1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
|
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="stylesheet" title="Default"
type="text/css" href="todo.css" media="all"/>
<meta http-equiv="Content-Type"
content="text/html; charset=utf-8"/>
<title>TODO for coming releases</title>
</head>
<body>
<h1> Nettle release plans </h1>
<p> This is an attempt at defining a development target for
Nettle-3.0, inspired by similar pages for recent GMP releases. [Last
updated 2014-06-02]</p>
<p class='should'>
This really ought to be done before release
</p>
<p class='wish'>
Try to get this done before release
</p>
<p class='done'>
Done!
</p>
<p class='postponed'>
Leave for some later release!
</p>
<h1> Plans for nettle-3.0 </h1>
<p> nettle-3.0 is intended primarily as an API cleanup, with few new
features. </p>
<h2> Interface changes </h2>
<p class='done'>
Change the type of all lengths from <tt>unsigned</tt>
to <tt>size_t</tt>. An ABI change on most 64-bit platforms.
</p>
<p class='done'>
Change argument type of memxor and memxor3 from uint8_t * to void
* (like modern memcpy). Consider them unconditionally part of the
nettle library, with nettle_ prefix on the symbols, and no
AC_REPLACE_FUNCS.
</p>
<p class='done'>
Use the type <tt>uint64_t</tt> for 64-bit block counts in all hash
functions.
</p>
<p class='postponed'>
Move some internal-use macros from macros.h to nettle-internal.h.
</p>
<p class='done'>
Do separate aes128_ctx, etc, with smaller allocation for subkeys.
</p>
<p class='wish'>
<span class='done'>Do the same separation for camellia, which also
use fewer subkeys for shorter key
sizes.</span> <span class='postponed'>(And possibly also for
cast128).</span>
</p>
<p class='done'>
Don't require initialization of *dst_length for base*_decode_update.
</p>
<p class='done'>
New DSA interface, with a separate struct dsa_params.
</p>
<p class='done'>
Drop key size argument from <tt>nettle_set_key_func</tt>.
</p>
<p class='done'>
Use the nettle_cipher abstraction only for block ciphers (in
particular, exclude arcfour). Introduce nettle_cipher_func, with
const for the ctx argument.
</p>
<p class='wish'>
Consider making a public interface similar to nettle_aead? With
the above change, it can't use nettle_crypt_func.
</p>
<h2> New features </h2>
<p class='done'>
Add <a href='http://www.cs.ucdavis.edu/~rogaway/papers/eax.pdf'>EAX</a >
mode?
</p>
<p class='done'>
Add poly1305.
</p>
<p class='done'>
Add chacha.
</p>
<p class='done'>
Add ecc_bit_size function.
</p>
<p class='postponed'>
Add functions for converting ECC points to and from ANSI x9.62.
</p>
<p class='postponed'>
Use side-channel silent GMP functions for RSA and DSA. May require
additional interface changes, to use mpn functions.
</p>
<h2> Documentation </h2>
<p class='done'>
Document new AES and Camellia interface.
</p>
<p class='done'>
Document additional sha512 variants.
</p>
<p class='done'>
Document new EAX mode.
</p>
<p class='done'>
Document new CCM mode.
</p>
<p class='done'>
Document new DSA interface.
</p>
<p class='done'>
Document poly1305.
</p>
<p class='done'>
Document chacha.
</p>
<h2> Build system </h2>
<p class='done'>
Update config.guess and config.sub. Needed for ppc64le support.
</p>
<p class='postponed'>
Stop using the nonstandard <tt>.po</tt> extension,
using <tt>.p.o</tt> or some subdirectory instead. Also drop
<tt>CCPIC_MAYBE</tt>, and let the static libraries depend on the
right object files.
</p>
<p class='postponed'>
Reconsider assembly make rules, going back to a .asm.o: rule might
work better with Solaris' make. Alternatively, simply drop support
for non-GNU make programs.
</p>
<p class='done'>
Delay building of test programs until <tt>make check</tt>.
</p>
<p class='done'>
Fix dependency problems with <tt>--disable-static</tt>.
</p>
<p class='postponed'>
Make the time consuming ecc_curve_check in eccdata.c
optional. <span class='done'>Enabled optimization instead.</span>
</p>
<h2> Testing </h2>
<p> Since xenofarm isn't up and running, do some manual testing:
</p>
<ul>
<li class='done'> Test with gmp-6.0.0 </li>
<li class='done'> x86_64-linux-gnu</li>
<li class='done'> x86-linux-gnu</li>
<li class='should'> x86_64-freebsd</li>
<li class='should'> x86-freebsd</li>
<li class='done'> x86-w*ndows (using cross compiler and wine)</li>
<li class='done'> x86_64-w*ndows (using cross compiler and wine)</li>
<li class='done'> x86-darwin (needs help from Nettle users)</li>
<li class='done'> x86_64-darwin (needs help from Nettle users)</li>
<li class='done'> armv7-linux-gnu (pandaboard test platform)</li>
<li class='wish'> armv7-android (possible test platform: N10 tablet)</li>
<li class='done'> sparc32-solaris10</li>
<li class='done'> sparc64-solaris10</li>
</ul>
<h1> Changes under consideration for later releases </h1>
<p> These are some other changes under consideration. </p>
<h2> New features </h2>
<p class='should'>
Make it possible to build nettle and hogweed using mini-gmp.
</p>
<p class='should'>
Fat binary, selecting code at runtime depending on cpu
capabilities.
</p>
<p class='should'>
Side-channel silent mem_equalp.
</p>
<h2> Interface changes </h2>
<p class='should'>
For Merkle-Damgaard hash functions, separate the state and the
buffering. E.g., when using them for HMAC keyed "inner" and
"outer" states, we now get three buffers but we only need one.
</p>
<p class='should'>
Reorganize private key operations. Need to support RSA with and
without blinding, and DSA according to spec and some deterministic
variant (like putty), and possibly also smartcard versions where
the private key is not available to the library. And without an
explosion of the number of functions.
</p>
</body>
</html>
|
