wpa_supplicant: Add SAE handshake support for WPA3-PSK

Under WPA3-Personal, SAE authentication is used to derive PMK
which is more secure and immune to offline dictionary attacks.
1. Add modules to generate SAE commit/confirm for the handshake
2. Add modules that build and parse SAE data in Auth frames
3. Add WPA3 association and key mgmt definitions
4. Invert y-bit while solving for ECC co-ordinate -
     Once an X co-ordinate is obtained, solving for Y co-ordinate
     using an elliptical curve equation results in 2 possible values,
     Y and (P - Y), where p is the prime number. The co-ordinates are
     used for deriving keys in SAE handshake. As par the 802.11 spec
     if LSB of X is same as LSB of Y then Y is chosen, (P - Y) otherwise.
     This is not what is implemented, so fix this behavior to obtain the
     correct Y co-ordinate.

components/wpa_supplicant/src/crypto/crypto_mbedtls.c

@@ -477,9 +477,11 @@ int crypto_ec_point_solve_y_coord(struct crypto_ec *e,
      * such that p ≡ 3 (mod 4)
      *  y_ = (y2 ^ ((p+1)/4)) mod p
      *
-     *  if y_bit: y = p-y_
-     *   else y = y_`
+     *  if LSB of both x and y are same: y = y_
+     *   else y = p - y_
+     * y_bit is LSB of x
      */
+    y_bit = (y_bit != 0);
 
     y_sqr = (mbedtls_mpi *) crypto_ec_point_compute_y_sqr(e, x);
 
@@ -489,9 +491,9 @@ int crypto_ec_point_solve_y_coord(struct crypto_ec *e,
         MBEDTLS_MPI_CHK(mbedtls_mpi_div_int(&temp, NULL, &temp, 4));
         MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(y, y_sqr, &temp, &e->group.P, NULL));
 
-        if (y_bit) {
+        if (y_bit != mbedtls_mpi_get_bit(y, 0))
             MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(y, &e->group.P, y));
-        }
+
         MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&((mbedtls_ecp_point* )p)->X, (const mbedtls_mpi*) x));
         MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&((mbedtls_ecp_point *)p)->Z, 1));
     } else {