hostap: add PSA apis support for mbedtls 3.x

Add Platform Secure Architecture support support to use
HW acceleration, which needs to be called under PSA driver wrapper
in mbedtls 3.x.

Signed-off-by: Fengming Ye <frank.ye@nxp.com>

modules/hostap/CMakeLists.txt

@@ -419,6 +419,10 @@ zephyr_library_sources(
 	${HOSTAP_SRC_BASE}/crypto/rc4.c
 )
 
+zephyr_library_sources_ifdef(CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_MBEDTLS_PSA
+	${HOSTAP_BASE}/port/mbedtls/supp_psa_api.c
+)
+
 zephyr_library_sources_ifdef(CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE
 	${HOSTAP_SRC_BASE}/crypto/ms_funcs.c
 	${HOSTAP_SRC_BASE}/crypto/aes-eax.c

modules/hostap/Kconfig

@@ -152,6 +152,12 @@ config WIFI_NM_WPA_SUPPLICANT_CRYPTO_NONE
 
 endchoice
 
+config WIFI_NM_WPA_SUPPLICANT_CRYPTO_MBEDTLS_PSA
+	bool "Crypto Platform Secure Architecture support for WiFi"
+	default y if WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT
+	help
+	  Support Mbedtls 3.x to use PSA apis instead of legacy apis.
+
 config WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE
 	bool "Enterprise Crypto support for WiFi"
 	depends on !WIFI_NM_WPA_SUPPLICANT_CRYPTO_NONE

modules/hostap/src/supp_main.c

@@ -14,6 +14,9 @@ LOG_MODULE_REGISTER(wifi_supplicant, CONFIG_WIFI_NM_WPA_SUPPLICANT_LOG_LEVEL);
 #if !defined(CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_NONE) && !defined(CONFIG_MBEDTLS_ENABLE_HEAP)
 #include <mbedtls/platform.h>
 #endif /* !CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_NONE && !CONFIG_MBEDTLS_ENABLE_HEAP */
+#ifdef CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_MBEDTLS_PSA
+#include "supp_psa_api.h"
+#endif
 
 #include <zephyr/net/wifi_mgmt.h>
 #include <zephyr/net/wifi_nm.h>
@@ -523,6 +526,10 @@ static void handler(void)
 	mbedtls_platform_set_calloc_free(calloc, free);
 #endif /* !CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_NONE && !CONFIG_MBEDTLS_ENABLE_HEAP */
 
+#ifdef CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_MBEDTLS_PSA
+	supp_psa_crypto_init();
+#endif
+
 	ctx = get_default_context();
 
 	k_work_queue_init(&ctx->iface_wq);