Interface IVValidator

  • All Known Implementing Classes:
    BloomFilterIVValidator, DummyValidator, HashSetIVValidator

    public interface IVValidator
    Provide a generic interface for IV validation which may be implemented through something as simple as a hashtable or more a complicated bloom filter.
    • Method Summary

      All Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      boolean receiveIV​(byte[] iv, int ivOffset, byte[] payload, int payloadOffset)
      receive the IV for the tunnel message, returning true if it is valid, or false if it has already been used (or is otherwise invalid).
    • Method Detail

      • receiveIV

        boolean receiveIV​(byte[] iv,
                          int ivOffset,
                          byte[] payload,
                          int payloadOffset)
        receive the IV for the tunnel message, returning true if it is valid, or false if it has already been used (or is otherwise invalid). To prevent colluding attackers from successfully tagging the tunnel by switching the IV and the first block of the message, the validator should treat the XOR of the IV and the first block as the unique identifier, not the IV alone (since the tunnel is encrypted via AES/CBC). Thanks to dvorak for pointing out that tagging!
        Parameters:
        iv - data will not be modified
        payload - will not be modified