AMIC110: RSA key generation performance

DHardes

Part Number: AMIC110

Hey everyone,

i'm currently working on a custom board based on the amic110 soc using u-boot and (yocto) linux as bootloader and OS.

On bootup openssh generates a rsa key pair. As expected on this platform, key generation does take some time. Unexpected is the behaviour of the key generation: openssh does take between 20 seconds and 380 seconds to generate the keys. I've run a series of tests using the same exact board and software executing the following steps:

1. power on
2. wait for login prompt
3. login and delete keys
4. reboot

Using grabserial, i've measured the time necessary for key creation. The results are all over the place, from 20s up to 380s with a median of 76 seconds. i've repeated the experiment using different boards (custom boards, TI evaluation modules and the BeagleBone Black, all with some kind of an am355x based SoC) and software versions, but the results (especially the deviation between key generation times on one device) were the same.

I'm using Yocto 3.1 (Dunfell) with the TI Kernel 5.4.106 with openssl 1.1.1l. Support for RNG is enabled as per TI documentation:

[    1.119132] omap_rng 48310000.rng: Random Number Generator ver. 20 
[    1.127665] random: fast init done                                 
[    1.131274] random: crng init done

From my point of view the problem is entropy related. Does anyone experience the same problems on this SoC, are there suggestions on additional configurations to speed up key generation reliably? Or is this just expected behaviour of the RNG?

I'm not necessarily interested in speeding up the key generation, but i'd like to understand why the time needed is all over the place.

Thanks in advance,

Dave

over 1 year ago

0 Hong Guan64 over 1 year ago

TI__Guru 58035 points

Hello Dave,
I'm attaching a sample log on hwrng using SDK 8.2 on AM335x GP EVM for your reference

root@am335x-evm:~# ls -l /dev/hwrng
crw------- 1 root root 10, 183 Jan  1 00:00 /dev/hwrng
root@am335x-evm:~# cat /dev/hwrng | rngtest -c 1000
rngtest 6.9
Copyright (c) 2004 by Henrique de Moraes Holschuh
This is free software; see the source for copying conditions.  There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

rngtest: starting FIPS tests...
rngtest: bits received from input: 20000032
rngtest: FIPS 140-2 successes: 999
rngtest: FIPS 140-2 failures: 1
rngtest: FIPS 140-2(2001-10-10) Monobit: 1
rngtest: FIPS 140-2(2001-10-10) Poker: 0
rngtest: FIPS 140-2(2001-10-10) Runs: 0
rngtest: FIPS 140-2(2001-10-10) Long run: 0
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=50.347; avg=2899.461; max=3906250.000)Kibits/s
rngtest: FIPS tests speed: (min=1.763; avg=22.655; max=31.014)Mibits/s
rngtest: Program run time: 7928807 microseconds
root@am335x-evm:~#

Best,
-Hong

0 DHardes over 1 year ago in reply to Hong Guan64

Intellectual 270 points

Hi Hong,

while running the mentioned test steps, i've also run rngtest.

Its always been in arround the following values, so a bit slower test speed than your sample output:

root@am335x-lat:~# ls -l /dev/hwrng 
crw-------    1 root     root       10, 183 Jan  1  1970 /dev/hwrng
root@am335x-lat:~# cat /dev/hwrng | rngtest -c 1000
rngtest 6.9
Copyright (c) 2004 by Henrique de Moraes Holschuh
This is free software; see the source for copying conditions.  There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

rngtest: starting FIPS tests...
rngtest: bits received from input: 20000032
rngtest: FIPS 140-2 successes: 999
rngtest: FIPS 140-2 failures: 1
rngtest: FIPS 140-2(2001-10-10) Monobit: 0
rngtest: FIPS 140-2(2001-10-10) Poker: 0
rngtest: FIPS 140-2(2001-10-10) Runs: 1
rngtest: FIPS 140-2(2001-10-10) Long run: 0
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=214.299; avg=935.903; max=1148897.059)Kibits/s
rngtest: FIPS tests speed: (min=11.891; avg=12.260; max=12.393)Mibits/s
rngtest: Program run time: 22485211 microseconds

The problem is - as mentioned in my initial message - generating the SSH keys on bootup:

[0.745364 0.347718] U-Boot SPL 2020.01v0.05.0000 (Jun 30 2023 - 11:51:16 +0000)
[0.747217 0.001853] Trying to boot from NAND
[1.989249 1.242032] 
[1.989394 0.000145] 
[1.989476 0.000082] U-Boot 2020.01v0.05.0000 (Jun 30 2023 - 11:51:16 +0000)
[1.991162 0.001686] 

...
 
[9.150304 5.805711] [    0.000000] Booting Linux on physical CPU 0x0
[9.150897 0.000593] [    0.000000] Linux version 5.4.106 (oe-user@oe-host) (gcc version 9.3.0 (GCC)) #1 Mon Mar 29 10:07:21 UTC 2021
[9.151966 0.001070] [    0.000000] CPU: ARMv7 Processor [413fc082] revision 2 (ARMv7), cr=10c5387d
[9.152672 0.000706] [    0.000000] CPU: PIPT / VIPT nonaliasing data cache, VIPT aliasing instruction cache

...

[9.636953 0.000620] [    0.601988] printk: console [ttyS0] disabled
[9.637361 0.000408] [    0.602153] 44e09000.serial: ttyS0 at MMIO 0x44e09000 (irq = 30, base_baud = 3000000) is a 8250
[9.638205 0.000844] [    1.116097] printk: console [ttyS0] enabled
[9.638610 0.000405] [    1.126097] omap_rng 48310000.rng: Random Number Generator ver. 20
[9.657824 0.019214] [    1.134655] random: fast init done
[9.658952 0.001128] [    1.138349] random: crng init done

...

[16.283453 0.000733] [    7.752096] net eth0: started
[16.324770 0.041317] done.
[16.340675 0.015905] Starting random number generator daemon.
[16.740384 0.399709] Starting OpenBSD Secure Shell server: sshd
[16.836279 0.095895]   generating ssh RSA host key...
[82.470518 65.634239]   generating ssh ECDSA host key...
[82.806276 0.335757]   generating ssh ED25519 host key...
[83.589673 0.783397] done.
[83.701458 0.111785] Configuring PHYs

...

[85.423412 0.000070] am335x-lat login:

As you can see from the kernel output, the key generation takes a lot of time (this run took 65s) on bootup. This time will always be different each bootup, from 20s to 380s. Are there any more things to verify?

Regards

Dave

0 Hong Guan64 over 1 year ago in reply to DHardes

TI__Guru 58035 points

Hello Dave,
The key generation process would take time in general.
As shown in your log, multiple keys (RSA, ECDSA...) are generated under sshd.
I think sshd itself is an daemon application which might explain the varying time each time, and the key generation process/time is in kernel/sshd SW...
Best,
-Hong

0 DHardes over 1 year ago in reply to Hong Guan64

Intellectual 270 points

Hello Hong,

the fact that the key generation takes time is not in question here. What puzzles me most is the fact that - running the experiment mentioned above - the key generation requires a wildly varying amount of time which for a task which is - from my point of view - deterministic and therefore should always take the same amount of time. Running the key generation manually after login results in quite deterministic times needed.

My guess is that the hwrng is not working properly at this stage. Using haveged i was not able to improve the results (the code should be in the kernel from 5.4, so this somewhat expected).

My question is wether this variation of time needed for key generation is expected behaviour. When manually creating rsa keys after login, i was able to reproduce constant results of about 20 seconds.

Regards

Dave

0 Hong Guan64 over 1 year ago in reply to DHardes

TI__Guru 58035 points

Hello Dave,
I think TRNG generation time alone varies, as listed from the log when running <cat /dev/hwrng | rngtest -c 1000>.
Best,
-Hong

0 DHardes over 1 year ago in reply to Hong Guan64

Intellectual 270 points

Hello Hong,

so your suggestion is the TRNG being nondeterministic, which would imply that the behaviour i'm seeing is not a fault but a limitation or expected behaviour of the am355x plattform? So there are no configuration problems in my yocto configuration, but expected limitiation of the plattform?

Regards

Dave

Processors

Processors forum

AMIC110: RSA key generation performance