[crypto] Add initial implementation for PSA crypto API

Implement most cryptographic operations using PSA crypto
API. Make it unit-testable using the following manual
steps (until we all agree to update mbedTLS to 3.X):
1. Update mbedTLS submodule to 3.2.1 and update mbedtls.gni
   accordingly.
2. Use scripts/generate_driver_wrappers.py to generate
   psa_crypto_driver_wrappers.c and include it in mbedTLS
   library build.
3. Increase CHIP_CONFIG_SHA256_CONTEXT_SIZE to 256B
4. gn gen out/ut --args='chip_crypto="psa"'
5. ninja -C out/ut tests/CHIPCryptoPALTest
6. out/ut/tests/CHIPCryptoPALTest

[crypto] Implement PBKDF2 using PSA crypto API

PBKDF2 PSA crypto API is not yet implemented in mbedTLS 3.1
nor 3.2 so for now use a handcrafted implementation using
HMAC directly.

[crypto] Implement ECDSA and ECDH using PSA crypto API

The ECDSA and ECDH operations specified by P256Keypair
and P256PublicKey classes have been implemented using
PSA crypto API provided by mbedTLS 3.X.

Author: Damian-Nordic

src/crypto/BUILD.gn

@@ -23,29 +23,31 @@ import("crypto.gni")
 if (chip_crypto == "") {
   if (current_os == "android" || current_os == "freertos" ||
       current_os == "zephyr" || current_os == "mbed" || current_os == "webos") {
-    chip_crypto = "mbedtls"
+    chip_crypto = "psa"
   } else {
     chip_crypto = "openssl"
   }
 }
 
 assert(
-    chip_crypto == "mbedtls" || chip_crypto == "openssl" ||
-        chip_crypto == "tinycrypt" || chip_crypto == "boringssl" ||
-        chip_crypto == "platform",
-    "Please select a valid crypto implementation: mbedtls, openssl, tinycrypt, boringssl, platform")
+    chip_crypto == "mbedtls" || chip_crypto == "psa" ||
+        chip_crypto == "openssl" || chip_crypto == "tinycrypt" ||
+        chip_crypto == "boringssl" || chip_crypto == "platform",
+    "Please select a valid crypto implementation: mbedtls, psa, openssl, tinycrypt, boringssl, platform")
 
 buildconfig_header("crypto_buildconfig") {
   header = "CryptoBuildConfig.h"
   header_dir = "crypto"
 
   chip_crypto_mbedtls = chip_crypto == "mbedtls"
+  chip_crypto_psa = chip_crypto == "psa"
   chip_crypto_openssl = chip_crypto == "openssl"
   chip_crypto_boringssl = chip_crypto == "boringssl"
   chip_crypto_platform = chip_crypto == "platform"
 
   defines = [
     "CHIP_CRYPTO_MBEDTLS=${chip_crypto_mbedtls}",
+    "CHIP_CRYPTO_PSA=${chip_crypto_psa}",
     "CHIP_CRYPTO_OPENSSL=${chip_crypto_openssl}",
     "CHIP_CRYPTO_BORINGSSL=${chip_crypto_boringssl}",
     "CHIP_CRYPTO_PLATFORM=${chip_crypto_platform}",
@@ -107,6 +109,19 @@ if (chip_crypto == "openssl") {
 
     external_mbedtls = current_os == "zephyr"
 
+    if (!external_mbedtls) {
+      public_deps += [ "${mbedtls_root}:mbedtls" ]
+    }
+  }
+} else if (chip_crypto == "psa") {
+  import("//build_overrides/mbedtls.gni")
+
+  source_set("cryptopal_psa") {
+    sources = [ "CHIPCryptoPALPSA.cpp" ]
+    public_deps = [ ":public_headers" ]
+
+    external_mbedtls = current_os == "zephyr"
+
     if (!external_mbedtls) {
       public_deps += [ "${mbedtls_root}:mbedtls" ]
     }
@@ -142,6 +157,8 @@ static_library("crypto") {
 
   if (chip_crypto == "mbedtls") {
     public_deps += [ ":cryptopal_mbedtls" ]
+  } else if (chip_crypto == "psa") {
+    public_deps += [ ":cryptopal_psa" ]
   } else if (chip_crypto == "openssl") {
     public_deps += [ ":cryptopal_openssl" ]
   } else if (chip_crypto == "boringssl") {