From: Giovanni F. <gio...@gm...> - 2007-11-27 10:52:20
|
Hi ! Thank you for your answer. I know that the creation of an asymmetric key pair is a computationally complex operation, but these times are too long for an hardware solution...maybe too many features have been implemented in software inside the tpm to preserve a low price.. Have you ever tried the same operations on a PC with Windows ? I'd really like to know if these problems come from the tpm or if a comunication problem of linux with the tpm .. Thank you very much, Giovanni 2007/11/23, Hal Finney <hal...@gm...>: > Hi Giovanni - It is normal for Tspi_Key_CreateKey to be slow. It is > not merely doing an encryption, it is generating a valid 2048 bit RSA > key. That means searching for two random 1024 bit prime numbers; > testing whether numbers are prime is a slow operation. Then sometimes > the search gets lucky and finds a valid prime quickly, and other times > it is unlucky and has to try many numbers before finding a prime. > > I tried timing it on my Infineon 1.2 TPM, and got the following strange numbers: > > 0m1.171s > 0m0.803s > 0m0.853s > 0m45.545s > 0m32.689s > 0m20.136s > 0m37.823s > > The 1st three times were very fast, about a second, and then it > started taking 20-50 seconds. That doesn't really make sense. A second > is too fast. So I wonder if the chip is pre-generating some keys and > storing them internally, and then just returning them when > Tspi_Key_CreateKey is called. It only has room for three keys and then > after that it has to generate them on request. If so then this would > imply that if I let the system "sit" for a while then I should be able > to get one or two keys quickly. I'll try that. > > Okay, after cutting and pasting those numbers and typing the previous > paragraph, I again started calling it and got three keys very quickly, > about one second each, and after that again it slowed down to the 20+ > second range. Interesting behavior. > > Hal > > On Nov 23, 2007 5:16 AM, Giovanni Ferrari <gio...@gm...> wrote: > > Goodmorning to everybody, > > > > profiling a simple program that generete asymmetric and symmetric keys > > and then encrypt files i've seen that the function Tspi_key_createkey > > is very very very slow .. it takes betwenn 14 and 70 seconds !! ( not > > always the same time ) > > I'm using a TPM v 1.2 STmicroelectronics and i'd like to know if this > > behavior is normal .. usually the asymmetric operations are slower > > than the symmetrics one, but don't takes minutes ;) > > Could it be a problem of communication with the TPM instead a really > > slow execution of the command by the TPM ? > > Thank you very much, > > > > Giovanni > |