Calculate and verify signature and MAC for Introduction ACKs

Before the introducee sends her ACK, she derives a master key from the ephemeral shared secret as before. Two nonces and a MAC key are then derived from the master key. The local introducee signs one of the nonces and calculates a MAC over her own identity public key, ephemeral public key, transport properties and timestamp. The local introducee includes the signature and MAC in her ACK. On receiving the remote introducee's ACK, the local introducee verifies the signature and MAC. Should the verification fail, an ABORT is sent to the introducer and the remote introducee that was added as inactive is deleted again.
2026-02-14 03:39:05 +01:00 · 2016-08-26 16:37:02 -03:00
parent 7db0e4472a
commit fc5a7290e3
11 changed files with 394 additions and 212 deletions
--- a/briar-api/src/org/briarproject/api/contact/ContactManager.java
+++ b/briar-api/src/org/briarproject/api/contact/ContactManager.java
@@ -41,8 +41,12 @@ public interface ContactManager {
 	/** Removes a contact and all associated state. */
 	void removeContact(ContactId c) throws DbException;

+	/** Removes a contact and all associated state. */
+	void removeContact(Transaction txn, ContactId c) throws DbException;
+
 	/** Marks a contact as active or inactive. */
-	void setContactActive(ContactId c, boolean active) throws DbException;
+	void setContactActive(Transaction txn, ContactId c, boolean active)
+			throws DbException;

 	/** Return true if a contact with this name and public key already exists */
 	boolean contactExists(Transaction txn, AuthorId remoteAuthorId,
--- a/briar-api/src/org/briarproject/api/crypto/CryptoComponent.java
+++ b/briar-api/src/org/briarproject/api/crypto/CryptoComponent.java
@@ -43,6 +43,12 @@ public interface CryptoComponent {
 	 */
 	SecretKey deriveHeaderKey(SecretKey master, boolean alice);

+	/**
+	 * Derives a message authentication code key from the given master secret.
+	 * @param alice whether the key is for use by Alice or Bob.
+	 */
+	SecretKey deriveMacKey(SecretKey master, boolean alice);
+
 	/**
 	 * Derives a nonce from the given master secret for one of the parties to
 	 * sign.
--- a/briar-api/src/org/briarproject/api/introduction/IntroductionConstants.java
+++ b/briar-api/src/org/briarproject/api/introduction/IntroductionConstants.java
@@ -29,6 +29,9 @@ public interface IntroductionConstants {
 	String MAC = "mac";
 	String SIGNATURE = "signature";

+	/* Validation Constants */
+	int MAC_LENGTH = 32;
+
 	/* Introducer Local State Metadata */
 	String STATE = "state";
 	String ROLE = "role";
@@ -61,6 +64,11 @@ public interface IntroductionConstants {
 	String EXISTS = "contactExists";
 	String REMOTE_AUTHOR_IS_US = "remoteAuthorIsUs";
 	String ANSWERED = "answered";
+	String NONCE = "nonce";
+	String MAC_KEY = "macKey";
+	String OUR_TRANSPORT = "ourTransport";
+	String OUR_MAC = "ourMac";
+	String OUR_SIGNATURE = "ourSignature";

 	String TASK = "task";
 	int TASK_ADD_CONTACT = 0;