Class BloomFilterIVValidator

  • All Implemented Interfaces:
    IVValidator

    class BloomFilterIVValidator
    extends Object
    implements IVValidator
    Manage the IV validation for all of the router's tunnels by way of a big decaying bloom filter.
    • Constructor Detail

      • BloomFilterIVValidator

        public BloomFilterIVValidator​(RouterContext ctx,
                                      int KBps)
        Parameters:
        KBps - share bandwidth
    • Method Detail

      • receiveIV

        public boolean receiveIV​(byte[] ivData,
                                 int ivOffset,
                                 byte[] payload,
                                 int payloadOffset)
        Description copied from interface: IVValidator
        receive the IV for the tunnel message, returning true if it is valid, or false if it has already been used (or is otherwise invalid). To prevent colluding attackers from successfully tagging the tunnel by switching the IV and the first block of the message, the validator should treat the XOR of the IV and the first block as the unique identifier, not the IV alone (since the tunnel is encrypted via AES/CBC). Thanks to dvorak for pointing out that tagging!
        Specified by:
        receiveIV in interface IVValidator
        Parameters:
        ivData - data will not be modified
        payload - will not be modified
      • destroy

        public void destroy()