From fccf735a8905e7c09683e95ede6c9ccf984e9973 Mon Sep 17 00:00:00 2001
From: akwizgran <michael@briarproject.org>
Date: Wed, 10 Apr 2019 15:18:26 +0100
Subject: [PATCH] Add unit tests for static key derivation.

---
 .../bramble/api/crypto/TransportCrypto.java   |   4 +-
 .../bramble/crypto/TransportCryptoImpl.java   |   6 +-
 .../bramble/crypto/KeyDerivationTest.java     | 168 -----------------
 .../crypto/KeyDerivationTestUtils.java        |  45 +++++
 .../StaticTransportKeyDerivationTest.java     | 172 ++++++++++++++++++
 .../crypto/TransportKeyDerivationTest.java    | 167 +++++++++++++++++
 6 files changed, 389 insertions(+), 173 deletions(-)
 delete mode 100644 bramble-core/src/test/java/org/briarproject/bramble/crypto/KeyDerivationTest.java
 create mode 100644 bramble-core/src/test/java/org/briarproject/bramble/crypto/KeyDerivationTestUtils.java
 create mode 100644 bramble-core/src/test/java/org/briarproject/bramble/crypto/StaticTransportKeyDerivationTest.java
 create mode 100644 bramble-core/src/test/java/org/briarproject/bramble/crypto/TransportKeyDerivationTest.java

diff --git a/bramble-api/src/main/java/org/briarproject/bramble/api/crypto/TransportCrypto.java b/bramble-api/src/main/java/org/briarproject/bramble/api/crypto/TransportCrypto.java
index a984a5c6f..60972619b 100644
--- a/bramble-api/src/main/java/org/briarproject/bramble/api/crypto/TransportCrypto.java
+++ b/bramble-api/src/main/java/org/briarproject/bramble/api/crypto/TransportCrypto.java
@@ -33,14 +33,14 @@ public interface TransportCrypto {
 	 * @param alice whether the keys are for use by Alice or Bob.
 	 */
 	StaticTransportKeys deriveStaticTransportKeys(TransportId t,
-			SecretKey rootKey, boolean alice, long timePeriod);
+			SecretKey rootKey, long timePeriod, boolean alice);
 
 	/**
 	 * Updates the given static transport keys to the given time period. If
 	 * the keys are for the given period or any later period they are not
 	 * updated.
 	 */
-	StaticTransportKeys updateTransportKeys(StaticTransportKeys k,
+	StaticTransportKeys updateStaticTransportKeys(StaticTransportKeys k,
 			long timePeriod);
 
 	/**
diff --git a/bramble-core/src/main/java/org/briarproject/bramble/crypto/TransportCryptoImpl.java b/bramble-core/src/main/java/org/briarproject/bramble/crypto/TransportCryptoImpl.java
index 350fd2257..9f6ea73e8 100644
--- a/bramble-core/src/main/java/org/briarproject/bramble/crypto/TransportCryptoImpl.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/crypto/TransportCryptoImpl.java
@@ -116,7 +116,7 @@ class TransportCryptoImpl implements TransportCrypto {
 
 	@Override
 	public StaticTransportKeys deriveStaticTransportKeys(TransportId t,
-			SecretKey rootKey, boolean alice, long timePeriod) {
+			SecretKey rootKey, long timePeriod, boolean alice) {
 		if (timePeriod < 1) throw new IllegalArgumentException();
 		IncomingKeys inPrev = deriveStaticIncomingKeys(t, rootKey, alice,
 				timePeriod - 1);
@@ -165,7 +165,7 @@ class TransportCryptoImpl implements TransportCrypto {
 	}
 
 	@Override
-	public StaticTransportKeys updateTransportKeys(StaticTransportKeys k,
+	public StaticTransportKeys updateStaticTransportKeys(StaticTransportKeys k,
 			long timePeriod) {
 		long elapsed = timePeriod - k.getTimePeriod();
 		TransportId t = k.getTransportId();
@@ -197,7 +197,7 @@ class TransportCryptoImpl implements TransportCrypto {
 					rootKey, alice);
 		} else {
 			// The keys are more than two periods old - derive fresh keys
-			return deriveStaticTransportKeys(t, rootKey, alice, timePeriod);
+			return deriveStaticTransportKeys(t, rootKey, timePeriod, alice);
 		}
 	}
 
diff --git a/bramble-core/src/test/java/org/briarproject/bramble/crypto/KeyDerivationTest.java b/bramble-core/src/test/java/org/briarproject/bramble/crypto/KeyDerivationTest.java
deleted file mode 100644
index 33c13753b..000000000
--- a/bramble-core/src/test/java/org/briarproject/bramble/crypto/KeyDerivationTest.java
+++ /dev/null
@@ -1,168 +0,0 @@
-package org.briarproject.bramble.crypto;
-
-import org.briarproject.bramble.api.Bytes;
-import org.briarproject.bramble.api.crypto.CryptoComponent;
-import org.briarproject.bramble.api.crypto.SecretKey;
-import org.briarproject.bramble.api.crypto.TransportCrypto;
-import org.briarproject.bramble.api.plugin.TransportId;
-import org.briarproject.bramble.api.transport.TransportKeys;
-import org.briarproject.bramble.test.BrambleTestCase;
-import org.briarproject.bramble.test.TestSecureRandomProvider;
-import org.junit.Test;
-
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-
-import static org.briarproject.bramble.test.TestUtils.getSecretKey;
-import static org.briarproject.bramble.test.TestUtils.getTransportId;
-import static org.junit.Assert.assertArrayEquals;
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertNotEquals;
-import static org.junit.Assert.assertTrue;
-
-public class KeyDerivationTest extends BrambleTestCase {
-
-	private final CryptoComponent crypto =
-			new CryptoComponentImpl(new TestSecureRandomProvider(), null);
-	private final TransportCrypto transportCrypto =
-			new TransportCryptoImpl(crypto);
-	private final TransportId transportId = getTransportId();
-	private final SecretKey rootKey = getSecretKey();
-
-	@Test
-	public void testKeysAreDistinct() {
-		TransportKeys k = transportCrypto.deriveTransportKeys(transportId,
-				rootKey, 123, true, true);
-		assertAllDifferent(k);
-	}
-
-	@Test
-	public void testCurrentKeysMatchCurrentKeysOfContact() {
-		// Start in time period 123
-		TransportKeys kA = transportCrypto.deriveTransportKeys(transportId,
-				rootKey, 123, true, true);
-		TransportKeys kB = transportCrypto.deriveTransportKeys(transportId,
-				rootKey, 123, false, true);
-		// Alice's incoming keys should equal Bob's outgoing keys
-		assertArrayEquals(kA.getCurrentIncomingKeys().getTagKey().getBytes(),
-				kB.getCurrentOutgoingKeys().getTagKey().getBytes());
-		assertArrayEquals(kA.getCurrentIncomingKeys().getHeaderKey().getBytes(),
-				kB.getCurrentOutgoingKeys().getHeaderKey().getBytes());
-		// Alice's outgoing keys should equal Bob's incoming keys
-		assertArrayEquals(kA.getCurrentOutgoingKeys().getTagKey().getBytes(),
-				kB.getCurrentIncomingKeys().getTagKey().getBytes());
-		assertArrayEquals(kA.getCurrentOutgoingKeys().getHeaderKey().getBytes(),
-				kB.getCurrentIncomingKeys().getHeaderKey().getBytes());
-		// Rotate into the future
-		kA = transportCrypto.rotateTransportKeys(kA, 456);
-		kB = transportCrypto.rotateTransportKeys(kB, 456);
-		// Alice's incoming keys should equal Bob's outgoing keys
-		assertArrayEquals(kA.getCurrentIncomingKeys().getTagKey().getBytes(),
-				kB.getCurrentOutgoingKeys().getTagKey().getBytes());
-		assertArrayEquals(kA.getCurrentIncomingKeys().getHeaderKey().getBytes(),
-				kB.getCurrentOutgoingKeys().getHeaderKey().getBytes());
-		// Alice's outgoing keys should equal Bob's incoming keys
-		assertArrayEquals(kA.getCurrentOutgoingKeys().getTagKey().getBytes(),
-				kB.getCurrentIncomingKeys().getTagKey().getBytes());
-		assertArrayEquals(kA.getCurrentOutgoingKeys().getHeaderKey().getBytes(),
-				kB.getCurrentIncomingKeys().getHeaderKey().getBytes());
-	}
-
-	@Test
-	public void testPreviousKeysMatchPreviousKeysOfContact() {
-		// Start in time period 123
-		TransportKeys kA = transportCrypto.deriveTransportKeys(transportId,
-				rootKey, 123, true, true);
-		TransportKeys kB = transportCrypto.deriveTransportKeys(transportId,
-				rootKey, 123, false, true);
-		// Compare Alice's previous keys in period 456 with Bob's current keys
-		// in period 455
-		kA = transportCrypto.rotateTransportKeys(kA, 456);
-		kB = transportCrypto.rotateTransportKeys(kB, 455);
-		// Alice's previous incoming keys should equal Bob's outgoing keys
-		assertArrayEquals(kA.getPreviousIncomingKeys().getTagKey().getBytes(),
-				kB.getCurrentOutgoingKeys().getTagKey().getBytes());
-		assertArrayEquals(
-				kA.getPreviousIncomingKeys().getHeaderKey().getBytes(),
-				kB.getCurrentOutgoingKeys().getHeaderKey().getBytes());
-		// Compare Alice's current keys in period 456 with Bob's previous keys
-		// in period 457
-		kB = transportCrypto.rotateTransportKeys(kB, 457);
-		// Alice's outgoing keys should equal Bob's previous incoming keys
-		assertArrayEquals(kA.getCurrentOutgoingKeys().getTagKey().getBytes(),
-				kB.getPreviousIncomingKeys().getTagKey().getBytes());
-		assertArrayEquals(kA.getCurrentOutgoingKeys().getHeaderKey().getBytes(),
-				kB.getPreviousIncomingKeys().getHeaderKey().getBytes());
-	}
-
-	@Test
-	public void testNextKeysMatchNextKeysOfContact() {
-		// Start in time period 123
-		TransportKeys kA = transportCrypto.deriveTransportKeys(transportId,
-				rootKey, 123, true, true);
-		TransportKeys kB = transportCrypto.deriveTransportKeys(transportId,
-				rootKey, 123, false, true);
-		// Compare Alice's current keys in period 456 with Bob's next keys in
-		// period 455
-		kA = transportCrypto.rotateTransportKeys(kA, 456);
-		kB = transportCrypto.rotateTransportKeys(kB, 455);
-		// Alice's outgoing keys should equal Bob's next incoming keys
-		assertArrayEquals(kA.getCurrentOutgoingKeys().getTagKey().getBytes(),
-				kB.getNextIncomingKeys().getTagKey().getBytes());
-		assertArrayEquals(kA.getCurrentOutgoingKeys().getHeaderKey().getBytes(),
-				kB.getNextIncomingKeys().getHeaderKey().getBytes());
-		// Compare Alice's next keys in period 456 with Bob's current keys
-		// in period 457
-		kB = transportCrypto.rotateTransportKeys(kB, 457);
-		// Alice's next incoming keys should equal Bob's outgoing keys
-		assertArrayEquals(kA.getNextIncomingKeys().getTagKey().getBytes(),
-				kB.getCurrentOutgoingKeys().getTagKey().getBytes());
-		assertArrayEquals(kA.getNextIncomingKeys().getHeaderKey().getBytes(),
-				kB.getCurrentOutgoingKeys().getHeaderKey().getBytes());
-	}
-
-	@Test
-	public void testRootKeyAffectsOutput() {
-		SecretKey rootKey1 = getSecretKey();
-		assertFalse(Arrays.equals(rootKey.getBytes(), rootKey1.getBytes()));
-		TransportKeys k = transportCrypto.deriveTransportKeys(transportId,
-				rootKey, 123, true, true);
-		TransportKeys k1 = transportCrypto.deriveTransportKeys(transportId,
-				rootKey1, 123, true, true);
-		assertAllDifferent(k, k1);
-	}
-
-	@Test
-	public void testTransportIdAffectsOutput() {
-		TransportId transportId1 = getTransportId();
-		assertNotEquals(transportId.getString(), transportId1.getString());
-		TransportKeys k = transportCrypto.deriveTransportKeys(transportId,
-				rootKey, 123, true, true);
-		TransportKeys k1 = transportCrypto.deriveTransportKeys(transportId1,
-				rootKey, 123, true, true);
-		assertAllDifferent(k, k1);
-	}
-
-	private void assertAllDifferent(TransportKeys... transportKeys) {
-		List<SecretKey> secretKeys = new ArrayList<>();
-		for (TransportKeys k : transportKeys) {
-			secretKeys.add(k.getPreviousIncomingKeys().getTagKey());
-			secretKeys.add(k.getPreviousIncomingKeys().getHeaderKey());
-			secretKeys.add(k.getCurrentIncomingKeys().getTagKey());
-			secretKeys.add(k.getCurrentIncomingKeys().getHeaderKey());
-			secretKeys.add(k.getNextIncomingKeys().getTagKey());
-			secretKeys.add(k.getNextIncomingKeys().getHeaderKey());
-			secretKeys.add(k.getCurrentOutgoingKeys().getTagKey());
-			secretKeys.add(k.getCurrentOutgoingKeys().getHeaderKey());
-		}
-		assertAllDifferent(secretKeys);
-	}
-
-	private void assertAllDifferent(List<SecretKey> keys) {
-		Set<Bytes> set = new HashSet<>();
-		for (SecretKey k : keys) assertTrue(set.add(new Bytes(k.getBytes())));
-	}
-}
diff --git a/bramble-core/src/test/java/org/briarproject/bramble/crypto/KeyDerivationTestUtils.java b/bramble-core/src/test/java/org/briarproject/bramble/crypto/KeyDerivationTestUtils.java
new file mode 100644
index 000000000..470ae5b99
--- /dev/null
+++ b/bramble-core/src/test/java/org/briarproject/bramble/crypto/KeyDerivationTestUtils.java
@@ -0,0 +1,45 @@
+package org.briarproject.bramble.crypto;
+
+import org.briarproject.bramble.api.Bytes;
+import org.briarproject.bramble.api.crypto.SecretKey;
+import org.briarproject.bramble.api.transport.IncomingKeys;
+import org.briarproject.bramble.api.transport.OutgoingKeys;
+import org.briarproject.bramble.api.transport.TransportKeys;
+
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+import static org.junit.Assert.assertArrayEquals;
+import static org.junit.Assert.assertTrue;
+
+class KeyDerivationTestUtils {
+
+	static void assertAllDifferent(TransportKeys... transportKeys) {
+		List<SecretKey> secretKeys = new ArrayList<>();
+		for (TransportKeys k : transportKeys) {
+			secretKeys.add(k.getPreviousIncomingKeys().getTagKey());
+			secretKeys.add(k.getPreviousIncomingKeys().getHeaderKey());
+			secretKeys.add(k.getCurrentIncomingKeys().getTagKey());
+			secretKeys.add(k.getCurrentIncomingKeys().getHeaderKey());
+			secretKeys.add(k.getNextIncomingKeys().getTagKey());
+			secretKeys.add(k.getNextIncomingKeys().getHeaderKey());
+			secretKeys.add(k.getCurrentOutgoingKeys().getTagKey());
+			secretKeys.add(k.getCurrentOutgoingKeys().getHeaderKey());
+		}
+		assertAllDifferent(secretKeys);
+	}
+
+	static void assertAllDifferent(List<SecretKey> keys) {
+		Set<Bytes> set = new HashSet<>();
+		for (SecretKey k : keys) assertTrue(set.add(new Bytes(k.getBytes())));
+	}
+
+	static void assertMatches(IncomingKeys in, OutgoingKeys out) {
+		assertArrayEquals(in.getTagKey().getBytes(),
+				out.getTagKey().getBytes());
+		assertArrayEquals(in.getHeaderKey().getBytes(),
+				out.getHeaderKey().getBytes());
+	}
+}
diff --git a/bramble-core/src/test/java/org/briarproject/bramble/crypto/StaticTransportKeyDerivationTest.java b/bramble-core/src/test/java/org/briarproject/bramble/crypto/StaticTransportKeyDerivationTest.java
new file mode 100644
index 000000000..c4f9a05a2
--- /dev/null
+++ b/bramble-core/src/test/java/org/briarproject/bramble/crypto/StaticTransportKeyDerivationTest.java
@@ -0,0 +1,172 @@
+package org.briarproject.bramble.crypto;
+
+import org.briarproject.bramble.api.crypto.CryptoComponent;
+import org.briarproject.bramble.api.crypto.SecretKey;
+import org.briarproject.bramble.api.crypto.TransportCrypto;
+import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.transport.StaticTransportKeys;
+import org.briarproject.bramble.test.BrambleTestCase;
+import org.briarproject.bramble.test.TestSecureRandomProvider;
+import org.junit.Test;
+
+import java.util.Arrays;
+
+import static org.briarproject.bramble.crypto.KeyDerivationTestUtils.assertAllDifferent;
+import static org.briarproject.bramble.crypto.KeyDerivationTestUtils.assertMatches;
+import static org.briarproject.bramble.test.TestUtils.getSecretKey;
+import static org.briarproject.bramble.test.TestUtils.getTransportId;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotEquals;
+import static org.junit.Assert.assertSame;
+
+public class StaticTransportKeyDerivationTest extends BrambleTestCase {
+
+	private final CryptoComponent crypto =
+			new CryptoComponentImpl(new TestSecureRandomProvider(), null);
+	private final TransportCrypto transportCrypto =
+			new TransportCryptoImpl(crypto);
+	private final TransportId transportId = getTransportId();
+	private final SecretKey rootKey = getSecretKey();
+
+	@Test
+	public void testKeysAreDistinct() {
+		StaticTransportKeys kA = transportCrypto.deriveStaticTransportKeys(
+				transportId, rootKey, 123, true);
+		StaticTransportKeys kB = transportCrypto.deriveStaticTransportKeys(
+				transportId, rootKey, 123, false);
+		assertAllDifferent(kA);
+		assertAllDifferent(kB);
+	}
+
+	@Test
+	public void testKeysAreNotUpdatedToPreviousPeriod() {
+		StaticTransportKeys k = transportCrypto.deriveStaticTransportKeys(
+				transportId, rootKey, 123, true);
+		StaticTransportKeys k1 =
+				transportCrypto.updateStaticTransportKeys(k, 122);
+		assertSame(k, k1);
+	}
+
+	@Test
+	public void testKeysAreNotUpdatedToCurrentPeriod() {
+		StaticTransportKeys k = transportCrypto.deriveStaticTransportKeys(
+				transportId, rootKey, 123, true);
+		StaticTransportKeys k1 =
+				transportCrypto.updateStaticTransportKeys(k, 123);
+		assertSame(k, k1);
+	}
+
+	@Test
+	public void testKeysAreUpdatedByOnePeriod() {
+		StaticTransportKeys k = transportCrypto.deriveStaticTransportKeys(
+				transportId, rootKey, 123, true);
+		StaticTransportKeys k1 =
+				transportCrypto.updateStaticTransportKeys(k, 124);
+		assertSame(k.getCurrentIncomingKeys(), k1.getPreviousIncomingKeys());
+		assertSame(k.getNextIncomingKeys(), k1.getCurrentIncomingKeys());
+	}
+
+	@Test
+	public void testKeysAreUpdatedByTwoPeriods() {
+		StaticTransportKeys k = transportCrypto.deriveStaticTransportKeys(
+				transportId, rootKey, 123, true);
+		StaticTransportKeys k1 =
+				transportCrypto.updateStaticTransportKeys(k, 125);
+		assertSame(k.getNextIncomingKeys(), k1.getPreviousIncomingKeys());
+	}
+
+	@Test
+	public void testKeysAreUpdatedByThreePeriods() {
+		StaticTransportKeys k = transportCrypto.deriveStaticTransportKeys(
+				transportId, rootKey, 123, true);
+		StaticTransportKeys k1 =
+				transportCrypto.updateStaticTransportKeys(k, 126);
+		assertAllDifferent(k, k1);
+	}
+
+	@Test
+	public void testCurrentKeysMatchContact() {
+		// Start in time period 123
+		StaticTransportKeys kA = transportCrypto.deriveStaticTransportKeys(
+				transportId, rootKey, 123, true);
+		StaticTransportKeys kB = transportCrypto.deriveStaticTransportKeys(
+				transportId, rootKey, 123, false);
+		// Alice's incoming keys should equal Bob's outgoing keys
+		assertMatches(kA.getCurrentIncomingKeys(), kB.getCurrentOutgoingKeys());
+		// Bob's incoming keys should equal Alice's outgoing keys
+		assertMatches(kB.getCurrentIncomingKeys(), kA.getCurrentOutgoingKeys());
+		// Update into the future
+		kA = transportCrypto.updateStaticTransportKeys(kA, 456);
+		kB = transportCrypto.updateStaticTransportKeys(kB, 456);
+		// Alice's incoming keys should equal Bob's outgoing keys
+		assertMatches(kA.getCurrentIncomingKeys(), kB.getCurrentOutgoingKeys());
+		// Bob's incoming keys should equal Alice's outgoing keys
+		assertMatches(kB.getCurrentIncomingKeys(), kA.getCurrentOutgoingKeys());
+	}
+
+	@Test
+	public void testPreviousKeysMatchContact() {
+		// Start in time period 123
+		StaticTransportKeys kA = transportCrypto.deriveStaticTransportKeys(
+				transportId, rootKey, 123, true);
+		StaticTransportKeys kB = transportCrypto.deriveStaticTransportKeys(
+				transportId, rootKey, 123, false);
+		// Compare Alice's previous keys in period 456 with Bob's current keys
+		// in period 455
+		kA = transportCrypto.updateStaticTransportKeys(kA, 456);
+		kB = transportCrypto.updateStaticTransportKeys(kB, 455);
+		// Alice's previous incoming keys should equal Bob's current
+		// outgoing keys
+		assertMatches(kA.getPreviousIncomingKeys(),
+				kB.getCurrentOutgoingKeys());
+		// Compare Alice's current keys in period 456 with Bob's previous keys
+		// in period 457
+		kB = transportCrypto.updateStaticTransportKeys(kB, 457);
+		// Bob's previous incoming keys should equal Alice's current
+		// outgoing keys
+		assertMatches(kB.getPreviousIncomingKeys(),
+				kA.getCurrentOutgoingKeys());
+	}
+
+	@Test
+	public void testNextKeysMatchContact() {
+		// Start in time period 123
+		StaticTransportKeys kA = transportCrypto.deriveStaticTransportKeys(
+				transportId, rootKey, 123, true);
+		StaticTransportKeys kB = transportCrypto.deriveStaticTransportKeys(
+				transportId, rootKey, 123, false);
+		// Compare Alice's current keys in period 456 with Bob's next keys in
+		// period 455
+		kA = transportCrypto.updateStaticTransportKeys(kA, 456);
+		kB = transportCrypto.updateStaticTransportKeys(kB, 455);
+		// Bob's next incoming keys should equal Alice's current outgoing keys
+		assertMatches(kB.getNextIncomingKeys(), kA.getCurrentOutgoingKeys());
+		// Compare Alice's next keys in period 456 with Bob's current keys
+		// in period 457
+		kB = transportCrypto.updateStaticTransportKeys(kB, 457);
+		// Alice's next incoming keys should equal Bob's current outgoing keys
+		assertMatches(kA.getNextIncomingKeys(), kB.getCurrentOutgoingKeys());
+	}
+
+	@Test
+	public void testRootKeyAffectsOutput() {
+		SecretKey rootKey1 = getSecretKey();
+		assertFalse(Arrays.equals(rootKey.getBytes(), rootKey1.getBytes()));
+		StaticTransportKeys k = transportCrypto.deriveStaticTransportKeys(
+				transportId, rootKey, 123, true);
+		StaticTransportKeys k1 = transportCrypto.deriveStaticTransportKeys(
+				transportId, rootKey1, 123, true);
+		assertAllDifferent(k, k1);
+	}
+
+	@Test
+	public void testTransportIdAffectsOutput() {
+		TransportId transportId1 = getTransportId();
+		assertNotEquals(transportId.getString(), transportId1.getString());
+		StaticTransportKeys k = transportCrypto.deriveStaticTransportKeys(
+				transportId, rootKey, 123, true);
+		StaticTransportKeys k1 = transportCrypto.deriveStaticTransportKeys(
+				transportId1, rootKey, 123, true);
+		assertAllDifferent(k, k1);
+	}
+}
\ No newline at end of file
diff --git a/bramble-core/src/test/java/org/briarproject/bramble/crypto/TransportKeyDerivationTest.java b/bramble-core/src/test/java/org/briarproject/bramble/crypto/TransportKeyDerivationTest.java
new file mode 100644
index 000000000..bfa031e73
--- /dev/null
+++ b/bramble-core/src/test/java/org/briarproject/bramble/crypto/TransportKeyDerivationTest.java
@@ -0,0 +1,167 @@
+package org.briarproject.bramble.crypto;
+
+import org.briarproject.bramble.api.crypto.CryptoComponent;
+import org.briarproject.bramble.api.crypto.SecretKey;
+import org.briarproject.bramble.api.crypto.TransportCrypto;
+import org.briarproject.bramble.api.plugin.TransportId;
+import org.briarproject.bramble.api.transport.TransportKeys;
+import org.briarproject.bramble.test.BrambleTestCase;
+import org.briarproject.bramble.test.TestSecureRandomProvider;
+import org.junit.Test;
+
+import java.util.Arrays;
+
+import static org.briarproject.bramble.crypto.KeyDerivationTestUtils.assertAllDifferent;
+import static org.briarproject.bramble.crypto.KeyDerivationTestUtils.assertMatches;
+import static org.briarproject.bramble.test.TestUtils.getSecretKey;
+import static org.briarproject.bramble.test.TestUtils.getTransportId;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotEquals;
+import static org.junit.Assert.assertSame;
+
+public class TransportKeyDerivationTest extends BrambleTestCase {
+
+	private final CryptoComponent crypto =
+			new CryptoComponentImpl(new TestSecureRandomProvider(), null);
+	private final TransportCrypto transportCrypto =
+			new TransportCryptoImpl(crypto);
+	private final TransportId transportId = getTransportId();
+	private final SecretKey rootKey = getSecretKey();
+
+	@Test
+	public void testKeysAreDistinct() {
+		TransportKeys kA = transportCrypto.deriveTransportKeys(transportId,
+				rootKey, 123, true, true);
+		TransportKeys kB = transportCrypto.deriveTransportKeys(transportId,
+				rootKey, 123, false, true);
+		assertAllDifferent(kA);
+		assertAllDifferent(kB);
+	}
+
+	@Test
+	public void testKeysAreNotRotatedToPreviousPeriod() {
+		TransportKeys k = transportCrypto.deriveTransportKeys(transportId,
+				rootKey, 123, true, true);
+		TransportKeys k1 = transportCrypto.rotateTransportKeys(k, 122);
+		assertSame(k, k1);
+	}
+
+	@Test
+	public void testKeysAreNotRotatedToCurrentPeriod() {
+		TransportKeys k = transportCrypto.deriveTransportKeys(transportId,
+				rootKey, 123, true, true);
+		TransportKeys k1 = transportCrypto.rotateTransportKeys(k, 123);
+		assertSame(k, k1);
+	}
+
+	@Test
+	public void testKeysAreRotatedByOnePeriod() {
+		TransportKeys k = transportCrypto.deriveTransportKeys(transportId,
+				rootKey, 123, true, true);
+		TransportKeys k1 = transportCrypto.rotateTransportKeys(k, 124);
+		assertSame(k.getCurrentIncomingKeys(), k1.getPreviousIncomingKeys());
+		assertSame(k.getNextIncomingKeys(), k1.getCurrentIncomingKeys());
+	}
+
+	@Test
+	public void testKeysAreRotatedByTwoPeriods() {
+		TransportKeys k = transportCrypto.deriveTransportKeys(transportId,
+				rootKey, 123, true, true);
+		TransportKeys k1 = transportCrypto.rotateTransportKeys(k, 125);
+		assertSame(k.getNextIncomingKeys(), k1.getPreviousIncomingKeys());
+	}
+
+	@Test
+	public void testKeysAreRotatedByThreePeriods() {
+		TransportKeys k = transportCrypto.deriveTransportKeys(transportId,
+				rootKey, 123, true, true);
+		TransportKeys k1 = transportCrypto.rotateTransportKeys(k, 126);
+		assertAllDifferent(k, k1);
+	}
+
+	@Test
+	public void testCurrentKeysMatchContact() {
+		// Start in time period 123
+		TransportKeys kA = transportCrypto.deriveTransportKeys(transportId,
+				rootKey, 123, true, true);
+		TransportKeys kB = transportCrypto.deriveTransportKeys(transportId,
+				rootKey, 123, false, true);
+		// Alice's incoming keys should equal Bob's outgoing keys
+		assertMatches(kA.getCurrentIncomingKeys(), kB.getCurrentOutgoingKeys());
+		// Bob's incoming keys should equal Alice's outgoing keys
+		assertMatches(kB.getCurrentIncomingKeys(), kA.getCurrentOutgoingKeys());
+		// Rotate into the future
+		kA = transportCrypto.rotateTransportKeys(kA, 456);
+		kB = transportCrypto.rotateTransportKeys(kB, 456);
+		// Alice's incoming keys should equal Bob's outgoing keys
+		assertMatches(kA.getCurrentIncomingKeys(), kB.getCurrentOutgoingKeys());
+		// Bob's incoming keys should equal Alice's outgoing keys
+		assertMatches(kB.getCurrentIncomingKeys(), kA.getCurrentOutgoingKeys());
+	}
+
+	@Test
+	public void testPreviousKeysMatchContact() {
+		// Start in time period 123
+		TransportKeys kA = transportCrypto.deriveTransportKeys(transportId,
+				rootKey, 123, true, true);
+		TransportKeys kB = transportCrypto.deriveTransportKeys(transportId,
+				rootKey, 123, false, true);
+		// Compare Alice's previous keys in period 456 with Bob's current keys
+		// in period 455
+		kA = transportCrypto.rotateTransportKeys(kA, 456);
+		kB = transportCrypto.rotateTransportKeys(kB, 455);
+		// Alice's previous incoming keys should equal Bob's current
+		// outgoing keys
+		assertMatches(kA.getPreviousIncomingKeys(),
+				kB.getCurrentOutgoingKeys());
+		// Compare Alice's current keys in period 456 with Bob's previous keys
+		// in period 457
+		kB = transportCrypto.rotateTransportKeys(kB, 457);
+		// Bob's previous incoming keys should equal Alice's current
+		// outgoing keys
+		assertMatches(kB.getPreviousIncomingKeys(),
+				kA.getCurrentOutgoingKeys());
+	}
+
+	@Test
+	public void testNextKeysMatchContact() {
+		// Start in time period 123
+		TransportKeys kA = transportCrypto.deriveTransportKeys(transportId,
+				rootKey, 123, true, true);
+		TransportKeys kB = transportCrypto.deriveTransportKeys(transportId,
+				rootKey, 123, false, true);
+		// Compare Alice's current keys in period 456 with Bob's next keys in
+		// period 455
+		kA = transportCrypto.rotateTransportKeys(kA, 456);
+		kB = transportCrypto.rotateTransportKeys(kB, 455);
+		// Bob's next incoming keys should equal Alice's current outgoing keys
+		assertMatches(kB.getNextIncomingKeys(), kA.getCurrentOutgoingKeys());
+		// Compare Alice's next keys in period 456 with Bob's current keys
+		// in period 457
+		kB = transportCrypto.rotateTransportKeys(kB, 457);
+		// Alice's next incoming keys should equal Bob's current outgoing keys
+		assertMatches(kA.getNextIncomingKeys(), kB.getCurrentOutgoingKeys());
+	}
+
+	@Test
+	public void testRootKeyAffectsOutput() {
+		SecretKey rootKey1 = getSecretKey();
+		assertFalse(Arrays.equals(rootKey.getBytes(), rootKey1.getBytes()));
+		TransportKeys k = transportCrypto.deriveTransportKeys(transportId,
+				rootKey, 123, true, true);
+		TransportKeys k1 = transportCrypto.deriveTransportKeys(transportId,
+				rootKey1, 123, true, true);
+		assertAllDifferent(k, k1);
+	}
+
+	@Test
+	public void testTransportIdAffectsOutput() {
+		TransportId transportId1 = getTransportId();
+		assertNotEquals(transportId.getString(), transportId1.getString());
+		TransportKeys k = transportCrypto.deriveTransportKeys(transportId,
+				rootKey, 123, true, true);
+		TransportKeys k1 = transportCrypto.deriveTransportKeys(transportId1,
+				rootKey, 123, true, true);
+		assertAllDifferent(k, k1);
+	}
+}