[Cryptech Tech] Aes keywrap core ready for test and benchmarking
paul at psgd.org
Wed Aug 29 20:25:11 UTC 2018
Below are results from running sw/pkcs11/scripts/time-signature.py, both
with software keywrap and with the keywrap core.
Key sizes are in bytes, measured in hal_aes_keyunwrap. (RSA keys have
some extra pre-calculated goop intended to speed up subsequent
operations, so are bigger than you might otherwise expect.) Times are in
seconds, measured as the mean of 100 signing operations.
In these tests, keys are stored in the volatile (RAM-based) keystore, so
we're not dealing with slow flash I/O. Also, the message being signed is
only 26 characters, so there's not much efficiency left to be squeezed out.
size software core diff
rsa_1024 2720 0.263219 0.239734 0.023485 8.92%
rsa_2048 3304 0.370340 0.341877 0.028463 7.68%
rsa_4096 4456 0.974781 0.936191 0.038590 3.95%
ecdsa_p256 152 0.230199 0.227110 0.003089 1.34%
ecdsa_p384 200 0.259258 0.257391 0.001867 0.72%
ecdsa_p521 256 3.576458 3.573875 0.002583 0.44%
So even though we saw a 5x speedup in keywrap, the real-world effect is
at best a 9% speedup in signing, because keywrap is a small fraction of
the overall signing operation.
However, if we can get the keywrap core to read the KEK directly from
the MKM, and keep it off the CPU/out of RAM, that will be a major
security boost, independent of any modest efficiency gains.
More information about the Tech