Fixed KE Start Payload parsing to check for mandatory fields.

[crypto.git] / doc / draft-riikonen-silc-ke-auth-06.nroff

diff --git a/doc/draft-riikonen-silc-ke-auth-06.nroff b/doc/draft-riikonen-silc-ke-auth-06.nroff
index cedfc2169da01a25bff70247725ede8810fb7115..e5d0b2809b3b0bdf2745f999e522e73c71d1c51a 100644 (file)
--- a/doc/draft-riikonen-silc-ke-auth-06.nroff
+++ b/doc/draft-riikonen-silc-ke-auth-06.nroff
@@ -339,7 +339,7 @@ o Payload Length (2 bytes) - Length of the entire Key Exchange
 
 o Cookie (16 bytes) - Cookie that randomize this payload so
   that each of the party cannot determine the payload before
-  hand.
+  hand.  This field MUST be present.
 
 o Version String Length (2 bytes) - The length of the Version
   String field, not including any other field.
@@ -348,46 +348,48 @@ o Version String (variable length) - Indicates the version of
   the sender of this payload.  Initiator sets this when sending
   the payload and responder sets this when it replies by sending
   this payload.  See [SILC1] for definition of the version
-  string format.
+  string format.  This field MUST be present and include valid
+  version string.
 
 o Key Exchange Grp Length (2 bytes) - The length of the
   key exchange group list, not including any other field.
 
 o Key Exchange Group (variable length) - The list of
   key exchange groups.  See the section 2.4 SILC Key Exchange
-  Groups for definitions of these groups.
+  Groups for definitions of these groups.  This field MUST
+  be present.
 
 o PKCS Alg Length (2 bytes) - The length of the PKCS algorithms
   list, not including any other field.
 
 o PKCS Algorithms (variable length) - The list of PKCS 
-  algorithms.
+  algorithms.  This field MUST be present.
 
 o Encryption Alg Length (2 bytes) - The length of the encryption
   algorithms list, not including any other field.
 
 o Encryption Algorithms (variable length) - The list of
-  encryption algorithms.
+  encryption algorithms.  This field MUST be present.
 
 o Hash Alg Length (2 bytes) - The length of the Hash algorithm
   list, not including any other field.
 
 o Hash Algorithms (variable length) - The list of Hash
   algorithms.  The hash algorithms are mainly used in the
-  SKE protocol.
+  SKE protocol.  This field MUST be present.
 
 o HMAC Length (2 bytes) - The length of the HMAC list, not
   including any other field.
 
 o HMACs (variable length) - The list of HMACs.  The HMAC's
   are used to compute the Message Authentication Codes (MAC)
-  of the SILC packets.
+  of the SILC packets.  This field MUST be present.
 
 o Compression Alg Length (2 bytes) - The length of the
   compression algorithms list, not including any other field.
 
 o Compression Algorithms (variable length) - The list of 
-  compression algorithms.
+  compression algorithms.  This field MAY be omitted.
 .in 3
 
 
@@ -483,17 +485,18 @@ o Public Key Type (2 bytes) - The public key (or certificate)
   be closed immediately.
 
 o Public Key (or certificate) (variable length) - The
-  public key or certificate.  The public key or certificate
-  in this field is encoded in the manner as defined in their
-  respective definitions;  see previous field.
+  public key or certificate of the party.  This public key
+  is used to verify the digital signature.  The public key
+  or certificate in this field is encoded in the manner as
+  defined in their respective definitions; see previous field.
 
 o Public Data Length (2 bytes) - The length of the Public Data
   field, not including any other field.
 
 o Public Data (variable length) - The public data to be
-  sent to the receiver.  See section 2.2 Key Exchange 
-  Procedure for detailed description how this field is
-  computed.  This value is binary encoded.
+  sent to the receiver (Diffie-Hellman public values).  See
+  section 2.2 Key Exchange Procedure for detailed description
+  how this field is computed.  This value is binary encoded.
 
 o Signature Length (2 bytes) - The length of the signature,
   not including any other field.
@@ -535,16 +538,16 @@ Setup:  p is a large and public safe prime.  This is one of the
         If the Mutual Authentication flag is set then initiator
         MUST also produce signature data SIGN_i which the responder
         will verify.  The initiator MUST compute a hash value
-        HASH_i = hash(Key Exchange Start Payload | public key
-        (or certificate) | e).  It then signs the HASH_i value with
-        its private key resulting a signature SIGN_i.
+        HASH_i = hash(Initiator's Key Exchange Start Payload |
+        public key (or certificate) | e).  It then signs the HASH_i
+        value with its private key resulting a signature SIGN_i.
 
     2.  Responder generates a random number y, where 1 < y < q,
         and computes f = g ^ y mod p.  It then computes the
         shared secret KEY = e ^ y mod p, and, a hash value 
-        HASH = hash(Key Exchange Start Payload data | public 
-        key (or certificate) | Initiator's public key (or
-        certificate) | e | f | KEY).  It then signs
+        HASH = hash(Initiator's Key Exchange Start Payload |
+        public key (or certificate) | Initiator's public key
+        (or certificate) | e | f | KEY).  It then signs
         the HASH value with its private key resulting a signature
         SIGN.