release: Bump version to 0.3.2

This was mostly caused by Dart not copying values but referencing
them. AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.

We know make some assumptions about received key exchanges, so this
needs some field testing.

.gitlint

@@ -5,6 +5,6 @@ line-length=72
 [title-trailing-punctuation]
 [title-hard-tab]
 [title-match-regex]
-regex=^(feat|fix|test|release|chore|security|docs|refactor):.*$
+regex=^(feat|fix|test|release|chore|security|docs|refactor|style):.*$
 [body-trailing-whitespace]
 [body-first-line-empty]

.pubignore

@@ -0,0 +1 @@
+lib/protobuf

.woodpecker.yml

@@ -0,0 +1,11 @@
+pipeline:
+  lint:
+    image: dart:2.18.1
+    commands:
+      - dart pub get
+      - dart analyze --fatal-infos --fatal-warnings
+  test:
+    image: dart:2.18.1
+    commands:
+      - dart pub get
+      - dart test

CHANGELOG.md

@@ -1,3 +1,38 @@
-## 1.0.0
+## 0.1.0
 
-- Initial version.
+- Initial version
+- Implement the Double Ratchet, X3DH and OMEMO specific bits
+- Add a Blind-Trust-Before-Verification TrustManager
+- Supported OMEMO version: 0.8.3
+
+## 0.1.3
+
+- Fix bug with the Double Ratchet causing only the initial message to be decryptable
+- Expose `getDeviceMap` as a developer usable function
+
+## 0.2.0
+
+- Add convenience functions `getDeviceId` and `getDeviceBundle`
+- Creating a new ratchet with an id for which we already have a ratchet will now overwrite the old ratchet
+- Ratchet now carry an "acknowledged" attribute
+
+## 0.2.1
+
+- Add `isRatchetAcknowledged`
+- Ratchets that are created due to accepting a kex are now unacknowledged
+
+## 0.3.0
+
+- Implement enabling and disabling ratchets via the TrustManager interface
+- Fix deserialization of the various objects
+- Remove the BTBV TrustManager's loadState method. Just use the constructor
+- Allow removing all ratchets for a given Jid
+- If an error occurs while decrypting the message, the ratchet will now be reset to its prior state
+- Fix a bug within the Varint encoding function. This should fix some occasional UnknownSignedPrekeyExceptions
+- Remove OmemoSessionManager's toJson and fromJson. Use toJsonWithoutSessions and fromJsonWithoutSessions. Restoring sessions is not out-of-scope for that function
+
+## 0.3.1
+
+- Fix a bug that caused the device's id to change when replacing a OPK
+- Every decryption failure now causes the ratchet to be restored to a pre-decryption state
+- Add method to get the device's fingerprint

README.md

@@ -18,11 +18,32 @@ the stanza format of your preferred XMPP library yourself.
 - **Please note that this library has not been audited for its security! Use at your own risk!**
 - This library is not tested with other implementations of OMEMO 0.8.3 as I do not know of any client implementing spec compliant OMEMO 0.8.3. It does, however, work with itself.
 
+## Usage
+
+Include `omemo_dart` in your `pubspec.yaml` like this:
+
+```yaml
+# [...]
+
+dependencies:
+  omemo_dart:
+    hosted: https://git.polynom.me/api/packages/PapaTutuWawa/pub
+    version: ^0.3.1
+  # [...]
+
+# [...]
+```
+
 ## Contributing
 
 Due to issues with `protobuf`, `omemo_dart` reimplements the Protobuf encoding for the required
 OMEMO messages. As such, `protobuf` is only a dependency for testing that the serialisation and
-deserialisation of the custom implementation.
+deserialisation of the custom implementation. In order to run tests, you need the Protbuf
+compiler. After that, making sure that
+the [Dart Protobuf compiler addon](https://pub.dev/packages/protoc_plugin) and the
+Protobuf compiler itself is in your PATH,
+run `protoc -I=./protobuf/ --dart_out=lib/protobuf/ ./protobuf/schema.proto` in the
+repository's root to generate the real Protobuf bindings.
 
 When submitting a PR, please run the linter using `dart analyze` and make sure that all
 tests still pass using `dart test`.

example/omemo_dart_example.dart

@@ -1,5 +1,157 @@
-//import 'package:omemo_dart/omemo_dart.dart';
+import 'dart:convert';
+import 'package:omemo_dart/omemo_dart.dart';
 
-void main() {
-  // TODO(PapaTutuWawa): Currently NOOP
+/// This example aims to demonstrate how omemo_dart is used. Since omemo_dart is not
+/// dependent on any XMPP library, you need to convert stanzas to the appropriate
+/// intermediary format and back.
+void main() async {
+  const aliceJid = 'alice@some.server';
+  const bobJid = 'bob@other.serve';
+
+  // You are Alice and want to begin using OMEMO, so you first create a SessionManager
+  final aliceSession = await OmemoSessionManager.generateNewIdentity(
+    // The bare Jid of Alice as a String
+    aliceJid,
+    // The trust manager we want to use. In this case, we use the provided one that
+    // implements "Blind Trust Before Verification". To make things simpler, we keep
+    // no persistent data and can thus use the MemoryBTBVTrustManager. If we wanted to keep
+    // the state, we would have to override BlindTrustBeforeVerificationTrustManager.
+    MemoryBTBVTrustManager(),
+    // Here we specify how many Onetime Prekeys we want to have. XEP-0384 recommends around
+    // 100 OPKs, so let's generate 100. The parameter defaults to 100.
+    //opkAmount: 100,
+  );
+
+  // Alice now wants to chat with Bob at his bare Jid "bob@other.server". To make things
+  // simple, we just generate the identity bundle ourselves. In the real world, we would
+  // request it using PEP and then convert the device bundle into a OmemoBundle object.
+  final bobSession = await OmemoSessionManager.generateNewIdentity(
+    bobJid,
+    MemoryBTBVTrustManager(),
+    // Just for illustrative purposes
+    opkAmount: 1,
+  );
+
+  // Alice prepares to send the message to Bob, so she builds the message stanza and
+  // collects all the children of the stanza that should be encrypted into a string.
+  const aliceMessageStanzaBody = '''
+  <body>Hello Bob, it's me, Alice!</body>
+  <super-secret-element xmlns='super-secret-element' />
+  ''';
+
+  // Since OMEMO 0.8.3 mandates usage of XEP-0420: Stanza Content Encryption, we have to
+  // wrap our acual payload - aliceMessageStanzaBody - into an SCE envelope. Note that
+  // the rpad element must contain a random string. See XEP-0420 for recommendations.
+  // OMEMO makes the <time /> element optional, but let's use for this example.
+  const envelope = '''
+<envelope xmlns='urn:xmpp:sce:1'>
+  <content>
+    $aliceMessageStanzaBody
+  </content>
+  <rpad>s0m3-r4nd0m-b9t3s</rpad>
+  <from jid='$aliceJid' />
+  <time stamp='1969-07-20T21:56:15-05:00' />
+</envelope>
+''';
+ 
+  // Since Alice has no open session with Bob, we need to tell the session manager to build
+  // it when sending the message.
+  final message = await aliceSession.encryptToJid(
+    // The bare receiver Jid
+    bobJid,
+    // The envelope we want to encrypt
+    envelope,
+    // Since this is the first time Alice contacts Bob from this device, we need to create
+    // a new session. Let's also assume that Bob only has one device. We may, however,
+    // add more bundles to newSessions, if we know of more.
+    newSessions: [
+      await bobSession.getDeviceBundle(),
+    ],
+  );
+
+  // Alice now builds the actual message stanza for Bob
+  final payload = base64.encode(message.ciphertext!);
+  final aliceDevice = await aliceSession.getDevice();
+  // ignore: unused_local_variable
+  final bobDevice = await bobSession.getDevice();
+  // Since we know we have just one key for Bob, we take a shortcut. However, in the real
+  // world, we have to serialise every EncryptedKey to a <key /> element and group them
+  // per Jid.
+  final key = message.encryptedKeys[0];
+
+  // Note that the key's "kex" attribute refers to key.kex. It just means that the
+  // encrypted key also contains the required data for Bob to build a session with Alice.
+  // ignore: unused_local_variable
+  final aliceStanza = '''
+<message from='$aliceJid/device1' to='$bobJid/device2'>
+  <encrypted xmlns='urn:xmpp:omemo:2'>
+    <header sid='${aliceDevice.id}'>
+      <keys jid='$bobJid'>
+        <key rid='${key.rid} kex='true'>
+          ${key.value}
+        </key>
+      </keys>
+    </header>
+    <payload>
+      $payload
+    </payload>
+  </encrypted>
+</message>
+''';
+
+  // Alice can now send this message to Bob using our preferred XMPP library.
+  // ...
+
+  // Bob now receives an OMEMO encrypted message from Alice and wants to decrypt it.
+  // Since we have just one key, let's just deserialise the one key by hand.
+  final keys = [
+    EncryptedKey(bobJid, key.rid, key.value, true),
+  ];
+
+  // Bob extracts the payload and attempts to decrypt it.
+  // ignore: unused_local_variable
+  final bobMessage = await bobSession.decryptMessage(
+    // base64 decode the payload
+    base64.decode(payload),
+    // Specify the Jid of the sender
+    aliceJid,
+    // Specify the device identifier of the sender (the "sid" attribute of <header />)
+    aliceDevice.id,
+    // The deserialised keys
+    keys,
+    // Since the message was not delayed, we use the current time
+    DateTime.now().millisecondsSinceEpoch,
+  );
+
+  // All Bob has to do now is replace the OMEMO wrapper element 
+  // <encrypted xmlns='urn:xmpp:omemo:2' />) with the content of the <content /> element
+  // of the envelope we just decrypted.
+
+  // Bob now has a session with Alice and can send encrypted message to her.
+  // Since they both used the BlindTrustBeforeVerificationTrustManager, they currently
+  // use blind trust, meaning that both Alice and Bob accept new devices without any
+  // hesitation. If Alice, however, decides to verify one of Bob's devices and sets
+  // it as verified using
+  // ```
+  // await aliceSession.trustManager.setDeviceTrust(bobJid, bobDevice.id, BTBVTrustState.verified)
+  // ```
+  // then Alice's OmemoSessionManager won't encrypt to new devices unless they are also
+  // verified. To prevent user confusion, you should check if every device is trusted
+  // before sending the message and ask the user for a trust decision.
+  // If you want to make the BlindTrustBeforeVerificationTrustManager persistent, then
+  // you need to subclass it and override the `Future<void> commitState()` and
+  // `Future<void> loadState()` functions. commitState is called everytime the internal
+  // state gets changed. loadState never gets automatically called but is more of a
+  // function for the user to restore the trust manager. In those functions you have
+  // access to `ratchetMap`, which maps a `RatchetMapKey` - essentially a tuple consisting
+  // of a bare Jid and the device identifier - to the trust state, and `devices` which
+  // maps a bare Jid to its device identifiers.
+  // To make the entire OmemoSessionManager persistent, you have two options:
+  // - use the provided `toJson()` and `fromJson()` functions. They, however, serialise
+  //   and deserialise *ALL* known sessions, so it might be slow.
+  // - subscribe to the session manager's `eventStream`. There, events get triggered
+  //   everytime a ratchet changes, our own device changes or the internal ratchet map
+  //   gets changed. This give finer control over the the serialisation. The session
+  //   manager can then be restored using its constructor. For a list of events, see
+  //   lib/src/omemo/events.dart.
 }

lib/omemo_dart.dart

@@ -2,14 +2,15 @@ library omemo_dart;
 
 export 'src/double_ratchet/double_ratchet.dart';
 export 'src/errors.dart';
-export 'src/events.dart';
 export 'src/helpers.dart';
 export 'src/keys.dart';
 export 'src/omemo/bundle.dart';
 export 'src/omemo/device.dart';
 export 'src/omemo/encrypted_key.dart';
 export 'src/omemo/encryption_result.dart';
+export 'src/omemo/events.dart';
 export 'src/omemo/fingerprint.dart';
+export 'src/omemo/ratchet_map_key.dart';
 export 'src/omemo/sessionmanager.dart';
 export 'src/trust/base.dart';
 export 'src/trust/btbv.dart';

lib/src/double_ratchet/double_ratchet.dart

@@ -67,8 +67,11 @@ class OmemoDoubleRatchet {
     this.ik,
     this.sessionAd,
     this.mkSkipped, // MKSKIPPED
+    this.acknowledged,
+    this.kexTimestamp,
+    this.kex,
   );
-
+  
   factory OmemoDoubleRatchet.fromJson(Map<String, dynamic> data) {
     /*
     {
@@ -81,8 +84,11 @@ class OmemoDoubleRatchet {
       'ns': 0,
       'nr': 0,
       'pn': 0,
-      'ik_pub': 'base/64/encoded',
+      'ik_pub': null | 'base/64/encoded',
       'session_ad': 'base/64/encoded',
+      'acknowledged': true | false,
+      'kex_timestamp': int,
+      'kex': 'base/64/encoded',
       'mkskipped': [
         {
           'key': 'base/64/encoded',
@@ -92,11 +98,20 @@ class OmemoDoubleRatchet {
       ]
     }
     */
-    final mkSkipped = <SkippedKey, List<int>>{};
-    for (final entry in data['mkskipped']! as List<Map<String, dynamic>>) {
-      final key = SkippedKey.fromJson(entry);
-      mkSkipped[key] = base64.decode(entry['key']! as String);
-    }
+    // NOTE: Dart has some issues with just casting a List<dynamic> to List<Map<...>>, as
+    //       such we need to convert the items by hand.
+    final mkSkipped = Map<SkippedKey, List<int>>.fromEntries(
+      (data['mkskipped']! as List<dynamic>).map<MapEntry<SkippedKey, List<int>>>(
+        (entry) {
+          final map = entry as Map<String, dynamic>;
+          final key = SkippedKey.fromJson(map);
+          return MapEntry(
+            key,
+            base64.decode(map['key']! as String),
+          );
+        },
+      ),
+    );
     
     return OmemoDoubleRatchet(
       OmemoKeyPair.fromBytes(
@@ -117,6 +132,9 @@ class OmemoDoubleRatchet {
       ),
       base64.decode(data['session_ad']! as String),
       mkSkipped,
+      data['acknowledged']! as bool,
+      data['kex_timestamp']! as int,
+      data['kex'] as String?,
     );
   }
   
@@ -148,10 +166,21 @@ class OmemoDoubleRatchet {
 
   final Map<SkippedKey, List<int>> mkSkipped;
 
+  /// The point in time at which we performed the kex exchange to create this ratchet.
+  /// Precision is milliseconds since epoch.
+  int kexTimestamp;
+
+  /// The key exchange that was used for initiating the session.
+  final String? kex;
+  
+  /// Indicates whether we received an empty OMEMO message after building a session with
+  /// the device. 
+  bool acknowledged;
+
   /// Create an OMEMO session using the Signed Pre Key [spk], the shared secret [sk] that
   /// was obtained using a X3DH and the associated data [ad] that was also obtained through
   /// a X3DH. [ik] refers to Bob's (the receiver's) IK public key.
-  static Future<OmemoDoubleRatchet> initiateNewSession(OmemoPublicKey spk, OmemoPublicKey ik, List<int> sk, List<int> ad) async {
+  static Future<OmemoDoubleRatchet> initiateNewSession(OmemoPublicKey spk, OmemoPublicKey ik, List<int> sk, List<int> ad, int timestamp) async {
     final dhs = await OmemoKeyPair.generateNewPair(KeyPairType.x25519);
     final dhr = spk;
     final rk  = await kdfRk(sk, await omemoDH(dhs, dhr, 0));
@@ -169,6 +198,9 @@ class OmemoDoubleRatchet {
       ik,
       ad,
       {},
+      false,
+      timestamp,
+      '',
     );
   }
 
@@ -176,7 +208,7 @@ class OmemoDoubleRatchet {
   /// Pre Key keypair [spk], the shared secret [sk] that was obtained through a X3DH and
   /// the associated data [ad] that was also obtained through a X3DH. [ik] refers to
   /// Alice's (the initiator's) IK public key.
-  static Future<OmemoDoubleRatchet> acceptNewSession(OmemoKeyPair spk, OmemoPublicKey ik, List<int> sk, List<int> ad) async {
+  static Future<OmemoDoubleRatchet> acceptNewSession(OmemoKeyPair spk, OmemoPublicKey ik, List<int> sk, List<int> ad, int kexTimestamp) async {
     return OmemoDoubleRatchet(
       spk,
       null,
@@ -189,6 +221,9 @@ class OmemoDoubleRatchet {
       ik,
       ad,
       {},
+      false,
+      kexTimestamp,
+      null,
     );
   }
 
@@ -214,6 +249,9 @@ class OmemoDoubleRatchet {
       'ik_pub': base64.encode(await ik.getBytes()),
       'session_ad': base64.encode(sessionAd),
       'mkskipped': mkSkippedSerialised,
+      'acknowledged': acknowledged,
+      'kex_timestamp': kexTimestamp,
+      'kex': kex,
     };
   }
   
@@ -249,18 +287,18 @@ class OmemoDoubleRatchet {
   }
 
   Future<void> _dhRatchet(OmemoMessage header) async {
-    pn = header.n!;
+    pn = ns;
     ns = 0;
     nr = 0;
     dhr = OmemoPublicKey.fromBytes(header.dhPub!, KeyPairType.x25519);
 
     final newRk = await kdfRk(rk, await omemoDH(dhs, dhr!, 0));
-    rk = newRk;
-    ckr = newRk;
+    rk = List.from(newRk);
+    ckr = List.from(newRk);
     dhs = await OmemoKeyPair.generateNewPair(KeyPairType.x25519);
     final newNewRk = await kdfRk(rk, await omemoDH(dhs, dhr!, 0));
-    rk = newNewRk;
-    cks = newNewRk;
+    rk = List.from(newNewRk);
+    cks = List.from(newNewRk);
   }
 
   /// Encrypt [plaintext] using the Double Ratchet.
@@ -293,11 +331,15 @@ class OmemoDoubleRatchet {
       return plaintext;
     }
 
-    if (header.dhPub != await dhr?.getBytes()) {
+    final dhPubMatches = listsEqual(
+      header.dhPub!,
+      (await dhr?.getBytes()) ?? <int>[],
+    );
+    if (!dhPubMatches) {
       await _skipMessageKeys(header.pn!);
       await _dhRatchet(header);
     }
-
+    
     await _skipMessageKeys(header.n!);
     final newCkr = await kdfCk(ckr!, kdfCkNextChainKey);
     final mk = await kdfCk(ckr!, kdfCkNextMessageKey);
@@ -307,18 +349,70 @@ class OmemoDoubleRatchet {
     return decrypt(mk, ciphertext, concat([sessionAd, header.writeToBuffer()]), sessionAd);
   }
 
+  OmemoDoubleRatchet clone() {
+    return OmemoDoubleRatchet(
+      dhs,
+      dhr,
+      rk,
+      cks != null ?
+        List<int>.from(cks!) :
+        null,
+      ckr != null ?
+        List<int>.from(ckr!) :
+        null,
+      ns,
+      nr,
+      pn,
+      ik,
+      sessionAd,
+      Map<SkippedKey, List<int>>.from(mkSkipped),
+      acknowledged,
+      kexTimestamp,
+      kex,
+    );
+  }
+
+  OmemoDoubleRatchet cloneWithKex(String kex) {
+    return OmemoDoubleRatchet(
+      dhs,
+      dhr,
+      rk,
+      cks != null ?
+        List<int>.from(cks!) :
+        null,
+      ckr != null ?
+        List<int>.from(ckr!) :
+        null,
+      ns,
+      nr,
+      pn,
+      ik,
+      sessionAd,
+      Map<SkippedKey, List<int>>.from(mkSkipped),
+      acknowledged,
+      kexTimestamp,
+      kex,
+    );
+  }
+  
   @visibleForTesting
   Future<bool> equals(OmemoDoubleRatchet other) async {
-    // ignore: invalid_use_of_visible_for_testing_member
-    final dhrMatch = dhr == null ? other.dhr == null : await dhr!.equals(other.dhr!);
-    final ckrMatch = ckr == null ? other.ckr == null : listsEqual(ckr!, other.ckr!);
-    final cksMatch = cks == null ? other.cks == null : listsEqual(cks!, other.cks!);
+    final dhrMatch = dhr == null ?
+      other.dhr == null :
+      // ignore: invalid_use_of_visible_for_testing_member
+      other.dhr != null && await dhr!.equals(other.dhr!);
+    final ckrMatch = ckr == null ?
+      other.ckr == null :
+      other.ckr != null && listsEqual(ckr!, other.ckr!);
+    final cksMatch = cks == null ?
+      other.cks == null :
+      other.cks != null && listsEqual(cks!, other.cks!);
  
     // ignore: invalid_use_of_visible_for_testing_member
     final dhsMatch = await dhs.equals(other.dhs);
     // ignore: invalid_use_of_visible_for_testing_member
     final ikMatch = await ik.equals(other.ik);
-    
+
     return dhsMatch &&
       ikMatch &&
       dhrMatch &&
@@ -328,6 +422,7 @@ class OmemoDoubleRatchet {
       ns == other.ns &&
       nr == other.nr &&
       pn == other.pn &&
-      listsEqual(sessionAd, other.sessionAd);
+      listsEqual(sessionAd, other.sessionAd) &&
+      kexTimestamp == other.kexTimestamp;
   }
 }

lib/src/errors.dart

@@ -30,3 +30,16 @@ class NoDecryptionKeyException implements Exception {
 class UnknownSignedPrekeyException implements Exception {
   String errMsg() => 'Unknown Signed Prekey used.';
 }
+
+/// Triggered by the Session Manager when the received Key Exchange message does not meet
+/// the requirement that a key exchange, given that the ratchet already exists, must be
+/// sent after its creation.
+class InvalidKeyExchangeException implements Exception {
+  String errMsg() => 'The key exchange was sent before the last kex finished';
+}
+
+/// Triggered by the Session Manager when a message's sequence number is smaller than we
+/// expect it to be.
+class MessageAlreadyDecryptedException implements Exception {
+  String errMsg() => 'The message has already been decrypted';
+}

lib/src/helpers.dart

@@ -73,3 +73,7 @@ OmemoKeyPair? decodeKeyPairIfNotNull(String? pk, String? sk, KeyPairType type) {
     type,
   );
 }
+
+int getTimestamp() {
+  return DateTime.now().millisecondsSinceEpoch;
+}

lib/src/omemo/device.dart

@@ -49,14 +49,23 @@ class Device {
       ]
     }
     */
-    final opks = <int, OmemoKeyPair>{};
-    for (final opk in data['opks']! as List<Map<String, dynamic>>) {
-      opks[opk['id']! as int] = OmemoKeyPair.fromBytes(
-        base64.decode(opk['public']! as String),
-        base64.decode(opk['private']! as String),
-        KeyPairType.x25519,
-      );
-    }
+    // NOTE: Dart has some issues with just casting a List<dynamic> to List<Map<...>>, as
+    //       such we need to convert the items by hand.
+    final opks = Map<int, OmemoKeyPair>.fromEntries(
+      (data['opks']! as List<dynamic>).map<MapEntry<int, OmemoKeyPair>>(
+        (opk) {
+          final map = opk as Map<String, dynamic>;
+          return MapEntry(
+            map['id']! as int,
+            OmemoKeyPair.fromBytes(
+              base64.decode(map['public']! as String),
+              base64.decode(map['private']! as String),
+              KeyPairType.x25519,
+            ),
+          );
+        },
+      ),
+    );
 
     return Device(
       data['jid']! as String,
@@ -131,7 +140,7 @@ class Device {
     
     return Device(
       jid,
-      id,
+      this.id,
       ik,
       spk,
       spkId,
@@ -163,6 +172,23 @@ class Device {
     );
   }
 
+  /// Returns a new device that is equal to this one with the exception that the new
+  /// device's id is a new number between 0 and 2**32 - 1.
+  @internal
+  Device withNewId() {
+    return Device(
+      jid,
+      generateRandom32BitNumber(),
+      ik,
+      spk,
+      spkId,
+      spkSignature,
+      oldSpk,
+      oldSpkId,
+      opks,
+    );
+  }
+  
   /// Converts this device into an OmemoBundle that could be used for publishing.
   Future<OmemoBundle> toBundle() async {
     final encodedOpks = <int, String>{};

lib/src/omemo/events.dart

@@ -12,6 +12,14 @@ class RatchetModifiedEvent extends OmemoEvent {
   final OmemoDoubleRatchet ratchet;
 }
 
+/// Triggered when a ratchet has been removed and should be removed from storage.
+class RatchetRemovedEvent extends OmemoEvent {
+
+  RatchetRemovedEvent(this.jid, this.deviceId);
+  final String jid;
+  final int deviceId;
+}
+
 /// Triggered when the device map has been modified
 class DeviceMapModifiedEvent extends OmemoEvent {
 

lib/src/omemo/ratchet_map_key.dart

@@ -1,13 +1,27 @@
 import 'package:meta/meta.dart';
 
-@internal
 @immutable
 class RatchetMapKey {
 
   const RatchetMapKey(this.jid, this.deviceId);
+
+  factory RatchetMapKey.fromJsonKey(String key) {
+    final parts = key.split(':');
+    final deviceId = int.parse(parts.first);
+
+    return RatchetMapKey(
+      parts.sublist(1).join(':'),
+      deviceId,
+    );
+  }
+
   final String jid;
   final int deviceId;
 
+  String toJsonKey() {
+    return '$deviceId:$jid';
+  }
+  
   @override
   bool operator ==(Object other) {
     return other is RatchetMapKey && jid == other.jid && deviceId == other.deviceId;

lib/src/omemo/sessionmanager.dart

@@ -3,17 +3,18 @@ import 'dart:convert';
 import 'package:collection/collection.dart';
 import 'package:cryptography/cryptography.dart';
 import 'package:hex/hex.dart';
+import 'package:logging/logging.dart';
 import 'package:meta/meta.dart';
 import 'package:omemo_dart/src/crypto.dart';
 import 'package:omemo_dart/src/double_ratchet/double_ratchet.dart';
 import 'package:omemo_dart/src/errors.dart';
-import 'package:omemo_dart/src/events.dart';
 import 'package:omemo_dart/src/helpers.dart';
 import 'package:omemo_dart/src/keys.dart';
 import 'package:omemo_dart/src/omemo/bundle.dart';
 import 'package:omemo_dart/src/omemo/device.dart';
 import 'package:omemo_dart/src/omemo/encrypted_key.dart';
 import 'package:omemo_dart/src/omemo/encryption_result.dart';
+import 'package:omemo_dart/src/omemo/events.dart';
 import 'package:omemo_dart/src/omemo/fingerprint.dart';
 import 'package:omemo_dart/src/omemo/ratchet_map_key.dart';
 import 'package:omemo_dart/src/protobuf/omemo_authenticated_message.dart';
@@ -31,25 +32,33 @@ class OmemoSessionManager {
   OmemoSessionManager(this._device, this._deviceMap, this._ratchetMap, this._trustManager)
     : _lock = Lock(),
       _deviceLock = Lock(),
-      _eventStreamController = StreamController<OmemoEvent>.broadcast();
-
-  /// Deserialise the OmemoSessionManager from JSON data [data].
-  factory OmemoSessionManager.fromJson(Map<String, dynamic> data, TrustManager trustManager) {
-    final ratchetMap = <RatchetMapKey, OmemoDoubleRatchet>{};
-    for (final rawRatchet in data['sessions']! as List<Map<String, dynamic>>) {
-      final key = RatchetMapKey(rawRatchet['jid']! as String, rawRatchet['deviceId']! as int);
-      final ratchet = OmemoDoubleRatchet.fromJson(rawRatchet['ratchet']! as Map<String, dynamic>);
-      ratchetMap[key] = ratchet;
-    }
+      _eventStreamController = StreamController<OmemoEvent>.broadcast(),
+      _log = Logger('OmemoSessionManager');
 
+  /// Deserialise the OmemoSessionManager from JSON data [data] that does not contain
+  /// the ratchet sessions.
+  factory OmemoSessionManager.fromJsonWithoutSessions(
+    Map<String, dynamic> data,
+    Map<RatchetMapKey, OmemoDoubleRatchet> ratchetMap,
+    TrustManager trustManager,
+  ) {
+    // NOTE: Dart has some issues with just casting a List<dynamic> to List<Map<...>>, as
+    //       such we need to convert the items by hand.
     return OmemoSessionManager(
       Device.fromJson(data['device']! as Map<String, dynamic>),
-      data['devices']! as Map<String, List<int>>,
+      (data['devices']! as Map<String, dynamic>).map<String, List<int>>(
+        (key, value) {
+          return MapEntry(
+            key,
+            (value as List<dynamic>).map<int>((i) => i as int).toList(),
+          );
+        }
+      ),
       ratchetMap,
       trustManager,
     );
   }
-      
+  
   /// Generate a new cryptographic identity.
   static Future<OmemoSessionManager> generateNewIdentity(String jid, TrustManager trustManager, { int opkAmount = 100 }) async {
     assert(opkAmount > 0, 'opkAmount must be bigger than 0.');
@@ -57,6 +66,9 @@ class OmemoSessionManager {
 
     return OmemoSessionManager(device, {}, {}, trustManager);
   }
+
+  /// Logging
+  Logger _log;
   
   /// Lock for _ratchetMap and _bundleMap
   final Lock _lock;
@@ -78,17 +90,26 @@ class OmemoSessionManager {
 
   /// The trust manager
   final TrustManager _trustManager;
+  TrustManager get trustManager => _trustManager;
   
   /// A stream that receives events regarding the session
   Stream<OmemoEvent> get eventStream => _eventStreamController.stream;
 
+  /// Returns our own device.
   Future<Device> getDevice() async {
-    Device? dev;
-    await _deviceLock.synchronized(() async {
-      dev = _device;
-    });
+    return _deviceLock.synchronized(() => _device);
+  }
 
-    return dev!;
+  /// Returns the id attribute of our own device. This is just a short-hand for
+  /// ```await (session.getDevice()).id```.
+  Future<int> getDeviceId() async {
+    return _deviceLock.synchronized(() => _device.id);
+  }
+
+  /// Returns the device as an OmemoBundle. This is just a short-hand for
+  /// ```await (await session.getDevice()).toBundle()```.
+  Future<OmemoBundle> getDeviceBundle() async {
+    return _deviceLock.synchronized(() async => _device.toBundle());
   }
   
   /// Add a session [ratchet] with the [deviceId] to the internal tracking state.
@@ -97,21 +118,22 @@ class OmemoSessionManager {
       // Add the bundle Id
       if (!_deviceMap.containsKey(jid)) {
         _deviceMap[jid] = [deviceId];
-      } else {
-        _deviceMap[jid]!.add(deviceId);
-      }
 
-      // Commit the device map
-      _eventStreamController.add(DeviceMapModifiedEvent(_deviceMap));
+        // Commit the device map
+        _eventStreamController.add(DeviceMapModifiedEvent(_deviceMap));
+      } else {
+        // Prevent having the same device multiple times in the list
+        if (!_deviceMap[jid]!.contains(deviceId)) {
+          _deviceMap[jid]!.add(deviceId);
+
+          // Commit the device map
+          _eventStreamController.add(DeviceMapModifiedEvent(_deviceMap));
+        }
+      }
 
       // Add the ratchet session
       final key = RatchetMapKey(jid, deviceId);
-      if (!_ratchetMap.containsKey(key)) {
-        _ratchetMap[key] = ratchet;
-      } else {
-        // TODO(PapaTutuWawa): What do we do now?
-        throw Exception();
-      }
+      _ratchetMap[key] = ratchet;
 
       // Commit the ratchet
       _eventStreamController.add(RatchetModifiedEvent(jid, deviceId, ratchet));
@@ -132,6 +154,7 @@ class OmemoSessionManager {
       bundle.ik,
       kexResult.sk,
       kexResult.ad,
+      getTimestamp(),
     );
 
     await _trustManager.onNewSession(jid, deviceId);
@@ -147,19 +170,21 @@ class OmemoSessionManager {
   /// Build a new session with the user at [jid] with the device [deviceId] using data
   /// from the key exchange [kex]. In case [kex] contains an unknown Signed Prekey
   /// identifier an UnknownSignedPrekeyException will be thrown.
-  Future<void> _addSessionFromKeyExchange(String jid, int deviceId, OmemoKeyExchange kex) async {
+  Future<OmemoDoubleRatchet> _addSessionFromKeyExchange(String jid, int deviceId, OmemoKeyExchange kex) async {
     // Pick the correct SPK
     final device = await getDevice();
-    OmemoKeyPair? spk;
-    if (kex.spkId == device.spkId) {
-      spk = device.spk;
-    } else if (kex.spkId == device.oldSpkId) {
-      spk = device.oldSpk;
-    } else {
+    final spk = await _lock.synchronized(() async {
+      if (kex.spkId == _device.spkId) {
+        return _device.spk;
+      } else if (kex.spkId == _device.oldSpkId) {
+        return _device.oldSpk;
+      }
+
+      return null;
+    });
+    if (spk == null) {
       throw UnknownSignedPrekeyException();
     }
-
-    assert(spk != null, 'The used SPK must be found');
     
     final kexResult = await x3dhFromInitialMessage(
       X3DHMessage(
@@ -167,7 +192,7 @@ class OmemoSessionManager {
         OmemoPublicKey.fromBytes(kex.ek!, KeyPairType.x25519),
         kex.pkId!,
       ),
-      spk!,
+      spk,
       device.opks.values.elementAt(kex.pkId!),
       device.ik,
     );
@@ -176,10 +201,10 @@ class OmemoSessionManager {
       OmemoPublicKey.fromBytes(kex.ik!, KeyPairType.ed25519),
       kexResult.sk,
       kexResult.ad,
+      getTimestamp(),
     );
 
-    await _trustManager.onNewSession(jid, deviceId);
-    await _addSession(jid, deviceId, ratchet);
+    return ratchet;
   }
 
   /// Like [encryptToJids] but only for one Jid [jid].
@@ -216,7 +241,11 @@ class OmemoSessionManager {
     final kex = <int, OmemoKeyExchange>{};
     if (newSessions != null) {
       for (final newSession in newSessions) {
-        kex[newSession.id] = await addSessionFromBundle(newSession.jid, newSession.id, newSession);
+        kex[newSession.id] = await addSessionFromBundle(
+          newSession.jid,
+          newSession.id,
+          newSession,
+        );
       }
     }
     
@@ -224,28 +253,63 @@ class OmemoSessionManager {
       // We assume that the user already checked if the session exists
       for (final jid in jids) {
         for (final deviceId in _deviceMap[jid]!) {
-          // Only encrypt to devices that are trusted
-          if (!(await _trustManager.isTrusted(jid, deviceId))) continue;
+          // Empty OMEMO messages are allowed to bypass trust
+          if (plaintext != null) {
+            // Only encrypt to devices that are trusted
+            if (!(await _trustManager.isTrusted(jid, deviceId))) continue;
+
+            // Onyl encrypt to devices that are enabled
+            if (!(await _trustManager.isEnabled(jid, deviceId))) continue;
+          }
 
           final ratchetKey = RatchetMapKey(jid, deviceId);
-          final ratchet = _ratchetMap[ratchetKey]!;
+          var ratchet = _ratchetMap[ratchetKey]!;
           final ciphertext = (await ratchet.ratchetEncrypt(keyPayload)).ciphertext;
-
-          // Commit the ratchet
-          _eventStreamController.add(RatchetModifiedEvent(jid, deviceId, ratchet));
-          
+ 
           if (kex.isNotEmpty && kex.containsKey(deviceId)) {
+            // The ratchet did not exist
             final k = kex[deviceId]!
               ..message = OmemoAuthenticatedMessage.fromBuffer(ciphertext);
+            final buffer = base64.encode(k.writeToBuffer());
             encryptedKeys.add(
               EncryptedKey(
                 jid,
                 deviceId,
-                base64.encode(k.writeToBuffer()),
+                buffer,
                 true,
               ),
             );
+
+            ratchet = ratchet.cloneWithKex(buffer);
+            _ratchetMap[ratchetKey] = ratchet;
+          } else if (!ratchet.acknowledged) {
+            // The ratchet exists but is not acked
+            if (ratchet.kex != null) {
+              final oldKex = OmemoKeyExchange.fromBuffer(base64.decode(ratchet.kex!))
+              ..message = OmemoAuthenticatedMessage.fromBuffer(ciphertext);
+              
+              encryptedKeys.add(
+                EncryptedKey(
+                  jid,
+                  deviceId,
+                  base64.encode(oldKex.writeToBuffer()),
+                  true,
+                ),
+              );
+            } else {
+              // The ratchet is not acked but we don't have the old key exchange
+              _log.warning('Ratchet for $jid:$deviceId is not acked but the kex attribute is null');
+              encryptedKeys.add(
+                EncryptedKey(
+                  jid,
+                  deviceId,
+                  base64.encode(ciphertext),
+                  false,
+                ),
+              );
+            }
           } else {
+            // The ratchet exists and is acked
             encryptedKeys.add(
               EncryptedKey(
                 jid,
@@ -255,6 +319,9 @@ class OmemoSessionManager {
               ),
             );
           }
+
+          // Commit the ratchet
+          _eventStreamController.add(RatchetModifiedEvent(jid, deviceId, ratchet));
         }
       }
     });
@@ -265,16 +332,57 @@ class OmemoSessionManager {
     );
   }
 
+  /// In case a decryption error occurs, the Double Ratchet spec says to just restore
+  /// the ratchet to its old state. As such, this function restores the ratchet at
+  /// [mapKey] with [oldRatchet].
+  Future<void> _restoreRatchet(RatchetMapKey mapKey, OmemoDoubleRatchet oldRatchet) async {
+    await _lock.synchronized(() {
+      _log.finest('Restoring ratchet ${mapKey.jid}:${mapKey.deviceId} to ${oldRatchet.nr}');
+      _ratchetMap[mapKey] = oldRatchet;
+
+      // Commit the ratchet
+      _eventStreamController.add(
+        RatchetModifiedEvent(
+          mapKey.jid,
+          mapKey.deviceId,
+          oldRatchet,
+        ),
+      );
+    });
+  }
+
+  Future<String?> _decryptAndVerifyHmac(List<int>? ciphertext, List<int> keyAndHmac) async {
+    // Empty OMEMO messages should just have the key decrypted and/or session set up.
+    if (ciphertext == null) {
+      return null;
+    }
+    
+    final key = keyAndHmac.sublist(0, 32);
+    final hmac = keyAndHmac.sublist(32, 48);
+    final derivedKeys = await deriveEncryptionKeys(key, omemoPayloadInfoString);
+    final computedHmac = await truncatedHmac(ciphertext, derivedKeys.authenticationKey);
+    if (!listsEqual(hmac, computedHmac)) {
+      throw InvalidMessageHMACException();
+    }
+    
+    return utf8.decode(
+      await aes256CbcDecrypt(ciphertext, derivedKeys.encryptionKey, derivedKeys.iv),
+    );
+  }
+  
   /// Attempt to decrypt [ciphertext]. [keys] refers to the <key /> elements inside the
   /// <keys /> element with a "jid" attribute matching our own. [senderJid] refers to the
   /// bare Jid of the sender. [senderDeviceId] refers to the "sid" attribute of the
   /// <encrypted /> element.
+  /// [timestamp] refers to the time the message was sent. This might be either what the
+  /// server tells you via "XEP-0203: Delayed Delivery" or the point in time at which
+  /// you received the stanza, if no Delayed Delivery element was found.
   ///
   /// If the received message is an empty OMEMO message, i.e. there is no <payload />
   /// element, then [ciphertext] must be set to null. In this case, this function
   /// will return null as there is no message to be decrypted. This, however, is used
   /// to set up sessions or advance the ratchets.
-  Future<String?> decryptMessage(List<int>? ciphertext, String senderJid, int senderDeviceId, List<EncryptedKey> keys) async {
+  Future<String?> decryptMessage(List<int>? ciphertext, String senderJid, int senderDeviceId, List<EncryptedKey> keys, int timestamp) async {
     // Try to find a session we can decrypt with.
     var device = await getDevice();
     final rawKey = keys.firstWhereOrNull((key) => key.rid == device.id);
@@ -282,20 +390,57 @@ class OmemoSessionManager {
       throw NotEncryptedForDeviceException();
     }
 
+    final ratchetKey = RatchetMapKey(senderJid, senderDeviceId);
     final decodedRawKey = base64.decode(rawKey.value);
+    List<int>? keyAndHmac;
     OmemoAuthenticatedMessage authMessage;
+    OmemoDoubleRatchet? oldRatchet;
+    OmemoMessage? message;
     if (rawKey.kex) {
-      // TODO(PapaTutuWawa): Only do this when we should
+      // If the ratchet already existed, we store it. If it didn't, oldRatchet will stay
+      // null.
+      final oldRatchet = (await _getRatchet(ratchetKey))?.clone();
       final kex = OmemoKeyExchange.fromBuffer(decodedRawKey);
-      await _addSessionFromKeyExchange(
-        senderJid,
-        senderDeviceId,
-        kex,
-      );
-
       authMessage = kex.message!;
+      message = OmemoMessage.fromBuffer(authMessage.message!);
+
+      // Guard against old key exchanges
+      if (oldRatchet != null) {
+        _log.finest('KEX for existent ratchet. ${oldRatchet.pn}');
+        if (oldRatchet.kexTimestamp > timestamp) {
+          throw InvalidKeyExchangeException();
+        }
+        
+        // Try to decrypt it
+        try {
+          final decrypted = await oldRatchet.ratchetDecrypt(message, authMessage.writeToBuffer());
+
+          // Commit the ratchet
+          _eventStreamController.add(
+            RatchetModifiedEvent(
+              senderJid,
+              senderDeviceId,
+              oldRatchet,
+            ),
+          );
+          
+          final plaintext = await _decryptAndVerifyHmac(
+            ciphertext,
+            decrypted,
+          );
+          await _addSession(senderJid, senderDeviceId, oldRatchet);
+          return plaintext;
+        } catch (_) {
+          _log.finest('Failed to use old ratchet with KEX for existing ratchet');
+        }
+      }
+
+      final r = await _addSessionFromKeyExchange(senderJid, senderDeviceId, kex);
+      await _trustManager.onNewSession(senderJid, senderDeviceId);
+      await _addSession(senderJid, senderDeviceId, r);
 
       // Replace the OPK
+      // TODO(PapaTutuWawa): Replace the OPK when we know that the KEX worked
       await _deviceLock.synchronized(() async {
         device = await device.replaceOnetimePrekey(kex.pkId!);
 
@@ -304,6 +449,7 @@ class OmemoSessionManager {
       });
     } else {
       authMessage = OmemoAuthenticatedMessage.fromBuffer(decodedRawKey);
+      message = OmemoMessage.fromBuffer(authMessage.message!);
     }
     
     final devices = _deviceMap[senderJid];
@@ -314,37 +460,30 @@ class OmemoSessionManager {
       throw NoDecryptionKeyException();
     }
 
-    final message = OmemoMessage.fromBuffer(authMessage.message!);
-    final ratchetKey = RatchetMapKey(senderJid, senderDeviceId);
-    List<int>? keyAndHmac;
-    await _lock.synchronized(() async {
-      final ratchet = _ratchetMap[ratchetKey]!;
+    // We can guarantee that the ratchet exists at this point in time
+    final ratchet = (await _getRatchet(ratchetKey))!;
+    oldRatchet ??= ratchet.clone();
+
+    try {
       if (rawKey.kex) {
         keyAndHmac = await ratchet.ratchetDecrypt(message, authMessage.writeToBuffer());
       } else {
         keyAndHmac = await ratchet.ratchetDecrypt(message, decodedRawKey);
       }
-
-      // Commit the ratchet
-      _eventStreamController.add(RatchetModifiedEvent(senderJid, senderDeviceId, ratchet));
-    });
-
-    // Empty OMEMO messages should just have the key decrypted and/or session set up.
-    if (ciphertext == null) {
-      return null;
+    } catch (_) {
+      await _restoreRatchet(ratchetKey, oldRatchet);
+      rethrow;
     }
-    
-    final key = keyAndHmac!.sublist(0, 32);
-    final hmac = keyAndHmac!.sublist(32, 48);
-    final derivedKeys = await deriveEncryptionKeys(key, omemoPayloadInfoString);
 
-    final computedHmac = await truncatedHmac(ciphertext, derivedKeys.authenticationKey);
-    if (!listsEqual(hmac, computedHmac)) {
-      throw InvalidMessageHMACException();
+    // Commit the ratchet
+    _eventStreamController.add(RatchetModifiedEvent(senderJid, senderDeviceId, ratchet));
+
+    try {
+      return _decryptAndVerifyHmac(ciphertext, keyAndHmac);
+    } catch (_) { 
+      await _restoreRatchet(ratchetKey, oldRatchet);
+      rethrow;
     }
-    
-    final plaintext = await aes256CbcDecrypt(ciphertext, derivedKeys.encryptionKey, derivedKeys.iv);
-    return utf8.decode(plaintext);
   }
 
   /// Returns the list of hex-encoded fingerprints we have for sessions with [jid].
@@ -353,7 +492,7 @@ class OmemoSessionManager {
 
     await _lock.synchronized(() async {
       // Get devices for jid
-      final devices = _deviceMap[jid]!;
+      final devices = _deviceMap[jid] ?? [];
 
       for (final deviceId in devices) {
         final ratchet = _ratchetMap[RatchetMapKey(jid, deviceId)]!;
@@ -370,6 +509,16 @@ class OmemoSessionManager {
     return fingerprints;
   }
 
+  /// Returns the hex-encoded fingerprint of the current device.
+  Future<DeviceFingerprint> getHexFingerprintForDevice() async {
+    final device = await getDevice();
+
+    return DeviceFingerprint(
+      device.id,
+      HEX.encode(await device.ik.pk.getBytes()),
+    );
+  }
+
   /// Replaces the Signed Prekey and its signature in our own device bundle. Triggers
   /// a DeviceModifiedEvent when done.
   /// See https://xmpp.org/extensions/xep-0384.html#protocol-key_exchange under the point
@@ -382,18 +531,121 @@ class OmemoSessionManager {
       _eventStreamController.add(DeviceModifiedEvent(_device));
     });
   }
+
+  /// Returns the device map, i.e. the mapping of bare Jid to its device identifiers
+  /// we have built sessions with.
+  Future<Map<String, List<int>>> getDeviceMap() async {
+    return _lock.synchronized(() => _deviceMap);
+  }
+
+  /// Removes the ratchet identified by [jid] and [deviceId] from the session manager.
+  /// Also triggers events for commiting the new device map to storage and removing
+  /// the old ratchet.
+  Future<void> removeRatchet(String jid, int deviceId) async {
+    await _lock.synchronized(() async {
+      // Remove the ratchet
+      _ratchetMap.remove(RatchetMapKey(jid, deviceId));
+      // Commit it
+      _eventStreamController.add(RatchetRemovedEvent(jid, deviceId));
+
+      // Remove the device from jid
+      _deviceMap[jid]!.remove(deviceId);
+      if (_deviceMap[jid]!.isEmpty) {
+        _deviceMap.remove(jid);
+      }
+      // Commit it
+      _eventStreamController.add(DeviceMapModifiedEvent(_deviceMap));
+    });
+  }
+
+  /// Removes all ratchets for Jid [jid]. Triggers a DeviceMapModified event at the end and an
+  /// RatchetRemovedEvent for each ratchet.
+  Future<void> removeAllRatchets(String jid) async {
+    await _lock.synchronized(() async {
+      for (final deviceId in _deviceMap[jid]!) {
+        // Remove the ratchet
+        _ratchetMap.remove(RatchetMapKey(jid, deviceId));
+        // Commit it
+        _eventStreamController.add(RatchetRemovedEvent(jid, deviceId));
+      }
+
+      // Remove the device from jid
+      _deviceMap.remove(jid);
+      // Commit it
+      _eventStreamController.add(DeviceMapModifiedEvent(_deviceMap));
+    });
+  }
+  
+  /// Returns the list of device identifiers belonging to [jid] that are yet unacked, i.e.
+  /// we have not yet received an empty OMEMO message from.
+  Future<List<int>?> getUnacknowledgedRatchets(String jid) async {
+    return _lock.synchronized(() async {
+      final ret = List<int>.empty(growable: true);
+      final devices = _deviceMap[jid];
+      if (devices == null) return null;
+
+      for (final device in devices) {
+        final ratchet = _ratchetMap[RatchetMapKey(jid, device)]!;
+        if (!ratchet.acknowledged) ret.add(device);
+      }
+
+      return ret;
+    });
+  }
+
+  /// Returns true if the ratchet for [jid] with device identifier [deviceId] is
+  /// acknowledged. Returns false if not.
+  Future<bool> isRatchetAcknowledged(String jid, int deviceId) async {
+    return _lock.synchronized(() => _ratchetMap[RatchetMapKey(jid, deviceId)]!.acknowledged);
+  }
+  
+  /// Mark the ratchet for device [deviceId] from [jid] as acked.
+  Future<void> ratchetAcknowledged(String jid, int deviceId) async {
+    await _lock.synchronized(() async {
+      final ratchet = _ratchetMap[RatchetMapKey(jid, deviceId)]!
+        ..acknowledged = true;
+
+      // Commit it
+      _eventStreamController.add(RatchetModifiedEvent(jid, deviceId, ratchet));
+    });
+  }
+
+  /// Generates an entirely new device. May be useful when the user wants to reset their cryptographic
+  /// identity. Triggers an event to commit it to storage.
+  Future<void> regenerateDevice({ int opkAmount = 100 }) async {
+    await _deviceLock.synchronized(() async {
+      _device = await Device.generateNewDevice(_device.jid, opkAmount: opkAmount);
+
+      // Commit it
+      _eventStreamController.add(DeviceModifiedEvent(_device));
+    });
+  }
+
+  /// Make our device have a new identifier. Only useful before publishing it as a bundle
+  /// to make sure that our device has a id that is account unique.
+  Future<void> regenerateDeviceId() async {
+    await _deviceLock.synchronized(() async {
+      _device = _device.withNewId();
+
+      // Commit it
+      _eventStreamController.add(DeviceModifiedEvent(_device));
+    });
+  }
+
+  Future<OmemoDoubleRatchet?> _getRatchet(RatchetMapKey key) async {
+    return _lock.synchronized(() async {
+      return _ratchetMap[key];
+    });
+  }
   
   @visibleForTesting
   OmemoDoubleRatchet getRatchet(String jid, int deviceId) => _ratchetMap[RatchetMapKey(jid, deviceId)]!;
 
-  @visibleForTesting
-  Map<String, List<int>> getDeviceMap() => _deviceMap;
-
   @visibleForTesting
   Map<RatchetMapKey, OmemoDoubleRatchet> getRatchetMap() => _ratchetMap;
 
   /// Serialise the entire session manager into a JSON object.
-  Future<Map<String, dynamic>> toJson() async {
+  Future<Map<String, dynamic>> toJsonWithoutSessions() async {
     /*
     {
       'devices': {
@@ -402,32 +654,12 @@ class OmemoSessionManager {
         ...
       },
       'device': { ... },
-      'sessions': [
-        {
-          'jid': 'alice@...',
-          'deviceId': 1,
-          'ratchet': { ... },
-        },
-        ...
-      ],
-      'trust': { ... }
     }
     */
 
-    final sessions = List<Map<String, dynamic>>.empty(growable: true);
-    for (final entry in _ratchetMap.entries) {
-      sessions.add({
-        'jid': entry.key.jid,
-        'deviceId': entry.key.deviceId,
-        'ratchet': await entry.value.toJson(),
-      });
-    }
     return {
       'devices': _deviceMap,
       'device': await (await getDevice()).toJson(),
-      'sessions': sessions,
-      // TODO(PapaTutuWawa): Implement
-      'trust': <String, dynamic>{},
     };
   }
 }

lib/src/protobuf/protobuf.dart

@@ -46,21 +46,18 @@ List<int> encodeVarint(int i) {
   assert(i >= 0, "Two's complement is not implemented");
   final ret = List<int>.empty(growable: true);
 
-  var j = 0;
-  while (true) {
+  // Thanks to https://github.com/hathibelagal-dev/LEB128 for the trick with toRadixString!
+  final numSevenBlocks = (i.toRadixString(2).length / 7).ceil();
+  for (var j = 0; j < numSevenBlocks; j++) {
     // The 7 LSB of the byte we're creating
     final x = (i & (lsb7Mask << j * 7)) >> j * 7;
-    // The next bits
-    final next = i & (lsb7Mask << (j + 1) * 7);
 
-    if (next == 0) {
+    if (j == numSevenBlocks - 1) {
       // If we were to shift further, we only get zero, so we're at the end
       ret.add(x);
-      break;
     } else {
       // We still have at least one bit more to go, so set the MSB to 1
       ret.add(x + msb);
-      j++;
     }
   }
 

lib/src/trust/always.dart

@@ -11,4 +11,13 @@ class AlwaysTrustingTrustManager extends TrustManager {
 
   @override
   Future<void> onNewSession(String jid, int deviceId) async {}
+
+  @override
+  Future<bool> isEnabled(String jid, int deviceId) async => true;
+
+  @override
+  Future<void> setEnabled(String jid, int deviceId, bool enabled) async {}
+
+  @override
+  Future<Map<String, dynamic>> toJson() async => <String, dynamic>{};
 }

lib/src/trust/base.dart

@@ -8,4 +8,15 @@ abstract class TrustManager {
   /// Called by the OmemoSessionManager when a new session has been built. Should set
   /// a default trust state to [jid]'s device with identifier [deviceId].
   Future<void> onNewSession(String jid, int deviceId);
+
+  /// Return true if the device with id [deviceId] of Jid [jid] should be used for encryption.
+  /// If not, return false.
+  Future<bool> isEnabled(String jid, int deviceId);
+
+  /// Mark the device with id [deviceId] of Jid [jid] as enabled if [enabled] is true or as disabled
+  /// if [enabled] is false.
+  Future<void> setEnabled(String jid, int deviceId, bool enabled);
+
+  /// Serialize the trust manager to JSON.
+  Future<Map<String, dynamic>> toJson();
 }

lib/src/trust/btbv.dart

@@ -8,34 +8,66 @@ import 'package:synchronized/synchronized.dart';
 /// - blindTrust: The fingerprint is not verified using OOB means
 /// - verified: The fingerprint has been verified using OOB means
 enum BTBVTrustState {
-  notTrusted,
-  blindTrust,
-  verified,
+  notTrusted, // = 1
+  blindTrust, // = 2
+  verified,   // = 3
 }
 
-class BlindTrustBeforeVerificationTrustManager extends TrustManager {
-  BlindTrustBeforeVerificationTrustManager()
-    : _trustCache = {},
-      _devices = {},
-      _lock = Lock();
+int _trustToInt(BTBVTrustState state) {
+  switch (state) {
+    case BTBVTrustState.notTrusted: return 1;
+    case BTBVTrustState.blindTrust: return 2;
+    case BTBVTrustState.verified:   return 3;
+  }
+}
 
-  /// The cache for Mapping a RatchetMapKey to its trust state
-  final Map<RatchetMapKey, BTBVTrustState> _trustCache;
+BTBVTrustState _trustFromInt(int i) {
+  switch (i) {
+    case 1: return BTBVTrustState.notTrusted;
+    case 2: return BTBVTrustState.blindTrust;
+    case 3: return BTBVTrustState.verified;
+    default: return BTBVTrustState.notTrusted;
+  }
+}
 
+/// A TrustManager that implements the idea of Blind Trust Before Verification.
+/// See https://gultsch.de/trust.html for more details.
+abstract class BlindTrustBeforeVerificationTrustManager extends TrustManager {
+  BlindTrustBeforeVerificationTrustManager({
+    Map<RatchetMapKey, BTBVTrustState>? trustCache,
+    Map<RatchetMapKey, bool>? enablementCache,
+    Map<String, List<int>>? devices,
+  }) : trustCache = trustCache ?? {},
+       enablementCache = enablementCache ?? {},
+       devices = devices ?? {},
+       _lock = Lock();
+
+  /// The cache for mapping a RatchetMapKey to its trust state
+  @visibleForTesting
+  @protected
+  final Map<RatchetMapKey, BTBVTrustState> trustCache;
+
+  /// The cache for mapping a RatchetMapKey to whether it is enabled or not
+  @visibleForTesting
+  @protected
+  final Map<RatchetMapKey, bool> enablementCache;
+  
   /// Mapping of Jids to their device identifiers
-  final Map<String, List<int>> _devices;
+  @visibleForTesting
+  @protected
+  final Map<String, List<int>> devices;
 
-  /// The lock for _devices and _trustCache
+  /// The lock for devices and trustCache
   final Lock _lock;
 
   /// Returns true if [jid] has at least one device that is verified. If not, returns false.
-  /// Note that this function accesses _devices and _trustCache, which requires that the
+  /// Note that this function accesses devices and trustCache, which requires that the
   /// lock for those two maps (_lock) has been aquired before calling.
   bool _hasAtLeastOneVerifiedDevice(String jid) {
-    if (!_devices.containsKey(jid)) return false;
+    if (!devices.containsKey(jid)) return false;
 
-    return _devices[jid]!.any((id) {
-      return _trustCache[RatchetMapKey(jid, id)]! == BTBVTrustState.verified;
+    return devices[jid]!.any((id) {
+      return trustCache[RatchetMapKey(jid, id)]! == BTBVTrustState.verified;
     });
   }
   
@@ -43,7 +75,7 @@ class BlindTrustBeforeVerificationTrustManager extends TrustManager {
   Future<bool> isTrusted(String jid, int deviceId) async {
     var returnValue = false;
     await _lock.synchronized(() async {
-      final trustCacheValue = _trustCache[RatchetMapKey(jid, deviceId)];
+      final trustCacheValue = trustCache[RatchetMapKey(jid, deviceId)];
       if (trustCacheValue == BTBVTrustState.notTrusted) {
         returnValue = false;
         return;
@@ -70,17 +102,23 @@ class BlindTrustBeforeVerificationTrustManager extends TrustManager {
   @override
   Future<void> onNewSession(String jid, int deviceId) async {
     await _lock.synchronized(() async {
+      final key = RatchetMapKey(jid, deviceId);
       if (_hasAtLeastOneVerifiedDevice(jid)) {
-        _trustCache[RatchetMapKey(jid, deviceId)] = BTBVTrustState.notTrusted;
+        trustCache[key] = BTBVTrustState.notTrusted;
+        enablementCache[key] = false;
       } else {
-        _trustCache[RatchetMapKey(jid, deviceId)] = BTBVTrustState.blindTrust;
+        trustCache[key] = BTBVTrustState.blindTrust;
+        enablementCache[key] = true;
       }
 
-      if (_devices.containsKey(jid)) {
-        _devices[jid]!.add(deviceId);
+      if (devices.containsKey(jid)) {
+        devices[jid]!.add(deviceId);
       } else {
-        _devices[jid] = List<int>.from([deviceId]);
+        devices[jid] = List<int>.from([deviceId]);
       }
+      
+      // Commit the state
+      await commitState();
     });
   }
   
@@ -89,8 +127,8 @@ class BlindTrustBeforeVerificationTrustManager extends TrustManager {
     final map = <int, BTBVTrustState>{};
 
     await _lock.synchronized(() async {
-      for (final deviceId in _devices[jid]!) {
-        map[deviceId] = _trustCache[RatchetMapKey(jid, deviceId)]!;
+      for (final deviceId in devices[jid]!) {
+        map[deviceId] = trustCache[RatchetMapKey(jid, deviceId)]!;
       }
     });
 
@@ -100,10 +138,89 @@ class BlindTrustBeforeVerificationTrustManager extends TrustManager {
   /// Sets the trust of [jid]'s device with identifier [deviceId] to [state].
   Future<void> setDeviceTrust(String jid, int deviceId, BTBVTrustState state) async {
     await _lock.synchronized(() async {
-      _trustCache[RatchetMapKey(jid, deviceId)] = state;
+      trustCache[RatchetMapKey(jid, deviceId)] = state;
+
+      // Commit the state
+      await commitState();
     });
   }
 
+  @override
+  Future<bool> isEnabled(String jid, int deviceId) async {
+    return _lock.synchronized(() async {
+      final value = enablementCache[RatchetMapKey(jid, deviceId)];
+
+      if (value == null) return false;
+      return value;
+    });
+  }
+
+  @override
+  Future<void> setEnabled(String jid, int deviceId, bool enabled) async {
+    await _lock.synchronized(() async {
+      enablementCache[RatchetMapKey(jid, deviceId)] = enabled;
+    });
+
+    // Commit the state
+    await commitState();
+  }
+
+  @override
+  Future<Map<String, dynamic>> toJson() async {
+    return {
+      'devices': devices,
+      'trust': trustCache.map((key, value) => MapEntry(
+        key.toJsonKey(), _trustToInt(value),
+      ),),
+      'enable': enablementCache.map((key, value) => MapEntry(key.toJsonKey(), value)),
+    };
+  }
+
+  /// From a serialized version of a BTBV trust manager, extract the device list.
+  /// NOTE: This is needed as Dart cannot just cast a List<dynamic> to List<int> and so on.
+  static Map<String, List<int>> deviceListFromJson(Map<String, dynamic> json) {
+    return (json['devices']! as Map<String, dynamic>).map<String, List<int>>(
+      (key, value) => MapEntry(
+        key,
+        (value as List<dynamic>).map<int>((i) => i as int).toList(),
+      ),
+    );
+  }
+
+  /// From a serialized version of a BTBV trust manager, extract the trust cache.
+  /// NOTE: This is needed as Dart cannot just cast a List<dynamic> to List<int> and so on.
+  static Map<RatchetMapKey, BTBVTrustState> trustCacheFromJson(Map<String, dynamic> json) {
+    return (json['trust']! as Map<String, dynamic>).map<RatchetMapKey, BTBVTrustState>(
+      (key, value) => MapEntry(
+        RatchetMapKey.fromJsonKey(key),
+        _trustFromInt(value as int),
+      ),
+    );
+  }
+
+  /// From a serialized version of a BTBV trust manager, extract the enable cache.
+  /// NOTE: This is needed as Dart cannot just cast a List<dynamic> to List<int> and so on.
+  static Map<RatchetMapKey, bool> enableCacheFromJson(Map<String, dynamic> json) {
+    return (json['enable']! as Map<String, dynamic>).map<RatchetMapKey, bool>(
+      (key, value) => MapEntry(
+        RatchetMapKey.fromJsonKey(key),
+        value as bool,
+      ),
+    );
+  }
+  
+  /// Called when the state of the trust manager has been changed. Allows the user to
+  /// commit the trust state to persistent storage.
+  @visibleForOverriding
+  Future<void> commitState();
+
   @visibleForTesting
-  BTBVTrustState getDeviceTrust(String jid, int deviceId) => _trustCache[RatchetMapKey(jid, deviceId)]!;
+  BTBVTrustState getDeviceTrust(String jid, int deviceId) => trustCache[RatchetMapKey(jid, deviceId)]!;
+}
+
+/// A BTBV TrustManager that does not commit its state to persistent storage. Well suited
+/// for testing.
+class MemoryBTBVTrustManager extends BlindTrustBeforeVerificationTrustManager {
+  @override
+  Future<void> commitState() async {}
 }

lib/src/trust/never.dart

@@ -0,0 +1,23 @@
+import 'package:meta/meta.dart';
+import 'package:omemo_dart/src/trust/base.dart';
+
+/// Only use for testing!
+/// An implementation of TrustManager that never trusts any device and thus
+/// has no internal state.
+@visibleForTesting
+class NeverTrustingTrustManager extends TrustManager {
+  @override
+  Future<bool> isTrusted(String jid, int deviceId) async => false;
+
+  @override
+  Future<void> onNewSession(String jid, int deviceId) async {}
+
+  @override
+  Future<bool> isEnabled(String jid, int deviceId) async => true;
+
+  @override
+  Future<void> setEnabled(String jid, int deviceId, bool enabled) async {}
+
+  @override
+  Future<Map<String, dynamic>> toJson() async => <String, dynamic>{};
+}

pubspec.yaml

@@ -1,6 +1,8 @@
 name: omemo_dart
 description: An XMPP library independent OMEMO library
-version: 0.1.0
+version: 0.3.2
+homepage: https://github.com/PapaTutuWawa/omemo_dart
+publish_to: https://git.polynom.me/api/packages/PapaTutuWawa/pub
 
 environment:
   sdk: '>=2.17.0 <3.0.0'
@@ -9,6 +11,8 @@ dependencies:
   collection: ^1.16.0
   cryptography: ^2.0.5
   hex: ^0.2.0
+  logging: ^1.0.2
+  meta: ^1.7.0
   pinenacl: ^0.5.1
   synchronized: ^3.0.0+2
 

test/double_ratchet_test.dart

@@ -84,12 +84,14 @@ void main() {
       ikBob.pk,
       resultAlice.sk,
       resultAlice.ad,
+      0,
     );
     final bobsRatchet = await OmemoDoubleRatchet.acceptNewSession(
       spkBob,
       ikAlice.pk,
       resultBob.sk,
       resultBob.ad,
+      0,
     );
 
     expect(alicesRatchet.sessionAd, bobsRatchet.sessionAd);

test/omemo_test.dart

@@ -1,12 +1,50 @@
+import 'package:logging/logging.dart';
 import 'package:omemo_dart/omemo_dart.dart';
 import 'package:omemo_dart/src/trust/always.dart';
+import 'package:omemo_dart/src/trust/never.dart';
 import 'package:test/test.dart';
 
 void main() {
+  Logger.root
+    ..level = Level.ALL
+    ..onRecord.listen((record) {
+      // ignore: avoid_print
+      print('${record.level.name}: ${record.message}');
+    });
+
+  test('Test replacing a onetime prekey', () async {
+    const aliceJid = 'alice@server.example';
+    final device = await Device.generateNewDevice(aliceJid, opkAmount: 1);
+
+    final newDevice = await device.replaceOnetimePrekey(0);
+
+    expect(device.jid, newDevice.jid);
+    expect(device.id, newDevice.id);
+
+    var opksMatch = true;
+    if (newDevice.opks.length != device.opks.length) {
+      opksMatch = false;
+    } else {
+      for (final entry in device.opks.entries) {
+        final m = await newDevice.opks[entry.key]?.equals(entry.value) ?? false;
+        if (!m) opksMatch = false;
+      }
+    }
+    
+    expect(opksMatch, true);
+    expect(await device.ik.equals(newDevice.ik), true);
+    expect(await device.spk.equals(newDevice.spk), true);
+
+    final oldSpkMatch = device.oldSpk != null ?
+      await device.oldSpk!.equals(newDevice.oldSpk!) :
+      newDevice.oldSpk == null;
+    expect(oldSpkMatch, true);
+    expect(listsEqual(device.spkSignature, newDevice.spkSignature), true);
+  });
+    
   test('Test using OMEMO sessions with only one device per user', () async {
     const aliceJid = 'alice@server.example';
     const bobJid = 'bob@other.server.example';
-      
     // Alice and Bob generate their sessions
     var deviceModified = false;
     var ratchetModified = 0;
@@ -38,11 +76,11 @@ void main() {
       bobJid,
       messagePlaintext,
       newSessions: [
-        await (await bobSession.getDevice()).toBundle(),
+        await bobSession.getDeviceBundle(),
       ],
     );
     expect(aliceMessage.encryptedKeys.length, 1);
-
+    
     // Alice sends the message to Bob
     // ...
 
@@ -50,8 +88,9 @@ void main() {
     final bobMessage = await bobSession.decryptMessage(
       aliceMessage.ciphertext,
       aliceJid,
-      (await aliceSession.getDevice()).id,
+      await aliceSession.getDeviceId(),
       aliceMessage.encryptedKeys,
+      0,
     );
     expect(messagePlaintext, bobMessage);
     // The ratchet should be modified two times: Once for when the ratchet is created and
@@ -67,6 +106,10 @@ void main() {
       false,
     );
 
+    // Ratchets are acked
+    await aliceSession.ratchetAcknowledged(bobJid, await bobSession.getDeviceId());
+    await bobSession.ratchetAcknowledged(aliceJid, await aliceSession.getDeviceId());
+    
     // Bob responds to Alice
     const bobResponseText = 'Oh, hello Alice!';
     final bobResponseMessage = await bobSession.encryptToJid(
@@ -81,8 +124,9 @@ void main() {
     final aliceReceivedMessage = await aliceSession.decryptMessage(
       bobResponseMessage.ciphertext,
       bobJid,
-      (await bobSession.getDevice()).id,
+      await bobSession.getDeviceId(),
       bobResponseMessage.encryptedKeys,
+      0,
     );
     expect(bobResponseText, aliceReceivedMessage);
   });
@@ -115,8 +159,8 @@ void main() {
       bobJid,
       messagePlaintext,
       newSessions: [
-        await (await bobSession.getDevice()).toBundle(),
-        await (await bobSession2.getDevice()).toBundle(),
+        await bobSession.getDeviceBundle(),
+        await bobSession2.getDeviceBundle(),
       ],
     );
     expect(aliceMessage.encryptedKeys.length, 2);
@@ -130,11 +174,16 @@ void main() {
     final bobMessage = await bobSession.decryptMessage(
       aliceMessage.ciphertext,
       aliceJid,
-      (await aliceSession.getDevice()).id,
+      await aliceSession.getDeviceId(),
       aliceMessage.encryptedKeys,
+      0,
     );
     expect(messagePlaintext, bobMessage);
 
+    // Ratchets are acked
+    await aliceSession.ratchetAcknowledged(bobJid, await bobSession.getDeviceId());
+    await bobSession.ratchetAcknowledged(aliceJid, await aliceSession.getDeviceId());
+    
     // Bob responds to Alice
     const bobResponseText = 'Oh, hello Alice!';
     final bobResponseMessage = await bobSession.encryptToJid(
@@ -149,8 +198,9 @@ void main() {
     final aliceReceivedMessage = await aliceSession.decryptMessage(
       bobResponseMessage.ciphertext,
       bobJid,
-      (await bobSession.getDevice()).id,
+      await bobSession.getDeviceId(),
       bobResponseMessage.encryptedKeys,
+      0,
     );
     expect(bobResponseText, aliceReceivedMessage);
 
@@ -192,8 +242,8 @@ void main() {
       [bobJid, aliceJid],
       messagePlaintext,
       newSessions: [
-        await (await bobSession.getDevice()).toBundle(),
-        await (await aliceSession2.getDevice()).toBundle(),
+        await bobSession.getDeviceBundle(),
+        await aliceSession2.getDeviceBundle(),
       ],
     );
     expect(aliceMessage.encryptedKeys.length, 2);
@@ -205,8 +255,9 @@ void main() {
     final bobMessage = await bobSession.decryptMessage(
       aliceMessage.ciphertext,
       aliceJid,
-      (await aliceSession1.getDevice()).id,
+      await aliceSession1.getDeviceId(),
       aliceMessage.encryptedKeys,
+      0,
     );
     expect(messagePlaintext, bobMessage);
 
@@ -214,13 +265,14 @@ void main() {
     final aliceMessage2 = await aliceSession2.decryptMessage(
       aliceMessage.ciphertext,
       aliceJid,
-      (await aliceSession1.getDevice()).id,
+      await aliceSession1.getDeviceId(),
       aliceMessage.encryptedKeys,
+      0,
     );
     expect(messagePlaintext, aliceMessage2);
   });
 
-  test('Test using sending empty OMEMO messages', () async {
+  test('Test sending empty OMEMO messages', () async {
     const aliceJid = 'alice@server.example';
     const bobJid = 'bob@other.server.example';
       
@@ -241,7 +293,7 @@ void main() {
       bobJid,
       null,
       newSessions: [
-        await (await bobSession.getDevice()).toBundle(),
+        await bobSession.getDeviceBundle(),
       ],
     );
     expect(aliceMessage.encryptedKeys.length, 1);
@@ -254,13 +306,14 @@ void main() {
     final bobMessage = await bobSession.decryptMessage(
       aliceMessage.ciphertext,
       aliceJid,
-      (await aliceSession.getDevice()).id,
+      await aliceSession.getDeviceId(),
       aliceMessage.encryptedKeys,
+      0,
     );
     expect(bobMessage, null);
 
     // This call must not cause an exception
-    bobSession.getRatchet(aliceJid, (await aliceSession.getDevice()).id);
+    bobSession.getRatchet(aliceJid, await aliceSession.getDeviceId());
   });
 
   test('Test rotating the Signed Prekey', () async {
@@ -316,7 +369,7 @@ void main() {
       bobJid,
       messagePlaintext,
       newSessions: [
-        await (await bobSession.getDevice()).toBundle(),
+        await bobSession.getDeviceBundle(),
       ],
     );
     expect(aliceMessage.encryptedKeys.length, 1);
@@ -331,9 +384,563 @@ void main() {
     final bobMessage = await bobSession.decryptMessage(
       aliceMessage.ciphertext,
       aliceJid,
-      (await aliceSession.getDevice()).id,
+      await aliceSession.getDeviceId(),
       aliceMessage.encryptedKeys,
+      0,
     );
     expect(messagePlaintext, bobMessage);
   });
+
+  test('Test trust bypassing with empty OMEMO messages', () async {
+    const aliceJid = 'alice@server.example';
+    const bobJid = 'bob@other.server.example';
+      
+    // Alice and Bob generate their sessions
+    final aliceSession = await OmemoSessionManager.generateNewIdentity(
+      aliceJid,
+      NeverTrustingTrustManager(),
+      opkAmount: 1,
+    );
+    final bobSession = await OmemoSessionManager.generateNewIdentity(
+      bobJid,
+      NeverTrustingTrustManager(),
+      opkAmount: 1,
+    );
+
+    // Alice encrypts an empty message for Bob
+    final aliceMessage = await aliceSession.encryptToJid(
+      bobJid,
+      null,
+      newSessions: [
+        await bobSession.getDeviceBundle(),
+      ],
+    );
+
+    // Despite Alice not trusting Bob's device, we should have encrypted it for his
+    // untrusted device.
+    expect(aliceMessage.encryptedKeys.length, 1);
+  });
+
+  test('Test by sending multiple messages back and forth', () async {
+    const aliceJid = 'alice@server.example';
+    const bobJid = 'bob@other.server.example';
+    // Alice and Bob generate their sessions
+    final aliceSession = await OmemoSessionManager.generateNewIdentity(
+      aliceJid,
+      AlwaysTrustingTrustManager(),
+      opkAmount: 1,
+    );
+    final bobSession = await OmemoSessionManager.generateNewIdentity(
+      bobJid,
+      AlwaysTrustingTrustManager(),
+      opkAmount: 1,
+    );
+
+    // Alice encrypts a message for Bob
+    final aliceMessage = await aliceSession.encryptToJid(
+      bobJid,
+      'Hello Bob!',
+      newSessions: [
+        await bobSession.getDeviceBundle(),
+      ],
+    );
+
+    // Alice sends the message to Bob
+    // ...
+
+    await bobSession.decryptMessage(
+      aliceMessage.ciphertext,
+      aliceJid,
+      await aliceSession.getDeviceId(),
+      aliceMessage.encryptedKeys,
+      0,
+    );
+
+    // Ratchets are acked
+    await aliceSession.ratchetAcknowledged(bobJid, await bobSession.getDeviceId());
+    await bobSession.ratchetAcknowledged(aliceJid, await aliceSession.getDeviceId());
+    
+    for (var i = 0; i < 100; i++) {
+      final messageText = 'Test Message #$i';
+      // Bob responds to Alice
+      final bobResponseMessage = await bobSession.encryptToJid(
+        aliceJid,
+        messageText,
+      );
+
+      // Bob sends the message to Alice
+      // ...
+
+      // Alice decrypts it
+      final aliceReceivedMessage = await aliceSession.decryptMessage(
+        bobResponseMessage.ciphertext,
+        bobJid,
+        await bobSession.getDeviceId(),
+        bobResponseMessage.encryptedKeys,
+        0,
+      );
+      expect(messageText, aliceReceivedMessage);
+    }
+  });
+
+  group('Test removing a ratchet', () {
+    test('Test removing a ratchet when the user has multiple', () async {
+      const aliceJid = 'alice@server.local';
+      const bobJid = 'bob@some.server.local';
+      final aliceSession = await OmemoSessionManager.generateNewIdentity(
+        aliceJid,
+        AlwaysTrustingTrustManager(),
+        opkAmount: 1,
+      );
+      final bobSession1 = await OmemoSessionManager.generateNewIdentity(
+        bobJid,
+        AlwaysTrustingTrustManager(),
+        opkAmount: 1,
+      );
+      final bobSession2 = await OmemoSessionManager.generateNewIdentity(
+        bobJid,
+        AlwaysTrustingTrustManager(),
+        opkAmount: 1,
+      );
+
+      // Alice sends a message to those two Bobs
+      await aliceSession.encryptToJid(
+        bobJid,
+        'Hallo Welt',
+        newSessions: [
+          await bobSession1.getDeviceBundle(),
+          await bobSession2.getDeviceBundle(),
+        ],
+      );
+
+      // One of those two sessions is broken, so Alice removes the session2 ratchet
+      final id1 = await bobSession1.getDeviceId();
+      final id2 = await bobSession2.getDeviceId();
+      await aliceSession.removeRatchet(bobJid, id1);
+
+      final map = aliceSession.getRatchetMap();
+      expect(map.containsKey(RatchetMapKey(bobJid, id1)), false);
+      expect(map.containsKey(RatchetMapKey(bobJid, id2)), true);
+      final deviceMap = await aliceSession.getDeviceMap();
+      expect(deviceMap.containsKey(bobJid), true);
+      expect(deviceMap[bobJid], [id2]);
+    });
+
+    test('Test removing a ratchet when the user has only one', () async {
+      const aliceJid = 'alice@server.local';
+      const bobJid = 'bob@some.server.local';
+      final aliceSession = await OmemoSessionManager.generateNewIdentity(
+        aliceJid,
+        AlwaysTrustingTrustManager(),
+        opkAmount: 1,
+      );
+      final bobSession = await OmemoSessionManager.generateNewIdentity(
+        bobJid,
+        AlwaysTrustingTrustManager(),
+        opkAmount: 1,
+      );
+
+      // Alice sends a message to those two Bobs
+      await aliceSession.encryptToJid(
+        bobJid,
+        'Hallo Welt',
+        newSessions: [
+          await bobSession.getDeviceBundle(),
+        ],
+      );
+
+      // One of those two sessions is broken, so Alice removes the session2 ratchet
+      final id = await bobSession.getDeviceId();
+      await aliceSession.removeRatchet(bobJid, id);
+
+      final map = aliceSession.getRatchetMap();
+      expect(map.containsKey(RatchetMapKey(bobJid, id)), false);
+      final deviceMap = await aliceSession.getDeviceMap();
+      expect(deviceMap.containsKey(bobJid), false);
+    });
+  });
+
+  test('Test acknowledging a ratchet', () async {
+    const aliceJid = 'alice@server.example';
+    const bobJid = 'bob@other.server.example';
+    // Alice and Bob generate their sessions
+    final aliceSession = await OmemoSessionManager.generateNewIdentity(
+      aliceJid,
+      AlwaysTrustingTrustManager(),
+      opkAmount: 1,
+    );
+    final bobSession = await OmemoSessionManager.generateNewIdentity(
+      bobJid,
+      AlwaysTrustingTrustManager(),
+      opkAmount: 1,
+    );
+
+    // Alice sends Bob a message
+    await aliceSession.encryptToJid(
+      bobJid,
+      'Hallo Welt',
+      newSessions: [
+        await bobSession.getDeviceBundle(),
+      ],
+    );
+    expect(
+      await aliceSession.getUnacknowledgedRatchets(bobJid),
+      [
+        await bobSession.getDeviceId(),
+      ],
+    );
+
+    // Bob sends alice an empty message
+    // ...
+
+    // Alice decrypts it
+    // ...
+
+    // Alice marks the ratchet as acknowledged
+    await aliceSession.ratchetAcknowledged(bobJid, await bobSession.getDeviceId());
+    expect(
+      (await aliceSession.getUnacknowledgedRatchets(bobJid))!.isEmpty,
+      true,
+    );
+  });
+
+  test('Test overwriting sessions', () async {
+    const aliceJid = 'alice@server.example';
+    const bobJid = 'bob@other.server.example';
+    // Alice and Bob generate their sessions
+    final aliceSession = await OmemoSessionManager.generateNewIdentity(
+      aliceJid,
+      AlwaysTrustingTrustManager(),
+      opkAmount: 1,
+    );
+    final bobSession = await OmemoSessionManager.generateNewIdentity(
+      bobJid,
+      AlwaysTrustingTrustManager(),
+      opkAmount: 2,
+    );
+
+    // Alice sends Bob a message
+    final msg1 = await aliceSession.encryptToJid(
+      bobJid,
+      'Hallo Welt',
+      newSessions: [
+        await bobSession.getDeviceBundle(),
+      ],
+    );
+    await bobSession.decryptMessage(
+      msg1.ciphertext,
+      aliceJid,
+      await aliceSession.getDeviceId(),
+      msg1.encryptedKeys,
+      0,
+    );
+    final aliceRatchet1 = aliceSession.getRatchet(
+      bobJid,
+      await bobSession.getDeviceId(),
+    );
+    final bobRatchet1 = bobSession.getRatchet(
+      aliceJid,
+      await aliceSession.getDeviceId(),
+    );
+
+    // Alice is impatient and immediately sends another message before the original one
+    // can be acknowledged by Bob
+    final msg2 = await aliceSession.encryptToJid(
+      bobJid,
+      "Why don't you answer?",
+      newSessions: [
+        await bobSession.getDeviceBundle(),
+      ],
+    );
+    await bobSession.decryptMessage(
+      msg2.ciphertext,
+      aliceJid,
+      await aliceSession.getDeviceId(),
+      msg2.encryptedKeys,
+      getTimestamp(),
+    );
+    final aliceRatchet2 = aliceSession.getRatchet(
+      bobJid,
+      await bobSession.getDeviceId(),
+    );
+    final bobRatchet2 = bobSession.getRatchet(
+      aliceJid,
+      await aliceSession.getDeviceId(),
+    );
+
+    // Both should only have one ratchet
+    expect(aliceSession.getRatchetMap().length, 1);
+    expect(bobSession.getRatchetMap().length, 1);
+    
+    // The ratchets should both be different
+    expect(await aliceRatchet1.equals(aliceRatchet2), false);
+    expect(await bobRatchet1.equals(bobRatchet2), false);
+  });
+
+  test('Test resending key exchanges', () async {
+    const aliceJid = 'alice@server.example';
+    const bobJid = 'bob@other.server.example';
+    // Alice and Bob generate their sessions
+    final aliceSession = await OmemoSessionManager.generateNewIdentity(
+      aliceJid,
+      AlwaysTrustingTrustManager(),
+      opkAmount: 1,
+    );
+    final bobSession = await OmemoSessionManager.generateNewIdentity(
+      bobJid,
+      AlwaysTrustingTrustManager(),
+      opkAmount: 2,
+    );
+
+    // Alice sends Bob a message
+    final msg1 = await aliceSession.encryptToJid(
+      bobJid,
+      'Hallo Welt',
+      newSessions: [
+        await bobSession.getDeviceBundle(),
+      ],
+    );
+    // The first message should be a kex message
+    expect(msg1.encryptedKeys.first.kex, true);
+
+    await bobSession.decryptMessage(
+      msg1.ciphertext,
+      aliceJid,
+      await aliceSession.getDeviceId(),
+      msg1.encryptedKeys,
+      0,
+    );
+
+    // Alice is impatient and immediately sends another message before the original one
+    // can be acknowledged by Bob
+    final msg2 = await aliceSession.encryptToJid(
+      bobJid,
+      "Why don't you answer?",
+    );
+    expect(msg2.encryptedKeys.first.kex, true);
+
+    await bobSession.decryptMessage(
+      msg2.ciphertext,
+      aliceJid,
+      await aliceSession.getDeviceId(),
+      msg2.encryptedKeys,
+      getTimestamp(),
+    );
+
+  });
+  
+  test('Test receiving old messages including a KEX', () async {
+    const aliceJid = 'alice@server.example';
+    const bobJid = 'bob@other.server.example';
+    // Alice and Bob generate their sessions
+    final aliceSession = await OmemoSessionManager.generateNewIdentity(
+      aliceJid,
+      AlwaysTrustingTrustManager(),
+      opkAmount: 1,
+    );
+    final bobSession = await OmemoSessionManager.generateNewIdentity(
+      bobJid,
+      AlwaysTrustingTrustManager(),
+      opkAmount: 2,
+    );
+
+    final bobsReceivedMessages = List<EncryptionResult>.empty(growable: true);
+    final bobsReceivedMessagesTimestamps = List<int>.empty(growable: true);
+    
+    // Alice sends Bob a message
+    final msg1 = await aliceSession.encryptToJid(
+      bobJid,
+      'Hallo Welt',
+      newSessions: [
+        await bobSession.getDeviceBundle(),
+      ],
+    );
+    bobsReceivedMessages.add(msg1);
+    final t1 = getTimestamp();
+    bobsReceivedMessagesTimestamps.add(t1);
+
+    await bobSession.decryptMessage(
+      msg1.ciphertext,
+      aliceJid,
+      await aliceSession.getDeviceId(),
+      msg1.encryptedKeys,
+      t1,
+    );
+
+    // Ratchets are acked
+    await aliceSession.ratchetAcknowledged(bobJid, await bobSession.getDeviceId());
+    await bobSession.ratchetAcknowledged(aliceJid, await aliceSession.getDeviceId());
+    
+    // Bob responds
+    final msg2 = await bobSession.encryptToJid(
+      aliceJid,
+      'Hello!',
+    );
+
+    await aliceSession.decryptMessage(
+      msg2.ciphertext,
+      bobJid,
+      await bobSession.getDeviceId(),
+      msg2.encryptedKeys,
+      getTimestamp(),
+    );
+    
+    // Send some messages between the two
+    for (var i = 0; i < 100; i++) {
+      final msg = await aliceSession.encryptToJid(
+        bobJid,
+        'Hello $i',
+      );
+      bobsReceivedMessages.add(msg);
+      final t = getTimestamp();
+      bobsReceivedMessagesTimestamps.add(t);
+      final result = await bobSession.decryptMessage(
+        msg.ciphertext,
+        aliceJid,
+        await aliceSession.getDeviceId(),
+        msg.encryptedKeys,
+        t,
+      );
+
+      expect(result, 'Hello $i');
+    }
+
+    // Due to some issue with the transport protocol, the messages to Bob are received
+    // again.
+    final ratchetPreError = bobSession
+      .getRatchet(aliceJid, await aliceSession.getDeviceId())
+      .clone();
+    var invalidKex = 0;
+    var errorCounter = 0;
+    for (var i = 0; i < bobsReceivedMessages.length; i++) {
+      final msg = bobsReceivedMessages[i];
+      try {
+        await bobSession.decryptMessage(
+          msg.ciphertext,
+          aliceJid,
+          await aliceSession.getDeviceId(),
+          msg.encryptedKeys,
+          bobsReceivedMessagesTimestamps[i],
+        );
+        expect(true, false);
+      } on InvalidMessageHMACException catch (_) {
+        errorCounter++;
+      } on InvalidKeyExchangeException catch (_) {
+        invalidKex++;
+      }
+    }
+    final ratchetPostError = bobSession
+      .getRatchet(aliceJid, await aliceSession.getDeviceId())
+      .clone();
+
+    // The 100 messages including the initial KEX message
+    expect(invalidKex, 1);
+    expect(errorCounter, 100);
+    expect(await ratchetPreError.equals(ratchetPostError), true);
+
+    
+    final msg3 = await aliceSession.encryptToJid(
+      bobJid,
+      'Are you okay?',
+    );
+    final result = await bobSession.decryptMessage(
+      msg3.ciphertext,
+      aliceJid,
+      await aliceSession.getDeviceId(),
+      msg3.encryptedKeys,
+      104,
+    );
+
+    expect(result, 'Are you okay?');
+  });
+
+  test("Test ignoring a new KEX when we haven't acket it yet", () async {
+    const aliceJid = 'alice@server.example';
+    const bobJid = 'bob@other.server.example';
+    // Alice and Bob generate their sessions
+    final aliceSession = await OmemoSessionManager.generateNewIdentity(
+      aliceJid,
+      AlwaysTrustingTrustManager(),
+      opkAmount: 1,
+    );
+    final bobSession = await OmemoSessionManager.generateNewIdentity(
+      bobJid,
+      AlwaysTrustingTrustManager(),
+      opkAmount: 1,
+    );
+
+    // Alice sends Bob a message
+    final msg1 = await aliceSession.encryptToJid(
+      bobJid,
+      'Hallo Welt',
+      newSessions: [
+        await bobSession.getDeviceBundle(),
+      ],
+    );
+    expect(msg1.encryptedKeys.first.kex, true);
+
+    await bobSession.decryptMessage(
+      msg1.ciphertext,
+      aliceJid,
+      await aliceSession.getDeviceId(),
+      msg1.encryptedKeys,
+      getTimestamp(),
+    );
+
+    // Alice sends another message before the ack can reach us
+    final msg2 = await aliceSession.encryptToJid(
+      bobJid,
+      'ANSWER ME!',
+    );
+    expect(msg2.encryptedKeys.first.kex, true);
+
+    await bobSession.decryptMessage(
+      msg2.ciphertext,
+      aliceJid,
+      await aliceSession.getDeviceId(),
+      msg2.encryptedKeys,
+      getTimestamp(),
+    );
+
+    // Now the acks reach us
+    await aliceSession.ratchetAcknowledged(bobJid, await bobSession.getDeviceId());
+    await bobSession.ratchetAcknowledged(aliceJid, await aliceSession.getDeviceId());
+
+    // Alice sends another message
+    final msg3 = await aliceSession.encryptToJid(
+      bobJid,
+      "You read the message, didn't you?",
+    );
+    expect(msg3.encryptedKeys.first.kex, false);
+
+    await bobSession.decryptMessage(
+      msg3.ciphertext,
+      aliceJid,
+      await aliceSession.getDeviceId(),
+      msg3.encryptedKeys,
+      getTimestamp(),
+    );
+
+    for (var i = 0; i < 100; i++) {
+      final messageText = 'Test Message #$i';
+      // Bob responds to Alice
+      final bobResponseMessage = await bobSession.encryptToJid(
+        aliceJid,
+        messageText,
+      );
+
+      // Bob sends the message to Alice
+      // ...
+
+      // Alice decrypts it
+      final aliceReceivedMessage = await aliceSession.decryptMessage(
+        bobResponseMessage.ciphertext,
+        bobJid,
+        await bobSession.getDeviceId(),
+        bobResponseMessage.encryptedKeys,
+        0,
+      );
+      expect(messageText, aliceReceivedMessage);
+    }
+  });
 }

test/protobuf_test.dart

@@ -48,6 +48,10 @@ void main() {
         <int>[172, 2],
       );
     });
+
+    test('Test some special cases', () {
+      expect(decodeVarint(encodeVarint(1042464893), 0).n, 1042464893);
+    });
   });
 
   group('OMEMOMessage', () {
@@ -170,5 +174,13 @@ void main() {
       expect(decoded.message!.mac, <int>[5, 6, 8, 0]);
       expect(decoded.message!.message, <int>[4, 5, 7, 3, 2]);
     });
+    test('Test decoding an issue', () {
+      /*
+      final data = 'CAAQfRogc2GwslU219dUkrMHNM4KdZRmuFnBTae+bQaJ+55IsAMiII7aZKj2sUpb6xR/3Ari7WZUmKFV0G6czUc4NMvjKDBaKnwKEM2ZpI8X3TgcxhxwENANnlsSaAgAEAAaICy8T9WPgLb7RdYd8/4JkrLF0RahEkC3ZaEfk5jw3dsLIkBMILzLyByweLgF4lCn0oNea+kbdrFr6rY7r/7WyI8hXEQz38QpnN+jyGGwC7Ga0dq70WuyqE7VpiFArQwqZh2G';
+      final kex = OmemoKeyExchange.fromBuffer(base64Decode(data));
+
+      expect(kex.spkId!, 1042464893);
+      */
+    });
   });
 }

test/serialisation_test.dart

@@ -1,7 +1,12 @@
+import 'dart:convert';
 import 'package:omemo_dart/omemo_dart.dart';
 import 'package:omemo_dart/src/trust/always.dart';
 import 'package:test/test.dart';
 
+Map<String, dynamic> jsonify(Map<String, dynamic> map) {
+  return jsonDecode(jsonEncode(map)) as Map<String, dynamic>;
+}
+
 void main() {
   test('Test serialising and deserialising the Device', () async {
     // Generate a random session
@@ -11,7 +16,7 @@ void main() {
       opkAmount: 1,
     );
     final oldDevice = await oldSession.getDevice();
-    final serialised = await oldDevice.toJson();
+    final serialised = jsonify(await oldDevice.toJson());
 
     final newDevice = Device.fromJson(serialised);
     expect(await oldDevice.equals(newDevice), true);
@@ -25,7 +30,7 @@ void main() {
       opkAmount: 1,
     );
     final oldDevice = await (await oldSession.getDevice()).replaceSignedPrekey();
-    final serialised = await oldDevice.toJson();
+    final serialised = jsonify(await oldDevice.toJson());
 
     final newDevice = Device.fromJson(serialised);
     expect(await oldDevice.equals(newDevice), true);
@@ -49,17 +54,18 @@ void main() {
       bobJid,
       'Hello Bob!',
       newSessions: [
-        await (await bobSession.getDevice()).toBundle(),
+        await bobSession.getDeviceBundle(),
       ],
     );
     await bobSession.decryptMessage(
       aliceMessage.ciphertext,
       aliceJid,
-      (await aliceSession.getDevice()).id,
+      await aliceSession.getDeviceId(),
       aliceMessage.encryptedKeys,
+      getTimestamp(),
     );
-    final aliceOld = aliceSession.getRatchet(bobJid, (await bobSession.getDevice()).id);
-    final aliceSerialised = await aliceOld.toJson();
+    final aliceOld = aliceSession.getRatchet(bobJid, await bobSession.getDeviceId());
+    final aliceSerialised = jsonify(await aliceOld.toJson());
     final aliceNew = OmemoDoubleRatchet.fromJson(aliceSerialised);
 
     expect(await aliceOld.equals(aliceNew), true);
@@ -79,29 +85,64 @@ void main() {
     );
     await oldSession.addSessionFromBundle(
       'bob@localhost',
-      (await bobSession.getDevice()).id,
-      await (await bobSession.getDevice()).toBundle(),
+      await bobSession.getDeviceId(),
+      await bobSession.getDeviceBundle(),
     );
 
     // Serialise and deserialise
-    final serialised = await oldSession.toJson();
-    final newSession = OmemoSessionManager.fromJson(
+    final serialised = jsonify(await oldSession.toJsonWithoutSessions());
+    final newSession = OmemoSessionManager.fromJsonWithoutSessions(
       serialised,
+      // NOTE: At this point, we don't care about this attribute
+      {},
       AlwaysTrustingTrustManager(),
     );
 
     final oldDevice = await oldSession.getDevice();
     final newDevice = await newSession.getDevice();
     expect(await oldDevice.equals(newDevice), true);
-    expect(oldSession.getDeviceMap(), newSession.getDeviceMap());
+    expect(await oldSession.getDeviceMap(), await newSession.getDeviceMap());
+  });
 
-    expect(oldSession.getRatchetMap().length, newSession.getRatchetMap().length);
-    for (final session in oldSession.getRatchetMap().entries) {
-      expect(newSession.getRatchetMap().containsKey(session.key), true);
+  test('Test serializing and deserializing RatchetMapKey', () {
+    const test1 = RatchetMapKey('user@example.org', 1234);
+    final result1 = RatchetMapKey.fromJsonKey(test1.toJsonKey());
+    expect(result1.jid, test1.jid);
+    expect(result1.deviceId, test1.deviceId);
 
-      final oldRatchet = oldSession.getRatchetMap()[session.key]!;
-      final newRatchet = newSession.getRatchetMap()[session.key]!;
-      expect(await oldRatchet.equals(newRatchet), true);
-    }
+    const test2 = RatchetMapKey('user@example.org/hallo:welt', 3333);
+    final result2 = RatchetMapKey.fromJsonKey(test2.toJsonKey());
+    expect(result2.jid, test2.jid);
+    expect(result2.deviceId, test2.deviceId);
+  });
+
+  test('Test serializing and deserializing the components of the BTBV manager', () async {
+    // Caroline's BTBV manager
+    final btbv = MemoryBTBVTrustManager();
+    // Example data
+    const aliceJid = 'alice@some.server';
+    const bobJid = 'bob@other.server';
+    
+    await btbv.onNewSession(aliceJid, 1);
+    await btbv.setDeviceTrust(aliceJid, 1, BTBVTrustState.verified);
+    await btbv.onNewSession(aliceJid, 2);
+    await btbv.onNewSession(bobJid, 3);
+    await btbv.onNewSession(bobJid, 4);
+
+    final serialized = jsonify(await btbv.toJson());
+    final deviceList = BlindTrustBeforeVerificationTrustManager.deviceListFromJson(
+      serialized,
+    );
+    expect(btbv.devices, deviceList);
+
+    final trustCache = BlindTrustBeforeVerificationTrustManager.trustCacheFromJson(
+      serialized,
+    );
+    expect(btbv.trustCache, trustCache);
+
+    final enableCache = BlindTrustBeforeVerificationTrustManager.enableCacheFromJson(
+      serialized,
+    );
+    expect(btbv.enablementCache, enableCache);
   });
 }

test/trust_test.dart

@@ -4,7 +4,7 @@ import 'package:test/test.dart';
 void main() {
   test('Test the Blind Trust Before Verification TrustManager', () async {
     // Caroline's BTBV manager
-    final btbv = BlindTrustBeforeVerificationTrustManager();
+    final btbv = MemoryBTBVTrustManager();
     // Example data
     const aliceJid = 'alice@some.server';
     const bobJid = 'bob@other.server';
@@ -12,6 +12,7 @@ void main() {
     // Caroline starts a chat a device from Alice
     await btbv.onNewSession(aliceJid, 1);
     expect(await btbv.isTrusted(aliceJid, 1), true);
+    expect(await btbv.isEnabled(aliceJid, 1), true);
 
     // Caroline meets with Alice and verifies her fingerprint
     await btbv.setDeviceTrust(aliceJid, 1, BTBVTrustState.verified);
@@ -21,6 +22,7 @@ void main() {
     await btbv.onNewSession(aliceJid, 2);
     expect(await btbv.isTrusted(aliceJid, 2), false);
     expect(btbv.getDeviceTrust(aliceJid, 2), BTBVTrustState.notTrusted);
+    expect(await btbv.isEnabled(aliceJid, 2), false);
 
     // Caronline starts a chat with Bob but since they live far apart, Caroline cannot
     // verify his fingerprint.
@@ -32,5 +34,7 @@ void main() {
     expect(await btbv.isTrusted(bobJid, 4), true);
     expect(btbv.getDeviceTrust(bobJid, 3), BTBVTrustState.blindTrust);
     expect(btbv.getDeviceTrust(bobJid, 4), BTBVTrustState.blindTrust);
+    expect(await btbv.isEnabled(bobJid, 3), true);
+    expect(await btbv.isEnabled(bobJid, 4), true);
   });
 }