search

briansmith / crypto-bench

Benchmarks for crypto libraries (in Rust, or with Rust bindings)
70 stars 11 forks source link

Add iOS Securtiy Framework (Common Crypto, etc.) benchmarks #16

Closed briansmith closed 4 years ago

briansmith commented 8 years ago

It would be useful to see how Rust-implemented crypto libraries compare, performance-wise, to the native crypto APis in Mac OS X and especially on iOS. In particular, this would help crypto library authors decide whether to defer some or all algorithms to the OS on OS X and/or iOS. Especially since code size is a significant issue on iOS, there's a lot of incentive to use the native code if it performs well and is correct.

I don't know of any Rust bindings for Common Crypto, so either (a) the initial benchmarks can be in C, or (b) some bindings need to be made.

JohnHeitmann commented 8 years ago

I think the full plan here would be:

  1. Write rust bindings for common crypto
  2. Write the crypto-bench component just like the others
  3. Build and run normally on Mac x86
  4. Write an extern "C" benchmark wrapper that runs the crypto tests like libtest does. This probably would require hand-maintaining a list of benchmark function names over time.
  5. Cross-compile an iOS static lib (I think this is trivial, but I've never done it for rust)
  6. Write an iOS app that links and drives that lib. Probably reports via the console.
JohnHeitmann commented 8 years ago

CommonCrypto looks pretty unloved by Apple. Apple uses AEADs and other modern algorithms in its frameworks like HomeKit and Keychain, but it looks like they haven't updated CommonCrypto to expose them to users. So, we can get benchmarks on the SHAs and HMAC, but that's about it.

Given that the benchmarking opportunities are limited, and that the iOS effort is going to need a couple layers of hacks, I'm not sure this one has a good bang-per-buck ratio. Was this suite high on your priority list?

briansmith commented 8 years ago

CommonCrypto looks pretty unloved by Apple. Apple uses AEADs and other modern algorithms in its frameworks like HomeKit and Keychain, but it looks like they haven't updated CommonCrypto to expose them to users. So, we can get benchmarks on the SHAs and HMAC, but that's about it.

Given that the benchmarking opportunities are limited, and that the iOS effort is going to need a couple layers of hacks, I'm not sure this one has a good bang-per-buck ratio. Was this suite high on your priority list?

Thanks for the info. That's kind of unbelievable, but some Googling seems to confirm that.

I am mostly interested in RSA, ECDSA, X25519, and Ed25519 on iOS. I saw a thread here about getting ECDSA to work: https://forums.developer.apple.com/thread/8030. But, really, I think that the benchmarks are a lot less interesting than the existence of an actual library that exposes the API to create and access keys in the secure enclave on iOS. But, also, would people really use Rust for that?

Anyway, at least for now it seems unrealistic for crypto libs on iOS to delegate all their functionality to iOS's implementations, which is unfortunate. Thanks for gathering this info!

I'll leave this open in case people do indeed end up doing some benchmarks at some point.

briansmith commented 8 years ago

See also https://thatsmejames.wordpress.com/2015/11/08/generating-a-key-pair-with-ioss-secure-enclave-in-swift/