1 TODO for 1.2 And Beyond
2 =======================
4 NOTE: Any item that doesn't have (***DONE) in it, isn't done yet. The
5 (***TESTING NEEDED) means that the item has been done but not yet properly
8 NOTE: A TODO entry does not mean that it is ever going to be done. Some
9 of the entries may be just ideas, good, bad or ugly. If you want to work
10 on some of the TODO entries simply let us know about it by dropping a note
11 to silc-devel mailing list or appear on 'silc' channel on SILCNet.
14 SKR Library, lib/silcskr/
15 =========================
17 o Add fingerprint as search constraint.
19 o Add OpenPGP support. Adding, removing, fetching PGP keys. (Keyring
22 o Add support for importing public keys from a directory and/or from a
23 file. Add support for exporting the repository (different formats for
24 different key types?).
26 o Change the entire silc_skr_find API. Remove SilcSKRFind and just simply
27 add the find constraints as variable argument list to silc_skr_find, eg:
29 silc_skr_find(skr, schedule, callback, context,
30 SILC_SKR_FIND_PUBLIC_KEY, public_key,
31 SILC_SKR_FIND_COUNTRY, "FI",
32 SILC_SKR_FIND_USAGE, SILC_SKR_USAGE_AUTH,
35 NULL argument would be ignored and skipped.
37 o Add OR logical rule in addition of the current default AND, eg:
39 // Found key(s) MUST have this public key AND this country.
40 silc_skr_find(skr, schedule, callback, context,
41 SILC_SKR_FIND_RULE_AND,
42 SILC_SKR_FIND_PUBLIC_KEY, public_key,
43 SILC_SKR_FIND_COUNTRY, "FI",
46 // Found key(s) MUST have this public key OR this key context
47 silc_skr_find(skr, schedule, callback, context,
48 SILC_SKR_FIND_RULE_OR,
49 SILC_SKR_FIND_PUBLIC_KEY, public_key,
50 SILC_SKR_FIND_CONTEXT, key_context,
53 o SilcStack to SKR API.
56 Crypto Library, lib/silccrypt/
57 ==============================
59 o Add silc_crypto_init and silc_crypto_uninit. The _init should take
60 SilcStack that will act as global memory pool for all of crypto
61 library. It should not be necessary anymore to separately register
62 default ciphers, HMACs, etc, the _init would do that. However, if
63 user after _init calls silc_pkcs_register, for example, it would take
64 preference over the default once, ie. user can always dictate the
65 order of algorithms. (***DONE)
67 o Add fingerprint to SilcSILCPublicKey and retrieval to silcpk.h, and
68 possibly to silcpkcs.h.
70 /* Return fingerprint of the `public_key'. Returns also the algorithm
71 that has been used to make the fingerprint. */
73 silc_pkcs_get_fingerprint(SilcPublicKey public_key,
74 const char **hash_algorithm,
75 SilcUInt32 *fingerprint_len);
77 o Change SILC PKCS API to asynchronous, so that accelerators can be used.
78 All PKCS routines should now take callbacks as argument and they should
79 be delivered to SilcPKCSObject and SilcPKCSAlgorithm too. (***DONE)
81 o The asynchronous functions to perhaps to _async to preserve backwards
82 compatibility with synchronous versions, and make easier to migrate
85 o Change PKCS Algorithm API to take SilcPKCSAlgorithm as argument to
86 encrypt, decrypt, sign and verify functions. We may need to for exmaple
87 check the alg->hash, supported hash functions. Maybe deliver it also
88 to all other functions in SilcPKCSAlgorithm to be consistent. (***DONE)
90 o Add DSA support to SILC public key.
92 o Add DSS support. (***DONE)
94 o Implement the defined SilcDH API. The definition is in
95 lib/silccrypt/silcdh.h. Make sure it is asynchronous so that it can
96 be accelerated. Also take into account that it could use elliptic
103 o AES CBC is missing proper alignment code (see silc_1_1_branch).
105 o All cipher, hash, hmac etc. allocation routines should take their name
106 in as const char * not const unsigned char *. (***DONE)
109 SILC Accelerator Library
110 ========================
112 o SILC Accelerator API. Provides generic way to use different kind of
113 accelerators. Basically implements SILC PKCS API so that SilcPublicKey
114 and SilcPrivateKey can be used but they call the accelerators.
117 o Implement software accelerator. It is a thread pool system where the
118 public key and private key operations are executed in threads.
121 o Add init options to SilcAcceleratorObject as a SilcAcceleratorOption
122 structure. Each accelerator defines the options that they support and
123 can be retrieved from the SilcAccelerator with silc_acc_get_options.
124 The format must also be machine parseable. The structure can be of the
127 typedef struct SilcAcceleratorOptionStruct {
128 const char *option; /* Option name */
129 const char *display_name; /* Option displayable name */
130 SilcParamType type; /* Option data format */
131 void *default_value; /* Option's default value */
132 SilcUInt32 default_value_len; /* Default value length */
133 } *SilcAcceleratorOption;
135 For software accelerator it could be for example:
137 { "min_threads", "Minimum threads", SILC_PARAM_UINT32, (void *)2, 4 },
138 { "max_threads", "Maximum threads", SILC_PARAM_UINT32, (void *)4, 4 },
140 o Diffie-Hellman acceleration
142 (o Symmetric key cryptosystem acceleration? They are always sycnhronouos
143 even with hardware acceleration so the crypto API shouldn't require
150 o Import TFM. We want TFM's speed but its memory requirements are
151 just too much. By default it uses large pre-allocated tables which
152 will eat memory when there are thousands of public keys in system.
153 We probably want to change TFM's fp_int dynamic so that a specific
154 size can be allocated for the int. We could have two new functions:
156 SilcBool silc_mp_init_size(SilcMPInt *mp, SilcUInt32 bit_size);
157 SilcBool silc_mp_sinit_size(SilcStack stack, SilcMPInt *mp,
158 SilcUInt32 bit_size);
160 Which by default allocates `bit_size' bits instead of some default
161 value. silc_mp_init would allocate the default FP_SIZE with TFM
162 and do normal init with TMA and GMP. _init_size with TMA and GMP
163 would be same as _init.
165 o Add AND, OR and XOR support to TFM or ask Tom to do it.
167 o The SILC MP API function must start returning indication of success
168 and failure of the operation.
170 o Do SilcStack support for silc_mp_init, silc_mp_init_size and other
171 any other MP function (including utility ones) that may allocate
174 o Prime generation progress using callback instead of printing to
177 o All utility functions should be made non-allocating ones.
183 o Negative integer encoding is missing, add it.
185 o SILC_ASN1_CHOICE should perhaps return an index what choice in the
186 choice list was found. Currently it is left for caller to figure out
187 which choice was found. (***DONE)
189 o SILC_ASN1_NULL in decoding should return SilcBool whether or not
190 the NULL was present. It's important when it's SILC_ASN1_OPTIONAL
191 and we need to know whether it was present or not. (***DONE)
197 o OpenPGP certificate support, allowing the use of PGP public keys.
203 o SSH2 public key/private key support, allowing the use of SSH2 keys.
210 o PKIX implementation