[crypto] Initial crypto backend using PSA crypto API (project-chip#23193)

* [crypto] Add initial implementation for PSA crypto API

Implement most cryptographic operations using PSA crypto
API. Make it unit-testable using the following manual
steps (until we all agree to update mbedTLS to 3.X):
1. Update mbedTLS submodule to 3.2.1 and update mbedtls.gni
   accordingly.
2. Use scripts/generate_driver_wrappers.py to generate
   psa_crypto_driver_wrappers.c and include it in mbedTLS
   library build.
3. Increase CHIP_CONFIG_SHA256_CONTEXT_SIZE to 256B
4. gn gen out/ut --args='chip_crypto="psa"'
5. ninja -C out/ut tests/CHIPCryptoPALTest
6. out/ut/tests/CHIPCryptoPALTest

[crypto] Implement PBKDF2 using PSA crypto API

PBKDF2 PSA crypto API is not yet implemented in mbedTLS 3.1
nor 3.2 so for now use a handcrafted implementation using
HMAC directly.

[crypto] Implement ECDSA and ECDH using PSA crypto API

The ECDSA and ECDH operations specified by P256Keypair
and P256PublicKey classes have been implemented using
PSA crypto API provided by mbedTLS 3.X.

* Code review comments

Author: Damian-Nordic

src/crypto/BUILD.gn

@@ -31,22 +31,24 @@ if (chip_crypto == "") {
 }
 
 assert(
-    chip_crypto == "mbedtls" || chip_crypto == "openssl" ||
-        chip_crypto == "tinycrypt" || chip_crypto == "boringssl" ||
-        chip_crypto == "platform",
-    "Please select a valid crypto implementation: mbedtls, openssl, tinycrypt, boringssl, platform")
+    chip_crypto == "mbedtls" || chip_crypto == "psa" ||
+        chip_crypto == "openssl" || chip_crypto == "tinycrypt" ||
+        chip_crypto == "boringssl" || chip_crypto == "platform",
+    "Please select a valid crypto implementation: mbedtls, psa, openssl, tinycrypt, boringssl, platform")
 
 buildconfig_header("crypto_buildconfig") {
   header = "CryptoBuildConfig.h"
   header_dir = "crypto"
 
   chip_crypto_mbedtls = chip_crypto == "mbedtls"
+  chip_crypto_psa = chip_crypto == "psa"
   chip_crypto_openssl = chip_crypto == "openssl"
   chip_crypto_boringssl = chip_crypto == "boringssl"
   chip_crypto_platform = chip_crypto == "platform"
 
   defines = [
     "CHIP_CRYPTO_MBEDTLS=${chip_crypto_mbedtls}",
+    "CHIP_CRYPTO_PSA=${chip_crypto_psa}",
     "CHIP_CRYPTO_OPENSSL=${chip_crypto_openssl}",
     "CHIP_CRYPTO_BORINGSSL=${chip_crypto_boringssl}",
     "CHIP_CRYPTO_PLATFORM=${chip_crypto_platform}",
@@ -108,6 +110,19 @@ if (chip_crypto == "openssl") {
 
     external_mbedtls = current_os == "zephyr"
 
+    if (!external_mbedtls) {
+      public_deps += [ "${mbedtls_root}:mbedtls" ]
+    }
+  }
+} else if (chip_crypto == "psa") {
+  import("//build_overrides/mbedtls.gni")
+
+  source_set("cryptopal_psa") {
+    sources = [ "CHIPCryptoPALPSA.cpp" ]
+    public_deps = [ ":public_headers" ]
+
+    external_mbedtls = current_os == "zephyr"
+
     if (!external_mbedtls) {
       public_deps += [ "${mbedtls_root}:mbedtls" ]
     }
@@ -143,6 +158,8 @@ static_library("crypto") {
 
   if (chip_crypto == "mbedtls") {
     public_deps += [ ":cryptopal_mbedtls" ]
+  } else if (chip_crypto == "psa") {
+    public_deps += [ ":cryptopal_psa" ]
   } else if (chip_crypto == "openssl") {
     public_deps += [ ":cryptopal_openssl" ]
   } else if (chip_crypto == "boringssl") {