Renamed lib/silccrypt/silccrypto.h to silccrypto.h.in

[crypto.git] / TODO

TODO for 1.2 And Beyond
=======================

NOTE: Any item that doesn't have (***DONE) in it, isn't done yet.  The
(***TESTING NEEDED) means that the item has been done but not yet properly
tested.

NOTE: A TODO entry does not mean that it is ever going to be done.  Some
of the entries may be just ideas, good, bad or ugly.  If you want to work
on some of the TODO entries simply let us know about it by dropping a note
to silc-devel mailing list or appear on 'silc' channel on SILCNet.


SKR Library, lib/silcskr/
=========================

 o Add fingerprint as search constraint.

 o Add OpenPGP support.  Adding, removing, fetching PGP keys.  (Keyring
   support?)

 o Add support for importing public keys from a directory and/or from a
   file.  Add support for exporting the repository (different formats for
   different key types?).

 o Change the entire silc_skr_find API.  Remove SilcSKRFind and just simply
   add the find constraints as variable argument list to silc_skr_find, eg:

  silc_skr_find(skr, schedule, callback, context,
                SILC_SKR_FIND_PUBLIC_KEY, public_key,
                SILC_SKR_FIND_COUNTRY, "FI",
                SILC_SKR_FIND_USAGE, SILC_SKR_USAGE_AUTH,
                SILC_SKR_FIND_END);

   NULL argument would be ignored and skipped.

 o Add OR logical rule in addition of the current default AND, eg:

  // Found key(s) MUST have this public key AND this country.
  silc_skr_find(skr, schedule, callback, context,
                SILC_SKR_FIND_RULE_AND,
                SILC_SKR_FIND_PUBLIC_KEY, public_key,
                SILC_SKR_FIND_COUNTRY, "FI",
                SILC_SKR_FIND_END);

  // Found key(s) MUST have this public key OR this key context
  silc_skr_find(skr, schedule, callback, context,
                SILC_SKR_FIND_RULE_OR,
                SILC_SKR_FIND_PUBLIC_KEY, public_key,
                SILC_SKR_FIND_CONTEXT, key_context,
                SILC_SKR_FIND_END);

 o SilcStack to SKR API.


Crypto Library, lib/silccrypt/
==============================

 o Add silc_crypto_init and silc_crypto_uninit.  The _init should take
   SilcStack that will act as global memory pool for all of crypto
   library.  It should not be necessary anymore to separately register
   default ciphers, HMACs, etc, the _init would do that.  However, if
   user after _init calls silc_pkcs_register, for example, it would take
   preference over the default once, ie. user can always dictate the
   order of algorithms. (***DONE)

 o Add fingerprint to SilcSILCPublicKey and retrieval to silcpk.h, and
   possibly to silcpkcs.h.

   /* Return fingerprint of the `public_key'.  Returns also the algorithm
      that has been used to make the fingerprint. */
   const unsigned char *
   silc_pkcs_get_fingerprint(SilcPublicKey public_key,
                             const char **hash_algorithm,
                             SilcUInt32 *fingerprint_len);

 o Change SILC PKCS API to asynchronous, so that accelerators can be used.
   All PKCS routines should now take callbacks as argument and they should
   be delivered to SilcPKCSObject and SilcPKCSAlgorithm too. (***DONE)

 o The asynchronous functions to perhaps to _async to preserve backwards
   compatibility with synchronous versions, and make easier to migrate
   from 1.1 to 1.2.

 o Change PKCS Algorithm API to take SilcPKCSAlgorithm as argument to
   encrypt, decrypt, sign and verify functions.  We may need to for exmaple
   check the alg->hash, supported hash functions.  Maybe deliver it also
   to all other functions in SilcPKCSAlgorithm to be consistent. (***DONE)

 o Add DSA support to SILC public key.

 o Add DSS support. (***DONE)

 o Implement the defined SilcDH API.  The definition is in
   lib/silccrypt/silcdh.h.  Make sure it is asynchronous so that it can
   be accelerated.  Also take into account that it could use elliptic
   curves.

 o Add ECDSA support.

 o Add ECDH support.

 o AES CBC is missing proper alignment code (see silc_1_1_branch).

 o All cipher, hash, hmac etc. allocation routines should take their name
   in as const char * not const unsigned char *. (***DONE)


SILC Accelerator Library
========================

 o SILC Accelerator API.  Provides generic way to use different kind of
   accelerators.  Basically implements SILC PKCS API so that SilcPublicKey
   and SilcPrivateKey can be used but they call the accelerators.
   (***DONE)

 o Implement software accelerator.  It is a thread pool system where the
   public key and private key operations are executed in threads.
   (***DONE)

 o Add init options to SilcAcceleratorObject as a SilcAcceleratorOption
   structure.  Each accelerator defines the options that they support and
   can be retrieved from the SilcAccelerator with silc_acc_get_options.
   The format must also be machine parseable.  The structure can be of the
   following format:

        typedef struct SilcAcceleratorOptionStruct {
          const char *option;                   /* Option name */
          const char *display_name;             /* Option displayable name */
          SilcParamType type;                   /* Option data format */
          void *default_value;                  /* Option's default value */
          SilcUInt32 default_value_len;         /* Default value length */
        } *SilcAcceleratorOption;

   For software accelerator it could be for example:

   { "min_threads", "Minimum threads", SILC_PARAM_UINT32, (void *)2, 4 },
   { "max_threads", "Maximum threads", SILC_PARAM_UINT32, (void *)4, 4 },

 o Diffie-Hellman acceleration

 (o Symmetric key cryptosystem acceleration?  They are always sycnhronouos
   even with hardware acceleration so the crypto API shouldn't require
   changes.) maybe


lib/silcmath
============

 o Import TFM.  We want TFM's speed but its memory requirements are
   just too much.  By default it uses large pre-allocated tables which
   will eat memory when there are thousands of public keys in system.
   We probably want to change TFM's fp_int dynamic so that a specific
   size can be allocated for the int.  We could have two new functions:

   SilcBool silc_mp_init_size(SilcMPInt *mp, SilcUInt32 bit_size);
   SilcBool silc_mp_sinit_size(SilcStack stack, SilcMPInt *mp,
                               SilcUInt32 bit_size);

   Which by default allocates `bit_size' bits instead of some default
   value.  silc_mp_init would allocate the default FP_SIZE with TFM
   and do normal init with TMA and GMP.  _init_size with TMA and GMP
   would be same as _init.

 o Add AND, OR and XOR support to TFM or ask Tom to do it.

 o The SILC MP API function must start returning indication of success
   and failure of the operation.

 o Do SilcStack support for silc_mp_init, silc_mp_init_size and other
   any other MP function (including utility ones) that may allocate
   memory.

 o Prime generation progress using callback instead of printing to
   stdout.

 o All utility functions should be made non-allocating ones.


lib/silcasn1
============

 o Negative integer encoding is missing, add it.

 o SILC_ASN1_CHOICE should perhaps return an index what choice in the
   choice list was found.  Currently it is left for caller to figure out
   which choice was found. (***DONE)

 o SILC_ASN1_NULL in decoding should return SilcBool whether or not
   the NULL was present.  It's important when it's SILC_ASN1_OPTIONAL
   and we need to know whether it was present or not. (***DONE)


lib/silcpgp
===========

 o OpenPGP certificate support, allowing the use of PGP public keys.


lib/silcssh
===========

 o SSH2 public key/private key support, allowing the use of SSH2 keys.
   RFC 4716.  (***DONE)


lib/silcpkix
============

 o PKIX implementation