Store the incoming and outgoing secrets separately.

api/net/sf/briar/api/crypto/CryptoComponent.java

@@ -9,20 +9,16 @@ import javax.crypto.Mac;
 
 public interface CryptoComponent {
 
-	ErasableKey deriveIncomingFrameKey(byte[] secret);
+	ErasableKey deriveFrameKey(byte[] source, boolean initiator);
 
-	ErasableKey deriveIncomingIvKey(byte[] secret);
+	ErasableKey deriveIvKey(byte[] source, boolean initiator);
 
-	ErasableKey deriveIncomingMacKey(byte[] secret);
-
-	ErasableKey deriveOutgoingFrameKey(byte[] secret);
-
-	ErasableKey deriveOutgoingIvKey(byte[] secret);
-
-	ErasableKey deriveOutgoingMacKey(byte[] secret);
+	ErasableKey deriveMacKey(byte[] source, boolean initiator);
 
 	KeyPair generateKeyPair();
 
+	ErasableKey generateTestKey();
+
 	Cipher getFrameCipher();
 
 	Cipher getIvCipher();
@@ -36,6 +32,4 @@ public interface CryptoComponent {
 	SecureRandom getSecureRandom();
 
 	Signature getSignature();
-
-	ErasableKey generateTestKey();
 }

api/net/sf/briar/api/db/DatabaseComponent.java

@@ -53,10 +53,11 @@ public interface DatabaseComponent {
 	void removeListener(DatabaseListener d);
 
 	/**
-	 * Adds a new contact to the database with the given secret and returns an
+	 * Adds a new contact to the database with the given secrets and returns an
 	 * ID for the contact.
 	 */
-	ContactId addContact(byte[] secret) throws DbException;
+	ContactId addContact(byte[] incomingSecret, byte[] outgoingSecret)
+	throws DbException;
 
 	/** Adds a locally generated group message to the database. */
 	void addLocalGroupMessage(Message m) throws DbException;
@@ -158,7 +159,7 @@ public interface DatabaseComponent {
 	throws DbException;
 
 	/** Returns the secret shared with the given contact. */
-	byte[] getSharedSecret(ContactId c) throws DbException;
+	byte[] getSharedSecret(ContactId c, boolean incoming) throws DbException;
 
 	/** Returns the set of groups to which the user subscribes. */
 	Collection<Group> getSubscriptions() throws DbException;

api/net/sf/briar/api/transport/ConnectionReaderFactory.java

@@ -8,14 +8,15 @@ public interface ConnectionReaderFactory {
 
 	/**
 	 * Creates a connection reader for a batch-mode connection or the
-	 * initiator's side of a stream-mode connection.
+	 * initiator's side of a stream-mode connection. The secret is erased before
+	 * returning.
 	 */
 	ConnectionReader createConnectionReader(InputStream in, TransportIndex i,
 			byte[] encryptedIv, byte[] secret);
 
 	/**
 	 * Creates a connection reader for the responder's side of a stream-mode
-	 * connection.
+	 * connection. The secret is erased before returning.
 	 */
 	ConnectionReader createConnectionReader(InputStream in, TransportIndex i,
 			long connection, byte[] secret);

api/net/sf/briar/api/transport/ConnectionWriterFactory.java

@@ -8,14 +8,15 @@ public interface ConnectionWriterFactory {
 
 	/**
 	 * Creates a connection writer for a batch-mode connection or the
-	 * initiator's side of a stream-mode connection.
+	 * initiator's side of a stream-mode connection. The secret is erased before
+	 * returning.
 	 */
 	ConnectionWriter createConnectionWriter(OutputStream out, long capacity,
 			TransportIndex i, long connection, byte[] secret);
 
 	/**
 	 * Creates a connection writer for the responder's side of a stream-mode
-	 * connection.
+	 * connection. The secret is erased before returning.
 	 */
 	ConnectionWriter createConnectionWriter(OutputStream out, long capacity,
 			TransportIndex i, byte[] encryptedIv, byte[] secret);