Derive separate keys for each direction.

test/build.xml

@@ -16,6 +16,8 @@
 			<test name='net.sf.briar.FileReadWriteTest'/>
 			<test name='net.sf.briar.LockFairnessTest'/>
 			<test name='net.sf.briar.crypto.CounterModeTest'/>
+			<test name='net.sf.briar.crypto.CryptoComponentTest'/>
+			<test name='net.sf.briar.crypto.SharedSecretTest'/>
 			<test name='net.sf.briar.db.BasicH2Test'/>
 			<test name='net.sf.briar.db.DatabaseCleanerImplTest'/>
 			<test name='net.sf.briar.db.H2DatabaseTest'/>

test/net/sf/briar/FileReadWriteTest.java

@@ -71,7 +71,7 @@ public class FileReadWriteTest extends TestCase {
 	private final ProtocolReaderFactory protocolReaderFactory;
 	private final ProtocolWriterFactory protocolWriterFactory;
 	private final CryptoComponent crypto;
-	private final byte[] secret = new byte[45];
+	private final byte[] aliceSecret, bobSecret;
 	private final int transportId = 123;
 	private final long connection = 234L;
 	private final Author author;
@@ -94,6 +94,10 @@ public class FileReadWriteTest extends TestCase {
 		crypto = i.getInstance(CryptoComponent.class);
 		assertEquals(crypto.getMessageDigest().getDigestLength(),
 				UniqueId.LENGTH);
+		// Create matching secrets: one for Alice, one for Bob
+		aliceSecret = new byte[45];
+		aliceSecret[16] = (byte) 1;
+		bobSecret = new byte[45];
 		// Create two groups: one restricted, one unrestricted
 		GroupFactory groupFactory = i.getInstance(GroupFactory.class);
 		group = groupFactory.createGroup("Unrestricted group", null);
@@ -129,8 +133,9 @@ public class FileReadWriteTest extends TestCase {
 	@Test
 	public void testWriteFile() throws Exception {
 		OutputStream out = new FileOutputStream(file);
+		// Use Alice's secret for writing
 		PacketWriter packetWriter = packetWriterFactory.createPacketWriter(out,
-				transportId, connection, secret);
+				transportId, connection, aliceSecret);
 		out = packetWriter.getOutputStream();
 
 		AckWriter a = protocolWriterFactory.createAckWriter(out);
@@ -194,8 +199,9 @@ public class FileReadWriteTest extends TestCase {
 			offset += read;
 		}
 		assertEquals(16, offset);
+		// Use Bob's secret for reading
 		PacketReader packetReader = packetReaderFactory.createPacketReader(
-				firstTag, in, transportId, connection, secret);
+				firstTag, in, transportId, connection, bobSecret);
 		in = packetReader.getInputStream();
 		ProtocolReader protocolReader =
 			protocolReaderFactory.createProtocolReader(in);

test/net/sf/briar/crypto/CryptoComponentTest.java

@@ -0,0 +1,49 @@
+package net.sf.briar.crypto;
+
+import junit.framework.TestCase;
+import net.sf.briar.api.crypto.CryptoComponent;
+
+import org.junit.Test;
+
+import com.google.inject.Guice;
+import com.google.inject.Injector;
+
+public class CryptoComponentTest extends TestCase {
+
+	private final CryptoComponent crypto;
+
+	public CryptoComponentTest() {
+		super();
+		Injector i = Guice.createInjector(new CryptoModule());
+		crypto = i.getInstance(CryptoComponent.class);
+	}
+
+	@Test
+	public void testKeyDerivation() {
+		// Create matching secrets: one for Alice, one for Bob
+		byte[] aliceSecret = new byte[123];
+		aliceSecret[SharedSecret.IV_BYTES] = (byte) 1;
+		byte[] bobSecret = new byte[123];
+		// Check that Alice's incoming keys match Bob's outgoing keys
+		assertEquals(crypto.deriveIncomingMacKey(aliceSecret),
+				crypto.deriveOutgoingMacKey(bobSecret));
+		assertEquals(crypto.deriveIncomingPacketKey(aliceSecret),
+				crypto.deriveOutgoingPacketKey(bobSecret));
+		assertEquals(crypto.deriveIncomingTagKey(aliceSecret),
+				crypto.deriveOutgoingTagKey(bobSecret));
+		// Check that Alice's outgoing keys match Bob's incoming keys
+		assertEquals(crypto.deriveOutgoingMacKey(aliceSecret),
+				crypto.deriveIncomingMacKey(bobSecret));
+		assertEquals(crypto.deriveOutgoingPacketKey(aliceSecret),
+				crypto.deriveIncomingPacketKey(bobSecret));
+		assertEquals(crypto.deriveOutgoingTagKey(aliceSecret),
+				crypto.deriveIncomingTagKey(bobSecret));
+		// Check that Alice's incoming and outgoing keys are different
+		assertFalse(crypto.deriveIncomingMacKey(aliceSecret).equals(
+				crypto.deriveOutgoingMacKey(aliceSecret)));
+		assertFalse(crypto.deriveIncomingPacketKey(aliceSecret).equals(
+				crypto.deriveOutgoingPacketKey(aliceSecret)));
+		assertFalse(crypto.deriveIncomingTagKey(aliceSecret).equals(
+				crypto.deriveOutgoingTagKey(aliceSecret)));
+	}
+}

test/net/sf/briar/transport/ConnectionRecogniserImplTest.java

@@ -60,7 +60,7 @@ public class ConnectionRecogniserImplTest extends TestCase {
 	@Test
 	public void testExpectedTag() throws Exception {
 		// Calculate the expected tag for connection number 3
-		SecretKey tagKey = crypto.deriveTagKey(secret);
+		SecretKey tagKey = crypto.deriveIncomingTagKey(secret);
 		Cipher tagCipher = crypto.getTagCipher();
 		tagCipher.init(Cipher.ENCRYPT_MODE, tagKey);
 		byte[] tag = TagEncoder.encodeTag(transportId, 3L, 0);

test/net/sf/briar/transport/PacketReadWriteTest.java

@@ -39,9 +39,10 @@ public class PacketReadWriteTest extends TestCase {
 		crypto = i.getInstance(CryptoComponent.class);
 		tagCipher = crypto.getTagCipher();
 		packetCipher = crypto.getPacketCipher();
-		macKey = crypto.deriveMacKey(secret);
-		tagKey = crypto.deriveTagKey(secret);
-		packetKey = crypto.derivePacketKey(secret);
+		// Since we're sending packets to ourselves, we only need outgoing keys
+		macKey = crypto.deriveOutgoingMacKey(secret);
+		tagKey = crypto.deriveOutgoingTagKey(secret);
+		packetKey = crypto.deriveOutgoingPacketKey(secret);
 		mac = crypto.getMac();
 		random = new Random();
 	}