Skip to content

ec ephemeral key packed-in #1907

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

ec ephemeral key packed-in #1907

wants to merge 1 commit into from

Conversation

dmihalcik-virtru
Copy link
Member

@dmihalcik-virtru dmihalcik-virtru commented Feb 6, 2025
edited by github-actions bot
Loading

Proposed Changes

Checklist

  • I have added or updated unit tests
  • I have added or updated integration tests (if appropriate)
  • I have added or updated documentation

Testing Instructions

@github-actions github-actions bot mentioned this pull request Feb 6, 2025
Merged
3 tasks
@dmihalcik-virtru dmihalcik-virtru force-pushed the feature/ecc-with-eph-included branch from 19b4744 to 36f7878 Compare February 10, 2025 17:13
github-merge-queue bot pushed a commit that referenced this pull request Feb 14, 2025
@dmihalcik-virtru @sujankota
feat(core): EXPERIMENTAL: EC-wrapped key support (#1902)
652266f 
### Proposed Changes

- Lets KAS use an elliptic key based mechanism for key (split)
encapsulation
- Adds a new `ec-wrapped` KAO type that uses a hybrid EC encryption
scheme to wrap the values
- Adds a feature flag (`services.kas.ec_tdf_enabled`) on the server.
- Exposes feature flag to service launcher workflows as `ec-tdf-enabled`
- To use with SDK, adds a new `WithWrappingKeyAlg` functional option

### Checklist

- [ ] I have added or updated unit tests
- [ ] I have added or updated integration tests (if appropriate)
- [ ] I have added or updated documentation

### Testing Instructions

<!-- branch-stack -->

- `main`
  - \#1902 :point\_left:
    - \#1907

---------

Co-authored-by: sujan kota <[email protected]>
Base automatically changed from feature/ecc-wrappper to main February 14, 2025 15:30
@dmihalcik-virtru dmihalcik-virtru force-pushed the feature/ecc-with-eph-included branch from 36f7878 to 1b188cb Compare February 25, 2025 21:41
@github-actions github-actions bot added the Stale label Jun 26, 2025
@dmihalcik-virtru dmihalcik-virtru force-pushed the feature/ecc-with-eph-included branch from 1b188cb to 2352a1f Compare July 14, 2025 16:07
@github-actions GitHub Actions
Copy link
Contributor

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 180.215894ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 99.505858ms

Standard Benchmark Metrics Skipped or Failed

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 436.59296ms
Throughput 229.05 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 38.073016714s
Average Latency 378.858664ms
Throughput 131.33 requests/second

NANOTDF Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 0
Failed Requests 5000
Concurrent Requests 50
Total Time 26.791711357s
Throughput 0.00 requests/second

Error Summary:

Error Message Occurrences
ReadNanoTDF error: getNanoRewrapKey: rewrapError: gcm.Open failed: cipher: message authentication failed 5000 occurrences

@dmihalcik-virtru
feature!(sdk): ec ephemeral key packed-in
65743ad 
- Store ec ephemeral keys within wrappedKey blobs
@dmihalcik-virtru dmihalcik-virtru force-pushed the feature/ecc-with-eph-included branch from 2352a1f to 65743ad Compare July 14, 2025 17:27
@github-actions GitHub Actions
Copy link
Contributor

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 170.393191ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 92.98837ms

Standard Benchmark Metrics Skipped or Failed

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 351.533027ms
Throughput 284.47 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 37.725909285s
Average Latency 374.894607ms
Throughput 132.53 requests/second

NANOTDF Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 0
Failed Requests 5000
Concurrent Requests 50
Total Time 26.772467872s
Throughput 0.00 requests/second

Error Summary:

Error Message Occurrences
ReadNanoTDF error: getNanoRewrapKey: rewrapError: gcm.Open failed: cipher: message authentication failed 5000 occurrences

@github-actions github-actions bot removed the Stale label Jul 15, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@dmihalcik-virtru