Hi @concatime
I believe what you are looking for is the MBEDTLS_SSL_EXPORT_KEYS feature which is mentioned here .
Using the GCM implemented in kernel space, and the user-spaceTLS stack would call the Mbed TLS gcm implementation in kernel space, would achieve similar performance, IMHO.
Regards,
Mbed TLS Team member
Ron