WIP: BluetoothPlugin: adds abstract superclass

The droidtooth plugin and bluetooth plugins share a lot of common code.
Add an abstract superclass that shares the common code between both
classes.

.gitignore

@@ -9,17 +9,18 @@ Thumbs.db
 .DS_Store
 
 # Eclipse project files
-#.classpath
-#.project
+.classpath
+.project
+.settings
 
 # Local configuration file (sdk path, etc)
 local.properties
 
 # Android Studio
 .idea/*
+!.idea/runConfigurations/
 !.idea/codeStyleSettings.xml
 .gradle
 build/
 *.iml
-.gitignore
-src/test/
+projectFilesBackup/

.idea/runConfigurations/All_tests.xml

@@ -0,0 +1,28 @@
+<component name="ProjectRunConfigurationManager">
+  <configuration default="false" name="All tests" type="AndroidJUnit" factoryName="Android JUnit">
+    <extension name="coverage" enabled="false" merge="false" sample_coverage="true" runner="idea" />
+    <module name="briar-android" />
+    <option name="ALTERNATIVE_JRE_PATH_ENABLED" value="false" />
+    <option name="ALTERNATIVE_JRE_PATH" />
+    <option name="PACKAGE_NAME" value="" />
+    <option name="MAIN_CLASS_NAME" value="" />
+    <option name="METHOD_NAME" value="" />
+    <option name="TEST_OBJECT" value="package" />
+    <option name="VM_PARAMETERS" value="-ea" />
+    <option name="PARAMETERS" value="" />
+    <option name="WORKING_DIRECTORY" value="file://$PROJECT_DIR$/briar-android" />
+    <option name="ENV_VARIABLES" />
+    <option name="PASS_PARENT_ENVS" value="true" />
+    <option name="TEST_SEARCH_SCOPE">
+      <value defaultName="singleModule" />
+    </option>
+    <envs />
+    <patterns />
+    <method>
+      <option name="RunConfigurationTask" enabled="true" run_configuration_name="All tests in bramble-api" run_configuration_type="AndroidJUnit" />
+      <option name="RunConfigurationTask" enabled="true" run_configuration_name="All tests in bramble-core" run_configuration_type="AndroidJUnit" />
+      <option name="RunConfigurationTask" enabled="true" run_configuration_name="All tests in bramble-j2se" run_configuration_type="AndroidJUnit" />
+      <option name="RunConfigurationTask" enabled="true" run_configuration_name="All tests in briar-core" run_configuration_type="AndroidJUnit" />
+    </method>
+  </configuration>
+</component>

.idea/runConfigurations/All_tests_in_bramble_api.xml

@@ -0,0 +1,23 @@
+<component name="ProjectRunConfigurationManager">
+  <configuration default="false" name="All tests in bramble-api" type="AndroidJUnit" factoryName="Android JUnit">
+    <extension name="coverage" enabled="false" merge="false" sample_coverage="true" runner="idea" />
+    <module name="bramble-api" />
+    <option name="ALTERNATIVE_JRE_PATH_ENABLED" value="false" />
+    <option name="ALTERNATIVE_JRE_PATH" />
+    <option name="PACKAGE_NAME" value="" />
+    <option name="MAIN_CLASS_NAME" value="" />
+    <option name="METHOD_NAME" value="" />
+    <option name="TEST_OBJECT" value="package" />
+    <option name="VM_PARAMETERS" value="-ea" />
+    <option name="PARAMETERS" value="" />
+    <option name="WORKING_DIRECTORY" value="file://$PROJECT_DIR$/bramble-api" />
+    <option name="ENV_VARIABLES" />
+    <option name="PASS_PARENT_ENVS" value="true" />
+    <option name="TEST_SEARCH_SCOPE">
+      <value defaultName="singleModule" />
+    </option>
+    <envs />
+    <patterns />
+    <method />
+  </configuration>
+</component>

.idea/runConfigurations/All_tests_in_bramble_core.xml

@@ -0,0 +1,23 @@
+<component name="ProjectRunConfigurationManager">
+  <configuration default="false" name="All tests in bramble-core" type="AndroidJUnit" factoryName="Android JUnit">
+    <extension name="coverage" enabled="false" merge="false" sample_coverage="true" runner="idea" />
+    <module name="bramble-core" />
+    <option name="ALTERNATIVE_JRE_PATH_ENABLED" value="false" />
+    <option name="ALTERNATIVE_JRE_PATH" />
+    <option name="PACKAGE_NAME" value="" />
+    <option name="MAIN_CLASS_NAME" value="" />
+    <option name="METHOD_NAME" value="" />
+    <option name="TEST_OBJECT" value="package" />
+    <option name="VM_PARAMETERS" value="-ea" />
+    <option name="PARAMETERS" value="" />
+    <option name="WORKING_DIRECTORY" value="file://$PROJECT_DIR$/bramble-core" />
+    <option name="ENV_VARIABLES" />
+    <option name="PASS_PARENT_ENVS" value="true" />
+    <option name="TEST_SEARCH_SCOPE">
+      <value defaultName="singleModule" />
+    </option>
+    <envs />
+    <patterns />
+    <method />
+  </configuration>
+</component>

.idea/runConfigurations/All_tests_in_bramble_j2se.xml

@@ -0,0 +1,23 @@
+<component name="ProjectRunConfigurationManager">
+  <configuration default="false" name="All tests in bramble-j2se" type="AndroidJUnit" factoryName="Android JUnit">
+    <extension name="coverage" enabled="false" merge="false" sample_coverage="true" runner="idea" />
+    <module name="bramble-j2se" />
+    <option name="ALTERNATIVE_JRE_PATH_ENABLED" value="false" />
+    <option name="ALTERNATIVE_JRE_PATH" />
+    <option name="PACKAGE_NAME" value="" />
+    <option name="MAIN_CLASS_NAME" value="" />
+    <option name="METHOD_NAME" value="" />
+    <option name="TEST_OBJECT" value="package" />
+    <option name="VM_PARAMETERS" value="-ea -Djava.library.path=libs" />
+    <option name="PARAMETERS" value="" />
+    <option name="WORKING_DIRECTORY" value="file://$PROJECT_DIR$/bramble-j2se" />
+    <option name="ENV_VARIABLES" />
+    <option name="PASS_PARENT_ENVS" value="true" />
+    <option name="TEST_SEARCH_SCOPE">
+      <value defaultName="singleModule" />
+    </option>
+    <envs />
+    <patterns />
+    <method />
+  </configuration>
+</component>

.idea/runConfigurations/All_tests_in_briar_android.xml

@@ -0,0 +1,23 @@
+<component name="ProjectRunConfigurationManager">
+  <configuration default="false" name="All tests in briar-android" type="AndroidJUnit" factoryName="Android JUnit">
+    <extension name="coverage" enabled="false" merge="false" sample_coverage="true" runner="idea" />
+    <module name="briar-android" />
+    <option name="ALTERNATIVE_JRE_PATH_ENABLED" value="false" />
+    <option name="ALTERNATIVE_JRE_PATH" />
+    <option name="PACKAGE_NAME" value="" />
+    <option name="MAIN_CLASS_NAME" value="" />
+    <option name="METHOD_NAME" value="" />
+    <option name="TEST_OBJECT" value="package" />
+    <option name="VM_PARAMETERS" value="-ea" />
+    <option name="PARAMETERS" value="" />
+    <option name="WORKING_DIRECTORY" value="file://$PROJECT_DIR$/briar-android" />
+    <option name="ENV_VARIABLES" />
+    <option name="PASS_PARENT_ENVS" value="true" />
+    <option name="TEST_SEARCH_SCOPE">
+      <value defaultName="singleModule" />
+    </option>
+    <envs />
+    <patterns />
+    <method />
+  </configuration>
+</component>

.idea/runConfigurations/All_tests_in_briar_core.xml

@@ -0,0 +1,23 @@
+<component name="ProjectRunConfigurationManager">
+  <configuration default="false" name="All tests in briar-core" type="AndroidJUnit" factoryName="Android JUnit">
+    <extension name="coverage" enabled="false" merge="false" sample_coverage="true" runner="idea" />
+    <module name="briar-core" />
+    <option name="ALTERNATIVE_JRE_PATH_ENABLED" value="false" />
+    <option name="ALTERNATIVE_JRE_PATH" />
+    <option name="PACKAGE_NAME" value="" />
+    <option name="MAIN_CLASS_NAME" value="" />
+    <option name="METHOD_NAME" value="" />
+    <option name="TEST_OBJECT" value="package" />
+    <option name="VM_PARAMETERS" value="-ea" />
+    <option name="PARAMETERS" value="" />
+    <option name="WORKING_DIRECTORY" value="file://$PROJECT_DIR$/briar-core" />
+    <option name="ENV_VARIABLES" />
+    <option name="PASS_PARENT_ENVS" value="true" />
+    <option name="TEST_SEARCH_SCOPE">
+      <value defaultName="singleModule" />
+    </option>
+    <envs />
+    <patterns />
+    <method />
+  </configuration>
+</component>

bramble-android/src/main/java/org/briarproject/bramble/plugin/droidtooth/DroidtoothPlugin.java

@@ -19,8 +19,7 @@ import org.briarproject.bramble.api.nullsafety.MethodsNotNullByDefault;
 import org.briarproject.bramble.api.nullsafety.ParametersNotNullByDefault;
 import org.briarproject.bramble.api.plugin.Backoff;
 import org.briarproject.bramble.api.plugin.PluginException;
-import org.briarproject.bramble.api.plugin.TransportId;
-import org.briarproject.bramble.api.plugin.duplex.DuplexPlugin;
+import org.briarproject.bramble.api.plugin.duplex.AbstractBluetoothPlugin;
 import org.briarproject.bramble.api.plugin.duplex.DuplexPluginCallback;
 import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
 import org.briarproject.bramble.api.properties.TransportProperties;
@@ -67,6 +66,7 @@ import static java.util.logging.Level.INFO;
 import static java.util.logging.Level.WARNING;
 import static org.briarproject.bramble.api.keyagreement.KeyAgreementConstants.TRANSPORT_ID_BLUETOOTH;
 import static org.briarproject.bramble.api.plugin.BluetoothConstants.ID;
+import static org.briarproject.bramble.api.plugin.BluetoothConstants.PREF_BT_ENABLE;
 import static org.briarproject.bramble.api.plugin.BluetoothConstants.PROP_ADDRESS;
 import static org.briarproject.bramble.api.plugin.BluetoothConstants.PROP_UUID;
 import static org.briarproject.bramble.api.plugin.BluetoothConstants.UUID_BYTES;
@@ -74,7 +74,8 @@ import static org.briarproject.bramble.util.PrivacyUtils.scrubMacAddress;
 
 @MethodsNotNullByDefault
 @ParametersNotNullByDefault
-class DroidtoothPlugin implements DuplexPlugin {
+class DroidtoothPlugin<C, S>
+		extends AbstractBluetoothPlugin<C, S>{
 
 	private static final Logger LOG =
 			Logger.getLogger(DroidtoothPlugin.class.getName());
@@ -83,16 +84,10 @@ class DroidtoothPlugin implements DuplexPlugin {
 	private static final String DISCOVERY_FINISHED =
 			"android.bluetooth.adapter.action.DISCOVERY_FINISHED";
 
-	private final Executor ioExecutor;
 	private final AndroidExecutor androidExecutor;
 	private final Context appContext;
-	private final SecureRandom secureRandom;
-	private final Backoff backoff;
-	private final DuplexPluginCallback callback;
-	private final int maxLatency;
 	private final AtomicBoolean used = new AtomicBoolean(false);
 
-	private volatile boolean running = false;
 	private volatile boolean wasEnabledByUs = false;
 	private volatile BluetoothStateReceiver receiver = null;
 	private volatile BluetoothServerSocket socket = null;
@@ -103,29 +98,15 @@ class DroidtoothPlugin implements DuplexPlugin {
 	DroidtoothPlugin(Executor ioExecutor, AndroidExecutor androidExecutor,
 			Context appContext, SecureRandom secureRandom, Backoff backoff,
 			DuplexPluginCallback callback, int maxLatency) {
-		this.ioExecutor = ioExecutor;
+
+		super(ioExecutor, secureRandom, backoff, maxLatency, callback);
 		this.androidExecutor = androidExecutor;
 		this.appContext = appContext;
-		this.secureRandom = secureRandom;
-		this.backoff = backoff;
-		this.callback = callback;
-		this.maxLatency = maxLatency;
 	}
 
 	@Override
-	public TransportId getId() {
-		return ID;
-	}
-
-	@Override
-	public int getMaxLatency() {
-		return maxLatency;
-	}
-
-	@Override
-	public int getMaxIdleTime() {
-		// Bluetooth detects dead connections so we don't need keepalives
-		return Integer.MAX_VALUE;
+	protected void close(S ss) throws IOException {
+		((BluetoothServerSocket)ss).close();
 	}
 
 	@Override
@@ -164,7 +145,7 @@ class DroidtoothPlugin implements DuplexPlugin {
 			bind();
 		} else {
 			// Enable Bluetooth if settings allow
-			if (callback.getSettings().getBoolean("enable", false)) {
+			if (callback.getSettings().getBoolean(PREF_BT_ENABLE, false)) {
 				wasEnabledByUs = true;
 				if (adapter.enable()) LOG.info("Enabling Bluetooth");
 				else LOG.info("Could not enable Bluetooth");
@@ -193,14 +174,14 @@ class DroidtoothPlugin implements DuplexPlugin {
 				BluetoothServerSocket ss;
 				try {
 					ss = adapter.listenUsingInsecureRfcommWithServiceRecord(
-							"RFCOMM", getUuid());
+							"RFCOMM", UUID.fromString(getUuid()));
 				} catch (IOException e) {
 					if (LOG.isLoggable(WARNING))
 						LOG.log(WARNING, e.toString(), e);
 					return;
 				}
 				if (!isRunning()) {
-					tryToClose(ss);
+					tryToClose((S)ss);
 					return;
 				}
 				LOG.info("Socket bound");
@@ -212,29 +193,6 @@ class DroidtoothPlugin implements DuplexPlugin {
 		});
 	}
 
-	private UUID getUuid() {
-		String uuid = callback.getLocalProperties().get(PROP_UUID);
-		if (uuid == null) {
-			byte[] random = new byte[UUID_BYTES];
-			secureRandom.nextBytes(random);
-			uuid = UUID.nameUUIDFromBytes(random).toString();
-			TransportProperties p = new TransportProperties();
-			p.put(PROP_UUID, uuid);
-			callback.mergeLocalProperties(p);
-		}
-		return UUID.fromString(uuid);
-	}
-
-	private void tryToClose(@Nullable BluetoothServerSocket ss) {
-		try {
-			if (ss != null) ss.close();
-		} catch (IOException e) {
-			if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
-		} finally {
-			callback.transportDisabled();
-		}
-	}
-
 	private void acceptContactConnections() {
 		while (isRunning()) {
 			BluetoothSocket s;
@@ -260,9 +218,9 @@ class DroidtoothPlugin implements DuplexPlugin {
 
 	@Override
 	public void stop() {
-		running = false;
+		this.running = false;
 		if (receiver != null) appContext.unregisterReceiver(receiver);
-		tryToClose(socket);
+		tryToClose((S)socket);
 		// Disable Bluetooth if we enabled it and it's still enabled
 		if (wasEnabledByUs && adapter.isEnabled()) {
 			if (adapter.disable()) LOG.info("Disabling Bluetooth");
@@ -275,42 +233,20 @@ class DroidtoothPlugin implements DuplexPlugin {
 		return running && adapter != null && adapter.isEnabled();
 	}
 
-	@Override
-	public boolean shouldPoll() {
-		return true;
-	}
-
-	@Override
-	public int getPollingInterval() {
-		return backoff.getPollingInterval();
-	}
-
-	@Override
-	public void poll(Collection<ContactId> connected) {
-		if (!isRunning()) return;
-		backoff.increment();
-		// Try to connect to known devices in parallel
-		Map<ContactId, TransportProperties> remote =
-				callback.getRemoteProperties();
-		for (Entry<ContactId, TransportProperties> e : remote.entrySet()) {
-			final ContactId c = e.getKey();
-			if (connected.contains(c)) continue;
-			final String address = e.getValue().get(PROP_ADDRESS);
-			if (StringUtils.isNullOrEmpty(address)) continue;
-			final String uuid = e.getValue().get(PROP_UUID);
-			if (StringUtils.isNullOrEmpty(uuid)) continue;
-			ioExecutor.execute(new Runnable() {
-				@Override
-				public void run() {
-					if (!running) return;
-					BluetoothSocket s = connect(address, uuid);
-					if (s != null) {
-						backoff.reset();
-						callback.outgoingConnectionCreated(c, wrapSocket(s));
-					}
+	protected Runnable returnPollRunnable(final String address, final String uuid,
+			final ContactId c) {
+		return new Runnable() {
+			@Override
+			public void run() {
+				if (!running) return;
+				BluetoothSocket s = connect(address, uuid);
+				if (s != null) {
+					backoff.reset();
+					callback.outgoingConnectionCreated(c, wrapSocket(s));
 				}
-			});
-		}
+			}
+
+		};
 	}
 
 	@Nullable
@@ -346,37 +282,17 @@ class DroidtoothPlugin implements DuplexPlugin {
 				LOG.info("Failed to connect to " + scrubMacAddress(address)
 						+ ": " + e);
 			}
-			tryToClose(s);
+			tryToClose((S)s);
 			return null;
 		}
 	}
 
-	private void tryToClose(@Nullable Closeable c) {
-		try {
-			if (c != null) c.close();
-		} catch (IOException e) {
-			if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
-		}
-	}
 
-	@Override
-	public DuplexTransportConnection createConnection(ContactId c) {
-		if (!isRunning()) return null;
-		TransportProperties p = callback.getRemoteProperties().get(c);
-		if (p == null) return null;
-		String address = p.get(PROP_ADDRESS);
-		if (StringUtils.isNullOrEmpty(address)) return null;
-		String uuid = p.get(PROP_UUID);
-		if (StringUtils.isNullOrEmpty(uuid)) return null;
+	public DuplexTransportConnection connectToAddress(String address, String uuid) {
 		BluetoothSocket s = connect(address, uuid);
-		if (s == null) return null;
-		return new DroidtoothTransportConnection(this, s);
+		return s == null ? null : wrapSocket(s);
 	}
 
-	@Override
-	public boolean supportsInvitations() {
-		return true;
-	}
 
 	@Override
 	public DuplexTransportConnection createInvitationConnection(PseudoRandom r,
@@ -425,7 +341,7 @@ class DroidtoothPlugin implements DuplexPlugin {
 			return null;
 		} finally {
 			// Closing the socket will terminate the listener task
-			tryToClose(ss);
+			tryToClose((S)ss);
 			closeSockets(futures, chosen);
 		}
 	}
@@ -457,11 +373,6 @@ class DroidtoothPlugin implements DuplexPlugin {
 		});
 	}
 
-	@Override
-	public boolean supportsKeyAgreement() {
-		return true;
-	}
-
 	@Override
 	public KeyAgreementListener createKeyAgreementListener(byte[] commitment) {
 		if (!isRunning()) return null;
@@ -486,31 +397,6 @@ class DroidtoothPlugin implements DuplexPlugin {
 		return new BluetoothKeyAgreementListener(descriptor, ss);
 	}
 
-	@Override
-	public DuplexTransportConnection createKeyAgreementConnection(
-			byte[] commitment, BdfList descriptor, long timeout) {
-		if (!isRunning()) return null;
-		String address;
-		try {
-			address = parseAddress(descriptor);
-		} catch (FormatException e) {
-			LOG.info("Invalid address in key agreement descriptor");
-			return null;
-		}
-		// No truncation necessary because COMMIT_LENGTH = 16
-		UUID uuid = UUID.nameUUIDFromBytes(commitment);
-		if (LOG.isLoggable(INFO))
-			LOG.info("Connecting to key agreement UUID " + uuid);
-		BluetoothSocket s = connect(address, uuid.toString());
-		if (s == null) return null;
-		return new DroidtoothTransportConnection(this, s);
-	}
-
-	private String parseAddress(BdfList descriptor) throws FormatException {
-		byte[] mac = descriptor.getRaw(1);
-		if (mac.length != 6) throw new FormatException();
-		return StringUtils.macToString(mac);
-	}
 
 	private class BluetoothStateReceiver extends BroadcastReceiver {
 
@@ -522,7 +408,7 @@ class DroidtoothPlugin implements DuplexPlugin {
 				bind();
 			} else if (state == STATE_OFF) {
 				LOG.info("Bluetooth disabled");
-				tryToClose(socket);
+				tryToClose((S)socket);
 			}
 			int scanMode = intent.getIntExtra(EXTRA_SCAN_MODE, 0);
 			if (scanMode == SCAN_MODE_NONE) {

bramble-android/src/main/java/org/briarproject/bramble/plugin/tor/TorPlugin.java

@@ -79,6 +79,12 @@ import static java.util.logging.Level.WARNING;
 import static net.freehaven.tor.control.TorControlCommands.HS_ADDRESS;
 import static net.freehaven.tor.control.TorControlCommands.HS_PRIVKEY;
 import static org.briarproject.bramble.api.plugin.TorConstants.CONTROL_PORT;
+import static org.briarproject.bramble.api.plugin.TorConstants.ID;
+import static org.briarproject.bramble.api.plugin.TorConstants.PREF_TOR_NETWORK;
+import static org.briarproject.bramble.api.plugin.TorConstants.PREF_TOR_NETWORK_ALWAYS;
+import static org.briarproject.bramble.api.plugin.TorConstants.PREF_TOR_NETWORK_NEVER;
+import static org.briarproject.bramble.api.plugin.TorConstants.PREF_TOR_NETWORK_WIFI;
+import static org.briarproject.bramble.api.plugin.TorConstants.PREF_TOR_PORT;
 import static org.briarproject.bramble.util.PrivacyUtils.scrubOnion;
 
 @MethodsNotNullByDefault
@@ -182,19 +188,31 @@ class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 		String torPath = torFile.getAbsolutePath();
 		String configPath = configFile.getAbsolutePath();
 		String pid = String.valueOf(android.os.Process.myPid());
-		String[] cmd = {torPath, "-f", configPath, OWNER, pid};
-		String[] env = {"HOME=" + torDirectory.getAbsolutePath()};
 		Process torProcess;
+		ProcessBuilder pb =
+				new ProcessBuilder(torPath, "-f", configPath, OWNER, pid);
+		Map<String, String> env = pb.environment();
+		env.put("HOME", torDirectory.getAbsolutePath());
+		pb.directory(torDirectory);
 		try {
-			torProcess = Runtime.getRuntime().exec(cmd, env, torDirectory);
+			torProcess = pb.start();
 		} catch (SecurityException | IOException e) {
 			throw new PluginException(e);
 		}
 		// Log the process's standard output until it detaches
 		if (LOG.isLoggable(INFO)) {
 			Scanner stdout = new Scanner(torProcess.getInputStream());
-			while (stdout.hasNextLine()) LOG.info(stdout.nextLine());
+			Scanner stderr = new Scanner(torProcess.getErrorStream());
+			while (stdout.hasNextLine() || stderr.hasNextLine()){
+				if(stdout.hasNextLine()) {
+					LOG.info(stdout.nextLine());
+				}
+				if(stderr.hasNextLine()){
+					LOG.info(stderr.nextLine());
+				}
+			}
 			stdout.close();
+			stderr.close();
 		}
 		try {
 			// Wait for the process to detach or exit
@@ -366,7 +384,7 @@ class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 			@Override
 			public void run() {
 				// If there's already a port number stored in config, reuse it
-				String portString = callback.getSettings().get("port");
+				String portString = callback.getSettings().get(PREF_TOR_PORT);
 				int port;
 				if (StringUtils.isNullOrEmpty(portString)) port = 0;
 				else port = Integer.parseInt(portString);
@@ -389,7 +407,7 @@ class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 				// Store the port number
 				final String localPort = String.valueOf(ss.getLocalPort());
 				Settings s = new Settings();
-				s.put("port", localPort);
+				s.put(PREF_TOR_PORT, localPort);
 				callback.mergeSettings(s);
 				// Create a hidden service if necessary
 				ioExecutor.execute(new Runnable() {
@@ -666,7 +684,8 @@ class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 	@Override
 	public void eventOccurred(Event e) {
 		if (e instanceof SettingsUpdatedEvent) {
-			if (((SettingsUpdatedEvent) e).getNamespace().equals("tor")) {
+			SettingsUpdatedEvent s = (SettingsUpdatedEvent) e;
+			if (s.getNamespace().equals(ID.getString())) {
 				LOG.info("Tor settings updated");
 				updateConnectionStatus();
 			}
@@ -688,7 +707,8 @@ class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 				boolean blocked = TorNetworkMetadata.isTorProbablyBlocked(
 						country);
 				Settings s = callback.getSettings();
-				boolean useMobileData = s.getBoolean("torOverMobile", true);
+				int network = s.getInt(PREF_TOR_NETWORK,
+						PREF_TOR_NETWORK_ALWAYS);
 
 				if (LOG.isLoggable(INFO)) {
 					LOG.info("Online: " + online + ", wifi: " + wifi);
@@ -703,7 +723,8 @@ class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 					} else if (blocked) {
 						LOG.info("Disabling network, country is blocked");
 						enableNetwork(false);
-					} else if (!wifi && !useMobileData) {
+					} else if (network == PREF_TOR_NETWORK_NEVER
+							|| (network == PREF_TOR_NETWORK_WIFI && !wifi)) {
 						LOG.info("Disabling network due to data setting");
 						enableNetwork(false);
 					} else {

bramble-android/src/main/java/org/briarproject/bramble/system/AndroidSecureRandomProvider.java

@@ -0,0 +1,93 @@
+package org.briarproject.bramble.system;
+
+import android.app.Application;
+import android.bluetooth.BluetoothAdapter;
+import android.bluetooth.BluetoothDevice;
+import android.content.ContentResolver;
+import android.content.Context;
+import android.net.wifi.WifiConfiguration;
+import android.net.wifi.WifiManager;
+import android.os.Build;
+import android.os.Parcel;
+import android.provider.Settings;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+import java.io.DataOutputStream;
+import java.io.IOException;
+import java.util.List;
+
+import javax.annotation.concurrent.Immutable;
+import javax.inject.Inject;
+
+import static android.content.Context.WIFI_SERVICE;
+import static android.provider.Settings.Secure.ANDROID_ID;
+
+@Immutable
+@NotNullByDefault
+class AndroidSecureRandomProvider extends LinuxSecureRandomProvider {
+
+	private static final int SEED_LENGTH = 32;
+
+	private final Context appContext;
+
+	@Inject
+	AndroidSecureRandomProvider(Application app) {
+		appContext = app.getApplicationContext();
+	}
+
+	@Override
+	protected void writeToEntropyPool(DataOutputStream out) throws IOException {
+		super.writeToEntropyPool(out);
+		out.writeInt(android.os.Process.myPid());
+		out.writeInt(android.os.Process.myTid());
+		out.writeInt(android.os.Process.myUid());
+		if (Build.FINGERPRINT != null) out.writeUTF(Build.FINGERPRINT);
+		if (Build.SERIAL != null) out.writeUTF(Build.SERIAL);
+		ContentResolver contentResolver = appContext.getContentResolver();
+		String id = Settings.Secure.getString(contentResolver, ANDROID_ID);
+		if (id != null) out.writeUTF(id);
+		Parcel parcel = Parcel.obtain();
+		WifiManager wm =
+				(WifiManager) appContext.getSystemService(WIFI_SERVICE);
+		List<WifiConfiguration> configs = wm.getConfiguredNetworks();
+		if (configs != null) {
+			for (WifiConfiguration config : configs)
+				parcel.writeParcelable(config, 0);
+		}
+		BluetoothAdapter bt = BluetoothAdapter.getDefaultAdapter();
+		if (bt != null) {
+			for (BluetoothDevice device : bt.getBondedDevices())
+				parcel.writeParcelable(device, 0);
+		}
+		out.write(parcel.marshall());
+		parcel.recycle();
+	}
+
+	@Override
+	protected void writeSeed() {
+		super.writeSeed();
+		if (Build.VERSION.SDK_INT >= 16 && Build.VERSION.SDK_INT <= 18)
+			applyOpenSslFix();
+	}
+
+	// Based on https://android-developers.googleblog.com/2013/08/some-securerandom-thoughts.html
+	private void applyOpenSslFix() {
+		byte[] seed = new LinuxSecureRandomSpi().engineGenerateSeed(
+				SEED_LENGTH);
+		try {
+			// Seed the OpenSSL PRNG
+			Class.forName("org.apache.harmony.xnet.provider.jsse.NativeCrypto")
+					.getMethod("RAND_seed", byte[].class)
+					.invoke(null, seed);
+			// Mix the output of the Linux PRNG into the OpenSSL PRNG
+			int bytesRead = (Integer) Class.forName(
+					"org.apache.harmony.xnet.provider.jsse.NativeCrypto")
+					.getMethod("RAND_load_file", String.class, long.class)
+					.invoke(null, "/dev/urandom", 1024);
+			if (bytesRead != 1024) throw new IOException();
+		} catch (Exception e) {
+			throw new SecurityException(e);
+		}
+	}
+}

bramble-android/src/main/java/org/briarproject/bramble/system/AndroidSeedProvider.java

@@ -1,42 +0,0 @@
-package org.briarproject.bramble.system;
-
-import android.app.Application;
-import android.content.ContentResolver;
-import android.content.Context;
-import android.os.Build;
-import android.provider.Settings;
-
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-
-import java.io.DataOutputStream;
-import java.io.IOException;
-
-import javax.annotation.concurrent.Immutable;
-import javax.inject.Inject;
-
-import static android.provider.Settings.Secure.ANDROID_ID;
-
-@Immutable
-@NotNullByDefault
-class AndroidSeedProvider extends LinuxSeedProvider {
-
-	private final Context appContext;
-
-	@Inject
-	AndroidSeedProvider(Application app) {
-		appContext = app.getApplicationContext();
-	}
-
-	@Override
-	void writeToEntropyPool(DataOutputStream out) throws IOException {
-		out.writeInt(android.os.Process.myPid());
-		out.writeInt(android.os.Process.myTid());
-		out.writeInt(android.os.Process.myUid());
-		if (Build.FINGERPRINT != null) out.writeUTF(Build.FINGERPRINT);
-		if (Build.SERIAL != null) out.writeUTF(Build.SERIAL);
-		ContentResolver contentResolver = appContext.getContentResolver();
-		String id = Settings.Secure.getString(contentResolver, ANDROID_ID);
-		if (id != null) out.writeUTF(id);
-		super.writeToEntropyPool(out);
-	}
-}

bramble-android/src/main/java/org/briarproject/bramble/system/AndroidSystemModule.java

@@ -4,7 +4,7 @@ import android.app.Application;
 
 import org.briarproject.bramble.api.system.AndroidExecutor;
 import org.briarproject.bramble.api.system.LocationUtils;
-import org.briarproject.bramble.api.system.SeedProvider;
+import org.briarproject.bramble.api.system.SecureRandomProvider;
 
 import javax.inject.Singleton;
 
@@ -16,8 +16,8 @@ public class AndroidSystemModule {
 
 	@Provides
 	@Singleton
-	SeedProvider provideSeedProvider(Application app) {
-		return new AndroidSeedProvider(app);
+	SecureRandomProvider provideSecureRandomProvider(Application app) {
+		return new AndroidSecureRandomProvider(app);
 	}
 
 	@Provides

bramble-api/src/main/java/org/briarproject/bramble/api/crypto/PasswordStrengthEstimator.java

@@ -6,9 +6,9 @@ import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 public interface PasswordStrengthEstimator {
 
 	float NONE = 0;
-	float WEAK = 0.4f;
-	float QUITE_WEAK = 0.6f;
-	float QUITE_STRONG = 0.8f;
+	float WEAK = 0.25f;
+	float QUITE_WEAK = 0.5f;
+	float QUITE_STRONG = 0.75f;
 	float STRONG = 1;
 
 	/**

bramble-api/src/main/java/org/briarproject/bramble/api/identity/Author.java

@@ -13,7 +13,9 @@ import javax.annotation.concurrent.Immutable;
 @NotNullByDefault
 public class Author {
 
-	public enum Status {ANONYMOUS, UNKNOWN, UNVERIFIED, VERIFIED, OURSELVES}
+	public enum Status {
+		NONE, ANONYMOUS, UNKNOWN, UNVERIFIED, VERIFIED, OURSELVES
+	}
 
 	private final AuthorId id;
 	private final String name;

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/BluetoothConstants.java

@@ -9,4 +9,5 @@ public interface BluetoothConstants {
 	String PROP_ADDRESS = "address";
 	String PROP_UUID = "uuid";
 
+	String PREF_BT_ENABLE = "enable";
 }

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/LanTcpConstants.java

@@ -4,4 +4,5 @@ public interface LanTcpConstants {
 
 	TransportId ID = new TransportId("org.briarproject.bramble.lan");
 
+	String PREF_LAN_IP_PORTS = "ipPorts";
 }

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/TorConstants.java

@@ -8,4 +8,12 @@ public interface TorConstants {
 	int CONTROL_PORT = 59051;
 
 	int CONNECT_TO_PROXY_TIMEOUT = 5000; // Milliseconds
+	int EXTRA_SOCKET_TIMEOUT = 30000; // Milliseconds
+
+	String PREF_TOR_NETWORK = "network";
+	String PREF_TOR_PORT = "port";
+
+	int PREF_TOR_NETWORK_NEVER = 0;
+	int PREF_TOR_NETWORK_WIFI = 1;
+	int PREF_TOR_NETWORK_ALWAYS = 2;
 }

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/duplex/AbstractBluetoothPlugin.java

@@ -0,0 +1,190 @@
+package org.briarproject.bramble.api.plugin.duplex;
+
+import org.briarproject.bramble.api.FormatException;
+import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.data.BdfList;
+import org.briarproject.bramble.api.plugin.Backoff;
+import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.plugin.duplex.DuplexPlugin;
+import org.briarproject.bramble.api.properties.TransportProperties;
+import org.briarproject.bramble.util.StringUtils;
+
+import static java.util.logging.Level.INFO;
+import static java.util.logging.Level.WARNING;
+import static org.briarproject.bramble.api.plugin.BluetoothConstants.ID;
+import static org.briarproject.bramble.api.plugin.BluetoothConstants.PROP_ADDRESS;
+import static org.briarproject.bramble.api.plugin.BluetoothConstants.PROP_UUID;
+import static org.briarproject.bramble.api.plugin.BluetoothConstants.UUID_BYTES;
+
+import java.io.IOException;
+import java.security.SecureRandom;
+import java.util.Collection;
+import java.util.Map;
+import java.util.UUID;
+import java.util.concurrent.Executor;
+import java.util.logging.Logger;
+
+import javax.annotation.Nullable;
+
+/**
+ * Created by Santiago Torres-Arias on 1/10/17.
+ */
+
+public abstract class AbstractBluetoothPlugin<C, S> implements DuplexPlugin {
+
+	private static final Logger LOG =
+			Logger.getLogger("Halp");
+
+	protected final Executor ioExecutor;
+	protected final SecureRandom secureRandom;
+	protected final Backoff backoff;
+	protected final int maxLatency;
+	protected final DuplexPluginCallback callback;
+	protected final S ss = null;
+
+	protected volatile boolean running = false;
+
+	protected Runnable pollRunnable = null;
+
+	public AbstractBluetoothPlugin(Executor ioExecutor,
+			SecureRandom secureRandom,
+			Backoff backoff, int maxLatency,
+			DuplexPluginCallback callback) {
+		this.ioExecutor = ioExecutor;
+		this.secureRandom = secureRandom;
+		this.backoff = backoff;
+		this.maxLatency = maxLatency;
+		this.callback = callback;
+	}
+
+	@Override
+	public boolean supportsInvitations() {
+		return true;
+	}
+
+	@Override
+	public boolean supportsKeyAgreement() {
+		return true;
+	}
+
+	@Override
+	public boolean isRunning() {
+		return running;
+	}
+
+	@Override
+	public boolean shouldPoll() {
+		return true;
+	}
+
+	@Override
+	public int getPollingInterval() {
+		return backoff.getPollingInterval();
+	}
+
+	protected String getUuid() {
+		String uuid = callback.getLocalProperties().get(PROP_UUID);
+		if (uuid == null) {
+			byte[] random = new byte[UUID_BYTES];
+			secureRandom.nextBytes(random);
+			uuid = UUID.nameUUIDFromBytes(random).toString();
+			TransportProperties p = new TransportProperties();
+			p.put(PROP_UUID, uuid);
+			callback.mergeLocalProperties(p);
+		}
+		return uuid;
+	}
+
+	@Override
+	public TransportId getId() {
+		return ID;
+	}
+
+	@Override
+	public int getMaxLatency() {
+		return maxLatency;
+	}
+
+	@Override
+	public int getMaxIdleTime() {
+		// Bluetooth detects dead connections so we don't need keepalives
+		return Integer.MAX_VALUE;
+	}
+
+	protected String parseAddress(BdfList descriptor) throws FormatException {
+		byte[] mac = descriptor.getRaw(1);
+		if (mac.length != 6) throw new FormatException();
+		return StringUtils.macToString(mac);
+	}
+
+	protected void tryToClose(@Nullable S ss) {
+		try {
+			if (ss != null) close(ss);
+		} catch (IOException e) {
+			if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
+		} finally {
+			callback.transportDisabled();
+		}
+	}
+
+	protected abstract void close(S ss) throws IOException;
+
+	public void stop() {
+		running = false;
+		tryToClose(ss);
+	}
+
+	@Override
+	public void poll(final Collection<ContactId> connected) {
+		if (!running) return;
+		backoff.increment();
+		// Try to connect to known devices in parallel
+		Map<ContactId, TransportProperties> remote =
+				callback.getRemoteProperties();
+		for (Map.Entry<ContactId, TransportProperties> e : remote.entrySet()) {
+			final ContactId c = e.getKey();
+			if (connected.contains(c)) continue;
+			final String address = e.getValue().get(PROP_ADDRESS);
+			if (StringUtils.isNullOrEmpty(address)) continue;
+			final String uuid = e.getValue().get(PROP_UUID);
+			if (StringUtils.isNullOrEmpty(uuid)) continue;
+			ioExecutor.execute(returnPollRunnable(address,uuid, c));
+		}
+	}
+
+	protected abstract Runnable returnPollRunnable(String address, String uuid,
+			ContactId c);
+
+	@Override
+	public DuplexTransportConnection createConnection(ContactId c) {
+		if (!isRunning()) return null;
+		TransportProperties p = callback.getRemoteProperties().get(c);
+		if (p == null) return null;
+		String address = p.get(PROP_ADDRESS);
+		if (StringUtils.isNullOrEmpty(address)) return null;
+		String uuid = p.get(PROP_UUID);
+		if (StringUtils.isNullOrEmpty(uuid)) return null;
+		return connectToAddress(address, uuid);
+	}
+
+	protected abstract DuplexTransportConnection connectToAddress(String address, String uuid);
+
+	@Override
+	public DuplexTransportConnection createKeyAgreementConnection(
+			byte[] commitment, BdfList descriptor, long timeout) {
+		if (!isRunning()) return null;
+		String address;
+		try {
+			address = parseAddress(descriptor);
+		} catch (FormatException e) {
+			LOG.info("Invalid address in key agreement descriptor");
+			return null;
+		}
+		// No truncation necessary because COMMIT_LENGTH = 16
+		String uuid = UUID.nameUUIDFromBytes(commitment).toString();
+		if (LOG.isLoggable(INFO))
+			LOG.info("Connecting to key agreement UUID " + uuid);
+		return connectToAddress(address, uuid);
+	}
+
+}

bramble-api/src/main/java/org/briarproject/bramble/api/sync/Ack.java

@@ -3,7 +3,7 @@ package org.briarproject.bramble.api.sync;
 import java.util.Collection;
 
 /**
- * A packet acknowledging receipt of one or more {@link Message Messages}.
+ * A record acknowledging receipt of one or more {@link Message Messages}.
  */
 public class Ack {
 

bramble-api/src/main/java/org/briarproject/bramble/api/sync/Group.java

@@ -1,5 +1,7 @@
 package org.briarproject.bramble.api.sync;
 
+import static org.briarproject.bramble.api.sync.SyncConstants.MAX_GROUP_DESCRIPTOR_LENGTH;
+
 public class Group {
 
 	public enum Visibility {
@@ -13,6 +15,8 @@ public class Group {
 	private final byte[] descriptor;
 
 	public Group(GroupId id, ClientId clientId, byte[] descriptor) {
+		if (descriptor.length > MAX_GROUP_DESCRIPTOR_LENGTH)
+			throw new IllegalArgumentException();
 		this.id = id;
 		this.clientId = clientId;
 		this.descriptor = descriptor;

bramble-api/src/main/java/org/briarproject/bramble/api/sync/Offer.java

@@ -3,7 +3,7 @@ package org.briarproject.bramble.api.sync;
 import java.util.Collection;
 
 /**
- * A packet offering the recipient one or more {@link Message Messages}.
+ * A record offering the recipient one or more {@link Message Messages}.
  */
 public class Offer {
 

bramble-api/src/main/java/org/briarproject/bramble/api/sync/RecordReader.java

@@ -5,7 +5,7 @@ import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import java.io.IOException;
 
 @NotNullByDefault
-public interface PacketReader {
+public interface RecordReader {
 
 	boolean eof() throws IOException;
 
@@ -24,4 +24,5 @@ public interface PacketReader {
 	boolean hasRequest() throws IOException;
 
 	Request readRequest() throws IOException;
+
 }

bramble-api/src/main/java/org/briarproject/bramble/api/sync/RecordReaderFactory.java

@@ -5,7 +5,7 @@ import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import java.io.InputStream;
 
 @NotNullByDefault
-public interface PacketReaderFactory {
+public interface RecordReaderFactory {
 
-	PacketReader createPacketReader(InputStream in);
+	RecordReader createRecordReader(InputStream in);
 }

bramble-api/src/main/java/org/briarproject/bramble/api/sync/RecordTypes.java

@@ -1,12 +1,13 @@
 package org.briarproject.bramble.api.sync;
 
 /**
- * Packet types for the sync protocol.
+ * Record types for the sync protocol.
  */
-public interface PacketTypes {
+public interface RecordTypes {
 
 	byte ACK = 0;
 	byte MESSAGE = 1;
 	byte OFFER = 2;
 	byte REQUEST = 3;
+
 }

bramble-api/src/main/java/org/briarproject/bramble/api/sync/RecordWriter.java

@@ -5,7 +5,7 @@ import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import java.io.IOException;
 
 @NotNullByDefault
-public interface PacketWriter {
+public interface RecordWriter {
 
 	void writeAck(Ack a) throws IOException;
 

bramble-api/src/main/java/org/briarproject/bramble/api/sync/RecordWriterFactory.java

@@ -5,7 +5,7 @@ import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import java.io.OutputStream;
 
 @NotNullByDefault
-public interface PacketWriterFactory {
+public interface RecordWriterFactory {
 
-	PacketWriter createPacketWriter(OutputStream out);
+	RecordWriter createRecordWriter(OutputStream out);
 }

bramble-api/src/main/java/org/briarproject/bramble/api/sync/Request.java

@@ -3,7 +3,7 @@ package org.briarproject.bramble.api.sync;
 import java.util.Collection;
 
 /**
- * A packet requesting one or more {@link Message Messages} from the recipient.
+ * A record requesting one or more {@link Message Messages} from the recipient.
  */
 public class Request {
 

bramble-api/src/main/java/org/briarproject/bramble/api/sync/SyncConstants.java

@@ -10,19 +10,17 @@ public interface SyncConstants {
 	byte PROTOCOL_VERSION = 0;
 
 	/**
-	 * The length of the packet header in bytes.
+	 * The length of the record header in bytes.
 	 */
-	int PACKET_HEADER_LENGTH = 4;
+	int RECORD_HEADER_LENGTH = 4;
 
 	/**
-	 * The maximum length of the packet payload in bytes.
+	 * The maximum length of the record payload in bytes.
 	 */
-	int MAX_PACKET_PAYLOAD_LENGTH = 32 * 1024; // 32 KiB
+	int MAX_RECORD_PAYLOAD_LENGTH = 48 * 1024; // 48 KiB
 
-	/**
-	 * The maximum length of a message in bytes.
-	 */
-	int MAX_MESSAGE_LENGTH = MAX_PACKET_PAYLOAD_LENGTH - PACKET_HEADER_LENGTH;
+	/** The maximum length of a group descriptor in bytes. */
+	int MAX_GROUP_DESCRIPTOR_LENGTH = 16 * 1024; // 16 KiB
 
 	/**
 	 * The length of the message header in bytes.
@@ -32,10 +30,15 @@ public interface SyncConstants {
 	/**
 	 * The maximum length of a message body in bytes.
 	 */
-	int MAX_MESSAGE_BODY_LENGTH = MAX_MESSAGE_LENGTH - MESSAGE_HEADER_LENGTH;
+	int MAX_MESSAGE_BODY_LENGTH = 32 * 1024; // 32 KiB
 
 	/**
-	 * The maximum number of message IDs in an ack, offer or request packet.
+	 * The maximum length of a message in bytes.
 	 */
-	int MAX_MESSAGE_IDS = MAX_PACKET_PAYLOAD_LENGTH / UniqueId.LENGTH;
+	int MAX_MESSAGE_LENGTH = MESSAGE_HEADER_LENGTH + MAX_MESSAGE_BODY_LENGTH;
+
+	/**
+	 * The maximum number of message IDs in an ack, offer or request record.
+	 */
+	int MAX_MESSAGE_IDS = MAX_RECORD_PAYLOAD_LENGTH / UniqueId.LENGTH;
 }

bramble-api/src/main/java/org/briarproject/bramble/api/sync/SyncSession.java

@@ -5,7 +5,7 @@ import java.io.IOException;
 public interface SyncSession {
 
 	/**
-	 * Runs the session. This method returns when there are no more packets to
+	 * Runs the session. This method returns when there are no more records to
 	 * send or receive, or when the {@link #interrupt()} method has been called.
 	 */
 	void run() throws IOException;

bramble-api/src/main/java/org/briarproject/bramble/api/system/SecureRandomProvider.java

@@ -0,0 +1,23 @@
+package org.briarproject.bramble.api.system;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+import java.security.Provider;
+import java.security.SecureRandom;
+
+import javax.annotation.Nullable;
+
+/**
+ * Wrapper for a platform-specific secure random number generator.
+ */
+@NotNullByDefault
+public interface SecureRandomProvider {
+
+	/**
+	 * Returns a {@link Provider} that provides a strong {@link SecureRandom}
+	 * implementation, or null if the platform's default implementation should
+	 * be used.
+	 */
+	@Nullable
+	Provider getProvider();
+}

bramble-api/src/main/java/org/briarproject/bramble/api/system/SeedProvider.java

@@ -1,18 +0,0 @@
-package org.briarproject.bramble.api.system;
-
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-
-/**
- * Uses a platform-specific source to provide a seed for a pseudo-random
- * number generator.
- */
-@NotNullByDefault
-public interface SeedProvider {
-
-	/**
-	 * The length of the seed in bytes.
-	 */
-	int SEED_BYTES = 32;
-
-	byte[] getSeed();
-}

bramble-core/src/main/java/org/briarproject/bramble/PoliteExecutor.java

@@ -0,0 +1,84 @@
+package org.briarproject.bramble;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+import java.util.LinkedList;
+import java.util.Queue;
+import java.util.concurrent.Executor;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import javax.annotation.concurrent.GuardedBy;
+
+import static java.util.logging.Level.FINE;
+
+/**
+ * An {@link Executor} that delegates its tasks to another {@link Executor}
+ * while limiting the number of tasks that are delegated concurrently. Tasks
+ * are delegated in the order they are submitted to this executor.
+ */
+@NotNullByDefault
+public class PoliteExecutor implements Executor {
+
+	private static final Level LOG_LEVEL = FINE;
+
+	private final Object lock = new Object();
+	@GuardedBy("lock")
+	private final Queue<Runnable> queue = new LinkedList<Runnable>();
+	private final Executor delegate;
+	private final int maxConcurrentTasks;
+	private final Logger log;
+
+	@GuardedBy("lock")
+	private int concurrentTasks = 0;
+
+	/**
+	 * @param tag the tag to be used for logging
+	 * @param delegate the executor to which tasks will be delegated
+	 * @param maxConcurrentTasks the maximum number of tasks that will be
+	 * delegated concurrently. If this is set to 1, tasks submitted to this
+	 * executor will run in the order they are submitted and will not run
+	 * concurrently
+	 */
+	public PoliteExecutor(String tag, Executor delegate,
+			int maxConcurrentTasks) {
+		this.delegate = delegate;
+		this.maxConcurrentTasks = maxConcurrentTasks;
+		log = Logger.getLogger(tag);
+	}
+
+	@Override
+	public void execute(final Runnable r) {
+		final long submitted = System.currentTimeMillis();
+		Runnable wrapped = new Runnable() {
+			@Override
+			public void run() {
+				if (log.isLoggable(LOG_LEVEL)) {
+					long queued = System.currentTimeMillis() - submitted;
+					log.log(LOG_LEVEL, "Queue time " + queued + " ms");
+				}
+				try {
+					r.run();
+				} finally {
+					scheduleNext();
+				}
+			}
+		};
+		synchronized (lock) {
+			if (concurrentTasks < maxConcurrentTasks) {
+				concurrentTasks++;
+				delegate.execute(wrapped);
+			} else {
+				queue.add(wrapped);
+			}
+		}
+	}
+
+	private void scheduleNext() {
+		synchronized (lock) {
+			Runnable next = queue.poll();
+			if (next == null) concurrentTasks--;
+			else delegate.execute(next);
+		}
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/TimeLoggingExecutor.java

@@ -0,0 +1,49 @@
+package org.briarproject.bramble;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+import java.util.concurrent.BlockingQueue;
+import java.util.concurrent.RejectedExecutionHandler;
+import java.util.concurrent.ThreadPoolExecutor;
+import java.util.concurrent.TimeUnit;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import static java.util.logging.Level.FINE;
+
+@NotNullByDefault
+public class TimeLoggingExecutor extends ThreadPoolExecutor {
+
+	private static final Level LOG_LEVEL = FINE;
+
+	private final Logger log;
+
+	public TimeLoggingExecutor(String tag, int corePoolSize, int maxPoolSize,
+			long keepAliveTime, TimeUnit unit,
+			BlockingQueue<Runnable> workQueue,
+			RejectedExecutionHandler handler) {
+		super(corePoolSize, maxPoolSize, keepAliveTime, unit, workQueue,
+				handler);
+		log = Logger.getLogger(tag);
+	}
+
+	@Override
+	public void execute(final Runnable r) {
+		if (log.isLoggable(LOG_LEVEL)) {
+			final long submitted = System.currentTimeMillis();
+			super.execute(new Runnable() {
+				@Override
+				public void run() {
+					long started = System.currentTimeMillis();
+					long queued = started - submitted;
+					log.log(LOG_LEVEL, "Queue time " + queued + " ms");
+					r.run();
+					long executing = System.currentTimeMillis() - started;
+					log.log(LOG_LEVEL, "Execution time " + executing + " ms");
+				}
+			});
+		} else {
+			super.execute(r);
+		}
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/crypto/CombinedSecureRandom.java

@@ -1,62 +0,0 @@
-package org.briarproject.bramble.crypto;
-
-import java.security.Provider;
-import java.security.SecureRandom;
-import java.security.SecureRandomSpi;
-
-/**
- * A {@link SecureRandom} implementation that combines the outputs of two or
- * more other implementations using XOR.
- */
-class CombinedSecureRandom extends SecureRandom {
-
-	private static final Provider PROVIDER = new CombinedProvider();
-
-	CombinedSecureRandom(SecureRandom... randoms) {
-		super(new CombinedSecureRandomSpi(randoms), PROVIDER);
-	}
-
-	private static class CombinedSecureRandomSpi extends SecureRandomSpi {
-
-		private final SecureRandom[] randoms;
-
-		private CombinedSecureRandomSpi(SecureRandom... randoms) {
-			if (randoms.length < 2) throw new IllegalArgumentException();
-			this.randoms = randoms;
-		}
-
-		@Override
-		protected byte[] engineGenerateSeed(int numBytes) {
-			byte[] combined = new byte[numBytes];
-			for (SecureRandom random : randoms) {
-				byte[] b = random.generateSeed(numBytes);
-				int length = Math.min(numBytes, b.length);
-				for (int i = 0; i < length; i++)
-					combined[i] = (byte) (combined[i] ^ b[i]);
-			}
-			return combined;
-		}
-
-		@Override
-		protected void engineNextBytes(byte[] b) {
-			byte[] temp = new byte[b.length];
-			for (SecureRandom random : randoms) {
-				random.nextBytes(temp);
-				for (int i = 0; i < b.length; i++)
-					b[i] = (byte) (b[i] ^ temp[i]);
-			}
-		}
-
-		@Override
-		protected void engineSetSeed(byte[] seed) {
-			for (SecureRandom random : randoms) random.setSeed(seed);
-		}
-	}
-
-	private static class CombinedProvider extends Provider {
-
-		private CombinedProvider() {
-			super("Combined", 1.0, "");
-		}
-	}
-}

bramble-core/src/main/java/org/briarproject/bramble/crypto/CryptoComponentImpl.java

@@ -8,7 +8,7 @@ import org.briarproject.bramble.api.crypto.PseudoRandom;
 import org.briarproject.bramble.api.crypto.PublicKey;
 import org.briarproject.bramble.api.crypto.SecretKey;
 import org.briarproject.bramble.api.plugin.TransportId;
-import org.briarproject.bramble.api.system.SeedProvider;
+import org.briarproject.bramble.api.system.SecureRandomProvider;
 import org.briarproject.bramble.api.transport.IncomingKeys;
 import org.briarproject.bramble.api.transport.OutgoingKeys;
 import org.briarproject.bramble.api.transport.TransportKeys;
@@ -29,7 +29,10 @@ import org.spongycastle.crypto.params.KeyParameter;
 
 import java.nio.charset.Charset;
 import java.security.GeneralSecurityException;
+import java.security.NoSuchAlgorithmException;
+import java.security.Provider;
 import java.security.SecureRandom;
+import java.security.Security;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
@@ -101,16 +104,26 @@ class CryptoComponentImpl implements CryptoComponent {
 	private final MessageEncrypter messageEncrypter;
 
 	@Inject
-	CryptoComponentImpl(SeedProvider seedProvider) {
-		if (!FortunaSecureRandom.selfTest()) throw new RuntimeException();
-		SecureRandom platformSecureRandom = new SecureRandom();
+	CryptoComponentImpl(SecureRandomProvider secureRandomProvider) {
 		if (LOG.isLoggable(INFO)) {
-			String provider = platformSecureRandom.getProvider().getName();
-			String algorithm = platformSecureRandom.getAlgorithm();
-			LOG.info("Default SecureRandom: " + provider + " " + algorithm);
+			SecureRandom defaultSecureRandom = new SecureRandom();
+			String name = defaultSecureRandom.getProvider().getName();
+			String algorithm = defaultSecureRandom.getAlgorithm();
+			LOG.info("Default SecureRandom: " + name + " " + algorithm);
 		}
-		SecureRandom fortuna = new FortunaSecureRandom(seedProvider.getSeed());
-		secureRandom = new CombinedSecureRandom(platformSecureRandom, fortuna);
+		Provider provider = secureRandomProvider.getProvider();
+		if (provider == null) {
+			LOG.info("Using default");
+		} else {
+			installSecureRandomProvider(provider);
+			if (LOG.isLoggable(INFO)) {
+				SecureRandom installedSecureRandom = new SecureRandom();
+				String name = installedSecureRandom.getProvider().getName();
+				String algorithm = installedSecureRandom.getAlgorithm();
+				LOG.info("Installed SecureRandom: " + name + " " + algorithm);
+			}
+		}
+		secureRandom = new SecureRandom();
 		ECKeyGenerationParameters params = new ECKeyGenerationParameters(
 				PARAMETERS, secureRandom);
 		agreementKeyPairGenerator = new ECKeyPairGenerator();
@@ -124,6 +137,31 @@ class CryptoComponentImpl implements CryptoComponent {
 		messageEncrypter = new MessageEncrypter(secureRandom);
 	}
 
+	// Based on https://android-developers.googleblog.com/2013/08/some-securerandom-thoughts.html
+	private void installSecureRandomProvider(Provider provider) {
+		Provider[] providers = Security.getProviders("SecureRandom.SHA1PRNG");
+		if (providers == null || providers.length == 0
+				|| !provider.getClass().equals(providers[0].getClass())) {
+			Security.insertProviderAt(provider, 1);
+		}
+		// Check the new provider is the default when no algorithm is specified
+		SecureRandom random = new SecureRandom();
+		if (!provider.getClass().equals(random.getProvider().getClass())) {
+			throw new SecurityException("Wrong SecureRandom provider: "
+					+ random.getProvider().getClass());
+		}
+		// Check the new provider is the default when SHA1PRNG is specified
+		try {
+			random = SecureRandom.getInstance("SHA1PRNG");
+		} catch (NoSuchAlgorithmException e) {
+			throw new SecurityException(e);
+		}
+		if (!provider.getClass().equals(random.getProvider().getClass())) {
+			throw new SecurityException("Wrong SHA1PRNG provider: "
+					+ random.getProvider().getClass());
+		}
+	}
+
 	@Override
 	public SecretKey generateSecretKey() {
 		byte[] b = new byte[SecretKey.LENGTH];
@@ -133,7 +171,10 @@ class CryptoComponentImpl implements CryptoComponent {
 
 	@Override
 	public PseudoRandom getPseudoRandom(int seed1, int seed2) {
-		return new PseudoRandomImpl(seed1, seed2);
+		byte[] seed = new byte[INT_32_BYTES * 2];
+		ByteUtils.writeUint32(seed1, seed, 0);
+		ByteUtils.writeUint32(seed2, seed, INT_32_BYTES);
+		return new PseudoRandomImpl(seed);
 	}
 
 	@Override
@@ -296,7 +337,7 @@ class CryptoComponentImpl implements CryptoComponent {
 	public SecretKey deriveMasterSecret(byte[] theirPublicKey,
 			KeyPair ourKeyPair, boolean alice) throws GeneralSecurityException {
 		return deriveMasterSecret(deriveSharedSecret(
-				theirPublicKey,ourKeyPair, alice));
+				theirPublicKey, ourKeyPair, alice));
 	}
 
 	@Override
@@ -607,7 +648,7 @@ class CryptoComponentImpl implements CryptoComponent {
 	}
 
 	private long sampleRunningTime(int iterations) {
-		byte[] password = { 'p', 'a', 's', 's', 'w', 'o', 'r', 'd' };
+		byte[] password = {'p', 'a', 's', 's', 'w', 'o', 'r', 'd'};
 		byte[] salt = new byte[PBKDF_SALT_BYTES];
 		int keyLengthInBits = SecretKey.LENGTH * 8;
 		long start = System.nanoTime();

bramble-core/src/main/java/org/briarproject/bramble/crypto/CryptoModule.java

@@ -1,12 +1,13 @@
 package org.briarproject.bramble.crypto;
 
+import org.briarproject.bramble.TimeLoggingExecutor;
 import org.briarproject.bramble.api.crypto.CryptoComponent;
 import org.briarproject.bramble.api.crypto.CryptoExecutor;
 import org.briarproject.bramble.api.crypto.PasswordStrengthEstimator;
 import org.briarproject.bramble.api.crypto.StreamDecrypterFactory;
 import org.briarproject.bramble.api.crypto.StreamEncrypterFactory;
 import org.briarproject.bramble.api.lifecycle.LifecycleManager;
-import org.briarproject.bramble.api.system.SeedProvider;
+import org.briarproject.bramble.api.system.SecureRandomProvider;
 
 import java.security.SecureRandom;
 import java.util.concurrent.BlockingQueue;
@@ -31,14 +32,17 @@ public class CryptoModule {
 	public static class EagerSingletons {
 		@Inject
 		@CryptoExecutor
-		Executor cryptoExecutor;
+		ExecutorService cryptoExecutor;
 	}
 
 	/**
 	 * The maximum number of executor threads.
+	 * <p>
+	 * The number of available processors can change during the lifetime of the
+	 * JVM, so this is just a reasonable guess.
 	 */
 	private static final int MAX_EXECUTOR_THREADS =
-			Runtime.getRuntime().availableProcessors();
+			Math.max(1, Runtime.getRuntime().availableProcessors() - 1);
 
 	private final ExecutorService cryptoExecutor;
 
@@ -49,8 +53,8 @@ public class CryptoModule {
 		RejectedExecutionHandler policy =
 				new ThreadPoolExecutor.DiscardPolicy();
 		// Create a limited # of threads and keep them in the pool for 60 secs
-		cryptoExecutor = new ThreadPoolExecutor(0, MAX_EXECUTOR_THREADS,
-				60, SECONDS, queue, policy);
+		cryptoExecutor = new TimeLoggingExecutor("CryptoExecutor", 0,
+				MAX_EXECUTOR_THREADS, 60, SECONDS, queue, policy);
 	}
 
 	@Provides
@@ -60,8 +64,9 @@ public class CryptoModule {
 
 	@Provides
 	@Singleton
-	CryptoComponent provideCryptoComponent(SeedProvider seedProvider) {
-		return new CryptoComponentImpl(seedProvider);
+	CryptoComponent provideCryptoComponent(
+			SecureRandomProvider secureRandomProvider) {
+		return new CryptoComponentImpl(secureRandomProvider);
 	}
 
 	@Provides
@@ -84,11 +89,18 @@ public class CryptoModule {
 	@Provides
 	@Singleton
 	@CryptoExecutor
-	Executor getCryptoExecutor(LifecycleManager lifecycleManager) {
+	ExecutorService getCryptoExecutorService(
+			LifecycleManager lifecycleManager) {
 		lifecycleManager.registerForShutdown(cryptoExecutor);
 		return cryptoExecutor;
 	}
 
+	@Provides
+	@CryptoExecutor
+	Executor getCryptoExecutor() {
+		return cryptoExecutor;
+	}
+
 	@Provides
 	SecureRandom getSecureRandom(CryptoComponent crypto) {
 		return crypto.getSecureRandom();

bramble-core/src/main/java/org/briarproject/bramble/crypto/DoubleDigest.java

@@ -1,76 +0,0 @@
-package org.briarproject.bramble.crypto;
-
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.spongycastle.crypto.Digest;
-
-import javax.annotation.concurrent.NotThreadSafe;
-
-/**
- * A message digest that prevents length extension attacks - see Ferguson and
- * Schneier, <i>Practical Cryptography</i>, chapter 6.
- * <p>
- * "Let h be an interative hash function. The hash function h<sub>d</sub> is
- * defined by h<sub>d</sub> := h(h(m)), and has a claimed security level of
- * min(k, n/2) where k is the security level of h and n is the size of the hash
- * result."
- */
-@NotThreadSafe
-@NotNullByDefault
-class DoubleDigest implements Digest {
-
-	private final Digest delegate;
-
-	DoubleDigest(Digest delegate) {
-		this.delegate = delegate;
-	}
-
-	private byte[] digest() {
-		byte[] digest = new byte[delegate.getDigestSize()];
-		delegate.doFinal(digest, 0); // h(m)
-		delegate.update(digest, 0, digest.length);
-		delegate.doFinal(digest, 0); // h(h(m))
-		return digest;
-	}
-
-	public int digest(byte[] buf, int offset, int len) {
-		byte[] digest = digest();
-		len = Math.min(len, digest.length);
-		System.arraycopy(digest, 0, buf, offset, len);
-		return len;
-	}
-
-	@Override
-	public int getDigestSize() {
-		return delegate.getDigestSize();
-	}
-
-	@Override
-	public String getAlgorithmName() {
-		return "Double " + delegate.getAlgorithmName();
-	}
-
-	@Override
-	public void reset() {
-		delegate.reset();
-	}
-
-	@Override
-	public void update(byte input) {
-		delegate.update(input);
-	}
-
-	public void update(byte[] input) {
-		delegate.update(input, 0, input.length);
-	}
-
-	@Override
-	public void update(byte[] input, int offset, int len) {
-		delegate.update(input, offset, len);
-	}
-
-	@Override
-	public int doFinal(byte[] out, int outOff) {
-		return digest(out, outOff, delegate.getDigestSize());
-	}
-
-}

bramble-core/src/main/java/org/briarproject/bramble/crypto/FortunaGenerator.java

@@ -1,114 +0,0 @@
-package org.briarproject.bramble.crypto;
-
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.spongycastle.crypto.BlockCipher;
-import org.spongycastle.crypto.digests.SHA256Digest;
-import org.spongycastle.crypto.engines.AESLightEngine;
-import org.spongycastle.crypto.params.KeyParameter;
-
-import java.util.concurrent.locks.Lock;
-import java.util.concurrent.locks.ReentrantLock;
-
-import javax.annotation.concurrent.ThreadSafe;
-
-/**
- * Implements the Fortuna pseudo-random number generator, as described in
- * Ferguson and Schneier, <i>Practical Cryptography</i>, chapter 9.
- */
-@ThreadSafe
-@NotNullByDefault
-class FortunaGenerator {
-
-	private static final int MAX_BYTES_PER_REQUEST = 1024 * 1024;
-	private static final int KEY_BYTES = 32;
-	private static final int BLOCK_BYTES = 16;
-
-	private final Lock lock = new ReentrantLock();
-
-	// The following are locking: lock
-	private final DoubleDigest digest = new DoubleDigest(new SHA256Digest());
-	private final BlockCipher cipher = new AESLightEngine();
-	private final byte[] key = new byte[KEY_BYTES];
-	private final byte[] counter = new byte[BLOCK_BYTES];
-	private final byte[] buffer = new byte[BLOCK_BYTES];
-	private final byte[] newKey = new byte[KEY_BYTES];
-
-	FortunaGenerator(byte[] seed) {
-		reseed(seed);
-	}
-
-	void reseed(byte[] seed) {
-		lock.lock();
-		try {
-			digest.update(key);
-			digest.update(seed);
-			digest.digest(key, 0, KEY_BYTES);
-			incrementCounter();
-		} finally {
-			lock.unlock();
-		}
-
-	}
-
-	// Package access for testing
-	void incrementCounter() {
-		lock.lock();
-		try {
-			counter[0]++;
-			for (int i = 0; counter[i] == 0; i++) {
-				if (i + 1 == BLOCK_BYTES)
-					throw new RuntimeException("Counter exhausted");
-				counter[i + 1]++;
-			}
-		} finally {
-			lock.unlock();
-		}
-	}
-
-	// Package access for testing
-	byte[] getCounter() {
-		lock.lock();
-		try {
-			return counter;
-		} finally {
-			lock.unlock();
-		}
-
-	}
-
-	int nextBytes(byte[] dest, int off, int len) {
-		lock.lock();
-		try {
-			// Don't write more than the maximum number of bytes in one request
-			if (len > MAX_BYTES_PER_REQUEST) len = MAX_BYTES_PER_REQUEST;
-			cipher.init(true, new KeyParameter(key));
-			// Generate full blocks directly into the output buffer
-			int fullBlocks = len / BLOCK_BYTES;
-			for (int i = 0; i < fullBlocks; i++) {
-				cipher.processBlock(counter, 0, dest, off + i * BLOCK_BYTES);
-				incrementCounter();
-			}
-			// Generate a partial block if needed
-			int done = fullBlocks * BLOCK_BYTES, remaining = len - done;
-			if (remaining >= BLOCK_BYTES) throw new AssertionError();
-			if (remaining > 0) {
-				cipher.processBlock(counter, 0, buffer, 0);
-				incrementCounter();
-				// Copy the partial block to the output buffer and erase our copy
-				System.arraycopy(buffer, 0, dest, off + done, remaining);
-				for (int i = 0; i < BLOCK_BYTES; i++) buffer[i] = 0;
-			}
-			// Generate a new key
-			for (int i = 0; i < KEY_BYTES / BLOCK_BYTES; i++) {
-				cipher.processBlock(counter, 0, newKey, i * BLOCK_BYTES);
-				incrementCounter();
-			}
-			System.arraycopy(newKey, 0, key, 0, KEY_BYTES);
-			for (int i = 0; i < KEY_BYTES; i++) newKey[i] = 0;
-			// Return the number of bytes written
-			return len;
-		} finally {
-			lock.unlock();
-		}
-	}
-}

bramble-core/src/main/java/org/briarproject/bramble/crypto/FortunaSecureRandom.java

@@ -1,81 +0,0 @@
-package org.briarproject.bramble.crypto;
-
-import org.briarproject.bramble.util.StringUtils;
-
-import java.security.Provider;
-import java.security.SecureRandom;
-import java.security.SecureRandomSpi;
-import java.util.Arrays;
-
-/**
- * A {@link java.security.SecureRandom SecureRandom} implementation based on a
- * {@link FortunaGenerator}.
- */
-class FortunaSecureRandom extends SecureRandom {
-
-	// Package access for testing
-	static final byte[] SELF_TEST_VECTOR_1 =
-			StringUtils.fromHexString("4BD6EA599D47E3EE9DD911833C29CA22");
-	static final byte[] SELF_TEST_VECTOR_2 =
-			StringUtils.fromHexString("10984D576E6850E505CA9F42A9BFD88A");
-	static final byte[] SELF_TEST_VECTOR_3 =
-			StringUtils.fromHexString("1E12DA166BD86DCECDE50A8296018DE2");
-
-	private static final Provider PROVIDER = new FortunaProvider();
-
-	FortunaSecureRandom(byte[] seed) {
-		super(new FortunaSecureRandomSpi(seed), PROVIDER);
-	}
-
-	/**
-	 * Tests that the {@link #nextBytes(byte[])} and {@link #setSeed(byte[])}
-	 * methods are passed through to the generator in the expected way.
-	 */
-	static boolean selfTest() {
-		byte[] seed = new byte[32];
-		SecureRandom r = new FortunaSecureRandom(seed);
-		byte[] output = new byte[16];
-		r.nextBytes(output);
-		if (!Arrays.equals(SELF_TEST_VECTOR_1, output)) return false;
-		r.nextBytes(output);
-		if (!Arrays.equals(SELF_TEST_VECTOR_2, output)) return false;
-		r.setSeed(seed);
-		r.nextBytes(output);
-		return Arrays.equals(SELF_TEST_VECTOR_3, output);
-	}
-
-	private static class FortunaSecureRandomSpi extends SecureRandomSpi {
-
-		private final FortunaGenerator generator;
-
-		private FortunaSecureRandomSpi(byte[] seed) {
-			generator = new FortunaGenerator(seed);
-		}
-
-		@Override
-		protected byte[] engineGenerateSeed(int numBytes) {
-			byte[] b = new byte[numBytes];
-			engineNextBytes(b);
-			return b;
-		}
-
-		@Override
-		protected void engineNextBytes(byte[] b) {
-			int offset = 0;
-			while (offset < b.length)
-				offset += generator.nextBytes(b, offset, b.length - offset);
-		}
-
-		@Override
-		protected void engineSetSeed(byte[] seed) {
-			generator.reseed(seed);
-		}
-	}
-
-	private static class FortunaProvider extends Provider {
-
-		private FortunaProvider() {
-			super("Fortuna", 1.0, "");
-		}
-	}
-}

bramble-core/src/main/java/org/briarproject/bramble/crypto/PasswordStrengthEstimatorImpl.java

@@ -11,31 +11,14 @@ import javax.annotation.concurrent.Immutable;
 @NotNullByDefault
 class PasswordStrengthEstimatorImpl implements PasswordStrengthEstimator {
 
-	private static final int LOWER = 26;
-	private static final int UPPER = 26;
-	private static final int DIGIT = 10;
-	private static final int OTHER = 10;
-	private static final double STRONG = Math.log(Math.pow(LOWER + UPPER +
-			DIGIT + OTHER, 10));
+	// The minimum number of unique characters in a strong password
+	private static final int STRONG_UNIQUE_CHARS = 12;
 
 	@Override
 	public float estimateStrength(String password) {
 		HashSet<Character> unique = new HashSet<Character>();
 		int length = password.length();
 		for (int i = 0; i < length; i++) unique.add(password.charAt(i));
-		boolean lower = false, upper = false, digit = false, other = false;
-		for (char c : unique) {
-			if (Character.isLowerCase(c)) lower = true;
-			else if (Character.isUpperCase(c)) upper = true;
-			else if (Character.isDigit(c)) digit = true;
-			else other = true;
-		}
-		int alphabetSize = 0;
-		if (lower) alphabetSize += LOWER;
-		if (upper) alphabetSize += UPPER;
-		if (digit) alphabetSize += DIGIT;
-		if (other) alphabetSize += OTHER;
-		double score = Math.log(Math.pow(alphabetSize, unique.size()));
-		return Math.min(1, (float) (score / STRONG));
+		return Math.min(1, (float) unique.size() / STRONG_UNIQUE_CHARS);
 	}
 }

bramble-core/src/main/java/org/briarproject/bramble/crypto/PseudoRandomImpl.java

@@ -2,30 +2,34 @@ package org.briarproject.bramble.crypto;
 
 import org.briarproject.bramble.api.crypto.PseudoRandom;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.briarproject.bramble.util.ByteUtils;
+import org.spongycastle.crypto.Digest;
+import org.spongycastle.crypto.engines.Salsa20Engine;
+import org.spongycastle.crypto.params.KeyParameter;
+import org.spongycastle.crypto.params.ParametersWithIV;
 
 import javax.annotation.concurrent.NotThreadSafe;
 
-import static org.briarproject.bramble.util.ByteUtils.INT_32_BYTES;
-
 @NotThreadSafe
 @NotNullByDefault
 class PseudoRandomImpl implements PseudoRandom {
 
-	private final FortunaGenerator generator;
+	private final Salsa20Engine cipher = new Salsa20Engine();
 
-	PseudoRandomImpl(int seed1, int seed2) {
-		byte[] seed = new byte[INT_32_BYTES * 2];
-		ByteUtils.writeUint32(seed1, seed, 0);
-		ByteUtils.writeUint32(seed2, seed, INT_32_BYTES);
-		generator = new FortunaGenerator(seed);
+	PseudoRandomImpl(byte[] seed) {
+		// Hash the seed to produce a 32-byte key
+		byte[] key = new byte[32];
+		Digest digest = new Blake2sDigest();
+		digest.update(seed, 0, seed.length);
+		digest.doFinal(key, 0);
+		// Initialise the stream cipher with an all-zero nonce
+		byte[] nonce = new byte[8];
+		cipher.init(true, new ParametersWithIV(new KeyParameter(key), nonce));
 	}
 
 	@Override
 	public byte[] nextBytes(int length) {
-		byte[] b = new byte[length];
-		int offset = 0;
-		while (offset < length) offset += generator.nextBytes(b, offset, length);
-		return b;
+		byte[] in = new byte[length], out = new byte[length];
+		cipher.processBytes(in, 0, length, out, 0);
+		return out;
 	}
 }

bramble-core/src/main/java/org/briarproject/bramble/crypto/StreamEncrypterImpl.java

@@ -62,6 +62,8 @@ class StreamEncrypterImpl implements StreamEncrypter {
 	@Override
 	public void writeFrame(byte[] payload, int payloadLength,
 			int paddingLength, boolean finalFrame) throws IOException {
+		if (payloadLength < 0 || paddingLength < 0)
+			throw new IllegalArgumentException();
 		if (payloadLength + paddingLength > MAX_PAYLOAD_LENGTH)
 			throw new IllegalArgumentException();
 		// Don't allow the frame counter to wrap

bramble-core/src/main/java/org/briarproject/bramble/db/DatabaseComponentImpl.java

@@ -67,6 +67,7 @@ import javax.annotation.Nullable;
 import javax.annotation.concurrent.ThreadSafe;
 import javax.inject.Inject;
 
+import static java.util.logging.Level.FINE;
 import static java.util.logging.Level.WARNING;
 import static org.briarproject.bramble.api.sync.Group.Visibility.INVISIBLE;
 import static org.briarproject.bramble.api.sync.Group.Visibility.SHARED;
@@ -130,8 +131,14 @@ class DatabaseComponentImpl<T> implements DatabaseComponent {
 		// Don't allow reentrant locking
 		if (lock.getReadHoldCount() > 0) throw new IllegalStateException();
 		if (lock.getWriteHoldCount() > 0) throw new IllegalStateException();
+		long start = System.currentTimeMillis();
 		if (readOnly) lock.readLock().lock();
 		else lock.writeLock().lock();
+		if (LOG.isLoggable(FINE)) {
+			long duration = System.currentTimeMillis() - start;
+			if (readOnly) LOG.fine("Waited " + duration + " ms for read lock");
+			else LOG.fine("Waited " + duration + " ms for write lock");
+		}
 		try {
 			return new Transaction(db.startTransaction(), readOnly);
 		} catch (DbException e) {
@@ -661,7 +668,9 @@ class DatabaseComponentImpl<T> implements DatabaseComponent {
 				acked.add(m);
 			}
 		}
-		transaction.attach(new MessagesAckedEvent(c, acked));
+		if (acked.size() > 0) {
+			transaction.attach(new MessagesAckedEvent(c, acked));
+		}
 	}
 
 	@Override

bramble-core/src/main/java/org/briarproject/bramble/db/DatabaseExecutorModule.java

@@ -1,5 +1,6 @@
 package org.briarproject.bramble.db;
 
+import org.briarproject.bramble.TimeLoggingExecutor;
 import org.briarproject.bramble.api.db.DatabaseExecutor;
 import org.briarproject.bramble.api.lifecycle.LifecycleManager;
 
@@ -36,8 +37,8 @@ public class DatabaseExecutorModule {
 		RejectedExecutionHandler policy =
 				new ThreadPoolExecutor.DiscardPolicy();
 		// Use a single thread and keep it in the pool for 60 secs
-		databaseExecutor = new ThreadPoolExecutor(0, 1, 60, SECONDS, queue,
-				policy);
+		databaseExecutor = new TimeLoggingExecutor("DatabaseExecutor", 0, 1,
+				60, SECONDS, queue, policy);
 	}
 
 	@Provides

bramble-core/src/main/java/org/briarproject/bramble/db/JdbcDatabase.java

@@ -68,8 +68,8 @@ import static org.briarproject.bramble.db.ExponentialBackoff.calculateExpiry;
 @NotNullByDefault
 abstract class JdbcDatabase implements Database<Connection> {
 
-	private static final int SCHEMA_VERSION = 29;
-	private static final int MIN_SCHEMA_VERSION = 29;
+	private static final int SCHEMA_VERSION = 30;
+	private static final int MIN_SCHEMA_VERSION = 30;
 
 	private static final String CREATE_SETTINGS =
 			"CREATE TABLE settings"

bramble-core/src/main/java/org/briarproject/bramble/keyagreement/KeyAgreementProtocol.java

@@ -52,7 +52,7 @@ class KeyAgreementProtocol {
 
 		void connectionWaiting();
 
-		void initialPacketReceived();
+		void initialRecordReceived();
 	}
 
 	private final Callbacks callbacks;
@@ -117,7 +117,7 @@ class KeyAgreementProtocol {
 
 	private byte[] receiveKey() throws AbortException {
 		byte[] publicKey = transport.receiveKey();
-		callbacks.initialPacketReceived();
+		callbacks.initialRecordReceived();
 		byte[] expected = crypto.deriveKeyCommitment(publicKey);
 		if (!Arrays.equals(expected, theirPayload.getCommitment()))
 			throw new AbortException();

bramble-core/src/main/java/org/briarproject/bramble/keyagreement/KeyAgreementTaskImpl.java

@@ -129,7 +129,7 @@ class KeyAgreementTaskImpl extends Thread implements
 	}
 
 	@Override
-	public void initialPacketReceived() {
+	public void initialRecordReceived() {
 		// We send this here instead of when we create the protocol, so that
 		// if device A makes a connection after getting device B's payload and
 		// starts its protocol, device A's UI doesn't change to prevent device B

bramble-core/src/main/java/org/briarproject/bramble/keyagreement/KeyAgreementTransport.java

@@ -95,20 +95,30 @@ class KeyAgreementTransport {
 		out.flush();
 	}
 
-	private byte[] readRecord(byte type) throws AbortException {
-		byte[] header = readHeader();
-		if (header[0] != PROTOCOL_VERSION)
-			throw new AbortException(); // TODO handle?
-		if (header[1] != type) {
-			// Unexpected packet
-			throw new AbortException(header[1] == ABORT);
-		}
-		int len = ByteUtils.readUint16(header,
-				RECORD_HEADER_PAYLOAD_LENGTH_OFFSET);
-		try {
-			return readData(len);
-		} catch (IOException e) {
-			throw new AbortException(e);
+	private byte[] readRecord(byte expectedType) throws AbortException {
+		while (true) {
+			byte[] header = readHeader();
+			byte version = header[0], type = header[1];
+			int len = ByteUtils.readUint16(header,
+					RECORD_HEADER_PAYLOAD_LENGTH_OFFSET);
+			// Reject unrecognised protocol version
+			if (version != PROTOCOL_VERSION) throw new AbortException(false);
+			if (type == ABORT) throw new AbortException(true);
+			if (type == expectedType) {
+				try {
+					return readData(len);
+				} catch (IOException e) {
+					throw new AbortException(e);
+				}
+			}
+			// Reject recognised but unexpected record type
+			if (type == KEY || type == CONFIRM) throw new AbortException(false);
+			// Skip unrecognised record type
+			try {
+				readData(len);
+			} catch (IOException e) {
+				throw new AbortException(e);
+			}
 		}
 	}
 

bramble-core/src/main/java/org/briarproject/bramble/plugin/tcp/LanTcpPlugin.java

@@ -34,6 +34,7 @@ import static java.util.logging.Level.INFO;
 import static java.util.logging.Level.WARNING;
 import static org.briarproject.bramble.api.keyagreement.KeyAgreementConstants.TRANSPORT_ID_LAN;
 import static org.briarproject.bramble.api.plugin.LanTcpConstants.ID;
+import static org.briarproject.bramble.api.plugin.LanTcpConstants.PREF_LAN_IP_PORTS;
 import static org.briarproject.bramble.util.ByteUtils.MAX_16_BIT_UNSIGNED;
 import static org.briarproject.bramble.util.PrivacyUtils.scrubSocketAddress;
 
@@ -43,7 +44,7 @@ class LanTcpPlugin extends TcpPlugin {
 	private static final Logger LOG =
 			Logger.getLogger(LanTcpPlugin.class.getName());
 
-	private static final int MAX_ADDRESSES = 5;
+	private static final int MAX_ADDRESSES = 4;
 	private static final String PROP_IP_PORTS = "ipPorts";
 	private static final String SEPARATOR = ",";
 
@@ -82,19 +83,19 @@ class LanTcpPlugin extends TcpPlugin {
 	private List<InetSocketAddress> parseSocketAddresses(String ipPorts) {
 		if (StringUtils.isNullOrEmpty(ipPorts)) return Collections.emptyList();
 		String[] split = ipPorts.split(SEPARATOR);
-		List<InetSocketAddress> remotes = new ArrayList<InetSocketAddress>();
+		List<InetSocketAddress> addresses = new ArrayList<InetSocketAddress>();
 		for (String ipPort : split) {
 			InetSocketAddress a = parseSocketAddress(ipPort);
-			if (a != null) remotes.add(a);
+			if (a != null) addresses.add(a);
 		}
-		return remotes;
+		return addresses;
 	}
 
 	@Override
 	protected void setLocalSocketAddress(InetSocketAddress a) {
 		String ipPort = getIpPortString(a);
 		// Get the list of recently used addresses
-		String setting = callback.getSettings().get(PROP_IP_PORTS);
+		String setting = callback.getSettings().get(PREF_LAN_IP_PORTS);
 		List<String> recent = new ArrayList<String>();
 		if (!StringUtils.isNullOrEmpty(setting))
 			Collections.addAll(recent, setting.split(SEPARATOR));
@@ -120,7 +121,7 @@ class LanTcpPlugin extends TcpPlugin {
 		}
 		// Save the setting
 		Settings settings = new Settings();
-		settings.put(PROP_IP_PORTS, setting);
+		settings.put(PREF_LAN_IP_PORTS, setting);
 		callback.mergeSettings(settings);
 	}
 

bramble-core/src/main/java/org/briarproject/bramble/socks/SocksModule.java

@@ -8,6 +8,7 @@ import dagger.Module;
 import dagger.Provides;
 
 import static org.briarproject.bramble.api.plugin.TorConstants.CONNECT_TO_PROXY_TIMEOUT;
+import static org.briarproject.bramble.api.plugin.TorConstants.EXTRA_SOCKET_TIMEOUT;
 import static org.briarproject.bramble.api.plugin.TorConstants.SOCKS_PORT;
 
 @Module
@@ -17,6 +18,7 @@ public class SocksModule {
 	SocketFactory provideTorSocketFactory() {
 		InetSocketAddress proxy = new InetSocketAddress("127.0.0.1",
 				SOCKS_PORT);
-		return new SocksSocketFactory(proxy, CONNECT_TO_PROXY_TIMEOUT);
+		return new SocksSocketFactory(proxy, CONNECT_TO_PROXY_TIMEOUT,
+				EXTRA_SOCKET_TIMEOUT);
 	}
 }

bramble-core/src/main/java/org/briarproject/bramble/socks/SocksSocket.java

@@ -6,18 +6,36 @@ import org.briarproject.bramble.util.IoUtils;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
+import java.net.InetAddress;
 import java.net.InetSocketAddress;
 import java.net.Socket;
 import java.net.SocketAddress;
+import java.util.Arrays;
 
 class SocksSocket extends Socket {
 
-	private final SocketAddress proxy;
-	private final int connectToProxyTimeout;
+	private static final String[] ERRORS = {
+			"Succeeded",
+			"General SOCKS server failure",
+			"Connection not allowed by ruleset",
+			"Network unreachable",
+			"Host unreachable",
+			"Connection refused",
+			"TTL expired",
+			"Command not supported",
+			"Address type not supported"
+	};
 
-	SocksSocket(SocketAddress proxy, int connectToProxyTimeout) {
+	private static final byte[] UNSPECIFIED_ADDRESS = new byte[4];
+
+	private final SocketAddress proxy;
+	private final int connectToProxyTimeout, extraSocketTimeout;
+
+	SocksSocket(SocketAddress proxy, int connectToProxyTimeout,
+			int extraSocketTimeout) {
 		this.proxy = proxy;
 		this.connectToProxyTimeout = connectToProxyTimeout;
+		this.extraSocketTimeout = extraSocketTimeout;
 	}
 
 	@Override
@@ -28,6 +46,11 @@ class SocksSocket extends Socket {
 		if (!(endpoint instanceof InetSocketAddress))
 			throw new IllegalArgumentException();
 		InetSocketAddress inet = (InetSocketAddress) endpoint;
+		InetAddress address = inet.getAddress();
+		if (address != null
+				&& !Arrays.equals(address.getAddress(), UNSPECIFIED_ADDRESS)) {
+			throw new IllegalArgumentException();
+		}
 		String host = inet.getHostName();
 		if (host.length() > 255) throw new IllegalArgumentException();
 		int port = inet.getPort();
@@ -41,16 +64,16 @@ class SocksSocket extends Socket {
 		sendMethodRequest(out);
 		receiveMethodResponse(in);
 
-		// Use the supplied timeout temporarily
+		// Use the supplied timeout temporarily, plus any configured extra
 		int oldTimeout = getSoTimeout();
-		setSoTimeout(timeout);
+		setSoTimeout(timeout + extraSocketTimeout);
 
 		// Connect to the endpoint via the proxy
 		sendConnectRequest(out, host, port);
 		receiveConnectResponse(in);
 
-		// Restore the old timeout
-		setSoTimeout(oldTimeout);
+		// Restore the old timeout, plus any configured extra
+		setSoTimeout(oldTimeout + extraSocketTimeout);
 	}
 
 	private void sendMethodRequest(OutputStream out) throws IOException {
@@ -93,13 +116,16 @@ class SocksSocket extends Socket {
 	private void receiveConnectResponse(InputStream in) throws IOException {
 		byte[] connectResponse = new byte[4];
 		IoUtils.read(in, connectResponse);
-		byte version = connectResponse[0];
-		byte reply = connectResponse[1];
-		byte addressType = connectResponse[3];
+		int version = connectResponse[0] & 0xFF;
+		int reply = connectResponse[1] & 0xFF;
+		int addressType = connectResponse[3] & 0xFF;
 		if (version != 5)
 			throw new IOException("Unsupported SOCKS version: " + version);
-		if (reply != 0)
-			throw new IOException("Connection failed: " + reply);
+		if (reply != 0) {
+			if (reply < ERRORS.length)
+				throw new IOException("Connection failed: " + ERRORS[reply]);
+			else throw new IOException("Connection failed: " + reply);
+		}
 		if (addressType == 1) IoUtils.read(in, new byte[4]); // IPv4
 		else if (addressType == 4) IoUtils.read(in, new byte[16]); // IPv6
 		else throw new IOException("Unsupported address type: " + addressType);

bramble-core/src/main/java/org/briarproject/bramble/socks/SocksSocketFactory.java

@@ -11,16 +11,18 @@ import javax.net.SocketFactory;
 class SocksSocketFactory extends SocketFactory {
 
 	private final SocketAddress proxy;
-	private final int connectToProxyTimeout;
+	private final int connectToProxyTimeout, extraSocketTimeout;
 
-	SocksSocketFactory(SocketAddress proxy, int connectToProxyTimeout) {
+	SocksSocketFactory(SocketAddress proxy, int connectToProxyTimeout,
+			int extraSocketTimeout) {
 		this.proxy = proxy;
 		this.connectToProxyTimeout = connectToProxyTimeout;
+		this.extraSocketTimeout = extraSocketTimeout;
 	}
 
 	@Override
 	public Socket createSocket() {
-		return new SocksSocket(proxy, connectToProxyTimeout);
+		return new SocksSocket(proxy, connectToProxyTimeout, extraSocketTimeout);
 	}
 
 	@Override

bramble-core/src/main/java/org/briarproject/bramble/sync/DuplexOutgoingSession.java

@@ -14,7 +14,7 @@ import org.briarproject.bramble.api.lifecycle.event.ShutdownEvent;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.sync.Ack;
 import org.briarproject.bramble.api.sync.Offer;
-import org.briarproject.bramble.api.sync.PacketWriter;
+import org.briarproject.bramble.api.sync.RecordWriter;
 import org.briarproject.bramble.api.sync.Request;
 import org.briarproject.bramble.api.sync.SyncSession;
 import org.briarproject.bramble.api.sync.event.GroupVisibilityUpdatedEvent;
@@ -37,19 +37,19 @@ import static java.util.concurrent.TimeUnit.MILLISECONDS;
 import static java.util.logging.Level.INFO;
 import static java.util.logging.Level.WARNING;
 import static org.briarproject.bramble.api.sync.SyncConstants.MAX_MESSAGE_IDS;
-import static org.briarproject.bramble.api.sync.SyncConstants.MAX_PACKET_PAYLOAD_LENGTH;
+import static org.briarproject.bramble.api.sync.SyncConstants.MAX_RECORD_PAYLOAD_LENGTH;
 
 /**
  * An outgoing {@link SyncSession} suitable for duplex transports. The session
  * offers messages before sending them, keeps its output stream open when there
- * are no packets to send, and reacts to events that make packets available to
+ * are no records to send, and reacts to events that make records available to
  * send.
  */
 @ThreadSafe
 @NotNullByDefault
 class DuplexOutgoingSession implements SyncSession, EventListener {
 
-	// Check for retransmittable packets once every 60 seconds
+	// Check for retransmittable records once every 60 seconds
 	private static final int RETX_QUERY_INTERVAL = 60 * 1000;
 	private static final Logger LOG =
 			Logger.getLogger(DuplexOutgoingSession.class.getName());
@@ -67,14 +67,14 @@ class DuplexOutgoingSession implements SyncSession, EventListener {
 	private final Clock clock;
 	private final ContactId contactId;
 	private final int maxLatency, maxIdleTime;
-	private final PacketWriter packetWriter;
+	private final RecordWriter recordWriter;
 	private final BlockingQueue<ThrowingRunnable<IOException>> writerTasks;
 
 	private volatile boolean interrupted = false;
 
 	DuplexOutgoingSession(DatabaseComponent db, Executor dbExecutor,
 			EventBus eventBus, Clock clock, ContactId contactId, int maxLatency,
-			int maxIdleTime, PacketWriter packetWriter) {
+			int maxIdleTime, RecordWriter recordWriter) {
 		this.db = db;
 		this.dbExecutor = dbExecutor;
 		this.eventBus = eventBus;
@@ -82,7 +82,7 @@ class DuplexOutgoingSession implements SyncSession, EventListener {
 		this.contactId = contactId;
 		this.maxLatency = maxLatency;
 		this.maxIdleTime = maxIdleTime;
-		this.packetWriter = packetWriter;
+		this.recordWriter = recordWriter;
 		writerTasks = new LinkedBlockingQueue<ThrowingRunnable<IOException>>();
 	}
 
@@ -91,7 +91,7 @@ class DuplexOutgoingSession implements SyncSession, EventListener {
 	public void run() throws IOException {
 		eventBus.addListener(this);
 		try {
-			// Start a query for each type of packet
+			// Start a query for each type of record
 			dbExecutor.execute(new GenerateAck());
 			dbExecutor.execute(new GenerateBatch());
 			dbExecutor.execute(new GenerateOffer());
@@ -100,33 +100,33 @@ class DuplexOutgoingSession implements SyncSession, EventListener {
 			long nextKeepalive = now + maxIdleTime;
 			long nextRetxQuery = now + RETX_QUERY_INTERVAL;
 			boolean dataToFlush = true;
-			// Write packets until interrupted
+			// Write records until interrupted
 			try {
 				while (!interrupted) {
-					// Work out how long we should wait for a packet
+					// Work out how long we should wait for a record
 					now = clock.currentTimeMillis();
 					long wait = Math.min(nextKeepalive, nextRetxQuery) - now;
 					if (wait < 0) wait = 0;
 					// Flush any unflushed data if we're going to wait
 					if (wait > 0 && dataToFlush && writerTasks.isEmpty()) {
-						packetWriter.flush();
+						recordWriter.flush();
 						dataToFlush = false;
 						nextKeepalive = now + maxIdleTime;
 					}
-					// Wait for a packet
+					// Wait for a record
 					ThrowingRunnable<IOException> task = writerTasks.poll(wait,
 							MILLISECONDS);
 					if (task == null) {
 						now = clock.currentTimeMillis();
 						if (now >= nextRetxQuery) {
-							// Check for retransmittable packets
+							// Check for retransmittable records
 							dbExecutor.execute(new GenerateBatch());
 							dbExecutor.execute(new GenerateOffer());
 							nextRetxQuery = now + RETX_QUERY_INTERVAL;
 						}
 						if (now >= nextKeepalive) {
 							// Flush the stream to keep it alive
-							packetWriter.flush();
+							recordWriter.flush();
 							dataToFlush = false;
 							nextKeepalive = now + maxIdleTime;
 						}
@@ -137,9 +137,9 @@ class DuplexOutgoingSession implements SyncSession, EventListener {
 						dataToFlush = true;
 					}
 				}
-				if (dataToFlush) packetWriter.flush();
+				if (dataToFlush) recordWriter.flush();
 			} catch (InterruptedException e) {
-				LOG.info("Interrupted while waiting for a packet to write");
+				LOG.info("Interrupted while waiting for a record to write");
 				Thread.currentThread().interrupt();
 			}
 		} finally {
@@ -215,7 +215,7 @@ class DuplexOutgoingSession implements SyncSession, EventListener {
 		@Override
 		public void run() throws IOException {
 			if (interrupted) return;
-			packetWriter.writeAck(ack);
+			recordWriter.writeAck(ack);
 			LOG.info("Sent ack");
 			dbExecutor.execute(new GenerateAck());
 		}
@@ -232,7 +232,7 @@ class DuplexOutgoingSession implements SyncSession, EventListener {
 				Transaction txn = db.startTransaction(false);
 				try {
 					b = db.generateRequestedBatch(txn, contactId,
-							MAX_PACKET_PAYLOAD_LENGTH, maxLatency);
+							MAX_RECORD_PAYLOAD_LENGTH, maxLatency);
 					db.commitTransaction(txn);
 				} finally {
 					db.endTransaction(txn);
@@ -259,7 +259,7 @@ class DuplexOutgoingSession implements SyncSession, EventListener {
 		@Override
 		public void run() throws IOException {
 			if (interrupted) return;
-			for (byte[] raw : batch) packetWriter.writeMessage(raw);
+			for (byte[] raw : batch) recordWriter.writeMessage(raw);
 			LOG.info("Sent batch");
 			dbExecutor.execute(new GenerateBatch());
 		}
@@ -303,7 +303,7 @@ class DuplexOutgoingSession implements SyncSession, EventListener {
 		@Override
 		public void run() throws IOException {
 			if (interrupted) return;
-			packetWriter.writeOffer(offer);
+			recordWriter.writeOffer(offer);
 			LOG.info("Sent offer");
 			dbExecutor.execute(new GenerateOffer());
 		}
@@ -346,7 +346,7 @@ class DuplexOutgoingSession implements SyncSession, EventListener {
 		@Override
 		public void run() throws IOException {
 			if (interrupted) return;
-			packetWriter.writeRequest(request);
+			recordWriter.writeRequest(request);
 			LOG.info("Sent request");
 			dbExecutor.execute(new GenerateRequest());
 		}

bramble-core/src/main/java/org/briarproject/bramble/sync/IncomingSession.java

@@ -16,7 +16,7 @@ import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.sync.Ack;
 import org.briarproject.bramble.api.sync.Message;
 import org.briarproject.bramble.api.sync.Offer;
-import org.briarproject.bramble.api.sync.PacketReader;
+import org.briarproject.bramble.api.sync.RecordReader;
 import org.briarproject.bramble.api.sync.Request;
 import org.briarproject.bramble.api.sync.SyncSession;
 
@@ -42,18 +42,18 @@ class IncomingSession implements SyncSession, EventListener {
 	private final Executor dbExecutor;
 	private final EventBus eventBus;
 	private final ContactId contactId;
-	private final PacketReader packetReader;
+	private final RecordReader recordReader;
 
 	private volatile boolean interrupted = false;
 
 	IncomingSession(DatabaseComponent db, Executor dbExecutor,
 			EventBus eventBus, ContactId contactId,
-			PacketReader packetReader) {
+			RecordReader recordReader) {
 		this.db = db;
 		this.dbExecutor = dbExecutor;
 		this.eventBus = eventBus;
 		this.contactId = contactId;
-		this.packetReader = packetReader;
+		this.recordReader = recordReader;
 	}
 
 	@IoExecutor
@@ -61,21 +61,22 @@ class IncomingSession implements SyncSession, EventListener {
 	public void run() throws IOException {
 		eventBus.addListener(this);
 		try {
-			// Read packets until interrupted or EOF
-			while (!interrupted && !packetReader.eof()) {
-				if (packetReader.hasAck()) {
-					Ack a = packetReader.readAck();
+			// Read records until interrupted or EOF
+			while (!interrupted && !recordReader.eof()) {
+				if (recordReader.hasAck()) {
+					Ack a = recordReader.readAck();
 					dbExecutor.execute(new ReceiveAck(a));
-				} else if (packetReader.hasMessage()) {
-					Message m = packetReader.readMessage();
+				} else if (recordReader.hasMessage()) {
+					Message m = recordReader.readMessage();
 					dbExecutor.execute(new ReceiveMessage(m));
-				} else if (packetReader.hasOffer()) {
-					Offer o = packetReader.readOffer();
+				} else if (recordReader.hasOffer()) {
+					Offer o = recordReader.readOffer();
 					dbExecutor.execute(new ReceiveOffer(o));
-				} else if (packetReader.hasRequest()) {
-					Request r = packetReader.readRequest();
+				} else if (recordReader.hasRequest()) {
+					Request r = recordReader.readRequest();
 					dbExecutor.execute(new ReceiveRequest(r));
 				} else {
+					// unknown records are ignored in RecordReader#eof()
 					throw new FormatException();
 				}
 			}

bramble-core/src/main/java/org/briarproject/bramble/sync/MessageFactoryImpl.java

@@ -30,11 +30,15 @@ class MessageFactoryImpl implements MessageFactory {
 	public Message createMessage(GroupId g, long timestamp, byte[] body) {
 		if (body.length > MAX_MESSAGE_BODY_LENGTH)
 			throw new IllegalArgumentException();
+		byte[] timeBytes = new byte[ByteUtils.INT_64_BYTES];
+		ByteUtils.writeUint64(timestamp, timeBytes, 0);
+		byte[] idHash =
+				crypto.hash(MessageId.LABEL, g.getBytes(), timeBytes, body);
+		MessageId id = new MessageId(idHash);
 		byte[] raw = new byte[MESSAGE_HEADER_LENGTH + body.length];
 		System.arraycopy(g.getBytes(), 0, raw, 0, UniqueId.LENGTH);
 		ByteUtils.writeUint64(timestamp, raw, UniqueId.LENGTH);
 		System.arraycopy(body, 0, raw, MESSAGE_HEADER_LENGTH, body.length);
-		MessageId id = new MessageId(crypto.hash(MessageId.LABEL, raw));
 		return new Message(id, g, timestamp, raw);
 	}
 

bramble-core/src/main/java/org/briarproject/bramble/sync/PacketReaderFactoryImpl.java

@@ -1,28 +0,0 @@
-package org.briarproject.bramble.sync;
-
-import org.briarproject.bramble.api.crypto.CryptoComponent;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.briarproject.bramble.api.sync.PacketReader;
-import org.briarproject.bramble.api.sync.PacketReaderFactory;
-
-import java.io.InputStream;
-
-import javax.annotation.concurrent.Immutable;
-import javax.inject.Inject;
-
-@Immutable
-@NotNullByDefault
-class PacketReaderFactoryImpl implements PacketReaderFactory {
-
-	private final CryptoComponent crypto;
-
-	@Inject
-	PacketReaderFactoryImpl(CryptoComponent crypto) {
-		this.crypto = crypto;
-	}
-
-	@Override
-	public PacketReader createPacketReader(InputStream in) {
-		return new PacketReaderImpl(crypto, in);
-	}
-}

bramble-core/src/main/java/org/briarproject/bramble/sync/PacketWriterFactoryImpl.java

@@ -1,16 +0,0 @@
-package org.briarproject.bramble.sync;
-
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.briarproject.bramble.api.sync.PacketWriter;
-import org.briarproject.bramble.api.sync.PacketWriterFactory;
-
-import java.io.OutputStream;
-
-@NotNullByDefault
-class PacketWriterFactoryImpl implements PacketWriterFactory {
-
-	@Override
-	public PacketWriter createPacketWriter(OutputStream out) {
-		return new PacketWriterImpl(out);
-	}
-}

bramble-core/src/main/java/org/briarproject/bramble/sync/RecordReaderFactoryImpl.java

@@ -0,0 +1,28 @@
+package org.briarproject.bramble.sync;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.sync.MessageFactory;
+import org.briarproject.bramble.api.sync.RecordReader;
+import org.briarproject.bramble.api.sync.RecordReaderFactory;
+
+import java.io.InputStream;
+
+import javax.annotation.concurrent.Immutable;
+import javax.inject.Inject;
+
+@Immutable
+@NotNullByDefault
+class RecordReaderFactoryImpl implements RecordReaderFactory {
+
+	private final MessageFactory messageFactory;
+
+	@Inject
+	RecordReaderFactoryImpl(MessageFactory messageFactory) {
+		this.messageFactory = messageFactory;
+	}
+
+	@Override
+	public RecordReader createRecordReader(InputStream in) {
+		return new RecordReaderImpl(messageFactory, in);
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/sync/RecordReaderImpl.java

@@ -2,14 +2,14 @@ package org.briarproject.bramble.sync;
 
 import org.briarproject.bramble.api.FormatException;
 import org.briarproject.bramble.api.UniqueId;
-import org.briarproject.bramble.api.crypto.CryptoComponent;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.sync.Ack;
 import org.briarproject.bramble.api.sync.GroupId;
 import org.briarproject.bramble.api.sync.Message;
+import org.briarproject.bramble.api.sync.MessageFactory;
 import org.briarproject.bramble.api.sync.MessageId;
 import org.briarproject.bramble.api.sync.Offer;
-import org.briarproject.bramble.api.sync.PacketReader;
+import org.briarproject.bramble.api.sync.RecordReader;
 import org.briarproject.bramble.api.sync.Request;
 import org.briarproject.bramble.util.ByteUtils;
 
@@ -20,66 +20,84 @@ import java.util.List;
 
 import javax.annotation.concurrent.NotThreadSafe;
 
-import static org.briarproject.bramble.api.sync.PacketTypes.ACK;
-import static org.briarproject.bramble.api.sync.PacketTypes.MESSAGE;
-import static org.briarproject.bramble.api.sync.PacketTypes.OFFER;
-import static org.briarproject.bramble.api.sync.PacketTypes.REQUEST;
-import static org.briarproject.bramble.api.sync.SyncConstants.MAX_PACKET_PAYLOAD_LENGTH;
+import static org.briarproject.bramble.api.sync.RecordTypes.ACK;
+import static org.briarproject.bramble.api.sync.RecordTypes.MESSAGE;
+import static org.briarproject.bramble.api.sync.RecordTypes.OFFER;
+import static org.briarproject.bramble.api.sync.RecordTypes.REQUEST;
+import static org.briarproject.bramble.api.sync.SyncConstants.MAX_RECORD_PAYLOAD_LENGTH;
 import static org.briarproject.bramble.api.sync.SyncConstants.MESSAGE_HEADER_LENGTH;
-import static org.briarproject.bramble.api.sync.SyncConstants.PACKET_HEADER_LENGTH;
 import static org.briarproject.bramble.api.sync.SyncConstants.PROTOCOL_VERSION;
+import static org.briarproject.bramble.api.sync.SyncConstants.RECORD_HEADER_LENGTH;
 
 @NotThreadSafe
 @NotNullByDefault
-class PacketReaderImpl implements PacketReader {
+class RecordReaderImpl implements RecordReader {
 
-	private enum State { BUFFER_EMPTY, BUFFER_FULL, EOF }
+	private enum State {BUFFER_EMPTY, BUFFER_FULL, EOF}
 
-	private final CryptoComponent crypto;
+	private final MessageFactory messageFactory;
 	private final InputStream in;
 	private final byte[] header, payload;
 
 	private State state = State.BUFFER_EMPTY;
 	private int payloadLength = 0;
 
-	PacketReaderImpl(CryptoComponent crypto, InputStream in) {
-		this.crypto = crypto;
+	RecordReaderImpl(MessageFactory messageFactory, InputStream in) {
+		this.messageFactory = messageFactory;
 		this.in = in;
-		header = new byte[PACKET_HEADER_LENGTH];
-		payload = new byte[MAX_PACKET_PAYLOAD_LENGTH];
+		header = new byte[RECORD_HEADER_LENGTH];
+		payload = new byte[MAX_RECORD_PAYLOAD_LENGTH];
 	}
 
-	private void readPacket() throws IOException {
+	private void readRecord() throws IOException {
 		if (state != State.BUFFER_EMPTY) throw new IllegalStateException();
-		// Read the header
-		int offset = 0;
-		while (offset < PACKET_HEADER_LENGTH) {
-			int read = in.read(header, offset, PACKET_HEADER_LENGTH - offset);
-			if (read == -1) {
-				if (offset > 0) throw new FormatException();
-				state = State.EOF;
+		while (true) {
+			// Read the header
+			int offset = 0;
+			while (offset < RECORD_HEADER_LENGTH) {
+				int read =
+						in.read(header, offset, RECORD_HEADER_LENGTH - offset);
+				if (read == -1) {
+					if (offset > 0) throw new FormatException();
+					state = State.EOF;
+					return;
+				}
+				offset += read;
+			}
+			byte version = header[0], type = header[1];
+			payloadLength = ByteUtils.readUint16(header, 2);
+			// Check the protocol version
+			if (version != PROTOCOL_VERSION) throw new FormatException();
+			// Check the payload length
+			if (payloadLength > MAX_RECORD_PAYLOAD_LENGTH)
+				throw new FormatException();
+			// Read the payload
+			offset = 0;
+			while (offset < payloadLength) {
+				int read = in.read(payload, offset, payloadLength - offset);
+				if (read == -1) throw new FormatException();
+				offset += read;
+			}
+			state = State.BUFFER_FULL;
+			// Return if this is a known record type, otherwise continue
+			if (type == ACK || type == MESSAGE || type == OFFER ||
+					type == REQUEST) {
 				return;
 			}
-			offset += read;
 		}
-		// Check the protocol version
-		if (header[0] != PROTOCOL_VERSION) throw new FormatException();
-		// Read the payload length
-		payloadLength = ByteUtils.readUint16(header, 2);
-		if (payloadLength > MAX_PACKET_PAYLOAD_LENGTH) throw new FormatException();
-		// Read the payload
-		offset = 0;
-		while (offset < payloadLength) {
-			int read = in.read(payload, offset, payloadLength - offset);
-			if (read == -1) throw new FormatException();
-			offset += read;
-		}
-		state = State.BUFFER_FULL;
 	}
 
+	/**
+	 * Returns true if there's another record available or false if we've
+	 * reached the end of the input stream.
+	 * <p>
+	 * If a record is available, it's been read into the buffer by the time
+	 * eof() returns, so the method that called eof() can access the record
+	 * from the buffer, for example to check its type or extract its payload.
+	 */
 	@Override
 	public boolean eof() throws IOException {
-		if (state == State.BUFFER_EMPTY) readPacket();
+		if (state == State.BUFFER_EMPTY) readRecord();
 		if (state == State.BUFFER_EMPTY) throw new IllegalStateException();
 		return state == State.EOF;
 	}
@@ -124,13 +142,12 @@ class PacketReaderImpl implements PacketReader {
 		// Timestamp
 		long timestamp = ByteUtils.readUint64(payload, UniqueId.LENGTH);
 		if (timestamp < 0) throw new FormatException();
-		// Raw message
-		byte[] raw = new byte[payloadLength];
-		System.arraycopy(payload, 0, raw, 0, payloadLength);
+		// Body
+		byte[] body = new byte[payloadLength - MESSAGE_HEADER_LENGTH];
+		System.arraycopy(payload, MESSAGE_HEADER_LENGTH, body, 0,
+				payloadLength - MESSAGE_HEADER_LENGTH);
 		state = State.BUFFER_EMPTY;
-		// Message ID
-		MessageId messageId = new MessageId(crypto.hash(MessageId.LABEL, raw));
-		return new Message(messageId, groupId, timestamp, raw);
+		return messageFactory.createMessage(groupId, timestamp, body);
 	}
 
 	@Override
@@ -154,4 +171,5 @@ class PacketReaderImpl implements PacketReader {
 		if (!hasRequest()) throw new FormatException();
 		return new Request(readMessageIds());
 	}
+
 }

bramble-core/src/main/java/org/briarproject/bramble/sync/RecordWriterFactoryImpl.java

@@ -0,0 +1,16 @@
+package org.briarproject.bramble.sync;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.sync.RecordWriter;
+import org.briarproject.bramble.api.sync.RecordWriterFactory;
+
+import java.io.OutputStream;
+
+@NotNullByDefault
+class RecordWriterFactoryImpl implements RecordWriterFactory {
+
+	@Override
+	public RecordWriter createRecordWriter(OutputStream out) {
+		return new RecordWriterImpl(out);
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/sync/RecordWriterImpl.java

@@ -4,8 +4,8 @@ import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.sync.Ack;
 import org.briarproject.bramble.api.sync.MessageId;
 import org.briarproject.bramble.api.sync.Offer;
-import org.briarproject.bramble.api.sync.PacketTypes;
-import org.briarproject.bramble.api.sync.PacketWriter;
+import org.briarproject.bramble.api.sync.RecordTypes;
+import org.briarproject.bramble.api.sync.RecordWriter;
 import org.briarproject.bramble.api.sync.Request;
 import org.briarproject.bramble.util.ByteUtils;
 
@@ -15,30 +15,30 @@ import java.io.OutputStream;
 
 import javax.annotation.concurrent.NotThreadSafe;
 
-import static org.briarproject.bramble.api.sync.PacketTypes.ACK;
-import static org.briarproject.bramble.api.sync.PacketTypes.OFFER;
-import static org.briarproject.bramble.api.sync.PacketTypes.REQUEST;
-import static org.briarproject.bramble.api.sync.SyncConstants.MAX_PACKET_PAYLOAD_LENGTH;
-import static org.briarproject.bramble.api.sync.SyncConstants.PACKET_HEADER_LENGTH;
+import static org.briarproject.bramble.api.sync.RecordTypes.ACK;
+import static org.briarproject.bramble.api.sync.RecordTypes.OFFER;
+import static org.briarproject.bramble.api.sync.RecordTypes.REQUEST;
+import static org.briarproject.bramble.api.sync.SyncConstants.MAX_RECORD_PAYLOAD_LENGTH;
+import static org.briarproject.bramble.api.sync.SyncConstants.RECORD_HEADER_LENGTH;
 import static org.briarproject.bramble.api.sync.SyncConstants.PROTOCOL_VERSION;
 
 @NotThreadSafe
 @NotNullByDefault
-class PacketWriterImpl implements PacketWriter {
+class RecordWriterImpl implements RecordWriter {
 
 	private final OutputStream out;
 	private final byte[] header;
 	private final ByteArrayOutputStream payload;
 
-	PacketWriterImpl(OutputStream out) {
+	RecordWriterImpl(OutputStream out) {
 		this.out = out;
-		header = new byte[PACKET_HEADER_LENGTH];
+		header = new byte[RECORD_HEADER_LENGTH];
 		header[0] = PROTOCOL_VERSION;
-		payload = new ByteArrayOutputStream(MAX_PACKET_PAYLOAD_LENGTH);
+		payload = new ByteArrayOutputStream(MAX_RECORD_PAYLOAD_LENGTH);
 	}
 
-	private void writePacket(byte packetType) throws IOException {
-		header[1] = packetType;
+	private void writeRecord(byte recordType) throws IOException {
+		header[1] = recordType;
 		ByteUtils.writeUint16(payload.size(), header, 2);
 		out.write(header);
 		payload.writeTo(out);
@@ -49,12 +49,12 @@ class PacketWriterImpl implements PacketWriter {
 	public void writeAck(Ack a) throws IOException {
 		if (payload.size() != 0) throw new IllegalStateException();
 		for (MessageId m : a.getMessageIds()) payload.write(m.getBytes());
-		writePacket(ACK);
+		writeRecord(ACK);
 	}
 
 	@Override
 	public void writeMessage(byte[] raw) throws IOException {
-		header[1] = PacketTypes.MESSAGE;
+		header[1] = RecordTypes.MESSAGE;
 		ByteUtils.writeUint16(raw.length, header, 2);
 		out.write(header);
 		out.write(raw);
@@ -64,14 +64,14 @@ class PacketWriterImpl implements PacketWriter {
 	public void writeOffer(Offer o) throws IOException {
 		if (payload.size() != 0) throw new IllegalStateException();
 		for (MessageId m : o.getMessageIds()) payload.write(m.getBytes());
-		writePacket(OFFER);
+		writeRecord(OFFER);
 	}
 
 	@Override
 	public void writeRequest(Request r) throws IOException {
 		if (payload.size() != 0) throw new IllegalStateException();
 		for (MessageId m : r.getMessageIds()) payload.write(m.getBytes());
-		writePacket(REQUEST);
+		writeRecord(REQUEST);
 	}
 
 	@Override

bramble-core/src/main/java/org/briarproject/bramble/sync/SimplexOutgoingSession.java

@@ -13,7 +13,7 @@ import org.briarproject.bramble.api.lifecycle.IoExecutor;
 import org.briarproject.bramble.api.lifecycle.event.ShutdownEvent;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.sync.Ack;
-import org.briarproject.bramble.api.sync.PacketWriter;
+import org.briarproject.bramble.api.sync.RecordWriter;
 import org.briarproject.bramble.api.sync.SyncSession;
 
 import java.io.IOException;
@@ -29,12 +29,12 @@ import javax.annotation.concurrent.ThreadSafe;
 import static java.util.logging.Level.INFO;
 import static java.util.logging.Level.WARNING;
 import static org.briarproject.bramble.api.sync.SyncConstants.MAX_MESSAGE_IDS;
-import static org.briarproject.bramble.api.sync.SyncConstants.MAX_PACKET_PAYLOAD_LENGTH;
+import static org.briarproject.bramble.api.sync.SyncConstants.MAX_RECORD_PAYLOAD_LENGTH;
 
 /**
  * An outgoing {@link SyncSession} suitable for simplex transports. The session
  * sends messages without offering them first, and closes its output stream
- * when there are no more packets to send.
+ * when there are no more records to send.
  */
 @ThreadSafe
 @NotNullByDefault
@@ -55,7 +55,7 @@ class SimplexOutgoingSession implements SyncSession, EventListener {
 	private final EventBus eventBus;
 	private final ContactId contactId;
 	private final int maxLatency;
-	private final PacketWriter packetWriter;
+	private final RecordWriter recordWriter;
 	private final AtomicInteger outstandingQueries;
 	private final BlockingQueue<ThrowingRunnable<IOException>> writerTasks;
 
@@ -63,14 +63,14 @@ class SimplexOutgoingSession implements SyncSession, EventListener {
 
 	SimplexOutgoingSession(DatabaseComponent db, Executor dbExecutor,
 			EventBus eventBus, ContactId contactId,
-			int maxLatency, PacketWriter packetWriter) {
+			int maxLatency, RecordWriter recordWriter) {
 		this.db = db;
 		this.dbExecutor = dbExecutor;
 		this.eventBus = eventBus;
 		this.contactId = contactId;
 		this.maxLatency = maxLatency;
-		this.packetWriter = packetWriter;
-		outstandingQueries = new AtomicInteger(2); // One per type of packet
+		this.recordWriter = recordWriter;
+		outstandingQueries = new AtomicInteger(2); // One per type of record
 		writerTasks = new LinkedBlockingQueue<ThrowingRunnable<IOException>>();
 	}
 
@@ -79,19 +79,19 @@ class SimplexOutgoingSession implements SyncSession, EventListener {
 	public void run() throws IOException {
 		eventBus.addListener(this);
 		try {
-			// Start a query for each type of packet
+			// Start a query for each type of record
 			dbExecutor.execute(new GenerateAck());
 			dbExecutor.execute(new GenerateBatch());
-			// Write packets until interrupted or no more packets to write
+			// Write records until interrupted or no more records to write
 			try {
 				while (!interrupted) {
 					ThrowingRunnable<IOException> task = writerTasks.take();
 					if (task == CLOSE) break;
 					task.run();
 				}
-				packetWriter.flush();
+				recordWriter.flush();
 			} catch (InterruptedException e) {
-				LOG.info("Interrupted while waiting for a packet to write");
+				LOG.info("Interrupted while waiting for a record to write");
 				Thread.currentThread().interrupt();
 			}
 		} finally {
@@ -157,7 +157,7 @@ class SimplexOutgoingSession implements SyncSession, EventListener {
 		@Override
 		public void run() throws IOException {
 			if (interrupted) return;
-			packetWriter.writeAck(ack);
+			recordWriter.writeAck(ack);
 			LOG.info("Sent ack");
 			dbExecutor.execute(new GenerateAck());
 		}
@@ -174,7 +174,7 @@ class SimplexOutgoingSession implements SyncSession, EventListener {
 				Transaction txn = db.startTransaction(false);
 				try {
 					b = db.generateBatch(txn, contactId,
-							MAX_PACKET_PAYLOAD_LENGTH, maxLatency);
+							MAX_RECORD_PAYLOAD_LENGTH, maxLatency);
 					db.commitTransaction(txn);
 				} finally {
 					db.endTransaction(txn);
@@ -202,7 +202,7 @@ class SimplexOutgoingSession implements SyncSession, EventListener {
 		@Override
 		public void run() throws IOException {
 			if (interrupted) return;
-			for (byte[] raw : batch) packetWriter.writeMessage(raw);
+			for (byte[] raw : batch) recordWriter.writeMessage(raw);
 			LOG.info("Sent batch");
 			dbExecutor.execute(new GenerateBatch());
 		}

bramble-core/src/main/java/org/briarproject/bramble/sync/SyncModule.java

@@ -1,14 +1,16 @@
 package org.briarproject.bramble.sync;
 
+import org.briarproject.bramble.PoliteExecutor;
 import org.briarproject.bramble.api.crypto.CryptoComponent;
+import org.briarproject.bramble.api.crypto.CryptoExecutor;
 import org.briarproject.bramble.api.db.DatabaseComponent;
 import org.briarproject.bramble.api.db.DatabaseExecutor;
 import org.briarproject.bramble.api.event.EventBus;
 import org.briarproject.bramble.api.lifecycle.LifecycleManager;
 import org.briarproject.bramble.api.sync.GroupFactory;
 import org.briarproject.bramble.api.sync.MessageFactory;
-import org.briarproject.bramble.api.sync.PacketReaderFactory;
-import org.briarproject.bramble.api.sync.PacketWriterFactory;
+import org.briarproject.bramble.api.sync.RecordReaderFactory;
+import org.briarproject.bramble.api.sync.RecordWriterFactory;
 import org.briarproject.bramble.api.sync.SyncSessionFactory;
 import org.briarproject.bramble.api.sync.ValidationManager;
 import org.briarproject.bramble.api.system.Clock;
@@ -29,6 +31,16 @@ public class SyncModule {
 		ValidationManager validationManager;
 	}
 
+	/**
+	 * The maximum number of validation tasks to delegate to the crypto
+	 * executor concurrently.
+	 * <p>
+	 * The number of available processors can change during the lifetime of the
+	 * JVM, so this is just a reasonable guess.
+	 */
+	private static final int MAX_CONCURRENT_VALIDATION_TASKS =
+			Math.max(1, Runtime.getRuntime().availableProcessors() - 1);
+
 	@Provides
 	GroupFactory provideGroupFactory(CryptoComponent crypto) {
 		return new GroupFactoryImpl(crypto);
@@ -40,31 +52,42 @@ public class SyncModule {
 	}
 
 	@Provides
-	PacketReaderFactory providePacketReaderFactory(CryptoComponent crypto) {
-		return new PacketReaderFactoryImpl(crypto);
+	RecordReaderFactory provideRecordReaderFactory(
+			RecordReaderFactoryImpl recordReaderFactory) {
+		return recordReaderFactory;
 	}
 
 	@Provides
-	PacketWriterFactory providePacketWriterFactory() {
-		return new PacketWriterFactoryImpl();
+	RecordWriterFactory provideRecordWriterFactory() {
+		return new RecordWriterFactoryImpl();
 	}
 
 	@Provides
 	@Singleton
 	SyncSessionFactory provideSyncSessionFactory(DatabaseComponent db,
 			@DatabaseExecutor Executor dbExecutor, EventBus eventBus,
-			Clock clock, PacketReaderFactory packetReaderFactory,
-			PacketWriterFactory packetWriterFactory) {
+			Clock clock, RecordReaderFactory recordReaderFactory,
+			RecordWriterFactory recordWriterFactory) {
 		return new SyncSessionFactoryImpl(db, dbExecutor, eventBus, clock,
-				packetReaderFactory, packetWriterFactory);
+				recordReaderFactory, recordWriterFactory);
 	}
 
 	@Provides
 	@Singleton
-	ValidationManager getValidationManager(LifecycleManager lifecycleManager,
-			EventBus eventBus, ValidationManagerImpl validationManager) {
+	ValidationManager provideValidationManager(
+			LifecycleManager lifecycleManager, EventBus eventBus,
+			ValidationManagerImpl validationManager) {
 		lifecycleManager.registerService(validationManager);
 		eventBus.addListener(validationManager);
 		return validationManager;
 	}
+
+	@Provides
+	@Singleton
+	@ValidationExecutor
+	Executor provideValidationExecutor(
+			@CryptoExecutor Executor cryptoExecutor) {
+		return new PoliteExecutor("ValidationExecutor", cryptoExecutor,
+				MAX_CONCURRENT_VALIDATION_TASKS);
+	}
 }

bramble-core/src/main/java/org/briarproject/bramble/sync/SyncSessionFactoryImpl.java

@@ -5,10 +5,10 @@ import org.briarproject.bramble.api.db.DatabaseComponent;
 import org.briarproject.bramble.api.db.DatabaseExecutor;
 import org.briarproject.bramble.api.event.EventBus;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.briarproject.bramble.api.sync.PacketReader;
-import org.briarproject.bramble.api.sync.PacketReaderFactory;
-import org.briarproject.bramble.api.sync.PacketWriter;
-import org.briarproject.bramble.api.sync.PacketWriterFactory;
+import org.briarproject.bramble.api.sync.RecordReader;
+import org.briarproject.bramble.api.sync.RecordReaderFactory;
+import org.briarproject.bramble.api.sync.RecordWriter;
+import org.briarproject.bramble.api.sync.RecordWriterFactory;
 import org.briarproject.bramble.api.sync.SyncSession;
 import org.briarproject.bramble.api.sync.SyncSessionFactory;
 import org.briarproject.bramble.api.system.Clock;
@@ -28,41 +28,41 @@ class SyncSessionFactoryImpl implements SyncSessionFactory {
 	private final Executor dbExecutor;
 	private final EventBus eventBus;
 	private final Clock clock;
-	private final PacketReaderFactory packetReaderFactory;
-	private final PacketWriterFactory packetWriterFactory;
+	private final RecordReaderFactory recordReaderFactory;
+	private final RecordWriterFactory recordWriterFactory;
 
 	@Inject
 	SyncSessionFactoryImpl(DatabaseComponent db,
 			@DatabaseExecutor Executor dbExecutor, EventBus eventBus,
-			Clock clock, PacketReaderFactory packetReaderFactory,
-			PacketWriterFactory packetWriterFactory) {
+			Clock clock, RecordReaderFactory recordReaderFactory,
+			RecordWriterFactory recordWriterFactory) {
 		this.db = db;
 		this.dbExecutor = dbExecutor;
 		this.eventBus = eventBus;
 		this.clock = clock;
-		this.packetReaderFactory = packetReaderFactory;
-		this.packetWriterFactory = packetWriterFactory;
+		this.recordReaderFactory = recordReaderFactory;
+		this.recordWriterFactory = recordWriterFactory;
 	}
 
 	@Override
 	public SyncSession createIncomingSession(ContactId c, InputStream in) {
-		PacketReader packetReader = packetReaderFactory.createPacketReader(in);
-		return new IncomingSession(db, dbExecutor, eventBus, c, packetReader);
+		RecordReader recordReader = recordReaderFactory.createRecordReader(in);
+		return new IncomingSession(db, dbExecutor, eventBus, c, recordReader);
 	}
 
 	@Override
 	public SyncSession createSimplexOutgoingSession(ContactId c,
 			int maxLatency, OutputStream out) {
-		PacketWriter packetWriter = packetWriterFactory.createPacketWriter(out);
+		RecordWriter recordWriter = recordWriterFactory.createRecordWriter(out);
 		return new SimplexOutgoingSession(db, dbExecutor, eventBus, c,
-				maxLatency, packetWriter);
+				maxLatency, recordWriter);
 	}
 
 	@Override
 	public SyncSession createDuplexOutgoingSession(ContactId c, int maxLatency,
 			int maxIdleTime, OutputStream out) {
-		PacketWriter packetWriter = packetWriterFactory.createPacketWriter(out);
+		RecordWriter recordWriter = recordWriterFactory.createRecordWriter(out);
 		return new DuplexOutgoingSession(db, dbExecutor, eventBus, clock, c,
-				maxLatency, maxIdleTime, packetWriter);
+				maxLatency, maxIdleTime, recordWriter);
 	}
 }

bramble-core/src/main/java/org/briarproject/bramble/sync/ValidationExecutor.java

@@ -0,0 +1,25 @@
+package org.briarproject.bramble.sync;
+
+import java.lang.annotation.Retention;
+import java.lang.annotation.Target;
+
+import javax.inject.Qualifier;
+
+import static java.lang.annotation.ElementType.FIELD;
+import static java.lang.annotation.ElementType.METHOD;
+import static java.lang.annotation.ElementType.PARAMETER;
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+
+/**
+ * Annotation for injecting the executor for validation tasks. Also used for
+ * annotating methods that should run on the validation executor.
+ * <p>
+ * The contract of this executor is that tasks may be run concurrently, and
+ * submitting a task will never block. Tasks must not run indefinitely. Tasks
+ * submitted during shutdown are discarded.
+ */
+@Qualifier
+@Target({FIELD, METHOD, PARAMETER})
+@Retention(RUNTIME)
+@interface ValidationExecutor {
+}

bramble-core/src/main/java/org/briarproject/bramble/sync/ValidationManagerImpl.java

@@ -1,6 +1,5 @@
 package org.briarproject.bramble.sync;
 
-import org.briarproject.bramble.api.crypto.CryptoExecutor;
 import org.briarproject.bramble.api.db.DatabaseComponent;
 import org.briarproject.bramble.api.db.DatabaseExecutor;
 import org.briarproject.bramble.api.db.DbException;
@@ -50,8 +49,7 @@ class ValidationManagerImpl implements ValidationManager, Service,
 			Logger.getLogger(ValidationManagerImpl.class.getName());
 
 	private final DatabaseComponent db;
-	private final Executor dbExecutor;
-	private final Executor cryptoExecutor;
+	private final Executor dbExecutor, validationExecutor;
 	private final MessageFactory messageFactory;
 	private final Map<ClientId, MessageValidator> validators;
 	private final Map<ClientId, IncomingMessageHook> hooks;
@@ -60,11 +58,11 @@ class ValidationManagerImpl implements ValidationManager, Service,
 	@Inject
 	ValidationManagerImpl(DatabaseComponent db,
 			@DatabaseExecutor Executor dbExecutor,
-			@CryptoExecutor Executor cryptoExecutor,
+			@ValidationExecutor Executor validationExecutor,
 			MessageFactory messageFactory) {
 		this.db = db;
 		this.dbExecutor = dbExecutor;
-		this.cryptoExecutor = cryptoExecutor;
+		this.validationExecutor = validationExecutor;
 		this.messageFactory = messageFactory;
 		validators = new ConcurrentHashMap<ClientId, MessageValidator>();
 		hooks = new ConcurrentHashMap<ClientId, IncomingMessageHook>();
@@ -104,6 +102,7 @@ class ValidationManagerImpl implements ValidationManager, Service,
 		});
 	}
 
+	@DatabaseExecutor
 	private void validateOutstandingMessages(ClientId c) {
 		try {
 			Queue<MessageId> unvalidated = new LinkedList<MessageId>();
@@ -130,6 +129,7 @@ class ValidationManagerImpl implements ValidationManager, Service,
 		});
 	}
 
+	@DatabaseExecutor
 	private void validateNextMessage(Queue<MessageId> unvalidated) {
 		try {
 			Message m;
@@ -167,6 +167,7 @@ class ValidationManagerImpl implements ValidationManager, Service,
 		});
 	}
 
+	@DatabaseExecutor
 	private void deliverOutstandingMessages(ClientId c) {
 		try {
 			Queue<MessageId> pending = new LinkedList<MessageId>();
@@ -194,6 +195,7 @@ class ValidationManagerImpl implements ValidationManager, Service,
 		});
 	}
 
+	@DatabaseExecutor
 	private void deliverNextPendingMessage(Queue<MessageId> pending) {
 		try {
 			boolean anyInvalid = false, allDelivered = true;
@@ -220,8 +222,8 @@ class ValidationManagerImpl implements ValidationManager, Service,
 						Message m = messageFactory.createMessage(id, raw);
 						Group g = db.getGroup(txn, m.getGroupId());
 						ClientId c = g.getClientId();
-						Metadata meta = db.getMessageMetadataForValidator(txn,
-								id);
+						Metadata meta =
+								db.getMessageMetadataForValidator(txn, id);
 						DeliveryResult result = deliverMessage(txn, m, c, meta);
 						if (result.valid) {
 							pending.addAll(getPendingDependents(txn, id));
@@ -240,8 +242,8 @@ class ValidationManagerImpl implements ValidationManager, Service,
 				db.endTransaction(txn);
 			}
 			if (invalidate != null) invalidateNextMessageAsync(invalidate);
-			deliverNextPendingMessageAsync(pending);
 			if (toShare != null) shareNextMessageAsync(toShare);
+			deliverNextPendingMessageAsync(pending);
 		} catch (NoSuchMessageException e) {
 			LOG.info("Message removed before delivery");
 			deliverNextPendingMessageAsync(pending);
@@ -249,13 +251,12 @@ class ValidationManagerImpl implements ValidationManager, Service,
 			LOG.info("Group removed before delivery");
 			deliverNextPendingMessageAsync(pending);
 		} catch (DbException e) {
-			if (LOG.isLoggable(WARNING))
-				LOG.log(WARNING, e.toString(), e);
+			if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
 		}
 	}
 
 	private void validateMessageAsync(final Message m, final Group g) {
-		cryptoExecutor.execute(new Runnable() {
+		validationExecutor.execute(new Runnable() {
 			@Override
 			public void run() {
 				validateMessage(m, g);
@@ -263,10 +264,12 @@ class ValidationManagerImpl implements ValidationManager, Service,
 		});
 	}
 
+	@ValidationExecutor
 	private void validateMessage(Message m, Group g) {
 		MessageValidator v = validators.get(g.getClientId());
 		if (v == null) {
-			LOG.warning("No validator");
+			if (LOG.isLoggable(WARNING))
+				LOG.warning("No validator for " + g.getClientId().getString());
 		} else {
 			try {
 				MessageContext context = v.validateMessage(m, g);
@@ -291,6 +294,7 @@ class ValidationManagerImpl implements ValidationManager, Service,
 		});
 	}
 
+	@DatabaseExecutor
 	private void storeMessageContext(Message m, ClientId c,
 			MessageContext context) {
 		try {
@@ -353,6 +357,7 @@ class ValidationManagerImpl implements ValidationManager, Service,
 		}
 	}
 
+	@DatabaseExecutor
 	private DeliveryResult deliverMessage(Transaction txn, Message m,
 			ClientId c, Metadata meta) throws DbException {
 		// Deliver the message to the client if it's registered a hook
@@ -362,10 +367,7 @@ class ValidationManagerImpl implements ValidationManager, Service,
 			try {
 				shareMsg = hook.incomingMessage(txn, m, meta);
 			} catch (InvalidMessageException e) {
-				// message is invalid, mark it as such and delete it
-				db.setMessageState(txn, m.getId(), INVALID);
-				db.deleteMessageMetadata(txn, m.getId());
-				db.deleteMessage(txn, m.getId());
+				invalidateMessage(txn, m.getId());
 				return new DeliveryResult(false, false);
 			}
 		}
@@ -373,6 +375,7 @@ class ValidationManagerImpl implements ValidationManager, Service,
 		return new DeliveryResult(true, shareMsg);
 	}
 
+	@DatabaseExecutor
 	private Queue<MessageId> getPendingDependents(Transaction txn, MessageId m)
 			throws DbException {
 		Queue<MessageId> pending = new LinkedList<MessageId>();
@@ -392,6 +395,7 @@ class ValidationManagerImpl implements ValidationManager, Service,
 		});
 	}
 
+	@DatabaseExecutor
 	private void shareOutstandingMessages(ClientId c) {
 		try {
 			Queue<MessageId> toShare = new LinkedList<MessageId>();
@@ -424,6 +428,7 @@ class ValidationManagerImpl implements ValidationManager, Service,
 		});
 	}
 
+	@DatabaseExecutor
 	private void shareNextMessage(Queue<MessageId> toShare) {
 		try {
 			Transaction txn = db.startTransaction(false);
@@ -457,6 +462,7 @@ class ValidationManagerImpl implements ValidationManager, Service,
 		});
 	}
 
+	@DatabaseExecutor
 	private void invalidateNextMessage(Queue<MessageId> invalidate) {
 		try {
 			Transaction txn = db.startTransaction(false);
@@ -479,6 +485,7 @@ class ValidationManagerImpl implements ValidationManager, Service,
 		}
 	}
 
+	@DatabaseExecutor
 	private void invalidateMessage(Transaction txn, MessageId m)
 			throws DbException {
 		db.setMessageState(txn, m, INVALID);
@@ -486,6 +493,7 @@ class ValidationManagerImpl implements ValidationManager, Service,
 		db.deleteMessageMetadata(txn, m);
 	}
 
+	@DatabaseExecutor
 	private Queue<MessageId> getDependentsToInvalidate(Transaction txn,
 			MessageId m) throws DbException {
 		Queue<MessageId> invalidate = new LinkedList<MessageId>();
@@ -515,6 +523,7 @@ class ValidationManagerImpl implements ValidationManager, Service,
 		});
 	}
 
+	@DatabaseExecutor
 	private void loadGroupAndValidate(final Message m) {
 		try {
 			Group g;
@@ -534,6 +543,7 @@ class ValidationManagerImpl implements ValidationManager, Service,
 	}
 
 	private static class DeliveryResult {
+
 		private final boolean valid, share;
 
 		private DeliveryResult(boolean valid, boolean share) {

bramble-core/src/main/java/org/briarproject/bramble/system/AbstractSecureRandomProvider.java

@@ -0,0 +1,42 @@
+package org.briarproject.bramble.system;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.system.SecureRandomProvider;
+
+import java.io.DataOutputStream;
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.NetworkInterface;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map.Entry;
+import java.util.Properties;
+
+import javax.annotation.concurrent.Immutable;
+
+@Immutable
+@NotNullByDefault
+abstract class AbstractSecureRandomProvider implements SecureRandomProvider {
+
+	// Contribute whatever slightly unpredictable info we have to the pool
+	protected void writeToEntropyPool(DataOutputStream out) throws IOException {
+		out.writeLong(System.currentTimeMillis());
+		out.writeLong(System.nanoTime());
+		out.writeLong(Runtime.getRuntime().freeMemory());
+		List<NetworkInterface> ifaces =
+				Collections.list(NetworkInterface.getNetworkInterfaces());
+		for (NetworkInterface i : ifaces) {
+			List<InetAddress> addrs = Collections.list(i.getInetAddresses());
+			for (InetAddress a : addrs) out.write(a.getAddress());
+			byte[] hardware = i.getHardwareAddress();
+			if (hardware != null) out.write(hardware);
+		}
+		for (Entry<String, String> e : System.getenv().entrySet()) {
+			out.writeUTF(e.getKey());
+			out.writeUTF(e.getValue());
+		}
+		Properties properties = System.getProperties();
+		for (String key : properties.stringPropertyNames())
+			out.writeUTF(properties.getProperty(key));
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/system/LinuxSecureRandomProvider.java

@@ -0,0 +1,69 @@
+package org.briarproject.bramble.system;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+import java.io.DataOutputStream;
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.security.Provider;
+import java.util.concurrent.atomic.AtomicBoolean;
+import java.util.logging.Logger;
+
+import javax.annotation.concurrent.Immutable;
+
+import static java.util.logging.Level.WARNING;
+
+@Immutable
+@NotNullByDefault
+class LinuxSecureRandomProvider extends AbstractSecureRandomProvider {
+
+	private static final Logger LOG =
+			Logger.getLogger(LinuxSecureRandomProvider.class.getName());
+
+	private static final File RANDOM_DEVICE = new File("/dev/urandom");
+
+	private final AtomicBoolean seeded = new AtomicBoolean(false);
+	private final File outputDevice;
+
+	LinuxSecureRandomProvider() {
+		this(RANDOM_DEVICE);
+	}
+
+	LinuxSecureRandomProvider(File outputDevice) {
+		this.outputDevice = outputDevice;
+	}
+
+	@Override
+	public Provider getProvider() {
+		if (!seeded.getAndSet(true)) writeSeed();
+		return new LinuxProvider();
+	}
+
+	protected void writeSeed() {
+		try {
+			DataOutputStream out = new DataOutputStream(
+					new FileOutputStream(outputDevice));
+			writeToEntropyPool(out);
+			out.flush();
+			out.close();
+		} catch (IOException e) {
+			// On some devices /dev/urandom isn't writable - this isn't fatal
+			if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
+		}
+	}
+
+	// Based on https://android-developers.googleblog.com/2013/08/some-securerandom-thoughts.html
+	private static class LinuxProvider extends Provider {
+
+		private LinuxProvider() {
+			super("LinuxPRNG", 1.1, "A Linux-specific PRNG using /dev/urandom");
+			// Although /dev/urandom is not a SHA-1 PRNG, some callers
+			// explicitly request a SHA1PRNG SecureRandom and we need to
+			// prevent them from getting the default implementation whose
+			// output may have low entropy.
+			put("SecureRandom.SHA1PRNG", LinuxSecureRandomSpi.class.getName());
+			put("SecureRandom.SHA1PRNG ImplementedIn", "Software");
+		}
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/system/LinuxSecureRandomSpi.java

@@ -0,0 +1,64 @@
+package org.briarproject.bramble.system;
+
+import java.io.DataInputStream;
+import java.io.DataOutputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.security.SecureRandomSpi;
+import java.util.logging.Logger;
+
+import static java.util.logging.Level.WARNING;
+
+public class LinuxSecureRandomSpi extends SecureRandomSpi {
+
+	private static final Logger LOG =
+			Logger.getLogger(LinuxSecureRandomSpi.class.getName());
+
+	private static final File RANDOM_DEVICE = new File("/dev/urandom");
+
+	private final File inputDevice, outputDevice;
+
+	public LinuxSecureRandomSpi() {
+		this(RANDOM_DEVICE, RANDOM_DEVICE);
+	}
+
+	LinuxSecureRandomSpi(File inputDevice, File outputDevice) {
+		this.inputDevice = inputDevice;
+		this.outputDevice = outputDevice;
+	}
+
+	@Override
+	protected void engineSetSeed(byte[] seed) {
+		try {
+			DataOutputStream out = new DataOutputStream(
+					new FileOutputStream(outputDevice));
+			out.write(seed);
+			out.flush();
+			out.close();
+		} catch (IOException e) {
+			// On some devices /dev/urandom isn't writable - this isn't fatal
+			if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
+		}
+	}
+
+	@Override
+	protected void engineNextBytes(byte[] bytes) {
+		try {
+			DataInputStream in = new DataInputStream(
+					new FileInputStream(inputDevice));
+			in.readFully(bytes);
+			in.close();
+		} catch (IOException e) {
+			throw new RuntimeException(e);
+		}
+	}
+
+	@Override
+	protected byte[] engineGenerateSeed(int len) {
+		byte[] seed = new byte[len];
+		engineNextBytes(seed);
+		return seed;
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/system/LinuxSeedProvider.java

@@ -1,75 +0,0 @@
-package org.briarproject.bramble.system;
-
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.briarproject.bramble.api.system.SeedProvider;
-
-import java.io.DataInputStream;
-import java.io.DataOutputStream;
-import java.io.FileInputStream;
-import java.io.FileOutputStream;
-import java.io.IOException;
-import java.net.InetAddress;
-import java.net.NetworkInterface;
-import java.util.Collections;
-import java.util.List;
-import java.util.logging.Logger;
-
-import javax.annotation.concurrent.Immutable;
-
-import static java.util.logging.Level.WARNING;
-
-@Immutable
-@NotNullByDefault
-class LinuxSeedProvider implements SeedProvider {
-
-	private static final Logger LOG =
-			Logger.getLogger(LinuxSeedProvider.class.getName());
-
-	private final String outputFile, inputFile;
-
-	LinuxSeedProvider() {
-		this("/dev/urandom", "/dev/urandom");
-	}
-
-	LinuxSeedProvider(String outputFile, String inputFile) {
-		this.outputFile = outputFile;
-		this.inputFile = inputFile;
-	}
-
-	@Override
-	public byte[] getSeed() {
-		byte[] seed = new byte[SEED_BYTES];
-		// Contribute whatever slightly unpredictable info we have to the pool
-		try {
-			DataOutputStream out = new DataOutputStream(
-					new FileOutputStream(outputFile));
-			writeToEntropyPool(out);
-			out.flush();
-			out.close();
-		} catch (IOException e) {
-			// On some devices /dev/urandom isn't writable - this isn't fatal
-			if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
-		}
-		// Read the seed from the pool
-		try {
-			DataInputStream in = new DataInputStream(
-					new FileInputStream(inputFile));
-			in.readFully(seed);
-			in.close();
-		} catch (IOException e) {
-			throw new RuntimeException(e);
-		}
-		return seed;
-	}
-
-	void writeToEntropyPool(DataOutputStream out) throws IOException {
-		out.writeLong(System.currentTimeMillis());
-		out.writeLong(System.nanoTime());
-		List<NetworkInterface> ifaces =
-				Collections.list(NetworkInterface.getNetworkInterfaces());
-		for (NetworkInterface i : ifaces) {
-			List<InetAddress> addrs = Collections.list(i.getInetAddresses());
-			for (InetAddress a : addrs) out.write(a.getAddress());
-		}
-	}
-}

bramble-core/src/test/java/org/briarproject/bramble/PoliteExecutorTest.java

@@ -0,0 +1,142 @@
+package org.briarproject.bramble;
+
+import org.briarproject.bramble.test.BrambleTestCase;
+import org.junit.Test;
+
+import java.util.Arrays;
+import java.util.List;
+import java.util.Vector;
+import java.util.concurrent.CountDownLatch;
+import java.util.concurrent.Executor;
+import java.util.concurrent.Executors;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.fail;
+
+public class PoliteExecutorTest extends BrambleTestCase {
+
+	private static final String TAG = "Test";
+	private static final int TASKS = 10;
+
+	@Test
+	public void testTasksAreDelegatedInOrderOfSubmission() throws Exception {
+		// Delegate to a single-threaded executor
+		Executor delegate = Executors.newSingleThreadExecutor();
+		// Allow all the tasks to be delegated straight away
+		PoliteExecutor polite = new PoliteExecutor(TAG, delegate, TASKS * 2);
+		final List<Integer> list = new Vector<Integer>();
+		final CountDownLatch latch = new CountDownLatch(TASKS);
+		for (int i = 0; i < TASKS; i++) {
+			final int result = i;
+			polite.execute(new Runnable() {
+				@Override
+				public void run() {
+					list.add(result);
+					latch.countDown();
+				}
+			});
+		}
+		// Wait for all the tasks to finish
+		latch.await();
+		// The tasks should have run in the order they were submitted
+		assertEquals(ascendingOrder(), list);
+	}
+
+	@Test
+	public void testQueuedTasksAreDelegatedInOrderOfSubmission()
+			throws Exception {
+		// Delegate to a single-threaded executor
+		Executor delegate = Executors.newSingleThreadExecutor();
+		// Allow two tasks to be delegated at a time
+		PoliteExecutor polite = new PoliteExecutor(TAG, delegate, 2);
+		final List<Integer> list = new Vector<Integer>();
+		final CountDownLatch latch = new CountDownLatch(TASKS);
+		for (int i = 0; i < TASKS; i++) {
+			final int result = i;
+			polite.execute(new Runnable() {
+				@Override
+				public void run() {
+					list.add(result);
+					latch.countDown();
+				}
+			});
+		}
+		// Wait for all the tasks to finish
+		latch.await();
+		// The tasks should have run in the order they were submitted
+		assertEquals(ascendingOrder(), list);
+	}
+
+	@Test
+	public void testTasksRunInParallelOnDelegate() throws Exception {
+		// Delegate to a multi-threaded executor
+		Executor delegate = Executors.newCachedThreadPool();
+		// Allow all the tasks to be delegated straight away
+		PoliteExecutor polite = new PoliteExecutor(TAG, delegate, TASKS * 2);
+		final List<Integer> list = new Vector<Integer>();
+		final CountDownLatch[] latches = new CountDownLatch[TASKS];
+		for (int i = 0; i < TASKS; i++) latches[i] = new CountDownLatch(1);
+		for (int i = 0; i < TASKS; i++) {
+			final int result = i;
+			polite.execute(new Runnable() {
+				@Override
+				public void run() {
+					try {
+						// Each task waits for the next task, if any, to finish
+						if (result < TASKS - 1) latches[result + 1].await();
+						list.add(result);
+					} catch (InterruptedException e) {
+						fail();
+					}
+					latches[result].countDown();
+				}
+			});
+		}
+		// Wait for all the tasks to finish
+		for (int i = 0; i < TASKS; i++) latches[i].await();
+		// The tasks should have finished in reverse order
+		assertEquals(descendingOrder(), list);
+	}
+
+	@Test
+	public void testTasksDoNotRunInParallelOnDelegate() throws Exception {
+		// Delegate to a multi-threaded executor
+		Executor delegate = Executors.newCachedThreadPool();
+		// Allow one task to be delegated at a time
+		PoliteExecutor polite = new PoliteExecutor(TAG, delegate, 1);
+		final List<Integer> list = new Vector<Integer>();
+		final CountDownLatch latch = new CountDownLatch(TASKS);
+		for (int i = 0; i < TASKS; i++) {
+			final int result = i;
+			polite.execute(new Runnable() {
+				@Override
+				public void run() {
+					try {
+						// Each task runs faster than the previous task
+						Thread.sleep(TASKS - result);
+						list.add(result);
+					} catch (InterruptedException e) {
+						fail();
+					}
+					latch.countDown();
+				}
+			});
+		}
+		// Wait for all the tasks to finish
+		latch.await();
+		// The tasks should have finished in the order they were submitted
+		assertEquals(ascendingOrder(), list);
+	}
+
+	private List<Integer> ascendingOrder() {
+		Integer[] array = new Integer[TASKS];
+		for (int i = 0; i < TASKS; i++) array[i] = i;
+		return Arrays.asList(array);
+	}
+
+	private List<Integer> descendingOrder() {
+		Integer[] array = new Integer[TASKS];
+		for (int i = 0; i < TASKS; i++) array[i] = TASKS - 1 - i;
+		return Arrays.asList(array);
+	}
+}

bramble-core/src/test/java/org/briarproject/bramble/crypto/EllipticCurveMultiplicationTest.java

@@ -45,7 +45,7 @@ public class EllipticCurveMultiplicationTest extends BrambleTestCase {
 		byte[] seed = new byte[32];
 		new SecureRandom().nextBytes(seed);
 		// Montgomery ladder multiplier
-		SecureRandom random = new FortunaSecureRandom(seed);
+		SecureRandom random = new PseudoSecureRandom(seed);
 		ECKeyGenerationParameters montgomeryGeneratorParams =
 				new ECKeyGenerationParameters(PARAMETERS, random);
 		ECKeyPairGenerator montgomeryGenerator = new ECKeyPairGenerator();
@@ -63,7 +63,7 @@ public class EllipticCurveMultiplicationTest extends BrambleTestCase {
 		ECPublicKeyParameters montgomeryPublic2 =
 				(ECPublicKeyParameters) montgomeryKeyPair2.getPublic();
 		// Default multiplier
-		random = new FortunaSecureRandom(seed);
+		random = new PseudoSecureRandom(seed);
 		ECKeyGenerationParameters defaultGeneratorParams =
 				new ECKeyGenerationParameters(defaultParameters, random);
 		ECKeyPairGenerator defaultGenerator = new ECKeyPairGenerator();

bramble-core/src/test/java/org/briarproject/bramble/crypto/FortunaGeneratorTest.java

@@ -1,99 +0,0 @@
-package org.briarproject.bramble.crypto;
-
-import org.briarproject.bramble.test.BrambleTestCase;
-import org.junit.Test;
-import org.spongycastle.crypto.BlockCipher;
-import org.spongycastle.crypto.engines.AESLightEngine;
-import org.spongycastle.crypto.params.KeyParameter;
-
-import static org.junit.Assert.assertArrayEquals;
-import static org.junit.Assert.assertEquals;
-
-public class FortunaGeneratorTest extends BrambleTestCase {
-
-	@Test
-	public void testCounterInitialisedToOne() {
-		FortunaGenerator f = new FortunaGenerator(new byte[32]);
-		// The counter is little-endian
-		byte[] expected = new byte[16];
-		expected[0] = 1;
-		assertArrayEquals(expected, f.getCounter());
-	}
-
-	@Test
-	public void testIncrementCounter() {
-		FortunaGenerator f = new FortunaGenerator(new byte[32]);
-		// Increment the counter until it reaches 255
-		for (int i = 1; i < 255; i++) f.incrementCounter();
-		byte[] expected = new byte[16];
-		expected[0] = (byte) 255;
-		assertArrayEquals(expected, f.getCounter());
-		// Increment the counter again - it should carry into the next byte
-		f.incrementCounter();
-		expected[0] = 0;
-		expected[1] = 1;
-		assertArrayEquals(expected, f.getCounter());
-		// Increment the counter until it carries into the next byte
-		for (int i = 256; i < 65536; i++) f.incrementCounter();
-		expected[0] = 0;
-		expected[1] = 0;
-		expected[2] = 1;
-		assertArrayEquals(expected, f.getCounter());
-	}
-
-	@Test
-	public void testNextBytes() {
-		// Generate several outputs with the same seed - they should all match
-		byte[] seed = new byte[32];
-		byte[] out1 = new byte[48];
-		new FortunaGenerator(seed).nextBytes(out1, 0, 48);
-		// One byte longer than a block, with an offset of one
-		byte[] out2 = new byte[49];
-		new FortunaGenerator(seed).nextBytes(out2, 1, 48);
-		for (int i = 0; i < 48; i++) assertEquals(out1[i], out2[i + 1]);
-		// One byte shorter than a block
-		byte[] out3 = new byte[47];
-		new FortunaGenerator(seed).nextBytes(out3, 0, 47);
-		for (int i = 0; i < 47; i++) assertEquals(out1[i], out3[i]);
-		// Less than a block, with an offset greater than a block
-		byte[] out4 = new byte[32];
-		new FortunaGenerator(seed).nextBytes(out4, 17, 15);
-		for (int i = 0; i < 15; i++) assertEquals(out1[i], out4[i + 17]);
-	}
-
-	@Test
-	public void testRekeying() {
-		byte[] seed = new byte[32];
-		FortunaGenerator f = new FortunaGenerator(seed);
-		// Generate three blocks of output
-		byte[] out1 = new byte[48];
-		f.nextBytes(out1, 0, 48);
-		// Create another generator with the same seed and generate one block
-		f = new FortunaGenerator(seed);
-		byte[] out2 = new byte[16];
-		f.nextBytes(out2, 0, 16);
-		// The generator should have rekeyed with the 2nd and 3rd blocks
-		byte[] expectedKey = new byte[32];
-		System.arraycopy(out1, 16, expectedKey, 0, 32);
-		// The generator's counter should have been incremented 3 times
-		byte[] expectedCounter = new byte[16];
-		expectedCounter[0] = 4;
-		// The next expected output block is the counter encrypted with the key
-		byte[] expectedOutput = new byte[16];
-		BlockCipher c = new AESLightEngine();
-		c.init(true, new KeyParameter(expectedKey));
-		c.processBlock(expectedCounter, 0, expectedOutput, 0);
-		// Check that the generator produces the expected output block
-		byte[] out3 = new byte[16];
-		f.nextBytes(out3, 0, 16);
-		assertArrayEquals(expectedOutput, out3);
-	}
-
-	@Test
-	public void testMaximumRequestLength() {
-		int expectedMax = 1024 * 1024;
-		byte[] output = new byte[expectedMax + 123];
-		FortunaGenerator f = new FortunaGenerator(new byte[32]);
-		assertEquals(expectedMax, f.nextBytes(output, 0, output.length));
-	}
-}

bramble-core/src/test/java/org/briarproject/bramble/crypto/FortunaSecureRandomTest.java

@@ -1,67 +0,0 @@
-package org.briarproject.bramble.crypto;
-
-import org.briarproject.bramble.test.BrambleTestCase;
-import org.junit.Test;
-import org.spongycastle.crypto.BlockCipher;
-import org.spongycastle.crypto.digests.SHA256Digest;
-import org.spongycastle.crypto.engines.AESLightEngine;
-import org.spongycastle.crypto.params.KeyParameter;
-
-import static org.briarproject.bramble.crypto.FortunaSecureRandom.SELF_TEST_VECTOR_1;
-import static org.briarproject.bramble.crypto.FortunaSecureRandom.SELF_TEST_VECTOR_2;
-import static org.briarproject.bramble.crypto.FortunaSecureRandom.SELF_TEST_VECTOR_3;
-import static org.junit.Assert.assertArrayEquals;
-import static org.junit.Assert.assertTrue;
-
-public class FortunaSecureRandomTest extends BrambleTestCase {
-
-	@Test
-	public void testClassPassesSelfTest() {
-		assertTrue(FortunaSecureRandom.selfTest());
-	}
-
-	@Test
-	public void testSelfTestVectorsAreReproducible() {
-		byte[] key = new byte[32], seed = new byte[32];
-		byte[] counter = new byte[16], output = new byte[16];
-		byte[] newKey = new byte[32];
-		// Calculate the initial key
-		DoubleDigest digest = new DoubleDigest(new SHA256Digest());
-		digest.update(key);
-		digest.update(seed);
-		digest.digest(key, 0, 32);
-		// Calculate the first output block and the new key
-		BlockCipher c = new AESLightEngine();
-		c.init(true, new KeyParameter(key));
-		counter[0] = 1;
-		c.processBlock(counter, 0, output, 0);
-		counter[0] = 2;
-		c.processBlock(counter, 0, newKey, 0);
-		counter[0] = 3;
-		c.processBlock(counter, 0, newKey, 16);
-		System.arraycopy(newKey, 0, key, 0, 32);
-		// The first self-test vector should match the first output block
-		assertArrayEquals(SELF_TEST_VECTOR_1, output);
-		// Calculate the second output block and the new key before reseeding
-		c.init(true, new KeyParameter(key));
-		counter[0] = 4;
-		c.processBlock(counter, 0, output, 0);
-		counter[0] = 5;
-		c.processBlock(counter, 0, newKey, 0);
-		counter[0] = 6;
-		c.processBlock(counter, 0, newKey, 16);
-		System.arraycopy(newKey, 0, key, 0, 32);
-		// The second self-test vector should match the second output block
-		assertArrayEquals(SELF_TEST_VECTOR_2, output);
-		// Calculate the new key after reseeding
-		digest.update(key);
-		digest.update(seed);
-		digest.digest(key, 0, 32);
-		// Calculate the third output block
-		c.init(true, new KeyParameter(key));
-		counter[0] = 8;
-		c.processBlock(counter, 0, output, 0);
-		// The third self-test vector should match the third output block
-		assertArrayEquals(SELF_TEST_VECTOR_3, output);
-	}
-}

bramble-core/src/test/java/org/briarproject/bramble/crypto/HashTest.java

@@ -2,7 +2,7 @@ package org.briarproject.bramble.crypto;
 
 import org.briarproject.bramble.api.crypto.CryptoComponent;
 import org.briarproject.bramble.test.BrambleTestCase;
-import org.briarproject.bramble.test.TestSeedProvider;
+import org.briarproject.bramble.test.TestSecureRandomProvider;
 import org.briarproject.bramble.test.TestUtils;
 import org.junit.Test;
 
@@ -21,7 +21,7 @@ public class HashTest extends BrambleTestCase {
 	private final byte[] inputBytes2 = new byte[0];
 
 	public HashTest() {
-		crypto = new CryptoComponentImpl(new TestSeedProvider());
+		crypto = new CryptoComponentImpl(new TestSecureRandomProvider());
 	}
 
 	@Test

bramble-core/src/test/java/org/briarproject/bramble/crypto/KeyAgreementTest.java

@@ -3,9 +3,9 @@ package org.briarproject.bramble.crypto;
 import org.briarproject.bramble.api.crypto.CryptoComponent;
 import org.briarproject.bramble.api.crypto.KeyPair;
 import org.briarproject.bramble.api.crypto.SecretKey;
-import org.briarproject.bramble.api.system.SeedProvider;
+import org.briarproject.bramble.api.system.SecureRandomProvider;
 import org.briarproject.bramble.test.BrambleTestCase;
-import org.briarproject.bramble.test.TestSeedProvider;
+import org.briarproject.bramble.test.TestSecureRandomProvider;
 import org.junit.Test;
 
 import static org.junit.Assert.assertArrayEquals;
@@ -14,8 +14,9 @@ public class KeyAgreementTest extends BrambleTestCase {
 
 	@Test
 	public void testDeriveMasterSecret() throws Exception {
-		SeedProvider seedProvider = new TestSeedProvider();
-		CryptoComponent crypto = new CryptoComponentImpl(seedProvider);
+		SecureRandomProvider
+				secureRandomProvider = new TestSecureRandomProvider();
+		CryptoComponent crypto = new CryptoComponentImpl(secureRandomProvider);
 		KeyPair aPair = crypto.generateAgreementKeyPair();
 		byte[] aPub = aPair.getPublic().getEncoded();
 		KeyPair bPair = crypto.generateAgreementKeyPair();
@@ -27,8 +28,9 @@ public class KeyAgreementTest extends BrambleTestCase {
 
 	@Test
 	public void testDeriveSharedSecret() throws Exception {
-		SeedProvider seedProvider = new TestSeedProvider();
-		CryptoComponent crypto = new CryptoComponentImpl(seedProvider);
+		SecureRandomProvider
+				secureRandomProvider = new TestSecureRandomProvider();
+		CryptoComponent crypto = new CryptoComponentImpl(secureRandomProvider);
 		KeyPair aPair = crypto.generateAgreementKeyPair();
 		byte[] aPub = aPair.getPublic().getEncoded();
 		KeyPair bPair = crypto.generateAgreementKeyPair();

bramble-core/src/test/java/org/briarproject/bramble/crypto/KeyDerivationTest.java

@@ -1,20 +1,24 @@
 package org.briarproject.bramble.crypto;
 
+import org.briarproject.bramble.api.Bytes;
 import org.briarproject.bramble.api.crypto.CryptoComponent;
 import org.briarproject.bramble.api.crypto.SecretKey;
 import org.briarproject.bramble.api.plugin.TransportId;
 import org.briarproject.bramble.api.transport.TransportKeys;
 import org.briarproject.bramble.test.BrambleTestCase;
-import org.briarproject.bramble.test.TestSeedProvider;
+import org.briarproject.bramble.test.TestSecureRandomProvider;
 import org.briarproject.bramble.test.TestUtils;
 import org.junit.Test;
 
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.HashSet;
 import java.util.List;
+import java.util.Set;
 
 import static org.junit.Assert.assertArrayEquals;
 import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
 
 public class KeyDerivationTest extends BrambleTestCase {
 
@@ -23,7 +27,7 @@ public class KeyDerivationTest extends BrambleTestCase {
 	private final SecretKey master;
 
 	public KeyDerivationTest() {
-		crypto = new CryptoComponentImpl(new TestSeedProvider());
+		crypto = new CryptoComponentImpl(new TestSecureRandomProvider());
 		master = TestUtils.getSecretKey();
 	}
 
@@ -156,11 +160,7 @@ public class KeyDerivationTest extends BrambleTestCase {
 	}
 
 	private void assertAllDifferent(List<SecretKey> keys) {
-		for (SecretKey ki : keys) {
-			for (SecretKey kj : keys) {
-				if (ki == kj) assertArrayEquals(ki.getBytes(), kj.getBytes());
-				else assertFalse(Arrays.equals(ki.getBytes(), kj.getBytes()));
-			}
-		}
+		Set<Bytes> set = new HashSet<Bytes>();
+		for (SecretKey k : keys) assertTrue(set.add(new Bytes(k.getBytes())));
 	}
 }

bramble-core/src/test/java/org/briarproject/bramble/crypto/KeyEncodingAndParsingTest.java

@@ -5,7 +5,7 @@ import org.briarproject.bramble.api.crypto.KeyParser;
 import org.briarproject.bramble.api.crypto.PrivateKey;
 import org.briarproject.bramble.api.crypto.PublicKey;
 import org.briarproject.bramble.test.BrambleTestCase;
-import org.briarproject.bramble.test.TestSeedProvider;
+import org.briarproject.bramble.test.TestSecureRandomProvider;
 import org.briarproject.bramble.test.TestUtils;
 import org.junit.Test;
 
@@ -19,7 +19,7 @@ import static org.junit.Assert.assertTrue;
 public class KeyEncodingAndParsingTest extends BrambleTestCase {
 
 	private final CryptoComponentImpl crypto =
-			new CryptoComponentImpl(new TestSeedProvider());
+			new CryptoComponentImpl(new TestSecureRandomProvider());
 
 	@Test
 	public void testAgreementPublicKeyLength() throws Exception {

bramble-core/src/test/java/org/briarproject/bramble/crypto/MacTest.java

@@ -3,7 +3,7 @@ package org.briarproject.bramble.crypto;
 import org.briarproject.bramble.api.crypto.CryptoComponent;
 import org.briarproject.bramble.api.crypto.SecretKey;
 import org.briarproject.bramble.test.BrambleTestCase;
-import org.briarproject.bramble.test.TestSeedProvider;
+import org.briarproject.bramble.test.TestSecureRandomProvider;
 import org.briarproject.bramble.test.TestUtils;
 import org.junit.Test;
 
@@ -22,7 +22,7 @@ public class MacTest extends BrambleTestCase {
 	private final byte[] inputBytes2 = new byte[0];
 
 	public MacTest() {
-		crypto = new CryptoComponentImpl(new TestSeedProvider());
+		crypto = new CryptoComponentImpl(new TestSecureRandomProvider());
 	}
 
 	@Test

bramble-core/src/test/java/org/briarproject/bramble/crypto/PasswordBasedKdfTest.java

@@ -1,7 +1,7 @@
 package org.briarproject.bramble.crypto;
 
 import org.briarproject.bramble.test.BrambleTestCase;
-import org.briarproject.bramble.test.TestSeedProvider;
+import org.briarproject.bramble.test.TestSecureRandomProvider;
 import org.briarproject.bramble.test.TestUtils;
 import org.junit.Test;
 
@@ -15,7 +15,7 @@ import static org.junit.Assert.assertTrue;
 public class PasswordBasedKdfTest extends BrambleTestCase {
 
 	private final CryptoComponentImpl crypto =
-			new CryptoComponentImpl(new TestSeedProvider());
+			new CryptoComponentImpl(new TestSecureRandomProvider());
 
 	@Test
 	public void testEncryptionAndDecryption() {

bramble-core/src/test/java/org/briarproject/bramble/crypto/PasswordStrengthEstimatorImplTest.java

@@ -4,6 +4,7 @@ import org.briarproject.bramble.api.crypto.PasswordStrengthEstimator;
 import org.briarproject.bramble.test.BrambleTestCase;
 import org.junit.Test;
 
+import static org.briarproject.bramble.api.crypto.PasswordStrengthEstimator.NONE;
 import static org.briarproject.bramble.api.crypto.PasswordStrengthEstimator.QUITE_STRONG;
 import static org.junit.Assert.assertTrue;
 
@@ -12,7 +13,7 @@ public class PasswordStrengthEstimatorImplTest extends BrambleTestCase {
 	@Test
 	public void testWeakPasswords() {
 		PasswordStrengthEstimator e = new PasswordStrengthEstimatorImpl();
-		assertTrue(e.estimateStrength("") < QUITE_STRONG);
+		assertTrue(e.estimateStrength("") == NONE);
 		assertTrue(e.estimateStrength("password") < QUITE_STRONG);
 		assertTrue(e.estimateStrength("letmein") < QUITE_STRONG);
 		assertTrue(e.estimateStrength("123456") < QUITE_STRONG);

bramble-core/src/test/java/org/briarproject/bramble/crypto/PseudoSecureRandom.java

@@ -0,0 +1,48 @@
+package org.briarproject.bramble.crypto;
+
+import org.briarproject.bramble.api.crypto.PseudoRandom;
+
+import java.security.Provider;
+import java.security.SecureRandom;
+import java.security.SecureRandomSpi;
+
+class PseudoSecureRandom extends SecureRandom {
+
+	private static final Provider PROVIDER = new PseudoSecureRandomProvider();
+
+	PseudoSecureRandom(byte[] seed) {
+		super(new PseudoSecureRandomSpi(seed), PROVIDER);
+	}
+
+	private static class PseudoSecureRandomSpi extends SecureRandomSpi {
+
+		private final PseudoRandom pseudoRandom;
+
+		private PseudoSecureRandomSpi(byte[] seed) {
+			pseudoRandom = new PseudoRandomImpl(seed);
+		}
+
+		@Override
+		protected byte[] engineGenerateSeed(int length) {
+			return pseudoRandom.nextBytes(length);
+		}
+
+		@Override
+		protected void engineNextBytes(byte[] b) {
+			byte[] random = pseudoRandom.nextBytes(b.length);
+			System.arraycopy(random, 0, b, 0, b.length);
+		}
+
+		@Override
+		protected void engineSetSeed(byte[] seed) {
+			// Thank you for your input
+		}
+	}
+
+	private static class PseudoSecureRandomProvider extends Provider {
+
+		private PseudoSecureRandomProvider() {
+			super("PseudoSecureRandom", 1.0, "Only for testing");
+		}
+	}
+}

bramble-core/src/test/java/org/briarproject/bramble/crypto/SignatureTest.java

@@ -3,7 +3,7 @@ package org.briarproject.bramble.crypto;
 import org.briarproject.bramble.api.crypto.CryptoComponent;
 import org.briarproject.bramble.api.crypto.KeyPair;
 import org.briarproject.bramble.test.BrambleTestCase;
-import org.briarproject.bramble.test.TestSeedProvider;
+import org.briarproject.bramble.test.TestSecureRandomProvider;
 import org.briarproject.bramble.test.TestUtils;
 import org.junit.Test;
 
@@ -22,7 +22,7 @@ public class SignatureTest extends BrambleTestCase {
 	private final byte[] inputBytes = TestUtils.getRandomBytes(123);
 
 	public SignatureTest() {
-		crypto = new CryptoComponentImpl(new TestSeedProvider());
+		crypto = new CryptoComponentImpl(new TestSecureRandomProvider());
 		KeyPair k = crypto.generateSignatureKeyPair();
 		publicKey = k.getPublic().getEncoded();
 		privateKey = k.getPrivate().getEncoded();

bramble-core/src/test/java/org/briarproject/bramble/crypto/StreamEncrypterImplTest.java

@@ -9,9 +9,13 @@ import java.io.ByteArrayOutputStream;
 
 import static org.briarproject.bramble.api.transport.TransportConstants.FRAME_HEADER_LENGTH;
 import static org.briarproject.bramble.api.transport.TransportConstants.MAC_LENGTH;
+import static org.briarproject.bramble.api.transport.TransportConstants.MAX_FRAME_LENGTH;
+import static org.briarproject.bramble.api.transport.TransportConstants.MAX_PAYLOAD_LENGTH;
 import static org.briarproject.bramble.api.transport.TransportConstants.STREAM_HEADER_IV_LENGTH;
+import static org.briarproject.bramble.api.transport.TransportConstants.STREAM_HEADER_LENGTH;
 import static org.briarproject.bramble.api.transport.TransportConstants.TAG_LENGTH;
 import static org.junit.Assert.assertArrayEquals;
+import static org.junit.Assert.assertEquals;
 
 public class StreamEncrypterImplTest extends BrambleTestCase {
 
@@ -30,6 +34,58 @@ public class StreamEncrypterImplTest extends BrambleTestCase {
 		payload = TestUtils.getRandomBytes(payloadLength);
 	}
 
+	@Test(expected = IllegalArgumentException.class)
+	public void testRejectsNegativePayloadLength() throws Exception {
+		ByteArrayOutputStream out = new ByteArrayOutputStream();
+		StreamEncrypterImpl s = new StreamEncrypterImpl(out, cipher,
+				streamNumber, tag, streamHeaderIv, streamHeaderKey, frameKey);
+
+		s.writeFrame(payload, -1, 0, false);
+	}
+
+	@Test(expected = IllegalArgumentException.class)
+	public void testRejectsNegativePaddingLength() throws Exception {
+		ByteArrayOutputStream out = new ByteArrayOutputStream();
+		StreamEncrypterImpl s = new StreamEncrypterImpl(out, cipher,
+				streamNumber, tag, streamHeaderIv, streamHeaderKey, frameKey);
+
+		s.writeFrame(payload, 0, -1, false);
+	}
+
+	@Test(expected = IllegalArgumentException.class)
+	public void testRejectsMaxPayloadPlusPadding() throws Exception {
+		ByteArrayOutputStream out = new ByteArrayOutputStream();
+		StreamEncrypterImpl s = new StreamEncrypterImpl(out, cipher,
+				streamNumber, tag, streamHeaderIv, streamHeaderKey, frameKey);
+
+		byte[] bigPayload = new byte[MAX_PAYLOAD_LENGTH + 1];
+		s.writeFrame(bigPayload, MAX_PAYLOAD_LENGTH, 1, false);
+	}
+
+	@Test
+	public void testAcceptsMaxPayloadIncludingPadding() throws Exception {
+		ByteArrayOutputStream out = new ByteArrayOutputStream();
+		StreamEncrypterImpl s = new StreamEncrypterImpl(out, cipher,
+				streamNumber, tag, streamHeaderIv, streamHeaderKey, frameKey);
+
+		byte[] bigPayload = new byte[MAX_PAYLOAD_LENGTH];
+		s.writeFrame(bigPayload, MAX_PAYLOAD_LENGTH - 1, 1, false);
+		assertEquals(TAG_LENGTH + STREAM_HEADER_LENGTH + MAX_FRAME_LENGTH,
+				out.size());
+	}
+
+	@Test
+	public void testAcceptsMaxPayloadWithoutPadding() throws Exception {
+		ByteArrayOutputStream out = new ByteArrayOutputStream();
+		StreamEncrypterImpl s = new StreamEncrypterImpl(out, cipher,
+				streamNumber, tag, streamHeaderIv, streamHeaderKey, frameKey);
+
+		byte[] bigPayload = new byte[MAX_PAYLOAD_LENGTH];
+		s.writeFrame(bigPayload, MAX_PAYLOAD_LENGTH, 0, false);
+		assertEquals(TAG_LENGTH + STREAM_HEADER_LENGTH + MAX_FRAME_LENGTH,
+				out.size());
+	}
+
 	@Test
 	public void testWriteUnpaddedNonFinalFrameWithTag() throws Exception {
 		ByteArrayOutputStream out = new ByteArrayOutputStream();

bramble-core/src/test/java/org/briarproject/bramble/db/DatabaseComponentImplTest.java

@@ -63,6 +63,7 @@ import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_PUBLIC_K
 import static org.briarproject.bramble.api.sync.Group.Visibility.INVISIBLE;
 import static org.briarproject.bramble.api.sync.Group.Visibility.SHARED;
 import static org.briarproject.bramble.api.sync.Group.Visibility.VISIBLE;
+import static org.briarproject.bramble.api.sync.SyncConstants.MAX_GROUP_DESCRIPTOR_LENGTH;
 import static org.briarproject.bramble.api.sync.ValidationManager.State.DELIVERED;
 import static org.briarproject.bramble.api.sync.ValidationManager.State.UNKNOWN;
 import static org.briarproject.bramble.api.transport.TransportConstants.REORDERING_WINDOW_SIZE;
@@ -95,7 +96,7 @@ public class DatabaseComponentImplTest extends BrambleTestCase {
 	public DatabaseComponentImplTest() {
 		clientId = new ClientId(TestUtils.getRandomString(5));
 		groupId = new GroupId(TestUtils.getRandomId());
-		byte[] descriptor = new byte[0];
+		byte[] descriptor = new byte[MAX_GROUP_DESCRIPTOR_LENGTH];
 		group = new Group(groupId, clientId, descriptor);
 		authorId = new AuthorId(TestUtils.getRandomId());
 		author = new Author(authorId, "Alice", new byte[MAX_PUBLIC_KEY_LENGTH]);

bramble-core/src/test/java/org/briarproject/bramble/db/H2DatabaseTest.java

@@ -47,6 +47,7 @@ import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_PUBLIC_K
 import static org.briarproject.bramble.api.sync.Group.Visibility.INVISIBLE;
 import static org.briarproject.bramble.api.sync.Group.Visibility.SHARED;
 import static org.briarproject.bramble.api.sync.Group.Visibility.VISIBLE;
+import static org.briarproject.bramble.api.sync.SyncConstants.MAX_GROUP_DESCRIPTOR_LENGTH;
 import static org.briarproject.bramble.api.sync.SyncConstants.MAX_MESSAGE_LENGTH;
 import static org.briarproject.bramble.api.sync.ValidationManager.State.DELIVERED;
 import static org.briarproject.bramble.api.sync.ValidationManager.State.INVALID;
@@ -84,7 +85,7 @@ public class H2DatabaseTest extends BrambleTestCase {
 	public H2DatabaseTest() throws Exception {
 		groupId = new GroupId(TestUtils.getRandomId());
 		clientId = new ClientId(TestUtils.getRandomString(5));
-		byte[] descriptor = new byte[0];
+		byte[] descriptor = new byte[MAX_GROUP_DESCRIPTOR_LENGTH];
 		group = new Group(groupId, clientId, descriptor);
 		AuthorId authorId = new AuthorId(TestUtils.getRandomId());
 		author = new Author(authorId, "Alice", new byte[MAX_PUBLIC_KEY_LENGTH]);
@@ -1316,7 +1317,7 @@ public class H2DatabaseTest extends BrambleTestCase {
 		// Add a second group
 		GroupId groupId1 = new GroupId(TestUtils.getRandomId());
 		Group group1 = new Group(groupId1, clientId,
-				TestUtils.getRandomBytes(42));
+				TestUtils.getRandomBytes(MAX_GROUP_DESCRIPTOR_LENGTH));
 		db.addGroup(txn, group1);
 
 		// Add a message to the second group

bramble-core/src/test/java/org/briarproject/bramble/keyagreement/KeyAgreementProtocolTest.java

@@ -92,7 +92,7 @@ public class KeyAgreementProtocolTest extends BrambleTestCase {
 			oneOf(callbacks).connectionWaiting();
 			oneOf(transport).receiveKey();
 			will(returnValue(BOB_PUBKEY));
-			oneOf(callbacks).initialPacketReceived();
+			oneOf(callbacks).initialRecordReceived();
 
 			// Alice verifies Bob's public key
 			oneOf(crypto).deriveKeyCommitment(BOB_PUBKEY);
@@ -152,7 +152,7 @@ public class KeyAgreementProtocolTest extends BrambleTestCase {
 			// Bob receives Alice's public key
 			oneOf(transport).receiveKey();
 			will(returnValue(ALICE_PUBKEY));
-			oneOf(callbacks).initialPacketReceived();
+			oneOf(callbacks).initialRecordReceived();
 
 			// Bob verifies Alice's public key
 			oneOf(crypto).deriveKeyCommitment(ALICE_PUBKEY);
@@ -213,7 +213,7 @@ public class KeyAgreementProtocolTest extends BrambleTestCase {
 			oneOf(callbacks).connectionWaiting();
 			oneOf(transport).receiveKey();
 			will(returnValue(BAD_PUBKEY));
-			oneOf(callbacks).initialPacketReceived();
+			oneOf(callbacks).initialRecordReceived();
 
 			// Alice verifies Bob's public key
 			oneOf(crypto).deriveKeyCommitment(BAD_PUBKEY);
@@ -250,7 +250,7 @@ public class KeyAgreementProtocolTest extends BrambleTestCase {
 			// Bob receives a bad public key
 			oneOf(transport).receiveKey();
 			will(returnValue(BAD_PUBKEY));
-			oneOf(callbacks).initialPacketReceived();
+			oneOf(callbacks).initialRecordReceived();
 
 			// Bob verifies Alice's public key
 			oneOf(crypto).deriveKeyCommitment(BAD_PUBKEY);
@@ -296,7 +296,7 @@ public class KeyAgreementProtocolTest extends BrambleTestCase {
 			oneOf(callbacks).connectionWaiting();
 			oneOf(transport).receiveKey();
 			will(returnValue(BOB_PUBKEY));
-			oneOf(callbacks).initialPacketReceived();
+			oneOf(callbacks).initialRecordReceived();
 
 			// Alice verifies Bob's public key
 			oneOf(crypto).deriveKeyCommitment(BOB_PUBKEY);
@@ -357,7 +357,7 @@ public class KeyAgreementProtocolTest extends BrambleTestCase {
 			// Bob receives Alice's public key
 			oneOf(transport).receiveKey();
 			will(returnValue(ALICE_PUBKEY));
-			oneOf(callbacks).initialPacketReceived();
+			oneOf(callbacks).initialRecordReceived();
 
 			// Bob verifies Alice's public key
 			oneOf(crypto).deriveKeyCommitment(ALICE_PUBKEY);

bramble-core/src/test/java/org/briarproject/bramble/keyagreement/KeyAgreementTransportTest.java

@@ -0,0 +1,251 @@
+package org.briarproject.bramble.keyagreement;
+
+import org.briarproject.bramble.api.keyagreement.KeyAgreementConnection;
+import org.briarproject.bramble.api.plugin.TransportConnectionReader;
+import org.briarproject.bramble.api.plugin.TransportConnectionWriter;
+import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
+import org.briarproject.bramble.test.BrambleMockTestCase;
+import org.briarproject.bramble.test.TestUtils;
+import org.briarproject.bramble.util.ByteUtils;
+import org.jmock.Expectations;
+import org.junit.Test;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+
+import static org.briarproject.bramble.api.keyagreement.KeyAgreementConstants.PROTOCOL_VERSION;
+import static org.briarproject.bramble.api.keyagreement.KeyAgreementConstants.RECORD_HEADER_LENGTH;
+import static org.briarproject.bramble.api.keyagreement.RecordTypes.ABORT;
+import static org.briarproject.bramble.api.keyagreement.RecordTypes.CONFIRM;
+import static org.briarproject.bramble.api.keyagreement.RecordTypes.KEY;
+import static org.junit.Assert.assertArrayEquals;
+import static org.junit.Assert.assertEquals;
+
+public class KeyAgreementTransportTest extends BrambleMockTestCase {
+
+	private final DuplexTransportConnection duplexTransportConnection =
+			context.mock(DuplexTransportConnection.class);
+	private final TransportConnectionReader transportConnectionReader =
+			context.mock(TransportConnectionReader.class);
+	private final TransportConnectionWriter transportConnectionWriter =
+			context.mock(TransportConnectionWriter.class);
+
+	private final TransportId transportId = new TransportId("test");
+	private final KeyAgreementConnection keyAgreementConnection =
+			new KeyAgreementConnection(duplexTransportConnection, transportId);
+
+	private ByteArrayInputStream inputStream;
+	private ByteArrayOutputStream outputStream;
+	private KeyAgreementTransport kat;
+
+	@Test
+	public void testSendKey() throws Exception {
+		setup(new byte[0]);
+		byte[] key = TestUtils.getRandomBytes(123);
+		kat.sendKey(key);
+		assertRecordSent(KEY, key);
+	}
+
+	@Test
+	public void testSendConfirm() throws Exception {
+		setup(new byte[0]);
+		byte[] confirm = TestUtils.getRandomBytes(123);
+		kat.sendConfirm(confirm);
+		assertRecordSent(CONFIRM, confirm);
+	}
+
+	@Test
+	public void testSendAbortWithException() throws Exception {
+		setup(new byte[0]);
+		context.checking(new Expectations() {{
+			oneOf(transportConnectionReader).dispose(true, true);
+			oneOf(transportConnectionWriter).dispose(true);
+		}});
+		kat.sendAbort(true);
+		assertRecordSent(ABORT, new byte[0]);
+	}
+
+	@Test
+	public void testSendAbortWithoutException() throws Exception {
+		setup(new byte[0]);
+		context.checking(new Expectations() {{
+			oneOf(transportConnectionReader).dispose(false, true);
+			oneOf(transportConnectionWriter).dispose(false);
+		}});
+		kat.sendAbort(false);
+		assertRecordSent(ABORT, new byte[0]);
+	}
+
+	@Test(expected = AbortException.class)
+	public void testReceiveKeyThrowsExceptionIfAtEndOfStream()
+			throws Exception {
+		setup(new byte[0]);
+		kat.receiveKey();
+	}
+
+	@Test(expected = AbortException.class)
+	public void testReceiveKeyThrowsExceptionIfHeaderIsTooShort()
+			throws Exception {
+		byte[] input = new byte[RECORD_HEADER_LENGTH - 1];
+		input[0] = PROTOCOL_VERSION;
+		input[1] = KEY;
+		setup(input);
+		kat.receiveKey();
+	}
+
+	@Test(expected = AbortException.class)
+	public void testReceiveKeyThrowsExceptionIfPayloadIsTooShort()
+			throws Exception {
+		int payloadLength = 123;
+		byte[] input = new byte[RECORD_HEADER_LENGTH + payloadLength - 1];
+		input[0] = PROTOCOL_VERSION;
+		input[1] = KEY;
+		ByteUtils.writeUint16(payloadLength, input, 2);
+		setup(input);
+		kat.receiveKey();
+	}
+
+	@Test(expected = AbortException.class)
+	public void testReceiveKeyThrowsExceptionIfProtocolVersionIsUnrecognised()
+			throws Exception {
+		setup(createRecord((byte) (PROTOCOL_VERSION + 1), KEY, new byte[123]));
+		kat.receiveKey();
+	}
+
+	@Test(expected = AbortException.class)
+	public void testReceiveKeyThrowsExceptionIfAbortIsReceived()
+			throws Exception {
+		setup(createRecord(PROTOCOL_VERSION, ABORT, new byte[0]));
+		kat.receiveKey();
+	}
+
+	@Test(expected = AbortException.class)
+	public void testReceiveKeyThrowsExceptionIfConfirmIsReceived()
+			throws Exception {
+		setup(createRecord(PROTOCOL_VERSION, CONFIRM, new byte[123]));
+		kat.receiveKey();
+	}
+
+	@Test
+	public void testReceiveKeySkipsUnrecognisedRecordTypes() throws Exception {
+		byte[] skip1 = createRecord(PROTOCOL_VERSION, (byte) (ABORT + 1),
+				new byte[123]);
+		byte[] skip2 = createRecord(PROTOCOL_VERSION, (byte) (ABORT + 2),
+				new byte[0]);
+		byte[] payload = TestUtils.getRandomBytes(123);
+		byte[] key = createRecord(PROTOCOL_VERSION, KEY, payload);
+		ByteArrayOutputStream input = new ByteArrayOutputStream();
+		input.write(skip1);
+		input.write(skip2);
+		input.write(key);
+		setup(input.toByteArray());
+		assertArrayEquals(payload, kat.receiveKey());
+	}
+
+	@Test(expected = AbortException.class)
+	public void testReceiveConfirmThrowsExceptionIfAtEndOfStream()
+			throws Exception {
+		setup(new byte[0]);
+		kat.receiveConfirm();
+	}
+
+	@Test(expected = AbortException.class)
+	public void testReceiveConfirmThrowsExceptionIfHeaderIsTooShort()
+			throws Exception {
+		byte[] input = new byte[RECORD_HEADER_LENGTH - 1];
+		input[0] = PROTOCOL_VERSION;
+		input[1] = CONFIRM;
+		setup(input);
+		kat.receiveConfirm();
+	}
+
+	@Test(expected = AbortException.class)
+	public void testReceiveConfirmThrowsExceptionIfPayloadIsTooShort()
+			throws Exception {
+		int payloadLength = 123;
+		byte[] input = new byte[RECORD_HEADER_LENGTH + payloadLength - 1];
+		input[0] = PROTOCOL_VERSION;
+		input[1] = CONFIRM;
+		ByteUtils.writeUint16(payloadLength, input, 2);
+		setup(input);
+		kat.receiveConfirm();
+	}
+
+	@Test(expected = AbortException.class)
+	public void testReceiveConfirmThrowsExceptionIfProtocolVersionIsUnrecognised()
+			throws Exception {
+		setup(createRecord((byte) (PROTOCOL_VERSION + 1), CONFIRM,
+				new byte[123]));
+		kat.receiveConfirm();
+	}
+
+	@Test(expected = AbortException.class)
+	public void testReceiveConfirmThrowsExceptionIfAbortIsReceived()
+			throws Exception {
+		setup(createRecord(PROTOCOL_VERSION, ABORT, new byte[0]));
+		kat.receiveConfirm();
+	}
+
+	@Test(expected = AbortException.class)
+	public void testReceiveKeyThrowsExceptionIfKeyIsReceived()
+			throws Exception {
+		setup(createRecord(PROTOCOL_VERSION, KEY, new byte[123]));
+		kat.receiveConfirm();
+	}
+
+	@Test
+	public void testReceiveConfirmSkipsUnrecognisedRecordTypes()
+			throws Exception {
+		byte[] skip1 = createRecord(PROTOCOL_VERSION, (byte) (ABORT + 1),
+				new byte[123]);
+		byte[] skip2 = createRecord(PROTOCOL_VERSION, (byte) (ABORT + 2),
+				new byte[0]);
+		byte[] payload = TestUtils.getRandomBytes(123);
+		byte[] confirm = createRecord(PROTOCOL_VERSION, CONFIRM, payload);
+		ByteArrayOutputStream input = new ByteArrayOutputStream();
+		input.write(skip1);
+		input.write(skip2);
+		input.write(confirm);
+		setup(input.toByteArray());
+		assertArrayEquals(payload, kat.receiveConfirm());
+	}
+
+	private void setup(byte[] input) throws Exception {
+		inputStream = new ByteArrayInputStream(input);
+		outputStream = new ByteArrayOutputStream();
+		context.checking(new Expectations() {{
+			allowing(duplexTransportConnection).getReader();
+			will(returnValue(transportConnectionReader));
+			allowing(transportConnectionReader).getInputStream();
+			will(returnValue(inputStream));
+			allowing(duplexTransportConnection).getWriter();
+			will(returnValue(transportConnectionWriter));
+			allowing(transportConnectionWriter).getOutputStream();
+			will(returnValue(outputStream));
+		}});
+		kat = new KeyAgreementTransport(keyAgreementConnection);
+	}
+
+	private void assertRecordSent(byte expectedType, byte[] expectedPayload) {
+		byte[] output = outputStream.toByteArray();
+		assertEquals(RECORD_HEADER_LENGTH + expectedPayload.length,
+				output.length);
+		assertEquals(PROTOCOL_VERSION, output[0]);
+		assertEquals(expectedType, output[1]);
+		assertEquals(expectedPayload.length, ByteUtils.readUint16(output, 2));
+		byte[] payload = new byte[output.length - RECORD_HEADER_LENGTH];
+		System.arraycopy(output, RECORD_HEADER_LENGTH, payload, 0,
+				payload.length);
+		assertArrayEquals(expectedPayload, payload);
+	}
+
+	private byte[] createRecord(byte version, byte type, byte[] payload) {
+		byte[] b = new byte[RECORD_HEADER_LENGTH + payload.length];
+		b[0] = version;
+		b[1] = type;
+		ByteUtils.writeUint16(payload.length, b, 2);
+		System.arraycopy(payload, 0, b, RECORD_HEADER_LENGTH, payload.length);
+		return b;
+	}
+}

bramble-core/src/test/java/org/briarproject/bramble/properties/TransportPropertyManagerImplTest.java

@@ -1,14 +0,0 @@
-package org.briarproject.bramble.properties;
-
-import org.briarproject.bramble.test.BrambleTestCase;
-import org.junit.Test;
-
-import static org.junit.Assert.fail;
-
-public class TransportPropertyManagerImplTest extends BrambleTestCase {
-
-	@Test
-	public void testUnitTestsExist() {
-		fail(); // FIXME: Write tests
-	}
-}

bramble-core/src/test/java/org/briarproject/bramble/sync/PacketReaderImplTest.java

@@ -1,162 +0,0 @@
-package org.briarproject.bramble.sync;
-
-import org.briarproject.bramble.api.FormatException;
-import org.briarproject.bramble.api.UniqueId;
-import org.briarproject.bramble.test.BrambleTestCase;
-import org.briarproject.bramble.test.TestUtils;
-import org.briarproject.bramble.util.ByteUtils;
-import org.junit.Test;
-
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-
-import static org.briarproject.bramble.api.sync.PacketTypes.ACK;
-import static org.briarproject.bramble.api.sync.PacketTypes.OFFER;
-import static org.briarproject.bramble.api.sync.PacketTypes.REQUEST;
-import static org.briarproject.bramble.api.sync.SyncConstants.MAX_PACKET_PAYLOAD_LENGTH;
-import static org.briarproject.bramble.api.sync.SyncConstants.PACKET_HEADER_LENGTH;
-import static org.junit.Assert.assertEquals;
-
-public class PacketReaderImplTest extends BrambleTestCase {
-
-	@Test(expected = FormatException.class)
-	public void testFormatExceptionIfAckIsTooLarge() throws Exception {
-		byte[] b = createAck(true);
-		ByteArrayInputStream in = new ByteArrayInputStream(b);
-		PacketReaderImpl reader = new PacketReaderImpl(null, in);
-		reader.readAck();
-	}
-
-	@Test
-	public void testNoFormatExceptionIfAckIsMaximumSize() throws Exception {
-		byte[] b = createAck(false);
-		ByteArrayInputStream in = new ByteArrayInputStream(b);
-		PacketReaderImpl reader = new PacketReaderImpl(null, in);
-		reader.readAck();
-	}
-
-	@Test(expected = FormatException.class)
-	public void testEmptyAck() throws Exception {
-		byte[] b = createEmptyAck();
-		ByteArrayInputStream in = new ByteArrayInputStream(b);
-		PacketReaderImpl reader = new PacketReaderImpl(null, in);
-		reader.readAck();
-	}
-
-	@Test(expected = FormatException.class)
-	public void testFormatExceptionIfOfferIsTooLarge() throws Exception {
-		byte[] b = createOffer(true);
-		ByteArrayInputStream in = new ByteArrayInputStream(b);
-		PacketReaderImpl reader = new PacketReaderImpl(null, in);
-		reader.readOffer();
-	}
-
-	@Test
-	public void testNoFormatExceptionIfOfferIsMaximumSize() throws Exception {
-		byte[] b = createOffer(false);
-		ByteArrayInputStream in = new ByteArrayInputStream(b);
-		PacketReaderImpl reader = new PacketReaderImpl(null, in);
-		reader.readOffer();
-	}
-
-	@Test(expected = FormatException.class)
-	public void testEmptyOffer() throws Exception {
-		byte[] b = createEmptyOffer();
-		ByteArrayInputStream in = new ByteArrayInputStream(b);
-		PacketReaderImpl reader = new PacketReaderImpl(null, in);
-		reader.readOffer();
-	}
-
-	@Test(expected = FormatException.class)
-	public void testFormatExceptionIfRequestIsTooLarge() throws Exception {
-		byte[] b = createRequest(true);
-		ByteArrayInputStream in = new ByteArrayInputStream(b);
-		PacketReaderImpl reader = new PacketReaderImpl(null, in);
-		reader.readRequest();
-	}
-
-	@Test
-	public void testNoFormatExceptionIfRequestIsMaximumSize() throws Exception {
-		byte[] b = createRequest(false);
-		ByteArrayInputStream in = new ByteArrayInputStream(b);
-		PacketReaderImpl reader = new PacketReaderImpl(null, in);
-		reader.readRequest();
-	}
-
-	@Test(expected = FormatException.class)
-	public void testEmptyRequest() throws Exception {
-		byte[] b = createEmptyRequest();
-		ByteArrayInputStream in = new ByteArrayInputStream(b);
-		PacketReaderImpl reader = new PacketReaderImpl(null, in);
-		reader.readRequest();
-	}
-
-	private byte[] createAck(boolean tooBig) throws Exception {
-		ByteArrayOutputStream out = new ByteArrayOutputStream();
-		out.write(new byte[PACKET_HEADER_LENGTH]);
-		while (out.size() + UniqueId.LENGTH <= PACKET_HEADER_LENGTH
-				+ MAX_PACKET_PAYLOAD_LENGTH) {
-			out.write(TestUtils.getRandomId());
-		}
-		if (tooBig) out.write(TestUtils.getRandomId());
-		assertEquals(tooBig, out.size() > PACKET_HEADER_LENGTH +
-				MAX_PACKET_PAYLOAD_LENGTH);
-		byte[] packet = out.toByteArray();
-		packet[1] = ACK;
-		ByteUtils.writeUint16(packet.length - PACKET_HEADER_LENGTH, packet, 2);
-		return packet;
-	}
-
-	private byte[] createEmptyAck() throws Exception {
-		byte[] packet = new byte[PACKET_HEADER_LENGTH];
-		packet[1] = ACK;
-		ByteUtils.writeUint16(packet.length - PACKET_HEADER_LENGTH, packet, 2);
-		return packet;
-	}
-
-	private byte[] createOffer(boolean tooBig) throws Exception {
-		ByteArrayOutputStream out = new ByteArrayOutputStream();
-		out.write(new byte[PACKET_HEADER_LENGTH]);
-		while (out.size() + UniqueId.LENGTH <= PACKET_HEADER_LENGTH
-				+ MAX_PACKET_PAYLOAD_LENGTH) {
-			out.write(TestUtils.getRandomId());
-		}
-		if (tooBig) out.write(TestUtils.getRandomId());
-		assertEquals(tooBig, out.size() > PACKET_HEADER_LENGTH +
-				MAX_PACKET_PAYLOAD_LENGTH);
-		byte[] packet = out.toByteArray();
-		packet[1] = OFFER;
-		ByteUtils.writeUint16(packet.length - PACKET_HEADER_LENGTH, packet, 2);
-		return packet;
-	}
-
-	private byte[] createEmptyOffer() throws Exception {
-		byte[] packet = new byte[PACKET_HEADER_LENGTH];
-		packet[1] = OFFER;
-		ByteUtils.writeUint16(packet.length - PACKET_HEADER_LENGTH, packet, 2);
-		return packet;
-	}
-
-	private byte[] createRequest(boolean tooBig) throws Exception {
-		ByteArrayOutputStream out = new ByteArrayOutputStream();
-		out.write(new byte[PACKET_HEADER_LENGTH]);
-		while (out.size() + UniqueId.LENGTH <= PACKET_HEADER_LENGTH
-				+ MAX_PACKET_PAYLOAD_LENGTH) {
-			out.write(TestUtils.getRandomId());
-		}
-		if (tooBig) out.write(TestUtils.getRandomId());
-		assertEquals(tooBig, out.size() > PACKET_HEADER_LENGTH +
-				MAX_PACKET_PAYLOAD_LENGTH);
-		byte[] packet = out.toByteArray();
-		packet[1] = REQUEST;
-		ByteUtils.writeUint16(packet.length - PACKET_HEADER_LENGTH, packet, 2);
-		return packet;
-	}
-
-	private byte[] createEmptyRequest() throws Exception {
-		byte[] packet = new byte[PACKET_HEADER_LENGTH];
-		packet[1] = REQUEST;
-		ByteUtils.writeUint16(packet.length - PACKET_HEADER_LENGTH, packet, 2);
-		return packet;
-	}
-}

bramble-core/src/test/java/org/briarproject/bramble/sync/RecordReaderImplTest.java

@@ -0,0 +1,219 @@
+package org.briarproject.bramble.sync;
+
+import org.briarproject.bramble.api.FormatException;
+import org.briarproject.bramble.api.UniqueId;
+import org.briarproject.bramble.api.sync.Ack;
+import org.briarproject.bramble.api.sync.MessageFactory;
+import org.briarproject.bramble.test.BrambleMockTestCase;
+import org.briarproject.bramble.test.TestUtils;
+import org.briarproject.bramble.util.ByteUtils;
+import org.junit.Test;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+
+import static org.briarproject.bramble.api.sync.RecordTypes.ACK;
+import static org.briarproject.bramble.api.sync.RecordTypes.OFFER;
+import static org.briarproject.bramble.api.sync.RecordTypes.REQUEST;
+import static org.briarproject.bramble.api.sync.SyncConstants.MAX_MESSAGE_IDS;
+import static org.briarproject.bramble.api.sync.SyncConstants.MAX_RECORD_PAYLOAD_LENGTH;
+import static org.briarproject.bramble.api.sync.SyncConstants.PROTOCOL_VERSION;
+import static org.briarproject.bramble.api.sync.SyncConstants.RECORD_HEADER_LENGTH;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
+public class RecordReaderImplTest extends BrambleMockTestCase {
+
+	private final MessageFactory messageFactory =
+			context.mock(MessageFactory.class);
+
+	@Test(expected = FormatException.class)
+	public void testFormatExceptionIfAckIsTooLarge() throws Exception {
+		byte[] b = createAck(true);
+		ByteArrayInputStream in = new ByteArrayInputStream(b);
+		RecordReaderImpl reader = new RecordReaderImpl(messageFactory, in);
+		reader.readAck();
+	}
+
+	@Test
+	public void testNoFormatExceptionIfAckIsMaximumSize() throws Exception {
+		byte[] b = createAck(false);
+		ByteArrayInputStream in = new ByteArrayInputStream(b);
+		RecordReaderImpl reader = new RecordReaderImpl(messageFactory, in);
+		reader.readAck();
+	}
+
+	@Test(expected = FormatException.class)
+	public void testFormatExceptionIfAckIsEmpty() throws Exception {
+		byte[] b = createEmptyAck();
+		ByteArrayInputStream in = new ByteArrayInputStream(b);
+		RecordReaderImpl reader = new RecordReaderImpl(messageFactory, in);
+		reader.readAck();
+	}
+
+	@Test(expected = FormatException.class)
+	public void testFormatExceptionIfOfferIsTooLarge() throws Exception {
+		byte[] b = createOffer(true);
+		ByteArrayInputStream in = new ByteArrayInputStream(b);
+		RecordReaderImpl reader = new RecordReaderImpl(messageFactory, in);
+		reader.readOffer();
+	}
+
+	@Test
+	public void testNoFormatExceptionIfOfferIsMaximumSize() throws Exception {
+		byte[] b = createOffer(false);
+		ByteArrayInputStream in = new ByteArrayInputStream(b);
+		RecordReaderImpl reader = new RecordReaderImpl(messageFactory, in);
+		reader.readOffer();
+	}
+
+	@Test(expected = FormatException.class)
+	public void testFormatExceptionIfOfferIsEmpty() throws Exception {
+		byte[] b = createEmptyOffer();
+		ByteArrayInputStream in = new ByteArrayInputStream(b);
+		RecordReaderImpl reader = new RecordReaderImpl(messageFactory, in);
+		reader.readOffer();
+	}
+
+	@Test(expected = FormatException.class)
+	public void testFormatExceptionIfRequestIsTooLarge() throws Exception {
+		byte[] b = createRequest(true);
+		ByteArrayInputStream in = new ByteArrayInputStream(b);
+		RecordReaderImpl reader = new RecordReaderImpl(messageFactory, in);
+		reader.readRequest();
+	}
+
+	@Test
+	public void testNoFormatExceptionIfRequestIsMaximumSize() throws Exception {
+		byte[] b = createRequest(false);
+		ByteArrayInputStream in = new ByteArrayInputStream(b);
+		RecordReaderImpl reader = new RecordReaderImpl(messageFactory, in);
+		reader.readRequest();
+	}
+
+	@Test(expected = FormatException.class)
+	public void testFormatExceptionIfRequestIsEmpty() throws Exception {
+		byte[] b = createEmptyRequest();
+		ByteArrayInputStream in = new ByteArrayInputStream(b);
+		RecordReaderImpl reader = new RecordReaderImpl(messageFactory, in);
+		reader.readRequest();
+	}
+
+	@Test
+	public void testEofReturnsTrueWhenAtEndOfStream() throws Exception {
+		ByteArrayInputStream in = new ByteArrayInputStream(new byte[0]);
+		RecordReaderImpl reader = new RecordReaderImpl(messageFactory, in);
+		assertTrue(reader.eof());
+	}
+
+	@Test
+	public void testEofReturnsFalseWhenNotAtEndOfStream() throws Exception {
+		byte[] b = createAck(false);
+		ByteArrayInputStream in = new ByteArrayInputStream(b);
+		RecordReaderImpl reader = new RecordReaderImpl(messageFactory, in);
+		assertFalse(reader.eof());
+	}
+
+	@Test(expected = FormatException.class)
+	public void testThrowsExceptionIfHeaderIsTooShort() throws Exception {
+		byte[] b = new byte[RECORD_HEADER_LENGTH - 1];
+		b[0] = PROTOCOL_VERSION;
+		b[1] = ACK;
+		ByteArrayInputStream in = new ByteArrayInputStream(b);
+		RecordReaderImpl reader = new RecordReaderImpl(messageFactory, in);
+		reader.eof();
+	}
+
+	@Test(expected = FormatException.class)
+	public void testThrowsExceptionIfPayloadIsTooShort() throws Exception {
+		int payloadLength = 123;
+		byte[] b = new byte[RECORD_HEADER_LENGTH + payloadLength - 1];
+		b[0] = PROTOCOL_VERSION;
+		b[1] = ACK;
+		ByteUtils.writeUint16(payloadLength, b, 2);
+		ByteArrayInputStream in = new ByteArrayInputStream(b);
+		RecordReaderImpl reader = new RecordReaderImpl(messageFactory, in);
+		reader.eof();
+	}
+
+	@Test(expected = FormatException.class)
+	public void testThrowsExceptionIfProtocolVersionIsUnrecognised()
+			throws Exception {
+		byte version = (byte) (PROTOCOL_VERSION + 1);
+		byte[] b = createRecord(version, ACK, new byte[0]);
+		ByteArrayInputStream in = new ByteArrayInputStream(b);
+		RecordReaderImpl reader = new RecordReaderImpl(messageFactory, in);
+		reader.eof();
+	}
+
+	@Test(expected = FormatException.class)
+	public void testThrowsExceptionIfPayloadIsTooLong() throws Exception {
+		byte[] payload = new byte[MAX_RECORD_PAYLOAD_LENGTH + 1];
+		byte[] b = createRecord(PROTOCOL_VERSION, ACK, payload);
+		ByteArrayInputStream in = new ByteArrayInputStream(b);
+		RecordReaderImpl reader = new RecordReaderImpl(messageFactory, in);
+		reader.eof();
+	}
+
+	@Test
+	public void testSkipsUnrecognisedRecordTypes() throws Exception {
+		byte[] skip1 = createRecord(PROTOCOL_VERSION, (byte) (REQUEST + 1),
+				new byte[123]);
+		byte[] skip2 = createRecord(PROTOCOL_VERSION, (byte) (REQUEST + 2),
+				new byte[0]);
+		byte[] ack = createAck(false);
+		ByteArrayOutputStream input = new ByteArrayOutputStream();
+		input.write(skip1);
+		input.write(skip2);
+		input.write(ack);
+		ByteArrayInputStream in = new ByteArrayInputStream(input.toByteArray());
+		RecordReaderImpl reader = new RecordReaderImpl(messageFactory, in);
+		assertTrue(reader.hasAck());
+		Ack a = reader.readAck();
+		assertEquals(MAX_MESSAGE_IDS, a.getMessageIds().size());
+	}
+
+	private byte[] createAck(boolean tooBig) throws Exception {
+		return createRecord(PROTOCOL_VERSION, ACK, createPayload(tooBig));
+	}
+
+	private byte[] createEmptyAck() throws Exception {
+		return createRecord(PROTOCOL_VERSION, ACK, new byte[0]);
+	}
+
+	private byte[] createOffer(boolean tooBig) throws Exception {
+		return createRecord(PROTOCOL_VERSION, OFFER, createPayload(tooBig));
+	}
+
+	private byte[] createEmptyOffer() throws Exception {
+		return createRecord(PROTOCOL_VERSION, OFFER, new byte[0]);
+	}
+
+	private byte[] createRequest(boolean tooBig) throws Exception {
+		return createRecord(PROTOCOL_VERSION, REQUEST, createPayload(tooBig));
+	}
+
+	private byte[] createEmptyRequest() throws Exception {
+		return createRecord(PROTOCOL_VERSION, REQUEST, new byte[0]);
+	}
+
+	private byte[] createRecord(byte version, byte type, byte[] payload) {
+		byte[] b = new byte[RECORD_HEADER_LENGTH + payload.length];
+		b[0] = version;
+		b[1] = type;
+		ByteUtils.writeUint16(payload.length, b, 2);
+		System.arraycopy(payload, 0, b, RECORD_HEADER_LENGTH, payload.length);
+		return b;
+	}
+
+	private byte[] createPayload(boolean tooBig) throws Exception {
+		ByteArrayOutputStream payload = new ByteArrayOutputStream();
+		while (payload.size() + UniqueId.LENGTH <= MAX_RECORD_PAYLOAD_LENGTH) {
+			payload.write(TestUtils.getRandomId());
+		}
+		if (tooBig) payload.write(TestUtils.getRandomId());
+		assertEquals(tooBig, payload.size() > MAX_RECORD_PAYLOAD_LENGTH);
+		return payload.toByteArray();
+	}
+}

bramble-core/src/test/java/org/briarproject/bramble/sync/SimplexOutgoingSessionTest.java

@@ -6,10 +6,10 @@ import org.briarproject.bramble.api.db.Transaction;
 import org.briarproject.bramble.api.event.EventBus;
 import org.briarproject.bramble.api.sync.Ack;
 import org.briarproject.bramble.api.sync.MessageId;
-import org.briarproject.bramble.api.sync.PacketWriter;
 import org.briarproject.bramble.test.BrambleTestCase;
 import org.briarproject.bramble.test.ImmediateExecutor;
 import org.briarproject.bramble.test.TestUtils;
+import org.briarproject.bramble.api.sync.RecordWriter;
 import org.jmock.Expectations;
 import org.jmock.Mockery;
 import org.junit.Test;
@@ -29,14 +29,14 @@ public class SimplexOutgoingSessionTest extends BrambleTestCase {
 	private final ContactId contactId;
 	private final MessageId messageId;
 	private final int maxLatency;
-	private final PacketWriter packetWriter;
+	private final RecordWriter recordWriter;
 
 	public SimplexOutgoingSessionTest() {
 		context = new Mockery();
 		db = context.mock(DatabaseComponent.class);
 		dbExecutor = new ImmediateExecutor();
 		eventBus = context.mock(EventBus.class);
-		packetWriter = context.mock(PacketWriter.class);
+		recordWriter = context.mock(RecordWriter.class);
 		contactId = new ContactId(234);
 		messageId = new MessageId(TestUtils.getRandomId());
 		maxLatency = Integer.MAX_VALUE;
@@ -45,7 +45,7 @@ public class SimplexOutgoingSessionTest extends BrambleTestCase {
 	@Test
 	public void testNothingToSend() throws Exception {
 		final SimplexOutgoingSession session = new SimplexOutgoingSession(db,
-				dbExecutor, eventBus, contactId, maxLatency, packetWriter);
+				dbExecutor, eventBus, contactId, maxLatency, recordWriter);
 		final Transaction noAckTxn = new Transaction(null, false);
 		final Transaction noMsgTxn = new Transaction(null, false);
 
@@ -68,7 +68,7 @@ public class SimplexOutgoingSessionTest extends BrambleTestCase {
 			oneOf(db).commitTransaction(noMsgTxn);
 			oneOf(db).endTransaction(noMsgTxn);
 			// Flush the output stream
-			oneOf(packetWriter).flush();
+			oneOf(recordWriter).flush();
 			// Remove listener
 			oneOf(eventBus).removeListener(session);
 		}});
@@ -83,7 +83,7 @@ public class SimplexOutgoingSessionTest extends BrambleTestCase {
 		final Ack ack = new Ack(Collections.singletonList(messageId));
 		final byte[] raw = new byte[1234];
 		final SimplexOutgoingSession session = new SimplexOutgoingSession(db,
-				dbExecutor, eventBus, contactId, maxLatency, packetWriter);
+				dbExecutor, eventBus, contactId, maxLatency, recordWriter);
 		final Transaction ackTxn = new Transaction(null, false);
 		final Transaction noAckTxn = new Transaction(null, false);
 		final Transaction msgTxn = new Transaction(null, false);
@@ -99,7 +99,7 @@ public class SimplexOutgoingSessionTest extends BrambleTestCase {
 			will(returnValue(ack));
 			oneOf(db).commitTransaction(ackTxn);
 			oneOf(db).endTransaction(ackTxn);
-			oneOf(packetWriter).writeAck(ack);
+			oneOf(recordWriter).writeAck(ack);
 			// One message to send
 			oneOf(db).startTransaction(false);
 			will(returnValue(msgTxn));
@@ -108,7 +108,7 @@ public class SimplexOutgoingSessionTest extends BrambleTestCase {
 			will(returnValue(Arrays.asList(raw)));
 			oneOf(db).commitTransaction(msgTxn);
 			oneOf(db).endTransaction(msgTxn);
-			oneOf(packetWriter).writeMessage(raw);
+			oneOf(recordWriter).writeMessage(raw);
 			// No more acks
 			oneOf(db).startTransaction(false);
 			will(returnValue(noAckTxn));
@@ -125,7 +125,7 @@ public class SimplexOutgoingSessionTest extends BrambleTestCase {
 			oneOf(db).commitTransaction(noMsgTxn);
 			oneOf(db).endTransaction(noMsgTxn);
 			// Flush the output stream
-			oneOf(packetWriter).flush();
+			oneOf(recordWriter).flush();
 			// Remove listener
 			oneOf(eventBus).removeListener(session);
 		}});

bramble-core/src/test/java/org/briarproject/bramble/sync/SyncIntegrationTest.java

@@ -12,10 +12,10 @@ import org.briarproject.bramble.api.sync.Message;
 import org.briarproject.bramble.api.sync.MessageFactory;
 import org.briarproject.bramble.api.sync.MessageId;
 import org.briarproject.bramble.api.sync.Offer;
-import org.briarproject.bramble.api.sync.PacketReader;
-import org.briarproject.bramble.api.sync.PacketReaderFactory;
-import org.briarproject.bramble.api.sync.PacketWriter;
-import org.briarproject.bramble.api.sync.PacketWriterFactory;
+import org.briarproject.bramble.api.sync.RecordReader;
+import org.briarproject.bramble.api.sync.RecordReaderFactory;
+import org.briarproject.bramble.api.sync.RecordWriter;
+import org.briarproject.bramble.api.sync.RecordWriterFactory;
 import org.briarproject.bramble.api.sync.Request;
 import org.briarproject.bramble.api.transport.StreamContext;
 import org.briarproject.bramble.api.transport.StreamReaderFactory;
@@ -33,6 +33,7 @@ import java.util.Collection;
 
 import javax.inject.Inject;
 
+import static org.briarproject.bramble.api.sync.SyncConstants.MAX_GROUP_DESCRIPTOR_LENGTH;
 import static org.briarproject.bramble.api.transport.TransportConstants.TAG_LENGTH;
 import static org.junit.Assert.assertArrayEquals;
 import static org.junit.Assert.assertEquals;
@@ -50,9 +51,9 @@ public class SyncIntegrationTest extends BrambleTestCase {
 	@Inject
 	StreamWriterFactory streamWriterFactory;
 	@Inject
-	PacketReaderFactory packetReaderFactory;
+	RecordReaderFactory recordReaderFactory;
 	@Inject
-	PacketWriterFactory packetWriterFactory;
+	RecordWriterFactory recordWriterFactory;
 	@Inject
 	CryptoComponent crypto;
 
@@ -77,7 +78,7 @@ public class SyncIntegrationTest extends BrambleTestCase {
 		streamNumber = 123;
 		// Create a group
 		ClientId clientId = new ClientId(TestUtils.getRandomString(5));
-		byte[] descriptor = new byte[0];
+		byte[] descriptor = new byte[MAX_GROUP_DESCRIPTOR_LENGTH];
 		Group group = groupFactory.createGroup(clientId, descriptor);
 		// Add two messages to the group
 		long timestamp = System.currentTimeMillis();
@@ -98,14 +99,14 @@ public class SyncIntegrationTest extends BrambleTestCase {
 				headerKey, streamNumber);
 		OutputStream streamWriter = streamWriterFactory.createStreamWriter(out,
 				ctx);
-		PacketWriter packetWriter = packetWriterFactory.createPacketWriter(
+		RecordWriter recordWriter = recordWriterFactory.createRecordWriter(
 				streamWriter);
 
-		packetWriter.writeAck(new Ack(messageIds));
-		packetWriter.writeMessage(message.getRaw());
-		packetWriter.writeMessage(message1.getRaw());
-		packetWriter.writeOffer(new Offer(messageIds));
-		packetWriter.writeRequest(new Request(messageIds));
+		recordWriter.writeAck(new Ack(messageIds));
+		recordWriter.writeMessage(message.getRaw());
+		recordWriter.writeMessage(message1.getRaw());
+		recordWriter.writeOffer(new Offer(messageIds));
+		recordWriter.writeRequest(new Request(messageIds));
 
 		streamWriter.flush();
 		return out.toByteArray();
@@ -127,31 +128,31 @@ public class SyncIntegrationTest extends BrambleTestCase {
 				headerKey, streamNumber);
 		InputStream streamReader = streamReaderFactory.createStreamReader(in,
 				ctx);
-		PacketReader packetReader = packetReaderFactory.createPacketReader(
+		RecordReader recordReader = recordReaderFactory.createRecordReader(
 				streamReader);
 
 		// Read the ack
-		assertTrue(packetReader.hasAck());
-		Ack a = packetReader.readAck();
+		assertTrue(recordReader.hasAck());
+		Ack a = recordReader.readAck();
 		assertEquals(messageIds, a.getMessageIds());
 
 		// Read the messages
-		assertTrue(packetReader.hasMessage());
-		Message m = packetReader.readMessage();
+		assertTrue(recordReader.hasMessage());
+		Message m = recordReader.readMessage();
 		checkMessageEquality(message, m);
-		assertTrue(packetReader.hasMessage());
-		m = packetReader.readMessage();
+		assertTrue(recordReader.hasMessage());
+		m = recordReader.readMessage();
 		checkMessageEquality(message1, m);
-		assertFalse(packetReader.hasMessage());
+		assertFalse(recordReader.hasMessage());
 
 		// Read the offer
-		assertTrue(packetReader.hasOffer());
-		Offer o = packetReader.readOffer();
+		assertTrue(recordReader.hasOffer());
+		Offer o = recordReader.readOffer();
 		assertEquals(messageIds, o.getMessageIds());
 
 		// Read the request
-		assertTrue(packetReader.hasRequest());
-		Request req = packetReader.readRequest();
+		assertTrue(recordReader.hasRequest());
+		Request req = recordReader.readRequest();
 		assertEquals(messageIds, req.getMessageIds());
 
 		in.close();

bramble-core/src/test/java/org/briarproject/bramble/sync/ValidationManagerImplTest.java

@@ -19,12 +19,12 @@ import org.briarproject.bramble.api.sync.ValidationManager.IncomingMessageHook;
 import org.briarproject.bramble.api.sync.ValidationManager.MessageValidator;
 import org.briarproject.bramble.api.sync.ValidationManager.State;
 import org.briarproject.bramble.api.sync.event.MessageAddedEvent;
-import org.briarproject.bramble.test.BrambleTestCase;
+import org.briarproject.bramble.test.BrambleMockTestCase;
 import org.briarproject.bramble.test.ImmediateExecutor;
 import org.briarproject.bramble.test.TestUtils;
 import org.briarproject.bramble.util.ByteUtils;
 import org.jmock.Expectations;
-import org.jmock.Mockery;
+import org.junit.Before;
 import org.junit.Test;
 
 import java.util.Arrays;
@@ -38,8 +38,18 @@ import static org.briarproject.bramble.api.sync.ValidationManager.State.INVALID;
 import static org.briarproject.bramble.api.sync.ValidationManager.State.PENDING;
 import static org.briarproject.bramble.api.sync.ValidationManager.State.UNKNOWN;
 
-public class ValidationManagerImplTest extends BrambleTestCase {
+public class ValidationManagerImplTest extends BrambleMockTestCase {
 
+	private final DatabaseComponent db = context.mock(DatabaseComponent.class);
+	private final MessageFactory messageFactory =
+			context.mock(MessageFactory.class);
+	private final MessageValidator validator =
+			context.mock(MessageValidator.class);
+	private final IncomingMessageHook hook =
+			context.mock(IncomingMessageHook.class);
+
+	private final Executor dbExecutor = new ImmediateExecutor();
+	private final Executor validationExecutor = new ImmediateExecutor();
 	private final ClientId clientId =
 			new ClientId(TestUtils.getRandomString(5));
 	private final MessageId messageId = new MessageId(TestUtils.getRandomId());
@@ -63,23 +73,58 @@ public class ValidationManagerImplTest extends BrambleTestCase {
 	private final MessageContext validResultWithDependencies =
 			new MessageContext(metadata, Collections.singletonList(messageId1));
 
+	private ValidationManagerImpl vm;
+
 	public ValidationManagerImplTest() {
 		// Encode the messages
 		System.arraycopy(groupId.getBytes(), 0, raw, 0, UniqueId.LENGTH);
 		ByteUtils.writeUint64(timestamp, raw, UniqueId.LENGTH);
 	}
 
+	@Before
+	public void setUp() {
+		vm = new ValidationManagerImpl(db, dbExecutor, validationExecutor,
+				messageFactory);
+		vm.registerMessageValidator(clientId, validator);
+		vm.registerIncomingMessageHook(clientId, hook);
+	}
+
+	@Test
+	public void testStartAndStop() throws Exception {
+		final Transaction txn = new Transaction(null, true);
+		final Transaction txn1 = new Transaction(null, true);
+		final Transaction txn2 = new Transaction(null, true);
+
+		context.checking(new Expectations() {{
+			// validateOutstandingMessages()
+			oneOf(db).startTransaction(true);
+			will(returnValue(txn));
+			oneOf(db).getMessagesToValidate(txn, clientId);
+			will(returnValue(Collections.emptyList()));
+			oneOf(db).commitTransaction(txn);
+			oneOf(db).endTransaction(txn);
+			// deliverOutstandingMessages()
+			oneOf(db).startTransaction(true);
+			will(returnValue(txn1));
+			oneOf(db).getPendingMessages(txn1, clientId);
+			will(returnValue(Collections.emptyList()));
+			oneOf(db).commitTransaction(txn1);
+			oneOf(db).endTransaction(txn1);
+			// shareOutstandingMessages()
+			oneOf(db).startTransaction(true);
+			will(returnValue(txn2));
+			oneOf(db).getMessagesToShare(txn2, clientId);
+			will(returnValue(Collections.emptyList()));
+			oneOf(db).commitTransaction(txn2);
+			oneOf(db).endTransaction(txn2);
+		}});
+
+		vm.startService();
+		vm.stopService();
+	}
+
 	@Test
 	public void testMessagesAreValidatedAtStartup() throws Exception {
-		Mockery context = new Mockery();
-		final DatabaseComponent db = context.mock(DatabaseComponent.class);
-		final Executor dbExecutor = new ImmediateExecutor();
-		final Executor cryptoExecutor = new ImmediateExecutor();
-		final MessageFactory messageFactory =
-				context.mock(MessageFactory.class);
-		final MessageValidator validator = context.mock(MessageValidator.class);
-		final IncomingMessageHook hook =
-				context.mock(IncomingMessageHook.class);
 		final Transaction txn = new Transaction(null, true);
 		final Transaction txn1 = new Transaction(null, true);
 		final Transaction txn2 = new Transaction(null, false);
@@ -87,6 +132,7 @@ public class ValidationManagerImplTest extends BrambleTestCase {
 		final Transaction txn4 = new Transaction(null, false);
 		final Transaction txn5 = new Transaction(null, true);
 		final Transaction txn6 = new Transaction(null, true);
+
 		context.checking(new Expectations() {{
 			// Get messages to validate
 			oneOf(db).startTransaction(true);
@@ -165,26 +211,11 @@ public class ValidationManagerImplTest extends BrambleTestCase {
 			oneOf(db).endTransaction(txn6);
 		}});
 
-		ValidationManagerImpl vm = new ValidationManagerImpl(db, dbExecutor,
-				cryptoExecutor, messageFactory);
-		vm.registerMessageValidator(clientId, validator);
-		vm.registerIncomingMessageHook(clientId, hook);
 		vm.startService();
-
-		context.assertIsSatisfied();
 	}
 
 	@Test
 	public void testPendingMessagesAreDeliveredAtStartup() throws Exception {
-		Mockery context = new Mockery();
-		final DatabaseComponent db = context.mock(DatabaseComponent.class);
-		final Executor dbExecutor = new ImmediateExecutor();
-		final Executor cryptoExecutor = new ImmediateExecutor();
-		final MessageFactory messageFactory =
-				context.mock(MessageFactory.class);
-		final MessageValidator validator = context.mock(MessageValidator.class);
-		final IncomingMessageHook hook =
-				context.mock(IncomingMessageHook.class);
 		final Transaction txn = new Transaction(null, true);
 		final Transaction txn1 = new Transaction(null, true);
 		final Transaction txn2 = new Transaction(null, false);
@@ -266,26 +297,11 @@ public class ValidationManagerImplTest extends BrambleTestCase {
 			oneOf(db).endTransaction(txn4);
 		}});
 
-		ValidationManagerImpl vm = new ValidationManagerImpl(db, dbExecutor,
-				cryptoExecutor, messageFactory);
-		vm.registerMessageValidator(clientId, validator);
-		vm.registerIncomingMessageHook(clientId, hook);
 		vm.startService();
-
-		context.assertIsSatisfied();
 	}
 
 	@Test
 	public void testMessagesAreSharedAtStartup() throws Exception {
-		Mockery context = new Mockery();
-		final DatabaseComponent db = context.mock(DatabaseComponent.class);
-		final Executor dbExecutor = new ImmediateExecutor();
-		final Executor cryptoExecutor = new ImmediateExecutor();
-		final MessageFactory messageFactory =
-				context.mock(MessageFactory.class);
-		final MessageValidator validator = context.mock(MessageValidator.class);
-		final IncomingMessageHook hook =
-				context.mock(IncomingMessageHook.class);
 		final Transaction txn = new Transaction(null, true);
 		final Transaction txn1 = new Transaction(null, true);
 		final Transaction txn2 = new Transaction(null, true);
@@ -333,29 +349,15 @@ public class ValidationManagerImplTest extends BrambleTestCase {
 			oneOf(db).endTransaction(txn4);
 		}});
 
-		ValidationManagerImpl vm = new ValidationManagerImpl(db, dbExecutor,
-				cryptoExecutor, messageFactory);
-		vm.registerMessageValidator(clientId, validator);
-		vm.registerIncomingMessageHook(clientId, hook);
 		vm.startService();
-
-		context.assertIsSatisfied();
 	}
 
 	@Test
 	public void testIncomingMessagesAreShared() throws Exception {
-		Mockery context = new Mockery();
-		final DatabaseComponent db = context.mock(DatabaseComponent.class);
-		final Executor dbExecutor = new ImmediateExecutor();
-		final Executor cryptoExecutor = new ImmediateExecutor();
-		final MessageFactory messageFactory =
-				context.mock(MessageFactory.class);
-		final MessageValidator validator = context.mock(MessageValidator.class);
-		final IncomingMessageHook hook =
-				context.mock(IncomingMessageHook.class);
 		final Transaction txn = new Transaction(null, true);
 		final Transaction txn1 = new Transaction(null, false);
 		final Transaction txn2 = new Transaction(null, false);
+
 		context.checking(new Expectations() {{
 			// Load the group
 			oneOf(db).startTransaction(true);
@@ -396,33 +398,19 @@ public class ValidationManagerImplTest extends BrambleTestCase {
 			oneOf(db).endTransaction(txn2);
 		}});
 
-		ValidationManagerImpl vm = new ValidationManagerImpl(db, dbExecutor,
-				cryptoExecutor, messageFactory);
-		vm.registerMessageValidator(clientId, validator);
-		vm.registerIncomingMessageHook(clientId, hook);
 		vm.eventOccurred(new MessageAddedEvent(message, contactId));
-
-		context.assertIsSatisfied();
 	}
 
 	@Test
 	public void testValidationContinuesAfterNoSuchMessageException()
 			throws Exception {
-		Mockery context = new Mockery();
-		final DatabaseComponent db = context.mock(DatabaseComponent.class);
-		final Executor dbExecutor = new ImmediateExecutor();
-		final Executor cryptoExecutor = new ImmediateExecutor();
-		final MessageFactory messageFactory =
-				context.mock(MessageFactory.class);
-		final MessageValidator validator = context.mock(MessageValidator.class);
-		final IncomingMessageHook hook =
-				context.mock(IncomingMessageHook.class);
 		final Transaction txn = new Transaction(null, true);
 		final Transaction txn1 = new Transaction(null, true);
 		final Transaction txn2 = new Transaction(null, true);
 		final Transaction txn3 = new Transaction(null, false);
 		final Transaction txn4 = new Transaction(null, true);
 		final Transaction txn5 = new Transaction(null, true);
+
 		context.checking(new Expectations() {{
 			// Get messages to validate
 			oneOf(db).startTransaction(true);
@@ -481,33 +469,19 @@ public class ValidationManagerImplTest extends BrambleTestCase {
 			oneOf(db).endTransaction(txn5);
 		}});
 
-		ValidationManagerImpl vm = new ValidationManagerImpl(db, dbExecutor,
-				cryptoExecutor, messageFactory);
-		vm.registerMessageValidator(clientId, validator);
-		vm.registerIncomingMessageHook(clientId, hook);
 		vm.startService();
-
-		context.assertIsSatisfied();
 	}
 
 	@Test
 	public void testValidationContinuesAfterNoSuchGroupException()
 			throws Exception {
-		Mockery context = new Mockery();
-		final DatabaseComponent db = context.mock(DatabaseComponent.class);
-		final Executor dbExecutor = new ImmediateExecutor();
-		final Executor cryptoExecutor = new ImmediateExecutor();
-		final MessageFactory messageFactory =
-				context.mock(MessageFactory.class);
-		final MessageValidator validator = context.mock(MessageValidator.class);
-		final IncomingMessageHook hook =
-				context.mock(IncomingMessageHook.class);
 		final Transaction txn = new Transaction(null, true);
 		final Transaction txn1 = new Transaction(null, true);
 		final Transaction txn2 = new Transaction(null, true);
 		final Transaction txn3 = new Transaction(null, false);
 		final Transaction txn4 = new Transaction(null, true);
 		final Transaction txn5 = new Transaction(null, true);
+
 		context.checking(new Expectations() {{
 			// Get messages to validate
 			oneOf(db).startTransaction(true);
@@ -571,28 +545,14 @@ public class ValidationManagerImplTest extends BrambleTestCase {
 			oneOf(db).endTransaction(txn5);
 		}});
 
-		ValidationManagerImpl vm = new ValidationManagerImpl(db, dbExecutor,
-				cryptoExecutor, messageFactory);
-		vm.registerMessageValidator(clientId, validator);
-		vm.registerIncomingMessageHook(clientId, hook);
 		vm.startService();
-
-		context.assertIsSatisfied();
 	}
 
 	@Test
 	public void testNonLocalMessagesAreValidatedWhenAdded() throws Exception {
-		Mockery context = new Mockery();
-		final DatabaseComponent db = context.mock(DatabaseComponent.class);
-		final Executor dbExecutor = new ImmediateExecutor();
-		final Executor cryptoExecutor = new ImmediateExecutor();
-		final MessageFactory messageFactory =
-				context.mock(MessageFactory.class);
-		final MessageValidator validator = context.mock(MessageValidator.class);
-		final IncomingMessageHook hook =
-				context.mock(IncomingMessageHook.class);
 		final Transaction txn = new Transaction(null, true);
 		final Transaction txn1 = new Transaction(null, false);
+
 		context.checking(new Expectations() {{
 			// Load the group
 			oneOf(db).startTransaction(true);
@@ -619,51 +579,20 @@ public class ValidationManagerImplTest extends BrambleTestCase {
 			oneOf(db).endTransaction(txn1);
 		}});
 
-		ValidationManagerImpl vm = new ValidationManagerImpl(db, dbExecutor,
-				cryptoExecutor, messageFactory);
-		vm.registerMessageValidator(clientId, validator);
-		vm.registerIncomingMessageHook(clientId, hook);
 		vm.eventOccurred(new MessageAddedEvent(message, contactId));
-
-		context.assertIsSatisfied();
 	}
 
 	@Test
 	public void testLocalMessagesAreNotValidatedWhenAdded() throws Exception {
-		Mockery context = new Mockery();
-		final DatabaseComponent db = context.mock(DatabaseComponent.class);
-		final Executor dbExecutor = new ImmediateExecutor();
-		final Executor cryptoExecutor = new ImmediateExecutor();
-		final MessageFactory messageFactory =
-				context.mock(MessageFactory.class);
-		final MessageValidator validator = context.mock(MessageValidator.class);
-		final IncomingMessageHook hook =
-				context.mock(IncomingMessageHook.class);
-
-		ValidationManagerImpl vm = new ValidationManagerImpl(db, dbExecutor,
-				cryptoExecutor, messageFactory);
-		vm.registerMessageValidator(clientId, validator);
-		vm.registerIncomingMessageHook(clientId, hook);
 		vm.eventOccurred(new MessageAddedEvent(message, null));
-
-		context.assertIsSatisfied();
 	}
 
 	@Test
 	public void testMessagesWithUndeliveredDependenciesArePending()
 			throws Exception {
-
-		Mockery context = new Mockery();
-		final DatabaseComponent db = context.mock(DatabaseComponent.class);
-		final Executor dbExecutor = new ImmediateExecutor();
-		final Executor cryptoExecutor = new ImmediateExecutor();
-		final MessageFactory messageFactory =
-				context.mock(MessageFactory.class);
-		final MessageValidator validator = context.mock(MessageValidator.class);
-		final IncomingMessageHook hook =
-				context.mock(IncomingMessageHook.class);
 		final Transaction txn = new Transaction(null, true);
 		final Transaction txn1 = new Transaction(null, false);
+
 		context.checking(new Expectations() {{
 			// Load the group
 			oneOf(db).startTransaction(true);
@@ -688,29 +617,15 @@ public class ValidationManagerImplTest extends BrambleTestCase {
 			oneOf(db).endTransaction(txn1);
 		}});
 
-		ValidationManagerImpl vm = new ValidationManagerImpl(db, dbExecutor,
-				cryptoExecutor, messageFactory);
-		vm.registerMessageValidator(clientId, validator);
-		vm.registerIncomingMessageHook(clientId, hook);
 		vm.eventOccurred(new MessageAddedEvent(message, contactId));
-
-		context.assertIsSatisfied();
 	}
 
 	@Test
 	public void testMessagesWithDeliveredDependenciesGetDelivered()
 			throws Exception {
-		Mockery context = new Mockery();
-		final DatabaseComponent db = context.mock(DatabaseComponent.class);
-		final Executor dbExecutor = new ImmediateExecutor();
-		final Executor cryptoExecutor = new ImmediateExecutor();
-		final MessageFactory messageFactory =
-				context.mock(MessageFactory.class);
-		final MessageValidator validator = context.mock(MessageValidator.class);
-		final IncomingMessageHook hook =
-				context.mock(IncomingMessageHook.class);
 		final Transaction txn = new Transaction(null, true);
 		final Transaction txn1 = new Transaction(null, false);
+
 		context.checking(new Expectations() {{
 			// Load the group
 			oneOf(db).startTransaction(true);
@@ -741,30 +656,16 @@ public class ValidationManagerImplTest extends BrambleTestCase {
 			oneOf(db).endTransaction(txn1);
 		}});
 
-		ValidationManagerImpl vm = new ValidationManagerImpl(db, dbExecutor,
-				cryptoExecutor, messageFactory);
-		vm.registerMessageValidator(clientId, validator);
-		vm.registerIncomingMessageHook(clientId, hook);
 		vm.eventOccurred(new MessageAddedEvent(message, contactId));
-
-		context.assertIsSatisfied();
 	}
 
 	@Test
 	public void testMessagesWithInvalidDependenciesAreInvalid()
 			throws Exception {
-		Mockery context = new Mockery();
-		final DatabaseComponent db = context.mock(DatabaseComponent.class);
-		final Executor dbExecutor = new ImmediateExecutor();
-		final Executor cryptoExecutor = new ImmediateExecutor();
-		final MessageFactory messageFactory =
-				context.mock(MessageFactory.class);
-		final MessageValidator validator = context.mock(MessageValidator.class);
-		final IncomingMessageHook hook =
-				context.mock(IncomingMessageHook.class);
 		final Transaction txn = new Transaction(null, true);
 		final Transaction txn1 = new Transaction(null, false);
 		final Transaction txn2 = new Transaction(null, false);
+
 		context.checking(new Expectations() {{
 			// Load the group
 			oneOf(db).startTransaction(true);
@@ -809,26 +710,11 @@ public class ValidationManagerImplTest extends BrambleTestCase {
 			oneOf(db).endTransaction(txn2);
 		}});
 
-		ValidationManagerImpl vm = new ValidationManagerImpl(db, dbExecutor,
-				cryptoExecutor, messageFactory);
-		vm.registerMessageValidator(clientId, validator);
-		vm.registerIncomingMessageHook(clientId, hook);
 		vm.eventOccurred(new MessageAddedEvent(message, contactId));
-
-		context.assertIsSatisfied();
 	}
 
 	@Test
 	public void testRecursiveInvalidation() throws Exception {
-		Mockery context = new Mockery();
-		final DatabaseComponent db = context.mock(DatabaseComponent.class);
-		final Executor dbExecutor = new ImmediateExecutor();
-		final Executor cryptoExecutor = new ImmediateExecutor();
-		final MessageFactory messageFactory =
-				context.mock(MessageFactory.class);
-		final MessageValidator validator = context.mock(MessageValidator.class);
-		final IncomingMessageHook hook =
-				context.mock(IncomingMessageHook.class);
 		final MessageId messageId3 = new MessageId(TestUtils.getRandomId());
 		final MessageId messageId4 = new MessageId(TestUtils.getRandomId());
 		final Map<MessageId, State> twoDependents =
@@ -842,6 +728,7 @@ public class ValidationManagerImplTest extends BrambleTestCase {
 		final Transaction txn4 = new Transaction(null, false);
 		final Transaction txn5 = new Transaction(null, false);
 		final Transaction txn6 = new Transaction(null, false);
+
 		context.checking(new Expectations() {{
 			// Load the group
 			oneOf(db).startTransaction(true);
@@ -927,26 +814,11 @@ public class ValidationManagerImplTest extends BrambleTestCase {
 			oneOf(db).endTransaction(txn6);
 		}});
 
-		ValidationManagerImpl vm = new ValidationManagerImpl(db, dbExecutor,
-				cryptoExecutor, messageFactory);
-		vm.registerMessageValidator(clientId, validator);
-		vm.registerIncomingMessageHook(clientId, hook);
 		vm.eventOccurred(new MessageAddedEvent(message, contactId));
-
-		context.assertIsSatisfied();
 	}
 
 	@Test
 	public void testPendingDependentsGetDelivered() throws Exception {
-		Mockery context = new Mockery();
-		final DatabaseComponent db = context.mock(DatabaseComponent.class);
-		final Executor dbExecutor = new ImmediateExecutor();
-		final Executor cryptoExecutor = new ImmediateExecutor();
-		final MessageFactory messageFactory =
-				context.mock(MessageFactory.class);
-		final MessageValidator validator = context.mock(MessageValidator.class);
-		final IncomingMessageHook hook =
-				context.mock(IncomingMessageHook.class);
 		final MessageId messageId3 = new MessageId(TestUtils.getRandomId());
 		final MessageId messageId4 = new MessageId(TestUtils.getRandomId());
 		final Message message3 = new Message(messageId3, groupId, timestamp,
@@ -968,6 +840,7 @@ public class ValidationManagerImplTest extends BrambleTestCase {
 		final Transaction txn4 = new Transaction(null, false);
 		final Transaction txn5 = new Transaction(null, false);
 		final Transaction txn6 = new Transaction(null, false);
+
 		context.checking(new Expectations() {{
 			// Load the group
 			oneOf(db).startTransaction(true);
@@ -1100,26 +973,11 @@ public class ValidationManagerImplTest extends BrambleTestCase {
 			oneOf(db).endTransaction(txn6);
 		}});
 
-		ValidationManagerImpl vm = new ValidationManagerImpl(db, dbExecutor,
-				cryptoExecutor, messageFactory);
-		vm.registerMessageValidator(clientId, validator);
-		vm.registerIncomingMessageHook(clientId, hook);
 		vm.eventOccurred(new MessageAddedEvent(message, contactId));
-
-		context.assertIsSatisfied();
 	}
 
 	@Test
 	public void testOnlyReadyPendingDependentsGetDelivered() throws Exception {
-		Mockery context = new Mockery();
-		final DatabaseComponent db = context.mock(DatabaseComponent.class);
-		final Executor dbExecutor = new ImmediateExecutor();
-		final Executor cryptoExecutor = new ImmediateExecutor();
-		final MessageFactory messageFactory =
-				context.mock(MessageFactory.class);
-		final MessageValidator validator = context.mock(MessageValidator.class);
-		final IncomingMessageHook hook =
-				context.mock(IncomingMessageHook.class);
 		final Map<MessageId, State> twoDependencies =
 				new LinkedHashMap<MessageId, State>();
 		twoDependencies.put(messageId, DELIVERED);
@@ -1127,6 +985,7 @@ public class ValidationManagerImplTest extends BrambleTestCase {
 		final Transaction txn = new Transaction(null, true);
 		final Transaction txn1 = new Transaction(null, false);
 		final Transaction txn2 = new Transaction(null, false);
+
 		context.checking(new Expectations() {{
 			// Load the group
 			oneOf(db).startTransaction(true);
@@ -1162,86 +1021,6 @@ public class ValidationManagerImplTest extends BrambleTestCase {
 			oneOf(db).endTransaction(txn2);
 		}});
 
-		ValidationManagerImpl vm = new ValidationManagerImpl(db, dbExecutor,
-				cryptoExecutor, messageFactory);
-		vm.registerMessageValidator(clientId, validator);
-		vm.registerIncomingMessageHook(clientId, hook);
 		vm.eventOccurred(new MessageAddedEvent(message, contactId));
-
-		context.assertIsSatisfied();
 	}
-
-	@Test
-	public void testMessageDependencyCycle() throws Exception {
-		final MessageContext cycleContext = new MessageContext(metadata,
-				Collections.singletonList(messageId));
-
-		Mockery context = new Mockery();
-		final DatabaseComponent db = context.mock(DatabaseComponent.class);
-		final Executor dbExecutor = new ImmediateExecutor();
-		final Executor cryptoExecutor = new ImmediateExecutor();
-		final MessageFactory messageFactory =
-				context.mock(MessageFactory.class);
-		final MessageValidator validator = context.mock(MessageValidator.class);
-		final IncomingMessageHook hook =
-				context.mock(IncomingMessageHook.class);
-		final Transaction txn = new Transaction(null, true);
-		final Transaction txn1 = new Transaction(null, false);
-		final Transaction txn2 = new Transaction(null, true);
-		final Transaction txn3 = new Transaction(null, false);
-		context.checking(new Expectations() {{
-			// Load the group
-			oneOf(db).startTransaction(true);
-			will(returnValue(txn));
-			oneOf(db).getGroup(txn, groupId);
-			will(returnValue(group));
-			oneOf(db).commitTransaction(txn);
-			oneOf(db).endTransaction(txn);
-			// Validate the message: valid
-			oneOf(validator).validateMessage(message, group);
-			will(returnValue(validResultWithDependencies));
-			// Store the validation result
-			oneOf(db).startTransaction(false);
-			will(returnValue(txn1));
-			oneOf(db).addMessageDependencies(txn1, message,
-					validResultWithDependencies.getDependencies());
-			oneOf(db).getMessageDependencies(txn1, messageId);
-			will(returnValue(Collections.singletonMap(messageId1, UNKNOWN)));
-			oneOf(db).mergeMessageMetadata(txn1, messageId, metadata);
-			oneOf(db).setMessageState(txn1, messageId, PENDING);
-			oneOf(db).commitTransaction(txn1);
-			oneOf(db).endTransaction(txn1);
-			// Second message is coming in
-			oneOf(db).startTransaction(true);
-			will(returnValue(txn2));
-			oneOf(db).getGroup(txn2, groupId);
-			will(returnValue(group));
-			oneOf(db).commitTransaction(txn2);
-			oneOf(db).endTransaction(txn2);
-			// Validate the message: valid
-			oneOf(validator).validateMessage(message1, group);
-			will(returnValue(cycleContext));
-			// Store the validation result
-			oneOf(db).startTransaction(false);
-			will(returnValue(txn3));
-			oneOf(db).addMessageDependencies(txn3, message1,
-					cycleContext.getDependencies());
-			oneOf(db).getMessageDependencies(txn3, messageId1);
-			will(returnValue(Collections.singletonMap(messageId, PENDING)));
-			oneOf(db).mergeMessageMetadata(txn3, messageId1, metadata);
-			oneOf(db).setMessageState(txn3, messageId1, PENDING);
-			oneOf(db).commitTransaction(txn3);
-			oneOf(db).endTransaction(txn3);
-		}});
-
-		ValidationManagerImpl vm = new ValidationManagerImpl(db, dbExecutor,
-				cryptoExecutor, messageFactory);
-		vm.registerMessageValidator(clientId, validator);
-		vm.registerIncomingMessageHook(clientId, hook);
-		vm.eventOccurred(new MessageAddedEvent(message, contactId));
-		vm.eventOccurred(new MessageAddedEvent(message1, contactId));
-
-		context.assertIsSatisfied();
-	}
-
 }

bramble-core/src/test/java/org/briarproject/bramble/system/LinuxSecureRandomProviderTest.java

@@ -0,0 +1,57 @@
+package org.briarproject.bramble.system;
+
+import org.briarproject.bramble.test.BrambleTestCase;
+import org.briarproject.bramble.test.TestUtils;
+import org.briarproject.bramble.util.OsUtils;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.io.File;
+import java.security.Provider;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+
+public class LinuxSecureRandomProviderTest extends BrambleTestCase {
+
+	private final File testDir = TestUtils.getTestDirectory();
+
+	@Before
+	public void setUp() {
+		testDir.mkdirs();
+	}
+
+	@Test
+	public void testGetProviderWritesToRandomDeviceOnFirstCall()
+			throws Exception {
+		if (!(OsUtils.isLinux())) {
+			System.err.println("WARNING: Skipping test, can't run on this OS");
+			return;
+		}
+		// Redirect the provider's output to a file
+		File urandom = new File(testDir, "urandom");
+		urandom.delete();
+		assertTrue(urandom.createNewFile());
+		assertEquals(0, urandom.length());
+		LinuxSecureRandomProvider p = new LinuxSecureRandomProvider(urandom);
+		// Getting a provider should write entropy to the file
+		Provider provider = p.getProvider();
+		assertNotNull(provider);
+		assertEquals("LinuxPRNG", provider.getName());
+		// There should be at least 16 bytes from the clock, 8 from the runtime
+		long length = urandom.length();
+		assertTrue(length >= 24);
+		// Getting another provider should not write to the file again
+		provider = p.getProvider();
+		assertNotNull(provider);
+		assertEquals("LinuxPRNG", provider.getName());
+		assertEquals(length, urandom.length());
+	}
+
+	@After
+	public void tearDown() {
+		TestUtils.deleteTestDirectory(testDir);
+	}
+}

bramble-core/src/test/java/org/briarproject/bramble/system/LinuxSecureRandomSpiTest.java

@@ -0,0 +1,128 @@
+package org.briarproject.bramble.system;
+
+import org.briarproject.bramble.api.Bytes;
+import org.briarproject.bramble.test.BrambleTestCase;
+import org.briarproject.bramble.test.TestUtils;
+import org.briarproject.bramble.util.IoUtils;
+import org.briarproject.bramble.util.OsUtils;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.util.HashSet;
+import java.util.Set;
+
+import static org.junit.Assert.assertArrayEquals;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+
+public class LinuxSecureRandomSpiTest extends BrambleTestCase {
+
+	private static final File RANDOM_DEVICE = new File("/dev/urandom");
+	private static final int SEED_BYTES = 32;
+
+	private final File testDir = TestUtils.getTestDirectory();
+
+	@Before
+	public void setUp() {
+		testDir.mkdirs();
+	}
+
+	@Test
+	public void testSeedsAreDistinct() {
+		if (!(OsUtils.isLinux())) {
+			System.err.println("WARNING: Skipping test, can't run on this OS");
+			return;
+		}
+		Set<Bytes> seeds = new HashSet<Bytes>();
+		LinuxSecureRandomSpi engine = new LinuxSecureRandomSpi();
+		for (int i = 0; i < 1000; i++) {
+			byte[] seed = engine.engineGenerateSeed(SEED_BYTES);
+			assertEquals(SEED_BYTES, seed.length);
+			assertTrue(seeds.add(new Bytes(seed)));
+		}
+	}
+
+	@Test
+	public void testEngineSetSeedWritesToRandomDevice() throws Exception {
+		if (!(OsUtils.isLinux())) {
+			System.err.println("WARNING: Skipping test, can't run on this OS");
+			return;
+		}
+		// Redirect the engine's output to a file
+		File urandom = new File(testDir, "urandom");
+		urandom.delete();
+		assertTrue(urandom.createNewFile());
+		assertEquals(0, urandom.length());
+		// Generate a seed
+		byte[] seed = TestUtils.getRandomBytes(SEED_BYTES);
+		// Check that the engine writes the seed to the file
+		LinuxSecureRandomSpi engine = new LinuxSecureRandomSpi(RANDOM_DEVICE,
+				urandom);
+		engine.engineSetSeed(seed);
+		assertEquals(SEED_BYTES, urandom.length());
+		byte[] written = new byte[SEED_BYTES];
+		FileInputStream in = new FileInputStream(urandom);
+		IoUtils.read(in, written);
+		in.close();
+		assertArrayEquals(seed, written);
+	}
+
+	@Test
+	public void testEngineNextBytesReadsFromRandomDevice() throws Exception {
+		if (!(OsUtils.isLinux())) {
+			System.err.println("WARNING: Skipping test, can't run on this OS");
+			return;
+		}
+		// Generate some entropy
+		byte[] entropy = TestUtils.getRandomBytes(SEED_BYTES);
+		// Write the entropy to a file
+		File urandom = new File(testDir, "urandom");
+		urandom.delete();
+		FileOutputStream out = new FileOutputStream(urandom);
+		out.write(entropy);
+		out.flush();
+		out.close();
+		assertTrue(urandom.exists());
+		assertEquals(SEED_BYTES, urandom.length());
+		// Check that the engine reads from the file
+		LinuxSecureRandomSpi engine = new LinuxSecureRandomSpi(urandom,
+				RANDOM_DEVICE);
+		byte[] b = new byte[SEED_BYTES];
+		engine.engineNextBytes(b);
+		assertArrayEquals(entropy, b);
+	}
+
+	@Test
+	public void testEngineGenerateSeedReadsFromRandomDevice() throws Exception {
+		if (!(OsUtils.isLinux())) {
+			System.err.println("WARNING: Skipping test, can't run on this OS");
+			return;
+		}
+		// Generate some entropy
+		byte[] entropy = TestUtils.getRandomBytes(SEED_BYTES);
+		// Write the entropy to a file
+		File urandom = new File(testDir, "urandom");
+		urandom.delete();
+		FileOutputStream out = new FileOutputStream(urandom);
+		out.write(entropy);
+		out.flush();
+		out.close();
+		assertTrue(urandom.exists());
+		assertEquals(SEED_BYTES, urandom.length());
+		// Check that the engine reads from the file
+		LinuxSecureRandomSpi engine = new LinuxSecureRandomSpi(urandom,
+				RANDOM_DEVICE);
+		byte[] b = engine.engineGenerateSeed(SEED_BYTES);
+		assertArrayEquals(entropy, b);
+	}
+
+	@After
+	public void tearDown() {
+		TestUtils.deleteTestDirectory(testDir);
+	}
+}

bramble-core/src/test/java/org/briarproject/bramble/system/LinuxSeedProviderTest.java

@@ -1,90 +0,0 @@
-package org.briarproject.bramble.system;
-
-import org.briarproject.bramble.api.Bytes;
-import org.briarproject.bramble.test.BrambleTestCase;
-import org.briarproject.bramble.test.TestUtils;
-import org.briarproject.bramble.util.OsUtils;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
-
-import java.io.File;
-import java.io.FileOutputStream;
-import java.util.HashSet;
-import java.util.Set;
-
-import static org.briarproject.bramble.api.system.SeedProvider.SEED_BYTES;
-import static org.junit.Assert.assertArrayEquals;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertTrue;
-
-public class LinuxSeedProviderTest extends BrambleTestCase {
-
-	private final File testDir = TestUtils.getTestDirectory();
-
-	@Before
-	public void setUp() {
-		testDir.mkdirs();
-	}
-
-	@Test
-	public void testSeedAppearsSane() {
-		if (!(OsUtils.isLinux())) {
-			System.err.println("WARNING: Skipping test, can't run on this OS");
-			return;
-		}
-		Set<Bytes> seeds = new HashSet<Bytes>();
-		LinuxSeedProvider p = new LinuxSeedProvider();
-		for (int i = 0; i < 1000; i++) {
-			byte[] seed = p.getSeed();
-			assertEquals(SEED_BYTES, seed.length);
-			assertTrue(seeds.add(new Bytes(seed)));
-		}
-	}
-
-	@Test
-	public void testEntropyIsWrittenToPool() throws Exception {
-		if (!(OsUtils.isLinux())) {
-			System.err.println("WARNING: Skipping test, can't run on this OS");
-			return;
-		}
-		// Redirect the provider's entropy to a file
-		File urandom = new File(testDir, "urandom");
-		urandom.delete();
-		assertTrue(urandom.createNewFile());
-		assertEquals(0, urandom.length());
-		String path = urandom.getAbsolutePath();
-		LinuxSeedProvider p = new LinuxSeedProvider(path, "/dev/urandom");
-		p.getSeed();
-		// There should be 16 bytes from the clock, plus network interfaces
-		assertTrue(urandom.length() > 20);
-	}
-
-	@Test
-	public void testSeedIsReadFromPool() throws Exception {
-		if (!(OsUtils.isLinux())) {
-			System.err.println("WARNING: Skipping test, can't run on this OS");
-			return;
-		}
-		// Generate a seed
-		byte[] seed = TestUtils.getRandomBytes(SEED_BYTES);
-		// Write the seed to a file
-		File urandom = new File(testDir, "urandom");
-		urandom.delete();
-		FileOutputStream out = new FileOutputStream(urandom);
-		out.write(seed);
-		out.flush();
-		out.close();
-		assertTrue(urandom.exists());
-		assertEquals(SEED_BYTES, urandom.length());
-		// Check that the provider reads the seed from the file
-		String path = urandom.getAbsolutePath();
-		LinuxSeedProvider p = new LinuxSeedProvider("/dev/urandom", path);
-		assertArrayEquals(seed, p.getSeed());
-	}
-
-	@After
-	public void tearDown() {
-		TestUtils.deleteTestDirectory(testDir);
-	}
-}

bramble-core/src/test/java/org/briarproject/bramble/test/TestSecureRandomProvider.java

@@ -0,0 +1,16 @@
+package org.briarproject.bramble.test;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.system.SecureRandomProvider;
+
+import java.security.Provider;
+
+@NotNullByDefault
+public class TestSecureRandomProvider implements SecureRandomProvider {
+
+	@Override
+	public Provider getProvider() {
+		// Use the default provider
+		return null;
+	}
+}

bramble-core/src/test/java/org/briarproject/bramble/test/TestSeedProvider.java

@@ -1,13 +0,0 @@
-package org.briarproject.bramble.test;
-
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.briarproject.bramble.api.system.SeedProvider;
-
-@NotNullByDefault
-public class TestSeedProvider implements SeedProvider {
-
-	@Override
-	public byte[] getSeed() {
-		return TestUtils.getRandomBytes(32);
-	}
-}

bramble-core/src/test/java/org/briarproject/bramble/test/TestSeedProviderModule.java

@@ -1,6 +1,6 @@
 package org.briarproject.bramble.test;
 
-import org.briarproject.bramble.api.system.SeedProvider;
+import org.briarproject.bramble.api.system.SecureRandomProvider;
 
 import javax.inject.Singleton;
 
@@ -12,7 +12,7 @@ public class TestSeedProviderModule {
 
 	@Provides
 	@Singleton
-	SeedProvider provideSeedProvider() {
-		return new TestSeedProvider();
+	SecureRandomProvider provideSeedProvider() {
+		return new TestSecureRandomProvider();
 	}
 }