1 .pl 10.0i
2 .po 0
3 .ll 7.2i
4 .lt 7.2i
5 .nr LL 7.2i
6 .nr LT 7.2i
7 .ds LF Riikonen
8 .ds RF FORMFEED[Page %]
9 .ds CF
10 .ds LH Internet Draft
11 .ds RH 21 August 2001
12 .ds CH
13 .na
14 .hy 0
15 .in 0
16 .nf
17 Network Working Group P. Riikonen
18 Internet-Draft
19 draft-riikonen-silc-pp-03.txt 21 August 2001
20 Expires: 21 February 2002
21
22 .in 3
23
24 .ce 2
25 SILC Packet Protocol
26 <draft-riikonen-silc-pp-03.txt>
27
28 .ti 0
29 Status of this Memo
30
31 This document is an Internet-Draft and is in full conformance with
32 all provisions of Section 10 of RFC 2026. Internet-Drafts are
33 working documents of the Internet Engineering Task Force (IETF), its
34 areas, and its working groups. Note that other groups may also
35 distribute working documents as Internet-Drafts.
36
37 Internet-Drafts are draft documents valid for a maximum of six months
38 and may be updated, replaced, or obsoleted by other documents at any
39 time. It is inappropriate to use Internet-Drafts as reference
40 material or to cite them other than as "work in progress."
41
42 The list of current Internet-Drafts can be accessed at
43 http://www.ietf.org/ietf/1id-abstracts.txt
44
45 The list of Internet-Draft Shadow Directories can be accessed at
46 http://www.ietf.org/shadow.html
47
48 The distribution of this memo is unlimited.
49
50
51 .ti 0
52 Abstract
53
54 This memo describes a Packet Protocol used in the Secure Internet Live
55 Conferencing (SILC) protocol, specified in the Secure Internet Live
56 Conferencing, Protocol Specification Internet Draft [SILC1]. This
57 protocol describes the packet types and packet payloads which defines
58 the contents of the packets. The protocol provides secure binary packet
59 protocol that assures that the contents of the packets are secured and
60 authenticated.
61
62
63
64
65
66
67
68
69
70 .ti 0
71 Table of Contents
72
73 .nf
74 1 Introduction .................................................. 3
75 1.1 Requirements Terminology .................................. 4
76 2 SILC Packet Protocol .......................................... 4
77 2.1 SILC Packet ............................................... 4
78 2.2 SILC Packet Header ........................................ 5
79 2.3 SILC Packet Types ......................................... 7
80 2.3.1 SILC Packet Payloads ................................ 16
81 2.3.2 Generic payloads .................................... 16
82 2.3.2.1 ID Payload .................................. 16
83 2.3.2.2 Argument Payload ............................ 17
84 2.3.2.3 Channel Payload ............................. 18
85 2.3.2.4 Public Key Payload .......................... 19
86 2.3.3 Disconnect Payload .................................. 19
87 2.3.4 Success Payload ..................................... 19
88 2.3.5 Failure Payload ..................................... 20
89 2.3.6 Reject Payload ...................................... 21
90 2.3.7 Notify Payload ...................................... 22
91 2.3.8 Error Payload ....................................... 21
92 2.3.9 Channel Message Payload ............................. 28
93 2.3.10 Channel Key Payload ................................ 31
94 2.3.11 Private Message Payload ............................ 33
95 2.3.12 Private Message Key Payload ........................ 34
96 2.3.13 Command Payload .................................... 36
97 2.3.14 Command Reply Payload .............................. 37
98 2.3.15 Connection Auth Request Payload .................... 37
99 2.3.16 New ID Payload ..................................... 38
100 2.3.17 New Client Payload ................................. 39
101 2.3.18 New Server Payload ................................. 40
102 2.3.19 New Channel Payload ................................ 41
103 2.3.20 Key Agreement Payload .............................. 42
104 2.3.21 Cell Routers Payload ............................... 43
105 2.4 SILC ID Types ............................................. 44
106 2.5 Packet Encryption And Decryption .......................... 44
107 2.5.1 Normal Packet Encryption And Decryption ............. 45
108 2.5.2 Channel Message Encryption And Decryption ........... 45
109 2.5.3 Private Message Encryption And Decryption ........... 46
110 2.6 Packet MAC Generation ..................................... 47
111 2.7 Packet Padding Generation ................................. 47
112 2.8 Packet Compression ........................................ 48
113 2.9 Packet Sending ............................................ 48
114 2.10 Packet Reception ......................................... 49
115 2.11 Packet Routing ........................................... 49
116 2.12 Packet Broadcasting ...................................... 50
117 3 Security Considerations ....................................... 50
118 4 References .................................................... 50
119 5 Author's Address .............................................. 52
120
121 .ti 0
122 List of Figures
123
124 .nf
125 Figure 1: Typical SILC Packet
126 Figure 2: SILC Packet Header
127 Figure 3: ID Payload
128 Figure 4: Argument Payload
129 Figure 5: Channel Payload
130 Figure 6: Public Key Payload
131 Figure 7: Disconnect Payload
132 Figure 8: Success Payload
133 Figure 9: Failure Payload
134 Figure 10: Reject Payload
135 Figure 11: Notify Payload
136 Figure 12: Error Payload
137 Figure 13: Channel Message Payload
138 Figure 14: Channel Key Payload
139 Figure 15: Private Message Payload
140 Figure 16: Private Message Key Payload
141 Figure 17: Command Payload
142 Figure 18: Connection Auth Request Payload
143 Figure 19: New Client Payload
144 Figure 20: New Server Payload
145 Figure 21: Key Agreement Payload
146 Figure 22: Cell Routers Payload
147
148
149 .ti 0
150 1. Introduction
151
152 This document describes a Packet Protocol used in the Secure Internet
153 Live Conferencing (SILC) protocol specified in the Secure Internet Live
154 Conferencing, Protocol Specification Internet Draft [SILC1]. This
155 protocol describes the packet types and packet payloads which defines
156 the contents of the packets. The protocol provides secure binary packet
157 protocol that assures that the contents of the packets are secured and
158 authenticated.
159
160 The basis of SILC protocol relies in the SILC packets and it is with
161 out a doubt the most important part of the protocol. It is also probably
162 the most complicated part of the protocol. Packets are used all the
163 time in the SILC network to send messages, commands and other information.
164 All packets in SILC network are always encrypted and their integrity
165 is assured by computed MACs. The protocol defines several packet types
166 and packet payloads. Each packet type usually has a specific packet
167 payload that actually defines the contents of the packet. Each packet
168 also includes a default SILC Packet Header that provides sufficient
169 information about the origin of the packet and destination of the
170 packet.
171
172
173 .ti 0
174 1.1 Requirements Terminology
175
176 The keywords MUST, MUST NOT, REQUIRED, SHOULD, SHOULD NOT, RECOMMENDED,
177 MAY, and OPTIONAL, when they appear in this document, are to be
178 interpreted as described in [RFC2119].
179
180
181 .ti 0
182 2 SILC Packet Protocol
183
184 .ti 0
185 2.1 SILC Packet
186
187 SILC packets deliver messages from sender to receiver securely by
188 encrypting important fields of the packet. The packet consists of
189 default SILC Packet Header, Padding, Packet Payload data, and, packet
190 MAC.
191
192 The following diagram illustrates typical SILC packet.
193
194
195 .in 5
196 .nf
197 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
198 | n bytes | 1 - n bytes | n bytes | n bytes
199 | SILC Header | Padding | Data Payload | MAC
200 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
201 .in 3
202
203 .ce
204 Figure 1: Typical SILC Packet
205
206
207 SILC Header is always the first part of the packet and its purpose
208 is to provide information about the packet. It provides for example
209 the packet type, origin of the packet and the destination of the packet.
210 The header is variable in length and first two (2) bytes of the
211 header (thus first two bytes of the packet) are not encrypted. The
212 first two (2) bytes are the length of the packet which is not encrypted.
213 See the following section for description of SILC Packet header. Packets
214 without SILC header or with malformed SILC header MUST be dropped.
215
216 Padding follows the packet header. The purpose of the padding is to
217 make the packet multiple by eight (8) or by the block size of the
218 cipher used in the encryption, which ever is larger. The maximum
219 length of padding is currently 16 bytes. The padding is always
220 encrypted.
221
222 Data payload area follows padding and it is the actual data of the
223 packet. The packet data is the packet payloads defined in this
224 protocol. The data payload area is always encrypted.
225
226 The last part of SILC packet is the packet MAC that assures the
227 integrity of the packet. The MAC is always computed from the packet
228 before the encryption is applied to the packet. If compression is used
229 in the packet the MAC is computed after the compression has been
230 applied. The compression, on the other hand, is always applied before
231 encryption.
232
233 All fields in all packet payloads are always in MSB (most significant
234 byte first) order.
235
236
237 .ti 0
238 2.2 SILC Packet Header
239
240 The SILC packet header is applied to all SILC packets and it is
241 variable in length. The purpose of SILC Packet header is to provide
242 detailed information about the packet. The receiver of the packet
243 uses the packet header to parse the packet and gain other relevant
244 parameters of the packet.
245
246 The following diagram represents the SILC packet header. (*) indicates
247 that this field is never encrypted. Other fields are always encrypted.
248
249 .in 5
250 .nf
251 1 2 3
252 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
253 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
254 | Payload Length * | Flags | Packet Type |
255 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
256 | Source ID Length | Destination ID Length |
257 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
258 | Src ID Type | |
259 +-+-+-+-+-+-+-+-+ +
260 | |
261 ~ Source ID ~
262 | |
263 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
264 | Dst ID Type | |
265 +-+-+-+-+-+-+-+-+ +
266 | |
267 ~ Destination ID ~
268 | |
269 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
270 .in 3
271
272 .ce
273 Figure 2: SILC Packet Header
274
275
276 .in 6
277 o Payload Length (2 bytes) - Is the length of the packet
278 not including the padding of the packet. This field must
279 not be encrypted but must always be authenticated.
280
281 o Flags (1 byte) - Indicates flags to be used in packet
282 processing. Several flags may be set by ORing the flags
283 together.
284
285 The following flags are reserved for this field:
286
287
288 No flags 0x00
289
290 In this case the field is ignored.
291
292
293 Private Message Key 0x01
294
295 Indicates that the packet must include private
296 message that is encrypted using private key set by
297 client. Servers does not know anything about this
298 key and this causes that the private message is
299 not handled by the server at all, it is just
300 passed along. See section 2.5.3 Private Message
301 Encryption And Decryption for more information.
302
303
304 List 0x02
305
306 Indicates that the packet consists of list of
307 packet payloads indicated by the Packet Type field.
308 The payloads are added one after the other. Note that
309 there are packet types that must not be used as
310 list. Parsing of list packet is done by calculating
311 the length of each payload and parsing them one by
312 one.
313
314
315 Broadcast 0x04
316
317 Marks the packet to be broadcasted. Client cannot
318 send broadcast packet and normal server cannot send
319 broadcast packet. Only router server may send broadcast
320 packet. The router receiving of packet with this flag
321 set MUST send (broadcast) the packet to its primary
322 route. If router has several router connections the
323 packet may be sent only to the primary route. See
324 section 2.12 Packet Broadcasting for description of
325 packet broadcasting.
326
327 .in 3
328
329
330
331
332 o Packet Type (1 byte) - Is the type of the packet. Receiver
333 uses this field to parse the packet. See section 2.3
334 SILC Packets for list of defined packet types.
335
336 o Source ID Length (2 bytes) - Indicates the length of the
337 Source ID field in the header, not including this or any
338 other fields.
339
340 o Destination ID Length (2 bytes) - Indicates the length of the
341 Destination ID field in the header, not including this or
342 any other fields.
343
344 o Src ID Type (1 byte) - Indicates the type of ID in the
345 Source ID field. See section 2.4 SILC ID Types for
346 defined ID types.
347
348 o Source ID (variable length) - The actual source ID that
349 indicates which is the original sender of the packet.
350
351 o Dst ID Type (1 byte) - Indicates the type of ID in the
352 Destination ID field. See section 2.4 SILC ID Types for
353 defined ID types.
354
355 o Destination ID (variable length) - The actual destination
356 ID that indicates which is the end receiver of the packet.
357
358
359 .ti 0
360 2.3 SILC Packet Types
361
362 SILC packet types defines the contents of the packet and it is used by
363 the receiver to parse the packet. The packet type is 8 bits, as a one
364 byte, in length. The range for the packet types are from 0 - 255,
365 where 0 is never sent and 255 is currently reserved for future
366 extensions and MUST NOT be defined to any other purpose. Every SILC
367 specification compliant implementation SHOULD support all of these packet
368 types.
369
370 The below list of the SILC Packet types includes reference to the packet
371 payload as well. Packet payloads are the actual packet, that is, the data
372 that the packet consists of. Each packet type defines packet payload
373 which usually may only be sent with the specific packet type.
374
375 Most of the packets are packets that must be destined directly to entity
376 that is connected to the sender. It is not allowed, for example, for
377 router to send disconnect packet to client that is not directly connected
378 to the router. However, there are some special packet types that may
379 be destined to some entity that the sender has not direct connection
380 with. These packets are for example private message packets, channel
381 message packets, command packets and some other packets that may be
382 broadcasted in the SILC network. If the packet is allowed to be sent to
383 indirectly connected entity it is mentioned separately in the packet
384 description (unless it is obvious as in private and channel message
385 packets). Other packets MUST NOT be sent or accepted, if sent, to
386 indirectly connected entities.
387
388 List of SILC Packet types are defined as follows.
389
390 .in 1
391 0 SILC_PACKET_NONE
392
393 This type is reserved and it is never sent.
394
395
396 1 SILC_PACKET_DISCONNECT
397
398 This packet is sent to disconnect the remote end. Reason of
399 the disconnection is sent inside the packet payload. Client
400 usually does not send this packet.
401
402 This packet MUST NOT be sent as list and the List flag MUST
403 NOT be set.
404
405 Payload of the packet: See section 2.3.3 Disconnect Payload
406
407
408 2 SILC_PACKET_SUCCESS
409
410 This packet is sent upon successful execution of some protocol.
411 The status of the success is sent in the packet.
412
413 This packet MUST NOT be sent as list and the List flag MUST
414 NOT be set.
415
416 Payload of the packet: See section 2.3.4 Success Payload
417
418
419 3 SILC_PACKET_FAILURE
420
421 This packet is sent upon failure of some protocol. The status
422 of the failure is sent in the packet.
423
424 This packet MUST NOT be sent as list and the List flag MUST
425 NOT be set.
426
427 Payload of the packet: See section 2.3.5 Failure Payload
428
429
430 4 SILC_PACKET_REJECT
431
432 This packet MAY be sent upon rejection of some protocol.
433 The status of the rejection is sent in the packet.
434
435 This packet MUST NOT be sent as list and the List flag MUST
436 NOT be set.
437
438 Payload of the packet: See section 2.3.6 Reject Payload
439
440
441 5 SILC_PACKET_NOTIFY
442
443 This packet is used to send notify message, usually from
444 server to client, although it MAY be sent from server to another
445 server as well. Client MUST NOT send this packet. Server MAY
446 send this packet to channel as well when the packet is
447 distributed to all clients on the channel.
448
449 Payload of the packet: See section 2.3.7 Notify Payload.
450
451
452 6 SILC_PACKET_ERROR
453
454 This packet is sent when an error occurs. Server MAY
455 send this packet. Client MUST NOT send this packet. The
456 client MAY entirely ignore the packet, however, server is
457 most likely to take action anyway. This packet MAY be sent
458 to entity that is indirectly connected to the sender.
459
460 This packet MUST NOT be sent as list and the List flag MUST
461 NOT be set.
462
463 Payload of the packet: See section 2.3.8 Error Payload.
464
465
466 7 SILC_PACKET_CHANNEL_MESSAGE
467
468 This packet is used to send messages to channels. The packet
469 includes Channel ID of the channel and the actual message to
470 the channel. Messages sent to the channel are always protected
471 by channel specific keys. Channel Keys are distributed by
472 SILC_PACKET_CHANNEL_KEY packet.
473
474 This packet MUST NOT be sent as list and the List flag MUST
475 NOT be set.
476
477 Payload of the packet: See section 2.3.9 Channel Message
478 Payload
479
480
481 8 SILC_PACKET_CHANNEL_KEY
482
483 This packet is used to distribute new key for particular
484 channel. Each channel has their own independent keys that
485 is used to protect the traffic on the channel. Only server
486 may send this packet. This packet MAY be sent to entity
487 that is indirectly connected to the sender.
488
489 This packet MUST NOT be sent as list and the List flag MUST
490 NOT be set.
491
492 Payload of the packet: See section 2.3.10 Channel Key Payload
493
494
495 9 SILC_PACKET_PRIVATE_MESSAGE
496
497 This packet is used to send private messages from client
498 to another client. By default, private messages are protected
499 by session keys established by normal key exchange protocol.
500 However, it is possible to use specific key to protect private
501 messages. SILC_PACKET_PRIVATE_MESSAGE_KEY packet is used to
502 agree the key with the remote client. Pre-shared key MAY be
503 used as well if both of the client knows it, however, it needs
504 to be agreed outside SILC. See more of this in [SILC1].
505
506 This packet MUST NOT be sent as list and the List flag MUST
507 NOT be set.
508
509 Payload of the packet: See section 2.3.11 Private Message
510 Payload
511
512
513 10 SILC_PACKET_PRIVATE_MESSAGE_KEY
514
515 This packet is used to agree about a key to be used to protect
516 the private messages between two clients. If this is not sent
517 the normal session key is used to protect the private messages
518 inside SILC network. Agreeing to use specific key to protect
519 private messages adds security, as no server between the two
520 clients will be able to decrypt the private message. However,
521 servers inside SILC network are considered to be trusted, thus
522 using normal session key to protect private messages does not
523 degrade security. Whether to agree to use specific keys by
524 default or to use normal session keys by default, is
525 implementation specific issue. See more of this in [SILC1].
526
527 This packet MUST NOT be sent as list and the List flag MUST
528 NOT be set.
529
530 Payload of the packet: See section 2.3.12 Private Message
531 Key Payload
532
533
534 11 SILC_PACKET_COMMAND
535
536 This packet is used to send commands from client to server.
537 Server MAY send this packet to other servers as well. All
538 commands are listed in their own section SILC Command Types
539 in [SILC4]. The contents of this packet is command specific.
540 This packet MAY be sent to entity that is indirectly connected
541 to the sender.
542
543 This packet MUST NOT be sent as list and the List flag MUST
544 NOT be set.
545
546 Payload of the packet: See section 2.3.13 Command Payload
547
548
549 12 SILC_PACKET_COMMAND_REPLY
550
551 This packet is sent as reply to the SILC_PACKET_COMMAND packet.
552 The contents of this packet is command specific. This packet
553 MAY be sent to entity that is indirectly connected to the
554 sender.
555
556 This packet MUST NOT be sent as list and the List flag MUST
557 NOT be set.
558
559 Payload of the packet: See section 2.3.14 Command Reply
560 Payload and section 2.3.13 Command
561 Payload
562
563
564 13 SILC_PACKET_KEY_EXCHANGE
565
566 This packet is used to start SILC Key Exchange Protocol,
567 described in detail in [SILC3].
568
569 This packet MUST NOT be sent as list and the List flag MUST
570 NOT be set.
571
572 Payload of the packet: Payload of this packet is described
573 in the section SILC Key Exchange
574 Protocol and its sub sections in
575 [SILC3].
576
577
578 14 SILC_PACKET_KEY_EXCHANGE_1
579
580 This packet is used as part of the SILC Key Exchange Protocol.
581
582 This packet MUST NOT be sent as list and the List flag MUST
583 NOT be set.
584
585 Payload of the packet: Payload of this packet is described
586 in the section SILC Key Exchange
587 Protocol and its sub sections in
588 [SILC3].
589
590
591 15 SILC_PACKET_KEY_EXCHANGE_2
592
593 This packet is used as part of the SILC Key Exchange Protocol.
594
595 This packet MUST NOT be sent as list and the List flag MUST
596 NOT be set.
597
598 Payload of the packet: Payload of this packet is described
599 in the section SILC Key Exchange
600 Protocol and its sub sections in
601 [SILC3].
602
603
604 16 SILC_PACKET_CONNECTION_AUTH_REQUEST
605
606 This packet is used to request the authentication method to
607 be used in the SILC Connection Authentication Protocol. If
608 initiator of the protocol does not know the mandatory
609 authentication method this packet MAY be used to determine it.
610
611 The party receiving this payload MUST respond with the same
612 packet including the mandatory authentication method.
613
614 This packet MUST NOT be sent as list and the List flag MUST
615 NOT be set.
616
617 Payload of the packet: See section 2.3.15 Connection Auth
618 Request Payload
619
620
621
622
623 17 SILC_PACKET_CONNECTION_AUTH
624
625 This packet is used to start and perform the SILC Connection
626 Authentication Protocol. This protocol is used to authenticate
627 the connecting party. The protocol is described in detail in
628 [SILC3].
629
630 This packet MUST NOT be sent as list and the List flag MUST
631 NOT be set.
632
633 Payload of the packet: Payload of this packet is described
634 in the section SILC Authentication
635 Protocol and it sub sections in [SILC].
636
637
638 18 SILC_PACKET_NEW_ID
639
640 This packet is used to distribute new ID's from server to
641 router and from router to all routers in the SILC network.
642 This is used when for example new client is registered to
643 SILC network. The newly created ID's of these operations are
644 distributed by this packet. Only server may send this packet,
645 however, client MUST be able to receive this packet. This
646 packet MAY be sent to entity that is indirectly connected
647 to the sender.
648
649 Payload of the packet: See section 2.3.16 New ID Payload
650
651
652 19 SILC_PACKET_NEW_CLIENT
653
654 This packet is used by client to register itself to the
655 SILC network. This is sent after key exchange and
656 authentication protocols has been completed. Client sends
657 various information about itself in this packet.
658
659 This packet MUST NOT be sent as list and the List flag MUST
660 NOT be set.
661
662 Payload of the packet: See section 2.3.17 New Client Payload
663
664
665 20 SILC_PACKET_NEW_SERVER
666
667 This packet is used by server to register itself to the
668 SILC network. This is sent after key exchange and
669 authentication protocols has been completed. Server sends
670 this to the router it connected to, or, if router was
671 connecting, to the connected router. Server sends its
672 Server ID and other information in this packet. The client
673 MUST NOT send or receive this packet.
674
675 This packet MUST NOT be sent as list and the List flag MUST
676 NOT be set.
677
678 Payload of the packet: See section 2.3.18 New Server Payload
679
680
681 21 SILC_PACKET_NEW_CHANNEL
682
683 This packet is used to notify routers about newly created
684 channel. Channels are always created by the router and it MUST
685 notify other routers about the created channel. Router sends
686 this packet to its primary route. Client MUST NOT send this
687 packet. This packet MAY be sent to entity that is indirectly
688 connected to the sender.
689
690 Payload of the packet: See section 2.3.19 New Channel Payload
691
692
693 22 SILC_PACKET_REKEY
694
695 This packet is used to indicate that re-key must be performed
696 for session keys. See section Session Key Regeneration in
697 [SILC1] for more information. This packet does not have
698 a payload.
699
700 This packet MUST NOT be sent as list and the List flag MUST
701 NOT be set.
702
703
704 23 SILC_PACKET_REKEY_DONE
705
706 This packet is used to indicate that re-key is performed and
707 new keys must be used hereafter.
708
709 This packet MUST NOT be sent as list and the List flag MUST
710 NOT be set.
711
712
713 24 SILC_PACKET_HEARTBEAT
714
715 This packet is used by clients, servers and routers to keep the
716 connection alive. It is recommended that all servers implement
717 keepalive actions and perform it to both direction in a link.
718 This packet does not have a payload.
719
720 This packet MUST NOT be sent as list and the List flag MUST
721 NOT be set.
722
723
724 25 SILC_PACKET_KEY_AGREEMENT
725
726 This packet is used by clients to request key negotiation
727 between another client in the SILC network. If the negotiation
728 is started it is performed using the SKE protocol. The result of
729 the negotiation, the secret key material, can be used for
730 example as private message key. The server and router MUST NOT
731 send this packet.
732
733 This packet MUST NOT be sent as list and the List flag MUST
734 NOT be set.
735
736 Payload of the packet: See section 2.3.20 Key Agreement Payload
737
738
739 26 SILC_PACKET_CELL_ROUTERS
740
741 This packet is used by primary router in the cell to notify its
742 primary router what other routers (backup routers) exist in the
743 cell. In case of failure of the primary router in the cell the
744 first router in the list will act as primary router of the cell.
745 This packet MAY be sent at anytime after connection has been
746 registered to the primary router. The client MUST NOT send this
747 packet.
748
749 This packet MUST NOT be sent as list and the List flag MUST
750 NOT be set.
751
752 Payload of the packet: See section 2.3.21 Cell Routers Payload
753
754
755 27 - 199
756
757 Currently undefined commands.
758
759
760 200 - 254
761
762 These packet types are reserved for private use and they will
763 not be defined by this document.
764
765
766
767
768 255 SILC_PACKET_MAX
769
770 This type is reserved for future extensions and currently it
771 MUST NOT be sent.
772 .in 3
773
774
775 .ti 0
776 2.3.1 SILC Packet Payloads
777
778 All payloads resides in the main data area of the SILC packet. However
779 all payloads MUST be at the start of the data area after the SILC
780 packet header and padding. All fields in the packet payload are always
781 encrypted, as they reside in the data area of the packet which is
782 always encrypted.
783
784 Payloads described in this section are common payloads that MUST be
785 accepted anytime during SILC session. Most of the payloads may only
786 be sent with specific packet type which is defined in the description
787 of the payload.
788
789 There are a lot of other payloads in the SILC as well. However, they
790 are not common in the sense that they could be sent at any time.
791 These payloads are not described in this section. These are payloads
792 such as SILC Key Exchange payloads and so on. These are described
793 in [SILC1], [SILC3] and [SILC4].
794
795
796 .ti 0
797 2.3.2 Generic payloads
798
799 This section describes generic payloads that are not associated to any
800 specific packet type. They can be used for example inside some other
801 packet payloads.
802
803
804 .ti 0
805 2.3.2.1 ID Payload
806
807 This payload can be used to send an ID. ID's are variable in length
808 thus this payload provides a way to send variable length ID's.
809
810
811
812
813
814
815
816
817
818
819
820
821 The following diagram represents the ID Payload.
822
823 .in 5
824 .nf
825 1 2 3
826 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
827 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
828 | ID Type | ID Length |
829 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
830 | |
831 ~ ID Data ~
832 | |
833 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
834 .in 3
835
836 .ce
837 Figure 3: ID Payload
838
839
840 .in 6
841 o ID Type (2 bytes) - Indicates the type of the ID. See
842 section 2.4 SILC ID Types for list of defined ID types.
843
844 o ID Length (2 bytes) - Length of the ID Data area not
845 including the length of any other fields in the payload.
846
847 o ID Data (variable length) - The actual ID data.
848 .in 3
849
850
851 .ti 0
852 2.3.2.2 Argument Payload
853
854 Argument Payload is used to set arguments for any packet payload that
855 needs and supports arguments, such as commands. Number of arguments
856 associated with a packet MUST be indicated by the packet payload which
857 needs the arguments. Argument Payloads MUST always reside right after
858 the packet payload needing the arguments. Incorrect amount of argument
859 payloads MUST cause rejection of the packet. The following diagram
860 represents the Argument Payload.
861
862 The following diagram represents the Argument Payload.
863
864 .in 5
865 .nf
866 1 2 3
867 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
868 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
869 | Payload Length | Argument Type | |
870 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
871 | |
872 ~ Argument Data ~
873 | |
874 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
875 .in 3
876
877 .ce
878 Figure 4: Argument Payload
879
880
881 .in 6
882 o Payload Length (2 bytes) - Length of the argument payload data
883 area not including the length of any other fields in the
884 payload.
885
886 o Argument Type (1 byte) - Indicates the type of the argument.
887 Every argument may have a specific type that MUST be defined
888 by the packet payload needing the argument. For example
889 every command specify a number for each argument that maybe
890 associated with the command. By using this number the receiver
891 of the packet knows what type of argument this is. If there is
892 no specific argument type this field is set to zero (0).
893
894 o Argument Data (variable length) - Argument data.
895 .in 3
896
897
898 .ti 0
899 2.3.2.3 Channel Payload
900
901 Generic Channel Payload may be used to send information about channel,
902 its name, the Channel ID and a mode.
903
904 The following diagram represents the Channel Payload.
905
906
907 .in 5
908 .nf
909 1 2 3
910 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
911 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
912 | Channel Name Length | |
913 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
914 | |
915 ~ Channel Name ~
916 | |
917 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
918 | Channel ID Length | |
919 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
920 | |
921 ~ Channel ID ~
922 | |
923 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
924 | Mode Mask |
925 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
926 .in 3
927
928 .ce
929 Figure 5: New Channel Payload
930
931
932 .in 6
933 o Channel Name Length (2 bytes) - Length of the channel name
934 field.
935
936 o Channel Name (variable length) - The name of the channel.
937
938 o Channel ID Length (2 bytes) - Length of the Channel ID field.
939
940 o Channel ID (variable length) - The Channel ID.
941
942 o Mode Mask (4 bytes) - A mode. This can be the mode of the
943 channel but it can also be the mode of the client on the
944 channel. The contents of this field is dependent of the
945 usage of this payload. The usage is defined separately
946 when this payload is used. This is a 32 bit MSB first value.
947 .in 3
948
949
950 .ti 0
951 2.3.2.4 Public Key Payload
952
953 Generic Public Key Payload may be used to send different types of
954 public keys and certificates.
955
956 The following diagram represents the Public Key Payload.
957
958
959 .in 5
960 .nf
961 1 2 3
962 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
963 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
964 | Public Key Length | Public Key Type |
965 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
966 | |
967 ~ Public Key of the party (or certificate) ~
968 | |
969 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
970 .in 3
971
972 .ce
973 Figure 6: Public Key Payload
974
975
976 .in 6
977 o Public Key Length (2 bytes) - The length of the Public Key
978 (or certificate) field, not including any other field.
979
980 o Public Key Type (2 bytes) - The public key (or certificate)
981 type. This field indicates the type of the public key in
982 the packet. See the [SILC3] for defined public key types.
983
984 o Public Key (or certificate) (variable length) - The
985 public key or certificate.
986 .in 3
987
988
989 .ti 0
990 2.3.3 Disconnect Payload
991
992 Disconnect payload is sent upon disconnection. The payload is simple;
993 reason of disconnection is sent to the disconnected party.
994
995 The payload may only be sent with SILC_PACKET_DISCONNECT packet. It
996 MUST NOT be sent in any other packet type. The following diagram
997 represents the Disconnect Payload.
998
999
1000 .in 5
1001 .nf
1002 1 2 3
1003 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1004 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1005 | |
1006 ~ Disconnect Message ~
1007 | |
1008 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1009 .in 3
1010
1011 .ce
1012 Figure 7: Disconnect Payload
1013
1014
1015
1016
1017 .in 6
1018 o Disconnect Message (variable length) - Human readable
1019 reason of the disconnection.
1020 .in 3
1021
1022
1023 .ti 0
1024 2.3.4 Success Payload
1025
1026 Success payload is sent when some protocol execution is successfully
1027 completed. The payload is simple; indication of the success is sent.
1028 This may be any data, including binary or human readable data.
1029
1030 .in 5
1031 .nf
1032 1 2 3
1033 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1034 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1035 | |
1036 ~ Success Indication ~
1037 | |
1038 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1039 .in 3
1040
1041 .ce
1042 Figure 8: Success Payload
1043
1044
1045 .in 6
1046 o Success Indication (variable length) - Indication of
1047 the success. This may be for example some flag that
1048 indicates the protocol and the success status or human
1049 readable success message. The true length of this
1050 payload is available by calculating it from the SILC
1051 Packet Header.
1052 .in 3
1053
1054
1055
1056 .ti 0
1057 2.3.5 Failure Payload
1058
1059 This is opposite of Success Payload. Indication of failure of
1060 some protocol is sent in the payload.
1061
1062
1063 .in 5
1064 .nf
1065 1 2 3
1066 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1067 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1068 | |
1069 ~ Failure Indication ~
1070 | |
1071 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1072 .in 3
1073
1074 .ce
1075 Figure 9: Failure Payload
1076
1077
1078 .in 6
1079 o Failure Indication (variable length) - Indication of
1080 the failure. This may be for example some flag that
1081 indicates the protocol and the failure status or human
1082 readable failure message. The true length of this
1083 payload is available by calculating it from the SILC
1084 Packet Header.
1085 .in 3
1086
1087
1088 .ti 0
1089 2.3.6 Reject Payload
1090
1091 This payload is sent when some protocol is rejected to be executed.
1092 Other operations MAY send this as well that was rejected. The
1093 indication of the rejection is sent in the payload. The indication
1094 may be binary or human readable data.
1095
1096
1097 .in 5
1098 .nf
1099 1 2 3
1100 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1101 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1102 | |
1103 ~ Reject Indication ~
1104 | |
1105 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1106 .in 3
1107
1108 .ce
1109 Figure 10: Reject Payload
1110
1111
1112 .in 6
1113 o Reject Indication (variable length) - Indication of
1114 the rejection. This maybe for example some flag that
1115 indicates the protocol and the rejection status or human
1116 readable rejection message. The true length of this
1117 payload is available by calculating it from the SILC
1118 Packet Header.
1119 .in 3
1120
1121
1122 .ti 0
1123 2.3.7 Notify Payload
1124
1125 Notify payload is used to send notify messages. The payload is usually
1126 sent from server to client, however, server MAY send it to another
1127 server as well. This payload MAY also be sent to a channel. Client
1128 MUST NOT send this payload. The receiver of this payload MAY ignore
1129 the contents of the payload, however, notify message SHOULD be audited.
1130
1131 The payload may only be sent with SILC_PACKET_NOTIFY packet. It MUST
1132 not be sent in any other packet type. The following diagram represents
1133 the Notify Payload.
1134
1135 .in 5
1136 .nf
1137 1 2 3
1138 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1139 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1140 | Notify Type | Payload Length |
1141 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1142 | Argument Nums |
1143 +-+-+-+-+-+-+-+-+
1144 .in 3
1145
1146 .ce
1147 Figure 11: Notify Payload
1148
1149
1150 .in 6
1151 o Notify Type (2 bytes) - Indicates the type of the notify
1152 message.
1153