[nrfconnect] Add platform crypto for KMU usage

Added a platform crypto implementation to store crypto materials
in KMU(Key management unit) for devices that use it.

Author: ArekBalysNordic

config/nrfconnect/chip-module/CMakeLists.txt

@@ -190,7 +190,13 @@ else()
 endif()
 
 if (CONFIG_CHIP_CRYPTO_PSA)
-    matter_add_gn_arg_string("chip_crypto"             "psa")
+    if (CONFIG_CHIP_KMU_SUPPORT)
+        matter_add_gn_arg_string ("chip_crypto"           "platform")
+        matter_add_gn_arg_bool   ("chip_external_mbedtls" FALSE)
+        matter_add_gn_arg_bool   ("chip_use_cracen_kmu"   TRUE)
+    else()
+        matter_add_gn_arg_string("chip_crypto" "psa")
+    endif()
     matter_add_gn_arg_bool  ("chip_crypto_psa_spake2p" CONFIG_PSA_WANT_ALG_SPAKE2P_MATTER)
 endif()
 

config/nrfconnect/chip-module/Kconfig.features

@@ -289,4 +289,43 @@ config CHIP_LAST_FABRIC_REMOVED_ACTION_DELAY
 	  an action chosen by the CHIP_LAST_FABRIC_REMOVED_ACTION option. This schedule will allow for
 	  avoiding race conditions before the device removes non-volatile data.
 
+config CHIP_KMU_SUPPORT
+	bool "Use KMU to store crypto keys"
+	default y
+	depends on CRACEN_LIB_KMU
+	help
+	  Uses KMU to store keys if it is available on the device. This option changes the Matter crypto
+	  implementation to "platform" and uses custom crypto implementation of Session Keystore and
+	  Operational Keystore.
+
+if CHIP_KMU_SUPPORT
+
+	config CHIP_CORE_KMU_SLOT_START
+	int "Initial KMU slot number for Matter keys"
+	default 100
+	help
+	  Starting slot number dedicated for Matter purposes.
+	  This config does not include DAC private key.
+
+	config CHIP_CORE_KMU_SLOT_END
+	int
+	default 175 if CHIP_CRYPTO_PSA_DAC_PRIV_KEY_KMU
+	default 180
+	help
+	  The last available KMU slot for Matter purposes.
+	  This slot does not include DAC private key.
+
+	config CHIP_KMU_MAX_FABRICS
+	int
+	default 18 if (CHIP_ENABLE_ICD_SUPPORT && CHIP_CRYPTO_PSA_DAC_PRIV_KEY_KMU)
+	default 37 if CHIP_CRYPTO_PSA_DAC_PRIV_KEY_KMU
+	default 20 if CHIP_ENABLE_ICD_SUPPORT
+	default 40
+	help
+	  Maximum possible Matter fabrics to store NOC keys in the Key Management Unit.
+	  The slots number is limited, so there is the limited NOC keys possible to store as well.
+	  Currently, each NOC key uses 2 KMU slots.
+
+endif
+
 endif # CHIP

src/crypto/PSASpake2p.cpp

@@ -17,8 +17,6 @@
 
 #include "PSASpake2p.h"
 
-#include "CHIPCryptoPALPSA.h"
-
 #include <lib/support/CodeUtils.h>
 
 #include <psa/crypto.h>

src/platform/nrfconnect/BUILD.gn

@@ -1,4 +1,4 @@
-# Copyright (c) 2021 Project CHIP Authors
+# Copyright (c) 2021-2025 Project CHIP Authors
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -14,6 +14,7 @@
 
 import("//build_overrides/chip.gni")
 
+import("${chip_root}/src/crypto/crypto.gni")
 import("${chip_root}/src/platform/device.gni")
 import("${chip_root}/src/platform/nrfconnect/args.gni")
 
@@ -132,6 +133,21 @@ static_library("nrfconnect") {
     sources += [ "../Zephyr/SysHeapMalloc.cpp" ]
   }
 
+  if (chip_use_cracen_kmu) {
+    # Use platform crypto implementation for KMU support
+    sources += [
+      "crypto/KMUOperationalKeystore.cpp",
+      "crypto/KMUSessionKeystore.cpp",
+
+    # Sources from common crypto core
+      "${chip_root}/src/crypto/CHIPCryptoPALPSA.cpp",
+      "${chip_root}/src/crypto/CHIPCryptoPALPSA.h",
+      "${chip_root}/src/crypto/PSAOperationalKeystore.h",
+      "${chip_root}/src/crypto/PSASpake2p.cpp",
+      "${chip_root}/src/crypto/PSASpake2p.h",
+    ]
+  }
+
   cflags = [ "-Wconversion" ]
 }
 

src/platform/nrfconnect/args.gni

@@ -1,4 +1,4 @@
-# Copyright (c) 2020 Project CHIP Authors
+# Copyright (c) 2020-2025 Project CHIP Authors
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -17,4 +17,8 @@ declare_args() {
 
   # Enable factory data support
   chip_enable_factory_data = false
+
+  # Use KMU to store cryptographic materials.
+  # This requires a dedicated platform-specific crypto implementation.
+  chip_use_cracen_kmu = false
 }

src/platform/nrfconnect/crypto/KMUOperationalKeystore.cpp

@@ -0,0 +1,310 @@
+/*
+ *    Copyright (c) 2025 Project CHIP Authors
+ *    All rights reserved.
+ *
+ *    Licensed under the Apache License, Version 2.0 (the "License");
+ *    you may not use this file except in compliance with the License.
+ *    You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *    Unless required by applicable law or agreed to in writing, software
+ *    distributed under the License is distributed on an "AS IS" BASIS,
+ *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *    See the License for the specific language governing permissions and
+ *    limitations under the License.
+ */
+
+#include "KMUSlotDefinitions.h"
+#include "crypto/PSAOperationalKeystore.h"
+#include "crypto/PersistentStorageOperationalKeystore.h"
+
+#include <lib/support/CHIPMem.h>
+#include <lib/support/logging/CHIPLogging.h>
+
+#include <cracen_psa_kmu.h>
+#include <psa/crypto.h>
+
+namespace chip {
+namespace Crypto {
+
+PSAOperationalKeystore::PersistentP256Keypair::PersistentP256Keypair(FabricIndex fabricIndex)
+{
+    ToPsaContext(mKeypair).key_id = static_cast<psa_key_id_t>(KMU_MATTER_NOC_SLOT_START + ((fabricIndex - 1) * 2));
+
+    mInitialized = true;
+}
+
+PSAOperationalKeystore::PersistentP256Keypair::~PersistentP256Keypair()
+{
+    // This class requires explicit control of the key lifetime. Therefore, clear the key ID
+    // to prevent it from being destroyed by the base class destructor.
+    ToPsaContext(mKeypair).key_id = 0;
+}
+
+inline psa_key_id_t PSAOperationalKeystore::PersistentP256Keypair::GetKeyId() const
+{
+    return ToConstPsaContext(mKeypair).key_id;
+}
+
+bool PSAOperationalKeystore::PersistentP256Keypair::Exists() const
+{
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+    psa_status_t status             = psa_get_key_attributes(GetKeyId(), &attributes);
+
+    psa_reset_key_attributes(&attributes);
+
+    return status == PSA_SUCCESS;
+}
+
+CHIP_ERROR PSAOperationalKeystore::PersistentP256Keypair::Generate()
+{
+    CHIP_ERROR error                = CHIP_NO_ERROR;
+    psa_status_t status             = PSA_SUCCESS;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+    psa_key_id_t keyId              = 0;
+    size_t publicKeyLength;
+
+    Destroy();
+
+    // Type based on ECC with the elliptic curve SECP256r1 -> PSA_ECC_FAMILY_SECP_R1
+    psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1));
+    psa_set_key_bits(&attributes, kP256_PrivateKey_Length * 8);
+    psa_set_key_algorithm(&attributes, PSA_ALG_ECDSA(PSA_ALG_ANY_HASH));
+    psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE);
+    psa_set_key_lifetime(&attributes,
+                         PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_PERSISTENCE_DEFAULT, PSA_KEY_LOCATION_CRACEN_KMU));
+    psa_set_key_id(&attributes, GetKeyId());
+
+    status = psa_generate_key(&attributes, &keyId);
+    VerifyOrExit(status == PSA_SUCCESS, error = CHIP_ERROR_INTERNAL);
+
+    status = psa_export_public_key(keyId, mPublicKey.Bytes(), mPublicKey.Length(), &publicKeyLength);
+    VerifyOrExit(status == PSA_SUCCESS, error = CHIP_ERROR_INTERNAL);
+    VerifyOrExit(publicKeyLength == kP256_PublicKey_Length, error = CHIP_ERROR_INTERNAL);
+
+exit:
+    psa_reset_key_attributes(&attributes);
+
+    return error;
+}
+
+CHIP_ERROR PSAOperationalKeystore::PersistentP256Keypair::Destroy()
+{
+    psa_status_t status = psa_destroy_key(GetKeyId());
+
+    ReturnErrorCodeIf(status == PSA_ERROR_INVALID_HANDLE, CHIP_ERROR_INVALID_FABRIC_INDEX);
+    VerifyOrReturnError(status == PSA_SUCCESS, CHIP_ERROR_INTERNAL);
+
+    return CHIP_NO_ERROR;
+}
+
+bool PSAOperationalKeystore::HasPendingOpKeypair() const
+{
+    return mPendingFabricIndex != kUndefinedFabricIndex;
+}
+
+bool PSAOperationalKeystore::HasOpKeypairForFabric(FabricIndex fabricIndex) const
+{
+    VerifyOrReturnError(IsValidFabricIndex(fabricIndex), false);
+
+    if (mPendingFabricIndex == fabricIndex)
+    {
+        return mIsPendingKeypairActive;
+    }
+
+    return PersistentP256Keypair(fabricIndex).Exists();
+}
+
+CHIP_ERROR PSAOperationalKeystore::NewOpKeypairForFabric(FabricIndex fabricIndex, MutableByteSpan & outCertificateSigningRequest)
+{
+    VerifyOrReturnError(IsValidFabricIndex(fabricIndex), CHIP_ERROR_INVALID_FABRIC_INDEX);
+
+    if (HasPendingOpKeypair())
+    {
+        VerifyOrReturnError(fabricIndex == mPendingFabricIndex, CHIP_ERROR_INVALID_FABRIC_INDEX);
+    }
+
+    if (mPendingKeypair == nullptr)
+    {
+        mPendingKeypair = Platform::New<PersistentP256Keypair>(fabricIndex);
+    }
+
+    VerifyOrReturnError(mPendingKeypair != nullptr, CHIP_ERROR_NO_MEMORY);
+    ReturnErrorOnFailure(mPendingKeypair->Generate());
+
+    size_t csrLength = outCertificateSigningRequest.size();
+    ReturnErrorOnFailure(mPendingKeypair->NewCertificateSigningRequest(outCertificateSigningRequest.data(), csrLength));
+    outCertificateSigningRequest.reduce_size(csrLength);
+    mPendingFabricIndex = fabricIndex;
+
+    return CHIP_NO_ERROR;
+}
+
+CHIP_ERROR PSAOperationalKeystore::PersistentP256Keypair::Deserialize(P256SerializedKeypair & input)
+{
+    CHIP_ERROR error                = CHIP_NO_ERROR;
+    psa_status_t status             = PSA_SUCCESS;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+    psa_key_id_t keyId              = 0;
+    VerifyOrReturnError(input.Length() == mPublicKey.Length() + kP256_PrivateKey_Length, CHIP_ERROR_INVALID_ARGUMENT);
+
+    Destroy();
+
+    // Type based on ECC with the elliptic curve SECP256r1 -> PSA_ECC_FAMILY_SECP_R1
+    psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1));
+    psa_set_key_bits(&attributes, kP256_PrivateKey_Length * 8);
+    psa_set_key_algorithm(&attributes, PSA_ALG_ECDSA(PSA_ALG_ANY_HASH));
+    psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE);
+    psa_set_key_lifetime(&attributes,
+                         PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_PERSISTENCE_DEFAULT, PSA_KEY_LOCATION_CRACEN_KMU));
+    psa_set_key_id(&attributes, GetKeyId());
+
+    status = psa_import_key(&attributes, input.ConstBytes() + mPublicKey.Length(), kP256_PrivateKey_Length, &keyId);
+    VerifyOrExit(status == PSA_SUCCESS, error = CHIP_ERROR_INTERNAL);
+
+    memcpy(mPublicKey.Bytes(), input.ConstBytes(), mPublicKey.Length());
+
+exit:
+    LogPsaError(status);
+    psa_reset_key_attributes(&attributes);
+
+    return error;
+}
+
+CHIP_ERROR PSAOperationalKeystore::ActivateOpKeypairForFabric(FabricIndex fabricIndex, const Crypto::P256PublicKey & nocPublicKey)
+{
+    VerifyOrReturnError(IsValidFabricIndex(fabricIndex) && mPendingFabricIndex == fabricIndex, CHIP_ERROR_INVALID_FABRIC_INDEX);
+    VerifyOrReturnError(mPendingKeypair->Pubkey().Matches(nocPublicKey), CHIP_ERROR_INVALID_PUBLIC_KEY);
+    mIsPendingKeypairActive = true;
+
+    return CHIP_NO_ERROR;
+}
+
+CHIP_ERROR PSAOperationalKeystore::CommitOpKeypairForFabric(FabricIndex fabricIndex)
+{
+    VerifyOrReturnError(IsValidFabricIndex(fabricIndex) && mPendingFabricIndex == fabricIndex, CHIP_ERROR_INVALID_FABRIC_INDEX);
+    VerifyOrReturnError(mIsPendingKeypairActive, CHIP_ERROR_INCORRECT_STATE);
+
+    ReleasePendingKeypair();
+
+    return CHIP_NO_ERROR;
+}
+
+CHIP_ERROR PSAOperationalKeystore::ExportOpKeypairForFabric(FabricIndex fabricIndex, Crypto::P256SerializedKeypair & outKeypair)
+{
+    // Currently exporting the key is forbidden in PSAOperationalKeystore because the PSA_KEY_USAGE_EXPORT usage flag is not set, so
+    // there is no need to compile the code for the device, but there should be an implementation for test purposes to verify if
+    // the psa_export_key returns an error.
+#if CHIP_CONFIG_TEST
+    VerifyOrReturnError(IsValidFabricIndex(fabricIndex), CHIP_ERROR_INVALID_FABRIC_INDEX);
+    VerifyOrReturnError(HasOpKeypairForFabric(fabricIndex), CHIP_ERROR_PERSISTED_STORAGE_VALUE_NOT_FOUND);
+
+    size_t outSize = 0;
+    psa_status_t status =
+        psa_export_key(PersistentP256Keypair(fabricIndex).GetKeyId(), outKeypair.Bytes(), outKeypair.Capacity(), &outSize);
+
+    if (status == PSA_ERROR_BUFFER_TOO_SMALL)
+    {
+        return CHIP_ERROR_BUFFER_TOO_SMALL;
+    }
+    else if (status == PSA_ERROR_NOT_PERMITTED)
+    {
+        return CHIP_ERROR_UNSUPPORTED_CHIP_FEATURE;
+    }
+    else if (status != PSA_SUCCESS)
+    {
+        return CHIP_ERROR_INTERNAL;
+    }
+
+    outKeypair.SetLength(outSize);
+
+    return CHIP_NO_ERROR;
+#else
+    return CHIP_ERROR_NOT_IMPLEMENTED;
+#endif
+}
+
+CHIP_ERROR PSAOperationalKeystore::RemoveOpKeypairForFabric(FabricIndex fabricIndex)
+{
+    VerifyOrReturnError(IsValidFabricIndex(fabricIndex), CHIP_ERROR_INVALID_FABRIC_INDEX);
+
+    if (mPendingFabricIndex == fabricIndex)
+    {
+        RevertPendingKeypair();
+        return CHIP_NO_ERROR;
+    }
+
+    return PersistentP256Keypair(fabricIndex).Destroy();
+}
+
+void PSAOperationalKeystore::RevertPendingKeypair()
+{
+    VerifyOrReturn(HasPendingOpKeypair());
+    mPendingKeypair->Destroy();
+    ReleasePendingKeypair();
+}
+
+CHIP_ERROR PSAOperationalKeystore::SignWithOpKeypair(FabricIndex fabricIndex, const ByteSpan & message,
+                                                     Crypto::P256ECDSASignature & outSignature) const
+{
+    VerifyOrReturnError(IsValidFabricIndex(fabricIndex), CHIP_ERROR_INVALID_FABRIC_INDEX);
+
+    if (mPendingFabricIndex == fabricIndex)
+    {
+        VerifyOrReturnError(mIsPendingKeypairActive, CHIP_ERROR_INVALID_FABRIC_INDEX);
+        return mPendingKeypair->ECDSA_sign_msg(message.data(), message.size(), outSignature);
+    }
+
+    PersistentP256Keypair keypair(fabricIndex);
+    VerifyOrReturnError(keypair.Exists(), CHIP_ERROR_INVALID_FABRIC_INDEX);
+
+    return keypair.ECDSA_sign_msg(message.data(), message.size(), outSignature);
+}
+
+Crypto::P256Keypair * PSAOperationalKeystore::AllocateEphemeralKeypairForCASE()
+{
+    return Platform::New<Crypto::P256Keypair>();
+}
+
+void PSAOperationalKeystore::ReleaseEphemeralKeypair(Crypto::P256Keypair * keypair)
+{
+    Platform::Delete(keypair);
+}
+
+void PSAOperationalKeystore::ReleasePendingKeypair()
+{
+    Platform::Delete(mPendingKeypair);
+    mPendingKeypair         = nullptr;
+    mPendingFabricIndex     = kUndefinedFabricIndex;
+    mIsPendingKeypairActive = false;
+}
+
+CHIP_ERROR PSAOperationalKeystore::MigrateOpKeypairForFabric(FabricIndex fabricIndex,
+                                                             OperationalKeystore & operationalKeystore) const
+{
+    VerifyOrReturnError(IsValidFabricIndex(fabricIndex), CHIP_ERROR_INVALID_FABRIC_INDEX);
+
+    P256SerializedKeypair serializedKeypair;
+
+    // Do not allow overwriting the existing key and just remove it from the previous Operational Keystore if needed.
+    if (!HasOpKeypairForFabric(fabricIndex))
+    {
+        ReturnErrorOnFailure(operationalKeystore.ExportOpKeypairForFabric(fabricIndex, serializedKeypair));
+
+        PersistentP256Keypair keypair(fabricIndex);
+        ReturnErrorOnFailure(keypair.Deserialize(serializedKeypair));
+
+        // Migrated key is not useful anymore, remove it from the previous keystore.
+        ReturnErrorOnFailure(operationalKeystore.RemoveOpKeypairForFabric(fabricIndex));
+    }
+    else if (operationalKeystore.HasOpKeypairForFabric(fabricIndex))
+    {
+        ReturnErrorOnFailure(operationalKeystore.RemoveOpKeypairForFabric(fabricIndex));
+    }
+
+    return CHIP_NO_ERROR;
+}
+
+} // namespace Crypto
+} // namespace chip

src/platform/nrfconnect/crypto/KMUSessionKeystore.cpp

@@ -0,0 +1,263 @@
+/*
+ *    Copyright (c) 2025 Project CHIP Authors
+ *    All rights reserved.
+ *
+ *    Licensed under the Apache License, Version 2.0 (the "License");
+ *    you may not use this file except in compliance with the License.
+ *    You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *    Unless required by applicable law or agreed to in writing, software
+ *    distributed under the License is distributed on an "AS IS" BASIS,
+ *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *    See the License for the specific language governing permissions and
+ *    limitations under the License.
+ */
+
+#include "KMUSlotDefinitions.h"
+#include "crypto/PSASessionKeystore.h"
+
+#include <cracen_psa_kmu.h>
+#include <psa/crypto.h>
+
+namespace chip {
+namespace Crypto {
+
+namespace {
+
+class KeyAttributesBase
+{
+public:
+    KeyAttributesBase(psa_key_type_t type, psa_algorithm_t algorithm, psa_key_usage_t usageFlags, size_t bits)
+    {
+        psa_set_key_type(&mAttrs, type);
+        psa_set_key_algorithm(&mAttrs, algorithm);
+        psa_set_key_usage_flags(&mAttrs, usageFlags);
+        psa_set_key_bits(&mAttrs, bits);
+    }
+
+    ~KeyAttributesBase() { psa_reset_key_attributes(&mAttrs); }
+
+    const psa_key_attributes_t & Get() { return mAttrs; }
+
+private:
+    psa_key_attributes_t mAttrs = PSA_KEY_ATTRIBUTES_INIT;
+};
+
+class AesKeyAttributes : public KeyAttributesBase
+{
+public:
+    // TODO: Cracen KMU supports only PSA_ALG_CCM algorithm change it to PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8)
+    // once it is available. Also we cannot copy this key, because the key cannot be copied from ITS to cracen. We need to export it
+    // and import it back.
+    AesKeyAttributes() :
+        KeyAttributesBase(PSA_KEY_TYPE_AES, PSA_ALG_CCM, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT,
+                          CHIP_CRYPTO_SYMMETRIC_KEY_LENGTH_BYTES * 8)
+    {}
+};
+
+class HmacKeyAttributes : public KeyAttributesBase
+{
+public:
+    // TODO: We cannot copy this key, because the key cannot be copied from ITS to cracen. We need to export it
+    // and import it back.
+    HmacKeyAttributes() :
+        KeyAttributesBase(PSA_KEY_TYPE_HMAC, PSA_ALG_HMAC(PSA_ALG_SHA_256), PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT,
+                          CHIP_CRYPTO_SYMMETRIC_KEY_LENGTH_BYTES * 8)
+    {}
+};
+
+class HkdfKeyAttributes : public KeyAttributesBase
+{
+public:
+    HkdfKeyAttributes() : KeyAttributesBase(PSA_KEY_TYPE_DERIVE, PSA_ALG_HKDF(PSA_ALG_SHA_256), PSA_KEY_USAGE_DERIVE, 0) {}
+};
+
+#if CHIP_CONFIG_ENABLE_ICD_CIP
+void SetKeyId(Symmetric128BitsKeyHandle & key, psa_key_id_t newKeyId)
+{
+    auto & KeyId = key.AsMutable<psa_key_id_t>();
+
+    KeyId = newKeyId;
+}
+#endif
+} // namespace
+
+CHIP_ERROR PSASessionKeystore::CreateKey(const Symmetric128BitsKeyByteArray & keyMaterial, Aes128KeyHandle & key)
+{
+    // Destroy the old key if already allocated
+    DestroyKey(key);
+
+    AesKeyAttributes attrs;
+    psa_status_t status =
+        psa_import_key(&attrs.Get(), keyMaterial, sizeof(Symmetric128BitsKeyByteArray), &key.AsMutable<psa_key_id_t>());
+    LogPsaError(status);
+    VerifyOrReturnError(status == PSA_SUCCESS, CHIP_ERROR_INTERNAL);
+
+    return CHIP_NO_ERROR;
+}
+
+CHIP_ERROR PSASessionKeystore::CreateKey(const Symmetric128BitsKeyByteArray & keyMaterial, Hmac128KeyHandle & key)
+{
+    // Destroy the old key if already allocated
+    DestroyKey(key);
+
+    HmacKeyAttributes attrs;
+    psa_status_t status =
+        psa_import_key(&attrs.Get(), keyMaterial, sizeof(Symmetric128BitsKeyByteArray), &key.AsMutable<psa_key_id_t>());
+    LogPsaError(status);
+    VerifyOrReturnError(status == PSA_SUCCESS, CHIP_ERROR_INTERNAL);
+
+    return CHIP_NO_ERROR;
+}
+
+CHIP_ERROR PSASessionKeystore::CreateKey(const ByteSpan & keyMaterial, HkdfKeyHandle & key)
+{
+    // Destroy the old key if already allocated
+    psa_destroy_key(key.As<psa_key_id_t>());
+
+    HkdfKeyAttributes attrs;
+    psa_status_t status = psa_import_key(&attrs.Get(), keyMaterial.data(), keyMaterial.size(), &key.AsMutable<psa_key_id_t>());
+    LogPsaError(status);
+    VerifyOrReturnError(status == PSA_SUCCESS, CHIP_ERROR_INTERNAL);
+
+    return CHIP_NO_ERROR;
+}
+
+CHIP_ERROR PSASessionKeystore::DeriveKey(const P256ECDHDerivedSecret & secret, const ByteSpan & salt, const ByteSpan & info,
+                                         Aes128KeyHandle & key)
+{
+    PsaKdf kdf;
+    ReturnErrorOnFailure(kdf.Init(secret.Span(), salt, info));
+
+    AesKeyAttributes attrs;
+
+    return kdf.DeriveKey(attrs.Get(), key.AsMutable<psa_key_id_t>());
+}
+
+CHIP_ERROR PSASessionKeystore::DeriveSessionKeys(const ByteSpan & secret, const ByteSpan & salt, const ByteSpan & info,
+                                                 Aes128KeyHandle & i2rKey, Aes128KeyHandle & r2iKey,
+                                                 AttestationChallenge & attestationChallenge)
+{
+    PsaKdf kdf;
+    ReturnErrorOnFailure(kdf.Init(secret, salt, info));
+
+    return DeriveSessionKeys(kdf, i2rKey, r2iKey, attestationChallenge);
+}
+
+CHIP_ERROR PSASessionKeystore::DeriveSessionKeys(const HkdfKeyHandle & hkdfKey, const ByteSpan & salt, const ByteSpan & info,
+                                                 Aes128KeyHandle & i2rKey, Aes128KeyHandle & r2iKey,
+                                                 AttestationChallenge & attestationChallenge)
+{
+    PsaKdf kdf;
+    ReturnErrorOnFailure(kdf.Init(hkdfKey, salt, info));
+
+    return DeriveSessionKeys(kdf, i2rKey, r2iKey, attestationChallenge);
+}
+
+CHIP_ERROR PSASessionKeystore::DeriveSessionKeys(PsaKdf & kdf, Aes128KeyHandle & i2rKey, Aes128KeyHandle & r2iKey,
+                                                 AttestationChallenge & attestationChallenge)
+{
+    CHIP_ERROR error;
+    AesKeyAttributes attrs;
+
+    SuccessOrExit(error = kdf.DeriveKey(attrs.Get(), i2rKey.AsMutable<psa_key_id_t>()));
+    SuccessOrExit(error = kdf.DeriveKey(attrs.Get(), r2iKey.AsMutable<psa_key_id_t>()));
+    SuccessOrExit(error = kdf.DeriveBytes(MutableByteSpan(attestationChallenge.Bytes(), AttestationChallenge::Capacity())));
+
+exit:
+    if (error != CHIP_NO_ERROR)
+    {
+        DestroyKey(i2rKey);
+        DestroyKey(r2iKey);
+    }
+
+    return error;
+}
+
+void PSASessionKeystore::DestroyKey(Symmetric128BitsKeyHandle & key)
+{
+    auto & keyId = key.AsMutable<psa_key_id_t>();
+
+    psa_destroy_key(keyId);
+    keyId = 0;
+}
+
+void PSASessionKeystore::DestroyKey(HkdfKeyHandle & key)
+{
+    auto & keyId = key.AsMutable<psa_key_id_t>();
+
+    psa_destroy_key(keyId);
+    keyId = PSA_KEY_ID_NULL;
+}
+
+#if CHIP_CONFIG_ENABLE_ICD_CIP
+CHIP_ERROR PSASessionKeystore::PersistICDKey(Symmetric128BitsKeyHandle & key)
+{
+    CHIP_ERROR err;
+    psa_key_id_t newKeyId = PSA_KEY_ID_NULL;
+    psa_key_attributes_t attrs;
+    psa_status_t s = PSA_SUCCESS;
+    uint8_t keyEx[CHIP_CRYPTO_SYMMETRIC_KEY_LENGTH_BYTES];
+    size_t keyExSize = sizeof(keyEx);
+
+    psa_get_key_attributes(key.As<psa_key_id_t>(), &attrs);
+
+    // Exit early if key is already persistent
+    if (psa_get_key_lifetime(&attrs) ==
+        PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_PERSISTENCE_DEFAULT, PSA_KEY_LOCATION_CRACEN_KMU))
+    {
+        psa_reset_key_attributes(&attrs);
+        return CHIP_NO_ERROR;
+    }
+
+    // Set the key lifetime to persistent and the location to CRACEN_KMU
+    psa_set_key_lifetime(&attrs,
+                         PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_PERSISTENCE_DEFAULT, PSA_KEY_LOCATION_CRACEN_KMU));
+
+    // Use dedicated finding function because the FindFreeKeySlotInRange requires a key id within the user range
+    // Whereas the KMU slots are in the Vendor range
+    auto findFreeSlot = [](psa_key_id_t & keyId, psa_key_id_t start, psa_key_id_t end) -> CHIP_ERROR {
+        psa_key_attributes_t attributes;
+        psa_status_t status = PSA_SUCCESS;
+        for (keyId = start; keyId < end; ++keyId)
+        {
+            status = psa_get_key_attributes(keyId, &attributes);
+            if (status == PSA_ERROR_INVALID_HANDLE)
+            {
+                return CHIP_NO_ERROR;
+            }
+            else if (status != PSA_SUCCESS)
+            {
+                return CHIP_ERROR_INTERNAL;
+            }
+            psa_reset_key_attributes(&attributes);
+        }
+        return CHIP_ERROR_NOT_FOUND;
+    };
+
+    SuccessOrExit(err = findFreeSlot(newKeyId, KMU_MATTER_ICD_SLOT_START, KMU_MATTER_ICD_SLOT_START + KMU_MATTER_ICD_SLOT_COUNT));
+    psa_set_key_id(&attrs, newKeyId);
+    // We cannot use psa_copy_key here because the source and target keys are stored in different locations.
+    // Instead we need to export this key and import once again.
+    VerifyOrExit(psa_export_key(key.As<psa_key_id_t>(), keyEx, sizeof(keyEx), &keyExSize) == PSA_SUCCESS,
+                 err = CHIP_ERROR_INTERNAL);
+    VerifyOrExit(psa_import_key(&attrs, keyEx, keyExSize, &newKeyId) == PSA_SUCCESS, err = CHIP_ERROR_INTERNAL);
+
+exit:
+    DestroyKey(key);
+    memset(keyEx, 0, sizeof(keyEx));
+    psa_reset_key_attributes(&attrs);
+
+    if (err == CHIP_NO_ERROR)
+    {
+        SetKeyId(key, newKeyId);
+    }
+
+    return err;
+}
+#endif
+
+} // namespace Crypto
+} // namespace chip

src/platform/nrfconnect/crypto/KMUSlotDefinitions.h

@@ -0,0 +1,50 @@
+/*
+ *    Copyright (c) 2025 Project CHIP Authors
+ *    All rights reserved.
+ *
+ *    Licensed under the Apache License, Version 2.0 (the "License");
+ *    you may not use this file except in compliance with the License.
+ *    You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *    Unless required by applicable law or agreed to in writing, software
+ *    distributed under the License is distributed on an "AS IS" BASIS,
+ *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *    See the License for the specific language governing permissions and
+ *    limitations under the License.
+ */
+
+#pragma once
+
+// Check whether the DAC KMU slot doesn not overlap with the KMU slots dedicated for Matter core.
+#if defined(CONFIG_CHIP_CRYPTO_PSA_DAC_PRIV_KEY_KMU) &&                                                                            \
+    (CONFIG_CHIP_CRYPTO_PSA_DAC_PRIV_KEY_KMU_SLOT_ID >= CONFIG_CHIP_CORE_KMU_SLOT_START &&                                         \
+     CONFIG_CHIP_CRYPTO_PSA_DAC_PRIV_KEY_KMU_SLOT_ID <= CONFIG_CHIP_CORE_KMU_SLOT_END)
+#error "CONFIG_CHIP_CRYPTO_PSA_DAC_PRIV_KEY_KMU_SLOT_ID Cannot overlaps with KMU slots dedicated for Matter core"
+#endif
+
+// Define how many slots are available for Matter.
+#define KMU_MATTER_SLOT_COUNT (CONFIG_CHIP_CORE_KMU_SLOT_END - CONFIG_CHIP_CORE_KMU_SLOT_START)
+// For NOC we need 2 slots per fabric (ESDSA)
+#define KMU_MATTER_NOC_SLOT_COUNT (CONFIG_CHIP_KMU_MAX_FABRICS * 2)
+#ifdef CONFIG_CHIP_ENABLE_ICD_SUPPORT
+// For ICD we need 2 slots per ICD entry (AES + HMAC)
+#define KMU_MATTER_ICD_SLOT_COUNT (CONFIG_CHIP_KMU_MAX_FABRICS * 2)
+#else
+#define KMU_MATTER_ICD_SLOT_COUNT 0
+#endif
+
+// Define the start of the KMU slots for Matter.
+#define KMU_MATTER_NOC_SLOT_START                                                                                                  \
+    PSA_KEY_HANDLE_FROM_CRACEN_KMU_SLOT(CRACEN_KMU_KEY_USAGE_SCHEME_RAW, CONFIG_CHIP_CORE_KMU_SLOT_START)
+#define KMU_MATTER_ICD_SLOT_START                                                                                                  \
+    PSA_KEY_HANDLE_FROM_CRACEN_KMU_SLOT(CRACEN_KMU_KEY_USAGE_SCHEME_RAW,                                                           \
+                                        (CONFIG_CHIP_CORE_KMU_SLOT_START + KMU_MATTER_NOC_SLOT_COUNT))
+
+// Check if the maximum of used slots is not greater than the available slots.
+// Each fabric requires 2 slots (ESDSA), one ICD entry requires 2 slots (AES + HMAC).
+// If migration DAC to KMU is enabled we need to reserve slots for it.
+#if (KMU_MATTER_NOC_SLOT_COUNT + KMU_MATTER_ICD_SLOT_COUNT) > KMU_MATTER_SLOT_COUNT
+#error "Not enough KMU slots for the requested configuration"
+#endif