crabgraph 0.3.3

A safe, ergonomic, high-performance cryptographic library for Rust built on audited primitives
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191

use crabgraph::aead::stream::{
    Aes256GcmStreamDecryptor, Aes256GcmStreamEncryptor, ChaCha20Poly1305StreamEncryptor,
};
use crabgraph::rand::secure_bytes;
use criterion::{criterion_group, BenchmarkId, Criterion, Throughput};
use std::hint::black_box;
use std::path::Path;

mod bench_utils;

/// Benchmark streaming encryption for different file sizes
fn stream_encryption_benchmarks(c: &mut Criterion) {
    let mut group = c.benchmark_group("stream_encryption");

    // Test different "file" sizes: 1 MB, 10 MB, 100 MB
    for size_kb in [1024, 10_240, 102_400].iter() {
        let size = size_kb * 1024; // Convert to bytes
        let data = vec![0u8; size];
        let chunk_size = 64 * 1024; // 64 KB chunks

        group.throughput(Throughput::Bytes(size as u64));

        // AES-256-GCM streaming encryption
        group.bench_with_input(
            BenchmarkId::new("aes256_stream_encrypt", format!("{}MB", size_kb / 1024)),
            &size,
            |b, _| {
                b.iter(|| {
                    let key = secure_bytes(32).unwrap();
                    let mut encryptor = Aes256GcmStreamEncryptor::new(&key).unwrap();
                    let chunks: Vec<&[u8]> = data.chunks(chunk_size).collect();

                    let mut encrypted = Vec::new();
                    for chunk in &chunks[..chunks.len() - 1] {
                        encrypted.push(encryptor.encrypt_next(chunk).unwrap());
                    }
                    encrypted.push(encryptor.encrypt_last(chunks[chunks.len() - 1]).unwrap());
                    black_box(encrypted);
                });
            },
        );

        // AES-256-GCM streaming decryption
        group.bench_with_input(
            BenchmarkId::new("aes256_stream_decrypt", format!("{}MB", size_kb / 1024)),
            &size,
            |b, _| {
                // Pre-encrypt data
                let key = secure_bytes(32).unwrap();
                let mut encryptor = Aes256GcmStreamEncryptor::new(&key).unwrap();
                let nonce = encryptor.nonce().to_vec();
                let chunks: Vec<&[u8]> = data.chunks(chunk_size).collect();

                let mut encrypted_chunks = Vec::new();
                for chunk in &chunks[..chunks.len() - 1] {
                    encrypted_chunks.push(encryptor.encrypt_next(chunk).unwrap());
                }
                encrypted_chunks.push(encryptor.encrypt_last(chunks[chunks.len() - 1]).unwrap());

                b.iter(|| {
                    let mut decryptor = Aes256GcmStreamDecryptor::from_nonce(&key, &nonce).unwrap();
                    let mut decrypted = Vec::new();

                    for chunk in &encrypted_chunks[..encrypted_chunks.len() - 1] {
                        decrypted.extend_from_slice(&decryptor.decrypt_next(chunk).unwrap());
                    }
                    decrypted.extend_from_slice(
                        &decryptor
                            .decrypt_last(&encrypted_chunks[encrypted_chunks.len() - 1])
                            .unwrap(),
                    );
                    black_box(decrypted);
                });
            },
        );

        // ChaCha20-Poly1305 streaming encryption
        group.bench_with_input(
            BenchmarkId::new("chacha20_stream_encrypt", format!("{}MB", size_kb / 1024)),
            &size,
            |b, _| {
                b.iter(|| {
                    let key = secure_bytes(32).unwrap();
                    let mut encryptor = ChaCha20Poly1305StreamEncryptor::new(&key).unwrap();
                    let chunks: Vec<&[u8]> = data.chunks(chunk_size).collect();

                    let mut encrypted = Vec::new();
                    for chunk in &chunks[..chunks.len() - 1] {
                        encrypted.push(encryptor.encrypt_next(chunk).unwrap());
                    }
                    encrypted.push(encryptor.encrypt_last(chunks[chunks.len() - 1]).unwrap());
                    black_box(encrypted);
                });
            },
        );
    }

    group.finish();
}

/// Benchmark chunk size impact
fn chunk_size_benchmarks(c: &mut Criterion) {
    let mut group = c.benchmark_group("stream_chunk_size");

    let data = vec![0u8; 1024 * 1024]; // 1 MB file

    for chunk_size in [4096, 16384, 65536, 262144].iter() {
        group.throughput(Throughput::Bytes(data.len() as u64));

        group.bench_with_input(
            BenchmarkId::new("aes256_chunk", format!("{}KB", chunk_size / 1024)),
            chunk_size,
            |b, &chunk_size| {
                b.iter(|| {
                    let key = secure_bytes(32).unwrap();
                    let mut encryptor = Aes256GcmStreamEncryptor::new(&key).unwrap();
                    let chunks: Vec<&[u8]> = data.chunks(chunk_size).collect();

                    let mut encrypted = Vec::new();
                    for chunk in &chunks[..chunks.len() - 1] {
                        encrypted.push(encryptor.encrypt_next(chunk).unwrap());
                    }
                    encrypted.push(encryptor.encrypt_last(chunks[chunks.len() - 1]).unwrap());
                    black_box(encrypted);
                });
            },
        );
    }

    group.finish();
}

/// Compare streaming vs in-memory encryption
fn stream_vs_memory_benchmarks(c: &mut Criterion) {
    let mut group = c.benchmark_group("stream_vs_memory");

    let size = 1024 * 1024; // 1 MB
    let data = vec![0u8; size];

    group.throughput(Throughput::Bytes(size as u64));

    // In-memory encryption (single operation)
    group.bench_function("aes256_inmemory_1mb", |b| {
        use crabgraph::aead::{AesGcm256, CrabAead};

        b.iter(|| {
            let key = AesGcm256::generate_key().unwrap();
            let cipher = AesGcm256::new(&key).unwrap();
            let encrypted = cipher.encrypt(black_box(&data), None).unwrap();
            black_box(encrypted);
        });
    });

    // Streaming encryption (chunked)
    group.bench_function("aes256_stream_1mb", |b| {
        b.iter(|| {
            let key = secure_bytes(32).unwrap();
            let mut encryptor = Aes256GcmStreamEncryptor::new(&key).unwrap();
            let chunk_size = 64 * 1024;
            let chunks: Vec<&[u8]> = data.chunks(chunk_size).collect();

            let mut encrypted = Vec::new();
            for chunk in &chunks[..chunks.len() - 1] {
                encrypted.push(encryptor.encrypt_next(chunk).unwrap());
            }
            encrypted.push(encryptor.encrypt_last(chunks[chunks.len() - 1]).unwrap());
            black_box(encrypted);
        });
    });

    group.finish();
}

fn configure_criterion() -> Criterion {
    Criterion::default()
        .output_directory(Path::new("target/criterion"))
        .with_output_color(true)
}

criterion_group! {
    name = benches;
    config = configure_criterion();
    targets = stream_encryption_benchmarks, chunk_size_benchmarks, stream_vs_memory_benchmarks
}

fn main() {
    benches();
    println!("\n📊 Organizing benchmark results...");
    bench_utils::organize_benchmark_results();
}
// criterion_main!(benches);