IVValidator.java

package net.i2p.router.tunnel;

/**
 * Provide a generic interface for IV validation which may be implemented
 * through something as simple as a hashtable or more a complicated 
 * bloom filter.
 *
 */
public interface IVValidator {
    /** 
     * receive the IV for the tunnel message, returning true if it is valid,
     * or false if it has already been used (or is otherwise invalid).  To
     * prevent colluding attackers from successfully tagging the tunnel by
     * switching the IV and the first block of the message, the validator should
     * treat the XOR of the IV and the first block as the unique identifier, 
     * not the IV alone (since the tunnel is encrypted via AES/CBC).  Thanks to
     * dvorak for pointing out that tagging!
     *
     */
    public boolean receiveIV(byte iv[], int ivOffset, byte payload[], int payloadOffset);
}