Wow. I can't tell you what's causing that, but I can tell you that your hypothesis is incorrect- Seal operations need to take place within the TPM, so you're not seeing OpenSSL vs hardware differences. And regardless you shouldn't be seeing 19 minute times, I think, although honestly most use cases I've seen don't directly seal data as large as you're testing, they seal a symmetric key with which they've performed bulk encryption in order to have better performance. This could be why.
Out of curiosity, which vendor manufactured your TPM? Ariel ________________________________________ From: Dmitri Toubelis [[email protected]] Sent: Monday, October 17, 2011 8:50 PM To: [email protected] Subject: [TrouSerS-users] tpm_insealdata takes too long Hi, I compiled trousers and tpm-tools from git repository and everything seems working fine. However, I notice a strange behavior when unsealing data - it takes too long. Here is what I did - I created a 40MB file with random data and run tpm_sealdata/tpm_unsealdata as follows: # time tpm_sealdata -i test.in -o test.in.sealed -z real 0m5.902s user 0m1.952s sys 0m0.288s # time tpm_unsealdata -i test.in.sealed -o test.in.unsealed -z real 19m14.666s user 19m10.556s sys 0m0.628s So, as you see sealing data takes 6 second and unsealing 19 minutes!!! If I understand correctly, sealing/unsealing uses AES-256-CBC algorithm, so it is supposed to be well symmetric :-) My only explanation to this is that tpm-tools use openssl in order to seal data and TPM in order to unseal. For comparison, I performed the same operation using openssl along and here are results: # time openssl aes-256-cbc -e -in test.in -out test.in.encoded -a -pass file:test.key real 0m2.102s user 0m1.880s sys 0m0.216s # time openssl aes-256-cbc -d -in test.in.encoded -out test.in.decoded -a -pass file:test.key real 0m3.372s user 0m3.188s sys 0m0.180s So, should I suck it up and accept it as design limitation or is it something that can be fixed/improved? Regards, Dmitri ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2d-oct _______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
