Bump version numbers for 1.2.5 release.

Hide banner of navigation drawer when not enough screen heigth available

See merge request briar/briar!1208

.gitlab-ci.yml

@@ -1,6 +1,11 @@
 image: briar/ci-image-android:latest
 
+stages:
+- test
+- check_reproducibility
+
 test:
+  stage: test
   before_script:
     - set -e
     - export GRADLE_USER_HOME=$PWD/.gradle
@@ -12,7 +17,7 @@ test:
 
   script:
     - ./gradlew --no-daemon -Djava.security.egd=file:/dev/urandom animalSnifferMain animalSnifferTest
-    - ./gradlew --no-daemon -Djava.security.egd=file:/dev/urandom test
+    - ./gradlew --no-daemon -Djava.security.egd=file:/dev/urandom check compileOfficialDebugAndroidTestSources compileScreenshotDebugAndroidTestSources
 
   after_script:
     # these file change every time but should not be cached
@@ -21,6 +26,7 @@ test:
 
 
 test_reproducible:
+  stage: check_reproducibility
   script:
     - "curl -X POST -F token=${RELEASE_CHECK_TOKEN} -F ref=master -F variables[RELEASE_TAG]=${CI_COMMIT_REF_NAME} https://code.briarproject.org/api/v4/projects/61/trigger/pipeline"
   only:

.idea/codeStyles/Project.xml

@@ -1,16 +1,10 @@
 <component name="ProjectCodeStyleConfiguration">
   <code_scheme name="Project" version="173">
-    <option name="RIGHT_MARGIN" value="100" />
     <AndroidXmlCodeStyleSettings>
-      <option name="USE_CUSTOM_SETTINGS" value="true" />
+      <option name="ARRANGEMENT_SETTINGS_MIGRATED_TO_191" value="true" />
     </AndroidXmlCodeStyleSettings>
     <JavaCodeStyleSettings>
       <option name="ANNOTATION_PARAMETER_WRAP" value="1" />
-      <option name="CLASS_COUNT_TO_USE_IMPORT_ON_DEMAND" value="99" />
-      <option name="NAMES_COUNT_TO_USE_IMPORT_ON_DEMAND" value="99" />
-      <option name="PACKAGES_TO_USE_IMPORT_ON_DEMAND">
-        <value />
-      </option>
       <option name="IMPORT_LAYOUT_TABLE">
         <value>
           <package name="android" withSubpackages="true" static="false" />
@@ -77,7 +71,6 @@
       </indentOptions>
     </codeStyleSettings>
     <codeStyleSettings language="XML">
-      <option name="FORCE_REARRANGE_MODE" value="1" />
       <indentOptions>
         <option name="CONTINUATION_INDENT_SIZE" value="4" />
         <option name="USE_TAB_CHARACTER" value="true" />
@@ -90,7 +83,8 @@
               <match>
                 <AND>
                   <NAME>xmlns:android</NAME>
-                  <XML_NAMESPACE>Namespace:</XML_NAMESPACE>
+                  <XML_ATTRIBUTE />
+                  <XML_NAMESPACE>^$</XML_NAMESPACE>
                 </AND>
               </match>
             </rule>
@@ -100,7 +94,8 @@
               <match>
                 <AND>
                   <NAME>xmlns:.*</NAME>
-                  <XML_NAMESPACE>Namespace:</XML_NAMESPACE>
+                  <XML_ATTRIBUTE />
+                  <XML_NAMESPACE>^$</XML_NAMESPACE>
                 </AND>
               </match>
               <order>BY_NAME</order>
@@ -111,6 +106,7 @@
               <match>
                 <AND>
                   <NAME>.*:id</NAME>
+                  <XML_ATTRIBUTE />
                   <XML_NAMESPACE>http://schemas.android.com/apk/res/android</XML_NAMESPACE>
                 </AND>
               </match>
@@ -121,6 +117,7 @@
               <match>
                 <AND>
                   <NAME>.*:name</NAME>
+                  <XML_ATTRIBUTE />
                   <XML_NAMESPACE>http://schemas.android.com/apk/res/android</XML_NAMESPACE>
                 </AND>
               </match>
@@ -131,6 +128,7 @@
               <match>
                 <AND>
                   <NAME>name</NAME>
+                  <XML_ATTRIBUTE />
                   <XML_NAMESPACE>^$</XML_NAMESPACE>
                 </AND>
               </match>
@@ -141,6 +139,7 @@
               <match>
                 <AND>
                   <NAME>style</NAME>
+                  <XML_ATTRIBUTE />
                   <XML_NAMESPACE>^$</XML_NAMESPACE>
                 </AND>
               </match>
@@ -151,6 +150,7 @@
               <match>
                 <AND>
                   <NAME>.*</NAME>
+                  <XML_ATTRIBUTE />
                   <XML_NAMESPACE>^$</XML_NAMESPACE>
                 </AND>
               </match>
@@ -161,64 +161,12 @@
             <rule>
               <match>
                 <AND>
-                  <NAME>.*:layout_width</NAME>
+                  <NAME>.*</NAME>
+                  <XML_ATTRIBUTE />
                   <XML_NAMESPACE>http://schemas.android.com/apk/res/android</XML_NAMESPACE>
                 </AND>
               </match>
-            </rule>
+              <order>ANDROID_ATTRIBUTE_ORDER</order>
-          </section>
-          <section>
-            <rule>
-              <match>
-                <AND>
-                  <NAME>.*:layout_height</NAME>
-                  <XML_NAMESPACE>http://schemas.android.com/apk/res/android</XML_NAMESPACE>
-                </AND>
-              </match>
-            </rule>
-          </section>
-          <section>
-            <rule>
-              <match>
-                <AND>
-                  <NAME>.*:layout_.*</NAME>
-                  <XML_NAMESPACE>http://schemas.android.com/apk/res/android</XML_NAMESPACE>
-                </AND>
-              </match>
-              <order>BY_NAME</order>
-            </rule>
-          </section>
-          <section>
-            <rule>
-              <match>
-                <AND>
-                  <NAME>.*:width</NAME>
-                  <XML_NAMESPACE>http://schemas.android.com/apk/res/android</XML_NAMESPACE>
-                </AND>
-              </match>
-              <order>BY_NAME</order>
-            </rule>
-          </section>
-          <section>
-            <rule>
-              <match>
-                <AND>
-                  <NAME>.*:height</NAME>
-                  <XML_NAMESPACE>http://schemas.android.com/apk/res/android</XML_NAMESPACE>
-                </AND>
-              </match>
-              <order>BY_NAME</order>
-            </rule>
-          </section>
-          <section>
-            <rule>
-              <match>
-                <AND>
-                  <NAME>.*</NAME>
-                  <XML_NAMESPACE>http://schemas.android.com/apk/res/android</XML_NAMESPACE>
-                </AND>
-              </match>
-              <order>BY_NAME</order>
             </rule>
           </section>
           <section>
@@ -226,6 +174,7 @@
               <match>
                 <AND>
                   <NAME>.*</NAME>
+                  <XML_ATTRIBUTE />
                   <XML_NAMESPACE>.*</XML_NAMESPACE>
                 </AND>
               </match>

.idea/runConfigurations/All_in_briar_headless.xml

@@ -1,20 +0,0 @@
-<component name="ProjectRunConfigurationManager">
-  <configuration default="false" name="All in briar-headless" type="AndroidJUnit" factoryName="Android JUnit" nameIsGenerated="true">
-    <module name="briar-headless" />
-    <option name="ALTERNATIVE_JRE_PATH_ENABLED" value="false" />
-    <option name="ALTERNATIVE_JRE_PATH" />
-    <option name="PACKAGE_NAME" value="org.briarproject.briar.headless" />
-    <option name="MAIN_CLASS_NAME" value="" />
-    <option name="METHOD_NAME" value="" />
-    <option name="TEST_OBJECT" value="package" />
-    <option name="VM_PARAMETERS" value="" />
-    <option name="PARAMETERS" value="" />
-    <option name="WORKING_DIRECTORY" value="file://$PROJECT_DIR$/briar-headless" />
-    <option name="PASS_PARENT_ENVS" value="true" />
-    <option name="TEST_SEARCH_SCOPE">
-      <value defaultName="singleModule" />
-    </option>
-    <patterns />
-    <method />
-  </configuration>
-</component>

.idea/runConfigurations/All_tests.xml

@@ -1,30 +1,20 @@
 <component name="ProjectRunConfigurationManager">
   <configuration default="false" name="All tests" type="AndroidJUnit" factoryName="Android JUnit">
-    <extension name="coverage" enabled="false" merge="false" sample_coverage="true" runner="idea" />
     <module name="briar-android" />
-    <option name="ALTERNATIVE_JRE_PATH_ENABLED" value="false" />
-    <option name="ALTERNATIVE_JRE_PATH" />
     <option name="PACKAGE_NAME" value="" />
     <option name="MAIN_CLASS_NAME" value="" />
     <option name="METHOD_NAME" value="" />
     <option name="TEST_OBJECT" value="package" />
-    <option name="VM_PARAMETERS" value="-ea" />
     <option name="PARAMETERS" value="" />
-    <option name="WORKING_DIRECTORY" value="file://$PROJECT_DIR$/briar-android" />
+    <option name="WORKING_DIRECTORY" value="$PROJECT_DIR$/briar-android" />
-    <option name="ENV_VARIABLES" />
+    <method v="2">
-    <option name="PASS_PARENT_ENVS" value="true" />
+      <option name="Android.Gradle.BeforeRunTask" enabled="true" />
-    <option name="TEST_SEARCH_SCOPE">
-      <value defaultName="singleModule" />
-    </option>
-    <envs />
-    <patterns />
-    <method>
       <option name="RunConfigurationTask" enabled="true" run_configuration_name="All tests in bramble-api" run_configuration_type="AndroidJUnit" />
       <option name="RunConfigurationTask" enabled="true" run_configuration_name="All tests in bramble-core" run_configuration_type="AndroidJUnit" />
       <option name="RunConfigurationTask" enabled="true" run_configuration_name="All tests in bramble-android" run_configuration_type="AndroidJUnit" />
       <option name="RunConfigurationTask" enabled="true" run_configuration_name="All tests in bramble-java" run_configuration_type="AndroidJUnit" />
       <option name="RunConfigurationTask" enabled="true" run_configuration_name="All tests in briar-core" run_configuration_type="AndroidJUnit" />
-      <option name="RunConfigurationTask" enabled="true" run_configuration_name="All in briar-headless" run_configuration_type="AndroidJUnit" />
+      <option name="RunConfigurationTask" enabled="true" run_configuration_name="All tests in briar-headless" run_configuration_type="AndroidJUnit" />
     </method>
   </configuration>
 </component>

.idea/runConfigurations/All_tests_in_briar_headless.xml

@@ -0,0 +1,15 @@
+<component name="ProjectRunConfigurationManager">
+  <configuration default="false" name="All tests in briar-headless" type="AndroidJUnit" factoryName="Android JUnit">
+    <module name="briar-headless" />
+    <option name="PACKAGE_NAME" value="org.briarproject.briar.headless" />
+    <option name="MAIN_CLASS_NAME" value="" />
+    <option name="METHOD_NAME" value="" />
+    <option name="TEST_OBJECT" value="package" />
+    <option name="VM_PARAMETERS" />
+    <option name="PARAMETERS" value="" />
+    <option name="WORKING_DIRECTORY" value="$PROJECT_DIR$/briar-headless" />
+    <method v="2">
+      <option name="Android.Gradle.BeforeRunTask" enabled="true" />
+    </method>
+  </configuration>
+</component>

bramble-android/build.gradle

@@ -5,23 +5,31 @@ apply plugin: 'witness'
 apply from: 'witness.gradle'
 
 android {
-	compileSdkVersion 28
+	compileSdkVersion 29
-	buildToolsVersion '28.0.3'
+	buildToolsVersion '29.0.2'
 
 	defaultConfig {
-		minSdkVersion 14
+		minSdkVersion 16
-		targetSdkVersion 26
+		targetSdkVersion 28
-		versionCode 10107
+		versionCode 10205
-		versionName "1.1.7"
+		versionName "1.2.5"
 		consumerProguardFiles 'proguard-rules.txt'
 
-		testInstrumentationRunner "android.support.test.runner.AndroidJUnitRunner"
+		testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
 	}
 
 	compileOptions {
 		sourceCompatibility JavaVersion.VERSION_1_8
 		targetCompatibility JavaVersion.VERSION_1_8
 	}
+
+	lintOptions {
+		// FIXME
+		warning "LintError"
+		warning "InvalidPackage"
+		warning "MissingPermission"
+		warning "InlinedApi", "ObsoleteSdkInt", "Override", "NewApi", "UnusedAttribute"
+	}
 }
 
 configurations {
@@ -30,10 +38,10 @@ configurations {
 
 dependencies {
 	implementation project(path: ':bramble-core', configuration: 'default')
-	tor 'org.briarproject:tor-android:0.3.5.8@zip'
+	tor 'org.briarproject:tor-android:0.3.5.9@zip'
-	tor 'org.briarproject:obfs4proxy-android:0.0.9@zip'
+	tor 'org.briarproject:obfs4proxy-android:0.0.11-2@zip'
 
-	annotationProcessor 'com.google.dagger:dagger-compiler:2.22.1'
+	annotationProcessor 'com.google.dagger:dagger-compiler:2.24'
 
 	compileOnly 'javax.annotation:jsr250-api:1.0'
 
@@ -59,6 +67,8 @@ task unpackTorBinaries {
 		copy {
 			from configurations.tor.collect { zipTree(it) }
 			into torBinariesDir
+			// TODO: Remove after next Tor upgrade, which won't include non-PIE binaries
+			include 'geoip.zip', '*_pie.zip'
 		}
 	}
 	dependsOn cleanTorBinaries

bramble-android/src/main/java/org/briarproject/bramble/BrambleAndroidEagerSingletons.java

@@ -2,10 +2,23 @@ package org.briarproject.bramble;
 
 import org.briarproject.bramble.battery.AndroidBatteryModule;
 import org.briarproject.bramble.network.AndroidNetworkModule;
+import org.briarproject.bramble.reporting.ReportingModule;
 
 public interface BrambleAndroidEagerSingletons {
 
 	void inject(AndroidBatteryModule.EagerSingletons init);
 
 	void inject(AndroidNetworkModule.EagerSingletons init);
+
+	void inject(ReportingModule.EagerSingletons init);
+
+	class Helper {
+
+		public static void injectEagerSingletons(
+				BrambleAndroidEagerSingletons c) {
+			c.inject(new AndroidBatteryModule.EagerSingletons());
+			c.inject(new AndroidNetworkModule.EagerSingletons());
+			c.inject(new ReportingModule.EagerSingletons());
+		}
+	}
 }

bramble-android/src/main/java/org/briarproject/bramble/BrambleAndroidModule.java

@@ -3,6 +3,8 @@ package org.briarproject.bramble;
 import org.briarproject.bramble.battery.AndroidBatteryModule;
 import org.briarproject.bramble.network.AndroidNetworkModule;
 import org.briarproject.bramble.plugin.tor.CircumventionModule;
+import org.briarproject.bramble.reporting.ReportingModule;
+import org.briarproject.bramble.socks.SocksModule;
 import org.briarproject.bramble.system.AndroidSystemModule;
 
 import dagger.Module;
@@ -11,12 +13,9 @@ import dagger.Module;
 		AndroidBatteryModule.class,
 		AndroidNetworkModule.class,
 		AndroidSystemModule.class,
-		CircumventionModule.class
+		CircumventionModule.class,
+		ReportingModule.class,
+		SocksModule.class
 })
 public class BrambleAndroidModule {
-
-	public static void initEagerSingletons(BrambleAndroidEagerSingletons c) {
-		c.inject(new AndroidBatteryModule.EagerSingletons());
-		c.inject(new AndroidNetworkModule.EagerSingletons());
-	}
 }

bramble-android/src/main/java/org/briarproject/bramble/account/AndroidAccountManager.java

@@ -16,6 +16,7 @@ import java.util.Set;
 import java.util.logging.Logger;
 
 import javax.annotation.Nullable;
+import javax.annotation.concurrent.GuardedBy;
 import javax.inject.Inject;
 
 import static android.os.Build.VERSION.SDK_INT;
@@ -29,8 +30,6 @@ class AndroidAccountManager extends AccountManagerImpl
 	private static final Logger LOG =
 			Logger.getLogger(AndroidAccountManager.class.getName());
 
-	private static final String PREF_DB_KEY = "key";
-
 	protected final Context appContext;
 	private final SharedPreferences prefs;
 
@@ -53,36 +52,6 @@ class AndroidAccountManager extends AccountManagerImpl
 		return exists;
 	}
 
-	// Locking: stateChangeLock
-	@Override
-	@Nullable
-	protected String loadEncryptedDatabaseKey() {
-		String key = getDatabaseKeyFromPreferences();
-		if (key == null) key = super.loadEncryptedDatabaseKey();
-		else migrateDatabaseKeyToFile(key);
-		return key;
-	}
-
-	// Locking: stateChangeLock
-	@Nullable
-	private String getDatabaseKeyFromPreferences() {
-		String key = prefs.getString(PREF_DB_KEY, null);
-		if (key == null) LOG.info("No database key in preferences");
-		else LOG.info("Found database key in preferences");
-		return key;
-	}
-
-	// Locking: stateChangeLock
-	private void migrateDatabaseKeyToFile(String key) {
-		if (storeEncryptedDatabaseKey(key)) {
-			if (prefs.edit().remove(PREF_DB_KEY).commit())
-				LOG.info("Database key migrated to file");
-			else LOG.warning("Database key not removed from preferences");
-		} else {
-			LOG.warning("Database key not migrated to file");
-		}
-	}
-
 	@Override
 	public void deleteAccount() {
 		synchronized (stateChangeLock) {
@@ -105,7 +74,7 @@ class AndroidAccountManager extends AccountManagerImpl
 		return PreferenceManager.getDefaultSharedPreferences(appContext);
 	}
 
-	// Locking: stateChangeLock
+	@GuardedBy("stateChangeLock")
 	private void deleteAppData(SharedPreferences... clear) {
 		// Clear and commit shared preferences
 		for (SharedPreferences prefs : clear) {

bramble-android/src/main/java/org/briarproject/bramble/plugin/bluetooth/AndroidBluetoothPlugin.java

@@ -12,8 +12,8 @@ import android.content.IntentFilter;
 import org.briarproject.bramble.api.nullsafety.MethodsNotNullByDefault;
 import org.briarproject.bramble.api.nullsafety.ParametersNotNullByDefault;
 import org.briarproject.bramble.api.plugin.Backoff;
+import org.briarproject.bramble.api.plugin.PluginCallback;
 import org.briarproject.bramble.api.plugin.PluginException;
-import org.briarproject.bramble.api.plugin.duplex.DuplexPluginCallback;
 import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
 import org.briarproject.bramble.api.system.AndroidExecutor;
 import org.briarproject.bramble.api.system.Clock;
@@ -51,6 +51,7 @@ import static android.bluetooth.BluetoothDevice.EXTRA_DEVICE;
 import static java.util.concurrent.TimeUnit.MILLISECONDS;
 import static java.util.logging.Level.INFO;
 import static java.util.logging.Level.WARNING;
+import static java.util.logging.Logger.getLogger;
 import static org.briarproject.bramble.util.PrivacyUtils.scrubMacAddress;
 
 @MethodsNotNullByDefault
@@ -58,7 +59,7 @@ import static org.briarproject.bramble.util.PrivacyUtils.scrubMacAddress;
 class AndroidBluetoothPlugin extends BluetoothPlugin<BluetoothServerSocket> {
 
 	private static final Logger LOG =
-			Logger.getLogger(AndroidBluetoothPlugin.class.getName());
+			getLogger(AndroidBluetoothPlugin.class.getName());
 
 	private static final int MAX_DISCOVERY_MS = 10_000;
 
@@ -75,7 +76,7 @@ class AndroidBluetoothPlugin extends BluetoothPlugin<BluetoothServerSocket> {
 	AndroidBluetoothPlugin(BluetoothConnectionLimiter connectionLimiter,
 			Executor ioExecutor, AndroidExecutor androidExecutor,
 			Context appContext, SecureRandom secureRandom, Clock clock,
-			Backoff backoff, DuplexPluginCallback callback, int maxLatency) {
+			Backoff backoff, PluginCallback callback, int maxLatency) {
 		super(connectionLimiter, ioExecutor, secureRandom, backoff, callback,
 				maxLatency);
 		this.androidExecutor = androidExecutor;

bramble-android/src/main/java/org/briarproject/bramble/plugin/bluetooth/AndroidBluetoothPluginFactory.java

@@ -6,9 +6,9 @@ import org.briarproject.bramble.api.event.EventBus;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.Backoff;
 import org.briarproject.bramble.api.plugin.BackoffFactory;
+import org.briarproject.bramble.api.plugin.PluginCallback;
 import org.briarproject.bramble.api.plugin.TransportId;
 import org.briarproject.bramble.api.plugin.duplex.DuplexPlugin;
-import org.briarproject.bramble.api.plugin.duplex.DuplexPluginCallback;
 import org.briarproject.bramble.api.plugin.duplex.DuplexPluginFactory;
 import org.briarproject.bramble.api.system.AndroidExecutor;
 import org.briarproject.bramble.api.system.Clock;
@@ -61,7 +61,7 @@ public class AndroidBluetoothPluginFactory implements DuplexPluginFactory {
 	}
 
 	@Override
-	public DuplexPlugin createPlugin(DuplexPluginCallback callback) {
+	public DuplexPlugin createPlugin(PluginCallback callback) {
 		BluetoothConnectionLimiter connectionLimiter =
 				new BluetoothConnectionLimiterImpl();
 		Backoff backoff = backoffFactory.createBackoff(MIN_POLLING_INTERVAL,

bramble-android/src/main/java/org/briarproject/bramble/plugin/tcp/AndroidLanTcpPlugin.java

@@ -13,7 +13,7 @@ import org.briarproject.bramble.api.event.EventListener;
 import org.briarproject.bramble.api.network.event.NetworkStatusEvent;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.Backoff;
-import org.briarproject.bramble.api.plugin.duplex.DuplexPluginCallback;
+import org.briarproject.bramble.api.plugin.PluginCallback;
 
 import java.io.IOException;
 import java.net.InetAddress;
@@ -32,17 +32,18 @@ import static android.net.ConnectivityManager.TYPE_WIFI;
 import static android.os.Build.VERSION.SDK_INT;
 import static java.util.Collections.emptyList;
 import static java.util.Collections.singletonList;
+import static java.util.logging.Logger.getLogger;
 
 @NotNullByDefault
 class AndroidLanTcpPlugin extends LanTcpPlugin implements EventListener {
 
+	private static final Logger LOG =
+			getLogger(AndroidLanTcpPlugin.class.getName());
+
 	private static final byte[] WIFI_AP_ADDRESS_BYTES =
 			{(byte) 192, (byte) 168, 43, 1};
 	private static final InetAddress WIFI_AP_ADDRESS;
 
-	private static final Logger LOG =
-			Logger.getLogger(AndroidLanTcpPlugin.class.getName());
-
 	static {
 		try {
 			WIFI_AP_ADDRESS = InetAddress.getByAddress(WIFI_AP_ADDRESS_BYTES);
@@ -60,7 +61,7 @@ class AndroidLanTcpPlugin extends LanTcpPlugin implements EventListener {
 	private volatile SocketFactory socketFactory;
 
 	AndroidLanTcpPlugin(Executor ioExecutor, Context appContext,
-			Backoff backoff, DuplexPluginCallback callback, int maxLatency,
+			Backoff backoff, PluginCallback callback, int maxLatency,
 			int maxIdleTime) {
 		super(ioExecutor, backoff, callback, maxLatency, maxIdleTime);
 		// Don't execute more than one connection status check at a time

bramble-android/src/main/java/org/briarproject/bramble/plugin/tcp/AndroidLanTcpPluginFactory.java

@@ -6,9 +6,9 @@ import org.briarproject.bramble.api.event.EventBus;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.Backoff;
 import org.briarproject.bramble.api.plugin.BackoffFactory;
+import org.briarproject.bramble.api.plugin.PluginCallback;
 import org.briarproject.bramble.api.plugin.TransportId;
 import org.briarproject.bramble.api.plugin.duplex.DuplexPlugin;
-import org.briarproject.bramble.api.plugin.duplex.DuplexPluginCallback;
 import org.briarproject.bramble.api.plugin.duplex.DuplexPluginFactory;
 
 import java.util.concurrent.Executor;
@@ -51,7 +51,7 @@ public class AndroidLanTcpPluginFactory implements DuplexPluginFactory {
 	}
 
 	@Override
-	public DuplexPlugin createPlugin(DuplexPluginCallback callback) {
+	public DuplexPlugin createPlugin(PluginCallback callback) {
 		Backoff backoff = backoffFactory.createBackoff(MIN_POLLING_INTERVAL,
 				MAX_POLLING_INTERVAL, BACKOFF_BASE);
 		AndroidLanTcpPlugin plugin = new AndroidLanTcpPlugin(ioExecutor,

bramble-android/src/main/java/org/briarproject/bramble/plugin/tor/AndroidTorPlugin.java

@@ -11,7 +11,7 @@ import org.briarproject.bramble.api.network.NetworkManager;
 import org.briarproject.bramble.api.nullsafety.MethodsNotNullByDefault;
 import org.briarproject.bramble.api.nullsafety.ParametersNotNullByDefault;
 import org.briarproject.bramble.api.plugin.Backoff;
-import org.briarproject.bramble.api.plugin.duplex.DuplexPluginCallback;
+import org.briarproject.bramble.api.plugin.PluginCallback;
 import org.briarproject.bramble.api.system.Clock;
 import org.briarproject.bramble.api.system.LocationUtils;
 import org.briarproject.bramble.api.system.ResourceProvider;
@@ -41,11 +41,12 @@ class AndroidTorPlugin extends TorPlugin {
 			Clock clock, ResourceProvider resourceProvider,
 			CircumventionProvider circumventionProvider,
 			BatteryManager batteryManager, Backoff backoff,
-			DuplexPluginCallback callback, String architecture, int maxLatency,
+			TorRendezvousCrypto torRendezvousCrypto,
+			PluginCallback callback, String architecture, int maxLatency,
 			int maxIdleTime) {
 		super(ioExecutor, networkManager, locationUtils, torSocketFactory,
 				clock, resourceProvider, circumventionProvider, batteryManager,
-				backoff, callback, architecture, maxLatency, maxIdleTime,
+				backoff, torRendezvousCrypto, callback, architecture, maxLatency, maxIdleTime,
 				appContext.getDir("tor", MODE_PRIVATE));
 		this.appContext = appContext;
 		PowerManager pm = (PowerManager)

bramble-android/src/main/java/org/briarproject/bramble/plugin/tor/AndroidTorPluginFactory.java

@@ -1,7 +1,6 @@
 package org.briarproject.bramble.plugin.tor;
 
 import android.content.Context;
-import android.os.Build;
 
 import org.briarproject.bramble.api.battery.BatteryManager;
 import org.briarproject.bramble.api.event.EventBus;
@@ -9,10 +8,10 @@ import org.briarproject.bramble.api.network.NetworkManager;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.Backoff;
 import org.briarproject.bramble.api.plugin.BackoffFactory;
+import org.briarproject.bramble.api.plugin.PluginCallback;
 import org.briarproject.bramble.api.plugin.TorConstants;
 import org.briarproject.bramble.api.plugin.TransportId;
 import org.briarproject.bramble.api.plugin.duplex.DuplexPlugin;
-import org.briarproject.bramble.api.plugin.duplex.DuplexPluginCallback;
 import org.briarproject.bramble.api.plugin.duplex.DuplexPluginFactory;
 import org.briarproject.bramble.api.system.Clock;
 import org.briarproject.bramble.api.system.LocationUtils;
@@ -84,14 +83,20 @@ public class AndroidTorPluginFactory implements DuplexPluginFactory {
 	}
 
 	@Override
-	public DuplexPlugin createPlugin(DuplexPluginCallback callback) {
+	public DuplexPlugin createPlugin(PluginCallback callback) {
 
 		// Check that we have a Tor binary for this architecture
 		String architecture = null;
 		for (String abi : AndroidUtils.getSupportedArchitectures()) {
-			if (abi.startsWith("x86")) {
+			if (abi.startsWith("x86_64")) {
+				architecture = "x86_64";
+				break;
+			} else if (abi.startsWith("x86")) {
 				architecture = "x86";
 				break;
+			} else if (abi.startsWith("arm64")) {
+				architecture = "arm64";
+				break;
 			} else if (abi.startsWith("armeabi")) {
 				architecture = "arm";
 				break;
@@ -101,15 +106,17 @@ public class AndroidTorPluginFactory implements DuplexPluginFactory {
 			LOG.info("Tor is not supported on this architecture");
 			return null;
 		}
-		// Use position-independent executable for SDK >= 16
+		// Use position-independent executable
-		if (Build.VERSION.SDK_INT >= 16) architecture += "_pie";
+		architecture += "_pie";
 
 		Backoff backoff = backoffFactory.createBackoff(MIN_POLLING_INTERVAL,
 				MAX_POLLING_INTERVAL, BACKOFF_BASE);
+		TorRendezvousCrypto torRendezvousCrypto = new TorRendezvousCryptoImpl();
 		AndroidTorPlugin plugin = new AndroidTorPlugin(ioExecutor, scheduler,
 				appContext, networkManager, locationUtils, torSocketFactory,
 				clock, resourceProvider, circumventionProvider, batteryManager,
-				backoff, callback, architecture, MAX_LATENCY, MAX_IDLE_TIME);
+				backoff, torRendezvousCrypto, callback, architecture,
+				MAX_LATENCY, MAX_IDLE_TIME);
 		eventBus.addListener(plugin);
 		return plugin;
 	}

bramble-android/src/main/java/org/briarproject/bramble/system/AndroidSecureRandomProvider.java

@@ -23,6 +23,7 @@ import javax.annotation.concurrent.Immutable;
 import javax.inject.Inject;
 
 import static android.content.Context.WIFI_SERVICE;
+import static android.os.Build.VERSION.SDK_INT;
 import static android.provider.Settings.Secure.ANDROID_ID;
 
 @Immutable
@@ -74,8 +75,7 @@ class AndroidSecureRandomProvider extends UnixSecureRandomProvider {
 		// Silence strict mode
 		StrictMode.ThreadPolicy tp = StrictMode.allowThreadDiskWrites();
 		super.writeSeed();
-		if (Build.VERSION.SDK_INT >= 16 && Build.VERSION.SDK_INT <= 18)
+		if (SDK_INT <= 18) applyOpenSslFix();
-			applyOpenSslFix();
 		StrictMode.setThreadPolicy(tp);
 	}
 

bramble-android/src/main/java/org/briarproject/bramble/util/AndroidUtils.java

@@ -6,15 +6,25 @@ import android.content.Context;
 import android.os.Build;
 import android.provider.Settings;
 
+import org.briarproject.bramble.api.Pair;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
 import java.io.File;
+import java.lang.reflect.Field;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
 import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.Collection;
 import java.util.List;
 
+import javax.annotation.Nullable;
+
 import static android.content.Context.MODE_PRIVATE;
 import static android.os.Build.VERSION.SDK_INT;
+import static java.util.Arrays.asList;
+import static org.briarproject.bramble.api.nullsafety.NullSafety.requireNonNull;
 
+@NotNullByDefault
 public class AndroidUtils {
 
 	// Fake Bluetooth address returned by BluetoothAdapter on API 23 and later
@@ -22,11 +32,10 @@ public class AndroidUtils {
 
 	private static final String STORED_REPORTS = "dev-reports";
 
-	@SuppressWarnings("deprecation")
 	public static Collection<String> getSupportedArchitectures() {
 		List<String> abis = new ArrayList<>();
 		if (SDK_INT >= 21) {
-			abis.addAll(Arrays.asList(Build.SUPPORTED_ABIS));
+			abis.addAll(asList(Build.SUPPORTED_ABIS));
 		} else {
 			abis.add(Build.CPU_ABI);
 			if (Build.CPU_ABI2 != null) abis.add(Build.CPU_ABI2);
@@ -36,25 +45,76 @@ public class AndroidUtils {
 
 	public static String getBluetoothAddress(Context ctx,
 			BluetoothAdapter adapter) {
+		return getBluetoothAddressAndMethod(ctx, adapter).getFirst();
+	}
+
+	public static Pair<String, String> getBluetoothAddressAndMethod(Context ctx,
+			BluetoothAdapter adapter) {
 		// Return the adapter's address if it's valid and not fake
 		@SuppressLint("HardwareIds")
 		String address = adapter.getAddress();
-		if (isValidBluetoothAddress(address)) return address;
+		if (isValidBluetoothAddress(address)) {
+			return new Pair<>(address, "adapter");
+		}
 		// Return the address from settings if it's valid and not fake
 		address = Settings.Secure.getString(ctx.getContentResolver(),
 				"bluetooth_address");
-		if (isValidBluetoothAddress(address)) return address;
+		if (isValidBluetoothAddress(address)) {
+			return new Pair<>(address, "settings");
+		}
+		// Try to get the address via reflection
+		address = getBluetoothAddressByReflection(adapter);
+		if (isValidBluetoothAddress(address)) {
+			return new Pair<>(requireNonNull(address), "reflection");
+		}
 		// Let the caller know we can't find the address
-		return "";
+		return new Pair<>("", "");
 	}
 
-	private static boolean isValidBluetoothAddress(String address) {
+	private static boolean isValidBluetoothAddress(@Nullable String address) {
 		return !StringUtils.isNullOrEmpty(address)
 				&& BluetoothAdapter.checkBluetoothAddress(address)
 				&& !address.equals(FAKE_BLUETOOTH_ADDRESS);
 	}
 
+	@Nullable
+	private static String getBluetoothAddressByReflection(
+			BluetoothAdapter adapter) {
+		try {
+			Field mServiceField =
+					adapter.getClass().getDeclaredField("mService");
+			mServiceField.setAccessible(true);
+			Object mService = mServiceField.get(adapter);
+			// mService may be null when Bluetooth is disabled
+			if (mService == null) throw new NoSuchFieldException();
+			Method getAddressMethod =
+					mService.getClass().getMethod("getAddress");
+			return (String) getAddressMethod.invoke(mService);
+		} catch (NoSuchFieldException e) {
+			return null;
+		} catch (IllegalAccessException e) {
+			return null;
+		} catch (NoSuchMethodException e) {
+			return null;
+		} catch (InvocationTargetException e) {
+			return null;
+		} catch (SecurityException e) {
+			return null;
+		}
+	}
+
 	public static File getReportDir(Context ctx) {
 		return ctx.getDir(STORED_REPORTS, MODE_PRIVATE);
 	}
+
+	/**
+	 * Returns an array of supported content types for image attachments.
+	 * GIFs can't be compressed on API < 24 so they're not supported.
+	 * <p>
+	 * TODO: Remove this restriction when large message support is added
+	 */
+	public static String[] getSupportedImageContentTypes() {
+		if (SDK_INT < 24) return new String[] {"image/jpeg", "image/png"};
+		else return new String[] {"image/jpeg", "image/png", "image/gif"};
+	}
 }

bramble-android/src/test/java/org/briarproject/bramble/account/AndroidAccountManagerTest.java

@@ -16,13 +16,10 @@ import org.junit.Test;
 
 import java.io.File;
 
-import static junit.framework.Assert.assertEquals;
 import static junit.framework.Assert.assertFalse;
 import static junit.framework.Assert.assertTrue;
 import static org.briarproject.bramble.test.TestUtils.deleteTestDirectory;
-import static org.briarproject.bramble.test.TestUtils.getRandomBytes;
 import static org.briarproject.bramble.test.TestUtils.getTestDirectory;
-import static org.briarproject.bramble.util.StringUtils.toHexString;
 
 public class AndroidAccountManagerTest extends BrambleMockTestCase {
 
@@ -40,11 +37,8 @@ public class AndroidAccountManagerTest extends BrambleMockTestCase {
 	private final Application app;
 	private final ApplicationInfo applicationInfo;
 
-	private final String encryptedKeyHex = toHexString(getRandomBytes(123));
 	private final File testDir = getTestDirectory();
 	private final File keyDir = new File(testDir, "key");
-	private final File keyFile = new File(keyDir, "db.key");
-	private final File keyBackupFile = new File(keyDir, "db.key.bak");
 	private final File dbDir = new File(testDir, "db");
 
 	private AndroidAccountManager accountManager;
@@ -75,29 +69,6 @@ public class AndroidAccountManagerTest extends BrambleMockTestCase {
 		};
 	}
 
-	@Test
-	public void testDbKeyIsMigratedFromPreferencesToFile() {
-		context.checking(new Expectations() {{
-			oneOf(prefs).getString("key", null);
-			will(returnValue(encryptedKeyHex));
-			oneOf(prefs).edit();
-			will(returnValue(editor));
-			oneOf(editor).remove("key");
-			will(returnValue(editor));
-			oneOf(editor).commit();
-			will(returnValue(true));
-		}});
-
-		assertFalse(keyFile.exists());
-		assertFalse(keyBackupFile.exists());
-
-		assertEquals(encryptedKeyHex,
-				accountManager.loadEncryptedDatabaseKey());
-
-		assertTrue(keyFile.exists());
-		assertTrue(keyBackupFile.exists());
-	}
-
 	@Test
 	public void testDeleteAccountClearsSharedPrefsAndDeletesFiles()
 			throws Exception {

bramble-android/witness.gradle

@@ -1,44 +1,46 @@
 dependencyVerification {
     verify = [
         'cglib:cglib:3.2.0:cglib-3.2.0.jar:adb13bab79712ad6bdf1bd59f2a3918018a8016e722e8a357065afb9e6690861',
-        'com.android.tools.analytics-library:protos:26.4.0:protos-26.4.0.jar:ad760915586797d39319f402837b378bff3bb4ed583e3e0c48c965631fb2135f',
+        'com.android.tools.analytics-library:protos:26.5.1:protos-26.5.1.jar:8dde1130725461fe827f2a343d353f2b51e8870661fc860d7d5ebddb097ead4e',
-        'com.android.tools.analytics-library:shared:26.4.0:shared-26.4.0.jar:1332106a905d48909c81268c9e414946de3e83487db394c6073b0a9b5c3d0ed2',
+        'com.android.tools.analytics-library:shared:26.5.1:shared-26.5.1.jar:ccc2f3b00ec17b11401610ba68553544fc8fc517120e84439ac6eb86b875e18d',
-        'com.android.tools.analytics-library:tracker:26.4.0:tracker-26.4.0.jar:d0020cfbfd4cd75935f2972d6a24089840d4a10df6f3ef2a796093217dd37796',
+        'com.android.tools.analytics-library:tracker:26.5.1:tracker-26.5.1.jar:3a76984c0fe2e847ca7a8b35b4780ef0447a9d1666946cb8e60466318e0ab5ae',
-        'com.android.tools.build:apksig:3.4.0:apksig-3.4.0.jar:91d5a1866139c69756280355a6f61b4d619d0516841580114f45a10f2177327e',
+        'com.android.tools.build:aapt2-proto:0.4.0:aapt2-proto-0.4.0.jar:fac0435e08898f89eeeb9ca236bea707155ff816c12205ced285ad53604133ca',
-        'com.android.tools.build:apkzlib:3.4.0:apkzlib-3.4.0.jar:8653c85f5fdf1dde840e8b8af7396aeb79c34b66e541b5860059616006535592',
+        'com.android.tools.build:apksig:3.5.1:apksig-3.5.1.jar:1fd33e7f009a2a0da766cfeec4211a09f548034b015c289a66d75dd8a9302f4a',
-        'com.android.tools.build:builder-model:3.4.0:builder-model-3.4.0.jar:a88f138124a9f016a70bcb4760359a502f65c7deed56507ee4014f4dd9ea853b',
+        'com.android.tools.build:apkzlib:3.5.1:apkzlib-3.5.1.jar:9f330167cbe973b7db407692f74f4f6453b7ffa5f2048934b06280c2ceee60fa',
-        'com.android.tools.build:builder-test-api:3.4.0:builder-test-api-3.4.0.jar:31089ab1ec19ca7687a010867d2f3807513c805b8226979706f4247b5d4df26f',
+        'com.android.tools.build:builder-model:3.5.1:builder-model-3.5.1.jar:39ea3c82b76b6e0c9f9fa88d93e0edc1dd4a0f1dfae0ef6fbf2d451da47e5450',
-        'com.android.tools.build:builder:3.4.0:builder-3.4.0.jar:476221b5203a7f50089bf185ed95000a34b6f5020ef0a17815afd58606922679',
+        'com.android.tools.build:builder-test-api:3.5.1:builder-test-api-3.5.1.jar:a1b59305584cbcaa078fdc9cfb80871012755b822dd32e8da19add6f7bbcb762',
-        'com.android.tools.build:gradle-api:3.4.0:gradle-api-3.4.0.jar:215eca38f6719213c2f492b4d622cdd11676c66c9871f8a2aed0c66d00175628',
+        'com.android.tools.build:builder:3.5.1:builder-3.5.1.jar:e3a8d382434c5f60990730c4719fc814e85a898a33a1e96c1df8d627d3c6eea6',
-        'com.android.tools.build:manifest-merger:26.4.0:manifest-merger-26.4.0.jar:29e45e690dedd165035e97c21c2ca94d0bd4ec16b6b210daa26669a582b6f220',
+        'com.android.tools.build:gradle-api:3.5.1:gradle-api-3.5.1.jar:be9b41859bace11998f66b04ed944f87e413f3ad6da3c4665587699da125addc',
-        'com.android.tools.ddms:ddmlib:26.4.0:ddmlib-26.4.0.jar:93f56fe4630c3166adbd6c51d7bb602d96abb91b07ba5b1165fdcd071e88c940',
+        'com.android.tools.build:manifest-merger:26.5.1:manifest-merger-26.5.1.jar:dcad9ecb967251f4d750f55a4204a2b400e8fbfe5cb930a1d0d5dbe10ae8bdfc',
-        'com.android.tools.external.com-intellij:intellij-core:26.4.0:intellij-core-26.4.0.jar:30cb0e879d4424de9677a50b537fb628636b4a50f5470af5e52437980c41421f',
+        'com.android.tools.ddms:ddmlib:26.5.1:ddmlib-26.5.1.jar:b081aef2a4ed3f4d47cae4cdb128469735f25a114e026d37123bf9ffdec742a8',
-        'com.android.tools.external.com-intellij:kotlin-compiler:26.4.0:kotlin-compiler-26.4.0.jar:dd1fe225c31a0e012dc025336363a5b783e2c5c20ffb69e77f8f57e89420d998',
+        'com.android.tools.external.com-intellij:intellij-core:26.5.1:intellij-core-26.5.1.jar:20eced30adc124805bd93488d9cd9d3e33e6bf7b48e9fe5a703d4983f894d450',
-        'com.android.tools.external.org-jetbrains:uast:26.4.0:uast-26.4.0.jar:f25f3285b775a983327583ff6584dea54e447813ef69e0ce08b05a45b5f4aab0',
+        'com.android.tools.external.com-intellij:kotlin-compiler:26.5.1:kotlin-compiler-26.5.1.jar:5aed762dd54875b77ae7018d97c05756ff0c5b9fd02ec595dd396ccd14cc22cb',
-        'com.android.tools.layoutlib:layoutlib-api:26.4.0:layoutlib-api-26.4.0.jar:52128f5cf293b224072be361919bfd416e59480ab7264ddcdbbf046b0d7a12e3',
+        'com.android.tools.external.org-jetbrains:uast:26.5.1:uast-26.5.1.jar:4bc8653d6c0943f40fee963a149e36c6baa45683d2530968a13f5007e3c40740',
-        'com.android.tools.lint:lint-api:26.4.0:lint-api-26.4.0.jar:fdb8fca8ae4c254f438338d03d72605e00ed106f2d5550405af41ca1c8509401',
+        'com.android.tools.layoutlib:layoutlib-api:26.5.1:layoutlib-api-26.5.1.jar:88732f11396c427273e515d23042e35633f4fe4295528a99b866aa2adf0efd9c',
-        'com.android.tools.lint:lint-checks:26.4.0:lint-checks-26.4.0.jar:4ff52d40488cd3e22b9c6b2eb67784e0c3269d0b42ef9d17689cd75a7b2bceb4',
+        'com.android.tools.lint:lint-api:26.5.1:lint-api-26.5.1.jar:ec33fcd72bfaf70dd841e03fbfd93f109c2e575aec146067c606689c3972f0de',
-        'com.android.tools.lint:lint-gradle-api:26.4.0:lint-gradle-api-26.4.0.jar:714b7a85c7d2aa10daeab16e969fe7530c659d0728a7f24021da456870418d0f',
+        'com.android.tools.lint:lint-checks:26.5.1:lint-checks-26.5.1.jar:a1b9607d484aaae7a71dcecdc76f8003d8239af226c776894a2cf63f9e6c60d7',
-        'com.android.tools.lint:lint-gradle:26.4.0:lint-gradle-26.4.0.jar:b8c130d273f522388734457e1b96790f41528fcec6fda9e8eaa4e4d95a07cfbb',
+        'com.android.tools.lint:lint-gradle-api:26.5.1:lint-gradle-api-26.5.1.jar:82453fd98a8394cc84ed995c04d2cd744abd1d6589403427ba7eef53115406f3',
-        'com.android.tools.lint:lint:26.4.0:lint-26.4.0.jar:83aa062fb0405b60ed358d858c8c2955e1bae44a455b498068c6a60988755f00',
+        'com.android.tools.lint:lint-gradle:26.5.1:lint-gradle-26.5.1.jar:59465b56cf7db77c656d5f8195d721c3d48b6bdd0502d774de335bfe4baff00b',
-        'com.android.tools:annotations:26.4.0:annotations-26.4.0.jar:a7955b8e19c3a2a861d6faa43a58b7c0d46ea9112188ee3e235c6f9f439ecc1a',
+        'com.android.tools.lint:lint:26.5.1:lint-26.5.1.jar:336e4b04ec6f8b0f25879131b7a7862d77df83a1879ee5b71be26128755f8e2e',
-        'com.android.tools:common:26.4.0:common-26.4.0.jar:ea40b94b3c1284ea7700f011388e2906a8363a66abd902891722b3c557984852',
+        'com.android.tools:annotations:26.5.1:annotations-26.5.1.jar:2c43c82f8c59d8f7a61e3239e1a2dc9f69dc342ec09af9b7c9f69b25337c0b6e',
-        'com.android.tools:dvlib:26.4.0:dvlib-26.4.0.jar:23af89c535b01ba36ceed1b6b309b672814eba624e643cd7dedf0519edad50cc',
+        'com.android.tools:common:26.5.1:common-26.5.1.jar:eccfa54486ed54c4e3123cc42195d023bd0dd21bcd2f0e4868e8c6fc70f8ef6b',
-        'com.android.tools:repository:26.4.0:repository-26.4.0.jar:3d1763ab46199374dc6d94129bba11c70f1d5857e2c81a3ac4898abca40b176b',
+        'com.android.tools:dvlib:26.5.1:dvlib-26.5.1.jar:46f93ad498b4756e7d867d2fe38c38890a80e7407a4ae459e4a8c8d5c5aeacfe',
-        'com.android.tools:sdk-common:26.4.0:sdk-common-26.4.0.jar:78a522525b30ffc6b7bf1299c831d24ce385f68a9f4878f8f752e9baefa31b0f',
+        'com.android.tools:repository:26.5.1:repository-26.5.1.jar:2b3ee791aa4c3e8ce60498c161a27ca7228816fc630eed4d9f25f2f36a106dce',
-        'com.android.tools:sdklib:26.4.0:sdklib-26.4.0.jar:b854c23892013a326d761cf071c72cf3e038ed0469d10f4a356829fa56e4c132',
+        'com.android.tools:sdk-common:26.5.1:sdk-common-26.5.1.jar:365f749676c3574676fd465177c8a492f340816db2b520d6ed114d3b6e77bea7',
-        'com.google.code.findbugs:jsr305:1.3.9:jsr305-1.3.9.jar:905721a0eea90a81534abb7ee6ef4ea2e5e645fa1def0a5cd88402df1b46c9ed',
+        'com.android.tools:sdklib:26.5.1:sdklib-26.5.1.jar:007da104afb27c8c682a1628023fe9ec438249c8d15ef0fd6624c5bb8e23b696',
         'com.google.code.findbugs:jsr305:3.0.2:jsr305-3.0.2.jar:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7',
-        'com.google.code.gson:gson:2.8.0:gson-2.8.0.jar:c6221763bd79c4f1c3dc7f750b5f29a0bb38b367b81314c4f71896e340c40825',
+        'com.google.code.gson:gson:2.8.5:gson-2.8.5.jar:233a0149fc365c9f6edbd683cfe266b19bdc773be98eabdaf6b3c924b48e7d81',
-        'com.google.dagger:dagger-compiler:2.22.1:dagger-compiler-2.22.1.jar:e5f28302cbe70a79d3620cddebfb8ec0736814f3980ffe1e673bfe3342f507d3',
+        'com.google.dagger:dagger-compiler:2.24:dagger-compiler-2.24.jar:3c5afb955fb188da485cb2c048eff37dce0e1530b9780a0f2f7187d16d1ccc1f',
-        'com.google.dagger:dagger-producers:2.22.1:dagger-producers-2.22.1.jar:f834a0082014213a68ff06a0f048d750178d02196c58b0b15beb367d32b97e35',
+        'com.google.dagger:dagger-producers:2.24:dagger-producers-2.24.jar:f10f45b95191954d5d6b043fca9e62fb621d21bf70634b8f8476c7988b504c3a',
-        'com.google.dagger:dagger-spi:2.22.1:dagger-spi-2.22.1.jar:4b0b922793b3bcb91b99fabb75dba77c68afd7ae4c5f0c4fd6ba681f0a291c7d',
+        'com.google.dagger:dagger-spi:2.24:dagger-spi-2.24.jar:c038445d14dbcb4054e61bf49e05009edf26fce4fdc7ec1a9db544784f68e718',
-        'com.google.dagger:dagger:2.22.1:dagger-2.22.1.jar:329d4340f24c4f5717af016c097e90668bfea2a5376e6aa9964b01cef3fd241a',
+        'com.google.dagger:dagger:2.24:dagger-2.24.jar:550a6e46a6dfcdf1d764887b6090cea94f783327e50e5c73754f18facfc70b64',
-        'com.google.errorprone:error_prone_annotations:2.1.3:error_prone_annotations-2.1.3.jar:03d0329547c13da9e17c634d1049ea2ead093925e290567e1a364fd6b1fc7ff8',
+        'com.google.errorprone:error_prone_annotations:2.2.0:error_prone_annotations-2.2.0.jar:6ebd22ca1b9d8ec06d41de8d64e0596981d9607b42035f9ed374f9de271a481a',
         'com.google.errorprone:javac-shaded:9-dev-r4023-3:javac-shaded-9-dev-r4023-3.jar:65bfccf60986c47fbc17c9ebab0be626afc41741e0a6ec7109e0768817a36f30',
         'com.google.googlejavaformat:google-java-format:1.5:google-java-format-1.5.jar:aa19ad7850fb85178aa22f2fddb163b84d6ce4d0035872f30d4408195ca1144e',
-        'com.google.guava:guava:25.0-jre:guava-25.0-jre.jar:3fd4341776428c7e0e5c18a7c10de129475b69ab9d30aeafbb5c277bb6074fa9',
+        'com.google.guava:failureaccess:1.0.1:failureaccess-1.0.1.jar:a171ee4c734dd2da837e4b16be9df4661afab72a41adaf31eb84dfdaf936ca26',
-        'com.google.guava:guava:26.0-jre:guava-26.0-jre.jar:a0e9cabad665bc20bcd2b01f108e5fc03f756e13aea80abaadb9f407033bea2c',
+        'com.google.guava:guava:27.0.1-jre:guava-27.0.1-jre.jar:e1c814fd04492a27c38e0317eabeaa1b3e950ec8010239e400fe90ad6c9107b4',
+        'com.google.guava:guava:27.1-jre:guava-27.1-jre.jar:4a5aa70cc968a4d137e599ad37553e5cfeed2265e8c193476d7119036c536fe7',
+        'com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava:listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar:b372a037d4230aa57fbeffdef30fd6123f9c0c2db85d0aced00c91b974f33f99',
         'com.google.j2objc:j2objc-annotations:1.1:j2objc-annotations-1.1.jar:2994a7eb78f2710bd3d3bfb639b2c94e219cedac0d4d084d516e78c16dddecf6',
         'com.google.jimfs:jimfs:1.1:jimfs-1.1.jar:c4828e28d7c0a930af9387510b3bada7daa5c04d7c25a75c7b8b081f1c257ddd',
         'com.google.protobuf:protobuf-java:3.4.0:protobuf-java-3.4.0.jar:dce7e66b32456a1b1198da0caff3a8acb71548658391e798c79369241e6490a4',
@@ -55,6 +57,7 @@ dependencyVerification {
         'javax.inject:javax.inject:1:javax.inject-1.jar:91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff',
         'javax.xml.bind:jaxb-api:2.2.12-b140109.1041:jaxb-api-2.2.12-b140109.1041.jar:b5e60cd8b7b5ff01ce4a74c5dd008f4fbd14ced3495d0b47b85cfedc182211f2',
         'junit:junit:4.12:junit-4.12.jar:59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a',
+        'net.ltgt.gradle.incap:incap:0.2:incap-0.2.jar:b625b9806b0f1e4bc7a2e3457119488de3cd57ea20feedd513db070a573a4ffd',
         'net.sf.jopt-simple:jopt-simple:4.9:jopt-simple-4.9.jar:26c5856e954b5f864db76f13b86919b59c6eecf9fd930b96baa8884626baf2f5',
         'net.sf.kxml:kxml2:2.3.0:kxml2-2.3.0.jar:f264dd9f79a1fde10ce5ecc53221eff24be4c9331c830b7d52f2f08a7b633de2',
         'org.apache.ant:ant-launcher:1.9.4:ant-launcher-1.9.4.jar:7bccea20b41801ca17bcbc909a78c835d0f443f12d639c77bd6ae3d05861608d',
@@ -66,22 +69,22 @@ dependencyVerification {
         'org.beanshell:bsh:1.3.0:bsh-1.3.0.jar:9b04edc75d19db54f1b4e8b5355e9364384c6cf71eb0a1b9724c159d779879f8',
         'org.bouncycastle:bcpkix-jdk15on:1.56:bcpkix-jdk15on-1.56.jar:7043dee4e9e7175e93e0b36f45b1ec1ecb893c5f755667e8b916eb8dd201c6ca',
         'org.bouncycastle:bcprov-jdk15on:1.56:bcprov-jdk15on-1.56.jar:963e1ee14f808ffb99897d848ddcdb28fa91ddda867eb18d303e82728f878349',
-        'org.briarproject:obfs4proxy-android:0.0.9:obfs4proxy-android-0.0.9.zip:9b7e9181535ea8d8bbe8ae6338e08cf4c5fc1e357a779393e0ce49586d459ae0',
+        'org.briarproject:obfs4proxy-android:0.0.11-2:obfs4proxy-android-0.0.11-2.zip:57e55cbe87aa2aac210fdbb6cd8cdeafe15f825406a08ebf77a8b787aa2c6a8a',
-        'org.briarproject:tor-android:0.3.5.8:tor-android-0.3.5.8.zip:42a13a6f185be1a62f42e3f30ce66a3c099ac5ec890a65e7593111b65b44a54a',
+        'org.briarproject:tor-android:0.3.5.9:tor-android-0.3.5.9.zip:853b0440feccd6904bd03e6b2de53a62ebcde1d58068beeadc447a7dff950bc8',
         'org.checkerframework:checker-compat-qual:2.5.3:checker-compat-qual-2.5.3.jar:d76b9afea61c7c082908023f0cbc1427fab9abd2df915c8b8a3e7a509bccbc6d',
         'org.checkerframework:checker-qual:2.5.2:checker-qual-2.5.2.jar:64b02691c8b9d4e7700f8ee2e742dce7ea2c6e81e662b7522c9ee3bf568c040a',
         'org.codehaus.groovy:groovy-all:2.4.15:groovy-all-2.4.15.jar:51d6c4e71782e85674239189499854359d380fb75e1a703756e3aaa5b98a5af0',
-        'org.codehaus.mojo:animal-sniffer-annotations:1.14:animal-sniffer-annotations-1.14.jar:2068320bd6bad744c3673ab048f67e30bef8f518996fa380033556600669905d',
+        'org.codehaus.mojo:animal-sniffer-annotations:1.17:animal-sniffer-annotations-1.17.jar:92654f493ecfec52082e76354f0ebf87648dc3d5cec2e3c3cdb947c016747a53',
         'org.glassfish.jaxb:jaxb-core:2.2.11:jaxb-core-2.2.11.jar:37bcaee8ebb04362c8352a5bf6221b86967ecdab5164c696b10b9a2bb587b2aa',
         'org.glassfish.jaxb:jaxb-runtime:2.2.11:jaxb-runtime-2.2.11.jar:a874f2351cfba8e2946be3002d10c18a6da8f21b52ba2acf52f2b85d5520ed70',
         'org.glassfish.jaxb:txw2:2.2.11:txw2-2.2.11.jar:272a3ccad45a4511351920cd2a8633c53cab8d5220c7a92954da5526bb5eafea',
         'org.hamcrest:hamcrest-core:1.3:hamcrest-core-1.3.jar:66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9',
         'org.hamcrest:hamcrest-library:1.3:hamcrest-library-1.3.jar:711d64522f9ec410983bd310934296da134be4254a125080a0416ec178dfad1c',
-        'org.jetbrains.kotlin:kotlin-reflect:1.3.21:kotlin-reflect-1.3.21.jar:a3065c822633191e0a3e3ee12a29bec234fc4b2864a6bb87ef48cce3e9e0c26a',
+        'org.jetbrains.kotlin:kotlin-reflect:1.3.50:kotlin-reflect-1.3.50.jar:64583199ea5a54aefd1bd1595288925f784226ee562d1dd279011c6075b3d7a4',
-        'org.jetbrains.kotlin:kotlin-stdlib-common:1.3.21:kotlin-stdlib-common-1.3.21.jar:cea61f7b611895e64f58569a9757fc0ab0d582f107211e1930e0ce2a0add52a7',
+        'org.jetbrains.kotlin:kotlin-stdlib-common:1.3.50:kotlin-stdlib-common-1.3.50.jar:8ce678e88e4ba018b66dacecf952471e4d7dfee156a8a819760a5a5ff29d323c',
-        'org.jetbrains.kotlin:kotlin-stdlib-jdk7:1.3.21:kotlin-stdlib-jdk7-1.3.21.jar:a87875604fd42140da6938ae4d35ee61081f4482536efc6d2615b8b626a198af',
+        'org.jetbrains.kotlin:kotlin-stdlib-jdk7:1.3.50:kotlin-stdlib-jdk7-1.3.50.jar:9a026639e76212f8d57b86d55b075394c2e009f1979110751d34c05c5f75d57b',
-        'org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.3.21:kotlin-stdlib-jdk8-1.3.21.jar:5823ed66ac122a1c55442ebca5a209a843ccd87f562edc31a787f3d2e47f74d4',
+        'org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.3.50:kotlin-stdlib-jdk8-1.3.50.jar:1b351fb6e09c14b55525c74c1f4cf48942eae43c348b7bc764a5e6e423d4da0c',
-        'org.jetbrains.kotlin:kotlin-stdlib:1.3.21:kotlin-stdlib-1.3.21.jar:38ba2370d9f06f50433e06b2ca775b94473c2e2785f410926079ab793c72b034',
+        'org.jetbrains.kotlin:kotlin-stdlib:1.3.50:kotlin-stdlib-1.3.50.jar:e6f05746ee0366d0b52825a090fac474dcf44082c9083bbb205bd16976488d6c',
         'org.jetbrains.trove4j:trove4j:20160824:trove4j-20160824.jar:1917871c8deb468307a584680c87a44572f5a8b0b98c6d397fc0f5f86596dbe7',
         'org.jetbrains:annotations:13.0:annotations-13.0.jar:ace2a10dc8e2d5fd34925ecac03e4988b2c0f851650c94b8cef49ba1bd111478',
         'org.jmock:jmock-junit4:2.8.2:jmock-junit4-2.8.2.jar:f7ee4df4f7bd7b7f1cafad3b99eb74d579f109d5992ff625347352edb55e674c',

bramble-api/build.gradle

@@ -7,7 +7,7 @@ apply plugin: 'witness'
 apply from: 'witness.gradle'
 
 dependencies {
-	implementation "com.google.dagger:dagger:2.22.1"
+	implementation "com.google.dagger:dagger:2.24"
 	implementation 'com.google.code.findbugs:jsr305:3.0.2'
 
 	testImplementation 'junit:junit:4.12'

bramble-api/src/main/java/org/briarproject/bramble/api/Bytes.java

@@ -4,7 +4,6 @@ import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.util.StringUtils;
 
 import java.util.Arrays;
-import java.util.Comparator;
 
 import javax.annotation.Nullable;
 import javax.annotation.concurrent.ThreadSafe;
@@ -16,8 +15,6 @@ import javax.annotation.concurrent.ThreadSafe;
 @NotNullByDefault
 public class Bytes implements Comparable<Bytes> {
 
-	public static final BytesComparator COMPARATOR = new BytesComparator();
-
 	private final byte[] bytes;
 
 	private int hashCode = -1;
@@ -45,14 +42,7 @@ public class Bytes implements Comparable<Bytes> {
 
 	@Override
 	public int compareTo(Bytes other) {
-		byte[] aBytes = bytes, bBytes = other.bytes;
+		return compare(bytes, other.bytes);
-		int length = Math.min(aBytes.length, bBytes.length);
-		for (int i = 0; i < length; i++) {
-			int aUnsigned = aBytes[i] & 0xFF, bUnsigned = bBytes[i] & 0xFF;
-			if (aUnsigned < bUnsigned) return -1;
-			if (aUnsigned > bUnsigned) return 1;
-		}
-		return aBytes.length - bBytes.length;
 	}
 
 	@Override
@@ -61,11 +51,13 @@ public class Bytes implements Comparable<Bytes> {
 				"(" + StringUtils.toHexString(getBytes()) + ")";
 	}
 
-	public static class BytesComparator implements Comparator<Bytes> {
+	public static int compare(byte[] a, byte[] b) {
-
+		int length = Math.min(a.length, b.length);
-		@Override
+		for (int i = 0; i < length; i++) {
-		public int compare(Bytes a, Bytes b) {
+			int aUnsigned = a[i] & 0xFF, bUnsigned = b[i] & 0xFF;
-			return a.compareTo(b);
+			if (aUnsigned < bUnsigned) return -1;
+			if (aUnsigned > bUnsigned) return 1;
 		}
+		return a.length - b.length;
 	}
 }

bramble-api/src/main/java/org/briarproject/bramble/api/FeatureFlags.java

@@ -0,0 +1,9 @@
+package org.briarproject.bramble.api;
+
+/**
+ * Interface for specifying which features are enabled in a build.
+ */
+public interface FeatureFlags {
+
+	boolean shouldEnableImageAttachments();
+}

bramble-api/src/main/java/org/briarproject/bramble/api/Predicate.java

@@ -0,0 +1,9 @@
+package org.briarproject.bramble.api;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+@NotNullByDefault
+public interface Predicate<T> {
+
+	boolean test(T t);
+}

bramble-api/src/main/java/org/briarproject/bramble/api/client/ClientHelper.java

@@ -25,7 +25,10 @@ public interface ClientHelper {
 			throws DbException, FormatException;
 
 	void addLocalMessage(Transaction txn, Message m, BdfDictionary metadata,
-			boolean shared) throws DbException, FormatException;
+			boolean shared, boolean temporary)
+			throws DbException, FormatException;
+
+	Message createMessage(GroupId g, long timestamp, byte[] body);
 
 	Message createMessage(GroupId g, long timestamp, BdfList body)
 			throws FormatException;
@@ -108,7 +111,7 @@ public interface ClientHelper {
 	Author parseAndValidateAuthor(BdfList author) throws FormatException;
 
 	PublicKey parseAndValidateAgreementPublicKey(byte[] publicKeyBytes)
-		throws FormatException;
+			throws FormatException;
 
 	TransportProperties parseAndValidateTransportProperties(
 			BdfDictionary properties) throws FormatException;

bramble-api/src/main/java/org/briarproject/bramble/api/contact/ContactExchangeManager.java

@@ -0,0 +1,37 @@
+package org.briarproject.bramble.api.contact;
+
+import org.briarproject.bramble.api.crypto.SecretKey;
+import org.briarproject.bramble.api.db.ContactExistsException;
+import org.briarproject.bramble.api.db.DbException;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
+
+import java.io.IOException;
+
+@NotNullByDefault
+public interface ContactExchangeManager {
+
+	/**
+	 * Exchanges contact information with a remote peer and adds the peer
+	 * as a contact.
+	 *
+	 * @param alice Whether the local peer takes the role of Alice
+	 * @return The newly added contact
+	 * @throws ContactExistsException If the contact already exists
+	 */
+	Contact exchangeContacts(DuplexTransportConnection conn,
+			SecretKey masterKey, boolean alice, boolean verified)
+			throws IOException, DbException;
+
+	/**
+	 * Exchanges contact information with a remote peer and adds the peer
+	 * as a contact, replacing the given pending contact.
+	 *
+	 * @param alice Whether the local peer takes the role of Alice
+	 * @return The newly added contact
+	 * @throws ContactExistsException If the contact already exists
+	 */
+	Contact exchangeContacts(PendingContactId p, DuplexTransportConnection conn,
+			SecretKey masterKey, boolean alice, boolean verified)
+			throws IOException, DbException;
+}

bramble-api/src/main/java/org/briarproject/bramble/api/contact/ContactManager.java

@@ -1,10 +1,13 @@
 package org.briarproject.bramble.api.contact;
 
 import org.briarproject.bramble.api.FormatException;
+import org.briarproject.bramble.api.Pair;
 import org.briarproject.bramble.api.UnsupportedVersionException;
 import org.briarproject.bramble.api.crypto.SecretKey;
+import org.briarproject.bramble.api.db.ContactExistsException;
 import org.briarproject.bramble.api.db.DbException;
 import org.briarproject.bramble.api.db.NoSuchContactException;
+import org.briarproject.bramble.api.db.PendingContactExistsException;
 import org.briarproject.bramble.api.db.Transaction;
 import org.briarproject.bramble.api.identity.Author;
 import org.briarproject.bramble.api.identity.AuthorId;
@@ -12,6 +15,7 @@ import org.briarproject.bramble.api.identity.AuthorInfo;
 import org.briarproject.bramble.api.lifecycle.LifecycleManager;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 
+import java.security.GeneralSecurityException;
 import java.util.Collection;
 
 import javax.annotation.Nullable;
@@ -28,28 +32,71 @@ public interface ContactManager {
 
 	/**
 	 * Stores a contact associated with the given local and remote pseudonyms,
-	 * derives and stores transport keys for each transport, and returns an ID
+	 * derives and stores rotation mode transport keys for each transport, and
-	 * for the contact.
+	 * returns an ID for the contact.
 	 *
-	 * @param alice true if the local party is Alice
+	 * @param rootKey The root key for a set of rotation mode transport keys
+	 * @param timestamp The timestamp for deriving rotation mode transport
+	 * keys from the root key
+	 * @param alice True if the local party is Alice
+	 * @param verified True if the contact's identity has been verified, which
+	 * is true if the contact was added in person or false if the contact was
+	 * introduced or added remotely
+	 * @param active True if the rotation mode transport keys can be used for
+	 * outgoing streams
 	 */
 	ContactId addContact(Transaction txn, Author remote, AuthorId local,
 			SecretKey rootKey, long timestamp, boolean alice, boolean verified,
 			boolean active) throws DbException;
 
+	/**
+	 * Stores a contact associated with the given local and remote pseudonyms,
+	 * replacing the given pending contact, derives and stores handshake mode
+	 * and rotation mode transport keys for each transport, and returns an ID
+	 * for the contact.
+	 *
+	 * @param rootKey The root key for a set of rotation mode transport keys
+	 * @param timestamp The timestamp for deriving rotation mode transport
+	 * keys from the root key
+	 * @param alice True if the local party is Alice
+	 * @param verified True if the contact's identity has been verified, which
+	 * is true if the contact was added in person or false if the contact was
+	 * introduced or added remotely
+	 * @param active True if the rotation mode transport keys can be used for
+	 * outgoing streams
+	 * @throws GeneralSecurityException If the pending contact's handshake
+	 * public key is invalid
+	 */
+	ContactId addContact(Transaction txn, PendingContactId p, Author remote,
+			AuthorId local, SecretKey rootKey, long timestamp, boolean alice,
+			boolean verified, boolean active)
+			throws DbException, GeneralSecurityException;
+
 	/**
 	 * Stores a contact associated with the given local and remote pseudonyms
 	 * and returns an ID for the contact.
+	 *
+	 * @param verified True if the contact's identity has been verified, which
+	 * is true if the contact was added in person or false if the contact was
+	 * introduced or added remotely
 	 */
 	ContactId addContact(Transaction txn, Author remote, AuthorId local,
 			boolean verified) throws DbException;
 
 	/**
 	 * Stores a contact associated with the given local and remote pseudonyms,
-	 * derives and stores transport keys for each transport, and returns an ID
+	 * derives and stores rotation mode transport keys for each transport, and
-	 * for the contact.
+	 * returns an ID for the contact.
 	 *
-	 * @param alice true if the local party is Alice
+	 * @param rootKey The root key for a set of rotation mode transport keys
+	 * @param timestamp The timestamp for deriving rotation mode transport
+	 * keys from the root key
+	 * @param alice True if the local party is Alice
+	 * @param verified True if the contact's identity has been verified, which
+	 * is true if the contact was added in person or false if the contact was
+	 * introduced or added remotely
+	 * @param active True if the rotation mode transport keys can be used for
+	 * outgoing streams
 	 */
 	ContactId addContact(Author remote, AuthorId local, SecretKey rootKey,
 			long timestamp, boolean alice, boolean verified, boolean active)
@@ -65,20 +112,34 @@ public interface ContactManager {
 	 * Creates a {@link PendingContact} from the given handshake link and
 	 * alias, adds it to the database and returns it.
 	 *
-	 * @param link The handshake link received from the contact we want to add
+	 * @param link The handshake link received from the pending contact
-	 * @param alias The alias the user has given this contact
+	 * @param alias The alias the user has given this pending contact
-	 * @return A PendingContact representing the contact to be added
 	 * @throws UnsupportedVersionException If the link uses a format version
 	 * that is not supported
 	 * @throws FormatException If the link is invalid
+	 * @throws GeneralSecurityException If the pending contact's handshake
+	 * public key is invalid
+	 * @throws ContactExistsException If a contact with the same handshake
+	 * public key already exists
+	 * @throws PendingContactExistsException If a pending contact with the same
+	 * handshake public key already exists
 	 */
 	PendingContact addPendingContact(String link, String alias)
-			throws DbException, FormatException;
+			throws DbException, FormatException, GeneralSecurityException,
+			ContactExistsException, PendingContactExistsException;
 
 	/**
-	 * Returns a list of {@link PendingContact}s.
+	 * Returns the pending contact with the given ID.
 	 */
-	Collection<PendingContact> getPendingContacts() throws DbException;
+	PendingContact getPendingContact(Transaction txn, PendingContactId p)
+			throws DbException;
+
+	/**
+	 * Returns a list of {@link PendingContact PendingContacts} and their
+	 * {@link PendingContactState states}.
+	 */
+	Collection<Pair<PendingContact, PendingContactState>> getPendingContacts()
+			throws DbException;
 
 	/**
 	 * Removes a {@link PendingContact}.
@@ -91,8 +152,13 @@ public interface ContactManager {
 	Contact getContact(ContactId c) throws DbException;
 
 	/**
-	 * Returns the contact with the given remoteAuthorId
+	 * Returns the contact with the given ID.
-	 * that was added by the LocalAuthor with the given localAuthorId
+	 */
+	Contact getContact(Transaction txn, ContactId c) throws DbException;
+
+	/**
+	 * Returns the contact with the given {@code remoteAuthorId}
+	 * that belongs to the local pseudonym with the given {@code localAuthorId}.
 	 *
 	 * @throws NoSuchContactException If the contact is not in the database
 	 */
@@ -100,8 +166,8 @@ public interface ContactManager {
 			throws DbException;
 
 	/**
-	 * Returns the contact with the given remoteAuthorId
+	 * Returns the contact with the given {@code remoteAuthorId}
-	 * that was added by the LocalAuthor with the given localAuthorId
+	 * that belongs to the local pseudonym with the given {@code localAuthorId}.
 	 *
 	 * @throws NoSuchContactException If the contact is not in the database
 	 */
@@ -109,7 +175,7 @@ public interface ContactManager {
 			AuthorId localAuthorId) throws DbException;
 
 	/**
-	 * Returns all active contacts.
+	 * Returns all contacts.
 	 */
 	Collection<Contact> getContacts() throws DbException;
 
@@ -124,25 +190,27 @@ public interface ContactManager {
 	void removeContact(Transaction txn, ContactId c) throws DbException;
 
 	/**
-	 * Sets an alias name for the contact or unsets it if alias is null.
+	 * Sets an alias for the contact or unsets it if {@code alias} is null.
 	 */
 	void setContactAlias(Transaction txn, ContactId c, @Nullable String alias)
 			throws DbException;
 
 	/**
-	 * Sets an alias name for the contact or unsets it if alias is null.
+	 * Sets an alias for the contact or unsets it if {@code alias} is null.
 	 */
 	void setContactAlias(ContactId c, @Nullable String alias)
 			throws DbException;
 
 	/**
-	 * Return true if a contact with this name and public key already exists
+	 * Returns true if a contact with this {@code remoteAuthorId} belongs to
+	 * the local pseudonym with this {@code localAuthorId}.
 	 */
 	boolean contactExists(Transaction txn, AuthorId remoteAuthorId,
 			AuthorId localAuthorId) throws DbException;
 
 	/**
-	 * Return true if a contact with this name and public key already exists
+	 * Returns true if a contact with this {@code remoteAuthorId} belongs to
+	 * the local pseudonym with this {@code localAuthorId}.
 	 */
 	boolean contactExists(AuthorId remoteAuthorId, AuthorId localAuthorId)
 			throws DbException;

bramble-api/src/main/java/org/briarproject/bramble/api/contact/HandshakeManager.java

@@ -0,0 +1,45 @@
+package org.briarproject.bramble.api.contact;
+
+import org.briarproject.bramble.api.crypto.SecretKey;
+import org.briarproject.bramble.api.db.DbException;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.transport.StreamWriter;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+@NotNullByDefault
+public interface HandshakeManager {
+
+	/**
+	 * Handshakes with the given pending contact. Returns an ephemeral master
+	 * key authenticated with both parties' handshake key pairs and a flag
+	 * indicating whether the local peer is Alice or Bob.
+	 *
+	 * @param in An incoming stream for the handshake, which must be secured in
+	 * handshake mode
+	 * @param out An outgoing stream for the handshake, which must be secured
+	 * in handshake mode
+	 */
+	HandshakeResult handshake(PendingContactId p, InputStream in,
+			StreamWriter out) throws DbException, IOException;
+
+	class HandshakeResult {
+
+		private final SecretKey masterKey;
+		private final boolean alice;
+
+		public HandshakeResult(SecretKey masterKey, boolean alice) {
+			this.masterKey = masterKey;
+			this.alice = alice;
+		}
+
+		public SecretKey getMasterKey() {
+			return masterKey;
+		}
+
+		public boolean isAlice() {
+			return alice;
+		}
+	}
+}

bramble-api/src/main/java/org/briarproject/bramble/api/contact/PendingContact.java

@@ -12,15 +12,13 @@ public class PendingContact {
 	private final PendingContactId id;
 	private final PublicKey publicKey;
 	private final String alias;
-	private final PendingContactState state;
 	private final long timestamp;
 
 	public PendingContact(PendingContactId id, PublicKey publicKey,
-			String alias, PendingContactState state, long timestamp) {
+			String alias, long timestamp) {
 		this.id = id;
 		this.publicKey = publicKey;
 		this.alias = alias;
-		this.state = state;
 		this.timestamp = timestamp;
 	}
 
@@ -36,10 +34,6 @@ public class PendingContact {
 		return alias;
 	}
 
-	public PendingContactState getState() {
-		return state;
-	}
-
 	public long getTimestamp() {
 		return timestamp;
 	}

bramble-api/src/main/java/org/briarproject/bramble/api/contact/PendingContactState.java

@@ -1,30 +1,10 @@
 package org.briarproject.bramble.api.contact;
 
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-
-import javax.annotation.concurrent.Immutable;
-
-@Immutable
-@NotNullByDefault
 public enum PendingContactState {
 
-	WAITING_FOR_CONNECTION(0),
+	WAITING_FOR_CONNECTION,
-	CONNECTED(1),
+	OFFLINE,
-	ADDING_CONTACT(2),
+	CONNECTING,
-	FAILED(3);
+	ADDING_CONTACT,
-
+	FAILED
-	private final int value;
-
-	PendingContactState(int value) {
-		this.value = value;
-	}
-
-	public int getValue() {
-		return value;
-	}
-
-	public static PendingContactState fromValue(int value) {
-		for (PendingContactState s : values()) if (s.value == value) return s;
-		throw new IllegalArgumentException();
-	}
 }

bramble-api/src/main/java/org/briarproject/bramble/api/contact/event/ContactAddedEvent.java

@@ -14,12 +14,18 @@ import javax.annotation.concurrent.Immutable;
 public class ContactAddedEvent extends Event {
 
 	private final ContactId contactId;
+	private final boolean verified;
 
-	public ContactAddedEvent(ContactId contactId) {
+	public ContactAddedEvent(ContactId contactId, boolean verified) {
 		this.contactId = contactId;
+		this.verified = verified;
 	}
 
 	public ContactId getContactId() {
 		return contactId;
 	}
+
+	public boolean isVerified() {
+		return verified;
+	}
 }

bramble-api/src/main/java/org/briarproject/bramble/api/contact/event/ContactAddedRemotelyEvent.java

@@ -1,22 +0,0 @@
-package org.briarproject.bramble.api.contact.event;
-
-import org.briarproject.bramble.api.contact.Contact;
-import org.briarproject.bramble.api.event.Event;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-
-import javax.annotation.concurrent.Immutable;
-
-@Immutable
-@NotNullByDefault
-public class ContactAddedRemotelyEvent extends Event {
-
-	private final Contact contact;
-
-	public ContactAddedRemotelyEvent(Contact contact) {
-		this.contact = contact;
-	}
-
-	public Contact getContact() {
-		return contact;
-	}
-}

bramble-api/src/main/java/org/briarproject/bramble/api/contact/event/ContactExchangeFailedEvent.java

@@ -1,32 +0,0 @@
-package org.briarproject.bramble.api.contact.event;
-
-import org.briarproject.bramble.api.event.Event;
-import org.briarproject.bramble.api.identity.Author;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-
-import javax.annotation.Nullable;
-
-@NotNullByDefault
-public class ContactExchangeFailedEvent extends Event {
-
-	@Nullable
-	private final Author duplicateRemoteAuthor;
-
-	public ContactExchangeFailedEvent(@Nullable Author duplicateRemoteAuthor) {
-		this.duplicateRemoteAuthor = duplicateRemoteAuthor;
-	}
-
-	public ContactExchangeFailedEvent() {
-		this(null);
-	}
-
-	@Nullable
-	public Author getDuplicateRemoteAuthor() {
-		return duplicateRemoteAuthor;
-	}
-
-	public boolean wasDuplicateContact() {
-		return duplicateRemoteAuthor != null;
-	}
-
-}

bramble-api/src/main/java/org/briarproject/bramble/api/contact/event/ContactExchangeSucceededEvent.java

@@ -1,20 +0,0 @@
-package org.briarproject.bramble.api.contact.event;
-
-import org.briarproject.bramble.api.event.Event;
-import org.briarproject.bramble.api.identity.Author;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-
-@NotNullByDefault
-public class ContactExchangeSucceededEvent extends Event {
-
-	private final Author remoteAuthor;
-
-	public ContactExchangeSucceededEvent(Author remoteAuthor) {
-		this.remoteAuthor = remoteAuthor;
-	}
-
-	public Author getRemoteAuthor() {
-		return remoteAuthor;
-	}
-
-}

bramble-api/src/main/java/org/briarproject/bramble/api/contact/event/PendingContactAddedEvent.java

@@ -0,0 +1,25 @@
+package org.briarproject.bramble.api.contact.event;
+
+import org.briarproject.bramble.api.contact.PendingContact;
+import org.briarproject.bramble.api.event.Event;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+import javax.annotation.concurrent.Immutable;
+
+/**
+ * An event that is broadcast when a pending contact is added.
+ */
+@Immutable
+@NotNullByDefault
+public class PendingContactAddedEvent extends Event {
+
+	private final PendingContact pendingContact;
+
+	public PendingContactAddedEvent(PendingContact pendingContact) {
+		this.pendingContact = pendingContact;
+	}
+
+	public PendingContact getPendingContact() {
+		return pendingContact;
+	}
+}

bramble-api/src/main/java/org/briarproject/bramble/api/crypto/CryptoComponent.java

@@ -27,31 +27,55 @@ public interface CryptoComponent {
 	/**
 	 * Derives another secret key from the given secret key.
 	 *
-	 * @param label a namespaced label indicating the purpose of the derived
+	 * @param label A namespaced label indicating the purpose of the derived
 	 * key, to prevent it from being repurposed or colliding with a key derived
 	 * for another purpose
+	 * @param inputs Additional inputs that will be included in the derivation
+	 * of the key
 	 */
 	SecretKey deriveKey(String label, SecretKey k, byte[]... inputs);
 
 	/**
-	 * Derives a common shared secret from two public keys and one of the
+	 * Derives a shared secret from two key pairs.
-	 * corresponding private keys.
 	 *
-	 * @param label a namespaced label indicating the purpose of this shared
+	 * @param label A namespaced label indicating the purpose of this shared
 	 * secret, to prevent it from being repurposed or colliding with a shared
 	 * secret derived for another purpose
-	 * @param theirPublicKey the public key of the remote party
+	 * @param theirPublicKey The public key of the remote party
-	 * @param ourKeyPair the key pair of the local party
+	 * @param ourKeyPair The key pair of the local party
-	 * @return the shared secret
+	 * @param inputs Additional inputs that will be included in the derivation
+	 * of the shared secret
+	 * @return The shared secret
 	 */
 	SecretKey deriveSharedSecret(String label, PublicKey theirPublicKey,
 			KeyPair ourKeyPair, byte[]... inputs)
 			throws GeneralSecurityException;
 
+	/**
+	 * Derives a shared secret from two static and two ephemeral key pairs.
+	 *
+	 * @param label A namespaced label indicating the purpose of this shared
+	 * secret, to prevent it from being repurposed or colliding with a shared
+	 * secret derived for another purpose
+	 * @param theirStaticPublicKey The static public key of the remote party
+	 * @param theirEphemeralPublicKey The ephemeral public key of the remote
+	 * party
+	 * @param ourStaticKeyPair The static key pair of the local party
+	 * @param ourEphemeralKeyPair The ephemeral key pair of the local party
+	 * @param alice True if the local party is Alice
+	 * @param inputs Additional inputs that will be included in the
+	 * derivation of the shared secret
+	 * @return The shared secret
+	 */
+	SecretKey deriveSharedSecret(String label, PublicKey theirStaticPublicKey,
+			PublicKey theirEphemeralPublicKey, KeyPair ourStaticKeyPair,
+			KeyPair ourEphemeralKeyPair, boolean alice, byte[]... inputs)
+			throws GeneralSecurityException;
+
 	/**
 	 * Signs the given byte[] with the given private key.
 	 *
-	 * @param label a namespaced label indicating the purpose of this
+	 * @param label A namespaced label indicating the purpose of this
 	 * signature, to prevent it from being repurposed or colliding with a
 	 * signature created for another purpose
 	 */
@@ -62,10 +86,10 @@ public interface CryptoComponent {
 	 * Verifies that the given signature is valid for the signed data
 	 * and the given public key.
 	 *
-	 * @param label a namespaced label indicating the purpose of this
+	 * @param label A namespaced label indicating the purpose of this
 	 * signature, to prevent it from being repurposed or colliding with a
 	 * signature created for another purpose
-	 * @return true if the signature was valid, false otherwise.
+	 * @return True if the signature was valid, false otherwise.
 	 */
 	boolean verifySignature(byte[] signature, String label, byte[] signed,
 			PublicKey publicKey) throws GeneralSecurityException;
@@ -74,7 +98,7 @@ public interface CryptoComponent {
 	 * Returns the hash of the given inputs. The inputs are unambiguously
 	 * combined by prefixing each input with its length.
 	 *
-	 * @param label a namespaced label indicating the purpose of this hash, to
+	 * @param label A namespaced label indicating the purpose of this hash, to
 	 * prevent it from being repurposed or colliding with a hash created for
 	 * another purpose
 	 */
@@ -85,7 +109,7 @@ public interface CryptoComponent {
 	 * given inputs. The inputs are unambiguously combined by prefixing each
 	 * input with its length.
 	 *
-	 * @param label a namespaced label indicating the purpose of this MAC, to
+	 * @param label A namespaced label indicating the purpose of this MAC, to
 	 * prevent it from being repurposed or colliding with a MAC created for
 	 * another purpose
 	 */
@@ -95,10 +119,10 @@ public interface CryptoComponent {
 	 * Verifies that the given message authentication code is valid for the
 	 * given secret key and inputs.
 	 *
-	 * @param label a namespaced label indicating the purpose of this MAC, to
+	 * @param label A namespaced label indicating the purpose of this MAC, to
 	 * prevent it from being repurposed or colliding with a MAC created for
 	 * another purpose
-	 * @return true if the MAC was valid, false otherwise.
+	 * @return True if the MAC was valid, false otherwise.
 	 */
 	boolean verifyMac(byte[] mac, String label, SecretKey macKey,
 			byte[]... inputs);
@@ -108,17 +132,32 @@ public interface CryptoComponent {
 	 * storage. The encryption and authentication keys are derived from the
 	 * given password. The ciphertext will be decryptable using the same
 	 * password after the app restarts.
+	 *
+	 * @param keyStrengthener Used to strengthen the password-based key. If
+	 * null, the password-based key will not be strengthened
 	 */
-	byte[] encryptWithPassword(byte[] plaintext, String password);
+	byte[] encryptWithPassword(byte[] plaintext, String password,
+			@Nullable KeyStrengthener keyStrengthener);
 
 	/**
 	 * Decrypts and authenticates the given ciphertext that has been read from
 	 * storage. The encryption and authentication keys are derived from the
 	 * given password. Returns null if the ciphertext cannot be decrypted and
 	 * authenticated (for example, if the password is wrong).
+	 *
+	 * @param keyStrengthener Used to strengthen the password-based key. If
+	 * null, or if strengthening was not used when encrypting the ciphertext,
+	 * the password-based key will not be strengthened
 	 */
 	@Nullable
-	byte[] decryptWithPassword(byte[] ciphertext, String password);
+	byte[] decryptWithPassword(byte[] ciphertext, String password,
+			@Nullable KeyStrengthener keyStrengthener);
+
+	/**
+	 * Returns true if the given ciphertext was encrypted using a strengthened
+	 * key. The validity of the ciphertext is not checked.
+	 */
+	boolean isEncryptedWithStrengthenedKey(byte[] ciphertext);
 
 	/**
 	 * Encrypts the given plaintext to the given public key.

bramble-api/src/main/java/org/briarproject/bramble/api/crypto/KeyStrengthener.java

@@ -0,0 +1,23 @@
+package org.briarproject.bramble.api.crypto;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+/**
+ * Interface for strengthening a password-based key, for example by using a
+ * key stored in a key management service or hardware security module.
+ */
+@NotNullByDefault
+public interface KeyStrengthener {
+
+	/**
+	 * Returns true if the strengthener has been initialised.
+	 */
+	@SuppressWarnings("BooleanMethodIsAlwaysInverted")
+	boolean isInitialised();
+
+	/**
+	 * Initialises the strengthener if necessary and returns a strong key
+	 * derived from the given key.
+	 */
+	SecretKey strengthenKey(SecretKey k);
+}

bramble-api/src/main/java/org/briarproject/bramble/api/crypto/TransportCrypto.java

@@ -3,12 +3,37 @@ package org.briarproject.bramble.api.crypto;
 import org.briarproject.bramble.api.plugin.TransportId;
 import org.briarproject.bramble.api.transport.TransportKeys;
 
+import java.security.GeneralSecurityException;
+
 /**
  * Crypto operations for the transport security protocol - see
  * https://code.briarproject.org/briar/briar-spec/blob/master/protocols/BTP.md
  */
 public interface TransportCrypto {
 
+	/**
+	 * Returns true if the local peer is Alice.
+	 */
+	boolean isAlice(PublicKey theirHandshakePublicKey,
+			KeyPair ourHandshakeKeyPair);
+
+	/**
+	 * Derives the static master key shared with a contact or pending contact.
+	 */
+	SecretKey deriveStaticMasterKey(PublicKey theirHandshakePublicKey,
+			KeyPair ourHandshakeKeyPair) throws GeneralSecurityException;
+
+	/**
+	 * Derives the handshake mode root key from the static master key. To
+	 * prevent tag reuse, separate root keys are derived for contacts and
+	 * pending contacts.
+	 *
+	 * @param pendingContact Whether the static master key is shared with a
+	 * pending contact or a contact
+	 */
+	SecretKey deriveHandshakeRootKey(SecretKey staticMasterKey,
+			boolean pendingContact);
+
 	/**
 	 * Derives initial rotation mode transport keys for the given transport in
 	 * the given time period from the given root key.

bramble-api/src/main/java/org/briarproject/bramble/api/db/ContactExistsException.java

@@ -1,8 +1,27 @@
 package org.briarproject.bramble.api.db;
 
+import org.briarproject.bramble.api.identity.Author;
+import org.briarproject.bramble.api.identity.AuthorId;
+
 /**
  * Thrown when a duplicate contact is added to the database. This exception may
  * occur due to concurrent updates and does not indicate a database error.
  */
 public class ContactExistsException extends DbException {
+
+	private final AuthorId local;
+	private final Author remote;
+
+	public ContactExistsException(AuthorId local, Author remote) {
+		this.local = local;
+		this.remote = remote;
+	}
+
+	public AuthorId getLocalAuthorId() {
+		return local;
+	}
+
+	public Author getRemoteAuthor() {
+		return remote;
+	}
 }

bramble-api/src/main/java/org/briarproject/bramble/api/db/DatabaseComponent.java

@@ -29,6 +29,7 @@ import org.briarproject.bramble.api.transport.TransportKeySet;
 import org.briarproject.bramble.api.transport.TransportKeys;
 
 import java.util.Collection;
+import java.util.List;
 import java.util.Map;
 
 import javax.annotation.Nullable;
@@ -38,7 +39,7 @@ import javax.annotation.Nullable;
  * to other components.
  */
 @NotNullByDefault
-public interface DatabaseComponent {
+public interface DatabaseComponent extends TransactionManager {
 
 	/**
 	 * Opens the database and returns true if the database already existed.
@@ -56,56 +57,12 @@ public interface DatabaseComponent {
 	 */
 	void close() throws DbException;
 
-	/**
-	 * Starts a new transaction and returns an object representing it.
-	 * <p/>
-	 * This method acquires locks, so it must not be called while holding a
-	 * lock.
-	 *
-	 * @param readOnly true if the transaction will only be used for reading.
-	 */
-	Transaction startTransaction(boolean readOnly) throws DbException;
-
-	/**
-	 * Commits a transaction to the database.
-	 */
-	void commitTransaction(Transaction txn) throws DbException;
-
-	/**
-	 * Ends a transaction. If the transaction has not been committed,
-	 * it will be aborted. If the transaction has been committed,
-	 * any events attached to the transaction are broadcast.
-	 * The database lock will be released in either case.
-	 */
-	void endTransaction(Transaction txn);
-
-	/**
-	 * Runs the given task within a transaction.
-	 */
-	<E extends Exception> void transaction(boolean readOnly,
-			DbRunnable<E> task) throws DbException, E;
-
-	/**
-	 * Runs the given task within a transaction and returns the result of the
-	 * task.
-	 */
-	<R, E extends Exception> R transactionWithResult(boolean readOnly,
-			DbCallable<R, E> task) throws DbException, E;
-
-	/**
-	 * Runs the given task within a transaction and returns the result of the
-	 * task, which may be null.
-	 */
-	@Nullable
-	<R, E extends Exception> R transactionWithNullableResult(boolean readOnly,
-			NullableDbCallable<R, E> task) throws DbException, E;
-
 	/**
 	 * Stores a contact associated with the given local and remote pseudonyms,
 	 * and returns an ID for the contact.
 	 */
 	ContactId addContact(Transaction txn, Author remote, AuthorId local,
-			boolean verified) throws DbException;
+			@Nullable PublicKey handshake, boolean verified) throws DbException;
 
 	/**
 	 * Stores a group.
@@ -121,12 +78,12 @@ public interface DatabaseComponent {
 	 * Stores a local message.
 	 */
 	void addLocalMessage(Transaction txn, Message m, Metadata meta,
-			boolean shared) throws DbException;
+			boolean shared, boolean temporary) throws DbException;
 
 	/**
 	 * Stores a pending contact.
 	 */
-	void addPendingContact(Transaction txn, PendingContact p)
+	void addPendingContact(Transaction txn, PendingContact p, AuthorId local)
 			throws DbException;
 
 	/**
@@ -448,6 +405,14 @@ public interface DatabaseComponent {
 	 */
 	long getNextSendTime(Transaction txn, ContactId c) throws DbException;
 
+	/**
+	 * Returns the pending contact with the given ID.
+	 * <p/>
+	 * Read-only.
+	 */
+	PendingContact getPendingContact(Transaction txn, PendingContactId p)
+			throws DbException;
+
 	/**
 	 * Returns all pending contacts.
 	 * <p/>
@@ -463,6 +428,13 @@ public interface DatabaseComponent {
 	 */
 	Settings getSettings(Transaction txn, String namespace) throws DbException;
 
+	/**
+	 * Returns the versions of the sync protocol supported by the given contact.
+	 * <p/>
+	 * Read-only.
+	 */
+	List<Byte> getSyncVersions(Transaction txn, ContactId c) throws DbException;
+
 	/**
 	 * Returns all transport keys for the given transport.
 	 * <p/>
@@ -546,6 +518,12 @@ public interface DatabaseComponent {
 	void removePendingContact(Transaction txn, PendingContactId p)
 			throws DbException;
 
+	/**
+	 * Removes all temporary messages (and all associated state) from the
+	 * database.
+	 */
+	void removeTemporaryMessages(Transaction txn) throws DbException;
+
 	/**
 	 * Removes a transport (and all associated state) from the database.
 	 */
@@ -574,6 +552,11 @@ public interface DatabaseComponent {
 	void setGroupVisibility(Transaction txn, ContactId c, GroupId g,
 			Visibility v) throws DbException;
 
+	/**
+	 * Marks the given message as permanent, i.e. not temporary.
+	 */
+	void setMessagePermanent(Transaction txn, MessageId m) throws DbException;
+
 	/**
 	 * Marks the given message as shared.
 	 */
@@ -604,6 +587,12 @@ public interface DatabaseComponent {
 	void setReorderingWindow(Transaction txn, KeySetId k, TransportId t,
 			long timePeriod, long base, byte[] bitmap) throws DbException;
 
+	/**
+	 * Sets the versions of the sync protocol supported by the given contact.
+	 */
+	void setSyncVersions(Transaction txn, ContactId c, List<Byte> supported)
+			throws DbException;
+
 	/**
 	 * Marks the given transport keys as usable for outgoing streams.
 	 */

bramble-api/src/main/java/org/briarproject/bramble/api/db/DatabaseConfig.java

@@ -1,13 +1,29 @@
 package org.briarproject.bramble.api.db;
 
+import org.briarproject.bramble.api.crypto.KeyStrengthener;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 
 import java.io.File;
 
+import javax.annotation.Nullable;
+
 @NotNullByDefault
 public interface DatabaseConfig {
 
+	/**
+	 * Returns the directory where the database stores its data.
+	 */
 	File getDatabaseDirectory();
 
+	/**
+	 * Returns the directory where the encrypted database key is stored.
+	 */
 	File getDatabaseKeyDirectory();
+
+	/**
+	 * Returns a {@link KeyStrengthener} for strengthening the encryption of
+	 * the database key, or null if no strengthener should be used.
+	 */
+	@Nullable
+	KeyStrengthener getKeyStrengthener();
 }

bramble-api/src/main/java/org/briarproject/bramble/api/db/PendingContactExistsException.java

@@ -1,9 +1,21 @@
 package org.briarproject.bramble.api.db;
 
+import org.briarproject.bramble.api.contact.PendingContact;
+
 /**
  * Thrown when a duplicate pending contact is added to the database. This
  * exception may occur due to concurrent updates and does not indicate a
  * database error.
  */
 public class PendingContactExistsException extends DbException {
+
+	private final PendingContact pendingContact;
+
+	public PendingContactExistsException(PendingContact pendingContact) {
+		this.pendingContact = pendingContact;
+	}
+
+	public PendingContact getPendingContact() {
+		return pendingContact;
+	}
 }

bramble-api/src/main/java/org/briarproject/bramble/api/db/TransactionManager.java

@@ -0,0 +1,54 @@
+package org.briarproject.bramble.api.db;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+import javax.annotation.Nullable;
+
+@NotNullByDefault
+public interface TransactionManager {
+
+	/**
+	 * Starts a new transaction and returns an object representing it.
+	 * <p/>
+	 * This method acquires locks, so it must not be called while holding a
+	 * lock.
+	 *
+	 * @param readOnly true if the transaction will only be used for reading.
+	 */
+	Transaction startTransaction(boolean readOnly) throws DbException;
+
+	/**
+	 * Commits a transaction to the database.
+	 */
+	void commitTransaction(Transaction txn) throws DbException;
+
+	/**
+	 * Ends a transaction. If the transaction has not been committed,
+	 * it will be aborted. If the transaction has been committed,
+	 * any events attached to the transaction are broadcast.
+	 * The database lock will be released in either case.
+	 */
+	void endTransaction(Transaction txn);
+
+	/**
+	 * Runs the given task within a transaction.
+	 */
+	<E extends Exception> void transaction(boolean readOnly,
+			DbRunnable<E> task) throws DbException, E;
+
+	/**
+	 * Runs the given task within a transaction and returns the result of the
+	 * task.
+	 */
+	<R, E extends Exception> R transactionWithResult(boolean readOnly,
+			DbCallable<R, E> task) throws DbException, E;
+
+	/**
+	 * Runs the given task within a transaction and returns the result of the
+	 * task, which may be null.
+	 */
+	@Nullable
+	<R, E extends Exception> R transactionWithNullableResult(boolean readOnly,
+			NullableDbCallable<R, E> task) throws DbException, E;
+
+}

bramble-api/src/main/java/org/briarproject/bramble/api/keyagreement/KeyAgreementListener.java

@@ -5,7 +5,7 @@ import org.briarproject.bramble.api.data.BdfList;
 import java.io.IOException;
 
 /**
- * An class for managing a particular key agreement listener.
+ * Accepts key agreement connections over a given transport.
  */
 public abstract class KeyAgreementListener {
 

bramble-api/src/main/java/org/briarproject/bramble/api/nullsafety/NullSafety.java

@@ -22,4 +22,11 @@ public class NullSafety {
 			@Nullable Object b) {
 		if ((a == null) == (b == null)) throw new AssertionError();
 	}
+
+	/**
+	 * Checks that the argument is null.
+	 */
+	public static void requireNull(@Nullable Object o) {
+		if (o != null) throw new AssertionError();
+	}
 }

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/ConnectionHandler.java

@@ -0,0 +1,28 @@
+package org.briarproject.bramble.api.plugin;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.duplex.DuplexPlugin;
+import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
+import org.briarproject.bramble.api.plugin.simplex.SimplexPlugin;
+
+/**
+ * An interface for handling connections created by transport plugins.
+ */
+@NotNullByDefault
+public interface ConnectionHandler {
+
+	/**
+	 * Handles a connection created by a {@link DuplexPlugin}.
+	 */
+	void handleConnection(DuplexTransportConnection c);
+
+	/**
+	 * Handles a reader created by a {@link SimplexPlugin}.
+	 */
+	void handleReader(TransportConnectionReader r);
+
+	/**
+	 * Handles a writer created by a {@link SimplexPlugin}.
+	 */
+	void handleWriter(TransportConnectionWriter w);
+}

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/ConnectionManager.java

@@ -1,17 +1,46 @@
 package org.briarproject.bramble.api.plugin;
 
 import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.contact.PendingContactId;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
 
+@NotNullByDefault
 public interface ConnectionManager {
 
+	/**
+	 * Manages an incoming connection from a contact over a simplex transport.
+	 */
 	void manageIncomingConnection(TransportId t, TransportConnectionReader r);
 
+	/**
+	 * Manages an incoming connection from a contact over a duplex transport.
+	 */
 	void manageIncomingConnection(TransportId t, DuplexTransportConnection d);
 
+	/**
+	 * Manages an incoming handshake connection from a pending contact over a
+	 * duplex transport.
+	 */
+	void manageIncomingConnection(PendingContactId p, TransportId t,
+			DuplexTransportConnection d);
+
+	/**
+	 * Manages an outgoing connection to a contact over a simplex transport.
+	 */
 	void manageOutgoingConnection(ContactId c, TransportId t,
 			TransportConnectionWriter w);
 
+	/**
+	 * Manages an outgoing connection to a contact over a duplex transport.
+	 */
 	void manageOutgoingConnection(ContactId c, TransportId t,
 			DuplexTransportConnection d);
+
+	/**
+	 * Manages an outgoing handshake connection to a pending contact over a
+	 * duplex transport.
+	 */
+	void manageOutgoingConnection(PendingContactId p, TransportId t,
+			DuplexTransportConnection d);
 }

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/ConnectionRegistry.java

@@ -1,7 +1,14 @@
 package org.briarproject.bramble.api.plugin;
 
 import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.contact.PendingContactId;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.event.ConnectionClosedEvent;
+import org.briarproject.bramble.api.plugin.event.ConnectionOpenedEvent;
+import org.briarproject.bramble.api.plugin.event.ContactConnectedEvent;
+import org.briarproject.bramble.api.plugin.event.ContactDisconnectedEvent;
+import org.briarproject.bramble.api.rendezvous.event.RendezvousConnectionClosedEvent;
+import org.briarproject.bramble.api.rendezvous.event.RendezvousConnectionOpenedEvent;
 
 import java.util.Collection;
 
@@ -11,13 +18,50 @@ import java.util.Collection;
 @NotNullByDefault
 public interface ConnectionRegistry {
 
+	/**
+	 * Registers a connection with the given contact over the given transport.
+	 * Broadcasts {@link ConnectionOpenedEvent}. Also broadcasts
+	 * {@link ContactConnectedEvent} if this is the only connection with the
+	 * contact.
+	 */
 	void registerConnection(ContactId c, TransportId t, boolean incoming);
 
+	/**
+	 * Unregisters a connection with the given contact over the given transport.
+	 * Broadcasts {@link ConnectionClosedEvent}. Also broadcasts
+	 * {@link ContactDisconnectedEvent} if this is the only connection with
+	 * the contact.
+	 */
 	void unregisterConnection(ContactId c, TransportId t, boolean incoming);
 
+	/**
+	 * Returns any contacts that are connected via the given transport.
+	 */
 	Collection<ContactId> getConnectedContacts(TransportId t);
 
+	/**
+	 * Returns true if the given contact is connected via the given transport.
+	 */
 	boolean isConnected(ContactId c, TransportId t);
 
+	/**
+	 * Returns true if the given contact is connected via any transport.
+	 */
 	boolean isConnected(ContactId c);
+
+	/**
+	 * Registers a connection with the given pending contact. Broadcasts
+	 * {@link RendezvousConnectionOpenedEvent} if this is the only connection
+	 * with the pending contact.
+	 *
+	 * @return True if this is the only connection with the pending contact,
+	 * false if it is redundant and should be closed
+	 */
+	boolean registerConnection(PendingContactId p);
+
+	/**
+	 * Unregisters a connection with the given pending contact. Broadcasts
+	 * {@link RendezvousConnectionClosedEvent}.
+	 */
+	void unregisterConnection(PendingContactId p, boolean success);
 }

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/Plugin.java

@@ -1,10 +1,10 @@
 package org.briarproject.bramble.api.plugin;
 
-import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.Pair;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.properties.TransportProperties;
 
-import java.util.Map;
+import java.util.Collection;
 
 @NotNullByDefault
 public interface Plugin {
@@ -51,8 +51,9 @@ public interface Plugin {
 	int getPollingInterval();
 
 	/**
-	 * Attempts to establish connections to the given contacts, passing any
+	 * Attempts to create connections using the given transport properties,
-	 * created connections to the callback.
+	 * passing any created connections to the corresponding handlers.
 	 */
-	void poll(Map<ContactId, TransportProperties> contacts);
+	void poll(Collection<Pair<TransportProperties, ConnectionHandler>>
+			properties);
 }

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/PluginCallback.java

@@ -9,7 +9,7 @@ import org.briarproject.bramble.api.settings.Settings;
  * the application.
  */
 @NotNullByDefault
-public interface PluginCallback {
+public interface PluginCallback extends ConnectionHandler {
 
 	/**
 	 * Returns the plugin's settings

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/PluginManager.java

@@ -36,4 +36,9 @@ public interface PluginManager {
 	 * Returns any duplex plugins that support key agreement.
 	 */
 	Collection<DuplexPlugin> getKeyAgreementPlugins();
+
+	/**
+	 * Returns any duplex plugins that support rendezvous.
+	 */
+	Collection<DuplexPlugin> getRendezvousPlugins();
 }

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/duplex/DuplexPlugin.java

@@ -3,8 +3,11 @@ package org.briarproject.bramble.api.plugin.duplex;
 import org.briarproject.bramble.api.data.BdfList;
 import org.briarproject.bramble.api.keyagreement.KeyAgreementListener;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.ConnectionHandler;
 import org.briarproject.bramble.api.plugin.Plugin;
 import org.briarproject.bramble.api.properties.TransportProperties;
+import org.briarproject.bramble.api.rendezvous.KeyMaterialSource;
+import org.briarproject.bramble.api.rendezvous.RendezvousEndpoint;
 
 import javax.annotation.Nullable;
 
@@ -40,4 +43,19 @@ public interface DuplexPlugin extends Plugin {
 	@Nullable
 	DuplexTransportConnection createKeyAgreementConnection(
 			byte[] remoteCommitment, BdfList descriptor);
+
+	/**
+	 * Returns true if the plugin supports rendezvous connections.
+	 */
+	boolean supportsRendezvous();
+
+	/**
+	 * Creates and returns an endpoint that uses the given key material to
+	 * rendezvous with a pending contact, and the given connection handler to
+	 * handle incoming connections. Returns null if an endpoint cannot be
+	 * created.
+	 */
+	@Nullable
+	RendezvousEndpoint createRendezvousEndpoint(KeyMaterialSource k,
+			boolean alice, ConnectionHandler incoming);
 }

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/duplex/DuplexPluginCallback.java

@@ -1,17 +0,0 @@
-package org.briarproject.bramble.api.plugin.duplex;
-
-import org.briarproject.bramble.api.contact.ContactId;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.briarproject.bramble.api.plugin.PluginCallback;
-
-/**
- * An interface through which a duplex plugin interacts with the rest of the
- * application.
- */
-@NotNullByDefault
-public interface DuplexPluginCallback extends PluginCallback {
-
-	void incomingConnectionCreated(DuplexTransportConnection d);
-
-	void outgoingConnectionCreated(ContactId c, DuplexTransportConnection d);
-}

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/duplex/DuplexPluginFactory.java

@@ -1,6 +1,7 @@
 package org.briarproject.bramble.api.plugin.duplex;
 
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.PluginCallback;
 import org.briarproject.bramble.api.plugin.TransportId;
 
 import javax.annotation.Nullable;
@@ -25,5 +26,5 @@ public interface DuplexPluginFactory {
 	 * Creates and returns a plugin, or null if no plugin can be created.
 	 */
 	@Nullable
-	DuplexPlugin createPlugin(DuplexPluginCallback callback);
+	DuplexPlugin createPlugin(PluginCallback callback);
 }

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/simplex/SimplexPluginCallback.java

@@ -1,19 +0,0 @@
-package org.briarproject.bramble.api.plugin.simplex;
-
-import org.briarproject.bramble.api.contact.ContactId;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.briarproject.bramble.api.plugin.PluginCallback;
-import org.briarproject.bramble.api.plugin.TransportConnectionReader;
-import org.briarproject.bramble.api.plugin.TransportConnectionWriter;
-
-/**
- * An interface through which a simplex plugin interacts with the rest of the
- * application.
- */
-@NotNullByDefault
-public interface SimplexPluginCallback extends PluginCallback {
-
-	void readerCreated(TransportConnectionReader r);
-
-	void writerCreated(ContactId c, TransportConnectionWriter w);
-}

bramble-api/src/main/java/org/briarproject/bramble/api/plugin/simplex/SimplexPluginFactory.java

@@ -1,6 +1,7 @@
 package org.briarproject.bramble.api.plugin.simplex;
 
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.PluginCallback;
 import org.briarproject.bramble.api.plugin.TransportId;
 
 import javax.annotation.Nullable;
@@ -25,5 +26,5 @@ public interface SimplexPluginFactory {
 	 * Creates and returns a plugin, or null if no plugin can be created.
 	 */
 	@Nullable
-	SimplexPlugin createPlugin(SimplexPluginCallback callback);
+	SimplexPlugin createPlugin(PluginCallback callback);
 }

bramble-api/src/main/java/org/briarproject/bramble/api/record/RecordReader.java

@@ -1,10 +1,14 @@
 package org.briarproject.bramble.api.record;
 
+import org.briarproject.bramble.api.FormatException;
+import org.briarproject.bramble.api.Predicate;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 
 import java.io.EOFException;
 import java.io.IOException;
 
+import javax.annotation.Nullable;
+
 @NotNullByDefault
 public interface RecordReader {
 
@@ -16,5 +20,20 @@ public interface RecordReader {
 	 */
 	Record readRecord() throws IOException;
 
+	/**
+	 * Reads and returns the next record matching the 'accept' predicate,
+	 * skipping any records that match the 'ignore' predicate. Returns null if
+	 * no record matching the 'accept' predicate is found before the end of the
+	 * stream.
+	 *
+	 * @throws EOFException If the end of the stream is reached without
+	 * reading a complete record
+	 * @throws FormatException If a record is read that does not match the
+	 * 'accept' or 'ignore' predicates
+	 */
+	@Nullable
+	Record readRecord(Predicate<Record> accept, Predicate<Record> ignore)
+			throws IOException;
+
 	void close() throws IOException;
 }

bramble-api/src/main/java/org/briarproject/bramble/api/rendezvous/KeyMaterialSource.java

@@ -0,0 +1,15 @@
+package org.briarproject.bramble.api.rendezvous;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+/**
+ * A source of key material for use in making rendezvous connections.
+ */
+@NotNullByDefault
+public interface KeyMaterialSource {
+
+	/**
+	 * Returns the requested amount of key material.
+	 */
+	byte[] getKeyMaterial(int length);
+}

bramble-api/src/main/java/org/briarproject/bramble/api/rendezvous/RendezvousEndpoint.java

@@ -0,0 +1,26 @@
+package org.briarproject.bramble.api.rendezvous;
+
+import org.briarproject.bramble.api.properties.TransportProperties;
+
+import java.io.Closeable;
+import java.io.IOException;
+
+/**
+ * An interface for making and accepting rendezvous connections with a pending
+ * contact over a given transport.
+ */
+public interface RendezvousEndpoint extends Closeable {
+
+	/**
+	 * Returns a set of transport properties for connecting to the pending
+	 * contact.
+	 */
+	TransportProperties getRemoteTransportProperties();
+
+	/**
+	 * Closes the handler and releases any resources held by it, such as
+	 * network sockets.
+	 */
+	@Override
+	void close() throws IOException;
+}

bramble-api/src/main/java/org/briarproject/bramble/api/rendezvous/RendezvousPoller.java

@@ -0,0 +1,12 @@
+package org.briarproject.bramble.api.rendezvous;
+
+import org.briarproject.bramble.api.contact.PendingContactId;
+
+/**
+ * Interface for the poller that makes rendezvous connections to pending
+ * contacts.
+ */
+public interface RendezvousPoller {
+
+	long getLastPollTime(PendingContactId p);
+}

bramble-api/src/main/java/org/briarproject/bramble/api/rendezvous/event/RendezvousConnectionClosedEvent.java

@@ -0,0 +1,32 @@
+package org.briarproject.bramble.api.rendezvous.event;
+
+import org.briarproject.bramble.api.contact.PendingContactId;
+import org.briarproject.bramble.api.event.Event;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+import javax.annotation.concurrent.Immutable;
+
+/**
+ * An event that is broadcast when a rendezvous connection is closed.
+ */
+@Immutable
+@NotNullByDefault
+public class RendezvousConnectionClosedEvent extends Event {
+
+	private final PendingContactId pendingContactId;
+	private final boolean success;
+
+	public RendezvousConnectionClosedEvent(PendingContactId pendingContactId,
+			boolean success) {
+		this.pendingContactId = pendingContactId;
+		this.success = success;
+	}
+
+	public PendingContactId getPendingContactId() {
+		return pendingContactId;
+	}
+
+	public boolean isSuccess() {
+		return success;
+	}
+}

bramble-api/src/main/java/org/briarproject/bramble/api/rendezvous/event/RendezvousConnectionOpenedEvent.java

@@ -0,0 +1,25 @@
+package org.briarproject.bramble.api.rendezvous.event;
+
+import org.briarproject.bramble.api.contact.PendingContactId;
+import org.briarproject.bramble.api.event.Event;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+import javax.annotation.concurrent.Immutable;
+
+/**
+ * An event that is broadcast when a rendezvous connection is opened.
+ */
+@Immutable
+@NotNullByDefault
+public class RendezvousConnectionOpenedEvent extends Event {
+
+	private final PendingContactId pendingContactId;
+
+	public RendezvousConnectionOpenedEvent(PendingContactId pendingContactId) {
+		this.pendingContactId = pendingContactId;
+	}
+
+	public PendingContactId getPendingContactId() {
+		return pendingContactId;
+	}
+}

bramble-api/src/main/java/org/briarproject/bramble/api/rendezvous/event/RendezvousPollEvent.java

@@ -0,0 +1,36 @@
+package org.briarproject.bramble.api.rendezvous.event;
+
+import org.briarproject.bramble.api.contact.PendingContactId;
+import org.briarproject.bramble.api.event.Event;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.TransportId;
+
+import java.util.Collection;
+
+import javax.annotation.concurrent.Immutable;
+
+/**
+ * An event that is broadcast when a transport plugin is polled for connections
+ * to one or more pending contacts.
+ */
+@Immutable
+@NotNullByDefault
+public class RendezvousPollEvent extends Event {
+
+	private final TransportId transportId;
+	private final Collection<PendingContactId> pendingContacts;
+
+	public RendezvousPollEvent(TransportId transportId,
+			Collection<PendingContactId> pendingContacts) {
+		this.transportId = transportId;
+		this.pendingContacts = pendingContacts;
+	}
+
+	public TransportId getTransportId() {
+		return transportId;
+	}
+
+	public Collection<PendingContactId> getPendingContacts() {
+		return pendingContacts;
+	}
+}

bramble-api/src/main/java/org/briarproject/bramble/api/sync/Ack.java

@@ -1,10 +1,16 @@
 package org.briarproject.bramble.api.sync;
 
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
 import java.util.Collection;
 
+import javax.annotation.concurrent.Immutable;
+
 /**
  * A record acknowledging receipt of one or more {@link Message Messages}.
  */
+@Immutable
+@NotNullByDefault
 public class Ack {
 
 	private final Collection<MessageId> acked;

bramble-api/src/main/java/org/briarproject/bramble/api/sync/Message.java

@@ -1,8 +1,14 @@
 package org.briarproject.bramble.api.sync;
 
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+import javax.annotation.concurrent.Immutable;
+
 import static org.briarproject.bramble.api.sync.SyncConstants.MAX_MESSAGE_BODY_LENGTH;
 import static org.briarproject.bramble.api.sync.SyncConstants.MESSAGE_HEADER_LENGTH;
 
+@Immutable
+@NotNullByDefault
 public class Message {
 
 	/**

bramble-api/src/main/java/org/briarproject/bramble/api/sync/Offer.java

@@ -1,10 +1,16 @@
 package org.briarproject.bramble.api.sync;
 
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
 import java.util.Collection;
 
+import javax.annotation.concurrent.Immutable;
+
 /**
  * A record offering the recipient one or more {@link Message Messages}.
  */
+@Immutable
+@NotNullByDefault
 public class Offer {
 
 	private final Collection<MessageId> offered;

bramble-api/src/main/java/org/briarproject/bramble/api/sync/RecordTypes.java

@@ -9,5 +9,5 @@ public interface RecordTypes {
 	byte MESSAGE = 1;
 	byte OFFER = 2;
 	byte REQUEST = 3;
-
+	byte VERSIONS = 4;
 }

bramble-api/src/main/java/org/briarproject/bramble/api/sync/Request.java

@@ -1,10 +1,16 @@
 package org.briarproject.bramble.api.sync;
 
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
 import java.util.Collection;
 
+import javax.annotation.concurrent.Immutable;
+
 /**
  * A record requesting one or more {@link Message Messages} from the recipient.
  */
+@Immutable
+@NotNullByDefault
 public class Request {
 
 	private final Collection<MessageId> requested;

bramble-api/src/main/java/org/briarproject/bramble/api/sync/SyncConstants.java

@@ -2,6 +2,9 @@ package org.briarproject.bramble.api.sync;
 
 import org.briarproject.bramble.api.UniqueId;
 
+import java.util.List;
+
+import static java.util.Collections.singletonList;
 import static org.briarproject.bramble.api.record.Record.MAX_RECORD_PAYLOAD_BYTES;
 
 public interface SyncConstants {
@@ -11,6 +14,11 @@ public interface SyncConstants {
 	 */
 	byte PROTOCOL_VERSION = 0;
 
+	/**
+	 * The versions of the sync protocol this peer supports.
+	 */
+	List<Byte> SUPPORTED_VERSIONS = singletonList(PROTOCOL_VERSION);
+
 	/**
 	 * The maximum length of a group descriptor in bytes.
 	 */
@@ -35,4 +43,10 @@ public interface SyncConstants {
 	 * The maximum number of message IDs in an ack, offer or request record.
 	 */
 	int MAX_MESSAGE_IDS = MAX_RECORD_PAYLOAD_BYTES / UniqueId.LENGTH;
+
+	/**
+	 * The maximum number of versions of the sync protocol a peer may support
+	 * simultaneously.
+	 */
+	int MAX_SUPPORTED_VERSIONS = 10;
 }

bramble-api/src/main/java/org/briarproject/bramble/api/sync/SyncRecordReader.java

@@ -25,4 +25,7 @@ public interface SyncRecordReader {
 
 	Request readRequest() throws IOException;
 
+	boolean hasVersions() throws IOException;
+
+	Versions readVersions() throws IOException;
 }

bramble-api/src/main/java/org/briarproject/bramble/api/sync/SyncRecordWriter.java

@@ -15,5 +15,7 @@ public interface SyncRecordWriter {
 
 	void writeRequest(Request r) throws IOException;
 
+	void writeVersions(Versions v) throws IOException;
+
 	void flush() throws IOException;
 }

bramble-api/src/main/java/org/briarproject/bramble/api/sync/Versions.java

@@ -0,0 +1,26 @@
+package org.briarproject.bramble.api.sync;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+import java.util.List;
+
+import javax.annotation.concurrent.Immutable;
+
+/**
+ * A record telling the recipient which versions of the sync protocol the
+ * sender supports.
+ */
+@Immutable
+@NotNullByDefault
+public class Versions {
+
+	private final List<Byte> supported;
+
+	public Versions(List<Byte> supported) {
+		this.supported = supported;
+	}
+
+	public List<Byte> getSupportedVersions() {
+		return supported;
+	}
+}

bramble-api/src/main/java/org/briarproject/bramble/api/sync/event/SyncVersionsUpdatedEvent.java

@@ -0,0 +1,34 @@
+package org.briarproject.bramble.api.sync.event;
+
+import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.event.Event;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+import java.util.List;
+
+import javax.annotation.concurrent.Immutable;
+
+/**
+ * An event that is broadcast when the versions of the sync protocol supported
+ * by a contact are updated.
+ */
+@Immutable
+@NotNullByDefault
+public class SyncVersionsUpdatedEvent extends Event {
+
+	private final ContactId contactId;
+	private final List<Byte> supported;
+
+	public SyncVersionsUpdatedEvent(ContactId contactId, List<Byte> supported) {
+		this.contactId = contactId;
+		this.supported = supported;
+	}
+
+	public ContactId getContactId() {
+		return contactId;
+	}
+
+	public List<Byte> getSupportedVersions() {
+		return supported;
+	}
+}

bramble-api/src/main/java/org/briarproject/bramble/api/transport/KeyManager.java

@@ -2,11 +2,14 @@ package org.briarproject.bramble.api.transport;
 
 import org.briarproject.bramble.api.contact.ContactId;
 import org.briarproject.bramble.api.contact.PendingContactId;
+import org.briarproject.bramble.api.crypto.KeyPair;
+import org.briarproject.bramble.api.crypto.PublicKey;
 import org.briarproject.bramble.api.crypto.SecretKey;
 import org.briarproject.bramble.api.db.DbException;
 import org.briarproject.bramble.api.db.Transaction;
 import org.briarproject.bramble.api.plugin.TransportId;
 
+import java.security.GeneralSecurityException;
 import java.util.Map;
 
 import javax.annotation.Nullable;
@@ -18,9 +21,9 @@ import javax.annotation.Nullable;
 public interface KeyManager {
 
 	/**
-	 * Informs the key manager that a new contact has been added. Derives and
+	 * Derives and stores a set of rotation mode transport keys for
-	 * stores a set of rotation mode transport keys for communicating with the
+	 * communicating with the given contact over each transport and returns the
-	 * contact over each transport and returns the key set IDs.
+	 * key set IDs.
 	 * <p/>
 	 * {@link StreamContext StreamContexts} for the contact can be created
 	 * after this method has returned.
@@ -28,7 +31,7 @@ public interface KeyManager {
 	 * @param alice True if the local party is Alice
 	 * @param active Whether the derived keys can be used for outgoing streams
 	 */
-	Map<TransportId, KeySetId> addContactWithRotationKeys(Transaction txn,
+	Map<TransportId, KeySetId> addRotationKeys(Transaction txn,
 			ContactId c, SecretKey rootKey, long timestamp, boolean alice,
 			boolean active) throws DbException;
 
@@ -39,11 +42,10 @@ public interface KeyManager {
 	 * <p/>
 	 * {@link StreamContext StreamContexts} for the contact can be created
 	 * after this method has returned.
-	 *
-	 * @param alice True if the local party is Alice
 	 */
-	Map<TransportId, KeySetId> addContactWithHandshakeKeys(Transaction txn,
+	Map<TransportId, KeySetId> addContact(Transaction txn, ContactId c,
-			ContactId c, SecretKey rootKey, boolean alice) throws DbException;
+			PublicKey theirPublicKey, KeyPair ourKeyPair)
+			throws DbException, GeneralSecurityException;
 
 	/**
 	 * Informs the key manager that a new pending contact has been added.
@@ -53,12 +55,10 @@ public interface KeyManager {
 	 * <p/>
 	 * {@link StreamContext StreamContexts} for the pending contact can be
 	 * created after this method has returned.
-	 *
-	 * @param alice True if the local party is Alice
 	 */
 	Map<TransportId, KeySetId> addPendingContact(Transaction txn,
-			PendingContactId p, SecretKey rootKey, boolean alice)
+			PendingContactId p, PublicKey theirPublicKey, KeyPair ourKeyPair)
-			throws DbException;
+			throws DbException, GeneralSecurityException;
 
 	/**
 	 * Marks the given transport keys as usable for outgoing streams.

bramble-api/src/main/java/org/briarproject/bramble/api/transport/TransportConstants.java

@@ -63,14 +63,6 @@ public interface TransportConstants {
 	int MAX_PAYLOAD_LENGTH = MAX_FRAME_LENGTH - FRAME_HEADER_LENGTH
 			- MAC_LENGTH;
 
-	/**
-	 * The minimum stream length in bytes that all transport plugins must
-	 * support. Streams may be shorter than this length, but all transport
-	 * plugins must support streams of at least this length.
-	 */
-	int MIN_STREAM_LENGTH = STREAM_HEADER_LENGTH + FRAME_HEADER_LENGTH
-			+ MAC_LENGTH;
-
 	/**
 	 * The maximum difference in milliseconds between two peers' clocks.
 	 */
@@ -81,6 +73,26 @@ public interface TransportConstants {
 	 */
 	int REORDERING_WINDOW_SIZE = 32;
 
+	/**
+	 * Label for deriving the static master key from handshake key pairs.
+	 */
+	String STATIC_MASTER_KEY_LABEL =
+			"org.briarproject.bramble.transport/STATIC_MASTER_KEY";
+
+	/**
+	 * Label for deriving the handshake mode root key for a pending contact
+	 * from the static master key.
+	 */
+	String PENDING_CONTACT_ROOT_KEY_LABEL =
+			"org.briarproject.bramble.transport/PENDING_CONTACT_ROOT_KEY";
+
+	/**
+	 * Label for deriving the handshake mode root key for a contact from the
+	 * static master key.
+	 */
+	String CONTACT_ROOT_KEY_LABEL =
+			"org.briarproject.bramble.transport/CONTACT_ROOT_KEY";
+
 	/**
 	 * Label for deriving Alice's initial tag key from the root key in
 	 * rotation mode.

bramble-api/src/main/java/org/briarproject/bramble/api/versioning/ClientVersion.java

@@ -0,0 +1,63 @@
+package org.briarproject.bramble.api.versioning;
+
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.sync.ClientId;
+
+import javax.annotation.concurrent.Immutable;
+
+@Immutable
+@NotNullByDefault
+public class ClientVersion implements Comparable<ClientVersion> {
+
+	private final ClientMajorVersion majorVersion;
+	private final int minorVersion;
+
+	public ClientVersion(ClientMajorVersion majorVersion,
+			int minorVersion) {
+		this.majorVersion = majorVersion;
+		this.minorVersion = minorVersion;
+	}
+
+	public ClientVersion(ClientId clientId, int majorVersion,
+			int minorVersion) {
+		this(new ClientMajorVersion(clientId, majorVersion), minorVersion);
+	}
+
+	public ClientMajorVersion getClientMajorVersion() {
+		return majorVersion;
+	}
+
+	public ClientId getClientId() {
+		return majorVersion.getClientId();
+	}
+
+	public int getMajorVersion() {
+		return majorVersion.getMajorVersion();
+	}
+
+	public int getMinorVersion() {
+		return minorVersion;
+	}
+
+	@Override
+	public boolean equals(Object o) {
+		if (o instanceof ClientVersion) {
+			ClientVersion cv = (ClientVersion) o;
+			return majorVersion.equals(cv.majorVersion)
+					&& minorVersion == cv.minorVersion;
+		}
+		return false;
+	}
+
+	@Override
+	public int hashCode() {
+		return majorVersion.hashCode();
+	}
+
+	@Override
+	public int compareTo(ClientVersion cv) {
+		int compare = majorVersion.compareTo(cv.majorVersion);
+		if (compare != 0) return compare;
+		return minorVersion - cv.minorVersion;
+	}
+}

bramble-api/src/main/java/org/briarproject/bramble/api/versioning/event/ClientVersionUpdatedEvent.java

@@ -0,0 +1,34 @@
+package org.briarproject.bramble.api.versioning.event;
+
+import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.event.Event;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.versioning.ClientVersion;
+
+import javax.annotation.concurrent.Immutable;
+
+/**
+ * An event that is broadcast when we receive a client versioning update from
+ * a contact.
+ */
+@Immutable
+@NotNullByDefault
+public class ClientVersionUpdatedEvent extends Event {
+
+	private final ContactId contactId;
+	private final ClientVersion clientVersion;
+
+	public ClientVersionUpdatedEvent(ContactId contactId,
+			ClientVersion clientVersion) {
+		this.contactId = contactId;
+		this.clientVersion = clientVersion;
+	}
+
+	public ContactId getContactId() {
+		return contactId;
+	}
+
+	public ClientVersion getClientVersion() {
+		return clientVersion;
+	}
+}

bramble-api/src/test/java/org/briarproject/bramble/test/TestUtils.java

@@ -5,7 +5,6 @@ import org.briarproject.bramble.api.contact.Contact;
 import org.briarproject.bramble.api.contact.ContactId;
 import org.briarproject.bramble.api.contact.PendingContact;
 import org.briarproject.bramble.api.contact.PendingContactId;
-import org.briarproject.bramble.api.contact.PendingContactState;
 import org.briarproject.bramble.api.crypto.AgreementPrivateKey;
 import org.briarproject.bramble.api.crypto.AgreementPublicKey;
 import org.briarproject.bramble.api.crypto.PrivateKey;
@@ -181,10 +180,7 @@ public class TestUtils {
 		PendingContactId id = new PendingContactId(getRandomId());
 		PublicKey publicKey = getAgreementPublicKey();
 		String alias = getRandomString(nameLength);
-		int stateIndex =
+		return new PendingContact(id, publicKey, alias, timestamp);
-				random.nextInt(PendingContactState.values().length - 1);
-		PendingContactState state = PendingContactState.values()[stateIndex];
-		return new PendingContact(id, publicKey, alias, state, timestamp);
 	}
 
 	public static ContactId getContactId() {

bramble-api/witness.gradle

@@ -2,7 +2,7 @@ dependencyVerification {
     verify = [
         'cglib:cglib:3.2.0:cglib-3.2.0.jar:adb13bab79712ad6bdf1bd59f2a3918018a8016e722e8a357065afb9e6690861',
         'com.google.code.findbugs:jsr305:3.0.2:jsr305-3.0.2.jar:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7',
-        'com.google.dagger:dagger:2.22.1:dagger-2.22.1.jar:329d4340f24c4f5717af016c097e90668bfea2a5376e6aa9964b01cef3fd241a',
+        'com.google.dagger:dagger:2.24:dagger-2.24.jar:550a6e46a6dfcdf1d764887b6090cea94f783327e50e5c73754f18facfc70b64',
         'javax.inject:javax.inject:1:javax.inject-1.jar:91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff',
         'junit:junit:4.12:junit-4.12.jar:59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a',
         'org.apache.ant:ant-launcher:1.9.4:ant-launcher-1.9.4.jar:7bccea20b41801ca17bcbc909a78c835d0f443f12d639c77bd6ae3d05861608d',

bramble-core/build.gradle

@@ -17,7 +17,7 @@ dependencies {
 	implementation 'org.whispersystems:curve25519-java:0.5.0'
 	implementation 'org.briarproject:jtorctl:0.3'
 
-	annotationProcessor 'com.google.dagger:dagger-compiler:2.22.1'
+	annotationProcessor 'com.google.dagger:dagger-compiler:2.24'
 
 	testImplementation project(path: ':bramble-api', configuration: 'testOutput')
 	testImplementation 'org.hsqldb:hsqldb:2.3.5' // The last version that supports Java 1.6
@@ -26,7 +26,7 @@ dependencies {
 	testImplementation "org.jmock:jmock-junit4:2.8.2"
 	testImplementation "org.jmock:jmock-legacy:2.8.2"
 
-	testAnnotationProcessor 'com.google.dagger:dagger-compiler:2.22.1'
+	testAnnotationProcessor 'com.google.dagger:dagger-compiler:2.24'
 
 	signature 'org.codehaus.mojo.signature:java16:1.1@signature'
 }

bramble-core/src/main/java/org/briarproject/bramble/BrambleCoreEagerSingletons.java

@@ -7,7 +7,7 @@ import org.briarproject.bramble.identity.IdentityModule;
 import org.briarproject.bramble.lifecycle.LifecycleModule;
 import org.briarproject.bramble.plugin.PluginModule;
 import org.briarproject.bramble.properties.PropertiesModule;
-import org.briarproject.bramble.reporting.ReportingModule;
+import org.briarproject.bramble.rendezvous.RendezvousModule;
 import org.briarproject.bramble.sync.validation.ValidationModule;
 import org.briarproject.bramble.system.SystemModule;
 import org.briarproject.bramble.transport.TransportModule;
@@ -29,7 +29,7 @@ public interface BrambleCoreEagerSingletons {
 
 	void inject(PropertiesModule.EagerSingletons init);
 
-	void inject(ReportingModule.EagerSingletons init);
+	void inject(RendezvousModule.EagerSingletons init);
 
 	void inject(SystemModule.EagerSingletons init);
 
@@ -38,4 +38,22 @@ public interface BrambleCoreEagerSingletons {
 	void inject(ValidationModule.EagerSingletons init);
 
 	void inject(VersioningModule.EagerSingletons init);
+
+	class Helper {
+
+		public static void injectEagerSingletons(BrambleCoreEagerSingletons c) {
+			c.inject(new ContactModule.EagerSingletons());
+			c.inject(new CryptoExecutorModule.EagerSingletons());
+			c.inject(new DatabaseExecutorModule.EagerSingletons());
+			c.inject(new IdentityModule.EagerSingletons());
+			c.inject(new LifecycleModule.EagerSingletons());
+			c.inject(new RendezvousModule.EagerSingletons());
+			c.inject(new PluginModule.EagerSingletons());
+			c.inject(new PropertiesModule.EagerSingletons());
+			c.inject(new SystemModule.EagerSingletons());
+			c.inject(new TransportModule.EagerSingletons());
+			c.inject(new ValidationModule.EagerSingletons());
+			c.inject(new VersioningModule.EagerSingletons());
+		}
+	}
 }

bramble-core/src/main/java/org/briarproject/bramble/BrambleCoreModule.java

@@ -15,9 +15,8 @@ import org.briarproject.bramble.plugin.PluginModule;
 import org.briarproject.bramble.properties.PropertiesModule;
 import org.briarproject.bramble.record.RecordModule;
 import org.briarproject.bramble.reliability.ReliabilityModule;
-import org.briarproject.bramble.reporting.ReportingModule;
+import org.briarproject.bramble.rendezvous.RendezvousModule;
 import org.briarproject.bramble.settings.SettingsModule;
-import org.briarproject.bramble.socks.SocksModule;
 import org.briarproject.bramble.sync.SyncModule;
 import org.briarproject.bramble.sync.validation.ValidationModule;
 import org.briarproject.bramble.system.SystemModule;
@@ -42,9 +41,8 @@ import dagger.Module;
 		PropertiesModule.class,
 		RecordModule.class,
 		ReliabilityModule.class,
-		ReportingModule.class,
+		RendezvousModule.class,
 		SettingsModule.class,
-		SocksModule.class,
 		SyncModule.class,
 		SystemModule.class,
 		TransportModule.class,
@@ -52,19 +50,4 @@ import dagger.Module;
 		VersioningModule.class
 })
 public class BrambleCoreModule {
-
-	public static void initEagerSingletons(BrambleCoreEagerSingletons c) {
-		c.inject(new ContactModule.EagerSingletons());
-		c.inject(new CryptoExecutorModule.EagerSingletons());
-		c.inject(new DatabaseExecutorModule.EagerSingletons());
-		c.inject(new IdentityModule.EagerSingletons());
-		c.inject(new LifecycleModule.EagerSingletons());
-		c.inject(new PluginModule.EagerSingletons());
-		c.inject(new PropertiesModule.EagerSingletons());
-		c.inject(new ReportingModule.EagerSingletons());
-		c.inject(new SystemModule.EagerSingletons());
-		c.inject(new TransportModule.EagerSingletons());
-		c.inject(new ValidationModule.EagerSingletons());
-		c.inject(new VersioningModule.EagerSingletons());
-	}
 }

bramble-core/src/main/java/org/briarproject/bramble/account/AccountManagerImpl.java

@@ -2,6 +2,7 @@ package org.briarproject.bramble.account;
 
 import org.briarproject.bramble.api.account.AccountManager;
 import org.briarproject.bramble.api.crypto.CryptoComponent;
+import org.briarproject.bramble.api.crypto.KeyStrengthener;
 import org.briarproject.bramble.api.crypto.SecretKey;
 import org.briarproject.bramble.api.db.DatabaseConfig;
 import org.briarproject.bramble.api.identity.Identity;
@@ -19,6 +20,7 @@ import java.io.InputStreamReader;
 import java.util.logging.Logger;
 
 import javax.annotation.Nullable;
+import javax.annotation.concurrent.GuardedBy;
 import javax.inject.Inject;
 
 import static java.util.logging.Level.WARNING;
@@ -68,9 +70,10 @@ class AccountManagerImpl implements AccountManager {
 		return databaseKey;
 	}
 
-	// Locking: stateChangeLock
+	// Package access for testing
+	@GuardedBy("stateChangeLock")
 	@Nullable
-	protected String loadEncryptedDatabaseKey() {
+	String loadEncryptedDatabaseKey() {
 		String key = readDbKeyFromFile(dbKeyFile);
 		if (key == null) {
 			LOG.info("No database key in primary file");
@@ -83,7 +86,7 @@ class AccountManagerImpl implements AccountManager {
 		return key;
 	}
 
-	// Locking: stateChangeLock
+	@GuardedBy("stateChangeLock")
 	@Nullable
 	private String readDbKeyFromFile(File f) {
 		if (!f.exists()) {
@@ -102,8 +105,9 @@ class AccountManagerImpl implements AccountManager {
 		}
 	}
 
-	// Locking: stateChangeLock
+	// Package access for testing
-	protected boolean storeEncryptedDatabaseKey(String hex) {
+	@GuardedBy("stateChangeLock")
+	boolean storeEncryptedDatabaseKey(String hex) {
 		LOG.info("Storing database key in file");
 		// Create the directory if necessary
 		if (databaseConfig.getDatabaseKeyDirectory().mkdirs())
@@ -140,7 +144,7 @@ class AccountManagerImpl implements AccountManager {
 		}
 	}
 
-	// Locking: stateChangeLock
+	@GuardedBy("stateChangeLock")
 	private void writeDbKeyToFile(String key, File f) throws IOException {
 		FileOutputStream out = new FileOutputStream(f);
 		out.write(key.getBytes("UTF-8"));
@@ -170,10 +174,11 @@ class AccountManagerImpl implements AccountManager {
 		}
 	}
 
-	// Locking: stateChangeLock
+	@GuardedBy("stateChangeLock")
 	private boolean encryptAndStoreDatabaseKey(SecretKey key, String password) {
 		byte[] plaintext = key.getBytes();
-		byte[] ciphertext = crypto.encryptWithPassword(plaintext, password);
+		byte[] ciphertext = crypto.encryptWithPassword(plaintext, password,
+				databaseConfig.getKeyStrengthener());
 		return storeEncryptedDatabaseKey(toHexString(ciphertext));
 	}
 
@@ -197,7 +202,7 @@ class AccountManagerImpl implements AccountManager {
 		}
 	}
 
-	// Locking: stateChangeLock
+	@GuardedBy("stateChangeLock")
 	@Nullable
 	private SecretKey loadAndDecryptDatabaseKey(String password) {
 		String hex = loadEncryptedDatabaseKey();
@@ -206,12 +211,22 @@ class AccountManagerImpl implements AccountManager {
 			return null;
 		}
 		byte[] ciphertext = fromHexString(hex);
-		byte[] plaintext = crypto.decryptWithPassword(ciphertext, password);
+		KeyStrengthener keyStrengthener = databaseConfig.getKeyStrengthener();
+		byte[] plaintext = crypto.decryptWithPassword(ciphertext, password,
+				keyStrengthener);
 		if (plaintext == null) {
 			LOG.info("Failed to decrypt database key");
 			return null;
 		}
-		return new SecretKey(plaintext);
+		SecretKey key = new SecretKey(plaintext);
+		// If the DB key was encrypted with a weak key and a key strengthener
+		// is now available, re-encrypt the DB key with a strengthened key
+		if (keyStrengthener != null &&
+				!crypto.isEncryptedWithStrengthenedKey(ciphertext)) {
+			LOG.info("Re-encrypting database key with strengthened key");
+			encryptAndStoreDatabaseKey(key, password);
+		}
+		return key;
 	}
 
 	@Override

bramble-core/src/main/java/org/briarproject/bramble/client/ClientHelperImpl.java

@@ -85,14 +85,21 @@ class ClientHelperImpl implements ClientHelper {
 	@Override
 	public void addLocalMessage(Message m, BdfDictionary metadata,
 			boolean shared) throws DbException, FormatException {
-		db.transaction(false, txn -> addLocalMessage(txn, m, metadata, shared));
+		db.transaction(false, txn -> addLocalMessage(txn, m, metadata, shared,
+				false));
 	}
 
 	@Override
 	public void addLocalMessage(Transaction txn, Message m,
-			BdfDictionary metadata, boolean shared)
+			BdfDictionary metadata, boolean shared, boolean temporary)
 			throws DbException, FormatException {
-		db.addLocalMessage(txn, m, metadataEncoder.encode(metadata), shared);
+		db.addLocalMessage(txn, m, metadataEncoder.encode(metadata), shared,
+				temporary);
+	}
+
+	@Override
+	public Message createMessage(GroupId g, long timestamp, byte[] body) {
+		return messageFactory.createMessage(g, timestamp, body);
 	}
 
 	@Override

bramble-core/src/main/java/org/briarproject/bramble/client/ContactGroupFactoryImpl.java

@@ -1,6 +1,5 @@
 package org.briarproject.bramble.client;
 
-import org.briarproject.bramble.api.Bytes;
 import org.briarproject.bramble.api.FormatException;
 import org.briarproject.bramble.api.client.ClientHelper;
 import org.briarproject.bramble.api.client.ContactGroupFactory;
@@ -55,7 +54,7 @@ class ContactGroupFactoryImpl implements ContactGroupFactory {
 
 	private byte[] createGroupDescriptor(AuthorId local, AuthorId remote) {
 		try {
-			if (Bytes.COMPARATOR.compare(local, remote) < 0)
+			if (local.compareTo(remote) < 0)
 				return clientHelper.toByteArray(BdfList.of(local, remote));
 			else return clientHelper.toByteArray(BdfList.of(remote, local));
 		} catch (FormatException e) {

bramble-core/src/main/java/org/briarproject/bramble/contact/ContactExchangeConstants.java

@@ -1,16 +1,6 @@
-package org.briarproject.bramble.api.contact;
+package org.briarproject.bramble.contact;
 
-import org.briarproject.bramble.api.crypto.SecretKey;
+interface ContactExchangeConstants {
-import org.briarproject.bramble.api.identity.LocalAuthor;
-import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
-import org.briarproject.bramble.api.plugin.TransportId;
-import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
-
-/**
- * A task for conducting a contact information exchange with a remote peer.
- */
-@NotNullByDefault
-public interface ContactExchangeTask {
 
 	/**
 	 * The current version of the contact exchange protocol.
@@ -39,9 +29,7 @@ public interface ContactExchangeTask {
 	String BOB_NONCE_LABEL = "org.briarproject.bramble.contact/BOB_NONCE";
 
 	/**
-	 * Exchanges contact information with a remote peer.
+	 * Label for signing key binding nonces.
 	 */
-	void startExchange(LocalAuthor localAuthor, SecretKey masterKey,
+	String SIGNING_LABEL = "org.briarproject.briar.contact/EXCHANGE";
-			DuplexTransportConnection conn, TransportId transportId,
-			boolean alice);
 }

bramble-core/src/main/java/org/briarproject/bramble/contact/ContactExchangeCrypto.java

@@ -0,0 +1,35 @@
+package org.briarproject.bramble.contact;
+
+import org.briarproject.bramble.api.crypto.PrivateKey;
+import org.briarproject.bramble.api.crypto.PublicKey;
+import org.briarproject.bramble.api.crypto.SecretKey;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+@NotNullByDefault
+interface ContactExchangeCrypto {
+
+	/**
+	 * Derives the header key for a contact exchange stream from the master key.
+	 *
+	 * @param alice Whether the header key is for the stream sent by Alice
+	 */
+	SecretKey deriveHeaderKey(SecretKey masterKey, boolean alice);
+
+	/**
+	 * Creates and returns a signature that proves ownership of a pseudonym.
+	 *
+	 * @param privateKey The pseudonym's signature private key
+	 * @param alice Whether the pseudonym belongs to Alice
+	 */
+	byte[] sign(PrivateKey privateKey, SecretKey masterKey, boolean alice);
+
+	/**
+	 * Verifies a signature that proves ownership of a pseudonym.
+	 *
+	 * @param publicKey The pseudonym's signature public key
+	 * @param alice Whether the pseudonym belongs to Alice
+	 * @return True if the signature is valid
+	 */
+	boolean verify(PublicKey publicKey, SecretKey masterKey, boolean alice,
+			byte[] signature);
+}

bramble-core/src/main/java/org/briarproject/bramble/contact/ContactExchangeCryptoImpl.java

@@ -0,0 +1,66 @@
+package org.briarproject.bramble.contact;
+
+import org.briarproject.bramble.api.crypto.CryptoComponent;
+import org.briarproject.bramble.api.crypto.PrivateKey;
+import org.briarproject.bramble.api.crypto.PublicKey;
+import org.briarproject.bramble.api.crypto.SecretKey;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+import java.security.GeneralSecurityException;
+
+import javax.inject.Inject;
+
+import static org.briarproject.bramble.contact.ContactExchangeConstants.ALICE_KEY_LABEL;
+import static org.briarproject.bramble.contact.ContactExchangeConstants.ALICE_NONCE_LABEL;
+import static org.briarproject.bramble.contact.ContactExchangeConstants.BOB_KEY_LABEL;
+import static org.briarproject.bramble.contact.ContactExchangeConstants.BOB_NONCE_LABEL;
+import static org.briarproject.bramble.contact.ContactExchangeConstants.PROTOCOL_VERSION;
+import static org.briarproject.bramble.contact.ContactExchangeConstants.SIGNING_LABEL;
+
+@NotNullByDefault
+class ContactExchangeCryptoImpl implements ContactExchangeCrypto {
+
+	private static final byte[] PROTOCOL_VERSION_BYTES =
+			new byte[] {PROTOCOL_VERSION};
+
+	private final CryptoComponent crypto;
+
+	@Inject
+	ContactExchangeCryptoImpl(CryptoComponent crypto) {
+		this.crypto = crypto;
+	}
+
+	@Override
+	public SecretKey deriveHeaderKey(SecretKey masterKey, boolean alice) {
+		String label = alice ? ALICE_KEY_LABEL : BOB_KEY_LABEL;
+		return crypto.deriveKey(label, masterKey, PROTOCOL_VERSION_BYTES);
+	}
+
+	@Override
+	public byte[] sign(PrivateKey privateKey, SecretKey masterKey,
+			boolean alice) {
+		byte[] nonce = deriveNonce(masterKey, alice);
+		try {
+			return crypto.sign(SIGNING_LABEL, nonce, privateKey);
+		} catch (GeneralSecurityException e) {
+			throw new AssertionError();
+		}
+	}
+
+	@Override
+	public boolean verify(PublicKey publicKey,
+			SecretKey masterKey, boolean alice, byte[] signature) {
+		byte[] nonce = deriveNonce(masterKey, alice);
+		try {
+			return crypto.verifySignature(signature, SIGNING_LABEL, nonce,
+					publicKey);
+		} catch (GeneralSecurityException e) {
+			return false;
+		}
+	}
+
+	private byte[] deriveNonce(SecretKey masterKey, boolean alice) {
+		String label = alice ? ALICE_NONCE_LABEL : BOB_NONCE_LABEL;
+		return crypto.mac(label, masterKey, PROTOCOL_VERSION_BYTES);
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/contact/ContactExchangeManagerImpl.java

@@ -0,0 +1,273 @@
+package org.briarproject.bramble.contact;
+
+import org.briarproject.bramble.api.FormatException;
+import org.briarproject.bramble.api.Predicate;
+import org.briarproject.bramble.api.client.ClientHelper;
+import org.briarproject.bramble.api.contact.Contact;
+import org.briarproject.bramble.api.contact.ContactExchangeManager;
+import org.briarproject.bramble.api.contact.ContactId;
+import org.briarproject.bramble.api.contact.ContactManager;
+import org.briarproject.bramble.api.contact.PendingContactId;
+import org.briarproject.bramble.api.crypto.PublicKey;
+import org.briarproject.bramble.api.crypto.SecretKey;
+import org.briarproject.bramble.api.data.BdfDictionary;
+import org.briarproject.bramble.api.data.BdfList;
+import org.briarproject.bramble.api.db.DatabaseComponent;
+import org.briarproject.bramble.api.db.DbException;
+import org.briarproject.bramble.api.db.Transaction;
+import org.briarproject.bramble.api.identity.Author;
+import org.briarproject.bramble.api.identity.IdentityManager;
+import org.briarproject.bramble.api.identity.LocalAuthor;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
+import org.briarproject.bramble.api.properties.TransportProperties;
+import org.briarproject.bramble.api.properties.TransportPropertyManager;
+import org.briarproject.bramble.api.record.Record;
+import org.briarproject.bramble.api.record.RecordReader;
+import org.briarproject.bramble.api.record.RecordReaderFactory;
+import org.briarproject.bramble.api.record.RecordWriter;
+import org.briarproject.bramble.api.record.RecordWriterFactory;
+import org.briarproject.bramble.api.system.Clock;
+import org.briarproject.bramble.api.transport.StreamReaderFactory;
+import org.briarproject.bramble.api.transport.StreamWriter;
+import org.briarproject.bramble.api.transport.StreamWriterFactory;
+
+import java.io.EOFException;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.security.GeneralSecurityException;
+import java.util.Map;
+import java.util.logging.Logger;
+
+import javax.annotation.Nullable;
+import javax.annotation.concurrent.Immutable;
+import javax.inject.Inject;
+
+import static java.util.logging.Logger.getLogger;
+import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_SIGNATURE_LENGTH;
+import static org.briarproject.bramble.contact.ContactExchangeConstants.PROTOCOL_VERSION;
+import static org.briarproject.bramble.contact.ContactExchangeRecordTypes.CONTACT_INFO;
+import static org.briarproject.bramble.util.ValidationUtils.checkLength;
+import static org.briarproject.bramble.util.ValidationUtils.checkSize;
+
+@Immutable
+@NotNullByDefault
+class ContactExchangeManagerImpl implements ContactExchangeManager {
+
+	private static final Logger LOG =
+			getLogger(ContactExchangeManagerImpl.class.getName());
+
+	// Accept records with current protocol version, known record type
+	private static final Predicate<Record> ACCEPT = r ->
+			r.getProtocolVersion() == PROTOCOL_VERSION &&
+					isKnownRecordType(r.getRecordType());
+
+	// Ignore records with current protocol version, unknown record type
+	private static final Predicate<Record> IGNORE = r ->
+			r.getProtocolVersion() == PROTOCOL_VERSION &&
+					!isKnownRecordType(r.getRecordType());
+
+	private static boolean isKnownRecordType(byte type) {
+		return type == CONTACT_INFO;
+	}
+
+	private final DatabaseComponent db;
+	private final ClientHelper clientHelper;
+	private final RecordReaderFactory recordReaderFactory;
+	private final RecordWriterFactory recordWriterFactory;
+	private final Clock clock;
+	private final ContactManager contactManager;
+	private final IdentityManager identityManager;
+	private final TransportPropertyManager transportPropertyManager;
+	private final ContactExchangeCrypto contactExchangeCrypto;
+	private final StreamReaderFactory streamReaderFactory;
+	private final StreamWriterFactory streamWriterFactory;
+
+	@Inject
+	ContactExchangeManagerImpl(DatabaseComponent db, ClientHelper clientHelper,
+			RecordReaderFactory recordReaderFactory,
+			RecordWriterFactory recordWriterFactory, Clock clock,
+			ContactManager contactManager, IdentityManager identityManager,
+			TransportPropertyManager transportPropertyManager,
+			ContactExchangeCrypto contactExchangeCrypto,
+			StreamReaderFactory streamReaderFactory,
+			StreamWriterFactory streamWriterFactory) {
+		this.db = db;
+		this.clientHelper = clientHelper;
+		this.recordReaderFactory = recordReaderFactory;
+		this.recordWriterFactory = recordWriterFactory;
+		this.clock = clock;
+		this.contactManager = contactManager;
+		this.identityManager = identityManager;
+		this.transportPropertyManager = transportPropertyManager;
+		this.contactExchangeCrypto = contactExchangeCrypto;
+		this.streamReaderFactory = streamReaderFactory;
+		this.streamWriterFactory = streamWriterFactory;
+	}
+
+	@Override
+	public Contact exchangeContacts(DuplexTransportConnection conn,
+			SecretKey masterKey, boolean alice,
+			boolean verified) throws IOException, DbException {
+		return exchange(null, conn, masterKey, alice, verified);
+	}
+
+	@Override
+	public Contact exchangeContacts(PendingContactId p,
+			DuplexTransportConnection conn, SecretKey masterKey, boolean alice,
+			boolean verified) throws IOException, DbException {
+		return exchange(p, conn, masterKey, alice, verified);
+	}
+
+	private Contact exchange(@Nullable PendingContactId p,
+			DuplexTransportConnection conn, SecretKey masterKey, boolean alice,
+			boolean verified) throws IOException, DbException {
+		// Get the transport connection's input and output streams
+		InputStream in = conn.getReader().getInputStream();
+		OutputStream out = conn.getWriter().getOutputStream();
+
+		// Get the local author and transport properties
+		LocalAuthor localAuthor = identityManager.getLocalAuthor();
+		Map<TransportId, TransportProperties> localProperties =
+				transportPropertyManager.getLocalProperties();
+
+		// Derive the header keys for the transport streams
+		SecretKey localHeaderKey =
+				contactExchangeCrypto.deriveHeaderKey(masterKey, alice);
+		SecretKey remoteHeaderKey =
+				contactExchangeCrypto.deriveHeaderKey(masterKey, !alice);
+
+		// Create the readers
+		InputStream streamReader = streamReaderFactory
+				.createContactExchangeStreamReader(in, remoteHeaderKey);
+		RecordReader recordReader =
+				recordReaderFactory.createRecordReader(streamReader);
+
+		// Create the writers
+		StreamWriter streamWriter = streamWriterFactory
+				.createContactExchangeStreamWriter(out, localHeaderKey);
+		RecordWriter recordWriter = recordWriterFactory
+				.createRecordWriter(streamWriter.getOutputStream());
+
+		// Create our signature
+		byte[] localSignature = contactExchangeCrypto
+				.sign(localAuthor.getPrivateKey(), masterKey, alice);
+
+		// Exchange contact info
+		long localTimestamp = clock.currentTimeMillis();
+		ContactInfo remoteInfo;
+		if (alice) {
+			sendContactInfo(recordWriter, localAuthor, localProperties,
+					localSignature, localTimestamp);
+			remoteInfo = receiveContactInfo(recordReader);
+		} else {
+			remoteInfo = receiveContactInfo(recordReader);
+			sendContactInfo(recordWriter, localAuthor, localProperties,
+					localSignature, localTimestamp);
+		}
+
+		// Send EOF on the outgoing stream
+		streamWriter.sendEndOfStream();
+
+		// Skip any remaining records from the incoming stream
+		recordReader.readRecord(r -> false, IGNORE);
+
+		// Verify the contact's signature
+		PublicKey remotePublicKey = remoteInfo.author.getPublicKey();
+		if (!contactExchangeCrypto.verify(remotePublicKey,
+				masterKey, !alice, remoteInfo.signature)) {
+			LOG.warning("Invalid signature");
+			throw new FormatException();
+		}
+
+		// The agreed timestamp is the minimum of the peers' timestamps
+		long timestamp = Math.min(localTimestamp, remoteInfo.timestamp);
+
+		// Add the contact
+		Contact contact = addContact(p, remoteInfo.author, localAuthor,
+				masterKey, timestamp, alice, verified, remoteInfo.properties);
+
+		// Contact exchange succeeded
+		LOG.info("Contact exchange succeeded");
+		return contact;
+	}
+
+	private void sendContactInfo(RecordWriter recordWriter, Author author,
+			Map<TransportId, TransportProperties> properties, byte[] signature,
+			long timestamp) throws IOException {
+		BdfList authorList = clientHelper.toList(author);
+		BdfDictionary props = clientHelper.toDictionary(properties);
+		BdfList payload = BdfList.of(authorList, props, signature, timestamp);
+		recordWriter.writeRecord(new Record(PROTOCOL_VERSION, CONTACT_INFO,
+				clientHelper.toByteArray(payload)));
+		recordWriter.flush();
+		LOG.info("Sent contact info");
+	}
+
+	private ContactInfo receiveContactInfo(RecordReader recordReader)
+			throws IOException {
+		Record record = recordReader.readRecord(ACCEPT, IGNORE);
+		if (record == null) throw new EOFException();
+		LOG.info("Received contact info");
+		BdfList payload = clientHelper.toList(record.getPayload());
+		checkSize(payload, 4);
+		Author author = clientHelper.parseAndValidateAuthor(payload.getList(0));
+		BdfDictionary props = payload.getDictionary(1);
+		Map<TransportId, TransportProperties> properties =
+				clientHelper.parseAndValidateTransportPropertiesMap(props);
+		byte[] signature = payload.getRaw(2);
+		checkLength(signature, 1, MAX_SIGNATURE_LENGTH);
+		long timestamp = payload.getLong(3);
+		if (timestamp < 0) throw new FormatException();
+		return new ContactInfo(author, properties, signature, timestamp);
+	}
+
+	private Contact addContact(@Nullable PendingContactId pendingContactId,
+			Author remoteAuthor, LocalAuthor localAuthor, SecretKey masterKey,
+			long timestamp, boolean alice, boolean verified,
+			Map<TransportId, TransportProperties> remoteProperties)
+			throws DbException, FormatException {
+		Transaction txn = db.startTransaction(false);
+		try {
+			ContactId contactId;
+			if (pendingContactId == null) {
+				contactId = contactManager.addContact(txn, remoteAuthor,
+						localAuthor.getId(), masterKey, timestamp, alice,
+						verified, true);
+			} else {
+				contactId = contactManager.addContact(txn, pendingContactId,
+						remoteAuthor, localAuthor.getId(), masterKey,
+						timestamp, alice, verified, true);
+			}
+			transportPropertyManager.addRemoteProperties(txn, contactId,
+					remoteProperties);
+			Contact contact = contactManager.getContact(txn, contactId);
+			db.commitTransaction(txn);
+			return contact;
+		} catch (GeneralSecurityException e) {
+			// Pending contact's public key is invalid
+			throw new FormatException();
+		} finally {
+			db.endTransaction(txn);
+		}
+	}
+
+	private static class ContactInfo {
+
+		private final Author author;
+		private final Map<TransportId, TransportProperties> properties;
+		private final byte[] signature;
+		private final long timestamp;
+
+		private ContactInfo(Author author,
+				Map<TransportId, TransportProperties> properties,
+				byte[] signature, long timestamp) {
+			this.author = author;
+			this.properties = properties;
+			this.signature = signature;
+			this.timestamp = timestamp;
+		}
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/contact/ContactExchangeRecordTypes.java

@@ -1,9 +1,9 @@
-package org.briarproject.bramble.api.contact;
+package org.briarproject.bramble.contact;
 
 /**
  * Record types for the contact exchange protocol.
  */
-public interface RecordTypes {
+interface ContactExchangeRecordTypes {
 
 	byte CONTACT_INFO = 0;
 }

bramble-core/src/main/java/org/briarproject/bramble/contact/ContactExchangeTaskImpl.java

@@ -1,330 +0,0 @@
-package org.briarproject.bramble.contact;
-
-import org.briarproject.bramble.api.FormatException;
-import org.briarproject.bramble.api.client.ClientHelper;
-import org.briarproject.bramble.api.contact.ContactExchangeTask;
-import org.briarproject.bramble.api.contact.ContactId;
-import org.briarproject.bramble.api.contact.ContactManager;
-import org.briarproject.bramble.api.contact.event.ContactExchangeFailedEvent;
-import org.briarproject.bramble.api.contact.event.ContactExchangeSucceededEvent;
-import org.briarproject.bramble.api.crypto.CryptoComponent;
-import org.briarproject.bramble.api.crypto.SecretKey;
-import org.briarproject.bramble.api.data.BdfDictionary;
-import org.briarproject.bramble.api.data.BdfList;
-import org.briarproject.bramble.api.db.ContactExistsException;
-import org.briarproject.bramble.api.db.DatabaseComponent;
-import org.briarproject.bramble.api.db.DbException;
-import org.briarproject.bramble.api.event.EventBus;
-import org.briarproject.bramble.api.identity.Author;
-import org.briarproject.bramble.api.identity.LocalAuthor;
-import org.briarproject.bramble.api.nullsafety.MethodsNotNullByDefault;
-import org.briarproject.bramble.api.nullsafety.ParametersNotNullByDefault;
-import org.briarproject.bramble.api.plugin.ConnectionManager;
-import org.briarproject.bramble.api.plugin.TransportId;
-import org.briarproject.bramble.api.plugin.duplex.DuplexTransportConnection;
-import org.briarproject.bramble.api.properties.TransportProperties;
-import org.briarproject.bramble.api.properties.TransportPropertyManager;
-import org.briarproject.bramble.api.record.Record;
-import org.briarproject.bramble.api.record.RecordReader;
-import org.briarproject.bramble.api.record.RecordReaderFactory;
-import org.briarproject.bramble.api.record.RecordWriter;
-import org.briarproject.bramble.api.record.RecordWriterFactory;
-import org.briarproject.bramble.api.system.Clock;
-import org.briarproject.bramble.api.transport.StreamReaderFactory;
-import org.briarproject.bramble.api.transport.StreamWriter;
-import org.briarproject.bramble.api.transport.StreamWriterFactory;
-
-import java.io.EOFException;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.security.GeneralSecurityException;
-import java.util.Map;
-import java.util.logging.Logger;
-
-import javax.inject.Inject;
-
-import static java.util.logging.Level.WARNING;
-import static org.briarproject.bramble.api.contact.RecordTypes.CONTACT_INFO;
-import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_SIGNATURE_LENGTH;
-import static org.briarproject.bramble.util.LogUtils.logException;
-import static org.briarproject.bramble.util.ValidationUtils.checkLength;
-import static org.briarproject.bramble.util.ValidationUtils.checkSize;
-
-@MethodsNotNullByDefault
-@ParametersNotNullByDefault
-class ContactExchangeTaskImpl extends Thread implements ContactExchangeTask {
-
-	private static final Logger LOG =
-			Logger.getLogger(ContactExchangeTaskImpl.class.getName());
-
-	private static final String SIGNING_LABEL_EXCHANGE =
-			"org.briarproject.briar.contact/EXCHANGE";
-
-	private final DatabaseComponent db;
-	private final ClientHelper clientHelper;
-	private final RecordReaderFactory recordReaderFactory;
-	private final RecordWriterFactory recordWriterFactory;
-	private final EventBus eventBus;
-	private final Clock clock;
-	private final ConnectionManager connectionManager;
-	private final ContactManager contactManager;
-	private final TransportPropertyManager transportPropertyManager;
-	private final CryptoComponent crypto;
-	private final StreamReaderFactory streamReaderFactory;
-	private final StreamWriterFactory streamWriterFactory;
-
-	private volatile LocalAuthor localAuthor;
-	private volatile DuplexTransportConnection conn;
-	private volatile TransportId transportId;
-	private volatile SecretKey masterKey;
-	private volatile boolean alice;
-
-	@Inject
-	ContactExchangeTaskImpl(DatabaseComponent db, ClientHelper clientHelper,
-			RecordReaderFactory recordReaderFactory,
-			RecordWriterFactory recordWriterFactory, EventBus eventBus,
-			Clock clock, ConnectionManager connectionManager,
-			ContactManager contactManager,
-			TransportPropertyManager transportPropertyManager,
-			CryptoComponent crypto, StreamReaderFactory streamReaderFactory,
-			StreamWriterFactory streamWriterFactory) {
-		this.db = db;
-		this.clientHelper = clientHelper;
-		this.recordReaderFactory = recordReaderFactory;
-		this.recordWriterFactory = recordWriterFactory;
-		this.eventBus = eventBus;
-		this.clock = clock;
-		this.connectionManager = connectionManager;
-		this.contactManager = contactManager;
-		this.transportPropertyManager = transportPropertyManager;
-		this.crypto = crypto;
-		this.streamReaderFactory = streamReaderFactory;
-		this.streamWriterFactory = streamWriterFactory;
-	}
-
-	@Override
-	public void startExchange(LocalAuthor localAuthor, SecretKey masterKey,
-			DuplexTransportConnection conn, TransportId transportId,
-			boolean alice) {
-		this.localAuthor = localAuthor;
-		this.conn = conn;
-		this.transportId = transportId;
-		this.masterKey = masterKey;
-		this.alice = alice;
-		start();
-	}
-
-	@Override
-	public void run() {
-		// Get the transport connection's input and output streams
-		InputStream in;
-		OutputStream out;
-		try {
-			in = conn.getReader().getInputStream();
-			out = conn.getWriter().getOutputStream();
-		} catch (IOException e) {
-			logException(LOG, WARNING, e);
-			tryToClose(conn);
-			eventBus.broadcast(new ContactExchangeFailedEvent());
-			return;
-		}
-
-		// Get the local transport properties
-		Map<TransportId, TransportProperties> localProperties;
-		try {
-			localProperties = transportPropertyManager.getLocalProperties();
-		} catch (DbException e) {
-			logException(LOG, WARNING, e);
-			eventBus.broadcast(new ContactExchangeFailedEvent());
-			tryToClose(conn);
-			return;
-		}
-
-		// Derive the header keys for the transport streams
-		SecretKey aliceHeaderKey = crypto.deriveKey(ALICE_KEY_LABEL, masterKey,
-				new byte[] {PROTOCOL_VERSION});
-		SecretKey bobHeaderKey = crypto.deriveKey(BOB_KEY_LABEL, masterKey,
-				new byte[] {PROTOCOL_VERSION});
-
-		// Create the readers
-		InputStream streamReader =
-				streamReaderFactory.createContactExchangeStreamReader(in,
-						alice ? bobHeaderKey : aliceHeaderKey);
-		RecordReader recordReader =
-				recordReaderFactory.createRecordReader(streamReader);
-
-		// Create the writers
-		StreamWriter streamWriter =
-				streamWriterFactory.createContactExchangeStreamWriter(out,
-						alice ? aliceHeaderKey : bobHeaderKey);
-		RecordWriter recordWriter =
-				recordWriterFactory
-						.createRecordWriter(streamWriter.getOutputStream());
-
-		// Derive the nonces to be signed
-		byte[] aliceNonce = crypto.mac(ALICE_NONCE_LABEL, masterKey,
-				new byte[] {PROTOCOL_VERSION});
-		byte[] bobNonce = crypto.mac(BOB_NONCE_LABEL, masterKey,
-				new byte[] {PROTOCOL_VERSION});
-		byte[] localNonce = alice ? aliceNonce : bobNonce;
-		byte[] remoteNonce = alice ? bobNonce : aliceNonce;
-
-		// Sign the nonce
-		byte[] localSignature = sign(localAuthor, localNonce);
-
-		// Exchange contact info
-		long localTimestamp = clock.currentTimeMillis();
-		ContactInfo remoteInfo;
-		try {
-			if (alice) {
-				sendContactInfo(recordWriter, localAuthor, localProperties,
-						localSignature, localTimestamp);
-				recordWriter.flush();
-				remoteInfo = receiveContactInfo(recordReader);
-			} else {
-				remoteInfo = receiveContactInfo(recordReader);
-				sendContactInfo(recordWriter, localAuthor, localProperties,
-						localSignature, localTimestamp);
-				recordWriter.flush();
-			}
-			// Send EOF on the outgoing stream
-			streamWriter.sendEndOfStream();
-			// Skip any remaining records from the incoming stream
-			try {
-				while (true) recordReader.readRecord();
-			} catch (EOFException expected) {
-				LOG.info("End of stream");
-			}
-		} catch (IOException e) {
-			logException(LOG, WARNING, e);
-			eventBus.broadcast(new ContactExchangeFailedEvent());
-			tryToClose(conn);
-			return;
-		}
-
-		// Verify the contact's signature
-		if (!verify(remoteInfo.author, remoteNonce, remoteInfo.signature)) {
-			LOG.warning("Invalid signature");
-			eventBus.broadcast(new ContactExchangeFailedEvent());
-			tryToClose(conn);
-			return;
-		}
-
-		// The agreed timestamp is the minimum of the peers' timestamps
-		long timestamp = Math.min(localTimestamp, remoteInfo.timestamp);
-
-		try {
-			// Add the contact
-			ContactId contactId = addContact(remoteInfo.author, timestamp,
-					remoteInfo.properties);
-			// Reuse the connection as a transport connection
-			connectionManager.manageOutgoingConnection(contactId, transportId,
-					conn);
-			// Pseudonym exchange succeeded
-			LOG.info("Pseudonym exchange succeeded");
-			eventBus.broadcast(
-					new ContactExchangeSucceededEvent(remoteInfo.author));
-		} catch (ContactExistsException e) {
-			logException(LOG, WARNING, e);
-			tryToClose(conn);
-			eventBus.broadcast(
-					new ContactExchangeFailedEvent(remoteInfo.author));
-		} catch (DbException e) {
-			logException(LOG, WARNING, e);
-			tryToClose(conn);
-			eventBus.broadcast(new ContactExchangeFailedEvent());
-		}
-	}
-
-	private byte[] sign(LocalAuthor author, byte[] nonce) {
-		try {
-			return crypto.sign(SIGNING_LABEL_EXCHANGE, nonce,
-					author.getPrivateKey());
-		} catch (GeneralSecurityException e) {
-			throw new AssertionError();
-		}
-	}
-
-	private boolean verify(Author author, byte[] nonce, byte[] signature) {
-		try {
-			return crypto.verifySignature(signature, SIGNING_LABEL_EXCHANGE,
-					nonce, author.getPublicKey());
-		} catch (GeneralSecurityException e) {
-			return false;
-		}
-	}
-
-	private void sendContactInfo(RecordWriter recordWriter, Author author,
-			Map<TransportId, TransportProperties> properties, byte[] signature,
-			long timestamp) throws IOException {
-		BdfList authorList = clientHelper.toList(author);
-		BdfDictionary props = clientHelper.toDictionary(properties);
-		BdfList payload = BdfList.of(authorList, props, signature, timestamp);
-		recordWriter.writeRecord(new Record(PROTOCOL_VERSION, CONTACT_INFO,
-				clientHelper.toByteArray(payload)));
-		LOG.info("Sent contact info");
-	}
-
-	private ContactInfo receiveContactInfo(RecordReader recordReader)
-			throws IOException {
-		Record record;
-		do {
-			record = recordReader.readRecord();
-			if (record.getProtocolVersion() != PROTOCOL_VERSION)
-				throw new FormatException();
-		} while (record.getRecordType() != CONTACT_INFO);
-		LOG.info("Received contact info");
-		BdfList payload = clientHelper.toList(record.getPayload());
-		checkSize(payload, 4);
-		Author author = clientHelper.parseAndValidateAuthor(payload.getList(0));
-		BdfDictionary props = payload.getDictionary(1);
-		Map<TransportId, TransportProperties> properties =
-				clientHelper.parseAndValidateTransportPropertiesMap(props);
-		byte[] signature = payload.getRaw(2);
-		checkLength(signature, 1, MAX_SIGNATURE_LENGTH);
-		long timestamp = payload.getLong(3);
-		if (timestamp < 0) throw new FormatException();
-		return new ContactInfo(author, properties, signature, timestamp);
-	}
-
-	private ContactId addContact(Author remoteAuthor, long timestamp,
-			Map<TransportId, TransportProperties> remoteProperties)
-			throws DbException {
-		return db.transactionWithResult(false, txn -> {
-			ContactId contactId = contactManager.addContact(txn, remoteAuthor,
-					localAuthor.getId(), masterKey, timestamp, alice,
-					true, true);
-			transportPropertyManager.addRemoteProperties(txn, contactId,
-					remoteProperties);
-			return contactId;
-		});
-	}
-
-	private void tryToClose(DuplexTransportConnection conn) {
-		try {
-			LOG.info("Closing connection");
-			conn.getReader().dispose(true, true);
-			conn.getWriter().dispose(true);
-		} catch (IOException e) {
-			logException(LOG, WARNING, e);
-		}
-	}
-
-	private static class ContactInfo {
-
-		private final Author author;
-		private final Map<TransportId, TransportProperties> properties;
-		private final byte[] signature;
-		private final long timestamp;
-
-		private ContactInfo(Author author,
-				Map<TransportId, TransportProperties> properties,
-				byte[] signature, long timestamp) {
-			this.author = author;
-			this.properties = properties;
-			this.signature = signature;
-			this.timestamp = timestamp;
-		}
-	}
-}

bramble-core/src/main/java/org/briarproject/bramble/contact/ContactManagerImpl.java

@@ -1,16 +1,23 @@
 package org.briarproject.bramble.contact;
 
 import org.briarproject.bramble.api.FormatException;
+import org.briarproject.bramble.api.Pair;
 import org.briarproject.bramble.api.contact.Contact;
 import org.briarproject.bramble.api.contact.ContactId;
 import org.briarproject.bramble.api.contact.ContactManager;
 import org.briarproject.bramble.api.contact.PendingContact;
 import org.briarproject.bramble.api.contact.PendingContactId;
+import org.briarproject.bramble.api.contact.PendingContactState;
+import org.briarproject.bramble.api.contact.event.PendingContactStateChangedEvent;
+import org.briarproject.bramble.api.crypto.KeyPair;
+import org.briarproject.bramble.api.crypto.PublicKey;
 import org.briarproject.bramble.api.crypto.SecretKey;
 import org.briarproject.bramble.api.db.DatabaseComponent;
 import org.briarproject.bramble.api.db.DbException;
 import org.briarproject.bramble.api.db.NoSuchContactException;
 import org.briarproject.bramble.api.db.Transaction;
+import org.briarproject.bramble.api.event.Event;
+import org.briarproject.bramble.api.event.EventListener;
 import org.briarproject.bramble.api.identity.Author;
 import org.briarproject.bramble.api.identity.AuthorId;
 import org.briarproject.bramble.api.identity.AuthorInfo;
@@ -19,45 +26,48 @@ import org.briarproject.bramble.api.identity.LocalAuthor;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.transport.KeyManager;
 
+import java.security.GeneralSecurityException;
+import java.util.ArrayList;
 import java.util.Collection;
 import java.util.List;
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.CopyOnWriteArrayList;
 
 import javax.annotation.Nullable;
 import javax.annotation.concurrent.ThreadSafe;
 import javax.inject.Inject;
 
-import static org.briarproject.bramble.api.contact.HandshakeLinkConstants.BASE32_LINK_BYTES;
+import static org.briarproject.bramble.api.contact.PendingContactState.WAITING_FOR_CONNECTION;
 import static org.briarproject.bramble.api.identity.AuthorConstants.MAX_AUTHOR_NAME_LENGTH;
 import static org.briarproject.bramble.api.identity.AuthorInfo.Status.OURSELVES;
 import static org.briarproject.bramble.api.identity.AuthorInfo.Status.UNKNOWN;
 import static org.briarproject.bramble.api.identity.AuthorInfo.Status.UNVERIFIED;
 import static org.briarproject.bramble.api.identity.AuthorInfo.Status.VERIFIED;
-import static org.briarproject.bramble.util.StringUtils.getRandomBase32String;
 import static org.briarproject.bramble.util.StringUtils.toUtf8;
 
 @ThreadSafe
 @NotNullByDefault
-class ContactManagerImpl implements ContactManager {
+class ContactManagerImpl implements ContactManager, EventListener {
-
-	private static final String REMOTE_CONTACT_LINK =
-			"briar://" + getRandomBase32String(BASE32_LINK_BYTES);
 
 	private final DatabaseComponent db;
 	private final KeyManager keyManager;
 	private final IdentityManager identityManager;
 	private final PendingContactFactory pendingContactFactory;
-	private final List<ContactHook> hooks;
+
+	private final List<ContactHook> hooks = new CopyOnWriteArrayList<>();
+	private final Map<PendingContactId, PendingContactState> states =
+			new ConcurrentHashMap<>();
 
 	@Inject
-	ContactManagerImpl(DatabaseComponent db, KeyManager keyManager,
+	ContactManagerImpl(DatabaseComponent db,
+			KeyManager keyManager,
 			IdentityManager identityManager,
 			PendingContactFactory pendingContactFactory) {
 		this.db = db;
 		this.keyManager = keyManager;
 		this.identityManager = identityManager;
 		this.pendingContactFactory = pendingContactFactory;
-		hooks = new CopyOnWriteArrayList<>();
 	}
 
 	@Override
@@ -69,9 +79,29 @@ class ContactManagerImpl implements ContactManager {
 	public ContactId addContact(Transaction txn, Author remote, AuthorId local,
 			SecretKey rootKey, long timestamp, boolean alice, boolean verified,
 			boolean active) throws DbException {
-		ContactId c = db.addContact(txn, remote, local, verified);
+		ContactId c = db.addContact(txn, remote, local, null, verified);
-		keyManager.addContactWithRotationKeys(txn, c, rootKey, timestamp,
+		keyManager.addRotationKeys(txn, c, rootKey, timestamp, alice, active);
-				alice, active);
+		Contact contact = db.getContact(txn, c);
+		for (ContactHook hook : hooks) hook.addingContact(txn, contact);
+		return c;
+	}
+
+	@Override
+	public ContactId addContact(Transaction txn, PendingContactId p,
+			Author remote, AuthorId local, SecretKey rootKey, long timestamp,
+			boolean alice, boolean verified, boolean active)
+			throws DbException, GeneralSecurityException {
+		PendingContact pendingContact = db.getPendingContact(txn, p);
+		db.removePendingContact(txn, p);
+		states.remove(p);
+		PublicKey theirPublicKey = pendingContact.getPublicKey();
+		ContactId c =
+				db.addContact(txn, remote, local, theirPublicKey, verified);
+		String alias = pendingContact.getAlias();
+		if (!alias.equals(remote.getName())) db.setContactAlias(txn, c, alias);
+		KeyPair ourKeyPair = identityManager.getHandshakeKeys(txn);
+		keyManager.addContact(txn, c, theirPublicKey, ourKeyPair);
+		keyManager.addRotationKeys(txn, c, rootKey, timestamp, alice, active);
 		Contact contact = db.getContact(txn, c);
 		for (ContactHook hook : hooks) hook.addingContact(txn, contact);
 		return c;
@@ -80,7 +110,7 @@ class ContactManagerImpl implements ContactManager {
 	@Override
 	public ContactId addContact(Transaction txn, Author remote, AuthorId local,
 			boolean verified) throws DbException {
-		ContactId c = db.addContact(txn, remote, local, verified);
+		ContactId c = db.addContact(txn, remote, local, null, verified);
 		Contact contact = db.getContact(txn, c);
 		for (ContactHook hook : hooks) hook.addingContact(txn, contact);
 		return c;
@@ -96,28 +126,56 @@ class ContactManagerImpl implements ContactManager {
 	}
 
 	@Override
-	public String getHandshakeLink() {
+	public String getHandshakeLink() throws DbException {
-		// TODO replace with real implementation
+		KeyPair keyPair = db.transactionWithResult(true,
-		return REMOTE_CONTACT_LINK;
+				identityManager::getHandshakeKeys);
+		return pendingContactFactory.createHandshakeLink(keyPair.getPublic());
 	}
 
 	@Override
 	public PendingContact addPendingContact(String link, String alias)
-			throws DbException, FormatException {
+			throws DbException, FormatException, GeneralSecurityException {
 		PendingContact p =
 				pendingContactFactory.createPendingContact(link, alias);
-		db.transaction(false, txn -> db.addPendingContact(txn, p));
+		Transaction txn = db.startTransaction(false);
+		try {
+			AuthorId local = identityManager.getLocalAuthor(txn).getId();
+			db.addPendingContact(txn, p, local);
+			KeyPair ourKeyPair = identityManager.getHandshakeKeys(txn);
+			keyManager.addPendingContact(txn, p.getId(), p.getPublicKey(),
+					ourKeyPair);
+			db.commitTransaction(txn);
+		} finally {
+			db.endTransaction(txn);
+		}
 		return p;
 	}
 
 	@Override
-	public Collection<PendingContact> getPendingContacts() throws DbException {
+	public PendingContact getPendingContact(Transaction txn, PendingContactId p)
-		return db.transactionWithResult(true, db::getPendingContacts);
+			throws DbException {
+		return db.getPendingContact(txn, p);
+	}
+
+	@Override
+	public Collection<Pair<PendingContact, PendingContactState>> getPendingContacts()
+			throws DbException {
+		Collection<PendingContact> pendingContacts =
+				db.transactionWithResult(true, db::getPendingContacts);
+		List<Pair<PendingContact, PendingContactState>> pairs =
+				new ArrayList<>(pendingContacts.size());
+		for (PendingContact p : pendingContacts) {
+			PendingContactState state = states.get(p.getId());
+			if (state == null) state = WAITING_FOR_CONNECTION;
+			pairs.add(new Pair<>(p, state));
+		}
+		return pairs;
 	}
 
 	@Override
 	public void removePendingContact(PendingContactId p) throws DbException {
 		db.transaction(false, txn -> db.removePendingContact(txn, p));
+		states.remove(p);
 	}
 
 	@Override
@@ -125,6 +183,11 @@ class ContactManagerImpl implements ContactManager {
 		return db.transactionWithResult(true, txn -> db.getContact(txn, c));
 	}
 
+	@Override
+	public Contact getContact(Transaction txn, ContactId c) throws DbException {
+		return db.getContact(txn, c);
+	}
+
 	@Override
 	public Contact getContact(AuthorId remoteAuthorId, AuthorId localAuthorId)
 			throws DbException {
@@ -212,4 +275,12 @@ class ContactManagerImpl implements ContactManager {
 		else return new AuthorInfo(UNVERIFIED, c.getAlias());
 	}
 
+	@Override
+	public void eventOccurred(Event e) {
+		if (e instanceof PendingContactStateChangedEvent) {
+			PendingContactStateChangedEvent p =
+					(PendingContactStateChangedEvent) e;
+			states.put(p.getId(), p.getPendingContactState());
+		}
+	}
 }

bramble-core/src/main/java/org/briarproject/bramble/contact/ContactModule.java

@@ -1,7 +1,9 @@
 package org.briarproject.bramble.contact;
 
-import org.briarproject.bramble.api.contact.ContactExchangeTask;
+import org.briarproject.bramble.api.contact.ContactExchangeManager;
 import org.briarproject.bramble.api.contact.ContactManager;
+import org.briarproject.bramble.api.contact.HandshakeManager;
+import org.briarproject.bramble.api.event.EventBus;
 
 import javax.inject.Inject;
 import javax.inject.Singleton;
@@ -19,14 +21,16 @@ public class ContactModule {
 
 	@Provides
 	@Singleton
-	ContactManager getContactManager(ContactManagerImpl contactManager) {
+	ContactManager provideContactManager(EventBus eventBus,
+			ContactManagerImpl contactManager) {
+		eventBus.addListener(contactManager);
 		return contactManager;
 	}
 
 	@Provides
-	ContactExchangeTask provideContactExchangeTask(
+	ContactExchangeManager provideContactExchangeManager(
-			ContactExchangeTaskImpl contactExchangeTask) {
+			ContactExchangeManagerImpl contactExchangeManager) {
-		return contactExchangeTask;
+		return contactExchangeManager;
 	}
 
 	@Provides
@@ -34,4 +38,23 @@ public class ContactModule {
 			PendingContactFactoryImpl pendingContactFactory) {
 		return pendingContactFactory;
 	}
+
+	@Provides
+	ContactExchangeCrypto provideContactExchangeCrypto(
+			ContactExchangeCryptoImpl contactExchangeCrypto) {
+		return contactExchangeCrypto;
+	}
+
+	@Provides
+	@Singleton
+	HandshakeManager provideHandshakeManager(
+			HandshakeManagerImpl handshakeManager) {
+		return handshakeManager;
+	}
+
+	@Provides
+	HandshakeCrypto provideHandshakeCrypto(
+			HandshakeCryptoImpl handshakeCrypto) {
+		return handshakeCrypto;
+	}
 }

bramble-core/src/main/java/org/briarproject/bramble/contact/HandshakeConstants.java

@@ -0,0 +1,31 @@
+package org.briarproject.bramble.contact;
+
+import static org.briarproject.bramble.api.crypto.CryptoConstants.MAC_BYTES;
+
+interface HandshakeConstants {
+
+	/**
+	 * The current version of the handshake protocol.
+	 */
+	byte PROTOCOL_VERSION = 0;
+
+	/**
+	 * Label for deriving the master key.
+	 */
+	String MASTER_KEY_LABEL = "org.briarproject.bramble.handshake/MASTER_KEY";
+
+	/**
+	 * Label for deriving Alice's proof of ownership from the master key.
+	 */
+	String ALICE_PROOF_LABEL = "org.briarproject.bramble.handshake/ALICE_PROOF";
+
+	/**
+	 * Label for deriving Bob's proof of ownership from the master key.
+	 */
+	String BOB_PROOF_LABEL = "org.briarproject.bramble.handshake/BOB_PROOF";
+
+	/**
+	 * The length of the proof of ownership in bytes.
+	 */
+	int PROOF_BYTES = MAC_BYTES;
+}

bramble-core/src/main/java/org/briarproject/bramble/contact/HandshakeCrypto.java

@@ -0,0 +1,40 @@
+package org.briarproject.bramble.contact;
+
+import org.briarproject.bramble.api.crypto.KeyPair;
+import org.briarproject.bramble.api.crypto.PublicKey;
+import org.briarproject.bramble.api.crypto.SecretKey;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+import java.security.GeneralSecurityException;
+
+@NotNullByDefault
+interface HandshakeCrypto {
+
+	KeyPair generateEphemeralKeyPair();
+
+	/**
+	 * Derives the master key from the given static and ephemeral keys.
+	 *
+	 * @param alice Whether the local peer is Alice
+	 */
+	SecretKey deriveMasterKey(PublicKey theirStaticPublicKey,
+			PublicKey theirEphemeralPublicKey, KeyPair ourStaticKeyPair,
+			KeyPair ourEphemeralKeyPair, boolean alice)
+			throws GeneralSecurityException;
+
+	/**
+	 * Returns proof that the local peer knows the master key and therefore
+	 * owns the static and ephemeral public keys sent by the local peer.
+	 *
+	 * @param alice Whether the proof is being created by Alice
+	 */
+	byte[] proveOwnership(SecretKey masterKey, boolean alice);
+
+	/**
+	 * Verifies the given proof that the remote peer knows the master key and
+	 * therefore owns the static and ephemeral keys sent by the remote peer.
+	 *
+	 * @param alice Whether the proof was created by Alice
+	 */
+	boolean verifyOwnership(SecretKey masterKey, boolean alice, byte[] proof);
+}

bramble-core/src/main/java/org/briarproject/bramble/contact/HandshakeCryptoImpl.java

@@ -0,0 +1,66 @@
+package org.briarproject.bramble.contact;
+
+import org.briarproject.bramble.api.crypto.CryptoComponent;
+import org.briarproject.bramble.api.crypto.KeyPair;
+import org.briarproject.bramble.api.crypto.PublicKey;
+import org.briarproject.bramble.api.crypto.SecretKey;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+
+import java.security.GeneralSecurityException;
+
+import javax.annotation.concurrent.Immutable;
+import javax.inject.Inject;
+
+import static org.briarproject.bramble.contact.HandshakeConstants.ALICE_PROOF_LABEL;
+import static org.briarproject.bramble.contact.HandshakeConstants.BOB_PROOF_LABEL;
+import static org.briarproject.bramble.contact.HandshakeConstants.MASTER_KEY_LABEL;
+
+@Immutable
+@NotNullByDefault
+class HandshakeCryptoImpl implements HandshakeCrypto {
+
+	private final CryptoComponent crypto;
+
+	@Inject
+	HandshakeCryptoImpl(CryptoComponent crypto) {
+		this.crypto = crypto;
+	}
+
+	@Override
+	public KeyPair generateEphemeralKeyPair() {
+		return crypto.generateAgreementKeyPair();
+	}
+
+	@Override
+	public SecretKey deriveMasterKey(PublicKey theirStaticPublicKey,
+			PublicKey theirEphemeralPublicKey, KeyPair ourStaticKeyPair,
+			KeyPair ourEphemeralKeyPair, boolean alice) throws
+			GeneralSecurityException {
+		byte[] theirStatic = theirStaticPublicKey.getEncoded();
+		byte[] theirEphemeral = theirEphemeralPublicKey.getEncoded();
+		byte[] ourStatic = ourStaticKeyPair.getPublic().getEncoded();
+		byte[] ourEphemeral = ourEphemeralKeyPair.getPublic().getEncoded();
+		byte[][] inputs = {
+				alice ? ourStatic : theirStatic,
+				alice ? theirStatic : ourStatic,
+				alice ? ourEphemeral : theirEphemeral,
+				alice ? theirEphemeral : ourEphemeral
+		};
+		return crypto.deriveSharedSecret(MASTER_KEY_LABEL, theirStaticPublicKey,
+				theirEphemeralPublicKey, ourStaticKeyPair, ourEphemeralKeyPair,
+				alice, inputs);
+	}
+
+	@Override
+	public byte[] proveOwnership(SecretKey masterKey, boolean alice) {
+		String label = alice ? ALICE_PROOF_LABEL : BOB_PROOF_LABEL;
+		return crypto.mac(label, masterKey);
+	}
+
+	@Override
+	public boolean verifyOwnership(SecretKey masterKey, boolean alice,
+			byte[] proof) {
+		String label = alice ? ALICE_PROOF_LABEL : BOB_PROOF_LABEL;
+		return crypto.verifyMac(proof, label, masterKey);
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/contact/HandshakeManagerImpl.java

@@ -0,0 +1,163 @@
+package org.briarproject.bramble.contact;
+
+import org.briarproject.bramble.api.FormatException;
+import org.briarproject.bramble.api.Pair;
+import org.briarproject.bramble.api.Predicate;
+import org.briarproject.bramble.api.contact.ContactManager;
+import org.briarproject.bramble.api.contact.HandshakeManager;
+import org.briarproject.bramble.api.contact.PendingContact;
+import org.briarproject.bramble.api.contact.PendingContactId;
+import org.briarproject.bramble.api.crypto.AgreementPublicKey;
+import org.briarproject.bramble.api.crypto.KeyPair;
+import org.briarproject.bramble.api.crypto.PublicKey;
+import org.briarproject.bramble.api.crypto.SecretKey;
+import org.briarproject.bramble.api.crypto.TransportCrypto;
+import org.briarproject.bramble.api.db.DatabaseComponent;
+import org.briarproject.bramble.api.db.DbException;
+import org.briarproject.bramble.api.db.TransactionManager;
+import org.briarproject.bramble.api.identity.IdentityManager;
+import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.record.Record;
+import org.briarproject.bramble.api.record.RecordReader;
+import org.briarproject.bramble.api.record.RecordReaderFactory;
+import org.briarproject.bramble.api.record.RecordWriter;
+import org.briarproject.bramble.api.record.RecordWriterFactory;
+import org.briarproject.bramble.api.transport.StreamWriter;
+
+import java.io.EOFException;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.GeneralSecurityException;
+
+import javax.annotation.concurrent.Immutable;
+import javax.inject.Inject;
+
+import static org.briarproject.bramble.api.crypto.CryptoConstants.MAX_AGREEMENT_PUBLIC_KEY_BYTES;
+import static org.briarproject.bramble.contact.HandshakeConstants.PROOF_BYTES;
+import static org.briarproject.bramble.contact.HandshakeConstants.PROTOCOL_VERSION;
+import static org.briarproject.bramble.contact.HandshakeRecordTypes.EPHEMERAL_PUBLIC_KEY;
+import static org.briarproject.bramble.contact.HandshakeRecordTypes.PROOF_OF_OWNERSHIP;
+import static org.briarproject.bramble.util.ValidationUtils.checkLength;
+
+@Immutable
+@NotNullByDefault
+class HandshakeManagerImpl implements HandshakeManager {
+
+	// Ignore records with current protocol version, unknown record type
+	private static final Predicate<Record> IGNORE = r ->
+			r.getProtocolVersion() == PROTOCOL_VERSION &&
+					!isKnownRecordType(r.getRecordType());
+
+	private static boolean isKnownRecordType(byte type) {
+		return type == EPHEMERAL_PUBLIC_KEY || type == PROOF_OF_OWNERSHIP;
+	}
+
+	private final TransactionManager db;
+	private final IdentityManager identityManager;
+	private final ContactManager contactManager;
+	private final TransportCrypto transportCrypto;
+	private final HandshakeCrypto handshakeCrypto;
+	private final RecordReaderFactory recordReaderFactory;
+	private final RecordWriterFactory recordWriterFactory;
+
+	@Inject
+	HandshakeManagerImpl(DatabaseComponent db,
+			IdentityManager identityManager,
+			ContactManager contactManager,
+			TransportCrypto transportCrypto,
+			HandshakeCrypto handshakeCrypto,
+			RecordReaderFactory recordReaderFactory,
+			RecordWriterFactory recordWriterFactory) {
+		this.db = db;
+		this.identityManager = identityManager;
+		this.contactManager = contactManager;
+		this.transportCrypto = transportCrypto;
+		this.handshakeCrypto = handshakeCrypto;
+		this.recordReaderFactory = recordReaderFactory;
+		this.recordWriterFactory = recordWriterFactory;
+	}
+
+	@Override
+	public HandshakeResult handshake(PendingContactId p, InputStream in,
+			StreamWriter out) throws DbException, IOException {
+		Pair<PublicKey, KeyPair> keys = db.transactionWithResult(true, txn -> {
+			PendingContact pendingContact =
+					contactManager.getPendingContact(txn, p);
+			KeyPair keyPair = identityManager.getHandshakeKeys(txn);
+			return new Pair<>(pendingContact.getPublicKey(), keyPair);
+		});
+		PublicKey theirStaticPublicKey = keys.getFirst();
+		KeyPair ourStaticKeyPair = keys.getSecond();
+		boolean alice = transportCrypto.isAlice(theirStaticPublicKey,
+				ourStaticKeyPair);
+		RecordReader recordReader = recordReaderFactory.createRecordReader(in);
+		RecordWriter recordWriter = recordWriterFactory
+				.createRecordWriter(out.getOutputStream());
+		KeyPair ourEphemeralKeyPair =
+				handshakeCrypto.generateEphemeralKeyPair();
+		PublicKey theirEphemeralPublicKey;
+		if (alice) {
+			sendPublicKey(recordWriter, ourEphemeralKeyPair.getPublic());
+			theirEphemeralPublicKey = receivePublicKey(recordReader);
+		} else {
+			theirEphemeralPublicKey = receivePublicKey(recordReader);
+			sendPublicKey(recordWriter, ourEphemeralKeyPair.getPublic());
+		}
+		SecretKey masterKey;
+		try {
+			masterKey = handshakeCrypto.deriveMasterKey(theirStaticPublicKey,
+					theirEphemeralPublicKey, ourStaticKeyPair,
+					ourEphemeralKeyPair, alice);
+		} catch (GeneralSecurityException e) {
+			throw new FormatException();
+		}
+		byte[] ourProof = handshakeCrypto.proveOwnership(masterKey, alice);
+		byte[] theirProof;
+		if (alice) {
+			sendProof(recordWriter, ourProof);
+			theirProof = receiveProof(recordReader);
+		} else {
+			theirProof = receiveProof(recordReader);
+			sendProof(recordWriter, ourProof);
+		}
+		out.sendEndOfStream();
+		recordReader.readRecord(r -> false, IGNORE);
+		if (!handshakeCrypto.verifyOwnership(masterKey, !alice, theirProof))
+			throw new FormatException();
+		return new HandshakeResult(masterKey, alice);
+	}
+
+	private void sendPublicKey(RecordWriter w, PublicKey k) throws IOException {
+		w.writeRecord(new Record(PROTOCOL_VERSION, EPHEMERAL_PUBLIC_KEY,
+				k.getEncoded()));
+		w.flush();
+	}
+
+	private PublicKey receivePublicKey(RecordReader r) throws IOException {
+		byte[] key = readRecord(r, EPHEMERAL_PUBLIC_KEY).getPayload();
+		checkLength(key, 1, MAX_AGREEMENT_PUBLIC_KEY_BYTES);
+		return new AgreementPublicKey(key);
+	}
+
+	private void sendProof(RecordWriter w, byte[] proof) throws IOException {
+		w.writeRecord(new Record(PROTOCOL_VERSION, PROOF_OF_OWNERSHIP, proof));
+		w.flush();
+	}
+
+	private byte[] receiveProof(RecordReader r) throws IOException {
+		byte[] proof = readRecord(r, PROOF_OF_OWNERSHIP).getPayload();
+		checkLength(proof, PROOF_BYTES, PROOF_BYTES);
+		return proof;
+	}
+
+	private Record readRecord(RecordReader r, byte expectedType)
+			throws IOException {
+		// Accept records with current protocol version, expected type only
+		Predicate<Record> accept = rec ->
+				rec.getProtocolVersion() == PROTOCOL_VERSION &&
+						rec.getRecordType() == expectedType;
+		Record rec = r.readRecord(accept, IGNORE);
+		if (rec == null) throw new EOFException();
+		return rec;
+	}
+}

bramble-core/src/main/java/org/briarproject/bramble/contact/HandshakeRecordTypes.java

@@ -0,0 +1,11 @@
+package org.briarproject.bramble.contact;
+
+/**
+ * Record types for the handshake protocol.
+ */
+interface HandshakeRecordTypes {
+
+	byte EPHEMERAL_PUBLIC_KEY = 0;
+
+	byte PROOF_OF_OWNERSHIP = 1;
+}

bramble-core/src/main/java/org/briarproject/bramble/contact/PendingContactFactory.java

@@ -3,6 +3,7 @@ package org.briarproject.bramble.contact;
 import org.briarproject.bramble.api.FormatException;
 import org.briarproject.bramble.api.UnsupportedVersionException;
 import org.briarproject.bramble.api.contact.PendingContact;
+import org.briarproject.bramble.api.crypto.PublicKey;
 
 interface PendingContactFactory {
 
@@ -15,4 +16,9 @@ interface PendingContactFactory {
 	 */
 	PendingContact createPendingContact(String link, String alias)
 			throws FormatException;
+
+	/**
+	 * Creates a handshake link from the given public key.
+	 */
+	String createHandshakeLink(PublicKey k);
 }

bramble-core/src/main/java/org/briarproject/bramble/contact/PendingContactFactoryImpl.java

@@ -20,7 +20,7 @@ import static org.briarproject.bramble.api.contact.HandshakeLinkConstants.FORMAT
 import static org.briarproject.bramble.api.contact.HandshakeLinkConstants.ID_LABEL;
 import static org.briarproject.bramble.api.contact.HandshakeLinkConstants.LINK_REGEX;
 import static org.briarproject.bramble.api.contact.HandshakeLinkConstants.RAW_LINK_BYTES;
-import static org.briarproject.bramble.api.contact.PendingContactState.WAITING_FOR_CONNECTION;
+import static org.briarproject.bramble.api.crypto.CryptoConstants.KEY_TYPE_AGREEMENT;
 
 class PendingContactFactoryImpl implements PendingContactFactory {
 
@@ -39,8 +39,20 @@ class PendingContactFactoryImpl implements PendingContactFactory {
 		PublicKey publicKey = parseHandshakeLink(link);
 		PendingContactId id = getPendingContactId(publicKey);
 		long timestamp = clock.currentTimeMillis();
-		return new PendingContact(id, publicKey, alias, WAITING_FOR_CONNECTION,
+		return new PendingContact(id, publicKey, alias, timestamp);
-				timestamp);
+	}
+
+	@Override
+	public String createHandshakeLink(PublicKey k) {
+		if (!k.getKeyType().equals(KEY_TYPE_AGREEMENT))
+			throw new IllegalArgumentException();
+		byte[] encoded = k.getEncoded();
+		if (encoded.length != RAW_LINK_BYTES - 1)
+			throw new IllegalArgumentException();
+		byte[] raw = new byte[RAW_LINK_BYTES];
+		raw[0] = FORMAT_VERSION;
+		arraycopy(encoded, 0, raw, 1, encoded.length);
+		return "briar://" + Base32.encode(raw).toLowerCase();
 	}
 
 	private PublicKey parseHandshakeLink(String link) throws FormatException {
@@ -48,13 +60,13 @@ class PendingContactFactoryImpl implements PendingContactFactory {
 		if (!matcher.find()) throw new FormatException();
 		// Discard 'briar://' and anything before or after the link
 		link = matcher.group(2);
-		byte[] base32 = Base32.decode(link, false);
+		byte[] raw = Base32.decode(link, false);
-		if (base32.length != RAW_LINK_BYTES) throw new AssertionError();
+		if (raw.length != RAW_LINK_BYTES) throw new AssertionError();
-		byte version = base32[0];
+		byte version = raw[0];
 		if (version != FORMAT_VERSION)
 			throw new UnsupportedVersionException(version < FORMAT_VERSION);
-		byte[] publicKeyBytes = new byte[base32.length - 1];
+		byte[] publicKeyBytes = new byte[raw.length - 1];
-		arraycopy(base32, 1, publicKeyBytes, 0, publicKeyBytes.length);
+		arraycopy(raw, 1, publicKeyBytes, 0, publicKeyBytes.length);
 		try {
 			KeyParser parser = crypto.getAgreementKeyParser();
 			return parser.parsePublicKey(publicKeyBytes);

bramble-core/src/main/java/org/briarproject/bramble/crypto/CryptoComponentImpl.java

@@ -9,6 +9,7 @@ import org.briarproject.bramble.api.crypto.AgreementPublicKey;
 import org.briarproject.bramble.api.crypto.CryptoComponent;
 import org.briarproject.bramble.api.crypto.KeyPair;
 import org.briarproject.bramble.api.crypto.KeyParser;
+import org.briarproject.bramble.api.crypto.KeyStrengthener;
 import org.briarproject.bramble.api.crypto.PrivateKey;
 import org.briarproject.bramble.api.crypto.PublicKey;
 import org.briarproject.bramble.api.crypto.SecretKey;
@@ -34,6 +35,7 @@ import java.util.logging.Logger;
 import javax.annotation.Nullable;
 import javax.inject.Inject;
 
+import static java.lang.System.arraycopy;
 import static java.util.logging.Level.INFO;
 import static org.briarproject.bramble.api.crypto.CryptoConstants.KEY_TYPE_AGREEMENT;
 import static org.briarproject.bramble.api.crypto.CryptoConstants.KEY_TYPE_SIGNATURE;
@@ -50,7 +52,8 @@ class CryptoComponentImpl implements CryptoComponent {
 	private static final int SIGNATURE_KEY_PAIR_BITS = 256;
 	private static final int STORAGE_IV_BYTES = 24; // 196 bits
 	private static final int PBKDF_SALT_BYTES = 32; // 256 bits
-	private static final int PBKDF_FORMAT_SCRYPT = 0;
+	private static final byte PBKDF_FORMAT_SCRYPT = 0;
+	private static final byte PBKDF_FORMAT_SCRYPT_STRENGTHENED = 1;
 
 	private final SecureRandom secureRandom;
 	private final PasswordBasedKdf passwordBasedKdf;
@@ -191,10 +194,39 @@ class CryptoComponentImpl implements CryptoComponent {
 	public SecretKey deriveSharedSecret(String label, PublicKey theirPublicKey,
 			KeyPair ourKeyPair, byte[]... inputs)
 			throws GeneralSecurityException {
-		PrivateKey ourPriv = ourKeyPair.getPrivate();
+		PrivateKey ourPrivateKey = ourKeyPair.getPrivate();
 		byte[][] hashInputs = new byte[inputs.length + 1][];
-		hashInputs[0] = performRawKeyAgreement(ourPriv, theirPublicKey);
+		hashInputs[0] = performRawKeyAgreement(ourPrivateKey, theirPublicKey);
-		System.arraycopy(inputs, 0, hashInputs, 1, inputs.length);
+		arraycopy(inputs, 0, hashInputs, 1, inputs.length);
+		byte[] hash = hash(label, hashInputs);
+		if (hash.length != SecretKey.LENGTH) throw new IllegalStateException();
+		return new SecretKey(hash);
+	}
+
+	@Override
+	public SecretKey deriveSharedSecret(String label,
+			PublicKey theirStaticPublicKey, PublicKey theirEphemeralPublicKey,
+			KeyPair ourStaticKeyPair, KeyPair ourEphemeralKeyPair,
+			boolean alice, byte[]... inputs) throws GeneralSecurityException {
+		PrivateKey ourStaticPrivateKey = ourStaticKeyPair.getPrivate();
+		PrivateKey ourEphemeralPrivateKey = ourEphemeralKeyPair.getPrivate();
+		byte[][] hashInputs = new byte[inputs.length + 3][];
+		// Alice static/Bob static
+		hashInputs[0] = performRawKeyAgreement(ourStaticPrivateKey,
+				theirStaticPublicKey);
+		// Alice static/Bob ephemeral, Bob static/Alice ephemeral
+		if (alice) {
+			hashInputs[1] = performRawKeyAgreement(ourStaticPrivateKey,
+					theirEphemeralPublicKey);
+			hashInputs[2] = performRawKeyAgreement(ourEphemeralPrivateKey,
+					theirStaticPublicKey);
+		} else {
+			hashInputs[1] = performRawKeyAgreement(ourEphemeralPrivateKey,
+					theirStaticPublicKey);
+			hashInputs[2] = performRawKeyAgreement(ourStaticPrivateKey,
+					theirEphemeralPublicKey);
+		}
+		arraycopy(inputs, 0, hashInputs, 3, inputs.length);
 		byte[] hash = hash(label, hashInputs);
 		if (hash.length != SecretKey.LENGTH) throw new IllegalStateException();
 		return new SecretKey(hash);
@@ -281,7 +313,8 @@ class CryptoComponentImpl implements CryptoComponent {
 	}
 
 	@Override
-	public byte[] encryptWithPassword(byte[] input, String password) {
+	public byte[] encryptWithPassword(byte[] input, String password,
+			@Nullable KeyStrengthener keyStrengthener) {
 		AuthenticatedCipher cipher = new XSalsa20Poly1305AuthenticatedCipher();
 		int macBytes = cipher.getMacBytes();
 		// Generate a random salt
@@ -289,8 +322,9 @@ class CryptoComponentImpl implements CryptoComponent {
 		secureRandom.nextBytes(salt);
 		// Calibrate the KDF
 		int cost = passwordBasedKdf.chooseCostParameter();
-		// Derive the key from the password
+		// Derive the encryption key from the password
 		SecretKey key = passwordBasedKdf.deriveKey(password, salt, cost);
+		if (keyStrengthener != null) key = keyStrengthener.strengthenKey(key);
 		// Generate a random IV
 		byte[] iv = new byte[STORAGE_IV_BYTES];
 		secureRandom.nextBytes(iv);
@@ -301,16 +335,18 @@ class CryptoComponentImpl implements CryptoComponent {
 		byte[] output = new byte[outputLen];
 		int outputOff = 0;
 		// Format version
-		output[outputOff] = PBKDF_FORMAT_SCRYPT;
+		byte formatVersion = keyStrengthener == null
+				? PBKDF_FORMAT_SCRYPT : PBKDF_FORMAT_SCRYPT_STRENGTHENED;
+		output[outputOff] = formatVersion;
 		outputOff++;
 		// Salt
-		System.arraycopy(salt, 0, output, outputOff, salt.length);
+		arraycopy(salt, 0, output, outputOff, salt.length);
 		outputOff += salt.length;
 		// Cost parameter
 		ByteUtils.writeUint32(cost, output, outputOff);
 		outputOff += INT_32_BYTES;
 		// IV
-		System.arraycopy(iv, 0, output, outputOff, iv.length);
+		arraycopy(iv, 0, output, outputOff, iv.length);
 		outputOff += iv.length;
 		// Initialise the cipher and encrypt the plaintext
 		try {
@@ -324,7 +360,8 @@ class CryptoComponentImpl implements CryptoComponent {
 
 	@Override
 	@Nullable
-	public byte[] decryptWithPassword(byte[] input, String password) {
+	public byte[] decryptWithPassword(byte[] input, String password,
+			@Nullable KeyStrengthener keyStrengthener) {
 		AuthenticatedCipher cipher = new XSalsa20Poly1305AuthenticatedCipher();
 		int macBytes = cipher.getMacBytes();
 		// The input contains the format version, salt, cost parameter, IV,
@@ -336,11 +373,14 @@ class CryptoComponentImpl implements CryptoComponent {
 		// Format version
 		byte formatVersion = input[inputOff];
 		inputOff++;
-		if (formatVersion != PBKDF_FORMAT_SCRYPT)
+		// Check whether we support this format version
-			return null; // Unknown format
+		if (formatVersion != PBKDF_FORMAT_SCRYPT &&
+				formatVersion != PBKDF_FORMAT_SCRYPT_STRENGTHENED) {
+			return null;
+		}
 		// Salt
 		byte[] salt = new byte[PBKDF_SALT_BYTES];
-		System.arraycopy(input, inputOff, salt, 0, salt.length);
+		arraycopy(input, inputOff, salt, 0, salt.length);
 		inputOff += salt.length;
 		// Cost parameter
 		long cost = ByteUtils.readUint32(input, inputOff);
@@ -349,10 +389,15 @@ class CryptoComponentImpl implements CryptoComponent {
 			return null; // Invalid cost parameter
 		// IV
 		byte[] iv = new byte[STORAGE_IV_BYTES];
-		System.arraycopy(input, inputOff, iv, 0, iv.length);
+		arraycopy(input, inputOff, iv, 0, iv.length);
 		inputOff += iv.length;
-		// Derive the key from the password
+		// Derive the decryption key from the password
 		SecretKey key = passwordBasedKdf.deriveKey(password, salt, (int) cost);
+		if (formatVersion == PBKDF_FORMAT_SCRYPT_STRENGTHENED) {
+			if (keyStrengthener == null || !keyStrengthener.isInitialised())
+				return null; // Can't derive the same strengthened key
+			key = keyStrengthener.strengthenKey(key);
+		}
 		// Initialise the cipher
 		try {
 			cipher.init(false, key, iv);
@@ -370,6 +415,12 @@ class CryptoComponentImpl implements CryptoComponent {
 		}
 	}
 
+	@Override
+	public boolean isEncryptedWithStrengthenedKey(byte[] ciphertext) {
+		return ciphertext.length > 0 &&
+				ciphertext[0] == PBKDF_FORMAT_SCRYPT_STRENGTHENED;
+	}
+
 	@Override
 	public byte[] encryptToKey(PublicKey publicKey, byte[] plaintext) {
 		try {