Hi Ruchika,

Thanks for raising this. We haven't implemented this entry point yet and we forgot to track it. I've created an issue for it now: https://github.com/Mbed-TLS/mbedtls/issues/8043

We don't plan to work on it soon, but if you can contribute the implementation, that would be greatly appreciated.

Out of interest, is your hardware “secure element” (working on a key that it doesn't export), or do you have an “accelerator” (working on a plaintext key) that does the comparison itself?

Best regards,

--
Gilles Peskine
Mbed TLS developer

On 08/08/2023 09:17, Ruchika Gupta via mbed-tls wrote:

Hi,

I have noticed that PSA driver wrapper function is missing for single part MAC verify function. In the current implementation, it calls the MAC compute wrapper and does the comparison using mbedtls_psa_safer_memcmp.

The hardware I am working on allows the complete process to be offloaded to it. Can we have an option for the same in wrapper layer for PSA for MAC verify ?

Regards,

Ruchika