1.1 Requirements Terminology .................................. 4
2 SILC Concepts ................................................. 4
2.1 SILC Network Topology ..................................... 4
- 2.2 Communication Inside a Cell ............................... 5
+ 2.2 Communication Inside a Cell ............................... 6
2.3 Communication in the Network .............................. 6
2.4 Channel Communication ..................................... 7
- 2.5 Router Connections ........................................ 7
+ 2.5 Router Connections ........................................ 8
3 SILC Specification ............................................ 8
- 3.1 Client .................................................... 8
+ 3.1 Client .................................................... 9
3.1.1 Client ID ........................................... 9
3.2 Server .................................................... 10
3.2.1 Server's Local ID List .............................. 10
3.9.1 Authentication Payload .............................. 21
3.10 Algorithms ............................................... 23
3.10.1 Ciphers ............................................ 23
- 3.10.1.1 CBC Mode .................................. XXX
- 3.10.1.2 CTR Mode .................................. XXX
- 3.10.1.3 Randomized CBC Mode ....................... XXX
- 3.10.2 Public Key Algorithms .............................. 24
- 3.10.3 Hash Functions ..................................... 24
- 3.10.4 MAC Algorithms ..................................... 25
- 3.10.5 Compression Algorithms ............................. 25
- 3.11 SILC Public Key .......................................... 26
- 3.12 SILC Version Detection ................................... 28
- 3.13 Backup Routers ........................................... 28
- 3.13.1 Switching to Backup Router ......................... 30
- 3.13.2 Resuming Primary Router ............................ 31
- 3.13.3 Discussion on Backup Router Scheme ................. 33
-4 SILC Procedures ............................................... 34
- 4.1 Creating Client Connection ................................ 34
- 4.2 Creating Server Connection ................................ 35
- 4.2.1 Announcing Clients, Channels and Servers ............ 36
- 4.3 Joining to a Channel ...................................... 37
- 4.4 Channel Key Generation .................................... 38
- 4.5 Private Message Sending and Reception ..................... 39
- 4.6 Private Message Key Generation ............................ 39
- 4.7 Channel Message Sending and Reception ..................... 40
- 4.8 Session Key Regeneration .................................. 40
- 4.9 Command Sending and Reception ............................. 41
- 4.10 Closing Connection ....................................... 42
- 4.11 Detaching and Resuming a Session ......................... 42
-5 Security Considerations ....................................... 44
-6 References .................................................... 45
-7 Author's Address .............................................. 47
+ 3.10.1.1 CBC Mode .................................. 24
+ 3.10.1.2 CTR Mode .................................. 24
+ 3.10.1.3 Randomized CBC Mode ....................... 25
+ 3.10.2 Public Key Algorithms .............................. 26
+ 3.10.3 Hash Functions ..................................... 26
+ 3.10.4 MAC Algorithms ..................................... 27
+ 3.10.5 Compression Algorithms ............................. 27
+ 3.11 SILC Public Key .......................................... 28
+ 3.12 SILC Version Detection ................................... 30
+ 3.13 Backup Routers ........................................... 31
+ 3.13.1 Switching to Backup Router ......................... 32
+ 3.13.2 Resuming Primary Router ............................ 33
+ 3.13.3 Discussion on Backup Router Scheme ................. 36
+4 SILC Procedures ............................................... 36
+ 4.1 Creating Client Connection ................................ 36
+ 4.2 Creating Server Connection ................................ 38
+ 4.2.1 Announcing Clients, Channels and Servers ............ 38
+ 4.3 Joining to a Channel ...................................... 39
+ 4.4 Channel Key Generation .................................... 41
+ 4.5 Private Message Sending and Reception ..................... 41
+ 4.6 Private Message Key Generation ............................ 42
+ 4.7 Channel Message Sending and Reception ..................... 43
+ 4.8 Session Key Regeneration .................................. 43
+ 4.9 Command Sending and Reception ............................. 44
+ 4.10 Closing Connection ....................................... 45
+ 4.11 Detaching and Resuming a Session ......................... 45
+5 Security Considerations ....................................... 47
+6 References .................................................... 48
+7 Author's Address .............................................. 49
local clients on the channel.
+
.ti 0
2.5 Router Connections
The format of the Authentication Payload is as follows:
-
.in 5
.nf
1 2 3
The following ciphers are defined in SILC protocol:
-.in 6
aes-256-cbc AES in CBC mode, 256 bit key (REQUIRED)
aes-256-ctr AES in CTR mode, 256 bit key (RECOMMENDED)
aes-256-rcbc AES in randomized CBC mode, 256 bit key (OPTIONAL)
rc6-<len>-<mode> RC6 in <mode> mode, <len> bit key (OPTIONAL)
mars-<len>-<mode> MARS in <mode> mode, <len> bit key (OPTIONAL)
none No encryption (OPTIONAL)
-.in 3
-
The <mode> is either "cbc", "ctr" or "rcbc". Other encryption modes MAY
be defined as to be used in SILC using the same format. The <len> is
Figure 6: Counter Block
.in 6
-o Truncated HASH from SKE (4 bytes) - This value is the 32 most
- significant bits from the HASH value that was computed as a
- result of SKE protocol. This acts as session identifier and
- each rekey MUST produce a new HASH value.
-
-o Sending/Receiving IV from SKE (8 bytes) - This value is the 64
- most significant bits from the Sending IV or Receiving IV
- generated in the SKE protocol. When this mode is used to
- encrypt sending traffic the Sending IV is used, when used to
- decrypt receiving traffic the Receiving IV is used. This
- assures that two parties of the protocol use different IV
- for sending traffic. Each rekey MUST produce a new value.
+o Truncated HASH from SKE (4 bytes) - This value is the first 4
+ bytes from the HASH value that was computed as a result of SKE
+ protocol. This acts as session identifier and each rekey MUST
+ produce a new HASH value.
+
+o Sending/Receiving IV from SKE (8 bytes) - This value is the
+ first 8 bytes from the Sending IV or Receiving IV generated in
+ the SKE protocol. When this mode is used to encrypt sending
+ traffic the Sending IV is used, when used to decrypt receiving
+ traffic the Receiving IV is used. This assures that two parties
+ of the protocol use different IV for sending traffic. Each rekey
+ MUST produce a new value.
o Block Counter (4 bytes) - This is the counter value for the
counter block and is MSB ordered number starting from one (1)
3.10.1.3 Randomized CBC Mode
The "rcbc" encryption mode is CBC mode with randomized IV. This means
-that each IV for each packet MUST be chosen randomly (same IV is used
-to encrypt all blocks in the given packet). In this mode the IV is
-appended at the end of the last ciphertext block and thus delivered to
-the recipient. This mode increases the ciphertext size by one
-ciphertext block. Note also that some data payloads in SILC are capable
-of delivering the IV to the recipient. When explicitly encrypting these
-payloads with randomized CBC the IV MUST NOT be appended at the end
-of the ciphertext.
+that each IV for each packet MUST be chosen randomly. When encrypting
+more than one block the normal inter-packet chaining is used, but for
+the first block new random IV is selected in each packet. In this mode
+the IV is appended at the end of the last ciphertext block and thus
+delivered to the recipient. This mode increases the ciphertext size by
+one ciphertext block. Note also that some data payloads in SILC are
+capable of delivering the IV to the recipient. When explicitly
+encrypting these payloads with randomized CBC the IV MUST NOT be appended
+at the end of the ciphertext. When encrypting these payloads with
+"cbc" mode they implicitly become randomized CBC since the IV is
+usually selected random and included in the ciphertext. In these
+cases using either CBC or randomized CBC is actually equivalent.
.ti 0
.in 3
+
.ti 0
3.10.4 MAC Algorithms
Additional MAC algorithms MAY be defined to be used in SILC.
-
-
.ti 0
3.10.5 Compression Algorithms
Additional compression algorithms MAY be defined to be used in SILC.
+
.ti 0
3.11 SILC Public Key
The software version MAY be freely set and accepted. The version string
MUST consist of printable US-ASCII characters.
-
Thus, the version strings could be, for example:
.in 6
is defined in [SILC2].
+
+
.ti 0
3.13.3 Discussion on Backup Router Scheme
Also, clients' modes (user modes in SILC) MUST be announced. This is
done by compiling a list of Notify Payloads with SILC_NOTIFY_UMODE_CHANGE
-nofity type into the SILC_PACKET_NOTIFY packet. Also, channel's topics
+notify type into the SILC_PACKET_NOTIFY packet. Also, channel's topics
MUST be announced by compiling a list of Notify Payloads with the
SILC_NOTIFY_TOPIC_SET notify type into the SILC_PACKET_NOTIFY packet.
.ti 0
4.5 Private Message Sending and Reception
-Private messages are sent point to point. Client explicitly destines
+Private messages are sent point to point. Client explicitly destine
a private message to specific client that is delivered to only to that
client. No other client may receive the private message. The receiver
of the private message is destined in the SILC Packet Header as any
from its own server.
+
.ti 0
4.10 Closing Connection