Todo List¶
Feel free to take one of these on if it interests you. Before starting out on something, send an email to the dev list or open a discussion ticket on GitHub to make sure you’re on the right track.
Request a new feature by opening a pull request to update this file.
Ciphers, Hashes, PBKDF¶
Stiched AES/GCM mode for CPUs supporting both AES and CLMUL
Combine AES-NI, ARMv8 and POWER AES implementations (as already done for CLMUL)
Vector permute AES only supports little-endian systems; fix for big-endian
SM4 using AES-NI (https://github.com/mjosaarinen/sm4ni) or vector permute
Poly1305 using AVX2
ChaCha using SSSE3
Skein-MAC
PMAC
SIV-PMAC
GCM-SIV (RFC 8452)
EME* tweakable block cipher (https://eprint.iacr.org/2004/125)
FFX format preserving encryption (NIST 800-38G)
SHA-512 using BMI2+AVX2
Constant time DES using bitslicing and/or BMI2
Threefish-1024
SIMD evaluation of SHA-2 and SHA-3 compression functions
Adiantum (https://eprint.iacr.org/2018/720)
CRC using clmul/pmull
Public Key Crypto, Math¶
Short vector optimization for BigInt
Abstract representation of ECC point elements to allow specific implementations of the field arithmetic depending upon the curve.
Use NAF (joint sparse form) for ECC multi-exponentiation
Curves for pairings (BN-256, BLS12-381)
Identity based encryption
Paillier homomorphic cryptosystem
Socialist Millionaires Protocol (needed for OTRv3)
Hashing onto an elliptic curve (draft-irtf-cfrg-hash-to-curve)
New PAKEs (pending CFRG bakeoff results)
New post quantum schemes (pending NIST contest results)
SPHINX password store (https://eprint.iacr.org/2018/695)
X448 and Ed448
Use GLV decomposition to speed up secp256k1 operations
Utility Functions¶
Add a memory span type
Make Memory_Pool more concurrent (currently uses a global lock)
Guarded integer type to prevent overflow bugs
Add logging callbacks
Add latency tracing framework
Multiparty Protocols¶
Distributed key generation for DL, RSA
Threshold signing, decryption
External Providers, Hardware Support¶
Add support ARMv8.4-A SHA-512, SHA-3, SM3 and RNG
Aarch64 inline asm for BigInt
/dev/crypto provider (ciphers, hashes)
Windows CryptoNG provider (ciphers, hashes)
Extend Apple CommonCrypto provider (HMAC, CMAC, RSA, ECDSA, ECDH)
Add support for iOS keychain access
POWER8 SHA-2 extensions (GH #1486 + #1487)
Add support VPSUM on big-endian PPC64 (GH #2252)
Better TPM support: NVRAM, PCR measurements, sealing
Add support for TPM 2.0 hardware
Support Intel QuickAssist accelerator cards
TLS¶
Make DTLS support optional at build time
Improve/optimize DTLS defragmentation and retransmission
Implement logging callbacks for TLS
Make RSA optional at build time
Make finite field DH optional at build time
Authentication using TOFU (sqlite3 storage)
Certificate pinning (using TACK?)
Certificate Transparency extensions
TLS supplemental authorization data (RFC 4680, RFC 5878)
DTLS-SCTP (RFC 6083)
PKIX¶
Further tests of validation API (see GH #785)
Test suite for validation of ‘real world’ cert chains (GH #611)
Improve output of X509_Certificate::to_string This is a free-form string for human consumption so the only constraints are being informative and concise. (GH #656)
X.509 policy constraints
OCSP responder logic
New Protocols / Formats¶
ACME protocol
PKCS7 / Cryptographic Message Syntax
PKCS12 / PFX
Off-The-Record v3 https://otr.cypherpunks.ca/
Certificate Management Protocol (RFC 5273); requires CMS
Fernet symmetric encryption (https://cryptography.io/en/latest/fernet/)
RNCryptor format (https://github.com/RNCryptor/RNCryptor)
Useful OpenPGP subset 1: symmetrically encrypted files. Not aiming to process arbitrary OpenPGP, but rather produce something that happens to be readable by gpg and is relatively simple to process for decryption. Require AEAD mode (EAX/OCB).
Useful OpenPGP subset 2: Process OpenPGP public keys
Useful OpenPGP subset 3: Verification of OpenPGP signatures
Cleanups¶
Split test_ffi.cpp into multiple files
Unicode path support on Windows (GH #1615)
The X.509 path validation tests have much duplicated logic
Compat Headers¶
OpenSSL compatible API headers: EVP, TLS, certificates, etc
New C APIs¶
PKCS10 requests
Certificate signing
Expose TLS
Expose NIST key wrap with padding
Expose secret sharing
Expose deterministic PRNG
base32
base58
DL_Group
EC_Group
Python¶
Anywhere Pylint warnings too-many-locals, too-many-branches, or too-many-statements are skipped, fix the code so Pylint no longer warns.
Write a CLI or HTTPS client in Python
Build/Test¶
Code signing for Windows installers
Test runner python script that captures backtraces and other debug info during CI
Support hardcoding all test vectors into the botan-test binary so it can run as a standalone item (copied to a device, etc)
Run iOS binary under simulator in CI
Run Android binary under simulator in CI
Run the TPM tests against an emulator (https://github.com/PeterHuewe/tpm-emulator)
Add clang-tidy, clang-analyzer, cppcheck to CI
Add support for vxWorks
Add support for Fuschia OS
Add support for CloudABI
Add support for SGX
CLI¶
Add a
--completion
option to dump autocomplete info, write support for autocompletion in bash/zsh.Refactor
speed
Change tls_server to be a tty<->socket app, like tls_client is, instead of a bogus echo server.
encrypt / decrypt tools providing password based file encryption
Add ECM factoring
Clone of minisign signature utility
Implementation of tlsdate
Password store utility
TOTP calculator
Documentation¶
X.509 certs, path validation
Specific docs covering one major topic (RSA, ECDSA, AES/GCM, …)
Some howto style docs (setting up CA, …)