- (o mmap) maybe
-
-
-lib/silcutil/symbian/
-=====================
-
- o Something needs to be thought to the logging globals as well,
- like silc_debug etc. They won't work on EPOC. Perhaps logging
- and debugging is to be disabled on EPOC. The logging currently works
- by it cannot be controlled, same with debugging.
-
-
-SFTP Library, lib/silcsftp/
-===========================
-
- o Read prefetch (read-ahead, reading ahead of time). Maybe if this can
- be done easily.
-
-
-SKR Library, lib/silcskr/
-=========================
-
- o Add fingerprint as search constraint.
-
- o Add OpenPGP support. Adding, removing, fetching PGP keys. (Keyring
- support?)
-
- o Add support for importing public keys from a directory and/or from a
- file. Add support for exporting the repository (different formats for
- different key types?).
-
- o Change the entire silc_skr_find API. Remove SilcSKRFind and just simply
- add the find constraints as variable argument list to silc_skr_find, eg:
-
- silc_skr_find(skr, schedule, callback, context,
- SILC_SKR_FIND_PUBLIC_KEY, public_key,
- SILC_SKR_FIND_COUNTRY, "FI",
- SILC_SKR_FIND_USAGE, SILC_SKR_USAGE_AUTH,
- SILC_SKR_FIND_END);
-
- NULL argument would be ignored and skipped.
-
- o Add OR logical rule in addition of the current default AND, eg:
-
- // Found key(s) MUST have this public key AND this country.
- silc_skr_find(skr, schedule, callback, context,
- SILC_SKR_FIND_RULE_AND,
- SILC_SKR_FIND_PUBLIC_KEY, public_key,
- SILC_SKR_FIND_COUNTRY, "FI",
- SILC_SKR_FIND_END);
-
- // Found key(s) MUST have this public key OR this key context
- silc_skr_find(skr, schedule, callback, context,
- SILC_SKR_FIND_RULE_OR,
- SILC_SKR_FIND_PUBLIC_KEY, public_key,
- SILC_SKR_FIND_CONTEXT, key_context,
- SILC_SKR_FIND_END);
-
-
-Crypto Library, lib/silccrypt/
-==============================
-
- o Add fingerprint to SilcSILCPublicKey and retrieval to silcpk.h, and
- possibly to silcpkcs.h.
-
- /* Return fingerprint of the `public_key'. Returns also the algorithm
- that has been used to make the fingerprint. */
- const unsigned char *
- silc_pkcs_get_fingerprint(SilcPublicKey public_key,
- const char **hash_algorithm,
- SilcUInt32 *fingerprint_len);
-
- o Change SILC PKCS API to asynchronous, so that accelerators can be used.
- All PKCS routines should now take callbacks as argument and they should
- be delivered to SilcPKCSObject and SilcPKCSAlgorithm too.
-
- /* Signature computation callback */
- typedef void (*SilcPKCSSignCb)(SilcBool success,
- const unsigned char *signature,
- SilcUInt32 signature_len,
- void *context);
-
- /* Signature verification callback */
- typedef void (*SilcPKCSVerifyCb)(SilcBool success, void *context);
-
- /* Encryption callback */
- typedef void (*SilcPKCSEncryptCb)(SilcBool success,
- const unsigned char *encrypted,
- SilcUInt32 encrypted_len,
- void *context);
-
- /* Decryption callback */
- typedef void (*SilcPKCSDecryptCb)(SilcBool success,
- const unsigned char *decrypted,
- SilcUInt32 decrypted_len,
- void *context);
-
- Either add new _async functions or add the callbacks to existing API
- and if the callback is NULL then the API is not async and if provided
- it may be async. For example;
-
- SilcBool silc_pkcs_sign(SilcPrivateKey private_key,
- unsigned char *src, SilcUInt32 src_len,
- unsigned char *dst, SilcUInt32 dst_size,
- SilcUInt32 *dst_len,
- SilcBool compute_hash, SilcHash hash,
- SilcPKCSSignCb async_sign,
- void *async_sign_context);
-
- (if this is done then there's no reason why the buffers in the
- callbacks cannot be the ones user gives here) or allow only async:
-
- SilcBool silc_pkcs_sign(SilcPrivateKey private_key,
- unsigned char *src, SilcUInt32 src_len,
- SilcBool compute_hash, SilcHash hash,
- SilcPKCSSignCb async_sign,
- void *async_sign_context);
-
- or add new:
-
- SilcBool silc_pkcs_sign_async(SilcPrivateKey private_key,
- unsigned char *src, SilcUInt32 src_len,
- SilcBool compute_hash, SilcHash hash,
- SilcPKCSSignCb async_sign,
- void *async_sign_context);
-
- o Change PKCS Algorithm API to take SilcPKCSAlgorithm as argument to
- encrypt, decrypt, sign and verify functions. We may need to for exmaple
- check the alg->hash, supported hash functions. Maybe deliver it also
- to all other functions in SilcPKCSAlgorithm to be consistent.
-
- o Add DSS support. Take implementation from Tom or make it yourself.
-
- o Implement the defined SilcDH API. The definition is in
- lib/silccrypt/silcdh.h. Make sure it is asynchronous so that it can
- be accelerated. Also take into account that it could use elliptic
- curves.
-
- o ECDSA and ECDH
-
- o All cipher, hash, hmac etc. allocation routines should take their name
- in as const char * not const unsigned char *.
-
-
-SILC Accelerator Library
-========================
-
- o SILC Accelerator API. Provides generic way to use different kind of
- accelerators. Basically implements SILC PKCS API so that SilcPublicKey
- and SilcPrivateKey can be used but they call the accelerators.
-
- Something in the lines of (preliminary):
-
- /* Register accelerator to system */
- SilcBool silc_acc_register(const SilcAccelerator acc);
-
- /* Unregister accelerator */
- SilcBool silc_acc_unregister(const SilcAccelerator acc);
-
- /* Find existing accelerator. `name' is accelerator's name. Varags
- are optional accelerator specific parameteres. */
- SilcAccelerator silc_acc_find(const char *name, ...);
-
- silc_acc_find("softacc", "min_threads", 2, "max_threads", 8, NULL);
-
- /* Return accelerator's displayable name */
- const char *silc_ac_get_display_name(SilcAccelerator acc);
-
- /* Accelerate `public_key'. Return accelerated public key. */
- SilcPublicKey silc_acc_public_key(SilcAccelerator acc,
- SilcPublicKey public_key);
-
- /* Accelerate `private_key'. Returns accelerated private key. */
- SilcPrivateKey silc_acc_private_key(SilcAccelerator acc,
- SilcPrivateKey private_key);
-
- /* Return the underlaying public key */
- SilcPublicKey silc_acc_get_public_key(SilcAccelerator acc,
- SilcPublicKey public_key);
-
- /* Return the underlaying private key */
- SilcPrivateKey silc_acc_get_private_key(SilcAccelerator acc,
- SilcPrivateKey private_key);
-
- typedef enum {
- SILC_ACCELERATOR_PKCS,
- SILC_ACCELERATOR_DH,
- SILC_ACCELERATOR_CIPHER,
- SILC_ACCELERATOR_HASH
- } SilcAcceleratorType;
-
- typedef struct SilcAcceleratorObject {
- const char *name; /* Accelerator's name */
- const char *display_name; /* Displayable name */
- union {
- struct {
- SilcPKCSObject *pkcs; /* Accelerator PKCS*/
- SilcPKCSAlgorithm *algorithm; /* Accelerator Alg, may be NULL */
- } pkcs;
-
- SilcDHObject *dh;
- SilcCipherObject *cipher;
- SilcHashObject *hash;
- } u;
-
- SilcAcceleratorType type; /* Accelerator type */
- } *SilcAccelerator, SilcAcceleratorStruct;
-
- SilcPublicKey->SilcSILCPublicKey->RsaPublicKey accelerated as:
- SilcPublicKey->SilcAcceleratorSoftware->SilcSILCPublicKey->RsaPublicKey or
- SilcPublicKey->SilcAcceleratorPublicKey->SilcAcceleratorSoftware->
- SilcSILCPublicKey->RsaPublicKey
-
- The former one if u.pkcs.algorithm == NULL.
-
- o Implement software accelerator. It is a thread pool system where the
- public key and private key operations are executed in threads.
-
- This implements SilcPKCSAlgorithm (and SilcPKCSObject if needed) that
- implements the thread acclerated system.
-
- (o Symmetric key cryptosystem acceleration? They are always sycnhronouos
- even with hardware acceleration so the crypto API shouldn't require
- changes.) maybe
-
-
-lib/silcmath
-============
-
- o Import TFM. Talk to Tom to add the missing functions. Use TFM in
- client and client library, but TMA in server, due to the significantly
- increased memory consumption with TFM, and the rare need for public
- key operations in server.
-
- We want TFM's speed but not TFM's memory requirements. Talk to Tom
- about making the TFM mp dynamic just as it is in LTM.
-
- o The SILC MP API function must start returning indication of success
- and failure of the operation.
-
- o Do SilcStack support for silc_mp_init, silc_mp_init_size and other
- any other MP function (including utility ones) that may allocate
- memory.
-
- o All utility functions should be made non-allocating ones.