1 .pl 10.0i
2 .po 0
3 .ll 7.2i
4 .lt 7.2i
5 .nr LL 7.2i
6 .nr LT 7.2i
7 .ds LF Riikonen
8 .ds RF FORMFEED[Page %]
9 .ds CF
10 .ds LH Internet Draft
11 .ds RH 26 November 2002
12 .ds CH
13 .na
14 .hy 0
15 .in 0
16 .nf
17 Network Working Group P. Riikonen
18 Internet-Draft
19 draft-riikonen-silc-pp-06.txt 26 November 2002
20 Expires: 26 April 2003
21
22 .in 3
23
24 .ce 2
25 SILC Packet Protocol
26 <draft-riikonen-silc-pp-06.txt>
27
28 .ti 0
29 Status of this Memo
30
31 This document is an Internet-Draft and is in full conformance with
32 all provisions of Section 10 of RFC 2026. Internet-Drafts are
33 working documents of the Internet Engineering Task Force (IETF), its
34 areas, and its working groups. Note that other groups may also
35 distribute working documents as Internet-Drafts.
36
37 Internet-Drafts are draft documents valid for a maximum of six months
38 and may be updated, replaced, or obsoleted by other documents at any
39 time. It is inappropriate to use Internet-Drafts as reference
40 material or to cite them other than as "work in progress."
41
42 The list of current Internet-Drafts can be accessed at
43 http://www.ietf.org/ietf/1id-abstracts.txt
44
45 The list of Internet-Draft Shadow Directories can be accessed at
46 http://www.ietf.org/shadow.html
47
48 The distribution of this memo is unlimited.
49
50
51 .ti 0
52 Abstract
53
54 This memo describes a Packet Protocol used in the Secure Internet Live
55 Conferencing (SILC) protocol, specified in the Secure Internet Live
56 Conferencing, Protocol Specification Internet Draft [SILC1]. This
57 protocol describes the packet types and packet payloads which defines
58 the contents of the packets. The protocol provides secure binary packet
59 protocol that assures that the contents of the packets are secured and
60 authenticated.
61
62
63
64
65
66
67
68
69 .ti 0
70 Table of Contents
71
72 .nf
73 1 Introduction .................................................. 3
74 1.1 Requirements Terminology .................................. 4
75 2 SILC Packet Protocol .......................................... 4
76 2.1 SILC Packet ............................................... 4
77 2.2 SILC Packet Header ........................................ 5
78 2.3 SILC Packet Types ......................................... 8
79 2.3.1 SILC Packet Payloads ................................ 15
80 2.3.2 Generic payloads .................................... 16
81 2.3.2.1 ID Payload .................................. 16
82 2.3.2.2 Argument Payload ............................ 16
83 2.3.2.3 Channel Payload ............................. 17
84 2.3.2.4 Public Key Payload .......................... 18
85 2.3.2.5 Message Payload ............................. 19
86 2.3.3 Disconnect Payload .................................. 22
87 2.3.4 Success Payload ..................................... 23
88 2.3.5 Failure Payload ..................................... 23
89 2.3.6 Reject Payload ...................................... 24
90 2.3.7 Notify Payload ...................................... 25
91 2.3.8 Error Payload ....................................... 32
92 2.3.9 Channel Message Payload ............................. 33
93 2.3.10 Channel Key Payload ................................ 34
94 2.3.11 Private Message Payload ............................ 35
95 2.3.12 Private Message Key Payload ........................ 36
96 2.3.13 Command Payload .................................... 38
97 2.3.14 Command Reply Payload .............................. 39
98 2.3.15 Connection Auth Request Payload .................... 39
99 2.3.16 New ID Payload ..................................... 40
100 2.3.17 New Client Payload ................................. 41
101 2.3.18 New Server Payload ................................. 42
102 2.3.19 New Channel Payload ................................ 43
103 2.3.20 Key Agreement Payload .............................. 43
104 2.3.21 Resume Router Payload .............................. 44
105 2.3.22 File Transfer Payload .............................. 45
106 2.3.23 Resume Client Payload .............................. 46
107 2.4 SILC ID Types ............................................. 47
108 2.5 Packet Encryption And Decryption .......................... 48
109 2.5.1 Normal Packet Encryption And Decryption ............. 48
110 2.5.2 Channel Message Encryption And Decryption ........... 49
111 2.5.3 Private Message Encryption And Decryption ........... 50
112 2.6 Packet MAC Generation ..................................... 50
113 2.7 Packet Padding Generation ................................. 51
114 2.8 Packet Compression ........................................ 52
115 2.9 Packet Sending ............................................ 52
116 2.10 Packet Reception ......................................... 52
117 2.11 Packet Routing ........................................... 53
118 2.12 Packet Broadcasting ...................................... 54
119 3 Security Considerations ....................................... 55
120 4 References .................................................... 55
121 5 Author's Address .............................................. 56
122
123 .ti 0
124 List of Figures
125
126 .nf
127 Figure 1: Typical SILC Packet
128 Figure 2: SILC Packet Header
129 Figure 3: ID Payload
130 Figure 4: Argument Payload
131 Figure 5: Channel Payload
132 Figure 6: Public Key Payload
133 Figure 7: Message Payload
134 Figure 8: Disconnect Payload
135 Figure 9: Success Payload
136 Figure 10: Failure Payload
137 Figure 11: Reject Payload
138 Figure 12: Notify Payload
139 Figure 13: Error Payload
140 Figure 14: Channel Key Payload
141 Figure 15: Private Message Key Payload
142 Figure 16: Command Payload
143 Figure 17: Connection Auth Request Payload
144 Figure 18: New Client Payload
145 Figure 19: New Server Payload
146 Figure 20: Key Agreement Payload
147 Figure 21: Resume Router Payload
148 Figure 22: File Transfer Payload
149 Figure 23: Resume Client Payload
150
151
152 .ti 0
153 1. Introduction
154
155 This document describes a Packet Protocol used in the Secure Internet
156 Live Conferencing (SILC) protocol specified in the Secure Internet Live
157 Conferencing, Protocol Specification Internet Draft [SILC1]. This
158 protocol describes the packet types and packet payloads which defines
159 the contents of the packets. The protocol provides secure binary packet
160 protocol that assures that the contents of the packets are secured and
161 authenticated. The packet protocol is designed to be compact to avoid
162 unnecessary overhead as much as possible. This makes the SILC suitable
163 also in environment of low bandwidth requirements such as mobile networks.
164 All packet payloads can also be compressed to further reduce the size
165 of the packets.
166
167 All packets in SILC network are always encrypted and their integrity
168 is assured by computed MACs. The protocol defines several packet types
169 and packet payloads. Each packet type usually has a specific packet
170 payload that actually defines the contents of the packet. Each packet
171 also includes a default SILC Packet Header that provides sufficient
172 information about the origin of the packet and destination of the
173 packet.
174
175
176 .ti 0
177 1.1 Requirements Terminology
178
179 The keywords MUST, MUST NOT, REQUIRED, SHOULD, SHOULD NOT, RECOMMENDED,
180 MAY, and OPTIONAL, when they appear in this document, are to be
181 interpreted as described in [RFC2119].
182
183
184 .ti 0
185 2 SILC Packet Protocol
186
187 .ti 0
188 2.1 SILC Packet
189
190 SILC packets deliver messages from sender to receiver securely by
191 encrypting important fields of the packet. The packet consists of
192 default SILC Packet Header, Padding, Packet Payload data, and, packet
193 MAC.
194
195 The following diagram illustrates typical SILC packet.
196
197
198 .in 5
199 .nf
200 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
201 | n bytes | 1 - n bytes | n bytes | n bytes
202 | SILC Header | Padding | Data Payload | MAC
203 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
204 .in 3
205
206 .ce
207 Figure 1: Typical SILC Packet
208
209
210 SILC Header is always the first part of the packet and its purpose
211 is to provide information about the packet. It provides for example
212 the packet type, origin of the packet and the destination of the packet.
213 The header is variable in length. See the following section for
214 description of SILC Packet header. Packets without SILC header or
215 with malformed SILC header MUST be dropped.
216
217 Padding follows the packet header. The purpose of the padding is to
218 make the packet multiple by eight (8) or by the block size of the
219 cipher used in the encryption, which ever is larger. The maximum
220 length of padding is currently 128 bytes. The padding is always
221 encrypted. The padding is applied always, even if the packet is
222 not encrypted. See the section 2.7 Padding Generation for more
223 detailed information.
224
225 Data payload area follows padding and it is the actual data of the
226 packet. The packet data is the packet payloads defined in this
227 protocol. The data payload area is always encrypted.
228
229 The last part of SILC packet is the packet MAC that assures the
230 integrity of the packet. See the section 2.6 Packet MAC Generation
231 for more information. If compression is used the compression is
232 always applied before encryption.
233
234 All fields in all packet payloads are always in MSB (most significant
235 byte first) order.
236
237
238 .ti 0
239 2.2 SILC Packet Header
240
241 The SILC packet header is applied to all SILC packets and it is
242 variable in length. The purpose of SILC Packet header is to provide
243 detailed information about the packet. The receiver of the packet
244 uses the packet header to parse the packet and gain other relevant
245 parameters of the packet.
246
247 The following diagram represents the SILC packet header.
248
249 .in 5
250 .nf
251 1 2 3
252 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
253 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
254 | Payload Length | Flags | Packet Type |
255 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
256 | Pad Length | RESERVED | Source ID Len | Dest ID Len |
257 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
258 | Src ID Type | |
259 +-+-+-+-+-+-+-+-+ +
260 | |
261 ~ Source ID ~
262 | |
263 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
264 | Dst ID Type | |
265 +-+-+-+-+-+-+-+-+ +
266 | |
267 ~ Destination ID ~
268 | |
269 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
270 .in 3
271
272 .ce
273 Figure 2: SILC Packet Header
274
275
276 .in 6
277 o Payload Length (2 bytes) - Is the length of the packet
278 not including the padding of the packet.
279
280 o Flags (1 byte) - Indicates flags to be used in packet
281 processing. Several flags may be set by ORing the flags
282 together.
283
284 The following flags are reserved for this field:
285
286
287 No flags 0x00
288
289 In this case the field is ignored.
290
291
292 Private Message Key 0x01
293
294 Indicates that the packet must include private
295 message that is encrypted using private key set by
296 client. Servers does not know anything about this
297 key and this causes that the private message is
298 not handled by the server at all, it is just
299 passed along. See section 2.5.3 Private Message
300 Encryption And Decryption for more information.
301
302
303 List 0x02
304
305 Indicates that the packet consists of list of
306 packet payloads indicated by the Packet Type field.
307 The payloads are added one after the other. Note that
308 there are packet types that must not be used as
309 list. Parsing of list packet is done by calculating
310 the length of each payload and parsing them one by
311 one.
312
313
314 Broadcast 0x04
315
316 Marks the packet to be broadcasted. Client cannot
317 send broadcast packet and normal server cannot send
318 broadcast packet. Only router server may send broadcast
319 packet. The router receiving of packet with this flag
320 set MUST send (broadcast) the packet to its primary
321 route. If router has several router connections the
322 packet may be sent only to the primary route. See
323 section 2.12 Packet Broadcasting for description of
324 packet broadcasting.
325
326
327
328 Compressed 0x08
329
330 Marks that the payload of the packet is compressed.
331 The sender of the packet marks this flag when it
332 compresses the payload, and any server or router
333 en route to the recipient MUST NOT unset this flag.
334 See section 2.8 Packet Compression for description of
335 packet compressing.
336
337 .in 3
338
339 o Packet Type (1 byte) - Is the type of the packet. Receiver
340 uses this field to parse the packet. See section 2.3
341 SILC Packets for list of defined packet types.
342
343 o Pad Length (1 byte) - Indicates the length of the padding
344 applied after the SILC Packet header. Maximum length for
345 padding is 128 bytes.
346
347 o RESERVED (1 byte) - Reserved field and must include a
348 zero (0) value.
349
350 o Source ID Length (1 byte) - Indicates the length of the
351 Source ID field in the header, not including this or any
352 other fields.
353
354 o Destination ID Length (1 byte) - Indicates the length of the
355 Destination ID field in the header, not including this or
356 any other fields.
357
358 o Src ID Type (1 byte) - Indicates the type of ID in the
359 Source ID field. See section 2.4 SILC ID Types for
360 defined ID types.
361
362 o Source ID (variable length) - The actual source ID that
363 indicates which is the original sender of the packet.
364
365 o Dst ID Type (1 byte) - Indicates the type of ID in the
366 Destination ID field. See section 2.4 SILC ID Types for
367 defined ID types.
368
369 o Destination ID (variable length) - The actual destination
370 ID that indicates which is the end receiver of the packet.
371
372
373
374
375
376
377 .ti 0
378 2.3 SILC Packet Types
379
380 SILC packet types defines the contents of the packet and it is used by
381 the receiver to parse the packet. The packet type is 8 bits, as a one
382 byte, in length. The range for the packet types are from 0 - 255,
383 where 0 is never sent and 255 is currently reserved for future
384 extensions and MUST NOT be defined to any other purpose. Every SILC
385 specification compliant implementation SHOULD support all of these packet
386 types.
387
388 The below list of the SILC Packet types includes reference to the packet
389 payload as well. Packet payloads are the actual packet data area. Each
390 packet type defines packet payload which usually may only be sent with
391 the specific packet type.
392
393 Most of the packets are packets that must be destined directly to entity
394 that is connected to the sender. It is not allowed, for example, for a
395 router to send disconnect packet to client that is not directly connected
396 to the router. However, there are some special packet types that may
397 be destined to some entity that the sender does not have direct
398 connection with. These packets are for example private message packets,
399 channel message packets, command packets and some other packets that may
400 be broadcasted in the SILC network. If the packet is allowed to be sent
401 to indirectly connected entity it is defined separately in the packet
402 description below. Other packets MUST NOT be sent or accepted, if sent,
403 to indirectly connected entities.
404
405 Some packets MAY be sent as lists by adding the List flag to the Packet
406 Header and constructing multiple packet payloads one after the other.
407 When this is allowed it is separately defined below. Other packets
408 MUST NOT be sent as list and the List flag MUST NOT be set.
409
410
411 List of SILC Packet types are defined as follows.
412
413 .in 1
414 0 SILC_PACKET_NONE
415
416 This type is reserved and it is never sent.
417
418
419 1 SILC_PACKET_DISCONNECT
420
421 This packet is sent to disconnect the remote end. Reason of
422 the disconnection is sent inside the packet payload. Client
423 usually does not send this packet.
424
425 Payload of the packet: See section 2.3.3 Disconnect Payload
426
427
428 2 SILC_PACKET_SUCCESS
429
430 This packet is sent upon successful execution of some protocol.
431 The status of the success is sent in the packet.
432
433 Payload of the packet: See section 2.3.4 Success Payload
434
435
436 3 SILC_PACKET_FAILURE
437
438 This packet is sent upon failure of some protocol. The status
439 of the failure is sent in the packet.
440
441 Payload of the packet: See section 2.3.5 Failure Payload
442
443
444 4 SILC_PACKET_REJECT
445
446 This packet MAY be sent upon rejection of some protocol.
447 The status of the rejection is sent in the packet.
448
449 Payload of the packet: See section 2.3.6 Reject Payload
450
451
452 5 SILC_PACKET_NOTIFY
453
454 This packet is used to send notify message. The packet is
455 usually sent between server and client, but also between
456 server and router. Client MUST NOT send this packet. Server
457 MAY send this packet to channel as well when the packet is
458 distributed to all clients on the channel. This packet MAY
459 be sent as list.
460
461 Payload of the packet: See section 2.3.7 Notify Payload.
462
463
464
465 6 SILC_PACKET_ERROR
466
467 This packet is sent when an error occurs. Server MAY
468 send this packet. Client MUST NOT send this packet. The
469 client MAY entirely ignore the packet, however, server is
470 most likely to take action anyway. This packet MAY be sent
471 to entity that is indirectly connected to the sender.
472
473 Payload of the packet: See section 2.3.8 Error Payload.
474
475
476 7 SILC_PACKET_CHANNEL_MESSAGE
477
478 This packet is used to send messages to channels. The packet
479 includes Channel ID of the channel and the actual message to
480 the channel. Messages sent to the channel are always protected
481 by channel specific keys. Channel Keys are distributed by
482 SILC_PACKET_CHANNEL_KEY packet. This packet MAY be sent to
483 entity that is indirectly connected to the sender.
484
485 Payload of the packet: See section 2.3.9 Channel Message
486 Payload
487
488
489 8 SILC_PACKET_CHANNEL_KEY
490
491 This packet is used to distribute new key for particular
492 channel. Each channel has their own independent keys that
493 is used to protect the traffic on the channel. Only server
494 may send this packet. This packet MAY be sent to entity
495 that is indirectly connected to the sender.
496
497 Payload of the packet: See section 2.3.10 Channel Key Payload
498
499
500 9 SILC_PACKET_PRIVATE_MESSAGE
501
502 This packet is used to send private messages from client
503 to another client. By default, private messages are protected
504 by session keys established by normal key exchange protocol.
505 However, it is possible to use specific key to protect private
506 messages. See [SILC1] for private message key generation.
507 This packet MAY be sent to entity that is indirectly connected
508 to the sender.
509
510 Payload of the packet: See section 2.3.11 Private Message
511 Payload
512
513
514 10 SILC_PACKET_PRIVATE_MESSAGE_KEY
515
516 This packet can be used to agree about a key to be used to
517 protect private messages between two clients. This packet
518 is sent inside the SILC network and protected with session
519 keys. There are other means of agreeing to use private message
520 keys as well, than sending this packet which may not be
521 desirable on all situations. See the [SILC1] for private
522 message key generation.
523
524 Payload of the packet: See section 2.3.12 Private Message
525 Key Payload
526
527
528 11 SILC_PACKET_COMMAND
529
530 This packet is used to send commands from client to server.
531 Server MAY send this packet to other servers as well. All
532 commands are listed in their own section SILC Command Types
533 in [SILC4]. The contents of this packet is command specific.
534 This packet MAY be sent to entity that is indirectly connected
535 to the sender.
536
537 Payload of the packet: See section 2.3.13 Command Payload
538
539
540 12 SILC_PACKET_COMMAND_REPLY
541
542 This packet is sent as reply to the SILC_PACKET_COMMAND packet.
543 The contents of this packet is command specific. This packet
544 MAY be sent to entity that is indirectly connected to the
545 sender.
546
547 Payload of the packet: See section 2.3.14 Command Reply
548 Payload and section 2.3.13 Command
549 Payload
550
551
552
553
554 13 SILC_PACKET_KEY_EXCHANGE
555
556 This packet is used to start SILC Key Exchange Protocol,
557 described in detail in [SILC3].
558
559 Payload of the packet: Payload of this packet is described
560 in the section SILC Key Exchange
561 Protocol and its sub sections in
562 [SILC3].
563
564
565 14 SILC_PACKET_KEY_EXCHANGE_1
566
567 This packet is used as part of the SILC Key Exchange Protocol.
568
569 Payload of the packet: Payload of this packet is described
570 in the section SILC Key Exchange
571 Protocol and its sub sections in
572 [SILC3].
573
574
575 15 SILC_PACKET_KEY_EXCHANGE_2
576
577 This packet is used as part of the SILC Key Exchange Protocol.
578
579 Payload of the packet: Payload of this packet is described
580 in the section SILC Key Exchange
581 Protocol and its sub sections in
582 [SILC3].
583
584
585 16 SILC_PACKET_CONNECTION_AUTH_REQUEST
586
587 This packet is used to request an authentication method to
588 be used in the SILC Connection Authentication Protocol. If
589 initiator of the protocol does not know the mandatory
590 authentication method this packet MAY be used to determine it.
591 The party receiving this payload SHOULD respond with the same
592 packet including the mandatory authentication method.
593
594 Payload of the packet: See section 2.3.15 Connection Auth
595 Request Payload
596
597
598
599
600 17 SILC_PACKET_CONNECTION_AUTH
601
602 This packet is used to start and perform the SILC Connection
603 Authentication Protocol. This protocol is used to authenticate
604 the connecting party. The protocol is described in detail in
605 [SILC3].
606
607 Payload of the packet: Payload of this packet is described
608 in the section SILC Authentication
609 Protocol and it sub sections in [SILC].
610
611
612 18 SILC_PACKET_NEW_ID
613
614 This packet is used to distribute new IDs from server to
615 router and from router to all other routers in SILC network.
616 This is used when for example new client is registered to
617 SILC network. The newly created IDs of these operations are
618 distributed by this packet. Only server may send this packet,
619 however, client MUST be able to receive this packet. This
620 packet MAY be sent to entity that is indirectly connected
621 to the sender. This packet MAY be sent as list.
622
623 Payload of the packet: See section 2.3.16 New ID Payload
624
625
626 19 SILC_PACKET_NEW_CLIENT
627
628 This packet is used by client to register itself to the
629 SILC network. This is sent after key exchange and
630 authentication protocols has been completed. Client sends
631 various information about itself in this packet.
632
633 Payload of the packet: See section 2.3.17 New Client Payload
634
635
636 20 SILC_PACKET_NEW_SERVER
637
638 This packet is used by server to register itself to the
639 SILC network. This is sent after key exchange and
640 authentication protocols has been completed. Server sends
641 this to the router it connected to, or, if router was
642 connecting, to the connected router. Server sends its
643 Server ID and other information in this packet. The client
644 MUST NOT send or receive this packet.
645
646 Payload of the packet: See section 2.3.18 New Server Payload
647
648
649 21 SILC_PACKET_NEW_CHANNEL
650
651 This packet is used to notify routers about newly created
652 channel. Channels are always created by the router and it MUST
653 notify other routers about the created channel. Router sends
654 this packet to its primary route. Client MUST NOT send this
655 packet. This packet MAY be sent to entity that is indirectly
656 connected to the sender. This packet MAY be sent as list.
657
658 Payload of the packet: See section 2.3.19 New Channel Payload
659
660
661 22 SILC_PACKET_REKEY
662
663 This packet is used to indicate that re-key must be performed
664 for session keys. See section Session Key Regeneration in
665 [SILC1] for more information. This packet does not have
666 a payload.
667
668
669 23 SILC_PACKET_REKEY_DONE
670
671 This packet is used to indicate that re-key is performed and
672 new keys must be used hereafter. This packet does not have a
673 payload.
674
675
676 24 SILC_PACKET_HEARTBEAT
677
678 This packet is used by clients, servers and routers to keep the
679 connection alive. It is RECOMMENDED that all servers implement
680 keepalive actions and perform it to both direction in a link.
681 This packet does not have a payload.
682
683
684 25 SILC_PACKET_KEY_AGREEMENT
685
686 This packet is used by clients to request key negotiation
687 between another client in the SILC network. If the negotiation
688 is started it is performed using the SKE protocol. The result of
689 the negotiation, the secret key material, can be used for
690 example as private message key. The server and router MUST NOT
691 send this packet.
692
693 Payload of the packet: See section 2.3.20 Key Agreement Payload
694
695
696 26 SILC_PACKET_RESUME_ROUTER
697
698 This packet is used during backup router protocol when the
699 original primary router of the cell comes back online and wishes
700 to resume the position as being the primary router of the cell.
701
702 Payload of the packet: See section 2.3.21 Resume Router Payload
703
704
705 27 SILC_PACKET_FTP
706
707 This packet is used to perform an file transfer protocol in the
708 SILC session with some entity in the network. The packet is
709 multi purpose. The packet is used to tell other entity in the
710 network that the sender wishes to perform an file transfer
711 protocol. The packet is also used to actually tunnel the
712 file transfer protocol stream. The file transfer protocol
713 stream is always protected with the SILC binary packet protocol.
714
715 Payload of the packet: See section 2.3.22 File Transfer Payload
716
717
718 28 SILC_PACKET_RESUME_CLIENT
719
720 This packet is used to resume a client back to the network
721 after it has been detached. A client is able to detach from
722 the network but the client is still valid client in the network.
723 The client may then later resume its session back by sending
724 this packet to a server. Routers also use this packet to notify
725 other routers in the network that the detached client has resumed.
726
727 Payload of the packet: See section 2.3.23 Resume Client Payload
728
729
730 29 - 199
731
732 Currently undefined commands.
733
734
735 200 - 254
736
737 These packet types are reserved for private use and they will
738 not be defined by this document.
739
740
741 255 SILC_PACKET_MAX
742
743 This type is reserved for future extensions and currently it
744 MUST NOT be sent.
745 .in 3
746
747
748 .ti 0
749 2.3.1 SILC Packet Payloads
750
751 All payloads resides in the main data area of the SILC packet. However
752 all payloads MUST be at the start of the data area after the SILC
753 packet header and padding. All fields in the packet payload are always
754 encrypted, as they reside in the data area of the packet which is
755 always encrypted.
756
757 Payloads described in this section are common payloads that MUST be
758 accepted anytime during SILC session. Most of the payloads may only
759 be sent with specific packet type which is defined in the description
760 of the payload.
761
762 There are many other payloads in SILC as well. However, they are not
763 common in the sense that they could be sent at any time. These payloads
764 are not described in this section. These are payloads such as SILC
765 Key Exchange payloads and so on. These are described in [SILC1],
766 [SILC3] and [SILC4].
767
768
769 .ti 0
770 2.3.2 Generic payloads
771
772 This section describes generic payloads that are not associated to any
773 specific packet type. They can be used for example inside some other
774 packet payload.
775
776
777 .ti 0
778 2.3.2.1 ID Payload
779
780 This payload can be used to send an ID. ID's are variable in length
781 thus this payload provides a way to send variable length ID.
782
783 The following diagram represents the ID Payload.
784
785 .in 5
786 .nf
787 1 2 3
788 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
789 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
790 | ID Type | ID Length |
791 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
792 | |
793 ~ ID Data ~
794 | |
795 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
796 .in 3
797
798 .ce
799 Figure 3: ID Payload
800
801
802 .in 6
803 o ID Type (2 bytes) - Indicates the type of the ID. See
804 section 2.4 SILC ID Types for list of defined ID types.
805
806 o ID Length (2 bytes) - Length of the ID Data area not
807 including the length of any other fields in the payload.
808
809 o ID Data (variable length) - The actual ID data. The encoding
810 of the ID data is defined in section 2.4 SILC ID Types.
811 .in 3
812
813
814 .ti 0
815 2.3.2.2 Argument Payload
816
817 Argument Payload is used to set arguments for any packet payload that
818 need and support arguments, such as commands. Number of arguments
819 associated with a packet MUST be indicated by the packet payload which
820 need the arguments. Argument Payloads MUST always reside right after
821 the packet payload needing the arguments. Incorrect amount of argument
822 payloads MUST cause rejection of the packet.
823
824 The following diagram represents the Argument Payload.
825
826 .in 5
827 .nf
828 1 2 3
829 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
830 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
831 | Payload Length | Argument Type | |
832 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
833 | |
834 ~ Argument Data ~
835 | |
836 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
837 .in 3
838
839 .ce
840 Figure 4: Argument Payload
841
842
843 .in 6
844 o Payload Length (2 bytes) - Length of the Argument Data
845 field not including the length of any other field in the
846 payload.
847
848 o Argument Type (1 byte) - Indicates the type of the argument.
849 Every argument can have a specific type that MUST be defined
850 by the packet payload needing the argument. For example
851 every command specify a number for each argument that may be
852 associated with the command. By using this number the receiver
853 of the packet knows what type of argument this is. If there is
854 no specific argument type this field is set to zero (0) value.
855
856 o Argument Data (variable length) - Argument data.
857 .in 3
858
859
860 .ti 0
861 2.3.2.3 Channel Payload
862
863 Generic Channel Payload may be used to send information about a channel,
864 its name, the Channel ID and a mode.
865
866 The following diagram represents the Channel Payload.
867
868
869 .in 5
870 .nf
871 1 2 3
872 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
873 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
874 | Channel Name Length | |
875 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
876 | |
877 ~ Channel Name ~
878 | |
879 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
880 | Channel ID Length | |
881 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
882 | |
883 ~ Channel ID ~
884 | |
885 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
886 | Mode Mask |
887 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
888 .in 3
889
890 .ce
891 Figure 5: New Channel Payload
892
893
894 .in 6
895 o Channel Name Length (2 bytes) - Length of the channel name
896 field.
897
898 o Channel Name (variable length) - The name of the channel.
899
900 o Channel ID Length (2 bytes) - Length of the Channel ID field.
901
902 o Channel ID (variable length) - The Channel ID.
903
904 o Mode Mask (4 bytes) - A mode. This can be the mode of the
905 channel but it can also be the mode of a client on the
906 channel. The contents of this field is dependent of the
907 usage of this payload. The usage is defined separately
908 when this payload is used. This is a 32 bit MSB first value.
909 .in 3
910
911
912 .ti 0
913 2.3.2.4 Public Key Payload
914
915 Generic Public Key Payload may be used to send different type of
916 public keys and certificates.
917
918 The following diagram represents the Public Key Payload.
919
920 .in 5
921 .nf
922 1 2 3
923 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
924 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
925 | Public Key Length | Public Key Type |
926 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
927 | |
928 ~ Public Key (or certificate) ~
929 | |
930 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
931 .in 3
932
933 .ce
934 Figure 6: Public Key Payload
935
936
937 .in 6
938 o Public Key Length (2 bytes) - The length of the Public Key
939 (or certificate) field, not including any other field.
940
941 o Public Key Type (2 bytes) - The public key (or certificate)
942 type. This field indicates the type of the public key in
943 the packet. See the [SILC3] for defined public key types.
944
945 o Public Key (or certificate) (variable length) - The
946 public key or certificate data.
947 .in 3
948
949
950 .ti 0
951 2.3.2.5 Message Payload
952
953 Generic Message Payload can be used to send messages in SILC. It
954 is used to send channel messages and private messages.
955
956 The following diagram represents the Message Payload.
957
958 (*) indicates that the field is not encrypted.
959
960 .in 5
961 .nf
962 1 2 3
963 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
964 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
965 | Message Flags | Message Length |
966 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
967 | |
968 ~ Message Data ~
969 | |
970 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
971 | Padding Length | |
972 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
973 | |
974 ~ Padding ~
975 | |
976 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
977 | |
978 ~ Initial Vector * ~
979 | |
980 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
981 | |
982 ~ MAC * ~
983 | |
984 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
985 .in 3
986
987 .ce
988 Figure 7: Message Payload
989
990
991 .in 6
992 o Message Flags (2 bytes) - Includes the Message Flags of the
993 message. The flags can indicate a reason or a purpose for
994 the message. The following Message Flags are defined:
995
996 0x0000 SILC_MESSAGE_FLAG_NONE
997
998 No specific flags set.
999
1000 0x0001 SILC_MESSAGE_FLAG_AUTOREPLY
1001
1002 This message is an automatic reply to an earlier
1003 received message.
1004
1005 0x0002 SILC_MESSAGE_FLAG_NOREPLY
1006
1007 There should not be reply messages to this
1008 message.
1009
1010 0x0004 SILC_MESSAGE_FLAG_ACTION
1011
1012 The sender is performing an action and the message
1013 is the indication of the action.
1014
1015 0x0008 SILC_MESSAGE_FLAG_NOTICE
1016
1017 The message is for example an informational notice
1018 type message.
1019
1020 0x0010 SILC_MESSAGE_FLAG_REQUEST
1021
1022 This is a generic request flag to send request
1023 messages. A separate document should define any
1024 payloads associated to this flag.
1025
1026 0x0020 SILC_MESSAGE_FLAG_SIGNED
1027
1028 This flag indicates that the message is signed
1029 with sender's private key and thus can be verified
1030 by the receiver using the sender's public key. A
1031 separate document should define the detailed procedure
1032 of the signing process and any associated payloads
1033 for this flag.
1034
1035 0x0040 SILC_MESSAGE_FLAG_REPLY
1036
1037 This is a generic reply flag to send a reply to
1038 previously received request. A separate document
1039 should define any payloads associated to this flag.
1040
1041 0x0080 SILC_MESSAGE_FLAG_DATA
1042
1043 This is a generic data flag, indicating that the
1044 message includes some data which can be interpreted
1045 in a specific way. Using this flag any kind of data
1046 can be delivered inside message payload. A separate
1047 document should define how this flag is interpreted
1048 and define any associated payloads.
1049
1050 0x0100 SILC_MESSAGE_FLAG_UTF8
1051
1052 This flag indicates that the message is UTF-8 encoded
1053 textual message. When sending text messages in SILC
1054 this flag SHOULD be used. When this flag is used the
1055 text sent as message MUST be UTF-8 encoded.
1056
1057 0x0200 - 0x0800 RESERVED
1058
1059 Reserved for future flags.
1060
1061 0x1000 - 0x8000 PRIVATE RANGE
1062
1063 Private range for free use.
1064
1065 o Message Length (2 bytes) - Indicates the length of the
1066 Message Data field in the payload, not including any
1067 other field.
1068
1069 o Message Data (variable length) - The actual message data.
1070
1071 o Padding Length (2 bytes) - Indicates the length of the
1072 Padding field in the payload, not including any other
1073 field.
1074
1075 o Padding (variable length) - If this payload is used as
1076 channel messages, the padding MUST be applied because
1077 this payload is encrypted separately from other parts
1078 of the packet. If this payload is used as private
1079 messages, the padding is present only when the payload
1080 is encrypted with private message key. If encrypted
1081 with session keys this field MUST NOT be present and the
1082 Padding Length field includes a zero (0) value. The
1083 padding SHOULD be random data.
1084
1085 o Initial Vector (variable length) - This field MUST be
1086 present when this payload is used as channel messages.
1087 The IV SHOULD be random data for each channel message.
1088
1089 When encrypting private messages with session keys this
1090 field MUST NOT be present. For private messages this
1091 field is present only when encrypting with a static
1092 private message key (pre-shared key). If randomly
1093 generated key material is used this field MUST NOT be
1094 present. Also, If Key Agreement (SKE) was used to
1095 negotiate fresh key material for private message key
1096 this field MUST NOT be present. See the section 4.6
1097 in [SILC1] for more information about IVs when
1098 encrypting private messages.
1099
1100 This field includes the initial vector used in message
1101 encryption. It need to be used in the packet decryption
1102 as well. Contents of this field depends on the encryption
1103 algorithm and encryption mode. This field is not encrypted,
1104 is not included in padding calculation and its length
1105 equals to cipher's block size. This field is authenticated
1106 by the message MAC.
1107
1108 o MAC (variable length) - The MAC computed from the
1109 Message Flags, Message Length, Message Data, Padding Length,
1110 Padding and Initial Vector fields in that order. The MAC
1111 is computed after the payload is encrypted. This is so
1112 called Encrypt-Then-MAC order; first encrypt, then compute
1113 MAC from ciphertext. The MAC protects the integrity of
1114 the Message Payload. Also, when used as channel messages
1115 it is possible to have multiple private channel keys set,
1116 and receiver can use the MAC to verify which of the keys
1117 must be used in decryption. This field is not encrypted.
1118 .in 3
1119
1120
1121 .ti 0
1122 2.3.3 Disconnect Payload
1123
1124 Disconnect payload is sent upon disconnection. Reason of the
1125 disconnection is sent to the disconnected party in the payload.
1126
1127 The payload may only be sent with SILC_PACKET_DISCONNECT packet. It
1128 MUST NOT be sent in any other packet type. The following diagram
1129 represents the Disconnect Payload.
1130
1131
1132 .in 5
1133 .nf
1134 1 2 3
1135 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1136 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+