- o Implement the defined SilcDH API. The definition is in
- lib/silccrypt/silcdh.h. Make sure it is asynchronous so that it can
- be accelerated. Also take into account that it could use elliptic
- curves.
-
- o ECDSA and ECDH
-
- o All cipher, hash, hmac etc. allocation routines should take their name
- in as const char * not const unsigned char *.
-
-
-SILC Accelerator Library
-========================
-
- o SILC Accelerator API. Provides generic way to use different kind of
- accelerators. Basically implements SILC PKCS API so that SilcPublicKey
- and SilcPrivateKey can be used but they call the accelerators.
-
- Something in the lines of (preliminary):
-
- /* Register accelerator to system. Initializes the accelerator. */
- Varargs are optional accelerator specific init parameteres. */
- SilcBool silc_acc_register(SilcAccelerator acc, ...);
-
- silc_acc_register(softacc, "min_threads", 2, "max_threads", 16, NULL);
-
- /* Unregister accelerator. Uninitializes the accelerator. */
- SilcBool silc_acc_unregister(const SilcAccelerator acc);
-
- /* Return list of the registered accelerators */
- SilcDList silc_acc_get_supported(void);
-
- /* Find existing accelerator. `name' is accelerator's name. */
- SilcAccelerator silc_acc_find(const char *name);
-
- /* Return accelerator's name */
- const char *silc_acc_get_name(SilcAccelerator acc);
-
- /* Accelerate `public_key'. Return accelerated public key. */
- SilcPublicKey silc_acc_public_key(SilcAccelerator acc,
- SilcPublicKey public_key);
-
- /* Accelerate `private_key'. Returns accelerated private key. */
- SilcPrivateKey silc_acc_private_key(SilcAccelerator acc,
- SilcPrivateKey private_key);
-
- /* Return the underlaying public key */
- SilcPublicKey silc_acc_get_public_key(SilcAccelerator acc,
- SilcPublicKey public_key);
-
- /* Return the underlaying private key */
- SilcPrivateKey silc_acc_get_private_key(SilcAccelerator acc,
- SilcPrivateKey private_key);
-
- typedef struct SilcAcceleratorObject {
- const char *name; /* Accelerator's name */
- SilcBool (*init)(va_list va); /* Initialize accelerator */
- SilcBool (*uninit)(void); /* Uninitialize accelerator */
- const SilcPKCSAlgorithm *pkcs; /* Accelerated PKCS algorithms */
- const SilcDHObject *dh; /* Accelerated Diffie-Hellmans */
- const SilcCipherObject *cipher; /* Accelerated ciphers */
- const SilcHashObject *hash; /* Accelerated hashes */
- const SilcHmacObject *hmac; /* Accelerated HMACs */
- const SilcRngObject *rng; /* Accelerated RNG's */
- } *SilcAccelerator, SilcAcceleratorStruct;
-
- Allows accelerator to have multiple accelerators (cipher, hash etc)
- and multiple different algorithms and implementations (SHA-1, SHA-256 etc).
-
- SilcPublicKey->SilcSILCPublicKey->RsaPublicKey accelerated as:
- SilcPublicKey->SilcAcceleratorPublicKey->SilcSoftAccPublicKey->
- SilcPublicKey->SilcSILCPublicKey->RsaPublicKey
-
- silc_acc_public_key creates SilcPublicKey and SilcAcceleratorPublicKey
- and acc->pkcs->import_public_key creates SilcSoftAccPublicKey.
-
- o Implement software accelerator. It is a thread pool system where the
- public key and private key operations are executed in threads.
-
- const struct SilcAcceleratorObject softacc =
- {
- "softacc", softacc_init, softacc_uninit,
- softacc_pkcs, NULL, NULL, NULL, NULL
- }
-
- /* Called from silc_acc_private_key */
- int silc_softacc_import_private_key(void *key, SilcUInt32 key_len,
- void **ret_private_key)
- {
- SilcSoftAccPrivateKey prv = silc_calloc(1, sizeof(*prv));
- prv->pkcs = acc->pkcs;
- prv->private_key = key;
- *ret_private_key = prv;
- }
-
- (o Symmetric key cryptosystem acceleration? They are always sycnhronouos
- even with hardware acceleration so the crypto API shouldn't require
- changes.) maybe
-
-
-lib/silcmath
-============
-
- o Import TFM. Talk to Tom to add the missing functions. Use TFM in
- client and client library, but TMA in server, due to the significantly
- increased memory consumption with TFM, and the rare need for public
- key operations in server.
-
- We want TFM's speed but not TFM's memory requirements. Talk to Tom
- about making the TFM mp dynamic just as it is in LTM.
-
- o The SILC MP API function must start returning indication of success
- and failure of the operation.
-
- o Do SilcStack support for silc_mp_init, silc_mp_init_size and other
- any other MP function (including utility ones) that may allocate
- memory.
-
- o All utility functions should be made non-allocating ones.
-
-
-SILC XML Library, lib/silcxml/
-==============================
-
- o SILC XML API (wrapper to expat). Look at the expat API and simplify
- it. The SILC XML API should have at most 8-10 API functions. It should
- be possible to create full XML parser with only one function. And, it
- should be possible to have a function that is able to parse an entire
- XML document. It should also have a parser function to be able to
- parse a stream of XML data (SilcStream). It MUST NOT have operations
- that require multiple function calls to be able to execute that one
- operation (like creating parser).
-
-
-lib/silcske/silcske.[ch]
-========================
-
- o Ratelimit to UDP/IP transport for incoming packets.
-
-
-lib/silcasn1
-============
-
- o Negative integer encoding is missing, add it.
-
- o SILC_ASN1_CHOICE should perhaps return an index what choice in the
- choice list was found. Currently it is left for caller to figure out
- which choice was found.
-
- o SILC_ASN1_NULL in decoding should return SilcBool whether or not
- the NULL was present. It's important when it's SILC_ASN1_OPTIONAL
- and we need to know whether it was present or not.
-
-
-lib/silcpgp
-===========
-
- o OpenPGP certificate support, allowing the use of PGP public keys
- in SILC.
-
-
-lib/silcssh
-===========
-
- o SSH2 public key/private key support, allowing the use of SSH2 keys
- in SILC. RFC 4716.
-
-
-lib/silcpkix
-============
-
- o PKIX implementation
-
-
-apps/silcd
-==========
-
- o Deprecate the old server. Write interface for the new lib/silcserver
- server library. The interface should work on Unix/Linux systems.
-
- o Consider deprecating also the old config file format and use XML
- istead. This should require SILC XML API implementation first.
-
- o The configuration must support dynamic router and server connections.
- The silcd must work without specifying any servers or routers to
- connect to.
-
- o The configuration must support specifying whether the server is
- SILC Server or SILC Router. This should not be deduced from the
- configuration as it was in < 1.2.
-
- o The configuration must support specifying the ciphers and hmacs and
- their order so that user can specify which algorithms take preference.
-
-
-lib/silcserver
-==============
-
- o Rewrite the entire server. Deprecate apps/silcd as the main server
- implementation and create lib/silcserver/. It is a platform
- independent server library. The apps/silcd will merely provide a
- a simple interface for the library.
-
- o Write the SILC Server library extensively using SILC FSM.
-
- o Server library must support multiple networks. This means that one
- server must be able to create multiple connections that each reach
- different SILC network. This means also that all cache's etc. must
- be either connection-specific or network-specific.
-
- o Library must support dynamic router and server connections. This means
- that connections are create only when they are needed, like when someone
- says JOIN foo@foo.bar.com or WHOIS foobar@silcnet.org.
-
- o Library must support server-to-server connections even though protocol
- prohibits that. The responder of the connection should automatically
- act as a router. The two servers create an own, isolated, SILC network.
- To be used specifically with dynamic connections.
-
- o Library must support multiple threads and must be entirely thread safe.
-
- o Library must have support for SERVICE command.
-
- o The server must be able to run behind NAT device. This means that
- Server ID must be based on public IP instead of private IP.