Fix master secret/master key/root key terminology.

In the key agreement, contact exchange and introduction protocols we
refer to the master key. In the transport protocol we refer to the root
key. When adding a contact in person, the key agreement protocol's
master key is used as the transport root key. When a contact is
introduced, the introduction protocol's master key is used as the
transport root key.

bramble-core/src/main/java/org/briarproject/bramble/contact/ContactExchangeTaskImpl.java

@@ -77,7 +77,7 @@ class ContactExchangeTaskImpl extends Thread implements ContactExchangeTask {
 	private volatile LocalAuthor localAuthor;
 	private volatile DuplexTransportConnection conn;
 	private volatile TransportId transportId;
-	private volatile SecretKey masterSecret;
+	private volatile SecretKey masterKey;
 	private volatile boolean alice;
 
 	@Inject
@@ -104,13 +104,13 @@ class ContactExchangeTaskImpl extends Thread implements ContactExchangeTask {
 	}
 
 	@Override
-	public void startExchange(LocalAuthor localAuthor, SecretKey masterSecret,
+	public void startExchange(LocalAuthor localAuthor, SecretKey masterKey,
 			DuplexTransportConnection conn, TransportId transportId,
 			boolean alice) {
 		this.localAuthor = localAuthor;
 		this.conn = conn;
 		this.transportId = transportId;
-		this.masterSecret = masterSecret;
+		this.masterKey = masterKey;
 		this.alice = alice;
 		start();
 	}
@@ -142,9 +142,9 @@ class ContactExchangeTaskImpl extends Thread implements ContactExchangeTask {
 		}
 
 		// Derive the header keys for the transport streams
-		SecretKey aliceHeaderKey = crypto.deriveKey(ALICE_KEY_LABEL,
-				masterSecret, new byte[] {PROTOCOL_VERSION});
-		SecretKey bobHeaderKey = crypto.deriveKey(BOB_KEY_LABEL, masterSecret,
+		SecretKey aliceHeaderKey = crypto.deriveKey(ALICE_KEY_LABEL, masterKey,
+				new byte[] {PROTOCOL_VERSION});
+		SecretKey bobHeaderKey = crypto.deriveKey(BOB_KEY_LABEL, masterKey,
 				new byte[] {PROTOCOL_VERSION});
 
 		// Create the readers
@@ -163,9 +163,9 @@ class ContactExchangeTaskImpl extends Thread implements ContactExchangeTask {
 						.createRecordWriter(streamWriter.getOutputStream());
 
 		// Derive the nonces to be signed
-		byte[] aliceNonce = crypto.mac(ALICE_NONCE_LABEL, masterSecret,
+		byte[] aliceNonce = crypto.mac(ALICE_NONCE_LABEL, masterKey,
 				new byte[] {PROTOCOL_VERSION});
-		byte[] bobNonce = crypto.mac(BOB_NONCE_LABEL, masterSecret,
+		byte[] bobNonce = crypto.mac(BOB_NONCE_LABEL, masterKey,
 				new byte[] {PROTOCOL_VERSION});
 		byte[] localNonce = alice ? aliceNonce : bobNonce;
 		byte[] remoteNonce = alice ? bobNonce : aliceNonce;
@@ -293,7 +293,7 @@ class ContactExchangeTaskImpl extends Thread implements ContactExchangeTask {
 			throws DbException {
 		return db.transactionWithResult(false, txn -> {
 			ContactId contactId = contactManager.addContact(txn, remoteAuthor,
-					localAuthor.getId(), masterSecret, timestamp, alice,
+					localAuthor.getId(), masterKey, timestamp, alice,
 					true, true);
 			transportPropertyManager.addRemoteProperties(txn, contactId,
 					remoteProperties);

bramble-core/src/main/java/org/briarproject/bramble/contact/ContactManagerImpl.java

@@ -69,10 +69,10 @@ class ContactManagerImpl implements ContactManager {
 
 	@Override
 	public ContactId addContact(Transaction txn, Author remote, AuthorId local,
-			SecretKey master, long timestamp, boolean alice, boolean verified,
+			SecretKey rootKey, long timestamp, boolean alice, boolean verified,
 			boolean active) throws DbException {
 		ContactId c = db.addContact(txn, remote, local, verified, active);
-		keyManager.addContact(txn, c, master, timestamp, alice, active);
+		keyManager.addContact(txn, c, rootKey, timestamp, alice, active);
 		Contact contact = db.getContact(txn, c);
 		for (ContactHook hook : hooks) hook.addingContact(txn, contact);
 		return c;
@@ -88,11 +88,11 @@ class ContactManagerImpl implements ContactManager {
 	}
 
 	@Override
-	public ContactId addContact(Author remote, AuthorId local, SecretKey master,
-			long timestamp, boolean alice, boolean verified, boolean active)
-			throws DbException {
+	public ContactId addContact(Author remote, AuthorId local,
+			SecretKey rootKey, long timestamp, boolean alice, boolean verified,
+			boolean active) throws DbException {
 		return db.transactionWithResult(false, txn ->
-				addContact(txn, remote, local, master, timestamp, alice,
+				addContact(txn, remote, local, rootKey, timestamp, alice,
 						verified, active));
 	}
 

bramble-core/src/main/java/org/briarproject/bramble/crypto/TransportCryptoImpl.java

@@ -43,12 +43,12 @@ class TransportCryptoImpl implements TransportCrypto {
 
 	@Override
 	public TransportKeys deriveTransportKeys(TransportId t,
-			SecretKey master, long timePeriod, boolean alice, boolean active) {
-		// Keys for the previous period are derived from the master secret
-		SecretKey inTagPrev = deriveTagKey(master, t, !alice);
-		SecretKey inHeaderPrev = deriveHeaderKey(master, t, !alice);
-		SecretKey outTagPrev = deriveTagKey(master, t, alice);
-		SecretKey outHeaderPrev = deriveHeaderKey(master, t, alice);
+			SecretKey rootKey, long timePeriod, boolean alice, boolean active) {
+		// Keys for the previous period are derived from the root key
+		SecretKey inTagPrev = deriveTagKey(rootKey, t, !alice);
+		SecretKey inHeaderPrev = deriveHeaderKey(rootKey, t, !alice);
+		SecretKey outTagPrev = deriveTagKey(rootKey, t, alice);
+		SecretKey outHeaderPrev = deriveHeaderKey(rootKey, t, alice);
 		// Derive the keys for the current and next periods
 		SecretKey inTagCurr = rotateKey(inTagPrev, timePeriod);
 		SecretKey inHeaderCurr = rotateKey(inHeaderPrev, timePeriod);
@@ -70,8 +70,7 @@ class TransportCryptoImpl implements TransportCrypto {
 	}
 
 	@Override
-	public TransportKeys rotateTransportKeys(TransportKeys k,
-			long timePeriod) {
+	public TransportKeys rotateTransportKeys(TransportKeys k, long timePeriod) {
 		if (k.getTimePeriod() >= timePeriod) return k;
 		IncomingKeys inPrev = k.getPreviousIncomingKeys();
 		IncomingKeys inCurr = k.getCurrentIncomingKeys();
@@ -101,18 +100,18 @@ class TransportCryptoImpl implements TransportCrypto {
 		return crypto.deriveKey(ROTATE_LABEL, k, period);
 	}
 
-	private SecretKey deriveTagKey(SecretKey master, TransportId t,
+	private SecretKey deriveTagKey(SecretKey rootKey, TransportId t,
 			boolean alice) {
 		String label = alice ? ALICE_TAG_LABEL : BOB_TAG_LABEL;
 		byte[] id = toUtf8(t.getString());
-		return crypto.deriveKey(label, master, id);
+		return crypto.deriveKey(label, rootKey, id);
 	}
 
-	private SecretKey deriveHeaderKey(SecretKey master, TransportId t,
+	private SecretKey deriveHeaderKey(SecretKey rootKey, TransportId t,
 			boolean alice) {
 		String label = alice ? ALICE_HEADER_LABEL : BOB_HEADER_LABEL;
 		byte[] id = toUtf8(t.getString());
-		return crypto.deriveKey(label, master, id);
+		return crypto.deriveKey(label, rootKey, id);
 	}
 
 	@Override
@@ -146,23 +145,23 @@ class TransportCryptoImpl implements TransportCrypto {
 		return new OutgoingKeys(tag, header, timePeriod, true);
 	}
 
-	private SecretKey deriveStaticTagKey(TransportId t, SecretKey root,
+	private SecretKey deriveStaticTagKey(TransportId t, SecretKey rootKey,
 			boolean alice, long timePeriod) {
 		String label = alice ? ALICE_STATIC_TAG_LABEL : BOB_STATIC_TAG_LABEL;
 		byte[] id = toUtf8(t.getString());
 		byte[] period = new byte[INT_64_BYTES];
 		writeUint64(timePeriod, period, 0);
-		return crypto.deriveKey(label, root, id, period);
+		return crypto.deriveKey(label, rootKey, id, period);
 	}
 
-	private SecretKey deriveStaticHeaderKey(TransportId t, SecretKey root,
+	private SecretKey deriveStaticHeaderKey(TransportId t, SecretKey rootKey,
 			boolean alice, long timePeriod) {
 		String label =
 				alice ? ALICE_STATIC_HEADER_LABEL : BOB_STATIC_HEADER_LABEL;
 		byte[] id = toUtf8(t.getString());
 		byte[] period = new byte[INT_64_BYTES];
 		writeUint64(timePeriod, period, 0);
-		return crypto.deriveKey(label, root, id, period);
+		return crypto.deriveKey(label, rootKey, id, period);
 	}
 
 	@Override

bramble-core/src/main/java/org/briarproject/bramble/keyagreement/KeyAgreementProtocol.java

@@ -14,7 +14,7 @@ import java.io.IOException;
 import java.security.GeneralSecurityException;
 import java.util.Arrays;
 
-import static org.briarproject.bramble.api.keyagreement.KeyAgreementConstants.MASTER_SECRET_LABEL;
+import static org.briarproject.bramble.api.keyagreement.KeyAgreementConstants.MASTER_KEY_LABEL;
 import static org.briarproject.bramble.api.keyagreement.KeyAgreementConstants.PROTOCOL_VERSION;
 import static org.briarproject.bramble.api.keyagreement.KeyAgreementConstants.SHARED_SECRET_LABEL;
 
@@ -90,7 +90,7 @@ class KeyAgreementProtocol {
 	/**
 	 * Perform the BQP protocol.
 	 *
-	 * @return the negotiated master secret.
+	 * @return the negotiated master key.
 	 * @throws AbortException when the protocol may have been tampered with.
 	 * @throws IOException for all other other connection errors.
 	 */
@@ -115,7 +115,7 @@ class KeyAgreementProtocol {
 				receiveConfirm(s, theirPublicKey);
 				sendConfirm(s, theirPublicKey);
 			}
-			return crypto.deriveKey(MASTER_SECRET_LABEL, s);
+			return crypto.deriveKey(MASTER_KEY_LABEL, s);
 		} catch (AbortException e) {
 			sendAbort(e.getCause() != null);
 			throw e;

bramble-core/src/main/java/org/briarproject/bramble/keyagreement/KeyAgreementTaskImpl.java

@@ -114,9 +114,9 @@ class KeyAgreementTaskImpl extends Thread implements KeyAgreementTask,
 				keyAgreementCrypto, payloadEncoder, transport, remotePayload,
 				localPayload, localKeyPair, alice);
 		try {
-			SecretKey master = protocol.perform();
+			SecretKey masterKey = protocol.perform();
 			KeyAgreementResult result =
-					new KeyAgreementResult(master, transport.getConnection(),
+					new KeyAgreementResult(masterKey, transport.getConnection(),
 							transport.getTransportId(), alice);
 			LOG.info("Finished BQP protocol");
 			// Broadcast result to caller

bramble-core/src/main/java/org/briarproject/bramble/transport/KeyManagerImpl.java

@@ -96,13 +96,13 @@ class KeyManagerImpl implements KeyManager, Service, EventListener {
 
 	@Override
 	public Map<TransportId, KeySetId> addContact(Transaction txn, ContactId c,
-			SecretKey master, long timestamp, boolean alice, boolean active)
+			SecretKey rootKey, long timestamp, boolean alice, boolean active)
 			throws DbException {
 		Map<TransportId, KeySetId> ids = new HashMap<>();
 		for (Entry<TransportId, TransportKeyManager> e : managers.entrySet()) {
 			TransportId t = e.getKey();
 			TransportKeyManager m = e.getValue();
-			ids.put(t, m.addContact(txn, c, master, timestamp, alice, active));
+			ids.put(t, m.addContact(txn, c, rootKey, timestamp, alice, active));
 		}
 		return ids;
 	}

bramble-core/src/main/java/org/briarproject/bramble/transport/TransportKeyManager.java

@@ -15,7 +15,7 @@ interface TransportKeyManager {
 
 	void start(Transaction txn) throws DbException;
 
-	KeySetId addContact(Transaction txn, ContactId c, SecretKey master,
+	KeySetId addContact(Transaction txn, ContactId c, SecretKey rootKey,
 			long timestamp, boolean alice, boolean active) throws DbException;
 
 	void activateKeys(Transaction txn, KeySetId k) throws DbException;

bramble-core/src/main/java/org/briarproject/bramble/transport/TransportKeyManagerImpl.java

@@ -170,7 +170,7 @@ class TransportKeyManagerImpl implements TransportKeyManager {
 	}
 
 	@Override
-	public KeySetId addContact(Transaction txn, ContactId c, SecretKey master,
+	public KeySetId addContact(Transaction txn, ContactId c, SecretKey rootKey,
 			long timestamp, boolean alice, boolean active) throws DbException {
 		lock.lock();
 		try {
@@ -178,7 +178,7 @@ class TransportKeyManagerImpl implements TransportKeyManager {
 			long timePeriod = timestamp / timePeriodLength;
 			// Derive the transport keys
 			TransportKeys k = transportCrypto.deriveTransportKeys(transportId,
-					master, timePeriod, alice, active);
+					rootKey, timePeriod, alice, active);
 			// Rotate the keys to the current time period if necessary
 			timePeriod = clock.currentTimeMillis() / timePeriodLength;
 			k = transportCrypto.rotateTransportKeys(k, timePeriod);