Reject old timestamps when deriving rotation mode keys.

bramble-api/src/main/java/org/briarproject/bramble/api/crypto/SecretKey.java

@@ -1,23 +1,19 @@
 package org.briarproject.bramble.api.crypto;
 
+import org.briarproject.bramble.api.Bytes;
+
 /**
  * A secret key used for encryption and/or authentication.
  */
-public class SecretKey {
+public class SecretKey extends Bytes {
 
 	/**
 	 * The length of a secret key in bytes.
 	 */
 	public static final int LENGTH = 32;
 
-	private final byte[] key;
-
 	public SecretKey(byte[] key) {
+		super(key);
 		if (key.length != LENGTH) throw new IllegalArgumentException();
-		this.key = key;
-	}
-
-	public byte[] getBytes() {
-		return key;
 	}
 }

bramble-api/src/main/java/org/briarproject/bramble/api/lifecycle/LifecycleManager.java

@@ -5,6 +5,7 @@ import org.briarproject.bramble.api.db.DatabaseComponent;
 import org.briarproject.bramble.api.db.DbException;
 import org.briarproject.bramble.api.db.Transaction;
 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
+import org.briarproject.bramble.api.system.Clock;
 import org.briarproject.bramble.api.system.Wakeful;
 
 import java.util.concurrent.ExecutorService;
@@ -30,26 +31,6 @@ public interface LifecycleManager {
 		SUCCESS
 	}
 
-	/**
-	 * The minimum reasonable value for the system clock, in milliseconds
-	 * since the Unix epoch. {@link #startServices(SecretKey)} will return
-	 * {@link StartResult#CLOCK_ERROR} if the system clock reports an earlier
-	 * time.
-	 * <p/>
-	 * 1 Jan 2021, 00:00:00 UTC
-	 */
-	long MIN_REASONABLE_TIME_MS = 1_609_459_200_000L;
-
-	/**
-	 * The maximum reasonable value for the system clock, in milliseconds
-	 * since the Unix epoch. {@link #startServices(SecretKey)} will return
-	 * {@link StartResult#CLOCK_ERROR} if the system clock reports a later
-	 * time.
-	 * <p/>
-	 * 1 Jan 2121, 00:00:00 UTC
-	 */
-	long MAX_REASONABLE_TIME_MS = 4_765_132_800_000L;
-
 	/**
 	 * The state the lifecycle can be in.
 	 * Returned by {@link #getLifecycleState()}
@@ -86,6 +67,10 @@ public interface LifecycleManager {
 	/**
 	 * Opens the {@link DatabaseComponent} using the given key and starts any
 	 * registered {@link Service Services}.
+	 *
+	 * @return {@link StartResult#CLOCK_ERROR} if the system clock is earlier
+	 * than {@link Clock#MIN_REASONABLE_TIME_MS} or later than
+	 * {@link Clock#MAX_REASONABLE_TIME_MS}.
 	 */
 	@Wakeful
 	StartResult startServices(SecretKey dbKey);

bramble-api/src/main/java/org/briarproject/bramble/api/system/Clock.java

@@ -6,6 +6,22 @@ package org.briarproject.bramble.api.system;
  */
 public interface Clock {
 
+	/**
+	 * The minimum reasonable value for the system clock, in milliseconds
+	 * since the Unix epoch.
+	 * <p/>
+	 * 1 Jan 2021, 00:00:00 UTC
+	 */
+	long MIN_REASONABLE_TIME_MS = 1_609_459_200_000L;
+
+	/**
+	 * The maximum reasonable value for the system clock, in milliseconds
+	 * since the Unix epoch.
+	 * <p/>
+	 * 1 Jan 2121, 00:00:00 UTC
+	 */
+	long MAX_REASONABLE_TIME_MS = 4_765_132_800_000L;
+
 	/**
 	 * @see System#currentTimeMillis()
 	 */

bramble-api/src/test/java/org/briarproject/bramble/test/TestUtils.java

@@ -163,10 +163,15 @@ public class TestUtils {
 
 	public static Message getMessage(GroupId groupId) {
 		int bodyLength = 1 + random.nextInt(MAX_MESSAGE_BODY_LENGTH);
-		return getMessage(groupId, bodyLength);
+		return getMessage(groupId, bodyLength, timestamp);
 	}
 
 	public static Message getMessage(GroupId groupId, int bodyLength) {
+		return getMessage(groupId, bodyLength, timestamp);
+	}
+
+	public static Message getMessage(GroupId groupId, int bodyLength,
+			long timestamp) {
 		MessageId id = new MessageId(getRandomId());
 		byte[] body = getRandomBytes(bodyLength);
 		return new Message(id, groupId, timestamp, body);