1Todo List
2========================================
3
4Feel free to take one of these on if it interests you. Before starting
5out on something, send an email to the dev list or open a discussion
6ticket on GitHub to make sure you're on the right track.
7
8Request a new feature by opening a pull request to update this file.
9
10Ciphers, Hashes, PBKDF
11----------------------------------------
12
13* Stiched AES/GCM mode for CPUs supporting both AES and CLMUL
14* Combine AES-NI, ARMv8 and POWER AES implementations (as already done for CLMUL)
15* Vector permute AES only supports little-endian systems; fix for big-endian
16* SM4 using AES-NI (https://github.com/mjosaarinen/sm4ni) or vector permute
17* Poly1305 using AVX2
18* ChaCha using SSSE3
19* Skein-MAC
20* PMAC
21* SIV-PMAC
22* GCM-SIV (RFC 8452)
23* EME* tweakable block cipher (https://eprint.iacr.org/2004/125)
24* FFX format preserving encryption (NIST 800-38G)
25* SHA-512 using BMI2+AVX2
26* Constant time DES using bitslicing and/or BMI2
27* Threefish-1024
28* SIMD evaluation of SHA-2 and SHA-3 compression functions
29* Adiantum (https://eprint.iacr.org/2018/720)
30* CRC using clmul/pmull
31
32Public Key Crypto, Math
33----------------------------------------
34
35* Short vector optimization for BigInt
36* Abstract representation of ECC point elements to allow specific
37  implementations of the field arithmetic depending upon the curve.
38* Use NAF (joint sparse form) for ECC multi-exponentiation
39* Curves for pairings (BN-256, BLS12-381)
40* Identity based encryption
41* Paillier homomorphic cryptosystem
42* Socialist Millionaires Protocol (needed for OTRv3)
43* Hashing onto an elliptic curve (draft-irtf-cfrg-hash-to-curve)
44* New PAKEs (pending CFRG bakeoff results)
45* New post quantum schemes (pending NIST contest results)
46* SPHINX password store (https://eprint.iacr.org/2018/695)
47* X448 and Ed448
48* Use GLV decomposition to speed up secp256k1 operations
49
50Utility Functions
51------------------
52
53* Add a memory span type
54* Make Memory_Pool more concurrent (currently uses a global lock)
55* Guarded integer type to prevent overflow bugs
56* Add logging callbacks
57* Add latency tracing framework
58
59Multiparty Protocols
60----------------------
61
62* Distributed key generation for DL, RSA
63* Threshold signing, decryption
64
65External Providers, Hardware Support
66----------------------------------------
67
68* Add support ARMv8.4-A SHA-512, SHA-3, SM3 and RNG
69* Aarch64 inline asm for BigInt
70* Extend OpenSSL provider (DH, HMAC, CMAC, GCM)
71* Support using BoringSSL instead of OpenSSL or LibreSSL
72* /dev/crypto provider (ciphers, hashes)
73* Windows CryptoNG provider (ciphers, hashes)
74* Extend Apple CommonCrypto provider (HMAC, CMAC, RSA, ECDSA, ECDH)
75* Add support for iOS keychain access
76* POWER8 SHA-2 extensions (GH #1486 + #1487)
77* Add support VPSUM on big-endian PPC64 (GH #2252)
78* Better TPM support: NVRAM, PCR measurements, sealing
79* Add support for TPM 2.0 hardware
80* Support Intel QuickAssist accelerator cards
81
82TLS
83----------------------------------------
84
85* Make DTLS support optional at build time
86* Improve/optimize DTLS defragmentation and retransmission
87* Implement logging callbacks for TLS
88* Make RSA optional at build time
89* Make finite field DH optional at build time
90* Authentication using TOFU (sqlite3 storage)
91* Certificate pinning (using TACK?)
92* Certificate Transparency extensions
93* TLS supplemental authorization data (RFC 4680, RFC 5878)
94* DTLS-SCTP (RFC 6083)
95
96PKIX
97----------------------------------------
98
99* Further tests of validation API (see GH #785)
100* Test suite for validation of 'real world' cert chains (GH #611)
101* Improve output of X509_Certificate::to_string
102  This is a free-form string for human consumption so the only constraints
103  are being informative and concise. (GH #656)
104* X.509 policy constraints
105* OCSP responder logic
106
107New Protocols / Formats
108----------------------------------------
109
110* ACME protocol
111* PKCS7 / Cryptographic Message Syntax
112* PKCS12 / PFX
113* Off-The-Record v3 https://otr.cypherpunks.ca/
114* Certificate Management Protocol (RFC 5273); requires CMS
115* Fernet symmetric encryption (https://cryptography.io/en/latest/fernet/)
116* RNCryptor format (https://github.com/RNCryptor/RNCryptor)
117* Useful OpenPGP subset 1: symmetrically encrypted files.
118  Not aiming to process arbitrary OpenPGP, but rather produce
119  something that happens to be readable by `gpg` and is relatively
120  simple to process for decryption. Require AEAD mode (EAX/OCB).
121* Useful OpenPGP subset 2: Process OpenPGP public keys
122* Useful OpenPGP subset 3: Verification of OpenPGP signatures
123
124Cleanups
125-----------
126
127* Split test_ffi.cpp into multiple files
128* Unicode path support on Windows (GH #1615)
129* The X.509 path validation tests have much duplicated logic
130
131Compat Headers
132----------------
133
134* OpenSSL compatible API headers: EVP, TLS, certificates, etc
135
136New C APIs
137----------------------------------------
138
139* PKCS10 requests
140* Certificate signing
141* Expose TLS
142* Expose NIST key wrap with padding
143* Expose secret sharing
144* Expose deterministic PRNG
145* base32
146* base58
147* DL_Group
148* EC_Group
149
150Python
151----------------
152
153* Anywhere Pylint warnings too-many-locals, too-many-branches, or
154  too-many-statements are skipped, fix the code so Pylint no longer warns.
155
156* Write a CLI or HTTPS client in Python
157
158Build/Test
159----------------------------------------
160
161* Start using GitHub Actions for CI, especially Windows builds
162* Create Docker image for Travis that runs 18.04 and has all
163  the tools we need pre-installed.
164* Code signing for Windows installers
165* Test runner python script that captures backtraces and other
166  debug info during CI
167* Support hardcoding all test vectors into the botan-test binary
168  so it can run as a standalone item (copied to a device, etc)
169* Run iOS binary under simulator in CI
170* Run Android binary under simulator in CI
171* Run the TPM tests against an emulator
172  (https://github.com/PeterHuewe/tpm-emulator)
173* Add clang-tidy, clang-analyzer, cppcheck to CI
174* Add support for vxWorks
175* Add support for Fuschia OS
176* Add support for CloudABI
177* Add support for SGX
178
179CLI
180----------------------------------------
181
182* Add a ``--completion`` option to dump autocomplete info, write
183  support for autocompletion in bash/zsh.
184* Refactor ``speed``
185* Change `tls_server` to be a tty<->socket app, like `tls_client` is,
186  instead of a bogus echo server.
187* `encrypt` / `decrypt` tools providing password based file encryption
188* Add ECM factoring
189* Clone of `minisign` signature utility
190* Implementation of `tlsdate`
191* Password store utility
192* TOTP calculator
193
194Documentation
195----------------------------------------
196
197* X.509 certs, path validation
198* Specific docs covering one major topic (RSA, ECDSA, AES/GCM, ...)
199* Some howto style docs (setting up CA, ...)
200