o All payload encoding routines should take SilcStack as argument.
+ o Remove SilcCommandCb from silccommand.h.
+
o All payload test routines into lib/silccore/tests/.
lib/silcclient, The Client Library
==================================
+ o UDP SILC connection support to SILC server
+
o Giving WHOIS for nick that doesn't exist should remove any same
named entries from the client cache.
o Fix universal time decoding (doesn't accept all formats) in silctime.c.
- o Add functions to manipulate environment variables.
-
- SilcBool silc_setenv(const char *variable, const char *value);
- const char *silc_getenv(const char *variable);
- SilcBool silc_clearenv(const char *variable);
+ o Add functions to manipulate environment variables. (***DONE)
o Add functions to loading shared/dynamic object symbols (replaces the
SIM library (lib/silcsim) and introduces generic library). Add this
- to lib/silcutil/silcdll.[ch].
-
- SilcDll silc_dll_load(const char *object_path, SilcDllFlags flags);
- void silc_dll_close(SilcDll dll);
- void *silc_dll_getsym(SilcDll dll, const char *symbol);
- const char *silc_dll_error(SilcDll dll);
+ to lib/silcutil/silcdll.[ch]. (***TESTING NEEDED WIN32, TODO Symbian)
o Add directory opening/traversing functions
o silc_getopt routines
- o silc_hash_table_replace -> silc_hash_table_set. Retain support for
- silc_hash_table_replace as macro.
+ o Add silc_stream_get_root and add get_root stream operation. It
+ returns the root of the stream or NULL if stream doesn't have root.
+ Like SilcPacketStream might return SilcSocketStream.
+
+ o Change some stream routines (like socket stream API) to accept ANY
+ stream and use silc_stream_get_root to get the socket stream from the
+ given stream. This will make various stream APIs more easier to use
+ when user doesn't have to dig up the correct stream.
o The SILC Event signals. Asynchronous events that can be created,
connected to and signalled. Either own event routines or glued into
o Structured log messages to Log API. Allows machine readable log
messages. Would allow sending of any kind of data in a log message.
- o Base64 to an own API
+ o Base64 to an own API (***DONE)
- o Timer API
+ o Timer API (***DONE)
o Add builtin SOCKS and HTTP Proxy support, well the SOCKS at least.
SILC currently supports SOCKS4 and SOCKS5 but it needs to be compiled
o silc_stringprep to non-allocating version.
- o SilcStack aware SilcHashTable.
+ o silc_hash_table_replace -> silc_hash_table_set. Retain support for
+ silc_hash_table_replace as macro. (***DONE)
- o SilcStack aware SilcDList.
+ o SilcStack aware SilcHashTable. (***DONE)
- o Thread pool API. Add this to lib/silcutil/silcthread.[ch].
+ o SilcStack aware SilcDList. (***DONE)
- typedef void (*SilcThreadPoolFunc)(SilcSchedule schedule,
- void *context);
+ o Thread pool API. Add this to lib/silcutil/silcthread.[ch]. (***DONE)
- /* Allocate thread pool with at least `min_threads' and at most
- `max_threads' many threads. If `stack' is non-NULL all memory
- is allocated from the `stack'. If `start_min_threads' is TRUE
- this will start `min_threads' many threads immediately. */
- SilcThreadPool silc_thread_pool_alloc(SilcStack stack,
- SilcUInt32 min_threads,
- SilcUInt32 max_threads,
- SilcBool start_min_threads);
+ o Fast mutex implementation. Fast rwlock implementation. Mutex and
+ rwlock implementation using atomic operations.
- /* Free thread pool. If `wait_unfinished' is TRUE this will block
- and waits that all remaining active threads finish before freeing
- the pool. */
- void silc_thread_pool_free(SilcThreadPool tp, SilcBool wait_unfinished);
+ o Compression routines are missing. The protocol supports packet
+ compression thus it must be implemented. SILC Zip API must be
+ defined.
- /* Run `run' function with `run_context' in one of the threads in the
- thread pool. Returns FALSE if the thread pool is being freed. If
- there are no free threads left in the pool this will queue the
- the `run' and will call it once a thread becomes free.
+ o Add new functions to SilcStack API in lib/silcutil/silcstack.[ch]. Add
+ silc_stack_[set|get]_alignment. It defines the default alignment used
+ when allocating memory from stack. It can be used to specify special
+ alignments too when needed (such as for hardware devices like crypto
+ accelerators). Move also the low level silc_stack_malloc and
+ silc_stack_realloc from silcstack_i.h to silcstack.h. Remove the
+ _ua unaligned memory allocation routines. Remove unaligned memory
+ allocation possibility. (***DONE)
- If `completion' is non-NULL it will be called to indicate completion
- of the `run' function. If `schedule' is non-NULL the `completion'
- will be called through the scheduler in the main thread. If it is
- NULL the `completion' is called directly from the thread after the
- `run' has returned. */
- SilcBool silc_thread_pool_run(SilcThreadPool tp,
- SilcSchedule schedule,
- SilcThreadPoolFunc run,
- void *run_context,
- SilcThreadPoolFunc completion,
- void *completion_context);
+ o silc_malloc et. al. to respect --with-alignment.
- /* Modify the amount of maximum threads of the pool. */
- void silc_thread_pool_set_max_threads(SilcThreadPool tp,
- SilcUInt32 max_threads);
+ o Add '%@' format to silc_snprintf functions. It marks for external
+ rendering function of following type:
- /* Returns the amount of maximum size the pool can grow. */
- SilcUInt32 silc_thread_pool_num_max_threads(SilcThreadPool tp);
+ /* Snprintf rendering function. The `data' is rendered into a string
+ and allocated string is returned. If NULL is returned the
+ rendering is skipped and ignored. If the returned string does
+ not fit to the destination buffer it may be truncated. */
+ typedef char *(*SilcSnprintfRender)(void *data);
- /* Returns the amount of free threads in the pool currently. */
- SilcUInt32 silc_thread_pool_num_free_threads(SilcThreadPool tp);
+ It can work like following:
- /* Stops all free and started threads. The minumum amount of threads
- specified to silc_thread_pool_alloc always remains. */
- void silc_thread_pool_purge(SilcThreadPool tp);
+ char *id_renderer(void *data)
+ {
+ char tmp[32];
+ id_to_str(tmp, sizeof(tmp), (SilcID *)data);
+ return strdup(tmp);
+ }
- o Fast mutex implementation. Fast rwlock implementation. Mutex and
- rwlock implementation using atomic operations.
+ silc_snprintf(buf, sizeof(buf), "Client ID %@", id_renderer, client_id);
- o Compression routines are missing. The protocol supports packet
- compression thus it must be implemented. SILC Zip API must be
- defined.
+ o Change silc_gettimeofday on Unix to use clock_gettime with REALTIME
+ clock if it is available, otherwise use gettimeofday(). (***DONE)
(o Generic SilcStatus or SilcResult that includes all possible status and
error conditions, including those of SILC protocol. Though, the SILC
Crypto Library, lib/silccrypt/
==============================
- o SilcStack to APIs.
+ o Add silc_crypto_init and silc_crypto_uninit. The _init should take
+ SilcStack that will act as global memory pool for all of crypto
+ library. It should not be necessary anymore to separately register
+ default ciphers, HMACs, etc, the _init would do that. However, if
+ user after _init calls silc_pkcs_register, for example, it would take
+ preference over the default once, ie. user can always dictate the
+ order of algorithms. (***DONE)
o Add fingerprint to SilcSILCPublicKey and retrieval to silcpk.h, and
possibly to silcpkcs.h.
o Change SILC PKCS API to asynchronous, so that accelerators can be used.
All PKCS routines should now take callbacks as argument and they should
- be delivered to SilcPKCSObject and SilcPKCSAlgorithm too.
-
- /* Signature computation callback */
- typedef void (*SilcPKCSSignCb)(SilcBool success,
- const unsigned char *signature,
- SilcUInt32 signature_len,
- void *context);
-
- /* Signature verification callback */
- typedef void (*SilcPKCSVerifyCb)(SilcBool success, void *context);
-
- /* Encryption callback */
- typedef void (*SilcPKCSEncryptCb)(SilcBool success,
- const unsigned char *encrypted,
- SilcUInt32 encrypted_len,
- void *context);
-
- /* Decryption callback */
- typedef void (*SilcPKCSDecryptCb)(SilcBool success,
- const unsigned char *decrypted,
- SilcUInt32 decrypted_len,
- void *context);
-
- Either add new _async functions or add the callbacks to existing API
- and if the callback is NULL then the API is not async and if provided
- it may be async. For example;
-
- SilcBool silc_pkcs_sign(SilcPrivateKey private_key,
- unsigned char *src, SilcUInt32 src_len,
- unsigned char *dst, SilcUInt32 dst_size,
- SilcUInt32 *dst_len,
- SilcBool compute_hash, SilcHash hash,
- SilcPKCSSignCb async_sign,
- void *async_sign_context);
-
- (if this is done then there's no reason why the buffers in the
- callbacks cannot be the ones user gives here) or allow only async:
-
- SilcBool silc_pkcs_sign(SilcPrivateKey private_key,
- unsigned char *src, SilcUInt32 src_len,
- SilcBool compute_hash, SilcHash hash,
- SilcPKCSSignCb async_sign,
- void *async_sign_context);
-
- or add new:
-
- SilcBool silc_pkcs_sign_async(SilcPrivateKey private_key,
- unsigned char *src, SilcUInt32 src_len,
- SilcBool compute_hash, SilcHash hash,
- SilcPKCSSignCb async_sign,
- void *async_sign_context);
+ be delivered to SilcPKCSObject and SilcPKCSAlgorithm too. (***DONE)
o Change PKCS Algorithm API to take SilcPKCSAlgorithm as argument to
encrypt, decrypt, sign and verify functions. We may need to for exmaple
check the alg->hash, supported hash functions. Maybe deliver it also
- to all other functions in SilcPKCSAlgorithm to be consistent.
+ to all other functions in SilcPKCSAlgorithm to be consistent. (***DONE)
+
+ o Add DSA support to SILC public key.
- o Add DSS support. Take implementation from Tom or make it yourself.
+ o Add DSS support. (***DONE)
o Implement the defined SilcDH API. The definition is in
lib/silccrypt/silcdh.h. Make sure it is asynchronous so that it can
be accelerated. Also take into account that it could use elliptic
curves.
- o ECDSA and ECDH
+ o Add ECDSA support.
+
+ o Add ECDH support.
+
+ o AES CBC is missing proper alignment code (see silc_1_1_branch).
o All cipher, hash, hmac etc. allocation routines should take their name
- in as const char * not const unsigned char *.
+ in as const char * not const unsigned char *. (***DONE)
SILC Accelerator Library
o SILC Accelerator API. Provides generic way to use different kind of
accelerators. Basically implements SILC PKCS API so that SilcPublicKey
and SilcPrivateKey can be used but they call the accelerators.
-
- Something in the lines of (preliminary):
-
- /* Register accelerator to system. Initializes the accelerator. */
- Varargs are optional accelerator specific init parameteres. */
- SilcBool silc_acc_register(SilcAccelerator acc, ...);
-
- silc_acc_register(softacc, "min_threads", 2, "max_threads", 16, NULL);
-
- /* Unregister accelerator. Uninitializes the accelerator. */
- SilcBool silc_acc_unregister(const SilcAccelerator acc);
-
- /* Return list of the registered accelerators */
- SilcDList silc_acc_get_supported(void);
-
- /* Find existing accelerator. `name' is accelerator's name. */
- SilcAccelerator silc_acc_find(const char *name);
-
- /* Return accelerator's name */
- const char *silc_acc_get_name(SilcAccelerator acc);
-
- /* Accelerate `public_key'. Return accelerated public key. */
- SilcPublicKey silc_acc_public_key(SilcAccelerator acc,
- SilcPublicKey public_key);
-
- /* Accelerate `private_key'. Returns accelerated private key. */
- SilcPrivateKey silc_acc_private_key(SilcAccelerator acc,
- SilcPrivateKey private_key);
-
- /* Return the underlaying public key */
- SilcPublicKey silc_acc_get_public_key(SilcAccelerator acc,
- SilcPublicKey public_key);
-
- /* Return the underlaying private key */
- SilcPrivateKey silc_acc_get_private_key(SilcAccelerator acc,
- SilcPrivateKey private_key);
-
- typedef struct SilcAcceleratorObject {
- const char *name; /* Accelerator's name */
- SilcBool (*init)(va_list va); /* Initialize accelerator */
- SilcBool (*uninit)(void); /* Uninitialize accelerator */
- const SilcPKCSAlgorithm *pkcs; /* Accelerated PKCS algorithms */
- const SilcDHObject *dh; /* Accelerated Diffie-Hellmans */
- const SilcCipherObject *cipher; /* Accelerated ciphers */
- const SilcHashObject *hash; /* Accelerated hashes */
- const SilcHmacObject *hmac; /* Accelerated HMACs */
- const SilcRngObject *rng; /* Accelerated RNG's */
- } *SilcAccelerator, SilcAcceleratorStruct;
-
- Allows accelerator to have multiple accelerators (cipher, hash etc)
- and multiple different algorithms and implementations (SHA-1, SHA-256 etc).
-
- SilcPublicKey->SilcSILCPublicKey->RsaPublicKey accelerated as:
- SilcPublicKey->SilcAcceleratorPublicKey->SilcSoftAccPublicKey->
- SilcPublicKey->SilcSILCPublicKey->RsaPublicKey
-
- silc_acc_public_key creates SilcPublicKey and SilcAcceleratorPublicKey
- and acc->pkcs->import_public_key creates SilcSoftAccPublicKey.
+ (***DONE)
o Implement software accelerator. It is a thread pool system where the
- public key and private key operations are executed in threads.
-
- const struct SilcAcceleratorObject softacc =
- {
- "softacc", softacc_init, softacc_uninit,
- softacc_pkcs, NULL, NULL, NULL, NULL
- }
+ public key and private key operations are executed in threads.
+ (***DONE)
- /* Called from silc_acc_private_key */
- int silc_softacc_import_private_key(void *key, SilcUInt32 key_len,
- void **ret_private_key)
- {
- SilcSoftAccPrivateKey prv = silc_calloc(1, sizeof(*prv));
- prv->pkcs = acc->pkcs;
- prv->private_key = key;
- *ret_private_key = prv;
- }
+ o Diffie-Hellman acceleration
(o Symmetric key cryptosystem acceleration? They are always sycnhronouos
even with hardware acceleration so the crypto API shouldn't require
lib/silcmath
============
- o Import TFM. Talk to Tom to add the missing functions. Use TFM in
- client and client library, but TMA in server, due to the significantly
- increased memory consumption with TFM, and the rare need for public
- key operations in server.
+ o Import TFM. We want TFM's speed but its memory requirements are
+ just too much. By default it uses large pre-allocated tables which
+ will eat memory when there are thousands of public keys in system.
+ We probably want to change TFM's fp_int dynamic so that a specific
+ size can be allocated for the int. We could have two new functions:
- We want TFM's speed but not TFM's memory requirements. Talk to Tom
- about making the TFM mp dynamic just as it is in LTM.
+ SilcBool silc_mp_init_size(SilcMPInt *mp, SilcUInt32 bit_size);
+ SilcBool silc_mp_sinit_size(SilcStack stack, SilcMPInt *mp,
+ SilcUInt32 bit_size);
+
+ Which by default allocates `bit_size' bits instead of some default
+ value. silc_mp_init would allocate the default FP_SIZE with TFM
+ and do normal init with TMA and GMP. _init_size with TMA and GMP
+ would be same as _init.
+
+ o Add AND, OR and XOR support to TFM or ask Tom to do it.
o The SILC MP API function must start returning indication of success
and failure of the operation.
o SILC_ASN1_CHOICE should perhaps return an index what choice in the
choice list was found. Currently it is left for caller to figure out
- which choice was found.
+ which choice was found. (***DONE)
o SILC_ASN1_NULL in decoding should return SilcBool whether or not
the NULL was present. It's important when it's SILC_ASN1_OPTIONAL
- and we need to know whether it was present or not.
+ and we need to know whether it was present or not. (***DONE)
lib/silcpgp
===========
- o OpenPGP certificate support, allowing the use of PGP public keys
- in SILC.
+ o OpenPGP certificate support, allowing the use of PGP public keys.
lib/silcssh
===========
- o SSH2 public key/private key support, allowing the use of SSH2 keys
- in SILC. RFC 4716.
+ o SSH2 public key/private key support, allowing the use of SSH2 keys.
+ RFC 4716. (***DONE)
lib/silcpkix
o Library must have support for SERVICE command.
- o The server must be able to run behind NAT device. This means that
+ o Both UDP and TCP support for incoming connecetions. Maintaining long
+ term UDP sessions.
+
+ o The server must be able to run behind NAT device. This means that
Server ID must be based on public IP instead of private IP.
+ o The following data must be in per-connection context: client id cache,
+ server id cache, channel id cache, all statistics must be
+ per-connection.
+
+ o The following data must be in per-thread context: command context
+ freelist/pool, pending commands, random number generator.
+
+ o Do inccoming packet processing in an own FSM thread in the
+ server-threads FSM. Same as in client library.
+
o Reference count all Silc*Entry structures.
Some issues that must be kept in mind from 1.0 and 1.1 silcd's: