From 5d2252ebdabff4d72bacbf090ee5af3b95b5c0d8 Mon Sep 17 00:00:00 2001
From: akwizgran <michael@briarproject.org>
Date: Wed, 22 May 2019 15:06:26 +0100
Subject: [PATCH] Add method for deriving rendezvous key.

---
 .../api/rendezvous/RendezvousConstants.java   | 20 ++++++++++++-
 .../api/rendezvous/RendezvousCrypto.java      |  9 +++++-
 .../rendezvous/RendezvousCryptoImpl.java      | 29 +++++++++++++++++--
 3 files changed, 53 insertions(+), 5 deletions(-)

diff --git a/bramble-api/src/main/java/org/briarproject/bramble/api/rendezvous/RendezvousConstants.java b/bramble-api/src/main/java/org/briarproject/bramble/api/rendezvous/RendezvousConstants.java
index 00ac61fe1..a27c15273 100644
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/rendezvous/RendezvousConstants.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/rendezvous/RendezvousConstants.java
@@ -1,9 +1,27 @@
 package org.briarproject.bramble.api.rendezvous;
 
+import static java.util.concurrent.TimeUnit.DAYS;
+
 public interface RendezvousConstants {
 
 	/**
-	 * Label for deriving key material from the master key.
+	 * The current version of the rendezvous protocol.
+	 */
+	byte PROTOCOL_VERSION = 0;
+
+	/**
+	 * How long to try to rendezvous with a pending contact before giving up.
+	 */
+	long RENDEZVOUS_TIMEOUT_MS = DAYS.toMillis(2);
+
+	/**
+	 * Label for deriving the rendezvous key from the handshake key pairs.
+	 */
+	String RENDEZVOUS_KEY_LABEL =
+			"org.briarproject.bramble.rendezvous/RENDEZVOUS_KEY";
+
+	/**
+	 * Label for deriving key material from the rendezvous key.
 	 */
 	String KEY_MATERIAL_LABEL =
 			"org.briarproject.bramble.rendezvous/KEY_MATERIAL";
diff --git a/bramble-api/src/main/java/org/briarproject/bramble/api/rendezvous/RendezvousCrypto.java b/bramble-api/src/main/java/org/briarproject/bramble/api/rendezvous/RendezvousCrypto.java
index e6cacef09..141e61285 100644
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/rendezvous/RendezvousCrypto.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/rendezvous/RendezvousCrypto.java
@@ -1,12 +1,19 @@
 package org.briarproject.bramble.api.rendezvous;
 
+import org.briarproject.bramble.api.crypto.KeyPair;
+import org.briarproject.bramble.api.crypto.PublicKey;
 import org.briarproject.bramble.api.crypto.SecretKey;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.TransportId;
 
+import java.security.GeneralSecurityException;
+
 @NotNullByDefault
 public interface RendezvousCrypto {
 
-	KeyMaterialSource createKeyMaterialSource(SecretKey masterKey,
+	SecretKey deriveRendezvousKey(PublicKey theirPublicKey, KeyPair ourKeyPair)
+			throws GeneralSecurityException;
+
+	KeyMaterialSource createKeyMaterialSource(SecretKey rendezvousKey,
 			TransportId t);
 }
diff --git a/bramble-core/src/main/java/org/briarproject/bramble/rendezvous/RendezvousCryptoImpl.java b/bramble-core/src/main/java/org/briarproject/bramble/rendezvous/RendezvousCryptoImpl.java
index 01877ae48..b627b6c51 100644
--- a/bramble-core/src/main/java/org/briarproject/bramble/rendezvous/RendezvousCryptoImpl.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/rendezvous/RendezvousCryptoImpl.java
@@ -1,16 +1,23 @@
 package org.briarproject.bramble.rendezvous;
 
+import org.briarproject.bramble.api.Bytes;
 import org.briarproject.bramble.api.crypto.CryptoComponent;
+import org.briarproject.bramble.api.crypto.KeyPair;
+import org.briarproject.bramble.api.crypto.PublicKey;
 import org.briarproject.bramble.api.crypto.SecretKey;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.briarproject.bramble.api.plugin.TransportId;
 import org.briarproject.bramble.api.rendezvous.KeyMaterialSource;
 import org.briarproject.bramble.api.rendezvous.RendezvousCrypto;
 
+import java.security.GeneralSecurityException;
+
 import javax.annotation.concurrent.Immutable;
 import javax.inject.Inject;
 
 import static org.briarproject.bramble.api.rendezvous.RendezvousConstants.KEY_MATERIAL_LABEL;
+import static org.briarproject.bramble.api.rendezvous.RendezvousConstants.RENDEZVOUS_KEY_LABEL;
+import static org.briarproject.bramble.api.rendezvous.RendezvousConstants.PROTOCOL_VERSION;
 import static org.briarproject.bramble.util.StringUtils.toUtf8;
 
 @Immutable
@@ -25,10 +32,26 @@ class RendezvousCryptoImpl implements RendezvousCrypto {
 	}
 
 	@Override
-	public KeyMaterialSource createKeyMaterialSource(SecretKey masterKey,
+	public SecretKey deriveRendezvousKey(PublicKey theirPublicKey,
+			KeyPair ourKeyPair) throws GeneralSecurityException {
+		byte[] ourPublicKeyBytes = ourKeyPair.getPublic().getEncoded();
+		byte[] theirPublicKeyBytes = theirPublicKey.getEncoded();
+		boolean alice = new Bytes(ourPublicKeyBytes).compareTo(
+				new Bytes(theirPublicKeyBytes)) < 0;
+		byte[][] inputs = {
+				new byte[] {PROTOCOL_VERSION},
+				alice ? ourPublicKeyBytes : theirPublicKeyBytes,
+				alice ? theirPublicKeyBytes : ourPublicKeyBytes
+		};
+		return crypto.deriveSharedSecret(RENDEZVOUS_KEY_LABEL, theirPublicKey,
+				ourKeyPair, inputs);
+	}
+
+	@Override
+	public KeyMaterialSource createKeyMaterialSource(SecretKey rendezvousKey,
 			TransportId t) {
-		SecretKey sourceKey = crypto.deriveKey(KEY_MATERIAL_LABEL, masterKey,
-				toUtf8(t.getString()));
+		SecretKey sourceKey = crypto.deriveKey(KEY_MATERIAL_LABEL,
+				rendezvousKey, toUtf8(t.getString()));
 		return new KeyMaterialSourceImpl(sourceKey);
 	}
 }