Crypto Library, lib/silccrypt/
==============================
- o SilcHmac must be replaced with generic SilcMac so that we can add
- others than just HMAC algorithms. Backwards support (via #define's)
- must be preserved.
-
- o Change the DSA implementation to support FIPS186-3. This means that
- the q length is determined by the key length. Also note that specific
- hash functions must be used with different q lengths.
-
- o AES CBC is missing proper alignment code (see silc_1_1_branch).
-
- o The asynchronous functions to perhaps to _async to preserve backwards
- compatibility with synchronous versions, and make easier to migrate
- from 1.1 to 1.2.
-
- o Do GCC vs ICC benchmarks of all key algorithms.
-
- o silc_pkcs_public_key_alloc should accept also SILC_PKCS_ANY as argument
- and try all supported PKCS until one succeeds (ala load_public_key).
-
o Add fingerprint to SilcSILCPublicKey and retrieval to silcpk.h, and
possibly to silcpkcs.h.
const char **hash_algorithm,
SilcUInt32 *fingerprint_len);
- o Add DSA support to SILC public key.
+ o Add CMAC and maybe others. Change needs rewrite of the internals of
+ the SILC Mac API, currently it's suitable only for HMACs.
o Global RNG must be changed to use SILC Global API.
+ o Global cipher, hash, mac, and pkcs tables must use SILC Global API.
+
+ o Add FIPS compliant RNG.
+
+ o Implement the defined SilcDH API. The definition is in
+ lib/silccrypt/silcdh.h. Make sure it is asynchronous so that it can
+ be accelerated. Also take into account that it could use elliptic
+ curves.
+
+ o Add Elgamal.
+
+ o Add ECDSA support.
+
+ o Add ECDH support.
+
+ o Add PKCS#1 RSAES-OAEP and RSASSA-PSS.
+
+ o Add GCM mode.
+
+ o Do GCC vs ICC benchmarks of all key algorithms.
+
+ o Add DSA support to SILC public key.
+
+ o The asynchronous functions to perhaps to _async to preserve backwards
+ compatibility with synchronous versions, and make easier to migrate
+ from 1.1 to 1.2. (***DONE)
+
+ o AES CBC is missing proper alignment code. (***DONE)
+
+ o silc_pkcs_public_key_alloc should accept also SILC_PKCS_ANY as argument
+ and try all supported PKCS until one succeeds. (***DONE)
+
+ o Associate a default hash function with all PKCS algorithms. User can
+ override it in silc_pkcs_sign. DSA with FIPS186-3 determines the
+ hash algorithm by the key length. (***DONE)
+
+ o Document all cipher names, hash names, mac names, pkcs names. (***DONE)
+
+ o SilcHmac must be replaced with generic SilcMac so that we can add
+ others than just HMAC algorithms. Backwards support (via #define's)
+ must be preserved. (***DONE)
+
+ o Change the DSA implementation to support FIPS186-3. This means that
+ the q length is determined by the key length. (***DONE)
+
o Add silc_crypto_init and silc_crypto_uninit. The _init should take
SilcStack that will act as global memory pool for all of crypto
library. It should not be necessary anymore to separately register
o Add DSS support. (***DONE)
- o Implement the defined SilcDH API. The definition is in
- lib/silccrypt/silcdh.h. Make sure it is asynchronous so that it can
- be accelerated. Also take into account that it could use elliptic
- curves.
-
o All cipher, hash, hmac etc. allocation routines should take their name
in as const char * not const unsigned char *. (***DONE)
- o Add ECDSA support.
-
- o Add ECDH support.
-
SKR Library, lib/silcskr/
=========================
file. Add support for exporting the repository (different formats for
different key types?).
- o Change the entire silc_skr_find API. Remove SilcSKRFind and just simply
- add the find constraints as variable argument list to silc_skr_find, eg:
-
- silc_skr_find(skr, schedule, callback, context,
- SILC_SKR_FIND_PUBLIC_KEY, public_key,
- SILC_SKR_FIND_COUNTRY, "FI",
- SILC_SKR_FIND_USAGE, SILC_SKR_USAGE_AUTH,
- SILC_SKR_FIND_END);
-
- NULL argument would be ignored and skipped.
+ o Add find rule AND and OR. The default is always AND. Add
+ silc_skr_find_set_rule.
- o Add OR logical rule in addition of the current default AND, eg:
+ o Add silc_skr_find_add_search_file that can be used to add a file to
+ search for the public keys. More than one can be set. Add support
+ for searching keys from file.
- // Found key(s) MUST have this public key AND this country.
- silc_skr_find(skr, schedule, callback, context,
- SILC_SKR_FIND_RULE_AND,
- SILC_SKR_FIND_PUBLIC_KEY, public_key,
- SILC_SKR_FIND_COUNTRY, "FI",
- SILC_SKR_FIND_END);
-
- // Found key(s) MUST have this public key OR this key context
- silc_skr_find(skr, schedule, callback, context,
- SILC_SKR_FIND_RULE_OR,
- SILC_SKR_FIND_PUBLIC_KEY, public_key,
- SILC_SKR_FIND_CONTEXT, key_context,
- SILC_SKR_FIND_END);
+ o Add silc_skr_find_add_search_dir that can be used to add a directory to
+ search for the public keys. More than one can be set. Add support
+ for seraching keys from directory.
o SilcStack to SKR API.
SILC Accelerator Library
========================
- o Diffie-Hellman acceleration
+ o Diffie-Hellman acceleration to SILC Accelerator API.
+
+ o Diffie-Hellman software acceleration.
+
+ o Hardware acceleration through OCF (OCF-Linux,
+ http://ocf-linux.sourceforge.net).
+
+ o VIA Padlock support. See http://www.logix.cz/michal/devel/padlock/ and
+ Gladman's code.
+
+ o Implement GCM software acceleration.
+
+ o Add hash function acceleration to SILC Accelerator API.
o SILC Accelerator API. Provides generic way to use different kind of
accelerators. Basically implements SILC PKCS API so that SilcPublicKey
lib/silcmath
============
+ o Prime generation progress using callback instead of printing to
+ stdout.
+
+ o All utility functions should be made non-allocating ones.
+
o Import TFM. We want TFM's speed but its memory requirements are
just too much. By default it uses large pre-allocated tables which
will eat memory when there are thousands of public keys in system.
- We probably want to change TFM's fp_int dynamic so that a specific
- size can be allocated for the int. We could have two new functions:
-
- SilcBool silc_mp_init_size(SilcMPInt *mp, SilcUInt32 bit_size);
- SilcBool silc_mp_sinit_size(SilcStack stack, SilcMPInt *mp,
- SilcUInt32 bit_size);
-
- Which by default allocates `bit_size' bits instead of some default
- value. silc_mp_init would allocate the default FP_SIZE with TFM
- and do normal init with TMA and GMP. _init_size with TMA and GMP
- would be same as _init.
+ We probably want to change TFM. (***DONE)
- o Add AND, OR and XOR support to TFM or ask Tom to do it.
+ o Add AND, OR and XOR support to TFM. (***DONE)
o The SILC MP API function must start returning indication of success
- and failure of the operation.
-
- o Do SilcStack support for silc_mp_init, silc_mp_init_size and other
- any other MP function (including utility ones) that may allocate
- memory.
-
- o Prime generation progress using callback instead of printing to
- stdout.
+ and failure of the operation. (***DONE)
- o All utility functions should be made non-allocating ones.
+ o Do SilcStack support for silc_mp_init and other MP function
+ (including utility ones) that may allocate memory. (***DONE)
lib/silcasn1
============
o PKIX implementation
+
+
+lib/silccms
+===========
+
+ o Cryptographic Message Syntax (RFC 3852), the former PKCS #7
+
+
+lib/silcsmime
+=============
+
+ o S/MIME (RFC 3851)
projects / crypto.git / blobdiff