1 TODO for 1.2 And Beyond
2 =======================
4 NOTE: Any item that doesn't have (***DONE) in it, isn't done yet. The
5 (***TESTING NEEDED) means that the item has been done but not yet properly
8 NOTE: A TODO entry does not mean that it is ever going to be done. Some
9 of the entries may be just ideas, good, bad or ugly. If you want to work
10 on some of the TODO entries simply let us know about it by dropping a note
11 to silc-devel mailing list or appear on 'silc' channel on SILCNet.
14 Crypto Library, lib/silccrypt/
15 ==============================
17 o SilcHmac must be replaced with generic SilcMac so that we can add
18 others than just HMAC algorithms. Backwards support (via #define's)
21 o Change the DSA implementation to support FIPS186-3. This means that
22 the q length is determined by the key length. Also note that specific
23 hash functions must be used with different q lengths.
25 o AES CBC is missing proper alignment code (see silc_1_1_branch).
27 o The asynchronous functions to perhaps to _async to preserve backwards
28 compatibility with synchronous versions, and make easier to migrate
31 o Do GCC vs ICC benchmarks of all key algorithms.
33 o silc_pkcs_public_key_alloc should accept also SILC_PKCS_ANY as argument
34 and try all supported PKCS until one succeeds (ala load_public_key).
36 o Add fingerprint to SilcSILCPublicKey and retrieval to silcpk.h, and
37 possibly to silcpkcs.h.
39 /* Return fingerprint of the `public_key'. Returns also the algorithm
40 that has been used to make the fingerprint. */
42 silc_pkcs_get_fingerprint(SilcPublicKey public_key,
43 const char **hash_algorithm,
44 SilcUInt32 *fingerprint_len);
46 o Add DSA support to SILC public key.
48 o Global RNG must be changed to use SILC Global API.
50 o Add silc_crypto_init and silc_crypto_uninit. The _init should take
51 SilcStack that will act as global memory pool for all of crypto
52 library. It should not be necessary anymore to separately register
53 default ciphers, HMACs, etc, the _init would do that. However, if
54 user after _init calls silc_pkcs_register, for example, it would take
55 preference over the default once, ie. user can always dictate the
56 order of algorithms. (***DONE)
58 o Change SILC PKCS API to asynchronous, so that accelerators can be used.
59 All PKCS routines should now take callbacks as argument and they should
60 be delivered to SilcPKCSObject and SilcPKCSAlgorithm too. (***DONE)
62 o Change PKCS Algorithm API to take SilcPKCSAlgorithm as argument to
63 encrypt, decrypt, sign and verify functions. We may need to for exmaple
64 check the alg->hash, supported hash functions. Maybe deliver it also
65 to all other functions in SilcPKCSAlgorithm to be consistent. (***DONE)
67 o Add DSS support. (***DONE)
69 o Implement the defined SilcDH API. The definition is in
70 lib/silccrypt/silcdh.h. Make sure it is asynchronous so that it can
71 be accelerated. Also take into account that it could use elliptic
74 o All cipher, hash, hmac etc. allocation routines should take their name
75 in as const char * not const unsigned char *. (***DONE)
82 SKR Library, lib/silcskr/
83 =========================
85 o Add fingerprint as search constraint.
87 o Add SSH support. (***DONE, TESTING NEEDED)
89 o Add OpenPGP support. Adding, removing, fetching PGP keys. (Keyring
92 o Add support for importing public keys from a directory and/or from a
93 file. Add support for exporting the repository (different formats for
94 different key types?).
96 o Change the entire silc_skr_find API. Remove SilcSKRFind and just simply
97 add the find constraints as variable argument list to silc_skr_find, eg:
99 silc_skr_find(skr, schedule, callback, context,
100 SILC_SKR_FIND_PUBLIC_KEY, public_key,
101 SILC_SKR_FIND_COUNTRY, "FI",
102 SILC_SKR_FIND_USAGE, SILC_SKR_USAGE_AUTH,
105 NULL argument would be ignored and skipped.
107 o Add OR logical rule in addition of the current default AND, eg:
109 // Found key(s) MUST have this public key AND this country.
110 silc_skr_find(skr, schedule, callback, context,
111 SILC_SKR_FIND_RULE_AND,
112 SILC_SKR_FIND_PUBLIC_KEY, public_key,
113 SILC_SKR_FIND_COUNTRY, "FI",
116 // Found key(s) MUST have this public key OR this key context
117 silc_skr_find(skr, schedule, callback, context,
118 SILC_SKR_FIND_RULE_OR,
119 SILC_SKR_FIND_PUBLIC_KEY, public_key,
120 SILC_SKR_FIND_CONTEXT, key_context,
123 o SilcStack to SKR API.
126 SILC Accelerator Library
127 ========================
129 o Diffie-Hellman acceleration
131 o SILC Accelerator API. Provides generic way to use different kind of
132 accelerators. Basically implements SILC PKCS API so that SilcPublicKey
133 and SilcPrivateKey can be used but they call the accelerators.
136 o Implement software accelerator. It is a thread pool system where the
137 public key and private key operations are executed in threads.
140 o Add SilcCipher support to SilcAccelerator and software accelerator.
141 Accelerate at least ciphers using CTR mode which can be done in
142 parallel. Do it in producer/consumer fashion where threads generate
143 key stream and other thread(s) encrypt using the key stream. (***DONE)
149 o Import TFM. We want TFM's speed but its memory requirements are
150 just too much. By default it uses large pre-allocated tables which
151 will eat memory when there are thousands of public keys in system.
152 We probably want to change TFM's fp_int dynamic so that a specific
153 size can be allocated for the int. We could have two new functions:
155 SilcBool silc_mp_init_size(SilcMPInt *mp, SilcUInt32 bit_size);
156 SilcBool silc_mp_sinit_size(SilcStack stack, SilcMPInt *mp,
157 SilcUInt32 bit_size);
159 Which by default allocates `bit_size' bits instead of some default
160 value. silc_mp_init would allocate the default FP_SIZE with TFM
161 and do normal init with TMA and GMP. _init_size with TMA and GMP
162 would be same as _init.
164 o Add AND, OR and XOR support to TFM or ask Tom to do it.
166 o The SILC MP API function must start returning indication of success
167 and failure of the operation.
169 o Do SilcStack support for silc_mp_init, silc_mp_init_size and other
170 any other MP function (including utility ones) that may allocate
173 o Prime generation progress using callback instead of printing to
176 o All utility functions should be made non-allocating ones.
182 o Negative integer encoding is missing, add it.
184 o SILC_ASN1_CHOICE should perhaps return an index what choice in the
185 choice list was found. Currently it is left for caller to figure out
186 which choice was found. (***DONE)
188 o SILC_ASN1_NULL in decoding should return SilcBool whether or not
189 the NULL was present. It's important when it's SILC_ASN1_OPTIONAL
190 and we need to know whether it was present or not. (***DONE)
196 o OpenPGP certificate support, allowing the use of PGP public keys and
199 o Signatures for data, public keys and private keys (Signature packet).
201 o Signature verification from public keys, private keys and other signed
202 data (Signature packet).
204 o Encryption and decryption support (Packet tags 8 and 18 most likely).
206 o Retrieval of User ID from public key and private key (Used ID packet
207 and User Attribute packet).
209 o Creation of OpenPGP key pairs.
211 o Trust packet handling (GNU PG compatible) from public and private keys.
213 o Add option that the signature format doesn't use the OpenPGP format
214 but whatever is the default in SILC crypto library.
220 o Add option that the signature format doesn't use the SSH2 protocol
221 but whatever is the default in SILC crypto library;
222 silc_ssh_private_key_set_signature_type, or something.
224 o SSH2 public key/private key support, allowing the use of SSH2 keys.
231 o PKIX implementation