randombit/botan_todos.txt

## botan_todos.txt
*** This is just my personal todo file for botan. It is not supposed
to make any sense to you. Some of these things may happen some day.
If something in here excites you feel free to take it on though.

The easy way to do a FIPS 140 validation is to not need to do a FIPS 140 validation.
FIPS just cares about the crypto impl, if we're just an 'application calling OpenSSL FIPS object'
that happens to implement TLS, all is well. This requires a special mode that enables
only OpenSSL's AES, SHA, RSA, ECDSA, RNG, etc and disable the builtins including our
HMAC_DRBG (instead AutoSeeded_RNG calls OpenSSL's FIPS RNG), plus probably 2-3
exposed API functions for the application to control the OpenSSL self tests and etc.

Remove Credentials_Manager. Add PSK_DB, SRP_DB (+ sqlite3 backings), these can
be passed to TLS::Channel.

Can PSK_DB, SRP_DB, TLS sessions schemes all share same logic re encryption?
Would be nice to mask TLS session hostnames.

CT::mask<T> type used, required
 Otherwise there will be code that passes a value instead of mask and
 bad things will happen.
 Also prevents writing mask = instead of mask &= ...
 mask.add(...)

Adds typechecking options and optionally can use volatile on the mask

Try inlining all of mp_asm.cpp. All of the functions are small and call other inlined functions.
Inlining may be a large win here.

Need basic speed benchmarks for add, sub, multiply, power mod in
various configuration

power_mod

p         k     time
p256      256   x
ietf1024 1024   x
ietf4096 4096   x
r2048 512   x
r2048 2048   x
r4096 ?   x
...


BOTAN_TEST_EQ()
BOTAN_TEST_COND(
BOTAN_TEST_ASSERT()
BOTAN_TEST_FAIL()
BOTAN_TEST_FAIL()

in assert.h
BOTAN_ARG_CHECK(pred)
BOTAN_ARG_CHECK_MSG(pred, msg)

change assert to msgless
rename version taking string to BOTAN_ASSERT_MSG
Remove useless assert strings


write a script that scans the cpp files in a module and determines its
header dependences, updates info.txt. Also checks for ::create calls
with constant strings?

DEBUG logging everywhere which compiles to nothing unless compiled in.
But when enabled allows logging of all kinds of useful things..

TLS logging callbacks and wiring in cli

base32 encoding

rewrite base64/hex using binconv?

s/Policy/Default_Policy/

test SRTP extension with DTLS servers

Rewrite ASN1 nasty?
	*** This is just my personal todo file for botan. It is not supposed
	to make any sense to you. Some of these things may happen some day.
	If something in here excites you feel free to take it on though.

	The easy way to do a FIPS 140 validation is to not need to do a FIPS 140 validation.
	FIPS just cares about the crypto impl, if we're just an 'application calling OpenSSL FIPS object'
	that happens to implement TLS, all is well. This requires a special mode that enables
	only OpenSSL's AES, SHA, RSA, ECDSA, RNG, etc and disable the builtins including our
	HMAC_DRBG (instead AutoSeeded_RNG calls OpenSSL's FIPS RNG), plus probably 2-3
	exposed API functions for the application to control the OpenSSL self tests and etc.

	Remove Credentials_Manager. Add PSK_DB, SRP_DB (+ sqlite3 backings), these can
	be passed to TLS::Channel.

	Can PSK_DB, SRP_DB, TLS sessions schemes all share same logic re encryption?
	Would be nice to mask TLS session hostnames.

	CT::mask<T> type used, required
	Otherwise there will be code that passes a value instead of mask and
	bad things will happen.
	Also prevents writing mask = instead of mask &= ...
	mask.add(...)

	Adds typechecking options and optionally can use volatile on the mask

	Try inlining all of mp_asm.cpp. All of the functions are small and call other inlined functions.
	Inlining may be a large win here.

	Need basic speed benchmarks for add, sub, multiply, power mod in
	various configuration

	power_mod

	p k time
	p256 256 x
	ietf1024 1024 x
	ietf4096 4096 x
	r2048 512 x
	r2048 2048 x
	r4096 ? x
	...


	BOTAN_TEST_EQ()
	BOTAN_TEST_COND(
	BOTAN_TEST_ASSERT()
	BOTAN_TEST_FAIL()
	BOTAN_TEST_FAIL()

	in assert.h
	BOTAN_ARG_CHECK(pred)
	BOTAN_ARG_CHECK_MSG(pred, msg)

	change assert to msgless
	rename version taking string to BOTAN_ASSERT_MSG
	Remove useless assert strings


	write a script that scans the cpp files in a module and determines its
	header dependences, updates info.txt. Also checks for ::create calls
	with constant strings?

	DEBUG logging everywhere which compiles to nothing unless compiled in.
	But when enabled allows logging of all kinds of useful things..

	TLS logging callbacks and wiring in cli

	base32 encoding

	rewrite base64/hex using binconv?

	s/Policy/Default_Policy/

	test SRTP extension with DTLS servers

	Rewrite ASN1 nasty?