2.3.17 New Client Payload ................................. 31
2.3.18 New Server Payload ................................. 32
2.3.19 New Channel Payload ................................ 33
+ 2.3.20 Key Agreement Payload .............................. XXX
2.4 SILC ID Types ............................................. 39
2.5 Packet Encryption And Decryption .......................... 39
2.5.1 Normal Packet Encryption And Decryption ............. 39
The header is variable in length and first two (2) bytes of the
header (thus first two bytes of the packet) are not encrypted. The
first two (2) bytes are the length of the packet which is not encrypted.
-See following section for description of SILC Packet header. Packets
+See The following section for description of SILC Packet header. Packets
without SILC header or with malformed SILC header must be dropped.
Padding follows the packet header. The purpose of the padding is to
the packet header to parse the packet and gain other relevant parameters
of the packet.
-Following diagram represents the default SILC header format.
+The following diagram represents the default SILC header format.
(*) indicates that this field is never encrypted. Other fields are
always encrypted.
processing. Several flags may be set by ORing the flags
together.
- Following flags are reserved for this field:
+ The following flags are reserved for this field:
No flags 0x00
This packet must not be sent as list and the List flag must
not be set.
- Payload of the packet: See section 2.3.19 New Client Payload
+ Payload of the packet: See section 2.3.17 New Client Payload
20 SILC_PACKET_NEW_SERVER
This packet must not be sent as list and the List flag must
not be set.
- Payload of the packet: See section 2.3.20 New Server Payload
+ Payload of the packet: See section 2.3.18 New Server Payload
21 SILC_PACKET_NEW_CHANNEL
packet. This packet maybe sent to entity that is indirectly
connected to the sender.
- Payload of the packet: See section 2.3.21 New Channel Payload
+ Payload of the packet: See section 2.3.19 New Channel Payload
22 SILC_PACKET_REKEY
not be set.
- 25 - 199
+ 25 SILC_PACKET_KEY_AGREEMENT
+
+ This packet is used by clients to request key negotiation
+ between another client in the SILC network. If the negotiation
+ is started it is performed using the SKE protocol. The result of
+ the negotiation, the secret key material, can be used for
+ example as private message key. The server and router must not
+ send this packet.
+
+ Payload of the packet: See section 2.3.20 Key Agreement Payload
+
+
+ 26 - 199
Currently undefined commands.
This payload can be used to send an ID. ID's are variable length thus
this payload provides a way to send variable length ID's.
-Following diagram represents the ID Payload.
+The following diagram represents the ID Payload.
.in 5
.nf
associated with a packet must be indicated by the packet payload who
needs the arguments. Argument Payloads must always reside right after
the packet payload needing the arguments. Incorrect amount of argument
-payloads must cause rejection of the packet. Following diagram represents
+payloads must cause rejection of the packet. The following diagram represents
the Argument Payload.
reason of disconnection is sent to the disconnected party.
The payload may only be sent with SILC_PACKET_DISCONNECT packet. It
-must not be sent in any other packet type. Following diagram represents
+must not be sent in any other packet type. The following diagram represents
the Disconnect Payload.
contents of the payload, however, notify message should be audited.
The payload may only be sent with SILC_PACKET_NOTIFY packet. It must
-not be sent in any other packet type. Following diagram represents the
+not be sent in any other packet type. The following diagram represents the
Notify Payload.
.in 5
arguments to be send along the notify message.
.in 3
-Following list of currently defined notify types. The format for notify
+The following list of currently defined notify types. The format for notify
arguments is same as in SILC commands described in [SILC1]. Also, all
ID's sent in arguments are sent inside ID Payload.
Sent when client has joined to a channel. The server must distribute
this type only to the local clients on the channel and then send
- it to its primary router. The router or server receiving the packet
+ it to its primary router. The router or server receiving the packet
distributes this type to the local clients on the channel and
broadcast it to the network.
Sent when client has left a channel. The server must distribute
this type only to the local clients on the channel and then send
- it to its primary router. The router or server receiving the packet
+ it to its primary router. The router or server receiving the packet
distributes this type to the local clients on the channel and
broadcast it to the network.
Sent when client signoffs from SILC network. The server must
distribute this type only to the local clients on the channel and
- then send it to its primary router. The router or server receiving
+ then send it to its primary router. The router or server receiving
the packet distributes this type to the local clients on the channel
and broadcast it to the network.
Max Arguments: 2
- Arguments: (1) <Client ID> (2) <message>
+ Arguments: (1) <Client ID> (2) <message>
The <Client ID> is the client who left SILC network. The <message>
is free text string indicating the reason of signoff.
The <Server ID> is the server's ID.
+
+12 SILC_NOTIFY_TYPE_KICKED
+
+ Sent when a client has been kicked from a channel. This is sent
+ also to the client who was kicked from the channel. The client
+ who was kicked from the channel must be removed from the channel.
+ This notify type is always destined to the channel. The router or
+ server receiving the packet distributes this type to the local
+ clients on the channel and broadcast it to the network.
+
+ Max Arguments: 2
+ Arguments: (1) <Client ID> (2) [<comment>]
+
+ The <Client ID> is the client who was kicked from the channel.
+ The kicker may have set the <comment> to indicate the reason for
+ the kicking.
+
.in 3
Notify types starting from 16384 are reserved for private notify
the message.
The payload may only be sent with SILC_PACKET_CHANNEL_MESSAGE packet.
-It must not be sent in any other packet type. Following diagram
+It must not be sent in any other packet type. The following diagram
represents the Channel Message Payload.
(*) indicates that the field is not encrypted.
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+~ MAC ~
+| |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+| |
~ Initial Vector * ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
applied because this payload is encrypted separately from
other parts of the packet.
+o MAC (variable legnth) - The MAC computed from the
+ Message Length, Message Data, Padding Length and Padding
+ fields. This protects the integrity of the plaintext
+ channel message. The receiver can verify from the MAC
+ whether the message decrypted correctly. Also, if more than
+ one private key has been set for the channel, the receiver
+ can verify which of the keys decrypted the message
+ correctly. Note that, this field is encrypted and must
+ be added to the padding calculation.
+
o Initial Vector (variable length) - The initial vector
that has been used in packet encryption. It needs to be
used in the packet decryption as well. What this field
which case new channel key is created and distributed.
The payload may only be sent with SILC_PACKET_CHANNEL_KEY packet.
-It must not be sent in any other packet type. Following diagram
+It must not be sent in any other packet type. The following diagram
represents the Channel Key Payload.
this scheme as well.
The payload may only be sent with SILC_PACKET_PRIVATE_MESSAGE
-packet. It must not be sent in any other packet type. Following
+packet. It must not be sent in any other packet type. The following
diagram represents the Private Message Payload.
flag into SILC Packet Header.
The payload may only be sent with SILC_PACKET_PRIVATE_MESSAGE_KEY
-packet. It must not be sent in any other packet type. Following
+packet. It must not be sent in any other packet type. The following
diagram represents the Private Message Key Payload.
~ Private Message Key ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+| Cipher Name Length | |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
+| |
+~ Cipher Name ~
+| |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
.in 3
.ce
any other field.
o Private Message Key (variable length) - The actual private
- message key material. This key is used as such as key material
- for encryption function.
+ message key material.
+
+o Cipher Name Length (2 bytes) - Indicates the length of the
+ Cipher Name field in the payload, not including any other
+ field.
+
+o Cipher Name (variable length) - Name of the cipher to use
+ in the private message encryption. If this field does not
+ exist then the default cipher of the SILC protocol is used.
+ See the [SILC1] for defined ciphers.
.in 3
+
.ti 0
2.3.13 Command Payload
Command Payload is used to send SILC commands from client to server.
-Also server may send commands to other servers. Following diagram
+Also server may send commands to other servers. The following diagram
represents the Command Payload.
Exchange Start Payload in [SILC3] for detailed information.
The payload may only be sent with SILC_PACKET_CONNECTION_AUTH_REQUEST
-packet. It must not be sent in any other packet type. Following
+packet. It must not be sent in any other packet type. The following
diagram represents the Connection Auth Request Payload.
.in 6
o Connection Type (2 bytes) - Indicates the type of the ID.
- Following connection types are defined:
+ The following connection types are defined:
1 Client connection
2 Server connection
discarded and the authentication must be failed.
o Authentication Method (2 bytes) - Indicates the authentication
- method to be used in the authentication protocol. Following
+ method to be used in the authentication protocol. The following
authentication methods are defined:
.ti 0
-2.3.18 New Client Payload
+2.3.17 New Client Payload
When client is connected to the server, keys has been exchanged and
connection has been authenticated client must register itself to the
client ID.
The payload may only be sent with SILC_PACKET_NEW_CLIENT packet. It
-must not be sent in any other packet type. Following diagram represents
+must not be sent in any other packet type. The following diagram represents
the New Client Payload.
.ti 0
-2.3.19 New Server Payload
+2.3.18 New Server Payload
This payload is sent by server when it has completed successfully both
key exchange and connection authentication protocols. The server
name of the server that is associated to the Server ID.
The payload may only be sent with SILC_PACKET_NEW_SERVER packet. It
-must not be sent in any other packet type. Following diagram represents
+must not be sent in any other packet type. The following diagram represents
the New Server Payload.
.ti 0
-2.3.20 New Channel Payload
+2.3.19 New Channel Payload
Information about newly created channel is broadcasted to all routers
in the SILC network by sending this packet payload. Channels are
this packet.
The payload may only be sent with SILC_PACKET_NEW_CHANNEL packet.
-It must not be sent in any other packet type. Following diagram
+It must not be sent in any other packet type. The following diagram
represents the New Channel Payload.
-
-
.in 5
.nf
1 2 3
.in 3
+.ti 0
+2.3.20 Key Agreement Payload
+
+This payload is used by clients to request key negotiation between
+another client in the SILC Network. The key agreement protocol used
+is the SKE protocol. The result of the protocol, the secret key
+material, can be used for example as private message key between the
+two clients. This significantly adds security as the key agreement
+is performed outside the SILC network. The server and router must not
+send this payload.
+
+The sender may tell the receiver of this payload the hostname and the
+port where the SKE protocol is running in the sender's end. The
+receiver may then initiate the SKE negotiation with the sender. The
+sender may also optionally not to include the hostname and the port
+of its SKE protocol. In this case the receiver may reply to the
+request by sending the same payload filled with the receiver's hostname
+and the port where the SKE protocol is running. The sender may then
+initiate the SKE negotiation with the receiver.
+
+The payload may only be sent with SILC_PACKET_KEY_AGREEMENT packet.
+It must not be sent in any other packet type. The following diagram
+represents the Key Agreement Payload.
+
+
+.in 5
+.nf
+ 1 2 3
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+| Hostname Length | |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
+| |
+~ Hostname ~
+| |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+| Port |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+.in 3
+
+.ce
+Figure 20: Key Agreement Payload
+
+
+
+.in 6
+o Hostname Length (2 bytes) - Indicates the length of the Hostname
+ field.
+
+o Hostname (variable length) - The hostname or IP address where
+ the SKE protocol is running. The sender may fill this field
+ when sending the payload. If the receiver sends this payload
+ as reply to the request it must fill this field.
+
+o Port (4 bytes) - The port where the SKE protocol is bound.
+ The sender may fill this field when sending the payload. If
+ the receiver sends this payload as reply to the request it
+ must fill this field. This is a 32 bit MSB first order value.
+.in 3
+
+
+After the key material has been received from the SKE protocol it is
+processed as the [SILC3] describes. If the key material is used as
+channel private key then the Sending Encryption Key, as defined in
+[SILC3] is used as the channel private key. Other key material must
+be discarded. The [SILC1] defines the way to use the key material if
+it is intended to be used as private message keys. Any other use for
+the key material is undefined.
+
+
.ti 0
2.4 SILC ID Types
ID's are extensively used in the SILC network to associate different
-entities. Following ID's has been defined to be used in the SILC
+entities. The following ID's has been defined to be used in the SILC
network.
.in 6
of it, usually first 16 bytes of it. Then the receiver checks the
packet type from the decrypted part of the header and can determine
how the rest of the packet must be decrypted. If the packet type is
-any of the special cases described in following sections the packet
+any of the special cases described in The following sections the packet
decryption is special. If the packet type is not among those special
packet types rest of the packet may be decrypted with the same key.
packet processing is special. Rest of the SILC Packet header is
decrypted with the same session key along with the padding of the
packet. After that the packet is protected with the channel specific
-key and hence can be decrypted only if the receiver is the client on
+key and thus can be decrypted only if the receiver is the client on
the channel. See section 2.7 Packet Padding Generation for more
information about padding on special packets.
projects / silc.git / blobdiff