1 TODO for 1.2 And Beyond
2 =======================
4 NOTE: Any item that doesn't have (***DONE) in it, isn't done yet. The
5 (***TESTING NEEDED) means that the item has been done but not yet properly
8 NOTE: A TODO entry does not mean that it is ever going to be done. Some
9 of the entries may be just ideas, good, bad or ugly. If you want to work
10 on some of the TODO entries simply let us know about it by dropping a note
11 to silc-devel mailing list or appear on 'silc' channel on SILCNet.
14 Crypto Library, lib/silccrypt/
15 ==============================
17 o Add fingerprint to SilcSILCPublicKey and retrieval to silcpk.h, and
18 possibly to silcpkcs.h.
20 /* Return fingerprint of the `public_key'. Returns also the algorithm
21 that has been used to make the fingerprint. */
23 silc_pkcs_get_fingerprint(SilcPublicKey public_key,
24 const char **hash_algorithm,
25 SilcUInt32 *fingerprint_len);
27 o Add CMAC and maybe others. Change needs rewrite of the internals of
28 the SILC Mac API, currently it's suitable only for HMACs.
30 o Global RNG must be changed to use SILC Global API.
32 o Add FIPS compliant RNG.
34 o Implement the defined SilcDH API. The definition is in
35 lib/silccrypt/silcdh.h. Make sure it is asynchronous so that it can
36 be accelerated. Also take into account that it could use elliptic
43 o Add PKCS#1 RSAES-OAEP and RSASSA-PSS.
45 o Do GCC vs ICC benchmarks of all key algorithms.
47 o Add DSA support to SILC public key.
49 o The asynchronous functions to perhaps to _async to preserve backwards
50 compatibility with synchronous versions, and make easier to migrate
51 from 1.1 to 1.2. (***DONE)
53 o AES CBC is missing proper alignment code. (***DONE)
55 o silc_pkcs_public_key_alloc should accept also SILC_PKCS_ANY as argument
56 and try all supported PKCS until one succeeds. (***DONE)
58 o Associate a default hash function with all PKCS algorithms. User can
59 override it in silc_pkcs_sign. DSA with FIPS186-3 determines the
60 hash algorithm by the key length. (***DONE)
62 o Document all cipher names, hash names, mac names, pkcs names. (***DONE)
64 o SilcHmac must be replaced with generic SilcMac so that we can add
65 others than just HMAC algorithms. Backwards support (via #define's)
66 must be preserved. (***DONE)
68 o Change the DSA implementation to support FIPS186-3. This means that
69 the q length is determined by the key length. (***DONE)
71 o Add silc_crypto_init and silc_crypto_uninit. The _init should take
72 SilcStack that will act as global memory pool for all of crypto
73 library. It should not be necessary anymore to separately register
74 default ciphers, HMACs, etc, the _init would do that. However, if
75 user after _init calls silc_pkcs_register, for example, it would take
76 preference over the default once, ie. user can always dictate the
77 order of algorithms. (***DONE)
79 o Change SILC PKCS API to asynchronous, so that accelerators can be used.
80 All PKCS routines should now take callbacks as argument and they should
81 be delivered to SilcPKCSObject and SilcPKCSAlgorithm too. (***DONE)
83 o Change PKCS Algorithm API to take SilcPKCSAlgorithm as argument to
84 encrypt, decrypt, sign and verify functions. We may need to for exmaple
85 check the alg->hash, supported hash functions. Maybe deliver it also
86 to all other functions in SilcPKCSAlgorithm to be consistent. (***DONE)
88 o Add DSS support. (***DONE)
90 o All cipher, hash, hmac etc. allocation routines should take their name
91 in as const char * not const unsigned char *. (***DONE)
94 SKR Library, lib/silcskr/
95 =========================
97 o Add fingerprint as search constraint.
99 o Add SSH support. (***DONE, TESTING NEEDED)
101 o Add OpenPGP support. Adding, removing, fetching PGP keys. (Keyring
104 o Add support for importing public keys from a directory and/or from a
105 file. Add support for exporting the repository (different formats for
106 different key types?).
108 o Change the entire silc_skr_find API. Remove SilcSKRFind and just simply
109 add the find constraints as variable argument list to silc_skr_find, eg:
111 silc_skr_find(skr, schedule, callback, context,
112 SILC_SKR_FIND_PUBLIC_KEY, public_key,
113 SILC_SKR_FIND_COUNTRY, "FI",
114 SILC_SKR_FIND_USAGE, SILC_SKR_USAGE_AUTH,
117 NULL argument would be ignored and skipped.
119 o Add OR logical rule in addition of the current default AND, eg:
121 // Found key(s) MUST have this public key AND this country.
122 silc_skr_find(skr, schedule, callback, context,
123 SILC_SKR_FIND_RULE_AND,
124 SILC_SKR_FIND_PUBLIC_KEY, public_key,
125 SILC_SKR_FIND_COUNTRY, "FI",
128 // Found key(s) MUST have this public key OR this key context
129 silc_skr_find(skr, schedule, callback, context,
130 SILC_SKR_FIND_RULE_OR,
131 SILC_SKR_FIND_PUBLIC_KEY, public_key,
132 SILC_SKR_FIND_CONTEXT, key_context,
135 o SilcStack to SKR API.
138 SILC Accelerator Library
139 ========================
141 o Diffie-Hellman software acceleration.
143 o Hardware acceleration through OCF (OCF-Linux,
144 http://ocf-linux.sourceforge.net).
146 o VIA Padlock support. See http://www.logix.cz/michal/devel/padlock/ and
149 o SILC Accelerator API. Provides generic way to use different kind of
150 accelerators. Basically implements SILC PKCS API so that SilcPublicKey
151 and SilcPrivateKey can be used but they call the accelerators.
154 o Implement software accelerator. It is a thread pool system where the
155 public key and private key operations are executed in threads.
158 o Add SilcCipher support to SilcAccelerator and software accelerator.
159 Accelerate at least ciphers using CTR mode which can be done in
160 parallel. Do it in producer/consumer fashion where threads generate
161 key stream and other thread(s) encrypt using the key stream. (***DONE)
167 o Prime generation progress using callback instead of printing to
170 o All utility functions should be made non-allocating ones.
172 o Import TFM. We want TFM's speed but its memory requirements are
173 just too much. By default it uses large pre-allocated tables which
174 will eat memory when there are thousands of public keys in system.
175 We probably want to change TFM. (***DONE)
177 o Add AND, OR and XOR support to TFM. (***DONE)
179 o The SILC MP API function must start returning indication of success
180 and failure of the operation. (***DONE)
182 o Do SilcStack support for silc_mp_init and other MP function
183 (including utility ones) that may allocate memory. (***DONE)
189 o Negative integer encoding is missing, add it.
191 o SILC_ASN1_CHOICE should perhaps return an index what choice in the
192 choice list was found. Currently it is left for caller to figure out
193 which choice was found. (***DONE)
195 o SILC_ASN1_NULL in decoding should return SilcBool whether or not
196 the NULL was present. It's important when it's SILC_ASN1_OPTIONAL
197 and we need to know whether it was present or not. (***DONE)
203 o OpenPGP certificate support, allowing the use of PGP public keys and
206 o Signatures for data, public keys and private keys (Signature packet).
208 o Signature verification from public keys, private keys and other signed
209 data (Signature packet).
211 o Encryption and decryption support (Packet tags 8 and 18 most likely).
213 o Retrieval of User ID from public key and private key (Used ID packet
214 and User Attribute packet).
216 o Creation of OpenPGP key pairs.
218 o Trust packet handling (GNU PG compatible) from public and private keys.
220 o Add option that the signature format doesn't use the OpenPGP format
221 but whatever is the default in SILC crypto library.
227 o Add option that the signature format doesn't use the SSH2 protocol
228 but whatever is the default in SILC crypto library;
229 silc_ssh_private_key_set_signature_type, or something.
231 o SSH2 public key/private key support, allowing the use of SSH2 keys.
238 o PKIX implementation
244 o Cryptographic Message Syntax (RFC 3852), the former PKCS #7