X-Git-Url: http://git.silcnet.org/gitweb/?a=blobdiff_plain;f=TODO;h=81a3dcb857ada66d4770c2b130e800c49d96add5;hb=HEAD;hp=25f39441d4899195b8aee07e0236262e96d7ba0f;hpb=c08107c80b816558a1c48ada27eaf23840793157;p=crypto.git diff --git a/TODO b/TODO index 25f39441..81a3dcb8 100644 --- a/TODO +++ b/TODO @@ -1,147 +1,246 @@ -TODO/bugs in Irssi SILC client +TODO for 1.2 And Beyond +======================= + +NOTE: Any item that doesn't have (***DONE) in it, isn't done yet. The +(***TESTING NEEDED) means that the item has been done but not yet properly +tested. + +NOTE: A TODO entry does not mean that it is ever going to be done. Some +of the entries may be just ideas, good, bad or ugly. If you want to work +on some of the TODO entries simply let us know about it by dropping a note +to silc-devel mailing list or appear on 'silc' channel on SILCNet. + + +Crypto Library, lib/silccrypt/ ============================== - o /cumode for unknown nick does not give any error message (Fix this to - 1.0). + o Add fingerprint to SilcSILCPublicKey and retrieval to silcpk.h, and + possibly to silcpkcs.h. + + /* Return fingerprint of the `public_key'. Returns also the algorithm + that has been used to make the fingerprint. */ + const unsigned char * + silc_pkcs_get_fingerprint(SilcPublicKey public_key, + const char **hash_algorithm, + SilcUInt32 *fingerprint_len); + + o Add CMAC and maybe others. Change needs rewrite of the internals of + the SILC Mac API, currently it's suitable only for HMACs. + + o Global RNG must be changed to use SILC Global API. + + o Global cipher, hash, mac, and pkcs tables must use SILC Global API. + + o Add FIPS compliant RNG. + + o Implement the defined SilcDH API. The definition is in + lib/silccrypt/silcdh.h. Make sure it is asynchronous so that it can + be accelerated. Also take into account that it could use elliptic + curves. + + o Add Elgamal. + + o Add ECDSA support. + + o Add ECDH support. + + o Add PKCS#1 RSAES-OAEP and RSASSA-PSS. + + o Add GCM mode. + + o Do GCC vs ICC benchmarks of all key algorithms. + + o Add DSA support to SILC public key. + + o The asynchronous functions to perhaps to _async to preserve backwards + compatibility with synchronous versions, and make easier to migrate + from 1.1 to 1.2. (***DONE) + + o AES CBC is missing proper alignment code. (***DONE) + + o silc_pkcs_public_key_alloc should accept also SILC_PKCS_ANY as argument + and try all supported PKCS until one succeeds. (***DONE) + + o Associate a default hash function with all PKCS algorithms. User can + override it in silc_pkcs_sign. DSA with FIPS186-3 determines the + hash algorithm by the key length. (***DONE) + + o Document all cipher names, hash names, mac names, pkcs names. (***DONE) + o SilcHmac must be replaced with generic SilcMac so that we can add + others than just HMAC algorithms. Backwards support (via #define's) + must be preserved. (***DONE) -TODO/bugs In SILC Client Library -================================ + o Change the DSA implementation to support FIPS186-3. This means that + the q length is determined by the key length. (***DONE) - o The PRIVATE_MESSAGE_KEY packet is not handled (it is implemented - though). This should be added and perhaps new client operation - should be added to notify application that it was received and - set the key only if application wishes to set (accept the key) it - (Do this to 1.0). + o Add silc_crypto_init and silc_crypto_uninit. The _init should take + SilcStack that will act as global memory pool for all of crypto + library. It should not be necessary anymore to separately register + default ciphers, HMACs, etc, the _init would do that. However, if + user after _init calls silc_pkcs_register, for example, it would take + preference over the default once, ie. user can always dictate the + order of algorithms. (***DONE) - o Remove conn->current_channel. + o Change SILC PKCS API to asynchronous, so that accelerators can be used. + All PKCS routines should now take callbacks as argument and they should + be delivered to SilcPKCSObject and SilcPKCSAlgorithm too. (***DONE) - o Additions to do after protocol version 1.1: + o Change PKCS Algorithm API to take SilcPKCSAlgorithm as argument to + encrypt, decrypt, sign and verify functions. We may need to for exmaple + check the alg->hash, supported hash functions. Maybe deliver it also + to all other functions in SilcPKCSAlgorithm to be consistent. (***DONE) - o Add support for list of errors in command replies. Protocol - TODO entry 1. + o Add DSS support. (***DONE) + o All cipher, hash, hmac etc. allocation routines should take their name + in as const char * not const unsigned char *. (***DONE) -TODO/bugs In SILC Server + +SKR Library, lib/silcskr/ +========================= + + o Add fingerprint as search constraint. + + o Add SSH support. (***DONE, TESTING NEEDED) + + o Add OpenPGP support. Adding, removing, fetching PGP keys. (Keyring + support?) + + o Add support for importing public keys from a directory and/or from a + file. Add support for exporting the repository (different formats for + different key types?). + + o Add find rule AND and OR. The default is always AND. Add + silc_skr_find_set_rule. + + o Add silc_skr_find_add_search_file that can be used to add a file to + search for the public keys. More than one can be set. Add support + for searching keys from file. + + o Add silc_skr_find_add_search_dir that can be used to add a directory to + search for the public keys. More than one can be set. Add support + for seraching keys from directory. + + o SilcStack to SKR API. + + +SILC Accelerator Library ======================== - o Configuration file additions (Do this to 0.8.x): + o Diffie-Hellman acceleration to SILC Accelerator API. + + o Diffie-Hellman software acceleration. + + o Hardware acceleration through OCF (OCF-Linux, + http://ocf-linux.sourceforge.net). + + o VIA Padlock support. See http://www.logix.cz/michal/devel/padlock/ and + Gladman's code. + + o Implement GCM software acceleration. + + o Add hash function acceleration to SILC Accelerator API. + + o SILC Accelerator API. Provides generic way to use different kind of + accelerators. Basically implements SILC PKCS API so that SilcPublicKey + and SilcPrivateKey can be used but they call the accelerators. + (***DONE) + + o Implement software accelerator. It is a thread pool system where the + public key and private key operations are executed in threads. + (***DONE) + + o Add SilcCipher support to SilcAccelerator and software accelerator. + Accelerate at least ciphers using CTR mode which can be done in + parallel. Do it in producer/consumer fashion where threads generate + key stream and other thread(s) encrypt using the key stream. (***DONE) + + +lib/silcmath +============ - o Add incoming connection frequency, incoming connection frequency - for single IP address, key exchange frequency, key exchange - frequency for single IP. Add also frequency base. + o Prime generation progress using callback instead of printing to + stdout. - o If server send CUMODE_CHANGE notify (like setting founder) to router - and router does not have founder on channel (founder is left or there's - no founder on channel at all), the router will accept the server's - founder mode change, even though it perhaps should not do that (Fix - this to 0.9). + o All utility functions should be made non-allocating ones. - o The router should check for validity of received notify packets from - routers (fix this to 0.9). Following NOTIFYs needs to be verified: + o Import TFM. We want TFM's speed but its memory requirements are + just too much. By default it uses large pre-allocated tables which + will eat memory when there are thousands of public keys in system. + We probably want to change TFM. (***DONE) - o JOIN (check that joining is allowed) - o SIGNOFF (maybe should check that notifier owns the client) + o Add AND, OR and XOR support to TFM. (***DONE) - o Backup router related issues (Fix this to 1.0): + o The SILC MP API function must start returning indication of success + and failure of the operation. (***DONE) - o Channel user mode changes are notified unnecessarely when - switching to backup router on router crash. + o Do SilcStack support for silc_mp_init and other MP function + (including utility ones) that may allocate memory. (***DONE) - o Add a timeout to handling incoming JOIN commands. It should be - enforced that JOIN command is executed only once in a second or two - seconds. Now it is possible to accept n incoming JOIN commands - and process them without any timeouts. THis must be employed because - each JOIN command will create and distribute the new channel key - to everybody on the channel (Fix this to 1.0). - o Lots of statistics updating is missing around the server. +lib/silcasn1 +============ - o If client's public key is saved in the server (and doing public key - authentication) then the hostname and the username information could - be taken from the public key. Should be a configuration option! + o Negative integer encoding is missing, add it. + o SILC_ASN1_CHOICE should perhaps return an index what choice in the + choice list was found. Currently it is left for caller to figure out + which choice was found. (***DONE) -TODO/bugs In SILC Libraries -=========================== + o SILC_ASN1_NULL in decoding should return SilcBool whether or not + the NULL was present. It's important when it's SILC_ASN1_OPTIONAL + and we need to know whether it was present or not. (***DONE) - o WIN32 silc_net_create_connection_async does not work the same way - than on Unix. Do it with threads on WIN32. The function works but - is not actually async currently (Fix this to 1.0). +lib/silcpgp +=========== -TODO in Toolkit Documentation -============================= + o OpenPGP certificate support, allowing the use of PGP public keys and + private keys. -Stuff that needs to be done in order to complete the Tooolkit Reference -Manual (Do these to 0.9 and 1.0). + o Signatures for data, public keys and private keys (Signature packet). - o ROBOdoc documenting missing from lib/silcutil/silcbuffer.h. + o Signature verification from public keys, private keys and other signed + data (Signature packet). - o ROBOdoc documenting missing from lib/silcutil/silcdlist.h. + o Encryption and decryption support (Packet tags 8 and 18 most likely). - o ROBOdoc documenting missing from lib/silcutil/silcfileutil.h. + o Retrieval of User ID from public key and private key (Used ID packet + and User Attribute packet). - o ROBOdoc documenting missing from lib/silccrypt/silchash.h. + o Creation of OpenPGP key pairs. - o ROBOdoc documenting missing from lib/silccrypt/silccipher.h. + o Trust packet handling (GNU PG compatible) from public and private keys. - o ROBOdoc documenting missing from lib/silccrypt/silcpkcs.h. + o Add option that the signature format doesn't use the OpenPGP format + but whatever is the default in SILC crypto library. - o Write "Programming with Toolkit" document, describing how to build - Toolkit, how the build system works, where is everything, how - new (external) projects can be glued into Toolkit (use irssi as an - example), and how external projects can use Toolkit without gluing into - it (how to link etc), debugging, architecture, types, etc. - o Write "Platform Implementations" document to describe what platforms - Toolkit support, what has been implemented, what has not been, what - works differently etc. +lib/silcssh +=========== + o Add option that the signature format doesn't use the SSH2 protocol + but whatever is the default in SILC crypto library; + silc_ssh_private_key_set_signature_type, or something. -TODO in SILC Protocol -===================== + o SSH2 public key/private key support, allowing the use of SSH2 keys. + RFC 4716. (***DONE) -Current protocol version is 1.0. However, it is far from being perfect, -and needs to include additional features. Following protocol TODO entries -describe new stuff to be added to protocol versions 1.x. - 2. Define that WHOIS and IDENTIFY commands must send list of errors - if multiple Client ID (or Channel ID and Server ID for IDENTIFY) was - requested and was not found. Each unfound entry must cause an error - command reply to the sender. Also define that errors must be sent - *after* sending successfully found entries (this way receiver may - ignore them). To be included in protocol version 1.1. +lib/silcpkix +============ - 4. Add "request parameters" or similar to the WHOIS command, which can - be used to request various parameters (something not returned by - standard WHOIS command) about clients (info that could be fetched - even from clients). Additional specification (or appendix) should - be done to define the payload and the parameters. It could be used - to make the WHOIS command support various search conditions as well. - This would be the way to extend the WHOIS command to support various - new features without always making the command incompatible to previous - version. To be included in protocol version 1.1. + o PKIX implementation - 17. Cell wide channel founder support, and permanent channels when - founder mode set. - 20. Services support? +lib/silccms +=========== - 21. Subscription/IRC's notify kind support? + o Cryptographic Message Syntax (RFC 3852), the former PKCS #7 - 22. Session detachment/resume? - o Inviting and banning by public key should be made possible. To be - included in protocol version 1.2. +lib/silcsmime +============= - o UTF-8 support/requirement for nicknames & channel names. UTF-8 support - in terminals and OS's are so hazy that this matter is left for - consideration in next version of the protocol (1.2). For good UTF-8 - reference and tutorial see: http://www.cl.cam.ac.uk/~mgk25/unicode.html. - What should CLI application do if it receives nickname that it cannot - display without messing up the terminal? If UTF-8 is mandatory in - SILC then SILC clients cannot be allowed to start on terminals that do - not support UTF-8 (which renders 98% of users unable to use CLI SILC - app without hacking their environment). See also site - http://gratrix.net/unicode/ + o S/MIME (RFC 3851)