Add delete_all to keymaster API

In order to aid keymasters erase their memory efficiently, introduce new
delete_all API to tell keymasters to forget everything. This will be
triggered when keystore itself is told to reset.

Change-Id: I730375f1f32cd1ea0bf1fa38d5b1bec2f81ba492

1 files changed, 16 insertions, 0 deletions

diff --git a/include/hardware/keymaster.h b/include/hardware/keymaster.h
index 3c7799a..5a7a374 100644
--- a/include/hardware/keymaster.h
+++ b/include/hardware/keymaster.h
@@ -122,11 +122,27 @@ struct keymaster_device {
 
     /**
      * Deletes the key pair associated with the key blob.
+     *
+     * This function is optional and should be set to NULL if it is not
+     * implemented.
+     *
+     * Returns 0 on success or an error code less than 0.
      */
     int (*delete_keypair)(const struct keymaster_device* dev,
             const uint8_t* key_blob, const size_t key_blob_length);
 
     /**
+     * Deletes all keys in the hardware keystore. Used when keystore is
+     * reset completely.
+     *
+     * This function is optional and should be set to NULL if it is not
+     * implemented.
+     *
+     * Returns 0 on success or an error code less than 0.
+     */
+    int (*delete_all)(const struct keymaster_device* dev);
+
+    /**
      * Signs data using a key-blob generated before. This can use either
      * an asymmetric key or a secret key.
      *