aboutsummaryrefslogtreecommitdiffstats
path: root/doc/todo.rst
blob: 5335565047bf11a604f0365a04615295d02c0100 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
Projects
========================================

Feel free to take one of these on if it interests you. Before starting
out on something, send an email to the dev list or open a discussion
ticket on GitHub to make sure you're on the right track.

Request a new feature by opening a pull request to update this file.

Ciphers, Hashes, PBKDF
----------------------------------------

* Bitsliced AES or Camellia
* Compressed tables for AES
* AES using vector permutes for NEON or AltiVec
* Camellia using AES-NI
* Serpent using AVX2 or SSSE3/pshufb
* ChaCha20 using AVX2, NEON
* XSalsa20-Poly1305 AEAD compatible with NaCl
* ASCON 1.2 (CAESAR)
* NORX-64 3.0 (CAESAR)
* scrypt PBKDF
* Argon2 PBKDF (draft-irtf-cfrg-argon2)
* bcrypt PBKDF
* Skein-MAC
* PMAC
* Extend Cascade_Cipher to support arbitrary number of ciphers
* EME* tweakable block cipher (https://eprint.iacr.org/2004/125.pdf)

Public Key Crypto, Math
----------------------------------------

* Curves for pairings (BN-256 is widely implemented)
* Identity based encryption
* BBS group signatures
* Paillier homomorphic cryptosystem
* Hashing onto an elliptic curve
* SPHINCS-256
* X448 and Ed448
* FHMQV
* Support mixed hashes and non-empty param strings in OAEP
* wNAF ECC point multiply
* Recover ECDSA public key from signature/message pair (GH #664)
* Fast new implementations/algorithms for ECC point operations,
  Montgomery multiplication, multi-exponentiation, ...
* Some PK operations, especially RSA, have extensive computations per
  operation setup but many of the computed values depend only on the
  key and could be shared across operation objects.

Utility Functions
------------------

* base58 and base32 encoding

Multiparty Protocols
----------------------

* Distributed key generation for DL, RSA
* Threshold signing, decryption
* Socialist Millionaires Protocol

External Providers, Hardware Support
----------------------------------------

* Access to system certificate stores (Windows, OS X)
* Extend OpenSSL provider (DH, HMAC, CMAC, GCM)
* Support using BoringSSL instead of OpenSSL or LibreSSL
* /dev/crypto provider (ciphers, hashes)
* Windows CryptoAPI provider (ciphers, hashes, RSA)
* Apple CommonCrypto
* POWER8 crypto extensions (AES, SHA-2)
* Better TPM support: NVRAM, PCR measurements, sealing
* Intel SGX support

TLS
----------------------------------------

* Make DTLS support optional at build time
* Improve/optimize DTLS defragmentation and retransmission
* Implement logging callbacks for TLS
* Make TLS v1.0 and v1.1 optional at build time
* Make RSA optional at build time
* Make finite field DH optional at build time
* TLS OCSP stapling (RFC 6066)
* Authentication using TOFU (sqlite3 storage)
* Certificate pinning (using TACK?)
* Certificate Transparency
* TLS supplemental authorization data (RFC 4680, RFC 5878)
* OpenPGP authentication (RFC 5081)
* DTLS-SCTP (RFC 6083)
* Perspectives (http://perspectives-project.org/)
* Support for server key stored in TPM or PKCS #11

PKIX
----------------------------------------

* Further tests of validation API (see GH #785)
* Test suite for validation of 'real world' cert chains (GH #611)
* Improve output of X509_Certificate::to_string
  This is a free-form string for human consumption so the only constraints
  are being informative and concise. (GH #656)
* X.509 policy constraints
* OCSP responder logic
* X.509 attribute certificates (RFC 5755)
* Support generating/verifying XMSS certificates
* Roughtime client (https://roughtime.googlesource.com/roughtime/)

New Protocols / Formats
----------------------------------------

* NaCl compatible cryptobox functions
* Off-The-Record v3 https://otr.cypherpunks.ca/
* Some useful subset of OpenPGP
  - Subset #1: symmetrically encrypted files

    Not aiming to process arbitrary OpenPGP, but rather produce
    something that happens to be readable by `gpg` and is relatively
    simple to process for decryption. Require a 128-bit block cipher
    and MDC packet.

  - Subset #2: Process OpenPGP public keys
  - Subset #3: Verification of OpenPGP signatures

Cleanups
-----------

* Split test_ffi.cpp into multiple files

Compat Headers
----------------

* Write an OpenSSL-compatible TLS API stub so existing applications
  can be converted more easily. Would require some networking code
  since the OpenSSL API handles both crypto and IO. Use Asio, since it
  is expected to be the base of future C++ standard network library.

* Write a module exposing a NaCl/libsodium compatible API header.

FFI and Bindings
----------------------------------------

* Expose compression
* Expose more of X.509 (CRLs, OCSP, cert signing, etc)
* Expose TLS
* Write a CLI or HTTPS client in Python

Library Infrastructure
----------------------------------------

* Guarded integer type to prevent overflow bugs
* Add logging callbacks
* Add latency tracing framework

Build/Test
----------------------------------------

* Create Docker image for Travis that runs 16.04 and has all
  the tools we need pre-installed.
* Build/export Windows installer exe on AppVeyor
* Code signing for Windows installers
* Test runner python script that captures backtraces and other
  debug info during CI
* Run the TPM tests against an emulator
  (https://github.com/PeterHuewe/tpm-emulator)

FIPS 140 Build
---------------------------------------

* Special build policy that disables all builtin crypto impls, then provides new
  FIPS 140 versions implemented using just calls to the OpenSSL FIPS module API
  plus wrapping the appropriate functions for self-tests and so on. This creates a
  library in FIPS 140 validated form (since there is no 'crypto' anymore from
  Botan, just the ASN.1 parser, TLS library, PKI etc all of which FIPS 140 does
  not care about) without the enourmous hassle and expense of actually having to
  maintain a FIPS validation on Botan. Email Jack if you are interested in this.

CLI
----------------------------------------

* Change `tls_server` to be a tty<->socket app, like `tls_client` is,
  instead of a bogus echo server.
* Add a basic HTTP server mode to tls_server, as some tools like
  https://github.com/tomato42/tlsfuzzer require this.
* `encrypt` / `decrypt` tools providing password and/or public key
  based file encryption
* Make help output more helpful

Documentation
----------------------------------------

* X.509 certs, path validation
* Specific docs covering one major topic (RSA, ECDSA, AES/GCM, ...)
* Some howto style docs (setting up CA, ...)
* List each cipher, hash, etc, describe its usage, and give the
  header file and BOTAN_HAS_X macro associated with it.