgcrypt mpi.
- *
- * @param[out] r MPI value set to the FDH
- * @param n MPI to work modulo
- * @param xts salt
- * @param xts_len length of @a xts
- * @param skm source key material
- * @param skm_len length of @a skm
- * @param ctx context string
- */
 void
 GNUNET_CRYPTO_kdf_mod_mpi (gcry_mpi_t *r,
                            gcry_mpi_t n,
@@ -137,32 +104,34 @@ GNUNET_CRYPTO_kdf_mod_mpi (gcry_mpi_t *r,
 
   nbits = gcry_mpi_get_nbits (n);
   /* GNUNET_assert (nbits > 512); */
-
   ctr = 0;
   while (1)
   {
     /* Ain't clear if n is always divisible by 8 */
-    uint8_t buf[ (nbits - 1) / 8 + 1 ];
+    size_t bsize = (nbits - 1) / 8 + 1;
+    uint8_t buf[bsize];
     uint16_t ctr_nbo = htons (ctr);
 
     rc = GNUNET_CRYPTO_kdf (buf,
-                            sizeof(buf),
+                            bsize,
                             xts, xts_len,
                             skm, skm_len,
                             ctx, strlen (ctx),
                             &ctr_nbo, sizeof(ctr_nbo),
                             NULL, 0);
     GNUNET_assert (GNUNET_YES == rc);
-
     rc = gcry_mpi_scan (r,
                         GCRYMPI_FMT_USG,
                         (const unsigned char *) buf,
-                        sizeof(buf),
+                        bsize,
                         &rsize);
-    GNUNET_assert (0 == rc);  /* Allocation error? */
-
-    gcry_mpi_clear_highbit (*r, nbits);
-    GNUNET_assert (0 == gcry_mpi_test_bit (*r, nbits));
+    GNUNET_assert (GPG_ERR_NO_ERROR == rc);  /* Allocation error? */
+    GNUNET_assert (rsize == bsize);
+    gcry_mpi_clear_highbit (*r,
+                            nbits);
+    GNUNET_assert (0 ==
+                   gcry_mpi_test_bit (*r,
+                                      nbits));
     ++ctr;
     /* We reject this FDH if either *r > n and retry with another ctr */
     if (0 > gcry_mpi_cmp (*r, n))
diff --git a/src/util/crypto_rsa.c b/src/util/crypto_rsa.c
index 43e6eedac..4b8e5a5ce 100644
--- a/src/util/crypto_rsa.c
+++ b/src/util/crypto_rsa.c
@@ -497,7 +497,8 @@ GNUNET_CRYPTO_rsa_public_key_decode (const char *buf,
  * @return True if gcd(r,n) = 1, False means RSA key is malicious
  */
 static int
-rsa_gcd_validate (gcry_mpi_t r, gcry_mpi_t n)
+rsa_gcd_validate (gcry_mpi_t r,
+                  gcry_mpi_t n)
 {
   gcry_mpi_t g;
   int t;
@@ -520,29 +521,34 @@ static struct RsaBlindingKey *
 rsa_blinding_key_derive (const struct GNUNET_CRYPTO_RsaPublicKey *pkey,
                          const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks)
 {
-  char *xts = "Blinding KDF extractor HMAC key";  /* Trusts bks' randomness more */
+  const char *xts = "Blinding KDF extractor HMAC key";  /* Trusts bks' randomness more */
   struct RsaBlindingKey *blind;
   gcry_mpi_t n;
 
   blind = GNUNET_new (struct RsaBlindingKey);
-  GNUNET_assert (NULL != blind);
 
   /* Extract the composite n from the RSA public key */
-  GNUNET_assert (0 == key_from_sexp (&n, pkey->sexp, "rsa", "n"));
+  GNUNET_assert (0 ==
+                 key_from_sexp (&n,
+                                pkey->sexp,
+                                "rsa",
+                                "n"));
   /* Assert that it at least looks like an RSA key */
-  GNUNET_assert (0 == gcry_mpi_get_flag (n, GCRYMPI_FLAG_OPAQUE));
-
+  GNUNET_assert (0 ==
+                 gcry_mpi_get_flag (n,
+                                    GCRYMPI_FLAG_OPAQUE));
   GNUNET_CRYPTO_kdf_mod_mpi (&blind->r,
                              n,
                              xts, strlen (xts),
                              bks, sizeof(*bks),
                              "Blinding KDF");
-  if (0 == rsa_gcd_validate (blind->r, n))
+  if (0 == rsa_gcd_validate (blind->r,
+                             n))
   {
+    gcry_mpi_release (blind->r);
     GNUNET_free (blind);
     blind = NULL;
   }
-
   gcry_mpi_release (n);
   return blind;
 }
@@ -760,8 +766,9 @@ rsa_full_domain_hash (const struct GNUNET_CRYPTO_RsaPublicKey *pkey,
   /* We key with the public denomination key as a homage to RSA-PSS by  *
   * Mihir Bellare and Phillip Rogaway.  Doing this lowers the degree   *
   * of the hypothetical polyomial-time attack on RSA-KTI created by a  *
-  * polynomial-time one-more forgary attack.  Yey seeding!             */
-  xts_len = GNUNET_CRYPTO_rsa_public_key_encode (pkey, &xts);
+  * polynomial-time one-more forgary attack.  Yey seeding!       */
+  xts_len = GNUNET_CRYPTO_rsa_public_key_encode (pkey,
+                                                 &xts);
 
   GNUNET_CRYPTO_kdf_mod_mpi (&r,
                              n,
@@ -769,7 +776,6 @@ rsa_full_domain_hash (const struct GNUNET_CRYPTO_RsaPublicKey *pkey,
                              hash, sizeof(*hash),
                              "RSA-FDA FTpsW!");
   GNUNET_free (xts);
-
   ok = rsa_gcd_validate (r, n);
   gcry_mpi_release (n);
   if (ok)
diff --git a/src/util/test_crypto_eddsa.c b/src/util/test_crypto_eddsa.c
index 459619ff2..e9573a307 100644
--- a/src/util/test_crypto_eddsa.c
+++ b/src/util/test_crypto_eddsa.c
@@ -130,9 +130,11 @@ testDeriveSignVerify (void)
     return GNUNET_SYSERR;
   }
 
-  GNUNET_CRYPTO_eddsa_sign_with_scalar (&dpriv,
-                                        &purp,
-                                        &sig);
+  GNUNET_CRYPTO_eddsa_sign_derived (&key,
+                                    "test-derive",
+                                    "test-CTX",
+                                    &purp,
+                                    &sig);
   if (GNUNET_SYSERR ==
       GNUNET_CRYPTO_eddsa_verify_ (GNUNET_SIGNATURE_PURPOSE_TEST,
                                    &purp,
diff --git a/src/util/test_crypto_edx25519.c b/src/util/test_crypto_edx25519.c
new file mode 100644
index 000000000..ead6f0bb9
--- /dev/null
+++ b/src/util/test_crypto_edx25519.c
@@ -0,0 +1,326 @@
+/*
+     This file is part of GNUnet.
+     Copyright (C) 2022 GNUnet e.V.
+
+     GNUnet is free software: you can redistribute it and/or modify it
+     under the terms of the GNU Affero General Public License as published
+     by the Free Software Foundation, either version 3 of the License,
+     or (at your option) any later version.
+
+     GNUnet is distributed in the hope that it will be useful, but
+     WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     Affero General Public License for more details.
+
+     You should have received a copy of the GNU Affero General Public License
+     along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+     SPDX-License-Identifier: AGPL3.0-or-later
+
+ */
+/**
+ * @file util/test_crypto_edx25519.c
+ * @brief testcase for ECC public key crypto for edx25519
+ * @author Özgür Kesim
+ */
+#include "platform.h"
+#include "gnunet_util_lib.h"
+#include "gnunet_signatures.h"
+#include <gcrypt.h>
+
+#define ITER 25
+
+#define KEYFILE "/tmp/test-gnunet-crypto-edx25519.key"
+
+#define PERF GNUNET_YES
+
+
+static struct GNUNET_CRYPTO_Edx25519PrivateKey key;
+
+
+static int
+testSignVerify (void)
+{
+  struct GNUNET_CRYPTO_Edx25519Signature sig;
+  struct GNUNET_CRYPTO_EccSignaturePurpose purp;
+  struct GNUNET_CRYPTO_Edx25519PublicKey pkey;
+  struct GNUNET_TIME_Absolute start;
+  int ok = GNUNET_OK;
+
+  fprintf (stderr, "%s", "W");
+  GNUNET_CRYPTO_edx25519_key_get_public (&key,
+                                         &pkey);
+  start = GNUNET_TIME_absolute_get ();
+  purp.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose));
+  purp.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TEST);
+
+  for (unsigned int i = 0; i < ITER; i++)
+  {
+    fprintf (stderr, "%s", "."); fflush (stderr);
+    if (GNUNET_SYSERR == GNUNET_CRYPTO_edx25519_sign_ (&key,
+                                                       &purp,
+                                                       &sig))
+    {
+      fprintf (stderr,
+               "GNUNET_CRYPTO_edx25519_sign returned SYSERR\n");
+      ok = GNUNET_SYSERR;
+      continue;
+    }
+    if (GNUNET_SYSERR ==
+        GNUNET_CRYPTO_edx25519_verify_ (GNUNET_SIGNATURE_PURPOSE_TEST,
+                                        &purp,
+                                        &sig,
+                                        &pkey))
+    {
+      fprintf (stderr,
+               "GNUNET_CRYPTO_edx25519_verify failed!\n");
+      ok = GNUNET_SYSERR;
+      continue;
+    }
+    if (GNUNET_SYSERR !=
+        GNUNET_CRYPTO_edx25519_verify_ (
+          GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN,
+          &purp,
+          &sig,
+          &pkey))
+    {
+      fprintf (stderr,
+               "GNUNET_CRYPTO_edx25519_verify failed to fail!\n");
+      ok = GNUNET_SYSERR;
+      continue;
+    }
+  }
+  fprintf (stderr, "\n");
+  printf ("%d EdDSA sign/verify operations %s\n",
+          ITER,
+          GNUNET_STRINGS_relative_time_to_string (
+            GNUNET_TIME_absolute_get_duration (start),
+            GNUNET_YES));
+  return ok;
+}
+
+
+static int
+testDeriveSignVerify (void)
+{
+  struct GNUNET_CRYPTO_EccSignaturePurpose purp;
+  struct GNUNET_CRYPTO_Edx25519Signature sig;
+  struct GNUNET_CRYPTO_Edx25519PrivateKey dkey;
+  struct GNUNET_CRYPTO_Edx25519PublicKey pub;
+  struct GNUNET_CRYPTO_Edx25519PublicKey dpub;
+  struct GNUNET_CRYPTO_Edx25519PublicKey dpub2;
+
+  GNUNET_CRYPTO_edx25519_key_get_public (&key, &pub);
+  GNUNET_CRYPTO_edx25519_private_key_derive (&key,
+                                             "test-derive",
+                                             sizeof("test-derive"),
+                                             &dkey);
+  GNUNET_CRYPTO_edx25519_public_key_derive (&pub,
+                                            "test-derive",
+                                            sizeof("test-derive"),
+                                            &dpub);
+  GNUNET_CRYPTO_edx25519_key_get_public (&dkey, &dpub2);
+
+  if (0 != GNUNET_memcmp (&dpub.q_y, &dpub2.q_y))
+  {
+    fprintf (stderr, "key deriviation failed\n");
+    return GNUNET_SYSERR;
+  }
+
+  purp.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose));
+  purp.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TEST);
+
+  GNUNET_CRYPTO_edx25519_sign_ (&dkey,
+                                &purp,
+                                &sig);
+
+  if (GNUNET_SYSERR ==
+      GNUNET_CRYPTO_edx25519_verify_ (GNUNET_SIGNATURE_PURPOSE_TEST,
+                                      &purp,
+                                      &sig,
+                                      &dpub))
+  {
+    fprintf (stderr,
+             "GNUNET_CRYPTO_edx25519_verify failed after derivation!\n");
+    return GNUNET_SYSERR;
+  }
+
+  if (GNUNET_SYSERR !=
+      GNUNET_CRYPTO_edx25519_verify_ (GNUNET_SIGNATURE_PURPOSE_TEST,
+                                      &purp,
+                                      &sig,
+                                      &pub))
+  {
+    fprintf (stderr,
+             "GNUNET_CRYPTO_edx25519_verify failed to fail after derivation!\n");
+    return GNUNET_SYSERR;
+  }
+
+  if (GNUNET_SYSERR !=
+      GNUNET_CRYPTO_edx25519_verify_ (
+        GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN,
+        &purp,
+        &sig,
+        &dpub))
+  {
+    fprintf (stderr,
+             "GNUNET_CRYPTO_edx25519_verify failed to fail after derivation!\n");
+    return GNUNET_SYSERR;
+  }
+  return GNUNET_OK;
+}
+
+
+#if PERF
+static int
+testSignPerformance ()
+{
+  struct GNUNET_CRYPTO_EccSignaturePurpose purp;
+  struct GNUNET_CRYPTO_Edx25519Signature sig;
+  struct GNUNET_CRYPTO_Edx25519PublicKey pkey;
+  struct GNUNET_TIME_Absolute start;
+  int ok = GNUNET_OK;
+
+  purp.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose));
+  purp.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TEST);
+  fprintf (stderr, "%s", "W");
+  GNUNET_CRYPTO_edx25519_key_get_public (&key,
+                                         &pkey);
+  start = GNUNET_TIME_absolute_get ();
+  for (unsigned int i = 0; i < ITER; i++)
+  {
+    fprintf (stderr, "%s", ".");
+    fflush (stderr);
+    if (GNUNET_SYSERR ==
+        GNUNET_CRYPTO_edx25519_sign_ (&key,
+                                      &purp,
+                                      &sig))
+    {
+      fprintf (stderr, "%s", "GNUNET_CRYPTO_edx25519_sign returned SYSERR\n");
+      ok = GNUNET_SYSERR;
+      continue;
+    }
+  }
+  fprintf (stderr, "\n");
+  printf ("%d EdDSA sign operations %s\n",
+          ITER,
+          GNUNET_STRINGS_relative_time_to_string (
+            GNUNET_TIME_absolute_get_duration (start),
+            GNUNET_YES));
+  return ok;
+}
+
+
+#endif
+
+
+#if 0 /* not implemented */
+static int
+testCreateFromFile (void)
+{
+  struct GNUNET_CRYPTO_Edx25519PublicKey p1;
+  struct GNUNET_CRYPTO_Edx25519PublicKey p2;
+
+  /* do_create == GNUNET_YES and non-existing file MUST return GNUNET_YES */
+  GNUNET_assert (0 == unlink (KEYFILE) || ENOENT == errno);
+  GNUNET_assert (GNUNET_YES ==
+                 GNUNET_CRYPTO_edx25519_key_from_file (KEYFILE,
+                                                       GNUNET_YES,
+                                                       &key));
+  GNUNET_CRYPTO_edx25519_key_get_public (&key,
+                                         &p1);
+
+  /* do_create == GNUNET_YES and _existing_ file MUST return GNUNET_NO */
+  GNUNET_assert (GNUNET_NO ==
+                 GNUNET_CRYPTO_edx25519_key_from_file (KEYFILE,
+                                                       GNUNET_YES,
+                                                       &key));
+  GNUNET_CRYPTO_edx25519_key_get_public (&key,
+                                         &p2);
+  GNUNET_assert (0 ==
+                 GNUNET_memcmp (&p1,
+                                &p2));
+
+  /* do_create == GNUNET_NO and non-existing file MUST return GNUNET_SYSERR */
+  GNUNET_assert (0 == unlink (KEYFILE));
+  GNUNET_assert (GNUNET_SYSERR ==
+                 GNUNET_CRYPTO_edx25519_key_from_file (KEYFILE,
+                                                       GNUNET_NO,
+                                                       &key));
+  return GNUNET_OK;
+}
+
+
+#endif
+
+
+static void
+perf_keygen (void)
+{
+  struct GNUNET_TIME_Absolute start;
+  struct GNUNET_CRYPTO_Edx25519PrivateKey pk;
+
+  fprintf (stderr, "%s", "W");
+  start = GNUNET_TIME_absolute_get ();
+  for (unsigned int i = 0; i < 10; i++)
+  {
+    fprintf (stderr, ".");
+    fflush (stderr);
+    GNUNET_CRYPTO_edx25519_key_create (&pk);
+  }
+  fprintf (stderr, "\n");
+  printf ("10 EdDSA keys created in %s\n",
+          GNUNET_STRINGS_relative_time_to_string (
+            GNUNET_TIME_absolute_get_duration (start), GNUNET_YES));
+}
+
+
+int
+main (int argc, char *argv[])
+{
+  int failure_count = 0;
+
+  if (! gcry_check_version ("1.6.0"))
+  {
+    fprintf (stderr,
+             "libgcrypt has not the expected version (version %s is required).\n",
+             "1.6.0");
+    return 0;
+  }
+  if (getenv ("GNUNET_GCRYPT_DEBUG"))
+    gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u, 0);
+  GNUNET_log_setup ("test-crypto-edx25519",
+                    "WARNING",
+                    NULL);
+  GNUNET_CRYPTO_edx25519_key_create (&key);
+  if (GNUNET_OK != testDeriveSignVerify ())
+  {
+    failure_count++;
+    fprintf (stderr,
+             "\n\n%d TESTS FAILED!\n\n", failure_count);
+    return -1;
+  }
+#if PERF
+  if (GNUNET_OK != testSignPerformance ())
+    failure_count++;
+#endif
+  if (GNUNET_OK != testSignVerify ())
+    failure_count++;
+#if 0 /* not implemented */
+  if (GNUNET_OK != testCreateFromFile ())
+    failure_count++;
+#endif
+  perf_keygen ();
+
+  if (0 != failure_count)
+  {
+    fprintf (stderr,
+             "\n\n%d TESTS FAILED!\n\n",
+             failure_count);
+    return -1;
+  }
+  return 0;
+}
+
+
+/* end of test_crypto_edx25519.c */
diff --git a/src/util/time.c b/src/util/time.c
index 68a6937a0..cf072aebf 100644
--- a/src/util/time.c
+++ b/src/util/time.c
@@ -58,6 +58,22 @@ GNUNET_TIME_get_offset ()
 }
 
 
+bool
+GNUNET_TIME_absolute_approx_eq (struct GNUNET_TIME_Absolute a1,
+                                struct GNUNET_TIME_Absolute a2,
+                                struct GNUNET_TIME_Relative t)
+{
+  struct GNUNET_TIME_Relative delta;
+
+  delta = GNUNET_TIME_relative_min (
+    GNUNET_TIME_absolute_get_difference (a1, a2),
+    GNUNET_TIME_absolute_get_difference (a2, a1));
+  return GNUNET_TIME_relative_cmp (delta,
+                                   <=,
+                                   t);
+}
+
+
 struct GNUNET_TIME_Timestamp
 GNUNET_TIME_absolute_to_timestamp (struct GNUNET_TIME_Absolute at)
 {
@@ -370,6 +386,20 @@ GNUNET_TIME_timestamp_min (struct GNUNET_TIME_Timestamp t1,
 }
 
 
+struct GNUNET_TIME_Absolute
+GNUNET_TIME_absolute_round_down (struct GNUNET_TIME_Absolute at,
+                                 struct GNUNET_TIME_Relative rt)
+{
+  struct GNUNET_TIME_Absolute ret;
+
+  GNUNET_assert (! GNUNET_TIME_relative_is_zero (rt));
+  ret.abs_value_us
+    = at.abs_value_us
+    - at.abs_value_us % rt.rel_value_us;
+  return ret;
+}
+
+
 struct GNUNET_TIME_Relative
 GNUNET_TIME_absolute_get_remaining (struct GNUNET_TIME_Absolute future)
 {