-
Notifications
You must be signed in to change notification settings - Fork 2
/
TODO
246 lines (159 loc) · 7.91 KB
/
TODO
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
TODO for 1.2 And Beyond
=======================
NOTE: Any item that doesn't have (***DONE) in it, isn't done yet. The
(***TESTING NEEDED) means that the item has been done but not yet properly
tested.
NOTE: A TODO entry does not mean that it is ever going to be done. Some
of the entries may be just ideas, good, bad or ugly. If you want to work
on some of the TODO entries simply let us know about it by dropping a note
to silc-devel mailing list or appear on 'silc' channel on SILCNet.
Crypto Library, lib/silccrypt/
==============================
o Add fingerprint to SilcSILCPublicKey and retrieval to silcpk.h, and
possibly to silcpkcs.h.
/* Return fingerprint of the `public_key'. Returns also the algorithm
that has been used to make the fingerprint. */
const unsigned char *
silc_pkcs_get_fingerprint(SilcPublicKey public_key,
const char **hash_algorithm,
SilcUInt32 *fingerprint_len);
o Add CMAC and maybe others. Change needs rewrite of the internals of
the SILC Mac API, currently it's suitable only for HMACs.
o Global RNG must be changed to use SILC Global API.
o Global cipher, hash, mac, and pkcs tables must use SILC Global API.
o Add FIPS compliant RNG.
o Implement the defined SilcDH API. The definition is in
lib/silccrypt/silcdh.h. Make sure it is asynchronous so that it can
be accelerated. Also take into account that it could use elliptic
curves.
o Add Elgamal.
o Add ECDSA support.
o Add ECDH support.
o Add PKCS#1 RSAES-OAEP and RSASSA-PSS.
o Add GCM mode.
o Do GCC vs ICC benchmarks of all key algorithms.
o Add DSA support to SILC public key.
o The asynchronous functions to perhaps to _async to preserve backwards
compatibility with synchronous versions, and make easier to migrate
from 1.1 to 1.2. (***DONE)
o AES CBC is missing proper alignment code. (***DONE)
o silc_pkcs_public_key_alloc should accept also SILC_PKCS_ANY as argument
and try all supported PKCS until one succeeds. (***DONE)
o Associate a default hash function with all PKCS algorithms. User can
override it in silc_pkcs_sign. DSA with FIPS186-3 determines the
hash algorithm by the key length. (***DONE)
o Document all cipher names, hash names, mac names, pkcs names. (***DONE)
o SilcHmac must be replaced with generic SilcMac so that we can add
others than just HMAC algorithms. Backwards support (via #define's)
must be preserved. (***DONE)
o Change the DSA implementation to support FIPS186-3. This means that
the q length is determined by the key length. (***DONE)
o Add silc_crypto_init and silc_crypto_uninit. The _init should take
SilcStack that will act as global memory pool for all of crypto
library. It should not be necessary anymore to separately register
default ciphers, HMACs, etc, the _init would do that. However, if
user after _init calls silc_pkcs_register, for example, it would take
preference over the default once, ie. user can always dictate the
order of algorithms. (***DONE)
o Change SILC PKCS API to asynchronous, so that accelerators can be used.
All PKCS routines should now take callbacks as argument and they should
be delivered to SilcPKCSObject and SilcPKCSAlgorithm too. (***DONE)
o Change PKCS Algorithm API to take SilcPKCSAlgorithm as argument to
encrypt, decrypt, sign and verify functions. We may need to for exmaple
check the alg->hash, supported hash functions. Maybe deliver it also
to all other functions in SilcPKCSAlgorithm to be consistent. (***DONE)
o Add DSS support. (***DONE)
o All cipher, hash, hmac etc. allocation routines should take their name
in as const char * not const unsigned char *. (***DONE)
SKR Library, lib/silcskr/
=========================
o Add fingerprint as search constraint.
o Add SSH support. (***DONE, TESTING NEEDED)
o Add OpenPGP support. Adding, removing, fetching PGP keys. (Keyring
support?)
o Add support for importing public keys from a directory and/or from a
file. Add support for exporting the repository (different formats for
different key types?).
o Add find rule AND and OR. The default is always AND. Add
silc_skr_find_set_rule.
o Add silc_skr_find_add_search_file that can be used to add a file to
search for the public keys. More than one can be set. Add support
for searching keys from file.
o Add silc_skr_find_add_search_dir that can be used to add a directory to
search for the public keys. More than one can be set. Add support
for seraching keys from directory.
o SilcStack to SKR API.
SILC Accelerator Library
========================
o Diffie-Hellman acceleration to SILC Accelerator API.
o Diffie-Hellman software acceleration.
o Hardware acceleration through OCF (OCF-Linux,
http://ocf-linux.sourceforge.net).
o VIA Padlock support. See http://www.logix.cz/michal/devel/padlock/ and
Gladman's code.
o Implement GCM software acceleration.
o Add hash function acceleration to SILC Accelerator API.
o SILC Accelerator API. Provides generic way to use different kind of
accelerators. Basically implements SILC PKCS API so that SilcPublicKey
and SilcPrivateKey can be used but they call the accelerators.
(***DONE)
o Implement software accelerator. It is a thread pool system where the
public key and private key operations are executed in threads.
(***DONE)
o Add SilcCipher support to SilcAccelerator and software accelerator.
Accelerate at least ciphers using CTR mode which can be done in
parallel. Do it in producer/consumer fashion where threads generate
key stream and other thread(s) encrypt using the key stream. (***DONE)
lib/silcmath
============
o Prime generation progress using callback instead of printing to
stdout.
o All utility functions should be made non-allocating ones.
o Import TFM. We want TFM's speed but its memory requirements are
just too much. By default it uses large pre-allocated tables which
will eat memory when there are thousands of public keys in system.
We probably want to change TFM. (***DONE)
o Add AND, OR and XOR support to TFM. (***DONE)
o The SILC MP API function must start returning indication of success
and failure of the operation. (***DONE)
o Do SilcStack support for silc_mp_init and other MP function
(including utility ones) that may allocate memory. (***DONE)
lib/silcasn1
============
o Negative integer encoding is missing, add it.
o SILC_ASN1_CHOICE should perhaps return an index what choice in the
choice list was found. Currently it is left for caller to figure out
which choice was found. (***DONE)
o SILC_ASN1_NULL in decoding should return SilcBool whether or not
the NULL was present. It's important when it's SILC_ASN1_OPTIONAL
and we need to know whether it was present or not. (***DONE)
lib/silcpgp
===========
o OpenPGP certificate support, allowing the use of PGP public keys and
private keys.
o Signatures for data, public keys and private keys (Signature packet).
o Signature verification from public keys, private keys and other signed
data (Signature packet).
o Encryption and decryption support (Packet tags 8 and 18 most likely).
o Retrieval of User ID from public key and private key (Used ID packet
and User Attribute packet).
o Creation of OpenPGP key pairs.
o Trust packet handling (GNU PG compatible) from public and private keys.
o Add option that the signature format doesn't use the OpenPGP format
but whatever is the default in SILC crypto library.
lib/silcssh
===========
o Add option that the signature format doesn't use the SSH2 protocol
but whatever is the default in SILC crypto library;
silc_ssh_private_key_set_signature_type, or something.
o SSH2 public key/private key support, allowing the use of SSH2 keys.
RFC 4716. (***DONE)
lib/silcpkix
============
o PKIX implementation
lib/silccms
===========
o Cryptographic Message Syntax (RFC 3852), the former PKCS #7
lib/silcsmime
=============
o S/MIME (RFC 3851)