3.10.3 Hash Functions ..................................... 26
3.10.4 MAC Algorithms ..................................... 27
3.10.5 Compression Algorithms ............................. 27
- 3.11 SILC Public Key .......................................... 27
+ 3.11 SILC Public Key .......................................... 28
3.12 SILC Version Detection ................................... 30
- 3.13 Backup Routers ........................................... 30
+ 3.13 Backup Routers ........................................... 31
3.13.1 Switching to Backup Router ......................... 32
3.13.2 Resuming Primary Router ............................ 33
- 3.13.3 Discussion on Backup Router Scheme ................. 35
+ 3.13.3 Discussion on Backup Router Scheme ................. 36
4 SILC Procedures ............................................... 36
4.1 Creating Client Connection ................................ 36
4.2 Creating Server Connection ................................ 38
4.7 Channel Message Sending and Reception ..................... 43
4.8 Session Key Regeneration .................................. 43
4.9 Command Sending and Reception ............................. 44
- 4.10 Closing Connection ....................................... 44
+ 4.10 Closing Connection ....................................... 45
4.11 Detaching and Resuming a Session ......................... 45
5 Security Considerations ....................................... 47
6 References .................................................... 48
Figure 6: Counter Block
.in 6
-o Truncated HASH from SKE (4 bytes) - This value is the 32 most
- significant bits from the HASH value that was computed as a
- result of SKE protocol. This acts as session identifier and
- each rekey MUST produce a new HASH value.
-
-o Sending/Receiving IV from SKE (8 bytes) - This value is the 64
- most significant bits from the Sending IV or Receiving IV
- generated in the SKE protocol. When this mode is used to
- encrypt sending traffic the Sending IV is used, when used to
- decrypt receiving traffic the Receiving IV is used. This
- assures that two parties of the protocol use different IV
- for sending traffic. Each rekey MUST produce a new value.
+o Truncated HASH from SKE (4 bytes) - This value is the first 4
+ bytes from the HASH value that was computed as a result of SKE
+ protocol. This acts as session identifier and each rekey MUST
+ produce a new HASH value.
+
+o Sending/Receiving IV from SKE (8 bytes) - This value is the
+ first 8 bytes from the Sending IV or Receiving IV generated in
+ the SKE protocol. When this mode is used to encrypt sending
+ traffic the Sending IV is used, when used to decrypt receiving
+ traffic the Receiving IV is used. This assures that two parties
+ of the protocol use different IV for sending traffic. Each rekey
+ MUST produce a new value.
o Block Counter (4 bytes) - This is the counter value for the
counter block and is MSB ordered number starting from one (1)
3.10.1.3 Randomized CBC Mode
The "rcbc" encryption mode is CBC mode with randomized IV. This means
-that each IV for each packet MUST be chosen randomly (same IV is used
-to encrypt all blocks in the given packet). In this mode the IV is
-appended at the end of the last ciphertext block and thus delivered to
-the recipient. This mode increases the ciphertext size by one
-ciphertext block. Note also that some data payloads in SILC are capable
-of delivering the IV to the recipient. When explicitly encrypting these
-payloads with randomized CBC the IV MUST NOT be appended at the end
-of the ciphertext.
+that each IV for each packet MUST be chosen randomly. When encrypting
+more than one block the normal inter-packet chaining is used, but for
+the first block new random IV is selected in each packet. In this mode
+the IV is appended at the end of the last ciphertext block and thus
+delivered to the recipient. This mode increases the ciphertext size by
+one ciphertext block. Note also that some data payloads in SILC are
+capable of delivering the IV to the recipient. When explicitly
+encrypting these payloads with randomized CBC the IV MUST NOT be appended
+at the end of the ciphertext. When encrypting these payloads with
+"cbc" mode they implicitly become randomized CBC since the IV is
+usually selected random and included in the ciphertext. In these
+cases using either CBC or randomized CBC is actually equivalent.
.ti 0
Additional compression algorithms MAY be defined to be used in SILC.
+
.ti 0
3.11 SILC Public Key
The software version MAY be freely set and accepted. The version string
MUST consist of printable US-ASCII characters.
-
Thus, the version strings could be, for example:
.in 6
is defined in [SILC2].
+
+
.ti 0
3.13.3 Discussion on Backup Router Scheme
generated if the SILC_CMODE_PRIVKEY mode is set.
-
.ti 0
4.4 Channel Key Generation
from its own server.
+
.ti 0
4.10 Closing Connection