Project

General

Profile

TinyIDS Protocol

TinyIDS uses a simple protocol for the communication between the client (tinyids) and the server (tinyidsd).

This page described the TinyIDS Protocol revision 2.

Client - Server session

Communication between the TinyIDS server and client consists of only one data exchange. A client-server session is outlined below:

  1. The client connects to the server.
  2. The server accepts the connection without a welcome message.
  3. The client sends the command.
  4. The server verifies/rejects the command and sents a response back to the client.
  5. The client disconnects.

Overview of Supported Commands

  • TEST {protocol_revision}
  • CHECK {hash}
  • UPDATE {hash} {passphrase}
  • DELETE {passphrase}
  • CHANGEPHRASE {old_passphrase} {new_passphrase}

Overview of Response Codes

  • 20 OK
  • 30 MISMATCH
  • 31 NOT FOUND
  • 40 INVALID CLIENT
  • 41 INVALID COMMAND
  • 42 INVALID PASSPHRASE

Command TEST

Tests communication with the TinyIDS server.

Syntax:

TEST {protocol_revision}

Responses:

  • 20 OK
    • Server and client use compatible protocol revisions.
    • PKI, if used, is correctly set up.
    • Connectivity is OK.
  • 40 INVALID CLIENT
    • Server and client use incompatible protocol revisions.
    • PKI, if used, is not correctly set up.
    • Connectivity issues.

Command CHECK

Compares the calculated hash with the hash that has been stored at a remote TinyIDS server for the client's IP address.

Syntax:

CHECK {hash}

Responses:

  • 20 OK
    • Hash comparison is successful.
  • 30 MISMATCH
    • Hashes do not match. The system has been changed by a system update or by an intruder.
  • 31 NOT FOUND
    • No hash has been previously stored on the TinyIDS server for the client's IP address.

Command UPDATE

Updates or stores a hash at a remote TinyIDS server.

Syntax:

UPDATE {hash} {passphrase}

Responses:

  • 20 OK
    • Client authentication on the remote TinyIDS server was successful using the passphrase.
    • The hash has been stored/updated successfully at the remote TinyIDS server.
  • 42 INVALID PASSPHRASE
    • Client could not be authenticated on the remote TinyIDS server using the passphrase.
    • The remotely stored hash, if it exists, has not changed.

Command DELETE

Deletes the stored hash at a remote TinyIDS server.

Syntax:

DELETE {passphrase}

Responses:

  • 20 OK
    • Client authentication on the remote TinyIDS server was successful using the passphrase.
    • The hash has been deleted from the remote TinyIDS server.
  • 31 NOT FOUND
    • No hash has been previously stored on the TinyIDS server for the client's IP address.
  • 42 INVALID PASSPHRASE
    • Client could not be authenticated on the remote TinyIDS server using the passphrase.
    • The remotely stored hash, if it exists, has not been deleted.

Command CHANGEPHRASE

Change the passphrase on the remote server.

Syntax:

CHANGEPHRASE {old_passphrase} {new_passphrase}

Responses:

  • 20 OK
    • Client authentication on the remote TinyIDS server was successful using the old_passphrase.
    • The passphrase has been replaced by the new_passphrase on the remote TinyIDS server.
  • 31 NOT FOUND
    • There is no information stored on the TinyIDS server for the client's IP address. Therefore, a passphrase does not exist.
  • 42 INVALID PASSPHRASE
    • Client could not be authenticated on the remote TinyIDS server using the passphrase.
    • The remotely stored passphrase, if it exists, has not changed.