Use WhisperSystems Curve25519 library.

Note: Curve25519 is tested using standard ECDH and ECDHC over the Curve25519 curve.

bramble-android/build.gradle

@@ -12,8 +12,8 @@ android {
 	defaultConfig {
 		minSdkVersion 14
 		targetSdkVersion 26
-		versionCode 1621
-		versionName "0.16.21"
+		versionCode 1700
+		versionName "0.17.0"
 		consumerProguardFiles 'proguard-rules.txt'
 	}
 
@@ -43,6 +43,7 @@ dependencyVerification {
 			'com.madgag.spongycastle:core:1.58.0.0:core-1.58.0.0.jar:199617dd5698c5a9312b898c0a4cec7ce9dd8649d07f65d91629f58229d72728',
 			'javax.annotation:jsr250-api:1.0:jsr250-api-1.0.jar:a1a922d0d9b6d183ed3800dfac01d1e1eb159f0e8c6f94736931c1def54a941f',
 			'javax.inject:javax.inject:1:javax.inject-1.jar:91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff',
+			'net.i2p.crypto:eddsa:0.2.0:eddsa-0.2.0.jar:a7cb1b85c16e2f0730b9204106929a1d9aaae1df728adc7041a8b8b605692140',
 			'org.bitlet:weupnp:0.1.4:weupnp-0.1.4.jar:88df7e6504929d00bdb832863761385c68ab92af945b04f0770b126270a444fb',
 			'org.jacoco:org.jacoco.agent:0.7.4.201502262128:org.jacoco.agent-0.7.4.201502262128-runtime.jar:e357a0f1d573c2f702a273992b1b6cb661734f66311854efb3778a888515c5b5',
 			'org.jacoco:org.jacoco.agent:0.7.4.201502262128:org.jacoco.agent-0.7.4.201502262128.jar:47b4bec6df11a1118da3953da8b9fa1e7079d6fec857faa1a3cf912e53a6fd4e',
@@ -54,16 +55,16 @@ dependencyVerification {
 }
 
 ext.torBinaryDir = 'src/main/res/raw'
-ext.torVersion = '0.2.9.14'
-ext.geoipVersion = '2017-11-06'
+ext.torVersion = '0.2.9.12'
+ext.geoipVersion = '2017-09-06'
 ext.torDownloadUrl = 'https://briarproject.org/build/'
 
 def torBinaries = [
-		"tor_arm"    : '1710ea6c47b7f4c1a88bdf4858c7893837635db10e8866854eed8d61629f50e8',
-		"tor_arm_pie": '974e6949507db8fa2ea45231817c2c3677ed4ccf5488a2252317d744b0be1917',
-		"tor_x86"    : '3a5e45b3f051fcda9353b098b7086e762ffe7ba9242f7d7c8bf6523faaa8b1e9',
-		"tor_x86_pie": 'd1d96d8ce1a4b68accf04850185780d10cd5563d3552f7e1f040f8ca32cb4e51',
-		"geoip"      : '8239b98374493529a29096e45fc5877d4d6fdad0146ad8380b291f90d61484ea'
+		"tor_arm"    : '8ed0b347ffed1d6a4d2fd14495118eb92be83e9cc06e057e15220dc288b31688',
+		"tor_arm_pie": '64403262511c29f462ca5e7c7621bfc3c944898364d1d5ad35a016bb8a034283',
+		"tor_x86"    : '61e014607a2079bcf1646289c67bff6372b1aded6e1d8d83d7791efda9a4d5ab',
+		"tor_x86_pie": '18fbc98356697dd0895836ab46d5c9877d1c539193464f7db1e82a65adaaf288',
+		"geoip"      : 'fe49d3adb86d3c512373101422a017dbb86c85a570524663f09dd8ce143a24f3'
 ]
 
 def downloadBinary(name) {

bramble-android/proguard-rules.txt

@@ -8,6 +8,8 @@
 -dontwarn dagger.**
 -dontnote dagger.**
 
+-keep class net.i2p.crypto.eddsa.** { *; }
+
 -dontwarn sun.misc.Unsafe
 -dontnote com.google.common.**
 

bramble-android/src/main/java/org/briarproject/bramble/plugin/AndroidPluginModule.java

@@ -13,8 +13,7 @@ import org.briarproject.bramble.api.plugin.simplex.SimplexPluginFactory;
 import org.briarproject.bramble.api.reporting.DevReporter;
 import org.briarproject.bramble.api.system.AndroidExecutor;
 import org.briarproject.bramble.api.system.LocationUtils;
-import org.briarproject.bramble.api.system.Scheduler;
-import org.briarproject.bramble.plugin.bluetooth.AndroidBluetoothPluginFactory;
+import org.briarproject.bramble.plugin.droidtooth.DroidtoothPluginFactory;
 import org.briarproject.bramble.plugin.tcp.AndroidLanTcpPluginFactory;
 import org.briarproject.bramble.plugin.tor.TorPluginFactory;
 
@@ -23,7 +22,6 @@ import java.util.Arrays;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.concurrent.Executor;
-import java.util.concurrent.ScheduledExecutorService;
 
 import javax.net.SocketFactory;
 
@@ -35,20 +33,18 @@ public class AndroidPluginModule {
 
 	@Provides
 	PluginConfig providePluginConfig(@IoExecutor Executor ioExecutor,
-			@Scheduler ScheduledExecutorService scheduler,
 			AndroidExecutor androidExecutor, SecureRandom random,
 			SocketFactory torSocketFactory, BackoffFactory backoffFactory,
 			Application app, LocationUtils locationUtils, DevReporter reporter,
 			EventBus eventBus) {
 		Context appContext = app.getApplicationContext();
-		DuplexPluginFactory bluetooth =
-				new AndroidBluetoothPluginFactory(ioExecutor, androidExecutor,
-						appContext, random, eventBus, backoffFactory);
-		DuplexPluginFactory tor = new TorPluginFactory(ioExecutor, scheduler,
-				appContext, locationUtils, reporter, eventBus,
-				torSocketFactory, backoffFactory);
+		DuplexPluginFactory bluetooth = new DroidtoothPluginFactory(ioExecutor,
+				androidExecutor, appContext, random, eventBus, backoffFactory);
+		DuplexPluginFactory tor = new TorPluginFactory(ioExecutor, appContext,
+				locationUtils, reporter, eventBus, torSocketFactory,
+				backoffFactory);
 		DuplexPluginFactory lan = new AndroidLanTcpPluginFactory(ioExecutor,
-				scheduler, backoffFactory, appContext);
+				backoffFactory, appContext);
 		Collection<DuplexPluginFactory> duplex =
 				Arrays.asList(bluetooth, tor, lan);
 		@NotNullByDefault

bramble-android/src/main/java/org/briarproject/bramble/plugin/bluetooth/AndroidBluetoothPlugin.java

@@ -1,206 +0,0 @@
-package org.briarproject.bramble.plugin.bluetooth;
-
-import android.bluetooth.BluetoothAdapter;
-import android.bluetooth.BluetoothDevice;
-import android.bluetooth.BluetoothServerSocket;
-import android.bluetooth.BluetoothSocket;
-import android.content.BroadcastReceiver;
-import android.content.Context;
-import android.content.Intent;
-import android.content.IntentFilter;
-
-import org.briarproject.bramble.api.nullsafety.MethodsNotNullByDefault;
-import org.briarproject.bramble.api.nullsafety.ParametersNotNullByDefault;
-import org.briarproject.bramble.api.plugin.Backoff;
-import org.briarproject.bramble.api.plugin.PluginException;
-import org.briarproject.bramble.api.plugin.duplex.DuplexPluginCallback;
-import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
-import org.briarproject.bramble.api.system.AndroidExecutor;
-import org.briarproject.bramble.util.AndroidUtils;
-
-import java.io.Closeable;
-import java.io.IOException;
-import java.security.SecureRandom;
-import java.util.UUID;
-import java.util.concurrent.ExecutionException;
-import java.util.concurrent.Executor;
-import java.util.logging.Logger;
-
-import javax.annotation.Nullable;
-
-import static android.bluetooth.BluetoothAdapter.ACTION_SCAN_MODE_CHANGED;
-import static android.bluetooth.BluetoothAdapter.ACTION_STATE_CHANGED;
-import static android.bluetooth.BluetoothAdapter.EXTRA_SCAN_MODE;
-import static android.bluetooth.BluetoothAdapter.EXTRA_STATE;
-import static android.bluetooth.BluetoothAdapter.SCAN_MODE_CONNECTABLE;
-import static android.bluetooth.BluetoothAdapter.SCAN_MODE_CONNECTABLE_DISCOVERABLE;
-import static android.bluetooth.BluetoothAdapter.SCAN_MODE_NONE;
-import static android.bluetooth.BluetoothAdapter.STATE_OFF;
-import static android.bluetooth.BluetoothAdapter.STATE_ON;
-import static java.util.logging.Level.WARNING;
-
-@MethodsNotNullByDefault
-@ParametersNotNullByDefault
-class AndroidBluetoothPlugin extends BluetoothPlugin<BluetoothServerSocket> {
-
-	private static final Logger LOG =
-			Logger.getLogger(AndroidBluetoothPlugin.class.getName());
-
-	private final AndroidExecutor androidExecutor;
-	private final Context appContext;
-
-	private volatile boolean wasEnabledByUs = false;
-	private volatile BluetoothStateReceiver receiver = null;
-
-	// Non-null if the plugin started successfully
-	private volatile BluetoothAdapter adapter = null;
-
-	AndroidBluetoothPlugin(Executor ioExecutor, AndroidExecutor androidExecutor,
-			Context appContext, SecureRandom secureRandom, Backoff backoff,
-			DuplexPluginCallback callback, int maxLatency) {
-		super(ioExecutor, secureRandom, backoff, callback, maxLatency);
-		this.androidExecutor = androidExecutor;
-		this.appContext = appContext;
-	}
-
-	@Override
-	public void start() throws PluginException {
-		super.start();
-		// Listen for changes to the Bluetooth state
-		IntentFilter filter = new IntentFilter();
-		filter.addAction(ACTION_STATE_CHANGED);
-		filter.addAction(ACTION_SCAN_MODE_CHANGED);
-		receiver = new BluetoothStateReceiver();
-		appContext.registerReceiver(receiver, filter);
-	}
-
-	@Override
-	public void stop() {
-		super.stop();
-		if (receiver != null) appContext.unregisterReceiver(receiver);
-	}
-
-	@Override
-	void initialiseAdapter() throws IOException {
-		// BluetoothAdapter.getDefaultAdapter() must be called on a thread
-		// with a message queue, so submit it to the AndroidExecutor
-		try {
-			adapter = androidExecutor.runOnBackgroundThread(
-					BluetoothAdapter::getDefaultAdapter).get();
-		} catch (InterruptedException | ExecutionException e) {
-			throw new IOException(e);
-		}
-		if (adapter == null)
-			throw new IOException("Bluetooth is not supported");
-	}
-
-	@Override
-	boolean isAdapterEnabled() {
-		return adapter != null && adapter.isEnabled();
-	}
-
-	@Override
-	void enableAdapter() {
-		if (adapter != null && !adapter.isEnabled()) {
-			if (adapter.enable()) {
-				LOG.info("Enabling Bluetooth");
-				wasEnabledByUs = true;
-			} else {
-				LOG.info("Could not enable Bluetooth");
-			}
-		}
-	}
-
-	@Override
-	void disableAdapterIfEnabledByUs() {
-		if (isAdapterEnabled() && wasEnabledByUs) {
-			if (adapter.disable()) LOG.info("Disabling Bluetooth");
-			else LOG.info("Could not disable Bluetooth");
-			wasEnabledByUs = false;
-		}
-	}
-
-	@Override
-	void setEnabledByUs() {
-		wasEnabledByUs = true;
-	}
-
-	@Override
-	@Nullable
-	String getBluetoothAddress() {
-		String address = AndroidUtils.getBluetoothAddress(appContext, adapter);
-		return address.isEmpty() ? null : address;
-	}
-
-	@Override
-	BluetoothServerSocket openServerSocket(String uuid) throws IOException {
-		return adapter.listenUsingInsecureRfcommWithServiceRecord(
-				"RFCOMM", UUID.fromString(uuid));
-	}
-
-	@Override
-	void tryToClose(@Nullable BluetoothServerSocket ss) {
-		try {
-			if (ss != null) ss.close();
-		} catch (IOException e) {
-			if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
-		}
-	}
-
-	@Override
-	DuplexTransportConnection acceptConnection(BluetoothServerSocket ss)
-			throws IOException {
-		return wrapSocket(ss.accept());
-	}
-
-	private DuplexTransportConnection wrapSocket(BluetoothSocket s) {
-		return new AndroidBluetoothTransportConnection(this, s);
-	}
-
-	@Override
-	boolean isValidAddress(String address) {
-		return BluetoothAdapter.checkBluetoothAddress(address);
-	}
-
-	@Override
-	DuplexTransportConnection connectTo(String address, String uuid)
-			throws IOException {
-		BluetoothDevice d = adapter.getRemoteDevice(address);
-		UUID u = UUID.fromString(uuid);
-		BluetoothSocket s = null;
-		try {
-			s = d.createInsecureRfcommSocketToServiceRecord(u);
-			s.connect();
-			return wrapSocket(s);
-		} catch (IOException e) {
-			tryToClose(s);
-			throw e;
-		}
-	}
-
-	private void tryToClose(@Nullable Closeable c) {
-		try {
-			if (c != null) c.close();
-		} catch (IOException e) {
-			if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
-		}
-	}
-
-	private class BluetoothStateReceiver extends BroadcastReceiver {
-
-		@Override
-		public void onReceive(Context ctx, Intent intent) {
-			int state = intent.getIntExtra(EXTRA_STATE, 0);
-			if (state == STATE_ON) onAdapterEnabled();
-			else if (state == STATE_OFF) onAdapterDisabled();
-			int scanMode = intent.getIntExtra(EXTRA_SCAN_MODE, 0);
-			if (scanMode == SCAN_MODE_NONE) {
-				LOG.info("Scan mode: None");
-			} else if (scanMode == SCAN_MODE_CONNECTABLE) {
-				LOG.info("Scan mode: Connectable");
-			} else if (scanMode == SCAN_MODE_CONNECTABLE_DISCOVERABLE) {
-				LOG.info("Scan mode: Discoverable");
-			}
-		}
-	}
-}

bramble-android/src/main/java/org/briarproject/bramble/plugin/droidtooth/DroidtoothPlugin.java

@@ -0,0 +1,490 @@
+package org.briarproject.bramble.plugin.droidtooth;
+
+import android.bluetooth.BluetoothAdapter;
+import android.bluetooth.BluetoothDevice;
+import android.bluetooth.BluetoothServerSocket;
+import android.bluetooth.BluetoothSocket;
+import android.content.BroadcastReceiver;
+import android.content.Context;
+import android.content.Intent;
+import android.content.IntentFilter;
+
+import org.briarproject.bramble.api.FormatException;
+import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.data.BdfList;
+import org.briarproject.bramble.api.event.Event;
+import org.briarproject.bramble.api.event.EventListener;
+import org.briarproject.bramble.api.keyagreement.KeyAgreementConnection;
+import org.briarproject.bramble.api.keyagreement.KeyAgreementListener;
+import org.briarproject.bramble.api.nullsafety.MethodsNotNullByDefault;
+import org.briarproject.bramble.api.nullsafety.ParametersNotNullByDefault;
+import org.briarproject.bramble.api.plugin.Backoff;
+import org.briarproject.bramble.api.plugin.PluginException;
+import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.plugin.duplex.DuplexPlugin;
+import org.briarproject.bramble.api.plugin.duplex.DuplexPluginCallback;
+import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
+import org.briarproject.bramble.api.plugin.event.DisableBluetoothEvent;
+import org.briarproject.bramble.api.plugin.event.EnableBluetoothEvent;
+import org.briarproject.bramble.api.properties.TransportProperties;
+import org.briarproject.bramble.api.system.AndroidExecutor;
+import org.briarproject.bramble.util.AndroidUtils;
+import org.briarproject.bramble.util.StringUtils;
+
+import java.io.Closeable;
+import java.io.IOException;
+import java.security.SecureRandom;
+import java.util.Collection;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.UUID;
+import java.util.concurrent.Callable;
+import java.util.concurrent.ExecutionException;
+import java.util.concurrent.Executor;
+import java.util.concurrent.atomic.AtomicBoolean;
+import java.util.logging.Logger;
+
+import javax.annotation.Nullable;
+
+import static android.bluetooth.BluetoothAdapter.ACTION_SCAN_MODE_CHANGED;
+import static android.bluetooth.BluetoothAdapter.ACTION_STATE_CHANGED;
+import static android.bluetooth.BluetoothAdapter.EXTRA_SCAN_MODE;
+import static android.bluetooth.BluetoothAdapter.EXTRA_STATE;
+import static android.bluetooth.BluetoothAdapter.SCAN_MODE_CONNECTABLE;
+import static android.bluetooth.BluetoothAdapter.SCAN_MODE_CONNECTABLE_DISCOVERABLE;
+import static android.bluetooth.BluetoothAdapter.SCAN_MODE_NONE;
+import static android.bluetooth.BluetoothAdapter.STATE_OFF;
+import static android.bluetooth.BluetoothAdapter.STATE_ON;
+import static java.util.logging.Level.INFO;
+import static java.util.logging.Level.WARNING;
+import static org.briarproject.bramble.api.keyagreement.KeyAgreementConstants.TRANSPORT_ID_BLUETOOTH;
+import static org.briarproject.bramble.api.plugin.BluetoothConstants.ID;
+import static org.briarproject.bramble.api.plugin.BluetoothConstants.PREF_BT_ENABLE;
+import static org.briarproject.bramble.api.plugin.BluetoothConstants.PROP_ADDRESS;
+import static org.briarproject.bramble.api.plugin.BluetoothConstants.PROP_UUID;
+import static org.briarproject.bramble.api.plugin.BluetoothConstants.UUID_BYTES;
+import static org.briarproject.bramble.util.PrivacyUtils.scrubMacAddress;
+
+@MethodsNotNullByDefault
+@ParametersNotNullByDefault
+class DroidtoothPlugin implements DuplexPlugin, EventListener {
+
+	private static final Logger LOG =
+			Logger.getLogger(DroidtoothPlugin.class.getName());
+
+	private final Executor ioExecutor;
+	private final AndroidExecutor androidExecutor;
+	private final Context appContext;
+	private final SecureRandom secureRandom;
+	private final Backoff backoff;
+	private final DuplexPluginCallback callback;
+	private final int maxLatency;
+	private final AtomicBoolean used = new AtomicBoolean(false);
+
+	private volatile boolean running = false;
+	private volatile boolean wasEnabledByUs = false;
+	private volatile BluetoothStateReceiver receiver = null;
+	private volatile BluetoothServerSocket socket = null;
+
+	// Non-null if the plugin started successfully
+	private volatile BluetoothAdapter adapter = null;
+
+	DroidtoothPlugin(Executor ioExecutor, AndroidExecutor androidExecutor,
+			Context appContext, SecureRandom secureRandom, Backoff backoff,
+			DuplexPluginCallback callback, int maxLatency) {
+		this.ioExecutor = ioExecutor;
+		this.androidExecutor = androidExecutor;
+		this.appContext = appContext;
+		this.secureRandom = secureRandom;
+		this.backoff = backoff;
+		this.callback = callback;
+		this.maxLatency = maxLatency;
+	}
+
+	@Override
+	public TransportId getId() {
+		return ID;
+	}
+
+	@Override
+	public int getMaxLatency() {
+		return maxLatency;
+	}
+
+	@Override
+	public int getMaxIdleTime() {
+		// Bluetooth detects dead connections so we don't need keepalives
+		return Integer.MAX_VALUE;
+	}
+
+	@Override
+	public void start() throws PluginException {
+		if (used.getAndSet(true)) throw new IllegalStateException();
+		// BluetoothAdapter.getDefaultAdapter() must be called on a thread
+		// with a message queue, so submit it to the AndroidExecutor
+		try {
+			adapter = androidExecutor.runOnBackgroundThread(
+					BluetoothAdapter::getDefaultAdapter).get();
+		} catch (InterruptedException e) {
+			Thread.currentThread().interrupt();
+			LOG.warning("Interrupted while getting BluetoothAdapter");
+			throw new PluginException(e);
+		} catch (ExecutionException e) {
+			throw new PluginException(e);
+		}
+		if (adapter == null) {
+			LOG.info("Bluetooth is not supported");
+			throw new PluginException();
+		}
+		running = true;
+		// Listen for changes to the Bluetooth state
+		IntentFilter filter = new IntentFilter();
+		filter.addAction(ACTION_STATE_CHANGED);
+		filter.addAction(ACTION_SCAN_MODE_CHANGED);
+		receiver = new BluetoothStateReceiver();
+		appContext.registerReceiver(receiver, filter);
+		// If Bluetooth is enabled, bind a socket
+		if (adapter.isEnabled()) {
+			bind();
+		} else {
+			// Enable Bluetooth if settings allow
+			if (callback.getSettings().getBoolean(PREF_BT_ENABLE, false)) {
+				enableAdapter();
+			} else {
+				LOG.info("Not enabling Bluetooth");
+			}
+		}
+	}
+
+	private void bind() {
+		ioExecutor.execute(() -> {
+			if (!isRunning()) return;
+			String address = AndroidUtils.getBluetoothAddress(appContext,
+					adapter);
+			if (LOG.isLoggable(INFO))
+				LOG.info("Local address " + scrubMacAddress(address));
+			if (!StringUtils.isNullOrEmpty(address)) {
+				// Advertise the Bluetooth address to contacts
+				TransportProperties p = new TransportProperties();
+				p.put(PROP_ADDRESS, address);
+				callback.mergeLocalProperties(p);
+			}
+			// Bind a server socket to accept connections from contacts
+			BluetoothServerSocket ss;
+			try {
+				ss = adapter.listenUsingInsecureRfcommWithServiceRecord(
+						"RFCOMM", getUuid());
+			} catch (IOException e) {
+				if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
+				return;
+			}
+			if (!isRunning()) {
+				tryToClose(ss);
+				return;
+			}
+			LOG.info("Socket bound");
+			socket = ss;
+			backoff.reset();
+			callback.transportEnabled();
+			acceptContactConnections();
+		});
+	}
+
+	private UUID getUuid() {
+		String uuid = callback.getLocalProperties().get(PROP_UUID);
+		if (uuid == null) {
+			byte[] random = new byte[UUID_BYTES];
+			secureRandom.nextBytes(random);
+			uuid = UUID.nameUUIDFromBytes(random).toString();
+			TransportProperties p = new TransportProperties();
+			p.put(PROP_UUID, uuid);
+			callback.mergeLocalProperties(p);
+		}
+		return UUID.fromString(uuid);
+	}
+
+	private void tryToClose(@Nullable BluetoothServerSocket ss) {
+		try {
+			if (ss != null) ss.close();
+		} catch (IOException e) {
+			if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
+		} finally {
+			callback.transportDisabled();
+		}
+	}
+
+	private void acceptContactConnections() {
+		while (isRunning()) {
+			BluetoothSocket s;
+			try {
+				s = socket.accept();
+			} catch (IOException e) {
+				// This is expected when the socket is closed
+				if (LOG.isLoggable(INFO)) LOG.info(e.toString());
+				return;
+			}
+			if (LOG.isLoggable(INFO)) {
+				String address = s.getRemoteDevice().getAddress();
+				LOG.info("Connection from " + scrubMacAddress(address));
+			}
+			backoff.reset();
+			callback.incomingConnectionCreated(wrapSocket(s));
+		}
+	}
+
+	private DuplexTransportConnection wrapSocket(BluetoothSocket s) {
+		return new DroidtoothTransportConnection(this, s);
+	}
+
+	private void enableAdapter() {
+		if (adapter != null && !adapter.isEnabled()) {
+			if (adapter.enable()) {
+				LOG.info("Enabling Bluetooth");
+				wasEnabledByUs = true;
+			} else {
+				LOG.info("Could not enable Bluetooth");
+			}
+		}
+	}
+
+	@Override
+	public void stop() {
+		running = false;
+		if (receiver != null) appContext.unregisterReceiver(receiver);
+		tryToClose(socket);
+		disableAdapter();
+	}
+
+	private void disableAdapter() {
+		if (adapter != null && adapter.isEnabled() && wasEnabledByUs) {
+			if (adapter.disable()) LOG.info("Disabling Bluetooth");
+			else LOG.info("Could not disable Bluetooth");
+		}
+	}
+
+	@Override
+	public boolean isRunning() {
+		return running && adapter != null && adapter.isEnabled();
+	}
+
+	@Override
+	public boolean shouldPoll() {
+		return true;
+	}
+
+	@Override
+	public int getPollingInterval() {
+		return backoff.getPollingInterval();
+	}
+
+	@Override
+	public void poll(Collection<ContactId> connected) {
+		if (!isRunning()) return;
+		backoff.increment();
+		// Try to connect to known devices in parallel
+		Map<ContactId, TransportProperties> remote =
+				callback.getRemoteProperties();
+		for (Entry<ContactId, TransportProperties> e : remote.entrySet()) {
+			ContactId c = e.getKey();
+			if (connected.contains(c)) continue;
+			String address = e.getValue().get(PROP_ADDRESS);
+			if (StringUtils.isNullOrEmpty(address)) continue;
+			String uuid = e.getValue().get(PROP_UUID);
+			if (StringUtils.isNullOrEmpty(uuid)) continue;
+			ioExecutor.execute(() -> {
+				if (!running) return;
+				BluetoothSocket s = connect(address, uuid);
+				if (s != null) {
+					backoff.reset();
+					callback.outgoingConnectionCreated(c, wrapSocket(s));
+				}
+			});
+		}
+	}
+
+	@Nullable
+	private BluetoothSocket connect(String address, String uuid) {
+		// Validate the address
+		if (!BluetoothAdapter.checkBluetoothAddress(address)) {
+			if (LOG.isLoggable(WARNING))
+				// not scrubbing here to be able to figure out the problem
+				LOG.warning("Invalid address " + address);
+			return null;
+		}
+		// Validate the UUID
+		UUID u;
+		try {
+			u = UUID.fromString(uuid);
+		} catch (IllegalArgumentException e) {
+			if (LOG.isLoggable(WARNING)) LOG.warning("Invalid UUID " + uuid);
+			return null;
+		}
+		// Try to connect
+		BluetoothDevice d = adapter.getRemoteDevice(address);
+		BluetoothSocket s = null;
+		try {
+			s = d.createInsecureRfcommSocketToServiceRecord(u);
+			if (LOG.isLoggable(INFO))
+				LOG.info("Connecting to " + scrubMacAddress(address));
+			s.connect();
+			if (LOG.isLoggable(INFO))
+				LOG.info("Connected to " + scrubMacAddress(address));
+			return s;
+		} catch (IOException e) {
+			if (LOG.isLoggable(INFO)) {
+				LOG.info("Failed to connect to " + scrubMacAddress(address)
+						+ ": " + e);
+			}
+			tryToClose(s);
+			return null;
+		}
+	}
+
+	private void tryToClose(@Nullable Closeable c) {
+		try {
+			if (c != null) c.close();
+		} catch (IOException e) {
+			if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
+		}
+	}
+
+	@Override
+	public DuplexTransportConnection createConnection(ContactId c) {
+		if (!isRunning()) return null;
+		TransportProperties p = callback.getRemoteProperties(c);
+		String address = p.get(PROP_ADDRESS);
+		if (StringUtils.isNullOrEmpty(address)) return null;
+		String uuid = p.get(PROP_UUID);
+		if (StringUtils.isNullOrEmpty(uuid)) return null;
+		BluetoothSocket s = connect(address, uuid);
+		if (s == null) return null;
+		return new DroidtoothTransportConnection(this, s);
+	}
+
+	@Override
+	public boolean supportsKeyAgreement() {
+		return true;
+	}
+
+	@Override
+	public KeyAgreementListener createKeyAgreementListener(byte[] commitment) {
+		if (!isRunning()) return null;
+		// There's no point listening if we can't discover our own address
+		String address = AndroidUtils.getBluetoothAddress(appContext, adapter);
+		if (address.isEmpty()) return null;
+		// No truncation necessary because COMMIT_LENGTH = 16
+		UUID uuid = UUID.nameUUIDFromBytes(commitment);
+		if (LOG.isLoggable(INFO)) LOG.info("Key agreement UUID " + uuid);
+		// Bind a server socket for receiving key agreement connections
+		BluetoothServerSocket ss;
+		try {
+			ss = adapter.listenUsingInsecureRfcommWithServiceRecord(
+					"RFCOMM", uuid);
+		} catch (IOException e) {
+			if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
+			return null;
+		}
+		BdfList descriptor = new BdfList();
+		descriptor.add(TRANSPORT_ID_BLUETOOTH);
+		descriptor.add(StringUtils.macToBytes(address));
+		return new BluetoothKeyAgreementListener(descriptor, ss);
+	}
+
+	@Override
+	public DuplexTransportConnection createKeyAgreementConnection(
+			byte[] commitment, BdfList descriptor, long timeout) {
+		if (!isRunning()) return null;
+		String address;
+		try {
+			address = parseAddress(descriptor);
+		} catch (FormatException e) {
+			LOG.info("Invalid address in key agreement descriptor");
+			return null;
+		}
+		// No truncation necessary because COMMIT_LENGTH = 16
+		UUID uuid = UUID.nameUUIDFromBytes(commitment);
+		if (LOG.isLoggable(INFO))
+			LOG.info("Connecting to key agreement UUID " + uuid);
+		BluetoothSocket s = connect(address, uuid.toString());
+		if (s == null) return null;
+		return new DroidtoothTransportConnection(this, s);
+	}
+
+	private String parseAddress(BdfList descriptor) throws FormatException {
+		byte[] mac = descriptor.getRaw(1);
+		if (mac.length != 6) throw new FormatException();
+		return StringUtils.macToString(mac);
+	}
+
+	@Override
+	public void eventOccurred(Event e) {
+		if (e instanceof EnableBluetoothEvent) {
+			enableAdapterAsync();
+		} else if (e instanceof DisableBluetoothEvent) {
+			disableAdapterAsync();
+		}
+	}
+
+	private void enableAdapterAsync() {
+		ioExecutor.execute(this::enableAdapter);
+	}
+
+	private void disableAdapterAsync() {
+		ioExecutor.execute(this::disableAdapter);
+	}
+
+	private class BluetoothStateReceiver extends BroadcastReceiver {
+
+		@Override
+		public void onReceive(Context ctx, Intent intent) {
+			int state = intent.getIntExtra(EXTRA_STATE, 0);
+			if (state == STATE_ON) {
+				LOG.info("Bluetooth enabled");
+				bind();
+			} else if (state == STATE_OFF) {
+				LOG.info("Bluetooth disabled");
+				tryToClose(socket);
+			}
+			int scanMode = intent.getIntExtra(EXTRA_SCAN_MODE, 0);
+			if (scanMode == SCAN_MODE_NONE) {
+				LOG.info("Scan mode: None");
+			} else if (scanMode == SCAN_MODE_CONNECTABLE) {
+				LOG.info("Scan mode: Connectable");
+			} else if (scanMode == SCAN_MODE_CONNECTABLE_DISCOVERABLE) {
+				LOG.info("Scan mode: Discoverable");
+			}
+		}
+	}
+
+	private class BluetoothKeyAgreementListener extends KeyAgreementListener {
+
+		private final BluetoothServerSocket ss;
+
+		private BluetoothKeyAgreementListener(BdfList descriptor,
+				BluetoothServerSocket ss) {
+			super(descriptor);
+			this.ss = ss;
+		}
+
+		@Override
+		public Callable<KeyAgreementConnection> listen() {
+			return () -> {
+				BluetoothSocket s = ss.accept();
+				if (LOG.isLoggable(INFO))
+					LOG.info(ID.getString() + ": Incoming connection");
+				return new KeyAgreementConnection(
+						new DroidtoothTransportConnection(
+								DroidtoothPlugin.this, s), ID);
+			};
+		}
+
+		@Override
+		public void close() {
+			try {
+				ss.close();
+			} catch (IOException e) {
+				if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
+			}
+		}
+	}
+}

bramble-android/src/main/java/org/briarproject/bramble/plugin/droidtooth/DroidtoothPluginFactory.java

@@ -1,4 +1,4 @@
-package org.briarproject.bramble.plugin.bluetooth;
+package org.briarproject.bramble.plugin.droidtooth;
 
 import android.content.Context;
 
@@ -21,7 +21,7 @@ import static org.briarproject.bramble.api.plugin.BluetoothConstants.ID;
 
 @Immutable
 @NotNullByDefault
-public class AndroidBluetoothPluginFactory implements DuplexPluginFactory {
+public class DroidtoothPluginFactory implements DuplexPluginFactory {
 
 	private static final int MAX_LATENCY = 30 * 1000; // 30 seconds
 	private static final int MIN_POLLING_INTERVAL = 60 * 1000; // 1 minute
@@ -35,7 +35,7 @@ public class AndroidBluetoothPluginFactory implements DuplexPluginFactory {
 	private final EventBus eventBus;
 	private final BackoffFactory backoffFactory;
 
-	public AndroidBluetoothPluginFactory(Executor ioExecutor,
+	public DroidtoothPluginFactory(Executor ioExecutor,
 			AndroidExecutor androidExecutor, Context appContext,
 			SecureRandom secureRandom, EventBus eventBus,
 			BackoffFactory backoffFactory) {
@@ -61,7 +61,7 @@ public class AndroidBluetoothPluginFactory implements DuplexPluginFactory {
 	public DuplexPlugin createPlugin(DuplexPluginCallback callback) {
 		Backoff backoff = backoffFactory.createBackoff(MIN_POLLING_INTERVAL,
 				MAX_POLLING_INTERVAL, BACKOFF_BASE);
-		AndroidBluetoothPlugin plugin = new AndroidBluetoothPlugin(ioExecutor,
+		DroidtoothPlugin plugin = new DroidtoothPlugin(ioExecutor,
 				androidExecutor, appContext, secureRandom, backoff, callback,
 				MAX_LATENCY);
 		eventBus.addListener(plugin);

bramble-android/src/main/java/org/briarproject/bramble/plugin/droidtooth/DroidtoothTransportConnection.java

@@ -1,4 +1,4 @@
-package org.briarproject.bramble.plugin.bluetooth;
+package org.briarproject.bramble.plugin.droidtooth;
 
 import android.bluetooth.BluetoothSocket;
 
@@ -11,12 +11,11 @@ import java.io.InputStream;
 import java.io.OutputStream;
 
 @NotNullByDefault
-class AndroidBluetoothTransportConnection
-		extends AbstractDuplexTransportConnection {
+class DroidtoothTransportConnection extends AbstractDuplexTransportConnection {
 
 	private final BluetoothSocket socket;
 
-	AndroidBluetoothTransportConnection(Plugin plugin, BluetoothSocket socket) {
+	DroidtoothTransportConnection(Plugin plugin, BluetoothSocket socket) {
 		super(plugin);
 		this.socket = socket;
 	}

bramble-android/src/main/java/org/briarproject/bramble/plugin/tcp/AndroidLanTcpPlugin.java

@@ -5,84 +5,37 @@ import android.content.Context;
 import android.content.Intent;
 import android.content.IntentFilter;
 import android.net.ConnectivityManager;
-import android.net.Network;
 import android.net.NetworkInfo;
-import android.net.wifi.WifiInfo;
-import android.net.wifi.WifiManager;
 
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.Backoff;
 import org.briarproject.bramble.api.plugin.duplex.DuplexPluginCallback;
 
-import java.io.IOException;
-import java.net.InetAddress;
-import java.net.Socket;
-import java.net.UnknownHostException;
-import java.util.Collection;
 import java.util.concurrent.Executor;
-import java.util.concurrent.ScheduledExecutorService;
 import java.util.logging.Logger;
 
 import javax.annotation.Nullable;
-import javax.net.SocketFactory;
 
 import static android.content.Context.CONNECTIVITY_SERVICE;
-import static android.content.Context.WIFI_SERVICE;
 import static android.net.ConnectivityManager.CONNECTIVITY_ACTION;
 import static android.net.ConnectivityManager.TYPE_WIFI;
-import static android.net.wifi.WifiManager.EXTRA_WIFI_STATE;
-import static android.os.Build.VERSION.SDK_INT;
-import static java.util.Collections.emptyList;
-import static java.util.Collections.singletonList;
-import static java.util.concurrent.TimeUnit.SECONDS;
 
 @NotNullByDefault
 class AndroidLanTcpPlugin extends LanTcpPlugin {
 
-	// See android.net.wifi.WifiManager
-	private static final String WIFI_AP_STATE_CHANGED_ACTION =
-			"android.net.wifi.WIFI_AP_STATE_CHANGED";
-	private static final int WIFI_AP_STATE_ENABLED = 13;
-
-	private static final byte[] WIFI_AP_ADDRESS_BYTES =
-			{(byte) 192, (byte) 168, 43, 1};
-	private static final InetAddress WIFI_AP_ADDRESS;
-
 	private static final Logger LOG =
 			Logger.getLogger(AndroidLanTcpPlugin.class.getName());
 
-	static {
-		try {
-			WIFI_AP_ADDRESS = InetAddress.getByAddress(WIFI_AP_ADDRESS_BYTES);
-		} catch (UnknownHostException e) {
-			// Should only be thrown if the address has an illegal length
-			throw new AssertionError(e);
-		}
-	}
-
-	private final ScheduledExecutorService scheduler;
 	private final Context appContext;
-	private final ConnectivityManager connectivityManager;
-	@Nullable
-	private final WifiManager wifiManager;
 
 	@Nullable
 	private volatile BroadcastReceiver networkStateReceiver = null;
-	private volatile SocketFactory socketFactory;
 
-	AndroidLanTcpPlugin(Executor ioExecutor, ScheduledExecutorService scheduler,
-			Backoff backoff, Context appContext, DuplexPluginCallback callback,
-			int maxLatency, int maxIdleTime) {
+	AndroidLanTcpPlugin(Executor ioExecutor, Backoff backoff,
+			Context appContext, DuplexPluginCallback callback, int maxLatency,
+			int maxIdleTime) {
 		super(ioExecutor, backoff, callback, maxLatency, maxIdleTime);
-		this.scheduler = scheduler;
 		this.appContext = appContext;
-		ConnectivityManager connectivityManager = (ConnectivityManager)
-				appContext.getSystemService(CONNECTIVITY_SERVICE);
-		if (connectivityManager == null) throw new AssertionError();
-		this.connectivityManager = connectivityManager;
-		wifiManager = (WifiManager) appContext.getApplicationContext()
-				.getSystemService(WIFI_SERVICE);
-		socketFactory = SocketFactory.getDefault();
 	}
 
 	@Override
@@ -91,9 +44,7 @@ class AndroidLanTcpPlugin extends LanTcpPlugin {
 		running = true;
 		// Register to receive network status events
 		networkStateReceiver = new NetworkStateReceiver();
-		IntentFilter filter = new IntentFilter();
-		filter.addAction(CONNECTIVITY_ACTION);
-		filter.addAction(WIFI_AP_STATE_CHANGED_ACTION);
+		IntentFilter filter = new IntentFilter(CONNECTIVITY_ACTION);
 		appContext.registerReceiver(networkStateReceiver, filter);
 	}
 
@@ -105,92 +56,21 @@ class AndroidLanTcpPlugin extends LanTcpPlugin {
 		tryToClose(socket);
 	}
 
-	@Override
-	protected Socket createSocket() throws IOException {
-		return socketFactory.createSocket();
-	}
-
-	@Override
-	protected Collection<InetAddress> getLocalIpAddresses() {
-		// If the device doesn't have wifi, don't open any sockets
-		if (wifiManager == null) return emptyList();
-		// If we're connected to a wifi network, use that network
-		WifiInfo info = wifiManager.getConnectionInfo();
-		if (info != null && info.getIpAddress() != 0)
-			return singletonList(intToInetAddress(info.getIpAddress()));
-		// If we're running an access point, return its address
-		if (super.getLocalIpAddresses().contains(WIFI_AP_ADDRESS))
-				return singletonList(WIFI_AP_ADDRESS);
-		// No suitable addresses
-		return emptyList();
-	}
-
-	private InetAddress intToInetAddress(int ip) {
-		byte[] ipBytes = new byte[4];
-		ipBytes[0] = (byte) (ip & 0xFF);
-		ipBytes[1] = (byte) ((ip >> 8) & 0xFF);
-		ipBytes[2] = (byte) ((ip >> 16) & 0xFF);
-		ipBytes[3] = (byte) ((ip >> 24) & 0xFF);
-		try {
-			return InetAddress.getByAddress(ipBytes);
-		} catch (UnknownHostException e) {
-			// Should only be thrown if address has illegal length
-			throw new AssertionError(e);
-		}
-	}
-
-	// On API 21 and later, a socket that is not created with the wifi
-	// network's socket factory may try to connect via another network
-	private SocketFactory getSocketFactory() {
-		if (SDK_INT < 21) return SocketFactory.getDefault();
-		for (Network net : connectivityManager.getAllNetworks()) {
-			NetworkInfo info = connectivityManager.getNetworkInfo(net);
-			if (info != null && info.getType() == TYPE_WIFI)
-				return net.getSocketFactory();
-		}
-		LOG.warning("Could not find suitable socket factory");
-		return SocketFactory.getDefault();
-	}
-
 	private class NetworkStateReceiver extends BroadcastReceiver {
 
 		@Override
 		public void onReceive(Context ctx, Intent i) {
 			if (!running) return;
-			if (isApEnabledEvent(i)) {
-				// The state change may be broadcast before the AP address is
-				// visible, so delay handling the event
-				scheduler.schedule(this::handleConnectivityChange, 1, SECONDS);
-			} else {
-				handleConnectivityChange();
-			}
-		}
-
-		private void handleConnectivityChange() {
-			if (!running) return;
-			Collection<InetAddress> addrs = getLocalIpAddresses();
-			if (addrs.contains(WIFI_AP_ADDRESS)) {
-				LOG.info("Providing wifi hotspot");
-				// There's no corresponding Network object and thus no way
-				// to get a suitable socket factory, so we won't be able to
-				// make outgoing connections on API 21+ if another network
-				// has internet access
-				socketFactory = SocketFactory.getDefault();
+			Object o = ctx.getSystemService(CONNECTIVITY_SERVICE);
+			ConnectivityManager cm = (ConnectivityManager) o;
+			NetworkInfo net = cm.getActiveNetworkInfo();
+			if (net != null && net.getType() == TYPE_WIFI && net.isConnected()) {
+				LOG.info("Connected to Wi-Fi");
 				if (socket == null || socket.isClosed()) bind();
-			} else if (addrs.isEmpty()) {
-				LOG.info("Not connected to wifi");
-				socketFactory = SocketFactory.getDefault();
+			} else {
+				LOG.info("Not connected to Wi-Fi");
 				tryToClose(socket);
-			} else {
-				LOG.info("Connected to wifi");
-				socketFactory = getSocketFactory();
-				if (socket == null || socket.isClosed()) bind();
 			}
 		}
-
-		private boolean isApEnabledEvent(Intent i) {
-			return WIFI_AP_STATE_CHANGED_ACTION.equals(i.getAction()) &&
-					i.getIntExtra(EXTRA_WIFI_STATE, 0) == WIFI_AP_STATE_ENABLED;
-		}
 	}
 }

bramble-android/src/main/java/org/briarproject/bramble/plugin/tcp/AndroidLanTcpPluginFactory.java

@@ -11,7 +11,6 @@ import org.briarproject.bramble.api.plugin.duplex.DuplexPluginCallback;
 import org.briarproject.bramble.api.plugin.duplex.DuplexPluginFactory;
 
 import java.util.concurrent.Executor;
-import java.util.concurrent.ScheduledExecutorService;
 
 import javax.annotation.concurrent.Immutable;
 
@@ -28,15 +27,12 @@ public class AndroidLanTcpPluginFactory implements DuplexPluginFactory {
 	private static final double BACKOFF_BASE = 1.2;
 
 	private final Executor ioExecutor;
-	private final ScheduledExecutorService scheduler;
 	private final BackoffFactory backoffFactory;
 	private final Context appContext;
 
 	public AndroidLanTcpPluginFactory(Executor ioExecutor,
-			ScheduledExecutorService scheduler, BackoffFactory backoffFactory,
-			Context appContext) {
+			BackoffFactory backoffFactory, Context appContext) {
 		this.ioExecutor = ioExecutor;
-		this.scheduler = scheduler;
 		this.backoffFactory = backoffFactory;
 		this.appContext = appContext;
 	}
@@ -55,7 +51,7 @@ public class AndroidLanTcpPluginFactory implements DuplexPluginFactory {
 	public DuplexPlugin createPlugin(DuplexPluginCallback callback) {
 		Backoff backoff = backoffFactory.createBackoff(MIN_POLLING_INTERVAL,
 				MAX_POLLING_INTERVAL, BACKOFF_BASE);
-		return new AndroidLanTcpPlugin(ioExecutor, scheduler, backoff,
-				appContext, callback, MAX_LATENCY, MAX_IDLE_TIME);
+		return new AndroidLanTcpPlugin(ioExecutor, backoff, appContext,
+				callback, MAX_LATENCY, MAX_IDLE_TIME);
 	}
 }

bramble-android/src/main/java/org/briarproject/bramble/plugin/tor/TorPlugin.java

@@ -16,7 +16,6 @@ import android.os.PowerManager;
 import net.freehaven.tor.control.EventHandler;
 import net.freehaven.tor.control.TorControlConnection;
 
-import org.briarproject.bramble.PoliteExecutor;
 import org.briarproject.bramble.api.contact.ContactId;
 import org.briarproject.bramble.api.data.BdfList;
 import org.briarproject.bramble.api.event.Event;
@@ -60,10 +59,7 @@ import java.util.Map.Entry;
 import java.util.Scanner;
 import java.util.concurrent.CountDownLatch;
 import java.util.concurrent.Executor;
-import java.util.concurrent.Future;
-import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.atomic.AtomicBoolean;
-import java.util.concurrent.atomic.AtomicReference;
 import java.util.logging.Logger;
 import java.util.regex.Pattern;
 import java.util.zip.ZipInputStream;
@@ -74,15 +70,10 @@ import javax.net.SocketFactory;
 import static android.content.Context.CONNECTIVITY_SERVICE;
 import static android.content.Context.MODE_PRIVATE;
 import static android.content.Context.POWER_SERVICE;
-import static android.content.Intent.ACTION_SCREEN_OFF;
-import static android.content.Intent.ACTION_SCREEN_ON;
 import static android.net.ConnectivityManager.CONNECTIVITY_ACTION;
 import static android.net.ConnectivityManager.TYPE_WIFI;
-import static android.os.Build.VERSION.SDK_INT;
-import static android.os.PowerManager.ACTION_DEVICE_IDLE_MODE_CHANGED;
 import static android.os.PowerManager.PARTIAL_WAKE_LOCK;
 import static java.util.concurrent.TimeUnit.MILLISECONDS;
-import static java.util.concurrent.TimeUnit.MINUTES;
 import static java.util.logging.Level.INFO;
 import static java.util.logging.Level.WARNING;
 import static net.freehaven.tor.control.TorControlCommands.HS_ADDRESS;
@@ -110,8 +101,7 @@ class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 	private static final Logger LOG =
 			Logger.getLogger(TorPlugin.class.getName());
 
-	private final Executor ioExecutor, connectionStatusExecutor;
-	private final ScheduledExecutorService scheduler;
+	private final Executor ioExecutor;
 	private final Context appContext;
 	private final LocationUtils locationUtils;
 	private final DevReporter reporter;
@@ -124,8 +114,6 @@ class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 	private final File torDirectory, torFile, geoIpFile, configFile;
 	private final File doneFile, cookieFile;
 	private final PowerManager.WakeLock wakeLock;
-	private final AtomicReference<Future<?>> connectivityCheck =
-			new AtomicReference<>();
 	private final AtomicBoolean used = new AtomicBoolean(false);
 
 	private volatile boolean running = false;
@@ -134,13 +122,12 @@ class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 	private volatile TorControlConnection controlConnection = null;
 	private volatile BroadcastReceiver networkStateReceiver = null;
 
-	TorPlugin(Executor ioExecutor, ScheduledExecutorService scheduler,
-			Context appContext, LocationUtils locationUtils,
-			DevReporter reporter, SocketFactory torSocketFactory,
-			Backoff backoff, DuplexPluginCallback callback,
-			String architecture, int maxLatency, int maxIdleTime) {
+	TorPlugin(Executor ioExecutor, Context appContext,
+			LocationUtils locationUtils, DevReporter reporter,
+			SocketFactory torSocketFactory, Backoff backoff,
+			DuplexPluginCallback callback, String architecture, int maxLatency,
+			int maxIdleTime) {
 		this.ioExecutor = ioExecutor;
-		this.scheduler = scheduler;
 		this.appContext = appContext;
 		this.locationUtils = locationUtils;
 		this.reporter = reporter;
@@ -165,9 +152,6 @@ class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 		// This tag will prevent Huawei's powermanager from killing us.
 		wakeLock = pm.newWakeLock(PARTIAL_WAKE_LOCK, "LocationManagerService");
 		wakeLock.setReferenceCounted(false);
-		// Don't execute more than one connection status check at a time
-		connectionStatusExecutor = new PoliteExecutor("TorPlugin",
-				ioExecutor, 1);
 	}
 
 	@Override
@@ -220,11 +204,11 @@ class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 		if (LOG.isLoggable(INFO)) {
 			Scanner stdout = new Scanner(torProcess.getInputStream());
 			Scanner stderr = new Scanner(torProcess.getErrorStream());
-			while (stdout.hasNextLine() || stderr.hasNextLine()) {
-				if (stdout.hasNextLine()) {
+			while (stdout.hasNextLine() || stderr.hasNextLine()){
+				if(stdout.hasNextLine()) {
 					LOG.info(stdout.nextLine());
 				}
-				if (stderr.hasNextLine()) {
+				if(stderr.hasNextLine()){
 					LOG.info(stderr.nextLine());
 				}
 			}
@@ -273,11 +257,7 @@ class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 		}
 		// Register to receive network status events
 		networkStateReceiver = new NetworkStateReceiver();
-		IntentFilter filter = new IntentFilter();
-		filter.addAction(CONNECTIVITY_ACTION);
-		filter.addAction(ACTION_SCREEN_ON);
-		filter.addAction(ACTION_SCREEN_OFF);
-		if (SDK_INT >= 23) filter.addAction(ACTION_DEVICE_IDLE_MODE_CHANGED);
+		IntentFilter filter = new IntentFilter(CONNECTIVITY_ACTION);
 		appContext.registerReceiver(networkStateReceiver, filter);
 		// Bind a server socket to receive incoming hidden service connections
 		bind();
@@ -614,7 +594,7 @@ class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 
 	@Override
 	public DuplexTransportConnection createKeyAgreementConnection(
-			byte[] commitment, BdfList descriptor) {
+			byte[] commitment, BdfList descriptor, long timeout) {
 		throw new UnsupportedOperationException();
 	}
 
@@ -638,8 +618,6 @@ class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 	@Override
 	public void orConnStatus(String status, String orName) {
 		if (LOG.isLoggable(INFO)) LOG.info("OR connection " + status);
-		if (status.equals("CLOSED") || status.equals("FAILED"))
-			updateConnectionStatus(); // Check whether we've lost connectivity
 	}
 
 	@Override
@@ -679,7 +657,7 @@ class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 		}
 
 		@Override
-		public void onEvent(int event, @Nullable String path) {
+		public void onEvent(int event, String path) {
 			stopWatching();
 			latch.countDown();
 		}
@@ -697,8 +675,9 @@ class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 	}
 
 	private void updateConnectionStatus() {
-		connectionStatusExecutor.execute(() -> {
+		ioExecutor.execute(() -> {
 			if (!running) return;
+
 			Object o = appContext.getSystemService(CONNECTIVITY_SERVICE);
 			ConnectivityManager cm = (ConnectivityManager) o;
 			NetworkInfo net = cm.getActiveNetworkInfo();
@@ -737,25 +716,14 @@ class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 		});
 	}
 
-	private void scheduleConnectionStatusUpdate() {
-		Future<?> newConnectivityCheck =
-				scheduler.schedule(this::updateConnectionStatus, 1, MINUTES);
-		Future<?> oldConnectivityCheck =
-				connectivityCheck.getAndSet(newConnectivityCheck);
-		if (oldConnectivityCheck != null) oldConnectivityCheck.cancel(false);
-	}
-
 	private class NetworkStateReceiver extends BroadcastReceiver {
 
 		@Override
 		public void onReceive(Context ctx, Intent i) {
 			if (!running) return;
-			String action = i.getAction();
-			if (LOG.isLoggable(INFO)) LOG.info("Received broadcast " + action);
-			updateConnectionStatus();
-			if (ACTION_SCREEN_ON.equals(action)
-					|| ACTION_SCREEN_OFF.equals(action)) {
-				scheduleConnectionStatusUpdate();
+			if (CONNECTIVITY_ACTION.equals(i.getAction())) {
+				LOG.info("Detected connectivity change");
+				updateConnectionStatus();
 			}
 		}
 	}
@@ -778,7 +746,7 @@ class TorPlugin implements DuplexPlugin, EventHandler, EventListener {
 
 		private synchronized void enableNetwork(boolean enable) {
 			networkEnabled = enable;
-			if (!enable) circuitBuilt = false;
+			circuitBuilt = false;
 		}
 
 		private synchronized boolean isConnected() {

bramble-android/src/main/java/org/briarproject/bramble/plugin/tor/TorPluginFactory.java

@@ -17,7 +17,6 @@ import org.briarproject.bramble.api.system.LocationUtils;
 import org.briarproject.bramble.util.AndroidUtils;
 
 import java.util.concurrent.Executor;
-import java.util.concurrent.ScheduledExecutorService;
 import java.util.logging.Logger;
 
 import javax.annotation.concurrent.Immutable;
@@ -37,7 +36,6 @@ public class TorPluginFactory implements DuplexPluginFactory {
 	private static final double BACKOFF_BASE = 1.2;
 
 	private final Executor ioExecutor;
-	private final ScheduledExecutorService scheduler;
 	private final Context appContext;
 	private final LocationUtils locationUtils;
 	private final DevReporter reporter;
@@ -45,13 +43,11 @@ public class TorPluginFactory implements DuplexPluginFactory {
 	private final SocketFactory torSocketFactory;
 	private final BackoffFactory backoffFactory;
 
-	public TorPluginFactory(Executor ioExecutor,
-			ScheduledExecutorService scheduler, Context appContext,
+	public TorPluginFactory(Executor ioExecutor, Context appContext,
 			LocationUtils locationUtils, DevReporter reporter,
 			EventBus eventBus, SocketFactory torSocketFactory,
 			BackoffFactory backoffFactory) {
 		this.ioExecutor = ioExecutor;
-		this.scheduler = scheduler;
 		this.appContext = appContext;
 		this.locationUtils = locationUtils;
 		this.reporter = reporter;
@@ -93,9 +89,9 @@ public class TorPluginFactory implements DuplexPluginFactory {
 
 		Backoff backoff = backoffFactory.createBackoff(MIN_POLLING_INTERVAL,
 				MAX_POLLING_INTERVAL, BACKOFF_BASE);
-		TorPlugin plugin = new TorPlugin(ioExecutor, scheduler, appContext,
-				locationUtils, reporter, torSocketFactory, backoff, callback,
-				architecture, MAX_LATENCY, MAX_IDLE_TIME);
+		TorPlugin plugin = new TorPlugin(ioExecutor, appContext, locationUtils,
+				reporter, torSocketFactory, backoff, callback, architecture,
+				MAX_LATENCY, MAX_IDLE_TIME);
 		eventBus.addListener(plugin);
 		return plugin;
 	}

bramble-api/src/main/java/org/briarproject/bramble/api/client/ContactGroupFactory.java

@@ -12,18 +12,19 @@ public interface ContactGroupFactory {
 	/**
 	 * Creates a group that is not shared with any contacts.
 	 */
-	Group createLocalGroup(ClientId clientId);
+	Group createLocalGroup(ClientId clientId, int clientVersion);
 
 	/**
 	 * Creates a group for the given client to share with the given contact.
 	 */
-	Group createContactGroup(ClientId clientId, Contact contact);
+	Group createContactGroup(ClientId clientId, int clientVersion,
+			Contact contact);
 
 	/**
 	 * Creates a group for the given client to share between the given authors
 	 * identified by their AuthorIds.
 	 */
-	Group createContactGroup(ClientId clientId, AuthorId authorId1,
-			AuthorId authorId2);
+	Group createContactGroup(ClientId clientId, int clientVersion,
+			AuthorId authorId1, AuthorId authorId2);
 
 }

bramble-api/src/main/java/org/briarproject/bramble/api/contact/ContactExchangeTask.java

@@ -12,6 +12,32 @@ import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
 @NotNullByDefault
 public interface ContactExchangeTask {
 
+	/**
+	 * The current version of the contact exchange protocol
+	 */
+	int PROTOCOL_VERSION = 0;
+
+	/**
+	 * Label for deriving Alice's header key from the master secret.
+	 */
+	String ALICE_KEY_LABEL =
+			"org.briarproject.bramble.contact/ALICE_HEADER_KEY";
+
+	/**
+	 * Label for deriving Bob's header key from the master secret.
+	 */
+	String BOB_KEY_LABEL = "org.briarproject.bramble.contact/BOB_HEADER_KEY";
+
+	/**
+	 * Label for deriving Alice's key binding nonce from the master secret.
+	 */
+	String ALICE_NONCE_LABEL = "org.briarproject.bramble.contact/ALICE_NONCE";
+
+	/**
+	 * Label for deriving Bob's key binding nonce from the master secret.
+	 */
+	String BOB_NONCE_LABEL = "org.briarproject.bramble.contact/BOB_NONCE";
+
 	/**
 	 * Exchanges contact information with a remote peer.
 	 */

bramble-api/src/main/java/org/briarproject/bramble/api/crypto/CryptoComponent.java

@@ -1,8 +1,5 @@
 package org.briarproject.bramble.api.crypto;
 
-import org.briarproject.bramble.api.plugin.TransportId;
-import org.briarproject.bramble.api.transport.TransportKeys;
-
 import java.security.GeneralSecurityException;
 import java.security.SecureRandom;
 
@@ -20,156 +17,98 @@ public interface CryptoComponent {
 
 	KeyParser getSignatureKeyParser();
 
+	KeyPair generateEdKeyPair();
+
+	KeyParser getEdKeyParser();
+
 	KeyParser getMessageKeyParser();
 
 	/**
-	 * Derives a stream header key from the given master secret.
-	 * @param alice whether the key is for use by Alice or Bob.
-	 */
-	SecretKey deriveHeaderKey(SecretKey master, boolean alice);
-
-	/**
-	 * Derives a message authentication code key from the given master secret.
-	 * @param alice whether the key is for use by Alice or Bob.
-	 */
-	SecretKey deriveMacKey(SecretKey master, boolean alice);
-
-	/**
-	 * Derives a nonce from the given master secret for one of the parties to
-	 * sign.
-	 * @param alice whether the nonce is for use by Alice or Bob.
-	 */
-	byte[] deriveSignatureNonce(SecretKey master, boolean alice);
-
-	/**
-	 * Derives a commitment to the provided public key.
-	 * <p/>
-	 * Part of BQP.
+	 * Derives another secret key from the given secret key.
 	 *
-	 * @param publicKey the public key
-	 * @return the commitment to the provided public key.
+	 * @param label a namespaced label indicating the purpose of the derived
+	 * key, to prevent it from being repurposed or colliding with a key derived
+	 * for another purpose
 	 */
-	byte[] deriveKeyCommitment(byte[] publicKey);
+	SecretKey deriveKey(String label, SecretKey k, byte[]... inputs);
 
 	/**
 	 * Derives a common shared secret from two public keys and one of the
 	 * corresponding private keys.
-	 * <p/>
-	 * Part of BQP.
 	 *
-	 * @param theirPublicKey the ephemeral public key of the remote party
-	 * @param ourKeyPair our ephemeral keypair
-	 * @param alice true if ourKeyPair belongs to Alice
+	 * @param label a namespaced label indicating the purpose of this shared
+	 * secret, to prevent it from being repurposed or colliding with a shared
+	 * secret derived for another purpose
+	 * @param theirPublicKey the public key of the remote party
+	 * @param ourKeyPair the key pair of the local party
 	 * @return the shared secret
-	 * @throws GeneralSecurityException
 	 */
-	SecretKey deriveSharedSecret(byte[] theirPublicKey, KeyPair ourKeyPair,
-			boolean alice) throws GeneralSecurityException;
+	SecretKey deriveSharedSecret(String label, PublicKey theirPublicKey,
+			KeyPair ourKeyPair, byte[]... inputs)
+			throws GeneralSecurityException;
 
 	/**
-	 * Derives the content of a confirmation record.
-	 * <p/>
-	 * Part of BQP.
+	 * Signs the given byte[] with the given ECDSA private key.
 	 *
-	 * @param sharedSecret the common shared secret
-	 * @param theirPayload the commit payload from the remote party
-	 * @param ourPayload the commit payload we sent
-	 * @param theirPublicKey the ephemeral public key of the remote party
-	 * @param ourKeyPair our ephemeral keypair
-	 * @param alice true if ourKeyPair belongs to Alice
-	 * @param aliceRecord true if the confirmation record is for use by Alice
-	 * @return the confirmation record
-	 */
-	byte[] deriveConfirmationRecord(SecretKey sharedSecret,
-			byte[] theirPayload, byte[] ourPayload,
-			byte[] theirPublicKey, KeyPair ourKeyPair,
-			boolean alice, boolean aliceRecord);
-
-	/**
-	 * Derives a master secret from the given shared secret.
-	 * <p/>
-	 * Part of BQP.
-	 *
-	 * @param sharedSecret the common shared secret
-	 * @return the master secret
-	 */
-	SecretKey deriveMasterSecret(SecretKey sharedSecret);
-
-	/**
-	 * Derives a master secret from two public keys and one of the corresponding
-	 * private keys.
-	 * <p/>
-	 * This is a helper method that calls
-	 * deriveMasterSecret(deriveSharedSecret(theirPublicKey, ourKeyPair, alice))
-	 *
-	 * @param theirPublicKey the ephemeral public key of the remote party
-	 * @param ourKeyPair our ephemeral keypair
-	 * @param alice true if ourKeyPair belongs to Alice
-	 * @return the shared secret
-	 * @throws GeneralSecurityException
-	 */
-	SecretKey deriveMasterSecret(byte[] theirPublicKey, KeyPair ourKeyPair,
-			boolean alice) throws GeneralSecurityException;
-
-	/**
-	 * Derives initial transport keys for the given transport in the given
-	 * rotation period from the given master secret.
-	 * @param alice whether the keys are for use by Alice or Bob.
-	 */
-	TransportKeys deriveTransportKeys(TransportId t, SecretKey master,
-			long rotationPeriod, boolean alice);
-
-	/**
-	 * Rotates the given transport keys to the given rotation period. If the
-	 * keys are for a future rotation period they are not rotated.
-	 */
-	TransportKeys rotateTransportKeys(TransportKeys k, long rotationPeriod);
-
-	/** Encodes the pseudo-random tag that is used to recognise a stream. */
-	void encodeTag(byte[] tag, SecretKey tagKey, int protocolVersion,
-			long streamNumber);
-
-	/**
-	 * Signs the given byte[] with the given PrivateKey.
-	 *
-	 * @param label A label specific to this signature
-	 *              to ensure that the signature cannot be repurposed
+	 * @param label a namespaced label indicating the purpose of this
+	 * signature, to prevent it from being repurposed or colliding with a
+	 * signature created for another purpose
 	 */
 	byte[] sign(String label, byte[] toSign, byte[] privateKey)
 			throws GeneralSecurityException;
 
 	/**
-	 * Verifies that the given signature is valid for the signedData
-	 * and the given publicKey.
+	 * Signs the given byte[] with the given Ed25519 private key.
 	 *
-	 * @param label A label that was specific to this signature
+	 * @param label A label specific to this signature
 	 *              to ensure that the signature cannot be repurposed
+	 */
+	byte[] signEd(String label, byte[] toSign, byte[] privateKey)
+			throws GeneralSecurityException;
+
+	/**
+	 * Verifies that the given signature is valid for the signed data
+	 * and the given ECDSA public key.
+	 *
+	 * @param label a namespaced label indicating the purpose of this
+	 * signature, to prevent it from being repurposed or colliding with a
+	 * signature created for another purpose
 	 * @return true if the signature was valid, false otherwise.
 	 */
 	boolean verify(String label, byte[] signedData, byte[] publicKey,
 			byte[] signature) throws GeneralSecurityException;
 
+	/**
+	 * Verifies that the given signature is valid for the signed data
+	 * and the given Ed25519 public key.
+	 *
+	 * @param label A label that was specific to this signature
+	 *              to ensure that the signature cannot be repurposed
+	 * @return true if the signature was valid, false otherwise.
+	 */
+	boolean verifyEd(String label, byte[] signedData, byte[] publicKey,
+			byte[] signature) throws GeneralSecurityException;
+
 	/**
 	 * Returns the hash of the given inputs. The inputs are unambiguously
 	 * combined by prefixing each input with its length.
 	 *
-	 * @param label A label specific to this hash to ensure that hashes
-	 *              calculated for distinct purposes don't collide.
+	 * @param label a namespaced label indicating the purpose of this hash, to
+	 * prevent it from being repurposed or colliding with a hash created for
+	 * another purpose
 	 */
 	byte[] hash(String label, byte[]... inputs);
 
-	/**
-	 * Returns the length of hashes produced by
-	 * the {@link CryptoComponent#hash(String, byte[]...)} method.
-	 */
-	int getHashLength();
-
 	/**
 	 * Returns a message authentication code with the given key over the
 	 * given inputs. The inputs are unambiguously combined by prefixing each
 	 * input with its length.
+	 *
+	 * @param label a namespaced label indicating the purpose of this MAC, to
+	 * prevent it from being repurposed or colliding with a MAC created for
+	 * another purpose
 	 */
-	byte[] mac(SecretKey macKey, byte[]... inputs);
+	byte[] mac(String label, SecretKey macKey, byte[]... inputs);
 
 	/**
 	 * Encrypts and authenticates the given plaintext so it can be written to

bramble-api/src/main/java/org/briarproject/bramble/api/crypto/KeyAgreementCrypto.java

@@ -0,0 +1,50 @@
+package org.briarproject.bramble.api.crypto;
+
+/**
+ * Crypto operations for the key agreement protocol - see
+ * https://code.briarproject.org/akwizgran/briar-spec/blob/master/protocols/BQP.md
+ */
+public interface KeyAgreementCrypto {
+
+	/**
+	 * Hash label for public key commitment.
+	 */
+	String COMMIT_LABEL = "org.briarproject.bramble.keyagreement/COMMIT";
+
+	/**
+	 * Key derivation label for confirmation record.
+	 */
+	String CONFIRMATION_KEY_LABEL =
+			"org.briarproject.bramble.keyagreement/CONFIRMATION_KEY";
+
+	/**
+	 * MAC label for confirmation record.
+	 */
+	String CONFIRMATION_MAC_LABEL =
+			"org.briarproject.bramble.keyagreement/CONFIRMATION_MAC";
+
+	/**
+	 * Derives a commitment to the provided public key.
+	 *
+	 * @param publicKey the public key
+	 * @return the commitment to the provided public key.
+	 */
+	byte[] deriveKeyCommitment(PublicKey publicKey);
+
+	/**
+	 * Derives the content of a confirmation record.
+	 *
+	 * @param sharedSecret the common shared secret
+	 * @param theirPayload the key exchange payload of the remote party
+	 * @param ourPayload the key exchange payload of the local party
+	 * @param theirPublicKey the ephemeral public key of the remote party
+	 * @param ourKeyPair our ephemeral key pair of the local party
+	 * @param alice true if the local party is Alice
+	 * @param aliceRecord true if the confirmation record is for use by Alice
+	 * @return the confirmation record
+	 */
+	byte[] deriveConfirmationRecord(SecretKey sharedSecret,
+			byte[] theirPayload, byte[] ourPayload,
+			PublicKey theirPublicKey, KeyPair ourKeyPair,
+			boolean alice, boolean aliceRecord);
+}

bramble-api/src/main/java/org/briarproject/bramble/api/crypto/TransportCrypto.java

@@ -0,0 +1,32 @@
+package org.briarproject.bramble.api.crypto;
+
+import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.transport.TransportKeys;
+
+/**
+ * Crypto operations for the transport security protocol - see
+ * https://code.briarproject.org/akwizgran/briar-spec/blob/master/protocols/BTP.md
+ */
+public interface TransportCrypto {
+
+	/**
+	 * Derives initial transport keys for the given transport in the given
+	 * rotation period from the given master secret.
+	 *
+	 * @param alice whether the keys are for use by Alice or Bob.
+	 */
+	TransportKeys deriveTransportKeys(TransportId t, SecretKey master,
+			long rotationPeriod, boolean alice);
+
+	/**
+	 * Rotates the given transport keys to the given rotation period. If the
+	 * keys are for the given period or any later period they are not rotated.
+	 */
+	TransportKeys rotateTransportKeys(TransportKeys k, long rotationPeriod);
+
+	/**
+	 * Encodes the pseudo-random tag that is used to recognise a stream.
+	 */
+	void encodeTag(byte[] tag, SecretKey tagKey, int protocolVersion,
+			long streamNumber);
+}

bramble-api/src/main/java/org/briarproject/bramble/api/db/DataTooNewException.java

@@ -1,7 +0,0 @@
-package org.briarproject.bramble.api.db;
-
-/**
- * Thrown when the database uses a newer schema than the current code.
- */
-public class DataTooNewException extends DbException {
-}

bramble-api/src/main/java/org/briarproject/bramble/api/db/DataTooOldException.java

@@ -1,8 +0,0 @@
-package org.briarproject.bramble.api.db;
-
-/**
- * Thrown when the database uses an older schema than the current code and
- * cannot be migrated.
- */
-public class DataTooOldException extends DbException {
-}

bramble-api/src/main/java/org/briarproject/bramble/api/db/DatabaseComponent.java

@@ -37,13 +37,8 @@ public interface DatabaseComponent {
 
 	/**
 	 * Opens the database and returns true if the database already existed.
-	 *
-	 * @throws DataTooNewException if the data uses a newer schema than the
-	 * current code
-	 * @throws DataTooOldException if the data uses an older schema than the
-	 * current code and cannot be migrated
 	 */
-	boolean open(@Nullable MigrationListener listener) throws DbException;
+	boolean open() throws DbException;
 
 	/**
 	 * Waits for any open transactions to finish and closes the database.
@@ -259,30 +254,31 @@ public interface DatabaseComponent {
 	Collection<LocalAuthor> getLocalAuthors(Transaction txn) throws DbException;
 
 	/**
-	 * Returns the IDs of any messages that need to be validated.
+	 * Returns the IDs of any messages that need to be validated by the given
+	 * client.
 	 * <p/>
 	 * Read-only.
 	 */
-	Collection<MessageId> getMessagesToValidate(Transaction txn)
+	Collection<MessageId> getMessagesToValidate(Transaction txn, ClientId c)
 			throws DbException;
 
 	/**
-	 * Returns the IDs of any messages that are pending delivery due to
-	 * dependencies on other messages.
+	 * Returns the IDs of any messages that are valid but pending delivery due
+	 * to dependencies on other messages for the given client.
 	 * <p/>
 	 * Read-only.
 	 */
-	Collection<MessageId> getPendingMessages(Transaction txn)
+	Collection<MessageId> getPendingMessages(Transaction txn, ClientId c)
 			throws DbException;
 
 	/**
-	 * Returns the IDs of any messages that have shared dependents but have
-	 * not yet been shared themselves.
+	 * Returns the IDs of any messages from the given client
+	 * that have a shared dependent, but are still not shared themselves.
 	 * <p/>
 	 * Read-only.
 	 */
-	Collection<MessageId> getMessagesToShare(Transaction txn)
-			throws DbException;
+	Collection<MessageId> getMessagesToShare(Transaction txn,
+			ClientId c) throws DbException;
 
 	/**
 	 * Returns the message with the given ID, in serialised form, or null if
@@ -377,16 +373,6 @@ public interface DatabaseComponent {
 	MessageStatus getMessageStatus(Transaction txn, ContactId c, MessageId m)
 			throws DbException;
 
-	/*
-	 * Returns the next time (in milliseconds since the Unix epoch) when a
-	 * message is due to be sent to the given contact. The returned value may
-	 * be zero if a message is due to be sent immediately, or Long.MAX_VALUE if
-	 * no messages are scheduled to be sent.
-	 * <p/>
-	 * Read-only.
-	 */
-	long getNextSendTime(Transaction txn, ContactId c) throws DbException;
-
 	/**
 	 * Returns all settings in the given namespace.
 	 * <p/>

bramble-api/src/main/java/org/briarproject/bramble/api/db/MigrationListener.java

@@ -1,11 +0,0 @@
-package org.briarproject.bramble.api.db;
-
-public interface MigrationListener {
-
-	/**
-	 * This is called when a migration is started while opening the database.
-	 * It will be called once for each migration being applied.
-	 */
-	void onMigrationRun();
-
-}

bramble-api/src/main/java/org/briarproject/bramble/api/identity/AuthorId.java

@@ -16,7 +16,7 @@ public class AuthorId extends UniqueId {
 	/**
 	 * Label for hashing authors to calculate their identities.
 	 */
-	public static final String LABEL = "org.briarproject.bramble.AUTHOR_ID";
+	public static final String LABEL = "org.briarproject.bramble/AUTHOR_ID";
 
 	public AuthorId(byte[] id) {
 		super(id);

bramble-api/src/main/java/org/briarproject/bramble/api/keyagreement/KeyAgreementConstants.java

@@ -5,7 +5,7 @@ public interface KeyAgreementConstants {
 	/**
 	 * The current version of the BQP protocol.
 	 */
-	byte PROTOCOL_VERSION = 2;
+	byte PROTOCOL_VERSION = 3;
 
 	/**
 	 * The length of the record header in bytes.
@@ -22,7 +22,10 @@ public interface KeyAgreementConstants {
 	 */
 	int COMMIT_LENGTH = 16;
 
-	long CONNECTION_TIMEOUT = 20 * 1000; // Milliseconds
+	/**
+	 * The connection timeout in milliseconds.
+	 */
+	long CONNECTION_TIMEOUT = 20 * 1000;
 
 	/**
 	 * The transport identifier for Bluetooth.
@@ -33,4 +36,16 @@ public interface KeyAgreementConstants {
 	 * The transport identifier for LAN.
 	 */
 	int TRANSPORT_ID_LAN = 1;
+
+	/**
+	 * Label for deriving the shared secret.
+	 */
+	String SHARED_SECRET_LABEL =
+			"org.briarproject.bramble.keyagreement/SHARED_SECRET";
+
+	/**
+	 * Label for deriving the master secret.
+	 */
+	String MASTER_SECRET_LABEL =
+			"org.briarproject.bramble.keyagreement/MASTER_SECRET";
 }

bramble-api/src/main/java/org/briarproject/bramble/api/keyagreement/KeyAgreementListener.java

@@ -2,7 +2,7 @@ package org.briarproject.bramble.api.keyagreement;
 
 import org.briarproject.bramble.api.data.BdfList;
 
-import java.io.IOException;
+import java.util.concurrent.Callable;
 
 /**
  * An class for managing a particular key agreement listener.
@@ -24,11 +24,11 @@ public abstract class KeyAgreementListener {
 	}
 
 	/**
-	 * Blocks until an incoming connection is received and returns it.
-	 *
-	 * @throws IOException if an error occurs or {@link #close()} is called.
+	 * Starts listening for incoming connections, and returns a Callable that
+	 * will return a KeyAgreementConnection when an incoming connection is
+	 * received.
 	 */
-	public abstract KeyAgreementConnection accept() throws IOException;
+	public abstract Callable<KeyAgreementConnection> listen();
 
 	/**
 	 * Closes the underlying server socket.

bramble-api/src/main/java/org/briarproject/bramble/api/keyagreement/KeyAgreementTaskFactory.java

@@ -1,15 +0,0 @@
-package org.briarproject.bramble.api.keyagreement;
-
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-
-/**
- * Manages tasks for conducting key agreements with remote peers.
- */
-@NotNullByDefault
-public interface KeyAgreementTaskFactory {
-
-	/**
-	 * Gets the current key agreement task.
-	 */
-	KeyAgreementTask createTask();
-}

bramble-api/src/main/java/org/briarproject/bramble/api/lifecycle/LifecycleManager.java

@@ -21,25 +21,7 @@ public interface LifecycleManager {
 	 * The result of calling {@link #startServices(String)}.
 	 */
 	enum StartResult {
-		ALREADY_RUNNING,
-		DB_ERROR,
-		DATA_TOO_OLD_ERROR,
-		DATA_TOO_NEW_ERROR,
-		SERVICE_ERROR,
-		SUCCESS
-	}
-
-	/**
-	 * The state the lifecycle can be in.
-	 * Returned by {@link #getLifecycleState()}
-	 */
-	enum LifecycleState {
-
-		STARTING, MIGRATING_DATABASE, STARTING_SERVICES, RUNNING, STOPPING;
-
-		public boolean isAfter(LifecycleState state) {
-			return ordinal() > state.ordinal();
-		}
+		ALREADY_RUNNING, DB_ERROR, SERVICE_ERROR, SUCCESS
 	}
 
 	/**
@@ -89,10 +71,4 @@ public interface LifecycleManager {
 	 * the {@link DatabaseComponent} to be closed before returning.
 	 */
 	void waitForShutdown() throws InterruptedException;
-
-	/**
-	 * Returns the current state of the lifecycle.
-	 */
-	LifecycleState getLifecycleState();
-
 }

bramble-api/src/main/java/org/briarproject/bramble/api/lifecycle/event/LifecycleEvent.java

@@ -1,20 +0,0 @@
-package org.briarproject.bramble.api.lifecycle.event;
-
-import org.briarproject.bramble.api.event.Event;
-import org.briarproject.bramble.api.lifecycle.LifecycleManager.LifecycleState;
-
-/**
- * An event that is broadcast when the app enters a new lifecycle state.
- */
-public class LifecycleEvent extends Event {
-
-	private final LifecycleState state;
-
-	public LifecycleEvent(LifecycleState state) {
-		this.state = state;
-	}
-
-	public LifecycleState getLifecycleState() {
-		return state;
-	}
-}

bramble-api/src/main/java/org/briarproject/bramble/api/lifecycle/event/ShutdownEvent.java

@@ -0,0 +1,9 @@
+package org.briarproject.bramble.api.lifecycle.event;
+
+import org.briarproject.bramble.api.event.Event;
+
+/**
+ * An event that is broadcast when the app is shutting down.
+ */
+public class ShutdownEvent extends Event {
+}

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/duplex/DuplexPlugin.java

@@ -36,9 +36,9 @@ public interface DuplexPlugin extends Plugin {
 
 	/**
 	 * Attempts to connect to the remote peer specified in the given descriptor.
-	 * Returns null if no connection can be established.
+	 * Returns null if no connection can be established within the given time.
 	 */
 	@Nullable
 	DuplexTransportConnection createKeyAgreementConnection(
-			byte[] remoteCommitment, BdfList descriptor);
+			byte[] remoteCommitment, BdfList descriptor, long timeout);
 }

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/event/BluetoothEnabledEvent.java

@@ -1,15 +0,0 @@
-package org.briarproject.bramble.api.plugin.event;
-
-import org.briarproject.bramble.api.event.Event;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-
-import javax.annotation.concurrent.Immutable;
-
-/**
- * An event that informs the Bluetooth plugin that we have enabled the
- * Bluetooth adapter.
- */
-@Immutable
-@NotNullByDefault
-public class BluetoothEnabledEvent extends Event {
-}

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/event/EnableBluetoothEvent.java

@@ -6,7 +6,7 @@ import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import javax.annotation.concurrent.Immutable;
 
 /**
- * An event that asks the Bluetooth plugin to enable the Bluetooth adapter.
+ * An event asks the Bluetooth plugin to enable the Bluetooth adapter.
  */
 @Immutable
 @NotNullByDefault

bramble-api/src/main/java/org/briarproject/bramble/api/properties/TransportPropertyManager.java

@@ -17,6 +17,11 @@ public interface TransportPropertyManager {
 	 */
 	ClientId CLIENT_ID = new ClientId("org.briarproject.briar.properties");
 
+	/**
+	 * The current version of the transport property client.
+	 */
+	int CLIENT_VERSION = 0;
+
 	/**
 	 * Stores the given properties received while adding a contact - they will
 	 * be superseded by any properties synced from the contact.

bramble-api/src/main/java/org/briarproject/bramble/api/sync/ClientId.java

@@ -36,4 +36,8 @@ public class ClientId implements Comparable<ClientId> {
 		return id.hashCode();
 	}
 
+	@Override
+	public String toString() {
+		return id;
+	}
 }

bramble-api/src/main/java/org/briarproject/bramble/api/sync/GroupFactory.java

@@ -6,7 +6,7 @@ import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 public interface GroupFactory {
 
 	/**
-	 * Creates a group with the given client ID and descriptor.
+	 * Creates a group with the given client ID, client version and descriptor.
 	 */
-	Group createGroup(ClientId c, byte[] descriptor);
+	Group createGroup(ClientId c, int clientVersion, byte[] descriptor);
 }

bramble-api/src/main/java/org/briarproject/bramble/api/sync/GroupId.java

@@ -15,7 +15,7 @@ public class GroupId extends UniqueId {
 	/**
 	 * Label for hashing groups to calculate their identifiers.
 	 */
-	public static final String LABEL = "org.briarproject.bramble.GROUP_ID";
+	public static final String LABEL = "org.briarproject.bramble/GROUP_ID";
 
 	public GroupId(byte[] id) {
 		super(id);

bramble-api/src/main/java/org/briarproject/bramble/api/sync/MessageId.java

@@ -16,7 +16,7 @@ public class MessageId extends UniqueId {
 	/**
 	 * Label for hashing messages to calculate their identifiers.
 	 */
-	public static final String LABEL = "org.briarproject.bramble.MESSAGE_ID";
+	public static final String LABEL = "org.briarproject.bramble/MESSAGE_ID";
 
 	public MessageId(byte[] id) {
 		super(id);

bramble-api/src/main/java/org/briarproject/bramble/api/transport/TransportConstants.java

@@ -7,7 +7,7 @@ public interface TransportConstants {
 	/**
 	 * The current version of the transport protocol.
 	 */
-	int PROTOCOL_VERSION = 3;
+	int PROTOCOL_VERSION = 4;
 
 	/**
 	 * The length of the pseudo-random tag in bytes.
@@ -80,4 +80,32 @@ public interface TransportConstants {
 	 * The size of the reordering window.
 	 */
 	int REORDERING_WINDOW_SIZE = 32;
+
+	/**
+	 * Label for deriving Alice's initial tag key from the master secret.
+	 */
+	String ALICE_TAG_LABEL = "org.briarproject.bramble.transport/ALICE_TAG_KEY";
+
+	/**
+	 * Label for deriving Bob's initial tag key from the master secret.
+	 */
+	String BOB_TAG_LABEL = "org.briarproject.bramble.transport/BOB_TAG_KEY";
+
+	/**
+	 * Label for deriving Alice's initial header key from the master secret.
+	 */
+	String ALICE_HEADER_LABEL =
+			"org.briarproject.bramble.transport/ALICE_HEADER_KEY";
+
+	/**
+	 * Label for deriving Bob's initial header key from the master secret.
+	 */
+	String BOB_HEADER_LABEL =
+			"org.briarproject.bramble.transport/BOB_HEADER_KEY";
+
+	/**
+	 * Label for deriving the next period's key in key rotation.
+	 */
+	String ROTATE_LABEL = "org.briarproject.bramble.transport/ROTATE";
+
 }

bramble-api/src/main/java/org/briarproject/bramble/util/StringUtils.java

@@ -126,10 +126,6 @@ public class StringUtils {
 		return toUtf8(s).length > maxLength;
 	}
 
-	public static boolean isValidMac(String mac) {
-		return MAC.matcher(mac).matches();
-	}
-
 	public static byte[] macToBytes(String mac) {
 		if (!MAC.matcher(mac).matches()) throw new IllegalArgumentException();
 		return fromHexString(mac.replaceAll(":", ""));

bramble-api/src/test/java/org/briarproject/bramble/test/TestUtils.java

@@ -2,27 +2,12 @@ package org.briarproject.bramble.test;
 
 import org.briarproject.bramble.api.UniqueId;
 import org.briarproject.bramble.api.crypto.SecretKey;
-import org.briarproject.bramble.api.identity.Author;
-import org.briarproject.bramble.api.identity.AuthorId;
-import org.briarproject.bramble.api.identity.LocalAuthor;
-import org.briarproject.bramble.api.sync.ClientId;
-import org.briarproject.bramble.api.sync.Group;
-import org.briarproject.bramble.api.sync.GroupId;
-import org.briarproject.bramble.api.sync.Message;
-import org.briarproject.bramble.api.sync.MessageId;
 import org.briarproject.bramble.util.IoUtils;
 
 import java.io.File;
 import java.util.Random;
 import java.util.concurrent.atomic.AtomicInteger;
 
-import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_AUTHOR_NAME_LENGTH;
-import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_PUBLIC_KEY_LENGTH;
-import static org.briarproject.bramble.api.sync.SyncConstants.MAX_GROUP_DESCRIPTOR_LENGTH;
-import static org.briarproject.bramble.api.sync.SyncConstants.MAX_MESSAGE_BODY_LENGTH;
-import static org.briarproject.bramble.api.sync.SyncConstants.MESSAGE_HEADER_LENGTH;
-import static org.briarproject.bramble.util.StringUtils.getRandomString;
-
 public class TestUtils {
 
 	private static final AtomicInteger nextTestDir =
@@ -53,50 +38,4 @@ public class TestUtils {
 		return new SecretKey(getRandomBytes(SecretKey.LENGTH));
 	}
 
-	public static LocalAuthor getLocalAuthor() {
-		return getLocalAuthor(1 + random.nextInt(MAX_AUTHOR_NAME_LENGTH));
-	}
-
-	public static LocalAuthor getLocalAuthor(int nameLength) {
-		AuthorId id = new AuthorId(getRandomId());
-		String name = getRandomString(nameLength);
-		byte[] publicKey = getRandomBytes(MAX_PUBLIC_KEY_LENGTH);
-		byte[] privateKey = getRandomBytes(MAX_PUBLIC_KEY_LENGTH);
-		long created = System.currentTimeMillis();
-		return new LocalAuthor(id, name, publicKey, privateKey, created);
-	}
-
-	public static Author getAuthor() {
-		return getAuthor(1 + random.nextInt(MAX_AUTHOR_NAME_LENGTH));
-	}
-
-	public static Author getAuthor(int nameLength) {
-		AuthorId id = new AuthorId(getRandomId());
-		String name = getRandomString(nameLength);
-		byte[] publicKey = getRandomBytes(MAX_PUBLIC_KEY_LENGTH);
-		return new Author(id, name, publicKey);
-	}
-
-	public static Group getGroup(ClientId clientId) {
-		int descriptorLength = 1 + random.nextInt(MAX_GROUP_DESCRIPTOR_LENGTH);
-		return getGroup(clientId, descriptorLength);
-	}
-
-	public static Group getGroup(ClientId clientId, int descriptorLength) {
-		GroupId groupId = new GroupId(getRandomId());
-		byte[] descriptor = getRandomBytes(descriptorLength);
-		return new Group(groupId, clientId, descriptor);
-	}
-
-	public static Message getMessage(GroupId groupId) {
-		int bodyLength = 1 + random.nextInt(MAX_MESSAGE_BODY_LENGTH);
-		return getMessage(groupId, MESSAGE_HEADER_LENGTH + bodyLength);
-	}
-
-	public static Message getMessage(GroupId groupId, int rawLength) {
-		MessageId id = new MessageId(getRandomId());
-		byte[] raw = getRandomBytes(rawLength);
-		long timestamp = System.currentTimeMillis();
-		return new Message(id, groupId, timestamp, raw);
-	}
 }

bramble-core/build.gradle

@@ -9,18 +9,21 @@ apply plugin: 'witness'
 dependencies {
 	implementation project(path: ':bramble-api', configuration: 'default')
 	implementation 'com.madgag.spongycastle:core:1.58.0.0'
-	implementation 'com.h2database:h2:1.4.192' // This is the last version that supports Java 1.6
+	implementation 'com.h2database:h2:1.4.192' // The last version that supports Java 1.6
 	implementation 'org.bitlet:weupnp:0.1.4'
+	implementation 'net.i2p.crypto:eddsa:0.2.0'
 
 	apt 'com.google.dagger:dagger-compiler:2.0.2'
 
 	testImplementation project(path: ':bramble-api', configuration: 'testOutput')
+	testImplementation 'org.hsqldb:hsqldb:2.3.5' // The last version that supports Java 1.6
 	testImplementation 'junit:junit:4.12'
 	testImplementation "org.jmock:jmock:2.8.2"
 	testImplementation "org.jmock:jmock-junit4:2.8.2"
 	testImplementation "org.jmock:jmock-legacy:2.8.2"
 	testImplementation "org.hamcrest:hamcrest-library:1.3"
 	testImplementation "org.hamcrest:hamcrest-core:1.3"
+	testImplementation "org.whispersystems:curve25519-java:0.4.1"
 
 	testApt 'com.google.dagger:dagger-compiler:2.0.2'
 }
@@ -37,18 +40,21 @@ dependencyVerification {
 			'com.madgag.spongycastle:core:1.58.0.0:core-1.58.0.0.jar:199617dd5698c5a9312b898c0a4cec7ce9dd8649d07f65d91629f58229d72728',
 			'javax.inject:javax.inject:1:javax.inject-1.jar:91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff',
 			'junit:junit:4.12:junit-4.12.jar:59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a',
+			'net.i2p.crypto:eddsa:0.2.0:eddsa-0.2.0.jar:a7cb1b85c16e2f0730b9204106929a1d9aaae1df728adc7041a8b8b605692140',
 			'org.apache.ant:ant-launcher:1.9.4:ant-launcher-1.9.4.jar:7bccea20b41801ca17bcbc909a78c835d0f443f12d639c77bd6ae3d05861608d',
 			'org.apache.ant:ant:1.9.4:ant-1.9.4.jar:649ae0730251de07b8913f49286d46bba7b92d47c5f332610aa426c4f02161d8',
 			'org.beanshell:bsh:1.3.0:bsh-1.3.0.jar:9b04edc75d19db54f1b4e8b5355e9364384c6cf71eb0a1b9724c159d779879f8',
 			'org.bitlet:weupnp:0.1.4:weupnp-0.1.4.jar:88df7e6504929d00bdb832863761385c68ab92af945b04f0770b126270a444fb',
 			'org.hamcrest:hamcrest-core:1.3:hamcrest-core-1.3.jar:66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9',
 			'org.hamcrest:hamcrest-library:1.3:hamcrest-library-1.3.jar:711d64522f9ec410983bd310934296da134be4254a125080a0416ec178dfad1c',
+			'org.hsqldb:hsqldb:2.3.5:hsqldb-2.3.5.jar:6676a6977ac98997a80f827ddbd3fe8ca1e0853dad1492512135fd1a222ccfad',
 			'org.jmock:jmock-junit4:2.8.2:jmock-junit4-2.8.2.jar:f7ee4df4f7bd7b7f1cafad3b99eb74d579f109d5992ff625347352edb55e674c',
 			'org.jmock:jmock-legacy:2.8.2:jmock-legacy-2.8.2.jar:f2b985a5c08a9edb7f37612330c058809da3f6a6d63ce792426ebf8ff0d6d31b',
 			'org.jmock:jmock-testjar:2.8.2:jmock-testjar-2.8.2.jar:8900860f72c474e027cf97fe78dcbf154a1aa7fc62b6845c5fb4e4f3c7bc8760',
 			'org.jmock:jmock:2.8.2:jmock-2.8.2.jar:6c73cb4a2e6dbfb61fd99c9a768539c170ab6568e57846bd60dbf19596b65b16',
 			'org.objenesis:objenesis:2.1:objenesis-2.1.jar:c74330cc6b806c804fd37e74487b4fe5d7c2750c5e15fbc6efa13bdee1bdef80',
 			'org.ow2.asm:asm:5.0.4:asm-5.0.4.jar:896618ed8ae62702521a78bc7be42b7c491a08e6920a15f89a3ecdec31e9a220',
+			'org.whispersystems:curve25519-java:0.4.1:curve25519-java-0.4.1.jar:7dd659d8822c06c3aea1a47f18fac9e5761e29cab8100030b877db445005f03e',
 	]
 }
 

bramble-core/src/main/java/org/briarproject/bramble/client/ContactGroupFactoryImpl.java

@@ -32,23 +32,25 @@ class ContactGroupFactoryImpl implements ContactGroupFactory {
 	}
 
 	@Override
-	public Group createLocalGroup(ClientId clientId) {
-		return groupFactory.createGroup(clientId, LOCAL_GROUP_DESCRIPTOR);
+	public Group createLocalGroup(ClientId clientId, int clientVersion) {
+		return groupFactory.createGroup(clientId, clientVersion,
+				LOCAL_GROUP_DESCRIPTOR);
 	}
 
 	@Override
-	public Group createContactGroup(ClientId clientId, Contact contact) {
+	public Group createContactGroup(ClientId clientId, int clientVersion,
+			Contact contact) {
 		AuthorId local = contact.getLocalAuthorId();
 		AuthorId remote = contact.getAuthor().getId();
 		byte[] descriptor = createGroupDescriptor(local, remote);
-		return groupFactory.createGroup(clientId, descriptor);
+		return groupFactory.createGroup(clientId, clientVersion, descriptor);
 	}
 
 	@Override
-	public Group createContactGroup(ClientId clientId, AuthorId authorId1,
-			AuthorId authorId2) {
+	public Group createContactGroup(ClientId clientId, int clientVersion,
+			AuthorId authorId1, AuthorId authorId2) {
 		byte[] descriptor = createGroupDescriptor(authorId1, authorId2);
-		return groupFactory.createGroup(clientId, descriptor);
+		return groupFactory.createGroup(clientId, clientVersion, descriptor);
 	}
 
 	private byte[] createGroupDescriptor(AuthorId local, AuthorId remote) {

bramble-core/src/main/java/org/briarproject/bramble/contact/ContactExchangeTaskImpl.java

@@ -141,8 +141,10 @@ class ContactExchangeTaskImpl extends Thread implements ContactExchangeTask {
 		}
 
 		// Derive the header keys for the transport streams
-		SecretKey aliceHeaderKey = crypto.deriveHeaderKey(masterSecret, true);
-		SecretKey bobHeaderKey = crypto.deriveHeaderKey(masterSecret, false);
+		SecretKey aliceHeaderKey = crypto.deriveKey(ALICE_KEY_LABEL,
+				masterSecret, new byte[] {PROTOCOL_VERSION});
+		SecretKey bobHeaderKey = crypto.deriveKey(BOB_KEY_LABEL, masterSecret,
+				new byte[] {PROTOCOL_VERSION});
 
 		// Create the readers
 		InputStream streamReader =
@@ -156,8 +158,10 @@ class ContactExchangeTaskImpl extends Thread implements ContactExchangeTask {
 		BdfWriter w = bdfWriterFactory.createWriter(streamWriter);
 
 		// Derive the nonces to be signed
-		byte[] aliceNonce = crypto.deriveSignatureNonce(masterSecret, true);
-		byte[] bobNonce = crypto.deriveSignatureNonce(masterSecret, false);
+		byte[] aliceNonce = crypto.mac(ALICE_NONCE_LABEL, masterSecret,
+				new byte[] {PROTOCOL_VERSION});
+		byte[] bobNonce = crypto.mac(BOB_NONCE_LABEL, masterSecret,
+				new byte[] {PROTOCOL_VERSION});
 
 		// Exchange pseudonyms, signed nonces, and timestamps
 		long localTimestamp = clock.currentTimeMillis();
@@ -196,8 +200,8 @@ class ContactExchangeTaskImpl extends Thread implements ContactExchangeTask {
 
 		try {
 			// Add the contact
-			ContactId contactId = addContact(remoteAuthor, masterSecret,
-					timestamp, alice, remoteProperties);
+			ContactId contactId = addContact(remoteAuthor, timestamp,
+					remoteProperties);
 			// Reuse the connection as a transport connection
 			connectionManager.manageOutgoingConnection(contactId, transportId,
 					conn);
@@ -294,15 +298,15 @@ class ContactExchangeTaskImpl extends Thread implements ContactExchangeTask {
 		return remote;
 	}
 
-	private ContactId addContact(Author remoteAuthor, SecretKey master,
-			long timestamp, boolean alice,
+	private ContactId addContact(Author remoteAuthor, long timestamp,
 			Map<TransportId, TransportProperties> remoteProperties)
 			throws DbException {
 		ContactId contactId;
 		Transaction txn = db.startTransaction(false);
 		try {
 			contactId = contactManager.addContact(txn, remoteAuthor,
-					localAuthor.getId(), master, timestamp, alice, true, true);
+					localAuthor.getId(), masterSecret, timestamp, alice,
+					true, true);
 			transportPropertyManager.addRemoteProperties(txn, contactId,
 					remoteProperties);
 			db.commitTransaction(txn);
@@ -312,8 +316,7 @@ class ContactExchangeTaskImpl extends Thread implements ContactExchangeTask {
 		return contactId;
 	}
 
-	private void tryToClose(DuplexTransportConnection conn,
-			boolean exception) {
+	private void tryToClose(DuplexTransportConnection conn, boolean exception) {
 		try {
 			LOG.info("Closing connection");
 			conn.getReader().dispose(exception, true);

bramble-core/src/main/java/org/briarproject/bramble/crypto/CryptoComponentImpl.java

@@ -1,16 +1,16 @@
 package org.briarproject.bramble.crypto;
 
+import net.i2p.crypto.eddsa.EdDSAPrivateKey;
+import net.i2p.crypto.eddsa.EdDSAPublicKey;
+import net.i2p.crypto.eddsa.KeyPairGenerator;
+
 import org.briarproject.bramble.api.crypto.CryptoComponent;
 import org.briarproject.bramble.api.crypto.KeyPair;
 import org.briarproject.bramble.api.crypto.KeyParser;
 import org.briarproject.bramble.api.crypto.PrivateKey;
 import org.briarproject.bramble.api.crypto.PublicKey;
 import org.briarproject.bramble.api.crypto.SecretKey;
-import org.briarproject.bramble.api.plugin.TransportId;
 import org.briarproject.bramble.api.system.SecureRandomProvider;
-import org.briarproject.bramble.api.transport.IncomingKeys;
-import org.briarproject.bramble.api.transport.OutgoingKeys;
-import org.briarproject.bramble.api.transport.TransportKeys;
 import org.briarproject.bramble.util.ByteUtils;
 import org.briarproject.bramble.util.StringUtils;
 import org.spongycastle.crypto.AsymmetricCipherKeyPair;
@@ -26,7 +26,6 @@ import org.spongycastle.crypto.params.ECPrivateKeyParameters;
 import org.spongycastle.crypto.params.ECPublicKeyParameters;
 import org.spongycastle.crypto.params.KeyParameter;
 
-import java.nio.charset.Charset;
 import java.security.GeneralSecurityException;
 import java.security.NoSuchAlgorithmException;
 import java.security.Provider;
@@ -40,14 +39,8 @@ import java.util.logging.Logger;
 import javax.inject.Inject;
 
 import static java.util.logging.Level.INFO;
-import static org.briarproject.bramble.api.keyagreement.KeyAgreementConstants.COMMIT_LENGTH;
-import static org.briarproject.bramble.api.transport.TransportConstants.TAG_LENGTH;
 import static org.briarproject.bramble.crypto.EllipticCurveConstants.PARAMETERS;
-import static org.briarproject.bramble.util.ByteUtils.INT_16_BYTES;
 import static org.briarproject.bramble.util.ByteUtils.INT_32_BYTES;
-import static org.briarproject.bramble.util.ByteUtils.INT_64_BYTES;
-import static org.briarproject.bramble.util.ByteUtils.MAX_16_BIT_UNSIGNED;
-import static org.briarproject.bramble.util.ByteUtils.MAX_32_BIT_UNSIGNED;
 
 class CryptoComponentImpl implements CryptoComponent {
 
@@ -56,49 +49,19 @@ class CryptoComponentImpl implements CryptoComponent {
 
 	private static final int AGREEMENT_KEY_PAIR_BITS = 256;
 	private static final int SIGNATURE_KEY_PAIR_BITS = 256;
+	private static final int ED_KEY_PAIR_BITS = 256;
 	private static final int STORAGE_IV_BYTES = 24; // 196 bits
 	private static final int PBKDF_SALT_BYTES = 32; // 256 bits
 	private static final int PBKDF_TARGET_MILLIS = 500;
 	private static final int PBKDF_SAMPLES = 30;
-	private static final int HASH_SIZE = 256 / 8;
-
-	private static byte[] ascii(String s) {
-		return s.getBytes(Charset.forName("US-ASCII"));
-	}
-
-	// KDF labels for contact exchange stream header key derivation
-	private static final byte[] A_INVITE = ascii("ALICE_INVITATION_KEY");
-	private static final byte[] B_INVITE = ascii("BOB_INVITATION_KEY");
-	// KDF labels for contact exchange signature nonce derivation
-	private static final byte[] A_SIG_NONCE = ascii("ALICE_SIGNATURE_NONCE");
-	private static final byte[] B_SIG_NONCE = ascii("BOB_SIGNATURE_NONCE");
-	// Hash label for BQP public key commitment derivation
-	private static final String COMMIT =
-			"org.briarproject.bramble.COMMIT";
-	// Hash label for shared secret derivation
-	private static final String SHARED_SECRET =
-			"org.briarproject.bramble.SHARED_SECRET";
-	// KDF label for BQP confirmation key derivation
-	private static final byte[] CONFIRMATION_KEY = ascii("CONFIRMATION_KEY");
-	// KDF label for master key derivation
-	private static final byte[] MASTER_KEY = ascii("MASTER_KEY");
-	// KDF labels for tag key derivation
-	private static final byte[] A_TAG = ascii("ALICE_TAG_KEY");
-	private static final byte[] B_TAG = ascii("BOB_TAG_KEY");
-	// KDF labels for header key derivation
-	private static final byte[] A_HEADER = ascii("ALICE_HEADER_KEY");
-	private static final byte[] B_HEADER = ascii("BOB_HEADER_KEY");
-	// KDF labels for MAC key derivation
-	private static final byte[] A_MAC = ascii("ALICE_MAC_KEY");
-	private static final byte[] B_MAC = ascii("BOB_MAC_KEY");
-	// KDF label for key rotation
-	private static final byte[] ROTATE = ascii("ROTATE");
 
 	private final SecureRandom secureRandom;
 	private final ECKeyPairGenerator agreementKeyPairGenerator;
 	private final ECKeyPairGenerator signatureKeyPairGenerator;
 	private final KeyParser agreementKeyParser, signatureKeyParser;
 	private final MessageEncrypter messageEncrypter;
+	private final KeyPairGenerator edKeyPairGenerator;
+	private final KeyParser edKeyParser;
 
 	@Inject
 	CryptoComponentImpl(SecureRandomProvider secureRandomProvider) {
@@ -132,6 +95,9 @@ class CryptoComponentImpl implements CryptoComponent {
 		signatureKeyParser = new Sec1KeyParser(PARAMETERS,
 				SIGNATURE_KEY_PAIR_BITS);
 		messageEncrypter = new MessageEncrypter(secureRandom);
+		edKeyPairGenerator = new KeyPairGenerator();
+		edKeyPairGenerator.initialize(ED_KEY_PAIR_BITS, secureRandom);
+		edKeyParser = new EdKeyParser();
 	}
 
 	// Based on https://android-developers.googleblog.com/2013/08/some-securerandom-thoughts.html
@@ -190,6 +156,21 @@ class CryptoComponentImpl implements CryptoComponent {
 		return secret;
 	}
 
+	@Override
+	public KeyPair generateEdKeyPair() {
+		java.security.KeyPair keyPair = edKeyPairGenerator.generateKeyPair();
+		EdDSAPublicKey edPublicKey = (EdDSAPublicKey) keyPair.getPublic();
+		PublicKey publicKey = new EdPublicKey(edPublicKey.getAbyte());
+		EdDSAPrivateKey edPrivateKey = (EdDSAPrivateKey) keyPair.getPrivate();
+		PrivateKey privateKey = new EdPrivateKey(edPrivateKey.getSeed());
+		return new KeyPair(publicKey, privateKey);
+	}
+
+	@Override
+	public KeyParser getEdKeyParser() {
+		return edKeyParser;
+	}
+
 	@Override
 	public KeyPair generateAgreementKeyPair() {
 		AsymmetricCipherKeyPair keyPair =
@@ -238,197 +219,63 @@ class CryptoComponentImpl implements CryptoComponent {
 	}
 
 	@Override
-	public SecretKey deriveHeaderKey(SecretKey master,
-			boolean alice) {
-		return new SecretKey(macKdf(master, alice ? A_INVITE : B_INVITE));
+	public SecretKey deriveKey(String label, SecretKey k, byte[]... inputs) {
+		byte[] mac = mac(label, k, inputs);
+		if (mac.length != SecretKey.LENGTH) throw new IllegalStateException();
+		return new SecretKey(mac);
 	}
 
 	@Override
-	public SecretKey deriveMacKey(SecretKey master, boolean alice) {
-		return new SecretKey(macKdf(master, alice ? A_MAC : B_MAC));
-	}
-
-	@Override
-	public byte[] deriveSignatureNonce(SecretKey master,
-			boolean alice) {
-		return macKdf(master, alice ? A_SIG_NONCE : B_SIG_NONCE);
-	}
-
-	@Override
-	public byte[] deriveKeyCommitment(byte[] publicKey) {
-		byte[] hash = hash(COMMIT, publicKey);
-		// The output is the first COMMIT_LENGTH bytes of the hash
-		byte[] commitment = new byte[COMMIT_LENGTH];
-		System.arraycopy(hash, 0, commitment, 0, COMMIT_LENGTH);
-		return commitment;
-	}
-
-	@Override
-	public SecretKey deriveSharedSecret(byte[] theirPublicKey,
-			KeyPair ourKeyPair, boolean alice) throws GeneralSecurityException {
+	public SecretKey deriveSharedSecret(String label, PublicKey theirPublicKey,
+			KeyPair ourKeyPair, byte[]... inputs)
+			throws GeneralSecurityException {
 		PrivateKey ourPriv = ourKeyPair.getPrivate();
-		PublicKey theirPub = agreementKeyParser.parsePublicKey(theirPublicKey);
-		byte[] raw = performRawKeyAgreement(ourPriv, theirPub);
-		byte[] alicePub, bobPub;
-		if (alice) {
-			alicePub = ourKeyPair.getPublic().getEncoded();
-			bobPub = theirPublicKey;
-		} else {
-			alicePub = theirPublicKey;
-			bobPub = ourKeyPair.getPublic().getEncoded();
-		}
-		return new SecretKey(hash(SHARED_SECRET, raw, alicePub, bobPub));
-	}
-
-	@Override
-	public byte[] deriveConfirmationRecord(SecretKey sharedSecret,
-			byte[] theirPayload, byte[] ourPayload, byte[] theirPublicKey,
-			KeyPair ourKeyPair, boolean alice, boolean aliceRecord) {
-		SecretKey ck = new SecretKey(macKdf(sharedSecret, CONFIRMATION_KEY));
-		byte[] alicePayload, alicePub, bobPayload, bobPub;
-		if (alice) {
-			alicePayload = ourPayload;
-			alicePub = ourKeyPair.getPublic().getEncoded();
-			bobPayload = theirPayload;
-			bobPub = theirPublicKey;
-		} else {
-			alicePayload = theirPayload;
-			alicePub = theirPublicKey;
-			bobPayload = ourPayload;
-			bobPub = ourKeyPair.getPublic().getEncoded();
-		}
-		if (aliceRecord)
-			return macKdf(ck, alicePayload, alicePub, bobPayload, bobPub);
-		else
-			return macKdf(ck, bobPayload, bobPub, alicePayload, alicePub);
-	}
-
-	@Override
-	public SecretKey deriveMasterSecret(SecretKey sharedSecret) {
-		return new SecretKey(macKdf(sharedSecret, MASTER_KEY));
-	}
-
-	@Override
-	public SecretKey deriveMasterSecret(byte[] theirPublicKey,
-			KeyPair ourKeyPair, boolean alice) throws GeneralSecurityException {
-		return deriveMasterSecret(deriveSharedSecret(
-				theirPublicKey, ourKeyPair, alice));
-	}
-
-	@Override
-	public TransportKeys deriveTransportKeys(TransportId t,
-			SecretKey master, long rotationPeriod, boolean alice) {
-		// Keys for the previous period are derived from the master secret
-		SecretKey inTagPrev = deriveTagKey(master, t, !alice);
-		SecretKey inHeaderPrev = deriveHeaderKey(master, t, !alice);
-		SecretKey outTagPrev = deriveTagKey(master, t, alice);
-		SecretKey outHeaderPrev = deriveHeaderKey(master, t, alice);
-		// Derive the keys for the current and next periods
-		SecretKey inTagCurr = rotateKey(inTagPrev, rotationPeriod);
-		SecretKey inHeaderCurr = rotateKey(inHeaderPrev, rotationPeriod);
-		SecretKey inTagNext = rotateKey(inTagCurr, rotationPeriod + 1);
-		SecretKey inHeaderNext = rotateKey(inHeaderCurr, rotationPeriod + 1);
-		SecretKey outTagCurr = rotateKey(outTagPrev, rotationPeriod);
-		SecretKey outHeaderCurr = rotateKey(outHeaderPrev, rotationPeriod);
-		// Initialise the reordering windows and stream counters
-		IncomingKeys inPrev = new IncomingKeys(inTagPrev, inHeaderPrev,
-				rotationPeriod - 1);
-		IncomingKeys inCurr = new IncomingKeys(inTagCurr, inHeaderCurr,
-				rotationPeriod);
-		IncomingKeys inNext = new IncomingKeys(inTagNext, inHeaderNext,
-				rotationPeriod + 1);
-		OutgoingKeys outCurr = new OutgoingKeys(outTagCurr, outHeaderCurr,
-				rotationPeriod);
-		// Collect and return the keys
-		return new TransportKeys(t, inPrev, inCurr, inNext, outCurr);
-	}
-
-	@Override
-	public TransportKeys rotateTransportKeys(TransportKeys k,
-			long rotationPeriod) {
-		if (k.getRotationPeriod() >= rotationPeriod) return k;
-		IncomingKeys inPrev = k.getPreviousIncomingKeys();
-		IncomingKeys inCurr = k.getCurrentIncomingKeys();
-		IncomingKeys inNext = k.getNextIncomingKeys();
-		OutgoingKeys outCurr = k.getCurrentOutgoingKeys();
-		long startPeriod = outCurr.getRotationPeriod();
-		// Rotate the keys
-		for (long p = startPeriod + 1; p <= rotationPeriod; p++) {
-			inPrev = inCurr;
-			inCurr = inNext;
-			SecretKey inNextTag = rotateKey(inNext.getTagKey(), p + 1);
-			SecretKey inNextHeader = rotateKey(inNext.getHeaderKey(), p + 1);
-			inNext = new IncomingKeys(inNextTag, inNextHeader, p + 1);
-			SecretKey outCurrTag = rotateKey(outCurr.getTagKey(), p);
-			SecretKey outCurrHeader = rotateKey(outCurr.getHeaderKey(), p);
-			outCurr = new OutgoingKeys(outCurrTag, outCurrHeader, p);
-		}
-		// Collect and return the keys
-		return new TransportKeys(k.getTransportId(), inPrev, inCurr, inNext,
-				outCurr);
-	}
-
-	private SecretKey rotateKey(SecretKey k, long rotationPeriod) {
-		byte[] period = new byte[INT_64_BYTES];
-		ByteUtils.writeUint64(rotationPeriod, period, 0);
-		return new SecretKey(macKdf(k, ROTATE, period));
-	}
-
-	private SecretKey deriveTagKey(SecretKey master, TransportId t,
-			boolean alice) {
-		byte[] id = StringUtils.toUtf8(t.getString());
-		return new SecretKey(macKdf(master, alice ? A_TAG : B_TAG, id));
-	}
-
-	private SecretKey deriveHeaderKey(SecretKey master, TransportId t,
-			boolean alice) {
-		byte[] id = StringUtils.toUtf8(t.getString());
-		return new SecretKey(macKdf(master, alice ? A_HEADER : B_HEADER, id));
-	}
-
-	@Override
-	public void encodeTag(byte[] tag, SecretKey tagKey, int protocolVersion,
-			long streamNumber) {
-		if (tag.length < TAG_LENGTH) throw new IllegalArgumentException();
-		if (protocolVersion < 0 || protocolVersion > MAX_16_BIT_UNSIGNED)
-			throw new IllegalArgumentException();
-		if (streamNumber < 0 || streamNumber > MAX_32_BIT_UNSIGNED)
-			throw new IllegalArgumentException();
-		// Initialise the PRF
-		Digest prf = new Blake2sDigest(tagKey.getBytes());
-		// The output of the PRF must be long enough to use as a tag
-		int macLength = prf.getDigestSize();
-		if (macLength < TAG_LENGTH) throw new IllegalStateException();
-		// The input is the protocol version as a 16-bit integer, followed by
-		// the stream number as a 64-bit integer
-		byte[] protocolVersionBytes = new byte[INT_16_BYTES];
-		ByteUtils.writeUint16(protocolVersion, protocolVersionBytes, 0);
-		prf.update(protocolVersionBytes, 0, protocolVersionBytes.length);
-		byte[] streamNumberBytes = new byte[INT_64_BYTES];
-		ByteUtils.writeUint64(streamNumber, streamNumberBytes, 0);
-		prf.update(streamNumberBytes, 0, streamNumberBytes.length);
-		byte[] mac = new byte[macLength];
-		prf.doFinal(mac, 0);
-		// The output is the first TAG_LENGTH bytes of the MAC
-		System.arraycopy(mac, 0, tag, 0, TAG_LENGTH);
+		byte[][] hashInputs = new byte[inputs.length + 1][];
+		hashInputs[0] = performRawKeyAgreement(ourPriv, theirPublicKey);
+		System.arraycopy(inputs, 0, hashInputs, 1, inputs.length);
+		byte[] hash = hash(label, hashInputs);
+		if (hash.length != SecretKey.LENGTH) throw new IllegalStateException();
+		return new SecretKey(hash);
 	}
 
 	@Override
 	public byte[] sign(String label, byte[] toSign, byte[] privateKey)
 			throws GeneralSecurityException {
-		Signature signature = new SignatureImpl(secureRandom);
-		KeyParser keyParser = getSignatureKeyParser();
+		return sign(new SignatureImpl(secureRandom), signatureKeyParser, label,
+				toSign, privateKey);
+	}
+
+	@Override
+	public byte[] signEd(String label, byte[] toSign, byte[] privateKey)
+			throws GeneralSecurityException {
+		return sign(new EdSignature(), edKeyParser, label, toSign, privateKey);
+	}
+
+	private byte[] sign(Signature sig, KeyParser keyParser, String label,
+			byte[] toSign, byte[] privateKey) throws GeneralSecurityException {
 		PrivateKey key = keyParser.parsePrivateKey(privateKey);
-		signature.initSign(key);
-		updateSignature(signature, label, toSign);
-		return signature.sign();
+		sig.initSign(key);
+		updateSignature(sig, label, toSign);
+		return sig.sign();
 	}
 
 	@Override
 	public boolean verify(String label, byte[] signedData, byte[] publicKey,
 			byte[] signature) throws GeneralSecurityException {
-		Signature sig = new SignatureImpl(secureRandom);
-		KeyParser keyParser = getSignatureKeyParser();
+		return verify(new SignatureImpl(secureRandom), signatureKeyParser,
+				label, signedData, publicKey, signature);
+	}
+
+	@Override
+	public boolean verifyEd(String label, byte[] signedData, byte[] publicKey,
+			byte[] signature) throws GeneralSecurityException {
+		return verify(new EdSignature(), edKeyParser, label, signedData,
+				publicKey, signature);
+	}
+
+	private boolean verify(Signature sig, KeyParser keyParser, String label,
+			byte[] signedData, byte[] publicKey, byte[] signature)
+			throws GeneralSecurityException {
 		PublicKey key = keyParser.parsePublicKey(publicKey);
 		sig.initVerify(key);
 		updateSignature(sig, label, signedData);
@@ -436,7 +283,7 @@ class CryptoComponentImpl implements CryptoComponent {
 	}
 
 	private void updateSignature(Signature signature, String label,
-			byte[] toSign) {
+			byte[] toSign) throws GeneralSecurityException {
 		byte[] labelBytes = StringUtils.toUtf8(label);
 		byte[] length = new byte[INT_32_BYTES];
 		ByteUtils.writeUint32(labelBytes.length, length, 0);
@@ -466,14 +313,13 @@ class CryptoComponentImpl implements CryptoComponent {
 	}
 
 	@Override
-	public int getHashLength() {
-		return HASH_SIZE;
-	}
-
-	@Override
-	public byte[] mac(SecretKey macKey, byte[]... inputs) {
+	public byte[] mac(String label, SecretKey macKey, byte[]... inputs) {
+		byte[] labelBytes = StringUtils.toUtf8(label);
 		Digest mac = new Blake2sDigest(macKey.getBytes());
 		byte[] length = new byte[INT_32_BYTES];
+		ByteUtils.writeUint32(labelBytes.length, length, 0);
+		mac.update(length, 0, length.length);
+		mac.update(labelBytes, 0, labelBytes.length);
 		for (byte[] input : inputs) {
 			ByteUtils.writeUint32(input.length, length, 0);
 			mac.update(length, 0, length.length);
@@ -565,30 +411,6 @@ class CryptoComponentImpl implements CryptoComponent {
 		return AsciiArmour.wrap(b, lineLength);
 	}
 
-	// Key derivation function based on a pseudo-random function - see
-	// NIST SP 800-108, section 5.1
-	private byte[] macKdf(SecretKey key, byte[]... inputs) {
-		// Initialise the PRF
-		Digest prf = new Blake2sDigest(key.getBytes());
-		// The output of the PRF must be long enough to use as a key
-		int macLength = prf.getDigestSize();
-		if (macLength < SecretKey.LENGTH) throw new IllegalStateException();
-		// Calculate the PRF over the concatenated length-prefixed inputs
-		byte[] length = new byte[INT_32_BYTES];
-		for (byte[] input : inputs) {
-			ByteUtils.writeUint32(input.length, length, 0);
-			prf.update(length, 0, length.length);
-			prf.update(input, 0, input.length);
-		}
-		byte[] mac = new byte[macLength];
-		prf.doFinal(mac, 0);
-		// The output is the first SecretKey.LENGTH bytes of the MAC
-		if (mac.length == SecretKey.LENGTH) return mac;
-		byte[] truncated = new byte[SecretKey.LENGTH];
-		System.arraycopy(mac, 0, truncated, 0, truncated.length);
-		return truncated;
-	}
-
 	// Password-based key derivation function - see PKCS#5 v2.1, section 5.2
 	private byte[] pbkdf2(String password, byte[] salt, int iterations) {
 		byte[] utf8 = StringUtils.toUtf8(password);

bramble-core/src/main/java/org/briarproject/bramble/crypto/CryptoModule.java

@@ -3,9 +3,11 @@ package org.briarproject.bramble.crypto;
 import org.briarproject.bramble.TimeLoggingExecutor;
 import org.briarproject.bramble.api.crypto.CryptoComponent;
 import org.briarproject.bramble.api.crypto.CryptoExecutor;
+import org.briarproject.bramble.api.crypto.KeyAgreementCrypto;
 import org.briarproject.bramble.api.crypto.PasswordStrengthEstimator;
 import org.briarproject.bramble.api.crypto.StreamDecrypterFactory;
 import org.briarproject.bramble.api.crypto.StreamEncrypterFactory;
+import org.briarproject.bramble.api.crypto.TransportCrypto;
 import org.briarproject.bramble.api.lifecycle.LifecycleManager;
 import org.briarproject.bramble.api.system.SecureRandomProvider;
 
@@ -74,6 +76,12 @@ public class CryptoModule {
 		return new PasswordStrengthEstimatorImpl();
 	}
 
+	@Provides
+	TransportCrypto provideTransportCrypto(
+			TransportCryptoImpl transportCrypto) {
+		return transportCrypto;
+	}
+
 	@Provides
 	StreamDecrypterFactory provideStreamDecrypterFactory(
 			Provider<AuthenticatedCipher> cipherProvider) {
@@ -81,9 +89,17 @@ public class CryptoModule {
 	}
 
 	@Provides
-	StreamEncrypterFactory provideStreamEncrypterFactory(CryptoComponent crypto,
+	StreamEncrypterFactory provideStreamEncrypterFactory(
+			CryptoComponent crypto, TransportCrypto transportCrypto,
 			Provider<AuthenticatedCipher> cipherProvider) {
-		return new StreamEncrypterFactoryImpl(crypto, cipherProvider);
+		return new StreamEncrypterFactoryImpl(crypto, transportCrypto,
+				cipherProvider);
+	}
+
+	@Provides
+	KeyAgreementCrypto provideKeyAgreementCrypto(
+			KeyAgreementCryptoImpl keyAgreementCrypto) {
+		return keyAgreementCrypto;
 	}
 
 	@Provides

bramble-core/src/main/java/org/briarproject/bramble/crypto/EdKeyParser.java

@@ -0,0 +1,26 @@
+package org.briarproject.bramble.crypto;
+
+import org.briarproject.bramble.api.crypto.KeyParser;
+import org.briarproject.bramble.api.crypto.PrivateKey;
+import org.briarproject.bramble.api.crypto.PublicKey;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+import java.security.GeneralSecurityException;
+
+@NotNullByDefault
+class EdKeyParser implements KeyParser {
+
+	@Override
+	public PublicKey parsePublicKey(byte[] encodedKey)
+			throws GeneralSecurityException {
+		if (encodedKey.length != 32) throw new GeneralSecurityException();
+		return new EdPublicKey(encodedKey);
+	}
+
+	@Override
+	public PrivateKey parsePrivateKey(byte[] encodedKey)
+			throws GeneralSecurityException {
+		if (encodedKey.length != 32) throw new GeneralSecurityException();
+		return new EdPrivateKey(encodedKey);
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/crypto/EdPrivateKey.java

@@ -0,0 +1,18 @@
+package org.briarproject.bramble.crypto;
+
+import org.briarproject.bramble.api.Bytes;
+import org.briarproject.bramble.api.crypto.PrivateKey;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+@NotNullByDefault
+class EdPrivateKey extends Bytes implements PrivateKey {
+
+	EdPrivateKey(byte[] bytes) {
+		super(bytes);
+	}
+
+	@Override
+	public byte[] getEncoded() {
+		return getBytes();
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/crypto/EdPublicKey.java

@@ -0,0 +1,18 @@
+package org.briarproject.bramble.crypto;
+
+import org.briarproject.bramble.api.Bytes;
+import org.briarproject.bramble.api.crypto.PublicKey;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+@NotNullByDefault
+class EdPublicKey extends Bytes implements PublicKey {
+
+	EdPublicKey(byte[] bytes) {
+		super(bytes);
+	}
+
+	@Override
+	public byte[] getEncoded() {
+		return getBytes();
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/crypto/EdSignature.java

@@ -0,0 +1,83 @@
+package org.briarproject.bramble.crypto;
+
+import net.i2p.crypto.eddsa.EdDSAPrivateKey;
+import net.i2p.crypto.eddsa.EdDSAPublicKey;
+import net.i2p.crypto.eddsa.EdDSASecurityProvider;
+import net.i2p.crypto.eddsa.spec.EdDSANamedCurveSpec;
+import net.i2p.crypto.eddsa.spec.EdDSANamedCurveTable;
+import net.i2p.crypto.eddsa.spec.EdDSAPrivateKeySpec;
+import net.i2p.crypto.eddsa.spec.EdDSAPublicKeySpec;
+
+import org.briarproject.bramble.api.crypto.PrivateKey;
+import org.briarproject.bramble.api.crypto.PublicKey;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+import java.security.GeneralSecurityException;
+import java.security.NoSuchAlgorithmException;
+import java.security.Provider;
+
+import static net.i2p.crypto.eddsa.EdDSAEngine.SIGNATURE_ALGORITHM;
+
+@NotNullByDefault
+class EdSignature implements Signature {
+
+	private static final Provider PROVIDER = new EdDSASecurityProvider();
+
+	private static final EdDSANamedCurveSpec CURVE_SPEC =
+			EdDSANamedCurveTable.getByName("Ed25519");
+
+	private final java.security.Signature signature;
+
+	EdSignature() {
+		try {
+			signature = java.security.Signature
+					.getInstance(SIGNATURE_ALGORITHM, PROVIDER);
+		} catch (NoSuchAlgorithmException e) {
+			throw new AssertionError(e);
+		}
+	}
+
+	@Override
+	public void initSign(PrivateKey k) throws GeneralSecurityException {
+		if (!(k instanceof EdPrivateKey))
+			throw new IllegalArgumentException();
+		EdDSAPrivateKey privateKey = new EdDSAPrivateKey(
+				new EdDSAPrivateKeySpec(k.getEncoded(), CURVE_SPEC));
+		signature.initSign(privateKey);
+	}
+
+	@Override
+	public void initVerify(PublicKey k) throws GeneralSecurityException {
+		if (!(k instanceof EdPublicKey))
+			throw new IllegalArgumentException();
+		EdDSAPublicKey publicKey = new EdDSAPublicKey(
+				new EdDSAPublicKeySpec(k.getEncoded(), CURVE_SPEC));
+		signature.initVerify(publicKey);
+	}
+
+	@Override
+	public void update(byte b) throws GeneralSecurityException {
+		signature.update(b);
+	}
+
+	@Override
+	public void update(byte[] b) throws GeneralSecurityException {
+		signature.update(b);
+	}
+
+	@Override
+	public void update(byte[] b, int off, int len)
+			throws GeneralSecurityException {
+		signature.update(b, off, len);
+	}
+
+	@Override
+	public byte[] sign() throws GeneralSecurityException {
+		return signature.sign();
+	}
+
+	@Override
+	public boolean verify(byte[] sig) throws GeneralSecurityException {
+		return signature.verify(sig);
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/crypto/KeyAgreementCryptoImpl.java

@@ -0,0 +1,56 @@
+package org.briarproject.bramble.crypto;
+
+import org.briarproject.bramble.api.crypto.CryptoComponent;
+import org.briarproject.bramble.api.crypto.KeyAgreementCrypto;
+import org.briarproject.bramble.api.crypto.KeyPair;
+import org.briarproject.bramble.api.crypto.PublicKey;
+import org.briarproject.bramble.api.crypto.SecretKey;
+
+import javax.inject.Inject;
+
+import static org.briarproject.bramble.api.keyagreement.KeyAgreementConstants.COMMIT_LENGTH;
+
+class KeyAgreementCryptoImpl implements KeyAgreementCrypto {
+
+	private final CryptoComponent crypto;
+
+	@Inject
+	KeyAgreementCryptoImpl(CryptoComponent crypto) {
+		this.crypto = crypto;
+	}
+
+	@Override
+	public byte[] deriveKeyCommitment(PublicKey publicKey) {
+		byte[] hash = crypto.hash(COMMIT_LABEL, publicKey.getEncoded());
+		// The output is the first COMMIT_LENGTH bytes of the hash
+		byte[] commitment = new byte[COMMIT_LENGTH];
+		System.arraycopy(hash, 0, commitment, 0, COMMIT_LENGTH);
+		return commitment;
+	}
+
+	@Override
+	public byte[] deriveConfirmationRecord(SecretKey sharedSecret,
+			byte[] theirPayload, byte[] ourPayload, PublicKey theirPublicKey,
+			KeyPair ourKeyPair, boolean alice, boolean aliceRecord) {
+		SecretKey ck = crypto.deriveKey(CONFIRMATION_KEY_LABEL, sharedSecret);
+		byte[] alicePayload, alicePub, bobPayload, bobPub;
+		if (alice) {
+			alicePayload = ourPayload;
+			alicePub = ourKeyPair.getPublic().getEncoded();
+			bobPayload = theirPayload;
+			bobPub = theirPublicKey.getEncoded();
+		} else {
+			alicePayload = theirPayload;
+			alicePub = theirPublicKey.getEncoded();
+			bobPayload = ourPayload;
+			bobPub = ourKeyPair.getPublic().getEncoded();
+		}
+		if (aliceRecord) {
+			return crypto.mac(CONFIRMATION_MAC_LABEL, ck, alicePayload,
+					alicePub, bobPayload, bobPub);
+		} else {
+			return crypto.mac(CONFIRMATION_MAC_LABEL, ck, bobPayload, bobPub,
+					alicePayload, alicePub);
+		}
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/crypto/Signature.java

@@ -22,25 +22,25 @@ interface Signature {
 	/**
 	 * @see {@link java.security.Signature#update(byte)}
 	 */
-	void update(byte b);
+	void update(byte b) throws GeneralSecurityException;
 
 	/**
 	 * @see {@link java.security.Signature#update(byte[])}
 	 */
-	void update(byte[] b);
+	void update(byte[] b) throws GeneralSecurityException;
 
 	/**
 	 * @see {@link java.security.Signature#update(byte[], int, int)}
 	 */
-	void update(byte[] b, int off, int len);
+	void update(byte[] b, int off, int len) throws GeneralSecurityException;
 
 	/**
 	 * @see {@link java.security.Signature#sign()}
 	 */
-	byte[] sign();
+	byte[] sign() throws GeneralSecurityException;
 
 	/**
 	 * @see {@link java.security.Signature#verify(byte[])}
 	 */
-	boolean verify(byte[] signature);
+	boolean verify(byte[] signature) throws GeneralSecurityException;
 }

bramble-core/src/main/java/org/briarproject/bramble/crypto/StreamEncrypterFactoryImpl.java

@@ -4,6 +4,7 @@ import org.briarproject.bramble.api.crypto.CryptoComponent;
 import org.briarproject.bramble.api.crypto.SecretKey;
 import org.briarproject.bramble.api.crypto.StreamEncrypter;
 import org.briarproject.bramble.api.crypto.StreamEncrypterFactory;
+import org.briarproject.bramble.api.crypto.TransportCrypto;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.transport.StreamContext;
 
@@ -22,12 +23,15 @@ import static org.briarproject.bramble.api.transport.TransportConstants.TAG_LENG
 class StreamEncrypterFactoryImpl implements StreamEncrypterFactory {
 
 	private final CryptoComponent crypto;
+	private final TransportCrypto transportCrypto;
 	private final Provider<AuthenticatedCipher> cipherProvider;
 
 	@Inject
 	StreamEncrypterFactoryImpl(CryptoComponent crypto,
+			TransportCrypto transportCrypto,
 			Provider<AuthenticatedCipher> cipherProvider) {
 		this.crypto = crypto;
+		this.transportCrypto = transportCrypto;
 		this.cipherProvider = cipherProvider;
 	}
 
@@ -37,7 +41,8 @@ class StreamEncrypterFactoryImpl implements StreamEncrypterFactory {
 		AuthenticatedCipher cipher = cipherProvider.get();
 		long streamNumber = ctx.getStreamNumber();
 		byte[] tag = new byte[TAG_LENGTH];
-		crypto.encodeTag(tag, ctx.getTagKey(), PROTOCOL_VERSION, streamNumber);
+		transportCrypto.encodeTag(tag, ctx.getTagKey(), PROTOCOL_VERSION,
+				streamNumber);
 		byte[] streamHeaderNonce = new byte[STREAM_HEADER_NONCE_LENGTH];
 		crypto.getSecureRandom().nextBytes(streamHeaderNonce);
 		SecretKey frameKey = crypto.generateSecretKey();

bramble-core/src/main/java/org/briarproject/bramble/crypto/TransportCryptoImpl.java

@@ -0,0 +1,135 @@
+package org.briarproject.bramble.crypto;
+
+import org.briarproject.bramble.api.crypto.CryptoComponent;
+import org.briarproject.bramble.api.crypto.SecretKey;
+import org.briarproject.bramble.api.crypto.TransportCrypto;
+import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.transport.IncomingKeys;
+import org.briarproject.bramble.api.transport.OutgoingKeys;
+import org.briarproject.bramble.api.transport.TransportKeys;
+import org.briarproject.bramble.util.ByteUtils;
+import org.briarproject.bramble.util.StringUtils;
+import org.spongycastle.crypto.Digest;
+
+import javax.inject.Inject;
+
+import static org.briarproject.bramble.api.transport.TransportConstants.ALICE_HEADER_LABEL;
+import static org.briarproject.bramble.api.transport.TransportConstants.ALICE_TAG_LABEL;
+import static org.briarproject.bramble.api.transport.TransportConstants.BOB_HEADER_LABEL;
+import static org.briarproject.bramble.api.transport.TransportConstants.BOB_TAG_LABEL;
+import static org.briarproject.bramble.api.transport.TransportConstants.ROTATE_LABEL;
+import static org.briarproject.bramble.api.transport.TransportConstants.TAG_LENGTH;
+import static org.briarproject.bramble.util.ByteUtils.INT_16_BYTES;
+import static org.briarproject.bramble.util.ByteUtils.INT_64_BYTES;
+import static org.briarproject.bramble.util.ByteUtils.MAX_16_BIT_UNSIGNED;
+import static org.briarproject.bramble.util.ByteUtils.MAX_32_BIT_UNSIGNED;
+
+class TransportCryptoImpl implements TransportCrypto {
+
+	private final CryptoComponent crypto;
+
+	@Inject
+	TransportCryptoImpl(CryptoComponent crypto) {
+		this.crypto = crypto;
+	}
+
+	@Override
+	public TransportKeys deriveTransportKeys(TransportId t,
+			SecretKey master, long rotationPeriod, boolean alice) {
+		// Keys for the previous period are derived from the master secret
+		SecretKey inTagPrev = deriveTagKey(master, t, !alice);
+		SecretKey inHeaderPrev = deriveHeaderKey(master, t, !alice);
+		SecretKey outTagPrev = deriveTagKey(master, t, alice);
+		SecretKey outHeaderPrev = deriveHeaderKey(master, t, alice);
+		// Derive the keys for the current and next periods
+		SecretKey inTagCurr = rotateKey(inTagPrev, rotationPeriod);
+		SecretKey inHeaderCurr = rotateKey(inHeaderPrev, rotationPeriod);
+		SecretKey inTagNext = rotateKey(inTagCurr, rotationPeriod + 1);
+		SecretKey inHeaderNext = rotateKey(inHeaderCurr, rotationPeriod + 1);
+		SecretKey outTagCurr = rotateKey(outTagPrev, rotationPeriod);
+		SecretKey outHeaderCurr = rotateKey(outHeaderPrev, rotationPeriod);
+		// Initialise the reordering windows and stream counters
+		IncomingKeys inPrev = new IncomingKeys(inTagPrev, inHeaderPrev,
+				rotationPeriod - 1);
+		IncomingKeys inCurr = new IncomingKeys(inTagCurr, inHeaderCurr,
+				rotationPeriod);
+		IncomingKeys inNext = new IncomingKeys(inTagNext, inHeaderNext,
+				rotationPeriod + 1);
+		OutgoingKeys outCurr = new OutgoingKeys(outTagCurr, outHeaderCurr,
+				rotationPeriod);
+		// Collect and return the keys
+		return new TransportKeys(t, inPrev, inCurr, inNext, outCurr);
+	}
+
+	@Override
+	public TransportKeys rotateTransportKeys(TransportKeys k,
+			long rotationPeriod) {
+		if (k.getRotationPeriod() >= rotationPeriod) return k;
+		IncomingKeys inPrev = k.getPreviousIncomingKeys();
+		IncomingKeys inCurr = k.getCurrentIncomingKeys();
+		IncomingKeys inNext = k.getNextIncomingKeys();
+		OutgoingKeys outCurr = k.getCurrentOutgoingKeys();
+		long startPeriod = outCurr.getRotationPeriod();
+		// Rotate the keys
+		for (long p = startPeriod + 1; p <= rotationPeriod; p++) {
+			inPrev = inCurr;
+			inCurr = inNext;
+			SecretKey inNextTag = rotateKey(inNext.getTagKey(), p + 1);
+			SecretKey inNextHeader = rotateKey(inNext.getHeaderKey(), p + 1);
+			inNext = new IncomingKeys(inNextTag, inNextHeader, p + 1);
+			SecretKey outCurrTag = rotateKey(outCurr.getTagKey(), p);
+			SecretKey outCurrHeader = rotateKey(outCurr.getHeaderKey(), p);
+			outCurr = new OutgoingKeys(outCurrTag, outCurrHeader, p);
+		}
+		// Collect and return the keys
+		return new TransportKeys(k.getTransportId(), inPrev, inCurr, inNext,
+				outCurr);
+	}
+
+	private SecretKey rotateKey(SecretKey k, long rotationPeriod) {
+		byte[] period = new byte[INT_64_BYTES];
+		ByteUtils.writeUint64(rotationPeriod, period, 0);
+		return crypto.deriveKey(ROTATE_LABEL, k, period);
+	}
+
+	private SecretKey deriveTagKey(SecretKey master, TransportId t,
+			boolean alice) {
+		String label = alice ? ALICE_TAG_LABEL : BOB_TAG_LABEL;
+		byte[] id = StringUtils.toUtf8(t.getString());
+		return crypto.deriveKey(label, master, id);
+	}
+
+	private SecretKey deriveHeaderKey(SecretKey master, TransportId t,
+			boolean alice) {
+		String label = alice ? ALICE_HEADER_LABEL : BOB_HEADER_LABEL;
+		byte[] id = StringUtils.toUtf8(t.getString());
+		return crypto.deriveKey(label, master, id);
+	}
+
+	@Override
+	public void encodeTag(byte[] tag, SecretKey tagKey, int protocolVersion,
+			long streamNumber) {
+		if (tag.length < TAG_LENGTH) throw new IllegalArgumentException();
+		if (protocolVersion < 0 || protocolVersion > MAX_16_BIT_UNSIGNED)
+			throw new IllegalArgumentException();
+		if (streamNumber < 0 || streamNumber > MAX_32_BIT_UNSIGNED)
+			throw new IllegalArgumentException();
+		// Initialise the PRF
+		Digest prf = new Blake2sDigest(tagKey.getBytes());
+		// The output of the PRF must be long enough to use as a tag
+		int macLength = prf.getDigestSize();
+		if (macLength < TAG_LENGTH) throw new IllegalStateException();
+		// The input is the protocol version as a 16-bit integer, followed by
+		// the stream number as a 64-bit integer
+		byte[] protocolVersionBytes = new byte[INT_16_BYTES];
+		ByteUtils.writeUint16(protocolVersion, protocolVersionBytes, 0);
+		prf.update(protocolVersionBytes, 0, protocolVersionBytes.length);
+		byte[] streamNumberBytes = new byte[INT_64_BYTES];
+		ByteUtils.writeUint64(streamNumber, streamNumberBytes, 0);
+		prf.update(streamNumberBytes, 0, streamNumberBytes.length);
+		byte[] mac = new byte[macLength];
+		prf.doFinal(mac, 0);
+		// The output is the first TAG_LENGTH bytes of the MAC
+		System.arraycopy(mac, 0, tag, 0, TAG_LENGTH);
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/db/Database.java

@@ -2,11 +2,8 @@ package org.briarproject.bramble.db;
 
 import org.briarproject.bramble.api.contact.Contact;
 import org.briarproject.bramble.api.contact.ContactId;
-import org.briarproject.bramble.api.db.DataTooNewException;
-import org.briarproject.bramble.api.db.DataTooOldException;
 import org.briarproject.bramble.api.db.DbException;
 import org.briarproject.bramble.api.db.Metadata;
-import org.briarproject.bramble.api.db.MigrationListener;
 import org.briarproject.bramble.api.identity.Author;
 import org.briarproject.bramble.api.identity.AuthorId;
 import org.briarproject.bramble.api.identity.LocalAuthor;
@@ -40,13 +37,8 @@ interface Database<T> {
 
 	/**
 	 * Opens the database and returns true if the database already existed.
-	 *
-	 * @throws DataTooNewException if the data uses a newer schema than the
-	 * current code
-	 * @throws DataTooOldException if the data uses an older schema than the
-	 * current code and cannot be migrated
 	 */
-	boolean open(@Nullable MigrationListener listener) throws DbException;
+	boolean open() throws DbException;
 
 	/**
 	 * Prevents new transactions from starting, waits for all current
@@ -97,12 +89,9 @@ interface Database<T> {
 
 	/**
 	 * Stores a message.
-	 *
-	 * @param sender the contact from whom the message was received, or null
-	 * if the message was created locally.
 	 */
-	void addMessage(T txn, Message m, State state, boolean shared,
-			@Nullable ContactId sender) throws DbException;
+	void addMessage(T txn, Message m, State state, boolean shared)
+			throws DbException;
 
 	/**
 	 * Adds a dependency between two messages in the given group.
@@ -115,6 +104,16 @@ interface Database<T> {
 	 */
 	void addOfferedMessage(T txn, ContactId c, MessageId m) throws DbException;
 
+	/**
+	 * Initialises the status of the given message with respect to the given
+	 * contact.
+	 *
+	 * @param ack whether the message needs to be acknowledged.
+	 * @param seen whether the contact has seen the message.
+	 */
+	void addStatus(T txn, ContactId c, MessageId m, boolean ack, boolean seen)
+			throws DbException;
+
 	/**
 	 * Stores a transport.
 	 */
@@ -273,7 +272,7 @@ interface Database<T> {
 	 * <p/>
 	 * Read-only.
 	 */
-	Map<ContactId, Boolean> getGroupVisibility(T txn, GroupId g)
+	Collection<ContactId> getGroupVisibility(T txn, GroupId g)
 			throws DbException;
 
 	/**
@@ -424,37 +423,31 @@ interface Database<T> {
 			throws DbException;
 
 	/**
-	 * Returns the IDs of any messages that need to be validated.
+	 * Returns the IDs of any messages that need to be validated by the given
+	 * client.
 	 * <p/>
 	 * Read-only.
 	 */
-	Collection<MessageId> getMessagesToValidate(T txn) throws DbException;
+	Collection<MessageId> getMessagesToValidate(T txn, ClientId c)
+			throws DbException;
 
 	/**
-	 * Returns the IDs of any messages that are pending delivery due to
-	 * dependencies on other messages.
+	 * Returns the IDs of any messages that are still pending due to
+	 * dependencies to other messages for the given client.
 	 * <p/>
 	 * Read-only.
 	 */
-	Collection<MessageId> getPendingMessages(T txn) throws DbException;
+	Collection<MessageId> getPendingMessages(T txn, ClientId c)
+			throws DbException;
 
 	/**
-	 * Returns the IDs of any messages that have a shared dependent but have
-	 * not yet been shared themselves.
+	 * Returns the IDs of any messages from the given client
+	 * that have a shared dependent, but are still not shared themselves.
 	 * <p/>
 	 * Read-only.
 	 */
-	Collection<MessageId> getMessagesToShare(T txn) throws DbException;
-
-	/**
-	 * Returns the next time (in milliseconds since the Unix epoch) when a
-	 * message is due to be sent to the given contact. The returned value may
-	 * be zero if a message is due to be sent immediately, or Long.MAX_VALUE
-	 * if no messages are scheduled to be sent.
-	 * <p/>
-	 * Read-only.
-	 */
-	long getNextSendTime(T txn, ContactId c) throws DbException;
+	Collection<MessageId> getMessagesToShare(T txn, ClientId c)
+			throws DbException;
 
 	/**
 	 * Returns the message with the given ID, in serialised form, or null if
@@ -573,6 +566,13 @@ interface Database<T> {
 	 */
 	void removeMessage(T txn, MessageId m) throws DbException;
 
+	/**
+	 * Removes an offered message that was offered by the given contact, or
+	 * returns false if there is no such message.
+	 */
+	boolean removeOfferedMessage(T txn, ContactId c, MessageId m)
+			throws DbException;
+
 	/**
 	 * Removes the given offered messages that were offered by the given
 	 * contact.
@@ -580,6 +580,12 @@ interface Database<T> {
 	void removeOfferedMessages(T txn, ContactId c,
 			Collection<MessageId> requested) throws DbException;
 
+	/**
+	 * Removes the status of the given message with respect to the given
+	 * contact.
+	 */
+	void removeStatus(T txn, ContactId c, MessageId m) throws DbException;
+
 	/**
 	 * Removes a transport (and all associated state) from the database.
 	 */

bramble-core/src/main/java/org/briarproject/bramble/db/DatabaseComponentImpl.java

@@ -10,7 +10,6 @@ import org.briarproject.bramble.api.db.ContactExistsException;
 import org.briarproject.bramble.api.db.DatabaseComponent;
 import org.briarproject.bramble.api.db.DbException;
 import org.briarproject.bramble.api.db.Metadata;
-import org.briarproject.bramble.api.db.MigrationListener;
 import org.briarproject.bramble.api.db.NoSuchContactException;
 import org.briarproject.bramble.api.db.NoSuchGroupException;
 import org.briarproject.bramble.api.db.NoSuchLocalAuthorException;
@@ -101,9 +100,8 @@ class DatabaseComponentImpl<T> implements DatabaseComponent {
 	}
 
 	@Override
-	public boolean open(@Nullable MigrationListener listener)
-			throws DbException {
-		boolean reopened = db.open(listener);
+	public boolean open() throws DbException {
+		boolean reopened = db.open();
 		shutdown.addShutdownHook(() -> {
 			try {
 				close();
@@ -215,7 +213,7 @@ class DatabaseComponentImpl<T> implements DatabaseComponent {
 		if (!db.containsGroup(txn, m.getGroupId()))
 			throw new NoSuchGroupException();
 		if (!db.containsMessage(txn, m.getId())) {
-			db.addMessage(txn, m, DELIVERED, shared, null);
+			addMessage(txn, m, DELIVERED, shared, null);
 			transaction.attach(new MessageAddedEvent(m, null));
 			transaction.attach(new MessageStateChangedEvent(m.getId(), true,
 					DELIVERED));
@@ -224,6 +222,16 @@ class DatabaseComponentImpl<T> implements DatabaseComponent {
 		db.mergeMessageMetadata(txn, m.getId(), meta);
 	}
 
+	private void addMessage(T txn, Message m, State state, boolean shared,
+			@Nullable ContactId sender) throws DbException {
+		db.addMessage(txn, m, state, shared);
+		for (ContactId c : db.getGroupVisibility(txn, m.getGroupId())) {
+			boolean offered = db.removeOfferedMessage(txn, c, m.getId());
+			boolean seen = offered || (sender != null && c.equals(sender));
+			db.addStatus(txn, c, m.getId(), seen, seen);
+		}
+	}
+
 	@Override
 	public void addTransport(Transaction transaction, TransportId t,
 			int maxLatency) throws DbException {
@@ -455,24 +463,24 @@ class DatabaseComponentImpl<T> implements DatabaseComponent {
 	}
 
 	@Override
-	public Collection<MessageId> getMessagesToValidate(Transaction transaction)
-			throws DbException {
+	public Collection<MessageId> getMessagesToValidate(Transaction transaction,
+			ClientId c) throws DbException {
 		T txn = unbox(transaction);
-		return db.getMessagesToValidate(txn);
+		return db.getMessagesToValidate(txn, c);
 	}
 
 	@Override
-	public Collection<MessageId> getPendingMessages(Transaction transaction)
-			throws DbException {
+	public Collection<MessageId> getPendingMessages(Transaction transaction,
+			ClientId c) throws DbException {
 		T txn = unbox(transaction);
-		return db.getPendingMessages(txn);
+		return db.getPendingMessages(txn, c);
 	}
 
 	@Override
-	public Collection<MessageId> getMessagesToShare(Transaction transaction)
-			throws DbException {
+	public Collection<MessageId> getMessagesToShare(
+			Transaction transaction, ClientId c) throws DbException {
 		T txn = unbox(transaction);
-		return db.getMessagesToShare(txn);
+		return db.getMessagesToShare(txn, c);
 	}
 
 	@Nullable
@@ -571,13 +579,6 @@ class DatabaseComponentImpl<T> implements DatabaseComponent {
 		return db.getMessageDependents(txn, m);
 	}
 
-	@Override
-	public long getNextSendTime(Transaction transaction, ContactId c)
-			throws DbException {
-		T txn = unbox(transaction);
-		return db.getNextSendTime(txn, c);
-	}
-
 	@Override
 	public Settings getSettings(Transaction transaction, String namespace)
 			throws DbException {
@@ -672,7 +673,7 @@ class DatabaseComponentImpl<T> implements DatabaseComponent {
 				db.raiseSeenFlag(txn, c, m.getId());
 				db.raiseAckFlag(txn, c, m.getId());
 			} else {
-				db.addMessage(txn, m, UNKNOWN, false, c);
+				addMessage(txn, m, UNKNOWN, false, c);
 				transaction.attach(new MessageAddedEvent(m, c));
 			}
 			transaction.attach(new MessageToAckEvent(c));
@@ -740,8 +741,7 @@ class DatabaseComponentImpl<T> implements DatabaseComponent {
 		GroupId id = g.getId();
 		if (!db.containsGroup(txn, id))
 			throw new NoSuchGroupException();
-		Collection<ContactId> affected =
-				db.getGroupVisibility(txn, id).keySet();
+		Collection<ContactId> affected = db.getGroupVisibility(txn, id);
 		db.removeGroup(txn, id);
 		transaction.attach(new GroupRemovedEvent(g));
 		transaction.attach(new GroupVisibilityUpdatedEvent(affected));
@@ -811,9 +811,19 @@ class DatabaseComponentImpl<T> implements DatabaseComponent {
 			throw new NoSuchGroupException();
 		Visibility old = db.getGroupVisibility(txn, c, g);
 		if (old == v) return;
-		if (old == INVISIBLE) db.addGroupVisibility(txn, c, g, v == SHARED);
-		else if (v == INVISIBLE) db.removeGroupVisibility(txn, c, g);
-		else db.setGroupVisibility(txn, c, g, v == SHARED);
+		if (old == INVISIBLE) {
+			db.addGroupVisibility(txn, c, g, v == SHARED);
+			for (MessageId m : db.getMessageIds(txn, g)) {
+				boolean seen = db.removeOfferedMessage(txn, c, m);
+				db.addStatus(txn, c, m, seen, seen);
+			}
+		} else if (v == INVISIBLE) {
+			db.removeGroupVisibility(txn, c, g);
+			for (MessageId m : db.getMessageIds(txn, g))
+				db.removeStatus(txn, c, m);
+		} else {
+			db.setGroupVisibility(txn, c, g, v == SHARED);
+		}
 		List<ContactId> affected = Collections.singletonList(c);
 		transaction.attach(new GroupVisibilityUpdatedEvent(affected));
 	}

bramble-core/src/main/java/org/briarproject/bramble/db/DatabaseConstants.java

@@ -23,4 +23,10 @@ interface DatabaseConstants {
 	 */
 	String SCHEMA_VERSION_KEY = "schemaVersion";
 
+	/**
+	 * The {@link Settings} key under which the minimum supported database
+	 * schema version is stored.
+	 */
+	String MIN_SCHEMA_VERSION_KEY = "minSchemaVersion";
+
 }

bramble-core/src/main/java/org/briarproject/bramble/db/H2Database.java

@@ -3,7 +3,6 @@ package org.briarproject.bramble.db;
 import org.briarproject.bramble.api.crypto.SecretKey;
 import org.briarproject.bramble.api.db.DatabaseConfig;
 import org.briarproject.bramble.api.db.DbException;
-import org.briarproject.bramble.api.db.MigrationListener;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.system.Clock;
 import org.briarproject.bramble.util.StringUtils;
@@ -14,7 +13,6 @@ import java.sql.DriverManager;
 import java.sql.SQLException;
 import java.util.Properties;
 
-import javax.annotation.Nullable;
 import javax.inject.Inject;
 
 /**
@@ -24,29 +22,30 @@ import javax.inject.Inject;
 class H2Database extends JdbcDatabase {
 
 	private static final String HASH_TYPE = "BINARY(32)";
+	private static final String SECRET_TYPE = "BINARY(32)";
 	private static final String BINARY_TYPE = "BINARY";
 	private static final String COUNTER_TYPE = "INT NOT NULL AUTO_INCREMENT";
-	private static final String SECRET_TYPE = "BINARY(32)";
+	private static final String STRING_TYPE = "VARCHAR";
 
 	private final DatabaseConfig config;
 	private final String url;
 
 	@Inject
 	H2Database(DatabaseConfig config, Clock clock) {
-		super(HASH_TYPE, BINARY_TYPE, COUNTER_TYPE, SECRET_TYPE, clock);
+		super(HASH_TYPE, SECRET_TYPE, BINARY_TYPE, COUNTER_TYPE, STRING_TYPE,
+				clock);
 		this.config = config;
 		File dir = config.getDatabaseDirectory();
 		String path = new File(dir, "db").getAbsolutePath();
 		url = "jdbc:h2:split:" + path + ";CIPHER=AES;MULTI_THREADED=1"
-				+ ";WRITE_DELAY=0;DB_CLOSE_ON_EXIT=false";
+				+ ";WRITE_DELAY=0";
 	}
 
 	@Override
-	public boolean open(@Nullable MigrationListener listener)
-			throws DbException {
+	public boolean open() throws DbException {
 		boolean reopen = config.databaseExists();
 		if (!reopen) config.getDatabaseDirectory().mkdirs();
-		super.open("org.h2.Driver", reopen, listener);
+		super.open("org.h2.Driver", reopen);
 		return reopen;
 	}
 

bramble-core/src/main/java/org/briarproject/bramble/db/HyperSqlDatabase.java

@@ -0,0 +1,99 @@
+package org.briarproject.bramble.db;
+
+import org.briarproject.bramble.api.crypto.SecretKey;
+import org.briarproject.bramble.api.db.DatabaseConfig;
+import org.briarproject.bramble.api.db.DbException;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.system.Clock;
+import org.briarproject.bramble.util.StringUtils;
+
+import java.io.File;
+import java.sql.Connection;
+import java.sql.DriverManager;
+import java.sql.SQLException;
+import java.sql.Statement;
+
+import javax.inject.Inject;
+
+/**
+ * Contains all the HSQLDB-specific code for the database.
+ */
+@NotNullByDefault
+class HyperSqlDatabase extends JdbcDatabase {
+
+	private static final String HASH_TYPE = "BINARY(32)";
+	private static final String SECRET_TYPE = "BINARY(32)";
+	private static final String BINARY_TYPE = "BINARY";
+	private static final String COUNTER_TYPE =
+			"INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY(START WITH 1)";
+	private static final String STRING_TYPE = "VARCHAR";
+
+	private final DatabaseConfig config;
+	private final String url;
+
+	@Inject
+	HyperSqlDatabase(DatabaseConfig config, Clock clock) {
+		super(HASH_TYPE, SECRET_TYPE, BINARY_TYPE, COUNTER_TYPE, STRING_TYPE,
+				clock);
+		this.config = config;
+		File dir = config.getDatabaseDirectory();
+		String path = new File(dir, "db").getAbsolutePath();
+		url = "jdbc:hsqldb:file:" + path
+				+ ";sql.enforce_size=false;allow_empty_batch=true"
+				+ ";encrypt_lobs=true;crypt_type=AES";
+	}
+
+	@Override
+	public boolean open() throws DbException {
+		boolean reopen = config.databaseExists();
+		if (!reopen) config.getDatabaseDirectory().mkdirs();
+		super.open("org.hsqldb.jdbc.JDBCDriver", reopen);
+		return reopen;
+	}
+
+	@Override
+	public void close() throws DbException {
+		try {
+			super.closeAllConnections();
+			Connection c = createConnection();
+			Statement s = c.createStatement();
+			s.executeQuery("SHUTDOWN");
+			s.close();
+			c.close();
+		} catch (SQLException e) {
+			throw new DbException(e);
+		}
+	}
+
+	@Override
+	public long getFreeSpace() throws DbException {
+		File dir = config.getDatabaseDirectory();
+		long maxSize = config.getMaxSize();
+		long free = dir.getFreeSpace();
+		long used = getDiskSpace(dir);
+		long quota = maxSize - used;
+		return Math.min(free, quota);
+	}
+
+	private long getDiskSpace(File f) {
+		if (f.isDirectory()) {
+			long total = 0;
+			File[] children = f.listFiles();
+			if (children != null)
+				for (File child : children) total += getDiskSpace(child);
+			return total;
+		} else if (f.isFile()) {
+			return f.length();
+		} else {
+			return 0;
+		}
+	}
+
+	@Override
+	protected Connection createConnection() throws SQLException {
+		SecretKey key = config.getEncryptionKey();
+		if (key == null) throw new IllegalStateException();
+		String hex = StringUtils.toHexString(key.getBytes());
+		return DriverManager.getConnection(url + ";crypt_key=" + hex);
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/db/Migration.java

@@ -1,18 +0,0 @@
-package org.briarproject.bramble.db;
-
-import org.briarproject.bramble.api.db.DbException;
-
-interface Migration<T> {
-
-	/**
-	 * Returns the schema version from which this migration starts.
-	 */
-	int getStartVersion();
-
-	/**
-	 * Returns the schema version at which this migration ends.
-	 */
-	int getEndVersion();
-
-	void migrate(T txn) throws DbException;
-}

bramble-core/src/main/java/org/briarproject/bramble/db/Migration30_31.java

@@ -1,75 +0,0 @@
-package org.briarproject.bramble.db;
-
-import org.briarproject.bramble.api.db.DbException;
-
-import java.sql.Connection;
-import java.sql.SQLException;
-import java.sql.Statement;
-import java.util.logging.Logger;
-
-import javax.annotation.Nullable;
-
-import static java.util.logging.Level.WARNING;
-
-class Migration30_31 implements Migration<Connection> {
-
-	private static final Logger LOG =
-			Logger.getLogger(Migration30_31.class.getName());
-
-	@Override
-	public int getStartVersion() {
-		return 30;
-	}
-
-	@Override
-	public int getEndVersion() {
-		return 31;
-	}
-
-	@Override
-	public void migrate(Connection txn) throws DbException {
-		Statement s = null;
-		try {
-			s = txn.createStatement();
-			// Add groupId column
-			s.execute("ALTER TABLE messageMetadata"
-					+ " ADD COLUMN groupId BINARY(32) AFTER messageId");
-			// Populate groupId column
-			s.execute("UPDATE messageMetadata AS mm SET groupId ="
-					+ " (SELECT groupId FROM messages AS m"
-					+ " WHERE mm.messageId = m.messageId)");
-			// Add not null constraint now column has been populated
-			s.execute("ALTER TABLE messageMetadata"
-					+ " ALTER COLUMN groupId"
-					+ " SET NOT NULL");
-			// Add foreign key constraint
-			s.execute("ALTER TABLE messageMetadata"
-					+ " ADD CONSTRAINT groupIdForeignKey"
-					+ " FOREIGN KEY (groupId)"
-					+ " REFERENCES groups (groupId)"
-					+ " ON DELETE CASCADE");
-			// Add state column
-			s.execute("ALTER TABLE messageMetadata"
-					+ " ADD COLUMN state INT AFTER groupId");
-			// Populate state column
-			s.execute("UPDATE messageMetadata AS mm SET state ="
-					+ " (SELECT state FROM messages AS m"
-					+ " WHERE mm.messageId = m.messageId)");
-			// Add not null constraint now column has been populated
-			s.execute("ALTER TABLE messageMetadata"
-					+ " ALTER COLUMN state"
-					+ " SET NOT NULL");
-		} catch (SQLException e) {
-			tryToClose(s);
-			throw new DbException(e);
-		}
-	}
-
-	private void tryToClose(@Nullable Statement s) {
-		try {
-			if (s != null) s.close();
-		} catch (SQLException e) {
-			if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
-		}
-	}
-}

bramble-core/src/main/java/org/briarproject/bramble/db/Migration31_32.java

@@ -1,84 +0,0 @@
-package org.briarproject.bramble.db;
-
-import org.briarproject.bramble.api.db.DbException;
-
-import java.sql.Connection;
-import java.sql.SQLException;
-import java.sql.Statement;
-import java.util.logging.Logger;
-
-import javax.annotation.Nullable;
-
-import static java.util.logging.Level.WARNING;
-
-class Migration31_32 implements Migration<Connection> {
-
-	private static final Logger LOG =
-			Logger.getLogger(Migration31_32.class.getName());
-
-	@Override
-	public int getStartVersion() {
-		return 31;
-	}
-
-	@Override
-	public int getEndVersion() {
-		return 32;
-	}
-
-	@Override
-	public void migrate(Connection txn) throws DbException {
-		Statement s = null;
-		try {
-			s = txn.createStatement();
-			// Add denormalised columns
-			s.execute("ALTER TABLE statuses ADD COLUMN"
-					+ " (groupId BINARY(32),"
-					+ " timestamp BIGINT,"
-					+ " length INT,"
-					+ " state INT,"
-					+ " groupShared BOOLEAN,"
-					+ " messageShared BOOLEAN,"
-					+ " deleted BOOLEAN)");
-			// Populate columns from messages table
-			s.execute("UPDATE statuses AS s SET (groupId, timestamp, length,"
-					+ " state, messageShared, deleted) ="
-					+ " (SELECT groupId, timestamp, length, state, shared,"
-					+ " raw IS NULL FROM messages AS m"
-					+ " WHERE s.messageId = m.messageId)");
-			// Populate column from groupVisibilities table
-			s.execute("UPDATE statuses AS s SET groupShared ="
-					+ " (SELECT shared FROM groupVisibilities AS gv"
-					+ " WHERE s.contactId = gv.contactId"
-					+ " AND s.groupId = gv.groupId)");
-			// Add not null constraints now columns have been populated
-			s.execute("ALTER TABLE statuses ALTER COLUMN groupId SET NOT NULL");
-			s.execute("ALTER TABLE statuses ALTER COLUMN timestamp"
-					+ " SET NOT NULL");
-			s.execute("ALTER TABLE statuses ALTER COLUMN length SET NOT NULL");
-			s.execute("ALTER TABLE statuses ALTER COLUMN state SET NOT NULL");
-			s.execute("ALTER TABLE statuses ALTER COLUMN groupShared"
-					+ " SET NOT NULL");
-			s.execute("ALTER TABLE statuses ALTER COLUMN messageShared"
-					+ " SET NOT NULL");
-			s.execute("ALTER TABLE statuses ALTER COLUMN deleted SET NOT NULL");
-			// Add foreign key constraint
-			s.execute("ALTER TABLE statuses"
-					+ " ADD CONSTRAINT statusesForeignKeyGroupId"
-					+ " FOREIGN KEY (groupId)"
-					+ " REFERENCES groups (groupId)"
-					+ " ON DELETE CASCADE");
-		} catch (SQLException e) {
-			tryToClose(s);
-			throw new DbException(e);
-		}
-	}
-
-	private void tryToClose(@Nullable Statement s) {
-		try {
-			if (s != null) s.close();
-		} catch (SQLException e) {
-			if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
-		}
-	}
-}

bramble-core/src/main/java/org/briarproject/bramble/keyagreement/ConnectionChooser.java

@@ -1,36 +0,0 @@
-package org.briarproject.bramble.keyagreement;
-
-import org.briarproject.bramble.api.keyagreement.KeyAgreementConnection;
-
-import java.util.concurrent.Callable;
-
-import javax.annotation.Nullable;
-
-interface ConnectionChooser {
-
-	/**
-	 * Submits a connection task to the chooser.
-	 */
-	void submit(Callable<KeyAgreementConnection> task);
-
-	/**
-	 * Returns a connection returned by any of the tasks submitted to the
-	 * chooser, waiting up to the given amount of time for a connection if
-	 * necessary. Returns null if the time elapses without a connection
-	 * becoming available.
-	 *
-	 * @param timeout the timeout in milliseconds
-	 * @throws InterruptedException if the thread is interrupted while waiting
-	 * for a connection to become available
-	 */
-	@Nullable
-	KeyAgreementConnection poll(long timeout) throws InterruptedException;
-
-	/**
-	 * Stops the chooser. Any connections already returned to the chooser are
-	 * closed unless they have been removed from the chooser by calling
-	 * {@link #poll(long)}. Any connections subsequently returned to the
-	 * chooser will also be closed.
-	 */
-	void stop();
-}

bramble-core/src/main/java/org/briarproject/bramble/keyagreement/ConnectionChooserImpl.java

@@ -1,112 +0,0 @@
-package org.briarproject.bramble.keyagreement;
-
-import org.briarproject.bramble.api.keyagreement.KeyAgreementConnection;
-import org.briarproject.bramble.api.lifecycle.IoExecutor;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
-import org.briarproject.bramble.api.system.Clock;
-
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.LinkedList;
-import java.util.List;
-import java.util.Queue;
-import java.util.concurrent.Callable;
-import java.util.concurrent.Executor;
-import java.util.logging.Logger;
-
-import javax.annotation.Nullable;
-import javax.annotation.concurrent.ThreadSafe;
-import javax.inject.Inject;
-
-import static java.util.logging.Level.INFO;
-
-@NotNullByDefault
-@ThreadSafe
-class ConnectionChooserImpl implements ConnectionChooser {
-
-	private static final Logger LOG =
-			Logger.getLogger(ConnectionChooserImpl.class.getName());
-
-	private final Clock clock;
-	private final Executor ioExecutor;
-	private final Object lock = new Object();
-
-	// The following are locking: lock
-	private boolean stopped = false;
-	private final Queue<KeyAgreementConnection> results = new LinkedList<>();
-
-	@Inject
-	ConnectionChooserImpl(Clock clock, @IoExecutor Executor ioExecutor) {
-		this.clock = clock;
-		this.ioExecutor = ioExecutor;
-	}
-
-	@Override
-	public void submit(Callable<KeyAgreementConnection> task) {
-		ioExecutor.execute(() -> {
-			try {
-				KeyAgreementConnection c = task.call();
-				if (c != null) addResult(c);
-			} catch (Exception e) {
-				if (LOG.isLoggable(INFO)) LOG.info(e.toString());
-			}
-		});
-	}
-
-	@Nullable
-	@Override
-	public KeyAgreementConnection poll(long timeout)
-			throws InterruptedException {
-		long now = clock.currentTimeMillis();
-		long end = now + timeout;
-		synchronized (lock) {
-			while (!stopped && results.isEmpty() && now < end) {
-				lock.wait(end - now);
-				now = clock.currentTimeMillis();
-			}
-			return results.poll();
-		}
-	}
-
-	@Override
-	public void stop() {
-		List<KeyAgreementConnection> unused;
-		synchronized (lock) {
-			unused = new ArrayList<>(results);
-			results.clear();
-			stopped = true;
-			lock.notifyAll();
-		}
-		if (LOG.isLoggable(INFO))
-			LOG.info("Closing " + unused.size() + " unused connections");
-		for (KeyAgreementConnection c : unused) tryToClose(c.getConnection());
-	}
-
-	private void addResult(KeyAgreementConnection c) {
-		if (LOG.isLoggable(INFO))
-			LOG.info("Got connection for " + c.getTransportId());
-		boolean close = false;
-		synchronized (lock) {
-			if (stopped) {
-				close = true;
-			} else {
-				results.add(c);
-				lock.notifyAll();
-			}
-		}
-		if (close) {
-			LOG.info("Already stopped");
-			tryToClose(c.getConnection());
-		}
-	}
-
-	private void tryToClose(DuplexTransportConnection conn) {
-		try {
-			conn.getReader().dispose(false, true);
-			conn.getWriter().dispose(false);
-		} catch (IOException e) {
-			if (LOG.isLoggable(INFO)) LOG.info(e.toString());
-		}
-	}
-}

bramble-core/src/main/java/org/briarproject/bramble/keyagreement/KeyAgreementConnector.java

@@ -1,6 +1,6 @@
 package org.briarproject.bramble.keyagreement;
 
-import org.briarproject.bramble.api.crypto.CryptoComponent;
+import org.briarproject.bramble.api.crypto.KeyAgreementCrypto;
 import org.briarproject.bramble.api.crypto.KeyPair;
 import org.briarproject.bramble.api.data.BdfList;
 import org.briarproject.bramble.api.keyagreement.KeyAgreementConnection;
@@ -13,19 +13,23 @@ import org.briarproject.bramble.api.plugin.PluginManager;
 import org.briarproject.bramble.api.plugin.TransportId;
 import org.briarproject.bramble.api.plugin.duplex.DuplexPlugin;
 import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
+import org.briarproject.bramble.api.system.Clock;
 
 import java.io.IOException;
 import java.io.InputStream;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.concurrent.Callable;
-import java.util.concurrent.CopyOnWriteArrayList;
-import java.util.concurrent.CountDownLatch;
-import java.util.concurrent.atomic.AtomicBoolean;
+import java.util.concurrent.CompletionService;
+import java.util.concurrent.ExecutionException;
+import java.util.concurrent.Executor;
+import java.util.concurrent.ExecutorCompletionService;
+import java.util.concurrent.Future;
 import java.util.logging.Logger;
 
 import javax.annotation.Nullable;
 
+import static java.util.concurrent.TimeUnit.MILLISECONDS;
 import static java.util.logging.Level.INFO;
 import static java.util.logging.Level.WARNING;
 import static org.briarproject.bramble.api.keyagreement.KeyAgreementConstants.CONNECTION_TIMEOUT;
@@ -41,31 +45,33 @@ class KeyAgreementConnector {
 			Logger.getLogger(KeyAgreementConnector.class.getName());
 
 	private final Callbacks callbacks;
-	private final CryptoComponent crypto;
+	private final Clock clock;
+	private final KeyAgreementCrypto keyAgreementCrypto;
 	private final PluginManager pluginManager;
-	private final ConnectionChooser connectionChooser;
+	private final CompletionService<KeyAgreementConnection> connect;
 
-	private final List<KeyAgreementListener> listeners =
-			new CopyOnWriteArrayList<>();
-	private final CountDownLatch aliceLatch = new CountDownLatch(1);
-	private final AtomicBoolean waitingSent = new AtomicBoolean(false);
+	private final List<KeyAgreementListener> listeners = new ArrayList<>();
+	private final List<Future<KeyAgreementConnection>> pending =
+			new ArrayList<>();
 
-	private volatile boolean alice = false, stopped = false;
+	private volatile boolean connecting = false;
+	private volatile boolean alice = false;
 
-	KeyAgreementConnector(Callbacks callbacks,
-			CryptoComponent crypto, PluginManager pluginManager,
-			ConnectionChooser connectionChooser) {
+	KeyAgreementConnector(Callbacks callbacks, Clock clock,
+			KeyAgreementCrypto keyAgreementCrypto, PluginManager pluginManager,
+			Executor ioExecutor) {
 		this.callbacks = callbacks;
-		this.crypto = crypto;
+		this.clock = clock;
+		this.keyAgreementCrypto = keyAgreementCrypto;
 		this.pluginManager = pluginManager;
-		this.connectionChooser = connectionChooser;
+		connect = new ExecutorCompletionService<>(ioExecutor);
 	}
 
-	Payload listen(KeyPair localKeyPair) {
+	public Payload listen(KeyPair localKeyPair) {
 		LOG.info("Starting BQP listeners");
 		// Derive commitment
-		byte[] commitment = crypto.deriveKeyCommitment(
-				localKeyPair.getPublic().getEncoded());
+		byte[] commitment = keyAgreementCrypto.deriveKeyCommitment(
+				localKeyPair.getPublic());
 		// Start all listeners and collect their descriptors
 		List<TransportDescriptor> descriptors = new ArrayList<>();
 		for (DuplexPlugin plugin : pluginManager.getKeyAgreementPlugins()) {
@@ -74,9 +80,8 @@ class KeyAgreementConnector {
 			if (l != null) {
 				TransportId id = plugin.getId();
 				descriptors.add(new TransportDescriptor(id, l.getDescriptor()));
-				if (LOG.isLoggable(INFO)) LOG.info("Listening via " + id);
+				pending.add(connect.submit(new ReadableTask(l.listen())));
 				listeners.add(l);
-				connectionChooser.submit(new ReadableTask(l::accept));
 			}
 		}
 		return new Payload(commitment, descriptors);
@@ -84,92 +89,125 @@ class KeyAgreementConnector {
 
 	void stopListening() {
 		LOG.info("Stopping BQP listeners");
-		stopped = true;
-		aliceLatch.countDown();
-		for (KeyAgreementListener l : listeners) l.close();
-		connectionChooser.stop();
+		for (KeyAgreementListener l : listeners) {
+			l.close();
+		}
+		listeners.clear();
 	}
 
 	@Nullable
-	public KeyAgreementTransport connect(Payload remotePayload, boolean alice) {
-		// Let the ReadableTasks know if we are Alice
+	public KeyAgreementTransport connect(Payload remotePayload,
+			boolean alice) {
+		// Let the listeners know if we are Alice
+		this.connecting = true;
 		this.alice = alice;
-		aliceLatch.countDown();
+		long end = clock.currentTimeMillis() + CONNECTION_TIMEOUT;
 
 		// Start connecting over supported transports
-		if (LOG.isLoggable(INFO)) {
-			LOG.info("Starting outgoing BQP connections as "
-					+ (alice ? "Alice" : "Bob"));
-		}
+		LOG.info("Starting outgoing BQP connections");
 		for (TransportDescriptor d : remotePayload.getTransportDescriptors()) {
 			Plugin p = pluginManager.getPlugin(d.getId());
 			if (p instanceof DuplexPlugin) {
-				if (LOG.isLoggable(INFO))
-					LOG.info("Connecting via " + d.getId());
 				DuplexPlugin plugin = (DuplexPlugin) p;
-				byte[] commitment = remotePayload.getCommitment();
-				BdfList descriptor = d.getDescriptor();
-				connectionChooser.submit(new ReadableTask(
-						new ConnectorTask(plugin, commitment, descriptor)));
+				pending.add(connect.submit(new ReadableTask(
+						new ConnectorTask(plugin, remotePayload.getCommitment(),
+								d.getDescriptor(), end))));
 			}
 		}
 
 		// Get chosen connection
+		KeyAgreementConnection chosen = null;
 		try {
-			KeyAgreementConnection chosen =
-					connectionChooser.poll(CONNECTION_TIMEOUT);
-			if (chosen == null) return null;
+			long now = clock.currentTimeMillis();
+			Future<KeyAgreementConnection> f =
+					connect.poll(end - now, MILLISECONDS);
+			if (f == null)
+				return null; // No task completed within the timeout.
+			chosen = f.get();
 			return new KeyAgreementTransport(chosen);
 		} catch (InterruptedException e) {
 			LOG.info("Interrupted while waiting for connection");
 			Thread.currentThread().interrupt();
 			return null;
-		} catch (IOException e) {
+		} catch (ExecutionException | IOException e) {
 			if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
 			return null;
 		} finally {
 			stopListening();
+			// Close all other connections
+			closePending(chosen);
 		}
 	}
 
-	private void waitingForAlice() {
-		if (!waitingSent.getAndSet(true)) callbacks.connectionWaiting();
+	private void closePending(@Nullable KeyAgreementConnection chosen) {
+		for (Future<KeyAgreementConnection> f : pending) {
+			try {
+				if (f.cancel(true)) {
+					LOG.info("Cancelled task");
+				} else if (!f.isCancelled()) {
+					KeyAgreementConnection c = f.get();
+					if (c != null && c != chosen)
+						tryToClose(c.getConnection(), false);
+				}
+			} catch (InterruptedException e) {
+				LOG.info("Interrupted while closing sockets");
+				Thread.currentThread().interrupt();
+				return;
+			} catch (ExecutionException e) {
+				if (LOG.isLoggable(INFO)) LOG.info(e.toString());
+			}
+		}
+	}
+
+	private void tryToClose(DuplexTransportConnection conn, boolean exception) {
+		try {
+			if (LOG.isLoggable(INFO))
+				LOG.info("Closing connection, exception: " + exception);
+			conn.getReader().dispose(exception, true);
+			conn.getWriter().dispose(exception);
+		} catch (IOException e) {
+			if (LOG.isLoggable(INFO)) LOG.info(e.toString());
+		}
 	}
 
 	private class ConnectorTask implements Callable<KeyAgreementConnection> {
 
 		private final byte[] commitment;
 		private final BdfList descriptor;
+		private final long end;
 		private final DuplexPlugin plugin;
 
 		private ConnectorTask(DuplexPlugin plugin, byte[] commitment,
-				BdfList descriptor) {
+				BdfList descriptor, long end) {
 			this.plugin = plugin;
 			this.commitment = commitment;
 			this.descriptor = descriptor;
+			this.end = end;
 		}
 
-		@Nullable
 		@Override
 		public KeyAgreementConnection call() throws Exception {
-			// Repeat attempts until we connect, get stopped, or get interrupted
-			while (!stopped) {
+			// Repeat attempts until we connect, get interrupted, or time out
+			while (true) {
+				long now = clock.currentTimeMillis();
+				if (now > end) throw new IOException();
 				DuplexTransportConnection conn =
 						plugin.createKeyAgreementConnection(commitment,
-								descriptor);
+								descriptor, end - now);
 				if (conn != null) {
 					if (LOG.isLoggable(INFO))
-						LOG.info(plugin.getId() + ": Outgoing connection");
+						LOG.info(plugin.getId().getString() +
+								": Outgoing connection");
 					return new KeyAgreementConnection(conn, plugin.getId());
 				}
 				// Wait 2s before retry (to circumvent transient failures)
 				Thread.sleep(2000);
 			}
-			return null;
 		}
 	}
 
-	private class ReadableTask implements Callable<KeyAgreementConnection> {
+	private class ReadableTask
+			implements Callable<KeyAgreementConnection> {
 
 		private final Callable<KeyAgreementConnection> connectionTask;
 
@@ -177,23 +215,24 @@ class KeyAgreementConnector {
 			this.connectionTask = connectionTask;
 		}
 
-		@Nullable
 		@Override
 		public KeyAgreementConnection call() throws Exception {
 			KeyAgreementConnection c = connectionTask.call();
-			if (c == null) return null;
-			aliceLatch.await();
-			if (alice || stopped) return c;
-			// Bob waits here for Alice to scan his QR code, determine her
-			// role, and send her key
 			InputStream in = c.getConnection().getReader().getInputStream();
-			while (!stopped && in.available() == 0) {
-				if (LOG.isLoggable(INFO))
-					LOG.info(c.getTransportId() + ": Waiting for data");
-				waitingForAlice();
-				Thread.sleep(500);
+			boolean waitingSent = false;
+			while (!alice && in.available() == 0) {
+				if (!waitingSent && connecting && !alice) {
+					// Bob waits here until Alice obtains his payload.
+					callbacks.connectionWaiting();
+					waitingSent = true;
+				}
+				if (LOG.isLoggable(INFO)) {
+					LOG.info(c.getTransportId().getString() +
+							": Waiting for connection");
+				}
+				Thread.sleep(1000);
 			}
-			if (!stopped && LOG.isLoggable(INFO))
+			if (!alice && LOG.isLoggable(INFO))
 				LOG.info(c.getTransportId().getString() + ": Data available");
 			return c;
 		}

bramble-core/src/main/java/org/briarproject/bramble/keyagreement/KeyAgreementModule.java

@@ -2,7 +2,7 @@ package org.briarproject.bramble.keyagreement;
 
 import org.briarproject.bramble.api.data.BdfReaderFactory;
 import org.briarproject.bramble.api.data.BdfWriterFactory;
-import org.briarproject.bramble.api.keyagreement.KeyAgreementTaskFactory;
+import org.briarproject.bramble.api.keyagreement.KeyAgreementTask;
 import org.briarproject.bramble.api.keyagreement.PayloadEncoder;
 import org.briarproject.bramble.api.keyagreement.PayloadParser;
 
@@ -13,9 +13,9 @@ import dagger.Provides;
 public class KeyAgreementModule {
 
 	@Provides
-	KeyAgreementTaskFactory provideKeyAgreementTaskFactory(
-			KeyAgreementTaskFactoryImpl keyAgreementTaskFactory) {
-		return keyAgreementTaskFactory;
+	KeyAgreementTask provideKeyAgreementTask(
+			KeyAgreementTaskImpl keyAgreementTask) {
+		return keyAgreementTask;
 	}
 
 	@Provides
@@ -27,10 +27,4 @@ public class KeyAgreementModule {
 	PayloadParser providePayloadParser(BdfReaderFactory bdfReaderFactory) {
 		return new PayloadParserImpl(bdfReaderFactory);
 	}
-
-	@Provides
-	ConnectionChooser provideConnectionChooser(
-			ConnectionChooserImpl connectionChooser) {
-		return connectionChooser;
-	}
 }

bramble-core/src/main/java/org/briarproject/bramble/keyagreement/KeyAgreementProtocol.java

@@ -1,7 +1,10 @@
 package org.briarproject.bramble.keyagreement;
 
 import org.briarproject.bramble.api.crypto.CryptoComponent;
+import org.briarproject.bramble.api.crypto.KeyAgreementCrypto;
 import org.briarproject.bramble.api.crypto.KeyPair;
+import org.briarproject.bramble.api.crypto.KeyParser;
+import org.briarproject.bramble.api.crypto.PublicKey;
 import org.briarproject.bramble.api.crypto.SecretKey;
 import org.briarproject.bramble.api.keyagreement.Payload;
 import org.briarproject.bramble.api.keyagreement.PayloadEncoder;
@@ -11,6 +14,10 @@ import java.io.IOException;
 import java.security.GeneralSecurityException;
 import java.util.Arrays;
 
+import static org.briarproject.bramble.api.keyagreement.KeyAgreementConstants.MASTER_SECRET_LABEL;
+import static org.briarproject.bramble.api.keyagreement.KeyAgreementConstants.PROTOCOL_VERSION;
+import static org.briarproject.bramble.api.keyagreement.KeyAgreementConstants.SHARED_SECRET_LABEL;
+
 /**
  * Implementation of the BQP protocol.
  * <p/>
@@ -57,6 +64,7 @@ class KeyAgreementProtocol {
 
 	private final Callbacks callbacks;
 	private final CryptoComponent crypto;
+	private final KeyAgreementCrypto keyAgreementCrypto;
 	private final PayloadEncoder payloadEncoder;
 	private final KeyAgreementTransport transport;
 	private final Payload theirPayload, ourPayload;
@@ -64,11 +72,13 @@ class KeyAgreementProtocol {
 	private final boolean alice;
 
 	KeyAgreementProtocol(Callbacks callbacks, CryptoComponent crypto,
+			KeyAgreementCrypto keyAgreementCrypto,
 			PayloadEncoder payloadEncoder, KeyAgreementTransport transport,
 			Payload theirPayload, Payload ourPayload, KeyPair ourKeyPair,
 			boolean alice) {
 		this.callbacks = callbacks;
 		this.crypto = crypto;
+		this.keyAgreementCrypto = keyAgreementCrypto;
 		this.payloadEncoder = payloadEncoder;
 		this.transport = transport;
 		this.theirPayload = theirPayload;
@@ -86,11 +96,10 @@ class KeyAgreementProtocol {
 	 */
 	SecretKey perform() throws AbortException, IOException {
 		try {
-			byte[] theirPublicKey;
+			PublicKey theirPublicKey;
 			if (alice) {
 				sendKey();
-				// Alice waits here for Bob to scan her QR code, determine his
-				// role, receive her key and respond with his key
+				// Alice waits here until Bob obtains her payload.
 				callbacks.connectionWaiting();
 				theirPublicKey = receiveKey();
 			} else {
@@ -105,7 +114,7 @@ class KeyAgreementProtocol {
 				receiveConfirm(s, theirPublicKey);
 				sendConfirm(s, theirPublicKey);
 			}
-			return crypto.deriveMasterSecret(s);
+			return crypto.deriveKey(MASTER_SECRET_LABEL, s);
 		} catch (AbortException e) {
 			sendAbort(e.getCause() != null);
 			throw e;
@@ -116,27 +125,41 @@ class KeyAgreementProtocol {
 		transport.sendKey(ourKeyPair.getPublic().getEncoded());
 	}
 
-	private byte[] receiveKey() throws AbortException {
-		byte[] publicKey = transport.receiveKey();
+	private PublicKey receiveKey() throws AbortException {
+		byte[] publicKeyBytes = transport.receiveKey();
 		callbacks.initialRecordReceived();
-		byte[] expected = crypto.deriveKeyCommitment(publicKey);
-		if (!Arrays.equals(expected, theirPayload.getCommitment()))
+		KeyParser keyParser = crypto.getAgreementKeyParser();
+		try {
+			PublicKey publicKey = keyParser.parsePublicKey(publicKeyBytes);
+			byte[] expected = keyAgreementCrypto.deriveKeyCommitment(publicKey);
+			if (!Arrays.equals(expected, theirPayload.getCommitment()))
+				throw new AbortException();
+			return publicKey;
+		} catch (GeneralSecurityException e) {
 			throw new AbortException();
-		return publicKey;
+		}
 	}
 
-	private SecretKey deriveSharedSecret(byte[] theirPublicKey)
+	private SecretKey deriveSharedSecret(PublicKey theirPublicKey)
 			throws AbortException {
 		try {
-			return crypto.deriveSharedSecret(theirPublicKey, ourKeyPair, alice);
+			byte[] ourPublicKeyBytes = ourKeyPair.getPublic().getEncoded();
+			byte[] theirPublicKeyBytes = theirPublicKey.getEncoded();
+			byte[][] inputs = {
+					new byte[] {PROTOCOL_VERSION},
+					alice ? ourPublicKeyBytes : theirPublicKeyBytes,
+					alice ? theirPublicKeyBytes : ourPublicKeyBytes
+			};
+			return crypto.deriveSharedSecret(SHARED_SECRET_LABEL,
+					theirPublicKey, ourKeyPair, inputs);
 		} catch (GeneralSecurityException e) {
 			throw new AbortException(e);
 		}
 	}
 
-	private void sendConfirm(SecretKey s, byte[] theirPublicKey)
+	private void sendConfirm(SecretKey s, PublicKey theirPublicKey)
 			throws IOException {
-		byte[] confirm = crypto.deriveConfirmationRecord(s,
+		byte[] confirm = keyAgreementCrypto.deriveConfirmationRecord(s,
 				payloadEncoder.encode(theirPayload),
 				payloadEncoder.encode(ourPayload),
 				theirPublicKey, ourKeyPair,
@@ -144,10 +167,10 @@ class KeyAgreementProtocol {
 		transport.sendConfirm(confirm);
 	}
 
-	private void receiveConfirm(SecretKey s, byte[] theirPublicKey)
+	private void receiveConfirm(SecretKey s, PublicKey theirPublicKey)
 			throws AbortException {
 		byte[] confirm = transport.receiveConfirm();
-		byte[] expected = crypto.deriveConfirmationRecord(s,
+		byte[] expected = keyAgreementCrypto.deriveConfirmationRecord(s,
 				payloadEncoder.encode(theirPayload),
 				payloadEncoder.encode(ourPayload),
 				theirPublicKey, ourKeyPair,

bramble-core/src/main/java/org/briarproject/bramble/keyagreement/KeyAgreementTaskFactoryImpl.java

@@ -1,41 +0,0 @@
-package org.briarproject.bramble.keyagreement;
-
-import org.briarproject.bramble.api.crypto.CryptoComponent;
-import org.briarproject.bramble.api.event.EventBus;
-import org.briarproject.bramble.api.keyagreement.KeyAgreementTask;
-import org.briarproject.bramble.api.keyagreement.KeyAgreementTaskFactory;
-import org.briarproject.bramble.api.keyagreement.PayloadEncoder;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.briarproject.bramble.api.plugin.PluginManager;
-
-import javax.annotation.concurrent.Immutable;
-import javax.inject.Inject;
-import javax.inject.Provider;
-
-@Immutable
-@NotNullByDefault
-class KeyAgreementTaskFactoryImpl implements KeyAgreementTaskFactory {
-
-	private final CryptoComponent crypto;
-	private final EventBus eventBus;
-	private final PayloadEncoder payloadEncoder;
-	private final PluginManager pluginManager;
-	private final Provider<ConnectionChooser> connectionChooserProvider;
-
-	@Inject
-	KeyAgreementTaskFactoryImpl(CryptoComponent crypto, EventBus eventBus,
-			PayloadEncoder payloadEncoder, PluginManager pluginManager,
-			Provider<ConnectionChooser> connectionChooserProvider) {
-		this.crypto = crypto;
-		this.eventBus = eventBus;
-		this.payloadEncoder = payloadEncoder;
-		this.pluginManager = pluginManager;
-		this.connectionChooserProvider = connectionChooserProvider;
-	}
-
-	@Override
-	public KeyAgreementTask createTask() {
-		return new KeyAgreementTaskImpl(crypto, eventBus, payloadEncoder,
-				pluginManager, connectionChooserProvider.get());
-	}
-}

bramble-core/src/main/java/org/briarproject/bramble/keyagreement/KeyAgreementTaskImpl.java

@@ -1,6 +1,7 @@
 package org.briarproject.bramble.keyagreement;
 
 import org.briarproject.bramble.api.crypto.CryptoComponent;
+import org.briarproject.bramble.api.crypto.KeyAgreementCrypto;
 import org.briarproject.bramble.api.crypto.KeyPair;
 import org.briarproject.bramble.api.crypto.SecretKey;
 import org.briarproject.bramble.api.event.EventBus;
@@ -14,24 +15,31 @@ import org.briarproject.bramble.api.keyagreement.event.KeyAgreementFinishedEvent
 import org.briarproject.bramble.api.keyagreement.event.KeyAgreementListeningEvent;
 import org.briarproject.bramble.api.keyagreement.event.KeyAgreementStartedEvent;
 import org.briarproject.bramble.api.keyagreement.event.KeyAgreementWaitingEvent;
+import org.briarproject.bramble.api.lifecycle.IoExecutor;
 import org.briarproject.bramble.api.nullsafety.MethodsNotNullByDefault;
 import org.briarproject.bramble.api.nullsafety.ParametersNotNullByDefault;
 import org.briarproject.bramble.api.plugin.PluginManager;
+import org.briarproject.bramble.api.system.Clock;
 
 import java.io.IOException;
+import java.util.concurrent.Executor;
 import java.util.logging.Logger;
 
+import javax.inject.Inject;
+
 import static java.util.logging.Level.WARNING;
 
 @MethodsNotNullByDefault
 @ParametersNotNullByDefault
-class KeyAgreementTaskImpl extends Thread implements KeyAgreementTask,
-		KeyAgreementProtocol.Callbacks, KeyAgreementConnector.Callbacks {
+class KeyAgreementTaskImpl extends Thread implements
+		KeyAgreementTask, KeyAgreementConnector.Callbacks,
+		KeyAgreementProtocol.Callbacks {
 
 	private static final Logger LOG =
 			Logger.getLogger(KeyAgreementTaskImpl.class.getName());
 
 	private final CryptoComponent crypto;
+	private final KeyAgreementCrypto keyAgreementCrypto;
 	private final EventBus eventBus;
 	private final PayloadEncoder payloadEncoder;
 	private final KeyPair localKeyPair;
@@ -40,15 +48,18 @@ class KeyAgreementTaskImpl extends Thread implements KeyAgreementTask,
 	private Payload localPayload;
 	private Payload remotePayload;
 
-	KeyAgreementTaskImpl(CryptoComponent crypto, EventBus eventBus,
+	@Inject
+	KeyAgreementTaskImpl(Clock clock, CryptoComponent crypto,
+			KeyAgreementCrypto keyAgreementCrypto, EventBus eventBus,
 			PayloadEncoder payloadEncoder, PluginManager pluginManager,
-			ConnectionChooser connectionChooser) {
+			@IoExecutor Executor ioExecutor) {
 		this.crypto = crypto;
+		this.keyAgreementCrypto = keyAgreementCrypto;
 		this.eventBus = eventBus;
 		this.payloadEncoder = payloadEncoder;
 		localKeyPair = crypto.generateAgreementKeyPair();
-		connector = new KeyAgreementConnector(this, crypto, pluginManager,
-				connectionChooser);
+		connector = new KeyAgreementConnector(this, clock, keyAgreementCrypto,
+				pluginManager, ioExecutor);
 	}
 
 	@Override
@@ -62,8 +73,10 @@ class KeyAgreementTaskImpl extends Thread implements KeyAgreementTask,
 	@Override
 	public synchronized void stopListening() {
 		if (localPayload != null) {
-			if (remotePayload == null) connector.stopListening();
-			else interrupt();
+			if (remotePayload == null)
+				connector.stopListening();
+			else
+				interrupt();
 		}
 	}
 
@@ -95,8 +108,8 @@ class KeyAgreementTaskImpl extends Thread implements KeyAgreementTask,
 		// Run BQP protocol over the connection
 		LOG.info("Starting BQP protocol");
 		KeyAgreementProtocol protocol = new KeyAgreementProtocol(this, crypto,
-				payloadEncoder, transport, remotePayload, localPayload,
-				localKeyPair, alice);
+				keyAgreementCrypto, payloadEncoder, transport, remotePayload,
+				localPayload, localKeyPair, alice);
 		try {
 			SecretKey master = protocol.perform();
 			KeyAgreementResult result =

bramble-core/src/main/java/org/briarproject/bramble/lifecycle/LifecycleManagerImpl.java

@@ -2,11 +2,8 @@ package org.briarproject.bramble.lifecycle;
 
 import org.briarproject.bramble.api.crypto.CryptoComponent;
 import org.briarproject.bramble.api.crypto.KeyPair;
-import org.briarproject.bramble.api.db.DataTooNewException;
-import org.briarproject.bramble.api.db.DataTooOldException;
 import org.briarproject.bramble.api.db.DatabaseComponent;
 import org.briarproject.bramble.api.db.DbException;
-import org.briarproject.bramble.api.db.MigrationListener;
 import org.briarproject.bramble.api.db.Transaction;
 import org.briarproject.bramble.api.event.EventBus;
 import org.briarproject.bramble.api.identity.AuthorFactory;
@@ -15,7 +12,7 @@ import org.briarproject.bramble.api.identity.LocalAuthor;
 import org.briarproject.bramble.api.lifecycle.LifecycleManager;
 import org.briarproject.bramble.api.lifecycle.Service;
 import org.briarproject.bramble.api.lifecycle.ServiceException;
-import org.briarproject.bramble.api.lifecycle.event.LifecycleEvent;
+import org.briarproject.bramble.api.lifecycle.event.ShutdownEvent;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.sync.Client;
 
@@ -32,21 +29,14 @@ import javax.inject.Inject;
 
 import static java.util.logging.Level.INFO;
 import static java.util.logging.Level.WARNING;
-import static org.briarproject.bramble.api.lifecycle.LifecycleManager.LifecycleState.MIGRATING_DATABASE;
-import static org.briarproject.bramble.api.lifecycle.LifecycleManager.LifecycleState.RUNNING;
-import static org.briarproject.bramble.api.lifecycle.LifecycleManager.LifecycleState.STARTING;
-import static org.briarproject.bramble.api.lifecycle.LifecycleManager.LifecycleState.STARTING_SERVICES;
-import static org.briarproject.bramble.api.lifecycle.LifecycleManager.LifecycleState.STOPPING;
 import static org.briarproject.bramble.api.lifecycle.LifecycleManager.StartResult.ALREADY_RUNNING;
-import static org.briarproject.bramble.api.lifecycle.LifecycleManager.StartResult.DATA_TOO_NEW_ERROR;
-import static org.briarproject.bramble.api.lifecycle.LifecycleManager.StartResult.DATA_TOO_OLD_ERROR;
 import static org.briarproject.bramble.api.lifecycle.LifecycleManager.StartResult.DB_ERROR;
 import static org.briarproject.bramble.api.lifecycle.LifecycleManager.StartResult.SERVICE_ERROR;
 import static org.briarproject.bramble.api.lifecycle.LifecycleManager.StartResult.SUCCESS;
 
 @ThreadSafe
 @NotNullByDefault
-class LifecycleManagerImpl implements LifecycleManager, MigrationListener {
+class LifecycleManagerImpl implements LifecycleManager {
 
 	private static final Logger LOG =
 			Logger.getLogger(LifecycleManagerImpl.class.getName());
@@ -64,8 +54,6 @@ class LifecycleManagerImpl implements LifecycleManager, MigrationListener {
 	private final CountDownLatch startupLatch = new CountDownLatch(1);
 	private final CountDownLatch shutdownLatch = new CountDownLatch(1);
 
-	private volatile LifecycleState state = STARTING;
-
 	@Inject
 	LifecycleManagerImpl(DatabaseComponent db, EventBus eventBus,
 			CryptoComponent crypto, AuthorFactory authorFactory,
@@ -131,7 +119,7 @@ class LifecycleManagerImpl implements LifecycleManager, MigrationListener {
 			LOG.info("Starting services");
 			long start = System.currentTimeMillis();
 
-			boolean reopened = db.open(this);
+			boolean reopened = db.open();
 			long duration = System.currentTimeMillis() - start;
 			if (LOG.isLoggable(INFO)) {
 				if (reopened)
@@ -143,10 +131,7 @@ class LifecycleManagerImpl implements LifecycleManager, MigrationListener {
 				registerLocalAuthor(createLocalAuthor(nickname));
 			}
 
-			state = STARTING_SERVICES;
 			dbLatch.countDown();
-			eventBus.broadcast(new LifecycleEvent(STARTING_SERVICES));
-
 			Transaction txn = db.startTransaction(false);
 			try {
 				for (Client c : clients) {
@@ -172,17 +157,8 @@ class LifecycleManagerImpl implements LifecycleManager, MigrationListener {
 							+ " took " + duration + " ms");
 				}
 			}
-
-			state = RUNNING;
 			startupLatch.countDown();
-			eventBus.broadcast(new LifecycleEvent(RUNNING));
 			return SUCCESS;
-		} catch (DataTooOldException e) {
-			if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
-			return DATA_TOO_OLD_ERROR;
-		} catch (DataTooNewException e) {
-			if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
-			return DATA_TOO_NEW_ERROR;
 		} catch (DbException e) {
 			if (LOG.isLoggable(WARNING)) LOG.log(WARNING, e.toString(), e);
 			return DB_ERROR;
@@ -194,12 +170,6 @@ class LifecycleManagerImpl implements LifecycleManager, MigrationListener {
 		}
 	}
 
-	@Override
-	public void onMigrationRun() {
-		state = MIGRATING_DATABASE;
-		eventBus.broadcast(new LifecycleEvent(MIGRATING_DATABASE));
-	}
-
 	@Override
 	public void stopServices() {
 		try {
@@ -210,8 +180,7 @@ class LifecycleManagerImpl implements LifecycleManager, MigrationListener {
 		}
 		try {
 			LOG.info("Stopping services");
-			state = STOPPING;
-			eventBus.broadcast(new LifecycleEvent(STOPPING));
+			eventBus.broadcast(new ShutdownEvent());
 			for (Service s : services) {
 				long start = System.currentTimeMillis();
 				s.stopService();
@@ -256,8 +225,4 @@ class LifecycleManagerImpl implements LifecycleManager, MigrationListener {
 		shutdownLatch.await();
 	}
 
-	@Override
-	public LifecycleState getLifecycleState() {
-		return state;
-	}
 }

bramble-core/src/main/java/org/briarproject/bramble/plugin/Poller.java

@@ -16,7 +16,6 @@ import org.briarproject.bramble.api.plugin.duplex.DuplexPlugin;
 import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
 import org.briarproject.bramble.api.plugin.event.ConnectionClosedEvent;
 import org.briarproject.bramble.api.plugin.event.ConnectionOpenedEvent;
-import org.briarproject.bramble.api.plugin.event.TransportDisabledEvent;
 import org.briarproject.bramble.api.plugin.event.TransportEnabledEvent;
 import org.briarproject.bramble.api.plugin.simplex.SimplexPlugin;
 import org.briarproject.bramble.api.system.Clock;
@@ -26,7 +25,6 @@ import java.security.SecureRandom;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.concurrent.Executor;
-import java.util.concurrent.Future;
 import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.locks.Lock;
 import java.util.concurrent.locks.ReentrantLock;
@@ -52,7 +50,7 @@ class Poller implements EventListener {
 	private final SecureRandom random;
 	private final Clock clock;
 	private final Lock lock;
-	private final Map<TransportId, ScheduledPollTask> tasks; // Locking: lock
+	private final Map<TransportId, PollTask> tasks; // Locking: lock
 
 	@Inject
 	Poller(@IoExecutor Executor ioExecutor,
@@ -95,10 +93,6 @@ class Poller implements EventListener {
 			TransportEnabledEvent t = (TransportEnabledEvent) e;
 			// Poll the newly enabled transport
 			pollNow(t.getTransportId());
-		} else if (e instanceof TransportDisabledEvent) {
-			TransportDisabledEvent t = (TransportDisabledEvent) e;
-			// Cancel polling for the disabled transport
-			cancel(t.getTransportId());
 		}
 	}
 
@@ -157,31 +151,18 @@ class Poller implements EventListener {
 		TransportId t = p.getId();
 		lock.lock();
 		try {
-			ScheduledPollTask scheduled = tasks.get(t);
-			if (scheduled == null || due < scheduled.task.due) {
-				// If a later task exists, cancel it. If it's already started
-				// it will abort safely when it finds it's been replaced
-				if (scheduled != null) scheduled.future.cancel(false);
+			PollTask scheduled = tasks.get(t);
+			if (scheduled == null || due < scheduled.due) {
 				PollTask task = new PollTask(p, due, randomiseNext);
-				Future future = scheduler.schedule(
+				tasks.put(t, task);
+				scheduler.schedule(
 						() -> ioExecutor.execute(task), delay, MILLISECONDS);
-				tasks.put(t, new ScheduledPollTask(task, future));
 			}
 		} finally {
 			lock.unlock();
 		}
 	}
 
-	private void cancel(TransportId t) {
-		lock.lock();
-		try {
-			ScheduledPollTask scheduled = tasks.remove(t);
-			if (scheduled != null) scheduled.future.cancel(false);
-		} finally {
-			lock.unlock();
-		}
-	}
-
 	@IoExecutor
 	private void poll(Plugin p) {
 		TransportId t = p.getId();
@@ -189,17 +170,6 @@ class Poller implements EventListener {
 		p.poll(connectionRegistry.getConnectedContacts(t));
 	}
 
-	private class ScheduledPollTask {
-
-		private final PollTask task;
-		private final Future future;
-
-		private ScheduledPollTask(PollTask task, Future future) {
-			this.task = task;
-			this.future = future;
-		}
-	}
-
 	private class PollTask implements Runnable {
 
 		private final Plugin plugin;
@@ -218,9 +188,7 @@ class Poller implements EventListener {
 			lock.lock();
 			try {
 				TransportId t = plugin.getId();
-				ScheduledPollTask scheduled = tasks.get(t);
-				if (scheduled != null && scheduled.task != this)
-					return; // Replaced by another task
+				if (tasks.get(t) != this) return; // Replaced by another task
 				tasks.remove(t);
 			} finally {
 				lock.unlock();

bramble-core/src/main/java/org/briarproject/bramble/plugin/tcp/LanTcpPlugin.java

@@ -23,8 +23,9 @@ import java.net.SocketAddress;
 import java.net.UnknownHostException;
 import java.util.ArrayList;
 import java.util.Collections;
-import java.util.Comparator;
+import java.util.LinkedList;
 import java.util.List;
+import java.util.concurrent.Callable;
 import java.util.concurrent.Executor;
 import java.util.logging.Logger;
 
@@ -43,9 +44,6 @@ class LanTcpPlugin extends TcpPlugin {
 	private static final Logger LOG =
 			Logger.getLogger(LanTcpPlugin.class.getName());
 
-	private static final LanAddressComparator ADDRESS_COMPARATOR =
-			new LanAddressComparator();
-
 	private static final int MAX_ADDRESSES = 4;
 	private static final String SEPARATOR = ",";
 
@@ -65,18 +63,19 @@ class LanTcpPlugin extends TcpPlugin {
 		TransportProperties p = callback.getLocalProperties();
 		String oldIpPorts = p.get(PROP_IP_PORTS);
 		List<InetSocketAddress> olds = parseSocketAddresses(oldIpPorts);
-		List<InetSocketAddress> locals = new ArrayList<>();
+		List<InetSocketAddress> locals = new LinkedList<>();
 		for (InetAddress local : getLocalIpAddresses()) {
 			if (isAcceptableAddress(local)) {
 				// If this is the old address, try to use the same port
 				for (InetSocketAddress old : olds) {
-					if (old.getAddress().equals(local))
-						locals.add(new InetSocketAddress(local, old.getPort()));
+					if (old.getAddress().equals(local)) {
+						int port = old.getPort();
+						locals.add(0, new InetSocketAddress(local, port));
+					}
 				}
 				locals.add(new InetSocketAddress(local, 0));
 			}
 		}
-		Collections.sort(locals, ADDRESS_COMPARATOR);
 		return locals;
 	}
 
@@ -154,39 +153,17 @@ class LanTcpPlugin extends TcpPlugin {
 	// Package access for testing
 	boolean addressesAreOnSameLan(byte[] localIp, byte[] remoteIp) {
 		// 10.0.0.0/8
-		if (isPrefix10(localIp)) return isPrefix10(remoteIp);
+		if (localIp[0] == 10) return remoteIp[0] == 10;
 		// 172.16.0.0/12
-		if (isPrefix172(localIp)) return isPrefix172(remoteIp);
+		if (localIp[0] == (byte) 172 && (localIp[1] & 0xF0) == 16)
+			return remoteIp[0] == (byte) 172 && (remoteIp[1] & 0xF0) == 16;
 		// 192.168.0.0/16
-		if (isPrefix192(localIp)) return isPrefix192(remoteIp);
+		if (localIp[0] == (byte) 192 && localIp[1] == (byte) 168)
+			return remoteIp[0] == (byte) 192 && remoteIp[1] == (byte) 168;
 		// Unrecognised prefix - may be compatible
 		return true;
 	}
 
-	private static boolean isPrefix10(byte[] ipv4) {
-		return ipv4[0] == 10;
-	}
-
-	private static boolean isPrefix172(byte[] ipv4) {
-		return ipv4[0] == (byte) 172 && (ipv4[1] & 0xF0) == 16;
-	}
-
-	private static boolean isPrefix192(byte[] ipv4) {
-		return ipv4[0] == (byte) 192 && ipv4[1] == (byte) 168;
-	}
-
-	// Returns the prefix length for an RFC 1918 address, or 0 for any other
-	// address
-	private static int getRfc1918PrefixLength(InetAddress addr) {
-		if (!(addr instanceof Inet4Address)) return 0;
-		if (!addr.isSiteLocalAddress()) return 0;
-		byte[] ipv4 = addr.getAddress();
-		if (isPrefix10(ipv4)) return 8;
-		if (isPrefix172(ipv4)) return 12;
-		if (isPrefix192(ipv4)) return 16;
-		return 0;
-	}
-
 	@Override
 	public boolean supportsKeyAgreement() {
 		return true;
@@ -223,7 +200,7 @@ class LanTcpPlugin extends TcpPlugin {
 
 	@Override
 	public DuplexTransportConnection createKeyAgreementConnection(
-			byte[] commitment, BdfList descriptor) {
+			byte[] commitment, BdfList descriptor, long timeout) {
 		if (!isRunning()) return null;
 		InetSocketAddress remote;
 		try {
@@ -241,11 +218,10 @@ class LanTcpPlugin extends TcpPlugin {
 			}
 			return null;
 		}
+		Socket s = new Socket();
 		try {
 			if (LOG.isLoggable(INFO))
 				LOG.info("Connecting to " + scrubSocketAddress(remote));
-			Socket s = createSocket();
-			s.bind(new InetSocketAddress(socket.getInetAddress(), 0));
 			s.connect(remote);
 			s.setSoTimeout(socketTimeout);
 			if (LOG.isLoggable(INFO))
@@ -283,11 +259,14 @@ class LanTcpPlugin extends TcpPlugin {
 		}
 
 		@Override
-		public KeyAgreementConnection accept() throws IOException {
-			Socket s = ss.accept();
-			if (LOG.isLoggable(INFO)) LOG.info(ID + ": Incoming connection");
-			return new KeyAgreementConnection(new TcpTransportConnection(
-					LanTcpPlugin.this, s), ID);
+		public Callable<KeyAgreementConnection> listen() {
+			return () -> {
+				Socket s = ss.accept();
+				if (LOG.isLoggable(INFO))
+					LOG.info(ID.getString() + ": Incoming connection");
+				return new KeyAgreementConnection(
+						new TcpTransportConnection(LanTcpPlugin.this, s), ID);
+			};
 		}
 
 		@Override
@@ -299,19 +278,4 @@ class LanTcpPlugin extends TcpPlugin {
 			}
 		}
 	}
-
-	static class LanAddressComparator implements Comparator<InetSocketAddress> {
-
-		@Override
-		public int compare(InetSocketAddress a, InetSocketAddress b) {
-			// Prefer addresses with non-zero ports
-			int aPort = a.getPort(), bPort = b.getPort();
-			if (aPort > 0 && bPort == 0) return -1;
-			if (aPort == 0 && bPort > 0) return 1;
-			// Prefer addresses with longer RFC 1918 prefixes
-			int aPrefix = getRfc1918PrefixLength(a.getAddress());
-			int bPrefix = getRfc1918PrefixLength(b.getAddress());
-			return bPrefix - aPrefix;
-		}
-	}
 }

bramble-core/src/main/java/org/briarproject/bramble/plugin/tcp/TcpPlugin.java

@@ -1,6 +1,5 @@
 package org.briarproject.bramble.plugin.tcp;
 
-import org.briarproject.bramble.PoliteExecutor;
 import org.briarproject.bramble.api.contact.ContactId;
 import org.briarproject.bramble.api.data.BdfList;
 import org.briarproject.bramble.api.keyagreement.KeyAgreementListener;
@@ -48,7 +47,7 @@ abstract class TcpPlugin implements DuplexPlugin {
 	private static final Logger LOG =
 			Logger.getLogger(TcpPlugin.class.getName());
 
-	protected final Executor ioExecutor, bindExecutor;
+	protected final Executor ioExecutor;
 	protected final Backoff backoff;
 	protected final DuplexPluginCallback callback;
 	protected final int maxLatency, maxIdleTime, socketTimeout;
@@ -91,8 +90,6 @@ abstract class TcpPlugin implements DuplexPlugin {
 		if (maxIdleTime > Integer.MAX_VALUE / 2)
 			socketTimeout = Integer.MAX_VALUE;
 		else socketTimeout = maxIdleTime * 2;
-		// Don't execute more than one bind operation at a time
-		bindExecutor = new PoliteExecutor("TcpPlugin", ioExecutor, 1);
 	}
 
 	@Override
@@ -113,9 +110,8 @@ abstract class TcpPlugin implements DuplexPlugin {
 	}
 
 	protected void bind() {
-		bindExecutor.execute(() -> {
+		ioExecutor.execute(() -> {
 			if (!running) return;
-			if (socket != null && !socket.isClosed()) return;
 			ServerSocket ss = null;
 			for (InetSocketAddress addr : getLocalSocketAddresses()) {
 				try {
@@ -247,11 +243,10 @@ abstract class TcpPlugin implements DuplexPlugin {
 				}
 				continue;
 			}
+			Socket s = new Socket();
 			try {
 				if (LOG.isLoggable(INFO))
 					LOG.info("Connecting to " + scrubSocketAddress(remote));
-				Socket s = createSocket();
-				s.bind(new InetSocketAddress(socket.getInetAddress(), 0));
 				s.connect(remote);
 				s.setSoTimeout(socketTimeout);
 				if (LOG.isLoggable(INFO))
@@ -266,10 +261,6 @@ abstract class TcpPlugin implements DuplexPlugin {
 		return null;
 	}
 
-	protected Socket createSocket() throws IOException {
-		return new Socket();
-	}
-
 	@Nullable
 	InetSocketAddress parseSocketAddress(String ipPort) {
 		if (StringUtils.isNullOrEmpty(ipPort)) return null;
@@ -306,7 +297,7 @@ abstract class TcpPlugin implements DuplexPlugin {
 
 	@Override
 	public DuplexTransportConnection createKeyAgreementConnection(
-			byte[] commitment, BdfList descriptor) {
+			byte[] commitment, BdfList descriptor, long timeout) {
 		throw new UnsupportedOperationException();
 	}
 

bramble-core/src/main/java/org/briarproject/bramble/properties/TransportPropertyManagerImpl.java

@@ -58,12 +58,12 @@ class TransportPropertyManagerImpl implements TransportPropertyManager,
 		this.metadataParser = metadataParser;
 		this.contactGroupFactory = contactGroupFactory;
 		this.clock = clock;
-		localGroup = contactGroupFactory.createLocalGroup(CLIENT_ID);
+		localGroup = contactGroupFactory.createLocalGroup(CLIENT_ID,
+				CLIENT_VERSION);
 	}
 
 	@Override
 	public void createLocalState(Transaction txn) throws DbException {
-		if (db.containsGroup(txn, localGroup.getId())) return;
 		db.addGroup(txn, localGroup);
 		// Ensure we've set things up for any pre-existing contacts
 		for (Contact c : db.getContacts(txn)) addingContact(txn, c);
@@ -130,8 +130,7 @@ class TransportPropertyManagerImpl implements TransportPropertyManager,
 	public Map<TransportId, TransportProperties> getLocalProperties()
 			throws DbException {
 		Map<TransportId, TransportProperties> local;
-		// TODO: Transaction can be read-only when code is simplified
-		Transaction txn = db.startTransaction(false);
+		Transaction txn = db.startTransaction(true);
 		try {
 			local = getLocalProperties(txn);
 			db.commitTransaction(txn);
@@ -166,8 +165,7 @@ class TransportPropertyManagerImpl implements TransportPropertyManager,
 			throws DbException {
 		try {
 			TransportProperties p = null;
-			// TODO: Transaction can be read-only when code is simplified
-			Transaction txn = db.startTransaction(false);
+			Transaction txn = db.startTransaction(true);
 			try {
 				// Find the latest local update
 				LatestUpdate latest = findLatest(txn, localGroup.getId(), t,
@@ -193,8 +191,7 @@ class TransportPropertyManagerImpl implements TransportPropertyManager,
 	public Map<ContactId, TransportProperties> getRemoteProperties(
 			TransportId t) throws DbException {
 		Map<ContactId, TransportProperties> remote = new HashMap<>();
-		// TODO: Transaction can be read-only when code is simplified
-		Transaction txn = db.startTransaction(false);
+		Transaction txn = db.startTransaction(true);
 		try {
 			for (Contact c : db.getContacts(txn))
 				remote.put(c.getId(), getRemoteProperties(txn, c, t));
@@ -228,8 +225,7 @@ class TransportPropertyManagerImpl implements TransportPropertyManager,
 	public TransportProperties getRemoteProperties(ContactId c, TransportId t)
 			throws DbException {
 		TransportProperties p;
-		// TODO: Transaction can be read-only when code is simplified
-		Transaction txn = db.startTransaction(false);
+		Transaction txn = db.startTransaction(true);
 		try {
 			p = getRemoteProperties(txn, db.getContact(txn, c), t);
 			db.commitTransaction(txn);
@@ -292,7 +288,8 @@ class TransportPropertyManagerImpl implements TransportPropertyManager,
 	}
 
 	private Group getContactGroup(Contact c) {
-		return contactGroupFactory.createContactGroup(CLIENT_ID, c);
+		return contactGroupFactory.createContactGroup(CLIENT_ID,
+				CLIENT_VERSION, c);
 	}
 
 	private void storeMessage(Transaction txn, GroupId g, TransportId t,
@@ -319,7 +316,6 @@ class TransportPropertyManagerImpl implements TransportPropertyManager,
 
 	private Map<TransportId, LatestUpdate> findLatestLocal(Transaction txn)
 			throws DbException, FormatException {
-		// TODO: This can be simplified before 1.0
 		Map<TransportId, LatestUpdate> latestUpdates = new HashMap<>();
 		Map<MessageId, BdfDictionary> metadata = clientHelper
 				.getMessageMetadataAsDictionary(txn, localGroup.getId());
@@ -327,17 +323,7 @@ class TransportPropertyManagerImpl implements TransportPropertyManager,
 			BdfDictionary meta = e.getValue();
 			TransportId t = new TransportId(meta.getString("transportId"));
 			long version = meta.getLong("version");
-			LatestUpdate latest = latestUpdates.get(t);
-			if (latest == null) {
-				latestUpdates.put(t, new LatestUpdate(e.getKey(), version));
-			} else if (version > latest.version) {
-				// This update is newer - delete the previous one
-				db.removeMessage(txn, latest.messageId);
-				latestUpdates.put(t, new LatestUpdate(e.getKey(), version));
-			} else {
-				// We've already found a newer update - delete this one
-				db.removeMessage(txn, e.getKey());
-			}
+			latestUpdates.put(t, new LatestUpdate(e.getKey(), version));
 		}
 		return latestUpdates;
 	}
@@ -345,38 +331,16 @@ class TransportPropertyManagerImpl implements TransportPropertyManager,
 	@Nullable
 	private LatestUpdate findLatest(Transaction txn, GroupId g, TransportId t,
 			boolean local) throws DbException, FormatException {
-		// TODO: This can be simplified before 1.0
-		LatestUpdate latest = null;
 		Map<MessageId, BdfDictionary> metadata =
 				clientHelper.getMessageMetadataAsDictionary(txn, g);
 		for (Entry<MessageId, BdfDictionary> e : metadata.entrySet()) {
 			BdfDictionary meta = e.getValue();
 			if (meta.getString("transportId").equals(t.getString())
 					&& meta.getBoolean("local") == local) {
-				long version = meta.getLong("version");
-				if (latest == null) {
-					latest = new LatestUpdate(e.getKey(), version);
-				} else if (version > latest.version) {
-					// This update is newer - delete the previous one
-					if (local) {
-						db.removeMessage(txn, latest.messageId);
-					} else {
-						db.deleteMessage(txn, latest.messageId);
-						db.deleteMessageMetadata(txn, latest.messageId);
-					}
-					latest = new LatestUpdate(e.getKey(), version);
-				} else {
-					// We've already found a newer update - delete this one
-					if (local) {
-						db.removeMessage(txn, e.getKey());
-					} else {
-						db.deleteMessage(txn, e.getKey());
-						db.deleteMessageMetadata(txn, e.getKey());
-					}
-				}
+				return new LatestUpdate(e.getKey(), meta.getLong("version"));
 			}
 		}
-		return latest;
+		return null;
 	}
 
 	private TransportProperties parseProperties(BdfList message)

bramble-core/src/main/java/org/briarproject/bramble/sync/DuplexOutgoingSession.java

@@ -10,7 +10,7 @@ import org.briarproject.bramble.api.event.Event;
 import org.briarproject.bramble.api.event.EventBus;
 import org.briarproject.bramble.api.event.EventListener;
 import org.briarproject.bramble.api.lifecycle.IoExecutor;
-import org.briarproject.bramble.api.lifecycle.event.LifecycleEvent;
+import org.briarproject.bramble.api.lifecycle.event.ShutdownEvent;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.sync.Ack;
 import org.briarproject.bramble.api.sync.Offer;
@@ -29,8 +29,6 @@ import java.util.Collection;
 import java.util.concurrent.BlockingQueue;
 import java.util.concurrent.Executor;
 import java.util.concurrent.LinkedBlockingQueue;
-import java.util.concurrent.atomic.AtomicBoolean;
-import java.util.concurrent.atomic.AtomicLong;
 import java.util.logging.Logger;
 
 import javax.annotation.concurrent.ThreadSafe;
@@ -38,7 +36,6 @@ import javax.annotation.concurrent.ThreadSafe;
 import static java.util.concurrent.TimeUnit.MILLISECONDS;
 import static java.util.logging.Level.INFO;
 import static java.util.logging.Level.WARNING;
-import static org.briarproject.bramble.api.lifecycle.LifecycleManager.LifecycleState.STOPPING;
 import static org.briarproject.bramble.api.sync.SyncConstants.MAX_MESSAGE_IDS;
 import static org.briarproject.bramble.api.sync.SyncConstants.MAX_RECORD_PAYLOAD_LENGTH;
 
@@ -52,14 +49,12 @@ import static org.briarproject.bramble.api.sync.SyncConstants.MAX_RECORD_PAYLOAD
 @NotNullByDefault
 class DuplexOutgoingSession implements SyncSession, EventListener {
 
+	// Check for retransmittable records once every 60 seconds
+	private static final int RETX_QUERY_INTERVAL = 60 * 1000;
 	private static final Logger LOG =
 			Logger.getLogger(DuplexOutgoingSession.class.getName());
 
-	private static final ThrowingRunnable<IOException> CLOSE = () -> {
-	};
-	private static final ThrowingRunnable<IOException>
-			NEXT_SEND_TIME_DECREASED = () -> {
-	};
+	private static final ThrowingRunnable<IOException> CLOSE = () -> {};
 
 	private final DatabaseComponent db;
 	private final Executor dbExecutor;
@@ -70,13 +65,6 @@ class DuplexOutgoingSession implements SyncSession, EventListener {
 	private final RecordWriter recordWriter;
 	private final BlockingQueue<ThrowingRunnable<IOException>> writerTasks;
 
-	private final AtomicBoolean generateAckQueued = new AtomicBoolean(false);
-	private final AtomicBoolean generateBatchQueued = new AtomicBoolean(false);
-	private final AtomicBoolean generateOfferQueued = new AtomicBoolean(false);
-	private final AtomicBoolean generateRequestQueued =
-			new AtomicBoolean(false);
-	private final AtomicLong nextSendTime = new AtomicLong(Long.MAX_VALUE);
-
 	private volatile boolean interrupted = false;
 
 	DuplexOutgoingSession(DatabaseComponent db, Executor dbExecutor,
@@ -99,21 +87,21 @@ class DuplexOutgoingSession implements SyncSession, EventListener {
 		eventBus.addListener(this);
 		try {
 			// Start a query for each type of record
-			generateAck();
-			generateBatch();
-			generateOffer();
-			generateRequest();
+			dbExecutor.execute(new GenerateAck());
+			dbExecutor.execute(new GenerateBatch());
+			dbExecutor.execute(new GenerateOffer());
+			dbExecutor.execute(new GenerateRequest());
 			long now = clock.currentTimeMillis();
 			long nextKeepalive = now + maxIdleTime;
+			long nextRetxQuery = now + RETX_QUERY_INTERVAL;
 			boolean dataToFlush = true;
 			// Write records until interrupted
 			try {
 				while (!interrupted) {
 					// Work out how long we should wait for a record
 					now = clock.currentTimeMillis();
-					long keepaliveWait = Math.max(0, nextKeepalive - now);
-					long sendWait = Math.max(0, nextSendTime.get() - now);
-					long wait = Math.min(keepaliveWait, sendWait);
+					long wait = Math.min(nextKeepalive, nextRetxQuery) - now;
+					if (wait < 0) wait = 0;
 					// Flush any unflushed data if we're going to wait
 					if (wait > 0 && dataToFlush && writerTasks.isEmpty()) {
 						recordWriter.flush();
@@ -125,25 +113,20 @@ class DuplexOutgoingSession implements SyncSession, EventListener {
 							MILLISECONDS);
 					if (task == null) {
 						now = clock.currentTimeMillis();
-						if (now >= nextSendTime.get()) {
-							// Check for retransmittable messages
-							LOG.info("Checking for retransmittable messages");
-							setNextSendTime(Long.MAX_VALUE);
-							generateBatch();
-							generateOffer();
+						if (now >= nextRetxQuery) {
+							// Check for retransmittable records
+							dbExecutor.execute(new GenerateBatch());
+							dbExecutor.execute(new GenerateOffer());
+							nextRetxQuery = now + RETX_QUERY_INTERVAL;
 						}
 						if (now >= nextKeepalive) {
 							// Flush the stream to keep it alive
-							LOG.info("Sending keepalive");
 							recordWriter.flush();
 							dataToFlush = false;
 							nextKeepalive = now + maxIdleTime;
 						}
 					} else if (task == CLOSE) {
-						LOG.info("Closed");
 						break;
-					} else if (task == NEXT_SEND_TIME_DECREASED) {
-						LOG.info("Next send time decreased");
 					} else {
 						task.run();
 						dataToFlush = true;
@@ -159,31 +142,6 @@ class DuplexOutgoingSession implements SyncSession, EventListener {
 		}
 	}
 
-	private void generateAck() {
-		if (generateAckQueued.compareAndSet(false, true))
-			dbExecutor.execute(new GenerateAck());
-	}
-
-	private void generateBatch() {
-		if (generateBatchQueued.compareAndSet(false, true))
-			dbExecutor.execute(new GenerateBatch());
-	}
-
-	private void generateOffer() {
-		if (generateOfferQueued.compareAndSet(false, true))
-			dbExecutor.execute(new GenerateOffer());
-	}
-
-	private void generateRequest() {
-		if (generateRequestQueued.compareAndSet(false, true))
-			dbExecutor.execute(new GenerateRequest());
-	}
-
-	private void setNextSendTime(long time) {
-		long old = nextSendTime.getAndSet(time);
-		if (time < old) writerTasks.add(NEXT_SEND_TIME_DECREASED);
-	}
-
 	@Override
 	public void interrupt() {
 		interrupted = true;
@@ -196,23 +154,22 @@ class DuplexOutgoingSession implements SyncSession, EventListener {
 			ContactRemovedEvent c = (ContactRemovedEvent) e;
 			if (c.getContactId().equals(contactId)) interrupt();
 		} else if (e instanceof MessageSharedEvent) {
-			generateOffer();
+			dbExecutor.execute(new GenerateOffer());
 		} else if (e instanceof GroupVisibilityUpdatedEvent) {
 			GroupVisibilityUpdatedEvent g = (GroupVisibilityUpdatedEvent) e;
 			if (g.getAffectedContacts().contains(contactId))
-				generateOffer();
+				dbExecutor.execute(new GenerateOffer());
 		} else if (e instanceof MessageRequestedEvent) {
 			if (((MessageRequestedEvent) e).getContactId().equals(contactId))
-				generateBatch();
+				dbExecutor.execute(new GenerateBatch());
 		} else if (e instanceof MessageToAckEvent) {
 			if (((MessageToAckEvent) e).getContactId().equals(contactId))
-				generateAck();
+				dbExecutor.execute(new GenerateAck());
 		} else if (e instanceof MessageToRequestEvent) {
 			if (((MessageToRequestEvent) e).getContactId().equals(contactId))
-				generateRequest();
-		} else if (e instanceof LifecycleEvent) {
-			LifecycleEvent l = (LifecycleEvent) e;
-			if (l.getLifecycleState() == STOPPING) interrupt();
+				dbExecutor.execute(new GenerateRequest());
+		} else if (e instanceof ShutdownEvent) {
+			interrupt();
 		}
 	}
 
@@ -222,7 +179,6 @@ class DuplexOutgoingSession implements SyncSession, EventListener {
 		@Override
 		public void run() {
 			if (interrupted) return;
-			if (!generateAckQueued.getAndSet(false)) throw new AssertionError();
 			try {
 				Ack a;
 				Transaction txn = db.startTransaction(false);
@@ -256,7 +212,7 @@ class DuplexOutgoingSession implements SyncSession, EventListener {
 			if (interrupted) return;
 			recordWriter.writeAck(ack);
 			LOG.info("Sent ack");
-			generateAck();
+			dbExecutor.execute(new GenerateAck());
 		}
 	}
 
@@ -266,15 +222,12 @@ class DuplexOutgoingSession implements SyncSession, EventListener {
 		@Override
 		public void run() {
 			if (interrupted) return;
-			if (!generateBatchQueued.getAndSet(false))
-				throw new AssertionError();
 			try {
 				Collection<byte[]> b;
 				Transaction txn = db.startTransaction(false);
 				try {
 					b = db.generateRequestedBatch(txn, contactId,
 							MAX_RECORD_PAYLOAD_LENGTH, maxLatency);
-					setNextSendTime(db.getNextSendTime(txn, contactId));
 					db.commitTransaction(txn);
 				} finally {
 					db.endTransaction(txn);
@@ -303,7 +256,7 @@ class DuplexOutgoingSession implements SyncSession, EventListener {
 			if (interrupted) return;
 			for (byte[] raw : batch) recordWriter.writeMessage(raw);
 			LOG.info("Sent batch");
-			generateBatch();
+			dbExecutor.execute(new GenerateBatch());
 		}
 	}
 
@@ -313,15 +266,12 @@ class DuplexOutgoingSession implements SyncSession, EventListener {
 		@Override
 		public void run() {
 			if (interrupted) return;
-			if (!generateOfferQueued.getAndSet(false))
-				throw new AssertionError();
 			try {
 				Offer o;
 				Transaction txn = db.startTransaction(false);
 				try {
 					o = db.generateOffer(txn, contactId, MAX_MESSAGE_IDS,
 							maxLatency);
-					setNextSendTime(db.getNextSendTime(txn, contactId));
 					db.commitTransaction(txn);
 				} finally {
 					db.endTransaction(txn);
@@ -350,7 +300,7 @@ class DuplexOutgoingSession implements SyncSession, EventListener {
 			if (interrupted) return;
 			recordWriter.writeOffer(offer);
 			LOG.info("Sent offer");
-			generateOffer();
+			dbExecutor.execute(new GenerateOffer());
 		}
 	}
 
@@ -360,8 +310,6 @@ class DuplexOutgoingSession implements SyncSession, EventListener {
 		@Override
 		public void run() {
 			if (interrupted) return;
-			if (!generateRequestQueued.getAndSet(false))
-				throw new AssertionError();
 			try {
 				Request r;
 				Transaction txn = db.startTransaction(false);
@@ -395,7 +343,7 @@ class DuplexOutgoingSession implements SyncSession, EventListener {
 			if (interrupted) return;
 			recordWriter.writeRequest(request);
 			LOG.info("Sent request");
-			generateRequest();
+			dbExecutor.execute(new GenerateRequest());
 		}
 	}
 }

bramble-core/src/main/java/org/briarproject/bramble/sync/GroupFactoryImpl.java

@@ -6,11 +6,16 @@ import org.briarproject.bramble.api.sync.ClientId;
 import org.briarproject.bramble.api.sync.Group;
 import org.briarproject.bramble.api.sync.GroupFactory;
 import org.briarproject.bramble.api.sync.GroupId;
+import org.briarproject.bramble.util.ByteUtils;
 import org.briarproject.bramble.util.StringUtils;
 
 import javax.annotation.concurrent.Immutable;
 import javax.inject.Inject;
 
+import static org.briarproject.bramble.api.sync.GroupId.LABEL;
+import static org.briarproject.bramble.api.sync.SyncConstants.PROTOCOL_VERSION;
+import static org.briarproject.bramble.util.ByteUtils.INT_32_BYTES;
+
 @Immutable
 @NotNullByDefault
 class GroupFactoryImpl implements GroupFactory {
@@ -23,9 +28,12 @@ class GroupFactoryImpl implements GroupFactory {
 	}
 
 	@Override
-	public Group createGroup(ClientId c, byte[] descriptor) {
-		byte[] hash = crypto.hash(GroupId.LABEL,
-				StringUtils.toUtf8(c.getString()), descriptor);
+	public Group createGroup(ClientId c, int clientVersion, byte[] descriptor) {
+		byte[] clientVersionBytes = new byte[INT_32_BYTES];
+		ByteUtils.writeUint32(clientVersion, clientVersionBytes, 0);
+		byte[] hash = crypto.hash(LABEL, new byte[] {PROTOCOL_VERSION},
+				StringUtils.toUtf8(c.getString()), clientVersionBytes,
+				descriptor);
 		return new Group(new GroupId(hash), c, descriptor);
 	}
 }

bramble-core/src/main/java/org/briarproject/bramble/sync/IncomingSession.java

@@ -11,7 +11,7 @@ import org.briarproject.bramble.api.event.Event;
 import org.briarproject.bramble.api.event.EventBus;
 import org.briarproject.bramble.api.event.EventListener;
 import org.briarproject.bramble.api.lifecycle.IoExecutor;
-import org.briarproject.bramble.api.lifecycle.event.LifecycleEvent;
+import org.briarproject.bramble.api.lifecycle.event.ShutdownEvent;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.sync.Ack;
 import org.briarproject.bramble.api.sync.Message;
@@ -27,7 +27,6 @@ import java.util.logging.Logger;
 import javax.annotation.concurrent.ThreadSafe;
 
 import static java.util.logging.Level.WARNING;
-import static org.briarproject.bramble.api.lifecycle.LifecycleManager.LifecycleState.STOPPING;
 
 /**
  * An incoming {@link SyncSession}.
@@ -97,9 +96,8 @@ class IncomingSession implements SyncSession, EventListener {
 		if (e instanceof ContactRemovedEvent) {
 			ContactRemovedEvent c = (ContactRemovedEvent) e;
 			if (c.getContactId().equals(contactId)) interrupt();
-		} else if (e instanceof LifecycleEvent) {
-			LifecycleEvent l = (LifecycleEvent) e;
-			if (l.getLifecycleState() == STOPPING) interrupt();
+		} else if (e instanceof ShutdownEvent) {
+			interrupt();
 		}
 	}
 

bramble-core/src/main/java/org/briarproject/bramble/sync/MessageFactoryImpl.java

@@ -12,8 +12,10 @@ import org.briarproject.bramble.util.ByteUtils;
 import javax.annotation.concurrent.Immutable;
 import javax.inject.Inject;
 
+import static org.briarproject.bramble.api.sync.MessageId.LABEL;
 import static org.briarproject.bramble.api.sync.SyncConstants.MAX_MESSAGE_BODY_LENGTH;
 import static org.briarproject.bramble.api.sync.SyncConstants.MESSAGE_HEADER_LENGTH;
+import static org.briarproject.bramble.api.sync.SyncConstants.PROTOCOL_VERSION;
 
 @Immutable
 @NotNullByDefault
@@ -32,9 +34,9 @@ class MessageFactoryImpl implements MessageFactory {
 			throw new IllegalArgumentException();
 		byte[] timeBytes = new byte[ByteUtils.INT_64_BYTES];
 		ByteUtils.writeUint64(timestamp, timeBytes, 0);
-		byte[] idHash =
-				crypto.hash(MessageId.LABEL, g.getBytes(), timeBytes, body);
-		MessageId id = new MessageId(idHash);
+		byte[] hash = crypto.hash(LABEL, new byte[] {PROTOCOL_VERSION},
+				g.getBytes(), timeBytes, body);
+		MessageId id = new MessageId(hash);
 		byte[] raw = new byte[MESSAGE_HEADER_LENGTH + body.length];
 		System.arraycopy(g.getBytes(), 0, raw, 0, UniqueId.LENGTH);
 		ByteUtils.writeUint64(timestamp, raw, UniqueId.LENGTH);

bramble-core/src/main/java/org/briarproject/bramble/sync/SimplexOutgoingSession.java

@@ -10,7 +10,7 @@ import org.briarproject.bramble.api.event.Event;
 import org.briarproject.bramble.api.event.EventBus;
 import org.briarproject.bramble.api.event.EventListener;
 import org.briarproject.bramble.api.lifecycle.IoExecutor;
-import org.briarproject.bramble.api.lifecycle.event.LifecycleEvent;
+import org.briarproject.bramble.api.lifecycle.event.ShutdownEvent;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.sync.Ack;
 import org.briarproject.bramble.api.sync.RecordWriter;
@@ -28,7 +28,6 @@ import javax.annotation.concurrent.ThreadSafe;
 
 import static java.util.logging.Level.INFO;
 import static java.util.logging.Level.WARNING;
-import static org.briarproject.bramble.api.lifecycle.LifecycleManager.LifecycleState.STOPPING;
 import static org.briarproject.bramble.api.sync.SyncConstants.MAX_MESSAGE_IDS;
 import static org.briarproject.bramble.api.sync.SyncConstants.MAX_RECORD_PAYLOAD_LENGTH;
 
@@ -110,9 +109,8 @@ class SimplexOutgoingSession implements SyncSession, EventListener {
 		if (e instanceof ContactRemovedEvent) {
 			ContactRemovedEvent c = (ContactRemovedEvent) e;
 			if (c.getContactId().equals(contactId)) interrupt();
-		} else if (e instanceof LifecycleEvent) {
-			LifecycleEvent l = (LifecycleEvent) e;
-			if (l.getLifecycleState() == STOPPING) interrupt();
+		} else if (e instanceof ShutdownEvent) {
+			interrupt();
 		}
 	}
 

bramble-core/src/main/java/org/briarproject/bramble/sync/ValidationManagerImpl.java

@@ -71,9 +71,11 @@ class ValidationManagerImpl implements ValidationManager, Service,
 	@Override
 	public void startService() {
 		if (used.getAndSet(true)) throw new IllegalStateException();
-		validateOutstandingMessagesAsync();
-		deliverOutstandingMessagesAsync();
-		shareOutstandingMessagesAsync();
+		for (ClientId c : validators.keySet()) {
+			validateOutstandingMessagesAsync(c);
+			deliverOutstandingMessagesAsync(c);
+			shareOutstandingMessagesAsync(c);
+		}
 	}
 
 	@Override
@@ -91,17 +93,17 @@ class ValidationManagerImpl implements ValidationManager, Service,
 		hooks.put(c, hook);
 	}
 
-	private void validateOutstandingMessagesAsync() {
-		dbExecutor.execute(this::validateOutstandingMessages);
+	private void validateOutstandingMessagesAsync(ClientId c) {
+		dbExecutor.execute(() -> validateOutstandingMessages(c));
 	}
 
 	@DatabaseExecutor
-	private void validateOutstandingMessages() {
+	private void validateOutstandingMessages(ClientId c) {
 		try {
 			Queue<MessageId> unvalidated = new LinkedList<>();
 			Transaction txn = db.startTransaction(true);
 			try {
-				unvalidated.addAll(db.getMessagesToValidate(txn));
+				unvalidated.addAll(db.getMessagesToValidate(txn, c));
 				db.commitTransaction(txn);
 			} finally {
 				db.endTransaction(txn);
@@ -146,17 +148,17 @@ class ValidationManagerImpl implements ValidationManager, Service,
 		}
 	}
 
-	private void deliverOutstandingMessagesAsync() {
-		dbExecutor.execute(this::deliverOutstandingMessages);
+	private void deliverOutstandingMessagesAsync(ClientId c) {
+		dbExecutor.execute(() -> deliverOutstandingMessages(c));
 	}
 
 	@DatabaseExecutor
-	private void deliverOutstandingMessages() {
+	private void deliverOutstandingMessages(ClientId c) {
 		try {
 			Queue<MessageId> pending = new LinkedList<>();
 			Transaction txn = db.startTransaction(true);
 			try {
-				pending.addAll(db.getPendingMessages(txn));
+				pending.addAll(db.getPendingMessages(txn, c));
 				db.commitTransaction(txn);
 			} finally {
 				db.endTransaction(txn);
@@ -351,17 +353,17 @@ class ValidationManagerImpl implements ValidationManager, Service,
 		return pending;
 	}
 
-	private void shareOutstandingMessagesAsync() {
-		dbExecutor.execute(this::shareOutstandingMessages);
+	private void shareOutstandingMessagesAsync(ClientId c) {
+		dbExecutor.execute(() -> shareOutstandingMessages(c));
 	}
 
 	@DatabaseExecutor
-	private void shareOutstandingMessages() {
+	private void shareOutstandingMessages(ClientId c) {
 		try {
 			Queue<MessageId> toShare = new LinkedList<>();
 			Transaction txn = db.startTransaction(true);
 			try {
-				toShare.addAll(db.getMessagesToShare(txn));
+				toShare.addAll(db.getMessagesToShare(txn, c));
 				db.commitTransaction(txn);
 			} finally {
 				db.endTransaction(txn);

bramble-core/src/main/java/org/briarproject/bramble/system/SystemModule.java

@@ -4,9 +4,8 @@ import org.briarproject.bramble.api.lifecycle.LifecycleManager;
 import org.briarproject.bramble.api.system.Clock;
 import org.briarproject.bramble.api.system.Scheduler;
 
-import java.util.concurrent.RejectedExecutionHandler;
+import java.util.concurrent.Executors;
 import java.util.concurrent.ScheduledExecutorService;
-import java.util.concurrent.ScheduledThreadPoolExecutor;
 
 import javax.inject.Inject;
 import javax.inject.Singleton;
@@ -26,10 +25,7 @@ public class SystemModule {
 	private final ScheduledExecutorService scheduler;
 
 	public SystemModule() {
-		// Discard tasks that are submitted during shutdown
-		RejectedExecutionHandler policy =
-				new ScheduledThreadPoolExecutor.DiscardPolicy();
-		scheduler = new ScheduledThreadPoolExecutor(1, policy);
+		scheduler = Executors.newSingleThreadScheduledExecutor();
 	}
 
 	@Provides

bramble-core/src/main/java/org/briarproject/bramble/transport/TransportKeyManagerFactoryImpl.java

@@ -1,6 +1,6 @@
 package org.briarproject.bramble.transport;
 
-import org.briarproject.bramble.api.crypto.CryptoComponent;
+import org.briarproject.bramble.api.crypto.TransportCrypto;
 import org.briarproject.bramble.api.db.DatabaseComponent;
 import org.briarproject.bramble.api.db.DatabaseExecutor;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
@@ -20,17 +20,18 @@ class TransportKeyManagerFactoryImpl implements
 		TransportKeyManagerFactory {
 
 	private final DatabaseComponent db;
-	private final CryptoComponent crypto;
+	private final TransportCrypto transportCrypto;
 	private final Executor dbExecutor;
 	private final ScheduledExecutorService scheduler;
 	private final Clock clock;
 
 	@Inject
-	TransportKeyManagerFactoryImpl(DatabaseComponent db, CryptoComponent crypto,
+	TransportKeyManagerFactoryImpl(DatabaseComponent db,
+			TransportCrypto transportCrypto,
 			@DatabaseExecutor Executor dbExecutor,
 			@Scheduler ScheduledExecutorService scheduler, Clock clock) {
 		this.db = db;
-		this.crypto = crypto;
+		this.transportCrypto = transportCrypto;
 		this.dbExecutor = dbExecutor;
 		this.scheduler = scheduler;
 		this.clock = clock;
@@ -39,8 +40,8 @@ class TransportKeyManagerFactoryImpl implements
 	@Override
 	public TransportKeyManager createTransportKeyManager(
 			TransportId transportId, long maxLatency) {
-		return new TransportKeyManagerImpl(db, crypto, dbExecutor, scheduler,
-				clock, transportId, maxLatency);
+		return new TransportKeyManagerImpl(db, transportCrypto, dbExecutor,
+				scheduler, clock, transportId, maxLatency);
 	}
 
 }

bramble-core/src/main/java/org/briarproject/bramble/transport/TransportKeyManagerImpl.java

@@ -2,8 +2,8 @@ package org.briarproject.bramble.transport;
 
 import org.briarproject.bramble.api.Bytes;
 import org.briarproject.bramble.api.contact.ContactId;
-import org.briarproject.bramble.api.crypto.CryptoComponent;
 import org.briarproject.bramble.api.crypto.SecretKey;
+import org.briarproject.bramble.api.crypto.TransportCrypto;
 import org.briarproject.bramble.api.db.DatabaseComponent;
 import org.briarproject.bramble.api.db.DbException;
 import org.briarproject.bramble.api.db.Transaction;
@@ -41,7 +41,7 @@ class TransportKeyManagerImpl implements TransportKeyManager {
 			Logger.getLogger(TransportKeyManagerImpl.class.getName());
 
 	private final DatabaseComponent db;
-	private final CryptoComponent crypto;
+	private final TransportCrypto transportCrypto;
 	private final Executor dbExecutor;
 	private final ScheduledExecutorService scheduler;
 	private final Clock clock;
@@ -54,11 +54,12 @@ class TransportKeyManagerImpl implements TransportKeyManager {
 	private final Map<ContactId, MutableOutgoingKeys> outContexts;
 	private final Map<ContactId, MutableTransportKeys> keys;
 
-	TransportKeyManagerImpl(DatabaseComponent db, CryptoComponent crypto,
-			Executor dbExecutor, @Scheduler ScheduledExecutorService scheduler,
-			Clock clock, TransportId transportId, long maxLatency) {
+	TransportKeyManagerImpl(DatabaseComponent db,
+			TransportCrypto transportCrypto, Executor dbExecutor,
+			@Scheduler ScheduledExecutorService scheduler, Clock clock,
+			TransportId transportId, long maxLatency) {
 		this.db = db;
-		this.crypto = crypto;
+		this.transportCrypto = transportCrypto;
 		this.dbExecutor = dbExecutor;
 		this.scheduler = scheduler;
 		this.clock = clock;
@@ -99,7 +100,8 @@ class TransportKeyManagerImpl implements TransportKeyManager {
 		for (Entry<ContactId, TransportKeys> e : keys.entrySet()) {
 			ContactId c = e.getKey();
 			TransportKeys k = e.getValue();
-			TransportKeys k1 = crypto.rotateTransportKeys(k, rotationPeriod);
+			TransportKeys k1 =
+					transportCrypto.rotateTransportKeys(k, rotationPeriod);
 			if (k1.getRotationPeriod() > k.getRotationPeriod())
 				rotationResult.rotated.put(c, k1);
 			rotationResult.current.put(c, k1);
@@ -127,7 +129,7 @@ class TransportKeyManagerImpl implements TransportKeyManager {
 		for (long streamNumber : inKeys.getWindow().getUnseen()) {
 			TagContext tagCtx = new TagContext(c, inKeys, streamNumber);
 			byte[] tag = new byte[TAG_LENGTH];
-			crypto.encodeTag(tag, inKeys.getTagKey(), PROTOCOL_VERSION,
+			transportCrypto.encodeTag(tag, inKeys.getTagKey(), PROTOCOL_VERSION,
 					streamNumber);
 			inContexts.put(new Bytes(tag), tagCtx);
 		}
@@ -162,11 +164,11 @@ class TransportKeyManagerImpl implements TransportKeyManager {
 			// Work out what rotation period the timestamp belongs to
 			long rotationPeriod = timestamp / rotationPeriodLength;
 			// Derive the transport keys
-			TransportKeys k = crypto.deriveTransportKeys(transportId, master,
-					rotationPeriod, alice);
+			TransportKeys k = transportCrypto.deriveTransportKeys(transportId,
+					master, rotationPeriod, alice);
 			// Rotate the keys to the current rotation period if necessary
 			rotationPeriod = clock.currentTimeMillis() / rotationPeriodLength;
-			k = crypto.rotateTransportKeys(k, rotationPeriod);
+			k = transportCrypto.rotateTransportKeys(k, rotationPeriod);
 			// Initialise mutable state for the contact
 			addKeys(c, new MutableTransportKeys(k));
 			// Write the keys back to the DB
@@ -234,8 +236,8 @@ class TransportKeyManagerImpl implements TransportKeyManager {
 			// Add tags for any stream numbers added to the window
 			for (long streamNumber : change.getAdded()) {
 				byte[] addTag = new byte[TAG_LENGTH];
-				crypto.encodeTag(addTag, inKeys.getTagKey(), PROTOCOL_VERSION,
-						streamNumber);
+				transportCrypto.encodeTag(addTag, inKeys.getTagKey(),
+						PROTOCOL_VERSION, streamNumber);
 				inContexts.put(new Bytes(addTag), new TagContext(
 						tagCtx.contactId, inKeys, streamNumber));
 			}
@@ -243,7 +245,7 @@ class TransportKeyManagerImpl implements TransportKeyManager {
 			for (long streamNumber : change.getRemoved()) {
 				if (streamNumber == tagCtx.streamNumber) continue;
 				byte[] removeTag = new byte[TAG_LENGTH];
-				crypto.encodeTag(removeTag, inKeys.getTagKey(),
+				transportCrypto.encodeTag(removeTag, inKeys.getTagKey(),
 						PROTOCOL_VERSION, streamNumber);
 				inContexts.remove(new Bytes(removeTag));
 			}

bramble-core/src/test/java/org/briarproject/bramble/crypto/EcdsaSignatureTest.java

@@ -0,0 +1,25 @@
+package org.briarproject.bramble.crypto;
+
+import org.briarproject.bramble.api.crypto.KeyPair;
+
+import java.security.GeneralSecurityException;
+
+public class EcdsaSignatureTest extends SignatureTest {
+
+	@Override
+	protected KeyPair generateKeyPair() {
+		return crypto.generateSignatureKeyPair();
+	}
+
+	@Override
+	protected byte[] sign(String label, byte[] toSign, byte[] privateKey)
+			throws GeneralSecurityException {
+		return crypto.sign(label, toSign, privateKey);
+	}
+
+	@Override
+	protected boolean verify(String label, byte[] signedData, byte[] publicKey,
+			byte[] signature) throws GeneralSecurityException {
+		return crypto.verify(label, signedData, publicKey, signature);
+	}
+}

bramble-core/src/test/java/org/briarproject/bramble/crypto/EdSignatureTest.java

@@ -0,0 +1,25 @@
+package org.briarproject.bramble.crypto;
+
+import org.briarproject.bramble.api.crypto.KeyPair;
+
+import java.security.GeneralSecurityException;
+
+public class EdSignatureTest extends SignatureTest {
+
+	@Override
+	protected KeyPair generateKeyPair() {
+		return crypto.generateEdKeyPair();
+	}
+
+	@Override
+	protected byte[] sign(String label, byte[] toSign, byte[] privateKey)
+			throws GeneralSecurityException {
+		return crypto.signEd(label, toSign, privateKey);
+	}
+
+	@Override
+	protected boolean verify(String label, byte[] signedData, byte[] publicKey,
+			byte[] signature) throws GeneralSecurityException {
+		return crypto.verifyEd(label, signedData, publicKey, signature);
+	}
+}

bramble-core/src/test/java/org/briarproject/bramble/crypto/EllipticCurvePerformanceTest.java

@@ -1,16 +1,19 @@
 package org.briarproject.bramble.crypto;
 
+import net.i2p.crypto.eddsa.EdDSASecurityProvider;
+import net.i2p.crypto.eddsa.KeyPairGenerator;
+
 import org.spongycastle.asn1.sec.SECNamedCurves;
 import org.spongycastle.asn1.teletrust.TeleTrusTNamedCurves;
 import org.spongycastle.asn1.x9.X9ECParameters;
 import org.spongycastle.crypto.AsymmetricCipherKeyPair;
+import org.spongycastle.crypto.BasicAgreement;
 import org.spongycastle.crypto.Digest;
+import org.spongycastle.crypto.agreement.ECDHBasicAgreement;
 import org.spongycastle.crypto.agreement.ECDHCBasicAgreement;
 import org.spongycastle.crypto.generators.ECKeyPairGenerator;
 import org.spongycastle.crypto.params.ECDomainParameters;
 import org.spongycastle.crypto.params.ECKeyGenerationParameters;
-import org.spongycastle.crypto.params.ECPrivateKeyParameters;
-import org.spongycastle.crypto.params.ECPublicKeyParameters;
 import org.spongycastle.crypto.params.ParametersWithRandom;
 import org.spongycastle.crypto.signers.DSADigestSigner;
 import org.spongycastle.crypto.signers.DSAKCalculator;
@@ -19,14 +22,23 @@ import org.spongycastle.crypto.signers.HMacDSAKCalculator;
 import org.spongycastle.math.ec.ECCurve;
 import org.spongycastle.math.ec.ECPoint;
 import org.spongycastle.math.ec.MontgomeryLadderMultiplier;
+import org.whispersystems.curve25519.Curve25519;
+import org.whispersystems.curve25519.Curve25519KeyPair;
 
 import java.math.BigInteger;
+import java.security.GeneralSecurityException;
+import java.security.KeyPair;
+import java.security.Provider;
 import java.security.SecureRandom;
+import java.security.Signature;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;
 
+import static net.i2p.crypto.eddsa.EdDSAEngine.SIGNATURE_ALGORITHM;
+import static org.briarproject.bramble.crypto.EllipticCurveConstants.PARAMETERS;
+
 // Not a JUnit test
 public class EllipticCurvePerformanceTest {
 
@@ -37,8 +49,9 @@ public class EllipticCurvePerformanceTest {
 			"secp256k1", "secp256r1", "secp384r1", "secp521r1");
 	private static final List<String> BRAINPOOL_NAMES = Arrays.asList(
 			"brainpoolp256r1", "brainpoolp384r1", "brainpoolp512r1");
+	private static final Provider ED_PROVIDER = new EdDSASecurityProvider();
 
-	public static void main(String[] args) {
+	public static void main(String[] args) throws GeneralSecurityException {
 		for (String name : SEC_NAMES) {
 			ECDomainParameters params =
 					convertParams(SECNamedCurves.getByName(name));
@@ -51,43 +64,32 @@ public class EllipticCurvePerformanceTest {
 			runTest(name + " default", params);
 			runTest(name + " constant", constantTime(params));
 		}
-		runTest("ours", EllipticCurveConstants.PARAMETERS);
+		runTest("ours", PARAMETERS);
+		runCurve25519Test();
+		runEd25519Test();
 	}
 
 	private static void runTest(String name, ECDomainParameters params) {
 		// Generate two key pairs using the given parameters
-		ECKeyGenerationParameters generatorParams =
-				new ECKeyGenerationParameters(params, random);
 		ECKeyPairGenerator generator = new ECKeyPairGenerator();
-		generator.init(generatorParams);
+		generator.init(new ECKeyGenerationParameters(params, random));
 		AsymmetricCipherKeyPair keyPair1 = generator.generateKeyPair();
-		ECPublicKeyParameters public1 =
-				(ECPublicKeyParameters) keyPair1.getPublic();
-		ECPrivateKeyParameters private1 =
-				(ECPrivateKeyParameters) keyPair1.getPrivate();
 		AsymmetricCipherKeyPair keyPair2 = generator.generateKeyPair();
-		ECPublicKeyParameters public2 =
-				(ECPublicKeyParameters) keyPair2.getPublic();
-		// Time some ECDH key agreements
-		List<Long> samples = new ArrayList<>();
-		for (int i = 0; i < SAMPLES; i++) {
-			ECDHCBasicAgreement agreement = new ECDHCBasicAgreement();
-			long start = System.nanoTime();
-			agreement.init(private1);
-			agreement.calculateAgreement(public2);
-			samples.add(System.nanoTime() - start);
-		}
-		long agreementMedian = median(samples);
+		// Time some ECDH and ECDHC key agreements
+		long agreementMedian = runAgreementTest(keyPair1, keyPair2, false);
+		long agreementWithCofactorMedian =
+				runAgreementTest(keyPair1, keyPair2, true);
 		// Time some signatures
+		List<Long> samples = new ArrayList<>();
 		List<byte[]> signatures = new ArrayList<>();
-		samples.clear();
 		for (int i = 0; i < SAMPLES; i++) {
 			Digest digest = new Blake2sDigest();
 			DSAKCalculator calculator = new HMacDSAKCalculator(digest);
 			DSADigestSigner signer = new DSADigestSigner(new ECDSASigner(
 					calculator), digest);
 			long start = System.nanoTime();
-			signer.init(true, new ParametersWithRandom(private1, random));
+			signer.init(true,
+					new ParametersWithRandom(keyPair1.getPrivate(), random));
 			signer.update(new byte[BYTES_TO_SIGN], 0, BYTES_TO_SIGN);
 			signatures.add(signer.generateSignature());
 			samples.add(System.nanoTime() - start);
@@ -101,17 +103,83 @@ public class EllipticCurvePerformanceTest {
 			DSADigestSigner signer = new DSADigestSigner(new ECDSASigner(
 					calculator), digest);
 			long start = System.nanoTime();
-			signer.init(false, public1);
+			signer.init(false, keyPair1.getPublic());
 			signer.update(new byte[BYTES_TO_SIGN], 0, BYTES_TO_SIGN);
 			if (!signer.verifySignature(signatures.get(i)))
 				throw new AssertionError();
 			samples.add(System.nanoTime() - start);
 		}
 		long verificationMedian = median(samples);
-		System.out.println(name + ": "
-				+ agreementMedian + " "
-				+ signatureMedian + " "
-				+ verificationMedian);
+		System.out.println(String.format("%s: %,d %,d %,d %,d", name,
+				agreementMedian, agreementWithCofactorMedian,
+				signatureMedian, verificationMedian));
+	}
+
+	private static long runAgreementTest(AsymmetricCipherKeyPair keyPair1,
+			AsymmetricCipherKeyPair keyPair2, boolean withCofactor) {
+		List<Long> samples = new ArrayList<>();
+		for (int i = 0; i < SAMPLES; i++) {
+			BasicAgreement agreement = createAgreement(withCofactor);
+			long start = System.nanoTime();
+			agreement.init(keyPair1.getPrivate());
+			agreement.calculateAgreement(keyPair2.getPublic());
+			samples.add(System.nanoTime() - start);
+		}
+		return median(samples);
+	}
+
+	private static BasicAgreement createAgreement(boolean withCofactor) {
+		if (withCofactor) return new ECDHCBasicAgreement();
+		else return new ECDHBasicAgreement();
+	}
+
+	private static void runCurve25519Test() {
+		Curve25519 curve25519 = Curve25519.getInstance("java");
+		Curve25519KeyPair keyPair1 = curve25519.generateKeyPair();
+		Curve25519KeyPair keyPair2 = curve25519.generateKeyPair();
+		// Time some key agreements
+		List<Long> samples = new ArrayList<>();
+		for (int i = 0; i < SAMPLES; i++) {
+			long start = System.nanoTime();
+			curve25519.calculateAgreement(keyPair1.getPublicKey(),
+					keyPair2.getPrivateKey());
+			samples.add(System.nanoTime() - start);
+		}
+		long agreementMedian = median(samples);
+		System.out.println(String.format("Curve25519: %,d - - -",
+				agreementMedian));
+	}
+
+	private static void runEd25519Test() throws GeneralSecurityException {
+		KeyPair keyPair = new KeyPairGenerator().generateKeyPair();
+		// Time some signatures
+		List<Long> samples = new ArrayList<>();
+		List<byte[]> signatures = new ArrayList<>();
+		for (int i = 0; i < SAMPLES; i++) {
+			Signature signature =
+					Signature.getInstance(SIGNATURE_ALGORITHM, ED_PROVIDER);
+			long start = System.nanoTime();
+			signature.initSign(keyPair.getPrivate(), random);
+			signature.update(new byte[BYTES_TO_SIGN], 0, BYTES_TO_SIGN);
+			signatures.add(signature.sign());
+			samples.add(System.nanoTime() - start);
+		}
+		long signatureMedian = median(samples);
+		// Time some signature verifications
+		samples.clear();
+		for (int i = 0; i < SAMPLES; i++) {
+			Signature signature =
+					Signature.getInstance(SIGNATURE_ALGORITHM, ED_PROVIDER);
+			long start = System.nanoTime();
+			signature.initVerify(keyPair.getPublic());
+			signature.update(new byte[BYTES_TO_SIGN], 0, BYTES_TO_SIGN);
+			if (!signature.verify(signatures.get(i)))
+				throw new AssertionError();
+			samples.add(System.nanoTime() - start);
+		}
+		long verificationMedian = median(samples);
+		System.out.println(String.format("Ed25519: - - %,d %,d",
+				signatureMedian, verificationMedian));
 	}
 
 	private static long median(List<Long> list) {

bramble-core/src/test/java/org/briarproject/bramble/crypto/KeyAgreementTest.java

@@ -3,40 +3,32 @@ package org.briarproject.bramble.crypto;
 import org.briarproject.bramble.api.crypto.CryptoComponent;
 import org.briarproject.bramble.api.crypto.KeyPair;
 import org.briarproject.bramble.api.crypto.SecretKey;
-import org.briarproject.bramble.api.system.SecureRandomProvider;
 import org.briarproject.bramble.test.BrambleTestCase;
 import org.briarproject.bramble.test.TestSecureRandomProvider;
 import org.junit.Test;
 
+import java.util.Random;
+
+import static org.briarproject.bramble.api.keyagreement.KeyAgreementConstants.SHARED_SECRET_LABEL;
+import static org.briarproject.bramble.test.TestUtils.getRandomBytes;
 import static org.junit.Assert.assertArrayEquals;
 
 public class KeyAgreementTest extends BrambleTestCase {
 
-	@Test
-	public void testDeriveMasterSecret() throws Exception {
-		SecureRandomProvider
-				secureRandomProvider = new TestSecureRandomProvider();
-		CryptoComponent crypto = new CryptoComponentImpl(secureRandomProvider);
-		KeyPair aPair = crypto.generateAgreementKeyPair();
-		byte[] aPub = aPair.getPublic().getEncoded();
-		KeyPair bPair = crypto.generateAgreementKeyPair();
-		byte[] bPub = bPair.getPublic().getEncoded();
-		SecretKey aMaster = crypto.deriveMasterSecret(aPub, bPair, true);
-		SecretKey bMaster = crypto.deriveMasterSecret(bPub, aPair, false);
-		assertArrayEquals(aMaster.getBytes(), bMaster.getBytes());
-	}
-
 	@Test
 	public void testDeriveSharedSecret() throws Exception {
-		SecureRandomProvider
-				secureRandomProvider = new TestSecureRandomProvider();
-		CryptoComponent crypto = new CryptoComponentImpl(secureRandomProvider);
+		CryptoComponent crypto =
+				new CryptoComponentImpl(new TestSecureRandomProvider());
 		KeyPair aPair = crypto.generateAgreementKeyPair();
-		byte[] aPub = aPair.getPublic().getEncoded();
 		KeyPair bPair = crypto.generateAgreementKeyPair();
-		byte[] bPub = bPair.getPublic().getEncoded();
-		SecretKey aShared = crypto.deriveSharedSecret(bPub, aPair, true);
-		SecretKey bShared = crypto.deriveSharedSecret(aPub, bPair, false);
+		Random random = new Random();
+		byte[][] inputs = new byte[random.nextInt(10) + 1][];
+		for (int i = 0; i < inputs.length; i++)
+			inputs[i] = getRandomBytes(random.nextInt(256));
+		SecretKey aShared = crypto.deriveSharedSecret(SHARED_SECRET_LABEL,
+				bPair.getPublic(), aPair, inputs);
+		SecretKey bShared = crypto.deriveSharedSecret(SHARED_SECRET_LABEL,
+				aPair.getPublic(), bPair, inputs);
 		assertArrayEquals(aShared.getBytes(), bShared.getBytes());
 	}
 }

bramble-core/src/test/java/org/briarproject/bramble/crypto/KeyDerivationTest.java

@@ -3,11 +3,11 @@ package org.briarproject.bramble.crypto;
 import org.briarproject.bramble.api.Bytes;
 import org.briarproject.bramble.api.crypto.CryptoComponent;
 import org.briarproject.bramble.api.crypto.SecretKey;
+import org.briarproject.bramble.api.crypto.TransportCrypto;
 import org.briarproject.bramble.api.plugin.TransportId;
 import org.briarproject.bramble.api.transport.TransportKeys;
 import org.briarproject.bramble.test.BrambleTestCase;
 import org.briarproject.bramble.test.TestSecureRandomProvider;
-import org.briarproject.bramble.test.TestUtils;
 import org.junit.Test;
 
 import java.util.ArrayList;
@@ -16,35 +16,34 @@ import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
 
+import static org.briarproject.bramble.test.TestUtils.getSecretKey;
 import static org.junit.Assert.assertArrayEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
 
 public class KeyDerivationTest extends BrambleTestCase {
 
+	private final CryptoComponent crypto =
+			new CryptoComponentImpl(new TestSecureRandomProvider());
+	private final TransportCrypto transportCrypto =
+			new TransportCryptoImpl(crypto);
 	private final TransportId transportId = new TransportId("id");
-	private final CryptoComponent crypto;
-	private final SecretKey master;
-
-	public KeyDerivationTest() {
-		crypto = new CryptoComponentImpl(new TestSecureRandomProvider());
-		master = TestUtils.getSecretKey();
-	}
+	private final SecretKey master = getSecretKey();
 
 	@Test
 	public void testKeysAreDistinct() {
-		TransportKeys k = crypto.deriveTransportKeys(transportId, master,
-				123, true);
+		TransportKeys k = transportCrypto.deriveTransportKeys(transportId,
+				master, 123, true);
 		assertAllDifferent(k);
 	}
 
 	@Test
 	public void testCurrentKeysMatchCurrentKeysOfContact() {
 		// Start in rotation period 123
-		TransportKeys kA = crypto.deriveTransportKeys(transportId, master,
-				123, true);
-		TransportKeys kB = crypto.deriveTransportKeys(transportId, master,
-				123, false);
+		TransportKeys kA = transportCrypto.deriveTransportKeys(transportId,
+				master, 123, true);
+		TransportKeys kB = transportCrypto.deriveTransportKeys(transportId,
+				master, 123, false);
 		// Alice's incoming keys should equal Bob's outgoing keys
 		assertArrayEquals(kA.getCurrentIncomingKeys().getTagKey().getBytes(),
 				kB.getCurrentOutgoingKeys().getTagKey().getBytes());
@@ -56,8 +55,8 @@ public class KeyDerivationTest extends BrambleTestCase {
 		assertArrayEquals(kA.getCurrentOutgoingKeys().getHeaderKey().getBytes(),
 				kB.getCurrentIncomingKeys().getHeaderKey().getBytes());
 		// Rotate into the future
-		kA = crypto.rotateTransportKeys(kA, 456);
-		kB = crypto.rotateTransportKeys(kB, 456);
+		kA = transportCrypto.rotateTransportKeys(kA, 456);
+		kB = transportCrypto.rotateTransportKeys(kB, 456);
 		// Alice's incoming keys should equal Bob's outgoing keys
 		assertArrayEquals(kA.getCurrentIncomingKeys().getTagKey().getBytes(),
 				kB.getCurrentOutgoingKeys().getTagKey().getBytes());
@@ -73,22 +72,23 @@ public class KeyDerivationTest extends BrambleTestCase {
 	@Test
 	public void testPreviousKeysMatchPreviousKeysOfContact() {
 		// Start in rotation period 123
-		TransportKeys kA = crypto.deriveTransportKeys(transportId, master,
-				123, true);
-		TransportKeys kB = crypto.deriveTransportKeys(transportId, master,
-				123, false);
+		TransportKeys kA = transportCrypto.deriveTransportKeys(transportId,
+				master, 123, true);
+		TransportKeys kB = transportCrypto.deriveTransportKeys(transportId,
+				master, 123, false);
 		// Compare Alice's previous keys in period 456 with Bob's current keys
 		// in period 455
-		kA = crypto.rotateTransportKeys(kA, 456);
-		kB = crypto.rotateTransportKeys(kB, 455);
+		kA = transportCrypto.rotateTransportKeys(kA, 456);
+		kB = transportCrypto.rotateTransportKeys(kB, 455);
 		// Alice's previous incoming keys should equal Bob's outgoing keys
 		assertArrayEquals(kA.getPreviousIncomingKeys().getTagKey().getBytes(),
 				kB.getCurrentOutgoingKeys().getTagKey().getBytes());
-		assertArrayEquals(kA.getPreviousIncomingKeys().getHeaderKey().getBytes(),
+		assertArrayEquals(
+				kA.getPreviousIncomingKeys().getHeaderKey().getBytes(),
 				kB.getCurrentOutgoingKeys().getHeaderKey().getBytes());
 		// Compare Alice's current keys in period 456 with Bob's previous keys
 		// in period 457
-		kB = crypto.rotateTransportKeys(kB, 457);
+		kB = transportCrypto.rotateTransportKeys(kB, 457);
 		// Alice's outgoing keys should equal Bob's previous incoming keys
 		assertArrayEquals(kA.getCurrentOutgoingKeys().getTagKey().getBytes(),
 				kB.getPreviousIncomingKeys().getTagKey().getBytes());
@@ -99,14 +99,14 @@ public class KeyDerivationTest extends BrambleTestCase {
 	@Test
 	public void testNextKeysMatchNextKeysOfContact() {
 		// Start in rotation period 123
-		TransportKeys kA = crypto.deriveTransportKeys(transportId, master,
-				123, true);
-		TransportKeys kB = crypto.deriveTransportKeys(transportId, master,
-				123, false);
+		TransportKeys kA = transportCrypto.deriveTransportKeys(transportId,
+				master, 123, true);
+		TransportKeys kB = transportCrypto.deriveTransportKeys(transportId,
+				master, 123, false);
 		// Compare Alice's current keys in period 456 with Bob's next keys in
 		// period 455
-		kA = crypto.rotateTransportKeys(kA, 456);
-		kB = crypto.rotateTransportKeys(kB, 455);
+		kA = transportCrypto.rotateTransportKeys(kA, 456);
+		kB = transportCrypto.rotateTransportKeys(kB, 455);
 		// Alice's outgoing keys should equal Bob's next incoming keys
 		assertArrayEquals(kA.getCurrentOutgoingKeys().getTagKey().getBytes(),
 				kB.getNextIncomingKeys().getTagKey().getBytes());
@@ -114,7 +114,7 @@ public class KeyDerivationTest extends BrambleTestCase {
 				kB.getNextIncomingKeys().getHeaderKey().getBytes());
 		// Compare Alice's next keys in period 456 with Bob's current keys
 		// in period 457
-		kB = crypto.rotateTransportKeys(kB, 457);
+		kB = transportCrypto.rotateTransportKeys(kB, 457);
 		// Alice's next incoming keys should equal Bob's outgoing keys
 		assertArrayEquals(kA.getNextIncomingKeys().getTagKey().getBytes(),
 				kB.getCurrentOutgoingKeys().getTagKey().getBytes());
@@ -124,12 +124,12 @@ public class KeyDerivationTest extends BrambleTestCase {
 
 	@Test
 	public void testMasterKeyAffectsOutput() {
-		SecretKey master1 = TestUtils.getSecretKey();
+		SecretKey master1 = getSecretKey();
 		assertFalse(Arrays.equals(master.getBytes(), master1.getBytes()));
-		TransportKeys k = crypto.deriveTransportKeys(transportId, master,
-				123, true);
-		TransportKeys k1 = crypto.deriveTransportKeys(transportId, master1,
-				123, true);
+		TransportKeys k = transportCrypto.deriveTransportKeys(transportId,
+				master, 123, true);
+		TransportKeys k1 = transportCrypto.deriveTransportKeys(transportId,
+				master1, 123, true);
 		assertAllDifferent(k, k1);
 	}
 
@@ -137,10 +137,10 @@ public class KeyDerivationTest extends BrambleTestCase {
 	public void testTransportIdAffectsOutput() {
 		TransportId transportId1 = new TransportId("id1");
 		assertFalse(transportId.getString().equals(transportId1.getString()));
-		TransportKeys k = crypto.deriveTransportKeys(transportId, master,
-				123, true);
-		TransportKeys k1 = crypto.deriveTransportKeys(transportId1, master,
-				123, true);
+		TransportKeys k = transportCrypto.deriveTransportKeys(transportId,
+				master, 123, true);
+		TransportKeys k1 = transportCrypto.deriveTransportKeys(transportId1,
+				master, 123, true);
 		assertAllDifferent(k, k1);
 	}
 

bramble-core/src/test/java/org/briarproject/bramble/crypto/MacTest.java

@@ -4,42 +4,49 @@ import org.briarproject.bramble.api.crypto.CryptoComponent;
 import org.briarproject.bramble.api.crypto.SecretKey;
 import org.briarproject.bramble.test.BrambleTestCase;
 import org.briarproject.bramble.test.TestSecureRandomProvider;
-import org.briarproject.bramble.test.TestUtils;
 import org.junit.Test;
 
 import java.util.Arrays;
 
+import static org.briarproject.bramble.test.TestUtils.getRandomBytes;
+import static org.briarproject.bramble.test.TestUtils.getSecretKey;
+import static org.briarproject.bramble.util.StringUtils.getRandomString;
 import static org.junit.Assert.assertArrayEquals;
 import static org.junit.Assert.assertFalse;
 
 public class MacTest extends BrambleTestCase {
 
-	private final CryptoComponent crypto;
+	private final CryptoComponent crypto =
+			new CryptoComponentImpl(new TestSecureRandomProvider());
 
-	private final SecretKey k = TestUtils.getSecretKey();
-	private final byte[] inputBytes = TestUtils.getRandomBytes(123);
-	private final byte[] inputBytes1 = TestUtils.getRandomBytes(234);
-	private final byte[] inputBytes2 = new byte[0];
-
-	public MacTest() {
-		crypto = new CryptoComponentImpl(new TestSecureRandomProvider());
-	}
+	private final SecretKey key1 = getSecretKey(), key2 = getSecretKey();
+	private final String label1 = getRandomString(123);
+	private final String label2 = getRandomString(123);
+	private final byte[] input1 = getRandomBytes(123);
+	private final byte[] input2 = getRandomBytes(234);
+	private final byte[] input3 = new byte[0];
 
 	@Test
 	public void testIdenticalKeysAndInputsProduceIdenticalMacs() {
 		// Calculate the MAC twice - the results should be identical
-		byte[] mac = crypto.mac(k, inputBytes, inputBytes1, inputBytes2);
-		byte[] mac1 = crypto.mac(k, inputBytes, inputBytes1, inputBytes2);
+		byte[] mac = crypto.mac(label1, key1, input1, input2, input3);
+		byte[] mac1 = crypto.mac(label1, key1, input1, input2, input3);
 		assertArrayEquals(mac, mac1);
 	}
 
+	@Test
+	public void testDifferentLabelsProduceDifferentMacs() {
+		// Calculate the MAC with each label - the results should be different
+		byte[] mac = crypto.mac(label1, key1, input1, input2, input3);
+		byte[] mac1 = crypto.mac(label2, key1, input1, input2, input3);
+		assertFalse(Arrays.equals(mac, mac1));
+	}
+
 	@Test
 	public void testDifferentKeysProduceDifferentMacs() {
-		// Generate second random key
-		SecretKey k1 = TestUtils.getSecretKey();
 		// Calculate the MAC with each key - the results should be different
-		byte[] mac = crypto.mac(k, inputBytes, inputBytes1, inputBytes2);
-		byte[] mac1 = crypto.mac(k1, inputBytes, inputBytes1, inputBytes2);
+		byte[] mac = crypto.mac(label1, key1, input1, input2, input3);
+		byte[] mac1 = crypto.mac(label1, key2, input1, input2, input3);
 		assertFalse(Arrays.equals(mac, mac1));
 	}
 
@@ -47,8 +54,8 @@ public class MacTest extends BrambleTestCase {
 	public void testDifferentInputsProduceDifferentMacs() {
 		// Calculate the MAC with the inputs in different orders - the results
 		// should be different
-		byte[] mac = crypto.mac(k, inputBytes, inputBytes1, inputBytes2);
-		byte[] mac1 = crypto.mac(k, inputBytes2, inputBytes1, inputBytes);
+		byte[] mac = crypto.mac(label1, key1, input1, input2, input3);
+		byte[] mac1 = crypto.mac(label1, key1, input3, input2, input1);
 		assertFalse(Arrays.equals(mac, mac1));
 	}
 

bramble-core/src/test/java/org/briarproject/bramble/crypto/SignatureTest.java

@@ -8,23 +8,32 @@ import org.briarproject.bramble.test.TestUtils;
 import org.briarproject.bramble.util.StringUtils;
 import org.junit.Test;
 
+import java.security.GeneralSecurityException;
 import java.util.Arrays;
 
 import static org.junit.Assert.assertArrayEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
 
-public class SignatureTest extends BrambleTestCase {
+public abstract class SignatureTest extends BrambleTestCase {
 
-	private final CryptoComponent crypto;
+	protected final CryptoComponent crypto;
 
 	private final byte[] publicKey, privateKey;
 	private final String label = StringUtils.getRandomString(42);
 	private final byte[] inputBytes = TestUtils.getRandomBytes(123);
 
-	public SignatureTest() {
+	protected abstract KeyPair generateKeyPair();
+
+	protected abstract byte[] sign(String label, byte[] toSign,
+			byte[] privateKey) throws GeneralSecurityException;
+
+	protected abstract boolean verify(String label, byte[] signedData,
+			byte[] publicKey, byte[] signature) throws GeneralSecurityException;
+
+	SignatureTest() {
 		crypto = new CryptoComponentImpl(new TestSecureRandomProvider());
-		KeyPair k = crypto.generateSignatureKeyPair();
+		KeyPair k = generateKeyPair();
 		publicKey = k.getPublic().getEncoded();
 		privateKey = k.getPrivate().getEncoded();
 	}
@@ -33,19 +42,19 @@ public class SignatureTest extends BrambleTestCase {
 	public void testIdenticalKeysAndInputsProduceIdenticalSignatures()
 			throws Exception {
 		// Calculate the Signature twice - the results should be identical
-		byte[] sig1 = crypto.sign(label, inputBytes, privateKey);
-		byte[] sig2 = crypto.sign(label, inputBytes, privateKey);
+		byte[] sig1 = sign(label, inputBytes, privateKey);
+		byte[] sig2 = sign(label, inputBytes, privateKey);
 		assertArrayEquals(sig1, sig2);
 	}
 
 	@Test
 	public void testDifferentKeysProduceDifferentSignatures() throws Exception {
 		// Generate second private key
-		KeyPair k2 = crypto.generateSignatureKeyPair();
+		KeyPair k2 = generateKeyPair();
 		byte[] privateKey2 = k2.getPrivate().getEncoded();
 		// Calculate the signature with each key
-		byte[] sig1 = crypto.sign(label, inputBytes, privateKey);
-		byte[] sig2 = crypto.sign(label, inputBytes, privateKey2);
+		byte[] sig1 = sign(label, inputBytes, privateKey);
+		byte[] sig2 = sign(label, inputBytes, privateKey2);
 		assertFalse(Arrays.equals(sig1, sig2));
 	}
 
@@ -56,8 +65,8 @@ public class SignatureTest extends BrambleTestCase {
 		byte[] inputBytes2 = TestUtils.getRandomBytes(123);
 		// Calculate the signature with different inputs
 		// the results should be different
-		byte[] sig1 = crypto.sign(label, inputBytes, privateKey);
-		byte[] sig2 = crypto.sign(label, inputBytes2, privateKey);
+		byte[] sig1 = sign(label, inputBytes, privateKey);
+		byte[] sig2 = sign(label, inputBytes2, privateKey);
 		assertFalse(Arrays.equals(sig1, sig2));
 	}
 
@@ -68,25 +77,25 @@ public class SignatureTest extends BrambleTestCase {
 		String label2 = StringUtils.getRandomString(42);
 		// Calculate the signature with different inputs
 		// the results should be different
-		byte[] sig1 = crypto.sign(label, inputBytes, privateKey);
-		byte[] sig2 = crypto.sign(label2, inputBytes, privateKey);
+		byte[] sig1 = sign(label, inputBytes, privateKey);
+		byte[] sig2 = sign(label2, inputBytes, privateKey);
 		assertFalse(Arrays.equals(sig1, sig2));
 	}
 
 	@Test
 	public void testSignatureVerification() throws Exception {
-		byte[] sig = crypto.sign(label, inputBytes, privateKey);
-		assertTrue(crypto.verify(label, inputBytes, publicKey, sig));
+		byte[] sig = sign(label, inputBytes, privateKey);
+		assertTrue(verify(label, inputBytes, publicKey, sig));
 	}
 
 	@Test
 	public void testDifferentKeyFailsVerification() throws Exception {
 		// Generate second private key
-		KeyPair k2 = crypto.generateSignatureKeyPair();
+		KeyPair k2 = generateKeyPair();
 		byte[] privateKey2 = k2.getPrivate().getEncoded();
 		// calculate the signature with different key, should fail to verify
-		byte[] sig = crypto.sign(label, inputBytes, privateKey2);
-		assertFalse(crypto.verify(label, inputBytes, publicKey, sig));
+		byte[] sig = sign(label, inputBytes, privateKey2);
+		assertFalse(verify(label, inputBytes, publicKey, sig));
 	}
 
 	@Test
@@ -94,8 +103,8 @@ public class SignatureTest extends BrambleTestCase {
 		// Generate a second input
 		byte[] inputBytes2 = TestUtils.getRandomBytes(123);
 		// calculate the signature with different input, should fail to verify
-		byte[] sig = crypto.sign(label, inputBytes, privateKey);
-		assertFalse(crypto.verify(label, inputBytes2, publicKey, sig));
+		byte[] sig = sign(label, inputBytes, privateKey);
+		assertFalse(verify(label, inputBytes2, publicKey, sig));
 	}
 
 	@Test
@@ -103,8 +112,8 @@ public class SignatureTest extends BrambleTestCase {
 		// Generate a second label
 		String label2 = StringUtils.getRandomString(42);
 		// calculate the signature with different label, should fail to verify
-		byte[] sig = crypto.sign(label, inputBytes, privateKey);
-		assertFalse(crypto.verify(label2, inputBytes, publicKey, sig));
+		byte[] sig = sign(label, inputBytes, privateKey);
+		assertFalse(verify(label2, inputBytes, publicKey, sig));
 	}
 
 }

bramble-core/src/test/java/org/briarproject/bramble/crypto/TagEncodingTest.java

@@ -3,9 +3,8 @@ package org.briarproject.bramble.crypto;
 import org.briarproject.bramble.api.Bytes;
 import org.briarproject.bramble.api.crypto.CryptoComponent;
 import org.briarproject.bramble.api.crypto.SecretKey;
-import org.briarproject.bramble.test.BrambleTestCase;
-import org.briarproject.bramble.test.TestSecureRandomProvider;
-import org.briarproject.bramble.test.TestUtils;
+import org.briarproject.bramble.api.crypto.TransportCrypto;
+import org.briarproject.bramble.test.BrambleMockTestCase;
 import org.junit.Test;
 
 import java.util.HashSet;
@@ -14,25 +13,25 @@ import java.util.Set;
 import static junit.framework.TestCase.assertTrue;
 import static org.briarproject.bramble.api.transport.TransportConstants.PROTOCOL_VERSION;
 import static org.briarproject.bramble.api.transport.TransportConstants.TAG_LENGTH;
+import static org.briarproject.bramble.test.TestUtils.getSecretKey;
 
-public class TagEncodingTest extends BrambleTestCase {
+public class TagEncodingTest extends BrambleMockTestCase {
 
-	private final CryptoComponent crypto;
-	private final SecretKey tagKey;
+	private final CryptoComponent crypto = context.mock(CryptoComponent.class);
+
+	private final TransportCrypto transportCrypto =
+			new TransportCryptoImpl(crypto);
+	private final SecretKey tagKey = getSecretKey();
 	private final long streamNumber = 1234567890;
 
-	public TagEncodingTest() {
-		crypto = new CryptoComponentImpl(new TestSecureRandomProvider());
-		tagKey = TestUtils.getSecretKey();
-	}
-
 	@Test
 	public void testKeyAffectsTag() throws Exception {
 		Set<Bytes> set = new HashSet<>();
 		for (int i = 0; i < 100; i++) {
 			byte[] tag = new byte[TAG_LENGTH];
-			SecretKey tagKey = TestUtils.getSecretKey();
-			crypto.encodeTag(tag, tagKey, PROTOCOL_VERSION, streamNumber);
+			SecretKey tagKey = getSecretKey();
+			transportCrypto.encodeTag(tag, tagKey, PROTOCOL_VERSION,
+					streamNumber);
 			assertTrue(set.add(new Bytes(tag)));
 		}
 	}
@@ -42,7 +41,8 @@ public class TagEncodingTest extends BrambleTestCase {
 		Set<Bytes> set = new HashSet<>();
 		for (int i = 0; i < 100; i++) {
 			byte[] tag = new byte[TAG_LENGTH];
-			crypto.encodeTag(tag, tagKey, PROTOCOL_VERSION + i, streamNumber);
+			transportCrypto.encodeTag(tag, tagKey, PROTOCOL_VERSION + i,
+					streamNumber);
 			assertTrue(set.add(new Bytes(tag)));
 		}
 	}
@@ -52,7 +52,8 @@ public class TagEncodingTest extends BrambleTestCase {
 		Set<Bytes> set = new HashSet<>();
 		for (int i = 0; i < 100; i++) {
 			byte[] tag = new byte[TAG_LENGTH];
-			crypto.encodeTag(tag, tagKey, PROTOCOL_VERSION, streamNumber + i);
+			transportCrypto.encodeTag(tag, tagKey, PROTOCOL_VERSION,
+					streamNumber + i);
 			assertTrue(set.add(new Bytes(tag)));
 		}
 	}

bramble-core/src/test/java/org/briarproject/bramble/db/BasicDatabaseTest.java

@@ -0,0 +1,380 @@
+package org.briarproject.bramble.db;
+
+import org.briarproject.bramble.test.BrambleTestCase;
+import org.briarproject.bramble.test.TestUtils;
+import org.briarproject.bramble.util.StringUtils;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.sql.Connection;
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.sql.Statement;
+import java.util.ArrayList;
+import java.util.List;
+
+import static java.sql.Types.BINARY;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+public abstract class BasicDatabaseTest extends BrambleTestCase {
+
+	private static final int BATCH_SIZE = 100;
+
+	private final File testDir = TestUtils.getTestDirectory();
+	private final File db = new File(testDir, "db");
+
+	protected abstract String getBinaryType();
+
+	protected abstract String getDriverName();
+
+	protected abstract Connection openConnection(File db, boolean encrypt)
+			throws SQLException;
+
+	protected abstract void shutdownDatabase(File db, boolean encrypt)
+			throws SQLException;
+
+	@Before
+	public void setUp() throws Exception {
+		testDir.mkdirs();
+		Class.forName(getDriverName());
+	}
+
+	@Test
+	public void testInsertUpdateAndDelete() throws Exception {
+		Connection connection = openConnection(db, false);
+		try {
+			// Create the table
+			createTable(connection);
+			// Generate an ID and two names
+			byte[] id = TestUtils.getRandomId();
+			String oldName = StringUtils.getRandomString(50);
+			String newName = StringUtils.getRandomString(50);
+			// Insert the ID and old name into the table
+			insertRow(connection, id, oldName);
+			// Check that the old name can be retrieved using the ID
+			assertTrue(rowExists(connection, id));
+			assertEquals(oldName, getName(connection, id));
+			// Update the name
+			updateRow(connection, id, newName);
+			// Check that the new name can be retrieved using the ID
+			assertTrue(rowExists(connection, id));
+			assertEquals(newName, getName(connection, id));
+			// Delete the row from the table
+			assertTrue(deleteRow(connection, id));
+			// Check that the row no longer exists
+			assertFalse(rowExists(connection, id));
+			// Deleting the row again should have no effect
+			assertFalse(deleteRow(connection, id));
+		} finally {
+			connection.close();
+			shutdownDatabase(db, false);
+		}
+	}
+
+	@Test
+	public void testBatchInsertUpdateAndDelete() throws Exception {
+		Connection connection = openConnection(db, false);
+		try {
+			// Create the table
+			createTable(connection);
+			// Generate some IDs and two sets of names
+			byte[][] ids = new byte[BATCH_SIZE][];
+			String[] oldNames = new String[BATCH_SIZE];
+			String[] newNames = new String[BATCH_SIZE];
+			for (int i = 0; i < BATCH_SIZE; i++) {
+				ids[i] = TestUtils.getRandomId();
+				oldNames[i] = StringUtils.getRandomString(50);
+				newNames[i] = StringUtils.getRandomString(50);
+			}
+			// Insert the IDs and old names into the table as a batch
+			insertBatch(connection, ids, oldNames);
+			// Update the names as a batch
+			updateBatch(connection, ids, newNames);
+			// Check that the new names can be retrieved using the IDs
+			for (int i = 0; i < BATCH_SIZE; i++) {
+				assertTrue(rowExists(connection, ids[i]));
+				assertEquals(newNames[i], getName(connection, ids[i]));
+			}
+			// Delete the rows as a batch
+			boolean[] deleted = deleteBatch(connection, ids);
+			// Check that the rows no longer exist
+			for (int i = 0; i < BATCH_SIZE; i++) {
+				assertTrue(deleted[i]);
+				assertFalse(rowExists(connection, ids[i]));
+			}
+			// Deleting the rows again should have no effect
+			deleted = deleteBatch(connection, ids);
+			for (int i = 0; i < BATCH_SIZE; i++) assertFalse(deleted[i]);
+		} finally {
+			connection.close();
+			shutdownDatabase(db, false);
+		}
+	}
+
+	@Test
+	public void testSortOrder() throws Exception {
+		byte[] first = new byte[] {
+				0, 0, 0, 0, 0, 0, 0, 0,
+				0, 0, 0, 0, 0, 0, 0, 0,
+				0, 0, 0, 0, 0, 0, 0, 0,
+				0, 0, 0, 0, 0, 0, 0, 0
+		};
+		byte[] second = new byte[] {
+				0, 0, 0, 0, 0, 0, 0, 0,
+				0, 0, 0, 0, 0, 0, 0, 0,
+				0, 0, 0, 0, 0, 0, 0, 0,
+				0, 0, 0, 0, 0, 0, 0, 127
+		};
+		byte[] third = new byte[] {
+				0, 0, 0, 0, 0, 0, 0, 0,
+				0, 0, 0, 0, 0, 0, 0, 0,
+				0, 0, 0, 0, 0, 0, 0, 0,
+				0, 0, 0, 0, 0, 0, 0, (byte) 255
+		};
+		Connection connection = openConnection(db, false);
+		try {
+			// Create the table
+			createTable(connection);
+			// Insert the rows
+			insertRow(connection, first, "first");
+			insertRow(connection, second, "second");
+			insertRow(connection, third, "third");
+			insertRow(connection, null, "null");
+			// Check the ordering of the < operator: null is not comparable
+			assertNull(getPredecessor(connection, first));
+			assertEquals("first", getPredecessor(connection, second));
+			assertEquals("second", getPredecessor(connection, third));
+			assertNull(getPredecessor(connection, null));
+			// Check the ordering of ORDER BY: nulls come first
+			List<String> names = getNames(connection);
+			assertEquals(4, names.size());
+			assertEquals("null", names.get(0));
+			assertEquals("first", names.get(1));
+			assertEquals("second", names.get(2));
+			assertEquals("third", names.get(3));
+		} finally {
+			connection.close();
+			shutdownDatabase(db, false);
+		}
+	}
+
+	@Test
+	public void testDataIsFoundWithoutEncryption() throws Exception {
+		testEncryption(false);
+	}
+
+	@Test
+	public void testDataIsNotFoundWithEncryption() throws Exception {
+		testEncryption(true);
+	}
+
+	private void testEncryption(boolean encrypt) throws Exception {
+		byte[] sequence = new byte[] {'a', 'b', 'c', 'd', 'e', 'f', 'g'};
+		Connection connection = openConnection(db, encrypt);
+		try {
+			createTable(connection);
+			insertRow(connection, sequence, "abcdefg");
+		} finally {
+			connection.close();
+			shutdownDatabase(db, encrypt);
+		}
+		try {
+			if (findSequence(testDir, sequence) == encrypt) fail();
+		} finally {
+			shutdownDatabase(db, encrypt);
+		}
+	}
+
+	private void createTable(Connection connection) throws SQLException {
+		Statement s = connection.createStatement();
+		String sql = "CREATE TABLE foo (uniqueId " + getBinaryType() + ","
+				+ " name VARCHAR(100) NOT NULL)";
+		s.executeUpdate(sql);
+		s.close();
+	}
+
+	private void insertRow(Connection connection, byte[] id, String name)
+			throws SQLException {
+		String sql = "INSERT INTO foo (uniqueId, name) VALUES (?, ?)";
+		PreparedStatement ps = connection.prepareStatement(sql);
+		if (id == null) ps.setNull(1, BINARY);
+		else ps.setBytes(1, id);
+		ps.setString(2, name);
+		int affected = ps.executeUpdate();
+		assertEquals(1, affected);
+		ps.close();
+	}
+
+	private boolean rowExists(Connection connection, byte[] id)
+			throws SQLException {
+		assertNotNull(id);
+		String sql = "SELECT * FROM foo WHERE uniqueID = ?";
+		PreparedStatement ps = connection.prepareStatement(sql);
+		ps.setBytes(1, id);
+		ResultSet rs = ps.executeQuery();
+		boolean found = rs.next();
+		assertFalse(rs.next());
+		rs.close();
+		ps.close();
+		return found;
+	}
+
+	private String getName(Connection connection, byte[] id)
+			throws SQLException {
+		assertNotNull(id);
+		String sql = "SELECT name FROM foo WHERE uniqueID = ?";
+		PreparedStatement ps = connection.prepareStatement(sql);
+		ps.setBytes(1, id);
+		ResultSet rs = ps.executeQuery();
+		assertTrue(rs.next());
+		String name = rs.getString(1);
+		assertFalse(rs.next());
+		rs.close();
+		ps.close();
+		return name;
+	}
+
+	private void updateRow(Connection connection, byte[] id, String name)
+			throws SQLException {
+		String sql = "UPDATE foo SET name = ? WHERE uniqueId = ?";
+		PreparedStatement ps = connection.prepareStatement(sql);
+		if (id == null) ps.setNull(2, BINARY);
+		else ps.setBytes(2, id);
+		ps.setString(1, name);
+		assertEquals(1, ps.executeUpdate());
+		ps.close();
+	}
+
+	private boolean deleteRow(Connection connection, byte[] id)
+			throws SQLException {
+		String sql = "DELETE FROM foo WHERE uniqueId = ?";
+		PreparedStatement ps = connection.prepareStatement(sql);
+		if (id == null) ps.setNull(1, BINARY);
+		else ps.setBytes(1, id);
+		int affected = ps.executeUpdate();
+		ps.close();
+		return affected == 1;
+	}
+
+	private void insertBatch(Connection connection, byte[][] ids,
+			String[] names) throws SQLException {
+		assertEquals(ids.length, names.length);
+		String sql = "INSERT INTO foo (uniqueId, name) VALUES (?, ?)";
+		PreparedStatement ps = connection.prepareStatement(sql);
+		for (int i = 0; i < ids.length; i++) {
+			if (ids[i] == null) ps.setNull(1, BINARY);
+			else ps.setBytes(1, ids[i]);
+			ps.setString(2, names[i]);
+			ps.addBatch();
+		}
+		int[] batchAffected = ps.executeBatch();
+		assertEquals(ids.length, batchAffected.length);
+		for (int affected : batchAffected) assertEquals(1, affected);
+		ps.close();
+	}
+
+	private void updateBatch(Connection connection, byte[][] ids,
+			String[] names) throws SQLException {
+		assertEquals(ids.length, names.length);
+		String sql = "UPDATE foo SET name = ? WHERE uniqueId = ?";
+		PreparedStatement ps = connection.prepareStatement(sql);
+		for (int i = 0; i < ids.length; i++) {
+			if (ids[i] == null) ps.setNull(2, BINARY);
+			else ps.setBytes(2, ids[i]);
+			ps.setString(1, names[i]);
+			ps.addBatch();
+		}
+		int[] batchAffected = ps.executeBatch();
+		assertEquals(ids.length, batchAffected.length);
+		for (int affected : batchAffected) assertEquals(1, affected);
+		ps.close();
+	}
+
+	private boolean[] deleteBatch(Connection connection, byte[][] ids)
+			throws SQLException {
+		String sql = "DELETE FROM foo WHERE uniqueId = ?";
+		PreparedStatement ps = connection.prepareStatement(sql);
+		for (byte[] id : ids) {
+			if (id == null) ps.setNull(1, BINARY);
+			else ps.setBytes(1, id);
+			ps.addBatch();
+		}
+		int[] batchAffected = ps.executeBatch();
+		assertEquals(ids.length, batchAffected.length);
+		boolean[] ret = new boolean[ids.length];
+		for (int i = 0; i < batchAffected.length; i++)
+			ret[i] = batchAffected[i] == 1;
+		ps.close();
+		return ret;
+	}
+
+	private String getPredecessor(Connection connection, byte[] id)
+			throws SQLException {
+		String sql = "SELECT name FROM foo WHERE uniqueId < ?"
+				+ " ORDER BY uniqueId DESC";
+		PreparedStatement ps = connection.prepareStatement(sql);
+		ps.setBytes(1, id);
+		ps.setMaxRows(1);
+		ResultSet rs = ps.executeQuery();
+		String name = rs.next() ? rs.getString(1) : null;
+		assertFalse(rs.next());
+		rs.close();
+		ps.close();
+		return name;
+	}
+
+	private List<String> getNames(Connection connection) throws SQLException {
+		String sql = "SELECT name FROM foo ORDER BY uniqueId NULLS FIRST";
+		List<String> names = new ArrayList<>();
+		PreparedStatement ps = connection.prepareStatement(sql);
+		ResultSet rs = ps.executeQuery();
+		while (rs.next()) names.add(rs.getString(1));
+		rs.close();
+		ps.close();
+		return names;
+	}
+
+	private boolean findSequence(File f, byte[] sequence) throws IOException {
+		if (f.isDirectory()) {
+			File[] children = f.listFiles();
+			if (children != null)
+				for (File child : children)
+					if (findSequence(child, sequence)) return true;
+			return false;
+		} else if (f.isFile()) {
+			FileInputStream in = new FileInputStream(f);
+			try {
+				int offset = 0;
+				while (true) {
+					int read = in.read();
+					if (read == -1) return false;
+					if (((byte) read) == sequence[offset]) {
+						offset++;
+						if (offset == sequence.length) return true;
+					} else {
+						offset = 0;
+					}
+				}
+			} finally {
+				in.close();
+			}
+		} else {
+			return false;
+		}
+	}
+
+	@After
+	public void tearDown() throws Exception {
+		TestUtils.deleteTestDirectory(testDir);
+	}
+}

bramble-core/src/test/java/org/briarproject/bramble/db/BasicH2Test.java

@@ -1,345 +1,46 @@
 package org.briarproject.bramble.db;
 
-import org.briarproject.bramble.test.BrambleTestCase;
+import org.briarproject.bramble.api.crypto.SecretKey;
 import org.briarproject.bramble.test.TestUtils;
 import org.briarproject.bramble.util.StringUtils;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
 
 import java.io.File;
 import java.sql.Connection;
 import java.sql.DriverManager;
-import java.sql.PreparedStatement;
-import java.sql.ResultSet;
 import java.sql.SQLException;
-import java.sql.Statement;
-import java.util.ArrayList;
-import java.util.List;
+import java.util.Properties;
 
-import static java.sql.Types.BINARY;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertNull;
-import static org.junit.Assert.assertTrue;
+public class BasicH2Test extends BasicDatabaseTest {
 
-public class BasicH2Test extends BrambleTestCase {
+	private final SecretKey key = TestUtils.getSecretKey();
 
-	private static final String CREATE_TABLE =
-			"CREATE TABLE foo (uniqueId BINARY(32), name VARCHAR NOT NULL)";
-	private static final int BATCH_SIZE = 100;
-
-	private final File testDir = TestUtils.getTestDirectory();
-	private final File db = new File(testDir, "db");
-	private final String url = "jdbc:h2:" + db.getAbsolutePath();
-
-	private Connection connection = null;
-
-	@Before
-	public void setUp() throws Exception {
-		testDir.mkdirs();
-		Class.forName("org.h2.Driver");
-		connection = DriverManager.getConnection(url);
+	@Override
+	protected String getBinaryType() {
+		return "BINARY(32)";
 	}
 
-	@Test
-	public void testInsertUpdateAndDelete() throws Exception {
-		// Create the table
-		createTable(connection);
-		// Generate an ID and two names
-		byte[] id = TestUtils.getRandomId();
-		String oldName = StringUtils.getRandomString(50);
-		String newName = StringUtils.getRandomString(50);
-		// Insert the ID and old name into the table
-		insertRow(id, oldName);
-		// Check that the old name can be retrieved using the ID
-		assertTrue(rowExists(id));
-		assertEquals(oldName, getName(id));
-		// Update the name
-		updateRow(id, newName);
-		// Check that the new name can be retrieved using the ID
-		assertTrue(rowExists(id));
-		assertEquals(newName, getName(id));
-		// Delete the row from the table
-		assertTrue(deleteRow(id));
-		// Check that the row no longer exists
-		assertFalse(rowExists(id));
-		// Deleting the row again should have no effect
-		assertFalse(deleteRow(id));
+	@Override
+	protected String getDriverName() {
+		return "org.h2.Driver";
 	}
 
-	@Test
-	public void testBatchInsertUpdateAndDelete() throws Exception {
-		// Create the table
-		createTable(connection);
-		// Generate some IDs and two sets of names
-		byte[][] ids = new byte[BATCH_SIZE][];
-		String[] oldNames = new String[BATCH_SIZE];
-		String[] newNames = new String[BATCH_SIZE];
-		for (int i = 0; i < BATCH_SIZE; i++) {
-			ids[i] = TestUtils.getRandomId();
-			oldNames[i] = StringUtils.getRandomString(50);
-			newNames[i] = StringUtils.getRandomString(50);
+	@Override
+	protected Connection openConnection(File db, boolean encrypt)
+			throws SQLException {
+		String url = "jdbc:h2:split:" + db.getAbsolutePath();
+		Properties props = new Properties();
+		props.setProperty("user", "user");
+		if (encrypt) {
+			url += ";CIPHER=AES";
+			String hex = StringUtils.toHexString(key.getBytes());
+			props.setProperty("password", hex + " password");
 		}
-		// Insert the IDs and old names into the table as a batch
-		insertBatch(ids, oldNames);
-		// Update the names as a batch
-		updateBatch(ids, newNames);
-		// Check that the new names can be retrieved using the IDs
-		for (int i = 0; i < BATCH_SIZE; i++) {
-			assertTrue(rowExists(ids[i]));
-			assertEquals(newNames[i], getName(ids[i]));
-		}
-		// Delete the rows as a batch
-		boolean[] deleted = deleteBatch(ids);
-		// Check that the rows no longer exist
-		for (int i = 0; i < BATCH_SIZE; i++) {
-			assertTrue(deleted[i]);
-			assertFalse(rowExists(ids[i]));
-		}
-		// Deleting the rows again should have no effect
-		deleted = deleteBatch(ids);
-		for (int i = 0; i < BATCH_SIZE; i++) assertFalse(deleted[i]);
+		return DriverManager.getConnection(url, props);
 	}
 
-	@Test
-	public void testSortOrder() throws Exception {
-		byte[] first = new byte[] {
-				0, 0, 0, 0, 0, 0, 0, 0,
-				0, 0, 0, 0, 0, 0, 0, 0,
-				0, 0, 0, 0, 0, 0, 0, 0,
-				0, 0, 0, 0, 0, 0, 0, 0
-		};
-		byte[] second = new byte[] {
-				0, 0, 0, 0, 0, 0, 0, 0,
-				0, 0, 0, 0, 0, 0, 0, 0,
-				0, 0, 0, 0, 0, 0, 0, 0,
-				0, 0, 0, 0, 0, 0, 0, 127
-		};
-		byte[] third = new byte[] {
-				0, 0, 0, 0, 0, 0, 0, 0,
-				0, 0, 0, 0, 0, 0, 0, 0,
-				0, 0, 0, 0, 0, 0, 0, 0,
-				0, 0, 0, 0, 0, 0, 0, (byte) 255
-		};
-		// Create the table
-		createTable(connection);
-		// Insert the rows
-		insertRow(first, "first");
-		insertRow(second, "second");
-		insertRow(third, "third");
-		insertRow(null, "null");
-		// Check the ordering of the < operator: the null ID is not comparable
-		assertNull(getPredecessor(first));
-		assertEquals("first", getPredecessor(second));
-		assertEquals("second", getPredecessor(third));
-		assertNull(getPredecessor(null));
-		// Check the ordering of ORDER BY: nulls come first
-		List<String> names = getNames();
-		assertEquals(4, names.size());
-		assertEquals("null", names.get(0));
-		assertEquals("first", names.get(1));
-		assertEquals("second", names.get(2));
-		assertEquals("third", names.get(3));
-	}
-
-	private void createTable(Connection connection) throws SQLException {
-		try {
-			Statement s = connection.createStatement();
-			s.executeUpdate(CREATE_TABLE);
-			s.close();
-		} catch (SQLException e) {
-			connection.close();
-			throw e;
-		}
-	}
-
-	private void insertRow(byte[] id, String name) throws SQLException {
-		String sql = "INSERT INTO foo (uniqueId, name) VALUES (?, ?)";
-		try {
-			PreparedStatement ps = connection.prepareStatement(sql);
-			if (id == null) ps.setNull(1, BINARY);
-			else ps.setBytes(1, id);
-			ps.setString(2, name);
-			int affected = ps.executeUpdate();
-			assertEquals(1, affected);
-			ps.close();
-		} catch (SQLException e) {
-			connection.close();
-			throw e;
-		}
-	}
-
-	private boolean rowExists(byte[] id) throws SQLException {
-		assertNotNull(id);
-		String sql = "SELECT NULL FROM foo WHERE uniqueID = ?";
-		try {
-			PreparedStatement ps = connection.prepareStatement(sql);
-			ps.setBytes(1, id);
-			ResultSet rs = ps.executeQuery();
-			boolean found = rs.next();
-			assertFalse(rs.next());
-			rs.close();
-			ps.close();
-			return found;
-		} catch (SQLException e) {
-			connection.close();
-			throw e;
-		}
-	}
-
-	private String getName(byte[] id) throws SQLException {
-		assertNotNull(id);
-		String sql = "SELECT name FROM foo WHERE uniqueID = ?";
-		try {
-			PreparedStatement ps = connection.prepareStatement(sql);
-			ps.setBytes(1, id);
-			ResultSet rs = ps.executeQuery();
-			assertTrue(rs.next());
-			String name = rs.getString(1);
-			assertFalse(rs.next());
-			rs.close();
-			ps.close();
-			return name;
-		} catch (SQLException e) {
-			connection.close();
-			throw e;
-		}
-	}
-
-	private void updateRow(byte[] id, String name) throws SQLException {
-		String sql = "UPDATE foo SET name = ? WHERE uniqueId = ?";
-		try {
-			PreparedStatement ps = connection.prepareStatement(sql);
-			if (id == null) ps.setNull(2, BINARY);
-			else ps.setBytes(2, id);
-			ps.setString(1, name);
-			assertEquals(1, ps.executeUpdate());
-			ps.close();
-		} catch (SQLException e) {
-			connection.close();
-			throw e;
-		}
-	}
-
-	private boolean deleteRow(byte[] id) throws SQLException {
-		String sql = "DELETE FROM foo WHERE uniqueId = ?";
-		try {
-			PreparedStatement ps = connection.prepareStatement(sql);
-			if (id == null) ps.setNull(1, BINARY);
-			else ps.setBytes(1, id);
-			int affected = ps.executeUpdate();
-			ps.close();
-			return affected == 1;
-		} catch (SQLException e) {
-			connection.close();
-			throw e;
-		}
-	}
-
-	private void insertBatch(byte[][] ids, String[] names) throws SQLException {
-		assertEquals(ids.length, names.length);
-		String sql = "INSERT INTO foo (uniqueId, name) VALUES (?, ?)";
-		try {
-			PreparedStatement ps = connection.prepareStatement(sql);
-			for (int i = 0; i < ids.length; i++) {
-				if (ids[i] == null) ps.setNull(1, BINARY);
-				else ps.setBytes(1, ids[i]);
-				ps.setString(2, names[i]);
-				ps.addBatch();
-			}
-			int[] batchAffected = ps.executeBatch();
-			assertEquals(ids.length, batchAffected.length);
-			for (int affected : batchAffected) assertEquals(1, affected);
-			ps.close();
-		} catch (SQLException e) {
-			connection.close();
-			throw e;
-		}
-	}
-
-	private void updateBatch(byte[][] ids, String[] names) throws SQLException {
-		assertEquals(ids.length, names.length);
-		String sql = "UPDATE foo SET name = ? WHERE uniqueId = ?";
-		try {
-			PreparedStatement ps = connection.prepareStatement(sql);
-			for (int i = 0; i < ids.length; i++) {
-				if (ids[i] == null) ps.setNull(2, BINARY);
-				else ps.setBytes(2, ids[i]);
-				ps.setString(1, names[i]);
-				ps.addBatch();
-			}
-			int[] batchAffected = ps.executeBatch();
-			assertEquals(ids.length, batchAffected.length);
-			for (int affected : batchAffected) assertEquals(1, affected);
-			ps.close();
-		} catch (SQLException e) {
-			connection.close();
-			throw e;
-		}
-	}
-
-	private boolean[] deleteBatch(byte[][] ids) throws SQLException {
-		String sql = "DELETE FROM foo WHERE uniqueId = ?";
-		try {
-			PreparedStatement ps = connection.prepareStatement(sql);
-			for (byte[] id : ids) {
-				if (id == null) ps.setNull(1, BINARY);
-				else ps.setBytes(1, id);
-				ps.addBatch();
-			}
-			int[] batchAffected = ps.executeBatch();
-			assertEquals(ids.length, batchAffected.length);
-			boolean[] ret = new boolean[ids.length];
-			for (int i = 0; i < batchAffected.length; i++)
-				ret[i] = batchAffected[i] == 1;
-			ps.close();
-			return ret;
-		} catch (SQLException e) {
-			connection.close();
-			throw e;
-		}
-	}
-
-	private String getPredecessor(byte[] id) throws SQLException {
-		String sql = "SELECT name FROM foo WHERE uniqueId < ?"
-				+ " ORDER BY uniqueId DESC LIMIT ?";
-		try {
-			PreparedStatement ps = connection.prepareStatement(sql);
-			ps.setBytes(1, id);
-			ps.setInt(2, 1);
-			ResultSet rs = ps.executeQuery();
-			String name = rs.next() ? rs.getString(1) : null;
-			assertFalse(rs.next());
-			rs.close();
-			ps.close();
-			return name;
-		} catch (SQLException e) {
-			connection.close();
-			throw e;
-		}
-	}
-
-	private List<String> getNames() throws SQLException {
-		String sql = "SELECT name FROM foo ORDER BY uniqueId";
-		List<String> names = new ArrayList<>();
-		try {
-			PreparedStatement ps = connection.prepareStatement(sql);
-			ResultSet rs = ps.executeQuery();
-			while (rs.next()) names.add(rs.getString(1));
-			rs.close();
-			ps.close();
-			return names;
-		} catch (SQLException e) {
-			connection.close();
-			throw e;
-		}
-	}
-
-	@After
-	public void tearDown() throws Exception {
-		if (connection != null) connection.close();
-		TestUtils.deleteTestDirectory(testDir);
+	@Override
+	protected void shutdownDatabase(File db, boolean encrypt)
+			throws SQLException {
+		// The DB is closed automatically when the connection is closed
 	}
 }

bramble-core/src/test/java/org/briarproject/bramble/db/BasicHyperSqlTest.java

@@ -0,0 +1,48 @@
+package org.briarproject.bramble.db;
+
+import org.briarproject.bramble.api.crypto.SecretKey;
+import org.briarproject.bramble.test.TestUtils;
+import org.briarproject.bramble.util.StringUtils;
+
+import java.io.File;
+import java.sql.Connection;
+import java.sql.DriverManager;
+import java.sql.SQLException;
+import java.sql.Statement;
+
+public class BasicHyperSqlTest extends BasicDatabaseTest {
+
+	private final SecretKey key = TestUtils.getSecretKey();
+
+	@Override
+	protected String getBinaryType() {
+		return "BINARY(32)";
+	}
+
+	@Override
+	protected String getDriverName() {
+		return "org.hsqldb.jdbc.JDBCDriver";
+	}
+
+	@Override
+	protected Connection openConnection(File db, boolean encrypt)
+			throws SQLException {
+		String url = "jdbc:hsqldb:file:" + db.getAbsolutePath() +
+				";sql.enforce_size=false;allow_empty_batch=true";
+		if (encrypt) {
+			String hex = StringUtils.toHexString(key.getBytes());
+			url += ";encrypt_lobs=true;crypt_type=AES;crypt_key=" + hex;
+		}
+		return DriverManager.getConnection(url);
+	}
+
+	@Override
+	protected void shutdownDatabase(File db, boolean encrypt)
+			throws SQLException {
+		Connection c = openConnection(db, encrypt);
+		Statement s = c.createStatement();
+		s.executeQuery("SHUTDOWN");
+		s.close();
+		c.close();
+	}
+}

bramble-core/src/test/java/org/briarproject/bramble/db/DatabaseComponentImplTest.java

@@ -48,7 +48,6 @@ import org.briarproject.bramble.api.transport.IncomingKeys;
 import org.briarproject.bramble.api.transport.OutgoingKeys;
 import org.briarproject.bramble.api.transport.TransportKeys;
 import org.briarproject.bramble.test.BrambleMockTestCase;
-import org.briarproject.bramble.test.CaptureArgumentAction;
 import org.briarproject.bramble.test.TestUtils;
 import org.briarproject.bramble.util.StringUtils;
 import org.jmock.Expectations;
@@ -57,12 +56,9 @@ import org.junit.Test;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collection;
+import java.util.Collections;
 import java.util.Map;
-import java.util.concurrent.atomic.AtomicReference;
 
-import static java.util.Collections.emptyMap;
-import static java.util.Collections.singletonList;
-import static java.util.Collections.singletonMap;
 import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_PUBLIC_KEY_LENGTH;
 import static org.briarproject.bramble.api.sync.Group.Visibility.INVISIBLE;
 import static org.briarproject.bramble.api.sync.Group.Visibility.SHARED;
@@ -138,7 +134,7 @@ public class DatabaseComponentImplTest extends BrambleMockTestCase {
 		int shutdownHandle = 12345;
 		context.checking(new Expectations() {{
 			// open()
-			oneOf(database).open(null);
+			oneOf(database).open();
 			will(returnValue(false));
 			oneOf(shutdown).addShutdownHook(with(any(Runnable.class)));
 			will(returnValue(shutdownHandle));
@@ -164,7 +160,7 @@ public class DatabaseComponentImplTest extends BrambleMockTestCase {
 					ContactStatusChangedEvent.class)));
 			// getContacts()
 			oneOf(database).getContacts(txn);
-			will(returnValue(singletonList(contact)));
+			will(returnValue(Collections.singletonList(contact)));
 			// addGroup()
 			oneOf(database).containsGroup(txn, groupId);
 			will(returnValue(false));
@@ -175,12 +171,12 @@ public class DatabaseComponentImplTest extends BrambleMockTestCase {
 			will(returnValue(true));
 			// getGroups()
 			oneOf(database).getGroups(txn, clientId);
-			will(returnValue(singletonList(group)));
+			will(returnValue(Collections.singletonList(group)));
 			// removeGroup()
 			oneOf(database).containsGroup(txn, groupId);
 			will(returnValue(true));
 			oneOf(database).getGroupVisibility(txn, groupId);
-			will(returnValue(emptyMap()));
+			will(returnValue(Collections.emptyList()));
 			oneOf(database).removeGroup(txn, groupId);
 			oneOf(eventBus).broadcast(with(any(GroupRemovedEvent.class)));
 			oneOf(eventBus).broadcast(with(any(
@@ -203,18 +199,18 @@ public class DatabaseComponentImplTest extends BrambleMockTestCase {
 		DatabaseComponent db = createDatabaseComponent(database, eventBus,
 				shutdown);
 
-		assertFalse(db.open(null));
+		assertFalse(db.open());
 		Transaction transaction = db.startTransaction(false);
 		try {
 			db.addLocalAuthor(transaction, localAuthor);
 			assertEquals(contactId,
 					db.addContact(transaction, author, localAuthorId, true,
 							true));
-			assertEquals(singletonList(contact),
+			assertEquals(Collections.singletonList(contact),
 					db.getContacts(transaction));
 			db.addGroup(transaction, group); // First time - listeners called
 			db.addGroup(transaction, group); // Second time - not called
-			assertEquals(singletonList(group),
+			assertEquals(Collections.singletonList(group),
 					db.getGroups(transaction, clientId));
 			db.removeGroup(transaction, group);
 			db.removeContact(transaction, contactId);
@@ -259,8 +255,13 @@ public class DatabaseComponentImplTest extends BrambleMockTestCase {
 			will(returnValue(true));
 			oneOf(database).containsMessage(txn, messageId);
 			will(returnValue(false));
-			oneOf(database).addMessage(txn, message, DELIVERED, true, null);
+			oneOf(database).addMessage(txn, message, DELIVERED, true);
 			oneOf(database).mergeMessageMetadata(txn, messageId, metadata);
+			oneOf(database).getGroupVisibility(txn, groupId);
+			will(returnValue(Collections.singletonList(contactId)));
+			oneOf(database).removeOfferedMessage(txn, contactId, messageId);
+			will(returnValue(false));
+			oneOf(database).addStatus(txn, contactId, messageId, false, false);
 			oneOf(database).commitTransaction(txn);
 			// The message was added, so the listeners should be called
 			oneOf(eventBus).broadcast(with(any(MessageAddedEvent.class)));
@@ -396,7 +397,7 @@ public class DatabaseComponentImplTest extends BrambleMockTestCase {
 
 		transaction = db.startTransaction(false);
 		try {
-			Ack a = new Ack(singletonList(messageId));
+			Ack a = new Ack(Collections.singletonList(messageId));
 			db.receiveAck(transaction, contactId, a);
 			fail();
 		} catch (NoSuchContactException expected) {
@@ -417,7 +418,7 @@ public class DatabaseComponentImplTest extends BrambleMockTestCase {
 
 		transaction = db.startTransaction(false);
 		try {
-			Offer o = new Offer(singletonList(messageId));
+			Offer o = new Offer(Collections.singletonList(messageId));
 			db.receiveOffer(transaction, contactId, o);
 			fail();
 		} catch (NoSuchContactException expected) {
@@ -428,7 +429,7 @@ public class DatabaseComponentImplTest extends BrambleMockTestCase {
 
 		transaction = db.startTransaction(false);
 		try {
-			Request r = new Request(singletonList(messageId));
+			Request r = new Request(Collections.singletonList(messageId));
 			db.receiveRequest(transaction, contactId, r);
 			fail();
 		} catch (NoSuchContactException expected) {
@@ -1021,7 +1022,7 @@ public class DatabaseComponentImplTest extends BrambleMockTestCase {
 
 		Transaction transaction = db.startTransaction(false);
 		try {
-			Ack a = new Ack(singletonList(messageId));
+			Ack a = new Ack(Collections.singletonList(messageId));
 			db.receiveAck(transaction, contactId, a);
 			db.commitTransaction(transaction);
 		} finally {
@@ -1041,7 +1042,12 @@ public class DatabaseComponentImplTest extends BrambleMockTestCase {
 			will(returnValue(VISIBLE));
 			oneOf(database).containsMessage(txn, messageId);
 			will(returnValue(false));
-			oneOf(database).addMessage(txn, message, UNKNOWN, false, contactId);
+			oneOf(database).addMessage(txn, message, UNKNOWN, false);
+			oneOf(database).getGroupVisibility(txn, groupId);
+			will(returnValue(Collections.singletonList(contactId)));
+			oneOf(database).removeOfferedMessage(txn, contactId, messageId);
+			will(returnValue(false));
+			oneOf(database).addStatus(txn, contactId, messageId, true, true);
 			// Second time
 			oneOf(database).containsContact(txn, contactId);
 			will(returnValue(true));
@@ -1191,7 +1197,7 @@ public class DatabaseComponentImplTest extends BrambleMockTestCase {
 
 		Transaction transaction = db.startTransaction(false);
 		try {
-			Request r = new Request(singletonList(messageId));
+			Request r = new Request(Collections.singletonList(messageId));
 			db.receiveRequest(transaction, contactId, r);
 			db.commitTransaction(transaction);
 		} finally {
@@ -1200,11 +1206,7 @@ public class DatabaseComponentImplTest extends BrambleMockTestCase {
 	}
 
 	@Test
-	public void testChangingVisibilityFromInvisibleToVisibleCallsListeners()
-			throws Exception {
-		AtomicReference<GroupVisibilityUpdatedEvent> event =
-				new AtomicReference<>();
-
+	public void testChangingVisibilityCallsListeners() throws Exception {
 		context.checking(new Expectations() {{
 			oneOf(database).startTransaction();
 			will(returnValue(txn));
@@ -1213,13 +1215,16 @@ public class DatabaseComponentImplTest extends BrambleMockTestCase {
 			oneOf(database).containsGroup(txn, groupId);
 			will(returnValue(true));
 			oneOf(database).getGroupVisibility(txn, contactId, groupId);
-			will(returnValue(INVISIBLE));
+			will(returnValue(INVISIBLE)); // Not yet visible
 			oneOf(database).addGroupVisibility(txn, contactId, groupId, false);
+			oneOf(database).getMessageIds(txn, groupId);
+			will(returnValue(Collections.singletonList(messageId)));
+			oneOf(database).removeOfferedMessage(txn, contactId, messageId);
+			will(returnValue(false));
+			oneOf(database).addStatus(txn, contactId, messageId, false, false);
 			oneOf(database).commitTransaction(txn);
 			oneOf(eventBus).broadcast(with(any(
 					GroupVisibilityUpdatedEvent.class)));
-			will(new CaptureArgumentAction<>(event,
-					GroupVisibilityUpdatedEvent.class, 0));
 		}});
 		DatabaseComponent db = createDatabaseComponent(database, eventBus,
 				shutdown);
@@ -1231,48 +1236,6 @@ public class DatabaseComponentImplTest extends BrambleMockTestCase {
 		} finally {
 			db.endTransaction(transaction);
 		}
-
-		GroupVisibilityUpdatedEvent e = event.get();
-		assertNotNull(e);
-		assertEquals(singletonList(contactId), e.getAffectedContacts());
-	}
-
-	@Test
-	public void testChangingVisibilityFromVisibleToInvisibleCallsListeners()
-			throws Exception {
-		AtomicReference<GroupVisibilityUpdatedEvent> event =
-				new AtomicReference<>();
-
-		context.checking(new Expectations() {{
-			oneOf(database).startTransaction();
-			will(returnValue(txn));
-			oneOf(database).containsContact(txn, contactId);
-			will(returnValue(true));
-			oneOf(database).containsGroup(txn, groupId);
-			will(returnValue(true));
-			oneOf(database).getGroupVisibility(txn, contactId, groupId);
-			will(returnValue(VISIBLE));
-			oneOf(database).removeGroupVisibility(txn, contactId, groupId);
-			oneOf(database).commitTransaction(txn);
-			oneOf(eventBus).broadcast(with(any(
-					GroupVisibilityUpdatedEvent.class)));
-			will(new CaptureArgumentAction<>(event,
-					GroupVisibilityUpdatedEvent.class, 0));
-		}});
-		DatabaseComponent db = createDatabaseComponent(database, eventBus,
-				shutdown);
-
-		Transaction transaction = db.startTransaction(false);
-		try {
-			db.setGroupVisibility(transaction, contactId, groupId, INVISIBLE);
-			db.commitTransaction(transaction);
-		} finally {
-			db.endTransaction(transaction);
-		}
-
-		GroupVisibilityUpdatedEvent e = event.get();
-		assertNotNull(e);
-		assertEquals(singletonList(contactId), e.getAffectedContacts());
 	}
 
 	@Test
@@ -1304,8 +1267,8 @@ public class DatabaseComponentImplTest extends BrambleMockTestCase {
 	@Test
 	public void testTransportKeys() throws Exception {
 		TransportKeys transportKeys = createTransportKeys();
-		Map<ContactId, TransportKeys> keys =
-				singletonMap(contactId, transportKeys);
+		Map<ContactId, TransportKeys> keys = Collections.singletonMap(
+				contactId, transportKeys);
 		context.checking(new Expectations() {{
 			// startTransaction()
 			oneOf(database).startTransaction();
@@ -1501,7 +1464,7 @@ public class DatabaseComponentImplTest extends BrambleMockTestCase {
 		MessageId messageId2 = new MessageId(TestUtils.getRandomId());
 		context.checking(new Expectations() {{
 			// open()
-			oneOf(database).open(null);
+			oneOf(database).open();
 			will(returnValue(false));
 			oneOf(shutdown).addShutdownHook(with(any(Runnable.class)));
 			will(returnValue(shutdownHandle));
@@ -1513,8 +1476,13 @@ public class DatabaseComponentImplTest extends BrambleMockTestCase {
 			will(returnValue(true));
 			oneOf(database).containsMessage(txn, messageId);
 			will(returnValue(false));
-			oneOf(database).addMessage(txn, message, DELIVERED, true, null);
+			oneOf(database).addMessage(txn, message, DELIVERED, true);
+			oneOf(database).getGroupVisibility(txn, groupId);
+			will(returnValue(Collections.singletonList(contactId)));
 			oneOf(database).mergeMessageMetadata(txn, messageId, metadata);
+			oneOf(database).removeOfferedMessage(txn, contactId, messageId);
+			will(returnValue(false));
+			oneOf(database).addStatus(txn, contactId, messageId, false, false);
 			// addMessageDependencies()
 			oneOf(database).containsMessage(txn, messageId);
 			will(returnValue(true));
@@ -1543,7 +1511,7 @@ public class DatabaseComponentImplTest extends BrambleMockTestCase {
 		DatabaseComponent db = createDatabaseComponent(database, eventBus,
 				shutdown);
 
-		assertFalse(db.open(null));
+		assertFalse(db.open());
 		Transaction transaction = db.startTransaction(false);
 		try {
 			db.addLocalMessage(transaction, message, metadata, true);

bramble-core/src/test/java/org/briarproject/bramble/db/DatabaseMigrationTest.java

@@ -1,233 +0,0 @@
-package org.briarproject.bramble.db;
-
-import org.briarproject.bramble.api.db.DataTooNewException;
-import org.briarproject.bramble.api.db.DataTooOldException;
-import org.briarproject.bramble.api.db.DatabaseConfig;
-import org.briarproject.bramble.api.db.DbException;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.briarproject.bramble.api.settings.Settings;
-import org.briarproject.bramble.api.system.Clock;
-import org.briarproject.bramble.system.SystemClock;
-import org.briarproject.bramble.test.BrambleMockTestCase;
-import org.briarproject.bramble.test.TestDatabaseConfig;
-import org.briarproject.bramble.test.TestUtils;
-import org.jmock.Expectations;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
-
-import java.io.File;
-import java.sql.Connection;
-import java.util.List;
-
-import static java.util.Arrays.asList;
-import static java.util.Collections.emptyList;
-import static java.util.Collections.singletonList;
-import static org.briarproject.bramble.db.DatabaseConstants.DB_SETTINGS_NAMESPACE;
-import static org.briarproject.bramble.db.DatabaseConstants.SCHEMA_VERSION_KEY;
-import static org.briarproject.bramble.db.JdbcDatabase.CODE_SCHEMA_VERSION;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertTrue;
-
-@NotNullByDefault
-public abstract class DatabaseMigrationTest extends BrambleMockTestCase {
-
-	private final File testDir = TestUtils.getTestDirectory();
-	@SuppressWarnings("unchecked")
-	private final Migration<Connection> migration =
-			context.mock(Migration.class, "migration");
-	@SuppressWarnings("unchecked")
-	private final Migration<Connection> migration1 =
-			context.mock(Migration.class, "migration1");
-
-	protected final DatabaseConfig config =
-			new TestDatabaseConfig(testDir, 1024 * 1024);
-	protected final Clock clock = new SystemClock();
-
-	abstract Database<Connection> createDatabase(
-			List<Migration<Connection>> migrations) throws Exception;
-
-	@Before
-	public void setUp() {
-		assertTrue(testDir.mkdirs());
-	}
-
-	@After
-	public void tearDown() {
-		TestUtils.deleteTestDirectory(testDir);
-	}
-
-	@Test
-	public void testDoesNotRunMigrationsWhenCreatingDatabase()
-			throws Exception {
-		Database<Connection> db = createDatabase(singletonList(migration));
-		assertFalse(db.open(null));
-		assertEquals(CODE_SCHEMA_VERSION, getDataSchemaVersion(db));
-		db.close();
-	}
-
-	@Test(expected = DbException.class)
-	public void testThrowsExceptionIfDataSchemaVersionIsMissing()
-			throws Exception {
-		// Open the DB for the first time
-		Database<Connection> db = createDatabase(asList(migration, migration1));
-		assertFalse(db.open(null));
-		assertEquals(CODE_SCHEMA_VERSION, getDataSchemaVersion(db));
-		// Override the data schema version
-		setDataSchemaVersion(db, -1);
-		db.close();
-		// Reopen the DB - an exception should be thrown
-		db = createDatabase(asList(migration, migration1));
-		db.open(null);
-	}
-
-	@Test
-	public void testDoesNotRunMigrationsIfSchemaVersionsMatch()
-			throws Exception {
-		// Open the DB for the first time
-		Database<Connection> db = createDatabase(asList(migration, migration1));
-		assertFalse(db.open(null));
-		assertEquals(CODE_SCHEMA_VERSION, getDataSchemaVersion(db));
-		db.close();
-		// Reopen the DB - migrations should not be run
-		db = createDatabase(asList(migration, migration1));
-		assertTrue(db.open(null));
-		assertEquals(CODE_SCHEMA_VERSION, getDataSchemaVersion(db));
-		db.close();
-	}
-
-	@Test(expected = DataTooNewException.class)
-	public void testThrowsExceptionIfDataIsNewerThanCode() throws Exception {
-		// Open the DB for the first time
-		Database<Connection> db = createDatabase(asList(migration, migration1));
-		assertFalse(db.open(null));
-		assertEquals(CODE_SCHEMA_VERSION, getDataSchemaVersion(db));
-		// Override the data schema version
-		setDataSchemaVersion(db, CODE_SCHEMA_VERSION + 1);
-		db.close();
-		// Reopen the DB - an exception should be thrown
-		db = createDatabase(asList(migration, migration1));
-		db.open(null);
-	}
-
-	@Test(expected = DataTooOldException.class)
-	public void testThrowsExceptionIfCodeIsNewerThanDataAndNoMigrations()
-			throws Exception {
-		// Open the DB for the first time
-		Database<Connection> db = createDatabase(emptyList());
-		assertFalse(db.open(null));
-		assertEquals(CODE_SCHEMA_VERSION, getDataSchemaVersion(db));
-		setDataSchemaVersion(db, CODE_SCHEMA_VERSION - 1);
-		db.close();
-		// Reopen the DB - an exception should be thrown
-		db = createDatabase(emptyList());
-		db.open(null);
-	}
-
-	@Test(expected = DataTooOldException.class)
-	public void testThrowsExceptionIfCodeIsNewerThanDataAndNoSuitableMigration()
-			throws Exception {
-		context.checking(new Expectations() {{
-			oneOf(migration).getStartVersion();
-			will(returnValue(CODE_SCHEMA_VERSION - 2));
-			oneOf(migration).getEndVersion();
-			will(returnValue(CODE_SCHEMA_VERSION - 1));
-			oneOf(migration1).getStartVersion();
-			will(returnValue(CODE_SCHEMA_VERSION - 1));
-			oneOf(migration1).getEndVersion();
-			will(returnValue(CODE_SCHEMA_VERSION));
-		}});
-
-		// Open the DB for the first time
-		Database<Connection> db = createDatabase(asList(migration, migration1));
-		assertFalse(db.open(null));
-		assertEquals(CODE_SCHEMA_VERSION, getDataSchemaVersion(db));
-		// Override the data schema version
-		setDataSchemaVersion(db, CODE_SCHEMA_VERSION - 3);
-		db.close();
-		// Reopen the DB - an exception should be thrown
-		db = createDatabase(asList(migration, migration1));
-		db.open(null);
-	}
-
-	@Test
-	public void testRunsMigrationIfCodeIsNewerThanDataAndSuitableMigration()
-			throws Exception {
-		context.checking(new Expectations() {{
-			// First migration should be run, increasing schema version by 2
-			oneOf(migration).getStartVersion();
-			will(returnValue(CODE_SCHEMA_VERSION - 2));
-			oneOf(migration).getEndVersion();
-			will(returnValue(CODE_SCHEMA_VERSION));
-			oneOf(migration).migrate(with(any(Connection.class)));
-			// Second migration is not suitable and should be skipped
-			oneOf(migration1).getStartVersion();
-			will(returnValue(CODE_SCHEMA_VERSION - 1));
-			oneOf(migration1).getEndVersion();
-			will(returnValue(CODE_SCHEMA_VERSION));
-		}});
-
-		// Open the DB for the first time
-		Database<Connection> db = createDatabase(asList(migration, migration1));
-		assertFalse(db.open(null));
-		assertEquals(CODE_SCHEMA_VERSION, getDataSchemaVersion(db));
-		// Override the data schema version
-		setDataSchemaVersion(db, CODE_SCHEMA_VERSION - 2);
-		db.close();
-		// Reopen the DB - the first migration should be run
-		db = createDatabase(asList(migration, migration1));
-		assertTrue(db.open(null));
-		assertEquals(CODE_SCHEMA_VERSION, getDataSchemaVersion(db));
-		db.close();
-	}
-
-	@Test
-	public void testRunsMigrationsIfCodeIsNewerThanDataAndSuitableMigrations()
-			throws Exception {
-		context.checking(new Expectations() {{
-			// First migration should be run, incrementing schema version
-			oneOf(migration).getStartVersion();
-			will(returnValue(CODE_SCHEMA_VERSION - 2));
-			oneOf(migration).getEndVersion();
-			will(returnValue(CODE_SCHEMA_VERSION - 1));
-			oneOf(migration).migrate(with(any(Connection.class)));
-			// Second migration should be run, incrementing schema version again
-			oneOf(migration1).getStartVersion();
-			will(returnValue(CODE_SCHEMA_VERSION - 1));
-			oneOf(migration1).getEndVersion();
-			will(returnValue(CODE_SCHEMA_VERSION));
-			oneOf(migration1).migrate(with(any(Connection.class)));
-		}});
-
-		// Open the DB for the first time
-		Database<Connection> db = createDatabase(asList(migration, migration1));
-		assertFalse(db.open(null));
-		assertEquals(CODE_SCHEMA_VERSION, getDataSchemaVersion(db));
-		// Override the data schema version
-		setDataSchemaVersion(db, CODE_SCHEMA_VERSION - 2);
-		db.close();
-		// Reopen the DB - both migrations should be run
-		db = createDatabase(asList(migration, migration1));
-		assertTrue(db.open(null));
-		assertEquals(CODE_SCHEMA_VERSION, getDataSchemaVersion(db));
-		db.close();
-	}
-
-	private int getDataSchemaVersion(Database<Connection> db)
-			throws Exception {
-		Connection txn = db.startTransaction();
-		Settings s = db.getSettings(txn, DB_SETTINGS_NAMESPACE);
-		db.commitTransaction(txn);
-		return s.getInt(SCHEMA_VERSION_KEY, -1);
-	}
-
-	private void setDataSchemaVersion(Database<Connection> db, int version)
-			throws Exception {
-		Settings s = new Settings();
-		s.putInt(SCHEMA_VERSION_KEY, version);
-		Connection txn = db.startTransaction();
-		db.mergeSettings(txn, s, DB_SETTINGS_NAMESPACE);
-		db.commitTransaction(txn);
-	}
-}

bramble-core/src/test/java/org/briarproject/bramble/db/H2MigrationTest.java

@@ -1,21 +0,0 @@
-package org.briarproject.bramble.db;
-
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-
-import java.sql.Connection;
-import java.util.List;
-
-@NotNullByDefault
-public class H2MigrationTest extends DatabaseMigrationTest {
-
-	@Override
-	Database<Connection> createDatabase(List<Migration<Connection>> migrations)
-			throws Exception {
-		return new H2Database(config, clock) {
-			@Override
-			List<Migration<Connection>> getMigrations() {
-				return migrations;
-			}
-		};
-	}
-}

bramble-core/src/test/java/org/briarproject/bramble/db/H2TransactionIsolationTest.java

@@ -19,7 +19,7 @@ import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
-public class TransactionIsolationTest extends BrambleTestCase {
+public class H2TransactionIsolationTest extends BrambleTestCase {
 
 	private static final String DROP_TABLE = "DROP TABLE foo IF EXISTS";
 	private static final String CREATE_TABLE = "CREATE TABLE foo"
@@ -34,9 +34,9 @@ public class TransactionIsolationTest extends BrambleTestCase {
 
 	private final File testDir = TestUtils.getTestDirectory();
 	private final File db = new File(testDir, "db");
-	private final String withMvcc = "jdbc:h2:" + db.getAbsolutePath()
+	private final String withMvcc = "jdbc:h2:split:" + db.getAbsolutePath()
 			+ ";MV_STORE=TRUE;MVCC=TRUE";
-	private final String withoutMvcc = "jdbc:h2:" + db.getAbsolutePath()
+	private final String withoutMvcc = "jdbc:h2:split:" + db.getAbsolutePath()
 			+ ";MV_STORE=FALSE;MVCC=FALSE;LOCK_MODE=1";
 
 	@Before

bramble-core/src/test/java/org/briarproject/bramble/db/HyperSqlDatabaseTest.java

@@ -0,0 +1,16 @@
+package org.briarproject.bramble.db;
+
+import org.briarproject.bramble.api.db.DatabaseConfig;
+import org.briarproject.bramble.api.system.Clock;
+
+public class HyperSqlDatabaseTest extends JdbcDatabaseTest {
+
+	public HyperSqlDatabaseTest() throws Exception {
+		super();
+	}
+
+	@Override
+	protected JdbcDatabase createDatabase(DatabaseConfig config, Clock clock) {
+		return new HyperSqlDatabase(config, clock);
+	}
+}

bramble-core/src/test/java/org/briarproject/bramble/db/Migration30_31Test.java

@@ -1,281 +0,0 @@
-package org.briarproject.bramble.db;
-
-import org.briarproject.bramble.api.db.Metadata;
-import org.briarproject.bramble.api.sync.GroupId;
-import org.briarproject.bramble.api.sync.Message;
-import org.briarproject.bramble.api.sync.MessageId;
-import org.briarproject.bramble.api.sync.ValidationManager.State;
-import org.briarproject.bramble.test.BrambleTestCase;
-import org.briarproject.bramble.test.TestUtils;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
-
-import java.io.File;
-import java.sql.Connection;
-import java.sql.DriverManager;
-import java.sql.PreparedStatement;
-import java.sql.ResultSet;
-import java.sql.SQLException;
-import java.sql.Statement;
-import java.util.Map.Entry;
-
-import static junit.framework.TestCase.assertNotNull;
-import static junit.framework.TestCase.assertTrue;
-import static org.briarproject.bramble.api.sync.ValidationManager.State.DELIVERED;
-import static org.briarproject.bramble.api.sync.ValidationManager.State.UNKNOWN;
-import static org.briarproject.bramble.test.TestUtils.getMessage;
-import static org.briarproject.bramble.test.TestUtils.getRandomBytes;
-import static org.briarproject.bramble.test.TestUtils.getRandomId;
-import static org.briarproject.bramble.util.StringUtils.getRandomString;
-import static org.junit.Assert.assertArrayEquals;
-import static org.junit.Assert.assertEquals;
-
-public class Migration30_31Test extends BrambleTestCase {
-
-	private static final String CREATE_GROUPS_STUB =
-			"CREATE TABLE groups"
-					+ " (groupId BINARY(32) NOT NULL,"
-					+ " PRIMARY KEY (groupId))";
-
-	private static final String CREATE_MESSAGES =
-			"CREATE TABLE messages"
-					+ " (messageId BINARY(32) NOT NULL,"
-					+ " groupId BINARY(32) NOT NULL,"
-					+ " timestamp BIGINT NOT NULL,"
-					+ " state INT NOT NULL,"
-					+ " shared BOOLEAN NOT NULL,"
-					+ " length INT NOT NULL,"
-					+ " raw BLOB," // Null if message has been deleted
-					+ " PRIMARY KEY (messageId),"
-					+ " FOREIGN KEY (groupId)"
-					+ " REFERENCES groups (groupId)"
-					+ " ON DELETE CASCADE)";
-
-	private static final String CREATE_MESSAGE_METADATA_30 =
-			"CREATE TABLE messageMetadata"
-					+ " (messageId BINARY(32) NOT NULL,"
-					+ " key VARCHAR NOT NULL,"
-					+ " value BINARY NOT NULL,"
-					+ " PRIMARY KEY (messageId, key),"
-					+ " FOREIGN KEY (messageId)"
-					+ " REFERENCES messages (messageId)"
-					+ " ON DELETE CASCADE)";
-
-	private final File testDir = TestUtils.getTestDirectory();
-	private final File db = new File(testDir, "db");
-	private final String url = "jdbc:h2:" + db.getAbsolutePath();
-	private final GroupId groupId = new GroupId(getRandomId());
-	private final GroupId groupId1 = new GroupId(getRandomId());
-	private final Message message = getMessage(groupId);
-	private final Message message1 = getMessage(groupId1);
-	private final Metadata meta = new Metadata(), meta1 = new Metadata();
-
-	private Connection connection = null;
-
-	public Migration30_31Test() {
-		for (int i = 0; i < 10; i++) {
-			meta.put(getRandomString(123 + i), getRandomBytes(123 + i));
-			meta1.put(getRandomString(123 + i), getRandomBytes(123 + i));
-		}
-	}
-
-	@Before
-	public void setUp() throws Exception {
-		assertTrue(testDir.mkdirs());
-		Class.forName("org.h2.Driver");
-		connection = DriverManager.getConnection(url);
-	}
-
-	@After
-	public void tearDown() throws Exception {
-		if (connection != null) connection.close();
-		TestUtils.deleteTestDirectory(testDir);
-	}
-
-	@Test
-	public void testMigration() throws Exception {
-		try {
-			Statement s = connection.createStatement();
-			s.execute(CREATE_GROUPS_STUB);
-			s.execute(CREATE_MESSAGES);
-			s.execute(CREATE_MESSAGE_METADATA_30);
-			s.close();
-
-			addGroup(groupId);
-			addMessage(message, DELIVERED, true);
-			addMessageMetadata30(message, meta);
-			assertMetadataEquals(meta, getMessageMetadata(message.getId()));
-
-			addGroup(groupId1);
-			addMessage(message1, UNKNOWN, false);
-			addMessageMetadata30(message1, meta1);
-			assertMetadataEquals(meta1, getMessageMetadata(message1.getId()));
-
-			new Migration30_31().migrate(connection);
-
-			assertMetadataEquals(meta, getMessageMetadata(message.getId()));
-			for (String key : meta.keySet()) {
-				GroupId g = getMessageMetadataGroupId31(message.getId(), key);
-				assertEquals(groupId, g);
-				State state = getMessageMetadataState31(message.getId(), key);
-				assertEquals(DELIVERED, state);
-			}
-
-			assertMetadataEquals(meta1, getMessageMetadata(message1.getId()));
-			for (String key : meta1.keySet()) {
-				GroupId g = getMessageMetadataGroupId31(message1.getId(), key);
-				assertEquals(groupId1, g);
-				State state = getMessageMetadataState31(message1.getId(), key);
-				assertEquals(UNKNOWN, state);
-			}
-		} catch (SQLException e) {
-			connection.close();
-			throw e;
-		}
-	}
-
-	private void addGroup(GroupId g) throws SQLException {
-		PreparedStatement ps = null;
-		try {
-			String sql = "INSERT INTO groups (groupId) VALUES (?)";
-			ps = connection.prepareStatement(sql);
-			ps.setBytes(1, g.getBytes());
-			int affected = ps.executeUpdate();
-			if (affected != 1) throw new DbStateException();
-			ps.close();
-		} catch (SQLException e) {
-			if (ps != null) ps.close();
-			throw e;
-		}
-	}
-
-	private void addMessage(Message m, State state, boolean shared)
-			throws SQLException {
-		PreparedStatement ps = null;
-		try {
-			String sql = "INSERT INTO messages (messageId, groupId, timestamp,"
-					+ " state, shared, length, raw)"
-					+ " VALUES (?, ?, ?, ?, ?, ?, ?)";
-			ps = connection.prepareStatement(sql);
-			ps.setBytes(1, m.getId().getBytes());
-			ps.setBytes(2, m.getGroupId().getBytes());
-			ps.setLong(3, m.getTimestamp());
-			ps.setInt(4, state.getValue());
-			ps.setBoolean(5, shared);
-			byte[] raw = m.getRaw();
-			ps.setInt(6, raw.length);
-			ps.setBytes(7, raw);
-			int affected = ps.executeUpdate();
-			if (affected != 1) throw new DbStateException();
-			ps.close();
-		} catch (SQLException e) {
-			if (ps != null) ps.close();
-			throw e;
-		}
-	}
-
-	private void addMessageMetadata30(Message m, Metadata meta)
-			throws SQLException {
-		PreparedStatement ps = null;
-		try {
-			String sql = "INSERT INTO messageMetadata"
-					+ " (messageId, key, value)"
-					+ " VALUES (?, ?, ?)";
-			ps = connection.prepareStatement(sql);
-			ps.setBytes(1, m.getId().getBytes());
-			for (Entry<String, byte[]> e : meta.entrySet()) {
-				ps.setString(2, e.getKey());
-				ps.setBytes(3, e.getValue());
-				ps.addBatch();
-			}
-			int[] batchAffected = ps.executeBatch();
-			if (batchAffected.length != meta.size())
-				throw new DbStateException();
-			for (int rows : batchAffected)
-				if (rows != 1) throw new DbStateException();
-			ps.close();
-		} catch (SQLException e) {
-			if (ps != null) ps.close();
-			throw e;
-		}
-	}
-
-	private Metadata getMessageMetadata(MessageId m) throws SQLException {
-		PreparedStatement ps = null;
-		ResultSet rs = null;
-		try {
-			String sql = "SELECT key, value FROM messageMetadata"
-					+ " WHERE messageId = ?";
-			ps = connection.prepareStatement(sql);
-			ps.setBytes(1, m.getBytes());
-			rs = ps.executeQuery();
-			Metadata meta = new Metadata();
-			while (rs.next()) meta.put(rs.getString(1), rs.getBytes(2));
-			rs.close();
-			ps.close();
-			return meta;
-		} catch (SQLException e) {
-			if (rs != null) rs.close();
-			if (ps != null) ps.close();
-			throw e;
-		}
-	}
-
-	private GroupId getMessageMetadataGroupId31(MessageId m, String key)
-		throws SQLException {
-		PreparedStatement ps = null;
-		ResultSet rs = null;
-		try {
-			String sql = "SELECT groupId FROM messageMetadata"
-					+ " WHERE messageId = ? AND key = ?";
-			ps = connection.prepareStatement(sql);
-			ps.setBytes(1, m.getBytes());
-			ps.setString(2, key);
-			rs = ps.executeQuery();
-			if (!rs.next()) throw new DbStateException();
-			GroupId g = new GroupId(rs.getBytes(1));
-			if (rs.next()) throw new DbStateException();
-			rs.close();
-			ps.close();
-			return g;
-		} catch (SQLException e) {
-			if (rs != null) rs.close();
-			if (ps != null) ps.close();
-			throw e;
-		}
-	}
-
-	private State getMessageMetadataState31(MessageId m, String key)
-		throws SQLException {
-		PreparedStatement ps = null;
-		ResultSet rs = null;
-		try {
-			String sql = "SELECT state FROM messageMetadata"
-					+ " WHERE messageId = ? AND key = ?";
-			ps = connection.prepareStatement(sql);
-			ps.setBytes(1, m.getBytes());
-			ps.setString(2, key);
-			rs = ps.executeQuery();
-			if (!rs.next()) throw new DbStateException();
-			State state = State.fromValue(rs.getInt(1));
-			if (rs.next()) throw new DbStateException();
-			rs.close();
-			ps.close();
-			return state;
-		} catch (SQLException e) {
-			if (rs != null) rs.close();
-			if (ps != null) ps.close();
-			throw e;
-		}
-	}
-
-	private void assertMetadataEquals(Metadata expected, Metadata actual) {
-		assertEquals(expected.size(), actual.size());
-		for (Entry<String, byte[]> e : expected.entrySet()) {
-			byte[] value = actual.get(e.getKey());
-			assertNotNull(value);
-			assertArrayEquals(e.getValue(), value);
-		}
-	}
-}