.ds RF FORMFEED[Page %]
.ds CF
.ds LH Internet Draft
-.ds RH 13 September 2000
+.ds RH 6 October 2000
.ds CH
.na
.hy 0
.nf
Network Working Group P. Riikonen
Internet-Draft
-draft-riikonen-silc-pp-01.txt 13 September 2000
-Expires: 13 May 2001
+draft-riikonen-silc-pp-01.txt 6 October 2000
+Expires: 6 Jun 2001
.in 3
2.2 SILC Packet Header ........................................ 5
2.3 SILC Packet Types ......................................... 7
2.3.1 SILC Packet Payloads ................................ 15
- 2.3.2 Generic paylods .....................................
- 2.3.2.1 ID Payload ..................................
- 2.3.2.2 Argument Payload ............................
- 2.3.3 Disconnect Payload .................................. 15
- 2.3.4 Success Payload ..................................... 16
- 2.3.5 Failure Payload ..................................... 16
- 2.3.6 Reject Payload ...................................... 17
- 2.3.7 Notify Payload ...................................... 17
- 2.3.8 Error Payload ....................................... 18
- 2.3.9 Channel Message Payload ............................. 19
- 2.3.10 Channel Key Payload ................................ 20
- 2.3.11 Private Message Payload ............................ 23
- 2.3.12 Private Message Key Payload ........................ 24
- 2.3.13 Command Payload .................................... 25
- 2.3.14 Command Reply Payload .............................. 26
- 2.3.15 Connection Auth Request Payload .................... 27
- 2.3.16 New ID Payload ..................................... 28
- 2.3.17 New ID List Payload ................................ 29
- 2.3.18 New Client Payload ................................. 29
- 2.3.19 New Server Payload ................................. 31
- 2.3.20 New Channel Payload ................................ 31
- 2.3.21 New Channel User Payload ........................... 32
- 2.3.22 New Channel List Payload ........................... 33
- 2.3.23 New Channel User List Payload ...................... 34
- 2.3.24 Replace ID Payload ................................. 34
- 2.3.25 Remove ID Payload .................................. 35
- 2.3.26 Remove Channel User Payload ........................
- 2.4 SILC ID Types ............................................. 36
- 2.5 Packet Encryption And Decryption .......................... 37
- 2.5.1 Normal Packet Encryption And Decryption ............. 37
- 2.5.2 Channel Message Encryption And Decryption ........... 37
- 2.5.3 Private Message Encryption And Decryption ........... 38
- 2.6 Packet MAC Generation ..................................... 39
- 2.7 Packet Padding Generation ................................. 39
- 2.8 Packet Compression ........................................ 40
- 2.9 Packet Sending ............................................ 40
- 2.10 Packet Reception ......................................... 41
- 2.11 Packet Routing ........................................... 42
- 2.12 Packet Forwarding ........................................
- 2.13 Packet Broadcasting ...................................... 41
- 2.14 Packet Tunneling ......................................... 42
-3 Security Considerations ....................................... 43
-4 References .................................................... 43
-5 Author's Address .............................................. 44
+ 2.3.2 Generic payloads .................................... 16
+ 2.3.2.1 ID Payload .................................. 16
+ 2.3.2.2 Argument Payload ............................ 16
+ 2.3.2.3 Channel Payload ............................. XXX
+ 2.3.3 Disconnect Payload .................................. 17
+ 2.3.4 Success Payload ..................................... 18
+ 2.3.5 Failure Payload ..................................... 18
+ 2.3.6 Reject Payload ...................................... 19
+ 2.3.7 Notify Payload ...................................... 20
+ 2.3.8 Error Payload ....................................... 21
+ 2.3.9 Channel Message Payload ............................. 22
+ 2.3.10 Channel Key Payload ................................ 24
+ 2.3.11 Private Message Payload ............................ 26
+ 2.3.12 Private Message Key Payload ........................ 27
+ 2.3.13 Command Payload .................................... 28
+ 2.3.14 Command Reply Payload .............................. 29
+ 2.3.15 Connection Auth Request Payload .................... 29
+ 2.3.16 New ID Payload ..................................... 30
+ 2.3.17 New Client Payload ................................. 31
+ 2.3.18 New Server Payload ................................. 32
+ 2.3.19 New Channel Payload ................................ 33
+ 2.3.20 Key Agreement Payload .............................. XXX
+ 2.4 SILC ID Types ............................................. 39
+ 2.5 Packet Encryption And Decryption .......................... 39
+ 2.5.1 Normal Packet Encryption And Decryption ............. 39
+ 2.5.2 Channel Message Encryption And Decryption ........... 40
+ 2.5.3 Private Message Encryption And Decryption ........... 41
+ 2.6 Packet MAC Generation ..................................... 41
+ 2.7 Packet Padding Generation ................................. 42
+ 2.8 Packet Compression ........................................ 42
+ 2.9 Packet Sending ............................................ 43
+ 2.10 Packet Reception ......................................... 43
+ 2.11 Packet Routing ........................................... 44
+ 2.12 Packet Broadcasting ...................................... 45
+ 2.13 Packet Tunneling ......................................... 45
+3 Security Considerations ....................................... 46
+4 References .................................................... 46
+5 Author's Address .............................................. 47
.ti 0
List of Figures
.nf
Figure 1: Typical SILC Packet
Figure 2: SILC Packet Header
-Figure 3: Disconnect Payload
-Figure 4: Success Payload
-Figure 5: Failure Payload
-Figure 6: Reject Payload
-Figure 7: Notify Payload
-Figure 8: Error Payload
-Figure 9: Channel Message Payload
-Figure 10: Channel Key Payload
-Figure 11: Private Message Payload
-Figure 12: Private Message Key Payload
-Figure 13: Command Payload
-Figure 15: Connection Auth Request Payload
-Figure 16: New ID Payload
-Figure 17: New Client Payload
-Figure 18: New Server Payload
-Figure 19: New Channel Payload
-Figure 20: New Channel User Payload
-Figure 21: Replace ID Payload
-Figure 22: Remove ID Payload
-Figure 23: Remove Channel User Payload
+Figure 3: ID Payload
+Figure 4: Argument Payload
+Figure 5: Channel Payload
+Figure 6: Disconnect Payload
+Figure 7: Success Payload
+Figure 8: Failure Payload
+Figure 9: Reject Payload
+Figure 10: Notify Payload
+Figure 11: Error Payload
+Figure 12: Channel Message Payload
+Figure 13: Channel Key Payload
+Figure 14: Private Message Payload
+Figure 15: Private Message Key Payload
+Figure 16: Command Payload
+Figure 17: Connection Auth Request Payload
+Figure 18: New Client Payload
+Figure 19: New Server Payload
+Figure 20: Key Agreement Payload
+Figure 21: Cell Routers Payload
.ti 0
The header is variable in length and first two (2) bytes of the
header (thus first two bytes of the packet) are not encrypted. The
first two (2) bytes are the length of the packet which is not encrypted.
-See following section for description of SILC Packet header. Packets
+See The following section for description of SILC Packet header. Packets
without SILC header or with malformed SILC header must be dropped.
Padding follows the packet header. The purpose of the padding is to
the packet header to parse the packet and gain other relevant parameters
of the packet.
-Following diagram represents the default SILC header format.
+The following diagram represents the default SILC header format.
(*) indicates that this field is never encrypted. Other fields are
always encrypted.
.in 5
.nf
- 1 2 3
+ 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Payload Length * | Flags | Packet Type |
processing. Several flags may be set by ORing the flags
together.
- Following flags are reserved for this field:
-
-
+ The following flags are reserved for this field:
No flags 0x00
Encryption And Decryption for more information.
- Forwarded 0x02
+ List 0x02
- Marks the packet to be forwarded. Some specific
- packet types may be forwarded. Receiver of packet
- with this flag set must not forward the packet any
- further. See section 2.12 Packet Forwarding for
- desribtion of packet forwarding.
+ Indicates that the packet consists of list of
+ packet payloads indicated by the Packet Type field.
+ The payloads are added one after the other. Note that
+ there are packet types that must not be used as
+ list. Parsing of list packet is done by calculating
+ the length of each payload and parsing them one by
+ one.
Broadcast 0x04
Source ID field in the header, not including this or any
other fields.
-
-
o Destination ID Length (2 bytes) - Indicates the length of the
Destination ID field in the header, not including this or
any other fields.
the disconnection is sent inside the packet payload. Client
usually does not send this packet.
- Payload of the packet: See section 2.3.2 Disconnect Payload
+ This packet must not be sent as list and the List flag must
+ not be set.
+
+ Payload of the packet: See section 2.3.3 Disconnect Payload
2 SILC_PACKET_SUCCESS
This packet is sent upon successful execution of some protocol.
The status of the success is sent in the packet.
- Payload of the packet: See section 2.3.3 Success Payload
+ This packet must not be sent as list and the List flag must
+ not be set.
+
+ Payload of the packet: See section 2.3.4 Success Payload
3 SILC_PACKET_FAILURE
This packet is sent upon failure of some protocol. The status
of the failure is sent in the packet.
- Payload of the packet: See section 2.3.4 Failure Payload
+ This packet must not be sent as list and the List flag must
+ not be set.
+
+ Payload of the packet: See section 2.3.5 Failure Payload
4 SILC_PACKET_REJECT
This packet may be sent upon rejection of some protocol.
The status of the rejection is sent in the packet.
- Payload of the packet: See section 2.3.5 Reject Payload
+ This packet must not be sent as list and the List flag must
+ not be set.
+
+ Payload of the packet: See section 2.3.6 Reject Payload
5 SILC_PACKET_NOTIFY
server to client, although it may be sent from server to another
server as well. Client never sends this packet. Server may
send this packet to channel as well when the packet is
- distributed to all clients on the channel. Receiver of this
- packet may ignore the packet if it chooses so. However, it
- should not be ignored.
+ distributed to all clients on the channel.
- Payload of the packet: See section 2.3.6 Notify Payload.
+ Payload of the packet: See section 2.3.7 Notify Payload.
6 SILC_PACKET_ERROR
most likely to take action anyway. This packet may be sent
to entity that is indirectly connected to the sender.
- Payload of the packet: See section 2.3.7 Error Payload.
+ This packet must not be sent as list and the List flag must
+ not be set.
+
+ Payload of the packet: See section 2.3.8 Error Payload.
7 SILC_PACKET_CHANNEL_MESSAGE
by channel specific keys. Channel Keys are distributed by
SILC_PACKET_CHANNEL_KEY packet.
- Payload of the packet: See section 2.3.8 Channel Message
+ This packet must not be sent as list and the List flag must
+ not be set.
+
+ Payload of the packet: See section 2.3.9 Channel Message
Payload
may send this packet. This packet may be sent to entity
that is indirectly connected to the sender.
- Payload of the packet: See section 2.3.9 Channel Key Payload
+ This packet must not be sent as list and the List flag must
+ not be set.
+
+ Payload of the packet: See section 2.3.10 Channel Key Payload
9 SILC_PACKET_PRIVATE_MESSAGE
used as well if both of the client knows it, however, it needs
to be agreed outside SILC. See more of this in [SILC1].
- Payload of the packet: See section 2.3.10 Private Message
+ This packet must not be sent as list and the List flag must
+ not be set.
+
+ Payload of the packet: See section 2.3.11 Private Message
Payload
default or to use normal session keys by default, is
implementation specific issue. See more of this in [SILC1].
- Payload of the packet: See section 2.3.11 Private Message
+ This packet must not be sent as list and the List flag must
+ not be set.
+
+ Payload of the packet: See section 2.3.12 Private Message
Key Payload
This packet may be sent to entity that is indirectly connected
to the sender.
- Payload of the packet: See section 2.3.12 Command Payload
+ This packet must not be sent as list and the List flag must
+ not be set.
+
+ Payload of the packet: See section 2.3.13 Command Payload
12 SILC_PACKET_COMMAND_REPLY
The contents of this packet is command specific. This packet
maybe sent to entity that is indirectly connected to the sender.
- Payload of the packet: See section 2.3.13 Command Reply
- Payload and section 2.3.12 Command
+ This packet must not be sent as list and the List flag must
+ not be set.
+
+ Payload of the packet: See section 2.3.14 Command Reply
+ Payload and section 2.3.13 Command
Payload
This packet is used to start SILC Key Exchange Protocol,
described in detail in [SILC3].
+ This packet must not be sent as list and the List flag must
+ not be set.
+
Payload of the packet: Payload of this packet is described
in the section SILC Key Exchange
Protocol and its sub sections in
This packet is used as part of the SILC Key Exchange Protocol.
+ This packet must not be sent as list and the List flag must
+ not be set.
+
Payload of the packet: Payload of this packet is described
in the section SILC Key Exchange
Protocol and its sub sections in
This packet is used as part of the SILC Key Exchange Protocol.
+ This packet must not be sent as list and the List flag must
+ not be set.
+
Payload of the packet: Payload of this packet is described
in the section SILC Key Exchange
Protocol and its sub sections in
This packet is used to request the authentication method to
be used in the SILC Connection Authentication Protocol. If
initiator of the protocol does not know the mandatory
- authentication method this packet is used to determine it.
+ authentication method this packet may be used to determine it.
The party receiving this payload must respond with the same
packet including the mandatory authentication method.
- Payload of the packet: See section 2.3.14 Connection Auth
+ This packet must not be sent as list and the List flag must
+ not be set.
+
+ Payload of the packet: See section 2.3.15 Connection Auth
Request Payload
the connecting party. The protocol is described in detail in
[SILC3].
+ This packet must not be sent as list and the List flag must
+ not be set.
+
Payload of the packet: Payload of this packet is described
in the section SILC Authentication
Protocol and it sub sections in [SILC].
distributed by this packet. Only server may send this packet,
however, client must be able to receive this packet.
- Payload of the packet: See section 2.3.15 New ID Payload
-
+ Payload of the packet: See section 2.3.16 New ID Payload
- 19 SILC_PACKET_NEW_ID_LIST
- This packet is used to distribute list of new ID's from
- server to routers. This is equivalent to previous packet
- type except that it may include several ID's. Client must
- not send this packet.
+ 19 SILC_PACKET_NEW_CLIENT
- Payload of the packet: See section 2.3.16 New ID List
- Payload
-
-
- 20 SILC_PACKET_NEW_CLIENT
-
- This packet is used by client to register itself to the
- SILC network. This is sent after key exchange and
+ This packet is used by client to register itself to the
+ SILC network. This is sent after key exchange and
authentication protocols has been completed. Client sends
various information about itself in this packet.
+ This packet must not be sent as list and the List flag must
+ not be set.
+
Payload of the packet: See section 2.3.17 New Client Payload
- 21 SILC_PACKET_NEW_SERVER
+ 20 SILC_PACKET_NEW_SERVER
This packet is used by server to register itself to the
SILC network. This is sent after key exchange and
its Server ID and other information in this packet.
Client must not send or receive this packet.
+ This packet must not be sent as list and the List flag must
+ not be set.
+
Payload of the packet: See section 2.3.18 New Server Payload
- 22 SILC_PACKET_NEW_CHANNEL
+ 21 SILC_PACKET_NEW_CHANNEL
This packet is used to notify routers about newly created
channel. Channels are always created by the router and it must
packet. This packet maybe sent to entity that is indirectly
connected to the sender.
- Payload of the packet: See section 2.3.20 New Channel Payload
-
-
- 23 SILC_PACKET_NEW_CHANNEL_USER
-
- This packet is used to notify routers about new user on channel.
- The packet is sent after user has joined to the channel. Server
- may send this packet to its router and router may send this to
- its primary router. Client must not send this packet. This
- packet maybe sent to entity that is indirectly connected to
- the sender.
-
- Payload of the packet: See section 2.3.21 New Channel User
- Payload
+ Payload of the packet: See section 2.3.19 New Channel Payload
- 24 SILC_PACKET_NEW_CHANNEL_LIST
+ 22 SILC_PACKET_REKEY
- This packet is used to distribute list of created channels
- from server to routers. This is equivalent to the packet
- SILC_PACKET_NEW_CHANNEL except that it may include several
- payloads. Client must not send this packet.
-
- Payload of the packet: See section 2.3.22 New Channel List
- Payload
-
-
- 25 SILC_PACKET_NEW_CHANNEL_USER_LIST
-
- This packet is used to distribute list of users on specific
- channel from server to routers. This is equivalent to the
- packet SILC_PACKET_NEW_CHANNEL_USER except that it may
- include several payloads. Client must not send this packet.
+ This packet is used to indicate that re-key must be performed
+ for session keys. See section Session Key Regeneration in
+ [SILC1] for more information. This packet does not have
+ a payload.
- Payload of the packet: See section 2.3.23 New Channel User
- List Payload
+ This packet must not be sent as list and the List flag must
+ not be set.
- 26 SILC_PACKET_REPLACE_ID
+ 23 SILC_PACKET_REKEY_DONE
- This packet is used to replace old ID with new ID sent in
- the packet payload. For example, when client changes its
- nickname new ID is created and this packet can be used to
- distribute the new ID and the old ID is removed when it is
- send in the packet. Client cannot send or receive this
- packet. This packet maybe sent to entity that is indirectly
- connected to the sender.
+ This packet is used to indicate that re-key is performed and
+ new keys must be used hereafter. This is sent only if re-key
+ was done without PFS option. If PFS is set, this is not sent
+ as SILC Key Exchange protocol is executed. This packet does
+ not have a payload.
- Payload of the packet: See section 2.3.24 Replace ID Payload
+ This packet must not be sent as list and the List flag must
+ not be set.
+
+ 24 SILC_PACKET_HEARTBEAT
- 27 SILC_PACKET_REMOVE_ID
+ This packet is used by clients, servers and routers to keep the
+ connection alive. It is recommended that all servers implement
+ keepalive actions and perform it to both direction in a link.
+ This packet does not have a payload.
- This packet is used to removed ID. For example, when client
- exits SILC network its ID is removed. Client must not send
- this packet. This packet maybe sent to entity that is
- indirectly connected to the sender.
+ This packet must not be sent as list and the List flag must
+ not be set.
- Payload of the packet: See section 2.3.25 Remove ID Payload
+ 25 SILC_PACKET_KEY_AGREEMENT
- 28 SILC_PACKET_REMOVE_CHANNEL_USER
+ This packet is used by clients to request key negotiation
+ between another client in the SILC network. If the negotiation
+ is started it is performed using the SKE protocol. The result of
+ the negotiation, the secret key material, can be used for
+ example as private message key. The server and router must not
+ send this packet.
- This packet is used to remove user from a channel. This is
- used by router to notify other routers in the network that a
- client has leaved a channel. This packet maybe sent to entity
- that is indirectly connected to the sender.
+ Payload of the packet: See section 2.3.20 Key Agreement Payload
- Payload of the packet: See section 2.3.26 Remove Channel User
- Payload
+ 26 SILC_PACKET_CELL_ROUTERS
- 29 SILC_PACKET_REKEY
+ This packet is used by primary router in the cell to notify its
+ primary router what other routers (backup routers) exist in the
+ cell. In case of failure of the primary router in the cell the
+ first router in the list will act as primary router of the cell.
+ This packet may be sent at anytime after connection has been
+ registered to the primary router. The client must not send this
+ packet.
- This packet is used to indicate that re-key must be performed
- for session keys. See section Session Key Regeneration in
- [SILC1] for more information. This packet does not have
- a payload.
+ Payload of the packet: See section 2.3.21 Cell Routers Payload
- 30 SILC_PACKET_REKEY_DONE
+ 27 - 199
- This packet is used to indicate that re-key is performed and
- new keys must be used hereafter. This is sent only if re-key
- was done without PFS option. If PFS is set, this is not sent
- as SILC Key Exchange protocol is executed. This packet does
- not have a payload.
+ Currently undefined commands.
- 31 - 254
+ 200 - 254
- Currently undefined commands.
+ These packet types are reserved for private use and they will not
+ be defined by this document.
255 SILC_PACKET_MAX
.ti 0
-2.3.2 Generic paylods
+2.3.2 Generic payloads
-This sections describes generic payloads that are not associated to any
+This section describes generic payloads that are not associated to any
specific packet type. They can be used for example inside some other
packet payloads.
This payload can be used to send an ID. ID's are variable length thus
this payload provides a way to send variable length ID's.
-Following diagram represents the ID Payload.
+The following diagram represents the ID Payload.
.in 5
.nf
associated with a packet must be indicated by the packet payload who
needs the arguments. Argument Payloads must always reside right after
the packet payload needing the arguments. Incorrect amount of argument
-payloads must cause rejection of the packet. Following diagram represents
+payloads must cause rejection of the packet. The following diagram represents
the Argument Payload.
+The following diagram represents the Argument Payload.
.in 5
.nf
.in 3
+.ti 0
+2.3.2.3 Channel Payload
+
+Generic Channel Payload may be used information about channel, its name,
+the Channel ID and a mode.
+
+The following diagram represents the Channel Payload Payload.
+
+
+.in 5
+.nf
+ 1 2 3
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+| Channel Name Length | |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
+| |
+~ Channel Name ~
+| |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+| Channel ID Length | |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
+| |
+~ Channel ID ~
+| |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+| Mode Mask |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+.in 3
+
+.ce
+Figure 5: New Channel Payload
+
+
+.in 6
+o Channel Name Length (2 bytes) - Length of the channel name
+ field.
+
+o Channel Name (variable length) - The name of the channel.
+
+o Channel ID Length (2 bytes) - Length of the Channel ID field.
+
+o Channel ID (variable length) - The Channel ID.
+
+o Mode Mask (4 bytes) - A mode. This can be the mode of the
+ channel but it can also be the mode of the client on the
+ channel. The contents of this field is dependent of the
+ usage of this payload. The usage is defined separately
+ when this payload is used. This is a 32 bit MSB first value.
+.in 3
+
+
.ti 0
2.3.3 Disconnect Payload
reason of disconnection is sent to the disconnected party.
The payload may only be sent with SILC_PACKET_DISCONNECT packet. It
-must not be sent in any other packet type. Following diagram represents
+must not be sent in any other packet type. The following diagram represents
the Disconnect Payload.
+
+
+
+
+
.in 5
.nf
1 2 3
.in 3
.ce
-Figure 3: Disconnect Payload
+Figure 6: Disconnect Payload
.in 3
.ce
-Figure 4: Success Payload
+Figure 7: Success Payload
.in 6
.in 3
.ce
-Figure 5: Failure Payload
+Figure 8: Failure Payload
.in 6
.in 3
.ce
-Figure 6: Reject Payload
+Figure 9: Reject Payload
.in 6
Notify payload is used to send notify messages. The payload is usually
sent from server to client, however, server may send it to another
-server as well. Client must not send this payload. The receiver of
-this payload may totally ignore the contents of the payload, however,
-notify message should be noted and possibly logged.
+server as well. This payload may also be sent to a channel. Client must
+not send this payload. The receiver of this payload may totally ignore the
+contents of the payload, however, notify message should be audited.
The payload may only be sent with SILC_PACKET_NOTIFY packet. It must
-not be sent in any other packet type. Following diagram represents the
+not be sent in any other packet type. The following diagram represents the
Notify Payload.
.in 5
1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-| Notify Type | Argument Nums | |
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
-| |
-~ Notify Message ~
-| |
+| Notify Type | Payload Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+| Argument Nums |
++-+-+-+-+-+-+-+-+
.in 3
.ce
-Figure 7: Notify Payload
+Figure 10: Notify Payload
.in 6
o Notify Type (2 bytes) - Indicates the type of the notify
message.
+o Payload Length (2 bytes) - Length of the entire Notify Payload
+ including any associated Argument Payloads.
+
o Argument Nums (2 bytes) - Indicates the number of Argument
Payloads associated to this payload. Notify types may define
arguments to be send along the notify message.
-
-o Notify Message (variable length) - Human readable notify
- message. The format of this message is implementation specific.
- The message can be for example "%s has joined channel %s".
.in 3
-Following notify types has been defined:
+The following list of currently defined notify types. The format for notify
+arguments is same as in SILC commands described in [SILC1]. Also, all
+ID's sent in arguments are sent inside ID Payload.
.in 6
0 SILC_NOTIFY_TYPE_NONE
- If no specific notify type apply for the notify
- message this type may be used.
+ If no specific notify type apply for the notify message this type
+ may be used.
+
+ Max Arguments: 1
+ Arguments: (1) <message>
+
+ The <message> is implementation specific free text string. Receiver
+ may ignore this message.
- No arguments associated to this type.
1 SILC_NOTIFY_TYPE_INVITE
- Sent when receiver has been invited to a channel.
+ Sent when an client is invited to a channel. This is also sent
+ when the invite list of the channel is changed. This notify type
+ is sent between routers and if an client was invited to the
+ client as well. In this case the packet is destined to the client.
+
+ Max Arguments: 5
+ Arguments: (1) <Channel ID> (2) <channel name>
+ (3) [<sender Client ID>] (4) [<adding client>]
+ (5) [<removing client>]
+
+ The <Channel ID> is the channel. The <channel name> is the name
+ of the channel and is provided because the client which receives
+ this notify packet may not have a way to resolve the name of the
+ channel from the <Channel ID>. The <sender Client ID> is the
+ Client ID who invited the client to the channel. The <adding client>
+ and the <removing client> indicates the added or removed client
+ from the channel's invite list. The format of the <adding client
+ and the <removing client> is defined in the [SILC1] with
+ SILC_COMMAND_INVITE command.
+
+ The <adding client> and <removing client> is never sent when the
+ packet is destined to a client.
- This type includes three arguments: nickname and channel name.
2 SILC_NOTIFY_TYPE_JOIN
- Sent when client has joined to a channel.
+ Sent when client has joined to a channel. The server must distribute
+ this type only to the local clients on the channel and then send
+ it to its primary router. The router or server receiving the packet
+ distributes this type to the local clients on the channel and
+ broadcast it to the network.
+
+ Max Arguments: 2
+ Arguments: (1) [<Client ID>] (2) <Channel ID>
+
+ The <Client ID> is the client that joined to the channel indicated
+ by the <Channel ID>.
- This type includes six arguments: Client ID, nickname, username,
- hostname, Channel ID and channel name. The Client ID and Channel ID
- are sent inside ID Payload.
3 SILC_NOTIFY_TYPE_LEAVE
- Sent when client has left a channel.
+ Sent when client has left a channel. The server must distribute
+ this type only to the local clients on the channel and then send
+ it to its primary router. The router or server receiving the packet
+ distributes this type to the local clients on the channel and
+ broadcast it to the network.
+
+ Max Arguments: 1
+ Arguments: (1) <Client ID>
+
+ The <Client ID> is the client who left the channel.
- This type includes three arguments: nickname, server name,
- Channel ID and channel name. The Channel ID is sent inside ID
- Payload.
4 SILC_NOTIFY_TYPE_SIGNOFF
- Sent when client signoffs from SILC network.
+ Sent when client signoffs from SILC network. The server must
+ distribute this type only to the local clients on the channel and
+ then send it to its primary router. The router or server receiving
+ the packet distributes this type to the local clients on the channel
+ and broadcast it to the network.
+
+ Max Arguments: 2
+ Arguments: (1) <Client ID> (2) <message>
+
+ The <Client ID> is the client who left SILC network. The <message>
+ is free text string indicating the reason of signoff.
+
+
+5 SILC_NOTIFY_TYPE_TOPIC_SET
+
+ Sent when topic is set/changed on a channel. This type must be sent
+ only to the clients who is joined on the channel whose topic was
+ set or changed.
+
+ Max Arguments: 2
+ Arguments: (1) <Client ID> (2) <topic>
+
+ The <Client ID> is the client who set or changed the <topic>.
+
+
+6 SILC_NOTIFY_TYPE_NICK_CHANGE
+
+ Sent when client changes nick on a channel. The server must
+ distribute this type only to the local clients on the channel and
+ then send it to its primary router. The router or server receiving
+ the packet distributes this type to the local clients on the channel
+ and broadcast it to the network.
+
+ Max Arguments: 2
+ Arguments: (1) <Old Client ID> (2) <New Client ID>
+
+ The <Old Client ID> is the old ID of the client who changed the
+ nickname. The <New Client ID> is the new ID generated by the change
+ of the nickname.
+
+
+7 SILC_NOTIFY_TYPE_CMODE_CHANGE
+
+ Sent when channel mode has changed. This type must be sent only to
+ the clients who is joined on the channel whose mode was changed.
+
+ Max Arguments: 4
+ Arguments: (1) <ID Payload> (2) <mode mask>
+ (3) [<cipher>] (4) <[hmac>]
+
+ The <ID Payload> is the ID (usually Client ID but it can be Server ID
+ as well when the router is enforcing channel mode change) of the
+ entity which changed the mode. The <mode mask> is the new mode mask
+ of the channel. The client can safely ignore the <cipher> argument
+ since the SILC_PACKET_CHANNEL_KEY packet will force the new channel
+ key change anyway. The <hmac> argument is important since the client
+ is responsible of setting the new HMAC and the hmac key into use.
+
+
+8 SILC_NOTIFY_TYPE_CUMODE_CHANGE
+
+ Sent when user mode on channel has changed. This type must be sent
+ only to the clients who is joined on the channel where the target
+ client is on.
+
+ Max Arguments: 3
+ Arguments: (1) <Client ID> (2) <mode mask>
+ (3) <Target Client ID>
+
+ The <Client ID> is the client who changed the mode. The <mode mask>
+ is the new mode mask of the channel. The <Target Client ID> is the
+ client which mode was changed.
+
+
+9 SILC_NOTIFY_TYPE_MOTD
+
+ Sent when Message of the Day (motd) is sent to client.
+
+ Max Arguments: 1
+ Arguments: (1) <motd>
+
+ The <motd> is the Message of the Day.
+
+
+10 SILC_NOTIFY_TYPE_CHANNEL_CHANGE
+
+ Sent when channel's ID has changed for a reason or another. This
+ is sent by normal server to the client. This can also be sent by
+ router to other server to force the Channel ID change. The Channel
+ ID must be changed to use the new one. When sent to clients, this
+ type must be sent only to the clients who is joined on the channel.
+
+ Max Arguments: 2
+ Arguments: (1) <Old Channel ID> (2) <New Channel ID>
+
+ The <Old Channel ID> is the channel's old ID and the <New Channel ID>
+ is the new one that must replace the old one.
+
+
+11 SILC_NOTIFY_TYPE_SERVER_SIGNOFF
+
+ Sent when server quits SILC network. Those clients from this server
+ that are on channels must be removed from the channel.
+
+ Max Arguments: 1
+ Arguments: (1) <Server ID>
+
+ The <Server ID> is the server's ID.
+
+
+12 SILC_NOTIFY_TYPE_KICKED
+
+ Sent when a client has been kicked from a channel. This is sent
+ also to the client who was kicked from the channel. The client
+ who was kicked from the channel must be removed from the channel.
+ This notify type is always destined to the channel. The router or
+ server receiving the packet distributes this type to the local
+ clients on the channel and broadcast it to the network.
+
+ Max Arguments: 2
+ Arguments: (1) <Client ID> (2) [<comment>]
+
+ The <Client ID> is the client who was kicked from the channel.
+ The kicker may have set the <comment> to indicate the reason for
+ the kicking.
+
+
+13 SILC_NOTIFY_TYPE_KILLED
+
+ Sent when a client has been killed from the network. This is sent
+ also to the client who was killed from the network. The client
+ who was killed from the network must be removed from the network.
+ This notify type is destined directly to the client who was killed
+ and to channel if the client is on any channel. The router or
+ server receiving the packet distributes this type to the local
+ clients on the channel and broadcast it to the network.
+
+ Max Arguments: 2
+ Arguments: (1) <Client ID> (2) [<comment>]
+
+ The <Client ID> is the client who was killed from the network.
+ The killer may have set the <comment> to indicate the reason for
+ the killing.
+
+
+14 SILC_NOTIFY_TYPE_UMODE_CHANGE
+
+ Sent when user's mode in the SILC changes. This type is sent only
+ between routers as broadcast packet.
+
+ Max Arguments: 2
+ Arguments: (1) <Client ID> (2) <mode mask>
+
+ The <Client ID> is the client which mode was changed. The <mode mask>
+ is the new mode mask.
+
+
+15 SILC_NOTIFY_TYPE_BAN
+
+ Sent when the ban list of the channel is changed. This type is sent
+ only between routers as broadcast packet.
+
+ Max Arguments: 3
+ Arguments: (1) <Channel ID> (2) [<adding client>]
+ (3) [<removing client>]
+
+ The <Channel ID> is the channel which ban list was changed. The
+ <adding client> is used to indicate the a ban was added and the
+ <removing client> is used to indicate that a ban was removed from
+ the ban list. The format of the <adding client> and the
+ <removing client> is defined in the [SILC1] with SILC_COMMAND_BAN
+ command.
- This type includes three arguments: nickname, server name and
- Channel ID. The Channel ID is sent inside ID Payload.
.in 3
Notify types starting from 16384 are reserved for private notify
.in 3
.ce
-Figure 8: Error Payload
+Figure 11: Error Payload
.in 6
the message.
The payload may only be sent with SILC_PACKET_CHANNEL_MESSAGE packet.
-It must not be sent in any other packet type. Following diagram
+It must not be sent in any other packet type. The following diagram
represents the Channel Message Payload.
(*) indicates that the field is not encrypted.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
.in 5
.nf
1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-| Message Length | |
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
+| Flags | Message Length |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
~ Message Data ~
| |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+~ MAC ~
+| |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+| |
~ Initial Vector * ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
.in 3
.ce
-Figure 9: Channel Message Payload
+Figure 12: Channel Message Payload
.in 6
+o Flags (2 bytes) - Includes the flags of the channel
+ messages. The flags can indicate a reason or purpose
+ for the channel message. Note, that the Private Message
+ Payload use these same flags for the same purpose. The
+ following flags are defined:
+
+ 0x0000 SILC_MESSAGE_FLAG_NONE
+
+ No specific flags set.
+
+ 0x0001 SILC_MESSAGE_FLAG_AUTREPLY
+
+ This message is an automatic reply to a earlier
+ received message.
+
+ 0x0002 SILC_MESSAGE_FLAG_NOREPLY
+
+ There should not be reply messages to this
+ message.
+
+ 0x0004 SILC_MESSAGE_FLAG_ACTION
+
+ The sender is performing an action and the message
+ is the indication of the action.
+
+ 0x0008 SILC_MESSAGE_FLAG_NOTICE
+
+ The message is for example and informational notice
+ type message.
+
+ 0x0010 SILC_MESSAGE_FLAG_REQUEST
+
+ This is a generic request flag to send request
+ messages.
+
+ 0x0020 - 0x0200 RESERVED
+
+ Reserved for future flags
+
+ 0x0400 - 0x8000 PRIVATE RANGE
+
+ Private range for free use.
+
o Message Length (2 bytes) - Indicates the length of the
the Message Data field in the payload, not including any
other field.
applied because this payload is encrypted separately from
other parts of the packet.
+o MAC (variable legnth) - The MAC computed from the
+ Message Length, Message Data, Padding Length and Padding
+ fields. This protects the integrity of the plaintext
+ channel message. The receiver can verify from the MAC
+ whether the message decrypted correctly. Also, if more than
+ one private key has been set for the channel, the receiver
+ can verify which of the keys decrypted the message
+ correctly. Note that, this field is encrypted and must
+ be added to the padding calculation.
+
o Initial Vector (variable length) - The initial vector
that has been used in packet encryption. It needs to be
used in the packet decryption as well. What this field
Channel Key Payload is used to distribute channel keys to all
clients on the particular channel. Channel keys are sent when
the channel is created, when new user joins to the channel and
-whenever a user leaves a channel. Server creates the new
+whenever a user has left a channel. Server creates the new
channel key and distributes it to the clients by encrypting this
payload with the session key shared between the server and
the client. After that, client starts using the key received
in this payload to protect the traffic on the channel.
+The client who is joining to the channel receives its key in the
+SILC_COMMAND_JOIN command reply message thus it is not necessary to
+send this payload to the entity who sent the SILC_COMMAND_JOIN command.
+
Channel keys are cell specific thus every router in cell have
to create a channel key and distribute it if any client in the
cell has joined to a channel. Channel traffic between cell's
are not encrypted using channel keys, they are encrypted using
normal session keys between two routers. Inside a cell, all
channel traffic is encrypted with the specified channel key.
-Channel key should expire peridiocally, say, in one hour, in
+Channel key should expire periodically, say, in one hour, in
which case new channel key is created and distributed.
The payload may only be sent with SILC_PACKET_CHANNEL_KEY packet.
-It must not be sent in any other packet type. Following diagram
+It must not be sent in any other packet type. The following diagram
represents the Channel Key Payload.
+
+
+
+
+
+
+
+
+
+
+
.in 5
.nf
1 2 3
.in 3
.ce
-Figure 10: Channel Key Payload
+Figure 13: Channel Key Payload
this scheme as well.
The payload may only be sent with SILC_PACKET_PRIVATE_MESSAGE
-packet. It must not be sent in any other packet type. Following
+packet. It must not be sent in any other packet type. The following
diagram represents the Private Message Payload.
1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-| Nickname Length | |
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
+| Flags | Nickname Length |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
~ Nickname ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+| Message Data Length | |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
| |
~ Message Data ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+| |
+~ Padding ~
+| |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
.in 3
.ce
-Figure 11: Private Message Payload
+Figure 14: Private Message Payload
.in 6
+o Flags (2 bytes) - This field includes the flags of the
+ private message. They can indicate a different reason or
+ purpose for the private message. See the section 2.3.9
+ Channel Message Payload for defined flags. Note, that
+ the Channel Message Payload use the same flags for the
+ same purpose.
+
o Nickname Length (2 bytes) - Indicates the length of the
Nickname field, not including any other field.
to the Client ID in the SILC Packet Header. This nickname
is merely provided to be displayed by the client.
+o Message Data Length (2 bytes) - Indicates the length of the
+ Message Data field, not includes any other field.
+
o Message Data (variable length) - The actual message to
the client. Rest of the packet is reserved for the message
data.
+
+o Padding (variable length) - This field is present only
+ when the private message payload is encrypted with private
+ message key. In this case the padding is applied to make
+ the packet multiple by eight (8), or by the block size of
+ the cipher, which ever is larger. When encrypted with
+ normal session keys, this field must not be included.
.in 3
flag into SILC Packet Header.
The payload may only be sent with SILC_PACKET_PRIVATE_MESSAGE_KEY
-packet. It must not be sent in any other packet type. Following
+packet. It must not be sent in any other packet type. The following
diagram represents the Private Message Key Payload.
~ Private Message Key ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+| Cipher Name Length | |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
+| |
+~ Cipher Name ~
+| |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
.in 3
.ce
-Figure 12: Private Message Key Payload
+Figure 15: Private Message Key Payload
any other field.
o Private Message Key (variable length) - The actual private
- message key material. This key is used as such as key material
- for encryption function.
+ message key material.
+
+o Cipher Name Length (2 bytes) - Indicates the length of the
+ Cipher Name field in the payload, not including any other
+ field.
+
+o Cipher Name (variable length) - Name of the cipher to use
+ in the private message encryption. If this field does not
+ exist then the default cipher of the SILC protocol is used.
+ See the [SILC1] for defined ciphers.
.in 3
+
.ti 0
2.3.13 Command Payload
Command Payload is used to send SILC commands from client to server.
-Also server may send commands to other servers. Following diagram
+Also server may send commands to other servers. The following diagram
represents the Command Payload.
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Payload Length | SILC Command | Arguments Num |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-| Command Unifier |
+| Command Identifier |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
.in 3
.ce
-Figure 13: Command Payload
+Figure 16: Command Payload
.in 6
payload including any command argument payloads associated
with this payload.
-o SILC Command (1 byte) - SILC Command identifier. This must
+o SILC Command (1 byte) - Indicates the SILC command. This must
be set to non-zero value. If zero (0) value is found in this
field the packet must be discarded.
command payload. See section 2.3.2.2 for definition of the
Argument Payload.
-o Command Unifier (2 bytes) - Unifies this command at the
+o Command Identifier (2 bytes) - Identifies this command at the
sender's end. The entity who replies to this command must
set the value found from this field into the Command Payload
used to send the reply to the sender. This way the sender
can identify which command reply belongs to which originally
sent command. What this field includes is implementation
issue but it is recommended that wrapping counter value is
- used in the field.
+ used in the field. Value zero (0) in this field means that
+ no specific value is set.
.in 3
See [SILC1] for detailed description of different SILC commands,
Exchange Start Payload in [SILC3] for detailed information.
The payload may only be sent with SILC_PACKET_CONNECTION_AUTH_REQUEST
-packet. It must not be sent in any other packet type. Following
+packet. It must not be sent in any other packet type. The following
diagram represents the Connection Auth Request Payload.
.in 3
.ce
-Figure 15: Connection Auth Request Payload
+Figure 17: Connection Auth Request Payload
.in 6
o Connection Type (2 bytes) - Indicates the type of the ID.
- Following connection types are defined:
+ The following connection types are defined:
1 Client connection
2 Server connection
discarded and the authentication must be failed.
o Authentication Method (2 bytes) - Indicates the authentication
- method to be used in the authentication protocol. Following
+ method to be used in the authentication protocol. The following
authentication methods are defined:
This payload is also used when server tells its router that new client
has registered to the SILC network. In this case the server sends
-the Client ID of the client to the router. Similiary when router
+the Client ID of the client to the router. Similary when router
distributes information to other routers about the client in the SILC
network this payload is used.
SILC_PACKET_NEW_SERVER to the router it connected to. The case is same
when router connects to another router.
+However, this payload is not and must not be used to send information
+about new channels. New channels are always distributed by sending the
+dedicated SILC_PACKET_NEW_CHANNEL packet.
+
Hence, this payload is very important and used every time when some
new entity is registered to the SILC network. Client never sends this
payload. Both client and server (and router) may receive this payload.
.ti 0
-2.3.17 New ID List Payload
-
-New ID List Payload is used to distribute list of ID's usually from
-server to router but also from router to other routers in the network.
-This payload is used, for example, when server is connected to router
-and the server wants to distribute all of its locally connected clients
-and locally created channels to the router. It is convenient in this
-case to use this payload instead of sending all the information one
-by one using New ID Payload.
-
-There is no specific payload for this packet type. The packet type
-uses same payload as described in previous section. To form a list
-several payloads is put in the packet each after each. The payload
-is variable in length but can be calculated by calculating the ID
-Type field, Length field and the ID Data fields together. This forms
-one New ID Payload in the list.
-
-The list of payloads may only be sent with SILC_PACKET_NEW_ID_LIST
-packet. They must not be sent in any other packet type.
-
-
-.ti 0
-2.3.18 New Client Payload
+2.3.17 New Client Payload
When client is connected to the server, keys has been exchanged and
connection has been authenticated client must register itself to the
client ID.
The payload may only be sent with SILC_PACKET_NEW_CLIENT packet. It
-must not be sent in any other packet type. Following diagram represents
-the New Client Payload.
+must not be sent in any other packet type. The following diagram
+represents the New Client Payload.
+
.in 5
.in 3
.ce
-Figure 17: New Client Payload
+Figure 18: New Client Payload
.in 6
.ti 0
-2.3.19 New Server Payload
+2.3.18 New Server Payload
This payload is sent by server when it has completed successfully both
key exchange and connection authentication protocols. The server
name of the server that is associated to the Server ID.
The payload may only be sent with SILC_PACKET_NEW_SERVER packet. It
-must not be sent in any other packet type. Following diagram represents
+must not be sent in any other packet type. The following diagram represents
the New Server Payload.
+
+
+
.in 5
.nf
1 2 3
.in 3
.ce
-Figure 18: New Server Payload
+Figure 19: New Server Payload
.in 6
.ti 0
-2.3.20 New Channel Payload
+2.3.19 New Channel Payload
Information about newly created channel is broadcasted to all routers
in the SILC network by sending this packet payload. Channels are
created by router of the cell. Server never creates channels unless
it is a standalone server and it does not have router connection,
-in this case server acts as router. Normal server forwards JOIN command
+in this case server acts as router. Normal server send JOIN command
to the router (after it has received JOIN command from client) which
then processes the command and creates the channel. Client never sends
this packet.
-The payload may only be sent with SILC_PACKET_NEW_CHANNEL packet.
-It must not be sent in any other packet type. Following diagram
-represents the New Channel Payload.
-
-
-.in 5
-.nf
- 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-| Channel Name Length | |
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
-| |
-~ Channel Name ~
-| |
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-| Channel ID Length | |
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
-| |
-~ Channel ID ~
-| |
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-.in 3
-
-.ce
-Figure 19: New Channel Payload
-
-
-
-.in 6
-o Channel Name Length (2 bytes) - Length of the channel name.
-
-o Channel Name (variable length) - The name of the created
- channel.
-
-o Channel ID Length (2 bytes) - Length of the Channel ID.
-
-o Channel ID (variable length) - The created Channel ID.
-.in 3
+The packet uses generic Channel Payload as New Channel Payload. See
+section 2.3.2.3 for generic Channel Payload. The Mode Mask field in the
+Channel Payload is the mode of the channel.
.ti 0
-2.3.21 New Channel User Payload
-
-When client (user) joins to a channel, server must notify routers
-about the new user on the channel. Normal server sends this packet
-payload to its router which then broadcasts the packet further.
-Router sends this packet always to its primary router. Client must
-not send this packet payload. The mode of the user is NONE after
-user has joined to the channel.
-
-The payload may only be sent with SILC_PACKET_NEW_CHANNEL_USER
-packet. It must not be sent in any other packet type. Following
-diagram represents the New Channel User Payload.
+2.3.20 Key Agreement Payload
+
+This payload is used by clients to request key negotiation between
+another client in the SILC Network. The key agreement protocol used
+is the SKE protocol. The result of the protocol, the secret key
+material, can be used for example as private message key between the
+two clients. This significantly adds security as the key agreement
+is performed outside the SILC network. The server and router must not
+send this payload.
+
+The sender may tell the receiver of this payload the hostname and the
+port where the SKE protocol is running in the sender's end. The
+receiver may then initiate the SKE negotiation with the sender. The
+sender may also optionally not to include the hostname and the port
+of its SKE protocol. In this case the receiver may reply to the
+request by sending the same payload filled with the receiver's hostname
+and the port where the SKE protocol is running. The sender may then
+initiate the SKE negotiation with the receiver.
+
+The payload may only be sent with SILC_PACKET_KEY_AGREEMENT packet.
+It must not be sent in any other packet type. The following diagram
+represents the Key Agreement Payload.
.in 5
1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-| Channel ID Length | |
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
-| |
-~ Channel ID ~
-| |
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-| Client ID Length | |
+| Hostname Length | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
| |
-~ Client ID ~
-| |
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-.in 3
-
-.ce
-Figure 20: New Channel User Payload
-
-
-.in 6
-o Channel ID Length (2 bytes) - Length of the Channel ID.
-
-o Channel ID (variable length) - The Channel ID of the channel
- to which the client has joined.
-
-o Client ID Length (2 bytes) - Length of the Client ID.
-
-o Client ID (variable length) - The Client ID of the client
- who has joined the channel.
-.in 3
-
-
-.ti 0
-2.3.22 New Channel List Payload
-
-This payload is used to distribute list of new channels from server
-to routers. It might convenient to send list of new channels when
-existing server connects to router, instead of sending them one
-by one.
-
-There is no specific payload for this packet type. The packet type
-uses same payload as described in 2.3.19 New Channel Payload. To form
-a list several payloads is put in the packet each after each. The
-payload is variable in length but can be calculated by calculating
-the length of the fields together. This forms one New Channel Payload
-in the list.
-
-The list of payloads may only be sent with SILC_PACKET_NEW_CHANNEL_LIST
-packet. They must not be sent in any other packet type.
-
-
-.ti 0
-2.3.23 New Channel User List Payload
-
-This payload is used to distribute list of channel users on specific
-channel from server to routers. It might convenient to send list of
-channel users when existing server connects to router, instead of
-sending them one by one.
-
-There is no specific payload for this packet type. The packet type
-uses same payload as described in 2.3.20 New Channel User Payload.
-To form a list several payloads is put in the packet each after each.
-The payload is variable in length but can be calculated by calculating
-the length of the fields together. This forms one New Channel User
-Payload in the list.
-
-The list of payloads may only be sent with packet
-SILC_PACKET_NEW_CHANNEL_USER_LIST. They must not be sent in any other
-packet type.
-
-
-.ti 0
-2.3.24 Replace ID Payload
-
-This payload is used to replace old ID with new ID sent in the payload.
-When ID changes for some entity and the new ID is wanted to replace the
-old one this payload must be used. Client cannot send or receive this
-payload. Normal server and router server may send and receive this
-payload. After this packet has been sent the old ID must not be used
-anymore.
-
-The payload may only be sent with SILC_PACKET_REPLACE_ID packet. It must
-not be sent in any other packet type. Following diagram represents the
-Replace Payload Payload.
-
-
-
-
-
-
-
-
-
-.in 5
-.nf
- 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-| Old ID Type | Old ID Length |
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-| |
-~ Old ID Data ~
+~ Hostname ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-| New ID Type | New ID Length |
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-| |
-~ New ID Data ~
-| |
+| Port |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
.in 3
.ce
-Figure 21: Replace ID Payload
+Figure 20: Key Agreement Payload
.in 6
-o Old ID Type (2 bytes) - Indicates the type of the old ID. See
- section 2.4 SILC ID Types for list of defined ID types.
-
-o Old ID Length (2 bytes) - Length of the old ID Data area not
- including the length of any other fields in the payload.
-
-o Old ID Data (variable length) - The actual old ID data.
-
-o New ID Type (2 bytes) - Indicates the type of the new ID. See
- section 2.4 SILC ID Types for list of defined ID types.
+o Hostname Length (2 bytes) - Indicates the length of the Hostname
+ field.
-o New ID Length (2 bytes) - Length of the new ID Data area not
- including the length of any other fields in the payload.
+o Hostname (variable length) - The hostname or IP address where
+ the SKE protocol is running. The sender may fill this field
+ when sending the payload. If the receiver sends this payload
+ as reply to the request it must fill this field.
-o New ID Data (variable length) - The actual new ID data.
+o Port (4 bytes) - The port where the SKE protocol is bound.
+ The sender may fill this field when sending the payload. If
+ the receiver sends this payload as reply to the request it
+ must fill this field. This is a 32 bit MSB first order value.
.in 3
-.ti 0
-2.3.25 Remove ID Payload
-
-Remove ID payload is used to remove ID from SILC network. This is used
-for example when client exits SILC network. The server must in this
-case send this payload to notify that this ID is not valid anymore.
-After this has been send the old ID must not be used anymore. Client
-must not send this payload.
-
-The packet uses generic ID Payload as New ID Payload. See section
-2.3.2.1 for generic ID Payload.
+After the key material has been received from the SKE protocol it is
+processed as the [SILC3] describes. If the key material is used as
+channel private key then the Sending Encryption Key, as defined in
+[SILC3] is used as the channel private key. Other key material must
+be discarded. The [SILC1] defines the way to use the key material if
+it is intended to be used as private message keys. Any other use for
+the key material is undefined.
.ti 0
-2.3.26 Remove Channel User Payload
+2.3.21 Cell Routers Payload
-Remove Channel User payload is used to remove a user from a channel network
-wide. This is used by routers to notify other routers that a user has
-leaved a channel. As routers keep information about users on channels a
-user leaving channel must be removed from all routers. Normal server may
-send this payload as well. Client must not send this payload.
-
-The payload may only be sent with SILC_PACKET_REMOVE_CHANNEL USER packet.
-It must not be sent in any other packet type. Following diagram
-represents the Remove Payload Payload.
+Cell Routers payload is used by router to notify its primary router what
+other routers exist in the cell. The other routers are considered to be
+backup routers and one of them will come active only in the case of
+failure of the primary router. Normal server can send this packet if it
+is acting as backup router. Client must not send this packet. To send
+more than one backup router set the List flag and assemble the payloads
+as list.
+The payload may only be sent with SILC_PACKET_CELL_ROUTERS packet. It
+must not be sent in any other packet type. The Following diagram
+represents the Cell Routers Payload.
+
.in 5
.nf
1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-| Client ID Length | |
+| Hostname Length | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
| |
-~ Client ID Data ~
+~ Hostname ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-| Channel ID Length | |
+| Port |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+| Server ID Length | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
| |
-~ Channel ID Data ~
+~ Server ID ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
.in 3
.ce
-Figure 23: Remove Channel User Payload
+Figure 21: Cell Routers Payload
.in 6
-o Client ID Length (2 bytes) - Length of the Client ID Data area
- not including the length of any other fields in the payload.
+o Hostname Length (2 bytes) - Indicates the length of the Hostname
+ field.
-o Client ID Data (variable length) - The Client ID of the user
- that has left the channel.
+o Hostname (variable length) - The hostname or IP address of
+ the backup router.
-o Channel ID Length (2 bytes) - Length of the Channel ID Data area
- not including the length of any other fields in the payload.
+o Port (4 bytes) - The port of the backup router it currently uses.
+ This is a 32 bit MSB first order value.
-o Channel ID Data (variable length) - The Channel ID of the channel
- the user has left.
+o Server ID Length (2 bytes) - Indicates the length of the Server
+ ID field.
+
+o Server ID (variable length) - Consists of the Server ID of the
+ backup router.
.in 3
2.4 SILC ID Types
ID's are extensively used in the SILC network to associate different
-entities. Following ID's has been defined to be used in the SILC
+entities. The following ID's has been defined to be used in the SILC
network.
.in 6
of it, usually first 16 bytes of it. Then the receiver checks the
packet type from the decrypted part of the header and can determine
how the rest of the packet must be decrypted. If the packet type is
-any of the special cases described in following sections the packet
+any of the special cases described in The following sections the packet
decryption is special. If the packet type is not among those special
packet types rest of the packet may be decrypted with the same key.
packet processing is special. Rest of the SILC Packet header is
decrypted with the same session key along with the padding of the
packet. After that the packet is protected with the channel specific
-key and hence can be decrypted only if the receiver is the client on
+key and thus can be decrypted only if the receiver is the client on
the channel. See section 2.7 Packet Padding Generation for more
information about padding on special packets.
cell to another must be protected as it would be any normal SILC
packet.
+If the SILC_CMODE_PRIVKEY channel mode has been set for the channel
+then the router cannot decrypt the packet as it does not know the
+private key. In this case the entire packet is encrypted with the
+session key and sent to the router. The router receiving the packet
+must check the channel mode and decrypt the packet accordingly.
+
.ti 0
2.5.3 Private Message Encryption And Decryption
server or router en route must not decompress the packet.
+
.ti 0
2.9 Packet Sending
2.10 Packet Reception
On packet reception the receiver must check that all fields in the
-SILC Packet Header are valid sain. It must check the flags of the
+SILC Packet Header are valid. It must check the flags of the
header and act accordingly. It must also check the MAC of the packet
and if it is to be failed the packet must be discarded. Also if the
header of the packet includes any bad fields the packet must be
.ti 0
-2.12 Packet Forwarding
-
-Currently SILC command packets may be forwarded from one entity to another.
-Any other packet currently cannot be forwarded but support for more packet
-types may be added if needed. Forwarding is usually used by server to
-forward some command request coming from client to the router as the server
-may be incapable to handle the request. Forwarding may be only one hop
-long; the receiver of the packet with Forwarded flag set in the SILC
-Packet header must not forward the packet any further.
-
-The normal scenario is that client sends JOIN command to the server which
-is not able to create the channel as there are no local clients on the
-channel. Channels are created always by the router of the cell thus the
-packet must be forwarded to the router. The server forwards the original
-packet coming from client to the router after it has set the Forwarded
-flag to the SILC Packet header.
-
-Router receiving the packet knows that the packet has to be processed
-specially by checking the flags and the Forwarded flag in the SILC Packet
-header. After router has joined the client to the channel (and perhaps
-created a new channel) it sends normal command reply packet to the
-client. However, as the router doesn't have direct connection to the
-client the packet is sent through the server. Server detects that
-the command reply packet is destined to the client and sends it to
-the client.
-
-
-.ti 0
-2.13 Packet Broadcasting
+2.12 Packet Broadcasting
SILC packets may be broadcasted in SILC network. However, only router
server may send or receive broadcast packets. Client and normal server
.ti 0
-2.14 Packet Tunneling
+2.13 Packet Tunneling
Tunneling is a feature that is available in SILC protocol. Tunneling
means that extra SILC Packet Header is applied to the original packet
3 Security Considerations
Security is central to the design of this protocol, and these security
-considerations permeate the specification.
+considerations permeate the specification. Common security considerations
+such as keeping private keys truly private and using adequate lengths for
+symmetric and asymmetric keys must be followed in order to maintain the
+security of this protocol.
.ti 0
[IRC] Oikarinen, J., and Reed D., "Internet Relay Chat Protocol",
RFC 1459, May 1993.
+[IRC-ARCH] Kalt, C., "Internet Relay Chat: Architecture", RFC 2810,
+ April 2000.
+
+[IRC-CHAN] Kalt, C., "Internet Relay Chat: Channel Management", RFC
+ 2811, April 2000.
+
+[IRC-CLIENT] Kalt, C., "Internet Relay Chat: Client Protocol", RFC
+ 2812, April 2000.
+
+[IRC-SERVER] Kalt, C., "Internet Relay Chat: Server Protocol", RFC
+ 2813, April 2000.
+
[SSH-TRANS] Ylonen, T., et al, "SSH Transport Layer Protocol",
Internet Draft.
Key Management Protocol (ISAKMP)", RFC 2408, November
1998.
-[IKE] Harkins D., and Carrel D., "The Internet Key Exhange
+[IKE] Harkins D., and Carrel D., "The Internet Key Exchange
(IKE)", RFC 2409, November 1998.
[HMAC] Krawczyk, H., "HMAC: Keyed-Hashing for Message
Authentication", RFC 2104, February 1997.
+[PKCS1] Kalinski, B., and Staddon, J., "PKCS #1 RSA Cryptography
+ Specifications, Version 2.0", RFC 2437, October 1998.
+
.ti 0
5 Author's Address
EMail: priikone@poseidon.pspt.fi
-This Internet-Draft expires 13 May 2001
+This Internet-Draft expires 6 Jun 2001
projects / crypto.git / blobdiff