feat(esp_encrypted_img): add support for PSA crypto interface

[mahavirj]

Checklist

• Component contains License
• Component contains README.md
• Component contains idf_component.yml file with url field defined
• Component was added to upload job
• Component was added to build job
• Optional: Component contains unit tests
• CI passing

Change description

Please describe your change here

[github-actions]

Test Results

 40 files  40 suites   8m 16s ⏱️
 37 tests 23 ✅ 11 💤 0 ❌  3 🔥
156 runs  65 ✅ 64 💤 0 ❌ 27 🔥

For more details on these errors, see this check.

Results for commit c486cc5.

♻️ This comment has been updated with latest results.

[Copilot]

Pull request overview

This pull request adds support for the PSA (Platform Security Architecture) crypto interface to the esp_encrypted_img component, enabling compatibility with mbedtls 4.x while maintaining backward compatibility with older mbedtls versions. The changes introduce conditional compilation based on CONFIG_MBEDTLS_VER_4_X_SUPPORT to use PSA APIs when available.

Key Changes:

• Abstraction layer for GCM encryption operations supporting both PSA and legacy mbedtls APIs
• PSA-based implementations for RSA key operations, ECDH key agreement, and HKDF key derivation
• New private header file to consolidate internal structures and definitions
• Updated test code to initialize PSA crypto for hardware-accelerated AES operations

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 12 comments.

File	Description
esp_encrypted_img/private_include/esp_encrypted_img_priv.h	New private header consolidating internal types, constants, and structures with conditional PSA/mbedtls fields
esp_encrypted_img/src/esp_encrypted_img.c	Core implementation with GCM abstraction layer, PSA-based RSA/ECDH/HKDF operations, and integration into decrypt flow
esp_encrypted_img/test_apps/main/esp_encrypted_img_test.c	Updated setUp function to initialize PSA crypto for AES operations when mbedtls 4.x is enabled

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Ashish285]

Thanks for raising this PR!

Tested locally with following schemes and they work as expected

1. ESP32 with RSA scheme
2. ESP32S3 with ECIES scheme

EDIT:
I came across one stack overflow issue while running the test_apps.

We need to increase the main stack size to at least 4096 for the tests to work.

Pushed a commit to move mbedtls_pk_context to heap to get rid of this error

[hrushikesh430]

@mahavirj I have tested this PR locally, by running the pytest for normal flow as well as for partial download flow.

FYI: I have raised the PR for adding test for partial_download usecase in pre_encrypted_ota example pytest. Everything works fine on top of this PR.