v0.2.0 RC1

integritychain · Apr 26, 2024 · 55def32 · 55def32
1 parent 3fed3a1
commit 55def32
Show file tree

Hide file tree

Showing 7 changed files with 22 additions and 20 deletions.
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -81,7 +81,7 @@ jobs:
       - name: Install cargo-llvm-cov
         uses: taiki-e/install-action@cargo-llvm-cov
       - name: Generate code coverage
-        run: cargo llvm-cov --all-features --workspace
+        run: cargo llvm-cov --all-features --workspace --exclude fips203-ffi
     # No codecov account, so stop here for now
     #  - name: Upload coverage to Codecov
     #    uses: codecov/codecov-action@v3
@@ -144,7 +144,6 @@ jobs:
           - target: i686-unknown-linux-gnu
             rust: stable
             deps: sudo apt update && sudo apt install gcc-multilib
-
           # 64-bit Linux
           - target: x86_64-unknown-linux-gnu
             rust: 1.72 # MSRV 1.70 GA flaky

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,9 +5,9 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## 0.2.0 (2024-05-01)
+## 0.2.0 (2024-04-26)
 
-- Removed `_vt` suffix from top-level API as constant-time operation is now confirmed
+- Removed `_vt` suffix from top-level API as constant-time operation is now measured
 
 ## 0.1.6 (2024-04-24)
 

diff --git a/README.md b/README.md
@@ -57,8 +57,8 @@ The Rust [Documentation][docs-link] lives under each **Module** corresponding to
 ## Notes
 
 * This crate is fully functional and corresponds to the first initial public draft of FIPS 203.
-* Constant-time operation targets the source-code level only on MSRV, with confirmation via the 
-  embedded target and the `dudect` dynamic tests.
+* Constant-time operation targets the source-code level only on MSRV, with confirmation via 
+  manual review/inspection, the embedded target, and the `dudect` dynamic tests.
 * Note that FIPS 203 places specific requirements on randomness per section 3.3, hence the exposed `RNG`.
 * Requires Rust **1.70** or higher. The minimum supported Rust version (MSRV) may be changed in the future,
   but it will be done with a minor version bump (when the major version is larger than 0).

diff --git a/benches/README.md b/benches/README.md
@@ -6,20 +6,20 @@ Near-obvious uplift can be had with more careful modular multiplication & additi
 using fewer reductions. Also, 'u16' arithmetic has a performance penalty.
 
 ~~~
-April 24, 2024
+April 26, 2024
 Intel® Core™ i7-7700K CPU @ 4.20GHz × 8  Circa 2017 w/ Rust 1.77
 
 $ RUSTFLAGS="-C target-cpu=native" cargo bench
 
-ml_kem_512  KeyGen      time:   [28.950 µs 28.988 µs 29.028 µs]
-ml_kem_768  KeyGen      time:   [47.988 µs 48.048 µs 48.104 µs]
-ml_kem_1024 KeyGen      time:   [75.186 µs 75.242 µs 75.315 µs]
+ml_kem_512  KeyGen      time:   [28.597 µs 28.599 µs 28.600 µs]
+ml_kem_768  KeyGen      time:   [47.513 µs 47.534 µs 47.553 µs]
+ml_kem_1024 KeyGen      time:   [74.790 µs 74.796 µs 74.804 µs]
 
-ml_kem_512  Encaps      time:   [29.574 µs 29.589 µs 29.609 µs]
-ml_kem_768  Encaps      time:   [46.665 µs 46.752 µs 46.889 µs]
-ml_kem_1024 Encaps      time:   [70.703 µs 70.809 µs 70.931 µs]
+ml_kem_512  Encaps      time:   [29.674 µs 29.688 µs 29.705 µs]
+ml_kem_768  Encaps      time:   [46.599 µs 46.616 µs 46.635 µs]
+ml_kem_1024 Encaps      time:   [70.481 µs 70.485 µs 70.491 µs]
 
-ml_kem_512  Decaps      time:   [39.643 µs 39.671 µs 39.702 µs]
-ml_kem_768  Decaps      time:   [61.060 µs 61.141 µs 61.221 µs]
-ml_kem_1024 Decaps      time:   [87.695 µs 87.770 µs 87.856 µs]
+ml_kem_512  Decaps      time:   [39.454 µs 39.471 µs 39.495 µs]
+ml_kem_768  Decaps      time:   [61.607 µs 62.091 µs 62.701 µs]
+ml_kem_1024 Decaps      time:   [86.873 µs 86.894 µs 86.908 µs]
 ~~~
diff --git a/benches/benchmark.rs b/benches/benchmark.rs
@@ -4,7 +4,7 @@ use fips203::{ml_kem_1024, ml_kem_512, ml_kem_768};
 use rand_core::{CryptoRng, RngCore};
 
 
-// Simplistic RNG to regurgitate incremented values when 'asked'
+// Test RNG to regurgitate incremented values when 'asked'
 struct TestRng {
     value: u32,
 }

diff --git a/ct_cm4/src/main.rs b/ct_cm4/src/main.rs
@@ -15,7 +15,7 @@ use rtt_target::{rprintln, rtt_init_print};
 use subtle::{ConditionallySelectable, ConstantTimeEq};
 
 
-// Simplistic RNG to regurgitate incremented values when 'asked' except rho every i mod 4 == 1
+// Test RNG to regurgitate incremented values when 'asked' except rho every i mod 4 == 1
 #[derive(Clone)]
 struct TestRng {
     rho: u32,
@@ -64,6 +64,7 @@ fn main() -> ! {
         };
         i += 1;
 
+        ///////////////////// Start measurement period
         asm::isb();
         let start = DWT::cycle_count();
         asm::isb();
@@ -76,8 +77,9 @@ fn main() -> ! {
         asm::isb();
         let finish = DWT::cycle_count();
         asm::isb();
-        let _ = rng.try_fill_bytes(&mut spare_draw).unwrap(); // ease our lives; multiple of 4
+        ///////////////////// Finish measurement period
 
+        let _ = rng.try_fill_bytes(&mut spare_draw).unwrap(); // ease our lives; multiple of 4
         let count = finish - start;
 
         // each rho should have a fixed cycle count

diff --git a/src/lib.rs b/src/lib.rs
@@ -20,7 +20,8 @@
 //   0. Stay current with FIPS 203 updates (due late summer 2024)
 //   1. Perf: optimize/minimize modular reductions, minimize u16 arith, consider avx2/aarch64
 //      (currently, code is 'optimized' for safety and change-support, with reasonable perf)
-//   2. Slightly more intelligent fuzzing (e.g., as dk contains h(ek))
+//   2. Expand test coverage, looping test w/ check, add report badge
+//   3. Slightly more intelligent fuzzing (e.g., as dk contains h(ek))
 
 // Functionality map per FIPS 203 draft
 //