Bump version to 2.1.7

// FREEBIE

.gitignore

@@ -4,3 +4,18 @@ project.properties
 .settings
 bin/
 gen/
+.idea/
+*.iml
+out
+tests
+lint.xml
+local.properties
+ant.properties
+.DS_Store
+build.log
+build-log.xml
+.gradle
+build
+signing.properties
+library/lib/
+library/obj/

.travis.yml

@@ -0,0 +1,7 @@
+language: android
+android:
+  components:
+    - platform-tools
+    - build-tools-19.1.0
+    - android-19
+    - extra-android-m2repository

.tx/config

@@ -0,0 +1,11 @@
+[main]
+host = https://www.transifex.com
+lang_map = fr_CA:fr-rCA,pt_BR:pt-rBR,pt_PT:pt,zh_CN:zh-rCN,zh_HK:zh-rHK,zh_TW:zh-rTW,da_DK:da-rDK,de_DE:de,tr_TR:tr,fr_FR:fr,es_ES:es,hu_HU:hu,sv_SE:sv-rSE,bg_BG:bg,el_GR:el,kn_IN:kn-rIN,cs_CZ:cs
+
+
+[textsecure-official.master]
+file_filter = res/values-<lang>/strings.xml
+source_file = res/values/strings.xml
+source_lang = en
+type = ANDROID
+

AndroidManifest.xml

@@ -1,106 +1,229 @@
 <?xml version="1.0" encoding="utf-8"?>
 <manifest xmlns:android="http://schemas.android.com/apk/res/android"
-      package="org.thoughtcrime.securesms"
-      android:versionCode="22"
-      android:versionName="0.6">
+          xmlns:tools="http://schemas.android.com/tools"
+          package="org.thoughtcrime.securesms"
+      android:versionCode="79"
+      android:versionName="2.1.7">
 
-    <uses-sdk android:minSdkVersion="8" android:targetSdkVersion="14"/>
+    <permission android:name="org.thoughtcrime.securesms.ACCESS_SECRETS"
+                android:label="Access to TextSecure Secrets"
+                android:protectionLevel="signature" />
 
-    <application android:icon="@drawable/icon"
+	<uses-permission android:name="org.thoughtcrime.securesms.ACCESS_SECRETS"/>
+    <uses-permission android:name="android.permission.READ_PROFILE"/>
+    <uses-permission android:name="android.permission.WRITE_PROFILE"/>
+    <uses-permission android:name="android.permission.BROADCAST_WAP_PUSH"
+                     tools:ignore="ProtectedPermissions"/>
+    <uses-permission android:name="android.permission.READ_CONTACTS"/>
+    <uses-permission android:name="android.permission.WRITE_CONTACTS"/>
+    <uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED" />
+    <uses-permission android:name="android.permission.RECEIVE_SMS"/>
+    <uses-permission android:name="android.permission.RECEIVE_MMS"/>
+    <uses-permission android:name="android.permission.READ_SMS"/>
+    <uses-permission android:name="android.permission.SEND_SMS"/>
+    <uses-permission android:name="android.permission.WRITE_SMS"/>
+    <uses-permission android:name="android.permission.VIBRATE"/>
+    <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
+    <uses-permission android:name="android.permission.CHANGE_NETWORK_STATE" />
+    <uses-permission android:name="android.permission.READ_PHONE_STATE" />
+    <uses-permission android:name="android.permission.WAKE_LOCK" />
+    <uses-permission android:name="android.permission.INTERNET" />
+    <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
+    <uses-permission android:name="android.permission.READ_CALL_LOG" />
+    <uses-permission android:name="android.permission.GET_ACCOUNTS" />
+    <uses-permission android:name="com.google.android.c2dm.permission.RECEIVE" />
+
+    <permission android:name="org.thoughtcrime.securesms.permission.C2D_MESSAGE"
+                android:protectionLevel="signature" />
+    <uses-permission android:name="org.thoughtcrime.securesms.permission.C2D_MESSAGE" />
+
+    <application android:name="org.thoughtcrime.securesms.ApplicationListener"
+                 android:icon="@drawable/icon"
                  android:label="@string/app_name"
-                 android:theme="@style/Theme.Sherlock.Light.DarkActionBar">
+                 android:theme="@style/TextSecure.LightTheme">
 
-        <activity android:name=".ConversationListActivity"
-                  android:label="@string/app_name"
+        <meta-data android:name="com.google.android.gms.version"
+                   android:value="@integer/google_play_services_version" />
+
+        <activity android:name=".RoutingActivity"
+                  android:theme="@style/NoAnimation.Theme.BlackScreen"
                   android:launchMode="singleTask"
-                  android:uiOptions="splitActionBarWhenNarrow"
                   android:configChanges="touchscreen|keyboard|keyboardHidden|orientation|screenLayout|screenSize">
 
             <intent-filter>
                 <action android:name="android.intent.action.MAIN" />
                 <category android:name="android.intent.category.LAUNCHER" />
             </intent-filter>
-            
+
             <intent-filter>
                   <action android:name="android.intent.action.SENDTO"/>
                   <category android:name="android.intent.category.DEFAULT" />
                   <data android:scheme="sms" />
                   <data android:scheme="smsto" />
+                  <data android:scheme="mms" />
+                  <data android:scheme="mmsto" />
             </intent-filter>
-            
+
+            <intent-filter>
+                <action android:name="android.intent.action.SEND" />
+                <category android:name="android.intent.category.DEFAULT"/>
+                <data android:mimeType="audio/*" />
+                <data android:mimeType="image/*" />
+                <data android:mimeType="text/plain" />
+                <data android:mimeType="video/*" />
+            </intent-filter>
+
         </activity>
 
+    <activity android:name=".RegistrationProblemsActivity"
+              android:theme="@style/TextSecure.Light.Dialog"
+              android:configChanges="touchscreen|keyboard|keyboardHidden|orientation|screenLayout|screenSize"/>
+
+    <activity android:name=".CountrySelectionActivity"
+              android:configChanges="touchscreen|keyboard|keyboardHidden|orientation|screenLayout|screenSize"/>
+
+    <activity android:name=".ImportExportActivity"
+              android:configChanges="touchscreen|keyboard|keyboardHidden|orientation|screenLayout|screenSize"/>
+
+    <activity android:name=".PromptMmsActivity"
+              android:label="Configure MMS Settings"
+              android:windowSoftInputMode="stateUnchanged"              
+              android:configChanges="touchscreen|keyboard|keyboardHidden|orientation|screenLayout|screenSize"/>
+
+    <activity android:name=".MmsPreferencesActivity"
+               android:configChanges="touchscreen|keyboard|keyboardHidden|orientation|screenLayout|screenSize"/>
+
+    <activity android:name=".ShareActivity"
+              android:excludeFromRecents="true"
+              android:launchMode="singleTask"
+              android:noHistory="true"
+              android:windowSoftInputMode="stateHidden"
+              android:configChanges="touchscreen|keyboard|keyboardHidden|orientation|screenLayout|screenSize"/>
+
+    <activity android:name=".ConversationListActivity"
+          android:label="@string/app_name"
+          android:launchMode="singleTask"
+          android:configChanges="touchscreen|keyboard|keyboardHidden|orientation|screenLayout|screenSize"/>
+
     <activity android:name=".ConversationActivity"
               android:windowSoftInputMode="stateUnchanged"
               android:configChanges="touchscreen|keyboard|keyboardHidden|orientation|screenLayout|screenSize"/>
 
+    <activity android:name=".GroupCreateActivity"
+              android:windowSoftInputMode="stateVisible"
+              android:configChanges="touchscreen|keyboard|keyboardHidden|orientation|screenLayout|screenSize"/>
+
+    <activity android:name=".DatabaseMigrationActivity"
+              android:theme="@style/NoAnimation.Theme.Sherlock.Light.DarkActionBar"
+              android:launchMode="singleTask"
+              android:configChanges="touchscreen|keyboard|keyboardHidden|orientation|screenLayout|screenSize"/>
+
+    <activity android:name=".DatabaseUpgradeActivity"
+              android:theme="@style/NoAnimation.Theme.Sherlock.Light.DarkActionBar"
+              android:launchMode="singleTask"
+              android:configChanges="touchscreen|keyboard|keyboardHidden|orientation|screenLayout|screenSize"/>
+
     <activity android:name=".PassphraseCreateActivity"
-              android:theme="@style/Theme.Sherlock.Light.Dialog"
-              android:label="Create Passphrase"
-              android:launchMode="singleInstance"
+              android:label="@string/AndroidManifest__create_passphrase"
+              android:windowSoftInputMode="stateUnchanged"
+              android:theme="@style/TextSecure.IntroTheme"
+              android:launchMode="singleTop"
               android:configChanges="touchscreen|keyboard|keyboardHidden|orientation|screenLayout|screenSize"/>
 
     <activity android:name=".PassphrasePromptActivity"
-              android:theme="@style/Theme.Sherlock.Light.Dialog"
-              android:label="Enter Passphrase"
-              android:launchMode="singleInstance"
-              android:windowSoftInputMode="stateVisible"
+              android:label="@string/AndroidManifest__enter_passphrase"
+              android:launchMode="singleTop"
+              android:theme="@style/TextSecure.IntroTheme"
+              android:windowSoftInputMode="stateAlwaysVisible"
               android:configChanges="touchscreen|keyboard|keyboardHidden|orientation|screenLayout|screenSize"/>
 
     <activity android:name=".ContactSelectionActivity"
-              android:label="Select Contacts"
+              android:label="@string/AndroidManifest__select_contacts"
+              android:windowSoftInputMode="stateHidden"
               android:configChanges="touchscreen|keyboard|keyboardHidden|orientation|screenLayout|screenSize"/>
 
+    <activity android:name=".NewConversationActivity"
+              android:label="@string/AndroidManifest__select_contacts"
+              android:windowSoftInputMode="stateHidden"
+              android:configChanges="touchscreen|keyboard|keyboardHidden|orientation|screenLayout|screenSize"/>
+
+    <activity android:name=".PushContactSelectionActivity"
+          android:label="@string/AndroidManifest__select_contacts"
+          android:windowSoftInputMode="stateHidden"
+          android:configChanges="touchscreen|keyboard|keyboardHidden|orientation|screenLayout|screenSize"/>
+
     <activity android:name=".AutoInitiateActivity"
-              android:theme="@style/Theme.Sherlock.Light.Dialog"
-              android:label="TextSecure Messaging Detected"
+              android:theme="@style/TextSecure.Light.Dialog"
+              android:label="@string/AndroidManifest__textsecure_detected"
               android:configChanges="touchscreen|keyboard|keyboardHidden|orientation|screenLayout|screenSize"/>
 
     <activity android:name=".ViewIdentityActivity"
-              android:theme="@style/Theme.Sherlock.Light.Dialog"
-              android:label="Public Identity Key"
+              android:label="@string/AndroidManifest__public_identity_key"
+              android:configChanges="touchscreen|keyboard|keyboardHidden|orientation|screenLayout|screenSize"/>
+
+    <activity android:name=".ViewLocalIdentityActivity"
               android:configChanges="touchscreen|keyboard|keyboardHidden|orientation|screenLayout|screenSize"/>
 
     <activity android:name=".PassphraseChangeActivity"
-              android:theme="@style/Theme.Sherlock.Light.Dialog"
-              android:label="Change Passphrase"
-              android:launchMode="singleInstance"
-              android:configChanges="touchscreen|keyboard|keyboardHidden|orientation|screenLayout|screenSize"/>
-
-    <activity android:name=".VerifyKeysActivity"
-              android:label="Verify Session"
+              android:label="@string/AndroidManifest__change_passphrase"
               android:configChanges="touchscreen|keyboard|keyboardHidden|orientation|screenLayout|screenSize"/>
 
     <activity android:name=".VerifyIdentityActivity"
-              android:label="Verify Identity"
+              android:label="@string/AndroidManifest__verify_identity"
               android:configChanges="touchscreen|keyboard|keyboardHidden|orientation|screenLayout|screenSize"/>
 
-    <activity android:name=".SaveIdentityActivity"
-              android:theme="@style/Theme.Sherlock.Light.Dialog"
-              android:label="Save Identity"
-              android:windowSoftInputMode="stateVisible"
-              android:configChanges="touchscreen|keyboard|keyboardHidden|orientation|screenLayout|screenSize"/>
-
-    <activity android:name=".ReviewIdentitiesActivity"
-              android:label="Manage Identity Keys"
-              android:configChanges="touchscreen|keyboard|keyboardHidden|orientation|screenLayout|screenSize"/>
-
-    <activity android:name=".ReceiveKeyActivity" 
-              android:theme="@style/Theme.Sherlock.Light.Dialog" 
-              android:label="Complete Key Exchange" 
+    <activity android:name=".ReceiveKeyActivity"
+              android:label="@string/AndroidManifest__complete_key_exchange"
+              android:theme="@style/TextSecure.Light.Dialog"
               android:configChanges="touchscreen|keyboard|keyboardHidden|orientation|screenLayout|screenSize"/>
     
-    <activity android:name=".ApplicationPreferencesActivity" 
+    <activity android:name=".ApplicationPreferencesActivity"
               android:configChanges="touchscreen|keyboard|keyboardHidden|orientation|screenLayout|screenSize"/>
 
-    <activity android:name=".VerifyImportedIdentityActivity" 
-              android:theme="@style/Theme.Sherlock.Light.Dialog" 
-              android:label="Verify Imported Identity" 
+    <activity android:name=".RegistrationActivity"
+              android:windowSoftInputMode="stateUnchanged"
               android:configChanges="touchscreen|keyboard|keyboardHidden|orientation|screenLayout|screenSize"/>
 
+    <activity android:name=".RegistrationProgressActivity"
+              android:configChanges="touchscreen|keyboard|keyboardHidden|orientation|screenLayout|screenSize"/>
+
+    <activity android:name=".LogSubmitActivity"
+              android:label="@string/AndroidManifest__log_submit"
+              android:windowSoftInputMode="stateHidden"
+              android:configChanges="touchscreen|keyboard|keyboardHidden|orientation|screenLayout|screenSize"/>
+
+    <activity android:name=".DummyActivity"
+              android:theme="@android:style/Theme.NoDisplay"
+              android:enabled="true"
+              android:allowTaskReparenting="true"
+              android:noHistory="true"
+              android:excludeFromRecents="true"
+              android:alwaysRetainTaskState="false"
+              android:stateNotNeeded="true"
+              android:clearTaskOnLaunch="true"
+              android:finishOnTaskLaunch="true" />
+
+    <service android:enabled="true" android:name=".service.GcmRegistrationService"/>
     <service android:enabled="true" android:name=".service.ApplicationMigrationService"/>
     <service android:enabled="true" android:name=".service.KeyCachingService"/>
     <service android:enabled="true" android:name=".service.SendReceiveService"/>
+    <service android:enabled="true" android:name=".service.RegistrationService"/>
+    <service android:enabled="true" android:name=".service.DirectoryRefreshService"/>
+    <service android:enabled="true" android:name=".service.PreKeyService"/>
+
+    <service android:name=".service.QuickResponseService"
+             android:permission="android.permission.SEND_RESPOND_VIA_MESSAGE"
+             android:exported="true" >
+        <intent-filter>
+            <action android:name="android.intent.action.RESPOND_VIA_MESSAGE" />
+            <category android:name="android.intent.category.DEFAULT" />
+            <data android:scheme="sms" />
+            <data android:scheme="smsto" />
+            <data android:scheme="mms" />
+            <data android:scheme="mmsto" />
+        </intent-filter>
+    </service>
+
 
 <!--	<receiver android:name=".service.BootListener" -->
 <!-- 			  android:enabled="true" -->
@@ -110,56 +233,72 @@
 <!--    		</intent-filter>-->
 <!--	</receiver>-->
 
+    <receiver android:name=".gcm.GcmBroadcastReceiver" android:permission="com.google.android.c2dm.permission.SEND" >
+        <intent-filter>
+            <action android:name="com.google.android.c2dm.intent.RECEIVE" />
+            <category android:name="org.thoughtcrime.securesms" />
+        </intent-filter>
+    </receiver>
+
     <receiver android:name=".service.SmsListener"
+              android:permission="android.permission.BROADCAST_SMS"
               android:enabled="true"
               android:exported="true">
              <intent-filter android:priority="1001">
-                 <action android:name="android.provider.Telephony.SMS_RECEIVED"></action>
+                 <action android:name="android.provider.Telephony.SMS_RECEIVED"/>
              </intent-filter>
              <intent-filter>
-                 <action android:name="org.thoughtcrime.securesms.services.MESSAGE_SENT"></action>
+                 <action android:name="android.provider.Telephony.SMS_DELIVER"/>
              </intent-filter>
     </receiver>
 
+    <receiver android:name=".service.SmsDeliveryListener"
+              android:exported="true">
+        <intent-filter>
+            <action android:name="org.thoughtcrime.securesms.services.MESSAGE_SENT"/>
+        </intent-filter>
+    </receiver>
+
     <receiver android:name=".service.MmsListener"
               android:enabled="true"
               android:exported="true"
               android:permission="android.permission.BROADCAST_WAP_PUSH">
              <intent-filter android:priority="1001">
-                 <action android:name="android.provider.Telephony.WAP_PUSH_RECEIVED"></action>
+                 <action android:name="android.provider.Telephony.WAP_PUSH_RECEIVED"/>
+                 <data android:mimeType="application/vnd.wap.mms-message" />
+             </intent-filter>
+             <intent-filter>
+                 <action android:name="android.provider.Telephony.WAP_PUSH_DELIVER"/>
                  <data android:mimeType="application/vnd.wap.mms-message" />
              </intent-filter>
     </receiver>
 
-    <provider android:name=".providers.PartProvider" android:authorities="org.thoughtcrime.provider.securesms" />
+    <receiver android:name=".notifications.MarkReadReceiver"
+              android:enabled="true"
+              android:exported="true">
+        <intent-filter>
+            <action android:name="org.thoughtcrime.securesms.notifications.CLEAR"/>
+        </intent-filter>
+    </receiver>
+
+    <provider android:name=".providers.PartProvider"
+              android:grantUriPermissions="true"
+              android:authorities="org.thoughtcrime.provider.securesms" />
+
+    <receiver android:name=".service.RegistrationNotifier"
+              android:exported="false">
+        <intent-filter>
+            <action android:name="org.thoughtcrime.securesms.REGISTRATION_EVENT" />
+        </intent-filter>
+    </receiver>
+
+    <receiver android:name=".service.DirectoryRefreshListener">
+        <intent-filter>
+            <action android:name="org.whispersystems.whisperpush.DIRECTORY_REFRESH"/>
+            <action android:name="android.intent.action.BOOT_COMPLETED" />
+        </intent-filter>
+    </receiver>
 
        <uses-library android:name="android.test.runner" />
 </application>
-
-<permission android:name="org.thoughtcrime.securesms.ACCESS_SECRETS"
-            android:label="Access to TextSecure Secrets"
-            android:protectionLevel="signature" />
-
-<uses-permission android:name="org.thoughtcrime.securesms.ACCESS_SECRETS"></uses-permission>
-<uses-permission android:name="android.permission.BROADCAST_WAP_PUSH"></uses-permission>
-<uses-permission android:name="android.permission.READ_CONTACTS"></uses-permission>
-<uses-permission android:name="android.permission.WRITE_CONTACTS"></uses-permission>
-<uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED" />
-<uses-permission android:name="android.permission.RECEIVE_SMS"></uses-permission>
-<uses-permission android:name="android.permission.RECEIVE_MMS"></uses-permission>
-<uses-permission android:name="android.permission.READ_SMS"></uses-permission>
-<uses-permission android:name="android.permission.SEND_SMS"></uses-permission>
-<uses-permission android:name="android.permission.WRITE_SMS"></uses-permission>
-<uses-permission android:name="android.permission.VIBRATE"></uses-permission>
-<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
-<uses-permission android:name="android.permission.CHANGE_NETWORK_STATE" />
-<uses-permission android:name="android.permission.READ_PHONE_STATE" />
-<uses-permission android:name="android.permission.WAKE_LOCK" />
-<uses-permission android:name="android.permission.INTERNET" />
-<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
-
-
-<instrumentation android:name="android.test.InstrumentationTestRunner"
-       android:targetPackage="org.thoughtcrime.securesms.tests" android:label="Tests for My App" />
-
 </manifest>

BUILDING.md

@@ -0,0 +1,67 @@
+Building TextSecure
+=====================
+
+Basics
+------
+
+TextSecure uses [Gradle](http://gradle.org) to build the project and to maintain
+dependencies.
+
+Building TextSecure
+-------------------
+
+The following steps should help you (re)build TextSecure from the command line.
+
+1. Checkout the source somewhere on your filesystem with 
+
+        git clone https://github.com/WhisperSystems/TextSecure.git
+
+2. Make sure you have the [Android SDK](https://developer.android.com/sdk/index.html) installed somewhere on your system.
+3. Ensure the "Android Support Repository" and "Android SDK Build-tools" are installed from the Android SDK manager.
+4. Create a local.properties file at the root of your source checkout and add an sdk.dir entry to it.
+
+        sdk.dir=\<path to your sdk installation\>
+
+5. Execute Gradle:
+
+        ./gradlew build
+
+Re-building native components
+-----------------------------
+
+Note: This step is optional; native components are contained as binaries (see [library/libs](library/libs)).
+
+1. Ensure that the Android NDK is installed.
+
+Execute ndk-build:
+
+    cd library
+    ndk-build
+
+Afterwards, execute Gradle as above to re-create the APK.
+
+Setting up a development environment
+------------------------------------
+
+[Android Studio](https://developer.android.com/sdk/installing/studio.html) is the recommended development environment.
+
+1. Install Android Studio.
+2. Make sure the "Android Support Repository" is installed in the Android Studio SDK.
+3. Make sure the latest "Android SDK build-tools" is installed in the Android Studio SDK.
+4. Create a new Android Studio project. from the Quickstart pannel (use File > Close Project to see it), choose "Checkout from Version Control" then "git".
+5. Paste the URL for the TextSecure project when prompted (https://github.com/WhisperSystems/TextSecure.git).
+6. Android studio should detect the presence of a project file and ask you whether to open it. Click "yes".
+7. Default config options should be good enough.
+8. Project initialisation and build should proceed.
+
+Contributing code
+-----------------
+
+Code contributions should be sent via github as pull requests, from feature branches [as explained here](https://help.github.com/articles/using-pull-requests).
+
+Mailing list
+------------
+
+Development discussion happens on the whispersystems mailing list.
+[To join](https://lists.riseup.net/www/info/whispersystems)
+Send emails to whispersystems@lists.riseup.net

README.md

@@ -1,50 +1,73 @@
-TextSecure
-=================
+# TextSecure [![Build Status](https://travis-ci.org/WhisperSystems/TextSecure.svg?branch=master)](https://travis-ci.org/WhisperSystems/TextSecure)
 
-An secure text messaging application for Android.
+TextSecure is a messaging app for easy private communicate with friends.
 
-TextSecure is a replacement for the standard text messaging application, allowing you to send and receive text messages as normal.  Additionally, TextSecure provides:
+TextSecure can use either data (WiFi/3G/4G) or SMS to communicate securely, and all TextSecure
+messages can also be encrypted locally on your device.
 
-1. *Local Encryption* -- All text messages, regardless of destination, that are sent or received with TextSecure are stored in an encrypted database on your phone.
-2. *Wire Encryption* -- When communicating with a recipient who is also using TextSecure, text messages are encrypted during transmission.
+Currently available on the Play store.
 
-Bug tracker
------------
+*[![Play Store Badge](https://developer.android.com/images/brand/en_app_rgb_wo_60.png)](https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms)*
 
-Have a bug? Please create an issue here on GitHub!
+## Contributing Bug reports
+We use GitHub for bug tracking. Please search the existing issues for your bug and create a new one if the issue is not yet tracked!
 
 https://github.com/WhisperSystems/TextSecure/issues
 
+## Contributing Translations
+Interested in helping to translate TextSecure? Contribute here:
 
-Documentation
--------------
+https://www.transifex.com/projects/p/textsecure-official/
 
-Looking for documentation? Check out the wiki!
+## Contributing Code
+Instructions on how to setup your development environment and build TextSecure can be found in  [BUILDING.md](https://github.com/WhisperSystems/TextSecure/blob/master/BUILDING.md).
 
-https://github.com/WhisperSystems/TextSecure/wiki
+If you're new to the TextSecure codebase, we recommend going through our issues and picking out a simple bug to fix (check the "easy" label in our issues) in order to get yourself familiar.
 
-Mailing list
-------------
+For larger changes and feature ideas, we ask that you propose it on the mailing list for a high-level discussion before implementation.
 
-Have a question? Ask on our mailing list!
+This repository is set up with [BitHub](https://whispersystems.org/blog/bithub/), so you can make money for committing to TextSecure. The current BitHub price for an accepted pull request is:
+
+[![Current BitHub Price](https://bithub.herokuapp.com/v1/status/payment/commit/)](https://whispersystems.org/blog/bithub/)
+
+## Contributing Ideas
+Have something you want to say about Open Whisper Systems projects or want to be part of the conversation? Get involved in the mailing list!
 
 whispersystems@lists.riseup.net
 
 https://lists.riseup.net/www/info/whispersystems
 
-Cryptography Notice
-------------
+## Contributing Funds
+[![Donate](https://coinbase.com/assets/buttons/donation_large-6ec72b1a9eec516944e50a22aca7db35.png)](https://whispersystems.org/blog/bithub/)
 
-This distribution includes cryptographic software. The country in which you currently reside may have restrictions on the import, possession, use, and/or re-export to another country, of encryption software. 
-BEFORE using any encryption software, please check your country's laws, regulations and policies concerning the import, possession, or use, and re-export of encryption software, to see if this is permitted. 
+You can add funds to BitHub to directly help further development efforts.
+
+Help
+====
+## Support
+For troubleshooting and questions, please visit our support center!
+
+http://support.whispersystems.org/
+
+## Documentation
+Looking for documentation? Check out the wiki!
+
+https://github.com/WhisperSystems/TextSecure/wiki
+
+# Legal things
+## Cryptography Notice
+
+This distribution includes cryptographic software. The country in which you currently reside may have restrictions on the import, possession, use, and/or re-export to another country, of encryption software.
+BEFORE using any encryption software, please check your country's laws, regulations and policies concerning the import, possession, or use, and re-export of encryption software, to see if this is permitted.
 See <http://www.wassenaar.org/> for more information.
 
-The U.S. Government Department of Commerce, Bureau of Industry and Security (BIS), has classified this software as Export Commodity Control Number (ECCN) 5D002.C.1, which includes information security software using or performing cryptographic functions with asymmetric algorithms. 
+The U.S. Government Department of Commerce, Bureau of Industry and Security (BIS), has classified this software as Export Commodity Control Number (ECCN) 5D002.C.1, which includes information security software using or performing cryptographic functions with asymmetric algorithms.
 The form and manner of this distribution makes it eligible for export under the License Exception ENC Technology Software Unrestricted (TSU) exception (see the BIS Export Administration Regulations, Section 740.13) for both object code and source code.
 
-License
----------------------
+## License
 
 Copyright 2011 Whisper Systems
 
+Copyright 2013-2014 Open Whisper Systems
+
 Licensed under the GPLv3: http://www.gnu.org/licenses/gpl-3.0.html

androidTest/org/thoughtcrime/securesms/database/CanonicalAddressDatabaseTest.java

@@ -0,0 +1,118 @@
+package org.thoughtcrime.securesms.database;
+
+import android.test.InstrumentationTestCase;
+
+import static org.fest.assertions.api.Assertions.assertThat;
+
+public class CanonicalAddressDatabaseTest extends InstrumentationTestCase {
+  private static final String AMBIGUOUS_NUMBER = "222-3333";
+  private static final String SPECIFIC_NUMBER  = "+49 444 222 3333";
+  private static final String EMAIL            = "a@b.fom";
+  private static final String SIMILAR_EMAIL    = "a@b.com";
+  private static final String GROUP            = "__textsecure_group__!000111222333";
+  private static final String SIMILAR_GROUP    = "__textsecure_group__!100111222333";
+  private static final String ALPHA            = "T-Mobile";
+  private static final String SIMILAR_ALPHA    = "T-Mobila";
+
+  private CanonicalAddressDatabase db;
+
+  public void setUp() throws Exception {
+    super.setUp();
+    this.db = CanonicalAddressDatabase.getInstance(getInstrumentation().getTargetContext());
+  }
+
+  public void tearDown() throws Exception {
+
+  }
+
+  /**
+   * Throw two equivalent numbers (one without locale info, one with full info) at the canonical
+   * address db and see that the caching and DB operations work properly in revealing the right
+   * addresses. This is run twice to ensure cache logic is hit.
+   *
+   * @throws Exception
+   */
+  public void testNumberAddressUpdates() throws Exception {
+    final long id = db.getCanonicalAddressId(AMBIGUOUS_NUMBER);
+
+    assertThat(db.getAddressFromId(id)).isEqualTo(AMBIGUOUS_NUMBER);
+    assertThat(db.getCanonicalAddressId(SPECIFIC_NUMBER)).isEqualTo(id);
+    assertThat(db.getAddressFromId(id)).isEqualTo(SPECIFIC_NUMBER);
+    assertThat(db.getCanonicalAddressId(AMBIGUOUS_NUMBER)).isEqualTo(id);
+
+    assertThat(db.getCanonicalAddressId(AMBIGUOUS_NUMBER)).isEqualTo(id);
+    assertThat(db.getAddressFromId(id)).isEqualTo(AMBIGUOUS_NUMBER);
+    assertThat(db.getCanonicalAddressId(SPECIFIC_NUMBER)).isEqualTo(id);
+    assertThat(db.getAddressFromId(id)).isEqualTo(SPECIFIC_NUMBER);
+    assertThat(db.getCanonicalAddressId(AMBIGUOUS_NUMBER)).isEqualTo(id);
+  }
+
+  public void testSimilarNumbers() throws Exception {
+    assertThat(db.getCanonicalAddressId("This is a phone number 222-333-444"))
+        .isNotEqualTo(db.getCanonicalAddressId("222-333-4444"));
+    assertThat(db.getCanonicalAddressId("222-333-444"))
+        .isNotEqualTo(db.getCanonicalAddressId("222-333-4444"));
+    assertThat(db.getCanonicalAddressId("222-333-44"))
+        .isNotEqualTo(db.getCanonicalAddressId("222-333-4444"));
+    assertThat(db.getCanonicalAddressId("222-333-4"))
+        .isNotEqualTo(db.getCanonicalAddressId("222-333-4444"));
+    assertThat(db.getCanonicalAddressId("+49 222-333-4444"))
+        .isNotEqualTo(db.getCanonicalAddressId("+1 222-333-4444"));
+
+    assertThat(db.getCanonicalAddressId("1 222-333-4444"))
+        .isEqualTo(db.getCanonicalAddressId("222-333-4444"));
+    assertThat(db.getCanonicalAddressId("1 (222) 333-4444"))
+        .isEqualTo(db.getCanonicalAddressId("222-333-4444"));
+    assertThat(db.getCanonicalAddressId("+12223334444"))
+        .isEqualTo(db.getCanonicalAddressId("222-333-4444"));
+    assertThat(db.getCanonicalAddressId("+1 (222) 333.4444"))
+        .isEqualTo(db.getCanonicalAddressId("222-333-4444"));
+    assertThat(db.getCanonicalAddressId("+49 (222) 333.4444"))
+        .isEqualTo(db.getCanonicalAddressId("222-333-4444"));
+
+  }
+
+  public void testEmailAddresses() throws Exception {
+    final long emailId        = db.getCanonicalAddressId(EMAIL);
+    final long similarEmailId = db.getCanonicalAddressId(SIMILAR_EMAIL);
+
+    assertThat(emailId).isNotEqualTo(similarEmailId);
+
+    assertThat(db.getAddressFromId(emailId)).isEqualTo(EMAIL);
+    assertThat(db.getAddressFromId(similarEmailId)).isEqualTo(SIMILAR_EMAIL);
+  }
+
+  public void testGroups() throws Exception {
+    final long groupId        = db.getCanonicalAddressId(GROUP);
+    final long similarGroupId = db.getCanonicalAddressId(SIMILAR_GROUP);
+
+    assertThat(groupId).isNotEqualTo(similarGroupId);
+
+    assertThat(db.getAddressFromId(groupId)).isEqualTo(GROUP);
+    assertThat(db.getAddressFromId(similarGroupId)).isEqualTo(SIMILAR_GROUP);
+  }
+
+  public void testAlpha() throws Exception {
+    final long id        = db.getCanonicalAddressId(ALPHA);
+    final long similarId = db.getCanonicalAddressId(SIMILAR_ALPHA);
+
+    assertThat(id).isNotEqualTo(similarId);
+
+    assertThat(db.getAddressFromId(id)).isEqualTo(ALPHA);
+    assertThat(db.getAddressFromId(similarId)).isEqualTo(SIMILAR_ALPHA);
+  }
+
+  public void testIsNumber() throws Exception {
+    assertThat(CanonicalAddressDatabase.isNumberAddress("+495556666777")).isTrue();
+    assertThat(CanonicalAddressDatabase.isNumberAddress("(222) 333-4444")).isTrue();
+    assertThat(CanonicalAddressDatabase.isNumberAddress("1 (222) 333-4444")).isTrue();
+    assertThat(CanonicalAddressDatabase.isNumberAddress("T-Mobile123")).isTrue();
+    assertThat(CanonicalAddressDatabase.isNumberAddress("333-4444")).isTrue();
+    assertThat(CanonicalAddressDatabase.isNumberAddress("12345")).isTrue();
+    assertThat(CanonicalAddressDatabase.isNumberAddress("T-Mobile")).isFalse();
+    assertThat(CanonicalAddressDatabase.isNumberAddress("T-Mobile1")).isFalse();
+    assertThat(CanonicalAddressDatabase.isNumberAddress("Wherever bank")).isFalse();
+    assertThat(CanonicalAddressDatabase.isNumberAddress("__textsecure_group__!afafafafafaf")).isFalse();
+    assertThat(CanonicalAddressDatabase.isNumberAddress("email@domain.com")).isFalse();
+  }
+}

androidTest/org/thoughtcrime/securesms/service/MmsReceiverTest.java

@@ -0,0 +1,28 @@
+package org.thoughtcrime.securesms.service;
+
+import android.content.Intent;
+import android.test.InstrumentationTestCase;
+
+import static org.fest.assertions.api.Assertions.*;
+
+public class MmsReceiverTest extends InstrumentationTestCase {
+
+  private MmsReceiver mmsReceiver;
+
+  public void setUp() throws Exception {
+    super.setUp();
+    mmsReceiver = new MmsReceiver(getInstrumentation().getContext());
+  }
+
+  public void tearDown() throws Exception {
+
+  }
+
+  public void testProcessMalformedData() throws Exception {
+    Intent intent = new Intent();
+    intent.setAction(SendReceiveService.RECEIVE_MMS_ACTION);
+    intent.putExtra("data", new byte[]{0x00});
+    mmsReceiver.process(null, intent);
+  }
+
+}

androidTest/org/thoughtcrime/securesms/util/PhoneNumberFormatterTest.java

@@ -0,0 +1,33 @@
+package org.thoughtcrime.securesms.util;
+
+import android.test.AndroidTestCase;
+
+import junit.framework.AssertionFailedError;
+
+import org.whispersystems.textsecure.util.InvalidNumberException;
+import org.whispersystems.textsecure.util.PhoneNumberFormatter;
+import static org.fest.assertions.api.Assertions.assertThat;
+
+public class PhoneNumberFormatterTest extends AndroidTestCase {
+  private static final String LOCAL_NUMBER = "+15555555555";
+
+  public void testFormatNumberE164() throws Exception, InvalidNumberException {
+    assertThat(PhoneNumberFormatter.formatNumber("(555) 555-5555", LOCAL_NUMBER)).isEqualTo(LOCAL_NUMBER);
+    assertThat(PhoneNumberFormatter.formatNumber("555-5555", LOCAL_NUMBER)).isEqualTo(LOCAL_NUMBER);
+    assertThat(PhoneNumberFormatter.formatNumber("(123) 555-5555", LOCAL_NUMBER)).isNotEqualTo(LOCAL_NUMBER);
+  }
+
+  public void testFormatNumberEmail() throws Exception {
+    try {
+      PhoneNumberFormatter.formatNumber("person@domain.com", LOCAL_NUMBER);
+      throw new AssertionFailedError("should have thrown on email");
+    } catch (InvalidNumberException ine) {
+      // success
+    }
+  }
+
+  @Override
+  public void setUp() throws Exception {
+    super.setUp();
+  }
+}

androidTest/org/thoughtcrime/securesms/util/UtilTest.java

@@ -0,0 +1,9 @@
+package org.thoughtcrime.securesms.util;
+
+import android.test.AndroidTestCase;
+
+import static org.fest.assertions.api.Assertions.assertThat;
+
+public class UtilTest extends AndroidTestCase {
+
+}

apntool/.gitignore

@@ -0,0 +1,2 @@
+*.db
+*.db.gz

apntool/apntool.py

@@ -0,0 +1,76 @@
+import sys
+import argparse
+import sqlite3
+import gzip
+from progressbar import ProgressBar, Counter, Timer
+from lxml import etree
+
+parser = argparse.ArgumentParser(prog='apntool', description="""Process Android's apn xml files and drop them into an easily
+                                                             queryable SQLite db. Tested up to version 9 of their APN file.""")
+parser.add_argument('-v', '--version', action='version', version='%(prog)s v1.0')
+parser.add_argument('-i', '--input', help='the xml file to parse', default='apns.xml', required=False)
+parser.add_argument('-o', '--output', help='the sqlite db output file', default='apns.db', required=False)
+parser.add_argument('--quiet', help='do not show progress or verbose instructions', action='store_true', required=False)
+parser.add_argument('--no-gzip', help="do not gzip after creation", action='store_true', required=False)
+args = parser.parse_args()
+
+try:
+    connection = sqlite3.connect(args.output)
+    cursor = connection.cursor()
+    cursor.execute('SELECT SQLITE_VERSION()')
+    version = cursor.fetchone()
+    if not args.quiet:
+        print("SQLite version: %s" % version)
+        print("Opening %s" % args.input)
+
+    cursor.execute("PRAGMA legacy_file_format=ON")
+    cursor.execute("PRAGMA journal_mode=DELETE")
+    cursor.execute("PRAGMA page_size=32768")
+    cursor.execute("VACUUM")
+    cursor.execute("DROP TABLE IF EXISTS apns")
+    cursor.execute("""CREATE TABLE apns(_id INTEGER PRIMARY KEY, mccmnc TEXT, mcc TEXT, mnc TEXT, carrier TEXT, apn TEXT,
+                mmsc TEXT, port INTEGER, type TEXT, protocol TEXT, bearer TEXT, roaming_protocol TEXT,
+                carrier_enabled INTEGER, mmsproxy TEXT, mmsport INTEGER, proxy TEXT,  mvno_match_data TEXT,
+                mvno_type TEXT, authtype INTEGER, user TEXT, password TEXT, server TEXT)""")
+
+    apns = etree.parse(args.input)
+    root = apns.getroot()
+    pbar = ProgressBar(widgets=['Processed: ', Counter(), ' apns (', Timer(), ')'], maxval=len(list(root))).start() if not args.quiet else None
+
+    count = 0
+    for apn in root.iter("apn"):
+        sqlvars = ["?" for x in apn.attrib.keys()] + ["?"]
+        values = [apn.get(attrib) for attrib in apn.attrib.keys()] + ["%s%s" % (apn.get("mcc"), apn.get("mnc"))]
+        keys = apn.attrib.keys() + ["mccmnc"]
+
+        statement = "INSERT INTO apns (%s) VALUES (%s)" % (", ".join(keys), ", ".join(sqlvars))
+        cursor.execute(statement, values)
+
+        count += 1
+        if not args.quiet:
+            pbar.update(count)
+
+    if not args.quiet:
+        pbar.finish()
+    connection.commit()
+    print("Successfully written to %s" % args.output)
+
+    if not args.no_gzip:
+        gzipped_file = "%s.gz" % (args.output,)
+        with open(args.output, 'rb') as orig:
+            with gzip.open(gzipped_file, 'wb') as gzipped:
+                gzipped.writelines(orig)
+        print("Successfully gzipped to %s" % gzipped_file)
+
+    if not args.quiet:
+        print("\nTo include this in the distribution, copy it to the project's assets/databases/ directory.")
+        print("If you support API 10 or lower, you must use the gzipped version to avoid corruption.")
+
+except sqlite3.Error, e:
+    if connection:
+        connection.rollback()
+    print("Error: %s" % e.args[0])
+    sys.exit(1)
+finally:
+    if connection:
+        connection.close()

apntool/requirements.txt

@@ -0,0 +1,3 @@
+argparse>=1.2.1
+lxml>=3.3.3
+progressbar-latest>=2.4

build.gradle

@@ -0,0 +1,121 @@
+buildscript {
+    repositories {
+        mavenCentral()
+    }
+    dependencies {
+        classpath 'com.android.tools.build:gradle:0.12.2'
+        classpath files('libs/gradle-witness.jar')
+    }
+}
+
+apply plugin: 'com.android.application'
+apply plugin: 'witness'
+
+repositories {
+    mavenCentral()
+    maven {
+        url "https://raw.github.com/whispersystems/maven/master/gcm-client/releases/"
+    }
+    maven {
+        url "https://raw.github.com/whispersystems/maven/master/gson/releases/"
+    }
+    maven {
+        url "https://raw.github.com/whispersystems/maven/master/smil/releases/"
+    }
+}
+
+dependencies {
+    compile 'com.actionbarsherlock:actionbarsherlock:4.4.0@aar'
+    compile 'com.android.support:support-v4:20.0.0'
+    compile 'se.emilsjolander:stickylistheaders:2.2.0'
+    compile 'com.google.android.gms:play-services:5.0.89'
+    compile 'com.astuetz:pagerslidingtabstrip:1.0.1'
+    compile 'org.w3c:smil:1.0.0'
+
+    androidTestCompile 'com.squareup:fest-android:1.0.8'
+
+    compile project(':library')
+}
+
+dependencyVerification {
+    verify = [
+        'com.actionbarsherlock:actionbarsherlock:5ab04d74101f70024b222e3ff9c87bee151ec43331b4a2134b6cc08cf8565819',
+        'com.android.support:support-v4:81f2b1c2c94efd5a4ec7fcd97b6cdcd00e87a933905c5c86103c7319eb024572',
+        'se.emilsjolander:stickylistheaders:89146b46c96fea0e40200474a2625cda10fe94891e4128f53cdb42375091b9b6',
+        'com.google.android.gms:play-services:38f326e525830f1d70f60f594ceafcbdf5b312287ddbecd338fd1ed7958a4b1e',
+        'com.astuetz:pagerslidingtabstrip:f1641396732c7132a7abb837e482e5ee2b0ebb8d10813fc52bbaec2c15c184c2',
+        'org.w3c:smil:085dc40f2bb249651578bfa07499fd08b16ad0886dbe2c4078586a408da62f9b',
+        'com.google.protobuf:protobuf-java:ad9769a22989e688a46af4d3accc348cc501ced22118033230542bc916e33f0b',
+        'com.madgag:sc-light-jdk15on:931f39d351429fb96c2f749e7ecb1a256a8ebbf5edca7995c9cc085b94d1841d',
+        'com.googlecode.libphonenumber:libphonenumber:eba17eae81dd622ea89a00a3a8c025b2f25d342e0d9644c5b62e16f15687c3ab',
+        'org.whispersystems:gson:08f4f7498455d1539c9233e5aac18e9b1805815ef29221572996508eb512fe51',
+    ]
+}
+
+android {
+    compileSdkVersion 19
+    buildToolsVersion '19.1.0'
+
+    defaultConfig {
+        minSdkVersion 9
+        targetSdkVersion 19
+    }
+
+    android {
+        sourceSets {
+            main {
+                manifest.srcFile 'AndroidManifest.xml'
+                java.srcDirs = ['src']
+                resources.srcDirs = ['src']
+                aidl.srcDirs = ['src']
+                renderscript.srcDirs = ['src']
+                res.srcDirs = ['res']
+                assets.srcDirs = ['assets']
+            }
+            androidTest {
+                java.srcDirs = ['androidTest']
+                resources.srcDirs = ['androidTest']
+                aidl.srcDirs = ['androidTest']
+                renderscript.srcDirs = ['androidTest']
+            }
+        }
+    }
+
+    signingConfigs {
+        release
+    }
+    buildTypes {
+        release {
+            signingConfig signingConfigs.release
+        }
+    }
+
+     lintOptions {
+        abortOnError false
+    }
+}
+
+def Properties props = new Properties()
+def propFile = new File('signing.properties')
+
+if (propFile.canRead()){
+    props.load(new FileInputStream(propFile))
+
+    if (props !=null &&
+        props.containsKey('STORE_FILE')     &&
+        props.containsKey('STORE_PASSWORD') &&
+        props.containsKey('KEY_ALIAS')      &&
+        props.containsKey('KEY_PASSWORD'))
+    {
+        android.signingConfigs.release.storeFile = file(props['STORE_FILE'])
+        android.signingConfigs.release.storePassword = props['STORE_PASSWORD']
+        android.signingConfigs.release.keyAlias = props['KEY_ALIAS']
+        android.signingConfigs.release.keyPassword = props['KEY_PASSWORD']
+    } else {
+        println 'signing.properties found but some entries are missing'
+        android.buildTypes.release.signingConfig = null
+    }
+}else {
+    println 'signing.properties not found'
+    android.buildTypes.release.signingConfig = null
+}

contributing.md

@@ -0,0 +1,30 @@
+##Translations
+
+Please do not submit issues or pull requests for translation fixes. Anyone can update the translations in [Transifex](https://www.transifex.com/projects/p/textsecure-official/). Please submit your corrections there.
+
+## Submitting useful bug reports
+1. Search our issues first to make sure this is not a duplicate.
+1. Read the [Submitting useful bug reports guide](https://github.com/WhisperSystems/TextSecure/wiki/Submitting-useful-bug-reports) before posting a bug.
+
+## Development Ideology
+
+Truths which we believe to be self-evident:
+
+1. **The answer is not more options.**  If you feel compelled to add a
+   preference that's exposed to the user, it's very possible you've made
+   a wrong turn somewhere.
+1. **The user doesn't know what a key is.**  We need to minimize the points
+   at which a user is exposed to this sort of terminology as extremely as
+   possible.
+1. **There are no power users.** The idea that some users "understand"
+   concepts better than others has proven to be, for the most part, false.
+   If anything, "power users" are more dangerous than the rest, and we
+   should avoid exposing dangerous functionality to them.
+1. **If it's "like PGP," it's wrong.**  PGP is our spirit guide for what
+   not to do.
+1. **It's an asynchronous world.**  Be wary of anything that is
+   anti-asynchronous: ACKs, protocol confirmations, or any protocol-level
+   "advisory" message.
+1. **There is no such thing as time.** Protocol ideas that require synchronized
+   clocks are doomed to failure. 
+

gradle/wrapper/gradle-wrapper.properties

@@ -0,0 +1,6 @@
+#Mon Jun 09 23:26:49 PDT 2014
+distributionBase=GRADLE_USER_HOME
+distributionPath=wrapper/dists
+zipStoreBase=GRADLE_USER_HOME
+zipStorePath=wrapper/dists
+distributionUrl=http\://services.gradle.org/distributions/gradle-1.12-all.zip

gradlew

@@ -0,0 +1,164 @@
+#!/usr/bin/env bash
+
+##############################################################################
+##
+##  Gradle start up script for UN*X
+##
+##############################################################################
+
+# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+DEFAULT_JVM_OPTS=""
+
+APP_NAME="Gradle"
+APP_BASE_NAME=`basename "$0"`
+
+# Use the maximum available, or set MAX_FD != -1 to use that value.
+MAX_FD="maximum"
+
+warn ( ) {
+    echo "$*"
+}
+
+die ( ) {
+    echo
+    echo "$*"
+    echo
+    exit 1
+}
+
+# OS specific support (must be 'true' or 'false').
+cygwin=false
+msys=false
+darwin=false
+case "`uname`" in
+  CYGWIN* )
+    cygwin=true
+    ;;
+  Darwin* )
+    darwin=true
+    ;;
+  MINGW* )
+    msys=true
+    ;;
+esac
+
+# For Cygwin, ensure paths are in UNIX format before anything is touched.
+if $cygwin ; then
+    [ -n "$JAVA_HOME" ] && JAVA_HOME=`cygpath --unix "$JAVA_HOME"`
+fi
+
+# Attempt to set APP_HOME
+# Resolve links: $0 may be a link
+PRG="$0"
+# Need this for relative symlinks.
+while [ -h "$PRG" ] ; do
+    ls=`ls -ld "$PRG"`
+    link=`expr "$ls" : '.*-> \(.*\)$'`
+    if expr "$link" : '/.*' > /dev/null; then
+        PRG="$link"
+    else
+        PRG=`dirname "$PRG"`"/$link"
+    fi
+done
+SAVED="`pwd`"
+cd "`dirname \"$PRG\"`/" >&-
+APP_HOME="`pwd -P`"
+cd "$SAVED" >&-
+
+CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
+
+# Determine the Java command to use to start the JVM.
+if [ -n "$JAVA_HOME" ] ; then
+    if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
+        # IBM's JDK on AIX uses strange locations for the executables
+        JAVACMD="$JAVA_HOME/jre/sh/java"
+    else
+        JAVACMD="$JAVA_HOME/bin/java"
+    fi
+    if [ ! -x "$JAVACMD" ] ; then
+        die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+    fi
+else
+    JAVACMD="java"
+    which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+fi
+
+# Increase the maximum file descriptors if we can.
+if [ "$cygwin" = "false" -a "$darwin" = "false" ] ; then
+    MAX_FD_LIMIT=`ulimit -H -n`
+    if [ $? -eq 0 ] ; then
+        if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then
+            MAX_FD="$MAX_FD_LIMIT"
+        fi
+        ulimit -n $MAX_FD
+        if [ $? -ne 0 ] ; then
+            warn "Could not set maximum file descriptor limit: $MAX_FD"
+        fi
+    else
+        warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT"
+    fi
+fi
+
+# For Darwin, add options to specify how the application appears in the dock
+if $darwin; then
+    GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\""
+fi
+
+# For Cygwin, switch paths to Windows format before running java
+if $cygwin ; then
+    APP_HOME=`cygpath --path --mixed "$APP_HOME"`
+    CLASSPATH=`cygpath --path --mixed "$CLASSPATH"`
+
+    # We build the pattern for arguments to be converted via cygpath
+    ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null`
+    SEP=""
+    for dir in $ROOTDIRSRAW ; do
+        ROOTDIRS="$ROOTDIRS$SEP$dir"
+        SEP="|"
+    done
+    OURCYGPATTERN="(^($ROOTDIRS))"
+    # Add a user-defined pattern to the cygpath arguments
+    if [ "$GRADLE_CYGPATTERN" != "" ] ; then
+        OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)"
+    fi
+    # Now convert the arguments - kludge to limit ourselves to /bin/sh
+    i=0
+    for arg in "$@" ; do
+        CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -`
+        CHECK2=`echo "$arg"|egrep -c "^-"`                                 ### Determine if an option
+
+        if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then                    ### Added a condition
+            eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"`
+        else
+            eval `echo args$i`="\"$arg\""
+        fi
+        i=$((i+1))
+    done
+    case $i in
+        (0) set -- ;;
+        (1) set -- "$args0" ;;
+        (2) set -- "$args0" "$args1" ;;
+        (3) set -- "$args0" "$args1" "$args2" ;;
+        (4) set -- "$args0" "$args1" "$args2" "$args3" ;;
+        (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
+        (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
+        (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
+        (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
+        (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
+    esac
+fi
+
+# Split up the JVM_OPTS And GRADLE_OPTS values into an array, following the shell quoting and substitution rules
+function splitJvmOpts() {
+    JVM_OPTS=("$@")
+}
+eval splitJvmOpts $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS
+JVM_OPTS[${#JVM_OPTS[*]}]="-Dorg.gradle.appname=$APP_BASE_NAME"
+
+exec "$JAVACMD" "${JVM_OPTS[@]}" -classpath "$CLASSPATH" org.gradle.wrapper.GradleWrapperMain "$@"

gradlew.bat

@@ -0,0 +1,90 @@
+@if "%DEBUG%" == "" @echo off
+@rem ##########################################################################
+@rem
+@rem  Gradle startup script for Windows
+@rem
+@rem ##########################################################################
+
+@rem Set local scope for the variables with windows NT shell
+if "%OS%"=="Windows_NT" setlocal
+
+@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+set DEFAULT_JVM_OPTS=
+
+set DIRNAME=%~dp0
+if "%DIRNAME%" == "" set DIRNAME=.
+set APP_BASE_NAME=%~n0
+set APP_HOME=%DIRNAME%
+
+@rem Find java.exe
+if defined JAVA_HOME goto findJavaFromJavaHome
+
+set JAVA_EXE=java.exe
+%JAVA_EXE% -version >NUL 2>&1
+if "%ERRORLEVEL%" == "0" goto init
+
+echo.
+echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+echo.
+echo Please set the JAVA_HOME variable in your environment to match the
+echo location of your Java installation.
+
+goto fail
+
+:findJavaFromJavaHome
+set JAVA_HOME=%JAVA_HOME:"=%
+set JAVA_EXE=%JAVA_HOME%/bin/java.exe
+
+if exist "%JAVA_EXE%" goto init
+
+echo.
+echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
+echo.
+echo Please set the JAVA_HOME variable in your environment to match the
+echo location of your Java installation.
+
+goto fail
+
+:init
+@rem Get command-line arguments, handling Windowz variants
+
+if not "%OS%" == "Windows_NT" goto win9xME_args
+if "%@eval[2+2]" == "4" goto 4NT_args
+
+:win9xME_args
+@rem Slurp the command line arguments.
+set CMD_LINE_ARGS=
+set _SKIP=2
+
+:win9xME_args_slurp
+if "x%~1" == "x" goto execute
+
+set CMD_LINE_ARGS=%*
+goto execute
+
+:4NT_args
+@rem Get arguments from the 4NT Shell from JP Software
+set CMD_LINE_ARGS=%$
+
+:execute
+@rem Setup the command line
+
+set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
+
+@rem Execute Gradle
+"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS%
+
+:end
+@rem End local scope for the variables with windows NT shell
+if "%ERRORLEVEL%"=="0" goto mainEnd
+
+:fail
+rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
+rem the _cmd.exe /c_ return code!
+if  not "" == "%GRADLE_EXIT_CONSOLE%" exit 1
+exit /b 1
+
+:mainEnd
+if "%OS%"=="Windows_NT" endlocal
+
+:omega

library/AndroidManifest.xml

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="utf-8"?>
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+          package="org.whispersystems.textsecure"
+          android:versionCode="1"
+          android:versionName="0.1">
+    <uses-sdk android:minSdkVersion="9" android:targetSdkVersion="16"/>
+    <application />
+</manifest>

library/build.gradle

@@ -0,0 +1,58 @@
+buildscript {
+    repositories {
+        mavenCentral()
+    }
+
+    dependencies {
+        classpath 'com.android.tools.build:gradle:0.12.2'
+    }
+}
+
+apply plugin: 'android-library'
+apply plugin: 'maven'
+
+repositories {
+    mavenCentral()
+    maven {
+        url "https://raw.github.com/whispersystems/maven/master/gson/releases/"
+    }
+}
+
+dependencies {
+    compile 'com.google.protobuf:protobuf-java:2.4.1'
+    compile 'com.madgag:sc-light-jdk15on:1.47.0.2'
+    compile 'com.googlecode.libphonenumber:libphonenumber:6.1'
+    compile 'org.whispersystems:gson:2.2.4'
+}
+
+android {
+    compileSdkVersion 19
+    buildToolsVersion '19.1.0'
+
+    android {
+        sourceSets {
+            main {
+                manifest.srcFile 'AndroidManifest.xml'
+                java.srcDirs = ['src']
+                resources.srcDirs = ['src']
+                aidl.srcDirs = ['src']
+                renderscript.srcDirs = ['src']
+                res.srcDirs = ['res']
+                assets.srcDirs = ['assets']
+                jniLibs.srcDirs = ['libs']
+            }
+        }
+    }
+}
+
+version '0.1'
+group 'org.whispersystems.textsecure'
+archivesBaseName = 'textsecure-library'
+
+uploadArchives {
+    repositories {
+        mavenDeployer {
+            repository(url: mavenLocal().getUrl())
+        }
+    }
+}

library/build.xml

@@ -0,0 +1,92 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project name="library" default="help">
+
+    <!-- The local.properties file is created and updated by the 'android' tool.
+         It contains the path to the SDK. It should *NOT* be checked into
+         Version Control Systems. -->
+    <property file="local.properties"/>
+
+    <!-- The ant.properties file can be created by you. It is only edited by the
+         'android' tool to add properties to it.
+         This is the place to change some Ant specific build properties.
+         Here are some properties you may want to change/update:
+
+         source.dir
+             The name of the source directory. Default is 'src'.
+         out.dir
+             The name of the output directory. Default is 'bin'.
+
+         For other overridable properties, look at the beginning of the rules
+         files in the SDK, at tools/ant/build.xml
+
+         Properties related to the SDK location or the project target should
+         be updated using the 'android' tool with the 'update' action.
+
+         This file is an integral part of the build system for your
+         application and should be checked into Version Control Systems.
+
+         -->
+    <property file="ant.properties"/>
+
+    <!-- if sdk.dir was not set from one of the property file, then
+         get it from the ANDROID_HOME env var.
+         This must be done before we load project.properties since
+         the proguard config can use sdk.dir -->
+    <property environment="env"/>
+    <condition property="sdk.dir" value="${env.ANDROID_HOME}">
+        <isset property="env.ANDROID_HOME"/>
+    </condition>
+
+    <!-- The project.properties file is created and updated by the 'android'
+         tool, as well as ADT.
+
+         This contains project specific properties such as project target, and library
+         dependencies. Lower level build properties are stored in ant.properties
+         (or in .classpath for Eclipse projects).
+
+         This file is an integral part of the build system for your
+         application and should be checked into Version Control Systems. -->
+    <loadproperties srcFile="project.properties"/>
+
+    <!-- quick check on sdk.dir -->
+    <fail
+            message="sdk.dir is missing. Make sure to generate local.properties using 'android update project' or to inject it through the ANDROID_HOME environment variable."
+            unless="sdk.dir"
+            />
+
+    <!--
+        Import per project custom build rules if present at the root of the project.
+        This is the place to put custom intermediary targets such as:
+            -pre-build
+            -pre-compile
+            -post-compile (This is typically used for code obfuscation.
+                           Compiled code location: ${out.classes.absolute.dir}
+                           If this is not done in place, override ${out.dex.input.absolute.dir})
+            -post-package
+            -post-build
+            -pre-clean
+    -->
+    <import file="custom_rules.xml" optional="true"/>
+
+    <!-- Import the actual build file.
+
+         To customize existing targets, there are two options:
+         - Customize only one target:
+             - copy/paste the target into this file, *before* the
+               <import> task.
+             - customize it to your needs.
+         - Customize the whole content of build.xml
+             - copy/paste the content of the rules files (minus the top node)
+               into this file, replacing the <import> task.
+             - customize to your needs.
+
+         ***********************
+         ****** IMPORTANT ******
+         ***********************
+         In all cases you must update the value of version-tag below to read 'custom' instead of an integer,
+         in order to avoid having your file be overridden by tools such as "android update project"
+    -->
+    <!-- version-tag: 1 -->
+    <import file="${sdk.dir}/tools/ant/build.xml"/>
+
+</project>

library/jni/Android.mk

@@ -0,0 +1,17 @@
+LOCAL_PATH:= $(call my-dir)
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE    := libcurve25519-donna
+LOCAL_SRC_FILES := curve25519-donna.c
+
+include $(BUILD_STATIC_LIBRARY)
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE    := libcurve25519
+LOCAL_SRC_FILES := curve25519-donna-jni.c
+
+LOCAL_STATIC_LIBRARIES := libcurve25519-donna
+
+include $(BUILD_SHARED_LIBRARY)

library/jni/Application.mk

@@ -0,0 +1 @@
+APP_ABI := armeabi armeabi-v7a x86

library/jni/curve25519-donna-jni.c

@@ -0,0 +1,75 @@
+/**
+ * Copyright (C) 2013 Open Whisper Systems
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <string.h>
+#include <stdint.h>
+
+#include <jni.h>
+#include "curve25519-donna.h"
+
+JNIEXPORT jbyteArray JNICALL Java_org_whispersystems_textsecure_crypto_ecc_Curve25519_generatePrivateKey
+  (JNIEnv *env, jclass clazz, jbyteArray random, jboolean ephemeral)
+{
+  uint8_t* privateKey = (uint8_t*)(*env)->GetByteArrayElements(env, random, 0);
+
+  privateKey[0] &= 248;
+
+  if (ephemeral) {
+    privateKey[0] |= 1;
+  }
+
+  privateKey[31] &= 127;
+  privateKey[31] |= 64;
+
+  (*env)->ReleaseByteArrayElements(env, random, privateKey, 0);
+
+  return random;
+}
+
+JNIEXPORT jbyteArray JNICALL Java_org_whispersystems_textsecure_crypto_ecc_Curve25519_generatePublicKey
+  (JNIEnv *env, jclass clazz, jbyteArray privateKey)
+{
+    static const uint8_t  basepoint[32] = {9};
+
+    jbyteArray publicKey       = (*env)->NewByteArray(env, 32);
+    uint8_t*   publicKeyBytes  = (uint8_t*)(*env)->GetByteArrayElements(env, publicKey, 0);
+    uint8_t*   privateKeyBytes = (uint8_t*)(*env)->GetByteArrayElements(env, privateKey, 0);
+
+    curve25519_donna(publicKeyBytes, privateKeyBytes, basepoint);
+
+    (*env)->ReleaseByteArrayElements(env, publicKey, publicKeyBytes, 0);
+    (*env)->ReleaseByteArrayElements(env, privateKey, privateKeyBytes, 0);
+
+    return publicKey;
+}
+
+JNIEXPORT jbyteArray JNICALL Java_org_whispersystems_textsecure_crypto_ecc_Curve25519_calculateAgreement
+  (JNIEnv *env, jclass clazz, jbyteArray privateKey, jbyteArray publicKey)
+{
+    jbyteArray sharedKey       = (*env)->NewByteArray(env, 32);
+    uint8_t*   sharedKeyBytes  = (uint8_t*)(*env)->GetByteArrayElements(env, sharedKey, 0);
+    uint8_t*   privateKeyBytes = (uint8_t*)(*env)->GetByteArrayElements(env, privateKey, 0);
+    uint8_t*   publicKeyBytes  = (uint8_t*)(*env)->GetByteArrayElements(env, publicKey, 0);
+
+    curve25519_donna(sharedKeyBytes, privateKeyBytes, publicKeyBytes);
+
+    (*env)->ReleaseByteArrayElements(env, sharedKey, sharedKeyBytes, 0);
+    (*env)->ReleaseByteArrayElements(env, publicKey, publicKeyBytes, 0);
+    (*env)->ReleaseByteArrayElements(env, privateKey, privateKeyBytes, 0);
+
+    return sharedKey;
+}

library/jni/curve25519-donna.c

@@ -0,0 +1,731 @@
+/* Copyright 2008, Google Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ *     * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * curve25519-donna: Curve25519 elliptic curve, public key function
+ *
+ * http://code.google.com/p/curve25519-donna/
+ *
+ * Adam Langley <agl@imperialviolet.org>
+ *
+ * Derived from public domain C code by Daniel J. Bernstein <djb@cr.yp.to>
+ *
+ * More information about curve25519 can be found here
+ *   http://cr.yp.to/ecdh.html
+ *
+ * djb's sample implementation of curve25519 is written in a special assembly
+ * language called qhasm and uses the floating point registers.
+ *
+ * This is, almost, a clean room reimplementation from the curve25519 paper. It
+ * uses many of the tricks described therein. Only the crecip function is taken
+ * from the sample implementation.
+ */
+
+#include <string.h>
+#include <stdint.h>
+
+#ifdef _MSC_VER
+#define inline __inline
+#endif
+
+typedef uint8_t u8;
+typedef int32_t s32;
+typedef int64_t limb;
+
+/* Field element representation:
+ *
+ * Field elements are written as an array of signed, 64-bit limbs, least
+ * significant first. The value of the field element is:
+ *   x[0] + 2^26·x[1] + x^51·x[2] + 2^102·x[3] + ...
+ *
+ * i.e. the limbs are 26, 25, 26, 25, ... bits wide.
+ */
+
+/* Sum two numbers: output += in */
+static void fsum(limb *output, const limb *in) {
+  unsigned i;
+  for (i = 0; i < 10; i += 2) {
+    output[0+i] = (output[0+i] + in[0+i]);
+    output[1+i] = (output[1+i] + in[1+i]);
+  }
+}
+
+/* Find the difference of two numbers: output = in - output
+ * (note the order of the arguments!)
+ */
+static void fdifference(limb *output, const limb *in) {
+  unsigned i;
+  for (i = 0; i < 10; ++i) {
+    output[i] = (in[i] - output[i]);
+  }
+}
+
+/* Multiply a number by a scalar: output = in * scalar */
+static void fscalar_product(limb *output, const limb *in, const limb scalar) {
+  unsigned i;
+  for (i = 0; i < 10; ++i) {
+    output[i] = in[i] * scalar;
+  }
+}
+
+/* Multiply two numbers: output = in2 * in
+ *
+ * output must be distinct to both inputs. The inputs are reduced coefficient
+ * form, the output is not.
+ */
+static void fproduct(limb *output, const limb *in2, const limb *in) {
+  output[0] =       ((limb) ((s32) in2[0])) * ((s32) in[0]);
+  output[1] =       ((limb) ((s32) in2[0])) * ((s32) in[1]) +
+                    ((limb) ((s32) in2[1])) * ((s32) in[0]);
+  output[2] =  2 *  ((limb) ((s32) in2[1])) * ((s32) in[1]) +
+                    ((limb) ((s32) in2[0])) * ((s32) in[2]) +
+                    ((limb) ((s32) in2[2])) * ((s32) in[0]);
+  output[3] =       ((limb) ((s32) in2[1])) * ((s32) in[2]) +
+                    ((limb) ((s32) in2[2])) * ((s32) in[1]) +
+                    ((limb) ((s32) in2[0])) * ((s32) in[3]) +
+                    ((limb) ((s32) in2[3])) * ((s32) in[0]);
+  output[4] =       ((limb) ((s32) in2[2])) * ((s32) in[2]) +
+               2 * (((limb) ((s32) in2[1])) * ((s32) in[3]) +
+                    ((limb) ((s32) in2[3])) * ((s32) in[1])) +
+                    ((limb) ((s32) in2[0])) * ((s32) in[4]) +
+                    ((limb) ((s32) in2[4])) * ((s32) in[0]);
+  output[5] =       ((limb) ((s32) in2[2])) * ((s32) in[3]) +
+                    ((limb) ((s32) in2[3])) * ((s32) in[2]) +
+                    ((limb) ((s32) in2[1])) * ((s32) in[4]) +
+                    ((limb) ((s32) in2[4])) * ((s32) in[1]) +
+                    ((limb) ((s32) in2[0])) * ((s32) in[5]) +
+                    ((limb) ((s32) in2[5])) * ((s32) in[0]);
+  output[6] =  2 * (((limb) ((s32) in2[3])) * ((s32) in[3]) +
+                    ((limb) ((s32) in2[1])) * ((s32) in[5]) +
+                    ((limb) ((s32) in2[5])) * ((s32) in[1])) +
+                    ((limb) ((s32) in2[2])) * ((s32) in[4]) +
+                    ((limb) ((s32) in2[4])) * ((s32) in[2]) +
+                    ((limb) ((s32) in2[0])) * ((s32) in[6]) +
+                    ((limb) ((s32) in2[6])) * ((s32) in[0]);
+  output[7] =       ((limb) ((s32) in2[3])) * ((s32) in[4]) +
+                    ((limb) ((s32) in2[4])) * ((s32) in[3]) +
+                    ((limb) ((s32) in2[2])) * ((s32) in[5]) +
+                    ((limb) ((s32) in2[5])) * ((s32) in[2]) +
+                    ((limb) ((s32) in2[1])) * ((s32) in[6]) +
+                    ((limb) ((s32) in2[6])) * ((s32) in[1]) +
+                    ((limb) ((s32) in2[0])) * ((s32) in[7]) +
+                    ((limb) ((s32) in2[7])) * ((s32) in[0]);
+  output[8] =       ((limb) ((s32) in2[4])) * ((s32) in[4]) +
+               2 * (((limb) ((s32) in2[3])) * ((s32) in[5]) +
+                    ((limb) ((s32) in2[5])) * ((s32) in[3]) +
+                    ((limb) ((s32) in2[1])) * ((s32) in[7]) +
+                    ((limb) ((s32) in2[7])) * ((s32) in[1])) +
+                    ((limb) ((s32) in2[2])) * ((s32) in[6]) +
+                    ((limb) ((s32) in2[6])) * ((s32) in[2]) +
+                    ((limb) ((s32) in2[0])) * ((s32) in[8]) +
+                    ((limb) ((s32) in2[8])) * ((s32) in[0]);
+  output[9] =       ((limb) ((s32) in2[4])) * ((s32) in[5]) +
+                    ((limb) ((s32) in2[5])) * ((s32) in[4]) +
+                    ((limb) ((s32) in2[3])) * ((s32) in[6]) +
+                    ((limb) ((s32) in2[6])) * ((s32) in[3]) +
+                    ((limb) ((s32) in2[2])) * ((s32) in[7]) +
+                    ((limb) ((s32) in2[7])) * ((s32) in[2]) +
+                    ((limb) ((s32) in2[1])) * ((s32) in[8]) +
+                    ((limb) ((s32) in2[8])) * ((s32) in[1]) +
+                    ((limb) ((s32) in2[0])) * ((s32) in[9]) +
+                    ((limb) ((s32) in2[9])) * ((s32) in[0]);
+  output[10] = 2 * (((limb) ((s32) in2[5])) * ((s32) in[5]) +
+                    ((limb) ((s32) in2[3])) * ((s32) in[7]) +
+                    ((limb) ((s32) in2[7])) * ((s32) in[3]) +
+                    ((limb) ((s32) in2[1])) * ((s32) in[9]) +
+                    ((limb) ((s32) in2[9])) * ((s32) in[1])) +
+                    ((limb) ((s32) in2[4])) * ((s32) in[6]) +
+                    ((limb) ((s32) in2[6])) * ((s32) in[4]) +
+                    ((limb) ((s32) in2[2])) * ((s32) in[8]) +
+                    ((limb) ((s32) in2[8])) * ((s32) in[2]);
+  output[11] =      ((limb) ((s32) in2[5])) * ((s32) in[6]) +
+                    ((limb) ((s32) in2[6])) * ((s32) in[5]) +
+                    ((limb) ((s32) in2[4])) * ((s32) in[7]) +
+                    ((limb) ((s32) in2[7])) * ((s32) in[4]) +
+                    ((limb) ((s32) in2[3])) * ((s32) in[8]) +
+                    ((limb) ((s32) in2[8])) * ((s32) in[3]) +
+                    ((limb) ((s32) in2[2])) * ((s32) in[9]) +
+                    ((limb) ((s32) in2[9])) * ((s32) in[2]);
+  output[12] =      ((limb) ((s32) in2[6])) * ((s32) in[6]) +
+               2 * (((limb) ((s32) in2[5])) * ((s32) in[7]) +
+                    ((limb) ((s32) in2[7])) * ((s32) in[5]) +
+                    ((limb) ((s32) in2[3])) * ((s32) in[9]) +
+                    ((limb) ((s32) in2[9])) * ((s32) in[3])) +
+                    ((limb) ((s32) in2[4])) * ((s32) in[8]) +
+                    ((limb) ((s32) in2[8])) * ((s32) in[4]);
+  output[13] =      ((limb) ((s32) in2[6])) * ((s32) in[7]) +
+                    ((limb) ((s32) in2[7])) * ((s32) in[6]) +
+                    ((limb) ((s32) in2[5])) * ((s32) in[8]) +
+                    ((limb) ((s32) in2[8])) * ((s32) in[5]) +
+                    ((limb) ((s32) in2[4])) * ((s32) in[9]) +
+                    ((limb) ((s32) in2[9])) * ((s32) in[4]);
+  output[14] = 2 * (((limb) ((s32) in2[7])) * ((s32) in[7]) +
+                    ((limb) ((s32) in2[5])) * ((s32) in[9]) +
+                    ((limb) ((s32) in2[9])) * ((s32) in[5])) +
+                    ((limb) ((s32) in2[6])) * ((s32) in[8]) +
+                    ((limb) ((s32) in2[8])) * ((s32) in[6]);
+  output[15] =      ((limb) ((s32) in2[7])) * ((s32) in[8]) +
+                    ((limb) ((s32) in2[8])) * ((s32) in[7]) +
+                    ((limb) ((s32) in2[6])) * ((s32) in[9]) +
+                    ((limb) ((s32) in2[9])) * ((s32) in[6]);
+  output[16] =      ((limb) ((s32) in2[8])) * ((s32) in[8]) +
+               2 * (((limb) ((s32) in2[7])) * ((s32) in[9]) +
+                    ((limb) ((s32) in2[9])) * ((s32) in[7]));
+  output[17] =      ((limb) ((s32) in2[8])) * ((s32) in[9]) +
+                    ((limb) ((s32) in2[9])) * ((s32) in[8]);
+  output[18] = 2 *  ((limb) ((s32) in2[9])) * ((s32) in[9]);
+}
+
+/* Reduce a long form to a short form by taking the input mod 2^255 - 19. */
+static void freduce_degree(limb *output) {
+  /* Each of these shifts and adds ends up multiplying the value by 19. */
+  output[8] += output[18] << 4;
+  output[8] += output[18] << 1;
+  output[8] += output[18];
+  output[7] += output[17] << 4;
+  output[7] += output[17] << 1;
+  output[7] += output[17];
+  output[6] += output[16] << 4;
+  output[6] += output[16] << 1;
+  output[6] += output[16];
+  output[5] += output[15] << 4;
+  output[5] += output[15] << 1;
+  output[5] += output[15];
+  output[4] += output[14] << 4;
+  output[4] += output[14] << 1;
+  output[4] += output[14];
+  output[3] += output[13] << 4;
+  output[3] += output[13] << 1;
+  output[3] += output[13];
+  output[2] += output[12] << 4;
+  output[2] += output[12] << 1;
+  output[2] += output[12];
+  output[1] += output[11] << 4;
+  output[1] += output[11] << 1;
+  output[1] += output[11];
+  output[0] += output[10] << 4;
+  output[0] += output[10] << 1;
+  output[0] += output[10];
+}
+
+#if (-1 & 3) != 3
+#error "This code only works on a two's complement system"
+#endif
+
+/* return v / 2^26, using only shifts and adds. */
+static inline limb
+div_by_2_26(const limb v)
+{
+  /* High word of v; no shift needed*/
+  const uint32_t highword = (uint32_t) (((uint64_t) v) >> 32);
+  /* Set to all 1s if v was negative; else set to 0s. */
+  const int32_t sign = ((int32_t) highword) >> 31;
+  /* Set to 0x3ffffff if v was negative; else set to 0. */
+  const int32_t roundoff = ((uint32_t) sign) >> 6;
+  /* Should return v / (1<<26) */
+  return (v + roundoff) >> 26;
+}
+
+/* return v / (2^25), using only shifts and adds. */
+static inline limb
+div_by_2_25(const limb v)
+{
+  /* High word of v; no shift needed*/
+  const uint32_t highword = (uint32_t) (((uint64_t) v) >> 32);
+  /* Set to all 1s if v was negative; else set to 0s. */
+  const int32_t sign = ((int32_t) highword) >> 31;
+  /* Set to 0x1ffffff if v was negative; else set to 0. */
+  const int32_t roundoff = ((uint32_t) sign) >> 7;
+  /* Should return v / (1<<25) */
+  return (v + roundoff) >> 25;
+}
+
+static inline s32
+div_s32_by_2_25(const s32 v)
+{
+   const s32 roundoff = ((uint32_t)(v >> 31)) >> 7;
+   return (v + roundoff) >> 25;
+}
+
+/* Reduce all coefficients of the short form input so that |x| < 2^26.
+ *
+ * On entry: |output[i]| < 2^62
+ */
+static void freduce_coefficients(limb *output) {
+  unsigned i;
+
+  output[10] = 0;
+
+  for (i = 0; i < 10; i += 2) {
+    limb over = div_by_2_26(output[i]);
+    output[i] -= over << 26;
+    output[i+1] += over;
+
+    over = div_by_2_25(output[i+1]);
+    output[i+1] -= over << 25;
+    output[i+2] += over;
+  }
+  /* Now |output[10]| < 2 ^ 38 and all other coefficients are reduced. */
+  output[0] += output[10] << 4;
+  output[0] += output[10] << 1;
+  output[0] += output[10];
+
+  output[10] = 0;
+
+  /* Now output[1..9] are reduced, and |output[0]| < 2^26 + 19 * 2^38
+   * So |over| will be no more than 77825  */
+  {
+    limb over = div_by_2_26(output[0]);
+    output[0] -= over << 26;
+    output[1] += over;
+  }
+
+  /* Now output[0,2..9] are reduced, and |output[1]| < 2^25 + 77825
+   * So |over| will be no more than 1. */
+  {
+    /* output[1] fits in 32 bits, so we can use div_s32_by_2_25 here. */
+    s32 over32 = div_s32_by_2_25((s32) output[1]);
+    output[1] -= over32 << 25;
+    output[2] += over32;
+  }
+
+  /* Finally, output[0,1,3..9] are reduced, and output[2] is "nearly reduced":
+   * we have |output[2]| <= 2^26.  This is good enough for all of our math,
+   * but it will require an extra freduce_coefficients before fcontract. */
+}
+
+/* A helpful wrapper around fproduct: output = in * in2.
+ *
+ * output must be distinct to both inputs. The output is reduced degree and
+ * reduced coefficient.
+ */
+static void
+fmul(limb *output, const limb *in, const limb *in2) {
+  limb t[19];
+  fproduct(t, in, in2);
+  freduce_degree(t);
+  freduce_coefficients(t);
+  memcpy(output, t, sizeof(limb) * 10);
+}
+
+static void fsquare_inner(limb *output, const limb *in) {
+  output[0] =       ((limb) ((s32) in[0])) * ((s32) in[0]);
+  output[1] =  2 *  ((limb) ((s32) in[0])) * ((s32) in[1]);
+  output[2] =  2 * (((limb) ((s32) in[1])) * ((s32) in[1]) +
+                    ((limb) ((s32) in[0])) * ((s32) in[2]));
+  output[3] =  2 * (((limb) ((s32) in[1])) * ((s32) in[2]) +
+                    ((limb) ((s32) in[0])) * ((s32) in[3]));
+  output[4] =       ((limb) ((s32) in[2])) * ((s32) in[2]) +
+               4 *  ((limb) ((s32) in[1])) * ((s32) in[3]) +
+               2 *  ((limb) ((s32) in[0])) * ((s32) in[4]);
+  output[5] =  2 * (((limb) ((s32) in[2])) * ((s32) in[3]) +
+                    ((limb) ((s32) in[1])) * ((s32) in[4]) +
+                    ((limb) ((s32) in[0])) * ((s32) in[5]));
+  output[6] =  2 * (((limb) ((s32) in[3])) * ((s32) in[3]) +
+                    ((limb) ((s32) in[2])) * ((s32) in[4]) +
+                    ((limb) ((s32) in[0])) * ((s32) in[6]) +
+               2 *  ((limb) ((s32) in[1])) * ((s32) in[5]));
+  output[7] =  2 * (((limb) ((s32) in[3])) * ((s32) in[4]) +
+                    ((limb) ((s32) in[2])) * ((s32) in[5]) +
+                    ((limb) ((s32) in[1])) * ((s32) in[6]) +
+                    ((limb) ((s32) in[0])) * ((s32) in[7]));
+  output[8] =       ((limb) ((s32) in[4])) * ((s32) in[4]) +
+               2 * (((limb) ((s32) in[2])) * ((s32) in[6]) +
+                    ((limb) ((s32) in[0])) * ((s32) in[8]) +
+               2 * (((limb) ((s32) in[1])) * ((s32) in[7]) +
+                    ((limb) ((s32) in[3])) * ((s32) in[5])));
+  output[9] =  2 * (((limb) ((s32) in[4])) * ((s32) in[5]) +
+                    ((limb) ((s32) in[3])) * ((s32) in[6]) +
+                    ((limb) ((s32) in[2])) * ((s32) in[7]) +
+                    ((limb) ((s32) in[1])) * ((s32) in[8]) +
+                    ((limb) ((s32) in[0])) * ((s32) in[9]));
+  output[10] = 2 * (((limb) ((s32) in[5])) * ((s32) in[5]) +
+                    ((limb) ((s32) in[4])) * ((s32) in[6]) +
+                    ((limb) ((s32) in[2])) * ((s32) in[8]) +
+               2 * (((limb) ((s32) in[3])) * ((s32) in[7]) +
+                    ((limb) ((s32) in[1])) * ((s32) in[9])));
+  output[11] = 2 * (((limb) ((s32) in[5])) * ((s32) in[6]) +
+                    ((limb) ((s32) in[4])) * ((s32) in[7]) +
+                    ((limb) ((s32) in[3])) * ((s32) in[8]) +
+                    ((limb) ((s32) in[2])) * ((s32) in[9]));
+  output[12] =      ((limb) ((s32) in[6])) * ((s32) in[6]) +
+               2 * (((limb) ((s32) in[4])) * ((s32) in[8]) +
+               2 * (((limb) ((s32) in[5])) * ((s32) in[7]) +
+                    ((limb) ((s32) in[3])) * ((s32) in[9])));
+  output[13] = 2 * (((limb) ((s32) in[6])) * ((s32) in[7]) +
+                    ((limb) ((s32) in[5])) * ((s32) in[8]) +
+                    ((limb) ((s32) in[4])) * ((s32) in[9]));
+  output[14] = 2 * (((limb) ((s32) in[7])) * ((s32) in[7]) +
+                    ((limb) ((s32) in[6])) * ((s32) in[8]) +
+               2 *  ((limb) ((s32) in[5])) * ((s32) in[9]));
+  output[15] = 2 * (((limb) ((s32) in[7])) * ((s32) in[8]) +
+                    ((limb) ((s32) in[6])) * ((s32) in[9]));
+  output[16] =      ((limb) ((s32) in[8])) * ((s32) in[8]) +
+               4 *  ((limb) ((s32) in[7])) * ((s32) in[9]);
+  output[17] = 2 *  ((limb) ((s32) in[8])) * ((s32) in[9]);
+  output[18] = 2 *  ((limb) ((s32) in[9])) * ((s32) in[9]);
+}
+
+static void
+fsquare(limb *output, const limb *in) {
+  limb t[19];
+  fsquare_inner(t, in);
+  freduce_degree(t);
+  freduce_coefficients(t);
+  memcpy(output, t, sizeof(limb) * 10);
+}
+
+/* Take a little-endian, 32-byte number and expand it into polynomial form */
+static void
+fexpand(limb *output, const u8 *input) {
+#define F(n,start,shift,mask) \
+  output[n] = ((((limb) input[start + 0]) | \
+                ((limb) input[start + 1]) << 8 | \
+                ((limb) input[start + 2]) << 16 | \
+                ((limb) input[start + 3]) << 24) >> shift) & mask;
+  F(0, 0, 0, 0x3ffffff);
+  F(1, 3, 2, 0x1ffffff);
+  F(2, 6, 3, 0x3ffffff);
+  F(3, 9, 5, 0x1ffffff);
+  F(4, 12, 6, 0x3ffffff);
+  F(5, 16, 0, 0x1ffffff);
+  F(6, 19, 1, 0x3ffffff);
+  F(7, 22, 3, 0x1ffffff);
+  F(8, 25, 4, 0x3ffffff);
+  F(9, 28, 6, 0x3ffffff);
+#undef F
+}
+
+#if (-32 >> 1) != -16
+#error "This code only works when >> does sign-extension on negative numbers"
+#endif
+
+/* Take a fully reduced polynomial form number and contract it into a
+ * little-endian, 32-byte array
+ */
+static void
+fcontract(u8 *output, limb *input) {
+  int i;
+  int j;
+
+  for (j = 0; j < 2; ++j) {
+    for (i = 0; i < 9; ++i) {
+      if ((i & 1) == 1) {
+        /* This calculation is a time-invariant way to make input[i] positive
+           by borrowing from the next-larger limb.
+        */
+        const s32 mask = (s32)(input[i]) >> 31;
+        const s32 carry = -(((s32)(input[i]) & mask) >> 25);
+        input[i] = (s32)(input[i]) + (carry << 25);
+        input[i+1] = (s32)(input[i+1]) - carry;
+      } else {
+        const s32 mask = (s32)(input[i]) >> 31;
+        const s32 carry = -(((s32)(input[i]) & mask) >> 26);
+        input[i] = (s32)(input[i]) + (carry << 26);
+        input[i+1] = (s32)(input[i+1]) - carry;
+      }
+    }
+    {
+      const s32 mask = (s32)(input[9]) >> 31;
+      const s32 carry = -(((s32)(input[9]) & mask) >> 25);
+      input[9] = (s32)(input[9]) + (carry << 25);
+      input[0] = (s32)(input[0]) - (carry * 19);
+    }
+  }
+
+  /* The first borrow-propagation pass above ended with every limb
+     except (possibly) input[0] non-negative.
+
+     Since each input limb except input[0] is decreased by at most 1
+     by a borrow-propagation pass, the second borrow-propagation pass
+     could only have wrapped around to decrease input[0] again if the
+     first pass left input[0] negative *and* input[1] through input[9]
+     were all zero.  In that case, input[1] is now 2^25 - 1, and this
+     last borrow-propagation step will leave input[1] non-negative.
+  */
+  {
+    const s32 mask = (s32)(input[0]) >> 31;
+    const s32 carry = -(((s32)(input[0]) & mask) >> 26);
+    input[0] = (s32)(input[0]) + (carry << 26);
+    input[1] = (s32)(input[1]) - carry;
+  }
+
+  /* Both passes through the above loop, plus the last 0-to-1 step, are
+     necessary: if input[9] is -1 and input[0] through input[8] are 0,
+     negative values will remain in the array until the end.
+   */
+
+  input[1] <<= 2;
+  input[2] <<= 3;
+  input[3] <<= 5;
+  input[4] <<= 6;
+  input[6] <<= 1;
+  input[7] <<= 3;
+  input[8] <<= 4;
+  input[9] <<= 6;
+#define F(i, s) \
+  output[s+0] |=  input[i] & 0xff; \
+  output[s+1]  = (input[i] >> 8) & 0xff; \
+  output[s+2]  = (input[i] >> 16) & 0xff; \
+  output[s+3]  = (input[i] >> 24) & 0xff;
+  output[0] = 0;
+  output[16] = 0;
+  F(0,0);
+  F(1,3);
+  F(2,6);
+  F(3,9);
+  F(4,12);
+  F(5,16);
+  F(6,19);
+  F(7,22);
+  F(8,25);
+  F(9,28);
+#undef F
+}
+
+/* Input: Q, Q', Q-Q'
+ * Output: 2Q, Q+Q'
+ *
+ *   x2 z3: long form
+ *   x3 z3: long form
+ *   x z: short form, destroyed
+ *   xprime zprime: short form, destroyed
+ *   qmqp: short form, preserved
+ */
+static void fmonty(limb *x2, limb *z2,  /* output 2Q */
+                   limb *x3, limb *z3,  /* output Q + Q' */
+                   limb *x, limb *z,    /* input Q */
+                   limb *xprime, limb *zprime,  /* input Q' */
+                   const limb *qmqp /* input Q - Q' */) {
+  limb origx[10], origxprime[10], zzz[19], xx[19], zz[19], xxprime[19],
+        zzprime[19], zzzprime[19], xxxprime[19];
+
+  memcpy(origx, x, 10 * sizeof(limb));
+  fsum(x, z);
+  fdifference(z, origx);  // does x - z
+
+  memcpy(origxprime, xprime, sizeof(limb) * 10);
+  fsum(xprime, zprime);
+  fdifference(zprime, origxprime);
+  fproduct(xxprime, xprime, z);
+  fproduct(zzprime, x, zprime);
+  freduce_degree(xxprime);
+  freduce_coefficients(xxprime);
+  freduce_degree(zzprime);
+  freduce_coefficients(zzprime);
+  memcpy(origxprime, xxprime, sizeof(limb) * 10);
+  fsum(xxprime, zzprime);
+  fdifference(zzprime, origxprime);
+  fsquare(xxxprime, xxprime);
+  fsquare(zzzprime, zzprime);
+  fproduct(zzprime, zzzprime, qmqp);
+  freduce_degree(zzprime);
+  freduce_coefficients(zzprime);
+  memcpy(x3, xxxprime, sizeof(limb) * 10);
+  memcpy(z3, zzprime, sizeof(limb) * 10);
+
+  fsquare(xx, x);
+  fsquare(zz, z);
+  fproduct(x2, xx, zz);
+  freduce_degree(x2);
+  freduce_coefficients(x2);
+  fdifference(zz, xx);  // does zz = xx - zz
+  memset(zzz + 10, 0, sizeof(limb) * 9);
+  fscalar_product(zzz, zz, 121665);
+  /* No need to call freduce_degree here:
+     fscalar_product doesn't increase the degree of its input. */
+  freduce_coefficients(zzz);
+  fsum(zzz, xx);
+  fproduct(z2, zz, zzz);
+  freduce_degree(z2);
+  freduce_coefficients(z2);
+}
+
+/* Conditionally swap two reduced-form limb arrays if 'iswap' is 1, but leave
+ * them unchanged if 'iswap' is 0.  Runs in data-invariant time to avoid
+ * side-channel attacks.
+ *
+ * NOTE that this function requires that 'iswap' be 1 or 0; other values give
+ * wrong results.  Also, the two limb arrays must be in reduced-coefficient,
+ * reduced-degree form: the values in a[10..19] or b[10..19] aren't swapped,
+ * and all all values in a[0..9],b[0..9] must have magnitude less than
+ * INT32_MAX.
+ */
+static void
+swap_conditional(limb a[19], limb b[19], limb iswap) {
+  unsigned i;
+  const s32 swap = (s32) -iswap;
+
+  for (i = 0; i < 10; ++i) {
+    const s32 x = swap & ( ((s32)a[i]) ^ ((s32)b[i]) );
+    a[i] = ((s32)a[i]) ^ x;
+    b[i] = ((s32)b[i]) ^ x;
+  }
+}
+
+/* Calculates nQ where Q is the x-coordinate of a point on the curve
+ *
+ *   resultx/resultz: the x coordinate of the resulting curve point (short form)
+ *   n: a little endian, 32-byte number
+ *   q: a point of the curve (short form)
+ */
+static void
+cmult(limb *resultx, limb *resultz, const u8 *n, const limb *q) {
+  limb a[19] = {0}, b[19] = {1}, c[19] = {1}, d[19] = {0};
+  limb *nqpqx = a, *nqpqz = b, *nqx = c, *nqz = d, *t;
+  limb e[19] = {0}, f[19] = {1}, g[19] = {0}, h[19] = {1};
+  limb *nqpqx2 = e, *nqpqz2 = f, *nqx2 = g, *nqz2 = h;
+
+  unsigned i, j;
+
+  memcpy(nqpqx, q, sizeof(limb) * 10);
+
+  for (i = 0; i < 32; ++i) {
+    u8 byte = n[31 - i];
+    for (j = 0; j < 8; ++j) {
+      const limb bit = byte >> 7;
+
+      swap_conditional(nqx, nqpqx, bit);
+      swap_conditional(nqz, nqpqz, bit);
+      fmonty(nqx2, nqz2,
+             nqpqx2, nqpqz2,
+             nqx, nqz,
+             nqpqx, nqpqz,
+             q);
+      swap_conditional(nqx2, nqpqx2, bit);
+      swap_conditional(nqz2, nqpqz2, bit);
+
+      t = nqx;
+      nqx = nqx2;
+      nqx2 = t;
+      t = nqz;
+      nqz = nqz2;
+      nqz2 = t;
+      t = nqpqx;
+      nqpqx = nqpqx2;
+      nqpqx2 = t;
+      t = nqpqz;
+      nqpqz = nqpqz2;
+      nqpqz2 = t;
+
+      byte <<= 1;
+    }
+  }
+
+  memcpy(resultx, nqx, sizeof(limb) * 10);
+  memcpy(resultz, nqz, sizeof(limb) * 10);
+}
+
+// -----------------------------------------------------------------------------
+// Shamelessly copied from djb's code
+// -----------------------------------------------------------------------------
+static void
+crecip(limb *out, const limb *z) {
+  limb z2[10];
+  limb z9[10];
+  limb z11[10];
+  limb z2_5_0[10];
+  limb z2_10_0[10];
+  limb z2_20_0[10];
+  limb z2_50_0[10];
+  limb z2_100_0[10];
+  limb t0[10];
+  limb t1[10];
+  int i;
+
+  /* 2 */ fsquare(z2,z);
+  /* 4 */ fsquare(t1,z2);
+  /* 8 */ fsquare(t0,t1);
+  /* 9 */ fmul(z9,t0,z);
+  /* 11 */ fmul(z11,z9,z2);
+  /* 22 */ fsquare(t0,z11);
+  /* 2^5 - 2^0 = 31 */ fmul(z2_5_0,t0,z9);
+
+  /* 2^6 - 2^1 */ fsquare(t0,z2_5_0);
+  /* 2^7 - 2^2 */ fsquare(t1,t0);
+  /* 2^8 - 2^3 */ fsquare(t0,t1);
+  /* 2^9 - 2^4 */ fsquare(t1,t0);
+  /* 2^10 - 2^5 */ fsquare(t0,t1);
+  /* 2^10 - 2^0 */ fmul(z2_10_0,t0,z2_5_0);
+
+  /* 2^11 - 2^1 */ fsquare(t0,z2_10_0);
+  /* 2^12 - 2^2 */ fsquare(t1,t0);
+  /* 2^20 - 2^10 */ for (i = 2;i < 10;i += 2) { fsquare(t0,t1); fsquare(t1,t0); }
+  /* 2^20 - 2^0 */ fmul(z2_20_0,t1,z2_10_0);
+
+  /* 2^21 - 2^1 */ fsquare(t0,z2_20_0);
+  /* 2^22 - 2^2 */ fsquare(t1,t0);
+  /* 2^40 - 2^20 */ for (i = 2;i < 20;i += 2) { fsquare(t0,t1); fsquare(t1,t0); }
+  /* 2^40 - 2^0 */ fmul(t0,t1,z2_20_0);
+
+  /* 2^41 - 2^1 */ fsquare(t1,t0);
+  /* 2^42 - 2^2 */ fsquare(t0,t1);
+  /* 2^50 - 2^10 */ for (i = 2;i < 10;i += 2) { fsquare(t1,t0); fsquare(t0,t1); }
+  /* 2^50 - 2^0 */ fmul(z2_50_0,t0,z2_10_0);
+
+  /* 2^51 - 2^1 */ fsquare(t0,z2_50_0);
+  /* 2^52 - 2^2 */ fsquare(t1,t0);
+  /* 2^100 - 2^50 */ for (i = 2;i < 50;i += 2) { fsquare(t0,t1); fsquare(t1,t0); }
+  /* 2^100 - 2^0 */ fmul(z2_100_0,t1,z2_50_0);
+
+  /* 2^101 - 2^1 */ fsquare(t1,z2_100_0);
+  /* 2^102 - 2^2 */ fsquare(t0,t1);
+  /* 2^200 - 2^100 */ for (i = 2;i < 100;i += 2) { fsquare(t1,t0); fsquare(t0,t1); }
+  /* 2^200 - 2^0 */ fmul(t1,t0,z2_100_0);
+
+  /* 2^201 - 2^1 */ fsquare(t0,t1);
+  /* 2^202 - 2^2 */ fsquare(t1,t0);
+  /* 2^250 - 2^50 */ for (i = 2;i < 50;i += 2) { fsquare(t0,t1); fsquare(t1,t0); }
+  /* 2^250 - 2^0 */ fmul(t0,t1,z2_50_0);
+
+  /* 2^251 - 2^1 */ fsquare(t1,t0);
+  /* 2^252 - 2^2 */ fsquare(t0,t1);
+  /* 2^253 - 2^3 */ fsquare(t1,t0);
+  /* 2^254 - 2^4 */ fsquare(t0,t1);
+  /* 2^255 - 2^5 */ fsquare(t1,t0);
+  /* 2^255 - 21 */ fmul(out,t1,z11);
+}
+
+int curve25519_donna(u8 *, const u8 *, const u8 *);
+
+int
+curve25519_donna(u8 *mypublic, const u8 *secret, const u8 *basepoint) {
+  limb bp[10], x[10], z[11], zmone[10];
+  uint8_t e[32];
+  int i;
+
+  for (i = 0; i < 32; ++i) e[i] = secret[i];
+
+  fexpand(bp, basepoint);
+  cmult(x, z, e, bp);
+  crecip(zmone, z);
+  fmul(z, x, zmone);
+  freduce_coefficients(z);
+  fcontract(mypublic, z);
+  return 0;
+}

library/jni/curve25519-donna.h

@@ -0,0 +1,6 @@
+#ifndef CURVE25519_DONNA_H
+#define CURVE25519_DONNA_H
+
+extern int curve25519_donna(uint8_t *, const uint8_t *, const uint8_t *);
+
+#endif

library/proguard-project.txt

@@ -0,0 +1,20 @@
+# To enable ProGuard in your project, edit project.properties
+# to define the proguard.config property as described in that file.
+#
+# Add project specific ProGuard rules here.
+# By default, the flags in this file are appended to flags specified
+# in ${sdk.dir}/tools/proguard/proguard-android.txt
+# You can edit the include path and order by changing the ProGuard
+# include property in project.properties.
+#
+# For more details, see
+#   http://developer.android.com/guide/developing/tools/proguard.html
+
+# Add any project specific keep options here:
+
+# If your project uses WebView with JS, uncomment the following
+# and specify the fully qualified class name to the JavaScript interface
+# class:
+#-keepclassmembers class fqcn.of.javascript.interface.for.webview {
+#   public *;
+#}

library/protobuf/IncomingPushMessageSignal.proto

@@ -0,0 +1,52 @@
+package textsecure;
+
+option java_package = "org.whispersystems.textsecure.push";
+option java_outer_classname = "PushMessageProtos";
+
+message IncomingPushMessageSignal {
+  enum Type {
+    UNKNOWN       = 0;
+    CIPHERTEXT    = 1;
+    KEY_EXCHANGE  = 2;
+    PREKEY_BUNDLE = 3;
+    PLAINTEXT     = 4;
+  }
+  optional Type   type         = 1;
+  optional string source       = 2;
+  optional uint32 sourceDevice = 7;
+  optional string relay        = 3;
+  optional uint64 timestamp    = 5;
+  optional bytes  message      = 6; // Contains an encrypted PushMessageContent
+//  repeated string destinations = 4; // No longer supported
+}
+
+message PushMessageContent {
+  message AttachmentPointer {
+    optional fixed64 id          = 1;
+    optional string  contentType = 2;
+    optional bytes   key         = 3;
+  }
+
+  message GroupContext {
+    enum Type {
+      UNKNOWN = 0;
+      UPDATE  = 1;
+      DELIVER = 2;
+      QUIT    = 3;
+    }
+    optional bytes             id      = 1;
+    optional Type              type    = 2;
+    optional string            name    = 3;
+    repeated string            members = 4;
+    optional AttachmentPointer avatar  = 5;
+  }
+
+  enum Flags {
+    END_SESSION = 1;
+  }
+
+  optional string            body        = 1;
+  repeated AttachmentPointer attachments = 2;
+  optional GroupContext      group       = 3;
+  optional uint32            flags       = 4;
+}

library/protobuf/LocalStorageProtocol.proto

@@ -0,0 +1,70 @@
+package textsecure;
+
+option java_package = "org.whispersystems.textsecure.storage";
+option java_outer_classname = "StorageProtos";
+
+message SessionStructure {
+  message Chain {
+    optional bytes senderEphemeral = 1;
+    optional bytes senderEphemeralPrivate = 2;
+
+    message ChainKey {
+      optional uint32 index = 1;
+      optional bytes  key   = 2;
+    }
+
+    optional ChainKey chainKey = 3;
+
+    message MessageKey {
+      optional uint32 index     = 1;
+      optional bytes  cipherKey = 2;
+      optional bytes  macKey    = 3;
+    }
+
+    repeated MessageKey messageKeys = 4;
+  }
+
+  message PendingKeyExchange {
+    optional uint32 sequence                 = 1;
+    optional bytes  localBaseKey             = 2;
+    optional bytes  localBaseKeyPrivate      = 3;
+    optional bytes  localEphemeralKey        = 4;
+    optional bytes  localEphemeralKeyPrivate = 5;
+    optional bytes  localIdentityKey         = 7;
+    optional bytes  localIdentityKeyPrivate  = 8;
+  }
+
+  message PendingPreKey {
+    optional uint32 preKeyId = 1;
+    optional bytes  baseKey  = 2;
+  }
+
+  optional uint32 sessionVersion      = 1;
+  optional bytes localIdentityPublic  = 2;
+  optional bytes remoteIdentityPublic = 3;
+
+  optional bytes rootKey              = 4;
+  optional uint32 previousCounter     = 5;
+
+  optional Chain senderChain          = 6;
+  repeated Chain receiverChains       = 7;
+
+  optional PendingKeyExchange pendingKeyExchange = 8;
+  optional PendingPreKey      pendingPreKey      = 9;
+
+  optional uint32 remoteRegistrationId = 10;
+  optional uint32 localRegistrationId  = 11;
+
+  optional bool needsRefresh = 12;
+}
+
+message RecordStructure {
+  optional SessionStructure currentSession   = 1;
+  repeated SessionStructure previousSessions = 2;
+}
+
+message PreKeyRecordStructure {
+  optional uint32 id        = 1;
+  optional bytes  publicKey = 2;
+  optional bytes  privateKey = 3;
+}

library/protobuf/Makefile

@@ -0,0 +1,3 @@
+
+all:
+	protoc --java_out=../src/ IncomingPushMessageSignal.proto WhisperTextProtocol.proto LocalStorageProtocol.proto

library/protobuf/WhisperTextProtocol.proto

@@ -0,0 +1,26 @@
+package textsecure;
+
+option java_package = "org.whispersystems.textsecure.crypto.protocol";
+option java_outer_classname = "WhisperProtos";
+
+message WhisperMessage {
+  optional bytes  ephemeralKey    = 1;
+  optional uint32 counter         = 2;
+  optional uint32 previousCounter = 3;
+  optional bytes  ciphertext      = 4;
+}
+
+message PreKeyWhisperMessage {
+  optional uint32 registrationId = 5;
+  optional uint32 preKeyId    = 1;
+  optional bytes  baseKey     = 2;
+  optional bytes  identityKey = 3;
+  optional bytes  message     = 4; // WhisperMessage
+}
+
+message KeyExchangeMessage {
+  optional uint32 id           = 1;
+  optional bytes  baseKey      = 2;
+  optional bytes  ephemeralKey = 3;
+  optional bytes  identityKey  = 4;
+}

library/res/values/strings.xml

@@ -0,0 +1,3 @@
+<?xml version="1.0" encoding="utf-8"?>
+<resources>
+</resources>

library/src/org/whispersystems/textsecure/crypto/AttachmentCipher.java

@@ -0,0 +1,159 @@
+/**
+ * Copyright (C) 2013 Open Whisper Systems
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package org.whispersystems.textsecure.crypto;
+
+import android.util.Log;
+
+import org.whispersystems.textsecure.util.Hex;
+import org.whispersystems.textsecure.util.Util;
+
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.Mac;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.text.ParseException;
+import java.util.Arrays;
+
+/**
+ * Encrypts push attachments.
+ *
+ * @author Moxie Marlinspike
+ */
+public class AttachmentCipher {
+
+  static final int CIPHER_KEY_SIZE = 32;
+  static final int MAC_KEY_SIZE    = 32;
+
+  private final SecretKeySpec cipherKey;
+  private final SecretKeySpec macKey;
+  private final Cipher        cipher;
+  private final Mac           mac;
+
+  public AttachmentCipher() {
+    this.cipherKey = initializeRandomCipherKey();
+    this.macKey    = initializeRandomMacKey();
+    this.cipher    = initializeCipher();
+    this.mac       = initializeMac();
+  }
+
+  public AttachmentCipher(byte[] combinedKeyMaterial) {
+    byte[][] parts = Util.split(combinedKeyMaterial, CIPHER_KEY_SIZE, MAC_KEY_SIZE);
+    this.cipherKey = new SecretKeySpec(parts[0], "AES");
+    this.macKey    = new SecretKeySpec(parts[1], "HmacSHA256");
+    this.cipher    = initializeCipher();
+    this.mac       = initializeMac();
+  }
+
+  public byte[] getCombinedKeyMaterial() {
+    return Util.combine(this.cipherKey.getEncoded(), this.macKey.getEncoded());
+  }
+
+  public byte[] encrypt(byte[] plaintext) {
+    try {
+      this.cipher.init(Cipher.ENCRYPT_MODE, this.cipherKey);
+      this.mac.init(this.macKey);
+
+      byte[] ciphertext = this.cipher.doFinal(plaintext);
+      byte[] iv         = this.cipher.getIV();
+      byte[] mac        = this.mac.doFinal(Util.combine(iv, ciphertext));
+
+      return Util.combine(iv, ciphertext, mac);
+    } catch (IllegalBlockSizeException e) {
+      throw new AssertionError(e);
+    } catch (BadPaddingException e) {
+      throw new AssertionError(e);
+    } catch (InvalidKeyException e) {
+      throw new AssertionError(e);
+    }
+  }
+
+  public byte[] decrypt(byte[] ciphertext)
+      throws InvalidMacException, InvalidMessageException
+  {
+    try {
+      if (ciphertext.length <= cipher.getBlockSize() + mac.getMacLength()) {
+        throw new InvalidMessageException("Message too short!");
+      }
+
+      byte[][] ciphertextParts = Util.split(ciphertext,
+                                            this.cipher.getBlockSize(),
+                                            ciphertext.length - this.cipher.getBlockSize() - this.mac.getMacLength(),
+                                            this.mac.getMacLength());
+
+      this.mac.update(ciphertext, 0, ciphertext.length - mac.getMacLength());
+      byte[] ourMac = this.mac.doFinal();
+
+      if (!Arrays.equals(ourMac, ciphertextParts[2])) {
+        throw new InvalidMacException("Mac doesn't match!");
+      }
+
+      this.cipher.init(Cipher.DECRYPT_MODE, this.cipherKey,
+                       new IvParameterSpec(ciphertextParts[0]));
+
+      return cipher.doFinal(ciphertextParts[1]);
+    } catch (InvalidKeyException e) {
+      throw new AssertionError(e);
+    } catch (InvalidAlgorithmParameterException e) {
+      throw new AssertionError(e);
+    } catch (IllegalBlockSizeException e) {
+      throw new AssertionError(e);
+    } catch (BadPaddingException e) {
+      throw new InvalidMessageException(e);
+    } catch (ParseException e) {
+      throw new InvalidMessageException(e);
+    }
+  }
+
+  private Mac initializeMac() {
+    try {
+      Mac mac = Mac.getInstance("HmacSHA256");
+      return mac;
+    } catch (NoSuchAlgorithmException e) {
+      throw new AssertionError(e);
+    }
+  }
+
+  private Cipher initializeCipher() {
+    try {
+      Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
+      return cipher;
+    } catch (NoSuchAlgorithmException e) {
+      throw new AssertionError(e);
+    } catch (NoSuchPaddingException e) {
+      throw new AssertionError(e);
+    }
+  }
+
+  private SecretKeySpec initializeRandomCipherKey() {
+    byte[] key = new byte[CIPHER_KEY_SIZE];
+    Util.getSecureRandom().nextBytes(key);
+    return new SecretKeySpec(key, "AES");
+  }
+
+  private SecretKeySpec initializeRandomMacKey() {
+    byte[] key = new byte[MAC_KEY_SIZE];
+    Util.getSecureRandom().nextBytes(key);
+    return new SecretKeySpec(key, "HmacSHA256");
+  }
+
+}

library/src/org/whispersystems/textsecure/crypto/AttachmentCipherInputStream.java

@@ -0,0 +1,215 @@
+/**
+ * Copyright (C) 2013 Open Whisper Systems
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package org.whispersystems.textsecure.crypto;
+
+import android.util.Log;
+
+import org.whispersystems.textsecure.util.Util;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.util.Arrays;
+
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.Mac;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.ShortBufferException;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
+
+/**
+ * Class for streaming an encrypted push attachment off disk.
+ *
+ * @author Moxie Marlinspike
+ */
+
+public class AttachmentCipherInputStream extends FileInputStream {
+
+  private static final int BLOCK_SIZE = 16;
+
+  private Cipher  cipher;
+  private boolean done;
+  private long    totalDataSize;
+  private long    totalRead;
+  private byte[] overflowBuffer;
+
+  public AttachmentCipherInputStream(File file, byte[] combinedKeyMaterial)
+      throws IOException, InvalidMessageException
+  {
+    super(file);
+
+    try {
+      byte[][] parts = Util.split(combinedKeyMaterial,
+                                  AttachmentCipher.CIPHER_KEY_SIZE,
+                                  AttachmentCipher.MAC_KEY_SIZE);
+
+      Mac mac = Mac.getInstance("HmacSHA256");
+      mac.init(new SecretKeySpec(parts[1], "HmacSHA256"));
+
+      if (file.length() <= BLOCK_SIZE + mac.getMacLength()) {
+        throw new InvalidMessageException("Message shorter than crypto overhead!");
+      }
+
+      verifyMac(file, mac);
+
+      byte[] iv = new byte[BLOCK_SIZE];
+      readFully(iv);
+
+      this.cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
+      this.cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(parts[0], "AES"), new IvParameterSpec(iv));
+
+      this.done          = false;
+      this.totalRead     = 0;
+      this.totalDataSize = file.length() - cipher.getBlockSize() - mac.getMacLength();
+    } catch (NoSuchAlgorithmException e) {
+      throw new AssertionError(e);
+    } catch (InvalidKeyException e) {
+      throw new AssertionError(e);
+    } catch (InvalidMacException e) {
+      throw new InvalidMessageException(e);
+    } catch (NoSuchPaddingException e) {
+      throw new AssertionError(e);
+    } catch (InvalidAlgorithmParameterException e) {
+      throw new AssertionError(e);
+    }
+  }
+
+  @Override
+  public int read(byte[] buffer) throws IOException {
+    return read(buffer, 0, buffer.length);
+  }
+
+  @Override
+  public int read(byte[] buffer, int offset, int length) throws IOException {
+    if      (totalRead != totalDataSize) return readIncremental(buffer, offset, length);
+    else if (!done)                      return readFinal(buffer, offset, length);
+    else                                 return -1;
+  }
+
+  private int readFinal(byte[] buffer, int offset, int length) throws IOException {
+    try {
+      int flourish = cipher.doFinal(buffer, offset);
+
+      done = true;
+      return flourish;
+    } catch (IllegalBlockSizeException e) {
+      Log.w("EncryptingPartInputStream", e);
+      throw new IOException("Illegal block size exception!");
+    } catch (ShortBufferException e) {
+      Log.w("EncryptingPartInputStream", e);
+      throw new IOException("Short buffer exception!");
+    } catch (BadPaddingException e) {
+      Log.w("EncryptingPartInputStream", e);
+      throw new IOException("Bad padding exception!");
+    }
+  }
+
+  private int readIncremental(byte[] buffer, int offset, int length) throws IOException {
+    int readLength = 0;
+    if (null != overflowBuffer) {
+      if (overflowBuffer.length > length) {
+        System.arraycopy(overflowBuffer, 0, buffer, offset, length);
+        overflowBuffer = Arrays.copyOfRange(overflowBuffer, length, overflowBuffer.length);
+        return length;
+      } else if (overflowBuffer.length == length) {
+        System.arraycopy(overflowBuffer, 0, buffer, offset, length);
+        overflowBuffer = null;
+        return length;
+      } else {
+        System.arraycopy(overflowBuffer, 0, buffer, offset, overflowBuffer.length);
+        readLength += overflowBuffer.length;
+        offset += readLength;
+        length -= readLength;
+        overflowBuffer = null;
+      }
+    }
+
+    if (length + totalRead > totalDataSize)
+      length = (int)(totalDataSize - totalRead);
+
+    byte[] internalBuffer = new byte[length];
+    int read              = super.read(internalBuffer, 0, internalBuffer.length <= cipher.getBlockSize() ? internalBuffer.length : internalBuffer.length - cipher.getBlockSize());
+    totalRead            += read;
+
+    try {
+      int outputLen = cipher.getOutputSize(read);
+
+      if (outputLen <= length) {
+        readLength += cipher.update(internalBuffer, 0, read, buffer, offset);
+        return readLength;
+      }
+
+      byte[] transientBuffer = new byte[outputLen];
+      outputLen = cipher.update(internalBuffer, 0, read, transientBuffer, 0);
+      if (outputLen <= length) {
+        System.arraycopy(transientBuffer, 0, buffer, offset, outputLen);
+        readLength += outputLen;
+      } else {
+        System.arraycopy(transientBuffer, 0, buffer, offset, length);
+        overflowBuffer = Arrays.copyOfRange(transientBuffer, length, outputLen);
+        readLength += length;
+      }
+      return readLength;
+    } catch (ShortBufferException e) {
+      throw new AssertionError(e);
+    }
+  }
+
+  private void verifyMac(File file, Mac mac) throws FileNotFoundException, InvalidMacException {
+    try {
+      FileInputStream fin           = new FileInputStream(file);
+      int             remainingData = (int) file.length() - mac.getMacLength();
+      byte[]          buffer        = new byte[4096];
+
+      while (remainingData > 0) {
+        int read = fin.read(buffer, 0, Math.min(buffer.length, remainingData));
+        mac.update(buffer, 0, read);
+        remainingData -= read;
+      }
+
+      byte[] ourMac   = mac.doFinal();
+      byte[] theirMac = new byte[mac.getMacLength()];
+      Util.readFully(fin, theirMac);
+
+      if (!Arrays.equals(ourMac, theirMac)) {
+        throw new InvalidMacException("MAC doesn't match!");
+      }
+    } catch (IOException e1) {
+      throw new InvalidMacException(e1);
+    }
+  }
+
+  private void readFully(byte[] buffer) throws IOException {
+    int offset = 0;
+
+    for (;;) {
+      int read = super.read(buffer, offset, buffer.length - offset);
+
+      if (read + offset < buffer.length) offset += read;
+      else                		           return;
+    }
+  }
+
+
+}

library/src/org/whispersystems/textsecure/crypto/DuplicateMessageException.java

@@ -0,0 +1,7 @@
+package org.whispersystems.textsecure.crypto;
+
+public class DuplicateMessageException extends Exception {
+  public DuplicateMessageException(String s) {
+    super(s);
+  }
+}

library/src/org/whispersystems/textsecure/crypto/IdentityKey.java

@@ -1,5 +1,6 @@
 /** 
  * Copyright (C) 2011 Whisper Systems
+ * Copyright (C) 2013 Open Whisper Systems
  * 
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -14,15 +15,15 @@
  * You should have received a copy of the GNU General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
-package org.thoughtcrime.securesms.crypto;
-
-import org.bouncycastle.crypto.params.ECPublicKeyParameters;
-import org.bouncycastle.math.ec.ECPoint;
-import org.thoughtcrime.securesms.util.Hex;
+package org.whispersystems.textsecure.crypto;
 
 import android.os.Parcel;
 import android.os.Parcelable;
 
+import org.whispersystems.textsecure.crypto.ecc.Curve;
+import org.whispersystems.textsecure.crypto.ecc.ECPublicKey;
+import org.whispersystems.textsecure.util.Hex;
+
 /**
  * A class for representing an identity key.
  * 
@@ -45,15 +46,14 @@ public class IdentityKey implements Parcelable, SerializableKey {
     }
   };
 	
-  public  static final int SIZE    = 1 + 33;
-  private static final int VERSION = 1;
-	
-  private ECPublicKeyParameters publicKey;
-	
-  public IdentityKey(ECPublicKeyParameters publicKey) {
+  public  static final int NIST_SIZE = 1 + ECPublicKey.KEY_SIZE;
+
+  private ECPublicKey publicKey;
+
+  public IdentityKey(ECPublicKey publicKey) {
     this.publicKey = publicKey;
   }
-	
+
   public IdentityKey(Parcel in) throws InvalidKeyException {
     int length        = in.readInt();
     byte[] serialized = new byte[length];
@@ -65,54 +65,38 @@ public class IdentityKey implements Parcelable, SerializableKey {
   public IdentityKey(byte[] bytes, int offset) throws InvalidKeyException {
     initializeFromSerialized(bytes, offset);
   }
-	
-  public ECPublicKeyParameters getPublicKeyParameters() {
-    return this.publicKey;
+
+  public ECPublicKey getPublicKey() {
+    return publicKey;
   }
-	
+
   private void initializeFromSerialized(byte[] bytes, int offset) throws InvalidKeyException {
-    int version       = bytes[offset] & 0xff;
-		
-    if (version > VERSION)
-      throw new InvalidKeyException("Unsupported key version: " + version);
-		
-    byte[] pointBytes = new byte[PublicKey.POINT_SIZE];
-    System.arraycopy(bytes, offset+1, pointBytes, 0, pointBytes.length);
-		
-    ECPoint Q;
-		
-    try {
-      Q = KeyUtil.decodePoint(pointBytes);
-    } catch (RuntimeException re) {
-      throw new InvalidKeyException(re);
+    if ((bytes[offset] & 0xff) == 1) {
+      this.publicKey = Curve.decodePoint(bytes, offset +1);
+    } else {
+      this.publicKey = Curve.decodePoint(bytes, offset);
     }
-		
-    this.publicKey = new ECPublicKeyParameters(Q, KeyUtil.domainParameters);		
   }
 	
   public byte[] serialize() {
-    byte[] encodedKey = KeyUtil.encodePoint(publicKey.getQ());
-    byte[] combined   = new byte[1 + encodedKey.length];
-		
-    combined[0]       = (byte)VERSION;
-    System.arraycopy(encodedKey, 0, combined, 1, encodedKey.length);
-		
-    return combined;
+    return publicKey.serialize();
   }
-	
+
   public String getFingerprint() {
-    return Hex.toString(serialize());
+    return Hex.toString(publicKey.serialize());
   }
 	
   @Override
   public boolean equals(Object other) {
+    if (other == null)                   return false;
     if (!(other instanceof IdentityKey)) return false;
-    return publicKey.getQ().equals(((IdentityKey)other).publicKey.getQ());
+
+    return publicKey.equals(((IdentityKey) other).getPublicKey());
   }
 	
   @Override
   public int hashCode() {
-    return publicKey.getQ().hashCode();
+    return publicKey.hashCode();
   }
 
   public int describeContents() {

library/src/org/whispersystems/textsecure/crypto/IdentityKeyPair.java

@@ -1,6 +1,6 @@
-/** 
- * Copyright (C) 2011 Whisper Systems
- * 
+/**
+ * Copyright (C) 2013 Open Whisper Systems
+ *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
  * the Free Software Foundation, either version 3 of the License, or
@@ -10,31 +10,34 @@
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
- * 
+ *
  * You should have received a copy of the GNU General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
-package org.thoughtcrime.securesms.crypto;
+package org.whispersystems.textsecure.crypto;
 
-public class InvalidMessageException extends Exception {
+import org.whispersystems.textsecure.crypto.ecc.ECPrivateKey;
 
-  public InvalidMessageException() {
-    // TODO Auto-generated constructor stub
+/**
+ * Holder for public and private identity key pair.
+ *
+ * @author Moxie Marlinspike
+ */
+public class IdentityKeyPair {
+
+  private final IdentityKey publicKey;
+  private final ECPrivateKey privateKey;
+
+  public IdentityKeyPair(IdentityKey publicKey, ECPrivateKey privateKey) {
+    this.publicKey  = publicKey;
+    this.privateKey = privateKey;
   }
 
-  public InvalidMessageException(String detailMessage) {
-    super(detailMessage);
-    // TODO Auto-generated constructor stub
+  public IdentityKey getPublicKey() {
+    return publicKey;
   }
 
-  public InvalidMessageException(Throwable throwable) {
-    super(throwable);
-    // TODO Auto-generated constructor stub
+  public ECPrivateKey getPrivateKey() {
+    return privateKey;
   }
-
-  public InvalidMessageException(String detailMessage, Throwable throwable) {
-    super(detailMessage, throwable);
-    // TODO Auto-generated constructor stub
-  }
-
 }

library/src/org/whispersystems/textsecure/crypto/InvalidKeyException.java

@@ -14,7 +14,7 @@
  * You should have received a copy of the GNU General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
-package org.thoughtcrime.securesms.crypto;
+package org.whispersystems.textsecure.crypto;
 
 public class InvalidKeyException extends Exception {
 

library/src/org/whispersystems/textsecure/crypto/InvalidMacException.java

@@ -14,7 +14,7 @@
  * You should have received a copy of the GNU General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
-package org.thoughtcrime.securesms.crypto;
+package org.whispersystems.textsecure.crypto;
 
 public class InvalidMacException extends Exception {
 

library/src/org/whispersystems/textsecure/crypto/InvalidMessageException.java

@@ -14,7 +14,7 @@
  * You should have received a copy of the GNU General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
-package org.thoughtcrime.securesms.util;
+package org.whispersystems.textsecure.crypto;
 
 public class InvalidMessageException extends Exception {
 

library/src/org/whispersystems/textsecure/crypto/InvalidVersionException.java

@@ -14,7 +14,7 @@
  * You should have received a copy of the GNU General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
-package org.thoughtcrime.securesms.crypto;
+package org.whispersystems.textsecure.crypto;
 
 public class InvalidVersionException extends Exception {
 

library/src/org/whispersystems/textsecure/crypto/LegacyMessageException.java

@@ -0,0 +1,7 @@
+package org.whispersystems.textsecure.crypto;
+
+public class LegacyMessageException extends Exception {
+  public LegacyMessageException(String s) {
+    super(s);
+  }
+}

library/src/org/whispersystems/textsecure/crypto/MasterCipher.java

@@ -1,5 +1,6 @@
 /** 
  * Copyright (C) 2011 Whisper Systems
+ * Copyright (C) 2013 Open Whisper Systems
  * 
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -14,10 +15,16 @@
  * You should have received a copy of the GNU General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
-package org.thoughtcrime.securesms.crypto;
+package org.whispersystems.textsecure.crypto;
+
+import android.util.Log;
+
+import org.whispersystems.textsecure.crypto.ecc.Curve;
+import org.whispersystems.textsecure.crypto.ecc.ECPrivateKey;
+import org.whispersystems.textsecure.util.Base64;
+import org.whispersystems.textsecure.util.Hex;
 
 import java.io.IOException;
-import java.math.BigInteger;
 import java.security.GeneralSecurityException;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.InvalidKeyException;
@@ -32,13 +39,6 @@ import javax.crypto.NoSuchPaddingException;
 import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.SecretKeySpec;
 
-import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
-import org.thoughtcrime.securesms.util.Base64;
-import org.thoughtcrime.securesms.util.Hex;
-import org.thoughtcrime.securesms.util.InvalidMessageException;
-
-import android.util.Log;
-
 /**
  * Class that handles encryption for local storage.
  * 
@@ -70,13 +70,11 @@ public class MasterCipher {
       throw new AssertionError(e);
     }
   }
-	
-  public byte[] encryptKey(ECPrivateKeyParameters params) {
-    BigInteger d  = params.getD();
-    byte[] dBytes = d.toByteArray();
-    return encryptBytes(dBytes);
+
+  public byte[] encryptKey(ECPrivateKey privateKey) {
+    return encryptBytes(privateKey.serialize());
   }
-	
+
   public String encryptBody(String body)  {
     return encryptAndEncodeBytes(body.getBytes());
   }
@@ -85,13 +83,13 @@ public class MasterCipher {
     return new String(decodeAndDecryptBytes(body));
   }
 	
-  public ECPrivateKeyParameters decryptKey(byte[] key) {
+  public ECPrivateKey decryptKey(byte[] key)
+      throws org.whispersystems.textsecure.crypto.InvalidKeyException
+  {
     try {
-      BigInteger d = new BigInteger(decryptBytes(key));
-      return new ECPrivateKeyParameters(d, KeyUtil.domainParameters);
+      return Curve.decodePrivatePoint(decryptBytes(key));
     } catch (InvalidMessageException ime) {
-      Log.w("bodycipher", ime);
-      return null; // XXX
+      throw new org.whispersystems.textsecure.crypto.InvalidKeyException(ime);
     }
   }
 	

library/src/org/whispersystems/textsecure/crypto/MasterSecret.java

@@ -1,6 +1,6 @@
-/** 
+/**
  * Copyright (C) 2011 Whisper Systems
- * 
+ *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
  * the Free Software Foundation, either version 3 of the License, or
@@ -10,89 +10,110 @@
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
- * 
+ *
  * You should have received a copy of the GNU General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
-package org.thoughtcrime.securesms.crypto;
-
-import javax.crypto.spec.SecretKeySpec;
-
-import org.bouncycastle.util.Arrays;
+package org.whispersystems.textsecure.crypto;
 
 import android.os.Parcel;
 import android.os.Parcelable;
-import android.util.Log;
+
+import javax.crypto.spec.SecretKeySpec;
+import java.util.Arrays;
 
 /**
  * When a user first initializes TextSecure, a few secrets
  * are generated.  These are:
- * 
+ *
  * 1) A 128bit symmetric encryption key.
  * 2) A 160bit symmetric MAC key.
  * 3) An ECC keypair.
- * 
+ *
  * The first two, along with the ECC keypair's private key, are
  * then encrypted on disk using PBE.
- * 
+ *
  * This class represents 1 and 2.
- * 
+ *
  * @author Moxie Marlinspike
  */
 
 public class MasterSecret implements Parcelable {
-	
+
   private final SecretKeySpec encryptionKey;
   private final SecretKeySpec macKey;
 
   public static final Parcelable.Creator<MasterSecret> CREATOR = new Parcelable.Creator<MasterSecret>() {
+    @Override
     public MasterSecret createFromParcel(Parcel in) {
       return new MasterSecret(in);
     }
 
+    @Override
     public MasterSecret[] newArray(int size) {
       return new MasterSecret[size];
     }
   };
-	
+
   public MasterSecret(SecretKeySpec encryptionKey, SecretKeySpec macKey) {
     this.encryptionKey = encryptionKey;
     this.macKey        = macKey;
   }
-	
+
   private MasterSecret(Parcel in) {
     byte[] encryptionKeyBytes = new byte[in.readInt()];
     in.readByteArray(encryptionKeyBytes);
 
     byte[] macKeyBytes = new byte[in.readInt()];
     in.readByteArray(macKeyBytes);
-		
+
     this.encryptionKey = new SecretKeySpec(encryptionKeyBytes, "AES");
     this.macKey        = new SecretKeySpec(macKeyBytes, "HmacSHA1");
-    
+
     // SecretKeySpec does an internal copy in its constructor.
-    Arrays.fill(encryptionKeyBytes, (byte)0x00);
+    Arrays.fill(encryptionKeyBytes, (byte) 0x00);
     Arrays.fill(macKeyBytes, (byte)0x00);
   }
 
-	
+
   public SecretKeySpec getEncryptionKey() {
     return this.encryptionKey;
   }
-	
+
   public SecretKeySpec getMacKey() {
     return this.macKey;
   }
-	
+
+  @Override
   public void writeToParcel(Parcel out, int flags) {
     out.writeInt(encryptionKey.getEncoded().length);
     out.writeByteArray(encryptionKey.getEncoded());
     out.writeInt(macKey.getEncoded().length);
     out.writeByteArray(macKey.getEncoded());
   }
-    
+
+  @Override
   public int describeContents() {
     return 0;
   }
-  	
+
+  public MasterSecret parcelClone() {
+    Parcel thisParcel = Parcel.obtain();
+    Parcel thatParcel = Parcel.obtain();
+    byte[] bytes      = null;
+
+    thisParcel.writeValue(this);
+    bytes = thisParcel.marshall();
+
+    thatParcel.unmarshall(bytes, 0, bytes.length);
+    thatParcel.setDataPosition(0);
+
+    MasterSecret that = (MasterSecret)thatParcel.readValue(MasterSecret.class.getClassLoader());
+
+    thisParcel.recycle();
+    thatParcel.recycle();
+
+    return that;
+  }
+
 }

library/src/org/whispersystems/textsecure/crypto/PreKeyUtil.java

@@ -0,0 +1,182 @@
+/**
+ * Copyright (C) 2013 Open Whisper Systems
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package org.whispersystems.textsecure.crypto;
+
+import android.content.Context;
+import android.util.Log;
+
+import com.google.thoughtcrimegson.Gson;
+
+import org.whispersystems.textsecure.crypto.ecc.Curve25519;
+import org.whispersystems.textsecure.crypto.ecc.ECKeyPair;
+import org.whispersystems.textsecure.storage.InvalidKeyIdException;
+import org.whispersystems.textsecure.storage.PreKeyRecord;
+import org.whispersystems.textsecure.util.Medium;
+import org.whispersystems.textsecure.util.Util;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.util.Comparator;
+import java.util.LinkedList;
+import java.util.List;
+
+public class PreKeyUtil {
+
+  public static final int BATCH_SIZE = 100;
+
+  public static List<PreKeyRecord> generatePreKeys(Context context, MasterSecret masterSecret) {
+    List<PreKeyRecord> records        = new LinkedList<PreKeyRecord>();
+    int                preKeyIdOffset = getNextPreKeyId(context);
+
+    for (int i=0;i<BATCH_SIZE;i++) {
+      int          preKeyId = (preKeyIdOffset + i) % Medium.MAX_VALUE;
+      ECKeyPair    keyPair  = Curve25519.generateKeyPair(true);
+      PreKeyRecord record   = new PreKeyRecord(context, masterSecret, preKeyId, keyPair);
+
+      record.save();
+      records.add(record);
+    }
+
+    setNextPreKeyId(context, (preKeyIdOffset + BATCH_SIZE + 1) % Medium.MAX_VALUE);
+    return records;
+  }
+
+  public static PreKeyRecord generateLastResortKey(Context context, MasterSecret masterSecret) {
+    if (PreKeyRecord.hasRecord(context, Medium.MAX_VALUE)) {
+      try {
+        return new PreKeyRecord(context, masterSecret, Medium.MAX_VALUE);
+      } catch (InvalidKeyIdException e) {
+        Log.w("PreKeyUtil", e);
+        PreKeyRecord.delete(context, Medium.MAX_VALUE);
+      }
+    }
+
+    ECKeyPair    keyPair = Curve25519.generateKeyPair(true);
+    PreKeyRecord record  = new PreKeyRecord(context, masterSecret, Medium.MAX_VALUE, keyPair);
+
+    record.save();
+
+    return record;
+  }
+
+//  public static List<PreKeyRecord> getPreKeys(Context context, MasterSecret masterSecret) {
+//    List<PreKeyRecord> records      = new LinkedList<PreKeyRecord>();
+//    File               directory    = getPreKeysDirectory(context);
+//    String[]           keyRecordIds = directory.list();
+//
+//    Arrays.sort(keyRecordIds, new PreKeyRecordIdComparator());
+//
+//    for (String keyRecordId : keyRecordIds) {
+//      try {
+//        if (!keyRecordId.equals(PreKeyIndex.FILE_NAME) && Integer.parseInt(keyRecordId) != Medium.MAX_VALUE) {
+//          records.add(new PreKeyRecord(context, masterSecret, Integer.parseInt(keyRecordId)));
+//        }
+//      } catch (InvalidKeyIdException e) {
+//        Log.w("PreKeyUtil", e);
+//        new File(getPreKeysDirectory(context), keyRecordId).delete();
+//      } catch (NumberFormatException nfe) {
+//        Log.w("PreKeyUtil", nfe);
+//        new File(getPreKeysDirectory(context), keyRecordId).delete();
+//      }
+//    }
+//
+//    return records;
+//  }
+//
+//  public static void clearPreKeys(Context context) {
+//    File     directory  = getPreKeysDirectory(context);
+//    String[] keyRecords = directory.list();
+//
+//    for (String keyRecord : keyRecords) {
+//      new File(directory, keyRecord).delete();
+//    }
+//  }
+
+  private static void setNextPreKeyId(Context context, int id) {
+    try {
+      File             nextFile = new File(getPreKeysDirectory(context), PreKeyIndex.FILE_NAME);
+      FileOutputStream fout     = new FileOutputStream(nextFile);
+      fout.write(new Gson().toJson(new PreKeyIndex(id)).getBytes());
+      fout.close();
+    } catch (IOException e) {
+      Log.w("PreKeyUtil", e);
+    }
+  }
+
+  private static int getNextPreKeyId(Context context) {
+    try {
+      File nextFile = new File(getPreKeysDirectory(context), PreKeyIndex.FILE_NAME);
+
+      if (!nextFile.exists()) {
+        return Util.getSecureRandom().nextInt(Medium.MAX_VALUE);
+      } else {
+        InputStreamReader reader = new InputStreamReader(new FileInputStream(nextFile));
+        PreKeyIndex       index  = new Gson().fromJson(reader, PreKeyIndex.class);
+        reader.close();
+        return index.nextPreKeyId;
+      }
+    } catch (IOException e) {
+      Log.w("PreKeyUtil", e);
+      return Util.getSecureRandom().nextInt(Medium.MAX_VALUE);
+    }
+  }
+
+  private static File getPreKeysDirectory(Context context) {
+    File directory = new File(context.getFilesDir(), PreKeyRecord.PREKEY_DIRECTORY);
+
+    if (!directory.exists())
+      directory.mkdirs();
+
+    return directory;
+  }
+
+  private static class PreKeyRecordIdComparator implements Comparator<String> {
+    @Override
+    public int compare(String lhs, String rhs) {
+      if      (lhs.equals(PreKeyIndex.FILE_NAME)) return -1;
+      else if (rhs.equals(PreKeyIndex.FILE_NAME)) return 1;
+
+      try {
+        long lhsLong = Long.parseLong(lhs);
+        long rhsLong = Long.parseLong(rhs);
+
+        if      (lhsLong < rhsLong) return -1;
+        else if (lhsLong > rhsLong) return 1;
+        else                        return 0;
+      } catch (NumberFormatException e) {
+        return 0;
+      }
+    }
+  }
+
+  private static class PreKeyIndex {
+    public static final String FILE_NAME = "index.dat";
+
+    private int nextPreKeyId;
+
+    public PreKeyIndex() {}
+
+    public PreKeyIndex(int nextPreKeyId) {
+      this.nextPreKeyId = nextPreKeyId;
+    }
+  }
+
+}

library/src/org/whispersystems/textsecure/crypto/PublicKey.java

@@ -1,5 +1,6 @@
 /** 
  * Copyright (C) 2011 Whisper Systems
+ * Copyright (C) 2013 Open Whisper Systems
  * 
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -14,23 +15,24 @@
  * You should have received a copy of the GNU General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
-package org.thoughtcrime.securesms.crypto;
+package org.whispersystems.textsecure.crypto;
+
+import android.util.Log;
+
+import org.whispersystems.textsecure.crypto.ecc.Curve;
+import org.whispersystems.textsecure.crypto.ecc.ECPublicKey;
+import org.whispersystems.textsecure.util.Conversions;
+import org.whispersystems.textsecure.util.Hex;
+import org.whispersystems.textsecure.util.Util;
 
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 
-import org.bouncycastle.crypto.params.ECPublicKeyParameters;
-import org.bouncycastle.math.ec.ECPoint;
-import org.thoughtcrime.securesms.util.Conversions;
-import org.thoughtcrime.securesms.util.Hex;
-
-import android.util.Log;
-
 public class PublicKey {
-  public  static final int POINT_SIZE = 33;
-  public  static final int KEY_SIZE   = 3 + POINT_SIZE;
-	
-  private ECPublicKeyParameters publicKey;
+
+  public static final int KEY_SIZE = 3 + ECPublicKey.KEY_SIZE;
+
+  private final ECPublicKey publicKey;
   private int id;
 	
   public PublicKey(PublicKey publicKey) {
@@ -40,35 +42,28 @@ public class PublicKey {
     this.publicKey = publicKey.publicKey;
   }
 	
-  public PublicKey(int id, ECPublicKeyParameters publicKey) {
+  public PublicKey(int id, ECPublicKey publicKey) {
     this.publicKey = publicKey;
     this.id        = id;
   }
 
   public PublicKey(byte[] bytes, int offset) throws InvalidKeyException {
     Log.w("PublicKey", "PublicKey Length: " + (bytes.length - offset));
+
     if ((bytes.length - offset) < KEY_SIZE)
       throw new InvalidKeyException("Provided bytes are too short.");
-			
-    this.id           = Conversions.byteArrayToMedium(bytes, offset);
-    byte[] pointBytes = new byte[POINT_SIZE];
-		
-    System.arraycopy(bytes, offset+3, pointBytes, 0, pointBytes.length);
-		
-    ECPoint Q;
-		
-    try {
-      Q = KeyUtil.decodePoint(pointBytes);
-    } catch (RuntimeException re) {
-      throw new InvalidKeyException(re);
-    }
-		
-    this.publicKey = new ECPublicKeyParameters(Q, KeyUtil.domainParameters);
+
+    this.id        = Conversions.byteArrayToMedium(bytes, offset);
+    this.publicKey = Curve.decodePoint(bytes, offset + 3);
   }
-	
+
   public PublicKey(byte[] bytes) throws InvalidKeyException {
     this(bytes, 0);
   }
+
+  public int getType() {
+    return publicKey.getType();
+  }
 	
   public void setId(int id) {
     this.id = id;
@@ -78,7 +73,7 @@ public class PublicKey {
     return id;
   }
 	
-  public ECPublicKeyParameters getKey() {
+  public ECPublicKey getKey() {
     return publicKey;
   }
 	
@@ -97,14 +92,11 @@ public class PublicKey {
   }
 	
   public byte[] serialize() {
-    byte[] complete        = new byte[KEY_SIZE];
-    byte[] serializedPoint = KeyUtil.encodePoint(publicKey.getQ());
-				
+    byte[] keyIdBytes      = Conversions.mediumToByteArray(id);
+    byte[] serializedPoint = publicKey.serialize();
+
     Log.w("PublicKey", "Serializing public key point: " + Hex.toString(serializedPoint));
-		
-    Conversions.mediumToByteArray(complete, 0, id);
-    System.arraycopy(serializedPoint, 0, complete, 3, serializedPoint.length);
-		
-    return complete;
-  }	
+
+    return Util.combine(keyIdBytes, serializedPoint);
+  }
 }

library/src/org/whispersystems/textsecure/crypto/SerializableKey.java

@@ -14,7 +14,7 @@
  * You should have received a copy of the GNU General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
-package org.thoughtcrime.securesms.crypto;
+package org.whispersystems.textsecure.crypto;
 
 public interface SerializableKey {
   public byte[] serialize();

library/src/org/whispersystems/textsecure/crypto/SessionCipher.java

@@ -0,0 +1,275 @@
+/** 
+ * Copyright (C) 2013 Open Whisper Systems
+ * 
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package org.whispersystems.textsecure.crypto;
+
+
+import android.content.Context;
+import android.util.Log;
+import android.util.Pair;
+
+import org.whispersystems.textsecure.crypto.ecc.Curve;
+import org.whispersystems.textsecure.crypto.ecc.ECKeyPair;
+import org.whispersystems.textsecure.crypto.ecc.ECPublicKey;
+import org.whispersystems.textsecure.crypto.protocol.CiphertextMessage;
+import org.whispersystems.textsecure.crypto.protocol.PreKeyWhisperMessage;
+import org.whispersystems.textsecure.crypto.protocol.WhisperMessage;
+import org.whispersystems.textsecure.crypto.ratchet.ChainKey;
+import org.whispersystems.textsecure.crypto.ratchet.MessageKeys;
+import org.whispersystems.textsecure.crypto.ratchet.RootKey;
+import org.whispersystems.textsecure.storage.RecipientDevice;
+import org.whispersystems.textsecure.storage.SessionRecordV2;
+import org.whispersystems.textsecure.storage.SessionState;
+import org.whispersystems.textsecure.util.Conversions;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.NoSuchAlgorithmException;
+import java.util.List;
+
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
+
+public class SessionCipher {
+
+  private static final Object SESSION_LOCK = new Object();
+
+  private final Context         context;
+  private final MasterSecret    masterSecret;
+  private final RecipientDevice recipient;
+
+  public static SessionCipher createFor(Context context,
+                                        MasterSecret masterSecret,
+                                        RecipientDevice recipient)
+  {
+    if (SessionRecordV2.hasSession(context, masterSecret, recipient)) {
+      return new SessionCipher(context, masterSecret, recipient);
+    } else {
+      throw new AssertionError("Attempt to initialize cipher for non-existing session.");
+    }
+  }
+
+
+  private SessionCipher(Context context, MasterSecret masterSecret, RecipientDevice recipient) {
+    this.recipient    = recipient;
+    this.masterSecret = masterSecret;
+    this.context      = context;
+  }
+
+  public CiphertextMessage encrypt(byte[] paddedMessage) {
+    synchronized (SESSION_LOCK) {
+      SessionRecordV2 sessionRecord   = getSessionRecord();
+      SessionState    sessionState    = sessionRecord.getSessionState();
+      ChainKey        chainKey        = sessionState.getSenderChainKey();
+      MessageKeys     messageKeys     = chainKey.getMessageKeys();
+      ECPublicKey     senderEphemeral = sessionState.getSenderEphemeral();
+      int             previousCounter = sessionState.getPreviousCounter();
+
+      byte[]            ciphertextBody    = getCiphertext(messageKeys, paddedMessage);
+      CiphertextMessage ciphertextMessage = new WhisperMessage(messageKeys.getMacKey(),
+                                                               senderEphemeral, chainKey.getIndex(),
+                                                               previousCounter, ciphertextBody);
+
+      if (sessionState.hasPendingPreKey()) {
+        Pair<Integer, ECPublicKey> pendingPreKey       = sessionState.getPendingPreKey();
+        int                        localRegistrationId = sessionState.getLocalRegistrationId();
+
+        ciphertextMessage = new PreKeyWhisperMessage(localRegistrationId, pendingPreKey.first,
+                                                     pendingPreKey.second,
+                                                     sessionState.getLocalIdentityKey(),
+                                                     (WhisperMessage) ciphertextMessage);
+      }
+
+      sessionState.setSenderChainKey(chainKey.getNextChainKey());
+      sessionRecord.save();
+
+      return ciphertextMessage;
+    }
+  }
+
+  public byte[] decrypt(byte[] decodedMessage)
+      throws InvalidMessageException, DuplicateMessageException, LegacyMessageException
+  {
+    synchronized (SESSION_LOCK) {
+      SessionRecordV2    sessionRecord  = getSessionRecord();
+      SessionState       sessionState   = sessionRecord.getSessionState();
+      List<SessionState> previousStates = sessionRecord.getPreviousSessions();
+
+      try {
+        byte[] plaintext = decrypt(sessionState, decodedMessage);
+        sessionRecord.save();
+
+        return plaintext;
+      } catch (InvalidMessageException e) {
+        Log.w("SessionCipherV2", e);
+      }
+
+      for (SessionState previousState : previousStates) {
+        try {
+          Log.w("SessionCipherV2", "Attempting decrypt on previous state...");
+          byte[] plaintext = decrypt(previousState, decodedMessage);
+          sessionRecord.save();
+
+          return plaintext;
+        } catch (InvalidMessageException e) {
+          Log.w("SessionCipherV2", e);
+        }
+      }
+
+      throw new InvalidMessageException("No valid sessions.");
+    }
+  }
+
+  public byte[] decrypt(SessionState sessionState, byte[] decodedMessage)
+      throws InvalidMessageException, DuplicateMessageException, LegacyMessageException
+  {
+    if (!sessionState.hasSenderChain()) {
+      throw new InvalidMessageException("Uninitialized session!");
+    }
+
+    WhisperMessage ciphertextMessage = new WhisperMessage(decodedMessage);
+    ECPublicKey    theirEphemeral    = ciphertextMessage.getSenderEphemeral();
+    int            counter           = ciphertextMessage.getCounter();
+    ChainKey       chainKey          = getOrCreateChainKey(sessionState, theirEphemeral);
+    MessageKeys    messageKeys       = getOrCreateMessageKeys(sessionState, theirEphemeral,
+                                                              chainKey, counter);
+
+    ciphertextMessage.verifyMac(messageKeys.getMacKey());
+
+    byte[] plaintext = getPlaintext(messageKeys, ciphertextMessage.getBody());
+
+    sessionState.clearPendingPreKey();
+
+    return plaintext;
+
+  }
+
+  public int getRemoteRegistrationId() {
+    synchronized (SESSION_LOCK) {
+      SessionRecordV2 sessionRecord = getSessionRecord();
+      return sessionRecord.getSessionState().getRemoteRegistrationId();
+    }
+  }
+
+  private ChainKey getOrCreateChainKey(SessionState sessionState, ECPublicKey theirEphemeral)
+      throws InvalidMessageException
+  {
+    try {
+      if (sessionState.hasReceiverChain(theirEphemeral)) {
+        return sessionState.getReceiverChainKey(theirEphemeral);
+      } else {
+        RootKey                 rootKey         = sessionState.getRootKey();
+        ECKeyPair               ourEphemeral    = sessionState.getSenderEphemeralPair();
+        Pair<RootKey, ChainKey> receiverChain   = rootKey.createChain(theirEphemeral, ourEphemeral);
+        ECKeyPair               ourNewEphemeral = Curve.generateKeyPair(true);
+        Pair<RootKey, ChainKey> senderChain     = receiverChain.first.createChain(theirEphemeral, ourNewEphemeral);
+
+        sessionState.setRootKey(senderChain.first);
+        sessionState.addReceiverChain(theirEphemeral, receiverChain.second);
+        sessionState.setPreviousCounter(sessionState.getSenderChainKey().getIndex()-1);
+        sessionState.setSenderChain(ourNewEphemeral, senderChain.second);
+
+        return receiverChain.second;
+      }
+    } catch (InvalidKeyException e) {
+      throw new InvalidMessageException(e);
+    }
+  }
+
+  private MessageKeys getOrCreateMessageKeys(SessionState sessionState,
+                                             ECPublicKey theirEphemeral,
+                                             ChainKey chainKey, int counter)
+      throws InvalidMessageException, DuplicateMessageException
+  {
+    if (chainKey.getIndex() > counter) {
+      if (sessionState.hasMessageKeys(theirEphemeral, counter)) {
+        return sessionState.removeMessageKeys(theirEphemeral, counter);
+      } else {
+        throw new DuplicateMessageException("Received message with old counter: " +
+                                                chainKey.getIndex() + " , " + counter);
+      }
+    }
+
+    if (chainKey.getIndex() - counter > 2000) {
+      throw new InvalidMessageException("Over 2000 messages into the future!");
+    }
+
+    while (chainKey.getIndex() < counter) {
+      MessageKeys messageKeys = chainKey.getMessageKeys();
+      sessionState.setMessageKeys(theirEphemeral, messageKeys);
+      chainKey = chainKey.getNextChainKey();
+    }
+
+    sessionState.setReceiverChainKey(theirEphemeral, chainKey.getNextChainKey());
+    return chainKey.getMessageKeys();
+  }
+
+  private byte[] getCiphertext(MessageKeys messageKeys, byte[] plaintext) {
+    try {
+      Cipher cipher = getCipher(Cipher.ENCRYPT_MODE,
+                                messageKeys.getCipherKey(),
+                                messageKeys.getCounter());
+
+      return cipher.doFinal(plaintext);
+    } catch (IllegalBlockSizeException e) {
+      throw new AssertionError(e);
+    } catch (BadPaddingException e) {
+      throw new AssertionError(e);
+    }
+  }
+
+  private byte[] getPlaintext(MessageKeys messageKeys, byte[] cipherText) {
+    try {
+      Cipher cipher = getCipher(Cipher.DECRYPT_MODE,
+                                messageKeys.getCipherKey(),
+                                messageKeys.getCounter());
+      return cipher.doFinal(cipherText);
+    } catch (IllegalBlockSizeException e) {
+      throw new AssertionError(e);
+    } catch (BadPaddingException e) {
+      throw new AssertionError(e);
+    }
+  }
+
+  private Cipher getCipher(int mode, SecretKeySpec key, int counter)  {
+    try {
+      Cipher cipher = Cipher.getInstance("AES/CTR/NoPadding");
+
+      byte[] ivBytes = new byte[16];
+      Conversions.intToByteArray(ivBytes, 0, counter);
+
+      IvParameterSpec iv = new IvParameterSpec(ivBytes);
+      cipher.init(mode, key, iv);
+
+      return cipher;
+    } catch (NoSuchAlgorithmException e) {
+      throw new AssertionError(e);
+    } catch (NoSuchPaddingException e) {
+      throw new AssertionError(e);
+    } catch (java.security.InvalidKeyException e) {
+      throw new AssertionError(e);
+    } catch (InvalidAlgorithmParameterException e) {
+      throw new AssertionError(e);
+    }
+  }
+
+  private SessionRecordV2 getSessionRecord() {
+    return new SessionRecordV2(context, masterSecret, recipient);
+  }
+}

library/src/org/whispersystems/textsecure/crypto/TransportDetails.java

@@ -14,14 +14,15 @@
  * You should have received a copy of the GNU General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
-package org.thoughtcrime.securesms.crypto;
+package org.whispersystems.textsecure.crypto;
 
 import java.io.IOException;
 
 
 public interface TransportDetails {	
-  public byte[] stripPaddedMessage(byte[] messageWithPadding);	
+  public byte[] getStrippedPaddingMessageBody(byte[] messageWithPadding);
   public byte[] getPaddedMessageBody(byte[] messageBody);
-  public byte[] encodeMessage(byte[] messageWithMac);
-  public byte[] decodeMessage(byte[] encodedMessageBytes) throws IOException;
+
+  public byte[] getEncodedMessage(byte[] messageWithMac);
+  public byte[] getDecodedMessage(byte[] encodedMessageBytes) throws IOException;
 }

library/src/org/whispersystems/textsecure/crypto/ecc/Curve.java

@@ -0,0 +1,59 @@
+/**
+ * Copyright (C) 2013 Open Whisper Systems
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package org.whispersystems.textsecure.crypto.ecc;
+
+import org.whispersystems.textsecure.crypto.InvalidKeyException;
+import org.whispersystems.textsecure.crypto.protocol.CiphertextMessage;
+
+public class Curve {
+
+  public  static final int DJB_TYPE   = 0x05;
+
+  public static ECKeyPair generateKeyPair(boolean ephemeral) {
+    return Curve25519.generateKeyPair(ephemeral);
+  }
+
+  public static ECPublicKey decodePoint(byte[] bytes, int offset)
+      throws InvalidKeyException
+  {
+    int type = bytes[offset];
+
+    if (type == DJB_TYPE) {
+      return Curve25519.decodePoint(bytes, offset);
+    } else {
+      throw new InvalidKeyException("Unknown key type: " + type);
+    }
+  }
+
+  public static ECPrivateKey decodePrivatePoint(byte[] bytes) {
+    return new DjbECPrivateKey(bytes);
+  }
+
+  public static byte[] calculateAgreement(ECPublicKey publicKey, ECPrivateKey privateKey)
+      throws InvalidKeyException
+  {
+    if (publicKey.getType() != privateKey.getType()) {
+      throw new InvalidKeyException("Public and private keys must be of the same type!");
+    }
+
+    if (publicKey.getType() == DJB_TYPE) {
+      return Curve25519.calculateAgreement(publicKey, privateKey);
+    } else {
+      throw new InvalidKeyException("Unknown type: " + publicKey.getType());
+    }
+  }
+}

library/src/org/whispersystems/textsecure/crypto/ecc/Curve25519.java

@@ -0,0 +1,75 @@
+/**
+ * Copyright (C) 2013 Open Whisper Systems
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package org.whispersystems.textsecure.crypto.ecc;
+
+import org.whispersystems.textsecure.crypto.InvalidKeyException;
+
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+
+public class Curve25519 {
+
+  static {
+    System.loadLibrary("curve25519");
+
+    try {
+      random = SecureRandom.getInstance("SHA1PRNG");
+    } catch (NoSuchAlgorithmException e) {
+      throw new AssertionError(e);
+    }
+  }
+
+  private static final SecureRandom random;
+
+  private static native byte[] calculateAgreement(byte[] ourPrivate, byte[] theirPublic);
+  private static native byte[] generatePublicKey(byte[] privateKey);
+  private static native byte[] generatePrivateKey(byte[] random, boolean ephemeral);
+
+  public static ECKeyPair generateKeyPair(boolean ephemeral) {
+    byte[] privateKey = generatePrivateKey(ephemeral);
+    byte[] publicKey  = generatePublicKey(privateKey);
+
+    return new ECKeyPair(new DjbECPublicKey(publicKey), new DjbECPrivateKey(privateKey));
+  }
+
+  static byte[] calculateAgreement(ECPublicKey publicKey, ECPrivateKey privateKey) {
+    return calculateAgreement(((DjbECPrivateKey)privateKey).getPrivateKey(),
+                              ((DjbECPublicKey)publicKey).getPublicKey());
+  }
+
+  static ECPublicKey decodePoint(byte[] encoded, int offset)
+      throws InvalidKeyException
+  {
+    int    type     = encoded[offset] & 0xFF;
+    byte[] keyBytes = new byte[32];
+    System.arraycopy(encoded, offset+1, keyBytes, 0, keyBytes.length);
+
+    if (type != Curve.DJB_TYPE) {
+      throw new InvalidKeyException("Bad key type: " + type);
+    }
+
+    return new DjbECPublicKey(keyBytes);
+  }
+
+  private static byte[] generatePrivateKey(boolean ephemeral) {
+    byte[] privateKey = new byte[32];
+    random.nextBytes(privateKey);
+
+    return generatePrivateKey(privateKey, ephemeral);
+  }
+
+}

library/src/org/whispersystems/textsecure/crypto/ecc/DjbECPrivateKey.java

@@ -1,6 +1,6 @@
-/** 
- * Copyright (C) 2011 Whisper Systems
- * 
+/**
+ * Copyright (C) 2013 Open Whisper Systems
+ *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
  * the Free Software Foundation, either version 3 of the License, or
@@ -10,27 +10,32 @@
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
- * 
+ *
  * You should have received a copy of the GNU General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
-package org.thoughtcrime.securesms.crypto;
 
-public class PublicKeyAndVersion {
+package org.whispersystems.textsecure.crypto.ecc;
 
-  public       IdentityKey identityKey;
-  public final PublicKey key;
-  public final int version;
-  public final int maxVersion;
-	
-  public PublicKeyAndVersion(PublicKey key, int version, int maxVersion) {
-    this.key        = key;
-    this.version    = version;
-    this.maxVersion = maxVersion;
+public class DjbECPrivateKey implements ECPrivateKey {
+
+  private final byte[] privateKey;
+
+  DjbECPrivateKey(byte[] privateKey) {
+    this.privateKey = privateKey;
   }
-	
-  public PublicKeyAndVersion(PublicKey key, IdentityKey identityKey, int version, int maxVersion) {
-    this(key, version, maxVersion);
-    this.identityKey = identityKey;
+
+  @Override
+  public byte[] serialize() {
+    return privateKey;
+  }
+
+  @Override
+  public int getType() {
+    return Curve.DJB_TYPE;
+  }
+
+  public byte[] getPrivateKey() {
+    return privateKey;
   }
 }

library/src/org/whispersystems/textsecure/crypto/ecc/DjbECPublicKey.java

@@ -0,0 +1,66 @@
+/**
+ * Copyright (C) 2013 Open Whisper Systems
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package org.whispersystems.textsecure.crypto.ecc;
+
+import org.whispersystems.textsecure.util.Util;
+
+import java.math.BigInteger;
+import java.util.Arrays;
+
+public class DjbECPublicKey implements ECPublicKey {
+
+  private final byte[] publicKey;
+
+  DjbECPublicKey(byte[] publicKey) {
+    this.publicKey = publicKey;
+  }
+
+  @Override
+  public byte[] serialize() {
+    byte[] type = {Curve.DJB_TYPE};
+    return Util.combine(type, publicKey);
+  }
+
+  @Override
+  public int getType() {
+    return Curve.DJB_TYPE;
+  }
+
+  @Override
+  public boolean equals(Object other) {
+    if (other == null)                      return false;
+    if (!(other instanceof DjbECPublicKey)) return false;
+
+    DjbECPublicKey that = (DjbECPublicKey)other;
+    return Arrays.equals(this.publicKey, that.publicKey);
+  }
+
+  @Override
+  public int hashCode() {
+    return Arrays.hashCode(publicKey);
+  }
+
+  @Override
+  public int compareTo(ECPublicKey another) {
+    return new BigInteger(publicKey).compareTo(new BigInteger(((DjbECPublicKey)another).publicKey));
+  }
+
+  public byte[] getPublicKey() {
+    return publicKey;
+  }
+}

library/src/org/whispersystems/textsecure/crypto/ecc/ECKeyPair.java

@@ -0,0 +1,37 @@
+/**
+ * Copyright (C) 2013 Open Whisper Systems
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package org.whispersystems.textsecure.crypto.ecc;
+
+public class ECKeyPair {
+
+  private final ECPublicKey  publicKey;
+  private final ECPrivateKey privateKey;
+
+  public ECKeyPair(ECPublicKey publicKey, ECPrivateKey privateKey) {
+    this.publicKey = publicKey;
+    this.privateKey = privateKey;
+  }
+
+  public ECPublicKey getPublicKey() {
+    return publicKey;
+  }
+
+  public ECPrivateKey getPrivateKey() {
+    return privateKey;
+  }
+}

library/src/org/whispersystems/textsecure/crypto/ecc/ECPrivateKey.java

@@ -0,0 +1,23 @@
+/**
+ * Copyright (C) 2013 Open Whisper Systems
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package org.whispersystems.textsecure.crypto.ecc;
+
+public interface ECPrivateKey {
+  public byte[] serialize();
+  public int getType();
+}

library/src/org/whispersystems/textsecure/crypto/ecc/ECPublicKey.java

@@ -0,0 +1,27 @@
+/**
+ * Copyright (C) 2013 Open Whisper Systems
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package org.whispersystems.textsecure.crypto.ecc;
+
+public interface ECPublicKey extends Comparable<ECPublicKey> {
+
+  public static final int KEY_SIZE = 33;
+
+  public byte[] serialize();
+
+  public int getType();
+}

library/src/org/whispersystems/textsecure/crypto/kdf/DerivedSecrets.java

@@ -0,0 +1,39 @@
+/**
+ * Copyright (C) 2013 Open Whisper Systems
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package org.whispersystems.textsecure.crypto.kdf;
+
+import javax.crypto.spec.SecretKeySpec;
+
+public class DerivedSecrets {
+
+  private final SecretKeySpec cipherKey;
+  private final SecretKeySpec macKey;
+
+  public DerivedSecrets(SecretKeySpec cipherKey, SecretKeySpec macKey) {
+    this.cipherKey = cipherKey;
+    this.macKey    = macKey;
+  }
+
+  public SecretKeySpec getCipherKey() {
+    return cipherKey;
+  }
+
+  public SecretKeySpec getMacKey() {
+    return macKey;
+  }
+}

library/src/org/whispersystems/textsecure/crypto/kdf/HKDF.java

@@ -0,0 +1,108 @@
+/**
+ * Copyright (C) 2013 Open Whisper Systems
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package org.whispersystems.textsecure.crypto.kdf;
+
+import java.io.ByteArrayOutputStream;
+import java.math.BigInteger;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.util.List;
+
+import javax.crypto.Mac;
+import javax.crypto.spec.SecretKeySpec;
+
+public class HKDF {
+
+  private static final int HASH_OUTPUT_SIZE  = 32;
+  private static final int KEY_MATERIAL_SIZE = 64;
+
+  private static final int CIPHER_KEYS_OFFSET = 0;
+  private static final int MAC_KEYS_OFFSET    = 32;
+
+  public DerivedSecrets deriveSecrets(byte[] inputKeyMaterial, byte[] info) {
+    byte[] salt = new byte[HASH_OUTPUT_SIZE];
+    return deriveSecrets(inputKeyMaterial, salt, info);
+  }
+
+  public DerivedSecrets deriveSecrets(byte[] inputKeyMaterial, byte[] salt, byte[] info) {
+    byte[] prk              = extract(salt, inputKeyMaterial);
+    byte[] okm              = expand(prk, info, KEY_MATERIAL_SIZE);
+
+    SecretKeySpec cipherKey = deriveCipherKey(okm);
+    SecretKeySpec macKey    = deriveMacKey(okm);
+
+    return new DerivedSecrets(cipherKey, macKey);
+  }
+
+  private SecretKeySpec deriveCipherKey(byte[] okm) {
+    byte[] cipherKey = new byte[32];
+    System.arraycopy(okm, CIPHER_KEYS_OFFSET, cipherKey, 0, cipherKey.length);
+    return new SecretKeySpec(cipherKey, "AES");
+  }
+
+  private SecretKeySpec deriveMacKey(byte[] okm) {
+    byte[] macKey = new byte[32];
+    System.arraycopy(okm, MAC_KEYS_OFFSET, macKey, 0, macKey.length);
+    return new SecretKeySpec(macKey, "HmacSHA256");
+  }
+
+  private byte[] extract(byte[] salt, byte[] inputKeyMaterial) {
+    try {
+      Mac mac = Mac.getInstance("HmacSHA256");
+      mac.init(new SecretKeySpec(salt, "HmacSHA256"));
+      return mac.doFinal(inputKeyMaterial);
+    } catch (NoSuchAlgorithmException e) {
+      throw new AssertionError(e);
+    } catch (InvalidKeyException e) {
+      throw new AssertionError(e);
+    }
+  }
+
+  private byte[] expand(byte[] prk, byte[] info, int outputSize) {
+    try {
+      int                   iterations = (int)Math.ceil((double)outputSize/(double)HASH_OUTPUT_SIZE);
+      byte[]                mixin      = new byte[0];
+      ByteArrayOutputStream results    = new ByteArrayOutputStream();
+
+      for (int i=0;i<iterations;i++) {
+        Mac mac = Mac.getInstance("HmacSHA256");
+        mac.init(new SecretKeySpec(prk, "HmacSHA256"));
+
+        mac.update(mixin);
+        if (info != null) {
+          mac.update(info);
+        }
+        mac.update((byte)i);
+
+        byte[] stepResult = mac.doFinal();
+        results.write(stepResult, 0, stepResult.length);
+
+        mixin = stepResult;
+      }
+
+      return results.toByteArray();
+    } catch (NoSuchAlgorithmException e) {
+      throw new AssertionError(e);
+    } catch (InvalidKeyException e) {
+      throw new AssertionError(e);
+    }
+  }
+
+
+
+}

library/src/org/whispersystems/textsecure/crypto/kdf/NKDF.java

@@ -0,0 +1,86 @@
+/**
+ * Copyright (C) 2013 Open Whisper Systems
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package org.whispersystems.textsecure.crypto.kdf;
+
+import android.util.Log;
+
+import org.whispersystems.textsecure.util.Conversions;
+
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+
+import javax.crypto.spec.SecretKeySpec;
+
+public class NKDF {
+
+  public static final int LEGACY_CIPHER_KEY_LENGTH = 16;
+  public static final int LEGACY_MAC_KEY_LENGTH    = 20;
+
+  public DerivedSecrets deriveSecrets(byte[] sharedSecret, boolean isLowEnd)
+  {
+    SecretKeySpec cipherKey = deriveCipherSecret(isLowEnd, sharedSecret);
+    SecretKeySpec macKey    = deriveMacSecret(cipherKey);
+
+    return new DerivedSecrets(cipherKey, macKey);
+  }
+
+  private SecretKeySpec deriveCipherSecret(boolean isLowEnd, byte[] sharedSecret) {
+    byte[] derivedBytes = deriveBytes(sharedSecret, LEGACY_CIPHER_KEY_LENGTH * 2);
+    byte[] cipherSecret = new byte[LEGACY_CIPHER_KEY_LENGTH];
+
+    if (isLowEnd)  {
+      System.arraycopy(derivedBytes, LEGACY_CIPHER_KEY_LENGTH, cipherSecret, 0, LEGACY_CIPHER_KEY_LENGTH);
+    } else {
+      System.arraycopy(derivedBytes, 0, cipherSecret, 0, LEGACY_CIPHER_KEY_LENGTH);
+    }
+
+    return new SecretKeySpec(cipherSecret, "AES");
+  }
+
+  private SecretKeySpec deriveMacSecret(SecretKeySpec key) {
+    try {
+      MessageDigest md = MessageDigest.getInstance("SHA-1");
+      byte[] secret    = md.digest(key.getEncoded());
+
+      return new SecretKeySpec(secret, "HmacSHA1");
+    } catch (NoSuchAlgorithmException e) {
+      throw new IllegalArgumentException("SHA-1 Not Supported!",e);
+    }
+  }
+
+  private byte[] deriveBytes(byte[] seed, int bytesNeeded) {
+    MessageDigest md;
+
+    try {
+      md = MessageDigest.getInstance("SHA-256");
+    } catch (NoSuchAlgorithmException e) {
+      Log.w("NKDF", e);
+      throw new IllegalArgumentException("SHA-256 Not Supported!");
+    }
+
+    int rounds = bytesNeeded / md.getDigestLength();
+
+    for (int i=1;i<=rounds;i++) {
+      byte[] roundBytes = Conversions.intToByteArray(i);
+      md.update(roundBytes);
+      md.update(seed);
+    }
+
+    return md.digest();
+  }
+}

library/src/org/whispersystems/textsecure/crypto/protocol/CiphertextMessage.java

@@ -0,0 +1,17 @@
+package org.whispersystems.textsecure.crypto.protocol;
+
+public interface CiphertextMessage {
+
+  public static final int UNSUPPORTED_VERSION = 1;
+  public static final int CURRENT_VERSION     = 2;
+
+  public static final int WHISPER_TYPE = 2;
+  public static final int PREKEY_TYPE  = 3;
+
+  // This should be the worst case (worse than V2).  So not always accurate, but good enough for padding.
+  public static final int ENCRYPTED_MESSAGE_OVERHEAD = 53;
+
+  public byte[] serialize();
+  public int getType();
+
+}

library/src/org/whispersystems/textsecure/crypto/protocol/PreKeyWhisperMessage.java

@@ -0,0 +1,115 @@
+package org.whispersystems.textsecure.crypto.protocol;
+
+import com.google.protobuf.ByteString;
+import com.google.protobuf.InvalidProtocolBufferException;
+
+import org.whispersystems.textsecure.crypto.IdentityKey;
+import org.whispersystems.textsecure.crypto.InvalidKeyException;
+import org.whispersystems.textsecure.crypto.InvalidMessageException;
+import org.whispersystems.textsecure.crypto.InvalidVersionException;
+import org.whispersystems.textsecure.crypto.LegacyMessageException;
+import org.whispersystems.textsecure.crypto.ecc.Curve;
+import org.whispersystems.textsecure.crypto.ecc.ECPublicKey;
+import org.whispersystems.textsecure.util.Conversions;
+import org.whispersystems.textsecure.util.Util;
+
+public class PreKeyWhisperMessage implements CiphertextMessage {
+
+  private final int            version;
+  private final int            registrationId;
+  private final int            preKeyId;
+  private final ECPublicKey    baseKey;
+  private final IdentityKey    identityKey;
+  private final WhisperMessage message;
+  private final byte[]         serialized;
+
+  public PreKeyWhisperMessage(byte[] serialized)
+      throws InvalidMessageException, InvalidVersionException
+  {
+    try {
+      this.version = Conversions.highBitsToInt(serialized[0]);
+
+      if (this.version > CiphertextMessage.CURRENT_VERSION) {
+        throw new InvalidVersionException("Unknown version: " + this.version);
+      }
+
+      WhisperProtos.PreKeyWhisperMessage preKeyWhisperMessage
+          = WhisperProtos.PreKeyWhisperMessage.parseFrom(ByteString.copyFrom(serialized, 1,
+                                                                             serialized.length-1));
+
+      if (!preKeyWhisperMessage.hasPreKeyId()       ||
+          !preKeyWhisperMessage.hasBaseKey()        ||
+          !preKeyWhisperMessage.hasIdentityKey()    ||
+          !preKeyWhisperMessage.hasMessage())
+      {
+        throw new InvalidMessageException("Incomplete message.");
+      }
+
+      this.serialized     = serialized;
+      this.registrationId = preKeyWhisperMessage.getRegistrationId();
+      this.preKeyId       = preKeyWhisperMessage.getPreKeyId();
+      this.baseKey        = Curve.decodePoint(preKeyWhisperMessage.getBaseKey().toByteArray(), 0);
+      this.identityKey    = new IdentityKey(Curve.decodePoint(preKeyWhisperMessage.getIdentityKey().toByteArray(), 0));
+      this.message        = new WhisperMessage(preKeyWhisperMessage.getMessage().toByteArray());
+    } catch (InvalidProtocolBufferException e) {
+      throw new InvalidMessageException(e);
+    } catch (InvalidKeyException e) {
+      throw new InvalidMessageException(e);
+    } catch (LegacyMessageException e) {
+      throw new InvalidMessageException(e);
+    }
+  }
+
+  public PreKeyWhisperMessage(int registrationId, int preKeyId, ECPublicKey baseKey,
+                              IdentityKey identityKey, WhisperMessage message)
+  {
+    this.version        = CiphertextMessage.CURRENT_VERSION;
+    this.registrationId = registrationId;
+    this.preKeyId       = preKeyId;
+    this.baseKey        = baseKey;
+    this.identityKey    = identityKey;
+    this.message        = message;
+
+    byte[] versionBytes = {Conversions.intsToByteHighAndLow(CURRENT_VERSION, this.version)};
+    byte[] messageBytes = WhisperProtos.PreKeyWhisperMessage.newBuilder()
+                                       .setPreKeyId(preKeyId)
+                                       .setBaseKey(ByteString.copyFrom(baseKey.serialize()))
+                                       .setIdentityKey(ByteString.copyFrom(identityKey.serialize()))
+                                       .setMessage(ByteString.copyFrom(message.serialize()))
+                                       .setRegistrationId(registrationId)
+                                       .build().toByteArray();
+
+    this.serialized = Util.combine(versionBytes, messageBytes);
+  }
+
+  public IdentityKey getIdentityKey() {
+    return identityKey;
+  }
+
+  public int getRegistrationId() {
+    return registrationId;
+  }
+
+  public int getPreKeyId() {
+    return preKeyId;
+  }
+
+  public ECPublicKey getBaseKey() {
+    return baseKey;
+  }
+
+  public WhisperMessage getWhisperMessage() {
+    return message;
+  }
+
+  @Override
+  public byte[] serialize() {
+    return serialized;
+  }
+
+  @Override
+  public int getType() {
+    return CiphertextMessage.PREKEY_TYPE;
+  }
+
+}

library/src/org/whispersystems/textsecure/crypto/protocol/WhisperMessage.java

@@ -0,0 +1,141 @@
+package org.whispersystems.textsecure.crypto.protocol;
+
+import com.google.protobuf.ByteString;
+import com.google.protobuf.InvalidProtocolBufferException;
+
+import org.whispersystems.textsecure.crypto.InvalidKeyException;
+import org.whispersystems.textsecure.crypto.InvalidMessageException;
+import org.whispersystems.textsecure.crypto.LegacyMessageException;
+import org.whispersystems.textsecure.crypto.ecc.Curve;
+import org.whispersystems.textsecure.crypto.ecc.ECPublicKey;
+import org.whispersystems.textsecure.util.Conversions;
+import org.whispersystems.textsecure.util.Util;
+
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.text.ParseException;
+
+import javax.crypto.Mac;
+import javax.crypto.spec.SecretKeySpec;
+
+public class WhisperMessage implements CiphertextMessage {
+
+  private static final int MAC_LENGTH = 8;
+
+  private final ECPublicKey senderEphemeral;
+  private final int         counter;
+  private final int         previousCounter;
+  private final byte[]      ciphertext;
+  private final byte[]      serialized;
+
+  public WhisperMessage(byte[] serialized) throws InvalidMessageException, LegacyMessageException {
+    try {
+      byte[][] messageParts = Util.split(serialized, 1, serialized.length - 1 - MAC_LENGTH, MAC_LENGTH);
+      byte     version      = messageParts[0][0];
+      byte[]   message      = messageParts[1];
+      byte[]   mac          = messageParts[2];
+
+      if (Conversions.highBitsToInt(version) <= CiphertextMessage.UNSUPPORTED_VERSION) {
+        throw new LegacyMessageException("Legacy message: " + Conversions.highBitsToInt(version));
+      }
+
+      if (Conversions.highBitsToInt(version) != CURRENT_VERSION) {
+        throw new InvalidMessageException("Unknown version: " + Conversions.highBitsToInt(version));
+      }
+
+      WhisperProtos.WhisperMessage whisperMessage = WhisperProtos.WhisperMessage.parseFrom(message);
+
+      if (!whisperMessage.hasCiphertext() ||
+          !whisperMessage.hasCounter() ||
+          !whisperMessage.hasEphemeralKey())
+      {
+        throw new InvalidMessageException("Incomplete message.");
+      }
+
+      this.serialized      = serialized;
+      this.senderEphemeral = Curve.decodePoint(whisperMessage.getEphemeralKey().toByteArray(), 0);
+      this.counter         = whisperMessage.getCounter();
+      this.previousCounter = whisperMessage.getPreviousCounter();
+      this.ciphertext      = whisperMessage.getCiphertext().toByteArray();
+    } catch (InvalidProtocolBufferException e) {
+      throw new InvalidMessageException(e);
+    } catch (InvalidKeyException e) {
+      throw new InvalidMessageException(e);
+    } catch (ParseException e) {
+      throw new InvalidMessageException(e);
+    }
+  }
+
+  public WhisperMessage(SecretKeySpec macKey, ECPublicKey senderEphemeral,
+                        int counter, int previousCounter, byte[] ciphertext)
+  {
+    byte[] version = {Conversions.intsToByteHighAndLow(CURRENT_VERSION, CURRENT_VERSION)};
+    byte[] message = WhisperProtos.WhisperMessage.newBuilder()
+                                   .setEphemeralKey(ByteString.copyFrom(senderEphemeral.serialize()))
+                                   .setCounter(counter)
+                                   .setPreviousCounter(previousCounter)
+                                   .setCiphertext(ByteString.copyFrom(ciphertext))
+                                   .build().toByteArray();
+    byte[] mac     = getMac(macKey, Util.combine(version, message));
+
+    this.serialized      = Util.combine(version, message, mac);
+    this.senderEphemeral = senderEphemeral;
+    this.counter         = counter;
+    this.previousCounter = previousCounter;
+    this.ciphertext      = ciphertext;
+  }
+
+  public ECPublicKey getSenderEphemeral()  {
+    return senderEphemeral;
+  }
+
+  public int getCounter() {
+    return counter;
+  }
+
+  public byte[] getBody() {
+    return ciphertext;
+  }
+
+  public void verifyMac(SecretKeySpec macKey)
+      throws InvalidMessageException
+  {
+    byte[][] parts    = Util.split(serialized, serialized.length - MAC_LENGTH, MAC_LENGTH);
+    byte[]   ourMac   = getMac(macKey, parts[0]);
+    byte[]   theirMac = parts[1];
+
+    if (!MessageDigest.isEqual(ourMac, theirMac)) {
+      throw new InvalidMessageException("Bad Mac!");
+    }
+  }
+
+  private byte[] getMac(SecretKeySpec macKey, byte[] serialized) {
+    try {
+      Mac mac = Mac.getInstance("HmacSHA256");
+      mac.init(macKey);
+
+      byte[] fullMac = mac.doFinal(serialized);
+      return Util.trim(fullMac, MAC_LENGTH);
+    } catch (NoSuchAlgorithmException e) {
+      throw new AssertionError(e);
+    } catch (java.security.InvalidKeyException e) {
+      throw new AssertionError(e);
+    }
+  }
+
+  @Override
+  public byte[] serialize() {
+    return serialized;
+  }
+
+  @Override
+  public int getType() {
+    return CiphertextMessage.WHISPER_TYPE;
+  }
+
+  public static boolean isLegacy(byte[] message) {
+    return message != null && message.length >= 1 &&
+        Conversions.highBitsToInt(message[0]) <= CiphertextMessage.UNSUPPORTED_VERSION;
+  }
+
+}

library/src/org/whispersystems/textsecure/crypto/ratchet/ChainKey.java

@@ -0,0 +1,58 @@
+package org.whispersystems.textsecure.crypto.ratchet;
+
+import org.whispersystems.textsecure.crypto.kdf.DerivedSecrets;
+import org.whispersystems.textsecure.crypto.kdf.HKDF;
+
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+
+import javax.crypto.Mac;
+import javax.crypto.spec.SecretKeySpec;
+
+public class ChainKey {
+
+  private static final byte[] MESSAGE_KEY_SEED = {0x01};
+  private static final byte[] CHAIN_KEY_SEED   = {0x02};
+
+  private final byte[] key;
+  private final int    index;
+
+  public ChainKey(byte[] key, int index) {
+    this.key   = key;
+    this.index = index;
+  }
+
+  public byte[] getKey() {
+    return key;
+  }
+
+  public int getIndex() {
+    return index;
+  }
+
+  public ChainKey getNextChainKey() {
+    byte[] nextKey = getBaseMaterial(CHAIN_KEY_SEED);
+    return new ChainKey(nextKey, index + 1);
+  }
+
+  public MessageKeys getMessageKeys() {
+    HKDF           kdf              = new HKDF();
+    byte[]         inputKeyMaterial = getBaseMaterial(MESSAGE_KEY_SEED);
+    DerivedSecrets keyMaterial      = kdf.deriveSecrets(inputKeyMaterial, "WhisperMessageKeys".getBytes());
+
+    return new MessageKeys(keyMaterial.getCipherKey(), keyMaterial.getMacKey(), index);
+  }
+
+  private byte[] getBaseMaterial(byte[] seed) {
+    try {
+      Mac mac = Mac.getInstance("HmacSHA256");
+      mac.init(new SecretKeySpec(key, "HmacSHA256"));
+
+      return mac.doFinal(seed);
+    } catch (NoSuchAlgorithmException e) {
+      throw new AssertionError(e);
+    } catch (InvalidKeyException e) {
+      throw new AssertionError(e);
+    }
+  }
+}

library/src/org/whispersystems/textsecure/crypto/ratchet/MessageKeys.java

@@ -0,0 +1,28 @@
+package org.whispersystems.textsecure.crypto.ratchet;
+
+import javax.crypto.spec.SecretKeySpec;
+
+public class MessageKeys {
+
+  private final SecretKeySpec cipherKey;
+  private final SecretKeySpec macKey;
+  private final int           counter;
+
+  public MessageKeys(SecretKeySpec cipherKey, SecretKeySpec macKey, int counter) {
+    this.cipherKey = cipherKey;
+    this.macKey    = macKey;
+    this.counter   = counter;
+  }
+
+  public SecretKeySpec getCipherKey() {
+    return cipherKey;
+  }
+
+  public SecretKeySpec getMacKey() {
+    return macKey;
+  }
+
+  public int getCounter() {
+    return counter;
+  }
+}

library/src/org/whispersystems/textsecure/crypto/ratchet/RatchetingSession.java

@@ -0,0 +1,121 @@
+package org.whispersystems.textsecure.crypto.ratchet;
+
+import android.util.Pair;
+
+import org.whispersystems.textsecure.crypto.IdentityKey;
+import org.whispersystems.textsecure.crypto.IdentityKeyPair;
+import org.whispersystems.textsecure.crypto.InvalidKeyException;
+import org.whispersystems.textsecure.crypto.ecc.Curve;
+import org.whispersystems.textsecure.crypto.ecc.ECKeyPair;
+import org.whispersystems.textsecure.crypto.ecc.ECPublicKey;
+import org.whispersystems.textsecure.crypto.kdf.DerivedSecrets;
+import org.whispersystems.textsecure.crypto.kdf.HKDF;
+import org.whispersystems.textsecure.storage.SessionState;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+
+public class RatchetingSession {
+
+  public static void initializeSession(SessionState sessionState,
+                                       ECKeyPair ourBaseKey,
+                                       ECPublicKey theirBaseKey,
+                                       ECKeyPair ourEphemeralKey,
+                                       ECPublicKey theirEphemeralKey,
+                                       IdentityKeyPair ourIdentityKey,
+                                       IdentityKey theirIdentityKey)
+      throws InvalidKeyException
+  {
+    if (isAlice(ourBaseKey.getPublicKey(), theirBaseKey, ourEphemeralKey.getPublicKey(), theirEphemeralKey)) {
+      initializeSessionAsAlice(sessionState, ourBaseKey, theirBaseKey, theirEphemeralKey,
+                               ourIdentityKey, theirIdentityKey);
+    } else {
+      initializeSessionAsBob(sessionState, ourBaseKey, theirBaseKey,
+                             ourEphemeralKey, ourIdentityKey, theirIdentityKey);
+    }
+  }
+
+  private static void initializeSessionAsAlice(SessionState sessionState,
+                                               ECKeyPair ourBaseKey, ECPublicKey theirBaseKey,
+                                               ECPublicKey theirEphemeralKey,
+                                               IdentityKeyPair ourIdentityKey,
+                                               IdentityKey theirIdentityKey)
+      throws InvalidKeyException
+  {
+    sessionState.setRemoteIdentityKey(theirIdentityKey);
+    sessionState.setLocalIdentityKey(ourIdentityKey.getPublicKey());
+
+    ECKeyPair               sendingKey     = Curve.generateKeyPair(true);
+    Pair<RootKey, ChainKey> receivingChain = calculate3DHE(true, ourBaseKey, theirBaseKey, ourIdentityKey, theirIdentityKey);
+    Pair<RootKey, ChainKey> sendingChain   = receivingChain.first.createChain(theirEphemeralKey, sendingKey);
+
+    sessionState.addReceiverChain(theirEphemeralKey, receivingChain.second);
+    sessionState.setSenderChain(sendingKey, sendingChain.second);
+    sessionState.setRootKey(sendingChain.first);
+  }
+
+  private static void initializeSessionAsBob(SessionState sessionState,
+                                             ECKeyPair ourBaseKey, ECPublicKey theirBaseKey,
+                                             ECKeyPair ourEphemeralKey,
+                                             IdentityKeyPair ourIdentityKey,
+                                             IdentityKey theirIdentityKey)
+      throws InvalidKeyException
+  {
+    sessionState.setRemoteIdentityKey(theirIdentityKey);
+    sessionState.setLocalIdentityKey(ourIdentityKey.getPublicKey());
+
+    Pair<RootKey, ChainKey> sendingChain = calculate3DHE(false, ourBaseKey, theirBaseKey,
+                                                         ourIdentityKey, theirIdentityKey);
+
+    sessionState.setSenderChain(ourEphemeralKey, sendingChain.second);
+    sessionState.setRootKey(sendingChain.first);
+  }
+
+  private static Pair<RootKey, ChainKey> calculate3DHE(boolean isAlice,
+                                                       ECKeyPair ourEphemeral, ECPublicKey theirEphemeral,
+                                                       IdentityKeyPair ourIdentity, IdentityKey theirIdentity)
+      throws InvalidKeyException
+  {
+    try {
+      ByteArrayOutputStream secrets = new ByteArrayOutputStream();
+
+      if (isAlice) {
+        secrets.write(Curve.calculateAgreement(theirEphemeral, ourIdentity.getPrivateKey()));
+        secrets.write(Curve.calculateAgreement(theirIdentity.getPublicKey(), ourEphemeral.getPrivateKey()));
+      } else {
+        secrets.write(Curve.calculateAgreement(theirIdentity.getPublicKey(), ourEphemeral.getPrivateKey()));
+        secrets.write(Curve.calculateAgreement(theirEphemeral, ourIdentity.getPrivateKey()));
+      }
+
+      secrets.write(Curve.calculateAgreement(theirEphemeral, ourEphemeral.getPrivateKey()));
+
+      DerivedSecrets derivedSecrets = new HKDF().deriveSecrets(secrets.toByteArray(),
+                                                               "WhisperText".getBytes());
+
+      return new Pair<RootKey, ChainKey>(new RootKey(derivedSecrets.getCipherKey().getEncoded()),
+                                         new ChainKey(derivedSecrets.getMacKey().getEncoded(), 0));
+    } catch (IOException e) {
+      throw new AssertionError(e);
+    }
+  }
+
+  private static boolean isAlice(ECPublicKey ourBaseKey, ECPublicKey theirBaseKey,
+                                 ECPublicKey ourEphemeralKey, ECPublicKey theirEphemeralKey)
+  {
+    if (ourEphemeralKey.equals(ourBaseKey)) {
+      return false;
+    }
+
+    if (theirEphemeralKey.equals(theirBaseKey)) {
+      return true;
+    }
+
+    return isLowEnd(ourBaseKey, theirBaseKey);
+  }
+
+  private static boolean isLowEnd(ECPublicKey ourKey, ECPublicKey theirKey) {
+    return ourKey.compareTo(theirKey) < 0;
+  }
+
+
+}

library/src/org/whispersystems/textsecure/crypto/ratchet/RootKey.java

@@ -0,0 +1,38 @@
+package org.whispersystems.textsecure.crypto.ratchet;
+
+import android.util.Pair;
+
+import org.whispersystems.textsecure.crypto.InvalidKeyException;
+import org.whispersystems.textsecure.crypto.ecc.Curve;
+import org.whispersystems.textsecure.crypto.ecc.ECKeyPair;
+import org.whispersystems.textsecure.crypto.ecc.ECPublicKey;
+import org.whispersystems.textsecure.crypto.kdf.DerivedSecrets;
+import org.whispersystems.textsecure.crypto.kdf.HKDF;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+
+public class RootKey {
+
+  private final byte[] key;
+
+  public RootKey(byte[] key) {
+    this.key = key;
+  }
+
+  public byte[] getKeyBytes() {
+    return key;
+  }
+
+  public Pair<RootKey, ChainKey> createChain(ECPublicKey theirEphemeral, ECKeyPair ourEphemeral)
+      throws InvalidKeyException
+  {
+    HKDF           kdf          = new HKDF();
+    byte[]         sharedSecret = Curve.calculateAgreement(theirEphemeral, ourEphemeral.getPrivateKey());
+    DerivedSecrets keys         = kdf.deriveSecrets(sharedSecret, key, "WhisperRatchet".getBytes());
+    RootKey        newRootKey   = new RootKey(keys.getCipherKey().getEncoded());
+    ChainKey       newChainKey  = new ChainKey(keys.getMacKey().getEncoded(), 0);
+
+    return new Pair<RootKey, ChainKey>(newRootKey, newChainKey);
+  }
+}

library/src/org/whispersystems/textsecure/directory/BloomFilter.java

@@ -0,0 +1,86 @@
+/*
+ * Copyright (C) 2011 Whisper Systems
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package org.whispersystems.textsecure.directory;
+
+import org.whispersystems.textsecure.util.Conversions;
+
+import javax.crypto.Mac;
+import javax.crypto.spec.SecretKeySpec;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.nio.MappedByteBuffer;
+import java.nio.channels.FileChannel;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+
+/**
+ * A simple bloom filter implementation that backs the RedPhone directory.
+ *
+ * @author Moxie Marlinspike
+ *
+ */
+
+public class BloomFilter {
+
+  private final MappedByteBuffer buffer;
+  private final long length;
+  private final int hashCount;
+
+  public BloomFilter(File bloomFilter, int hashCount)
+      throws IOException
+  {
+    this.length    = bloomFilter.length();
+    this.buffer    = new FileInputStream(bloomFilter).getChannel()
+                                                     .map(FileChannel.MapMode.READ_ONLY, 0, length);
+    this.hashCount = hashCount;
+  }
+
+  public int getHashCount() {
+    return hashCount;
+  }
+
+  private boolean isBitSet(long bitIndex) {
+    int byteInQuestion = this.buffer.get((int)(bitIndex / 8));
+    int bitOffset      = (0x01 << (bitIndex % 8));
+
+    return (byteInQuestion & bitOffset) > 0;
+  }
+
+  public boolean contains(String entity) {
+    try {
+      for (int i=0;i<this.hashCount;i++) {
+        Mac mac = Mac.getInstance("HmacSHA1");
+        mac.init(new SecretKeySpec((i+"").getBytes(), "HmacSHA1"));
+
+        byte[] hashValue = mac.doFinal(entity.getBytes());
+        long bitIndex    = Math.abs(Conversions.byteArrayToLong(hashValue, 0)) % (this.length * 8);
+
+        if (!isBitSet(bitIndex))
+          return false;
+      }
+
+      return true;
+    } catch (NoSuchAlgorithmException e) {
+      throw new AssertionError(e);
+    } catch (InvalidKeyException e) {
+      throw new AssertionError(e);
+    }
+  }
+
+}

library/src/org/whispersystems/textsecure/directory/Directory.java

@@ -0,0 +1,255 @@
+package org.whispersystems.textsecure.directory;
+
+import android.content.ContentValues;
+import android.content.Context;
+import android.database.Cursor;
+import android.database.sqlite.SQLiteDatabase;
+import android.database.sqlite.SQLiteOpenHelper;
+import android.net.Uri;
+import android.provider.ContactsContract.CommonDataKinds.Phone;
+import android.util.Log;
+
+import org.whispersystems.textsecure.push.ContactTokenDetails;
+import org.whispersystems.textsecure.util.InvalidNumberException;
+import org.whispersystems.textsecure.util.PhoneNumberFormatter;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+public class Directory {
+
+  private static final int INTRODUCED_CHANGE_FROM_TOKEN_TO_E164_NUMBER = 2;
+
+  private static final String DATABASE_NAME    = "whisper_directory.db";
+  private static final int    DATABASE_VERSION = 2;
+
+  private static final String TABLE_NAME   = "directory";
+  private static final String ID           = "_id";
+  private static final String NUMBER       = "number";
+  private static final String REGISTERED   = "registered";
+  private static final String RELAY        = "relay";
+  private static final String SUPPORTS_SMS = "supports_sms";
+  private static final String TIMESTAMP    = "timestamp";
+  private static final String CREATE_TABLE = "CREATE TABLE " + TABLE_NAME + "(" + ID + " INTEGER PRIMARY KEY, " +
+                              NUMBER       + " TEXT UNIQUE, " +
+                              REGISTERED   + " INTEGER, " +
+                              RELAY        + " TEXT, " +
+                              SUPPORTS_SMS + " INTEGER, " +
+                              TIMESTAMP    + " INTEGER);";
+
+  private static final Object instanceLock = new Object();
+  private static volatile Directory instance;
+
+  public static Directory getInstance(Context context) {
+    if (instance == null) {
+      synchronized (instanceLock) {
+        if (instance == null) {
+          instance = new Directory(context);
+        }
+      }
+    }
+
+    return instance;
+  }
+
+  private final DatabaseHelper databaseHelper;
+  private final Context        context;
+
+  private Directory(Context context) {
+    this.context = context;
+    this.databaseHelper = new DatabaseHelper(context, DATABASE_NAME, null, DATABASE_VERSION);
+  }
+
+  public boolean isSmsFallbackSupported(String e164number) {
+    SQLiteDatabase db = databaseHelper.getReadableDatabase();
+    Cursor cursor = null;
+
+    try {
+      cursor = db.query(TABLE_NAME, new String[] {SUPPORTS_SMS}, NUMBER + " = ?",
+                        new String[]{e164number}, null, null, null);
+
+      if (cursor != null && cursor.moveToFirst()) {
+        return cursor.getInt(0) == 1;
+      } else {
+        return false;
+      }
+    } finally {
+      if (cursor != null)
+        cursor.close();
+    }
+  }
+
+  public boolean isActiveNumber(String e164number) throws NotInDirectoryException {
+    if (e164number == null || e164number.length() == 0) {
+      return false;
+    }
+
+    SQLiteDatabase db = databaseHelper.getReadableDatabase();
+    Cursor cursor = null;
+
+    try {
+      cursor = db.query(TABLE_NAME,
+          new String[]{REGISTERED}, NUMBER + " = ?",
+          new String[] {e164number}, null, null, null);
+
+      if (cursor != null && cursor.moveToFirst()) {
+        return cursor.getInt(0) == 1;
+      } else {
+        throw new NotInDirectoryException();
+      }
+
+    } finally {
+      if (cursor != null)
+        cursor.close();
+    }
+  }
+
+  public String getRelay(String e164number) {
+    SQLiteDatabase database = databaseHelper.getReadableDatabase();
+    Cursor         cursor   = null;
+
+    try {
+      cursor = database.query(TABLE_NAME, null, NUMBER + " = ?", new String[]{e164number}, null, null, null);
+
+      if (cursor != null && cursor.moveToFirst()) {
+        return cursor.getString(cursor.getColumnIndexOrThrow(RELAY));
+      }
+
+      return null;
+    } finally {
+      if (cursor != null)
+        cursor.close();
+    }
+  }
+
+  public void setNumber(ContactTokenDetails token, boolean active) {
+    SQLiteDatabase db     = databaseHelper.getWritableDatabase();
+    ContentValues  values = new ContentValues();
+    values.put(NUMBER, token.getNumber());
+    values.put(RELAY, token.getRelay());
+    values.put(REGISTERED, active ? 1 : 0);
+    values.put(SUPPORTS_SMS, token.isSupportsSms() ? 1 : 0);
+    values.put(TIMESTAMP, System.currentTimeMillis());
+    db.replace(TABLE_NAME, null, values);
+  }
+
+  public void setNumbers(List<ContactTokenDetails> activeTokens, Collection<String> inactiveTokens) {
+    long timestamp    = System.currentTimeMillis();
+    SQLiteDatabase db = databaseHelper.getWritableDatabase();
+    db.beginTransaction();
+
+    try {
+      for (ContactTokenDetails token : activeTokens) {
+        Log.w("Directory", "Adding active token: " + token);
+        ContentValues values = new ContentValues();
+        values.put(NUMBER, token.getNumber());
+        values.put(REGISTERED, 1);
+        values.put(TIMESTAMP, timestamp);
+        values.put(RELAY, token.getRelay());
+        values.put(SUPPORTS_SMS, token.isSupportsSms() ? 1 : 0);
+        db.replace(TABLE_NAME, null, values);
+      }
+
+      for (String token : inactiveTokens) {
+        ContentValues values = new ContentValues();
+        values.put(NUMBER, token);
+        values.put(REGISTERED, 0);
+        values.put(TIMESTAMP, timestamp);
+        db.replace(TABLE_NAME, null, values);
+      }
+
+      db.setTransactionSuccessful();
+    } finally {
+      db.endTransaction();
+    }
+  }
+
+  public Set<String> getPushEligibleContactNumbers(String localNumber) {
+    final Uri         uri     = Phone.CONTENT_URI;
+    final Set<String> results = new HashSet<String>();
+          Cursor      cursor  = null;
+
+    try {
+      cursor = context.getContentResolver().query(uri, new String[] {Phone.NUMBER}, null, null, null);
+
+      while (cursor != null && cursor.moveToNext()) {
+        final String rawNumber = cursor.getString(0);
+        if (rawNumber != null) {
+          try {
+            final String e164Number = PhoneNumberFormatter.formatNumber(rawNumber, localNumber);
+            results.add(e164Number);
+          } catch (InvalidNumberException e) {
+            Log.w("Directory", "Invalid number: " + rawNumber);
+          }
+        }
+      }
+
+      if (cursor != null)
+        cursor.close();
+
+      final SQLiteDatabase readableDb = databaseHelper.getReadableDatabase();
+      if (readableDb != null) {
+        cursor = readableDb.query(TABLE_NAME, new String[]{NUMBER},
+            null, null, null, null, null);
+
+        while (cursor != null && cursor.moveToNext()) {
+          results.add(cursor.getString(0));
+        }
+      }
+
+      return results;
+    } finally {
+      if (cursor != null)
+        cursor.close();
+    }
+  }
+
+  public List<String> getActiveNumbers() {
+    final List<String> results = new ArrayList<String>();
+    Cursor cursor = null;
+    try {
+      cursor = databaseHelper.getReadableDatabase().query(TABLE_NAME, new String[]{NUMBER},
+          REGISTERED + " = 1", null, null, null, null);
+
+      while (cursor != null && cursor.moveToNext()) {
+        results.add(cursor.getString(0));
+      }
+      return results;
+    } finally {
+      if (cursor != null)
+        cursor.close();
+    }
+  }
+
+  private class DatabaseHelper extends SQLiteOpenHelper {
+
+    public DatabaseHelper(Context context, String name,
+                          SQLiteDatabase.CursorFactory factory,
+                          int version)
+    {
+      super(context, name, factory, version);
+    }
+
+    @Override
+    public void onCreate(SQLiteDatabase db) {
+      db.execSQL(CREATE_TABLE);
+    }
+
+    @Override
+    public void onUpgrade(SQLiteDatabase db, int oldVersion, int newVersion) {
+      if (oldVersion < INTRODUCED_CHANGE_FROM_TOKEN_TO_E164_NUMBER) {
+        db.execSQL("DROP TABLE directory;");
+        db.execSQL("CREATE TABLE directory ( _id INTEGER PRIMARY KEY, " +
+                   "number TEXT UNIQUE, " +
+                   "registered INTEGER, " +
+                   "relay TEXT, " +
+                   "supports_sms INTEGER, " +
+                   "timestamp INTEGER);");
+      }
+    }
+  }
+
+}

library/src/org/whispersystems/textsecure/directory/DirectoryDescriptor.java

@@ -0,0 +1,26 @@
+package org.whispersystems.textsecure.directory;
+
+public class DirectoryDescriptor {
+  private String version;
+  private long capacity;
+  private int hashCount;
+
+  public String getUrl() {
+    return url;
+  }
+
+  public int getHashCount() {
+    return hashCount;
+  }
+
+  public long getCapacity() {
+    return capacity;
+  }
+
+  public String getVersion() {
+    return version;
+  }
+
+  private String url;
+
+}

library/src/org/whispersystems/textsecure/directory/NotInDirectoryException.java

@@ -0,0 +1,4 @@
+package org.whispersystems.textsecure.directory;
+
+public class NotInDirectoryException extends Throwable {
+}

library/src/org/whispersystems/textsecure/directory/NumberFilter.java

@@ -0,0 +1,225 @@
+/*
+ * Copyright (C) 2011 Whisper Systems
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package org.whispersystems.textsecure.directory;
+
+import android.content.Context;
+import android.util.Log;
+
+import com.google.thoughtcrimegson.Gson;
+import com.google.thoughtcrimegson.JsonParseException;
+import com.google.thoughtcrimegson.annotations.SerializedName;
+
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.OutputStream;
+import java.util.List;
+import java.util.zip.GZIPInputStream;
+
+/**
+ * Handles providing lookups, serializing, and deserializing the RedPhone directory.
+ *
+ * @author Moxie Marlinspike
+ *
+ */
+
+public class NumberFilter {
+
+  private static NumberFilter instance;
+
+  public synchronized static NumberFilter getInstance(Context context) {
+    if (instance == null)
+      instance = NumberFilter.deserializeFromFile(context);
+
+    return instance;
+  }
+
+  private static final String DIRECTORY_META_FILE = "directory.stat";
+
+  private File bloomFilter;
+  private String version;
+  private long capacity;
+  private int hashCount;
+  private Context context;
+
+  private NumberFilter(Context context, File bloomFilter, long capacity,
+                       int hashCount, String version)
+  {
+    this.context     = context.getApplicationContext();
+    this.bloomFilter = bloomFilter;
+    this.capacity    = capacity;
+    this.hashCount   = hashCount;
+    this.version     = version;
+  }
+
+  public synchronized boolean containsNumber(String number) {
+    try {
+      if      (bloomFilter == null)                    return false;
+      else if (number == null || number.length() == 0) return false;
+
+      return new BloomFilter(bloomFilter, hashCount).contains(number);
+    } catch (IOException ioe) {
+      Log.w("NumberFilter", ioe);
+      return false;
+    }
+  }
+
+  public synchronized boolean containsNumbers(List<String> numbers) {
+    try {
+      if  (bloomFilter == null)                    return false;
+      if  (numbers == null || numbers.size() == 0) return false;
+
+      BloomFilter filter = new BloomFilter(bloomFilter, hashCount);
+
+      for (String number : numbers) {
+        if (!filter.contains(number)) {
+          return false;
+        }
+      }
+
+      return true;
+    } catch (IOException ioe) {
+      Log.w("NumberFilter", ioe);
+      return false;
+    }
+  }
+
+  public synchronized void update(DirectoryDescriptor descriptor, File compressedData) {
+    try {
+      File             uncompressed = File.createTempFile("directory", ".dat", context.getFilesDir());
+      FileInputStream  fin          = new FileInputStream (compressedData);
+      GZIPInputStream  gin          = new GZIPInputStream(fin);
+      FileOutputStream out          = new FileOutputStream(uncompressed);
+
+      byte[] buffer = new byte[4096];
+      int read;
+
+      while ((read = gin.read(buffer)) != -1) {
+        out.write(buffer, 0, read);
+      }
+
+      out.close();
+      compressedData.delete();
+
+      update(uncompressed, descriptor.getCapacity(), descriptor.getHashCount(), descriptor.getVersion());
+    } catch (IOException ioe) {
+      Log.w("NumberFilter", ioe);
+    }
+  }
+
+  private synchronized void update(File bloomFilter, long capacity, int hashCount, String version)
+  {
+    if (this.bloomFilter != null)
+      this.bloomFilter.delete();
+
+    this.bloomFilter = bloomFilter;
+    this.capacity    = capacity;
+    this.hashCount   = hashCount;
+    this.version     = version;
+
+    serializeToFile(context);
+  }
+
+  private void serializeToFile(Context context) {
+    if (this.bloomFilter == null)
+      return;
+
+    try {
+      FileOutputStream fout       = context.openFileOutput(DIRECTORY_META_FILE, 0);
+      NumberFilterStorage storage = new NumberFilterStorage(bloomFilter.getAbsolutePath(),
+                                                            capacity, hashCount, version);
+
+      storage.serializeToStream(fout);
+      fout.close();
+    } catch (IOException ioe) {
+      Log.w("NumberFilter", ioe);
+    }
+  }
+
+  private static NumberFilter deserializeFromFile(Context context) {
+    try {
+      FileInputStream fis         = context.openFileInput(DIRECTORY_META_FILE);
+      NumberFilterStorage storage = NumberFilterStorage.fromStream(fis);
+
+      if (storage == null) return new NumberFilter(context, null, 0, 0, "0");
+      else                 return new NumberFilter(context,
+                                                   new File(storage.getDataPath()),
+                                                   storage.getCapacity(),
+                                                   storage.getHashCount(),
+                                                   storage.getVersion());
+    } catch (IOException ioe) {
+      Log.w("NumberFilter", ioe);
+      return new NumberFilter(context, null, 0, 0, "0");
+    }
+  }
+
+  private static class NumberFilterStorage {
+    @SerializedName("data_path")
+    private String dataPath;
+
+    @SerializedName("capacity")
+    private long capacity;
+
+    @SerializedName("hash_count")
+    private int hashCount;
+
+    @SerializedName("version")
+    private String version;
+
+    public NumberFilterStorage(String dataPath, long capacity, int hashCount, String version) {
+      this.dataPath   = dataPath;
+      this.capacity   = capacity;
+      this.hashCount  = hashCount;
+      this.version    = version;
+    }
+
+    public String getDataPath() {
+      return dataPath;
+    }
+
+    public long getCapacity() {
+      return capacity;
+    }
+
+    public int getHashCount() {
+      return hashCount;
+    }
+
+    public String getVersion() {
+      return version;
+    }
+
+    public void serializeToStream(OutputStream out) throws IOException {
+      out.write(new Gson().toJson(this).getBytes());
+    }
+
+    public static NumberFilterStorage fromStream(InputStream in) throws IOException {
+      try {
+        return new Gson().fromJson(new BufferedReader(new InputStreamReader(in)),
+                                   NumberFilterStorage.class);
+      } catch (JsonParseException jpe) {
+        Log.w("NumberFilter", jpe);
+        throw new IOException("JSON Parse Exception");
+      }
+    }
+  }
+}

library/src/org/whispersystems/textsecure/push/AccountAttributes.java

@@ -0,0 +1,28 @@
+package org.whispersystems.textsecure.push;
+
+public class AccountAttributes {
+
+  private String  signalingKey;
+  private boolean supportsSms;
+  private int     registrationId;
+
+  public AccountAttributes(String signalingKey, boolean supportsSms, int registrationId) {
+    this.signalingKey   = signalingKey;
+    this.supportsSms    = supportsSms;
+    this.registrationId = registrationId;
+  }
+
+  public AccountAttributes() {}
+
+  public String getSignalingKey() {
+    return signalingKey;
+  }
+
+  public boolean isSupportsSms() {
+    return supportsSms;
+  }
+
+  public int getRegistrationId() {
+    return registrationId;
+  }
+}

library/src/org/whispersystems/textsecure/push/AuthorizationFailedException.java

@@ -0,0 +1,9 @@
+package org.whispersystems.textsecure.push;
+
+import java.io.IOException;
+
+public class AuthorizationFailedException extends IOException {
+  public AuthorizationFailedException(String s) {
+    super(s);
+  }
+}

library/src/org/whispersystems/textsecure/push/ContactTokenDetails.java

@@ -0,0 +1,33 @@
+package org.whispersystems.textsecure.push;
+
+import com.google.thoughtcrimegson.Gson;
+
+public class ContactTokenDetails {
+
+  private String  token;
+  private String  relay;
+  private String  number;
+  private boolean supportsSms;
+
+  public ContactTokenDetails() {}
+
+  public String getToken() {
+    return token;
+  }
+
+  public String getRelay() {
+    return relay;
+  }
+
+  public boolean isSupportsSms() {
+    return supportsSms;
+  }
+
+  public void setNumber(String number) {
+    this.number = number;
+  }
+
+  public String getNumber() {
+    return number;
+  }
+}

library/src/org/whispersystems/textsecure/push/ContactTokenDetailsList.java

@@ -0,0 +1,14 @@
+package org.whispersystems.textsecure.push;
+
+import java.util.List;
+
+public class ContactTokenDetailsList {
+
+  private List<ContactTokenDetails> contacts;
+
+  public ContactTokenDetailsList() {}
+
+  public List<ContactTokenDetails> getContacts() {
+    return contacts;
+  }
+}

library/src/org/whispersystems/textsecure/push/ContactTokenList.java

@@ -0,0 +1,18 @@
+package org.whispersystems.textsecure.push;
+
+import java.util.List;
+
+public class ContactTokenList {
+
+  private List<String> contacts;
+
+  public ContactTokenList(List<String> contacts) {
+    this.contacts = contacts;
+  }
+
+  public ContactTokenList() {}
+
+  public List<String> getContacts() {
+    return contacts;
+  }
+}

library/src/org/whispersystems/textsecure/push/ExpectationFailedException.java

@@ -0,0 +1,6 @@
+package org.whispersystems.textsecure.push;
+
+import java.io.IOException;
+
+public class ExpectationFailedException extends IOException {
+}

library/src/org/whispersystems/textsecure/push/IncomingEncryptedPushMessage.java

@@ -0,0 +1,136 @@
+package org.whispersystems.textsecure.push;
+
+import android.util.Log;
+
+import org.whispersystems.textsecure.crypto.InvalidVersionException;
+import org.whispersystems.textsecure.util.Base64;
+import org.whispersystems.textsecure.push.PushMessageProtos.IncomingPushMessageSignal;
+import org.whispersystems.textsecure.util.Hex;
+
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.Mac;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
+import java.io.IOException;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.util.Arrays;
+
+public class IncomingEncryptedPushMessage {
+
+  private static final int SUPPORTED_VERSION =  1;
+  private static final int CIPHER_KEY_SIZE   = 32;
+  private static final int MAC_KEY_SIZE      = 20;
+  private static final int MAC_SIZE          = 10;
+
+  private static final int VERSION_OFFSET    =  0;
+  private static final int VERSION_LENGTH    =  1;
+  private static final int IV_OFFSET         = VERSION_OFFSET + VERSION_LENGTH;
+  private static final int IV_LENGTH         = 16;
+  private static final int CIPHERTEXT_OFFSET = IV_OFFSET + IV_LENGTH;
+
+  private final IncomingPushMessage incomingPushMessage;
+
+  public IncomingEncryptedPushMessage(String message, String signalingKey)
+      throws IOException, InvalidVersionException
+  {
+    byte[] ciphertext = Base64.decode(message);
+
+    if (ciphertext.length < VERSION_LENGTH || ciphertext[VERSION_OFFSET] != SUPPORTED_VERSION)
+      throw new InvalidVersionException("Unsupported version!");
+
+    SecretKeySpec cipherKey  = getCipherKey(signalingKey);
+    SecretKeySpec macKey     = getMacKey(signalingKey);
+
+    verifyMac(ciphertext, macKey);
+
+    byte[]                    plaintext = getPlaintext(ciphertext, cipherKey);
+    IncomingPushMessageSignal signal    = IncomingPushMessageSignal.parseFrom(plaintext);
+
+    this.incomingPushMessage = new IncomingPushMessage(signal);
+  }
+
+  public IncomingPushMessage getIncomingPushMessage() {
+    return incomingPushMessage;
+  }
+
+  private byte[] getPlaintext(byte[] ciphertext, SecretKeySpec cipherKey) throws IOException {
+    try {
+      byte[] ivBytes = new byte[IV_LENGTH];
+      System.arraycopy(ciphertext, IV_OFFSET, ivBytes, 0, ivBytes.length);
+      IvParameterSpec iv = new IvParameterSpec(ivBytes);
+
+      Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
+      cipher.init(Cipher.DECRYPT_MODE, cipherKey, iv);
+
+      return cipher.doFinal(ciphertext, CIPHERTEXT_OFFSET,
+                            ciphertext.length - VERSION_LENGTH - IV_LENGTH - MAC_SIZE);
+    } catch (NoSuchAlgorithmException e) {
+      throw new AssertionError(e);
+    } catch (NoSuchPaddingException e) {
+      throw new AssertionError(e);
+    } catch (InvalidKeyException e) {
+      throw new AssertionError(e);
+    } catch (InvalidAlgorithmParameterException e) {
+      throw new AssertionError(e);
+    } catch (IllegalBlockSizeException e) {
+      throw new AssertionError(e);
+    } catch (BadPaddingException e) {
+      Log.w("IncomingEncryptedPushMessage", e);
+      throw new IOException("Bad padding?");
+    }
+  }
+
+  private void verifyMac(byte[] ciphertext, SecretKeySpec macKey) throws IOException {
+    try {
+      Mac mac = Mac.getInstance("HmacSHA256");
+      mac.init(macKey);
+
+      if (ciphertext.length < MAC_SIZE + 1)
+        throw new IOException("Invalid MAC!");
+
+      mac.update(ciphertext, 0, ciphertext.length - MAC_SIZE);
+
+      byte[] ourMacFull  = mac.doFinal();
+      byte[] ourMacBytes = new byte[MAC_SIZE];
+      System.arraycopy(ourMacFull, 0, ourMacBytes, 0, ourMacBytes.length);
+
+      byte[] theirMacBytes = new byte[MAC_SIZE];
+      System.arraycopy(ciphertext, ciphertext.length-MAC_SIZE, theirMacBytes, 0, theirMacBytes.length);
+
+      Log.w("IncomingEncryptedPushMessage", "Our MAC: " + Hex.toString(ourMacBytes));
+      Log.w("IncomingEncryptedPushMessage", "Thr MAC: " + Hex.toString(theirMacBytes));
+
+      if (!Arrays.equals(ourMacBytes, theirMacBytes)) {
+        throw new IOException("Invalid MAC compare!");
+      }
+    } catch (NoSuchAlgorithmException e) {
+      throw new AssertionError(e);
+    } catch (InvalidKeyException e) {
+      throw new AssertionError(e);
+    }
+  }
+
+
+  private SecretKeySpec getCipherKey(String signalingKey) throws IOException {
+    byte[] signalingKeyBytes = Base64.decode(signalingKey);
+    byte[] cipherKey         = new byte[CIPHER_KEY_SIZE];
+    System.arraycopy(signalingKeyBytes, 0, cipherKey, 0, cipherKey.length);
+
+    return new SecretKeySpec(cipherKey, "AES");
+  }
+
+
+  private SecretKeySpec getMacKey(String signalingKey) throws IOException {
+    byte[] signalingKeyBytes = Base64.decode(signalingKey);
+    byte[] macKey            = new byte[MAC_KEY_SIZE];
+    System.arraycopy(signalingKeyBytes, CIPHER_KEY_SIZE, macKey, 0, macKey.length);
+
+    return new SecretKeySpec(macKey, "HmacSHA256");
+  }
+
+}

library/src/org/whispersystems/textsecure/push/IncomingPushMessage.java

@@ -0,0 +1,141 @@
+/**
+ * Copyright (C) 2013 Open Whisper Systems
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package org.whispersystems.textsecure.push;
+
+import android.os.Parcel;
+import android.os.Parcelable;
+
+import org.whispersystems.textsecure.push.PushMessageProtos.IncomingPushMessageSignal;
+
+public class IncomingPushMessage implements Parcelable {
+
+  public static final Parcelable.Creator<IncomingPushMessage> CREATOR = new Parcelable.Creator<IncomingPushMessage>() {
+    @Override
+    public IncomingPushMessage createFromParcel(Parcel in) {
+      return new IncomingPushMessage(in);
+    }
+
+    @Override
+    public IncomingPushMessage[] newArray(int size) {
+      return new IncomingPushMessage[size];
+    }
+  };
+
+  private int          type;
+  private String       source;
+  private int          sourceDevice;
+  private byte[]       message;
+  private long         timestamp;
+  private String       relay;
+
+  private IncomingPushMessage(IncomingPushMessage message, byte[] body) {
+    this.type         = message.type;
+    this.source       = message.source;
+    this.sourceDevice = message.sourceDevice;
+    this.timestamp    = message.timestamp;
+    this.relay        = message.relay;
+    this.message      = body;
+  }
+
+  public IncomingPushMessage(IncomingPushMessageSignal signal) {
+    this.type         = signal.getType().getNumber();
+    this.source       = signal.getSource();
+    this.sourceDevice = signal.getSourceDevice();
+    this.message      = signal.getMessage().toByteArray();
+    this.timestamp    = signal.getTimestamp();
+    this.relay        = signal.getRelay();
+  }
+
+  public IncomingPushMessage(Parcel in) {
+    this.type         = in.readInt();
+    this.source       = in.readString();
+    this.sourceDevice = in.readInt();
+
+    if (in.readInt() == 1) {
+      this.relay  = in.readString();
+    }
+
+    this.message = new byte[in.readInt()];
+    in.readByteArray(this.message);
+    this.timestamp = in.readLong();
+  }
+
+  public IncomingPushMessage(int type, String source, int sourceDevice,
+                             byte[] body, long timestamp)
+  {
+    this.type         = type;
+    this.source       = source;
+    this.sourceDevice = sourceDevice;
+    this.message      = body;
+    this.timestamp    = timestamp;
+  }
+
+  public String getRelay() {
+    return relay;
+  }
+
+  public long getTimestampMillis() {
+    return timestamp;
+  }
+
+  public String getSource() {
+    return source;
+  }
+
+  public int getSourceDevice() {
+    return sourceDevice;
+  }
+
+  public byte[] getBody() {
+    return message;
+  }
+
+  @Override
+  public int describeContents() {
+    return 0;
+  }
+
+  @Override
+  public void writeToParcel(Parcel dest, int flags) {
+    dest.writeInt(type);
+    dest.writeString(source);
+    dest.writeInt(sourceDevice);
+    dest.writeInt(relay == null ? 0 : 1);
+    if (relay != null) {
+      dest.writeString(relay);
+    }
+    dest.writeInt(message.length);
+    dest.writeByteArray(message);
+    dest.writeLong(timestamp);
+  }
+
+  public IncomingPushMessage withBody(byte[] body) {
+    return new IncomingPushMessage(this, body);
+  }
+
+  public int getType() {
+    return type;
+  }
+
+  public boolean isSecureMessage() {
+    return getType() == IncomingPushMessageSignal.Type.CIPHERTEXT_VALUE;
+  }
+
+  public boolean isPreKeyBundle() {
+    return getType() == IncomingPushMessageSignal.Type.PREKEY_BUNDLE_VALUE;
+  }
+}