WIP: BluetoothPlugin: adds abstract superclass

The droidtooth plugin and bluetooth plugins share a lot of common code.
Add an abstract superclass that shares the common code between both
classes.

.gitlab-ci.yml

@@ -1,29 +0,0 @@
-image: registry.gitlab.com/fdroid/ci-images-base:latest
-
-cache:
-  paths:
-    - .gradle/wrapper
-    - .gradle/caches
-
-before_script:
-  - set -e
-  - export GRADLE_USER_HOME=$PWD/.gradle
-  # Accept the license for the Android build tools
-  - echo y | /opt/android-sdk/tools/bin/sdkmanager "build-tools;26.0.2"
-  # Download OpenJDK 6 so we can compile against its standard library
-  - JDK_FILE=openjdk-6-jre-headless_6b38-1.13.10-1~deb7u1_amd64.deb
-  - if [ ! -d openjdk ]
-  - then
-  - wget -q http://ftp.uk.debian.org/debian/pool/main/o/openjdk-6/$JDK_FILE
-  - dpkg-deb -x $JDK_FILE openjdk
-  - fi
-  - export JAVA_6_HOME=$PWD/openjdk/usr/lib/jvm/java-6-openjdk-amd64
-
-test:
-  script:
-    - ./gradlew test
-
-after_script:
-    # this file changes every time but should not be cached
-    - rm -f $GRADLE_USER_HOME/caches/modules-2/modules-2.lock
-    - rm -fr $GRADLE_USER_HOME/caches/*/plugin-resolution/

.idea/runConfigurations/H2_Performance_Test.xml

@@ -1,23 +0,0 @@
-<component name="ProjectRunConfigurationManager">
-  <configuration default="false" name="H2 Performance Test" type="AndroidJUnit" factoryName="Android JUnit">
-    <extension name="coverage" enabled="false" merge="false" sample_coverage="true" runner="idea" />
-    <module name="bramble-core" />
-    <option name="ALTERNATIVE_JRE_PATH_ENABLED" value="false" />
-    <option name="ALTERNATIVE_JRE_PATH" />
-    <option name="PACKAGE_NAME" value="org.briarproject.bramble.db" />
-    <option name="MAIN_CLASS_NAME" value="org.briarproject.bramble.db.H2DatabasePerformanceTest" />
-    <option name="METHOD_NAME" value="" />
-    <option name="TEST_OBJECT" value="class" />
-    <option name="VM_PARAMETERS" value="-ea" />
-    <option name="PARAMETERS" value="" />
-    <option name="WORKING_DIRECTORY" value="" />
-    <option name="ENV_VARIABLES" />
-    <option name="PASS_PARENT_ENVS" value="true" />
-    <option name="TEST_SEARCH_SCOPE">
-      <value defaultName="singleModule" />
-    </option>
-    <envs />
-    <patterns />
-    <method />
-  </configuration>
-</component>

.idea/runConfigurations/HyperSQL_Performance_Test.xml

@@ -1,23 +0,0 @@
-<component name="ProjectRunConfigurationManager">
-  <configuration default="false" name="HyperSQL Performance Test" type="AndroidJUnit" factoryName="Android JUnit">
-    <extension name="coverage" enabled="false" merge="false" sample_coverage="true" runner="idea" />
-    <module name="bramble-core" />
-    <option name="ALTERNATIVE_JRE_PATH_ENABLED" value="false" />
-    <option name="ALTERNATIVE_JRE_PATH" />
-    <option name="PACKAGE_NAME" value="org.briarproject.bramble.db" />
-    <option name="MAIN_CLASS_NAME" value="org.briarproject.bramble.db.HyperSqlDatabasePerformanceTest" />
-    <option name="METHOD_NAME" value="" />
-    <option name="TEST_OBJECT" value="class" />
-    <option name="VM_PARAMETERS" value="-ea" />
-    <option name="PARAMETERS" value="" />
-    <option name="WORKING_DIRECTORY" value="" />
-    <option name="ENV_VARIABLES" />
-    <option name="PASS_PARENT_ENVS" value="true" />
-    <option name="TEST_SEARCH_SCOPE">
-      <value defaultName="singleModule" />
-    </option>
-    <envs />
-    <patterns />
-    <method />
-  </configuration>
-</component>

bramble-android/build.gradle

@@ -6,91 +6,99 @@ apply plugin: 'witness'
 apply plugin: 'de.undercouch.download'
 
 android {
-	compileSdkVersion 27
+	compileSdkVersion 23
-	buildToolsVersion '26.0.2'
+	buildToolsVersion "23.0.3"
 
 	defaultConfig {
 		minSdkVersion 14
-		targetSdkVersion 26
+		targetSdkVersion 22
-		versionCode 1700
+		versionCode 1
-		versionName "0.17.0"
+		versionName "1.0"
 		consumerProguardFiles 'proguard-rules.txt'
 	}
 
 	compileOptions {
-		sourceCompatibility JavaVersion.VERSION_1_8
+		sourceCompatibility JavaVersion.VERSION_1_7
-		targetCompatibility JavaVersion.VERSION_1_8
+		targetCompatibility JavaVersion.VERSION_1_7
 	}
 }
 
 dependencies {
-	implementation project(path: ':bramble-core', configuration: 'default')
+	compile project(':bramble-core')
-	implementation fileTree(dir: 'libs', include: '*.jar')
+	compile fileTree(dir: 'libs', include: ['*.jar'])
-
+	provided 'javax.annotation:jsr250-api:1.0'
-	annotationProcessor 'com.google.dagger:dagger-compiler:2.0.2'
-
-	compileOnly 'javax.annotation:jsr250-api:1.0'
 }
 
-dependencyVerification {
+def torBinaryDir = 'src/main/res/raw'
-	verify = [
+
-			'com.google.code.findbugs:jsr305:3.0.2:jsr305-3.0.2.jar:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7',
+task downloadTorGeoIp(type: Download) {
-			'com.google.dagger:dagger-compiler:2.0.2:dagger-compiler-2.0.2.jar:b74bc9de063dd4c6400b232231f2ef5056145b8fbecbf5382012007dd1c071b3',
+	src 'https://briarproject.org/build/geoip-2015-12-01.zip'
-			'com.google.dagger:dagger-producers:2.0-beta:dagger-producers-2.0-beta.jar:99ec15e8a0507ba569e7655bc1165ee5e5ca5aa914b3c8f7e2c2458f724edd6b',
+	dest "$torBinaryDir/geoip.zip"
-			'com.google.dagger:dagger:2.0.2:dagger-2.0.2.jar:84c0282ed8be73a29e0475d639da030b55dee72369e58dd35ae7d4fe6243dcf9',
+	onlyIfNewer true
-			'com.google.guava:guava:18.0:guava-18.0.jar:d664fbfc03d2e5ce9cab2a44fb01f1d0bf9dfebeccc1a473b1f9ea31f79f6f99',
-			'com.h2database:h2:1.4.192:h2-1.4.192.jar:225b22e9857235c46c93861410b60b8c81c10dc8985f4faf188985ba5445126c',
-			'com.madgag.spongycastle:core:1.58.0.0:core-1.58.0.0.jar:199617dd5698c5a9312b898c0a4cec7ce9dd8649d07f65d91629f58229d72728',
-			'javax.annotation:jsr250-api:1.0:jsr250-api-1.0.jar:a1a922d0d9b6d183ed3800dfac01d1e1eb159f0e8c6f94736931c1def54a941f',
-			'javax.inject:javax.inject:1:javax.inject-1.jar:91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff',
-			'net.i2p.crypto:eddsa:0.2.0:eddsa-0.2.0.jar:a7cb1b85c16e2f0730b9204106929a1d9aaae1df728adc7041a8b8b605692140',
-			'org.bitlet:weupnp:0.1.4:weupnp-0.1.4.jar:88df7e6504929d00bdb832863761385c68ab92af945b04f0770b126270a444fb',
-			'org.jacoco:org.jacoco.agent:0.7.4.201502262128:org.jacoco.agent-0.7.4.201502262128-runtime.jar:e357a0f1d573c2f702a273992b1b6cb661734f66311854efb3778a888515c5b5',
-			'org.jacoco:org.jacoco.agent:0.7.4.201502262128:org.jacoco.agent-0.7.4.201502262128.jar:47b4bec6df11a1118da3953da8b9fa1e7079d6fec857faa1a3cf912e53a6fd4e',
-			'org.jacoco:org.jacoco.ant:0.7.4.201502262128:org.jacoco.ant-0.7.4.201502262128.jar:013ce2a68ba57a3c59215ae0dec4df3498c078062a38c3b94c841fc14450f283',
-			'org.jacoco:org.jacoco.core:0.7.4.201502262128:org.jacoco.core-0.7.4.201502262128.jar:ec4c74554312fac5116350164786f91b35c9e082fa4ea598bfa42b5db05d7abb',
-			'org.jacoco:org.jacoco.report:0.7.4.201502262128:org.jacoco.report-0.7.4.201502262128.jar:7a3554c605e088e7e323b1084656243f0444fa353e2f2dee1f1a4204eb64ff09',
-			'org.ow2.asm:asm-debug-all:5.0.1:asm-debug-all-5.0.1.jar:4734de5b515a454b0096db6971fb068e5f70e6f10bbee2b3bd2fdfe5d978ed57',
-	]
 }
 
-ext.torBinaryDir = 'src/main/res/raw'
+task downloadTorBinaryArm(type: Download) {
-ext.torVersion = '0.2.9.14'
+	src 'https://briarproject.org/build/tor-0.2.7.6-arm.zip'
-ext.geoipVersion = '2017-11-06'
+	dest "$torBinaryDir/tor_arm.zip"
-ext.torDownloadUrl = 'https://briarproject.org/build/'
+	onlyIfNewer true
-
-def torBinaries = [
-		"tor_arm"    : '1710ea6c47b7f4c1a88bdf4858c7893837635db10e8866854eed8d61629f50e8',
-		"tor_arm_pie": '974e6949507db8fa2ea45231817c2c3677ed4ccf5488a2252317d744b0be1917',
-		"tor_x86"    : '3a5e45b3f051fcda9353b098b7086e762ffe7ba9242f7d7c8bf6523faaa8b1e9',
-		"tor_x86_pie": 'd1d96d8ce1a4b68accf04850185780d10cd5563d3552f7e1f040f8ca32cb4e51',
-		"geoip"      : '8239b98374493529a29096e45fc5877d4d6fdad0146ad8380b291f90d61484ea'
-]
-
-def downloadBinary(name) {
-	return tasks.create("downloadBinary${name}", Download) {
-		src "${torDownloadUrl}${name}.zip"
-				.replace('tor_', "tor-${torVersion}-")
-				.replace('geoip', "geoip-${geoipVersion}")
-				.replaceAll('_', '-')
-		dest "${torBinaryDir}/${name}.zip"
-		onlyIfNewer true
-	}
 }
 
-def verifyBinary(name, chksum) {
+task downloadTorBinaryArmPie(type: Download) {
-	return tasks.create([
+	src 'https://briarproject.org/build/tor-0.2.7.6-arm-pie.zip'
-			name     : "verifyBinary${name}",
+	dest "$torBinaryDir/tor_arm_pie.zip"
-			type     : Verify,
+	onlyIfNewer true
-			dependsOn: downloadBinary(name)]) {
+}
-		src "${torBinaryDir}/${name}.zip"
+
-		algorithm 'SHA-256'
+task downloadTorBinaryX86(type: Download) {
-		checksum chksum
+	src 'https://briarproject.org/build/tor-0.2.7.6-x86.zip'
-	}
+	dest "$torBinaryDir/tor_x86.zip"
+	onlyIfNewer true
+}
+
+task downloadTorBinaryX86Pie(type: Download) {
+	src 'https://briarproject.org/build/tor-0.2.7.6-x86-pie.zip'
+	dest "$torBinaryDir/tor_x86_pie.zip"
+	onlyIfNewer true
+}
+
+task verifyTorGeoIp(type: Verify, dependsOn: 'downloadTorGeoIp') {
+	src "$torBinaryDir/geoip.zip"
+	algorithm 'SHA-256'
+	checksum '9bcdaf0a7ba0933735328d8ec466c25c25dbb459efc2bce9e55c774eabea5162'
+}
+
+task verifyTorBinaryArm(type: Verify, dependsOn: 'downloadTorBinaryArm') {
+	src "$torBinaryDir/tor_arm.zip"
+	algorithm 'SHA-256'
+	checksum '83272962eda701cd5d74d2418651c4ff0f0b1dff51f558a292d1a1c42bf12146'
+}
+
+task verifyTorBinaryArmPie(type: Verify, dependsOn: 'downloadTorBinaryArmPie') {
+	src "$torBinaryDir/tor_arm_pie.zip"
+	algorithm 'SHA-256'
+	checksum 'd0300d1e45de11ebb24ed62b9c492be9c2e88590b7822195ab38c7a76ffcf646'
+}
+
+task verifyTorBinaryX86(type: Verify, dependsOn: 'downloadTorBinaryX86') {
+	src "$torBinaryDir/tor_x86.zip"
+	algorithm 'SHA-256'
+	checksum 'b8813d97b01ee1b9c9a4233c1b9bbe9f9f6b494ae6f9cbd84de8a3911911615e'
+}
+
+task verifyTorBinaryX86Pie(type: Verify, dependsOn: 'downloadTorBinaryX86Pie') {
+	src "$torBinaryDir/tor_x86_pie.zip"
+	algorithm 'SHA-256'
+	checksum '9c66e765aa196dc089951a1b2140cc8290305c2fcbf365121f99e01a233baf4e'
 }
 
 project.afterEvaluate {
-	torBinaries.every { key, value ->
+	preBuild.dependsOn {
-		preBuild.dependsOn.add(verifyBinary(key, value))
+		[
+				'verifyTorGeoIp',
+				'verifyTorBinaryArm',
+				'verifyTorBinaryArmPie',
+				'verifyTorBinaryX86',
+				'verifyTorBinaryX86Pie'
+		]
 	}
 }

bramble-android/proguard-rules.txt

@@ -8,10 +8,6 @@
 -dontwarn dagger.**
 -dontnote dagger.**
 
--keep class net.i2p.crypto.eddsa.** { *; }
-
--keep class org.whispersystems.curve25519.** { *; }
-
 -dontwarn sun.misc.Unsafe
 -dontnote com.google.common.**
 

bramble-android/src/main/AndroidManifest.xml

@@ -11,6 +11,8 @@
 	<uses-permission android:name="android.permission.INTERNET"/>
 	<uses-permission android:name="android.permission.READ_LOGS"/>
 	<uses-permission android:name="android.permission.WAKE_LOCK"/>
+	<!-- Since API 23, this is needed to add contacts via Bluetooth -->
+	<uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION"/>
 
 	<application
 		android:allowBackup="false"

bramble-android/src/main/java/org/briarproject/bramble/plugin/AndroidPluginModule.java

@@ -13,8 +13,7 @@ import org.briarproject.bramble.api.plugin.simplex.SimplexPluginFactory;
 import org.briarproject.bramble.api.reporting.DevReporter;
 import org.briarproject.bramble.api.system.AndroidExecutor;
 import org.briarproject.bramble.api.system.LocationUtils;
-import org.briarproject.bramble.api.system.Scheduler;
+import org.briarproject.bramble.plugin.droidtooth.DroidtoothPluginFactory;
-import org.briarproject.bramble.plugin.bluetooth.AndroidBluetoothPluginFactory;
 import org.briarproject.bramble.plugin.tcp.AndroidLanTcpPluginFactory;
 import org.briarproject.bramble.plugin.tor.TorPluginFactory;
 
@@ -23,7 +22,6 @@ import java.util.Arrays;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.concurrent.Executor;
-import java.util.concurrent.ScheduledExecutorService;
 
 import javax.net.SocketFactory;
 
@@ -35,21 +33,19 @@ public class AndroidPluginModule {
 
 	@Provides
 	PluginConfig providePluginConfig(@IoExecutor Executor ioExecutor,
-			@Scheduler ScheduledExecutorService scheduler,
 			AndroidExecutor androidExecutor, SecureRandom random,
 			SocketFactory torSocketFactory, BackoffFactory backoffFactory,
 			Application app, LocationUtils locationUtils, DevReporter reporter,
 			EventBus eventBus) {
 		Context appContext = app.getApplicationContext();
-		DuplexPluginFactory bluetooth =
+		DuplexPluginFactory bluetooth = new DroidtoothPluginFactory(ioExecutor,
-				new AndroidBluetoothPluginFactory(ioExecutor, androidExecutor,
+				androidExecutor, appContext, random, backoffFactory);
-						appContext, random, eventBus, backoffFactory);
+		DuplexPluginFactory tor = new TorPluginFactory(ioExecutor, appContext,
-		DuplexPluginFactory tor = new TorPluginFactory(ioExecutor, scheduler,
+				locationUtils, reporter, eventBus, torSocketFactory,
-				appContext, locationUtils, reporter, eventBus,
+				backoffFactory);
-				torSocketFactory, backoffFactory);
 		DuplexPluginFactory lan = new AndroidLanTcpPluginFactory(ioExecutor,
 				backoffFactory, appContext);
-		Collection<DuplexPluginFactory> duplex =
+		final Collection<DuplexPluginFactory> duplex =
 				Arrays.asList(bluetooth, tor, lan);
 		@NotNullByDefault
 		PluginConfig pluginConfig = new PluginConfig() {

bramble-android/src/main/java/org/briarproject/bramble/plugin/bluetooth/AndroidBluetoothPlugin.java

@@ -1,258 +0,0 @@
-package org.briarproject.bramble.plugin.bluetooth;
-
-import android.bluetooth.BluetoothAdapter;
-import android.bluetooth.BluetoothDevice;
-import android.bluetooth.BluetoothServerSocket;
-import android.bluetooth.BluetoothSocket;
-import android.content.BroadcastReceiver;
-import android.content.Context;
-import android.content.Intent;
-import android.content.IntentFilter;
-
-import org.briarproject.bramble.api.nullsafety.MethodsNotNullByDefault;
-import org.briarproject.bramble.api.nullsafety.ParametersNotNullByDefault;
-import org.briarproject.bramble.api.plugin.Backoff;
-import org.briarproject.bramble.api.plugin.PluginException;
-import org.briarproject.bramble.api.plugin.duplex.DuplexPluginCallback;
-import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
-import org.briarproject.bramble.api.system.AndroidExecutor;
-import org.briarproject.bramble.util.AndroidUtils;
-
-import java.io.Closeable;
-import java.io.IOException;
-import java.security.SecureRandom;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.UUID;
-import java.util.concurrent.ExecutionException;
-import java.util.concurrent.Executor;
-import java.util.logging.Logger;
-
-import javax.annotation.Nullable;
-
-import static android.bluetooth.BluetoothAdapter.ACTION_SCAN_MODE_CHANGED;
-import static android.bluetooth.BluetoothAdapter.ACTION_STATE_CHANGED;
-import static android.bluetooth.BluetoothAdapter.EXTRA_SCAN_MODE;
-import static android.bluetooth.BluetoothAdapter.EXTRA_STATE;
-import static android.bluetooth.BluetoothAdapter.SCAN_MODE_CONNECTABLE;
-import static android.bluetooth.BluetoothAdapter.SCAN_MODE_CONNECTABLE_DISCOVERABLE;
-import static android.bluetooth.BluetoothAdapter.SCAN_MODE_NONE;
-import static android.bluetooth.BluetoothAdapter.STATE_OFF;
-import static android.bluetooth.BluetoothAdapter.STATE_ON;
-import static android.bluetooth.BluetoothDevice.ACTION_BOND_STATE_CHANGED;
-import static android.bluetooth.BluetoothDevice.BOND_BONDED;
-import static android.bluetooth.BluetoothDevice.BOND_BONDING;
-import static android.bluetooth.BluetoothDevice.BOND_NONE;
-import static android.bluetooth.BluetoothDevice.EXTRA_BOND_STATE;
-import static android.bluetooth.BluetoothDevice.EXTRA_DEVICE;
-import static android.bluetooth.BluetoothDevice.EXTRA_PREVIOUS_BOND_STATE;
-import static java.util.logging.Level.INFO;
-import static java.util.logging.Level.WARNING;
-import static org.briarproject.bramble.util.PrivacyUtils.scrubMacAddress;
-
-@MethodsNotNullByDefault
-@ParametersNotNullByDefault
-class AndroidBluetoothPlugin extends BluetoothPlugin<BluetoothServerSocket> {
-
-	private static final Logger LOG =
-			Logger.getLogger(AndroidBluetoothPlugin.class.getName());
-
-	private final AndroidExecutor androidExecutor;
-	private final Context appContext;
-
-	private volatile boolean wasEnabledByUs = false;
-	private volatile BluetoothStateReceiver receiver = null;
-
-	// Non-null if the plugin started successfully
-	private volatile BluetoothAdapter adapter = null;
-
-	AndroidBluetoothPlugin(BluetoothConnectionManager connectionManager,
-			Executor ioExecutor, AndroidExecutor androidExecutor,
-			Context appContext, SecureRandom secureRandom, Backoff backoff,
-			DuplexPluginCallback callback, int maxLatency) {
-		super(connectionManager, ioExecutor, secureRandom, backoff, callback,
-				maxLatency);
-		this.androidExecutor = androidExecutor;
-		this.appContext = appContext;
-	}
-
-	@Override
-	public void start() throws PluginException {
-		super.start();
-		// Listen for changes to the Bluetooth state
-		IntentFilter filter = new IntentFilter();
-		filter.addAction(ACTION_STATE_CHANGED);
-		filter.addAction(ACTION_SCAN_MODE_CHANGED);
-		filter.addAction(ACTION_BOND_STATE_CHANGED);
-		receiver = new BluetoothStateReceiver();
-		appContext.registerReceiver(receiver, filter);
-	}
-
-	@Override
-	public void stop() {
-		super.stop();
-		if (receiver != null) appContext.unregisterReceiver(receiver);
-	}
-
-	@Override
-	void initialiseAdapter() throws IOException {
-		// BluetoothAdapter.getDefaultAdapter() must be called on a thread
-		// with a message queue, so submit it to the AndroidExecutor
-		try {
-			adapter = androidExecutor.runOnBackgroundThread(
-					BluetoothAdapter::getDefaultAdapter).get();
-		} catch (InterruptedException | ExecutionException e) {
-			throw new IOException(e);
-		}
-		if (adapter == null)
-			throw new IOException("Bluetooth is not supported");
-	}
-
-	@Override
-	boolean isAdapterEnabled() {
-		return adapter != null && adapter.isEnabled();
-	}
-
-	@Override
-	void enableAdapter() {
-		if (adapter != null && !adapter.isEnabled()) {
-			if (adapter.enable()) {
-				LOG.info("Enabling Bluetooth");
-				wasEnabledByUs = true;
-			} else {
-				LOG.info("Could not enable Bluetooth");
-			}
-		}
-	}
-
-	@Override
-	void disableAdapterIfEnabledByUs() {
-		if (isAdapterEnabled() && wasEnabledByUs) {
-			if (adapter.disable()) LOG.info("Disabling Bluetooth");
-			else LOG.info("Could not disable Bluetooth");
-			wasEnabledByUs = false;
-		}
-	}
-
-	@Override
-	void setEnabledByUs() {
-		wasEnabledByUs = true;
-	}
-
-	@Override
-	@Nullable
-	String getBluetoothAddress() {
-		String address = AndroidUtils.getBluetoothAddress(appContext, adapter);
-		return address.isEmpty() ? null : address;
-	}
-
-	@Override
-	BluetoothServerSocket openServerSocket(String uuid) throws IOException {
-		return adapter.listenUsingInsecureRfcommWithServiceRecord(
-				"RFCOMM", UUID.fromString(uuid));
-	}
-
-	@Override
-	void tryToClose(@Nullable BluetoothServerSocket ss) {
-		try {
-			if (ss != null) ss.close();
-		} catch (IOException e) {
-			if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
-		}
-	}
-
-	@Override
-	DuplexTransportConnection acceptConnection(BluetoothServerSocket ss)
-			throws IOException {
-		return wrapSocket(ss.accept());
-	}
-
-	private DuplexTransportConnection wrapSocket(BluetoothSocket s) {
-		return new AndroidBluetoothTransportConnection(this,
-				connectionManager, s);
-	}
-
-	@Override
-	boolean isValidAddress(String address) {
-		return BluetoothAdapter.checkBluetoothAddress(address);
-	}
-
-	@Override
-	DuplexTransportConnection connectTo(String address, String uuid)
-			throws IOException {
-		if (LOG.isLoggable(INFO)) {
-			boolean found = false;
-			List<String> addresses = new ArrayList<>();
-			for (BluetoothDevice d : adapter.getBondedDevices()) {
-				addresses.add(scrubMacAddress(d.getAddress()));
-				if (d.getAddress().equals(address)) found = true;
-			}
-			LOG.info("Bonded devices: " + addresses);
-			if (found) LOG.info("Connecting to bonded device");
-			else LOG.info("Connecting to unbonded device");
-		}
-		BluetoothDevice d = adapter.getRemoteDevice(address);
-		UUID u = UUID.fromString(uuid);
-		BluetoothSocket s = null;
-		try {
-			s = d.createInsecureRfcommSocketToServiceRecord(u);
-			s.connect();
-			return wrapSocket(s);
-		} catch (IOException e) {
-			tryToClose(s);
-			throw e;
-		}
-	}
-
-	private void tryToClose(@Nullable Closeable c) {
-		try {
-			if (c != null) c.close();
-		} catch (IOException e) {
-			if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
-		}
-	}
-
-	private class BluetoothStateReceiver extends BroadcastReceiver {
-
-		@Override
-		public void onReceive(Context ctx, Intent intent) {
-			String action = intent.getAction();
-			if (ACTION_STATE_CHANGED.equals(action)) {
-				int state = intent.getIntExtra(EXTRA_STATE, 0);
-				if (state == STATE_ON) onAdapterEnabled();
-				else if (state == STATE_OFF) onAdapterDisabled();
-			} else if (ACTION_SCAN_MODE_CHANGED.equals(action)) {
-				int scanMode = intent.getIntExtra(EXTRA_SCAN_MODE, 0);
-				if (scanMode == SCAN_MODE_NONE) {
-					LOG.info("Scan mode: None");
-				} else if (scanMode == SCAN_MODE_CONNECTABLE) {
-					LOG.info("Scan mode: Connectable");
-				} else if (scanMode == SCAN_MODE_CONNECTABLE_DISCOVERABLE) {
-					LOG.info("Scan mode: Discoverable");
-				}
-			} else if (ACTION_BOND_STATE_CHANGED.equals(action)) {
-				BluetoothDevice d = intent.getParcelableExtra(EXTRA_DEVICE);
-				if (LOG.isLoggable(INFO)) {
-					LOG.info("Bond state changed for "
-							+ scrubMacAddress(d.getAddress()));
-				}
-				int oldState = intent.getIntExtra(EXTRA_PREVIOUS_BOND_STATE, 0);
-				if (oldState == BOND_NONE) {
-					LOG.info("Old state: none");
-				} else if (oldState == BOND_BONDING) {
-					LOG.info("Old state: bonding");
-				} else if (oldState == BOND_BONDED) {
-					LOG.info("Old state: bonded");
-				}
-				int state = intent.getIntExtra(EXTRA_BOND_STATE, 0);
-				if (state == BOND_NONE) {
-					LOG.info("New state: none");
-				} else if (state == BOND_BONDING) {
-					LOG.info("New state: bonding");
-				} else if (state == BOND_BONDED) {
-					LOG.info("New state: bonded");
-				}
-			}
-		}
-	}
-}

bramble-android/src/main/java/org/briarproject/bramble/plugin/droidtooth/DroidtoothPlugin.java

@@ -0,0 +1,567 @@
+package org.briarproject.bramble.plugin.droidtooth;
+
+import android.bluetooth.BluetoothAdapter;
+import android.bluetooth.BluetoothDevice;
+import android.bluetooth.BluetoothServerSocket;
+import android.bluetooth.BluetoothSocket;
+import android.content.BroadcastReceiver;
+import android.content.Context;
+import android.content.Intent;
+import android.content.IntentFilter;
+
+import org.briarproject.bramble.api.FormatException;
+import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.crypto.PseudoRandom;
+import org.briarproject.bramble.api.data.BdfList;
+import org.briarproject.bramble.api.keyagreement.KeyAgreementConnection;
+import org.briarproject.bramble.api.keyagreement.KeyAgreementListener;
+import org.briarproject.bramble.api.nullsafety.MethodsNotNullByDefault;
+import org.briarproject.bramble.api.nullsafety.ParametersNotNullByDefault;
+import org.briarproject.bramble.api.plugin.Backoff;
+import org.briarproject.bramble.api.plugin.PluginException;
+import org.briarproject.bramble.api.plugin.duplex.AbstractBluetoothPlugin;
+import org.briarproject.bramble.api.plugin.duplex.DuplexPluginCallback;
+import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
+import org.briarproject.bramble.api.properties.TransportProperties;
+import org.briarproject.bramble.api.system.AndroidExecutor;
+import org.briarproject.bramble.util.AndroidUtils;
+import org.briarproject.bramble.util.StringUtils;
+
+import java.io.Closeable;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.SecureRandom;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.UUID;
+import java.util.concurrent.Callable;
+import java.util.concurrent.CompletionService;
+import java.util.concurrent.CopyOnWriteArrayList;
+import java.util.concurrent.CountDownLatch;
+import java.util.concurrent.ExecutionException;
+import java.util.concurrent.Executor;
+import java.util.concurrent.ExecutorCompletionService;
+import java.util.concurrent.Future;
+import java.util.concurrent.atomic.AtomicBoolean;
+import java.util.logging.Logger;
+
+import javax.annotation.Nullable;
+
+import static android.bluetooth.BluetoothAdapter.ACTION_SCAN_MODE_CHANGED;
+import static android.bluetooth.BluetoothAdapter.ACTION_STATE_CHANGED;
+import static android.bluetooth.BluetoothAdapter.EXTRA_SCAN_MODE;
+import static android.bluetooth.BluetoothAdapter.EXTRA_STATE;
+import static android.bluetooth.BluetoothAdapter.SCAN_MODE_CONNECTABLE;
+import static android.bluetooth.BluetoothAdapter.SCAN_MODE_CONNECTABLE_DISCOVERABLE;
+import static android.bluetooth.BluetoothAdapter.SCAN_MODE_NONE;
+import static android.bluetooth.BluetoothAdapter.STATE_OFF;
+import static android.bluetooth.BluetoothAdapter.STATE_ON;
+import static android.bluetooth.BluetoothDevice.EXTRA_DEVICE;
+import static java.util.concurrent.TimeUnit.MILLISECONDS;
+import static java.util.logging.Level.INFO;
+import static java.util.logging.Level.WARNING;
+import static org.briarproject.bramble.api.keyagreement.KeyAgreementConstants.TRANSPORT_ID_BLUETOOTH;
+import static org.briarproject.bramble.api.plugin.BluetoothConstants.ID;
+import static org.briarproject.bramble.api.plugin.BluetoothConstants.PREF_BT_ENABLE;
+import static org.briarproject.bramble.api.plugin.BluetoothConstants.PROP_ADDRESS;
+import static org.briarproject.bramble.api.plugin.BluetoothConstants.PROP_UUID;
+import static org.briarproject.bramble.api.plugin.BluetoothConstants.UUID_BYTES;
+import static org.briarproject.bramble.util.PrivacyUtils.scrubMacAddress;
+
+@MethodsNotNullByDefault
+@ParametersNotNullByDefault
+class DroidtoothPlugin<C, S>
+		extends AbstractBluetoothPlugin<C, S>{
+
+	private static final Logger LOG =
+			Logger.getLogger(DroidtoothPlugin.class.getName());
+	private static final String FOUND =
+			"android.bluetooth.device.action.FOUND";
+	private static final String DISCOVERY_FINISHED =
+			"android.bluetooth.adapter.action.DISCOVERY_FINISHED";
+
+	private final AndroidExecutor androidExecutor;
+	private final Context appContext;
+	private final AtomicBoolean used = new AtomicBoolean(false);
+
+	private volatile boolean wasEnabledByUs = false;
+	private volatile BluetoothStateReceiver receiver = null;
+	private volatile BluetoothServerSocket socket = null;
+
+	// Non-null if the plugin started successfully
+	private volatile BluetoothAdapter adapter = null;
+
+	DroidtoothPlugin(Executor ioExecutor, AndroidExecutor androidExecutor,
+			Context appContext, SecureRandom secureRandom, Backoff backoff,
+			DuplexPluginCallback callback, int maxLatency) {
+
+		super(ioExecutor, secureRandom, backoff, maxLatency, callback);
+		this.androidExecutor = androidExecutor;
+		this.appContext = appContext;
+	}
+
+	@Override
+	protected void close(S ss) throws IOException {
+		((BluetoothServerSocket)ss).close();
+	}
+
+	@Override
+	public void start() throws PluginException {
+		if (used.getAndSet(true)) throw new IllegalStateException();
+		// BluetoothAdapter.getDefaultAdapter() must be called on a thread
+		// with a message queue, so submit it to the AndroidExecutor
+		try {
+			adapter = androidExecutor.runOnBackgroundThread(
+					new Callable<BluetoothAdapter>() {
+						@Override
+						public BluetoothAdapter call() throws Exception {
+							return BluetoothAdapter.getDefaultAdapter();
+						}
+					}).get();
+		} catch (InterruptedException e) {
+			Thread.currentThread().interrupt();
+			LOG.warning("Interrupted while getting BluetoothAdapter");
+			throw new PluginException(e);
+		} catch (ExecutionException e) {
+			throw new PluginException(e);
+		}
+		if (adapter == null) {
+			LOG.info("Bluetooth is not supported");
+			throw new PluginException();
+		}
+		running = true;
+		// Listen for changes to the Bluetooth state
+		IntentFilter filter = new IntentFilter();
+		filter.addAction(ACTION_STATE_CHANGED);
+		filter.addAction(ACTION_SCAN_MODE_CHANGED);
+		receiver = new BluetoothStateReceiver();
+		appContext.registerReceiver(receiver, filter);
+		// If Bluetooth is enabled, bind a socket
+		if (adapter.isEnabled()) {
+			bind();
+		} else {
+			// Enable Bluetooth if settings allow
+			if (callback.getSettings().getBoolean(PREF_BT_ENABLE, false)) {
+				wasEnabledByUs = true;
+				if (adapter.enable()) LOG.info("Enabling Bluetooth");
+				else LOG.info("Could not enable Bluetooth");
+			} else {
+				LOG.info("Not enabling Bluetooth");
+			}
+		}
+	}
+
+	private void bind() {
+		ioExecutor.execute(new Runnable() {
+			@Override
+			public void run() {
+				if (!isRunning()) return;
+				String address = AndroidUtils.getBluetoothAddress(appContext,
+						adapter);
+				if (LOG.isLoggable(INFO))
+					LOG.info("Local address " + scrubMacAddress(address));
+				if (!StringUtils.isNullOrEmpty(address)) {
+					// Advertise the Bluetooth address to contacts
+					TransportProperties p = new TransportProperties();
+					p.put(PROP_ADDRESS, address);
+					callback.mergeLocalProperties(p);
+				}
+				// Bind a server socket to accept connections from contacts
+				BluetoothServerSocket ss;
+				try {
+					ss = adapter.listenUsingInsecureRfcommWithServiceRecord(
+							"RFCOMM", UUID.fromString(getUuid()));
+				} catch (IOException e) {
+					if (LOG.isLoggable(WARNING))
+						LOG.log(WARNING, e.toString(), e);
+					return;
+				}
+				if (!isRunning()) {
+					tryToClose((S)ss);
+					return;
+				}
+				LOG.info("Socket bound");
+				socket = ss;
+				backoff.reset();
+				callback.transportEnabled();
+				acceptContactConnections();
+			}
+		});
+	}
+
+	private void acceptContactConnections() {
+		while (isRunning()) {
+			BluetoothSocket s;
+			try {
+				s = socket.accept();
+			} catch (IOException e) {
+				// This is expected when the socket is closed
+				if (LOG.isLoggable(INFO)) LOG.info(e.toString());
+				return;
+			}
+			if (LOG.isLoggable(INFO)) {
+				String address = s.getRemoteDevice().getAddress();
+				LOG.info("Connection from " + scrubMacAddress(address));
+			}
+			backoff.reset();
+			callback.incomingConnectionCreated(wrapSocket(s));
+		}
+	}
+
+	private DuplexTransportConnection wrapSocket(BluetoothSocket s) {
+		return new DroidtoothTransportConnection(this, s);
+	}
+
+	@Override
+	public void stop() {
+		this.running = false;
+		if (receiver != null) appContext.unregisterReceiver(receiver);
+		tryToClose((S)socket);
+		// Disable Bluetooth if we enabled it and it's still enabled
+		if (wasEnabledByUs && adapter.isEnabled()) {
+			if (adapter.disable()) LOG.info("Disabling Bluetooth");
+			else LOG.info("Could not disable Bluetooth");
+		}
+	}
+
+	@Override
+	public boolean isRunning() {
+		return running && adapter != null && adapter.isEnabled();
+	}
+
+	protected Runnable returnPollRunnable(final String address, final String uuid,
+			final ContactId c) {
+		return new Runnable() {
+			@Override
+			public void run() {
+				if (!running) return;
+				BluetoothSocket s = connect(address, uuid);
+				if (s != null) {
+					backoff.reset();
+					callback.outgoingConnectionCreated(c, wrapSocket(s));
+				}
+			}
+
+		};
+	}
+
+	@Nullable
+	private BluetoothSocket connect(String address, String uuid) {
+		// Validate the address
+		if (!BluetoothAdapter.checkBluetoothAddress(address)) {
+			if (LOG.isLoggable(WARNING))
+				// not scrubbing here to be able to figure out the problem
+				LOG.warning("Invalid address " + address);
+			return null;
+		}
+		// Validate the UUID
+		UUID u;
+		try {
+			u = UUID.fromString(uuid);
+		} catch (IllegalArgumentException e) {
+			if (LOG.isLoggable(WARNING)) LOG.warning("Invalid UUID " + uuid);
+			return null;
+		}
+		// Try to connect
+		BluetoothDevice d = adapter.getRemoteDevice(address);
+		BluetoothSocket s = null;
+		try {
+			s = d.createInsecureRfcommSocketToServiceRecord(u);
+			if (LOG.isLoggable(INFO))
+				LOG.info("Connecting to " + scrubMacAddress(address));
+			s.connect();
+			if (LOG.isLoggable(INFO))
+				LOG.info("Connected to " + scrubMacAddress(address));
+			return s;
+		} catch (IOException e) {
+			if (LOG.isLoggable(INFO)) {
+				LOG.info("Failed to connect to " + scrubMacAddress(address)
+						+ ": " + e);
+			}
+			tryToClose((S)s);
+			return null;
+		}
+	}
+
+
+	public DuplexTransportConnection connectToAddress(String address, String uuid) {
+		BluetoothSocket s = connect(address, uuid);
+		return s == null ? null : wrapSocket(s);
+	}
+
+
+	@Override
+	public DuplexTransportConnection createInvitationConnection(PseudoRandom r,
+			long timeout, boolean alice) {
+		if (!isRunning()) return null;
+		// Use the invitation codes to generate the UUID
+		byte[] b = r.nextBytes(UUID_BYTES);
+		UUID uuid = UUID.nameUUIDFromBytes(b);
+		if (LOG.isLoggable(INFO)) LOG.info("Invitation UUID " + uuid);
+		// Bind a server socket for receiving invitation connections
+		BluetoothServerSocket ss;
+		try {
+			ss = adapter.listenUsingInsecureRfcommWithServiceRecord(
+					"RFCOMM", uuid);
+		} catch (IOException e) {
+			if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
+			return null;
+		}
+		// Create the background tasks
+		CompletionService<BluetoothSocket> complete =
+				new ExecutorCompletionService<>(ioExecutor);
+		List<Future<BluetoothSocket>> futures = new ArrayList<>();
+		if (alice) {
+			// Return the first connected socket
+			futures.add(complete.submit(new ListeningTask(ss)));
+			futures.add(complete.submit(new DiscoveryTask(uuid.toString())));
+		} else {
+			// Return the first socket with readable data
+			futures.add(complete.submit(new ReadableTask(
+					new ListeningTask(ss))));
+			futures.add(complete.submit(new ReadableTask(
+					new DiscoveryTask(uuid.toString()))));
+		}
+		BluetoothSocket chosen = null;
+		try {
+			Future<BluetoothSocket> f = complete.poll(timeout, MILLISECONDS);
+			if (f == null) return null; // No task completed within the timeout
+			chosen = f.get();
+			return new DroidtoothTransportConnection(this, chosen);
+		} catch (InterruptedException e) {
+			LOG.info("Interrupted while exchanging invitations");
+			Thread.currentThread().interrupt();
+			return null;
+		} catch (ExecutionException e) {
+			if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
+			return null;
+		} finally {
+			// Closing the socket will terminate the listener task
+			tryToClose((S)ss);
+			closeSockets(futures, chosen);
+		}
+	}
+
+	private void closeSockets(final List<Future<BluetoothSocket>> futures,
+			@Nullable final BluetoothSocket chosen) {
+		ioExecutor.execute(new Runnable() {
+			@Override
+			public void run() {
+				for (Future<BluetoothSocket> f : futures) {
+					try {
+						if (f.cancel(true)) {
+							LOG.info("Cancelled task");
+						} else {
+							BluetoothSocket s = f.get();
+							if (s != null && s != chosen) {
+								LOG.info("Closing unwanted socket");
+								s.close();
+							}
+						}
+					} catch (InterruptedException e) {
+						LOG.info("Interrupted while closing sockets");
+						return;
+					} catch (ExecutionException | IOException e) {
+						if (LOG.isLoggable(INFO)) LOG.info(e.toString());
+					}
+				}
+			}
+		});
+	}
+
+	@Override
+	public KeyAgreementListener createKeyAgreementListener(byte[] commitment) {
+		if (!isRunning()) return null;
+		// There's no point listening if we can't discover our own address
+		String address = AndroidUtils.getBluetoothAddress(appContext, adapter);
+		if (address.isEmpty()) return null;
+		// No truncation necessary because COMMIT_LENGTH = 16
+		UUID uuid = UUID.nameUUIDFromBytes(commitment);
+		if (LOG.isLoggable(INFO)) LOG.info("Key agreement UUID " + uuid);
+		// Bind a server socket for receiving invitation connections
+		BluetoothServerSocket ss;
+		try {
+			ss = adapter.listenUsingInsecureRfcommWithServiceRecord(
+					"RFCOMM", uuid);
+		} catch (IOException e) {
+			if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
+			return null;
+		}
+		BdfList descriptor = new BdfList();
+		descriptor.add(TRANSPORT_ID_BLUETOOTH);
+		descriptor.add(StringUtils.macToBytes(address));
+		return new BluetoothKeyAgreementListener(descriptor, ss);
+	}
+
+
+	private class BluetoothStateReceiver extends BroadcastReceiver {
+
+		@Override
+		public void onReceive(Context ctx, Intent intent) {
+			int state = intent.getIntExtra(EXTRA_STATE, 0);
+			if (state == STATE_ON) {
+				LOG.info("Bluetooth enabled");
+				bind();
+			} else if (state == STATE_OFF) {
+				LOG.info("Bluetooth disabled");
+				tryToClose((S)socket);
+			}
+			int scanMode = intent.getIntExtra(EXTRA_SCAN_MODE, 0);
+			if (scanMode == SCAN_MODE_NONE) {
+				LOG.info("Scan mode: None");
+			} else if (scanMode == SCAN_MODE_CONNECTABLE) {
+				LOG.info("Scan mode: Connectable");
+			} else if (scanMode == SCAN_MODE_CONNECTABLE_DISCOVERABLE) {
+				LOG.info("Scan mode: Discoverable");
+			}
+		}
+	}
+
+	private class DiscoveryTask implements Callable<BluetoothSocket> {
+
+		private final String uuid;
+
+		private DiscoveryTask(String uuid) {
+			this.uuid = uuid;
+		}
+
+		@Override
+		public BluetoothSocket call() throws Exception {
+			// Repeat discovery until we connect or get interrupted
+			while (true) {
+				// Discover nearby devices
+				LOG.info("Discovering nearby devices");
+				List<String> addresses = discoverDevices();
+				if (addresses.isEmpty()) {
+					LOG.info("No devices discovered");
+					continue;
+				}
+				// Connect to any device with the right UUID
+				for (String address : addresses) {
+					BluetoothSocket s = connect(address, uuid);
+					if (s != null) {
+						LOG.info("Outgoing connection");
+						return s;
+					}
+				}
+			}
+		}
+
+		private List<String> discoverDevices() throws InterruptedException {
+			IntentFilter filter = new IntentFilter();
+			filter.addAction(FOUND);
+			filter.addAction(DISCOVERY_FINISHED);
+			DiscoveryReceiver disco = new DiscoveryReceiver();
+			appContext.registerReceiver(disco, filter);
+			LOG.info("Starting discovery");
+			adapter.startDiscovery();
+			return disco.waitForAddresses();
+		}
+	}
+
+	private static class DiscoveryReceiver extends BroadcastReceiver {
+
+		private final CountDownLatch finished = new CountDownLatch(1);
+		private final List<String> addresses = new CopyOnWriteArrayList<>();
+
+		@Override
+		public void onReceive(Context ctx, Intent intent) {
+			String action = intent.getAction();
+			if (action.equals(DISCOVERY_FINISHED)) {
+				LOG.info("Discovery finished");
+				ctx.unregisterReceiver(this);
+				finished.countDown();
+			} else if (action.equals(FOUND)) {
+				BluetoothDevice d = intent.getParcelableExtra(EXTRA_DEVICE);
+				if (LOG.isLoggable(INFO)) {
+					LOG.info("Discovered device: " +
+							scrubMacAddress(d.getAddress()));
+				}
+				addresses.add(d.getAddress());
+			}
+		}
+
+		private List<String> waitForAddresses() throws InterruptedException {
+			finished.await();
+			List<String> shuffled = new ArrayList<>(addresses);
+			Collections.shuffle(shuffled);
+			return shuffled;
+		}
+	}
+
+	private static class ListeningTask implements Callable<BluetoothSocket> {
+
+		private final BluetoothServerSocket serverSocket;
+
+		private ListeningTask(BluetoothServerSocket serverSocket) {
+			this.serverSocket = serverSocket;
+		}
+
+		@Override
+		public BluetoothSocket call() throws IOException {
+			BluetoothSocket s = serverSocket.accept();
+			LOG.info("Incoming connection");
+			return s;
+		}
+	}
+
+	private static class ReadableTask implements Callable<BluetoothSocket> {
+
+		private final Callable<BluetoothSocket> connectionTask;
+
+		private ReadableTask(Callable<BluetoothSocket> connectionTask) {
+			this.connectionTask = connectionTask;
+		}
+
+		@Override
+		public BluetoothSocket call() throws Exception {
+			BluetoothSocket s = connectionTask.call();
+			InputStream in = s.getInputStream();
+			while (in.available() == 0) {
+				LOG.info("Waiting for data");
+				Thread.sleep(1000);
+			}
+			LOG.info("Data available");
+			return s;
+		}
+	}
+
+	private class BluetoothKeyAgreementListener extends KeyAgreementListener {
+
+		private final BluetoothServerSocket ss;
+
+		private BluetoothKeyAgreementListener(BdfList descriptor,
+				BluetoothServerSocket ss) {
+			super(descriptor);
+			this.ss = ss;
+		}
+
+		@Override
+		public Callable<KeyAgreementConnection> listen() {
+			return new Callable<KeyAgreementConnection>() {
+				@Override
+				public KeyAgreementConnection call() throws IOException {
+					BluetoothSocket s = ss.accept();
+					if (LOG.isLoggable(INFO))
+						LOG.info(ID.getString() + ": Incoming connection");
+					return new KeyAgreementConnection(
+							new DroidtoothTransportConnection(
+									DroidtoothPlugin.this, s), ID);
+				}
+			};
+		}
+
+		@Override
+		public void close() {
+			try {
+				ss.close();
+			} catch (IOException e) {
+				if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
+			}
+		}
+	}
+}

bramble-android/src/main/java/org/briarproject/bramble/plugin/droidtooth/DroidtoothPluginFactory.java

@@ -1,8 +1,7 @@
-package org.briarproject.bramble.plugin.bluetooth;
+package org.briarproject.bramble.plugin.droidtooth;
 
 import android.content.Context;
 
-import org.briarproject.bramble.api.event.EventBus;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.Backoff;
 import org.briarproject.bramble.api.plugin.BackoffFactory;
@@ -21,7 +20,7 @@ import static org.briarproject.bramble.api.plugin.BluetoothConstants.ID;
 
 @Immutable
 @NotNullByDefault
-public class AndroidBluetoothPluginFactory implements DuplexPluginFactory {
+public class DroidtoothPluginFactory implements DuplexPluginFactory {
 
 	private static final int MAX_LATENCY = 30 * 1000; // 30 seconds
 	private static final int MIN_POLLING_INTERVAL = 60 * 1000; // 1 minute
@@ -32,18 +31,15 @@ public class AndroidBluetoothPluginFactory implements DuplexPluginFactory {
 	private final AndroidExecutor androidExecutor;
 	private final Context appContext;
 	private final SecureRandom secureRandom;
-	private final EventBus eventBus;
 	private final BackoffFactory backoffFactory;
 
-	public AndroidBluetoothPluginFactory(Executor ioExecutor,
+	public DroidtoothPluginFactory(Executor ioExecutor,
 			AndroidExecutor androidExecutor, Context appContext,
-			SecureRandom secureRandom, EventBus eventBus,
+			SecureRandom secureRandom, BackoffFactory backoffFactory) {
-			BackoffFactory backoffFactory) {
 		this.ioExecutor = ioExecutor;
 		this.androidExecutor = androidExecutor;
 		this.appContext = appContext;
 		this.secureRandom = secureRandom;
-		this.eventBus = eventBus;
 		this.backoffFactory = backoffFactory;
 	}
 
@@ -59,14 +55,9 @@ public class AndroidBluetoothPluginFactory implements DuplexPluginFactory {
 
 	@Override
 	public DuplexPlugin createPlugin(DuplexPluginCallback callback) {
-		BluetoothConnectionManager connectionManager =
-				new BluetoothConnectionManagerImpl();
 		Backoff backoff = backoffFactory.createBackoff(MIN_POLLING_INTERVAL,
 				MAX_POLLING_INTERVAL, BACKOFF_BASE);
-		AndroidBluetoothPlugin plugin = new AndroidBluetoothPlugin(
+		return new DroidtoothPlugin(ioExecutor, androidExecutor, appContext,
-				connectionManager, ioExecutor, androidExecutor, appContext,
 				secureRandom, backoff, callback, MAX_LATENCY);
-		eventBus.addListener(plugin);
-		return plugin;
 	}
 }

bramble-android/src/main/java/org/briarproject/bramble/plugin/droidtooth/DroidtoothTransportConnection.java

@@ -1,4 +1,4 @@
-package org.briarproject.bramble.plugin.bluetooth;
+package org.briarproject.bramble.plugin.droidtooth;
 
 import android.bluetooth.BluetoothSocket;
 
@@ -11,17 +11,12 @@ import java.io.InputStream;
 import java.io.OutputStream;
 
 @NotNullByDefault
-class AndroidBluetoothTransportConnection
+class DroidtoothTransportConnection extends AbstractDuplexTransportConnection {
-		extends AbstractDuplexTransportConnection {
 
-	private final BluetoothConnectionManager connectionManager;
 	private final BluetoothSocket socket;
 
-	AndroidBluetoothTransportConnection(Plugin plugin,
+	DroidtoothTransportConnection(Plugin plugin, BluetoothSocket socket) {
-			BluetoothConnectionManager connectionManager,
-			BluetoothSocket socket) {
 		super(plugin);
-		this.connectionManager = connectionManager;
 		this.socket = socket;
 	}
 
@@ -37,10 +32,6 @@ class AndroidBluetoothTransportConnection
 
 	@Override
 	protected void closeConnection(boolean exception) throws IOException {
-		try {
+		socket.close();
-			socket.close();
-		} finally {
-			connectionManager.connectionClosed(this);
-		}
 	}
 }

bramble-android/src/main/java/org/briarproject/bramble/plugin/tor/TorPlugin.java

@@ -17,6 +17,7 @@ import net.freehaven.tor.control.EventHandler;
 import net.freehaven.tor.control.TorControlConnection;
 
 import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.crypto.PseudoRandom;
 import org.briarproject.bramble.api.data.BdfList;
 import org.briarproject.bramble.api.event.Event;
 import org.briarproject.bramble.api.event.EventListener;
@@ -55,16 +56,10 @@ import java.util.Collection;
 import java.util.Collections;
 import java.util.List;
 import java.util.Map;
-import java.util.Map.Entry;
 import java.util.Scanner;
 import java.util.concurrent.CountDownLatch;
 import java.util.concurrent.Executor;
-import java.util.concurrent.Future;
-import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.atomic.AtomicBoolean;
-import java.util.concurrent.atomic.AtomicReference;
-import java.util.concurrent.locks.Lock;
-import java.util.concurrent.locks.ReentrantLock;
 import java.util.logging.Logger;
 import java.util.regex.Pattern;
 import java.util.zip.ZipInputStream;
@@ -75,15 +70,10 @@ import javax.net.SocketFactory;
 import static android.content.Context.CONNECTIVITY_SERVICE;
 import static android.content.Context.MODE_PRIVATE;
 import static android.content.Context.POWER_SERVICE;
-import static android.content.Intent.ACTION_SCREEN_OFF;
-import static android.content.Intent.ACTION_SCREEN_ON;
 import static android.net.ConnectivityManager.CONNECTIVITY_ACTION;
 import static android.net.ConnectivityManager.TYPE_WIFI;
-import static android.os.Build.VERSION.SDK_INT;
-import static android.os.PowerManager.ACTION_DEVICE_IDLE_MODE_CHANGED;
 import static android.os.PowerManager.PARTIAL_WAKE_LOCK;
 import static java.util.concurrent.TimeUnit.MILLISECONDS;
-import static java.util.concurrent.TimeUnit.MINUTES;
 import static java.util.logging.Level.INFO;
 import static java.util.logging.Level.WARNING;
 import static net.freehaven.tor.control.TorControlCommands.HS_ADDRESS;
@@ -95,13 +85,13 @@ import static org.briarproject.bramble.api.plugin.TorConstants.PREF_TOR_NETWORK_
 import static org.briarproject.bramble.api.plugin.TorConstants.PREF_TOR_NETWORK_NEVER;
 import static org.briarproject.bramble.api.plugin.TorConstants.PREF_TOR_NETWORK_WIFI;
 import static org.briarproject.bramble.api.plugin.TorConstants.PREF_TOR_PORT;
-import static org.briarproject.bramble.api.plugin.TorConstants.PROP_ONION;
 import static org.briarproject.bramble.util.PrivacyUtils.scrubOnion;
 
 @MethodsNotNullByDefault
 @ParametersNotNullByDefault
 class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 
+	private static final String PROP_ONION = "onion";
 	private static final String[] EVENTS = {
 			"CIRC", "ORCONN", "HS_DESC", "NOTICE", "WARN", "ERR"
 	};
@@ -112,7 +102,6 @@ class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 			Logger.getLogger(TorPlugin.class.getName());
 
 	private final Executor ioExecutor;
-	private final ScheduledExecutorService scheduler;
 	private final Context appContext;
 	private final LocationUtils locationUtils;
 	private final DevReporter reporter;
@@ -125,9 +114,6 @@ class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 	private final File torDirectory, torFile, geoIpFile, configFile;
 	private final File doneFile, cookieFile;
 	private final PowerManager.WakeLock wakeLock;
-	private final Lock connectionStatusLock;
-	private final AtomicReference<Future<?>> connectivityCheck =
-			new AtomicReference<>();
 	private final AtomicBoolean used = new AtomicBoolean(false);
 
 	private volatile boolean running = false;
@@ -136,13 +122,12 @@ class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 	private volatile TorControlConnection controlConnection = null;
 	private volatile BroadcastReceiver networkStateReceiver = null;
 
-	TorPlugin(Executor ioExecutor, ScheduledExecutorService scheduler,
+	TorPlugin(Executor ioExecutor, Context appContext,
-			Context appContext, LocationUtils locationUtils,
+			LocationUtils locationUtils, DevReporter reporter,
-			DevReporter reporter, SocketFactory torSocketFactory,
+			SocketFactory torSocketFactory, Backoff backoff,
-			Backoff backoff, DuplexPluginCallback callback,
+			DuplexPluginCallback callback, String architecture, int maxLatency,
-			String architecture, int maxLatency, int maxIdleTime) {
+			int maxIdleTime) {
 		this.ioExecutor = ioExecutor;
-		this.scheduler = scheduler;
 		this.appContext = appContext;
 		this.locationUtils = locationUtils;
 		this.reporter = reporter;
@@ -164,10 +149,8 @@ class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 		cookieFile = new File(torDirectory, ".tor/control_auth_cookie");
 		Object o = appContext.getSystemService(POWER_SERVICE);
 		PowerManager pm = (PowerManager) o;
-		// This tag will prevent Huawei's powermanager from killing us.
+		wakeLock = pm.newWakeLock(PARTIAL_WAKE_LOCK, "TorPlugin");
-		wakeLock = pm.newWakeLock(PARTIAL_WAKE_LOCK, "LocationManagerService");
 		wakeLock.setReferenceCounted(false);
-		connectionStatusLock = new ReentrantLock();
 	}
 
 	@Override
@@ -220,11 +203,11 @@ class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 		if (LOG.isLoggable(INFO)) {
 			Scanner stdout = new Scanner(torProcess.getInputStream());
 			Scanner stderr = new Scanner(torProcess.getErrorStream());
-			while (stdout.hasNextLine() || stderr.hasNextLine()) {
+			while (stdout.hasNextLine() || stderr.hasNextLine()){
-				if (stdout.hasNextLine()) {
+				if(stdout.hasNextLine()) {
 					LOG.info(stdout.nextLine());
 				}
-				if (stderr.hasNextLine()) {
+				if(stderr.hasNextLine()){
 					LOG.info(stderr.nextLine());
 				}
 			}
@@ -273,11 +256,7 @@ class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 		}
 		// Register to receive network status events
 		networkStateReceiver = new NetworkStateReceiver();
-		IntentFilter filter = new IntentFilter();
+		IntentFilter filter = new IntentFilter(CONNECTIVITY_ACTION);
-		filter.addAction(CONNECTIVITY_ACTION);
-		filter.addAction(ACTION_SCREEN_ON);
-		filter.addAction(ACTION_SCREEN_OFF);
-		if (SDK_INT >= 23) filter.addAction(ACTION_DEVICE_IDLE_MODE_CHANGED);
 		appContext.registerReceiver(networkStateReceiver, filter);
 		// Bind a server socket to receive incoming hidden service connections
 		bind();
@@ -390,45 +369,57 @@ class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 	}
 
 	private void sendDevReports() {
-		ioExecutor.execute(() -> {
+		ioExecutor.execute(new Runnable() {
-			// TODO: Trigger this with a TransportEnabledEvent
+			@Override
-			File reportDir = AndroidUtils.getReportDir(appContext);
+			public void run() {
-			reporter.sendReports(reportDir);
+				// TODO: Trigger this with a TransportEnabledEvent
+				File reportDir = AndroidUtils.getReportDir(appContext);
+				reporter.sendReports(reportDir);
+			}
 		});
 	}
 
 	private void bind() {
-		ioExecutor.execute(() -> {
+		ioExecutor.execute(new Runnable() {
-			// If there's already a port number stored in config, reuse it
+			@Override
-			String portString = callback.getSettings().get(PREF_TOR_PORT);
+			public void run() {
-			int port;
+				// If there's already a port number stored in config, reuse it
-			if (StringUtils.isNullOrEmpty(portString)) port = 0;
+				String portString = callback.getSettings().get(PREF_TOR_PORT);
-			else port = Integer.parseInt(portString);
+				int port;
-			// Bind a server socket to receive connections from Tor
+				if (StringUtils.isNullOrEmpty(portString)) port = 0;
-			ServerSocket ss = null;
+				else port = Integer.parseInt(portString);
-			try {
+				// Bind a server socket to receive connections from Tor
-				ss = new ServerSocket();
+				ServerSocket ss = null;
-				ss.bind(new InetSocketAddress("127.0.0.1", port));
+				try {
-			} catch (IOException e) {
+					ss = new ServerSocket();
-				if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
+					ss.bind(new InetSocketAddress("127.0.0.1", port));
-				tryToClose(ss);
+				} catch (IOException e) {
-				return;
+					if (LOG.isLoggable(WARNING))
+						LOG.log(WARNING, e.toString(), e);
+					tryToClose(ss);
+					return;
+				}
+				if (!running) {
+					tryToClose(ss);
+					return;
+				}
+				socket = ss;
+				// Store the port number
+				final String localPort = String.valueOf(ss.getLocalPort());
+				Settings s = new Settings();
+				s.put(PREF_TOR_PORT, localPort);
+				callback.mergeSettings(s);
+				// Create a hidden service if necessary
+				ioExecutor.execute(new Runnable() {
+					@Override
+					public void run() {
+						publishHiddenService(localPort);
+					}
+				});
+				backoff.reset();
+				// Accept incoming hidden service connections from Tor
+				acceptContactConnections(ss);
 			}
-			if (!running) {
-				tryToClose(ss);
-				return;
-			}
-			socket = ss;
-			// Store the port number
-			String localPort = String.valueOf(ss.getLocalPort());
-			Settings s = new Settings();
-			s.put(PREF_TOR_PORT, localPort);
-			callback.mergeSettings(s);
-			// Create a hidden service if necessary
-			ioExecutor.execute(() -> publishHiddenService(localPort));
-			backoff.reset();
-			// Accept incoming hidden service connections from Tor
-			acceptContactConnections(ss);
 		});
 	}
 
@@ -548,21 +539,20 @@ class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 	public void poll(Collection<ContactId> connected) {
 		if (!isRunning()) return;
 		backoff.increment();
-		Map<ContactId, TransportProperties> remote =
+		// TODO: Pass properties to connectAndCallBack()
-				callback.getRemoteProperties();
+		for (ContactId c : callback.getRemoteProperties().keySet())
-		for (Entry<ContactId, TransportProperties> e : remote.entrySet()) {
+			if (!connected.contains(c)) connectAndCallBack(c);
-			ContactId c = e.getKey();
-			if (!connected.contains(c)) connectAndCallBack(c, e.getValue());
-		}
 	}
 
-	private void connectAndCallBack(ContactId c, TransportProperties p) {
+	private void connectAndCallBack(final ContactId c) {
-		ioExecutor.execute(() -> {
+		ioExecutor.execute(new Runnable() {
-			if (!isRunning()) return;
+			@Override
-			DuplexTransportConnection d = createConnection(p);
+			public void run() {
-			if (d != null) {
+				DuplexTransportConnection d = createConnection(c);
-				backoff.reset();
+				if (d != null) {
-				callback.outgoingConnectionCreated(c, d);
+					backoff.reset();
+					callback.outgoingConnectionCreated(c, d);
+				}
 			}
 		});
 	}
@@ -570,11 +560,8 @@ class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 	@Override
 	public DuplexTransportConnection createConnection(ContactId c) {
 		if (!isRunning()) return null;
-		return createConnection(callback.getRemoteProperties(c));
+		TransportProperties p = callback.getRemoteProperties().get(c);
-	}
+		if (p == null) return null;
-
-	@Nullable
-	private DuplexTransportConnection createConnection(TransportProperties p) {
 		String onion = p.get(PROP_ONION);
 		if (StringUtils.isNullOrEmpty(onion)) return null;
 		if (!ONION.matcher(onion).matches()) {
@@ -602,6 +589,17 @@ class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 		}
 	}
 
+	@Override
+	public boolean supportsInvitations() {
+		return false;
+	}
+
+	@Override
+	public DuplexTransportConnection createInvitationConnection(PseudoRandom r,
+			long timeout, boolean alice) {
+		throw new UnsupportedOperationException();
+	}
+
 	@Override
 	public boolean supportsKeyAgreement() {
 		return false;
@@ -614,7 +612,7 @@ class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 
 	@Override
 	public DuplexTransportConnection createKeyAgreementConnection(
-			byte[] commitment, BdfList descriptor) {
+			byte[] commitment, BdfList descriptor, long timeout) {
 		throw new UnsupportedOperationException();
 	}
 
@@ -638,8 +636,6 @@ class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 	@Override
 	public void orConnStatus(String status, String orName) {
 		if (LOG.isLoggable(INFO)) LOG.info("OR connection " + status);
-		if (status.equals("CLOSED") || status.equals("FAILED"))
-			updateConnectionStatus(); // Check whether we've lost connectivity
 	}
 
 	@Override
@@ -679,7 +675,7 @@ class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 		}
 
 		@Override
-		public void onEvent(int event, @Nullable String path) {
+		public void onEvent(int event, String path) {
 			stopWatching();
 			latch.countDown();
 		}
@@ -697,75 +693,60 @@ class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 	}
 
 	private void updateConnectionStatus() {
-		ioExecutor.execute(() -> {
+		ioExecutor.execute(new Runnable() {
-			if (!running) return;
+			@Override
-			try {
+			public void run() {
-				connectionStatusLock.lock();
+				if (!running) return;
-				updateConnectionStatusLocked();
+
-			} finally {
+				Object o = appContext.getSystemService(CONNECTIVITY_SERVICE);
-				connectionStatusLock.unlock();
+				ConnectivityManager cm = (ConnectivityManager) o;
+				NetworkInfo net = cm.getActiveNetworkInfo();
+				boolean online = net != null && net.isConnected();
+				boolean wifi = online && net.getType() == TYPE_WIFI;
+				String country = locationUtils.getCurrentCountry();
+				boolean blocked = TorNetworkMetadata.isTorProbablyBlocked(
+						country);
+				Settings s = callback.getSettings();
+				int network = s.getInt(PREF_TOR_NETWORK,
+						PREF_TOR_NETWORK_ALWAYS);
+
+				if (LOG.isLoggable(INFO)) {
+					LOG.info("Online: " + online + ", wifi: " + wifi);
+					if ("".equals(country)) LOG.info("Country code unknown");
+					else LOG.info("Country code: " + country);
+				}
+
+				try {
+					if (!online) {
+						LOG.info("Disabling network, device is offline");
+						enableNetwork(false);
+					} else if (blocked) {
+						LOG.info("Disabling network, country is blocked");
+						enableNetwork(false);
+					} else if (network == PREF_TOR_NETWORK_NEVER
+							|| (network == PREF_TOR_NETWORK_WIFI && !wifi)) {
+						LOG.info("Disabling network due to data setting");
+						enableNetwork(false);
+					} else {
+						LOG.info("Enabling network");
+						enableNetwork(true);
+					}
+				} catch (IOException e) {
+					if (LOG.isLoggable(WARNING))
+						LOG.log(WARNING, e.toString(), e);
+				}
 			}
 		});
 	}
 
-	// Locking: connectionStatusLock
-	private void updateConnectionStatusLocked() {
-		Object o = appContext.getSystemService(CONNECTIVITY_SERVICE);
-		ConnectivityManager cm = (ConnectivityManager) o;
-		NetworkInfo net = cm.getActiveNetworkInfo();
-		boolean online = net != null && net.isConnected();
-		boolean wifi = online && net.getType() == TYPE_WIFI;
-		String country = locationUtils.getCurrentCountry();
-		boolean blocked = TorNetworkMetadata.isTorProbablyBlocked(
-				country);
-		Settings s = callback.getSettings();
-		int network = s.getInt(PREF_TOR_NETWORK, PREF_TOR_NETWORK_ALWAYS);
-
-		if (LOG.isLoggable(INFO)) {
-			LOG.info("Online: " + online + ", wifi: " + wifi);
-			if ("".equals(country)) LOG.info("Country code unknown");
-			else LOG.info("Country code: " + country);
-		}
-
-		try {
-			if (!online) {
-				LOG.info("Disabling network, device is offline");
-				enableNetwork(false);
-			} else if (blocked) {
-				LOG.info("Disabling network, country is blocked");
-				enableNetwork(false);
-			} else if (network == PREF_TOR_NETWORK_NEVER
-					|| (network == PREF_TOR_NETWORK_WIFI && !wifi)) {
-				LOG.info("Disabling network due to data setting");
-				enableNetwork(false);
-			} else {
-				LOG.info("Enabling network");
-				enableNetwork(true);
-			}
-		} catch (IOException e) {
-			if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
-		}
-	}
-
-	private void scheduleConnectionStatusUpdate() {
-		Future<?> newConnectivityCheck =
-				scheduler.schedule(this::updateConnectionStatus, 1, MINUTES);
-		Future<?> oldConnectivityCheck =
-				connectivityCheck.getAndSet(newConnectivityCheck);
-		if (oldConnectivityCheck != null) oldConnectivityCheck.cancel(false);
-	}
-
 	private class NetworkStateReceiver extends BroadcastReceiver {
 
 		@Override
 		public void onReceive(Context ctx, Intent i) {
 			if (!running) return;
-			String action = i.getAction();
+			if (CONNECTIVITY_ACTION.equals(i.getAction())) {
-			if (LOG.isLoggable(INFO)) LOG.info("Received broadcast " + action);
+				LOG.info("Detected connectivity change");
-			updateConnectionStatus();
+				updateConnectionStatus();
-			if (ACTION_SCREEN_ON.equals(action)
-					|| ACTION_SCREEN_OFF.equals(action)) {
-				scheduleConnectionStatusUpdate();
 			}
 		}
 	}

bramble-android/src/main/java/org/briarproject/bramble/plugin/tor/TorPluginFactory.java

@@ -17,7 +17,6 @@ import org.briarproject.bramble.api.system.LocationUtils;
 import org.briarproject.bramble.util.AndroidUtils;
 
 import java.util.concurrent.Executor;
-import java.util.concurrent.ScheduledExecutorService;
 import java.util.logging.Logger;
 
 import javax.annotation.concurrent.Immutable;
@@ -37,7 +36,6 @@ public class TorPluginFactory implements DuplexPluginFactory {
 	private static final double BACKOFF_BASE = 1.2;
 
 	private final Executor ioExecutor;
-	private final ScheduledExecutorService scheduler;
 	private final Context appContext;
 	private final LocationUtils locationUtils;
 	private final DevReporter reporter;
@@ -45,13 +43,11 @@ public class TorPluginFactory implements DuplexPluginFactory {
 	private final SocketFactory torSocketFactory;
 	private final BackoffFactory backoffFactory;
 
-	public TorPluginFactory(Executor ioExecutor,
+	public TorPluginFactory(Executor ioExecutor, Context appContext,
-			ScheduledExecutorService scheduler, Context appContext,
 			LocationUtils locationUtils, DevReporter reporter,
 			EventBus eventBus, SocketFactory torSocketFactory,
 			BackoffFactory backoffFactory) {
 		this.ioExecutor = ioExecutor;
-		this.scheduler = scheduler;
 		this.appContext = appContext;
 		this.locationUtils = locationUtils;
 		this.reporter = reporter;
@@ -93,9 +89,9 @@ public class TorPluginFactory implements DuplexPluginFactory {
 
 		Backoff backoff = backoffFactory.createBackoff(MIN_POLLING_INTERVAL,
 				MAX_POLLING_INTERVAL, BACKOFF_BASE);
-		TorPlugin plugin = new TorPlugin(ioExecutor, scheduler, appContext,
+		TorPlugin plugin = new TorPlugin(ioExecutor, appContext, locationUtils,
-				locationUtils, reporter, torSocketFactory, backoff, callback,
+				reporter, torSocketFactory, backoff, callback, architecture,
-				architecture, MAX_LATENCY, MAX_IDLE_TIME);
+				MAX_LATENCY, MAX_IDLE_TIME);
 		eventBus.addListener(plugin);
 		return plugin;
 	}

bramble-android/src/main/java/org/briarproject/bramble/plugin/tor/TorTransportConnection.java

@@ -3,7 +3,6 @@ package org.briarproject.bramble.plugin.tor;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.Plugin;
 import org.briarproject.bramble.api.plugin.duplex.AbstractDuplexTransportConnection;
-import org.briarproject.bramble.util.IoUtils;
 
 import java.io.IOException;
 import java.io.InputStream;
@@ -22,12 +21,12 @@ class TorTransportConnection extends AbstractDuplexTransportConnection {
 
 	@Override
 	protected InputStream getInputStream() throws IOException {
-		return IoUtils.getInputStream(socket);
+		return socket.getInputStream();
 	}
 
 	@Override
 	protected OutputStream getOutputStream() throws IOException {
-		return IoUtils.getOutputStream(socket);
+		return socket.getOutputStream();
 	}
 
 	@Override

bramble-android/src/main/java/org/briarproject/bramble/system/AndroidExecutorImpl.java

@@ -27,11 +27,14 @@ class AndroidExecutorImpl implements AndroidExecutor {
 	@Inject
 	AndroidExecutorImpl(Application app) {
 		uiHandler = new Handler(app.getApplicationContext().getMainLooper());
-		loop = () -> {
+		loop = new Runnable() {
-			Looper.prepare();
+			@Override
-			backgroundHandler = new Handler();
+			public void run() {
-			startLatch.countDown();
+				Looper.prepare();
-			Looper.loop();
+				backgroundHandler = new Handler();
+				startLatch.countDown();
+				Looper.loop();
+			}
 		};
 	}
 

bramble-api/build.gradle

@@ -1,39 +1,30 @@
-apply plugin: 'java-library'
+apply plugin: 'java'
-sourceCompatibility = 1.8
+sourceCompatibility = 1.6
-targetCompatibility = 1.8
+targetCompatibility = 1.6
 
 apply plugin: 'witness'
 
 dependencies {
-	implementation "com.google.dagger:dagger:2.0.2"
+	compile "com.google.dagger:dagger:2.0.2"
-	implementation 'com.google.code.findbugs:jsr305:3.0.2'
+	compile 'com.google.dagger:dagger-compiler:2.0.2'
+	compile 'com.google.code.findbugs:jsr305:3.0.1'
 
-	testImplementation 'junit:junit:4.12'
+	testCompile 'junit:junit:4.12'
-	testImplementation "org.jmock:jmock:2.8.2"
+	testCompile "org.jmock:jmock:2.8.1"
-	testImplementation "org.jmock:jmock-junit4:2.8.2"
+	testCompile "org.jmock:jmock-junit4:2.8.1"
-	testImplementation "org.jmock:jmock-legacy:2.8.2"
+	testCompile "org.jmock:jmock-legacy:2.8.1"
-	testImplementation "org.hamcrest:hamcrest-library:1.3"
+	testCompile "org.hamcrest:hamcrest-library:1.3"
-	testImplementation "org.hamcrest:hamcrest-core:1.3"
+	testCompile "org.hamcrest:hamcrest-core:1.3"
 }
 
 dependencyVerification {
 	verify = [
-			'cglib:cglib:3.2.0:cglib-3.2.0.jar:adb13bab79712ad6bdf1bd59f2a3918018a8016e722e8a357065afb9e6690861',
+			'com.google.dagger:dagger:84c0282ed8be73a29e0475d639da030b55dee72369e58dd35ae7d4fe6243dcf9',
-			'com.google.code.findbugs:jsr305:3.0.2:jsr305-3.0.2.jar:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7',
+			'com.google.dagger:dagger-compiler:b74bc9de063dd4c6400b232231f2ef5056145b8fbecbf5382012007dd1c071b3',
-			'com.google.dagger:dagger:2.0.2:dagger-2.0.2.jar:84c0282ed8be73a29e0475d639da030b55dee72369e58dd35ae7d4fe6243dcf9',
+			'com.google.code.findbugs:jsr305:c885ce34249682bc0236b4a7d56efcc12048e6135a5baf7a9cde8ad8cda13fcd',
-			'javax.inject:javax.inject:1:javax.inject-1.jar:91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff',
+			'javax.inject:javax.inject:91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff',
-			'junit:junit:4.12:junit-4.12.jar:59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a',
+			'com.google.dagger:dagger-producers:99ec15e8a0507ba569e7655bc1165ee5e5ca5aa914b3c8f7e2c2458f724edd6b',
-			'org.apache.ant:ant-launcher:1.9.4:ant-launcher-1.9.4.jar:7bccea20b41801ca17bcbc909a78c835d0f443f12d639c77bd6ae3d05861608d',
+			'com.google.guava:guava:d664fbfc03d2e5ce9cab2a44fb01f1d0bf9dfebeccc1a473b1f9ea31f79f6f99',
-			'org.apache.ant:ant:1.9.4:ant-1.9.4.jar:649ae0730251de07b8913f49286d46bba7b92d47c5f332610aa426c4f02161d8',
-			'org.beanshell:bsh:1.3.0:bsh-1.3.0.jar:9b04edc75d19db54f1b4e8b5355e9364384c6cf71eb0a1b9724c159d779879f8',
-			'org.hamcrest:hamcrest-core:1.3:hamcrest-core-1.3.jar:66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9',
-			'org.hamcrest:hamcrest-library:1.3:hamcrest-library-1.3.jar:711d64522f9ec410983bd310934296da134be4254a125080a0416ec178dfad1c',
-			'org.jmock:jmock-junit4:2.8.2:jmock-junit4-2.8.2.jar:f7ee4df4f7bd7b7f1cafad3b99eb74d579f109d5992ff625347352edb55e674c',
-			'org.jmock:jmock-legacy:2.8.2:jmock-legacy-2.8.2.jar:f2b985a5c08a9edb7f37612330c058809da3f6a6d63ce792426ebf8ff0d6d31b',
-			'org.jmock:jmock-testjar:2.8.2:jmock-testjar-2.8.2.jar:8900860f72c474e027cf97fe78dcbf154a1aa7fc62b6845c5fb4e4f3c7bc8760',
-			'org.jmock:jmock:2.8.2:jmock-2.8.2.jar:6c73cb4a2e6dbfb61fd99c9a768539c170ab6568e57846bd60dbf19596b65b16',
-			'org.objenesis:objenesis:2.1:objenesis-2.1.jar:c74330cc6b806c804fd37e74487b4fe5d7c2750c5e15fbc6efa13bdee1bdef80',
-			'org.ow2.asm:asm:5.0.4:asm-5.0.4.jar:896618ed8ae62702521a78bc7be42b7c491a08e6920a15f89a3ecdec31e9a220',
 	]
 }
 
@@ -48,8 +39,3 @@ task jarTest(type: Jar, dependsOn: testClasses) {
 artifacts {
 	testOutput jarTest
 }
-
-// If a Java 6 JRE is available, check we're not using any Java 7 or 8 APIs
-tasks.withType(JavaCompile) {
-	useJava6StandardLibrary(it)
-}

bramble-api/src/main/java/org/briarproject/bramble/api/Bytes.java

@@ -1,7 +1,6 @@
 package org.briarproject.bramble.api;
 
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.briarproject.bramble.util.StringUtils;
 
 import java.util.Arrays;
 import java.util.Comparator;
@@ -54,12 +53,6 @@ public class Bytes implements Comparable<Bytes> {
 		return aBytes.length - bBytes.length;
 	}
 
-	@Override
-	public String toString() {
-		return getClass().getSimpleName() +
-				"(" + StringUtils.toHexString(getBytes()) + ")";
-	}
-
 	public static class BytesComparator implements Comparator<Bytes> {
 
 		@Override

bramble-api/src/main/java/org/briarproject/bramble/api/Multiset.java

@@ -1,101 +0,0 @@
-package org.briarproject.bramble.api;
-
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.NoSuchElementException;
-import java.util.Set;
-
-import javax.annotation.concurrent.NotThreadSafe;
-
-@NotThreadSafe
-@NotNullByDefault
-public class Multiset<T> {
-
-	private final Map<T, Integer> map = new HashMap<>();
-
-	private int total = 0;
-
-	/**
-	 * Returns how many items the multiset contains in total.
-	 */
-	public int getTotal() {
-		return total;
-	}
-
-	/**
-	 * Returns how many unique items the multiset contains.
-	 */
-	public int getUnique() {
-		return map.size();
-	}
-
-	/**
-	 * Returns how many of the given item the multiset contains.
-	 */
-	public int getCount(T t) {
-		Integer count = map.get(t);
-		return count == null ? 0 : count;
-	}
-
-	/**
-	 * Adds the given item to the multiset and returns how many of the item
-	 * the multiset now contains.
-	 */
-	public int add(T t) {
-		Integer count = map.get(t);
-		if (count == null) count = 0;
-		map.put(t, count + 1);
-		total++;
-		return count + 1;
-	}
-
-	/**
-	 * Removes the given item from the multiset and returns how many of the
-	 * item the multiset now contains.
-	 * @throws NoSuchElementException if the item is not in the multiset.
-	 */
-	public int remove(T t) {
-		Integer count = map.get(t);
-		if (count == null) throw new NoSuchElementException();
-		if (count == 1) map.remove(t);
-		else map.put(t, count - 1);
-		total--;
-		return count - 1;
-	}
-
-	/**
-	 * Removes all occurrences of the given item from the multiset.
-	 */
-	public int removeAll(T t) {
-		Integer count = map.remove(t);
-		if (count == null) return 0;
-		total -= count;
-		return count;
-	}
-
-	/**
-	 * Returns true if the multiset contains any occurrences of the given item.
-	 */
-	public boolean contains(T t) {
-		return map.containsKey(t);
-	}
-
-	/**
-	 * Removes all items from the multiset.
-	 */
-	public void clear() {
-		map.clear();
-		total = 0;
-	}
-
-	/**
-	 * Returns the set of unique items the multiset contains. The returned set
-	 * is unmodifiable.
-	 */
-	public Set<T> keySet() {
-		return Collections.unmodifiableSet(map.keySet());
-	}
-}

bramble-api/src/main/java/org/briarproject/bramble/api/UnsupportedVersionException.java

@@ -1,9 +0,0 @@
-package org.briarproject.bramble.api;
-
-import java.io.IOException;
-
-/**
- * An exception that indicates an unrecoverable version mismatch.
- */
-public class UnsupportedVersionException extends IOException {
-}

bramble-api/src/main/java/org/briarproject/bramble/api/client/BdfMessageContext.java

@@ -23,7 +23,7 @@ public class BdfMessageContext {
 	}
 
 	public BdfMessageContext(BdfDictionary dictionary) {
-		this(dictionary, Collections.emptyList());
+		this(dictionary, Collections.<MessageId>emptyList());
 	}
 
 	public BdfDictionary getDictionary() {

bramble-api/src/main/java/org/briarproject/bramble/api/client/ClientHelper.java

@@ -5,7 +5,6 @@ import org.briarproject.bramble.api.data.BdfDictionary;
 import org.briarproject.bramble.api.data.BdfList;
 import org.briarproject.bramble.api.db.DbException;
 import org.briarproject.bramble.api.db.Transaction;
-import org.briarproject.bramble.api.identity.Author;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.sync.GroupId;
 import org.briarproject.bramble.api.sync.Message;
@@ -94,13 +93,10 @@ public interface ClientHelper {
 
 	BdfList toList(Message m) throws FormatException;
 
-	BdfList toList(Author a);
-
 	byte[] sign(String label, BdfList toSign, byte[] privateKey)
 			throws FormatException, GeneralSecurityException;
 
 	void verifySignature(String label, byte[] sig, byte[] publicKey,
 			BdfList signed) throws FormatException, GeneralSecurityException;
 
-	Author parseAndValidateAuthor(BdfList author) throws FormatException;
 }

bramble-api/src/main/java/org/briarproject/bramble/api/client/ContactGroupFactory.java

@@ -12,19 +12,18 @@ public interface ContactGroupFactory {
 	/**
 	 * Creates a group that is not shared with any contacts.
 	 */
-	Group createLocalGroup(ClientId clientId, int clientVersion);
+	Group createLocalGroup(ClientId clientId);
 
 	/**
 	 * Creates a group for the given client to share with the given contact.
 	 */
-	Group createContactGroup(ClientId clientId, int clientVersion,
+	Group createContactGroup(ClientId clientId, Contact contact);
-			Contact contact);
 
 	/**
 	 * Creates a group for the given client to share between the given authors
 	 * identified by their AuthorIds.
 	 */
-	Group createContactGroup(ClientId clientId, int clientVersion,
+	Group createContactGroup(ClientId clientId, AuthorId authorId1,
-			AuthorId authorId1, AuthorId authorId2);
+			AuthorId authorId2);
 
 }

bramble-api/src/main/java/org/briarproject/bramble/api/contact/ContactExchangeTask.java

@@ -12,32 +12,6 @@ import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
 @NotNullByDefault
 public interface ContactExchangeTask {
 
-	/**
-	 * The current version of the contact exchange protocol
-	 */
-	int PROTOCOL_VERSION = 0;
-
-	/**
-	 * Label for deriving Alice's header key from the master secret.
-	 */
-	String ALICE_KEY_LABEL =
-			"org.briarproject.bramble.contact/ALICE_HEADER_KEY";
-
-	/**
-	 * Label for deriving Bob's header key from the master secret.
-	 */
-	String BOB_KEY_LABEL = "org.briarproject.bramble.contact/BOB_HEADER_KEY";
-
-	/**
-	 * Label for deriving Alice's key binding nonce from the master secret.
-	 */
-	String ALICE_NONCE_LABEL = "org.briarproject.bramble.contact/ALICE_NONCE";
-
-	/**
-	 * Label for deriving Bob's key binding nonce from the master secret.
-	 */
-	String BOB_NONCE_LABEL = "org.briarproject.bramble.contact/BOB_NONCE";
-
 	/**
 	 * Exchanges contact information with a remote peer.
 	 */

bramble-api/src/main/java/org/briarproject/bramble/api/crypto/CryptoComponent.java

@@ -1,17 +1,17 @@
 package org.briarproject.bramble.api.crypto;
 
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.transport.TransportKeys;
 
 import java.security.GeneralSecurityException;
 import java.security.SecureRandom;
 
-import javax.annotation.Nullable;
-
-@NotNullByDefault
 public interface CryptoComponent {
 
 	SecretKey generateSecretKey();
 
+	PseudoRandom getPseudoRandom(int seed1, int seed2);
+
 	SecureRandom getSecureRandom();
 
 	KeyPair generateAgreementKeyPair();
@@ -24,47 +24,136 @@ public interface CryptoComponent {
 
 	KeyParser getMessageKeyParser();
 
+	/** Generates a random invitation code. */
+	int generateBTInvitationCode();
+
 	/**
-	 * Derives another secret key from the given secret key.
+	 * Derives a confirmation code from the given master secret.
-	 *
+	 * @param alice whether the code is for use by Alice or Bob.
-	 * @param label a namespaced label indicating the purpose of the derived
-	 * key, to prevent it from being repurposed or colliding with a key derived
-	 * for another purpose
 	 */
-	SecretKey deriveKey(String label, SecretKey k, byte[]... inputs);
+	int deriveBTConfirmationCode(SecretKey master, boolean alice);
+
+	/**
+	 * Derives a stream header key from the given master secret.
+	 * @param alice whether the key is for use by Alice or Bob.
+	 */
+	SecretKey deriveHeaderKey(SecretKey master, boolean alice);
+
+	/**
+	 * Derives a message authentication code key from the given master secret.
+	 * @param alice whether the key is for use by Alice or Bob.
+	 */
+	SecretKey deriveMacKey(SecretKey master, boolean alice);
+
+	/**
+	 * Derives a nonce from the given master secret for one of the parties to
+	 * sign.
+	 * @param alice whether the nonce is for use by Alice or Bob.
+	 */
+	byte[] deriveSignatureNonce(SecretKey master, boolean alice);
+
+	/**
+	 * Derives a commitment to the provided public key.
+	 * <p/>
+	 * Part of BQP.
+	 *
+	 * @param publicKey the public key
+	 * @return the commitment to the provided public key.
+	 */
+	byte[] deriveKeyCommitment(byte[] publicKey);
 
 	/**
 	 * Derives a common shared secret from two public keys and one of the
 	 * corresponding private keys.
+	 * <p/>
+	 * Part of BQP.
 	 *
-	 * @param label a namespaced label indicating the purpose of this shared
+	 * @param theirPublicKey the ephemeral public key of the remote party
-	 * secret, to prevent it from being repurposed or colliding with a shared
+	 * @param ourKeyPair our ephemeral keypair
-	 * secret derived for another purpose
+	 * @param alice true if ourKeyPair belongs to Alice
-	 * @param theirPublicKey the public key of the remote party
-	 * @param ourKeyPair the key pair of the local party
 	 * @return the shared secret
+	 * @throws GeneralSecurityException
 	 */
-	SecretKey deriveSharedSecret(String label, PublicKey theirPublicKey,
+	SecretKey deriveSharedSecret(byte[] theirPublicKey, KeyPair ourKeyPair,
-			KeyPair ourKeyPair, byte[]... inputs)
+			boolean alice) throws GeneralSecurityException;
-			throws GeneralSecurityException;
 
 	/**
-	 * Signs the given byte[] with the given private key.
+	 * Derives the content of a confirmation record.
+	 * <p/>
+	 * Part of BQP.
 	 *
-	 * @param label a namespaced label indicating the purpose of this
+	 * @param sharedSecret the common shared secret
-	 * signature, to prevent it from being repurposed or colliding with a
+	 * @param theirPayload the commit payload from the remote party
-	 * signature created for another purpose
+	 * @param ourPayload the commit payload we sent
+	 * @param theirPublicKey the ephemeral public key of the remote party
+	 * @param ourKeyPair our ephemeral keypair
+	 * @param alice true if ourKeyPair belongs to Alice
+	 * @param aliceRecord true if the confirmation record is for use by Alice
+	 * @return the confirmation record
+	 */
+	byte[] deriveConfirmationRecord(SecretKey sharedSecret,
+			byte[] theirPayload, byte[] ourPayload,
+			byte[] theirPublicKey, KeyPair ourKeyPair,
+			boolean alice, boolean aliceRecord);
+
+	/**
+	 * Derives a master secret from the given shared secret.
+	 * <p/>
+	 * Part of BQP.
+	 *
+	 * @param sharedSecret the common shared secret
+	 * @return the master secret
+	 */
+	SecretKey deriveMasterSecret(SecretKey sharedSecret);
+
+	/**
+	 * Derives a master secret from two public keys and one of the corresponding
+	 * private keys.
+	 * <p/>
+	 * This is a helper method that calls
+	 * deriveMasterSecret(deriveSharedSecret(theirPublicKey, ourKeyPair, alice))
+	 *
+	 * @param theirPublicKey the ephemeral public key of the remote party
+	 * @param ourKeyPair our ephemeral keypair
+	 * @param alice true if ourKeyPair belongs to Alice
+	 * @return the shared secret
+	 * @throws GeneralSecurityException
+	 */
+	SecretKey deriveMasterSecret(byte[] theirPublicKey, KeyPair ourKeyPair,
+			boolean alice) throws GeneralSecurityException;
+
+	/**
+	 * Derives initial transport keys for the given transport in the given
+	 * rotation period from the given master secret.
+	 * @param alice whether the keys are for use by Alice or Bob.
+	 */
+	TransportKeys deriveTransportKeys(TransportId t, SecretKey master,
+			long rotationPeriod, boolean alice);
+
+	/**
+	 * Rotates the given transport keys to the given rotation period. If the
+	 * keys are for a future rotation period they are not rotated.
+	 */
+	TransportKeys rotateTransportKeys(TransportKeys k, long rotationPeriod);
+
+	/** Encodes the pseudo-random tag that is used to recognise a stream. */
+	void encodeTag(byte[] tag, SecretKey tagKey, long streamNumber);
+
+	/**
+	 * Signs the given byte[] with the given PrivateKey.
+	 *
+	 * @param label A label specific to this signature
+	 *              to ensure that the signature cannot be repurposed
 	 */
 	byte[] sign(String label, byte[] toSign, byte[] privateKey)
 			throws GeneralSecurityException;
 
 	/**
-	 * Verifies that the given signature is valid for the signed data
+	 * Verifies that the given signature is valid for the signedData
-	 * and the given public key.
+	 * and the given publicKey.
 	 *
-	 * @param label a namespaced label indicating the purpose of this
+	 * @param label A label that was specific to this signature
-	 * signature, to prevent it from being repurposed or colliding with a
+	 *              to ensure that the signature cannot be repurposed
-	 * signature created for another purpose
 	 * @return true if the signature was valid, false otherwise.
 	 */
 	boolean verify(String label, byte[] signedData, byte[] publicKey,
@@ -74,22 +163,23 @@ public interface CryptoComponent {
 	 * Returns the hash of the given inputs. The inputs are unambiguously
 	 * combined by prefixing each input with its length.
 	 *
-	 * @param label a namespaced label indicating the purpose of this hash, to
+	 * @param label A label specific to this hash to ensure that hashes
-	 * prevent it from being repurposed or colliding with a hash created for
+	 *              calculated for distinct purposes don't collide.
-	 * another purpose
 	 */
 	byte[] hash(String label, byte[]... inputs);
 
+	/**
+	 * Returns the length of hashes produced by
+	 * the {@link CryptoComponent#hash(String, byte[]...)} method.
+	 */
+	int getHashLength();
+
 	/**
 	 * Returns a message authentication code with the given key over the
 	 * given inputs. The inputs are unambiguously combined by prefixing each
 	 * input with its length.
-	 *
-	 * @param label a namespaced label indicating the purpose of this MAC, to
-	 * prevent it from being repurposed or colliding with a MAC created for
-	 * another purpose
 	 */
-	byte[] mac(String label, SecretKey macKey, byte[]... inputs);
+	byte[] mac(SecretKey macKey, byte[]... inputs);
 
 	/**
 	 * Encrypts and authenticates the given plaintext so it can be written to
@@ -105,7 +195,6 @@ public interface CryptoComponent {
 	 * given password. Returns null if the ciphertext cannot be decrypted and
 	 * authenticated (for example, if the password is wrong).
 	 */
-	@Nullable
 	byte[] decryptWithPassword(byte[] ciphertext, String password);
 
 	/**

bramble-api/src/main/java/org/briarproject/bramble/api/crypto/CryptoConstants.java

@@ -1,19 +0,0 @@
-package org.briarproject.bramble.api.crypto;
-
-public interface CryptoConstants {
-
-	/**
-	 * The maximum length of an agreement public key in bytes.
-	 */
-	int MAX_AGREEMENT_PUBLIC_KEY_BYTES = 32;
-
-	/**
-	 * The maximum length of a signature public key in bytes.
-	 */
-	int MAX_SIGNATURE_PUBLIC_KEY_BYTES = 32;
-
-	/**
-	 * The maximum length of a signature in bytes.
-	 */
-	int MAX_SIGNATURE_BYTES = 64;
-}

bramble-api/src/main/java/org/briarproject/bramble/api/crypto/KeyAgreementCrypto.java

@@ -1,50 +0,0 @@
-package org.briarproject.bramble.api.crypto;
-
-/**
- * Crypto operations for the key agreement protocol - see
- * https://code.briarproject.org/akwizgran/briar-spec/blob/master/protocols/BQP.md
- */
-public interface KeyAgreementCrypto {
-
-	/**
-	 * Hash label for public key commitment.
-	 */
-	String COMMIT_LABEL = "org.briarproject.bramble.keyagreement/COMMIT";
-
-	/**
-	 * Key derivation label for confirmation record.
-	 */
-	String CONFIRMATION_KEY_LABEL =
-			"org.briarproject.bramble.keyagreement/CONFIRMATION_KEY";
-
-	/**
-	 * MAC label for confirmation record.
-	 */
-	String CONFIRMATION_MAC_LABEL =
-			"org.briarproject.bramble.keyagreement/CONFIRMATION_MAC";
-
-	/**
-	 * Derives a commitment to the provided public key.
-	 *
-	 * @param publicKey the public key
-	 * @return the commitment to the provided public key.
-	 */
-	byte[] deriveKeyCommitment(PublicKey publicKey);
-
-	/**
-	 * Derives the content of a confirmation record.
-	 *
-	 * @param sharedSecret the common shared secret
-	 * @param theirPayload the key exchange payload of the remote party
-	 * @param ourPayload the key exchange payload of the local party
-	 * @param theirPublicKey the ephemeral public key of the remote party
-	 * @param ourKeyPair our ephemeral key pair of the local party
-	 * @param alice true if the local party is Alice
-	 * @param aliceRecord true if the confirmation record is for use by Alice
-	 * @return the confirmation record
-	 */
-	byte[] deriveConfirmationRecord(SecretKey sharedSecret,
-			byte[] theirPayload, byte[] ourPayload,
-			PublicKey theirPublicKey, KeyPair ourKeyPair,
-			boolean alice, boolean aliceRecord);
-}

bramble-api/src/main/java/org/briarproject/bramble/api/crypto/PseudoRandom.java

@@ -0,0 +1,12 @@
+package org.briarproject.bramble.api.crypto;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+/**
+ * A deterministic pseudo-random number generator.
+ */
+@NotNullByDefault
+public interface PseudoRandom {
+
+	byte[] nextBytes(int bytes);
+}

bramble-api/src/main/java/org/briarproject/bramble/api/crypto/StreamDecrypterFactory.java

@@ -14,9 +14,8 @@ public interface StreamDecrypterFactory {
 	StreamDecrypter createStreamDecrypter(InputStream in, StreamContext ctx);
 
 	/**
-	 * Creates a {@link StreamDecrypter} for decrypting a contact exchange
+	 * Creates a {@link StreamDecrypter} for decrypting an invitation stream.
-	 * stream.
 	 */
-	StreamDecrypter createContactExchangeStreamDecrypter(InputStream in,
+	StreamDecrypter createInvitationStreamDecrypter(InputStream in,
 			SecretKey headerKey);
 }

bramble-api/src/main/java/org/briarproject/bramble/api/crypto/StreamEncrypterFactory.java

@@ -14,9 +14,8 @@ public interface StreamEncrypterFactory {
 	StreamEncrypter createStreamEncrypter(OutputStream out, StreamContext ctx);
 
 	/**
-	 * Creates a {@link StreamEncrypter} for encrypting a contact exchange
+	 * Creates a {@link StreamEncrypter} for encrypting an invitation stream.
-	 * stream.
 	 */
-	StreamEncrypter createContactExchangeStreamDecrypter(OutputStream out,
+	StreamEncrypter createInvitationStreamEncrypter(OutputStream out,
 			SecretKey headerKey);
 }

bramble-api/src/main/java/org/briarproject/bramble/api/crypto/TransportCrypto.java

@@ -1,32 +0,0 @@
-package org.briarproject.bramble.api.crypto;
-
-import org.briarproject.bramble.api.plugin.TransportId;
-import org.briarproject.bramble.api.transport.TransportKeys;
-
-/**
- * Crypto operations for the transport security protocol - see
- * https://code.briarproject.org/akwizgran/briar-spec/blob/master/protocols/BTP.md
- */
-public interface TransportCrypto {
-
-	/**
-	 * Derives initial transport keys for the given transport in the given
-	 * rotation period from the given master secret.
-	 *
-	 * @param alice whether the keys are for use by Alice or Bob.
-	 */
-	TransportKeys deriveTransportKeys(TransportId t, SecretKey master,
-			long rotationPeriod, boolean alice);
-
-	/**
-	 * Rotates the given transport keys to the given rotation period. If the
-	 * keys are for the given period or any later period they are not rotated.
-	 */
-	TransportKeys rotateTransportKeys(TransportKeys k, long rotationPeriod);
-
-	/**
-	 * Encodes the pseudo-random tag that is used to recognise a stream.
-	 */
-	void encodeTag(byte[] tag, SecretKey tagKey, int protocolVersion,
-			long streamNumber);
-}

bramble-api/src/main/java/org/briarproject/bramble/api/data/BdfDictionary.java

@@ -4,14 +4,11 @@ import org.briarproject.bramble.api.Bytes;
 import org.briarproject.bramble.api.FormatException;
 
 import java.util.Map;
-import java.util.Map.Entry;
+import java.util.concurrent.ConcurrentSkipListMap;
-import java.util.TreeMap;
 
 import javax.annotation.Nullable;
-import javax.annotation.concurrent.NotThreadSafe;
 
-@NotThreadSafe
+public class BdfDictionary extends ConcurrentSkipListMap<String, Object> {
-public class BdfDictionary extends TreeMap<String, Object> {
 
 	public static final Object NULL_VALUE = new Object();
 

bramble-api/src/main/java/org/briarproject/bramble/api/data/BdfList.java

@@ -3,17 +3,15 @@ package org.briarproject.bramble.api.data;
 import org.briarproject.bramble.api.Bytes;
 import org.briarproject.bramble.api.FormatException;
 
-import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
+import java.util.Vector;
 
 import javax.annotation.Nullable;
-import javax.annotation.concurrent.NotThreadSafe;
 
 import static org.briarproject.bramble.api.data.BdfDictionary.NULL_VALUE;
 
-@NotThreadSafe
+public class BdfList extends Vector<Object> {
-public class BdfList extends ArrayList<Object> {
 
 	/**
 	 * Factory method for constructing lists inline.

bramble-api/src/main/java/org/briarproject/bramble/api/data/ObjectReader.java

@@ -0,0 +1,11 @@
+package org.briarproject.bramble.api.data;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+import java.io.IOException;
+
+@NotNullByDefault
+public interface ObjectReader<T> {
+
+	T readObject(BdfReader r) throws IOException;
+}

bramble-api/src/main/java/org/briarproject/bramble/api/db/DataTooNewException.java

@@ -1,7 +0,0 @@
-package org.briarproject.bramble.api.db;
-
-/**
- * Thrown when the database uses a newer schema than the current code.
- */
-public class DataTooNewException extends DbException {
-}

bramble-api/src/main/java/org/briarproject/bramble/api/db/DataTooOldException.java

@@ -1,8 +0,0 @@
-package org.briarproject.bramble.api.db;
-
-/**
- * Thrown when the database uses an older schema than the current code and
- * cannot be migrated.
- */
-public class DataTooOldException extends DbException {
-}

bramble-api/src/main/java/org/briarproject/bramble/api/db/DatabaseComponent.java

@@ -37,11 +37,6 @@ public interface DatabaseComponent {
 
 	/**
 	 * Opens the database and returns true if the database already existed.
-	 *
-	 * @throws DataTooNewException if the data uses a newer schema than the
-	 * current code
-	 * @throws DataTooOldException if the data uses an older schema than the
-	 * current code and cannot be migrated
 	 */
 	boolean open() throws DbException;
 
@@ -127,9 +122,8 @@ public interface DatabaseComponent {
 			throws DbException;
 
 	/**
-	 * Deletes the message with the given ID. Unlike
+	 * Deletes the message with the given ID. The message ID and any other
-	 * {@link #removeMessage(Transaction, MessageId)}, the message ID and any
+	 * associated data are not deleted.
-	 * other associated data are not deleted.
 	 */
 	void deleteMessage(Transaction txn, MessageId m) throws DbException;
 
@@ -378,16 +372,6 @@ public interface DatabaseComponent {
 	MessageStatus getMessageStatus(Transaction txn, ContactId c, MessageId m)
 			throws DbException;
 
-	/*
-	 * Returns the next time (in milliseconds since the Unix epoch) when a
-	 * message is due to be sent to the given contact. The returned value may
-	 * be zero if a message is due to be sent immediately, or Long.MAX_VALUE if
-	 * no messages are scheduled to be sent.
-	 * <p/>
-	 * Read-only.
-	 */
-	long getNextSendTime(Transaction txn, ContactId c) throws DbException;
-
 	/**
 	 * Returns all settings in the given namespace.
 	 * <p/>
@@ -468,11 +452,6 @@ public interface DatabaseComponent {
 	 */
 	void removeLocalAuthor(Transaction txn, AuthorId a) throws DbException;
 
-	/**
-	 * Removes a message (and all associated state) from the database.
-	 */
-	void removeMessage(Transaction txn, MessageId m) throws DbException;
-
 	/**
 	 * Removes a transport (and all associated state) from the database.
 	 */

bramble-api/src/main/java/org/briarproject/bramble/api/db/Metadata.java

@@ -1,11 +1,11 @@
 package org.briarproject.bramble.api.db;
 
-import java.util.TreeMap;
+import java.util.Hashtable;
 
-import javax.annotation.concurrent.NotThreadSafe;
+import javax.annotation.concurrent.ThreadSafe;
 
-@NotThreadSafe
+@ThreadSafe
-public class Metadata extends TreeMap<String, byte[]> {
+public class Metadata extends Hashtable<String, byte[]> {
 
 	/**
 	 * Special value to indicate that a key is being removed.

bramble-api/src/main/java/org/briarproject/bramble/api/db/Transaction.java

@@ -45,7 +45,7 @@ public class Transaction {
 	 * committed.
 	 */
 	public void attach(Event e) {
-		if (events == null) events = new ArrayList<>();
+		if (events == null) events = new ArrayList<Event>();
 		events.add(e);
 	}
 

bramble-api/src/main/java/org/briarproject/bramble/api/identity/Author.java

@@ -1,13 +1,11 @@
 package org.briarproject.bramble.api.identity;
 
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.briarproject.bramble.util.StringUtils;
+
+import java.io.UnsupportedEncodingException;
 
 import javax.annotation.concurrent.Immutable;
 
-import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_AUTHOR_NAME_LENGTH;
-import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_PUBLIC_KEY_LENGTH;
-
 /**
  * A pseudonym for a user.
  */
@@ -19,25 +17,20 @@ public class Author {
 		NONE, ANONYMOUS, UNKNOWN, UNVERIFIED, VERIFIED, OURSELVES
 	}
 
-	/**
-	 * The current version of the author structure.
-	 */
-	public static final int FORMAT_VERSION = 1;
-
 	private final AuthorId id;
-	private final int formatVersion;
 	private final String name;
 	private final byte[] publicKey;
 
-	public Author(AuthorId id, int formatVersion, String name,
+	public Author(AuthorId id, String name, byte[] publicKey) {
-			byte[] publicKey) {
+		int length;
-		int nameLength = StringUtils.toUtf8(name).length;
+		try {
-		if (nameLength == 0 || nameLength > MAX_AUTHOR_NAME_LENGTH)
+			length = name.getBytes("UTF-8").length;
-			throw new IllegalArgumentException();
+		} catch (UnsupportedEncodingException e) {
-		if (publicKey.length == 0 || publicKey.length > MAX_PUBLIC_KEY_LENGTH)
+			throw new RuntimeException(e);
+		}
+		if (length == 0 || length > AuthorConstants.MAX_AUTHOR_NAME_LENGTH)
 			throw new IllegalArgumentException();
 		this.id = id;
-		this.formatVersion = formatVersion;
 		this.name = name;
 		this.publicKey = publicKey;
 	}
@@ -49,13 +42,6 @@ public class Author {
 		return id;
 	}
 
-	/**
-	 * Returns the version of the author structure used to create the author.
-	 */
-	public int getFormatVersion() {
-		return formatVersion;
-	}
-
 	/**
 	 * Returns the author's name.
 	 */

bramble-api/src/main/java/org/briarproject/bramble/api/identity/AuthorConstants.java

@@ -1,8 +1,5 @@
 package org.briarproject.bramble.api.identity;
 
-import static org.briarproject.bramble.api.crypto.CryptoConstants.MAX_SIGNATURE_BYTES;
-import static org.briarproject.bramble.api.crypto.CryptoConstants.MAX_SIGNATURE_PUBLIC_KEY_BYTES;
-
 public interface AuthorConstants {
 
 	/**
@@ -11,14 +8,26 @@ public interface AuthorConstants {
 	int MAX_AUTHOR_NAME_LENGTH = 50;
 
 	/**
-	 * The maximum length of a public key in bytes. This applies to the
+	 * The maximum length of a public key in bytes.
-	 * signature algorithm used by the current {@link Author format version}.
+	 * <p>
+	 * Public keys use SEC1 format: 0x04 x y, where x and y are unsigned
+	 * big-endian integers.
+	 * <p>
+	 * For a 256-bit elliptic curve, the maximum length is 2 * 256 / 8 + 1.
 	 */
-	int MAX_PUBLIC_KEY_LENGTH = MAX_SIGNATURE_PUBLIC_KEY_BYTES;
+	int MAX_PUBLIC_KEY_LENGTH = 65;
 
 	/**
-	 * The maximum length of a signature in bytes. This applies to the
+	 * The maximum length of a signature in bytes.
-	 * signature algorithm used by the current {@link Author format version}.
+	 * <p>
+	 * A signature is an ASN.1 DER sequence containing two integers, r and s.
+	 * The format is 0x30 len1 0x02 len2 r 0x02 len3 s, where len1 is
+	 * len(0x02 len2 r 0x02 len3 s) as a DER length, len2 is len(r) as a DER
+	 * length, len3 is len(s) as a DER length, and r and s are signed
+	 * big-endian integers of minimal length.
+	 * <p>
+	 * For a 256-bit elliptic curve, the lengths are one byte each, so the
+	 * maximum length is 2 * 256 / 8 + 8.
 	 */
-	int MAX_SIGNATURE_LENGTH = MAX_SIGNATURE_BYTES;
+	int MAX_SIGNATURE_LENGTH = 72;
 }

bramble-api/src/main/java/org/briarproject/bramble/api/identity/AuthorFactory.java

@@ -5,27 +5,8 @@ import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 @NotNullByDefault
 public interface AuthorFactory {
 
-	/**
-	 * Creates an author with the current format version and the given name and
-	 * public key.
-	 */
 	Author createAuthor(String name, byte[] publicKey);
 
-	/**
-	 * Creates an author with the given format version, name and public key.
-	 */
-	Author createAuthor(int formatVersion, String name, byte[] publicKey);
-
-	/**
-	 * Creates a local author with the current format version and the given
-	 * name and keys.
-	 */
 	LocalAuthor createLocalAuthor(String name, byte[] publicKey,
 			byte[] privateKey);
-
-	/**
-	 * Creates a local author with the given format version, name and keys.
-	 */
-	LocalAuthor createLocalAuthor(int formatVersion, String name,
-			byte[] publicKey, byte[] privateKey);
 }

bramble-api/src/main/java/org/briarproject/bramble/api/identity/AuthorId.java

@@ -16,7 +16,7 @@ public class AuthorId extends UniqueId {
 	/**
 	 * Label for hashing authors to calculate their identities.
 	 */
-	public static final String LABEL = "org.briarproject.bramble/AUTHOR_ID";
+	public static final String LABEL = "org.briarproject.bramble.AUTHOR_ID";
 
 	public AuthorId(byte[] id) {
 		super(id);

bramble-api/src/main/java/org/briarproject/bramble/api/identity/LocalAuthor.java

@@ -14,9 +14,9 @@ public class LocalAuthor extends Author {
 	private final byte[] privateKey;
 	private final long created;
 
-	public LocalAuthor(AuthorId id, int formatVersion, String name,
+	public LocalAuthor(AuthorId id, String name, byte[] publicKey,
-			byte[] publicKey, byte[] privateKey, long created) {
+			byte[] privateKey, long created) {
-		super(id, formatVersion, name, publicKey);
+		super(id, name, publicKey);
 		this.privateKey = privateKey;
 		this.created = created;
 	}

bramble-api/src/main/java/org/briarproject/bramble/api/invitation/InvitationConstants.java

@@ -0,0 +1,20 @@
+package org.briarproject.bramble.api.invitation;
+
+public interface InvitationConstants {
+
+	/**
+	 * The connection timeout in milliseconds.
+	 */
+	long CONNECTION_TIMEOUT = 60 * 1000;
+
+	/**
+	 * The confirmation timeout in milliseconds.
+	 */
+	long CONFIRMATION_TIMEOUT = 60 * 1000;
+
+	/**
+	 * The number of bits in an invitation or confirmation code. Codes must fit
+	 * into six decimal digits.
+	 */
+	int CODE_BITS = 19;
+}

bramble-api/src/main/java/org/briarproject/bramble/api/invitation/InvitationListener.java

@@ -0,0 +1,47 @@
+package org.briarproject.bramble.api.invitation;
+
+/**
+ * An interface for receiving updates about the state of an
+ * {@link InvitationTask}.
+ */
+public interface InvitationListener {
+
+	/** Called if a connection to the remote peer is established. */
+	void connectionSucceeded();
+
+	/**
+	 * Called if a connection to the remote peer cannot be established. This
+	 * indicates that the protocol has ended unsuccessfully.
+	 */
+	void connectionFailed();
+
+	/** Called if key agreement with the remote peer succeeds. */
+	void keyAgreementSucceeded(int localCode, int remoteCode);
+
+	/**
+	 * Called if key agreement with the remote peer fails or the connection is
+	 * lost. This indicates that the protocol has ended unsuccessfully.
+	 */
+	void keyAgreementFailed();
+
+	/** Called if the remote peer's confirmation check succeeds. */
+	void remoteConfirmationSucceeded();
+
+	/**
+	 * Called if remote peer's confirmation check fails or the connection is
+	 * lost. This indicates that the protocol has ended unsuccessfully.
+	 */
+	void remoteConfirmationFailed();
+
+	/**
+	 * Called if the exchange of pseudonyms succeeds. This indicates that the
+	 * protocol has ended successfully.
+	 */
+	void pseudonymExchangeSucceeded(String remoteName);
+
+	/**
+	 * Called if the exchange of pseudonyms fails or the connection is lost.
+	 * This indicates that the protocol has ended unsuccessfully.
+	 */
+	void pseudonymExchangeFailed();
+}

bramble-api/src/main/java/org/briarproject/bramble/api/invitation/InvitationState.java

@@ -0,0 +1,85 @@
+package org.briarproject.bramble.api.invitation;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+import javax.annotation.Nullable;
+import javax.annotation.concurrent.Immutable;
+
+/**
+ * A snapshot of the state of an {@link InvitationTask}.
+ */
+@Immutable
+@NotNullByDefault
+public class InvitationState {
+
+	private final int localInvitationCode, remoteInvitationCode;
+	private final int localConfirmationCode, remoteConfirmationCode;
+	private final boolean connected, connectionFailed;
+	private final boolean localCompared, remoteCompared;
+	private final boolean localMatched, remoteMatched;
+	@Nullable
+	private final String contactName;
+
+	public InvitationState(int localInvitationCode, int remoteInvitationCode,
+			int localConfirmationCode, int remoteConfirmationCode,
+			boolean connected, boolean connectionFailed, boolean localCompared,
+			boolean remoteCompared, boolean localMatched,
+			boolean remoteMatched, @Nullable String contactName) {
+		this.localInvitationCode = localInvitationCode;
+		this.remoteInvitationCode = remoteInvitationCode;
+		this.localConfirmationCode = localConfirmationCode;
+		this.remoteConfirmationCode = remoteConfirmationCode;
+		this.connected = connected;
+		this.connectionFailed = connectionFailed;
+		this.localCompared = localCompared;
+		this.remoteCompared = remoteCompared;
+		this.localMatched = localMatched;
+		this.remoteMatched = remoteMatched;
+		this.contactName = contactName;
+	}
+
+	public int getLocalInvitationCode() {
+		return localInvitationCode;
+	}
+
+	public int getRemoteInvitationCode() {
+		return remoteInvitationCode;
+	}
+
+	public int getLocalConfirmationCode() {
+		return localConfirmationCode;
+	}
+
+	public int getRemoteConfirmationCode() {
+		return remoteConfirmationCode;
+	}
+
+	public boolean getConnected() {
+		return connected;
+	}
+
+	public boolean getConnectionFailed() {
+		return connectionFailed;
+	}
+
+	public boolean getLocalCompared() {
+		return localCompared;
+	}
+
+	public boolean getRemoteCompared() {
+		return remoteCompared;
+	}
+
+	public boolean getLocalMatched() {
+		return localMatched;
+	}
+
+	public boolean getRemoteMatched() {
+		return remoteMatched;
+	}
+
+	@Nullable
+	public String getContactName() {
+		return contactName;
+	}
+}

bramble-api/src/main/java/org/briarproject/bramble/api/invitation/InvitationTask.java

@@ -0,0 +1,38 @@
+package org.briarproject.bramble.api.invitation;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+/**
+ * A task for exchanging invitations with a remote peer.
+ */
+@NotNullByDefault
+public interface InvitationTask {
+
+	/**
+	 * Adds a listener to be informed of state changes and returns the
+	 * task's current state.
+	 */
+	InvitationState addListener(InvitationListener l);
+
+	/**
+	 * Removes the given listener.
+	 */
+	void removeListener(InvitationListener l);
+
+	/**
+	 * Asynchronously starts the connection process.
+	 */
+	void connect();
+
+	/**
+	 * Asynchronously informs the remote peer that the local peer's
+	 * confirmation codes matched.
+	 */
+	void localConfirmationSucceeded();
+
+	/**
+	 * Asynchronously informs the remote peer that the local peer's
+	 * confirmation codes did not match.
+	 */
+	void localConfirmationFailed();
+}

bramble-api/src/main/java/org/briarproject/bramble/api/invitation/InvitationTaskFactory.java

@@ -0,0 +1,15 @@
+package org.briarproject.bramble.api.invitation;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+/**
+ * Creates tasks for exchanging invitations with remote peers.
+ */
+@NotNullByDefault
+public interface InvitationTaskFactory {
+
+	/**
+	 * Creates a task using the given local and remote invitation codes.
+	 */
+	InvitationTask createTask(int localCode, int remoteCode);
+}

bramble-api/src/main/java/org/briarproject/bramble/api/keyagreement/KeyAgreementConstants.java

@@ -3,9 +3,9 @@ package org.briarproject.bramble.api.keyagreement;
 public interface KeyAgreementConstants {
 
 	/**
-	 * The current version of the BQP protocol. Version number 89 is reserved.
+	 * The current version of the BQP protocol.
 	 */
-	byte PROTOCOL_VERSION = 4;
+	byte PROTOCOL_VERSION = 2;
 
 	/**
 	 * The length of the record header in bytes.
@@ -22,10 +22,7 @@ public interface KeyAgreementConstants {
 	 */
 	int COMMIT_LENGTH = 16;
 
-	/**
+	long CONNECTION_TIMEOUT = 20 * 1000; // Milliseconds
-	 * The connection timeout in milliseconds.
-	 */
-	long CONNECTION_TIMEOUT = 20 * 1000;
 
 	/**
 	 * The transport identifier for Bluetooth.
@@ -36,16 +33,4 @@ public interface KeyAgreementConstants {
 	 * The transport identifier for LAN.
 	 */
 	int TRANSPORT_ID_LAN = 1;
-
-	/**
-	 * Label for deriving the shared secret.
-	 */
-	String SHARED_SECRET_LABEL =
-			"org.briarproject.bramble.keyagreement/SHARED_SECRET";
-
-	/**
-	 * Label for deriving the master secret.
-	 */
-	String MASTER_SECRET_LABEL =
-			"org.briarproject.bramble.keyagreement/MASTER_SECRET";
 }

bramble-api/src/main/java/org/briarproject/bramble/api/keyagreement/KeyAgreementListener.java

@@ -2,7 +2,7 @@ package org.briarproject.bramble.api.keyagreement;
 
 import org.briarproject.bramble.api.data.BdfList;
 
-import java.io.IOException;
+import java.util.concurrent.Callable;
 
 /**
  * An class for managing a particular key agreement listener.
@@ -24,11 +24,11 @@ public abstract class KeyAgreementListener {
 	}
 
 	/**
-	 * Blocks until an incoming connection is received and returns it.
+	 * Starts listening for incoming connections, and returns a Callable that
-	 *
+	 * will return a KeyAgreementConnection when an incoming connection is
-	 * @throws IOException if an error occurs or {@link #close()} is called.
+	 * received.
 	 */
-	public abstract KeyAgreementConnection accept() throws IOException;
+	public abstract Callable<KeyAgreementConnection> listen();
 
 	/**
 	 * Closes the underlying server socket.

bramble-api/src/main/java/org/briarproject/bramble/api/keyagreement/KeyAgreementTaskFactory.java

@@ -0,0 +1,15 @@
+package org.briarproject.bramble.api.keyagreement;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+/**
+ * Manages tasks for conducting key agreements with remote peers.
+ */
+@NotNullByDefault
+public interface KeyAgreementTaskFactory {
+
+	/**
+	 * Gets the current key agreement task.
+	 */
+	KeyAgreementTask createTask();
+}

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/LanTcpConstants.java

@@ -4,10 +4,5 @@ public interface LanTcpConstants {
 
 	TransportId ID = new TransportId("org.briarproject.bramble.lan");
 
-	// a transport property (shared with contacts)
-	String PROP_IP_PORTS = "ipPorts";
-
-	// a local setting
 	String PREF_LAN_IP_PORTS = "ipPorts";
-
 }

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/PluginCallback.java

@@ -29,11 +29,6 @@ public interface PluginCallback {
 	 */
 	Map<ContactId, TransportProperties> getRemoteProperties();
 
-	/**
-	 * Returns the plugin's remote transport properties for the given contact.
-	 */
-	TransportProperties getRemoteProperties(ContactId c);
-
 	/**
 	 * Merges the given settings with the namespaced settings
 	 */

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/PluginManager.java

@@ -32,6 +32,11 @@ public interface PluginManager {
 	 */
 	Collection<DuplexPlugin> getDuplexPlugins();
 
+	/**
+	 * Returns any duplex plugins that support invitations.
+	 */
+	Collection<DuplexPlugin> getInvitationPlugins();
+
 	/**
 	 * Returns any duplex plugins that support key agreement.
 	 */

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/TorConstants.java

@@ -4,8 +4,6 @@ public interface TorConstants {
 
 	TransportId ID = new TransportId("org.briarproject.bramble.tor");
 
-	String PROP_ONION = "onion";
-
 	int SOCKS_PORT = 59050;
 	int CONTROL_PORT = 59051;
 
@@ -18,5 +16,4 @@ public interface TorConstants {
 	int PREF_TOR_NETWORK_NEVER = 0;
 	int PREF_TOR_NETWORK_WIFI = 1;
 	int PREF_TOR_NETWORK_ALWAYS = 2;
-
 }

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/duplex/AbstractBluetoothPlugin.java

@@ -0,0 +1,190 @@
+package org.briarproject.bramble.api.plugin.duplex;
+
+import org.briarproject.bramble.api.FormatException;
+import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.data.BdfList;
+import org.briarproject.bramble.api.plugin.Backoff;
+import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.plugin.duplex.DuplexPlugin;
+import org.briarproject.bramble.api.properties.TransportProperties;
+import org.briarproject.bramble.util.StringUtils;
+
+import static java.util.logging.Level.INFO;
+import static java.util.logging.Level.WARNING;
+import static org.briarproject.bramble.api.plugin.BluetoothConstants.ID;
+import static org.briarproject.bramble.api.plugin.BluetoothConstants.PROP_ADDRESS;
+import static org.briarproject.bramble.api.plugin.BluetoothConstants.PROP_UUID;
+import static org.briarproject.bramble.api.plugin.BluetoothConstants.UUID_BYTES;
+
+import java.io.IOException;
+import java.security.SecureRandom;
+import java.util.Collection;
+import java.util.Map;
+import java.util.UUID;
+import java.util.concurrent.Executor;
+import java.util.logging.Logger;
+
+import javax.annotation.Nullable;
+
+/**
+ * Created by Santiago Torres-Arias on 1/10/17.
+ */
+
+public abstract class AbstractBluetoothPlugin<C, S> implements DuplexPlugin {
+
+	private static final Logger LOG =
+			Logger.getLogger("Halp");
+
+	protected final Executor ioExecutor;
+	protected final SecureRandom secureRandom;
+	protected final Backoff backoff;
+	protected final int maxLatency;
+	protected final DuplexPluginCallback callback;
+	protected final S ss = null;
+
+	protected volatile boolean running = false;
+
+	protected Runnable pollRunnable = null;
+
+	public AbstractBluetoothPlugin(Executor ioExecutor,
+			SecureRandom secureRandom,
+			Backoff backoff, int maxLatency,
+			DuplexPluginCallback callback) {
+		this.ioExecutor = ioExecutor;
+		this.secureRandom = secureRandom;
+		this.backoff = backoff;
+		this.maxLatency = maxLatency;
+		this.callback = callback;
+	}
+
+	@Override
+	public boolean supportsInvitations() {
+		return true;
+	}
+
+	@Override
+	public boolean supportsKeyAgreement() {
+		return true;
+	}
+
+	@Override
+	public boolean isRunning() {
+		return running;
+	}
+
+	@Override
+	public boolean shouldPoll() {
+		return true;
+	}
+
+	@Override
+	public int getPollingInterval() {
+		return backoff.getPollingInterval();
+	}
+
+	protected String getUuid() {
+		String uuid = callback.getLocalProperties().get(PROP_UUID);
+		if (uuid == null) {
+			byte[] random = new byte[UUID_BYTES];
+			secureRandom.nextBytes(random);
+			uuid = UUID.nameUUIDFromBytes(random).toString();
+			TransportProperties p = new TransportProperties();
+			p.put(PROP_UUID, uuid);
+			callback.mergeLocalProperties(p);
+		}
+		return uuid;
+	}
+
+	@Override
+	public TransportId getId() {
+		return ID;
+	}
+
+	@Override
+	public int getMaxLatency() {
+		return maxLatency;
+	}
+
+	@Override
+	public int getMaxIdleTime() {
+		// Bluetooth detects dead connections so we don't need keepalives
+		return Integer.MAX_VALUE;
+	}
+
+	protected String parseAddress(BdfList descriptor) throws FormatException {
+		byte[] mac = descriptor.getRaw(1);
+		if (mac.length != 6) throw new FormatException();
+		return StringUtils.macToString(mac);
+	}
+
+	protected void tryToClose(@Nullable S ss) {
+		try {
+			if (ss != null) close(ss);
+		} catch (IOException e) {
+			if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
+		} finally {
+			callback.transportDisabled();
+		}
+	}
+
+	protected abstract void close(S ss) throws IOException;
+
+	public void stop() {
+		running = false;
+		tryToClose(ss);
+	}
+
+	@Override
+	public void poll(final Collection<ContactId> connected) {
+		if (!running) return;
+		backoff.increment();
+		// Try to connect to known devices in parallel
+		Map<ContactId, TransportProperties> remote =
+				callback.getRemoteProperties();
+		for (Map.Entry<ContactId, TransportProperties> e : remote.entrySet()) {
+			final ContactId c = e.getKey();
+			if (connected.contains(c)) continue;
+			final String address = e.getValue().get(PROP_ADDRESS);
+			if (StringUtils.isNullOrEmpty(address)) continue;
+			final String uuid = e.getValue().get(PROP_UUID);
+			if (StringUtils.isNullOrEmpty(uuid)) continue;
+			ioExecutor.execute(returnPollRunnable(address,uuid, c));
+		}
+	}
+
+	protected abstract Runnable returnPollRunnable(String address, String uuid,
+			ContactId c);
+
+	@Override
+	public DuplexTransportConnection createConnection(ContactId c) {
+		if (!isRunning()) return null;
+		TransportProperties p = callback.getRemoteProperties().get(c);
+		if (p == null) return null;
+		String address = p.get(PROP_ADDRESS);
+		if (StringUtils.isNullOrEmpty(address)) return null;
+		String uuid = p.get(PROP_UUID);
+		if (StringUtils.isNullOrEmpty(uuid)) return null;
+		return connectToAddress(address, uuid);
+	}
+
+	protected abstract DuplexTransportConnection connectToAddress(String address, String uuid);
+
+	@Override
+	public DuplexTransportConnection createKeyAgreementConnection(
+			byte[] commitment, BdfList descriptor, long timeout) {
+		if (!isRunning()) return null;
+		String address;
+		try {
+			address = parseAddress(descriptor);
+		} catch (FormatException e) {
+			LOG.info("Invalid address in key agreement descriptor");
+			return null;
+		}
+		// No truncation necessary because COMMIT_LENGTH = 16
+		String uuid = UUID.nameUUIDFromBytes(commitment).toString();
+		if (LOG.isLoggable(INFO))
+			LOG.info("Connecting to key agreement UUID " + uuid);
+		return connectToAddress(address, uuid);
+	}
+
+}

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/duplex/DuplexPlugin.java

@@ -1,6 +1,7 @@
 package org.briarproject.bramble.api.plugin.duplex;
 
 import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.crypto.PseudoRandom;
 import org.briarproject.bramble.api.data.BdfList;
 import org.briarproject.bramble.api.keyagreement.KeyAgreementListener;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
@@ -22,6 +23,20 @@ public interface DuplexPlugin extends Plugin {
 	@Nullable
 	DuplexTransportConnection createConnection(ContactId c);
 
+	/**
+	 * Returns true if the plugin supports exchanging invitations.
+	 */
+	boolean supportsInvitations();
+
+	/**
+	 * Attempts to create and return an invitation connection to the remote
+	 * peer. Returns null if no connection can be established within the given
+	 * time.
+	 */
+	@Nullable
+	DuplexTransportConnection createInvitationConnection(PseudoRandom r,
+			long timeout, boolean alice);
+
 	/**
 	 * Returns true if the plugin supports short-range key agreement.
 	 */
@@ -36,9 +51,9 @@ public interface DuplexPlugin extends Plugin {
 
 	/**
 	 * Attempts to connect to the remote peer specified in the given descriptor.
-	 * Returns null if no connection can be established.
+	 * Returns null if no connection can be established within the given time.
 	 */
 	@Nullable
 	DuplexTransportConnection createKeyAgreementConnection(
-			byte[] remoteCommitment, BdfList descriptor);
+			byte[] remoteCommitment, BdfList descriptor, long timeout);
 }

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/event/BluetoothEnabledEvent.java

@@ -1,15 +0,0 @@
-package org.briarproject.bramble.api.plugin.event;
-
-import org.briarproject.bramble.api.event.Event;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-
-import javax.annotation.concurrent.Immutable;
-
-/**
- * An event that informs the Bluetooth plugin that we have enabled the
- * Bluetooth adapter.
- */
-@Immutable
-@NotNullByDefault
-public class BluetoothEnabledEvent extends Event {
-}

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/event/DisableBluetoothEvent.java

@@ -1,15 +0,0 @@
-package org.briarproject.bramble.api.plugin.event;
-
-import org.briarproject.bramble.api.event.Event;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-
-import javax.annotation.concurrent.Immutable;
-
-/**
- * An event that asks the Bluetooth plugin to disable the Bluetooth adapter if
- * we previously enabled it.
- */
-@Immutable
-@NotNullByDefault
-public class DisableBluetoothEvent extends Event {
-}

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/event/EnableBluetoothEvent.java

@@ -1,14 +0,0 @@
-package org.briarproject.bramble.api.plugin.event;
-
-import org.briarproject.bramble.api.event.Event;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-
-import javax.annotation.concurrent.Immutable;
-
-/**
- * An event that asks the Bluetooth plugin to enable the Bluetooth adapter.
- */
-@Immutable
-@NotNullByDefault
-public class EnableBluetoothEvent extends Event {
-}

bramble-api/src/main/java/org/briarproject/bramble/api/properties/TransportPropertyManager.java

@@ -17,11 +17,6 @@ public interface TransportPropertyManager {
 	 */
 	ClientId CLIENT_ID = new ClientId("org.briarproject.briar.properties");
 
-	/**
-	 * The current version of the transport property client.
-	 */
-	int CLIENT_VERSION = 0;
-
 	/**
 	 * Stores the given properties received while adding a contact - they will
 	 * be superseded by any properties synced from the contact.
@@ -38,7 +33,7 @@ public interface TransportPropertyManager {
 	/**
 	 * Returns the local transport properties for all transports.
 	 * <br/>
-	 * TODO: Transaction can be read-only when code is simplified
+	 * Read-Only
 	 */
 	Map<TransportId, TransportProperties> getLocalProperties(Transaction txn)
 			throws DbException;
@@ -54,13 +49,6 @@ public interface TransportPropertyManager {
 	Map<ContactId, TransportProperties> getRemoteProperties(TransportId t)
 			throws DbException;
 
-	/**
-	 * Returns the remote transport properties for the given contact and
-	 * transport.
-	 */
-	TransportProperties getRemoteProperties(ContactId c, TransportId t)
-			throws DbException;
-
 	/**
 	 * Merges the given properties with the existing local properties for the
 	 * given transport.

bramble-api/src/main/java/org/briarproject/bramble/api/sync/ClientId.java

@@ -36,8 +36,4 @@ public class ClientId implements Comparable<ClientId> {
 		return id.hashCode();
 	}
 
-	@Override
-	public String toString() {
-		return id;
-	}
 }

bramble-api/src/main/java/org/briarproject/bramble/api/sync/GroupFactory.java

@@ -6,7 +6,7 @@ import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 public interface GroupFactory {
 
 	/**
-	 * Creates a group with the given client ID, client version and descriptor.
+	 * Creates a group with the given client ID and descriptor.
 	 */
-	Group createGroup(ClientId c, int clientVersion, byte[] descriptor);
+	Group createGroup(ClientId c, byte[] descriptor);
 }

bramble-api/src/main/java/org/briarproject/bramble/api/sync/GroupId.java

@@ -15,7 +15,7 @@ public class GroupId extends UniqueId {
 	/**
 	 * Label for hashing groups to calculate their identifiers.
 	 */
-	public static final String LABEL = "org.briarproject.bramble/GROUP_ID";
+	public static final String LABEL = "org.briarproject.bramble.GROUP_ID";
 
 	public GroupId(byte[] id) {
 		super(id);

bramble-api/src/main/java/org/briarproject/bramble/api/sync/MessageContext.java

@@ -22,7 +22,7 @@ public class MessageContext {
 	}
 
 	public MessageContext(Metadata metadata) {
-		this(metadata, Collections.emptyList());
+		this(metadata, Collections.<MessageId>emptyList());
 	}
 
 	public Metadata getMetadata() {

bramble-api/src/main/java/org/briarproject/bramble/api/sync/MessageId.java

@@ -16,7 +16,7 @@ public class MessageId extends UniqueId {
 	/**
 	 * Label for hashing messages to calculate their identifiers.
 	 */
-	public static final String LABEL = "org.briarproject.bramble/MESSAGE_ID";
+	public static final String LABEL = "org.briarproject.bramble.MESSAGE_ID";
 
 	public MessageId(byte[] id) {
 		super(id);

bramble-api/src/main/java/org/briarproject/bramble/api/transport/StreamReaderFactory.java

@@ -15,9 +15,9 @@ public interface StreamReaderFactory {
 	InputStream createStreamReader(InputStream in, StreamContext ctx);
 
 	/**
-	 * Creates an {@link InputStream InputStream} for reading from a contact
+	 * Creates an {@link InputStream InputStream} for reading from an
-	 * exchangestream.
+	 * invitation stream.
 	 */
-	InputStream createContactExchangeStreamReader(InputStream in,
+	InputStream createInvitationStreamReader(InputStream in,
 			SecretKey headerKey);
 }

bramble-api/src/main/java/org/briarproject/bramble/api/transport/StreamWriterFactory.java

@@ -15,9 +15,9 @@ public interface StreamWriterFactory {
 	OutputStream createStreamWriter(OutputStream out, StreamContext ctx);
 
 	/**
-	 * Creates an {@link OutputStream OutputStream} for writing to a contact
+	 * Creates an {@link OutputStream OutputStream} for writing to an
-	 * exchange stream.
+	 * invitation stream.
 	 */
-	OutputStream createContactExchangeStreamWriter(OutputStream out,
+	OutputStream createInvitationStreamWriter(OutputStream out,
 			SecretKey headerKey);
 }

bramble-api/src/main/java/org/briarproject/bramble/api/transport/TransportConstants.java

@@ -4,11 +4,6 @@ import org.briarproject.bramble.api.crypto.SecretKey;
 
 public interface TransportConstants {
 
-	/**
-	 * The current version of the transport protocol.
-	 */
-	int PROTOCOL_VERSION = 4;
-
 	/**
 	 * The length of the pseudo-random tag in bytes.
 	 */
@@ -19,22 +14,21 @@ public interface TransportConstants {
 	 */
 	int STREAM_HEADER_NONCE_LENGTH = 24;
 
+	/**
+	 * The length of the stream header initialisation vector (IV) in bytes.
+	 */
+	int STREAM_HEADER_IV_LENGTH = STREAM_HEADER_NONCE_LENGTH - 8;
+
 	/**
 	 * The length of the message authentication code (MAC) in bytes.
 	 */
 	int MAC_LENGTH = 16;
 
-	/**
-	 * The length of the stream header plaintext in bytes. The stream header
-	 * contains the protocol version, stream number and frame key.
-	 */
-	int STREAM_HEADER_PLAINTEXT_LENGTH = 2 + 8 + SecretKey.LENGTH;
-
 	/**
 	 * The length of the stream header in bytes.
 	 */
-	int STREAM_HEADER_LENGTH = STREAM_HEADER_NONCE_LENGTH
+	int STREAM_HEADER_LENGTH = STREAM_HEADER_IV_LENGTH + SecretKey.LENGTH
-			+ STREAM_HEADER_PLAINTEXT_LENGTH + MAC_LENGTH;
+			+ MAC_LENGTH;
 
 	/**
 	 * The length of the frame nonce in bytes.
@@ -80,32 +74,4 @@ public interface TransportConstants {
 	 * The size of the reordering window.
 	 */
 	int REORDERING_WINDOW_SIZE = 32;
-
-	/**
-	 * Label for deriving Alice's initial tag key from the master secret.
-	 */
-	String ALICE_TAG_LABEL = "org.briarproject.bramble.transport/ALICE_TAG_KEY";
-
-	/**
-	 * Label for deriving Bob's initial tag key from the master secret.
-	 */
-	String BOB_TAG_LABEL = "org.briarproject.bramble.transport/BOB_TAG_KEY";
-
-	/**
-	 * Label for deriving Alice's initial header key from the master secret.
-	 */
-	String ALICE_HEADER_LABEL =
-			"org.briarproject.bramble.transport/ALICE_HEADER_KEY";
-
-	/**
-	 * Label for deriving Bob's initial header key from the master secret.
-	 */
-	String BOB_HEADER_LABEL =
-			"org.briarproject.bramble.transport/BOB_HEADER_KEY";
-
-	/**
-	 * Label for deriving the next period's key in key rotation.
-	 */
-	String ROTATE_LABEL = "org.briarproject.bramble.transport/ROTATE";
-
 }

bramble-api/src/main/java/org/briarproject/bramble/util/IoUtils.java

@@ -8,7 +8,6 @@ import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
-import java.net.Socket;
 
 import javax.annotation.Nullable;
 
@@ -60,24 +59,4 @@ public class IoUtils {
 			offset += read;
 		}
 	}
-
-	// Workaround for a bug in Android 7, see
-	// https://android-review.googlesource.com/#/c/271775/
-	public static InputStream getInputStream(Socket s) throws IOException {
-		try {
-			return s.getInputStream();
-		} catch (NullPointerException e) {
-			throw new IOException(e);
-		}
-	}
-
-	// Workaround for a bug in Android 7, see
-	// https://android-review.googlesource.com/#/c/271775/
-	public static OutputStream getOutputStream(Socket s) throws IOException {
-		try {
-			return s.getOutputStream();
-		} catch (NullPointerException e) {
-			throw new IOException(e);
-		}
-	}
 }

bramble-api/src/main/java/org/briarproject/bramble/util/PrivacyUtils.java

@@ -19,7 +19,7 @@ public class PrivacyUtils {
 
 	@Nullable
 	public static String scrubMacAddress(@Nullable String address) {
-		if (address == null || address.length() == 0) return null;
+		if (address == null) return null;
 		// this is a fake address we need to know about
 		if (address.equals("02:00:00:00:00:00")) return address;
 		// keep first and last octet of MAC address

bramble-api/src/main/java/org/briarproject/bramble/util/StringUtils.java

@@ -8,7 +8,6 @@ import java.nio.charset.CharacterCodingException;
 import java.nio.charset.Charset;
 import java.nio.charset.CharsetDecoder;
 import java.util.Collection;
-import java.util.Random;
 import java.util.regex.Pattern;
 
 import javax.annotation.Nullable;
@@ -28,7 +27,6 @@ public class StringUtils {
 			'0', '1', '2', '3', '4', '5', '6', '7',
 			'8', '9', 'A', 'B', 'C', 'D', 'E', 'F'
 	};
-	private static final Random random = new Random();
 
 	public static boolean isNullOrEmpty(@Nullable String s) {
 		return s == null || s.length() == 0;
@@ -126,10 +124,6 @@ public class StringUtils {
 		return toUtf8(s).length > maxLength;
 	}
 
-	public static boolean isValidMac(String mac) {
-		return MAC.matcher(mac).matches();
-	}
-
 	public static byte[] macToBytes(String mac) {
 		if (!MAC.matcher(mac).matches()) throw new IllegalArgumentException();
 		return fromHexString(mac.replaceAll(":", ""));
@@ -145,12 +139,4 @@ public class StringUtils {
 		}
 		return s.toString();
 	}
-
-	public static String getRandomString(int length) {
-		char[] c = new char[length];
-		for (int i = 0; i < length; i++)
-			c[i] = (char) ('a' + random.nextInt(26));
-		return new String(c);
-	}
-
 }

bramble-api/src/test/java/org/briarproject/bramble/test/BrambleMockTestCase.java

@@ -3,7 +3,8 @@ package org.briarproject.bramble.test;
 import org.jmock.Mockery;
 import org.junit.After;
 
-public abstract class BrambleMockTestCase extends BrambleTestCase {
+public abstract class BrambleMockTestCase extends
+		BrambleTestCase {
 
 	protected final Mockery context = new Mockery();
 

bramble-api/src/test/java/org/briarproject/bramble/test/BrambleTestCase.java

@@ -8,9 +8,12 @@ public abstract class BrambleTestCase {
 
 	public BrambleTestCase() {
 		// Ensure exceptions thrown on worker threads cause tests to fail
-		UncaughtExceptionHandler fail = (thread, throwable) -> {
+		UncaughtExceptionHandler fail = new UncaughtExceptionHandler() {
-			throwable.printStackTrace();
+			@Override
-			fail();
+			public void uncaughtException(Thread thread, Throwable throwable) {
+				throwable.printStackTrace();
+				fail();
+			}
 		};
 		Thread.setDefaultUncaughtExceptionHandler(fail);
 	}

bramble-api/src/test/java/org/briarproject/bramble/test/TestUtils.java

@@ -2,32 +2,12 @@ package org.briarproject.bramble.test;
 
 import org.briarproject.bramble.api.UniqueId;
 import org.briarproject.bramble.api.crypto.SecretKey;
-import org.briarproject.bramble.api.identity.Author;
-import org.briarproject.bramble.api.identity.AuthorId;
-import org.briarproject.bramble.api.identity.LocalAuthor;
-import org.briarproject.bramble.api.sync.ClientId;
-import org.briarproject.bramble.api.sync.Group;
-import org.briarproject.bramble.api.sync.GroupId;
-import org.briarproject.bramble.api.sync.Message;
-import org.briarproject.bramble.api.sync.MessageId;
 import org.briarproject.bramble.util.IoUtils;
 
 import java.io.File;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.List;
 import java.util.Random;
 import java.util.concurrent.atomic.AtomicInteger;
 
-import static org.briarproject.bramble.api.identity.Author.FORMAT_VERSION;
-import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_AUTHOR_NAME_LENGTH;
-import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_PUBLIC_KEY_LENGTH;
-import static org.briarproject.bramble.api.sync.SyncConstants.MAX_GROUP_DESCRIPTOR_LENGTH;
-import static org.briarproject.bramble.api.sync.SyncConstants.MAX_MESSAGE_BODY_LENGTH;
-import static org.briarproject.bramble.api.sync.SyncConstants.MESSAGE_HEADER_LENGTH;
-import static org.briarproject.bramble.util.StringUtils.getRandomString;
-
 public class TestUtils {
 
 	private static final AtomicInteger nextTestDir =
@@ -54,89 +34,15 @@ public class TestUtils {
 		return getRandomBytes(UniqueId.LENGTH);
 	}
 
+	public static String getRandomString(int length) {
+		char[] c = new char[length];
+		for (int i = 0; i < length; i++)
+			c[i] = (char) ('a' + random.nextInt(26));
+		return new String(c);
+	}
+
 	public static SecretKey getSecretKey() {
 		return new SecretKey(getRandomBytes(SecretKey.LENGTH));
 	}
 
-	public static LocalAuthor getLocalAuthor() {
-		return getLocalAuthor(1 + random.nextInt(MAX_AUTHOR_NAME_LENGTH));
-	}
-
-	public static LocalAuthor getLocalAuthor(int nameLength) {
-		AuthorId id = new AuthorId(getRandomId());
-		String name = getRandomString(nameLength);
-		byte[] publicKey = getRandomBytes(MAX_PUBLIC_KEY_LENGTH);
-		byte[] privateKey = getRandomBytes(MAX_PUBLIC_KEY_LENGTH);
-		long created = System.currentTimeMillis();
-		return new LocalAuthor(id, FORMAT_VERSION, name, publicKey, privateKey,
-				created);
-	}
-
-	public static Author getAuthor() {
-		return getAuthor(1 + random.nextInt(MAX_AUTHOR_NAME_LENGTH));
-	}
-
-	public static Author getAuthor(int nameLength) {
-		AuthorId id = new AuthorId(getRandomId());
-		String name = getRandomString(nameLength);
-		byte[] publicKey = getRandomBytes(MAX_PUBLIC_KEY_LENGTH);
-		return new Author(id, FORMAT_VERSION, name, publicKey);
-	}
-
-	public static Group getGroup(ClientId clientId) {
-		int descriptorLength = 1 + random.nextInt(MAX_GROUP_DESCRIPTOR_LENGTH);
-		return getGroup(clientId, descriptorLength);
-	}
-
-	public static Group getGroup(ClientId clientId, int descriptorLength) {
-		GroupId groupId = new GroupId(getRandomId());
-		byte[] descriptor = getRandomBytes(descriptorLength);
-		return new Group(groupId, clientId, descriptor);
-	}
-
-	public static Message getMessage(GroupId groupId) {
-		int bodyLength = 1 + random.nextInt(MAX_MESSAGE_BODY_LENGTH);
-		return getMessage(groupId, MESSAGE_HEADER_LENGTH + bodyLength);
-	}
-
-	public static Message getMessage(GroupId groupId, int rawLength) {
-		MessageId id = new MessageId(getRandomId());
-		byte[] raw = getRandomBytes(rawLength);
-		long timestamp = System.currentTimeMillis();
-		return new Message(id, groupId, timestamp, raw);
-	}
-
-	public static double getMedian(Collection<? extends Number> samples) {
-		int size = samples.size();
-		if (size == 0) throw new IllegalArgumentException();
-		List<Double> sorted = new ArrayList<>(size);
-		for (Number n : samples) sorted.add(n.doubleValue());
-		Collections.sort(sorted);
-		if (size % 2 == 1) return sorted.get(size / 2);
-		double low = sorted.get(size / 2 - 1), high = sorted.get(size / 2);
-		return (low + high) / 2;
-	}
-
-	public static double getMean(Collection<? extends Number> samples) {
-		if (samples.isEmpty()) throw new IllegalArgumentException();
-		double sum = 0;
-		for (Number n : samples) sum += n.doubleValue();
-		return sum / samples.size();
-	}
-
-	public static double getVariance(Collection<? extends Number> samples) {
-		if (samples.size() < 2) throw new IllegalArgumentException();
-		double mean = getMean(samples);
-		double sumSquareDiff = 0;
-		for (Number n : samples) {
-			double diff = n.doubleValue() - mean;
-			sumSquareDiff += diff * diff;
-		}
-		return sumSquareDiff / (samples.size() - 1);
-	}
-
-	public static double getStandardDeviation(
-			Collection<? extends Number> samples) {
-		return Math.sqrt(getVariance(samples));
-	}
 }

bramble-core/build.gradle

@@ -1,60 +1,26 @@
-apply plugin: 'java-library'
+plugins {
-sourceCompatibility = 1.8
+	id "java"
-targetCompatibility = 1.8
+	id "net.ltgt.apt" version "0.9"
+	id "idea"
+}
+sourceCompatibility = 1.6
+targetCompatibility = 1.6
 
-apply plugin: 'net.ltgt.apt'
-apply plugin: 'idea'
 apply plugin: 'witness'
 
 dependencies {
-	implementation project(path: ':bramble-api', configuration: 'default')
+	compile project(':bramble-api')
-	implementation 'com.madgag.spongycastle:core:1.58.0.0'
+	compile fileTree(dir: 'libs', include: '*.jar')
-	implementation 'com.h2database:h2:1.4.192' // The last version that supports Java 1.6
+	compile 'com.madgag.spongycastle:core:1.54.0.0'
-	implementation 'org.bitlet:weupnp:0.1.4'
+	compile 'com.h2database:h2:1.4.190'
-	implementation 'net.i2p.crypto:eddsa:0.2.0'
-	implementation 'org.whispersystems:curve25519-java:0.4.1'
 
-	apt 'com.google.dagger:dagger-compiler:2.0.2'
+	testCompile project(path: ':bramble-api', configuration: 'testOutput')
-
-	testImplementation project(path: ':bramble-api', configuration: 'testOutput')
-	testImplementation 'org.hsqldb:hsqldb:2.3.5' // The last version that supports Java 1.6
-	testImplementation 'junit:junit:4.12'
-	testImplementation "org.jmock:jmock:2.8.2"
-	testImplementation "org.jmock:jmock-junit4:2.8.2"
-	testImplementation "org.jmock:jmock-legacy:2.8.2"
-	testImplementation "org.hamcrest:hamcrest-library:1.3"
-	testImplementation "org.hamcrest:hamcrest-core:1.3"
-
-	testApt 'com.google.dagger:dagger-compiler:2.0.2'
 }
 
 dependencyVerification {
 	verify = [
-			'cglib:cglib:3.2.0:cglib-3.2.0.jar:adb13bab79712ad6bdf1bd59f2a3918018a8016e722e8a357065afb9e6690861',
+			'com.madgag.spongycastle:core:1e7fa4b19ccccd1011364ab838d0b4702470c178bbbdd94c5c90b2d4d749ea1e',
-			'com.google.code.findbugs:jsr305:3.0.2:jsr305-3.0.2.jar:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7',
+			'com.h2database:h2:23ba495a07bbbb3bd6c3084d10a96dad7a23741b8b6d64b213459a784195a98c'
-			'com.google.dagger:dagger-compiler:2.0.2:dagger-compiler-2.0.2.jar:b74bc9de063dd4c6400b232231f2ef5056145b8fbecbf5382012007dd1c071b3',
-			'com.google.dagger:dagger-producers:2.0-beta:dagger-producers-2.0-beta.jar:99ec15e8a0507ba569e7655bc1165ee5e5ca5aa914b3c8f7e2c2458f724edd6b',
-			'com.google.dagger:dagger:2.0.2:dagger-2.0.2.jar:84c0282ed8be73a29e0475d639da030b55dee72369e58dd35ae7d4fe6243dcf9',
-			'com.google.guava:guava:18.0:guava-18.0.jar:d664fbfc03d2e5ce9cab2a44fb01f1d0bf9dfebeccc1a473b1f9ea31f79f6f99',
-			'com.h2database:h2:1.4.192:h2-1.4.192.jar:225b22e9857235c46c93861410b60b8c81c10dc8985f4faf188985ba5445126c',
-			'com.madgag.spongycastle:core:1.58.0.0:core-1.58.0.0.jar:199617dd5698c5a9312b898c0a4cec7ce9dd8649d07f65d91629f58229d72728',
-			'javax.inject:javax.inject:1:javax.inject-1.jar:91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff',
-			'junit:junit:4.12:junit-4.12.jar:59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a',
-			'net.i2p.crypto:eddsa:0.2.0:eddsa-0.2.0.jar:a7cb1b85c16e2f0730b9204106929a1d9aaae1df728adc7041a8b8b605692140',
-			'org.apache.ant:ant-launcher:1.9.4:ant-launcher-1.9.4.jar:7bccea20b41801ca17bcbc909a78c835d0f443f12d639c77bd6ae3d05861608d',
-			'org.apache.ant:ant:1.9.4:ant-1.9.4.jar:649ae0730251de07b8913f49286d46bba7b92d47c5f332610aa426c4f02161d8',
-			'org.beanshell:bsh:1.3.0:bsh-1.3.0.jar:9b04edc75d19db54f1b4e8b5355e9364384c6cf71eb0a1b9724c159d779879f8',
-			'org.bitlet:weupnp:0.1.4:weupnp-0.1.4.jar:88df7e6504929d00bdb832863761385c68ab92af945b04f0770b126270a444fb',
-			'org.hamcrest:hamcrest-core:1.3:hamcrest-core-1.3.jar:66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9',
-			'org.hamcrest:hamcrest-library:1.3:hamcrest-library-1.3.jar:711d64522f9ec410983bd310934296da134be4254a125080a0416ec178dfad1c',
-			'org.hsqldb:hsqldb:2.3.5:hsqldb-2.3.5.jar:6676a6977ac98997a80f827ddbd3fe8ca1e0853dad1492512135fd1a222ccfad',
-			'org.jmock:jmock-junit4:2.8.2:jmock-junit4-2.8.2.jar:f7ee4df4f7bd7b7f1cafad3b99eb74d579f109d5992ff625347352edb55e674c',
-			'org.jmock:jmock-legacy:2.8.2:jmock-legacy-2.8.2.jar:f2b985a5c08a9edb7f37612330c058809da3f6a6d63ce792426ebf8ff0d6d31b',
-			'org.jmock:jmock-testjar:2.8.2:jmock-testjar-2.8.2.jar:8900860f72c474e027cf97fe78dcbf154a1aa7fc62b6845c5fb4e4f3c7bc8760',
-			'org.jmock:jmock:2.8.2:jmock-2.8.2.jar:6c73cb4a2e6dbfb61fd99c9a768539c170ab6568e57846bd60dbf19596b65b16',
-			'org.objenesis:objenesis:2.1:objenesis-2.1.jar:c74330cc6b806c804fd37e74487b4fe5d7c2750c5e15fbc6efa13bdee1bdef80',
-			'org.ow2.asm:asm:5.0.4:asm-5.0.4.jar:896618ed8ae62702521a78bc7be42b7c491a08e6920a15f89a3ecdec31e9a220',
-			'org.whispersystems:curve25519-java:0.4.1:curve25519-java-0.4.1.jar:7dd659d8822c06c3aea1a47f18fac9e5761e29cab8100030b877db445005f03e',
 	]
 }
 
@@ -69,8 +35,3 @@ task jarTest(type: Jar, dependsOn: testClasses) {
 artifacts {
 	testOutput jarTest
 }
-
-// If a Java 6 JRE is available, check we're not using any Java 7 or 8 APIs
-tasks.withType(JavaCompile) {
-	useJava6StandardLibrary(it)
-}

bramble-core/src/main/java/org/briarproject/bramble/BrambleCoreModule.java

@@ -8,6 +8,7 @@ import org.briarproject.bramble.db.DatabaseExecutorModule;
 import org.briarproject.bramble.db.DatabaseModule;
 import org.briarproject.bramble.event.EventModule;
 import org.briarproject.bramble.identity.IdentityModule;
+import org.briarproject.bramble.invitation.InvitationModule;
 import org.briarproject.bramble.keyagreement.KeyAgreementModule;
 import org.briarproject.bramble.lifecycle.LifecycleModule;
 import org.briarproject.bramble.plugin.PluginModule;
@@ -31,6 +32,7 @@ import dagger.Module;
 		DatabaseExecutorModule.class,
 		EventModule.class,
 		IdentityModule.class,
+		InvitationModule.class,
 		KeyAgreementModule.class,
 		LifecycleModule.class,
 		PluginModule.class,
@@ -52,7 +54,6 @@ public class BrambleCoreModule {
 		c.inject(new IdentityModule.EagerSingletons());
 		c.inject(new LifecycleModule.EagerSingletons());
 		c.inject(new PluginModule.EagerSingletons());
-		c.inject(new PropertiesModule.EagerSingletons());
 		c.inject(new SyncModule.EagerSingletons());
 		c.inject(new SystemModule.EagerSingletons());
 		c.inject(new TransportModule.EagerSingletons());

bramble-core/src/main/java/org/briarproject/bramble/PoliteExecutor.java

@@ -24,7 +24,7 @@ public class PoliteExecutor implements Executor {
 
 	private final Object lock = new Object();
 	@GuardedBy("lock")
-	private final Queue<Runnable> queue = new LinkedList<>();
+	private final Queue<Runnable> queue = new LinkedList<Runnable>();
 	private final Executor delegate;
 	private final int maxConcurrentTasks;
 	private final Logger log;
@@ -48,17 +48,20 @@ public class PoliteExecutor implements Executor {
 	}
 
 	@Override
-	public void execute(Runnable r) {
+	public void execute(final Runnable r) {
-		long submitted = System.currentTimeMillis();
+		final long submitted = System.currentTimeMillis();
-		Runnable wrapped = () -> {
+		Runnable wrapped = new Runnable() {
-			if (log.isLoggable(LOG_LEVEL)) {
+			@Override
-				long queued = System.currentTimeMillis() - submitted;
+			public void run() {
-				log.log(LOG_LEVEL, "Queue time " + queued + " ms");
+				if (log.isLoggable(LOG_LEVEL)) {
-			}
+					long queued = System.currentTimeMillis() - submitted;
-			try {
+					log.log(LOG_LEVEL, "Queue time " + queued + " ms");
-				r.run();
+				}
-			} finally {
+				try {
-				scheduleNext();
+					r.run();
+				} finally {
+					scheduleNext();
+				}
 			}
 		};
 		synchronized (lock) {

bramble-core/src/main/java/org/briarproject/bramble/TimeLoggingExecutor.java

@@ -28,16 +28,19 @@ public class TimeLoggingExecutor extends ThreadPoolExecutor {
 	}
 
 	@Override
-	public void execute(Runnable r) {
+	public void execute(final Runnable r) {
 		if (log.isLoggable(LOG_LEVEL)) {
-			long submitted = System.currentTimeMillis();
+			final long submitted = System.currentTimeMillis();
-			super.execute(() -> {
+			super.execute(new Runnable() {
-				long started = System.currentTimeMillis();
+				@Override
-				long queued = started - submitted;
+				public void run() {
-				log.log(LOG_LEVEL, "Queue time " + queued + " ms");
+					long started = System.currentTimeMillis();
-				r.run();
+					long queued = started - submitted;
-				long executing = System.currentTimeMillis() - started;
+					log.log(LOG_LEVEL, "Queue time " + queued + " ms");
-				log.log(LOG_LEVEL, "Execution time " + executing + " ms");
+					r.run();
+					long executing = System.currentTimeMillis() - started;
+					log.log(LOG_LEVEL, "Execution time " + executing + " ms");
+				}
 			});
 		} else {
 			super.execute(r);

bramble-core/src/main/java/org/briarproject/bramble/client/ClientHelperImpl.java

@@ -15,8 +15,6 @@ import org.briarproject.bramble.api.db.DatabaseComponent;
 import org.briarproject.bramble.api.db.DbException;
 import org.briarproject.bramble.api.db.Metadata;
 import org.briarproject.bramble.api.db.Transaction;
-import org.briarproject.bramble.api.identity.Author;
-import org.briarproject.bramble.api.identity.AuthorFactory;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.sync.GroupId;
 import org.briarproject.bramble.api.sync.Message;
@@ -34,12 +32,7 @@ import java.util.Map.Entry;
 import javax.annotation.concurrent.Immutable;
 import javax.inject.Inject;
 
-import static org.briarproject.bramble.api.identity.Author.FORMAT_VERSION;
-import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_AUTHOR_NAME_LENGTH;
-import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_PUBLIC_KEY_LENGTH;
 import static org.briarproject.bramble.api.sync.SyncConstants.MESSAGE_HEADER_LENGTH;
-import static org.briarproject.bramble.util.ValidationUtils.checkLength;
-import static org.briarproject.bramble.util.ValidationUtils.checkSize;
 
 @Immutable
 @NotNullByDefault
@@ -58,14 +51,12 @@ class ClientHelperImpl implements ClientHelper {
 	private final MetadataParser metadataParser;
 	private final MetadataEncoder metadataEncoder;
 	private final CryptoComponent crypto;
-	private final AuthorFactory authorFactory;
 
 	@Inject
 	ClientHelperImpl(DatabaseComponent db, MessageFactory messageFactory,
 			BdfReaderFactory bdfReaderFactory,
 			BdfWriterFactory bdfWriterFactory, MetadataParser metadataParser,
-			MetadataEncoder metadataEncoder, CryptoComponent crypto,
+			MetadataEncoder metadataEncoder, CryptoComponent crypto) {
-			AuthorFactory authorFactory) {
 		this.db = db;
 		this.messageFactory = messageFactory;
 		this.bdfReaderFactory = bdfReaderFactory;
@@ -73,7 +64,6 @@ class ClientHelperImpl implements ClientHelper {
 		this.metadataParser = metadataParser;
 		this.metadataEncoder = metadataEncoder;
 		this.crypto = crypto;
-		this.authorFactory = authorFactory;
 	}
 
 	@Override
@@ -211,7 +201,8 @@ class ClientHelperImpl implements ClientHelper {
 	public Map<MessageId, BdfDictionary> getMessageMetadataAsDictionary(
 			Transaction txn, GroupId g) throws DbException, FormatException {
 		Map<MessageId, Metadata> raw = db.getMessageMetadata(txn, g);
-		Map<MessageId, BdfDictionary> parsed = new HashMap<>(raw.size());
+		Map<MessageId, BdfDictionary> parsed =
+				new HashMap<MessageId, BdfDictionary>(raw.size());
 		for (Entry<MessageId, Metadata> e : raw.entrySet())
 			parsed.put(e.getKey(), metadataParser.parse(e.getValue()));
 		return parsed;
@@ -238,7 +229,8 @@ class ClientHelperImpl implements ClientHelper {
 			FormatException {
 		Metadata metadata = metadataEncoder.encode(query);
 		Map<MessageId, Metadata> raw = db.getMessageMetadata(txn, g, metadata);
-		Map<MessageId, BdfDictionary> parsed = new HashMap<>(raw.size());
+		Map<MessageId, BdfDictionary> parsed =
+				new HashMap<MessageId, BdfDictionary>(raw.size());
 		for (Entry<MessageId, Metadata> e : raw.entrySet())
 			parsed.put(e.getKey(), metadataParser.parse(e.getValue()));
 		return parsed;
@@ -351,11 +343,6 @@ class ClientHelperImpl implements ClientHelper {
 				raw.length - MESSAGE_HEADER_LENGTH);
 	}
 
-	@Override
-	public BdfList toList(Author a) {
-		return BdfList.of(a.getFormatVersion(), a.getName(), a.getPublicKey());
-	}
-
 	@Override
 	public byte[] sign(String label, BdfList toSign, byte[] privateKey)
 			throws FormatException, GeneralSecurityException {
@@ -370,16 +357,4 @@ class ClientHelperImpl implements ClientHelper {
 		}
 	}
 
-	@Override
-	public Author parseAndValidateAuthor(BdfList author)
-			throws FormatException {
-		checkSize(author, 3);
-		int formatVersion = author.getLong(0).intValue();
-		if (formatVersion != FORMAT_VERSION) throw new FormatException();
-		String name = author.getString(1);
-		checkLength(name, 1, MAX_AUTHOR_NAME_LENGTH);
-		byte[] publicKey = author.getRaw(2);
-		checkLength(publicKey, 1, MAX_PUBLIC_KEY_LENGTH);
-		return authorFactory.createAuthor(formatVersion, name, publicKey);
-	}
 }

bramble-core/src/main/java/org/briarproject/bramble/client/ClientModule.java

@@ -2,6 +2,14 @@ package org.briarproject.bramble.client;
 
 import org.briarproject.bramble.api.client.ClientHelper;
 import org.briarproject.bramble.api.client.ContactGroupFactory;
+import org.briarproject.bramble.api.crypto.CryptoComponent;
+import org.briarproject.bramble.api.data.BdfReaderFactory;
+import org.briarproject.bramble.api.data.BdfWriterFactory;
+import org.briarproject.bramble.api.data.MetadataEncoder;
+import org.briarproject.bramble.api.data.MetadataParser;
+import org.briarproject.bramble.api.db.DatabaseComponent;
+import org.briarproject.bramble.api.sync.GroupFactory;
+import org.briarproject.bramble.api.sync.MessageFactory;
 
 import dagger.Module;
 import dagger.Provides;
@@ -10,14 +18,19 @@ import dagger.Provides;
 public class ClientModule {
 
 	@Provides
-	ClientHelper provideClientHelper(ClientHelperImpl clientHelper) {
+	ClientHelper provideClientHelper(DatabaseComponent db,
-		return clientHelper;
+			MessageFactory messageFactory, BdfReaderFactory bdfReaderFactory,
+			BdfWriterFactory bdfWriterFactory, MetadataParser metadataParser,
+			MetadataEncoder metadataEncoder, CryptoComponent cryptoComponent) {
+		return new ClientHelperImpl(db, messageFactory, bdfReaderFactory,
+				bdfWriterFactory, metadataParser, metadataEncoder,
+				cryptoComponent);
 	}
 
 	@Provides
-	ContactGroupFactory provideContactGroupFactory(
+	ContactGroupFactory provideContactGroupFactory(GroupFactory groupFactory,
-			ContactGroupFactoryImpl contactGroupFactory) {
+			ClientHelper clientHelper) {
-		return contactGroupFactory;
+		return new ContactGroupFactoryImpl(groupFactory, clientHelper);
 	}
 
 }

bramble-core/src/main/java/org/briarproject/bramble/client/ContactGroupFactoryImpl.java

@@ -32,25 +32,23 @@ class ContactGroupFactoryImpl implements ContactGroupFactory {
 	}
 
 	@Override
-	public Group createLocalGroup(ClientId clientId, int clientVersion) {
+	public Group createLocalGroup(ClientId clientId) {
-		return groupFactory.createGroup(clientId, clientVersion,
+		return groupFactory.createGroup(clientId, LOCAL_GROUP_DESCRIPTOR);
-				LOCAL_GROUP_DESCRIPTOR);
 	}
 
 	@Override
-	public Group createContactGroup(ClientId clientId, int clientVersion,
+	public Group createContactGroup(ClientId clientId, Contact contact) {
-			Contact contact) {
 		AuthorId local = contact.getLocalAuthorId();
 		AuthorId remote = contact.getAuthor().getId();
 		byte[] descriptor = createGroupDescriptor(local, remote);
-		return groupFactory.createGroup(clientId, clientVersion, descriptor);
+		return groupFactory.createGroup(clientId, descriptor);
 	}
 
 	@Override
-	public Group createContactGroup(ClientId clientId, int clientVersion,
+	public Group createContactGroup(ClientId clientId, AuthorId authorId1,
-			AuthorId authorId1, AuthorId authorId2) {
+			AuthorId authorId2) {
 		byte[] descriptor = createGroupDescriptor(authorId1, authorId2);
-		return groupFactory.createGroup(clientId, clientVersion, descriptor);
+		return groupFactory.createGroup(clientId, descriptor);
 	}
 
 	private byte[] createGroupDescriptor(AuthorId local, AuthorId remote) {

bramble-core/src/main/java/org/briarproject/bramble/contact/ContactExchangeTaskImpl.java

@@ -43,7 +43,6 @@ import javax.inject.Inject;
 
 import static java.util.logging.Level.INFO;
 import static java.util.logging.Level.WARNING;
-import static org.briarproject.bramble.api.identity.Author.FORMAT_VERSION;
 import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_AUTHOR_NAME_LENGTH;
 import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_PUBLIC_KEY_LENGTH;
 import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_SIGNATURE_LENGTH;
@@ -81,7 +80,7 @@ class ContactExchangeTaskImpl extends Thread implements ContactExchangeTask {
 	private volatile boolean alice;
 
 	@Inject
-	ContactExchangeTaskImpl(DatabaseComponent db,
+	public ContactExchangeTaskImpl(DatabaseComponent db,
 			AuthorFactory authorFactory, BdfReaderFactory bdfReaderFactory,
 			BdfWriterFactory bdfWriterFactory, Clock clock,
 			ConnectionManager connectionManager, ContactManager contactManager,
@@ -142,27 +141,23 @@ class ContactExchangeTaskImpl extends Thread implements ContactExchangeTask {
 		}
 
 		// Derive the header keys for the transport streams
-		SecretKey aliceHeaderKey = crypto.deriveKey(ALICE_KEY_LABEL,
+		SecretKey aliceHeaderKey = crypto.deriveHeaderKey(masterSecret, true);
-				masterSecret, new byte[] {PROTOCOL_VERSION});
+		SecretKey bobHeaderKey = crypto.deriveHeaderKey(masterSecret, false);
-		SecretKey bobHeaderKey = crypto.deriveKey(BOB_KEY_LABEL, masterSecret,
-				new byte[] {PROTOCOL_VERSION});
 
 		// Create the readers
 		InputStream streamReader =
-				streamReaderFactory.createContactExchangeStreamReader(in,
+				streamReaderFactory.createInvitationStreamReader(in,
 						alice ? bobHeaderKey : aliceHeaderKey);
 		BdfReader r = bdfReaderFactory.createReader(streamReader);
 		// Create the writers
 		OutputStream streamWriter =
-				streamWriterFactory.createContactExchangeStreamWriter(out,
+				streamWriterFactory.createInvitationStreamWriter(out,
 						alice ? aliceHeaderKey : bobHeaderKey);
 		BdfWriter w = bdfWriterFactory.createWriter(streamWriter);
 
 		// Derive the nonces to be signed
-		byte[] aliceNonce = crypto.mac(ALICE_NONCE_LABEL, masterSecret,
+		byte[] aliceNonce = crypto.deriveSignatureNonce(masterSecret, true);
-				new byte[] {PROTOCOL_VERSION});
+		byte[] bobNonce = crypto.deriveSignatureNonce(masterSecret, false);
-		byte[] bobNonce = crypto.mac(BOB_NONCE_LABEL, masterSecret,
-				new byte[] {PROTOCOL_VERSION});
 
 		// Exchange pseudonyms, signed nonces, and timestamps
 		long localTimestamp = clock.currentTimeMillis();
@@ -189,7 +184,12 @@ class ContactExchangeTaskImpl extends Thread implements ContactExchangeTask {
 			// Close the outgoing stream and expect EOF on the incoming stream
 			w.close();
 			if (!r.eof()) LOG.warning("Unexpected data at end of connection");
-		} catch (GeneralSecurityException | IOException e) {
+		} catch (GeneralSecurityException e) {
+			if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
+			listener.contactExchangeFailed();
+			tryToClose(conn, true);
+			return;
+		} catch (IOException e) {
 			if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
 			listener.contactExchangeFailed();
 			tryToClose(conn, true);
@@ -201,8 +201,8 @@ class ContactExchangeTaskImpl extends Thread implements ContactExchangeTask {
 
 		try {
 			// Add the contact
-			ContactId contactId = addContact(remoteAuthor, timestamp,
+			ContactId contactId = addContact(remoteAuthor, masterSecret,
-					remoteProperties);
+					timestamp, alice, remoteProperties);
 			// Reuse the connection as a transport connection
 			connectionManager.manageOutgoingConnection(contactId, transportId,
 					conn);
@@ -228,7 +228,6 @@ class ContactExchangeTaskImpl extends Thread implements ContactExchangeTask {
 
 		// Write the name, public key and signature
 		w.writeListStart();
-		w.writeLong(localAuthor.getFormatVersion());
 		w.writeString(localAuthor.getName());
 		w.writeRaw(localAuthor.getPublicKey());
 		w.writeRaw(sig);
@@ -238,16 +237,11 @@ class ContactExchangeTaskImpl extends Thread implements ContactExchangeTask {
 
 	private Author receivePseudonym(BdfReader r, byte[] nonce)
 			throws GeneralSecurityException, IOException {
-		// Read the format version, name, public key and signature
+		// Read the name, public key and signature
 		r.readListStart();
-		int formatVersion = (int) r.readLong();
-		if (formatVersion != FORMAT_VERSION) throw new FormatException();
 		String name = r.readString(MAX_AUTHOR_NAME_LENGTH);
-		if (name.isEmpty()) throw new FormatException();
 		byte[] publicKey = r.readRaw(MAX_PUBLIC_KEY_LENGTH);
-		if (publicKey.length == 0) throw new FormatException();
 		byte[] sig = r.readRaw(MAX_SIGNATURE_LENGTH);
-		if (sig.length == 0) throw new FormatException();
 		r.readListEnd();
 		LOG.info("Received pseudonym");
 		// Verify the signature
@@ -256,7 +250,7 @@ class ContactExchangeTaskImpl extends Thread implements ContactExchangeTask {
 				LOG.info("Invalid signature");
 			throw new GeneralSecurityException();
 		}
-		return authorFactory.createAuthor(formatVersion, name, publicKey);
+		return authorFactory.createAuthor(name, publicKey);
 	}
 
 	private void sendTimestamp(BdfWriter w, long timestamp)
@@ -282,7 +276,8 @@ class ContactExchangeTaskImpl extends Thread implements ContactExchangeTask {
 
 	private Map<TransportId, TransportProperties> receiveTransportProperties(
 			BdfReader r) throws IOException {
-		Map<TransportId, TransportProperties> remote = new HashMap<>();
+		Map<TransportId, TransportProperties> remote =
+				new HashMap<TransportId, TransportProperties>();
 		r.readListStart();
 		while (!r.hasListEnd()) {
 			r.readListStart();
@@ -305,15 +300,15 @@ class ContactExchangeTaskImpl extends Thread implements ContactExchangeTask {
 		return remote;
 	}
 
-	private ContactId addContact(Author remoteAuthor, long timestamp,
+	private ContactId addContact(Author remoteAuthor, SecretKey master,
+			long timestamp, boolean alice,
 			Map<TransportId, TransportProperties> remoteProperties)
 			throws DbException {
 		ContactId contactId;
 		Transaction txn = db.startTransaction(false);
 		try {
 			contactId = contactManager.addContact(txn, remoteAuthor,
-					localAuthor.getId(), masterSecret, timestamp, alice,
+					localAuthor.getId(), master, timestamp, alice, true, true);
-					true, true);
 			transportPropertyManager.addRemoteProperties(txn, contactId,
 					remoteProperties);
 			db.commitTransaction(txn);
@@ -323,7 +318,8 @@ class ContactExchangeTaskImpl extends Thread implements ContactExchangeTask {
 		return contactId;
 	}
 
-	private void tryToClose(DuplexTransportConnection conn, boolean exception) {
+	private void tryToClose(DuplexTransportConnection conn,
+			boolean exception) {
 		try {
 			LOG.info("Closing connection");
 			conn.getReader().dispose(exception, true);

bramble-core/src/main/java/org/briarproject/bramble/contact/ContactManagerImpl.java

@@ -34,8 +34,8 @@ class ContactManagerImpl implements ContactManager {
 	ContactManagerImpl(DatabaseComponent db, KeyManager keyManager) {
 		this.db = db;
 		this.keyManager = keyManager;
-		addHooks = new CopyOnWriteArrayList<>();
+		addHooks = new CopyOnWriteArrayList<AddContactHook>();
-		removeHooks = new CopyOnWriteArrayList<>();
+		removeHooks = new CopyOnWriteArrayList<RemoveContactHook>();
 	}
 
 	@Override
@@ -125,7 +125,7 @@ class ContactManagerImpl implements ContactManager {
 		} finally {
 			db.endTransaction(txn);
 		}
-		List<Contact> active = new ArrayList<>(contacts.size());
+		List<Contact> active = new ArrayList<Contact>(contacts.size());
 		for (Contact c : contacts) if (c.isActive()) active.add(c);
 		return active;
 	}

bramble-core/src/main/java/org/briarproject/bramble/crypto/Blake2sDigest.java

@@ -0,0 +1,547 @@
+package org.briarproject.bramble.crypto;
+
+/*
+  The BLAKE2 cryptographic hash function was designed by Jean-
+  Philippe Aumasson, Samuel Neves, Zooko Wilcox-O'Hearn, and Christian
+  Winnerlein.
+
+  Reference Implementation and Description can be found at: https://blake2.net/
+  RFC: https://tools.ietf.org/html/rfc7693
+
+  This implementation does not support the Tree Hashing Mode.
+
+  For unkeyed hashing, developers adapting BLAKE2 to ASN.1 - based
+  message formats SHOULD use the OID tree at x = 1.3.6.1.4.1.1722.12.2.
+
+         Algorithm     | Target | Collision | Hash | Hash ASN.1 |
+            Identifier |  Arch  |  Security |  nn  | OID Suffix |
+        ---------------+--------+-----------+------+------------+
+         id-blake2s128 | 32-bit |   2**64   |  16  |   x.2.4    |
+         id-blake2s160 | 32-bit |   2**80   |  20  |   x.2.5    |
+         id-blake2s224 | 32-bit |   2**112  |  28  |   x.2.7    |
+         id-blake2s256 | 32-bit |   2**128  |  32  |   x.2.8    |
+        ---------------+--------+-----------+------+------------+
+
+  Based on the BouncyCastle implementation of BLAKE2b. License:
+
+  Copyright (c) 2000 - 2015 The Legion of the Bouncy Castle Inc.
+  (http://www.bouncycastle.org)
+
+  Permission is hereby granted, free of charge, to any person obtaining a copy
+  of this software and associated documentation files (the "Software"), to deal
+  in the Software without restriction, including without limitation the rights
+  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+  copies of the Software, and to permit persons to whom the Software is
+  furnished to do so, subject to the following conditions:
+
+  The above copyright notice and this permission notice shall be included in
+  all copies or substantial portions of the Software.
+
+  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+  SOFTWARE.
+ */
+
+import org.spongycastle.crypto.ExtendedDigest;
+import org.spongycastle.util.Arrays;
+
+/**
+ * Implementation of the cryptographic hash function BLAKE2s.
+ * <p/>
+ * BLAKE2s offers a built-in keying mechanism to be used directly
+ * for authentication ("Prefix-MAC") rather than a HMAC construction.
+ * <p/>
+ * BLAKE2s offers a built-in support for a salt for randomized hashing
+ * and a personal string for defining a unique hash function for each application.
+ * <p/>
+ * BLAKE2s is optimized for 32-bit platforms and produces digests of any size
+ * between 1 and 32 bytes.
+ */
+public class Blake2sDigest implements ExtendedDigest {
+	/** BLAKE2s Initialization Vector **/
+	private static final int blake2s_IV[] =
+			// Produced from the square root of primes 2, 3, 5, 7, 11, 13, 17, 19.
+			// The same as SHA-256 IV.
+			{
+					0x6a09e667, 0xbb67ae85, 0x3c6ef372,
+					0xa54ff53a, 0x510e527f, 0x9b05688c,
+					0x1f83d9ab, 0x5be0cd19
+			};
+
+	/** Message word permutations **/
+	private static final byte[][] blake2s_sigma =
+			{
+					{ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 },
+					{ 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 },
+					{ 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 },
+					{ 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 },
+					{ 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 },
+					{ 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 },
+					{ 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 },
+					{ 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 },
+					{ 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 },
+					{ 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0 }
+			};
+
+	private static final int ROUNDS = 10; // to use for Catenas H'
+	private static final int BLOCK_LENGTH_BYTES = 64;// bytes
+
+	// General parameters:
+	private int digestLength = 32; // 1- 32 bytes
+	private int keyLength = 0; // 0 - 32 bytes for keyed hashing for MAC
+	private byte[] salt = null;
+	private byte[] personalization = null;
+	private byte[] key = null;
+
+	// Tree hashing parameters:
+	// Because this class does not implement the Tree Hashing Mode,
+	// these parameters can be treated as constants (see init() function)
+	/*
+	 * private int fanout = 1; // 0-255
+	 * private int depth = 1; // 1 - 255
+	 * private int leafLength= 0;
+	 * private long nodeOffset = 0L;
+	 * private int nodeDepth = 0;
+	 * private int innerHashLength = 0;
+	 */
+
+	/**
+	 * Whenever this buffer overflows, it will be processed in the compress()
+	 * function. For performance issues, long messages will not use this buffer.
+	 */
+	private byte[] buffer = null;
+	/** Position of last inserted byte **/
+	private int bufferPos = 0;// a value from 0 up to BLOCK_LENGTH_BYTES
+
+	/** Internal state, in the BLAKE2 paper it is called v **/
+	private int[] internalState = new int[16];
+	/** State vector, in the BLAKE2 paper it is called h **/
+	private int[] chainValue = null;
+
+	// counter (counts bytes): Length up to 2^64 are supported
+	/** holds least significant bits of counter **/
+	private int t0 = 0;
+	/** holds most significant bits of counter **/
+	private int t1 = 0;
+	/** finalization flag, for last block: ~0 **/
+	private int f0 = 0;
+
+	// For Tree Hashing Mode, not used here:
+	// private long f1 = 0L; // finalization flag, for last node: ~0L
+
+	/**
+	 * BLAKE2s-256 for hashing.
+	 */
+	public Blake2sDigest() {
+		this(256);
+	}
+
+	public Blake2sDigest(Blake2sDigest digest) {
+		this.bufferPos = digest.bufferPos;
+		this.buffer = Arrays.clone(digest.buffer);
+		this.keyLength = digest.keyLength;
+		this.key = Arrays.clone(digest.key);
+		this.digestLength = digest.digestLength;
+		this.chainValue = Arrays.clone(digest.chainValue);
+		this.personalization = Arrays.clone(digest.personalization);
+	}
+
+	/**
+	 * BLAKE2s for hashing.
+	 *
+	 * @param digestBits the desired digest length in bits. Must be one of
+	 *                     [128, 160, 224, 256].
+	 */
+	public Blake2sDigest(int digestBits) {
+		if (digestBits != 128 && digestBits != 160 &&
+				digestBits != 224 && digestBits != 256) {
+			throw new IllegalArgumentException(
+					"BLAKE2s digest restricted to one of [128, 160, 224, 256]");
+		}
+		buffer = new byte[BLOCK_LENGTH_BYTES];
+		keyLength = 0;
+		digestLength = digestBits / 8;
+		init();
+	}
+
+	/**
+	 * BLAKE2s for authentication ("Prefix-MAC mode").
+	 * <p/>
+	 * After calling the doFinal() method, the key will remain to be used for
+	 * further computations of this instance. The key can be overwritten using
+	 * the clearKey() method.
+	 *
+	 * @param key a key up to 32 bytes or null
+	 */
+	public Blake2sDigest(byte[] key) {
+		buffer = new byte[BLOCK_LENGTH_BYTES];
+		if (key != null) {
+			if (key.length > 32) {
+				throw new IllegalArgumentException(
+						"Keys > 32 are not supported");
+			}
+			this.key = new byte[key.length];
+			System.arraycopy(key, 0, this.key, 0, key.length);
+
+			keyLength = key.length;
+			System.arraycopy(key, 0, buffer, 0, key.length);
+			bufferPos = BLOCK_LENGTH_BYTES; // zero padding
+		}
+		digestLength = 32;
+		init();
+	}
+
+	/**
+	 * BLAKE2s with key, required digest length, salt and personalization.
+	 * <p/>
+	 * After calling the doFinal() method, the key, the salt and the personal
+	 * string will remain and might be used for further computations with this
+	 * instance. The key can be overwritten using the clearKey() method, the
+	 * salt (pepper) can be overwritten using the clearSalt() method.
+	 *
+	 * @param key a key up to 32 bytes or null
+	 * @param digestBytes from 1 up to 32 bytes
+	 * @param salt 8 bytes or null
+	 * @param personalization 8 bytes or null
+	 */
+	public Blake2sDigest(byte[] key, int digestBytes, byte[] salt,
+			byte[] personalization) {
+		buffer = new byte[BLOCK_LENGTH_BYTES];
+		if (digestBytes < 1 || digestBytes > 32) {
+			throw new IllegalArgumentException(
+					"Invalid digest length (required: 1 - 32)");
+		}
+		digestLength = digestBytes;
+		if (salt != null) {
+			if (salt.length != 8) {
+				throw new IllegalArgumentException(
+						"Salt length must be exactly 8 bytes");
+			}
+			this.salt = new byte[8];
+			System.arraycopy(salt, 0, this.salt, 0, salt.length);
+		}
+		if (personalization != null) {
+			if (personalization.length != 8) {
+				throw new IllegalArgumentException(
+						"Personalization length must be exactly 8 bytes");
+			}
+			this.personalization = new byte[8];
+			System.arraycopy(personalization, 0, this.personalization, 0,
+					personalization.length);
+		}
+		if (key != null) {
+			if (key.length > 32) {
+				throw new IllegalArgumentException(
+						"Keys > 32 bytes are not supported");
+			}
+			this.key = new byte[key.length];
+			System.arraycopy(key, 0, this.key, 0, key.length);
+
+			keyLength = key.length;
+			System.arraycopy(key, 0, buffer, 0, key.length);
+			bufferPos = BLOCK_LENGTH_BYTES; // zero padding
+		}
+		init();
+	}
+
+	// initialize chainValue
+	private void init() {
+		if (chainValue == null) {
+			chainValue = new int[8];
+
+			chainValue[0] = blake2s_IV[0]
+					^ (digestLength | (keyLength << 8) | 0x1010000);
+			// 0x1010000 = ((fanout << 16) | (depth << 24));
+			// with fanout = 1; depth = 0;
+			chainValue[1] = blake2s_IV[1];// ^ leafLength; with leafLength = 0;
+			chainValue[2] = blake2s_IV[2];// ^ nodeOffset; with nodeOffset = 0;
+			chainValue[3] = blake2s_IV[3];// ^ ( (nodeOffset << 32) |
+			// (nodeDepth << 16) | (innerHashLength << 24) );
+			// with nodeDepth = 0; innerHashLength = 0;
+
+			chainValue[4] = blake2s_IV[4];
+			chainValue[5] = blake2s_IV[5];
+			if (salt != null) {
+				chainValue[4] ^= (bytes2int(salt, 0));
+				chainValue[5] ^= (bytes2int(salt, 4));
+			}
+
+			chainValue[6] = blake2s_IV[6];
+			chainValue[7] = blake2s_IV[7];
+			if (personalization != null) {
+				chainValue[6] ^= (bytes2int(personalization, 0));
+				chainValue[7] ^= (bytes2int(personalization, 4));
+			}
+		}
+	}
+
+	private void initializeInternalState() {
+		// initialize v:
+		System.arraycopy(chainValue, 0, internalState, 0, chainValue.length);
+		System.arraycopy(blake2s_IV, 0, internalState, chainValue.length, 4);
+		internalState[12] = t0 ^ blake2s_IV[4];
+		internalState[13] = t1 ^ blake2s_IV[5];
+		internalState[14] = f0 ^ blake2s_IV[6];
+		internalState[15] = blake2s_IV[7];// ^ f1 with f1 = 0
+	}
+
+	/**
+	 * Update the message digest with a single byte.
+	 *
+	 * @param b the input byte to be entered.
+	 */
+	public void update(byte b) {
+		int remainingLength; // left bytes of buffer
+
+		// process the buffer if full else add to buffer:
+		remainingLength = BLOCK_LENGTH_BYTES - bufferPos;
+		if (remainingLength == 0) { // full buffer
+			t0 += BLOCK_LENGTH_BYTES;
+			if (t0 == 0) { // if message > 2^32
+				t1++;
+			}
+			compress(buffer, 0);
+			Arrays.fill(buffer, (byte)0);// clear buffer
+			buffer[0] = b;
+			bufferPos = 1;
+		} else {
+			buffer[bufferPos] = b;
+			bufferPos++;
+		}
+	}
+
+	/**
+	 * Update the message digest with a block of bytes.
+	 *
+	 * @param message the byte array containing the data.
+	 * @param offset the offset into the byte array where the data starts.
+	 * @param len the length of the data.
+	 */
+	public void update(byte[] message, int offset, int len) {
+		if (message == null || len == 0)
+			return;
+
+		int remainingLength = 0; // left bytes of buffer
+
+		if (bufferPos != 0) { // commenced, incomplete buffer
+
+			// complete the buffer:
+			remainingLength = BLOCK_LENGTH_BYTES - bufferPos;
+			if (remainingLength < len) { // full buffer + at least 1 byte
+				System.arraycopy(message, offset, buffer, bufferPos,
+						remainingLength);
+				t0 += BLOCK_LENGTH_BYTES;
+				if (t0 == 0) { // if message > 2^32
+					t1++;
+				}
+				compress(buffer, 0);
+				bufferPos = 0;
+				Arrays.fill(buffer, (byte) 0);// clear buffer
+			} else {
+				System.arraycopy(message, offset, buffer, bufferPos, len);
+				bufferPos += len;
+				return;
+			}
+		}
+
+		// process blocks except last block (also if last block is full)
+		int messagePos;
+		int blockWiseLastPos = offset + len - BLOCK_LENGTH_BYTES;
+		for (messagePos = offset + remainingLength;
+				messagePos < blockWiseLastPos;
+				messagePos += BLOCK_LENGTH_BYTES) { // block wise 64 bytes
+			// without buffer:
+			t0 += BLOCK_LENGTH_BYTES;
+			if (t0 == 0) {
+				t1++;
+			}
+			compress(message, messagePos);
+		}
+
+		// fill the buffer with left bytes, this might be a full block
+		System.arraycopy(message, messagePos, buffer, 0, offset + len
+				- messagePos);
+		bufferPos += offset + len - messagePos;
+	}
+
+	/**
+	 * Close the digest, producing the final digest value. The doFinal() call
+	 * leaves the digest reset. Key, salt and personal string remain.
+	 *
+	 * @param out the array the digest is to be copied into.
+	 * @param outOffset the offset into the out array the digest is to start at.
+	 */
+	public int doFinal(byte[] out, int outOffset) {
+		f0 = 0xFFFFFFFF;
+		t0 += bufferPos;
+		// bufferPos may be < 64, so (t0 == 0) does not work
+		// for 2^32 < message length > 2^32 - 63
+		if ((t0 < 0) && (bufferPos > -t0)) {
+			t1++;
+		}
+		compress(buffer, 0);
+		Arrays.fill(buffer, (byte) 0);// Holds eventually the key if input is null
+		Arrays.fill(internalState, 0);
+
+		for (int i = 0; i < chainValue.length && (i * 4 < digestLength); i++) {
+			byte[] bytes = int2bytes(chainValue[i]);
+
+			if (i * 4 < digestLength - 4) {
+				System.arraycopy(bytes, 0, out, outOffset + i * 4, 4);
+			} else {
+				System.arraycopy(bytes, 0, out, outOffset + i * 4,
+						digestLength - (i * 4));
+			}
+		}
+
+		Arrays.fill(chainValue, 0);
+
+		reset();
+
+		return digestLength;
+	}
+
+	/**
+	 * Reset the digest back to its initial state. The key, the salt and the
+	 * personal string will remain for further computations.
+	 */
+	public void reset() {
+		bufferPos = 0;
+		f0 = 0;
+		t0 = 0;
+		t1 = 0;
+		chainValue = null;
+		if (key != null) {
+			Arrays.fill(buffer, (byte) 0);
+			System.arraycopy(key, 0, buffer, 0, key.length);
+			bufferPos = BLOCK_LENGTH_BYTES; // zero padding
+		}
+		init();
+	}
+
+	private void compress(byte[] message, int messagePos) {
+		initializeInternalState();
+
+		int[] m = new int[16];
+		for (int j = 0; j < 16; j++) {
+			m[j] = bytes2int(message, messagePos + j * 4);
+		}
+
+		for (int round = 0; round < ROUNDS; round++) {
+
+			// G apply to columns of internalState:m[blake2s_sigma[round][2 *
+			// blockPos]] /+1
+			G(m[blake2s_sigma[round][0]], m[blake2s_sigma[round][1]], 0, 4, 8,
+					12);
+			G(m[blake2s_sigma[round][2]], m[blake2s_sigma[round][3]], 1, 5, 9,
+					13);
+			G(m[blake2s_sigma[round][4]], m[blake2s_sigma[round][5]], 2, 6, 10,
+					14);
+			G(m[blake2s_sigma[round][6]], m[blake2s_sigma[round][7]], 3, 7, 11,
+					15);
+			// G apply to diagonals of internalState:
+			G(m[blake2s_sigma[round][8]], m[blake2s_sigma[round][9]], 0, 5, 10,
+					15);
+			G(m[blake2s_sigma[round][10]], m[blake2s_sigma[round][11]], 1, 6,
+					11, 12);
+			G(m[blake2s_sigma[round][12]], m[blake2s_sigma[round][13]], 2, 7,
+					8, 13);
+			G(m[blake2s_sigma[round][14]], m[blake2s_sigma[round][15]], 3, 4,
+					9, 14);
+		}
+
+		// update chain values:
+		for (int offset = 0; offset < chainValue.length; offset++) {
+			chainValue[offset] = chainValue[offset] ^ internalState[offset]
+					^ internalState[offset + 8];
+		}
+	}
+
+	private void G(int m1, int m2, int posA, int posB, int posC, int posD) {
+		internalState[posA] = internalState[posA] + internalState[posB] + m1;
+		internalState[posD] = rotr32(internalState[posD] ^ internalState[posA],
+				16);
+		internalState[posC] = internalState[posC] + internalState[posD];
+		internalState[posB] = rotr32(internalState[posB] ^ internalState[posC],
+				12);
+		internalState[posA] = internalState[posA] + internalState[posB] + m2;
+		internalState[posD] = rotr32(internalState[posD] ^ internalState[posA],
+				8);
+		internalState[posC] = internalState[posC] + internalState[posD];
+		internalState[posB] = rotr32(internalState[posB] ^ internalState[posC],
+				7);
+	}
+
+	private int rotr32(int x, int rot) {
+		return x >>> rot | (x << (32 - rot));
+	}
+
+	// convert one int value in byte array
+	// little-endian byte order!
+	private byte[] int2bytes(int intValue) {
+		return new byte[] {
+				(byte) intValue, (byte) (intValue >> 8),
+				(byte) (intValue >> 16), (byte) (intValue >> 24)
+		};
+	}
+
+	// little-endian byte order!
+	private int bytes2int(byte[] byteArray, int offset) {
+		return (((int) byteArray[offset] & 0xFF)
+				| (((int) byteArray[offset + 1] & 0xFF) << 8)
+				| (((int) byteArray[offset + 2] & 0xFF) << 16)
+				| (((int) byteArray[offset + 3] & 0xFF) << 24));
+	}
+
+	/**
+	 * Return the algorithm name.
+	 *
+	 * @return the algorithm name
+	 */
+	public String getAlgorithmName() {
+		return "BLAKE2s";
+	}
+
+	/**
+	 * Return the size in bytes of the digest produced by this message digest.
+	 *
+	 * @return the size in bytes of the digest produced by this message digest.
+	 */
+	public int getDigestSize() {
+		return digestLength;
+	}
+
+	/**
+	 * Return the size in bytes of the internal buffer the digest applies its
+	 * compression function to.
+	 *
+	 * @return byte length of the digest's internal buffer.
+	 */
+	public int getByteLength() {
+		return BLOCK_LENGTH_BYTES;
+	}
+
+	/**
+	 * Overwrite the key if it is no longer used (zeroization).
+	 */
+	public void clearKey() {
+		if (key != null) {
+			Arrays.fill(key, (byte) 0);
+			Arrays.fill(buffer,  (byte) 0);
+		}
+	}
+
+	/**
+	 * Overwrite the salt (pepper) if it is secret and no longer used
+	 * (zeroization).
+	 */
+	public void clearSalt() {
+		if (salt != null) {
+			Arrays.fill(salt, (byte) 0);
+		}
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/crypto/CryptoComponentImpl.java

@@ -1,59 +1,110 @@
 package org.briarproject.bramble.crypto;
 
-import net.i2p.crypto.eddsa.EdDSAPrivateKey;
-import net.i2p.crypto.eddsa.EdDSAPublicKey;
-import net.i2p.crypto.eddsa.KeyPairGenerator;
-
 import org.briarproject.bramble.api.crypto.CryptoComponent;
 import org.briarproject.bramble.api.crypto.KeyPair;
 import org.briarproject.bramble.api.crypto.KeyParser;
 import org.briarproject.bramble.api.crypto.PrivateKey;
+import org.briarproject.bramble.api.crypto.PseudoRandom;
 import org.briarproject.bramble.api.crypto.PublicKey;
 import org.briarproject.bramble.api.crypto.SecretKey;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.TransportId;
 import org.briarproject.bramble.api.system.SecureRandomProvider;
+import org.briarproject.bramble.api.transport.IncomingKeys;
+import org.briarproject.bramble.api.transport.OutgoingKeys;
+import org.briarproject.bramble.api.transport.TransportKeys;
 import org.briarproject.bramble.util.ByteUtils;
 import org.briarproject.bramble.util.StringUtils;
+import org.spongycastle.crypto.AsymmetricCipherKeyPair;
+import org.spongycastle.crypto.CipherParameters;
 import org.spongycastle.crypto.CryptoException;
 import org.spongycastle.crypto.Digest;
-import org.spongycastle.crypto.digests.Blake2bDigest;
+import org.spongycastle.crypto.agreement.ECDHCBasicAgreement;
-import org.whispersystems.curve25519.Curve25519;
+import org.spongycastle.crypto.digests.SHA256Digest;
-import org.whispersystems.curve25519.Curve25519KeyPair;
+import org.spongycastle.crypto.generators.ECKeyPairGenerator;
+import org.spongycastle.crypto.generators.PKCS5S2ParametersGenerator;
+import org.spongycastle.crypto.params.ECKeyGenerationParameters;
+import org.spongycastle.crypto.params.ECPrivateKeyParameters;
+import org.spongycastle.crypto.params.ECPublicKeyParameters;
+import org.spongycastle.crypto.params.KeyParameter;
 
+import java.nio.charset.Charset;
 import java.security.GeneralSecurityException;
 import java.security.NoSuchAlgorithmException;
 import java.security.Provider;
 import java.security.SecureRandom;
 import java.security.Security;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
 import java.util.logging.Logger;
 
-import javax.annotation.Nullable;
 import javax.inject.Inject;
 
 import static java.util.logging.Level.INFO;
+import static org.briarproject.bramble.api.invitation.InvitationConstants.CODE_BITS;
+import static org.briarproject.bramble.api.keyagreement.KeyAgreementConstants.COMMIT_LENGTH;
+import static org.briarproject.bramble.api.transport.TransportConstants.TAG_LENGTH;
+import static org.briarproject.bramble.crypto.EllipticCurveConstants.PARAMETERS;
 import static org.briarproject.bramble.util.ByteUtils.INT_32_BYTES;
+import static org.briarproject.bramble.util.ByteUtils.INT_64_BYTES;
+import static org.briarproject.bramble.util.ByteUtils.MAX_32_BIT_UNSIGNED;
 
-@NotNullByDefault
 class CryptoComponentImpl implements CryptoComponent {
 
 	private static final Logger LOG =
 			Logger.getLogger(CryptoComponentImpl.class.getName());
 
+	private static final int AGREEMENT_KEY_PAIR_BITS = 256;
 	private static final int SIGNATURE_KEY_PAIR_BITS = 256;
 	private static final int STORAGE_IV_BYTES = 24; // 196 bits
 	private static final int PBKDF_SALT_BYTES = 32; // 256 bits
-	private static final int PBKDF_FORMAT_SCRYPT = 0;
+	private static final int PBKDF_TARGET_MILLIS = 500;
+	private static final int PBKDF_SAMPLES = 30;
+	private static final int HASH_SIZE = 256 / 8;
+
+	private static byte[] ascii(String s) {
+		return s.getBytes(Charset.forName("US-ASCII"));
+	}
+
+	// KDF labels for bluetooth confirmation code derivation
+	private static final byte[] BT_A_CONFIRM = ascii("ALICE_CONFIRMATION_CODE");
+	private static final byte[] BT_B_CONFIRM = ascii("BOB_CONFIRMATION_CODE");
+	// KDF labels for contact exchange stream header key derivation
+	private static final byte[] A_INVITE = ascii("ALICE_INVITATION_KEY");
+	private static final byte[] B_INVITE = ascii("BOB_INVITATION_KEY");
+	// KDF labels for contact exchange signature nonce derivation
+	private static final byte[] A_SIG_NONCE = ascii("ALICE_SIGNATURE_NONCE");
+	private static final byte[] B_SIG_NONCE = ascii("BOB_SIGNATURE_NONCE");
+	// Hash label for BQP public key commitment derivation
+	private static final String COMMIT =
+			"org.briarproject.bramble.COMMIT";
+	// Hash label for shared secret derivation
+	private static final String SHARED_SECRET =
+			"org.briarproject.bramble.SHARED_SECRET";
+	// KDF label for BQP confirmation key derivation
+	private static final byte[] CONFIRMATION_KEY = ascii("CONFIRMATION_KEY");
+	// KDF label for master key derivation
+	private static final byte[] MASTER_KEY = ascii("MASTER_KEY");
+	// KDF labels for tag key derivation
+	private static final byte[] A_TAG = ascii("ALICE_TAG_KEY");
+	private static final byte[] B_TAG = ascii("BOB_TAG_KEY");
+	// KDF labels for header key derivation
+	private static final byte[] A_HEADER = ascii("ALICE_HEADER_KEY");
+	private static final byte[] B_HEADER = ascii("BOB_HEADER_KEY");
+	// KDF labels for MAC key derivation
+	private static final byte[] A_MAC = ascii("ALICE_MAC_KEY");
+	private static final byte[] B_MAC = ascii("BOB_MAC_KEY");
+	// KDF label for key rotation
+	private static final byte[] ROTATE = ascii("ROTATE");
 
 	private final SecureRandom secureRandom;
-	private final PasswordBasedKdf passwordBasedKdf;
+	private final ECKeyPairGenerator agreementKeyPairGenerator;
-	private final Curve25519 curve25519;
+	private final ECKeyPairGenerator signatureKeyPairGenerator;
-	private final KeyPairGenerator signatureKeyPairGenerator;
 	private final KeyParser agreementKeyParser, signatureKeyParser;
 	private final MessageEncrypter messageEncrypter;
 
 	@Inject
-	CryptoComponentImpl(SecureRandomProvider secureRandomProvider,
+	CryptoComponentImpl(SecureRandomProvider secureRandomProvider) {
-			PasswordBasedKdf passwordBasedKdf) {
 		if (LOG.isLoggable(INFO)) {
 			SecureRandom defaultSecureRandom = new SecureRandom();
 			String name = defaultSecureRandom.getProvider().getName();
@@ -73,13 +124,16 @@ class CryptoComponentImpl implements CryptoComponent {
 			}
 		}
 		secureRandom = new SecureRandom();
-		this.passwordBasedKdf = passwordBasedKdf;
+		ECKeyGenerationParameters params = new ECKeyGenerationParameters(
-		curve25519 = Curve25519.getInstance("java");
+				PARAMETERS, secureRandom);
-		signatureKeyPairGenerator = new KeyPairGenerator();
+		agreementKeyPairGenerator = new ECKeyPairGenerator();
-		signatureKeyPairGenerator.initialize(SIGNATURE_KEY_PAIR_BITS,
+		agreementKeyPairGenerator.init(params);
-				secureRandom);
+		signatureKeyPairGenerator = new ECKeyPairGenerator();
-		agreementKeyParser = new Curve25519KeyParser();
+		signatureKeyPairGenerator.init(params);
-		signatureKeyParser = new EdKeyParser();
+		agreementKeyParser = new Sec1KeyParser(PARAMETERS,
+				AGREEMENT_KEY_PAIR_BITS);
+		signatureKeyParser = new Sec1KeyParser(PARAMETERS,
+				SIGNATURE_KEY_PAIR_BITS);
 		messageEncrypter = new MessageEncrypter(secureRandom);
 	}
 
@@ -115,6 +169,14 @@ class CryptoComponentImpl implements CryptoComponent {
 		return new SecretKey(b);
 	}
 
+	@Override
+	public PseudoRandom getPseudoRandom(int seed1, int seed2) {
+		byte[] seed = new byte[INT_32_BYTES * 2];
+		ByteUtils.writeUint32(seed1, seed, 0);
+		ByteUtils.writeUint32(seed2, seed, INT_32_BYTES);
+		return new PseudoRandomImpl(seed);
+	}
+
 	@Override
 	public SecureRandom getSecureRandom() {
 		return secureRandom;
@@ -123,17 +185,16 @@ class CryptoComponentImpl implements CryptoComponent {
 	// Package access for testing
 	byte[] performRawKeyAgreement(PrivateKey priv, PublicKey pub)
 			throws GeneralSecurityException {
-		if (!(priv instanceof Curve25519PrivateKey))
+		if (!(priv instanceof Sec1PrivateKey))
 			throw new IllegalArgumentException();
-		if (!(pub instanceof Curve25519PublicKey))
+		if (!(pub instanceof Sec1PublicKey))
 			throw new IllegalArgumentException();
+		ECPrivateKeyParameters ecPriv = ((Sec1PrivateKey) priv).getKey();
+		ECPublicKeyParameters ecPub = ((Sec1PublicKey) pub).getKey();
 		long now = System.currentTimeMillis();
-		byte[] secret = curve25519.calculateAgreement(pub.getEncoded(),
+		ECDHCBasicAgreement agreement = new ECDHCBasicAgreement();
-				priv.getEncoded());
+		agreement.init(ecPriv);
-		// If the shared secret is all zeroes, the public key is invalid
+		byte[] secret = agreement.calculateAgreement(ecPub).toByteArray();
-		byte allZero = 0;
-		for (byte b : secret) allZero |= b;
-		if (allZero == 0) throw new GeneralSecurityException();
 		long duration = System.currentTimeMillis() - now;
 		if (LOG.isLoggable(INFO))
 			LOG.info("Deriving shared secret took " + duration + " ms");
@@ -142,10 +203,18 @@ class CryptoComponentImpl implements CryptoComponent {
 
 	@Override
 	public KeyPair generateAgreementKeyPair() {
-		Curve25519KeyPair keyPair = curve25519.generateKeyPair();
+		AsymmetricCipherKeyPair keyPair =
-		PublicKey pub = new Curve25519PublicKey(keyPair.getPublicKey());
+				agreementKeyPairGenerator.generateKeyPair();
-		PrivateKey priv = new Curve25519PrivateKey(keyPair.getPrivateKey());
+		// Return a wrapper that uses the SEC 1 encoding
-		return new KeyPair(pub, priv);
+		ECPublicKeyParameters ecPublicKey =
+				(ECPublicKeyParameters) keyPair.getPublic();
+		PublicKey publicKey = new Sec1PublicKey(ecPublicKey
+		);
+		ECPrivateKeyParameters ecPrivateKey =
+				(ECPrivateKeyParameters) keyPair.getPrivate();
+		PrivateKey privateKey = new Sec1PrivateKey(ecPrivateKey,
+				AGREEMENT_KEY_PAIR_BITS);
+		return new KeyPair(publicKey, privateKey);
 	}
 
 	@Override
@@ -155,12 +224,17 @@ class CryptoComponentImpl implements CryptoComponent {
 
 	@Override
 	public KeyPair generateSignatureKeyPair() {
-		java.security.KeyPair keyPair =
+		AsymmetricCipherKeyPair keyPair =
 				signatureKeyPairGenerator.generateKeyPair();
-		EdDSAPublicKey edPublicKey = (EdDSAPublicKey) keyPair.getPublic();
+		// Return a wrapper that uses the SEC 1 encoding
-		PublicKey publicKey = new EdPublicKey(edPublicKey.getAbyte());
+		ECPublicKeyParameters ecPublicKey =
-		EdDSAPrivateKey edPrivateKey = (EdDSAPrivateKey) keyPair.getPrivate();
+				(ECPublicKeyParameters) keyPair.getPublic();
-		PrivateKey privateKey = new EdPrivateKey(edPrivateKey.getSeed());
+		PublicKey publicKey = new Sec1PublicKey(ecPublicKey
+		);
+		ECPrivateKeyParameters ecPrivateKey =
+				(ECPrivateKeyParameters) keyPair.getPrivate();
+		PrivateKey privateKey = new Sec1PrivateKey(ecPrivateKey,
+				SIGNATURE_KEY_PAIR_BITS);
 		return new KeyPair(publicKey, privateKey);
 	}
 
@@ -175,47 +249,212 @@ class CryptoComponentImpl implements CryptoComponent {
 	}
 
 	@Override
-	public SecretKey deriveKey(String label, SecretKey k, byte[]... inputs) {
+	public int generateBTInvitationCode() {
-		byte[] mac = mac(label, k, inputs);
+		int codeBytes = (CODE_BITS + 7) / 8;
-		if (mac.length != SecretKey.LENGTH) throw new IllegalStateException();
+		byte[] random = new byte[codeBytes];
-		return new SecretKey(mac);
+		secureRandom.nextBytes(random);
+		return ByteUtils.readUint(random, CODE_BITS);
 	}
 
 	@Override
-	public SecretKey deriveSharedSecret(String label, PublicKey theirPublicKey,
+	public int deriveBTConfirmationCode(SecretKey master, boolean alice) {
-			KeyPair ourKeyPair, byte[]... inputs)
+		byte[] b = macKdf(master, alice ? BT_A_CONFIRM : BT_B_CONFIRM);
-			throws GeneralSecurityException {
+		return ByteUtils.readUint(b, CODE_BITS);
+	}
+
+	@Override
+	public SecretKey deriveHeaderKey(SecretKey master,
+			boolean alice) {
+		return new SecretKey(macKdf(master, alice ? A_INVITE : B_INVITE));
+	}
+
+	@Override
+	public SecretKey deriveMacKey(SecretKey master, boolean alice) {
+		return new SecretKey(macKdf(master, alice ? A_MAC : B_MAC));
+	}
+
+	@Override
+	public byte[] deriveSignatureNonce(SecretKey master,
+			boolean alice) {
+		return macKdf(master, alice ? A_SIG_NONCE : B_SIG_NONCE);
+	}
+
+	@Override
+	public byte[] deriveKeyCommitment(byte[] publicKey) {
+		byte[] hash = hash(COMMIT, publicKey);
+		// The output is the first COMMIT_LENGTH bytes of the hash
+		byte[] commitment = new byte[COMMIT_LENGTH];
+		System.arraycopy(hash, 0, commitment, 0, COMMIT_LENGTH);
+		return commitment;
+	}
+
+	@Override
+	public SecretKey deriveSharedSecret(byte[] theirPublicKey,
+			KeyPair ourKeyPair, boolean alice) throws GeneralSecurityException {
 		PrivateKey ourPriv = ourKeyPair.getPrivate();
-		byte[][] hashInputs = new byte[inputs.length + 1][];
+		PublicKey theirPub = agreementKeyParser.parsePublicKey(theirPublicKey);
-		hashInputs[0] = performRawKeyAgreement(ourPriv, theirPublicKey);
+		byte[] raw = performRawKeyAgreement(ourPriv, theirPub);
-		System.arraycopy(inputs, 0, hashInputs, 1, inputs.length);
+		byte[] alicePub, bobPub;
-		byte[] hash = hash(label, hashInputs);
+		if (alice) {
-		if (hash.length != SecretKey.LENGTH) throw new IllegalStateException();
+			alicePub = ourKeyPair.getPublic().getEncoded();
-		return new SecretKey(hash);
+			bobPub = theirPublicKey;
+		} else {
+			alicePub = theirPublicKey;
+			bobPub = ourKeyPair.getPublic().getEncoded();
+		}
+		return new SecretKey(hash(SHARED_SECRET, raw, alicePub, bobPub));
+	}
+
+	@Override
+	public byte[] deriveConfirmationRecord(SecretKey sharedSecret,
+			byte[] theirPayload, byte[] ourPayload, byte[] theirPublicKey,
+			KeyPair ourKeyPair, boolean alice, boolean aliceRecord) {
+		SecretKey ck = new SecretKey(macKdf(sharedSecret, CONFIRMATION_KEY));
+		byte[] alicePayload, alicePub, bobPayload, bobPub;
+		if (alice) {
+			alicePayload = ourPayload;
+			alicePub = ourKeyPair.getPublic().getEncoded();
+			bobPayload = theirPayload;
+			bobPub = theirPublicKey;
+		} else {
+			alicePayload = theirPayload;
+			alicePub = theirPublicKey;
+			bobPayload = ourPayload;
+			bobPub = ourKeyPair.getPublic().getEncoded();
+		}
+		if (aliceRecord)
+			return macKdf(ck, alicePayload, alicePub, bobPayload, bobPub);
+		else
+			return macKdf(ck, bobPayload, bobPub, alicePayload, alicePub);
+	}
+
+	@Override
+	public SecretKey deriveMasterSecret(SecretKey sharedSecret) {
+		return new SecretKey(macKdf(sharedSecret, MASTER_KEY));
+	}
+
+	@Override
+	public SecretKey deriveMasterSecret(byte[] theirPublicKey,
+			KeyPair ourKeyPair, boolean alice) throws GeneralSecurityException {
+		return deriveMasterSecret(deriveSharedSecret(
+				theirPublicKey, ourKeyPair, alice));
+	}
+
+	@Override
+	public TransportKeys deriveTransportKeys(TransportId t,
+			SecretKey master, long rotationPeriod, boolean alice) {
+		// Keys for the previous period are derived from the master secret
+		SecretKey inTagPrev = deriveTagKey(master, t, !alice);
+		SecretKey inHeaderPrev = deriveHeaderKey(master, t, !alice);
+		SecretKey outTagPrev = deriveTagKey(master, t, alice);
+		SecretKey outHeaderPrev = deriveHeaderKey(master, t, alice);
+		// Derive the keys for the current and next periods
+		SecretKey inTagCurr = rotateKey(inTagPrev, rotationPeriod);
+		SecretKey inHeaderCurr = rotateKey(inHeaderPrev, rotationPeriod);
+		SecretKey inTagNext = rotateKey(inTagCurr, rotationPeriod + 1);
+		SecretKey inHeaderNext = rotateKey(inHeaderCurr, rotationPeriod + 1);
+		SecretKey outTagCurr = rotateKey(outTagPrev, rotationPeriod);
+		SecretKey outHeaderCurr = rotateKey(outHeaderPrev, rotationPeriod);
+		// Initialise the reordering windows and stream counters
+		IncomingKeys inPrev = new IncomingKeys(inTagPrev, inHeaderPrev,
+				rotationPeriod - 1);
+		IncomingKeys inCurr = new IncomingKeys(inTagCurr, inHeaderCurr,
+				rotationPeriod);
+		IncomingKeys inNext = new IncomingKeys(inTagNext, inHeaderNext,
+				rotationPeriod + 1);
+		OutgoingKeys outCurr = new OutgoingKeys(outTagCurr, outHeaderCurr,
+				rotationPeriod);
+		// Collect and return the keys
+		return new TransportKeys(t, inPrev, inCurr, inNext, outCurr);
+	}
+
+	@Override
+	public TransportKeys rotateTransportKeys(TransportKeys k,
+			long rotationPeriod) {
+		if (k.getRotationPeriod() >= rotationPeriod) return k;
+		IncomingKeys inPrev = k.getPreviousIncomingKeys();
+		IncomingKeys inCurr = k.getCurrentIncomingKeys();
+		IncomingKeys inNext = k.getNextIncomingKeys();
+		OutgoingKeys outCurr = k.getCurrentOutgoingKeys();
+		long startPeriod = outCurr.getRotationPeriod();
+		// Rotate the keys
+		for (long p = startPeriod + 1; p <= rotationPeriod; p++) {
+			inPrev = inCurr;
+			inCurr = inNext;
+			SecretKey inNextTag = rotateKey(inNext.getTagKey(), p + 1);
+			SecretKey inNextHeader = rotateKey(inNext.getHeaderKey(), p + 1);
+			inNext = new IncomingKeys(inNextTag, inNextHeader, p + 1);
+			SecretKey outCurrTag = rotateKey(outCurr.getTagKey(), p);
+			SecretKey outCurrHeader = rotateKey(outCurr.getHeaderKey(), p);
+			outCurr = new OutgoingKeys(outCurrTag, outCurrHeader, p);
+		}
+		// Collect and return the keys
+		return new TransportKeys(k.getTransportId(), inPrev, inCurr, inNext,
+				outCurr);
+	}
+
+	private SecretKey rotateKey(SecretKey k, long rotationPeriod) {
+		byte[] period = new byte[INT_64_BYTES];
+		ByteUtils.writeUint64(rotationPeriod, period, 0);
+		return new SecretKey(macKdf(k, ROTATE, period));
+	}
+
+	private SecretKey deriveTagKey(SecretKey master, TransportId t,
+			boolean alice) {
+		byte[] id = StringUtils.toUtf8(t.getString());
+		return new SecretKey(macKdf(master, alice ? A_TAG : B_TAG, id));
+	}
+
+	private SecretKey deriveHeaderKey(SecretKey master, TransportId t,
+			boolean alice) {
+		byte[] id = StringUtils.toUtf8(t.getString());
+		return new SecretKey(macKdf(master, alice ? A_HEADER : B_HEADER, id));
+	}
+
+	@Override
+	public void encodeTag(byte[] tag, SecretKey tagKey, long streamNumber) {
+		if (tag.length < TAG_LENGTH) throw new IllegalArgumentException();
+		if (streamNumber < 0 || streamNumber > MAX_32_BIT_UNSIGNED)
+			throw new IllegalArgumentException();
+		// Initialise the PRF
+		Digest prf = new Blake2sDigest(tagKey.getBytes());
+		// The output of the PRF must be long enough to use as a tag
+		int macLength = prf.getDigestSize();
+		if (macLength < TAG_LENGTH) throw new IllegalStateException();
+		// The input is the stream number as a 64-bit integer
+		byte[] input = new byte[INT_64_BYTES];
+		ByteUtils.writeUint64(streamNumber, input, 0);
+		prf.update(input, 0, input.length);
+		byte[] mac = new byte[macLength];
+		prf.doFinal(mac, 0);
+		// The output is the first TAG_LENGTH bytes of the MAC
+		System.arraycopy(mac, 0, tag, 0, TAG_LENGTH);
 	}
 
 	@Override
 	public byte[] sign(String label, byte[] toSign, byte[] privateKey)
 			throws GeneralSecurityException {
-		PrivateKey key = signatureKeyParser.parsePrivateKey(privateKey);
+		Signature signature = new SignatureImpl(secureRandom);
-		Signature sig = new EdSignature();
+		KeyParser keyParser = getSignatureKeyParser();
-		sig.initSign(key);
+		PrivateKey key = keyParser.parsePrivateKey(privateKey);
-		updateSignature(sig, label, toSign);
+		signature.initSign(key);
-		return sig.sign();
+		updateSignature(signature, label, toSign);
+		return signature.sign();
 	}
 
 	@Override
 	public boolean verify(String label, byte[] signedData, byte[] publicKey,
 			byte[] signature) throws GeneralSecurityException {
-		PublicKey key = signatureKeyParser.parsePublicKey(publicKey);
+		Signature sig = new SignatureImpl(secureRandom);
-		Signature sig = new EdSignature();
+		KeyParser keyParser = getSignatureKeyParser();
+		PublicKey key = keyParser.parsePublicKey(publicKey);
 		sig.initVerify(key);
 		updateSignature(sig, label, signedData);
 		return sig.verify(signature);
 	}
 
 	private void updateSignature(Signature signature, String label,
-			byte[] toSign) throws GeneralSecurityException {
+			byte[] toSign) {
 		byte[] labelBytes = StringUtils.toUtf8(label);
 		byte[] length = new byte[INT_32_BYTES];
 		ByteUtils.writeUint32(labelBytes.length, length, 0);
@@ -229,7 +468,7 @@ class CryptoComponentImpl implements CryptoComponent {
 	@Override
 	public byte[] hash(String label, byte[]... inputs) {
 		byte[] labelBytes = StringUtils.toUtf8(label);
-		Digest digest = new Blake2bDigest(256);
+		Digest digest = new Blake2sDigest();
 		byte[] length = new byte[INT_32_BYTES];
 		ByteUtils.writeUint32(labelBytes.length, length, 0);
 		digest.update(length, 0, length.length);
@@ -245,13 +484,14 @@ class CryptoComponentImpl implements CryptoComponent {
 	}
 
 	@Override
-	public byte[] mac(String label, SecretKey macKey, byte[]... inputs) {
+	public int getHashLength() {
-		byte[] labelBytes = StringUtils.toUtf8(label);
+		return HASH_SIZE;
-		Digest mac = new Blake2bDigest(macKey.getBytes(), 32, null, null);
+	}
+
+	@Override
+	public byte[] mac(SecretKey macKey, byte[]... inputs) {
+		Digest mac = new Blake2sDigest(macKey.getBytes());
 		byte[] length = new byte[INT_32_BYTES];
-		ByteUtils.writeUint32(labelBytes.length, length, 0);
-		mac.update(length, 0, length.length);
-		mac.update(labelBytes, 0, labelBytes.length);
 		for (byte[] input : inputs) {
 			ByteUtils.writeUint32(input.length, length, 0);
 			mac.update(length, 0, length.length);
@@ -270,33 +510,23 @@ class CryptoComponentImpl implements CryptoComponent {
 		byte[] salt = new byte[PBKDF_SALT_BYTES];
 		secureRandom.nextBytes(salt);
 		// Calibrate the KDF
-		int cost = passwordBasedKdf.chooseCostParameter();
+		int iterations = chooseIterationCount(PBKDF_TARGET_MILLIS);
 		// Derive the key from the password
-		SecretKey key = passwordBasedKdf.deriveKey(password, salt, cost);
+		SecretKey key = new SecretKey(pbkdf2(password, salt, iterations));
 		// Generate a random IV
 		byte[] iv = new byte[STORAGE_IV_BYTES];
 		secureRandom.nextBytes(iv);
-		// The output contains the format version, salt, cost parameter, IV,
+		// The output contains the salt, iterations, IV, ciphertext and MAC
-		// ciphertext and MAC
+		int outputLen = salt.length + INT_32_BYTES + iv.length + input.length
-		int outputLen = 1 + salt.length + INT_32_BYTES + iv.length
+				+ macBytes;
-				+ input.length + macBytes;
 		byte[] output = new byte[outputLen];
-		int outputOff = 0;
+		System.arraycopy(salt, 0, output, 0, salt.length);
-		// Format version
+		ByteUtils.writeUint32(iterations, output, salt.length);
-		output[outputOff] = PBKDF_FORMAT_SCRYPT;
+		System.arraycopy(iv, 0, output, salt.length + INT_32_BYTES, iv.length);
-		outputOff++;
-		// Salt
-		System.arraycopy(salt, 0, output, outputOff, salt.length);
-		outputOff += salt.length;
-		// Cost parameter
-		ByteUtils.writeUint32(cost, output, outputOff);
-		outputOff += INT_32_BYTES;
-		// IV
-		System.arraycopy(iv, 0, output, outputOff, iv.length);
-		outputOff += iv.length;
 		// Initialise the cipher and encrypt the plaintext
 		try {
 			cipher.init(true, key, iv);
+			int outputOff = salt.length + INT_32_BYTES + iv.length;
 			cipher.process(input, 0, input.length, output, outputOff);
 			return output;
 		} catch (GeneralSecurityException e) {
@@ -305,36 +535,22 @@ class CryptoComponentImpl implements CryptoComponent {
 	}
 
 	@Override
-	@Nullable
 	public byte[] decryptWithPassword(byte[] input, String password) {
 		AuthenticatedCipher cipher = new XSalsa20Poly1305AuthenticatedCipher();
 		int macBytes = cipher.getMacBytes();
-		// The input contains the format version, salt, cost parameter, IV,
+		// The input contains the salt, iterations, IV, ciphertext and MAC
-		// ciphertext and MAC
+		if (input.length < PBKDF_SALT_BYTES + INT_32_BYTES + STORAGE_IV_BYTES
-		if (input.length < 1 + PBKDF_SALT_BYTES + INT_32_BYTES
+				+ macBytes)
-				+ STORAGE_IV_BYTES + macBytes)
 			return null; // Invalid input
-		int inputOff = 0;
-		// Format version
-		byte formatVersion = input[inputOff];
-		inputOff++;
-		if (formatVersion != PBKDF_FORMAT_SCRYPT)
-			return null; // Unknown format
-		// Salt
 		byte[] salt = new byte[PBKDF_SALT_BYTES];
-		System.arraycopy(input, inputOff, salt, 0, salt.length);
+		System.arraycopy(input, 0, salt, 0, salt.length);
-		inputOff += salt.length;
+		long iterations = ByteUtils.readUint32(input, salt.length);
-		// Cost parameter
+		if (iterations < 0 || iterations > Integer.MAX_VALUE)
-		long cost = ByteUtils.readUint32(input, inputOff);
+			return null; // Invalid iteration count
-		inputOff += INT_32_BYTES;
-		if (cost < 2 || cost > Integer.MAX_VALUE)
-			return null; // Invalid cost parameter
-		// IV
 		byte[] iv = new byte[STORAGE_IV_BYTES];
-		System.arraycopy(input, inputOff, iv, 0, iv.length);
+		System.arraycopy(input, salt.length + INT_32_BYTES, iv, 0, iv.length);
-		inputOff += iv.length;
 		// Derive the key from the password
-		SecretKey key = passwordBasedKdf.deriveKey(password, salt, (int) cost);
+		SecretKey key = new SecretKey(pbkdf2(password, salt, (int) iterations));
 		// Initialise the cipher
 		try {
 			cipher.init(false, key, iv);
@@ -343,6 +559,7 @@ class CryptoComponentImpl implements CryptoComponent {
 		}
 		// Try to decrypt the ciphertext (may be invalid)
 		try {
+			int inputOff = salt.length + INT_32_BYTES + iv.length;
 			int inputLen = input.length - inputOff;
 			byte[] output = new byte[inputLen - macBytes];
 			cipher.process(input, inputOff, inputLen, output, 0);
@@ -365,4 +582,88 @@ class CryptoComponentImpl implements CryptoComponent {
 	public String asciiArmour(byte[] b, int lineLength) {
 		return AsciiArmour.wrap(b, lineLength);
 	}
+
+	// Key derivation function based on a pseudo-random function - see
+	// NIST SP 800-108, section 5.1
+	private byte[] macKdf(SecretKey key, byte[]... inputs) {
+		// Initialise the PRF
+		Digest prf = new Blake2sDigest(key.getBytes());
+		// The output of the PRF must be long enough to use as a key
+		int macLength = prf.getDigestSize();
+		if (macLength < SecretKey.LENGTH) throw new IllegalStateException();
+		// Calculate the PRF over the concatenated length-prefixed inputs
+		byte[] length = new byte[INT_32_BYTES];
+		for (byte[] input : inputs) {
+			ByteUtils.writeUint32(input.length, length, 0);
+			prf.update(length, 0, length.length);
+			prf.update(input, 0, input.length);
+		}
+		byte[] mac = new byte[macLength];
+		prf.doFinal(mac, 0);
+		// The output is the first SecretKey.LENGTH bytes of the MAC
+		if (mac.length == SecretKey.LENGTH) return mac;
+		byte[] truncated = new byte[SecretKey.LENGTH];
+		System.arraycopy(mac, 0, truncated, 0, truncated.length);
+		return truncated;
+	}
+
+	// Password-based key derivation function - see PKCS#5 v2.1, section 5.2
+	private byte[] pbkdf2(String password, byte[] salt, int iterations) {
+		byte[] utf8 = StringUtils.toUtf8(password);
+		Digest digest = new SHA256Digest();
+		PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(digest);
+		gen.init(utf8, salt, iterations);
+		int keyLengthInBits = SecretKey.LENGTH * 8;
+		CipherParameters p = gen.generateDerivedParameters(keyLengthInBits);
+		return ((KeyParameter) p).getKey();
+	}
+
+	// Package access for testing
+	int chooseIterationCount(int targetMillis) {
+		List<Long> quickSamples = new ArrayList<Long>(PBKDF_SAMPLES);
+		List<Long> slowSamples = new ArrayList<Long>(PBKDF_SAMPLES);
+		long iterationNanos = 0, initNanos = 0;
+		while (iterationNanos <= 0 || initNanos <= 0) {
+			// Sample the running time with one iteration and two iterations
+			for (int i = 0; i < PBKDF_SAMPLES; i++) {
+				quickSamples.add(sampleRunningTime(1));
+				slowSamples.add(sampleRunningTime(2));
+			}
+			// Calculate the iteration time and the initialisation time
+			long quickMedian = median(quickSamples);
+			long slowMedian = median(slowSamples);
+			iterationNanos = slowMedian - quickMedian;
+			initNanos = quickMedian - iterationNanos;
+			if (LOG.isLoggable(INFO)) {
+				LOG.info("Init: " + initNanos + ", iteration: "
+						+ iterationNanos);
+			}
+		}
+		long targetNanos = targetMillis * 1000L * 1000L;
+		long iterations = (targetNanos - initNanos) / iterationNanos;
+		if (LOG.isLoggable(INFO)) LOG.info("Target iterations: " + iterations);
+		if (iterations < 1) return 1;
+		if (iterations > Integer.MAX_VALUE) return Integer.MAX_VALUE;
+		return (int) iterations;
+	}
+
+	private long sampleRunningTime(int iterations) {
+		byte[] password = {'p', 'a', 's', 's', 'w', 'o', 'r', 'd'};
+		byte[] salt = new byte[PBKDF_SALT_BYTES];
+		int keyLengthInBits = SecretKey.LENGTH * 8;
+		long start = System.nanoTime();
+		Digest digest = new SHA256Digest();
+		PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(digest);
+		gen.init(password, salt, iterations);
+		gen.generateDerivedParameters(keyLengthInBits);
+		return System.nanoTime() - start;
+	}
+
+	private long median(List<Long> list) {
+		int size = list.size();
+		if (size == 0) throw new IllegalArgumentException();
+		Collections.sort(list);
+		if (size % 2 == 1) return list.get(size / 2);
+		return list.get(size / 2 - 1) + list.get(size / 2) / 2;
+	}
 }

bramble-core/src/main/java/org/briarproject/bramble/crypto/CryptoModule.java

@@ -3,11 +3,9 @@ package org.briarproject.bramble.crypto;
 import org.briarproject.bramble.TimeLoggingExecutor;
 import org.briarproject.bramble.api.crypto.CryptoComponent;
 import org.briarproject.bramble.api.crypto.CryptoExecutor;
-import org.briarproject.bramble.api.crypto.KeyAgreementCrypto;
 import org.briarproject.bramble.api.crypto.PasswordStrengthEstimator;
 import org.briarproject.bramble.api.crypto.StreamDecrypterFactory;
 import org.briarproject.bramble.api.crypto.StreamEncrypterFactory;
-import org.briarproject.bramble.api.crypto.TransportCrypto;
 import org.briarproject.bramble.api.lifecycle.LifecycleManager;
 import org.briarproject.bramble.api.system.SecureRandomProvider;
 
@@ -50,7 +48,7 @@ public class CryptoModule {
 
 	public CryptoModule() {
 		// Use an unbounded queue
-		BlockingQueue<Runnable> queue = new LinkedBlockingQueue<>();
+		BlockingQueue<Runnable> queue = new LinkedBlockingQueue<Runnable>();
 		// Discard tasks that are submitted during shutdown
 		RejectedExecutionHandler policy =
 				new ThreadPoolExecutor.DiscardPolicy();
@@ -67,9 +65,8 @@ public class CryptoModule {
 	@Provides
 	@Singleton
 	CryptoComponent provideCryptoComponent(
-			SecureRandomProvider secureRandomProvider,
+			SecureRandomProvider secureRandomProvider) {
-			ScryptKdf passwordBasedKdf) {
+		return new CryptoComponentImpl(secureRandomProvider);
-		return new CryptoComponentImpl(secureRandomProvider, passwordBasedKdf);
 	}
 
 	@Provides
@@ -77,12 +74,6 @@ public class CryptoModule {
 		return new PasswordStrengthEstimatorImpl();
 	}
 
-	@Provides
-	TransportCrypto provideTransportCrypto(
-			TransportCryptoImpl transportCrypto) {
-		return transportCrypto;
-	}
-
 	@Provides
 	StreamDecrypterFactory provideStreamDecrypterFactory(
 			Provider<AuthenticatedCipher> cipherProvider) {
@@ -90,17 +81,9 @@ public class CryptoModule {
 	}
 
 	@Provides
-	StreamEncrypterFactory provideStreamEncrypterFactory(
+	StreamEncrypterFactory provideStreamEncrypterFactory(CryptoComponent crypto,
-			CryptoComponent crypto, TransportCrypto transportCrypto,
 			Provider<AuthenticatedCipher> cipherProvider) {
-		return new StreamEncrypterFactoryImpl(crypto, transportCrypto,
+		return new StreamEncrypterFactoryImpl(crypto, cipherProvider);
-				cipherProvider);
-	}
-
-	@Provides
-	KeyAgreementCrypto provideKeyAgreementCrypto(
-			KeyAgreementCryptoImpl keyAgreementCrypto) {
-		return keyAgreementCrypto;
 	}
 
 	@Provides

bramble-core/src/main/java/org/briarproject/bramble/crypto/Curve25519KeyParser.java

@@ -1,35 +0,0 @@
-package org.briarproject.bramble.crypto;
-
-import org.briarproject.bramble.api.crypto.KeyParser;
-import org.briarproject.bramble.api.crypto.PrivateKey;
-import org.briarproject.bramble.api.crypto.PublicKey;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-
-import java.security.GeneralSecurityException;
-
-@NotNullByDefault
-class Curve25519KeyParser implements KeyParser {
-
-	@Override
-	public PublicKey parsePublicKey(byte[] encodedKey)
-			throws GeneralSecurityException {
-		if (encodedKey.length != 32) throw new GeneralSecurityException();
-		return new Curve25519PublicKey(encodedKey);
-	}
-
-	@Override
-	public PrivateKey parsePrivateKey(byte[] encodedKey)
-			throws GeneralSecurityException {
-		if (encodedKey.length != 32) throw new GeneralSecurityException();
-		return new Curve25519PrivateKey(clamp(encodedKey));
-	}
-
-	static byte[] clamp(byte[] b) {
-		byte[] clamped = new byte[32];
-		System.arraycopy(b, 0, clamped, 0, 32);
-		clamped[0] &= 248;
-		clamped[31] &= 127;
-		clamped[31] |= 64;
-		return clamped;
-	}
-}

bramble-core/src/main/java/org/briarproject/bramble/crypto/Curve25519PrivateKey.java

@@ -1,18 +0,0 @@
-package org.briarproject.bramble.crypto;
-
-import org.briarproject.bramble.api.Bytes;
-import org.briarproject.bramble.api.crypto.PrivateKey;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-
-@NotNullByDefault
-class Curve25519PrivateKey extends Bytes implements PrivateKey {
-
-	Curve25519PrivateKey(byte[] bytes) {
-		super(bytes);
-	}
-
-	@Override
-	public byte[] getEncoded() {
-		return getBytes();
-	}
-}

bramble-core/src/main/java/org/briarproject/bramble/crypto/Curve25519PublicKey.java

@@ -1,18 +0,0 @@
-package org.briarproject.bramble.crypto;
-
-import org.briarproject.bramble.api.Bytes;
-import org.briarproject.bramble.api.crypto.PublicKey;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-
-@NotNullByDefault
-class Curve25519PublicKey extends Bytes implements PublicKey {
-
-	Curve25519PublicKey(byte[] bytes) {
-		super(bytes);
-	}
-
-	@Override
-	public byte[] getEncoded() {
-		return getBytes();
-	}
-}

bramble-core/src/main/java/org/briarproject/bramble/crypto/EdKeyParser.java

@@ -1,26 +0,0 @@
-package org.briarproject.bramble.crypto;
-
-import org.briarproject.bramble.api.crypto.KeyParser;
-import org.briarproject.bramble.api.crypto.PrivateKey;
-import org.briarproject.bramble.api.crypto.PublicKey;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-
-import java.security.GeneralSecurityException;
-
-@NotNullByDefault
-class EdKeyParser implements KeyParser {
-
-	@Override
-	public PublicKey parsePublicKey(byte[] encodedKey)
-			throws GeneralSecurityException {
-		if (encodedKey.length != 32) throw new GeneralSecurityException();
-		return new EdPublicKey(encodedKey);
-	}
-
-	@Override
-	public PrivateKey parsePrivateKey(byte[] encodedKey)
-			throws GeneralSecurityException {
-		if (encodedKey.length != 32) throw new GeneralSecurityException();
-		return new EdPrivateKey(encodedKey);
-	}
-}

bramble-core/src/main/java/org/briarproject/bramble/crypto/EdPrivateKey.java

@@ -1,18 +0,0 @@
-package org.briarproject.bramble.crypto;
-
-import org.briarproject.bramble.api.Bytes;
-import org.briarproject.bramble.api.crypto.PrivateKey;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-
-@NotNullByDefault
-class EdPrivateKey extends Bytes implements PrivateKey {
-
-	EdPrivateKey(byte[] bytes) {
-		super(bytes);
-	}
-
-	@Override
-	public byte[] getEncoded() {
-		return getBytes();
-	}
-}

bramble-core/src/main/java/org/briarproject/bramble/crypto/EdPublicKey.java

@@ -1,18 +0,0 @@
-package org.briarproject.bramble.crypto;
-
-import org.briarproject.bramble.api.Bytes;
-import org.briarproject.bramble.api.crypto.PublicKey;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-
-@NotNullByDefault
-class EdPublicKey extends Bytes implements PublicKey {
-
-	EdPublicKey(byte[] bytes) {
-		super(bytes);
-	}
-
-	@Override
-	public byte[] getEncoded() {
-		return getBytes();
-	}
-}

bramble-core/src/main/java/org/briarproject/bramble/crypto/EdSignature.java

@@ -1,83 +0,0 @@
-package org.briarproject.bramble.crypto;
-
-import net.i2p.crypto.eddsa.EdDSAPrivateKey;
-import net.i2p.crypto.eddsa.EdDSAPublicKey;
-import net.i2p.crypto.eddsa.EdDSASecurityProvider;
-import net.i2p.crypto.eddsa.spec.EdDSANamedCurveSpec;
-import net.i2p.crypto.eddsa.spec.EdDSANamedCurveTable;
-import net.i2p.crypto.eddsa.spec.EdDSAPrivateKeySpec;
-import net.i2p.crypto.eddsa.spec.EdDSAPublicKeySpec;
-
-import org.briarproject.bramble.api.crypto.PrivateKey;
-import org.briarproject.bramble.api.crypto.PublicKey;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-
-import java.security.GeneralSecurityException;
-import java.security.NoSuchAlgorithmException;
-import java.security.Provider;
-
-import static net.i2p.crypto.eddsa.EdDSAEngine.SIGNATURE_ALGORITHM;
-
-@NotNullByDefault
-class EdSignature implements Signature {
-
-	private static final Provider PROVIDER = new EdDSASecurityProvider();
-
-	private static final EdDSANamedCurveSpec CURVE_SPEC =
-			EdDSANamedCurveTable.getByName("Ed25519");
-
-	private final java.security.Signature signature;
-
-	EdSignature() {
-		try {
-			signature = java.security.Signature
-					.getInstance(SIGNATURE_ALGORITHM, PROVIDER);
-		} catch (NoSuchAlgorithmException e) {
-			throw new AssertionError(e);
-		}
-	}
-
-	@Override
-	public void initSign(PrivateKey k) throws GeneralSecurityException {
-		if (!(k instanceof EdPrivateKey))
-			throw new IllegalArgumentException();
-		EdDSAPrivateKey privateKey = new EdDSAPrivateKey(
-				new EdDSAPrivateKeySpec(k.getEncoded(), CURVE_SPEC));
-		signature.initSign(privateKey);
-	}
-
-	@Override
-	public void initVerify(PublicKey k) throws GeneralSecurityException {
-		if (!(k instanceof EdPublicKey))
-			throw new IllegalArgumentException();
-		EdDSAPublicKey publicKey = new EdDSAPublicKey(
-				new EdDSAPublicKeySpec(k.getEncoded(), CURVE_SPEC));
-		signature.initVerify(publicKey);
-	}
-
-	@Override
-	public void update(byte b) throws GeneralSecurityException {
-		signature.update(b);
-	}
-
-	@Override
-	public void update(byte[] b) throws GeneralSecurityException {
-		signature.update(b);
-	}
-
-	@Override
-	public void update(byte[] b, int off, int len)
-			throws GeneralSecurityException {
-		signature.update(b, off, len);
-	}
-
-	@Override
-	public byte[] sign() throws GeneralSecurityException {
-		return signature.sign();
-	}
-
-	@Override
-	public boolean verify(byte[] sig) throws GeneralSecurityException {
-		return signature.verify(sig);
-	}
-}

bramble-core/src/main/java/org/briarproject/bramble/crypto/EllipticCurveConstants.java

@@ -0,0 +1,32 @@
+package org.briarproject.bramble.crypto;
+
+import org.spongycastle.asn1.teletrust.TeleTrusTNamedCurves;
+import org.spongycastle.asn1.x9.X9ECParameters;
+import org.spongycastle.crypto.params.ECDomainParameters;
+import org.spongycastle.math.ec.ECCurve;
+import org.spongycastle.math.ec.ECMultiplier;
+import org.spongycastle.math.ec.ECPoint;
+import org.spongycastle.math.ec.MontgomeryLadderMultiplier;
+
+import java.math.BigInteger;
+
+/**
+ * Parameters for curve brainpoolp256r1 - see RFC 5639.
+ */
+class EllipticCurveConstants {
+
+	static final ECDomainParameters PARAMETERS;
+
+	static {
+		// Start with the default implementation of the curve
+		X9ECParameters x9 = TeleTrusTNamedCurves.getByName("brainpoolp256r1");
+		// Use a constant-time multiplier
+		ECMultiplier monty = new MontgomeryLadderMultiplier();
+		ECCurve curve = x9.getCurve().configure().setMultiplier(monty).create();
+		BigInteger gX = x9.getG().getAffineXCoord().toBigInteger();
+		BigInteger gY = x9.getG().getAffineYCoord().toBigInteger();
+		ECPoint g = curve.createPoint(gX, gY);
+		// Convert to ECDomainParameters using the new multiplier
+		PARAMETERS = new ECDomainParameters(curve, g, x9.getN(), x9.getH());
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/crypto/KeyAgreementCryptoImpl.java

@@ -1,56 +0,0 @@
-package org.briarproject.bramble.crypto;
-
-import org.briarproject.bramble.api.crypto.CryptoComponent;
-import org.briarproject.bramble.api.crypto.KeyAgreementCrypto;
-import org.briarproject.bramble.api.crypto.KeyPair;
-import org.briarproject.bramble.api.crypto.PublicKey;
-import org.briarproject.bramble.api.crypto.SecretKey;
-
-import javax.inject.Inject;
-
-import static org.briarproject.bramble.api.keyagreement.KeyAgreementConstants.COMMIT_LENGTH;
-
-class KeyAgreementCryptoImpl implements KeyAgreementCrypto {
-
-	private final CryptoComponent crypto;
-
-	@Inject
-	KeyAgreementCryptoImpl(CryptoComponent crypto) {
-		this.crypto = crypto;
-	}
-
-	@Override
-	public byte[] deriveKeyCommitment(PublicKey publicKey) {
-		byte[] hash = crypto.hash(COMMIT_LABEL, publicKey.getEncoded());
-		// The output is the first COMMIT_LENGTH bytes of the hash
-		byte[] commitment = new byte[COMMIT_LENGTH];
-		System.arraycopy(hash, 0, commitment, 0, COMMIT_LENGTH);
-		return commitment;
-	}
-
-	@Override
-	public byte[] deriveConfirmationRecord(SecretKey sharedSecret,
-			byte[] theirPayload, byte[] ourPayload, PublicKey theirPublicKey,
-			KeyPair ourKeyPair, boolean alice, boolean aliceRecord) {
-		SecretKey ck = crypto.deriveKey(CONFIRMATION_KEY_LABEL, sharedSecret);
-		byte[] alicePayload, alicePub, bobPayload, bobPub;
-		if (alice) {
-			alicePayload = ourPayload;
-			alicePub = ourKeyPair.getPublic().getEncoded();
-			bobPayload = theirPayload;
-			bobPub = theirPublicKey.getEncoded();
-		} else {
-			alicePayload = theirPayload;
-			alicePub = theirPublicKey.getEncoded();
-			bobPayload = ourPayload;
-			bobPub = ourKeyPair.getPublic().getEncoded();
-		}
-		if (aliceRecord) {
-			return crypto.mac(CONFIRMATION_MAC_LABEL, ck, alicePayload,
-					alicePub, bobPayload, bobPub);
-		} else {
-			return crypto.mac(CONFIRMATION_MAC_LABEL, ck, bobPayload, bobPub,
-					alicePayload, alicePub);
-		}
-	}
-}

bramble-core/src/main/java/org/briarproject/bramble/crypto/PasswordBasedKdf.java

@@ -1,10 +0,0 @@
-package org.briarproject.bramble.crypto;
-
-import org.briarproject.bramble.api.crypto.SecretKey;
-
-interface PasswordBasedKdf {
-
-	int chooseCostParameter();
-
-	SecretKey deriveKey(String password, byte[] salt, int cost);
-}

bramble-core/src/main/java/org/briarproject/bramble/crypto/PasswordStrengthEstimatorImpl.java

@@ -16,7 +16,7 @@ class PasswordStrengthEstimatorImpl implements PasswordStrengthEstimator {
 
 	@Override
 	public float estimateStrength(String password) {
-		HashSet<Character> unique = new HashSet<>();
+		HashSet<Character> unique = new HashSet<Character>();
 		int length = password.length();
 		for (int i = 0; i < length; i++) unique.add(password.charAt(i));
 		return Math.min(1, (float) unique.size() / STRONG_UNIQUE_CHARS);