Bumped expiry date to 1 May 2017.

2026-02-17 13:19:52 +01:00 · 2017-02-27 09:29:24 +00:00
618 changed files with 16042 additions and 22744 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -9,18 +9,17 @@ Thumbs.db
 .DS_Store
 # Eclipse project files
-.classpath
+#.classpath
-.project
+#.project
 .settings
 # Local configuration file (sdk path, etc)
 local.properties
 # Android Studio
 .idea/*
 !.idea/runConfigurations/
 !.idea/codeStyleSettings.xml
 .gradle
 build/
 *.iml
-projectFilesBackup/
+.gitignore
 src/test/
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,29 +0,0 @@
 image: registry.gitlab.com/fdroid/ci-images-base:latest
 cache:
  paths:
    - .gradle/wrapper
    - .gradle/caches
 before_script:
  - set -e
  - export GRADLE_USER_HOME=$PWD/.gradle
  # Accept the license for the Android build tools
  - echo y | /opt/android-sdk/tools/bin/sdkmanager "build-tools;26.0.2"
  # Download OpenJDK 6 so we can compile against its standard library
  - JDK_FILE=openjdk-6-jre-headless_6b38-1.13.10-1~deb7u1_amd64.deb
  - if [ ! -d openjdk ]
  - then
  - wget -q http://ftp.uk.debian.org/debian/pool/main/o/openjdk-6/$JDK_FILE
  - dpkg-deb -x $JDK_FILE openjdk
  - fi
  - export JAVA_6_HOME=$PWD/openjdk/usr/lib/jvm/java-6-openjdk-amd64
 test:
  script:
    - ./gradlew test
 after_script:
    # this file changes every time but should not be cached
    - rm -f $GRADLE_USER_HOME/caches/modules-2/modules-2.lock
    - rm -fr $GRADLE_USER_HOME/caches/*/plugin-resolution/
--- a/.idea/runConfigurations/All_tests.xml
+++ b/.idea/runConfigurations/All_tests.xml
@@ -1,28 +0,0 @@
 <component name="ProjectRunConfigurationManager">
  <configuration default="false" name="All tests" type="AndroidJUnit" factoryName="Android JUnit">
    <extension name="coverage" enabled="false" merge="false" sample_coverage="true" runner="idea" />
    <module name="briar-android" />
    <option name="ALTERNATIVE_JRE_PATH_ENABLED" value="false" />
    <option name="ALTERNATIVE_JRE_PATH" />
    <option name="PACKAGE_NAME" value="" />
    <option name="MAIN_CLASS_NAME" value="" />
    <option name="METHOD_NAME" value="" />
    <option name="TEST_OBJECT" value="package" />
    <option name="VM_PARAMETERS" value="-ea" />
    <option name="PARAMETERS" value="" />
    <option name="WORKING_DIRECTORY" value="file://$PROJECT_DIR$/briar-android" />
    <option name="ENV_VARIABLES" />
    <option name="PASS_PARENT_ENVS" value="true" />
    <option name="TEST_SEARCH_SCOPE">
      <value defaultName="singleModule" />
    </option>
    <envs />
    <patterns />
    <method>
      <option name="RunConfigurationTask" enabled="true" run_configuration_name="All tests in bramble-api" run_configuration_type="AndroidJUnit" />
      <option name="RunConfigurationTask" enabled="true" run_configuration_name="All tests in bramble-core" run_configuration_type="AndroidJUnit" />
      <option name="RunConfigurationTask" enabled="true" run_configuration_name="All tests in bramble-j2se" run_configuration_type="AndroidJUnit" />
      <option name="RunConfigurationTask" enabled="true" run_configuration_name="All tests in briar-core" run_configuration_type="AndroidJUnit" />
    </method>
  </configuration>
 </component>
--- a/.idea/runConfigurations/All_tests_in_bramble_api.xml
+++ b/.idea/runConfigurations/All_tests_in_bramble_api.xml
@@ -1,23 +0,0 @@
 <component name="ProjectRunConfigurationManager">
  <configuration default="false" name="All tests in bramble-api" type="AndroidJUnit" factoryName="Android JUnit">
    <extension name="coverage" enabled="false" merge="false" sample_coverage="true" runner="idea" />
    <module name="bramble-api" />
    <option name="ALTERNATIVE_JRE_PATH_ENABLED" value="false" />
    <option name="ALTERNATIVE_JRE_PATH" />
    <option name="PACKAGE_NAME" value="" />
    <option name="MAIN_CLASS_NAME" value="" />
    <option name="METHOD_NAME" value="" />
    <option name="TEST_OBJECT" value="package" />
    <option name="VM_PARAMETERS" value="-ea" />
    <option name="PARAMETERS" value="" />
    <option name="WORKING_DIRECTORY" value="file://$PROJECT_DIR$/bramble-api" />
    <option name="ENV_VARIABLES" />
    <option name="PASS_PARENT_ENVS" value="true" />
    <option name="TEST_SEARCH_SCOPE">
      <value defaultName="singleModule" />
    </option>
    <envs />
    <patterns />
    <method />
  </configuration>
 </component>
--- a/.idea/runConfigurations/All_tests_in_bramble_core.xml
+++ b/.idea/runConfigurations/All_tests_in_bramble_core.xml
@@ -1,23 +0,0 @@
 <component name="ProjectRunConfigurationManager">
  <configuration default="false" name="All tests in bramble-core" type="AndroidJUnit" factoryName="Android JUnit">
    <extension name="coverage" enabled="false" merge="false" sample_coverage="true" runner="idea" />
    <module name="bramble-core" />
    <option name="ALTERNATIVE_JRE_PATH_ENABLED" value="false" />
    <option name="ALTERNATIVE_JRE_PATH" />
    <option name="PACKAGE_NAME" value="" />
    <option name="MAIN_CLASS_NAME" value="" />
    <option name="METHOD_NAME" value="" />
    <option name="TEST_OBJECT" value="package" />
    <option name="VM_PARAMETERS" value="-ea" />
    <option name="PARAMETERS" value="" />
    <option name="WORKING_DIRECTORY" value="file://$PROJECT_DIR$/bramble-core" />
    <option name="ENV_VARIABLES" />
    <option name="PASS_PARENT_ENVS" value="true" />
    <option name="TEST_SEARCH_SCOPE">
      <value defaultName="singleModule" />
    </option>
    <envs />
    <patterns />
    <method />
  </configuration>
 </component>
--- a/.idea/runConfigurations/All_tests_in_bramble_j2se.xml
+++ b/.idea/runConfigurations/All_tests_in_bramble_j2se.xml
@@ -1,23 +0,0 @@
 <component name="ProjectRunConfigurationManager">
  <configuration default="false" name="All tests in bramble-j2se" type="AndroidJUnit" factoryName="Android JUnit">
    <extension name="coverage" enabled="false" merge="false" sample_coverage="true" runner="idea" />
    <module name="bramble-j2se" />
    <option name="ALTERNATIVE_JRE_PATH_ENABLED" value="false" />
    <option name="ALTERNATIVE_JRE_PATH" />
    <option name="PACKAGE_NAME" value="" />
    <option name="MAIN_CLASS_NAME" value="" />
    <option name="METHOD_NAME" value="" />
    <option name="TEST_OBJECT" value="package" />
    <option name="VM_PARAMETERS" value="-ea -Djava.library.path=libs" />
    <option name="PARAMETERS" value="" />
    <option name="WORKING_DIRECTORY" value="file://$PROJECT_DIR$/bramble-j2se" />
    <option name="ENV_VARIABLES" />
    <option name="PASS_PARENT_ENVS" value="true" />
    <option name="TEST_SEARCH_SCOPE">
      <value defaultName="singleModule" />
    </option>
    <envs />
    <patterns />
    <method />
  </configuration>
 </component>
--- a/.idea/runConfigurations/All_tests_in_briar_android.xml
+++ b/.idea/runConfigurations/All_tests_in_briar_android.xml
@@ -1,23 +0,0 @@
 <component name="ProjectRunConfigurationManager">
  <configuration default="false" name="All tests in briar-android" type="AndroidJUnit" factoryName="Android JUnit">
    <extension name="coverage" enabled="false" merge="false" sample_coverage="true" runner="idea" />
    <module name="briar-android" />
    <option name="ALTERNATIVE_JRE_PATH_ENABLED" value="false" />
    <option name="ALTERNATIVE_JRE_PATH" />
    <option name="PACKAGE_NAME" value="" />
    <option name="MAIN_CLASS_NAME" value="" />
    <option name="METHOD_NAME" value="" />
    <option name="TEST_OBJECT" value="package" />
    <option name="VM_PARAMETERS" value="-ea" />
    <option name="PARAMETERS" value="" />
    <option name="WORKING_DIRECTORY" value="file://$PROJECT_DIR$/briar-android" />
    <option name="ENV_VARIABLES" />
    <option name="PASS_PARENT_ENVS" value="true" />
    <option name="TEST_SEARCH_SCOPE">
      <value defaultName="singleModule" />
    </option>
    <envs />
    <patterns />
    <method />
  </configuration>
 </component>
--- a/.idea/runConfigurations/All_tests_in_briar_core.xml
+++ b/.idea/runConfigurations/All_tests_in_briar_core.xml
@@ -1,23 +0,0 @@
 <component name="ProjectRunConfigurationManager">
  <configuration default="false" name="All tests in briar-core" type="AndroidJUnit" factoryName="Android JUnit">
    <extension name="coverage" enabled="false" merge="false" sample_coverage="true" runner="idea" />
    <module name="briar-core" />
    <option name="ALTERNATIVE_JRE_PATH_ENABLED" value="false" />
    <option name="ALTERNATIVE_JRE_PATH" />
    <option name="PACKAGE_NAME" value="" />
    <option name="MAIN_CLASS_NAME" value="" />
    <option name="METHOD_NAME" value="" />
    <option name="TEST_OBJECT" value="package" />
    <option name="VM_PARAMETERS" value="-ea" />
    <option name="PARAMETERS" value="" />
    <option name="WORKING_DIRECTORY" value="file://$PROJECT_DIR$/briar-core" />
    <option name="ENV_VARIABLES" />
    <option name="PASS_PARENT_ENVS" value="true" />
    <option name="TEST_SEARCH_SCOPE">
      <value defaultName="singleModule" />
    </option>
    <envs />
    <patterns />
    <method />
  </configuration>
 </component>
--- a/bramble-android/build.gradle
+++ b/bramble-android/build.gradle
@@ -6,91 +6,99 @@ apply plugin: 'witness'
 apply plugin: 'de.undercouch.download'
 android {
-	compileSdkVersion 27
+	compileSdkVersion 23
-	buildToolsVersion '26.0.2'
+	buildToolsVersion "23.0.3"
 	defaultConfig {
 		minSdkVersion 14
-		targetSdkVersion 26
+		targetSdkVersion 22
-		versionCode 1700
+		versionCode 1
-		versionName "0.17.0"
+		versionName "1.0"
 		consumerProguardFiles 'proguard-rules.txt'
 	}
 	compileOptions {
-		sourceCompatibility JavaVersion.VERSION_1_8
+		sourceCompatibility JavaVersion.VERSION_1_7
-		targetCompatibility JavaVersion.VERSION_1_8
+		targetCompatibility JavaVersion.VERSION_1_7
 	}
 }
 dependencies {
-	implementation project(path: ':bramble-core', configuration: 'default')
+	compile project(':bramble-core')
-	implementation fileTree(dir: 'libs', include: '*.jar')
+	compile fileTree(dir: 'libs', include: ['*.jar'])
-
+	provided 'javax.annotation:jsr250-api:1.0'
 	annotationProcessor 'com.google.dagger:dagger-compiler:2.0.2'
 	compileOnly 'javax.annotation:jsr250-api:1.0'
 }
-dependencyVerification {
+def torBinaryDir = 'src/main/res/raw'
-	verify = [
+
-			'com.google.code.findbugs:jsr305:3.0.2:jsr305-3.0.2.jar:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7',
+task downloadTorGeoIp(type: Download) {
-			'com.google.dagger:dagger-compiler:2.0.2:dagger-compiler-2.0.2.jar:b74bc9de063dd4c6400b232231f2ef5056145b8fbecbf5382012007dd1c071b3',
+	src 'https://briarproject.org/build/geoip-2015-12-01.zip'
-			'com.google.dagger:dagger-producers:2.0-beta:dagger-producers-2.0-beta.jar:99ec15e8a0507ba569e7655bc1165ee5e5ca5aa914b3c8f7e2c2458f724edd6b',
+	dest "$torBinaryDir/geoip.zip"
-			'com.google.dagger:dagger:2.0.2:dagger-2.0.2.jar:84c0282ed8be73a29e0475d639da030b55dee72369e58dd35ae7d4fe6243dcf9',
+	onlyIfNewer true
 			'com.google.guava:guava:18.0:guava-18.0.jar:d664fbfc03d2e5ce9cab2a44fb01f1d0bf9dfebeccc1a473b1f9ea31f79f6f99',
 			'com.h2database:h2:1.4.192:h2-1.4.192.jar:225b22e9857235c46c93861410b60b8c81c10dc8985f4faf188985ba5445126c',
 			'com.madgag.spongycastle:core:1.58.0.0:core-1.58.0.0.jar:199617dd5698c5a9312b898c0a4cec7ce9dd8649d07f65d91629f58229d72728',
 			'javax.annotation:jsr250-api:1.0:jsr250-api-1.0.jar:a1a922d0d9b6d183ed3800dfac01d1e1eb159f0e8c6f94736931c1def54a941f',
 			'javax.inject:javax.inject:1:javax.inject-1.jar:91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff',
 			'net.i2p.crypto:eddsa:0.2.0:eddsa-0.2.0.jar:a7cb1b85c16e2f0730b9204106929a1d9aaae1df728adc7041a8b8b605692140',
 			'org.bitlet:weupnp:0.1.4:weupnp-0.1.4.jar:88df7e6504929d00bdb832863761385c68ab92af945b04f0770b126270a444fb',
 			'org.jacoco:org.jacoco.agent:0.7.4.201502262128:org.jacoco.agent-0.7.4.201502262128-runtime.jar:e357a0f1d573c2f702a273992b1b6cb661734f66311854efb3778a888515c5b5',
 			'org.jacoco:org.jacoco.agent:0.7.4.201502262128:org.jacoco.agent-0.7.4.201502262128.jar:47b4bec6df11a1118da3953da8b9fa1e7079d6fec857faa1a3cf912e53a6fd4e',
 			'org.jacoco:org.jacoco.ant:0.7.4.201502262128:org.jacoco.ant-0.7.4.201502262128.jar:013ce2a68ba57a3c59215ae0dec4df3498c078062a38c3b94c841fc14450f283',
 			'org.jacoco:org.jacoco.core:0.7.4.201502262128:org.jacoco.core-0.7.4.201502262128.jar:ec4c74554312fac5116350164786f91b35c9e082fa4ea598bfa42b5db05d7abb',
 			'org.jacoco:org.jacoco.report:0.7.4.201502262128:org.jacoco.report-0.7.4.201502262128.jar:7a3554c605e088e7e323b1084656243f0444fa353e2f2dee1f1a4204eb64ff09',
 			'org.ow2.asm:asm-debug-all:5.0.1:asm-debug-all-5.0.1.jar:4734de5b515a454b0096db6971fb068e5f70e6f10bbee2b3bd2fdfe5d978ed57',
 	]
 }
-ext.torBinaryDir = 'src/main/res/raw'
+task downloadTorBinaryArm(type: Download) {
-ext.torVersion = '0.2.9.12'
+	src 'https://briarproject.org/build/tor-0.2.7.6-arm.zip'
-ext.geoipVersion = '2017-09-06'
+	dest "$torBinaryDir/tor_arm.zip"
-ext.torDownloadUrl = 'https://briarproject.org/build/'
+	onlyIfNewer true
 def torBinaries = [
 		"tor_arm"    : '8ed0b347ffed1d6a4d2fd14495118eb92be83e9cc06e057e15220dc288b31688',
 		"tor_arm_pie": '64403262511c29f462ca5e7c7621bfc3c944898364d1d5ad35a016bb8a034283',
 		"tor_x86"    : '61e014607a2079bcf1646289c67bff6372b1aded6e1d8d83d7791efda9a4d5ab',
 		"tor_x86_pie": '18fbc98356697dd0895836ab46d5c9877d1c539193464f7db1e82a65adaaf288',
 		"geoip"      : 'fe49d3adb86d3c512373101422a017dbb86c85a570524663f09dd8ce143a24f3'
 ]
 def downloadBinary(name) {
 	return tasks.create("downloadBinary${name}", Download) {
 		src "${torDownloadUrl}${name}.zip"
 				.replace('tor_', "tor-${torVersion}-")
 				.replace('geoip', "geoip-${geoipVersion}")
 				.replaceAll('_', '-')
 		dest "${torBinaryDir}/${name}.zip"
 		onlyIfNewer true
 	}
 }
-def verifyBinary(name, chksum) {
+task downloadTorBinaryArmPie(type: Download) {
-	return tasks.create([
+	src 'https://briarproject.org/build/tor-0.2.7.6-arm-pie.zip'
-			name     : "verifyBinary${name}",
+	dest "$torBinaryDir/tor_arm_pie.zip"
-			type     : Verify,
+	onlyIfNewer true
-			dependsOn: downloadBinary(name)]) {
+}
-		src "${torBinaryDir}/${name}.zip"
+
-		algorithm 'SHA-256'
+task downloadTorBinaryX86(type: Download) {
-		checksum chksum
+	src 'https://briarproject.org/build/tor-0.2.7.6-x86.zip'
-	}
+	dest "$torBinaryDir/tor_x86.zip"
 	onlyIfNewer true
 }
 task downloadTorBinaryX86Pie(type: Download) {
 	src 'https://briarproject.org/build/tor-0.2.7.6-x86-pie.zip'
 	dest "$torBinaryDir/tor_x86_pie.zip"
 	onlyIfNewer true
 }
 task verifyTorGeoIp(type: Verify, dependsOn: 'downloadTorGeoIp') {
 	src "$torBinaryDir/geoip.zip"
 	algorithm 'SHA-256'
 	checksum '9bcdaf0a7ba0933735328d8ec466c25c25dbb459efc2bce9e55c774eabea5162'
 }
 task verifyTorBinaryArm(type: Verify, dependsOn: 'downloadTorBinaryArm') {
 	src "$torBinaryDir/tor_arm.zip"
 	algorithm 'SHA-256'
 	checksum '83272962eda701cd5d74d2418651c4ff0f0b1dff51f558a292d1a1c42bf12146'
 }
 task verifyTorBinaryArmPie(type: Verify, dependsOn: 'downloadTorBinaryArmPie') {
 	src "$torBinaryDir/tor_arm_pie.zip"
 	algorithm 'SHA-256'
 	checksum 'd0300d1e45de11ebb24ed62b9c492be9c2e88590b7822195ab38c7a76ffcf646'
 }
 task verifyTorBinaryX86(type: Verify, dependsOn: 'downloadTorBinaryX86') {
 	src "$torBinaryDir/tor_x86.zip"
 	algorithm 'SHA-256'
 	checksum 'b8813d97b01ee1b9c9a4233c1b9bbe9f9f6b494ae6f9cbd84de8a3911911615e'
 }
 task verifyTorBinaryX86Pie(type: Verify, dependsOn: 'downloadTorBinaryX86Pie') {
 	src "$torBinaryDir/tor_x86_pie.zip"
 	algorithm 'SHA-256'
 	checksum '9c66e765aa196dc089951a1b2140cc8290305c2fcbf365121f99e01a233baf4e'
 }
 project.afterEvaluate {
-	torBinaries.every { key, value ->
+	preBuild.dependsOn {
-		preBuild.dependsOn.add(verifyBinary(key, value))
+		[
 				'verifyTorGeoIp',
 				'verifyTorBinaryArm',
 				'verifyTorBinaryArmPie',
 				'verifyTorBinaryX86',
 				'verifyTorBinaryX86Pie'
 		]
 	}
 }
--- a/bramble-android/libs/jtorctl-briar.jar
+++ b/bramble-android/libs/jtorctl-briar.jar
--- a/bramble-android/proguard-rules.txt
+++ b/bramble-android/proguard-rules.txt
@@ -8,8 +8,6 @@
 -dontwarn dagger.**
 -dontnote dagger.**
 -keep class net.i2p.crypto.eddsa.** { *; }
 -dontwarn sun.misc.Unsafe
 -dontnote com.google.common.**
--- a/bramble-android/src/main/AndroidManifest.xml
+++ b/bramble-android/src/main/AndroidManifest.xml
@@ -11,6 +11,8 @@
 	<uses-permission android:name="android.permission.INTERNET"/>
 	<uses-permission android:name="android.permission.READ_LOGS"/>
 	<uses-permission android:name="android.permission.WAKE_LOCK"/>
 	<!-- Since API 23, this is needed to add contacts via Bluetooth -->
 	<uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION"/>
 	<application
 		android:allowBackup="false"
--- a/bramble-android/src/main/java/org/briarproject/bramble/plugin/AndroidPluginModule.java
+++ b/bramble-android/src/main/java/org/briarproject/bramble/plugin/AndroidPluginModule.java
@@ -39,13 +39,13 @@ public class AndroidPluginModule {
 			EventBus eventBus) {
 		Context appContext = app.getApplicationContext();
 		DuplexPluginFactory bluetooth = new DroidtoothPluginFactory(ioExecutor,
-				androidExecutor, appContext, random, eventBus, backoffFactory);
+				androidExecutor, appContext, random, backoffFactory);
 		DuplexPluginFactory tor = new TorPluginFactory(ioExecutor, appContext,
 				locationUtils, reporter, eventBus, torSocketFactory,
 				backoffFactory);
 		DuplexPluginFactory lan = new AndroidLanTcpPluginFactory(ioExecutor,
 				backoffFactory, appContext);
-		Collection<DuplexPluginFactory> duplex =
+		final Collection<DuplexPluginFactory> duplex =
 				Arrays.asList(bluetooth, tor, lan);
 		@NotNullByDefault
 		PluginConfig pluginConfig = new PluginConfig() {
--- a/bramble-android/src/main/java/org/briarproject/bramble/plugin/droidtooth/DroidtoothPlugin.java
+++ b/bramble-android/src/main/java/org/briarproject/bramble/plugin/droidtooth/DroidtoothPlugin.java
@@ -11,9 +11,8 @@ import android.content.IntentFilter;
 import org.briarproject.bramble.api.FormatException;
 import org.briarproject.bramble.api.contact.ContactId;
 import org.briarproject.bramble.api.crypto.PseudoRandom;
 import org.briarproject.bramble.api.data.BdfList;
 import org.briarproject.bramble.api.event.Event;
 import org.briarproject.bramble.api.event.EventListener;
 import org.briarproject.bramble.api.keyagreement.KeyAgreementConnection;
 import org.briarproject.bramble.api.keyagreement.KeyAgreementListener;
 import org.briarproject.bramble.api.nullsafety.MethodsNotNullByDefault;
@@ -24,8 +23,6 @@ import org.briarproject.bramble.api.plugin.TransportId;
 import org.briarproject.bramble.api.plugin.duplex.DuplexPlugin;
 import org.briarproject.bramble.api.plugin.duplex.DuplexPluginCallback;
 import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
 import org.briarproject.bramble.api.plugin.event.DisableBluetoothEvent;
 import org.briarproject.bramble.api.plugin.event.EnableBluetoothEvent;
 import org.briarproject.bramble.api.properties.TransportProperties;
 import org.briarproject.bramble.api.system.AndroidExecutor;
 import org.briarproject.bramble.util.AndroidUtils;
@@ -33,14 +30,23 @@ import org.briarproject.bramble.util.StringUtils;
 import java.io.Closeable;
 import java.io.IOException;
 import java.io.InputStream;
 import java.security.SecureRandom;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.List;
 import java.util.Map;
 import java.util.Map.Entry;
 import java.util.UUID;
 import java.util.concurrent.Callable;
 import java.util.concurrent.CompletionService;
 import java.util.concurrent.CopyOnWriteArrayList;
 import java.util.concurrent.CountDownLatch;
 import java.util.concurrent.ExecutionException;
 import java.util.concurrent.Executor;
 import java.util.concurrent.ExecutorCompletionService;
 import java.util.concurrent.Future;
 import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.logging.Logger;
@@ -55,11 +61,12 @@ import static android.bluetooth.BluetoothAdapter.SCAN_MODE_CONNECTABLE_DISCOVERA
 import static android.bluetooth.BluetoothAdapter.SCAN_MODE_NONE;
 import static android.bluetooth.BluetoothAdapter.STATE_OFF;
 import static android.bluetooth.BluetoothAdapter.STATE_ON;
 import static android.bluetooth.BluetoothDevice.EXTRA_DEVICE;
 import static java.util.concurrent.TimeUnit.MILLISECONDS;
 import static java.util.logging.Level.INFO;
 import static java.util.logging.Level.WARNING;
 import static org.briarproject.bramble.api.keyagreement.KeyAgreementConstants.TRANSPORT_ID_BLUETOOTH;
 import static org.briarproject.bramble.api.plugin.BluetoothConstants.ID;
 import static org.briarproject.bramble.api.plugin.BluetoothConstants.PREF_BT_ENABLE;
 import static org.briarproject.bramble.api.plugin.BluetoothConstants.PROP_ADDRESS;
 import static org.briarproject.bramble.api.plugin.BluetoothConstants.PROP_UUID;
 import static org.briarproject.bramble.api.plugin.BluetoothConstants.UUID_BYTES;
@@ -67,10 +74,14 @@ import static org.briarproject.bramble.util.PrivacyUtils.scrubMacAddress;
@MethodsNotNullByDefault
@ParametersNotNullByDefault
-class DroidtoothPlugin implements DuplexPlugin, EventListener {
+class DroidtoothPlugin implements DuplexPlugin {
 	private static final Logger LOG =
 			Logger.getLogger(DroidtoothPlugin.class.getName());
 	private static final String FOUND =
 			"android.bluetooth.device.action.FOUND";
 	private static final String DISCOVERY_FINISHED =
 			"android.bluetooth.adapter.action.DISCOVERY_FINISHED";
 	private final Executor ioExecutor;
 	private final AndroidExecutor androidExecutor;
@@ -124,7 +135,12 @@ class DroidtoothPlugin implements DuplexPlugin, EventListener {
 		// with a message queue, so submit it to the AndroidExecutor
 		try {
 			adapter = androidExecutor.runOnBackgroundThread(
-					BluetoothAdapter::getDefaultAdapter).get();
+					new Callable<BluetoothAdapter>() {
 						@Override
 						public BluetoothAdapter call() throws Exception {
 							return BluetoothAdapter.getDefaultAdapter();
 						}
 					}).get();
 		} catch (InterruptedException e) {
 			Thread.currentThread().interrupt();
 			LOG.warning("Interrupted while getting BluetoothAdapter");
@@ -148,8 +164,10 @@ class DroidtoothPlugin implements DuplexPlugin, EventListener {
 			bind();
 		} else {
 			// Enable Bluetooth if settings allow
-			if (callback.getSettings().getBoolean(PREF_BT_ENABLE, false)) {
+			if (callback.getSettings().getBoolean("enable", false)) {
-				enableAdapter();
+				wasEnabledByUs = true;
 				if (adapter.enable()) LOG.info("Enabling Bluetooth");
 				else LOG.info("Could not enable Bluetooth");
 			} else {
 				LOG.info("Not enabling Bluetooth");
 			}
@@ -157,36 +175,40 @@ class DroidtoothPlugin implements DuplexPlugin, EventListener {
 	}
 	private void bind() {
-		ioExecutor.execute(() -> {
+		ioExecutor.execute(new Runnable() {
-			if (!isRunning()) return;
+			@Override
-			String address = AndroidUtils.getBluetoothAddress(appContext,
+			public void run() {
-					adapter);
+				if (!isRunning()) return;
-			if (LOG.isLoggable(INFO))
+				String address = AndroidUtils.getBluetoothAddress(appContext,
-				LOG.info("Local address " + scrubMacAddress(address));
+						adapter);
-			if (!StringUtils.isNullOrEmpty(address)) {
+				if (LOG.isLoggable(INFO))
-				// Advertise the Bluetooth address to contacts
+					LOG.info("Local address " + scrubMacAddress(address));
-				TransportProperties p = new TransportProperties();
+				if (!StringUtils.isNullOrEmpty(address)) {
-				p.put(PROP_ADDRESS, address);
+					// Advertise the Bluetooth address to contacts
-				callback.mergeLocalProperties(p);
+					TransportProperties p = new TransportProperties();
 					p.put(PROP_ADDRESS, address);
 					callback.mergeLocalProperties(p);
 				}
 				// Bind a server socket to accept connections from contacts
 				BluetoothServerSocket ss;
 				try {
 					ss = adapter.listenUsingInsecureRfcommWithServiceRecord(
 							"RFCOMM", getUuid());
 				} catch (IOException e) {
 					if (LOG.isLoggable(WARNING))
 						LOG.log(WARNING, e.toString(), e);
 					return;
 				}
 				if (!isRunning()) {
 					tryToClose(ss);
 					return;
 				}
 				LOG.info("Socket bound");
 				socket = ss;
 				backoff.reset();
 				callback.transportEnabled();
 				acceptContactConnections();
 			}
 			// Bind a server socket to accept connections from contacts
 			BluetoothServerSocket ss;
 			try {
 				ss = adapter.listenUsingInsecureRfcommWithServiceRecord(
 						"RFCOMM", getUuid());
 			} catch (IOException e) {
 				if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
 				return;
 			}
 			if (!isRunning()) {
 				tryToClose(ss);
 				return;
 			}
 			LOG.info("Socket bound");
 			socket = ss;
 			backoff.reset();
 			callback.transportEnabled();
 			acceptContactConnections();
 		});
 	}
@@ -236,27 +258,13 @@ class DroidtoothPlugin implements DuplexPlugin, EventListener {
 		return new DroidtoothTransportConnection(this, s);
 	}
 	private void enableAdapter() {
 		if (adapter != null && !adapter.isEnabled()) {
 			if (adapter.enable()) {
 				LOG.info("Enabling Bluetooth");
 				wasEnabledByUs = true;
 			} else {
 				LOG.info("Could not enable Bluetooth");
 			}
 		}
 	}
 	@Override
 	public void stop() {
 		running = false;
 		if (receiver != null) appContext.unregisterReceiver(receiver);
 		tryToClose(socket);
-		disableAdapter();
+		// Disable Bluetooth if we enabled it and it's still enabled
-	}
+		if (wasEnabledByUs && adapter.isEnabled()) {
 	private void disableAdapter() {
 		if (adapter != null && adapter.isEnabled() && wasEnabledByUs) {
 			if (adapter.disable()) LOG.info("Disabling Bluetooth");
 			else LOG.info("Could not disable Bluetooth");
 		}
@@ -285,18 +293,21 @@ class DroidtoothPlugin implements DuplexPlugin, EventListener {
 		Map<ContactId, TransportProperties> remote =
 				callback.getRemoteProperties();
 		for (Entry<ContactId, TransportProperties> e : remote.entrySet()) {
-			ContactId c = e.getKey();
+			final ContactId c = e.getKey();
 			if (connected.contains(c)) continue;
-			String address = e.getValue().get(PROP_ADDRESS);
+			final String address = e.getValue().get(PROP_ADDRESS);
 			if (StringUtils.isNullOrEmpty(address)) continue;
-			String uuid = e.getValue().get(PROP_UUID);
+			final String uuid = e.getValue().get(PROP_UUID);
 			if (StringUtils.isNullOrEmpty(uuid)) continue;
-			ioExecutor.execute(() -> {
+			ioExecutor.execute(new Runnable() {
-				if (!running) return;
+				@Override
-				BluetoothSocket s = connect(address, uuid);
+				public void run() {
-				if (s != null) {
+					if (!running) return;
-					backoff.reset();
+					BluetoothSocket s = connect(address, uuid);
-					callback.outgoingConnectionCreated(c, wrapSocket(s));
+					if (s != null) {
 						backoff.reset();
 						callback.outgoingConnectionCreated(c, wrapSocket(s));
 					}
 				}
 			});
 		}
@@ -351,7 +362,8 @@ class DroidtoothPlugin implements DuplexPlugin, EventListener {
 	@Override
 	public DuplexTransportConnection createConnection(ContactId c) {
 		if (!isRunning()) return null;
-		TransportProperties p = callback.getRemoteProperties(c);
+		TransportProperties p = callback.getRemoteProperties().get(c);
 		if (p == null) return null;
 		String address = p.get(PROP_ADDRESS);
 		if (StringUtils.isNullOrEmpty(address)) return null;
 		String uuid = p.get(PROP_UUID);
@@ -361,6 +373,90 @@ class DroidtoothPlugin implements DuplexPlugin, EventListener {
 		return new DroidtoothTransportConnection(this, s);
 	}
 	@Override
 	public boolean supportsInvitations() {
 		return true;
 	}
 	@Override
 	public DuplexTransportConnection createInvitationConnection(PseudoRandom r,
 			long timeout, boolean alice) {
 		if (!isRunning()) return null;
 		// Use the invitation codes to generate the UUID
 		byte[] b = r.nextBytes(UUID_BYTES);
 		UUID uuid = UUID.nameUUIDFromBytes(b);
 		if (LOG.isLoggable(INFO)) LOG.info("Invitation UUID " + uuid);
 		// Bind a server socket for receiving invitation connections
 		BluetoothServerSocket ss;
 		try {
 			ss = adapter.listenUsingInsecureRfcommWithServiceRecord(
 					"RFCOMM", uuid);
 		} catch (IOException e) {
 			if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
 			return null;
 		}
 		// Create the background tasks
 		CompletionService<BluetoothSocket> complete =
 				new ExecutorCompletionService<>(ioExecutor);
 		List<Future<BluetoothSocket>> futures = new ArrayList<>();
 		if (alice) {
 			// Return the first connected socket
 			futures.add(complete.submit(new ListeningTask(ss)));
 			futures.add(complete.submit(new DiscoveryTask(uuid.toString())));
 		} else {
 			// Return the first socket with readable data
 			futures.add(complete.submit(new ReadableTask(
 					new ListeningTask(ss))));
 			futures.add(complete.submit(new ReadableTask(
 					new DiscoveryTask(uuid.toString()))));
 		}
 		BluetoothSocket chosen = null;
 		try {
 			Future<BluetoothSocket> f = complete.poll(timeout, MILLISECONDS);
 			if (f == null) return null; // No task completed within the timeout
 			chosen = f.get();
 			return new DroidtoothTransportConnection(this, chosen);
 		} catch (InterruptedException e) {
 			LOG.info("Interrupted while exchanging invitations");
 			Thread.currentThread().interrupt();
 			return null;
 		} catch (ExecutionException e) {
 			if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
 			return null;
 		} finally {
 			// Closing the socket will terminate the listener task
 			tryToClose(ss);
 			closeSockets(futures, chosen);
 		}
 	}
 	private void closeSockets(final List<Future<BluetoothSocket>> futures,
 			@Nullable final BluetoothSocket chosen) {
 		ioExecutor.execute(new Runnable() {
 			@Override
 			public void run() {
 				for (Future<BluetoothSocket> f : futures) {
 					try {
 						if (f.cancel(true)) {
 							LOG.info("Cancelled task");
 						} else {
 							BluetoothSocket s = f.get();
 							if (s != null && s != chosen) {
 								LOG.info("Closing unwanted socket");
 								s.close();
 							}
 						}
 					} catch (InterruptedException e) {
 						LOG.info("Interrupted while closing sockets");
 						return;
 					} catch (ExecutionException | IOException e) {
 						if (LOG.isLoggable(INFO)) LOG.info(e.toString());
 					}
 				}
 			}
 		});
 	}
 	@Override
 	public boolean supportsKeyAgreement() {
 		return true;
@@ -375,7 +471,7 @@ class DroidtoothPlugin implements DuplexPlugin, EventListener {
 		// No truncation necessary because COMMIT_LENGTH = 16
 		UUID uuid = UUID.nameUUIDFromBytes(commitment);
 		if (LOG.isLoggable(INFO)) LOG.info("Key agreement UUID " + uuid);
-		// Bind a server socket for receiving key agreement connections
+		// Bind a server socket for receiving invitation connections
 		BluetoothServerSocket ss;
 		try {
 			ss = adapter.listenUsingInsecureRfcommWithServiceRecord(
@@ -416,23 +512,6 @@ class DroidtoothPlugin implements DuplexPlugin, EventListener {
 		return StringUtils.macToString(mac);
 	}
 	@Override
 	public void eventOccurred(Event e) {
 		if (e instanceof EnableBluetoothEvent) {
 			enableAdapterAsync();
 		} else if (e instanceof DisableBluetoothEvent) {
 			disableAdapterAsync();
 		}
 	}
 	private void enableAdapterAsync() {
 		ioExecutor.execute(this::enableAdapter);
 	}
 	private void disableAdapterAsync() {
 		ioExecutor.execute(this::disableAdapter);
 	}
 	private class BluetoothStateReceiver extends BroadcastReceiver {
 		@Override
@@ -456,6 +535,115 @@ class DroidtoothPlugin implements DuplexPlugin, EventListener {
 		}
 	}
 	private class DiscoveryTask implements Callable<BluetoothSocket> {
 		private final String uuid;
 		private DiscoveryTask(String uuid) {
 			this.uuid = uuid;
 		}
 		@Override
 		public BluetoothSocket call() throws Exception {
 			// Repeat discovery until we connect or get interrupted
 			while (true) {
 				// Discover nearby devices
 				LOG.info("Discovering nearby devices");
 				List<String> addresses = discoverDevices();
 				if (addresses.isEmpty()) {
 					LOG.info("No devices discovered");
 					continue;
 				}
 				// Connect to any device with the right UUID
 				for (String address : addresses) {
 					BluetoothSocket s = connect(address, uuid);
 					if (s != null) {
 						LOG.info("Outgoing connection");
 						return s;
 					}
 				}
 			}
 		}
 		private List<String> discoverDevices() throws InterruptedException {
 			IntentFilter filter = new IntentFilter();
 			filter.addAction(FOUND);
 			filter.addAction(DISCOVERY_FINISHED);
 			DiscoveryReceiver disco = new DiscoveryReceiver();
 			appContext.registerReceiver(disco, filter);
 			LOG.info("Starting discovery");
 			adapter.startDiscovery();
 			return disco.waitForAddresses();
 		}
 	}
 	private static class DiscoveryReceiver extends BroadcastReceiver {
 		private final CountDownLatch finished = new CountDownLatch(1);
 		private final List<String> addresses = new CopyOnWriteArrayList<>();
 		@Override
 		public void onReceive(Context ctx, Intent intent) {
 			String action = intent.getAction();
 			if (action.equals(DISCOVERY_FINISHED)) {
 				LOG.info("Discovery finished");
 				ctx.unregisterReceiver(this);
 				finished.countDown();
 			} else if (action.equals(FOUND)) {
 				BluetoothDevice d = intent.getParcelableExtra(EXTRA_DEVICE);
 				if (LOG.isLoggable(INFO)) {
 					LOG.info("Discovered device: " +
 							scrubMacAddress(d.getAddress()));
 				}
 				addresses.add(d.getAddress());
 			}
 		}
 		private List<String> waitForAddresses() throws InterruptedException {
 			finished.await();
 			List<String> shuffled = new ArrayList<>(addresses);
 			Collections.shuffle(shuffled);
 			return shuffled;
 		}
 	}
 	private static class ListeningTask implements Callable<BluetoothSocket> {
 		private final BluetoothServerSocket serverSocket;
 		private ListeningTask(BluetoothServerSocket serverSocket) {
 			this.serverSocket = serverSocket;
 		}
 		@Override
 		public BluetoothSocket call() throws IOException {
 			BluetoothSocket s = serverSocket.accept();
 			LOG.info("Incoming connection");
 			return s;
 		}
 	}
 	private static class ReadableTask implements Callable<BluetoothSocket> {
 		private final Callable<BluetoothSocket> connectionTask;
 		private ReadableTask(Callable<BluetoothSocket> connectionTask) {
 			this.connectionTask = connectionTask;
 		}
 		@Override
 		public BluetoothSocket call() throws Exception {
 			BluetoothSocket s = connectionTask.call();
 			InputStream in = s.getInputStream();
 			while (in.available() == 0) {
 				LOG.info("Waiting for data");
 				Thread.sleep(1000);
 			}
 			LOG.info("Data available");
 			return s;
 		}
 	}
 	private class BluetoothKeyAgreementListener extends KeyAgreementListener {
 		private final BluetoothServerSocket ss;
@@ -468,13 +656,16 @@ class DroidtoothPlugin implements DuplexPlugin, EventListener {
 		@Override
 		public Callable<KeyAgreementConnection> listen() {
-			return () -> {
+			return new Callable<KeyAgreementConnection>() {
-				BluetoothSocket s = ss.accept();
+				@Override
-				if (LOG.isLoggable(INFO))
+				public KeyAgreementConnection call() throws IOException {
-					LOG.info(ID.getString() + ": Incoming connection");
+					BluetoothSocket s = ss.accept();
-				return new KeyAgreementConnection(
+					if (LOG.isLoggable(INFO))
-						new DroidtoothTransportConnection(
+						LOG.info(ID.getString() + ": Incoming connection");
-								DroidtoothPlugin.this, s), ID);
+					return new KeyAgreementConnection(
 							new DroidtoothTransportConnection(
 									DroidtoothPlugin.this, s), ID);
 				}
 			};
 		}
--- a/bramble-android/src/main/java/org/briarproject/bramble/plugin/droidtooth/DroidtoothPluginFactory.java
+++ b/bramble-android/src/main/java/org/briarproject/bramble/plugin/droidtooth/DroidtoothPluginFactory.java
@@ -2,7 +2,6 @@ package org.briarproject.bramble.plugin.droidtooth;
 import android.content.Context;
 import org.briarproject.bramble.api.event.EventBus;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.Backoff;
 import org.briarproject.bramble.api.plugin.BackoffFactory;
@@ -32,18 +31,15 @@ public class DroidtoothPluginFactory implements DuplexPluginFactory {
 	private final AndroidExecutor androidExecutor;
 	private final Context appContext;
 	private final SecureRandom secureRandom;
 	private final EventBus eventBus;
 	private final BackoffFactory backoffFactory;
 	public DroidtoothPluginFactory(Executor ioExecutor,
 			AndroidExecutor androidExecutor, Context appContext,
-			SecureRandom secureRandom, EventBus eventBus,
+			SecureRandom secureRandom, BackoffFactory backoffFactory) {
 			BackoffFactory backoffFactory) {
 		this.ioExecutor = ioExecutor;
 		this.androidExecutor = androidExecutor;
 		this.appContext = appContext;
 		this.secureRandom = secureRandom;
 		this.eventBus = eventBus;
 		this.backoffFactory = backoffFactory;
 	}
@@ -61,10 +57,7 @@ public class DroidtoothPluginFactory implements DuplexPluginFactory {
 	public DuplexPlugin createPlugin(DuplexPluginCallback callback) {
 		Backoff backoff = backoffFactory.createBackoff(MIN_POLLING_INTERVAL,
 				MAX_POLLING_INTERVAL, BACKOFF_BASE);
-		DroidtoothPlugin plugin = new DroidtoothPlugin(ioExecutor,
+		return new DroidtoothPlugin(ioExecutor, androidExecutor, appContext,
-				androidExecutor, appContext, secureRandom, backoff, callback,
+				secureRandom, backoff, callback, MAX_LATENCY);
 				MAX_LATENCY);
 		eventBus.addListener(plugin);
 		return plugin;
 	}
 }
--- a/bramble-android/src/main/java/org/briarproject/bramble/plugin/tor/TorPlugin.java
+++ b/bramble-android/src/main/java/org/briarproject/bramble/plugin/tor/TorPlugin.java
@@ -17,6 +17,7 @@ import net.freehaven.tor.control.EventHandler;
 import net.freehaven.tor.control.TorControlConnection;
 import org.briarproject.bramble.api.contact.ContactId;
 import org.briarproject.bramble.api.crypto.PseudoRandom;
 import org.briarproject.bramble.api.data.BdfList;
 import org.briarproject.bramble.api.event.Event;
 import org.briarproject.bramble.api.event.EventListener;
@@ -55,7 +56,6 @@ import java.util.Collection;
 import java.util.Collections;
 import java.util.List;
 import java.util.Map;
 import java.util.Map.Entry;
 import java.util.Scanner;
 import java.util.concurrent.CountDownLatch;
 import java.util.concurrent.Executor;
@@ -79,19 +79,13 @@ import static java.util.logging.Level.WARNING;
 import static net.freehaven.tor.control.TorControlCommands.HS_ADDRESS;
 import static net.freehaven.tor.control.TorControlCommands.HS_PRIVKEY;
 import static org.briarproject.bramble.api.plugin.TorConstants.CONTROL_PORT;
 import static org.briarproject.bramble.api.plugin.TorConstants.ID;
 import static org.briarproject.bramble.api.plugin.TorConstants.PREF_TOR_NETWORK;
 import static org.briarproject.bramble.api.plugin.TorConstants.PREF_TOR_NETWORK_ALWAYS;
 import static org.briarproject.bramble.api.plugin.TorConstants.PREF_TOR_NETWORK_NEVER;
 import static org.briarproject.bramble.api.plugin.TorConstants.PREF_TOR_NETWORK_WIFI;
 import static org.briarproject.bramble.api.plugin.TorConstants.PREF_TOR_PORT;
 import static org.briarproject.bramble.api.plugin.TorConstants.PROP_ONION;
 import static org.briarproject.bramble.util.PrivacyUtils.scrubOnion;
@MethodsNotNullByDefault
@ParametersNotNullByDefault
 class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 	private static final String PROP_ONION = "onion";
 	private static final String[] EVENTS = {
 			"CIRC", "ORCONN", "HS_DESC", "NOTICE", "WARN", "ERR"
 	};
@@ -149,8 +143,7 @@ class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 		cookieFile = new File(torDirectory, ".tor/control_auth_cookie");
 		Object o = appContext.getSystemService(POWER_SERVICE);
 		PowerManager pm = (PowerManager) o;
-		// This tag will prevent Huawei's powermanager from killing us.
+		wakeLock = pm.newWakeLock(PARTIAL_WAKE_LOCK, "TorPlugin");
 		wakeLock = pm.newWakeLock(PARTIAL_WAKE_LOCK, "LocationManagerService");
 		wakeLock.setReferenceCounted(false);
 	}
@@ -189,31 +182,19 @@ class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 		String torPath = torFile.getAbsolutePath();
 		String configPath = configFile.getAbsolutePath();
 		String pid = String.valueOf(android.os.Process.myPid());
 		String[] cmd = {torPath, "-f", configPath, OWNER, pid};
 		String[] env = {"HOME=" + torDirectory.getAbsolutePath()};
 		Process torProcess;
 		ProcessBuilder pb =
 				new ProcessBuilder(torPath, "-f", configPath, OWNER, pid);
 		Map<String, String> env = pb.environment();
 		env.put("HOME", torDirectory.getAbsolutePath());
 		pb.directory(torDirectory);
 		try {
-			torProcess = pb.start();
+			torProcess = Runtime.getRuntime().exec(cmd, env, torDirectory);
 		} catch (SecurityException | IOException e) {
 			throw new PluginException(e);
 		}
 		// Log the process's standard output until it detaches
 		if (LOG.isLoggable(INFO)) {
 			Scanner stdout = new Scanner(torProcess.getInputStream());
-			Scanner stderr = new Scanner(torProcess.getErrorStream());
+			while (stdout.hasNextLine()) LOG.info(stdout.nextLine());
 			while (stdout.hasNextLine() || stderr.hasNextLine()){
 				if(stdout.hasNextLine()) {
 					LOG.info(stdout.nextLine());
 				}
 				if(stderr.hasNextLine()){
 					LOG.info(stderr.nextLine());
 				}
 			}
 			stdout.close();
 			stderr.close();
 		}
 		try {
 			// Wait for the process to detach or exit
@@ -370,45 +351,57 @@ class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 	}
 	private void sendDevReports() {
-		ioExecutor.execute(() -> {
+		ioExecutor.execute(new Runnable() {
-			// TODO: Trigger this with a TransportEnabledEvent
+			@Override
-			File reportDir = AndroidUtils.getReportDir(appContext);
+			public void run() {
-			reporter.sendReports(reportDir);
+				// TODO: Trigger this with a TransportEnabledEvent
 				File reportDir = AndroidUtils.getReportDir(appContext);
 				reporter.sendReports(reportDir);
 			}
 		});
 	}
 	private void bind() {
-		ioExecutor.execute(() -> {
+		ioExecutor.execute(new Runnable() {
-			// If there's already a port number stored in config, reuse it
+			@Override
-			String portString = callback.getSettings().get(PREF_TOR_PORT);
+			public void run() {
-			int port;
+				// If there's already a port number stored in config, reuse it
-			if (StringUtils.isNullOrEmpty(portString)) port = 0;
+				String portString = callback.getSettings().get("port");
-			else port = Integer.parseInt(portString);
+				int port;
-			// Bind a server socket to receive connections from Tor
+				if (StringUtils.isNullOrEmpty(portString)) port = 0;
-			ServerSocket ss = null;
+				else port = Integer.parseInt(portString);
-			try {
+				// Bind a server socket to receive connections from Tor
-				ss = new ServerSocket();
+				ServerSocket ss = null;
-				ss.bind(new InetSocketAddress("127.0.0.1", port));
+				try {
-			} catch (IOException e) {
+					ss = new ServerSocket();
-				if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
+					ss.bind(new InetSocketAddress("127.0.0.1", port));
-				tryToClose(ss);
+				} catch (IOException e) {
-				return;
+					if (LOG.isLoggable(WARNING))
 						LOG.log(WARNING, e.toString(), e);
 					tryToClose(ss);
 					return;
 				}
 				if (!running) {
 					tryToClose(ss);
 					return;
 				}
 				socket = ss;
 				// Store the port number
 				final String localPort = String.valueOf(ss.getLocalPort());
 				Settings s = new Settings();
 				s.put("port", localPort);
 				callback.mergeSettings(s);
 				// Create a hidden service if necessary
 				ioExecutor.execute(new Runnable() {
 					@Override
 					public void run() {
 						publishHiddenService(localPort);
 					}
 				});
 				backoff.reset();
 				// Accept incoming hidden service connections from Tor
 				acceptContactConnections(ss);
 			}
 			if (!running) {
 				tryToClose(ss);
 				return;
 			}
 			socket = ss;
 			// Store the port number
 			String localPort = String.valueOf(ss.getLocalPort());
 			Settings s = new Settings();
 			s.put(PREF_TOR_PORT, localPort);
 			callback.mergeSettings(s);
 			// Create a hidden service if necessary
 			ioExecutor.execute(() -> publishHiddenService(localPort));
 			backoff.reset();
 			// Accept incoming hidden service connections from Tor
 			acceptContactConnections(ss);
 		});
 	}
@@ -528,21 +521,20 @@ class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 	public void poll(Collection<ContactId> connected) {
 		if (!isRunning()) return;
 		backoff.increment();
-		Map<ContactId, TransportProperties> remote =
+		// TODO: Pass properties to connectAndCallBack()
-				callback.getRemoteProperties();
+		for (ContactId c : callback.getRemoteProperties().keySet())
-		for (Entry<ContactId, TransportProperties> e : remote.entrySet()) {
+			if (!connected.contains(c)) connectAndCallBack(c);
 			ContactId c = e.getKey();
 			if (!connected.contains(c)) connectAndCallBack(c, e.getValue());
 		}
 	}
-	private void connectAndCallBack(ContactId c, TransportProperties p) {
+	private void connectAndCallBack(final ContactId c) {
-		ioExecutor.execute(() -> {
+		ioExecutor.execute(new Runnable() {
-			if (!isRunning()) return;
+			@Override
-			DuplexTransportConnection d = createConnection(p);
+			public void run() {
-			if (d != null) {
+				DuplexTransportConnection d = createConnection(c);
-				backoff.reset();
+				if (d != null) {
-				callback.outgoingConnectionCreated(c, d);
+					backoff.reset();
 					callback.outgoingConnectionCreated(c, d);
 				}
 			}
 		});
 	}
@@ -550,11 +542,8 @@ class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 	@Override
 	public DuplexTransportConnection createConnection(ContactId c) {
 		if (!isRunning()) return null;
-		return createConnection(callback.getRemoteProperties(c));
+		TransportProperties p = callback.getRemoteProperties().get(c);
-	}
+		if (p == null) return null;
 	@Nullable
 	private DuplexTransportConnection createConnection(TransportProperties p) {
 		String onion = p.get(PROP_ONION);
 		if (StringUtils.isNullOrEmpty(onion)) return null;
 		if (!ONION.matcher(onion).matches()) {
@@ -582,6 +571,17 @@ class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 		}
 	}
 	@Override
 	public boolean supportsInvitations() {
 		return false;
 	}
 	@Override
 	public DuplexTransportConnection createInvitationConnection(PseudoRandom r,
 			long timeout, boolean alice) {
 		throw new UnsupportedOperationException();
 	}
 	@Override
 	public boolean supportsKeyAgreement() {
 		return false;
@@ -666,8 +666,7 @@ class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 	@Override
 	public void eventOccurred(Event e) {
 		if (e instanceof SettingsUpdatedEvent) {
-			SettingsUpdatedEvent s = (SettingsUpdatedEvent) e;
+			if (((SettingsUpdatedEvent) e).getNamespace().equals("tor")) {
 			if (s.getNamespace().equals(ID.getString())) {
 				LOG.info("Tor settings updated");
 				updateConnectionStatus();
 			}
@@ -675,43 +674,46 @@ class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 	}
 	private void updateConnectionStatus() {
-		ioExecutor.execute(() -> {
+		ioExecutor.execute(new Runnable() {
-			if (!running) return;
+			@Override
 			public void run() {
 				if (!running) return;
-			Object o = appContext.getSystemService(CONNECTIVITY_SERVICE);
+				Object o = appContext.getSystemService(CONNECTIVITY_SERVICE);
-			ConnectivityManager cm = (ConnectivityManager) o;
+				ConnectivityManager cm = (ConnectivityManager) o;
-			NetworkInfo net = cm.getActiveNetworkInfo();
+				NetworkInfo net = cm.getActiveNetworkInfo();
-			boolean online = net != null && net.isConnected();
+				boolean online = net != null && net.isConnected();
-			boolean wifi = online && net.getType() == TYPE_WIFI;
+				boolean wifi = online && net.getType() == TYPE_WIFI;
-			String country = locationUtils.getCurrentCountry();
+				String country = locationUtils.getCurrentCountry();
-			boolean blocked = TorNetworkMetadata.isTorProbablyBlocked(
+				boolean blocked = TorNetworkMetadata.isTorProbablyBlocked(
-					country);
+						country);
-			Settings s = callback.getSettings();
+				Settings s = callback.getSettings();
-			int network = s.getInt(PREF_TOR_NETWORK, PREF_TOR_NETWORK_ALWAYS);
+				boolean useMobileData = s.getBoolean("torOverMobile", true);
-			if (LOG.isLoggable(INFO)) {
+				if (LOG.isLoggable(INFO)) {
-				LOG.info("Online: " + online + ", wifi: " + wifi);
+					LOG.info("Online: " + online + ", wifi: " + wifi);
-				if ("".equals(country)) LOG.info("Country code unknown");
+					if ("".equals(country)) LOG.info("Country code unknown");
-				else LOG.info("Country code: " + country);
+					else LOG.info("Country code: " + country);
-			}
+				}
-
+
-			try {
+				try {
-				if (!online) {
+					if (!online) {
-					LOG.info("Disabling network, device is offline");
+						LOG.info("Disabling network, device is offline");
-					enableNetwork(false);
+						enableNetwork(false);
-				} else if (blocked) {
+					} else if (blocked) {
-					LOG.info("Disabling network, country is blocked");
+						LOG.info("Disabling network, country is blocked");
-					enableNetwork(false);
+						enableNetwork(false);
-				} else if (network == PREF_TOR_NETWORK_NEVER
+					} else if (!wifi && !useMobileData) {
-						|| (network == PREF_TOR_NETWORK_WIFI && !wifi)) {
+						LOG.info("Disabling network due to data setting");
-					LOG.info("Disabling network due to data setting");
+						enableNetwork(false);
-					enableNetwork(false);
+					} else {
-				} else {
+						LOG.info("Enabling network");
-					LOG.info("Enabling network");
+						enableNetwork(true);
-					enableNetwork(true);
+					}
 				} catch (IOException e) {
 					if (LOG.isLoggable(WARNING))
 						LOG.log(WARNING, e.toString(), e);
 				}
 			} catch (IOException e) {
 				if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
 			}
 		});
 	}
--- a/bramble-android/src/main/java/org/briarproject/bramble/plugin/tor/TorTransportConnection.java
+++ b/bramble-android/src/main/java/org/briarproject/bramble/plugin/tor/TorTransportConnection.java
@@ -3,7 +3,6 @@ package org.briarproject.bramble.plugin.tor;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.Plugin;
 import org.briarproject.bramble.api.plugin.duplex.AbstractDuplexTransportConnection;
 import org.briarproject.bramble.util.IoUtils;
 import java.io.IOException;
 import java.io.InputStream;
@@ -22,12 +21,12 @@ class TorTransportConnection extends AbstractDuplexTransportConnection {
 	@Override
 	protected InputStream getInputStream() throws IOException {
-		return IoUtils.getInputStream(socket);
+		return socket.getInputStream();
 	}
 	@Override
 	protected OutputStream getOutputStream() throws IOException {
-		return IoUtils.getOutputStream(socket);
+		return socket.getOutputStream();
 	}
 	@Override
--- a/bramble-android/src/main/java/org/briarproject/bramble/system/AndroidExecutorImpl.java
+++ b/bramble-android/src/main/java/org/briarproject/bramble/system/AndroidExecutorImpl.java
@@ -27,11 +27,14 @@ class AndroidExecutorImpl implements AndroidExecutor {
 	@Inject
 	AndroidExecutorImpl(Application app) {
 		uiHandler = new Handler(app.getApplicationContext().getMainLooper());
-		loop = () -> {
+		loop = new Runnable() {
-			Looper.prepare();
+			@Override
-			backgroundHandler = new Handler();
+			public void run() {
-			startLatch.countDown();
+				Looper.prepare();
-			Looper.loop();
+				backgroundHandler = new Handler();
 				startLatch.countDown();
 				Looper.loop();
 			}
 		};
 	}
--- a/bramble-android/src/main/java/org/briarproject/bramble/system/AndroidSecureRandomProvider.java
+++ b/bramble-android/src/main/java/org/briarproject/bramble/system/AndroidSecureRandomProvider.java
@@ -1,93 +0,0 @@
 package org.briarproject.bramble.system;
 import android.app.Application;
 import android.bluetooth.BluetoothAdapter;
 import android.bluetooth.BluetoothDevice;
 import android.content.ContentResolver;
 import android.content.Context;
 import android.net.wifi.WifiConfiguration;
 import android.net.wifi.WifiManager;
 import android.os.Build;
 import android.os.Parcel;
 import android.provider.Settings;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import java.io.DataOutputStream;
 import java.io.IOException;
 import java.util.List;
 import javax.annotation.concurrent.Immutable;
 import javax.inject.Inject;
 import static android.content.Context.WIFI_SERVICE;
 import static android.provider.Settings.Secure.ANDROID_ID;
@Immutable
@NotNullByDefault
 class AndroidSecureRandomProvider extends LinuxSecureRandomProvider {
 	private static final int SEED_LENGTH = 32;
 	private final Context appContext;
 	@Inject
 	AndroidSecureRandomProvider(Application app) {
 		appContext = app.getApplicationContext();
 	}
 	@Override
 	protected void writeToEntropyPool(DataOutputStream out) throws IOException {
 		super.writeToEntropyPool(out);
 		out.writeInt(android.os.Process.myPid());
 		out.writeInt(android.os.Process.myTid());
 		out.writeInt(android.os.Process.myUid());
 		if (Build.FINGERPRINT != null) out.writeUTF(Build.FINGERPRINT);
 		if (Build.SERIAL != null) out.writeUTF(Build.SERIAL);
 		ContentResolver contentResolver = appContext.getContentResolver();
 		String id = Settings.Secure.getString(contentResolver, ANDROID_ID);
 		if (id != null) out.writeUTF(id);
 		Parcel parcel = Parcel.obtain();
 		WifiManager wm =
 				(WifiManager) appContext.getSystemService(WIFI_SERVICE);
 		List<WifiConfiguration> configs = wm.getConfiguredNetworks();
 		if (configs != null) {
 			for (WifiConfiguration config : configs)
 				parcel.writeParcelable(config, 0);
 		}
 		BluetoothAdapter bt = BluetoothAdapter.getDefaultAdapter();
 		if (bt != null) {
 			for (BluetoothDevice device : bt.getBondedDevices())
 				parcel.writeParcelable(device, 0);
 		}
 		out.write(parcel.marshall());
 		parcel.recycle();
 	}
 	@Override
 	protected void writeSeed() {
 		super.writeSeed();
 		if (Build.VERSION.SDK_INT >= 16 && Build.VERSION.SDK_INT <= 18)
 			applyOpenSslFix();
 	}
 	// Based on https://android-developers.googleblog.com/2013/08/some-securerandom-thoughts.html
 	private void applyOpenSslFix() {
 		byte[] seed = new LinuxSecureRandomSpi().engineGenerateSeed(
 				SEED_LENGTH);
 		try {
 			// Seed the OpenSSL PRNG
 			Class.forName("org.apache.harmony.xnet.provider.jsse.NativeCrypto")
 					.getMethod("RAND_seed", byte[].class)
 					.invoke(null, seed);
 			// Mix the output of the Linux PRNG into the OpenSSL PRNG
 			int bytesRead = (Integer) Class.forName(
 					"org.apache.harmony.xnet.provider.jsse.NativeCrypto")
 					.getMethod("RAND_load_file", String.class, long.class)
 					.invoke(null, "/dev/urandom", 1024);
 			if (bytesRead != 1024) throw new IOException();
 		} catch (Exception e) {
 			throw new SecurityException(e);
 		}
 	}
 }
--- a/bramble-android/src/main/java/org/briarproject/bramble/system/AndroidSeedProvider.java
+++ b/bramble-android/src/main/java/org/briarproject/bramble/system/AndroidSeedProvider.java
@@ -0,0 +1,42 @@
 package org.briarproject.bramble.system;
 import android.app.Application;
 import android.content.ContentResolver;
 import android.content.Context;
 import android.os.Build;
 import android.provider.Settings;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import java.io.DataOutputStream;
 import java.io.IOException;
 import javax.annotation.concurrent.Immutable;
 import javax.inject.Inject;
 import static android.provider.Settings.Secure.ANDROID_ID;
@Immutable
@NotNullByDefault
 class AndroidSeedProvider extends LinuxSeedProvider {
 	private final Context appContext;
 	@Inject
 	AndroidSeedProvider(Application app) {
 		appContext = app.getApplicationContext();
 	}
 	@Override
 	void writeToEntropyPool(DataOutputStream out) throws IOException {
 		out.writeInt(android.os.Process.myPid());
 		out.writeInt(android.os.Process.myTid());
 		out.writeInt(android.os.Process.myUid());
 		if (Build.FINGERPRINT != null) out.writeUTF(Build.FINGERPRINT);
 		if (Build.SERIAL != null) out.writeUTF(Build.SERIAL);
 		ContentResolver contentResolver = appContext.getContentResolver();
 		String id = Settings.Secure.getString(contentResolver, ANDROID_ID);
 		if (id != null) out.writeUTF(id);
 		super.writeToEntropyPool(out);
 	}
 }
--- a/bramble-android/src/main/java/org/briarproject/bramble/system/AndroidSystemModule.java
+++ b/bramble-android/src/main/java/org/briarproject/bramble/system/AndroidSystemModule.java
@@ -4,7 +4,7 @@ import android.app.Application;
 import org.briarproject.bramble.api.system.AndroidExecutor;
 import org.briarproject.bramble.api.system.LocationUtils;
-import org.briarproject.bramble.api.system.SecureRandomProvider;
+import org.briarproject.bramble.api.system.SeedProvider;
 import javax.inject.Singleton;
@@ -16,8 +16,8 @@ public class AndroidSystemModule {
 	@Provides
 	@Singleton
-	SecureRandomProvider provideSecureRandomProvider(Application app) {
+	SeedProvider provideSeedProvider(Application app) {
-		return new AndroidSecureRandomProvider(app);
+		return new AndroidSeedProvider(app);
 	}
 	@Provides
--- a/bramble-api/build.gradle
+++ b/bramble-api/build.gradle
@@ -1,39 +1,30 @@
-apply plugin: 'java-library'
+apply plugin: 'java'
-sourceCompatibility = 1.8
+sourceCompatibility = 1.6
-targetCompatibility = 1.8
+targetCompatibility = 1.6
 apply plugin: 'witness'
 dependencies {
-	implementation "com.google.dagger:dagger:2.0.2"
+	compile "com.google.dagger:dagger:2.0.2"
-	implementation 'com.google.code.findbugs:jsr305:3.0.2'
+	compile 'com.google.dagger:dagger-compiler:2.0.2'
 	compile 'com.google.code.findbugs:jsr305:3.0.1'
-	testImplementation 'junit:junit:4.12'
+	testCompile 'junit:junit:4.12'
-	testImplementation "org.jmock:jmock:2.8.2"
+	testCompile "org.jmock:jmock:2.8.1"
-	testImplementation "org.jmock:jmock-junit4:2.8.2"
+	testCompile "org.jmock:jmock-junit4:2.8.1"
-	testImplementation "org.jmock:jmock-legacy:2.8.2"
+	testCompile "org.jmock:jmock-legacy:2.8.1"
-	testImplementation "org.hamcrest:hamcrest-library:1.3"
+	testCompile "org.hamcrest:hamcrest-library:1.3"
-	testImplementation "org.hamcrest:hamcrest-core:1.3"
+	testCompile "org.hamcrest:hamcrest-core:1.3"
 }
 dependencyVerification {
 	verify = [
-			'cglib:cglib:3.2.0:cglib-3.2.0.jar:adb13bab79712ad6bdf1bd59f2a3918018a8016e722e8a357065afb9e6690861',
+			'com.google.dagger:dagger:84c0282ed8be73a29e0475d639da030b55dee72369e58dd35ae7d4fe6243dcf9',
-			'com.google.code.findbugs:jsr305:3.0.2:jsr305-3.0.2.jar:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7',
+			'com.google.dagger:dagger-compiler:b74bc9de063dd4c6400b232231f2ef5056145b8fbecbf5382012007dd1c071b3',
-			'com.google.dagger:dagger:2.0.2:dagger-2.0.2.jar:84c0282ed8be73a29e0475d639da030b55dee72369e58dd35ae7d4fe6243dcf9',
+			'com.google.code.findbugs:jsr305:c885ce34249682bc0236b4a7d56efcc12048e6135a5baf7a9cde8ad8cda13fcd',
-			'javax.inject:javax.inject:1:javax.inject-1.jar:91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff',
+			'javax.inject:javax.inject:91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff',
-			'junit:junit:4.12:junit-4.12.jar:59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a',
+			'com.google.dagger:dagger-producers:99ec15e8a0507ba569e7655bc1165ee5e5ca5aa914b3c8f7e2c2458f724edd6b',
-			'org.apache.ant:ant-launcher:1.9.4:ant-launcher-1.9.4.jar:7bccea20b41801ca17bcbc909a78c835d0f443f12d639c77bd6ae3d05861608d',
+			'com.google.guava:guava:d664fbfc03d2e5ce9cab2a44fb01f1d0bf9dfebeccc1a473b1f9ea31f79f6f99',
 			'org.apache.ant:ant:1.9.4:ant-1.9.4.jar:649ae0730251de07b8913f49286d46bba7b92d47c5f332610aa426c4f02161d8',
 			'org.beanshell:bsh:1.3.0:bsh-1.3.0.jar:9b04edc75d19db54f1b4e8b5355e9364384c6cf71eb0a1b9724c159d779879f8',
 			'org.hamcrest:hamcrest-core:1.3:hamcrest-core-1.3.jar:66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9',
 			'org.hamcrest:hamcrest-library:1.3:hamcrest-library-1.3.jar:711d64522f9ec410983bd310934296da134be4254a125080a0416ec178dfad1c',
 			'org.jmock:jmock-junit4:2.8.2:jmock-junit4-2.8.2.jar:f7ee4df4f7bd7b7f1cafad3b99eb74d579f109d5992ff625347352edb55e674c',
 			'org.jmock:jmock-legacy:2.8.2:jmock-legacy-2.8.2.jar:f2b985a5c08a9edb7f37612330c058809da3f6a6d63ce792426ebf8ff0d6d31b',
 			'org.jmock:jmock-testjar:2.8.2:jmock-testjar-2.8.2.jar:8900860f72c474e027cf97fe78dcbf154a1aa7fc62b6845c5fb4e4f3c7bc8760',
 			'org.jmock:jmock:2.8.2:jmock-2.8.2.jar:6c73cb4a2e6dbfb61fd99c9a768539c170ab6568e57846bd60dbf19596b65b16',
 			'org.objenesis:objenesis:2.1:objenesis-2.1.jar:c74330cc6b806c804fd37e74487b4fe5d7c2750c5e15fbc6efa13bdee1bdef80',
 			'org.ow2.asm:asm:5.0.4:asm-5.0.4.jar:896618ed8ae62702521a78bc7be42b7c491a08e6920a15f89a3ecdec31e9a220',
 	]
 }
@@ -48,8 +39,3 @@ task jarTest(type: Jar, dependsOn: testClasses) {
 artifacts {
 	testOutput jarTest
 }
 // If a Java 6 JRE is available, check we're not using any Java 7 or 8 APIs
 tasks.withType(JavaCompile) {
 	useJava6StandardLibrary(it)
 }
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/Bytes.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/Bytes.java
@@ -1,7 +1,6 @@
 package org.briarproject.bramble.api;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.util.StringUtils;
 import java.util.Arrays;
 import java.util.Comparator;
@@ -54,12 +53,6 @@ public class Bytes implements Comparable<Bytes> {
 		return aBytes.length - bBytes.length;
 	}
 	@Override
 	public String toString() {
 		return getClass().getSimpleName() +
 				"(" + StringUtils.toHexString(getBytes()) + ")";
 	}
 	public static class BytesComparator implements Comparator<Bytes> {
 		@Override
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/client/BdfMessageContext.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/client/BdfMessageContext.java
@@ -23,7 +23,7 @@ public class BdfMessageContext {
 	}
 	public BdfMessageContext(BdfDictionary dictionary) {
-		this(dictionary, Collections.emptyList());
+		this(dictionary, Collections.<MessageId>emptyList());
 	}
 	public BdfDictionary getDictionary() {
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/client/ContactGroupFactory.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/client/ContactGroupFactory.java
@@ -12,19 +12,18 @@ public interface ContactGroupFactory {
 	/**
 	 * Creates a group that is not shared with any contacts.
 	 */
-	Group createLocalGroup(ClientId clientId, int clientVersion);
+	Group createLocalGroup(ClientId clientId);
 	/**
 	 * Creates a group for the given client to share with the given contact.
 	 */
-	Group createContactGroup(ClientId clientId, int clientVersion,
+	Group createContactGroup(ClientId clientId, Contact contact);
 			Contact contact);
 	/**
 	 * Creates a group for the given client to share between the given authors
 	 * identified by their AuthorIds.
 	 */
-	Group createContactGroup(ClientId clientId, int clientVersion,
+	Group createContactGroup(ClientId clientId, AuthorId authorId1,
-			AuthorId authorId1, AuthorId authorId2);
+			AuthorId authorId2);
 }
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/contact/ContactExchangeTask.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/contact/ContactExchangeTask.java
@@ -12,32 +12,6 @@ import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
@NotNullByDefault
 public interface ContactExchangeTask {
 	/**
 	 * The current version of the contact exchange protocol
 	 */
 	int PROTOCOL_VERSION = 0;
 	/**
 	 * Label for deriving Alice's header key from the master secret.
 	 */
 	String ALICE_KEY_LABEL =
 			"org.briarproject.bramble.contact/ALICE_HEADER_KEY";
 	/**
 	 * Label for deriving Bob's header key from the master secret.
 	 */
 	String BOB_KEY_LABEL = "org.briarproject.bramble.contact/BOB_HEADER_KEY";
 	/**
 	 * Label for deriving Alice's key binding nonce from the master secret.
 	 */
 	String ALICE_NONCE_LABEL = "org.briarproject.bramble.contact/ALICE_NONCE";
 	/**
 	 * Label for deriving Bob's key binding nonce from the master secret.
 	 */
 	String BOB_NONCE_LABEL = "org.briarproject.bramble.contact/BOB_NONCE";
 	/**
 	 * Exchanges contact information with a remote peer.
 	 */
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/crypto/CryptoComponent.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/crypto/CryptoComponent.java
@@ -1,5 +1,8 @@
 package org.briarproject.bramble.api.crypto;
 import org.briarproject.bramble.api.plugin.TransportId;
 import org.briarproject.bramble.api.transport.TransportKeys;
 import java.security.GeneralSecurityException;
 import java.security.SecureRandom;
@@ -7,6 +10,8 @@ public interface CryptoComponent {
 	SecretKey generateSecretKey();
 	PseudoRandom getPseudoRandom(int seed1, int seed2);
 	SecureRandom getSecureRandom();
 	KeyPair generateAgreementKeyPair();
@@ -17,98 +22,164 @@ public interface CryptoComponent {
 	KeyParser getSignatureKeyParser();
 	KeyPair generateEdKeyPair();
 	KeyParser getEdKeyParser();
 	KeyParser getMessageKeyParser();
 	/** Generates a random invitation code. */
 	int generateBTInvitationCode();
 	/**
-	 * Derives another secret key from the given secret key.
+	 * Derives a confirmation code from the given master secret.
-	 *
+	 * @param alice whether the code is for use by Alice or Bob.
 	 * @param label a namespaced label indicating the purpose of the derived
 	 * key, to prevent it from being repurposed or colliding with a key derived
 	 * for another purpose
 	 */
-	SecretKey deriveKey(String label, SecretKey k, byte[]... inputs);
+	int deriveBTConfirmationCode(SecretKey master, boolean alice);
 	/**
 	 * Derives a stream header key from the given master secret.
 	 * @param alice whether the key is for use by Alice or Bob.
 	 */
 	SecretKey deriveHeaderKey(SecretKey master, boolean alice);
 	/**
 	 * Derives a message authentication code key from the given master secret.
 	 * @param alice whether the key is for use by Alice or Bob.
 	 */
 	SecretKey deriveMacKey(SecretKey master, boolean alice);
 	/**
 	 * Derives a nonce from the given master secret for one of the parties to
 	 * sign.
 	 * @param alice whether the nonce is for use by Alice or Bob.
 	 */
 	byte[] deriveSignatureNonce(SecretKey master, boolean alice);
 	/**
 	 * Derives a commitment to the provided public key.
 	 * <p/>
 	 * Part of BQP.
 	 *
 	 * @param publicKey the public key
 	 * @return the commitment to the provided public key.
 	 */
 	byte[] deriveKeyCommitment(byte[] publicKey);
 	/**
 	 * Derives a common shared secret from two public keys and one of the
 	 * corresponding private keys.
 	 * <p/>
 	 * Part of BQP.
 	 *
-	 * @param label a namespaced label indicating the purpose of this shared
+	 * @param theirPublicKey the ephemeral public key of the remote party
-	 * secret, to prevent it from being repurposed or colliding with a shared
+	 * @param ourKeyPair our ephemeral keypair
-	 * secret derived for another purpose
+	 * @param alice true if ourKeyPair belongs to Alice
 	 * @param theirPublicKey the public key of the remote party
 	 * @param ourKeyPair the key pair of the local party
 	 * @return the shared secret
 	 * @throws GeneralSecurityException
 	 */
-	SecretKey deriveSharedSecret(String label, PublicKey theirPublicKey,
+	SecretKey deriveSharedSecret(byte[] theirPublicKey, KeyPair ourKeyPair,
-			KeyPair ourKeyPair, byte[]... inputs)
+			boolean alice) throws GeneralSecurityException;
 			throws GeneralSecurityException;
 	/**
-	 * Signs the given byte[] with the given ECDSA private key.
+	 * Derives the content of a confirmation record.
 	 * <p/>
 	 * Part of BQP.
 	 *
-	 * @param label a namespaced label indicating the purpose of this
+	 * @param sharedSecret the common shared secret
-	 * signature, to prevent it from being repurposed or colliding with a
+	 * @param theirPayload the commit payload from the remote party
-	 * signature created for another purpose
+	 * @param ourPayload the commit payload we sent
 	 * @param theirPublicKey the ephemeral public key of the remote party
 	 * @param ourKeyPair our ephemeral keypair
 	 * @param alice true if ourKeyPair belongs to Alice
 	 * @param aliceRecord true if the confirmation record is for use by Alice
 	 * @return the confirmation record
 	 */
 	byte[] deriveConfirmationRecord(SecretKey sharedSecret,
 			byte[] theirPayload, byte[] ourPayload,
 			byte[] theirPublicKey, KeyPair ourKeyPair,
 			boolean alice, boolean aliceRecord);
 	/**
 	 * Derives a master secret from the given shared secret.
 	 * <p/>
 	 * Part of BQP.
 	 *
 	 * @param sharedSecret the common shared secret
 	 * @return the master secret
 	 */
 	SecretKey deriveMasterSecret(SecretKey sharedSecret);
 	/**
 	 * Derives a master secret from two public keys and one of the corresponding
 	 * private keys.
 	 * <p/>
 	 * This is a helper method that calls
 	 * deriveMasterSecret(deriveSharedSecret(theirPublicKey, ourKeyPair, alice))
 	 *
 	 * @param theirPublicKey the ephemeral public key of the remote party
 	 * @param ourKeyPair our ephemeral keypair
 	 * @param alice true if ourKeyPair belongs to Alice
 	 * @return the shared secret
 	 * @throws GeneralSecurityException
 	 */
 	SecretKey deriveMasterSecret(byte[] theirPublicKey, KeyPair ourKeyPair,
 			boolean alice) throws GeneralSecurityException;
 	/**
 	 * Derives initial transport keys for the given transport in the given
 	 * rotation period from the given master secret.
 	 * @param alice whether the keys are for use by Alice or Bob.
 	 */
 	TransportKeys deriveTransportKeys(TransportId t, SecretKey master,
 			long rotationPeriod, boolean alice);
 	/**
 	 * Rotates the given transport keys to the given rotation period. If the
 	 * keys are for a future rotation period they are not rotated.
 	 */
 	TransportKeys rotateTransportKeys(TransportKeys k, long rotationPeriod);
 	/** Encodes the pseudo-random tag that is used to recognise a stream. */
 	void encodeTag(byte[] tag, SecretKey tagKey, long streamNumber);
 	/**
 	 * Signs the given byte[] with the given PrivateKey.
 	 *
 	 * @param label A label specific to this signature
 	 *              to ensure that the signature cannot be repurposed
 	 */
 	byte[] sign(String label, byte[] toSign, byte[] privateKey)
 			throws GeneralSecurityException;
 	/**
-	 * Signs the given byte[] with the given Ed25519 private key.
+	 * Verifies that the given signature is valid for the signedData
 	 * and the given publicKey.
 	 *
-	 * @param label A label specific to this signature
+	 * @param label A label that was specific to this signature
 	 *              to ensure that the signature cannot be repurposed
 	 */
 	byte[] signEd(String label, byte[] toSign, byte[] privateKey)
 			throws GeneralSecurityException;
 	/**
 	 * Verifies that the given signature is valid for the signed data
 	 * and the given ECDSA public key.
 	 *
 	 * @param label a namespaced label indicating the purpose of this
 	 * signature, to prevent it from being repurposed or colliding with a
 	 * signature created for another purpose
 	 * @return true if the signature was valid, false otherwise.
 	 */
 	boolean verify(String label, byte[] signedData, byte[] publicKey,
 			byte[] signature) throws GeneralSecurityException;
 	/**
 	 * Verifies that the given signature is valid for the signed data
 	 * and the given Ed25519 public key.
 	 *
 	 * @param label A label that was specific to this signature
 	 *              to ensure that the signature cannot be repurposed
 	 * @return true if the signature was valid, false otherwise.
 	 */
 	boolean verifyEd(String label, byte[] signedData, byte[] publicKey,
 			byte[] signature) throws GeneralSecurityException;
 	/**
 	 * Returns the hash of the given inputs. The inputs are unambiguously
 	 * combined by prefixing each input with its length.
 	 *
-	 * @param label a namespaced label indicating the purpose of this hash, to
+	 * @param label A label specific to this hash to ensure that hashes
-	 * prevent it from being repurposed or colliding with a hash created for
+	 *              calculated for distinct purposes don't collide.
 	 * another purpose
 	 */
 	byte[] hash(String label, byte[]... inputs);
 	/**
 	 * Returns the length of hashes produced by
 	 * the {@link CryptoComponent#hash(String, byte[]...)} method.
 	 */
 	int getHashLength();
 	/**
 	 * Returns a message authentication code with the given key over the
 	 * given inputs. The inputs are unambiguously combined by prefixing each
 	 * input with its length.
 	 *
 	 * @param label a namespaced label indicating the purpose of this MAC, to
 	 * prevent it from being repurposed or colliding with a MAC created for
 	 * another purpose
 	 */
-	byte[] mac(String label, SecretKey macKey, byte[]... inputs);
+	byte[] mac(SecretKey macKey, byte[]... inputs);
 	/**
 	 * Encrypts and authenticates the given plaintext so it can be written to
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/crypto/KeyAgreementCrypto.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/crypto/KeyAgreementCrypto.java
@@ -1,50 +0,0 @@
 package org.briarproject.bramble.api.crypto;
 /**
 * Crypto operations for the key agreement protocol - see
 * https://code.briarproject.org/akwizgran/briar-spec/blob/master/protocols/BQP.md
 */
 public interface KeyAgreementCrypto {
 	/**
 	 * Hash label for public key commitment.
 	 */
 	String COMMIT_LABEL = "org.briarproject.bramble.keyagreement/COMMIT";
 	/**
 	 * Key derivation label for confirmation record.
 	 */
 	String CONFIRMATION_KEY_LABEL =
 			"org.briarproject.bramble.keyagreement/CONFIRMATION_KEY";
 	/**
 	 * MAC label for confirmation record.
 	 */
 	String CONFIRMATION_MAC_LABEL =
 			"org.briarproject.bramble.keyagreement/CONFIRMATION_MAC";
 	/**
 	 * Derives a commitment to the provided public key.
 	 *
 	 * @param publicKey the public key
 	 * @return the commitment to the provided public key.
 	 */
 	byte[] deriveKeyCommitment(PublicKey publicKey);
 	/**
 	 * Derives the content of a confirmation record.
 	 *
 	 * @param sharedSecret the common shared secret
 	 * @param theirPayload the key exchange payload of the remote party
 	 * @param ourPayload the key exchange payload of the local party
 	 * @param theirPublicKey the ephemeral public key of the remote party
 	 * @param ourKeyPair our ephemeral key pair of the local party
 	 * @param alice true if the local party is Alice
 	 * @param aliceRecord true if the confirmation record is for use by Alice
 	 * @return the confirmation record
 	 */
 	byte[] deriveConfirmationRecord(SecretKey sharedSecret,
 			byte[] theirPayload, byte[] ourPayload,
 			PublicKey theirPublicKey, KeyPair ourKeyPair,
 			boolean alice, boolean aliceRecord);
 }
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/crypto/PasswordStrengthEstimator.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/crypto/PasswordStrengthEstimator.java
@@ -6,9 +6,9 @@ import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 public interface PasswordStrengthEstimator {
 	float NONE = 0;
-	float WEAK = 0.25f;
+	float WEAK = 0.4f;
-	float QUITE_WEAK = 0.5f;
+	float QUITE_WEAK = 0.6f;
-	float QUITE_STRONG = 0.75f;
+	float QUITE_STRONG = 0.8f;
 	float STRONG = 1;
 	/**
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/crypto/PseudoRandom.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/crypto/PseudoRandom.java
@@ -0,0 +1,12 @@
 package org.briarproject.bramble.api.crypto;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 /**
 * A deterministic pseudo-random number generator.
 */
@NotNullByDefault
 public interface PseudoRandom {
 	byte[] nextBytes(int bytes);
 }
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/crypto/StreamDecrypterFactory.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/crypto/StreamDecrypterFactory.java
@@ -14,9 +14,8 @@ public interface StreamDecrypterFactory {
 	StreamDecrypter createStreamDecrypter(InputStream in, StreamContext ctx);
 	/**
-	 * Creates a {@link StreamDecrypter} for decrypting a contact exchange
+	 * Creates a {@link StreamDecrypter} for decrypting an invitation stream.
 	 * stream.
 	 */
-	StreamDecrypter createContactExchangeStreamDecrypter(InputStream in,
+	StreamDecrypter createInvitationStreamDecrypter(InputStream in,
 			SecretKey headerKey);
 }
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/crypto/StreamEncrypterFactory.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/crypto/StreamEncrypterFactory.java
@@ -14,9 +14,8 @@ public interface StreamEncrypterFactory {
 	StreamEncrypter createStreamEncrypter(OutputStream out, StreamContext ctx);
 	/**
-	 * Creates a {@link StreamEncrypter} for encrypting a contact exchange
+	 * Creates a {@link StreamEncrypter} for encrypting an invitation stream.
 	 * stream.
 	 */
-	StreamEncrypter createContactExchangeStreamDecrypter(OutputStream out,
+	StreamEncrypter createInvitationStreamEncrypter(OutputStream out,
 			SecretKey headerKey);
 }
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/crypto/TransportCrypto.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/crypto/TransportCrypto.java
@@ -1,32 +0,0 @@
 package org.briarproject.bramble.api.crypto;
 import org.briarproject.bramble.api.plugin.TransportId;
 import org.briarproject.bramble.api.transport.TransportKeys;
 /**
 * Crypto operations for the transport security protocol - see
 * https://code.briarproject.org/akwizgran/briar-spec/blob/master/protocols/BTP.md
 */
 public interface TransportCrypto {
 	/**
 	 * Derives initial transport keys for the given transport in the given
 	 * rotation period from the given master secret.
 	 *
 	 * @param alice whether the keys are for use by Alice or Bob.
 	 */
 	TransportKeys deriveTransportKeys(TransportId t, SecretKey master,
 			long rotationPeriod, boolean alice);
 	/**
 	 * Rotates the given transport keys to the given rotation period. If the
 	 * keys are for the given period or any later period they are not rotated.
 	 */
 	TransportKeys rotateTransportKeys(TransportKeys k, long rotationPeriod);
 	/**
 	 * Encodes the pseudo-random tag that is used to recognise a stream.
 	 */
 	void encodeTag(byte[] tag, SecretKey tagKey, int protocolVersion,
 			long streamNumber);
 }
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/data/BdfDictionary.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/data/BdfDictionary.java
@@ -4,14 +4,11 @@ import org.briarproject.bramble.api.Bytes;
 import org.briarproject.bramble.api.FormatException;
 import java.util.Map;
-import java.util.Map.Entry;
+import java.util.concurrent.ConcurrentSkipListMap;
 import java.util.TreeMap;
 import javax.annotation.Nullable;
 import javax.annotation.concurrent.NotThreadSafe;
-@NotThreadSafe
+public class BdfDictionary extends ConcurrentSkipListMap<String, Object> {
 public class BdfDictionary extends TreeMap<String, Object> {
 	public static final Object NULL_VALUE = new Object();
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/data/BdfList.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/data/BdfList.java
@@ -3,17 +3,15 @@ package org.briarproject.bramble.api.data;
 import org.briarproject.bramble.api.Bytes;
 import org.briarproject.bramble.api.FormatException;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
 import java.util.Vector;
 import javax.annotation.Nullable;
 import javax.annotation.concurrent.NotThreadSafe;
 import static org.briarproject.bramble.api.data.BdfDictionary.NULL_VALUE;
-@NotThreadSafe
+public class BdfList extends Vector<Object> {
 public class BdfList extends ArrayList<Object> {
 	/**
 	 * Factory method for constructing lists inline.
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/db/DatabaseComponent.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/db/DatabaseComponent.java
@@ -122,9 +122,8 @@ public interface DatabaseComponent {
 			throws DbException;
 	/**
-	 * Deletes the message with the given ID. Unlike
+	 * Deletes the message with the given ID. The message ID and any other
-	 * {@link #removeMessage(Transaction, MessageId)}, the message ID and any
+	 * associated data are not deleted.
 	 * other associated data are not deleted.
 	 */
 	void deleteMessage(Transaction txn, MessageId m) throws DbException;
@@ -453,11 +452,6 @@ public interface DatabaseComponent {
 	 */
 	void removeLocalAuthor(Transaction txn, AuthorId a) throws DbException;
 	/**
 	 * Removes a message (and all associated state) from the database.
 	 */
 	void removeMessage(Transaction txn, MessageId m) throws DbException;
 	/**
 	 * Removes a transport (and all associated state) from the database.
 	 */
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/db/Metadata.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/db/Metadata.java
@@ -1,11 +1,11 @@
 package org.briarproject.bramble.api.db;
-import java.util.TreeMap;
+import java.util.Hashtable;
-import javax.annotation.concurrent.NotThreadSafe;
+import javax.annotation.concurrent.ThreadSafe;
-@NotThreadSafe
+@ThreadSafe
-public class Metadata extends TreeMap<String, byte[]> {
+public class Metadata extends Hashtable<String, byte[]> {
 	/**
 	 * Special value to indicate that a key is being removed.
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/db/Transaction.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/db/Transaction.java
@@ -45,7 +45,7 @@ public class Transaction {
 	 * committed.
 	 */
 	public void attach(Event e) {
-		if (events == null) events = new ArrayList<>();
+		if (events == null) events = new ArrayList<Event>();
 		events.add(e);
 	}
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/identity/Author.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/identity/Author.java
@@ -13,9 +13,7 @@ import javax.annotation.concurrent.Immutable;
@NotNullByDefault
 public class Author {
-	public enum Status {
+	public enum Status {ANONYMOUS, UNKNOWN, UNVERIFIED, VERIFIED, OURSELVES}
 		NONE, ANONYMOUS, UNKNOWN, UNVERIFIED, VERIFIED, OURSELVES
 	}
 	private final AuthorId id;
 	private final String name;
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/identity/AuthorId.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/identity/AuthorId.java
@@ -16,7 +16,7 @@ public class AuthorId extends UniqueId {
 	/**
 	 * Label for hashing authors to calculate their identities.
 	 */
-	public static final String LABEL = "org.briarproject.bramble/AUTHOR_ID";
+	public static final String LABEL = "org.briarproject.bramble.AUTHOR_ID";
 	public AuthorId(byte[] id) {
 		super(id);
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/invitation/InvitationConstants.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/invitation/InvitationConstants.java
@@ -0,0 +1,20 @@
 package org.briarproject.bramble.api.invitation;
 public interface InvitationConstants {
 	/**
 	 * The connection timeout in milliseconds.
 	 */
 	long CONNECTION_TIMEOUT = 60 * 1000;
 	/**
 	 * The confirmation timeout in milliseconds.
 	 */
 	long CONFIRMATION_TIMEOUT = 60 * 1000;
 	/**
 	 * The number of bits in an invitation or confirmation code. Codes must fit
 	 * into six decimal digits.
 	 */
 	int CODE_BITS = 19;
 }
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/invitation/InvitationListener.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/invitation/InvitationListener.java
@@ -0,0 +1,47 @@
 package org.briarproject.bramble.api.invitation;
 /**
 * An interface for receiving updates about the state of an
 * {@link InvitationTask}.
 */
 public interface InvitationListener {
 	/** Called if a connection to the remote peer is established. */
 	void connectionSucceeded();
 	/**
 	 * Called if a connection to the remote peer cannot be established. This
 	 * indicates that the protocol has ended unsuccessfully.
 	 */
 	void connectionFailed();
 	/** Called if key agreement with the remote peer succeeds. */
 	void keyAgreementSucceeded(int localCode, int remoteCode);
 	/**
 	 * Called if key agreement with the remote peer fails or the connection is
 	 * lost. This indicates that the protocol has ended unsuccessfully.
 	 */
 	void keyAgreementFailed();
 	/** Called if the remote peer's confirmation check succeeds. */
 	void remoteConfirmationSucceeded();
 	/**
 	 * Called if remote peer's confirmation check fails or the connection is
 	 * lost. This indicates that the protocol has ended unsuccessfully.
 	 */
 	void remoteConfirmationFailed();
 	/**
 	 * Called if the exchange of pseudonyms succeeds. This indicates that the
 	 * protocol has ended successfully.
 	 */
 	void pseudonymExchangeSucceeded(String remoteName);
 	/**
 	 * Called if the exchange of pseudonyms fails or the connection is lost.
 	 * This indicates that the protocol has ended unsuccessfully.
 	 */
 	void pseudonymExchangeFailed();
 }
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/invitation/InvitationState.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/invitation/InvitationState.java
@@ -0,0 +1,85 @@
 package org.briarproject.bramble.api.invitation;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import javax.annotation.Nullable;
 import javax.annotation.concurrent.Immutable;
 /**
 * A snapshot of the state of an {@link InvitationTask}.
 */
@Immutable
@NotNullByDefault
 public class InvitationState {
 	private final int localInvitationCode, remoteInvitationCode;
 	private final int localConfirmationCode, remoteConfirmationCode;
 	private final boolean connected, connectionFailed;
 	private final boolean localCompared, remoteCompared;
 	private final boolean localMatched, remoteMatched;
 	@Nullable
 	private final String contactName;
 	public InvitationState(int localInvitationCode, int remoteInvitationCode,
 			int localConfirmationCode, int remoteConfirmationCode,
 			boolean connected, boolean connectionFailed, boolean localCompared,
 			boolean remoteCompared, boolean localMatched,
 			boolean remoteMatched, @Nullable String contactName) {
 		this.localInvitationCode = localInvitationCode;
 		this.remoteInvitationCode = remoteInvitationCode;
 		this.localConfirmationCode = localConfirmationCode;
 		this.remoteConfirmationCode = remoteConfirmationCode;
 		this.connected = connected;
 		this.connectionFailed = connectionFailed;
 		this.localCompared = localCompared;
 		this.remoteCompared = remoteCompared;
 		this.localMatched = localMatched;
 		this.remoteMatched = remoteMatched;
 		this.contactName = contactName;
 	}
 	public int getLocalInvitationCode() {
 		return localInvitationCode;
 	}
 	public int getRemoteInvitationCode() {
 		return remoteInvitationCode;
 	}
 	public int getLocalConfirmationCode() {
 		return localConfirmationCode;
 	}
 	public int getRemoteConfirmationCode() {
 		return remoteConfirmationCode;
 	}
 	public boolean getConnected() {
 		return connected;
 	}
 	public boolean getConnectionFailed() {
 		return connectionFailed;
 	}
 	public boolean getLocalCompared() {
 		return localCompared;
 	}
 	public boolean getRemoteCompared() {
 		return remoteCompared;
 	}
 	public boolean getLocalMatched() {
 		return localMatched;
 	}
 	public boolean getRemoteMatched() {
 		return remoteMatched;
 	}
 	@Nullable
 	public String getContactName() {
 		return contactName;
 	}
 }
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/invitation/InvitationTask.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/invitation/InvitationTask.java
@@ -0,0 +1,38 @@
 package org.briarproject.bramble.api.invitation;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 /**
 * A task for exchanging invitations with a remote peer.
 */
@NotNullByDefault
 public interface InvitationTask {
 	/**
 	 * Adds a listener to be informed of state changes and returns the
 	 * task's current state.
 	 */
 	InvitationState addListener(InvitationListener l);
 	/**
 	 * Removes the given listener.
 	 */
 	void removeListener(InvitationListener l);
 	/**
 	 * Asynchronously starts the connection process.
 	 */
 	void connect();
 	/**
 	 * Asynchronously informs the remote peer that the local peer's
 	 * confirmation codes matched.
 	 */
 	void localConfirmationSucceeded();
 	/**
 	 * Asynchronously informs the remote peer that the local peer's
 	 * confirmation codes did not match.
 	 */
 	void localConfirmationFailed();
 }
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/invitation/InvitationTaskFactory.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/invitation/InvitationTaskFactory.java
@@ -0,0 +1,15 @@
 package org.briarproject.bramble.api.invitation;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 /**
 * Creates tasks for exchanging invitations with remote peers.
 */
@NotNullByDefault
 public interface InvitationTaskFactory {
 	/**
 	 * Creates a task using the given local and remote invitation codes.
 	 */
 	InvitationTask createTask(int localCode, int remoteCode);
 }
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/keyagreement/KeyAgreementConstants.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/keyagreement/KeyAgreementConstants.java
@@ -5,7 +5,7 @@ public interface KeyAgreementConstants {
 	/**
 	 * The current version of the BQP protocol.
 	 */
-	byte PROTOCOL_VERSION = 3;
+	byte PROTOCOL_VERSION = 2;
 	/**
 	 * The length of the record header in bytes.
@@ -22,10 +22,7 @@ public interface KeyAgreementConstants {
 	 */
 	int COMMIT_LENGTH = 16;
-	/**
+	long CONNECTION_TIMEOUT = 20 * 1000; // Milliseconds
 	 * The connection timeout in milliseconds.
 	 */
 	long CONNECTION_TIMEOUT = 20 * 1000;
 	/**
 	 * The transport identifier for Bluetooth.
@@ -36,16 +33,4 @@ public interface KeyAgreementConstants {
 	 * The transport identifier for LAN.
 	 */
 	int TRANSPORT_ID_LAN = 1;
 	/**
 	 * Label for deriving the shared secret.
 	 */
 	String SHARED_SECRET_LABEL =
 			"org.briarproject.bramble.keyagreement/SHARED_SECRET";
 	/**
 	 * Label for deriving the master secret.
 	 */
 	String MASTER_SECRET_LABEL =
 			"org.briarproject.bramble.keyagreement/MASTER_SECRET";
 }
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/keyagreement/KeyAgreementTaskFactory.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/keyagreement/KeyAgreementTaskFactory.java
@@ -0,0 +1,15 @@
 package org.briarproject.bramble.api.keyagreement;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 /**
 * Manages tasks for conducting key agreements with remote peers.
 */
@NotNullByDefault
 public interface KeyAgreementTaskFactory {
 	/**
 	 * Gets the current key agreement task.
 	 */
 	KeyAgreementTask createTask();
 }
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/plugin/BluetoothConstants.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/plugin/BluetoothConstants.java
@@ -9,5 +9,4 @@ public interface BluetoothConstants {
 	String PROP_ADDRESS = "address";
 	String PROP_UUID = "uuid";
 	String PREF_BT_ENABLE = "enable";
 }
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/plugin/LanTcpConstants.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/plugin/LanTcpConstants.java
@@ -4,10 +4,4 @@ public interface LanTcpConstants {
 	TransportId ID = new TransportId("org.briarproject.bramble.lan");
 	// a transport property (shared with contacts)
 	String PROP_IP_PORTS = "ipPorts";
 	// a local setting
 	String PREF_LAN_IP_PORTS = "ipPorts";
 }
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/plugin/PluginCallback.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/plugin/PluginCallback.java
@@ -29,11 +29,6 @@ public interface PluginCallback {
 	 */
 	Map<ContactId, TransportProperties> getRemoteProperties();
 	/**
 	 * Returns the plugin's remote transport properties for the given contact.
 	 */
 	TransportProperties getRemoteProperties(ContactId c);
 	/**
 	 * Merges the given settings with the namespaced settings
 	 */
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/plugin/PluginManager.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/plugin/PluginManager.java
@@ -32,6 +32,11 @@ public interface PluginManager {
 	 */
 	Collection<DuplexPlugin> getDuplexPlugins();
 	/**
 	 * Returns any duplex plugins that support invitations.
 	 */
 	Collection<DuplexPlugin> getInvitationPlugins();
 	/**
 	 * Returns any duplex plugins that support key agreement.
 	 */
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/plugin/TorConstants.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/plugin/TorConstants.java
@@ -4,19 +4,8 @@ public interface TorConstants {
 	TransportId ID = new TransportId("org.briarproject.bramble.tor");
 	String PROP_ONION = "onion";
 	int SOCKS_PORT = 59050;
 	int CONTROL_PORT = 59051;
 	int CONNECT_TO_PROXY_TIMEOUT = 5000; // Milliseconds
 	int EXTRA_SOCKET_TIMEOUT = 30000; // Milliseconds
 	String PREF_TOR_NETWORK = "network";
 	String PREF_TOR_PORT = "port";
 	int PREF_TOR_NETWORK_NEVER = 0;
 	int PREF_TOR_NETWORK_WIFI = 1;
 	int PREF_TOR_NETWORK_ALWAYS = 2;
 }
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/plugin/duplex/DuplexPlugin.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/plugin/duplex/DuplexPlugin.java
@@ -1,6 +1,7 @@
 package org.briarproject.bramble.api.plugin.duplex;
 import org.briarproject.bramble.api.contact.ContactId;
 import org.briarproject.bramble.api.crypto.PseudoRandom;
 import org.briarproject.bramble.api.data.BdfList;
 import org.briarproject.bramble.api.keyagreement.KeyAgreementListener;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
@@ -22,6 +23,20 @@ public interface DuplexPlugin extends Plugin {
 	@Nullable
 	DuplexTransportConnection createConnection(ContactId c);
 	/**
 	 * Returns true if the plugin supports exchanging invitations.
 	 */
 	boolean supportsInvitations();
 	/**
 	 * Attempts to create and return an invitation connection to the remote
 	 * peer. Returns null if no connection can be established within the given
 	 * time.
 	 */
 	@Nullable
 	DuplexTransportConnection createInvitationConnection(PseudoRandom r,
 			long timeout, boolean alice);
 	/**
 	 * Returns true if the plugin supports short-range key agreement.
 	 */
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/plugin/event/DisableBluetoothEvent.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/plugin/event/DisableBluetoothEvent.java
@@ -1,15 +0,0 @@
 package org.briarproject.bramble.api.plugin.event;
 import org.briarproject.bramble.api.event.Event;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import javax.annotation.concurrent.Immutable;
 /**
 * An event that asks the Bluetooth plugin to disable the Bluetooth adapter if
 * we previously enabled it.
 */
@Immutable
@NotNullByDefault
 public class DisableBluetoothEvent extends Event {
 }
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/plugin/event/EnableBluetoothEvent.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/plugin/event/EnableBluetoothEvent.java
@@ -1,14 +0,0 @@
 package org.briarproject.bramble.api.plugin.event;
 import org.briarproject.bramble.api.event.Event;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import javax.annotation.concurrent.Immutable;
 /**
 * An event asks the Bluetooth plugin to enable the Bluetooth adapter.
 */
@Immutable
@NotNullByDefault
 public class EnableBluetoothEvent extends Event {
 }
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/properties/TransportPropertyManager.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/properties/TransportPropertyManager.java
@@ -17,11 +17,6 @@ public interface TransportPropertyManager {
 	 */
 	ClientId CLIENT_ID = new ClientId("org.briarproject.briar.properties");
 	/**
 	 * The current version of the transport property client.
 	 */
 	int CLIENT_VERSION = 0;
 	/**
 	 * Stores the given properties received while adding a contact - they will
 	 * be superseded by any properties synced from the contact.
@@ -38,7 +33,7 @@ public interface TransportPropertyManager {
 	/**
 	 * Returns the local transport properties for all transports.
 	 * <br/>
-	 * TODO: Transaction can be read-only when code is simplified
+	 * Read-Only
 	 */
 	Map<TransportId, TransportProperties> getLocalProperties(Transaction txn)
 			throws DbException;
@@ -54,13 +49,6 @@ public interface TransportPropertyManager {
 	Map<ContactId, TransportProperties> getRemoteProperties(TransportId t)
 			throws DbException;
 	/**
 	 * Returns the remote transport properties for the given contact and
 	 * transport.
 	 */
 	TransportProperties getRemoteProperties(ContactId c, TransportId t)
 			throws DbException;
 	/**
 	 * Merges the given properties with the existing local properties for the
 	 * given transport.
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/sync/ClientId.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/sync/ClientId.java
@@ -36,8 +36,4 @@ public class ClientId implements Comparable<ClientId> {
 		return id.hashCode();
 	}
 	@Override
 	public String toString() {
 		return id;
 	}
 }
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/sync/GroupFactory.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/sync/GroupFactory.java
@@ -6,7 +6,7 @@ import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 public interface GroupFactory {
 	/**
-	 * Creates a group with the given client ID, client version and descriptor.
+	 * Creates a group with the given client ID and descriptor.
 	 */
-	Group createGroup(ClientId c, int clientVersion, byte[] descriptor);
+	Group createGroup(ClientId c, byte[] descriptor);
 }
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/sync/GroupId.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/sync/GroupId.java
@@ -15,7 +15,7 @@ public class GroupId extends UniqueId {
 	/**
 	 * Label for hashing groups to calculate their identifiers.
 	 */
-	public static final String LABEL = "org.briarproject.bramble/GROUP_ID";
+	public static final String LABEL = "org.briarproject.bramble.GROUP_ID";
 	public GroupId(byte[] id) {
 		super(id);
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/sync/MessageContext.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/sync/MessageContext.java
@@ -22,7 +22,7 @@ public class MessageContext {
 	}
 	public MessageContext(Metadata metadata) {
-		this(metadata, Collections.emptyList());
+		this(metadata, Collections.<MessageId>emptyList());
 	}
 	public Metadata getMetadata() {
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/sync/MessageId.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/sync/MessageId.java
@@ -16,7 +16,7 @@ public class MessageId extends UniqueId {
 	/**
 	 * Label for hashing messages to calculate their identifiers.
 	 */
-	public static final String LABEL = "org.briarproject.bramble/MESSAGE_ID";
+	public static final String LABEL = "org.briarproject.bramble.MESSAGE_ID";
 	public MessageId(byte[] id) {
 		super(id);
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/system/SecureRandomProvider.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/system/SecureRandomProvider.java
@@ -1,23 +0,0 @@
 package org.briarproject.bramble.api.system;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import java.security.Provider;
 import java.security.SecureRandom;
 import javax.annotation.Nullable;
 /**
 * Wrapper for a platform-specific secure random number generator.
 */
@NotNullByDefault
 public interface SecureRandomProvider {
 	/**
 	 * Returns a {@link Provider} that provides a strong {@link SecureRandom}
 	 * implementation, or null if the platform's default implementation should
 	 * be used.
 	 */
 	@Nullable
 	Provider getProvider();
 }
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/system/SeedProvider.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/system/SeedProvider.java
@@ -0,0 +1,18 @@
 package org.briarproject.bramble.api.system;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 /**
 * Uses a platform-specific source to provide a seed for a pseudo-random
 * number generator.
 */
@NotNullByDefault
 public interface SeedProvider {
 	/**
 	 * The length of the seed in bytes.
 	 */
 	int SEED_BYTES = 32;
 	byte[] getSeed();
 }
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/transport/StreamReaderFactory.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/transport/StreamReaderFactory.java
@@ -15,9 +15,9 @@ public interface StreamReaderFactory {
 	InputStream createStreamReader(InputStream in, StreamContext ctx);
 	/**
-	 * Creates an {@link InputStream InputStream} for reading from a contact
+	 * Creates an {@link InputStream InputStream} for reading from an
-	 * exchangestream.
+	 * invitation stream.
 	 */
-	InputStream createContactExchangeStreamReader(InputStream in,
+	InputStream createInvitationStreamReader(InputStream in,
 			SecretKey headerKey);
 }
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/transport/StreamWriterFactory.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/transport/StreamWriterFactory.java
@@ -15,9 +15,9 @@ public interface StreamWriterFactory {
 	OutputStream createStreamWriter(OutputStream out, StreamContext ctx);
 	/**
-	 * Creates an {@link OutputStream OutputStream} for writing to a contact
+	 * Creates an {@link OutputStream OutputStream} for writing to an
-	 * exchange stream.
+	 * invitation stream.
 	 */
-	OutputStream createContactExchangeStreamWriter(OutputStream out,
+	OutputStream createInvitationStreamWriter(OutputStream out,
 			SecretKey headerKey);
 }
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/transport/TransportConstants.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/transport/TransportConstants.java
@@ -4,11 +4,6 @@ import org.briarproject.bramble.api.crypto.SecretKey;
 public interface TransportConstants {
 	/**
 	 * The current version of the transport protocol.
 	 */
 	int PROTOCOL_VERSION = 4;
 	/**
 	 * The length of the pseudo-random tag in bytes.
 	 */
@@ -19,22 +14,21 @@ public interface TransportConstants {
 	 */
 	int STREAM_HEADER_NONCE_LENGTH = 24;
 	/**
 	 * The length of the stream header initialisation vector (IV) in bytes.
 	 */
 	int STREAM_HEADER_IV_LENGTH = STREAM_HEADER_NONCE_LENGTH - 8;
 	/**
 	 * The length of the message authentication code (MAC) in bytes.
 	 */
 	int MAC_LENGTH = 16;
 	/**
 	 * The length of the stream header plaintext in bytes. The stream header
 	 * contains the protocol version, stream number and frame key.
 	 */
 	int STREAM_HEADER_PLAINTEXT_LENGTH = 2 + 8 + SecretKey.LENGTH;
 	/**
 	 * The length of the stream header in bytes.
 	 */
-	int STREAM_HEADER_LENGTH = STREAM_HEADER_NONCE_LENGTH
+	int STREAM_HEADER_LENGTH = STREAM_HEADER_IV_LENGTH + SecretKey.LENGTH
-			+ STREAM_HEADER_PLAINTEXT_LENGTH + MAC_LENGTH;
+			+ MAC_LENGTH;
 	/**
 	 * The length of the frame nonce in bytes.
@@ -80,32 +74,4 @@ public interface TransportConstants {
 	 * The size of the reordering window.
 	 */
 	int REORDERING_WINDOW_SIZE = 32;
 	/**
 	 * Label for deriving Alice's initial tag key from the master secret.
 	 */
 	String ALICE_TAG_LABEL = "org.briarproject.bramble.transport/ALICE_TAG_KEY";
 	/**
 	 * Label for deriving Bob's initial tag key from the master secret.
 	 */
 	String BOB_TAG_LABEL = "org.briarproject.bramble.transport/BOB_TAG_KEY";
 	/**
 	 * Label for deriving Alice's initial header key from the master secret.
 	 */
 	String ALICE_HEADER_LABEL =
 			"org.briarproject.bramble.transport/ALICE_HEADER_KEY";
 	/**
 	 * Label for deriving Bob's initial header key from the master secret.
 	 */
 	String BOB_HEADER_LABEL =
 			"org.briarproject.bramble.transport/BOB_HEADER_KEY";
 	/**
 	 * Label for deriving the next period's key in key rotation.
 	 */
 	String ROTATE_LABEL = "org.briarproject.bramble.transport/ROTATE";
 }
--- a/bramble-api/src/main/java/org/briarproject/bramble/util/IoUtils.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/util/IoUtils.java
@@ -8,7 +8,6 @@ import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
 import java.net.Socket;
 import javax.annotation.Nullable;
@@ -60,24 +59,4 @@ public class IoUtils {
 			offset += read;
 		}
 	}
 	// Workaround for a bug in Android 7, see
 	// https://android-review.googlesource.com/#/c/271775/
 	public static InputStream getInputStream(Socket s) throws IOException {
 		try {
 			return s.getInputStream();
 		} catch (NullPointerException e) {
 			throw new IOException(e);
 		}
 	}
 	// Workaround for a bug in Android 7, see
 	// https://android-review.googlesource.com/#/c/271775/
 	public static OutputStream getOutputStream(Socket s) throws IOException {
 		try {
 			return s.getOutputStream();
 		} catch (NullPointerException e) {
 			throw new IOException(e);
 		}
 	}
 }
--- a/bramble-api/src/main/java/org/briarproject/bramble/util/PrivacyUtils.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/util/PrivacyUtils.java
@@ -19,7 +19,7 @@ public class PrivacyUtils {
 	@Nullable
 	public static String scrubMacAddress(@Nullable String address) {
-		if (address == null || address.length() == 0) return null;
+		if (address == null) return null;
 		// this is a fake address we need to know about
 		if (address.equals("02:00:00:00:00:00")) return address;
 		// keep first and last octet of MAC address
--- a/bramble-api/src/main/java/org/briarproject/bramble/util/StringUtils.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/util/StringUtils.java
@@ -8,7 +8,6 @@ import java.nio.charset.CharacterCodingException;
 import java.nio.charset.Charset;
 import java.nio.charset.CharsetDecoder;
 import java.util.Collection;
 import java.util.Random;
 import java.util.regex.Pattern;
 import javax.annotation.Nullable;
@@ -28,7 +27,6 @@ public class StringUtils {
 			'0', '1', '2', '3', '4', '5', '6', '7',
 			'8', '9', 'A', 'B', 'C', 'D', 'E', 'F'
 	};
 	private static final Random random = new Random();
 	public static boolean isNullOrEmpty(@Nullable String s) {
 		return s == null || s.length() == 0;
@@ -141,12 +139,4 @@ public class StringUtils {
 		}
 		return s.toString();
 	}
 	public static String getRandomString(int length) {
 		char[] c = new char[length];
 		for (int i = 0; i < length; i++)
 			c[i] = (char) ('a' + random.nextInt(26));
 		return new String(c);
 	}
 }
--- a/bramble-api/src/test/java/org/briarproject/bramble/test/BrambleMockTestCase.java
+++ b/bramble-api/src/test/java/org/briarproject/bramble/test/BrambleMockTestCase.java
@@ -3,7 +3,8 @@ package org.briarproject.bramble.test;
 import org.jmock.Mockery;
 import org.junit.After;
-public abstract class BrambleMockTestCase extends BrambleTestCase {
+public abstract class BrambleMockTestCase extends
 		BrambleTestCase {
 	protected final Mockery context = new Mockery();
--- a/bramble-api/src/test/java/org/briarproject/bramble/test/BrambleTestCase.java
+++ b/bramble-api/src/test/java/org/briarproject/bramble/test/BrambleTestCase.java
@@ -8,9 +8,12 @@ public abstract class BrambleTestCase {
 	public BrambleTestCase() {
 		// Ensure exceptions thrown on worker threads cause tests to fail
-		UncaughtExceptionHandler fail = (thread, throwable) -> {
+		UncaughtExceptionHandler fail = new UncaughtExceptionHandler() {
-			throwable.printStackTrace();
+			@Override
-			fail();
+			public void uncaughtException(Thread thread, Throwable throwable) {
 				throwable.printStackTrace();
 				fail();
 			}
 		};
 		Thread.setDefaultUncaughtExceptionHandler(fail);
 	}
--- a/bramble-api/src/test/java/org/briarproject/bramble/test/TestUtils.java
+++ b/bramble-api/src/test/java/org/briarproject/bramble/test/TestUtils.java
@@ -34,6 +34,13 @@ public class TestUtils {
 		return getRandomBytes(UniqueId.LENGTH);
 	}
 	public static String getRandomString(int length) {
 		char[] c = new char[length];
 		for (int i = 0; i < length; i++)
 			c[i] = (char) ('a' + random.nextInt(26));
 		return new String(c);
 	}
 	public static SecretKey getSecretKey() {
 		return new SecretKey(getRandomBytes(SecretKey.LENGTH));
 	}
--- a/bramble-core/build.gradle
+++ b/bramble-core/build.gradle
@@ -1,60 +1,26 @@
-apply plugin: 'java-library'
+plugins {
-sourceCompatibility = 1.8
+	id "java"
-targetCompatibility = 1.8
+	id "net.ltgt.apt" version "0.9"
 	id "idea"
 }
 sourceCompatibility = 1.6
 targetCompatibility = 1.6
 apply plugin: 'net.ltgt.apt'
 apply plugin: 'idea'
 apply plugin: 'witness'
 dependencies {
-	implementation project(path: ':bramble-api', configuration: 'default')
+	compile project(':bramble-api')
-	implementation 'com.madgag.spongycastle:core:1.58.0.0'
+	compile fileTree(dir: 'libs', include: '*.jar')
-	implementation 'com.h2database:h2:1.4.192' // The last version that supports Java 1.6
+	compile 'com.madgag.spongycastle:core:1.54.0.0'
-	implementation 'org.bitlet:weupnp:0.1.4'
+	compile 'com.h2database:h2:1.4.190'
 	implementation 'net.i2p.crypto:eddsa:0.2.0'
-	apt 'com.google.dagger:dagger-compiler:2.0.2'
+	testCompile project(path: ':bramble-api', configuration: 'testOutput')
 	testImplementation project(path: ':bramble-api', configuration: 'testOutput')
 	testImplementation 'org.hsqldb:hsqldb:2.3.5' // The last version that supports Java 1.6
 	testImplementation 'junit:junit:4.12'
 	testImplementation "org.jmock:jmock:2.8.2"
 	testImplementation "org.jmock:jmock-junit4:2.8.2"
 	testImplementation "org.jmock:jmock-legacy:2.8.2"
 	testImplementation "org.hamcrest:hamcrest-library:1.3"
 	testImplementation "org.hamcrest:hamcrest-core:1.3"
 	testImplementation "org.whispersystems:curve25519-java:0.4.1"
 	testApt 'com.google.dagger:dagger-compiler:2.0.2'
 }
 dependencyVerification {
 	verify = [
-			'cglib:cglib:3.2.0:cglib-3.2.0.jar:adb13bab79712ad6bdf1bd59f2a3918018a8016e722e8a357065afb9e6690861',
+			'com.madgag.spongycastle:core:1e7fa4b19ccccd1011364ab838d0b4702470c178bbbdd94c5c90b2d4d749ea1e',
-			'com.google.code.findbugs:jsr305:3.0.2:jsr305-3.0.2.jar:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7',
+			'com.h2database:h2:23ba495a07bbbb3bd6c3084d10a96dad7a23741b8b6d64b213459a784195a98c'
 			'com.google.dagger:dagger-compiler:2.0.2:dagger-compiler-2.0.2.jar:b74bc9de063dd4c6400b232231f2ef5056145b8fbecbf5382012007dd1c071b3',
 			'com.google.dagger:dagger-producers:2.0-beta:dagger-producers-2.0-beta.jar:99ec15e8a0507ba569e7655bc1165ee5e5ca5aa914b3c8f7e2c2458f724edd6b',
 			'com.google.dagger:dagger:2.0.2:dagger-2.0.2.jar:84c0282ed8be73a29e0475d639da030b55dee72369e58dd35ae7d4fe6243dcf9',
 			'com.google.guava:guava:18.0:guava-18.0.jar:d664fbfc03d2e5ce9cab2a44fb01f1d0bf9dfebeccc1a473b1f9ea31f79f6f99',
 			'com.h2database:h2:1.4.192:h2-1.4.192.jar:225b22e9857235c46c93861410b60b8c81c10dc8985f4faf188985ba5445126c',
 			'com.madgag.spongycastle:core:1.58.0.0:core-1.58.0.0.jar:199617dd5698c5a9312b898c0a4cec7ce9dd8649d07f65d91629f58229d72728',
 			'javax.inject:javax.inject:1:javax.inject-1.jar:91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff',
 			'junit:junit:4.12:junit-4.12.jar:59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a',
 			'net.i2p.crypto:eddsa:0.2.0:eddsa-0.2.0.jar:a7cb1b85c16e2f0730b9204106929a1d9aaae1df728adc7041a8b8b605692140',
 			'org.apache.ant:ant-launcher:1.9.4:ant-launcher-1.9.4.jar:7bccea20b41801ca17bcbc909a78c835d0f443f12d639c77bd6ae3d05861608d',
 			'org.apache.ant:ant:1.9.4:ant-1.9.4.jar:649ae0730251de07b8913f49286d46bba7b92d47c5f332610aa426c4f02161d8',
 			'org.beanshell:bsh:1.3.0:bsh-1.3.0.jar:9b04edc75d19db54f1b4e8b5355e9364384c6cf71eb0a1b9724c159d779879f8',
 			'org.bitlet:weupnp:0.1.4:weupnp-0.1.4.jar:88df7e6504929d00bdb832863761385c68ab92af945b04f0770b126270a444fb',
 			'org.hamcrest:hamcrest-core:1.3:hamcrest-core-1.3.jar:66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9',
 			'org.hamcrest:hamcrest-library:1.3:hamcrest-library-1.3.jar:711d64522f9ec410983bd310934296da134be4254a125080a0416ec178dfad1c',
 			'org.hsqldb:hsqldb:2.3.5:hsqldb-2.3.5.jar:6676a6977ac98997a80f827ddbd3fe8ca1e0853dad1492512135fd1a222ccfad',
 			'org.jmock:jmock-junit4:2.8.2:jmock-junit4-2.8.2.jar:f7ee4df4f7bd7b7f1cafad3b99eb74d579f109d5992ff625347352edb55e674c',
 			'org.jmock:jmock-legacy:2.8.2:jmock-legacy-2.8.2.jar:f2b985a5c08a9edb7f37612330c058809da3f6a6d63ce792426ebf8ff0d6d31b',
 			'org.jmock:jmock-testjar:2.8.2:jmock-testjar-2.8.2.jar:8900860f72c474e027cf97fe78dcbf154a1aa7fc62b6845c5fb4e4f3c7bc8760',
 			'org.jmock:jmock:2.8.2:jmock-2.8.2.jar:6c73cb4a2e6dbfb61fd99c9a768539c170ab6568e57846bd60dbf19596b65b16',
 			'org.objenesis:objenesis:2.1:objenesis-2.1.jar:c74330cc6b806c804fd37e74487b4fe5d7c2750c5e15fbc6efa13bdee1bdef80',
 			'org.ow2.asm:asm:5.0.4:asm-5.0.4.jar:896618ed8ae62702521a78bc7be42b7c491a08e6920a15f89a3ecdec31e9a220',
 			'org.whispersystems:curve25519-java:0.4.1:curve25519-java-0.4.1.jar:7dd659d8822c06c3aea1a47f18fac9e5761e29cab8100030b877db445005f03e',
 	]
 }
@@ -69,8 +35,3 @@ task jarTest(type: Jar, dependsOn: testClasses) {
 artifacts {
 	testOutput jarTest
 }
 // If a Java 6 JRE is available, check we're not using any Java 7 or 8 APIs
 tasks.withType(JavaCompile) {
 	useJava6StandardLibrary(it)
 }
--- a/bramble-core/libs/weupnp-0.1.3-SNAPSHOT-briar.jar
+++ b/bramble-core/libs/weupnp-0.1.3-SNAPSHOT-briar.jar
--- a/bramble-core/src/main/java/org/briarproject/bramble/BrambleCoreModule.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/BrambleCoreModule.java
@@ -8,6 +8,7 @@ import org.briarproject.bramble.db.DatabaseExecutorModule;
 import org.briarproject.bramble.db.DatabaseModule;
 import org.briarproject.bramble.event.EventModule;
 import org.briarproject.bramble.identity.IdentityModule;
 import org.briarproject.bramble.invitation.InvitationModule;
 import org.briarproject.bramble.keyagreement.KeyAgreementModule;
 import org.briarproject.bramble.lifecycle.LifecycleModule;
 import org.briarproject.bramble.plugin.PluginModule;
@@ -31,6 +32,7 @@ import dagger.Module;
 		DatabaseExecutorModule.class,
 		EventModule.class,
 		IdentityModule.class,
 		InvitationModule.class,
 		KeyAgreementModule.class,
 		LifecycleModule.class,
 		PluginModule.class,
@@ -52,7 +54,6 @@ public class BrambleCoreModule {
 		c.inject(new IdentityModule.EagerSingletons());
 		c.inject(new LifecycleModule.EagerSingletons());
 		c.inject(new PluginModule.EagerSingletons());
 		c.inject(new PropertiesModule.EagerSingletons());
 		c.inject(new SyncModule.EagerSingletons());
 		c.inject(new SystemModule.EagerSingletons());
 		c.inject(new TransportModule.EagerSingletons());
--- a/bramble-core/src/main/java/org/briarproject/bramble/PoliteExecutor.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/PoliteExecutor.java
@@ -1,81 +0,0 @@
 package org.briarproject.bramble;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import java.util.LinkedList;
 import java.util.Queue;
 import java.util.concurrent.Executor;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import javax.annotation.concurrent.GuardedBy;
 import static java.util.logging.Level.FINE;
 /**
 * An {@link Executor} that delegates its tasks to another {@link Executor}
 * while limiting the number of tasks that are delegated concurrently. Tasks
 * are delegated in the order they are submitted to this executor.
 */
@NotNullByDefault
 public class PoliteExecutor implements Executor {
 	private static final Level LOG_LEVEL = FINE;
 	private final Object lock = new Object();
 	@GuardedBy("lock")
 	private final Queue<Runnable> queue = new LinkedList<>();
 	private final Executor delegate;
 	private final int maxConcurrentTasks;
 	private final Logger log;
 	@GuardedBy("lock")
 	private int concurrentTasks = 0;
 	/**
 	 * @param tag the tag to be used for logging
 	 * @param delegate the executor to which tasks will be delegated
 	 * @param maxConcurrentTasks the maximum number of tasks that will be
 	 * delegated concurrently. If this is set to 1, tasks submitted to this
 	 * executor will run in the order they are submitted and will not run
 	 * concurrently
 	 */
 	public PoliteExecutor(String tag, Executor delegate,
 			int maxConcurrentTasks) {
 		this.delegate = delegate;
 		this.maxConcurrentTasks = maxConcurrentTasks;
 		log = Logger.getLogger(tag);
 	}
 	@Override
 	public void execute(Runnable r) {
 		long submitted = System.currentTimeMillis();
 		Runnable wrapped = () -> {
 			if (log.isLoggable(LOG_LEVEL)) {
 				long queued = System.currentTimeMillis() - submitted;
 				log.log(LOG_LEVEL, "Queue time " + queued + " ms");
 			}
 			try {
 				r.run();
 			} finally {
 				scheduleNext();
 			}
 		};
 		synchronized (lock) {
 			if (concurrentTasks < maxConcurrentTasks) {
 				concurrentTasks++;
 				delegate.execute(wrapped);
 			} else {
 				queue.add(wrapped);
 			}
 		}
 	}
 	private void scheduleNext() {
 		synchronized (lock) {
 			Runnable next = queue.poll();
 			if (next == null) concurrentTasks--;
 			else delegate.execute(next);
 		}
 	}
 }
--- a/bramble-core/src/main/java/org/briarproject/bramble/TimeLoggingExecutor.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/TimeLoggingExecutor.java
@@ -1,46 +0,0 @@
 package org.briarproject.bramble;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import java.util.concurrent.BlockingQueue;
 import java.util.concurrent.RejectedExecutionHandler;
 import java.util.concurrent.ThreadPoolExecutor;
 import java.util.concurrent.TimeUnit;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import static java.util.logging.Level.FINE;
@NotNullByDefault
 public class TimeLoggingExecutor extends ThreadPoolExecutor {
 	private static final Level LOG_LEVEL = FINE;
 	private final Logger log;
 	public TimeLoggingExecutor(String tag, int corePoolSize, int maxPoolSize,
 			long keepAliveTime, TimeUnit unit,
 			BlockingQueue<Runnable> workQueue,
 			RejectedExecutionHandler handler) {
 		super(corePoolSize, maxPoolSize, keepAliveTime, unit, workQueue,
 				handler);
 		log = Logger.getLogger(tag);
 	}
 	@Override
 	public void execute(Runnable r) {
 		if (log.isLoggable(LOG_LEVEL)) {
 			long submitted = System.currentTimeMillis();
 			super.execute(() -> {
 				long started = System.currentTimeMillis();
 				long queued = started - submitted;
 				log.log(LOG_LEVEL, "Queue time " + queued + " ms");
 				r.run();
 				long executing = System.currentTimeMillis() - started;
 				log.log(LOG_LEVEL, "Execution time " + executing + " ms");
 			});
 		} else {
 			super.execute(r);
 		}
 	}
 }
--- a/bramble-core/src/main/java/org/briarproject/bramble/client/ClientHelperImpl.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/client/ClientHelperImpl.java
@@ -201,7 +201,8 @@ class ClientHelperImpl implements ClientHelper {
 	public Map<MessageId, BdfDictionary> getMessageMetadataAsDictionary(
 			Transaction txn, GroupId g) throws DbException, FormatException {
 		Map<MessageId, Metadata> raw = db.getMessageMetadata(txn, g);
-		Map<MessageId, BdfDictionary> parsed = new HashMap<>(raw.size());
+		Map<MessageId, BdfDictionary> parsed =
 				new HashMap<MessageId, BdfDictionary>(raw.size());
 		for (Entry<MessageId, Metadata> e : raw.entrySet())
 			parsed.put(e.getKey(), metadataParser.parse(e.getValue()));
 		return parsed;
@@ -228,7 +229,8 @@ class ClientHelperImpl implements ClientHelper {
 			FormatException {
 		Metadata metadata = metadataEncoder.encode(query);
 		Map<MessageId, Metadata> raw = db.getMessageMetadata(txn, g, metadata);
-		Map<MessageId, BdfDictionary> parsed = new HashMap<>(raw.size());
+		Map<MessageId, BdfDictionary> parsed =
 				new HashMap<MessageId, BdfDictionary>(raw.size());
 		for (Entry<MessageId, Metadata> e : raw.entrySet())
 			parsed.put(e.getKey(), metadataParser.parse(e.getValue()));
 		return parsed;
--- a/bramble-core/src/main/java/org/briarproject/bramble/client/ContactGroupFactoryImpl.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/client/ContactGroupFactoryImpl.java
@@ -32,25 +32,23 @@ class ContactGroupFactoryImpl implements ContactGroupFactory {
 	}
 	@Override
-	public Group createLocalGroup(ClientId clientId, int clientVersion) {
+	public Group createLocalGroup(ClientId clientId) {
-		return groupFactory.createGroup(clientId, clientVersion,
+		return groupFactory.createGroup(clientId, LOCAL_GROUP_DESCRIPTOR);
 				LOCAL_GROUP_DESCRIPTOR);
 	}
 	@Override
-	public Group createContactGroup(ClientId clientId, int clientVersion,
+	public Group createContactGroup(ClientId clientId, Contact contact) {
 			Contact contact) {
 		AuthorId local = contact.getLocalAuthorId();
 		AuthorId remote = contact.getAuthor().getId();
 		byte[] descriptor = createGroupDescriptor(local, remote);
-		return groupFactory.createGroup(clientId, clientVersion, descriptor);
+		return groupFactory.createGroup(clientId, descriptor);
 	}
 	@Override
-	public Group createContactGroup(ClientId clientId, int clientVersion,
+	public Group createContactGroup(ClientId clientId, AuthorId authorId1,
-			AuthorId authorId1, AuthorId authorId2) {
+			AuthorId authorId2) {
 		byte[] descriptor = createGroupDescriptor(authorId1, authorId2);
-		return groupFactory.createGroup(clientId, clientVersion, descriptor);
+		return groupFactory.createGroup(clientId, descriptor);
 	}
 	private byte[] createGroupDescriptor(AuthorId local, AuthorId remote) {
--- a/bramble-core/src/main/java/org/briarproject/bramble/contact/ContactExchangeTaskImpl.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/contact/ContactExchangeTaskImpl.java
@@ -80,7 +80,7 @@ class ContactExchangeTaskImpl extends Thread implements ContactExchangeTask {
 	private volatile boolean alice;
 	@Inject
-	ContactExchangeTaskImpl(DatabaseComponent db,
+	public ContactExchangeTaskImpl(DatabaseComponent db,
 			AuthorFactory authorFactory, BdfReaderFactory bdfReaderFactory,
 			BdfWriterFactory bdfWriterFactory, Clock clock,
 			ConnectionManager connectionManager, ContactManager contactManager,
@@ -141,27 +141,23 @@ class ContactExchangeTaskImpl extends Thread implements ContactExchangeTask {
 		}
 		// Derive the header keys for the transport streams
-		SecretKey aliceHeaderKey = crypto.deriveKey(ALICE_KEY_LABEL,
+		SecretKey aliceHeaderKey = crypto.deriveHeaderKey(masterSecret, true);
-				masterSecret, new byte[] {PROTOCOL_VERSION});
+		SecretKey bobHeaderKey = crypto.deriveHeaderKey(masterSecret, false);
 		SecretKey bobHeaderKey = crypto.deriveKey(BOB_KEY_LABEL, masterSecret,
 				new byte[] {PROTOCOL_VERSION});
 		// Create the readers
 		InputStream streamReader =
-				streamReaderFactory.createContactExchangeStreamReader(in,
+				streamReaderFactory.createInvitationStreamReader(in,
 						alice ? bobHeaderKey : aliceHeaderKey);
 		BdfReader r = bdfReaderFactory.createReader(streamReader);
 		// Create the writers
 		OutputStream streamWriter =
-				streamWriterFactory.createContactExchangeStreamWriter(out,
+				streamWriterFactory.createInvitationStreamWriter(out,
 						alice ? aliceHeaderKey : bobHeaderKey);
 		BdfWriter w = bdfWriterFactory.createWriter(streamWriter);
 		// Derive the nonces to be signed
-		byte[] aliceNonce = crypto.mac(ALICE_NONCE_LABEL, masterSecret,
+		byte[] aliceNonce = crypto.deriveSignatureNonce(masterSecret, true);
-				new byte[] {PROTOCOL_VERSION});
+		byte[] bobNonce = crypto.deriveSignatureNonce(masterSecret, false);
 		byte[] bobNonce = crypto.mac(BOB_NONCE_LABEL, masterSecret,
 				new byte[] {PROTOCOL_VERSION});
 		// Exchange pseudonyms, signed nonces, and timestamps
 		long localTimestamp = clock.currentTimeMillis();
@@ -188,7 +184,12 @@ class ContactExchangeTaskImpl extends Thread implements ContactExchangeTask {
 			// Close the outgoing stream and expect EOF on the incoming stream
 			w.close();
 			if (!r.eof()) LOG.warning("Unexpected data at end of connection");
-		} catch (GeneralSecurityException | IOException e) {
+		} catch (GeneralSecurityException e) {
 			if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
 			listener.contactExchangeFailed();
 			tryToClose(conn, true);
 			return;
 		} catch (IOException e) {
 			if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
 			listener.contactExchangeFailed();
 			tryToClose(conn, true);
@@ -200,8 +201,8 @@ class ContactExchangeTaskImpl extends Thread implements ContactExchangeTask {
 		try {
 			// Add the contact
-			ContactId contactId = addContact(remoteAuthor, timestamp,
+			ContactId contactId = addContact(remoteAuthor, masterSecret,
-					remoteProperties);
+					timestamp, alice, remoteProperties);
 			// Reuse the connection as a transport connection
 			connectionManager.manageOutgoingConnection(contactId, transportId,
 					conn);
@@ -275,7 +276,8 @@ class ContactExchangeTaskImpl extends Thread implements ContactExchangeTask {
 	private Map<TransportId, TransportProperties> receiveTransportProperties(
 			BdfReader r) throws IOException {
-		Map<TransportId, TransportProperties> remote = new HashMap<>();
+		Map<TransportId, TransportProperties> remote =
 				new HashMap<TransportId, TransportProperties>();
 		r.readListStart();
 		while (!r.hasListEnd()) {
 			r.readListStart();
@@ -298,15 +300,15 @@ class ContactExchangeTaskImpl extends Thread implements ContactExchangeTask {
 		return remote;
 	}
-	private ContactId addContact(Author remoteAuthor, long timestamp,
+	private ContactId addContact(Author remoteAuthor, SecretKey master,
 			long timestamp, boolean alice,
 			Map<TransportId, TransportProperties> remoteProperties)
 			throws DbException {
 		ContactId contactId;
 		Transaction txn = db.startTransaction(false);
 		try {
 			contactId = contactManager.addContact(txn, remoteAuthor,
-					localAuthor.getId(), masterSecret, timestamp, alice,
+					localAuthor.getId(), master, timestamp, alice, true, true);
 					true, true);
 			transportPropertyManager.addRemoteProperties(txn, contactId,
 					remoteProperties);
 			db.commitTransaction(txn);
@@ -316,7 +318,8 @@ class ContactExchangeTaskImpl extends Thread implements ContactExchangeTask {
 		return contactId;
 	}
-	private void tryToClose(DuplexTransportConnection conn, boolean exception) {
+	private void tryToClose(DuplexTransportConnection conn,
 			boolean exception) {
 		try {
 			LOG.info("Closing connection");
 			conn.getReader().dispose(exception, true);
--- a/bramble-core/src/main/java/org/briarproject/bramble/contact/ContactManagerImpl.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/contact/ContactManagerImpl.java
@@ -34,8 +34,8 @@ class ContactManagerImpl implements ContactManager {
 	ContactManagerImpl(DatabaseComponent db, KeyManager keyManager) {
 		this.db = db;
 		this.keyManager = keyManager;
-		addHooks = new CopyOnWriteArrayList<>();
+		addHooks = new CopyOnWriteArrayList<AddContactHook>();
-		removeHooks = new CopyOnWriteArrayList<>();
+		removeHooks = new CopyOnWriteArrayList<RemoveContactHook>();
 	}
 	@Override
@@ -125,7 +125,7 @@ class ContactManagerImpl implements ContactManager {
 		} finally {
 			db.endTransaction(txn);
 		}
-		List<Contact> active = new ArrayList<>(contacts.size());
+		List<Contact> active = new ArrayList<Contact>(contacts.size());
 		for (Contact c : contacts) if (c.isActive()) active.add(c);
 		return active;
 	}
--- a/bramble-core/src/main/java/org/briarproject/bramble/crypto/CombinedSecureRandom.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/crypto/CombinedSecureRandom.java
@@ -0,0 +1,62 @@
 package org.briarproject.bramble.crypto;
 import java.security.Provider;
 import java.security.SecureRandom;
 import java.security.SecureRandomSpi;
 /**
 * A {@link SecureRandom} implementation that combines the outputs of two or
 * more other implementations using XOR.
 */
 class CombinedSecureRandom extends SecureRandom {
 	private static final Provider PROVIDER = new CombinedProvider();
 	CombinedSecureRandom(SecureRandom... randoms) {
 		super(new CombinedSecureRandomSpi(randoms), PROVIDER);
 	}
 	private static class CombinedSecureRandomSpi extends SecureRandomSpi {
 		private final SecureRandom[] randoms;
 		private CombinedSecureRandomSpi(SecureRandom... randoms) {
 			if (randoms.length < 2) throw new IllegalArgumentException();
 			this.randoms = randoms;
 		}
 		@Override
 		protected byte[] engineGenerateSeed(int numBytes) {
 			byte[] combined = new byte[numBytes];
 			for (SecureRandom random : randoms) {
 				byte[] b = random.generateSeed(numBytes);
 				int length = Math.min(numBytes, b.length);
 				for (int i = 0; i < length; i++)
 					combined[i] = (byte) (combined[i] ^ b[i]);
 			}
 			return combined;
 		}
 		@Override
 		protected void engineNextBytes(byte[] b) {
 			byte[] temp = new byte[b.length];
 			for (SecureRandom random : randoms) {
 				random.nextBytes(temp);
 				for (int i = 0; i < b.length; i++)
 					b[i] = (byte) (b[i] ^ temp[i]);
 			}
 		}
 		@Override
 		protected void engineSetSeed(byte[] seed) {
 			for (SecureRandom random : randoms) random.setSeed(seed);
 		}
 	}
 	private static class CombinedProvider extends Provider {
 		private CombinedProvider() {
 			super("Combined", 1.0, "");
 		}
 	}
 }
--- a/bramble-core/src/main/java/org/briarproject/bramble/crypto/CryptoComponentImpl.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/crypto/CryptoComponentImpl.java
@@ -1,16 +1,17 @@
 package org.briarproject.bramble.crypto;
 import net.i2p.crypto.eddsa.EdDSAPrivateKey;
 import net.i2p.crypto.eddsa.EdDSAPublicKey;
 import net.i2p.crypto.eddsa.KeyPairGenerator;
 import org.briarproject.bramble.api.crypto.CryptoComponent;
 import org.briarproject.bramble.api.crypto.KeyPair;
 import org.briarproject.bramble.api.crypto.KeyParser;
 import org.briarproject.bramble.api.crypto.PrivateKey;
 import org.briarproject.bramble.api.crypto.PseudoRandom;
 import org.briarproject.bramble.api.crypto.PublicKey;
 import org.briarproject.bramble.api.crypto.SecretKey;
-import org.briarproject.bramble.api.system.SecureRandomProvider;
+import org.briarproject.bramble.api.plugin.TransportId;
 import org.briarproject.bramble.api.system.SeedProvider;
 import org.briarproject.bramble.api.transport.IncomingKeys;
 import org.briarproject.bramble.api.transport.OutgoingKeys;
 import org.briarproject.bramble.api.transport.TransportKeys;
 import org.briarproject.bramble.util.ByteUtils;
 import org.briarproject.bramble.util.StringUtils;
 import org.spongycastle.crypto.AsymmetricCipherKeyPair;
@@ -26,11 +27,9 @@ import org.spongycastle.crypto.params.ECPrivateKeyParameters;
 import org.spongycastle.crypto.params.ECPublicKeyParameters;
 import org.spongycastle.crypto.params.KeyParameter;
 import java.nio.charset.Charset;
 import java.security.GeneralSecurityException;
 import java.security.NoSuchAlgorithmException;
 import java.security.Provider;
 import java.security.SecureRandom;
 import java.security.Security;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
@@ -39,8 +38,13 @@ import java.util.logging.Logger;
 import javax.inject.Inject;
 import static java.util.logging.Level.INFO;
 import static org.briarproject.bramble.api.invitation.InvitationConstants.CODE_BITS;
 import static org.briarproject.bramble.api.keyagreement.KeyAgreementConstants.COMMIT_LENGTH;
 import static org.briarproject.bramble.api.transport.TransportConstants.TAG_LENGTH;
 import static org.briarproject.bramble.crypto.EllipticCurveConstants.PARAMETERS;
 import static org.briarproject.bramble.util.ByteUtils.INT_32_BYTES;
 import static org.briarproject.bramble.util.ByteUtils.INT_64_BYTES;
 import static org.briarproject.bramble.util.ByteUtils.MAX_32_BIT_UNSIGNED;
 class CryptoComponentImpl implements CryptoComponent {
@@ -49,41 +53,64 @@ class CryptoComponentImpl implements CryptoComponent {
 	private static final int AGREEMENT_KEY_PAIR_BITS = 256;
 	private static final int SIGNATURE_KEY_PAIR_BITS = 256;
 	private static final int ED_KEY_PAIR_BITS = 256;
 	private static final int STORAGE_IV_BYTES = 24; // 196 bits
 	private static final int PBKDF_SALT_BYTES = 32; // 256 bits
 	private static final int PBKDF_TARGET_MILLIS = 500;
 	private static final int PBKDF_SAMPLES = 30;
 	private static final int HASH_SIZE = 256 / 8;
 	private static byte[] ascii(String s) {
 		return s.getBytes(Charset.forName("US-ASCII"));
 	}
 	// KDF labels for bluetooth confirmation code derivation
 	private static final byte[] BT_A_CONFIRM = ascii("ALICE_CONFIRMATION_CODE");
 	private static final byte[] BT_B_CONFIRM = ascii("BOB_CONFIRMATION_CODE");
 	// KDF labels for contact exchange stream header key derivation
 	private static final byte[] A_INVITE = ascii("ALICE_INVITATION_KEY");
 	private static final byte[] B_INVITE = ascii("BOB_INVITATION_KEY");
 	// KDF labels for contact exchange signature nonce derivation
 	private static final byte[] A_SIG_NONCE = ascii("ALICE_SIGNATURE_NONCE");
 	private static final byte[] B_SIG_NONCE = ascii("BOB_SIGNATURE_NONCE");
 	// Hash label for BQP public key commitment derivation
 	private static final String COMMIT =
 			"org.briarproject.bramble.COMMIT";
 	// Hash label for shared secret derivation
 	private static final String SHARED_SECRET =
 			"org.briarproject.bramble.SHARED_SECRET";
 	// KDF label for BQP confirmation key derivation
 	private static final byte[] CONFIRMATION_KEY = ascii("CONFIRMATION_KEY");
 	// KDF label for master key derivation
 	private static final byte[] MASTER_KEY = ascii("MASTER_KEY");
 	// KDF labels for tag key derivation
 	private static final byte[] A_TAG = ascii("ALICE_TAG_KEY");
 	private static final byte[] B_TAG = ascii("BOB_TAG_KEY");
 	// KDF labels for header key derivation
 	private static final byte[] A_HEADER = ascii("ALICE_HEADER_KEY");
 	private static final byte[] B_HEADER = ascii("BOB_HEADER_KEY");
 	// KDF labels for MAC key derivation
 	private static final byte[] A_MAC = ascii("ALICE_MAC_KEY");
 	private static final byte[] B_MAC = ascii("BOB_MAC_KEY");
 	// KDF label for key rotation
 	private static final byte[] ROTATE = ascii("ROTATE");
 	private final SecureRandom secureRandom;
 	private final ECKeyPairGenerator agreementKeyPairGenerator;
 	private final ECKeyPairGenerator signatureKeyPairGenerator;
 	private final KeyParser agreementKeyParser, signatureKeyParser;
 	private final MessageEncrypter messageEncrypter;
 	private final KeyPairGenerator edKeyPairGenerator;
 	private final KeyParser edKeyParser;
 	@Inject
-	CryptoComponentImpl(SecureRandomProvider secureRandomProvider) {
+	CryptoComponentImpl(SeedProvider seedProvider) {
 		if (!FortunaSecureRandom.selfTest()) throw new RuntimeException();
 		SecureRandom platformSecureRandom = new SecureRandom();
 		if (LOG.isLoggable(INFO)) {
-			SecureRandom defaultSecureRandom = new SecureRandom();
+			String provider = platformSecureRandom.getProvider().getName();
-			String name = defaultSecureRandom.getProvider().getName();
+			String algorithm = platformSecureRandom.getAlgorithm();
-			String algorithm = defaultSecureRandom.getAlgorithm();
+			LOG.info("Default SecureRandom: " + provider + " " + algorithm);
 			LOG.info("Default SecureRandom: " + name + " " + algorithm);
 		}
-		Provider provider = secureRandomProvider.getProvider();
+		SecureRandom fortuna = new FortunaSecureRandom(seedProvider.getSeed());
-		if (provider == null) {
+		secureRandom = new CombinedSecureRandom(platformSecureRandom, fortuna);
 			LOG.info("Using default");
 		} else {
 			installSecureRandomProvider(provider);
 			if (LOG.isLoggable(INFO)) {
 				SecureRandom installedSecureRandom = new SecureRandom();
 				String name = installedSecureRandom.getProvider().getName();
 				String algorithm = installedSecureRandom.getAlgorithm();
 				LOG.info("Installed SecureRandom: " + name + " " + algorithm);
 			}
 		}
 		secureRandom = new SecureRandom();
 		ECKeyGenerationParameters params = new ECKeyGenerationParameters(
 				PARAMETERS, secureRandom);
 		agreementKeyPairGenerator = new ECKeyPairGenerator();
@@ -95,34 +122,6 @@ class CryptoComponentImpl implements CryptoComponent {
 		signatureKeyParser = new Sec1KeyParser(PARAMETERS,
 				SIGNATURE_KEY_PAIR_BITS);
 		messageEncrypter = new MessageEncrypter(secureRandom);
 		edKeyPairGenerator = new KeyPairGenerator();
 		edKeyPairGenerator.initialize(ED_KEY_PAIR_BITS, secureRandom);
 		edKeyParser = new EdKeyParser();
 	}
 	// Based on https://android-developers.googleblog.com/2013/08/some-securerandom-thoughts.html
 	private void installSecureRandomProvider(Provider provider) {
 		Provider[] providers = Security.getProviders("SecureRandom.SHA1PRNG");
 		if (providers == null || providers.length == 0
 				|| !provider.getClass().equals(providers[0].getClass())) {
 			Security.insertProviderAt(provider, 1);
 		}
 		// Check the new provider is the default when no algorithm is specified
 		SecureRandom random = new SecureRandom();
 		if (!provider.getClass().equals(random.getProvider().getClass())) {
 			throw new SecurityException("Wrong SecureRandom provider: "
 					+ random.getProvider().getClass());
 		}
 		// Check the new provider is the default when SHA1PRNG is specified
 		try {
 			random = SecureRandom.getInstance("SHA1PRNG");
 		} catch (NoSuchAlgorithmException e) {
 			throw new SecurityException(e);
 		}
 		if (!provider.getClass().equals(random.getProvider().getClass())) {
 			throw new SecurityException("Wrong SHA1PRNG provider: "
 					+ random.getProvider().getClass());
 		}
 	}
 	@Override
@@ -132,6 +131,11 @@ class CryptoComponentImpl implements CryptoComponent {
 		return new SecretKey(b);
 	}
 	@Override
 	public PseudoRandom getPseudoRandom(int seed1, int seed2) {
 		return new PseudoRandomImpl(seed1, seed2);
 	}
 	@Override
 	public SecureRandom getSecureRandom() {
 		return secureRandom;
@@ -156,21 +160,6 @@ class CryptoComponentImpl implements CryptoComponent {
 		return secret;
 	}
 	@Override
 	public KeyPair generateEdKeyPair() {
 		java.security.KeyPair keyPair = edKeyPairGenerator.generateKeyPair();
 		EdDSAPublicKey edPublicKey = (EdDSAPublicKey) keyPair.getPublic();
 		PublicKey publicKey = new EdPublicKey(edPublicKey.getAbyte());
 		EdDSAPrivateKey edPrivateKey = (EdDSAPrivateKey) keyPair.getPrivate();
 		PrivateKey privateKey = new EdPrivateKey(edPrivateKey.getSeed());
 		return new KeyPair(publicKey, privateKey);
 	}
 	@Override
 	public KeyParser getEdKeyParser() {
 		return edKeyParser;
 	}
 	@Override
 	public KeyPair generateAgreementKeyPair() {
 		AsymmetricCipherKeyPair keyPair =
@@ -219,63 +208,204 @@ class CryptoComponentImpl implements CryptoComponent {
 	}
 	@Override
-	public SecretKey deriveKey(String label, SecretKey k, byte[]... inputs) {
+	public int generateBTInvitationCode() {
-		byte[] mac = mac(label, k, inputs);
+		int codeBytes = (CODE_BITS + 7) / 8;
-		if (mac.length != SecretKey.LENGTH) throw new IllegalStateException();
+		byte[] random = new byte[codeBytes];
-		return new SecretKey(mac);
+		secureRandom.nextBytes(random);
 		return ByteUtils.readUint(random, CODE_BITS);
 	}
 	@Override
-	public SecretKey deriveSharedSecret(String label, PublicKey theirPublicKey,
+	public int deriveBTConfirmationCode(SecretKey master, boolean alice) {
-			KeyPair ourKeyPair, byte[]... inputs)
+		byte[] b = macKdf(master, alice ? BT_A_CONFIRM : BT_B_CONFIRM);
-			throws GeneralSecurityException {
+		return ByteUtils.readUint(b, CODE_BITS);
 	}
 	@Override
 	public SecretKey deriveHeaderKey(SecretKey master,
 			boolean alice) {
 		return new SecretKey(macKdf(master, alice ? A_INVITE : B_INVITE));
 	}
 	@Override
 	public SecretKey deriveMacKey(SecretKey master, boolean alice) {
 		return new SecretKey(macKdf(master, alice ? A_MAC : B_MAC));
 	}
 	@Override
 	public byte[] deriveSignatureNonce(SecretKey master,
 			boolean alice) {
 		return macKdf(master, alice ? A_SIG_NONCE : B_SIG_NONCE);
 	}
 	@Override
 	public byte[] deriveKeyCommitment(byte[] publicKey) {
 		byte[] hash = hash(COMMIT, publicKey);
 		// The output is the first COMMIT_LENGTH bytes of the hash
 		byte[] commitment = new byte[COMMIT_LENGTH];
 		System.arraycopy(hash, 0, commitment, 0, COMMIT_LENGTH);
 		return commitment;
 	}
 	@Override
 	public SecretKey deriveSharedSecret(byte[] theirPublicKey,
 			KeyPair ourKeyPair, boolean alice) throws GeneralSecurityException {
 		PrivateKey ourPriv = ourKeyPair.getPrivate();
-		byte[][] hashInputs = new byte[inputs.length + 1][];
+		PublicKey theirPub = agreementKeyParser.parsePublicKey(theirPublicKey);
-		hashInputs[0] = performRawKeyAgreement(ourPriv, theirPublicKey);
+		byte[] raw = performRawKeyAgreement(ourPriv, theirPub);
-		System.arraycopy(inputs, 0, hashInputs, 1, inputs.length);
+		byte[] alicePub, bobPub;
-		byte[] hash = hash(label, hashInputs);
+		if (alice) {
-		if (hash.length != SecretKey.LENGTH) throw new IllegalStateException();
+			alicePub = ourKeyPair.getPublic().getEncoded();
-		return new SecretKey(hash);
+			bobPub = theirPublicKey;
 		} else {
 			alicePub = theirPublicKey;
 			bobPub = ourKeyPair.getPublic().getEncoded();
 		}
 		return new SecretKey(hash(SHARED_SECRET, raw, alicePub, bobPub));
 	}
 	@Override
 	public byte[] deriveConfirmationRecord(SecretKey sharedSecret,
 			byte[] theirPayload, byte[] ourPayload, byte[] theirPublicKey,
 			KeyPair ourKeyPair, boolean alice, boolean aliceRecord) {
 		SecretKey ck = new SecretKey(macKdf(sharedSecret, CONFIRMATION_KEY));
 		byte[] alicePayload, alicePub, bobPayload, bobPub;
 		if (alice) {
 			alicePayload = ourPayload;
 			alicePub = ourKeyPair.getPublic().getEncoded();
 			bobPayload = theirPayload;
 			bobPub = theirPublicKey;
 		} else {
 			alicePayload = theirPayload;
 			alicePub = theirPublicKey;
 			bobPayload = ourPayload;
 			bobPub = ourKeyPair.getPublic().getEncoded();
 		}
 		if (aliceRecord)
 			return macKdf(ck, alicePayload, alicePub, bobPayload, bobPub);
 		else
 			return macKdf(ck, bobPayload, bobPub, alicePayload, alicePub);
 	}
 	@Override
 	public SecretKey deriveMasterSecret(SecretKey sharedSecret) {
 		return new SecretKey(macKdf(sharedSecret, MASTER_KEY));
 	}
 	@Override
 	public SecretKey deriveMasterSecret(byte[] theirPublicKey,
 			KeyPair ourKeyPair, boolean alice) throws GeneralSecurityException {
 		return deriveMasterSecret(deriveSharedSecret(
 				theirPublicKey,ourKeyPair, alice));
 	}
 	@Override
 	public TransportKeys deriveTransportKeys(TransportId t,
 			SecretKey master, long rotationPeriod, boolean alice) {
 		// Keys for the previous period are derived from the master secret
 		SecretKey inTagPrev = deriveTagKey(master, t, !alice);
 		SecretKey inHeaderPrev = deriveHeaderKey(master, t, !alice);
 		SecretKey outTagPrev = deriveTagKey(master, t, alice);
 		SecretKey outHeaderPrev = deriveHeaderKey(master, t, alice);
 		// Derive the keys for the current and next periods
 		SecretKey inTagCurr = rotateKey(inTagPrev, rotationPeriod);
 		SecretKey inHeaderCurr = rotateKey(inHeaderPrev, rotationPeriod);
 		SecretKey inTagNext = rotateKey(inTagCurr, rotationPeriod + 1);
 		SecretKey inHeaderNext = rotateKey(inHeaderCurr, rotationPeriod + 1);
 		SecretKey outTagCurr = rotateKey(outTagPrev, rotationPeriod);
 		SecretKey outHeaderCurr = rotateKey(outHeaderPrev, rotationPeriod);
 		// Initialise the reordering windows and stream counters
 		IncomingKeys inPrev = new IncomingKeys(inTagPrev, inHeaderPrev,
 				rotationPeriod - 1);
 		IncomingKeys inCurr = new IncomingKeys(inTagCurr, inHeaderCurr,
 				rotationPeriod);
 		IncomingKeys inNext = new IncomingKeys(inTagNext, inHeaderNext,
 				rotationPeriod + 1);
 		OutgoingKeys outCurr = new OutgoingKeys(outTagCurr, outHeaderCurr,
 				rotationPeriod);
 		// Collect and return the keys
 		return new TransportKeys(t, inPrev, inCurr, inNext, outCurr);
 	}
 	@Override
 	public TransportKeys rotateTransportKeys(TransportKeys k,
 			long rotationPeriod) {
 		if (k.getRotationPeriod() >= rotationPeriod) return k;
 		IncomingKeys inPrev = k.getPreviousIncomingKeys();
 		IncomingKeys inCurr = k.getCurrentIncomingKeys();
 		IncomingKeys inNext = k.getNextIncomingKeys();
 		OutgoingKeys outCurr = k.getCurrentOutgoingKeys();
 		long startPeriod = outCurr.getRotationPeriod();
 		// Rotate the keys
 		for (long p = startPeriod + 1; p <= rotationPeriod; p++) {
 			inPrev = inCurr;
 			inCurr = inNext;
 			SecretKey inNextTag = rotateKey(inNext.getTagKey(), p + 1);
 			SecretKey inNextHeader = rotateKey(inNext.getHeaderKey(), p + 1);
 			inNext = new IncomingKeys(inNextTag, inNextHeader, p + 1);
 			SecretKey outCurrTag = rotateKey(outCurr.getTagKey(), p);
 			SecretKey outCurrHeader = rotateKey(outCurr.getHeaderKey(), p);
 			outCurr = new OutgoingKeys(outCurrTag, outCurrHeader, p);
 		}
 		// Collect and return the keys
 		return new TransportKeys(k.getTransportId(), inPrev, inCurr, inNext,
 				outCurr);
 	}
 	private SecretKey rotateKey(SecretKey k, long rotationPeriod) {
 		byte[] period = new byte[INT_64_BYTES];
 		ByteUtils.writeUint64(rotationPeriod, period, 0);
 		return new SecretKey(macKdf(k, ROTATE, period));
 	}
 	private SecretKey deriveTagKey(SecretKey master, TransportId t,
 			boolean alice) {
 		byte[] id = StringUtils.toUtf8(t.getString());
 		return new SecretKey(macKdf(master, alice ? A_TAG : B_TAG, id));
 	}
 	private SecretKey deriveHeaderKey(SecretKey master, TransportId t,
 			boolean alice) {
 		byte[] id = StringUtils.toUtf8(t.getString());
 		return new SecretKey(macKdf(master, alice ? A_HEADER : B_HEADER, id));
 	}
 	@Override
 	public void encodeTag(byte[] tag, SecretKey tagKey, long streamNumber) {
 		if (tag.length < TAG_LENGTH) throw new IllegalArgumentException();
 		if (streamNumber < 0 || streamNumber > MAX_32_BIT_UNSIGNED)
 			throw new IllegalArgumentException();
 		// Initialise the PRF
 		Digest prf = new Blake2sDigest(tagKey.getBytes());
 		// The output of the PRF must be long enough to use as a tag
 		int macLength = prf.getDigestSize();
 		if (macLength < TAG_LENGTH) throw new IllegalStateException();
 		// The input is the stream number as a 64-bit integer
 		byte[] input = new byte[INT_64_BYTES];
 		ByteUtils.writeUint64(streamNumber, input, 0);
 		prf.update(input, 0, input.length);
 		byte[] mac = new byte[macLength];
 		prf.doFinal(mac, 0);
 		// The output is the first TAG_LENGTH bytes of the MAC
 		System.arraycopy(mac, 0, tag, 0, TAG_LENGTH);
 	}
 	@Override
 	public byte[] sign(String label, byte[] toSign, byte[] privateKey)
 			throws GeneralSecurityException {
-		return sign(new SignatureImpl(secureRandom), signatureKeyParser, label,
+		Signature signature = new SignatureImpl(secureRandom);
-				toSign, privateKey);
+		KeyParser keyParser = getSignatureKeyParser();
 	}
 	@Override
 	public byte[] signEd(String label, byte[] toSign, byte[] privateKey)
 			throws GeneralSecurityException {
 		return sign(new EdSignature(), edKeyParser, label, toSign, privateKey);
 	}
 	private byte[] sign(Signature sig, KeyParser keyParser, String label,
 			byte[] toSign, byte[] privateKey) throws GeneralSecurityException {
 		PrivateKey key = keyParser.parsePrivateKey(privateKey);
-		sig.initSign(key);
+		signature.initSign(key);
-		updateSignature(sig, label, toSign);
+		updateSignature(signature, label, toSign);
-		return sig.sign();
+		return signature.sign();
 	}
 	@Override
 	public boolean verify(String label, byte[] signedData, byte[] publicKey,
 			byte[] signature) throws GeneralSecurityException {
-		return verify(new SignatureImpl(secureRandom), signatureKeyParser,
+		Signature sig = new SignatureImpl(secureRandom);
-				label, signedData, publicKey, signature);
+		KeyParser keyParser = getSignatureKeyParser();
 	}
 	@Override
 	public boolean verifyEd(String label, byte[] signedData, byte[] publicKey,
 			byte[] signature) throws GeneralSecurityException {
 		return verify(new EdSignature(), edKeyParser, label, signedData,
 				publicKey, signature);
 	}
 	private boolean verify(Signature sig, KeyParser keyParser, String label,
 			byte[] signedData, byte[] publicKey, byte[] signature)
 			throws GeneralSecurityException {
 		PublicKey key = keyParser.parsePublicKey(publicKey);
 		sig.initVerify(key);
 		updateSignature(sig, label, signedData);
@@ -283,7 +413,7 @@ class CryptoComponentImpl implements CryptoComponent {
 	}
 	private void updateSignature(Signature signature, String label,
-			byte[] toSign) throws GeneralSecurityException {
+			byte[] toSign) {
 		byte[] labelBytes = StringUtils.toUtf8(label);
 		byte[] length = new byte[INT_32_BYTES];
 		ByteUtils.writeUint32(labelBytes.length, length, 0);
@@ -313,13 +443,14 @@ class CryptoComponentImpl implements CryptoComponent {
 	}
 	@Override
-	public byte[] mac(String label, SecretKey macKey, byte[]... inputs) {
+	public int getHashLength() {
-		byte[] labelBytes = StringUtils.toUtf8(label);
+		return HASH_SIZE;
 	}
 	@Override
 	public byte[] mac(SecretKey macKey, byte[]... inputs) {
 		Digest mac = new Blake2sDigest(macKey.getBytes());
 		byte[] length = new byte[INT_32_BYTES];
 		ByteUtils.writeUint32(labelBytes.length, length, 0);
 		mac.update(length, 0, length.length);
 		mac.update(labelBytes, 0, labelBytes.length);
 		for (byte[] input : inputs) {
 			ByteUtils.writeUint32(input.length, length, 0);
 			mac.update(length, 0, length.length);
@@ -411,6 +542,30 @@ class CryptoComponentImpl implements CryptoComponent {
 		return AsciiArmour.wrap(b, lineLength);
 	}
 	// Key derivation function based on a pseudo-random function - see
 	// NIST SP 800-108, section 5.1
 	private byte[] macKdf(SecretKey key, byte[]... inputs) {
 		// Initialise the PRF
 		Digest prf = new Blake2sDigest(key.getBytes());
 		// The output of the PRF must be long enough to use as a key
 		int macLength = prf.getDigestSize();
 		if (macLength < SecretKey.LENGTH) throw new IllegalStateException();
 		// Calculate the PRF over the concatenated length-prefixed inputs
 		byte[] length = new byte[INT_32_BYTES];
 		for (byte[] input : inputs) {
 			ByteUtils.writeUint32(input.length, length, 0);
 			prf.update(length, 0, length.length);
 			prf.update(input, 0, input.length);
 		}
 		byte[] mac = new byte[macLength];
 		prf.doFinal(mac, 0);
 		// The output is the first SecretKey.LENGTH bytes of the MAC
 		if (mac.length == SecretKey.LENGTH) return mac;
 		byte[] truncated = new byte[SecretKey.LENGTH];
 		System.arraycopy(mac, 0, truncated, 0, truncated.length);
 		return truncated;
 	}
 	// Password-based key derivation function - see PKCS#5 v2.1, section 5.2
 	private byte[] pbkdf2(String password, byte[] salt, int iterations) {
 		byte[] utf8 = StringUtils.toUtf8(password);
@@ -424,8 +579,8 @@ class CryptoComponentImpl implements CryptoComponent {
 	// Package access for testing
 	int chooseIterationCount(int targetMillis) {
-		List<Long> quickSamples = new ArrayList<>(PBKDF_SAMPLES);
+		List<Long> quickSamples = new ArrayList<Long>(PBKDF_SAMPLES);
-		List<Long> slowSamples = new ArrayList<>(PBKDF_SAMPLES);
+		List<Long> slowSamples = new ArrayList<Long>(PBKDF_SAMPLES);
 		long iterationNanos = 0, initNanos = 0;
 		while (iterationNanos <= 0 || initNanos <= 0) {
 			// Sample the running time with one iteration and two iterations
@@ -452,7 +607,7 @@ class CryptoComponentImpl implements CryptoComponent {
 	}
 	private long sampleRunningTime(int iterations) {
-		byte[] password = {'p', 'a', 's', 's', 'w', 'o', 'r', 'd'};
+		byte[] password = { 'p', 'a', 's', 's', 'w', 'o', 'r', 'd' };
 		byte[] salt = new byte[PBKDF_SALT_BYTES];
 		int keyLengthInBits = SecretKey.LENGTH * 8;
 		long start = System.nanoTime();
--- a/bramble-core/src/main/java/org/briarproject/bramble/crypto/CryptoModule.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/crypto/CryptoModule.java
@@ -1,15 +1,12 @@
 package org.briarproject.bramble.crypto;
 import org.briarproject.bramble.TimeLoggingExecutor;
 import org.briarproject.bramble.api.crypto.CryptoComponent;
 import org.briarproject.bramble.api.crypto.CryptoExecutor;
 import org.briarproject.bramble.api.crypto.KeyAgreementCrypto;
 import org.briarproject.bramble.api.crypto.PasswordStrengthEstimator;
 import org.briarproject.bramble.api.crypto.StreamDecrypterFactory;
 import org.briarproject.bramble.api.crypto.StreamEncrypterFactory;
 import org.briarproject.bramble.api.crypto.TransportCrypto;
 import org.briarproject.bramble.api.lifecycle.LifecycleManager;
-import org.briarproject.bramble.api.system.SecureRandomProvider;
+import org.briarproject.bramble.api.system.SeedProvider;
 import java.security.SecureRandom;
 import java.util.concurrent.BlockingQueue;
@@ -34,29 +31,26 @@ public class CryptoModule {
 	public static class EagerSingletons {
 		@Inject
 		@CryptoExecutor
-		ExecutorService cryptoExecutor;
+		Executor cryptoExecutor;
 	}
 	/**
 	 * The maximum number of executor threads.
 	 * <p>
 	 * The number of available processors can change during the lifetime of the
 	 * JVM, so this is just a reasonable guess.
 	 */
 	private static final int MAX_EXECUTOR_THREADS =
-			Math.max(1, Runtime.getRuntime().availableProcessors() - 1);
+			Runtime.getRuntime().availableProcessors();
 	private final ExecutorService cryptoExecutor;
 	public CryptoModule() {
 		// Use an unbounded queue
-		BlockingQueue<Runnable> queue = new LinkedBlockingQueue<>();
+		BlockingQueue<Runnable> queue = new LinkedBlockingQueue<Runnable>();
 		// Discard tasks that are submitted during shutdown
 		RejectedExecutionHandler policy =
 				new ThreadPoolExecutor.DiscardPolicy();
 		// Create a limited # of threads and keep them in the pool for 60 secs
-		cryptoExecutor = new TimeLoggingExecutor("CryptoExecutor", 0,
+		cryptoExecutor = new ThreadPoolExecutor(0, MAX_EXECUTOR_THREADS,
-				MAX_EXECUTOR_THREADS, 60, SECONDS, queue, policy);
+				60, SECONDS, queue, policy);
 	}
 	@Provides
@@ -66,9 +60,8 @@ public class CryptoModule {
 	@Provides
 	@Singleton
-	CryptoComponent provideCryptoComponent(
+	CryptoComponent provideCryptoComponent(SeedProvider seedProvider) {
-			SecureRandomProvider secureRandomProvider) {
+		return new CryptoComponentImpl(seedProvider);
 		return new CryptoComponentImpl(secureRandomProvider);
 	}
 	@Provides
@@ -76,12 +69,6 @@ public class CryptoModule {
 		return new PasswordStrengthEstimatorImpl();
 	}
 	@Provides
 	TransportCrypto provideTransportCrypto(
 			TransportCryptoImpl transportCrypto) {
 		return transportCrypto;
 	}
 	@Provides
 	StreamDecrypterFactory provideStreamDecrypterFactory(
 			Provider<AuthenticatedCipher> cipherProvider) {
@@ -89,34 +76,19 @@ public class CryptoModule {
 	}
 	@Provides
-	StreamEncrypterFactory provideStreamEncrypterFactory(
+	StreamEncrypterFactory provideStreamEncrypterFactory(CryptoComponent crypto,
 			CryptoComponent crypto, TransportCrypto transportCrypto,
 			Provider<AuthenticatedCipher> cipherProvider) {
-		return new StreamEncrypterFactoryImpl(crypto, transportCrypto,
+		return new StreamEncrypterFactoryImpl(crypto, cipherProvider);
 				cipherProvider);
 	}
 	@Provides
 	KeyAgreementCrypto provideKeyAgreementCrypto(
 			KeyAgreementCryptoImpl keyAgreementCrypto) {
 		return keyAgreementCrypto;
 	}
 	@Provides
 	@Singleton
 	@CryptoExecutor
-	ExecutorService getCryptoExecutorService(
+	Executor getCryptoExecutor(LifecycleManager lifecycleManager) {
 			LifecycleManager lifecycleManager) {
 		lifecycleManager.registerForShutdown(cryptoExecutor);
 		return cryptoExecutor;
 	}
 	@Provides
 	@CryptoExecutor
 	Executor getCryptoExecutor() {
 		return cryptoExecutor;
 	}
 	@Provides
 	SecureRandom getSecureRandom(CryptoComponent crypto) {
 		return crypto.getSecureRandom();
--- a/bramble-core/src/main/java/org/briarproject/bramble/crypto/DoubleDigest.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/crypto/DoubleDigest.java
@@ -0,0 +1,76 @@
 package org.briarproject.bramble.crypto;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.spongycastle.crypto.Digest;
 import javax.annotation.concurrent.NotThreadSafe;
 /**
 * A message digest that prevents length extension attacks - see Ferguson and
 * Schneier, <i>Practical Cryptography</i>, chapter 6.
 * <p>
 * "Let h be an interative hash function. The hash function h<sub>d</sub> is
 * defined by h<sub>d</sub> := h(h(m)), and has a claimed security level of
 * min(k, n/2) where k is the security level of h and n is the size of the hash
 * result."
 */
@NotThreadSafe
@NotNullByDefault
 class DoubleDigest implements Digest {
 	private final Digest delegate;
 	DoubleDigest(Digest delegate) {
 		this.delegate = delegate;
 	}
 	private byte[] digest() {
 		byte[] digest = new byte[delegate.getDigestSize()];
 		delegate.doFinal(digest, 0); // h(m)
 		delegate.update(digest, 0, digest.length);
 		delegate.doFinal(digest, 0); // h(h(m))
 		return digest;
 	}
 	public int digest(byte[] buf, int offset, int len) {
 		byte[] digest = digest();
 		len = Math.min(len, digest.length);
 		System.arraycopy(digest, 0, buf, offset, len);
 		return len;
 	}
 	@Override
 	public int getDigestSize() {
 		return delegate.getDigestSize();
 	}
 	@Override
 	public String getAlgorithmName() {
 		return "Double " + delegate.getAlgorithmName();
 	}
 	@Override
 	public void reset() {
 		delegate.reset();
 	}
 	@Override
 	public void update(byte input) {
 		delegate.update(input);
 	}
 	public void update(byte[] input) {
 		delegate.update(input, 0, input.length);
 	}
 	@Override
 	public void update(byte[] input, int offset, int len) {
 		delegate.update(input, offset, len);
 	}
 	@Override
 	public int doFinal(byte[] out, int outOff) {
 		return digest(out, outOff, delegate.getDigestSize());
 	}
 }
--- a/bramble-core/src/main/java/org/briarproject/bramble/crypto/EdKeyParser.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/crypto/EdKeyParser.java
@@ -1,26 +0,0 @@
 package org.briarproject.bramble.crypto;
 import org.briarproject.bramble.api.crypto.KeyParser;
 import org.briarproject.bramble.api.crypto.PrivateKey;
 import org.briarproject.bramble.api.crypto.PublicKey;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import java.security.GeneralSecurityException;
@NotNullByDefault
 class EdKeyParser implements KeyParser {
 	@Override
 	public PublicKey parsePublicKey(byte[] encodedKey)
 			throws GeneralSecurityException {
 		if (encodedKey.length != 32) throw new GeneralSecurityException();
 		return new EdPublicKey(encodedKey);
 	}
 	@Override
 	public PrivateKey parsePrivateKey(byte[] encodedKey)
 			throws GeneralSecurityException {
 		if (encodedKey.length != 32) throw new GeneralSecurityException();
 		return new EdPrivateKey(encodedKey);
 	}
 }
--- a/bramble-core/src/main/java/org/briarproject/bramble/crypto/EdPrivateKey.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/crypto/EdPrivateKey.java
@@ -1,18 +0,0 @@
 package org.briarproject.bramble.crypto;
 import org.briarproject.bramble.api.Bytes;
 import org.briarproject.bramble.api.crypto.PrivateKey;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
@NotNullByDefault
 class EdPrivateKey extends Bytes implements PrivateKey {
 	EdPrivateKey(byte[] bytes) {
 		super(bytes);
 	}
 	@Override
 	public byte[] getEncoded() {
 		return getBytes();
 	}
 }
--- a/bramble-core/src/main/java/org/briarproject/bramble/crypto/EdPublicKey.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/crypto/EdPublicKey.java
@@ -1,18 +0,0 @@
 package org.briarproject.bramble.crypto;
 import org.briarproject.bramble.api.Bytes;
 import org.briarproject.bramble.api.crypto.PublicKey;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
@NotNullByDefault
 class EdPublicKey extends Bytes implements PublicKey {
 	EdPublicKey(byte[] bytes) {
 		super(bytes);
 	}
 	@Override
 	public byte[] getEncoded() {
 		return getBytes();
 	}
 }
--- a/bramble-core/src/main/java/org/briarproject/bramble/crypto/EdSignature.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/crypto/EdSignature.java
@@ -1,83 +0,0 @@
 package org.briarproject.bramble.crypto;
 import net.i2p.crypto.eddsa.EdDSAPrivateKey;
 import net.i2p.crypto.eddsa.EdDSAPublicKey;
 import net.i2p.crypto.eddsa.EdDSASecurityProvider;
 import net.i2p.crypto.eddsa.spec.EdDSANamedCurveSpec;
 import net.i2p.crypto.eddsa.spec.EdDSANamedCurveTable;
 import net.i2p.crypto.eddsa.spec.EdDSAPrivateKeySpec;
 import net.i2p.crypto.eddsa.spec.EdDSAPublicKeySpec;
 import org.briarproject.bramble.api.crypto.PrivateKey;
 import org.briarproject.bramble.api.crypto.PublicKey;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import java.security.GeneralSecurityException;
 import java.security.NoSuchAlgorithmException;
 import java.security.Provider;
 import static net.i2p.crypto.eddsa.EdDSAEngine.SIGNATURE_ALGORITHM;
@NotNullByDefault
 class EdSignature implements Signature {
 	private static final Provider PROVIDER = new EdDSASecurityProvider();
 	private static final EdDSANamedCurveSpec CURVE_SPEC =
 			EdDSANamedCurveTable.getByName("Ed25519");
 	private final java.security.Signature signature;
 	EdSignature() {
 		try {
 			signature = java.security.Signature
 					.getInstance(SIGNATURE_ALGORITHM, PROVIDER);
 		} catch (NoSuchAlgorithmException e) {
 			throw new AssertionError(e);
 		}
 	}
 	@Override
 	public void initSign(PrivateKey k) throws GeneralSecurityException {
 		if (!(k instanceof EdPrivateKey))
 			throw new IllegalArgumentException();
 		EdDSAPrivateKey privateKey = new EdDSAPrivateKey(
 				new EdDSAPrivateKeySpec(k.getEncoded(), CURVE_SPEC));
 		signature.initSign(privateKey);
 	}
 	@Override
 	public void initVerify(PublicKey k) throws GeneralSecurityException {
 		if (!(k instanceof EdPublicKey))
 			throw new IllegalArgumentException();
 		EdDSAPublicKey publicKey = new EdDSAPublicKey(
 				new EdDSAPublicKeySpec(k.getEncoded(), CURVE_SPEC));
 		signature.initVerify(publicKey);
 	}
 	@Override
 	public void update(byte b) throws GeneralSecurityException {
 		signature.update(b);
 	}
 	@Override
 	public void update(byte[] b) throws GeneralSecurityException {
 		signature.update(b);
 	}
 	@Override
 	public void update(byte[] b, int off, int len)
 			throws GeneralSecurityException {
 		signature.update(b, off, len);
 	}
 	@Override
 	public byte[] sign() throws GeneralSecurityException {
 		return signature.sign();
 	}
 	@Override
 	public boolean verify(byte[] sig) throws GeneralSecurityException {
 		return signature.verify(sig);
 	}
 }
--- a/bramble-core/src/main/java/org/briarproject/bramble/crypto/FortunaGenerator.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/crypto/FortunaGenerator.java
@@ -0,0 +1,114 @@
 package org.briarproject.bramble.crypto;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.spongycastle.crypto.BlockCipher;
 import org.spongycastle.crypto.digests.SHA256Digest;
 import org.spongycastle.crypto.engines.AESLightEngine;
 import org.spongycastle.crypto.params.KeyParameter;
 import java.util.concurrent.locks.Lock;
 import java.util.concurrent.locks.ReentrantLock;
 import javax.annotation.concurrent.ThreadSafe;
 /**
 * Implements the Fortuna pseudo-random number generator, as described in
 * Ferguson and Schneier, <i>Practical Cryptography</i>, chapter 9.
 */
@ThreadSafe
@NotNullByDefault
 class FortunaGenerator {
 	private static final int MAX_BYTES_PER_REQUEST = 1024 * 1024;
 	private static final int KEY_BYTES = 32;
 	private static final int BLOCK_BYTES = 16;
 	private final Lock lock = new ReentrantLock();
 	// The following are locking: lock
 	private final DoubleDigest digest = new DoubleDigest(new SHA256Digest());
 	private final BlockCipher cipher = new AESLightEngine();
 	private final byte[] key = new byte[KEY_BYTES];
 	private final byte[] counter = new byte[BLOCK_BYTES];
 	private final byte[] buffer = new byte[BLOCK_BYTES];
 	private final byte[] newKey = new byte[KEY_BYTES];
 	FortunaGenerator(byte[] seed) {
 		reseed(seed);
 	}
 	void reseed(byte[] seed) {
 		lock.lock();
 		try {
 			digest.update(key);
 			digest.update(seed);
 			digest.digest(key, 0, KEY_BYTES);
 			incrementCounter();
 		} finally {
 			lock.unlock();
 		}
 	}
 	// Package access for testing
 	void incrementCounter() {
 		lock.lock();
 		try {
 			counter[0]++;
 			for (int i = 0; counter[i] == 0; i++) {
 				if (i + 1 == BLOCK_BYTES)
 					throw new RuntimeException("Counter exhausted");
 				counter[i + 1]++;
 			}
 		} finally {
 			lock.unlock();
 		}
 	}
 	// Package access for testing
 	byte[] getCounter() {
 		lock.lock();
 		try {
 			return counter;
 		} finally {
 			lock.unlock();
 		}
 	}
 	int nextBytes(byte[] dest, int off, int len) {
 		lock.lock();
 		try {
 			// Don't write more than the maximum number of bytes in one request
 			if (len > MAX_BYTES_PER_REQUEST) len = MAX_BYTES_PER_REQUEST;
 			cipher.init(true, new KeyParameter(key));
 			// Generate full blocks directly into the output buffer
 			int fullBlocks = len / BLOCK_BYTES;
 			for (int i = 0; i < fullBlocks; i++) {
 				cipher.processBlock(counter, 0, dest, off + i * BLOCK_BYTES);
 				incrementCounter();
 			}
 			// Generate a partial block if needed
 			int done = fullBlocks * BLOCK_BYTES, remaining = len - done;
 			if (remaining >= BLOCK_BYTES) throw new AssertionError();
 			if (remaining > 0) {
 				cipher.processBlock(counter, 0, buffer, 0);
 				incrementCounter();
 				// Copy the partial block to the output buffer and erase our copy
 				System.arraycopy(buffer, 0, dest, off + done, remaining);
 				for (int i = 0; i < BLOCK_BYTES; i++) buffer[i] = 0;
 			}
 			// Generate a new key
 			for (int i = 0; i < KEY_BYTES / BLOCK_BYTES; i++) {
 				cipher.processBlock(counter, 0, newKey, i * BLOCK_BYTES);
 				incrementCounter();
 			}
 			System.arraycopy(newKey, 0, key, 0, KEY_BYTES);
 			for (int i = 0; i < KEY_BYTES; i++) newKey[i] = 0;
 			// Return the number of bytes written
 			return len;
 		} finally {
 			lock.unlock();
 		}
 	}
 }
--- a/bramble-core/src/main/java/org/briarproject/bramble/crypto/FortunaSecureRandom.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/crypto/FortunaSecureRandom.java
@@ -0,0 +1,81 @@
 package org.briarproject.bramble.crypto;
 import org.briarproject.bramble.util.StringUtils;
 import java.security.Provider;
 import java.security.SecureRandom;
 import java.security.SecureRandomSpi;
 import java.util.Arrays;
 /**
 * A {@link java.security.SecureRandom SecureRandom} implementation based on a
 * {@link FortunaGenerator}.
 */
 class FortunaSecureRandom extends SecureRandom {
 	// Package access for testing
 	static final byte[] SELF_TEST_VECTOR_1 =
 			StringUtils.fromHexString("4BD6EA599D47E3EE9DD911833C29CA22");
 	static final byte[] SELF_TEST_VECTOR_2 =
 			StringUtils.fromHexString("10984D576E6850E505CA9F42A9BFD88A");
 	static final byte[] SELF_TEST_VECTOR_3 =
 			StringUtils.fromHexString("1E12DA166BD86DCECDE50A8296018DE2");
 	private static final Provider PROVIDER = new FortunaProvider();
 	FortunaSecureRandom(byte[] seed) {
 		super(new FortunaSecureRandomSpi(seed), PROVIDER);
 	}
 	/**
 	 * Tests that the {@link #nextBytes(byte[])} and {@link #setSeed(byte[])}
 	 * methods are passed through to the generator in the expected way.
 	 */
 	static boolean selfTest() {
 		byte[] seed = new byte[32];
 		SecureRandom r = new FortunaSecureRandom(seed);
 		byte[] output = new byte[16];
 		r.nextBytes(output);
 		if (!Arrays.equals(SELF_TEST_VECTOR_1, output)) return false;
 		r.nextBytes(output);
 		if (!Arrays.equals(SELF_TEST_VECTOR_2, output)) return false;
 		r.setSeed(seed);
 		r.nextBytes(output);
 		return Arrays.equals(SELF_TEST_VECTOR_3, output);
 	}
 	private static class FortunaSecureRandomSpi extends SecureRandomSpi {
 		private final FortunaGenerator generator;
 		private FortunaSecureRandomSpi(byte[] seed) {
 			generator = new FortunaGenerator(seed);
 		}
 		@Override
 		protected byte[] engineGenerateSeed(int numBytes) {
 			byte[] b = new byte[numBytes];
 			engineNextBytes(b);
 			return b;
 		}
 		@Override
 		protected void engineNextBytes(byte[] b) {
 			int offset = 0;
 			while (offset < b.length)
 				offset += generator.nextBytes(b, offset, b.length - offset);
 		}
 		@Override
 		protected void engineSetSeed(byte[] seed) {
 			generator.reseed(seed);
 		}
 	}
 	private static class FortunaProvider extends Provider {
 		private FortunaProvider() {
 			super("Fortuna", 1.0, "");
 		}
 	}
 }
--- a/bramble-core/src/main/java/org/briarproject/bramble/crypto/KeyAgreementCryptoImpl.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/crypto/KeyAgreementCryptoImpl.java
@@ -1,56 +0,0 @@
 package org.briarproject.bramble.crypto;
 import org.briarproject.bramble.api.crypto.CryptoComponent;
 import org.briarproject.bramble.api.crypto.KeyAgreementCrypto;
 import org.briarproject.bramble.api.crypto.KeyPair;
 import org.briarproject.bramble.api.crypto.PublicKey;
 import org.briarproject.bramble.api.crypto.SecretKey;
 import javax.inject.Inject;
 import static org.briarproject.bramble.api.keyagreement.KeyAgreementConstants.COMMIT_LENGTH;
 class KeyAgreementCryptoImpl implements KeyAgreementCrypto {
 	private final CryptoComponent crypto;
 	@Inject
 	KeyAgreementCryptoImpl(CryptoComponent crypto) {
 		this.crypto = crypto;
 	}
 	@Override
 	public byte[] deriveKeyCommitment(PublicKey publicKey) {
 		byte[] hash = crypto.hash(COMMIT_LABEL, publicKey.getEncoded());
 		// The output is the first COMMIT_LENGTH bytes of the hash
 		byte[] commitment = new byte[COMMIT_LENGTH];
 		System.arraycopy(hash, 0, commitment, 0, COMMIT_LENGTH);
 		return commitment;
 	}
 	@Override
 	public byte[] deriveConfirmationRecord(SecretKey sharedSecret,
 			byte[] theirPayload, byte[] ourPayload, PublicKey theirPublicKey,
 			KeyPair ourKeyPair, boolean alice, boolean aliceRecord) {
 		SecretKey ck = crypto.deriveKey(CONFIRMATION_KEY_LABEL, sharedSecret);
 		byte[] alicePayload, alicePub, bobPayload, bobPub;
 		if (alice) {
 			alicePayload = ourPayload;
 			alicePub = ourKeyPair.getPublic().getEncoded();
 			bobPayload = theirPayload;
 			bobPub = theirPublicKey.getEncoded();
 		} else {
 			alicePayload = theirPayload;
 			alicePub = theirPublicKey.getEncoded();
 			bobPayload = ourPayload;
 			bobPub = ourKeyPair.getPublic().getEncoded();
 		}
 		if (aliceRecord) {
 			return crypto.mac(CONFIRMATION_MAC_LABEL, ck, alicePayload,
 					alicePub, bobPayload, bobPub);
 		} else {
 			return crypto.mac(CONFIRMATION_MAC_LABEL, ck, bobPayload, bobPub,
 					alicePayload, alicePub);
 		}
 	}
 }
--- a/bramble-core/src/main/java/org/briarproject/bramble/crypto/PasswordStrengthEstimatorImpl.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/crypto/PasswordStrengthEstimatorImpl.java
@@ -11,14 +11,31 @@ import javax.annotation.concurrent.Immutable;
@NotNullByDefault
 class PasswordStrengthEstimatorImpl implements PasswordStrengthEstimator {
-	// The minimum number of unique characters in a strong password
+	private static final int LOWER = 26;
-	private static final int STRONG_UNIQUE_CHARS = 12;
+	private static final int UPPER = 26;
 	private static final int DIGIT = 10;
 	private static final int OTHER = 10;
 	private static final double STRONG = Math.log(Math.pow(LOWER + UPPER +
 			DIGIT + OTHER, 10));
 	@Override
 	public float estimateStrength(String password) {
-		HashSet<Character> unique = new HashSet<>();
+		HashSet<Character> unique = new HashSet<Character>();
 		int length = password.length();
 		for (int i = 0; i < length; i++) unique.add(password.charAt(i));
-		return Math.min(1, (float) unique.size() / STRONG_UNIQUE_CHARS);
+		boolean lower = false, upper = false, digit = false, other = false;
 		for (char c : unique) {
 			if (Character.isLowerCase(c)) lower = true;
 			else if (Character.isUpperCase(c)) upper = true;
 			else if (Character.isDigit(c)) digit = true;
 			else other = true;
 		}
 		int alphabetSize = 0;
 		if (lower) alphabetSize += LOWER;
 		if (upper) alphabetSize += UPPER;
 		if (digit) alphabetSize += DIGIT;
 		if (other) alphabetSize += OTHER;
 		double score = Math.log(Math.pow(alphabetSize, unique.size()));
 		return Math.min(1, (float) (score / STRONG));
 	}
 }
--- a/bramble-core/src/main/java/org/briarproject/bramble/crypto/PseudoRandomImpl.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/crypto/PseudoRandomImpl.java
@@ -0,0 +1,31 @@
 package org.briarproject.bramble.crypto;
 import org.briarproject.bramble.api.crypto.PseudoRandom;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.util.ByteUtils;
 import javax.annotation.concurrent.NotThreadSafe;
 import static org.briarproject.bramble.util.ByteUtils.INT_32_BYTES;
@NotThreadSafe
@NotNullByDefault
 class PseudoRandomImpl implements PseudoRandom {
 	private final FortunaGenerator generator;
 	PseudoRandomImpl(int seed1, int seed2) {
 		byte[] seed = new byte[INT_32_BYTES * 2];
 		ByteUtils.writeUint32(seed1, seed, 0);
 		ByteUtils.writeUint32(seed2, seed, INT_32_BYTES);
 		generator = new FortunaGenerator(seed);
 	}
 	@Override
 	public byte[] nextBytes(int length) {
 		byte[] b = new byte[length];
 		int offset = 0;
 		while (offset < length) offset += generator.nextBytes(b, offset, length);
 		return b;
 	}
 }
--- a/bramble-core/src/main/java/org/briarproject/bramble/crypto/Signature.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/crypto/Signature.java
@@ -22,25 +22,25 @@ interface Signature {
 	/**
 	 * @see {@link java.security.Signature#update(byte)}
 	 */
-	void update(byte b) throws GeneralSecurityException;
+	void update(byte b);
 	/**
 	 * @see {@link java.security.Signature#update(byte[])}
 	 */
-	void update(byte[] b) throws GeneralSecurityException;
+	void update(byte[] b);
 	/**
 	 * @see {@link java.security.Signature#update(byte[], int, int)}
 	 */
-	void update(byte[] b, int off, int len) throws GeneralSecurityException;
+	void update(byte[] b, int off, int len);
 	/**
 	 * @see {@link java.security.Signature#sign()}
 	 */
-	byte[] sign() throws GeneralSecurityException;
+	byte[] sign();
 	/**
 	 * @see {@link java.security.Signature#verify(byte[])}
 	 */
-	boolean verify(byte[] signature) throws GeneralSecurityException;
+	boolean verify(byte[] signature);
 }
--- a/bramble-core/src/main/java/org/briarproject/bramble/crypto/StreamDecrypterFactoryImpl.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/crypto/StreamDecrypterFactoryImpl.java
@@ -32,7 +32,7 @@ class StreamDecrypterFactoryImpl implements StreamDecrypterFactory {
 	}
 	@Override
-	public StreamDecrypter createContactExchangeStreamDecrypter(InputStream in,
+	public StreamDecrypter createInvitationStreamDecrypter(InputStream in,
 			SecretKey headerKey) {
 		return new StreamDecrypterImpl(in, cipherProvider.get(), 0, headerKey);
 	}
--- a/bramble-core/src/main/java/org/briarproject/bramble/crypto/StreamDecrypterImpl.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/crypto/StreamDecrypterImpl.java
@@ -20,11 +20,9 @@ import static org.briarproject.bramble.api.transport.TransportConstants.FRAME_NO
 import static org.briarproject.bramble.api.transport.TransportConstants.MAC_LENGTH;
 import static org.briarproject.bramble.api.transport.TransportConstants.MAX_FRAME_LENGTH;
 import static org.briarproject.bramble.api.transport.TransportConstants.MAX_PAYLOAD_LENGTH;
-import static org.briarproject.bramble.api.transport.TransportConstants.PROTOCOL_VERSION;
+import static org.briarproject.bramble.api.transport.TransportConstants.STREAM_HEADER_IV_LENGTH;
 import static org.briarproject.bramble.api.transport.TransportConstants.STREAM_HEADER_LENGTH;
 import static org.briarproject.bramble.api.transport.TransportConstants.STREAM_HEADER_NONCE_LENGTH;
 import static org.briarproject.bramble.api.transport.TransportConstants.STREAM_HEADER_PLAINTEXT_LENGTH;
 import static org.briarproject.bramble.util.ByteUtils.INT_16_BYTES;
 import static org.briarproject.bramble.util.ByteUtils.INT_64_BYTES;
@NotThreadSafe
@@ -119,7 +117,7 @@ class StreamDecrypterImpl implements StreamDecrypter {
 	private void readStreamHeader() throws IOException {
 		byte[] streamHeaderCiphertext = new byte[STREAM_HEADER_LENGTH];
-		byte[] streamHeaderPlaintext = new byte[STREAM_HEADER_PLAINTEXT_LENGTH];
+		byte[] streamHeaderPlaintext = new byte[SecretKey.LENGTH];
 		// Read the stream header
 		int offset = 0;
 		while (offset < STREAM_HEADER_LENGTH) {
@@ -128,35 +126,21 @@ class StreamDecrypterImpl implements StreamDecrypter {
 			if (read == -1) throw new EOFException();
 			offset += read;
 		}
-		// Extract the nonce
+		// The nonce consists of the stream number followed by the IV
 		byte[] streamHeaderNonce = new byte[STREAM_HEADER_NONCE_LENGTH];
-		System.arraycopy(streamHeaderCiphertext, 0, streamHeaderNonce, 0,
+		ByteUtils.writeUint64(streamNumber, streamHeaderNonce, 0);
-				STREAM_HEADER_NONCE_LENGTH);
+		System.arraycopy(streamHeaderCiphertext, 0, streamHeaderNonce,
 				INT_64_BYTES, STREAM_HEADER_IV_LENGTH);
 		// Decrypt and authenticate the stream header
 		try {
 			cipher.init(false, streamHeaderKey, streamHeaderNonce);
 			int decrypted = cipher.process(streamHeaderCiphertext,
-					STREAM_HEADER_NONCE_LENGTH,
+					STREAM_HEADER_IV_LENGTH, SecretKey.LENGTH + MAC_LENGTH,
 					STREAM_HEADER_PLAINTEXT_LENGTH + MAC_LENGTH,
 					streamHeaderPlaintext, 0);
-			if (decrypted != STREAM_HEADER_PLAINTEXT_LENGTH)
+			if (decrypted != SecretKey.LENGTH) throw new RuntimeException();
 				throw new RuntimeException();
 		} catch (GeneralSecurityException e) {
 			throw new FormatException();
 		}
-		// Check the protocol version
+		frameKey = new SecretKey(streamHeaderPlaintext);
 		int receivedProtocolVersion =
 				ByteUtils.readUint16(streamHeaderPlaintext, 0);
 		if (receivedProtocolVersion != PROTOCOL_VERSION)
 			throw new FormatException();
 		// Check the stream number
 		long receivedStreamNumber = ByteUtils.readUint64(streamHeaderPlaintext,
 				INT_16_BYTES);
 		if (receivedStreamNumber != streamNumber) throw new FormatException();
 		// Extract the frame key
 		byte[] frameKeyBytes = new byte[SecretKey.LENGTH];
 		System.arraycopy(streamHeaderPlaintext, INT_16_BYTES + INT_64_BYTES,
 				frameKeyBytes, 0, SecretKey.LENGTH);
 		frameKey = new SecretKey(frameKeyBytes);
 	}
 }
--- a/bramble-core/src/main/java/org/briarproject/bramble/crypto/StreamEncrypterFactoryImpl.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/crypto/StreamEncrypterFactoryImpl.java
@@ -4,7 +4,6 @@ import org.briarproject.bramble.api.crypto.CryptoComponent;
 import org.briarproject.bramble.api.crypto.SecretKey;
 import org.briarproject.bramble.api.crypto.StreamEncrypter;
 import org.briarproject.bramble.api.crypto.StreamEncrypterFactory;
 import org.briarproject.bramble.api.crypto.TransportCrypto;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.transport.StreamContext;
@@ -14,8 +13,7 @@ import javax.annotation.concurrent.Immutable;
 import javax.inject.Inject;
 import javax.inject.Provider;
-import static org.briarproject.bramble.api.transport.TransportConstants.PROTOCOL_VERSION;
+import static org.briarproject.bramble.api.transport.TransportConstants.STREAM_HEADER_IV_LENGTH;
 import static org.briarproject.bramble.api.transport.TransportConstants.STREAM_HEADER_NONCE_LENGTH;
 import static org.briarproject.bramble.api.transport.TransportConstants.TAG_LENGTH;
@Immutable
@@ -23,15 +21,12 @@ import static org.briarproject.bramble.api.transport.TransportConstants.TAG_LENG
 class StreamEncrypterFactoryImpl implements StreamEncrypterFactory {
 	private final CryptoComponent crypto;
 	private final TransportCrypto transportCrypto;
 	private final Provider<AuthenticatedCipher> cipherProvider;
 	@Inject
 	StreamEncrypterFactoryImpl(CryptoComponent crypto,
 			TransportCrypto transportCrypto,
 			Provider<AuthenticatedCipher> cipherProvider) {
 		this.crypto = crypto;
 		this.transportCrypto = transportCrypto;
 		this.cipherProvider = cipherProvider;
 	}
@@ -41,23 +36,22 @@ class StreamEncrypterFactoryImpl implements StreamEncrypterFactory {
 		AuthenticatedCipher cipher = cipherProvider.get();
 		long streamNumber = ctx.getStreamNumber();
 		byte[] tag = new byte[TAG_LENGTH];
-		transportCrypto.encodeTag(tag, ctx.getTagKey(), PROTOCOL_VERSION,
+		crypto.encodeTag(tag, ctx.getTagKey(), streamNumber);
-				streamNumber);
+		byte[] streamHeaderIv = new byte[STREAM_HEADER_IV_LENGTH];
-		byte[] streamHeaderNonce = new byte[STREAM_HEADER_NONCE_LENGTH];
+		crypto.getSecureRandom().nextBytes(streamHeaderIv);
 		crypto.getSecureRandom().nextBytes(streamHeaderNonce);
 		SecretKey frameKey = crypto.generateSecretKey();
 		return new StreamEncrypterImpl(out, cipher, streamNumber, tag,
-				streamHeaderNonce, ctx.getHeaderKey(), frameKey);
+				streamHeaderIv, ctx.getHeaderKey(), frameKey);
 	}
 	@Override
-	public StreamEncrypter createContactExchangeStreamDecrypter(
+	public StreamEncrypter createInvitationStreamEncrypter(OutputStream out,
-			OutputStream out, SecretKey headerKey) {
+			SecretKey headerKey) {
 		AuthenticatedCipher cipher = cipherProvider.get();
-		byte[] streamHeaderNonce = new byte[STREAM_HEADER_NONCE_LENGTH];
+		byte[] streamHeaderIv = new byte[STREAM_HEADER_IV_LENGTH];
-		crypto.getSecureRandom().nextBytes(streamHeaderNonce);
+		crypto.getSecureRandom().nextBytes(streamHeaderIv);
 		SecretKey frameKey = crypto.generateSecretKey();
-		return new StreamEncrypterImpl(out, cipher, 0, null, streamHeaderNonce,
+		return new StreamEncrypterImpl(out, cipher, 0, null, streamHeaderIv,
 				headerKey, frameKey);
 	}
 }
--- a/bramble-core/src/main/java/org/briarproject/bramble/crypto/StreamEncrypterImpl.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/crypto/StreamEncrypterImpl.java
@@ -18,11 +18,9 @@ import static org.briarproject.bramble.api.transport.TransportConstants.FRAME_NO
 import static org.briarproject.bramble.api.transport.TransportConstants.MAC_LENGTH;
 import static org.briarproject.bramble.api.transport.TransportConstants.MAX_FRAME_LENGTH;
 import static org.briarproject.bramble.api.transport.TransportConstants.MAX_PAYLOAD_LENGTH;
-import static org.briarproject.bramble.api.transport.TransportConstants.PROTOCOL_VERSION;
+import static org.briarproject.bramble.api.transport.TransportConstants.STREAM_HEADER_IV_LENGTH;
 import static org.briarproject.bramble.api.transport.TransportConstants.STREAM_HEADER_LENGTH;
 import static org.briarproject.bramble.api.transport.TransportConstants.STREAM_HEADER_NONCE_LENGTH;
 import static org.briarproject.bramble.api.transport.TransportConstants.STREAM_HEADER_PLAINTEXT_LENGTH;
 import static org.briarproject.bramble.util.ByteUtils.INT_16_BYTES;
 import static org.briarproject.bramble.util.ByteUtils.INT_64_BYTES;
@NotThreadSafe
@@ -35,7 +33,7 @@ class StreamEncrypterImpl implements StreamEncrypter {
 	private final long streamNumber;
 	@Nullable
 	private final byte[] tag;
-	private final byte[] streamHeaderNonce;
+	private final byte[] streamHeaderIv;
 	private final byte[] frameNonce, frameHeader;
 	private final byte[] framePlaintext, frameCiphertext;
@@ -43,13 +41,13 @@ class StreamEncrypterImpl implements StreamEncrypter {
 	private boolean writeTag, writeStreamHeader;
 	StreamEncrypterImpl(OutputStream out, AuthenticatedCipher cipher,
-			long streamNumber, @Nullable byte[] tag, byte[] streamHeaderNonce,
+			long streamNumber, @Nullable byte[] tag, byte[] streamHeaderIv,
 			SecretKey streamHeaderKey, SecretKey frameKey) {
 		this.out = out;
 		this.cipher = cipher;
 		this.streamNumber = streamNumber;
 		this.tag = tag;
-		this.streamHeaderNonce = streamHeaderNonce;
+		this.streamHeaderIv = streamHeaderIv;
 		this.streamHeaderKey = streamHeaderKey;
 		this.frameKey = frameKey;
 		frameNonce = new byte[FRAME_NONCE_LENGTH];
@@ -64,8 +62,6 @@ class StreamEncrypterImpl implements StreamEncrypter {
 	@Override
 	public void writeFrame(byte[] payload, int payloadLength,
 			int paddingLength, boolean finalFrame) throws IOException {
 		if (payloadLength < 0 || paddingLength < 0)
 			throw new IllegalArgumentException();
 		if (payloadLength + paddingLength > MAX_PAYLOAD_LENGTH)
 			throw new IllegalArgumentException();
 		// Don't allow the frame counter to wrap
@@ -116,23 +112,22 @@ class StreamEncrypterImpl implements StreamEncrypter {
 	}
 	private void writeStreamHeader() throws IOException {
-		// The header contains the protocol version, stream number and frame key
+		// The nonce consists of the stream number followed by the IV
-		byte[] streamHeaderPlaintext = new byte[STREAM_HEADER_PLAINTEXT_LENGTH];
+		byte[] streamHeaderNonce = new byte[STREAM_HEADER_NONCE_LENGTH];
-		ByteUtils.writeUint16(PROTOCOL_VERSION, streamHeaderPlaintext, 0);
+		ByteUtils.writeUint64(streamNumber, streamHeaderNonce, 0);
-		ByteUtils.writeUint64(streamNumber, streamHeaderPlaintext,
+		System.arraycopy(streamHeaderIv, 0, streamHeaderNonce, INT_64_BYTES,
-				INT_16_BYTES);
+				STREAM_HEADER_IV_LENGTH);
-		System.arraycopy(frameKey.getBytes(), 0, streamHeaderPlaintext,
+		byte[] streamHeaderPlaintext = frameKey.getBytes();
 				INT_16_BYTES + INT_64_BYTES, SecretKey.LENGTH);
 		byte[] streamHeaderCiphertext = new byte[STREAM_HEADER_LENGTH];
-		System.arraycopy(streamHeaderNonce, 0, streamHeaderCiphertext, 0,
+		System.arraycopy(streamHeaderIv, 0, streamHeaderCiphertext, 0,
-				STREAM_HEADER_NONCE_LENGTH);
+				STREAM_HEADER_IV_LENGTH);
-		// Encrypt and authenticate the stream header key
+		// Encrypt and authenticate the frame key
 		try {
 			cipher.init(true, streamHeaderKey, streamHeaderNonce);
 			int encrypted = cipher.process(streamHeaderPlaintext, 0,
-					STREAM_HEADER_PLAINTEXT_LENGTH, streamHeaderCiphertext,
+					SecretKey.LENGTH, streamHeaderCiphertext,
-					STREAM_HEADER_NONCE_LENGTH);
+					STREAM_HEADER_IV_LENGTH);
-			if (encrypted != STREAM_HEADER_PLAINTEXT_LENGTH + MAC_LENGTH)
+			if (encrypted != SecretKey.LENGTH + MAC_LENGTH)
 				throw new RuntimeException();
 		} catch (GeneralSecurityException badCipher) {
 			throw new RuntimeException(badCipher);
--- a/bramble-core/src/main/java/org/briarproject/bramble/crypto/TransportCryptoImpl.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/crypto/TransportCryptoImpl.java
@@ -1,135 +0,0 @@
 package org.briarproject.bramble.crypto;
 import org.briarproject.bramble.api.crypto.CryptoComponent;
 import org.briarproject.bramble.api.crypto.SecretKey;
 import org.briarproject.bramble.api.crypto.TransportCrypto;
 import org.briarproject.bramble.api.plugin.TransportId;
 import org.briarproject.bramble.api.transport.IncomingKeys;
 import org.briarproject.bramble.api.transport.OutgoingKeys;
 import org.briarproject.bramble.api.transport.TransportKeys;
 import org.briarproject.bramble.util.ByteUtils;
 import org.briarproject.bramble.util.StringUtils;
 import org.spongycastle.crypto.Digest;
 import javax.inject.Inject;
 import static org.briarproject.bramble.api.transport.TransportConstants.ALICE_HEADER_LABEL;
 import static org.briarproject.bramble.api.transport.TransportConstants.ALICE_TAG_LABEL;
 import static org.briarproject.bramble.api.transport.TransportConstants.BOB_HEADER_LABEL;
 import static org.briarproject.bramble.api.transport.TransportConstants.BOB_TAG_LABEL;
 import static org.briarproject.bramble.api.transport.TransportConstants.ROTATE_LABEL;
 import static org.briarproject.bramble.api.transport.TransportConstants.TAG_LENGTH;
 import static org.briarproject.bramble.util.ByteUtils.INT_16_BYTES;
 import static org.briarproject.bramble.util.ByteUtils.INT_64_BYTES;
 import static org.briarproject.bramble.util.ByteUtils.MAX_16_BIT_UNSIGNED;
 import static org.briarproject.bramble.util.ByteUtils.MAX_32_BIT_UNSIGNED;
 class TransportCryptoImpl implements TransportCrypto {
 	private final CryptoComponent crypto;
 	@Inject
 	TransportCryptoImpl(CryptoComponent crypto) {
 		this.crypto = crypto;
 	}
 	@Override
 	public TransportKeys deriveTransportKeys(TransportId t,
 			SecretKey master, long rotationPeriod, boolean alice) {
 		// Keys for the previous period are derived from the master secret
 		SecretKey inTagPrev = deriveTagKey(master, t, !alice);
 		SecretKey inHeaderPrev = deriveHeaderKey(master, t, !alice);
 		SecretKey outTagPrev = deriveTagKey(master, t, alice);
 		SecretKey outHeaderPrev = deriveHeaderKey(master, t, alice);
 		// Derive the keys for the current and next periods
 		SecretKey inTagCurr = rotateKey(inTagPrev, rotationPeriod);
 		SecretKey inHeaderCurr = rotateKey(inHeaderPrev, rotationPeriod);
 		SecretKey inTagNext = rotateKey(inTagCurr, rotationPeriod + 1);
 		SecretKey inHeaderNext = rotateKey(inHeaderCurr, rotationPeriod + 1);
 		SecretKey outTagCurr = rotateKey(outTagPrev, rotationPeriod);
 		SecretKey outHeaderCurr = rotateKey(outHeaderPrev, rotationPeriod);
 		// Initialise the reordering windows and stream counters
 		IncomingKeys inPrev = new IncomingKeys(inTagPrev, inHeaderPrev,
 				rotationPeriod - 1);
 		IncomingKeys inCurr = new IncomingKeys(inTagCurr, inHeaderCurr,
 				rotationPeriod);
 		IncomingKeys inNext = new IncomingKeys(inTagNext, inHeaderNext,
 				rotationPeriod + 1);
 		OutgoingKeys outCurr = new OutgoingKeys(outTagCurr, outHeaderCurr,
 				rotationPeriod);
 		// Collect and return the keys
 		return new TransportKeys(t, inPrev, inCurr, inNext, outCurr);
 	}
 	@Override
 	public TransportKeys rotateTransportKeys(TransportKeys k,
 			long rotationPeriod) {
 		if (k.getRotationPeriod() >= rotationPeriod) return k;
 		IncomingKeys inPrev = k.getPreviousIncomingKeys();
 		IncomingKeys inCurr = k.getCurrentIncomingKeys();
 		IncomingKeys inNext = k.getNextIncomingKeys();
 		OutgoingKeys outCurr = k.getCurrentOutgoingKeys();
 		long startPeriod = outCurr.getRotationPeriod();
 		// Rotate the keys
 		for (long p = startPeriod + 1; p <= rotationPeriod; p++) {
 			inPrev = inCurr;
 			inCurr = inNext;
 			SecretKey inNextTag = rotateKey(inNext.getTagKey(), p + 1);
 			SecretKey inNextHeader = rotateKey(inNext.getHeaderKey(), p + 1);
 			inNext = new IncomingKeys(inNextTag, inNextHeader, p + 1);
 			SecretKey outCurrTag = rotateKey(outCurr.getTagKey(), p);
 			SecretKey outCurrHeader = rotateKey(outCurr.getHeaderKey(), p);
 			outCurr = new OutgoingKeys(outCurrTag, outCurrHeader, p);
 		}
 		// Collect and return the keys
 		return new TransportKeys(k.getTransportId(), inPrev, inCurr, inNext,
 				outCurr);
 	}
 	private SecretKey rotateKey(SecretKey k, long rotationPeriod) {
 		byte[] period = new byte[INT_64_BYTES];
 		ByteUtils.writeUint64(rotationPeriod, period, 0);
 		return crypto.deriveKey(ROTATE_LABEL, k, period);
 	}
 	private SecretKey deriveTagKey(SecretKey master, TransportId t,
 			boolean alice) {
 		String label = alice ? ALICE_TAG_LABEL : BOB_TAG_LABEL;
 		byte[] id = StringUtils.toUtf8(t.getString());
 		return crypto.deriveKey(label, master, id);
 	}
 	private SecretKey deriveHeaderKey(SecretKey master, TransportId t,
 			boolean alice) {
 		String label = alice ? ALICE_HEADER_LABEL : BOB_HEADER_LABEL;
 		byte[] id = StringUtils.toUtf8(t.getString());
 		return crypto.deriveKey(label, master, id);
 	}
 	@Override
 	public void encodeTag(byte[] tag, SecretKey tagKey, int protocolVersion,
 			long streamNumber) {
 		if (tag.length < TAG_LENGTH) throw new IllegalArgumentException();
 		if (protocolVersion < 0 || protocolVersion > MAX_16_BIT_UNSIGNED)
 			throw new IllegalArgumentException();
 		if (streamNumber < 0 || streamNumber > MAX_32_BIT_UNSIGNED)
 			throw new IllegalArgumentException();
 		// Initialise the PRF
 		Digest prf = new Blake2sDigest(tagKey.getBytes());
 		// The output of the PRF must be long enough to use as a tag
 		int macLength = prf.getDigestSize();
 		if (macLength < TAG_LENGTH) throw new IllegalStateException();
 		// The input is the protocol version as a 16-bit integer, followed by
 		// the stream number as a 64-bit integer
 		byte[] protocolVersionBytes = new byte[INT_16_BYTES];
 		ByteUtils.writeUint16(protocolVersion, protocolVersionBytes, 0);
 		prf.update(protocolVersionBytes, 0, protocolVersionBytes.length);
 		byte[] streamNumberBytes = new byte[INT_64_BYTES];
 		ByteUtils.writeUint64(streamNumber, streamNumberBytes, 0);
 		prf.update(streamNumberBytes, 0, streamNumberBytes.length);
 		byte[] mac = new byte[macLength];
 		prf.doFinal(mac, 0);
 		// The output is the first TAG_LENGTH bytes of the MAC
 		System.arraycopy(mac, 0, tag, 0, TAG_LENGTH);
 	}
 }
--- a/Show More
+++ b/Show More