-TODO for SILC Client 1.0 branch
-===============================
+TODO for 1.2 And Beyond
+=======================
- o Bugs reported on the mailing list that will be fixed eventually.
- The numbers are arbitrary and assigned by me (c0ffee), bugs in
- parentheses are fixed.
+NOTE: Any item that doesn't have (***DONE) in it, isn't done yet. The
+(***TESTING NEEDED) means that the item has been done but not yet properly
+tested.
- (#1 Ignore ALL doesn't ignore target using /me)
- #2 specification of the silc network
- (#3 expired private key dialogue doesn't work)
- #4 silc client allows setting non-utf8 topics
- #5 SILC-client displaying wrong totals with /names
+NOTE: A TODO entry does not mean that it is ever going to be done. Some
+of the entries may be just ideas, good, bad or ugly. If you want to work
+on some of the TODO entries simply let us know about it by dropping a note
+to silc-devel mailing list or appear on 'silc' channel on SILCNet.
-TODO for SILC Server 1.0
+Crypto Library, lib/silccrypt/
+==============================
+
+ o SilcHmac must be replaced with generic SilcMac so that we can add
+ others than just HMAC algorithms. Backwards support (via #define's)
+ must be preserved.
+
+ o Change the DSA implementation to support FIPS186-3. This means that
+ the q length is determined by the key length. Also note that specific
+ hash functions must be used with different q lengths.
+
+ o AES CBC is missing proper alignment code (see silc_1_1_branch).
+
+ o The asynchronous functions to perhaps to _async to preserve backwards
+ compatibility with synchronous versions, and make easier to migrate
+ from 1.1 to 1.2.
+
+ o Do GCC vs ICC benchmarks of all key algorithms.
+
+ o silc_pkcs_public_key_alloc should accept also SILC_PKCS_ANY as argument
+ and try all supported PKCS until one succeeds (ala load_public_key).
+
+ o Add fingerprint to SilcSILCPublicKey and retrieval to silcpk.h, and
+ possibly to silcpkcs.h.
+
+ /* Return fingerprint of the `public_key'. Returns also the algorithm
+ that has been used to make the fingerprint. */
+ const unsigned char *
+ silc_pkcs_get_fingerprint(SilcPublicKey public_key,
+ const char **hash_algorithm,
+ SilcUInt32 *fingerprint_len);
+
+ o Add DSA support to SILC public key.
+
+ o Global RNG must be changed to use SILC Global API.
+
+ o Add silc_crypto_init and silc_crypto_uninit. The _init should take
+ SilcStack that will act as global memory pool for all of crypto
+ library. It should not be necessary anymore to separately register
+ default ciphers, HMACs, etc, the _init would do that. However, if
+ user after _init calls silc_pkcs_register, for example, it would take
+ preference over the default once, ie. user can always dictate the
+ order of algorithms. (***DONE)
+
+ o Change SILC PKCS API to asynchronous, so that accelerators can be used.
+ All PKCS routines should now take callbacks as argument and they should
+ be delivered to SilcPKCSObject and SilcPKCSAlgorithm too. (***DONE)
+
+ o Change PKCS Algorithm API to take SilcPKCSAlgorithm as argument to
+ encrypt, decrypt, sign and verify functions. We may need to for exmaple
+ check the alg->hash, supported hash functions. Maybe deliver it also
+ to all other functions in SilcPKCSAlgorithm to be consistent. (***DONE)
+
+ o Add DSS support. (***DONE)
+
+ o Implement the defined SilcDH API. The definition is in
+ lib/silccrypt/silcdh.h. Make sure it is asynchronous so that it can
+ be accelerated. Also take into account that it could use elliptic
+ curves.
+
+ o All cipher, hash, hmac etc. allocation routines should take their name
+ in as const char * not const unsigned char *. (***DONE)
+
+ o Add ECDSA support.
+
+ o Add ECDH support.
+
+
+SKR Library, lib/silcskr/
+=========================
+
+ o Add fingerprint as search constraint.
+
+ o Add SSH support. (***DONE, TESTING NEEDED)
+
+ o Add OpenPGP support. Adding, removing, fetching PGP keys. (Keyring
+ support?)
+
+ o Add support for importing public keys from a directory and/or from a
+ file. Add support for exporting the repository (different formats for
+ different key types?).
+
+ o Change the entire silc_skr_find API. Remove SilcSKRFind and just simply
+ add the find constraints as variable argument list to silc_skr_find, eg:
+
+ silc_skr_find(skr, schedule, callback, context,
+ SILC_SKR_FIND_PUBLIC_KEY, public_key,
+ SILC_SKR_FIND_COUNTRY, "FI",
+ SILC_SKR_FIND_USAGE, SILC_SKR_USAGE_AUTH,
+ SILC_SKR_FIND_END);
+
+ NULL argument would be ignored and skipped.
+
+ o Add OR logical rule in addition of the current default AND, eg:
+
+ // Found key(s) MUST have this public key AND this country.
+ silc_skr_find(skr, schedule, callback, context,
+ SILC_SKR_FIND_RULE_AND,
+ SILC_SKR_FIND_PUBLIC_KEY, public_key,
+ SILC_SKR_FIND_COUNTRY, "FI",
+ SILC_SKR_FIND_END);
+
+ // Found key(s) MUST have this public key OR this key context
+ silc_skr_find(skr, schedule, callback, context,
+ SILC_SKR_FIND_RULE_OR,
+ SILC_SKR_FIND_PUBLIC_KEY, public_key,
+ SILC_SKR_FIND_CONTEXT, key_context,
+ SILC_SKR_FIND_END);
+
+ o SilcStack to SKR API.
+
+
+SILC Accelerator Library
========================
- o BUG: silc_idlist_del_client had been called but sock->user_data remained
- and pointed to invalid pointer. Where it was called is not known.
+ o Diffie-Hellman acceleration
+
+ o SILC Accelerator API. Provides generic way to use different kind of
+ accelerators. Basically implements SILC PKCS API so that SilcPublicKey
+ and SilcPrivateKey can be used but they call the accelerators.
+ (***DONE)
+
+ o Implement software accelerator. It is a thread pool system where the
+ public key and private key operations are executed in threads.
+ (***DONE)
+
+ o Add SilcCipher support to SilcAccelerator and software accelerator.
+ Accelerate at least ciphers using CTR mode which can be done in
+ parallel. Do it in producer/consumer fashion where threads generate
+ key stream and other thread(s) encrypt using the key stream. (***DONE)
+
+
+lib/silcmath
+============
+
+ o Import TFM. We want TFM's speed but its memory requirements are
+ just too much. By default it uses large pre-allocated tables which
+ will eat memory when there are thousands of public keys in system.
+ We probably want to change TFM's fp_int dynamic so that a specific
+ size can be allocated for the int. We could have two new functions:
+
+ SilcBool silc_mp_init_size(SilcMPInt *mp, SilcUInt32 bit_size);
+ SilcBool silc_mp_sinit_size(SilcStack stack, SilcMPInt *mp,
+ SilcUInt32 bit_size);
+
+ Which by default allocates `bit_size' bits instead of some default
+ value. silc_mp_init would allocate the default FP_SIZE with TFM
+ and do normal init with TMA and GMP. _init_size with TMA and GMP
+ would be same as _init.
+
+ o Add AND, OR and XOR support to TFM or ask Tom to do it.
+
+ o The SILC MP API function must start returning indication of success
+ and failure of the operation.
+
+ o Do SilcStack support for silc_mp_init, silc_mp_init_size and other
+ any other MP function (including utility ones) that may allocate
+ memory.
+
+ o Prime generation progress using callback instead of printing to
+ stdout.
+
+ o All utility functions should be made non-allocating ones.
+
+
+lib/silcasn1
+============
+
+ o Negative integer encoding is missing, add it.
+
+ o SILC_ASN1_CHOICE should perhaps return an index what choice in the
+ choice list was found. Currently it is left for caller to figure out
+ which choice was found. (***DONE)
+
+ o SILC_ASN1_NULL in decoding should return SilcBool whether or not
+ the NULL was present. It's important when it's SILC_ASN1_OPTIONAL
+ and we need to know whether it was present or not. (***DONE)
+
+
+lib/silcpgp
+===========
+
+ o OpenPGP certificate support, allowing the use of PGP public keys and
+ private keys.
+
+ o Signatures for data, public keys and private keys (Signature packet).
- o Basic UTF-8 stringprep profile that makes sure UTF-8 strings are
- as defined in spec-08 section 3.13.
+ o Signature verification from public keys, private keys and other signed
+ data (Signature packet).
- o Server sometimes connects more than once to router and keeps
- connecting even though connection exists.
+ o Encryption and decryption support (Packet tags 8 and 18 most likely).
- o Testing
+ o Retrieval of User ID from public key and private key (Used ID packet
+ and User Attribute packet).
+ o Creation of OpenPGP key pairs.
-TODO/bugs In SILC Libraries
-===========================
+ o Trust packet handling (GNU PG compatible) from public and private keys.
- o Test cases for all payload encoding and decoding routins in lib/silccore/
+ o Add option that the signature format doesn't use the OpenPGP format
+ but whatever is the default in SILC crypto library.
- o Test cases for math library routines in lib/silcmath/
- o Implement new version of SFTP protocol (missing versions 4 and 5, we
- have version 3).
+lib/silcssh
+===========
+ o Add option that the signature format doesn't use the SSH2 protocol
+ but whatever is the default in SILC crypto library;
+ silc_ssh_private_key_set_signature_type, or something.
-TODO in Toolkit Documentation
-=============================
+ o SSH2 public key/private key support, allowing the use of SSH2 keys.
+ RFC 4716. (***DONE)
-Stuff that needs to be done in order to complete the Toolkit Reference
-Manual (Do these to 0.9.x).
- o Write "Programming with Toolkit" document, describing how to build
- Toolkit, how the build system works, where is everything, how
- new (external) projects can be glued into Toolkit (use irssi as an
- example), and how external projects can use Toolkit without gluing into
- it (how to link etc), debugging, architecture, types, etc.
+lib/silcpkix
+============
- o Searching of predefined keywords, exact and partial matches (would be
- nice).
+ o PKIX implementation