1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="stylesheet" title="Default"
type="text/css" href="todo.css" media="all"/>
<meta http-equiv="Content-Type"
content="text/html; charset=utf-8"/>
<title>TODO for coming releases</title>
</head>
<body>
<h1> Nettle release plans </h1>
<p> This is an attempt at defining a development target for
Nettle-3.2, inspired by similar pages for recent GMP releases.
[Last updated 2016-01-23]</p>
<p class='should'>
This really ought to be done before release
</p>
<p class='wish'>
Try to get this done before release
</p>
<p class='done'>
Done!
</p>
<p class='postponed'>
Leave for some later release!
</p>
<h1> Plans for nettle-3.2 </h1>
<h2> New features </h2>
<p class='done'>
"CRT-hardened" RSA secret key operations. Check that the result of
rsa_compute_root is correct. Should be easy for the
rsa_pkcs1_sign_tr and rsa_decrypt_tr functions, other RSA
functions would need interface changes.
</p>
<p class='postponed'>
Add larger "safe" curves, e.g., M-383, curve41417 and E-521.
</p>
<p class='postponed'>
Add functions for converting ECC points to and from ANSI x9.62.
</p>
<p class='postponed'>
Use side-channel silent GMP functions for RSA and DSA. May require
additional interface changes, to use mpn functions.
</p>
<p class='postponed'>
Side-channel silent mem_equalp.
</p>
<h2> Optimizations </h2>
<p class='postponed'>
Assembly optimizations for ARMv8 (64-bit).
</p>
<p class='postponed'>
Further optimizations of curve25519 and EdDSA, in particular,
radix 51 modp operations,
and <a href='http://www.hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html#addition-add-2008-hwcd-3'>more
efficient</a> point addition.
</p>
<h2> Miscellaneous </h2>
<p class='postponed'>
Use more functions from GMP-6 and later, when available:
mpn_sec_add_1, mpn_sec_tabselect, mpn_sec_invert, mpn_cnd_swap,
...
</p>
<h2> Documentation </h2>
<p class='done'>
Update SHA3 documentation.
</p>
<p class='done'>
Update and extend RSA documentation.
</p>
<h2> Build system </h2>
<p class='postponed'>
Update AX_CREATE_STDINT_H to the latest version.
</p>
<h2> Testing </h2>
<p> Since xenofarm isn't up and running, do some manual testing:
</p>
<ul>
<li class='done'> x86_64-linux-gnu</li>
<li class='done'> x86-linux-gnu</li>
<li class='done'> x86_64-freebsd</li>
<li class='done'> x86-w*ndows (using cross compiler and wine)</li>
<li class='done'> x86_64-w*ndows (using cross compiler and wine)</li>
<li class='should'> x86-darwin (needs help from Nettle users)</li>
<li class='should'> x86_64-darwin (needs help from Nettle users)</li>
<li class='done'> armv5-linux-gnu (qemu)</li>
<li class='done'> armv7-linux-gnu (qemu)</li>
<li class='done'> armv8-linux-gnu (qemu)</li>
<li class='done'> ppc64-linux-gnu (qemu)</li>
<li class='done'> ppc32-linux-gnu (qemu)</li>
<li class='done'> mips64-linux-gnu (qemu)</li>
<li class='done'> mips32-linux-gnu (qemu)</li>
<li class='done'> m68k-linux-gnu (aranym)</li>
<li class='wish'> armv7-android </li>
</ul>
<h1> Changes under consideration for later releases </h1>
<p> These are some other changes under consideration. </p>
<h2> Interface changes </h2>
<p class='should'>
For Merkle-Damgaard hash functions, separate the state and the
buffering. E.g., when using them for HMAC keyed "inner" and
"outer" states, we now get three buffers but we only need one.
</p>
<p class='should'>
Reorganize private key operations. Need to support RSA with and
without blinding, and DSA according to spec and some deterministic
variant (like putty
or <a href='http://tools.ietf.org/html/rfc6979'>RFC6979</a>), and
possibly also smartcard versions where the private key is not
available to the library. And without an explosion of the number
of functions.
</p>
</body>
</html>
|
