Hi,
I have noticed that PSA driver wrapper function is missing for single part MAC verify function. In the current implementation, it calls the MAC compute wrapper and does the comparison using mbedtls_psa_safer_memcmp.
The hardware I am working on allows the complete process to be offloaded to it. Can we have an option for the same in wrapper layer for PSA for MAC verify ?
Regards, Ruchika
Hi Ruchika,
Thanks for raising this. We haven't implemented this entry point yet and we forgot to track it. I've created an issue for it now: https://github.com/Mbed-TLS/mbedtls/issues/8043
We don't plan to work on it soon, but if you can contribute the implementation, that would be greatly appreciated.
Out of interest, is your hardware “secure element” (working on a key that it doesn't export), or do you have an “accelerator” (working on a plaintext key) that does the comparison itself?
Best regards,
Hi Gilles,
Please see inline marked with [RG].
Regards, Ruchika
From: Gilles Peskine via mbed-tls mbed-tls@lists.trustedfirmware.org Sent: Tuesday, August 8, 2023 2:22 PM To: mbed-tls@lists.trustedfirmware.org Subject: [EXT] [mbed-tls] Re: Missing PSA wrapper for MAC verify
Caution: This is an external email. Please take care when clicking links or opening attachments. When in doubt, report the message using the 'Report this email' button
Hi Ruchika,
Thanks for raising this. We haven't implemented this entry point yet and we forgot to track it. I've created an issue for it now: https://github.com/Mbed-TLS/mbedtls/issues/8043 [RG] Thanks
We don't plan to work on it soon, but if you can contribute the implementation, that would be greatly appreciated. [RG] I would not have the bandwidth now but will try and contribute to it later in the year.
Out of interest, is your hardware "secure element" (working on a key that it doesn't export), or do you have an "accelerator" (working on a plaintext key) that does the comparison itself? [RG] The hardware I am working on is a secure element type hardware which doesn't export the key out, so the ask if mainly for the opaque keys.
Best regards,
-- Gilles Peskine Mbed TLS developer On 08/08/2023 09:17, Ruchika Gupta via mbed-tls wrote: Hi,
I have noticed that PSA driver wrapper function is missing for single part MAC verify function. In the current implementation, it calls the MAC compute wrapper and does the comparison using mbedtls_psa_safer_memcmp.
The hardware I am working on allows the complete process to be offloaded to it. Can we have an option for the same in wrapper layer for PSA for MAC verify ?
Regards, Ruchika
mbed-tls@lists.trustedfirmware.org