X-Git-Url: http://git.silcnet.org/gitweb/?a=blobdiff_plain;f=doc%2Fdraft-riikonen-silc-spec-00.nroff;fp=doc%2Fdraft-riikonen-silc-spec-00.nroff;h=0000000000000000000000000000000000000000;hb=72c2de619079457f7a68100eb13385275a424a23;hp=5bd3c04c3b9950932db90f4925fd166d02ea460c;hpb=e7b6c157b80152bf9fb9266e6bdd93f9fb0db776;p=runtime.git diff --git a/doc/draft-riikonen-silc-spec-00.nroff b/doc/draft-riikonen-silc-spec-00.nroff deleted file mode 100644 index 5bd3c04c..00000000 --- a/doc/draft-riikonen-silc-spec-00.nroff +++ /dev/null @@ -1,3094 +0,0 @@ -.pl 10.0i -.po 0 -.ll 7.2i -.lt 7.2i -.nr LL 7.2i -.nr LT 7.2i -.ds LF Riikonen -.ds RF FORMFEED[Page %] -.ds CF -.ds LH Internet Draft -.ds RH 13 September 2000 -.ds CH -.na -.hy 0 -.in 0 -.nf -Network Working Group P. Riikonen -Internet-Draft -draft-riikonen-silc-spec-00.txt 13 September 2000 -Expires: 13 May 2001 - -.in 3 - -.ce 3 -Secure Internet Live Conferencing (SILC), -Protocol Specification - - -.ti 0 -Status of this Memo - -This document is an Internet-Draft and is in full conformance with -all provisions of Section 10 of RFC 2026. Internet-Drafts are -working documents of the Internet Engineering Task Force (IETF), its -areas, and its working groups. Note that other groups may also -distribute working documents as Internet-Drafts. - -Internet-Drafts are draft documents valid for a maximum of six months -and may be updated, replaced, or obsoleted by other documents at any -time. It is inappropriate to use Internet-Drafts as reference -material or to cite them other than as "work in progress." - -The list of current Internet-Drafts can be accessed at -http://www.ietf.org/ietf/1id-abstracts.txt - -The list of Internet-Draft Shadow Directories can be accessed at -http://www.ietf.org/shadow.html - -The distribution of this memo is unlimited. - - -.ti 0 -Abstract - -This memo describes a Secure Internet Live Conferencing (SILC) -protocol which provides secure conferencing services over insecure -network channel. SILC is IRC [IRC] like protocol, however, it is -not equivalent to IRC and does not support IRC. Strong cryptographic -methods are used to protect SILC packets inside SILC network. Two -other Internet Drafts relates very closely to this memo; SILC Packet -Protocol [SILC2] and SILC Key Exchange and Authentication Protocols -[SILC3]. - - - - - - - - -.ti 0 -Table of Contents - -.nf -1 Introduction .................................................. 3 -2 SILC Concepts ................................................. 3 - 2.1 SILC Network Topology ..................................... 4 - 2.2 Communication Inside a Cell ............................... 5 - 2.3 Communication in the Network .............................. 6 - 2.4 Channel Communication ..................................... 7 -3 SILC Specification ............................................ 7 - 3.1 Client .................................................... 7 - 3.1.1 Client ID ........................................... 8 - 3.2 Server .................................................... 9 - 3.2.1 Server's Local ID List .............................. 9 - 3.2.2 Server ID ........................................... 10 - 3.2.3 SILC Server Ports ................................... 11 - 3.3 Router .................................................... 11 - 3.3.1 Router's Local ID List .............................. 11 - 3.3.2 Router's Global ID List ............................. 12 - 3.3.3 Router's Server ID .................................. 13 - 3.4 Channels .................................................. 13 - 3.4.1 Channel ID .......................................... 14 - 3.5 Operators ................................................. 14 - 3.6 SILC Commands ............................................. 15 - 3.7 SILC Packets .............................................. 15 - 3.8 Packet Encryption ......................................... 16 - 3.8.1 Determination of the Source and the Destination ..... 16 - 3.8.2 Client To Client .................................... 17 - 3.8.3 Client To Channel ................................... 18 - 3.8.4 Server To Server .................................... 19 - 3.9 Key Exchange And Authentication ........................... 19 - 3.10 Algorithms ............................................... 19 - 3.10.1 Ciphers ............................................ 19 - 3.10.2 Public Key Algorithms .............................. 20 - 3.10.3 MAC Algorithms ..................................... 20 - 3.10.4 Compression Algorithms ............................. 21 - 3.11 SILC Public Key .......................................... 21 - 3.12 SILC Version Detection ................................... 24 -4 SILC Procedures ............................................... 24 - 4.1 Creating Client Connection ................................ 24 - 4.2 Creating Server Connection ................................ 25 - 4.3 Joining to a Channel ...................................... 26 - 4.4 Channel Key Generation .................................... 27 - 4.5 Private Message Sending and Reception ..................... 27 - 4.6 Private Message Key Generation ............................ 28 - 4.7 Channel Message Sending and Reception ..................... 29 - 4.8 Session Key Regeneration .................................. 29 - 4.9 Command Sending and Reception ............................. 29 -5 SILC Commands ................................................. 30 - 5.1 SILC Commands Syntax ...................................... 30 - 5.2 SILC Commands List ........................................ 32 - 5.3 SILC Command Status Types ................................. 53 - 5.3.1 SILC Command Status Payload ......................... 53 - 5.3.2 SILC Command Status List ............................ 54 -6 Security Considerations ....................................... 59 -7 References .................................................... 59 -8 Author's Address .............................................. 60 - - -.ti 0 -List of Figures - -.nf -Figure 1: SILC Network Topology -Figure 2: Communication Inside cell -Figure 3: Communication Between Cells -Figure 4: SILC Public Key -Figure 5: SILC Command Status Payload - - -.ti 0 -1. Introduction - -This document describes a Secure Internet Live Conferencing (SILC) -protocol which provides secure conferencing services over insecure -network channel. SILC is IRC [IRC] like protocol, however, it is -not equivalent to IRC and does not support IRC. - -Strong cryptographic methods are used to protect SILC packets inside -SILC network. Two other Internet Drafts relates very closely to this -memo; SILC Packet Protocol [SILC2] and SILC Key Exchange and -Authentication Protocols [SILC3]. - -The protocol uses extensively packets as conferencing protocol -requires message and command sending. The SILC Packet Protocol is -described in [SILC2] and should be read to fully comprehend this -document and protocol. [SILC2] also describes the packet encryption -and decryption in detail. - -The security of SILC protocol and for any security protocol for that -matter is based on strong and secure key exchange protocol. The SILC -Key Exchange protocol is described in [SILC3] along with connection -authentication protocol and should be read to fully comprehend this -document and protocol. - -The SILC protocol has been developed to work on TCP/IP network -protocol, although it could be made to work on other network protocols -with only minor changes. However, it is recommended that TCP/IP -protocol is used under SILC protocol. Typical implementation would -be made in client-server model. - - -.ti 0 -2. SILC Concepts - -This section describes various SILC protocol concepts that forms the -actual protocol, and in the end, the actual SILC network. The mission -of the protocol is to deliver messages from clients to other clients -through routers and servers in secure manner. The messages may also -be delivered from one client to many clients forming a group, also -known as a channel. - -This section does not focus to security issues, instead basic network -concepts are introduced to make the topology of the SILC network -clear. - - -.ti 0 -2.1 SILC Network Topology - -SILC network is a cellular network as opposed to tree style network -topology. The rationale for this is to have servers that can perform -specific kind of tasks what other servers cannot perform. This leads -to two kinds of servers; normal SILC servers and SILC routers. - -A difference between normal server and router server is that routers -knows everything about everything in the network. They also do the -actual routing of the messages to the correct receiver. Normal servers -knows only about local information and nothing about global information. -This makes the network faster as there are less servers that needs to -keep global information up to date at all time. - -This, on the other hand, leads to cellular like network, where routers -are in the centrum on the cell and servers are connected to the router. - -Following diagram represents SILC network topology. - - - - - - - - - - - - - - - - - -.in 8 -.nf - ---- ---- ---- ---- ---- ---- - | S8 | S5 | S4 | | S7 | S5 | S6 | - ----- ---- ----- ----- ---- ----- -| S7 | S/R1 | S2 | --- | S8 | S/R2 | S4 | - ---- ------ ---- ---- ------ ---- - | S6 | S3 | S1 | | S1 | S3 | S2 | ---- ---- - ---- ---- ---- ---- ---- ---- | S3 | S1 | - Cell 1. \\ Cell 2. | \\____ ----- ----- - | | | S4 | S/R4 | - ---- ---- ---- ---- ---- ---- ---- ------ - | S7 | S4 | S2 | | S1 | S3 | S2 | | S2 | S5 | - ----- ---- ----- ----- ---- ----- ---- ---- - | S6 | S/R3 | S1 | --- | S4 | S/R5 | S5 | Cell 4. - ---- ------ ---- ---- ------ ---- - | S8 | S5 | S3 | | S6 | S7 | S8 | ... etc ... - ---- ---- ---- ---- ---- ---- - Cell 3. Cell 5. -.in 3 - -.ce -Figure 1: SILC Network Topology - - -A cell is formed when a server or servers connect to one router. In -SILC network normal server cannot directly connect to other normal -server. Normal server may only connect to SILC router which then -routes the messages to the other servers in the cell. Router servers -on the other hand may connect to other routers to form the actual SILC -network, as seen in above figure. However, router is also normal SILC -server; clients may connect to it the same way as to normal SILC -servers. Normal server also cannot have active connections to more -than one router. Normal server cannot be connected to two different -cells. Router servers, on the other hand, may have as many router to -router connections as needed. - -There are many issues in this network topology that needs to be careful -about. Issues like the size of the cells, the number of the routers in -the SILC network and the capacity requirements of the routers. These -issues should be discussed in the Internet Community and additional -documents on the issue will be written. - - -.ti 0 -2.2 Communication Inside a Cell - -It is always guaranteed that inside a cell message is delivered to the -recipient with at most two server hops. Client who is connected to -server in the cell and is talking on channel to other client connected -to other server in the same cell, will have its messages delivered from -its local server first to the router of the cell, and from the router -to the other server in the cell. Following diagram represents this -scenario. - - -.in 25 -.nf -1 --- S1 S4 --- 5 - S/R - 2 -- S2 S3 - / | - 4 3 -.in 3 - - -.ce -Figure 2: Communication Inside cell - - -Example: Client 1. connected to Server 1. message sent to - Client 4. connected to Server 2. travels from Server 1. - first to Router which routes the message to Server 2. - which then sends it to the Client 4. All the other - servers in the cell will not see the routed message. - - -If client is connected directly to the router, as router is also normal -SILC server, the messages inside the cell are always delivered only with -one server hop. If clients communicating with each other are connected -to the same server, no router interaction is needed. This is the optimal -situation of message delivery in the SILC network. - - -.ti 0 -2.3 Communication in the Network - -If the message is destined to server that does not belong to local cell -the message is routed to the router server to which the destination -server belongs, if the local router is connected to destination router. -If there is no direct connection to the destination router, the local -router routes the message to its primary route. Following diagram -represents message sending between cells. - - -.in 16 -.nf -1 --- S1 S4 --- 5 S2 --- 1 - S/R - - - - - - - - S/R - 2 -- S2 S3 S1 - / | \\ - 4 3 2 - - Cell 1. Cell 2. -.in 3 - - -.ce -Figure 3: Communication Between Cells - - -Example: Client 5. connected to Server 4. in Cell 1. message sent - to Client 2. connected to Server 1. in Cell 2. travels - from Server 4. to Router which routes the message to - Router in Cell 2, which then routes the message to - Server 1. All the other servers and routers in the - network will not see the routed message. - - -The optimal case of message delivery from client point of view is -when clients are connected directly to the routers and the messages -are delivered from one router to the other router. - - -.ti 0 -2.4 Channel Communication - -Messages may be sent to group of clients as well. Sending messages to -many clients works the same way as sending messages point to point, from -message delivery point of view. Security issues are another matter -which are not discussed in this section. - -Router server handles the message routing to multiple recipients. If -any recipient is not in the same cell as the sender the messages are -routed further. - -Server distributes the channel message to its local clients who are -joined to the channel. Also, router distributes the message to its -local clients on the channel. - - -.ti 0 -3. SILC Specification - -This section describes the SILC protocol. However, [SILC2] and -[SILC3] describes other important protocols that are part of this SILC -specification and must be read. - - -.ti 0 -3.1 Client - -A client is a piece of software connecting to SILC server. SILC client -cannot be SILC server. Purpose of clients is to provide the user -interface of the SILC services for end user. Clients are distinguished -from other clients by unique Client ID. Client ID is a 128 bit ID that -is used in the communication in the SILC network. The client ID is -based on the nickname selected by the user. User uses logical nicknames -in communication which are then mapped to the corresponding Client ID. -Client ID's are low level identifications and must not be seen by the -end user. - -Clients provide other information about the end user as well. Information -such as the nickname of the user, username and the hostname of the end -user and user's real name. See section 3.2 Server for information of -the requirements of keeping this information. - -The nickname selected by the user is not unique in the SILC network. -There can be 2^8 same nicknames for one IP address. As for comparison to -IRC [IRC] where nicknames are unique this is a fundamental difference -between SILC and IRC. This causes the server names to be used along -with the nicknames to identify specific users when sending messages. -This feature of SILC makes IRC style nickname-wars obsolete as no one -owns their nickname; there can always be someone else with the same -nickname. Another difference is that there are no limit of the length -of the nickname in the SILC. - - -.ti 0 -3.1.1 Client ID - -Client ID is used to identify users in the SILC network. The Client ID -is unique to the extent that there can be 2^128 different Client ID's. -Collisions are not expected to happen. The Client ID is defined as -follows. - -.in 6 -128 bit Client ID based on IPv4 addresses: - -32 bit ServerID IP address (bits 1-32) - 8 bit Random number -88 bit Truncated MD5 hash value of the nickname - -o Server ID IP address - Indicates the server where this - client is coming from. The IP address hence equals the - server IP address where to the client has connected. - -o Random number - Random number to further randomize the - Client ID. This makes it possible to have 2^8 same - nicknames from the same server IP address. - -o MD5 hash - MD5 hash value of the nickname is truncated - taking 88 bits from the start of the hash value. This - hash value is used to search the user's Client ID from - the ID lists. - -.in 3 -Collisions could occur when more than 2^8 clients using same nickname -from the same server IP address is connected to the SILC network. -Server must be able to handle this situation by refusing to accept -anymore of that nickname. - -Another possible collision may happen with the truncated hash value of -the nickname. It could be possible to have same truncated hash value for -two different nicknames. However, this is not expected to happen nor -cause any problems if it would occur. Nicknames are usually logical and -it is unlikely to have two distinct logical nicknames produce same -truncated hash value. - - -.ti 0 -3.2 Server - -Servers are the most important parts of the SILC network. They form the -basis of the SILC, providing a point to which clients may connect to. -There are two kinds of servers in SILC; normal servers and router servers. -This section focuses on the normal server and router server is described -in the section 3.3 Router. - -Normal servers may not directly connect to other normal server. Normal -servers may only directly connect to router server. If the message sent -by the client is destined outside the local server it is always sent to -the router server for further routing. Server may only have one active -connection to router on same port. Normal server may not connect to other -cell's router except in situations where its cell's router is unavailable. - -Servers and routers in the SILC network are considered to be trusted. -With out a doubt, servers that are set to work on ports above 1023 are -not considered to be trusted. Also, the service provider acts important -role in the server's trustworthy. - - -.ti 0 -3.2.1 Server's Local ID List - -Normal server keeps various information about the clients and their end -users connected to it. Every normal server must keep list of all locally -connected clients, Client ID's, nicknames, usernames and hostnames and -user's real name. Normal servers only keeps local information and it -does not keep any global information. Hence, normal servers knows only -about their locally connected clients. This makes servers efficient as -they don't have to worry about global clients. Server is also responsible -of creating the Client ID's for their clients. - -Normal server also keeps information about locally created channels and -their Channel ID's. - - - - - - - - -Hence, local list for normal server includes: - -.in 6 -server list - Router connection - o Server name - o Server IP address - o Server ID - o Sending key - o Receiving key - o Public key - -client list - All clients in server - o Nickname - o Username@host - o Real name - o Client ID - o Sending key - o Receiving key - -channel list - All channels in server - o Channel name - o Channel ID - o Client ID's on channel - o Client ID modes on channel - o Channel key -.in 3 - - - -.ti 0 -3.2.2 Server ID - -Servers are distinguished from other servers by unique 64 bit Server ID. -The Server ID is used in the SILC to route messages to correct servers. -Server ID's also provide information for Client ID's, see section 3.1.1 -Client ID. Server ID is defined as follows. - -.in 6 -64 bit Server ID based on IPv4 addresses: - -32 bit IP address of the server -16 bit Port -16 bit Random number - -o IP address of the server - This is the real IP address of - the server. - -o Port - This is the port the server is binded to. - -o Random number - This is used to further randomize the Server ID. - -.in 3 -Collisions are not expected to happen in any conditions. The Server ID -is always created by the server itself and server is resposible of -distributing it to the router. - - -.ti 0 -3.2.3 SILC Server Ports - -Following ports has been assigned by IANA for the SILC protocol: - -.in 10 -silc 706/tcp SILC -silc 706/udp SILC -.in 3 - -If there are needs to create new SILC networks in the future the port -numbers must be officially assigned by the IANA. - -Server on network above privileged ports (>1023) should not be trusted -as they could have been set up by untrusted party. - - -.ti 0 -3.3 Router - -Router server in SILC network is responsible for keeping the cell together -and routing messages to other servers and to other routers. Router server -is also a normal server thus clients may connect to it as it would be -just normal SILC server. - -However, router servers has a lot of important tasks that normal servers -do not have. Router server knows everything about everything in the SILC. -They know all clients currently on SILC, all servers and routers and all -channels in SILC. Routers are the only servers in SILC that care about -global information and keeping them up to date at all time. And, this -is what they must do. - - -.ti 0 -3.3.1 Router's Local ID List - -Router server as well must keep local list of connected clients and -locally created channels. However, this list is extended to include all -the informations of the entire cell, not just the server itself as for -normal servers. - -However, on router this list is a lot smaller since routers do not keep -information about user's nickname, username and hostname and real name -since these are not needed by the router. Router keeps only information -that it needs. - - - - - -Hence, local list for router includes: - -.in 6 -server list - All servers in the cell - o Server name - o Server ID - o Router's Server ID - o Sending key - o Receiving key - -client list - All clients in the cell - o Client ID - -channel list - All channels in the cell - o Channel ID - o Client ID's on channel - o Client ID modes on channel - o Channel key -.in 3 - - -Note that locally connected clients and other information include all the -same information as defined in section section 3.2.1 Server's Local ID -List. - - -.ti 0 -3.3.2 Router's Global ID List - -Router server must also keep global list. Normal servers do not have -global list as they know only about local information. Global list -includes all the clients on SILC, their Client ID's, all created channels -and their Channel ID's and all servers and routers on SILC and their -Server ID's. That is said, global list is for global information and the -list must not include the local information already on the router's local -list. - -Note that the global list does not include information like nicknames, -usernames and hostnames or user's real names. Router does not keep -these informations as they are not needed by the router. This -information is available from the client's server which maybe queried -when needed. - -Hence, global list includes: - -.in 6 -server list - All servers in SILC - o Server name - o Server ID - o Router's Server ID - - -client list - All clients in SILC - o Client ID - -channel list - All channels in SILC - o Channel ID - o Client ID's on channel - o Client ID modes on channel -.in 3 - - -.ti 0 -3.3.3 Router's Server ID - -Router's Server ID's are equivalent to normal Server ID's. As routers -are normal servers as well same types of ID's applies for routers as well. -Thus, see section 3.2.2 Server ID. Server ID's for routers are always -created by the remote router where the router is connected to. - - -.ti 0 -3.4 Channels - -A channel is a named group of one or more clients which will all receive -messages addressed to that channel. The channel is created when first -client requests JOIN command to the channel, and the channel ceases to -exist when the last client leaves it. When channel exists, any client -can reference it using the name of the channel. - -Channel names are unique although the real uniqueness comes from 64 bit -Channel ID that unifies each channel. However, channel names are still -unique and no two global channels with same name may exist. Channel name -is a string which begins with `#' character. There is no limit on the -length of the channel name. Channel names may not contain any spaces -(` '), any non-printable ASCII characters, commas (`,') and wildcard -characters. - -Channels can have operators that can administrate the channel and -operate all of its modes. Following operators on channel exist on SILC -network. - -.in 6 -o Channel founder - When channel is created the joining client becomes - channel founder. Channel founder is channel operator with some more - privileges. Basically, channel founder can fully operate the channel - and all of its modes. The privileges are limited only to the particular - channel. There can be only one channel founder per channel. Channel - founder supersedes channel operator's privileges. - - Channel founder privileges cannot be removed by any other operator on - channel. When channel founder leaves the channel there is no channel - founder on the channel. Channel founder also cannot be removed by - force from the channel. - -o Channel operator - When client joins to channel that has not existed - previously it will become automatically channel operator (and channel - founder discussed above). Channel operator is able administrate the - channel, set some modes on channel, remove a badly behaving client from - the channel and promote other clients to become channel operator. - The privileges are limited only to the particular channel. - - Normal channel user may be promoted (opped) to channel operator - gaining channel operator privileges. Channel founder or other channel - operator may also demote (deop) channel operator to normal channel - user. -.in 3 - - -.ti 0 -3.4.1 Channel ID - -Channels are distinguished from other channels by unique Channel ID. -The Channel ID is a 64 bit ID and collisions are not expected to happen -in any conditions. Channel names are just for logical use of channels. -The Channel ID is created by the server where the channel is created. -The Channel ID is defined as follows. - -.in 6 -64 bit Channel ID based on IPv4 addresses: - -32 bit Router's Server ID IP address (bits 1-32) -16 bit Router's Server ID port (bits 33-48) -16 bit Random number - -o Router's Server ID IP address - Indicates the IP address of - the router of the cell where this channel is created. This is - taken from the router's Server ID. This way SILC router knows - where this channel resides in the SILC network. - -o Router's Server ID port - Indicates the port of the channel on - the server. This is taken from the router's Server ID. - -o Random number - To further randomize the Channel ID. This makes - sure that there are no collisions. This also means that - in a cell there can be 2^16 channels. -.in 3 - - -.ti 0 -3.5 Operators - -Operators are normal users with extra privileges to their server or -router. Usually these people are SILC server and router administrators -that take care of their own server and clients on them. The purpose of -operators is to administrate the SILC server or router. However, even -an operator with highest privileges is not able to enter invite-only -channel, to gain access to the contents of a encrypted and authenticated -packets traveling in the SILC network or to gain channel operator -privileges on public channels without being promoted. They have the -same privileges as everyone else except they are able to administrate -their server or router. - - -.ti 0 -3.6 SILC Commands - -Commands are very important part on SILC network especially for client -which uses commands to operate on the SILC network. Commands are used -to set nickname, join to channel, change modes and many other things. - -Client usually sends the commands and server replies by sending a reply -packet to the command. Server may also send commands usually to serve -the original client's request. However, server may not send command -to client and there are some commands that server must not send. Server -is also able to send the forwarded command packets. For example, -SILC_COMMAND_JOIN is always forwarded packet. See [SILC2] for more -about packet forwarding. - -Note that the command reply is usually sent only after client has sent -the command request but server is allowed to send command reply packet -to client even if client has not requested the command. Client may, -however, choose not to accept the command reply, but there are some -command replies that the client should accept. Example of a such -command reply is reply to SILC_COMMAND_CMODE command that the server -uses to distribute the channel mode on all clients on the channel -when the mode has changed. - -It is expected that some of the commands may be miss-used by clients -resulting various problems on the server side. Every implementation -should assure that commands may not be executed more than once, say, -in two (2) seconds. This should be sufficient to prevent the miss-use -of commands. - -SILC commands are described in section 5 SILC Commands. - - -.ti 0 -3.7 SILC Packets - -Packets are naturally the most important part of the protocol and the -packets are what actually makes the protocol. Packets in SILC network -are always encrypted using, usually, the shared secret session key -or some other key, for example, channel key, when encrypting channel -messages. The SILC Packet Protocol is a wide protocol and is described -in [SILC2]. This document does not define or describe details of -SILC packets. - - - - -.ti 0 -3.8 Packet Encryption - -All packets passed in SILC network must be encrypted. This section -defines how packets must be encrypted in the SILC network. The detailed -description of the actual encryption process of the packets are -described in [SILC2]. - -Client and its server shares secret symmetric session key which is -established by the SILC Key Exchange Protocol, described in [SILC3]. -Every packet sent from client to server, with exception of packets for -channels, are encrypted with this session key. - -Channels has their own key that are shared by every client on the channel. -However, the channel keys are cell specific thus one cell does not know -the channel key of the other cell, even if that key is for same channel. -Channel key is also known by the routers and all servers that has clients -on the channel. However, channels may have channel private keys that -are entirely local setting for client. All clients on the channel must -know the channel private key before hand to be able to talk on the -channel. In this case, no server or router knows the key for channel. - -Server shares secret symmetric session key with router which is -established by the SILC Key Exchange Protocol. Every packet passed from -server to router, with exception of packets for channels, are encrypted -with the shared session key. Same way, router server shares secret -symmetric key with its primary route. However, every packet passed -from router to other router, including packets for channels, are -encrypted with the shared session key. Every router connection has -their own session keys. - - -.ti 0 -3.8.1 Determination of the Source and the Destination - -The source and the destination of the packet needs to be determined -to be able to route the packets to correct receiver. This information -is available in the SILC Packet Header which is included in all packets -sent in SILC network. The SILC Packet Header is described in [SILC2]. - -The header is always encrypted with the session key who is next receiver -of the packet along the route. The receiver of the packet, for example -a router along the route, is able to determine the sender and the -destination of the packet by decrypting the SILC Packet Header and -checking the ID's attached to the header. The ID's in the header will -tell to where the packet needs to be sent and where it is coming from. - -The header in the packet does not change during the routing of the -packet. The original sender, for example client, assembles the packet -and the packet header and server or router between the sender and the -receiver must not change the packet header. - -Note that the packet and the packet header may be encrypted with -different keys. For example, packets to channels are encrypted with -the channel key, however, the header is encrypted with the session key -as described above. However, the header and the packet may be encrypted -with same key. This is case, for example, with command packets. - - -.ti 0 -3.8.2 Client To Client - -Process of message delivery and encryption from client to another -client is as follows. - -Example: Private message from client to another client on different - servers. Clients do not share private message delivery - keys; normal session keys are used. - -o Client 1. sends encrypted packet to its server. The packet is - encrypted with the session key shared between client and its - server. - -o Server determines the destination of the packet and decrypts - the packet. Server encrypts the packet with session key shared - between the server and its router, and sends the packet to the - router. - -o Router determines the destination of the packet and decrypts - the packet. Router encrypts the packet with session key - shared between the router and the destination server, and sends - the packet to the server. - -o Server determines the client to which the packet is destined - to and decrypts the packet. Server encrypts the packet with - session key shared between the server and the destination client, - and sends the packet to the client. - -o Client 2. decrypts the packet. - - -Example: Private message from client to another client on different - servers. Clients has established secret shared private - message delivery key with each other and that is used in - the message encryption. - -o Client 1. sends encrypted packet to its server. The packet is - encrypted with the private message delivery key shared between - clients. - -o Server determines the destination of the packet and sends the - packet to the router. - -o Router determines the destination of the packet and sends the - packet to the server. - -o Server determines the client to which the packet is destined - to and sends the packet to the client. - -o Client 2. decrypts the packet with the secret shared key. - - -If clients share secret key with each other the private message -delivery is much simpler since servers and routers between the -clients do not need to decrypt and re-encrypt the packet. - -The process for clients on same server is much simpler as there are -no need to send the packet to the router. The process for clients -on different cells is same as above except that the packet is routed -outside the cell. The router of the destination cell routes the -packet to the destination same way as described above. - - -.ti 0 -3.8.3 Client To Channel - -Process of message delivery from client on channel to all the clients -on the channel. - -Example: Channel of four users; two on same server, other two on - different cells. Client sends message to the channel. - -o Client 1. encrypts the packet with channel key and sends the - packet to its server. - -o Server determines local clients on the channel and sends the - packet to the Client on the same server. Server then sends - the packet to its router for further routing. - -o Router determines local clients on the channel, if found - sends packet to the local clients. Router determines global - clients on the channel and sends the packet to its primary - router or fastest route. - -o (Other router(s) do the same thing and sends the packet to - the server(s)) - -o Server determines local clients on the channel and sends the - packet to the client. - -o All clients receiving the packet decrypts the packet. - - -.ti 0 -3.8.4 Server To Server - -Server to server packet delivery and encryption is described in above -examples. Router to router packet delivery is analogous to server to -server. However, some packets, such as channel packets, are processed -differently. These cases are described later in this document and -more in detail in [SILC2]. - - -.ti 0 -3.9 Key Exchange And Authentication - -Key exchange is done always when for example client connects to server -but also when server and router and router and router connects to each -other. The purpose of key exchange protocol is to provide secure key -material to be used in the communication. The key material is used to -derive various security parameters used to secure SILC packets. The -SILC Key Exchange protocol is described in detail in [SILC3]. - -Authentication is done after key exchange protocol has been successfully -completed. The purpose of authentication is to authenticate for example -client connecting to the server. However, Usually clients are accepted -to connect to server without explicit authentication. Servers are -required use authentication protocol when connecting. The authentication -may be based on passphrase (pre-shared-secret) or public key. The -connection authentication protocol is described in detail in [SILC3]. - - -.ti 0 -3.10 Algorithms - -This section defines all the allowed algorithms that can be used in -the SILC protocol. This includes mandatory cipher, mandatory public -key algorithm and MAC algorithms. - - -.ti 0 -3.10.1 Ciphers - -Cipher is the encryption algorithm that is used to protect the data -in the SILC packets. See [SILC2] of the actual encryption process and -definition of how it must be done. SILC has a mandatory algorithm that -must be supported in order to be compliant with this protocol. - - - - - - -Following ciphers are defined in SILC protocol: - -.in 6 -blowfish-cbc Blowfish in CBC mode (mandatory) -twofish-cbc Twofish in CBC mode (optional) -rc6-cbc RC6 in CBC mode (optional) -rc5-cbc RC5 in CBC mode (optional) -mars-cbc Mars in CBC mode (optional) -none No encryption (optional) -.in 3 - - -All algorithms must use minimum of 128 bit key, by default. Several -algorithms, however, supports longer keys and it is recommended to use -longer keys if they are available. - -Algorithm none does not perform any encryption process at all and -thus is not recommended to be used. It is recommended that no client -or server implementation would accept none algorithms except in special -debugging mode. - -Additional ciphers may be defined to be used in SILC by using the -same name format as above. - - -.ti 0 -3.10.2 Public Key Algorithms - -Public keys are used in SILC to authenticate entities in SILC network -and to perform other tasks related to public key cryptography. The -public keys are also used in the SILC Key Exchange protocol [SILC3]. - -Following public key algorithms are defined in SILC protocol: - -.in 6 -rsa RSA (mandatory) -dss DSS (optional) -.in 3 - -Both of the algorithms are described in [Scheneir] and [Menezes]. - -Additional public key algorithms may be defined to be used in SILC. - - -.ti 0 -3.10.3 MAC Algorithms - -Data integrity is protected by computing a message authentication code -(MAC) of the packet data. See [SILC2] for details how to compute the -MAC. - - - - - -Following MAC algorithms are defined in SILC protocol: - -.in 6 -hmac-sha1 HMAC-SHA1, length = 20 (mandatory) -hmac-md5 HMAC-MD5, length = 16 (optional) -none No MAC (optional) -.in 3 - -The none MAC is not recommended to be used as the packet is not -authenticated when MAC is not computed. It is recommended that no -client or server would accept none MAC except in special debugging -mode. - -The HMAC algorithm is described in [HMAC] and hash algorithms that -are used as part of the HMACs are described in [Scheneir] and in -[Menezes] - -Additional MAC algorithms may be defined to be used in SILC. - - -.ti 0 -3.10.4 Compression Algorithms - -SILC protocol supports compression that may be applied to unencrypted -data. It is recommended to use compression on slow links as it may -significantly speed up the data transmission. By default, SILC does not -use compression which is the mode that must be supported by all SILC -implementations. - -Following compression algorithms are defined: - -.in 6 -none No compression (mandatory) -zlib GBU ZLIB (LZ77) compression (optional) -.in 3 - -Additional compression algorithms may be defined to be used in SILC. - - -.ti 0 -3.11 SILC Public Key - -This section defines the type and format of the SILC public key. All -implementations must support this public key type. See [SILC3] for -other optional public key and certificate types allowed in SILC -protocol. Public keys in SILC may be used to authenticate entities -and to perform other tasks related to public key cryptography. - -The format of the SILC Public Key is as follows: - - - - - - - -.in 5 -.nf - 1 2 3 - 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ -| Public Key Length | -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ -| Algorithm Name Length | | -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + -| | -~ Algorithm Name ~ -| | -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ -| Identifier Length | | -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + -| | -~ Identifier ~ -| | -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ -| | -~ Public Data ~ -| | -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ -.in 3 - -.ce -Figure 4: SILC Public Key - - -.in 6 -o Public Key Length (4 bytes) - Indicates the full length - of the public key, not including this field. - -o Algorithm Name Length (2 bytes) - Indicates the length - of the Algorithm Length field, not including this field. - -o Algorithm name (variable length) - Indicates the name - of the public key algorithm that the key is. See the - section 3.10.2 Public Key Algorithms for defined names. - -o Identifier Length (2 bytes) - Indicates the length of - the Identifier field, not including this field. - -o Identifier (variable length) - Indicates the identifier - of the public key. This data can be used to identify - the owner of the key. The identifier is of following - format: - - UN User name - HN Host name or IP address - RN Real name - E EMail address - O Organization - C Country - - - Examples of an identifier: - - `UN=priikone, HN=poseidon.pspt.fi, E=priikone@poseidon.pspt.fi' - - `UN=sam, HN=dummy.fi, RN=Sammy Sam, O=Company XYZ, C=Finland' - - At least user name (UN) and host name (HN) must be provided as - identifier. The fields are separated by commas (`,'). If - comma is in the identifier string it must be written as `\\,', - for example, `O=Company XYZ\\, Inc.'. - -o Public Data (variable length) - Includes the actual - public data of the public key. - - The format of this field for RSA algorithm is - as follows: - - 4 bytes Length of e - variable length e - 4 bytes Length of n - variable length n - - - The format of this field for DSS algorithm is - as follows: - - 4 bytes Length of p - variable length p - 4 bytes Length of q - variable length q - 4 bytes Length of g - variable length g - 4 bytes Length of y - variable length y - - The variable length fields are multiple precession - integers encoded as strings in both examples. - - Other algorithms must define their own type of this - field if they are used. -.in 3 - -All fields in the public key are in MSB (most significant byte first) -order. - - -.ti 0 -3.12 SILC Version Detection - -The version detection of both client and server is performed at the -connection phase while executing the SILC Key Exchange protocol. The -version identifier is exchanged between intiator and responder. The -version identifier is of following format: - -.in 6 -SILC-- -.in 3 - -The version strings are of following format: - -.in 6 -protocol version = . -software version = [.[.]] -.in 3 - -Protocol version may provide both major and minor version. Currently -implementations must set the protocol version and accept the protocol -version as SILC-1.0-. - -Software version may provide major, minor and build version. The -software version may be freely set and accepted. - -Thus, the version string could be, for example: - -.in 6 -SILC-1.0-1.2 -.in 3 - - -.ti 0 -4 SILC Procedures - -This section describes various SILC procedures such as how the -connections are created and registered, how channels are created and -so on. The section describes the procedures only generally as details -are described in [SILC2] and [SILC3]. - - -.ti 0 -4.1 Creating Client Connection - -This section descibres the procedure when client connects to SILC server. -When client connects to server the server must perform IP address lookup -and reverse IP address lookup to assure that the origin host really is -who it claims to be. Client, host, connecting to server must have -both valid IP address and fully qualified domain name (FQDN). - -After that client and server performs SILC Key Exchange protocol which -will provide the key material used later in the communication. The -key exchange protocol must be completed successfully before the connection -registration may continue. The SILC Key Exchange protocol is described -in [SILC3]. - -Typical server implementation would keep a list of connections that it -allows to connect to the server. The implementation would check, for -example, the connecting client's IP address from the connection list -before the SILC Key Exchange protocol has been started. Reason for -this is that if the host is not allowed to connect to the server there -is no reason to perform a key exchange protocol. - -After successful key exchange protocol the client and server performs -connection authentication protocol. The purpose of the protocol is to -authenticate the client connecting to the server. Flexible -implementation could also accept the client to connect to the server -without explicit authentication. However, if authentication is -desired for a specific client it may be based on passphrase or -public key authentication. If authentication fails the connection -must be terminated. The connection authentication protocol is described -in [SILC3]. - -After successful key exchange and authentication protocol the client -registers itself by sending SILC_PACKET_NEW_CLIENT packet to the -server. This packet includes various information about the client -that the server uses to create the client. Server creates the client -and sends SILC_PACKET_NEW_ID to the client which includes the created -Client ID that the client must start using after that. After that -all SILC packets from the client must have the Client ID as the -Source ID in the SILC Packet Header, described in [SILC2]. - -Client must also get the server's Server ID that is to be used as -Destination ID in the SILC Packet Header when communicating with -the server (for example when sending commands to the server). The -ID may be resolved in two ways. Client can take the ID from an -previously received packet from server that must include the ID, -or to send SILC_COMMAND_INFO command and receive the Server ID as -command reply. - -Server may choose not to use the information received in the -SILC_PACKET_NEW_CLIENT packet. For example, if public key or -certificate were used in the authentication, server may use those -informations rather than what it received from client. This is suitable -way to get the true information about client if it is available. - -The nickname of client is initially set to the username sent in the -SILC_PACKET_NEW_CLIENT packet. User should set the nickname to more -suitable by sending SILC_COMMAND_NICK command. However, this is not -required as part of registration process. - -Server must also distribute the information about newly registered -client to its router (or if the server is router, to all routers in -the SILC network). More information about this in [SILC2]. - - -.ti 0 -4.2 Creating Server Connection - -This section descibres the procedure when server connects to its -router (or when router connects to other router, the cases are -equivalent). The procedure is very much alike when client connects -to the server thus it is not repeated here. - -One difference is that server must perform connection authentication -protocol with proper authentication. Proper authentication is based -on passphrase or public key authentication. - -After server and router has successfully performed the key exchange -and connection authentication protocol, the server register itself -to the router by sending SILC_PACKET_NEW_SERVER packet. This packet -includes the server's Server ID that it has created by itself and -other relevant information about the server. - -After router has received the SILC_PACKET_NEW_SERVER packet it -distributes the information about newly registered server to all routers -in the SILC network. More information about this in [SILC2]. - -As client needed to resolve the destination ID this must be done by the -server that connected to the router, as well. The way to resolve it is -to get the ID from previously received packet. Server must also start -using its own Server ID as Source ID in SILC Packet Header and the -router's Server ID as Destination when communicating with the router. - -If the server has already connected clients and locally created -channels the server must distribute these informations to the router. -The distribution is done by sending packet SILC_PACKET_NEW_CHANNEL. -See [SILC2] for more information on this. - - -.ti 0 -4.3 Joining to a Channel - -This section describes the procedure when client joins to a channel. -Client may join to channel by sending command SILC_COMMAND_JOIN to the -server. If the receiver receiving join command is normal server the -server must check its local list whether this channel already exists -locally. This would indicate that some client connected to the server -has already joined to the channel. If this is case the client is -joined to the client, new channel key is created and information about -newly joined channel is sent to the router. The new channel key is -also distributed to the router and to all clients on the channel. - -If the channel does not exist in the local list the command must be -fowarded to the router which will then perform the actual joining -procedure. When server receives the reply to the command from the -router it must be distributed to the client who sent the command -originally. Server will also receive the channel key from the server -that it must distribute to the client who originally requested the -join command. The server must also save the channel key. - -If the receiver of the join command is router it must first check its -local list whether anyone in the cell has already joined to the channel. -If this is the case the client is joined to the channel and reply is -sent to the client. If the command was sent by server the command reply -is sent to the server who sent it. Then the router must also create -new channel key and distribute it to all clients on the channel and -all servers that has clients on the channel. - -If the channel does not exist on the router's local list it must -check the global list whether the channel exists at all. If it does -the client is joined to the channel as described previously. If -the channel does not exist the channel is created and the client -is joined to the channel. The channel key is also created and -distributed as previously described. The client joining to the created -channel is made automatically channel founder and both channel founder -and channel operator privileges is set for the client. - -When the router joins the client to the channel it must send -information about newly joined client to all routers in the SILC -network. Also, if the channel was created in the process, information -about newly created channel must also be distributed to all routers. -The distribution of newly created channel is done by sending packet -SILC_PACKET_NEW_CHANNEL. - -It is important to note that new channel key is created always when -new client joins to channel, whether the channel has existed previously -or not. This way the new client on the channel is not able to decrypt -any of the old traffic on the channel. - -Client who receives the reply to the join command must start using -the received Channel ID in the channel message communication thereafter. -However, client must not start communicating on the channel before -it has received the packet SILC_PACKET_CHANNEL_KEY. - -If client wants to know the other clients currently on the channel -the client must send SILC_COMMAND_NAMES command to receive a list of -channel users. Server implementation, however, may send command reply -packet to SILC_COMMAND_NAMES command after client has joined to the -channel even if the client has not sent the command. - - -.ti 0 -4.4 Channel Key Generation - -Channel keys are created by router who creates the channel by taking -enough randomness from cryptographically strong random number generator. -The key is generated always when channel is created, when new client -joins a channel and after the key has expired. Key could expire for -example in an hour. - -The key must also be re-generated whenever some client leaves a channel. -In this case the key is created from scratch by taking enough randomness -from the random number generator. After that the key is distributed to -all clients on the channel. However, channel keys are cell specific thus -the key is created only on the cell where the client, who leaved the -channel, exists. While the server or router is creating the new channel -key, no other client may join to the channel. Messages that are sent -while creating the new key are still processed with the old key. After -server has sent the SILC_PACKET_CHANNEL_KEY packet must client start -using the new key. If server creates the new key the server must also -send the new key to its router. See [SILC2] on more information about -how channel messages must be encrypted and decrypted when router is -processing them. - - -.ti 0 -4.5 Private Message Sending and Reception - -Private messages are sent point to point. Client explicitly destines -a private message to specific client that is delivered to only to that -client. No other client may receive the private message. The receiver -of the private message is destined in the SILC Packet Header as any -other packet as well. - -If the sender of a private message does not know the receiver's Client -ID, it must resolve it from server. There are two ways to resolve the -client ID from server; it is recommended that client ipmlementations -send SILC_COMMAND_IDENTIFY command to receive the Client ID. Client -may also send SILC_COMMAND_WHOIS command to receive the Client ID. -If the sender has received earlier a private message from the receiver -it should have cached the Client ID from the SILC Packet Header. - -Receiver of a private message should not explicitly trust the nickname -that it receives in the Private Message Payload, described in [SILC2]. -Implementations could resolve the nickname from server, as described -previously, and compare the received Client ID and the SILC Packet -Header's Client ID. The nickname in the payload is merely provided -to be displayed for end user. - -See [SILC2] for describtion of private message encryption and decryption -process. - - -.ti 0 -4.6 Private Message Key Generation - -Private message may be protected by key generated by client. The key -may be generated and sent to the other client by sending packet -SILC_PACKET_PRIVATE_MESSAGE_KEY which travels through the network -and is secured by session keys. After that the private message key -is used in the private message communication between those clients. -See more information about how this works technically in [SILC2]. - -Other choice is to entirely use keys that are not sent through -the SILC network at all. This significantly adds security. This key -would be pre-shared-key that is known by both of the clients. Both -agree about using the key and starts sending packets that indicate -that the private message is secured using private message key. This -is the technical aspect mentioned previously that is described -in [SILC2]. - -If the private message keys are not set to be used, which is the -case by default in SILC, the private messages are secured by using -normal session keys established by SILC Key Exchange protocol. - - - - -.ti 0 -4.7 Channel Message Sending and Reception - -Channel messages are delivered to group of users. The group forms a -channel and all clients on the channel receives messages sent to the -channel. - -Channel messages are destined to channel by specifying the Channel ID -as Destination ID in the SILC Packet Header. The server must then -distribute the message to all clients on the channel by sending the -channel message destined explicitly to a client on the channel. - -See [SILC2] for describtion of channel message encryption and decryption -process. - - -.ti 0 -4.8 Session Key Regeneration - -Session keys should be regenerated peridiocally, say, once in an hour. -The re-key process is started by sending SILC_PACKET_REKEY packet to -other end, to indicate that re-key must be performed. - -If perfect forward secrecy (PFS) flag was selected in the SILC Key -Exchange protocol [SILC3] the re-key must cause new key exchange with -SKE protocol. In this case the protocol is secured with the old key -and the protocol results to new key material. See [SILC3] for more -information. After the SILC_PACKET_REKEY packet is sent the sender -will perform the SKE protocol. - -If PFS flag was not set, which is the default case, then re-key is done -without executing SKE protocol. In this case, the new key is created by -hashing the old key with hash function selected earlier in the SKE -protocol. If the digest length of the hash function is too short for the -key, then the key is distributed as described in section Processing the -Key Material in [SILC3]. After both parties has regenerated the session -key, both send SILC_PACKET_REKEY_DONE packet to each other. These packets -are still secured with the old key. After these packets, following -packets must be protected with the new key. - - -.ti 0 -4.9 Command Sending and Reception - -Client usually sends the commands in the SILC network. In this case -the client simply sends the command packet to server and the server -processes it and replies with command reply packet. - -However, if the server is not able to process the command, it is usually -sent to the server's router. This is case for example with commands such -as, SILC_COMMAND_JOIN and SILC_COMMAND_WHOIS commands. However, there -are other commands as well. For example, if client sends the WHOIS -command requesting specific information about some client the server must -send the WHOIS command to router so that all clients in SILC network -are searched. The router, on the other hand, sends the WHOIS command -to further to receive the exact information about the requested client. -The WHOIS command travels all the way to the server who owns the client -and it replies with command reply packet. Finally, the server who -sent the command receives the command reply and it must be able to -determine which client sent the original command. The server then -sends command reply to the client. Implementations should have some -kind of cache to handle, for example, WHOIS information. Servers -and routers along the route could all cache the information for faster -referencing in the future. - -The commands sent by server may be sent hop by hop until someone is able -to process the command. However, it is preferred to destine the command -as precisely as it is possible. In this case, other routers en route -must route the command packet by checking the true sender and true -destination of the packet. However, servers and routers must not route -command reply packets to clients coming from other server. Client -must not accept command reply packet originated from anyone else but -from its own server. - - -.ti 0 -5 SILC Commands - -.ti 0 -5.1 SILC Commands Syntax - -This section briefly describes the syntax of the command notions -in this document. Every field in command is separated from each -other by whitespaces (` ') indicating that each field is independent -argument and each argument must have own Command Argument Payload. -The number of maximum arguments are defined with each command -separately. The Command Argument Payload is described in [SILC2]. - -Every command defines specific number for each argument. Currently, -they are defined in ascending order; first argument has number one -(1), second has number two (2) and so on. This number is set into the -Argument Type field in the Command Argument Payload. This makes it -possible to send the arguments in free order as the number must be -used to identify the type of the argument. This makes is it also -possible to have multiple optional arguments in commands and in -command replies. The number of argument is marked in parentheses -before the actual argument. - - - - - -.in 6 -Example: Arguments: (1) (2) -.in 3 - - -Every command replies with Status Payload. This payload tells the -sender of the command whether the command was completed succefully or -whether there was an error. If error occured the payload includes the -error type. In the next section the Status Payload is not described -as it is common to all commands and has been described here. Commands -may reply with other arguments as well. These arguments are command -specific and are described in the next section. - -Example command: -.in 6 - -EXAMPLE_COMMAND - -.in 8 -Max Arguments: 3 - Arguments: (1) [@] (2) - (3) [] - -The command has maximum of 3 arguments. However, only first -and second arguments are mandatory. - -First argument is mandatory but may have optional - format as well. Second argument is mandatory - argument. Third argument is optional argument. - -The numbers in parentheses are the argument specific numbers -that specify the type of the argument in Command Argument Payload. -The receiver always knows that, say, argument number two (2) is - argument, regardles of the ordering of the arguments in -the Command Payload. - -Reply messages to the command: - -Max Arguments: 4 - Arguments: (1) (2) [] - (3) (4) [] - -This command may reply with maximum of 4 arguments. However, -only the first and third arguments are mandatory. The numbers -in the parentheses have the same meaning as in the upper -command sending specification. - -Every command reply with , it is mandatory -argument for all command replies and for this reason it is not -described in the command reply descriptions. - - - -Status messages: - - SILC_STATUS_OK - SILC_STATUS_ERR_TOO_MANY_TARGETS - SILC_STATUS_ERR_NOT_ENOUGH_PARAMS - SILC_STATUS_ERR_NO_SUCH_NICK - -Every command reply also defines set of status message that it -may return inside the . All status messages -are defined in the section 5.3 SILC Command Status Types. -.in 3 - - -.ti 0 -5.2 SILC Commands List - -This section lists all SILC commands, however, it is expected that a -implementation and especially client implementation has many more -commands that has only local affect. These commands are official -SILC commands that has both client and server sides and cannot be -characterized as local commands. - -List of all defined commands in SILC follows. - -.in 0 - 0 SILC_COMMAND_NONE - - None. This is reserved command and must not be sent. - - - 1 SILC_COMMAND_WHOIS - - Max Arguments: 3 - Arguments: (1) [@] (2) [] - (3) [] - - Whois command is used to query various information about specific - user. The user maybe requested by their nickname and server name. - The query may find multiple matching users as there are no unique - nicknames in the SILC. The option maybe given to narrow - down the number of accepted results. If this is not defined there - are no limit of accepted results. The query may also be narrowed - down by defining the server name of the nickname. - - It is also possible to search the user by Client ID. If - is provided server must use it as the search value instead of - the . - - To prevent miss-use of this service wildcards in the nickname - or in the servername are not permitted. It is not allowed - to request all users on some server. The WHOIS requests must - be based on specific nickname request. - - The WHOIS request must be always forwarded to router by server - so that all users are searched. However, the server still must - search its locally connected clients. The server must send - this command to the server who owns the requested client. That - server must reply to the command. - - Reply messages to the command: - - Max Arguments: 7 - Arguments: (1) (2) - (3) [@] (4) - (5) (6) [] - (7) [] - - This command may reply with several command reply messages to - form a list of results. In this case the status payload will - include STATUS_LIST_START status in the first reply and - STATUS_LIST_END in the last reply to indicate the end of the - list. If there are only one reply the status is set to normal - STATUS_OK. - - The command replies include the Client ID of the nickname, - nickname and servername, username and hostnamea and users real - name. Client should process these replies only after the last - reply has been received with the STATUS_LIST_END status. If the - option were defined in the query there will be only - many replies from the server. - - Status messages: - - SILC_STATUS_OK - SILC_STATUS_LIST_START - SILC_STATUS_LIST_END - SILC_STATUS_ERR_NO_SUCH_NICK - SILC_STATUS_ERR_WILDCARDS - SILC_STATUS_ERR_NOT_ENOUGH_PARAMS - SILC_STATUS_ERR_TOO_MANY_PARAMS - - - 2 SILC_COMMAND_WHOWAS - - Max Arguments: 2 - Arguments: (1) [@] (2) [] - - Whowas. This command is used to query history information about - specific user. The user maybe requested by their nickname and - server name. The query may find multiple matching users as there - are no unique nicknames in the SILC. The option maybe - given to narrow down the number of accepted results. If this - is not defined there are no limit of accepted results. The query - may also be narrowed down by defining the server name of the - nickname. - - To prevent miss-use of this service wildcards in the nickname - or in the servername are not permitted. The WHOWAS requests must - be based on specific nickname request. - - The WHOWAS request must be always forwarded to router by server - so that all users are searched. However, the server still must - search its locally connected clients. - - Reply messages to the command: - - Max Arguments: 3 - Arguments: (1) (2) [@] - (3) - - This command may reply with several command reply messages to form - a list of results. In this case the status payload will include - STATUS_LIST_START status in the first reply and STATUS_LIST_END in - the last reply to indicate the end of the list. If there are only - one reply the status is set to normal STATUS_OK. - - The command replies with nickname and username and hostname. - Every server must keep history for some period of time of its - locally connected clients. - - Status messages: - - SILC_STATUS_OK - SILC_STATUS_LIST_START - SILC_STATUS_LIST_END - SILC_STATUS_ERR_NO_SUCH_NICK - SILC_STATUS_ERR_WILDCARDS - SILC_STATUS_ERR_NOT_ENOUGH_PARAMS - SILC_STATUS_ERR_TOO_MANY_PARAMS - - - 3 SILC_COMMAND_IDENTIFY - - Max Arguments: 2 - Arguments: (1) [@] (2) [] - - Identify. Identify command is almost analogous to WHOIS command, - except that it does not return as much information. Only relevant - information such as Client ID is returned. This is usually used - to get the Client ID of a client used in the communication with - the client. - - The query may find multiple matching users as there are no unique - nicknames in the SILC. The option maybe given to narrow - down the number of accepted results. If this is not defined there - are no limit of accepted results. The query may also be narrowed - down by defining the server name of the nickname. - - To prevent miss-use of this service wildcards in the nickname - or in the servername are not permitted. It is not allowed - to request all users on some server. The IDENTIFY requests must - be based on specific nickname request. - - Implementations may not want to give interface access to this - command as it is hardly a command that would be used a end user. - However, it must be implemented as it is used with private message - sending. - - The IDENTIFY must be always forwarded to router by server so that - all users are searched. However, server must still search its - locally connected clients. - - Reply messages to the command: - - Max Arguments: 4 - Arguments: (1) (2) - (3) [[@]] (4) [] - - This command may reply with several command reply messages to form - a list of results. In this case the status payload will include - STATUS_LIST_START status in the first reply and STATUS_LIST_END in - the last reply to indicate the end of the list. If there are only - one reply the status is set to normal STATUS_OK. - - The command replies with Client ID of the nickname and if more - information is available it may reply with nickname and username - and hostname. If the option were defined in the query - there will be only many replies from the server. - - Status messages: - - SILC_STATUS_OK - SILC_STATUS_LIST_START - SILC_STATUS_LIST_END - SILC_STATUS_ERR_NO_SUCH_NICK - SILC_STATUS_ERR_WILDCARDS - SILC_STATUS_ERR_NOT_ENOUGH_PARAMS - SILC_STATUS_ERR_TOO_MANY_PARAMS - - - 4 SILC_COMMAND_NICK - - Max Arguments: 1 - Arguments: (1) - - Set/change nickname. This command is used to set nickname for - user. There is no limit of the length of the nickname in SILC. - Nickname must not include any spaces (` '), non-printable - characters, commas (`,') and any wildcard characters. Note: - nicknames in SILC are case-sensitive which must be taken into - account when searching clients by nickname. - - Reply messages to the command: - - Max Arguments: 2 - Arguments: (1) (2) - - This command is replied always with New ID Payload that is - generated by the server every time user changes their nickname. - Client receiving this payload must start using the received - Client ID as its current valid Client ID. The New ID Payload - is described in [SILC2]. - - Status messages: - - SILC_STATUS_OK - SILC_STATUS_ERR_WILDCARDS - SILC_STATUS_ERR_NICKNAME_IN_USE - SILC_STATUS_ERR_BAD_NICKNAME - SILC_STATUS_ERR_NOT_REGISTERED - SILC_STATUS_ERR_NOT_ENOUGH_PARAMS - SILC_STATUS_ERR_TOO_MANY_PARAMS - - - 5 SILC_COMMAND_LIST - - Max Arguments: 2 - Arguments: (1) [] [] - - The list command is used to list channels and their topics on - current server. If the parameter is used, only the - status of that channel is displayed. Secret channels are not - listed at all. Private channels are listed with status indicating - that the channel is private. - - If the argument is specified the specified server's - channels are listed. In this case the command must be sent to - the server who owns the channel that was requested. - - Reply messages to the command: - - Max Arguments: 4 - Arguments: (1) (2) - (3) (4) - - This command may reply with several command reply messages to form - a list of results. In this case the status payload will include - STATUS_LIST_START status in the first reply and STATUS_LIST_END in - the last reply to indicate the end of the list. If there are only - one reply the status is set to normal STATUS_OK. - - This command replies with Channel ID, name and the topic of the - channel. If the channel is private channel the includes - "*private*" string. - - Status messages: - - SILC_STATUS_OK - SILC_STATUS_LIST_START - SILC_STATUS_LIST_END - SILC_STATUS_ERR_WILDCARDS - SILC_STATUS_ERR_NOT_REGISTERED - SILC_STATUS_ERR_TOO_MANY_PARAMS - SILC_STATUS_ERR_NO_SUCH_CHANNEL - SILC_STATUS_ERR_NO_SUCH_CHANNEL_ID - SILC_STATUS_ERR_NO_SUCH_SERVER - - - 6 SILC_COMMAND_TOPIC - - Max Arguments: 2 - Arguments: (1) (2) []] - - This command is used to change or view the topic of a channel. - The topic for channel is returned if there is no - given. If the parameter is present, the topic - for that channel will be changed, if the channel modes permit - this action. - - Reply messages to the command: - - Max Arguments: 2 - Arguments: (1) (2) [] - - The command may reply with the topic of the channel if it is - set. - - Status messages: - - SILC_STATUS_OK - SILC_STATUS_ERR_NOT_ON_CHANNEL - SILC_STATUS_ERR_WILDCARDS - SILC_STATUS_ERR_NOT_REGISTERED - SILC_STATUS_ERR_NOT_ENOUGH_PARAMS - SILC_STATUS_ERR_NO_SUCH_CHANNEL - SILC_STATUS_ERR_NO_SUCH_CHANNEL_ID - SILC_STATUS_ERR_NO_CHANNEL_ID - SILC_STATUS_ERR_BAD_CHANNEL_ID - SILC_STATUS_ERR_TOO_MANY_PARAMS - SILC_STATUS_ERR_NO_CHANNEL_PRIV - - - 7 SILC_COMMAND_INVITE - - Max Arguments: 2 - Arguments: (1) (2) - - This command is used to invite other clients to join to the - channel. The argument is the target client's ID that - is being invited. The is the Channel ID of the - requested channel. The sender of this command must be on the - channel. This command must fail if the requested channel does - not exist, the requested client is already on the channel or if - the channel is invite only channel and the caller of this command - does not have at least channel operator privileges. - - Reply messages to the command: - - Max Arguments: 2 - Arguments: (1) - - This command replies only with Status Payload. - - Status messages: - - SILC_STATUS_OK - SILC_STATUS_ERR_NOT_REGISTERED - SILC_STATUS_ERR_NOT_ENOUGH_PARAMS - SILC_STATUS_ERR_TOO_MANY_PARAMS - SILC_STATUS_ERR_NO_SUCH_CLIENT_ID - SILC_STATUS_ERR_NO_CLIENT_ID - SILC_STATUS_ERR_NO_SUCH_CHANNEL_ID - SILC_STATUS_ERR_NO_CHANNEL_ID - SILC_STATUS_ERR_NOT_ON_CHANNEL - SILC_STATUS_ERR_USER_ON_CHANNEL - - - 8 SILC_COMMAND_QUIT - - Max Arguments: 1 - Arguments: (1) [] - - This command is used by client to end SILC session. The server - must close the connection to a client which sends this command. - if is given it will be sent to other clients on - channel if the client is on channel when quitting. - - Reply messages to the command: - - This command does not reply anything. - - - 9 SILC_COMMAND_KILL - - Max Arguments: 2 - Arguments: (1) (2) [] - - This command is used by SILC operators to remove a client from - SILC network. The removing has temporary effects and client may - reconnect to SILC network. The is the client to be - removed from SILC. The argument may be provided to - give to the removed client some information why it was removed - from the network. - - Reply messages to the command: - - Max Arguments: 1 - Arguments: (1) - - This command replies only with Status Payload. - - Status messages: - - SILC_STATUS_OK - SILC_STATUS_ERR_WILDCARDS - SILC_STATUS_ERR_NOT_REGISTERED - SILC_STATUS_ERR_NOT_ENOUGH_PARAMS - SILC_STATUS_ERR_TOO_MANY_PARAMS - SILC_STATUS_ERR_NO_SUCH_CLIENT_ID - SILC_STATUS_ERR_NO_CLIENT_ID - - - - - - 10 SILC_COMMAND_INFO - - Max Arguments: 1 - Arguments: (1) [] - - This command is used to fetch various information about a server. - If argument is specified the command must be sent to - the requested server. - - Reply messages to the command: - - Max Arguments: 3 - Arguments: (1) (2) - (3) - - This command replies with the Server ID of the server and a - string which tells the information about the server. - - Status messages: - - SILC_STATUS_OK - SILC_STATUS_ERR_WILDCARDS - SILC_STATUS_ERR_NOT_REGISTERED - SILC_STATUS_ERR_NOT_ENOUGH_PARAMS - SILC_STATUS_ERR_TOO_MANY_PARAMS - SILC_STATUS_ERR_NO_SUCH_SERVER - - - 11 SILC_COMMAND_CONNECT - - Max Arguments: 2 - Arguments: (1) - (2) [[:]] - - This command is used by operators to force a server to try to - establish a new connection to another router (if the connecting - server is normal server) or server (if the conneceting server is - router server). Operator may specify the server/router to be - connected by setting argument. - - Reply messages to the command: - - Max Arguments: 1 - Arguments: (1) - - This command replies only with Status Payload. - - - - Status messages: - - SILC_STATUS_OK - SILC_STATUS_ERR_WILDCARDS - SILC_STATUS_ERR_NOT_REGISTERED - SILC_STATUS_ERR_NOT_ENOUGH_PARAMS - SILC_STATUS_ERR_TOO_MANY_PARAMS - SILC_STATUS_ERR_NO_SUCH_SERVER_ID - SILC_STATUS_ERR_NO_SERVER_PRIV - SILC_STATUS_ERR_NO_ROUTER_PRIV - - - 12 SILC_COMMAND_PING - - Max Arguments: 1 - Arguments: (1) - - This command is used by client and server to test the communication - channel to its server if one suspects that the communication is not - working correctly. The is the ID of the server the - sender is connected to. - - Reply messages to the command: - - Max Arguments: 1 - Arguments: (1) - - This command replies only with Status Payload. Server returns - SILC_STATUS_OK in Status Payload if pinging was successful. - - Status messages: - - SILC_STATUS_OK - SILC_STATUS_ERR_NOT_ENOUGH_PARAMS - SILC_STATUS_ERR_TOO_MANY_PARAMS - SILC_STATUS_ERR_NO_SERVER_ID - SILC_STATUS_ERR_NO_SUCH_SERVER - SILC_STATUS_ERR_NOT_REGISTERED - - - 13 SILC_COMMAND_OPER - - Max Arguments: 2 - Arguments: (1) (2) - - This command is used by normal client to obtain server operator - privileges on some server or router. Note that router operator - has router privileges that supersedes the server operator - privileges and this does not obtain those privileges. Client - must use SILCOPER command to obtain router level privileges. - - The is the username set in the server configurations - as operator. The is the data that the - client is authenticated against. It may be passphrase prompted - for user on client's screen or it may be public key - authentication data (data signed with private key), or - certificate. - - Reply messages to the command: - - Max Arguments: 1 - Arguments: (1) - - This command replies only with Status Payload. - - Status messages: - - SILC_STATUS_OK - SILC_STATUS_ERR_NOT_ENOUGH_PARAMS - SILC_STATUS_ERR_TOO_MANY_PARAMS - SILC_STATUS_ERR_NOT_REGISTERED - SILC_STATUS_ERR_BAD_PASSWORD - SILC_STATUS_ERR_AUTH_FAILED - - - 14 SILC_COMMAND_JOIN - - Max Arguments: 3 - Arguments: (1) (2) [] - (3) [] - - Join to channel/create new channel. This command is used to - join to a channel. If the channel does not exist the channel is - created. If server is normal server this command must be forwarded - to router who will create the channel. The channel may be protected - with passphrase. If this is the case the passphrase must be sent - along the join command. - - The name of the must not include any spaces (` '), - non-printable characters, commas (`,') or any wildcard characters. - - Cipher to be used to secure the traffic on the channel may be - requested by sending the name of the requested . This - is used only if the channel does not exist and is created. If - the channel already exists the cipher set previously for the - channel will be used to secure the traffic. - - The server must check whether the user is allowed to join to - the requested channel. Various modes set to the channel affect - the ability of the user to join the channel. These conditions - are: - - o The user must be invited to the channel if the channel - is invite-only channel. - - o The Client ID/nickname/username/hostname must not match - any active bans. - - o The correct passphrase must be provided if passphrase - is set to the channel. - - o The user count limit, if set, must not be reached. - - Reply messages to the command: - - Max Arguments: 5 - Arguments: (1) (2) - (3) (4) - (5) [] - - This command replies with the channel name requested by the - client, channel ID of the channel and topic of the channel - if it exists. It also replies with the channel mode mask - which tells all the modes set on the channel. If the - channel is created the mode mask is zero (0). - - Client must not start transmitting to the channel even after - server has replied to this command. Client is permitted to - start transmitting on channel after server has sent packet - SILC_PACKET_CHANNEL_KEY to the client. - - Status messages: - - SILC_STATUS_OK - SILC_STATUS_ERR_WILDCARDS - SILC_STATUS_ERR_NOT_REGISTERED - SILC_STATUS_ERR_NOT_ENOUGH_PARAMS - SILC_STATUS_ERR_TOO_MANY_PARAMS - SILC_STATUS_ERR_BAD_PASSWORD - SILC_STATUS_ERR_CHANNEL_IS_FULL - SILC_STATUS_ERR_NOT_INVITED - SILC_STATUS_ERR_BANNED_FROM_CHANNEL - SILC_STATUS_ERR_BAD_CHANNEL - SILC_STATUS_ERR_USER_ON_CHANNEL - - - 15 SILC_COMMAND_MOTD - - Max Arguments: 1 - Arguments: (1) - - This command is used to query the Message of the Day of a server. - - Reply messages to the command: - - Max Arguments: 2 - Arguments: (1) (2) [] - - This command replies with the motd message if it exists. - - Status messages: - - SILC_STATUS_OK - SILC_STATUS_ERR_NOT_ENOUGH_PARAMS - SILC_STATUS_ERR_TOO_MANY_PARAMS - SILC_STATUS_ERR_NOT_REGISTERED - SILC_STATUS_ERR_NO_SUCH_SERVER - - - 16 SILC_COMMAND_UMODE - - Max Arguments: 2 - Arguments: (1) (2) - - This command is used by client to set/unset modes for itself. - However, there are some modes that the client may not set itself, - but they will be set by server. However, client may unset any - mode. Modes may be masked together ORing them thus having - several modes set. Client must keep its client mode mask - locally so that the mode setting/unsetting would work without - problems. Client may change only its own modes. - - Following client modes are defined: - - 0x0000 SILC_UMODE_NONE - - No specific mode for client. This is the initial - setting when new client is created. The client is - normal client now. - - - 0x0001 SILC_UMODE_SERVER_OPERATOR - - Marks the user as server operator. Client cannot - set this mode itself. Server sets this mode to the - client when client attains the server operator - privileges by SILC_COMMAND_OPER command. Client - may unset the mode itself. - - - 0x0002 SILC_UMODE_ROUTER_OPERATOR - - Marks the user as router (SILC) operator. Client - cannot this mode itself. Router sets this mode to - the client when client attains the router operator - privileges by SILC_COMMAND_SILCOPER command. Client - may unset the mode itself. - - Reply messages to the command: - - Max Arguments: 2 - Arguments: (1) (2) - - This command replies with the changed client mode mask that - the client is required to keep locally. - - - Status messages: - - SILC_STATUS_OK - SILC_STATUS_ERR_NOT_ENOUGH_PARAMS - SILC_STATUS_ERR_TOO_MANY_PARAMS - SILC_STATUS_ERR_NOT_REGISTERED - SILC_STATUS_ERR_NO_SUCH_CLIENT_ID - SILC_STATUS_ERR_BAD_CLIENT_ID - SILC_STATUS_ERR_NOT_YOU - SILC_STATUS_ERR_UNKNOWN_MODE - SILC_STATUS_ERR_NO_RECIPIENT - SILC_STATUS_ERR_NO_CLIENT_ID - - - 17 SILC_COMMAND_CMODE - - Max Arguments: 8 - Arguments: (1) (2) - (3) [] (4) [] - (5) [] (6) [] - (7) [] (8) [[:]] - - This command is used by client to set or change channel flags on - a channel. Channel has several modes that set various properties - of a channel. Modes may be masked together by ORing them thus - having several modes set. The is the ID of the - target channel. The client changing channel mode must be on - the same channel and poses sufficient privileges to be able to - change the mode. - - Following channel modes are defined: - - 0x0000 SILC_CMODE_NONE - - No specific mode on channel. This is the default when - channel is created. This means that channel is just plain - normal channel. - - - 0x0001 SILC_CMODE_PRIVATE - - Channel is private channel. Private channels are shown - in the channel list listed with SILC_COMMAND_LIST command - with indicatioin that the channel is private. Also, - client on private channel will no be detected to be on - the channel as the channel is not shown in the client's - currently joined channel list. Channel founder and - channel operator may set/unset this mode. - - Typical implementation would use [+|-]p on user interface - to set/unset this mode. - - - 0x0002 SILC_CMODE_SECRET - - Channel is secret channel. Secret channels are not shown - in the list listed with SILC_COMMAND_LIST command. Secret - channels can be considered to be invisible channels. - Channel founder and channel operator may set/unset this - mode. - - Typical implementation would use [+|-]s on user interface - to set/unset this mode. - - - 0x0004 SILC_CMODE_PRIVKEY - - Channel uses private channel key to protect the traffic - on the channel. When this mode is set the client will be - responsible to set the key it wants to use to encrypt and - decrypt the traffic on channel. Server generated channel - keys are not used at all. This mode provides additional - security as clients on channel may agree to use private - channel key that even servers do not know. Naturally, - this requires that every client on the channel knows - the key before hand (it is considered to be pre-shared- - key). This specification does not define how the private - channel key is set as it is entirely local setting on - client end. - - As it is local setting it is possible to have several - private channel keys on one channel. In this case several - clients can talk on same channel but only those clients - that share the key with the message sender will be able - to hear the talking. Client should not display those - message for the end user that it is not able to decrypt - when this mode is set. - - Only channel founder may set/unset this mode. If this - mode is unset the server will distribute new channel - key to all clients on the channel which will be used - thereafter. - - Typical implementation would use [+|-]k on user interface - to set/unset this mode. - - - 0x0008 SILC_CMODE_INVITE - - Channel is invite only channel. Client may join to this - channel only if it is invited to the channel. Channel - founder and channel operator may set/unset this mode. - - Typical implementation would use [+|-]i on user interface - to set/unset this mode. - - - 0x0010 SILC_CMODE_TOPIC - - The topic of the channel may only be set by client that - is channel founder or channel operator. Normal clients - on channel will not be able to set topic when this mode - is set. Channel founder and channel operator may set/ - unset this mode. - - Typical implementation would use [+|-]t on user interface - to set/unset this mode. - - - 0x0020 SILC_CMODE_ULIMIT - - User limit has been set to the channel. New clients - may not join to the channel when the limit set is - reached. Channel founder and channel operator may set/ - unset the limit. The argument is the - number of limited users. - - Typical implementation would use [+|-]l on user interface - to set/unset this mode. - - - 0x0040 SILC_CMODE_PASSPHRASE - - Passphrase has been set to the channel. Client may - join to the channel only if it is able to provide the - correct passphrase. Setting passphrases to channel - is entirely safe as all commands are protected in the - SILC network. Only channel founder may set/unset - the passphrase. The argument is the - set passphrase. - - Typical implementation would use [+|-]a on user interface - to set/unset this mode. - - - 0x0080 SILC_CMODE_BAN - - Ban mask has been set to the channel. The ban mask - may be used to ban specific clients to join the channel. - The argument is the set ban mask. When - unsetting a ban mask the mask must be provided as - argument. Channel founder and channel operator may - set/unset this mode. Channel founder may not be - added to the ban list. - - Typical implementation would use [+|-]b on user interface - to set/unset this mode. - - - 0x0100 SILC_CMODE_INVITE - - Invite list has been set to the channel. The invite list - can be used to mark the clients that is able to join - channel without being invited when the channel is set to - be invite-only channel. The argument is the - set invite mask. When unsetting entry from the invite list - the entry must be provided as argument. Channel founder and - channel operator may set/unset this mode. - - Typical implementation would use [+|-]I on user interface - to set/unset this mode. - - - 0x0200 SILC_CMODE_OPERATOR - - Sets channel operator privileges on the channel for a - client on the channel. The argument is the - target client on the channel. Channel founder and - channel operator may set/unset (promote/demote) this - mode. - - Typical implementation would use [+|-]o on user interface - to set/unset this mode. - - - 0x0400 SILC_CMODE_CIPHER - - Sets specific cipher to be used to protect channel - traffic. The argument is the requested cipher. - When set or unset the server must re-generate new - channel key. If argument is specified with - argument the new key is generated of - length. - - Typical implementation would use [+|-]c on user interface - to set/unset this mode. - - - To make the mode system work, client must keep the channel mode - mask locally so that the mode setting and unsetting would work - without problems. The client receives the initial channel mode - mask when it joins to the channel. When the mode changes on - channel the server distributes the changed channel mode mask to - all clients on the channel by sending SILC_COMMAND_CMODE command - reply packet. - - - Reply messages to the command: - - Max Arguments: 2 - Arguments: (1) (2) - - This command replies with the changed channel mode mask that - client is required to keep locally. The same mask is also - sent to all clients on channel by sending additional command - reply to them. - - Status messages: - - SILC_STATUS_OK - SILC_STATUS_ERR_NOT_ENOUGH_PARAMS - SILC_STATUS_ERR_TOO_MANY_PARAMS - SILC_STATUS_ERR_NOT_REGISTERED - SILC_STATUS_ERR_NOT_ON_CHANNEL - SILC_STATUS_ERR_NO_SUCH_CHANNEL_ID - SILC_STATUS_ERR_BAD_CHANNEL_ID - SILC_STATUS_ERR_NO_CHANNEL_ID - SILC_STATUS_ERR_NO_CHANNEL_PRIV - SILC_STATUS_ERR_UNKNOWN_MODE - SILC_STATUS_ERR_NO_CLIENT_ID - - - - - 18 SILC_COMMAND_KICK - - Max Arguments: 3 - Arguments: (1) (2) - (3) [] - - This command is used by channel operators to remove a client from - channel. The argument is the channel the client to be - removed is on currently. Note that the "kicker" must be on the same - channel. If is provided it will be sent to the removed - client. - - Reply messages to the command: - - Max Arguments: 1 - Arguments: (1) - - This command replies only with Status Payload. - - Status messages: - - SILC_STATUS_OK - SILC_STATUS_ERR_NOT_ENOUGH_PARAMS - SILC_STATUS_ERR_TOO_MANY_PARAMS - SILC_STATUS_ERR_NOT_REGISTERED - SILC_STATUS_ERR_NO_SUCH_CHANNEL - SILC_STATUS_ERR_NO_SUCH_CLIENT_ID - SILC_STATUS_ERR_NO_CHANNEL_PRIV - SILC_STATUS_ERR_NO_CLIENT_ID - - - 19 SILC_COMMAND_RESTART - - Max Arguments: 0 - Arguments: None - - This command may only be used by server operator to force a - server to restart itself. - - Reply messages to the command: - - Max Arguments: 1 - Arguments: (1) - - This command replies only with Status Payload. - - - - Status messages: - - SILC_STATUS_OK - SILC_STATUS_ERR_NOT_REGISTERED - SILC_STATUS_ERR_NO_SERVER_PRIV - - - 20 SILC_COMMAND_CLOSE - - Max Arguments: 1 - Arguments: (1) - - This command is used only by operator to close connection to a - remote site. The argument is the ID of the remote - site and must be valid. - - Reply messages to the command: - - Max Arguments: 1 - Arguments: (1) - - This command replies only with Status Payload. - - - - Status messages: - - SILC_STATUS_OK - SILC_STATUS_ERR_NOT_ENOUGH_PARAMS - SILC_STATUS_ERR_TOO_MANY_PARAMS - SILC_STATUS_ERR_NOT_REGISTERED - SILC_STATUS_ERR_NO_SUCH_SERVER - SILC_STATUS_ERR_NO_SERVER_PRIV - SILC_STATUS_ERR_NO_SUCH_SERVER_ID - - - 21 SILC_COMMAND_DIE - - Max Arguments: 0 - Arguments: None - - This command is used only by operator to shutdown the server. - All connections to the server will be closed and the server is - shutdown. - - Reply messages to the command: - - - - Max Arguments: 1 - Arguments: (1) - - This command replies only with Status Payload. - - Status messages: - - SILC_STATUS_OK - SILC_STATUS_ERR_NOT_REGISTERED - SILC_STATUS_ERR_NO_SERVER_PRIV - - - 22 SILC_COMMAND_SILCOPER - - Max Arguments: 2 - Arguments: (1) (2) - - This command is used by normal client to obtain router operator - privileges (also known as SILC operator) on some router. Note - that router operator has router privileges that supersedes the - server operator privileges. - - The is the username set in the server configurations - as operator. The is the data that the - client is authenticated against. It may be passphrase prompted - for user on client's screen or it may be public key - authentication data (data signed with private key), or - certificate. - - Difference between router operator and server operator is that - router operator is able to handle cell level properties while - server operator (even on router server) is able to handle only - local properties, such as, local connections and normal server - administration. - - Reply messages to the command: - - Max Arguments: 1 - Arguments: (1) - - This command replies only with Status Payload. - - Status messages: - - SILC_STATUS_OK - SILC_STATUS_ERR_NOT_ENOUGH_PARAMS - SILC_STATUS_ERR_TOO_MANY_PARAMS - SILC_STATUS_ERR_NOT_REGISTERED - SILC_STATUS_ERR_BAD_PASSWORD - SILC_STATUS_ERR_AUTH_FAILED - - - 23 SILC_COMMAND_LEAVE - - Max Arguments: 1 - Arguments: (1) - - This command is used by client to leave a channel the client is - joined to. After a client has leaved the channel the server - must create new key for the channel and distribute to all clients - still currently on the channel. - - Reply messages to the command: - - Max Arguments: 1 - Arguments: (1) - - This command replies only with Status Payload. - - Status messages: - - SILC_STATUS_OK - SILC_STATUS_ERR_NOT_REGISTERED - SILC_STATUS_ERR_NOT_ENOUGH_PARAMS - SILC_STATUS_ERR_TOO_MANY_PARAMS - SILC_STATUS_ERR_NO_SUCH_CHANNEL_ID - SILC_STATUS_ERR_BAD_CHANNEL_ID - SILC_STATUS_ERR_NO_CHANNEL_ID - - - 24 SILC_COMMAND_NAMES - - Max Arguments: 1 - Arguments: (1) - - This command is used to list user names currently on the requested - channel; argument . The server must resolve the - user names and send a comma (`,') separated list of user names - on the channel. Server or router may resolve the names by sending - SILC_COMMAND_WHOIS commands. - - If the requested channel is a private or secret channel, this - command must not send the list of users, as private and secret - channels cannot be seen by outside. In this case the returned - name list may include a indication that the server could not - resolve the names of the users on the channel. - - Reply messages to the command: - - Max Arguments: 3 - Arguments: (1) (2) - (3) (4) - - This command replies with the Channel ID of the requested channel, - comma separated list of users on the channel and Client ID list - of the users on the list. The Client ID list has Client ID's - of all users in the list. First Client ID in the list must be - the Client ID of the first user in . The Client ID - List is formed by adding Client ID's each after each. Note that - the Client ID list is binary data. - - Status messages: - - SILC_STATUS_OK - SILC_STATUS_ERR_NOT_REGISTERED - SILC_STATUS_ERR_NOT_ENOUGH_PARAMS - SILC_STATUS_ERR_TOO_MANY_PARAMS - SILC_STATUS_ERR_NO_SUCH_CHANNEL_ID - SILC_STATUS_ERR_BAD_CHANNEL_ID - SILC_STATUS_ERR_NO_CHANNEL_ID - SILC_STATUS_ERR_NOT_ON_CHANNEL - - - 25 - 254 - - Currently undefined commands. - - - 255 SILC_COMMAND_MAX - - Reserved command. This must not be sent. -.in 3 - - -.ti 0 -5.3 SILC Command Status Types - -.ti 0 -5.3.1 SILC Command Status Payload - -Command Status Payload is sent in command reply messages to indicate -the status of the command. The payload is one of argument in the -command thus this is the data area in Command Argument Payload described -in [SILC2]. The payload is only 2 bytes of length. Following diagram -represents the Command Status Payload (field is always in MSB order). - - -.in 21 -.nf - 1 - 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ -| Status Message | -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ -.in 3 - -.ce -Figure 5: SILC Command Status Payload - - -.in 6 -o Status Message (2 bytes) - Indicates the status message. - All Status messages are described in the next section. -.in 3 - - -.ti 0 -5.3.2 SILC Command Status List - -Command Status messages are returned in the command reply messages -to indicate whether the command were executed without errors. If error -has occured the status tells which error occured. Status payload only -sends numeric reply about the status. Receiver of the payload must -convert the numeric values into human readable error messages. The -list of status messages below has an example human readable error -messages that client may display for the user. - -List of all defined command status messages following. - -.in 0 - Generic status messages: - - 0 SILC_STATUS_OK - - Ok status. Everything went Ok. The status payload maybe - safely ignored in this case. - - 1 SILC_STATUS_LIST_START - - Start of the list. There will be several command replies and - this reply is the start of the list. - - 2 SILC_STATUS_LIST_END - - End of the list. There were several command replies and this - reply is the last of the list. There won't be other replies - beloning to this list after this one. - - 3 - 9 - - Currently undefined and has been reserved for the future. - - - Error status message: - - 10 SILC_STATUS_ERR_NO_SUCH_NICK - - "No such nickname". Requested nickname does not exist. - - 11 SILC_STATUS_ERR_NO_SUCH_CHANNEL - - "No such channel". Requested channel name does not exist. - - 12 SILC_STATUS_ERR_NO_SUCH_SERVER - - "No such server". Requested server name does not exist. - - 13 SILC_STATUS_ERR_TOO_MANY_TARGETS - - "Duplicate recipients. No message delivered". Message were - tried to be sent to recipient which has several occurrences in - the recipient list. - - 14 SILC_STATUS_ERR_NO_RECIPIENT - - "No recipient given". Command required recipient which was - not provided. - - 15 SILC_STATUS_ERR_UNKNOWN_COMMAND - - "Unknown command". Command sent to server is unknown by the - server. - - 16 SILC_STATUS_ERR_WILDCARDS - - "Wildcards cannot be used". Wildcards were provided but they - weren't permitted. - - 17 SILC_STATUS_ERR_NO_CLIENT_ID - - "No Client ID given". Client ID were expected as command - parameter but were not found. - - 18 SILC_STATUS_ERR_NO_CHANNEL_ID - - "No Channel ID given". Channel ID were expected as command - parameter but were not found. - - 19 SILC_STATUS_ERR_NO_SERVER_ID - - "No Serve ID given". Server ID were expected as command - parameter but were not found. - - 20 SILC_STATUS_ERR_BAD_CLIENT_ID - - "Bad Client ID". Client ID provided were erroneous. - - 21 SILC_STATUS_ERR_BAD_CHANNEL_ID - - "Bad Channel ID". Channel ID provided were erroneous. - - 22 SILC_STATUS_ERR_NO_SUCH_CLIENT_ID - - "No such Client ID". Client ID provided does not exist. - - - 23 SILC_STATUS_ERR_NO_SUCH_CHANNEL_ID - - "No such Channel ID". Channel ID provided does not exist. - - 24 SILC_STATUS_ERR_NICKNAME_IN_USE - - "Nickname already exists". Nickname created could not be - registered because number of same nicknames were already set to - maximum. This is not expected to happen in real life but is - possible to occur. - - 25 SILC_STATUS_ERR_NOT_ON_CHANNEL - - "You are not on that channel". The command were specified for - client user is not currently on. - - 26 SILC_STATUS_ERR_USER_ON_CHANNEL - - "User already on channel". User were invited on channel they - already are on. - - 27 SILC_STATUS_ERR_NOT_REGISTERED - - "You have not registered". User executed command that requires - the client to be registered on the server before it may be - executed. - - 28 SILC_STATUS_ERR_NOT_ENOUGH_PARAMS - - "Not enough parameters". Command requires more parameters - than provided. - - 29 SILC_STATUS_ERR_TOO_MANY_PARAMS - - "Too many parameters". Too many parameters were provided - for the command. - - 30 SILC_STATUS_ERR_PERM_DENIED - - "Your host is not among the privileged". The client tried to - register on server that does not allow this host to connect. - - 31 SILC_STATUS_ERR_BANNED_FROM_SERVER - - "You are banned from this server". The client tried to register - on server that has explicitly denied this host to connect. - - - - 32 SILC_STATUS_ERR_BAD_PASSWORD - - "Cannot join channel. Incorrect password". Password provided for - channel were not accepted. - - 33 SILC_STATUS_ERR_CHANNEL_IS_FULL - - "Cannot join channel. Channel is full". The channel is full - and client cannot be joined to it. - - 34 SILC_STATUS_ERR_NOT_INVITED - - "Cannot join channel. You have not been invited". The channel - is invite only channel and client has not been invited. - - 35 SILC_STATUS_ERR_BANNED_FROM_CHANNEL - - "Cannot join channel. You have been banned". The client has - been banned from the channel. - - 36 SILC_STATUS_ERR_UNKNOWN_MODE - - "Unknown mode". Mode provided by the client were unknown to - the server. - - 37 SILC_STATUS_ERR_NOT_YOU - - "Cannot change mode for other users". User tried to change - someone else's mode. - - 38 SILC_STATUS_ERR_NO_CHANNEL_PRIV - - "Permission denied. You are not channel operator". Command may - be executed only by channel operator. - - 39 SILC_STATUS_ERR_NO_SERVER_PRIV - - "Permission denied. You are not server operator". Command may - be executed only by server operator. - - 40 SILC_STATUS_ERR_NO_ROUTER_PRIV - - "Permission denied. You are not SILC operator". Command may be - executed only by router (SILC) operator. - - 41 SILC_STATUS_ERR_BAD_NICKNAME - - "Bad nickname". Nickname requested contained illegal characters - or were malformed. - - 42 SILC_STATUS_ERR_BAD_CHANNEL - - "Bad channel name". Channel requested contained illegal characters - or were malformed. - - 43 SILC_STATUS_ERR_AUTH_FAILED - - "Authentication failed". The authentication data sent as - argument were wrong and thus authentication failed. -.in 3 - - -.ti 0 -6 Security Considerations - -Security is central to the design of this protocol, and these security -considerations permeate the specification. - - - - - -.ti 0 -7 References - -[SILC2] Riikonen, P., "SILC Packet Protocol", Internet Draft, - June 2000. - -[SILC3] Riikonen, P., "SILC Key Exchange and Authentication - Protocols", Internet Draft, June 2000. - -[IRC] Oikarinen, J., and Reed D., "Internet Relay Chat Protocol", - RFC 1459, May 1993. - -[SSH-TRANS] Ylonen, T., et al, "SSH Transport Layer Protocol", - Internet Draft. - -[PGP] Callas, J., et al, "OpenPGP Message Format", RFC 2440, - November 1998. - -[SPKI] Ellison C., et al, "SPKI Certificate Theory", RFC 2693, - September 1999. - -[PKIX-Part1] Housley, R., et al, "Internet X.509 Public Key - Infrastructure, Certificate and CRL Profile", RFC 2459, - January 1999. - -[Schneier] Schneier, B., "Applied Cryptography Second Edition", - John Wiley & Sons, New York, NY, 1996. - -[Menezes] Menezes, A., et al, "Handbook of Applied Cryptography", - CRC Press 1997. - -[OAKLEY] Orman, H., "The OAKLEY Key Determination Protocol", - RFC 2412, November 1998. - -[ISAKMP] Maughan D., et al, "Internet Security Association and - Key Management Protocol (ISAKMP)", RFC 2408, November - 1998. - -[IKE] Harkins D., and Carrel D., "The Internet Key Exhange - (IKE)", RFC 2409, November 1998. - -[HMAC] Krawczyk, H., "HMAC: Keyed-Hashing for Message - Authentication", RFC 2104, February 1997. - - - -.ti 0 -8 Author's Address - -.nf -Pekka Riikonen -Kasarmikatu 11 A4 -70110 Kuopio -Finland - -EMail: priikone@poseidon.pspt.fi - -This Internet-Draft expires 13 May 2001