UFTP - Encrypted UDP based FTP with multicast 1. Introduction A UFTP session consists of 3 main phases: The Announce/Register phase, the File Transfer phase, and the Completion/Confirmation phase. The File Transfer phase additionally consists of the File Info phase and the Data Transfer phase for each file sent. The Announce/Register phase sets up the multicast file transfer session and negotiates all encryption parameters. The server sends out an announcement over a public multicast address which the clients are expected to be listening on. All subsequent messages from the server go over a private multicast address specified in the announcement. Allowed clients send a registration to respond to the announcement. The server will then send either a confirmation message if there encryption is disabled, or the encryption keys for the session if encryption is enabled. If the client receives the encryption keys, it sends an acknowledgment back to the server. The File Transfer phase starts with the File Info phase for the first file to send. The server sends a message describing the file in question. Besides the name and size of the file, this message describes how the file will be broken down. A file is divided into a number of blocks, and these blocks are grouped into sections. A block is a piece of the file that is sent in a single packet. A section is a grouping of blocks that can be sent together before the server needs to request feedback from the clients. The total number of blocks and sections is included in this message. Continuing the File Transfer phase is the Data Transfer phase for the first file. Data packets, each of which is a block, are sent by the server at a rate specified by the user. Because UDP does not guarantee that packets will arrive in order, each block is numbered so the client can properly reassemble the file. When the server finishes a section, it send a message to the clients requesting status. The clients then send back a status message containing the list of NAKs (negative acknowledgments) for the blocks in that section. Once all sections have been sent, if the server has received a non zero number of NAKs from any client, the server will begin a second pass of the data, this time only sending the packets that were NAKed. The server will continue with subsequent passes of the data until all clients have either received the file or have timed out while the server was waited for a status message. When a client has received the entire file, it sends a completion message in response to the next status request. The File Info phase and the Data Transfer phase are then repeated for each file to be sent during the session The Completion/Confirmation phase shuts down the session between the server and clients. It starts with a message from the server indication the end of the session. The clients then respond with a completion message, and the server responds to each completion with a confirmation message. 2. Definitions Server: A process run on demand that sends one or more files. Client: Daemon process that receives files. Public multicast address: A multicast address that a client or proxy expects to receive announcements from a server on. Private multicast address: Specified by the server when a session is initiated. All traffic from the server other than announcements are sent to this address. Proxy: Daemon process that relays UFTP traffic between servers and clients. Server proxy: A proxy, typically local to a server, that forms the upstream end of a multicast tunnel. It listens on the public multicast address (and private multicast address when specified) and forwards downstream packets to a specific address downstream. Upstream packets are forwarded back where the announcement originated from. Client proxy: A proxy, typically local to one or more clients, that forms the downstream end of a multicast tunnel. It receives unicast data from one or more server proxies and forwards downstream traffic to the multicast address specified in the packet header. Upstream traffic from clients is gathered and forwarded back where the announcement came from as an aggregated response. Response proxy: A proxy that functions as a response aggregator in situations where the server has direct multicast accessibility to clients but the number of clients are to high for the server to handle itself. It listens on the public multicast address (and private multicast address when specified), but does not forward packets from the server since those packets reach clients directly. It does however send some messages directly to clients in the process of establishing encryption keys. Upstream traffic from clients is gathered and forwarded back where the announcement came from as an aggregated response. Clients in this environment are configured to send all responses to a specific response proxy. Messages sent directly from response proxies to clients use multicast (either the primary public address, or the private address, depending on the message). Block: A piece of a file to be sent in a single packet. Section: A grouping of blocks. A section of blocks is the most the server can send before requesting status from a client. A client can send back a single status message to represent the NAKs for an entire section. 3. Encryption Setup The encryption protocol borrows from TLS (RFC5246), DTLS (RFC4347) and MIKEY (RFC3830). Due to the large amount of traffic that may be generated while communicating with a large number of clients, the required messages are made as small as possible and integrated into the original UFTP messaging structure to minimize the amount of traffic in the setup phase. Valid block encryption algorithms are DES-CBC, 3 key Triple DES-CBC, AES-128-CBC, and AES-256-CBC. While AES is more secure and therefore preferred, DES and Triple DES are supported for environments where AES is not available. For the block encryption algorithm chosen, there are: encryption_key_length IV_length For each message to be encrypted, an IV must be generated as follows: For a 128-bit IV: IV = S XOR (group_ID + IP + T) For a 64-bit IV: IV = S XOR (group_ID + IP) XOR T where group_ID is the group ID, T is the 64-bit UNIX timestamp (32-bit seconds followed by 32-bit microseconds since the UNIX epoch of 1/1/1970 00:00:00 UTC), IP is the IP address of the message sender, and S is a salt of size IV_length, derived below. Valid hash algorithms are SHA-1, and SHA-256. While SHA-256 is preferred, SHA-1 is supported for environments where SHA-256 is not available. For the hash algorithm chosen, there is: hash_length The server has the option to use either a symmetric key HMAC or RSA signatures for authentication of encrypted messages. HMAC is smaller and faster, while RSA protects against attacks from within the group. When using RSA signatures, to maintain identical block sizes between FILESEG and STATUS messages, all clients MUST use a key the same length as the server. Clients may maintain multiple private keys of differing lengths to accommodate different servers. In the ANNOUNCE message, the server sends a random number and its RSA public key. The random number is 32 bytes, with the first 4 being the current time in the standard UNIX time format, and the remaining 28 generated by a secure random number generator. Each client then sends in the REGISTER its own random number, constructed identically to the server's, and a 48 byte premaster secret key encrypted with the server's public key. The premaster secret consists of 1 byte for the client's version and the remaining 47 chosen by a secure random number generator. The client may also send a CLIENT_KEY message at this time. This message is required if the server requests either RSA signatures or simply to authenticate the client. This messages also contains a signature (using the client's RSA key) of the hash of: group ID + private address + server random + client random + premaster secret The server and each client calculates a 48 byte master secret as follows: master_secret = PRF(pre_master_secret, "master secret", server_random + client_random)[0-47] When SHA-1 is the selected hash, the pseudo-random function (PRF) is as defined in TLS 1.1 (RFC4346) which uses a SHA1/MD5 combination. Otherwise, the pseudo-random function (PRF) is as defined in TLS 1.2 (RFC5246) using the server selected hash function. Using the master secret, a key block is generated: key_block = PRF(master_secret, "key expansion", server_random + client_random); From the key block, the first hash_length bytes comprise the HMAC key, the next encryption_key_length bytes comprise the session key, and the next IV_length bytes comprise the salt from which session IVs are derived. Currently, the HMAC key based on the master secret between the server and a particular client is not used, but the key material is generated anyway to be consistent with key expansion of the group key and as a hedge in case it could be used in a future release. After receiving the REGISTER the server sends a KEYINFO message containing the group master key encrypted with the session key for the client, along with a 64-bit UNIX timestamp. A KEYINFO can contain the group key encrypted multiple times, with each one encrypted with a different client's session key and grouped with the IP address of the client. The group master key is chosen by the server. It is 48 bytes, with the first byte being the server version and the remaining 47 bytes chosen by a secure random number generator. To save bandwidth, only the 47 random bytes are encrypted. Given the block size of the supported cyphers of 8 or 16, this results in the encrypted key being 48 bytes (instead of 64, if 48 bytes were encrypted). The other byte can be derived from the version of the KEYINFO message. From the group master key, a key block is generated as follows: key_block = PRF(group_master, "key expansion", server_random); From the key block, the first hash_length bytes comprise the group HMAC key, the next encryption_key_length bytes comprise the group session key, and the next IV_length bytes comprise the salt from which group session IVs are derived. Upon receiving the KEYINFO message, the client responds with an INFO_ACK message. This message contains a 12 byte verify_data field constructed as follows: PRF(group_master, "client finished", Hash(handshake_values))[0-11] Where Hash is the server selected hash function and handshake_values is: group ID + private address + server random + client random + premaster secret + [ client_key_exponent + client_key_modulus ] + group_master where client_key_exponent and client_key_modulus are the components of the client's RSA public key, if a CLIENT_KEY message was sent. All subsequent messages after a KEYINFO from either client or server are encrypted using the group session key, and the whole UDP packet is signed with either the group HMAC key or the sender's RSA key, depending on what the server selects. Each of these messages also contains the 64-bit UNIX timestamp used to generate the IV for that message. The IP address used to generate the IV should be the same one placed in the srcaddr field. Clients receiving a KEYINFO message also uses the IP address from srcaddr. A server proxy may choose to dynamically determine its destination client proxy. It does this by means of authenticated heartbeat messages. The server proxy specifies the public key fingerprint of the client proxy it wishes to send to. This is useful when the client proxy is NATed and its IP address cannot be determined ahead of time, and may in fact change on the fly. When a server proxy in this mode receives an HB_REQ message, it responds with an HB_RESP message containing a flag indicating that authentication is required along with a randomly chosen nonce value. The client proxy is then expected to sign the nonce with its public key and sends back the nonce, the signed nonce, and its public key in another HB_REQ message. When the server proxy receives this message, it first checks the plaintext nonce to see if it matches the last nonce it sent out. If so, it verifies the client proxy's public key fingerprint then verifies the signature. If these checks all pass, the server uses the incoming address of the HB_REQ as its downstream address, and sends back an HB_RESP indicating successful authentication. At this time the server will randomly select a new nonce so the old one is not reused. If any of the checks fail, the server proxy sends back an HB_RESP message indicating failed authentication, and the current destination remains unchanged. Any future HB_REQ messages the server proxy gets from the established downstream client proxy is automatically accepted. Only when the IP/port does not match will the server proxy issue a challenge. 4. Messages 4.1 Message Flow While it would save one round trip to send a KEYINFO and FILEINFO together with encryption enabled and only one file to send, keeping them separate prevents eavesdroppers from determining information about the encrypted stream, such as the number of files being sent. See section 3.2 for more details. 4.1.1 Announce/Register phase with encryption: 4.1.1.1 Without proxies Server Client ------ ------ ANNOUNCE ---> <--- REGISTER <--- CLIENT_KEY (optional) KEYINFO ---> <--- INFO_ACK 4.1.1.2 With server/client proxies Server Server Proxy Client Proxy Client ------ ------------ ------------ ------ ANNOUNCE ---> ---> ---> <--- REGISTER <--- CLIENT_KEY (optional) <--- <--- REGISTER <--- <--- CLIENT_KEY (optional) KEYINFO ---> ---> <--- <--- INFO_ACK REG_CONF ---> ---> KEYINFO ---> <--- INFO_ACK 4.1.1.3 With response proxy Server Response Proxy Client ------ -------------- ------ ANNOUNCE ---> ------------------------> <--- REGISTER <--- CLIENT_KEY (optional) <--- REGISTER <--- CLIENT_KEY (optional) KEYINFO ---> <--- INFO_ACK REG_CONF ---> KEYINFO ---> <--- INFO_ACK 4.1.2 Announce/Register phase without encryption 4.1.2.1 Without proxies Server Client ------ ------ ANNOUNCE ---> <--- REGISTER REG_CONF ---> 4.1.2.2 With server/client proxies Server Server Proxy Client Proxy Client ------ ------------ ------------ ------ ANNOUNCE ---> ---> ---> <--- REGISTER <--- <--- REGISTER REG_CONF ---> ---> ---> 4.1.2.3 With response proxy Server Response Proxy Client ------ -------------- ------ ANNOUNCE ---> ------------------------> <--- REGISTER <--- REGISTER REG_CONF ---> ------------------------> 4.1.3 File Transfer phase: Server Client ------ ------ FILEINFO ---> (either) <--- INFO_ACK (or) <--- COMPLETE FILESEG ---> ... ... DONE ---> (either) <--- STATUS (or) <--- COMPLETE ... 4.1.4 Completion/Confirmation phase: Server Client ------ ------ DONE ---> <--- COMPLETE DONE_CONF ---> 4.2 Message Details All messages start with the UFTP header, followed by a message specific header. With the exception of an ENCRYPTED message, each message header starts with an 8 bit function number. This allows for determining the message type of a decrypted message, so the message type is not revealed in the UFTP header. 4.2.1 UFTP header 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | UFTP ID | Function | Block Size | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Group ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Destination Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ UFTP ID: 8 bits Defines the version number of the protocol. Currently 0x30. Function: 8 bits The message number of the contained message. If the message is encrypted, this always specifies the message number for ENCRYPTED. Block Size: 16 bits The size of the entire UFTP packet in bytes, excluding this header (must be a multiple of 4). Group ID: 32 bits A unique identifier for the current session. Source Address: 32 bits The IP address of the sender. For a server, this is the designated outgoing multicast address. For a client or proxy, this is either the IP that matches an IP listed in an ANNOUNCE or the IP of the first non-loopback address. Destination Address: 32 bits The IP address that this message is ultimately destined for. 4.2.2 ENCRYPTED 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Timestamp_seconds | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Timestamp_microseconds | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Signature length | Payload Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Signature | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Encrypted Payload | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Specifies an encrypted message. Contains a signature followed by the encrypted message payload (which is one of the messages below). The signature is either an HMAC using the group key or an RSA signature using the sender's RSA key over the whole UFTP message, depending on the signature type chosen by the server. Timestamp_seconds: 32 bits The current time expressed as seconds since the UNIX epoch of 1/1/1970 00:00:00 UTC. Timestamp_microseconds: 32 bits The microsecond portion of the current time. This field and the above field are used in the calculation of the symmetric key IV for the encrypted payload. Signature length: 16 bits The length of the signature in bytes (must be a multiple of 4). Payload length: 16 bits The length of the encrypted payload in bytes (must be a multiple of 4). Signature: varies The signature for this message. It applies to the entire UFTP packet, including the UFTP header. May be either an HMAC using the group hmac key or an RSA signature using the sender's RSA private key. Encrypted Payload: varies The encrypted message, encrypted with the group symmetric key. 4.2.3 ANNOUNCE 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Function | Flags | Destination Count | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Announce Interval | Status Interval | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Register Interval | Done Interval | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Announce Time | Status Time | MTU | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Private Multicast Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Client | Signature | Hash | Key | | Authorization | Type | Type | Type | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Public Key Modulus Length | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Public Key Exponent | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | | + + | | + + | Server Random Number | + + | | + + | | + + | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Public Key Modulus | +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ | Client IP Address | +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ : .... : +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Sent by the server to initiate a file transfer. Contains basic info needed by clients to initiate a session. For closed group membership, the list of allowed clients is specified. Multiple messages may be sent to accommodate the full list of clients. This message goes over the public multicast address. All subsequent server messages go over the private multicast address. If the server needs to resend this message under closed group membership, only clients that did not respond are listed. Function: 8 bits The message number for this message. Always 1. Flags: 8 bits 0x01 - RESTART If set, this indicates that the session represented by this ANNOUNCE is a restart of a prior session. All other bits should be set to 0. Destination Count: 16 bits The number of client IP address listed in this message. With open group membership, this is always zero. With closed group membership, this is always non-zero. Announce Interval: 16 bits The number of milliseconds the server will wait before retransmitting an ANNOUNCE, REG_CONF, KEYINFO, or FILEINFO. Status Interval: 16 bits The number of milliseconds the server will wait before retransmitting a DONE. Register Interval: 16 bits The number of milliseconds the client should wait before retransmitting a REGISTER. Done Interval: 16 bits The number of milliseconds the client should wait before retransmitting a COMPLETE when expecting a DONE_CONF. Announce Time: 8 bits The number of seconds the server may wait for a REGISTER or INFO_ACK in the Announce/Register phase or an INFO_ACK in the File Info phase before continuing to the next phase. Status Time: 8 bits The number of seconds the server may wait after sending one or more DONE messages before giving up on any client that haven't sent a STATUS or COMPLETE and continuing with the Data Transfer phase. MTU: 16 bits The total size of the IP message to send as specified by the server. This includes the IP and UDP headers as well as the UFTP message. Note that this does not account for the existence of IP header options, so when it's expected that IP header options may be added, this value should be set slightly lower than the path MTU to avoid IP packet fragmentation. Client Authorization: 8 bits Specifies whether the client should send a CLIENT_KEY message in addition to a REGISTER when responding. Valid values are 1 for true, 0 for false. Signature Type: 8 bits Specifies the signature type number of the signature to use on encrypted messages. See section 4.3 for the list of valid values. Hash Type: 8 bits Specifies the hash type number of the hashing algorithm to use for HMAC signatures and key derivation. See section 4.3 for the list of valid values. Key Type: 8 bits Specifies the key type number of the symmetric encryption algorithm to use. See section 4.3 for the list of valid values. Public Key Modulus Length: 16 bits The length in bytes of the server's RSA public key modulus Reserved: 8 bits Reserved for future use and should be set to 0. Public Key Exponent: 32 bits The public key exponent of the server's RSA public key. Server Random Number: 256 bits A 32-byte random number chosen by the server used to derive the master secret key between the server and each client. Public Key Modulus: varies The public key modulus of the server's RSA public key. Client IP Address: 32 bits each The IP address of one or more clients that are allowed to join under closed group membership. 4.2.4 REGISTER 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Function | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Destination Count | Encrypted Premaster Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | | + + | | + + | Client Random Number | + + | | + + | | + + | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Encrypted Premaster Secret | +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ | Client IP Address | +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ : .... : +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Sent by the client to acknowledge receipt of an ANNOUNCE. If encryption is requested, also contains a random number and a premaster secret key encrypted with the server's public RSA key. Function: 8 bits The message number for this message. Always 2. Reserved: 24 bits Reserved for future use and should be set to 0. Destination Count: 16 bits The number of client IP address listed in this message. For a client, this should always be zero. Encrypted Premaster Length: 16 bits The length of the encrypted premaster secret key Client Random Number: 256 bits A 32-byte random number chosen by the client used to derive the master secret key between the server and each client. Encrypted Premaster Secret: varies The premaster secret key selected by the client, encrypted with the server's RSA public key Client IP Address: 32 bits each The IP address of one or more clients that a proxy received a REGSITER from and is now relaying to the server. 4.2.5 CLIENT_KEY 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Function | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Public Key Modulus Length | Signed Verify Data Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Public Key Exponent | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Public Key Modulus | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Signed Verify Data | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Sent by the client if the server requests client authentication, or if the server requests RSA signatures instead of HMAC. Function: 8 bits The message number for this message. Always 3. Reserved: 24 bits Reserved for future use and should be set to 0. Public Key Modulus Length: 16 bits The length in bytes of the client's RSA public key modulus. Signed Verify Data Length: 16 bits The length in bytes of the signed verify data field. Public Key Exponent: 32 bits The public key exponent of the client's RSA public key. Public Key Modulus: varies The public key modulus of the client's RSA public key. Signed Verify Data: varies The signature from the client's RSA private key of verification data based on the hash of the cryptographic parameters exchanged to this point. 4.2.6 REG_CONF 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Function | Reserved | Destination Count | +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ | Client IP Address | +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ : .... : +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Sent by the server in response to a REGISTER if there is no encryption. Contains a list of clients that the server received a REGISTER for, and multiple messages may be sent to accommodate the full list of clients. Also sent if the REGISTER came from a proxy. This allows proxies to confirm registrations when encryption is enabled. The server will not resend this message for a given client unless it receives an extra REGSITER from that client. Function: 8 bits The message number for this message. Always 4. Reserved: 8 bits Reserved for future use and should be set to 0. Destination Count: 16 bits The number of client IP address listed in this message. Client IP Address: 32 bits each The IP address of one or more clients that the server received a REGISTER for. 4.2.7 KEYINFO 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Function | Reserved | Destination |Encrypted Group| | | | Count | Master Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Timestamp_seconds | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Timestamp_microseconds | +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ encrypted | Client IP Address | key 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | | + + | | + + | | + + | | + + | Encrypted Group Master | + + | | + + | | + + | | + + | | + + | | + + | | +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ encrypted | Client IP Address | key 2 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ : .... : +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Sent by the server in response to a REGISTER if encryption is enabled. Contains the list of clients that the server received a REGISTER for, and multiple message may be sent to accommodate the full list of clients. If the server needs to resend this message, only clients that did not respond are listed. Also, for each listed client, it contains the group master key encrypted with the master secret key negotiated with that client. If a REGISTER is received from a proxy, KEYINFO gets sent directly to the proxy, not the clients it serves. Function: 8 bits The message number for this message. Always 6. Reserved: 8 bits Reserved for future use and should be set to 0. Destination Count: 8 bits The number of encrypted key messages listed in this message. Encrypted Group Master Length: 8 bits The length of the encrypted group master key in each encrypted key message. Should always be 48. Timestamp_seconds: 32 bits The current time expressed as seconds since the UNIX epoch of 1/1/1970 00:00:00 UTC. Timestamp_microseconds: 32 bits The microsecond portion of the current time. This field and the above field are used in the calculation of the symmetric key IV for the encrypted group master key for each listed client. Client IP Address: 32 bits each The IP address of one or more clients that the server received a REGISTER for. Encrypted Group Master: 384 bits each The last 47 bytes of the 48 byte group master secret, encrypted using the master symmetric key for the prior listed client. 4.2.8 FILEINFO 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Function | File Type | File ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Total Blocks | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Total Sections | Destination Count | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | File Size | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | File Name | +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ | Client IP Address | +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ : .... : +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Sent by the server to give information on a particular file being sent. Contains the list of currently active clients, and multiple message may be sent to accommodate the full list of clients. If the server needs to resend this message, only clients that did not respond are listed. If encryption is enabled, this message is encrypted and embedded within an ENCRYPTED message. Function: 8 bits The message number for this message. Always 5. File Type: 8 bits Specifies the type of file being sent (regular file, directory, or sybolic link). See section 4.3 for the list of valid values. File ID: 16 bits The identifier of the current file. Chosen by the server sequentially starting at 1. Total Blocks: 32 bits The number of blocks the file is broken up into. Total Section: 16 bits The number of sections the blocks are grouped into. Destination Count: 16 bits The number of client IP address listed in this message. File Size: 64 bits The size of the file to send in bytes. File Name: 300 bytes The path name of the file to send. A slash (/) is used as a directory separator. The file gets created with this path in the client's destination directory. Client IP Address: 32 bits each The IP address of one or more active clients. 4.2.9 INFO_ACK 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Function | Flags | File ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Destination Count | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | Verify Data | + + | | + + | | +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ | Client IP Address | +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ : .... : +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Sent by the client in response to a KEYINFO or a FILEINFO. If sent in response to KEYINFO, contains verification data based on the hash of the cryptographic parameters exchanged to this point. If sent in response to a FILEINFO, contains the file ID. If encryption is enabled, this message is encrypted and embedded within an ENCRYPTED message. Function: 8 bits The message number for this message. Always 7. Flags: 8 bits 0x01 - PARTIAL If set, this indicates that the client partially received the indicated file on a prior run. Valid only in response to a FILEINFO. All other bits should be set to 0. File ID: 16 bits If sent in response to a FILEINFO, the identifier of the current file. If sent in response to a KEYINFO, 0. Destination Count: 16 bits The number of client IP address listed in this message. Reserved: 16 bits Reserved for future use and should be set to 0. Client IP Address: 32 bits each The IP address of one or more clients that a proxy received an INFO_ACK from and is now relaying to the server. 4.2.10 FILESEG 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Function | Reserved | File ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Pass | Reserved | Section | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Block Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Sent by the server, and contains a block of data following this header. If encryption is enabled, this message is encrypted and embedded within an ENCRYPTED message. Function: 8 bits The message number for this message. Always 8. Reserved: 8 bits Reserved for future use and should be set to 0. File ID: 16 bits The identifier of the current file. Pass: 8 bits The pass number that the server is currently on. Section: 16 bits The section number for this block. Block Number: 32 bits The number of this block. 4.2.11 DONE 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Function | Pass | Section | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | File ID | Destination Count | +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ | Client IP Address | +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ : .... : +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Sent by the server at the end of a section to request NAKs. Contains the list of clients that the server needs status for, and multiple message may be sent to accommodate the full list of clients. If the server needs to resend this message, only clients that did not respond are listed. If encryption is enabled, this message is encrypted and embedded within an ENCRYPTED message. Function: 8 bits The message number for this message. Always 9. Pass: 8 bits The pass number that the server is currently on. Section: 16 bits The section number for this block. File ID: 16 bits The identifier of the current file. If zero, indicates the beginning of the Completion/Confirmation phase to end the session. Destination Count: 16 bits The number of client IP address listed in this message. Client IP Address: 32 bits each The IP address of one or more clients the server needs status for. 4.2.12 STATUS 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Function | Reserved | File ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Pass | Seq Number | Section | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | NAK Count | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Sent by the client in response to a DONE message. If encryption is enabled, this message is encrypted and embedded within an ENCRYPTED message. Function: 8 bits The message number for this message. Always 10. Reserved: 8 bits Reserved for future use and should be set to 0. File ID: 16 bits The identifier of the current file. Pass: 8 bits The pass number that the server is currently on. Seq Number: 8 bits A sequence number matching this STATUS to a PRSTATUS. Section: 16 bits The section number for this block. NAK Count: 32 bits The total number of NAKs contained in this message. If zero, this message contains only this header. If non-zero, contains a bitmask of the NAKs for the given section, and this bitmask is the size of a block. 4.2.13 PRSTATUS 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Function | Reserved | File ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Pass | Seq Number | Section | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Destination Count | Reserved | +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ | Client IP Address | +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ : .... : +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Sent by a client proxy along with a STATUS message. Contains the list of clients the most recent STATUS applies to. If encryption is enabled, this message is encrypted and embedded within an ENCRYPTED message. Function: 8 bits The message number for this message. Always 11. Reserved: 8 bits Reserved for future use and should be set to 0. File ID: 16 bits The identifier of the current file. Pass: 8 bits The pass number that the server is currently on. Seq Number: 8 bits A sequence number matching this PRSTATUS to a STATUS. Section: 16 bits The section number for this block. Destination Count: 16 bits The number of client IP address listed in this message. Reserved: 16 bits Reserved for future use and should be set to 0. Client IP Address: 32 bits each The IP address of one or more clients that a proxy received a STATUS from and is now relaying to the server. 4.2.14 COMPLETE 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Function | Status | File ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Destination Count | Reserved | +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ | Client IP Address | +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ : .... : +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Sent by the client in response to a DONE message when the client has received the whole file. May also be sent in a response to a FILEINFO if the session is a restart session and the client received the whole file on a prior attempt. If encryption is enabled, this message is encrypted and embedded within an ENCRYPTED message. If the file ID is 0, indicating the end of the session, all files and directories sent during the session are moved from the the client's temp directory to the destination directory, if a temp directory was specified. Files within directories are moved as part of the containing directory. Function: 8 bits The message number for this message. Always 12. Status: 8 bits Specifies the status of the COMPLETE message. When in sync mode, a status of COMP_STAT_NORMAL specifies that the file was a new file copied over, a status of COMP_STAT_SKIPPED specifies that the file was skipped because the incoming file was older, and a status of COMP_STAT_OVERWRITE specifies that the file overwrote an existing file. when not in sync mode, the status is set to COMP_STAT_NORMAL if the file was sent successfully. If the client rejects the file due to a pathname or filename issue, regardless of sync mode, the status is set to COMP_STAT_REJECTED. File ID: 16 bits The identifier of the current file. Destination Count: 16 bits The number of client IP address listed in this message. Reserved: 16 bits Reserved for future use and should be set to 0. Client IP Address: 32 bits each The IP address of one or more clients that a proxy received a COMPLETE from and is now relaying to the server. 4.2.15 DONE_CONF 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Function | Reserved | File ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Destination Count | Reserved | +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ | Client IP Address | +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ : .... : +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Send by the server in response to a COMPLETE message at the end of a session. Contains the list of clients that have completed. Multiple messages may be sent to accommodate the full list of clients. The server will not resend this message for a given client unless it receives an extra COMPLETE from that client. If encryption is enabled, this message is encrypted and embedded within an ENCRYPTED message. Function: 8 bits The message number for this message. Always 13. Reserved: 8 bits Reserved for future use and should be set to 0. File ID: 16 bits The identifier of the current file. TODO: remove this field, not needed. Destination Count: 16 bits The number of client IP address listed in this message. Reserved: 16 bits Reserved for future use and should be set to 0. Client IP Address: 32 bits each The IP address of one or more clients that the server received a COMPLETE for. 4.2.16 ABORT 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Function | Flags | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Host | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Message | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Sent by either a client or server when an error condition occurs. This message may or may not be encrypted, depending on whether or not the group master key has been negotiated. Function: 8 bits The message number for this message. Always 99. Flags: 8 bits 0x01 - CURRENT_FILE Applies only if sent to a client, and only if the Host field is zero. If set, specifies that all clients not actively working on the current file must abort. Clients that finished the current file do NOT abort and may receive the next file in the session. All other bits should be set to 0. Reserved: 16 bits Reserved for future use and should be set to 0. Host: 32 bits If sent by the server, specifies the client the server wishes to abort, or zero to specify that all clients must abort. If sent by a client, this is set to zero. If sent by a proxy on behalf of a client, it is set to the IP of the client that is aborting. If sent by a proxy on its own behalf, it is set to zero. Message: 300 bytes Descriptive text stating the reason for the abort. 4.2.17 HB_REQ 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Function | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Public Key Modulus Length | Signed Nonce Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Nonce | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Public Key Exponent | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Public Key Modulus | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Signed Nonce | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Sent by a proxy (usually a client proxy) to an upstream proxy for the purpose of opening up a hole in a firewall that the upstream proxy can send through, and revealing the proxy's NATed IP to the upstream proxy so the upstream proxy knows where to send other requests. Function: 8 bits The message number for this message. Always 14. Reserved: 24 bits Reserved for future use and should be set to 0. Public Key Modulus Length: 16 bits The length in bytes of the proxy's RSA public key modulus. Signed Nonce Length: 16 bits The length in bytes of the signed nonce field. Nonce: 32 bits The value received from a previous HB_RESP that is to be signed. Public Key Exponent: 32 bits The public key exponent of the proxy's RSA public key. Public Key Modulus: varies The public key modulus of the proxy's RSA public key. Signed Nonce: varies The signature from the proxy's RSA private key of the specified nonce. 4.2.18 HB_RESP 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Function | Authenticated | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Nonce | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Sent by a proxy in response to an HB_REQ message. Function: 8 bits The message number for this message. Always 15. Authenticated: 8 bits Specifies the status of the HB_REQ this message is responding to. A value of HB_AUTH_OK means authentication succeeded or was not required. A value of HB_AUTH_CHALLENGE means expected authentication info was not specified. A value of HB_AUTH_FAILED means the given authentication info was invalid. Reserved: 16 bits Reserved for future use and should be set to 0. Nonce: 32 bits When Authenticated = HB_AUTH_CHALLENGE, the nonce value that is expected to be signed in an authenticated HB_REQ. 4.2.19 KEY_REQ 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Function | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Sent by a client to a response proxy to solicit a PROXY_KEY message. The client will send this message once every 5 seconds until it gets a valid response. Function: 8 bits The message number for this message. Always 16. Reserved: 24 bits Reserved for future use and should be set to 0. 4.2.20 PROXY_KEY 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Function | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Public Key Modulus Length | Signed Nonce Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Nonce | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Public Key Exponent | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Public Key Modulus | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Signed Nonce | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Sent by a response proxy to clients for the purpose suppying its RSA public key. When a client gets an ANNOUNCE directly from a server, it contains the server's RSA public key. The client can then use the proxy's key to encrypt the premaster secret in the REGSITER instead of the server's key. This message gets sent out on the first specified public multicast address so all downstream clients be read it. To avoid a denial of service attack, the proxy will not send this message more than once every 5 seconds. Function: 8 bits The message number for this message. Always 17. Reserved: 24 bits Reserved for future use and should be set to 0. Public Key Modulus Length: 16 bits The length in bytes of the proxy's RSA public key modulus. Signed Nonce Length: 16 bits The length in bytes of the signed nonce field. Nonce: 32 bits A randomly chosen value that will be signed by the proxy's RSA public key. Public Key Exponent: 32 bits The public key exponent of the proxy's RSA public key. Public Key Modulus: varies The public key modulus of the proxy's RSA public key. Signed Nonce: varies The signature from the proxy's RSA private key of the specified nonce. 4.3 Message Constants 4.3.1 Message type numbers ANNOUNCE 1 REGISTER 2 CLIENT_KEY 3 REG_CONF 4 FILEINFO 5 KEYINFO 6 INFO_ACK 7 FILESEG 8 DONE 9 STATUS 10 PRSTATUS 11 COMPLETE 12 DONE_CONF 13 HB_REQ 14 HB_RESP 15 KEY_REQ 16 PROXY_KEY 17 ENCRYPTED 80 ABORT 99 4.3.2 Key type numbers None 0 DES 1 Triple DES 2 AES 128 3 AES 256 4 4.3.3 Hash type numbers None 0 MD5 1 SHA-1 2 SHA-256 3 4.3.4 Signature type numbers None 0 HMAC 1 RSA 2 4.3.5 Heartbeat authentication codes HB_AUTH_FAILED 0 HB_AUTH_OK 1 HB_AUTH_CHALLENGE 2 4.3.6 File types Regular file 0 Directory 1 Symbolic Link 2 4.3.7 Completion status COMP_STAT_NORMAL 0 COMP_STAT_SKIPPED 1 COMP_STAT_OVERWRITE 2 COMP_STAT_REJECTED 3