3.10.3 Hash Functions ..................................... 26
3.10.4 MAC Algorithms ..................................... 27
3.10.5 Compression Algorithms ............................. 27
- 3.11 SILC Public Key .......................................... 27
+ 3.11 SILC Public Key .......................................... 28
3.12 SILC Version Detection ................................... 30
- 3.13 Backup Routers ........................................... 30
+ 3.13 Backup Routers ........................................... 31
3.13.1 Switching to Backup Router ......................... 32
3.13.2 Resuming Primary Router ............................ 33
- 3.13.3 Discussion on Backup Router Scheme ................. 35
+ 3.13.3 Discussion on Backup Router Scheme ................. 36
4 SILC Procedures ............................................... 36
4.1 Creating Client Connection ................................ 36
4.2 Creating Server Connection ................................ 38
4.7 Channel Message Sending and Reception ..................... 43
4.8 Session Key Regeneration .................................. 43
4.9 Command Sending and Reception ............................. 44
- 4.10 Closing Connection ....................................... 44
+ 4.10 Closing Connection ....................................... 45
4.11 Detaching and Resuming a Session ......................... 45
5 Security Considerations ....................................... 47
6 References .................................................... 48
Figure 6: Counter Block
.in 6
-o Truncated HASH from SKE (4 bytes) - This value is the 32 most
- significant bits from the HASH value that was computed as a
- result of SKE protocol. This acts as session identifier and
- each rekey MUST produce a new HASH value.
-
-o Sending/Receiving IV from SKE (8 bytes) - This value is the 64
- most significant bits from the Sending IV or Receiving IV
- generated in the SKE protocol. When this mode is used to
- encrypt sending traffic the Sending IV is used, when used to
- decrypt receiving traffic the Receiving IV is used. This
- assures that two parties of the protocol use different IV
- for sending traffic. Each rekey MUST produce a new value.
+o Truncated HASH from SKE (4 bytes) - This value is the first 4
+ bytes from the HASH value that was computed as a result of SKE
+ protocol. This acts as session identifier and each rekey MUST
+ produce a new HASH value.
+
+o Sending/Receiving IV from SKE (8 bytes) - This value is the
+ first 8 bytes from the Sending IV or Receiving IV generated in
+ the SKE protocol. When this mode is used to encrypt sending
+ traffic the Sending IV is used, when used to decrypt receiving
+ traffic the Receiving IV is used. This assures that two parties
+ of the protocol use different IV for sending traffic. Each rekey
+ MUST produce a new value.
o Block Counter (4 bytes) - This is the counter value for the
counter block and is MSB ordered number starting from one (1)
one ciphertext block. Note also that some data payloads in SILC are
capable of delivering the IV to the recipient. When explicitly
encrypting these payloads with randomized CBC the IV MUST NOT be appended
-at the end of the ciphertext.
+at the end of the ciphertext. When encrypting these payloads with
+"cbc" mode they implicitly become randomized CBC since the IV is
+usually selected random and included in the ciphertext. In these
+cases using either CBC or randomized CBC is actually equivalent.
.ti 0
Additional compression algorithms MAY be defined to be used in SILC.
+
.ti 0
3.11 SILC Public Key
The software version MAY be freely set and accepted. The version string
MUST consist of printable US-ASCII characters.
-
Thus, the version strings could be, for example:
.in 6
is defined in [SILC2].
+
+
.ti 0
3.13.3 Discussion on Backup Router Scheme
generated if the SILC_CMODE_PRIVKEY mode is set.
-
.ti 0
4.4 Channel Key Generation
from its own server.
+
.ti 0
4.10 Closing Connection
projects / crypto.git / blobdiff