.ds RF FORMFEED[Page %]
.ds CF
.ds LH Internet Draft
-.ds RH XXX
+.ds RH 13 November 2001
.ds CH
.na
.hy 0
.in 0
.nf
-Network Working Group P. Riikonen
+Network Working Group P. Riikonen
Internet-Draft
-draft-riikonen-silc-pp-04.txt XXX
-Expires: XXX
+draft-riikonen-silc-pp-04.txt 13 November 2001
+Expires: 13 May 2002
.in 3
-
.ti 0
Table of Contents
2.3 SILC Packet Types ......................................... 7
2.3.1 SILC Packet Payloads ................................ 16
2.3.2 Generic payloads .................................... 16
- 2.3.2.1 ID Payload .................................. 16
- 2.3.2.2 Argument Payload ............................ 17
+ 2.3.2.1 ID Payload .................................. 17
+ 2.3.2.2 Argument Payload ............................ 18
2.3.2.3 Channel Payload ............................. 18
2.3.2.4 Public Key Payload .......................... 19
- 2.3.3 Disconnect Payload .................................. 19
- 2.3.4 Success Payload ..................................... 19
- 2.3.5 Failure Payload ..................................... 20
- 2.3.6 Reject Payload ...................................... 21
+ 2.3.3 Disconnect Payload .................................. 20
+ 2.3.4 Success Payload ..................................... 21
+ 2.3.5 Failure Payload ..................................... 21
+ 2.3.6 Reject Payload ...................................... 22
2.3.7 Notify Payload ...................................... 22
- 2.3.8 Error Payload ....................................... 21
- 2.3.9 Channel Message Payload ............................. 28
- 2.3.10 Channel Key Payload ................................ 31
- 2.3.11 Private Message Payload ............................ 33
- 2.3.12 Private Message Key Payload ........................ 34
- 2.3.13 Command Payload .................................... 36
- 2.3.14 Command Reply Payload .............................. 37
- 2.3.15 Connection Auth Request Payload .................... 37
- 2.3.16 New ID Payload ..................................... 38
- 2.3.17 New Client Payload ................................. 39
- 2.3.18 New Server Payload ................................. 40
- 2.3.19 New Channel Payload ................................ 41
- 2.3.20 Key Agreement Payload .............................. 42
- 2.3.21 Resume Router Payload .............................. 43
- 2.3.22 File Transfer Payload .............................. 43
- 2.4 SILC ID Types ............................................. 44
- 2.5 Packet Encryption And Decryption .......................... 44
- 2.5.1 Normal Packet Encryption And Decryption ............. 45
- 2.5.2 Channel Message Encryption And Decryption ........... 45
- 2.5.3 Private Message Encryption And Decryption ........... 46
- 2.6 Packet MAC Generation ..................................... 47
- 2.7 Packet Padding Generation ................................. 47
- 2.8 Packet Compression ........................................ 48
- 2.9 Packet Sending ............................................ 48
- 2.10 Packet Reception ......................................... 49
- 2.11 Packet Routing ........................................... 49
- 2.12 Packet Broadcasting ...................................... 50
-3 Security Considerations ....................................... 50
-4 References .................................................... 50
-5 Author's Address .............................................. 52
+ 2.3.8 Error Payload ....................................... 28
+ 2.3.9 Channel Message Payload ............................. 29
+ 2.3.10 Channel Key Payload ................................ 32
+ 2.3.11 Private Message Payload ............................ 34
+ 2.3.12 Private Message Key Payload ........................ 35
+ 2.3.13 Command Payload .................................... 37
+ 2.3.14 Command Reply Payload .............................. 38
+ 2.3.15 Connection Auth Request Payload .................... 38
+ 2.3.16 New ID Payload ..................................... 39
+ 2.3.17 New Client Payload ................................. 40
+ 2.3.18 New Server Payload ................................. 41
+ 2.3.19 New Channel Payload ................................ 42
+ 2.3.20 Key Agreement Payload .............................. 43
+ 2.3.21 Resume Router Payload .............................. 44
+ 2.3.22 File Transfer Payload .............................. 44
+ 2.4 SILC ID Types ............................................. 46
+ 2.5 Packet Encryption And Decryption .......................... 46
+ 2.5.1 Normal Packet Encryption And Decryption ............. 46
+ 2.5.2 Channel Message Encryption And Decryption ........... 47
+ 2.5.3 Private Message Encryption And Decryption ........... 48
+ 2.6 Packet MAC Generation ..................................... 48
+ 2.7 Packet Padding Generation ................................. 49
+ 2.8 Packet Compression ........................................ 50
+ 2.9 Packet Sending ............................................ 50
+ 2.10 Packet Reception ......................................... 51
+ 2.11 Packet Routing ........................................... 51
+ 2.12 Packet Broadcasting ...................................... 52
+3 Security Considerations ....................................... 53
+4 References .................................................... 53
+5 Author's Address .............................................. 54
.ti 0
List of Figures
SILC Header is always the first part of the packet and its purpose
is to provide information about the packet. It provides for example
the packet type, origin of the packet and the destination of the packet.
-The header is variable in length and first two (2) bytes of the
-header (thus first two bytes of the packet) are not encrypted. The
-first two (2) bytes are the length of the packet which is not encrypted.
-See the following section for description of SILC Packet header. Packets
-without SILC header or with malformed SILC header MUST be dropped.
+The header is variable in length. See the following section for
+description of SILC Packet header. Packets without SILC header or
+with malformed SILC header MUST be dropped.
Padding follows the packet header. The purpose of the padding is to
make the packet multiple by eight (8) or by the block size of the
cipher used in the encryption, which ever is larger. The maximum
-length of padding is currently 16 bytes. The padding is always
-encrypted.
+length of padding is currently 128 bytes. The padding is always
+encrypted. The padding is applied always, even if the packet is
+not encrypted. See the section 2.7 Padding Generation for more
+detailed information.
Data payload area follows padding and it is the actual data of the
packet. The packet data is the packet payloads defined in this
uses the packet header to parse the packet and gain other relevant
parameters of the packet.
-The following diagram represents the SILC packet header. (*) indicates
-that this field is never encrypted. Other fields are always encrypted.
+The following diagram represents the SILC packet header.
.in 5
.nf
1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-| Payload Length * | Flags | Packet Type |
+| Payload Length | Flags | Packet Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-| Source ID Length | Destination ID Length |
+| Pad Length | RESERVED | Source ID Len | Dest ID Len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Src ID Type | |
+-+-+-+-+-+-+-+-+ +
.in 6
o Payload Length (2 bytes) - Is the length of the packet
- not including the padding of the packet. This field must
- not be encrypted but must always be authenticated.
+ not including the padding of the packet.
o Flags (1 byte) - Indicates flags to be used in packet
processing. Several flags may be set by ORing the flags
uses this field to parse the packet. See section 2.3
SILC Packets for list of defined packet types.
-o Source ID Length (2 bytes) - Indicates the length of the
+o Pad Length (1 byte) - Indicates the length of the padding
+ applied after the SILC Packet header. Maximum length for
+ padding is 128 bytes.
+
+o RESERVED (1 byte) - Reserved field and must include a
+ zero (0) value.
+
+o Source ID Length (1 byte) - Indicates the length of the
Source ID field in the header, not including this or any
other fields.
-o Destination ID Length (2 bytes) - Indicates the length of the
+o Destination ID Length (1 byte) - Indicates the length of the
Destination ID field in the header, not including this or
any other fields.
ID that indicates which is the end receiver of the packet.
+
.ti 0
2.3 SILC Packet Types
Payload
+
+
13 SILC_PACKET_KEY_EXCHANGE
This packet is used to start SILC Key Exchange Protocol,
This payload can be used to send an ID. ID's are variable in length
thus this payload provides a way to send variable length ID's.
-
-
-
-
-
-
-
-
-
-
-
The following diagram represents the ID Payload.
.in 5
the packet payload needing the arguments. Incorrect amount of argument
payloads MUST cause rejection of the packet.
+
+
+
+
+
+
The following diagram represents the Argument Payload.
.in 5
The following diagram represents the Channel Payload.
+
+
+
+
+
+
+
+
+
+
.in 5
.nf
1 2 3
The following diagram represents the Public Key Payload.
+
+
+
.in 5
.nf
1 2 3
not be sent in any other packet type. The following diagram represents
the Notify Payload.
+
+
+
.in 5
.nf
1 2 3
server that are on channels must be removed from the channel.
Max Arguments: 2000
- Arguments: (1) <Server ID> (n) [<Client ID> [...]
+ Arguments: (1) <Server ID> (n) [<Client ID>] [...]
The <Server ID> is the server's ID. The rest of the arguments
are the Client ID's of the client's which are coming from this
maximum number of arguments are reached another
SILC_NOTIFY_TYPE_SERVER_SIGNOFF notify packet MUST be sent.
When this notify packet is sent between routers the Client ID's
- MAY be omitted.
+ MAY be omitted. Server receiving the Client ID's in the payload
+ may use them directly to remove the client.
12 SILC_NOTIFY_TYPE_KICKED
diagram represents the Private Message Payload.
+
+
+
+
+
+
.in 5
.nf
1 2 3
.in 3
+
+
.ti 0
2.4 SILC ID Types
this ID in [SILC1].
.in 3
+When encoding different IDs into the ID Payload, all fields are always
+in MSB first order. The IP address, port, and/or the random number
+are encoded in the MSB first order.
+
.ti 0
2.5 Packet Encryption And Decryption
decryption is special. If the packet type is not among those special
packet types rest of the packet can be decrypted with the same key.
-Also, note that two bytes of the SILC Packet header are not encrypted
-thus it must be noticed in the decryption process by starting the
-decryption from the second byte of the header. This sets some rules
-to padding generation as well, see the section 2.7 Packet Padding
-Generation.
-
With out a doubt, this sort of decryption processing causes some
overhead to packet decryption, but never the less, is required.
The MAC key is negotiated during the SKE protocol. The sequence number
is a 32 bit MSB first value starting from zero for first packet and
increasing for subsequent packets, finally wrapping after 2^32 packets.
-The value is never reset, not even after rekey has been performed.
+The value is never reset, not even after rekey has been performed. Note
+that the sequence number is incremented only when MAC is computed for a
+packet. If packet is not encrypted and MAC is not computed then the
+sequence number is not incremented. Hence, the sequence number is zero
+for first encrypted packet.
See [SILC1] for defined and allowed MAC algorithms.
For normal packets the padding is added after the SILC Packet Header
and between the Data Payload area. The padding for normal packets
-are calculated as follows:
+may be calculated as follows:
.in 6
-padding length = 16 - ((packet length - 2) mod 16)
+padding length = 16 - (packet_length mod block_size)
.in 3
-The 16 is the maximum padding allowed in SILC packet. Two (2) is
-subtracted from the true length of the packet because two (2) bytes
-is not encrypted in SILC Packet Header, see section 2.2 SILC Packet
-Header. Those two bytes that are not encrypted MUST NOT be calculated
-to the padding length.
+The `block_size' is the block size of the cipher. The maximum padding
+length is 128 bytes, and minimum is 1 byte. The above algorithm calculates
+the padding to the next block size, and always returns the padding
+length between 1 - 16 bytes. However, implementations may add padding
+up to 128 bytes. For example packets that include a passphrase or a
+password for authentication purposes SHOULD pad the packet up to the
+maximum padding length.
-For special packets the padding calculation MAY be different as special
+For special packets the padding calculation is different as special
packets may be encrypted differently. In these cases the encrypted
data area MUST already be multiple by the block size thus in this case
the padding is calculated only for SILC Packet Header, not for any
other area of the packet. The same algorithm works in this case as
well, except that the `packet length' is now the SILC Packet Header
-length. In this case, as well, two (2) is subtracted from the
-length.
+length.
The padding MUST be random data, preferably, generated by
cryptographically strong random number generator.
destination does not exist in router's route cache the packet MUST be
routed to the primary route (default route).
+However, there are some issues when routing channel messages to group
+of users. Routers are responsible of routing the channel message to
+other routers, local servers and local clients as well. Routers MUST
+send the channel message to only one router in the network, preferrably
+to the shortest route to reach the channel users. The message can be
+routed into either upstream or downstream. After the message is sent
+to a router in the network it MUST NOT be sent to any other router in
+either same route or other route. The message MUST NOT be routed to
+the router it came from.
+
+When routing for example private messages they should be routed to the
+shortest route always to reach the destination client as fast as possible.
+
For server which receives a packet to be routed to its locally connected
client the server MUST check whether the particular packet type is
allowed to be routed to the client. Not all packets may be sent by
server cannot send, for example, disconnect packet to client that is not
directly connected to the server.
+Routers form a ring in the SILC network. However, routers may have other
+direct connections to other routers in the network too. This can cause
+interesting routing problems in the network. Since the network is a ring,
+the packets usually should be routed into counter clock-wise direction,
+or if it cannot be used then always clock-wise (primary route) direction.
+Problems may arise when a faster direct route exists and router is routing
+a channel message. Currently channel messages must be routed either
+in upstream or downstream, they cannot be routed to other direct routes.
+The SILC protocol should have a shortest path discovery protocol, and some
+existing routing protocol, that can handle a ring network with other
+direct routes inside the ring (so called hybrid ring-mesh topology),
+MAY be defined to be used with the SILC protocol. Additional
+specifications MAY be written on the subject to permeate this
+specification.
+
.ti 0
2.12 Packet Broadcasting
[RFC2119] Bradner, S., "Key Words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
+[SFTP] Ylonen T., and Lehtinen S., "Secure Shell File Transfer
+ Protocol", Internet Draft, March 2001.
.ti 0
5 Author's Address
EMail: priikone@silcnet.org
-This Internet-Draft expires XXX
+This Internet-Draft expires 13 May 2002
projects / crypto.git / blobdiff