57 changed files with 2390 additions and 4918 deletions
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@ -1 +0,0 @@
 ko_fi: papatutuwawa
--- a/.gitignore
+++ b/.gitignore
@ -12,3 +12,6 @@ pubspec.lock
 # NixOS
 .direnv
 .envrc
 # Protobuf build artifacts
 lib/protobuf/*.dart
--- a/.gitlint
+++ b/.gitlint
@ -5,6 +5,6 @@ line-length=72
 [title-trailing-punctuation]
 [title-hard-tab]
 [title-match-regex]
-regex=^(feat|fix|test|release|chore|security|docs|refactor|style|ci):.*$
+regex=^(feat|fix|test|release|chore|security|docs|refactor|style):.*$
 [body-trailing-whitespace]
 [body-first-line-empty]
--- a/.pubignore
+++ b/.pubignore
@ -1 +0,0 @@
 lib/protobuf
--- a/.woodpecker.yml
+++ b/.woodpecker.yml
@ -1,22 +0,0 @@
 pipeline:
  analysis:
    image: dart:3.0.7
    commands:
      # Proxy requests to pub.dev using pubcached
      - PUB_HOSTED_URL=http://172.17.0.1:8000 dart pub get
      - dart analyze --fatal-infos --fatal-warnings
      - dart test
    when:
      path:
        includes: ['lib/**', 'test/**']
  notify:
    image: git.polynom.me/papatutuwawa/woodpecker-xmpp
    settings:
      xmpp_is_muc: 1
      xmpp_tls: 1
      xmpp_recipient: moxxy-build@muc.moxxy.org
      xmpp_alias: 2Bot
    secrets: [ xmpp_jid, xmpp_password, xmpp_server ]
    when:
      status:
        - failure
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -9,69 +9,9 @@
 - Fix bug with the Double Ratchet causing only the initial message to be decryptable
 - Expose `getDeviceMap` as a developer usable function
 ## 0.2.0
 - Add convenience functions `getDeviceId` and `getDeviceBundle`
 - Creating a new ratchet with an id for which we already have a ratchet will now overwrite the old ratchet
 - Ratchet now carry an "acknowledged" attribute
 ## 0.2.1
 - Add `isRatchetAcknowledged`
 - Ratchets that are created due to accepting a kex are now unacknowledged
 ## 0.3.0
 - Implement enabling and disabling ratchets via the TrustManager interface
 - Fix deserialization of the various objects
 - Remove the BTBV TrustManager's loadState method. Just use the constructor
 - Allow removing all ratchets for a given Jid
 - If an error occurs while decrypting the message, the ratchet will now be reset to its prior state
 - Fix a bug within the Varint encoding function. This should fix some occasional UnknownSignedPrekeyExceptions
 - Remove OmemoSessionManager's toJson and fromJson. Use toJsonWithoutSessions and fromJsonWithoutSessions. Restoring sessions is not out-of-scope for that function
 ## 0.3.1
 - Fix a bug that caused the device's id to change when replacing a OPK
 - Every decryption failure now causes the ratchet to be restored to a pre-decryption state
 - Add method to get the device's fingerprint
 ## 0.4.0
 - Deprecate `OmemoSessionManager`. Use `OmemoManager` instead.
 - Implement queued access to the ratchets inside the `OmemoManager`.
 - Implement heartbeat messages.
 - [BREAKING] Rename `Device` to `OmemoDevice`.
 ## 0.4.1
 - Fix fetching the current device and building a ratchet session with it when encrypting for our own JID
 ## 0.4.2
 - Fix removeAllRatchets not removing, well, all ratchets. In fact, it did not remove any ratchet.
 ## 0.4.3
 - Fix bug that causes ratchets to be unable to decrypt anything after receiving a heartbeat with a completely new session
 ## 0.5.0
 This version is a complete rework of omemo_dart!
 - Removed events from `OmemoManager`
 - Removed `OmemoSessionManager`
 - Removed serialization/deserialization code
 - Replace exceptions with errors inside a result type
 - Ratchets and trust data is now loaded and cached on demand
 - Accessing the trust manager must happen via `withTrustManager`
 - Overriding the base implementations is replaced by providing callback functions
 ## 0.5.1
 - Remove `added` and `replaced` from the data passed to the `CommitRatchetsCallback`
 - Added a list of newly added and replaced ratchets to the encryption and decryption results. This is useful for displaying messages like "Contact added a new device"
 ## 0.6.0
 - Bump dependencies to fix running with never version of Dart
--- a/README.md
+++ b/README.md
@ -1,7 +1,5 @@
 # omemo_dart
 [![status-badge](https://ci.polynom.me/api/badges/16/status.svg)](https://ci.polynom.me/repos/16)
 `omemo_dart` is a Dart library to help developers of Dart/Flutter XMPP clients to implement
 [OMEMO](https://xmpp.org/extensions/xep-0384.html) in its newest version - currently 0.8.3.
@ -30,33 +28,23 @@ Include `omemo_dart` in your `pubspec.yaml` like this:
 dependencies:
  omemo_dart:
    hosted: https://git.polynom.me/api/packages/PapaTutuWawa/pub
-    version: ^0.5.0
+    version: ^0.1.0
  # [...]
 # [...]
 ```
 ### Example
 This repository includes a documented ["example"](./example/omemo_dart_example.dart) that explains the basic usage of the library while
 leaving out the XMPP specific bits. For a more functional and integrated example, see the `omemo_client.dart` example from
 [moxxmpp](https://codeberg.org/moxxy/moxxmpp).
 ### Persistence
 By default, `omemo_dart` uses in-memory implementations for everything. For a real-world application, this is unsuitable as OMEMO devices would be constantly added.
 In order to allow persistence, your application needs to keep track of the following:
 - The `OmemoDevice` assigned to the `OmemoManager`
 - `JID -> [int]`: The device list for each JID
 - `(JID, device) -> Ratchet`: The actual ratchet
 If you also use the `BlindTrustBeforeVerificationTrustManager`, you additionally need to keep track of:
 - `(JID, device) -> (int, bool)`: The trust level and the enablement state
 ## Contributing
 Due to issues with `protobuf`, `omemo_dart` reimplements the Protobuf encoding for the required
 OMEMO messages. As such, `protobuf` is only a dependency for testing that the serialisation and
 deserialisation of the custom implementation. In order to run tests, you need the Protbuf
 compiler. After that, making sure that
 the [Dart Protobuf compiler addon](https://pub.dev/packages/protoc_plugin) and the
 Protobuf compiler itself is in your PATH,
 run `protoc -I=./protobuf/ --dart_out=lib/protobuf/ ./protobuf/schema.proto` in the
 repository's root to generate the real Protobuf bindings.
 When submitting a PR, please run the linter using `dart analyze` and make sure that all
 tests still pass using `dart test`.
@ -68,9 +56,3 @@ messages' formatting.
 Licensed under the MIT license.
 See `LICENSE`.
 ## Support
 If you like what I do and you want to support me, feel free to donate to me on Ko-Fi.
 [<img src="https://codeberg.org/moxxy/moxxyv2/raw/branch/master/assets/repo/kofi.png" height="36" style="height: 36px; border: 0px;"></img>](https://ko-fi.com/papatutuwawa)
--- a/analysis_options.yaml
+++ b/analysis_options.yaml
@ -9,5 +9,4 @@ linter:
 analyzer:
  exclude:
-    - "lib/src/protobuf/*.dart"
+    - "lib/protobuf/*.dart"
    - "example/omemo_dart_example.dart"
--- a/example/omemo_dart_example.dart
+++ b/example/omemo_dart_example.dart
@ -8,54 +8,32 @@ void main() async {
  const aliceJid = 'alice@some.server';
  const bobJid = 'bob@other.serve';
-  // You are Alice and want to begin using OMEMO, so you first create an OmemoManager.
+  // You are Alice and want to begin using OMEMO, so you first create a SessionManager
-  final aliceManager = OmemoManager(
+  final aliceSession = await OmemoSessionManager.generateNewIdentity(
-    // Generate Alice's OMEMO device bundle. We can specify how many One-time Prekeys we want, but
+    // The bare Jid of Alice as a String
-    // per default, omemo_dart generates 100 (recommended by XEP-0384).
+    aliceJid,
    await OmemoDevice.generateNewDevice(aliceJid),
    // The trust manager we want to use. In this case, we use the provided one that
    // implements "Blind Trust Before Verification". To make things simpler, we keep
    // no persistent data and can thus use the MemoryBTBVTrustManager. If we wanted to keep
    // the state, we would have to override BlindTrustBeforeVerificationTrustManager.
-    BlindTrustBeforeVerificationTrustManager(),
+    MemoryBTBVTrustManager(),
-    // This function is called whenever we need to send an OMEMO heartbeat to [recipient].
+    // Here we specify how many Onetime Prekeys we want to have. XEP-0384 recommends around
-    // [result] is the encryted data to include. This needs to be wired into your XMPP library's
+    // 100 OPKs, so let's generate 100. The parameter defaults to 100.
-    // OMEMO implementation.
+    //opkAmount: 100,
    // For simplicity, we use an empty function and imagine it works.
    (result, recipient) async => {},
    // This function is called whenever we need to fetch the device list for [jid].
    // This needs to be wired into your XMPP library's OMEMO implementation.
    // For simplicity, we use an empty function and imagine it works.
    (jid) async => [],
    // This function is called whenever we need to fetch the device bundle with id [id] from [jid].
    // This needs to be wired into your XMPP library's OMEMO implementation.
    // For simplicity, we use an empty function and imagine it works.
    (jid, id) async => null,
    // This function is called whenever we need to subscribe to [jid]'s device list PubSub node.
    // This needs to be wired into your XMPP library's OMEMO implementation.
    // For simplicity, we use an empty function and imagine it works.
    (jid) async {},
    // This function is called whenever our own device bundle has to be republished to our PEP node.
    // This needs to be wired into your XMPP library's OMEMO implementation.
    // For simplicity, we use an empty function and imagine it works.
    (device) async {},
  );
-  // Bob, on his side, also creates an [OmemoManager] similar to Alice.
+  // Alice now wants to chat with Bob at his bare Jid "bob@other.server". To make things
-  final bobManager = OmemoManager(
+  // simple, we just generate the identity bundle ourselves. In the real world, we would
-    await OmemoDevice.generateNewDevice(bobJid),
+  // request it using PEP and then convert the device bundle into a OmemoBundle object.
-    BlindTrustBeforeVerificationTrustManager(),
+  final bobSession = await OmemoSessionManager.generateNewIdentity(
-    (result, recipient) async => {},
+    bobJid,
-    (jid) async => [],
+    MemoryBTBVTrustManager(),
-    (jid, id) async => null,
+    // Just for illustrative purposes
-    (jid) async {},
+    opkAmount: 1,
    (device) async {},
  );
  // Alice prepares to send the message to Bob, so she builds the message stanza and
  // collects all the children of the stanza that should be encrypted into a string.
  // Note that this leaves out the wrapping stanza, i.e. if we want to send a <message />
  // we only include the <message />'s children.
  const aliceMessageStanzaBody = '''
  <body>Hello Bob, it's me, Alice!</body>
  <super-secret-element xmlns='super-secret-element' />
@ -76,27 +54,30 @@ void main() async {
 </envelope>
 ''';
-  // Next, we encrypt the envelope element using Alice's [OmemoManager]. It will
+  // Since Alice has no open session with Bob, we need to tell the session manager to build
-  // automatically attempt to fetch the device bundles of Bob.
+  // it when sending the message.
-  final message = await aliceManager.onOutgoingStanza(
+  final message = await aliceSession.encryptToJid(
    const OmemoOutgoingStanza(
    // The bare receiver Jid
-      [bobJid],
+    bobJid,
-
+    // The envelope we want to encrypt
      // The payload we want to encrypt, i.e. the envelope.
    envelope,
-    ),
+    // Since this is the first time Alice contacts Bob from this device, we need to create
    // a new session. Let's also assume that Bob only has one device. We may, however,
    // add more bundles to newSessions, if we know of more.
    newSessions: [
      await bobSession.getDeviceBundle(),
    ],
  );
  // In a proper implementation, we would also do some error checking here.
  // Alice now builds the actual message stanza for Bob
  final payload = base64.encode(message.ciphertext!);
-  final aliceDevice = await aliceManager.getDevice();
+  final aliceDevice = await aliceSession.getDevice();
  // ignore: unused_local_variable
  final bobDevice = await bobSession.getDevice();
  // Since we know we have just one key for Bob, we take a shortcut. However, in the real
  // world, we have to serialise every EncryptedKey to a <key /> element and group them
  // per Jid.
-  final key = message.encryptedKeys[bobJid]![0];
+  final key = message.encryptedKeys[0];
  // Note that the key's "kex" attribute refers to key.kex. It just means that the
  // encrypted key also contains the required data for Bob to build a session with Alice.
@ -106,7 +87,7 @@ void main() async {
  <encrypted xmlns='urn:xmpp:omemo:2'>
    <header sid='${aliceDevice.id}'>
      <keys jid='$bobJid'>
-        <key rid='${key.rid} kex='${key.kex}'>
+        <key rid='${key.rid} kex='true'>
          ${key.value}
        </key>
      </keys>
@ -124,31 +105,20 @@ void main() async {
  // Bob now receives an OMEMO encrypted message from Alice and wants to decrypt it.
  // Since we have just one key, let's just deserialise the one key by hand.
  final keys = [
-    EncryptedKey(key.rid, key.value, true),
+    EncryptedKey(bobJid, key.rid, key.value, true),
  ];
  // Bob extracts the payload and attempts to decrypt it.
  // ignore: unused_local_variable
-  final bobMessage = await bobManager.onIncomingStanza(
+  final bobMessage = await bobSession.decryptMessage(
-    OmemoIncomingStanza(
+    // base64 decode the payload
-      // The bare sender JID of the message. In this case, it's Alice's.
+    base64.decode(payload),
    // Specify the Jid of the sender
    aliceJid,
-      // The 'sid' attribute of the <header /> element. Here, we know that Alice only has one device.
+    // Specify the device identifier of the sender (the "sid" attribute of <header />)
    aliceDevice.id,
-
+    // The deserialised keys
      /// The decoded <key /> elements. from the header. Note that we only include the ones
      /// relevant for Bob, so all children of <keys jid='$bobJid' />.
    keys,
      /// The text of the <payload /> element, if it exists. If not, then the message might be
      /// a hearbeat, where no payload is sent. In that case, use null.
      payload,
      /// Since we did not receive this message due to a catch-up mechanism, like MAM, we
      /// set this to false. If we, however, did use a catch-up mechanism, we must set this
      /// to true to prevent the OPKs from being replaced.
      false,
    ),
  );
  // All Bob has to do now is replace the OMEMO wrapper element 
--- a/flake.lock
+++ b/flake.lock
@ -1,15 +1,12 @@
 {
  "nodes": {
    "flake-utils": {
      "inputs": {
        "systems": "systems"
      },
      "locked": {
-        "lastModified": 1692799911,
+        "lastModified": 1656065134,
-        "narHash": "sha256-3eihraek4qL744EvQXsK1Ha6C3CR7nnT8X2qWap4RNk=",
+        "narHash": "sha256-oc6E6ByIw3oJaIyc67maaFcnjYOz1mMcOtHxbEf9NwQ=",
        "owner": "numtide",
        "repo": "flake-utils",
-        "rev": "f9e7cf818399d17d347f847525c5a5a8032e4e44",
+        "rev": "bee6a7250dd1b01844a2de7e02e4df7d8a0a206c",
        "type": "github"
      },
      "original": {
@ -20,16 +17,16 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1727586919,
+        "lastModified": 1657540956,
-        "narHash": "sha256-e/YXG0tO5GWHDS8QQauj8aj4HhXEm602q9swrrlTlKQ=",
+        "narHash": "sha256-ihGbOFWtAkENwxBE5kV/yWt2MncvW+BObLDsmxCLo/Q=",
-        "owner": "NixOS",
+        "owner": "NANASHI0X74",
        "repo": "nixpkgs",
-        "rev": "2dcd9c55e8914017226f5948ac22c53872a13ee2",
+        "rev": "043de04db8a6b0391b3fefaaade160514d866946",
        "type": "github"
      },
      "original": {
-        "owner": "NixOS",
+        "owner": "NANASHI0X74",
-        "ref": "nixpkgs-unstable",
+        "ref": "flutter-3-0-0",
        "repo": "nixpkgs",
        "type": "github"
      }
@ -39,21 +36,6 @@
        "flake-utils": "flake-utils",
        "nixpkgs": "nixpkgs"
      }
    },
    "systems": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    }
  },
  "root": "root",
--- a/flake.nix
+++ b/flake.nix
@ -1,7 +1,7 @@
 {
  description = "omemo_dart";
  inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
+    nixpkgs.url = "github:NANASHI0X74/nixpkgs/flutter-3-0-0";
    flake-utils.url = "github:numtide/flake-utils";
  };
  outputs = { self, nixpkgs, flake-utils }: flake-utils.lib.eachDefaultSystem (system: let
--- a/lib/omemo_dart.dart
+++ b/lib/omemo_dart.dart
@ -8,12 +8,10 @@ export 'src/omemo/bundle.dart';
 export 'src/omemo/device.dart';
 export 'src/omemo/encrypted_key.dart';
 export 'src/omemo/encryption_result.dart';
-export 'src/omemo/errors.dart';
+export 'src/omemo/events.dart';
 export 'src/omemo/fingerprint.dart';
 export 'src/omemo/omemo.dart';
 export 'src/omemo/ratchet_data.dart';
 export 'src/omemo/ratchet_map_key.dart';
-export 'src/omemo/stanza.dart';
+export 'src/omemo/sessionmanager.dart';
 export 'src/trust/base.dart';
 export 'src/trust/btbv.dart';
 export 'src/x3dh/x3dh.dart';
--- a/lib/src/protobuf/.gitkeep
+++ b/lib/src/protobuf/.gitkeep
--- a/lib/src/common/constants.dart
+++ b/lib/src/common/constants.dart
@ -1,11 +0,0 @@
 /// The overarching assumption is that we use Ed25519 keys for the identity keys
 const omemoX3DHInfoString = 'OMEMO X3DH';
 /// The info used for when encrypting the AES key for the actual payload.
 const omemoPayloadInfoString = 'OMEMO Payload';
 /// Info string for ENCRYPT
 const encryptHkdfInfoString = 'OMEMO Message Key Material';
 /// Amount of messages we may skip per session
 const maxSkip = 1000;
--- a/lib/src/crypto.dart
+++ b/lib/src/crypto.dart
@ -1,18 +1,12 @@
 import 'dart:convert';
 import 'package:cryptography/cryptography.dart';
 import 'package:moxlib/moxlib.dart';
 import 'package:omemo_dart/src/errors.dart';
 import 'package:omemo_dart/src/keys.dart';
 /// Performs X25519 with [kp] and [pk]. If [identityKey] is set, then
 /// it indicates which of [kp] ([identityKey] == 1) or [pk] ([identityKey] == 2)
 /// is the identity key. This is needed since the identity key pair/public key is
 /// an Ed25519 key, but we need them as X25519 keys for DH.
-Future<List<int>> omemoDH(
+Future<List<int>> omemoDH(OmemoKeyPair kp, OmemoPublicKey pk, int identityKey) async {
  OmemoKeyPair kp,
  OmemoPublicKey pk,
  int identityKey,
 ) async {
  var ckp = kp;
  var cpk = pk;
@ -31,6 +25,7 @@ Future<List<int>> omemoDH(
 }
 class HkdfKeyResult {
  const HkdfKeyResult(this.encryptionKey, this.authenticationKey, this.iv);
  final List<int> encryptionKey;
  final List<int> authenticationKey;
@ -40,8 +35,7 @@ class HkdfKeyResult {
 /// cryptography _really_ wants to check the MAC output from AES-256-CBC. Since
 /// we don't have it, we need the MAC check to always "pass".
 class NoMacSecretBox extends SecretBox {
-  NoMacSecretBox(super.cipherText, {required super.nonce})
+  NoMacSecretBox(super.cipherText, { required super.nonce }) : super(mac: Mac.empty);
      : super(mac: Mac.empty);
  @override
  Future<void> checkMac({
@ -66,20 +60,12 @@ Future<HkdfKeyResult> deriveEncryptionKeys(List<int> input, String info) async {
  );
  final bytes = await result.extractBytes();
-  return HkdfKeyResult(
+  return HkdfKeyResult(bytes.sublist(0, 32), bytes.sublist(32, 64), bytes.sublist(64, 80));
    bytes.sublist(0, 32),
    bytes.sublist(32, 64),
    bytes.sublist(64, 80),
  );
 }
 /// A small helper function to make AES-256-CBC easier. Encrypt [plaintext] using [key] as
 /// the encryption key and [iv] as the IV. Returns the ciphertext.
-Future<List<int>> aes256CbcEncrypt(
+Future<List<int>> aes256CbcEncrypt(List<int> plaintext, List<int> key, List<int> iv) async {
  List<int> plaintext,
  List<int> key,
  List<int> iv,
 ) async {
  final algorithm = AesCbc.with256bits(
    macAlgorithm: MacAlgorithm.empty,
  );
@ -94,27 +80,17 @@ Future<List<int>> aes256CbcEncrypt(
 /// A small helper function to make AES-256-CBC easier. Decrypt [ciphertext] using [key] as
 /// the encryption key and [iv] as the IV. Returns the ciphertext.
-Future<Result<MalformedCiphertextError, List<int>>> aes256CbcDecrypt(
+Future<List<int>> aes256CbcDecrypt(List<int> ciphertext, List<int> key, List<int> iv) async {
  List<int> ciphertext,
  List<int> key,
  List<int> iv,
 ) async {
  final algorithm = AesCbc.with256bits(
    macAlgorithm: MacAlgorithm.empty,
  );
-  try {
+  return algorithm.decrypt(
    return Result(
      await algorithm.decrypt(
    NoMacSecretBox(
      ciphertext,
      nonce: iv,
    ),
    secretKey: SecretKey(key),
      ),
  );
  } catch (ex) {
    return Result(MalformedCiphertextError(ex));
  }
 }
 /// OMEMO often uses the output of a HMAC-SHA-256 truncated to its first 16 bytes.
--- a/lib/src/double_ratchet/crypto.dart
+++ b/lib/src/double_ratchet/crypto.dart
@ -0,0 +1,48 @@
 import 'package:omemo_dart/src/crypto.dart';
 import 'package:omemo_dart/src/errors.dart';
 import 'package:omemo_dart/src/helpers.dart';
 import 'package:omemo_dart/src/protobuf/omemo_authenticated_message.dart';
 import 'package:omemo_dart/src/protobuf/omemo_message.dart';
 /// Info string for ENCRYPT
 const encryptHkdfInfoString = 'OMEMO Message Key Material';
 /// Signals ENCRYPT function as specified by OMEMO 0.8.3.
 /// Encrypt [plaintext] using the message key [mk], given associated_data [associatedData]
 /// and the AD output from the X3DH [sessionAd].
 Future<List<int>> encrypt(List<int> mk, List<int> plaintext, List<int> associatedData, List<int> sessionAd) async {
  // Generate encryption, authentication key and IV
  final keys = await deriveEncryptionKeys(mk, encryptHkdfInfoString);
  final ciphertext = await aes256CbcEncrypt(plaintext, keys.encryptionKey, keys.iv);
  final header = OmemoMessage.fromBuffer(associatedData.sublist(sessionAd.length))
    ..ciphertext = ciphertext;
  final headerBytes = header.writeToBuffer();
  final hmacInput = concat([sessionAd, headerBytes]);
  final hmacResult = await truncatedHmac(hmacInput, keys.authenticationKey);
  final message = OmemoAuthenticatedMessage()
    ..mac = hmacResult
    ..message = headerBytes;
  return message.writeToBuffer();
 }
 /// Signals DECRYPT function as specified by OMEMO 0.8.3.
 /// Decrypt [ciphertext] with the message key [mk], given the associated_data [associatedData]
 /// and the AD output from the X3DH.
 Future<List<int>> decrypt(List<int> mk, List<int> ciphertext, List<int> associatedData, List<int> sessionAd) async {
  // Generate encryption, authentication key and IV
  final keys = await deriveEncryptionKeys(mk, encryptHkdfInfoString);
  // Assumption ciphertext is a OMEMOAuthenticatedMessage
  final message = OmemoAuthenticatedMessage.fromBuffer(ciphertext);
  final header = OmemoMessage.fromBuffer(message.message!);
  final hmacInput = concat([sessionAd, header.writeToBuffer()]);
  final hmacResult = await truncatedHmac(hmacInput, keys.authenticationKey);
  if (!listsEqual(hmacResult, message.mac!)) {
    throw InvalidMessageHMACException();
  }
  return aes256CbcDecrypt(header.ciphertext!, keys.encryptionKey, keys.iv);
 }
--- a/lib/src/double_ratchet/double_ratchet.dart
+++ b/lib/src/double_ratchet/double_ratchet.dart
@ -1,25 +1,49 @@
 import 'dart:convert';
 import 'package:cryptography/cryptography.dart';
 import 'package:hex/hex.dart';
 import 'package:meta/meta.dart';
 import 'package:moxlib/moxlib.dart';
 import 'package:omemo_dart/src/common/constants.dart';
 import 'package:omemo_dart/src/crypto.dart';
 import 'package:omemo_dart/src/double_ratchet/crypto.dart';
 import 'package:omemo_dart/src/double_ratchet/kdf.dart';
 import 'package:omemo_dart/src/errors.dart';
 import 'package:omemo_dart/src/helpers.dart';
 import 'package:omemo_dart/src/keys.dart';
-import 'package:omemo_dart/src/protobuf/schema.pb.dart';
+import 'package:omemo_dart/src/protobuf/omemo_message.dart';
 /// Amount of messages we may skip per session
 const maxSkip = 1000;
 class RatchetStep {
  const RatchetStep(this.header, this.ciphertext);
  final OmemoMessage header;
  final List<int> ciphertext;
 }
@immutable
 class SkippedKey {
  const SkippedKey(this.dh, this.n);
-  /// The DH public key for which we skipped a message key.
+  factory SkippedKey.fromJson(Map<String, dynamic> data) {
-  final OmemoPublicKey dh;
+    return SkippedKey(
      OmemoPublicKey.fromBytes(
        base64.decode(data['public']! as String),
        KeyPairType.x25519,
      ),
      data['n']! as int,
    );
  }
-  /// The associated number of the message key we skipped.
+  final OmemoPublicKey dh;
  final int n;
  Future<Map<String, dynamic>> toJson() async {
    return {
      'public': base64.encode(await dh.getBytes()),
      'n': n,
    };
  }
  @override
  bool operator ==(Object other) {
    return other is SkippedKey && other.dh == dh && other.n == n;
@ -29,29 +53,8 @@ class SkippedKey {
  int get hashCode => dh.hashCode ^ n.hashCode;
 }
@immutable
 class KeyExchangeData {
  const KeyExchangeData(
    this.pkId,
    this.spkId,
    this.ik,
    this.ek,
  );
  /// The id of the used OPK.
  final int pkId;
  /// The id of the used SPK.
  final int spkId;
  /// The ephemeral key used while the key exchange.
  final OmemoPublicKey ek;
  /// The identity key used in the key exchange.
  final OmemoPublicKey ik;
 }
 class OmemoDoubleRatchet {
  OmemoDoubleRatchet(
    this.dhs, // DHs
    this.dhr, // DHr
@ -65,9 +68,61 @@ class OmemoDoubleRatchet {
    this.sessionAd,
    this.mkSkipped, // MKSKIPPED
    this.acknowledged,
    this.kex,
  );
  factory OmemoDoubleRatchet.fromJson(Map<String, dynamic> data) {
    /*
    {
      'dhs': 'base/64/encoded',
      'dhs_pub': 'base/64/encoded',
      'dhr': null | 'base/64/encoded',
      'rk': 'base/64/encoded',
      'cks': null | 'base/64/encoded',
      'ckr': null | 'base/64/encoded',
      'ns': 0,
      'nr': 0,
      'pn': 0,
      'ik_pub': 'base/64/encoded',
      'session_ad': 'base/64/encoded',
      'acknowledged': true | false,
      'mkskipped': [
        {
          'key': 'base/64/encoded',
          'public': 'base/64/encoded',
          'n': 0
        }, ...
      ]
    }
    */
    final mkSkipped = <SkippedKey, List<int>>{};
    for (final entry in data['mkskipped']! as List<Map<String, dynamic>>) {
      final key = SkippedKey.fromJson(entry);
      mkSkipped[key] = base64.decode(entry['key']! as String);
    }
    return OmemoDoubleRatchet(
      OmemoKeyPair.fromBytes(
        base64.decode(data['dhs_pub']! as String),
        base64.decode(data['dhs']! as String),
        KeyPairType.x25519,
      ),
      decodeKeyIfNotNull(data, 'dhr', KeyPairType.x25519),
      base64.decode(data['rk']! as String),
      base64DecodeIfNotNull(data, 'cks'),
      base64DecodeIfNotNull(data, 'ckr'),
      data['ns']! as int,
      data['nr']! as int,
      data['pn']! as int,
      OmemoPublicKey.fromBytes(
        base64.decode(data['ik_pub']! as String),
        KeyPairType.ed25519,
      ),
      base64.decode(data['session_ad']! as String),
      mkSkipped,
      data['acknowledged']! as bool,
    );
  }
  /// Sending DH keypair
  OmemoKeyPair dhs;
@ -92,15 +147,10 @@ class OmemoDoubleRatchet {
  /// for verification purposes
  final OmemoPublicKey ik;
  /// Associated data for this ratchet.
  final List<int> sessionAd;
  /// List of skipped message keys.
  final Map<SkippedKey, List<int>> mkSkipped;
  /// The key exchange that was used for initiating the session.
  final KeyExchangeData kex;
  /// Indicates whether we received an empty OMEMO message after building a session with
  /// the device.
  bool acknowledged;
@ -108,24 +158,17 @@ class OmemoDoubleRatchet {
  /// Create an OMEMO session using the Signed Pre Key [spk], the shared secret [sk] that
  /// was obtained using a X3DH and the associated data [ad] that was also obtained through
  /// a X3DH. [ik] refers to Bob's (the receiver's) IK public key.
-  static Future<OmemoDoubleRatchet> initiateNewSession(
+  static Future<OmemoDoubleRatchet> initiateNewSession(OmemoPublicKey spk, OmemoPublicKey ik, List<int> sk, List<int> ad) async {
    OmemoPublicKey spk,
    int spkId,
    OmemoPublicKey ik,
    OmemoPublicKey ownIk,
    OmemoPublicKey ek,
    List<int> sk,
    List<int> ad,
    int pkId,
  ) async {
    final dhs = await OmemoKeyPair.generateNewPair(KeyPairType.x25519);
-    final rk = await kdfRk(sk, await omemoDH(dhs, spk, 0));
+    final dhr = spk;
    final rk  = await kdfRk(sk, await omemoDH(dhs, dhr, 0));
    final cks = rk;
    return OmemoDoubleRatchet(
      dhs,
-      spk,
+      dhr,
-      List.from(rk),
+      rk,
-      List.from(rk),
+      cks,
      null,
      0,
      0,
@ -134,12 +177,6 @@ class OmemoDoubleRatchet {
      ad,
      {},
      false,
      KeyExchangeData(
        pkId,
        spkId,
        ownIk,
        ek,
      ),
    );
  }
@ -147,15 +184,7 @@ class OmemoDoubleRatchet {
  /// Pre Key keypair [spk], the shared secret [sk] that was obtained through a X3DH and
  /// the associated data [ad] that was also obtained through a X3DH. [ik] refers to
  /// Alice's (the initiator's) IK public key.
-  static Future<OmemoDoubleRatchet> acceptNewSession(
+  static Future<OmemoDoubleRatchet> acceptNewSession(OmemoKeyPair spk, OmemoPublicKey ik, List<int> sk, List<int> ad) async {
    OmemoKeyPair spk,
    int spkId,
    OmemoPublicKey ik,
    int pkId,
    OmemoPublicKey ek,
    List<int> sk,
    List<int> ad,
  ) async {
    return OmemoDoubleRatchet(
      spk,
      null,
@ -169,52 +198,53 @@ class OmemoDoubleRatchet {
      ad,
      {},
      true,
      KeyExchangeData(
        pkId,
        spkId,
        ik,
        ek,
      ),
    );
  }
-  /// Performs a single ratchet step in case we received a new
+  Future<Map<String, dynamic>> toJson() async {
-  /// public key in [header].
+    final mkSkippedSerialised = List<Map<String, dynamic>>.empty(growable: true);
-  Future<void> _dhRatchet(OMEMOMessage header) async {
+    for (final entry in mkSkipped.entries) {
-    pn = ns;
+      final result = await entry.key.toJson();
-    ns = 0;
+      result['key'] = base64.encode(entry.value);
    nr = 0;
    dhr = OmemoPublicKey.fromBytes(header.dhPub, KeyPairType.x25519);
    final newRk1 = await kdfRk(
      rk,
      await omemoDH(
        dhs,
        dhr!,
        0,
      ),
    );
    rk = List.from(newRk1);
    ckr = List.from(newRk1);
-    dhs = await OmemoKeyPair.generateNewPair(KeyPairType.x25519);
+      mkSkippedSerialised.add(result);
    final newRk2 = await kdfRk(
      rk,
      await omemoDH(
        dhs,
        dhr!,
        0,
      ),
    );
    rk = List.from(newRk2);
    cks = List.from(newRk2);
    }
-  /// Skip (and keep track of) message keys until our receive counter is
+    return {
-  /// equal to [until]. If we would skip too many messages, returns
+      'dhs': base64.encode(await dhs.sk.getBytes()),
-  /// a [SkippingTooManyKeysError]. If not, returns null.
+      'dhs_pub': base64.encode(await dhs.pk.getBytes()),
-  Future<OmemoError?> _skipMessageKeys(int until) async {
+      'dhr': dhr != null ? base64.encode(await dhr!.getBytes()) : null,
      'rk': base64.encode(rk),
      'cks': cks != null ? base64.encode(cks!) : null,
      'ckr': ckr != null ? base64.encode(ckr!) : null,
      'ns': ns,
      'nr': nr,
      'pn': pn,
      'ik_pub': base64.encode(await ik.getBytes()),
      'session_ad': base64.encode(sessionAd),
      'mkskipped': mkSkippedSerialised,
      'acknowledged': acknowledged,
    };
  }
  Future<List<int>?> _trySkippedMessageKeys(OmemoMessage header, List<int> ciphertext) async {
    final key = SkippedKey(
      OmemoPublicKey.fromBytes(header.dhPub!, KeyPairType.x25519),
      header.n!,
    );
    if (mkSkipped.containsKey(key)) {
      final mk = mkSkipped[key]!;
      mkSkipped.remove(key);
      return decrypt(mk, ciphertext, concat([sessionAd, header.writeToBuffer()]), sessionAd);
    }
    return null;
  }
  Future<void> _skipMessageKeys(int until) async {
    if (nr + maxSkip < until) {
-      return SkippingTooManyKeysError();
+      throw SkippingTooManyMessagesException();
    }
    if (ckr != null) {
@ -222,180 +252,81 @@ class OmemoDoubleRatchet {
        final newCkr = await kdfCk(ckr!, kdfCkNextChainKey);
        final mk = await kdfCk(ckr!, kdfCkNextMessageKey);
        ckr = newCkr;
        mkSkipped[SkippedKey(dhr!, nr)] = mk;
        nr++;
      }
    }
    return null;
  }
-  /// Decrypt [ciphertext] using keys derived from the message key [mk]. Also computes the
+  Future<void> _dhRatchet(OmemoMessage header) async {
-  /// HMAC from the [OMEMOMessage] embedded in [message].
+    pn = header.n!;
-  ///
+    ns = 0;
-  /// If the computed HMAC does not match the HMAC in [message], returns
+    nr = 0;
-  /// [InvalidMessageHMACError]. If it matches, returns the decrypted
+    dhr = OmemoPublicKey.fromBytes(header.dhPub!, KeyPairType.x25519);
  /// payload.
  Future<Result<OmemoError, List<int>>> _decrypt(
    OMEMOAuthenticatedMessage message,
    List<int> ciphertext,
    List<int> mk,
  ) async {
    final keys = await deriveEncryptionKeys(mk, encryptHkdfInfoString);
-    final hmacInput = concat([sessionAd, message.message]);
+    final newRk = await kdfRk(rk, await omemoDH(dhs, dhr!, 0));
-    final hmacResult = await truncatedHmac(hmacInput, keys.authenticationKey);
+    rk = newRk;
-    if (!listsEqual(hmacResult, message.mac)) {
+    ckr = newRk;
-      return Result(InvalidMessageHMACError());
+    dhs = await OmemoKeyPair.generateNewPair(KeyPairType.x25519);
    final newNewRk = await kdfRk(rk, await omemoDH(dhs, dhr!, 0));
    rk = newNewRk;
    cks = newNewRk;
  }
-    final plaintext =
+  /// Encrypt [plaintext] using the Double Ratchet.
-        await aes256CbcDecrypt(ciphertext, keys.encryptionKey, keys.iv);
+  Future<RatchetStep> ratchetEncrypt(List<int> plaintext) async {
-    if (plaintext.isType<MalformedCiphertextError>()) {
+    final newCks = await kdfCk(cks!, kdfCkNextChainKey);
-      return Result(plaintext.get<MalformedCiphertextError>());
+    final mk = await kdfCk(cks!, kdfCkNextMessageKey);
    }
-    return Result(plaintext.get<List<int>>());
+    cks = newCks;
-  }
+    final header = OmemoMessage()
      ..dhPub = await dhs.pk.getBytes()
      ..pn = pn
      ..n = ns;
-  /// Checks whether we could decrypt the payload in [header] with a skipped key. If yes,
+    ns++;
-  /// attempts to decrypt it. If not, returns null.
+
-  ///
+    return RatchetStep(
-  /// If the decryption is successful, returns the plaintext payload. If an error occurs, like
+      header,
-  /// an [InvalidMessageHMACError], that is returned instead.
+      await encrypt(mk, plaintext, concat([sessionAd, header.writeToBuffer()]), sessionAd),
  Future<Result<OmemoError, List<int>?>> _trySkippedMessageKeys(
    OMEMOAuthenticatedMessage message,
    OMEMOMessage header,
  ) async {
    final key = SkippedKey(
      OmemoPublicKey.fromBytes(header.dhPub, KeyPairType.x25519),
      header.n,
    );
    if (mkSkipped.containsKey(key)) {
      final mk = mkSkipped[key]!;
      mkSkipped.remove(key);
      return _decrypt(message, header.ciphertext, mk);
  }
-    return const Result(null);
+  /// Decrypt a [ciphertext] that was sent with the header [header] using the Double
-  }
+  /// Ratchet. Returns the decrypted (raw) plaintext.
  /// Decrypt the payload (deeply) embedded in [message].
  ///
-  /// If everything goes well, returns the plaintext payload. If an error occurs, that
+  /// Throws an SkippingTooManyMessagesException if too many messages were to be skipped.
-  /// is returned instead.
+  Future<List<int>> ratchetDecrypt(OmemoMessage header, List<int> ciphertext) async {
-  Future<Result<OmemoError, List<int>>> ratchetDecrypt(
+    // Check if we skipped too many messages
-    OMEMOAuthenticatedMessage message,
+    final plaintext = await _trySkippedMessageKeys(header, ciphertext);
  ) async {
    final header = OMEMOMessage.fromBuffer(message.message);
    // Try skipped keys
    final plaintextRaw = await _trySkippedMessageKeys(message, header);
    if (plaintextRaw.isType<OmemoError>()) {
      // Propagate the error
      return Result(plaintextRaw.get<OmemoError>());
    }
    final plaintext = plaintextRaw.get<List<int>?>();
    if (plaintext != null) {
-      return Result(plaintext);
+      return plaintext;
    }
    if (dhr == null || !listsEqual(header.dhPub, await dhr!.getBytes())) {
      final skipResult1 = await _skipMessageKeys(header.pn);
      if (skipResult1 != null) {
        return Result(skipResult1);
    }
    final dhPubMatches = listsEqual(
      header.dhPub ?? <int>[],
      await dhr?.getBytes() ?? <int>[],
    );
    if (!dhPubMatches) {
      await _skipMessageKeys(header.pn!);
      await _dhRatchet(header);
    }
-    final skipResult2 = await _skipMessageKeys(header.n);
+    await _skipMessageKeys(header.n!);
-    if (skipResult2 != null) {
+    final newCkr = await kdfCk(ckr!, kdfCkNextChainKey);
      return Result(skipResult2);
    }
    final ck = await kdfCk(ckr!, kdfCkNextChainKey);
    final mk = await kdfCk(ckr!, kdfCkNextMessageKey);
-    ckr = ck;
+    ckr = newCkr;
    nr++;
-    return _decrypt(message, header.ciphertext, mk);
+    return decrypt(mk, ciphertext, concat([sessionAd, header.writeToBuffer()]), sessionAd);
  }
  /// Encrypt the payload [plaintext] using the double ratchet session.
  Future<OMEMOAuthenticatedMessage> ratchetEncrypt(List<int> plaintext) async {
    // Advance the ratchet
    final ck = await kdfCk(cks!, kdfCkNextChainKey);
    final mk = await kdfCk(cks!, kdfCkNextMessageKey);
    cks = ck;
    // Generate encryption, authentication key and IV
    final keys = await deriveEncryptionKeys(mk, encryptHkdfInfoString);
    final ciphertext =
        await aes256CbcEncrypt(plaintext, keys.encryptionKey, keys.iv);
    // Fill-in the header and serialize it here so we do it only once
    final header = OMEMOMessage()
      ..dhPub = await dhs.pk.getBytes()
      ..pn = pn
      ..n = ns
      ..ciphertext = ciphertext;
    final headerBytes = header.writeToBuffer();
    // Increment the send counter
    ns++;
    final newAd = concat([sessionAd, headerBytes]);
    final hmac = await truncatedHmac(newAd, keys.authenticationKey);
    return OMEMOAuthenticatedMessage()
      ..mac = hmac
      ..message = headerBytes;
  }
  /// Returns a copy of the ratchet.
  OmemoDoubleRatchet clone() {
    return OmemoDoubleRatchet(
      dhs,
      dhr,
      rk,
      cks != null ? List<int>.from(cks!) : null,
      ckr != null ? List<int>.from(ckr!) : null,
      ns,
      nr,
      pn,
      ik,
      sessionAd,
      Map<SkippedKey, List<int>>.from(mkSkipped),
      acknowledged,
      kex,
    );
  }
  /// Computes the fingerprint of the double ratchet, according to
  /// XEP-0384.
  Future<String> get fingerprint async {
    final curveKey = await ik.toCurve25519();
    return HEX.encode(
      await curveKey.getBytes(),
    );
  }
  @visibleForTesting
  Future<bool> equals(OmemoDoubleRatchet other) async {
    final dhrMatch = dhr == null
        ? other.dhr == null
        :
    // ignore: invalid_use_of_visible_for_testing_member
-        other.dhr != null && await dhr!.equals(other.dhr!);
+    final dhrMatch = dhr == null ? other.dhr == null : await dhr!.equals(other.dhr!);
-    final ckrMatch = ckr == null
+    final ckrMatch = ckr == null ? other.ckr == null : listsEqual(ckr!, other.ckr!);
-        ? other.ckr == null
+    final cksMatch = cks == null ? other.cks == null : listsEqual(cks!, other.cks!);
        : other.ckr != null && listsEqual(ckr!, other.ckr!);
    final cksMatch = cks == null
        ? other.cks == null
        : other.cks != null && listsEqual(cks!, other.cks!);
    // ignore: invalid_use_of_visible_for_testing_member
    final dhsMatch = await dhs.equals(other.dhs);
--- a/lib/src/double_ratchet/kdf.dart
+++ b/lib/src/double_ratchet/kdf.dart
@ -8,7 +8,7 @@ const kdfRkInfoString = 'OMEMO Root Chain';
 const kdfCkNextMessageKey = 0x01;
 const kdfCkNextChainKey = 0x02;
-/// Signals KDF_CK function as specified by OMEMO 0.8.3.
+/// Signals KDF_CK function as specified by OMEMO 0.8.0.
 Future<List<int>> kdfCk(List<int> ck, int constant) async {
  final hkdf = Hkdf(hmac: Hmac(Sha256()), outputLength: 32);
  final result = await hkdf.deriveKey(
@ -19,7 +19,7 @@ Future<List<int>> kdfCk(List<int> ck, int constant) async {
  return result.extractBytes();
 }
-/// Signals KDF_RK function as specified by OMEMO 0.8.3.
+/// Signals KDF_RK function as specified by OMEMO 0.8.0.
 Future<List<int>> kdfRk(List<int> rk, List<int> dhOut) async {
  final algorithm = Hkdf(
    hmac: Hmac(Sha256()),
--- a/lib/src/errors.dart
+++ b/lib/src/errors.dart
@ -1,39 +1,32 @@
 abstract class OmemoError {}
 /// Triggered during X3DH if the signature if the SPK does verify to the actual SPK.
-class InvalidKeyExchangeSignatureError extends OmemoError {}
+class InvalidSignatureException implements Exception {
  String errMsg() => 'The signature of the SPK does not match the provided signature';
 }
 /// Triggered by the Double Ratchet if the computed HMAC does not match the attached HMAC.
-class InvalidMessageHMACError extends OmemoError {}
+/// Triggered by the Session Manager if the computed HMAC does not match the attached HMAC.
 class InvalidMessageHMACException implements Exception {
  String errMsg() => 'The computed HMAC does not match the provided HMAC';
 }
 /// Triggered by the Double Ratchet if skipping messages would cause skipping more than
 /// MAXSKIP messages
-class SkippingTooManyKeysError extends OmemoError {}
+class SkippingTooManyMessagesException implements Exception {
  String errMsg() => 'Skipping messages would cause a skip bigger than MAXSKIP';
 }
 /// Triggered by the Session Manager if the message key is not encrypted for the device.
-class NotEncryptedForDeviceError extends OmemoError {}
+class NotEncryptedForDeviceException implements Exception {
  String errMsg() => 'Not encrypted for this device';
 }
 /// Triggered by the Session Manager when there is no key for decrypting the message.
 class NoDecryptionKeyException implements Exception {
  String errMsg() => 'No key available for decrypting the message';
 }
 /// Triggered by the Session Manager when the identifier of the used Signed Prekey
 /// is neither the current SPK's identifier nor the old one's.
-class UnknownSignedPrekeyError extends OmemoError {}
+class UnknownSignedPrekeyException implements Exception {
-
+  String errMsg() => 'Unknown Signed Prekey used.';
 /// Triggered by the OmemoManager when we could not encrypt a message as we have
 /// no key material available. That happens, for example, when we want to create a
 /// ratchet session with a JID we had no session with but fetching the device bundle
 /// failed.
 class NoKeyMaterialAvailableError extends OmemoError {}
 /// A non-key-exchange message was received that was encrypted for our device, but we have no ratchet with
 /// the device that sent the message.
 class NoSessionWithDeviceError extends OmemoError {}
 /// Caused when the AES-256 CBC decryption failed.
 class MalformedCiphertextError extends OmemoError {
  MalformedCiphertextError(this.ex);
  /// The exception that was raised while decryption.
  final Object ex;
 }
 /// Caused by an empty <key /> element
 class MalformedEncryptedKeyError extends OmemoError {}
--- a/lib/src/helpers.dart
+++ b/lib/src/helpers.dart
@ -1,5 +1,7 @@
 import 'dart:convert';
 import 'dart:math';
 import 'package:cryptography/cryptography.dart';
 import 'package:omemo_dart/src/keys.dart';
 /// Flattens [inputs] and concatenates the elements.
 List<int> concat(List<List<int>> inputs) {
@ -41,35 +43,33 @@ int generateRandom32BitNumber() {
  return Random.secure().nextInt(4294967295 /*pow(2, 32) - 1*/);
 }
-/// Describes the differences between two lists in terms of its items.
+OmemoPublicKey? decodeKeyIfNotNull(Map<String, dynamic> map, String key, KeyPairType type) {
-class ListDiff<T> {
+  if (map[key] == null) return null;
  ListDiff(this.added, this.removed);
-  /// The items that were added.
+  return OmemoPublicKey.fromBytes(
-  final List<T> added;
+    base64.decode(map[key]! as String),
-
+    type,
-  /// The items that were removed.
+  );
  final List<T> removed;
 }
-extension AppendToListOrCreateExtension<K, V> on Map<K, List<V>> {
+List<int>? base64DecodeIfNotNull(Map<String, dynamic> map, String key) {
-  /// Create or append [value] to the list identified with key [key].
+  if (map[key] == null) return null;
-  void appendOrCreate(K key, V value, {bool checkExistence = false}) {
+
-    if (containsKey(key)) {
+  return base64.decode(map[key]! as String);
      if (!checkExistence) {
        this[key]!.add(value);
      }
      if (!this[key]!.contains(value)) {
        this[key]!.add(value);
      }
    } else {
      this[key] = [value];
    }
  }
 }
-extension StringFromBase64Extension on String {
+String? base64EncodeIfNotNull(List<int>? bytes) {
-  /// Base64-decode this string. Useful for doing `someString?.fromBase64()` instead
+  if (bytes == null) return null;
-  /// of `someString != null ? base64Decode(someString) : null`.
+
-  List<int> fromBase64() => base64Decode(this);
+  return base64.encode(bytes);
 }
 OmemoKeyPair? decodeKeyPairIfNotNull(String? pk, String? sk, KeyPairType type) {
  if (pk == null || sk == null) return null;
  return OmemoKeyPair.fromBytes(
    base64.decode(pk),
    base64.decode(sk),
    type,
  );
 }
--- a/lib/src/keys.dart
+++ b/lib/src/keys.dart
@ -9,6 +9,7 @@ const privateKeyLength = 32;
 const publicKeyLength = 32;
 class OmemoPublicKey {
  const OmemoPublicKey(this._pubkey);
  factory OmemoPublicKey.fromBytes(List<int> bytes, KeyPairType type) {
@ -31,10 +32,7 @@ class OmemoPublicKey {
  Future<String> asBase64() async => base64Encode(_pubkey.bytes);
  Future<OmemoPublicKey> toCurve25519() async {
-    assert(
+    assert(type == KeyPairType.ed25519, 'Cannot convert non-Ed25519 public key to X25519');
      type == KeyPairType.ed25519,
      'Cannot convert non-Ed25519 public key to X25519',
    );
    final pkc = Uint8List(publicKeyLength);
    TweetNaClExt.crypto_sign_ed25519_pk_to_x25519_pk(
@ -42,17 +40,14 @@ class OmemoPublicKey {
      Uint8List.fromList(await getBytes()),
    );
-    return OmemoPublicKey(
+    return OmemoPublicKey(SimplePublicKey(List<int>.from(pkc), type: KeyPairType.x25519));
      SimplePublicKey(List<int>.from(pkc), type: KeyPairType.x25519),
    );
  }
  SimplePublicKey asPublicKey() => _pubkey;
  @visibleForTesting
  Future<bool> equals(OmemoPublicKey key) async {
-    return type == key.type &&
+    return type == key.type && listsEqual(
        listsEqual(
      await getBytes(),
      await key.getBytes(),
    );
@ -60,6 +55,7 @@ class OmemoPublicKey {
 }
 class OmemoPrivateKey {
  const OmemoPrivateKey(this._privkey, this.type);
  final List<int> _privkey;
  final KeyPairType type;
@ -67,10 +63,7 @@ class OmemoPrivateKey {
  Future<List<int>> getBytes() async => _privkey;
  Future<OmemoPrivateKey> toCurve25519() async {
-    assert(
+    assert(type == KeyPairType.ed25519, 'Cannot convert non-Ed25519 private key to X25519');
      type == KeyPairType.ed25519,
      'Cannot convert non-Ed25519 private key to X25519',
    );
    final skc = Uint8List(privateKeyLength);
    TweetNaClExt.crypto_sign_ed25519_sk_to_x25519_sk(
@ -83,8 +76,7 @@ class OmemoPrivateKey {
  @visibleForTesting
  Future<bool> equals(OmemoPrivateKey key) async {
-    return type == key.type &&
+    return type == key.type && listsEqual(
        listsEqual(
      await getBytes(),
      await key.getBytes(),
    );
@ -93,15 +85,12 @@ class OmemoPrivateKey {
 /// A generic wrapper class for both Ed25519 and X25519 keypairs
 class OmemoKeyPair {
  const OmemoKeyPair(this.pk, this.sk, this.type);
  /// Create an OmemoKeyPair just from a [type] and the bytes of the private and public
  /// key.
-  factory OmemoKeyPair.fromBytes(
+  factory OmemoKeyPair.fromBytes(List<int> publicKey, List<int> privateKey, KeyPairType type) {
    List<int> publicKey,
    List<int> privateKey,
    KeyPairType type,
  ) {
    return OmemoKeyPair(
      OmemoPublicKey.fromBytes(
        publicKey,
@ -118,10 +107,7 @@ class OmemoKeyPair {
  /// Generate a completely new random OmemoKeyPair of type [type]. [type] must be either
  /// KeyPairType.ed25519 or KeyPairType.x25519.
  static Future<OmemoKeyPair> generateNewPair(KeyPairType type) async {
-    assert(
+    assert(type == KeyPairType.ed25519 || type == KeyPairType.x25519, 'Keypair must be either Ed25519 or X25519');
      type == KeyPairType.ed25519 || type == KeyPairType.x25519,
      'Keypair must be either Ed25519 or X25519',
    );
    SimpleKeyPair kp;
    if (type == KeyPairType.ed25519) {
@ -150,10 +136,7 @@ class OmemoKeyPair {
  /// Return the bytes that comprise the public key.
  Future<OmemoKeyPair> toCurve25519() async {
-    assert(
+    assert(type == KeyPairType.ed25519, 'Cannot convert non-Ed25519 keypair to X25519');
      type == KeyPairType.ed25519,
      'Cannot convert non-Ed25519 keypair to X25519',
    );
    return OmemoKeyPair(
      await pk.toCurve25519(),
--- a/lib/src/omemo/bundle.dart
+++ b/lib/src/omemo/bundle.dart
@ -1,9 +1,9 @@
 import 'dart:convert';
 import 'package:cryptography/cryptography.dart';
 import 'package:hex/hex.dart';
 import 'package:omemo_dart/src/keys.dart';
 class OmemoBundle {
  const OmemoBundle(
    this.jid,
    this.id,
@ -13,23 +13,17 @@ class OmemoBundle {
    this.ikEncoded,
    this.opksEncoded,
  );
  /// The bare Jid the Bundle belongs to
  final String jid;
  /// The device Id
  final int id;
  /// The SPK but base64 encoded
  final String spkEncoded;
  final int spkId;
  /// The SPK signature but base64 encoded
  final String spkSignatureEncoded;
  /// The IK but base64 encoded
  final String ikEncoded;
  /// The mapping of a OPK's id to the base64 encoded data
  final Map<int, String> opksEncoded;
@ -49,10 +43,4 @@ class OmemoBundle {
  }
  List<int> get spkSignature => base64Decode(spkSignatureEncoded);
  /// Calculates the fingerprint of the bundle (See
  /// https://xmpp.org/extensions/xep-0384.html#security § 2).
  Future<String> getFingerprint() async {
    return HEX.encode(await ik.getBytes());
  }
 }
--- a/lib/src/omemo/decryption_result.dart
+++ b/lib/src/omemo/decryption_result.dart
@ -1,30 +0,0 @@
 import 'package:meta/meta.dart';
 import 'package:omemo_dart/src/errors.dart';
@immutable
 class DecryptionResult {
  const DecryptionResult(
    this.payload,
    this.usedOpkId,
    this.newRatchets,
    this.replacedRatchets,
    this.error,
  );
  /// The decrypted payload or null, if it was an empty OMEMO message.
  final String? payload;
  /// In case a key exchange has been performed: The id of the used OPK. Useful for
  /// replacing the OPK after a message catch-up.
  final int? usedOpkId;
  /// Mapping of JIDs to a list of device ids for which we created a new ratchet session.
  final Map<String, List<int>> newRatchets;
  /// Similar to [newRatchets], but the ratchets listed in [replacedRatchets] where also existent before
  /// and replaced with the new ratchet.
  final Map<String, List<int>> replacedRatchets;
  /// The error that occurred during decryption or null, if no error occurred.
  final OmemoError? error;
 }
--- a/lib/src/omemo/device.dart
+++ b/lib/src/omemo/device.dart
@ -1,6 +1,5 @@
 import 'dart:convert';
 import 'package:cryptography/cryptography.dart';
 import 'package:hex/hex.dart';
 import 'package:meta/meta.dart';
 import 'package:omemo_dart/src/helpers.dart';
 import 'package:omemo_dart/src/keys.dart';
@ -9,8 +8,9 @@ import 'package:omemo_dart/src/x3dh/x3dh.dart';
 /// This class represents an OmemoBundle but with all keypairs belonging to the keys
@immutable
-class OmemoDevice {
+class Device {
-  const OmemoDevice(
+
  const Device(
    this.jid,
    this.id,
    this.ik,
@ -22,11 +22,69 @@ class OmemoDevice {
    this.opks,
  );
  /// Deserialize the Device
  factory Device.fromJson(Map<String, dynamic> data) {
    // NOTE: We use the way OpenSSH names their keys, meaning that ik is the Identity
    //       Keypair's private key, while ik_pub refers to the Identity Keypair's public
    //       key.
    /*
    {
      'jid': 'alice@...',
      'id': 123,
      'ik': 'base/64/encoded',
      'ik_pub': 'base/64/encoded',
      'spk': 'base/64/encoded',
      'spk_pub': 'base/64/encoded',
      'spk_id': 123,
      'spk_sig': 'base/64/encoded',
      'old_spk': 'base/64/encoded',
      'old_spk_pub': 'base/64/encoded',
      'old_spk_id': 122,
      'opks': [
        {
          'id': 0,
          'public': 'base/64/encoded',
          'private': 'base/64/encoded'
        }, ...
      ]
    }
    */
    final opks = <int, OmemoKeyPair>{};
    for (final opk in data['opks']! as List<Map<String, dynamic>>) {
      opks[opk['id']! as int] = OmemoKeyPair.fromBytes(
        base64.decode(opk['public']! as String),
        base64.decode(opk['private']! as String),
        KeyPairType.x25519,
      );
    }
    return Device(
      data['jid']! as String,
      data['id']! as int,
      OmemoKeyPair.fromBytes(
        base64.decode(data['ik_pub']! as String),
        base64.decode(data['ik']! as String),
        KeyPairType.ed25519,
      ),
      OmemoKeyPair.fromBytes(
        base64.decode(data['spk_pub']! as String),
        base64.decode(data['spk']! as String),
        KeyPairType.x25519,
      ),
      data['spk_id']! as int,
      base64.decode(data['spk_sig']! as String),
      decodeKeyPairIfNotNull(
        data['old_spk_pub'] as String?,
        data['old_spk'] as String?,
        KeyPairType.x25519,
      ),
      data['old_spk_id'] as int?,
      opks,
    );
  }
  /// Generate a completely new device, i.e. cryptographic identity.
-  static Future<OmemoDevice> generateNewDevice(
+  static Future<Device> generateNewDevice(String jid, { int opkAmount = 100 }) async {
    String jid, {
    int opkAmount = 100,
  }) async {
    final id = generateRandom32BitNumber();
    final ik = await OmemoKeyPair.generateNewPair(KeyPairType.ed25519);
    final spk = await OmemoKeyPair.generateNewPair(KeyPairType.x25519);
@ -35,19 +93,10 @@ class OmemoDevice {
    final opks = <int, OmemoKeyPair>{};
    for (var i = 0; i < opkAmount; i++) {
-      // Generate unique ids for each key
+      opks[i] = await OmemoKeyPair.generateNewPair(KeyPairType.x25519);
      while (true) {
        final opkId = generateRandom32BitNumber();
        if (opks.containsKey(opkId)) {
          continue;
    }
-        opks[opkId] = await OmemoKeyPair.generateNewPair(KeyPairType.x25519);
+    return Device(jid, id, ik, spk, spkId, signature, null, null, opks);
        break;
      }
    }
    return OmemoDevice(jid, id, ik, spk, spkId, signature, null, null, opks);
  }
  /// Our bare Jid
@ -61,16 +110,13 @@ class OmemoDevice {
  /// The signed prekey...
  final OmemoKeyPair spk;
  /// ...its Id, ...
  final int spkId;
  /// ...and its signature
  final List<int> spkSignature;
  /// The old Signed Prekey...
  final OmemoKeyPair? oldSpk;
  /// ...and its Id
  final int? oldSpkId;
@ -80,23 +126,12 @@ class OmemoDevice {
  /// This replaces the Onetime-Prekey with id [id] with a completely new one. Returns
  /// a new Device object that copies over everything but replaces said key.
  @internal
-  Future<OmemoDevice> replaceOnetimePrekey(int id) async {
+  Future<Device> replaceOnetimePrekey(int id) async {
-    opks.remove(id);
+    opks[id] = await OmemoKeyPair.generateNewPair(KeyPairType.x25519);
-    // Generate a new unique id for the OPK.
+    return Device(
    while (true) {
      final newId = generateRandom32BitNumber();
      if (opks.containsKey(newId)) {
        continue;
      }
      opks[newId] = await OmemoKeyPair.generateNewPair(KeyPairType.x25519);
      break;
    }
    return OmemoDevice(
      jid,
-      this.id,
+      id,
      ik,
      spk,
      spkId,
@ -110,12 +145,12 @@ class OmemoDevice {
  /// This replaces the Signed-Prekey with a completely new one. Returns a new Device object
  /// that copies over everything but replaces the Signed-Prekey and its signature.
  @internal
-  Future<OmemoDevice> replaceSignedPrekey() async {
+  Future<Device> replaceSignedPrekey() async {
    final newSpk = await OmemoKeyPair.generateNewPair(KeyPairType.x25519);
    final newSpkId = generateRandom32BitNumber();
    final newSignature = await sig(ik, await newSpk.pk.getBytes());
-    return OmemoDevice(
+    return Device(
      jid,
      id,
      ik,
@ -131,8 +166,8 @@ class OmemoDevice {
  /// Returns a new device that is equal to this one with the exception that the new
  /// device's id is a new number between 0 and 2**32 - 1.
  @internal
-  OmemoDevice withNewId() {
+  Device withNewId() {
-    return OmemoDevice(
+    return Device(
      jid,
      generateRandom32BitNumber(),
      ik,
@ -164,24 +199,43 @@ class OmemoDevice {
    );
  }
-  /// Returns the fingerprint of the current device
+  /// Serialise the device information.
-  Future<String> getFingerprint() async {
+  Future<Map<String, dynamic>> toJson() async {
-    // Since the local key is Ed25519, we must convert it to Curve25519 first
+    /// Serialise the OPKs
-    final curveKey = await ik.pk.toCurve25519();
+    final serialisedOpks = List<Map<String, dynamic>>.empty(growable: true);
-    return HEX.encode(await curveKey.getBytes());
+    for (final entry in opks.entries) {
      serialisedOpks.add({
        'id': entry.key,
        'public': base64.encode(await entry.value.pk.getBytes()),
        'private': base64.encode(await entry.value.sk.getBytes()),
      });
    }
    return {
      'jid': jid,
      'id': id,
      'ik': base64.encode(await ik.sk.getBytes()),
      'ik_pub': base64.encode(await ik.pk.getBytes()),
      'spk': base64.encode(await spk.sk.getBytes()),
      'spk_pub': base64.encode(await spk.pk.getBytes()),
      'spk_id': spkId,
      'spk_sig': base64.encode(spkSignature),
      'old_spk': base64EncodeIfNotNull(await oldSpk?.sk.getBytes()),
      'old_spk_pub': base64EncodeIfNotNull(await oldSpk?.pk.getBytes()),
      'old_spk_id': oldSpkId,
      'opks': serialisedOpks,
    };
  }
  @visibleForTesting
-  Future<bool> equals(OmemoDevice other) async {
+  Future<bool> equals(Device other) async {
    var opksMatch = true;
    if (opks.length != other.opks.length) {
      opksMatch = false;
    } else {
      for (final entry in opks.entries) {
        // ignore: invalid_use_of_visible_for_testing_member
-        final matches =
+        final matches = await other.opks[entry.key]?.equals(entry.value) ?? false;
            // ignore: invalid_use_of_visible_for_testing_member
            await other.opks[entry.key]?.equals(entry.value) ?? false;
        if (!matches) {
          opksMatch = false;
        }
@ -193,10 +247,7 @@ class OmemoDevice {
    // ignore: invalid_use_of_visible_for_testing_member
    final spkMatch = await spk.equals(other.spk);
    // ignore: invalid_use_of_visible_for_testing_member
-    final oldSpkMatch = oldSpk != null
+    final oldSpkMatch = oldSpk != null ? await oldSpk!.equals(other.oldSpk!) : other.oldSpk == null;
        // ignore: invalid_use_of_visible_for_testing_member
        ? await oldSpk!.equals(other.oldSpk!)
        : other.oldSpk == null;
    return id == other.id &&
      ikMatch &&
      spkMatch &&
--- a/lib/src/omemo/encrypted_key.dart
+++ b/lib/src/omemo/encrypted_key.dart
@ -1,23 +1,13 @@
 import 'dart:convert';
 import 'package:meta/meta.dart';
 /// EncryptedKey is the intermediary format of a <key /> element in the OMEMO message's
 /// <keys /> header.
@immutable
 class EncryptedKey {
  const EncryptedKey(this.rid, this.value, this.kex);
-  /// The id of the device the key is encrypted for.
+  const EncryptedKey(this.jid, this.rid, this.value, this.kex);
  final String jid;
  final int rid;
  /// The base64-encoded payload.
  final String value;
  /// Flag indicating whether the payload is a OMEMOKeyExchange (true) or
  /// an OMEMOAuthenticatedMessage (false).
  final bool kex;
  /// The base64-decoded payload.
  List<int> get data => base64Decode(value);
 }
--- a/lib/src/omemo/encryption_result.dart
+++ b/lib/src/omemo/encryption_result.dart
@ -1,36 +1,15 @@
 import 'package:meta/meta.dart';
 import 'package:omemo_dart/src/omemo/encrypted_key.dart';
 import 'package:omemo_dart/src/omemo/errors.dart';
@immutable
 class EncryptionResult {
  const EncryptionResult(
    this.ciphertext,
    this.encryptedKeys,
    this.deviceEncryptionErrors,
    this.newRatchets,
    this.replacedRatchets,
    this.canSend,
  );
-  /// The actual message that was encrypted.
+  const EncryptionResult(this.ciphertext, this.encryptedKeys);
  /// The actual message that was encrypted
  final List<int>? ciphertext;
  /// Mapping of the device Id to the key for decrypting ciphertext, encrypted
-  /// for the ratchet with said device Id.
+  /// for the ratchet with said device Id
-  final Map<String, List<EncryptedKey>> encryptedKeys;
+  final List<EncryptedKey> encryptedKeys;
  /// Mapping of a JID to
  final Map<String, List<EncryptToJidError>> deviceEncryptionErrors;
  /// Mapping of JIDs to a list of device ids for which we created a new ratchet session.
  final Map<String, List<int>> newRatchets;
  /// Similar to [newRatchets], but the ratchets listed in [replacedRatchets] where also existent before
  /// and replaced with the new ratchet.
  final Map<String, List<int>> replacedRatchets;
  /// A flag indicating that the message could be sent like that, i.e. we were able
  /// to encrypt to at-least one device per recipient.
  final bool canSend;
 }
--- a/lib/src/omemo/errors.dart
+++ b/lib/src/omemo/errors.dart
@ -1,12 +0,0 @@
 import 'package:omemo_dart/src/errors.dart';
 /// Returned on encryption, if encryption failed for some reason.
 class EncryptToJidError extends OmemoError {
  EncryptToJidError(this.device, this.error);
  /// The device the error occurred with
  final int? device;
  /// The actual error.
  final OmemoError error;
 }
--- a/lib/src/omemo/events.dart
+++ b/lib/src/omemo/events.dart
@ -0,0 +1,36 @@
 import 'package:omemo_dart/src/double_ratchet/double_ratchet.dart';
 import 'package:omemo_dart/src/omemo/device.dart';
 abstract class OmemoEvent {}
 /// Triggered when a ratchet has been modified
 class RatchetModifiedEvent extends OmemoEvent {
  RatchetModifiedEvent(this.jid, this.deviceId, this.ratchet);
  final String jid;
  final int deviceId;
  final OmemoDoubleRatchet ratchet;
 }
 /// Triggered when a ratchet has been removed and should be removed from storage.
 class RatchetRemovedEvent extends OmemoEvent {
  RatchetRemovedEvent(this.jid, this.deviceId);
  final String jid;
  final int deviceId;
 }
 /// Triggered when the device map has been modified
 class DeviceMapModifiedEvent extends OmemoEvent {
  DeviceMapModifiedEvent(this.map);
  final Map<String, List<int>> map;
 }
 /// Triggered by the OmemoSessionManager when our own device bundle was modified
 /// and thus should be republished.
 class DeviceModifiedEvent extends OmemoEvent {
  DeviceModifiedEvent(this.device);
  final Device device;
 }
--- a/lib/src/omemo/fingerprint.dart
+++ b/lib/src/omemo/fingerprint.dart
@ -2,6 +2,7 @@ import 'package:meta/meta.dart';
@immutable
 class DeviceFingerprint {
  const DeviceFingerprint(this.deviceId, this.fingerprint);
  final String fingerprint;
  final int deviceId;
--- a/lib/src/omemo/omemo.dart
+++ b/lib/src/omemo/omemo.dart
--- a/lib/src/omemo/queue.dart
+++ b/lib/src/omemo/queue.dart
@ -1,100 +0,0 @@
 import 'dart:async';
 import 'dart:collection';
 import 'package:meta/meta.dart';
 import 'package:synchronized/synchronized.dart';
 extension UtilAllMethodsList<T> on List<T> {
  void removeAll(List<T> values) {
    for (final value in values) {
      remove(value);
    }
  }
  bool containsAll(List<T> values) {
    for (final value in values) {
      if (!contains(value)) {
        return false;
      }
    }
    return true;
  }
 }
 class _RatchetAccessQueueEntry {
  _RatchetAccessQueueEntry(
    this.jids,
    this.completer,
  );
  final List<String> jids;
  final Completer<void> completer;
 }
 class RatchetAccessQueue {
  final Queue<_RatchetAccessQueueEntry> _queue = Queue();
  @visibleForTesting
  final List<String> runningOperations = List<String>.empty(growable: true);
  final Lock lock = Lock();
  bool canBypass(List<String> jids) {
    for (final jid in jids) {
      if (runningOperations.contains(jid)) {
        return false;
      }
    }
    return true;
  }
  Future<void> enterCriticalSection(List<String> jids) async {
    final completer = await lock.synchronized<Completer<void>?>(() {
      if (canBypass(jids)) {
        runningOperations.addAll(jids);
        return null;
      }
      final completer = Completer<void>();
      _queue.add(
        _RatchetAccessQueueEntry(
          jids,
          completer,
        ),
      );
      return completer;
    });
    await completer?.future;
  }
  Future<void> leaveCriticalSection(List<String> jids) async {
    await lock.synchronized(() {
      runningOperations.removeAll(jids);
      while (_queue.isNotEmpty) {
        if (canBypass(_queue.first.jids)) {
          final head = _queue.removeFirst();
          runningOperations.addAll(head.jids);
          head.completer.complete();
        } else {
          break;
        }
      }
    });
  }
  Future<T> synchronized<T>(
    List<String> jids,
    Future<T> Function() function,
  ) async {
    await enterCriticalSection(jids);
    final result = await function();
    await leaveCriticalSection(jids);
    return result;
  }
 }
--- a/lib/src/omemo/ratchet_data.dart
+++ b/lib/src/omemo/ratchet_data.dart
@ -1,18 +0,0 @@
 import 'package:omemo_dart/src/double_ratchet/double_ratchet.dart';
 class OmemoRatchetData {
  const OmemoRatchetData(
    this.jid,
    this.id,
    this.ratchet,
  );
  /// The JID we have the ratchet with.
  final String jid;
  /// The device id we have the ratchet with.
  final int id;
  /// The actual double ratchet to commit.
  final OmemoDoubleRatchet ratchet;
 }
--- a/lib/src/omemo/ratchet_map_key.dart
+++ b/lib/src/omemo/ratchet_map_key.dart
@ -2,30 +2,14 @@ import 'package:meta/meta.dart';
@immutable
 class RatchetMapKey {
  const RatchetMapKey(this.jid, this.deviceId);
  factory RatchetMapKey.fromJsonKey(String key) {
    final parts = key.split(':');
    final deviceId = int.parse(parts.first);
    return RatchetMapKey(
      parts.sublist(1).join(':'),
      deviceId,
    );
  }
  final String jid;
  final int deviceId;
  String toJsonKey() {
    return '$deviceId:$jid';
  }
  @override
  bool operator ==(Object other) {
-    return other is RatchetMapKey &&
+    return other is RatchetMapKey && jid == other.jid && deviceId == other.deviceId;
        jid == other.jid &&
        deviceId == other.deviceId;
  }
  @override
--- a/lib/src/omemo/sessionmanager.dart
+++ b/lib/src/omemo/sessionmanager.dart
@ -0,0 +1,556 @@
 import 'dart:async';
 import 'dart:convert';
 import 'package:collection/collection.dart';
 import 'package:cryptography/cryptography.dart';
 import 'package:hex/hex.dart';
 import 'package:meta/meta.dart';
 import 'package:omemo_dart/src/crypto.dart';
 import 'package:omemo_dart/src/double_ratchet/double_ratchet.dart';
 import 'package:omemo_dart/src/errors.dart';
 import 'package:omemo_dart/src/helpers.dart';
 import 'package:omemo_dart/src/keys.dart';
 import 'package:omemo_dart/src/omemo/bundle.dart';
 import 'package:omemo_dart/src/omemo/device.dart';
 import 'package:omemo_dart/src/omemo/encrypted_key.dart';
 import 'package:omemo_dart/src/omemo/encryption_result.dart';
 import 'package:omemo_dart/src/omemo/events.dart';
 import 'package:omemo_dart/src/omemo/fingerprint.dart';
 import 'package:omemo_dart/src/omemo/ratchet_map_key.dart';
 import 'package:omemo_dart/src/protobuf/omemo_authenticated_message.dart';
 import 'package:omemo_dart/src/protobuf/omemo_key_exchange.dart';
 import 'package:omemo_dart/src/protobuf/omemo_message.dart';
 import 'package:omemo_dart/src/trust/base.dart';
 import 'package:omemo_dart/src/x3dh/x3dh.dart';
 import 'package:synchronized/synchronized.dart';
 /// The info used for when encrypting the AES key for the actual payload.
 const omemoPayloadInfoString = 'OMEMO Payload';
 class OmemoSessionManager {
  OmemoSessionManager(this._device, this._deviceMap, this._ratchetMap, this._trustManager)
    : _lock = Lock(),
      _deviceLock = Lock(),
      _eventStreamController = StreamController<OmemoEvent>.broadcast();
  /// Deserialise the OmemoSessionManager from JSON data [data].
  factory OmemoSessionManager.fromJson(Map<String, dynamic> data, TrustManager trustManager) {
    final ratchetMap = <RatchetMapKey, OmemoDoubleRatchet>{};
    for (final rawRatchet in data['sessions']! as List<Map<String, dynamic>>) {
      final key = RatchetMapKey(rawRatchet['jid']! as String, rawRatchet['deviceId']! as int);
      final ratchet = OmemoDoubleRatchet.fromJson(rawRatchet['ratchet']! as Map<String, dynamic>);
      ratchetMap[key] = ratchet;
    }
    return OmemoSessionManager(
      Device.fromJson(data['device']! as Map<String, dynamic>),
      data['devices']! as Map<String, List<int>>,
      ratchetMap,
      trustManager,
    );
  }
  /// Deserialise the OmemoSessionManager from JSON data [data] that does not contain
  /// the ratchet sessions.
  factory OmemoSessionManager.fromJsonWithoutSessions(Map<String, dynamic> data, Map<RatchetMapKey, OmemoDoubleRatchet> ratchetMap, TrustManager trustManager) {
    return OmemoSessionManager(
      Device.fromJson(data['device']! as Map<String, dynamic>),
      data['devices']! as Map<String, List<int>>,
      ratchetMap,
      trustManager,
    );
  }
  /// Generate a new cryptographic identity.
  static Future<OmemoSessionManager> generateNewIdentity(String jid, TrustManager trustManager, { int opkAmount = 100 }) async {
    assert(opkAmount > 0, 'opkAmount must be bigger than 0.');
    final device = await Device.generateNewDevice(jid, opkAmount: opkAmount);
    return OmemoSessionManager(device, {}, {}, trustManager);
  }
  /// Lock for _ratchetMap and _bundleMap
  final Lock _lock;
  /// Mapping of the Device Id to its OMEMO session
  final Map<RatchetMapKey, OmemoDoubleRatchet> _ratchetMap;
  /// Mapping of a bare Jid to its Device Ids
  final Map<String, List<int>> _deviceMap;
  /// The event bus of the session manager
  final StreamController<OmemoEvent> _eventStreamController;
  /// Our own keys...
  // ignore: prefer_final_fields
  Device _device;
  /// and its lock
  final Lock _deviceLock;
  /// The trust manager
  final TrustManager _trustManager;
  TrustManager get trustManager => _trustManager;
  /// A stream that receives events regarding the session
  Stream<OmemoEvent> get eventStream => _eventStreamController.stream;
  /// Returns our own device.
  Future<Device> getDevice() async {
    Device? dev;
    await _deviceLock.synchronized(() async {
      dev = _device;
    });
    return dev!;
  }
  /// Returns the id attribute of our own device. This is just a short-hand for
  /// ```await (session.getDevice()).id```.
  Future<int> getDeviceId() async {
    return _deviceLock.synchronized(() => _device.id);
  }
  /// Returns the device as an OmemoBundle. This is just a short-hand for
  /// ```await (await session.getDevice()).toBundle()```.
  Future<OmemoBundle> getDeviceBundle() async {
    return _deviceLock.synchronized(() async => _device.toBundle());
  }
  /// Add a session [ratchet] with the [deviceId] to the internal tracking state.
  Future<void> _addSession(String jid, int deviceId, OmemoDoubleRatchet ratchet) async {
    await _lock.synchronized(() async {
      // Add the bundle Id
      if (!_deviceMap.containsKey(jid)) {
        _deviceMap[jid] = [deviceId];
        // Commit the device map
        _eventStreamController.add(DeviceMapModifiedEvent(_deviceMap));
      } else {
        // Prevent having the same device multiple times in the list
        if (!_deviceMap[jid]!.contains(deviceId)) {
          _deviceMap[jid]!.add(deviceId);
          // Commit the device map
          _eventStreamController.add(DeviceMapModifiedEvent(_deviceMap));
        }
      }
      // Add the ratchet session
      final key = RatchetMapKey(jid, deviceId);
      _ratchetMap[key] = ratchet;
      // Commit the ratchet
      _eventStreamController.add(RatchetModifiedEvent(jid, deviceId, ratchet));
    });
  }
  /// Create a ratchet session initiated by Alice to the user with Jid [jid] and the device
  /// [deviceId] from the bundle [bundle].
  @visibleForTesting
  Future<OmemoKeyExchange> addSessionFromBundle(String jid, int deviceId, OmemoBundle bundle) async {
    final device = await getDevice();
    final kexResult = await x3dhFromBundle(
      bundle,
      device.ik,
    );
    final ratchet = await OmemoDoubleRatchet.initiateNewSession(
      bundle.spk,
      bundle.ik,
      kexResult.sk,
      kexResult.ad,
    );
    await _trustManager.onNewSession(jid, deviceId);
    await _addSession(jid, deviceId, ratchet);
    return OmemoKeyExchange()
      ..pkId = kexResult.opkId
      ..spkId = bundle.spkId
      ..ik = await device.ik.pk.getBytes()
      ..ek = await kexResult.ek.pk.getBytes();
  }
  /// Build a new session with the user at [jid] with the device [deviceId] using data
  /// from the key exchange [kex]. In case [kex] contains an unknown Signed Prekey
  /// identifier an UnknownSignedPrekeyException will be thrown.
  Future<void> _addSessionFromKeyExchange(String jid, int deviceId, OmemoKeyExchange kex) async {
    // Pick the correct SPK
    final device = await getDevice();
    OmemoKeyPair? spk;
    if (kex.spkId == device.spkId) {
      spk = device.spk;
    } else if (kex.spkId == device.oldSpkId) {
      spk = device.oldSpk;
    } else {
      throw UnknownSignedPrekeyException();
    }
    assert(spk != null, 'The used SPK must be found');
    final kexResult = await x3dhFromInitialMessage(
      X3DHMessage(
        OmemoPublicKey.fromBytes(kex.ik!, KeyPairType.ed25519),
        OmemoPublicKey.fromBytes(kex.ek!, KeyPairType.x25519),
        kex.pkId!,
      ),
      spk!,
      device.opks.values.elementAt(kex.pkId!),
      device.ik,
    );
    final ratchet = await OmemoDoubleRatchet.acceptNewSession(
      spk,
      OmemoPublicKey.fromBytes(kex.ik!, KeyPairType.ed25519),
      kexResult.sk,
      kexResult.ad,
    );
    await _trustManager.onNewSession(jid, deviceId);
    await _addSession(jid, deviceId, ratchet);
  }
  /// Like [encryptToJids] but only for one Jid [jid].
  Future<EncryptionResult> encryptToJid(String jid, String? plaintext, { List<OmemoBundle>? newSessions }) {
    return encryptToJids([jid], plaintext, newSessions: newSessions);
  }
  /// Encrypt the key [plaintext] for all known bundles of the Jids in [jids]. Returns a
  /// map that maps the device Id to the ciphertext of [plaintext].
  ///
  /// If [plaintext] is null, then the result will be an empty OMEMO message, i.e. one that
  /// does not contain a <payload /> element. This means that the ciphertext attribute of
  /// the result will be null as well.
  Future<EncryptionResult> encryptToJids(List<String> jids, String? plaintext, { List<OmemoBundle>? newSessions }) async {
    final encryptedKeys = List<EncryptedKey>.empty(growable: true);
    var ciphertext = const <int>[];
    var keyPayload = const <int>[];
    if (plaintext != null) {
      // Generate the key and encrypt the plaintext
      final key = generateRandomBytes(32);
      final keys = await deriveEncryptionKeys(key, omemoPayloadInfoString);
      ciphertext = await aes256CbcEncrypt(
        utf8.encode(plaintext),
        keys.encryptionKey,
        keys.iv,
      );
      final hmac = await truncatedHmac(ciphertext, keys.authenticationKey);
      keyPayload = concat([key, hmac]);
    } else {
      keyPayload = List<int>.filled(32, 0x0);
    }
    final kex = <int, OmemoKeyExchange>{};
    if (newSessions != null) {
      for (final newSession in newSessions) {
        kex[newSession.id] = await addSessionFromBundle(newSession.jid, newSession.id, newSession);
      }
    }
    await _lock.synchronized(() async {
      // We assume that the user already checked if the session exists
      for (final jid in jids) {
        for (final deviceId in _deviceMap[jid]!) {
          // Empty OMEMO messages are allowed to bypass trust
          if (plaintext != null) {
            // Only encrypt to devices that are trusted
            if (!(await _trustManager.isTrusted(jid, deviceId))) continue;
          }
          final ratchetKey = RatchetMapKey(jid, deviceId);
          final ratchet = _ratchetMap[ratchetKey]!;
          final ciphertext = (await ratchet.ratchetEncrypt(keyPayload)).ciphertext;
          // Commit the ratchet
          _eventStreamController.add(RatchetModifiedEvent(jid, deviceId, ratchet));
          if (kex.isNotEmpty && kex.containsKey(deviceId)) {
            final k = kex[deviceId]!
              ..message = OmemoAuthenticatedMessage.fromBuffer(ciphertext);
            encryptedKeys.add(
              EncryptedKey(
                jid,
                deviceId,
                base64.encode(k.writeToBuffer()),
                true,
              ),
            );
          } else {
            encryptedKeys.add(
              EncryptedKey(
                jid,
                deviceId,
                base64.encode(ciphertext),
                false,
              ),
            );
          }
        }
      }
    });
    return EncryptionResult(
      plaintext != null ? ciphertext : null,
      encryptedKeys,
    );
  }
  /// Attempt to decrypt [ciphertext]. [keys] refers to the <key /> elements inside the
  /// <keys /> element with a "jid" attribute matching our own. [senderJid] refers to the
  /// bare Jid of the sender. [senderDeviceId] refers to the "sid" attribute of the
  /// <encrypted /> element.
  ///
  /// If the received message is an empty OMEMO message, i.e. there is no <payload />
  /// element, then [ciphertext] must be set to null. In this case, this function
  /// will return null as there is no message to be decrypted. This, however, is used
  /// to set up sessions or advance the ratchets.
  Future<String?> decryptMessage(List<int>? ciphertext, String senderJid, int senderDeviceId, List<EncryptedKey> keys) async {
    // Try to find a session we can decrypt with.
    var device = await getDevice();
    final rawKey = keys.firstWhereOrNull((key) => key.rid == device.id);
    if (rawKey == null) {
      throw NotEncryptedForDeviceException();
    }
    final decodedRawKey = base64.decode(rawKey.value);
    OmemoAuthenticatedMessage authMessage;
    if (rawKey.kex) {
      // TODO(PapaTutuWawa): Only do this when we should
      final kex = OmemoKeyExchange.fromBuffer(decodedRawKey);
      await _addSessionFromKeyExchange(
        senderJid,
        senderDeviceId,
        kex,
      );
      authMessage = kex.message!;
      // Replace the OPK
      await _deviceLock.synchronized(() async {
        device = await device.replaceOnetimePrekey(kex.pkId!);
        // Commit the device
        _eventStreamController.add(DeviceModifiedEvent(device));
      });
    } else {
      authMessage = OmemoAuthenticatedMessage.fromBuffer(decodedRawKey);
    }
    final devices = _deviceMap[senderJid];
    if (devices == null) {
      throw NoDecryptionKeyException();
    }
    if (!devices.contains(senderDeviceId)) {
      throw NoDecryptionKeyException();
    }
    final message = OmemoMessage.fromBuffer(authMessage.message!);
    final ratchetKey = RatchetMapKey(senderJid, senderDeviceId);
    List<int>? keyAndHmac;
    await _lock.synchronized(() async {
      final ratchet = _ratchetMap[ratchetKey]!;
      if (rawKey.kex) {
        keyAndHmac = await ratchet.ratchetDecrypt(message, authMessage.writeToBuffer());
      } else {
        keyAndHmac = await ratchet.ratchetDecrypt(message, decodedRawKey);
      }
      // Commit the ratchet
      _eventStreamController.add(RatchetModifiedEvent(senderJid, senderDeviceId, ratchet));
    });
    // Empty OMEMO messages should just have the key decrypted and/or session set up.
    if (ciphertext == null) {
      return null;
    }
    final key = keyAndHmac!.sublist(0, 32);
    final hmac = keyAndHmac!.sublist(32, 48);
    final derivedKeys = await deriveEncryptionKeys(key, omemoPayloadInfoString);
    final computedHmac = await truncatedHmac(ciphertext, derivedKeys.authenticationKey);
    if (!listsEqual(hmac, computedHmac)) {
      throw InvalidMessageHMACException();
    }
    final plaintext = await aes256CbcDecrypt(ciphertext, derivedKeys.encryptionKey, derivedKeys.iv);
    return utf8.decode(plaintext);
  }
  /// Returns the list of hex-encoded fingerprints we have for sessions with [jid].
  Future<List<DeviceFingerprint>> getHexFingerprintsForJid(String jid) async {
    final fingerprints = List<DeviceFingerprint>.empty(growable: true);
    await _lock.synchronized(() async {
      // Get devices for jid
      final devices = _deviceMap[jid]!;
      for (final deviceId in devices) {
        final ratchet = _ratchetMap[RatchetMapKey(jid, deviceId)]!;
        fingerprints.add(
          DeviceFingerprint(
            deviceId,
            HEX.encode(await ratchet.ik.getBytes()),
          ),
        );
      }
    });
    return fingerprints;
  }
  /// Replaces the Signed Prekey and its signature in our own device bundle. Triggers
  /// a DeviceModifiedEvent when done.
  /// See https://xmpp.org/extensions/xep-0384.html#protocol-key_exchange under the point
  /// "signed PreKey rotation period" for recommendations.
  Future<void> rotateSignedPrekey() async {
    await _deviceLock.synchronized(() async {
      _device = await _device.replaceSignedPrekey();
      // Commit the new device
      _eventStreamController.add(DeviceModifiedEvent(_device));
    });
  }
  /// Returns the device map, i.e. the mapping of bare Jid to its device identifiers
  /// we have built sessions with.
  Future<Map<String, List<int>>> getDeviceMap() async {
    Map<String, List<int>>? map;
    await _lock.synchronized(() async {
      map = _deviceMap;
    });
    return map!;
  }
  /// Removes the ratchet identified by [jid] and [deviceId] from the session manager.
  /// Also triggers events for commiting the new device map to storage and removing
  /// the old ratchet.
  Future<void> removeRatchet(String jid, int deviceId) async {
    await _lock.synchronized(() async {
      // Remove the ratchet
      _ratchetMap.remove(RatchetMapKey(jid, deviceId));
      // Commit it
      _eventStreamController.add(RatchetRemovedEvent(jid, deviceId));
      // Remove the device from jid
      _deviceMap[jid]!.remove(deviceId);
      if (_deviceMap[jid]!.isEmpty) {
        _deviceMap.remove(jid);
      }
      // Commit it
      _eventStreamController.add(DeviceMapModifiedEvent(_deviceMap));
    });
  }
  /// Returns the list of device identifiers belonging to [jid] that are yet unacked, i.e.
  /// we have not yet received an empty OMEMO message from.
  Future<List<int>> getUnacknowledgedRatchets(String jid) async {
    final ret = List<int>.empty(growable: true);
    await _lock.synchronized(() async {
      final devices = _deviceMap[jid]!;
      for (final device in devices) {
        final ratchet = _ratchetMap[RatchetMapKey(jid, device)]!;
        if (!ratchet.acknowledged) ret.add(device);
      }
    });
    return ret;
  }
  /// Mark the ratchet for device [deviceId] from [jid] as acked.
  Future<void> ratchetAcknowledged(String jid, int deviceId) async {
    await _lock.synchronized(() async {
      final ratchet = _ratchetMap[RatchetMapKey(jid, deviceId)]!
        ..acknowledged = true;
      // Commit it
      _eventStreamController.add(RatchetModifiedEvent(jid, deviceId, ratchet));
    });
  }
  /// Generates an entirely new device. May be useful when the user wants to reset their cryptographic
  /// identity. Triggers an event to commit it to storage.
  Future<void> regenerateDevice({ int opkAmount = 100 }) async {
    await _deviceLock.synchronized(() async {
      _device = await Device.generateNewDevice(_device.jid, opkAmount: opkAmount);
      // Commit it
      _eventStreamController.add(DeviceModifiedEvent(_device));
    });
  }
  /// Make our device have a new identifier. Only useful before publishing it as a bundle
  /// to make sure that our device has a id that is account unique.
  Future<void> regenerateDeviceId() async {
    await _deviceLock.synchronized(() async {
      _device = _device.withNewId();
      // Commit it
      _eventStreamController.add(DeviceModifiedEvent(_device));
    });
  }
  @visibleForTesting
  OmemoDoubleRatchet getRatchet(String jid, int deviceId) => _ratchetMap[RatchetMapKey(jid, deviceId)]!;
  @visibleForTesting
  Map<RatchetMapKey, OmemoDoubleRatchet> getRatchetMap() => _ratchetMap;
  /// Serialise the entire session manager into a JSON object.
  Future<Map<String, dynamic>> toJson() async {
    /*
    {
      'devices': {
        'alice@...': [1, 2, ...],
        'bob@...': [1],
        ...
      },
      'device': { ... },
      'sessions': [
        {
          'jid': 'alice@...',
          'deviceId': 1,
          'ratchet': { ... },
        },
        ...
      ],
    }
    */
    final sessions = List<Map<String, dynamic>>.empty(growable: true);
    for (final entry in _ratchetMap.entries) {
      sessions.add({
        'jid': entry.key.jid,
        'deviceId': entry.key.deviceId,
        'ratchet': await entry.value.toJson(),
      });
    }
    return {
      'devices': _deviceMap,
      'device': await (await getDevice()).toJson(),
      'sessions': sessions,
    };
  }
  /// Serialise the entire session manager into a JSON object.
  Future<Map<String, dynamic>> toJsonWithoutSessions() async {
    /*
    {
      'devices': {
        'alice@...': [1, 2, ...],
        'bob@...': [1],
        ...
      },
      'device': { ... },
    }
    */
    return {
      'devices': _deviceMap,
      'device': await (await getDevice()).toJson(),
    };
  }
 }
--- a/lib/src/omemo/stanza.dart
+++ b/lib/src/omemo/stanza.dart
@ -1,41 +0,0 @@
 import 'package:omemo_dart/src/omemo/encrypted_key.dart';
 /// Describes a stanza that was received by the underlying XMPP library.
 class OmemoIncomingStanza {
  const OmemoIncomingStanza(
    this.bareSenderJid,
    this.senderDeviceId,
    this.keys,
    this.payload,
    this.isCatchup,
  );
  /// The bare JID of the sender of the stanza.
  final String bareSenderJid;
  /// The device ID of the sender.
  final int senderDeviceId;
  /// The included encrypted keys for our own JID
  final List<EncryptedKey> keys;
  /// The string payload included in the <encrypted /> element.
  final String? payload;
  /// Flag indicating whether the message was received due to a catchup.
  final bool isCatchup;
 }
 /// Describes a stanza that is to be sent out
 class OmemoOutgoingStanza {
  const OmemoOutgoingStanza(
    this.recipientJids,
    this.payload,
  );
  /// The JIDs the stanza will be sent to.
  final List<String> recipientJids;
  /// The serialised XML data that should be encrypted.
  final String? payload;
 }
--- a/lib/src/protobuf/omemo_authenticated_message.dart
+++ b/lib/src/protobuf/omemo_authenticated_message.dart
@ -0,0 +1,39 @@
 import 'package:omemo_dart/src/helpers.dart';
 import 'package:omemo_dart/src/protobuf/protobuf.dart';
 class OmemoAuthenticatedMessage {
  OmemoAuthenticatedMessage();
  factory OmemoAuthenticatedMessage.fromBuffer(List<int> data) {
    var i = 0;
    // required bytes mac     = 1;
    if (data[0] != fieldId(1, fieldTypeByteArray)) {
      throw Exception();
    }
    final mac = data.sublist(2, i + 2 + data[1]);
    i += data[1] + 2;
    if (data[i] != fieldId(2, fieldTypeByteArray)) {
      throw Exception();
    }
    final message = data.sublist(i + 2, i + 2 + data[i + 1]);
    return OmemoAuthenticatedMessage()
      ..mac = mac
      ..message = message;
  }
  List<int>? mac;
  List<int>? message;
  List<int> writeToBuffer() {
    return concat([
      [fieldId(1, fieldTypeByteArray), mac!.length],
      mac!,
      [fieldId(2, fieldTypeByteArray), message!.length],
      message!,
    ]);
  }
 }
--- a/lib/src/protobuf/omemo_key_exchange.dart
+++ b/lib/src/protobuf/omemo_key_exchange.dart
@ -0,0 +1,72 @@
 import 'package:omemo_dart/src/helpers.dart';
 import 'package:omemo_dart/src/protobuf/omemo_authenticated_message.dart';
 import 'package:omemo_dart/src/protobuf/protobuf.dart';
 class OmemoKeyExchange {
  OmemoKeyExchange();
  factory OmemoKeyExchange.fromBuffer(List<int> data) {
    var i = 0;
    if (data[i] != fieldId(1, fieldTypeUint32)) {
      throw Exception();
    }
    var decoded = decodeVarint(data, 1);
    final pkId = decoded.n;
    i += decoded.length + 1;
    if (data[i] != fieldId(2, fieldTypeUint32)) {
      throw Exception();
    }
    decoded = decodeVarint(data, i + 1);
    final spkId = decoded.n;
    i += decoded.length + 1;
    if (data[i] != fieldId(3, fieldTypeByteArray)) {
      throw Exception();
    }
    final ik = data.sublist(i + 2, i + 2 + data[i + 1]);
    i += 2 + data[i + 1];
    if (data[i] != fieldId(4, fieldTypeByteArray)) {
      throw Exception();
    }
    final ek = data.sublist(i + 2, i + 2 + data[i + 1]);
    i += 2 + data[i + 1];
    if (data[i] != fieldId(5, fieldTypeByteArray)) {
      throw Exception();
    }
    final message = OmemoAuthenticatedMessage.fromBuffer(data.sublist(i + 2));
    return OmemoKeyExchange()
      ..pkId = pkId
      ..spkId = spkId
      ..ik = ik
      ..ek = ek
      ..message = message;
  }
  int? pkId;
  int? spkId;
  List<int>? ik;
  List<int>? ek;
  OmemoAuthenticatedMessage? message;
  List<int> writeToBuffer() {
    final msg = message!.writeToBuffer();
    return concat([
      [fieldId(1, fieldTypeUint32)],
      encodeVarint(pkId!),
      [fieldId(2, fieldTypeUint32)],
      encodeVarint(spkId!),
      [fieldId(3, fieldTypeByteArray), ik!.length],
      ik!,
      [fieldId(4, fieldTypeByteArray), ek!.length],
      ek!,
      [fieldId(5, fieldTypeByteArray), msg.length],
      msg,
    ]);
  }
 }
--- a/lib/src/protobuf/omemo_message.dart
+++ b/lib/src/protobuf/omemo_message.dart
@ -0,0 +1,76 @@
 import 'package:omemo_dart/src/helpers.dart';
 import 'package:omemo_dart/src/protobuf/protobuf.dart';
 class OmemoMessage {
  OmemoMessage();
  factory OmemoMessage.fromBuffer(List<int> data) {
    var i = 0;
    // required uint32 n          = 1;
    if (data[0] != fieldId(1, fieldTypeUint32)) {
      throw Exception();
    }
    var decode = decodeVarint(data, 1);
    final n = decode.n;
    i += decode.length + 1;
    // required uint32 pn         = 2;
    if (data[i] != fieldId(2, fieldTypeUint32)) {
      throw Exception();
    }
    decode = decodeVarint(data, i + 1);
    final pn = decode.n;
    i += decode.length + 1;
    // required bytes  dh_pub     = 3;
    if (data[i] != fieldId(3, fieldTypeByteArray)) {
      throw Exception();
    }
    final dhPub = data.sublist(i + 2, i + 2 + data[i + 1]);
    i += 2 + data[i + 1];
    // optional bytes  ciphertext = 4;
    List<int>? ciphertext;
    if (i < data.length) {
      if (data[i] != fieldId(4, fieldTypeByteArray)) {
        throw Exception();
      }
      ciphertext = data.sublist(i + 2, i + 2 + data[i + 1]);
    }
    return OmemoMessage()
      ..n = n
      ..pn = pn
      ..dhPub = dhPub
      ..ciphertext = ciphertext;
  }
  int? n;
  int? pn;
  List<int>? dhPub;
  List<int>? ciphertext;
  List<int> writeToBuffer() {
    final data = concat([
      [fieldId(1, fieldTypeUint32)],
      encodeVarint(n!),
      [fieldId(2, fieldTypeUint32)],
      encodeVarint(pn!),
      [fieldId(3, fieldTypeByteArray), dhPub!.length],
      dhPub!,
    ]);
    if (ciphertext != null) {
      return concat([
        data,
        [fieldId(4, fieldTypeByteArray), ciphertext!.length],
        ciphertext!,
      ]);
    }
    return data;
  }
 }
--- a/lib/src/protobuf/protobuf.dart
+++ b/lib/src/protobuf/protobuf.dart
@ -0,0 +1,68 @@
 /// Masks the 7 LSB
 const lsb7Mask = 0x7F;
 /// Constant for setting the MSB
 const msb = 1 << 7;
 /// Field types
 const fieldTypeUint32 = 0;
 const fieldTypeByteArray = 2;
 int fieldId(int number, int type) {
  return (number << 3) | type;
 }
 class VarintDecode {
  const VarintDecode(this.n, this.length);
  final int n;
  final int length;
 }
 /// Decode a Varint that begins at [input]'s index [offset].
 VarintDecode decodeVarint(List<int> input, int offset) {
  // The return value
  var n = 0;
  // The byte offset counter
  var i = 0;
  // Iterate until the MSB of the byte is 0
  while (true) {
    // Mask only the 7 LSB and "move" them accordingly
    n += (input[offset + i] & lsb7Mask) << (7 * i);
    // Break if we reached the end
    if (input[offset + i] & 1 << 7 == 0) {
      break;
    }
    i++;
  }
  return VarintDecode(n, i + 1);
 }
 // Encodes the integer [i] into a Varint.
 List<int> encodeVarint(int i) {
  assert(i >= 0, "Two's complement is not implemented");
  final ret = List<int>.empty(growable: true);
  var j = 0;
  while (true) {
    // The 7 LSB of the byte we're creating
    final x = (i & (lsb7Mask << j * 7)) >> j * 7;
    // The next bits
    final next = i & (lsb7Mask << (j + 1) * 7);
    if (next == 0) {
      // If we were to shift further, we only get zero, so we're at the end
      ret.add(x);
      break;
    } else {
      // We still have at least one bit more to go, so set the MSB to 1
      ret.add(x + msb);
      j++;
    }
  }
  return ret;
 }
--- a/lib/src/protobuf/schema.pb.dart
+++ b/lib/src/protobuf/schema.pb.dart
@ -1,379 +0,0 @@
 ///
 //  Generated code. Do not modify.
 //  source: schema.proto
 //
 // @dart = 2.12
 // ignore_for_file: annotate_overrides,camel_case_types,constant_identifier_names,directives_ordering,library_prefixes,non_constant_identifier_names,prefer_final_fields,return_of_invalid_type,unnecessary_const,unnecessary_import,unnecessary_this,unused_import,unused_shown_name
 import 'dart:core' as $core;
 import 'package:protobuf/protobuf.dart' as $pb;
 class OMEMOMessage extends $pb.GeneratedMessage {
  static final $pb.BuilderInfo _i = $pb.BuilderInfo(
      const $core.bool.fromEnvironment('protobuf.omit_message_names')
          ? ''
          : 'OMEMOMessage',
      createEmptyInstance: create)
    ..a<$core.int>(
        1,
        const $core.bool.fromEnvironment('protobuf.omit_field_names')
            ? ''
            : 'n',
        $pb.PbFieldType.QU3)
    ..a<$core.int>(
        2,
        const $core.bool.fromEnvironment('protobuf.omit_field_names')
            ? ''
            : 'pn',
        $pb.PbFieldType.QU3)
    ..a<$core.List<$core.int>>(
        3,
        const $core.bool.fromEnvironment('protobuf.omit_field_names')
            ? ''
            : 'dhPub',
        $pb.PbFieldType.QY)
    ..a<$core.List<$core.int>>(
        4,
        const $core.bool.fromEnvironment('protobuf.omit_field_names')
            ? ''
            : 'ciphertext',
        $pb.PbFieldType.OY);
  OMEMOMessage._() : super();
  factory OMEMOMessage({
    $core.int? n,
    $core.int? pn,
    $core.List<$core.int>? dhPub,
    $core.List<$core.int>? ciphertext,
  }) {
    final _result = create();
    if (n != null) {
      _result.n = n;
    }
    if (pn != null) {
      _result.pn = pn;
    }
    if (dhPub != null) {
      _result.dhPub = dhPub;
    }
    if (ciphertext != null) {
      _result.ciphertext = ciphertext;
    }
    return _result;
  }
  factory OMEMOMessage.fromBuffer($core.List<$core.int> i,
          [$pb.ExtensionRegistry r = $pb.ExtensionRegistry.EMPTY]) =>
      create()..mergeFromBuffer(i, r);
  factory OMEMOMessage.fromJson($core.String i,
          [$pb.ExtensionRegistry r = $pb.ExtensionRegistry.EMPTY]) =>
      create()..mergeFromJson(i, r);
  @$core.Deprecated('Using this can add significant overhead to your binary. '
      'Use [GeneratedMessageGenericExtensions.deepCopy] instead. '
      'Will be removed in next major version')
  OMEMOMessage clone() => OMEMOMessage()..mergeFromMessage(this);
  @$core.Deprecated('Using this can add significant overhead to your binary. '
      'Use [GeneratedMessageGenericExtensions.rebuild] instead. '
      'Will be removed in next major version')
  OMEMOMessage copyWith(void Function(OMEMOMessage) updates) =>
      super.copyWith((message) => updates(message as OMEMOMessage))
          as OMEMOMessage; // ignore: deprecated_member_use
  $pb.BuilderInfo get info_ => _i;
  @$core.pragma('dart2js:noInline')
  static OMEMOMessage create() => OMEMOMessage._();
  OMEMOMessage createEmptyInstance() => create();
  static $pb.PbList<OMEMOMessage> createRepeated() =>
      $pb.PbList<OMEMOMessage>();
  @$core.pragma('dart2js:noInline')
  static OMEMOMessage getDefault() => _defaultInstance ??=
      $pb.GeneratedMessage.$_defaultFor<OMEMOMessage>(create);
  static OMEMOMessage? _defaultInstance;
  @$pb.TagNumber(1)
  $core.int get n => $_getIZ(0);
  @$pb.TagNumber(1)
  set n($core.int v) {
    $_setUnsignedInt32(0, v);
  }
  @$pb.TagNumber(1)
  $core.bool hasN() => $_has(0);
  @$pb.TagNumber(1)
  void clearN() => clearField(1);
  @$pb.TagNumber(2)
  $core.int get pn => $_getIZ(1);
  @$pb.TagNumber(2)
  set pn($core.int v) {
    $_setUnsignedInt32(1, v);
  }
  @$pb.TagNumber(2)
  $core.bool hasPn() => $_has(1);
  @$pb.TagNumber(2)
  void clearPn() => clearField(2);
  @$pb.TagNumber(3)
  $core.List<$core.int> get dhPub => $_getN(2);
  @$pb.TagNumber(3)
  set dhPub($core.List<$core.int> v) {
    $_setBytes(2, v);
  }
  @$pb.TagNumber(3)
  $core.bool hasDhPub() => $_has(2);
  @$pb.TagNumber(3)
  void clearDhPub() => clearField(3);
  @$pb.TagNumber(4)
  $core.List<$core.int> get ciphertext => $_getN(3);
  @$pb.TagNumber(4)
  set ciphertext($core.List<$core.int> v) {
    $_setBytes(3, v);
  }
  @$pb.TagNumber(4)
  $core.bool hasCiphertext() => $_has(3);
  @$pb.TagNumber(4)
  void clearCiphertext() => clearField(4);
 }
 class OMEMOAuthenticatedMessage extends $pb.GeneratedMessage {
  static final $pb.BuilderInfo _i = $pb.BuilderInfo(
      const $core.bool.fromEnvironment('protobuf.omit_message_names')
          ? ''
          : 'OMEMOAuthenticatedMessage',
      createEmptyInstance: create)
    ..a<$core.List<$core.int>>(
        1,
        const $core.bool.fromEnvironment('protobuf.omit_field_names')
            ? ''
            : 'mac',
        $pb.PbFieldType.QY)
    ..a<$core.List<$core.int>>(
        2,
        const $core.bool.fromEnvironment('protobuf.omit_field_names')
            ? ''
            : 'message',
        $pb.PbFieldType.QY);
  OMEMOAuthenticatedMessage._() : super();
  factory OMEMOAuthenticatedMessage({
    $core.List<$core.int>? mac,
    $core.List<$core.int>? message,
  }) {
    final _result = create();
    if (mac != null) {
      _result.mac = mac;
    }
    if (message != null) {
      _result.message = message;
    }
    return _result;
  }
  factory OMEMOAuthenticatedMessage.fromBuffer($core.List<$core.int> i,
          [$pb.ExtensionRegistry r = $pb.ExtensionRegistry.EMPTY]) =>
      create()..mergeFromBuffer(i, r);
  factory OMEMOAuthenticatedMessage.fromJson($core.String i,
          [$pb.ExtensionRegistry r = $pb.ExtensionRegistry.EMPTY]) =>
      create()..mergeFromJson(i, r);
  @$core.Deprecated('Using this can add significant overhead to your binary. '
      'Use [GeneratedMessageGenericExtensions.deepCopy] instead. '
      'Will be removed in next major version')
  OMEMOAuthenticatedMessage clone() =>
      OMEMOAuthenticatedMessage()..mergeFromMessage(this);
  @$core.Deprecated('Using this can add significant overhead to your binary. '
      'Use [GeneratedMessageGenericExtensions.rebuild] instead. '
      'Will be removed in next major version')
  OMEMOAuthenticatedMessage copyWith(
          void Function(OMEMOAuthenticatedMessage) updates) =>
      super.copyWith((message) => updates(message as OMEMOAuthenticatedMessage))
          as OMEMOAuthenticatedMessage; // ignore: deprecated_member_use
  $pb.BuilderInfo get info_ => _i;
  @$core.pragma('dart2js:noInline')
  static OMEMOAuthenticatedMessage create() => OMEMOAuthenticatedMessage._();
  OMEMOAuthenticatedMessage createEmptyInstance() => create();
  static $pb.PbList<OMEMOAuthenticatedMessage> createRepeated() =>
      $pb.PbList<OMEMOAuthenticatedMessage>();
  @$core.pragma('dart2js:noInline')
  static OMEMOAuthenticatedMessage getDefault() => _defaultInstance ??=
      $pb.GeneratedMessage.$_defaultFor<OMEMOAuthenticatedMessage>(create);
  static OMEMOAuthenticatedMessage? _defaultInstance;
  @$pb.TagNumber(1)
  $core.List<$core.int> get mac => $_getN(0);
  @$pb.TagNumber(1)
  set mac($core.List<$core.int> v) {
    $_setBytes(0, v);
  }
  @$pb.TagNumber(1)
  $core.bool hasMac() => $_has(0);
  @$pb.TagNumber(1)
  void clearMac() => clearField(1);
  @$pb.TagNumber(2)
  $core.List<$core.int> get message => $_getN(1);
  @$pb.TagNumber(2)
  set message($core.List<$core.int> v) {
    $_setBytes(1, v);
  }
  @$pb.TagNumber(2)
  $core.bool hasMessage() => $_has(1);
  @$pb.TagNumber(2)
  void clearMessage() => clearField(2);
 }
 class OMEMOKeyExchange extends $pb.GeneratedMessage {
  static final $pb.BuilderInfo _i = $pb.BuilderInfo(
      const $core.bool.fromEnvironment('protobuf.omit_message_names')
          ? ''
          : 'OMEMOKeyExchange',
      createEmptyInstance: create)
    ..a<$core.int>(
        1,
        const $core.bool.fromEnvironment('protobuf.omit_field_names')
            ? ''
            : 'pkId',
        $pb.PbFieldType.QU3)
    ..a<$core.int>(
        2,
        const $core.bool.fromEnvironment('protobuf.omit_field_names')
            ? ''
            : 'spkId',
        $pb.PbFieldType.QU3)
    ..a<$core.List<$core.int>>(
        3,
        const $core.bool.fromEnvironment('protobuf.omit_field_names')
            ? ''
            : 'ik',
        $pb.PbFieldType.QY)
    ..a<$core.List<$core.int>>(
        4,
        const $core.bool.fromEnvironment('protobuf.omit_field_names')
            ? ''
            : 'ek',
        $pb.PbFieldType.QY)
    ..aQM<OMEMOAuthenticatedMessage>(
        5,
        const $core.bool.fromEnvironment('protobuf.omit_field_names')
            ? ''
            : 'message',
        subBuilder: OMEMOAuthenticatedMessage.create);
  OMEMOKeyExchange._() : super();
  factory OMEMOKeyExchange({
    $core.int? pkId,
    $core.int? spkId,
    $core.List<$core.int>? ik,
    $core.List<$core.int>? ek,
    OMEMOAuthenticatedMessage? message,
  }) {
    final _result = create();
    if (pkId != null) {
      _result.pkId = pkId;
    }
    if (spkId != null) {
      _result.spkId = spkId;
    }
    if (ik != null) {
      _result.ik = ik;
    }
    if (ek != null) {
      _result.ek = ek;
    }
    if (message != null) {
      _result.message = message;
    }
    return _result;
  }
  factory OMEMOKeyExchange.fromBuffer($core.List<$core.int> i,
          [$pb.ExtensionRegistry r = $pb.ExtensionRegistry.EMPTY]) =>
      create()..mergeFromBuffer(i, r);
  factory OMEMOKeyExchange.fromJson($core.String i,
          [$pb.ExtensionRegistry r = $pb.ExtensionRegistry.EMPTY]) =>
      create()..mergeFromJson(i, r);
  @$core.Deprecated('Using this can add significant overhead to your binary. '
      'Use [GeneratedMessageGenericExtensions.deepCopy] instead. '
      'Will be removed in next major version')
  OMEMOKeyExchange clone() => OMEMOKeyExchange()..mergeFromMessage(this);
  @$core.Deprecated('Using this can add significant overhead to your binary. '
      'Use [GeneratedMessageGenericExtensions.rebuild] instead. '
      'Will be removed in next major version')
  OMEMOKeyExchange copyWith(void Function(OMEMOKeyExchange) updates) =>
      super.copyWith((message) => updates(message as OMEMOKeyExchange))
          as OMEMOKeyExchange; // ignore: deprecated_member_use
  $pb.BuilderInfo get info_ => _i;
  @$core.pragma('dart2js:noInline')
  static OMEMOKeyExchange create() => OMEMOKeyExchange._();
  OMEMOKeyExchange createEmptyInstance() => create();
  static $pb.PbList<OMEMOKeyExchange> createRepeated() =>
      $pb.PbList<OMEMOKeyExchange>();
  @$core.pragma('dart2js:noInline')
  static OMEMOKeyExchange getDefault() => _defaultInstance ??=
      $pb.GeneratedMessage.$_defaultFor<OMEMOKeyExchange>(create);
  static OMEMOKeyExchange? _defaultInstance;
  @$pb.TagNumber(1)
  $core.int get pkId => $_getIZ(0);
  @$pb.TagNumber(1)
  set pkId($core.int v) {
    $_setUnsignedInt32(0, v);
  }
  @$pb.TagNumber(1)
  $core.bool hasPkId() => $_has(0);
  @$pb.TagNumber(1)
  void clearPkId() => clearField(1);
  @$pb.TagNumber(2)
  $core.int get spkId => $_getIZ(1);
  @$pb.TagNumber(2)
  set spkId($core.int v) {
    $_setUnsignedInt32(1, v);
  }
  @$pb.TagNumber(2)
  $core.bool hasSpkId() => $_has(1);
  @$pb.TagNumber(2)
  void clearSpkId() => clearField(2);
  @$pb.TagNumber(3)
  $core.List<$core.int> get ik => $_getN(2);
  @$pb.TagNumber(3)
  set ik($core.List<$core.int> v) {
    $_setBytes(2, v);
  }
  @$pb.TagNumber(3)
  $core.bool hasIk() => $_has(2);
  @$pb.TagNumber(3)
  void clearIk() => clearField(3);
  @$pb.TagNumber(4)
  $core.List<$core.int> get ek => $_getN(3);
  @$pb.TagNumber(4)
  set ek($core.List<$core.int> v) {
    $_setBytes(3, v);
  }
  @$pb.TagNumber(4)
  $core.bool hasEk() => $_has(3);
  @$pb.TagNumber(4)
  void clearEk() => clearField(4);
  @$pb.TagNumber(5)
  OMEMOAuthenticatedMessage get message => $_getN(4);
  @$pb.TagNumber(5)
  set message(OMEMOAuthenticatedMessage v) {
    setField(5, v);
  }
  @$pb.TagNumber(5)
  $core.bool hasMessage() => $_has(4);
  @$pb.TagNumber(5)
  void clearMessage() => clearField(5);
  @$pb.TagNumber(5)
  OMEMOAuthenticatedMessage ensureMessage() => $_ensure(4);
 }
--- a/lib/src/protobuf/schema.pbenum.dart
+++ b/lib/src/protobuf/schema.pbenum.dart
@ -1,6 +0,0 @@
 ///
 //  Generated code. Do not modify.
 //  source: schema.proto
 //
 // @dart = 2.12
 // ignore_for_file: annotate_overrides,camel_case_types,constant_identifier_names,directives_ordering,library_prefixes,non_constant_identifier_names,prefer_final_fields,return_of_invalid_type,unnecessary_const,unnecessary_import,unnecessary_this,unused_import,unused_shown_name
--- a/lib/src/protobuf/schema.pbjson.dart
+++ b/lib/src/protobuf/schema.pbjson.dart
@ -1,60 +0,0 @@
 ///
 //  Generated code. Do not modify.
 //  source: schema.proto
 //
 // @dart = 2.12
 // ignore_for_file: annotate_overrides,camel_case_types,constant_identifier_names,deprecated_member_use_from_same_package,directives_ordering,library_prefixes,non_constant_identifier_names,prefer_final_fields,return_of_invalid_type,unnecessary_const,unnecessary_import,unnecessary_this,unused_import,unused_shown_name
 import 'dart:core' as $core;
 import 'dart:convert' as $convert;
 import 'dart:typed_data' as $typed_data;
@$core.Deprecated('Use oMEMOMessageDescriptor instead')
 const OMEMOMessage$json = {
  '1': 'OMEMOMessage',
  '2': [
    {'1': 'n', '3': 1, '4': 2, '5': 13, '10': 'n'},
    {'1': 'pn', '3': 2, '4': 2, '5': 13, '10': 'pn'},
    {'1': 'dh_pub', '3': 3, '4': 2, '5': 12, '10': 'dhPub'},
    {'1': 'ciphertext', '3': 4, '4': 1, '5': 12, '10': 'ciphertext'},
  ],
 };
 /// Descriptor for `OMEMOMessage`. Decode as a `google.protobuf.DescriptorProto`.
 final $typed_data.Uint8List oMEMOMessageDescriptor = $convert.base64Decode(
    'CgxPTUVNT01lc3NhZ2USDAoBbhgBIAIoDVIBbhIOCgJwbhgCIAIoDVICcG4SFQoGZGhfcHViGAMgAigMUgVkaFB1YhIeCgpjaXBoZXJ0ZXh0GAQgASgMUgpjaXBoZXJ0ZXh0');
@$core.Deprecated('Use oMEMOAuthenticatedMessageDescriptor instead')
 const OMEMOAuthenticatedMessage$json = {
  '1': 'OMEMOAuthenticatedMessage',
  '2': [
    {'1': 'mac', '3': 1, '4': 2, '5': 12, '10': 'mac'},
    {'1': 'message', '3': 2, '4': 2, '5': 12, '10': 'message'},
  ],
 };
 /// Descriptor for `OMEMOAuthenticatedMessage`. Decode as a `google.protobuf.DescriptorProto`.
 final $typed_data.Uint8List oMEMOAuthenticatedMessageDescriptor =
    $convert.base64Decode(
        'ChlPTUVNT0F1dGhlbnRpY2F0ZWRNZXNzYWdlEhAKA21hYxgBIAIoDFIDbWFjEhgKB21lc3NhZ2UYAiACKAxSB21lc3NhZ2U=');
@$core.Deprecated('Use oMEMOKeyExchangeDescriptor instead')
 const OMEMOKeyExchange$json = {
  '1': 'OMEMOKeyExchange',
  '2': [
    {'1': 'pk_id', '3': 1, '4': 2, '5': 13, '10': 'pkId'},
    {'1': 'spk_id', '3': 2, '4': 2, '5': 13, '10': 'spkId'},
    {'1': 'ik', '3': 3, '4': 2, '5': 12, '10': 'ik'},
    {'1': 'ek', '3': 4, '4': 2, '5': 12, '10': 'ek'},
    {
      '1': 'message',
      '3': 5,
      '4': 2,
      '5': 11,
      '6': '.OMEMOAuthenticatedMessage',
      '10': 'message'
    },
  ],
 };
 /// Descriptor for `OMEMOKeyExchange`. Decode as a `google.protobuf.DescriptorProto`.
 final $typed_data.Uint8List oMEMOKeyExchangeDescriptor = $convert.base64Decode(
    'ChBPTUVNT0tleUV4Y2hhbmdlEhMKBXBrX2lkGAEgAigNUgRwa0lkEhUKBnNwa19pZBgCIAIoDVIFc3BrSWQSDgoCaWsYAyACKAxSAmlrEg4KAmVrGAQgAigMUgJlaxI0CgdtZXNzYWdlGAUgAigLMhouT01FTU9BdXRoZW50aWNhdGVkTWVzc2FnZVIHbWVzc2FnZQ==');
--- a/lib/src/protobuf/schema.pbserver.dart
+++ b/lib/src/protobuf/schema.pbserver.dart
@ -1,8 +0,0 @@
 ///
 //  Generated code. Do not modify.
 //  source: schema.proto
 //
 // @dart = 2.12
 // ignore_for_file: annotate_overrides,camel_case_types,constant_identifier_names,deprecated_member_use_from_same_package,directives_ordering,library_prefixes,non_constant_identifier_names,prefer_final_fields,return_of_invalid_type,unnecessary_const,unnecessary_import,unnecessary_this,unused_import,unused_shown_name
 export 'schema.pb.dart';
--- a/lib/src/trust/always.dart
+++ b/lib/src/trust/always.dart
@ -11,16 +11,4 @@ class AlwaysTrustingTrustManager extends TrustManager {
  @override
  Future<void> onNewSession(String jid, int deviceId) async {}
  @override
  Future<bool> isEnabled(String jid, int deviceId) async => true;
  @override
  Future<void> setEnabled(String jid, int deviceId, bool enabled) async {}
  @override
  Future<void> removeTrustDecisionsForJid(String jid) async {}
  @override
  Future<void> loadTrustData(String jid) async {}
 }
--- a/lib/src/trust/base.dart
+++ b/lib/src/trust/base.dart
@ -1,5 +1,3 @@
 import 'package:meta/meta.dart';
 /// The base class for managing trust in OMEMO sessions.
 // ignore: one_member_abstracts
 abstract class TrustManager {
@ -9,25 +7,5 @@ abstract class TrustManager {
  /// Called by the OmemoSessionManager when a new session has been built. Should set
  /// a default trust state to [jid]'s device with identifier [deviceId].
  @internal
  Future<void> onNewSession(String jid, int deviceId);
  /// Return true if the device with id [deviceId] of Jid [jid] should be used for encryption.
  /// If not, return false.
  Future<bool> isEnabled(String jid, int deviceId);
  /// Mark the device with id [deviceId] of Jid [jid] as enabled if [enabled] is true or as disabled
  /// if [enabled] is false.
  Future<void> setEnabled(String jid, int deviceId, bool enabled);
  /// Removes all trust decisions for [jid].
  @internal
  Future<void> removeTrustDecisionsForJid(String jid);
  // ignore: comment_references
  /// Called from within the [OmemoManager].
  /// Loads the trust data for the JID [jid] from persistent storage
  /// into the internal cache, if applicable.
  @internal
  Future<void> loadTrustData(String jid);
 }
--- a/lib/src/trust/btbv.dart
+++ b/lib/src/trust/btbv.dart
@ -1,116 +1,36 @@
 import 'package:meta/meta.dart';
 import 'package:omemo_dart/src/helpers.dart';
 import 'package:omemo_dart/src/omemo/ratchet_map_key.dart';
 import 'package:omemo_dart/src/trust/base.dart';
-
+import 'package:synchronized/synchronized.dart';
@immutable
 class BTBVTrustData {
  const BTBVTrustData(
    this.jid,
    this.device,
    this.state,
    this.enabled,
    this.trusted,
  );
  /// The JID in question.
  final String jid;
  /// The device (ratchet) in question.
  final int device;
  /// The trust state of the ratchet.
  final BTBVTrustState state;
  /// Flag indicating whether the ratchet is enabled (true) or not (false).
  final bool enabled;
  /// Flag indicating whether the ratchet is trusted. For loading and commiting a ratchet, this field
  /// contains an arbitrary value.
  /// When using [BlindTrustBeforeVerificationTrustManager.getDevicesTrust], this flag will be true if
  /// the ratchet is trusted and false if not.
  final bool trusted;
 }
 /// A callback for when a trust decision is to be commited to persistent storage.
 typedef BTBVTrustCommitCallback = Future<void> Function(BTBVTrustData data);
 /// A stub-implementation of [BTBVTrustCommitCallback].
 Future<void> btbvCommitStub(BTBVTrustData _) async {}
 /// A callback for when all trust decisions for a JID should be removed from persistent storage.
 typedef BTBVRemoveTrustForJidCallback = Future<void> Function(String jid);
 /// A stub-implementation of [BTBVRemoveTrustForJidCallback].
 Future<void> btbvRemoveTrustStub(String _) async {}
 /// A callback for when trust data should be loaded.
 typedef BTBVLoadDataCallback = Future<List<BTBVTrustData>> Function(String jid);
 /// A stub-implementation for [BTBVLoadDataCallback].
 Future<List<BTBVTrustData>> btbvLoadDataStub(String _) async => [];
 /// Every device is in either of those two trust states:
 /// - notTrusted: The device is absolutely not trusted
 /// - blindTrust: The fingerprint is not verified using OOB means
 /// - verified: The fingerprint has been verified using OOB means
 enum BTBVTrustState {
-  notTrusted(1),
+  notTrusted,
-  blindTrust(2),
+  blindTrust,
-  verified(3);
+  verified,
  const BTBVTrustState(this.value);
  factory BTBVTrustState.fromInt(int value) {
    switch (value) {
      case 1:
        return BTBVTrustState.notTrusted;
      case 2:
        return BTBVTrustState.blindTrust;
      case 3:
        return BTBVTrustState.verified;
      // TODO(Unknown): Should we handle this better?
      default:
        return BTBVTrustState.notTrusted;
    }
  }
  /// The value backing the trust state.
  final int value;
 }
 /// A TrustManager that implements the idea of Blind Trust Before Verification.
 /// See https://gultsch.de/trust.html for more details.
-class BlindTrustBeforeVerificationTrustManager extends TrustManager {
+abstract class BlindTrustBeforeVerificationTrustManager extends TrustManager {
-  BlindTrustBeforeVerificationTrustManager({
+  BlindTrustBeforeVerificationTrustManager()
-    this.loadData = btbvLoadDataStub,
+    : trustCache = {},
-    this.commit = btbvCommitStub,
+      devices = {},
-    this.removeTrust = btbvRemoveTrustStub,
+      _lock = Lock();
  });
-  /// The cache for mapping a RatchetMapKey to its trust state
+  /// The cache for Mapping a RatchetMapKey to its trust state
  @visibleForTesting
  @protected
-  final Map<RatchetMapKey, BTBVTrustState> trustCache = {};
+  final Map<RatchetMapKey, BTBVTrustState> trustCache;
  /// The cache for mapping a RatchetMapKey to whether it is enabled or not
  @visibleForTesting
  @protected
  final Map<RatchetMapKey, bool> enablementCache = {};
  /// Mapping of Jids to their device identifiers
  @visibleForTesting
  @protected
-  final Map<String, List<int>> devices = {};
+  final Map<String, List<int>> devices;
-  /// Callback for loading trust data.
+  /// The lock for devices and trustCache
-  final BTBVLoadDataCallback loadData;
+  final Lock _lock;
  /// Callback for commiting trust data to persistent storage.
  final BTBVTrustCommitCallback commit;
  /// Callback for removing trust data for a JID.
  final BTBVRemoveTrustForJidCallback removeTrust;
  /// Returns true if [jid] has at least one device that is verified. If not, returns false.
  /// Note that this function accesses devices and trustCache, which requires that the
@ -125,145 +45,95 @@ class BlindTrustBeforeVerificationTrustManager extends TrustManager {
  @override
  Future<bool> isTrusted(String jid, int deviceId) async {
    var returnValue = false;
    await _lock.synchronized(() async {
      final trustCacheValue = trustCache[RatchetMapKey(jid, deviceId)];
      if (trustCacheValue == BTBVTrustState.notTrusted) {
-      return false;
+        returnValue = false;
        return;
      } else if (trustCacheValue == BTBVTrustState.verified) {
        // The key is verified, so it's safe.
-      return true;
+        returnValue = true;
        return;
      } else {
        if (_hasAtLeastOneVerifiedDevice(jid)) {
          // Do not trust if there is at least one device with full trust
-        return false;
+          returnValue = false;
          return;
        } else {
          // We have not verified a key from [jid], so it is blind trust all the way.
-        return true;
+          returnValue = true;
          return;
        }
      }
    });
    return returnValue;
  }
  @override
  Future<void> onNewSession(String jid, int deviceId) async {
-    final key = RatchetMapKey(jid, deviceId);
+    await _lock.synchronized(() async {
      if (_hasAtLeastOneVerifiedDevice(jid)) {
-      trustCache[key] = BTBVTrustState.notTrusted;
+        trustCache[RatchetMapKey(jid, deviceId)] = BTBVTrustState.notTrusted;
      enablementCache[key] = false;
      } else {
-      trustCache[key] = BTBVTrustState.blindTrust;
+        trustCache[RatchetMapKey(jid, deviceId)] = BTBVTrustState.blindTrust;
      enablementCache[key] = true;
      }
-    // Append to the device list
+      if (devices.containsKey(jid)) {
-    devices.appendOrCreate(jid, deviceId, checkExistence: true);
+        devices[jid]!.add(deviceId);
      } else {
        devices[jid] = List<int>.from([deviceId]);
      }
      // Commit the state
-    await commit(
+      await commitState();
-      BTBVTrustData(
+    });
        jid,
        deviceId,
        trustCache[key]!,
        enablementCache[key]!,
        false,
      ),
    );
  }
-  /// Returns a mapping from the device identifiers of [jid] to their trust state. If
+  /// Returns a mapping from the device identifiers of [jid] to their trust state.
-  /// there are no devices known for [jid], then an empty map is returned.
+  Future<Map<int, BTBVTrustState>> getDevicesTrust(String jid) async {
-  Future<Map<int, BTBVTrustData>> getDevicesTrust(String jid) async {
+    final map = <int, BTBVTrustState>{};
    final map = <int, BTBVTrustData>{};
    if (!devices.containsKey(jid)) return map;
    await _lock.synchronized(() async {
      for (final deviceId in devices[jid]!) {
-      final key = RatchetMapKey(jid, deviceId);
+        map[deviceId] = trustCache[RatchetMapKey(jid, deviceId)]!;
      if (!trustCache.containsKey(key) || !enablementCache.containsKey(key)) {
        continue;
      }
      map[deviceId] = BTBVTrustData(
        jid,
        deviceId,
        trustCache[key]!,
        enablementCache[key]!,
        await isTrusted(jid, deviceId),
      );
      }
    });
    return map;
  }
  /// Sets the trust of [jid]'s device with identifier [deviceId] to [state].
-  Future<void> setDeviceTrust(
+  Future<void> setDeviceTrust(String jid, int deviceId, BTBVTrustState state) async {
-    String jid,
+    await _lock.synchronized(() async {
-    int deviceId,
+      trustCache[RatchetMapKey(jid, deviceId)] = state;
    BTBVTrustState state,
  ) async {
    final key = RatchetMapKey(jid, deviceId);
    trustCache[key] = state;
      // Commit the state
-    await commit(
+      await commitState();
-      BTBVTrustData(
+    });
        jid,
        deviceId,
        state,
        enablementCache[key]!,
        false,
      ),
    );
  }
-  @override
+  /// Called when the state of the trust manager has been changed. Allows the user to
-  Future<bool> isEnabled(String jid, int deviceId) async {
+  /// commit the trust state to persistent storage.
-    final value = enablementCache[RatchetMapKey(jid, deviceId)];
+  @visibleForOverriding
  Future<void> commitState();
-    if (value == null) return false;
+  /// Called when the user wants to restore the state of the trust manager. The format
-    return value;
+  /// and actual storage mechanism is left to the user.
-  }
+  @visibleForOverriding
-
+  Future<void> loadState();
  @override
  Future<void> setEnabled(String jid, int deviceId, bool enabled) async {
    final key = RatchetMapKey(jid, deviceId);
    enablementCache[key] = enabled;
    // Commit the state
    await commit(
      BTBVTrustData(
        jid,
        deviceId,
        trustCache[key]!,
        enabled,
        false,
      ),
    );
  }
  @override
  Future<void> removeTrustDecisionsForJid(String jid) async {
    // Clear the caches
    for (final device in devices[jid]!) {
      final key = RatchetMapKey(jid, device);
      trustCache.remove(key);
      enablementCache.remove(key);
    }
    devices.remove(jid);
    // Commit the state
    await removeTrust(jid);
  }
  @override
  Future<void> loadTrustData(String jid) async {
    for (final result in await loadData(jid)) {
      final key = RatchetMapKey(jid, result.device);
      trustCache[key] = result.state;
      enablementCache[key] = result.enabled;
      devices.appendOrCreate(jid, result.device, checkExistence: true);
    }
  }
  @visibleForTesting
-  BTBVTrustState getDeviceTrust(String jid, int deviceId) =>
+  BTBVTrustState getDeviceTrust(String jid, int deviceId) => trustCache[RatchetMapKey(jid, deviceId)]!;
-      trustCache[RatchetMapKey(jid, deviceId)]!;
+}
 /// A BTBV TrustManager that does not commit its state to persistent storage. Well suited
 /// for testing.
 class MemoryBTBVTrustManager extends BlindTrustBeforeVerificationTrustManager {
  @override
  Future<void> commitState() async {}
  @override
  Future<void> loadState() async {}
 }
--- a/lib/src/trust/never.dart
+++ b/lib/src/trust/never.dart
@ -11,16 +11,4 @@ class NeverTrustingTrustManager extends TrustManager {
  @override
  Future<void> onNewSession(String jid, int deviceId) async {}
  @override
  Future<bool> isEnabled(String jid, int deviceId) async => true;
  @override
  Future<void> setEnabled(String jid, int deviceId, bool enabled) async {}
  @override
  Future<void> removeTrustDecisionsForJid(String jid) async {}
  @override
  Future<void> loadTrustData(String jid) async {}
 }
--- a/lib/src/x3dh/x3dh.dart
+++ b/lib/src/x3dh/x3dh.dart
@ -1,16 +1,18 @@
 import 'dart:convert';
 import 'dart:math';
 import 'package:cryptography/cryptography.dart';
 import 'package:moxlib/moxlib.dart';
 import 'package:omemo_dart/src/common/constants.dart';
 import 'package:omemo_dart/src/crypto.dart';
 import 'package:omemo_dart/src/errors.dart';
 import 'package:omemo_dart/src/helpers.dart';
 import 'package:omemo_dart/src/keys.dart';
 import 'package:omemo_dart/src/omemo/bundle.dart';
 /// The overarching assumption is that we use Ed25519 keys for the identity keys
 const omemoX3DHInfoString = 'OMEMO X3DH';
 /// Performed by Alice
 class X3DHAliceResult {
  const X3DHAliceResult(this.ek, this.sk, this.opkId, this.ad);
  final OmemoKeyPair ek;
  final List<int> sk;
@ -20,6 +22,7 @@ class X3DHAliceResult {
 /// Received by Bob
 class X3DHMessage {
  const X3DHMessage(this.ik, this.ek, this.opkId);
  final OmemoPublicKey ik;
  final OmemoPublicKey ek;
@ -27,6 +30,7 @@ class X3DHMessage {
 }
 class X3DHBobResult {
  const X3DHBobResult(this.sk, this.ad);
  final List<int> sk;
  final List<int> ad;
@ -35,10 +39,7 @@ class X3DHBobResult {
 /// Sign [message] using the keypair [keyPair]. Note that [keyPair] must be
 /// a Ed25519 keypair.
 Future<List<int>> sig(OmemoKeyPair keyPair, List<int> message) async {
-  assert(
+  assert(keyPair.type == KeyPairType.ed25519, 'Signature keypair must be Ed25519');
    keyPair.type == KeyPairType.ed25519,
    'Signature keypair must be Ed25519',
  );
  final signature = await Ed25519().sign(
    message,
    keyPair: await keyPair.asKeyPair(),
@ -69,11 +70,7 @@ Future<List<int>> kdf(List<int> km) async {
 /// Alice builds a session with Bob using his bundle [bundle] and Alice's identity key
 /// pair [ik].
-Future<Result<InvalidKeyExchangeSignatureError, X3DHAliceResult>>
+Future<X3DHAliceResult> x3dhFromBundle(OmemoBundle bundle, OmemoKeyPair ik) async {
    x3dhFromBundle(
  OmemoBundle bundle,
  OmemoKeyPair ik,
 ) async {
  // Check the signature first
  final signatureValue = await Ed25519().verify(
    await bundle.spk.getBytes(),
@ -84,7 +81,7 @@ Future<Result<InvalidKeyExchangeSignatureError, X3DHAliceResult>>
  );
  if (!signatureValue) {
-    return Result(InvalidKeyExchangeSignatureError());
+    throw InvalidSignatureException();
  }
  // Generate EK
@ -106,17 +103,12 @@ Future<Result<InvalidKeyExchangeSignatureError, X3DHAliceResult>>
    await bundle.ik.getBytes(),
  ]);
-  return Result(X3DHAliceResult(ek, sk, opkId, ad));
+  return X3DHAliceResult(ek, sk, opkId, ad);
 }
 /// Bob builds the X3DH shared secret from the inital message [msg], the SPK [spk], the
 /// OPK [opk] that was selected by Alice and our IK [ik]. Returns the shared secret.
-Future<X3DHBobResult> x3dhFromInitialMessage(
+Future<X3DHBobResult> x3dhFromInitialMessage(X3DHMessage msg, OmemoKeyPair spk, OmemoKeyPair opk, OmemoKeyPair ik) async {
  X3DHMessage msg,
  OmemoKeyPair spk,
  OmemoKeyPair opk,
  OmemoKeyPair ik,
 ) async {
  final dh1 = await omemoDH(spk, msg.ik, 2);
  final dh2 = await omemoDH(ik,  msg.ek, 1);
  final dh3 = await omemoDH(spk, msg.ek, 0);
--- a/omemo_dart.doap
+++ b/omemo_dart.doap
@ -1,53 +0,0 @@
 <?xml version='1.0' encoding='UTF-8'?>
 <rdf:RDF xmlns:rdf='http://www.w3.org/1999/02/22-rdf-syntax-ns#'
         xmlns="http://usefulinc.com/ns/doap#"
         xmlns:foaf="http://xmlns.com/foaf/0.1/"
         xmlns:xmpp="https://linkmauve.fr/ns/xmpp-doap#"
         xmlns:schema="https://schema.org/">
  <Project xml:lang='en'>
    <!-- Moxxy information -->
    <name>omemo_dart</name>
    <created>2022-06-30</created>
    <homepage rdf:resource="https://github.com/PapaTutuWawa/omemo_dart" />
    <os>Linux</os>
    <os>Windows</os>
    <os>macOS</os>
    <os>Android</os>
    <os>iOS</os>
    <!-- Description -->
    <shortdesc xml:lang="de">A Dart implementation of the cryptography needed for OMEMO 0.8.3</shortdesc>
    <description xml:lang="en">omemo_dart is a pure Dart implementation of the low-level components (X3DH, Double Ratchet) with a high-level library-agnostic interface for implementing OMEMO 0.8.3.</description>
    <!-- Maintainer information -->
    <maintainer>
      <foaf:Person>
      	<foaf:name>Alexander "Polynomdivision"</foaf:name>
      	<foaf:homepage rdf:resource="https://polynom.me" />
      </foaf:Person>
    </maintainer>
    <!-- Channel list -->
    <developer-forum rdf:resource='xmpp:dev@muc.moxxy.org?join'/>
    <!-- Repository information -->
    <programming-language>Dart</programming-language>
    <bug-database rdf:resource="https://github.com/PapaTutuWawa/omemo_dart/issues" />
    <license rdf:resource="https://github.com/PapaTutuWawa/omemo_dart/blob/master/LICENSE" />
    <repository>
      <GitRepository>
        <browse rdf:resource="https://github.com/PapaTutuWawa/omemo_dart" />
        <location rdf:resource="https://github.com/PapaTutuWawa/omemo_dart.git" />
      </GitRepository>
    </repository>
    <!-- XEP list -->
    <implements>
      <xmpp:SupportedXep>
        <xmpp:xep rdf:resource="https://xmpp.org/extensions/xep-0384.html"/>
        <xmpp:status>partial</xmpp:status>
        <xmpp:version>0.8.3</xmpp:version>
      </xmpp:SupportedXep>
    </implements>
  </Project>
 </rdf:RDF>
--- a/pubspec.yaml
+++ b/pubspec.yaml
@ -1,27 +1,23 @@
 name: omemo_dart
 description: An XMPP library independent OMEMO library
-version: 0.6.0
+version: 0.2.0
 homepage: https://github.com/PapaTutuWawa/omemo_dart
 publish_to: https://git.polynom.me/api/packages/PapaTutuWawa/pub
 environment:
-  sdk: ">=3.0.0 <4.0.0"
+  sdk: '>=2.17.0 <3.0.0'
 dependencies:
-  collection: ^1.18.0
+  collection: ^1.16.0
-  cryptography: ^2.7.0
+  cryptography: ^2.0.5
  hex: ^0.2.0
-  logging: ^1.2.0
+  meta: ^1.8.0
-  meta: ^1.15.0
+  pinenacl: ^0.5.1
-  moxlib:
+  synchronized: ^3.0.0+2
    version: ^0.2.0
    hosted: https://git.polynom.me/api/packages/Moxxy/pub
  pinenacl: ^0.6.0
  protobuf: ^3.1.0
  protoc_plugin: ^21.1.2
  synchronized: ^3.3.0+3
 dev_dependencies:
-  lints: ^5.0.0
+  lints: ^2.0.0
-  test: ^1.25.8
+  protobuf: ^2.1.0
-  very_good_analysis: ^6.0.0
+  protoc_plugin: ^20.0.1
  test: ^1.21.0
  very_good_analysis: ^3.0.1
--- a/test/double_ratchet_test.dart
+++ b/test/double_ratchet_test.dart
@ -1,10 +1,39 @@
 // ignore_for_file: avoid_print
 import 'dart:convert';
 import 'dart:developer';
 import 'package:cryptography/cryptography.dart';
 import 'package:omemo_dart/omemo_dart.dart';
 import 'package:omemo_dart/protobuf/schema.pb.dart';
 import 'package:omemo_dart/src/double_ratchet/crypto.dart';
 import 'package:test/test.dart';
 void main() {
  test('Test encrypting and decrypting', () async {
    final sessionAd = List<int>.filled(32, 0x0);
    final mk = List<int>.filled(32, 0x1);
    final plaintext = utf8.encode('Hallo');
    final header = OMEMOMessage()
      ..n = 0
      ..pn = 0
      ..dhPub = List<int>.empty();
    final asd = concat([sessionAd, header.writeToBuffer()]);
    final ciphertext = await encrypt(
      mk,
      plaintext,
      asd,
      sessionAd,
    );
    final decrypted = await decrypt(
      mk,
      ciphertext,
      asd,
      sessionAd,
    );
    expect(decrypted, plaintext);
  });
  test('Test the Double Ratchet', () async {
    // Generate keys
    const bobJid = 'bob@other.example.server';
@ -28,8 +57,7 @@ void main() {
    );
    // Alice does X3DH
-    final resultAliceRaw = await x3dhFromBundle(bundleBob, ikAlice);
+    final resultAlice = await x3dhFromBundle(bundleBob, ikAlice);
    final resultAlice = resultAliceRaw.get<X3DHAliceResult>();
    // Alice sends the inital message to Bob
    // ...
@ -46,26 +74,20 @@ void main() {
      ikBob,
    );
-    log('X3DH key exchange done');
+    print('X3DH key exchange done');
    // Alice and Bob now share sk as a common secret and ad
    // Build a session
    final alicesRatchet = await OmemoDoubleRatchet.initiateNewSession(
      spkBob.pk,
      bundleBob.spkId,
      ikBob.pk,
      ikAlice.pk,
      resultAlice.ek.pk,
      resultAlice.sk,
      resultAlice.ad,
      resultAlice.opkId,
    );
    final bobsRatchet = await OmemoDoubleRatchet.acceptNewSession(
      spkBob,
      bundleBob.spkId,
      ikAlice.pk,
      2,
      resultAlice.ek.pk,
      resultBob.sk,
      resultBob.ad,
    );
@ -75,42 +97,38 @@ void main() {
    for (var i = 0; i < 100; i++) {
      final messageText = 'Hello, dear $i';
      log('${i + 1}/100');
      if (i.isEven) {
        // Alice encrypts a message
-        final aliceRatchetResult =
+        final aliceRatchetResult = await alicesRatchet.ratchetEncrypt(utf8.encode(messageText));
-            await alicesRatchet.ratchetEncrypt(utf8.encode(messageText));
+        print('Alice sent the message');
        log('Alice sent the message');
        // Alice sends it to Bob
        // ...
        // Bob tries to decrypt it
        final bobRatchetResult = await bobsRatchet.ratchetDecrypt(
-          aliceRatchetResult,
+          aliceRatchetResult.header,
          aliceRatchetResult.ciphertext,
        );
-        log('Bob decrypted the message');
+        print('Bob decrypted the message');
-        expect(bobRatchetResult.isType<List<int>>(), true);
+        expect(utf8.encode(messageText), bobRatchetResult);
        expect(bobRatchetResult.get<List<int>>(), utf8.encode(messageText));
      } else {
        // Bob sends a message to Alice
-        final bobRatchetResult =
+        final bobRatchetResult = await bobsRatchet.ratchetEncrypt(utf8.encode(messageText));
-            await bobsRatchet.ratchetEncrypt(utf8.encode(messageText));
+        print('Bob sent the message');
        log('Bob sent the message');
        // Bobs sends it to Alice
        // ...
        // Alice tries to decrypt it
        final aliceRatchetResult = await alicesRatchet.ratchetDecrypt(
-          bobRatchetResult,
+          bobRatchetResult.header,
          bobRatchetResult.ciphertext,
        );
-        log('Alice decrypted the message');
+        print('Alice decrypted the message');
-        expect(aliceRatchetResult.isType<List<int>>(), true);
+        expect(utf8.encode(messageText), aliceRatchetResult);
        expect(aliceRatchetResult.get<List<int>>(), utf8.encode(messageText));
        expect(utf8.encode(messageText), aliceRatchetResult.get<List<int>>());
      }
    }
  });
--- a/test/omemo_test.dart
+++ b/test/omemo_test.dart
--- a/test/protobuf_test.dart
+++ b/test/protobuf_test.dart
@ -0,0 +1,174 @@
 import 'package:omemo_dart/protobuf/schema.pb.dart';
 import 'package:omemo_dart/src/protobuf/omemo_authenticated_message.dart';
 import 'package:omemo_dart/src/protobuf/omemo_key_exchange.dart';
 import 'package:omemo_dart/src/protobuf/omemo_message.dart';
 import 'package:omemo_dart/src/protobuf/protobuf.dart';
 import 'package:test/test.dart';
 void main() {
  group('Base 128 Varints', () {
    test('Test simple parsing of Varints', () {
      expect(
        decodeVarint(<int>[1], 0).n,
        1,
      );
      expect(
        decodeVarint(<int>[1], 0).length,
        1,
      );
      expect(
        decodeVarint(<int>[0x96, 0x01, 0x00], 0).n,
        150,
      );
      expect(
        decodeVarint(<int>[0x96, 0x01, 0x00], 0).length,
        2,
      );
      expect(
        decodeVarint(<int>[172, 2, 0x8], 0).n,
        300,
      );
      expect(
        decodeVarint(<int>[172, 2, 0x8], 0).length,
        2,
      );
    });
    test('Test encoding Varints', () {
      expect(
        encodeVarint(1),
        <int>[1],
      );
      expect(
        encodeVarint(150),
        <int>[0x96, 0x01],
      );
      expect(
        encodeVarint(300),
        <int>[172, 2],
      );
    });
  });
  group('OMEMOMessage', () {
    test('Decode a OMEMOMessage', () {
      final pbMessage = OMEMOMessage()
        ..n = 1
        ..pn = 5
        ..dhPub = <int>[1, 2, 3]
        ..ciphertext = <int>[4, 5, 6];
      final serial = pbMessage.writeToBuffer();
      final msg = OmemoMessage.fromBuffer(serial);
      expect(msg.n, 1);
      expect(msg.pn, 5);
      expect(msg.dhPub, <int>[1, 2, 3]);
      expect(msg.ciphertext, <int>[4, 5, 6]);
    });
    test('Decode a OMEMOMessage without ciphertext', () {
      final pbMessage = OMEMOMessage()
        ..n = 1
        ..pn = 5
        ..dhPub = <int>[1, 2, 3];
      final serial = pbMessage.writeToBuffer();
      final msg = OmemoMessage.fromBuffer(serial);
      expect(msg.n, 1);
      expect(msg.pn, 5);
      expect(msg.dhPub, <int>[1, 2, 3]);
      expect(msg.ciphertext, null);
    });
    test('Encode a OMEMOMessage', () {
      final m = OmemoMessage()
        ..n = 1
        ..pn = 5
        ..dhPub = <int>[1, 2, 3]
        ..ciphertext = <int>[4, 5, 6];
      final serial = m.writeToBuffer();
      final msg = OMEMOMessage.fromBuffer(serial);
      expect(msg.n, 1);
      expect(msg.pn, 5);
      expect(msg.dhPub, <int>[1, 2, 3]);
      expect(msg.ciphertext, <int>[4, 5, 6]);
    });
    test('Encode a OMEMOMessage without ciphertext', () {
      final m = OmemoMessage()
        ..n = 1
        ..pn = 5
        ..dhPub = <int>[1, 2, 3];
      final serial = m.writeToBuffer();
      final msg = OMEMOMessage.fromBuffer(serial);
      expect(msg.n, 1);
      expect(msg.pn, 5);
      expect(msg.dhPub, <int>[1, 2, 3]);
      expect(msg.ciphertext, <int>[]);
    });
  });
  group('OMEMOAuthenticatedMessage', () {
    test('Test encoding a message', () {
      final msg = OmemoAuthenticatedMessage()
        ..mac = <int>[1, 2, 3]
        ..message = <int>[4, 5, 6];
      final decoded = OMEMOAuthenticatedMessage.fromBuffer(msg.writeToBuffer());
      expect(decoded.mac, <int>[1, 2, 3]);
      expect(decoded.message, <int>[4, 5, 6]);
    });
    test('Test decoding a message', () {
      final msg = OMEMOAuthenticatedMessage()
        ..mac = <int>[1, 2, 3]
        ..message = <int>[4, 5, 6];
      final bytes = msg.writeToBuffer();
      final decoded = OmemoAuthenticatedMessage.fromBuffer(bytes);
      expect(decoded.mac, <int>[1, 2, 3]);
      expect(decoded.message, <int>[4, 5, 6]);
    });
  });
  group('OMEMOKeyExchange', () {
    test('Test encoding a message', () {
      final authMessage = OmemoAuthenticatedMessage()
        ..mac = <int>[5, 6, 8, 0]
        ..message = <int>[4, 5, 7, 3, 2];
      final message = OmemoKeyExchange()
        ..pkId = 698
        ..spkId = 245
        ..ik = <int>[1, 4, 6]
        ..ek = <int>[4, 6, 7, 80]
        ..message = authMessage;
      final kex = OMEMOKeyExchange.fromBuffer(message.writeToBuffer());
      expect(kex.pkId, 698);
      expect(kex.spkId, 245);
      expect(kex.ik, <int>[1, 4, 6]);
      expect(kex.ek, <int>[4, 6, 7, 80]);
      expect(kex.message.mac, <int>[5, 6, 8, 0]);
      expect(kex.message.message, <int>[4, 5, 7, 3, 2]);
    });
    test('Test decoding a message', () {
      final message = OMEMOAuthenticatedMessage()
        ..mac = <int>[5, 6, 8, 0]
        ..message = <int>[4, 5, 7, 3, 2];
      final kex = OMEMOKeyExchange()
        ..pkId = 698
        ..spkId = 245
        ..ik = <int>[1, 4, 6]
        ..ek = <int>[4, 6, 7, 80]
        ..message = message;
      final decoded = OmemoKeyExchange.fromBuffer(kex.writeToBuffer());
      expect(decoded.pkId, 698);
      expect(decoded.spkId, 245);
      expect(decoded.ik, <int>[1, 4, 6]);
      expect(decoded.ek, <int>[4 ,6 ,7 , 80]);
      expect(decoded.message!.mac, <int>[5, 6, 8, 0]);
      expect(decoded.message!.message, <int>[4, 5, 7, 3, 2]);
    });
  });
 }
--- a/test/queue_test.dart
+++ b/test/queue_test.dart
@ -1,62 +0,0 @@
 import 'dart:async';
 import 'package:omemo_dart/src/omemo/queue.dart';
 import 'package:test/test.dart';
 Future<void> testMethod(
  RatchetAccessQueue queue,
  List<String> data,
  int duration,
 ) async {
  await queue.enterCriticalSection(data);
  await Future<void>.delayed(Duration(seconds: duration));
  await queue.leaveCriticalSection(data);
 }
 void main() {
  test('Test blocking due to conflicts', () async {
    final queue = RatchetAccessQueue();
    unawaited(testMethod(queue, ['a', 'b', 'c'], 5));
    unawaited(testMethod(queue, ['a'], 4));
    await Future<void>.delayed(const Duration(seconds: 1));
    expect(
      queue.runningOperations.containsAll(['a', 'b', 'c']),
      isTrue,
    );
    expect(queue.runningOperations.length, 3);
    await Future<void>.delayed(const Duration(seconds: 4));
    expect(
      queue.runningOperations.containsAll(['a']),
      isTrue,
    );
    expect(queue.runningOperations.length, 1);
    await Future<void>.delayed(const Duration(seconds: 4));
    expect(queue.runningOperations.length, 0);
  });
  test('Test not blocking due to no conflicts', () async {
    final queue = RatchetAccessQueue();
    unawaited(testMethod(queue, ['a', 'b'], 5));
    unawaited(testMethod(queue, ['c'], 5));
    unawaited(testMethod(queue, ['d'], 5));
    await Future<void>.delayed(const Duration(seconds: 1));
    expect(queue.runningOperations.length, 4);
    expect(
      queue.runningOperations.containsAll([
        'a',
        'b',
        'c',
        'd',
      ]),
      isTrue,
    );
  });
 }
--- a/test/serialisation_test.dart
+++ b/test/serialisation_test.dart
@ -0,0 +1,107 @@
 import 'package:omemo_dart/omemo_dart.dart';
 import 'package:omemo_dart/src/trust/always.dart';
 import 'package:test/test.dart';
 void main() {
  test('Test serialising and deserialising the Device', () async {
    // Generate a random session
    final oldSession = await OmemoSessionManager.generateNewIdentity(
      'user@test.server',
      AlwaysTrustingTrustManager(),
      opkAmount: 1,
    );
    final oldDevice = await oldSession.getDevice();
    final serialised = await oldDevice.toJson();
    final newDevice = Device.fromJson(serialised);
    expect(await oldDevice.equals(newDevice), true);
  });
  test('Test serialising and deserialising the Device after rotating the SPK', () async {
    // Generate a random session
    final oldSession = await OmemoSessionManager.generateNewIdentity(
      'user@test.server',
      AlwaysTrustingTrustManager(),
      opkAmount: 1,
    );
    final oldDevice = await (await oldSession.getDevice()).replaceSignedPrekey();
    final serialised = await oldDevice.toJson();
    final newDevice = Device.fromJson(serialised);
    expect(await oldDevice.equals(newDevice), true);
  });
  test('Test serialising and deserialising the OmemoDoubleRatchet', () async {
    // Generate a random ratchet
    const aliceJid = 'alice@server.example';
    const bobJid = 'bob@other.server.example';
    final aliceSession = await OmemoSessionManager.generateNewIdentity(
      aliceJid,
      AlwaysTrustingTrustManager(),
      opkAmount: 1,
    );
    final bobSession = await OmemoSessionManager.generateNewIdentity(
      bobJid,
      AlwaysTrustingTrustManager(),
      opkAmount: 1,
    );
    final aliceMessage = await aliceSession.encryptToJid(
      bobJid,
      'Hello Bob!',
      newSessions: [
        await bobSession.getDeviceBundle(),
      ],
    );
    await bobSession.decryptMessage(
      aliceMessage.ciphertext,
      aliceJid,
      await aliceSession.getDeviceId(),
      aliceMessage.encryptedKeys,
    );
    final aliceOld = aliceSession.getRatchet(bobJid, await bobSession.getDeviceId());
    final aliceSerialised = await aliceOld.toJson();
    final aliceNew = OmemoDoubleRatchet.fromJson(aliceSerialised);
    expect(await aliceOld.equals(aliceNew), true);
  });
  test('Test serialising and deserialising the OmemoSessionManager', () async {
    // Generate a random session
    final oldSession = await OmemoSessionManager.generateNewIdentity(
      'a@server',
      AlwaysTrustingTrustManager(),
      opkAmount: 4,
    );
    final bobSession = await OmemoSessionManager.generateNewIdentity(
      'b@other.server',
      AlwaysTrustingTrustManager(),
      opkAmount: 4,
    );
    await oldSession.addSessionFromBundle(
      'bob@localhost',
      await bobSession.getDeviceId(),
      await bobSession.getDeviceBundle(),
    );
    // Serialise and deserialise
    final serialised = await oldSession.toJson();
    final newSession = OmemoSessionManager.fromJson(
      serialised,
      AlwaysTrustingTrustManager(),
    );
    final oldDevice = await oldSession.getDevice();
    final newDevice = await newSession.getDevice();
    expect(await oldDevice.equals(newDevice), true);
    expect(await oldSession.getDeviceMap(), await newSession.getDeviceMap());
    expect(oldSession.getRatchetMap().length, newSession.getRatchetMap().length);
    for (final session in oldSession.getRatchetMap().entries) {
      expect(newSession.getRatchetMap().containsKey(session.key), true);
      final oldRatchet = oldSession.getRatchetMap()[session.key]!;
      final newRatchet = newSession.getRatchetMap()[session.key]!;
      expect(await oldRatchet.equals(newRatchet), true);
    }
  });
 }
--- a/test/trust_test.dart
+++ b/test/trust_test.dart
@ -4,7 +4,7 @@ import 'package:test/test.dart';
 void main() {
  test('Test the Blind Trust Before Verification TrustManager', () async {
    // Caroline's BTBV manager
-    final btbv = BlindTrustBeforeVerificationTrustManager();
+    final btbv = MemoryBTBVTrustManager();
    // Example data
    const aliceJid = 'alice@some.server';
    const bobJid = 'bob@other.server';
@ -12,7 +12,6 @@ void main() {
    // Caroline starts a chat a device from Alice
    await btbv.onNewSession(aliceJid, 1);
    expect(await btbv.isTrusted(aliceJid, 1), true);
    expect(await btbv.isEnabled(aliceJid, 1), true);
    // Caroline meets with Alice and verifies her fingerprint
    await btbv.setDeviceTrust(aliceJid, 1, BTBVTrustState.verified);
@ -22,7 +21,6 @@ void main() {
    await btbv.onNewSession(aliceJid, 2);
    expect(await btbv.isTrusted(aliceJid, 2), false);
    expect(btbv.getDeviceTrust(aliceJid, 2), BTBVTrustState.notTrusted);
    expect(await btbv.isEnabled(aliceJid, 2), false);
    // Caronline starts a chat with Bob but since they live far apart, Caroline cannot
    // verify his fingerprint.
@ -34,7 +32,5 @@ void main() {
    expect(await btbv.isTrusted(bobJid, 4), true);
    expect(btbv.getDeviceTrust(bobJid, 3), BTBVTrustState.blindTrust);
    expect(btbv.getDeviceTrust(bobJid, 4), BTBVTrustState.blindTrust);
    expect(await btbv.isEnabled(bobJid, 3), true);
    expect(await btbv.isEnabled(bobJid, 4), true);
  });
 }
--- a/test/x3dh_test.dart
+++ b/test/x3dh_test.dart
@ -26,8 +26,7 @@ void main() {
    );
    // Alice does X3DH
-    final resultAliceRaw = await x3dhFromBundle(bundleBob, ikAlice);
+    final resultAlice = await x3dhFromBundle(bundleBob, ikAlice);
    final resultAlice = resultAliceRaw.get<X3DHAliceResult>();
    // Alice sends the inital message to Bob
    // ...
@ -69,7 +68,14 @@ void main() {
    );
    // Alice does X3DH
-    final result = await x3dhFromBundle(bundleBob, ikAlice);
+    var exception = false;
-    expect(result.isType<InvalidKeyExchangeSignatureError>(), isTrue);
+    try {
      await x3dhFromBundle(bundleBob, ikAlice);
    } catch(e) {
      exception = true;
      expect(e is InvalidSignatureException, true, reason: 'Expected InvalidSignatureException, but got $e');
    }
    expect(exception, true, reason: 'Expected test failure');
  });
 }