1 .pl 10.0i
2 .po 0
3 .ll 7.2i
4 .lt 7.2i
5 .nr LL 7.2i
6 .nr LT 7.2i
7 .ds LF Riikonen
8 .ds RF FORMFEED[Page %]
9 .ds CF
10 .ds LH Internet Draft
11 .ds RH 13 November 2001
12 .ds CH
13 .na
14 .hy 0
15 .in 0
16 .nf
17 Network Working Group P. Riikonen
18 Internet-Draft
19 draft-riikonen-silc-pp-04.txt 13 November 2001
20 Expires: 13 May 2002
21
22 .in 3
23
24 .ce 2
25 SILC Packet Protocol
26 <draft-riikonen-silc-pp-04.txt>
27
28 .ti 0
29 Status of this Memo
30
31 This document is an Internet-Draft and is in full conformance with
32 all provisions of Section 10 of RFC 2026. Internet-Drafts are
33 working documents of the Internet Engineering Task Force (IETF), its
34 areas, and its working groups. Note that other groups may also
35 distribute working documents as Internet-Drafts.
36
37 Internet-Drafts are draft documents valid for a maximum of six months
38 and may be updated, replaced, or obsoleted by other documents at any
39 time. It is inappropriate to use Internet-Drafts as reference
40 material or to cite them other than as "work in progress."
41
42 The list of current Internet-Drafts can be accessed at
43 http://www.ietf.org/ietf/1id-abstracts.txt
44
45 The list of Internet-Draft Shadow Directories can be accessed at
46 http://www.ietf.org/shadow.html
47
48 The distribution of this memo is unlimited.
49
50
51 .ti 0
52 Abstract
53
54 This memo describes a Packet Protocol used in the Secure Internet Live
55 Conferencing (SILC) protocol, specified in the Secure Internet Live
56 Conferencing, Protocol Specification Internet Draft [SILC1]. This
57 protocol describes the packet types and packet payloads which defines
58 the contents of the packets. The protocol provides secure binary packet
59 protocol that assures that the contents of the packets are secured and
60 authenticated.
61
62
63
64
65
66
67
68
69 .ti 0
70 Table of Contents
71
72 .nf
73 1 Introduction .................................................. 3
74 1.1 Requirements Terminology .................................. 4
75 2 SILC Packet Protocol .......................................... 4
76 2.1 SILC Packet ............................................... 4
77 2.2 SILC Packet Header ........................................ 5
78 2.3 SILC Packet Types ......................................... 7
79 2.3.1 SILC Packet Payloads ................................ 16
80 2.3.2 Generic payloads .................................... 16
81 2.3.2.1 ID Payload .................................. 17
82 2.3.2.2 Argument Payload ............................ 18
83 2.3.2.3 Channel Payload ............................. 18
84 2.3.2.4 Public Key Payload .......................... 19
85 2.3.3 Disconnect Payload .................................. 20
86 2.3.4 Success Payload ..................................... 21
87 2.3.5 Failure Payload ..................................... 21
88 2.3.6 Reject Payload ...................................... 22
89 2.3.7 Notify Payload ...................................... 22
90 2.3.8 Error Payload ....................................... 28
91 2.3.9 Channel Message Payload ............................. 29
92 2.3.10 Channel Key Payload ................................ 32
93 2.3.11 Private Message Payload ............................ 34
94 2.3.12 Private Message Key Payload ........................ 35
95 2.3.13 Command Payload .................................... 37
96 2.3.14 Command Reply Payload .............................. 38
97 2.3.15 Connection Auth Request Payload .................... 38
98 2.3.16 New ID Payload ..................................... 39
99 2.3.17 New Client Payload ................................. 40
100 2.3.18 New Server Payload ................................. 41
101 2.3.19 New Channel Payload ................................ 42
102 2.3.20 Key Agreement Payload .............................. 43
103 2.3.21 Resume Router Payload .............................. 44
104 2.3.22 File Transfer Payload .............................. 44
105 2.4 SILC ID Types ............................................. 46
106 2.5 Packet Encryption And Decryption .......................... 46
107 2.5.1 Normal Packet Encryption And Decryption ............. 46
108 2.5.2 Channel Message Encryption And Decryption ........... 47
109 2.5.3 Private Message Encryption And Decryption ........... 48
110 2.6 Packet MAC Generation ..................................... 48
111 2.7 Packet Padding Generation ................................. 49
112 2.8 Packet Compression ........................................ 50
113 2.9 Packet Sending ............................................ 50
114 2.10 Packet Reception ......................................... 51
115 2.11 Packet Routing ........................................... 51
116 2.12 Packet Broadcasting ...................................... 52
117 3 Security Considerations ....................................... 53
118 4 References .................................................... 53
119 5 Author's Address .............................................. 54
120
121 .ti 0
122 List of Figures
123
124 .nf
125 Figure 1: Typical SILC Packet
126 Figure 2: SILC Packet Header
127 Figure 3: ID Payload
128 Figure 4: Argument Payload
129 Figure 5: Channel Payload
130 Figure 6: Public Key Payload
131 Figure 7: Disconnect Payload
132 Figure 8: Success Payload
133 Figure 9: Failure Payload
134 Figure 10: Reject Payload
135 Figure 11: Notify Payload
136 Figure 12: Error Payload
137 Figure 13: Channel Message Payload
138 Figure 14: Channel Key Payload
139 Figure 15: Private Message Payload
140 Figure 16: Private Message Key Payload
141 Figure 17: Command Payload
142 Figure 18: Connection Auth Request Payload
143 Figure 19: New Client Payload
144 Figure 20: New Server Payload
145 Figure 21: Key Agreement Payload
146 Figure 22: Resume Router Payload
147 Figure 23: File Transfer Payload
148
149
150 .ti 0
151 1. Introduction
152
153 This document describes a Packet Protocol used in the Secure Internet
154 Live Conferencing (SILC) protocol specified in the Secure Internet Live
155 Conferencing, Protocol Specification Internet Draft [SILC1]. This
156 protocol describes the packet types and packet payloads which defines
157 the contents of the packets. The protocol provides secure binary packet
158 protocol that assures that the contents of the packets are secured and
159 authenticated.
160
161 The basis of SILC protocol relies in the SILC packets and it is with
162 out a doubt the most important part of the protocol. It is also probably
163 the most complicated part of the protocol. Packets are used all the
164 time in the SILC network to send messages, commands and other information.
165 All packets in SILC network are always encrypted and their integrity
166 is assured by computed MACs. The protocol defines several packet types
167 and packet payloads. Each packet type usually has a specific packet
168 payload that actually defines the contents of the packet. Each packet
169 also includes a default SILC Packet Header that provides sufficient
170 information about the origin of the packet and destination of the
171 packet.
172
173
174 .ti 0
175 1.1 Requirements Terminology
176
177 The keywords MUST, MUST NOT, REQUIRED, SHOULD, SHOULD NOT, RECOMMENDED,
178 MAY, and OPTIONAL, when they appear in this document, are to be
179 interpreted as described in [RFC2119].
180
181
182 .ti 0
183 2 SILC Packet Protocol
184
185 .ti 0
186 2.1 SILC Packet
187
188 SILC packets deliver messages from sender to receiver securely by
189 encrypting important fields of the packet. The packet consists of
190 default SILC Packet Header, Padding, Packet Payload data, and, packet
191 MAC.
192
193 The following diagram illustrates typical SILC packet.
194
195
196 .in 5
197 .nf
198 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
199 | n bytes | 1 - n bytes | n bytes | n bytes
200 | SILC Header | Padding | Data Payload | MAC
201 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
202 .in 3
203
204 .ce
205 Figure 1: Typical SILC Packet
206
207
208 SILC Header is always the first part of the packet and its purpose
209 is to provide information about the packet. It provides for example
210 the packet type, origin of the packet and the destination of the packet.
211 The header is variable in length. See the following section for
212 description of SILC Packet header. Packets without SILC header or
213 with malformed SILC header MUST be dropped.
214
215 Padding follows the packet header. The purpose of the padding is to
216 make the packet multiple by eight (8) or by the block size of the
217 cipher used in the encryption, which ever is larger. The maximum
218 length of padding is currently 128 bytes. The padding is always
219 encrypted. The padding is applied always, even if the packet is
220 not encrypted. See the section 2.7 Padding Generation for more
221 detailed information.
222
223 Data payload area follows padding and it is the actual data of the
224 packet. The packet data is the packet payloads defined in this
225 protocol. The data payload area is always encrypted.
226
227 The last part of SILC packet is the packet MAC that assures the
228 integrity of the packet. The MAC is always computed from the packet
229 before the encryption is applied to the packet. If compression is used
230 in the packet the MAC is computed after the compression has been
231 applied. The compression, on the other hand, is always applied before
232 encryption. See more details in the section 2.6 Packet MAC Generation.
233
234 All fields in all packet payloads are always in MSB (most significant
235 byte first) order.
236
237
238 .ti 0
239 2.2 SILC Packet Header
240
241 The SILC packet header is applied to all SILC packets and it is
242 variable in length. The purpose of SILC Packet header is to provide
243 detailed information about the packet. The receiver of the packet
244 uses the packet header to parse the packet and gain other relevant
245 parameters of the packet.
246
247 The following diagram represents the SILC packet header.
248
249 .in 5
250 .nf
251 1 2 3
252 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
253 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
254 | Payload Length | Flags | Packet Type |
255 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
256 | Pad Length | RESERVED | Source ID Len | Dest ID Len |
257 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
258 | Src ID Type | |
259 +-+-+-+-+-+-+-+-+ +
260 | |
261 ~ Source ID ~
262 | |
263 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
264 | Dst ID Type | |
265 +-+-+-+-+-+-+-+-+ +
266 | |
267 ~ Destination ID ~
268 | |
269 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
270 .in 3
271
272 .ce
273 Figure 2: SILC Packet Header
274
275
276 .in 6
277 o Payload Length (2 bytes) - Is the length of the packet
278 not including the padding of the packet.
279
280 o Flags (1 byte) - Indicates flags to be used in packet
281 processing. Several flags may be set by ORing the flags
282 together.
283
284 The following flags are reserved for this field:
285
286
287 No flags 0x00
288
289 In this case the field is ignored.
290
291
292 Private Message Key 0x01
293
294 Indicates that the packet must include private
295 message that is encrypted using private key set by
296 client. Servers does not know anything about this
297 key and this causes that the private message is
298 not handled by the server at all, it is just
299 passed along. See section 2.5.3 Private Message
300 Encryption And Decryption for more information.
301
302
303 List 0x02
304
305 Indicates that the packet consists of list of
306 packet payloads indicated by the Packet Type field.
307 The payloads are added one after the other. Note that
308 there are packet types that must not be used as
309 list. Parsing of list packet is done by calculating
310 the length of each payload and parsing them one by
311 one.
312
313
314 Broadcast 0x04
315
316 Marks the packet to be broadcasted. Client cannot
317 send broadcast packet and normal server cannot send
318 broadcast packet. Only router server may send broadcast
319 packet. The router receiving of packet with this flag
320 set MUST send (broadcast) the packet to its primary
321 route. If router has several router connections the
322 packet may be sent only to the primary route. See
323 section 2.12 Packet Broadcasting for description of
324 packet broadcasting.
325
326 .in 3
327
328
329
330
331 o Packet Type (1 byte) - Is the type of the packet. Receiver
332 uses this field to parse the packet. See section 2.3
333 SILC Packets for list of defined packet types.
334
335 o Pad Length (1 byte) - Indicates the length of the padding
336 applied after the SILC Packet header. Maximum length for
337 padding is 128 bytes.
338
339 o RESERVED (1 byte) - Reserved field and must include a
340 zero (0) value.
341
342 o Source ID Length (1 byte) - Indicates the length of the
343 Source ID field in the header, not including this or any
344 other fields.
345
346 o Destination ID Length (1 byte) - Indicates the length of the
347 Destination ID field in the header, not including this or
348 any other fields.
349
350 o Src ID Type (1 byte) - Indicates the type of ID in the
351 Source ID field. See section 2.4 SILC ID Types for
352 defined ID types.
353
354 o Source ID (variable length) - The actual source ID that
355 indicates which is the original sender of the packet.
356
357 o Dst ID Type (1 byte) - Indicates the type of ID in the
358 Destination ID field. See section 2.4 SILC ID Types for
359 defined ID types.
360
361 o Destination ID (variable length) - The actual destination
362 ID that indicates which is the end receiver of the packet.
363
364
365
366 .ti 0
367 2.3 SILC Packet Types
368
369 SILC packet types defines the contents of the packet and it is used by
370 the receiver to parse the packet. The packet type is 8 bits, as a one
371 byte, in length. The range for the packet types are from 0 - 255,
372 where 0 is never sent and 255 is currently reserved for future
373 extensions and MUST NOT be defined to any other purpose. Every SILC
374 specification compliant implementation SHOULD support all of these packet
375 types.
376
377 The below list of the SILC Packet types includes reference to the packet
378 payload as well. Packet payloads are the actual packet, that is, the data
379 that the packet consists of. Each packet type defines packet payload
380 which usually may only be sent with the specific packet type.
381
382 Most of the packets are packets that must be destined directly to entity
383 that is connected to the sender. It is not allowed, for example, for
384 router to send disconnect packet to client that is not directly connected
385 to the router. However, there are some special packet types that may
386 be destined to some entity that the sender has not direct connection
387 with. These packets are for example private message packets, channel
388 message packets, command packets and some other packets that may be
389 broadcasted in the SILC network. If the packet is allowed to be sent to
390 indirectly connected entity it is mentioned separately in the packet
391 description (unless it is obvious as in private and channel message
392 packets). Other packets MUST NOT be sent or accepted, if sent, to
393 indirectly connected entities.
394
395 List of SILC Packet types are defined as follows.
396
397 .in 1
398 0 SILC_PACKET_NONE
399
400 This type is reserved and it is never sent.
401
402
403 1 SILC_PACKET_DISCONNECT
404
405 This packet is sent to disconnect the remote end. Reason of
406 the disconnection is sent inside the packet payload. Client
407 usually does not send this packet.
408
409 This packet MUST NOT be sent as list and the List flag MUST
410 NOT be set.
411
412 Payload of the packet: See section 2.3.3 Disconnect Payload
413
414
415 2 SILC_PACKET_SUCCESS
416
417 This packet is sent upon successful execution of some protocol.
418 The status of the success is sent in the packet.
419
420 This packet MUST NOT be sent as list and the List flag MUST
421 NOT be set.
422
423 Payload of the packet: See section 2.3.4 Success Payload
424
425
426 3 SILC_PACKET_FAILURE
427
428 This packet is sent upon failure of some protocol. The status
429 of the failure is sent in the packet.
430
431 This packet MUST NOT be sent as list and the List flag MUST
432 NOT be set.
433
434 Payload of the packet: See section 2.3.5 Failure Payload
435
436
437 4 SILC_PACKET_REJECT
438
439 This packet MAY be sent upon rejection of some protocol.
440 The status of the rejection is sent in the packet.
441
442 This packet MUST NOT be sent as list and the List flag MUST
443 NOT be set.
444
445 Payload of the packet: See section 2.3.6 Reject Payload
446
447
448 5 SILC_PACKET_NOTIFY
449
450 This packet is used to send notify message, usually from
451 server to client, although it MAY be sent from server to another
452 server as well. Client MUST NOT send this packet. Server MAY
453 send this packet to channel as well when the packet is
454 distributed to all clients on the channel.
455
456 Payload of the packet: See section 2.3.7 Notify Payload.
457
458
459 6 SILC_PACKET_ERROR
460
461 This packet is sent when an error occurs. Server MAY
462 send this packet. Client MUST NOT send this packet. The
463 client MAY entirely ignore the packet, however, server is
464 most likely to take action anyway. This packet MAY be sent
465 to entity that is indirectly connected to the sender.
466
467 This packet MUST NOT be sent as list and the List flag MUST
468 NOT be set.
469
470 Payload of the packet: See section 2.3.8 Error Payload.
471
472
473 7 SILC_PACKET_CHANNEL_MESSAGE
474
475 This packet is used to send messages to channels. The packet
476 includes Channel ID of the channel and the actual message to
477 the channel. Messages sent to the channel are always protected
478 by channel specific keys. Channel Keys are distributed by
479 SILC_PACKET_CHANNEL_KEY packet.
480
481 This packet MUST NOT be sent as list and the List flag MUST
482 NOT be set.
483
484 Payload of the packet: See section 2.3.9 Channel Message
485 Payload
486
487
488 8 SILC_PACKET_CHANNEL_KEY
489
490 This packet is used to distribute new key for particular
491 channel. Each channel has their own independent keys that
492 is used to protect the traffic on the channel. Only server
493 may send this packet. This packet MAY be sent to entity
494 that is indirectly connected to the sender.
495
496 This packet MUST NOT be sent as list and the List flag MUST
497 NOT be set.
498
499 Payload of the packet: See section 2.3.10 Channel Key Payload
500
501
502 9 SILC_PACKET_PRIVATE_MESSAGE
503
504 This packet is used to send private messages from client
505 to another client. By default, private messages are protected
506 by session keys established by normal key exchange protocol.
507 However, it is possible to use specific key to protect private
508 messages. SILC_PACKET_PRIVATE_MESSAGE_KEY packet is used to
509 agree the key with the remote client. Pre-shared key MAY be
510 used as well if both of the client knows it, however, it needs
511 to be agreed outside SILC. See more of this in [SILC1].
512
513 This packet MUST NOT be sent as list and the List flag MUST
514 NOT be set.
515
516 Payload of the packet: See section 2.3.11 Private Message
517 Payload
518
519
520 10 SILC_PACKET_PRIVATE_MESSAGE_KEY
521
522 This packet is used to agree about a key to be used to protect
523 the private messages between two clients. If this is not sent
524 the normal session key is used to protect the private messages
525 inside SILC network. Agreeing to use specific key to protect
526 private messages adds security, as no server between the two
527 clients will be able to decrypt the private message. However,
528 servers inside SILC network are considered to be trusted, thus
529 using normal session key to protect private messages does not
530 degrade security. Whether to agree to use specific keys by
531 default or to use normal session keys by default, is
532 implementation specific issue. See more of this in [SILC1].
533
534 This packet MUST NOT be sent as list and the List flag MUST
535 NOT be set.
536
537 Payload of the packet: See section 2.3.12 Private Message
538 Key Payload
539
540
541 11 SILC_PACKET_COMMAND
542
543 This packet is used to send commands from client to server.
544 Server MAY send this packet to other servers as well. All
545 commands are listed in their own section SILC Command Types
546 in [SILC4]. The contents of this packet is command specific.
547 This packet MAY be sent to entity that is indirectly connected
548 to the sender.
549
550 This packet MUST NOT be sent as list and the List flag MUST
551 NOT be set.
552
553 Payload of the packet: See section 2.3.13 Command Payload
554
555
556 12 SILC_PACKET_COMMAND_REPLY
557
558 This packet is sent as reply to the SILC_PACKET_COMMAND packet.
559 The contents of this packet is command specific. This packet
560 MAY be sent to entity that is indirectly connected to the
561 sender.
562
563 This packet MUST NOT be sent as list and the List flag MUST
564 NOT be set.
565
566 Payload of the packet: See section 2.3.14 Command Reply
567 Payload and section 2.3.13 Command
568 Payload
569
570
571
572
573 13 SILC_PACKET_KEY_EXCHANGE
574
575 This packet is used to start SILC Key Exchange Protocol,
576 described in detail in [SILC3].
577
578 This packet MUST NOT be sent as list and the List flag MUST
579 NOT be set.
580
581 Payload of the packet: Payload of this packet is described
582 in the section SILC Key Exchange
583 Protocol and its sub sections in
584 [SILC3].
585
586
587 14 SILC_PACKET_KEY_EXCHANGE_1
588
589 This packet is used as part of the SILC Key Exchange Protocol.
590
591 This packet MUST NOT be sent as list and the List flag MUST
592 NOT be set.
593
594 Payload of the packet: Payload of this packet is described
595 in the section SILC Key Exchange
596 Protocol and its sub sections in
597 [SILC3].
598
599
600 15 SILC_PACKET_KEY_EXCHANGE_2
601
602 This packet is used as part of the SILC Key Exchange Protocol.
603
604 This packet MUST NOT be sent as list and the List flag MUST
605 NOT be set.
606
607 Payload of the packet: Payload of this packet is described
608 in the section SILC Key Exchange
609 Protocol and its sub sections in
610 [SILC3].
611
612
613 16 SILC_PACKET_CONNECTION_AUTH_REQUEST
614
615 This packet is used to request the authentication method to
616 be used in the SILC Connection Authentication Protocol. If
617 initiator of the protocol does not know the mandatory
618 authentication method this packet MAY be used to determine it.
619
620 The party receiving this payload MUST respond with the same
621 packet including the mandatory authentication method.
622
623 This packet MUST NOT be sent as list and the List flag MUST
624 NOT be set.
625
626 Payload of the packet: See section 2.3.15 Connection Auth
627 Request Payload
628
629
630
631
632 17 SILC_PACKET_CONNECTION_AUTH
633
634 This packet is used to start and perform the SILC Connection
635 Authentication Protocol. This protocol is used to authenticate
636 the connecting party. The protocol is described in detail in
637 [SILC3].
638
639 This packet MUST NOT be sent as list and the List flag MUST
640 NOT be set.
641
642 Payload of the packet: Payload of this packet is described
643 in the section SILC Authentication
644 Protocol and it sub sections in [SILC].
645
646
647 18 SILC_PACKET_NEW_ID
648
649 This packet is used to distribute new ID's from server to
650 router and from router to all routers in the SILC network.
651 This is used when for example new client is registered to
652 SILC network. The newly created ID's of these operations are
653 distributed by this packet. Only server may send this packet,
654 however, client MUST be able to receive this packet. This
655 packet MAY be sent to entity that is indirectly connected
656 to the sender.
657
658 Payload of the packet: See section 2.3.16 New ID Payload
659
660
661 19 SILC_PACKET_NEW_CLIENT
662
663 This packet is used by client to register itself to the
664 SILC network. This is sent after key exchange and
665 authentication protocols has been completed. Client sends
666 various information about itself in this packet.
667
668 This packet MUST NOT be sent as list and the List flag MUST
669 NOT be set.
670
671 Payload of the packet: See section 2.3.17 New Client Payload
672
673
674 20 SILC_PACKET_NEW_SERVER
675
676 This packet is used by server to register itself to the
677 SILC network. This is sent after key exchange and
678 authentication protocols has been completed. Server sends
679 this to the router it connected to, or, if router was
680 connecting, to the connected router. Server sends its
681 Server ID and other information in this packet. The client
682 MUST NOT send or receive this packet.
683
684 This packet MUST NOT be sent as list and the List flag MUST
685 NOT be set.
686
687 Payload of the packet: See section 2.3.18 New Server Payload
688
689
690 21 SILC_PACKET_NEW_CHANNEL
691
692 This packet is used to notify routers about newly created
693 channel. Channels are always created by the router and it MUST
694 notify other routers about the created channel. Router sends
695 this packet to its primary route. Client MUST NOT send this
696 packet. This packet MAY be sent to entity that is indirectly
697 connected to the sender.
698
699 Payload of the packet: See section 2.3.19 New Channel Payload
700
701
702 22 SILC_PACKET_REKEY
703
704 This packet is used to indicate that re-key must be performed
705 for session keys. See section Session Key Regeneration in
706 [SILC1] for more information. This packet does not have
707 a payload.
708
709 This packet MUST NOT be sent as list and the List flag MUST
710 NOT be set.
711
712
713 23 SILC_PACKET_REKEY_DONE
714
715 This packet is used to indicate that re-key is performed and
716 new keys must be used hereafter.
717
718 This packet MUST NOT be sent as list and the List flag MUST
719 NOT be set.
720
721
722 24 SILC_PACKET_HEARTBEAT
723
724 This packet is used by clients, servers and routers to keep the
725 connection alive. It is recommended that all servers implement
726 keepalive actions and perform it to both direction in a link.
727 This packet does not have a payload.
728
729 This packet MUST NOT be sent as list and the List flag MUST
730 NOT be set.
731
732
733 25 SILC_PACKET_KEY_AGREEMENT
734
735 This packet is used by clients to request key negotiation
736 between another client in the SILC network. If the negotiation
737 is started it is performed using the SKE protocol. The result of
738 the negotiation, the secret key material, can be used for
739 example as private message key. The server and router MUST NOT
740 send this packet.
741
742 This packet MUST NOT be sent as list and the List flag MUST
743 NOT be set.
744
745 Payload of the packet: See section 2.3.20 Key Agreement Payload
746
747
748 26 SILC_PACKET_RESUME_ROUTER
749
750 This packet is used during backup router protocol when the
751 original primary router of the cell comes back online and wishes
752 to resume the position as being the primary router of the cell.
753
754 Payload of the packet: See section 2.3.21 Resume Router Payload
755
756
757 27 SILC_PACKET_FTP
758
759 This packet is used to perform an file transfer protocol in the
760 SILC session with some entity in the network. The packet is
761 multi purpose. The packet is used to tell other entity in the
762 network that the sender wishes to perform an file transfer
763 protocol. The packet is also used to actually tunnel the
764 file transfer protocol stream. The file transfer protocol
765 stream is always protected with the SILC packet.
766
767 This packet MUST NOT be sent as list and the List flag MUST
768 NOT be set.
769
770 Payload of the packet: See section 2.3.22 File Transfer Payload
771
772
773 28 - 199
774
775 Currently undefined commands.
776
777
778 200 - 254
779
780 These packet types are reserved for private use and they will
781 not be defined by this document.
782
783
784
785
786 255 SILC_PACKET_MAX
787
788 This type is reserved for future extensions and currently it
789 MUST NOT be sent.
790 .in 3
791
792
793 .ti 0
794 2.3.1 SILC Packet Payloads
795
796 All payloads resides in the main data area of the SILC packet. However
797 all payloads MUST be at the start of the data area after the SILC
798 packet header and padding. All fields in the packet payload are always
799 encrypted, as they reside in the data area of the packet which is
800 always encrypted.
801
802 Payloads described in this section are common payloads that MUST be
803 accepted anytime during SILC session. Most of the payloads may only
804 be sent with specific packet type which is defined in the description
805 of the payload.
806
807 There are a lot of other payloads in the SILC as well. However, they
808 are not common in the sense that they could be sent at any time.
809 These payloads are not described in this section. These are payloads
810 such as SILC Key Exchange payloads and so on. These are described
811 in [SILC1], [SILC3] and [SILC4].
812
813
814 .ti 0
815 2.3.2 Generic payloads
816
817 This section describes generic payloads that are not associated to any
818 specific packet type. They can be used for example inside some other
819 packet payloads.
820
821
822 .ti 0
823 2.3.2.1 ID Payload
824
825 This payload can be used to send an ID. ID's are variable in length
826 thus this payload provides a way to send variable length ID's.
827
828 The following diagram represents the ID Payload.
829
830 .in 5
831 .nf
832 1 2 3
833 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
834 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
835 | ID Type | ID Length |
836 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
837 | |
838 ~ ID Data ~
839 | |
840 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
841 .in 3
842
843 .ce
844 Figure 3: ID Payload
845
846
847 .in 6
848 o ID Type (2 bytes) - Indicates the type of the ID. See
849 section 2.4 SILC ID Types for list of defined ID types.
850
851 o ID Length (2 bytes) - Length of the ID Data area not
852 including the length of any other fields in the payload.
853
854 o ID Data (variable length) - The actual ID data.
855 .in 3
856
857
858 .ti 0
859 2.3.2.2 Argument Payload
860
861 Argument Payload is used to set arguments for any packet payload that
862 needs and supports arguments, such as commands. Number of arguments
863 associated with a packet MUST be indicated by the packet payload which
864 needs the arguments. Argument Payloads MUST always reside right after
865 the packet payload needing the arguments. Incorrect amount of argument
866 payloads MUST cause rejection of the packet.
867
868
869
870
871
872
873
874 The following diagram represents the Argument Payload.
875
876 .in 5
877 .nf
878 1 2 3
879 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
880 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
881 | Payload Length | Argument Type | |
882 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
883 | |
884 ~ Argument Data ~
885 | |
886 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
887 .in 3
888
889 .ce
890 Figure 4: Argument Payload
891
892
893 .in 6
894 o Payload Length (2 bytes) - Length of the argument payload data
895 area not including the length of any other fields in the
896 payload.
897
898 o Argument Type (1 byte) - Indicates the type of the argument.
899 Every argument may have a specific type that MUST be defined
900 by the packet payload needing the argument. For example
901 every command specify a number for each argument that maybe
902 associated with the command. By using this number the receiver
903 of the packet knows what type of argument this is. If there is
904 no specific argument type this field is set to zero (0).
905
906 o Argument Data (variable length) - Argument data.
907 .in 3
908
909
910 .ti 0
911 2.3.2.3 Channel Payload
912
913 Generic Channel Payload may be used to send information about channel,
914 its name, the Channel ID and a mode.
915
916 The following diagram represents the Channel Payload.
917
918
919
920
921
922
923
924
925
926
927
928
929 .in 5
930 .nf
931 1 2 3
932 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
933 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
934 | Channel Name Length | |
935 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
936 | |
937 ~ Channel Name ~
938 | |
939 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
940 | Channel ID Length | |
941 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
942 | |
943 ~ Channel ID ~
944 | |
945 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
946 | Mode Mask |
947 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
948 .in 3
949
950 .ce
951 Figure 5: New Channel Payload
952
953
954 .in 6
955 o Channel Name Length (2 bytes) - Length of the channel name
956 field.
957
958 o Channel Name (variable length) - The name of the channel.
959
960 o Channel ID Length (2 bytes) - Length of the Channel ID field.
961
962 o Channel ID (variable length) - The Channel ID.
963
964 o Mode Mask (4 bytes) - A mode. This can be the mode of the
965 channel but it can also be the mode of the client on the
966 channel. The contents of this field is dependent of the
967 usage of this payload. The usage is defined separately
968 when this payload is used. This is a 32 bit MSB first value.
969 .in 3
970
971
972 .ti 0
973 2.3.2.4 Public Key Payload
974
975 Generic Public Key Payload may be used to send different types of
976 public keys and certificates.
977
978 The following diagram represents the Public Key Payload.
979
980
981
982
983
984 .in 5
985 .nf
986 1 2 3
987 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
988 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
989 | Public Key Length | Public Key Type |
990 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
991 | |
992 ~ Public Key of the party (or certificate) ~
993 | |
994 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
995 .in 3
996
997 .ce
998 Figure 6: Public Key Payload
999
1000
1001 .in 6
1002 o Public Key Length (2 bytes) - The length of the Public Key
1003 (or certificate) field, not including any other field.
1004
1005 o Public Key Type (2 bytes) - The public key (or certificate)
1006 type. This field indicates the type of the public key in
1007 the packet. See the [SILC3] for defined public key types.
1008
1009 o Public Key (or certificate) (variable length) - The
1010 public key or certificate.
1011 .in 3
1012
1013
1014 .ti 0
1015 2.3.3 Disconnect Payload
1016
1017 Disconnect payload is sent upon disconnection. The payload is simple;
1018 reason of disconnection is sent to the disconnected party.
1019
1020 The payload may only be sent with SILC_PACKET_DISCONNECT packet. It
1021 MUST NOT be sent in any other packet type. The following diagram
1022 represents the Disconnect Payload.
1023
1024
1025 .in 5
1026 .nf
1027 1 2 3
1028 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1029 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1030 | |
1031 ~ Disconnect Message ~
1032 | |
1033 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1034 .in 3
1035
1036 .ce
1037 Figure 7: Disconnect Payload
1038
1039
1040
1041
1042 .in 6
1043 o Disconnect Message (variable length) - Human readable
1044 reason of the disconnection.
1045 .in 3
1046
1047
1048 .ti 0
1049 2.3.4 Success Payload
1050
1051 Success payload is sent when some protocol execution is successfully
1052 completed. The payload is simple; indication of the success is sent.
1053 This may be any data, including binary or human readable data.
1054
1055 .in 5
1056 .nf
1057 1 2 3
1058 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1059 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1060 | |
1061 ~ Success Indication ~
1062 | |
1063 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1064 .in 3
1065
1066 .ce
1067 Figure 8: Success Payload
1068
1069
1070 .in 6
1071 o Success Indication (variable length) - Indication of
1072 the success. This may be for example some flag that
1073 indicates the protocol and the success status or human
1074 readable success message. The true length of this
1075 payload is available by calculating it from the SILC
1076 Packet Header.
1077 .in 3
1078
1079
1080
1081 .ti 0
1082 2.3.5 Failure Payload
1083
1084 This is opposite of Success Payload. Indication of failure of
1085 some protocol is sent in the payload.
1086
1087
1088 .in 5
1089 .nf
1090 1 2 3
1091 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1092 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1093 | |
1094 ~ Failure Indication ~
1095 | |
1096 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1097 .in 3
1098
1099 .ce
1100 Figure 9: Failure Payload
1101
1102
1103 .in 6
1104 o Failure Indication (variable length) - Indication of
1105 the failure. This may be for example some flag that
1106 indicates the protocol and the failure status or human
1107 readable failure message. The true length of this
1108 payload is available by calculating it from the SILC
1109 Packet Header.
1110 .in 3
1111
1112
1113 .ti 0
1114 2.3.6 Reject Payload
1115
1116 This payload is sent when some protocol is rejected to be executed.
1117 Other operations MAY send this as well that was rejected. The
1118 indication of the rejection is sent in the payload. The indication
1119 may be binary or human readable data.
1120
1121
1122 .in 5
1123 .nf
1124 1 2 3
1125 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1126 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1127 | |
1128 ~ Reject Indication ~
1129 | |
1130 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1131 .in 3
1132
1133 .ce
1134 Figure 10: Reject Payload
1135
1136
1137 .in 6
1138 o Reject Indication (variable length) - Indication of
1139 the rejection. This maybe for example some flag that
1140 indicates the protocol and the rejection status or human
1141 readable rejection message. The true length of this
1142 payload is available by calculating it from the SILC
1143 Packet Header.
1144 .in 3
1145
1146
1147 .ti 0
1148 2.3.7 Notify Payload
1149
1150 Notify payload is used to send notify messages. The payload is usually
1151 sent from server to client, however, server MAY send it to another
1152 server as well. This payload MAY also be sent to a channel. Client
1153 MUST NOT send this payload. The receiver of this payload MAY ignore
1154 the contents of the payload, however, notify message SHOULD be audited.
1155