updates.

[silc.git] / doc / draft-riikonen-silc-ke-auth-04.nroff

diff --git a/doc/draft-riikonen-silc-ke-auth-04.nroff b/doc/draft-riikonen-silc-ke-auth-04.nroff
index 1ad085eace0155953e5e66248b7c4a1da71adc2c..6e493f9f2a0008f2012851c8a30f5425a79a1751 100644 (file)
--- a/doc/draft-riikonen-silc-ke-auth-04.nroff
+++ b/doc/draft-riikonen-silc-ke-auth-04.nroff
@@ -220,8 +220,8 @@ payload before the key exchange procedure starts.  The cookie MUST be
 returned to the original sender by the responder.
 
 Following diagram represents the Key Exchange Start Payload.  The lists
-mentioned below are always comma (`,') separated and the list MUST
-not include spaces (` ').
+mentioned below are always comma (`,') separated and the list MUST NOT
+include spaces (` ').
 
 
 .in 5
@@ -610,7 +610,8 @@ Sending Initial Vector (IV)     = hash(0 | KEY | HASH)
 Receiving Initial Vector (IV)   = hash(1 | KEY | HASH)
 Sending Encryption Key          = hash(2 | KEY | HASH)
 Receiving Encryption Key        = hash(3 | KEY | HASH)
-HMAC Key                        = hash(4 | KEY | HASH)
+Sending HMAC Key                = hash(4 | KEY | HASH)
+Receiving HMAC Key              = hash(5 | KEY | HASH)
 .in 3
 
 
@@ -651,9 +652,9 @@ actually sender's sending key, and, the sending key is actually sender's
 receiving key.  Initiator uses generated keys as they are (sending key
 for sending and receiving key for receiving).
 
-The HMAC key is used to create MAC values to packets in the communication
-channel.  As many bytes as needed are taken from the start of the hash
-output.
+The HMAC keys are used to create MAC values to packets in the
+communication channel.  As many bytes as needed are taken from the start
+of the hash output to generate the MAC keys.
 
 These procedures are performed by all parties of the key exchange
 protocol.  This MUST be done before the protocol has been ended by
@@ -872,10 +873,10 @@ to have plaintext passphrase.  See the section 3.2.1 Passphrase
 Authentication for more information.
 
 If authentication method is public key authentication the authentication
-data is signature of the hash value HASH plus Key Exchange Start Payload,
-established by the SILC Key Exchange protocol.  This signature MUST then
-be verified by the server.  See the section 3.2.2 Public Key
-Authentication for more information.
+data is a signature of the hash value of hash HASH plus Key Exchange
+Start Payload, established by the SILC Key Exchange protocol.  This
+signature MUST then be verified by the server.  See the section 3.2.2
+Public Key Authentication for more information.
 
 The connecting client of this protocol MUST wait after successful execution
 of this protocol for the SILC_PACKET_NEW_ID packet where it will receive
@@ -969,8 +970,16 @@ which the server has received earlier in SKE protocol.
 The signature is computed using the private key of the sender by signing
 the HASH value provided by the SKE protocol previously, and the Key
 Exchange Start Payload from SKE protocol that was sent to the server.
-The server MUST verify the data, thus it must keep the HASH and the
-Key Exchange Start Payload saved during SKE and authentication protocols.
+These are concatenated and hash function is used to compute a hash value
+which is then signed.
+
+  auth_hash = hash(HASH | Key Exchange Start Payload);
+  signature = sign(auth_hash);
+
+The hash() function used to compute the value is the hash function negotiated
+in the SKE protocol.  The server MUST verify the data, thus it must keep
+the HASH and the Key Exchange Start Payload saved during SKE and
+authentication protocols.
 
 If the verified signature matches the sent signature, the authentication
 were successful and SILC_PACKET_SUCCESS is sent.  If it failed the protocol