net.i2p.router.tunnel
Class BloomFilterIVValidator

java.lang.Object
  extended by net.i2p.router.tunnel.BloomFilterIVValidator
All Implemented Interfaces:
IVValidator

public class BloomFilterIVValidator
extends java.lang.Object
implements IVValidator

Manage the IV validation for all of the router's tunnels by way of a big decaying bloom filter.


Constructor Summary
BloomFilterIVValidator(RouterContext ctx, int KBps)
           
 
Method Summary
 void destroy()
           
 boolean receiveIV(byte[] ivData, int ivOffset, byte[] payload, int payloadOffset)
          receive the IV for the tunnel message, returning true if it is valid, or false if it has already been used (or is otherwise invalid).
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

BloomFilterIVValidator

public BloomFilterIVValidator(RouterContext ctx,
                              int KBps)
Method Detail

receiveIV

public boolean receiveIV(byte[] ivData,
                         int ivOffset,
                         byte[] payload,
                         int payloadOffset)
Description copied from interface: IVValidator
receive the IV for the tunnel message, returning true if it is valid, or false if it has already been used (or is otherwise invalid). To prevent colluding attackers from successfully tagging the tunnel by switching the IV and the first block of the message, the validator should treat the XOR of the IV and the first block as the unique identifier, not the IV alone (since the tunnel is encrypted via AES/CBC). Thanks to dvorak for pointing out that tagging!

Specified by:
receiveIV in interface IVValidator

destroy

public void destroy()