diff --git a/bramble-api/src/main/java/org/briarproject/bramble/api/crypto/CryptoComponent.java b/bramble-api/src/main/java/org/briarproject/bramble/api/crypto/CryptoComponent.java index 90f9da6f092f76f6ac9bdc3208f9b1ecc98622bb..3a2be304a6fbc9d2e1529eebf72fc7f8794c1832 100644 --- a/bramble-api/src/main/java/org/briarproject/bramble/api/crypto/CryptoComponent.java +++ b/bramble-api/src/main/java/org/briarproject/bramble/api/crypto/CryptoComponent.java @@ -32,18 +32,6 @@ public interface CryptoComponent { */ SecretKey deriveKey(String label, SecretKey k, byte[]... inputs); - /** - * Derives a nonce from the given secret key that can be used for key - * binding. - * - * TODO: This just calls mac(), remove it - * - * @param label a namespaced label indicating the purpose of this nonce, - * to prevent it from being repurposed or colliding with a nonce derived - * for another purpose - */ - byte[] deriveKeyBindingNonce(String label, SecretKey k); - /** * Derives a common shared secret from two public keys and one of the * corresponding private keys. diff --git a/bramble-core/src/main/java/org/briarproject/bramble/contact/ContactExchangeTaskImpl.java b/bramble-core/src/main/java/org/briarproject/bramble/contact/ContactExchangeTaskImpl.java index 5a86874ec39b5cd11bbd40bcb09ed561eeba363e..50a4f841cba5c01c95113c3c52bdb4eba537784c 100644 --- a/bramble-core/src/main/java/org/briarproject/bramble/contact/ContactExchangeTaskImpl.java +++ b/bramble-core/src/main/java/org/briarproject/bramble/contact/ContactExchangeTaskImpl.java @@ -157,10 +157,8 @@ class ContactExchangeTaskImpl extends Thread implements ContactExchangeTask { BdfWriter w = bdfWriterFactory.createWriter(streamWriter); // Derive the nonces to be signed - byte[] aliceNonce = crypto.deriveKeyBindingNonce(ALICE_NONCE_LABEL, - masterSecret); - byte[] bobNonce = crypto.deriveKeyBindingNonce(BOB_NONCE_LABEL, - masterSecret); + byte[] aliceNonce = crypto.mac(ALICE_NONCE_LABEL, masterSecret); + byte[] bobNonce = crypto.mac(BOB_NONCE_LABEL, masterSecret); // Exchange pseudonyms, signed nonces, and timestamps long localTimestamp = clock.currentTimeMillis(); diff --git a/bramble-core/src/main/java/org/briarproject/bramble/crypto/CryptoComponentImpl.java b/bramble-core/src/main/java/org/briarproject/bramble/crypto/CryptoComponentImpl.java index 5e2985ef8e71b06286ba91e90b20ecf6b778d3e0..37af381df94e92420b5437bb5fc334d1521cc7ec 100644 --- a/bramble-core/src/main/java/org/briarproject/bramble/crypto/CryptoComponentImpl.java +++ b/bramble-core/src/main/java/org/briarproject/bramble/crypto/CryptoComponentImpl.java @@ -220,12 +220,9 @@ class CryptoComponentImpl implements CryptoComponent { @Override public SecretKey deriveKey(String label, SecretKey k, byte[]... inputs) { - return new SecretKey(mac(label, k, inputs)); - } - - @Override - public byte[] deriveKeyBindingNonce(String label, SecretKey k) { - return mac(label, k); + byte[] mac = mac(label, k, inputs); + if (mac.length != SecretKey.LENGTH) throw new IllegalStateException(); + return new SecretKey(mac); } @Override diff --git a/briar-core/src/main/java/org/briarproject/briar/introduction/IntroduceeManager.java b/briar-core/src/main/java/org/briarproject/briar/introduction/IntroduceeManager.java index 84cd1450ea616279cd282c8cde7662eb90585841..6ecfcef49cfa0b54d7ef7c305a7eedf66153f352 100644 --- a/briar-core/src/main/java/org/briarproject/briar/introduction/IntroduceeManager.java +++ b/briar-core/src/main/java/org/briarproject/briar/introduction/IntroduceeManager.java @@ -451,15 +451,16 @@ class IntroduceeManager { private void deriveMacKeysAndNonces(BdfDictionary localState, LocalAuthor author, SecretKey secretKey, boolean alice) throws FormatException, GeneralSecurityException { - // Derive two nonces and MAC keys from the shared secret key - byte[] ourNonce = cryptoComponent.deriveKeyBindingNonce( - alice ? ALICE_NONCE_LABEL : BOB_NONCE_LABEL, secretKey); - byte[] theirNonce = cryptoComponent.deriveKeyBindingNonce( - alice ? BOB_NONCE_LABEL : ALICE_NONCE_LABEL, secretKey); - SecretKey ourMacKey = cryptoComponent.deriveKey( - alice ? ALICE_MAC_KEY_LABEL : BOB_MAC_KEY_LABEL, secretKey); - SecretKey theirMacKey = cryptoComponent.deriveKey( - alice ? BOB_MAC_KEY_LABEL : ALICE_MAC_KEY_LABEL, secretKey); + // Derive two nonces and two MAC keys from the shared secret key + String ourNonceLabel = alice ? ALICE_NONCE_LABEL : BOB_NONCE_LABEL; + String theirNonceLabel = alice ? BOB_NONCE_LABEL : ALICE_NONCE_LABEL; + byte[] ourNonce = cryptoComponent.mac(ourNonceLabel, secretKey); + byte[] theirNonce = cryptoComponent.mac(theirNonceLabel, secretKey); + String ourKeyLabel = alice ? ALICE_MAC_KEY_LABEL : BOB_MAC_KEY_LABEL; + String theirKeyLabel = alice ? BOB_MAC_KEY_LABEL : ALICE_MAC_KEY_LABEL; + SecretKey ourMacKey = cryptoComponent.deriveKey(ourKeyLabel, secretKey); + SecretKey theirMacKey = + cryptoComponent.deriveKey(theirKeyLabel, secretKey); // Save the other nonce and MAC key for the verification localState.put(NONCE, theirNonce); diff --git a/briar-core/src/test/java/org/briarproject/briar/introduction/IntroductionIntegrationTest.java b/briar-core/src/test/java/org/briarproject/briar/introduction/IntroductionIntegrationTest.java index f3e3fcf23ff6b2729fcd182bb95102240a52322a..b6b088f9d5293f86e3a29ed9e630ca0cf54fb268 100644 --- a/briar-core/src/test/java/org/briarproject/briar/introduction/IntroductionIntegrationTest.java +++ b/briar-core/src/test/java/org/briarproject/briar/introduction/IntroductionIntegrationTest.java @@ -755,8 +755,7 @@ public class IntroductionIntegrationTest // Nonce 1 SecretKey sharedSecret = crypto.deriveSharedSecret(SHARED_SECRET_LABEL, eKeyPair2.getPublic(), eKeyPair1, true); - byte[] nonce1 = crypto.deriveKeyBindingNonce(ALICE_NONCE_LABEL, - sharedSecret); + byte[] nonce1 = crypto.mac(ALICE_NONCE_LABEL, sharedSecret); // Signature 1 byte[] sig1 = crypto.sign(SIGNING_LABEL, nonce1, @@ -791,7 +790,7 @@ public class IntroductionIntegrationTest byte[] ePublicKeyBytes1f = eKeyPair1f.getPublic().getEncoded(); sharedSecret = crypto.deriveSharedSecret(SHARED_SECRET_LABEL, eKeyPair2.getPublic(), eKeyPair1f, true); - nonce1 = crypto.deriveKeyBindingNonce(ALICE_NONCE_LABEL, sharedSecret); + nonce1 = crypto.mac(ALICE_NONCE_LABEL, sharedSecret); // recalculate MAC macKey1 = crypto.deriveKey(ALICE_MAC_KEY_LABEL, sharedSecret);