2.3.17 New Client Payload ................................. 31
2.3.18 New Server Payload ................................. 32
2.3.19 New Channel Payload ................................ 33
+ 2.3.20 Key Agreement Payload .............................. XXX
2.4 SILC ID Types ............................................. 39
2.5 Packet Encryption And Decryption .......................... 39
2.5.1 Normal Packet Encryption And Decryption ............. 39
This packet must not be sent as list and the List flag must
not be set.
- Payload of the packet: See section 2.3.19 New Client Payload
+ Payload of the packet: See section 2.3.17 New Client Payload
20 SILC_PACKET_NEW_SERVER
This packet must not be sent as list and the List flag must
not be set.
- Payload of the packet: See section 2.3.20 New Server Payload
+ Payload of the packet: See section 2.3.18 New Server Payload
21 SILC_PACKET_NEW_CHANNEL
packet. This packet maybe sent to entity that is indirectly
connected to the sender.
- Payload of the packet: See section 2.3.21 New Channel Payload
+ Payload of the packet: See section 2.3.19 New Channel Payload
22 SILC_PACKET_REKEY
not be set.
- 25 - 199
+ 25 SILC_PACKET_KEY_AGREEMENT
+
+ This packet is used by clients to request key negotiation
+ between another client in the SILC network. If the negotiation
+ is started it is performed using the SKE protocol. The result of
+ the negotiation, the secret key material, can be used for
+ example as private message key. The server and router must not
+ send this packet.
+
+ Payload of the packet: See section 2.3.20 Key Agreement Payload
+
+
+ 26 - 199
Currently undefined commands.
.ti 0
-2.3.18 New Client Payload
+2.3.17 New Client Payload
When client is connected to the server, keys has been exchanged and
connection has been authenticated client must register itself to the
.ti 0
-2.3.19 New Server Payload
+2.3.18 New Server Payload
This payload is sent by server when it has completed successfully both
key exchange and connection authentication protocols. The server
.ti 0
-2.3.20 New Channel Payload
+2.3.19 New Channel Payload
Information about newly created channel is broadcasted to all routers
in the SILC network by sending this packet payload. Channels are
represents the New Channel Payload.
-
-
.in 5
.nf
1 2 3
.in 3
+.ti 0
+2.3.20 Key Agreement Payload
+
+This payload is used by clients to request key negotiation between
+another client in the SILC Network. The key agreement protocol used
+is the SKE protocol. The result of the protocol, the secret key
+material, can be used for example as private message key between the
+two clients. This significantly adds security as the key agreement
+is performed outside the SILC network. The server and router must not
+send this payload.
+
+The sender may tell the receiver of this payload the hostname and the
+port where the SKE protocol is running in the sender's end. The
+receiver may then initiate the SKE negotiation with the sender. The
+sender may also optionally not to include the hostname and the port
+of its SKE protocol. In this case the receiver may reply to the
+request by sending the same payload filled with the receiver's hostname
+and the port where the SKE protocol is running. The sender may then
+initiate the SKE negotiation with the receiver.
+
+The payload may only be sent with SILC_PACKET_KEY_AGREEMENT packet.
+It must not be sent in any other packet type. The following diagram
+represents the Key Agreement Payload.
+
+
+.in 5
+.nf
+ 1 2 3
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+| Hostname Length | |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
+| |
+~ Hostname ~
+| |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+| Port |
++-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+.in 3
+
+.ce
+Figure 20: Key Agreement Payload
+
+
+
+.in 6
+o Hostname Length (2 bytes) - Indicates the length of the Hostname
+ field.
+
+o Hostname (variable length) - The hostname or IP address where
+ the SKE protocol is running. The sender may fill this field
+ when sending the payload. If the receiver sends this payload
+ as reply to the request it must fill this field.
+
+o Port (4 bytes) - The port where the SKE protocol is bound.
+ The sender may fill this field when sending the payload. If
+ the receiver sends this payload as reply to the request it
+ must fill this field. This is a 32 bit MSB first order value.
+.in 3
+
+
.ti 0
2.4 SILC ID Types
return ret;
}
+
+/******************************************************************************
+
+ Key Agreement Payload
+
+******************************************************************************/
+
+/* The Key Agreement protocol structure */
+struct SilcKeyAgreementPayloadStruct {
+ unsigned short hostname_len;
+ unsigned char *hostname;
+ unsigned int port;
+};
+
+/* Parses and returns an allocated Key Agreement payload. */
+
+SilcKeyAgreementPayload silc_key_agreement_payload_parse(SilcBuffer buffer)
+{
+ SilcKeyAgreementPayload new;
+ int ret;
+
+ SILC_LOG_DEBUG(("Parsing Key Agreement Payload"));
+
+ new = silc_calloc(1, sizeof(*new));
+
+ /* Parse the payload */
+ ret = silc_buffer_unformat(buffer,
+ SILC_STR_UI16_NSTRING_ALLOC(&new->hostname,
+ &new->hostname_len),
+ SILC_STR_UI_INT(&new->port),
+ SILC_STR_END);
+ if (ret == -1) {
+ silc_free(new);
+ return NULL;
+ }
+
+ return new;
+}
+
+/* Encodes the Key Agreement protocol and returns the encoded buffer */
+
+SilcBuffer silc_key_agreement_payload_encode(char *hostname,
+ unsigned int port)
+{
+ SilcBuffer buffer;
+ unsigned int len = strlen(hostname);
+
+ SILC_LOG_DEBUG(("Encoding Key Agreement Payload"));
+
+ buffer = silc_buffer_alloc(2 + len + 4);
+ silc_buffer_pull_tail(buffer, SILC_BUFFER_END(buffer));
+ silc_buffer_format(buffer,
+ SILC_STR_UI_SHORT(len),
+ SILC_STR_UI_XNSTRING(hostname, len),
+ SILC_STR_UI_INT(port),
+ SILC_STR_END);
+
+ return buffer;
+}
+
+/* Frees the Key Agreement protocol */
+
+void silc_key_agreement_payload_free(SilcKeyAgreementPayload payload)
+{
+ if (payload) {
+ silc_free(payload->hostname);
+ silc_free(payload);
+ }
+}
+
+/* Returns the hostname in the payload */
+
+char *silc_key_agreement_get_hostname(SilcKeyAgreementPayload payload)
+{
+ return payload->hostname;
+}
+
+/* Returns the port in the payload */
+
+unsigned int silc_key_agreement_get_port(SilcKeyAgreementPayload payload)
+{
+ return payload->port;
+}
/* Forward declaration of the Authentication Payload */
typedef struct SilcAuthPayloadStruct *SilcAuthPayload;
+/* Forward declaration of the Key Agreement Payload */
+typedef struct SilcKeyAgreementPayloadStruct *SilcKeyAgreementPayload;
+
/* Authentication method type */
typedef unsigned short SilcAuthMethod;
int silc_auth_public_key_auth_verify_data(SilcBuffer payload,
SilcPKCS pkcs, SilcHash hash,
void *id, SilcIdType type);
+SilcKeyAgreementPayload silc_key_agreement_payload_parse(SilcBuffer buffer);
+SilcBuffer silc_key_agreement_payload_encode(char *hostname,
+ unsigned int port);
+void silc_key_agreement_payload_free(SilcKeyAgreementPayload payload);
+char *silc_key_agreement_get_hostname(SilcKeyAgreementPayload payload);
+unsigned int silc_key_agreement_get_port(SilcKeyAgreementPayload payload);
#endif
projects / silc.git / commitdiff