release: Release 0.5.0

Merge pull request #32 from PapaTutuWawa/rework
Rework omemo_dart to finally enable (hopefully) stable E2EE in Moxxy.
2023-06-18 21:27:40 +02:00 · 2023-06-18 21:25:36 +02:00 · 2023-06-18 21:24:50 +02:00 · 2023-06-18 20:51:49 +02:00 · 2023-06-18 20:44:05 +02:00 · 2023-06-18 12:44:09 +02:00
47 changed files with 3635 additions and 4540 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -54,3 +54,15 @@
 ## 0.4.3
 - Fix bug that causes ratchets to be unable to decrypt anything after receiving a heartbeat with a completely new session
 ## 0.5.0
 This version is a complete rework of omemo_dart!
 - Removed events from `OmemoManager`
 - Removed `OmemoSessionManager`
 - Removed serialization/deserialization code
 - Replace exceptions with errors inside a result type
 - Ratchets and trust data is now loaded and cached on demand
 - Accessing the trust manager must happen via `withTrustManager`
 - Overriding the base implementations is replaced by providing callback functions
--- a/README.md
+++ b/README.md
@ -28,22 +28,32 @@ Include `omemo_dart` in your `pubspec.yaml` like this:
 dependencies:
  omemo_dart:
    hosted: https://git.polynom.me/api/packages/PapaTutuWawa/pub
-    version: ^0.4.3
+    version: ^0.5.0
  # [...]
 # [...]
 ```
-## Contributing
+### Example
-Due to issues with `protobuf`, `omemo_dart` reimplements the Protobuf encoding for the required
+This repository includes a documented ["example"](./example/omemo_dart_example.dart) that explains the basic usage of the library while
-OMEMO messages. As such, `protobuf` is only a dependency for testing that the serialisation and
+leaving out the XMPP specific bits. For a more functional and integrated example, see the `omemo_client.dart` example from
-deserialisation of the custom implementation. In order to run tests, you need the Protbuf
+[moxxmpp](https://codeberg.org/moxxy/moxxmpp).
-compiler. After that, making sure that
+
-the [Dart Protobuf compiler addon](https://pub.dev/packages/protoc_plugin) and the
+### Persistence
-Protobuf compiler itself is in your PATH,
+
-run `protoc -I=./protobuf/ --dart_out=lib/protobuf/ ./protobuf/schema.proto` in the
+By default, `omemo_dart` uses in-memory implementations for everything. For a real-world application, this is unsuitable as OMEMO devices would be constantly added.
-repository's root to generate the real Protobuf bindings.
+In order to allow persistence, your application needs to keep track of the following:
 - The `OmemoDevice` assigned to the `OmemoManager`
 - `JID -> [int]`: The device list for each JID
 - `(JID, device) -> Ratchet`: The actual ratchet
 If you also use the `BlindTrustBeforeVerificationTrustManager`, you additionally need to keep track of:
 - `(JID, device) -> (int, bool)`: The trust level and the enablement state
 ## Contributing
 When submitting a PR, please run the linter using `dart analyze` and make sure that all
 tests still pass using `dart test`.
--- a/analysis_options.yaml
+++ b/analysis_options.yaml
@ -9,8 +9,5 @@ linter:
 analyzer:
  exclude:
-    - "lib/protobuf/*.dart"
+    - "lib/src/protobuf/*.dart"
    # TODO: Remove once OmemoSessionManager is gone
    - "test/omemo_test.dart"
    - "example/omemo_dart_example.dart"
    - "test/serialisation_test.dart"
--- a/example/omemo_dart_example.dart
+++ b/example/omemo_dart_example.dart
@ -35,6 +35,10 @@ void main() async {
    // This needs to be wired into your XMPP library's OMEMO implementation.
    // For simplicity, we use an empty function and imagine it works.
    (jid) async {},
    // This function is called whenever our own device bundle has to be republished to our PEP node.
    // This needs to be wired into your XMPP library's OMEMO implementation.
    // For simplicity, we use an empty function and imagine it works.
    (device) async {},
  );
  // Alice now wants to chat with Bob at his bare Jid "bob@other.server". To make things
@ -42,7 +46,7 @@ void main() async {
  // request it using PEP and then convert the device bundle into a OmemoBundle object.
  final bobManager = OmemoManager(
    await OmemoDevice.generateNewDevice(bobJid),
-    MemoryBTBVTrustManager(),
+    BlindTrustBeforeVerificationTrustManager(),
    (result, recipient) async => {},
    (jid) async => [],
    (jid, id) async => null,
@ -145,6 +149,11 @@ void main() async {
      /// The text of the <payload /> element, if it exists. If not, then the message might be
      /// a hearbeat, where no payload is sent. In that case, use null.
      payload,
      /// Since we did not receive this message due to a catch-up mechanism, like MAM, we
      /// set this to false. If we, however, did use a catch-up mechanism, we must set this
      /// to true to prevent the OPKs from being replaced.
      false,
    ),
  );
--- a/lib/omemo_dart.dart
+++ b/lib/omemo_dart.dart
@ -8,9 +8,10 @@ export 'src/omemo/bundle.dart';
 export 'src/omemo/device.dart';
 export 'src/omemo/encrypted_key.dart';
 export 'src/omemo/encryption_result.dart';
-export 'src/omemo/events.dart';
+export 'src/omemo/errors.dart';
 export 'src/omemo/fingerprint.dart';
-export 'src/omemo/omemomanager.dart';
+export 'src/omemo/omemo.dart';
 export 'src/omemo/ratchet_data.dart';
 export 'src/omemo/ratchet_map_key.dart';
 export 'src/omemo/stanza.dart';
 export 'src/trust/base.dart';
--- a/lib/src/common/constants.dart
+++ b/lib/src/common/constants.dart
@ -0,0 +1,11 @@
 /// The overarching assumption is that we use Ed25519 keys for the identity keys
 const omemoX3DHInfoString = 'OMEMO X3DH';
 /// The info used for when encrypting the AES key for the actual payload.
 const omemoPayloadInfoString = 'OMEMO Payload';
 /// Info string for ENCRYPT
 const encryptHkdfInfoString = 'OMEMO Message Key Material';
 /// Amount of messages we may skip per session
 const maxSkip = 1000;
--- a/lib/src/crypto.dart
+++ b/lib/src/crypto.dart
@ -1,5 +1,7 @@
 import 'dart:convert';
 import 'package:cryptography/cryptography.dart';
 import 'package:moxlib/moxlib.dart';
 import 'package:omemo_dart/src/errors.dart';
 import 'package:omemo_dart/src/keys.dart';
 /// Performs X25519 with [kp] and [pk]. If [identityKey] is set, then
@ -92,7 +94,7 @@ Future<List<int>> aes256CbcEncrypt(
 /// A small helper function to make AES-256-CBC easier. Decrypt [ciphertext] using [key] as
 /// the encryption key and [iv] as the IV. Returns the ciphertext.
-Future<List<int>> aes256CbcDecrypt(
+Future<Result<MalformedCiphertextError, List<int>>> aes256CbcDecrypt(
  List<int> ciphertext,
  List<int> key,
  List<int> iv,
@ -100,13 +102,19 @@ Future<List<int>> aes256CbcDecrypt(
  final algorithm = AesCbc.with256bits(
    macAlgorithm: MacAlgorithm.empty,
  );
-  return algorithm.decrypt(
+  try {
-    NoMacSecretBox(
+    return Result(
-      ciphertext,
+      await algorithm.decrypt(
-      nonce: iv,
+        NoMacSecretBox(
-    ),
+          ciphertext,
-    secretKey: SecretKey(key),
+          nonce: iv,
-  );
+        ),
        secretKey: SecretKey(key),
      ),
    );
  } catch (ex) {
    return Result(MalformedCiphertextError(ex));
  }
 }
 /// OMEMO often uses the output of a HMAC-SHA-256 truncated to its first 16 bytes.
--- a/lib/src/double_ratchet/crypto.dart
+++ b/lib/src/double_ratchet/crypto.dart
@ -1,60 +0,0 @@
 import 'package:omemo_dart/src/crypto.dart';
 import 'package:omemo_dart/src/errors.dart';
 import 'package:omemo_dart/src/helpers.dart';
 import 'package:omemo_dart/src/protobuf/omemo_authenticated_message.dart';
 import 'package:omemo_dart/src/protobuf/omemo_message.dart';
 /// Info string for ENCRYPT
 const encryptHkdfInfoString = 'OMEMO Message Key Material';
 /// Signals ENCRYPT function as specified by OMEMO 0.8.3.
 /// Encrypt [plaintext] using the message key [mk], given associated_data [associatedData]
 /// and the AD output from the X3DH [sessionAd].
 Future<List<int>> encrypt(
  List<int> mk,
  List<int> plaintext,
  List<int> associatedData,
  List<int> sessionAd,
 ) async {
  // Generate encryption, authentication key and IV
  final keys = await deriveEncryptionKeys(mk, encryptHkdfInfoString);
  final ciphertext =
      await aes256CbcEncrypt(plaintext, keys.encryptionKey, keys.iv);
  final header =
      OmemoMessage.fromBuffer(associatedData.sublist(sessionAd.length))
        ..ciphertext = ciphertext;
  final headerBytes = header.writeToBuffer();
  final hmacInput = concat([sessionAd, headerBytes]);
  final hmacResult = await truncatedHmac(hmacInput, keys.authenticationKey);
  final message = OmemoAuthenticatedMessage()
    ..mac = hmacResult
    ..message = headerBytes;
  return message.writeToBuffer();
 }
 /// Signals DECRYPT function as specified by OMEMO 0.8.3.
 /// Decrypt [ciphertext] with the message key [mk], given the associated_data [associatedData]
 /// and the AD output from the X3DH.
 Future<List<int>> decrypt(
  List<int> mk,
  List<int> ciphertext,
  List<int> associatedData,
  List<int> sessionAd,
 ) async {
  // Generate encryption, authentication key and IV
  final keys = await deriveEncryptionKeys(mk, encryptHkdfInfoString);
  // Assumption ciphertext is a OMEMOAuthenticatedMessage
  final message = OmemoAuthenticatedMessage.fromBuffer(ciphertext);
  final header = OmemoMessage.fromBuffer(message.message!);
  final hmacInput = concat([sessionAd, header.writeToBuffer()]);
  final hmacResult = await truncatedHmac(hmacInput, keys.authenticationKey);
  if (!listsEqual(hmacResult, message.mac!)) {
    throw InvalidMessageHMACException();
  }
  return aes256CbcDecrypt(header.ciphertext!, keys.encryptionKey, keys.iv);
 }
--- a/lib/src/double_ratchet/double_ratchet.dart
+++ b/lib/src/double_ratchet/double_ratchet.dart
@ -1,47 +1,24 @@
 import 'dart:convert';
 import 'package:cryptography/cryptography.dart';
 import 'package:hex/hex.dart';
 import 'package:meta/meta.dart';
 import 'package:moxlib/moxlib.dart';
 import 'package:omemo_dart/src/common/constants.dart';
 import 'package:omemo_dart/src/crypto.dart';
 import 'package:omemo_dart/src/double_ratchet/crypto.dart';
 import 'package:omemo_dart/src/double_ratchet/kdf.dart';
 import 'package:omemo_dart/src/errors.dart';
 import 'package:omemo_dart/src/helpers.dart';
 import 'package:omemo_dart/src/keys.dart';
-import 'package:omemo_dart/src/protobuf/omemo_message.dart';
+import 'package:omemo_dart/src/protobuf/schema.pb.dart';
 /// Amount of messages we may skip per session
 const maxSkip = 1000;
 class RatchetStep {
  const RatchetStep(this.header, this.ciphertext);
  final OmemoMessage header;
  final List<int> ciphertext;
 }
@immutable
 class SkippedKey {
  const SkippedKey(this.dh, this.n);
-  factory SkippedKey.fromJson(Map<String, dynamic> data) {
+  /// The DH public key for which we skipped a message key.
    return SkippedKey(
      OmemoPublicKey.fromBytes(
        base64.decode(data['public']! as String),
        KeyPairType.x25519,
      ),
      data['n']! as int,
    );
  }
  final OmemoPublicKey dh;
  final int n;
-  Future<Map<String, dynamic>> toJson() async {
+  /// The associated number of the message key we skipped.
-    return {
+  final int n;
      'public': base64.encode(await dh.getBytes()),
      'n': n,
    };
  }
  @override
  bool operator ==(Object other) {
@ -52,6 +29,28 @@ class SkippedKey {
  int get hashCode => dh.hashCode ^ n.hashCode;
 }
@immutable
 class KeyExchangeData {
  const KeyExchangeData(
    this.pkId,
    this.spkId,
    this.ik,
    this.ek,
  );
  /// The id of the used OPK.
  final int pkId;
  /// The id of the used SPK.
  final int spkId;
  /// The ephemeral key used while the key exchange.
  final OmemoPublicKey ek;
  /// The identity key used in the key exchange.
  final OmemoPublicKey ik;
 }
 class OmemoDoubleRatchet {
  OmemoDoubleRatchet(
    this.dhs, // DHs
@ -66,77 +65,9 @@ class OmemoDoubleRatchet {
    this.sessionAd,
    this.mkSkipped, // MKSKIPPED
    this.acknowledged,
    this.kexTimestamp,
    this.kex,
  );
  factory OmemoDoubleRatchet.fromJson(Map<String, dynamic> data) {
    /*
    {
      'dhs': 'base/64/encoded',
      'dhs_pub': 'base/64/encoded',
      'dhr': null | 'base/64/encoded',
      'rk': 'base/64/encoded',
      'cks': null | 'base/64/encoded',
      'ckr': null | 'base/64/encoded',
      'ns': 0,
      'nr': 0,
      'pn': 0,
      'ik_pub': null | 'base/64/encoded',
      'session_ad': 'base/64/encoded',
      'acknowledged': true | false,
      'kex_timestamp': int,
      'kex': 'base/64/encoded',
      'mkskipped': [
        {
          'key': 'base/64/encoded',
          'public': 'base/64/encoded',
          'n': 0
        }, ...
      ]
    }
    */
    // NOTE: Dart has some issues with just casting a List<dynamic> to List<Map<...>>, as
    //       such we need to convert the items by hand.
    final mkSkipped = Map<SkippedKey, List<int>>.fromEntries(
      (data['mkskipped']! as List<dynamic>)
          .map<MapEntry<SkippedKey, List<int>>>(
        (entry) {
          final map = entry as Map<String, dynamic>;
          final key = SkippedKey.fromJson(map);
          return MapEntry(
            key,
            base64.decode(map['key']! as String),
          );
        },
      ),
    );
    return OmemoDoubleRatchet(
      OmemoKeyPair.fromBytes(
        base64.decode(data['dhs_pub']! as String),
        base64.decode(data['dhs']! as String),
        KeyPairType.x25519,
      ),
      decodeKeyIfNotNull(data, 'dhr', KeyPairType.x25519),
      base64.decode(data['rk']! as String),
      base64DecodeIfNotNull(data, 'cks'),
      base64DecodeIfNotNull(data, 'ckr'),
      data['ns']! as int,
      data['nr']! as int,
      data['pn']! as int,
      OmemoPublicKey.fromBytes(
        base64.decode(data['ik_pub']! as String),
        KeyPairType.ed25519,
      ),
      base64.decode(data['session_ad']! as String),
      mkSkipped,
      data['acknowledged']! as bool,
      data['kex_timestamp']! as int,
      data['kex'] as String?,
    );
  }
  /// Sending DH keypair
  OmemoKeyPair dhs;
@ -161,16 +92,14 @@ class OmemoDoubleRatchet {
  /// for verification purposes
  final OmemoPublicKey ik;
  /// Associated data for this ratchet.
  final List<int> sessionAd;
  /// List of skipped message keys.
  final Map<SkippedKey, List<int>> mkSkipped;
  /// The point in time at which we performed the kex exchange to create this ratchet.
  /// Precision is milliseconds since epoch.
  int kexTimestamp;
  /// The key exchange that was used for initiating the session.
-  final String? kex;
+  final KeyExchangeData kex;
  /// Indicates whether we received an empty OMEMO message after building a session with
  /// the device.
@ -181,21 +110,22 @@ class OmemoDoubleRatchet {
  /// a X3DH. [ik] refers to Bob's (the receiver's) IK public key.
  static Future<OmemoDoubleRatchet> initiateNewSession(
    OmemoPublicKey spk,
    int spkId,
    OmemoPublicKey ik,
    OmemoPublicKey ownIk,
    OmemoPublicKey ek,
    List<int> sk,
    List<int> ad,
-    int timestamp,
+    int pkId,
  ) async {
    final dhs = await OmemoKeyPair.generateNewPair(KeyPairType.x25519);
-    final dhr = spk;
+    final rk = await kdfRk(sk, await omemoDH(dhs, spk, 0));
    final rk = await kdfRk(sk, await omemoDH(dhs, dhr, 0));
    final cks = rk;
    return OmemoDoubleRatchet(
      dhs,
-      dhr,
+      spk,
-      rk,
+      List.from(rk),
-      cks,
+      List.from(rk),
      null,
      0,
      0,
@ -204,8 +134,12 @@ class OmemoDoubleRatchet {
      ad,
      {},
      false,
-      timestamp,
+      KeyExchangeData(
-      '',
+        pkId,
        spkId,
        ownIk,
        ek,
      ),
    );
  }
@ -215,10 +149,12 @@ class OmemoDoubleRatchet {
  /// Alice's (the initiator's) IK public key.
  static Future<OmemoDoubleRatchet> acceptNewSession(
    OmemoKeyPair spk,
    int spkId,
    OmemoPublicKey ik,
    int pkId,
    OmemoPublicKey ek,
    List<int> sk,
    List<int> ad,
    int kexTimestamp,
  ) async {
    return OmemoDoubleRatchet(
      spk,
@ -233,72 +169,52 @@ class OmemoDoubleRatchet {
      ad,
      {},
      true,
-      kexTimestamp,
+      KeyExchangeData(
-      null,
+        pkId,
        spkId,
        ik,
        ek,
      ),
    );
  }
-  Future<Map<String, dynamic>> toJson() async {
+  /// Performs a single ratchet step in case we received a new
-    final mkSkippedSerialised =
+  /// public key in [header].
-        List<Map<String, dynamic>>.empty(growable: true);
+  Future<void> _dhRatchet(OMEMOMessage header) async {
-    for (final entry in mkSkipped.entries) {
+    pn = ns;
-      final result = await entry.key.toJson();
+    ns = 0;
-      result['key'] = base64.encode(entry.value);
+    nr = 0;
-
+    dhr = OmemoPublicKey.fromBytes(header.dhPub, KeyPairType.x25519);
-      mkSkippedSerialised.add(result);
+    final newRk1 = await kdfRk(
-    }
+      rk,
-
+      await omemoDH(
-    return {
+        dhs,
-      'dhs': base64.encode(await dhs.sk.getBytes()),
+        dhr!,
-      'dhs_pub': base64.encode(await dhs.pk.getBytes()),
+        0,
-      'dhr': dhr != null ? base64.encode(await dhr!.getBytes()) : null,
+      ),
      'rk': base64.encode(rk),
      'cks': cks != null ? base64.encode(cks!) : null,
      'ckr': ckr != null ? base64.encode(ckr!) : null,
      'ns': ns,
      'nr': nr,
      'pn': pn,
      'ik_pub': base64.encode(await ik.getBytes()),
      'session_ad': base64.encode(sessionAd),
      'mkskipped': mkSkippedSerialised,
      'acknowledged': acknowledged,
      'kex_timestamp': kexTimestamp,
      'kex': kex,
    };
  }
  /// Returns the OMEMO compatible fingerprint of the ratchet session.
  Future<String> getOmemoFingerprint() async {
    final curveKey = await ik.toCurve25519();
    return HEX.encode(await curveKey.getBytes());
  }
  Future<List<int>?> _trySkippedMessageKeys(
    OmemoMessage header,
    List<int> ciphertext,
  ) async {
    final key = SkippedKey(
      OmemoPublicKey.fromBytes(header.dhPub!, KeyPairType.x25519),
      header.n!,
    );
-    if (mkSkipped.containsKey(key)) {
+    rk = List.from(newRk1);
-      final mk = mkSkipped[key]!;
+    ckr = List.from(newRk1);
      mkSkipped.remove(key);
-      return decrypt(
+    dhs = await OmemoKeyPair.generateNewPair(KeyPairType.x25519);
-        mk,
+    final newRk2 = await kdfRk(
-        ciphertext,
+      rk,
-        concat([sessionAd, header.writeToBuffer()]),
+      await omemoDH(
-        sessionAd,
+        dhs,
-      );
+        dhr!,
-    }
+        0,
-
+      ),
-    return null;
+    );
    rk = List.from(newRk2);
    cks = List.from(newRk2);
  }
-  Future<void> _skipMessageKeys(int until) async {
+  /// Skip (and keep track of) message keys until our receive counter is
  /// equal to [until]. If we would skip too many messages, returns
  /// a [SkippingTooManyKeysError]. If not, returns null.
  Future<OmemoError?> _skipMessageKeys(int until) async {
    if (nr + maxSkip < until) {
-      throw SkippingTooManyMessagesException();
+      return SkippingTooManyKeysError();
    }
    if (ckr != null) {
@ -306,88 +222,140 @@ class OmemoDoubleRatchet {
        final newCkr = await kdfCk(ckr!, kdfCkNextChainKey);
        final mk = await kdfCk(ckr!, kdfCkNextMessageKey);
        ckr = newCkr;
        mkSkipped[SkippedKey(dhr!, nr)] = mk;
        nr++;
      }
    }
    return null;
  }
-  Future<void> _dhRatchet(OmemoMessage header) async {
+  /// Decrypt [ciphertext] using keys derived from the message key [mk]. Also computes the
-    pn = ns;
+  /// HMAC from the [OMEMOMessage] embedded in [message].
    ns = 0;
    nr = 0;
    dhr = OmemoPublicKey.fromBytes(header.dhPub!, KeyPairType.x25519);
    final newRk = await kdfRk(rk, await omemoDH(dhs, dhr!, 0));
    rk = List.from(newRk);
    ckr = List.from(newRk);
    dhs = await OmemoKeyPair.generateNewPair(KeyPairType.x25519);
    final newNewRk = await kdfRk(rk, await omemoDH(dhs, dhr!, 0));
    rk = List.from(newNewRk);
    cks = List.from(newNewRk);
  }
  /// Encrypt [plaintext] using the Double Ratchet.
  Future<RatchetStep> ratchetEncrypt(List<int> plaintext) async {
    final newCks = await kdfCk(cks!, kdfCkNextChainKey);
    final mk = await kdfCk(cks!, kdfCkNextMessageKey);
    cks = newCks;
    final header = OmemoMessage()
      ..dhPub = await dhs.pk.getBytes()
      ..pn = pn
      ..n = ns;
    ns++;
    return RatchetStep(
      header,
      await encrypt(
        mk,
        plaintext,
        concat([sessionAd, header.writeToBuffer()]),
        sessionAd,
      ),
    );
  }
  /// Decrypt a [ciphertext] that was sent with the header [header] using the Double
  /// Ratchet. Returns the decrypted (raw) plaintext.
  ///
-  /// Throws an SkippingTooManyMessagesException if too many messages were to be skipped.
+  /// If the computed HMAC does not match the HMAC in [message], returns
-  Future<List<int>> ratchetDecrypt(
+  /// [InvalidMessageHMACError]. If it matches, returns the decrypted
-    OmemoMessage header,
+  /// payload.
  Future<Result<OmemoError, List<int>>> _decrypt(
    OMEMOAuthenticatedMessage message,
    List<int> ciphertext,
    List<int> mk,
  ) async {
-    // Check if we skipped too many messages
+    final keys = await deriveEncryptionKeys(mk, encryptHkdfInfoString);
-    final plaintext = await _trySkippedMessageKeys(header, ciphertext);
+
-    if (plaintext != null) {
+    final hmacInput = concat([sessionAd, message.message]);
-      return plaintext;
+    final hmacResult = await truncatedHmac(hmacInput, keys.authenticationKey);
    if (!listsEqual(hmacResult, message.mac)) {
      return Result(InvalidMessageHMACError());
    }
-    final dhPubMatches = listsEqual(
+    final plaintext =
-      header.dhPub!,
+        await aes256CbcDecrypt(ciphertext, keys.encryptionKey, keys.iv);
-      (await dhr?.getBytes()) ?? <int>[],
+    if (plaintext.isType<MalformedCiphertextError>()) {
      return Result(plaintext.get<MalformedCiphertextError>());
    }
    return Result(plaintext.get<List<int>>());
  }
  /// Checks whether we could decrypt the payload in [header] with a skipped key. If yes,
  /// attempts to decrypt it. If not, returns null.
  ///
  /// If the decryption is successful, returns the plaintext payload. If an error occurs, like
  /// an [InvalidMessageHMACError], that is returned instead.
  Future<Result<OmemoError, List<int>?>> _trySkippedMessageKeys(
    OMEMOAuthenticatedMessage message,
    OMEMOMessage header,
  ) async {
    final key = SkippedKey(
      OmemoPublicKey.fromBytes(header.dhPub, KeyPairType.x25519),
      header.n,
    );
-    if (!dhPubMatches) {
+    if (mkSkipped.containsKey(key)) {
-      await _skipMessageKeys(header.pn!);
+      final mk = mkSkipped[key]!;
      mkSkipped.remove(key);
      return _decrypt(message, header.ciphertext, mk);
    }
    return const Result(null);
  }
  /// Decrypt the payload (deeply) embedded in [message].
  ///
  /// If everything goes well, returns the plaintext payload. If an error occurs, that
  /// is returned instead.
  Future<Result<OmemoError, List<int>>> ratchetDecrypt(
    OMEMOAuthenticatedMessage message,
  ) async {
    final header = OMEMOMessage.fromBuffer(message.message);
    // Try skipped keys
    final plaintextRaw = await _trySkippedMessageKeys(message, header);
    if (plaintextRaw.isType<OmemoError>()) {
      // Propagate the error
      return Result(plaintextRaw.get<OmemoError>());
    }
    final plaintext = plaintextRaw.get<List<int>?>();
    if (plaintext != null) {
      return Result(plaintext);
    }
    if (dhr == null || !listsEqual(header.dhPub, await dhr!.getBytes())) {
      final skipResult1 = await _skipMessageKeys(header.pn);
      if (skipResult1 != null) {
        return Result(skipResult1);
      }
      await _dhRatchet(header);
    }
-    await _skipMessageKeys(header.n!);
+    final skipResult2 = await _skipMessageKeys(header.n);
-    final newCkr = await kdfCk(ckr!, kdfCkNextChainKey);
+    if (skipResult2 != null) {
      return Result(skipResult2);
    }
    final ck = await kdfCk(ckr!, kdfCkNextChainKey);
    final mk = await kdfCk(ckr!, kdfCkNextMessageKey);
-    ckr = newCkr;
+    ckr = ck;
    nr++;
-    return decrypt(
+    return _decrypt(message, header.ciphertext, mk);
      mk,
      ciphertext,
      concat([sessionAd, header.writeToBuffer()]),
      sessionAd,
    );
  }
  /// Encrypt the payload [plaintext] using the double ratchet session.
  Future<OMEMOAuthenticatedMessage> ratchetEncrypt(List<int> plaintext) async {
    // Advance the ratchet
    final ck = await kdfCk(cks!, kdfCkNextChainKey);
    final mk = await kdfCk(cks!, kdfCkNextMessageKey);
    cks = ck;
    // Generate encryption, authentication key and IV
    final keys = await deriveEncryptionKeys(mk, encryptHkdfInfoString);
    final ciphertext =
        await aes256CbcEncrypt(plaintext, keys.encryptionKey, keys.iv);
    // Fill-in the header and serialize it here so we do it only once
    final header = OMEMOMessage()
      ..dhPub = await dhs.pk.getBytes()
      ..pn = pn
      ..n = ns
      ..ciphertext = ciphertext;
    final headerBytes = header.writeToBuffer();
    // Increment the send counter
    ns++;
    final newAd = concat([sessionAd, headerBytes]);
    final hmac = await truncatedHmac(newAd, keys.authenticationKey);
    return OMEMOAuthenticatedMessage()
      ..mac = hmac
      ..message = headerBytes;
  }
  /// Returns a copy of the ratchet.
  OmemoDoubleRatchet clone() {
    return OmemoDoubleRatchet(
      dhs,
@ -402,27 +370,16 @@ class OmemoDoubleRatchet {
      sessionAd,
      Map<SkippedKey, List<int>>.from(mkSkipped),
      acknowledged,
      kexTimestamp,
      kex,
    );
  }
-  OmemoDoubleRatchet cloneWithKex(String kex) {
+  /// Computes the fingerprint of the double ratchet, according to
-    return OmemoDoubleRatchet(
+  /// XEP-0384.
-      dhs,
+  Future<String> get fingerprint async {
-      dhr,
+    final curveKey = await ik.toCurve25519();
-      rk,
+    return HEX.encode(
-      cks != null ? List<int>.from(cks!) : null,
+      await curveKey.getBytes(),
      ckr != null ? List<int>.from(ckr!) : null,
      ns,
      nr,
      pn,
      ik,
      sessionAd,
      Map<SkippedKey, List<int>>.from(mkSkipped),
      acknowledged,
      kexTimestamp,
      kex,
    );
  }
@ -454,7 +411,6 @@ class OmemoDoubleRatchet {
        ns == other.ns &&
        nr == other.nr &&
        pn == other.pn &&
-        listsEqual(sessionAd, other.sessionAd) &&
+        listsEqual(sessionAd, other.sessionAd);
        kexTimestamp == other.kexTimestamp;
  }
 }
--- a/lib/src/double_ratchet/kdf.dart
+++ b/lib/src/double_ratchet/kdf.dart
@ -8,7 +8,7 @@ const kdfRkInfoString = 'OMEMO Root Chain';
 const kdfCkNextMessageKey = 0x01;
 const kdfCkNextChainKey = 0x02;
-/// Signals KDF_CK function as specified by OMEMO 0.8.0.
+/// Signals KDF_CK function as specified by OMEMO 0.8.3.
 Future<List<int>> kdfCk(List<int> ck, int constant) async {
  final hkdf = Hkdf(hmac: Hmac(Sha256()), outputLength: 32);
  final result = await hkdf.deriveKey(
@ -19,7 +19,7 @@ Future<List<int>> kdfCk(List<int> ck, int constant) async {
  return result.extractBytes();
 }
-/// Signals KDF_RK function as specified by OMEMO 0.8.0.
+/// Signals KDF_RK function as specified by OMEMO 0.8.3.
 Future<List<int>> kdfRk(List<int> rk, List<int> dhOut) async {
  final algorithm = Hkdf(
    hmac: Hmac(Sha256()),
--- a/lib/src/errors.dart
+++ b/lib/src/errors.dart
@ -1,61 +1,39 @@
-abstract class OmemoException {}
+abstract class OmemoError {}
 /// Triggered during X3DH if the signature if the SPK does verify to the actual SPK.
-class InvalidSignatureException extends OmemoException implements Exception {
+class InvalidKeyExchangeSignatureError extends OmemoError {}
  String errMsg() =>
      'The signature of the SPK does not match the provided signature';
 }
 /// Triggered by the Double Ratchet if the computed HMAC does not match the attached HMAC.
-/// Triggered by the Session Manager if the computed HMAC does not match the attached HMAC.
+class InvalidMessageHMACError extends OmemoError {}
 class InvalidMessageHMACException extends OmemoException implements Exception {
  String errMsg() => 'The computed HMAC does not match the provided HMAC';
 }
 /// Triggered by the Double Ratchet if skipping messages would cause skipping more than
 /// MAXSKIP messages
-class SkippingTooManyMessagesException extends OmemoException
+class SkippingTooManyKeysError extends OmemoError {}
    implements Exception {
  String errMsg() => 'Skipping messages would cause a skip bigger than MAXSKIP';
 }
 /// Triggered by the Session Manager if the message key is not encrypted for the device.
-class NotEncryptedForDeviceException extends OmemoException
+class NotEncryptedForDeviceError extends OmemoError {}
    implements Exception {
  String errMsg() => 'Not encrypted for this device';
 }
 /// Triggered by the Session Manager when there is no key for decrypting the message.
 class NoDecryptionKeyException extends OmemoException implements Exception {
  String errMsg() => 'No key available for decrypting the message';
 }
 /// Triggered by the Session Manager when the identifier of the used Signed Prekey
 /// is neither the current SPK's identifier nor the old one's.
-class UnknownSignedPrekeyException extends OmemoException implements Exception {
+class UnknownSignedPrekeyError extends OmemoError {}
  String errMsg() => 'Unknown Signed Prekey used.';
 }
 /// Triggered by the Session Manager when the received Key Exchange message does not meet
 /// the requirement that a key exchange, given that the ratchet already exists, must be
 /// sent after its creation.
 class InvalidKeyExchangeException extends OmemoException implements Exception {
  String errMsg() => 'The key exchange was sent before the last kex finished';
 }
 /// Triggered by the Session Manager when a message's sequence number is smaller than we
 /// expect it to be.
 class MessageAlreadyDecryptedException extends OmemoException
    implements Exception {
  String errMsg() => 'The message has already been decrypted';
 }
 /// Triggered by the OmemoManager when we could not encrypt a message as we have
 /// no key material available. That happens, for example, when we want to create a
 /// ratchet session with a JID we had no session with but fetching the device bundle
 /// failed.
-class NoKeyMaterialAvailableException extends OmemoException
+class NoKeyMaterialAvailableError extends OmemoError {}
-    implements Exception {
+
-  String errMsg() =>
+/// A non-key-exchange message was received that was encrypted for our device, but we have no ratchet with
-      'No key material available to create a ratchet session with';
+/// the device that sent the message.
 class NoSessionWithDeviceError extends OmemoError {}
 /// Caused when the AES-256 CBC decryption failed.
 class MalformedCiphertextError extends OmemoError {
  MalformedCiphertextError(this.ex);
  /// The exception that was raised while decryption.
  final Object ex;
 }
 /// Caused by an empty <key /> element
 class MalformedEncryptedKeyError extends OmemoError {}
--- a/lib/src/helpers.dart
+++ b/lib/src/helpers.dart
@ -1,7 +1,5 @@
 import 'dart:convert';
 import 'dart:math';
 import 'package:cryptography/cryptography.dart';
 import 'package:omemo_dart/src/keys.dart';
 /// Flattens [inputs] and concatenates the elements.
 List<int> concat(List<List<int>> inputs) {
@ -43,41 +41,35 @@ int generateRandom32BitNumber() {
  return Random.secure().nextInt(4294967295 /*pow(2, 32) - 1*/);
 }
-OmemoPublicKey? decodeKeyIfNotNull(
+/// Describes the differences between two lists in terms of its items.
-  Map<String, dynamic> map,
+class ListDiff<T> {
-  String key,
+  ListDiff(this.added, this.removed);
  KeyPairType type,
 ) {
  if (map[key] == null) return null;
-  return OmemoPublicKey.fromBytes(
+  /// The items that were added.
-    base64.decode(map[key]! as String),
+  final List<T> added;
-    type,
+
-  );
+  /// The items that were removed.
  final List<T> removed;
 }
-List<int>? base64DecodeIfNotNull(Map<String, dynamic> map, String key) {
+extension AppendToListOrCreateExtension<K, V> on Map<K, List<V>> {
-  if (map[key] == null) return null;
+  /// Create or append [value] to the list identified with key [key].
-
+  void appendOrCreate(K key, V value, {bool checkExistence = false}) {
-  return base64.decode(map[key]! as String);
+    if (containsKey(key)) {
      if (!checkExistence) {
        this[key]!.add(value);
      }
      if (!this[key]!.contains(value)) {
        this[key]!.add(value);
      }
    } else {
      this[key] = [value];
    }
  }
 }
-String? base64EncodeIfNotNull(List<int>? bytes) {
+extension StringFromBase64Extension on String {
-  if (bytes == null) return null;
+  /// Base64-decode this string. Useful for doing `someString?.fromBase64()` instead
-
+  /// of `someString != null ? base64Decode(someString) : null`.
-  return base64.encode(bytes);
+  List<int> fromBase64() => base64Decode(this);
 }
 OmemoKeyPair? decodeKeyPairIfNotNull(String? pk, String? sk, KeyPairType type) {
  if (pk == null || sk == null) return null;
  return OmemoKeyPair.fromBytes(
    base64.decode(pk),
    base64.decode(sk),
    type,
  );
 }
 int getTimestamp() {
  return DateTime.now().millisecondsSinceEpoch;
 }
--- a/lib/src/omemo/constants.dart
+++ b/lib/src/omemo/constants.dart
@ -1,2 +0,0 @@
 /// The info used for when encrypting the AES key for the actual payload.
 const omemoPayloadInfoString = 'OMEMO Payload';
--- a/lib/src/omemo/decryption_result.dart
+++ b/lib/src/omemo/decryption_result.dart
@ -3,7 +3,15 @@ import 'package:omemo_dart/src/errors.dart';
@immutable
 class DecryptionResult {
-  const DecryptionResult(this.payload, this.error);
+  const DecryptionResult(this.payload, this.usedOpkId, this.error);
  /// The decrypted payload or null, if it was an empty OMEMO message.
  final String? payload;
-  final OmemoException? error;
+
  /// In case a key exchange has been performed: The id of the used OPK. Useful for
  /// replacing the OPK after a message catch-up.
  final int? usedOpkId;
  /// The error that occurred during decryption or null, if no error occurred.
  final OmemoError? error;
 }
--- a/lib/src/omemo/device.dart
+++ b/lib/src/omemo/device.dart
@ -22,76 +22,6 @@ class OmemoDevice {
    this.opks,
  );
  /// Deserialize the Device
  factory OmemoDevice.fromJson(Map<String, dynamic> data) {
    // NOTE: We use the way OpenSSH names their keys, meaning that ik is the Identity
    //       Keypair's private key, while ik_pub refers to the Identity Keypair's public
    //       key.
    /*
    {
      'jid': 'alice@...',
      'id': 123,
      'ik': 'base/64/encoded',
      'ik_pub': 'base/64/encoded',
      'spk': 'base/64/encoded',
      'spk_pub': 'base/64/encoded',
      'spk_id': 123,
      'spk_sig': 'base/64/encoded',
      'old_spk': 'base/64/encoded',
      'old_spk_pub': 'base/64/encoded',
      'old_spk_id': 122,
      'opks': [
        {
          'id': 0,
          'public': 'base/64/encoded',
          'private': 'base/64/encoded'
        }, ...
      ]
    }
    */
    // NOTE: Dart has some issues with just casting a List<dynamic> to List<Map<...>>, as
    //       such we need to convert the items by hand.
    final opks = Map<int, OmemoKeyPair>.fromEntries(
      (data['opks']! as List<dynamic>).map<MapEntry<int, OmemoKeyPair>>(
        (opk) {
          final map = opk as Map<String, dynamic>;
          return MapEntry(
            map['id']! as int,
            OmemoKeyPair.fromBytes(
              base64.decode(map['public']! as String),
              base64.decode(map['private']! as String),
              KeyPairType.x25519,
            ),
          );
        },
      ),
    );
    return OmemoDevice(
      data['jid']! as String,
      data['id']! as int,
      OmemoKeyPair.fromBytes(
        base64.decode(data['ik_pub']! as String),
        base64.decode(data['ik']! as String),
        KeyPairType.ed25519,
      ),
      OmemoKeyPair.fromBytes(
        base64.decode(data['spk_pub']! as String),
        base64.decode(data['spk']! as String),
        KeyPairType.x25519,
      ),
      data['spk_id']! as int,
      base64.decode(data['spk_sig']! as String),
      decodeKeyPairIfNotNull(
        data['old_spk_pub'] as String?,
        data['old_spk'] as String?,
        KeyPairType.x25519,
      ),
      data['old_spk_id'] as int?,
      opks,
    );
  }
  /// Generate a completely new device, i.e. cryptographic identity.
  static Future<OmemoDevice> generateNewDevice(
    String jid, {
@ -105,7 +35,16 @@ class OmemoDevice {
    final opks = <int, OmemoKeyPair>{};
    for (var i = 0; i < opkAmount; i++) {
-      opks[i] = await OmemoKeyPair.generateNewPair(KeyPairType.x25519);
+      // Generate unique ids for each key
      while (true) {
        final opkId = generateRandom32BitNumber();
        if (opks.containsKey(opkId)) {
          continue;
        }
        opks[opkId] = await OmemoKeyPair.generateNewPair(KeyPairType.x25519);
        break;
      }
    }
    return OmemoDevice(jid, id, ik, spk, spkId, signature, null, null, opks);
@ -142,7 +81,18 @@ class OmemoDevice {
  /// a new Device object that copies over everything but replaces said key.
  @internal
  Future<OmemoDevice> replaceOnetimePrekey(int id) async {
-    opks[id] = await OmemoKeyPair.generateNewPair(KeyPairType.x25519);
+    opks.remove(id);
    // Generate a new unique id for the OPK.
    while (true) {
      final newId = generateRandom32BitNumber();
      if (opks.containsKey(newId)) {
        continue;
      }
      opks[newId] = await OmemoKeyPair.generateNewPair(KeyPairType.x25519);
      break;
    }
    return OmemoDevice(
      jid,
@ -221,34 +171,6 @@ class OmemoDevice {
    return HEX.encode(await curveKey.getBytes());
  }
  /// Serialise the device information.
  Future<Map<String, dynamic>> toJson() async {
    /// Serialise the OPKs
    final serialisedOpks = List<Map<String, dynamic>>.empty(growable: true);
    for (final entry in opks.entries) {
      serialisedOpks.add({
        'id': entry.key,
        'public': base64.encode(await entry.value.pk.getBytes()),
        'private': base64.encode(await entry.value.sk.getBytes()),
      });
    }
    return {
      'jid': jid,
      'id': id,
      'ik': base64.encode(await ik.sk.getBytes()),
      'ik_pub': base64.encode(await ik.pk.getBytes()),
      'spk': base64.encode(await spk.sk.getBytes()),
      'spk_pub': base64.encode(await spk.pk.getBytes()),
      'spk_id': spkId,
      'spk_sig': base64.encode(spkSignature),
      'old_spk': base64EncodeIfNotNull(await oldSpk?.sk.getBytes()),
      'old_spk_pub': base64EncodeIfNotNull(await oldSpk?.pk.getBytes()),
      'old_spk_id': oldSpkId,
      'opks': serialisedOpks,
    };
  }
  @visibleForTesting
  Future<bool> equals(OmemoDevice other) async {
    var opksMatch = true;
--- a/lib/src/omemo/encrypted_key.dart
+++ b/lib/src/omemo/encrypted_key.dart
@ -1,12 +1,23 @@
 import 'dart:convert';
 import 'package:meta/meta.dart';
 /// EncryptedKey is the intermediary format of a <key /> element in the OMEMO message's
 /// <keys /> header.
@immutable
 class EncryptedKey {
-  const EncryptedKey(this.jid, this.rid, this.value, this.kex);
+  const EncryptedKey(this.rid, this.value, this.kex);
-  final String jid;
+
  /// The id of the device the key is encrypted for.
  final int rid;
  /// The base64-encoded payload.
  final String value;
  /// Flag indicating whether the payload is a OMEMOKeyExchange (true) or
  /// an OMEMOAuthenticatedMessage (false).
  final bool kex;
  /// The base64-decoded payload.
  List<int> get data => base64Decode(value);
 }
--- a/lib/src/omemo/encryption_result.dart
+++ b/lib/src/omemo/encryption_result.dart
@ -1,7 +1,6 @@
 import 'package:meta/meta.dart';
 import 'package:omemo_dart/src/errors.dart';
 import 'package:omemo_dart/src/omemo/encrypted_key.dart';
-import 'package:omemo_dart/src/omemo/ratchet_map_key.dart';
+import 'package:omemo_dart/src/omemo/errors.dart';
@immutable
 class EncryptionResult {
@ -9,7 +8,7 @@ class EncryptionResult {
    this.ciphertext,
    this.encryptedKeys,
    this.deviceEncryptionErrors,
-    this.jidEncryptionErrors,
+    this.canSend,
  );
  /// The actual message that was encrypted.
@ -17,17 +16,12 @@ class EncryptionResult {
  /// Mapping of the device Id to the key for decrypting ciphertext, encrypted
  /// for the ratchet with said device Id.
-  final List<EncryptedKey> encryptedKeys;
+  final Map<String, List<EncryptedKey>> encryptedKeys;
-  /// Mapping of a ratchet map keys to a possible exception.
+  /// Mapping of a JID to
-  final Map<RatchetMapKey, OmemoException> deviceEncryptionErrors;
+  final Map<String, List<EncryptToJidError>> deviceEncryptionErrors;
-  /// Mapping of a JID to a possible exception.
+  /// A flag indicating that the message could be sent like that, i.e. we were able
-  final Map<String, OmemoException> jidEncryptionErrors;
+  /// to encrypt to at-least one device per recipient.
-
+  final bool canSend;
  /// True if the encryption was a success. This means that we could encrypt for
  /// at least one ratchet.
  bool isSuccess(int numberOfRecipients) =>
      encryptedKeys.isNotEmpty &&
      jidEncryptionErrors.length < numberOfRecipients;
 }
--- a/lib/src/omemo/errors.dart
+++ b/lib/src/omemo/errors.dart
@ -0,0 +1,12 @@
 import 'package:omemo_dart/src/errors.dart';
 /// Returned on encryption, if encryption failed for some reason.
 class EncryptToJidError extends OmemoError {
  EncryptToJidError(this.device, this.error);
  /// The device the error occurred with
  final int? device;
  /// The actual error.
  final OmemoError error;
 }
--- a/lib/src/omemo/events.dart
+++ b/lib/src/omemo/events.dart
@ -1,44 +0,0 @@
 import 'package:omemo_dart/src/double_ratchet/double_ratchet.dart';
 import 'package:omemo_dart/src/omemo/device.dart';
 abstract class OmemoEvent {}
 /// Triggered when a ratchet has been modified
 class RatchetModifiedEvent extends OmemoEvent {
  RatchetModifiedEvent(
    this.jid,
    this.deviceId,
    this.ratchet,
    this.added,
    this.replaced,
  );
  final String jid;
  final int deviceId;
  final OmemoDoubleRatchet ratchet;
  /// Indicates whether the ratchet has just been created (true) or just modified (false).
  final bool added;
  /// Indicates whether the ratchet has been replaced (true) or not.
  final bool replaced;
 }
 /// Triggered when a ratchet has been removed and should be removed from storage.
 class RatchetRemovedEvent extends OmemoEvent {
  RatchetRemovedEvent(this.jid, this.deviceId);
  final String jid;
  final int deviceId;
 }
 /// Triggered when the device map has been modified
 class DeviceListModifiedEvent extends OmemoEvent {
  DeviceListModifiedEvent(this.list);
  final Map<String, List<int>> list;
 }
 /// Triggered by the OmemoSessionManager when our own device bundle was modified
 /// and thus should be republished.
 class DeviceModifiedEvent extends OmemoEvent {
  DeviceModifiedEvent(this.device);
  final OmemoDevice device;
 }
--- a/lib/src/omemo/omemo.dart
+++ b/lib/src/omemo/omemo.dart
--- a/lib/src/omemo/omemomanager.dart
+++ b/lib/src/omemo/omemomanager.dart
@ -1,854 +0,0 @@
 import 'dart:async';
 import 'dart:collection';
 import 'dart:convert';
 import 'package:collection/collection.dart';
 import 'package:cryptography/cryptography.dart';
 import 'package:hex/hex.dart';
 import 'package:logging/logging.dart';
 import 'package:meta/meta.dart';
 import 'package:omemo_dart/src/crypto.dart';
 import 'package:omemo_dart/src/double_ratchet/double_ratchet.dart';
 import 'package:omemo_dart/src/errors.dart';
 import 'package:omemo_dart/src/helpers.dart';
 import 'package:omemo_dart/src/keys.dart';
 import 'package:omemo_dart/src/omemo/bundle.dart';
 import 'package:omemo_dart/src/omemo/constants.dart';
 import 'package:omemo_dart/src/omemo/decryption_result.dart';
 import 'package:omemo_dart/src/omemo/device.dart';
 import 'package:omemo_dart/src/omemo/encrypted_key.dart';
 import 'package:omemo_dart/src/omemo/encryption_result.dart';
 import 'package:omemo_dart/src/omemo/events.dart';
 import 'package:omemo_dart/src/omemo/fingerprint.dart';
 import 'package:omemo_dart/src/omemo/ratchet_map_key.dart';
 import 'package:omemo_dart/src/omemo/stanza.dart';
 import 'package:omemo_dart/src/protobuf/omemo_authenticated_message.dart';
 import 'package:omemo_dart/src/protobuf/omemo_key_exchange.dart';
 import 'package:omemo_dart/src/protobuf/omemo_message.dart';
 import 'package:omemo_dart/src/trust/base.dart';
 import 'package:omemo_dart/src/x3dh/x3dh.dart';
 import 'package:synchronized/synchronized.dart';
 class _InternalDecryptionResult {
  const _InternalDecryptionResult(
    this.ratchetCreated,
    this.ratchetReplaced,
    this.payload,
  ) : assert(
          !ratchetCreated || !ratchetReplaced,
          'Ratchet must be either replaced or created',
        );
  final bool ratchetCreated;
  final bool ratchetReplaced;
  final String? payload;
 }
 class OmemoManager {
  OmemoManager(
    this._device,
    this._trustManager,
    this.sendEmptyOmemoMessageImpl,
    this.fetchDeviceListImpl,
    this.fetchDeviceBundleImpl,
    this.subscribeToDeviceListNodeImpl,
  );
  final Logger _log = Logger('OmemoManager');
  /// Functions for connecting with the OMEMO library
  /// Send an empty OMEMO:2 message using the encrypted payload @result to
  /// @recipientJid.
  final Future<void> Function(EncryptionResult result, String recipientJid)
      sendEmptyOmemoMessageImpl;
  /// Fetch the list of device ids associated with @jid. If the device list cannot be
  /// fetched, return null.
  final Future<List<int>?> Function(String jid) fetchDeviceListImpl;
  /// Fetch the device bundle for the device with id @id of jid. If it cannot be fetched, return null.
  final Future<OmemoBundle?> Function(String jid, int id) fetchDeviceBundleImpl;
  /// Subscribe to the device list PEP node of @jid.
  final Future<void> Function(String jid) subscribeToDeviceListNodeImpl;
  /// Map bare JID to its known devices
  Map<String, List<int>> _deviceList = {};
  /// Map bare JIDs to whether we already requested the device list once
  final Map<String, bool> _deviceListRequested = {};
  /// Map bare a ratchet key to its ratchet. Note that this is also locked by
  /// _ratchetCriticalSectionLock.
  Map<RatchetMapKey, OmemoDoubleRatchet> _ratchetMap = {};
  /// Map bare JID to whether we already tried to subscribe to the device list node.
  final Map<String, bool> _subscriptionMap = {};
  /// For preventing a race condition in encryption/decryption
  final Map<String, Queue<Completer<void>>> _ratchetCriticalSectionQueue = {};
  final Lock _ratchetCriticalSectionLock = Lock();
  /// The OmemoManager's trust management
  final TrustManager _trustManager;
  TrustManager get trustManager => _trustManager;
  /// Our own keys...
  final Lock _deviceLock = Lock();
  // ignore: prefer_final_fields
  OmemoDevice _device;
  /// The event bus of the session manager
  final StreamController<OmemoEvent> _eventStreamController =
      StreamController<OmemoEvent>.broadcast();
  Stream<OmemoEvent> get eventStream => _eventStreamController.stream;
  /// Enter the critical section for performing cryptographic operations on the ratchets
  Future<void> _enterRatchetCriticalSection(String jid) async {
    final completer = await _ratchetCriticalSectionLock.synchronized(() {
      if (_ratchetCriticalSectionQueue.containsKey(jid)) {
        final c = Completer<void>();
        _ratchetCriticalSectionQueue[jid]!.addLast(c);
        return c;
      }
      _ratchetCriticalSectionQueue[jid] = Queue();
      return null;
    });
    if (completer != null) {
      await completer.future;
    }
  }
  /// Leave the critical section for the ratchets.
  Future<void> _leaveRatchetCriticalSection(String jid) async {
    await _ratchetCriticalSectionLock.synchronized(() {
      if (_ratchetCriticalSectionQueue.containsKey(jid)) {
        if (_ratchetCriticalSectionQueue[jid]!.isEmpty) {
          _ratchetCriticalSectionQueue.remove(jid);
        } else {
          _ratchetCriticalSectionQueue[jid]!.removeFirst().complete();
        }
      }
    });
  }
  Future<String?> _decryptAndVerifyHmac(
    List<int>? ciphertext,
    List<int> keyAndHmac,
  ) async {
    // Empty OMEMO messages should just have the key decrypted and/or session set up.
    if (ciphertext == null) {
      return null;
    }
    final key = keyAndHmac.sublist(0, 32);
    final hmac = keyAndHmac.sublist(32, 48);
    final derivedKeys = await deriveEncryptionKeys(key, omemoPayloadInfoString);
    final computedHmac =
        await truncatedHmac(ciphertext, derivedKeys.authenticationKey);
    if (!listsEqual(hmac, computedHmac)) {
      throw InvalidMessageHMACException();
    }
    return utf8.decode(
      await aes256CbcDecrypt(
        ciphertext,
        derivedKeys.encryptionKey,
        derivedKeys.iv,
      ),
    );
  }
  /// Add a session [ratchet] with the [deviceId] to the internal tracking state.
  /// NOTE: Must be called from within the ratchet critical section.
  void _addSession(String jid, int deviceId, OmemoDoubleRatchet ratchet) {
    // Add the bundle Id
    if (!_deviceList.containsKey(jid)) {
      _deviceList[jid] = [deviceId];
      // Commit the device map
      _eventStreamController.add(DeviceListModifiedEvent(_deviceList));
    } else {
      // Prevent having the same device multiple times in the list
      if (!_deviceList[jid]!.contains(deviceId)) {
        _deviceList[jid]!.add(deviceId);
        // Commit the device map
        _eventStreamController.add(DeviceListModifiedEvent(_deviceList));
      }
    }
    // Add the ratchet session
    final key = RatchetMapKey(jid, deviceId);
    _ratchetMap[key] = ratchet;
    // Commit the ratchet
    _eventStreamController
        .add(RatchetModifiedEvent(jid, deviceId, ratchet, true, false));
  }
  /// Build a new session with the user at [jid] with the device [deviceId] using data
  /// from the key exchange [kex]. In case [kex] contains an unknown Signed Prekey
  /// identifier an UnknownSignedPrekeyException will be thrown.
  Future<OmemoDoubleRatchet> _addSessionFromKeyExchange(
    String jid,
    int deviceId,
    OmemoKeyExchange kex,
  ) async {
    // Pick the correct SPK
    final device = await getDevice();
    OmemoKeyPair spk;
    if (kex.spkId == _device.spkId) {
      spk = _device.spk;
    } else if (kex.spkId == _device.oldSpkId) {
      spk = _device.oldSpk!;
    } else {
      throw UnknownSignedPrekeyException();
    }
    final kexResult = await x3dhFromInitialMessage(
      X3DHMessage(
        OmemoPublicKey.fromBytes(kex.ik!, KeyPairType.ed25519),
        OmemoPublicKey.fromBytes(kex.ek!, KeyPairType.x25519),
        kex.pkId!,
      ),
      spk,
      device.opks.values.elementAt(kex.pkId!),
      device.ik,
    );
    final ratchet = await OmemoDoubleRatchet.acceptNewSession(
      spk,
      OmemoPublicKey.fromBytes(kex.ik!, KeyPairType.ed25519),
      kexResult.sk,
      kexResult.ad,
      getTimestamp(),
    );
    // Notify the trust manager
    await trustManager.onNewSession(jid, deviceId);
    return ratchet;
  }
  /// Create a ratchet session initiated by Alice to the user with Jid [jid] and the device
  /// [deviceId] from the bundle [bundle].
  @visibleForTesting
  Future<OmemoKeyExchange> addSessionFromBundle(
    String jid,
    int deviceId,
    OmemoBundle bundle,
  ) async {
    final device = await getDevice();
    final kexResult = await x3dhFromBundle(
      bundle,
      device.ik,
    );
    final ratchet = await OmemoDoubleRatchet.initiateNewSession(
      bundle.spk,
      bundle.ik,
      kexResult.sk,
      kexResult.ad,
      getTimestamp(),
    );
    await _trustManager.onNewSession(jid, deviceId);
    _addSession(jid, deviceId, ratchet);
    return OmemoKeyExchange()
      ..pkId = kexResult.opkId
      ..spkId = bundle.spkId
      ..ik = await device.ik.pk.getBytes()
      ..ek = await kexResult.ek.pk.getBytes();
  }
  /// In case a decryption error occurs, the Double Ratchet spec says to just restore
  /// the ratchet to its old state. As such, this function restores the ratchet at
  /// [mapKey] with [oldRatchet].
  /// NOTE: Must be called from within the ratchet critical section
  void _restoreRatchet(RatchetMapKey mapKey, OmemoDoubleRatchet oldRatchet) {
    _log.finest(
      'Restoring ratchet ${mapKey.jid}:${mapKey.deviceId} to ${oldRatchet.nr}',
    );
    _ratchetMap[mapKey] = oldRatchet;
    // Commit the ratchet
    _eventStreamController.add(
      RatchetModifiedEvent(
        mapKey.jid,
        mapKey.deviceId,
        oldRatchet,
        false,
        false,
      ),
    );
  }
  /// Attempt to decrypt [ciphertext]. [keys] refers to the <key /> elements inside the
  /// <keys /> element with a "jid" attribute matching our own. [senderJid] refers to the
  /// bare Jid of the sender. [senderDeviceId] refers to the "sid" attribute of the
  /// <encrypted /> element.
  /// [timestamp] refers to the time the message was sent. This might be either what the
  /// server tells you via "XEP-0203: Delayed Delivery" or the point in time at which
  /// you received the stanza, if no Delayed Delivery element was found.
  ///
  /// If the received message is an empty OMEMO message, i.e. there is no <payload />
  /// element, then [ciphertext] must be set to null. In this case, this function
  /// will return null as there is no message to be decrypted. This, however, is used
  /// to set up sessions or advance the ratchets.
  Future<_InternalDecryptionResult> _decryptMessage(
    List<int>? ciphertext,
    String senderJid,
    int senderDeviceId,
    List<EncryptedKey> keys,
    int timestamp,
  ) async {
    // Try to find a session we can decrypt with.
    var device = await getDevice();
    final rawKey = keys.firstWhereOrNull((key) => key.rid == device.id);
    if (rawKey == null) {
      throw NotEncryptedForDeviceException();
    }
    final decodedRawKey = base64.decode(rawKey.value);
    List<int>? keyAndHmac;
    OmemoAuthenticatedMessage authMessage;
    OmemoMessage? message;
    // If the ratchet already existed, we store it. If it didn't, oldRatchet will stay
    // null.
    final ratchetKey = RatchetMapKey(senderJid, senderDeviceId);
    final oldRatchet = getRatchet(ratchetKey)?.clone();
    if (rawKey.kex) {
      final kex = OmemoKeyExchange.fromBuffer(decodedRawKey);
      authMessage = kex.message!;
      message = OmemoMessage.fromBuffer(authMessage.message!);
      // Guard against old key exchanges
      if (oldRatchet != null) {
        _log.finest(
          'KEX for existent ratchet ${ratchetKey.toJsonKey()}. ${oldRatchet.kexTimestamp} > $timestamp: ${oldRatchet.kexTimestamp > timestamp}',
        );
        if (oldRatchet.kexTimestamp > timestamp) {
          throw InvalidKeyExchangeException();
        }
      }
      final r =
          await _addSessionFromKeyExchange(senderJid, senderDeviceId, kex);
      // Try to decrypt with the new ratchet r
      try {
        keyAndHmac =
            await r.ratchetDecrypt(message, authMessage.writeToBuffer());
        final result = await _decryptAndVerifyHmac(ciphertext, keyAndHmac);
        // Add the new ratchet
        _addSession(senderJid, senderDeviceId, r);
        // Replace the OPK
        await _deviceLock.synchronized(() async {
          device = await device.replaceOnetimePrekey(kex.pkId!);
          // Commit the device
          _eventStreamController.add(DeviceModifiedEvent(device));
        });
        // Commit the ratchet
        _eventStreamController.add(
          RatchetModifiedEvent(
            senderJid,
            senderDeviceId,
            r,
            oldRatchet == null,
            oldRatchet != null,
          ),
        );
        return _InternalDecryptionResult(
          oldRatchet == null,
          oldRatchet != null,
          result,
        );
      } catch (ex) {
        _log.finest('Kex failed due to $ex. Not proceeding with kex.');
      }
    } else {
      authMessage = OmemoAuthenticatedMessage.fromBuffer(decodedRawKey);
      message = OmemoMessage.fromBuffer(authMessage.message!);
    }
    final devices = _deviceList[senderJid];
    if (devices?.contains(senderDeviceId) != true) {
      throw NoDecryptionKeyException();
    }
    // TODO(PapaTutuWawa): When receiving a message that is not an OMEMOKeyExchange from a device there is no session with, clients SHOULD create a session with that device and notify it about the new session by responding with an empty OMEMO message as per Sending a message.
    // We can guarantee that the ratchet exists at this point in time
    final ratchet = getRatchet(ratchetKey)!;
    try {
      if (rawKey.kex) {
        keyAndHmac =
            await ratchet.ratchetDecrypt(message, authMessage.writeToBuffer());
      } else {
        keyAndHmac = await ratchet.ratchetDecrypt(message, decodedRawKey);
      }
    } catch (_) {
      _restoreRatchet(ratchetKey, oldRatchet!);
      rethrow;
    }
    // Commit the ratchet
    _eventStreamController.add(
      RatchetModifiedEvent(
        senderJid,
        senderDeviceId,
        ratchet,
        false,
        false,
      ),
    );
    try {
      return _InternalDecryptionResult(
        false,
        false,
        await _decryptAndVerifyHmac(ciphertext, keyAndHmac),
      );
    } catch (_) {
      _restoreRatchet(ratchetKey, oldRatchet!);
      rethrow;
    }
  }
  /// Returns, if it exists, the ratchet associated with [key].
  /// NOTE: Must be called from within the ratchet critical section.
  @visibleForTesting
  OmemoDoubleRatchet? getRatchet(RatchetMapKey key) => _ratchetMap[key];
  /// Figure out what bundles we have to still build a session with.
  Future<List<OmemoBundle>> _fetchNewBundles(String jid) async {
    // Check if we already requested the device list for [jid]
    List<int> bundlesToFetch;
    if (!_deviceListRequested.containsKey(jid) ||
        !_deviceList.containsKey(jid)) {
      // We don't have an up-to-date version of the device list
      final newDeviceList = await fetchDeviceListImpl(jid);
      if (newDeviceList == null) return [];
      _deviceList[jid] = newDeviceList;
      bundlesToFetch = newDeviceList.where((id) {
        return !_ratchetMap.containsKey(RatchetMapKey(jid, id)) ||
            _deviceList[jid]?.contains(id) == false;
      }).toList();
      // Trigger an event with the new device list
      _eventStreamController.add(DeviceListModifiedEvent(_deviceList));
    } else {
      // We already have an up-to-date version of the device list
      bundlesToFetch = _deviceList[jid]!
          .where((id) => !_ratchetMap.containsKey(RatchetMapKey(jid, id)))
          .toList();
    }
    if (bundlesToFetch.isNotEmpty) {
      _log.finest('Fetching bundles $bundlesToFetch for $jid');
    }
    final device = await getDevice();
    final newBundles = List<OmemoBundle>.empty(growable: true);
    for (final id in bundlesToFetch) {
      if (jid == device.jid && id == device.id) continue;
      final bundle = await fetchDeviceBundleImpl(jid, id);
      if (bundle != null) newBundles.add(bundle);
    }
    return newBundles;
  }
  /// Encrypt the key [plaintext] for all known bundles of the Jids in [jids]. Returns a
  /// map that maps the device Id to the ciphertext of [plaintext].
  ///
  /// If [plaintext] is null, then the result will be an empty OMEMO message, i.e. one that
  /// does not contain a <payload /> element. This means that the ciphertext attribute of
  /// the result will be null as well.
  /// NOTE: Must be called within the ratchet critical section
  Future<EncryptionResult> _encryptToJids(
    List<String> jids,
    String? plaintext,
  ) async {
    final encryptedKeys = List<EncryptedKey>.empty(growable: true);
    var ciphertext = const <int>[];
    var keyPayload = const <int>[];
    if (plaintext != null) {
      // Generate the key and encrypt the plaintext
      final key = generateRandomBytes(32);
      final keys = await deriveEncryptionKeys(key, omemoPayloadInfoString);
      ciphertext = await aes256CbcEncrypt(
        utf8.encode(plaintext),
        keys.encryptionKey,
        keys.iv,
      );
      final hmac = await truncatedHmac(ciphertext, keys.authenticationKey);
      keyPayload = concat([key, hmac]);
    } else {
      keyPayload = List<int>.filled(32, 0x0);
    }
    final kex = <RatchetMapKey, OmemoKeyExchange>{};
    for (final jid in jids) {
      for (final newSession in await _fetchNewBundles(jid)) {
        kex[RatchetMapKey(jid, newSession.id)] = await addSessionFromBundle(
          newSession.jid,
          newSession.id,
          newSession,
        );
      }
    }
    // We assume that the user already checked if the session exists
    final deviceEncryptionErrors = <RatchetMapKey, OmemoException>{};
    final jidEncryptionErrors = <String, OmemoException>{};
    for (final jid in jids) {
      final devices = _deviceList[jid];
      if (devices == null) {
        _log.severe('Device list does not exist for $jid.');
        jidEncryptionErrors[jid] = NoKeyMaterialAvailableException();
        continue;
      }
      if (!_subscriptionMap.containsKey(jid)) {
        unawaited(subscribeToDeviceListNodeImpl(jid));
        _subscriptionMap[jid] = true;
      }
      for (final deviceId in devices) {
        // Empty OMEMO messages are allowed to bypass trust
        if (plaintext != null) {
          // Only encrypt to devices that are trusted
          if (!(await _trustManager.isTrusted(jid, deviceId))) continue;
          // Only encrypt to devices that are enabled
          if (!(await _trustManager.isEnabled(jid, deviceId))) continue;
        }
        final ratchetKey = RatchetMapKey(jid, deviceId);
        var ratchet = _ratchetMap[ratchetKey];
        if (ratchet == null) {
          _log.severe('Ratchet ${ratchetKey.toJsonKey()} does not exist.');
          deviceEncryptionErrors[ratchetKey] =
              NoKeyMaterialAvailableException();
          continue;
        }
        final ciphertext =
            (await ratchet.ratchetEncrypt(keyPayload)).ciphertext;
        if (kex.containsKey(ratchetKey)) {
          // The ratchet did not exist
          final k = kex[ratchetKey]!
            ..message = OmemoAuthenticatedMessage.fromBuffer(ciphertext);
          final buffer = base64.encode(k.writeToBuffer());
          encryptedKeys.add(
            EncryptedKey(
              jid,
              deviceId,
              buffer,
              true,
            ),
          );
          ratchet = ratchet.cloneWithKex(buffer);
          _ratchetMap[ratchetKey] = ratchet;
        } else if (!ratchet.acknowledged) {
          // The ratchet exists but is not acked
          if (ratchet.kex != null) {
            final oldKex =
                OmemoKeyExchange.fromBuffer(base64.decode(ratchet.kex!))
                  ..message = OmemoAuthenticatedMessage.fromBuffer(ciphertext);
            encryptedKeys.add(
              EncryptedKey(
                jid,
                deviceId,
                base64.encode(oldKex.writeToBuffer()),
                true,
              ),
            );
          } else {
            // The ratchet is not acked but we don't have the old key exchange
            _log.warning(
              'Ratchet for $jid:$deviceId is not acked but the kex attribute is null',
            );
            encryptedKeys.add(
              EncryptedKey(
                jid,
                deviceId,
                base64.encode(ciphertext),
                false,
              ),
            );
          }
        } else {
          // The ratchet exists and is acked
          encryptedKeys.add(
            EncryptedKey(
              jid,
              deviceId,
              base64.encode(ciphertext),
              false,
            ),
          );
        }
        // Commit the ratchet
        _eventStreamController
            .add(RatchetModifiedEvent(jid, deviceId, ratchet, false, false));
      }
    }
    return EncryptionResult(
      plaintext != null ? ciphertext : null,
      encryptedKeys,
      deviceEncryptionErrors,
      jidEncryptionErrors,
    );
  }
  /// Call when receiving an OMEMO:2 encrypted stanza. Will handle everything and
  /// decrypt it.
  Future<DecryptionResult> onIncomingStanza(OmemoIncomingStanza stanza) async {
    await _enterRatchetCriticalSection(stanza.bareSenderJid);
    if (!_subscriptionMap.containsKey(stanza.bareSenderJid)) {
      unawaited(subscribeToDeviceListNodeImpl(stanza.bareSenderJid));
      _subscriptionMap[stanza.bareSenderJid] = true;
    }
    final ratchetKey =
        RatchetMapKey(stanza.bareSenderJid, stanza.senderDeviceId);
    final _InternalDecryptionResult result;
    try {
      result = await _decryptMessage(
        stanza.payload != null ? base64.decode(stanza.payload!) : null,
        stanza.bareSenderJid,
        stanza.senderDeviceId,
        stanza.keys,
        stanza.timestamp,
      );
    } on OmemoException catch (ex) {
      await _leaveRatchetCriticalSection(stanza.bareSenderJid);
      return DecryptionResult(
        null,
        ex,
      );
    }
    // Check if the ratchet is acked
    final ratchet = getRatchet(ratchetKey);
    assert(
      ratchet != null,
      'We decrypted the message, so the ratchet must exist',
    );
    if (ratchet!.acknowledged) {
      // Ratchet is acknowledged
      if (ratchet.nr > 53 || result.ratchetCreated || result.ratchetReplaced) {
        await sendEmptyOmemoMessageImpl(
          await _encryptToJids(
            [stanza.bareSenderJid],
            null,
          ),
          stanza.bareSenderJid,
        );
      }
      // Ratchet is acked
      await _leaveRatchetCriticalSection(stanza.bareSenderJid);
      return DecryptionResult(
        result.payload,
        null,
      );
    } else {
      // Ratchet is not acked.
      // Mark as acked and send an empty OMEMO message.
      await ratchetAcknowledged(
        stanza.bareSenderJid,
        stanza.senderDeviceId,
        enterCriticalSection: false,
      );
      await sendEmptyOmemoMessageImpl(
        await _encryptToJids(
          [stanza.bareSenderJid],
          null,
        ),
        stanza.bareSenderJid,
      );
      await _leaveRatchetCriticalSection(stanza.bareSenderJid);
      return DecryptionResult(
        result.payload,
        null,
      );
    }
  }
  /// Call when sending out an encrypted stanza. Will handle everything and
  /// encrypt it.
  Future<EncryptionResult> onOutgoingStanza(OmemoOutgoingStanza stanza) async {
    _log.finest('Waiting to enter critical section');
    await _enterRatchetCriticalSection(stanza.recipientJids.first);
    _log.finest('Entered critical section');
    final result = _encryptToJids(
      stanza.recipientJids,
      stanza.payload,
    );
    await _leaveRatchetCriticalSection(stanza.recipientJids.first);
    return result;
  }
  // Sends a hearbeat message as specified by XEP-0384 to [jid].
  Future<void> sendOmemoHeartbeat(String jid) async {
    // TODO(Unknown): Include some error handling
    final result = await _encryptToJids(
      [jid],
      null,
    );
    await sendEmptyOmemoMessageImpl(result, jid);
  }
  /// Mark the ratchet for device [deviceId] from [jid] as acked.
  Future<void> ratchetAcknowledged(
    String jid,
    int deviceId, {
    bool enterCriticalSection = true,
  }) async {
    if (enterCriticalSection) await _enterRatchetCriticalSection(jid);
    final key = RatchetMapKey(jid, deviceId);
    if (_ratchetMap.containsKey(key)) {
      final ratchet = _ratchetMap[key]!..acknowledged = true;
      // Commit it
      _eventStreamController
          .add(RatchetModifiedEvent(jid, deviceId, ratchet, false, false));
    } else {
      _log.severe(
        'Attempted to acknowledge ratchet ${key.toJsonKey()}, even though it does not exist',
      );
    }
    if (enterCriticalSection) await _leaveRatchetCriticalSection(jid);
  }
  /// Generates an entirely new device. May be useful when the user wants to reset their cryptographic
  /// identity. Triggers an event to commit it to storage.
  Future<void> regenerateDevice() async {
    await _deviceLock.synchronized(() async {
      _device = await OmemoDevice.generateNewDevice(_device.jid);
      // Commit it
      _eventStreamController.add(DeviceModifiedEvent(_device));
    });
  }
  /// Returns the device used for encryption and decryption.
  Future<OmemoDevice> getDevice() => _deviceLock.synchronized(() => _device);
  /// Returns the id of the device used for encryption and decryption.
  Future<int> getDeviceId() async => (await getDevice()).id;
  /// Directly aquire the current device as a OMEMO device bundle.
  Future<OmemoBundle> getDeviceBundle() async => (await getDevice()).toBundle();
  /// Directly aquire the current device's fingerprint.
  Future<String> getDeviceFingerprint() async =>
      (await getDevice()).getFingerprint();
  /// Returns the fingerprints for all devices of [jid] that we have a session with.
  /// If there are not sessions with [jid], then returns null.
  Future<List<DeviceFingerprint>?> getFingerprintsForJid(String jid) async {
    if (!_deviceList.containsKey(jid)) return null;
    await _enterRatchetCriticalSection(jid);
    final fingerprintKeys = _deviceList[jid]!
        .map((id) => RatchetMapKey(jid, id))
        .where((key) => _ratchetMap.containsKey(key));
    final fingerprints = List<DeviceFingerprint>.empty(growable: true);
    for (final key in fingerprintKeys) {
      final curveKey = await _ratchetMap[key]!.ik.toCurve25519();
      fingerprints.add(
        DeviceFingerprint(
          key.deviceId,
          HEX.encode(await curveKey.getBytes()),
        ),
      );
    }
    await _leaveRatchetCriticalSection(jid);
    return fingerprints;
  }
  /// Ensures that the device list is fetched again on the next message sending.
  void onNewConnection() {
    _deviceListRequested.clear();
    _subscriptionMap.clear();
  }
  /// Sets the device list for [jid] to [devices]. Triggers a DeviceListModifiedEvent.
  void onDeviceListUpdate(String jid, List<int> devices) {
    _deviceList[jid] = devices;
    _deviceListRequested[jid] = true;
    // Trigger an event
    _eventStreamController.add(DeviceListModifiedEvent(_deviceList));
  }
  void initialize(
    Map<RatchetMapKey, OmemoDoubleRatchet> ratchetMap,
    Map<String, List<int>> deviceList,
  ) {
    _deviceList = deviceList;
    _ratchetMap = ratchetMap;
  }
  /// Removes all ratchets for JID [jid]. This also removes all trust decisions for
  /// [jid] from the trust manager. This function triggers a RatchetRemovedEvent for
  /// every removed ratchet and a DeviceListModifiedEvent afterwards. Behaviour for
  /// the trust manager is dependent on its implementation.
  Future<void> removeAllRatchets(String jid) async {
    await _enterRatchetCriticalSection(jid);
    for (final deviceId in _deviceList[jid]!) {
      // Remove the ratchet and commit it
      _ratchetMap.remove(RatchetMapKey(jid, deviceId));
      _eventStreamController.add(RatchetRemovedEvent(jid, deviceId));
    }
    // Remove the devices from the device list cache and commit it
    _deviceList.remove(jid);
    _deviceListRequested.remove(jid);
    _eventStreamController.add(DeviceListModifiedEvent(_deviceList));
    // Remove trust decisions
    await _trustManager.removeTrustDecisionsForJid(jid);
    await _leaveRatchetCriticalSection(jid);
  }
  /// Replaces the internal device with [newDevice]. Does not trigger an event.
  Future<void> replaceDevice(OmemoDevice newDevice) async {
    await _deviceLock.synchronized(() {
      _device = newDevice;
    });
  }
 }
--- a/lib/src/omemo/queue.dart
+++ b/lib/src/omemo/queue.dart
@ -0,0 +1,100 @@
 import 'dart:async';
 import 'dart:collection';
 import 'package:meta/meta.dart';
 import 'package:synchronized/synchronized.dart';
 extension UtilAllMethodsList<T> on List<T> {
  void removeAll(List<T> values) {
    for (final value in values) {
      remove(value);
    }
  }
  bool containsAll(List<T> values) {
    for (final value in values) {
      if (!contains(value)) {
        return false;
      }
    }
    return true;
  }
 }
 class _RatchetAccessQueueEntry {
  _RatchetAccessQueueEntry(
    this.jids,
    this.completer,
  );
  final List<String> jids;
  final Completer<void> completer;
 }
 class RatchetAccessQueue {
  final Queue<_RatchetAccessQueueEntry> _queue = Queue();
  @visibleForTesting
  final List<String> runningOperations = List<String>.empty(growable: true);
  final Lock lock = Lock();
  bool canBypass(List<String> jids) {
    for (final jid in jids) {
      if (runningOperations.contains(jid)) {
        return false;
      }
    }
    return true;
  }
  Future<void> enterCriticalSection(List<String> jids) async {
    final completer = await lock.synchronized<Completer<void>?>(() {
      if (canBypass(jids)) {
        runningOperations.addAll(jids);
        return null;
      }
      final completer = Completer<void>();
      _queue.add(
        _RatchetAccessQueueEntry(
          jids,
          completer,
        ),
      );
      return completer;
    });
    await completer?.future;
  }
  Future<void> leaveCriticalSection(List<String> jids) async {
    await lock.synchronized(() {
      runningOperations.removeAll(jids);
      while (_queue.isNotEmpty) {
        if (canBypass(_queue.first.jids)) {
          final head = _queue.removeFirst();
          runningOperations.addAll(head.jids);
          head.completer.complete();
        } else {
          break;
        }
      }
    });
  }
  Future<T> synchronized<T>(
    List<String> jids,
    Future<T> Function() function,
  ) async {
    await enterCriticalSection(jids);
    final result = await function();
    await leaveCriticalSection(jids);
    return result;
  }
 }
--- a/lib/src/omemo/ratchet_data.dart
+++ b/lib/src/omemo/ratchet_data.dart
@ -0,0 +1,26 @@
 import 'package:omemo_dart/src/double_ratchet/double_ratchet.dart';
 class OmemoRatchetData {
  const OmemoRatchetData(
    this.jid,
    this.id,
    this.ratchet,
    this.added,
    this.replaced,
  );
  /// The JID we have the ratchet with.
  final String jid;
  /// The device id we have the ratchet with.
  final int id;
  /// The actual double ratchet to commit.
  final OmemoDoubleRatchet ratchet;
  /// Indicates whether the ratchet has just been created (true) or just modified (false).
  final bool added;
  /// Indicates whether the ratchet has been replaced (true) or not.
  final bool replaced;
 }
--- a/lib/src/omemo/stanza.dart
+++ b/lib/src/omemo/stanza.dart
@ -5,9 +5,9 @@ class OmemoIncomingStanza {
  const OmemoIncomingStanza(
    this.bareSenderJid,
    this.senderDeviceId,
    this.timestamp,
    this.keys,
    this.payload,
    this.isCatchup,
  );
  /// The bare JID of the sender of the stanza.
@ -16,14 +16,14 @@ class OmemoIncomingStanza {
  /// The device ID of the sender.
  final int senderDeviceId;
-  /// The timestamp when the stanza was received.
+  /// The included encrypted keys for our own JID
  final int timestamp;
  /// The included encrypted keys
  final List<EncryptedKey> keys;
  /// The string payload included in the <encrypted /> element.
  final String? payload;
  /// Flag indicating whether the message was received due to a catchup.
  final bool isCatchup;
 }
 /// Describes a stanza that is to be sent out
@ -37,5 +37,5 @@ class OmemoOutgoingStanza {
  final List<String> recipientJids;
  /// The serialised XML data that should be encrypted.
-  final String payload;
+  final String? payload;
 }
--- a/lib/src/protobuf/.gitkeep
+++ b/lib/src/protobuf/.gitkeep
--- a/lib/src/protobuf/omemo_authenticated_message.dart
+++ b/lib/src/protobuf/omemo_authenticated_message.dart
@ -1,38 +0,0 @@
 import 'package:omemo_dart/src/helpers.dart';
 import 'package:omemo_dart/src/protobuf/protobuf.dart';
 class OmemoAuthenticatedMessage {
  OmemoAuthenticatedMessage();
  factory OmemoAuthenticatedMessage.fromBuffer(List<int> data) {
    var i = 0;
    // required bytes mac     = 1;
    if (data[0] != fieldId(1, fieldTypeByteArray)) {
      throw Exception();
    }
    final mac = data.sublist(2, i + 2 + data[1]);
    i += data[1] + 2;
    if (data[i] != fieldId(2, fieldTypeByteArray)) {
      throw Exception();
    }
    final message = data.sublist(i + 2, i + 2 + data[i + 1]);
    return OmemoAuthenticatedMessage()
      ..mac = mac
      ..message = message;
  }
  List<int>? mac;
  List<int>? message;
  List<int> writeToBuffer() {
    return concat([
      [fieldId(1, fieldTypeByteArray), mac!.length],
      mac!,
      [fieldId(2, fieldTypeByteArray), message!.length],
      message!,
    ]);
  }
 }
--- a/lib/src/protobuf/omemo_key_exchange.dart
+++ b/lib/src/protobuf/omemo_key_exchange.dart
@ -1,71 +0,0 @@
 import 'package:omemo_dart/src/helpers.dart';
 import 'package:omemo_dart/src/protobuf/omemo_authenticated_message.dart';
 import 'package:omemo_dart/src/protobuf/protobuf.dart';
 class OmemoKeyExchange {
  OmemoKeyExchange();
  factory OmemoKeyExchange.fromBuffer(List<int> data) {
    var i = 0;
    if (data[i] != fieldId(1, fieldTypeUint32)) {
      throw Exception();
    }
    var decoded = decodeVarint(data, 1);
    final pkId = decoded.n;
    i += decoded.length + 1;
    if (data[i] != fieldId(2, fieldTypeUint32)) {
      throw Exception();
    }
    decoded = decodeVarint(data, i + 1);
    final spkId = decoded.n;
    i += decoded.length + 1;
    if (data[i] != fieldId(3, fieldTypeByteArray)) {
      throw Exception();
    }
    final ik = data.sublist(i + 2, i + 2 + data[i + 1]);
    i += 2 + data[i + 1];
    if (data[i] != fieldId(4, fieldTypeByteArray)) {
      throw Exception();
    }
    final ek = data.sublist(i + 2, i + 2 + data[i + 1]);
    i += 2 + data[i + 1];
    if (data[i] != fieldId(5, fieldTypeByteArray)) {
      throw Exception();
    }
    final message = OmemoAuthenticatedMessage.fromBuffer(data.sublist(i + 2));
    return OmemoKeyExchange()
      ..pkId = pkId
      ..spkId = spkId
      ..ik = ik
      ..ek = ek
      ..message = message;
  }
  int? pkId;
  int? spkId;
  List<int>? ik;
  List<int>? ek;
  OmemoAuthenticatedMessage? message;
  List<int> writeToBuffer() {
    final msg = message!.writeToBuffer();
    return concat([
      [fieldId(1, fieldTypeUint32)],
      encodeVarint(pkId!),
      [fieldId(2, fieldTypeUint32)],
      encodeVarint(spkId!),
      [fieldId(3, fieldTypeByteArray), ik!.length],
      ik!,
      [fieldId(4, fieldTypeByteArray), ek!.length],
      ek!,
      [fieldId(5, fieldTypeByteArray), msg.length],
      msg,
    ]);
  }
 }
--- a/lib/src/protobuf/omemo_message.dart
+++ b/lib/src/protobuf/omemo_message.dart
@ -1,75 +0,0 @@
 import 'package:omemo_dart/src/helpers.dart';
 import 'package:omemo_dart/src/protobuf/protobuf.dart';
 class OmemoMessage {
  OmemoMessage();
  factory OmemoMessage.fromBuffer(List<int> data) {
    var i = 0;
    // required uint32 n          = 1;
    if (data[0] != fieldId(1, fieldTypeUint32)) {
      throw Exception();
    }
    var decode = decodeVarint(data, 1);
    final n = decode.n;
    i += decode.length + 1;
    // required uint32 pn         = 2;
    if (data[i] != fieldId(2, fieldTypeUint32)) {
      throw Exception();
    }
    decode = decodeVarint(data, i + 1);
    final pn = decode.n;
    i += decode.length + 1;
    // required bytes  dh_pub     = 3;
    if (data[i] != fieldId(3, fieldTypeByteArray)) {
      throw Exception();
    }
    final dhPub = data.sublist(i + 2, i + 2 + data[i + 1]);
    i += 2 + data[i + 1];
    // optional bytes  ciphertext = 4;
    List<int>? ciphertext;
    if (i < data.length) {
      if (data[i] != fieldId(4, fieldTypeByteArray)) {
        throw Exception();
      }
      ciphertext = data.sublist(i + 2, i + 2 + data[i + 1]);
    }
    return OmemoMessage()
      ..n = n
      ..pn = pn
      ..dhPub = dhPub
      ..ciphertext = ciphertext;
  }
  int? n;
  int? pn;
  List<int>? dhPub;
  List<int>? ciphertext;
  List<int> writeToBuffer() {
    final data = concat([
      [fieldId(1, fieldTypeUint32)],
      encodeVarint(n!),
      [fieldId(2, fieldTypeUint32)],
      encodeVarint(pn!),
      [fieldId(3, fieldTypeByteArray), dhPub!.length],
      dhPub!,
    ]);
    if (ciphertext != null) {
      return concat([
        data,
        [fieldId(4, fieldTypeByteArray), ciphertext!.length],
        ciphertext!,
      ]);
    }
    return data;
  }
 }
--- a/lib/src/protobuf/protobuf.dart
+++ b/lib/src/protobuf/protobuf.dart
@ -1,64 +0,0 @@
 /// Masks the 7 LSB
 const lsb7Mask = 0x7F;
 /// Constant for setting the MSB
 const msb = 1 << 7;
 /// Field types
 const fieldTypeUint32 = 0;
 const fieldTypeByteArray = 2;
 int fieldId(int number, int type) {
  return (number << 3) | type;
 }
 class VarintDecode {
  const VarintDecode(this.n, this.length);
  final int n;
  final int length;
 }
 /// Decode a Varint that begins at [input]'s index [offset].
 VarintDecode decodeVarint(List<int> input, int offset) {
  // The return value
  var n = 0;
  // The byte offset counter
  var i = 0;
  // Iterate until the MSB of the byte is 0
  while (true) {
    // Mask only the 7 LSB and "move" them accordingly
    n += (input[offset + i] & lsb7Mask) << (7 * i);
    // Break if we reached the end
    if (input[offset + i] & 1 << 7 == 0) {
      break;
    }
    i++;
  }
  return VarintDecode(n, i + 1);
 }
 // Encodes the integer [i] into a Varint.
 List<int> encodeVarint(int i) {
  assert(i >= 0, "Two's complement is not implemented");
  final ret = List<int>.empty(growable: true);
  // Thanks to https://github.com/hathibelagal-dev/LEB128 for the trick with toRadixString!
  final numSevenBlocks = (i.toRadixString(2).length / 7).ceil();
  for (var j = 0; j < numSevenBlocks; j++) {
    // The 7 LSB of the byte we're creating
    final x = (i & (lsb7Mask << j * 7)) >> j * 7;
    if (j == numSevenBlocks - 1) {
      // If we were to shift further, we only get zero, so we're at the end
      ret.add(x);
    } else {
      // We still have at least one bit more to go, so set the MSB to 1
      ret.add(x + msb);
    }
  }
  return ret;
 }
--- a/lib/src/protobuf/schema.pb.dart
+++ b/lib/src/protobuf/schema.pb.dart
--- a/lib/src/protobuf/schema.pbenum.dart
+++ b/lib/src/protobuf/schema.pbenum.dart
--- a/lib/src/protobuf/schema.pbjson.dart
+++ b/lib/src/protobuf/schema.pbjson.dart
--- a/lib/src/protobuf/schema.pbserver.dart
+++ b/lib/src/protobuf/schema.pbserver.dart
--- a/lib/src/trust/always.dart
+++ b/lib/src/trust/always.dart
@ -22,5 +22,5 @@ class AlwaysTrustingTrustManager extends TrustManager {
  Future<void> removeTrustDecisionsForJid(String jid) async {}
  @override
-  Future<Map<String, dynamic>> toJson() async => <String, dynamic>{};
+  Future<void> loadTrustData(String jid) async {}
 }
--- a/lib/src/trust/base.dart
+++ b/lib/src/trust/base.dart
@ -1,3 +1,5 @@
 import 'package:meta/meta.dart';
 /// The base class for managing trust in OMEMO sessions.
 // ignore: one_member_abstracts
 abstract class TrustManager {
@ -7,6 +9,7 @@ abstract class TrustManager {
  /// Called by the OmemoSessionManager when a new session has been built. Should set
  /// a default trust state to [jid]'s device with identifier [deviceId].
  @internal
  Future<void> onNewSession(String jid, int deviceId);
  /// Return true if the device with id [deviceId] of Jid [jid] should be used for encryption.
@ -17,9 +20,14 @@ abstract class TrustManager {
  /// if [enabled] is false.
  Future<void> setEnabled(String jid, int deviceId, bool enabled);
  /// Serialize the trust manager to JSON.
  Future<Map<String, dynamic>> toJson();
  /// Removes all trust decisions for [jid].
  @internal
  Future<void> removeTrustDecisionsForJid(String jid);
  // ignore: comment_references
  /// Called from within the [OmemoManager].
  /// Loads the trust data for the JID [jid] from persistent storage
  /// into the internal cache, if applicable.
  @internal
  Future<void> loadTrustData(String jid);
 }
--- a/lib/src/trust/btbv.dart
+++ b/lib/src/trust/btbv.dart
@ -1,71 +1,116 @@
 import 'package:meta/meta.dart';
 import 'package:omemo_dart/src/helpers.dart';
 import 'package:omemo_dart/src/omemo/ratchet_map_key.dart';
 import 'package:omemo_dart/src/trust/base.dart';
-import 'package:synchronized/synchronized.dart';
+
@immutable
 class BTBVTrustData {
  const BTBVTrustData(
    this.jid,
    this.device,
    this.state,
    this.enabled,
    this.trusted,
  );
  /// The JID in question.
  final String jid;
  /// The device (ratchet) in question.
  final int device;
  /// The trust state of the ratchet.
  final BTBVTrustState state;
  /// Flag indicating whether the ratchet is enabled (true) or not (false).
  final bool enabled;
  /// Flag indicating whether the ratchet is trusted. For loading and commiting a ratchet, this field
  /// contains an arbitrary value.
  /// When using [BlindTrustBeforeVerificationTrustManager.getDevicesTrust], this flag will be true if
  /// the ratchet is trusted and false if not.
  final bool trusted;
 }
 /// A callback for when a trust decision is to be commited to persistent storage.
 typedef BTBVTrustCommitCallback = Future<void> Function(BTBVTrustData data);
 /// A stub-implementation of [BTBVTrustCommitCallback].
 Future<void> btbvCommitStub(BTBVTrustData _) async {}
 /// A callback for when all trust decisions for a JID should be removed from persistent storage.
 typedef BTBVRemoveTrustForJidCallback = Future<void> Function(String jid);
 /// A stub-implementation of [BTBVRemoveTrustForJidCallback].
 Future<void> btbvRemoveTrustStub(String _) async {}
 /// A callback for when trust data should be loaded.
 typedef BTBVLoadDataCallback = Future<List<BTBVTrustData>> Function(String jid);
 /// A stub-implementation for [BTBVLoadDataCallback].
 Future<List<BTBVTrustData>> btbvLoadDataStub(String _) async => [];
 /// Every device is in either of those two trust states:
 /// - notTrusted: The device is absolutely not trusted
 /// - blindTrust: The fingerprint is not verified using OOB means
 /// - verified: The fingerprint has been verified using OOB means
 enum BTBVTrustState {
-  notTrusted, // = 1
+  notTrusted(1),
-  blindTrust, // = 2
+  blindTrust(2),
-  verified, // = 3
+  verified(3);
 }
-int _trustToInt(BTBVTrustState state) {
+  const BTBVTrustState(this.value);
  switch (state) {
    case BTBVTrustState.notTrusted:
      return 1;
    case BTBVTrustState.blindTrust:
      return 2;
    case BTBVTrustState.verified:
      return 3;
  }
 }
-BTBVTrustState _trustFromInt(int i) {
+  factory BTBVTrustState.fromInt(int value) {
-  switch (i) {
+    switch (value) {
-    case 1:
+      case 1:
-      return BTBVTrustState.notTrusted;
+        return BTBVTrustState.notTrusted;
-    case 2:
+      case 2:
-      return BTBVTrustState.blindTrust;
+        return BTBVTrustState.blindTrust;
-    case 3:
+      case 3:
-      return BTBVTrustState.verified;
+        return BTBVTrustState.verified;
-    default:
+      // TODO(Unknown): Should we handle this better?
-      return BTBVTrustState.notTrusted;
+      default:
        return BTBVTrustState.notTrusted;
    }
  }
  /// The value backing the trust state.
  final int value;
 }
 /// A TrustManager that implements the idea of Blind Trust Before Verification.
 /// See https://gultsch.de/trust.html for more details.
-abstract class BlindTrustBeforeVerificationTrustManager extends TrustManager {
+class BlindTrustBeforeVerificationTrustManager extends TrustManager {
  BlindTrustBeforeVerificationTrustManager({
-    Map<RatchetMapKey, BTBVTrustState>? trustCache,
+    this.loadData = btbvLoadDataStub,
-    Map<RatchetMapKey, bool>? enablementCache,
+    this.commit = btbvCommitStub,
-    Map<String, List<int>>? devices,
+    this.removeTrust = btbvRemoveTrustStub,
-  })  : trustCache = trustCache ?? {},
+  });
        enablementCache = enablementCache ?? {},
        devices = devices ?? {},
        _lock = Lock();
  /// The cache for mapping a RatchetMapKey to its trust state
  @visibleForTesting
  @protected
-  final Map<RatchetMapKey, BTBVTrustState> trustCache;
+  final Map<RatchetMapKey, BTBVTrustState> trustCache = {};
  /// The cache for mapping a RatchetMapKey to whether it is enabled or not
  @visibleForTesting
  @protected
-  final Map<RatchetMapKey, bool> enablementCache;
+  final Map<RatchetMapKey, bool> enablementCache = {};
  /// Mapping of Jids to their device identifiers
  @visibleForTesting
  @protected
-  final Map<String, List<int>> devices;
+  final Map<String, List<int>> devices = {};
-  /// The lock for devices and trustCache
+  /// Callback for loading trust data.
-  final Lock _lock;
+  final BTBVLoadDataCallback loadData;
  /// Callback for commiting trust data to persistent storage.
  final BTBVTrustCommitCallback commit;
  /// Callback for removing trust data for a JID.
  final BTBVRemoveTrustForJidCallback removeTrust;
  /// Returns true if [jid] has at least one device that is verified. If not, returns false.
  /// Note that this function accesses devices and trustCache, which requires that the
@ -80,69 +125,72 @@ abstract class BlindTrustBeforeVerificationTrustManager extends TrustManager {
  @override
  Future<bool> isTrusted(String jid, int deviceId) async {
-    var returnValue = false;
+    final trustCacheValue = trustCache[RatchetMapKey(jid, deviceId)];
-    await _lock.synchronized(() async {
+    if (trustCacheValue == BTBVTrustState.notTrusted) {
-      final trustCacheValue = trustCache[RatchetMapKey(jid, deviceId)];
+      return false;
-      if (trustCacheValue == BTBVTrustState.notTrusted) {
+    } else if (trustCacheValue == BTBVTrustState.verified) {
-        returnValue = false;
+      // The key is verified, so it's safe.
-        return;
+      return true;
-      } else if (trustCacheValue == BTBVTrustState.verified) {
+    } else {
-        // The key is verified, so it's safe.
+      if (_hasAtLeastOneVerifiedDevice(jid)) {
-        returnValue = true;
+        // Do not trust if there is at least one device with full trust
-        return;
+        return false;
      } else {
-        if (_hasAtLeastOneVerifiedDevice(jid)) {
+        // We have not verified a key from [jid], so it is blind trust all the way.
-          // Do not trust if there is at least one device with full trust
+        return true;
          returnValue = false;
          return;
        } else {
          // We have not verified a key from [jid], so it is blind trust all the way.
          returnValue = true;
          return;
        }
      }
-    });
+    }
    return returnValue;
  }
  @override
  Future<void> onNewSession(String jid, int deviceId) async {
-    await _lock.synchronized(() async {
+    final key = RatchetMapKey(jid, deviceId);
-      final key = RatchetMapKey(jid, deviceId);
+    if (_hasAtLeastOneVerifiedDevice(jid)) {
-      if (_hasAtLeastOneVerifiedDevice(jid)) {
+      trustCache[key] = BTBVTrustState.notTrusted;
-        trustCache[key] = BTBVTrustState.notTrusted;
+      enablementCache[key] = false;
-        enablementCache[key] = false;
+    } else {
-      } else {
+      trustCache[key] = BTBVTrustState.blindTrust;
-        trustCache[key] = BTBVTrustState.blindTrust;
+      enablementCache[key] = true;
-        enablementCache[key] = true;
+    }
      }
-      if (devices.containsKey(jid)) {
+    // Append to the device list
-        devices[jid]!.add(deviceId);
+    devices.appendOrCreate(jid, deviceId, checkExistence: true);
      } else {
        devices[jid] = List<int>.from([deviceId]);
      }
-      // Commit the state
+    // Commit the state
-      await commitState();
+    await commit(
-    });
+      BTBVTrustData(
        jid,
        deviceId,
        trustCache[key]!,
        enablementCache[key]!,
        false,
      ),
    );
  }
  /// Returns a mapping from the device identifiers of [jid] to their trust state. If
  /// there are no devices known for [jid], then an empty map is returned.
-  Future<Map<int, BTBVTrustState>> getDevicesTrust(String jid) async {
+  Future<Map<int, BTBVTrustData>> getDevicesTrust(String jid) async {
-    return _lock.synchronized(() async {
+    final map = <int, BTBVTrustData>{};
      final map = <int, BTBVTrustState>{};
-      if (!devices.containsKey(jid)) return map;
+    if (!devices.containsKey(jid)) return map;
-      for (final deviceId in devices[jid]!) {
+    for (final deviceId in devices[jid]!) {
-        map[deviceId] = trustCache[RatchetMapKey(jid, deviceId)]!;
+      final key = RatchetMapKey(jid, deviceId);
      if (!trustCache.containsKey(key) || !enablementCache.containsKey(key)) {
        continue;
      }
-      return map;
+      map[deviceId] = BTBVTrustData(
-    });
+        jid,
        deviceId,
        trustCache[key]!,
        enablementCache[key]!,
        await isTrusted(jid, deviceId),
      );
    }
    return map;
  }
  /// Sets the trust of [jid]'s device with identifier [deviceId] to [state].
@ -151,108 +199,71 @@ abstract class BlindTrustBeforeVerificationTrustManager extends TrustManager {
    int deviceId,
    BTBVTrustState state,
  ) async {
-    await _lock.synchronized(() async {
+    final key = RatchetMapKey(jid, deviceId);
-      trustCache[RatchetMapKey(jid, deviceId)] = state;
+    trustCache[key] = state;
-      // Commit the state
+    // Commit the state
-      await commitState();
+    await commit(
-    });
+      BTBVTrustData(
        jid,
        deviceId,
        state,
        enablementCache[key]!,
        false,
      ),
    );
  }
  @override
  Future<bool> isEnabled(String jid, int deviceId) async {
-    return _lock.synchronized(() async {
+    final value = enablementCache[RatchetMapKey(jid, deviceId)];
      final value = enablementCache[RatchetMapKey(jid, deviceId)];
-      if (value == null) return false;
+    if (value == null) return false;
-      return value;
+    return value;
    });
  }
  @override
  Future<void> setEnabled(String jid, int deviceId, bool enabled) async {
-    await _lock.synchronized(() async {
+    final key = RatchetMapKey(jid, deviceId);
-      enablementCache[RatchetMapKey(jid, deviceId)] = enabled;
+    enablementCache[key] = enabled;
    });
    // Commit the state
-    await commitState();
+    await commit(
-  }
+      BTBVTrustData(
-
+        jid,
-  @override
+        deviceId,
-  Future<Map<String, dynamic>> toJson() async {
+        trustCache[key]!,
-    return {
+        enabled,
-      'devices': devices,
+        false,
      'trust': trustCache.map(
        (key, value) => MapEntry(
          key.toJsonKey(),
          _trustToInt(value),
        ),
      ),
      'enable':
          enablementCache.map((key, value) => MapEntry(key.toJsonKey(), value)),
    };
  }
  /// From a serialized version of a BTBV trust manager, extract the device list.
  /// NOTE: This is needed as Dart cannot just cast a List<dynamic> to List<int> and so on.
  static Map<String, List<int>> deviceListFromJson(Map<String, dynamic> json) {
    return (json['devices']! as Map<String, dynamic>).map<String, List<int>>(
      (key, value) => MapEntry(
        key,
        (value as List<dynamic>).map<int>((i) => i as int).toList(),
      ),
    );
  }
  /// From a serialized version of a BTBV trust manager, extract the trust cache.
  /// NOTE: This is needed as Dart cannot just cast a List<dynamic> to List<int> and so on.
  static Map<RatchetMapKey, BTBVTrustState> trustCacheFromJson(
    Map<String, dynamic> json,
  ) {
    return (json['trust']! as Map<String, dynamic>)
        .map<RatchetMapKey, BTBVTrustState>(
      (key, value) => MapEntry(
        RatchetMapKey.fromJsonKey(key),
        _trustFromInt(value as int),
      ),
    );
  }
  /// From a serialized version of a BTBV trust manager, extract the enable cache.
  /// NOTE: This is needed as Dart cannot just cast a List<dynamic> to List<int> and so on.
  static Map<RatchetMapKey, bool> enableCacheFromJson(
    Map<String, dynamic> json,
  ) {
    return (json['enable']! as Map<String, dynamic>).map<RatchetMapKey, bool>(
      (key, value) => MapEntry(
        RatchetMapKey.fromJsonKey(key),
        value as bool,
      ),
    );
  }
  @override
  Future<void> removeTrustDecisionsForJid(String jid) async {
-    await _lock.synchronized(() async {
+    // Clear the caches
-      devices.remove(jid);
+    for (final device in devices[jid]!) {
-      await commitState();
+      final key = RatchetMapKey(jid, device);
-    });
+      trustCache.remove(key);
      enablementCache.remove(key);
    }
    devices.remove(jid);
    // Commit the state
    await removeTrust(jid);
  }
-  /// Called when the state of the trust manager has been changed. Allows the user to
+  @override
-  /// commit the trust state to persistent storage.
+  Future<void> loadTrustData(String jid) async {
-  @visibleForOverriding
+    for (final result in await loadData(jid)) {
-  Future<void> commitState();
+      final key = RatchetMapKey(jid, result.device);
      trustCache[key] = result.state;
      enablementCache[key] = result.enabled;
      devices.appendOrCreate(jid, result.device, checkExistence: true);
    }
  }
  @visibleForTesting
  BTBVTrustState getDeviceTrust(String jid, int deviceId) =>
      trustCache[RatchetMapKey(jid, deviceId)]!;
 }
 /// A BTBV TrustManager that does not commit its state to persistent storage. Well suited
 /// for testing.
 class MemoryBTBVTrustManager extends BlindTrustBeforeVerificationTrustManager {
  @override
  Future<void> commitState() async {}
 }
--- a/lib/src/trust/never.dart
+++ b/lib/src/trust/never.dart
@ -22,5 +22,5 @@ class NeverTrustingTrustManager extends TrustManager {
  Future<void> removeTrustDecisionsForJid(String jid) async {}
  @override
-  Future<Map<String, dynamic>> toJson() async => <String, dynamic>{};
+  Future<void> loadTrustData(String jid) async {}
 }
--- a/lib/src/x3dh/x3dh.dart
+++ b/lib/src/x3dh/x3dh.dart
@ -1,15 +1,14 @@
 import 'dart:convert';
 import 'dart:math';
 import 'package:cryptography/cryptography.dart';
 import 'package:moxlib/moxlib.dart';
 import 'package:omemo_dart/src/common/constants.dart';
 import 'package:omemo_dart/src/crypto.dart';
 import 'package:omemo_dart/src/errors.dart';
 import 'package:omemo_dart/src/helpers.dart';
 import 'package:omemo_dart/src/keys.dart';
 import 'package:omemo_dart/src/omemo/bundle.dart';
 /// The overarching assumption is that we use Ed25519 keys for the identity keys
 const omemoX3DHInfoString = 'OMEMO X3DH';
 /// Performed by Alice
 class X3DHAliceResult {
  const X3DHAliceResult(this.ek, this.sk, this.opkId, this.ad);
@ -70,7 +69,8 @@ Future<List<int>> kdf(List<int> km) async {
 /// Alice builds a session with Bob using his bundle [bundle] and Alice's identity key
 /// pair [ik].
-Future<X3DHAliceResult> x3dhFromBundle(
+Future<Result<InvalidKeyExchangeSignatureError, X3DHAliceResult>>
    x3dhFromBundle(
  OmemoBundle bundle,
  OmemoKeyPair ik,
 ) async {
@ -84,7 +84,7 @@ Future<X3DHAliceResult> x3dhFromBundle(
  );
  if (!signatureValue) {
-    throw InvalidSignatureException();
+    return Result(InvalidKeyExchangeSignatureError());
  }
  // Generate EK
@ -106,7 +106,7 @@ Future<X3DHAliceResult> x3dhFromBundle(
    await bundle.ik.getBytes(),
  ]);
-  return X3DHAliceResult(ek, sk, opkId, ad);
+  return Result(X3DHAliceResult(ek, sk, opkId, ad));
 }
 /// Bob builds the X3DH shared secret from the inital message [msg], the SPK [spk], the
--- a/pubspec.yaml
+++ b/pubspec.yaml
@ -1,6 +1,6 @@
 name: omemo_dart
 description: An XMPP library independent OMEMO library
-version: 0.4.3
+version: 0.5.0
 homepage: https://github.com/PapaTutuWawa/omemo_dart
 publish_to: https://git.polynom.me/api/packages/PapaTutuWawa/pub
@ -13,12 +13,15 @@ dependencies:
  hex: ^0.2.0
  logging: ^1.0.2
  meta: ^1.7.0
  moxlib:
    version: ^0.2.0
    hosted: https://git.polynom.me/api/packages/Moxxy/pub
  pinenacl: ^0.5.1
  protobuf: ^2.1.0
  protoc_plugin: ^20.0.1
  synchronized: ^3.0.0+2
 dev_dependencies:
  lints: ^2.0.0
  protobuf: ^2.1.0
  protoc_plugin: ^20.0.1
  test: ^1.21.0
  very_good_analysis: ^3.0.1
--- a/test/double_ratchet_test.dart
+++ b/test/double_ratchet_test.dart
@ -1,39 +1,10 @@
 // ignore_for_file: avoid_print
 import 'dart:convert';
 import 'dart:developer';
 import 'package:cryptography/cryptography.dart';
 import 'package:omemo_dart/omemo_dart.dart';
 import 'package:omemo_dart/protobuf/schema.pb.dart';
 import 'package:omemo_dart/src/double_ratchet/crypto.dart';
 import 'package:test/test.dart';
 void main() {
  test('Test encrypting and decrypting', () async {
    final sessionAd = List<int>.filled(32, 0x0);
    final mk = List<int>.filled(32, 0x1);
    final plaintext = utf8.encode('Hallo');
    final header = OMEMOMessage()
      ..n = 0
      ..pn = 0
      ..dhPub = List<int>.empty();
    final asd = concat([sessionAd, header.writeToBuffer()]);
    final ciphertext = await encrypt(
      mk,
      plaintext,
      asd,
      sessionAd,
    );
    final decrypted = await decrypt(
      mk,
      ciphertext,
      asd,
      sessionAd,
    );
    expect(decrypted, plaintext);
  });
  test('Test the Double Ratchet', () async {
    // Generate keys
    const bobJid = 'bob@other.example.server';
@ -57,7 +28,8 @@ void main() {
    );
    // Alice does X3DH
-    final resultAlice = await x3dhFromBundle(bundleBob, ikAlice);
+    final resultAliceRaw = await x3dhFromBundle(bundleBob, ikAlice);
    final resultAlice = resultAliceRaw.get<X3DHAliceResult>();
    // Alice sends the inital message to Bob
    // ...
@ -74,23 +46,28 @@ void main() {
      ikBob,
    );
-    print('X3DH key exchange done');
+    log('X3DH key exchange done');
    // Alice and Bob now share sk as a common secret and ad
    // Build a session
    final alicesRatchet = await OmemoDoubleRatchet.initiateNewSession(
      spkBob.pk,
      bundleBob.spkId,
      ikBob.pk,
      ikAlice.pk,
      resultAlice.ek.pk,
      resultAlice.sk,
      resultAlice.ad,
-      0,
+      resultAlice.opkId,
    );
    final bobsRatchet = await OmemoDoubleRatchet.acceptNewSession(
      spkBob,
      bundleBob.spkId,
      ikAlice.pk,
      2,
      resultAlice.ek.pk,
      resultBob.sk,
      resultBob.ad,
      0,
    );
    expect(alicesRatchet.sessionAd, bobsRatchet.sessionAd);
@ -98,40 +75,42 @@ void main() {
    for (var i = 0; i < 100; i++) {
      final messageText = 'Hello, dear $i';
      log('${i + 1}/100');
      if (i.isEven) {
        // Alice encrypts a message
        final aliceRatchetResult =
            await alicesRatchet.ratchetEncrypt(utf8.encode(messageText));
-        print('Alice sent the message');
+        log('Alice sent the message');
        // Alice sends it to Bob
        // ...
        // Bob tries to decrypt it
        final bobRatchetResult = await bobsRatchet.ratchetDecrypt(
-          aliceRatchetResult.header,
+          aliceRatchetResult,
          aliceRatchetResult.ciphertext,
        );
-        print('Bob decrypted the message');
+        log('Bob decrypted the message');
-        expect(utf8.encode(messageText), bobRatchetResult);
+        expect(bobRatchetResult.isType<List<int>>(), true);
        expect(bobRatchetResult.get<List<int>>(), utf8.encode(messageText));
      } else {
        // Bob sends a message to Alice
        final bobRatchetResult =
            await bobsRatchet.ratchetEncrypt(utf8.encode(messageText));
-        print('Bob sent the message');
+        log('Bob sent the message');
        // Bobs sends it to Alice
        // ...
        // Alice tries to decrypt it
        final aliceRatchetResult = await alicesRatchet.ratchetDecrypt(
-          bobRatchetResult.header,
+          bobRatchetResult,
          bobRatchetResult.ciphertext,
        );
-        print('Alice decrypted the message');
+        log('Alice decrypted the message');
-        expect(utf8.encode(messageText), aliceRatchetResult);
+        expect(aliceRatchetResult.isType<List<int>>(), true);
        expect(aliceRatchetResult.get<List<int>>(), utf8.encode(messageText));
        expect(utf8.encode(messageText), aliceRatchetResult.get<List<int>>());
      }
    }
  });
--- a/test/omemo_test.dart
+++ b/test/omemo_test.dart
--- a/test/omemomanager_test.dart
+++ b/test/omemomanager_test.dart
--- a/test/protobuf_test.dart
+++ b/test/protobuf_test.dart
@ -1,186 +0,0 @@
 import 'package:omemo_dart/protobuf/schema.pb.dart';
 import 'package:omemo_dart/src/protobuf/omemo_authenticated_message.dart';
 import 'package:omemo_dart/src/protobuf/omemo_key_exchange.dart';
 import 'package:omemo_dart/src/protobuf/omemo_message.dart';
 import 'package:omemo_dart/src/protobuf/protobuf.dart';
 import 'package:test/test.dart';
 void main() {
  group('Base 128 Varints', () {
    test('Test simple parsing of Varints', () {
      expect(
        decodeVarint(<int>[1], 0).n,
        1,
      );
      expect(
        decodeVarint(<int>[1], 0).length,
        1,
      );
      expect(
        decodeVarint(<int>[0x96, 0x01, 0x00], 0).n,
        150,
      );
      expect(
        decodeVarint(<int>[0x96, 0x01, 0x00], 0).length,
        2,
      );
      expect(
        decodeVarint(<int>[172, 2, 0x8], 0).n,
        300,
      );
      expect(
        decodeVarint(<int>[172, 2, 0x8], 0).length,
        2,
      );
    });
    test('Test encoding Varints', () {
      expect(
        encodeVarint(1),
        <int>[1],
      );
      expect(
        encodeVarint(150),
        <int>[0x96, 0x01],
      );
      expect(
        encodeVarint(300),
        <int>[172, 2],
      );
    });
    test('Test some special cases', () {
      expect(decodeVarint(encodeVarint(1042464893), 0).n, 1042464893);
    });
  });
  group('OMEMOMessage', () {
    test('Decode a OMEMOMessage', () {
      final pbMessage = OMEMOMessage()
        ..n = 1
        ..pn = 5
        ..dhPub = <int>[1, 2, 3]
        ..ciphertext = <int>[4, 5, 6];
      final serial = pbMessage.writeToBuffer();
      final msg = OmemoMessage.fromBuffer(serial);
      expect(msg.n, 1);
      expect(msg.pn, 5);
      expect(msg.dhPub, <int>[1, 2, 3]);
      expect(msg.ciphertext, <int>[4, 5, 6]);
    });
    test('Decode a OMEMOMessage without ciphertext', () {
      final pbMessage = OMEMOMessage()
        ..n = 1
        ..pn = 5
        ..dhPub = <int>[1, 2, 3];
      final serial = pbMessage.writeToBuffer();
      final msg = OmemoMessage.fromBuffer(serial);
      expect(msg.n, 1);
      expect(msg.pn, 5);
      expect(msg.dhPub, <int>[1, 2, 3]);
      expect(msg.ciphertext, null);
    });
    test('Encode a OMEMOMessage', () {
      final m = OmemoMessage()
        ..n = 1
        ..pn = 5
        ..dhPub = <int>[1, 2, 3]
        ..ciphertext = <int>[4, 5, 6];
      final serial = m.writeToBuffer();
      final msg = OMEMOMessage.fromBuffer(serial);
      expect(msg.n, 1);
      expect(msg.pn, 5);
      expect(msg.dhPub, <int>[1, 2, 3]);
      expect(msg.ciphertext, <int>[4, 5, 6]);
    });
    test('Encode a OMEMOMessage without ciphertext', () {
      final m = OmemoMessage()
        ..n = 1
        ..pn = 5
        ..dhPub = <int>[1, 2, 3];
      final serial = m.writeToBuffer();
      final msg = OMEMOMessage.fromBuffer(serial);
      expect(msg.n, 1);
      expect(msg.pn, 5);
      expect(msg.dhPub, <int>[1, 2, 3]);
      expect(msg.ciphertext, <int>[]);
    });
  });
  group('OMEMOAuthenticatedMessage', () {
    test('Test encoding a message', () {
      final msg = OmemoAuthenticatedMessage()
        ..mac = <int>[1, 2, 3]
        ..message = <int>[4, 5, 6];
      final decoded = OMEMOAuthenticatedMessage.fromBuffer(msg.writeToBuffer());
      expect(decoded.mac, <int>[1, 2, 3]);
      expect(decoded.message, <int>[4, 5, 6]);
    });
    test('Test decoding a message', () {
      final msg = OMEMOAuthenticatedMessage()
        ..mac = <int>[1, 2, 3]
        ..message = <int>[4, 5, 6];
      final bytes = msg.writeToBuffer();
      final decoded = OmemoAuthenticatedMessage.fromBuffer(bytes);
      expect(decoded.mac, <int>[1, 2, 3]);
      expect(decoded.message, <int>[4, 5, 6]);
    });
  });
  group('OMEMOKeyExchange', () {
    test('Test encoding a message', () {
      final authMessage = OmemoAuthenticatedMessage()
        ..mac = <int>[5, 6, 8, 0]
        ..message = <int>[4, 5, 7, 3, 2];
      final message = OmemoKeyExchange()
        ..pkId = 698
        ..spkId = 245
        ..ik = <int>[1, 4, 6]
        ..ek = <int>[4, 6, 7, 80]
        ..message = authMessage;
      final kex = OMEMOKeyExchange.fromBuffer(message.writeToBuffer());
      expect(kex.pkId, 698);
      expect(kex.spkId, 245);
      expect(kex.ik, <int>[1, 4, 6]);
      expect(kex.ek, <int>[4, 6, 7, 80]);
      expect(kex.message.mac, <int>[5, 6, 8, 0]);
      expect(kex.message.message, <int>[4, 5, 7, 3, 2]);
    });
    test('Test decoding a message', () {
      final message = OMEMOAuthenticatedMessage()
        ..mac = <int>[5, 6, 8, 0]
        ..message = <int>[4, 5, 7, 3, 2];
      final kex = OMEMOKeyExchange()
        ..pkId = 698
        ..spkId = 245
        ..ik = <int>[1, 4, 6]
        ..ek = <int>[4, 6, 7, 80]
        ..message = message;
      final decoded = OmemoKeyExchange.fromBuffer(kex.writeToBuffer());
      expect(decoded.pkId, 698);
      expect(decoded.spkId, 245);
      expect(decoded.ik, <int>[1, 4, 6]);
      expect(decoded.ek, <int>[4, 6, 7, 80]);
      expect(decoded.message!.mac, <int>[5, 6, 8, 0]);
      expect(decoded.message!.message, <int>[4, 5, 7, 3, 2]);
    });
    test('Test decoding an issue', () {
      /*
      final data = 'CAAQfRogc2GwslU219dUkrMHNM4KdZRmuFnBTae+bQaJ+55IsAMiII7aZKj2sUpb6xR/3Ari7WZUmKFV0G6czUc4NMvjKDBaKnwKEM2ZpI8X3TgcxhxwENANnlsSaAgAEAAaICy8T9WPgLb7RdYd8/4JkrLF0RahEkC3ZaEfk5jw3dsLIkBMILzLyByweLgF4lCn0oNea+kbdrFr6rY7r/7WyI8hXEQz38QpnN+jyGGwC7Ga0dq70WuyqE7VpiFArQwqZh2G';
      final kex = OmemoKeyExchange.fromBuffer(base64Decode(data));
      expect(kex.spkId!, 1042464893);
      */
    });
  });
 }
--- a/test/queue_test.dart
+++ b/test/queue_test.dart
@ -0,0 +1,62 @@
 import 'dart:async';
 import 'package:omemo_dart/src/omemo/queue.dart';
 import 'package:test/test.dart';
 Future<void> testMethod(
  RatchetAccessQueue queue,
  List<String> data,
  int duration,
 ) async {
  await queue.enterCriticalSection(data);
  await Future<void>.delayed(Duration(seconds: duration));
  await queue.leaveCriticalSection(data);
 }
 void main() {
  test('Test blocking due to conflicts', () async {
    final queue = RatchetAccessQueue();
    unawaited(testMethod(queue, ['a', 'b', 'c'], 5));
    unawaited(testMethod(queue, ['a'], 4));
    await Future<void>.delayed(const Duration(seconds: 1));
    expect(
      queue.runningOperations.containsAll(['a', 'b', 'c']),
      isTrue,
    );
    expect(queue.runningOperations.length, 3);
    await Future<void>.delayed(const Duration(seconds: 4));
    expect(
      queue.runningOperations.containsAll(['a']),
      isTrue,
    );
    expect(queue.runningOperations.length, 1);
    await Future<void>.delayed(const Duration(seconds: 4));
    expect(queue.runningOperations.length, 0);
  });
  test('Test not blocking due to no conflicts', () async {
    final queue = RatchetAccessQueue();
    unawaited(testMethod(queue, ['a', 'b'], 5));
    unawaited(testMethod(queue, ['c'], 5));
    unawaited(testMethod(queue, ['d'], 5));
    await Future<void>.delayed(const Duration(seconds: 1));
    expect(queue.runningOperations.length, 4);
    expect(
      queue.runningOperations.containsAll([
        'a',
        'b',
        'c',
        'd',
      ]),
      isTrue,
    );
  });
 }
--- a/test/serialisation_test.dart
+++ b/test/serialisation_test.dart
@ -1,155 +0,0 @@
 import 'dart:convert';
 import 'package:omemo_dart/omemo_dart.dart';
 import 'package:omemo_dart/src/trust/always.dart';
 import 'package:test/test.dart';
 Map<String, dynamic> jsonify(Map<String, dynamic> map) {
  return jsonDecode(jsonEncode(map)) as Map<String, dynamic>;
 }
 void main() {
  test('Test serialising and deserialising the Device', () async {
    // Generate a random session
    final oldSession = await OmemoSessionManager.generateNewIdentity(
      'user@test.server',
      AlwaysTrustingTrustManager(),
      opkAmount: 1,
    );
    final oldDevice = await oldSession.getDevice();
    final serialised = jsonify(await oldDevice.toJson());
    final newDevice = OmemoDevice.fromJson(serialised);
    expect(await oldDevice.equals(newDevice), true);
  });
  test('Test serialising and deserialising the Device after rotating the SPK',
      () async {
    // Generate a random session
    final oldSession = await OmemoSessionManager.generateNewIdentity(
      'user@test.server',
      AlwaysTrustingTrustManager(),
      opkAmount: 1,
    );
    final oldDevice =
        await (await oldSession.getDevice()).replaceSignedPrekey();
    final serialised = jsonify(await oldDevice.toJson());
    final newDevice = OmemoDevice.fromJson(serialised);
    expect(await oldDevice.equals(newDevice), true);
  });
  test('Test serialising and deserialising the OmemoDoubleRatchet', () async {
    // Generate a random ratchet
    const aliceJid = 'alice@server.example';
    const bobJid = 'bob@other.server.example';
    final aliceSession = await OmemoSessionManager.generateNewIdentity(
      aliceJid,
      AlwaysTrustingTrustManager(),
      opkAmount: 1,
    );
    final bobSession = await OmemoSessionManager.generateNewIdentity(
      bobJid,
      AlwaysTrustingTrustManager(),
      opkAmount: 1,
    );
    final aliceMessage = await aliceSession.encryptToJid(
      bobJid,
      'Hello Bob!',
      newSessions: [
        await bobSession.getDeviceBundle(),
      ],
    );
    await bobSession.decryptMessage(
      aliceMessage.ciphertext,
      aliceJid,
      await aliceSession.getDeviceId(),
      aliceMessage.encryptedKeys,
      getTimestamp(),
    );
    final aliceOld =
        aliceSession.getRatchet(bobJid, await bobSession.getDeviceId());
    final aliceSerialised = jsonify(await aliceOld.toJson());
    final aliceNew = OmemoDoubleRatchet.fromJson(aliceSerialised);
    expect(await aliceOld.equals(aliceNew), true);
  });
  test('Test serialising and deserialising the OmemoSessionManager', () async {
    // Generate a random session
    final oldSession = await OmemoSessionManager.generateNewIdentity(
      'a@server',
      AlwaysTrustingTrustManager(),
      opkAmount: 4,
    );
    final bobSession = await OmemoSessionManager.generateNewIdentity(
      'b@other.server',
      AlwaysTrustingTrustManager(),
      opkAmount: 4,
    );
    await oldSession.addSessionFromBundle(
      'bob@localhost',
      await bobSession.getDeviceId(),
      await bobSession.getDeviceBundle(),
    );
    // Serialise and deserialise
    final serialised = jsonify(await oldSession.toJsonWithoutSessions());
    final newSession = OmemoSessionManager.fromJsonWithoutSessions(
      serialised,
      // NOTE: At this point, we don't care about this attribute
      {},
      AlwaysTrustingTrustManager(),
    );
    final oldDevice = await oldSession.getDevice();
    final newDevice = await newSession.getDevice();
    expect(await oldDevice.equals(newDevice), true);
    expect(await oldSession.getDeviceMap(), await newSession.getDeviceMap());
  });
  test('Test serializing and deserializing RatchetMapKey', () {
    const test1 = RatchetMapKey('user@example.org', 1234);
    final result1 = RatchetMapKey.fromJsonKey(test1.toJsonKey());
    expect(result1.jid, test1.jid);
    expect(result1.deviceId, test1.deviceId);
    const test2 = RatchetMapKey('user@example.org/hallo:welt', 3333);
    final result2 = RatchetMapKey.fromJsonKey(test2.toJsonKey());
    expect(result2.jid, test2.jid);
    expect(result2.deviceId, test2.deviceId);
  });
  test('Test serializing and deserializing the components of the BTBV manager',
      () async {
    // Caroline's BTBV manager
    final btbv = MemoryBTBVTrustManager();
    // Example data
    const aliceJid = 'alice@some.server';
    const bobJid = 'bob@other.server';
    await btbv.onNewSession(aliceJid, 1);
    await btbv.setDeviceTrust(aliceJid, 1, BTBVTrustState.verified);
    await btbv.onNewSession(aliceJid, 2);
    await btbv.onNewSession(bobJid, 3);
    await btbv.onNewSession(bobJid, 4);
    final serialized = jsonify(await btbv.toJson());
    final deviceList =
        BlindTrustBeforeVerificationTrustManager.deviceListFromJson(
      serialized,
    );
    expect(btbv.devices, deviceList);
    final trustCache =
        BlindTrustBeforeVerificationTrustManager.trustCacheFromJson(
      serialized,
    );
    expect(btbv.trustCache, trustCache);
    final enableCache =
        BlindTrustBeforeVerificationTrustManager.enableCacheFromJson(
      serialized,
    );
    expect(btbv.enablementCache, enableCache);
  });
 }
--- a/test/trust_test.dart
+++ b/test/trust_test.dart
@ -4,7 +4,7 @@ import 'package:test/test.dart';
 void main() {
  test('Test the Blind Trust Before Verification TrustManager', () async {
    // Caroline's BTBV manager
-    final btbv = MemoryBTBVTrustManager();
+    final btbv = BlindTrustBeforeVerificationTrustManager();
    // Example data
    const aliceJid = 'alice@some.server';
    const bobJid = 'bob@other.server';
--- a/test/x3dh_test.dart
+++ b/test/x3dh_test.dart
@ -26,7 +26,8 @@ void main() {
    );
    // Alice does X3DH
-    final resultAlice = await x3dhFromBundle(bundleBob, ikAlice);
+    final resultAliceRaw = await x3dhFromBundle(bundleBob, ikAlice);
    final resultAlice = resultAliceRaw.get<X3DHAliceResult>();
    // Alice sends the inital message to Bob
    // ...
@ -68,18 +69,7 @@ void main() {
    );
    // Alice does X3DH
-    var exception = false;
+    final result = await x3dhFromBundle(bundleBob, ikAlice);
-    try {
+    expect(result.isType<InvalidKeyExchangeSignatureError>(), isTrue);
      await x3dhFromBundle(bundleBob, ikAlice);
    } catch (e) {
      exception = true;
      expect(
        e is InvalidSignatureException,
        true,
        reason: 'Expected InvalidSignatureException, but got $e',
      );
    }
    expect(exception, true, reason: 'Expected test failure');
  });
 }
Author	SHA1	Message	Date
Alexander "PapaTutuWawa	3c20d8ac56	release: Release 0.5.0	2023-06-18 21:27:40 +02:00
PapaTutuWawa	96ca643d26	Merge pull request #32 from PapaTutuWawa/rework Rework omemo_dart to finally enable (hopefully) stable E2EE in Moxxy.	2023-06-18 21:25:36 +02:00
Alexander "PapaTutuWawa	f54a90d5bb	docs: Add a reference to moxxmpp's OMEMO example	2023-06-18 21:24:50 +02:00
Alexander "PapaTutuWawa	9214e964df	test: Test receiving an empty OMEMO message	2023-06-18 20:51:49 +02:00
Alexander "PapaTutuWawa	8b91c07fb8	feat: Changes based on integration issues	2023-06-18 20:44:05 +02:00
Alexander "PapaTutuWawa	499817313d	docs: Add missing note about OmemoDevice	2023-06-18 12:44:09 +02:00
Alexander "PapaTutuWawa	b4241db9b6	fix: Remove unused imports	2023-06-17 23:31:16 +02:00
Alexander "PapaTutuWawa	7f60140583	fix: Expose EncryptToJidError	2023-06-17 23:30:52 +02:00
Alexander "PapaTutuWawa	ddb4483d4a	feat: Remove unused helper functions	2023-06-17 23:27:10 +02:00
Alexander "PapaTutuWawa	c086579b57	feat: Minor changes	2023-06-17 23:23:41 +02:00
Alexander "PapaTutuWawa	b986096aa0	feat: Take care of publishing	2023-06-17 23:14:00 +02:00
Alexander "PapaTutuWawa	bb5ef414f2	feat: Removing ratchets also removed trust	2023-06-17 21:24:51 +02:00
Alexander "PapaTutuWawa	207215cc5f	feat: Move the result type into moxlib	2023-06-17 21:22:16 +02:00
Alexander "PapaTutuWawa	3829c6c11b	feat: Move all constants into their own file	2023-06-17 21:05:26 +02:00
Alexander "PapaTutuWawa	4baf8187e1	feat: Remove the KEX timestamp from the double ratchet data	2023-06-17 21:02:03 +02:00
Alexander "PapaTutuWawa	fe2b090ea0	feat: Replace isSuccessful with canSend	2023-06-17 20:58:33 +02:00
Alexander "PapaTutuWawa	65c0975a77	feat: Each OPK now gets it's own unique id	2023-06-17 20:50:01 +02:00
Alexander "PapaTutuWawa	234fee167f	fix: Fix some issues found by integrating	2023-06-17 20:32:06 +02:00
Alexander "PapaTutuWawa	ed0701bdcd	feat: Remove locking from the BTBV trust manager	2023-06-17 17:47:07 +02:00
Alexander "PapaTutuWawa	dad85b8467	feat: Implement deferred loading of ratchet data	2023-06-17 16:15:09 +02:00
Alexander "PapaTutuWawa	4fb25a3ab7	feat: Stop overriding the BTBV manager	2023-06-17 15:21:11 +02:00
Alexander "PapaTutuWawa	28e7ad59b0	feat: Remove events from the OmemoManager	2023-06-16 20:44:37 +02:00
Alexander "PapaTutuWawa	e6c792a8ac	feat: DeviceListModifiedEvent now contains a delta	2023-06-16 20:13:30 +02:00
Alexander "PapaTutuWawa	0b2d6f0a97	docs: Update example	2023-06-16 00:18:14 +02:00
Alexander "PapaTutuWawa	4ed2d3dec3	docs: Improve docstrings	2023-06-15 22:46:37 +02:00
Alexander "PapaTutuWawa	3d953f0acb	test: Test receiving a non-KEX message from an unknown device	2023-06-15 21:47:04 +02:00
Alexander "PapaTutuWawa	b0bba4fe82	fix: Fix style issues	2023-06-15 21:20:24 +02:00
Alexander "PapaTutuWawa	da11e60f79	feat: Re-introduce locking the ratchet map/device list This makes the locking much more intelligent, allowing us to encrypt to/decrypt from groups while still being able to bypass the lock for unaffiliated JIDs.	2023-06-15 21:02:53 +02:00
Alexander "PapaTutuWawa	6e734ec0c3	feat: Remove serialization code	2023-06-15 18:11:35 +02:00
Alexander "PapaTutuWawa	6c301ab88f	feat: Guard against malformed ciphertext	2023-06-15 16:42:17 +02:00
Alexander "PapaTutuWawa	f1ec8d1793	feat: Implement getting fingerprints	2023-06-15 16:18:45 +02:00
Alexander "PapaTutuWawa	af33ed51d1	feat: Guard against invalid X3DH signatures	2023-06-15 16:07:23 +02:00
Alexander "PapaTutuWawa	c7ded4c824	fix: Pass all tests	2023-06-15 15:54:32 +02:00
Alexander "PapaTutuWawa	87a985fee0	fix: Fix ratchets going out of sync	2023-06-15 01:26:49 +02:00
Alexander "PapaTutuWawa	c483585d0b	fix: Get basic tests working	2023-06-14 21:59:59 +02:00
Alexander "PapaTutuWawa	f6f0e145cc	feat: Rework the double ratchet	2023-06-14 19:55:47 +02:00
Alexander "PapaTutuWawa	d2558ea9fa	test: Test something with protobuf	2023-06-14 14:03:11 +02:00
Alexander "PapaTutuWawa	50f6513c6f	feat: Remove custom protobuf parsing	2023-06-12 23:39:08 +02:00
		`@ -1,2 +0,0 @@`
			`/// The info used for when encrypting the AES key for the actual payload.`
			`const omemoPayloadInfoString = 'OMEMO Payload';`