to silc-devel mailing list or appear on 'silc' channel on SILCNet.
+Crypto Library, lib/silccrypt/
+==============================
+
+ o Add fingerprint to SilcSILCPublicKey and retrieval to silcpk.h, and
+ possibly to silcpkcs.h.
+
+ /* Return fingerprint of the `public_key'. Returns also the algorithm
+ that has been used to make the fingerprint. */
+ const unsigned char *
+ silc_pkcs_get_fingerprint(SilcPublicKey public_key,
+ const char **hash_algorithm,
+ SilcUInt32 *fingerprint_len);
+
+ o Add CMAC and maybe others. Change needs rewrite of the internals of
+ the SILC Mac API, currently it's suitable only for HMACs.
+
+ o Global RNG must be changed to use SILC Global API.
+
+ o Add FIPS compliant RNG.
+
+ o Implement the defined SilcDH API. The definition is in
+ lib/silccrypt/silcdh.h. Make sure it is asynchronous so that it can
+ be accelerated. Also take into account that it could use elliptic
+ curves.
+
+ o Add ECDSA support.
+
+ o Add ECDH support.
+
+ o Add PKCS#1 RSAES-OAEP and RSASSA-PSS.
+
+ o Do GCC vs ICC benchmarks of all key algorithms.
+
+ o Add DSA support to SILC public key.
+
+ o The asynchronous functions to perhaps to _async to preserve backwards
+ compatibility with synchronous versions, and make easier to migrate
+ from 1.1 to 1.2. (***DONE)
+
+ o AES CBC is missing proper alignment code. (***DONE)
+
+ o silc_pkcs_public_key_alloc should accept also SILC_PKCS_ANY as argument
+ and try all supported PKCS until one succeeds. (***DONE)
+
+ o Associate a default hash function with all PKCS algorithms. User can
+ override it in silc_pkcs_sign. DSA with FIPS186-3 determines the
+ hash algorithm by the key length. (***DONE)
+
+ o Document all cipher names, hash names, mac names, pkcs names. (***DONE)
+
+ o SilcHmac must be replaced with generic SilcMac so that we can add
+ others than just HMAC algorithms. Backwards support (via #define's)
+ must be preserved. (***DONE)
+
+ o Change the DSA implementation to support FIPS186-3. This means that
+ the q length is determined by the key length. (***DONE)
+
+ o Add silc_crypto_init and silc_crypto_uninit. The _init should take
+ SilcStack that will act as global memory pool for all of crypto
+ library. It should not be necessary anymore to separately register
+ default ciphers, HMACs, etc, the _init would do that. However, if
+ user after _init calls silc_pkcs_register, for example, it would take
+ preference over the default once, ie. user can always dictate the
+ order of algorithms. (***DONE)
+
+ o Change SILC PKCS API to asynchronous, so that accelerators can be used.
+ All PKCS routines should now take callbacks as argument and they should
+ be delivered to SilcPKCSObject and SilcPKCSAlgorithm too. (***DONE)
+
+ o Change PKCS Algorithm API to take SilcPKCSAlgorithm as argument to
+ encrypt, decrypt, sign and verify functions. We may need to for exmaple
+ check the alg->hash, supported hash functions. Maybe deliver it also
+ to all other functions in SilcPKCSAlgorithm to be consistent. (***DONE)
+
+ o Add DSS support. (***DONE)
+
+ o All cipher, hash, hmac etc. allocation routines should take their name
+ in as const char * not const unsigned char *. (***DONE)
+
+
SKR Library, lib/silcskr/
=========================
o Add fingerprint as search constraint.
+ o Add SSH support. (***DONE, TESTING NEEDED)
+
o Add OpenPGP support. Adding, removing, fetching PGP keys. (Keyring
support?)
o SilcStack to SKR API.
-Crypto Library, lib/silccrypt/
-==============================
-
- o Add silc_crypto_init and silc_crypto_uninit. The _init should take
- SilcStack that will act as global memory pool for all of crypto
- library. It should not be necessary anymore to separately register
- default ciphers, HMACs, etc, the _init would do that. However, if
- user after _init calls silc_pkcs_register, for example, it would take
- preference over the default once, ie. user can always dictate the
- order of algorithms. (***DONE)
-
- o Add fingerprint to SilcSILCPublicKey and retrieval to silcpk.h, and
- possibly to silcpkcs.h.
-
- /* Return fingerprint of the `public_key'. Returns also the algorithm
- that has been used to make the fingerprint. */
- const unsigned char *
- silc_pkcs_get_fingerprint(SilcPublicKey public_key,
- const char **hash_algorithm,
- SilcUInt32 *fingerprint_len);
-
- o Change SILC PKCS API to asynchronous, so that accelerators can be used.
- All PKCS routines should now take callbacks as argument and they should
- be delivered to SilcPKCSObject and SilcPKCSAlgorithm too. (***DONE)
-
- o The asynchronous functions to perhaps to _async to preserve backwards
- compatibility with synchronous versions, and make easier to migrate
- from 1.1 to 1.2.
-
- o Change PKCS Algorithm API to take SilcPKCSAlgorithm as argument to
- encrypt, decrypt, sign and verify functions. We may need to for exmaple
- check the alg->hash, supported hash functions. Maybe deliver it also
- to all other functions in SilcPKCSAlgorithm to be consistent. (***DONE)
-
- o Add DSA support to SILC public key.
-
- o Add DSS support. (***DONE)
-
- o Implement the defined SilcDH API. The definition is in
- lib/silccrypt/silcdh.h. Make sure it is asynchronous so that it can
- be accelerated. Also take into account that it could use elliptic
- curves.
-
- o Add ECDSA support.
+SILC Accelerator Library
+========================
- o Add ECDH support.
+ o Diffie-Hellman software acceleration.
- o AES CBC is missing proper alignment code (see silc_1_1_branch).
+ o Hardware acceleration through OCF (OCF-Linux,
+ http://ocf-linux.sourceforge.net).
- o All cipher, hash, hmac etc. allocation routines should take their name
- in as const char * not const unsigned char *. (***DONE)
-
-
-SILC Accelerator Library
-========================
+ o VIA Padlock support. See http://www.logix.cz/michal/devel/padlock/ and
+ Gladman's code.
o SILC Accelerator API. Provides generic way to use different kind of
accelerators. Basically implements SILC PKCS API so that SilcPublicKey
public key and private key operations are executed in threads.
(***DONE)
- o Add init options to SilcAcceleratorObject as a SilcAcceleratorOption
- structure. Each accelerator defines the options that they support and
- can be retrieved from the SilcAccelerator with silc_acc_get_options.
- The format must also be machine parseable. The structure can be of the
- following format:
-
- typedef struct SilcAcceleratorOptionStruct {
- const char *option; /* Option name */
- const char *display_name; /* Option displayable name */
- SilcParamType type; /* Option data format */
- void *default_value; /* Option's default value */
- SilcUInt32 default_value_len; /* Default value length */
- } *SilcAcceleratorOption;
-
- For software accelerator it could be for example:
-
- { "min_threads", "Minimum threads", SILC_PARAM_UINT32, (void *)2, 4 },
- { "max_threads", "Maximum threads", SILC_PARAM_UINT32, (void *)4, 4 },
-
- o Diffie-Hellman acceleration
-
- (o Symmetric key cryptosystem acceleration? They are always sycnhronouos
- even with hardware acceleration so the crypto API shouldn't require
- changes.) maybe
+ o Add SilcCipher support to SilcAccelerator and software accelerator.
+ Accelerate at least ciphers using CTR mode which can be done in
+ parallel. Do it in producer/consumer fashion where threads generate
+ key stream and other thread(s) encrypt using the key stream. (***DONE)
lib/silcmath
============
+ o Prime generation progress using callback instead of printing to
+ stdout.
+
+ o All utility functions should be made non-allocating ones.
+
o Import TFM. We want TFM's speed but its memory requirements are
just too much. By default it uses large pre-allocated tables which
will eat memory when there are thousands of public keys in system.
- We probably want to change TFM's fp_int dynamic so that a specific
- size can be allocated for the int. We could have two new functions:
+ We probably want to change TFM. (***DONE)
- SilcBool silc_mp_init_size(SilcMPInt *mp, SilcUInt32 bit_size);
- SilcBool silc_mp_sinit_size(SilcStack stack, SilcMPInt *mp,
- SilcUInt32 bit_size);
-
- Which by default allocates `bit_size' bits instead of some default
- value. silc_mp_init would allocate the default FP_SIZE with TFM
- and do normal init with TMA and GMP. _init_size with TMA and GMP
- would be same as _init.
-
- o Add AND, OR and XOR support to TFM or ask Tom to do it.
+ o Add AND, OR and XOR support to TFM. (***DONE)
o The SILC MP API function must start returning indication of success
- and failure of the operation.
-
- o Do SilcStack support for silc_mp_init, silc_mp_init_size and other
- any other MP function (including utility ones) that may allocate
- memory.
-
- o Prime generation progress using callback instead of printing to
- stdout.
+ and failure of the operation. (***DONE)
- o All utility functions should be made non-allocating ones.
+ o Do SilcStack support for silc_mp_init and other MP function
+ (including utility ones) that may allocate memory. (***DONE)
lib/silcasn1
lib/silcpgp
===========
- o OpenPGP certificate support, allowing the use of PGP public keys.
+ o OpenPGP certificate support, allowing the use of PGP public keys and
+ private keys.
+
+ o Signatures for data, public keys and private keys (Signature packet).
+
+ o Signature verification from public keys, private keys and other signed
+ data (Signature packet).
+
+ o Encryption and decryption support (Packet tags 8 and 18 most likely).
+
+ o Retrieval of User ID from public key and private key (Used ID packet
+ and User Attribute packet).
+
+ o Creation of OpenPGP key pairs.
+
+ o Trust packet handling (GNU PG compatible) from public and private keys.
+
+ o Add option that the signature format doesn't use the OpenPGP format
+ but whatever is the default in SILC crypto library.
lib/silcssh
===========
+ o Add option that the signature format doesn't use the SSH2 protocol
+ but whatever is the default in SILC crypto library;
+ silc_ssh_private_key_set_signature_type, or something.
+
o SSH2 public key/private key support, allowing the use of SSH2 keys.
RFC 4716. (***DONE)
============
o PKIX implementation
+
+
+lib/silccms
+===========
+
+ o Cryptographic Message Syntax (RFC 3852), the former PKCS #7
+
+
+lib/silcsmime
+=============
+
+ o S/MIME (RFC 3851)