Disable image attachments for remote contacts alpha.

Compress images

See merge request briar/briar!1147

.gitlab-ci.yml

@@ -1,6 +1,11 @@
 image: briar/ci-image-android:latest
 
+stages:
+- test
+- check_reproducibility
+
 test:
+  stage: test
   before_script:
     - set -e
     - export GRADLE_USER_HOME=$PWD/.gradle
@@ -21,6 +26,7 @@ test:
 
 
 test_reproducible:
+  stage: check_reproducibility
   script:
     - "curl -X POST -F token=${RELEASE_CHECK_TOKEN} -F ref=master -F variables[RELEASE_TAG]=${CI_COMMIT_REF_NAME} https://code.briarproject.org/api/v4/projects/61/trigger/pipeline"
   only:

.idea/runConfigurations/All_in_briar_headless.xml

@@ -1,20 +0,0 @@
-<component name="ProjectRunConfigurationManager">
-  <configuration default="false" name="All in briar-headless" type="AndroidJUnit" factoryName="Android JUnit" nameIsGenerated="true">
-    <module name="briar-headless" />
-    <option name="ALTERNATIVE_JRE_PATH_ENABLED" value="false" />
-    <option name="ALTERNATIVE_JRE_PATH" />
-    <option name="PACKAGE_NAME" value="org.briarproject.briar.headless" />
-    <option name="MAIN_CLASS_NAME" value="" />
-    <option name="METHOD_NAME" value="" />
-    <option name="TEST_OBJECT" value="package" />
-    <option name="VM_PARAMETERS" value="" />
-    <option name="PARAMETERS" value="" />
-    <option name="WORKING_DIRECTORY" value="file://$PROJECT_DIR$/briar-headless" />
-    <option name="PASS_PARENT_ENVS" value="true" />
-    <option name="TEST_SEARCH_SCOPE">
-      <value defaultName="singleModule" />
-    </option>
-    <patterns />
-    <method />
-  </configuration>
-</component>

.idea/runConfigurations/All_tests.xml

@@ -1,30 +1,20 @@
 <component name="ProjectRunConfigurationManager">
   <configuration default="false" name="All tests" type="AndroidJUnit" factoryName="Android JUnit">
-    <extension name="coverage" enabled="false" merge="false" sample_coverage="true" runner="idea" />
     <module name="briar-android" />
-    <option name="ALTERNATIVE_JRE_PATH_ENABLED" value="false" />
-    <option name="ALTERNATIVE_JRE_PATH" />
     <option name="PACKAGE_NAME" value="" />
     <option name="MAIN_CLASS_NAME" value="" />
     <option name="METHOD_NAME" value="" />
     <option name="TEST_OBJECT" value="package" />
-    <option name="VM_PARAMETERS" value="-ea" />
     <option name="PARAMETERS" value="" />
-    <option name="WORKING_DIRECTORY" value="file://$PROJECT_DIR$/briar-android" />
-    <option name="ENV_VARIABLES" />
-    <option name="PASS_PARENT_ENVS" value="true" />
-    <option name="TEST_SEARCH_SCOPE">
-      <value defaultName="singleModule" />
-    </option>
-    <envs />
-    <patterns />
-    <method>
+    <option name="WORKING_DIRECTORY" value="$PROJECT_DIR$/briar-android" />
+    <method v="2">
+      <option name="Android.Gradle.BeforeRunTask" enabled="true" />
       <option name="RunConfigurationTask" enabled="true" run_configuration_name="All tests in bramble-api" run_configuration_type="AndroidJUnit" />
       <option name="RunConfigurationTask" enabled="true" run_configuration_name="All tests in bramble-core" run_configuration_type="AndroidJUnit" />
       <option name="RunConfigurationTask" enabled="true" run_configuration_name="All tests in bramble-android" run_configuration_type="AndroidJUnit" />
       <option name="RunConfigurationTask" enabled="true" run_configuration_name="All tests in bramble-java" run_configuration_type="AndroidJUnit" />
       <option name="RunConfigurationTask" enabled="true" run_configuration_name="All tests in briar-core" run_configuration_type="AndroidJUnit" />
-      <option name="RunConfigurationTask" enabled="true" run_configuration_name="All in briar-headless" run_configuration_type="AndroidJUnit" />
+      <option name="RunConfigurationTask" enabled="true" run_configuration_name="All tests in briar-headless" run_configuration_type="AndroidJUnit" />
     </method>
   </configuration>
 </component>

.idea/runConfigurations/All_tests_in_briar_headless.xml

@@ -0,0 +1,15 @@
+<component name="ProjectRunConfigurationManager">
+  <configuration default="false" name="All tests in briar-headless" type="AndroidJUnit" factoryName="Android JUnit">
+    <module name="briar-headless" />
+    <option name="PACKAGE_NAME" value="org.briarproject.briar.headless" />
+    <option name="MAIN_CLASS_NAME" value="" />
+    <option name="METHOD_NAME" value="" />
+    <option name="TEST_OBJECT" value="package" />
+    <option name="VM_PARAMETERS" />
+    <option name="PARAMETERS" value="" />
+    <option name="WORKING_DIRECTORY" value="$PROJECT_DIR$/briar-headless" />
+    <method v="2">
+      <option name="Android.Gradle.BeforeRunTask" enabled="true" />
+    </method>
+  </configuration>
+</component>

bramble-android/build.gradle

@@ -11,8 +11,8 @@ android {
 	defaultConfig {
 		minSdkVersion 14
 		targetSdkVersion 26
-		versionCode 10106
-		versionName "1.1.6"
+		versionCode 10107
+		versionName "1.1.7"
 		consumerProguardFiles 'proguard-rules.txt'
 
 		testInstrumentationRunner "android.support.test.runner.AndroidJUnitRunner"

bramble-android/src/main/java/org/briarproject/bramble/BrambleAndroidEagerSingletons.java

@@ -2,10 +2,13 @@ package org.briarproject.bramble;
 
 import org.briarproject.bramble.battery.AndroidBatteryModule;
 import org.briarproject.bramble.network.AndroidNetworkModule;
+import org.briarproject.bramble.reporting.ReportingModule;
 
 public interface BrambleAndroidEagerSingletons {
 
 	void inject(AndroidBatteryModule.EagerSingletons init);
 
 	void inject(AndroidNetworkModule.EagerSingletons init);
+
+	void inject(ReportingModule.EagerSingletons init);
 }

bramble-android/src/main/java/org/briarproject/bramble/BrambleAndroidModule.java

@@ -3,6 +3,8 @@ package org.briarproject.bramble;
 import org.briarproject.bramble.battery.AndroidBatteryModule;
 import org.briarproject.bramble.network.AndroidNetworkModule;
 import org.briarproject.bramble.plugin.tor.CircumventionModule;
+import org.briarproject.bramble.reporting.ReportingModule;
+import org.briarproject.bramble.socks.SocksModule;
 import org.briarproject.bramble.system.AndroidSystemModule;
 
 import dagger.Module;
@@ -11,12 +13,15 @@ import dagger.Module;
 		AndroidBatteryModule.class,
 		AndroidNetworkModule.class,
 		AndroidSystemModule.class,
-		CircumventionModule.class
+		CircumventionModule.class,
+		ReportingModule.class,
+		SocksModule.class
 })
 public class BrambleAndroidModule {
 
 	public static void initEagerSingletons(BrambleAndroidEagerSingletons c) {
 		c.inject(new AndroidBatteryModule.EagerSingletons());
 		c.inject(new AndroidNetworkModule.EagerSingletons());
+		c.inject(new ReportingModule.EagerSingletons());
 	}
 }

bramble-android/src/main/java/org/briarproject/bramble/account/AndroidAccountManager.java

@@ -9,7 +9,6 @@ import org.briarproject.bramble.api.account.AccountManager;
 import org.briarproject.bramble.api.crypto.CryptoComponent;
 import org.briarproject.bramble.api.db.DatabaseConfig;
 import org.briarproject.bramble.api.identity.IdentityManager;
-import org.briarproject.bramble.util.IoUtils;
 
 import java.io.File;
 import java.util.HashSet;
@@ -20,6 +19,9 @@ import javax.annotation.Nullable;
 import javax.inject.Inject;
 
 import static android.os.Build.VERSION.SDK_INT;
+import static java.util.logging.Level.INFO;
+import static org.briarproject.bramble.util.IoUtils.deleteFileOrDir;
+import static org.briarproject.bramble.util.LogUtils.logFileOrDir;
 
 class AndroidAccountManager extends AccountManagerImpl
 		implements AccountManager {
@@ -41,6 +43,16 @@ class AndroidAccountManager extends AccountManagerImpl
 		appContext = app.getApplicationContext();
 	}
 
+	@Override
+	public boolean accountExists() {
+		boolean exists = super.accountExists();
+		if (!exists && LOG.isLoggable(INFO)) {
+			LOG.info("Account does not exist. Contents of account directory:");
+			logFileOrDir(LOG, INFO, getDataDir());
+		}
+		return exists;
+	}
+
 	// Locking: stateChangeLock
 	@Override
 	@Nullable
@@ -74,9 +86,17 @@ class AndroidAccountManager extends AccountManagerImpl
 	@Override
 	public void deleteAccount() {
 		synchronized (stateChangeLock) {
+			if (LOG.isLoggable(INFO)) {
+				LOG.info("Contents of account directory before deleting:");
+				logFileOrDir(LOG, INFO, getDataDir());
+			}
 			super.deleteAccount();
 			SharedPreferences defaultPrefs = getDefaultSharedPreferences();
 			deleteAppData(prefs, defaultPrefs);
+			if (LOG.isLoggable(INFO)) {
+				LOG.info("Contents of account directory after deleting:");
+				logFileOrDir(LOG, INFO, getDataDir());
+			}
 		}
 	}
 
@@ -94,7 +114,7 @@ class AndroidAccountManager extends AccountManagerImpl
 		}
 		// Delete files, except lib and shared_prefs directories
 		Set<File> files = new HashSet<>();
-		File dataDir = new File(appContext.getApplicationInfo().dataDir);
+		File dataDir = getDataDir();
 		@Nullable
 		File[] fileArray = dataDir.listFiles();
 		if (fileArray == null) {
@@ -121,13 +141,17 @@ class AndroidAccountManager extends AccountManagerImpl
 			}
 		}
 		for (File file : files) {
-			IoUtils.deleteFileOrDir(file);
+			deleteFileOrDir(file);
 		}
 		// Recreate the cache dir as some OpenGL drivers expect it to exist
 		if (!new File(dataDir, "cache").mkdirs())
 			LOG.warning("Could not recreate cache dir");
 	}
 
+	private File getDataDir() {
+		return new File(appContext.getApplicationInfo().dataDir);
+	}
+
 	private void addIfNotNull(Set<File> files, @Nullable File file) {
 		if (file != null) files.add(file);
 	}

bramble-android/src/main/java/org/briarproject/bramble/plugin/bluetooth/AndroidBluetoothPlugin.java

@@ -12,8 +12,8 @@ import android.content.IntentFilter;
 import org.briarproject.bramble.api.nullsafety.MethodsNotNullByDefault;
 import org.briarproject.bramble.api.nullsafety.ParametersNotNullByDefault;
 import org.briarproject.bramble.api.plugin.Backoff;
+import org.briarproject.bramble.api.plugin.PluginCallback;
 import org.briarproject.bramble.api.plugin.PluginException;
-import org.briarproject.bramble.api.plugin.duplex.DuplexPluginCallback;
 import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
 import org.briarproject.bramble.api.system.AndroidExecutor;
 import org.briarproject.bramble.api.system.Clock;
@@ -51,6 +51,7 @@ import static android.bluetooth.BluetoothDevice.EXTRA_DEVICE;
 import static java.util.concurrent.TimeUnit.MILLISECONDS;
 import static java.util.logging.Level.INFO;
 import static java.util.logging.Level.WARNING;
+import static java.util.logging.Logger.getLogger;
 import static org.briarproject.bramble.util.PrivacyUtils.scrubMacAddress;
 
 @MethodsNotNullByDefault
@@ -58,7 +59,7 @@ import static org.briarproject.bramble.util.PrivacyUtils.scrubMacAddress;
 class AndroidBluetoothPlugin extends BluetoothPlugin<BluetoothServerSocket> {
 
 	private static final Logger LOG =
-			Logger.getLogger(AndroidBluetoothPlugin.class.getName());
+			getLogger(AndroidBluetoothPlugin.class.getName());
 
 	private static final int MAX_DISCOVERY_MS = 10_000;
 
@@ -75,7 +76,7 @@ class AndroidBluetoothPlugin extends BluetoothPlugin<BluetoothServerSocket> {
 	AndroidBluetoothPlugin(BluetoothConnectionLimiter connectionLimiter,
 			Executor ioExecutor, AndroidExecutor androidExecutor,
 			Context appContext, SecureRandom secureRandom, Clock clock,
-			Backoff backoff, DuplexPluginCallback callback, int maxLatency) {
+			Backoff backoff, PluginCallback callback, int maxLatency) {
 		super(connectionLimiter, ioExecutor, secureRandom, backoff, callback,
 				maxLatency);
 		this.androidExecutor = androidExecutor;

bramble-android/src/main/java/org/briarproject/bramble/plugin/bluetooth/AndroidBluetoothPluginFactory.java

@@ -6,9 +6,9 @@ import org.briarproject.bramble.api.event.EventBus;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.Backoff;
 import org.briarproject.bramble.api.plugin.BackoffFactory;
+import org.briarproject.bramble.api.plugin.PluginCallback;
 import org.briarproject.bramble.api.plugin.TransportId;
 import org.briarproject.bramble.api.plugin.duplex.DuplexPlugin;
-import org.briarproject.bramble.api.plugin.duplex.DuplexPluginCallback;
 import org.briarproject.bramble.api.plugin.duplex.DuplexPluginFactory;
 import org.briarproject.bramble.api.system.AndroidExecutor;
 import org.briarproject.bramble.api.system.Clock;
@@ -61,7 +61,7 @@ public class AndroidBluetoothPluginFactory implements DuplexPluginFactory {
 	}
 
 	@Override
-	public DuplexPlugin createPlugin(DuplexPluginCallback callback) {
+	public DuplexPlugin createPlugin(PluginCallback callback) {
 		BluetoothConnectionLimiter connectionLimiter =
 				new BluetoothConnectionLimiterImpl();
 		Backoff backoff = backoffFactory.createBackoff(MIN_POLLING_INTERVAL,

bramble-android/src/main/java/org/briarproject/bramble/plugin/tcp/AndroidLanTcpPlugin.java

@@ -13,7 +13,7 @@ import org.briarproject.bramble.api.event.EventListener;
 import org.briarproject.bramble.api.network.event.NetworkStatusEvent;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.Backoff;
-import org.briarproject.bramble.api.plugin.duplex.DuplexPluginCallback;
+import org.briarproject.bramble.api.plugin.PluginCallback;
 
 import java.io.IOException;
 import java.net.InetAddress;
@@ -32,17 +32,18 @@ import static android.net.ConnectivityManager.TYPE_WIFI;
 import static android.os.Build.VERSION.SDK_INT;
 import static java.util.Collections.emptyList;
 import static java.util.Collections.singletonList;
+import static java.util.logging.Logger.getLogger;
 
 @NotNullByDefault
 class AndroidLanTcpPlugin extends LanTcpPlugin implements EventListener {
 
+	private static final Logger LOG =
+			getLogger(AndroidLanTcpPlugin.class.getName());
+
 	private static final byte[] WIFI_AP_ADDRESS_BYTES =
 			{(byte) 192, (byte) 168, 43, 1};
 	private static final InetAddress WIFI_AP_ADDRESS;
 
-	private static final Logger LOG =
-			Logger.getLogger(AndroidLanTcpPlugin.class.getName());
-
 	static {
 		try {
 			WIFI_AP_ADDRESS = InetAddress.getByAddress(WIFI_AP_ADDRESS_BYTES);
@@ -60,7 +61,7 @@ class AndroidLanTcpPlugin extends LanTcpPlugin implements EventListener {
 	private volatile SocketFactory socketFactory;
 
 	AndroidLanTcpPlugin(Executor ioExecutor, Context appContext,
-			Backoff backoff, DuplexPluginCallback callback, int maxLatency,
+			Backoff backoff, PluginCallback callback, int maxLatency,
 			int maxIdleTime) {
 		super(ioExecutor, backoff, callback, maxLatency, maxIdleTime);
 		// Don't execute more than one connection status check at a time

bramble-android/src/main/java/org/briarproject/bramble/plugin/tcp/AndroidLanTcpPluginFactory.java

@@ -6,9 +6,9 @@ import org.briarproject.bramble.api.event.EventBus;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.Backoff;
 import org.briarproject.bramble.api.plugin.BackoffFactory;
+import org.briarproject.bramble.api.plugin.PluginCallback;
 import org.briarproject.bramble.api.plugin.TransportId;
 import org.briarproject.bramble.api.plugin.duplex.DuplexPlugin;
-import org.briarproject.bramble.api.plugin.duplex.DuplexPluginCallback;
 import org.briarproject.bramble.api.plugin.duplex.DuplexPluginFactory;
 
 import java.util.concurrent.Executor;
@@ -51,7 +51,7 @@ public class AndroidLanTcpPluginFactory implements DuplexPluginFactory {
 	}
 
 	@Override
-	public DuplexPlugin createPlugin(DuplexPluginCallback callback) {
+	public DuplexPlugin createPlugin(PluginCallback callback) {
 		Backoff backoff = backoffFactory.createBackoff(MIN_POLLING_INTERVAL,
 				MAX_POLLING_INTERVAL, BACKOFF_BASE);
 		AndroidLanTcpPlugin plugin = new AndroidLanTcpPlugin(ioExecutor,

bramble-android/src/main/java/org/briarproject/bramble/plugin/tor/AndroidTorPlugin.java

@@ -11,7 +11,7 @@ import org.briarproject.bramble.api.network.NetworkManager;
 import org.briarproject.bramble.api.nullsafety.MethodsNotNullByDefault;
 import org.briarproject.bramble.api.nullsafety.ParametersNotNullByDefault;
 import org.briarproject.bramble.api.plugin.Backoff;
-import org.briarproject.bramble.api.plugin.duplex.DuplexPluginCallback;
+import org.briarproject.bramble.api.plugin.PluginCallback;
 import org.briarproject.bramble.api.system.Clock;
 import org.briarproject.bramble.api.system.LocationUtils;
 import org.briarproject.bramble.api.system.ResourceProvider;
@@ -41,11 +41,12 @@ class AndroidTorPlugin extends TorPlugin {
 			Clock clock, ResourceProvider resourceProvider,
 			CircumventionProvider circumventionProvider,
 			BatteryManager batteryManager, Backoff backoff,
-			DuplexPluginCallback callback, String architecture, int maxLatency,
+			TorRendezvousCrypto torRendezvousCrypto,
+			PluginCallback callback, String architecture, int maxLatency,
 			int maxIdleTime) {
 		super(ioExecutor, networkManager, locationUtils, torSocketFactory,
 				clock, resourceProvider, circumventionProvider, batteryManager,
-				backoff, callback, architecture, maxLatency, maxIdleTime,
+				backoff, torRendezvousCrypto, callback, architecture, maxLatency, maxIdleTime,
 				appContext.getDir("tor", MODE_PRIVATE));
 		this.appContext = appContext;
 		PowerManager pm = (PowerManager)

bramble-android/src/main/java/org/briarproject/bramble/plugin/tor/AndroidTorPluginFactory.java

@@ -9,10 +9,10 @@ import org.briarproject.bramble.api.network.NetworkManager;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.Backoff;
 import org.briarproject.bramble.api.plugin.BackoffFactory;
+import org.briarproject.bramble.api.plugin.PluginCallback;
 import org.briarproject.bramble.api.plugin.TorConstants;
 import org.briarproject.bramble.api.plugin.TransportId;
 import org.briarproject.bramble.api.plugin.duplex.DuplexPlugin;
-import org.briarproject.bramble.api.plugin.duplex.DuplexPluginCallback;
 import org.briarproject.bramble.api.plugin.duplex.DuplexPluginFactory;
 import org.briarproject.bramble.api.system.Clock;
 import org.briarproject.bramble.api.system.LocationUtils;
@@ -84,7 +84,7 @@ public class AndroidTorPluginFactory implements DuplexPluginFactory {
 	}
 
 	@Override
-	public DuplexPlugin createPlugin(DuplexPluginCallback callback) {
+	public DuplexPlugin createPlugin(PluginCallback callback) {
 
 		// Check that we have a Tor binary for this architecture
 		String architecture = null;
@@ -106,10 +106,12 @@ public class AndroidTorPluginFactory implements DuplexPluginFactory {
 
 		Backoff backoff = backoffFactory.createBackoff(MIN_POLLING_INTERVAL,
 				MAX_POLLING_INTERVAL, BACKOFF_BASE);
+		TorRendezvousCrypto torRendezvousCrypto = new TorRendezvousCryptoImpl();
 		AndroidTorPlugin plugin = new AndroidTorPlugin(ioExecutor, scheduler,
 				appContext, networkManager, locationUtils, torSocketFactory,
 				clock, resourceProvider, circumventionProvider, batteryManager,
-				backoff, callback, architecture, MAX_LATENCY, MAX_IDLE_TIME);
+				backoff, torRendezvousCrypto, callback, architecture,
+				MAX_LATENCY, MAX_IDLE_TIME);
 		eventBus.addListener(plugin);
 		return plugin;
 	}

bramble-android/src/test/java/org/briarproject/bramble/account/AndroidAccountManagerTest.java

@@ -128,7 +128,7 @@ public class AndroidAccountManagerTest extends BrambleMockTestCase {
 			will(returnValue(editor));
 			oneOf(editor).commit();
 			will(returnValue(true));
-			oneOf(app).getApplicationInfo();
+			allowing(app).getApplicationInfo();
 			will(returnValue(applicationInfo));
 			oneOf(app).getFilesDir();
 			will(returnValue(filesDir));

bramble-api/src/main/java/org/briarproject/bramble/api/Bytes.java

@@ -4,8 +4,8 @@ import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.util.StringUtils;
 
 import java.util.Arrays;
-import java.util.Comparator;
 
+import javax.annotation.Nullable;
 import javax.annotation.concurrent.ThreadSafe;
 
 /**
@@ -15,8 +15,6 @@ import javax.annotation.concurrent.ThreadSafe;
 @NotNullByDefault
 public class Bytes implements Comparable<Bytes> {
 
-	public static final BytesComparator COMPARATOR = new BytesComparator();
-
 	private final byte[] bytes;
 
 	private int hashCode = -1;
@@ -38,20 +36,13 @@ public class Bytes implements Comparable<Bytes> {
 	}
 
 	@Override
-	public boolean equals(Object o) {
+	public boolean equals(@Nullable Object o) {
 		return o instanceof Bytes && Arrays.equals(bytes, ((Bytes) o).bytes);
 	}
 
 	@Override
 	public int compareTo(Bytes other) {
-		byte[] aBytes = bytes, bBytes = other.bytes;
-		int length = Math.min(aBytes.length, bBytes.length);
-		for (int i = 0; i < length; i++) {
-			int aUnsigned = aBytes[i] & 0xFF, bUnsigned = bBytes[i] & 0xFF;
-			if (aUnsigned < bUnsigned) return -1;
-			if (aUnsigned > bUnsigned) return 1;
-		}
-		return aBytes.length - bBytes.length;
+		return compare(bytes, other.bytes);
 	}
 
 	@Override
@@ -60,11 +51,13 @@ public class Bytes implements Comparable<Bytes> {
 				"(" + StringUtils.toHexString(getBytes()) + ")";
 	}
 
-	public static class BytesComparator implements Comparator<Bytes> {
-
-		@Override
-		public int compare(Bytes a, Bytes b) {
-			return a.compareTo(b);
+	public static int compare(byte[] a, byte[] b) {
+		int length = Math.min(a.length, b.length);
+		for (int i = 0; i < length; i++) {
+			int aUnsigned = a[i] & 0xFF, bUnsigned = b[i] & 0xFF;
+			if (aUnsigned < bUnsigned) return -1;
+			if (aUnsigned > bUnsigned) return 1;
 		}
+		return a.length - b.length;
 	}
 }

bramble-api/src/main/java/org/briarproject/bramble/api/FeatureFlags.java

@@ -0,0 +1,11 @@
+package org.briarproject.bramble.api;
+
+/**
+ * Interface for specifying which features are enabled in a build.
+ */
+public interface FeatureFlags {
+
+	boolean shouldEnableImageAttachments();
+
+	boolean shouldEnableRemoteContacts();
+}

bramble-api/src/main/java/org/briarproject/bramble/api/Predicate.java

@@ -0,0 +1,9 @@
+package org.briarproject.bramble.api;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+@NotNullByDefault
+public interface Predicate<T> {
+
+	boolean test(T t);
+}

bramble-api/src/main/java/org/briarproject/bramble/api/client/ClientHelper.java

@@ -1,6 +1,8 @@
 package org.briarproject.bramble.api.client;
 
 import org.briarproject.bramble.api.FormatException;
+import org.briarproject.bramble.api.crypto.PrivateKey;
+import org.briarproject.bramble.api.crypto.PublicKey;
 import org.briarproject.bramble.api.data.BdfDictionary;
 import org.briarproject.bramble.api.data.BdfList;
 import org.briarproject.bramble.api.db.DbException;
@@ -23,7 +25,10 @@ public interface ClientHelper {
 			throws DbException, FormatException;
 
 	void addLocalMessage(Transaction txn, Message m, BdfDictionary metadata,
-			boolean shared) throws DbException, FormatException;
+			boolean shared, boolean temporary)
+			throws DbException, FormatException;
+
+	Message createMessage(GroupId g, long timestamp, byte[] body);
 
 	Message createMessage(GroupId g, long timestamp, BdfList body)
 			throws FormatException;
@@ -96,14 +101,18 @@ public interface ClientHelper {
 
 	BdfList toList(Author a);
 
-	byte[] sign(String label, BdfList toSign, byte[] privateKey)
+	byte[] sign(String label, BdfList toSign, PrivateKey privateKey)
 			throws FormatException, GeneralSecurityException;
 
 	void verifySignature(byte[] signature, String label, BdfList signed,
-			byte[] publicKey) throws FormatException, GeneralSecurityException;
+			PublicKey publicKey)
+			throws FormatException, GeneralSecurityException;
 
 	Author parseAndValidateAuthor(BdfList author) throws FormatException;
 
+	PublicKey parseAndValidateAgreementPublicKey(byte[] publicKeyBytes)
+			throws FormatException;
+
 	TransportProperties parseAndValidateTransportProperties(
 			BdfDictionary properties) throws FormatException;
 

bramble-api/src/main/java/org/briarproject/bramble/api/contact/Contact.java

@@ -1,5 +1,6 @@
 package org.briarproject.bramble.api.contact;
 
+import org.briarproject.bramble.api.crypto.PublicKey;
 import org.briarproject.bramble.api.identity.Author;
 import org.briarproject.bramble.api.identity.AuthorId;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
@@ -8,7 +9,6 @@ import javax.annotation.Nullable;
 import javax.annotation.concurrent.Immutable;
 
 import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_AUTHOR_NAME_LENGTH;
-import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_PUBLIC_KEY_LENGTH;
 import static org.briarproject.bramble.util.StringUtils.toUtf8;
 
 @Immutable
@@ -21,21 +21,17 @@ public class Contact {
 	@Nullable
 	private final String alias;
 	@Nullable
-	private final byte[] handshakePublicKey;
+	private final PublicKey handshakePublicKey;
 	private final boolean verified;
 
 	public Contact(ContactId id, Author author, AuthorId localAuthorId,
-			@Nullable String alias, @Nullable byte[] handshakePublicKey,
+			@Nullable String alias, @Nullable PublicKey handshakePublicKey,
 			boolean verified) {
 		if (alias != null) {
 			int aliasLength = toUtf8(alias).length;
 			if (aliasLength == 0 || aliasLength > MAX_AUTHOR_NAME_LENGTH)
 				throw new IllegalArgumentException();
 		}
-		if (handshakePublicKey != null && (handshakePublicKey.length == 0 ||
-				handshakePublicKey.length > MAX_PUBLIC_KEY_LENGTH)) {
-			throw new IllegalArgumentException();
-		}
 		this.id = id;
 		this.author = author;
 		this.localAuthorId = localAuthorId;
@@ -62,7 +58,7 @@ public class Contact {
 	}
 
 	@Nullable
-	public byte[] getHandshakePublicKey() {
+	public PublicKey getHandshakePublicKey() {
 		return handshakePublicKey;
 	}
 

bramble-api/src/main/java/org/briarproject/bramble/api/contact/ContactExchangeManager.java

@@ -0,0 +1,37 @@
+package org.briarproject.bramble.api.contact;
+
+import org.briarproject.bramble.api.crypto.SecretKey;
+import org.briarproject.bramble.api.db.ContactExistsException;
+import org.briarproject.bramble.api.db.DbException;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
+
+import java.io.IOException;
+
+@NotNullByDefault
+public interface ContactExchangeManager {
+
+	/**
+	 * Exchanges contact information with a remote peer and adds the peer
+	 * as a contact.
+	 *
+	 * @param alice Whether the local peer takes the role of Alice
+	 * @return The newly added contact
+	 * @throws ContactExistsException If the contact already exists
+	 */
+	Contact exchangeContacts(DuplexTransportConnection conn,
+			SecretKey masterKey, boolean alice, boolean verified)
+			throws IOException, DbException;
+
+	/**
+	 * Exchanges contact information with a remote peer and adds the peer
+	 * as a contact, replacing the given pending contact.
+	 *
+	 * @param alice Whether the local peer takes the role of Alice
+	 * @return The newly added contact
+	 * @throws ContactExistsException If the contact already exists
+	 */
+	Contact exchangeContacts(PendingContactId p, DuplexTransportConnection conn,
+			SecretKey masterKey, boolean alice, boolean verified)
+			throws IOException, DbException;
+}

bramble-api/src/main/java/org/briarproject/bramble/api/contact/ContactId.java

@@ -2,6 +2,7 @@ package org.briarproject.bramble.api.contact;
 
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 
+import javax.annotation.Nullable;
 import javax.annotation.concurrent.Immutable;
 
 /**
@@ -28,7 +29,7 @@ public class ContactId {
 	}
 
 	@Override
-	public boolean equals(Object o) {
+	public boolean equals(@Nullable Object o) {
 		return o instanceof ContactId && id == ((ContactId) o).id;
 	}
 }

bramble-api/src/main/java/org/briarproject/bramble/api/contact/ContactManager.java

@@ -1,6 +1,7 @@
 package org.briarproject.bramble.api.contact;
 
 import org.briarproject.bramble.api.FormatException;
+import org.briarproject.bramble.api.Pair;
 import org.briarproject.bramble.api.UnsupportedVersionException;
 import org.briarproject.bramble.api.crypto.SecretKey;
 import org.briarproject.bramble.api.db.DbException;
@@ -12,6 +13,7 @@ import org.briarproject.bramble.api.identity.AuthorInfo;
 import org.briarproject.bramble.api.lifecycle.LifecycleManager;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 
+import java.security.GeneralSecurityException;
 import java.util.Collection;
 
 import javax.annotation.Nullable;
@@ -28,28 +30,71 @@ public interface ContactManager {
 
 	/**
 	 * Stores a contact associated with the given local and remote pseudonyms,
-	 * derives and stores transport keys for each transport, and returns an ID
-	 * for the contact.
+	 * derives and stores rotation mode transport keys for each transport, and
+	 * returns an ID for the contact.
 	 *
-	 * @param alice true if the local party is Alice
+	 * @param rootKey The root key for a set of rotation mode transport keys
+	 * @param timestamp The timestamp for deriving rotation mode transport
+	 * keys from the root key
+	 * @param alice True if the local party is Alice
+	 * @param verified True if the contact's identity has been verified, which
+	 * is true if the contact was added in person or false if the contact was
+	 * introduced or added remotely
+	 * @param active True if the rotation mode transport keys can be used for
+	 * outgoing streams
 	 */
 	ContactId addContact(Transaction txn, Author remote, AuthorId local,
 			SecretKey rootKey, long timestamp, boolean alice, boolean verified,
 			boolean active) throws DbException;
 
+	/**
+	 * Stores a contact associated with the given local and remote pseudonyms,
+	 * replacing the given pending contact, derives and stores handshake mode
+	 * and rotation mode transport keys for each transport, and returns an ID
+	 * for the contact.
+	 *
+	 * @param rootKey The root key for a set of rotation mode transport keys
+	 * @param timestamp The timestamp for deriving rotation mode transport
+	 * keys from the root key
+	 * @param alice True if the local party is Alice
+	 * @param verified True if the contact's identity has been verified, which
+	 * is true if the contact was added in person or false if the contact was
+	 * introduced or added remotely
+	 * @param active True if the rotation mode transport keys can be used for
+	 * outgoing streams
+	 * @throws GeneralSecurityException If the pending contact's handshake
+	 * public key is invalid
+	 */
+	ContactId addContact(Transaction txn, PendingContactId p, Author remote,
+			AuthorId local, SecretKey rootKey, long timestamp, boolean alice,
+			boolean verified, boolean active)
+			throws DbException, GeneralSecurityException;
+
 	/**
 	 * Stores a contact associated with the given local and remote pseudonyms
 	 * and returns an ID for the contact.
+	 *
+	 * @param verified True if the contact's identity has been verified, which
+	 * is true if the contact was added in person or false if the contact was
+	 * introduced or added remotely
 	 */
 	ContactId addContact(Transaction txn, Author remote, AuthorId local,
 			boolean verified) throws DbException;
 
 	/**
 	 * Stores a contact associated with the given local and remote pseudonyms,
-	 * derives and stores transport keys for each transport, and returns an ID
-	 * for the contact.
+	 * derives and stores rotation mode transport keys for each transport, and
+	 * returns an ID for the contact.
 	 *
-	 * @param alice true if the local party is Alice
+	 * @param rootKey The root key for a set of rotation mode transport keys
+	 * @param timestamp The timestamp for deriving rotation mode transport
+	 * keys from the root key
+	 * @param alice True if the local party is Alice
+	 * @param verified True if the contact's identity has been verified, which
+	 * is true if the contact was added in person or false if the contact was
+	 * introduced or added remotely
+	 * @param active True if the rotation mode transport keys can be used for
+	 * outgoing streams
 	 */
 	ContactId addContact(Author remote, AuthorId local, SecretKey rootKey,
 			long timestamp, boolean alice, boolean verified, boolean active)
@@ -65,20 +110,29 @@ public interface ContactManager {
 	 * Creates a {@link PendingContact} from the given handshake link and
 	 * alias, adds it to the database and returns it.
 	 *
-	 * @param link The handshake link received from the contact we want to add
-	 * @param alias The alias the user has given this contact
-	 * @return A PendingContact representing the contact to be added
+	 * @param link The handshake link received from the pending contact
+	 * @param alias The alias the user has given this pending contact
 	 * @throws UnsupportedVersionException If the link uses a format version
 	 * that is not supported
 	 * @throws FormatException If the link is invalid
+	 * @throws GeneralSecurityException If the pending contact's handshake
+	 * public key is invalid
 	 */
 	PendingContact addPendingContact(String link, String alias)
-			throws DbException, FormatException;
+			throws DbException, FormatException, GeneralSecurityException;
 
 	/**
-	 * Returns a list of {@link PendingContact}s.
+	 * Returns the pending contact with the given ID.
 	 */
-	Collection<PendingContact> getPendingContacts() throws DbException;
+	PendingContact getPendingContact(Transaction txn, PendingContactId p)
+			throws DbException;
+
+	/**
+	 * Returns a list of {@link PendingContact PendingContacts} and their
+	 * {@link PendingContactState states}.
+	 */
+	Collection<Pair<PendingContact, PendingContactState>> getPendingContacts()
+			throws DbException;
 
 	/**
 	 * Removes a {@link PendingContact}.
@@ -91,8 +145,13 @@ public interface ContactManager {
 	Contact getContact(ContactId c) throws DbException;
 
 	/**
-	 * Returns the contact with the given remoteAuthorId
-	 * that was added by the LocalAuthor with the given localAuthorId
+	 * Returns the contact with the given ID.
+	 */
+	Contact getContact(Transaction txn, ContactId c) throws DbException;
+
+	/**
+	 * Returns the contact with the given {@code remoteAuthorId}
+	 * that belongs to the local pseudonym with the given {@code localAuthorId}.
 	 *
 	 * @throws NoSuchContactException If the contact is not in the database
 	 */
@@ -100,8 +159,8 @@ public interface ContactManager {
 			throws DbException;
 
 	/**
-	 * Returns the contact with the given remoteAuthorId
-	 * that was added by the LocalAuthor with the given localAuthorId
+	 * Returns the contact with the given {@code remoteAuthorId}
+	 * that belongs to the local pseudonym with the given {@code localAuthorId}.
 	 *
 	 * @throws NoSuchContactException If the contact is not in the database
 	 */
@@ -109,7 +168,7 @@ public interface ContactManager {
 			AuthorId localAuthorId) throws DbException;
 
 	/**
-	 * Returns all active contacts.
+	 * Returns all contacts.
 	 */
 	Collection<Contact> getContacts() throws DbException;
 
@@ -124,25 +183,27 @@ public interface ContactManager {
 	void removeContact(Transaction txn, ContactId c) throws DbException;
 
 	/**
-	 * Sets an alias name for the contact or unsets it if alias is null.
+	 * Sets an alias for the contact or unsets it if {@code alias} is null.
 	 */
 	void setContactAlias(Transaction txn, ContactId c, @Nullable String alias)
 			throws DbException;
 
 	/**
-	 * Sets an alias name for the contact or unsets it if alias is null.
+	 * Sets an alias for the contact or unsets it if {@code alias} is null.
 	 */
 	void setContactAlias(ContactId c, @Nullable String alias)
 			throws DbException;
 
 	/**
-	 * Return true if a contact with this name and public key already exists
+	 * Returns true if a contact with this {@code remoteAuthorId} belongs to
+	 * the local pseudonym with this {@code localAuthorId}.
 	 */
 	boolean contactExists(Transaction txn, AuthorId remoteAuthorId,
 			AuthorId localAuthorId) throws DbException;
 
 	/**
-	 * Return true if a contact with this name and public key already exists
+	 * Returns true if a contact with this {@code remoteAuthorId} belongs to
+	 * the local pseudonym with this {@code localAuthorId}.
 	 */
 	boolean contactExists(AuthorId remoteAuthorId, AuthorId localAuthorId)
 			throws DbException;

bramble-api/src/main/java/org/briarproject/bramble/api/contact/HandshakeManager.java

@@ -0,0 +1,45 @@
+package org.briarproject.bramble.api.contact;
+
+import org.briarproject.bramble.api.crypto.SecretKey;
+import org.briarproject.bramble.api.db.DbException;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.transport.StreamWriter;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+@NotNullByDefault
+public interface HandshakeManager {
+
+	/**
+	 * Handshakes with the given pending contact. Returns an ephemeral master
+	 * key authenticated with both parties' handshake key pairs and a flag
+	 * indicating whether the local peer is Alice or Bob.
+	 *
+	 * @param in An incoming stream for the handshake, which must be secured in
+	 * handshake mode
+	 * @param out An outgoing stream for the handshake, which must be secured
+	 * in handshake mode
+	 */
+	HandshakeResult handshake(PendingContactId p, InputStream in,
+			StreamWriter out) throws DbException, IOException;
+
+	class HandshakeResult {
+
+		private final SecretKey masterKey;
+		private final boolean alice;
+
+		public HandshakeResult(SecretKey masterKey, boolean alice) {
+			this.masterKey = masterKey;
+			this.alice = alice;
+		}
+
+		public SecretKey getMasterKey() {
+			return masterKey;
+		}
+
+		public boolean isAlice() {
+			return alice;
+		}
+	}
+}

bramble-api/src/main/java/org/briarproject/bramble/api/contact/PendingContact.java

@@ -1,5 +1,6 @@
 package org.briarproject.bramble.api.contact;
 
+import org.briarproject.bramble.api.crypto.PublicKey;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 
 import javax.annotation.concurrent.Immutable;
@@ -9,17 +10,15 @@ import javax.annotation.concurrent.Immutable;
 public class PendingContact {
 
 	private final PendingContactId id;
-	private final byte[] publicKey;
+	private final PublicKey publicKey;
 	private final String alias;
-	private final PendingContactState state;
 	private final long timestamp;
 
-	public PendingContact(PendingContactId id, byte[] publicKey,
-			String alias, PendingContactState state, long timestamp) {
+	public PendingContact(PendingContactId id, PublicKey publicKey,
+			String alias, long timestamp) {
 		this.id = id;
 		this.publicKey = publicKey;
 		this.alias = alias;
-		this.state = state;
 		this.timestamp = timestamp;
 	}
 
@@ -27,7 +26,7 @@ public class PendingContact {
 		return id;
 	}
 
-	public byte[] getPublicKey() {
+	public PublicKey getPublicKey() {
 		return publicKey;
 	}
 
@@ -35,10 +34,6 @@ public class PendingContact {
 		return alias;
 	}
 
-	public PendingContactState getState() {
-		return state;
-	}
-
 	public long getTimestamp() {
 		return timestamp;
 	}

bramble-api/src/main/java/org/briarproject/bramble/api/contact/PendingContactId.java

@@ -3,6 +3,7 @@ package org.briarproject.bramble.api.contact;
 import org.briarproject.bramble.api.UniqueId;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 
+import javax.annotation.Nullable;
 import javax.annotation.concurrent.ThreadSafe;
 
 /**
@@ -17,9 +18,8 @@ public class PendingContactId extends UniqueId {
 		super(id);
 	}
 
-
 	@Override
-	public boolean equals(Object o) {
+	public boolean equals(@Nullable Object o) {
 		return o instanceof PendingContactId && super.equals(o);
 	}
 }

bramble-api/src/main/java/org/briarproject/bramble/api/contact/PendingContactState.java

@@ -1,30 +1,10 @@
 package org.briarproject.bramble.api.contact;
 
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-
-import javax.annotation.concurrent.Immutable;
-
-@Immutable
-@NotNullByDefault
 public enum PendingContactState {
 
-	WAITING_FOR_CONNECTION(0),
-	CONNECTED(1),
-	ADDING_CONTACT(2),
-	FAILED(3);
-
-	private final int value;
-
-	PendingContactState(int value) {
-		this.value = value;
-	}
-
-	public int getValue() {
-		return value;
-	}
-
-	public static PendingContactState fromValue(int value) {
-		for (PendingContactState s : values()) if (s.value == value) return s;
-		throw new IllegalArgumentException();
-	}
+	WAITING_FOR_CONNECTION,
+	OFFLINE,
+	CONNECTING,
+	ADDING_CONTACT,
+	FAILED
 }

bramble-api/src/main/java/org/briarproject/bramble/api/contact/event/ContactAddedEvent.java

@@ -14,12 +14,18 @@ import javax.annotation.concurrent.Immutable;
 public class ContactAddedEvent extends Event {
 
 	private final ContactId contactId;
+	private final boolean verified;
 
-	public ContactAddedEvent(ContactId contactId) {
+	public ContactAddedEvent(ContactId contactId, boolean verified) {
 		this.contactId = contactId;
+		this.verified = verified;
 	}
 
 	public ContactId getContactId() {
 		return contactId;
 	}
+
+	public boolean isVerified() {
+		return verified;
+	}
 }

bramble-api/src/main/java/org/briarproject/bramble/api/contact/event/ContactAddedRemotelyEvent.java

@@ -1,22 +0,0 @@
-package org.briarproject.bramble.api.contact.event;
-
-import org.briarproject.bramble.api.contact.Contact;
-import org.briarproject.bramble.api.event.Event;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-
-import javax.annotation.concurrent.Immutable;
-
-@Immutable
-@NotNullByDefault
-public class ContactAddedRemotelyEvent extends Event {
-
-	private final Contact contact;
-
-	public ContactAddedRemotelyEvent(Contact contact) {
-		this.contact = contact;
-	}
-
-	public Contact getContact() {
-		return contact;
-	}
-}

bramble-api/src/main/java/org/briarproject/bramble/api/contact/event/ContactExchangeFailedEvent.java

@@ -1,32 +0,0 @@
-package org.briarproject.bramble.api.contact.event;
-
-import org.briarproject.bramble.api.event.Event;
-import org.briarproject.bramble.api.identity.Author;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-
-import javax.annotation.Nullable;
-
-@NotNullByDefault
-public class ContactExchangeFailedEvent extends Event {
-
-	@Nullable
-	private final Author duplicateRemoteAuthor;
-
-	public ContactExchangeFailedEvent(@Nullable Author duplicateRemoteAuthor) {
-		this.duplicateRemoteAuthor = duplicateRemoteAuthor;
-	}
-
-	public ContactExchangeFailedEvent() {
-		this(null);
-	}
-
-	@Nullable
-	public Author getDuplicateRemoteAuthor() {
-		return duplicateRemoteAuthor;
-	}
-
-	public boolean wasDuplicateContact() {
-		return duplicateRemoteAuthor != null;
-	}
-
-}

bramble-api/src/main/java/org/briarproject/bramble/api/contact/event/ContactExchangeSucceededEvent.java

@@ -1,20 +0,0 @@
-package org.briarproject.bramble.api.contact.event;
-
-import org.briarproject.bramble.api.event.Event;
-import org.briarproject.bramble.api.identity.Author;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-
-@NotNullByDefault
-public class ContactExchangeSucceededEvent extends Event {
-
-	private final Author remoteAuthor;
-
-	public ContactExchangeSucceededEvent(Author remoteAuthor) {
-		this.remoteAuthor = remoteAuthor;
-	}
-
-	public Author getRemoteAuthor() {
-		return remoteAuthor;
-	}
-
-}

bramble-api/src/main/java/org/briarproject/bramble/api/contact/event/PendingContactAddedEvent.java

@@ -0,0 +1,25 @@
+package org.briarproject.bramble.api.contact.event;
+
+import org.briarproject.bramble.api.contact.PendingContact;
+import org.briarproject.bramble.api.event.Event;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+import javax.annotation.concurrent.Immutable;
+
+/**
+ * An event that is broadcast when a pending contact is added.
+ */
+@Immutable
+@NotNullByDefault
+public class PendingContactAddedEvent extends Event {
+
+	private final PendingContact pendingContact;
+
+	public PendingContactAddedEvent(PendingContact pendingContact) {
+		this.pendingContact = pendingContact;
+	}
+
+	public PendingContact getPendingContact() {
+		return pendingContact;
+	}
+}

bramble-api/src/main/java/org/briarproject/bramble/api/crypto/AgreementPrivateKey.java

@@ -0,0 +1,30 @@
+package org.briarproject.bramble.api.crypto;
+
+import org.briarproject.bramble.api.Bytes;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+import javax.annotation.concurrent.Immutable;
+
+import static org.briarproject.bramble.api.crypto.CryptoConstants.KEY_TYPE_AGREEMENT;
+
+/**
+ * Type-safe wrapper for a private key used for key agreement.
+ */
+@Immutable
+@NotNullByDefault
+public class AgreementPrivateKey extends Bytes implements PrivateKey {
+
+	public AgreementPrivateKey(byte[] encoded) {
+		super(encoded);
+	}
+
+	@Override
+	public String getKeyType() {
+		return KEY_TYPE_AGREEMENT;
+	}
+
+	@Override
+	public byte[] getEncoded() {
+		return getBytes();
+	}
+}

bramble-api/src/main/java/org/briarproject/bramble/api/crypto/AgreementPublicKey.java

@@ -0,0 +1,35 @@
+package org.briarproject.bramble.api.crypto;
+
+import org.briarproject.bramble.api.Bytes;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+import javax.annotation.concurrent.Immutable;
+
+import static org.briarproject.bramble.api.crypto.CryptoConstants.KEY_TYPE_AGREEMENT;
+import static org.briarproject.bramble.api.crypto.CryptoConstants.MAX_AGREEMENT_PUBLIC_KEY_BYTES;
+
+/**
+ * Type-safe wrapper for a public key used for key agreement.
+ */
+@Immutable
+@NotNullByDefault
+public class AgreementPublicKey extends Bytes implements PublicKey {
+
+	public AgreementPublicKey(byte[] encoded) {
+		super(encoded);
+		if (encoded.length == 0 ||
+				encoded.length > MAX_AGREEMENT_PUBLIC_KEY_BYTES) {
+			throw new IllegalArgumentException();
+		}
+	}
+
+	@Override
+	public String getKeyType() {
+		return KEY_TYPE_AGREEMENT;
+	}
+
+	@Override
+	public byte[] getEncoded() {
+		return getBytes();
+	}
+}

bramble-api/src/main/java/org/briarproject/bramble/api/crypto/CryptoComponent.java

@@ -27,54 +27,78 @@ public interface CryptoComponent {
 	/**
 	 * Derives another secret key from the given secret key.
 	 *
-	 * @param label a namespaced label indicating the purpose of the derived
+	 * @param label A namespaced label indicating the purpose of the derived
 	 * key, to prevent it from being repurposed or colliding with a key derived
 	 * for another purpose
+	 * @param inputs Additional inputs that will be included in the derivation
+	 * of the key
 	 */
 	SecretKey deriveKey(String label, SecretKey k, byte[]... inputs);
 
 	/**
-	 * Derives a common shared secret from two public keys and one of the
-	 * corresponding private keys.
+	 * Derives a shared secret from two key pairs.
 	 *
-	 * @param label a namespaced label indicating the purpose of this shared
+	 * @param label A namespaced label indicating the purpose of this shared
 	 * secret, to prevent it from being repurposed or colliding with a shared
 	 * secret derived for another purpose
-	 * @param theirPublicKey the public key of the remote party
-	 * @param ourKeyPair the key pair of the local party
-	 * @return the shared secret
+	 * @param theirPublicKey The public key of the remote party
+	 * @param ourKeyPair The key pair of the local party
+	 * @param inputs Additional inputs that will be included in the derivation
+	 * of the shared secret
+	 * @return The shared secret
 	 */
 	SecretKey deriveSharedSecret(String label, PublicKey theirPublicKey,
 			KeyPair ourKeyPair, byte[]... inputs)
 			throws GeneralSecurityException;
 
+	/**
+	 * Derives a shared secret from two static and two ephemeral key pairs.
+	 *
+	 * @param label A namespaced label indicating the purpose of this shared
+	 * secret, to prevent it from being repurposed or colliding with a shared
+	 * secret derived for another purpose
+	 * @param theirStaticPublicKey The static public key of the remote party
+	 * @param theirEphemeralPublicKey The ephemeral public key of the remote
+	 * party
+	 * @param ourStaticKeyPair The static key pair of the local party
+	 * @param ourEphemeralKeyPair The ephemeral key pair of the local party
+	 * @param alice True if the local party is Alice
+	 * @param inputs Additional inputs that will be included in the
+	 * derivation of the shared secret
+	 * @return The shared secret
+	 */
+	SecretKey deriveSharedSecret(String label, PublicKey theirStaticPublicKey,
+			PublicKey theirEphemeralPublicKey, KeyPair ourStaticKeyPair,
+			KeyPair ourEphemeralKeyPair, boolean alice, byte[]... inputs)
+			throws GeneralSecurityException;
+
 	/**
 	 * Signs the given byte[] with the given private key.
 	 *
-	 * @param label a namespaced label indicating the purpose of this
+	 * @param label A namespaced label indicating the purpose of this
 	 * signature, to prevent it from being repurposed or colliding with a
 	 * signature created for another purpose
 	 */
-	byte[] sign(String label, byte[] toSign, byte[] privateKey)
+	byte[] sign(String label, byte[] toSign, PrivateKey privateKey)
 			throws GeneralSecurityException;
 
 	/**
 	 * Verifies that the given signature is valid for the signed data
 	 * and the given public key.
 	 *
-	 * @param label a namespaced label indicating the purpose of this
+	 * @param label A namespaced label indicating the purpose of this
 	 * signature, to prevent it from being repurposed or colliding with a
 	 * signature created for another purpose
-	 * @return true if the signature was valid, false otherwise.
+	 * @return True if the signature was valid, false otherwise.
 	 */
 	boolean verifySignature(byte[] signature, String label, byte[] signed,
-			byte[] publicKey) throws GeneralSecurityException;
+			PublicKey publicKey) throws GeneralSecurityException;
 
 	/**
 	 * Returns the hash of the given inputs. The inputs are unambiguously
 	 * combined by prefixing each input with its length.
 	 *
-	 * @param label a namespaced label indicating the purpose of this hash, to
+	 * @param label A namespaced label indicating the purpose of this hash, to
 	 * prevent it from being repurposed or colliding with a hash created for
 	 * another purpose
 	 */
@@ -85,7 +109,7 @@ public interface CryptoComponent {
 	 * given inputs. The inputs are unambiguously combined by prefixing each
 	 * input with its length.
 	 *
-	 * @param label a namespaced label indicating the purpose of this MAC, to
+	 * @param label A namespaced label indicating the purpose of this MAC, to
 	 * prevent it from being repurposed or colliding with a MAC created for
 	 * another purpose
 	 */
@@ -95,10 +119,10 @@ public interface CryptoComponent {
 	 * Verifies that the given message authentication code is valid for the
 	 * given secret key and inputs.
 	 *
-	 * @param label a namespaced label indicating the purpose of this MAC, to
+	 * @param label A namespaced label indicating the purpose of this MAC, to
 	 * prevent it from being repurposed or colliding with a MAC created for
 	 * another purpose
-	 * @return true if the MAC was valid, false otherwise.
+	 * @return True if the MAC was valid, false otherwise.
 	 */
 	boolean verifyMac(byte[] mac, String label, SecretKey macKey,
 			byte[]... inputs);

bramble-api/src/main/java/org/briarproject/bramble/api/crypto/CryptoConstants.java

@@ -7,11 +7,21 @@ public interface CryptoConstants {
 	 */
 	int MAX_AGREEMENT_PUBLIC_KEY_BYTES = 32;
 
+	/**
+	 * The key type for agreement key pairs.
+	 */
+	String KEY_TYPE_AGREEMENT = "Curve25519";
+
 	/**
 	 * The maximum length of a signature public key in bytes.
 	 */
 	int MAX_SIGNATURE_PUBLIC_KEY_BYTES = 32;
 
+	/**
+	 * The key type for signature key pairs.
+	 */
+	String KEY_TYPE_SIGNATURE = "Ed25519";
+
 	/**
 	 * The maximum length of a signature in bytes.
 	 */

bramble-api/src/main/java/org/briarproject/bramble/api/crypto/KeyPair.java

@@ -15,6 +15,8 @@ public class KeyPair {
 	private final PrivateKey privateKey;
 
 	public KeyPair(PublicKey publicKey, PrivateKey privateKey) {
+		if (!publicKey.getKeyType().equals(privateKey.getKeyType()))
+			throw new IllegalArgumentException();
 		this.publicKey = publicKey;
 		this.privateKey = privateKey;
 	}

bramble-api/src/main/java/org/briarproject/bramble/api/crypto/PrivateKey.java

@@ -8,6 +8,11 @@ import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 @NotNullByDefault
 public interface PrivateKey {
 
+	/**
+	 * Returns the type of this key pair.
+	 */
+	String getKeyType();
+
 	/**
 	 * Returns the encoded representation of this key.
 	 */

bramble-api/src/main/java/org/briarproject/bramble/api/crypto/PublicKey.java

@@ -8,6 +8,11 @@ import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 @NotNullByDefault
 public interface PublicKey {
 
+	/**
+	 * Returns the type of this key pair.
+	 */
+	String getKeyType();
+
 	/**
 	 * Returns the encoded representation of this key.
 	 */

bramble-api/src/main/java/org/briarproject/bramble/api/crypto/SignaturePrivateKey.java

@@ -0,0 +1,30 @@
+package org.briarproject.bramble.api.crypto;
+
+import org.briarproject.bramble.api.Bytes;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+import javax.annotation.concurrent.Immutable;
+
+import static org.briarproject.bramble.api.crypto.CryptoConstants.KEY_TYPE_SIGNATURE;
+
+/**
+ * Type-safe wrapper for a public key used for signing.
+ */
+@Immutable
+@NotNullByDefault
+public class SignaturePrivateKey extends Bytes implements PrivateKey {
+
+	public SignaturePrivateKey(byte[] bytes) {
+		super(bytes);
+	}
+
+	@Override
+	public String getKeyType() {
+		return KEY_TYPE_SIGNATURE;
+	}
+
+	@Override
+	public byte[] getEncoded() {
+		return getBytes();
+	}
+}

bramble-api/src/main/java/org/briarproject/bramble/api/crypto/SignaturePublicKey.java

@@ -0,0 +1,35 @@
+package org.briarproject.bramble.api.crypto;
+
+import org.briarproject.bramble.api.Bytes;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+import javax.annotation.concurrent.Immutable;
+
+import static org.briarproject.bramble.api.crypto.CryptoConstants.KEY_TYPE_SIGNATURE;
+import static org.briarproject.bramble.api.crypto.CryptoConstants.MAX_SIGNATURE_PUBLIC_KEY_BYTES;
+
+/**
+ * Type-safe wrapper for a public key used for verifying signatures.
+ */
+@Immutable
+@NotNullByDefault
+public class SignaturePublicKey extends Bytes implements PublicKey {
+
+	public SignaturePublicKey(byte[] encoded) {
+		super(encoded);
+		if (encoded.length == 0 ||
+				encoded.length > MAX_SIGNATURE_PUBLIC_KEY_BYTES) {
+			throw new IllegalArgumentException();
+		}
+	}
+
+	@Override
+	public String getKeyType() {
+		return KEY_TYPE_SIGNATURE;
+	}
+
+	@Override
+	public byte[] getEncoded() {
+		return getBytes();
+	}
+}

bramble-api/src/main/java/org/briarproject/bramble/api/crypto/TransportCrypto.java

@@ -1,9 +1,10 @@
 package org.briarproject.bramble.api.crypto;
 
 import org.briarproject.bramble.api.plugin.TransportId;
-import org.briarproject.bramble.api.transport.HandshakeKeys;
 import org.briarproject.bramble.api.transport.TransportKeys;
 
+import java.security.GeneralSecurityException;
+
 /**
  * Crypto operations for the transport security protocol - see
  * https://code.briarproject.org/briar/briar-spec/blob/master/protocols/BTP.md
@@ -11,35 +12,52 @@ import org.briarproject.bramble.api.transport.TransportKeys;
 public interface TransportCrypto {
 
 	/**
-	 * Derives initial transport keys for the given transport in the given
-	 * time period from the given root key.
-	 *
-	 * @param alice whether the keys are for use by Alice or Bob.
-	 * @param active whether the keys are usable for outgoing streams.
+	 * Returns true if the local peer is Alice.
 	 */
-	TransportKeys deriveTransportKeys(TransportId t, SecretKey rootKey,
-			long timePeriod, boolean alice, boolean active);
+	boolean isAlice(PublicKey theirHandshakePublicKey,
+			KeyPair ourHandshakeKeyPair);
 
 	/**
-	 * Rotates the given transport keys to the given time period. If the keys
-	 * are for the given period or any later period they are not rotated.
+	 * Derives the static master key shared with a contact or pending contact.
 	 */
-	TransportKeys rotateTransportKeys(TransportKeys k, long timePeriod);
+	SecretKey deriveStaticMasterKey(PublicKey theirHandshakePublicKey,
+			KeyPair ourHandshakeKeyPair) throws GeneralSecurityException;
+
+	/**
+	 * Derives the handshake mode root key from the static master key. To
+	 * prevent tag reuse, separate root keys are derived for contacts and
+	 * pending contacts.
+	 *
+	 * @param pendingContact Whether the static master key is shared with a
+	 * pending contact or a contact
+	 */
+	SecretKey deriveHandshakeRootKey(SecretKey staticMasterKey,
+			boolean pendingContact);
+
+	/**
+	 * Derives initial rotation mode transport keys for the given transport in
+	 * the given time period from the given root key.
+	 *
+	 * @param alice Whether the keys are for use by Alice or Bob
+	 * @param active Whether the keys are usable for outgoing streams
+	 */
+	TransportKeys deriveRotationKeys(TransportId t, SecretKey rootKey,
+			long timePeriod, boolean alice, boolean active);
 
 	/**
 	 * Derives handshake keys for the given transport in the given time period
 	 * from the given root key.
 	 *
-	 * @param alice whether the keys are for use by Alice or Bob.
+	 * @param alice Whether the keys are for use by Alice or Bob
 	 */
-	HandshakeKeys deriveHandshakeKeys(TransportId t, SecretKey rootKey,
+	TransportKeys deriveHandshakeKeys(TransportId t, SecretKey rootKey,
 			long timePeriod, boolean alice);
 
 	/**
-	 * Updates the given handshake keys to the given time period. If the keys
+	 * Updates the given transport keys to the given time period. If the keys
 	 * are for the given period or any later period they are not updated.
 	 */
-	HandshakeKeys updateHandshakeKeys(HandshakeKeys k, long timePeriod);
+	TransportKeys updateTransportKeys(TransportKeys k, long timePeriod);
 
 	/**
 	 * Encodes the pseudo-random tag that is used to recognise a stream.

bramble-api/src/main/java/org/briarproject/bramble/api/db/ContactExistsException.java

@@ -1,8 +1,27 @@
 package org.briarproject.bramble.api.db;
 
+import org.briarproject.bramble.api.identity.Author;
+import org.briarproject.bramble.api.identity.AuthorId;
+
 /**
  * Thrown when a duplicate contact is added to the database. This exception may
  * occur due to concurrent updates and does not indicate a database error.
  */
 public class ContactExistsException extends DbException {
+
+	private final AuthorId local;
+	private final Author remote;
+
+	public ContactExistsException(AuthorId local, Author remote) {
+		this.local = local;
+		this.remote = remote;
+	}
+
+	public AuthorId getLocalAuthorId() {
+		return local;
+	}
+
+	public Author getRemoteAuthor() {
+		return remote;
+	}
 }

bramble-api/src/main/java/org/briarproject/bramble/api/db/DatabaseComponent.java

@@ -4,6 +4,8 @@ import org.briarproject.bramble.api.contact.Contact;
 import org.briarproject.bramble.api.contact.ContactId;
 import org.briarproject.bramble.api.contact.PendingContact;
 import org.briarproject.bramble.api.contact.PendingContactId;
+import org.briarproject.bramble.api.crypto.PrivateKey;
+import org.briarproject.bramble.api.crypto.PublicKey;
 import org.briarproject.bramble.api.crypto.SecretKey;
 import org.briarproject.bramble.api.identity.Author;
 import org.briarproject.bramble.api.identity.AuthorId;
@@ -22,14 +24,12 @@ import org.briarproject.bramble.api.sync.MessageStatus;
 import org.briarproject.bramble.api.sync.Offer;
 import org.briarproject.bramble.api.sync.Request;
 import org.briarproject.bramble.api.sync.validation.MessageState;
-import org.briarproject.bramble.api.transport.HandshakeKeySet;
-import org.briarproject.bramble.api.transport.HandshakeKeySetId;
-import org.briarproject.bramble.api.transport.HandshakeKeys;
+import org.briarproject.bramble.api.transport.KeySetId;
 import org.briarproject.bramble.api.transport.TransportKeySet;
-import org.briarproject.bramble.api.transport.TransportKeySetId;
 import org.briarproject.bramble.api.transport.TransportKeys;
 
 import java.util.Collection;
+import java.util.List;
 import java.util.Map;
 
 import javax.annotation.Nullable;
@@ -39,7 +39,7 @@ import javax.annotation.Nullable;
  * to other components.
  */
 @NotNullByDefault
-public interface DatabaseComponent {
+public interface DatabaseComponent extends TransactionManager {
 
 	/**
 	 * Opens the database and returns true if the database already existed.
@@ -57,76 +57,18 @@ public interface DatabaseComponent {
 	 */
 	void close() throws DbException;
 
-	/**
-	 * Starts a new transaction and returns an object representing it.
-	 * <p/>
-	 * This method acquires locks, so it must not be called while holding a
-	 * lock.
-	 *
-	 * @param readOnly true if the transaction will only be used for reading.
-	 */
-	Transaction startTransaction(boolean readOnly) throws DbException;
-
-	/**
-	 * Commits a transaction to the database.
-	 */
-	void commitTransaction(Transaction txn) throws DbException;
-
-	/**
-	 * Ends a transaction. If the transaction has not been committed,
-	 * it will be aborted. If the transaction has been committed,
-	 * any events attached to the transaction are broadcast.
-	 * The database lock will be released in either case.
-	 */
-	void endTransaction(Transaction txn);
-
-	/**
-	 * Runs the given task within a transaction.
-	 */
-	<E extends Exception> void transaction(boolean readOnly,
-			DbRunnable<E> task) throws DbException, E;
-
-	/**
-	 * Runs the given task within a transaction and returns the result of the
-	 * task.
-	 */
-	<R, E extends Exception> R transactionWithResult(boolean readOnly,
-			DbCallable<R, E> task) throws DbException, E;
-
-	/**
-	 * Runs the given task within a transaction and returns the result of the
-	 * task, which may be null.
-	 */
-	@Nullable
-	<R, E extends Exception> R transactionWithNullableResult(boolean readOnly,
-			NullableDbCallable<R, E> task) throws DbException, E;
-
 	/**
 	 * Stores a contact associated with the given local and remote pseudonyms,
 	 * and returns an ID for the contact.
 	 */
 	ContactId addContact(Transaction txn, Author remote, AuthorId local,
-			boolean verified) throws DbException;
+			@Nullable PublicKey handshake, boolean verified) throws DbException;
 
 	/**
 	 * Stores a group.
 	 */
 	void addGroup(Transaction txn, Group g) throws DbException;
 
-	/**
-	 * Stores the given handshake keys for the given contact and returns a
-	 * key set ID.
-	 */
-	HandshakeKeySetId addHandshakeKeys(Transaction txn, ContactId c,
-			HandshakeKeys k) throws DbException;
-
-	/**
-	 * Stores the given handshake keys for the given pending contact and
-	 * returns a key set ID.
-	 */
-	HandshakeKeySetId addHandshakeKeys(Transaction txn, PendingContactId p,
-			HandshakeKeys k) throws DbException;
-
 	/**
 	 * Stores an identity.
 	 */
@@ -136,7 +78,7 @@ public interface DatabaseComponent {
 	 * Stores a local message.
 	 */
 	void addLocalMessage(Transaction txn, Message m, Metadata meta,
-			boolean shared) throws DbException;
+			boolean shared, boolean temporary) throws DbException;
 
 	/**
 	 * Stores a pending contact.
@@ -154,7 +96,14 @@ public interface DatabaseComponent {
 	 * Stores the given transport keys for the given contact and returns a
 	 * key set ID.
 	 */
-	TransportKeySetId addTransportKeys(Transaction txn, ContactId c,
+	KeySetId addTransportKeys(Transaction txn, ContactId c, TransportKeys k)
+			throws DbException;
+
+	/**
+	 * Stores the given transport keys for the given pending contact and
+	 * returns a key set ID.
+	 */
+	KeySetId addTransportKeys(Transaction txn, PendingContactId p,
 			TransportKeys k) throws DbException;
 
 	/**
@@ -274,7 +223,7 @@ public interface DatabaseComponent {
 	 * <p/>
 	 * Read-only.
 	 */
-	Collection<ContactId> getContacts(Transaction txn, AuthorId a)
+	Collection<ContactId> getContacts(Transaction txn, AuthorId local)
 			throws DbException;
 
 	/**
@@ -308,14 +257,6 @@ public interface DatabaseComponent {
 	Visibility getGroupVisibility(Transaction txn, ContactId c, GroupId g)
 			throws DbException;
 
-	/**
-	 * Returns all handshake keys for the given transport.
-	 * <p/>
-	 * Read-only.
-	 */
-	Collection<HandshakeKeySet> getHandshakeKeys(Transaction txn, TransportId t)
-			throws DbException;
-
 	/**
 	 * Returns the identity for the local pseudonym with the given ID.
 	 * <p/>
@@ -464,6 +405,14 @@ public interface DatabaseComponent {
 	 */
 	long getNextSendTime(Transaction txn, ContactId c) throws DbException;
 
+	/**
+	 * Returns the pending contact with the given ID.
+	 * <p/>
+	 * Read-only.
+	 */
+	PendingContact getPendingContact(Transaction txn, PendingContactId p)
+			throws DbException;
+
 	/**
 	 * Returns all pending contacts.
 	 * <p/>
@@ -479,6 +428,13 @@ public interface DatabaseComponent {
 	 */
 	Settings getSettings(Transaction txn, String namespace) throws DbException;
 
+	/**
+	 * Returns the versions of the sync protocol supported by the given contact.
+	 * <p/>
+	 * Read-only.
+	 */
+	List<Byte> getSyncVersions(Transaction txn, ContactId c) throws DbException;
+
 	/**
 	 * Returns all transport keys for the given transport.
 	 * <p/>
@@ -487,17 +443,11 @@ public interface DatabaseComponent {
 	Collection<TransportKeySet> getTransportKeys(Transaction txn, TransportId t)
 			throws DbException;
 
-	/**
-	 * Increments the outgoing stream counter for the given handshake keys.
-	 */
-	void incrementStreamCounter(Transaction txn, TransportId t,
-			HandshakeKeySetId k) throws DbException;
-
 	/**
 	 * Increments the outgoing stream counter for the given transport keys.
 	 */
-	void incrementStreamCounter(Transaction txn, TransportId t,
-			TransportKeySetId k) throws DbException;
+	void incrementStreamCounter(Transaction txn, TransportId t, KeySetId k)
+			throws DbException;
 
 	/**
 	 * Merges the given metadata with the existing metadata for the given
@@ -552,12 +502,6 @@ public interface DatabaseComponent {
 	 */
 	void removeGroup(Transaction txn, Group g) throws DbException;
 
-	/**
-	 * Removes the given handshake keys from the database.
-	 */
-	void removeHandshakeKeys(Transaction txn, TransportId t,
-			HandshakeKeySetId k) throws DbException;
-
 	/**
 	 * Removes an identity (and all associated state) from the database.
 	 */
@@ -574,6 +518,12 @@ public interface DatabaseComponent {
 	void removePendingContact(Transaction txn, PendingContactId p)
 			throws DbException;
 
+	/**
+	 * Removes all temporary messages (and all associated state) from the
+	 * database.
+	 */
+	void removeTemporaryMessages(Transaction txn) throws DbException;
+
 	/**
 	 * Removes a transport (and all associated state) from the database.
 	 */
@@ -582,8 +532,8 @@ public interface DatabaseComponent {
 	/**
 	 * Removes the given transport keys from the database.
 	 */
-	void removeTransportKeys(Transaction txn, TransportId t,
-			TransportKeySetId k) throws DbException;
+	void removeTransportKeys(Transaction txn, TransportId t, KeySetId k)
+			throws DbException;
 
 	/**
 	 * Marks the given contact as verified.
@@ -602,6 +552,11 @@ public interface DatabaseComponent {
 	void setGroupVisibility(Transaction txn, ContactId c, GroupId g,
 			Visibility v) throws DbException;
 
+	/**
+	 * Marks the given message as permanent, i.e. not temporary.
+	 */
+	void setMessagePermanent(Transaction txn, MessageId m) throws DbException;
+
 	/**
 	 * Marks the given message as shared.
 	 */
@@ -622,35 +577,26 @@ public interface DatabaseComponent {
 	/**
 	 * Sets the handshake key pair for the identity with the given ID.
 	 */
-	void setHandshakeKeyPair(Transaction txn, AuthorId local, byte[] publicKey,
-			byte[] privateKey) throws DbException;
+	void setHandshakeKeyPair(Transaction txn, AuthorId local,
+			PublicKey publicKey, PrivateKey privateKey) throws DbException;
 
 	/**
-	 * Sets the reordering window for the given transport key set in the given
+	 * Sets the reordering window for the given transport keys in the given
 	 * time period.
 	 */
-	void setReorderingWindow(Transaction txn, TransportKeySetId k,
-			TransportId t, long timePeriod, long base, byte[] bitmap)
-			throws DbException;
+	void setReorderingWindow(Transaction txn, KeySetId k, TransportId t,
+			long timePeriod, long base, byte[] bitmap) throws DbException;
 
 	/**
-	 * Sets the reordering window for the given handshake key set in the given
-	 * time period.
+	 * Sets the versions of the sync protocol supported by the given contact.
 	 */
-	void setReorderingWindow(Transaction txn, HandshakeKeySetId k,
-			TransportId t, long timePeriod, long base, byte[] bitmap)
+	void setSyncVersions(Transaction txn, ContactId c, List<Byte> supported)
 			throws DbException;
 
 	/**
 	 * Marks the given transport keys as usable for outgoing streams.
 	 */
-	void setTransportKeysActive(Transaction txn, TransportId t,
-			TransportKeySetId k) throws DbException;
-
-	/**
-	 * Stores the given handshake keys, deleting any keys they have replaced.
-	 */
-	void updateHandshakeKeys(Transaction txn, Collection<HandshakeKeySet> keys)
+	void setTransportKeysActive(Transaction txn, TransportId t, KeySetId k)
 			throws DbException;
 
 	/**

bramble-api/src/main/java/org/briarproject/bramble/api/db/TransactionManager.java

@@ -0,0 +1,54 @@
+package org.briarproject.bramble.api.db;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+import javax.annotation.Nullable;
+
+@NotNullByDefault
+public interface TransactionManager {
+
+	/**
+	 * Starts a new transaction and returns an object representing it.
+	 * <p/>
+	 * This method acquires locks, so it must not be called while holding a
+	 * lock.
+	 *
+	 * @param readOnly true if the transaction will only be used for reading.
+	 */
+	Transaction startTransaction(boolean readOnly) throws DbException;
+
+	/**
+	 * Commits a transaction to the database.
+	 */
+	void commitTransaction(Transaction txn) throws DbException;
+
+	/**
+	 * Ends a transaction. If the transaction has not been committed,
+	 * it will be aborted. If the transaction has been committed,
+	 * any events attached to the transaction are broadcast.
+	 * The database lock will be released in either case.
+	 */
+	void endTransaction(Transaction txn);
+
+	/**
+	 * Runs the given task within a transaction.
+	 */
+	<E extends Exception> void transaction(boolean readOnly,
+			DbRunnable<E> task) throws DbException, E;
+
+	/**
+	 * Runs the given task within a transaction and returns the result of the
+	 * task.
+	 */
+	<R, E extends Exception> R transactionWithResult(boolean readOnly,
+			DbCallable<R, E> task) throws DbException, E;
+
+	/**
+	 * Runs the given task within a transaction and returns the result of the
+	 * task, which may be null.
+	 */
+	@Nullable
+	<R, E extends Exception> R transactionWithNullableResult(boolean readOnly,
+			NullableDbCallable<R, E> task) throws DbException, E;
+
+}

bramble-api/src/main/java/org/briarproject/bramble/api/identity/Author.java

@@ -1,13 +1,14 @@
 package org.briarproject.bramble.api.identity;
 
 import org.briarproject.bramble.api.Nameable;
+import org.briarproject.bramble.api.crypto.PublicKey;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.briarproject.bramble.util.StringUtils;
 
 import javax.annotation.concurrent.Immutable;
 
+import static org.briarproject.bramble.api.crypto.CryptoConstants.KEY_TYPE_SIGNATURE;
 import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_AUTHOR_NAME_LENGTH;
-import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_PUBLIC_KEY_LENGTH;
+import static org.briarproject.bramble.util.StringUtils.toUtf8;
 
 /**
  * A pseudonym for a user.
@@ -24,14 +25,14 @@ public class Author implements Nameable {
 	private final AuthorId id;
 	private final int formatVersion;
 	private final String name;
-	private final byte[] publicKey;
+	private final PublicKey publicKey;
 
 	public Author(AuthorId id, int formatVersion, String name,
-			byte[] publicKey) {
-		int nameLength = StringUtils.toUtf8(name).length;
+			PublicKey publicKey) {
+		int nameLength = toUtf8(name).length;
 		if (nameLength == 0 || nameLength > MAX_AUTHOR_NAME_LENGTH)
 			throw new IllegalArgumentException();
-		if (publicKey.length == 0 || publicKey.length > MAX_PUBLIC_KEY_LENGTH)
+		if (!publicKey.getKeyType().equals(KEY_TYPE_SIGNATURE))
 			throw new IllegalArgumentException();
 		this.id = id;
 		this.formatVersion = formatVersion;
@@ -63,7 +64,7 @@ public class Author implements Nameable {
 	/**
 	 * Returns the public key used to verify the pseudonym's signatures.
 	 */
-	public byte[] getPublicKey() {
+	public PublicKey getPublicKey() {
 		return publicKey;
 	}
 

bramble-api/src/main/java/org/briarproject/bramble/api/identity/AuthorFactory.java

@@ -1,5 +1,6 @@
 package org.briarproject.bramble.api.identity;
 
+import org.briarproject.bramble.api.crypto.PublicKey;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 
 @NotNullByDefault
@@ -9,12 +10,12 @@ public interface AuthorFactory {
 	 * Creates an author with the current format version and the given name and
 	 * public key.
 	 */
-	Author createAuthor(String name, byte[] publicKey);
+	Author createAuthor(String name, PublicKey publicKey);
 
 	/**
 	 * Creates an author with the given format version, name and public key.
 	 */
-	Author createAuthor(int formatVersion, String name, byte[] publicKey);
+	Author createAuthor(int formatVersion, String name, PublicKey publicKey);
 
 	/**
 	 * Creates a local author with the current format version and the given

bramble-api/src/main/java/org/briarproject/bramble/api/identity/Identity.java

@@ -1,13 +1,13 @@
 package org.briarproject.bramble.api.identity;
 
+import org.briarproject.bramble.api.crypto.PrivateKey;
+import org.briarproject.bramble.api.crypto.PublicKey;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 
-import java.util.Arrays;
-
 import javax.annotation.Nullable;
 import javax.annotation.concurrent.Immutable;
 
-import static org.briarproject.bramble.api.crypto.CryptoConstants.MAX_AGREEMENT_PUBLIC_KEY_BYTES;
+import static org.briarproject.bramble.api.crypto.CryptoConstants.KEY_TYPE_AGREEMENT;
 
 @Immutable
 @NotNullByDefault
@@ -15,15 +15,24 @@ public class Identity {
 
 	private final LocalAuthor localAuthor;
 	@Nullable
-	private final byte[] handshakePublicKey, handshakePrivateKey;
+	private final PublicKey handshakePublicKey;
+	@Nullable
+	private final PrivateKey handshakePrivateKey;
 	private final long created;
 
 	public Identity(LocalAuthor localAuthor,
-			@Nullable byte[] handshakePublicKey,
-			@Nullable byte[] handshakePrivateKey, long created) {
+			@Nullable PublicKey handshakePublicKey,
+			@Nullable PrivateKey handshakePrivateKey, long created) {
 		if (handshakePublicKey != null) {
-			int keyLength = handshakePublicKey.length;
-			if (keyLength == 0 || keyLength > MAX_AGREEMENT_PUBLIC_KEY_BYTES)
+			if (handshakePrivateKey == null)
+				throw new IllegalArgumentException();
+			if (!handshakePublicKey.getKeyType().equals(KEY_TYPE_AGREEMENT))
+				throw new IllegalArgumentException();
+		}
+		if (handshakePrivateKey != null) {
+			if (handshakePublicKey == null)
+				throw new IllegalArgumentException();
+			if (!handshakePrivateKey.getKeyType().equals(KEY_TYPE_AGREEMENT))
 				throw new IllegalArgumentException();
 		}
 		this.localAuthor = localAuthor;
@@ -57,7 +66,7 @@ public class Identity {
 	 * Returns the public key used for handshaking, or null if no key exists.
 	 */
 	@Nullable
-	public byte[] getHandshakePublicKey() {
+	public PublicKey getHandshakePublicKey() {
 		return handshakePublicKey;
 	}
 
@@ -65,7 +74,7 @@ public class Identity {
 	 * Returns the private key used for handshaking, or null if no key exists.
 	 */
 	@Nullable
-	public byte[] getHandshakePrivateKey() {
+	public PrivateKey getHandshakePrivateKey() {
 		return handshakePrivateKey;
 	}
 
@@ -76,21 +85,4 @@ public class Identity {
 	public long getTimeCreated() {
 		return created;
 	}
-
-	@Override
-	public int hashCode() {
-		return localAuthor.getId().hashCode();
-	}
-
-	@Override
-	public boolean equals(Object o) {
-		if (o instanceof Identity) {
-			Identity i = (Identity) o;
-			return created == i.created &&
-					localAuthor.equals(i.localAuthor) &&
-					Arrays.equals(handshakePublicKey, i.handshakePublicKey) &&
-					Arrays.equals(handshakePrivateKey, i.handshakePrivateKey);
-		}
-		return false;
-	}
 }

bramble-api/src/main/java/org/briarproject/bramble/api/identity/IdentityManager.java

@@ -1,6 +1,7 @@
 package org.briarproject.bramble.api.identity;
 
 import org.briarproject.bramble.api.crypto.CryptoExecutor;
+import org.briarproject.bramble.api.crypto.KeyPair;
 import org.briarproject.bramble.api.crypto.SecretKey;
 import org.briarproject.bramble.api.db.DbException;
 import org.briarproject.bramble.api.db.Transaction;
@@ -41,9 +42,6 @@ public interface IdentityManager {
 	 * Returns the cached handshake keys or loads them from the database.
 	 * <p/>
 	 * Read-only.
-	 *
-	 * @return A two-element array containing the public key in the first
-	 * element and the private key in the second
 	 */
-	byte[][] getHandshakeKeys(Transaction txn) throws DbException;
+	KeyPair getHandshakeKeys(Transaction txn) throws DbException;
 }

bramble-api/src/main/java/org/briarproject/bramble/api/identity/LocalAuthor.java

@@ -1,9 +1,13 @@
 package org.briarproject.bramble.api.identity;
 
+import org.briarproject.bramble.api.crypto.PrivateKey;
+import org.briarproject.bramble.api.crypto.PublicKey;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 
 import javax.annotation.concurrent.Immutable;
 
+import static org.briarproject.bramble.api.crypto.CryptoConstants.KEY_TYPE_SIGNATURE;
+
 /**
  * A pseudonym for the local user.
  */
@@ -11,18 +15,20 @@ import javax.annotation.concurrent.Immutable;
 @NotNullByDefault
 public class LocalAuthor extends Author {
 
-	private final byte[] privateKey;
+	private final PrivateKey privateKey;
 
 	public LocalAuthor(AuthorId id, int formatVersion, String name,
-			byte[] publicKey, byte[] privateKey) {
+			PublicKey publicKey, PrivateKey privateKey) {
 		super(id, formatVersion, name, publicKey);
+		if (!privateKey.getKeyType().equals(KEY_TYPE_SIGNATURE))
+			throw new IllegalArgumentException();
 		this.privateKey = privateKey;
 	}
 
 	/**
 	 * Returns the private key used to generate the pseudonym's signatures.
 	 */
-	public byte[] getPrivateKey() {
+	public PrivateKey getPrivateKey() {
 		return privateKey;
 	}
 }

bramble-api/src/main/java/org/briarproject/bramble/api/keyagreement/KeyAgreementListener.java

@@ -5,7 +5,7 @@ import org.briarproject.bramble.api.data.BdfList;
 import java.io.IOException;
 
 /**
- * An class for managing a particular key agreement listener.
+ * Accepts key agreement connections over a given transport.
  */
 public abstract class KeyAgreementListener {
 

bramble-api/src/main/java/org/briarproject/bramble/api/nullsafety/NullSafety.java

@@ -6,10 +6,27 @@ import javax.annotation.Nullable;
 public class NullSafety {
 
 	/**
-	 * Stand-in for `Objects.requireNonNull()`.
+	 * Stand-in for {@code Objects.requireNonNull()}.
 	 */
 	public static <T> T requireNonNull(@Nullable T t) {
 		if (t == null) throw new NullPointerException();
 		return t;
 	}
+
+	/**
+	 * Checks that exactly one of the arguments is null.
+	 *
+	 * @throws AssertionError If both or neither of the arguments are null
+	 */
+	public static void requireExactlyOneNull(@Nullable Object a,
+			@Nullable Object b) {
+		if ((a == null) == (b == null)) throw new AssertionError();
+	}
+
+	/**
+	 * Checks that the argument is null.
+	 */
+	public static void requireNull(@Nullable Object o) {
+		if (o != null) throw new AssertionError();
+	}
 }

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/ConnectionHandler.java

@@ -0,0 +1,28 @@
+package org.briarproject.bramble.api.plugin;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.duplex.DuplexPlugin;
+import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
+import org.briarproject.bramble.api.plugin.simplex.SimplexPlugin;
+
+/**
+ * An interface for handling connections created by transport plugins.
+ */
+@NotNullByDefault
+public interface ConnectionHandler {
+
+	/**
+	 * Handles a connection created by a {@link DuplexPlugin}.
+	 */
+	void handleConnection(DuplexTransportConnection c);
+
+	/**
+	 * Handles a reader created by a {@link SimplexPlugin}.
+	 */
+	void handleReader(TransportConnectionReader r);
+
+	/**
+	 * Handles a writer created by a {@link SimplexPlugin}.
+	 */
+	void handleWriter(TransportConnectionWriter w);
+}

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/ConnectionManager.java

@@ -1,17 +1,46 @@
 package org.briarproject.bramble.api.plugin;
 
 import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.contact.PendingContactId;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
 
+@NotNullByDefault
 public interface ConnectionManager {
 
+	/**
+	 * Manages an incoming connection from a contact over a simplex transport.
+	 */
 	void manageIncomingConnection(TransportId t, TransportConnectionReader r);
 
+	/**
+	 * Manages an incoming connection from a contact over a duplex transport.
+	 */
 	void manageIncomingConnection(TransportId t, DuplexTransportConnection d);
 
+	/**
+	 * Manages an incoming handshake connection from a pending contact over a
+	 * duplex transport.
+	 */
+	void manageIncomingConnection(PendingContactId p, TransportId t,
+			DuplexTransportConnection d);
+
+	/**
+	 * Manages an outgoing connection to a contact over a simplex transport.
+	 */
 	void manageOutgoingConnection(ContactId c, TransportId t,
 			TransportConnectionWriter w);
 
+	/**
+	 * Manages an outgoing connection to a contact over a duplex transport.
+	 */
 	void manageOutgoingConnection(ContactId c, TransportId t,
 			DuplexTransportConnection d);
+
+	/**
+	 * Manages an outgoing handshake connection to a pending contact over a
+	 * duplex transport.
+	 */
+	void manageOutgoingConnection(PendingContactId p, TransportId t,
+			DuplexTransportConnection d);
 }

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/ConnectionRegistry.java

@@ -1,7 +1,14 @@
 package org.briarproject.bramble.api.plugin;
 
 import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.contact.PendingContactId;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.event.ConnectionClosedEvent;
+import org.briarproject.bramble.api.plugin.event.ConnectionOpenedEvent;
+import org.briarproject.bramble.api.plugin.event.ContactConnectedEvent;
+import org.briarproject.bramble.api.plugin.event.ContactDisconnectedEvent;
+import org.briarproject.bramble.api.rendezvous.event.RendezvousConnectionClosedEvent;
+import org.briarproject.bramble.api.rendezvous.event.RendezvousConnectionOpenedEvent;
 
 import java.util.Collection;
 
@@ -11,13 +18,50 @@ import java.util.Collection;
 @NotNullByDefault
 public interface ConnectionRegistry {
 
+	/**
+	 * Registers a connection with the given contact over the given transport.
+	 * Broadcasts {@link ConnectionOpenedEvent}. Also broadcasts
+	 * {@link ContactConnectedEvent} if this is the only connection with the
+	 * contact.
+	 */
 	void registerConnection(ContactId c, TransportId t, boolean incoming);
 
+	/**
+	 * Unregisters a connection with the given contact over the given transport.
+	 * Broadcasts {@link ConnectionClosedEvent}. Also broadcasts
+	 * {@link ContactDisconnectedEvent} if this is the only connection with
+	 * the contact.
+	 */
 	void unregisterConnection(ContactId c, TransportId t, boolean incoming);
 
+	/**
+	 * Returns any contacts that are connected via the given transport.
+	 */
 	Collection<ContactId> getConnectedContacts(TransportId t);
 
+	/**
+	 * Returns true if the given contact is connected via the given transport.
+	 */
 	boolean isConnected(ContactId c, TransportId t);
 
+	/**
+	 * Returns true if the given contact is connected via any transport.
+	 */
 	boolean isConnected(ContactId c);
+
+	/**
+	 * Registers a connection with the given pending contact. Broadcasts
+	 * {@link RendezvousConnectionOpenedEvent} if this is the only connection
+	 * with the pending contact.
+	 *
+	 * @return True if this is the only connection with the pending contact,
+	 * false if it is redundant and should be closed
+	 */
+	boolean registerConnection(PendingContactId p);
+
+	/**
+	 * Unregisters a connection with the given pending contact. Broadcasts
+	 * {@link RendezvousConnectionClosedEvent}.
+	 */
+	void unregisterConnection(PendingContactId p, boolean success);
 }

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/Plugin.java

@@ -1,10 +1,10 @@
 package org.briarproject.bramble.api.plugin;
 
-import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.Pair;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.properties.TransportProperties;
 
-import java.util.Map;
+import java.util.Collection;
 
 @NotNullByDefault
 public interface Plugin {
@@ -51,8 +51,9 @@ public interface Plugin {
 	int getPollingInterval();
 
 	/**
-	 * Attempts to establish connections to the given contacts, passing any
-	 * created connections to the callback.
+	 * Attempts to create connections using the given transport properties,
+	 * passing any created connections to the corresponding handlers.
 	 */
-	void poll(Map<ContactId, TransportProperties> contacts);
+	void poll(Collection<Pair<TransportProperties, ConnectionHandler>>
+			properties);
 }

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/PluginCallback.java

@@ -9,7 +9,7 @@ import org.briarproject.bramble.api.settings.Settings;
  * the application.
  */
 @NotNullByDefault
-public interface PluginCallback {
+public interface PluginCallback extends ConnectionHandler {
 
 	/**
 	 * Returns the plugin's settings

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/PluginManager.java

@@ -36,4 +36,9 @@ public interface PluginManager {
 	 * Returns any duplex plugins that support key agreement.
 	 */
 	Collection<DuplexPlugin> getKeyAgreementPlugins();
+
+	/**
+	 * Returns any duplex plugins that support rendezvous.
+	 */
+	Collection<DuplexPlugin> getRendezvousPlugins();
 }

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/duplex/DuplexPlugin.java

@@ -3,8 +3,11 @@ package org.briarproject.bramble.api.plugin.duplex;
 import org.briarproject.bramble.api.data.BdfList;
 import org.briarproject.bramble.api.keyagreement.KeyAgreementListener;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.ConnectionHandler;
 import org.briarproject.bramble.api.plugin.Plugin;
 import org.briarproject.bramble.api.properties.TransportProperties;
+import org.briarproject.bramble.api.rendezvous.KeyMaterialSource;
+import org.briarproject.bramble.api.rendezvous.RendezvousEndpoint;
 
 import javax.annotation.Nullable;
 
@@ -40,4 +43,19 @@ public interface DuplexPlugin extends Plugin {
 	@Nullable
 	DuplexTransportConnection createKeyAgreementConnection(
 			byte[] remoteCommitment, BdfList descriptor);
+
+	/**
+	 * Returns true if the plugin supports rendezvous connections.
+	 */
+	boolean supportsRendezvous();
+
+	/**
+	 * Creates and returns an endpoint that uses the given key material to
+	 * rendezvous with a pending contact, and the given connection handler to
+	 * handle incoming connections. Returns null if an endpoint cannot be
+	 * created.
+	 */
+	@Nullable
+	RendezvousEndpoint createRendezvousEndpoint(KeyMaterialSource k,
+			boolean alice, ConnectionHandler incoming);
 }

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/duplex/DuplexPluginCallback.java

@@ -1,17 +0,0 @@
-package org.briarproject.bramble.api.plugin.duplex;
-
-import org.briarproject.bramble.api.contact.ContactId;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.briarproject.bramble.api.plugin.PluginCallback;
-
-/**
- * An interface through which a duplex plugin interacts with the rest of the
- * application.
- */
-@NotNullByDefault
-public interface DuplexPluginCallback extends PluginCallback {
-
-	void incomingConnectionCreated(DuplexTransportConnection d);
-
-	void outgoingConnectionCreated(ContactId c, DuplexTransportConnection d);
-}

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/duplex/DuplexPluginFactory.java

@@ -1,6 +1,7 @@
 package org.briarproject.bramble.api.plugin.duplex;
 
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.PluginCallback;
 import org.briarproject.bramble.api.plugin.TransportId;
 
 import javax.annotation.Nullable;
@@ -25,5 +26,5 @@ public interface DuplexPluginFactory {
 	 * Creates and returns a plugin, or null if no plugin can be created.
 	 */
 	@Nullable
-	DuplexPlugin createPlugin(DuplexPluginCallback callback);
+	DuplexPlugin createPlugin(PluginCallback callback);
 }

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/simplex/SimplexPluginCallback.java

@@ -1,19 +0,0 @@
-package org.briarproject.bramble.api.plugin.simplex;
-
-import org.briarproject.bramble.api.contact.ContactId;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.briarproject.bramble.api.plugin.PluginCallback;
-import org.briarproject.bramble.api.plugin.TransportConnectionReader;
-import org.briarproject.bramble.api.plugin.TransportConnectionWriter;
-
-/**
- * An interface through which a simplex plugin interacts with the rest of the
- * application.
- */
-@NotNullByDefault
-public interface SimplexPluginCallback extends PluginCallback {
-
-	void readerCreated(TransportConnectionReader r);
-
-	void writerCreated(ContactId c, TransportConnectionWriter w);
-}

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/simplex/SimplexPluginFactory.java

@@ -1,6 +1,7 @@
 package org.briarproject.bramble.api.plugin.simplex;
 
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.PluginCallback;
 import org.briarproject.bramble.api.plugin.TransportId;
 
 import javax.annotation.Nullable;
@@ -25,5 +26,5 @@ public interface SimplexPluginFactory {
 	 * Creates and returns a plugin, or null if no plugin can be created.
 	 */
 	@Nullable
-	SimplexPlugin createPlugin(SimplexPluginCallback callback);
+	SimplexPlugin createPlugin(PluginCallback callback);
 }

bramble-api/src/main/java/org/briarproject/bramble/api/record/RecordReader.java

@@ -1,10 +1,14 @@
 package org.briarproject.bramble.api.record;
 
+import org.briarproject.bramble.api.FormatException;
+import org.briarproject.bramble.api.Predicate;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 
 import java.io.EOFException;
 import java.io.IOException;
 
+import javax.annotation.Nullable;
+
 @NotNullByDefault
 public interface RecordReader {
 
@@ -16,5 +20,20 @@ public interface RecordReader {
 	 */
 	Record readRecord() throws IOException;
 
+	/**
+	 * Reads and returns the next record matching the 'accept' predicate,
+	 * skipping any records that match the 'ignore' predicate. Returns null if
+	 * no record matching the 'accept' predicate is found before the end of the
+	 * stream.
+	 *
+	 * @throws EOFException If the end of the stream is reached without
+	 * reading a complete record
+	 * @throws FormatException If a record is read that does not match the
+	 * 'accept' or 'ignore' predicates
+	 */
+	@Nullable
+	Record readRecord(Predicate<Record> accept, Predicate<Record> ignore)
+			throws IOException;
+
 	void close() throws IOException;
 }

bramble-api/src/main/java/org/briarproject/bramble/api/rendezvous/KeyMaterialSource.java

@@ -0,0 +1,15 @@
+package org.briarproject.bramble.api.rendezvous;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+/**
+ * A source of key material for use in making rendezvous connections.
+ */
+@NotNullByDefault
+public interface KeyMaterialSource {
+
+	/**
+	 * Returns the requested amount of key material.
+	 */
+	byte[] getKeyMaterial(int length);
+}

bramble-api/src/main/java/org/briarproject/bramble/api/rendezvous/RendezvousEndpoint.java

@@ -0,0 +1,26 @@
+package org.briarproject.bramble.api.rendezvous;
+
+import org.briarproject.bramble.api.properties.TransportProperties;
+
+import java.io.Closeable;
+import java.io.IOException;
+
+/**
+ * An interface for making and accepting rendezvous connections with a pending
+ * contact over a given transport.
+ */
+public interface RendezvousEndpoint extends Closeable {
+
+	/**
+	 * Returns a set of transport properties for connecting to the pending
+	 * contact.
+	 */
+	TransportProperties getRemoteTransportProperties();
+
+	/**
+	 * Closes the handler and releases any resources held by it, such as
+	 * network sockets.
+	 */
+	@Override
+	void close() throws IOException;
+}

bramble-api/src/main/java/org/briarproject/bramble/api/rendezvous/RendezvousPoller.java

@@ -0,0 +1,12 @@
+package org.briarproject.bramble.api.rendezvous;
+
+import org.briarproject.bramble.api.contact.PendingContactId;
+
+/**
+ * Interface for the poller that makes rendezvous connections to pending
+ * contacts.
+ */
+public interface RendezvousPoller {
+
+	long getLastPollTime(PendingContactId p);
+}

bramble-api/src/main/java/org/briarproject/bramble/api/rendezvous/event/RendezvousConnectionClosedEvent.java

@@ -0,0 +1,32 @@
+package org.briarproject.bramble.api.rendezvous.event;
+
+import org.briarproject.bramble.api.contact.PendingContactId;
+import org.briarproject.bramble.api.event.Event;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+import javax.annotation.concurrent.Immutable;
+
+/**
+ * An event that is broadcast when a rendezvous connection is closed.
+ */
+@Immutable
+@NotNullByDefault
+public class RendezvousConnectionClosedEvent extends Event {
+
+	private final PendingContactId pendingContactId;
+	private final boolean success;
+
+	public RendezvousConnectionClosedEvent(PendingContactId pendingContactId,
+			boolean success) {
+		this.pendingContactId = pendingContactId;
+		this.success = success;
+	}
+
+	public PendingContactId getPendingContactId() {
+		return pendingContactId;
+	}
+
+	public boolean isSuccess() {
+		return success;
+	}
+}

bramble-api/src/main/java/org/briarproject/bramble/api/rendezvous/event/RendezvousConnectionOpenedEvent.java

@@ -0,0 +1,25 @@
+package org.briarproject.bramble.api.rendezvous.event;
+
+import org.briarproject.bramble.api.contact.PendingContactId;
+import org.briarproject.bramble.api.event.Event;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+import javax.annotation.concurrent.Immutable;
+
+/**
+ * An event that is broadcast when a rendezvous connection is opened.
+ */
+@Immutable
+@NotNullByDefault
+public class RendezvousConnectionOpenedEvent extends Event {
+
+	private final PendingContactId pendingContactId;
+
+	public RendezvousConnectionOpenedEvent(PendingContactId pendingContactId) {
+		this.pendingContactId = pendingContactId;
+	}
+
+	public PendingContactId getPendingContactId() {
+		return pendingContactId;
+	}
+}

bramble-api/src/main/java/org/briarproject/bramble/api/rendezvous/event/RendezvousPollEvent.java

@@ -0,0 +1,36 @@
+package org.briarproject.bramble.api.rendezvous.event;
+
+import org.briarproject.bramble.api.contact.PendingContactId;
+import org.briarproject.bramble.api.event.Event;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.TransportId;
+
+import java.util.Collection;
+
+import javax.annotation.concurrent.Immutable;
+
+/**
+ * An event that is broadcast when a transport plugin is polled for connections
+ * to one or more pending contacts.
+ */
+@Immutable
+@NotNullByDefault
+public class RendezvousPollEvent extends Event {
+
+	private final TransportId transportId;
+	private final Collection<PendingContactId> pendingContacts;
+
+	public RendezvousPollEvent(TransportId transportId,
+			Collection<PendingContactId> pendingContacts) {
+		this.transportId = transportId;
+		this.pendingContacts = pendingContacts;
+	}
+
+	public TransportId getTransportId() {
+		return transportId;
+	}
+
+	public Collection<PendingContactId> getPendingContacts() {
+		return pendingContacts;
+	}
+}

bramble-api/src/main/java/org/briarproject/bramble/api/sync/Ack.java

@@ -1,10 +1,16 @@
 package org.briarproject.bramble.api.sync;
 
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
 import java.util.Collection;
 
+import javax.annotation.concurrent.Immutable;
+
 /**
  * A record acknowledging receipt of one or more {@link Message Messages}.
  */
+@Immutable
+@NotNullByDefault
 public class Ack {
 
 	private final Collection<MessageId> acked;

bramble-api/src/main/java/org/briarproject/bramble/api/sync/Message.java

@@ -1,8 +1,14 @@
 package org.briarproject.bramble.api.sync;
 
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+import javax.annotation.concurrent.Immutable;
+
 import static org.briarproject.bramble.api.sync.SyncConstants.MAX_MESSAGE_BODY_LENGTH;
 import static org.briarproject.bramble.api.sync.SyncConstants.MESSAGE_HEADER_LENGTH;
 
+@Immutable
+@NotNullByDefault
 public class Message {
 
 	/**

bramble-api/src/main/java/org/briarproject/bramble/api/sync/Offer.java

@@ -1,10 +1,16 @@
 package org.briarproject.bramble.api.sync;
 
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
 import java.util.Collection;
 
+import javax.annotation.concurrent.Immutable;
+
 /**
  * A record offering the recipient one or more {@link Message Messages}.
  */
+@Immutable
+@NotNullByDefault
 public class Offer {
 
 	private final Collection<MessageId> offered;

bramble-api/src/main/java/org/briarproject/bramble/api/sync/RecordTypes.java

@@ -9,5 +9,5 @@ public interface RecordTypes {
 	byte MESSAGE = 1;
 	byte OFFER = 2;
 	byte REQUEST = 3;
-
+	byte VERSIONS = 4;
 }

bramble-api/src/main/java/org/briarproject/bramble/api/sync/Request.java

@@ -1,10 +1,16 @@
 package org.briarproject.bramble.api.sync;
 
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
 import java.util.Collection;
 
+import javax.annotation.concurrent.Immutable;
+
 /**
  * A record requesting one or more {@link Message Messages} from the recipient.
  */
+@Immutable
+@NotNullByDefault
 public class Request {
 
 	private final Collection<MessageId> requested;

bramble-api/src/main/java/org/briarproject/bramble/api/sync/SyncConstants.java

@@ -2,6 +2,9 @@ package org.briarproject.bramble.api.sync;
 
 import org.briarproject.bramble.api.UniqueId;
 
+import java.util.List;
+
+import static java.util.Collections.singletonList;
 import static org.briarproject.bramble.api.record.Record.MAX_RECORD_PAYLOAD_BYTES;
 
 public interface SyncConstants {
@@ -11,6 +14,11 @@ public interface SyncConstants {
 	 */
 	byte PROTOCOL_VERSION = 0;
 
+	/**
+	 * The versions of the sync protocol this peer supports.
+	 */
+	List<Byte> SUPPORTED_VERSIONS = singletonList(PROTOCOL_VERSION);
+
 	/**
 	 * The maximum length of a group descriptor in bytes.
 	 */
@@ -35,4 +43,10 @@ public interface SyncConstants {
 	 * The maximum number of message IDs in an ack, offer or request record.
 	 */
 	int MAX_MESSAGE_IDS = MAX_RECORD_PAYLOAD_BYTES / UniqueId.LENGTH;
+
+	/**
+	 * The maximum number of versions of the sync protocol a peer may support
+	 * simultaneously.
+	 */
+	int MAX_SUPPORTED_VERSIONS = 10;
 }

bramble-api/src/main/java/org/briarproject/bramble/api/sync/SyncRecordReader.java

@@ -25,4 +25,7 @@ public interface SyncRecordReader {
 
 	Request readRequest() throws IOException;
 
+	boolean hasVersions() throws IOException;
+
+	Versions readVersions() throws IOException;
 }

bramble-api/src/main/java/org/briarproject/bramble/api/sync/SyncRecordWriter.java

@@ -15,5 +15,7 @@ public interface SyncRecordWriter {
 
 	void writeRequest(Request r) throws IOException;
 
+	void writeVersions(Versions v) throws IOException;
+
 	void flush() throws IOException;
 }

bramble-api/src/main/java/org/briarproject/bramble/api/sync/Versions.java

@@ -0,0 +1,26 @@
+package org.briarproject.bramble.api.sync;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+import java.util.List;
+
+import javax.annotation.concurrent.Immutable;
+
+/**
+ * A record telling the recipient which versions of the sync protocol the
+ * sender supports.
+ */
+@Immutable
+@NotNullByDefault
+public class Versions {
+
+	private final List<Byte> supported;
+
+	public Versions(List<Byte> supported) {
+		this.supported = supported;
+	}
+
+	public List<Byte> getSupportedVersions() {
+		return supported;
+	}
+}

bramble-api/src/main/java/org/briarproject/bramble/api/sync/event/SyncVersionsUpdatedEvent.java

@@ -0,0 +1,34 @@
+package org.briarproject.bramble.api.sync.event;
+
+import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.event.Event;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+import java.util.List;
+
+import javax.annotation.concurrent.Immutable;
+
+/**
+ * An event that is broadcast when the versions of the sync protocol supported
+ * by a contact are updated.
+ */
+@Immutable
+@NotNullByDefault
+public class SyncVersionsUpdatedEvent extends Event {
+
+	private final ContactId contactId;
+	private final List<Byte> supported;
+
+	public SyncVersionsUpdatedEvent(ContactId contactId, List<Byte> supported) {
+		this.contactId = contactId;
+		this.supported = supported;
+	}
+
+	public ContactId getContactId() {
+		return contactId;
+	}
+
+	public List<Byte> getSupportedVersions() {
+		return supported;
+	}
+}

bramble-api/src/main/java/org/briarproject/bramble/api/transport/AbstractTransportKeys.java

@@ -1,57 +0,0 @@
-package org.briarproject.bramble.api.transport;
-
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.briarproject.bramble.api.plugin.TransportId;
-
-import javax.annotation.concurrent.Immutable;
-
-/**
- * Abstract superclass for {@link TransportKeys} and {@link HandshakeKeys}.
- */
-@Immutable
-@NotNullByDefault
-public abstract class AbstractTransportKeys {
-
-	private final TransportId transportId;
-	private final IncomingKeys inPrev, inCurr, inNext;
-	private final OutgoingKeys outCurr;
-
-	AbstractTransportKeys(TransportId transportId, IncomingKeys inPrev,
-			IncomingKeys inCurr, IncomingKeys inNext, OutgoingKeys outCurr) {
-		if (inPrev.getTimePeriod() != outCurr.getTimePeriod() - 1)
-			throw new IllegalArgumentException();
-		if (inCurr.getTimePeriod() != outCurr.getTimePeriod())
-			throw new IllegalArgumentException();
-		if (inNext.getTimePeriod() != outCurr.getTimePeriod() + 1)
-			throw new IllegalArgumentException();
-		this.transportId = transportId;
-		this.inPrev = inPrev;
-		this.inCurr = inCurr;
-		this.inNext = inNext;
-		this.outCurr = outCurr;
-	}
-
-	public TransportId getTransportId() {
-		return transportId;
-	}
-
-	public IncomingKeys getPreviousIncomingKeys() {
-		return inPrev;
-	}
-
-	public IncomingKeys getCurrentIncomingKeys() {
-		return inCurr;
-	}
-
-	public IncomingKeys getNextIncomingKeys() {
-		return inNext;
-	}
-
-	public OutgoingKeys getCurrentOutgoingKeys() {
-		return outCurr;
-	}
-
-	public long getTimePeriod() {
-		return outCurr.getTimePeriod();
-	}
-}

bramble-api/src/main/java/org/briarproject/bramble/api/transport/HandshakeKeySet.java

@@ -1,70 +0,0 @@
-package org.briarproject.bramble.api.transport;
-
-import org.briarproject.bramble.api.contact.ContactId;
-import org.briarproject.bramble.api.contact.PendingContactId;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-
-import javax.annotation.Nullable;
-import javax.annotation.concurrent.Immutable;
-
-/**
- * A set of keys for handshaking with a given contact or pending contact over a
- * given transport. Unlike a {@link TransportKeySet} these keys do not provide
- * forward secrecy.
- */
-@Immutable
-@NotNullByDefault
-public class HandshakeKeySet {
-
-	private final HandshakeKeySetId keySetId;
-	@Nullable
-	private final ContactId contactId;
-	@Nullable
-	private final PendingContactId pendingContactId;
-	private final HandshakeKeys keys;
-
-	public HandshakeKeySet(HandshakeKeySetId keySetId, ContactId contactId,
-			HandshakeKeys keys) {
-		this.keySetId = keySetId;
-		this.contactId = contactId;
-		this.keys = keys;
-		pendingContactId = null;
-	}
-
-	public HandshakeKeySet(HandshakeKeySetId keySetId,
-			PendingContactId pendingContactId, HandshakeKeys keys) {
-		this.keySetId = keySetId;
-		this.pendingContactId = pendingContactId;
-		this.keys = keys;
-		contactId = null;
-	}
-
-	public HandshakeKeySetId getKeySetId() {
-		return keySetId;
-	}
-
-	@Nullable
-	public ContactId getContactId() {
-		return contactId;
-	}
-
-	@Nullable
-	public PendingContactId getPendingContactId() {
-		return pendingContactId;
-	}
-
-	public HandshakeKeys getKeys() {
-		return keys;
-	}
-
-	@Override
-	public int hashCode() {
-		return keySetId.hashCode();
-	}
-
-	@Override
-	public boolean equals(Object o) {
-		return o instanceof HandshakeKeySet &&
-				keySetId.equals(((HandshakeKeySet) o).keySetId);
-	}
-}

bramble-api/src/main/java/org/briarproject/bramble/api/transport/HandshakeKeys.java

@@ -1,36 +0,0 @@
-package org.briarproject.bramble.api.transport;
-
-import org.briarproject.bramble.api.crypto.SecretKey;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.briarproject.bramble.api.plugin.TransportId;
-
-import javax.annotation.concurrent.Immutable;
-
-/**
- * Keys for handshaking with a given contact or pending contact over a given
- * transport. Unlike {@link TransportKeys} these keys do not provide forward
- * secrecy.
- */
-@Immutable
-@NotNullByDefault
-public class HandshakeKeys extends AbstractTransportKeys {
-
-	private final SecretKey rootKey;
-	private final boolean alice;
-
-	public HandshakeKeys(TransportId transportId, IncomingKeys inPrev,
-			IncomingKeys inCurr, IncomingKeys inNext, OutgoingKeys outCurr,
-			SecretKey rootKey, boolean alice) {
-		super(transportId, inPrev, inCurr, inNext, outCurr);
-		this.rootKey = rootKey;
-		this.alice = alice;
-	}
-
-	public SecretKey getRootKey() {
-		return rootKey;
-	}
-
-	public boolean isAlice() {
-		return alice;
-	}
-}

bramble-api/src/main/java/org/briarproject/bramble/api/transport/IncomingKeys.java

@@ -8,8 +8,8 @@ import javax.annotation.concurrent.Immutable;
 import static org.briarproject.bramble.api.transport.TransportConstants.REORDERING_WINDOW_SIZE;
 
 /**
- * Contains transport keys for receiving streams from a given contact over a
- * given transport in a given time period.
+ * Contains transport keys for receiving streams from a given contact or
+ * pending contact over a given transport in a given time period.
  */
 @Immutable
 @NotNullByDefault

bramble-api/src/main/java/org/briarproject/bramble/api/transport/KeyManager.java

@@ -1,11 +1,15 @@
 package org.briarproject.bramble.api.transport;
 
 import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.contact.PendingContactId;
+import org.briarproject.bramble.api.crypto.KeyPair;
+import org.briarproject.bramble.api.crypto.PublicKey;
 import org.briarproject.bramble.api.crypto.SecretKey;
 import org.briarproject.bramble.api.db.DbException;
 import org.briarproject.bramble.api.db.Transaction;
 import org.briarproject.bramble.api.plugin.TransportId;
 
+import java.security.GeneralSecurityException;
 import java.util.Map;
 
 import javax.annotation.Nullable;
@@ -17,24 +21,49 @@ import javax.annotation.Nullable;
 public interface KeyManager {
 
 	/**
-	 * Informs the key manager that a new contact has been added. Derives and
-	 * stores a set of transport keys for communicating with the contact over
-	 * each transport and returns the key set IDs.
+	 * Derives and stores a set of rotation mode transport keys for
+	 * communicating with the given contact over each transport and returns the
+	 * key set IDs.
 	 * <p/>
 	 * {@link StreamContext StreamContexts} for the contact can be created
 	 * after this method has returned.
 	 *
-	 * @param alice true if the local party is Alice
-	 * @param active whether the derived keys can be used for outgoing streams
+	 * @param alice True if the local party is Alice
+	 * @param active Whether the derived keys can be used for outgoing streams
 	 */
-	Map<TransportId, TransportKeySetId> addContact(Transaction txn, ContactId c,
-			SecretKey rootKey, long timestamp, boolean alice, boolean active)
-			throws DbException;
+	Map<TransportId, KeySetId> addRotationKeys(Transaction txn,
+			ContactId c, SecretKey rootKey, long timestamp, boolean alice,
+			boolean active) throws DbException;
+
+	/**
+	 * Informs the key manager that a new contact has been added. Derives and
+	 * stores a set of handshake mode transport keys for communicating with the
+	 * contact over each transport and returns the key set IDs.
+	 * <p/>
+	 * {@link StreamContext StreamContexts} for the contact can be created
+	 * after this method has returned.
+	 */
+	Map<TransportId, KeySetId> addContact(Transaction txn, ContactId c,
+			PublicKey theirPublicKey, KeyPair ourKeyPair)
+			throws DbException, GeneralSecurityException;
+
+	/**
+	 * Informs the key manager that a new pending contact has been added.
+	 * Derives and stores a set of handshake mode transport keys for
+	 * communicating with the pending contact over each transport and returns
+	 * the key set IDs.
+	 * <p/>
+	 * {@link StreamContext StreamContexts} for the pending contact can be
+	 * created after this method has returned.
+	 */
+	Map<TransportId, KeySetId> addPendingContact(Transaction txn,
+			PendingContactId p, PublicKey theirPublicKey, KeyPair ourKeyPair)
+			throws DbException, GeneralSecurityException;
 
 	/**
 	 * Marks the given transport keys as usable for outgoing streams.
 	 */
-	void activateKeys(Transaction txn, Map<TransportId, TransportKeySetId> keys)
+	void activateKeys(Transaction txn, Map<TransportId, KeySetId> keys)
 			throws DbException;
 
 	/**
@@ -43,15 +72,28 @@ public interface KeyManager {
 	 */
 	boolean canSendOutgoingStreams(ContactId c, TransportId t);
 
+	/**
+	 * Returns true if we have keys that can be used for outgoing streams to
+	 * the given pending contact over the given transport.
+	 */
+	boolean canSendOutgoingStreams(PendingContactId p, TransportId t);
+
 	/**
 	 * Returns a {@link StreamContext} for sending a stream to the given
-	 * contact over the given transport, or null if an error occurs or the
-	 * contact does not support the transport.
+	 * contact over the given transport, or null if an error occurs.
 	 */
 	@Nullable
 	StreamContext getStreamContext(ContactId c, TransportId t)
 			throws DbException;
 
+	/**
+	 * Returns a {@link StreamContext} for sending a stream to the given
+	 * pending contact over the given transport, or null if an error occurs.
+	 */
+	@Nullable
+	StreamContext getStreamContext(PendingContactId p, TransportId t)
+			throws DbException;
+
 	/**
 	 * Looks up the given tag and returns a {@link StreamContext} for reading
 	 * from the corresponding stream, or null if an error occurs or the tag was

bramble-api/src/main/java/org/briarproject/bramble/api/transport/KeySetId.java

@@ -5,17 +5,16 @@ import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import javax.annotation.concurrent.Immutable;
 
 /**
- * Type-safe wrapper for an integer that uniquely identifies a
- * {@link HandshakeKeySet set of handshake keys} within the scope of the local
- * device.
+ * Type-safe wrapper for an integer that uniquely identifies a set of
+ * {@link TransportKeySet transport keys} within the scope of the local device.
  */
 @Immutable
 @NotNullByDefault
-public class HandshakeKeySetId {
+public class KeySetId {
 
 	private final int id;
 
-	public HandshakeKeySetId(int id) {
+	public KeySetId(int id) {
 		this.id = id;
 	}
 
@@ -30,7 +29,6 @@ public class HandshakeKeySetId {
 
 	@Override
 	public boolean equals(Object o) {
-		return o instanceof HandshakeKeySetId &&
-				id == ((HandshakeKeySetId) o).id;
+		return o instanceof KeySetId && id == ((KeySetId) o).id;
 	}
 }

bramble-api/src/main/java/org/briarproject/bramble/api/transport/OutgoingKeys.java

@@ -6,8 +6,8 @@ import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import javax.annotation.concurrent.Immutable;
 
 /**
- * Contains transport keys for sending streams to a given contact over a given
- * transport in a given time period.
+ * Contains transport keys for sending streams to a given contact or pending
+ * contact over a given transport in a given time period.
  */
 @Immutable
 @NotNullByDefault

bramble-api/src/main/java/org/briarproject/bramble/api/transport/StreamContext.java

@@ -1,34 +1,53 @@
 package org.briarproject.bramble.api.transport;
 
 import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.contact.PendingContactId;
 import org.briarproject.bramble.api.crypto.SecretKey;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.TransportId;
 
+import javax.annotation.Nullable;
 import javax.annotation.concurrent.Immutable;
 
+import static org.briarproject.bramble.api.nullsafety.NullSafety.requireExactlyOneNull;
+
 @Immutable
 @NotNullByDefault
 public class StreamContext {
 
+	@Nullable
 	private final ContactId contactId;
+	@Nullable
+	private final PendingContactId pendingContactId;
 	private final TransportId transportId;
 	private final SecretKey tagKey, headerKey;
 	private final long streamNumber;
+	private final boolean handshakeMode;
 
-	public StreamContext(ContactId contactId, TransportId transportId,
-			SecretKey tagKey, SecretKey headerKey, long streamNumber) {
+	public StreamContext(@Nullable ContactId contactId,
+			@Nullable PendingContactId pendingContactId,
+			TransportId transportId, SecretKey tagKey, SecretKey headerKey,
+			long streamNumber, boolean handshakeMode) {
+		requireExactlyOneNull(contactId, pendingContactId);
 		this.contactId = contactId;
+		this.pendingContactId = pendingContactId;
 		this.transportId = transportId;
 		this.tagKey = tagKey;
 		this.headerKey = headerKey;
 		this.streamNumber = streamNumber;
+		this.handshakeMode = handshakeMode;
 	}
 
+	@Nullable
 	public ContactId getContactId() {
 		return contactId;
 	}
 
+	@Nullable
+	public PendingContactId getPendingContactId() {
+		return pendingContactId;
+	}
+
 	public TransportId getTransportId() {
 		return transportId;
 	}
@@ -44,4 +63,8 @@ public class StreamContext {
 	public long getStreamNumber() {
 		return streamNumber;
 	}
+
+	public boolean isHandshakeMode() {
+		return handshakeMode;
+	}
 }

bramble-api/src/main/java/org/briarproject/bramble/api/transport/TransportConstants.java

@@ -63,14 +63,6 @@ public interface TransportConstants {
 	int MAX_PAYLOAD_LENGTH = MAX_FRAME_LENGTH - FRAME_HEADER_LENGTH
 			- MAC_LENGTH;
 
-	/**
-	 * The minimum stream length in bytes that all transport plugins must
-	 * support. Streams may be shorter than this length, but all transport
-	 * plugins must support streams of at least this length.
-	 */
-	int MIN_STREAM_LENGTH = STREAM_HEADER_LENGTH + FRAME_HEADER_LENGTH
-			+ MAC_LENGTH;
-
 	/**
 	 * The maximum difference in milliseconds between two peers' clocks.
 	 */
@@ -81,6 +73,26 @@ public interface TransportConstants {
 	 */
 	int REORDERING_WINDOW_SIZE = 32;
 
+	/**
+	 * Label for deriving the static master key from handshake key pairs.
+	 */
+	String STATIC_MASTER_KEY_LABEL =
+			"org.briarproject.bramble.transport/STATIC_MASTER_KEY";
+
+	/**
+	 * Label for deriving the handshake mode root key for a pending contact
+	 * from the static master key.
+	 */
+	String PENDING_CONTACT_ROOT_KEY_LABEL =
+			"org.briarproject.bramble.transport/PENDING_CONTACT_ROOT_KEY";
+
+	/**
+	 * Label for deriving the handshake mode root key for a contact from the
+	 * static master key.
+	 */
+	String CONTACT_ROOT_KEY_LABEL =
+			"org.briarproject.bramble.transport/CONTACT_ROOT_KEY";
+
 	/**
 	 * Label for deriving Alice's initial tag key from the root key in
 	 * rotation mode.

bramble-api/src/main/java/org/briarproject/bramble/api/transport/TransportKeySet.java

@@ -1,37 +1,52 @@
 package org.briarproject.bramble.api.transport;
 
 import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.contact.PendingContactId;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 
+import javax.annotation.Nullable;
 import javax.annotation.concurrent.Immutable;
 
+import static org.briarproject.bramble.api.nullsafety.NullSafety.requireExactlyOneNull;
+
 /**
- * A set of keys for communicating with a given contact over a given transport.
- * Unlike a {@link HandshakeKeySet} these keys provide forward secrecy.
+ * A set of keys for communicating with a given contact or pending contact
+ * over a given transport.
  */
 @Immutable
 @NotNullByDefault
 public class TransportKeySet {
 
-	private final TransportKeySetId keySetId;
+	private final KeySetId keySetId;
+	@Nullable
 	private final ContactId contactId;
+	@Nullable
+	private final PendingContactId pendingContactId;
 	private final TransportKeys keys;
 
-	public TransportKeySet(TransportKeySetId keySetId, ContactId contactId,
-			TransportKeys keys) {
+	public TransportKeySet(KeySetId keySetId, @Nullable ContactId contactId,
+			@Nullable PendingContactId pendingContactId, TransportKeys keys) {
+		requireExactlyOneNull(contactId, pendingContactId);
 		this.keySetId = keySetId;
 		this.contactId = contactId;
+		this.pendingContactId = pendingContactId;
 		this.keys = keys;
 	}
 
-	public TransportKeySetId getKeySetId() {
+	public KeySetId getKeySetId() {
 		return keySetId;
 	}
 
+	@Nullable
 	public ContactId getContactId() {
 		return contactId;
 	}
 
+	@Nullable
+	public PendingContactId getPendingContactId() {
+		return pendingContactId;
+	}
+
 	public TransportKeys getKeys() {
 		return keys;
 	}

bramble-api/src/main/java/org/briarproject/bramble/api/transport/TransportKeySetId.java

@@ -1,38 +0,0 @@
-package org.briarproject.bramble.api.transport;
-
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-
-import javax.annotation.concurrent.Immutable;
-
-/**
- * Type-safe wrapper for an integer that uniquely identifies a
- * {@link TransportKeySet set of transport keys} within the scope of the local
- * device.
- * <p/>
- * Key sets created on a given device must have increasing identifiers.
- */
-@Immutable
-@NotNullByDefault
-public class TransportKeySetId {
-
-	private final int id;
-
-	public TransportKeySetId(int id) {
-		this.id = id;
-	}
-
-	public int getInt() {
-		return id;
-	}
-
-	@Override
-	public int hashCode() {
-		return id;
-	}
-
-	@Override
-	public boolean equals(Object o) {
-		return o instanceof TransportKeySetId &&
-				id == ((TransportKeySetId) o).id;
-	}
-}

bramble-api/src/main/java/org/briarproject/bramble/api/transport/TransportKeys.java

@@ -1,20 +1,108 @@
 package org.briarproject.bramble.api.transport;
 
+import org.briarproject.bramble.api.crypto.SecretKey;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.TransportId;
 
+import javax.annotation.Nullable;
 import javax.annotation.concurrent.Immutable;
 
 /**
- * Keys for communicating with a given contact over a given transport. Unlike
- * {@link HandshakeKeys} these keys provide forward secrecy.
+ * Keys for communicating with a given contact or pending contact over a given
+ * transport.
  */
 @Immutable
 @NotNullByDefault
-public class TransportKeys extends AbstractTransportKeys {
+public class TransportKeys {
 
+	private final TransportId transportId;
+	private final IncomingKeys inPrev, inCurr, inNext;
+	private final OutgoingKeys outCurr;
+	@Nullable
+	private final SecretKey rootKey;
+	private final boolean alice;
+
+	/**
+	 * Constructor for rotation mode.
+	 */
 	public TransportKeys(TransportId transportId, IncomingKeys inPrev,
 			IncomingKeys inCurr, IncomingKeys inNext, OutgoingKeys outCurr) {
-		super(transportId, inPrev, inCurr, inNext, outCurr);
+		this(transportId, inPrev, inCurr, inNext, outCurr, null, false);
+	}
+
+	/**
+	 * Constructor for handshake mode.
+	 */
+	public TransportKeys(TransportId transportId, IncomingKeys inPrev,
+			IncomingKeys inCurr, IncomingKeys inNext, OutgoingKeys outCurr,
+			@Nullable SecretKey rootKey, boolean alice) {
+		if (inPrev.getTimePeriod() != outCurr.getTimePeriod() - 1)
+			throw new IllegalArgumentException();
+		if (inCurr.getTimePeriod() != outCurr.getTimePeriod())
+			throw new IllegalArgumentException();
+		if (inNext.getTimePeriod() != outCurr.getTimePeriod() + 1)
+			throw new IllegalArgumentException();
+		this.transportId = transportId;
+		this.inPrev = inPrev;
+		this.inCurr = inCurr;
+		this.inNext = inNext;
+		this.outCurr = outCurr;
+		this.rootKey = rootKey;
+		this.alice = alice;
+	}
+
+	public TransportId getTransportId() {
+		return transportId;
+	}
+
+	public IncomingKeys getPreviousIncomingKeys() {
+		return inPrev;
+	}
+
+	public IncomingKeys getCurrentIncomingKeys() {
+		return inCurr;
+	}
+
+	public IncomingKeys getNextIncomingKeys() {
+		return inNext;
+	}
+
+	public OutgoingKeys getCurrentOutgoingKeys() {
+		return outCurr;
+	}
+
+	public long getTimePeriod() {
+		return outCurr.getTimePeriod();
+	}
+
+	/**
+	 * Returns true if these keys are for use in handshake mode or false if
+	 * they're for use in rotation mode.
+	 */
+	public boolean isHandshakeMode() {
+		return rootKey != null;
+	}
+
+	/**
+	 * If these keys are for use in handshake mode, returns the root key.
+	 *
+	 * @throws UnsupportedOperationException If these keys are for use in
+	 * rotation mode
+	 */
+	public SecretKey getRootKey() {
+		if (rootKey == null) throw new UnsupportedOperationException();
+		return rootKey;
+	}
+
+	/**
+	 * If these keys are for use in handshake mode, returns true if the local
+	 * party is Alice.
+	 *
+	 * @throws UnsupportedOperationException If these keys are for use in
+	 * rotation mode
+	 */
+	public boolean isAlice() {
+		if (rootKey == null) throw new UnsupportedOperationException();
+		return alice;
 	}
 }

bramble-api/src/main/java/org/briarproject/bramble/util/LogUtils.java

@@ -1,5 +1,6 @@
 package org.briarproject.bramble.util;
 
+import java.io.File;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
@@ -19,6 +20,7 @@ public class LogUtils {
 
 	/**
 	 * Logs the duration of a task.
+	 *
 	 * @param logger the logger to use
 	 * @param task a description of the task
 	 * @param start the start time of the task, as returned by {@link #now()}
@@ -33,4 +35,26 @@ public class LogUtils {
 	public static void logException(Logger logger, Level level, Throwable t) {
 		if (logger.isLoggable(level)) logger.log(level, t.toString(), t);
 	}
+
+	public static void logFileOrDir(Logger logger, Level level, File f) {
+		if (logger.isLoggable(level)) {
+			if (f.isFile()) {
+				logWithType(logger, level, f, "F");
+			} else if (f.isDirectory()) {
+				logWithType(logger, level, f, "D");
+				File[] children = f.listFiles();
+				if (children != null) {
+					for (File child : children)
+						logFileOrDir(logger, level, child);
+				}
+			} else if (f.exists()) {
+				logWithType(logger, level, f, "?");
+			}
+		}
+	}
+
+	private static void logWithType(Logger logger, Level level, File f,
+			String type) {
+		logger.log(level, type + " " + f.getAbsolutePath() + " " + f.length());
+	}
 }

bramble-api/src/test/java/org/briarproject/bramble/test/TestUtils.java

@@ -5,7 +5,13 @@ import org.briarproject.bramble.api.contact.Contact;
 import org.briarproject.bramble.api.contact.ContactId;
 import org.briarproject.bramble.api.contact.PendingContact;
 import org.briarproject.bramble.api.contact.PendingContactId;
+import org.briarproject.bramble.api.crypto.AgreementPrivateKey;
+import org.briarproject.bramble.api.crypto.AgreementPublicKey;
+import org.briarproject.bramble.api.crypto.PrivateKey;
+import org.briarproject.bramble.api.crypto.PublicKey;
 import org.briarproject.bramble.api.crypto.SecretKey;
+import org.briarproject.bramble.api.crypto.SignaturePrivateKey;
+import org.briarproject.bramble.api.crypto.SignaturePublicKey;
 import org.briarproject.bramble.api.identity.Author;
 import org.briarproject.bramble.api.identity.AuthorId;
 import org.briarproject.bramble.api.identity.Identity;
@@ -30,11 +36,10 @@ import java.util.Random;
 import java.util.concurrent.atomic.AtomicInteger;
 
 import static java.util.Arrays.asList;
-import static org.briarproject.bramble.api.contact.PendingContactState.WAITING_FOR_CONNECTION;
 import static org.briarproject.bramble.api.crypto.CryptoConstants.MAX_AGREEMENT_PUBLIC_KEY_BYTES;
+import static org.briarproject.bramble.api.crypto.CryptoConstants.MAX_SIGNATURE_PUBLIC_KEY_BYTES;
 import static org.briarproject.bramble.api.identity.Author.FORMAT_VERSION;
 import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_AUTHOR_NAME_LENGTH;
-import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_PUBLIC_KEY_LENGTH;
 import static org.briarproject.bramble.api.plugin.TransportId.MAX_TRANSPORT_ID_LENGTH;
 import static org.briarproject.bramble.api.properties.TransportPropertyConstants.MAX_PROPERTY_LENGTH;
 import static org.briarproject.bramble.api.sync.ClientId.MAX_CLIENT_ID_LENGTH;
@@ -101,10 +106,28 @@ public class TestUtils {
 		return new SecretKey(getRandomBytes(SecretKey.LENGTH));
 	}
 
+	public static PublicKey getSignaturePublicKey() {
+		byte[] key = getRandomBytes(MAX_SIGNATURE_PUBLIC_KEY_BYTES);
+		return new SignaturePublicKey(key);
+	}
+
+	public static PrivateKey getSignaturePrivateKey() {
+		return new SignaturePrivateKey(getRandomBytes(123));
+	}
+
+	public static PublicKey getAgreementPublicKey() {
+		byte[] key = getRandomBytes(MAX_AGREEMENT_PUBLIC_KEY_BYTES);
+		return new AgreementPublicKey(key);
+	}
+
+	public static PrivateKey getAgreementPrivateKey() {
+		return new AgreementPrivateKey(getRandomBytes(123));
+	}
+
 	public static Identity getIdentity() {
 		LocalAuthor localAuthor = getLocalAuthor();
-		byte[] handshakePub = getRandomBytes(MAX_AGREEMENT_PUBLIC_KEY_BYTES);
-		byte[] handshakePriv = getRandomBytes(MAX_AGREEMENT_PUBLIC_KEY_BYTES);
+		PublicKey handshakePub = getAgreementPublicKey();
+		PrivateKey handshakePriv = getAgreementPrivateKey();
 		return new Identity(localAuthor, handshakePub, handshakePriv,
 				timestamp);
 	}
@@ -113,8 +136,8 @@ public class TestUtils {
 		AuthorId id = new AuthorId(getRandomId());
 		int nameLength = 1 + random.nextInt(MAX_AUTHOR_NAME_LENGTH);
 		String name = getRandomString(nameLength);
-		byte[] publicKey = getRandomBytes(MAX_PUBLIC_KEY_LENGTH);
-		byte[] privateKey = getRandomBytes(MAX_PUBLIC_KEY_LENGTH);
+		PublicKey publicKey = getSignaturePublicKey();
+		PrivateKey privateKey = getSignaturePrivateKey();
 		return new LocalAuthor(id, FORMAT_VERSION, name, publicKey, privateKey);
 	}
 
@@ -122,7 +145,7 @@ public class TestUtils {
 		AuthorId id = new AuthorId(getRandomId());
 		int nameLength = 1 + random.nextInt(MAX_AUTHOR_NAME_LENGTH);
 		String name = getRandomString(nameLength);
-		byte[] publicKey = getRandomBytes(MAX_PUBLIC_KEY_LENGTH);
+		PublicKey publicKey = getSignaturePublicKey();
 		return new Author(id, FORMAT_VERSION, name, publicKey);
 	}
 
@@ -155,10 +178,9 @@ public class TestUtils {
 
 	public static PendingContact getPendingContact(int nameLength) {
 		PendingContactId id = new PendingContactId(getRandomId());
-		byte[] publicKey = getRandomBytes(MAX_PUBLIC_KEY_LENGTH);
+		PublicKey publicKey = getAgreementPublicKey();
 		String alias = getRandomString(nameLength);
-		return new PendingContact(id, publicKey, alias, WAITING_FOR_CONNECTION,
-				timestamp);
+		return new PendingContact(id, publicKey, alias, timestamp);
 	}
 
 	public static ContactId getContactId() {
@@ -179,7 +201,7 @@ public class TestUtils {
 			boolean verified) {
 		return new Contact(c, remote, local,
 				getRandomString(MAX_AUTHOR_NAME_LENGTH),
-				getRandomBytes(MAX_PUBLIC_KEY_LENGTH), verified);
+				getAgreementPublicKey(), verified);
 	}
 
 	public static double getMedian(Collection<? extends Number> samples) {

bramble-core/src/main/java/org/briarproject/bramble/BrambleCoreEagerSingletons.java

@@ -7,7 +7,7 @@ import org.briarproject.bramble.identity.IdentityModule;
 import org.briarproject.bramble.lifecycle.LifecycleModule;
 import org.briarproject.bramble.plugin.PluginModule;
 import org.briarproject.bramble.properties.PropertiesModule;
-import org.briarproject.bramble.reporting.ReportingModule;
+import org.briarproject.bramble.rendezvous.RendezvousModule;
 import org.briarproject.bramble.sync.validation.ValidationModule;
 import org.briarproject.bramble.system.SystemModule;
 import org.briarproject.bramble.transport.TransportModule;
@@ -29,7 +29,7 @@ public interface BrambleCoreEagerSingletons {
 
 	void inject(PropertiesModule.EagerSingletons init);
 
-	void inject(ReportingModule.EagerSingletons init);
+	void inject(RendezvousModule.EagerSingletons init);
 
 	void inject(SystemModule.EagerSingletons init);
 
@@ -38,4 +38,19 @@ public interface BrambleCoreEagerSingletons {
 	void inject(ValidationModule.EagerSingletons init);
 
 	void inject(VersioningModule.EagerSingletons init);
+
+	default void injectBrambleCoreEagerSingletons() {
+		inject(new ContactModule.EagerSingletons());
+		inject(new CryptoExecutorModule.EagerSingletons());
+		inject(new DatabaseExecutorModule.EagerSingletons());
+		inject(new IdentityModule.EagerSingletons());
+		inject(new LifecycleModule.EagerSingletons());
+		inject(new RendezvousModule.EagerSingletons());
+		inject(new PluginModule.EagerSingletons());
+		inject(new PropertiesModule.EagerSingletons());
+		inject(new SystemModule.EagerSingletons());
+		inject(new TransportModule.EagerSingletons());
+		inject(new ValidationModule.EagerSingletons());
+		inject(new VersioningModule.EagerSingletons());
+	}
 }

bramble-core/src/main/java/org/briarproject/bramble/BrambleCoreModule.java

@@ -15,9 +15,8 @@ import org.briarproject.bramble.plugin.PluginModule;
 import org.briarproject.bramble.properties.PropertiesModule;
 import org.briarproject.bramble.record.RecordModule;
 import org.briarproject.bramble.reliability.ReliabilityModule;
-import org.briarproject.bramble.reporting.ReportingModule;
+import org.briarproject.bramble.rendezvous.RendezvousModule;
 import org.briarproject.bramble.settings.SettingsModule;
-import org.briarproject.bramble.socks.SocksModule;
 import org.briarproject.bramble.sync.SyncModule;
 import org.briarproject.bramble.sync.validation.ValidationModule;
 import org.briarproject.bramble.system.SystemModule;
@@ -42,9 +41,8 @@ import dagger.Module;
 		PropertiesModule.class,
 		RecordModule.class,
 		ReliabilityModule.class,
-		ReportingModule.class,
+		RendezvousModule.class,
 		SettingsModule.class,
-		SocksModule.class,
 		SyncModule.class,
 		SystemModule.class,
 		TransportModule.class,
@@ -54,17 +52,6 @@ import dagger.Module;
 public class BrambleCoreModule {
 
 	public static void initEagerSingletons(BrambleCoreEagerSingletons c) {
-		c.inject(new ContactModule.EagerSingletons());
-		c.inject(new CryptoExecutorModule.EagerSingletons());
-		c.inject(new DatabaseExecutorModule.EagerSingletons());
-		c.inject(new IdentityModule.EagerSingletons());
-		c.inject(new LifecycleModule.EagerSingletons());
-		c.inject(new PluginModule.EagerSingletons());
-		c.inject(new PropertiesModule.EagerSingletons());
-		c.inject(new ReportingModule.EagerSingletons());
-		c.inject(new SystemModule.EagerSingletons());
-		c.inject(new TransportModule.EagerSingletons());
-		c.inject(new ValidationModule.EagerSingletons());
-		c.inject(new VersioningModule.EagerSingletons());
+		c.injectBrambleCoreEagerSingletons();
 	}
 }

bramble-core/src/main/java/org/briarproject/bramble/client/ClientHelperImpl.java

@@ -3,6 +3,9 @@ package org.briarproject.bramble.client;
 import org.briarproject.bramble.api.FormatException;
 import org.briarproject.bramble.api.client.ClientHelper;
 import org.briarproject.bramble.api.crypto.CryptoComponent;
+import org.briarproject.bramble.api.crypto.KeyParser;
+import org.briarproject.bramble.api.crypto.PrivateKey;
+import org.briarproject.bramble.api.crypto.PublicKey;
 import org.briarproject.bramble.api.data.BdfDictionary;
 import org.briarproject.bramble.api.data.BdfList;
 import org.briarproject.bramble.api.data.BdfReader;
@@ -82,14 +85,21 @@ class ClientHelperImpl implements ClientHelper {
 	@Override
 	public void addLocalMessage(Message m, BdfDictionary metadata,
 			boolean shared) throws DbException, FormatException {
-		db.transaction(false, txn -> addLocalMessage(txn, m, metadata, shared));
+		db.transaction(false, txn -> addLocalMessage(txn, m, metadata, shared,
+				false));
 	}
 
 	@Override
 	public void addLocalMessage(Transaction txn, Message m,
-			BdfDictionary metadata, boolean shared)
+			BdfDictionary metadata, boolean shared, boolean temporary)
 			throws DbException, FormatException {
-		db.addLocalMessage(txn, m, metadataEncoder.encode(metadata), shared);
+		db.addLocalMessage(txn, m, metadataEncoder.encode(metadata), shared,
+				temporary);
+	}
+
+	@Override
+	public Message createMessage(GroupId g, long timestamp, byte[] body) {
+		return messageFactory.createMessage(g, timestamp, body);
 	}
 
 	@Override
@@ -305,14 +315,15 @@ class ClientHelperImpl implements ClientHelper {
 	}
 
 	@Override
-	public byte[] sign(String label, BdfList toSign, byte[] privateKey)
+	public byte[] sign(String label, BdfList toSign, PrivateKey privateKey)
 			throws FormatException, GeneralSecurityException {
 		return crypto.sign(label, toByteArray(toSign), privateKey);
 	}
 
 	@Override
 	public void verifySignature(byte[] signature, String label, BdfList signed,
-			byte[] publicKey) throws FormatException, GeneralSecurityException {
+			PublicKey publicKey)
+			throws FormatException, GeneralSecurityException {
 		if (!crypto.verifySignature(signature, label, toByteArray(signed),
 				publicKey)) {
 			throw new GeneralSecurityException("Invalid signature");
@@ -327,11 +338,29 @@ class ClientHelperImpl implements ClientHelper {
 		if (formatVersion != FORMAT_VERSION) throw new FormatException();
 		String name = author.getString(1);
 		checkLength(name, 1, MAX_AUTHOR_NAME_LENGTH);
-		byte[] publicKey = author.getRaw(2);
-		checkLength(publicKey, 1, MAX_PUBLIC_KEY_LENGTH);
+		byte[] publicKeyBytes = author.getRaw(2);
+		checkLength(publicKeyBytes, 1, MAX_PUBLIC_KEY_LENGTH);
+		KeyParser parser = crypto.getSignatureKeyParser();
+		PublicKey publicKey;
+		try {
+			publicKey = parser.parsePublicKey(publicKeyBytes);
+		} catch (GeneralSecurityException e) {
+			throw new FormatException();
+		}
 		return authorFactory.createAuthor(formatVersion, name, publicKey);
 	}
 
+	@Override
+	public PublicKey parseAndValidateAgreementPublicKey(byte[] publicKeyBytes)
+			throws FormatException {
+		KeyParser parser = crypto.getAgreementKeyParser();
+		try {
+			return parser.parsePublicKey(publicKeyBytes);
+		} catch (GeneralSecurityException e) {
+			throw new FormatException();
+		}
+	}
+
 	@Override
 	public TransportProperties parseAndValidateTransportProperties(
 			BdfDictionary properties) throws FormatException {

bramble-core/src/main/java/org/briarproject/bramble/client/ContactGroupFactoryImpl.java

@@ -1,6 +1,5 @@
 package org.briarproject.bramble.client;
 
-import org.briarproject.bramble.api.Bytes;
 import org.briarproject.bramble.api.FormatException;
 import org.briarproject.bramble.api.client.ClientHelper;
 import org.briarproject.bramble.api.client.ContactGroupFactory;
@@ -55,7 +54,7 @@ class ContactGroupFactoryImpl implements ContactGroupFactory {
 
 	private byte[] createGroupDescriptor(AuthorId local, AuthorId remote) {
 		try {
-			if (Bytes.COMPARATOR.compare(local, remote) < 0)
+			if (local.compareTo(remote) < 0)
 				return clientHelper.toByteArray(BdfList.of(local, remote));
 			else return clientHelper.toByteArray(BdfList.of(remote, local));
 		} catch (FormatException e) {

bramble-core/src/main/java/org/briarproject/bramble/contact/ContactExchangeConstants.java

@@ -1,16 +1,6 @@
-package org.briarproject.bramble.api.contact;
+package org.briarproject.bramble.contact;
 
-import org.briarproject.bramble.api.crypto.SecretKey;
-import org.briarproject.bramble.api.identity.LocalAuthor;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.briarproject.bramble.api.plugin.TransportId;
-import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
-
-/**
- * A task for conducting a contact information exchange with a remote peer.
- */
-@NotNullByDefault
-public interface ContactExchangeTask {
+interface ContactExchangeConstants {
 
 	/**
 	 * The current version of the contact exchange protocol.
@@ -39,9 +29,7 @@ public interface ContactExchangeTask {
 	String BOB_NONCE_LABEL = "org.briarproject.bramble.contact/BOB_NONCE";
 
 	/**
-	 * Exchanges contact information with a remote peer.
+	 * Label for signing key binding nonces.
 	 */
-	void startExchange(LocalAuthor localAuthor, SecretKey masterKey,
-			DuplexTransportConnection conn, TransportId transportId,
-			boolean alice);
+	String SIGNING_LABEL = "org.briarproject.briar.contact/EXCHANGE";
 }

bramble-core/src/main/java/org/briarproject/bramble/contact/ContactExchangeCrypto.java

@@ -0,0 +1,35 @@
+package org.briarproject.bramble.contact;
+
+import org.briarproject.bramble.api.crypto.PrivateKey;
+import org.briarproject.bramble.api.crypto.PublicKey;
+import org.briarproject.bramble.api.crypto.SecretKey;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+@NotNullByDefault
+interface ContactExchangeCrypto {
+
+	/**
+	 * Derives the header key for a contact exchange stream from the master key.
+	 *
+	 * @param alice Whether the header key is for the stream sent by Alice
+	 */
+	SecretKey deriveHeaderKey(SecretKey masterKey, boolean alice);
+
+	/**
+	 * Creates and returns a signature that proves ownership of a pseudonym.
+	 *
+	 * @param privateKey The pseudonym's signature private key
+	 * @param alice Whether the pseudonym belongs to Alice
+	 */
+	byte[] sign(PrivateKey privateKey, SecretKey masterKey, boolean alice);
+
+	/**
+	 * Verifies a signature that proves ownership of a pseudonym.
+	 *
+	 * @param publicKey The pseudonym's signature public key
+	 * @param alice Whether the pseudonym belongs to Alice
+	 * @return True if the signature is valid
+	 */
+	boolean verify(PublicKey publicKey, SecretKey masterKey, boolean alice,
+			byte[] signature);
+}