| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <BYAPR12MB30157EDAC502D14D7E0E5546A9CCA@BYAPR12MB3015.namprd12.prod.outlook.com> Date: Wed, 12 Nov 2025 15:30:40 +0000 From: Ron Li <xiangrongl@...dia.com> To: Ilpo Järvinen <ilpo.jarvinen@...ux.intel.com>, Herbert Xu <herbert@...dor.apana.org.au>, "David S. Miller" <davem@...emloft.net>, "linux-crypto@...r.kernel.org" <linux-crypto@...r.kernel.org> CC: "hdegoede@...hat.com" <hdegoede@...hat.com>, Vadim Pasternak <vadimp@...dia.com>, "alok.a.tiwari@...cle.com" <alok.a.tiwari@...cle.com>, Khalil Blaiech <kblaiech@...dia.com>, David Thompson <davthompson@...dia.com>, "platform-driver-x86@...r.kernel.org" <platform-driver-x86@...r.kernel.org>, LKML <linux-kernel@...r.kernel.org> Subject: RE: [PATCH v3 1/3] platform/mellanox/mlxbf_pka: Add core BlueField PKA platform driver Hi Ilpo, The PKA driver is implemented as a kernel module that provides file operations (open, close, mmap). PKA devices are exposed as device files, and a subset of registers can be mapped to user space. In user space, a user‑mode driver accesses the hardware via mmap (bypassing the kernel) and implements all logic required for PKA operations, including register access. For the PKA device we’re avoiding the Crypto API for asymmetric ops because: - Our primary consumers are user‑space TLS stacks (OpenSSL/BoringSSL). The user‑space AF_ALG interface does not expose asymmetric algorithms (Documentation/crypto/userspace-if.rst), so it wouldn’t reach those consumers. - Additionally, routing through Crypto API adds extra copies/context hops that regress our handshake latency and batched throughput targets compared to the direct, zero‑copy queue UAPI. Ron > -----Original Message----- > From: Ilpo Järvinen <ilpo.jarvinen@...ux.intel.com> > Sent: Thursday, November 6, 2025 9:18 AM > To: Ron Li <xiangrongl@...dia.com>; Herbert Xu > <herbert@...dor.apana.org.au>; David S. Miller <davem@...emloft.net>; > linux-crypto@...r.kernel.org > Cc: hdegoede@...hat.com; Vadim Pasternak <vadimp@...dia.com>; > alok.a.tiwari@...cle.com; Khalil Blaiech <kblaiech@...dia.com>; David > Thompson <davthompson@...dia.com>; platform-driver- > x86@...r.kernel.org; LKML <linux-kernel@...r.kernel.org> > Subject: Re: [PATCH v3 1/3] platform/mellanox/mlxbf_pka: Add core BlueField > PKA platform driver > > External email: Use caution opening links or attachments > > > On Fri, 19 Sep 2025, Ron Li wrote: > > > Add the initial mlxbf_pka driver to support the BlueField DPU Public > > Key Acceleration (PKA) hardware. The PKA provides a simple, complete > > framework for crypto public key hardware offload. It supports direct > > access to the public key hardware resources from the user space, and > > makes available several arithmetic operations: some basic operations > > (e.g., addition and multiplication), some complex operations (e.g., > > modular exponentiation and modular inversion), and high-level > > operations such as RSA, Diffie-Hellman, Elliptic Curve Cryptography, > > and the Federal Digital Signature Algorithm (DSA as documented in FIPS- > 186) public-private key systems. > > Hi, > > Before I spend more time on this, I dug up your earlier reply: > > https://lore.kernel.org/all/DS7PR12MB57191E5CCC239A43370B8729A999 > A@...PR12MB5719.namprd12.prod.outlook.com/ > > You stated there: > > "This PKA module is a platform-specific implementation that allows user space > drivers to read/write the BlueField PKA hardware registers. It doesn’t offer any > crypto service to the kernel or implement any crypto API." > > Yet, crypto operations ARE provided (to user space), is that correct? > > Crypto API also has an user spac interface [1] so to me it looks here you're > trying to build another interface that provides user space crypto services but is > independent of crypto API? > > [1] Documentation/crypto/userspace-if.rst > > --
Powered by blists - more mailing lists