nrf_security: cracen: Pull out mbedtls_psa_platform_get_builtin_key

If multiple crypto drivers are used and they all define built-in keys,
then this platform function needs to account for all of these drivers.
Therefore, move it into a new top-level file: `mbedtls_psa_platform.c`.

The new file is placed next to `psa_crypto_driver_wrappers.c`, to which
it is closely related.

Ref: NCSDK-35399
Signed-off-by: Grzegorz Swiderski <[email protected]>

Author: 57300

subsys/nrf_security/src/core/lite/CMakeLists.txt

@@ -9,6 +9,13 @@ add_library(psa_core STATIC
   ${NRF_SECURITY_ROOT}/src/psa_crypto_driver_wrappers.c
 )
 
+if(CONFIG_MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
+  target_sources(psa_core
+    PRIVATE
+      ${NRF_SECURITY_ROOT}/src/mbedtls_psa_platform.c
+  )
+endif()
+
 target_link_libraries(psa_core
   PRIVATE
     psa_crypto_library_config

subsys/nrf_security/src/core/nrf_oberon/CMakeLists.txt

@@ -26,6 +26,13 @@ target_sources(psa_core
     ${NRF_SECURITY_ROOT}/src/psa_crypto_driver_wrappers.c
 )
 
+if(CONFIG_MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
+  target_sources(psa_core
+    PRIVATE
+      ${NRF_SECURITY_ROOT}/src/mbedtls_psa_platform.c
+  )
+endif()
+
 target_link_libraries(psa_core
   PRIVATE
     psa_crypto_library_config

subsys/nrf_security/src/drivers/cracen/cracenpsa/include/cracen_psa.h

@@ -368,4 +368,7 @@ psa_status_t cracen_derive_key(const psa_key_attributes_t *attributes, const uin
 
 psa_status_t cracen_get_trng(uint8_t *output, size_t output_size);
 
+psa_status_t cracen_get_key_slot(mbedtls_svc_key_id_t key_id, psa_key_lifetime_t *lifetime,
+				 psa_drv_slot_number_t *slot_number);
+
 #endif /* CRACEN_PSA_H */

subsys/nrf_security/src/drivers/cracen/cracenpsa/src/key_management.c

@@ -1350,9 +1350,8 @@ psa_status_t cracen_get_builtin_key(psa_drv_slot_number_t slot_number,
 	}
 }
 
-psa_status_t mbedtls_psa_platform_get_builtin_key(mbedtls_svc_key_id_t key_id,
-						  psa_key_lifetime_t *lifetime,
-						  psa_drv_slot_number_t *slot_number)
+psa_status_t cracen_get_key_slot(mbedtls_svc_key_id_t key_id, psa_key_lifetime_t *lifetime,
+				 psa_drv_slot_number_t *slot_number)
 {
 	switch (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(key_id)) {
 	case CRACEN_BUILTIN_IDENTITY_KEY_ID:

subsys/nrf_security/src/mbedtls_psa_platform.c

@@ -0,0 +1,20 @@
+/*
+ * Copyright (c) 2025 Nordic Semiconductor ASA
+ * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+ */
+
+#include "psa_crypto_core.h"
+
+#if defined(PSA_CRYPTO_DRIVER_CRACEN)
+#include "cracen_psa.h"
+#endif
+
+psa_status_t mbedtls_psa_platform_get_builtin_key(mbedtls_svc_key_id_t key_id,
+						  psa_key_lifetime_t *lifetime,
+						  psa_drv_slot_number_t *slot_number)
+{
+#if defined(PSA_CRYPTO_DRIVER_CRACEN)
+	return cracen_get_key_slot(key_id, lifetime, slot_number);
+#endif
+	return PSA_ERROR_DOES_NOT_EXIST;
+}