-
Notifications
You must be signed in to change notification settings - Fork 22
/
TODO
131 lines (88 loc) · 3.1 KB
/
TODO
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
Hey, it's a solo project! I get to use this TODO format again!
- Not done.
. Partially done.
o Completed.
X Abandoned.
BEFORE EVERY RELEASE
- 100% test coverage.
(Well, there are 1-5 non-covered lines, but that's okay.)
- Uncrustify.
- Valgrind.
- Dieharder
- Resolve all XXXX/TODO items in the code.
- Build and test on:
- Windows, Windows64 (mingw)
- ARM
- FreeBSD
- OSX
- Fedora
BEFORE TELLING PEOPLE TO TRY IT.
- Resolve all XXXX/TODO items in the code.
- Triple-check that ssse3 code is getting built and run.
o Rename stir
- Refactor locking.
- Don't spin inappropriately.
- In particular, don't spin over any access to the entropy source!
- TESTING
- Make benchmarks use a CPU timer, not gettimeofday.
- Double-check the spec against the haskell clone
- Make sure that the reinitialization logic is threadsafe.
- Rudimentary prediction resistance:
- Opportunistic, if you have a fast entropy source.
- Configurable to use other sources.
o Function to return a bitmask of any bogus options that the library was
built with.
- pthread_atfork for fork handling
- mlock support of some kind
BEFORE VERSION 1:
. Detect CPU features at runtime.
o In particular, detecting SSSE3/SSE2 could be a bit of a win.
- Detect ARM neon
- Detect altivec simd
- Separate threaded/nonthreaded libraries.
- Windows port
- Good build process
- Coverage on Windows
. Other entropy sources
- Syscall/ioctl/arc4random??
- User promises to seed (dangerous)
o Ability to say "Still use X, but don't consider it strong."
- EGD support on windows
- Possibly, add a "stir" step after seeding so that we are never
generating PRNG data directly from a key not produced by the PRF.
- Test on altivec, fix whatever I broke there.
SOMEDAY:
- Better prediction resistance:
- timed?
- every N bytes
- avoid redundant initialization checks.
. Option to avoid leaving stuff on the stack.
- Ability to make a tiny tiny runtime for embedded applications.
- Port to MSVC
- Port to ancient operating systems
- Port to weird chips.
- Make sure that allegedly random device has correct major/minor
- Handle fork even better. Ideas:
- mutex/state in a shared mmap?
. pthread_atfork?
(Hm, it appears that sensible libcs make getpid() pretty fast, so this
isn't a win the way I did it at first.)
- Ignore when we have a state object??
- Handle thread-safety even better
o ability to disable locking.
- Per-pthread?
- pthread_spin?
- When about to generate a ton of stuff, increment the counter *then*
drop the lock!
- Do something about L1 cache pressure.
REJECTED:
X Use AESNI instead of chacha when it's available?
o Port implementation (see branch 'aesni')
o Benchmark implementation.
(NOT FASTER THAN CHACHA.)
X Test implementation
X Use it when appropriate.
X Make rand_bytes() better handle the case where, after alignment, n is
less than output_len?
X Expose OSRNG functions.
X Simplify large/small request issues?