11 files changed, 2863 insertions, 1 deletions

diff --git a/src/service/Makefile.am b/src/service/Makefile.am
index e39b28ae9..52dec5726 100644
--- a/src/service/Makefile.am
+++ b/src/service/Makefile.am
@@ -22,4 +22,6 @@ SUBDIRS = \
         cadet \
   seti \
   setu \
-  regex
+  regex \
+  revocation
+
diff --git a/src/service/revocation/.gitignore b/src/service/revocation/.gitignore
new file mode 100644
index 000000000..1432f7922
--- /dev/null
+++ b/src/service/revocation/.gitignore
@@ -0,0 +1,5 @@
+gnunet-service-revocation
+gnunet-revocation
+test_revocation
+test_local_revocation.py
+gnunet-revocation-tvg
diff --git a/src/service/revocation/Makefile.am b/src/service/revocation/Makefile.am
new file mode 100644
index 000000000..726c75ab6
--- /dev/null
+++ b/src/service/revocation/Makefile.am
@@ -0,0 +1,74 @@
+# This Makefile.am is in the public domain
+AM_CPPFLAGS = -I$(top_srcdir)/src/include
+
+plugindir = $(libdir)/gnunet
+
+if USE_COVERAGE
+  AM_CFLAGS = --coverage -O0
+  XLIB = -lgcov
+endif
+
+pkgcfgdir= $(pkgdatadir)/config.d/
+
+libexecdir= $(pkglibdir)/libexec/
+
+pkgcfg_DATA = \
+  revocation.conf
+
+test_revocation_lsd0001testvectors_SOURCES = \
+ test_revocation_testvectors.c
+test_revocation_lsd0001testvectors_LDADD = \
+  $(top_builddir)/src/service/testing/libgnunettesting.la \
+        $(top_builddir)/src/service/identity/libgnunetidentity.la \
+  libgnunetrevocation.la \
+  $(top_builddir)/src/lib/util/libgnunetutil.la
+
+lib_LTLIBRARIES = libgnunetrevocation.la
+
+libgnunetrevocation_la_SOURCES = \
+  revocation_api.c revocation.h
+libgnunetrevocation_la_LIBADD = \
+  $(top_builddir)/src/lib/util/libgnunetutil.la \
+  $(top_builddir)/src/service/identity/libgnunetidentity.la \
+  $(LIBGCRYPT_LIBS) \
+  $(GN_LIBINTL) $(XLIB) -lgcrypt
+libgnunetrevocation_la_LDFLAGS = \
+  $(GN_LIB_LDFLAGS)   \
+  -version-info 0:0:0
+
+libexec_PROGRAMS = \
+ gnunet-service-revocation
+
+gnunet_service_revocation_SOURCES = \
+ gnunet-service-revocation.c
+gnunet_service_revocation_LDADD = \
+  libgnunetrevocation.la \
+  $(top_builddir)/src/service/core/libgnunetcore.la \
+  $(top_builddir)/src/service/setu/libgnunetsetu.la \
+  $(top_builddir)/src/service/statistics/libgnunetstatistics.la \
+  $(top_builddir)/src/service/identity/libgnunetidentity.la  \
+  $(top_builddir)/src/lib/util/libgnunetutil.la \
+  -lm \
+  $(GN_LIBINTL)
+
+test_revocation_SOURCES = \
+ test_revocation.c
+test_revocation_LDADD = \
+ $(top_builddir)/src/service/identity/libgnunetidentity.la \
+ libgnunetrevocation.la \
+ $(top_builddir)/src//core/libgnunetcore.la \
+ $(top_builddir)/src/lib/util/libgnunetutil.la \
+ $(top_builddir)/src/testbed/libgnunettestbed.la
+
+check_PROGRAMS = \
+ #test_revocation \
+ #test_revocation_lsd0001testvectors
+
+if ENABLE_TEST_RUN
+ AM_TESTS_ENVIRONMENT=export GNUNET_PREFIX=$${GNUNET_PREFIX:-@libdir@};export PATH=$${GNUNET_PREFIX:-@prefix@}/bin:$$PATH;unset XDG_DATA_HOME;unset XDG_CONFIG_HOME;
+ TESTS = \
+ $(check_SCRIPTS) \
+ $(check_PROGRAMS)
+endif
+
+EXTRA_DIST = test_revocation.conf
diff --git a/src/service/revocation/gnunet-service-revocation.c b/src/service/revocation/gnunet-service-revocation.c
new file mode 100644
index 000000000..3755b87e5
--- /dev/null
+++ b/src/service/revocation/gnunet-service-revocation.c
@@ -0,0 +1,1064 @@
+/*
+   This file is part of GNUnet.
+   Copyright (C) 2013, 2014, 2016 GNUnet e.V.
+
+   GNUnet is free software: you can redistribute it and/or modify it
+   under the terms of the GNU Affero General Public License as published
+   by the Free Software Foundation, either version 3 of the License,
+   or (at your option) any later version.
+
+   GNUnet is distributed in the hope that it will be useful, but
+   WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Affero General Public License for more details.
+
+   You should have received a copy of the GNU Affero General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+     SPDX-License-Identifier: AGPL3.0-or-later
+ */
+
+/**
+ * @file revocation/gnunet-service-revocation.c
+ * @brief key revocation service
+ * @author Christian Grothoff
+ *
+ * The purpose of this service is to allow users to permanently revoke
+ * (compromised) keys.  This is done by flooding the network with the
+ * revocation requests.  To reduce the attack potential offered by such
+ * flooding, revocations must include a proof of work.  We use the
+ * set service for efficiently computing the union of revocations of
+ * peers that connect.
+ *
+ * TODO:
+ * - optimization: avoid sending revocation back to peer that we got it from;
+ * - optimization: have randomized delay in sending revocations to other peers
+ *                 to make it rare to traverse each link twice (NSE-style)
+ */
+#include "platform.h"
+#include <math.h>
+#include "gnunet_util_lib.h"
+#include "gnunet_block_lib.h"
+#include "gnunet_constants.h"
+#include "gnunet_protocols.h"
+#include "gnunet_signatures.h"
+#include "gnunet_statistics_service.h"
+#include "gnunet_core_service.h"
+#include "gnunet_revocation_service.h"
+#include "gnunet_setu_service.h"
+#include "revocation.h"
+#include <gcrypt.h>
+
+
+/**
+ * Per-peer information.
+ */
+struct PeerEntry
+{
+  /**
+   * Queue for sending messages to this peer.
+   */
+  struct GNUNET_MQ_Handle *mq;
+
+  /**
+   * What is the identity of the peer?
+   */
+  struct GNUNET_PeerIdentity id;
+
+  /**
+   * Tasked used to trigger the set union operation.
+   */
+  struct GNUNET_SCHEDULER_Task *transmit_task;
+
+  /**
+   * Handle to active set union operation (over revocation sets).
+   */
+  struct GNUNET_SETU_OperationHandle *so;
+};
+
+
+/**
+ * Set from all revocations known to us.
+ */
+static struct GNUNET_SETU_Handle *revocation_set;
+
+/**
+ * Hash map with all revoked keys, maps the hash of the public key
+ * to the respective `struct RevokeMessage`.
+ */
+static struct GNUNET_CONTAINER_MultiHashMap *revocation_map;
+
+/**
+ * Handle to our current configuration.
+ */
+static const struct GNUNET_CONFIGURATION_Handle *cfg;
+
+/**
+ * Handle to the statistics service.
+ */
+static struct GNUNET_STATISTICS_Handle *stats;
+
+/**
+ * Handle to the core service (for flooding)
+ */
+static struct GNUNET_CORE_Handle *core_api;
+
+/**
+ * Map of all connected peers.
+ */
+static struct GNUNET_CONTAINER_MultiPeerMap *peers;
+
+/**
+ * The peer identity of this peer.
+ */
+static struct GNUNET_PeerIdentity my_identity;
+
+/**
+ * File handle for the revocation database.
+ */
+static struct GNUNET_DISK_FileHandle *revocation_db;
+
+/**
+ * Handle for us listening to incoming revocation set union requests.
+ */
+static struct GNUNET_SETU_ListenHandle *revocation_union_listen_handle;
+
+/**
+ * Amount of work required (W-bit collisions) for REVOCATION proofs, in collision-bits.
+ */
+static unsigned long long revocation_work_required;
+
+/**
+ * Length of an expiration expoch
+ */
+static struct GNUNET_TIME_Relative epoch_duration;
+
+/**
+ * Our application ID for set union operations.  Must be the
+ * same for all (compatible) peers.
+ */
+static struct GNUNET_HashCode revocation_set_union_app_id;
+
+
+/**
+ * Create a new PeerEntry and add it to the peers multipeermap.
+ *
+ * @param peer the peer identity
+ * @return a pointer to the new PeerEntry
+ */
+static struct PeerEntry *
+new_peer_entry (const struct GNUNET_PeerIdentity *peer)
+{
+  struct PeerEntry *peer_entry;
+
+  peer_entry = GNUNET_new (struct PeerEntry);
+  peer_entry->id = *peer;
+  GNUNET_assert (GNUNET_OK ==
+                 GNUNET_CONTAINER_multipeermap_put (peers,
+                                                    &peer_entry->id,
+                                                    peer_entry,
+                                                    GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
+  return peer_entry;
+}
+
+
+/**
+ * An revoke message has been received, check that it is well-formed.
+ *
+ * @param rm the message to verify
+ * @return #GNUNET_YES if the message is verified
+ *         #GNUNET_NO if the key/signature don't verify
+ */
+static enum GNUNET_GenericReturnValue
+verify_revoke_message (const struct RevokeMessage *rm)
+{
+  const struct GNUNET_REVOCATION_PowP *pow
+    = (const struct GNUNET_REVOCATION_PowP *) &rm[1];
+
+  if (GNUNET_YES !=
+      GNUNET_REVOCATION_check_pow (pow,
+                                   (unsigned int) revocation_work_required,
+                                   epoch_duration))
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "Proof of work invalid!\n");
+    GNUNET_break_op (0);
+    return GNUNET_NO;
+  }
+  return GNUNET_YES;
+}
+
+
+/**
+ * Handle client connecting to the service.
+ *
+ * @param cls NULL
+ * @param client the new client
+ * @param mq the message queue of @a client
+ * @return @a client
+ */
+static void *
+client_connect_cb (void *cls,
+                   struct GNUNET_SERVICE_Client *client,
+                   struct GNUNET_MQ_Handle *mq)
+{
+  return client;
+}
+
+
+/**
+ * Handle client connecting to the service.
+ *
+ * @param cls NULL
+ * @param client the new client
+ * @param app_cls must alias @a client
+ */
+static void
+client_disconnect_cb (void *cls,
+                      struct GNUNET_SERVICE_Client *client,
+                      void *app_cls)
+{
+  GNUNET_assert (client == app_cls);
+}
+
+static int
+check_query_message (void *cls,
+                     const struct QueryMessage *qm)
+{
+  uint16_t size;
+
+  size = ntohs (qm->header.size);
+  if (size <= sizeof(struct RevokeMessage) ||
+      (size > UINT16_MAX))
+  {
+    GNUNET_break (0);
+    return GNUNET_SYSERR;
+  }
+  return GNUNET_OK;
+
+}
+
+
+/**
+ * Handle QUERY message from client.
+ *
+ * @param cls client who sent the message
+ * @param qm the message received
+ */
+static void
+handle_query_message (void *cls,
+                      const struct QueryMessage *qm)
+{
+  struct GNUNET_SERVICE_Client *client = cls;
+  struct GNUNET_CRYPTO_PublicKey zone;
+  struct GNUNET_MQ_Envelope *env;
+  struct QueryResponseMessage *qrm;
+  struct GNUNET_HashCode hc;
+  int res;
+  size_t key_len;
+  size_t read;
+
+  key_len = ntohl (qm->key_len);
+  if ((GNUNET_SYSERR ==
+       GNUNET_CRYPTO_read_public_key_from_buffer (&qm[1], key_len,
+                                                    &zone, &read)) ||
+      (read != key_len))
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Unable to parse query public key\n");
+    GNUNET_SERVICE_client_drop (client);
+    return;
+  }
+  GNUNET_CRYPTO_hash (&qm[1],
+                      key_len,
+                      &hc);
+  res = GNUNET_CONTAINER_multihashmap_contains (revocation_map,
+                                                &hc);
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              (GNUNET_NO == res)
+              ? "Received revocation check for valid key `%s' from client\n"
+              : "Received revocation check for revoked key `%s' from client\n",
+              GNUNET_h2s (&hc));
+  env = GNUNET_MQ_msg (qrm,
+                       GNUNET_MESSAGE_TYPE_REVOCATION_QUERY_RESPONSE);
+  qrm->is_valid = htonl ((GNUNET_YES == res) ? GNUNET_NO : GNUNET_YES);
+  GNUNET_MQ_send (GNUNET_SERVICE_client_get_mq (client),
+                  env);
+  GNUNET_SERVICE_client_continue (client);
+}
+
+
+/**
+ * Flood the given revocation message to all neighbours.
+ *
+ * @param cls the `struct RevokeMessage` to flood
+ * @param target a neighbour
+ * @param value our `struct PeerEntry` for the neighbour
+ * @return #GNUNET_OK (continue to iterate)
+ */
+static enum GNUNET_GenericReturnValue
+do_flood (void *cls,
+          const struct GNUNET_PeerIdentity *target,
+          void *value)
+{
+  const struct RevokeMessage *rm = cls;
+  struct PeerEntry *pe = value;
+  struct GNUNET_MQ_Envelope *e;
+  struct RevokeMessage *cp;
+
+  if (NULL == pe->mq)
+    return GNUNET_OK; /* peer connected to us via SET,
+                         but we have no direct CORE
+                         connection for flooding */
+  e = GNUNET_MQ_msg_extra (cp,
+                           htonl (rm->pow_size),
+                           GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE);
+  *cp = *rm;
+  memcpy (&cp[1],
+          &rm[1],
+          htonl (rm->pow_size));
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Flooding revocation to `%s'\n",
+              GNUNET_i2s (target));
+  GNUNET_MQ_send (pe->mq,
+                  e);
+  return GNUNET_OK;
+}
+
+
+/**
+ * Publicize revocation message.   Stores the message locally in the
+ * database and passes it to all connected neighbours (and adds it to
+ * the set for future connections).
+ *
+ * @param rm message to publicize
+ * @return #GNUNET_OK on success, #GNUNET_NO if we encountered an error,
+ *         #GNUNET_SYSERR if the message was malformed
+ */
+static enum GNUNET_GenericReturnValue
+publicize_rm (const struct RevokeMessage *rm)
+{
+  struct RevokeMessage *cp;
+  struct GNUNET_HashCode hc;
+  struct GNUNET_SETU_Element e;
+  ssize_t pklen;
+  const struct GNUNET_REVOCATION_PowP *pow
+    = (const struct GNUNET_REVOCATION_PowP *) &rm[1];
+  const struct GNUNET_CRYPTO_PublicKey *pk
+    = (const struct GNUNET_CRYPTO_PublicKey *) &pow[1];
+
+  /** FIXME yeah this works, but should we have a key length somewhere? */
+  pklen = GNUNET_CRYPTO_public_key_get_length (pk);
+  if (0 > pklen)
+  {
+    GNUNET_break_op (0);
+    return GNUNET_SYSERR;
+  }
+  GNUNET_CRYPTO_hash (pk,
+                      pklen,
+                      &hc);
+  if (GNUNET_YES ==
+      GNUNET_CONTAINER_multihashmap_contains (revocation_map,
+                                              &hc))
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "Duplicate revocation received from peer. Ignored.\n");
+    return GNUNET_OK;
+  }
+  if (GNUNET_OK !=
+      verify_revoke_message (rm))
+  {
+    GNUNET_break_op (0);
+    return GNUNET_SYSERR;
+  }
+  /* write to disk */
+  if (sizeof(struct RevokeMessage) !=
+      GNUNET_DISK_file_write (revocation_db,
+                              rm,
+                              sizeof(struct RevokeMessage)))
+  {
+    GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR,
+                         "write");
+    return GNUNET_NO;
+  }
+  if (GNUNET_OK !=
+      GNUNET_DISK_file_sync (revocation_db))
+  {
+    GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR,
+                         "sync");
+    return GNUNET_NO;
+  }
+  /* keep copy in memory */
+  cp = (struct RevokeMessage *) GNUNET_copy_message (&rm->header);
+  GNUNET_break (GNUNET_OK ==
+                GNUNET_CONTAINER_multihashmap_put (revocation_map,
+                                                   &hc,
+                                                   cp,
+                                                   GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
+  /* add to set for future connections */
+  e.size = htons (rm->header.size);
+  e.element_type = GNUNET_BLOCK_TYPE_REVOCATION;
+  e.data = rm;
+  if (GNUNET_OK !=
+      GNUNET_SETU_add_element (revocation_set,
+                               &e,
+                               NULL,
+                               NULL))
+  {
+    GNUNET_break (0);
+    return GNUNET_OK;
+  }
+  else
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "Added revocation info to SET\n");
+  }
+  /* flood to neighbours */
+  GNUNET_CONTAINER_multipeermap_iterate (peers,
+                                         &do_flood,
+                                         cp);
+  return GNUNET_OK;
+}
+
+
+static int
+check_revoke_message (void *cls,
+                      const struct RevokeMessage *rm)
+{
+  uint16_t size;
+
+  size = ntohs (rm->header.size);
+  if (size <= sizeof(struct RevokeMessage) ||
+      (size > UINT16_MAX))
+  {
+    GNUNET_break (0);
+    return GNUNET_SYSERR;
+  }
+  return GNUNET_OK;
+
+}
+
+
+/**
+ * Handle REVOKE message from client.
+ *
+ * @param cls client who sent the message
+ * @param rm the message received
+ */
+static void
+handle_revoke_message (void *cls,
+                       const struct RevokeMessage *rm)
+{
+  struct GNUNET_SERVICE_Client *client = cls;
+  struct GNUNET_MQ_Envelope *env;
+  struct RevocationResponseMessage *rrm;
+  int ret;
+
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Received REVOKE message from client\n");
+  if (GNUNET_SYSERR == (ret = publicize_rm (rm)))
+  {
+    GNUNET_break_op (0);
+    GNUNET_SERVICE_client_drop (client);
+    return;
+  }
+  env = GNUNET_MQ_msg (rrm,
+                       GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE_RESPONSE);
+  rrm->is_valid = htonl ((GNUNET_OK == ret) ? GNUNET_NO : GNUNET_YES);
+  GNUNET_MQ_send (GNUNET_SERVICE_client_get_mq (client),
+                  env);
+  GNUNET_SERVICE_client_continue (client);
+}
+
+
+static int
+check_p2p_revoke (void *cls,
+                  const struct RevokeMessage *rm)
+{
+  uint16_t size;
+
+  size = ntohs (rm->header.size);
+  if (size <= sizeof(struct RevokeMessage))
+  {
+    GNUNET_break (0);
+    return GNUNET_SYSERR;
+  }
+  return GNUNET_OK;
+
+}
+
+
+/**
+ * Core handler for flooded revocation messages.
+ *
+ * @param cls closure unused
+ * @param rm revocation message
+ */
+static void
+handle_p2p_revoke (void *cls,
+                   const struct RevokeMessage *rm)
+{
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Received REVOKE message\n");
+  GNUNET_break_op (GNUNET_SYSERR !=
+                   publicize_rm (rm));
+}
+
+
+/**
+ * Callback for set operation results. Called for each element in the
+ * result set.  Each element contains a revocation, which we should
+ * validate and then add to our revocation list (and set).
+ *
+ * @param cls closure
+ * @param element a result element, only valid if status is #GNUNET_SETU_STATUS_OK
+ * @param current_size current set size
+ * @param status see `enum GNUNET_SETU_Status`
+ */
+static void
+add_revocation (void *cls,
+                const struct GNUNET_SETU_Element *element,
+                uint64_t current_size,
+                enum GNUNET_SETU_Status status)
+{
+  struct PeerEntry *peer_entry = cls;
+  const struct RevokeMessage *rm;
+
+  switch (status)
+  {
+  case GNUNET_SETU_STATUS_ADD_LOCAL:
+    if (element->size != sizeof(struct RevokeMessage))
+    {
+      GNUNET_break_op (0);
+      return;
+    }
+    if (GNUNET_BLOCK_TYPE_REVOCATION != element->element_type)
+    {
+      GNUNET_STATISTICS_update (stats,
+                                gettext_noop (
+                                  "# unsupported revocations received via set union"),
+                                1,
+                                GNUNET_NO);
+      return;
+    }
+    rm = element->data;
+    (void) handle_p2p_revoke (NULL,
+                              rm);
+    GNUNET_STATISTICS_update (stats,
+                              gettext_noop (
+                                "# revocation messages received via set union"),
+                              1, GNUNET_NO);
+    break;
+  case GNUNET_SETU_STATUS_FAILURE:
+    GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+                _ ("Error computing revocation set union with %s\n"),
+                GNUNET_i2s (&peer_entry->id));
+    peer_entry->so = NULL;
+    GNUNET_STATISTICS_update (stats,
+                              gettext_noop ("# revocation set unions failed"),
+                              1,
+                              GNUNET_NO);
+    break;
+  case GNUNET_SETU_STATUS_DONE:
+    peer_entry->so = NULL;
+    GNUNET_STATISTICS_update (stats,
+                              gettext_noop (
+                                "# revocation set unions completed"),
+                              1,
+                              GNUNET_NO);
+    break;
+  default:
+    GNUNET_break (0);
+    break;
+  }
+}
+
+
+/**
+ * The timeout for performing the set union has expired,
+ * run the set operation on the revocation certificates.
+ *
+ * @param cls NULL
+ */
+static void
+transmit_task_cb (void *cls)
+{
+  struct PeerEntry *peer_entry = cls;
+
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Starting set exchange with peer `%s'\n",
+              GNUNET_i2s (&peer_entry->id));
+  peer_entry->transmit_task = NULL;
+  GNUNET_assert (NULL == peer_entry->so);
+  peer_entry->so = GNUNET_SETU_prepare (&peer_entry->id,
+                                        &revocation_set_union_app_id,
+                                        NULL,
+                                        (struct GNUNET_SETU_Option[]) { { 0 } },
+                                        &add_revocation,
+                                        peer_entry);
+  if (GNUNET_OK !=
+      GNUNET_SETU_commit (peer_entry->so,
+                          revocation_set))
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+                _ ("SET service crashed, terminating revocation service\n"));
+    GNUNET_SCHEDULER_shutdown ();
+    return;
+  }
+}
+
+
+/**
+ * Method called whenever a peer connects. Sets up the PeerEntry and
+ * schedules the initial revocation set exchange with this peer.
+ *
+ * @param cls closure
+ * @param peer peer identity this notification is about
+ */
+static void *
+handle_core_connect (void *cls,
+                     const struct GNUNET_PeerIdentity *peer,
+                     struct GNUNET_MQ_Handle *mq)
+{
+  struct PeerEntry *peer_entry;
+  struct GNUNET_HashCode my_hash;
+  struct GNUNET_HashCode peer_hash;
+
+  if (0 == GNUNET_memcmp (peer,
+                          &my_identity))
+  {
+    return NULL;
+  }
+
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Peer `%s' connected to us\n",
+              GNUNET_i2s (peer));
+  GNUNET_STATISTICS_update (stats,
+                            "# peers connected",
+                            1,
+                            GNUNET_NO);
+  peer_entry = GNUNET_CONTAINER_multipeermap_get (peers,
+                                                  peer);
+  if (NULL != peer_entry)
+  {
+    /* This can happen if "core"'s notification is a tad late
+       and CADET+SET were faster and already produced a
+     #handle_revocation_union_request() for us to deal
+       with.  This should be rare, but isn't impossible. */
+    peer_entry->mq = mq;
+    return peer_entry;
+  }
+  peer_entry = new_peer_entry (peer);
+  peer_entry->mq = mq;
+  GNUNET_CRYPTO_hash (&my_identity,
+                      sizeof(my_identity),
+                      &my_hash);
+  GNUNET_CRYPTO_hash (peer,
+                      sizeof(*peer),
+                      &peer_hash);
+  if (0 < GNUNET_CRYPTO_hash_cmp (&my_hash,
+                                  &peer_hash))
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "Starting SET operation with peer `%s'\n",
+                GNUNET_i2s (peer));
+    peer_entry->transmit_task =
+      GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_SECONDS,
+                                    &transmit_task_cb,
+                                    peer_entry);
+  }
+  return peer_entry;
+}
+
+
+/**
+ * Method called whenever a peer disconnects. Deletes the PeerEntry and cancels
+ * any pending transmission requests to that peer.
+ *
+ * @param cls closure
+ * @param peer peer identity this notification is about
+ * @param internal_cls our `struct PeerEntry` for this peer
+ */
+static void
+handle_core_disconnect (void *cls,
+                        const struct GNUNET_PeerIdentity *peer,
+                        void *internal_cls)
+{
+  struct PeerEntry *peer_entry = internal_cls;
+
+  if (0 == GNUNET_memcmp (peer,
+                          &my_identity))
+    return;
+  GNUNET_assert (NULL != peer_entry);
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Peer `%s' disconnected from us\n",
+              GNUNET_i2s (peer));
+  GNUNET_assert (GNUNET_YES ==
+                 GNUNET_CONTAINER_multipeermap_remove (peers,
+                                                       peer,
+                                                       peer_entry));
+  if (NULL != peer_entry->transmit_task)
+  {
+    GNUNET_SCHEDULER_cancel (peer_entry->transmit_task);
+    peer_entry->transmit_task = NULL;
+  }
+  if (NULL != peer_entry->so)
+  {
+    GNUNET_SETU_operation_cancel (peer_entry->so);
+    peer_entry->so = NULL;
+  }
+  GNUNET_free (peer_entry);
+  GNUNET_STATISTICS_update (stats,
+                            "# peers connected",
+                            -1,
+                            GNUNET_NO);
+}
+
+
+/**
+ * Free all values in a hash map.
+ *
+ * @param cls NULL
+ * @param key the key
+ * @param value value to free
+ * @return #GNUNET_OK (continue to iterate)
+ */
+static int
+free_entry (void *cls,
+            const struct GNUNET_HashCode *key,
+            void *value)
+{
+  GNUNET_free (value);
+  return GNUNET_OK;
+}
+
+
+/**
+ * Task run during shutdown.
+ *
+ * @param cls unused
+ */
+static void
+shutdown_task (void *cls)
+{
+  if (NULL != revocation_set)
+  {
+    GNUNET_SETU_destroy (revocation_set);
+    revocation_set = NULL;
+  }
+  if (NULL != revocation_union_listen_handle)
+  {
+    GNUNET_SETU_listen_cancel (revocation_union_listen_handle);
+    revocation_union_listen_handle = NULL;
+  }
+  if (NULL != core_api)
+  {
+    GNUNET_CORE_disconnect (core_api);
+    core_api = NULL;
+  }
+  if (NULL != stats)
+  {
+    GNUNET_STATISTICS_destroy (stats, GNUNET_NO);
+    stats = NULL;
+  }
+  if (NULL != peers)
+  {
+    GNUNET_CONTAINER_multipeermap_destroy (peers);
+    peers = NULL;
+  }
+  if (NULL != revocation_db)
+  {
+    GNUNET_DISK_file_close (revocation_db);
+    revocation_db = NULL;
+  }
+  GNUNET_CONTAINER_multihashmap_iterate (revocation_map,
+                                         &free_entry,
+                                         NULL);
+  GNUNET_CONTAINER_multihashmap_destroy (revocation_map);
+}
+
+
+/**
+ * Called on core init/fail.
+ *
+ * @param cls service closure
+ * @param identity the public identity of this peer
+ */
+static void
+core_init (void *cls,
+           const struct GNUNET_PeerIdentity *identity)
+{
+  if (NULL == identity)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Connection to core FAILED!\n");
+    GNUNET_SCHEDULER_shutdown ();
+    return;
+  }
+  my_identity = *identity;
+}
+
+
+/**
+ * Called when another peer wants to do a set operation with the
+ * local peer. If a listen error occurs, the 'request' is NULL.
+ *
+ * @param cls closure
+ * @param other_peer the other peer
+ * @param context_msg message with application specific information from
+ *        the other peer
+ * @param request request from the other peer (never NULL), use GNUNET_SETU_accept()
+ *        to accept it, otherwise the request will be refused
+ *        Note that we can't just return value from the listen callback,
+ *        as it is also necessary to specify the set we want to do the
+ *        operation with, which sometimes can be derived from the context
+ *        message. It's necessary to specify the timeout.
+ */
+static void
+handle_revocation_union_request (void *cls,
+                                 const struct GNUNET_PeerIdentity *other_peer,
+                                 const struct GNUNET_MessageHeader *context_msg,
+                                 struct GNUNET_SETU_Request *request)
+{
+  struct PeerEntry *peer_entry;
+
+  if (NULL == request)
+  {
+    GNUNET_break (0);
+    return;
+  }
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Received set exchange request from peer `%s'\n",
+              GNUNET_i2s (other_peer));
+  peer_entry = GNUNET_CONTAINER_multipeermap_get (peers,
+                                                  other_peer);
+  if (NULL == peer_entry)
+  {
+    peer_entry = new_peer_entry (other_peer);
+  }
+  if (NULL != peer_entry->so)
+  {
+    GNUNET_break_op (0);
+    return;
+  }
+  peer_entry->so = GNUNET_SETU_accept (request,
+                                       (struct GNUNET_SETU_Option[]) { { 0 } },
+                                       &add_revocation,
+                                       peer_entry);
+  if (GNUNET_OK !=
+      GNUNET_SETU_commit (peer_entry->so,
+                          revocation_set))
+  {
+    GNUNET_break (0);
+    GNUNET_SCHEDULER_shutdown ();
+    return;
+  }
+}
+
+
+/**
+ * Handle network size estimate clients.
+ *
+ * @param cls closure
+ * @param server the initialized server
+ * @param c configuration to use
+ */
+static void
+run (void *cls,
+     const struct GNUNET_CONFIGURATION_Handle *c,
+     struct GNUNET_SERVICE_Handle *service)
+{
+  struct GNUNET_MQ_MessageHandler core_handlers[] = {
+    GNUNET_MQ_hd_var_size (p2p_revoke,
+                           GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE,
+                           struct RevokeMessage,
+                           NULL),
+    GNUNET_MQ_handler_end ()
+  };
+  char *fn;
+  uint64_t left;
+  struct RevokeMessage *rm;
+  struct GNUNET_HashCode hc;
+  const struct GNUNET_CRYPTO_PublicKey *pk;
+
+  GNUNET_CRYPTO_hash ("revocation-set-union-application-id",
+                      strlen ("revocation-set-union-application-id"),
+                      &revocation_set_union_app_id);
+  if (GNUNET_OK !=
+      GNUNET_CONFIGURATION_get_value_filename (c,
+                                               "REVOCATION",
+                                               "DATABASE",
+                                               &fn))
+  {
+    GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
+                               "REVOCATION",
+                               "DATABASE");
+    GNUNET_SCHEDULER_shutdown ();
+    return;
+  }
+  cfg = c;
+  revocation_map = GNUNET_CONTAINER_multihashmap_create (16,
+                                                         GNUNET_NO);
+  GNUNET_SCHEDULER_add_shutdown (&shutdown_task,
+                                 NULL);
+  if (GNUNET_OK !=
+      GNUNET_CONFIGURATION_get_value_number (cfg,
+                                             "REVOCATION",
+                                             "WORKBITS",
+                                             &revocation_work_required))
+  {
+    GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
+                               "REVOCATION",
+                               "WORKBITS");
+    GNUNET_SCHEDULER_shutdown ();
+    GNUNET_free (fn);
+    return;
+  }
+  if (revocation_work_required >= sizeof(struct GNUNET_HashCode) * 8)
+  {
+    GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
+                               "REVOCATION",
+                               "WORKBITS",
+                               _ ("Value is too large.\n"));
+    GNUNET_SCHEDULER_shutdown ();
+    GNUNET_free (fn);
+    return;
+  }
+  if (GNUNET_OK !=
+      GNUNET_CONFIGURATION_get_value_time (cfg,
+                                           "REVOCATION",
+                                           "EPOCH_DURATION",
+                                           &epoch_duration))
+  {
+    GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
+                               "REVOCATION",
+                               "EPOCH_DURATION");
+    GNUNET_SCHEDULER_shutdown ();
+    GNUNET_free (fn);
+    return;
+  }
+
+  revocation_set = GNUNET_SETU_create (cfg);
+  revocation_union_listen_handle
+    = GNUNET_SETU_listen (cfg,
+                          &revocation_set_union_app_id,
+                          &handle_revocation_union_request,
+                          NULL);
+  revocation_db = GNUNET_DISK_file_open (fn,
+                                         GNUNET_DISK_OPEN_READWRITE
+                                         | GNUNET_DISK_OPEN_CREATE,
+                                         GNUNET_DISK_PERM_USER_READ
+                                         | GNUNET_DISK_PERM_USER_WRITE
+                                         | GNUNET_DISK_PERM_GROUP_READ
+                                         | GNUNET_DISK_PERM_OTHER_READ);
+  if (NULL == revocation_db)
+  {
+    GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
+                               "REVOCATION",
+                               "DATABASE",
+                               _ ("Could not open revocation database file!"));
+    GNUNET_SCHEDULER_shutdown ();
+    GNUNET_free (fn);
+    return;
+  }
+  if (GNUNET_OK !=
+      GNUNET_DISK_file_size (fn, &left, GNUNET_YES, GNUNET_YES))
+    left = 0;
+  while (left > sizeof(struct RevokeMessage))
+  {
+    rm = GNUNET_new (struct RevokeMessage);
+    if (sizeof(struct RevokeMessage) !=
+        GNUNET_DISK_file_read (revocation_db,
+                               rm,
+                               sizeof(struct RevokeMessage)))
+    {
+      GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR,
+                                "read",
+                                fn);
+      GNUNET_free (rm);
+      GNUNET_SCHEDULER_shutdown ();
+      GNUNET_free (fn);
+      return;
+    }
+    struct GNUNET_REVOCATION_PowP *pow = (struct
+                                          GNUNET_REVOCATION_PowP *) &rm[1];
+    ssize_t ksize;
+    pk = (const struct GNUNET_CRYPTO_PublicKey *) &pow[1];
+    ksize = GNUNET_CRYPTO_public_key_get_length (pk);
+    if (0 > ksize)
+    {
+      GNUNET_break_op (0);
+      GNUNET_free (rm);
+      GNUNET_free (fn);
+      return;
+    }
+    GNUNET_CRYPTO_hash (pk,
+                        ksize,
+                        &hc);
+    GNUNET_break (GNUNET_OK ==
+                  GNUNET_CONTAINER_multihashmap_put (revocation_map,
+                                                     &hc,
+                                                     rm,
+                                                     GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
+  }
+  GNUNET_free (fn);
+
+  peers = GNUNET_CONTAINER_multipeermap_create (128,
+                                                GNUNET_YES);
+  /* Connect to core service and register core handlers */
+  core_api = GNUNET_CORE_connect (cfg,    /* Main configuration */
+                                  NULL,       /* Closure passed to functions */
+                                  &core_init,    /* Call core_init once connected */
+                                  &handle_core_connect,  /* Handle connects */
+                                  &handle_core_disconnect,       /* Handle disconnects */
+                                  core_handlers);        /* Register these handlers */
+  if (NULL == core_api)
+  {
+    GNUNET_SCHEDULER_shutdown ();
+    return;
+  }
+  stats = GNUNET_STATISTICS_create ("revocation",
+                                    cfg);
+}
+
+
+/**
+ * Define "main" method using service macro.
+ */
+GNUNET_SERVICE_MAIN
+  ("revocation",
+  GNUNET_SERVICE_OPTION_NONE,
+  &run,
+  &client_connect_cb,
+  &client_disconnect_cb,
+  NULL,
+  GNUNET_MQ_hd_var_size (query_message,
+                         GNUNET_MESSAGE_TYPE_REVOCATION_QUERY,
+                         struct QueryMessage,
+                         NULL),
+  GNUNET_MQ_hd_var_size (revoke_message,
+                         GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE,
+                         struct RevokeMessage,
+                         NULL),
+  GNUNET_MQ_handler_end ());
+
+
+#if defined(__linux__) && defined(__GLIBC__)
+#include <malloc.h>
+
+/**
+ * MINIMIZE heap size (way below 128k) since this process doesn't need much.
+ */
+void __attribute__ ((constructor))
+GNUNET_REVOCATION_memory_init ()
+{
+  mallopt (M_TRIM_THRESHOLD, 4 * 1024);
+  mallopt (M_TOP_PAD, 1 * 1024);
+  malloc_trim (0);
+}
+
+
+#endif
+
+
+/* end of gnunet-service-revocation.c */
diff --git a/src/service/revocation/meson.build b/src/service/revocation/meson.build
new file mode 100644
index 000000000..9a526af36
--- /dev/null
+++ b/src/service/revocation/meson.build
@@ -0,0 +1,63 @@
+libgnunetrevocation_src = ['revocation_api.c']
+
+gnunetservicerevocation_src = ['gnunet-service-revocation.c']
+
+configure_file(input : 'revocation.conf.in',
+               output : 'revocation.conf',
+               configuration : cdata,
+               install: true,
+               install_dir: pkgcfgdir)
+
+
+if get_option('monolith')
+  foreach p : libgnunetrevocation_src + gnunetservicerevocation_src
+    gnunet_src += 'revocation/' + p
+  endforeach
+  subdir_done()
+endif
+
+libgnunetrevocation = library('gnunetrevocation',
+        libgnunetrevocation_src,
+        soversion: '0',
+        version: '0.0.0',
+        dependencies: [libgnunetutil_dep, libgnunetidentity_dep],
+        include_directories: [incdir, configuration_inc],
+        install: true,
+        install_dir: get_option('libdir'))
+libgnunetrevocation_dep = declare_dependency(link_with : libgnunetrevocation)
+pkg.generate(libgnunetrevocation, url: 'https://www.gnunet.org',
+             description : 'Provides API to perform key revocation in GNUnet')
+
+shared_module('gnunet_plugin_block_revocation',
+              ['plugin_block_revocation.c'],
+              dependencies: [libgnunetutil_dep,
+                             libgnunetidentity_dep,
+                             libgnunetrevocation_dep,
+                             libgnunetblock_dep],
+              include_directories: [incdir, configuration_inc],
+              install: true,
+              install_dir: get_option('libdir')/'gnunet')
+
+executable ('gnunet-revocation',
+            ['gnunet-revocation.c'],
+            dependencies: [libgnunetrevocation_dep,
+                           libgnunetutil_dep,
+                           libgnunetstatistics_dep,
+                           libgnunetcore_dep,
+                           libgnunetsetu_dep,
+                           libgnunetidentity_dep],
+            include_directories: [incdir, configuration_inc],
+            install: true,
+            install_dir: get_option('bindir'))
+executable ('gnunet-service-revocation',
+            gnunetservicerevocation_src,
+            dependencies: [libgnunetrevocation_dep,
+                           libgnunetutil_dep,
+                           libgnunetstatistics_dep,
+                           libgnunetcore_dep,
+                           libgnunetsetu_dep,
+                           libgnunetidentity_dep],
+            include_directories: [incdir, configuration_inc],
+            install: true,
+            install_dir: get_option('libdir')/'gnunet'/'libexec')
+
diff --git a/src/service/revocation/revocation.conf.in b/src/service/revocation/revocation.conf.in
new file mode 100644
index 000000000..d2d7de46e
--- /dev/null
+++ b/src/service/revocation/revocation.conf.in
@@ -0,0 +1,19 @@
+[revocation]
+START_ON_DEMAND = @START_ON_DEMAND@
+IMMEDIATE_START = YES
+@JAVAPORT@PORT = 2112
+HOSTNAME = localhost
+BINARY = gnunet-service-revocation
+ACCEPT_FROM = 127.0.0.1;
+ACCEPT_FROM6 = ::1;
+UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-revocation.sock
+UNIX_MATCH_UID = NO
+UNIX_MATCH_GID = YES
+
+# 2^25 hash operations take about 16-24h on a first-generation i7
+# (using only a single-core) with SCRYPT.
+# DO NOT CHANGE THIS VALUE, doing so will break the protocol!
+WORKBITS = 22
+EPOCH_DURATION = 365 d
+
+DATABASE = $GNUNET_DATA_HOME/revocation.dat
diff --git a/src/service/revocation/revocation.h b/src/service/revocation/revocation.h
new file mode 100644
index 000000000..90b8c7da0
--- /dev/null
+++ b/src/service/revocation/revocation.h
@@ -0,0 +1,124 @@
+/*
+     This file is part of GNUnet.
+     Copyright (C) 2013 GNUnet e.V.
+
+     GNUnet is free software: you can redistribute it and/or modify it
+     under the terms of the GNU Affero General Public License as published
+     by the Free Software Foundation, either version 3 of the License,
+     or (at your option) any later version.
+
+     GNUnet is distributed in the hope that it will be useful, but
+     WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     Affero General Public License for more details.
+
+     You should have received a copy of the GNU Affero General Public License
+     along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+     SPDX-License-Identifier: AGPL3.0-or-later
+ */
+
+/**
+ * @author Christian Grothoff
+ * @file revocation/revocation.h
+ * @brief messages for key revocation
+ */
+#ifndef REVOCATION_H
+#define REVOCATION_H
+
+#include "gnunet_util_lib.h"
+#include "gnunet_revocation_service.h"
+
+GNUNET_NETWORK_STRUCT_BEGIN
+
+/**
+ * Query key revocation status.
+ */
+struct QueryMessage
+{
+  /**
+   * Type: #GNUNET_MESSAGE_TYPE_REVOCATION_QUERY
+   */
+  struct GNUNET_MessageHeader header;
+
+  /**
+   * Key length.
+   */
+  uint32_t key_len GNUNET_PACKED;
+
+  /**
+   * Followed by the public key to check.
+   */
+};
+
+
+/**
+ * Key revocation response.
+ */
+struct QueryResponseMessage
+{
+  /**
+   * Type: #GNUNET_MESSAGE_TYPE_REVOCATION_QUERY_RESPONSE
+   */
+  struct GNUNET_MessageHeader header;
+
+  /**
+   * #GNUNET_NO if revoked, #GNUNET_YES if valid.
+   */
+  uint32_t is_valid GNUNET_PACKED;
+};
+
+
+/**
+ * Revoke key.  These messages are exchanged between peers (during
+ * flooding) but also sent by the client to the service.  When the
+ * client sends it to the service, the message is answered by a
+ * #GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE_RESPONSE (which is just
+ * in a `struct GNUNET_MessageHeader`.
+ */
+struct RevokeMessage
+{
+  /**
+   * Type: #GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE
+   */
+  struct GNUNET_MessageHeader header;
+
+  /**
+   * Length of PoW with signature.
+   */
+  uint32_t pow_size GNUNET_PACKED;
+
+  /** Followed by the PoW **/
+};
+
+
+/**
+ * Key revocation response.
+ */
+struct RevocationResponseMessage
+{
+  /**
+   * Type: #GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE_RESPONSE
+   */
+  struct GNUNET_MessageHeader header;
+
+  /**
+   * #GNUNET_NO if revocation failed for internal reasons (e.g. disk full)
+   * #GNUNET_YES on success
+   */
+  uint32_t is_valid GNUNET_PACKED;
+};
+
+
+GNUNET_NETWORK_STRUCT_END
+
+/**
+ * Create the revocation metadata to sign for a revocation message
+ *
+ * @param pow the PoW to sign
+ * @return the signature purpose
+ */
+struct GNUNET_REVOCATION_SignaturePurposePS *
+REV_create_signature_message (const struct GNUNET_REVOCATION_PowP *pow);
+
+#endif
diff --git a/src/service/revocation/revocation_api.c b/src/service/revocation/revocation_api.c
new file mode 100644
index 000000000..3b7d83710
--- /dev/null
+++ b/src/service/revocation/revocation_api.c
@@ -0,0 +1,764 @@
+/*
+      This file is part of GNUnet
+      Copyright (C) 2013, 2016 GNUnet e.V.
+
+      GNUnet is free software: you can redistribute it and/or modify it
+      under the terms of the GNU Affero General Public License as published
+      by the Free Software Foundation, either version 3 of the License,
+      or (at your option) any later version.
+
+      GNUnet is distributed in the hope that it will be useful, but
+      WITHOUT ANY WARRANTY; without even the implied warranty of
+      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+      Affero General Public License for more details.
+
+      You should have received a copy of the GNU Affero General Public License
+      along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+     SPDX-License-Identifier: AGPL3.0-or-later
+ */
+/**
+ * @file revocation/revocation_api.c
+ * @brief API to perform and access key revocations
+ * @author Christian Grothoff
+ */
+#include "platform.h"
+#include "gnunet_revocation_service.h"
+#include "gnunet_signatures.h"
+#include "gnunet_protocols.h"
+#include "revocation.h"
+#include <inttypes.h>
+
+/**
+ * Handle for the key revocation query.
+ */
+struct GNUNET_REVOCATION_Query
+{
+  /**
+   * Message queue to the service.
+   */
+  struct GNUNET_MQ_Handle *mq;
+
+  /**
+   * Function to call with the result.
+   */
+  GNUNET_REVOCATION_Callback func;
+
+  /**
+   * Closure for @e func.
+   */
+  void *func_cls;
+};
+
+
+/**
+ * Helper struct that holds a found pow nonce
+ * and the corresponding number of leading zeros.
+ */
+struct BestPow
+{
+  /**
+   * PoW nonce
+   */
+  uint64_t pow;
+
+  /**
+   * Corresponding zero bits in hash
+   */
+  unsigned int bits;
+};
+
+
+/**
+ * The handle to a PoW calculation.
+ * Used in iterative PoW rounds.
+ */
+struct GNUNET_REVOCATION_PowCalculationHandle
+{
+  /**
+   * Current set of found PoWs
+   */
+  struct BestPow best[POW_COUNT];
+
+  /**
+   * The final PoW result data structure.
+   */
+  struct GNUNET_REVOCATION_PowP *pow;
+
+  /**
+   * The current nonce to try
+   */
+  uint64_t current_pow;
+
+  /**
+   * Epochs how long the PoW should be valid.
+   * This is added on top of the difficulty in the PoW.
+   */
+  unsigned int epochs;
+
+  /**
+   * The difficulty (leading zeros) to achieve.
+   */
+  unsigned int difficulty;
+
+};
+
+static struct GNUNET_CRYPTO_PowSalt salt = { "GnsRevocationPow" };
+
+/**
+ * Generic error handler, called with the appropriate
+ * error code and the same closure specified at the creation of
+ * the message queue.
+ * Not every message queue implementation supports an error handler.
+ *
+ * @param cls closure with the `struct GNUNET_NSE_Handle *`
+ * @param error error code
+ */
+static void
+query_mq_error_handler (void *cls,
+                        enum GNUNET_MQ_Error error)
+{
+  struct GNUNET_REVOCATION_Query *q = cls;
+
+  GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+              "Revocation query MQ error\n");
+  q->func (q->func_cls,
+           GNUNET_SYSERR);
+  GNUNET_REVOCATION_query_cancel (q);
+}
+
+
+/**
+ * Handle response to our revocation query.
+ *
+ * @param cls our `struct GNUNET_REVOCATION_Query` handle
+ * @param qrm response we got
+ */
+static void
+handle_revocation_query_response (void *cls,
+                                  const struct QueryResponseMessage *qrm)
+{
+  struct GNUNET_REVOCATION_Query *q = cls;
+
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Revocation query result: %d\n",
+              (uint32_t) ntohl (qrm->is_valid));
+  q->func (q->func_cls,
+           ntohl (qrm->is_valid));
+  GNUNET_REVOCATION_query_cancel (q);
+}
+
+
+/**
+ * Check if a key was revoked.
+ *
+ * @param cfg the configuration to use
+ * @param key key to check for revocation
+ * @param func function to call with the result of the check
+ * @param func_cls closure to pass to @a func
+ * @return handle to use in #GNUNET_REVOCATION_query_cancel to stop REVOCATION from invoking the callback
+ */
+struct GNUNET_REVOCATION_Query *
+GNUNET_REVOCATION_query (const struct GNUNET_CONFIGURATION_Handle *cfg,
+                         const struct GNUNET_CRYPTO_PublicKey *key,
+                         GNUNET_REVOCATION_Callback func,
+                         void *func_cls)
+{
+  struct GNUNET_REVOCATION_Query *q
+    = GNUNET_new (struct GNUNET_REVOCATION_Query);
+  struct GNUNET_MQ_MessageHandler handlers[] = {
+    GNUNET_MQ_hd_fixed_size (revocation_query_response,
+                             GNUNET_MESSAGE_TYPE_REVOCATION_QUERY_RESPONSE,
+                             struct QueryResponseMessage,
+                             q),
+    GNUNET_MQ_handler_end ()
+  };
+  struct QueryMessage *qm;
+  struct GNUNET_MQ_Envelope *env;
+  size_t key_len;
+
+  q->mq = GNUNET_CLIENT_connect (cfg,
+                                 "revocation",
+                                 handlers,
+                                 &query_mq_error_handler,
+                                 q);
+  if (NULL == q->mq)
+  {
+    GNUNET_free (q);
+    return NULL;
+  }
+  q->func = func;
+  q->func_cls = func_cls;
+  key_len = GNUNET_CRYPTO_public_key_get_length (key);
+  env = GNUNET_MQ_msg_extra (qm, key_len,
+                             GNUNET_MESSAGE_TYPE_REVOCATION_QUERY);
+  GNUNET_CRYPTO_write_public_key_to_buffer (key, &qm[1], key_len);
+  qm->key_len = htonl (key_len);
+  GNUNET_MQ_send (q->mq,
+                  env);
+  return q;
+}
+
+
+/**
+ * Cancel key revocation check.
+ *
+ * @param q query to cancel
+ */
+void
+GNUNET_REVOCATION_query_cancel (struct GNUNET_REVOCATION_Query *q)
+{
+  if (NULL != q->mq)
+  {
+    GNUNET_MQ_destroy (q->mq);
+    q->mq = NULL;
+  }
+  GNUNET_free (q);
+}
+
+
+/**
+ * Handle for the key revocation operation.
+ */
+struct GNUNET_REVOCATION_Handle
+{
+  /**
+   * Message queue to the service.
+   */
+  struct GNUNET_MQ_Handle *mq;
+
+  /**
+   * Function to call once we are done.
+   */
+  GNUNET_REVOCATION_Callback func;
+
+  /**
+   * Closure for @e func.
+   */
+  void *func_cls;
+};
+
+
+/**
+ * Generic error handler, called with the appropriate
+ * error code and the same closure specified at the creation of
+ * the message queue.
+ * Not every message queue implementation supports an error handler.
+ *
+ * @param cls closure with the `struct GNUNET_NSE_Handle *`
+ * @param error error code
+ */
+static void
+revocation_mq_error_handler (void *cls,
+                             enum GNUNET_MQ_Error error)
+{
+  struct GNUNET_REVOCATION_Handle *h = cls;
+
+  GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+              "Revocation MQ error\n");
+  h->func (h->func_cls,
+           GNUNET_SYSERR);
+  GNUNET_REVOCATION_revoke_cancel (h);
+}
+
+
+/**
+ * Handle response to our revocation query.
+ *
+ * @param cls our `struct GNUNET_REVOCATION_Handle` handle
+ * @param rrm response we got
+ */
+static void
+handle_revocation_response (void *cls,
+                            const struct RevocationResponseMessage *rrm)
+{
+  struct GNUNET_REVOCATION_Handle *h = cls;
+
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Revocation transmission result: %d\n",
+              (uint32_t) ntohl (rrm->is_valid));
+  h->func (h->func_cls,
+           ntohl (rrm->is_valid));
+  GNUNET_REVOCATION_revoke_cancel (h);
+}
+
+
+/**
+ * Perform key revocation.
+ *
+ * @param cfg the configuration to use
+ * @param key public key of the key to revoke
+ * @param sig signature to use on the revocation (should have been
+ *            created using #GNUNET_REVOCATION_sign_revocation).
+ * @param ts  revocation timestamp
+ * @param pow proof of work to use (should have been created by
+ *            iteratively calling #GNUNET_REVOCATION_check_pow)
+ * @param func function to call with the result of the check
+ *             (called with `is_valid` being #GNUNET_NO if
+ *              the revocation worked).
+ * @param func_cls closure to pass to @a func
+ * @return handle to use in #GNUNET_REVOCATION_revoke_cancel to stop REVOCATION from invoking the callback
+ */
+struct GNUNET_REVOCATION_Handle *
+GNUNET_REVOCATION_revoke (const struct GNUNET_CONFIGURATION_Handle *cfg,
+                          const struct GNUNET_REVOCATION_PowP *pow,
+                          GNUNET_REVOCATION_Callback func,
+                          void *func_cls)
+{
+  struct GNUNET_REVOCATION_Handle *h
+    = GNUNET_new (struct GNUNET_REVOCATION_Handle);
+  struct GNUNET_MQ_MessageHandler handlers[] = {
+    GNUNET_MQ_hd_fixed_size (revocation_response,
+                             GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE_RESPONSE,
+                             struct RevocationResponseMessage,
+                             h),
+    GNUNET_MQ_handler_end ()
+  };
+  unsigned long long matching_bits;
+  struct GNUNET_TIME_Relative epoch_duration;
+  struct RevokeMessage *rm;
+  struct GNUNET_MQ_Envelope *env;
+
+  if ((GNUNET_OK !=
+       GNUNET_CONFIGURATION_get_value_number (cfg,
+                                              "REVOCATION",
+                                              "WORKBITS",
+                                              &matching_bits)))
+  {
+    GNUNET_break (0);
+    GNUNET_free (h);
+    return NULL;
+  }
+  if ((GNUNET_OK !=
+       GNUNET_CONFIGURATION_get_value_time (cfg,
+                                            "REVOCATION",
+                                            "EPOCH_DURATION",
+                                            &epoch_duration)))
+  {
+    GNUNET_break (0);
+    GNUNET_free (h);
+    return NULL;
+  }
+  if (GNUNET_YES != GNUNET_REVOCATION_check_pow (pow,
+                                                 (unsigned int) matching_bits,
+                                                 epoch_duration))
+  {
+    GNUNET_break (0);
+    GNUNET_free (h);
+    return NULL;
+  }
+
+
+  h->mq = GNUNET_CLIENT_connect (cfg,
+                                 "revocation",
+                                 handlers,
+                                 &revocation_mq_error_handler,
+                                 h);
+  if (NULL == h->mq)
+  {
+    GNUNET_free (h);
+    return NULL;
+  }
+  h->func = func;
+  h->func_cls = func_cls;
+  size_t extra_len = GNUNET_REVOCATION_proof_get_size (pow);
+  env = GNUNET_MQ_msg_extra (rm,
+                             extra_len,
+                             GNUNET_MESSAGE_TYPE_REVOCATION_REVOKE);
+  rm->pow_size = htonl (extra_len);
+  memcpy (&rm[1], pow, extra_len);
+  GNUNET_MQ_send (h->mq,
+                  env);
+  return h;
+}
+
+
+void
+GNUNET_REVOCATION_revoke_cancel (struct GNUNET_REVOCATION_Handle *h)
+{
+  if (NULL != h->mq)
+  {
+    GNUNET_MQ_destroy (h->mq);
+    h->mq = NULL;
+  }
+  GNUNET_free (h);
+}
+
+
+/**
+ * Calculate the average zeros in the pows.
+ *
+ * @param ph the PowHandle
+ * @return the average number of zeros.
+ */
+static unsigned int
+calculate_score (const struct GNUNET_REVOCATION_PowCalculationHandle *ph)
+{
+  double sum = 0.0;
+  for (unsigned int j = 0; j<POW_COUNT; j++)
+    sum += ph->best[j].bits;
+  double avg = sum / POW_COUNT;
+  return avg;
+}
+
+
+struct GNUNET_REVOCATION_SignaturePurposePS *
+REV_create_signature_message (const struct GNUNET_REVOCATION_PowP *pow)
+{
+  struct GNUNET_REVOCATION_SignaturePurposePS *spurp;
+  const struct GNUNET_CRYPTO_PublicKey *pk;
+  size_t ksize;
+
+  pk = (const struct GNUNET_CRYPTO_PublicKey *) &pow[1];
+  ksize = GNUNET_CRYPTO_public_key_get_length (pk);
+  spurp = GNUNET_malloc (sizeof (*spurp) + ksize);
+  spurp->timestamp = pow->timestamp;
+  spurp->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_GNS_REVOCATION);
+  spurp->purpose.size = htonl (sizeof(*spurp) + ksize);
+  GNUNET_CRYPTO_write_public_key_to_buffer (pk,
+                                              (char*) &spurp[1],
+                                              ksize);
+  return spurp;
+}
+
+
+enum GNUNET_GenericReturnValue
+check_signature_identity (const struct GNUNET_REVOCATION_PowP *pow,
+                          const struct GNUNET_CRYPTO_PublicKey *key)
+{
+  struct GNUNET_REVOCATION_SignaturePurposePS *spurp;
+  unsigned char *sig;
+  size_t ksize;
+  int ret;
+
+  ksize = GNUNET_CRYPTO_public_key_get_length (key);
+  spurp = REV_create_signature_message (pow);
+  sig = ((unsigned char*) &pow[1] + ksize);
+  ret =
+    GNUNET_CRYPTO_signature_verify_raw_ (
+      GNUNET_SIGNATURE_PURPOSE_GNS_REVOCATION,
+      &spurp->purpose,
+      sig,
+      key);
+  GNUNET_free (spurp);
+  return ret == GNUNET_OK ? GNUNET_OK : GNUNET_SYSERR;
+}
+
+
+enum GNUNET_GenericReturnValue
+check_signature (const struct GNUNET_REVOCATION_PowP *pow)
+{
+  const struct GNUNET_CRYPTO_PublicKey *pk;
+
+  pk = (const struct GNUNET_CRYPTO_PublicKey *) &pow[1];
+  return check_signature_identity (pow, pk);
+}
+
+
+/**
+ * Check if the given proof-of-work is valid.
+ *
+ * @param pow proof of work
+ * @param difficulty how many bits must match (configuration) LSD0001: D
+ * @param epoch_duration length of single epoch in configuration
+ * @return #GNUNET_YES if the @a pow is acceptable, #GNUNET_NO if not
+ */
+enum GNUNET_GenericReturnValue
+GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_PowP *pow,
+                             unsigned int difficulty,
+                             struct GNUNET_TIME_Relative epoch_duration)
+{
+  char buf[sizeof(struct GNUNET_CRYPTO_PublicKey)
+           + sizeof (struct GNUNET_TIME_AbsoluteNBO)
+           + sizeof (uint64_t)] GNUNET_ALIGN;
+  struct GNUNET_HashCode result;
+  struct GNUNET_TIME_Absolute ts;
+  struct GNUNET_TIME_Absolute exp;
+  struct GNUNET_TIME_Relative ttl;
+  struct GNUNET_TIME_Relative buffer;
+  /* LSD0001: D' */
+  unsigned int score = 0;
+  unsigned int tmp_score = 0;
+  unsigned int epochs;
+  uint64_t pow_val;
+  ssize_t pklen;
+  const struct GNUNET_CRYPTO_PublicKey *pk;
+
+  pk = (const struct GNUNET_CRYPTO_PublicKey *) &pow[1];
+
+  /**
+   * Check if signature valid
+   */
+  if (GNUNET_OK != check_signature (pow))
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Proof of work signature invalid!\n");
+    return GNUNET_SYSERR;
+  }
+
+  /**
+   * First, check if PoW set is strictly monotically increasing
+   */
+  for (unsigned int i = 0; i < POW_COUNT - 1; i++)
+  {
+    if (GNUNET_ntohll (pow->pow[i]) >= GNUNET_ntohll (pow->pow[i + 1]))
+      return GNUNET_NO;
+  }
+  GNUNET_memcpy (&buf[sizeof(uint64_t)],
+                 &pow->timestamp,
+                 sizeof (uint64_t));
+  pklen = GNUNET_CRYPTO_public_key_get_length (pk);
+  if (0 > pklen)
+  {
+    GNUNET_break (0);
+    return GNUNET_NO;
+  }
+  GNUNET_memcpy (&buf[sizeof(uint64_t) * 2],
+                 pk,
+                 pklen);
+  for (unsigned int i = 0; i < POW_COUNT; i++)
+  {
+    pow_val = GNUNET_ntohll (pow->pow[i]);
+    GNUNET_memcpy (buf, &pow->pow[i], sizeof(uint64_t));
+    GNUNET_CRYPTO_pow_hash (&salt,
+                            buf,
+                            sizeof(buf),
+                            &result);
+    tmp_score = GNUNET_CRYPTO_hash_count_leading_zeros (&result);
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "Score %u with %" PRIu64 " (#%u)\n",
+                tmp_score, pow_val, i);
+
+    score += tmp_score;
+
+  }
+  score = score / POW_COUNT;
+  if (score < difficulty)
+    return GNUNET_NO;
+  /* LSD0001: (D'-D+1) */
+  epochs = score - difficulty + 1;
+
+  /**
+   * Check expiration
+   */
+  ts = GNUNET_TIME_absolute_ntoh (pow->timestamp);
+  ttl = GNUNET_TIME_relative_multiply (epoch_duration,
+                                       epochs);
+  /**
+   * Extend by 10% for unsynchronized clocks
+   */
+  buffer = GNUNET_TIME_relative_divide (epoch_duration,
+                                        10);
+  exp = GNUNET_TIME_absolute_add (ts, ttl);
+  exp = GNUNET_TIME_absolute_add (exp,
+                                  buffer);
+
+  if (0 != GNUNET_TIME_absolute_get_remaining (ts).rel_value_us)
+    return GNUNET_NO; /* Not yet valid. */
+  /* Revert to actual start time */
+  ts = GNUNET_TIME_absolute_add (ts,
+                                 buffer);
+
+  if (0 == GNUNET_TIME_absolute_get_remaining (exp).rel_value_us)
+    return GNUNET_NO; /* expired */
+  return GNUNET_YES;
+}
+
+
+enum GNUNET_GenericReturnValue
+sign_pow_identity (const struct GNUNET_CRYPTO_PrivateKey *key,
+                   struct GNUNET_REVOCATION_PowP *pow)
+{
+  struct GNUNET_TIME_Absolute ts = GNUNET_TIME_absolute_get ();
+  struct GNUNET_REVOCATION_SignaturePurposePS *rp;
+  const struct GNUNET_CRYPTO_PublicKey *pk;
+  size_t ksize;
+  char *sig;
+
+  /**
+   * Predate the validity period to prevent rejections due to
+   * unsynchronized clocks
+   */
+  ts = GNUNET_TIME_absolute_subtract (ts,
+                                      GNUNET_TIME_UNIT_WEEKS);
+  pk = (const struct GNUNET_CRYPTO_PublicKey *) &pow[1];
+  ksize = GNUNET_CRYPTO_public_key_get_length (pk);
+  pow->timestamp = GNUNET_TIME_absolute_hton (ts);
+  rp = REV_create_signature_message (pow);
+  sig = ((char*) &pow[1]) + ksize;
+  int result = GNUNET_CRYPTO_sign_raw_ (key,
+                                          &rp->purpose,
+                                          (void*) sig);
+  GNUNET_free (rp);
+  if (result == GNUNET_SYSERR)
+    return GNUNET_NO;
+  else
+    return result;
+}
+
+
+enum GNUNET_GenericReturnValue
+sign_pow (const struct GNUNET_CRYPTO_PrivateKey *key,
+          struct GNUNET_REVOCATION_PowP *pow)
+{
+  struct GNUNET_CRYPTO_PublicKey *pk;
+
+  pk = (struct GNUNET_CRYPTO_PublicKey *) &pow[1];
+  GNUNET_CRYPTO_key_get_public (key, pk);
+  return sign_pow_identity (key, pow);
+}
+
+
+/**
+ * Initializes a fresh PoW computation.
+ *
+ * @param key the key to calculate the PoW for.
+ * @param[out] pow starting point for PoW calculation (not yet valid)
+ */
+void
+GNUNET_REVOCATION_pow_init (const struct GNUNET_CRYPTO_PrivateKey *key,
+                            struct GNUNET_REVOCATION_PowP *pow)
+{
+  GNUNET_assert (GNUNET_OK == sign_pow (key, pow));
+}
+
+
+struct GNUNET_REVOCATION_PowCalculationHandle*
+GNUNET_REVOCATION_pow_start (struct GNUNET_REVOCATION_PowP *pow,
+                             int epochs,
+                             unsigned int difficulty)
+{
+  struct GNUNET_REVOCATION_PowCalculationHandle *pc;
+  struct GNUNET_TIME_Relative ttl;
+
+
+  pc = GNUNET_new (struct GNUNET_REVOCATION_PowCalculationHandle);
+  pc->pow = pow;
+  ttl = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_YEARS,
+                                       epochs);
+  pc->pow->ttl = GNUNET_TIME_relative_hton (ttl);
+  pc->current_pow = GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_WEAK,
+                                              UINT64_MAX);
+  pc->difficulty = difficulty;
+  pc->epochs = epochs;
+  return pc;
+}
+
+
+/**
+ * Comparison function for quicksort
+ *
+ * @param a left element
+ * @param b right element
+ * @return a-b
+ */
+static int
+cmp_pow_value (const void *a, const void *b)
+{
+  return (GNUNET_ntohll (*(uint64_t*) a) - GNUNET_ntohll (*(uint64_t*) b));
+}
+
+
+/**
+ * Calculate a key revocation valid for broadcasting for a number
+ * of epochs.
+ *
+ * @param pc handle to the PoW, initially called with NULL.
+ * @param epochs number of epochs for which the revocation must be valid.
+ * @param pow current pow value to try
+ * @param difficulty current base difficulty to achieve
+ * @return #GNUNET_YES if the @a pow is acceptable, #GNUNET_NO if not
+ */
+enum GNUNET_GenericReturnValue
+GNUNET_REVOCATION_pow_round (struct GNUNET_REVOCATION_PowCalculationHandle *pc)
+{
+  char buf[sizeof(struct GNUNET_CRYPTO_PublicKey)
+           + sizeof (uint64_t)
+           + sizeof (uint64_t)] GNUNET_ALIGN;
+  struct GNUNET_HashCode result;
+  const struct GNUNET_CRYPTO_PublicKey *pk;
+  unsigned int zeros;
+  int ret;
+  uint64_t pow_nbo;
+  ssize_t ksize;
+
+  pc->current_pow++;
+  pk = (const struct GNUNET_CRYPTO_PublicKey *) &(pc->pow[1]);
+
+  /**
+   * Do not try duplicates
+   */
+  for (unsigned int i = 0; i < POW_COUNT; i++)
+    if (pc->current_pow == pc->best[i].pow)
+      return GNUNET_NO;
+  pow_nbo = GNUNET_htonll (pc->current_pow);
+  GNUNET_memcpy (buf, &pow_nbo, sizeof(uint64_t));
+  GNUNET_memcpy (&buf[sizeof(uint64_t)],
+                 &pc->pow->timestamp,
+                 sizeof (uint64_t));
+  ksize = GNUNET_CRYPTO_public_key_get_length (pk);
+  GNUNET_assert (0 < ksize);
+  GNUNET_memcpy (&buf[sizeof(uint64_t) * 2],
+                 pk,
+                 ksize);
+  GNUNET_CRYPTO_pow_hash (&salt,
+                          buf,
+                          sizeof(buf),
+                          &result);
+  zeros = GNUNET_CRYPTO_hash_count_leading_zeros (&result);
+  for (unsigned int i = 0; i < POW_COUNT; i++)
+  {
+    if (pc->best[i].bits < zeros)
+    {
+      pc->best[i].bits = zeros;
+      pc->best[i].pow = pc->current_pow;
+      pc->pow->pow[i] = pow_nbo;
+      GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                  "New best score %u with %" PRIu64 " (#%u)\n",
+                  zeros, pc->current_pow, i);
+
+      break;
+    }
+  }
+  ret = calculate_score (pc) >= pc->difficulty + pc->epochs ? GNUNET_YES :
+        GNUNET_NO;
+  if (GNUNET_YES == ret)
+  {
+    /* Sort POWs) */
+    qsort (pc->pow->pow, POW_COUNT, sizeof (uint64_t), &cmp_pow_value);
+  }
+  return ret;
+}
+
+
+/**
+ * Stop a PoW calculation
+ *
+ * @param pc the calculation to clean up
+ * @return #GNUNET_YES if pow valid, #GNUNET_NO if pow was set but is not
+ * valid
+ */
+void
+GNUNET_REVOCATION_pow_stop (struct GNUNET_REVOCATION_PowCalculationHandle *pc)
+{
+  GNUNET_free (pc);
+}
+
+
+size_t
+GNUNET_REVOCATION_proof_get_size (const struct GNUNET_REVOCATION_PowP *pow)
+{
+  size_t size;
+  size_t ksize;
+  const struct GNUNET_CRYPTO_PublicKey *pk;
+
+  size = sizeof (struct GNUNET_REVOCATION_PowP);
+  pk = (const struct GNUNET_CRYPTO_PublicKey *) &pow[1];
+  ksize = GNUNET_CRYPTO_public_key_get_length (pk);
+  size += ksize;
+  size += GNUNET_CRYPTO_signature_get_raw_length_by_type (pk->type);
+  return size;
+}
+
+
+/* end of revocation_api.c */
diff --git a/src/service/revocation/test_revocation.c b/src/service/revocation/test_revocation.c
new file mode 100644
index 000000000..0fc3ac7e5
--- /dev/null
+++ b/src/service/revocation/test_revocation.c
@@ -0,0 +1,419 @@
+/*
+   This file is part of GNUnet.
+   Copyright (C) 2009, 2013, 2016 GNUnet e.V.
+
+   GNUnet is free software: you can redistribute it and/or modify it
+   under the terms of the GNU Affero General Public License as published
+   by the Free Software Foundation, either version 3 of the License,
+   or (at your option) any later version.
+
+   GNUnet is distributed in the hope that it will be useful, but
+   WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Affero General Public License for more details.
+
+   You should have received a copy of the GNU Affero General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+     SPDX-License-Identifier: AGPL3.0-or-later
+ */
+/**
+ * @file revocation/test_revocation.c
+ * @brief base testcase for revocation exchange
+ * @author Matthias Wachs
+ * @author Christian Grothoff
+ */
+#include "platform.h"
+#include "gnunet_core_service.h"
+#include "gnunet_identity_service.h"
+#include "gnunet_revocation_service.h"
+#include "gnunet_testbed_service.h"
+
+#define NUM_TEST_PEERS 2
+
+struct TestPeer
+{
+  struct GNUNET_TESTBED_Peer *p;
+  struct GNUNET_TESTBED_Operation *identity_op;
+  struct GNUNET_TESTBED_Operation *core_op;
+  struct GNUNET_IDENTITY_Handle *idh;
+  const struct GNUNET_CONFIGURATION_Handle *cfg;
+  const struct GNUNET_CRYPTO_PrivateKey *privkey;
+  struct GNUNET_CRYPTO_PublicKey pubkey;
+  struct GNUNET_CRYPTO_EcdsaSignature sig;
+  struct GNUNET_IDENTITY_Operation *create_id_op;
+  struct GNUNET_IDENTITY_EgoLookup *ego_lookup;
+  struct GNUNET_REVOCATION_Handle *revok_handle;
+  struct GNUNET_CORE_Handle *ch;
+  struct GNUNET_REVOCATION_PowCalculationHandle *pow;
+};
+
+static struct TestPeer testpeers[2];
+
+/**
+ * Return value from main, set to 0 on success.
+ */
+static int ok;
+
+
+static void
+do_shutdown (void *cls)
+{
+  for (unsigned int c = 0; c < NUM_TEST_PEERS; c++)
+  {
+    if (NULL != testpeers[c].create_id_op)
+    {
+      GNUNET_IDENTITY_cancel (testpeers[c].create_id_op);
+      testpeers[c].create_id_op = NULL;
+    }
+    if (NULL != testpeers[c].ego_lookup)
+    {
+      GNUNET_IDENTITY_ego_lookup_cancel (testpeers[c].ego_lookup);
+      testpeers[c].ego_lookup = NULL;
+    }
+    if (NULL != testpeers[c].revok_handle)
+    {
+      GNUNET_REVOCATION_revoke_cancel (testpeers[c].revok_handle);
+      testpeers[c].revok_handle = NULL;
+    }
+    if (NULL != testpeers[c].identity_op)
+    {
+      GNUNET_TESTBED_operation_done (testpeers[c].identity_op);
+      testpeers[c].identity_op = NULL;
+    }
+    if (NULL != testpeers[c].core_op)
+    {
+      GNUNET_TESTBED_operation_done (testpeers[c].core_op);
+      testpeers[c].core_op = NULL;
+    }
+  }
+}
+
+
+static void
+check_revocation (void *cls);
+
+
+static void
+revocation_remote_cb (void *cls, int is_valid)
+{
+  static int repeat = 0;
+
+  if (GNUNET_NO == is_valid)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Local revocation successful\n");
+    ok = 0;
+    GNUNET_SCHEDULER_shutdown ();
+    return;
+  }
+  if (repeat < 10)
+  {
+    repeat++;
+    GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_SECONDS,
+                                  &check_revocation,
+                                  NULL);
+    return;
+  }
+  GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Flooding of revocation failed\n");
+  ok = 2;
+  GNUNET_SCHEDULER_shutdown ();
+}
+
+
+static void
+check_revocation (void *cls)
+{
+  GNUNET_REVOCATION_query (testpeers[0].cfg,
+                           &testpeers[1].pubkey,
+                           &revocation_remote_cb,
+                           NULL);
+}
+
+
+static void
+revocation_cb (void *cls, enum GNUNET_GenericReturnValue is_valid)
+{
+  testpeers[1].revok_handle = NULL;
+  if (GNUNET_NO == is_valid)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Revocation successful\n");
+    check_revocation (NULL);
+  }
+}
+
+
+static struct GNUNET_REVOCATION_PowP *proof_of_work;
+
+static void
+ego_cb (void *cls, struct GNUNET_IDENTITY_Ego *ego)
+{
+  static int completed = 0;
+  const struct GNUNET_CRYPTO_PrivateKey *privkey;
+
+  if ((NULL != ego) && (cls == &testpeers[0]))
+  {
+    testpeers[0].ego_lookup = NULL;
+    testpeers[0].privkey = GNUNET_IDENTITY_ego_get_private_key (ego);
+    GNUNET_IDENTITY_ego_get_public_key (ego, &testpeers[0].pubkey);
+    completed++;
+  }
+  if ((NULL != ego) && (cls == &testpeers[1]))
+  {
+    testpeers[1].ego_lookup = NULL;
+    testpeers[1].privkey = GNUNET_IDENTITY_ego_get_private_key (ego);
+    GNUNET_IDENTITY_ego_get_public_key (ego, &testpeers[1].pubkey);
+    GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Calculating proof of work...\n");
+    privkey = GNUNET_IDENTITY_ego_get_private_key (ego);
+    proof_of_work = GNUNET_malloc (GNUNET_REVOCATION_MAX_PROOF_SIZE);
+    GNUNET_REVOCATION_pow_init (privkey,
+                                proof_of_work);
+    testpeers[1].pow = GNUNET_REVOCATION_pow_start (proof_of_work,
+                                                    1,
+                                                    5);
+    int res =
+      GNUNET_REVOCATION_pow_round (testpeers[1].pow);
+    while (GNUNET_OK != res)
+    {
+      res =
+        GNUNET_REVOCATION_pow_round (testpeers[1].pow);
+    }
+    fprintf (stderr, "Done calculating proof of work\n");
+    completed++;
+  }
+  if (2 == completed)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Egos retrieved\n");
+    testpeers[1].revok_handle = GNUNET_REVOCATION_revoke (testpeers[1].cfg,
+                                                          proof_of_work,
+                                                          &revocation_cb,
+                                                          NULL);
+    GNUNET_REVOCATION_pow_stop (testpeers[1].pow);
+  }
+}
+
+
+static void
+identity_create_cb (void *cls,
+                    const struct GNUNET_CRYPTO_PrivateKey *pk,
+                    enum GNUNET_ErrorCode ec)
+{
+  static int completed = 0;
+
+  if ((GNUNET_EC_NONE == ec) && (cls == &testpeers[0]))
+  {
+    testpeers[0].create_id_op = NULL;
+    completed++;
+  }
+  if ((GNUNET_EC_NONE == ec) && (cls == &testpeers[1]))
+  {
+    testpeers[1].create_id_op = NULL;
+    completed++;
+  }
+  if (2 != completed)
+    return;
+  fprintf (stderr, "Identities created\n");
+  testpeers[0].ego_lookup = GNUNET_IDENTITY_ego_lookup (testpeers[0].cfg,
+                                                        "client",
+                                                        &ego_cb,
+                                                        &testpeers[0]);
+  testpeers[1].ego_lookup = GNUNET_IDENTITY_ego_lookup (testpeers[1].cfg,
+                                                        "toberevoked",
+                                                        &ego_cb,
+                                                        &testpeers[1]);
+}
+
+
+static void
+identity_completion_cb (void *cls,
+                        struct GNUNET_TESTBED_Operation *op,
+                        void *ca_result,
+                        const char *emsg)
+{
+  static int completed = 0;
+
+  completed++;
+  if (NUM_TEST_PEERS != completed)
+    return;
+  fprintf (stderr, "All peers connected @ IDENTITY ...\n");
+  testpeers[0].create_id_op = GNUNET_IDENTITY_create (testpeers[0].idh,
+                                                      "client",
+                                                      NULL,
+                                                      GNUNET_PUBLIC_KEY_TYPE_ECDSA,
+                                                      &identity_create_cb,
+                                                      &testpeers[0]);
+  testpeers[1].create_id_op = GNUNET_IDENTITY_create (testpeers[1].idh,
+                                                      "toberevoked",
+                                                      NULL,
+                                                      GNUNET_PUBLIC_KEY_TYPE_ECDSA,
+                                                      &identity_create_cb,
+                                                      &testpeers[1]);
+}
+
+
+static void *
+identity_connect_adapter (void *cls,
+                          const struct GNUNET_CONFIGURATION_Handle *cfg)
+{
+  struct TestPeer *me = cls;
+
+  me->cfg = cfg;
+  me->idh = GNUNET_IDENTITY_connect (cfg, NULL, NULL);
+  if (NULL == me->idh)
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to create IDENTITY handle \n");
+  return me->idh;
+}
+
+
+static void
+identity_disconnect_adapter (void *cls, void *op_result)
+{
+  struct TestPeer *me = cls;
+
+  GNUNET_IDENTITY_disconnect (me->idh);
+  me->idh = NULL;
+}
+
+
+static void *
+connect_cb (void *cls,
+            const struct GNUNET_PeerIdentity *peer,
+            struct GNUNET_MQ_Handle *mq)
+{
+  static int connects = 0;
+
+  connects++;
+  if (NUM_TEST_PEERS * NUM_TEST_PEERS == connects)
+  {
+    fprintf (stderr, "All peers connected @ CORE ...\n");
+
+    /* Connect to identity service */
+    testpeers[0].identity_op =
+      GNUNET_TESTBED_service_connect (NULL,
+                                      testpeers[0].p,
+                                      "identity",
+                                      &identity_completion_cb,
+                                      NULL,
+                                      &identity_connect_adapter,
+                                      &identity_disconnect_adapter,
+                                      &testpeers[0]);
+    testpeers[1].identity_op =
+      GNUNET_TESTBED_service_connect (NULL,
+                                      testpeers[1].p,
+                                      "identity",
+                                      *identity_completion_cb,
+                                      NULL,
+                                      &identity_connect_adapter,
+                                      &identity_disconnect_adapter,
+                                      &testpeers[1]);
+  }
+  return NULL;
+}
+
+
+static void
+core_completion_cb (void *cls,
+                    struct GNUNET_TESTBED_Operation *op,
+                    void *ca_result,
+                    const char *emsg)
+{
+  static int completed = 0;
+
+  completed++;
+  if (NUM_TEST_PEERS == completed)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Connected to CORE\n");
+  }
+}
+
+
+static void *
+core_connect_adapter (void *cls, const struct GNUNET_CONFIGURATION_Handle *cfg)
+{
+  struct TestPeer *me = cls;
+
+  me->cfg = cfg;
+  me->ch = GNUNET_CORE_connect (cfg, me, NULL, &connect_cb, NULL, NULL);
+  if (NULL == me->ch)
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to create CORE handle \n");
+  return me->ch;
+}
+
+
+static void
+core_disconnect_adapter (void *cls, void *op_result)
+{
+  struct TestPeer *me = cls;
+
+  GNUNET_CORE_disconnect (me->ch);
+  me->ch = NULL;
+}
+
+
+static void
+test_connection (void *cls,
+                 struct GNUNET_TESTBED_RunHandle *h,
+                 unsigned int num_peers,
+                 struct GNUNET_TESTBED_Peer **peers,
+                 unsigned int links_succeeded,
+                 unsigned int links_failed)
+{
+  unsigned int c;
+
+  GNUNET_SCHEDULER_add_shutdown (&do_shutdown, NULL);
+  if (NUM_TEST_PEERS != num_peers)
+  {
+    ok = 4;
+    fprintf (stderr,
+             "Only %u out of %u peers were started ...\n",
+             num_peers,
+             NUM_TEST_PEERS);
+    GNUNET_SCHEDULER_shutdown ();
+    return;
+  }
+  /* We are generating a CLIQUE */
+  if (NUM_TEST_PEERS * (NUM_TEST_PEERS - 1) == links_succeeded)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+                "Testbed connected peers, initializing test\n");
+    for (c = 0; c < num_peers; c++)
+    {
+      testpeers[c].p = peers[c];
+      testpeers[c].core_op =
+        GNUNET_TESTBED_service_connect (NULL,
+                                        testpeers[c].p,
+                                        "core",
+                                        &core_completion_cb,
+                                        NULL,
+                                        &core_connect_adapter,
+                                        &core_disconnect_adapter,
+                                        &testpeers[c]);
+    }
+  }
+  else
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Testbed failed to connect peers\n");
+    ok = 5;
+    GNUNET_SCHEDULER_shutdown ();
+    return;
+  }
+}
+
+
+int
+main (int argc, char *argv[])
+{
+  ok = 1;
+  /* Connecting initial topology */
+  (void) GNUNET_TESTBED_test_run ("test-revocation",
+                                  "test_revocation.conf",
+                                  NUM_TEST_PEERS,
+                                  0,
+                                  NULL,
+                                  NULL,
+                                  &test_connection,
+                                  NULL);
+  return ok;
+}
+
+
+/* end of test_revocation.c */
diff --git a/src/service/revocation/test_revocation.conf b/src/service/revocation/test_revocation.conf
new file mode 100644
index 000000000..66e2cdcc9
--- /dev/null
+++ b/src/service/revocation/test_revocation.conf
@@ -0,0 +1,31 @@
+@INLINE@ ../../contrib/conf/gnunet/no_forcestart.conf
+
+[paths]
+GNUNET_HOME=$GNUNET_TMP/test-revocation-service
+SERVICEHOME=$GNUNET_TMP/test-revocation-service
+
+[revocation]
+WORKBITS = 3
+IMMEDIATE_START = YES
+EPOCH_DURATION = 365 d
+
+[identity]
+# Directory where we store information about our egos
+EGODIR = $GNUNET_HOME/identity/egos/
+SUBSYSTEM_CFG = $SERVICEHOME/s.conf
+
+[nat]
+RETURN_LOCAL_ADDRESSES = YES
+
+[transport]
+PLUGINS = tcp
+
+[peerinfo]
+USE_INCLUDED_HELLOS = NO
+
+[testbed]
+OVERLAY_TOPOLOGY = CLIQUE
+SETUP_TIMEOUT = 10 s
+OPERATION_TIMEOUT = 5 s
+CACHE_SIZE = 0
+
diff --git a/src/service/revocation/test_revocation_testvectors.c b/src/service/revocation/test_revocation_testvectors.c
new file mode 100644
index 000000000..a669e1b7e
--- /dev/null
+++ b/src/service/revocation/test_revocation_testvectors.c
@@ -0,0 +1,297 @@
+#include "platform.h"
+#include "gnunet_util_lib.h"
+#include "gnunet_revocation_service.h"
+#include "gnunet_gnsrecord_lib.h"
+#include <inttypes.h>
+
+int res;
+
+struct RevocationTv
+{
+  char *d;
+  char *zid;
+  char *ztld;
+  char *m;
+  char *proof;
+  int diff;
+  int epochs;
+};
+
+struct RevocationTv rtvs[] = {
+  {
+    .d =
+      "6f ea 32 c0 5a f5 8b fa"
+      "97 95 53 d1 88 60 5f d5"
+      "7d 8b f9 cc 26 3b 78 d5"
+      "f7 47 8c 07 b9 98 ed 70",
+    .zid =
+      "00 01 00 00 2c a2 23 e8"
+      "79 ec c4 bb de b5 da 17"
+      "31 92 81 d6 3b 2e 3b 69"
+      "55 f1 c3 77 5c 80 4a 98"
+      "d5 f8 dd aa",
+    .ztld =
+      "000G001CM8HYGYFCRJXXXDET2WRS50EP7CQ3PTANY71QEQ409ACDBY6XN8",
+    .m =
+      "00 00 00 34 00 00 00 03"
+      "00 05 fe b4 6d 86 5c 1c"
+      "00 01 00 00 2c a2 23 e8"
+      "79 ec c4 bb de b5 da 17"
+      "31 92 81 d6 3b 2e 3b 69"
+      "55 f1 c3 77 5c 80 4a 98"
+      "d5 f8 dd aa",
+    .proof =
+      "00 05 ff 1c 56 e4 b2 68"
+      "00 00 39 5d 18 27 c0 00"
+      "38 0b 54 aa 70 16 ac a2"
+      "38 0b 54 aa 70 16 ad 62"
+      "38 0b 54 aa 70 16 af 3e"
+      "38 0b 54 aa 70 16 af 93"
+      "38 0b 54 aa 70 16 b0 bf"
+      "38 0b 54 aa 70 16 b0 ee"
+      "38 0b 54 aa 70 16 b1 c9"
+      "38 0b 54 aa 70 16 b1 e5"
+      "38 0b 54 aa 70 16 b2 78"
+      "38 0b 54 aa 70 16 b2 b2"
+      "38 0b 54 aa 70 16 b2 d6"
+      "38 0b 54 aa 70 16 b2 e4"
+      "38 0b 54 aa 70 16 b3 2c"
+      "38 0b 54 aa 70 16 b3 5a"
+      "38 0b 54 aa 70 16 b3 9d"
+      "38 0b 54 aa 70 16 b3 c0"
+      "38 0b 54 aa 70 16 b3 dd"
+      "38 0b 54 aa 70 16 b3 f4"
+      "38 0b 54 aa 70 16 b4 42"
+      "38 0b 54 aa 70 16 b4 76"
+      "38 0b 54 aa 70 16 b4 8c"
+      "38 0b 54 aa 70 16 b4 a4"
+      "38 0b 54 aa 70 16 b4 c9"
+      "38 0b 54 aa 70 16 b4 f0"
+      "38 0b 54 aa 70 16 b4 f7"
+      "38 0b 54 aa 70 16 b5 79"
+      "38 0b 54 aa 70 16 b6 34"
+      "38 0b 54 aa 70 16 b6 8e"
+      "38 0b 54 aa 70 16 b7 b4"
+      "38 0b 54 aa 70 16 b8 7e"
+      "38 0b 54 aa 70 16 b8 f8"
+      "38 0b 54 aa 70 16 b9 2a"
+      "00 01 00 00 2c a2 23 e8"
+      "79 ec c4 bb de b5 da 17"
+      "31 92 81 d6 3b 2e 3b 69"
+      "55 f1 c3 77 5c 80 4a 98"
+      "d5 f8 dd aa 08 ca ff de"
+      "3c 6d f1 45 f7 e0 79 81"
+      "15 37 b2 b0 42 2d 5e 1f"
+      "b2 01 97 81 ec a2 61 d1"
+      "f9 d8 ea 81 0a bc 2f 33"
+      "47 7f 04 e3 64 81 11 be"
+      "71 c2 48 82 1a d6 04 f4"
+      "94 e7 4d 0b f5 11 d2 c1"
+      "62 77 2e 81",
+    .diff = 5,
+    .epochs = 2
+  },
+  {
+    .d =
+      "5a f7 02 0e e1 91 60 32"
+      "88 32 35 2b bc 6a 68 a8"
+      "d7 1a 7c be 1b 92 99 69"
+      "a7 c6 6d 41 5a 0d 8f 65",
+    .zid =
+      "00 01 00 14 3c f4 b9 24"
+      "03 20 22 f0 dc 50 58 14"
+      "53 b8 5d 93 b0 47 b6 3d"
+      "44 6c 58 45 cb 48 44 5d"
+      "db 96 68 8f",
+    .ztld =
+      "000G051WYJWJ80S04BRDRM2R2H9VGQCKP13VCFA4DHC4BJT88HEXQ5K8HW",
+    .diff = 5,
+    .epochs = 2,
+    .m =
+      "00 00 00 34 00 00 00 03"
+      "00 05 ff 1c 57 35 42 bd"
+      "00 01 00 14 3c f4 b9 24"
+      "03 20 22 f0 dc 50 58 14"
+      "53 b8 5d 93 b0 47 b6 3d"
+      "44 6c 58 45 cb 48 44 5d"
+      "db 96 68 8f",
+    .proof =
+      "00 05 ff 1c 57 35 42 bd"
+      "00 00 39 5d 18 27 c0 00"
+      "58 4c 93 3c b0 99 2a 08"
+      "58 4c 93 3c b0 99 2d f7"
+      "58 4c 93 3c b0 99 2e 21"
+      "58 4c 93 3c b0 99 2e 2a"
+      "58 4c 93 3c b0 99 2e 53"
+      "58 4c 93 3c b0 99 2e 8e"
+      "58 4c 93 3c b0 99 2f 13"
+      "58 4c 93 3c b0 99 2f 2d"
+      "58 4c 93 3c b0 99 2f 3c"
+      "58 4c 93 3c b0 99 2f 41"
+      "58 4c 93 3c b0 99 2f fd"
+      "58 4c 93 3c b0 99 30 33"
+      "58 4c 93 3c b0 99 30 82"
+      "58 4c 93 3c b0 99 30 a2"
+      "58 4c 93 3c b0 99 30 e1"
+      "58 4c 93 3c b0 99 31 ce"
+      "58 4c 93 3c b0 99 31 de"
+      "58 4c 93 3c b0 99 32 12"
+      "58 4c 93 3c b0 99 32 4e"
+      "58 4c 93 3c b0 99 32 9f"
+      "58 4c 93 3c b0 99 33 31"
+      "58 4c 93 3c b0 99 33 87"
+      "58 4c 93 3c b0 99 33 8c"
+      "58 4c 93 3c b0 99 33 e5"
+      "58 4c 93 3c b0 99 33 f3"
+      "58 4c 93 3c b0 99 34 26"
+      "58 4c 93 3c b0 99 34 30"
+      "58 4c 93 3c b0 99 34 68"
+      "58 4c 93 3c b0 99 34 88"
+      "58 4c 93 3c b0 99 34 8a"
+      "58 4c 93 3c b0 99 35 4c"
+      "58 4c 93 3c b0 99 35 bd"
+      "00 01 00 14 3c f4 b9 24"
+      "03 20 22 f0 dc 50 58 14"
+      "53 b8 5d 93 b0 47 b6 3d"
+      "44 6c 58 45 cb 48 44 5d"
+      "db 96 68 8f 04 ae 26 f7"
+      "63 56 5a b7 aa ab 01 71"
+      "72 4f 3c a8 bc c5 1a 98"
+      "b7 d4 c9 2e a3 3c d9 34"
+      "4c a8 b6 3e 04 53 3a bf"
+      "1a 3c 05 49 16 b3 68 2c"
+      "5c a8 cb 4d d0 f8 4c 3b"
+      "77 48 7a ac 6e ce 38 48"
+      "0b a9 d5 00"
+  },
+  { .d = NULL }
+};
+
+static void
+print_bytes_ (void *buf,
+              size_t buf_len,
+              int fold,
+              int in_be)
+{
+  int i;
+
+  for (i = 0; i < buf_len; i++)
+  {
+    if (0 != i)
+    {
+      if ((0 != fold) && (i % fold == 0))
+        printf ("\n  ");
+      else
+        printf (" ");
+    }
+    else
+    {
+      printf ("  ");
+    }
+    if (in_be)
+      printf ("%02x", ((unsigned char*) buf)[buf_len - 1 - i]);
+    else
+      printf ("%02x", ((unsigned char*) buf)[i]);
+  }
+  printf ("\n");
+}
+
+
+static void
+print_bytes (void *buf,
+             size_t buf_len,
+             int fold)
+{
+  print_bytes_ (buf, buf_len, fold, 0);
+}
+
+
+int
+parsehex (char *src, char *dst, size_t dstlen, int invert)
+{
+  int off;
+  int read_byte;
+  int data_len = 0;
+  char data[strlen (src) + 1];
+  char *pos = data;
+  int i = 0;
+  int j = 0;
+
+  for (i = 0; i < strlen (src); i++)
+  {
+    if ((src[i] == ' ') || (src[i] == '\n'))
+      continue;
+    data[j++] = src[i];
+  }
+
+  while (sscanf (pos, " %02x%n", &read_byte, &off) == 1)
+  {
+    if (invert)
+      dst[dstlen - 1 - data_len++] = read_byte;
+    else
+      dst[data_len++] = read_byte;
+    pos += off;
+  }
+  return data_len;
+}
+
+
+int
+main ()
+{
+  struct GNUNET_CRYPTO_PrivateKey priv;
+  struct GNUNET_CRYPTO_PublicKey pub;
+  struct GNUNET_CRYPTO_PublicKey pub_parsed;
+  struct GNUNET_TIME_Relative exprel;
+  struct GNUNET_REVOCATION_PowP *pow;
+  char m[8096];
+  char ztld[128];
+  res = 0;
+
+  for (int i = 0; NULL != rtvs[i].d; i++)
+  {
+    printf ("Revocation test vector #%d\n", i);
+    parsehex (rtvs[i].zid,(char*) &pub_parsed, 36, 0);
+    parsehex (rtvs[i].d,(char*) &priv.ecdsa_key, sizeof (priv.ecdsa_key),
+              (GNUNET_GNSRECORD_TYPE_PKEY == ntohl (pub_parsed.type)) ? 1 : 0);
+    priv.type = pub_parsed.type;
+    GNUNET_CRYPTO_key_get_public (&priv, &pub);
+    if (0 != memcmp (&pub, &pub_parsed, GNUNET_CRYPTO_public_key_get_length (
+                       &pub)))
+    {
+      printf ("Wrong pubkey.\n");
+      print_bytes (&pub, 36, 8);
+      print_bytes (&pub_parsed, 36, 8);
+      res = 1;
+      break;
+    }
+    GNUNET_STRINGS_data_to_string (&pub,
+                                   GNUNET_CRYPTO_public_key_get_length (
+                                     &pub),
+                                   ztld,
+                                   sizeof (ztld));
+    if (0 != strcmp (ztld, rtvs[i].ztld))
+    {
+      printf ("Wrong zTLD: expected %s, got %s\n", rtvs[i].ztld, ztld);
+      res = 1;
+      break;
+    }
+    pow = GNUNET_malloc (GNUNET_REVOCATION_MAX_PROOF_SIZE);
+    parsehex (rtvs[i].proof, (char*) pow, 0, 0);
+    // parsehex (rtvs[i].m, (char*) message, 0, 0);
+
+    exprel = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_YEARS,
+                                            rtvs[i].epochs);
+    if (GNUNET_OK != GNUNET_REVOCATION_check_pow (pow, rtvs[i].diff,
+                                                  exprel))
+    {
+      printf ("FAIL: Revocation PoW invalid\n");
+      res = 1;
+      break;
+    }
+    printf ("Good.\n");
+  }
+
+finish:
+  return res;
+}