[nrf noup] modules: hostap: Use nRF security

In NCS to leverage HW acceleration, use nRF security.

Also, fix Kconfig warnings in NCS compliance for CRYPTO_ALT.

Signed-off-by: Chaitanya Tata <[email protected]>

Author: krish2718

modules/hostap/CMakeLists.txt

@@ -435,8 +435,10 @@ zephyr_library_sources_ifdef(CONFIG_WIFI_NM_WPA_SUPPLICANT_DPP
 	${HOSTAP_SRC_BASE}/tls/asn1.c
 )
 
-# crypto mbedtls related
-if(CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO)
+# crypto mbedtls related CRYPTO OR LEGACY_NCS
+if(DEFINED CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO OR
+   DEFINED CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_LEGACY_NCS OR
+   DEFINED CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_LEGACY_NCS_PSA)
 zephyr_library_sources(
 	${HOSTAP_SRC_BASE}/crypto/crypto_mbedtls-bignum.c
 	${HOSTAP_SRC_BASE}/crypto/crypto_mbedtls-ec.c
@@ -514,4 +516,8 @@ if(CONFIG_SAE_PWE_EARLY_EXIT)
 	"please use it carefully and do not use it production.")
 endif()
 
+zephyr_library_compile_definitions_ifdef(CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT
+	MBEDTLS_NIST_KW_C
+)
+
 endif()

modules/hostap/Kconfig

@@ -109,7 +109,8 @@ config WIFI_NM_WPA_SUPPLICANT_WEP
 
 choice WIFI_NM_WPA_SUPPLICANT_CRYPTO_BACKEND
 	prompt "WPA supplicant crypto implementation"
-	default WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT
+	default WIFI_NM_WPA_SUPPLICANT_CRYPTO_LEGACY_NCS
+	default WIFI_NM_WPA_SUPPLICANT_CRYPTO_LEGACY_NCS_PSA if SOC_SERIES_NRF54LX
 	help
 	  Select the crypto implementation to use for WPA supplicant.
 	  WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT supports enterprise mode
@@ -149,20 +150,63 @@ config WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT
 	select MBEDTLS_CIPHER
 	select MBEDTLS_ECP_C
 	select MBEDTLS_ECP_ALL_ENABLED
-	select MBEDTLS_CMAC
+	select MBEDTLS_CMAC_C
 	select MBEDTLS_PKCS5_C
 	select MBEDTLS_PK_WRITE_C
 	select MBEDTLS_ECDH_C
 	select MBEDTLS_ECDSA_C
 	select MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
 	select MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
-	select MBEDTLS_NIST_KW_C
 	select MBEDTLS_DHM_C
 	select MBEDTLS_HKDF_C
 	select MBEDTLS_SERVER_NAME_INDICATION
 	select MBEDTLS_X509_CRL_PARSE_C
 	select MBEDTLS_TLS_VERSION_1_2
 
+config WIFI_NM_WPA_SUPPLICANT_CRYPTO_LEGACY_NCS
+	bool "Legacy Crypto support for WiFi using nRF security"
+	select MBEDTLS
+	select NRF_SECURITY
+	select MBEDTLS_CIPHER_MODE_CBC
+	select MBEDTLS_CIPHER_MODE_CTR
+	select MBEDTLS_LEGACY_CRYPTO_C
+	select MBEDTLS_SHA1_C
+	select MBEDTLS_ECP_C
+	select MBEDTLS_CTR_DRBG_C
+	select MBEDTLS_PK_C
+	select MBEDTLS_PKCS5_C
+	select MBEDTLS_PK_PARSE_C
+	select MBEDTLS_CMAC_C
+	select MBEDTLS_CIPHER_PADDING_PKCS7
+	select MBEDTLS_PK_WRITE_C
+	select MBEDTLS_KEY_EXCHANGE_ALL_ENABLED
+
+config WIFI_NM_WPA_SUPPLICANT_CRYPTO_LEGACY_NCS_PSA
+	bool "PSA Crypto support for WiFi using nRF security"
+	select MBEDTLS
+	select NRF_SECURITY
+	select PSA_WANT_GENERATE_RANDOM
+	# Legacy crypto, still needed
+	select MBEDTLS_SHA1_C
+	select MBEDTLS_LEGACY_CRYPTO_C
+	select MBEDTLS_CMAC_C
+	select MBEDTLS_GCM_C
+	select MBEDTLS_TLS_LIBRARY
+	select MBEDTLS_PK_C
+	select MBEDTLS_PK_WRITE_C
+	select MBEDTLS_X509_LIBRARY
+	select MBEDTLS_X509_CRT_PARSE_C
+	select MBEDTLS_CIPHER_C
+	select MBEDTLS_CIPHER_MODE_CTR
+	select MBEDTLS_CIPHER_MODE_CBC
+	select MBEDTLS_SSL_TLS_C
+	select MBEDTLS_ECP_C
+	select MBEDTLS_CTR_DRBG_C
+	select MBEDTLS_KEY_EXCHANGE_ALL_ENABLED
+	select MBEDTLS_MD_C
+	select MBEDTLS_CIPHER_PADDING_PKCS7
+	select MBEDTLS_PKCS5_C
+
 config WIFI_NM_WPA_SUPPLICANT_CRYPTO_NONE
 	bool "No Crypto support for WiFi"