drivers: esp32: bt|wifi: adjust Kconfigs for TF-PSA-Crypto 1.x

- replace legacy Kconfigs with corresponding PSA_WANT ones.
- extend Mbed TLS' CMake file in order to include these legacy ecdh module
  that was removed from TF-PSA-Crypto when ESP32 BT and WiFi drivers are
  built.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>

Author: valeriosetti

drivers/bluetooth/hci/Kconfig.esp32

@@ -488,11 +488,16 @@ config ESP32_BT_LE_CRYPTO_STACK_MBEDTLS
 	bool "mbedTLS crypto stack"
 	depends on ESP32_BT_LE_SECURITY_ENABLE
 	default y
-	select MBEDTLS
-	select MBEDTLS_ECP_C
-	select MBEDTLS_ECP_DP_SECP256R1_ENABLED
-	select MBEDTLS_ECDH_C
-	select MBEDTLS_ENTROPY_C
+	select PSA_CRYPTO
+	select MBEDTLS_CTR_DRBG_C
+	select PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
+	select PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT
+	select PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE
+	select PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
+	select PSA_WANT_ECC_SECP_R1_256
+	select PSA_WANT_ALG_ECDH
+	# Keep access to legacy crypto headers
+	select MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
 	help
 	  Use mbedTLS library for BLE cryptographic operations.
 

drivers/wifi/esp32/Kconfig.esp32

@@ -12,6 +12,9 @@ menuconfig WIFI_ESP32
 	select NET_L2_ETHERNET_MGMT
 	select WIFI_USE_NATIVE_NETWORKING
 	select MBEDTLS
+	# This is needed because some guards in TLS now require PSA crypto stuff
+	# to be enabled
+	select PSA_CRYPTO
 	select THREAD_STACK_INFO
 	select DYNAMIC_THREAD
 	select DYNAMIC_THREAD_ALLOC
@@ -367,15 +370,19 @@ config ESP32_WIFI_SOFTAP_SUPPORT
 
 config ESP32_WIFI_MBEDTLS_CRYPTO
 	bool "Use MbedTLS crypto APIs"
-	select MBEDTLS_ECP_C
-	select MBEDTLS_ECDH_C
-	select MBEDTLS_ECDSA_C
+	select PSA_CRYPTO
+	select PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
+	select PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT
+	select PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE
+	select PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
+	select PSA_WANT_ECC_SECP_R1_256
+	select PSA_WANT_ALG_ECDH
+	select PSA_WANT_ALG_ECDSA
+	select PSA_WANT_ALG_CMAC
 	select MBEDTLS_PKCS5_C
 	select MBEDTLS_MD_C
 	select MBEDTLS_PK_WRITE_C
 	select MBEDTLS_CIPHER_MODE_CTR_ENABLED
-	select MBEDTLS_CMAC
-	select MBEDTLS_ENTROPY_C
 	help
 	  Select this option to use MbedTLS crypto APIs which utilize hardware acceleration.
 

modules/mbedtls/CMakeLists.txt

@@ -67,6 +67,25 @@ if(CONFIG_MBEDTLS)
       set(MBEDTLS_EXPORT_REMOVED_HEADERS  ON)
     endif()
 
+    # == DIRTY FIX ==
+    # This is required because ESP32 drivers for BT and WiFi still rely on legacy
+    # crypto.
+    if(CONFIG_ESP32_BT_LE_CRYPTO_STACK_MBEDTLS OR CONFIG_ESP32_WIFI_MBEDTLS_CRYPTO)
+      target_sources(builtin PRIVATE ${ZEPHYR_MBEDTLS_MODULE_DIR}/tf-psa-crypto/removed/ecdh.c)
+      target_include_directories(builtin PRIVATE ${ZEPHYR_MBEDTLS_MODULE_DIR}/tf-psa-crypto/removed)
+      target_compile_definitions(builtin PRIVATE
+        # Setting legacy build symbols is not allowed so we need to set this
+        # to bypass the check.
+        -DTF_PSA_CRYPTO_CONFIG_CHECK_BYPASS
+        -DMBEDTLS_ENTROPY_C
+        -DMBEDTLS_BIGNUM_C
+        -DMBEDTLS_ECP_C
+        -DMBEDTLS_ECDH_C
+        -DMBEDTLS_ECP_DP_SECP256R1_ENABLED
+      )
+      set(MBEDTLS_EXPORT_REMOVED_HEADERS  ON)
+    endif()
+
     # Linking to "zephyr_interface" doesn't work in these case because these
     # are object libraries so properties are NOT propagated. We need to
     # explicitly do this.