Commit 82a52638 authored by akwizgran's avatar akwizgran

Derive rendezvous key from static master key.

parent a38113e8
......@@ -21,7 +21,7 @@ public interface RendezvousConstants {
long POLLING_INTERVAL_MS = MINUTES.toMillis(1);
/**
* Label for deriving the rendezvous key from the handshake key pairs.
* Label for deriving the rendezvous key from the static master key.
*/
String RENDEZVOUS_KEY_LABEL =
"org.briarproject.bramble.rendezvous/RENDEZVOUS_KEY";
......
package org.briarproject.bramble.api.rendezvous;
import org.briarproject.bramble.api.crypto.KeyPair;
import org.briarproject.bramble.api.crypto.PublicKey;
import org.briarproject.bramble.api.crypto.SecretKey;
import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
import org.briarproject.bramble.api.plugin.TransportId;
import java.security.GeneralSecurityException;
@NotNullByDefault
public interface RendezvousCrypto {
SecretKey deriveRendezvousKey(PublicKey theirPublicKey, KeyPair ourKeyPair)
throws GeneralSecurityException;
SecretKey deriveRendezvousKey(SecretKey staticMasterKey);
KeyMaterialSource createKeyMaterialSource(SecretKey rendezvousKey,
TransportId t);
......
package org.briarproject.bramble.rendezvous;
import org.briarproject.bramble.api.Bytes;
import org.briarproject.bramble.api.crypto.CryptoComponent;
import org.briarproject.bramble.api.crypto.KeyPair;
import org.briarproject.bramble.api.crypto.PublicKey;
import org.briarproject.bramble.api.crypto.SecretKey;
import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
import org.briarproject.bramble.api.plugin.TransportId;
import org.briarproject.bramble.api.rendezvous.KeyMaterialSource;
import org.briarproject.bramble.api.rendezvous.RendezvousCrypto;
import java.security.GeneralSecurityException;
import javax.annotation.concurrent.Immutable;
import javax.inject.Inject;
import static org.briarproject.bramble.api.rendezvous.RendezvousConstants.KEY_MATERIAL_LABEL;
import static org.briarproject.bramble.api.rendezvous.RendezvousConstants.RENDEZVOUS_KEY_LABEL;
import static org.briarproject.bramble.api.rendezvous.RendezvousConstants.PROTOCOL_VERSION;
import static org.briarproject.bramble.util.StringUtils.toUtf8;
@Immutable
......@@ -32,19 +26,8 @@ class RendezvousCryptoImpl implements RendezvousCrypto {
}
@Override
public SecretKey deriveRendezvousKey(PublicKey theirPublicKey,
KeyPair ourKeyPair) throws GeneralSecurityException {
byte[] ourPublicKeyBytes = ourKeyPair.getPublic().getEncoded();
byte[] theirPublicKeyBytes = theirPublicKey.getEncoded();
boolean alice = new Bytes(ourPublicKeyBytes).compareTo(
new Bytes(theirPublicKeyBytes)) < 0;
byte[][] inputs = {
new byte[] {PROTOCOL_VERSION},
alice ? ourPublicKeyBytes : theirPublicKeyBytes,
alice ? theirPublicKeyBytes : ourPublicKeyBytes
};
return crypto.deriveSharedSecret(RENDEZVOUS_KEY_LABEL, theirPublicKey,
ourKeyPair, inputs);
public SecretKey deriveRendezvousKey(SecretKey staticMasterKey) {
return crypto.deriveKey(RENDEZVOUS_KEY_LABEL, staticMasterKey);
}
@Override
......
......@@ -8,6 +8,7 @@ import org.briarproject.bramble.api.contact.event.PendingContactAddedEvent;
import org.briarproject.bramble.api.contact.event.PendingContactRemovedEvent;
import org.briarproject.bramble.api.crypto.KeyPair;
import org.briarproject.bramble.api.crypto.SecretKey;
import org.briarproject.bramble.api.crypto.TransportCrypto;
import org.briarproject.bramble.api.db.DatabaseComponent;
import org.briarproject.bramble.api.db.DbException;
import org.briarproject.bramble.api.event.Event;
......@@ -71,6 +72,7 @@ class RendezvousPollerImpl implements RendezvousPoller, Service, EventListener {
private final ScheduledExecutorService scheduler;
private final DatabaseComponent db;
private final IdentityManager identityManager;
private final TransportCrypto transportCrypto;
private final RendezvousCrypto rendezvousCrypto;
private final PluginManager pluginManager;
private final ConnectionManager connectionManager;
......@@ -91,6 +93,7 @@ class RendezvousPollerImpl implements RendezvousPoller, Service, EventListener {
@Scheduler ScheduledExecutorService scheduler,
DatabaseComponent db,
IdentityManager identityManager,
TransportCrypto transportCrypto,
RendezvousCrypto rendezvousCrypto,
PluginManager pluginManager,
ConnectionManager connectionManager,
......@@ -99,6 +102,7 @@ class RendezvousPollerImpl implements RendezvousPoller, Service, EventListener {
this.scheduler = scheduler;
this.db = db;
this.identityManager = identityManager;
this.transportCrypto = transportCrypto;
this.rendezvousCrypto = rendezvousCrypto;
this.pluginManager = pluginManager;
this.connectionManager = connectionManager;
......@@ -145,8 +149,10 @@ class RendezvousPollerImpl implements RendezvousPoller, Service, EventListener {
handshakeKeyPair = db.transactionWithResult(true,
identityManager::getHandshakeKeys);
}
SecretKey staticMasterKey = transportCrypto
.deriveStaticMasterKey(p.getPublicKey(), handshakeKeyPair);
SecretKey rendezvousKey = rendezvousCrypto
.deriveRendezvousKey(p.getPublicKey(), handshakeKeyPair);
.deriveRendezvousKey(staticMasterKey);
requireNull(rendezvousKeys.put(p.getId(), rendezvousKey));
for (PluginState ps : pluginStates.values()) {
RendezvousEndpoint endpoint =
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment