On 04/03/2024 11:06, hippolyte.einfalt--- via mbed-tls wrote:
Gilles Peskine wrote:
For that, you'll need to use an accelerator driver, not a secure element driver. This is not supported for key agreement in Mbed TLS 2.x, you would need to upgrade to 3.5 (soon 3.6).
So even if i write an accelerator driver it wont be used inside the handshake for my current version of MbedTLS ? Sorry if i do not directly get it, but if it is true, does it mean I cannot currently fully use the SE capabilities with my version ?
I'm afraid so. In Mbed TLS 2.25 and even in 2.28, for the key agreement, the TLS code can only call mbedtls_ecdh_xxx() or mbedtls_dhm_xxx() or psa_raw_key_agreement(), and psa_raw_key_agreement can only call mbedtls_ecdh_xxx(). I don't think the TLS layer has a way to offload the key agreement (it can offload the signature, but PSA supports drivers for that), and we only added driver support for PSA key agreement in 3.something.
Best regards,