|
1 | 1 | # TODO |
| 2 | + |
2 | 3 | [remove this section before publication] |
3 | 4 |
|
4 | | -[ ] EdDSA |
5 | | -[ ] ML-DSA + EdDSA Composite |
6 | | -[ ] Ensure that all crates have `#![forbid(missing_docs)]` |
7 | | -[ ] Apply Secret trait consistently across the library --> study the `Zeroize` trait in RustCrypto |
8 | | -[ ] Change all "[u8;0]" to "[]" throughout the code and docs ... or better yet, change the APIs to take an Option<> |
9 | | -[ ] For all higher-level algorithms, put a cargo #[cfg(feature='rng')] around the keygen that takes an rng so that the dependency on bouncycastle_rng is optional. |
10 | | -[ ] Enhance the default HashDRBG instantiation to take in NIST-compatible CPU jitter entropy |
11 | | -[ ] Get an opinion from Bob Beck or Dennis about the factories ... Are they worth it? |
12 | | -[ ] Do a pass over KeyMaterial, taking into account Dennis Jackson's input (maybe ping him for a phone call?) |
13 | | -[ ] Need a rust expert: I use a bunch of #![feature(_)]'s that are only available in nightly. ... what should I do about that? |
14 | | -[ ] Open github issues |
| 5 | +* ML-DSA & ML-KEM |
| 6 | + * Check the crate release checklist and run claude against the style guide (maybe Francis could cross-check me) |
| 7 | + * Run Crucible testing |
| 8 | + * Add factories for ML-DSA and ML-KEM (if we are keeping factories, see below) |
| 9 | +* Split the Signature trait into a Signer and a Verifier so that, for example, we can implement the verifier for MTC in |
| 10 | + a different struct from the signer; or so that you can get FIPS compliance on old algorithms that are currently only |
| 11 | + FIPS-allowed for verification of existing signatures but not for creation of new ones. |
| 12 | +* Check out Megan's email May 13 about KeyMaterial: "I was wondering if there might be scope for a closure based |
| 13 | + approach that could |
| 14 | + guarantee encapsulation of the state change from safe to hazardous back to safe again." |
| 15 | +* Anywhere that you have an `_out(.. out: &mut [u8])`, start by zeroizing it with .fill(0); .. a good task for Claude? |
| 16 | + And should be documented in the style guide? |
| 17 | +* Go back to previous algs and apply memory optimization tricks like internal functions. And add a docs section "Memory |
| 18 | + Usage" that measures with valgrind. |
| 19 | +* Ensure that all crates have `#![forbid(missing_docs)]` |
| 20 | +* Apply Secret trait consistently across the library --> study the `Zeroize` trait in RustCrypto |
| 21 | +* Change all "[u8;0]" to "[]" throughout the code and docs ... or better yet, change the APIs to take an Option<> |
| 22 | +* Change all `-> Vec<u8>` to `-> [u8; CONST_LEN]`, and the `output: &mut [u8]` to `output: &mut [u8; CONST_LEN]` where |
| 23 | + appropriate. |
| 24 | +* Probably it makes sense to leave Hex and Base64 as requiring std; ... or maybe add a no_std version that uses |
| 25 | + fixed-sized blocks? |
| 26 | +* Create a cargo feature #[cfg(feature='rng')] and put it around things like keygen that takes an rng so that the build |
| 27 | + dependency on bouncycastle_rng is optional. |
| 28 | +* Enhance the default HashDRBG instantiation to take in NIST-compatible CPU jitter entropy? Or not? Maybe this is the |
| 29 | + problem of the caller to properly seed the RNG? |
| 30 | +* Factories ... Are they worth it? Michael Richardson says Very Yes. If we are keeping them, then we need a serious |
| 31 | + re-engineering of them because I really dislike that currently they make it hard for the underlying primitive to have |
| 32 | + static one-shot APIs. |
| 33 | +* Add back the Memoable trait from nursery (maybe under a different name) that lets you serialize out the |
| 34 | + intermediate state, especially important for SHA2, SHA3, and HMAC because TLS needs to be able to fork a state, |
| 35 | + finalize() a copy and then keep feeding the other copy. |
| 36 | +* Do some science about perf impacts of acting on a local hard-copy vs acting in-place on some specific bit of |
| 37 | + memory |
| 38 | +* Change the tone of the documentation (both the crate docs and the inline comments) to be less individual ("I" |
| 39 | + statements) and be more factual ("it is", or "the project", or "the bc-rust library" as appropriate). |
| 40 | +* Relax the requirement on XOF that once you start squeezing, you can't absorb anymore. This will likely need to be an |
| 41 | + exposed "bell & whistle" because it is an obvious way to do something like the TLS handshake transcript where you need |
| 42 | + to periodically spit out hashes and then continue absorbing more input. We'll need to study the SHA3 / SHAKE FIPS |
| 43 | + documents because it might be that this is forbidden as part of the definition of SHAKE, but is allowed if you use the |
| 44 | + KECCAK primitive raw. We need to make a decision on how to handle this, and provide some sample code in crate docs. |
| 45 | +* Need a rust expert: I use a bunch of #![feature(_)]'s that are only available in nightly. ... what should I do |
| 46 | + about that? |
| 47 | +* Research task: no_std means that everything is on the stack, which can cause you to blow your stack limit. Research |
| 48 | + how an application that itself is not no_std can put our large structs (like key objects) on the heap. Is this what |
| 49 | + Box is for? |
| 50 | +* Deal with as many of the inline TODOs as possible |
| 51 | +* Close all open github issues and document them in this file. |
15 | 52 |
|
16 | 53 | # 0.1.2 Features / Changelog |
17 | 54 |
|
18 | 55 | * ML-DSA |
19 | 56 | * Low-Memory ML-DSA -- runs in about 1/10th of the usual memory (~ 30 kb of stack) with only minor performance impact. |
20 | 57 | * Github issues resolved: |
21 | | - * #2, or whatever |
| 58 | + * #2, or whatever |
0 commit comments