Calculate and verify signature and MAC for Introduction ACKs

Before the introducee sends her ACK, she derives a master key from the ephemeral shared secret as before. Two nonces and a MAC key are then derived from the master key. The local introducee signs one of the nonces and calculates a MAC over her own identity public key, ephemeral public key, transport properties and timestamp. The local introducee includes the signature and MAC in her ACK. On receiving the remote introducee's ACK, the local introducee verifies the signature and MAC. Should the verification fail, an ABORT is sent to the introducer and the remote introducee that was added as inactive is deleted again.
2026-02-14 03:39:05 +01:00 · 2016-08-26 16:37:02 -03:00
parent 7db0e4472a
commit fc5a7290e3
11 changed files with 394 additions and 212 deletions
--- a/briar-api/src/org/briarproject/api/crypto/CryptoComponent.java
+++ b/briar-api/src/org/briarproject/api/crypto/CryptoComponent.java
@@ -43,6 +43,12 @@ public interface CryptoComponent {
 	 */
 	SecretKey deriveHeaderKey(SecretKey master, boolean alice);

+	/**
+	 * Derives a message authentication code key from the given master secret.
+	 * @param alice whether the key is for use by Alice or Bob.
+	 */
+	SecretKey deriveMacKey(SecretKey master, boolean alice);
+
 	/**
 	 * Derives a nonce from the given master secret for one of the parties to
 	 * sign.