9 files changed, 344 insertions, 8 deletions

diff --git a/configure.ac b/configure.ac
index 71832fcdf..965c483c3 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1345,6 +1345,8 @@ src/psycstore/psycstore.conf
 src/pt/Makefile
 src/regex/Makefile
 src/regex/regex.conf
+src/revocation/Makefile
+src/revocation/regex.conf
 src/scalarproduct/Makefile
 src/scalarproduct/scalarproduct.conf
 src/set/Makefile
diff --git a/src/Makefile.am b/src/Makefile.am
index 8c107bf83..c724e3ed0 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -63,6 +63,7 @@ SUBDIRS = \
   dns \
   identity \
   set \
+  revocation \
   namestore \
   vpn \
   gns \
diff --git a/src/include/Makefile.am b/src/include/Makefile.am
index f93c60bdf..9a6594b41 100644
--- a/src/include/Makefile.am
+++ b/src/include/Makefile.am
@@ -70,6 +70,7 @@ gnunetinclude_HEADERS = \
   gnunet_protocols.h \
   gnunet_resolver_service.h \
   gnunet_regex_service.h \
+  gnunet_revocation_service.h \
   gnunet_scalarproduct_service.h \
   gnunet_scheduler_lib.h \
   gnunet_server_lib.h \
diff --git a/src/include/gnunet_protocols.h b/src/include/gnunet_protocols.h
index 38dcff976..c174006cf 100644
--- a/src/include/gnunet_protocols.h
+++ b/src/include/gnunet_protocols.h
@@ -1932,6 +1932,31 @@ extern "C"
 
 
 /*******************************************************************************
+ * REVOCATION message types
+ ******************************************************************************/
+
+/**
+ * Client to service: was this key revoked?
+ */
+#define GNUNET_MESSAGE_TYPE_REVOCATION_QUERY 636
+
+/**
+ * Service to client: answer if key was revoked!
+ */
+#define GNUNET_MESSAGE_TYPE_REVOCATION_QUERY_RESPONSE 637
+
+/**
+ * Client to service OR peer-to-peer: revoke this key!
+ */
+#define GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE 638
+
+/**
+ * Service to client: revocation confirmed
+ */
+#define GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE_RESPONSE 639
+
+
+/*******************************************************************************
  * SCALARPRODUCT message types
  ******************************************************************************/
 
@@ -2086,18 +2111,13 @@ extern "C"
 #define GNUNET_MESSAGE_TYPE_PSYC_STATE_MOD_CONT 710
 
 
-/**
- * Next available: 730
- */
-
-
-
-/* WIP: no numbers assigned yet */
-
 /*******************************************************************************
  * MULTICAST message types
  ******************************************************************************/
 
+
+/* WIP: no numbers assigned yet */
+
 /**
  * Multicast message from the origin to all members.
  */
@@ -2150,6 +2170,11 @@ extern "C"
 #define GNUNET_MESSAGE_TYPE_MULTICAST_REPLAY_REQUEST_CANCEL
 
 
+/**
+ * Next available: 750
+ */
+
+
 /*******************************************************************************
  * PSYC message types
  ******************************************************************************/
diff --git a/src/include/gnunet_revocation_service.h b/src/include/gnunet_revocation_service.h
new file mode 100644
index 000000000..772dbbe75
--- /dev/null
+++ b/src/include/gnunet_revocation_service.h
@@ -0,0 +1,143 @@
+/*
+      This file is part of GNUnet
+      (C) 2013 Christian Grothoff (and other contributing authors)
+
+      GNUnet is free software; you can redistribute it and/or modify
+      it under the terms of the GNU General Public Licerevocation as published
+      by the Free Software Foundation; either version 3, or (at your
+      option) any later version.
+
+      GNUnet is distributed in the hope that it will be useful, but
+      WITHOUT ANY WARRANTY; without even the implied warranty of
+      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+      General Public Licerevocation for more details.
+
+      You should have received a copy of the GNU General Public Licerevocation
+      along with GNUnet; see the file COPYING.  If not, write to the
+      Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+      Boston, MA 02111-1307, USA.
+ */
+
+#ifndef GNUNET_REVOCATION_SERVICE_H_
+#define GNUNET_REVOCATION_SERVICE_H_
+
+/**
+ * @file include/gnunet_revocation_service.h
+ * @brief API to perform and access key revocations
+ * @defgroup revocation key revocation service
+ * @{
+ */
+
+#ifdef __cplusplus
+extern "C"
+{
+#if 0                           /* keep Emacsens' auto-indent happy */
+}
+#endif
+#endif
+
+#include "gnunet_util_lib.h"
+
+/**
+ * Version of the key revocation API.
+ */
+#define GNUNET_REVOCATION_VERSION 0x00000000
+
+/**
+ * Handle for the key revocation query.
+ */
+struct GNUNET_REVOCATION_Query;
+
+/**
+ * Callback to call with the result of a key revocation query.
+ *
+ * @param cls closure
+ * @param is_valid #GNUNET_NO of the key is/was revoked, 
+ *                 #GNUNET_YES if the key is still valid
+ *
+ */
+typedef void (*GNUNET_REVOCATION_Callback) (void *cls,
+                                            int is_valid);
+
+
+/**
+ * Check if a key was revoked.
+ *
+ * @param cfg the configuration to use
+ * @param key key to check for revocation
+ * @param func funtion to call with the result of the check
+ * @param func_cls closure to pass to @a func
+ * @return handle to use in #GNUNET_REVOCATION_query_cancel to stop REVOCATION from invoking the callback
+ */
+struct GNUNET_REVOCATION_Query *
+GNUNET_REVOCATION_query (const struct GNUNET_CONFIGURATION_Handle *cfg,
+                         const struct GNUNET_CRYPTO_EccPublicSignKey *key,
+                         GNUNET_REVOCATION_Callback func, void *func_cls);
+
+
+/**
+ * Cancel key revocation check.
+ *
+ * @param q query to cancel
+ */
+void
+GNUNET_REVOCATION_query_cancel (struct GNUNET_REVOCATION_Query *q);
+
+
+/**
+ * Handle for the key revocation operation.
+ */
+struct GNUNET_REVOCATION_Handle;
+
+
+/**
+ * Perform key revocation.
+ *
+ * @param cfg the configuration to use
+ * @param key key to revoke
+ * @param pow proof of work to use
+ * @param func funtion to call with the result of the check
+ *             (called with `is_valid` being #GNUNET_NO if
+ *              the revocation worked).
+ * @param func_cls closure to pass to @a func
+ * @return handle to use in #GNUNET_REVOCATION_cancel to stop REVOCATION from invoking the callback
+ */
+struct GNUNET_REVOCATION_Handle *
+GNUNET_REVOCATION_revoke (const struct GNUNET_CONFIGURATION_Handle *cfg,
+                          const struct GNUNET_CRYPTO_EccPrivateKey *key,
+                          uint64_t pow,
+                          GNUNET_REVOCATION_Callback func, void *func_cls);
+
+
+/**
+ * Cancel key revocation.
+ *
+ * @param h operation to cancel
+ */
+void
+GNUNET_REVOCATION_revoke_cancel (struct GNUNET_REVOCATION_Handle *h);
+
+
+/**
+ * Check if the given proof-of-work value
+ * would be acceptable for revoking the given key.
+ *
+ * @param key key to check for
+ * @param pow proof of work value
+ * @return #GNUNET_YES if the @a pow is acceptable, #GNUNET_NO if not
+ */
+int
+GNUNET_REVOCATION_check_pow (const struct GNUNET_CRYPTO_EccPublicSignKey *key,
+                             uint64_t pow);
+
+
+#if 0                           /* keep Emacsens' auto-indent happy */
+{
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+/** @} */ /* end of group revocation */
+
+#endif /* GNUNET_REVOCATION_SERVICE_H_ */
diff --git a/src/include/gnunet_signatures.h b/src/include/gnunet_signatures.h
index 5ecc7830f..54cf36209 100644
--- a/src/include/gnunet_signatures.h
+++ b/src/include/gnunet_signatures.h
@@ -53,6 +53,11 @@ extern "C"
 #define GNUNET_SIGNATURE_PURPOSE_TRANSPORT_DISCONNECT 2
 
 /**
+ * Signature for confirming a key revocation.
+ */
+#define GNUNET_SIGNATURE_PURPOSE_REVOCATION 3
+
+/**
  * Signature for a namespace/pseudonym advertisement (by
  * the namespace owner).
  */
diff --git a/src/revocation/Makefile.am b/src/revocation/Makefile.am
new file mode 100644
index 000000000..cc0dfd15f
--- /dev/null
+++ b/src/revocation/Makefile.am
@@ -0,0 +1,20 @@
+AM_CPPFLAGS = -I$(top_srcdir)/src/include
+
+if MINGW
+ WINFLAGS = -Wl,--no-undefined -Wl,--export-all-symbols 
+endif
+
+if USE_COVERAGE
+  AM_CFLAGS = --coverage -O0
+  XLIB = -lgcov
+endif
+
+pkgcfgdir= $(pkgdatadir)/config.d/
+
+libexecdir= $(pkglibdir)/libexec/
+
+pkgcfg_DATA = \
+  revocation.conf
+
+
+EXTRA_DIST = revocation.h
\ No newline at end of file
diff --git a/src/revocation/revocation.conf.in b/src/revocation/revocation.conf.in
new file mode 100644
index 000000000..9c2485117
--- /dev/null
+++ b/src/revocation/revocation.conf.in
@@ -0,0 +1,18 @@
+[revocation]
+AUTOSTART = NO 
+# not yet...
+@JAVAPORT@PORT = 2112
+HOSTNAME = localhost
+HOME = $SERVICEHOME
+BINARY = gnunet-service-revocation
+ACCEPT_FROM = 127.0.0.1;
+ACCEPT_FROM6 = ::1;
+UNIXPATH = /tmp/gnunet-service-revocation.unix
+UNIX_MATCH_UID = NO
+UNIX_MATCH_GID = YES
+
+# 2^25 hash operations take about 16-24h on a modern i7
+# (using only a single-core) with SCRYPT.
+# DO NOT CHANGE THIS VALUE, doing so will break the protocol!
+WORKBITS = 25
+
diff --git a/src/revocation/revocation.h b/src/revocation/revocation.h
new file mode 100644
index 000000000..aa15fd44a
--- /dev/null
+++ b/src/revocation/revocation.h
@@ -0,0 +1,121 @@
+/*
+     This file is part of GNUnet.
+     (C) 2013 Christian Grothoff (and other contributing authors)
+
+     GNUnet is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published
+     by the Free Software Foundation; either version 3, or (at your
+     option) any later version.
+
+     GNUnet is distributed in the hope that it will be useful, but
+     WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     General Public License for more details.
+
+     You should have received a copy of the GNU General Public License
+     along with GNUnet; see the file COPYING.  If not, write to the
+     Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+     Boston, MA 02111-1307, USA.
+*/
+
+/**
+ * @author Christian Grothoff
+ * @file revocation/revocation.h
+ * @brief messages for key revocation
+ */
+#ifndef REVOCATION_H
+#define REVOCATION_H
+
+#include "gnunet_util_lib.h"
+
+GNUNET_NETWORK_STRUCT_BEGIN
+
+/**
+ * Query key revocation status.
+ */
+struct GNUNET_REVOCATION_QueryMessage
+{
+  /**
+   * Type: #GNUNET_MESSAGE_TYPE_REVOCATION_QUERY
+   */
+  struct GNUNET_MessageHeader header;
+
+  /**
+   * For alignment.
+   */
+  uint32_t reserved GNUNET_PACKED;
+
+  /**
+   * Key to check.
+   */
+  struct GNUNET_CRYPTO_EccPublicSignKey key GNUNET_PACKED;
+
+};
+
+
+/**
+ * Key revocation response.
+ */
+struct GNUNET_REVOCATION_QueryResponseMessage
+{
+  /**
+   * Type: #GNUNET_MESSAGE_TYPE_REVOCATION_QUERY_RESPONSE
+   */
+  struct GNUNET_MessageHeader header;
+
+  /**
+   * #GNUNET_NO if revoked, #GNUNET_YES if valid.
+   */
+  uint32_t is_valid GNUNET_PACKED;
+
+};
+
+
+/**
+ * Revoke key.  These messages are exchanged between peers (during
+ * flooding) but also sent by the client to the service.  When the
+ * client sends it to the service, the message is answered by a
+ * #GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE_RESPONSE (which is just
+ * in a `struct GNUNET_MessageHeader`.
+ */
+struct GNUNET_REVOCATION_RevokeMessage
+{
+  /**
+   * Type: #GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE
+   */
+  struct GNUNET_MessageHeader header;
+
+  /**
+   * For alignment.
+   */
+  uint32_t reserved GNUNET_PACKED;
+
+  /**
+   * Signature confirming revocation.
+   */
+  struct GNUNET_CRYPTO_EccSignature signature  GNUNET_PACKED;
+
+  /**
+   * Must have purpose #GNUNET_SIGNATURE_PURPOSE_REVOCATION,
+   * size expands over the key and the proof of work.
+   */
+  struct GNUNET_CRYPTO_EccSignaturePurpose purpose GNUNET_PACKED;
+
+  /**
+   * Key to revoke.
+   */
+  struct GNUNET_CRYPTO_EccPublicSignKey public_key GNUNET_PACKED;
+
+  /**
+   * Number that causes a hash collision with the @e public_key.
+   */
+  uint64_t proof_of_work GNUNET_PACKED;
+
+};
+
+
+GNUNET_NETWORK_STRUCT_END
+
+
+
+#endif