1Todo List 2======================================== 3 4Feel free to take one of these on if it interests you. Before starting 5out on something, send an email to the dev list or open a discussion 6ticket on GitHub to make sure you're on the right track. 7 8Request a new feature by opening a pull request to update this file. 9 10Ciphers, Hashes, PBKDF 11---------------------------------------- 12 13* Stiched AES/GCM mode for CPUs supporting both AES and CLMUL 14* Combine AES-NI, ARMv8 and POWER AES implementations (as already done for CLMUL) 15* Vector permute AES only supports little-endian systems; fix for big-endian 16* SM4 using AES-NI (https://github.com/mjosaarinen/sm4ni) or vector permute 17* Poly1305 using AVX2 18* ChaCha using SSSE3 19* Skein-MAC 20* PMAC 21* SIV-PMAC 22* GCM-SIV (RFC 8452) 23* EME* tweakable block cipher (https://eprint.iacr.org/2004/125) 24* FFX format preserving encryption (NIST 800-38G) 25* SHA-512 using BMI2+AVX2 26* Constant time DES using bitslicing and/or BMI2 27* Threefish-1024 28* SIMD evaluation of SHA-2 and SHA-3 compression functions 29* Adiantum (https://eprint.iacr.org/2018/720) 30* CRC using clmul/pmull 31 32Public Key Crypto, Math 33---------------------------------------- 34 35* Short vector optimization for BigInt 36* Abstract representation of ECC point elements to allow specific 37 implementations of the field arithmetic depending upon the curve. 38* Use NAF (joint sparse form) for ECC multi-exponentiation 39* Curves for pairings (BN-256, BLS12-381) 40* Identity based encryption 41* Paillier homomorphic cryptosystem 42* Socialist Millionaires Protocol (needed for OTRv3) 43* Hashing onto an elliptic curve (draft-irtf-cfrg-hash-to-curve) 44* New PAKEs (pending CFRG bakeoff results) 45* New post quantum schemes (pending NIST contest results) 46* SPHINX password store (https://eprint.iacr.org/2018/695) 47* X448 and Ed448 48* Use GLV decomposition to speed up secp256k1 operations 49 50Utility Functions 51------------------ 52 53* Add a memory span type 54* Make Memory_Pool more concurrent (currently uses a global lock) 55* Guarded integer type to prevent overflow bugs 56* Add logging callbacks 57* Add latency tracing framework 58 59Multiparty Protocols 60---------------------- 61 62* Distributed key generation for DL, RSA 63* Threshold signing, decryption 64 65External Providers, Hardware Support 66---------------------------------------- 67 68* Add support ARMv8.4-A SHA-512, SHA-3, SM3 and RNG 69* Aarch64 inline asm for BigInt 70* Extend OpenSSL provider (DH, HMAC, CMAC, GCM) 71* Support using BoringSSL instead of OpenSSL or LibreSSL 72* /dev/crypto provider (ciphers, hashes) 73* Windows CryptoNG provider (ciphers, hashes) 74* Extend Apple CommonCrypto provider (HMAC, CMAC, RSA, ECDSA, ECDH) 75* Add support for iOS keychain access 76* POWER8 SHA-2 extensions (GH #1486 + #1487) 77* Add support VPSUM on big-endian PPC64 (GH #2252) 78* Better TPM support: NVRAM, PCR measurements, sealing 79* Add support for TPM 2.0 hardware 80* Support Intel QuickAssist accelerator cards 81 82TLS 83---------------------------------------- 84 85* Make DTLS support optional at build time 86* Improve/optimize DTLS defragmentation and retransmission 87* Implement logging callbacks for TLS 88* Make RSA optional at build time 89* Make finite field DH optional at build time 90* Authentication using TOFU (sqlite3 storage) 91* Certificate pinning (using TACK?) 92* Certificate Transparency extensions 93* TLS supplemental authorization data (RFC 4680, RFC 5878) 94* DTLS-SCTP (RFC 6083) 95 96PKIX 97---------------------------------------- 98 99* Further tests of validation API (see GH #785) 100* Test suite for validation of 'real world' cert chains (GH #611) 101* Improve output of X509_Certificate::to_string 102 This is a free-form string for human consumption so the only constraints 103 are being informative and concise. (GH #656) 104* X.509 policy constraints 105* OCSP responder logic 106 107New Protocols / Formats 108---------------------------------------- 109 110* ACME protocol 111* PKCS7 / Cryptographic Message Syntax 112* PKCS12 / PFX 113* Off-The-Record v3 https://otr.cypherpunks.ca/ 114* Certificate Management Protocol (RFC 5273); requires CMS 115* Fernet symmetric encryption (https://cryptography.io/en/latest/fernet/) 116* RNCryptor format (https://github.com/RNCryptor/RNCryptor) 117* Useful OpenPGP subset 1: symmetrically encrypted files. 118 Not aiming to process arbitrary OpenPGP, but rather produce 119 something that happens to be readable by `gpg` and is relatively 120 simple to process for decryption. Require AEAD mode (EAX/OCB). 121* Useful OpenPGP subset 2: Process OpenPGP public keys 122* Useful OpenPGP subset 3: Verification of OpenPGP signatures 123 124Cleanups 125----------- 126 127* Split test_ffi.cpp into multiple files 128* Unicode path support on Windows (GH #1615) 129* The X.509 path validation tests have much duplicated logic 130 131Compat Headers 132---------------- 133 134* OpenSSL compatible API headers: EVP, TLS, certificates, etc 135 136New C APIs 137---------------------------------------- 138 139* PKCS10 requests 140* Certificate signing 141* Expose TLS 142* Expose NIST key wrap with padding 143* Expose secret sharing 144* Expose deterministic PRNG 145* base32 146* base58 147* DL_Group 148* EC_Group 149 150Python 151---------------- 152 153* Anywhere Pylint warnings too-many-locals, too-many-branches, or 154 too-many-statements are skipped, fix the code so Pylint no longer warns. 155 156* Write a CLI or HTTPS client in Python 157 158Build/Test 159---------------------------------------- 160 161* Start using GitHub Actions for CI, especially Windows builds 162* Create Docker image for Travis that runs 18.04 and has all 163 the tools we need pre-installed. 164* Code signing for Windows installers 165* Test runner python script that captures backtraces and other 166 debug info during CI 167* Support hardcoding all test vectors into the botan-test binary 168 so it can run as a standalone item (copied to a device, etc) 169* Run iOS binary under simulator in CI 170* Run Android binary under simulator in CI 171* Run the TPM tests against an emulator 172 (https://github.com/PeterHuewe/tpm-emulator) 173* Add clang-tidy, clang-analyzer, cppcheck to CI 174* Add support for vxWorks 175* Add support for Fuschia OS 176* Add support for CloudABI 177* Add support for SGX 178 179CLI 180---------------------------------------- 181 182* Add a ``--completion`` option to dump autocomplete info, write 183 support for autocompletion in bash/zsh. 184* Refactor ``speed`` 185* Change `tls_server` to be a tty<->socket app, like `tls_client` is, 186 instead of a bogus echo server. 187* `encrypt` / `decrypt` tools providing password based file encryption 188* Add ECM factoring 189* Clone of `minisign` signature utility 190* Implementation of `tlsdate` 191* Password store utility 192* TOTP calculator 193 194Documentation 195---------------------------------------- 196 197* X.509 certs, path validation 198* Specific docs covering one major topic (RSA, ECDSA, AES/GCM, ...) 199* Some howto style docs (setting up CA, ...) 200