- /* Signature computation callback */
- typedef void (*SilcPKCSSignCb)(SilcBool success,
- const unsigned char *signature,
- SilcUInt32 signature_len,
- void *context);
-
- /* Signature verification callback */
- typedef void (*SilcPKCSVerifyCb)(SilcBool success, void *context);
-
- /* Encryption callback */
- typedef void (*SilcPKCSEncryptCb)(SilcBool success,
- const unsigned char *encrypted,
- SilcUInt32 encrypted_len,
- void *context);
-
- /* Decryption callback */
- typedef void (*SilcPKCSDecryptCb)(SilcBool success,
- const unsigned char *decrypted,
- SilcUInt32 decrypted_len,
- void *context);
-
- Either add new _async functions or add the callbacks to existing API
- and if the callback is NULL then the API is not async and if provided
- it may be async. For example;
-
- SilcBool silc_pkcs_sign(SilcPrivateKey private_key,
- unsigned char *src, SilcUInt32 src_len,
- unsigned char *dst, SilcUInt32 dst_size,
- SilcUInt32 *dst_len,
- SilcBool compute_hash, SilcHash hash,
- SilcPKCSSignCb async_sign,
- void *async_sign_context);
-
- (if this is done then there's no reason why the buffers in the
- callbacks cannot be the ones user gives here) or allow only async:
-
- SilcBool silc_pkcs_sign(SilcPrivateKey private_key,
- unsigned char *src, SilcUInt32 src_len,
- SilcBool compute_hash, SilcHash hash,
- SilcPKCSSignCb async_sign,
- void *async_sign_context);
-
- or add new:
-
- SilcBool silc_pkcs_sign_async(SilcPrivateKey private_key,
- unsigned char *src, SilcUInt32 src_len,
- SilcBool compute_hash, SilcHash hash,
- SilcPKCSSignCb async_sign,
- void *async_sign_context);
-
- o Change PKCS Algorithm API to take SilcPKCSAlgorithm as argument to
- encrypt, decrypt, sign and verify functions. We may need to for exmaple
- check the alg->hash, supported hash functions. Maybe deliver it also
- to all other functions in SilcPKCSAlgorithm to be consistent.
-
- o Add DSS support. Take implementation from Tom or make it yourself.
-
- o Implement the defined SilcDH API. The definition is in
- lib/silccrypt/silcdh.h.
-
- o All cipher, hash, hmac etc. allocation routines should take their name
- in as const char * not const unsigned char *.
-
- o ECDSA and ECDH
-
-
-SILC Accelerator Library
-========================
-
- o SILC Accelerator API. Provides generic way to use different kind of
- accelerators. Basically implements SILC PKCS API so that SilcPublicKey
- and SilcPrivateKey can be used but they call the accelerators.
-
- Something in the lines of (preliminary):
-
- /* Register accelerator to system */
- SilcBool silc_acc_register(const SilcAccelerator acc);
-
- /* Unregister accelerator */
- SilcBool silc_acc_unregister(const SilcAccelerator acc);
-
- /* Find existing accelerator. `name' is accelerators name and
- `params' is optional accelerator specific parameters. */
- SilcAccelerator silc_acc_find(const char *name, const char *params);
-
- /* Return accelerator's displayable name */
- const char *silc_ac_get_display_name(SilcAccelerator acc);
-
- /* Accelerate `public_key'. Return accelerated public key. */
- SilcPublicKey silc_acc_public_key(SilcAccelerator acc,
- SilcPublicKey public_key);
-
- /* Accelerate `private_key'. Returns accelerated private key. */
- SilcPrivateKey silc_acc_private_key(SilcAccelerator acc,
- SilcPrivateKey private_key);
-
- /* Return the underlaying public key */
- SilcPublicKey silc_acc_get_public_key(SilcAccelerator acc,
- SilcPublicKey public_key);
-
- /* Return the underlaying private key */
- SilcPrivateKey silc_acc_get_private_key(SilcAccelerator acc,
- SilcPrivateKey private_key);
-
- typedef struct SilcAcceleratorObject {
- const char *name; /* Accelerator's name */
- const char *display_name; /* Displayable name */
- SilcAcceleratorType type; /* Accelerator type */
- union {
- struct {
- SilcPKCSObject *pkcs; /* PKCS, may be NULL */
- SilcPKCSAlgorithm *algorithm; /* Accelerator */
- } pkcs;
-
- struct {
-
- } cipher;
- } u;
- } *SilcAccelerator, SilcAcceleratorStruct;
-
- SilcPublicKey->SilcSILCPublicKey->RsaPublicKey accelerated as:
- SilcPublicKey->SilcSILCPublicKey->SilcAcceleratorSoftware->RsaPublicKey or
- SilcPublicKey->SilcSILCPublicKey->SilcAcceleratorPublicKey->
- SilcAcceleratorSoftware->RsaPublicKey
-
- The former one if u.pkcs.pkcs == NULL.
-
- o Implement software accelerator. It is a thread pool system where the
- public key and private key operations are executed in threads.
-
- This implements SilcPKCSAlgorithm (and SilcPKCSObject if needed) that
- implements the thread acclerated system.
-
- (o Symmetric key cryptosystem acceleration? They are always sycnhronouos
- even with hardware acceleration so the crypto API shouldn't require
- changes.) maybe
-
-
-lib/silcmath
-============
-
- o Import TFM. Talk to Tom to add the missing functions. Use TFM in
- client and client library, but TMA in server, due to the significantly
- increased memory consumption with TFM, and the rare need for public
- key operations in server.
-
- We want TFM's speed but not TFM's memory requirements. Talk to Tom
- about making the TFM mp dynamic just as it is in LTM.
-
- o The SILC MP API function must start returning indication of success
- and failure of the operation.
-
- o Do SilcStack support for silc_mp_init, silc_mp_init_size and other
- any other MP function (including utility ones) that may allocate
- memory.
-
- o All utility functions should be made non-allocating ones.
-
-
-SILC XML Library, lib/silcxml/
-==============================