[nrf noup] modules: hostap: Add NCS PSA for hostap crypto ALT

This brings in PSA Kconfig and CMakelist.txt changes to NCS.
Currently, it contains known PSA configurations and source files
that are needed or will be needed in the future. WPA3 and
Enterprise is currently disabled with this setting.

Signed-off-by: Vivekananda Uppunda <[email protected]>

Author: VivekUppunda

modules/hostap/CMakeLists.txt

@@ -506,6 +506,25 @@ zephyr_library_sources_ifdef(CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE
 )
 endif()
 
+if(DEFINED CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT_NCS_PSA)
+zephyr_include_directories(
+	${HOSTAP_BASE}/port/mbedtls
+)
+
+zephyr_library_sources(
+	${HOSTAP_SRC_BASE}/crypto/aes-wrap.c
+	${HOSTAP_SRC_BASE}/crypto/aes-unwrap.c
+	${HOSTAP_SRC_BASE}/crypto/aes-internal-dec.c
+	${HOSTAP_SRC_BASE}/crypto/aes-internal.c
+	${HOSTAP_SRC_BASE}/crypto/aes-internal-enc.c
+	${HOSTAP_SRC_BASE}/crypto/rc4.c
+	${HOSTAP_SRC_BASE}/crypto/crypto_mbedtls_alt.c
+	${HOSTAP_SRC_BASE}/crypto/tls_mbedtls_alt.c
+	${HOSTAP_SRC_BASE}/crypto/sha256-kdf.c
+	${HOSTAP_BASE}/port/mbedtls/supp_psa_api.c
+)
+endif()
+
 zephyr_library_link_libraries_ifndef(CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_NONE
 	mbedTLS)
 

modules/hostap/Kconfig

@@ -211,24 +211,62 @@ config WIFI_NM_WPA_SUPPLICANT_CRYPTO_LEGACY_NCS_PSA
 	select MBEDTLS_PKCS5_C
 	select MBEDTLS_ECP_DP_SECP256R1_ENABLED
 
+config WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT_NCS_PSA
+	bool "PSA Crypto support for WiFi WPA2 using nRF security"
+	select MBEDTLS
+	select NRF_SECURITY
+	select PSA_WANT_GENERATE_RANDOM
+	select MBEDTLS_TLS_LIBRARY
+	select MBEDTLS_PK_C
+	select MBEDTLS_PK_WRITE_C
+	select MBEDTLS_X509_LIBRARY
+	select MBEDTLS_X509_CRT_PARSE_C
+	select MBEDTLS_SSL_TLS_C
+	select MBEDTLS_ENABLE_HEAP
+	select MBEDTLS_PSA_CRYPTO_C
+	select MBEDTLS_USE_PSA_CRYPTO
+	select PSA_WANT_ALG_HMAC
+	select PSA_WANT_ALG_CMAC
+	select PSA_WANT_ALG_ECB_NO_PADDING
+	select PSA_WANT_ALG_CBC_PKCS7
+	select PSA_WANT_ALG_CBC_MAC
+	select PSA_ACCEL_CBC_MAC_AES_128
+	select PSA_ACCEL_CBC_MAC_AES_192
+	select PSA_ACCEL_CBC_MAC_AES_256
+	select PSA_WANT_ALG_CCM
+	select PSA_WANT_ALG_GCM
+	select PSA_WANT_ALG_CTR
+	select PSA_WANT_ALG_MD5
+	select PSA_ACCEL_MD5
+	select PSA_WANT_ALG_SHA_1
+	select PSA_WANT_ALG_SHA_256
+	select PSA_WANT_ALG_SHA_224
+	select PSA_WANT_ALG_SHA_384
+	select PSA_WANT_ALG_SHA_512
+	select PSA_WANT_ALG_PBKDF2_HMAC
+	select PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128
+	select PSA_WANT_KEY_TYPE_AES
+	select PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
+
 config WIFI_NM_WPA_SUPPLICANT_CRYPTO_NONE
 	bool "No Crypto support for WiFi"
 
 endchoice
 
 config WIFI_NM_WPA_SUPPLICANT_CRYPTO_MBEDTLS_PSA
 	bool "Crypto Platform Secure Architecture support for WiFi"
+	default y if WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT_NCS_PSA
 	help
 	  Support Mbedtls 3.x to use PSA apis instead of legacy apis.
 
 config WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE
 	bool "Enterprise Crypto support for WiFi"
 	select MBEDTLS_PEM_CERTIFICATE_FORMAT
-	depends on !WIFI_NM_WPA_SUPPLICANT_CRYPTO_NONE
+	depends on !WIFI_NM_WPA_SUPPLICANT_CRYPTO_NONE && !WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT_NCS_PSA
 
 config WIFI_NM_WPA_SUPPLICANT_WPA3
 	bool "WPA3 support"
-	depends on !WIFI_NM_WPA_SUPPLICANT_CRYPTO_NONE
+	depends on !WIFI_NM_WPA_SUPPLICANT_CRYPTO_NONE && !WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT_NCS_PSA
 	default y
 
 config WIFI_NM_WPA_SUPPLICANT_AP