Bump version to 2.6.3

// FREEBIE

.gitattributes

@@ -0,0 +1 @@
+*.ai binary

.tx/config

@@ -1,6 +1,6 @@
 [main]
 host = https://www.transifex.com
-lang_map = fr_CA:fr-rCA,pt_BR:pt-rBR,pt_PT:pt,zh_CN:zh-rCN,zh_HK:zh-rHK,zh_TW:zh-rTW,da_DK:da-rDK,de_DE:de,tr_TR:tr,fr_FR:fr,es_ES:es,hu_HU:hu,sv_SE:sv-rSE,bg_BG:bg,el_GR:el,kn_IN:kn-rIN,cs_CZ:cs
+lang_map = fr_CA:fr-rCA,pt_BR:pt-rBR,pt_PT:pt,zh_CN:zh-rCN,zh_HK:zh-rHK,zh_TW:zh-rTW,da_DK:da-rDK,de_DE:de,tr_TR:tr,fr_FR:fr,es_ES:es,hu_HU:hu,sv_SE:sv-rSE,bg_BG:bg,el_GR:el,kn_IN:kn-rIN,cs_CZ:cs,sr:sr,he:iw,id:in
 
 
 [textsecure-official.master]

AndroidManifest.xml

@@ -2,8 +2,8 @@
 <manifest xmlns:android="http://schemas.android.com/apk/res/android"
           xmlns:tools="http://schemas.android.com/tools"
           package="org.thoughtcrime.securesms"
-      android:versionCode="83"
-      android:versionName="2.2.0">
+      android:versionCode="98"
+      android:versionName="2.6.3">
 
     <permission android:name="org.thoughtcrime.securesms.ACCESS_SECRETS"
                 android:label="Access to TextSecure Secrets"
@@ -90,7 +90,18 @@
               android:windowSoftInputMode="stateUnchanged"              
               android:configChanges="touchscreen|keyboard|keyboardHidden|orientation|screenLayout|screenSize"/>
 
-    <activity android:name=".MmsPreferencesActivity"
+    <activity android:name=".DeviceProvisioningActivity"
+              android:theme="@style/TextSecure.DialogActivity"
+              android:configChanges="touchscreen|keyboard|keyboardHidden|orientation|screenLayout|screenSize">
+        <intent-filter>
+            <action android:name="android.intent.action.VIEW" />
+            <category android:name="android.intent.category.DEFAULT" />
+            <category android:name="android.intent.category.BROWSABLE" />
+            <data android:scheme="tsdevice"/>
+        </intent-filter>
+    </activity>
+
+    <activity android:name=".preferences.MmsPreferencesActivity"
                android:configChanges="touchscreen|keyboard|keyboardHidden|orientation|screenLayout|screenSize"/>
 
     <activity android:name=".ShareActivity"
@@ -107,19 +118,26 @@
 
     <activity android:name=".ConversationActivity"
               android:windowSoftInputMode="stateUnchanged"
+              android:launchMode="singleTask"
+              android:configChanges="touchscreen|keyboard|keyboardHidden|orientation|screenLayout|screenSize"/>
+
+    <activity android:name=".MessageDetailsActivity"
+              android:label="Message Details"
+              android:windowSoftInputMode="stateUnchanged"
+              android:launchMode="singleTask"
               android:configChanges="touchscreen|keyboard|keyboardHidden|orientation|screenLayout|screenSize"/>
 
     <activity android:name=".GroupCreateActivity"
-              android:windowSoftInputMode="stateVisible"
-              android:configChanges="touchscreen|keyboard|keyboardHidden|orientation|screenLayout|screenSize"/>
+          android:windowSoftInputMode="stateVisible"
+          android:configChanges="touchscreen|keyboard|keyboardHidden|orientation|screenLayout|screenSize"/>
 
     <activity android:name=".DatabaseMigrationActivity"
-              android:theme="@style/NoAnimation.Theme.Sherlock.Light.DarkActionBar"
+              android:theme="@style/NoAnimation.Theme.AppCompat.Light.DarkActionBar"
               android:launchMode="singleTask"
               android:configChanges="touchscreen|keyboard|keyboardHidden|orientation|screenLayout|screenSize"/>
 
     <activity android:name=".DatabaseUpgradeActivity"
-              android:theme="@style/NoAnimation.Theme.Sherlock.Light.DarkActionBar"
+              android:theme="@style/NoAnimation.Theme.AppCompat.Light.DarkActionBar"
               android:launchMode="singleTask"
               android:configChanges="touchscreen|keyboard|keyboardHidden|orientation|screenLayout|screenSize"/>
 
@@ -137,14 +155,9 @@
               android:windowSoftInputMode="stateAlwaysVisible"
               android:configChanges="touchscreen|keyboard|keyboardHidden|orientation|screenLayout|screenSize"/>
 
-    <activity android:name=".ContactSelectionActivity"
-              android:label="@string/AndroidManifest__select_contacts"
-              android:windowSoftInputMode="stateHidden"
-              android:configChanges="touchscreen|keyboard|keyboardHidden|orientation|screenLayout|screenSize"/>
-
     <activity android:name=".NewConversationActivity"
               android:label="@string/AndroidManifest__select_contacts"
-              android:windowSoftInputMode="stateHidden"
+              android:windowSoftInputMode="stateVisible"
               android:configChanges="touchscreen|keyboard|keyboardHidden|orientation|screenLayout|screenSize"/>
 
     <activity android:name=".PushContactSelectionActivity"
@@ -192,6 +205,16 @@
               android:windowSoftInputMode="stateHidden"
               android:configChanges="touchscreen|keyboard|keyboardHidden|orientation|screenLayout|screenSize"/>
 
+    <activity android:name=".MediaPreviewActivity"
+              android:label="@string/AndroidManifest__media_preview"
+              android:windowSoftInputMode="stateHidden"
+              android:launchMode="singleTask"
+              android:configChanges="touchscreen|keyboard|keyboardHidden|orientation|screenLayout|screenSize"/>
+
+    <activity android:name=".MediaOverviewActivity"
+              android:windowSoftInputMode="stateHidden"
+              android:configChanges="touchscreen|keyboard|keyboardHidden|orientation|screenLayout|screenSize"/>
+
     <activity android:name=".DummyActivity"
               android:theme="@android:style/Theme.NoDisplay"
               android:enabled="true"
@@ -203,13 +226,16 @@
               android:clearTaskOnLaunch="true"
               android:finishOnTaskLaunch="true" />
 
-    <service android:enabled="true" android:name=".service.GcmRegistrationService"/>
+    <activity android:name=".PlayServicesProblemActivity"
+              android:theme="@android:style/Theme.Translucent.NoTitleBar"
+              android:configChanges="touchscreen|keyboard|keyboardHidden|orientation|screenLayout|screenSize"/>
+
+    <activity android:name="com.soundcloud.android.crop.CropImageActivity" />
+
     <service android:enabled="true" android:name=".service.ApplicationMigrationService"/>
     <service android:enabled="true" android:name=".service.KeyCachingService"/>
-    <service android:enabled="true" android:name=".service.SendReceiveService"/>
     <service android:enabled="true" android:name=".service.RegistrationService"/>
-    <service android:enabled="true" android:name=".service.DirectoryRefreshService"/>
-    <service android:enabled="true" android:name=".service.PreKeyService"/>
+    <service android:enabled="true" android:name=".service.MessageRetrievalService"/>
 
     <service android:name=".service.QuickResponseService"
              android:permission="android.permission.SEND_RESPOND_VIA_MESSAGE"
@@ -299,6 +325,16 @@
         </intent-filter>
     </receiver>
 
-       <uses-library android:name="android.test.runner" />
+    <receiver android:name=".notifications.MessageNotifier$ReminderReceiver">
+        <intent-filter>
+            <action android:name="org.thoughtcrime.securesms.MessageNotifier.REMINDER_ACTION"/>
+        </intent-filter>
+    </receiver>
+
+    <receiver android:name=".notifications.MessageNotifier$DeleteReceiver">
+        <intent-filter>
+            <action android:name="org.thoughtcrime.securesms.MessageNotifier.DELETE_REMINDER_ACTION"/>
+        </intent-filter>
+    </receiver>
 </application>
 </manifest>

BUILDING.md

@@ -17,7 +17,11 @@ The following steps should help you (re)build TextSecure from the command line.
         git clone https://github.com/WhisperSystems/TextSecure.git
 
 2. Make sure you have the [Android SDK](https://developer.android.com/sdk/index.html) installed somewhere on your system.
-3. Ensure the "Android Support Repository" and "Android SDK Build-tools" are installed from the Android SDK manager.
+3. Ensure that the following packages are installed from the Android SDK manager:
+    * Android SDK Build Tools
+    * SDK Platform
+    * Android Support Repository
+    * Google Repository
 4. Create a local.properties file at the root of your source checkout and add an sdk.dir entry to it.
 
         sdk.dir=\<path to your sdk installation\>
@@ -26,19 +30,17 @@ The following steps should help you (re)build TextSecure from the command line.
 
         ./gradlew build
 
-Re-building native components
------------------------------
+Visual assets
+----------------------
 
-Note: This step is optional; native components are contained as binaries (see [library/libs](library/libs)).
+Source assets tend to be large binary blobs, which are best stored outside of git repositories. We host ours in a [Pixelapse repository](https://www.pixelapse.com/openwhispersystems/projects/signal-android/). Some source files are SVGs that can be auto-colored and sized using a tool like [android-res-utils](https://github.com/sebkur/android-res-utils).
 
-1. Ensure that the Android NDK is installed.
+Sample command for generating our audio placeholder image:
 
-Execute ndk-build:
-
-    cd library
-    ndk-build
-
-Afterwards, execute Gradle as above to re-create the APK.
+```bash
+pngs_from_svg.py ic_audio.svg /path/to/TextSecure/res/ 150 "#000" 0.54 _light
+pngs_from_svg.py ic_audio.svg /path/to/TextSecure/res/ 150 "#fff" 1.0 _dark
+```
 
 Setting up a development environment
 ------------------------------------

README.md

@@ -1,6 +1,6 @@
 # TextSecure [![Build Status](https://travis-ci.org/WhisperSystems/TextSecure.svg?branch=master)](https://travis-ci.org/WhisperSystems/TextSecure)
 
-TextSecure is a messaging app for easy private communicate with friends.
+TextSecure is a messaging app for simple private communication with friends.
 
 TextSecure can use either data (WiFi/3G/4G) or SMS to communicate securely, and all TextSecure
 messages can also be encrypted locally on your device.
@@ -38,7 +38,7 @@ whispersystems@lists.riseup.net
 https://lists.riseup.net/www/info/whispersystems
 
 ## Contributing Funds
-[![Donate](https://coinbase.com/assets/buttons/donation_large-6ec72b1a9eec516944e50a22aca7db35.png)](https://whispersystems.org/blog/bithub/)
+[![Donate](https://www.coinbase.com/assets/buttons/donation_large-36ee936185fdf9a88e3a28cc685fb9b7.png)](https://coinbase.com/checkouts/d29fd4c37ca442393e32fdcb95304701)
 
 You can add funds to BitHub to directly help further development efforts.
 

androidTest/java/org/thoughtcrime/securesms/RegistrationActivityTest.java

@@ -0,0 +1,24 @@
+package org.thoughtcrime.securesms;
+
+import static android.support.test.espresso.Espresso.*;
+import static android.support.test.espresso.action.ViewActions.*;
+import static android.support.test.espresso.matcher.ViewMatchers.*;
+import static android.support.test.espresso.assertion.ViewAssertions.*;
+
+import android.test.suitebuilder.annotation.LargeTest;
+
+@LargeTest
+public class RegistrationActivityTest extends RoutedInstrumentationTestCase {
+  private final static String TAG = RegistrationActivityTest.class.getSimpleName();
+
+  public RegistrationActivityTest() {
+    super();
+  }
+
+  @SuppressWarnings("unchecked")
+  public void testRegistrationButtons() throws Exception {
+    waitOn(RegistrationActivity.class);
+    onView(withId(R.id.registerButton)).check(matches(isDisplayed()));
+    onView(withId(R.id.skipButton)).check(matches(isDisplayed())).perform(click());
+  }
+}

androidTest/java/org/thoughtcrime/securesms/RoutedInstrumentationTestCase.java

@@ -0,0 +1,37 @@
+package org.thoughtcrime.securesms;
+
+import android.app.Activity;
+import android.app.Instrumentation.ActivityMonitor;
+import android.preference.PreferenceManager;
+import android.test.ActivityInstrumentationTestCase2;
+import android.util.Log;
+
+import org.thoughtcrime.securesms.crypto.MasterSecretUtil;
+
+public class RoutedInstrumentationTestCase extends ActivityInstrumentationTestCase2<RoutingActivity> {
+  private static final String TAG = RoutedInstrumentationTestCase.class.getSimpleName();
+
+  public RoutedInstrumentationTestCase() {
+    super(RoutingActivity.class);
+  }
+
+  @Override
+  public void setUp() throws Exception {
+    System.setProperty("dexmaker.dexcache", getInstrumentation().getTargetContext().getCacheDir().getPath());
+    super.setUp();
+    clearSharedPrefs();
+    getActivity();
+  }
+
+  protected void clearSharedPrefs() {
+    PreferenceManager.getDefaultSharedPreferences(getInstrumentation().getTargetContext())
+                     .edit().clear().commit();
+    getInstrumentation().getTargetContext().getSharedPreferences(MasterSecretUtil.PREFERENCES_NAME, 0)
+                                           .edit().clear().commit();
+  }
+
+  protected static void waitOn(Class<? extends Activity> clazz) {
+    Log.w(TAG, "waiting for " + clazz.getName());
+    new ActivityMonitor(clazz.getName(), null, true).waitForActivityWithTimeout(10000);
+  }
+}

androidTest/java/org/thoughtcrime/securesms/TextSecureTestCase.java

@@ -0,0 +1,16 @@
+package org.thoughtcrime.securesms;
+
+import android.content.Context;
+import android.test.InstrumentationTestCase;
+
+public class TextSecureTestCase extends InstrumentationTestCase {
+
+  @Override
+  public void setUp() throws Exception {
+    System.setProperty("dexmaker.dexcache", getInstrumentation().getTargetContext().getCacheDir().getPath());
+  }
+
+  protected Context getContext() {
+    return getInstrumentation().getContext();
+  }
+}

androidTest/java/org/thoughtcrime/securesms/database/CanonicalAddressDatabaseTest.java

@@ -1,10 +1,10 @@
 package org.thoughtcrime.securesms.database;
 
-import android.test.InstrumentationTestCase;
+import org.thoughtcrime.securesms.TextSecureTestCase;
 
-import static org.fest.assertions.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThat;
 
-public class CanonicalAddressDatabaseTest extends InstrumentationTestCase {
+public class CanonicalAddressDatabaseTest extends TextSecureTestCase {
   private static final String AMBIGUOUS_NUMBER = "222-3333";
   private static final String SPECIFIC_NUMBER  = "+49 444 222 3333";
   private static final String EMAIL            = "a@b.fom";

androidTest/java/org/thoughtcrime/securesms/database/PartDatabaseTest.java

@@ -0,0 +1,63 @@
+package org.thoughtcrime.securesms.database;
+
+import android.net.Uri;
+
+import org.thoughtcrime.securesms.TextSecureTestCase;
+import org.thoughtcrime.securesms.crypto.MasterSecret;
+
+import java.io.FileNotFoundException;
+import java.io.InputStream;
+
+import ws.com.google.android.mms.pdu.PduPart;
+
+import static org.mockito.Matchers.any;
+import static org.mockito.Matchers.anyFloat;
+import static org.mockito.Matchers.anyLong;
+import static org.mockito.Matchers.eq;
+import static org.mockito.Mockito.doNothing;
+import static org.mockito.Mockito.doReturn;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.spy;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+public class PartDatabaseTest extends TextSecureTestCase {
+  private static final long PART_ID = 1L;
+
+  private PartDatabase database;
+
+  @Override
+  public void setUp() {
+    database = spy(DatabaseFactory.getPartDatabase(getInstrumentation().getTargetContext()));
+  }
+
+  public void testTaskNotRunWhenThumbnailExists() throws Exception {
+    when(database.getPart(eq(PART_ID))).thenReturn(getPduPartSkeleton("x/x"));
+    doReturn(mock(InputStream.class)).when(database).getDataStream(any(MasterSecret.class), anyLong(), eq("thumbnail"));
+
+    database.getThumbnailStream(null, PART_ID);
+
+    verify(database, never()).updatePartThumbnail(any(MasterSecret.class), anyLong(), any(PduPart.class), any(InputStream.class), anyFloat());
+  }
+
+  public void testTaskRunWhenThumbnailMissing() throws Exception {
+    when(database.getPart(eq(PART_ID))).thenReturn(getPduPartSkeleton("image/png"));
+    doReturn(null).when(database).getDataStream(any(MasterSecret.class), anyLong(), eq("thumbnail"));
+    doNothing().when(database).updatePartThumbnail(any(MasterSecret.class), anyLong(), any(PduPart.class), any(InputStream.class), anyFloat());
+
+    try {
+      database.new ThumbnailFetchCallable(mock(MasterSecret.class), PART_ID).call();
+      throw new AssertionError("didn't try to generate thumbnail");
+    } catch (FileNotFoundException fnfe) {
+      // success
+    }
+  }
+
+  private PduPart getPduPartSkeleton(String contentType) {
+    PduPart part = new PduPart();
+    part.setContentType(contentType.getBytes());
+    part.setDataUri(Uri.EMPTY);
+    return part;
+  }
+}

androidTest/java/org/thoughtcrime/securesms/jobs/CleanPreKeysJobTest.java

@@ -0,0 +1,154 @@
+package org.thoughtcrime.securesms.jobs;
+
+import android.test.AndroidTestCase;
+
+import org.thoughtcrime.securesms.TextSecureTestCase;
+import org.thoughtcrime.securesms.crypto.MasterSecret;
+import org.thoughtcrime.securesms.dependencies.AxolotlStorageModule;
+import org.whispersystems.libaxolotl.ecc.Curve;
+import org.whispersystems.libaxolotl.state.SignedPreKeyRecord;
+import org.whispersystems.libaxolotl.state.SignedPreKeyStore;
+import org.whispersystems.textsecure.api.TextSecureAccountManager;
+import org.whispersystems.textsecure.api.push.SignedPreKeyEntity;
+import org.whispersystems.textsecure.api.push.exceptions.PushNetworkException;
+
+import java.io.IOException;
+import java.util.LinkedList;
+import java.util.List;
+
+import dagger.Module;
+import dagger.ObjectGraph;
+import dagger.Provides;
+
+import static org.mockito.Matchers.anyInt;
+import static org.mockito.Matchers.eq;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyNoMoreInteractions;
+import static org.mockito.Mockito.when;
+
+public class CleanPreKeysJobTest extends TextSecureTestCase {
+
+  public void testSignedPreKeyRotationNotRegistered() throws IOException, MasterSecretJob.RequirementNotMetException {
+    TextSecureAccountManager accountManager    = mock(TextSecureAccountManager.class);
+    SignedPreKeyStore        signedPreKeyStore = mock(SignedPreKeyStore.class);
+    MasterSecret             masterSecret      = mock(MasterSecret.class);
+    when(accountManager.getSignedPreKey()).thenReturn(null);
+
+    CleanPreKeysJob cleanPreKeysJob = new CleanPreKeysJob(getContext());
+
+    ObjectGraph objectGraph = ObjectGraph.create(new TestModule(accountManager, signedPreKeyStore));
+    objectGraph.inject(cleanPreKeysJob);
+
+    cleanPreKeysJob.onRun(masterSecret);
+
+    verify(accountManager).getSignedPreKey();
+    verifyNoMoreInteractions(signedPreKeyStore);
+  }
+
+  public void testSignedPreKeyEviction() throws Exception {
+    SignedPreKeyStore        signedPreKeyStore         = mock(SignedPreKeyStore.class);
+    TextSecureAccountManager accountManager            = mock(TextSecureAccountManager.class);
+    SignedPreKeyEntity       currentSignedPreKeyEntity = mock(SignedPreKeyEntity.class);
+    MasterSecret             masterSecret              = mock(MasterSecret.class);
+
+    when(currentSignedPreKeyEntity.getKeyId()).thenReturn(3133);
+    when(accountManager.getSignedPreKey()).thenReturn(currentSignedPreKeyEntity);
+
+    final SignedPreKeyRecord currentRecord = new SignedPreKeyRecord(3133, System.currentTimeMillis(), Curve.generateKeyPair(), new byte[64]);
+
+    List<SignedPreKeyRecord> records = new LinkedList<SignedPreKeyRecord>() {{
+      add(new SignedPreKeyRecord(2, 11, Curve.generateKeyPair(), new byte[32]));
+      add(new SignedPreKeyRecord(4, System.currentTimeMillis() - 100, Curve.generateKeyPair(), new byte[64]));
+      add(currentRecord);
+      add(new SignedPreKeyRecord(3, System.currentTimeMillis() - 90, Curve.generateKeyPair(), new byte[64]));
+      add(new SignedPreKeyRecord(1, 10, Curve.generateKeyPair(), new byte[32]));
+    }};
+
+    when(signedPreKeyStore.loadSignedPreKeys()).thenReturn(records);
+    when(signedPreKeyStore.loadSignedPreKey(eq(3133))).thenReturn(currentRecord);
+
+    CleanPreKeysJob cleanPreKeysJob = new CleanPreKeysJob(getContext());
+
+    ObjectGraph objectGraph = ObjectGraph.create(new TestModule(accountManager, signedPreKeyStore));
+    objectGraph.inject(cleanPreKeysJob);
+
+    cleanPreKeysJob.onRun(masterSecret);
+
+    verify(signedPreKeyStore).removeSignedPreKey(eq(1));
+    verify(signedPreKeyStore, times(1)).removeSignedPreKey(anyInt());
+  }
+
+  public void testSignedPreKeyNoEviction() throws Exception {
+    SignedPreKeyStore        signedPreKeyStore         = mock(SignedPreKeyStore.class);
+    TextSecureAccountManager accountManager            = mock(TextSecureAccountManager.class);
+    SignedPreKeyEntity       currentSignedPreKeyEntity = mock(SignedPreKeyEntity.class);
+
+    when(currentSignedPreKeyEntity.getKeyId()).thenReturn(3133);
+    when(accountManager.getSignedPreKey()).thenReturn(currentSignedPreKeyEntity);
+
+    final SignedPreKeyRecord currentRecord = new SignedPreKeyRecord(3133, System.currentTimeMillis(), Curve.generateKeyPair(), new byte[64]);
+
+    List<SignedPreKeyRecord> records = new LinkedList<SignedPreKeyRecord>() {{
+      add(currentRecord);
+    }};
+
+    when(signedPreKeyStore.loadSignedPreKeys()).thenReturn(records);
+    when(signedPreKeyStore.loadSignedPreKey(eq(3133))).thenReturn(currentRecord);
+
+    CleanPreKeysJob cleanPreKeysJob = new CleanPreKeysJob(getContext());
+
+    ObjectGraph objectGraph = ObjectGraph.create(new TestModule(accountManager, signedPreKeyStore));
+    objectGraph.inject(cleanPreKeysJob);
+
+    verify(signedPreKeyStore, never()).removeSignedPreKey(anyInt());
+  }
+
+  public void testConnectionError() throws Exception {
+    SignedPreKeyStore        signedPreKeyStore = mock(SignedPreKeyStore.class);
+    TextSecureAccountManager accountManager    = mock(TextSecureAccountManager.class);
+    MasterSecret             masterSecret      = mock(MasterSecret.class);
+
+    when(accountManager.getSignedPreKey()).thenThrow(new PushNetworkException("Connectivity error!"));
+
+    CleanPreKeysJob cleanPreKeysJob = new CleanPreKeysJob(getContext());
+
+    ObjectGraph objectGraph = ObjectGraph.create(new TestModule(accountManager, signedPreKeyStore));
+    objectGraph.inject(cleanPreKeysJob);
+
+    try {
+      cleanPreKeysJob.onRun(masterSecret);
+      throw new AssertionError("should have failed!");
+    } catch (IOException e) {
+      assertTrue(cleanPreKeysJob.onShouldRetry(e));
+    }
+  }
+
+  @Module(injects = {CleanPreKeysJob.class})
+  public static class TestModule {
+    private final TextSecureAccountManager accountManager;
+    private final SignedPreKeyStore        signedPreKeyStore;
+
+    private TestModule(TextSecureAccountManager accountManager, SignedPreKeyStore signedPreKeyStore) {
+      this.accountManager    = accountManager;
+      this.signedPreKeyStore = signedPreKeyStore;
+    }
+
+    @Provides TextSecureAccountManager provideTextSecureAccountManager() {
+      return accountManager;
+    }
+
+    @Provides
+    AxolotlStorageModule.SignedPreKeyStoreFactory provideSignedPreKeyStore() {
+      return new AxolotlStorageModule.SignedPreKeyStoreFactory() {
+        @Override
+        public SignedPreKeyStore create(MasterSecret masterSecret) {
+          return signedPreKeyStore;
+        }
+      };
+    }
+  }
+
+}

androidTest/java/org/thoughtcrime/securesms/jobs/DeliveryReceiptJobTest.java

@@ -0,0 +1,100 @@
+package org.thoughtcrime.securesms.jobs;
+
+import org.mockito.ArgumentCaptor;
+import org.mockito.Mockito;
+import org.thoughtcrime.securesms.TextSecureTestCase;
+import org.thoughtcrime.securesms.crypto.MasterSecret;
+import org.whispersystems.textsecure.api.TextSecureMessageSender;
+import org.whispersystems.textsecure.api.push.TextSecureAddress;
+import org.whispersystems.textsecure.api.push.exceptions.NotFoundException;
+import org.whispersystems.textsecure.api.push.exceptions.PushNetworkException;
+
+import java.io.IOException;
+
+import dagger.Module;
+import dagger.ObjectGraph;
+import dagger.Provides;
+
+import static org.mockito.Matchers.any;
+import static org.mockito.Matchers.eq;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.thoughtcrime.securesms.dependencies.TextSecureCommunicationModule.TextSecureMessageSenderFactory;
+
+public class DeliveryReceiptJobTest extends TextSecureTestCase {
+
+  public void testDelivery() throws IOException {
+    TextSecureMessageSender textSecureMessageSender = mock(TextSecureMessageSender.class);
+    long                    timestamp               = System.currentTimeMillis();
+
+    DeliveryReceiptJob deliveryReceiptJob = new DeliveryReceiptJob(getContext(),
+                                                                   "+14152222222",
+                                                                   timestamp, "foo");
+
+    ObjectGraph objectGraph = ObjectGraph.create(new TestModule(textSecureMessageSender));
+    objectGraph.inject(deliveryReceiptJob);
+
+    deliveryReceiptJob.onRun();
+
+    ArgumentCaptor<TextSecureAddress> captor = ArgumentCaptor.forClass(TextSecureAddress.class);
+    verify(textSecureMessageSender).sendDeliveryReceipt(captor.capture(), eq(timestamp));
+
+    assertTrue(captor.getValue().getRelay().equals("foo"));
+    assertTrue(captor.getValue().getNumber().equals("+14152222222"));
+  }
+
+  public void testNetworkError() throws IOException {
+    TextSecureMessageSender textSecureMessageSender = mock(TextSecureMessageSender.class);
+    long                    timestamp               = System.currentTimeMillis();
+
+    Mockito.doThrow(new PushNetworkException("network error"))
+           .when(textSecureMessageSender)
+           .sendDeliveryReceipt(any(TextSecureAddress.class), eq(timestamp));
+
+
+    DeliveryReceiptJob deliveryReceiptJob = new DeliveryReceiptJob(getContext(),
+                                                                   "+14152222222",
+                                                                   timestamp, "foo");
+
+    ObjectGraph objectGraph = ObjectGraph.create(new TestModule(textSecureMessageSender));
+    objectGraph.inject(deliveryReceiptJob);
+
+    try {
+      deliveryReceiptJob.onRun();
+      throw new AssertionError();
+    } catch (IOException e) {
+      assertTrue(deliveryReceiptJob.onShouldRetry(e));
+    }
+
+    Mockito.doThrow(new NotFoundException("not found"))
+           .when(textSecureMessageSender)
+           .sendDeliveryReceipt(any(TextSecureAddress.class), eq(timestamp));
+
+    try {
+      deliveryReceiptJob.onRun();
+      throw new AssertionError();
+    } catch (IOException e) {
+      assertFalse(deliveryReceiptJob.onShouldRetry(e));
+    }
+  }
+
+  @Module(injects = DeliveryReceiptJob.class)
+  public static class TestModule {
+
+    private final TextSecureMessageSender textSecureMessageSender;
+
+    public TestModule(TextSecureMessageSender textSecureMessageSender) {
+      this.textSecureMessageSender = textSecureMessageSender;
+    }
+
+    @Provides TextSecureMessageSenderFactory provideTextSecureMessageSenderFactory() {
+      return new TextSecureMessageSenderFactory() {
+        @Override
+        public TextSecureMessageSender create(MasterSecret masterSecret) {
+          return textSecureMessageSender;
+        }
+      };
+    }
+  }
+
+}

androidTest/java/org/thoughtcrime/securesms/service/PreKeyServiceTest.java

@@ -1,92 +0,0 @@
-package org.thoughtcrime.securesms.service;
-
-import android.test.AndroidTestCase;
-
-import org.whispersystems.libaxolotl.ecc.Curve;
-import org.whispersystems.libaxolotl.state.SignedPreKeyRecord;
-import org.whispersystems.libaxolotl.state.SignedPreKeyStore;
-import org.whispersystems.textsecure.push.PushServiceSocket;
-import org.whispersystems.textsecure.push.SignedPreKeyEntity;
-
-import java.io.IOException;
-import java.util.LinkedList;
-import java.util.List;
-
-import static org.mockito.Matchers.anyInt;
-import static org.mockito.Matchers.eq;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.never;
-import static org.mockito.Mockito.times;
-import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.verifyNoMoreInteractions;
-import static org.mockito.Mockito.when;
-
-public class PreKeyServiceTest extends AndroidTestCase {
-
-  public void testSignedPreKeyRotationNotRegistered() throws IOException {
-    SignedPreKeyStore signedPreKeyStore = mock(SignedPreKeyStore.class);
-    PushServiceSocket pushServiceSocket = mock(PushServiceSocket.class);
-
-    when(pushServiceSocket.getCurrentSignedPreKey()).thenReturn(null);
-
-    PreKeyService.CleanSignedPreKeysTask cleanTask = new PreKeyService.CleanSignedPreKeysTask(signedPreKeyStore,
-                                                                                              pushServiceSocket);
-
-    cleanTask.run();
-
-    verify(pushServiceSocket).getCurrentSignedPreKey();
-    verifyNoMoreInteractions(signedPreKeyStore);
-  }
-
-  public void testSignedPreKeyEviction() throws Exception {
-    SignedPreKeyStore  signedPreKeyStore         = mock(SignedPreKeyStore.class);
-    PushServiceSocket  pushServiceSocket         = mock(PushServiceSocket.class);
-    SignedPreKeyEntity currentSignedPreKeyEntity = mock(SignedPreKeyEntity.class);
-
-    when(currentSignedPreKeyEntity.getKeyId()).thenReturn(3133);
-    when(pushServiceSocket.getCurrentSignedPreKey()).thenReturn(currentSignedPreKeyEntity);
-
-    final SignedPreKeyRecord currentRecord = new SignedPreKeyRecord(3133, System.currentTimeMillis(), Curve.generateKeyPair(true), new byte[64]);
-
-    List<SignedPreKeyRecord> records = new LinkedList<SignedPreKeyRecord>() {{
-      add(new SignedPreKeyRecord(1, 10, Curve.generateKeyPair(true), new byte[32]));
-      add(new SignedPreKeyRecord(2, 11, Curve.generateKeyPair(true), new byte[32]));
-      add(new SignedPreKeyRecord(3, System.currentTimeMillis() - 90, Curve.generateKeyPair(true), new byte[64]));
-      add(new SignedPreKeyRecord(4, System.currentTimeMillis() - 100, Curve.generateKeyPair(true), new byte[64]));
-      add(currentRecord);
-    }};
-
-    when(signedPreKeyStore.loadSignedPreKeys()).thenReturn(records);
-    when(signedPreKeyStore.loadSignedPreKey(eq(3133))).thenReturn(currentRecord);
-
-    PreKeyService.CleanSignedPreKeysTask cleanTask = new PreKeyService.CleanSignedPreKeysTask(signedPreKeyStore, pushServiceSocket);
-    cleanTask.run();
-
-    verify(signedPreKeyStore).removeSignedPreKey(eq(1));
-    verify(signedPreKeyStore).removeSignedPreKey(eq(2));
-    verify(signedPreKeyStore, times(2)).removeSignedPreKey(anyInt());
-  }
-
-  public void testSignedPreKeyNoEviction() throws Exception {
-    SignedPreKeyStore  signedPreKeyStore         = mock(SignedPreKeyStore.class);
-    PushServiceSocket  pushServiceSocket         = mock(PushServiceSocket.class);
-    SignedPreKeyEntity currentSignedPreKeyEntity = mock(SignedPreKeyEntity.class);
-
-    when(currentSignedPreKeyEntity.getKeyId()).thenReturn(3133);
-    when(pushServiceSocket.getCurrentSignedPreKey()).thenReturn(currentSignedPreKeyEntity);
-
-    final SignedPreKeyRecord currentRecord = new SignedPreKeyRecord(3133, System.currentTimeMillis(), Curve.generateKeyPair(true), new byte[64]);
-
-    List<SignedPreKeyRecord> records = new LinkedList<SignedPreKeyRecord>() {{
-      add(currentRecord);
-    }};
-
-    when(signedPreKeyStore.loadSignedPreKeys()).thenReturn(records);
-    when(signedPreKeyStore.loadSignedPreKey(eq(3133))).thenReturn(currentRecord);
-
-    PreKeyService.CleanSignedPreKeysTask cleanTask = new PreKeyService.CleanSignedPreKeysTask(signedPreKeyStore, pushServiceSocket);
-    cleanTask.run();
-
-    verify(signedPreKeyStore, never()).removeSignedPreKey(anyInt());
-  }
-}

androidTest/java/org/thoughtcrime/securesms/util/PhoneNumberFormatterTest.java

@@ -4,11 +4,13 @@ import android.test.AndroidTestCase;
 
 import junit.framework.AssertionFailedError;
 
-import org.whispersystems.textsecure.util.InvalidNumberException;
-import org.whispersystems.textsecure.util.PhoneNumberFormatter;
-import static org.fest.assertions.api.Assertions.assertThat;
+import org.thoughtcrime.securesms.TextSecureTestCase;
+import org.whispersystems.textsecure.api.util.InvalidNumberException;
+import org.whispersystems.textsecure.api.util.PhoneNumberFormatter;
 
-public class PhoneNumberFormatterTest extends AndroidTestCase {
+import static org.assertj.core.api.Assertions.assertThat;
+
+public class PhoneNumberFormatterTest extends TextSecureTestCase {
   private static final String LOCAL_NUMBER = "+15555555555";
 
   public void testFormatNumberE164() throws Exception, InvalidNumberException {

androidTest/java/org/thoughtcrime/securesms/util/UtilTest.java

@@ -1,9 +0,0 @@
-package org.thoughtcrime.securesms.util;
-
-import android.test.AndroidTestCase;
-
-import static org.fest.assertions.api.Assertions.assertThat;
-
-public class UtilTest extends AndroidTestCase {
-
-}

artwork/ic_contact.svg

@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Generator: Adobe Illustrator 17.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
+
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   version="1.1"
+   id="svg2"
+   sodipodi:docname="ic_contact.svg"
+   inkscape:version="0.91pre3 r13670"
+   x="0px"
+   y="0px"
+   width="48px"
+   height="48px"
+   viewBox="0 0 48 48"
+   enable-background="new 0 0 48 48"
+   xml:space="preserve"><metadata
+     id="metadata8"><rdf:RDF><cc:Work
+         rdf:about=""><dc:format>image/svg+xml</dc:format><dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" /></cc:Work></rdf:RDF></metadata><defs
+     id="defs6" /><sodipodi:namedview
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1"
+     objecttolerance="10"
+     gridtolerance="10"
+     guidetolerance="10"
+     inkscape:pageopacity="0"
+     inkscape:pageshadow="2"
+     inkscape:window-width="798"
+     inkscape:window-height="480"
+     id="namedview4"
+     showgrid="false"
+     inkscape:zoom="4.9166667"
+     inkscape:cx="24"
+     inkscape:cy="24"
+     inkscape:window-x="0"
+     inkscape:window-y="0"
+     inkscape:window-maximized="0"
+     inkscape:current-layer="svg2" /><path
+     id="path4"
+     d="M38,6H10c-2.21,0-4,1.79-4,4v28c0,2.21,1.79,4,4,4h28c2.21,0,4-1.79,4-4V10C42,7.79,40.21,6,38,6z M24,12  c3.31,0,6,2.69,6,6c0,3.32-2.69,6-6,6s-6-2.68-6-6C18,14.69,20.69,12,24,12z M36,36H12v-2c0-4,8-6.2,12-6.2S36,30,36,34V36z"
+     style="opacity:1;fill:#000000" /></svg>

build.gradle

@@ -5,7 +5,7 @@ buildscript {
         }
     }
     dependencies {
-        classpath 'com.android.tools.build:gradle:0.12.2'
+        classpath 'com.android.tools.build:gradle:1.0.1'
         classpath files('libs/gradle-witness.jar')
     }
 }
@@ -15,60 +15,122 @@ apply plugin: 'witness'
 
 repositories {
     maven {
-        url "https://repo1.maven.org/maven2"
+        url "https://repo1.maven.org/maven2/"
     }
     maven {
-        url "https://raw.github.com/whispersystems/maven/master/gcm-client/releases/"
-    }
-    maven {
-        url "https://raw.github.com/whispersystems/maven/master/gson/releases/"
+        url "https://raw.github.com/whispersystems/maven/master/preferencefragment/releases/"
     }
     maven {
         url "https://raw.github.com/whispersystems/maven/master/smil/releases/"
     }
+    maven {
+        url "https://raw.github.com/whispersystems/maven/master/shortcutbadger/releases/"
+    }
+    jcenter()
+    mavenLocal()
 }
 
 dependencies {
-    compile 'com.actionbarsherlock:actionbarsherlock:4.4.0@aar'
-    compile 'com.android.support:support-v4:20.0.0'
+    compile 'me.leolin:ShortcutBadger:1.0.2-WS2'
     compile 'se.emilsjolander:stickylistheaders:2.2.0'
-    compile 'com.google.android.gms:play-services:5.0.89'
+    compile 'com.google.android.gms:play-services-base:6.5.87'
     compile 'com.astuetz:pagerslidingtabstrip:1.0.1'
     compile 'org.w3c:smil:1.0.0'
     compile 'org.apache.httpcomponents:httpclient-android:4.3.5'
+    compile 'com.github.chrisbanes.photoview:library:1.2.3'
+    compile 'com.makeramen:roundedimageview:1.5.0'
+    compile 'com.afollestad:material-dialogs:0.6.1.5'
+    compile 'com.soundcloud.android:android-crop:0.9.10@aar'
+    compile 'com.android.support:appcompat-v7:21.0.3'
+    compile 'com.android.support:recyclerview-v7:21.0.3'
+    compile 'com.melnykov:floatingactionbutton:1.1.0'
+    compile 'com.google.zxing:android-integration:3.1.0'
+    compile ('com.android.support:support-v4-preferencefragment:1.0.0@aar'){
+        exclude module: 'support-v4'
+    }
+    compile 'com.squareup.dagger:dagger:1.2.2'
+    compile ("com.doomonafireball.betterpickers:library:1.5.3") {
+        exclude group: 'com.android.support', module: 'support-v4'
+    }
+    compile 'com.madgag.spongycastle:prov:1.51.0.0'
+    provided 'com.squareup.dagger:dagger-compiler:1.2.2'
 
-    androidTestCompile 'com.squareup:fest-android:1.0.8'
-    androidTestCompile 'com.google.dexmaker:dexmaker:1.1'
-    androidTestCompile 'com.google.dexmaker:dexmaker-mockito:1.1'
+    compile 'org.whispersystems:jobmanager:0.10.0'
+    compile 'org.whispersystems:libpastelog:1.0.4'
+    compile 'org.whispersystems:textsecure-android:1.1.0'
 
-    compile project(':library')
-    compile project(':jobqueue')
+    androidTestCompile 'com.google.dexmaker:dexmaker:1.2'
+    androidTestCompile 'com.google.dexmaker:dexmaker-mockito:1.2'
+
+    androidTestCompile ('org.assertj:assertj-core:1.7.1') {
+        exclude group: 'org.hamcrest', module: 'hamcrest-core'
+    }
+    androidTestCompile ('com.squareup.assertj:assertj-android:1.0.0') {
+        exclude group: 'org.hamcrest', module: 'hamcrest-core'
+    }
+    androidTestCompile ('com.android.support.test.espresso:espresso-core:2.0') {
+        exclude group: 'javax.inject'
+    }
+    androidTestCompile 'com.android.support.test:testing-support-lib:0.1'
 }
 
 dependencyVerification {
     verify = [
-            'com.actionbarsherlock:actionbarsherlock:5ab04d74101f70024b222e3ff9c87bee151ec43331b4a2134b6cc08cf8565819',
-            'com.android.support:support-v4:81f2b1c2c94efd5a4ec7fcd97b6cdcd00e87a933905c5c86103c7319eb024572',
+            'me.leolin:ShortcutBadger:027977c718035e5997035e04e05152d6c72d94df645e8b7099a274ada722bd14',
             'se.emilsjolander:stickylistheaders:89146b46c96fea0e40200474a2625cda10fe94891e4128f53cdb42375091b9b6',
-            'com.google.android.gms:play-services:38f326e525830f1d70f60f594ceafcbdf5b312287ddbecd338fd1ed7958a4b1e',
+            'com.google.android.gms:play-services-base:832cb6b3130e871db6a412c4ab585656dbcc5e7948101f190186757785703f75',
             'com.astuetz:pagerslidingtabstrip:f1641396732c7132a7abb837e482e5ee2b0ebb8d10813fc52bbaec2c15c184c2',
             'org.w3c:smil:085dc40f2bb249651578bfa07499fd08b16ad0886dbe2c4078586a408da62f9b',
             'org.apache.httpcomponents:httpclient-android:6f56466a9bd0d42934b90bfbfe9977a8b654c058bf44a12bdc2877c4e1f033f1',
-            'com.android.support:support-annotations:1aa96ef0cc4a445bfc2f93ccf762305bc57fa107b12afe9d11f3863ae8a11036',
-            'com.google.protobuf:protobuf-java:e0c1c64575c005601725e7c6a02cebf9e1285e888f756b2a1d73ffa8d725cc74',
-            'com.madgag:sc-light-jdk15on:931f39d351429fb96c2f749e7ecb1a256a8ebbf5edca7995c9cc085b94d1841d',
+            'com.github.chrisbanes.photoview:library:8b5344e206f125e7ba9d684008f36c4992d03853c57e5814125f88496126e3cc',
+            'com.makeramen:roundedimageview:7dda2e78c406760e5c356ccce59b0df46b5b171cf18abb891998594405021548',
+            'com.afollestad:material-dialogs:ccb013e6572c86cfcca433855cf0dbfbff9b5e7bb9d1f504b761a6bc6f467b60',
+            'com.soundcloud.android:android-crop:ffd4b973cf6e97f7d64118a0dc088df50e9066fd5634fe6911dd0c0c5d346177',
+            'com.android.support:appcompat-v7:5dbeb5316d0a6027d646ae552804c3baa5e3bd53f7f33db50904d51505c8a0e5',
+            'com.android.support:recyclerview-v7:e525ad3f33c84bb12b73d2dc975b55364a53f0f2d0697e043efba59ba73e22d2',
+            'com.melnykov:floatingactionbutton:0679ad9f7d61eb7aeab91e8dc56358cdedd5b1c1b9c48464499ffa05c40d3985',
+            'com.google.zxing:android-integration:89e56aadf1164bd71e57949163c53abf90af368b51669c0d4a47a163335f95c4',
+            'com.android.support:support-v4-preferencefragment:5470f5872514a6226fa1fc6f4e000991f38805691c534cf0bd2778911fc773ad',
+            'com.squareup.dagger:dagger:789aca24537022e49f91fc6444078d9de8f1dd99e1bfb090f18491b186967883',
+            'com.doomonafireball.betterpickers:library:132ecd685c95a99e7377c4e27bfadbb2d7ed0bea995944060cd62d4369fdaf3d',
+            'com.madgag.spongycastle:prov:b8c3fec3a59aac1aa04ccf4dad7179351e54ef7672f53f508151b614c131398a',
+            'org.whispersystems:jobmanager:01f35586c43aa3806f1c18d3d6a5a972def98103ba1a5a9ca3eec08d15f974b7',
+            'org.whispersystems:libpastelog:3ccf00fe1597eb8ca1e5de99b17fc225387a1b80b5bbc00ec1bc4d4f3ea9cdde',
+            'org.whispersystems:textsecure-android:d2a8630a796222459163effba01456a322f6f15a63668393fb1203f89180a21a',
+            'com.android.support:support-annotations:fdee2354787ef66b268e75958de3f7f6c4f8f325510a6dac9f49c929f83a63de',
+            'com.nineoldandroids:library:68025a14e3e7673d6ad2f95e4b46d78d7d068343aa99256b686fe59de1b3163a',
+            'javax.inject:javax.inject:91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff',
+            'com.madgag.spongycastle:core:8d6240b974b0aca4d3da9c7dd44d42339d8a374358aca5fc98e50a995764511f',
+            'org.whispersystems:axolotl-android:68e81fcb2d54626925574740263b8c2501e96f557dabedeeba7fa414deccef99',
+            'org.whispersystems:textsecure-java:f552a3cfee5ba111057c700cbe5208a4c7fe31488d17ddf49f01dd974026b00d',
+            'org.whispersystems:axolotl-java:4af04115903cbc5581b32ce82d0518a704dd039f48138d26eb518fa3a2bfee91',
+            'org.whispersystems:curve25519-android:3c29a4131a69b0d16baaa3d707678deb39602c3a3ffd75805ce7f9db252e5d0d',
             'com.googlecode.libphonenumber:libphonenumber:eba17eae81dd622ea89a00a3a8c025b2f25d342e0d9644c5b62e16f15687c3ab',
-            'org.whispersystems:gson:08f4f7498455d1539c9233e5aac18e9b1805815ef29221572996508eb512fe51',
+            'com.google.protobuf:protobuf-java:e0c1c64575c005601725e7c6a02cebf9e1285e888f756b2a1d73ffa8d725cc74',
+            'com.squareup.okhttp:okhttp:89b7f63e2e5b6c410266abc14f50fe52ea8d2d8a57260829e499b1cd9f0e61af',
+            'com.fasterxml.jackson.core:jackson-databind:835097bcdd11f5bc8a08378c70d4c8054dfa4b911691cc2752063c75534d198d',
+            'org.whispersystems:curve25519-java:9ccef8f5aba05d9942336f023c589d6278b4f9135bdc34a7bade1f4e7ad65fa3',
+            'com.squareup.okio:okio:5e1098bd3fdee4c3347f5ab815b40ba851e4ab1b348c5e49a5b0362f0ce6e978',
+            'com.fasterxml.jackson.core:jackson-annotations:0ca408c24202a7626ec8b861e99d85eca5e38b73311dd6dd12e3e9deecc3fe94',
+            'com.fasterxml.jackson.core:jackson-core:cbf4604784b4de226262845447a1ad3bb38a6728cebe86562e2c5afada8be2c0',
+            'com.android.support:support-v4:703572d3015a088cc5604b7e38885af3d307c829d0c5ceaf8654ff41c71cd160',
     ]
 }
 
 android {
-    compileSdkVersion 19
-    buildToolsVersion '19.1.0'
+    compileSdkVersion 21
+    buildToolsVersion '21.1.2'
+
+    dexOptions {
+        javaMaxHeapSize "4g"
+    }
 
     defaultConfig {
         minSdkVersion 9
         targetSdkVersion 19
+
+        testInstrumentationRunner "android.support.test.runner.AndroidJUnitRunner"
+        buildConfigField "long", "BUILD_TIMESTAMP", System.currentTimeMillis() + "L"
     }
 
     compileOptions {
@@ -76,35 +138,52 @@ android {
         targetCompatibility JavaVersion.VERSION_1_7
     }
 
-    android {
-        sourceSets {
-            main {
-                manifest.srcFile 'AndroidManifest.xml'
-                java.srcDirs = ['src']
-                resources.srcDirs = ['src']
-                aidl.srcDirs = ['src']
-                renderscript.srcDirs = ['src']
-                res.srcDirs = ['res']
-                assets.srcDirs = ['assets']
-            }
-            androidTest {
-                java.srcDirs = ['androidTest/java']
-                resources.srcDirs = ['androidTest/java']
-                aidl.srcDirs = ['androidTest/java']
-                renderscript.srcDirs = ['androidTest/java']
-            }
-        }
+    packagingOptions {
+        exclude 'LICENSE.txt'
+        exclude 'LICENSE'
+        exclude 'NOTICE'
+        exclude 'asm-license.txt'
     }
 
     signingConfigs {
         release
     }
+
     buildTypes {
+        debug {
+            minifyEnabled true
+            proguardFiles 'proguard.cfg'
+        }
         release {
+            minifyEnabled true
+            proguardFiles 'proguard.cfg'
             signingConfig signingConfigs.release
         }
     }
 
+    sourceSets {
+        main {
+            manifest.srcFile 'AndroidManifest.xml'
+            java.srcDirs = ['src']
+            resources.srcDirs = ['src']
+            aidl.srcDirs = ['src']
+            renderscript.srcDirs = ['src']
+            res.srcDirs = ['res']
+            assets.srcDirs = ['assets']
+        }
+        androidTest {
+            java.srcDirs = ['androidTest/java']
+            resources.srcDirs = ['androidTest/java']
+            aidl.srcDirs = ['androidTest/java']
+            renderscript.srcDirs = ['androidTest/java']
+        }
+    }
+
+    packagingOptions {
+        exclude 'META-INF/LICENSE'
+        exclude 'META-INF/NOTICE'
+    }
+
      lintOptions {
         abortOnError false
     }

gradle/wrapper/gradle-wrapper.properties

@@ -1,6 +1,6 @@
-#Mon Jun 09 23:26:49 PDT 2014
+#Fri Nov 28 10:03:17 PST 2014
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
-distributionUrl=http\://services.gradle.org/distributions/gradle-1.12-all.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-2.2.1-all.zip

jobqueue/.gitignore

@@ -1 +0,0 @@
-/build

jobqueue/build.gradle

@@ -1,19 +0,0 @@
-apply plugin: 'com.android.library'
-
-android {
-    compileSdkVersion 20
-    buildToolsVersion "20.0.0"
-
-    defaultConfig {
-        applicationId "org.whispersystems.jobqueue"
-        minSdkVersion 9
-        targetSdkVersion 19
-        versionCode 1
-        versionName "1.0"
-    }
-
-    compileOptions {
-        sourceCompatibility JavaVersion.VERSION_1_7
-        targetCompatibility JavaVersion.VERSION_1_7
-    }
-}

jobqueue/src/androidTest/java/org/whispersystems/jobqueue/JobManagerTest.java

@@ -1,193 +0,0 @@
-package org.whispersystems.jobqueue;
-
-import android.test.AndroidTestCase;
-
-import org.whispersystems.jobqueue.jobs.PersistentTestJob;
-import org.whispersystems.jobqueue.jobs.RequirementDeferringTestJob;
-import org.whispersystems.jobqueue.jobs.RequirementTestJob;
-import org.whispersystems.jobqueue.jobs.TestJob;
-import org.whispersystems.jobqueue.persistence.JavaJobSerializer;
-import org.whispersystems.jobqueue.util.MockRequirement;
-import org.whispersystems.jobqueue.util.MockRequirementProvider;
-import org.whispersystems.jobqueue.util.PersistentMockRequirement;
-import org.whispersystems.jobqueue.util.PersistentRequirement;
-import org.whispersystems.jobqueue.util.PersistentResult;
-import org.whispersystems.jobqueue.util.RunnableThrowable;
-
-import java.io.IOException;
-
-public class JobManagerTest extends AndroidTestCase {
-
-  public void testTransientJobExecution() throws InterruptedException {
-    TestJob    testJob    = new TestJob();
-    JobManager jobManager = new JobManager(getContext(), "transient-test", null, null, 1);
-
-    jobManager.add(testJob);
-
-    assertTrue(testJob.isAdded());
-    assertTrue(testJob.isRan());
-  }
-
-  public void testTransientRequirementJobExecution() throws InterruptedException {
-    MockRequirementProvider provider    = new MockRequirementProvider();
-    MockRequirement         requirement = new MockRequirement(false);
-    TestJob                 testJob     = new RequirementTestJob(requirement);
-    JobManager              jobManager  = new JobManager(getContext(), "transient-requirement-test",
-                                                         provider, null, 1);
-
-    jobManager.add(testJob);
-
-    assertTrue(testJob.isAdded());
-    assertTrue(!testJob.isRan());
-
-    requirement.setPresent(true);
-    provider.fireChange();
-
-    assertTrue(testJob.isRan());
-  }
-
-  public void testTransientRequirementDeferringJobExecution() throws InterruptedException {
-    final Object lock = new Object();
-
-    RunnableThrowable waitRunnable = new RunnableThrowable() {
-      public Boolean shouldThrow = false;
-
-      @Override
-      public void run() throws Exception {
-        try {
-          synchronized (lock) {
-            lock.wait();
-
-            if (shouldThrow) {
-              throw new Exception();
-            }
-          }
-        } catch (InterruptedException e) {
-          throw new AssertionError(e);
-        }
-      }
-      @Override
-      public void shouldThrow(Boolean value) {
-        shouldThrow = value;
-      }
-    };
-
-    MockRequirementProvider     provider    = new MockRequirementProvider();
-    MockRequirement             requirement = new MockRequirement(false);
-    RequirementDeferringTestJob testJob     = new RequirementDeferringTestJob(requirement, 5, waitRunnable);
-    JobManager                  jobManager  = new JobManager(getContext(), "transient-requirement-test",
-                                                             provider, null, 1);
-
-    jobManager.add(testJob);
-
-    waitRunnable.shouldThrow(true);
-    requirement.setPresent(true);
-    provider.fireChange();
-
-    assertTrue(testJob.isRan());
-    assertTrue(!testJob.isFinished());
-    synchronized (lock) { lock.notifyAll(); }
-    assertTrue(!testJob.isFinished());
-
-    requirement.setPresent(false);
-    provider.fireChange();
-    assertTrue(!testJob.isFinished());
-    synchronized (lock) { lock.notifyAll(); }
-    assertTrue(!testJob.isFinished());
-
-    waitRunnable.shouldThrow(false);
-    requirement.setPresent(true);
-    provider.fireChange();
-    assertTrue(!testJob.isFinished());
-    synchronized (lock) { lock.notifyAll(); }
-    assertTrue(testJob.isFinished());
-  }
-
-  public void testPersistentJobExecuton() throws InterruptedException {
-    PersistentMockRequirement requirement = new PersistentMockRequirement();
-    PersistentTestJob         testJob     = new PersistentTestJob(requirement);
-    JobManager                jobManager  = new JobManager(getContext(), "persistent-requirement-test3",
-                                                           null, new JavaJobSerializer(getContext()), 1);
-
-    PersistentResult.getInstance().reset();
-    PersistentRequirement.getInstance().setPresent(false);
-
-    jobManager.add(testJob);
-
-    assertTrue(PersistentResult.getInstance().isAdded());
-    assertTrue(!PersistentResult.getInstance().isRan());
-
-    PersistentRequirement.getInstance().setPresent(true);
-    jobManager = new JobManager(getContext(), "persistent-requirement-test3", null,
-                                new JavaJobSerializer(getContext()), 1);
-
-    assertTrue(PersistentResult.getInstance().isRan());
-  }
-
-  public void testEncryptedJobExecuton() throws InterruptedException {
-    EncryptionKeys            keys        = new EncryptionKeys(new byte[30]);
-    PersistentMockRequirement requirement = new PersistentMockRequirement();
-    PersistentTestJob         testJob     = new PersistentTestJob(requirement, keys);
-    JobManager                jobManager  = new JobManager(getContext(), "persistent-requirement-test4",
-                                                           null, new JavaJobSerializer(getContext()), 1);
-    jobManager.setEncryptionKeys(keys);
-
-    PersistentResult.getInstance().reset();
-    PersistentRequirement.getInstance().setPresent(false);
-
-    jobManager.add(testJob);
-
-    assertTrue(PersistentResult.getInstance().isAdded());
-    assertTrue(!PersistentResult.getInstance().isRan());
-
-    PersistentRequirement.getInstance().setPresent(true);
-    jobManager = new JobManager(getContext(), "persistent-requirement-test4", null, new JavaJobSerializer(getContext()), 1);
-
-    assertTrue(!PersistentResult.getInstance().isRan());
-
-    jobManager.setEncryptionKeys(keys);
-
-    assertTrue(PersistentResult.getInstance().isRan());
-  }
-
-  public void testGroupIdExecution() throws InterruptedException {
-    final Object lock = new Object();
-
-    Runnable waitRunnable = new Runnable() {
-      @Override
-      public void run() {
-        try {
-          synchronized (lock) {
-            lock.wait();
-          }
-        } catch (InterruptedException e) {
-          throw new AssertionError(e);
-        }
-      }
-    };
-
-    TestJob    testJobOne   = new TestJob(JobParameters.newBuilder().withGroupId("foo").create(), waitRunnable);
-    TestJob    testJobTwo   = new TestJob(JobParameters.newBuilder().withGroupId("foo").create());
-    TestJob    testJobThree = new TestJob(JobParameters.newBuilder().withGroupId("bar").create());
-    JobManager jobManager   = new JobManager(getContext(), "transient-test", null, null, 3);
-
-    jobManager.add(testJobOne);
-    jobManager.add(testJobTwo);
-    jobManager.add(testJobThree);
-
-    assertTrue(testJobOne.isAdded());
-    assertTrue(testJobTwo.isAdded());
-    assertTrue(testJobThree.isAdded());
-
-    assertTrue(testJobOne.isRan());
-    assertTrue(!testJobTwo.isRan());
-    assertTrue(testJobThree.isRan());
-
-    synchronized (lock) {
-      lock.notifyAll();
-    }
-
-    assertTrue(testJobTwo.isRan());
-  }
-
-}

jobqueue/src/androidTest/java/org/whispersystems/jobqueue/jobs/PersistentTestJob.java

@@ -1,39 +0,0 @@
-package org.whispersystems.jobqueue.jobs;
-
-import org.whispersystems.jobqueue.EncryptionKeys;
-import org.whispersystems.jobqueue.Job;
-import org.whispersystems.jobqueue.JobParameters;
-import org.whispersystems.jobqueue.requirements.Requirement;
-import org.whispersystems.jobqueue.util.PersistentResult;
-
-public class PersistentTestJob extends Job {
-
-  public PersistentTestJob(Requirement requirement) {
-    super(JobParameters.newBuilder().withRequirement(requirement).withPersistence().create());
-  }
-
-  public PersistentTestJob(Requirement requirement, EncryptionKeys keys) {
-    super(JobParameters.newBuilder().withRequirement(requirement).withPersistence().withEncryption(keys).create());
-  }
-
-
-  @Override
-  public void onAdded() {
-    PersistentResult.getInstance().onAdded();;
-  }
-
-  @Override
-  public void onRun() throws Throwable {
-    PersistentResult.getInstance().onRun();
-  }
-
-  @Override
-  public void onCanceled() {
-    PersistentResult.getInstance().onCanceled();
-  }
-
-  @Override
-  public boolean onShouldRetry(Throwable throwable) {
-    return false;
-  }
-}

jobqueue/src/androidTest/java/org/whispersystems/jobqueue/jobs/RequirementDeferringTestJob.java

@@ -1,51 +0,0 @@
-package org.whispersystems.jobqueue.jobs;
-
-  import org.whispersystems.jobqueue.JobParameters;
-  import org.whispersystems.jobqueue.requirements.Requirement;
-  import org.whispersystems.jobqueue.util.RunnableThrowable;
-
-  import java.io.IOException;
-
-public class RequirementDeferringTestJob extends TestJob {
-
-  private final Object FINISHED_LOCK = new Object();
-
-  private boolean finished = false;
-
-  private RunnableThrowable runnable;
-
-  public RequirementDeferringTestJob(Requirement requirement, int retryCount, RunnableThrowable runnable) {
-    super(JobParameters.newBuilder().withRequirement(requirement).withRetryCount(retryCount).create());
-    this.runnable = runnable;
-  }
-
-  @Override
-  public void onRun() throws Throwable {
-    synchronized (RAN_LOCK) {
-      this.ran = true;
-    }
-
-    if (runnable != null)
-      runnable.run();
-
-    synchronized (FINISHED_LOCK) {
-      this.finished = true;
-    }
-  }
-
-  @Override
-  public boolean onShouldRetry(Throwable throwable) {
-    if (throwable instanceof Exception) {
-      return true;
-    }
-    return false;
-  }
-
-  public boolean isFinished() throws InterruptedException {
-    synchronized (FINISHED_LOCK) {
-      if (!finished) FINISHED_LOCK.wait(1000);
-      return finished;
-    }
-  }
-
-}

jobqueue/src/androidTest/java/org/whispersystems/jobqueue/jobs/RequirementTestJob.java

@@ -1,12 +0,0 @@
-package org.whispersystems.jobqueue.jobs;
-
-import org.whispersystems.jobqueue.JobParameters;
-import org.whispersystems.jobqueue.requirements.Requirement;
-
-public class RequirementTestJob extends TestJob {
-
-  public RequirementTestJob(Requirement requirement) {
-    super(JobParameters.newBuilder().withRequirement(requirement).create());
-  }
-
-}

jobqueue/src/androidTest/java/org/whispersystems/jobqueue/jobs/TestJob.java

@@ -1,81 +0,0 @@
-package org.whispersystems.jobqueue.jobs;
-
-import org.whispersystems.jobqueue.Job;
-import org.whispersystems.jobqueue.JobParameters;
-
-public class TestJob extends Job {
-
-  private   final Object ADDED_LOCK    = new Object();
-  protected final Object RAN_LOCK      = new Object();
-  private   final Object CANCELED_LOCK = new Object();
-
-  private   boolean added    = false;
-  protected boolean ran      = false;
-  private   boolean canceled = false;
-
-  private Runnable runnable;
-
-  public TestJob() {
-    this(JobParameters.newBuilder().create());
-  }
-
-  public TestJob(JobParameters parameters) {
-    super(parameters);
-  }
-
-  public TestJob(JobParameters parameters, Runnable runnable) {
-    super(parameters);
-    this.runnable = runnable;
-  }
-
-  @Override
-  public void onAdded() {
-    synchronized (ADDED_LOCK) {
-      this.added = true;
-      this.ADDED_LOCK.notifyAll();
-    }
-  }
-
-  @Override
-  public void onRun() throws Throwable {
-    synchronized (RAN_LOCK) {
-      this.ran = true;
-    }
-
-    if (runnable != null)
-      runnable.run();
-  }
-
-  @Override
-  public void onCanceled() {
-    synchronized (CANCELED_LOCK) {
-      this.canceled = true;
-    }
-  }
-
-  @Override
-  public boolean onShouldRetry(Throwable throwable) {
-    return false;
-  }
-
-  public boolean isAdded() throws InterruptedException {
-    synchronized (ADDED_LOCK) {
-      if (!added) ADDED_LOCK.wait(1000);
-      return added;
-    }
-  }
-
-  public boolean isRan() throws InterruptedException {
-    synchronized (RAN_LOCK) {
-      if (!ran) RAN_LOCK.wait(1000);
-      return ran;
-    }
-  }
-
-  public boolean isCanceled() throws InterruptedException {
-    synchronized (CANCELED_LOCK) {
-      if (!canceled) CANCELED_LOCK.wait(1000);
-      return canceled;
-    }
-  }
-}

jobqueue/src/androidTest/java/org/whispersystems/jobqueue/util/MockRequirement.java

@@ -1,23 +0,0 @@
-package org.whispersystems.jobqueue.util;
-
-import org.whispersystems.jobqueue.requirements.Requirement;
-
-import java.util.concurrent.atomic.AtomicBoolean;
-
-public class MockRequirement implements Requirement {
-
-  private AtomicBoolean present;
-
-  public MockRequirement(boolean present) {
-    this.present = new AtomicBoolean(present);
-  }
-
-  public void setPresent(boolean present) {
-    this.present.set(present);
-  }
-
-  @Override
-  public boolean isPresent() {
-    return present.get();
-  }
-}

jobqueue/src/androidTest/java/org/whispersystems/jobqueue/util/MockRequirementProvider.java

@@ -1,18 +0,0 @@
-package org.whispersystems.jobqueue.util;
-
-import org.whispersystems.jobqueue.requirements.RequirementListener;
-import org.whispersystems.jobqueue.requirements.RequirementProvider;
-
-public class MockRequirementProvider implements RequirementProvider {
-
-  private RequirementListener listener;
-
-  public void fireChange() {
-    listener.onRequirementStatusChanged();
-  }
-
-  @Override
-  public void setListener(RequirementListener listener) {
-    this.listener = listener;
-  }
-}

jobqueue/src/androidTest/java/org/whispersystems/jobqueue/util/PersistentMockRequirement.java

@@ -1,10 +0,0 @@
-package org.whispersystems.jobqueue.util;
-
-import org.whispersystems.jobqueue.requirements.Requirement;
-
-public class PersistentMockRequirement implements Requirement {
-  @Override
-  public boolean isPresent() {
-    return PersistentRequirement.getInstance().isPresent();
-  }
-}

jobqueue/src/androidTest/java/org/whispersystems/jobqueue/util/PersistentRequirement.java

@@ -1,22 +0,0 @@
-package org.whispersystems.jobqueue.util;
-
-import java.util.concurrent.atomic.AtomicBoolean;
-
-public class PersistentRequirement {
-
-  private AtomicBoolean present = new AtomicBoolean(false);
-
-  private static final PersistentRequirement instance = new PersistentRequirement();
-
-  public static PersistentRequirement getInstance() {
-    return instance;
-  }
-
-  public void setPresent(boolean present) {
-    this.present.set(present);
-  }
-
-  public boolean isPresent() {
-    return present.get();
-  }
-}

jobqueue/src/androidTest/java/org/whispersystems/jobqueue/util/PersistentResult.java

@@ -1,73 +0,0 @@
-package org.whispersystems.jobqueue.util;
-
-public class PersistentResult {
-
-  private final Object ADDED_LOCK    = new Object();
-  private final Object RAN_LOCK      = new Object();
-  private final Object CANCELED_LOCK = new Object();
-
-  private boolean added    = false;
-  private boolean ran      = false;
-  private boolean canceled = false;
-
-  private static final PersistentResult instance = new PersistentResult();
-
-  public static PersistentResult getInstance() {
-    return instance;
-  }
-
-  public void onAdded() {
-    synchronized (ADDED_LOCK) {
-      this.added = true;
-      this.ADDED_LOCK.notifyAll();
-    }
-  }
-
-  public void onRun() throws Throwable {
-    synchronized (RAN_LOCK) {
-      this.ran = true;
-    }
-  }
-
-  public void onCanceled() {
-    synchronized (CANCELED_LOCK) {
-      this.canceled = true;
-    }
-  }
-
-  public boolean isAdded() throws InterruptedException {
-    synchronized (ADDED_LOCK) {
-      if (!added) ADDED_LOCK.wait(1000);
-      return added;
-    }
-  }
-
-  public boolean isRan() throws InterruptedException {
-    synchronized (RAN_LOCK) {
-      if (!ran) RAN_LOCK.wait(1000);
-      return ran;
-    }
-  }
-
-  public boolean isCanceled() throws InterruptedException {
-    synchronized (CANCELED_LOCK) {
-      if (!canceled) CANCELED_LOCK.wait(1000);
-      return canceled;
-    }
-  }
-
-  public void reset() {
-    synchronized (ADDED_LOCK) {
-      this.added = false;
-    }
-
-    synchronized (RAN_LOCK) {
-      this.ran = false;
-    }
-
-    synchronized (CANCELED_LOCK) {
-      this.canceled = false;
-    }
-  }
-
-}

jobqueue/src/androidTest/java/org/whispersystems/jobqueue/util/RunnableThrowable.java

@@ -1,8 +0,0 @@
-package org.whispersystems.jobqueue.util;
-
-public interface RunnableThrowable {
-
-  public void run() throws Throwable;
-
-  public void shouldThrow(Boolean value);
-}

jobqueue/src/main/AndroidManifest.xml

@@ -1,6 +0,0 @@
-<manifest xmlns:android="http://schemas.android.com/apk/res/android"
-    package="org.whispersystems.jobqueue">
-
-    <application />
-
-</manifest>

jobqueue/src/main/java/org/whispersystems/jobqueue/Job.java

@@ -1,89 +0,0 @@
-/**
- * Copyright (C) 2014 Open Whisper Systems
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-package org.whispersystems.jobqueue;
-
-import org.whispersystems.jobqueue.requirements.Requirement;
-
-import java.io.Serializable;
-import java.util.List;
-
-public abstract class Job implements Serializable {
-
-  private final JobParameters parameters;
-
-  private transient long persistentId;
-  private transient int  runIteration;
-
-  public Job(JobParameters parameters) {
-    this.parameters = parameters;
-  }
-
-  public List<Requirement> getRequirements() {
-    return parameters.getRequirements();
-  }
-
-  public boolean isRequirementsMet() {
-    for (Requirement requirement : parameters.getRequirements()) {
-      if (!requirement.isPresent()) return false;
-    }
-
-    return true;
-  }
-
-  public String getGroupId() {
-    return parameters.getGroupId();
-  }
-
-  public boolean isPersistent() {
-    return parameters.isPersistent();
-  }
-
-  public EncryptionKeys getEncryptionKeys() {
-    return parameters.getEncryptionKeys();
-  }
-
-  public void setEncryptionKeys(EncryptionKeys keys) {
-    parameters.setEncryptionKeys(keys);
-  }
-
-  public int getRetryCount() {
-    return parameters.getRetryCount();
-  }
-
-  public void setPersistentId(long persistentId) {
-    this.persistentId = persistentId;
-  }
-
-  public long getPersistentId() {
-    return persistentId;
-  }
-
-  public int getRunIteration() {
-    return runIteration;
-  }
-
-  public void setRunIteration(int runIteration) {
-    this.runIteration = runIteration;
-  }
-
-  public abstract void onAdded();
-  public abstract void onRun() throws Throwable;
-  public abstract void onCanceled();
-  public abstract boolean onShouldRetry(Throwable throwable);
-
-
-}

jobqueue/src/main/java/org/whispersystems/jobqueue/JobConsumer.java

@@ -1,84 +0,0 @@
-/**
- * Copyright (C) 2014 Open Whisper Systems
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-package org.whispersystems.jobqueue;
-
-import org.whispersystems.jobqueue.persistence.PersistentStorage;
-
-public class JobConsumer extends Thread {
-
-  enum JobResult {
-    SUCCESS,
-    FAILURE,
-    DEFERRED
-  }
-
-  private final JobQueue          jobQueue;
-  private final PersistentStorage persistentStorage;
-
-  public JobConsumer(String name, JobQueue jobQueue, PersistentStorage persistentStorage) {
-    super(name);
-    this.jobQueue          = jobQueue;
-    this.persistentStorage = persistentStorage;
-  }
-
-  @Override
-  public void run() {
-    while (true) {
-      Job job = jobQueue.getNext();
-
-      JobResult result;
-
-      if ((result = runJob(job)) != JobResult.DEFERRED) {
-        if (result == JobResult.FAILURE) {
-          job.onCanceled();
-        }
-
-        if (job.isPersistent()) {
-          persistentStorage.remove(job.getPersistentId());
-        }
-      } else {
-        jobQueue.add(job);
-      }
-
-      if (job.getGroupId() != null) {
-        jobQueue.setGroupIdAvailable(job.getGroupId());
-      }
-    }
-  }
-
-  private JobResult runJob(Job job) {
-    int retryCount   = job.getRetryCount();
-    int runIteration = job.getRunIteration();
-
-    for (;runIteration<retryCount;runIteration++) {
-      try {
-        job.onRun();
-        return JobResult.SUCCESS;
-      } catch (Throwable throwable) {
-        if (!job.onShouldRetry(throwable)) {
-          return JobResult.FAILURE;
-        } else if (!job.isRequirementsMet()) {
-          job.setRunIteration(runIteration+1);
-          return JobResult.DEFERRED;
-        }
-      }
-    }
-
-    return JobResult.FAILURE;
-  }
-
-}

jobqueue/src/main/java/org/whispersystems/jobqueue/JobManager.java

@@ -1,111 +0,0 @@
-/**
- * Copyright (C) 2014 Open Whisper Systems
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-package org.whispersystems.jobqueue;
-
-import android.content.Context;
-import android.util.Log;
-
-import org.whispersystems.jobqueue.persistence.JobSerializer;
-import org.whispersystems.jobqueue.persistence.PersistentStorage;
-import org.whispersystems.jobqueue.requirements.RequirementListener;
-import org.whispersystems.jobqueue.requirements.RequirementProvider;
-
-import java.io.IOException;
-import java.util.List;
-import java.util.concurrent.Executor;
-import java.util.concurrent.Executors;
-import java.util.concurrent.atomic.AtomicBoolean;
-
-public class JobManager implements RequirementListener {
-
-  private final JobQueue      jobQueue           = new JobQueue();
-  private final Executor      eventExecutor      = Executors.newSingleThreadExecutor();
-  private final AtomicBoolean hasLoadedEncrypted = new AtomicBoolean(false);
-
-  private final PersistentStorage  persistentStorage;
-
-  public JobManager(Context context, String name,
-                    RequirementProvider requirementProvider,
-                    JobSerializer jobSerializer, int consumers)
-  {
-    this.persistentStorage = new PersistentStorage(context, name, jobSerializer);
-    eventExecutor.execute(new LoadTask(null));
-
-    if (requirementProvider != null) {
-      requirementProvider.setListener(this);
-    }
-
-    for (int i=0;i<consumers;i++) {
-      new JobConsumer("JobConsumer-" + i, jobQueue, persistentStorage).start();
-    }
-  }
-
-  public void setEncryptionKeys(EncryptionKeys keys) {
-    if (hasLoadedEncrypted.compareAndSet(false, true)) {
-      eventExecutor.execute(new LoadTask(keys));
-    }
-  }
-
-  public void add(final Job job) {
-    eventExecutor.execute(new Runnable() {
-      @Override
-      public void run() {
-        try {
-          if (job.isPersistent()) {
-            persistentStorage.store(job);
-          }
-
-          job.onAdded();
-          jobQueue.add(job);
-        } catch (IOException e) {
-          Log.w("JobManager", e);
-          job.onCanceled();
-        }
-      }
-    });
-  }
-
-  @Override
-  public void onRequirementStatusChanged() {
-    eventExecutor.execute(new Runnable() {
-      @Override
-      public void run() {
-        jobQueue.onRequirementStatusChanged();
-      }
-    });
-  }
-
-  private class LoadTask implements Runnable {
-
-    private final EncryptionKeys keys;
-
-    public LoadTask(EncryptionKeys keys) {
-      this.keys = keys;
-    }
-
-    @Override
-    public void run() {
-      List<Job> pendingJobs;
-
-      if (keys == null) pendingJobs = persistentStorage.getAllUnencrypted();
-      else              pendingJobs = persistentStorage.getAllEncrypted(keys);
-
-      jobQueue.addAll(pendingJobs);
-    }
-  }
-
-}

jobqueue/src/main/java/org/whispersystems/jobqueue/JobParameters.java

@@ -1,110 +0,0 @@
-/**
- * Copyright (C) 2014 Open Whisper Systems
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-package org.whispersystems.jobqueue;
-
-import org.whispersystems.jobqueue.requirements.Requirement;
-
-import java.io.Serializable;
-import java.util.LinkedList;
-import java.util.List;
-
-public class JobParameters implements Serializable {
-
-  private transient EncryptionKeys encryptionKeys;
-
-  private final List<Requirement> requirements;
-  private final boolean           isPersistent;
-  private final int               retryCount;
-  private final String            groupId;
-
-  private JobParameters(List<Requirement> requirements,
-                       boolean isPersistent, String groupId,
-                       EncryptionKeys encryptionKeys,
-                       int retryCount)
-  {
-    this.requirements   = requirements;
-    this.isPersistent   = isPersistent;
-    this.groupId        = groupId;
-    this.encryptionKeys = encryptionKeys;
-    this.retryCount     = retryCount;
-  }
-
-  public List<Requirement> getRequirements() {
-    return requirements;
-  }
-
-  public boolean isPersistent() {
-    return isPersistent;
-  }
-
-  public EncryptionKeys getEncryptionKeys() {
-    return encryptionKeys;
-  }
-
-  public void setEncryptionKeys(EncryptionKeys encryptionKeys) {
-    this.encryptionKeys = encryptionKeys;
-  }
-
-  public int getRetryCount() {
-    return retryCount;
-  }
-
-  public static Builder newBuilder() {
-    return new Builder();
-  }
-
-  public String getGroupId() {
-    return groupId;
-  }
-
-  public static class Builder {
-    private List<Requirement> requirements   = new LinkedList<>();
-    private boolean           isPersistent   = false;
-    private EncryptionKeys    encryptionKeys = null;
-    private int               retryCount     = 100;
-    private String            groupId        = null;
-
-    public Builder withRequirement(Requirement requirement) {
-      this.requirements.add(requirement);
-      return this;
-    }
-
-    public Builder withPersistence() {
-      this.isPersistent = true;
-      return this;
-    }
-
-    public Builder withEncryption(EncryptionKeys encryptionKeys) {
-      this.encryptionKeys = encryptionKeys;
-      return this;
-    }
-
-    public Builder withRetryCount(int retryCount) {
-      this.retryCount = retryCount;
-      return this;
-    }
-
-    public Builder withGroupId(String groupId) {
-      this.groupId = groupId;
-      return this;
-    }
-
-    public JobParameters create() {
-      return new JobParameters(requirements, isPersistent, groupId, encryptionKeys, retryCount);
-    }
-  }
-}

jobqueue/src/main/java/org/whispersystems/jobqueue/JobQueue.java

@@ -1,93 +0,0 @@
-/**
- * Copyright (C) 2014 Open Whisper Systems
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-package org.whispersystems.jobqueue;
-
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.LinkedList;
-import java.util.List;
-import java.util.ListIterator;
-import java.util.Map;
-import java.util.Set;
-
-public class JobQueue {
-
-  private final Set<String>     activeGroupIds = new HashSet<>();
-  private final LinkedList<Job> jobQueue       = new LinkedList<>();
-
-  public synchronized void onRequirementStatusChanged() {
-    notifyAll();
-  }
-
-  public synchronized void add(Job job) {
-    jobQueue.add(job);
-    notifyAll();
-  }
-
-  public synchronized void addAll(List<Job> jobs) {
-    jobQueue.addAll(jobs);
-    notifyAll();
-  }
-
-  public synchronized Job getNext() {
-    try {
-      Job nextAvailableJob;
-
-      while ((nextAvailableJob = getNextAvailableJob()) == null) {
-        wait();
-      }
-
-      return nextAvailableJob;
-    } catch (InterruptedException e) {
-      throw new AssertionError(e);
-    }
-  }
-
-  public synchronized void setGroupIdAvailable(String groupId) {
-    if (groupId != null) {
-      activeGroupIds.remove(groupId);
-      notifyAll();
-    }
-  }
-
-  private Job getNextAvailableJob() {
-    if (jobQueue.isEmpty()) return null;
-
-    ListIterator<Job> iterator = jobQueue.listIterator();
-    while (iterator.hasNext()) {
-      Job job = iterator.next();
-
-      if (job.isRequirementsMet() && isGroupIdAvailable(job.getGroupId())) {
-        iterator.remove();
-        setGroupIdUnavailable(job.getGroupId());
-        return job;
-      }
-    }
-
-    return null;
-  }
-
-  private boolean isGroupIdAvailable(String groupId) {
-    return groupId == null || !activeGroupIds.contains(groupId);
-  }
-
-  private void setGroupIdUnavailable(String groupId) {
-    if (groupId != null) {
-      activeGroupIds.add(groupId);
-    }
-  }
-}

jobqueue/src/main/java/org/whispersystems/jobqueue/persistence/JavaJobSerializer.java

@@ -1,75 +0,0 @@
-/**
- * Copyright (C) 2014 Open Whisper Systems
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-package org.whispersystems.jobqueue.persistence;
-
-import android.content.Context;
-import android.util.Base64;
-
-import org.whispersystems.jobqueue.EncryptionKeys;
-import org.whispersystems.jobqueue.Job;
-import org.whispersystems.jobqueue.dependencies.ContextDependent;
-import org.whispersystems.jobqueue.requirements.Requirement;
-
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.ObjectInputStream;
-import java.io.ObjectOutputStream;
-
-public class JavaJobSerializer implements JobSerializer {
-
-  private final Context context;
-
-  public JavaJobSerializer(Context context) {
-    this.context = context;
-  }
-
-  @Override
-  public String serialize(Job job) throws IOException {
-    ByteArrayOutputStream baos = new ByteArrayOutputStream();
-    ObjectOutputStream    oos  = new ObjectOutputStream(baos);
-    oos.writeObject(job);
-
-    return Base64.encodeToString(baos.toByteArray(), Base64.NO_WRAP);
-  }
-
-  @Override
-  public Job deserialize(EncryptionKeys keys, boolean encrypted, String serialized) throws IOException {
-    try {
-      ByteArrayInputStream bais = new ByteArrayInputStream(Base64.decode(serialized, Base64.NO_WRAP));
-      ObjectInputStream    ois  = new ObjectInputStream(bais);
-
-      Job job = (Job)ois.readObject();
-
-      if (job instanceof ContextDependent) {
-        ((ContextDependent)job).setContext(context);
-      }
-
-      for (Requirement requirement : job.getRequirements()) {
-        if (requirement instanceof ContextDependent) {
-          ((ContextDependent)requirement).setContext(context);
-        }
-      }
-
-      job.setEncryptionKeys(keys);
-
-      return job;
-    } catch (ClassNotFoundException e) {
-      throw new IOException(e);
-    }
-  }
-}

jobqueue/src/main/java/org/whispersystems/jobqueue/persistence/PersistentStorage.java

@@ -1,128 +0,0 @@
-/**
- * Copyright (C) 2014 Open Whisper Systems
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-package org.whispersystems.jobqueue.persistence;
-
-import android.content.ContentValues;
-import android.content.Context;
-import android.database.Cursor;
-import android.database.sqlite.SQLiteDatabase;
-import android.database.sqlite.SQLiteOpenHelper;
-import android.util.Log;
-
-import org.whispersystems.jobqueue.EncryptionKeys;
-import org.whispersystems.jobqueue.Job;
-
-import java.io.IOException;
-import java.util.LinkedList;
-import java.util.List;
-
-public class PersistentStorage {
-
-  private static final int DATABASE_VERSION = 1;
-
-  private static final String TABLE_NAME = "queue";
-  private static final String ID         = "_id";
-  private static final String ITEM       = "item";
-  private static final String ENCRYPTED  = "encrypted";
-
-  private static final String DATABASE_CREATE = String.format("CREATE TABLE %s (%s INTEGER PRIMARY KEY, %s TEXT NOT NULL, %s INTEGER DEFAULT 0);",
-                                                              TABLE_NAME, ID, ITEM, ENCRYPTED);
-
-  private final DatabaseHelper databaseHelper;
-  private final JobSerializer jobSerializer;
-
-  public PersistentStorage(Context context, String name, JobSerializer serializer) {
-    this.databaseHelper = new DatabaseHelper(context, "_jobqueue-" + name);
-    this.jobSerializer  = serializer;
-  }
-
-  public void store(Job job) throws IOException {
-    ContentValues contentValues = new ContentValues();
-    contentValues.put(ITEM, jobSerializer.serialize(job));
-    contentValues.put(ENCRYPTED, job.getEncryptionKeys() != null);
-
-    long id = databaseHelper.getWritableDatabase().insert(TABLE_NAME, null, contentValues);
-    job.setPersistentId(id);
-  }
-
-//  public List<Job> getAll(EncryptionKeys keys) {
-//    return getJobs(keys, null);
-//  }
-
-  public List<Job> getAllUnencrypted() {
-    return getJobs(null, ENCRYPTED + " = 0");
-  }
-
-  public List<Job> getAllEncrypted(EncryptionKeys keys) {
-    return getJobs(keys, ENCRYPTED + " = 1");
-  }
-
-  private List<Job> getJobs(EncryptionKeys keys, String where) {
-    List<Job>      results  = new LinkedList<>();
-    SQLiteDatabase database = databaseHelper.getReadableDatabase();
-    Cursor         cursor   = null;
-
-    try {
-      cursor = database.query(TABLE_NAME, null, where, null, null, null, ID + " ASC", null);
-
-      while (cursor.moveToNext()) {
-        long    id        = cursor.getLong(cursor.getColumnIndexOrThrow(ID));
-        String  item      = cursor.getString(cursor.getColumnIndexOrThrow(ITEM));
-        boolean encrypted = cursor.getInt(cursor.getColumnIndexOrThrow(ENCRYPTED)) == 1;
-
-        try{
-          Job job = jobSerializer.deserialize(keys, encrypted, item);
-
-          job.setPersistentId(id);
-          results.add(job);
-        } catch (IOException e) {
-          Log.w("PersistentStore", e);
-          remove(id);
-        }
-      }
-    } finally {
-      if (cursor != null)
-        cursor.close();
-    }
-
-    return results;
-  }
-
-
-  public void remove(long id) {
-    databaseHelper.getWritableDatabase()
-                  .delete(TABLE_NAME, ID + " = ?", new String[] {String.valueOf(id)});
-  }
-
-  private static class DatabaseHelper extends SQLiteOpenHelper {
-
-    public DatabaseHelper(Context context, String name) {
-      super(context, name, null, DATABASE_VERSION);
-    }
-
-    @Override
-    public void onCreate(SQLiteDatabase db) {
-      db.execSQL(DATABASE_CREATE);
-    }
-
-    @Override
-    public void onUpgrade(SQLiteDatabase db, int oldVersion, int newVersion) {
-
-    }
-  }
-
-}

jobqueue/src/main/java/org/whispersystems/jobqueue/requirements/NetworkRequirement.java

@@ -1,47 +0,0 @@
-/**
- * Copyright (C) 2014 Open Whisper Systems
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-package org.whispersystems.jobqueue.requirements;
-
-import android.content.Context;
-import android.net.ConnectivityManager;
-import android.net.NetworkInfo;
-
-import org.whispersystems.jobqueue.dependencies.ContextDependent;
-
-public class NetworkRequirement implements Requirement, ContextDependent {
-
-  private transient Context context;
-
-  public NetworkRequirement(Context context) {
-    this.context = context;
-  }
-
-  public NetworkRequirement() {}
-
-  @Override
-  public boolean isPresent() {
-    ConnectivityManager cm      = (ConnectivityManager) context.getSystemService(Context.CONNECTIVITY_SERVICE);
-    NetworkInfo         netInfo = cm.getActiveNetworkInfo();
-
-    return netInfo != null && netInfo.isConnectedOrConnecting();
-  }
-
-  @Override
-  public void setContext(Context context) {
-    this.context = context;
-  }
-}

jobqueue/src/main/java/org/whispersystems/jobqueue/requirements/NetworkRequirementProvider.java

@@ -1,54 +0,0 @@
-/**
- * Copyright (C) 2014 Open Whisper Systems
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-package org.whispersystems.jobqueue.requirements;
-
-import android.content.BroadcastReceiver;
-import android.content.Context;
-import android.content.Intent;
-import android.content.IntentFilter;
-import android.net.ConnectivityManager;
-import android.net.NetworkInfo;
-
-public class NetworkRequirementProvider implements RequirementProvider {
-
-  private RequirementListener listener;
-
-  private final NetworkRequirement requirement;
-
-  public NetworkRequirementProvider(Context context) {
-    this.requirement = new NetworkRequirement(context);
-
-    context.getApplicationContext().registerReceiver(new BroadcastReceiver() {
-      @Override
-      public void onReceive(Context context, Intent intent) {
-        if (listener == null) {
-          return;
-        }
-
-        if (requirement.isPresent()) {
-          listener.onRequirementStatusChanged();
-        }
-      }
-    }, new IntentFilter(ConnectivityManager.CONNECTIVITY_ACTION));
-  }
-
-  @Override
-  public void setListener(RequirementListener listener) {
-    this.listener = listener;
-  }
-
-}

jobqueue/src/main/java/org/whispersystems/jobqueue/requirements/Requirement.java

@@ -1,23 +0,0 @@
-/**
- * Copyright (C) 2014 Open Whisper Systems
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-package org.whispersystems.jobqueue.requirements;
-
-import java.io.Serializable;
-
-public interface Requirement extends Serializable {
-  public boolean isPresent();
-}

jobqueue/src/main/java/org/whispersystems/jobqueue/requirements/RequirementListener.java

@@ -1,21 +0,0 @@
-/**
- * Copyright (C) 2014 Open Whisper Systems
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-package org.whispersystems.jobqueue.requirements;
-
-public interface RequirementListener {
-  public void onRequirementStatusChanged();
-}

jobqueue/src/main/res/values/strings.xml

@@ -1,2 +0,0 @@
-<resources>
-</resources>

libaxolotl/.gitignore

@@ -1,2 +0,0 @@
-/build
-/obj

libaxolotl/README.md

@@ -1,85 +0,0 @@
-
-# Overview
-
-This is a ratcheting forward secrecy protocol that works in synchronous and asynchronous messaging 
-environments.  The protocol overview is available [here](https://github.com/trevp/axolotl/wiki),
-and the details of the wire format are available [here](https://github.com/WhisperSystems/TextSecure/wiki/ProtocolV2).
-
-## PreKeys
-
-This protocol uses a concept called 'PreKeys'.  A PreKey is an ECPublicKey and an associated unique 
-ID which are stored together by a server.  PreKeys can also be signed.
-
-At install time, clients generate a single signed PreKey, as well as a large list of unsigned
-PreKeys, and transmit all of them to the server.
-
-## Sessions
-
-The axolotl protocol is session-oriented.  Clients establish a "session," which is then used for
-all subsequent encrypt/decrypt operations.  There is no need to ever tear down a session once one
-has been established.
-
-Sessions are established in one of three ways:
-
-1. PreKeyBundles. A client that wishes to send a message to a recipient can establish a session by
-   retrieving a PreKeyBundle for that recipient from the server.
-1. PreKeyWhisperMessages.  A client can receive a PreKeyWhisperMessage from a recipient and use it
-   to establish a session.
-1. KeyExchangeMessages.  Two clients can exchange KeyExchange messages to establish a session.
-
-## State
-
-An established session encapsulates a lot of state between two clients.  That state is maintained
-in durable records which need to be kept for the life of the session.
-
-State is kept in the following places:
-
-1. Identity State.  Clients will need to maintain the state of their own identity key pair, as well
-   as identity keys received from other clients.
-1. PreKey State. Clients will need to maintain the state of their generated PreKeys.
-1. Signed PreKey States. Clients will need to maintain the state of their signed PreKeys.
-1. Session State.  Clients will need to maintain the state of the sessions they have established.
-
-# Using libaxolotl
-
-## Install time
-
-At install time, a libaxolotl client needs to generate its identity keys, registration id, and
-prekeys.
-
-    IdentityKeyPair    identityKeyPair = KeyHelper.generateIdentityKeyPair();
-    int                registrationId  = KeyHelper.generateRegistrationId();
-    List<PreKeyRecord> preKeys         = KeyHelper.generatePreKeys(startId, 100);
-    PreKeyRecord       lastResortKey   = KeyHelper.generateLastResortKey();
-    SignedPreKeyRecord signedPreKey    = KeyHelper.generateSignedPreKey(identityKeyPair, 5);
-
-    // Store identityKeyPair somewhere durable and safe.
-    // Store registrationId somewhere durable and safe.
-
-    // Store preKeys in PreKeyStore.
-    // Store signed prekey in SignedPreKeyStore.
-
-## Building a session
-
-A libaxolotl client needs to implement four interfaces: IdentityKeyStore, PreKeyStore, 
-SignedPreKeyStore, and SessionStore.  These will manage loading and storing of identity, 
-prekeys, signed prekeys, and session state.
-
-Once those are implemented, building a session is fairly straightforward:
-
-    SessionStore      sessionStore      = new MySessionStore();
-    PreKeyStore       preKeyStore       = new MyPreKeyStore();
-    SignedPreKeyStore signedPreKeyStore = new MySignedPreKeyStore();
-    IdentityKeyStore  identityStore     = new MyIdentityKeyStore();
-
-    // Instantiate a SessionBuilder for a remote recipientId + deviceId tuple.
-    SessionBuilder sessionBuilder = new SessionBuilder(sessionStore, preKeyStore, signedPreKeyStore,
-                                                       identityStore, recipientId, deviceId);
-
-    // Build a session with a PreKey retrieved from the server.
-    sessionBuilder.process(retrievedPreKey);
-
-    SessionCipher     sessionCipher = new SessionCipher(sessionStore, recipientId, deviceId);
-    CiphertextMessage message      = sessionCipher.encrypt("Hello world!".getBytes("UTF-8"));
-
-    deliver(message.serialize());

libaxolotl/build.gradle

@@ -1,44 +0,0 @@
-buildscript {
-    repositories {
-        mavenCentral()
-    }
-
-    dependencies {
-        classpath 'com.android.tools.build:gradle:0.12.+'
-    }
-}
-
-apply plugin: 'com.android.library'
-
-repositories {
-    mavenCentral()
-}
-
-dependencies {
-    compile 'com.google.protobuf:protobuf-java:2.5.0'
-}
-
-android {
-    compileSdkVersion 19
-    buildToolsVersion '19.1.0'
-
-    compileOptions {
-        sourceCompatibility JavaVersion.VERSION_1_7
-        targetCompatibility JavaVersion.VERSION_1_7
-    }
-
-    android {
-        sourceSets {
-            main {
-                jniLibs.srcDirs = ['libs']
-            }
-        }
-    }
-
-}
-
-tasks.whenTaskAdded { task ->
-    if (task.name.equals("lint")) {
-        task.enabled = false
-    }
-}

libaxolotl/jni/Android.mk

@@ -1,27 +0,0 @@
-LOCAL_PATH:= $(call my-dir)
-
-include $(CLEAR_VARS)
-
-LOCAL_MODULE    := libcurve25519-donna
-LOCAL_SRC_FILES := curve25519-donna.c
-
-include $(BUILD_STATIC_LIBRARY)
-
-include $(CLEAR_VARS)
-
-LOCAL_MODULE     := libcurve25519-ref10
-LOCAL_SRC_FILES  := $(wildcard ed25519/*.c) $(wildcard ed25519/additions/*.c) $(wildcard ed25519/nacl_sha512/*.c)
-LOCAL_C_INCLUDES := ed25519/nacl_includes ed25519/additions ed25519/sha512 ed25519
-
-include $(BUILD_STATIC_LIBRARY)
-
-include $(CLEAR_VARS)
-
-LOCAL_MODULE     := libcurve25519
-LOCAL_SRC_FILES  := curve25519-jni.c
-LOCAL_C_INCLUDES := ed25519/additions
-
-LOCAL_STATIC_LIBRARIES := libcurve25519-donna libcurve25519-ref10
-
-include $(BUILD_SHARED_LIBRARY)
-

libaxolotl/jni/Application.mk

@@ -1 +0,0 @@
-APP_ABI := armeabi armeabi-v7a x86 mips

libaxolotl/jni/curve25519-donna.c

@@ -1,870 +0,0 @@
-/* Copyright 2008, Google Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are
- * met:
- *
- *     * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *     * Redistributions in binary form must reproduce the above
- * copyright notice, this list of conditions and the following disclaimer
- * in the documentation and/or other materials provided with the
- * distribution.
- *     * Neither the name of Google Inc. nor the names of its
- * contributors may be used to endorse or promote products derived from
- * this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- * curve25519-donna: Curve25519 elliptic curve, public key function
- *
- * http://code.google.com/p/curve25519-donna/
- *
- * Adam Langley <agl@imperialviolet.org>
- *
- * Derived from public domain C code by Daniel J. Bernstein <djb@cr.yp.to>
- *
- * More information about curve25519 can be found here
- *   http://cr.yp.to/ecdh.html
- *
- * djb's sample implementation of curve25519 is written in a special assembly
- * language called qhasm and uses the floating point registers.
- *
- * This is, almost, a clean room reimplementation from the curve25519 paper. It
- * uses many of the tricks described therein. Only the crecip function is taken
- * from the sample implementation. */
-
-#include <string.h>
-#include <stdint.h>
-
-#ifdef _MSC_VER
-#define inline __inline
-#endif
-
-typedef uint8_t u8;
-typedef int32_t s32;
-typedef int64_t limb;
-
-/* Field element representation:
- *
- * Field elements are written as an array of signed, 64-bit limbs, least
- * significant first. The value of the field element is:
- *   x[0] + 2^26·x[1] + x^51·x[2] + 2^102·x[3] + ...
- *
- * i.e. the limbs are 26, 25, 26, 25, ... bits wide. */
-
-/* Sum two numbers: output += in */
-static void fsum(limb *output, const limb *in) {
-  unsigned i;
-  for (i = 0; i < 10; i += 2) {
-    output[0+i] = output[0+i] + in[0+i];
-    output[1+i] = output[1+i] + in[1+i];
-  }
-}
-
-/* Find the difference of two numbers: output = in - output
- * (note the order of the arguments!). */
-static void fdifference(limb *output, const limb *in) {
-  unsigned i;
-  for (i = 0; i < 10; ++i) {
-    output[i] = in[i] - output[i];
-  }
-}
-
-/* Multiply a number by a scalar: output = in * scalar */
-static void fscalar_product(limb *output, const limb *in, const limb scalar) {
-  unsigned i;
-  for (i = 0; i < 10; ++i) {
-    output[i] = in[i] * scalar;
-  }
-}
-
-/* Multiply two numbers: output = in2 * in
- *
- * output must be distinct to both inputs. The inputs are reduced coefficient
- * form, the output is not.
- *
- * output[x] <= 14 * the largest product of the input limbs. */
-static void fproduct(limb *output, const limb *in2, const limb *in) {
-  output[0] =       ((limb) ((s32) in2[0])) * ((s32) in[0]);
-  output[1] =       ((limb) ((s32) in2[0])) * ((s32) in[1]) +
-                    ((limb) ((s32) in2[1])) * ((s32) in[0]);
-  output[2] =  2 *  ((limb) ((s32) in2[1])) * ((s32) in[1]) +
-                    ((limb) ((s32) in2[0])) * ((s32) in[2]) +
-                    ((limb) ((s32) in2[2])) * ((s32) in[0]);
-  output[3] =       ((limb) ((s32) in2[1])) * ((s32) in[2]) +
-                    ((limb) ((s32) in2[2])) * ((s32) in[1]) +
-                    ((limb) ((s32) in2[0])) * ((s32) in[3]) +
-                    ((limb) ((s32) in2[3])) * ((s32) in[0]);
-  output[4] =       ((limb) ((s32) in2[2])) * ((s32) in[2]) +
-               2 * (((limb) ((s32) in2[1])) * ((s32) in[3]) +
-                    ((limb) ((s32) in2[3])) * ((s32) in[1])) +
-                    ((limb) ((s32) in2[0])) * ((s32) in[4]) +
-                    ((limb) ((s32) in2[4])) * ((s32) in[0]);
-  output[5] =       ((limb) ((s32) in2[2])) * ((s32) in[3]) +
-                    ((limb) ((s32) in2[3])) * ((s32) in[2]) +
-                    ((limb) ((s32) in2[1])) * ((s32) in[4]) +
-                    ((limb) ((s32) in2[4])) * ((s32) in[1]) +
-                    ((limb) ((s32) in2[0])) * ((s32) in[5]) +
-                    ((limb) ((s32) in2[5])) * ((s32) in[0]);
-  output[6] =  2 * (((limb) ((s32) in2[3])) * ((s32) in[3]) +
-                    ((limb) ((s32) in2[1])) * ((s32) in[5]) +
-                    ((limb) ((s32) in2[5])) * ((s32) in[1])) +
-                    ((limb) ((s32) in2[2])) * ((s32) in[4]) +
-                    ((limb) ((s32) in2[4])) * ((s32) in[2]) +
-                    ((limb) ((s32) in2[0])) * ((s32) in[6]) +
-                    ((limb) ((s32) in2[6])) * ((s32) in[0]);
-  output[7] =       ((limb) ((s32) in2[3])) * ((s32) in[4]) +
-                    ((limb) ((s32) in2[4])) * ((s32) in[3]) +
-                    ((limb) ((s32) in2[2])) * ((s32) in[5]) +
-                    ((limb) ((s32) in2[5])) * ((s32) in[2]) +
-                    ((limb) ((s32) in2[1])) * ((s32) in[6]) +
-                    ((limb) ((s32) in2[6])) * ((s32) in[1]) +
-                    ((limb) ((s32) in2[0])) * ((s32) in[7]) +
-                    ((limb) ((s32) in2[7])) * ((s32) in[0]);
-  output[8] =       ((limb) ((s32) in2[4])) * ((s32) in[4]) +
-               2 * (((limb) ((s32) in2[3])) * ((s32) in[5]) +
-                    ((limb) ((s32) in2[5])) * ((s32) in[3]) +
-                    ((limb) ((s32) in2[1])) * ((s32) in[7]) +
-                    ((limb) ((s32) in2[7])) * ((s32) in[1])) +
-                    ((limb) ((s32) in2[2])) * ((s32) in[6]) +
-                    ((limb) ((s32) in2[6])) * ((s32) in[2]) +
-                    ((limb) ((s32) in2[0])) * ((s32) in[8]) +
-                    ((limb) ((s32) in2[8])) * ((s32) in[0]);
-  output[9] =       ((limb) ((s32) in2[4])) * ((s32) in[5]) +
-                    ((limb) ((s32) in2[5])) * ((s32) in[4]) +
-                    ((limb) ((s32) in2[3])) * ((s32) in[6]) +
-                    ((limb) ((s32) in2[6])) * ((s32) in[3]) +
-                    ((limb) ((s32) in2[2])) * ((s32) in[7]) +
-                    ((limb) ((s32) in2[7])) * ((s32) in[2]) +
-                    ((limb) ((s32) in2[1])) * ((s32) in[8]) +
-                    ((limb) ((s32) in2[8])) * ((s32) in[1]) +
-                    ((limb) ((s32) in2[0])) * ((s32) in[9]) +
-                    ((limb) ((s32) in2[9])) * ((s32) in[0]);
-  output[10] = 2 * (((limb) ((s32) in2[5])) * ((s32) in[5]) +
-                    ((limb) ((s32) in2[3])) * ((s32) in[7]) +
-                    ((limb) ((s32) in2[7])) * ((s32) in[3]) +
-                    ((limb) ((s32) in2[1])) * ((s32) in[9]) +
-                    ((limb) ((s32) in2[9])) * ((s32) in[1])) +
-                    ((limb) ((s32) in2[4])) * ((s32) in[6]) +
-                    ((limb) ((s32) in2[6])) * ((s32) in[4]) +
-                    ((limb) ((s32) in2[2])) * ((s32) in[8]) +
-                    ((limb) ((s32) in2[8])) * ((s32) in[2]);
-  output[11] =      ((limb) ((s32) in2[5])) * ((s32) in[6]) +
-                    ((limb) ((s32) in2[6])) * ((s32) in[5]) +
-                    ((limb) ((s32) in2[4])) * ((s32) in[7]) +
-                    ((limb) ((s32) in2[7])) * ((s32) in[4]) +
-                    ((limb) ((s32) in2[3])) * ((s32) in[8]) +
-                    ((limb) ((s32) in2[8])) * ((s32) in[3]) +
-                    ((limb) ((s32) in2[2])) * ((s32) in[9]) +
-                    ((limb) ((s32) in2[9])) * ((s32) in[2]);
-  output[12] =      ((limb) ((s32) in2[6])) * ((s32) in[6]) +
-               2 * (((limb) ((s32) in2[5])) * ((s32) in[7]) +
-                    ((limb) ((s32) in2[7])) * ((s32) in[5]) +
-                    ((limb) ((s32) in2[3])) * ((s32) in[9]) +
-                    ((limb) ((s32) in2[9])) * ((s32) in[3])) +
-                    ((limb) ((s32) in2[4])) * ((s32) in[8]) +
-                    ((limb) ((s32) in2[8])) * ((s32) in[4]);
-  output[13] =      ((limb) ((s32) in2[6])) * ((s32) in[7]) +
-                    ((limb) ((s32) in2[7])) * ((s32) in[6]) +
-                    ((limb) ((s32) in2[5])) * ((s32) in[8]) +
-                    ((limb) ((s32) in2[8])) * ((s32) in[5]) +
-                    ((limb) ((s32) in2[4])) * ((s32) in[9]) +
-                    ((limb) ((s32) in2[9])) * ((s32) in[4]);
-  output[14] = 2 * (((limb) ((s32) in2[7])) * ((s32) in[7]) +
-                    ((limb) ((s32) in2[5])) * ((s32) in[9]) +
-                    ((limb) ((s32) in2[9])) * ((s32) in[5])) +
-                    ((limb) ((s32) in2[6])) * ((s32) in[8]) +
-                    ((limb) ((s32) in2[8])) * ((s32) in[6]);
-  output[15] =      ((limb) ((s32) in2[7])) * ((s32) in[8]) +
-                    ((limb) ((s32) in2[8])) * ((s32) in[7]) +
-                    ((limb) ((s32) in2[6])) * ((s32) in[9]) +
-                    ((limb) ((s32) in2[9])) * ((s32) in[6]);
-  output[16] =      ((limb) ((s32) in2[8])) * ((s32) in[8]) +
-               2 * (((limb) ((s32) in2[7])) * ((s32) in[9]) +
-                    ((limb) ((s32) in2[9])) * ((s32) in[7]));
-  output[17] =      ((limb) ((s32) in2[8])) * ((s32) in[9]) +
-                    ((limb) ((s32) in2[9])) * ((s32) in[8]);
-  output[18] = 2 *  ((limb) ((s32) in2[9])) * ((s32) in[9]);
-}
-
-/* Reduce a long form to a short form by taking the input mod 2^255 - 19.
- *
- * On entry: |output[i]| < 14*2^54
- * On exit: |output[0..8]| < 280*2^54 */
-static void freduce_degree(limb *output) {
-  /* Each of these shifts and adds ends up multiplying the value by 19.
-   *
-   * For output[0..8], the absolute entry value is < 14*2^54 and we add, at
-   * most, 19*14*2^54 thus, on exit, |output[0..8]| < 280*2^54. */
-  output[8] += output[18] << 4;
-  output[8] += output[18] << 1;
-  output[8] += output[18];
-  output[7] += output[17] << 4;
-  output[7] += output[17] << 1;
-  output[7] += output[17];
-  output[6] += output[16] << 4;
-  output[6] += output[16] << 1;
-  output[6] += output[16];
-  output[5] += output[15] << 4;
-  output[5] += output[15] << 1;
-  output[5] += output[15];
-  output[4] += output[14] << 4;
-  output[4] += output[14] << 1;
-  output[4] += output[14];
-  output[3] += output[13] << 4;
-  output[3] += output[13] << 1;
-  output[3] += output[13];
-  output[2] += output[12] << 4;
-  output[2] += output[12] << 1;
-  output[2] += output[12];
-  output[1] += output[11] << 4;
-  output[1] += output[11] << 1;
-  output[1] += output[11];
-  output[0] += output[10] << 4;
-  output[0] += output[10] << 1;
-  output[0] += output[10];
-}
-
-#if (-1 & 3) != 3
-#error "This code only works on a two's complement system"
-#endif
-
-/* return v / 2^26, using only shifts and adds.
- *
- * On entry: v can take any value. */
-static inline limb
-div_by_2_26(const limb v)
-{
-  /* High word of v; no shift needed. */
-  const uint32_t highword = (uint32_t) (((uint64_t) v) >> 32);
-  /* Set to all 1s if v was negative; else set to 0s. */
-  const int32_t sign = ((int32_t) highword) >> 31;
-  /* Set to 0x3ffffff if v was negative; else set to 0. */
-  const int32_t roundoff = ((uint32_t) sign) >> 6;
-  /* Should return v / (1<<26) */
-  return (v + roundoff) >> 26;
-}
-
-/* return v / (2^25), using only shifts and adds.
- *
- * On entry: v can take any value. */
-static inline limb
-div_by_2_25(const limb v)
-{
-  /* High word of v; no shift needed*/
-  const uint32_t highword = (uint32_t) (((uint64_t) v) >> 32);
-  /* Set to all 1s if v was negative; else set to 0s. */
-  const int32_t sign = ((int32_t) highword) >> 31;
-  /* Set to 0x1ffffff if v was negative; else set to 0. */
-  const int32_t roundoff = ((uint32_t) sign) >> 7;
-  /* Should return v / (1<<25) */
-  return (v + roundoff) >> 25;
-}
-
-/* return v / (2^25), using only shifts and adds.
- *
- * On entry: v can take any value. */
-static inline s32
-div_s32_by_2_25(const s32 v)
-{
-   const s32 roundoff = ((uint32_t)(v >> 31)) >> 7;
-   return (v + roundoff) >> 25;
-}
-
-/* Reduce all coefficients of the short form input so that |x| < 2^26.
- *
- * On entry: |output[i]| < 280*2^54 */
-static void freduce_coefficients(limb *output) {
-  unsigned i;
-
-  output[10] = 0;
-
-  for (i = 0; i < 10; i += 2) {
-    limb over = div_by_2_26(output[i]);
-    /* The entry condition (that |output[i]| < 280*2^54) means that over is, at
-     * most, 280*2^28 in the first iteration of this loop. This is added to the
-     * next limb and we can approximate the resulting bound of that limb by
-     * 281*2^54. */
-    output[i] -= over << 26;
-    output[i+1] += over;
-
-    /* For the first iteration, |output[i+1]| < 281*2^54, thus |over| <
-     * 281*2^29. When this is added to the next limb, the resulting bound can
-     * be approximated as 281*2^54.
-     *
-     * For subsequent iterations of the loop, 281*2^54 remains a conservative
-     * bound and no overflow occurs. */
-    over = div_by_2_25(output[i+1]);
-    output[i+1] -= over << 25;
-    output[i+2] += over;
-  }
-  /* Now |output[10]| < 281*2^29 and all other coefficients are reduced. */
-  output[0] += output[10] << 4;
-  output[0] += output[10] << 1;
-  output[0] += output[10];
-
-  output[10] = 0;
-
-  /* Now output[1..9] are reduced, and |output[0]| < 2^26 + 19*281*2^29
-   * So |over| will be no more than 2^16. */
-  {
-    limb over = div_by_2_26(output[0]);
-    output[0] -= over << 26;
-    output[1] += over;
-  }
-
-  /* Now output[0,2..9] are reduced, and |output[1]| < 2^25 + 2^16 < 2^26. The
-   * bound on |output[1]| is sufficient to meet our needs. */
-}
-
-/* A helpful wrapper around fproduct: output = in * in2.
- *
- * On entry: |in[i]| < 2^27 and |in2[i]| < 2^27.
- *
- * output must be distinct to both inputs. The output is reduced degree
- * (indeed, one need only provide storage for 10 limbs) and |output[i]| < 2^26. */
-static void
-fmul(limb *output, const limb *in, const limb *in2) {
-  limb t[19];
-  fproduct(t, in, in2);
-  /* |t[i]| < 14*2^54 */
-  freduce_degree(t);
-  freduce_coefficients(t);
-  /* |t[i]| < 2^26 */
-  memcpy(output, t, sizeof(limb) * 10);
-}
-
-/* Square a number: output = in**2
- *
- * output must be distinct from the input. The inputs are reduced coefficient
- * form, the output is not.
- *
- * output[x] <= 14 * the largest product of the input limbs. */
-static void fsquare_inner(limb *output, const limb *in) {
-  output[0] =       ((limb) ((s32) in[0])) * ((s32) in[0]);
-  output[1] =  2 *  ((limb) ((s32) in[0])) * ((s32) in[1]);
-  output[2] =  2 * (((limb) ((s32) in[1])) * ((s32) in[1]) +
-                    ((limb) ((s32) in[0])) * ((s32) in[2]));
-  output[3] =  2 * (((limb) ((s32) in[1])) * ((s32) in[2]) +
-                    ((limb) ((s32) in[0])) * ((s32) in[3]));
-  output[4] =       ((limb) ((s32) in[2])) * ((s32) in[2]) +
-               4 *  ((limb) ((s32) in[1])) * ((s32) in[3]) +
-               2 *  ((limb) ((s32) in[0])) * ((s32) in[4]);
-  output[5] =  2 * (((limb) ((s32) in[2])) * ((s32) in[3]) +
-                    ((limb) ((s32) in[1])) * ((s32) in[4]) +
-                    ((limb) ((s32) in[0])) * ((s32) in[5]));
-  output[6] =  2 * (((limb) ((s32) in[3])) * ((s32) in[3]) +
-                    ((limb) ((s32) in[2])) * ((s32) in[4]) +
-                    ((limb) ((s32) in[0])) * ((s32) in[6]) +
-               2 *  ((limb) ((s32) in[1])) * ((s32) in[5]));
-  output[7] =  2 * (((limb) ((s32) in[3])) * ((s32) in[4]) +
-                    ((limb) ((s32) in[2])) * ((s32) in[5]) +
-                    ((limb) ((s32) in[1])) * ((s32) in[6]) +
-                    ((limb) ((s32) in[0])) * ((s32) in[7]));
-  output[8] =       ((limb) ((s32) in[4])) * ((s32) in[4]) +
-               2 * (((limb) ((s32) in[2])) * ((s32) in[6]) +
-                    ((limb) ((s32) in[0])) * ((s32) in[8]) +
-               2 * (((limb) ((s32) in[1])) * ((s32) in[7]) +
-                    ((limb) ((s32) in[3])) * ((s32) in[5])));
-  output[9] =  2 * (((limb) ((s32) in[4])) * ((s32) in[5]) +
-                    ((limb) ((s32) in[3])) * ((s32) in[6]) +
-                    ((limb) ((s32) in[2])) * ((s32) in[7]) +
-                    ((limb) ((s32) in[1])) * ((s32) in[8]) +
-                    ((limb) ((s32) in[0])) * ((s32) in[9]));
-  output[10] = 2 * (((limb) ((s32) in[5])) * ((s32) in[5]) +
-                    ((limb) ((s32) in[4])) * ((s32) in[6]) +
-                    ((limb) ((s32) in[2])) * ((s32) in[8]) +
-               2 * (((limb) ((s32) in[3])) * ((s32) in[7]) +
-                    ((limb) ((s32) in[1])) * ((s32) in[9])));
-  output[11] = 2 * (((limb) ((s32) in[5])) * ((s32) in[6]) +
-                    ((limb) ((s32) in[4])) * ((s32) in[7]) +
-                    ((limb) ((s32) in[3])) * ((s32) in[8]) +
-                    ((limb) ((s32) in[2])) * ((s32) in[9]));
-  output[12] =      ((limb) ((s32) in[6])) * ((s32) in[6]) +
-               2 * (((limb) ((s32) in[4])) * ((s32) in[8]) +
-               2 * (((limb) ((s32) in[5])) * ((s32) in[7]) +
-                    ((limb) ((s32) in[3])) * ((s32) in[9])));
-  output[13] = 2 * (((limb) ((s32) in[6])) * ((s32) in[7]) +
-                    ((limb) ((s32) in[5])) * ((s32) in[8]) +
-                    ((limb) ((s32) in[4])) * ((s32) in[9]));
-  output[14] = 2 * (((limb) ((s32) in[7])) * ((s32) in[7]) +
-                    ((limb) ((s32) in[6])) * ((s32) in[8]) +
-               2 *  ((limb) ((s32) in[5])) * ((s32) in[9]));
-  output[15] = 2 * (((limb) ((s32) in[7])) * ((s32) in[8]) +
-                    ((limb) ((s32) in[6])) * ((s32) in[9]));
-  output[16] =      ((limb) ((s32) in[8])) * ((s32) in[8]) +
-               4 *  ((limb) ((s32) in[7])) * ((s32) in[9]);
-  output[17] = 2 *  ((limb) ((s32) in[8])) * ((s32) in[9]);
-  output[18] = 2 *  ((limb) ((s32) in[9])) * ((s32) in[9]);
-}
-
-/* fsquare sets output = in^2.
- *
- * On entry: The |in| argument is in reduced coefficients form and |in[i]| <
- * 2^27.
- *
- * On exit: The |output| argument is in reduced coefficients form (indeed, one
- * need only provide storage for 10 limbs) and |out[i]| < 2^26. */
-static void
-fsquare(limb *output, const limb *in) {
-  limb t[19];
-  fsquare_inner(t, in);
-  /* |t[i]| < 14*2^54 because the largest product of two limbs will be <
-   * 2^(27+27) and fsquare_inner adds together, at most, 14 of those
-   * products. */
-  freduce_degree(t);
-  freduce_coefficients(t);
-  /* |t[i]| < 2^26 */
-  memcpy(output, t, sizeof(limb) * 10);
-}
-
-/* Take a little-endian, 32-byte number and expand it into polynomial form */
-static void
-fexpand(limb *output, const u8 *input) {
-#define F(n,start,shift,mask) \
-  output[n] = ((((limb) input[start + 0]) | \
-                ((limb) input[start + 1]) << 8 | \
-                ((limb) input[start + 2]) << 16 | \
-                ((limb) input[start + 3]) << 24) >> shift) & mask;
-  F(0, 0, 0, 0x3ffffff);
-  F(1, 3, 2, 0x1ffffff);
-  F(2, 6, 3, 0x3ffffff);
-  F(3, 9, 5, 0x1ffffff);
-  F(4, 12, 6, 0x3ffffff);
-  F(5, 16, 0, 0x1ffffff);
-  F(6, 19, 1, 0x3ffffff);
-  F(7, 22, 3, 0x1ffffff);
-  F(8, 25, 4, 0x3ffffff);
-  F(9, 28, 6, 0x1ffffff);
-#undef F
-}
-
-#if (-32 >> 1) != -16
-#error "This code only works when >> does sign-extension on negative numbers"
-#endif
-
-/* s32_eq returns 0xffffffff iff a == b and zero otherwise. */
-static s32 s32_eq(s32 a, s32 b) {
-  a = ~(a ^ b);
-  a &= a << 16;
-  a &= a << 8;
-  a &= a << 4;
-  a &= a << 2;
-  a &= a << 1;
-  return a >> 31;
-}
-
-/* s32_gte returns 0xffffffff if a >= b and zero otherwise, where a and b are
- * both non-negative. */
-static s32 s32_gte(s32 a, s32 b) {
-  a -= b;
-  /* a >= 0 iff a >= b. */
-  return ~(a >> 31);
-}
-
-/* Take a fully reduced polynomial form number and contract it into a
- * little-endian, 32-byte array.
- *
- * On entry: |input_limbs[i]| < 2^26 */
-static void
-fcontract(u8 *output, limb *input_limbs) {
-  int i;
-  int j;
-  s32 input[10];
-  s32 mask;
-
-  /* |input_limbs[i]| < 2^26, so it's valid to convert to an s32. */
-  for (i = 0; i < 10; i++) {
-    input[i] = input_limbs[i];
-  }
-
-  for (j = 0; j < 2; ++j) {
-    for (i = 0; i < 9; ++i) {
-      if ((i & 1) == 1) {
-        /* This calculation is a time-invariant way to make input[i]
-         * non-negative by borrowing from the next-larger limb. */
-        const s32 mask = input[i] >> 31;
-        const s32 carry = -((input[i] & mask) >> 25);
-        input[i] = input[i] + (carry << 25);
-        input[i+1] = input[i+1] - carry;
-      } else {
-        const s32 mask = input[i] >> 31;
-        const s32 carry = -((input[i] & mask) >> 26);
-        input[i] = input[i] + (carry << 26);
-        input[i+1] = input[i+1] - carry;
-      }
-    }
-
-    /* There's no greater limb for input[9] to borrow from, but we can multiply
-     * by 19 and borrow from input[0], which is valid mod 2^255-19. */
-    {
-      const s32 mask = input[9] >> 31;
-      const s32 carry = -((input[9] & mask) >> 25);
-      input[9] = input[9] + (carry << 25);
-      input[0] = input[0] - (carry * 19);
-    }
-
-    /* After the first iteration, input[1..9] are non-negative and fit within
-     * 25 or 26 bits, depending on position. However, input[0] may be
-     * negative. */
-  }
-
-  /* The first borrow-propagation pass above ended with every limb
-     except (possibly) input[0] non-negative.
-
-     If input[0] was negative after the first pass, then it was because of a
-     carry from input[9]. On entry, input[9] < 2^26 so the carry was, at most,
-     one, since (2**26-1) >> 25 = 1. Thus input[0] >= -19.
-
-     In the second pass, each limb is decreased by at most one. Thus the second
-     borrow-propagation pass could only have wrapped around to decrease
-     input[0] again if the first pass left input[0] negative *and* input[1]
-     through input[9] were all zero.  In that case, input[1] is now 2^25 - 1,
-     and this last borrow-propagation step will leave input[1] non-negative. */
-  {
-    const s32 mask = input[0] >> 31;
-    const s32 carry = -((input[0] & mask) >> 26);
-    input[0] = input[0] + (carry << 26);
-    input[1] = input[1] - carry;
-  }
-
-  /* All input[i] are now non-negative. However, there might be values between
-   * 2^25 and 2^26 in a limb which is, nominally, 25 bits wide. */
-  for (j = 0; j < 2; j++) {
-    for (i = 0; i < 9; i++) {
-      if ((i & 1) == 1) {
-        const s32 carry = input[i] >> 25;
-        input[i] &= 0x1ffffff;
-        input[i+1] += carry;
-      } else {
-        const s32 carry = input[i] >> 26;
-        input[i] &= 0x3ffffff;
-        input[i+1] += carry;
-      }
-    }
-
-    {
-      const s32 carry = input[9] >> 25;
-      input[9] &= 0x1ffffff;
-      input[0] += 19*carry;
-    }
-  }
-
-  /* If the first carry-chain pass, just above, ended up with a carry from
-   * input[9], and that caused input[0] to be out-of-bounds, then input[0] was
-   * < 2^26 + 2*19, because the carry was, at most, two.
-   *
-   * If the second pass carried from input[9] again then input[0] is < 2*19 and
-   * the input[9] -> input[0] carry didn't push input[0] out of bounds. */
-
-  /* It still remains the case that input might be between 2^255-19 and 2^255.
-   * In this case, input[1..9] must take their maximum value and input[0] must
-   * be >= (2^255-19) & 0x3ffffff, which is 0x3ffffed. */
-  mask = s32_gte(input[0], 0x3ffffed);
-  for (i = 1; i < 10; i++) {
-    if ((i & 1) == 1) {
-      mask &= s32_eq(input[i], 0x1ffffff);
-    } else {
-      mask &= s32_eq(input[i], 0x3ffffff);
-    }
-  }
-
-  /* mask is either 0xffffffff (if input >= 2^255-19) and zero otherwise. Thus
-   * this conditionally subtracts 2^255-19. */
-  input[0] -= mask & 0x3ffffed;
-
-  for (i = 1; i < 10; i++) {
-    if ((i & 1) == 1) {
-      input[i] -= mask & 0x1ffffff;
-    } else {
-      input[i] -= mask & 0x3ffffff;
-    }
-  }
-
-  input[1] <<= 2;
-  input[2] <<= 3;
-  input[3] <<= 5;
-  input[4] <<= 6;
-  input[6] <<= 1;
-  input[7] <<= 3;
-  input[8] <<= 4;
-  input[9] <<= 6;
-#define F(i, s) \
-  output[s+0] |=  input[i] & 0xff; \
-  output[s+1]  = (input[i] >> 8) & 0xff; \
-  output[s+2]  = (input[i] >> 16) & 0xff; \
-  output[s+3]  = (input[i] >> 24) & 0xff;
-  output[0] = 0;
-  output[16] = 0;
-  F(0,0);
-  F(1,3);
-  F(2,6);
-  F(3,9);
-  F(4,12);
-  F(5,16);
-  F(6,19);
-  F(7,22);
-  F(8,25);
-  F(9,28);
-#undef F
-}
-
-/* Input: Q, Q', Q-Q'
- * Output: 2Q, Q+Q'
- *
- *   x2 z3: long form
- *   x3 z3: long form
- *   x z: short form, destroyed
- *   xprime zprime: short form, destroyed
- *   qmqp: short form, preserved
- *
- * On entry and exit, the absolute value of the limbs of all inputs and outputs
- * are < 2^26. */
-static void fmonty(limb *x2, limb *z2,  /* output 2Q */
-                   limb *x3, limb *z3,  /* output Q + Q' */
-                   limb *x, limb *z,    /* input Q */
-                   limb *xprime, limb *zprime,  /* input Q' */
-                   const limb *qmqp /* input Q - Q' */) {
-  limb origx[10], origxprime[10], zzz[19], xx[19], zz[19], xxprime[19],
-        zzprime[19], zzzprime[19], xxxprime[19];
-
-  memcpy(origx, x, 10 * sizeof(limb));
-  fsum(x, z);
-  /* |x[i]| < 2^27 */
-  fdifference(z, origx);  /* does x - z */
-  /* |z[i]| < 2^27 */
-
-  memcpy(origxprime, xprime, sizeof(limb) * 10);
-  fsum(xprime, zprime);
-  /* |xprime[i]| < 2^27 */
-  fdifference(zprime, origxprime);
-  /* |zprime[i]| < 2^27 */
-  fproduct(xxprime, xprime, z);
-  /* |xxprime[i]| < 14*2^54: the largest product of two limbs will be <
-   * 2^(27+27) and fproduct adds together, at most, 14 of those products.
-   * (Approximating that to 2^58 doesn't work out.) */
-  fproduct(zzprime, x, zprime);
-  /* |zzprime[i]| < 14*2^54 */
-  freduce_degree(xxprime);
-  freduce_coefficients(xxprime);
-  /* |xxprime[i]| < 2^26 */
-  freduce_degree(zzprime);
-  freduce_coefficients(zzprime);
-  /* |zzprime[i]| < 2^26 */
-  memcpy(origxprime, xxprime, sizeof(limb) * 10);
-  fsum(xxprime, zzprime);
-  /* |xxprime[i]| < 2^27 */
-  fdifference(zzprime, origxprime);
-  /* |zzprime[i]| < 2^27 */
-  fsquare(xxxprime, xxprime);
-  /* |xxxprime[i]| < 2^26 */
-  fsquare(zzzprime, zzprime);
-  /* |zzzprime[i]| < 2^26 */
-  fproduct(zzprime, zzzprime, qmqp);
-  /* |zzprime[i]| < 14*2^52 */
-  freduce_degree(zzprime);
-  freduce_coefficients(zzprime);
-  /* |zzprime[i]| < 2^26 */
-  memcpy(x3, xxxprime, sizeof(limb) * 10);
-  memcpy(z3, zzprime, sizeof(limb) * 10);
-
-  fsquare(xx, x);
-  /* |xx[i]| < 2^26 */
-  fsquare(zz, z);
-  /* |zz[i]| < 2^26 */
-  fproduct(x2, xx, zz);
-  /* |x2[i]| < 14*2^52 */
-  freduce_degree(x2);
-  freduce_coefficients(x2);
-  /* |x2[i]| < 2^26 */
-  fdifference(zz, xx);  // does zz = xx - zz
-  /* |zz[i]| < 2^27 */
-  memset(zzz + 10, 0, sizeof(limb) * 9);
-  fscalar_product(zzz, zz, 121665);
-  /* |zzz[i]| < 2^(27+17) */
-  /* No need to call freduce_degree here:
-     fscalar_product doesn't increase the degree of its input. */
-  freduce_coefficients(zzz);
-  /* |zzz[i]| < 2^26 */
-  fsum(zzz, xx);
-  /* |zzz[i]| < 2^27 */
-  fproduct(z2, zz, zzz);
-  /* |z2[i]| < 14*2^(26+27) */
-  freduce_degree(z2);
-  freduce_coefficients(z2);
-  /* |z2|i| < 2^26 */
-}
-
-/* Conditionally swap two reduced-form limb arrays if 'iswap' is 1, but leave
- * them unchanged if 'iswap' is 0.  Runs in data-invariant time to avoid
- * side-channel attacks.
- *
- * NOTE that this function requires that 'iswap' be 1 or 0; other values give
- * wrong results.  Also, the two limb arrays must be in reduced-coefficient,
- * reduced-degree form: the values in a[10..19] or b[10..19] aren't swapped,
- * and all all values in a[0..9],b[0..9] must have magnitude less than
- * INT32_MAX. */
-static void
-swap_conditional(limb a[19], limb b[19], limb iswap) {
-  unsigned i;
-  const s32 swap = (s32) -iswap;
-
-  for (i = 0; i < 10; ++i) {
-    const s32 x = swap & ( ((s32)a[i]) ^ ((s32)b[i]) );
-    a[i] = ((s32)a[i]) ^ x;
-    b[i] = ((s32)b[i]) ^ x;
-  }
-}
-
-/* Calculates nQ where Q is the x-coordinate of a point on the curve
- *
- *   resultx/resultz: the x coordinate of the resulting curve point (short form)
- *   n: a little endian, 32-byte number
- *   q: a point of the curve (short form) */
-static void
-cmult(limb *resultx, limb *resultz, const u8 *n, const limb *q) {
-  limb a[19] = {0}, b[19] = {1}, c[19] = {1}, d[19] = {0};
-  limb *nqpqx = a, *nqpqz = b, *nqx = c, *nqz = d, *t;
-  limb e[19] = {0}, f[19] = {1}, g[19] = {0}, h[19] = {1};
-  limb *nqpqx2 = e, *nqpqz2 = f, *nqx2 = g, *nqz2 = h;
-
-  unsigned i, j;
-
-  memcpy(nqpqx, q, sizeof(limb) * 10);
-
-  for (i = 0; i < 32; ++i) {
-    u8 byte = n[31 - i];
-    for (j = 0; j < 8; ++j) {
-      const limb bit = byte >> 7;
-
-      swap_conditional(nqx, nqpqx, bit);
-      swap_conditional(nqz, nqpqz, bit);
-      fmonty(nqx2, nqz2,
-             nqpqx2, nqpqz2,
-             nqx, nqz,
-             nqpqx, nqpqz,
-             q);
-      swap_conditional(nqx2, nqpqx2, bit);
-      swap_conditional(nqz2, nqpqz2, bit);
-
-      t = nqx;
-      nqx = nqx2;
-      nqx2 = t;
-      t = nqz;
-      nqz = nqz2;
-      nqz2 = t;
-      t = nqpqx;
-      nqpqx = nqpqx2;
-      nqpqx2 = t;
-      t = nqpqz;
-      nqpqz = nqpqz2;
-      nqpqz2 = t;
-
-      byte <<= 1;
-    }
-  }
-
-  memcpy(resultx, nqx, sizeof(limb) * 10);
-  memcpy(resultz, nqz, sizeof(limb) * 10);
-}
-
-// -----------------------------------------------------------------------------
-// Shamelessly copied from djb's code
-// -----------------------------------------------------------------------------
-static void
-crecip(limb *out, const limb *z) {
-  limb z2[10];
-  limb z9[10];
-  limb z11[10];
-  limb z2_5_0[10];
-  limb z2_10_0[10];
-  limb z2_20_0[10];
-  limb z2_50_0[10];
-  limb z2_100_0[10];
-  limb t0[10];
-  limb t1[10];
-  int i;
-
-  /* 2 */ fsquare(z2,z);
-  /* 4 */ fsquare(t1,z2);
-  /* 8 */ fsquare(t0,t1);
-  /* 9 */ fmul(z9,t0,z);
-  /* 11 */ fmul(z11,z9,z2);
-  /* 22 */ fsquare(t0,z11);
-  /* 2^5 - 2^0 = 31 */ fmul(z2_5_0,t0,z9);
-
-  /* 2^6 - 2^1 */ fsquare(t0,z2_5_0);
-  /* 2^7 - 2^2 */ fsquare(t1,t0);
-  /* 2^8 - 2^3 */ fsquare(t0,t1);
-  /* 2^9 - 2^4 */ fsquare(t1,t0);
-  /* 2^10 - 2^5 */ fsquare(t0,t1);
-  /* 2^10 - 2^0 */ fmul(z2_10_0,t0,z2_5_0);
-
-  /* 2^11 - 2^1 */ fsquare(t0,z2_10_0);
-  /* 2^12 - 2^2 */ fsquare(t1,t0);
-  /* 2^20 - 2^10 */ for (i = 2;i < 10;i += 2) { fsquare(t0,t1); fsquare(t1,t0); }
-  /* 2^20 - 2^0 */ fmul(z2_20_0,t1,z2_10_0);
-
-  /* 2^21 - 2^1 */ fsquare(t0,z2_20_0);
-  /* 2^22 - 2^2 */ fsquare(t1,t0);
-  /* 2^40 - 2^20 */ for (i = 2;i < 20;i += 2) { fsquare(t0,t1); fsquare(t1,t0); }
-  /* 2^40 - 2^0 */ fmul(t0,t1,z2_20_0);
-
-  /* 2^41 - 2^1 */ fsquare(t1,t0);
-  /* 2^42 - 2^2 */ fsquare(t0,t1);
-  /* 2^50 - 2^10 */ for (i = 2;i < 10;i += 2) { fsquare(t1,t0); fsquare(t0,t1); }
-  /* 2^50 - 2^0 */ fmul(z2_50_0,t0,z2_10_0);
-
-  /* 2^51 - 2^1 */ fsquare(t0,z2_50_0);
-  /* 2^52 - 2^2 */ fsquare(t1,t0);
-  /* 2^100 - 2^50 */ for (i = 2;i < 50;i += 2) { fsquare(t0,t1); fsquare(t1,t0); }
-  /* 2^100 - 2^0 */ fmul(z2_100_0,t1,z2_50_0);
-
-  /* 2^101 - 2^1 */ fsquare(t1,z2_100_0);
-  /* 2^102 - 2^2 */ fsquare(t0,t1);
-  /* 2^200 - 2^100 */ for (i = 2;i < 100;i += 2) { fsquare(t1,t0); fsquare(t0,t1); }
-  /* 2^200 - 2^0 */ fmul(t1,t0,z2_100_0);
-
-  /* 2^201 - 2^1 */ fsquare(t0,t1);
-  /* 2^202 - 2^2 */ fsquare(t1,t0);
-  /* 2^250 - 2^50 */ for (i = 2;i < 50;i += 2) { fsquare(t0,t1); fsquare(t1,t0); }
-  /* 2^250 - 2^0 */ fmul(t0,t1,z2_50_0);
-
-  /* 2^251 - 2^1 */ fsquare(t1,t0);
-  /* 2^252 - 2^2 */ fsquare(t0,t1);
-  /* 2^253 - 2^3 */ fsquare(t1,t0);
-  /* 2^254 - 2^4 */ fsquare(t0,t1);
-  /* 2^255 - 2^5 */ fsquare(t1,t0);
-  /* 2^255 - 21 */ fmul(out,t1,z11);
-}
-
-int
-curve25519_donna(u8 *mypublic, const u8 *secret, const u8 *basepoint) {
-  limb bp[10], x[10], z[11], zmone[10];
-  uint8_t e[32];
-  int i;
-
-  for (i = 0; i < 32; ++i) e[i] = secret[i];
-//  e[0] &= 248;
-//  e[31] &= 127;
-//  e[31] |= 64;
-
-  fexpand(bp, basepoint);
-  cmult(x, z, e, bp);
-  crecip(zmone, z);
-  fmul(z, x, zmone);
-  fcontract(mypublic, z);
-  return 0;
-}

libaxolotl/jni/curve25519-donna.h

@@ -1,6 +0,0 @@
-#ifndef CURVE25519_DONNA_H
-#define CURVE25519_DONNA_H
-
-extern int curve25519_donna(uint8_t *, const uint8_t *, const uint8_t *);
-
-#endif

libaxolotl/jni/curve25519-jni.c

@@ -1,109 +0,0 @@
-/**
- * Copyright (C) 2013-2014 Open Whisper Systems
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-
-#include <string.h>
-#include <stdint.h>
-
-#include <jni.h>
-#include "curve25519-donna.h"
-#include "curve_sigs.h"
-
-JNIEXPORT jbyteArray JNICALL Java_org_whispersystems_libaxolotl_ecc_Curve25519_generatePrivateKey
-  (JNIEnv *env, jclass clazz, jbyteArray random)
-{
-  uint8_t* privateKey = (uint8_t*)(*env)->GetByteArrayElements(env, random, 0);
-
-  privateKey[0] &= 248;
-  privateKey[31] &= 127;
-  privateKey[31] |= 64;
-
-  (*env)->ReleaseByteArrayElements(env, random, privateKey, 0);
-
-  return random;
-}
-
-JNIEXPORT jbyteArray JNICALL Java_org_whispersystems_libaxolotl_ecc_Curve25519_generatePublicKey
-  (JNIEnv *env, jclass clazz, jbyteArray privateKey)
-{
-    static const uint8_t  basepoint[32] = {9};
-
-    jbyteArray publicKey       = (*env)->NewByteArray(env, 32);
-    uint8_t*   publicKeyBytes  = (uint8_t*)(*env)->GetByteArrayElements(env, publicKey, 0);
-    uint8_t*   privateKeyBytes = (uint8_t*)(*env)->GetByteArrayElements(env, privateKey, 0);
-
-    curve25519_donna(publicKeyBytes, privateKeyBytes, basepoint);
-
-    (*env)->ReleaseByteArrayElements(env, publicKey, publicKeyBytes, 0);
-    (*env)->ReleaseByteArrayElements(env, privateKey, privateKeyBytes, 0);
-
-    return publicKey;
-}
-
-JNIEXPORT jbyteArray JNICALL Java_org_whispersystems_libaxolotl_ecc_Curve25519_calculateAgreement
-  (JNIEnv *env, jclass clazz, jbyteArray privateKey, jbyteArray publicKey)
-{
-    jbyteArray sharedKey       = (*env)->NewByteArray(env, 32);
-    uint8_t*   sharedKeyBytes  = (uint8_t*)(*env)->GetByteArrayElements(env, sharedKey, 0);
-    uint8_t*   privateKeyBytes = (uint8_t*)(*env)->GetByteArrayElements(env, privateKey, 0);
-    uint8_t*   publicKeyBytes  = (uint8_t*)(*env)->GetByteArrayElements(env, publicKey, 0);
-
-    curve25519_donna(sharedKeyBytes, privateKeyBytes, publicKeyBytes);
-
-    (*env)->ReleaseByteArrayElements(env, sharedKey, sharedKeyBytes, 0);
-    (*env)->ReleaseByteArrayElements(env, publicKey, publicKeyBytes, 0);
-    (*env)->ReleaseByteArrayElements(env, privateKey, privateKeyBytes, 0);
-
-    return sharedKey;
-}
-
-JNIEXPORT jbyteArray JNICALL Java_org_whispersystems_libaxolotl_ecc_Curve25519_calculateSignature
-  (JNIEnv *env, jclass clazz, jbyteArray random, jbyteArray privateKey, jbyteArray message)
-{
-    jbyteArray signature       = (*env)->NewByteArray(env, 64);
-    uint8_t*   signatureBytes  = (uint8_t*)(*env)->GetByteArrayElements(env, signature, 0);
-    uint8_t*   randomBytes     = (uint8_t*)(*env)->GetByteArrayElements(env, random, 0);
-    uint8_t*   privateKeyBytes = (uint8_t*)(*env)->GetByteArrayElements(env, privateKey, 0);
-    uint8_t*   messageBytes    = (uint8_t*)(*env)->GetByteArrayElements(env, message, 0);
-    jsize      messageLength   = (*env)->GetArrayLength(env, message);
-
-    int result = curve25519_sign(signatureBytes, privateKeyBytes, messageBytes, messageLength, randomBytes);
-
-    (*env)->ReleaseByteArrayElements(env, signature, signatureBytes, 0);
-    (*env)->ReleaseByteArrayElements(env, random, randomBytes, 0);
-    (*env)->ReleaseByteArrayElements(env, privateKey, privateKeyBytes, 0);
-    (*env)->ReleaseByteArrayElements(env, message, messageBytes, 0);
-
-    if (result == 0) return signature;
-    else             (*env)->ThrowNew(env, (*env)->FindClass(env, "java/lang/AssertionError"), "Signature failed!");
-}
-
-JNIEXPORT jboolean JNICALL Java_org_whispersystems_libaxolotl_ecc_Curve25519_verifySignature
-  (JNIEnv *env, jclass clazz, jbyteArray publicKey, jbyteArray message, jbyteArray signature)
-{
-    uint8_t*   signatureBytes = (uint8_t*)(*env)->GetByteArrayElements(env, signature, 0);
-    uint8_t*   publicKeyBytes = (uint8_t*)(*env)->GetByteArrayElements(env, publicKey, 0);
-    uint8_t*   messageBytes   = (uint8_t*)(*env)->GetByteArrayElements(env, message, 0);
-    jsize      messageLength  = (*env)->GetArrayLength(env, message);
-
-    jboolean result = (curve25519_verify(signatureBytes, publicKeyBytes, messageBytes, messageLength) == 0);
-
-    (*env)->ReleaseByteArrayElements(env, signature, signatureBytes, 0);
-    (*env)->ReleaseByteArrayElements(env, publicKey, publicKeyBytes, 0);
-    (*env)->ReleaseByteArrayElements(env, message, messageBytes, 0);
-
-    return result;
-}

libaxolotl/jni/ed25519/additions/compare.c

@@ -1,44 +0,0 @@
-#include <string.h>
-#include "compare.h"
-
-/* Const-time comparison from SUPERCOP, but here it's only used for 
-   signature verification, so doesn't need to be const-time.  But
-   copied the nacl version anyways. */
-int crypto_verify_32_ref(const unsigned char *x, const unsigned char *y)
-{
-  unsigned int differentbits = 0;
-#define F(i) differentbits |= x[i] ^ y[i];
-  F(0)
-  F(1)
-  F(2)
-  F(3)
-  F(4)
-  F(5)
-  F(6)
-  F(7)
-  F(8)
-  F(9)
-  F(10)
-  F(11)
-  F(12)
-  F(13)
-  F(14)
-  F(15)
-  F(16)
-  F(17)
-  F(18)
-  F(19)
-  F(20)
-  F(21)
-  F(22)
-  F(23)
-  F(24)
-  F(25)
-  F(26)
-  F(27)
-  F(28)
-  F(29)
-  F(30)
-  F(31)
-  return (1 & ((differentbits - 1) >> 8)) - 1;
-}

libaxolotl/jni/ed25519/additions/compare.h

@@ -1,6 +0,0 @@
-#ifndef __COMPARE_H__
-#define __COMPARE_H__
-
-int crypto_verify_32_ref(const unsigned char *b1, const unsigned char *b2);
-
-#endif

libaxolotl/jni/ed25519/additions/crypto_hash_sha512.h

@@ -1,6 +0,0 @@
-#ifndef crypto_hash_sha512_H
-#define crypto_hash_sha512_H
-
-extern int crypto_hash_sha512(unsigned char *,const unsigned char *,unsigned long long);
-
-#endif

libaxolotl/jni/ed25519/additions/curve_sigs.c

@@ -1,116 +0,0 @@
-#include <string.h>
-#include "ge.h"
-#include "curve_sigs.h"
-#include "crypto_sign.h"
-
-void curve25519_keygen(unsigned char* curve25519_pubkey_out,
-                       const unsigned char* curve25519_privkey_in)
-{
-  ge_p3 ed; /* Ed25519 pubkey point */
-  fe ed_y, ed_y_plus_one, one_minus_ed_y, inv_one_minus_ed_y;
-  fe mont_x;
-
-  /* Perform a fixed-base multiplication of the Edwards base point,
-     (which is efficient due to precalculated tables), then convert
-     to the Curve25519 montgomery-format public key.  In particular,
-     convert Curve25519's "montgomery" x-coordinate into an Ed25519
-     "edwards" y-coordinate:
-
-     mont_x = (ed_y + 1) / (1 - ed_y)
-     
-     with projective coordinates:
-
-     mont_x = (ed_y + ed_z) / (ed_z - ed_y)
-
-     NOTE: ed_y=1 is converted to mont_x=0 since fe_invert is mod-exp
-  */
-
-  ge_scalarmult_base(&ed, curve25519_privkey_in);
-  fe_add(ed_y_plus_one, ed.Y, ed.Z);
-  fe_sub(one_minus_ed_y, ed.Z, ed.Y);  
-  fe_invert(inv_one_minus_ed_y, one_minus_ed_y);
-  fe_mul(mont_x, ed_y_plus_one, inv_one_minus_ed_y);
-  fe_tobytes(curve25519_pubkey_out, mont_x);
-}
-
-int curve25519_sign(unsigned char* signature_out,
-                    const unsigned char* curve25519_privkey,
-                    const unsigned char* msg, const unsigned long msg_len,
-                    const unsigned char* random)
-{
-  ge_p3 ed_pubkey_point; /* Ed25519 pubkey point */
-  unsigned char ed_pubkey[32]; /* Ed25519 encoded pubkey */
-  unsigned char sigbuf[MAX_MSG_LEN + 128]; /* working buffer */
-  unsigned char sign_bit = 0;
-
-  if (msg_len > MAX_MSG_LEN) {
-    memset(signature_out, 0, 64);
-    return -1;
-  }
-
-  /* Convert the Curve25519 privkey to an Ed25519 public key */
-  ge_scalarmult_base(&ed_pubkey_point, curve25519_privkey);
-  ge_p3_tobytes(ed_pubkey, &ed_pubkey_point);
-  sign_bit = ed_pubkey[31] & 0x80;
-
-  /* Perform an Ed25519 signature with explicit private key */
-  crypto_sign_modified(sigbuf, msg, msg_len, curve25519_privkey,
-                       ed_pubkey, random);
-  memmove(signature_out, sigbuf, 64);
-
-  /* Encode the sign bit into signature (in unused high bit of S) */
-   signature_out[63] &= 0x7F; /* bit should be zero already, but just in case */
-   signature_out[63] |= sign_bit;
-   return 0;
-}
-
-int curve25519_verify(const unsigned char* signature,
-                      const unsigned char* curve25519_pubkey,
-                      const unsigned char* msg, const unsigned long msg_len)
-{
-  fe mont_x, mont_x_minus_one, mont_x_plus_one, inv_mont_x_plus_one;
-  fe one;
-  fe ed_y;
-  unsigned char ed_pubkey[32];
-  unsigned long long some_retval;
-  unsigned char verifybuf[MAX_MSG_LEN + 64]; /* working buffer */
-  unsigned char verifybuf2[MAX_MSG_LEN + 64]; /* working buffer #2 */
-
-  if (msg_len > MAX_MSG_LEN) {
-    return -1;
-  }
-
-  /* Convert the Curve25519 public key into an Ed25519 public key.  In
-     particular, convert Curve25519's "montgomery" x-coordinate into an
-     Ed25519 "edwards" y-coordinate:
-
-     ed_y = (mont_x - 1) / (mont_x + 1)
-
-     NOTE: mont_x=-1 is converted to ed_y=0 since fe_invert is mod-exp
-
-     Then move the sign bit into the pubkey from the signature.
-  */
-  fe_frombytes(mont_x, curve25519_pubkey);
-  fe_1(one);
-  fe_sub(mont_x_minus_one, mont_x, one);
-  fe_add(mont_x_plus_one, mont_x, one);
-  fe_invert(inv_mont_x_plus_one, mont_x_plus_one);
-  fe_mul(ed_y, mont_x_minus_one, inv_mont_x_plus_one);
-  fe_tobytes(ed_pubkey, ed_y);
-
-  /* Copy the sign bit, and remove it from signature */
-  ed_pubkey[31] &= 0x7F;  /* bit should be zero already, but just in case */
-  ed_pubkey[31] |= (signature[63] & 0x80);
-  memmove(verifybuf, signature, 64);
-  verifybuf[63] &= 0x7F;
-
-  memmove(verifybuf+64, msg, msg_len);
-
-  /* Then perform a normal Ed25519 verification, return 0 on success */
-  /* The below call has a strange API: */
-  /* verifybuf = R || S || message */
-  /* verifybuf2 = internal to next call gets a copy of verifybuf, S gets 
-     replaced with pubkey for hashing, then the whole thing gets zeroized
-     (if bad sig), or contains a copy of msg (good sig) */
-  return crypto_sign_open(verifybuf2, &some_retval, verifybuf, 64 + msg_len, ed_pubkey);
-}

libaxolotl/jni/ed25519/additions/curve_sigs.h

@@ -1,50 +0,0 @@
-
-#ifndef __CURVE_SIGS_H__
-#define __CURVE_SIGS_H__
-
-#define MAX_MSG_LEN 256
-
-void curve25519_keygen(unsigned char* curve25519_pubkey_out, /* 32 bytes */
-                       const unsigned char* curve25519_privkey_in); /* 32 bytes */
-
-/* returns 0 on success */
-int curve25519_sign(unsigned char* signature_out, /* 64 bytes */
-                     const unsigned char* curve25519_privkey, /* 32 bytes */
-                     const unsigned char* msg, const unsigned long msg_len,
-                     const unsigned char* random); /* 64 bytes */
-
-/* returns 0 on success */
-int curve25519_verify(const unsigned char* signature, /* 64 bytes */
-                      const unsigned char* curve25519_pubkey, /* 32 bytes */
-                      const unsigned char* msg, const unsigned long msg_len);
-
-/* helper function - modified version of crypto_sign() to use 
-   explicit private key.  In particular:
-
-   sk     : private key
-   pk     : public key
-   msg    : message
-   prefix : 0xFE || [0xFF]*31
-   random : 64 bytes random
-   q      : main subgroup order
-
-   The prefix is chosen to distinguish the two SHA512 uses below, since
-   prefix is an invalid encoding for R (it would encode a "field element"
-   of 2^255 - 2).  0xFF*32 is set aside for use in ECDH protocols, which
-   is why the first byte here ix 0xFE.
-
-   sig_nonce = SHA512(prefix || sk ||  msg || random) % q
-   R = g^sig_nonce
-   M = SHA512(R || pk || m)
-   S = sig_nonce + (m * sk)
-   signature = (R || S)
- */
-int crypto_sign_modified(
-  unsigned char *sm,
-  const unsigned char *m,unsigned long long mlen,
-  const unsigned char *sk, /* Curve/Ed25519 private key */
-  const unsigned char *pk, /* Ed25519 public key */
-  const unsigned char *random /* 64 bytes random to hash into nonce */
-  );
-
-#endif

libaxolotl/jni/ed25519/additions/sign_modified.c

@@ -1,47 +0,0 @@
-#include <string.h>
-#include "crypto_sign.h"
-#include "crypto_hash_sha512.h"
-#include "ge.h"
-#include "sc.h"
-#include "zeroize.h"
-
-/* NEW: Compare to pristine crypto_sign() 
-   Uses explicit private key for nonce derivation and as scalar,
-   instead of deriving both from a master key.
-*/
-int crypto_sign_modified(
-  unsigned char *sm,
-  const unsigned char *m,unsigned long long mlen,
-  const unsigned char *sk, const unsigned char* pk,
-  const unsigned char* random
-)
-{
-  unsigned char nonce[64];
-  unsigned char hram[64];
-  ge_p3 R;
-  int count=0;
-
-  memmove(sm + 64,m,mlen);
-  memmove(sm + 32,sk,32); /* NEW: Use privkey directly for nonce derivation */
-
-  /* NEW : add prefix to separate hash uses - see .h */
-  sm[0] = 0xFE;
-  for (count = 1; count < 32; count++)
-    sm[count] = 0xFF;
-
-  /* NEW: add suffix of random data */
-  memmove(sm + mlen + 64, random, 64);
-
-  crypto_hash_sha512(nonce,sm,mlen + 128);
-  memmove(sm + 32,pk,32);
-
-  sc_reduce(nonce);
-  ge_scalarmult_base(&R,nonce);
-  ge_p3_tobytes(sm,&R);
-
-  crypto_hash_sha512(hram,sm,mlen + 64);
-  sc_reduce(hram);
-  sc_muladd(sm + 32,hram,sk,nonce); /* NEW: Use privkey directly */
-
-  return 0;
-}

libaxolotl/jni/ed25519/additions/zeroize.c

@@ -1,17 +0,0 @@
-#include "zeroize.h"
-
-void zeroize(unsigned char* b, size_t len)
-{
-  size_t count = 0;
-  unsigned long retval = 0;
-  volatile unsigned char *p = b;
-
-  for (count = 0; count < len; count++)
-    p[count] = 0;
-}
-
-void zeroize_stack()
-{
-  unsigned char m[ZEROIZE_STACK_SIZE];
-  zeroize(m, sizeof m);
-}

libaxolotl/jni/ed25519/additions/zeroize.h

@@ -1,12 +0,0 @@
-#ifndef __ZEROIZE_H__
-#define __ZEROIZE_H__
-
-#include <stdlib.h>
-
-#define ZEROIZE_STACK_SIZE 2048
-
-void zeroize(unsigned char* b, size_t len);
-
-void zeroize_stack();
-
-#endif

libaxolotl/jni/ed25519/api.h

@@ -1,4 +0,0 @@
-#define CRYPTO_SECRETKEYBYTES 64
-#define CRYPTO_PUBLICKEYBYTES 32
-#define CRYPTO_BYTES 64
-#define CRYPTO_DETERMINISTIC 1

libaxolotl/jni/ed25519/base2.h

@@ -1,40 +0,0 @@
- {
-  { 25967493,-14356035,29566456,3660896,-12694345,4014787,27544626,-11754271,-6079156,2047605 },
-  { -12545711,934262,-2722910,3049990,-727428,9406986,12720692,5043384,19500929,-15469378 },
-  { -8738181,4489570,9688441,-14785194,10184609,-12363380,29287919,11864899,-24514362,-4438546 },
- },
- {
-  { 15636291,-9688557,24204773,-7912398,616977,-16685262,27787600,-14772189,28944400,-1550024 },
-  { 16568933,4717097,-11556148,-1102322,15682896,-11807043,16354577,-11775962,7689662,11199574 },
-  { 30464156,-5976125,-11779434,-15670865,23220365,15915852,7512774,10017326,-17749093,-9920357 },
- },
- {
-  { 10861363,11473154,27284546,1981175,-30064349,12577861,32867885,14515107,-15438304,10819380 },
-  { 4708026,6336745,20377586,9066809,-11272109,6594696,-25653668,12483688,-12668491,5581306 },
-  { 19563160,16186464,-29386857,4097519,10237984,-4348115,28542350,13850243,-23678021,-15815942 },
- },
- {
-  { 5153746,9909285,1723747,-2777874,30523605,5516873,19480852,5230134,-23952439,-15175766 },
-  { -30269007,-3463509,7665486,10083793,28475525,1649722,20654025,16520125,30598449,7715701 },
-  { 28881845,14381568,9657904,3680757,-20181635,7843316,-31400660,1370708,29794553,-1409300 },
- },
- {
-  { -22518993,-6692182,14201702,-8745502,-23510406,8844726,18474211,-1361450,-13062696,13821877 },
-  { -6455177,-7839871,3374702,-4740862,-27098617,-10571707,31655028,-7212327,18853322,-14220951 },
-  { 4566830,-12963868,-28974889,-12240689,-7602672,-2830569,-8514358,-10431137,2207753,-3209784 },
- },
- {
-  { -25154831,-4185821,29681144,7868801,-6854661,-9423865,-12437364,-663000,-31111463,-16132436 },
-  { 25576264,-2703214,7349804,-11814844,16472782,9300885,3844789,15725684,171356,6466918 },
-  { 23103977,13316479,9739013,-16149481,817875,-15038942,8965339,-14088058,-30714912,16193877 },
- },
- {
-  { -33521811,3180713,-2394130,14003687,-16903474,-16270840,17238398,4729455,-18074513,9256800 },
-  { -25182317,-4174131,32336398,5036987,-21236817,11360617,22616405,9761698,-19827198,630305 },
-  { -13720693,2639453,-24237460,-7406481,9494427,-5774029,-6554551,-15960994,-2449256,-14291300 },
- },
- {
-  { -3151181,-5046075,9282714,6866145,-31907062,-863023,-18940575,15033784,25105118,-7894876 },
-  { -24326370,15950226,-31801215,-14592823,-11662737,-5090925,1573892,-2625887,2198790,-15804619 },
-  { -3099351,10324967,-2241613,7453183,-5446979,-2735503,-13812022,-16236442,-32461234,-12290683 },
- },

libaxolotl/jni/ed25519/d.h

@@ -1 +0,0 @@
--10913610,13857413,-15372611,6949391,114729,-8787816,-6275908,-3247719,-18696448,-12055116

libaxolotl/jni/ed25519/d2.h

@@ -1 +0,0 @@
--21827239,-5839606,-30745221,13898782,229458,15978800,-12551817,-6495438,29715968,9444199

libaxolotl/jni/ed25519/fe.h

@@ -1,56 +0,0 @@
-#ifndef FE_H
-#define FE_H
-
-#include "crypto_int32.h"
-
-typedef crypto_int32 fe[10];
-
-/*
-fe means field element.
-Here the field is \Z/(2^255-19).
-An element t, entries t[0]...t[9], represents the integer
-t[0]+2^26 t[1]+2^51 t[2]+2^77 t[3]+2^102 t[4]+...+2^230 t[9].
-Bounds on each t[i] vary depending on context.
-*/
-
-#define fe_frombytes crypto_sign_ed25519_ref10_fe_frombytes
-#define fe_tobytes crypto_sign_ed25519_ref10_fe_tobytes
-#define fe_copy crypto_sign_ed25519_ref10_fe_copy
-#define fe_isnonzero crypto_sign_ed25519_ref10_fe_isnonzero
-#define fe_isnegative crypto_sign_ed25519_ref10_fe_isnegative
-#define fe_0 crypto_sign_ed25519_ref10_fe_0
-#define fe_1 crypto_sign_ed25519_ref10_fe_1
-#define fe_cswap crypto_sign_ed25519_ref10_fe_cswap
-#define fe_cmov crypto_sign_ed25519_ref10_fe_cmov
-#define fe_add crypto_sign_ed25519_ref10_fe_add
-#define fe_sub crypto_sign_ed25519_ref10_fe_sub
-#define fe_neg crypto_sign_ed25519_ref10_fe_neg
-#define fe_mul crypto_sign_ed25519_ref10_fe_mul
-#define fe_sq crypto_sign_ed25519_ref10_fe_sq
-#define fe_sq2 crypto_sign_ed25519_ref10_fe_sq2
-#define fe_mul121666 crypto_sign_ed25519_ref10_fe_mul121666
-#define fe_invert crypto_sign_ed25519_ref10_fe_invert
-#define fe_pow22523 crypto_sign_ed25519_ref10_fe_pow22523
-
-extern void fe_frombytes(fe,const unsigned char *);
-extern void fe_tobytes(unsigned char *,const fe);
-
-extern void fe_copy(fe,const fe);
-extern int fe_isnonzero(const fe);
-extern int fe_isnegative(const fe);
-extern void fe_0(fe);
-extern void fe_1(fe);
-extern void fe_cswap(fe,fe,unsigned int);
-extern void fe_cmov(fe,const fe,unsigned int);
-
-extern void fe_add(fe,const fe,const fe);
-extern void fe_sub(fe,const fe,const fe);
-extern void fe_neg(fe,const fe);
-extern void fe_mul(fe,const fe,const fe);
-extern void fe_sq(fe,const fe);
-extern void fe_sq2(fe,const fe);
-extern void fe_mul121666(fe,const fe);
-extern void fe_invert(fe,const fe);
-extern void fe_pow22523(fe,const fe);
-
-#endif

libaxolotl/jni/ed25519/fe_0.c

@@ -1,19 +0,0 @@
-#include "fe.h"
-
-/*
-h = 0
-*/
-
-void fe_0(fe h)
-{
-  h[0] = 0;
-  h[1] = 0;
-  h[2] = 0;
-  h[3] = 0;
-  h[4] = 0;
-  h[5] = 0;
-  h[6] = 0;
-  h[7] = 0;
-  h[8] = 0;
-  h[9] = 0;
-}

libaxolotl/jni/ed25519/fe_1.c

@@ -1,19 +0,0 @@
-#include "fe.h"
-
-/*
-h = 1
-*/
-
-void fe_1(fe h)
-{
-  h[0] = 1;
-  h[1] = 0;
-  h[2] = 0;
-  h[3] = 0;
-  h[4] = 0;
-  h[5] = 0;
-  h[6] = 0;
-  h[7] = 0;
-  h[8] = 0;
-  h[9] = 0;
-}

libaxolotl/jni/ed25519/fe_add.c

@@ -1,57 +0,0 @@
-#include "fe.h"
-
-/*
-h = f + g
-Can overlap h with f or g.
-
-Preconditions:
-   |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
-   |g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
-
-Postconditions:
-   |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
-*/
-
-void fe_add(fe h,const fe f,const fe g)
-{
-  crypto_int32 f0 = f[0];
-  crypto_int32 f1 = f[1];
-  crypto_int32 f2 = f[2];
-  crypto_int32 f3 = f[3];
-  crypto_int32 f4 = f[4];
-  crypto_int32 f5 = f[5];
-  crypto_int32 f6 = f[6];
-  crypto_int32 f7 = f[7];
-  crypto_int32 f8 = f[8];
-  crypto_int32 f9 = f[9];
-  crypto_int32 g0 = g[0];
-  crypto_int32 g1 = g[1];
-  crypto_int32 g2 = g[2];
-  crypto_int32 g3 = g[3];
-  crypto_int32 g4 = g[4];
-  crypto_int32 g5 = g[5];
-  crypto_int32 g6 = g[6];
-  crypto_int32 g7 = g[7];
-  crypto_int32 g8 = g[8];
-  crypto_int32 g9 = g[9];
-  crypto_int32 h0 = f0 + g0;
-  crypto_int32 h1 = f1 + g1;
-  crypto_int32 h2 = f2 + g2;
-  crypto_int32 h3 = f3 + g3;
-  crypto_int32 h4 = f4 + g4;
-  crypto_int32 h5 = f5 + g5;
-  crypto_int32 h6 = f6 + g6;
-  crypto_int32 h7 = f7 + g7;
-  crypto_int32 h8 = f8 + g8;
-  crypto_int32 h9 = f9 + g9;
-  h[0] = h0;
-  h[1] = h1;
-  h[2] = h2;
-  h[3] = h3;
-  h[4] = h4;
-  h[5] = h5;
-  h[6] = h6;
-  h[7] = h7;
-  h[8] = h8;
-  h[9] = h9;
-}

libaxolotl/jni/ed25519/fe_cmov.c

@@ -1,63 +0,0 @@
-#include "fe.h"
-
-/*
-Replace (f,g) with (g,g) if b == 1;
-replace (f,g) with (f,g) if b == 0.
-
-Preconditions: b in {0,1}.
-*/
-
-void fe_cmov(fe f,const fe g,unsigned int b)
-{
-  crypto_int32 f0 = f[0];
-  crypto_int32 f1 = f[1];
-  crypto_int32 f2 = f[2];
-  crypto_int32 f3 = f[3];
-  crypto_int32 f4 = f[4];
-  crypto_int32 f5 = f[5];
-  crypto_int32 f6 = f[6];
-  crypto_int32 f7 = f[7];
-  crypto_int32 f8 = f[8];
-  crypto_int32 f9 = f[9];
-  crypto_int32 g0 = g[0];
-  crypto_int32 g1 = g[1];
-  crypto_int32 g2 = g[2];
-  crypto_int32 g3 = g[3];
-  crypto_int32 g4 = g[4];
-  crypto_int32 g5 = g[5];
-  crypto_int32 g6 = g[6];
-  crypto_int32 g7 = g[7];
-  crypto_int32 g8 = g[8];
-  crypto_int32 g9 = g[9];
-  crypto_int32 x0 = f0 ^ g0;
-  crypto_int32 x1 = f1 ^ g1;
-  crypto_int32 x2 = f2 ^ g2;
-  crypto_int32 x3 = f3 ^ g3;
-  crypto_int32 x4 = f4 ^ g4;
-  crypto_int32 x5 = f5 ^ g5;
-  crypto_int32 x6 = f6 ^ g6;
-  crypto_int32 x7 = f7 ^ g7;
-  crypto_int32 x8 = f8 ^ g8;
-  crypto_int32 x9 = f9 ^ g9;
-  b = -b;
-  x0 &= b;
-  x1 &= b;
-  x2 &= b;
-  x3 &= b;
-  x4 &= b;
-  x5 &= b;
-  x6 &= b;
-  x7 &= b;
-  x8 &= b;
-  x9 &= b;
-  f[0] = f0 ^ x0;
-  f[1] = f1 ^ x1;
-  f[2] = f2 ^ x2;
-  f[3] = f3 ^ x3;
-  f[4] = f4 ^ x4;
-  f[5] = f5 ^ x5;
-  f[6] = f6 ^ x6;
-  f[7] = f7 ^ x7;
-  f[8] = f8 ^ x8;
-  f[9] = f9 ^ x9;
-}

libaxolotl/jni/ed25519/fe_copy.c

@@ -1,29 +0,0 @@
-#include "fe.h"
-
-/*
-h = f
-*/
-
-void fe_copy(fe h,const fe f)
-{
-  crypto_int32 f0 = f[0];
-  crypto_int32 f1 = f[1];
-  crypto_int32 f2 = f[2];
-  crypto_int32 f3 = f[3];
-  crypto_int32 f4 = f[4];
-  crypto_int32 f5 = f[5];
-  crypto_int32 f6 = f[6];
-  crypto_int32 f7 = f[7];
-  crypto_int32 f8 = f[8];
-  crypto_int32 f9 = f[9];
-  h[0] = f0;
-  h[1] = f1;
-  h[2] = f2;
-  h[3] = f3;
-  h[4] = f4;
-  h[5] = f5;
-  h[6] = f6;
-  h[7] = f7;
-  h[8] = f8;
-  h[9] = f9;
-}

libaxolotl/jni/ed25519/fe_frombytes.c

@@ -1,73 +0,0 @@
-#include "fe.h"
-#include "crypto_int64.h"
-#include "crypto_uint64.h"
-
-static crypto_uint64 load_3(const unsigned char *in)
-{
-  crypto_uint64 result;
-  result = (crypto_uint64) in[0];
-  result |= ((crypto_uint64) in[1]) << 8;
-  result |= ((crypto_uint64) in[2]) << 16;
-  return result;
-}
-
-static crypto_uint64 load_4(const unsigned char *in)
-{
-  crypto_uint64 result;
-  result = (crypto_uint64) in[0];
-  result |= ((crypto_uint64) in[1]) << 8;
-  result |= ((crypto_uint64) in[2]) << 16;
-  result |= ((crypto_uint64) in[3]) << 24;
-  return result;
-}
-
-/*
-Ignores top bit of h.
-*/
-
-void fe_frombytes(fe h,const unsigned char *s)
-{
-  crypto_int64 h0 = load_4(s);
-  crypto_int64 h1 = load_3(s + 4) << 6;
-  crypto_int64 h2 = load_3(s + 7) << 5;
-  crypto_int64 h3 = load_3(s + 10) << 3;
-  crypto_int64 h4 = load_3(s + 13) << 2;
-  crypto_int64 h5 = load_4(s + 16);
-  crypto_int64 h6 = load_3(s + 20) << 7;
-  crypto_int64 h7 = load_3(s + 23) << 5;
-  crypto_int64 h8 = load_3(s + 26) << 4;
-  crypto_int64 h9 = (load_3(s + 29) & 8388607) << 2;
-  crypto_int64 carry0;
-  crypto_int64 carry1;
-  crypto_int64 carry2;
-  crypto_int64 carry3;
-  crypto_int64 carry4;
-  crypto_int64 carry5;
-  crypto_int64 carry6;
-  crypto_int64 carry7;
-  crypto_int64 carry8;
-  crypto_int64 carry9;
-
-  carry9 = (h9 + (crypto_int64) (1<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25;
-  carry1 = (h1 + (crypto_int64) (1<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25;
-  carry3 = (h3 + (crypto_int64) (1<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25;
-  carry5 = (h5 + (crypto_int64) (1<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25;
-  carry7 = (h7 + (crypto_int64) (1<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25;
-
-  carry0 = (h0 + (crypto_int64) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
-  carry2 = (h2 + (crypto_int64) (1<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26;
-  carry4 = (h4 + (crypto_int64) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
-  carry6 = (h6 + (crypto_int64) (1<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26;
-  carry8 = (h8 + (crypto_int64) (1<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26;
-
-  h[0] = h0;
-  h[1] = h1;
-  h[2] = h2;
-  h[3] = h3;
-  h[4] = h4;
-  h[5] = h5;
-  h[6] = h6;
-  h[7] = h7;
-  h[8] = h8;
-  h[9] = h9;
-}

libaxolotl/jni/ed25519/fe_invert.c

@@ -1,14 +0,0 @@
-#include "fe.h"
-
-void fe_invert(fe out,const fe z)
-{
-  fe t0;
-  fe t1;
-  fe t2;
-  fe t3;
-  int i;
-
-#include "pow225521.h"
-
-  return;
-}

libaxolotl/jni/ed25519/fe_isnegative.c

@@ -1,16 +0,0 @@
-#include "fe.h"
-
-/*
-return 1 if f is in {1,3,5,...,q-2}
-return 0 if f is in {0,2,4,...,q-1}
-
-Preconditions:
-   |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
-*/
-
-int fe_isnegative(const fe f)
-{
-  unsigned char s[32];
-  fe_tobytes(s,f);
-  return s[0] & 1;
-}

libaxolotl/jni/ed25519/fe_isnonzero.c

@@ -1,19 +0,0 @@
-#include "fe.h"
-#include "crypto_verify_32.h"
-
-/*
-return 1 if f == 0
-return 0 if f != 0
-
-Preconditions:
-   |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
-*/
-
-static const unsigned char zero[32];
-
-int fe_isnonzero(const fe f)
-{
-  unsigned char s[32];
-  fe_tobytes(s,f);
-  return crypto_verify_32(s,zero);
-}

libaxolotl/jni/ed25519/fe_mul.c

@@ -1,253 +0,0 @@
-#include "fe.h"
-#include "crypto_int64.h"
-
-/*
-h = f * g
-Can overlap h with f or g.
-
-Preconditions:
-   |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
-   |g| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
-
-Postconditions:
-   |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc.
-*/
-
-/*
-Notes on implementation strategy:
-
-Using schoolbook multiplication.
-Karatsuba would save a little in some cost models.
-
-Most multiplications by 2 and 19 are 32-bit precomputations;
-cheaper than 64-bit postcomputations.
-
-There is one remaining multiplication by 19 in the carry chain;
-one *19 precomputation can be merged into this,
-but the resulting data flow is considerably less clean.
-
-There are 12 carries below.
-10 of them are 2-way parallelizable and vectorizable.
-Can get away with 11 carries, but then data flow is much deeper.
-
-With tighter constraints on inputs can squeeze carries into int32.
-*/
-
-void fe_mul(fe h,const fe f,const fe g)
-{
-  crypto_int32 f0 = f[0];
-  crypto_int32 f1 = f[1];
-  crypto_int32 f2 = f[2];
-  crypto_int32 f3 = f[3];
-  crypto_int32 f4 = f[4];
-  crypto_int32 f5 = f[5];
-  crypto_int32 f6 = f[6];
-  crypto_int32 f7 = f[7];
-  crypto_int32 f8 = f[8];
-  crypto_int32 f9 = f[9];
-  crypto_int32 g0 = g[0];
-  crypto_int32 g1 = g[1];
-  crypto_int32 g2 = g[2];
-  crypto_int32 g3 = g[3];
-  crypto_int32 g4 = g[4];
-  crypto_int32 g5 = g[5];
-  crypto_int32 g6 = g[6];
-  crypto_int32 g7 = g[7];
-  crypto_int32 g8 = g[8];
-  crypto_int32 g9 = g[9];
-  crypto_int32 g1_19 = 19 * g1; /* 1.959375*2^29 */
-  crypto_int32 g2_19 = 19 * g2; /* 1.959375*2^30; still ok */
-  crypto_int32 g3_19 = 19 * g3;
-  crypto_int32 g4_19 = 19 * g4;
-  crypto_int32 g5_19 = 19 * g5;
-  crypto_int32 g6_19 = 19 * g6;
-  crypto_int32 g7_19 = 19 * g7;
-  crypto_int32 g8_19 = 19 * g8;
-  crypto_int32 g9_19 = 19 * g9;
-  crypto_int32 f1_2 = 2 * f1;
-  crypto_int32 f3_2 = 2 * f3;
-  crypto_int32 f5_2 = 2 * f5;
-  crypto_int32 f7_2 = 2 * f7;
-  crypto_int32 f9_2 = 2 * f9;
-  crypto_int64 f0g0    = f0   * (crypto_int64) g0;
-  crypto_int64 f0g1    = f0   * (crypto_int64) g1;
-  crypto_int64 f0g2    = f0   * (crypto_int64) g2;
-  crypto_int64 f0g3    = f0   * (crypto_int64) g3;
-  crypto_int64 f0g4    = f0   * (crypto_int64) g4;
-  crypto_int64 f0g5    = f0   * (crypto_int64) g5;
-  crypto_int64 f0g6    = f0   * (crypto_int64) g6;
-  crypto_int64 f0g7    = f0   * (crypto_int64) g7;
-  crypto_int64 f0g8    = f0   * (crypto_int64) g8;
-  crypto_int64 f0g9    = f0   * (crypto_int64) g9;
-  crypto_int64 f1g0    = f1   * (crypto_int64) g0;
-  crypto_int64 f1g1_2  = f1_2 * (crypto_int64) g1;
-  crypto_int64 f1g2    = f1   * (crypto_int64) g2;
-  crypto_int64 f1g3_2  = f1_2 * (crypto_int64) g3;
-  crypto_int64 f1g4    = f1   * (crypto_int64) g4;
-  crypto_int64 f1g5_2  = f1_2 * (crypto_int64) g5;
-  crypto_int64 f1g6    = f1   * (crypto_int64) g6;
-  crypto_int64 f1g7_2  = f1_2 * (crypto_int64) g7;
-  crypto_int64 f1g8    = f1   * (crypto_int64) g8;
-  crypto_int64 f1g9_38 = f1_2 * (crypto_int64) g9_19;
-  crypto_int64 f2g0    = f2   * (crypto_int64) g0;
-  crypto_int64 f2g1    = f2   * (crypto_int64) g1;
-  crypto_int64 f2g2    = f2   * (crypto_int64) g2;
-  crypto_int64 f2g3    = f2   * (crypto_int64) g3;
-  crypto_int64 f2g4    = f2   * (crypto_int64) g4;
-  crypto_int64 f2g5    = f2   * (crypto_int64) g5;
-  crypto_int64 f2g6    = f2   * (crypto_int64) g6;
-  crypto_int64 f2g7    = f2   * (crypto_int64) g7;
-  crypto_int64 f2g8_19 = f2   * (crypto_int64) g8_19;
-  crypto_int64 f2g9_19 = f2   * (crypto_int64) g9_19;
-  crypto_int64 f3g0    = f3   * (crypto_int64) g0;
-  crypto_int64 f3g1_2  = f3_2 * (crypto_int64) g1;
-  crypto_int64 f3g2    = f3   * (crypto_int64) g2;
-  crypto_int64 f3g3_2  = f3_2 * (crypto_int64) g3;
-  crypto_int64 f3g4    = f3   * (crypto_int64) g4;
-  crypto_int64 f3g5_2  = f3_2 * (crypto_int64) g5;
-  crypto_int64 f3g6    = f3   * (crypto_int64) g6;
-  crypto_int64 f3g7_38 = f3_2 * (crypto_int64) g7_19;
-  crypto_int64 f3g8_19 = f3   * (crypto_int64) g8_19;
-  crypto_int64 f3g9_38 = f3_2 * (crypto_int64) g9_19;
-  crypto_int64 f4g0    = f4   * (crypto_int64) g0;
-  crypto_int64 f4g1    = f4   * (crypto_int64) g1;
-  crypto_int64 f4g2    = f4   * (crypto_int64) g2;
-  crypto_int64 f4g3    = f4   * (crypto_int64) g3;
-  crypto_int64 f4g4    = f4   * (crypto_int64) g4;
-  crypto_int64 f4g5    = f4   * (crypto_int64) g5;
-  crypto_int64 f4g6_19 = f4   * (crypto_int64) g6_19;
-  crypto_int64 f4g7_19 = f4   * (crypto_int64) g7_19;
-  crypto_int64 f4g8_19 = f4   * (crypto_int64) g8_19;
-  crypto_int64 f4g9_19 = f4   * (crypto_int64) g9_19;
-  crypto_int64 f5g0    = f5   * (crypto_int64) g0;
-  crypto_int64 f5g1_2  = f5_2 * (crypto_int64) g1;
-  crypto_int64 f5g2    = f5   * (crypto_int64) g2;
-  crypto_int64 f5g3_2  = f5_2 * (crypto_int64) g3;
-  crypto_int64 f5g4    = f5   * (crypto_int64) g4;
-  crypto_int64 f5g5_38 = f5_2 * (crypto_int64) g5_19;
-  crypto_int64 f5g6_19 = f5   * (crypto_int64) g6_19;
-  crypto_int64 f5g7_38 = f5_2 * (crypto_int64) g7_19;
-  crypto_int64 f5g8_19 = f5   * (crypto_int64) g8_19;
-  crypto_int64 f5g9_38 = f5_2 * (crypto_int64) g9_19;
-  crypto_int64 f6g0    = f6   * (crypto_int64) g0;
-  crypto_int64 f6g1    = f6   * (crypto_int64) g1;
-  crypto_int64 f6g2    = f6   * (crypto_int64) g2;
-  crypto_int64 f6g3    = f6   * (crypto_int64) g3;
-  crypto_int64 f6g4_19 = f6   * (crypto_int64) g4_19;
-  crypto_int64 f6g5_19 = f6   * (crypto_int64) g5_19;
-  crypto_int64 f6g6_19 = f6   * (crypto_int64) g6_19;
-  crypto_int64 f6g7_19 = f6   * (crypto_int64) g7_19;
-  crypto_int64 f6g8_19 = f6   * (crypto_int64) g8_19;
-  crypto_int64 f6g9_19 = f6   * (crypto_int64) g9_19;
-  crypto_int64 f7g0    = f7   * (crypto_int64) g0;
-  crypto_int64 f7g1_2  = f7_2 * (crypto_int64) g1;
-  crypto_int64 f7g2    = f7   * (crypto_int64) g2;
-  crypto_int64 f7g3_38 = f7_2 * (crypto_int64) g3_19;
-  crypto_int64 f7g4_19 = f7   * (crypto_int64) g4_19;
-  crypto_int64 f7g5_38 = f7_2 * (crypto_int64) g5_19;
-  crypto_int64 f7g6_19 = f7   * (crypto_int64) g6_19;
-  crypto_int64 f7g7_38 = f7_2 * (crypto_int64) g7_19;
-  crypto_int64 f7g8_19 = f7   * (crypto_int64) g8_19;
-  crypto_int64 f7g9_38 = f7_2 * (crypto_int64) g9_19;
-  crypto_int64 f8g0    = f8   * (crypto_int64) g0;
-  crypto_int64 f8g1    = f8   * (crypto_int64) g1;
-  crypto_int64 f8g2_19 = f8   * (crypto_int64) g2_19;
-  crypto_int64 f8g3_19 = f8   * (crypto_int64) g3_19;
-  crypto_int64 f8g4_19 = f8   * (crypto_int64) g4_19;
-  crypto_int64 f8g5_19 = f8   * (crypto_int64) g5_19;
-  crypto_int64 f8g6_19 = f8   * (crypto_int64) g6_19;
-  crypto_int64 f8g7_19 = f8   * (crypto_int64) g7_19;
-  crypto_int64 f8g8_19 = f8   * (crypto_int64) g8_19;
-  crypto_int64 f8g9_19 = f8   * (crypto_int64) g9_19;
-  crypto_int64 f9g0    = f9   * (crypto_int64) g0;
-  crypto_int64 f9g1_38 = f9_2 * (crypto_int64) g1_19;
-  crypto_int64 f9g2_19 = f9   * (crypto_int64) g2_19;
-  crypto_int64 f9g3_38 = f9_2 * (crypto_int64) g3_19;
-  crypto_int64 f9g4_19 = f9   * (crypto_int64) g4_19;
-  crypto_int64 f9g5_38 = f9_2 * (crypto_int64) g5_19;
-  crypto_int64 f9g6_19 = f9   * (crypto_int64) g6_19;
-  crypto_int64 f9g7_38 = f9_2 * (crypto_int64) g7_19;
-  crypto_int64 f9g8_19 = f9   * (crypto_int64) g8_19;
-  crypto_int64 f9g9_38 = f9_2 * (crypto_int64) g9_19;
-  crypto_int64 h0 = f0g0+f1g9_38+f2g8_19+f3g7_38+f4g6_19+f5g5_38+f6g4_19+f7g3_38+f8g2_19+f9g1_38;
-  crypto_int64 h1 = f0g1+f1g0   +f2g9_19+f3g8_19+f4g7_19+f5g6_19+f6g5_19+f7g4_19+f8g3_19+f9g2_19;
-  crypto_int64 h2 = f0g2+f1g1_2 +f2g0   +f3g9_38+f4g8_19+f5g7_38+f6g6_19+f7g5_38+f8g4_19+f9g3_38;
-  crypto_int64 h3 = f0g3+f1g2   +f2g1   +f3g0   +f4g9_19+f5g8_19+f6g7_19+f7g6_19+f8g5_19+f9g4_19;
-  crypto_int64 h4 = f0g4+f1g3_2 +f2g2   +f3g1_2 +f4g0   +f5g9_38+f6g8_19+f7g7_38+f8g6_19+f9g5_38;
-  crypto_int64 h5 = f0g5+f1g4   +f2g3   +f3g2   +f4g1   +f5g0   +f6g9_19+f7g8_19+f8g7_19+f9g6_19;
-  crypto_int64 h6 = f0g6+f1g5_2 +f2g4   +f3g3_2 +f4g2   +f5g1_2 +f6g0   +f7g9_38+f8g8_19+f9g7_38;
-  crypto_int64 h7 = f0g7+f1g6   +f2g5   +f3g4   +f4g3   +f5g2   +f6g1   +f7g0   +f8g9_19+f9g8_19;
-  crypto_int64 h8 = f0g8+f1g7_2 +f2g6   +f3g5_2 +f4g4   +f5g3_2 +f6g2   +f7g1_2 +f8g0   +f9g9_38;
-  crypto_int64 h9 = f0g9+f1g8   +f2g7   +f3g6   +f4g5   +f5g4   +f6g3   +f7g2   +f8g1   +f9g0   ;
-  crypto_int64 carry0;
-  crypto_int64 carry1;
-  crypto_int64 carry2;
-  crypto_int64 carry3;
-  crypto_int64 carry4;
-  crypto_int64 carry5;
-  crypto_int64 carry6;
-  crypto_int64 carry7;
-  crypto_int64 carry8;
-  crypto_int64 carry9;
-
-  /*
-  |h0| <= (1.65*1.65*2^52*(1+19+19+19+19)+1.65*1.65*2^50*(38+38+38+38+38))
-    i.e. |h0| <= 1.4*2^60; narrower ranges for h2, h4, h6, h8
-  |h1| <= (1.65*1.65*2^51*(1+1+19+19+19+19+19+19+19+19))
-    i.e. |h1| <= 1.7*2^59; narrower ranges for h3, h5, h7, h9
-  */
-
-  carry0 = (h0 + (crypto_int64) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
-  carry4 = (h4 + (crypto_int64) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
-  /* |h0| <= 2^25 */
-  /* |h4| <= 2^25 */
-  /* |h1| <= 1.71*2^59 */
-  /* |h5| <= 1.71*2^59 */
-
-  carry1 = (h1 + (crypto_int64) (1<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25;
-  carry5 = (h5 + (crypto_int64) (1<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25;
-  /* |h1| <= 2^24; from now on fits into int32 */
-  /* |h5| <= 2^24; from now on fits into int32 */
-  /* |h2| <= 1.41*2^60 */
-  /* |h6| <= 1.41*2^60 */
-
-  carry2 = (h2 + (crypto_int64) (1<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26;
-  carry6 = (h6 + (crypto_int64) (1<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26;
-  /* |h2| <= 2^25; from now on fits into int32 unchanged */
-  /* |h6| <= 2^25; from now on fits into int32 unchanged */
-  /* |h3| <= 1.71*2^59 */
-  /* |h7| <= 1.71*2^59 */
-
-  carry3 = (h3 + (crypto_int64) (1<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25;
-  carry7 = (h7 + (crypto_int64) (1<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25;
-  /* |h3| <= 2^24; from now on fits into int32 unchanged */
-  /* |h7| <= 2^24; from now on fits into int32 unchanged */
-  /* |h4| <= 1.72*2^34 */
-  /* |h8| <= 1.41*2^60 */
-
-  carry4 = (h4 + (crypto_int64) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
-  carry8 = (h8 + (crypto_int64) (1<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26;
-  /* |h4| <= 2^25; from now on fits into int32 unchanged */
-  /* |h8| <= 2^25; from now on fits into int32 unchanged */
-  /* |h5| <= 1.01*2^24 */
-  /* |h9| <= 1.71*2^59 */
-
-  carry9 = (h9 + (crypto_int64) (1<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25;
-  /* |h9| <= 2^24; from now on fits into int32 unchanged */
-  /* |h0| <= 1.1*2^39 */
-
-  carry0 = (h0 + (crypto_int64) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
-  /* |h0| <= 2^25; from now on fits into int32 unchanged */
-  /* |h1| <= 1.01*2^24 */
-
-  h[0] = h0;
-  h[1] = h1;
-  h[2] = h2;
-  h[3] = h3;
-  h[4] = h4;
-  h[5] = h5;
-  h[6] = h6;
-  h[7] = h7;
-  h[8] = h8;
-  h[9] = h9;
-}

libaxolotl/jni/ed25519/fe_neg.c

@@ -1,45 +0,0 @@
-#include "fe.h"
-
-/*
-h = -f
-
-Preconditions:
-   |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
-
-Postconditions:
-   |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
-*/
-
-void fe_neg(fe h,const fe f)
-{
-  crypto_int32 f0 = f[0];
-  crypto_int32 f1 = f[1];
-  crypto_int32 f2 = f[2];
-  crypto_int32 f3 = f[3];
-  crypto_int32 f4 = f[4];
-  crypto_int32 f5 = f[5];
-  crypto_int32 f6 = f[6];
-  crypto_int32 f7 = f[7];
-  crypto_int32 f8 = f[8];
-  crypto_int32 f9 = f[9];
-  crypto_int32 h0 = -f0;
-  crypto_int32 h1 = -f1;
-  crypto_int32 h2 = -f2;
-  crypto_int32 h3 = -f3;
-  crypto_int32 h4 = -f4;
-  crypto_int32 h5 = -f5;
-  crypto_int32 h6 = -f6;
-  crypto_int32 h7 = -f7;
-  crypto_int32 h8 = -f8;
-  crypto_int32 h9 = -f9;
-  h[0] = h0;
-  h[1] = h1;
-  h[2] = h2;
-  h[3] = h3;
-  h[4] = h4;
-  h[5] = h5;
-  h[6] = h6;
-  h[7] = h7;
-  h[8] = h8;
-  h[9] = h9;
-}

libaxolotl/jni/ed25519/fe_pow22523.c

@@ -1,13 +0,0 @@
-#include "fe.h"
-
-void fe_pow22523(fe out,const fe z)
-{
-  fe t0;
-  fe t1;
-  fe t2;
-  int i;
-
-#include "pow22523.h"
-
-  return;
-}

libaxolotl/jni/ed25519/fe_sq.c

@@ -1,149 +0,0 @@
-#include "fe.h"
-#include "crypto_int64.h"
-
-/*
-h = f * f
-Can overlap h with f.
-
-Preconditions:
-   |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
-
-Postconditions:
-   |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc.
-*/
-
-/*
-See fe_mul.c for discussion of implementation strategy.
-*/
-
-void fe_sq(fe h,const fe f)
-{
-  crypto_int32 f0 = f[0];
-  crypto_int32 f1 = f[1];
-  crypto_int32 f2 = f[2];
-  crypto_int32 f3 = f[3];
-  crypto_int32 f4 = f[4];
-  crypto_int32 f5 = f[5];
-  crypto_int32 f6 = f[6];
-  crypto_int32 f7 = f[7];
-  crypto_int32 f8 = f[8];
-  crypto_int32 f9 = f[9];
-  crypto_int32 f0_2 = 2 * f0;
-  crypto_int32 f1_2 = 2 * f1;
-  crypto_int32 f2_2 = 2 * f2;
-  crypto_int32 f3_2 = 2 * f3;
-  crypto_int32 f4_2 = 2 * f4;
-  crypto_int32 f5_2 = 2 * f5;
-  crypto_int32 f6_2 = 2 * f6;
-  crypto_int32 f7_2 = 2 * f7;
-  crypto_int32 f5_38 = 38 * f5; /* 1.959375*2^30 */
-  crypto_int32 f6_19 = 19 * f6; /* 1.959375*2^30 */
-  crypto_int32 f7_38 = 38 * f7; /* 1.959375*2^30 */
-  crypto_int32 f8_19 = 19 * f8; /* 1.959375*2^30 */
-  crypto_int32 f9_38 = 38 * f9; /* 1.959375*2^30 */
-  crypto_int64 f0f0    = f0   * (crypto_int64) f0;
-  crypto_int64 f0f1_2  = f0_2 * (crypto_int64) f1;
-  crypto_int64 f0f2_2  = f0_2 * (crypto_int64) f2;
-  crypto_int64 f0f3_2  = f0_2 * (crypto_int64) f3;
-  crypto_int64 f0f4_2  = f0_2 * (crypto_int64) f4;
-  crypto_int64 f0f5_2  = f0_2 * (crypto_int64) f5;
-  crypto_int64 f0f6_2  = f0_2 * (crypto_int64) f6;
-  crypto_int64 f0f7_2  = f0_2 * (crypto_int64) f7;
-  crypto_int64 f0f8_2  = f0_2 * (crypto_int64) f8;
-  crypto_int64 f0f9_2  = f0_2 * (crypto_int64) f9;
-  crypto_int64 f1f1_2  = f1_2 * (crypto_int64) f1;
-  crypto_int64 f1f2_2  = f1_2 * (crypto_int64) f2;
-  crypto_int64 f1f3_4  = f1_2 * (crypto_int64) f3_2;
-  crypto_int64 f1f4_2  = f1_2 * (crypto_int64) f4;
-  crypto_int64 f1f5_4  = f1_2 * (crypto_int64) f5_2;
-  crypto_int64 f1f6_2  = f1_2 * (crypto_int64) f6;
-  crypto_int64 f1f7_4  = f1_2 * (crypto_int64) f7_2;
-  crypto_int64 f1f8_2  = f1_2 * (crypto_int64) f8;
-  crypto_int64 f1f9_76 = f1_2 * (crypto_int64) f9_38;
-  crypto_int64 f2f2    = f2   * (crypto_int64) f2;
-  crypto_int64 f2f3_2  = f2_2 * (crypto_int64) f3;
-  crypto_int64 f2f4_2  = f2_2 * (crypto_int64) f4;
-  crypto_int64 f2f5_2  = f2_2 * (crypto_int64) f5;
-  crypto_int64 f2f6_2  = f2_2 * (crypto_int64) f6;
-  crypto_int64 f2f7_2  = f2_2 * (crypto_int64) f7;
-  crypto_int64 f2f8_38 = f2_2 * (crypto_int64) f8_19;
-  crypto_int64 f2f9_38 = f2   * (crypto_int64) f9_38;
-  crypto_int64 f3f3_2  = f3_2 * (crypto_int64) f3;
-  crypto_int64 f3f4_2  = f3_2 * (crypto_int64) f4;
-  crypto_int64 f3f5_4  = f3_2 * (crypto_int64) f5_2;
-  crypto_int64 f3f6_2  = f3_2 * (crypto_int64) f6;
-  crypto_int64 f3f7_76 = f3_2 * (crypto_int64) f7_38;
-  crypto_int64 f3f8_38 = f3_2 * (crypto_int64) f8_19;
-  crypto_int64 f3f9_76 = f3_2 * (crypto_int64) f9_38;
-  crypto_int64 f4f4    = f4   * (crypto_int64) f4;
-  crypto_int64 f4f5_2  = f4_2 * (crypto_int64) f5;
-  crypto_int64 f4f6_38 = f4_2 * (crypto_int64) f6_19;
-  crypto_int64 f4f7_38 = f4   * (crypto_int64) f7_38;
-  crypto_int64 f4f8_38 = f4_2 * (crypto_int64) f8_19;
-  crypto_int64 f4f9_38 = f4   * (crypto_int64) f9_38;
-  crypto_int64 f5f5_38 = f5   * (crypto_int64) f5_38;
-  crypto_int64 f5f6_38 = f5_2 * (crypto_int64) f6_19;
-  crypto_int64 f5f7_76 = f5_2 * (crypto_int64) f7_38;
-  crypto_int64 f5f8_38 = f5_2 * (crypto_int64) f8_19;
-  crypto_int64 f5f9_76 = f5_2 * (crypto_int64) f9_38;
-  crypto_int64 f6f6_19 = f6   * (crypto_int64) f6_19;
-  crypto_int64 f6f7_38 = f6   * (crypto_int64) f7_38;
-  crypto_int64 f6f8_38 = f6_2 * (crypto_int64) f8_19;
-  crypto_int64 f6f9_38 = f6   * (crypto_int64) f9_38;
-  crypto_int64 f7f7_38 = f7   * (crypto_int64) f7_38;
-  crypto_int64 f7f8_38 = f7_2 * (crypto_int64) f8_19;
-  crypto_int64 f7f9_76 = f7_2 * (crypto_int64) f9_38;
-  crypto_int64 f8f8_19 = f8   * (crypto_int64) f8_19;
-  crypto_int64 f8f9_38 = f8   * (crypto_int64) f9_38;
-  crypto_int64 f9f9_38 = f9   * (crypto_int64) f9_38;
-  crypto_int64 h0 = f0f0  +f1f9_76+f2f8_38+f3f7_76+f4f6_38+f5f5_38;
-  crypto_int64 h1 = f0f1_2+f2f9_38+f3f8_38+f4f7_38+f5f6_38;
-  crypto_int64 h2 = f0f2_2+f1f1_2 +f3f9_76+f4f8_38+f5f7_76+f6f6_19;
-  crypto_int64 h3 = f0f3_2+f1f2_2 +f4f9_38+f5f8_38+f6f7_38;
-  crypto_int64 h4 = f0f4_2+f1f3_4 +f2f2   +f5f9_76+f6f8_38+f7f7_38;
-  crypto_int64 h5 = f0f5_2+f1f4_2 +f2f3_2 +f6f9_38+f7f8_38;
-  crypto_int64 h6 = f0f6_2+f1f5_4 +f2f4_2 +f3f3_2 +f7f9_76+f8f8_19;
-  crypto_int64 h7 = f0f7_2+f1f6_2 +f2f5_2 +f3f4_2 +f8f9_38;
-  crypto_int64 h8 = f0f8_2+f1f7_4 +f2f6_2 +f3f5_4 +f4f4   +f9f9_38;
-  crypto_int64 h9 = f0f9_2+f1f8_2 +f2f7_2 +f3f6_2 +f4f5_2;
-  crypto_int64 carry0;
-  crypto_int64 carry1;
-  crypto_int64 carry2;
-  crypto_int64 carry3;
-  crypto_int64 carry4;
-  crypto_int64 carry5;
-  crypto_int64 carry6;
-  crypto_int64 carry7;
-  crypto_int64 carry8;
-  crypto_int64 carry9;
-
-  carry0 = (h0 + (crypto_int64) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
-  carry4 = (h4 + (crypto_int64) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
-
-  carry1 = (h1 + (crypto_int64) (1<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25;
-  carry5 = (h5 + (crypto_int64) (1<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25;
-
-  carry2 = (h2 + (crypto_int64) (1<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26;
-  carry6 = (h6 + (crypto_int64) (1<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26;
-
-  carry3 = (h3 + (crypto_int64) (1<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25;
-  carry7 = (h7 + (crypto_int64) (1<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25;
-
-  carry4 = (h4 + (crypto_int64) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
-  carry8 = (h8 + (crypto_int64) (1<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26;
-
-  carry9 = (h9 + (crypto_int64) (1<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25;
-
-  carry0 = (h0 + (crypto_int64) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
-
-  h[0] = h0;
-  h[1] = h1;
-  h[2] = h2;
-  h[3] = h3;
-  h[4] = h4;
-  h[5] = h5;
-  h[6] = h6;
-  h[7] = h7;
-  h[8] = h8;
-  h[9] = h9;
-}

libaxolotl/jni/ed25519/fe_sq2.c

@@ -1,160 +0,0 @@
-#include "fe.h"
-#include "crypto_int64.h"
-
-/*
-h = 2 * f * f
-Can overlap h with f.
-
-Preconditions:
-   |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
-
-Postconditions:
-   |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc.
-*/
-
-/*
-See fe_mul.c for discussion of implementation strategy.
-*/
-
-void fe_sq2(fe h,const fe f)
-{
-  crypto_int32 f0 = f[0];
-  crypto_int32 f1 = f[1];
-  crypto_int32 f2 = f[2];
-  crypto_int32 f3 = f[3];
-  crypto_int32 f4 = f[4];
-  crypto_int32 f5 = f[5];
-  crypto_int32 f6 = f[6];
-  crypto_int32 f7 = f[7];
-  crypto_int32 f8 = f[8];
-  crypto_int32 f9 = f[9];
-  crypto_int32 f0_2 = 2 * f0;
-  crypto_int32 f1_2 = 2 * f1;
-  crypto_int32 f2_2 = 2 * f2;
-  crypto_int32 f3_2 = 2 * f3;
-  crypto_int32 f4_2 = 2 * f4;
-  crypto_int32 f5_2 = 2 * f5;
-  crypto_int32 f6_2 = 2 * f6;
-  crypto_int32 f7_2 = 2 * f7;
-  crypto_int32 f5_38 = 38 * f5; /* 1.959375*2^30 */
-  crypto_int32 f6_19 = 19 * f6; /* 1.959375*2^30 */
-  crypto_int32 f7_38 = 38 * f7; /* 1.959375*2^30 */
-  crypto_int32 f8_19 = 19 * f8; /* 1.959375*2^30 */
-  crypto_int32 f9_38 = 38 * f9; /* 1.959375*2^30 */
-  crypto_int64 f0f0    = f0   * (crypto_int64) f0;
-  crypto_int64 f0f1_2  = f0_2 * (crypto_int64) f1;
-  crypto_int64 f0f2_2  = f0_2 * (crypto_int64) f2;
-  crypto_int64 f0f3_2  = f0_2 * (crypto_int64) f3;
-  crypto_int64 f0f4_2  = f0_2 * (crypto_int64) f4;
-  crypto_int64 f0f5_2  = f0_2 * (crypto_int64) f5;
-  crypto_int64 f0f6_2  = f0_2 * (crypto_int64) f6;
-  crypto_int64 f0f7_2  = f0_2 * (crypto_int64) f7;
-  crypto_int64 f0f8_2  = f0_2 * (crypto_int64) f8;
-  crypto_int64 f0f9_2  = f0_2 * (crypto_int64) f9;
-  crypto_int64 f1f1_2  = f1_2 * (crypto_int64) f1;
-  crypto_int64 f1f2_2  = f1_2 * (crypto_int64) f2;
-  crypto_int64 f1f3_4  = f1_2 * (crypto_int64) f3_2;
-  crypto_int64 f1f4_2  = f1_2 * (crypto_int64) f4;
-  crypto_int64 f1f5_4  = f1_2 * (crypto_int64) f5_2;
-  crypto_int64 f1f6_2  = f1_2 * (crypto_int64) f6;
-  crypto_int64 f1f7_4  = f1_2 * (crypto_int64) f7_2;
-  crypto_int64 f1f8_2  = f1_2 * (crypto_int64) f8;
-  crypto_int64 f1f9_76 = f1_2 * (crypto_int64) f9_38;
-  crypto_int64 f2f2    = f2   * (crypto_int64) f2;
-  crypto_int64 f2f3_2  = f2_2 * (crypto_int64) f3;
-  crypto_int64 f2f4_2  = f2_2 * (crypto_int64) f4;
-  crypto_int64 f2f5_2  = f2_2 * (crypto_int64) f5;
-  crypto_int64 f2f6_2  = f2_2 * (crypto_int64) f6;
-  crypto_int64 f2f7_2  = f2_2 * (crypto_int64) f7;
-  crypto_int64 f2f8_38 = f2_2 * (crypto_int64) f8_19;
-  crypto_int64 f2f9_38 = f2   * (crypto_int64) f9_38;
-  crypto_int64 f3f3_2  = f3_2 * (crypto_int64) f3;
-  crypto_int64 f3f4_2  = f3_2 * (crypto_int64) f4;
-  crypto_int64 f3f5_4  = f3_2 * (crypto_int64) f5_2;
-  crypto_int64 f3f6_2  = f3_2 * (crypto_int64) f6;
-  crypto_int64 f3f7_76 = f3_2 * (crypto_int64) f7_38;
-  crypto_int64 f3f8_38 = f3_2 * (crypto_int64) f8_19;
-  crypto_int64 f3f9_76 = f3_2 * (crypto_int64) f9_38;
-  crypto_int64 f4f4    = f4   * (crypto_int64) f4;
-  crypto_int64 f4f5_2  = f4_2 * (crypto_int64) f5;
-  crypto_int64 f4f6_38 = f4_2 * (crypto_int64) f6_19;
-  crypto_int64 f4f7_38 = f4   * (crypto_int64) f7_38;
-  crypto_int64 f4f8_38 = f4_2 * (crypto_int64) f8_19;
-  crypto_int64 f4f9_38 = f4   * (crypto_int64) f9_38;
-  crypto_int64 f5f5_38 = f5   * (crypto_int64) f5_38;
-  crypto_int64 f5f6_38 = f5_2 * (crypto_int64) f6_19;
-  crypto_int64 f5f7_76 = f5_2 * (crypto_int64) f7_38;
-  crypto_int64 f5f8_38 = f5_2 * (crypto_int64) f8_19;
-  crypto_int64 f5f9_76 = f5_2 * (crypto_int64) f9_38;
-  crypto_int64 f6f6_19 = f6   * (crypto_int64) f6_19;
-  crypto_int64 f6f7_38 = f6   * (crypto_int64) f7_38;
-  crypto_int64 f6f8_38 = f6_2 * (crypto_int64) f8_19;
-  crypto_int64 f6f9_38 = f6   * (crypto_int64) f9_38;
-  crypto_int64 f7f7_38 = f7   * (crypto_int64) f7_38;
-  crypto_int64 f7f8_38 = f7_2 * (crypto_int64) f8_19;
-  crypto_int64 f7f9_76 = f7_2 * (crypto_int64) f9_38;
-  crypto_int64 f8f8_19 = f8   * (crypto_int64) f8_19;
-  crypto_int64 f8f9_38 = f8   * (crypto_int64) f9_38;
-  crypto_int64 f9f9_38 = f9   * (crypto_int64) f9_38;
-  crypto_int64 h0 = f0f0  +f1f9_76+f2f8_38+f3f7_76+f4f6_38+f5f5_38;
-  crypto_int64 h1 = f0f1_2+f2f9_38+f3f8_38+f4f7_38+f5f6_38;
-  crypto_int64 h2 = f0f2_2+f1f1_2 +f3f9_76+f4f8_38+f5f7_76+f6f6_19;
-  crypto_int64 h3 = f0f3_2+f1f2_2 +f4f9_38+f5f8_38+f6f7_38;
-  crypto_int64 h4 = f0f4_2+f1f3_4 +f2f2   +f5f9_76+f6f8_38+f7f7_38;
-  crypto_int64 h5 = f0f5_2+f1f4_2 +f2f3_2 +f6f9_38+f7f8_38;
-  crypto_int64 h6 = f0f6_2+f1f5_4 +f2f4_2 +f3f3_2 +f7f9_76+f8f8_19;
-  crypto_int64 h7 = f0f7_2+f1f6_2 +f2f5_2 +f3f4_2 +f8f9_38;
-  crypto_int64 h8 = f0f8_2+f1f7_4 +f2f6_2 +f3f5_4 +f4f4   +f9f9_38;
-  crypto_int64 h9 = f0f9_2+f1f8_2 +f2f7_2 +f3f6_2 +f4f5_2;
-  crypto_int64 carry0;
-  crypto_int64 carry1;
-  crypto_int64 carry2;
-  crypto_int64 carry3;
-  crypto_int64 carry4;
-  crypto_int64 carry5;
-  crypto_int64 carry6;
-  crypto_int64 carry7;
-  crypto_int64 carry8;
-  crypto_int64 carry9;
-
-  h0 += h0;
-  h1 += h1;
-  h2 += h2;
-  h3 += h3;
-  h4 += h4;
-  h5 += h5;
-  h6 += h6;
-  h7 += h7;
-  h8 += h8;
-  h9 += h9;
-
-  carry0 = (h0 + (crypto_int64) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
-  carry4 = (h4 + (crypto_int64) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
-
-  carry1 = (h1 + (crypto_int64) (1<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25;
-  carry5 = (h5 + (crypto_int64) (1<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25;
-
-  carry2 = (h2 + (crypto_int64) (1<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26;
-  carry6 = (h6 + (crypto_int64) (1<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26;
-
-  carry3 = (h3 + (crypto_int64) (1<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25;
-  carry7 = (h7 + (crypto_int64) (1<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25;
-
-  carry4 = (h4 + (crypto_int64) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
-  carry8 = (h8 + (crypto_int64) (1<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26;
-
-  carry9 = (h9 + (crypto_int64) (1<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25;
-
-  carry0 = (h0 + (crypto_int64) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
-
-  h[0] = h0;
-  h[1] = h1;
-  h[2] = h2;
-  h[3] = h3;
-  h[4] = h4;
-  h[5] = h5;
-  h[6] = h6;
-  h[7] = h7;
-  h[8] = h8;
-  h[9] = h9;
-}

libaxolotl/jni/ed25519/fe_sub.c

@@ -1,57 +0,0 @@
-#include "fe.h"
-
-/*
-h = f - g
-Can overlap h with f or g.
-
-Preconditions:
-   |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
-   |g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
-
-Postconditions:
-   |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
-*/
-
-void fe_sub(fe h,const fe f,const fe g)
-{
-  crypto_int32 f0 = f[0];
-  crypto_int32 f1 = f[1];
-  crypto_int32 f2 = f[2];
-  crypto_int32 f3 = f[3];
-  crypto_int32 f4 = f[4];
-  crypto_int32 f5 = f[5];
-  crypto_int32 f6 = f[6];
-  crypto_int32 f7 = f[7];
-  crypto_int32 f8 = f[8];
-  crypto_int32 f9 = f[9];
-  crypto_int32 g0 = g[0];
-  crypto_int32 g1 = g[1];
-  crypto_int32 g2 = g[2];
-  crypto_int32 g3 = g[3];
-  crypto_int32 g4 = g[4];
-  crypto_int32 g5 = g[5];
-  crypto_int32 g6 = g[6];
-  crypto_int32 g7 = g[7];
-  crypto_int32 g8 = g[8];
-  crypto_int32 g9 = g[9];
-  crypto_int32 h0 = f0 - g0;
-  crypto_int32 h1 = f1 - g1;
-  crypto_int32 h2 = f2 - g2;
-  crypto_int32 h3 = f3 - g3;
-  crypto_int32 h4 = f4 - g4;
-  crypto_int32 h5 = f5 - g5;
-  crypto_int32 h6 = f6 - g6;
-  crypto_int32 h7 = f7 - g7;
-  crypto_int32 h8 = f8 - g8;
-  crypto_int32 h9 = f9 - g9;
-  h[0] = h0;
-  h[1] = h1;
-  h[2] = h2;
-  h[3] = h3;
-  h[4] = h4;
-  h[5] = h5;
-  h[6] = h6;
-  h[7] = h7;
-  h[8] = h8;
-  h[9] = h9;
-}

libaxolotl/jni/ed25519/fe_tobytes.c

@@ -1,119 +0,0 @@
-#include "fe.h"
-
-/*
-Preconditions:
-  |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
-
-Write p=2^255-19; q=floor(h/p).
-Basic claim: q = floor(2^(-255)(h + 19 2^(-25)h9 + 2^(-1))).
-
-Proof:
-  Have |h|<=p so |q|<=1 so |19^2 2^(-255) q|<1/4.
-  Also have |h-2^230 h9|<2^231 so |19 2^(-255)(h-2^230 h9)|<1/4.
-
-  Write y=2^(-1)-19^2 2^(-255)q-19 2^(-255)(h-2^230 h9).
-  Then 0<y<1.
-
-  Write r=h-pq.
-  Have 0<=r<=p-1=2^255-20.
-  Thus 0<=r+19(2^-255)r<r+19(2^-255)2^255<=2^255-1.
-
-  Write x=r+19(2^-255)r+y.
-  Then 0<x<2^255 so floor(2^(-255)x) = 0 so floor(q+2^(-255)x) = q.
-
-  Have q+2^(-255)x = 2^(-255)(h + 19 2^(-25) h9 + 2^(-1))
-  so floor(2^(-255)(h + 19 2^(-25) h9 + 2^(-1))) = q.
-*/
-
-void fe_tobytes(unsigned char *s,const fe h)
-{
-  crypto_int32 h0 = h[0];
-  crypto_int32 h1 = h[1];
-  crypto_int32 h2 = h[2];
-  crypto_int32 h3 = h[3];
-  crypto_int32 h4 = h[4];
-  crypto_int32 h5 = h[5];
-  crypto_int32 h6 = h[6];
-  crypto_int32 h7 = h[7];
-  crypto_int32 h8 = h[8];
-  crypto_int32 h9 = h[9];
-  crypto_int32 q;
-  crypto_int32 carry0;
-  crypto_int32 carry1;
-  crypto_int32 carry2;
-  crypto_int32 carry3;
-  crypto_int32 carry4;
-  crypto_int32 carry5;
-  crypto_int32 carry6;
-  crypto_int32 carry7;
-  crypto_int32 carry8;
-  crypto_int32 carry9;
-
-  q = (19 * h9 + (((crypto_int32) 1) << 24)) >> 25;
-  q = (h0 + q) >> 26;
-  q = (h1 + q) >> 25;
-  q = (h2 + q) >> 26;
-  q = (h3 + q) >> 25;
-  q = (h4 + q) >> 26;
-  q = (h5 + q) >> 25;
-  q = (h6 + q) >> 26;
-  q = (h7 + q) >> 25;
-  q = (h8 + q) >> 26;
-  q = (h9 + q) >> 25;
-
-  /* Goal: Output h-(2^255-19)q, which is between 0 and 2^255-20. */
-  h0 += 19 * q;
-  /* Goal: Output h-2^255 q, which is between 0 and 2^255-20. */
-
-  carry0 = h0 >> 26; h1 += carry0; h0 -= carry0 << 26;
-  carry1 = h1 >> 25; h2 += carry1; h1 -= carry1 << 25;
-  carry2 = h2 >> 26; h3 += carry2; h2 -= carry2 << 26;
-  carry3 = h3 >> 25; h4 += carry3; h3 -= carry3 << 25;
-  carry4 = h4 >> 26; h5 += carry4; h4 -= carry4 << 26;
-  carry5 = h5 >> 25; h6 += carry5; h5 -= carry5 << 25;
-  carry6 = h6 >> 26; h7 += carry6; h6 -= carry6 << 26;
-  carry7 = h7 >> 25; h8 += carry7; h7 -= carry7 << 25;
-  carry8 = h8 >> 26; h9 += carry8; h8 -= carry8 << 26;
-  carry9 = h9 >> 25;               h9 -= carry9 << 25;
-                  /* h10 = carry9 */
-
-  /*
-  Goal: Output h0+...+2^255 h10-2^255 q, which is between 0 and 2^255-20.
-  Have h0+...+2^230 h9 between 0 and 2^255-1;
-  evidently 2^255 h10-2^255 q = 0.
-  Goal: Output h0+...+2^230 h9.
-  */
-
-  s[0] = h0 >> 0;
-  s[1] = h0 >> 8;
-  s[2] = h0 >> 16;
-  s[3] = (h0 >> 24) | (h1 << 2);
-  s[4] = h1 >> 6;
-  s[5] = h1 >> 14;
-  s[6] = (h1 >> 22) | (h2 << 3);
-  s[7] = h2 >> 5;
-  s[8] = h2 >> 13;
-  s[9] = (h2 >> 21) | (h3 << 5);
-  s[10] = h3 >> 3;
-  s[11] = h3 >> 11;
-  s[12] = (h3 >> 19) | (h4 << 6);
-  s[13] = h4 >> 2;
-  s[14] = h4 >> 10;
-  s[15] = h4 >> 18;
-  s[16] = h5 >> 0;
-  s[17] = h5 >> 8;
-  s[18] = h5 >> 16;
-  s[19] = (h5 >> 24) | (h6 << 1);
-  s[20] = h6 >> 7;
-  s[21] = h6 >> 15;
-  s[22] = (h6 >> 23) | (h7 << 3);
-  s[23] = h7 >> 5;
-  s[24] = h7 >> 13;
-  s[25] = (h7 >> 21) | (h8 << 4);
-  s[26] = h8 >> 4;
-  s[27] = h8 >> 12;
-  s[28] = (h8 >> 20) | (h9 << 6);
-  s[29] = h9 >> 2;
-  s[30] = h9 >> 10;
-  s[31] = h9 >> 18;
-}

libaxolotl/jni/ed25519/ge.h

@@ -1,95 +0,0 @@
-#ifndef GE_H
-#define GE_H
-
-/*
-ge means group element.
-
-Here the group is the set of pairs (x,y) of field elements (see fe.h)
-satisfying -x^2 + y^2 = 1 + d x^2y^2
-where d = -121665/121666.
-
-Representations:
-  ge_p2 (projective): (X:Y:Z) satisfying x=X/Z, y=Y/Z
-  ge_p3 (extended): (X:Y:Z:T) satisfying x=X/Z, y=Y/Z, XY=ZT
-  ge_p1p1 (completed): ((X:Z),(Y:T)) satisfying x=X/Z, y=Y/T
-  ge_precomp (Duif): (y+x,y-x,2dxy)
-*/
-
-#include "fe.h"
-
-typedef struct {
-  fe X;
-  fe Y;
-  fe Z;
-} ge_p2;
-
-typedef struct {
-  fe X;
-  fe Y;
-  fe Z;
-  fe T;
-} ge_p3;
-
-typedef struct {
-  fe X;
-  fe Y;
-  fe Z;
-  fe T;
-} ge_p1p1;
-
-typedef struct {
-  fe yplusx;
-  fe yminusx;
-  fe xy2d;
-} ge_precomp;
-
-typedef struct {
-  fe YplusX;
-  fe YminusX;
-  fe Z;
-  fe T2d;
-} ge_cached;
-
-#define ge_frombytes_negate_vartime crypto_sign_ed25519_ref10_ge_frombytes_negate_vartime
-#define ge_tobytes crypto_sign_ed25519_ref10_ge_tobytes
-#define ge_p3_tobytes crypto_sign_ed25519_ref10_ge_p3_tobytes
-
-#define ge_p2_0 crypto_sign_ed25519_ref10_ge_p2_0
-#define ge_p3_0 crypto_sign_ed25519_ref10_ge_p3_0
-#define ge_precomp_0 crypto_sign_ed25519_ref10_ge_precomp_0
-#define ge_p3_to_p2 crypto_sign_ed25519_ref10_ge_p3_to_p2
-#define ge_p3_to_cached crypto_sign_ed25519_ref10_ge_p3_to_cached
-#define ge_p1p1_to_p2 crypto_sign_ed25519_ref10_ge_p1p1_to_p2
-#define ge_p1p1_to_p3 crypto_sign_ed25519_ref10_ge_p1p1_to_p3
-#define ge_p2_dbl crypto_sign_ed25519_ref10_ge_p2_dbl
-#define ge_p3_dbl crypto_sign_ed25519_ref10_ge_p3_dbl
-
-#define ge_madd crypto_sign_ed25519_ref10_ge_madd
-#define ge_msub crypto_sign_ed25519_ref10_ge_msub
-#define ge_add crypto_sign_ed25519_ref10_ge_add
-#define ge_sub crypto_sign_ed25519_ref10_ge_sub
-#define ge_scalarmult_base crypto_sign_ed25519_ref10_ge_scalarmult_base
-#define ge_double_scalarmult_vartime crypto_sign_ed25519_ref10_ge_double_scalarmult_vartime
-
-extern void ge_tobytes(unsigned char *,const ge_p2 *);
-extern void ge_p3_tobytes(unsigned char *,const ge_p3 *);
-extern int ge_frombytes_negate_vartime(ge_p3 *,const unsigned char *);
-
-extern void ge_p2_0(ge_p2 *);
-extern void ge_p3_0(ge_p3 *);
-extern void ge_precomp_0(ge_precomp *);
-extern void ge_p3_to_p2(ge_p2 *,const ge_p3 *);
-extern void ge_p3_to_cached(ge_cached *,const ge_p3 *);
-extern void ge_p1p1_to_p2(ge_p2 *,const ge_p1p1 *);
-extern void ge_p1p1_to_p3(ge_p3 *,const ge_p1p1 *);
-extern void ge_p2_dbl(ge_p1p1 *,const ge_p2 *);
-extern void ge_p3_dbl(ge_p1p1 *,const ge_p3 *);
-
-extern void ge_madd(ge_p1p1 *,const ge_p3 *,const ge_precomp *);
-extern void ge_msub(ge_p1p1 *,const ge_p3 *,const ge_precomp *);
-extern void ge_add(ge_p1p1 *,const ge_p3 *,const ge_cached *);
-extern void ge_sub(ge_p1p1 *,const ge_p3 *,const ge_cached *);
-extern void ge_scalarmult_base(ge_p3 *,const unsigned char *);
-extern void ge_double_scalarmult_vartime(ge_p2 *,const unsigned char *,const ge_p3 *,const unsigned char *);
-
-#endif

libaxolotl/jni/ed25519/ge_add.c

@@ -1,11 +0,0 @@
-#include "ge.h"
-
-/*
-r = p + q
-*/
-
-void ge_add(ge_p1p1 *r,const ge_p3 *p,const ge_cached *q)
-{
-  fe t0;
-#include "ge_add.h"
-}