plan.html

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html 
     PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> 
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <link rel="stylesheet" title="Default"
      type="text/css" href="todo.css" media="all"/>
    <meta http-equiv="Content-Type"
      content="text/html; charset=utf-8"/>
<title>TODO for coming releases</title>
</head>
<body>
  <h1> Nettle release plans </h1>
  <p> This is an attempt at defining a development target for
  Nettle-2.8, inspired by similar pages for recent GMP releases. [Last
  updated 2014-01-02]</p>
  <p class='should'>
    This really ought to be done before release
  </p>
  <p class='wish'>
    Try to get this done before release
  </p>
  <p class='done'>
    Done!
  </p>
  <p class='postponed'>
    Leave for some later release!
  </p>

  <h1> Plans for nettle-2.8 </h1>

  <p> nettle-2.8 is intended to be an API cleanup, with few new
  features. </p>

  <h2> Interface changes </h2>
  <p class='done'>
    Change the type of all lengths from <tt>unsigned</tt>
    to <tt>size_t</tt>. An ABI change on most 64-bit platforms.
  </p>
  <p class='done'>
    Change argument type of memxor and memxor3 from uint8_t * to void
    * (like modern memcpy). Consider them unconditionally part of the
    nettle library, with nettle_ prefix on the symbols, and no
    AC_REPLACE_FUNCS.
  </p>
  <p class='done'>
    Use the type <tt>uint64_t</tt> for 64-bit block counts in all hash
    functions.
  </p>
  <p class='should'>
    Move some internal-use macros from macros.h to nettle-internal.h.
  </p>
  <p class='done'>
    Do separate aes128_ctx, etc, with smaller allocation for subkeys.
  </p>
  <p class='wish'>
    Consider doing the same separation for camellia (and possibly
    cast128), which also use fewer subkeys for shorter key sizes.
  </p>
  <p class='should'>
    Don't require initialization of *dst_length for base*_decode_update.
  </p>
  <p class='should'>
    Rename gcm "iv" to "nonce". Keep old names for backwards
    compatibility.
  </p>
  <p class='should'>
    New DSA interface, with a separate struct dsa_params.
  </p>
  
  <h2> New features </h2>
  <p class='done'>
    Add <a href='http://www.cs.ucdavis.edu/~rogaway/papers/eax.pdf'>EAX</a >
    mode?
  </p>
  <p class='should'>
    Add poly1305.
  </p>
  <p class='should'>
    Add chacha.
  </p>
  <p class='should'>
    Add ecc_bitsize function.
  </p>
  <p class='wish'>
    Add functions for converting ECC points to and from ANSI x9.62.
  </p>
  <p class='wish'>
    Use side-channel silent GMP functions for RSA and DSA. May require
    additional interface changes, to use mpn functions.
  </p>
  <h2> Documentation </h2>
  <p class='should'>
    Document new AES interface.
  </p>
  <p class='should'>
    Document new EAX mode.
  </p>
  <p class='should'>
    Document new DSA interface.
  </p>
  <p class='should'>
    Document poly1305.
  </p>
  
  <h2> Build system </h2>
  <p class='done'>
    Update config.guess and config.sub. Needed for ppc64le support.    
  </p>
  <p class='should'>
    Stop using the nonstandard <tt>.po</tt> extension,
    using <tt>.p.o</tt> or some subdirectory instead. Also drop
    <tt>CCPIC_MAYBE</tt>, and let the static libraries depend on the
    right object files.
  </p>
  <p class='should'>
    Delay building of test programs until <tt>make check</tt>.
  </p>
  <p class='done'>
    Fix dependency problems with <tt>--disable-static</tt>.
  </p>
  <p class='should'>
    Make the time consuming ecc_curve_check in eccdata.c optional.
  </p>
  
  <h2> Testing </h2>
  <p> Since xenofarm isn't up and running, do some manual testing:
  </p>
  <ul>
    <li class='should'> x86_64-linux-gnu</li>
    <li class='should'> x86_64-freebsd</li>
    <li class='should'> x86-linux-gnu</li>
    <li class='should'> x86-freebsd</li>
    <li class='should'> x86-w*ndows (using cross compiler and wine)</li>
    <li class='wish'> x86_64-w*ndows (seems a bit harder since 64-bit
    wine is not yet available in debian)</li>
    <li class='should'> x86-darwin (needs help from Nettle users)</li>
    <li class='should'> x86_64-darwin (needs help from Nettle users)</li>
    <li class='should'> armv7-linux-gnu (pandaboard test platform)</li>
    <li class='wish'> armv7-android (possible test platform: N10 tablet)</li>
    <li class='should'> sparc32-solaris10</li>
    <li class='should'> sparc64-solaris10</li>
  </ul>

  <h1> Plans for nettle-3.0 </h1>

  <p> These are some larger API changes under consideration. </p>

  <h2> Interface changes </h2>
  <p class='should'>
    For Merkle-Damgaard hash functions, separate the state and the
    buffering. E.g., when using them for HMAC keyed "inner" and
    "outer" states, we now get three buffers but we only need one.
  </p>
  <p class='should'>
    Use the nettle_cipher abstraction only for block ciphers (in
    particular, exclude arcfour). Use a const for the ctx argument to
    nettle_crypt_func.
  </p>
  <p class='wish'>
    Consider making a public interface similar to nettle_aead? With
    the above change, it can't use nettle_crypt_func.
  </p>
  <p class='wish'>
    Make it possible to build nettle and hogweed using mini-gmp.
  </p>
  <p class='should'>
    Reorganize private key operations. Need to support RSA with and
    without blinding, and DSA according to spec and some deterministic
    variant (like putty), and possibly also smartcard versions where
    the private key is not available to the library. And without an
    explosion of the number of functions.
  </p>
</body>
</html>