Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Migrate ECDSA to FIPS Approved Functions #188

Merged
merged 12 commits into from
Jul 18, 2023
Merged

Migrate ECDSA to FIPS Approved Functions #188

merged 12 commits into from
Jul 18, 2023

Conversation

skmcgrail
Copy link
Member

@skmcgrail skmcgrail commented Jul 12, 2023
edited
Loading

Before

ECDSA-32-P256-SHA256-FIXED-sign-128-bytes/AWS-LC
                        time:   [19.332 µs 19.335 µs 19.339 µs]

ECDSA-32-P256-SHA256-FIXED-verify-128-bytes/AWS-LC
                        time:   [54.084 µs 54.086 µs 54.088 µs]
Found 2 outliers among 100 measurements (2.00%)
  1 (1.00%) high mild
  1 (1.00%) high severe

ECDSA-48-P384-SHA384-FIXED-sign-128-bytes/AWS-LC
                        time:   [94.512 µs 94.517 µs 94.521 µs]
Found 6 outliers among 100 measurements (6.00%)
  1 (1.00%) low severe
  1 (1.00%) low mild
  4 (4.00%) high mild

ECDSA-48-P384-SHA384-FIXED-verify-128-bytes/AWS-LC
                        time:   [220.85 µs 220.86 µs 220.87 µs]
Found 7 outliers among 100 measurements (7.00%)
  4 (4.00%) high mild
  3 (3.00%) high severe

After

ECDSA-32-P256-SHA256-FIXED-sign-128-bytes/AWS-LC
                        time:   [20.074 µs 20.078 µs 20.082 µs]
                        change: [+3.8506% +3.8808% +3.9101%] (p = 0.00 < 0.05)
                        Performance has regressed.
Found 1 outliers among 100 measurements (1.00%)
  1 (1.00%) high mild

ECDSA-32-P256-SHA256-FIXED-verify-128-bytes/AWS-LC
                        time:   [56.070 µs 56.570 µs 57.157 µs]
                        change: [+3.6704% +4.5380% +5.3455%] (p = 0.00 < 0.05)
                        Performance has regressed.
Found 14 outliers among 100 measurements (14.00%)
  5 (5.00%) high mild
  9 (9.00%) high severe

ECDSA-48-P384-SHA384-FIXED-sign-128-bytes/AWS-LC
                        time:   [95.191 µs 95.194 µs 95.198 µs]
                        change: [+0.7121% +0.7201% +0.7283%] (p = 0.00 < 0.05)
                        Change within noise threshold.
Found 9 outliers among 100 measurements (9.00%)
  1 (1.00%) low severe
  5 (5.00%) low mild
  2 (2.00%) high mild
  1 (1.00%) high severe

ECDSA-48-P384-SHA384-FIXED-verify-128-bytes/AWS-LC
                        time:   [221.87 µs 221.88 µs 221.89 µs]
                        change: [+0.4518% +0.4605% +0.4686%] (p = 0.00 < 0.05)
                        Change within noise threshold.
Found 3 outliers among 100 measurements (3.00%)
  1 (1.00%) low mild
  1 (1.00%) high mild
  1 (1.00%) high severe

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

@skmcgrail skmcgrail requested a review from a team as a code owner July 12, 2023 01:07
@skmcgrail
Copy link
Member Author

Working on sorting out the asan failures and will publish an update.

@skmcgrail skmcgrail marked this pull request as draft July 12, 2023 01:47
@skmcgrail skmcgrail marked this pull request as ready for review July 12, 2023 15:54
justsmth
justsmth reviewed Jul 12, 2023
View reviewed changes
aws-lc-rs/src/ec.rs Outdated Show resolved Hide resolved
aws-lc-rs/src/ec/key_pair.rs Outdated Show resolved Hide resolved
aws-lc-rs/src/ec/key_pair.rs Outdated Show resolved Hide resolved
@skmcgrail skmcgrail requested a review from justsmth July 12, 2023 17:44
@skmcgrail skmcgrail force-pushed the ecdsa-fips branch 4 times, most recently from 17d74d4 to 7486108 Compare July 12, 2023 20:01
@skmcgrail skmcgrail changed the base branch from main to fips-api-changes July 13, 2023 20:41
@skmcgrail skmcgrail requested a review from justsmth July 13, 2023 22:30
samuel40791765
samuel40791765 reviewed Jul 18, 2023
View reviewed changes
aws-lc-rs/src/digest/digest_ctx.rs Outdated Show resolved Hide resolved
aws-lc-rs/src/ptr.rs Outdated Show resolved Hide resolved
@skmcgrail skmcgrail merged commit 92883a4 into aws:fips-api-changes Jul 18, 2023
72 checks passed
@skmcgrail skmcgrail deleted the ecdsa-fips branch July 18, 2023 21:06
skmcgrail added a commit that referenced this pull request Oct 20, 2023
@skmcgrail
FIPS Feature Improvements (#244)
fe5d0de 
* Migrate ECDSA to FIPS Approved Functions (#188)
* Migrate RSA to FIPS Approved Functions (#196)
* Migrate Agreement to FIPS Approved Functions (#198)
* FIPS AEAD API Types (#207)
* Refactor HKDF for FIPS (#217)
* FIPS Status Indicator (#216)
* Migrate Ed25519 key generation to EVP_PKEY_keygen (#224)
* FIPS Usage Documentation (#231)
* Support for TLS 1.2 PRF (#232)
* Documentation cleanup (#243)
* Cleanup for fips-api-changes branch (#248)
hansonchar pushed a commit to hansonchar/aws-lc-rs that referenced this pull request Oct 21, 2023
@skmcgrail
FIPS Feature Improvements (aws#244)
08d07ee 
* Migrate ECDSA to FIPS Approved Functions (aws#188)
* Migrate RSA to FIPS Approved Functions (aws#196)
* Migrate Agreement to FIPS Approved Functions (aws#198)
* FIPS AEAD API Types (aws#207)
* Refactor HKDF for FIPS (aws#217)
* FIPS Status Indicator (aws#216)
* Migrate Ed25519 key generation to EVP_PKEY_keygen (aws#224)
* FIPS Usage Documentation (aws#231)
* Support for TLS 1.2 PRF (aws#232)
* Documentation cleanup (aws#243)
* Cleanup for fips-api-changes branch (aws#248)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@samuel40791765 samuel40791765 samuel40791765 approved these changes

@justsmth justsmth justsmth approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@skmcgrail @samuel40791765 @justsmth