Hi Soby,
Musca-B1 has CC312 support which will introduce an rng for this purpose. Unfortunately, I didn’t test Musca-B1 with cc312 enabled and I don’t have a board now to test with.
However, I did test with a h/w rng on the PSoC64 and the performance isn’t always better. When using s/w, the time it takes was quite consistent at 1.5 minutes or 5.5 minutes depending on toolchain. After introducing the h/w rng, I’ve seen
it finish quickly (less than a minute) but I’ve also seen it take 15 minutes.
Thanks,
Ray
From: Soby Mathew <Soby.Mathew@arm.com>
Sent: Wednesday, March 18, 2020 4:44 AM
To: Raymond Ngun <Raymond.Ngun@cypress.com>
Cc: tf-m@lists.trustedfirmware.org; nd <nd@arm.com>
Subject: RE: 2048-bit RSA Keypair generation is slow
Hi Raymond
Thanks for bring this to the forum. When I did the migration to the latest mbed-crypto tag, I faced the same issue. After couple of discussion within the team and mbedcrypto, this is the understanding I have.
Currently mbedcrypto is configured to use NULL entropy. Hence this is the print message when building mbedcrypto :
#warning "**** WARNING! MBEDTLS_TEST_NULL_ENTROPY defined! "
This means that mbedcrypto uses a software algorithm to generate randomness. It iterates this algorithm till it can generate enough randomness for the keypair generation and this is the reason for the delay.
If the hardware has an entropy source which can be used for this random number generation, then I understand the performance will be much better. But this will need suitable configuration to be enabled from TF-M.
I am not much familiar with hardware architecture of M-Class systems. One of the questions I have to the forum is, do we have such entropy sources on the hardware? Then it is worth scheduling some task to investigate
how to abstract/use the entropy source.
Best Regards
Soby Mathew
From: TF-M <tf-m-bounces@lists.trustedfirmware.org>
On Behalf Of Raymond Ngun via TF-M
Sent: 17 March 2020 21:02
To: tf-m@lists.trustedfirmware.org
Subject: [TF-M] 2048-bit RSA Keypair generation is slow
Hi all,
When testing the PSA API Crypto Dev API test suite, I noticed that psa_generate_key() is awfully slow when generating a 2048-bit RSA keypair and the performance is different depending on toolchain used. I’ve run these tests on Musca-B1
and with GCC, key generation generally completes in 25s but an armclang build requires 2.5 minutes to complete. This is more pronounced on PSoC64 where we are building for armv6m. Here, the key generation can take up to 5.5 minutes and I’ve seen it take even
longer – I assume this is due to values returned by rng.
Anybody have comments on the performance of psa_generate_key() or more specifically mbedtls_rsa_gen_key()? What can be done to help improve the performance of this software implementation?
Thank you,
Ray
This message and any attachments may contain confidential information from Cypress or its subsidiaries. If it has been received in error, please advise the sender and immediately delete this message.
This message and any attachments may contain confidential information from Cypress or its subsidiaries. If it has been received in error, please advise the sender and immediately delete this message.