plan.html 4.16 KB
Newer Older
Niels Möller's avatar
Niels Möller committed
1
<?xml version="1.0" encoding="utf-8"?>
Niels Möller's avatar
Niels Möller committed
2
3
4
5
6
7
8
9
<!DOCTYPE html 
     PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> 
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <link rel="stylesheet" title="Default"
      type="text/css" href="todo.css" media="all"/>
    <meta http-equiv="Content-Type"
Niels Möller's avatar
Niels Möller committed
10
      content="text/html; charset=utf-8"/>
Niels Möller's avatar
Niels Möller committed
11
<title>TODO for coming releases</title>
Niels Möller's avatar
Niels Möller committed
12
13
</head>
<body>
Niels Möller's avatar
Niels Möller committed
14
  <h1> Nettle release plans </h1>
Niels Möller's avatar
Niels Möller committed
15
  <p> This is an attempt at defining a development target for
Niels Möller's avatar
Niels Möller committed
16
    Nettle-3.2, inspired by similar pages for recent GMP releases.
Niels Möller's avatar
Niels Möller committed
17
    [Last updated 2016-01-23]</p>
Niels Möller's avatar
Niels Möller committed
18
19
20
21
22
23
24
25
26
27
28
29
  <p class='should'>
    This really ought to be done before release
  </p>
  <p class='wish'>
    Try to get this done before release
  </p>
  <p class='done'>
    Done!
  </p>
  <p class='postponed'>
    Leave for some later release!
  </p>
Niels Möller's avatar
Niels Möller committed
30

Niels Möller's avatar
Niels Möller committed
31
  <h1> Plans for nettle-3.2 </h1>
Niels Möller's avatar
Niels Möller committed
32

Niels Möller's avatar
Niels Möller committed
33
  <h2> New features </h2>
Niels Möller's avatar
Niels Möller committed
34
  <p class='done'>
Niels Möller's avatar
Niels Möller committed
35
36
37
38
    "CRT-hardened" RSA secret key operations. Check that the result of
    rsa_compute_root is correct. Should be easy for the
    rsa_pkcs1_sign_tr and rsa_decrypt_tr functions, other RSA
    functions would need interface changes.
Niels Möller's avatar
Niels Möller committed
39
  </p>
Niels Möller's avatar
Niels Möller committed
40
  <p class='postponed'>
Niels Möller's avatar
Niels Möller committed
41
    Add larger "safe" curves, e.g., M-383, curve41417 and E-521.
Niels Möller's avatar
Niels Möller committed
42
  </p>
Niels Möller's avatar
Niels Möller committed
43
  <p class='postponed'>
Niels Möller's avatar
Niels Möller committed
44
45
    Add functions for converting ECC points to and from ANSI x9.62.
  </p>
Niels Möller's avatar
Niels Möller committed
46
  <p class='postponed'>
Niels Möller's avatar
Niels Möller committed
47
48
49
    Use side-channel silent GMP functions for RSA and DSA. May require
    additional interface changes, to use mpn functions.
  </p>
Niels Möller's avatar
Niels Möller committed
50
  <p class='postponed'>
Niels Möller's avatar
Niels Möller committed
51
    Side-channel silent mem_equalp.
Niels Möller's avatar
Niels Möller committed
52
  </p>
Niels Möller's avatar
Niels Möller committed
53
54
55

  <h2> Optimizations </h2>

Niels Möller's avatar
Niels Möller committed
56
  <p class='postponed'>
Niels Möller's avatar
Niels Möller committed
57
    Assembly optimizations for ARMv8 (64-bit).
Niels Möller's avatar
Niels Möller committed
58
  </p>
Niels Möller's avatar
Niels Möller committed
59
  <p class='postponed'>
Niels Möller's avatar
Niels Möller committed
60
61
62
63
64
    Further optimizations of curve25519 and EdDSA, in particular,
    radix 51 modp operations,
    and <a href='http://www.hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html#addition-add-2008-hwcd-3'>more
    efficient</a> point addition.
  </p>
Niels Möller's avatar
Niels Möller committed
65
66
  
  <h2> Miscellaneous </h2>
Niels Möller's avatar
Niels Möller committed
67
  <p class='postponed'>
68
69
70
    Use more functions from GMP-6 and later, when available:
    mpn_sec_add_1, mpn_sec_tabselect, mpn_sec_invert, mpn_cnd_swap,
    ...
Niels Möller's avatar
Niels Möller committed
71
  </p>
Niels Möller's avatar
Niels Möller committed
72
73

  <h2> Documentation </h2>
Niels Möller's avatar
Niels Möller committed
74
  <p class='done'>
Niels Möller's avatar
Niels Möller committed
75
    Update SHA3 documentation.
Niels Möller's avatar
Niels Möller committed
76
  </p>
Niels Möller's avatar
Niels Möller committed
77
78
79
  <p class='done'>
    Update and extend RSA documentation.
  </p>
Niels Möller's avatar
Niels Möller committed
80
  
Niels Möller's avatar
Niels Möller committed
81
  <h2> Build system </h2>
Niels Möller's avatar
Niels Möller committed
82
  <p class='postponed'>
Niels Möller's avatar
Niels Möller committed
83
    Update AX_CREATE_STDINT_H to the latest version.
Niels Möller's avatar
Niels Möller committed
84
  </p>
Niels Möller's avatar
Niels Möller committed
85
  
Niels Möller's avatar
Niels Möller committed
86
87
88
89
  <h2> Testing </h2>
  <p> Since xenofarm isn't up and running, do some manual testing:
  </p>
  <ul>
Niels Möller's avatar
Niels Möller committed
90
91
92
93
94
    <li class='done'> x86_64-linux-gnu</li>
    <li class='done'> x86-linux-gnu</li>
    <li class='done'> x86_64-freebsd</li>
    <li class='done'> x86-w*ndows (using cross compiler and wine)</li>
    <li class='done'> x86_64-w*ndows (using cross compiler and wine)</li>
Niels Möller's avatar
Niels Möller committed
95
96
    <li class='should'> x86-darwin (needs help from Nettle users)</li>
    <li class='should'> x86_64-darwin (needs help from Nettle users)</li>
Niels Möller's avatar
Niels Möller committed
97
98
99
100
101
102
103
104
    <li class='done'> armv5-linux-gnu (qemu)</li>
    <li class='done'> armv7-linux-gnu (qemu)</li>
    <li class='done'> armv8-linux-gnu (qemu)</li>
    <li class='done'> ppc64-linux-gnu (qemu)</li>
    <li class='done'> ppc32-linux-gnu (qemu)</li>
    <li class='should'> mips64-linux-gnu (qemu)</li>
    <li class='should'> mips32-linux-gnu (qemu)</li>
    <li class='should'> m68k-linux-gnu (aranym)</li>
Niels Möller's avatar
Niels Möller committed
105
    <li class='wish'> armv7-android </li>
Niels Möller's avatar
Niels Möller committed
106
107
  </ul>

Niels Möller's avatar
Niels Möller committed
108
  <h1> Changes under consideration for later releases </h1>
Niels Möller's avatar
Niels Möller committed
109

Niels Möller's avatar
Niels Möller committed
110
111
  <p> These are some other changes under consideration. </p>

Niels Möller's avatar
Niels Möller committed
112
  <h2> Interface changes </h2>
Niels Möller's avatar
Niels Möller committed
113
114
  <p class='should'>
    For Merkle-Damgaard hash functions, separate the state and the
Niels Möller's avatar
Niels Möller committed
115
116
    buffering. E.g., when using them for HMAC keyed "inner" and
    "outer" states, we now get three buffers but we only need one.
Niels Möller's avatar
Niels Möller committed
117
118
119
  </p>
  <p class='should'>
    Reorganize private key operations. Need to support RSA with and
Niels Möller's avatar
Niels Möller committed
120
    without blinding, and DSA according to spec and some deterministic
Niels Möller's avatar
Niels Möller committed
121
122
123
124
125
    variant (like putty
    or <a href='http://tools.ietf.org/html/rfc6979'>RFC6979</a>), and
    possibly also smartcard versions where the private key is not
    available to the library. And without an explosion of the number
    of functions.
Niels Möller's avatar
Niels Möller committed
126
127
128
  </p>
</body>
</html>