Nettle release plans

This is an attempt at defining a development target for Nettle-3.0, inspired by similar pages for recent GMP releases. [Last updated 2014-06-01]

This really ought to be done before release

Try to get this done before release

Done!

Leave for some later release!

Plans for nettle-3.0

nettle-3.0 is intended primarily as an API cleanup, with few new features.

Interface changes

Change the type of all lengths from unsigned to size_t. An ABI change on most 64-bit platforms.

Change argument type of memxor and memxor3 from uint8_t * to void * (like modern memcpy). Consider them unconditionally part of the nettle library, with nettle_ prefix on the symbols, and no AC_REPLACE_FUNCS.

Use the type uint64_t for 64-bit block counts in all hash functions.

Move some internal-use macros from macros.h to nettle-internal.h.

Do separate aes128_ctx, etc, with smaller allocation for subkeys.

Do the same separation for camellia, which also use fewer subkeys for shorter key sizes. (And possibly also for cast128).

Don't require initialization of *dst_length for base*_decode_update.

New DSA interface, with a separate struct dsa_params.

Drop key size argument from nettle_set_key_func.

Use the nettle_cipher abstraction only for block ciphers (in particular, exclude arcfour). Introduce nettle_cipher_func, with const for the ctx argument.

Consider making a public interface similar to nettle_aead? With the above change, it can't use nettle_crypt_func.

New features

Add EAX mode?

Add poly1305.

Add chacha.

Add ecc_bit_size function.

Add functions for converting ECC points to and from ANSI x9.62.

Use side-channel silent GMP functions for RSA and DSA. May require additional interface changes, to use mpn functions.

Documentation

Document new AES and Camellia interface.

Document additional sha512 variants.

Document new EAX mode.

Document new CCM mode.

Document new DSA interface.

Document poly1305.

Document chacha.

Build system

Update config.guess and config.sub. Needed for ppc64le support.

Stop using the nonstandard .po extension, using .p.o or some subdirectory instead. Also drop CCPIC_MAYBE, and let the static libraries depend on the right object files.

Reconsider assembly make rules, going back to a .asm.o: rule might work better with Solaris' make. Alternatively, simply drop support for non-GNU make programs.

Delay building of test programs until make check.

Fix dependency problems with --disable-static.

Make the time consuming ecc_curve_check in eccdata.c optional. Enabled optimization instead.

Testing

Since xenofarm isn't up and running, do some manual testing:

Changes under consideration for later releases

These are some other changes under consideration.

New features

Make it possible to build nettle and hogweed using mini-gmp.

Fat binary, selecting code at runtime depending on cpu capabilities.

Interface changes

For Merkle-Damgaard hash functions, separate the state and the buffering. E.g., when using them for HMAC keyed "inner" and "outer" states, we now get three buffers but we only need one.

Reorganize private key operations. Need to support RSA with and without blinding, and DSA according to spec and some deterministic variant (like putty), and possibly also smartcard versions where the private key is not available to the library. And without an explosion of the number of functions.