3

I was testing key generation on a Hardware Security Module and I noticed that it takes so much time to generate an AES 256 secret key on the HSM.

I've used pkcs11-tool to generate the key and it took about 5 sec to complete the task:

$ pkcs11-tool --module <modules.so> --key-type aes:32 -p <PIN> --token-label SC_TEST --keygen --id 6887513122


Secret Key Object; AES length 32
  VALUE:      622650851419537140e20f58570bf1815d523d7a673dbbfd34d04a635326bb12
  label:
  ID:         6887513122
  Usage:      encrypt, decrypt, wrap, unwrap

real    0m4.847s
user    0m0.022s
sys     0m0.015s

OpenSSL on the other hand is very fast (does not use a HSM):

$ touch file
$ openssl aes-256-cbc -pbkdf2 -nosalt -P -in file -pass pass:testpassphrase


key=4E1F51BCB47608C267B9AE35E4648926D8A9E671521747E942857FC9671FC52B
iv =F773521265678AB0F4D6AA9AFED6912A

real    0m0.026s
user    0m0.023s
sys     0m0.004s

So I wanted to know why does it take so long to generate keys on the HSM? Or am I doing something wrong?

Note that this is high end and expensive HSM.

Edit:

I've tried a native tool (nCipher generatekey) and it is a lot faster (roughly 1 sec), but I think that it does not use PKCS11 to communicate with the HSM.

No name
  • 93
  • 7
  • 1
    There can be any number of reasons. security policies, network distance (ie, you are on the other end of many network hops), the fact that HSMs are not performance oriented, but security oriented. Or, something is incorrectly configured. If you use the HSMs native tools (ie, not pkcs11-tool), how long does it take? – rip... Oct 21 '20 at 00:28
  • I tried to generate a key using native tools (ncipher generatekey) and it a lot faster than anything with PKCS11. But I don't believe that they're using PKCS11. – No name Oct 21 '20 at 14:27
  • It doesn't take so much time to create a secret key in a HSM, so there's no security question here. You have a configuration problem. Perhaps `pkcs11-tool` is trying to enumerate all available compatible devices? – Gilles 'SO- stop being evil' Oct 21 '20 at 17:15
  • @Gilles'SO-stopbeingevil' I don't see how this is a configuration problem, there's one network HSM, the client is installed correctly, there's only one slot and all native tools works perfectly. pkcs11-tool needs the pkcs11 shared object and it should good to go. – No name Oct 21 '20 at 19:03
  • Also @Gilles'SO-stopbeingevil', "no security question here". There is. Look up "timing-based side channel attacks". That said, the pkcs11-tool latency is wayyyyy longer than necessary for a mitigation. Generating a 32byte AES key should be effectively instantaneous, disregarding the "not enough entropy" issue. Even the 1sec latency on the native tool is suspect. – rip... Oct 25 '20 at 18:45

1 Answers1

2

One reason can be that the random generator is waiting for sufficient entropy.

mentallurg
  • 8,536
  • 4
  • 26
  • 41