From 9b4f60088fa4f921c160700a0e97635b66ccf028 Mon Sep 17 00:00:00 2001
From: akwizgran <michael@briarproject.org>
Date: Thu, 30 May 2019 14:30:39 +0100
Subject: [PATCH] Add methods for deriving static master and root keys.

---
 .../bramble/api/crypto/TransportCrypto.java   | 16 ++++++++++
 .../api/transport/TransportConstants.java     | 28 ++++++++++++-----
 .../bramble/crypto/TransportCryptoImpl.java   | 30 +++++++++++++++++++
 3 files changed, 66 insertions(+), 8 deletions(-)

diff --git a/bramble-api/src/main/java/org/briarproject/bramble/api/crypto/TransportCrypto.java b/bramble-api/src/main/java/org/briarproject/bramble/api/crypto/TransportCrypto.java
index 6db16f7d5..a58645792 100644
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/crypto/TransportCrypto.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/crypto/TransportCrypto.java
@@ -3,12 +3,28 @@ package org.briarproject.bramble.api.crypto;
 import org.briarproject.bramble.api.plugin.TransportId;
 import org.briarproject.bramble.api.transport.TransportKeys;
 
+import java.security.GeneralSecurityException;
+
 /**
  * Crypto operations for the transport security protocol - see
  * https://code.briarproject.org/briar/briar-spec/blob/master/protocols/BTP.md
  */
 public interface TransportCrypto {
 
+	/**
+	 * Derives the static master key shared with a contact or pending contact.
+	 */
+	SecretKey deriveStaticMasterKey(PublicKey theirHandshakePublicKey,
+			KeyPair ourHandshakeKeyPair) throws GeneralSecurityException;
+
+	/**
+	 * Derives the handshake mode root key from the static master key.
+	 * @param pendingContact Whether the static master key is shared with a
+	 * pending contact or a contact
+	 */
+	SecretKey deriveHandshakeRootKey(SecretKey staticMasterKey,
+			boolean pendingContact);
+
 	/**
 	 * Derives initial rotation mode transport keys for the given transport in
 	 * the given time period from the given root key.
diff --git a/bramble-api/src/main/java/org/briarproject/bramble/api/transport/TransportConstants.java b/bramble-api/src/main/java/org/briarproject/bramble/api/transport/TransportConstants.java
index ce2394d74..43e548208 100644
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/transport/TransportConstants.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/transport/TransportConstants.java
@@ -63,14 +63,6 @@ public interface TransportConstants {
 	int MAX_PAYLOAD_LENGTH = MAX_FRAME_LENGTH - FRAME_HEADER_LENGTH
 			- MAC_LENGTH;
 
-	/**
-	 * The minimum stream length in bytes that all transport plugins must
-	 * support. Streams may be shorter than this length, but all transport
-	 * plugins must support streams of at least this length.
-	 */
-	int MIN_STREAM_LENGTH = STREAM_HEADER_LENGTH + FRAME_HEADER_LENGTH
-			+ MAC_LENGTH;
-
 	/**
 	 * The maximum difference in milliseconds between two peers' clocks.
 	 */
@@ -81,6 +73,26 @@ public interface TransportConstants {
 	 */
 	int REORDERING_WINDOW_SIZE = 32;
 
+	/**
+	 * Label for deriving the static master key from handshake key pairs.
+	 */
+	String STATIC_MASTER_KEY_LABEL =
+			"org.briarproject.bramble.transport/STATIC_MASTER_KEY";
+
+	/**
+	 * Label for deriving the handshake mode root key for a pending contact
+	 * from the static master key.
+	 */
+	String PENDING_CONTACT_ROOT_KEY_LABEL =
+			"org.briarproject.bramble.transport/PENDING_CONTACT_ROOT_KEY";
+
+	/**
+	 * Label for deriving the handshake mode root key for a contact from the
+	 * static master key.
+	 */
+	String CONTACT_ROOT_KEY_LABEL =
+			"org.briarproject.bramble.transport/CONTACT_ROOT_KEY";
+
 	/**
 	 * Label for deriving Alice's initial tag key from the root key in
 	 * rotation mode.
diff --git a/bramble-core/src/main/java/org/briarproject/bramble/crypto/TransportCryptoImpl.java b/bramble-core/src/main/java/org/briarproject/bramble/crypto/TransportCryptoImpl.java
index fab0c8fcd..aa8d4d665 100644
--- a/bramble-core/src/main/java/org/briarproject/bramble/crypto/TransportCryptoImpl.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/crypto/TransportCryptoImpl.java
@@ -1,6 +1,8 @@
 package org.briarproject.bramble.crypto;
 
 import org.briarproject.bramble.api.crypto.CryptoComponent;
+import org.briarproject.bramble.api.crypto.KeyPair;
+import org.briarproject.bramble.api.crypto.PublicKey;
 import org.briarproject.bramble.api.crypto.SecretKey;
 import org.briarproject.bramble.api.crypto.TransportCrypto;
 import org.briarproject.bramble.api.plugin.TransportId;
@@ -10,9 +12,12 @@ import org.briarproject.bramble.api.transport.TransportKeys;
 import org.spongycastle.crypto.Digest;
 import org.spongycastle.crypto.digests.Blake2bDigest;
 
+import java.security.GeneralSecurityException;
+
 import javax.inject.Inject;
 
 import static java.lang.System.arraycopy;
+import static org.briarproject.bramble.api.Bytes.compare;
 import static org.briarproject.bramble.api.transport.TransportConstants.ALICE_HANDSHAKE_HEADER_LABEL;
 import static org.briarproject.bramble.api.transport.TransportConstants.ALICE_HANDSHAKE_TAG_LABEL;
 import static org.briarproject.bramble.api.transport.TransportConstants.ALICE_HEADER_LABEL;
@@ -21,7 +26,10 @@ import static org.briarproject.bramble.api.transport.TransportConstants.BOB_HAND
 import static org.briarproject.bramble.api.transport.TransportConstants.BOB_HANDSHAKE_TAG_LABEL;
 import static org.briarproject.bramble.api.transport.TransportConstants.BOB_HEADER_LABEL;
 import static org.briarproject.bramble.api.transport.TransportConstants.BOB_TAG_LABEL;
+import static org.briarproject.bramble.api.transport.TransportConstants.CONTACT_ROOT_KEY_LABEL;
+import static org.briarproject.bramble.api.transport.TransportConstants.PENDING_CONTACT_ROOT_KEY_LABEL;
 import static org.briarproject.bramble.api.transport.TransportConstants.ROTATE_LABEL;
+import static org.briarproject.bramble.api.transport.TransportConstants.STATIC_MASTER_KEY_LABEL;
 import static org.briarproject.bramble.api.transport.TransportConstants.TAG_LENGTH;
 import static org.briarproject.bramble.util.ByteUtils.INT_16_BYTES;
 import static org.briarproject.bramble.util.ByteUtils.INT_64_BYTES;
@@ -40,6 +48,28 @@ class TransportCryptoImpl implements TransportCrypto {
 		this.crypto = crypto;
 	}
 
+	@Override
+	public SecretKey deriveStaticMasterKey(PublicKey theirHandshakePublicKey,
+			KeyPair ourHandshakeKeyPair) throws GeneralSecurityException {
+		byte[] theirPublic = theirHandshakePublicKey.getEncoded();
+		byte[] ourPublic = ourHandshakeKeyPair.getPublic().getEncoded();
+		boolean alice = compare(ourPublic, theirPublic) < 0;
+		byte[][] inputs = {
+			alice ? ourPublic : theirPublic,
+			alice ? theirPublic : ourPublic
+		};
+		return crypto.deriveSharedSecret(STATIC_MASTER_KEY_LABEL,
+				theirHandshakePublicKey, ourHandshakeKeyPair, inputs);
+	}
+
+	@Override
+	public SecretKey deriveHandshakeRootKey(SecretKey staticMasterKey,
+			boolean pendingContact) {
+		String label = pendingContact ?
+				PENDING_CONTACT_ROOT_KEY_LABEL : CONTACT_ROOT_KEY_LABEL;
+		return crypto.deriveKey(label, staticMasterKey);
+	}
+
 	@Override
 	public TransportKeys deriveRotationKeys(TransportId t,
 			SecretKey rootKey, long timePeriod, boolean weAreAlice,