2.3.17 New Client Payload ................................. 31
2.3.18 New Server Payload ................................. 32
2.3.19 New Channel Payload ................................ 33
+ 2.3.20 Key Agreement Payload .............................. XXX
2.4 SILC ID Types ............................................. 39
2.5 Packet Encryption And Decryption .......................... 39
2.5.1 Normal Packet Encryption And Decryption ............. 39
This packet must not be sent as list and the List flag must
not be set.
- Payload of the packet: See section 2.3.19 New Client Payload
+ Payload of the packet: See section 2.3.17 New Client Payload
20 SILC_PACKET_NEW_SERVER
This packet must not be sent as list and the List flag must
not be set.
- Payload of the packet: See section 2.3.20 New Server Payload
+ Payload of the packet: See section 2.3.18 New Server Payload
21 SILC_PACKET_NEW_CHANNEL
packet. This packet maybe sent to entity that is indirectly
connected to the sender.
- Payload of the packet: See section 2.3.21 New Channel Payload
+ Payload of the packet: See section 2.3.19 New Channel Payload
22 SILC_PACKET_REKEY
not be set.
- 25 - 199
+ 25 SILC_PACKET_KEY_AGREEMENT
+
+ This packet is used by clients to request key negotiation
+ between another client in the SILC network. If the negotiation
+ is started it is performed using the SKE protocol. The result of
+ the negotiation, the secret key material, can be used for
+ example as private message key. The server and router must not
+ send this packet.
+
+ Payload of the packet: See section 2.3.20 Key Agreement Payload
+
+
+ 26 - 199
Currently undefined commands.
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+~ MAC ~
+| |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+| |
~ Initial Vector * ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
applied because this payload is encrypted separately from
other parts of the packet.
+o MAC (variable legnth) - The MAC computed from the
+ Message Length, Message Data, Padding Length and Padding
+ fields. This protects the integrity of the plaintext
+ channel message. The receiver can verify from the MAC
+ whether the message decrypted correctly. Also, if more than
+ one private key has been set for the channel, the receiver
+ can verify which of the keys decrypted the message
+ correctly. Note that, this field is encrypted and must
+ be added to the padding calculation.
+
o Initial Vector (variable length) - The initial vector
that has been used in packet encryption. It needs to be
used in the packet decryption as well. What this field
~ Private Message Key ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+| Cipher Name Length | |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
+| |
+~ Cipher Name ~
+| |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
.in 3
.ce
any other field.
o Private Message Key (variable length) - The actual private
- message key material. This key is used as such as key material
- for encryption function.
+ message key material.
+
+o Cipher Name Length (2 bytes) - Indicates the length of the
+ Cipher Name field in the payload, not including any other
+ field.
+
+o Cipher Name (variable length) - Name of the cipher to use
+ in the private message encryption. If this field does not
+ exist then the default cipher of the SILC protocol is used.
+ See the [SILC1] for defined ciphers.
.in 3
+
.ti 0
2.3.13 Command Payload
.ti 0
-2.3.18 New Client Payload
+2.3.17 New Client Payload
When client is connected to the server, keys has been exchanged and
connection has been authenticated client must register itself to the
.ti 0
-2.3.19 New Server Payload
+2.3.18 New Server Payload
This payload is sent by server when it has completed successfully both
key exchange and connection authentication protocols. The server
.ti 0
-2.3.20 New Channel Payload
+2.3.19 New Channel Payload
Information about newly created channel is broadcasted to all routers
in the SILC network by sending this packet payload. Channels are
represents the New Channel Payload.
-
-
.in 5
.nf
1 2 3
.in 3
+.ti 0
+2.3.20 Key Agreement Payload
+
+This payload is used by clients to request key negotiation between
+another client in the SILC Network. The key agreement protocol used
+is the SKE protocol. The result of the protocol, the secret key
+material, can be used for example as private message key between the
+two clients. This significantly adds security as the key agreement
+is performed outside the SILC network. The server and router must not
+send this payload.
+
+The sender may tell the receiver of this payload the hostname and the
+port where the SKE protocol is running in the sender's end. The
+receiver may then initiate the SKE negotiation with the sender. The
+sender may also optionally not to include the hostname and the port
+of its SKE protocol. In this case the receiver may reply to the
+request by sending the same payload filled with the receiver's hostname
+and the port where the SKE protocol is running. The sender may then
+initiate the SKE negotiation with the receiver.
+
+The payload may only be sent with SILC_PACKET_KEY_AGREEMENT packet.
+It must not be sent in any other packet type. The following diagram
+represents the Key Agreement Payload.
+
+
+.in 5
+.nf
+ 1 2 3
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+| Hostname Length | |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
+| |
+~ Hostname ~
+| |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+| Port |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+.in 3
+
+.ce
+Figure 20: Key Agreement Payload
+
+
+
+.in 6
+o Hostname Length (2 bytes) - Indicates the length of the Hostname
+ field.
+
+o Hostname (variable length) - The hostname or IP address where
+ the SKE protocol is running. The sender may fill this field
+ when sending the payload. If the receiver sends this payload
+ as reply to the request it must fill this field.
+
+o Port (4 bytes) - The port where the SKE protocol is bound.
+ The sender may fill this field when sending the payload. If
+ the receiver sends this payload as reply to the request it
+ must fill this field. This is a 32 bit MSB first order value.
+.in 3
+
+
+After the key material has been received from the SKE protocol it is
+processed as the [SILC3] describes. If the key material is used as
+channel private key then the Sending Encryption Key, as defined in
+[SILC3] is used as the channel private key. Other key material must
+be discarded. The [SILC1] defines the way to use the key material if
+it is intended to be used as private message keys. Any other use for
+the key material is undefined.
+
+
.ti 0
2.4 SILC ID Types
packet processing is special. Rest of the SILC Packet header is
decrypted with the same session key along with the padding of the
packet. After that the packet is protected with the channel specific
-key and hence can be decrypted only if the receiver is the client on
+key and thus can be decrypted only if the receiver is the client on
the channel. See section 2.7 Packet Padding Generation for more
information about padding on special packets.
projects / silc.git / blobdiff