o All payload encoding routines should take SilcStack as argument.
+ o Remove SilcCommandCb from silccommand.h.
+
o All payload test routines into lib/silccore/tests/.
lib/silcclient, The Client Library
==================================
+ o UDP SILC connection support to SILC server
+
o Giving WHOIS for nick that doesn't exist should remove any same
named entries from the client cache.
never joined the channel if this happens. What to do if message is
received from user that hasn't been resolved/joined?
+ o Add the SilcStream (socket stream) from the SilcPacketStream and
+ SilcSocket from the socket stream to SilcClientConnection for easier
+ access to them for programmers. Currently these have to be digged up
+ from the packet stream.
+
+ o Connection option that attemps to connect to remot host with various
+ different mechanisms: UDP 706, TCP 706, TCP 80, TCP 443, UDP 7706 and
+ TCP 7706. This is the so called hole punching mechanism.
+
o Message ACKing support.
o in /cmode and /cumode with +r, maybe the public key and private key
o Fix universal time decoding (doesn't accept all formats) in silctime.c.
- o Add functions to manipulate environment variables.
-
- SilcBool silc_setenv(const char *variable, const char *value);
- const char *silc_getenv(const char *variable);
- SilcBool silc_clearenv(const char *variable);
+ o Add functions to manipulate environment variables. (***DONE)
o Add functions to loading shared/dynamic object symbols (replaces the
SIM library (lib/silcsim) and introduces generic library). Add this
- to lib/silcutil/silcdll.[ch].
-
- SilcDll silc_dll_load(const char *object_path, SilcDllFlags flags);
- void silc_dll_close(SilcDll dll);
- void *silc_dll_getsym(SilcDll dll, const char *symbol);
- const char *silc_dll_error(SilcDll dll);
+ to lib/silcutil/silcdll.[ch]. (***TESTING NEEDED WIN32, TODO Symbian)
o Add directory opening/traversing functions
o silc_getopt routines
- o silc_hash_table_replace -> silc_hash_table_set. Retain support for
- silc_hash_table_replace as macro.
+ o Add silc_stream_get_root and add get_root stream operation. It
+ returns the root of the stream or NULL if stream doesn't have root.
+
+ o Change some stream routines (like socket stream API) to accept ANY
+ stream and use silc_stream_get_root to get the socket stream from the
+ given stream. This will make various stream APIs more easier to use
+ when user doesn't have to dig up the correct stream.
o The SILC Event signals. Asynchronous events that can be created,
connected to and signalled. Either own event routines or glued into
o Structured log messages to Log API. Allows machine readable log
messages. Would allow sending of any kind of data in a log message.
- o Base64 to an own API
+ o Base64 to an own API (***DONE)
- o Timer API
+ o Timer API (***DONE)
o Add builtin SOCKS and HTTP Proxy support, well the SOCKS at least.
SILC currently supports SOCKS4 and SOCKS5 but it needs to be compiled
o silc_stringprep to non-allocating version.
- o SilcStack aware SilcHashTable.
+ o silc_hash_table_replace -> silc_hash_table_set. Retain support for
+ silc_hash_table_replace as macro. (***DONE)
+
+ o SilcStack aware SilcHashTable. (***DONE)
- o SilcStack aware SilcDList.
+ o SilcStack aware SilcDList. (***DONE)
- o Thread pool API. Add this to lib/silcutil/silcthread.[ch].
+ o Thread pool API. Add this to lib/silcutil/silcthread.[ch]. (***DONE)
- typedef void (*SilcThreadPoolFunc)(SilcSchedule schedule,
- void *context);
+ o Fast mutex implementation. Fast rwlock implementation. Mutex and
+ rwlock implementation using atomic operations.
+
+ o Compression routines are missing. The protocol supports packet
+ compression thus it must be implemented. SILC Zip API must be
+ defined.
- /* Allocate thread pool with at least `min_threads' and at most
- `max_threads' many threads. If `stack' is non-NULL all memory
- is allocated from the `stack'. If `start_min_threads' is TRUE
- this will start `min_threads' many threads immediately. */
- SilcThreadPool silc_thread_pool_alloc(SilcStack stack,
- SilcUInt32 min_threads,
- SilcUInt32 max_threads,
- SilcBool start_min_threads);
+ o Add new functions to SilcStack API in lib/silcutil/silcstack.[ch]. Add
+ silc_stack_[set|get]_alignment. It defines the default alignment used
+ when allocating memory from stack. It can be used to specify special
+ alignments too when needed (such as for hardware devices like crypto
+ accelerators). Move also the low level silc_stack_malloc and
+ silc_stack_realloc from silcstack_i.h to silcstack.h. Remove the
+ _ua unaligned memory allocation routines. Remove unaligned memory
+ allocation possibility. (***DONE)
- /* Free thread pool. If `wait_unfinished' is TRUE this will block
- and waits that all remaining active threads finish before freeing
- the pool. */
- void silc_thread_pool_free(SilcThreadPool tp, SilcBool wait_unfinished);
+ o silc_stack_alloc shouldn't require multiple by 8 size argument, it
+ should figure it out itself.
- /* Run `run' function with `run_context' in one of the threads in the
- thread pool. Returns FALSE if the thread pool is being freed. If
- there are no free threads left in the pool this will queue the
- the `run' and will call it once a thread becomes free.
+ o silc_malloc et. al. to respect --with-alignment.
- If `completion' is non-NULL it will be called to indicate completion
- of the `run' function. If `schedule' is non-NULL the `completion'
- will be called through the scheduler in the main thread. If it is
- NULL the `completion' is called directly from the thread after the
- `run' has returned. */
- SilcBool silc_thread_pool_run(SilcThreadPool tp,
- SilcSchedule schedule,
- SilcThreadPoolFunc run,
- void *run_context,
- SilcThreadPoolFunc completion,
- void *completion_context);
+ o Add '%@' format to silc_snprintf functions. It marks for external
+ rendering function of following type:
- /* Modify the amount of maximum threads of the pool. */
- void silc_thread_pool_set_max_threads(SilcThreadPool tp,
- SilcUInt32 max_threads);
+ /* Snprintf rendering function. The `data' is rendered into a string
+ and allocated string is returned. If NULL is returned the
+ rendering is skipped and ignored. If the returned string does
+ not fit to the destination buffer it may be truncated. */
+ typedef char *(*SilcSnprintfRender)(void *data);
- /* Returns the amount of maximum size the pool can grow. */
- SilcUInt32 silc_thread_pool_num_max_threads(SilcThreadPool tp);
+ It can work like following:
- /* Returns the amount of free threads in the pool currently. */
- SilcUInt32 silc_thread_pool_num_free_threads(SilcThreadPool tp);
+ char *id_renderer(void *data)
+ {
+ char tmp[32];
+ id_to_str(tmp, sizeof(tmp), (SilcID *)data);
+ return strdup(tmp);
+ }
- /* Stops all free and started threads. The minumum amount of threads
- specified to silc_thread_pool_alloc always remains. */
- void silc_thread_pool_purge(SilcThreadPool tp);
+ silc_snprintf(buf, sizeof(buf), "Client ID %@", id_renderer, client_id);
- o Fast mutex implementation. Fast rwlock implementation. Mutex and
- rwlock implementation using atomic operations.
+ o Change silc_gettimeofday on Unix to use clock_gettime with REALTIME
+ clock if it is available, otherwise use gettimeofday(). (***DONE)
- o Compression routines are missing. The protocol supports packet
- compression thus it must be implemented. SILC Zip API must be
- defined.
+ (o SilcIpAddr abstraction. Ipv4 and Ipv6 support to the abstaction.)
+ maybe
(o Generic SilcStatus or SilcResult that includes all possible status and
error conditions, including those of SILC protocol. Though, the SILC
Crypto Library, lib/silccrypt/
==============================
- o SilcStack to APIs.
+ o Add silc_crypto_init and silc_crypto_uninit. The _init should take
+ SilcStack that will act as global memory pool for all of crypto
+ library. It should not be necessary anymore to separately register
+ default ciphers, HMACs, etc, the _init would do that. However, if
+ user after _init calls silc_pkcs_register, for example, it would take
+ preference over the default once, ie. user can always dictate the
+ order of algorithms. (***DONE)
o Add fingerprint to SilcSILCPublicKey and retrieval to silcpk.h, and
possibly to silcpkcs.h.
o Change SILC PKCS API to asynchronous, so that accelerators can be used.
All PKCS routines should now take callbacks as argument and they should
- be delivered to SilcPKCSObject and SilcPKCSAlgorithm too.
-
- /* Signature computation callback */
- typedef void (*SilcPKCSSignCb)(SilcBool success,
- const unsigned char *signature,
- SilcUInt32 signature_len,
- void *context);
-
- /* Signature verification callback */
- typedef void (*SilcPKCSVerifyCb)(SilcBool success, void *context);
-
- /* Encryption callback */
- typedef void (*SilcPKCSEncryptCb)(SilcBool success,
- const unsigned char *encrypted,
- SilcUInt32 encrypted_len,
- void *context);
-
- /* Decryption callback */
- typedef void (*SilcPKCSDecryptCb)(SilcBool success,
- const unsigned char *decrypted,
- SilcUInt32 decrypted_len,
- void *context);
-
- Either add new _async functions or add the callbacks to existing API
- and if the callback is NULL then the API is not async and if provided
- it may be async. For example;
-
- SilcBool silc_pkcs_sign(SilcPrivateKey private_key,
- unsigned char *src, SilcUInt32 src_len,
- unsigned char *dst, SilcUInt32 dst_size,
- SilcUInt32 *dst_len,
- SilcBool compute_hash, SilcHash hash,
- SilcPKCSSignCb async_sign,
- void *async_sign_context);
-
- (if this is done then there's no reason why the buffers in the
- callbacks cannot be the ones user gives here) or allow only async:
-
- SilcBool silc_pkcs_sign(SilcPrivateKey private_key,
- unsigned char *src, SilcUInt32 src_len,
- SilcBool compute_hash, SilcHash hash,
- SilcPKCSSignCb async_sign,
- void *async_sign_context);
-
- or add new:
-
- SilcBool silc_pkcs_sign_async(SilcPrivateKey private_key,
- unsigned char *src, SilcUInt32 src_len,
- SilcBool compute_hash, SilcHash hash,
- SilcPKCSSignCb async_sign,
- void *async_sign_context);
+ be delivered to SilcPKCSObject and SilcPKCSAlgorithm too. (***DONE)
o Change PKCS Algorithm API to take SilcPKCSAlgorithm as argument to
encrypt, decrypt, sign and verify functions. We may need to for exmaple
check the alg->hash, supported hash functions. Maybe deliver it also
- to all other functions in SilcPKCSAlgorithm to be consistent.
+ to all other functions in SilcPKCSAlgorithm to be consistent. (***DONE)
- o Add DSS support. Take implementation from Tom or make it yourself.
+ o Add DSA support to SILC public key.
+
+ o Add DSS support. (***DONE)
o Implement the defined SilcDH API. The definition is in
lib/silccrypt/silcdh.h. Make sure it is asynchronous so that it can
be accelerated. Also take into account that it could use elliptic
curves.
- o ECDSA and ECDH
+ o Add ECDSA support.
+
+ o Add ECDH support.
+
+ o AES CBC is missing proper alignment code (see silc_1_1_branch).
o All cipher, hash, hmac etc. allocation routines should take their name
- in as const char * not const unsigned char *.
+ in as const char * not const unsigned char *. (***DONE)
SILC Accelerator Library
o SILC Accelerator API. Provides generic way to use different kind of
accelerators. Basically implements SILC PKCS API so that SilcPublicKey
and SilcPrivateKey can be used but they call the accelerators.
-
- Something in the lines of (preliminary):
-
- /* Register accelerator to system. Initializes the accelerator. */
- Varargs are optional accelerator specific init parameteres. */
- SilcBool silc_acc_register(SilcAccelerator acc, ...);
-
- silc_acc_register(softacc, "min_threads", 2, "max_threads", 16, NULL);
-
- /* Unregister accelerator. Uninitializes the accelerator. */
- SilcBool silc_acc_unregister(const SilcAccelerator acc);
-
- /* Return list of the registered accelerators */
- SilcDList silc_acc_get_supported(void);
-
- /* Find existing accelerator. `name' is accelerator's name. */
- SilcAccelerator silc_acc_find(const char *name);
-
- /* Return accelerator's name */
- const char *silc_acc_get_name(SilcAccelerator acc);
-
- /* Accelerate `public_key'. Return accelerated public key. */
- SilcPublicKey silc_acc_public_key(SilcAccelerator acc,
- SilcPublicKey public_key);
-
- /* Accelerate `private_key'. Returns accelerated private key. */
- SilcPrivateKey silc_acc_private_key(SilcAccelerator acc,
- SilcPrivateKey private_key);
-
- /* Return the underlaying public key */
- SilcPublicKey silc_acc_get_public_key(SilcAccelerator acc,
- SilcPublicKey public_key);
-
- /* Return the underlaying private key */
- SilcPrivateKey silc_acc_get_private_key(SilcAccelerator acc,
- SilcPrivateKey private_key);
-
- typedef struct SilcAcceleratorObject {
- const char *name; /* Accelerator's name */
- SilcBool (*init)(va_list va); /* Initialize accelerator */
- SilcBool (*uninit)(void); /* Uninitialize accelerator */
- const SilcPKCSAlgorithm *pkcs; /* Accelerated PKCS algorithms */
- const SilcDHObject *dh; /* Accelerated Diffie-Hellmans */
- const SilcCipherObject *cipher; /* Accelerated ciphers */
- const SilcHashObject *hash; /* Accelerated hashes */
- const SilcHmacObject *hmac; /* Accelerated HMACs */
- const SilcRngObject *rng; /* Accelerated RNG's */
- } *SilcAccelerator, SilcAcceleratorStruct;
-
- Allows accelerator to have multiple accelerators (cipher, hash etc)
- and multiple different algorithms and implementations (SHA-1, SHA-256 etc).
-
- SilcPublicKey->SilcSILCPublicKey->RsaPublicKey accelerated as:
- SilcPublicKey->SilcAcceleratorPublicKey->SilcSoftAccPublicKey->
- SilcPublicKey->SilcSILCPublicKey->RsaPublicKey
-
- silc_acc_public_key creates SilcPublicKey and SilcAcceleratorPublicKey
- and acc->pkcs->import_public_key creates SilcSoftAccPublicKey.
+ (***DONE)
o Implement software accelerator. It is a thread pool system where the
- public key and private key operations are executed in threads.
+ public key and private key operations are executed in threads.
+ (***DONE)
- const struct SilcAcceleratorObject softacc =
- {
- "softacc", softacc_init, softacc_uninit,
- softacc_pkcs, NULL, NULL, NULL, NULL
- }
-
- /* Called from silc_acc_private_key */
- int silc_softacc_import_private_key(void *key, SilcUInt32 key_len,
- void **ret_private_key)
- {
- SilcSoftAccPrivateKey prv = silc_calloc(1, sizeof(*prv));
- prv->pkcs = acc->pkcs;
- prv->private_key = key;
- *ret_private_key = prv;
- }
+ o Diffie-Hellman acceleration
(o Symmetric key cryptosystem acceleration? They are always sycnhronouos
even with hardware acceleration so the crypto API shouldn't require
lib/silcmath
============
- o Import TFM. Talk to Tom to add the missing functions. Use TFM in
- client and client library, but TMA in server, due to the significantly
- increased memory consumption with TFM, and the rare need for public
- key operations in server.
+ o Import TFM. We want TFM's speed but its memory requirements are
+ just too much. By default it uses large pre-allocated tables which
+ will eat memory when there are thousands of public keys in system.
+ We probably want to change TFM's fp_int dynamic so that a specific
+ size can be allocated for the int. We could have two new functions:
- We want TFM's speed but not TFM's memory requirements. Talk to Tom
- about making the TFM mp dynamic just as it is in LTM.
+ SilcBool silc_mp_init_size(SilcMPInt *mp, SilcUInt32 bit_size);
+ SilcBool silc_mp_sinit_size(SilcStack stack, SilcMPInt *mp,
+ SilcUInt32 bit_size);
+
+ Which by default allocates `bit_size' bits instead of some default
+ value. silc_mp_init would allocate the default FP_SIZE with TFM
+ and do normal init with TMA and GMP. _init_size with TMA and GMP
+ would be same as _init.
+
+ o Add AND, OR and XOR support to TFM or ask Tom to do it.
o The SILC MP API function must start returning indication of success
and failure of the operation.
o SILC_ASN1_CHOICE should perhaps return an index what choice in the
choice list was found. Currently it is left for caller to figure out
- which choice was found.
+ which choice was found. (***DONE)
o SILC_ASN1_NULL in decoding should return SilcBool whether or not
the NULL was present. It's important when it's SILC_ASN1_OPTIONAL
- and we need to know whether it was present or not.
+ and we need to know whether it was present or not. (***DONE)
lib/silcpgp
===========
- o OpenPGP certificate support, allowing the use of PGP public keys
- in SILC.
+ o OpenPGP certificate support, allowing the use of PGP public keys.
lib/silcssh
===========
- o SSH2 public key/private key support, allowing the use of SSH2 keys
- in SILC. RFC 4716.
+ o SSH2 public key/private key support, allowing the use of SSH2 keys.
+ RFC 4716. (***DONE)
lib/silcpkix
o Library must have support for SERVICE command.
- o The server must be able to run behind NAT device. This means that
+ o Both UDP and TCP support for incoming connecetions. Maintaining long
+ term UDP sessions.
+
+ o The server must be able to run behind NAT device. This means that
Server ID must be based on public IP instead of private IP.
+ o The following data must be in per-connection context: client id cache,
+ server id cache, channel id cache, all statistics must be
+ per-connection.
+
+ o The following data must be in per-thread context: command context
+ freelist/pool, pending commands, random number generator.
+
+ o Do inccoming packet processing in an own FSM thread in the
+ server-threads FSM. Same as in client library.
+
+ o Binding to other ports than 706 too. To allow easier traversing
+ through NATs and firewalls server should bind to 80, 443 and 7706
+ by default (at least try to bind). Connections must work normally
+ even if they were established to some other port other than 706.
+
+ Connection option that attemps to connect to remot server with various
+ different mechanisms: UDP 706, TCP 706, TCP 80, TCP 443, UDP 7706 and
+ TCP 7706. This is the so called hole punching mechanism.
+
o Reference count all Silc*Entry structures.
Some issues that must be kept in mind from 1.0 and 1.1 silcd's:
+ o The server and router software MUST work out of the box. After
+ installation the server must not require any configuration to run the
+ most basic working configuration. No defining IP addresses, etc.
+ The server must work just by running it.
+
o The SERVER_SIGNOFF notify handing is not optimal, because it'll
cause sending of multiple SIGNOFF notify's instead of the one
SERVER_SIGNOFF notify that the server received. This should be
projects / crypto.git / blobdiff