feat(mbedtls/aes): Add config to support AES block and DMA modes during runtime

- Dynamically switch the AES operation modes based on the buffer operating length - Shorter AES and SHA operations can now run faster and concurrently as well Closes https://github.com/espressif/esp-idf/issues/15914
2025-11-23 11:48:08 +00:00 · 2025-07-27 16:49:09 +05:30
parent ac89a6f896
commit 8992f08bef
13 changed files with 779 additions and 1118 deletions
--- a/components/mbedtls/Kconfig
+++ b/components/mbedtls/Kconfig
@@ -1647,6 +1647,21 @@ menu "mbedTLS"
                priority level and any level from 1 to 3 can be selected (based on the availability).
                Note: Higher value indicates high interrupt priority.

+        config MBEDTLS_AES_HW_SMALL_DATA_LEN_OPTIM
+            bool "Enable performance optimisation for the small data length hardware AES operations"
+            depends on MBEDTLS_HARDWARE_AES && SOC_AES_SUPPORT_DMA
+            default y
+            help
+                This option enables dynamically switching between the hardware
+                AES peripheral's block and DMA modes based on the length of the input data,
+                thus, significantly speeding up the AES operations with shorter data lengths.
+                For example, NVS encryption/decryption operations, TLS communication, etc.
+                with smaller data lengths.
+
+                It is enabled by default due to the significant performance impact but note that
+                it also increases the binary size by ~1.2 KB as it pulls in the peripheral's block
+                mode code as well.
+
        config MBEDTLS_PK_RSA_ALT_SUPPORT
            bool "Enable RSA alt support"
            default y