Merge branch 'fix/nvs_encr_use_hardware_aes_v6.0' into 'release/v6.0'

Use h/w accelerated AES-ECB for XTS-AES operations (v6.0)

See merge request espressif/esp-idf!45823

components/mbedtls/esp_tee/esp_tee_mbedtls.cmake

@@ -63,6 +63,7 @@ endforeach()
 
 target_link_libraries(${COMPONENT_LIB} INTERFACE ${mbedtls_targets})
 
+target_link_libraries(tfpsacrypto PUBLIC idf::esp_hal_security)
 target_link_libraries(tfpsacrypto PRIVATE idf::esp_security)
 
 target_include_directories(tfpsacrypto PRIVATE ${crypto_port_inc_dirs})

components/mbedtls/port/aes/esp_aes_xts.c

@@ -35,10 +35,8 @@
 
 #include <stdio.h>
 #include <string.h>
-#include <sys/lock.h>
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
 #include "aes/esp_aes.h"
-#include "psa/crypto.h"
+#include "psa/crypto_values.h"
 
 void esp_aes_xts_init( esp_aes_xts_context *ctx )
 {

components/nvs_flash/private_include/nvs_xts_aes.h

@@ -0,0 +1,26 @@
+/*
+ * SPDX-FileCopyrightText: 2026 Espressif Systems (Shanghai) CO LTD
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+#pragma once
+
+#include "sdkconfig.h"
+
+/* NOTE: Using legacy mbedtls XTS API until PSA Crypto adds XTS support
+* With TF-PSA-Crypto 1.0, AES headers moved to mbedtls/private/.
+* Need MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS to access XTS functions.
+*/
+
+#if CONFIG_MBEDTLS_HARDWARE_AES
+#include "aes/esp_aes.h"
+#define XTS_FUNC(func) esp_aes_##func
+#define XTS_MODE(mode) ESP_AES_##mode
+#define XTS_CONTEXT esp_aes_xts_context
+#else
+#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
+#include "mbedtls/private/aes.h"
+#define XTS_FUNC(func) mbedtls_aes_##func
+#define XTS_MODE(mode) MBEDTLS_AES_##mode
+#define XTS_CONTEXT mbedtls_aes_xts_context
+#endif // CONFIG_MBEDTLS_HARDWARE_AES

components/nvs_flash/src/nvs_bootloader_xts_aes.c

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2024-2025 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2024-2026 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -257,21 +257,20 @@ int nvs_bootloader_aes_crypt_xts(nvs_bootloader_xts_aes_context *ctx,
 
 #endif /* CONFIG_ESP_ROM_HAS_MBEDTLS_CRYPTO_LIB */
 #else /* BOOTLOADER_BUILD && !CONFIG_MBEDTLS_USE_CRYPTO_ROM_IMPL_BOOTLOADER */
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-#include "mbedtls/private/aes.h"
+#include "nvs_xts_aes.h"
 
-static mbedtls_aes_xts_context ctx_xts;
+static XTS_CONTEXT ctx_xts;
 
 void nvs_bootloader_xts_aes_init(nvs_bootloader_xts_aes_context *ctx)
 {
     (void) ctx;
-    mbedtls_aes_xts_init(&ctx_xts);
+    XTS_FUNC(xts_init)(&ctx_xts);
 }
 
 void nvs_bootloader_xts_aes_free(nvs_bootloader_xts_aes_context *ctx)
 {
     (void) ctx;
-    mbedtls_aes_xts_free(&ctx_xts);
+    XTS_FUNC(xts_free)(&ctx_xts);
 }
 
 int nvs_bootloader_xts_aes_setkey(nvs_bootloader_xts_aes_context *ctx,
@@ -279,7 +278,7 @@ int nvs_bootloader_xts_aes_setkey(nvs_bootloader_xts_aes_context *ctx,
                                 unsigned int key_bytes)
 {
     (void) ctx;
-    return mbedtls_aes_xts_setkey_dec(&ctx_xts, key, key_bytes * 8);
+    return XTS_FUNC(xts_setkey_dec)(&ctx_xts, key, key_bytes * 8);
 }
 /*
  * XTS-AES buffer encryption/decryption
@@ -292,8 +291,8 @@ int nvs_bootloader_aes_crypt_xts(nvs_bootloader_xts_aes_context *ctx,
                                 unsigned char *output)
 {
     (void) ctx;
-    int mbedtls_aes_mode = mode == AES_ENC ? MBEDTLS_AES_ENCRYPT : MBEDTLS_AES_DECRYPT;
-    return mbedtls_aes_crypt_xts(&ctx_xts, mbedtls_aes_mode, length, data_unit, input, output);
+    int xts_mode = mode == AES_ENC ? XTS_MODE(ENCRYPT) : XTS_MODE(DECRYPT);
+    return XTS_FUNC(crypt_xts)(&ctx_xts, xts_mode, length, data_unit, input, output);
 }
 #endif /* !(BOOTLOADER_BUILD && !CONFIG_MBEDTLS_USE_CRYPTO_ROM_IMPL_BOOTLOADER) */
 #endif /* !SOC_AES_SUPPORTED */

components/nvs_flash/src/nvs_encrypted_partition.cpp

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2019-2025 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2019-2026 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -7,6 +7,7 @@
 #include "nvs_encrypted_partition.hpp"
 #include "nvs_types.hpp"
 #include "nvs_constants.h"
+#include "nvs_xts_aes.h"
 
 namespace nvs {
 
@@ -22,14 +23,14 @@ esp_err_t NVSEncryptedPartition::init(nvs_sec_cfg_t* cfg)
 {
     uint8_t* eky = reinterpret_cast<uint8_t*>(cfg);
 
-    mbedtls_aes_xts_init(&mEctxt);
-    mbedtls_aes_xts_init(&mDctxt);
+    XTS_FUNC(xts_init)(&mEctxt);
+    XTS_FUNC(xts_init)(&mDctxt);
 
-    if (mbedtls_aes_xts_setkey_enc(&mEctxt, eky, 2 * NVS_KEY_SIZE * 8) != 0) {
+    if (XTS_FUNC(xts_setkey_enc)(&mEctxt, eky, 2 * NVS_KEY_SIZE * 8) != 0) {
         return ESP_ERR_NVS_XTS_CFG_FAILED;
     }
 
-    if (mbedtls_aes_xts_setkey_dec(&mDctxt, eky, 2 * NVS_KEY_SIZE * 8) != 0) {
+    if (XTS_FUNC(xts_setkey_dec)(&mDctxt, eky, 2 * NVS_KEY_SIZE * 8) != 0) {
         return ESP_ERR_NVS_XTS_CFG_FAILED;
     }
 
@@ -61,7 +62,7 @@ esp_err_t NVSEncryptedPartition::read(size_t src_offset, void* dst, size_t size)
 
     uint8_t *destination = reinterpret_cast<uint8_t*>(dst);
 
-    if (mbedtls_aes_crypt_xts(&mDctxt, MBEDTLS_AES_DECRYPT, size, data_unit, destination, destination) != 0)  {
+    if (XTS_FUNC(crypt_xts)(&mDctxt, XTS_MODE(DECRYPT), size, data_unit, destination, destination) != 0)  {
         return ESP_ERR_NVS_XTS_DECR_FAILED;
     }
 
@@ -97,8 +98,8 @@ esp_err_t NVSEncryptedPartition::write(size_t addr, const void* src, size_t size
         uint32_t *addr_loc = (uint32_t*) &data_unit[0];
 
         *addr_loc = relAddr + offset;
-        if (mbedtls_aes_crypt_xts(&mEctxt,
-                                  MBEDTLS_AES_ENCRYPT,
+        if (XTS_FUNC(crypt_xts)(&mEctxt,
+                                  XTS_MODE(ENCRYPT),
                                   entrySize,
                                   data_unit,
                                   buf + offset,

components/nvs_flash/src/nvs_encrypted_partition.hpp

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2019-2025 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2019-2026 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -7,15 +7,9 @@
 
 #include "sdkconfig.h"          // For CONFIG_NVS_BDL_STACK
 
-/* NOTE: Using legacy mbedtls XTS API until PSA Crypto adds XTS support
-* With TF-PSA-Crypto 1.0, AES headers moved to mbedtls/private/.
-* Need MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS to access XTS functions.
-*/
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-#include "mbedtls/private/aes.h"
 #include "nvs_flash.h"
 #include "nvs_partition.hpp"
-
+#include "nvs_xts_aes.h"
 namespace nvs {
 
 /**
@@ -73,8 +67,8 @@ public:
     esp_err_t write(size_t dst_offset, const void* src, size_t size) override;
 
 protected:
-    mbedtls_aes_xts_context mEctxt;     // AES context for encryption
-    mbedtls_aes_xts_context mDctxt;     // AES context for decryption
+    XTS_CONTEXT mEctxt;     // AES context for encryption
+    XTS_CONTEXT mDctxt;     // AES context for decryption
 };
 
 } // nvs

components/nvs_flash/test_apps/main/CMakeLists.txt

@@ -7,4 +7,6 @@ idf_component_register(SRC_DIRS "."
 
 if(CONFIG_NVS_ENCRYPTION OR CONFIG_SOC_HMAC_SUPPORTED)
     target_link_libraries(${COMPONENT_LIB} PUBLIC idf::mbedtls)
+    # Add private_include directory from nvs_flash for accessing internal headers like nvs_xts_aes.h in the test app
+    target_include_directories(${COMPONENT_LIB} PRIVATE "${CMAKE_CURRENT_LIST_DIR}/../../private_include")
 endif()

components/nvs_flash/test_apps/main/test_nvs.c

@@ -456,6 +456,7 @@ TEST_CASE("check for memory leaks in nvs_set_blob", "[nvs]")
 }
 
 #ifdef CONFIG_NVS_ENCRYPTION
+#include "nvs_xts_aes.h"
 TEST_CASE("check underlying xts code for 32-byte size sector encryption", "[nvs]")
 {
     uint8_t eky_hex[2 * NVS_KEY_SIZE] = { /* Encryption key below*/
@@ -484,16 +485,16 @@ TEST_CASE("check underlying xts code for 32-byte size sector encryption", "[nvs]
                              0xab,0xf9,0x8e,0x22,0xdf,0x5b,0xdd,0x15,
                              0xaf,0x47,0x1f,0x3d,0xb8,0x94,0x6a,0x85 };
 
-    mbedtls_aes_xts_context ectx[1];
-    mbedtls_aes_xts_context dctx[1];
+    XTS_CONTEXT ectx[1];
+    XTS_CONTEXT dctx[1];
 
-    mbedtls_aes_xts_init(ectx);
-    mbedtls_aes_xts_init(dctx);
+    XTS_FUNC(xts_init)(ectx);
+    XTS_FUNC(xts_init)(dctx);
 
-    TEST_ASSERT_TRUE(!mbedtls_aes_xts_setkey_enc(ectx, eky_hex, 2 * NVS_KEY_SIZE * 8));
-    TEST_ASSERT_TRUE(!mbedtls_aes_xts_setkey_enc(dctx, eky_hex, 2 * NVS_KEY_SIZE * 8));
+    TEST_ASSERT_TRUE(!XTS_FUNC(xts_setkey_enc)(ectx, eky_hex, 2 * NVS_KEY_SIZE * 8));
+    TEST_ASSERT_TRUE(!XTS_FUNC(xts_setkey_enc)(dctx, eky_hex, 2 * NVS_KEY_SIZE * 8));
 
-    TEST_ASSERT_TRUE(!mbedtls_aes_crypt_xts(ectx, MBEDTLS_AES_ENCRYPT, 32, ba_hex, ptxt_hex, ptxt_hex));
+    TEST_ASSERT_TRUE(!XTS_FUNC(crypt_xts)(ectx, XTS_MODE(ENCRYPT), 32, ba_hex, ptxt_hex, ptxt_hex));
 
     TEST_ASSERT_TRUE(!memcmp(ptxt_hex, ctxt_hex, 32));
 }