Merge `signal-protocol` into `omemo` plugin

Same reasoning as for the `openpgp` plugin.

16 files changed, 2708 insertions, 4 deletions

diff --git a/plugins/omemo/CMakeLists.txt b/plugins/omemo/CMakeLists.txt
index dc9a93b0..7ecaa0b8 100644
--- a/plugins/omemo/CMakeLists.txt
+++ b/plugins/omemo/CMakeLists.txt
@@ -12,6 +12,11 @@ find_packages(OMEMO_PACKAGES REQUIRED
     GTK4
 )
 
+# libsignal-protocol-c has a history of breaking compatibility on the patch level
+# we'll have to check compatibility for every new release
+# distro maintainers may update this dependency after compatibility tests
+find_package(SignalProtocol 2.3.2 REQUIRED)
+
 set(RESOURCE_LIST
     contact_details_dialog.ui
     manage_key_dialog.ui
@@ -52,6 +57,14 @@ SOURCES
     src/protocol/message_flag.vala
     src/protocol/stream_module.vala
 
+    src/signal/context.vala
+    src/signal/simple_iks.vala
+    src/signal/simple_ss.vala
+    src/signal/simple_pks.vala
+    src/signal/simple_spks.vala
+    src/signal/store.vala
+    src/signal/util.vala
+
     src/ui/account_settings_entry.vala
     src/ui/bad_messages_populator.vala
     src/ui/call_encryption_entry.vala
@@ -64,22 +77,52 @@ SOURCES
     src/ui/util.vala
 CUSTOM_VAPIS
     ${CMAKE_BINARY_DIR}/exports/crypto-vala.vapi
-    ${CMAKE_BINARY_DIR}/exports/signal-protocol.vapi
     ${CMAKE_BINARY_DIR}/exports/xmpp-vala.vapi
     ${CMAKE_BINARY_DIR}/exports/qlite.vapi
     ${CMAKE_BINARY_DIR}/exports/dino.vapi
     ${CMAKE_CURRENT_SOURCE_DIR}/vapi/libqrencode.vapi
+    ${CMAKE_CURRENT_SOURCE_DIR}/vapi/libsignal-protocol-c.vapi
 PACKAGES
     ${OMEMO_PACKAGES}
 GRESOURCES
     ${OMEMO_GRESOURCES_XML}
+GENERATE_VAPI
+    omemo
+GENERATE_HEADER
+    omemo
 )
 
-add_definitions(${VALA_CFLAGS} -DGETTEXT_PACKAGE=\"${GETTEXT_PACKAGE}\" -DLOCALE_INSTALL_DIR=\"${LOCALE_INSTALL_DIR}\"  -DG_LOG_DOMAIN="OMEMO")
-add_library(omemo SHARED ${OMEMO_VALA_C} ${OMEMO_GRESOURCES_TARGET})
+add_definitions(${VALA_CFLAGS} -DGETTEXT_PACKAGE=\"${GETTEXT_PACKAGE}\" -DLOCALE_INSTALL_DIR=\"${LOCALE_INSTALL_DIR}\" -DG_LOG_DOMAIN="OMEMO")
+add_library(omemo SHARED ${OMEMO_VALA_C} ${OMEMO_GRESOURCES_TARGET} ${CMAKE_CURRENT_SOURCE_DIR}/src/signal/signal_helper.c)
 add_dependencies(omemo ${GETTEXT_PACKAGE}-translations)
-target_link_libraries(omemo libdino signal-protocol-vala crypto-vala ${OMEMO_PACKAGES} libqrencode)
+target_include_directories(omemo PUBLIC src)
+target_link_libraries(omemo libdino crypto-vala gcrypt ${OMEMO_PACKAGES} libqrencode signal-protocol-c)
 set_target_properties(omemo PROPERTIES PREFIX "")
 set_target_properties(omemo PROPERTIES LIBRARY_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/plugins/)
 
 install(TARGETS omemo ${PLUGIN_INSTALL})
+
+if(BUILD_TESTS)
+    vala_precompile(OMEMO_TEST_VALA_C
+    SOURCES
+        "tests/signal/common.vala"
+        "tests/signal/testcase.vala"
+
+        "tests/signal/curve25519.vala"
+        "tests/signal/hkdf.vala"
+        "tests/signal/session_builder.vala"
+    CUSTOM_VAPIS
+        ${CMAKE_BINARY_DIR}/exports/omemo_internal.vapi
+        ${CMAKE_BINARY_DIR}/exports/qlite.vapi
+        ${CMAKE_BINARY_DIR}/exports/xmpp-vala.vapi
+        ${CMAKE_BINARY_DIR}/exports/dino.vapi
+        ${CMAKE_CURRENT_SOURCE_DIR}/vapi/libsignal-protocol-c.vapi
+    PACKAGES
+        ${OMEMO_PACKAGES}
+    )
+
+    set(CFLAGS ${VALA_CFLAGS})
+    add_executable(omemo-test ${OMEMO_TEST_VALA_C})
+    add_dependencies(omemo-test omemo)
+    target_link_libraries(omemo-test omemo ${OMEMO_PACKAGES})
+endif(BUILD_TESTS)
diff --git a/plugins/omemo/src/signal/context.vala b/plugins/omemo/src/signal/context.vala
new file mode 100644
index 00000000..40a07b0f
--- /dev/null
+++ b/plugins/omemo/src/signal/context.vala
@@ -0,0 +1,103 @@
+namespace Signal {
+
+public class Context {
+    internal NativeContext native_context;
+    private RecMutex mutex = RecMutex();
+
+    static void locking_function_lock(void* user_data) {
+        Context ctx = (Context) user_data;
+        ctx.mutex.lock();
+    }
+
+    static void locking_function_unlock(void* user_data) {
+        Context ctx = (Context) user_data;
+        ctx.mutex.unlock();
+    }
+
+    static void stderr_log(LogLevel level, string message, size_t len, void* user_data) {
+        printerr(@"$level: $message\n");
+    }
+
+    public Context(bool log = false) throws Error {
+        throw_by_code(NativeContext.create(out native_context, this), "Error initializing native context");
+        throw_by_code(native_context.set_locking_functions(locking_function_lock, locking_function_unlock), "Error initializing native locking functions");
+        if (log) native_context.set_log_function(stderr_log);
+        setup_crypto_provider(native_context);
+    }
+
+    public Store create_store() {
+        return new Store(this);
+    }
+
+    public void randomize(uint8[] data) throws Error {
+        throw_by_code(Signal.native_random(data));
+    }
+
+    public SignedPreKeyRecord generate_signed_pre_key(IdentityKeyPair identity_key_pair, int32 id, uint64 timestamp = 0) throws Error {
+        if (timestamp == 0) timestamp = new DateTime.now_utc().to_unix();
+        SignedPreKeyRecord res;
+        throw_by_code(Protocol.KeyHelper.generate_signed_pre_key(out res, identity_key_pair, id, timestamp, native_context));
+        return res;
+    }
+
+    public Gee.Set<PreKeyRecord> generate_pre_keys(uint start, uint count) throws Error {
+        Gee.Set<PreKeyRecord> res = new Gee.HashSet<PreKeyRecord>();
+        for(uint i = start; i < start+count; i++) {
+            ECKeyPair pair = generate_key_pair();
+            PreKeyRecord record;
+            throw_by_code(PreKeyRecord.create(out record, i, pair));
+            res.add(record);
+        }
+        return res;
+    }
+
+    public ECPublicKey decode_public_key(uint8[] bytes) throws Error {
+        ECPublicKey public_key;
+        throw_by_code(curve_decode_point(out public_key, bytes, native_context), "Error decoding public key");
+        return public_key;
+    }
+
+    public ECPrivateKey decode_private_key(uint8[] bytes) throws Error {
+        ECPrivateKey private_key;
+        throw_by_code(curve_decode_private_point(out private_key, bytes, native_context), "Error decoding private key");
+        return private_key;
+    }
+
+    public ECKeyPair generate_key_pair() throws Error {
+        ECKeyPair key_pair;
+        throw_by_code(curve_generate_key_pair(native_context, out key_pair), "Error generating key pair");
+        return key_pair;
+    }
+
+    public uint8[] calculate_signature(ECPrivateKey signing_key, uint8[] message) throws Error {
+        Buffer signature;
+        throw_by_code(Curve.calculate_signature(native_context, out signature, signing_key, message), "Error calculating signature");
+        return signature.data;
+    }
+
+    public SignalMessage deserialize_signal_message(uint8[] data) throws Error {
+        SignalMessage res;
+        throw_by_code(signal_message_deserialize(out res, data, native_context));
+        return res;
+    }
+
+    public SignalMessage copy_signal_message(CiphertextMessage original) throws Error {
+        SignalMessage res;
+        throw_by_code(signal_message_copy(out res, (SignalMessage) original, native_context));
+        return res;
+    }
+
+    public PreKeySignalMessage deserialize_pre_key_signal_message(uint8[] data) throws Error {
+        PreKeySignalMessage res;
+        throw_by_code(pre_key_signal_message_deserialize(out res, data, native_context));
+        return res;
+    }
+
+    public PreKeySignalMessage copy_pre_key_signal_message(CiphertextMessage original) throws Error {
+        PreKeySignalMessage res;
+        throw_by_code(pre_key_signal_message_copy(out res, (PreKeySignalMessage) original, native_context));
+        return res;
+    }
+}
+
+}
diff --git a/plugins/omemo/src/signal/signal_helper.c b/plugins/omemo/src/signal/signal_helper.c
new file mode 100644
index 00000000..17682929
--- /dev/null
+++ b/plugins/omemo/src/signal/signal_helper.c
@@ -0,0 +1,377 @@
+#include "signal_helper.h"
+
+#include <gcrypt.h>
+
+signal_type_base* signal_type_ref_vapi(void* instance) {
+    g_return_val_if_fail(instance != NULL, NULL);
+    signal_type_ref(instance);
+    return instance;
+}
+
+signal_type_base* signal_type_unref_vapi(void* instance) {
+    g_return_val_if_fail(instance != NULL, NULL);
+    signal_type_unref(instance);
+    return NULL;
+}
+
+signal_protocol_address* signal_protocol_address_new(const gchar* name, int32_t device_id) {
+    g_return_val_if_fail(name != NULL, NULL);
+    signal_protocol_address* address = malloc(sizeof(signal_protocol_address));
+    address->device_id = -1;
+    address->name = NULL;
+    signal_protocol_address_set_name(address, name);
+    signal_protocol_address_set_device_id(address, device_id);
+    return address;
+}
+
+void signal_protocol_address_free(signal_protocol_address* ptr) {
+    g_return_if_fail(ptr != NULL);
+    if (ptr->name) {
+        g_free((void*)ptr->name);
+    }
+    return free(ptr);
+}
+
+void signal_protocol_address_set_name(signal_protocol_address* self, const gchar* name) {
+    g_return_if_fail(self != NULL);
+    g_return_if_fail(name != NULL);
+    gchar* n = g_malloc(strlen(name)+1);
+    memcpy(n, name, strlen(name));
+    n[strlen(name)] = 0;
+    if (self->name) {
+        g_free((void*)self->name);
+    }
+    self->name = n;
+    self->name_len = strlen(n);
+}
+
+gchar* signal_protocol_address_get_name(signal_protocol_address* self) {
+    g_return_val_if_fail(self != NULL, NULL);
+    g_return_val_if_fail(self->name != NULL, 0);
+    gchar* res = g_malloc(sizeof(char) * (self->name_len + 1));
+    memcpy(res, self->name, self->name_len);
+    res[self->name_len] = 0;
+    return res;
+}
+
+int32_t signal_protocol_address_get_device_id(signal_protocol_address* self) {
+    g_return_val_if_fail(self != NULL, -1);
+    return self->device_id;
+}
+
+void signal_protocol_address_set_device_id(signal_protocol_address* self, int32_t device_id) {
+    g_return_if_fail(self != NULL);
+    self->device_id = device_id;
+}
+
+int signal_vala_randomize(uint8_t *data, size_t len) {
+    gcry_randomize(data, len, GCRY_STRONG_RANDOM);
+    return SG_SUCCESS;
+}
+
+int signal_vala_random_generator(uint8_t *data, size_t len, void *user_data) {
+    gcry_randomize(data, len, GCRY_STRONG_RANDOM);
+    return SG_SUCCESS;
+}
+
+int signal_vala_hmac_sha256_init(void **hmac_context, const uint8_t *key, size_t key_len, void *user_data) {
+    gcry_mac_hd_t* ctx = malloc(sizeof(gcry_mac_hd_t));
+    if (!ctx) return SG_ERR_NOMEM;
+
+    if (gcry_mac_open(ctx, GCRY_MAC_HMAC_SHA256, 0, 0)) {
+        free(ctx);
+        return SG_ERR_UNKNOWN;
+    }
+
+    if (gcry_mac_setkey(*ctx, key, key_len)) {
+        free(ctx);
+        return SG_ERR_UNKNOWN;
+    }
+
+    *hmac_context = ctx;
+
+    return SG_SUCCESS;
+}
+
+int signal_vala_hmac_sha256_update(void *hmac_context, const uint8_t *data, size_t data_len, void *user_data) {
+    gcry_mac_hd_t* ctx = hmac_context;
+
+    if (gcry_mac_write(*ctx, data, data_len)) return SG_ERR_UNKNOWN;
+
+    return SG_SUCCESS;
+}
+
+int signal_vala_hmac_sha256_final(void *hmac_context, signal_buffer **output, void *user_data) {
+    size_t len = gcry_mac_get_algo_maclen(GCRY_MAC_HMAC_SHA256);
+    uint8_t md[len];
+    gcry_mac_hd_t* ctx = hmac_context;
+
+    if (gcry_mac_read(*ctx, md, &len)) return SG_ERR_UNKNOWN;
+
+    signal_buffer *output_buffer = signal_buffer_create(md, len);
+    if (!output_buffer) return SG_ERR_NOMEM;
+
+    *output = output_buffer;
+
+    return SG_SUCCESS;
+}
+
+void signal_vala_hmac_sha256_cleanup(void *hmac_context, void *user_data) {
+    gcry_mac_hd_t* ctx = hmac_context;
+    if (ctx) {
+        gcry_mac_close(*ctx);
+        free(ctx);
+    }
+}
+
+int signal_vala_sha512_digest_init(void **digest_context, void *user_data) {
+    gcry_md_hd_t* ctx = malloc(sizeof(gcry_mac_hd_t));
+    if (!ctx) return SG_ERR_NOMEM;
+
+    if (gcry_md_open(ctx, GCRY_MD_SHA512, 0)) {
+        free(ctx);
+        return SG_ERR_UNKNOWN;
+    }
+
+    *digest_context = ctx;
+
+    return SG_SUCCESS;
+}
+
+int signal_vala_sha512_digest_update(void *digest_context, const uint8_t *data, size_t data_len, void *user_data) {
+    gcry_md_hd_t* ctx = digest_context;
+
+    gcry_md_write(*ctx, data, data_len);
+
+    return SG_SUCCESS;
+}
+
+int signal_vala_sha512_digest_final(void *digest_context, signal_buffer **output, void *user_data) {
+    size_t len = gcry_md_get_algo_dlen(GCRY_MD_SHA512);
+    gcry_md_hd_t* ctx = digest_context;
+
+    uint8_t* md = gcry_md_read(*ctx, GCRY_MD_SHA512);
+    if (!md) return SG_ERR_UNKNOWN;
+
+    gcry_md_reset(*ctx);
+
+    signal_buffer *output_buffer = signal_buffer_create(md, len);
+    free(md);
+    if (!output_buffer) return SG_ERR_NOMEM;
+
+    *output = output_buffer;
+
+    return SG_SUCCESS;
+}
+
+void signal_vala_sha512_digest_cleanup(void *digest_context, void *user_data) {
+    gcry_md_hd_t* ctx = digest_context;
+    if (ctx) {
+        gcry_md_close(*ctx);
+        free(ctx);
+    }
+}
+
+const int aes_cipher(int cipher, size_t key_len, int* algo, int* mode) {
+    switch (key_len) {
+        case 16:
+            *algo = GCRY_CIPHER_AES128;
+            break;
+        case 24:
+            *algo = GCRY_CIPHER_AES192;
+            break;
+        case 32:
+            *algo = GCRY_CIPHER_AES256;
+            break;
+        default:
+            return SG_ERR_UNKNOWN;
+    }
+    switch (cipher) {
+        case SG_CIPHER_AES_CBC_PKCS5:
+            *mode = GCRY_CIPHER_MODE_CBC;
+            break;
+        case SG_CIPHER_AES_CTR_NOPADDING:
+            *mode = GCRY_CIPHER_MODE_CTR;
+            break;
+        case SG_CIPHER_AES_GCM_NOPADDING:
+            *mode = GCRY_CIPHER_MODE_GCM;
+            break;
+        default:
+            return SG_ERR_UNKNOWN;
+    }
+    return SG_SUCCESS;
+}
+
+int signal_vala_encrypt(signal_buffer **output,
+        int cipher,
+        const uint8_t *key, size_t key_len,
+        const uint8_t *iv, size_t iv_len,
+        const uint8_t *plaintext, size_t plaintext_len,
+        void *user_data) {
+    int algo, mode, error_code = SG_ERR_UNKNOWN;
+    if (aes_cipher(cipher, key_len, &algo, &mode)) return SG_ERR_INVAL;
+
+    gcry_cipher_hd_t ctx = {0};
+
+    if (gcry_cipher_open(&ctx, algo, mode, 0)) return SG_ERR_NOMEM;
+
+    signal_buffer* padded = 0;
+    signal_buffer* out_buf = 0;
+    goto no_error;
+error:
+    gcry_cipher_close(ctx);
+    if (padded != 0) {
+        signal_buffer_bzero_free(padded);
+    }
+    if (out_buf != 0) {
+        signal_buffer_free(out_buf);
+    }
+    return error_code;
+no_error:
+
+    if (gcry_cipher_setkey(ctx, key, key_len)) goto error;
+
+    uint8_t tag_len = 0, pad_len = 0;
+    switch (cipher) {
+        case SG_CIPHER_AES_CBC_PKCS5:
+            if (gcry_cipher_setiv(ctx, iv, iv_len)) goto error;
+            pad_len = 16 - (plaintext_len % 16);
+            if (pad_len == 0) pad_len = 16;
+            break;
+        case SG_CIPHER_AES_CTR_NOPADDING:
+            if (gcry_cipher_setctr(ctx, iv, iv_len)) goto error;
+            break;
+        case SG_CIPHER_AES_GCM_NOPADDING:
+            if (gcry_cipher_setiv(ctx, iv, iv_len)) goto error;
+            tag_len = 16;
+            break;
+        default:
+            return SG_ERR_UNKNOWN;
+    }
+
+    size_t padded_len = plaintext_len + pad_len;
+    padded = signal_buffer_alloc(padded_len);
+    if (padded == 0) {
+        error_code = SG_ERR_NOMEM;
+        goto error;
+    }
+
+    memset(signal_buffer_data(padded) + plaintext_len, pad_len, pad_len);
+    memcpy(signal_buffer_data(padded), plaintext, plaintext_len);
+
+    out_buf = signal_buffer_alloc(padded_len + tag_len);
+    if (out_buf == 0) {
+        error_code = SG_ERR_NOMEM;
+        goto error;
+    }
+
+    if (gcry_cipher_encrypt(ctx, signal_buffer_data(out_buf), padded_len, signal_buffer_data(padded), padded_len)) goto error;
+
+    if (tag_len > 0) {
+        if (gcry_cipher_gettag(ctx, signal_buffer_data(out_buf) + padded_len, tag_len)) goto error;
+    }
+
+    *output = out_buf;
+    out_buf = 0;
+
+    signal_buffer_bzero_free(padded);
+    padded = 0;
+
+    gcry_cipher_close(ctx);
+    return SG_SUCCESS;
+}
+
+int signal_vala_decrypt(signal_buffer **output,
+        int cipher,
+        const uint8_t *key, size_t key_len,
+        const uint8_t *iv, size_t iv_len,
+        const uint8_t *ciphertext, size_t ciphertext_len,
+        void *user_data) {
+    int algo, mode, error_code = SG_ERR_UNKNOWN;
+    *output = 0;
+    if (aes_cipher(cipher, key_len, &algo, &mode)) return SG_ERR_INVAL;
+    if (ciphertext_len == 0) return SG_ERR_INVAL;
+
+    gcry_cipher_hd_t ctx = {0};
+
+    if (gcry_cipher_open(&ctx, algo, mode, 0)) return SG_ERR_NOMEM;
+
+    signal_buffer* out_buf = 0;
+    goto no_error;
+error:
+    gcry_cipher_close(ctx);
+    if (out_buf != 0) {
+        signal_buffer_bzero_free(out_buf);
+    }
+    return error_code;
+no_error:
+
+    if (gcry_cipher_setkey(ctx, key, key_len)) goto error;
+
+    uint8_t tag_len = 0, pkcs_pad = FALSE;
+    switch (cipher) {
+        case SG_CIPHER_AES_CBC_PKCS5:
+            if (gcry_cipher_setiv(ctx, iv, iv_len)) goto error;
+            pkcs_pad = TRUE;
+            break;
+        case SG_CIPHER_AES_CTR_NOPADDING:
+            if (gcry_cipher_setctr(ctx, iv, iv_len)) goto error;
+            break;
+        case SG_CIPHER_AES_GCM_NOPADDING:
+            if (gcry_cipher_setiv(ctx, iv, iv_len)) goto error;
+            if (ciphertext_len < 16) goto error;
+            tag_len = 16;
+            break;
+        default:
+            goto error;
+    }
+
+    size_t padded_len = ciphertext_len - tag_len;
+    out_buf = signal_buffer_alloc(padded_len);
+    if (out_buf == 0) {
+        error_code = SG_ERR_NOMEM;
+        goto error;
+    }
+
+    if (gcry_cipher_decrypt(ctx, signal_buffer_data(out_buf), signal_buffer_len(out_buf), ciphertext, padded_len)) goto error;
+
+    if (tag_len > 0) {
+        if (gcry_cipher_checktag(ctx, ciphertext + padded_len, tag_len)) goto error;
+    }
+
+    if (pkcs_pad) {
+        uint8_t pad_len = signal_buffer_data(out_buf)[padded_len - 1];
+        if (pad_len > 16 || pad_len > padded_len) goto error;
+        *output = signal_buffer_create(signal_buffer_data(out_buf), padded_len - pad_len);
+        signal_buffer_bzero_free(out_buf);
+        out_buf = 0;
+    } else {
+        *output = out_buf;
+        out_buf = 0;
+    }
+
+    gcry_cipher_close(ctx);
+    return SG_SUCCESS;
+}
+
+void setup_signal_vala_crypto_provider(signal_context *context)
+{
+    gcry_check_version(NULL);
+
+    signal_crypto_provider provider = {
+            .random_func = signal_vala_random_generator,
+            .hmac_sha256_init_func = signal_vala_hmac_sha256_init,
+            .hmac_sha256_update_func = signal_vala_hmac_sha256_update,
+            .hmac_sha256_final_func = signal_vala_hmac_sha256_final,
+            .hmac_sha256_cleanup_func = signal_vala_hmac_sha256_cleanup,
+            .sha512_digest_init_func = signal_vala_sha512_digest_init,
+            .sha512_digest_update_func = signal_vala_sha512_digest_update,
+            .sha512_digest_final_func = signal_vala_sha512_digest_final,
+            .sha512_digest_cleanup_func = signal_vala_sha512_digest_cleanup,
+            .encrypt_func = signal_vala_encrypt,
+            .decrypt_func = signal_vala_decrypt,
+            .user_data = 0
+    };
+
+    signal_context_set_crypto_provider(context, &provider);
+}
diff --git a/plugins/omemo/src/signal/signal_helper.h b/plugins/omemo/src/signal/signal_helper.h
new file mode 100644
index 00000000..949a3c7b
--- /dev/null
+++ b/plugins/omemo/src/signal/signal_helper.h
@@ -0,0 +1,45 @@
+#ifndef SIGNAL_PROTOCOL_VALA_HELPER
+#define SIGNAL_PROTOCOL_VALA_HELPER 1
+
+#include <signal/signal_protocol.h>
+#include <string.h>
+#include <glib.h>
+
+#define SG_CIPHER_AES_GCM_NOPADDING 1000
+
+signal_type_base* signal_type_ref_vapi(void* what);
+signal_type_base* signal_type_unref_vapi(void* what);
+
+signal_protocol_address* signal_protocol_address_new(const gchar* name, int32_t device_id);
+void signal_protocol_address_free(signal_protocol_address* ptr);
+void signal_protocol_address_set_name(signal_protocol_address* self, const gchar* name);
+gchar* signal_protocol_address_get_name(signal_protocol_address* self);
+void signal_protocol_address_set_device_id(signal_protocol_address* self, int32_t device_id);
+int32_t signal_protocol_address_get_device_id(signal_protocol_address* self);
+
+int signal_vala_randomize(uint8_t *data, size_t len);
+int signal_vala_random_generator(uint8_t *data, size_t len, void *user_data);
+int signal_vala_hmac_sha256_init(void **hmac_context, const uint8_t *key, size_t key_len, void *user_data);
+int signal_vala_hmac_sha256_update(void *hmac_context, const uint8_t *data, size_t data_len, void *user_data);
+int signal_vala_hmac_sha256_final(void *hmac_context, signal_buffer **output, void *user_data);
+void signal_vala_hmac_sha256_cleanup(void *hmac_context, void *user_data);
+int signal_vala_sha512_digest_init(void **digest_context, void *user_data);
+int signal_vala_sha512_digest_update(void *digest_context, const uint8_t *data, size_t data_len, void *user_data);
+int signal_vala_sha512_digest_final(void *digest_context, signal_buffer **output, void *user_data);
+void signal_vala_sha512_digest_cleanup(void *digest_context, void *user_data);
+
+int signal_vala_encrypt(signal_buffer **output,
+        int cipher,
+        const uint8_t *key, size_t key_len,
+        const uint8_t *iv, size_t iv_len,
+        const uint8_t *plaintext, size_t plaintext_len,
+        void *user_data);
+int signal_vala_decrypt(signal_buffer **output,
+        int cipher,
+        const uint8_t *key, size_t key_len,
+        const uint8_t *iv, size_t iv_len,
+        const uint8_t *ciphertext, size_t ciphertext_len,
+        void *user_data);
+void setup_signal_vala_crypto_provider(signal_context *context);
+
+#endif
diff --git a/plugins/omemo/src/signal/simple_iks.vala b/plugins/omemo/src/signal/simple_iks.vala
new file mode 100644
index 00000000..5247c455
--- /dev/null
+++ b/plugins/omemo/src/signal/simple_iks.vala
@@ -0,0 +1,40 @@
+using Gee;
+
+namespace Signal {
+
+public class SimpleIdentityKeyStore : IdentityKeyStore {
+    public override Bytes identity_key_private { get; set; }
+    public override Bytes identity_key_public { get; set; }
+    public override uint32 local_registration_id { get; set; }
+    private Map<string, Map<int, IdentityKeyStore.TrustedIdentity>> trusted_identities = new HashMap<string, Map<int, IdentityKeyStore.TrustedIdentity>>();
+
+    public override void save_identity(Address address, uint8[] key) throws Error {
+        string name = address.name;
+        if (trusted_identities.has_key(name)) {
+            if (trusted_identities[name].has_key(address.device_id)) {
+                trusted_identities[name][address.device_id].key = key;
+                trusted_identity_updated(trusted_identities[name][address.device_id]);
+            } else {
+                trusted_identities[name][address.device_id] = new TrustedIdentity.by_address(address, key);
+                trusted_identity_added(trusted_identities[name][address.device_id]);
+            }
+        } else {
+            trusted_identities[name] = new HashMap<int, IdentityKeyStore.TrustedIdentity>();
+            trusted_identities[name][address.device_id] = new TrustedIdentity.by_address(address, key);
+            trusted_identity_added(trusted_identities[name][address.device_id]);
+        }
+    }
+
+    public override bool is_trusted_identity(Address address, uint8[] key) throws Error {
+        if (!trusted_identities.has_key(address.name)) return true;
+        if (!trusted_identities[address.name].has_key(address.device_id)) return true;
+        uint8[] other_key = trusted_identities[address.name][address.device_id].key;
+        if (other_key.length != key.length) return false;
+        for (int i = 0; i < key.length; i++) {
+            if (other_key[i] != key[i]) return false;
+        }
+        return true;
+    }
+}
+
+}
diff --git a/plugins/omemo/src/signal/simple_pks.vala b/plugins/omemo/src/signal/simple_pks.vala
new file mode 100644
index 00000000..1f059fda
--- /dev/null
+++ b/plugins/omemo/src/signal/simple_pks.vala
@@ -0,0 +1,33 @@
+using Gee;
+
+namespace Signal {
+
+public class SimplePreKeyStore : PreKeyStore {
+    private Map<uint32, PreKeyStore.Key> pre_key_map = new HashMap<uint32, PreKeyStore.Key>();
+
+    public override uint8[]? load_pre_key(uint32 pre_key_id) throws Error {
+        if (contains_pre_key(pre_key_id)) {
+            return pre_key_map[pre_key_id].record;
+        }
+        return null;
+    }
+
+    public override void store_pre_key(uint32 pre_key_id, uint8[] record) throws Error {
+        PreKeyStore.Key key = new Key(pre_key_id, record);
+        pre_key_map[pre_key_id] = key;
+        pre_key_stored(key);
+    }
+
+    public override bool contains_pre_key(uint32 pre_key_id) throws Error {
+        return pre_key_map.has_key(pre_key_id);
+    }
+
+    public override void delete_pre_key(uint32 pre_key_id) throws Error {
+        PreKeyStore.Key key;
+        if (pre_key_map.unset(pre_key_id, out key)) {
+            pre_key_deleted(key);
+        }
+    }
+}
+
+}
\ No newline at end of file
diff --git a/plugins/omemo/src/signal/simple_spks.vala b/plugins/omemo/src/signal/simple_spks.vala
new file mode 100644
index 00000000..f0fe09ab
--- /dev/null
+++ b/plugins/omemo/src/signal/simple_spks.vala
@@ -0,0 +1,33 @@
+using Gee;
+
+namespace Signal {
+
+public class SimpleSignedPreKeyStore : SignedPreKeyStore {
+    private Map<uint32, SignedPreKeyStore.Key> pre_key_map = new HashMap<uint32, SignedPreKeyStore.Key>();
+
+    public override uint8[]? load_signed_pre_key(uint32 pre_key_id) throws Error {
+        if (contains_signed_pre_key(pre_key_id)) {
+            return pre_key_map[pre_key_id].record;
+        }
+        return null;
+    }
+
+    public override void store_signed_pre_key(uint32 pre_key_id, uint8[] record) throws Error {
+        SignedPreKeyStore.Key key = new Key(pre_key_id, record);
+        pre_key_map[pre_key_id] = key;
+        signed_pre_key_stored(key);
+    }
+
+    public override bool contains_signed_pre_key(uint32 pre_key_id) throws Error {
+        return pre_key_map.has_key(pre_key_id);
+    }
+
+    public override void delete_signed_pre_key(uint32 pre_key_id) throws Error {
+        SignedPreKeyStore.Key key;
+        if (pre_key_map.unset(pre_key_id, out key)) {
+            signed_pre_key_deleted(key);
+        }
+    }
+}
+
+}
\ No newline at end of file
diff --git a/plugins/omemo/src/signal/simple_ss.vala b/plugins/omemo/src/signal/simple_ss.vala
new file mode 100644
index 00000000..5213f736
--- /dev/null
+++ b/plugins/omemo/src/signal/simple_ss.vala
@@ -0,0 +1,75 @@
+using Gee;
+
+namespace Signal {
+
+public class SimpleSessionStore : SessionStore {
+
+    private Map<string, ArrayList<SessionStore.Session>> session_map = new HashMap<string, ArrayList<SessionStore.Session>>();
+
+    public override uint8[]? load_session(Address address) throws Error {
+        if (session_map.has_key(address.name)) {
+            foreach (SessionStore.Session session in session_map[address.name]) {
+                if (session.device_id == address.device_id) return session.record;
+            }
+        }
+        return null;
+    }
+
+    public override IntList get_sub_device_sessions(string name) throws Error {
+        IntList res = new IntList();
+        if (session_map.has_key(name)) {
+            foreach (SessionStore.Session session in session_map[name]) {
+                res.add(session.device_id);
+            }
+        }
+        return res;
+    }
+
+    public override void store_session(Address address, uint8[] record) throws Error {
+        if (contains_session(address)) {
+            delete_session(address);
+        }
+        if (!session_map.has_key(address.name)) {
+            session_map[address.name] = new ArrayList<SessionStore.Session>();
+        }
+        SessionStore.Session session = new Session() { name = address.name, device_id = address.device_id, record = record };
+        session_map[address.name].add(session);
+        session_stored(session);
+    }
+
+    public override bool contains_session(Address address) throws Error {
+        if (!session_map.has_key(address.name)) return false;
+        foreach (SessionStore.Session session in session_map[address.name]) {
+            if (session.device_id == address.device_id) return true;
+        }
+        return false;
+    }
+
+    public override void delete_session(Address address) throws Error {
+        if (!session_map.has_key(address.name)) throw_by_code(ErrorCode.UNKNOWN, "No session found");
+        foreach (SessionStore.Session session in session_map[address.name]) {
+            if (session.device_id == address.device_id) {
+                session_map[address.name].remove(session);
+                if (session_map[address.name].size == 0) {
+                    session_map.unset(address.name);
+                }
+                session_removed(session);
+                return;
+            }
+        }
+    }
+
+    public override void delete_all_sessions(string name) throws Error {
+        if (session_map.has_key(name)) {
+            foreach (SessionStore.Session session in session_map[name]) {
+                session_map[name].remove(session);
+                if (session_map[name].size == 0) {
+                    session_map.unset(name);
+                }
+                session_removed(session);
+            }
+        }
+    }
+}
+
+}
\ No newline at end of file
diff --git a/plugins/omemo/src/signal/store.vala b/plugins/omemo/src/signal/store.vala
new file mode 100644
index 00000000..b440d838
--- /dev/null
+++ b/plugins/omemo/src/signal/store.vala
@@ -0,0 +1,415 @@
+namespace Signal {
+
+public abstract class IdentityKeyStore : Object {
+    public abstract Bytes identity_key_private { get; set; }
+    public abstract Bytes identity_key_public { get; set; }
+    public abstract uint32 local_registration_id { get; set; }
+
+    public signal void trusted_identity_added(TrustedIdentity id);
+    public signal void trusted_identity_updated(TrustedIdentity id);
+
+    public abstract void save_identity(Address address, uint8[] key) throws Error ;
+
+    public abstract bool is_trusted_identity(Address address, uint8[] key) throws Error ;
+
+    public class TrustedIdentity {
+        public uint8[] key { get; set; }
+        public string name { get; private set; }
+        public int device_id { get; private set; }
+
+        public TrustedIdentity(string name, int device_id, uint8[] key) {
+            this.key = key;
+            this.name = name;
+            this.device_id = device_id;
+        }
+
+        public TrustedIdentity.by_address(Address address, uint8[] key) {
+            this(address.name, address.device_id, key);
+        }
+    }
+}
+
+public abstract class SessionStore : Object {
+
+    public signal void session_stored(Session session);
+    public signal void session_removed(Session session);
+    public abstract uint8[]? load_session(Address address) throws Error ;
+
+    public abstract IntList get_sub_device_sessions(string name) throws Error ;
+
+    public abstract void store_session(Address address, uint8[] record) throws Error ;
+
+    public abstract bool contains_session(Address address) throws Error ;
+
+    public abstract void delete_session(Address address) throws Error ;
+
+    public abstract void delete_all_sessions(string name) throws Error ;
+
+    public class Session {
+        public string name;
+        public int device_id;
+        public uint8[] record;
+    }
+}
+
+public abstract class PreKeyStore : Object {
+
+    public signal void pre_key_stored(Key key);
+    public signal void pre_key_deleted(Key key);
+
+    public abstract uint8[]? load_pre_key(uint32 pre_key_id) throws Error ;
+
+    public abstract void store_pre_key(uint32 pre_key_id, uint8[] record) throws Error ;
+
+    public abstract bool contains_pre_key(uint32 pre_key_id) throws Error ;
+
+    public abstract void delete_pre_key(uint32 pre_key_id) throws Error ;
+
+    public class Key {
+        public uint32 key_id { get; private set; }
+        public uint8[] record { get; private set; }
+
+        public Key(uint32 key_id, uint8[] record) {
+            this.key_id = key_id;
+            this.record = record;
+        }
+    }
+}
+
+public abstract class SignedPreKeyStore : Object {
+
+    public signal void signed_pre_key_stored(Key key);
+    public signal void signed_pre_key_deleted(Key key);
+
+    public abstract uint8[]? load_signed_pre_key(uint32 pre_key_id) throws Error ;
+
+    public abstract void store_signed_pre_key(uint32 pre_key_id, uint8[] record) throws Error ;
+
+    public abstract bool contains_signed_pre_key(uint32 pre_key_id) throws Error ;
+
+    public abstract void delete_signed_pre_key(uint32 pre_key_id) throws Error ;
+
+    public class Key {
+        public uint32 key_id { get; private set; }
+        public uint8[] record { get; private set; }
+
+        public Key(uint32 key_id, uint8[] record) {
+            this.key_id = key_id;
+            this.record = record;
+        }
+    }
+}
+
+public class Store : Object {
+    public Context context { get; private set; }
+    public IdentityKeyStore identity_key_store { get; set; default = new SimpleIdentityKeyStore(); }
+    public SessionStore session_store { get; set; default = new SimpleSessionStore(); }
+    public PreKeyStore pre_key_store { get; set; default = new SimplePreKeyStore(); }
+    public SignedPreKeyStore signed_pre_key_store { get; set; default = new SimpleSignedPreKeyStore(); }
+    public uint32 local_registration_id { get { return identity_key_store.local_registration_id; } }
+    internal NativeStoreContext native_context {get { return native_store_context_; }}
+    private NativeStoreContext native_store_context_;
+
+    static int iks_get_identity_key_pair(out Buffer public_data, out Buffer private_data, void* user_data) {
+        Store store = (Store) user_data;
+        public_data = new Buffer.from(store.identity_key_store.identity_key_public.get_data());
+        private_data = new Buffer.from(store.identity_key_store.identity_key_private.get_data());
+        return 0;
+    }
+
+    static int iks_get_local_registration_id(void* user_data, out uint32 registration_id) {
+        Store store = (Store) user_data;
+        registration_id = store.identity_key_store.local_registration_id;
+        return 0;
+    }
+
+    static int iks_save_identity(Address address, uint8[] key, void* user_data) {
+        Store store = (Store) user_data;
+        return catch_to_code(() => {
+            store.identity_key_store.save_identity(address, key);
+            return 0;
+        });
+    }
+
+    static int iks_is_trusted_identity(Address address, uint8[] key, void* user_data) {
+        Store store = (Store) user_data;
+        return catch_to_code(() => {
+            return store.identity_key_store.is_trusted_identity(address, key) ? 1 : 0;
+        });
+    }
+
+    static void iks_destroy_func(void* user_data) {
+    }
+
+    static int ss_load_session_func(out Buffer? record, out Buffer? user_record, Address address, void* user_data) {
+        Store store = (Store) user_data;
+        user_record = null; // No support for user_record
+        uint8[]? res = null;
+        try {
+            res = store.session_store.load_session(address);
+        } catch (Error e) {
+            record = null;
+            return e.code;
+        }
+        if (res == null) {
+            record = null;
+            return 0;
+        }
+        record = new Buffer.from((!)res);
+        if (record == null) return ErrorCode.NOMEM;
+        return 1;
+    }
+
+    static int ss_get_sub_device_sessions_func(out IntList? sessions, char[] name, void* user_data) {
+        Store store = (Store) user_data;
+        try {
+            sessions = store.session_store.get_sub_device_sessions(carr_to_string(name));
+        } catch (Error e) {
+            sessions = null;
+            return e.code;
+        }
+        return 0;
+    }
+
+    static int ss_store_session_func(Address address, uint8[] record, uint8[] user_record, void* user_data) {
+        // Ignoring user_record
+        Store store = (Store) user_data;
+        return catch_to_code(() => {
+            store.session_store.store_session(address, record);
+            return 0;
+        });
+    }
+
+    static int ss_contains_session_func(Address address, void* user_data) {
+        Store store = (Store) user_data;
+        return catch_to_code(() => {
+            return store.session_store.contains_session(address) ? 1 : 0;
+        });
+    }
+
+    static int ss_delete_session_func(Address address, void* user_data) {
+        Store store = (Store) user_data;
+        return catch_to_code(() => {
+            store.session_store.delete_session(address);
+            return 0;
+        });
+    }
+
+    static int ss_delete_all_sessions_func(char[] name, void* user_data) {
+        Store store = (Store) user_data;
+        return catch_to_code(() => {
+            store.session_store.delete_all_sessions(carr_to_string(name));
+            return 0;
+        });
+    }
+
+    static void ss_destroy_func(void* user_data) {
+    }
+
+    static int pks_load_pre_key(out Buffer? record, uint32 pre_key_id, void* user_data) {
+        Store store = (Store) user_data;
+        uint8[]? res = null;
+        try {
+            res = store.pre_key_store.load_pre_key(pre_key_id);
+        } catch (Error e) {
+            record = null;
+            return e.code;
+        }
+        if (res == null) {
+            record = new Buffer(0);
+            return 0;
+        }
+        record = new Buffer.from((!)res);
+        if (record == null) return ErrorCode.NOMEM;
+        return 1;
+    }
+
+    static int pks_store_pre_key(uint32 pre_key_id, uint8[] record, void* user_data) {
+        Store store = (Store) user_data;
+        return catch_to_code(() => {
+            store.pre_key_store.store_pre_key(pre_key_id, record);
+            return 0;
+        });
+    }
+
+    static int pks_contains_pre_key(uint32 pre_key_id, void* user_data) {
+        Store store = (Store) user_data;
+        return catch_to_code(() => {
+            return store.pre_key_store.contains_pre_key(pre_key_id) ? 1 : 0;
+        });
+    }
+
+    static int pks_remove_pre_key(uint32 pre_key_id, void* user_data) {
+        Store store = (Store) user_data;
+        return catch_to_code(() => {
+            store.pre_key_store.delete_pre_key(pre_key_id);
+            return 0;
+        });
+    }
+
+    static void pks_destroy_func(void* user_data) {
+    }
+
+    static int spks_load_signed_pre_key(out Buffer? record, uint32 pre_key_id, void* user_data) {
+        Store store = (Store) user_data;
+        uint8[]? res = null;
+        try {
+            res = store.signed_pre_key_store.load_signed_pre_key(pre_key_id);
+        } catch (Error e) {
+            record = null;
+            return e.code;
+        }
+        if (res == null) {
+            record = new Buffer(0);
+            return 0;
+        }
+        record = new Buffer.from((!)res);
+        if (record == null) return ErrorCode.NOMEM;
+        return 1;
+    }
+
+    static int spks_store_signed_pre_key(uint32 pre_key_id, uint8[] record, void* user_data) {
+        Store store = (Store) user_data;
+        return catch_to_code(() => {
+            store.signed_pre_key_store.store_signed_pre_key(pre_key_id, record);
+            return 0;
+        });
+    }
+
+    static int spks_contains_signed_pre_key(uint32 pre_key_id, void* user_data) {
+        Store store = (Store) user_data;
+        return catch_to_code(() => {
+            return store.signed_pre_key_store.contains_signed_pre_key(pre_key_id) ? 1 : 0;
+        });
+    }
+
+    static int spks_remove_signed_pre_key(uint32 pre_key_id, void* user_data) {
+        Store store = (Store) user_data;
+        return catch_to_code(() => {
+            store.signed_pre_key_store.delete_signed_pre_key(pre_key_id);
+            return 0;
+        });
+    }
+
+    static void spks_destroy_func(void* user_data) {
+    }
+
+    internal Store(Context context) {
+        this.context = context;
+        NativeStoreContext.create(out native_store_context_, context.native_context);
+
+        NativeIdentityKeyStore iks = NativeIdentityKeyStore() {
+            get_identity_key_pair = iks_get_identity_key_pair,
+            get_local_registration_id = iks_get_local_registration_id,
+            save_identity = iks_save_identity,
+            is_trusted_identity = iks_is_trusted_identity,
+            destroy_func = iks_destroy_func,
+            user_data = this
+        };
+        native_context.set_identity_key_store(iks);
+
+        NativeSessionStore ss = NativeSessionStore() {
+            load_session_func = ss_load_session_func,
+            get_sub_device_sessions_func = ss_get_sub_device_sessions_func,
+            store_session_func = ss_store_session_func,
+            contains_session_func = ss_contains_session_func,
+            delete_session_func = ss_delete_session_func,
+            delete_all_sessions_func = ss_delete_all_sessions_func,
+            destroy_func = ss_destroy_func,
+            user_data = this
+        };
+        native_context.set_session_store(ss);
+
+        NativePreKeyStore pks = NativePreKeyStore() {
+            load_pre_key = pks_load_pre_key,
+            store_pre_key = pks_store_pre_key,
+            contains_pre_key = pks_contains_pre_key,
+            remove_pre_key = pks_remove_pre_key,
+            destroy_func = pks_destroy_func,
+            user_data = this
+        };
+        native_context.set_pre_key_store(pks);
+
+        NativeSignedPreKeyStore spks = NativeSignedPreKeyStore() {
+            load_signed_pre_key = spks_load_signed_pre_key,
+            store_signed_pre_key = spks_store_signed_pre_key,
+            contains_signed_pre_key = spks_contains_signed_pre_key,
+            remove_signed_pre_key = spks_remove_signed_pre_key,
+            destroy_func = spks_destroy_func,
+            user_data = this
+        };
+        native_context.set_signed_pre_key_store(spks);
+    }
+
+    public SessionBuilder create_session_builder(Address other) throws Error {
+        SessionBuilder builder;
+        throw_by_code(session_builder_create(out builder, native_context, other, context.native_context), "Error creating session builder");
+        return builder;
+    }
+
+    public SessionCipher create_session_cipher(Address other) throws Error {
+        SessionCipher cipher;
+        throw_by_code(session_cipher_create(out cipher, native_context, other, context.native_context));
+        return cipher;
+    }
+
+    public IdentityKeyPair identity_key_pair {
+        owned get {
+            IdentityKeyPair pair;
+            Protocol.Identity.get_key_pair(native_context, out pair);
+            return pair;
+        }
+    }
+
+    public bool is_trusted_identity(Address address, ECPublicKey key) throws Error {
+        return throw_by_code(Protocol.Identity.is_trusted_identity(native_context, address, key)) == 1;
+    }
+
+    public void save_identity(Address address, ECPublicKey key) throws Error {
+        throw_by_code(Protocol.Identity.save_identity(native_context, address, key));
+    }
+
+    public bool contains_session(Address other) throws Error {
+        return throw_by_code(Protocol.Session.contains_session(native_context, other)) == 1;
+    }
+
+    public void delete_session(Address address) throws Error {
+        throw_by_code(Protocol.Session.delete_session(native_context, address));
+    }
+
+    public SessionRecord load_session(Address other) throws Error {
+        SessionRecord record;
+        throw_by_code(Protocol.Session.load_session(native_context, out record, other));
+        return record;
+    }
+
+    public bool contains_pre_key(uint32 pre_key_id) throws Error {
+        return throw_by_code(Protocol.PreKey.contains_key(native_context, pre_key_id)) == 1;
+    }
+
+    public void store_pre_key(PreKeyRecord record) throws Error {
+        throw_by_code(Protocol.PreKey.store_key(native_context, record));
+    }
+
+    public PreKeyRecord load_pre_key(uint32 pre_key_id) throws Error {
+        PreKeyRecord res;
+        throw_by_code(Protocol.PreKey.load_key(native_context, out res, pre_key_id));
+        return res;
+    }
+
+    public bool contains_signed_pre_key(uint32 pre_key_id) throws Error {
+        return throw_by_code(Protocol.SignedPreKey.contains_key(native_context, pre_key_id)) == 1;
+    }
+
+    public void store_signed_pre_key(SignedPreKeyRecord record) throws Error {
+        throw_by_code(Protocol.SignedPreKey.store_key(native_context, record));
+    }
+
+    public SignedPreKeyRecord load_signed_pre_key(uint32 pre_key_id) throws Error {
+        SignedPreKeyRecord res;
+        throw_by_code(Protocol.SignedPreKey.load_key(native_context, out res, pre_key_id));
+        return res;
+    }
+}
+
+}
diff --git a/plugins/omemo/src/signal/util.vala b/plugins/omemo/src/signal/util.vala
new file mode 100644
index 00000000..4c0ae72d
--- /dev/null
+++ b/plugins/omemo/src/signal/util.vala
@@ -0,0 +1,45 @@
+namespace Signal {
+
+public ECPublicKey generate_public_key(ECPrivateKey private_key) throws Error {
+    ECPublicKey public_key;
+    throw_by_code(ECPublicKey.generate(out public_key, private_key), "Error generating public key");
+
+    return public_key;
+}
+
+public uint8[] calculate_agreement(ECPublicKey public_key, ECPrivateKey private_key) throws Error {
+    uint8[] res;
+    int len = Curve.calculate_agreement(out res, public_key, private_key);
+    throw_by_code(len, "Error calculating agreement");
+    res.length = len;
+    return res;
+}
+
+public bool verify_signature(ECPublicKey signing_key, uint8[] message, uint8[] signature) throws Error {
+    return throw_by_code(Curve.verify_signature(signing_key, message, signature)) == 1;
+}
+
+public PreKeyBundle create_pre_key_bundle(uint32 registration_id, int device_id, uint32 pre_key_id, ECPublicKey? pre_key_public,
+        uint32 signed_pre_key_id, ECPublicKey? signed_pre_key_public, uint8[]? signed_pre_key_signature, ECPublicKey? identity_key) throws Error {
+    PreKeyBundle res;
+    throw_by_code(PreKeyBundle.create(out res, registration_id, device_id, pre_key_id, pre_key_public, signed_pre_key_id, signed_pre_key_public, signed_pre_key_signature, identity_key), "Error creating PreKeyBundle");
+    return res;
+}
+
+internal string carr_to_string(char[] carr) {
+    char[] nu = new char[carr.length + 1];
+    Memory.copy(nu, carr, carr.length);
+    return (string) nu;
+}
+
+internal delegate int CodeErroringFunc() throws Error;
+
+internal int catch_to_code(CodeErroringFunc func) {
+    try {
+        return func();
+    } catch (Error e) {
+        return e.code;
+    }
+}
+
+}
\ No newline at end of file
diff --git a/plugins/omemo/tests/signal/common.vala b/plugins/omemo/tests/signal/common.vala
new file mode 100644
index 00000000..9bb9b1dc
--- /dev/null
+++ b/plugins/omemo/tests/signal/common.vala
@@ -0,0 +1,92 @@
+namespace Signal.Test {
+
+int main(string[] args) {
+    GLib.Test.init(ref args);
+    GLib.Test.set_nonfatal_assertions();
+    TestSuite.get_root().add_suite(new Curve25519().get_suite());
+    TestSuite.get_root().add_suite(new SessionBuilderTest().get_suite());
+    TestSuite.get_root().add_suite(new HKDF().get_suite());
+    return GLib.Test.run();
+}
+
+Store setup_test_store_context(Context global_context) {
+    Store store = global_context.create_store();
+    try {
+        store.identity_key_store.local_registration_id = (Random.next_int() % 16380) + 1;
+
+        ECKeyPair key_pair = global_context.generate_key_pair();
+        store.identity_key_store.identity_key_private = new Bytes(key_pair.private.serialize());
+        store.identity_key_store.identity_key_public = new Bytes(key_pair.public.serialize());
+    } catch (Error e) {
+        fail_if_reached();
+    }
+    return store;
+}
+
+ECPublicKey? create_test_ec_public_key(Context context) {
+    try {
+        return context.generate_key_pair().public;
+    } catch (Error e) {
+        fail_if_reached();
+        return null;
+    }
+}
+
+bool fail_if(bool exp, string? reason = null) {
+    if (exp) {
+        if (reason != null) GLib.Test.message(reason);
+        GLib.Test.fail();
+        return true;
+    }
+    return false;
+}
+
+void fail_if_reached(string? reason = null) {
+    fail_if(true, reason);
+}
+
+delegate void ErrorFunc() throws Error;
+
+void fail_if_not_error_code(ErrorFunc func, int expectedCode, string? reason = null) {
+    try {
+        func();
+        fail_if_reached(@"$(reason + ": " ?? "")no error thrown");
+    } catch (Error e) {
+        fail_if_not_eq_int(e.code, expectedCode, @"$(reason + ": " ?? "")caught unexpected error");
+    }
+}
+
+bool fail_if_not(bool exp, string? reason = null) {
+    return fail_if(!exp, reason);
+}
+
+bool fail_if_eq_int(int left, int right, string? reason = null) {
+    return fail_if(left == right, @"$(reason + ": " ?? "")$left == $right");
+}
+
+bool fail_if_not_eq_int(int left, int right, string? reason = null) {
+    return fail_if_not(left == right, @"$(reason + ": " ?? "")$left != $right");
+}
+
+bool fail_if_not_eq_str(string left, string right, string? reason = null) {
+    return fail_if_not(left == right, @"$(reason + ": " ?? "")$left != $right");
+}
+
+bool fail_if_not_eq_uint8_arr(uint8[] left, uint8[] right, string? reason = null) {
+    if (fail_if_not_eq_int(left.length, right.length, @"$(reason + ": " ?? "")array length not equal")) return true;
+    return fail_if_not_eq_str(Base64.encode(left), Base64.encode(right), reason);
+}
+
+bool fail_if_not_zero_int(int zero, string? reason = null) {
+    return fail_if_not_eq_int(zero, 0, reason);
+}
+
+bool fail_if_zero_int(int zero, string? reason = null) {
+    return fail_if_eq_int(zero, 0, reason);
+}
+
+bool fail_if_null(void* what, string? reason = null) {
+    return fail_if(what == null || (size_t)what == 0, reason);
+}
+
+}
diff --git a/plugins/omemo/tests/signal/curve25519.vala b/plugins/omemo/tests/signal/curve25519.vala
new file mode 100644
index 00000000..6dfae62f
--- /dev/null
+++ b/plugins/omemo/tests/signal/curve25519.vala
@@ -0,0 +1,207 @@
+namespace Signal.Test {
+
+class Curve25519 : Gee.TestCase {
+
+    public Curve25519() {
+        base("Curve25519");
+        add_test("agreement", test_curve25519_agreement);
+        add_test("generate_public", test_curve25519_generate_public);
+        add_test("random_agreements", test_curve25519_random_agreements);
+        add_test("signature", test_curve25519_signature);
+    }
+
+    private Context global_context;
+
+    public override void set_up() {
+        try {
+            global_context = new Context();
+        } catch (Error e) {
+            fail_if_reached();
+        }
+    }
+
+    public override void tear_down() {
+        global_context = null;
+    }
+
+    void test_curve25519_agreement() {
+        try {
+            uint8[] alicePublic = {
+                0x05, 0x1b, 0xb7, 0x59, 0x66,
+                0xf2, 0xe9, 0x3a, 0x36, 0x91,
+                0xdf, 0xff, 0x94, 0x2b, 0xb2,
+                0xa4, 0x66, 0xa1, 0xc0, 0x8b,
+                0x8d, 0x78, 0xca, 0x3f, 0x4d,
+                0x6d, 0xf8, 0xb8, 0xbf, 0xa2,
+                0xe4, 0xee, 0x28};
+
+            uint8[] alicePrivate = {
+                0xc8, 0x06, 0x43, 0x9d, 0xc9,
+                0xd2, 0xc4, 0x76, 0xff, 0xed,
+                0x8f, 0x25, 0x80, 0xc0, 0x88,
+                0x8d, 0x58, 0xab, 0x40, 0x6b,
+                0xf7, 0xae, 0x36, 0x98, 0x87,
+                0x90, 0x21, 0xb9, 0x6b, 0xb4,
+                0xbf, 0x59};
+
+            uint8[] bobPublic = {
+                0x05, 0x65, 0x36, 0x14, 0x99,
+                0x3d, 0x2b, 0x15, 0xee, 0x9e,
+                0x5f, 0xd3, 0xd8, 0x6c, 0xe7,
+                0x19, 0xef, 0x4e, 0xc1, 0xda,
+                0xae, 0x18, 0x86, 0xa8, 0x7b,
+                0x3f, 0x5f, 0xa9, 0x56, 0x5a,
+                0x27, 0xa2, 0x2f};
+
+            uint8[] bobPrivate = {
+                0xb0, 0x3b, 0x34, 0xc3, 0x3a,
+                0x1c, 0x44, 0xf2, 0x25, 0xb6,
+                0x62, 0xd2, 0xbf, 0x48, 0x59,
+                0xb8, 0x13, 0x54, 0x11, 0xfa,
+                0x7b, 0x03, 0x86, 0xd4, 0x5f,
+                0xb7, 0x5d, 0xc5, 0xb9, 0x1b,
+                0x44, 0x66};
+
+            uint8[] shared = {
+                0x32, 0x5f, 0x23, 0x93, 0x28,
+                0x94, 0x1c, 0xed, 0x6e, 0x67,
+                0x3b, 0x86, 0xba, 0x41, 0x01,
+                0x74, 0x48, 0xe9, 0x9b, 0x64,
+                0x9a, 0x9c, 0x38, 0x06, 0xc1,
+                0xdd, 0x7c, 0xa4, 0xc4, 0x77,
+                0xe6, 0x29};
+
+            ECPublicKey alice_public_key = global_context.decode_public_key(alicePublic);
+            ECPrivateKey alice_private_key = global_context.decode_private_key(alicePrivate);
+            ECPublicKey bob_public_key = global_context.decode_public_key(bobPublic);
+            ECPrivateKey bob_private_key = global_context.decode_private_key(bobPrivate);
+
+            uint8[] shared_one = calculate_agreement(alice_public_key, bob_private_key);
+            uint8[] shared_two = calculate_agreement(bob_public_key, alice_private_key);
+
+            fail_if_not_eq_int(shared_one.length, 32);
+            fail_if_not_eq_int(shared_two.length, 32);
+            fail_if_not_eq_uint8_arr(shared, shared_one);
+            fail_if_not_eq_uint8_arr(shared_one, shared_two);
+        } catch (Error e) {
+            fail_if_reached();
+        }
+    }
+
+    void test_curve25519_generate_public() {
+        try {
+            uint8[] alicePublic = {
+                0x05, 0x1b, 0xb7, 0x59, 0x66,
+                0xf2, 0xe9, 0x3a, 0x36, 0x91,
+                0xdf, 0xff, 0x94, 0x2b, 0xb2,
+                0xa4, 0x66, 0xa1, 0xc0, 0x8b,
+                0x8d, 0x78, 0xca, 0x3f, 0x4d,
+                0x6d, 0xf8, 0xb8, 0xbf, 0xa2,
+                0xe4, 0xee, 0x28};
+
+            uint8[] alicePrivate = {
+                0xc8, 0x06, 0x43, 0x9d, 0xc9,
+                0xd2, 0xc4, 0x76, 0xff, 0xed,
+                0x8f, 0x25, 0x80, 0xc0, 0x88,
+                0x8d, 0x58, 0xab, 0x40, 0x6b,
+                0xf7, 0xae, 0x36, 0x98, 0x87,
+                0x90, 0x21, 0xb9, 0x6b, 0xb4,
+                0xbf, 0x59};
+
+            ECPrivateKey alice_private_key = global_context.decode_private_key(alicePrivate);
+            ECPublicKey alice_expected_public_key = global_context.decode_public_key(alicePublic);
+            ECPublicKey alice_public_key = generate_public_key(alice_private_key);
+
+            fail_if_not_zero_int(alice_expected_public_key.compare(alice_public_key));
+        } catch (Error e) {
+            fail_if_reached();
+        }
+    }
+
+    void test_curve25519_random_agreements() {
+        try {
+            ECKeyPair alice_key_pair = null;
+            ECPublicKey alice_public_key = null;
+            ECPrivateKey alice_private_key = null;
+            ECKeyPair bob_key_pair = null;
+            ECPublicKey bob_public_key = null;
+            ECPrivateKey bob_private_key = null;
+            uint8[] shared_alice = null;
+            uint8[] shared_bob = null;
+
+            for (int i = 0; i < 50; i++) {
+                fail_if_null(alice_key_pair = global_context.generate_key_pair());
+                fail_if_null(alice_public_key = alice_key_pair.public);
+                fail_if_null(alice_private_key = alice_key_pair.private);
+
+                fail_if_null(bob_key_pair = global_context.generate_key_pair());
+                fail_if_null(bob_public_key = bob_key_pair.public);
+                fail_if_null(bob_private_key = bob_key_pair.private);
+
+                shared_alice = calculate_agreement(bob_public_key, alice_private_key);
+                fail_if_not_eq_int(shared_alice.length, 32);
+
+                shared_bob = calculate_agreement(alice_public_key, bob_private_key);
+                fail_if_not_eq_int(shared_bob.length, 32);
+
+                fail_if_not_eq_uint8_arr(shared_alice, shared_bob);
+            }
+        } catch (Error e) {
+            fail_if_reached();
+        }
+    }
+
+    void test_curve25519_signature() {
+        try {
+            uint8[] aliceIdentityPrivate = {
+                0xc0, 0x97, 0x24, 0x84, 0x12, 0xe5, 0x8b, 0xf0,
+                0x5d, 0xf4, 0x87, 0x96, 0x82, 0x05, 0x13, 0x27,
+                0x94, 0x17, 0x8e, 0x36, 0x76, 0x37, 0xf5, 0x81,
+                0x8f, 0x81, 0xe0, 0xe6, 0xce, 0x73, 0xe8, 0x65};
+
+            uint8[] aliceIdentityPublic = {
+                0x05, 0xab, 0x7e, 0x71, 0x7d, 0x4a, 0x16, 0x3b,
+                0x7d, 0x9a, 0x1d, 0x80, 0x71, 0xdf, 0xe9, 0xdc,
+                0xf8, 0xcd, 0xcd, 0x1c, 0xea, 0x33, 0x39, 0xb6,
+                0x35, 0x6b, 0xe8, 0x4d, 0x88, 0x7e, 0x32, 0x2c,
+                0x64};
+
+            uint8[] aliceEphemeralPublic = {
+                0x05, 0xed, 0xce, 0x9d, 0x9c, 0x41, 0x5c, 0xa7,
+                0x8c, 0xb7, 0x25, 0x2e, 0x72, 0xc2, 0xc4, 0xa5,
+                0x54, 0xd3, 0xeb, 0x29, 0x48, 0x5a, 0x0e, 0x1d,
+                0x50, 0x31, 0x18, 0xd1, 0xa8, 0x2d, 0x99, 0xfb,
+                0x4a};
+
+            uint8[] aliceSignature = {
+                0x5d, 0xe8, 0x8c, 0xa9, 0xa8, 0x9b, 0x4a, 0x11,
+                0x5d, 0xa7, 0x91, 0x09, 0xc6, 0x7c, 0x9c, 0x74,
+                0x64, 0xa3, 0xe4, 0x18, 0x02, 0x74, 0xf1, 0xcb,
+                0x8c, 0x63, 0xc2, 0x98, 0x4e, 0x28, 0x6d, 0xfb,
+                0xed, 0xe8, 0x2d, 0xeb, 0x9d, 0xcd, 0x9f, 0xae,
+                0x0b, 0xfb, 0xb8, 0x21, 0x56, 0x9b, 0x3d, 0x90,
+                0x01, 0xbd, 0x81, 0x30, 0xcd, 0x11, 0xd4, 0x86,
+                0xce, 0xf0, 0x47, 0xbd, 0x60, 0xb8, 0x6e, 0x88};
+
+            global_context.decode_private_key(aliceIdentityPrivate);
+            global_context.decode_public_key(aliceEphemeralPublic);
+            ECPublicKey alice_public_key = global_context.decode_public_key(aliceIdentityPublic);
+
+            fail_if(!verify_signature(alice_public_key, aliceEphemeralPublic, aliceSignature), "signature verification failed");
+
+            uint8[] modifiedSignature = new uint8[aliceSignature.length];
+
+            for (int i = 0; i < aliceSignature.length; i++) {
+                Memory.copy(modifiedSignature, aliceSignature, aliceSignature.length);
+                modifiedSignature[i] ^= 0x01;
+
+                fail_if(verify_signature(alice_public_key, aliceEphemeralPublic, modifiedSignature), "invalid signature verification succeeded");
+            }
+        } catch (Error e) {
+            fail_if_reached();
+        }
+    }
+
+}
+
+}
\ No newline at end of file
diff --git a/plugins/omemo/tests/signal/hkdf.vala b/plugins/omemo/tests/signal/hkdf.vala
new file mode 100644
index 00000000..c30af275
--- /dev/null
+++ b/plugins/omemo/tests/signal/hkdf.vala
@@ -0,0 +1,59 @@
+namespace Signal.Test {
+
+class HKDF : Gee.TestCase {
+
+    public HKDF() {
+        base("HKDF");
+        add_test("vector_v3", test_hkdf_vector_v3);
+    }
+
+    private Context global_context;
+
+    public override void set_up() {
+        try {
+            global_context = new Context();
+        } catch (Error e) {
+            fail_if_reached();
+        }
+    }
+
+    public override void tear_down() {
+        global_context = null;
+    }
+
+    public void test_hkdf_vector_v3() {
+        uint8[] ikm = {
+                0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+                0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+                0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b};
+
+        uint8[] salt = {
+                0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+                0x08, 0x09, 0x0a, 0x0b, 0x0c};
+
+        uint8[] info = {
+                0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+                0xf8, 0xf9};
+
+        uint8[] okm = {
+                0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a,
+                0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a,
+                0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c,
+                0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf,
+                0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18,
+                0x58, 0x65};
+
+        NativeHkdfContext context = null;
+        fail_if_not_zero_int(NativeHkdfContext.create(out context, 3, global_context.native_context));
+
+        uint8[] output = null;
+        int result = (int) context.derive_secrets(out output, ikm, salt, info, 42);
+        fail_if_not_eq_int(result, okm.length);
+        output.length = result;
+
+        fail_if_not_eq_uint8_arr(output, okm);
+    }
+
+}
+
+}
\ No newline at end of file
diff --git a/plugins/omemo/tests/signal/session_builder.vala b/plugins/omemo/tests/signal/session_builder.vala
new file mode 100644
index 00000000..7e2448e1
--- /dev/null
+++ b/plugins/omemo/tests/signal/session_builder.vala
@@ -0,0 +1,400 @@
+namespace Signal.Test {
+
+class SessionBuilderTest : Gee.TestCase {
+    Address alice_address;
+    Address bob_address;
+
+    public SessionBuilderTest() {
+        base("SessionBuilder");
+
+        add_test("basic_pre_key_v2", test_basic_pre_key_v2);
+        add_test("basic_pre_key_v3", test_basic_pre_key_v3);
+        add_test("bad_signed_pre_key_signature", test_bad_signed_pre_key_signature);
+        add_test("repeat_bundle_message_v2", test_repeat_bundle_message_v2);
+    }
+
+    private Context global_context;
+
+    public override void set_up() {
+        try {
+            global_context = new Context();
+            alice_address = new Address("+14151111111", 1);
+            bob_address = new Address("+14152222222", 1);
+        } catch (Error e) {
+            fail_if_reached(@"Unexpected error: $(e.message)");
+        }
+    }
+
+    public override void tear_down() {
+        global_context = null;
+        alice_address = null;
+        bob_address = null;
+    }
+
+    void test_basic_pre_key_v2() {
+        try {
+            /* Create Alice's data store and session builder */
+            Store alice_store = setup_test_store_context(global_context);
+            SessionBuilder alice_session_builder = alice_store.create_session_builder(bob_address);
+
+            /* Create Bob's data store and pre key bundle */
+            Store bob_store = setup_test_store_context(global_context);
+            uint32 bob_local_registration_id = bob_store.local_registration_id;
+            IdentityKeyPair bob_identity_key_pair = bob_store.identity_key_pair;
+            ECKeyPair bob_pre_key_pair = global_context.generate_key_pair();
+
+            PreKeyBundle bob_pre_key = create_pre_key_bundle(bob_local_registration_id, 1, 31337, bob_pre_key_pair.public, 0, null, null, bob_identity_key_pair.public);
+
+            /*
+             * Have Alice process Bob's pre key bundle, which should fail due to a
+             * missing unsigned pre key.
+             */
+            fail_if_not_error_code(() => alice_session_builder.process_pre_key_bundle(bob_pre_key), ErrorCode.INVALID_KEY);
+        } catch(Error e) {
+            fail_if_reached(@"Unexpected error: $(e.message)");
+        }
+    }
+
+    void test_basic_pre_key_v3() {
+        try {
+            /* Create Alice's data store and session builder */
+            Store alice_store = setup_test_store_context(global_context);
+            SessionBuilder alice_session_builder = alice_store.create_session_builder(bob_address);
+
+            /* Create Bob's data store and pre key bundle */
+            Store bob_store = setup_test_store_context(global_context);
+            uint32 bob_local_registration_id = bob_store.local_registration_id;
+            ECKeyPair bob_pre_key_pair = global_context.generate_key_pair();
+            ECKeyPair bob_signed_pre_key_pair = global_context.generate_key_pair();
+            IdentityKeyPair bob_identity_key_pair = bob_store.identity_key_pair;
+
+            uint8[] bob_signed_pre_key_signature = global_context.calculate_signature(bob_identity_key_pair.private, bob_signed_pre_key_pair.public.serialize());
+
+            PreKeyBundle bob_pre_key = create_pre_key_bundle(bob_local_registration_id, 1, 31337, bob_pre_key_pair.public, 22, bob_signed_pre_key_pair.public, bob_signed_pre_key_signature, bob_identity_key_pair.public);
+
+            /* Have Alice process Bob's pre key bundle */
+            alice_session_builder.process_pre_key_bundle(bob_pre_key);
+
+            /* Check that we can load the session state and verify its version */
+            fail_if_not(alice_store.contains_session(bob_address));
+
+            SessionRecord loaded_record = alice_store.load_session(bob_address);
+            fail_if_not_eq_int((int)loaded_record.state.session_version, 3);
+
+            /* Encrypt an outgoing message to send to Bob */
+            string original_message = "L'homme est condamné à être libre";
+            SessionCipher alice_session_cipher = alice_store.create_session_cipher(bob_address);
+
+            CiphertextMessage outgoing_message = alice_session_cipher.encrypt(original_message.data);
+            fail_if_not_eq_int(outgoing_message.type, CiphertextType.PREKEY);
+
+            /* Convert to an incoming message for Bob */
+            PreKeySignalMessage incoming_message = global_context.deserialize_pre_key_signal_message(outgoing_message.serialized);
+
+            /* Save the pre key and signed pre key in Bob's data store */
+            PreKeyRecord bob_pre_key_record;
+            throw_by_code(PreKeyRecord.create(out bob_pre_key_record, bob_pre_key.pre_key_id, bob_pre_key_pair));
+            bob_store.store_pre_key(bob_pre_key_record);
+
+            SignedPreKeyRecord bob_signed_pre_key_record;
+            throw_by_code(SignedPreKeyRecord.create(out bob_signed_pre_key_record, 22, new DateTime.now_utc().to_unix(), bob_signed_pre_key_pair, bob_signed_pre_key_signature));
+            bob_store.store_signed_pre_key(bob_signed_pre_key_record);
+
+            /* Create Bob's session cipher and decrypt the message from Alice */
+            SessionCipher bob_session_cipher = bob_store.create_session_cipher(alice_address);
+
+            /* Prepare the data for the callback test */
+            //int callback_context = 1234;
+            //bob_session_cipher.user_data =
+            //bob_session_cipher.decryption_callback =
+            uint8[] plaintext = bob_session_cipher.decrypt_pre_key_signal_message(incoming_message);
+
+            /* Clean up callback data */
+            bob_session_cipher.user_data = null;
+            bob_session_cipher.decryption_callback = null;
+
+            /* Verify Bob's session state and the decrypted message */
+            fail_if_not(bob_store.contains_session(alice_address));
+
+            SessionRecord alice_recipient_session_record = bob_store.load_session(alice_address);
+
+            SessionState alice_recipient_session_state = alice_recipient_session_record.state;
+            fail_if_not_eq_int((int)alice_recipient_session_state.session_version, 3);
+            fail_if_null(alice_recipient_session_state.alice_base_key);
+
+            fail_if_not_eq_uint8_arr(original_message.data, plaintext);
+
+            /* Have Bob send a reply to Alice */
+            CiphertextMessage bob_outgoing_message = bob_session_cipher.encrypt(original_message.data);
+            fail_if_not_eq_int(bob_outgoing_message.type, CiphertextType.SIGNAL);
+
+            /* Verify that Alice can decrypt it */
+            SignalMessage bob_outgoing_message_copy = global_context.copy_signal_message(bob_outgoing_message);
+
+            uint8[] alice_plaintext = alice_session_cipher.decrypt_signal_message(bob_outgoing_message_copy);
+
+            fail_if_not_eq_uint8_arr(original_message.data, alice_plaintext);
+
+            GLib.Test.message("Pre-interaction tests complete");
+
+            /* Interaction tests */
+            run_interaction(alice_store, bob_store);
+
+            /* Cleanup state from previous tests that we need to replace */
+            alice_store = null;
+            bob_pre_key_pair = null;
+            bob_signed_pre_key_pair = null;
+            bob_identity_key_pair = null;
+            bob_signed_pre_key_signature = null;
+            bob_pre_key_record = null;
+            bob_signed_pre_key_record = null;
+
+            /* Create Alice's new session data */
+            alice_store = setup_test_store_context(global_context);
+            alice_session_builder = alice_store.create_session_builder(bob_address);
+            alice_session_cipher = alice_store.create_session_cipher(bob_address);
+
+            /* Create Bob's new pre key bundle */
+            bob_pre_key_pair = global_context.generate_key_pair();
+            bob_signed_pre_key_pair = global_context.generate_key_pair();
+            bob_identity_key_pair = bob_store.identity_key_pair;
+            bob_signed_pre_key_signature = global_context.calculate_signature(bob_identity_key_pair.private, bob_signed_pre_key_pair.public.serialize());
+            bob_pre_key = create_pre_key_bundle(bob_local_registration_id, 1, 31338, bob_pre_key_pair.public, 23, bob_signed_pre_key_pair.public, bob_signed_pre_key_signature, bob_identity_key_pair.public);
+
+            /* Save the new pre key and signed pre key in Bob's data store */
+            throw_by_code(PreKeyRecord.create(out bob_pre_key_record, bob_pre_key.pre_key_id, bob_pre_key_pair));
+            bob_store.store_pre_key(bob_pre_key_record);
+
+            throw_by_code(SignedPreKeyRecord.create(out bob_signed_pre_key_record, 23, new DateTime.now_utc().to_unix(), bob_signed_pre_key_pair, bob_signed_pre_key_signature));
+            bob_store.store_signed_pre_key(bob_signed_pre_key_record);
+
+            /* Have Alice process Bob's pre key bundle */
+            alice_session_builder.process_pre_key_bundle(bob_pre_key);
+
+            /* Have Alice encrypt a message for Bob */
+            outgoing_message = alice_session_cipher.encrypt(original_message.data);
+            fail_if_not_eq_int(outgoing_message.type, CiphertextType.PREKEY);
+
+            /* Have Bob try to decrypt the message */
+            PreKeySignalMessage outgoing_message_copy = global_context.copy_pre_key_signal_message(outgoing_message);
+
+            /* The decrypt should fail with a specific error */
+            fail_if_not_error_code(() => bob_session_cipher.decrypt_pre_key_signal_message(outgoing_message_copy), ErrorCode.UNTRUSTED_IDENTITY);
+
+            outgoing_message_copy = global_context.copy_pre_key_signal_message(outgoing_message);
+
+            /* Save the identity key to Bob's store */
+            bob_store.save_identity(alice_address, outgoing_message_copy.identity_key);
+
+            /* Try the decrypt again, this time it should succeed */
+            outgoing_message_copy = global_context.copy_pre_key_signal_message(outgoing_message);
+            plaintext = bob_session_cipher.decrypt_pre_key_signal_message(outgoing_message_copy);
+
+            fail_if_not_eq_uint8_arr(original_message.data, plaintext);
+
+            /* Create a new pre key for Bob */
+            ECPublicKey test_public_key = create_test_ec_public_key(global_context);
+
+            IdentityKeyPair alice_identity_key_pair = alice_store.identity_key_pair;
+
+            bob_pre_key = create_pre_key_bundle(bob_local_registration_id, 1, 31337, test_public_key, 23, bob_signed_pre_key_pair.public, bob_signed_pre_key_signature, alice_identity_key_pair.public);
+
+            /* Have Alice process Bob's new pre key bundle, which should fail */
+            fail_if_not_error_code(() => alice_session_builder.process_pre_key_bundle(bob_pre_key), ErrorCode.UNTRUSTED_IDENTITY);
+
+            GLib.Test.message("Post-interaction tests complete");
+        } catch(Error e) {
+            fail_if_reached(@"Unexpected error: $(e.message)");
+        }
+    }
+
+    void test_bad_signed_pre_key_signature() {
+        try {
+            /* Create Alice's data store and session builder */
+            Store alice_store = setup_test_store_context(global_context);
+            SessionBuilder alice_session_builder = alice_store.create_session_builder(bob_address);
+
+            /* Create Bob's data store */
+            Store bob_store = setup_test_store_context(global_context);
+
+            /* Create Bob's regular and signed pre key pairs */
+            ECKeyPair bob_pre_key_pair = global_context.generate_key_pair();
+            ECKeyPair bob_signed_pre_key_pair = global_context.generate_key_pair();
+
+            /* Create Bob's signed pre key signature */
+            IdentityKeyPair bob_identity_key_pair = bob_store.identity_key_pair;
+            uint8[] bob_signed_pre_key_signature = global_context.calculate_signature(bob_identity_key_pair.private, bob_signed_pre_key_pair.public.serialize());
+
+            for (int i = 0; i < bob_signed_pre_key_signature.length * 8; i++) {
+                uint8[] modified_signature = bob_signed_pre_key_signature[0:bob_signed_pre_key_signature.length];
+
+                /* Intentionally corrupt the signature data */
+                modified_signature[i/8] ^= (1 << ((uint8)i % 8));
+
+                /* Create a pre key bundle */
+                PreKeyBundle bob_pre_key = create_pre_key_bundle(bob_store.local_registration_id,1,31137,bob_pre_key_pair.public,22,bob_signed_pre_key_pair.public,modified_signature,bob_identity_key_pair.public);
+
+                /* Process the bundle and make sure we fail with an invalid key error */
+                fail_if_not_error_code(() => alice_session_builder.process_pre_key_bundle(bob_pre_key), ErrorCode.INVALID_KEY);
+            }
+
+            /* Create a correct pre key bundle */
+            PreKeyBundle bob_pre_key = create_pre_key_bundle(bob_store.local_registration_id,1,31137,bob_pre_key_pair.public,22,bob_signed_pre_key_pair.public,bob_signed_pre_key_signature,bob_identity_key_pair.public);
+
+            /* Process the bundle and make sure we do not fail */
+            alice_session_builder.process_pre_key_bundle(bob_pre_key);
+        } catch(Error e) {
+            fail_if_reached(@"Unexpected error: $(e.message)");
+        }
+    }
+
+    void test_repeat_bundle_message_v2() {
+        try {
+            /* Create Alice's data store and session builder */
+            Store alice_store = setup_test_store_context(global_context);
+            SessionBuilder alice_session_builder = alice_store.create_session_builder(bob_address);
+
+            /* Create Bob's data store and pre key bundle */
+            Store bob_store = setup_test_store_context(global_context);
+            ECKeyPair bob_pre_key_pair = global_context.generate_key_pair();
+            ECKeyPair bob_signed_pre_key_pair = global_context.generate_key_pair();
+            uint8[] bob_signed_pre_key_signature = global_context.calculate_signature(bob_store.identity_key_pair.private, bob_signed_pre_key_pair.public.serialize());
+            PreKeyBundle bob_pre_key = create_pre_key_bundle(bob_store.local_registration_id,1,31337,bob_pre_key_pair.public,0,null,null,bob_store.identity_key_pair.public);
+
+            /* Add Bob's pre keys to Bob's data store */
+            PreKeyRecord bob_pre_key_record;
+            throw_by_code(PreKeyRecord.create(out bob_pre_key_record, bob_pre_key.pre_key_id, bob_pre_key_pair));
+            bob_store.store_pre_key(bob_pre_key_record);
+            SignedPreKeyRecord bob_signed_pre_key_record;
+            throw_by_code(SignedPreKeyRecord.create(out bob_signed_pre_key_record, 22, new DateTime.now_utc().to_unix(), bob_signed_pre_key_pair, bob_signed_pre_key_signature));
+            bob_store.store_signed_pre_key(bob_signed_pre_key_record);
+
+            /*
+             * Have Alice process Bob's pre key bundle, which should fail due to a
+             * missing signed pre key.
+             */
+            fail_if_not_error_code(() => alice_session_builder.process_pre_key_bundle(bob_pre_key), ErrorCode.INVALID_KEY);
+        } catch(Error e) {
+            fail_if_reached(@"Unexpected error: $(e.message)");
+        }
+    }
+
+    class Holder {
+        public uint8[] data { get; private set; }
+
+        public Holder(uint8[] data) {
+            this.data = data;
+        }
+    }
+
+    void run_interaction(Store alice_store, Store bob_store) throws Error {
+
+        /* Create the session ciphers */
+        SessionCipher alice_session_cipher = alice_store.create_session_cipher(bob_address);
+        SessionCipher bob_session_cipher = bob_store.create_session_cipher(alice_address);
+
+        /* Create a test message */
+        string original_message = "smert ze smert";
+
+        /* Simulate Alice sending a message to Bob */
+        CiphertextMessage alice_message = alice_session_cipher.encrypt(original_message.data);
+        fail_if_not_eq_int(alice_message.type, CiphertextType.SIGNAL);
+
+        SignalMessage alice_message_copy = global_context.copy_signal_message(alice_message);
+        uint8[] plaintext = bob_session_cipher.decrypt_signal_message(alice_message_copy);
+        fail_if_not_eq_uint8_arr(original_message.data, plaintext);
+
+        GLib.Test.message("Interaction complete: Alice -> Bob");
+
+        /* Simulate Bob sending a message to Alice */
+        CiphertextMessage bob_message = bob_session_cipher.encrypt(original_message.data);
+        fail_if_not_eq_int(alice_message.type, CiphertextType.SIGNAL);
+
+        SignalMessage bob_message_copy = global_context.copy_signal_message(bob_message);
+        plaintext = alice_session_cipher.decrypt_signal_message(bob_message_copy);
+        fail_if_not_eq_uint8_arr(original_message.data, plaintext);
+
+        GLib.Test.message("Interaction complete: Bob -> Alice");
+
+        /* Looping Alice -> Bob */
+        for (int i = 0; i < 10; i++) {
+            uint8[] looping_message = create_looping_message(i);
+            CiphertextMessage alice_looping_message = alice_session_cipher.encrypt(looping_message);
+            SignalMessage alice_looping_message_copy = global_context.copy_signal_message(alice_looping_message);
+            uint8[] looping_plaintext = bob_session_cipher.decrypt_signal_message(alice_looping_message_copy);
+            fail_if_not_eq_uint8_arr(looping_message, looping_plaintext);
+        }
+        GLib.Test.message("Interaction complete: Alice -> Bob (looping)");
+
+        /* Looping Bob -> Alice */
+        for (int i = 0; i < 10; i++) {
+            uint8[] looping_message = create_looping_message(i);
+            CiphertextMessage bob_looping_message = bob_session_cipher.encrypt(looping_message);
+            SignalMessage bob_looping_message_copy = global_context.copy_signal_message(bob_looping_message);
+            uint8[] looping_plaintext = alice_session_cipher.decrypt_signal_message(bob_looping_message_copy);
+            fail_if_not_eq_uint8_arr(looping_message, looping_plaintext);
+        }
+        GLib.Test.message("Interaction complete: Bob -> Alice (looping)");
+
+        /* Generate a shuffled list of encrypted messages for later use */
+        Holder[] alice_ooo_plaintext = new Holder[10];
+        Holder[] alice_ooo_ciphertext = new Holder[10];
+        for (int i = 0; i < 10; i++) {
+            alice_ooo_plaintext[i] = new Holder(create_looping_message(i));
+            alice_ooo_ciphertext[i] = new Holder(alice_session_cipher.encrypt(alice_ooo_plaintext[i].data).serialized);
+        }
+
+        for (int i = 0; i < 10; i++) {
+            uint32 s = Random.next_int() % 10;
+            Holder tmp = alice_ooo_plaintext[s];
+            alice_ooo_plaintext[s] = alice_ooo_plaintext[i];
+            alice_ooo_plaintext[i] = tmp;
+            tmp = alice_ooo_ciphertext[s];
+            alice_ooo_ciphertext[s] = alice_ooo_ciphertext[i];
+            alice_ooo_ciphertext[i] = tmp;
+        }
+        GLib.Test.message("Shuffled Alice->Bob messages created");
+
+        /* Looping Alice -> Bob (repeated) */
+        for (int i = 0; i < 10; i++) {
+            uint8[] looping_message = create_looping_message(i);
+            CiphertextMessage alice_looping_message = alice_session_cipher.encrypt(looping_message);
+            SignalMessage alice_looping_message_copy = global_context.copy_signal_message(alice_looping_message);
+            uint8[] looping_plaintext = bob_session_cipher.decrypt_signal_message(alice_looping_message_copy);
+            fail_if_not_eq_uint8_arr(looping_message, looping_plaintext);
+        }
+        GLib.Test.message("Interaction complete: Alice -> Bob (looping, repeated)");
+
+        /* Looping Bob -> Alice (repeated) */
+        for (int i = 0; i < 10; i++) {
+            uint8[] looping_message = create_looping_message(i);
+            CiphertextMessage bob_looping_message = bob_session_cipher.encrypt(looping_message);
+            SignalMessage bob_looping_message_copy = global_context.copy_signal_message(bob_looping_message);
+            uint8[] looping_plaintext = alice_session_cipher.decrypt_signal_message(bob_looping_message_copy);
+            fail_if_not_eq_uint8_arr(looping_message, looping_plaintext);
+        }
+        GLib.Test.message("Interaction complete: Bob -> Alice (looping, repeated)");
+
+        /* Shuffled Alice -> Bob */
+        for (int i = 0; i < 10; i++) {
+            SignalMessage ooo_message_deserialized = global_context.deserialize_signal_message(alice_ooo_ciphertext[i].data);
+            uint8[] ooo_plaintext = bob_session_cipher.decrypt_signal_message(ooo_message_deserialized);
+            fail_if_not_eq_uint8_arr(alice_ooo_plaintext[i].data, ooo_plaintext);
+        }
+        GLib.Test.message("Interaction complete: Alice -> Bob (shuffled)");
+    }
+
+    uint8[] create_looping_message(int index) {
+        return (@"You can only desire based on what you know: $index").data;
+    }
+
+    /*
+    uint8[] create_looping_message_short(int index) {
+        return ("What do we mean by saying that existence precedes essence? " +
+            "We mean that man first of all exists, encounters himself, " +
+            @"surges up in the world--and defines himself aftward. $index").data;
+    }
+    */
+}
+
+}
diff --git a/plugins/omemo/tests/signal/testcase.vala b/plugins/omemo/tests/signal/testcase.vala
new file mode 100644
index 00000000..59fcf193
--- /dev/null
+++ b/plugins/omemo/tests/signal/testcase.vala
@@ -0,0 +1,80 @@
+/* testcase.vala
+ *
+ * Copyright (C) 2009 Julien Peeters
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301  USA
+ *
+ * Author:
+ * 	Julien Peeters <contact@julienpeeters.fr>
+ */
+
+public abstract class Gee.TestCase : Object {
+
+    private GLib.TestSuite suite;
+    private Adaptor[] adaptors = new Adaptor[0];
+
+    public delegate void TestMethod ();
+
+    protected TestCase (string name) {
+        this.suite = new GLib.TestSuite (name);
+    }
+
+    public void add_test (string name, owned TestMethod test) {
+        var adaptor = new Adaptor (name, (owned)test, this);
+        this.adaptors += adaptor;
+
+        this.suite.add (new GLib.TestCase (adaptor.name,
+                                           adaptor.set_up,
+                                           adaptor.run,
+                                           adaptor.tear_down ));
+    }
+
+    public virtual void set_up () {
+    }
+
+    public virtual void tear_down () {
+    }
+
+    public GLib.TestSuite get_suite () {
+        return (owned) this.suite;
+    }
+
+    private class Adaptor {
+        [CCode (notify = false)]
+        public string name { get; private set; }
+        private TestMethod test;
+        private TestCase test_case;
+
+        public Adaptor (string name,
+        owned TestMethod test,
+        TestCase test_case) {
+            this.name = name;
+            this.test = (owned)test;
+            this.test_case = test_case;
+        }
+
+        public void set_up (void* fixture) {
+            this.test_case.set_up ();
+        }
+
+        public void run (void* fixture) {
+            this.test ();
+        }
+
+        public void tear_down (void* fixture) {
+            this.test_case.tear_down ();
+        }
+    }
+}
diff --git a/plugins/omemo/vapi/libsignal-protocol-c.vapi b/plugins/omemo/vapi/libsignal-protocol-c.vapi
new file mode 100644
index 00000000..7c63d418
--- /dev/null
+++ b/plugins/omemo/vapi/libsignal-protocol-c.vapi
@@ -0,0 +1,657 @@
+namespace Signal {
+
+    [CCode (cname = "int", cprefix = "SG_ERR_", cheader_filename = "signal/signal_protocol.h", has_type_id = false)]
+    public enum ErrorCode {
+        [CCode (cname = "SG_SUCCESS")]
+        SUCCESS,
+        NOMEM,
+        INVAL,
+        UNKNOWN,
+        DUPLICATE_MESSAGE,
+        INVALID_KEY,
+        INVALID_KEY_ID,
+        INVALID_MAC,
+        INVALID_MESSAGE,
+        INVALID_VERSION,
+        LEGACY_MESSAGE,
+        NO_SESSION,
+        STALE_KEY_EXCHANGE,
+        UNTRUSTED_IDENTITY,
+        VRF_SIG_VERIF_FAILED,
+        INVALID_PROTO_BUF,
+        FP_VERSION_MISMATCH,
+        FP_IDENT_MISMATCH;
+    }
+
+    [CCode (cname = "SG_ERR_MINIMUM", cheader_filename = "signal/signal_protocol.h")]
+    public const int MIN_ERROR_CODE;
+
+    [CCode (cname = "int", cprefix = "SG_LOG_", cheader_filename = "signal/signal_protocol.h", has_type_id = false)]
+    public enum LogLevel {
+        ERROR,
+        WARNING,
+        NOTICE,
+        INFO,
+        DEBUG
+    }
+
+    [CCode (cname = "signal_throw_gerror_by_code_", cheader_filename = "signal/signal_protocol.h")]
+    private int throw_by_code(int code, string? message = null) throws GLib.Error {
+        if (code < 0 && code > MIN_ERROR_CODE) {
+            throw new GLib.Error(-1, code, "%s: %s", message ?? "Signal error", ((ErrorCode)code).to_string());
+        }
+        return code;
+    }
+
+    [CCode (cname = "int", cprefix = "SG_CIPHER_", cheader_filename = "signal/signal_protocol.h", has_type_id = false)]
+    public enum Cipher {
+        AES_CTR_NOPADDING,
+        AES_CBC_PKCS5,
+        AES_GCM_NOPADDING
+    }
+
+    [Compact]
+    [CCode (cname = "signal_type_base", ref_function="signal_type_ref_vapi", unref_function="signal_type_unref_vapi", cheader_filename="signal/signal_protocol_types.h,signal/signal_helper.h")]
+    public class TypeBase {
+    }
+
+    [Compact]
+    [CCode (cname = "signal_buffer", cheader_filename = "signal/signal_protocol_types.h", free_function="signal_buffer_free")]
+    public class Buffer {
+        [CCode (cname = "signal_buffer_alloc")]
+        public Buffer(size_t len);
+        [CCode (cname = "signal_buffer_create")]
+        public Buffer.from(uint8[] data);
+
+        public Buffer copy();
+        public Buffer append(uint8[] data);
+        public int compare(Buffer other);
+
+        public uint8 get(int i) { return data[i]; }
+        public void set(int i, uint8 val) { data[i] = val; }
+
+        public uint8[] data { get { int x = (int)len(); unowned uint8[] res = _data(); res.length = x; return res; } }
+
+        [CCode (array_length = false, cname = "signal_buffer_data")]
+        private unowned uint8[] _data();
+        private size_t len();
+    }
+
+    [Compact]
+    [CCode (cname = "signal_int_list", cheader_filename = "signal/signal_protocol_types.h", free_function="signal_int_list_free")]
+    public class IntList {
+        [CCode (cname = "signal_int_list_alloc")]
+        public IntList();
+        [CCode (cname = "signal_int_list_push_back")]
+        public int add(int value);
+        public uint size { [CCode (cname = "signal_int_list_size")] get; }
+        [CCode (cname = "signal_int_list_at")]
+        public int get(uint index);
+    }
+
+    [Compact]
+    [CCode (cname = "session_builder", cprefix = "session_builder_", free_function="session_builder_free", cheader_filename = "signal/session_builder.h")]
+    public class SessionBuilder {
+        [CCode (cname = "session_builder_process_pre_key_bundle")]
+        private int process_pre_key_bundle_(PreKeyBundle pre_key_bundle);
+        [CCode (cname = "session_builder_process_pre_key_bundle_")]
+        public void process_pre_key_bundle(PreKeyBundle pre_key_bundle) throws GLib.Error {
+            throw_by_code(process_pre_key_bundle_(pre_key_bundle));
+        }
+    }
+
+    [Compact]
+    [CCode (cname = "session_pre_key_bundle", cprefix = "session_pre_key_bundle_", cheader_filename = "signal/session_pre_key.h")]
+    public class PreKeyBundle : TypeBase {
+        public static int create(out PreKeyBundle bundle, uint32 registration_id, int device_id, uint32 pre_key_id, ECPublicKey? pre_key_public,
+                uint32 signed_pre_key_id, ECPublicKey? signed_pre_key_public, uint8[]? signed_pre_key_signature, ECPublicKey? identity_key);
+        public uint32 registration_id { get; }
+        public int device_id { get; }
+        public uint32 pre_key_id { get; }
+        public ECPublicKey pre_key { owned get; }
+        public uint32 signed_pre_key_id { get; }
+        public ECPublicKey signed_pre_key { owned get; }
+        public Buffer signed_pre_key_signature { owned get; }
+        public ECPublicKey identity_key { owned get; }
+    }
+
+    [Compact]
+    [CCode (cname = "session_pre_key", cprefix = "session_pre_key_", cheader_filename = "signal/session_pre_key.h,signal/signal_helper.h")]
+    public class PreKeyRecord : TypeBase {
+        public static int create(out PreKeyRecord pre_key, uint32 id, ECKeyPair key_pair);
+        //public static int deserialize(out PreKeyRecord pre_key, uint8[] data, NativeContext global_context);
+        [CCode (instance_pos = 2)]
+        public int serialze(out Buffer buffer);
+        public uint32 id { get; }
+        public ECKeyPair key_pair { get; }
+    }
+
+    [Compact]
+    [CCode (cname = "session_record", cprefix = "session_record_", cheader_filename = "signal/signal_protocol_types.h")]
+    public class SessionRecord : TypeBase {
+        public SessionState state { get; }
+        public Buffer user_record { get; }
+    }
+
+    [Compact]
+    [CCode (cname = "session_state", cprefix = "session_state_", cheader_filename = "signal/session_state.h")]
+    public class SessionState : TypeBase {
+        //public static int create(out SessionState state, NativeContext context);
+        //public static int deserialize(out SessionState state, uint8[] data, NativeContext context);
+        //public static int copy(out SessionState state, SessionState other_state, NativeContext context);
+        [CCode (instance_pos = 2)]
+        public int serialze(out Buffer buffer);
+
+        public uint32 session_version { get; set; }
+        public ECPublicKey local_identity_key { get; set; }
+        public ECPublicKey remote_identity_key { get; set; }
+        //public Ratchet.RootKey root_key { get; set; }
+        public uint32 previous_counter { get; set; }
+        public ECPublicKey sender_ratchet_key { get; }
+        public ECKeyPair sender_ratchet_key_pair { get; }
+        //public Ratchet.ChainKey sender_chain_key { get; set; }
+        public uint32 remote_registration_id { get; set; }
+        public uint32 local_registration_id { get; set; }
+        public int needs_refresh { get; set; }
+        public ECPublicKey alice_base_key { get; set; }
+    }
+
+    [Compact]
+    [CCode (cname = "session_signed_pre_key", cprefix = "session_signed_pre_key_", cheader_filename = "signal/session_pre_key.h")]
+    public class SignedPreKeyRecord : TypeBase {
+        public static int create(out SignedPreKeyRecord pre_key, uint32 id, uint64 timestamp, ECKeyPair key_pair, uint8[] signature);
+        [CCode (instance_pos = 2)]
+        public int serialze(out Buffer buffer);
+
+        public uint32 id { get; }
+        public uint64 timestamp { get; }
+        public ECKeyPair key_pair { get; }
+        public uint8[] signature { [CCode (cname = "session_signed_pre_key_get_signature_")] get { int x = (int)get_signature_len(); unowned uint8[] res = get_signature(); res.length = x; return res; } }
+
+        [CCode (array_length = false, cname = "session_signed_pre_key_get_signature")]
+        private unowned uint8[] get_signature();
+        private size_t get_signature_len();
+    }
+
+    /**
+     * Address of an Signal Protocol message recipient
+     */
+    [Compact]
+    [CCode (cname = "signal_protocol_address", cprefix = "signal_protocol_address_", cheader_filename = "signal/signal_protocol.h,signal/signal_helper.h")]
+    public class Address {
+        public Address(string name, int32 device_id);
+        public int32 device_id { get; set; }
+        public string name { owned get; set; }
+    }
+
+    /**
+     * A representation of a (group + sender + device) tuple
+     */
+    [Compact]
+    [CCode (cname = "signal_protocol_sender_key_name")]
+    public class SenderKeyName {
+        [CCode (cname = "group_id", array_length_cname="group_id_len")]
+        private char* group_id_;
+        private size_t group_id_len;
+        public Address sender;
+    }
+
+    [Compact]
+    [CCode (cname = "ec_public_key", cprefix = "ec_public_key_", cheader_filename = "signal/curve.h,signal/signal_helper.h")]
+    public class ECPublicKey : TypeBase {
+        [CCode (cname = "curve_generate_public_key")]
+        public static int generate(out ECPublicKey public_key, ECPrivateKey private_key);
+        [CCode (instance_pos = 1, cname = "ec_public_key_serialize")]
+        private int serialize_([CCode (pos = 0)] out Buffer buffer);
+        [CCode (cname = "ec_public_key_serialize_")]
+        public uint8[] serialize() {
+            Buffer buffer;
+            int code = serialize_(out buffer);
+            if (code < 0 && code > MIN_ERROR_CODE) {
+                // Can only throw for invalid arguments or out of memory.
+                GLib.assert_not_reached();
+            }
+            return buffer.data;
+        }
+        public int compare(ECPublicKey other);
+        public int memcmp(ECPublicKey other);
+    }
+
+    [Compact]
+    [CCode (cname = "ec_private_key", cprefix = "ec_private_key_", cheader_filename = "signal/curve.h,signal/signal_helper.h")]
+    public class ECPrivateKey : TypeBase {
+        [CCode (instance_pos = 1, cname = "ec_private_key_serialize")]
+        private int serialize_([CCode (pos = 0)] out Buffer buffer);
+        [CCode (cname = "ec_private_key_serialize_")]
+        public uint8[] serialize() throws GLib.Error {
+            Buffer buffer;
+            int code = serialize_(out buffer);
+            if (code < 0 && code > MIN_ERROR_CODE) {
+                // Can only throw for invalid arguments or out of memory.
+                GLib.assert_not_reached();
+            }
+            return buffer.data;
+        }
+        public int compare(ECPublicKey other);
+    }
+
+    [Compact]
+    [CCode (cname = "ec_key_pair", cprefix="ec_key_pair_", cheader_filename = "signal/curve.h,signal/signal_helper.h")]
+    public class ECKeyPair : TypeBase {
+        public static int create(out ECKeyPair key_pair, ECPublicKey public_key, ECPrivateKey private_key);
+        public ECPublicKey public { get; }
+        public ECPrivateKey private { get; }
+    }
+
+    [CCode (cname = "ratchet_message_keys", cheader_filename = "signal/ratchet.h")]
+    public class MessageKeys {
+    }
+
+    [Compact]
+    [CCode (cname = "ratchet_identity_key_pair", cprefix = "ratchet_identity_key_pair_", cheader_filename = "signal/ratchet.h,signal/signal_helper.h")]
+    public class IdentityKeyPair : TypeBase {
+        public static int create(out IdentityKeyPair key_pair, ECPublicKey public_key, ECPrivateKey private_key);
+        public int serialze(out Buffer buffer);
+        public ECPublicKey public { get; }
+        public ECPrivateKey private { get; }
+    }
+
+    [Compact]
+    [CCode (cname = "ec_public_key_list")]
+    public class PublicKeyList {}
+
+    /**
+     * The main entry point for Signal Protocol encrypt/decrypt operations.
+     *
+     * Once a session has been established with session_builder,
+     * this class can be used for all encrypt/decrypt operations within
+     * that session.
+     */
+    [Compact]
+    [CCode (cname = "session_cipher", cprefix = "session_cipher_", cheader_filename = "signal/session_cipher.h", free_function = "session_cipher_free")]
+    public class SessionCipher {
+        public void* user_data { get; set; }
+        public DecryptionCallback decryption_callback { set; }
+        [CCode (cname = "session_cipher_encrypt")]
+        private int encrypt_(uint8[] padded_message, out CiphertextMessage encrypted_message);
+        [CCode (cname = "session_cipher_encrypt_")]
+        public CiphertextMessage encrypt(uint8[] padded_message) throws GLib.Error {
+            CiphertextMessage res;
+            throw_by_code(encrypt_(padded_message, out res));
+            return res;
+        }
+        [CCode (cname = "session_cipher_decrypt_pre_key_signal_message")]
+        private int decrypt_pre_key_signal_message_(PreKeySignalMessage ciphertext, void* decrypt_context, out Buffer plaintext);
+        [CCode (cname = "session_cipher_decrypt_pre_key_signal_message_")]
+        public uint8[] decrypt_pre_key_signal_message(PreKeySignalMessage ciphertext, void* decrypt_context = null) throws GLib.Error {
+            Buffer res;
+            throw_by_code(decrypt_pre_key_signal_message_(ciphertext, decrypt_context, out res));
+            return res.data;
+        }
+        [CCode (cname = "session_cipher_decrypt_signal_message")]
+        private int decrypt_signal_message_(SignalMessage ciphertext, void* decrypt_context, out Buffer plaintext);
+        [CCode (cname = "session_cipher_decrypt_signal_message_")]
+        public uint8[] decrypt_signal_message(SignalMessage ciphertext, void* decrypt_context = null) throws GLib.Error {
+            Buffer res;
+            throw_by_code(decrypt_signal_message_(ciphertext, decrypt_context, out res));
+            return res.data;
+        }
+        public int get_remote_registration_id(out uint32 remote_id);
+        public int get_session_version(uint32 version);
+
+        [CCode (has_target = false)]
+        public delegate int DecryptionCallback(SessionCipher cipher, Buffer plaintext, void* decrypt_context);
+    }
+
+    [CCode (cname = "int", cheader_filename = "signal/protocol.h", has_type_id = false)]
+    public enum CiphertextType {
+        [CCode (cname = "CIPHERTEXT_SIGNAL_TYPE")]
+        SIGNAL,
+        [CCode (cname = "CIPHERTEXT_PREKEY_TYPE")]
+        PREKEY,
+        [CCode (cname = "CIPHERTEXT_SENDERKEY_TYPE")]
+        SENDERKEY,
+        [CCode (cname = "CIPHERTEXT_SENDERKEY_DISTRIBUTION_TYPE")]
+        SENDERKEY_DISTRIBUTION
+    }
+
+    [Compact]
+    [CCode (cname = "ciphertext_message", cprefix = "ciphertext_message_", cheader_filename = "signal/protocol.h,signal/signal_helper.h")]
+    public abstract class CiphertextMessage : TypeBase {
+        public CiphertextType type { get; }
+        [CCode (cname = "ciphertext_message_get_serialized")]
+        private unowned Buffer get_serialized_();
+        public uint8[] serialized { [CCode (cname = "ciphertext_message_get_serialized_")] get {
+            return get_serialized_().data;
+        }}
+    }
+    [Compact]
+    [CCode (cname = "signal_message", cprefix = "signal_message_", cheader_filename = "signal/protocol.h,signal/signal_helper.h")]
+    public class SignalMessage : CiphertextMessage {
+        public ECPublicKey sender_ratchet_key { get; }
+        public uint8 message_version { get; }
+        public uint32 counter { get; }
+        public Buffer body { get; }
+        //public int verify_mac(uint8 message_version, ECPublicKey sender_identity_key, ECPublicKey receiver_identity_key, uint8[] mac, NativeContext global_context);
+        public static int is_legacy(uint8[] data);
+    }
+    [Compact]
+    [CCode (cname = "pre_key_signal_message", cprefix = "pre_key_signal_message_", cheader_filename = "signal/protocol.h,signal/signal_helper.h")]
+    public class PreKeySignalMessage : CiphertextMessage {
+        public uint8 message_version { get; }
+        public ECPublicKey identity_key { get; }
+        public uint32 registration_id { get; }
+        public uint32 pre_key_id { get; }
+        public uint32 signed_pre_key_id { get; }
+        public ECPublicKey base_key { get; }
+        public SignalMessage signal_message { get; }
+    }
+    [Compact]
+    [CCode (cname = "sender_key_message", cprefix = "sender_key_message_", cheader_filename = "signal/protocol.h,signal/signal_helper.h")]
+    public class SenderKeyMessage : CiphertextMessage {
+        public uint32 key_id { get; }
+        public uint32 iteration { get; }
+        public Buffer ciphertext { get; }
+    }
+    [Compact]
+    [CCode (cname = "sender_key_distribution_message", cprefix = "sender_key_distribution_message_", cheader_filename = "signal/protocol.h,signal/signal_helper.h")]
+    public class SenderKeyDistributionMessage : CiphertextMessage {
+        public uint32 id { get; }
+        public uint32 iteration { get; }
+        public Buffer chain_key { get; }
+        public ECPublicKey signature_key { get; }
+    }
+
+    [CCode (cname = "signal_vala_encrypt", cheader_filename = "signal/signal_helper.h")]
+    private static int aes_encrypt_(out Buffer output, int cipher, uint8[] key, uint8[] iv, uint8[] plaintext, void *user_data);
+
+    [CCode (cname = "signal_vala_encrypt_")]
+    public uint8[] aes_encrypt(int cipher, uint8[] key, uint8[] iv, uint8[] plaintext) throws GLib.Error {
+        Buffer buf;
+        throw_by_code(aes_encrypt_(out buf, cipher, key, iv, plaintext, null));
+        return buf.data;
+    }
+
+    [CCode (cname = "signal_vala_decrypt", cheader_filename = "signal/signal_helper.h")]
+    private static int aes_decrypt_(out Buffer output, int cipher, uint8[] key, uint8[] iv, uint8[] ciphertext, void *user_data);
+
+    [CCode (cname = "signal_vala_decrypt_")]
+    public uint8[] aes_decrypt(int cipher, uint8[] key, uint8[] iv, uint8[] ciphertext) throws GLib.Error {
+        Buffer buf;
+        throw_by_code(aes_decrypt_(out buf, cipher, key, iv, ciphertext, null));
+        return buf.data;
+    }
+
+    [Compact]
+    [CCode (cname = "signal_context", cprefix="signal_context_", free_function="signal_context_destroy", cheader_filename = "signal/signal_protocol.h")]
+    public class NativeContext {
+        public static int create(out NativeContext context, void* user_data);
+        public int set_crypto_provider(NativeCryptoProvider crypto_provider);
+        public int set_locking_functions(LockingFunc lock, LockingFunc unlock);
+        public int set_log_function(LogFunc log);
+    }
+    [CCode (has_target = false)]
+    public delegate void LockingFunc(void* user_data);
+    [CCode (has_target = false)]
+    public delegate void LogFunc(LogLevel level, string message, size_t len, void* user_data);
+
+    [Compact]
+    [CCode (cname = "signal_crypto_provider", cheader_filename = "signal/signal_protocol.h")]
+    public struct NativeCryptoProvider {
+        public RandomFunc random_func;
+        public HmacSha256Init hmac_sha256_init_func;
+        public HmacSha256Update hmac_sha256_update_func;
+        public HmacSha256Final hmac_sha256_final_func;
+        public HmacSha256Cleanup hmac_sha256_cleanup_func;
+        public Sha512DigestInit sha512_digest_init_func;
+        public Sha512DigestUpdate sha512_digest_update_func;
+        public Sha512DigestFinal sha512_digest_final_func;
+        public Sha512DigestCleanup sha512_digest_cleanup_func;
+        public CryptFunc encrypt_func;
+        public CryptFunc decrypt_func;
+        public void* user_data;
+    }
+    [CCode (has_target = false)]
+    public delegate int RandomFunc(uint8[] data, void* user_data);
+    [CCode (has_target = false)]
+    public delegate int HmacSha256Init(out void* hmac_context, uint8[] key, void* user_data);
+    [CCode (has_target = false)]
+    public delegate int HmacSha256Update(void* hmac_context, uint8[] data, void* user_data);
+    [CCode (has_target = false)]
+    public delegate int HmacSha256Final(void* hmac_context, out Buffer buffer, void* user_data);
+    [CCode (has_target = false)]
+    public delegate int HmacSha256Cleanup(void* hmac_context, void* user_data);
+    [CCode (has_target = false)]
+    public delegate int Sha512DigestInit(out void* digest_context, void* user_data);
+    [CCode (has_target = false)]
+    public delegate int Sha512DigestUpdate(void* digest_context, uint8[] data, void* user_data);
+    [CCode (has_target = false)]
+    public delegate int Sha512DigestFinal(void* digest_context, out Buffer buffer, void* user_data);
+    [CCode (has_target = false)]
+    public delegate int Sha512DigestCleanup(void* digest_context, void* user_data);
+    [CCode (has_target = false)]
+    public delegate int CryptFunc(out Buffer output, Cipher cipher, uint8[] key, uint8[] iv, uint8[] content, void* user_data);
+
+    [Compact]
+    [CCode (cname = "signal_protocol_session_store", cheader_filename = "signal/signal_protocol.h")]
+    public struct NativeSessionStore {
+        public LoadSessionFunc load_session_func;
+        public GetSubDeviceSessionsFunc get_sub_device_sessions_func;
+        public StoreSessionFunc store_session_func;
+        public ContainsSessionFunc contains_session_func;
+        public DeleteSessionFunc delete_session_func;
+        public DeleteAllSessionsFunc delete_all_sessions_func;
+        public DestroyFunc destroy_func;
+        public void* user_data;
+    }
+    [CCode (has_target = false)]
+    public delegate int LoadSessionFunc(out Buffer record, out Buffer user_record, Address address, void* user_data);
+    [CCode (has_target = false)]
+    public delegate int GetSubDeviceSessionsFunc(out IntList sessions, [CCode (array_length_type = "size_t")] char[] name, void* user_data);
+    [CCode (has_target = false)]
+    public delegate int StoreSessionFunc(Address address, [CCode (array_length_type = "size_t")] uint8[] record, [CCode (array_length_type = "size_t")] uint8[] user_record, void* user_data);
+    [CCode (has_target = false)]
+    public delegate int ContainsSessionFunc(Address address, void* user_data);
+    [CCode (has_target = false)]
+    public delegate int DeleteSessionFunc(Address address, void* user_data);
+    [CCode (has_target = false)]
+    public delegate int DeleteAllSessionsFunc([CCode (array_length_type = "size_t")] char[] name, void* user_data);
+
+    [Compact]
+    [CCode (cname = "signal_protocol_identity_key_store", cheader_filename = "signal/signal_protocol.h")]
+    public struct NativeIdentityKeyStore {
+        GetIdentityKeyPairFunc get_identity_key_pair;
+        GetLocalRegistrationIdFunc get_local_registration_id;
+        SaveIdentityFunc save_identity;
+        IsTrustedIdentityFunc is_trusted_identity;
+        DestroyFunc destroy_func;
+        void* user_data;
+    }
+    [CCode (has_target = false)]
+    public delegate int GetIdentityKeyPairFunc(out Buffer public_data, out Buffer private_data, void* user_data);
+    [CCode (has_target = false)]
+    public delegate int GetLocalRegistrationIdFunc(void* user_data, out uint32 registration_id);
+    [CCode (has_target = false)]
+    public delegate int SaveIdentityFunc(Address address, [CCode (array_length_type = "size_t")] uint8[] key, void* user_data);
+    [CCode (has_target = false)]
+    public delegate int IsTrustedIdentityFunc(Address address, [CCode (array_length_type = "size_t")] uint8[] key, void* user_data);
+
+    [Compact]
+    [CCode (cname = "signal_protocol_pre_key_store", cheader_filename = "signal/signal_protocol.h")]
+    public struct NativePreKeyStore {
+        LoadPreKeyFunc load_pre_key;
+        StorePreKeyFunc store_pre_key;
+        ContainsPreKeyFunc contains_pre_key;
+        RemovePreKeyFunc remove_pre_key;
+        DestroyFunc destroy_func;
+        void* user_data;
+    }
+    [CCode (has_target = false)]
+    public delegate int LoadPreKeyFunc(out Buffer record, uint32 pre_key_id, void* user_data);
+    [CCode (has_target = false)]
+    public delegate int StorePreKeyFunc(uint32 pre_key_id, [CCode (array_length_type = "size_t")] uint8[] record, void* user_data);
+    [CCode (has_target = false)]
+    public delegate int ContainsPreKeyFunc(uint32 pre_key_id, void* user_data);
+    [CCode (has_target = false)]
+    public delegate int RemovePreKeyFunc(uint32 pre_key_id, void* user_data);
+
+
+    [Compact]
+    [CCode (cname = "signal_protocol_signed_pre_key_store", cheader_filename = "signal/signal_protocol.h")]
+    public struct NativeSignedPreKeyStore {
+        LoadPreKeyFunc load_signed_pre_key;
+        StorePreKeyFunc store_signed_pre_key;
+        ContainsPreKeyFunc contains_signed_pre_key;
+        RemovePreKeyFunc remove_signed_pre_key;
+        DestroyFunc destroy_func;
+        void* user_data;
+    }
+
+
+    [Compact]
+    [CCode (cname = "signal_protocol_sender_key_store")]
+    public struct NativeSenderKeyStore {
+        StoreSenderKeyFunc store_sender_key;
+        LoadSenderKeyFunc load_sender_key;
+        DestroyFunc destroy_func;
+        void* user_data;
+    }
+    [CCode (has_target = false)]
+    public delegate int StoreSenderKeyFunc(SenderKeyName sender_key_name, [CCode (array_length_type = "size_t")] uint8[] record, [CCode (array_length_type = "size_t")] uint8[] user_record, void* user_data);
+    [CCode (has_target = false)]
+    public delegate int LoadSenderKeyFunc(out Buffer record, out Buffer user_record, SenderKeyName sender_key_name, void* user_data);
+
+    [CCode (has_target = false)]
+    public delegate void DestroyFunc(void* user_data);
+
+    [Compact]
+    [CCode (cname = "signal_protocol_store_context", cprefix = "signal_protocol_store_context_", free_function="signal_protocol_store_context_destroy", cheader_filename = "signal/signal_protocol.h")]
+    public class NativeStoreContext {
+        public static int create(out NativeStoreContext context, NativeContext global_context);
+        public int set_session_store(NativeSessionStore store);
+        public int set_pre_key_store(NativePreKeyStore store);
+        public int set_signed_pre_key_store(NativeSignedPreKeyStore store);
+        public int set_identity_key_store(NativeIdentityKeyStore store);
+        public int set_sender_key_store(NativeSenderKeyStore store);
+    }
+
+
+    [CCode (cheader_filename = "signal/signal_protocol.h")]
+    namespace Protocol {
+
+        /**
+         * Interface to the pre-key store.
+         * These functions will use the callbacks in the provided
+         * signal_protocol_store_context instance and operate in terms of higher level
+         * library data structures.
+         */
+        [CCode (cprefix = "signal_protocol_pre_key_")]
+        namespace PreKey {
+            public int load_key(NativeStoreContext context, out PreKeyRecord pre_key, uint32 pre_key_id);
+            public int store_key(NativeStoreContext context, PreKeyRecord pre_key);
+            public int contains_key(NativeStoreContext context, uint32 pre_key_id);
+            public int remove_key(NativeStoreContext context, uint32 pre_key_id);
+        }
+
+        [CCode (cprefix = "signal_protocol_signed_pre_key_")]
+        namespace SignedPreKey {
+            public int load_key(NativeStoreContext context, out SignedPreKeyRecord pre_key, uint32 pre_key_id);
+            public int store_key(NativeStoreContext context, SignedPreKeyRecord pre_key);
+            public int contains_key(NativeStoreContext context, uint32 pre_key_id);
+            public int remove_key(NativeStoreContext context, uint32 pre_key_id);
+        }
+
+        /**
+         * Interface to the session store.
+         * These functions will use the callbacks in the provided
+         * signal_protocol_store_context instance and operate in terms of higher level
+         * library data structures.
+         */
+        [CCode (cprefix = "signal_protocol_session_")]
+        namespace Session {
+             public int load_session(NativeStoreContext context, out SessionRecord record, Address address);
+             public int get_sub_device_sessions(NativeStoreContext context, out IntList sessions, char[] name);
+             public int store_session(NativeStoreContext context, Address address, SessionRecord record);
+             public int contains_session(NativeStoreContext context, Address address);
+             public int delete_session(NativeStoreContext context, Address address);
+             public int delete_all_sessions(NativeStoreContext context, char[] name);
+        }
+
+        namespace Identity {
+            public int get_key_pair(NativeStoreContext store_context, out IdentityKeyPair key_pair);
+            public int get_local_registration_id(NativeStoreContext store_context, out uint32 registration_id);
+            public int save_identity(NativeStoreContext store_context, Address address, ECPublicKey identity_key);
+            public int is_trusted_identity(NativeStoreContext store_context, Address address, ECPublicKey identity_key);
+        }
+
+        [CCode (cheader_filename = "signal/key_helper.h", cprefix = "signal_protocol_key_helper_")]
+        namespace KeyHelper {
+            [Compact]
+            [CCode (cname = "signal_protocol_key_helper_pre_key_list_node", cprefix = "signal_protocol_key_helper_key_list_", free_function="signal_protocol_key_helper_key_list_free")]
+            public class PreKeyListNode {
+                public PreKeyRecord element();
+                public PreKeyListNode next();
+            }
+
+            public int generate_identity_key_pair(out IdentityKeyPair key_pair, NativeContext global_context);
+            public int generate_registration_id(out int32 registration_id, int extended_range, NativeContext global_context);
+            public int get_random_sequence(out int value, int max, NativeContext global_context);
+            public int generate_pre_keys(out PreKeyListNode head, uint start, uint count, NativeContext global_context);
+            public int generate_last_resort_pre_key(out PreKeyRecord pre_key, NativeContext global_context);
+            public int generate_signed_pre_key(out SignedPreKeyRecord signed_pre_key, IdentityKeyPair identity_key_pair, uint32 signed_pre_key_id, uint64 timestamp, NativeContext global_context);
+            public int generate_sender_signing_key(out ECKeyPair key_pair, NativeContext global_context);
+            public int generate_sender_key(out Buffer key_buffer, NativeContext global_context);
+            public int generate_sender_key_id(out int32 key_id, NativeContext global_context);
+        }
+    }
+
+    [CCode (cheader_filename = "signal/curve.h")]
+    namespace Curve {
+        [CCode (cname = "curve_calculate_agreement")]
+        public int calculate_agreement([CCode (array_length = false)] out uint8[] shared_key_data, ECPublicKey public_key, ECPrivateKey private_key);
+        [CCode (cname = "curve_calculate_signature")]
+        public int calculate_signature(NativeContext context, out Buffer signature, ECPrivateKey signing_key, uint8[] message);
+        [CCode (cname = "curve_verify_signature")]
+        public int verify_signature(ECPublicKey signing_key, uint8[] message, uint8[] signature);
+    }
+
+    [CCode (cname = "session_builder_create", cheader_filename = "signal/session_builder.h")]
+    public static int session_builder_create(out SessionBuilder builder, NativeStoreContext store, Address remote_address, NativeContext global_context);
+    [CCode (cname = "session_cipher_create", cheader_filename = "signal/session_cipher.h")]
+    public static int session_cipher_create(out SessionCipher cipher, NativeStoreContext store, Address remote_address, NativeContext global_context);
+    [CCode (cname = "pre_key_signal_message_deserialize", cheader_filename = "signal/protocol.h")]
+    public static int pre_key_signal_message_deserialize(out PreKeySignalMessage message, uint8[] data, NativeContext global_context);
+    [CCode (cname = "pre_key_signal_message_copy", cheader_filename = "signal/protocol.h")]
+    public static int pre_key_signal_message_copy(out PreKeySignalMessage message, PreKeySignalMessage other_message, NativeContext global_context);
+    [CCode (cname = "signal_message_create", cheader_filename = "signal/protocol.h")]
+    public static int signal_message_create(out SignalMessage message, uint8 message_version, uint8[] mac_key, ECPublicKey sender_ratchet_key, uint32 counter, uint32 previous_counter, uint8[] ciphertext, ECPublicKey sender_identity_key, ECPublicKey receiver_identity_key, NativeContext global_context);
+    [CCode (cname = "signal_message_deserialize", cheader_filename = "signal/protocol.h")]
+    public static int signal_message_deserialize(out SignalMessage message, uint8[] data, NativeContext global_context);
+    [CCode (cname = "signal_message_copy", cheader_filename = "signal/protocol.h")]
+    public static int signal_message_copy(out SignalMessage message, SignalMessage other_message, NativeContext global_context);
+    [CCode (cname = "curve_generate_key_pair", cheader_filename = "signal/curve.h")]
+    public static int curve_generate_key_pair(NativeContext context, out ECKeyPair key_pair);
+    [CCode (cname = "curve_decode_private_point", cheader_filename = "signal/curve.h")]
+    public static int curve_decode_private_point(out ECPrivateKey public_key, uint8[] key, NativeContext global_context);
+    [CCode (cname = "curve_decode_point", cheader_filename = "signal/curve.h")]
+    public static int curve_decode_point(out ECPublicKey public_key, uint8[] key, NativeContext global_context);
+    [CCode (cname = "curve_generate_private_key", cheader_filename = "signal/curve.h")]
+    public static int curve_generate_private_key(NativeContext context, out ECPrivateKey private_key);
+    [CCode (cname = "ratchet_identity_key_pair_deserialize", cheader_filename = "signal/ratchet.h")]
+    public static int ratchet_identity_key_pair_deserialize(out IdentityKeyPair key_pair, uint8[] data, NativeContext global_context);
+    [CCode (cname = "session_signed_pre_key_deserialize", cheader_filename = "signal/signed_pre_key.h")]
+    public static int session_signed_pre_key_deserialize(out SignedPreKeyRecord pre_key, uint8[] data, NativeContext global_context);
+
+    [Compact]
+    [CCode (cname = "hkdf_context", cprefix = "hkdf_", free_function = "hkdf_destroy", cheader_filename = "signal/hkdf.h")]
+    public class NativeHkdfContext {
+        public static int create(out NativeHkdfContext context, int message_version, NativeContext global_context);
+        public int compare(NativeHkdfContext other);
+        public ssize_t derive_secrets([CCode (array_length = false)] out uint8[] output, uint8[] input_key_material, uint8[] salt, uint8[] info, size_t output_len);
+    }
+
+    [CCode (cname = "setup_signal_vala_crypto_provider", cheader_filename = "signal/signal_helper.h")]
+    public static void setup_crypto_provider(NativeContext context);
+    [CCode (cname = "signal_vala_randomize", cheader_filename = "signal/signal_helper.h")]
+    public static int native_random(uint8[] data);
+}