Re: [TrouSerS-users] Tspi_key_createkey

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi !
Thank you for your answer. I know that the creation of an asymmetric
key pair is a computationally complex operation, but these times are
too long for an hardware solution...maybe too many features have been
implemented in software inside the tpm to preserve a low price..
Have you ever tried the same operations on a PC with Windows ? I'd
really like to know if these problems come from the tpm or if a
comunication problem of linux with the tpm ..
Thank you very much,
Giovanni

2007/11/23, Hal Finney <hal...@gm...>:
> Hi Giovanni - It is normal for Tspi_Key_CreateKey to be slow. It is
> not merely doing an encryption, it is generating a valid 2048 bit RSA
> key. That means searching for two random 1024 bit prime numbers;
> testing whether numbers are prime is a slow operation. Then sometimes
> the search gets lucky and finds a valid prime quickly, and other times
> it is unlucky and has to try many numbers before finding a prime.
>
> I tried timing it on my Infineon 1.2 TPM, and got the following strange numbers:
>
> 0m1.171s
> 0m0.803s
> 0m0.853s
> 0m45.545s
> 0m32.689s
> 0m20.136s
> 0m37.823s
>
> The 1st three times were very fast, about a second, and then it
> started taking 20-50 seconds. That doesn't really make sense. A second
> is too fast. So I wonder if the chip is pre-generating some keys and
> storing them internally, and then just returning them when
> Tspi_Key_CreateKey is called. It only has room for three keys and then
> after that it has to generate them on request. If so then this would
> imply that if I let the system "sit" for a while then I should be able
> to get one or two keys quickly. I'll try that.
>
> Okay, after cutting and pasting those numbers and typing the previous
> paragraph, I again started calling it and got three keys very quickly,
> about one second each, and after that again it slowed down to the 20+
> second range. Interesting behavior.
>
> Hal
>
> On Nov 23, 2007 5:16 AM, Giovanni Ferrari <gio...@gm...> wrote:
> > Goodmorning to everybody,
> >
> > profiling a simple program that generete asymmetric and symmetric keys
> > and then encrypt files i've seen that the function Tspi_key_createkey
> > is very very very slow .. it takes betwenn 14 and 70 seconds !! ( not
> > always the same time )
> > I'm using a TPM v 1.2 STmicroelectronics and i'd like to know if this
> > behavior is normal .. usually the asymmetric operations are slower
> > than the symmetrics one, but don't takes minutes ;)
> > Could it be a problem of communication with the TPM instead a really
> > slow execution of the command by the TPM ?
> > Thank you very much,
> >
> > Giovanni
>